Description of problem: Libvirt uses a very inefficient way to probe qemu for CPU feature flags, which is done by using ~400 QMP calls and responses to fetch all the required information as each flag is queried one-by-one. This is due to the lack of a better interface in qemu. This takes a significant amount of time during the startup of the VM: 2022-02-07 11:41:50.811+0000: 1758242: info : qemuMonitorIOWrite:402 : QEMU_MONITOR_IO_WRITE: mon=0x7fff9c1d2a20 buf={"execute":"qom-get","arguments":{"path":"/machine/unattached/device[0]","property":"realized"},"id":"libvirt-8"} len=115 ret=115 errno=0 [...] 2022-02-07 11:41:50.950+0000: 1758242: info : qemuMonitorIOWrite:402 : QEMU_MONITOR_IO_WRITE: mon=0x7fff9c1d2a20 buf={"execute":"qom-get","arguments":{"path":"/machine/unattached/device[0]","property":"unavailable-features"},"id":"libvirt-395"} len=129 ret=129 errno=0 In my example case it's 0.14s just to probe the features. Libvirt should work with qemu to provide a better interface where we can fetch multiple flags at once.
Is the QMP CPU model expansion query[*] not being used, or is it insufficient? https://qemu-project.gitlab.io/qemu/interop/qemu-qmp-ref.html#qapidoc-2595
This is a bit different thing. We use expansion before starting a domain to be able to construct a QEMU command line corresponding to our XML, but once QEMU is up and ready to start vCPUs, we want to see exactly what features were enabled and disabled for the guest. That is the current state of the vCPUs. Historically we used CPUID bits, which was quite easy and required very little QMP commands, but we can't do that anymore since some features started to be advertised in MSRs. Thus we need to check the features by their names in QOM and while listing all of them is just one QMP command for all, getting their values is one QMP command per CPU features, which means hundreds of commands just to probe what features are actually visible to a guest.