Description of problem: QEMU report mds-no as false in query-cpu-model-expansion, causing no mds-no for 'host-model' on Cascadelake host. Version-Release number of selected component (if applicable): qemu-kvm-4.0.0-6.module+el8.1.0+3736+a2aefea3 libvirt-client-5.5.0-2.module+el8.1.0+3773+7dd501bf.x86_64 kernel-4.18.0-124.el8.x86_64 How reproducible: always Steps to Reproduce: 1. Start qemu, query cpu model expansion { "execute":"query-cpu-model-expansion","arguments":{"type":"full","model":{"name":"Cascadelake-Server"}}} 2. Run virsh domcapabilities # virsh domcapabilities 3. Actual results: { "execute":"query-cpu-model-expansion","arguments":{"type":"full","model":{"name":"Cascadelake-Server"}}} {"return": {"model": {"name": "Cascadelake-Server", "props": {"phys-bits": 0,...,"mds-no": false,..."xstore-en": false}}}} # virsh domcapabilities <mode name='host-model' supported='yes'> <model fallback='forbid'>Cascadelake-Server</model> <vendor>Intel</vendor> <feature policy='require' name='ss'/> <feature policy='require' name='vmx'/> <feature policy='require' name='hypervisor'/> <feature policy='require' name='tsc_adjust'/> <feature policy='require' name='umip'/> <feature policy='require' name='pku'/> <feature policy='require' name='md-clear'/> <feature policy='require' name='stibp'/> <feature policy='require' name='arch-capabilities'/> <feature policy='require' name='xsaves'/> <feature policy='require' name='invtsc'/> </mode> Expected results: mds-no is reported as enabled. Additional info:
(In reply to Yumei Huang from comment #0) > Expected results: > mds-no is reported as enabled. Why is this the expected result? Do you have /proc/cpuinfo and /sys/devices/system/cpu/vulnerabilities/mds contents for the host?
I can't reproduce it: # rpm -q qemu-kvm qemu-kvm-4.1.0-5.module+el8.1.0+4076+b5e41ebc.x86_64 # ps ax | grep qemu 33412 pts/2 Sl+ 0:00 /usr/libexec/qemu-kvm -machine accel=kvm -qmp unix:/tmp/qmp,server 33418 pts/1 S+ 0:00 grep --color=auto qemu # echo 'query-cpu-model-expansion type=full model={"name":"host"}' | python2 ./scripts/qmp/qmp-shell -p /tmp/qmp | egrep 'rdctl-no|ibrs-all|rsba|skip-l1dfl-vmentry|ssb-no|mds-no' "mds-no": true, "rdctl-no": true, "ssb-no": false, "ibrs-all": true, "skip-l1dfl-vmentry": true, "rsba": false, #
(In reply to Eduardo Habkost from comment #3) > I can't reproduce it: Host info: intel-purley-03.khw1.lab.eng.bos.redhat.com /proc/cpuinfo: processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 85 model name : Intel(R) Xeon(R) Platinum 8260L CPU @ 2.40GHz stepping : 6 microcode : 0x4000024 cpu MHz : 3406.325 cache size : 36608 KB physical id : 0 siblings : 48 core id : 0 cpu cores : 24 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 22 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts hwp hwp_act_window hwp_epp hwp_pkg_req pku ospke avx512_vnni md_clear flush_l1d arch_capabilities bugs : spectre_v1 spectre_v2 spec_store_bypass swapgs bogomips : 4800.00 clflush size : 64 cache_alignment : 64 address sizes : 46 bits physical, 48 bits virtual power management: # grep '' /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/mds:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling
For reference, MDS_NO will be set only on the CPUs listed with "No" in all 3 columns at: https://software.intel.com/security-software-guidance/insights/deep-dive-cpuid-enumeration-and-architectural-msrs#MDS-CPUID
I used model={"name":"Cascadelake-Server"}, and thought only when it's reported as enabled, it would be in virsh domcapabilities, then it will be exposed to guest when use host-model on Cascadelake host. Host info: intel-walkerpass-02.khw1.lab.eng.bos.redhat.com # lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 192 On-line CPU(s) list: 0-191 Thread(s) per core: 2 Core(s) per socket: 24 Socket(s): 4 NUMA node(s): 4 Vendor ID: GenuineIntel CPU family: 6 Model: 85 Model name: Intel(R) Xeon(R) Platinum 9242 CPU @ 2.30GHz Stepping: 7 CPU MHz: 3342.187 CPU max MHz: 3800.0000 CPU min MHz: 1000.0000 BogoMIPS: 4600.00 Virtualization: VT-x L1d cache: 32K L1i cache: 32K L2 cache: 1024K L3 cache: 36608K NUMA node0 CPU(s): 0-23,96-119 NUMA node1 CPU(s): 24-47,120-143 NUMA node2 CPU(s): 48-71,144-167 NUMA node3 CPU(s): 72-95,168-191 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts hwp hwp_act_window hwp_epp hwp_pkg_req pku ospke avx512_vnni md_clear flush_l1d arch_capabilities # grep . /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/mds:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling
(In reply to Yumei Huang from comment #6) > I used model={"name":"Cascadelake-Server"}, and thought only when it's > reported as enabled, it would be in virsh domcapabilities, then it will be > exposed to guest when use host-model on Cascadelake host. This is expected behavior. `query-cpu-model-expansion` with model name `Cascadelake-Server` will return info on the (static) Cascadelake CPU model itself, not the host CPU, and won't return arch-capabilities or mds-no as enabled. `query-cpu-model-expansion` with model name `host` will return info on the host CPU. This is the mechanism used by libvirt to query for host capabilities. If `virsh domcapabilities` and `mode=host-model` are not working, this is for a different reason. Probably because of the `unavailable-features` property, see bug 1747185.
Closing as same reason to bug 1738775.