+++ This bug was initially created as a clone of Bug #1840770 +++ Description of problem: cpu feature policy does not work as expected with host-passthrough and features supported by physical host Version-Release number of selected component (if applicable): libvirt-6.3.0-1.module+el8.3.0+6478+69f490bb.x86_64 qemu-kvm-5.0.0-0.module+el8.3.0+6620+5d5e1420.x86_64 kernel-4.18.0-202.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1. Start VM with host-passthrough cpu conf, forbid policy and avx cpu feature (supported by the host) ==> Not expected here. # lscpu | grep avx Flags: ... avx # virsh domstate vm1 shut off # virsh dumpxml vm1 --inactive | grep "<cpu" -A2 <cpu mode='host-passthrough' check='full'> <feature policy='forbid' name='avx'/> </cpu> # virsh start vm1 Domain vm1 started # ps -ef | grep vm1 -cpu host,avx=off Actual results: As step-1 shows Expected results: VM should start failed like the following test scenario with host-model cpu conf. 1. Start VM with host-model cpu conf, forbid policy and avx cpu feature (supported by the host) # lscpu | grep avx Flags: ... avx # virsh domstate vm1 shut off # virsh dumpxml vm1 --inactive | grep "<cpu" -A2 <cpu mode='host-model' check='full'> <feature policy='forbid' name='avx'/> </cpu> # virsh start vm1 error: Failed to start domain vm1 error: operation failed: guest CPU doesn't match specification: missing features: mpx Additional info: Filed this bug because of https://bugzilla.redhat.com/show_bug.cgi?id=1515677#c13
*** This bug has been marked as a duplicate of bug 1840770 ***