RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 737104 - 3.1 - disallow cross-vendor VM emulation
Summary: 3.1 - disallow cross-vendor VM emulation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: vdsm
Version: 6.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Gal Hammer
QA Contact: Kiril Nesenko
URL:
Whiteboard: virt
Depends On:
Blocks: 756082 773650 773651 773665 773677 773696 798188 829674
TreeView+ depends on / blocked
 
Reported: 2011-09-09 16:06 UTC by Dan Kenigsberg
Modified: 2018-11-26 17:24 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
VDSM did not previously take into account the 'make' of a host's CPU when retrieving its capabilities. This made it possible to run AMD guests on Intel hosts, and Intel guests on AMD hosts, with unpredictable results. VDSM has been updated to return the 'make' of the host's CPU to prevent this from occurring.
Clone Of:
Environment:
Last Closed: 2013-03-01 04:56:21 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Dan Kenigsberg 2011-09-09 16:06:00 UTC 
Description of problem:
Currently, if all feature flags of a vcpu model are supported by host, the model is shown by getVdsCaps, regardless of its make. This invites clients to run AMD guests on Intel or vice versa, which is not supported by RHEV3.0.

Version-Release number of selected component (if applicable):
vdsm-4.9-99

How reproducible:
100%

Steps to Reproduce:
1. Run vdsm on Intel(R) Xeon(R) CPU           E5620  @ 2.40GHz
2. getVdsCaps

Actual results:
AMD's Opteron_G1 is listed

Expected results:
Only Intel CPUs are listed.


Additional info:
Reported models are taken from libvirt's /usr/share/libvirt/cpu_map.xml, which also lists the vendor of each CPU.
Comment 1 Ayal Baron 2012-01-04 19:51:17 UTC 
Dan, please ack if we're going to solve for 6.3 or move flag to upstream/6.4
Comment 2 Miki Kenneth 2012-02-14 12:16:11 UTC 
<snip>

> Vdsm already has an acked bug for this issue
> Bug 737104 - disallow cross-vendor VM emulation
> (for 3.1, please raise urgency if you want it back-ported)
>
> Dan.

It seems required to me since we have already one customer w/ the issue
and assuming RHEV3.0 succeeds, we'll have plenty of others.

<end>

Agreed, Requesting for Z stream.
Comment 3 Dan Kenigsberg 2012-02-14 13:59:23 UTC 
Jiri,

Currently vdsm uses compareCPU(<cpu match="minimum"><model>%s</model></cpu>)

How should we change the xml to take the model's vendor into account?
Comment 4 Jiri Denemark 2012-02-14 14:26:31 UTC 
<cpu match="minimum"><model>%s</model></cpu> will match any compatible CPU regardless on its vendor. You need to explicitly mention <vendor> if you need only CPUs from that vendor to be compatible.

That is, <cpu match="minimum"><model>%s</model><vendor>Intel</vendor></cpu> will only be compatible with host running on a sufficiently capable CPU made by Intel. Similarly <cpu match="minimum"><model>%s</model><vendor>AMD</vendor></cpu> says host CPU is required to be made by AMD.

Note that you are allowed to ask for a combination that doesn't seem to make sense, for example <cpu match="minimum"><model>Penryn</model><vendor>AMD</vendor></cpu> means you want Penryn-compatible CPU made by AMD.
Comment 6 Dan Kenigsberg 2012-02-21 15:47:46 UTC 
http://gerrit.ovirt.org/2158
Comment 8 Stephen Gordon 2012-03-15 15:13:31 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
VDSM did not previously take into account the 'make' of a host's CPU when retrieving its capabilities. This made it possible to run AMD guests on Intel hosts, and Intel guests on AMD hosts, with unpredictable results. VDSM has been updated to return the 'make' of the host's CPU to prevent this from occurring.
Comment 9 Kiril Nesenko 2012-03-27 10:17:35 UTC 
Tested on rhel 6.2 vdsm-4.9-112.9.el6_2.x86_64 and rhel6.3 vdsm-4.9.6-4.5.x86_64.
Only Intel CPUs are listed. 

Moving to VERIFIED.
Comment 10 Oded Ramraz 2012-04-15 14:00:57 UTC 
See https://bugzilla.redhat.com/show_bug.cgi?id=812614
Comment 12 Dan Kenigsberg 2012-04-19 08:02:08 UTC 
The bug is solved badly. It does not recognize most modern CPUs as Intel's.
Comment 18 Gal Hammer 2012-06-04 07:16:50 UTC 
(In reply to comment #12)
> The bug is solved badly. It does not recognize most modern CPUs as Intel's.

Can you give an example? Or better explain the expected results?

Thanks.
Comment 19 Dan Kenigsberg 2012-06-04 08:14:32 UTC 
An Intel-based host should list only Intel CPUs as supported - and list all of them. The former silly patch did not recognize Westmere as an Intel CPU.
Comment 20 Gal Hammer 2012-06-04 15:06:02 UTC 
http://gerrit.ovirt.org/#/c/5035/
Comment 22 Dan Kenigsberg 2012-06-21 12:32:20 UTC 
pushed upstream and included in build vdsm-4.9.6-17.0.
Note You need to log in before you can comment on or make changes to this bug.