Bug 1840770
| Summary: | cpu feature policy='forbid' does not work as expected with host-passthrough and features supported by physical host | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | jiyan <jiyan> | |
| Component: | libvirt | Assignee: | Tim Wiederhake <twiederh> | |
| Status: | CLOSED ERRATA | QA Contact: | yalzhang <yalzhang> | |
| Severity: | low | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 8.3 | CC: | dyuan, jdenemar, jsuchane, lmen, virt-maint, xuzhang, yafu, yalzhang | |
| Target Milestone: | rc | Keywords: | Triaged | |
| Target Release: | 8.3 | Flags: | pm-rhel:
mirror+
|
|
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | libvirt-7.3.0-1.el8 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1840776 (view as bug list) | Environment: | ||
| Last Closed: | 2021-11-16 07:49:57 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | 7.2.0 | |
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1840776 | |||
*** Bug 1840776 has been marked as a duplicate of this bug. *** The error message regarding "missing feature: mpx" is an unrelated issue.
Consider the following test, which disables mpx:
#!/bin/sh
VIRSH="virsh"
cat > check_partial.xml <<-EOF
<domain type="kvm">
<name>check_partial</name>
<memory unit="KiB">1048576</memory>
<currentMemory unit="KiB">1048576</currentMemory>
<vcpu placement="static">1</vcpu>
<os><type arch="x86_64" machine="pc-q35-4.2">hvm</type></os>
<cpu mode='host-model' check='partial'>
<feature policy='disable' name='mpx'/>
<feature policy='forbid' name='avx'/>
</cpu>
</domain>
EOF
cat > check_full.xml <<-EOF
<domain type="kvm">
<name>check_full</name>
<memory unit="KiB">1048576</memory>
<currentMemory unit="KiB">1048576</currentMemory>
<vcpu placement="static">1</vcpu>
<os><type arch="x86_64" machine="pc-q35-4.2">hvm</type></os>
<cpu mode='host-model' check='full'>
<feature policy='disable' name='mpx'/>
<feature policy='forbid' name='avx'/>
</cpu>
</domain>
EOF
for vm in check_partial check_full
do
${VIRSH} destroy "${vm}" &>/dev/null
${VIRSH} undefine "${vm}" &>/dev/null
${VIRSH} define "${vm}.xml" --validate
${VIRSH} start "${vm}"
done
This results in the following output:
Domain 'check_partial' defined from check_partial.xml
error: Failed to start domain 'check_partial'
error: the CPU is incompatible with host CPU: Host CPU provides forbidden features: avx
Domain 'check_full' defined from check_full.xml
Domain 'check_full' started
In the "check='partial'" case, libvirt correctly refuses to start the VM.
In the "check='full'" case, libvirt incorrectly starts the VM.
Merged upstream: https://gitlab.com/libvirt/libvirt/-/commit/c5d4d0198f8a8802e028c51c29f6b73e7e8a4304 Reproduce this bug on libvirt-7.0.0-13.module+el8.4.0+10604+5608c2b4.x86_64, on system support 'avx' flag, try to start vm with below cpu setting, both start successfully
<cpu mode='host-passthrough' check='partial'>
<feature policy='forbid' name='avx'/>
</cpu>
or
<cpu mode='host-passthrough' check='full'>
<feature policy='forbid' name='avx'/>
</cpu>
Update libvirt to libvirt-7.3.0-1.module+el8.5.0+11004+f4810536.x86_64, and test with above xml with host-passthrough & host-model, the result is as expected.
# virsh dumpxml rhel | grep /cpu -B2
<cpu mode='host-passthrough' check='partial' migratable='on'>
<feature policy='forbid' name='avx'/>
</cpu>
# virsh start rhel
error: Failed to start domain 'rhel'
error: the CPU is incompatible with host CPU: Host CPU provides forbidden feature 'avx'
# virsh dumpxml rhel | grep /cpu -B2
<cpu mode='host-passthrough' check='full' migratable='on'>
<feature policy='forbid' name='avx'/>
</cpu>
# virsh start rhel
error: Failed to start domain 'rhel'
error: the CPU is incompatible with host CPU: Host CPU provides forbidden feature 'avx'
# virsh dumpxml rhel | grep /cpu -B2
<cpu mode='host-passthrough' check='none' migratable='on'>
<feature policy='forbid' name='avx'/>
</cpu>
# virsh start rhel
Domain 'rhel' started
verify this bug by comment 7. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (virt:av bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:4684 |
Description of problem: cpu feature policy does not work as expected with host-passthrough and features supported by physical host Version-Release number of selected component (if applicable): libvirt-6.3.0-1.module+el8.3.0+6478+69f490bb.x86_64 qemu-kvm-5.0.0-0.module+el8.3.0+6620+5d5e1420.x86_64 kernel-4.18.0-202.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1. Start VM with host-passthrough cpu conf, forbid policy and avx cpu feature (supported by the host) ==> Not expected here. # lscpu | grep avx Flags: ... avx # virsh domstate vm1 shut off # virsh dumpxml vm1 --inactive | grep "<cpu" -A2 <cpu mode='host-passthrough' check='full'> <feature policy='forbid' name='avx'/> </cpu> # virsh start vm1 Domain vm1 started # ps -ef | grep vm1 -cpu host,avx=off Actual results: As step-1 shows Expected results: VM should start failed like the following test scenario with host-model cpu conf. 1. Start VM with host-model cpu conf, forbid policy and avx cpu feature (supported by the host) # lscpu | grep avx Flags: ... avx # virsh domstate vm1 shut off # virsh dumpxml vm1 --inactive | grep "<cpu" -A2 <cpu mode='host-model' check='full'> <feature policy='forbid' name='avx'/> </cpu> # virsh start vm1 error: Failed to start domain vm1 error: operation failed: guest CPU doesn't match specification: missing features: mpx Additional info: Filed this bug because of https://bugzilla.redhat.com/show_bug.cgi?id=1515677#c13