Re: [PATCH 0/7] i386: Add `machine` parameter to query-cpu-definitions

[Daniel P . Berrangé]

On Fri, Oct 25, 2019 at 10:02:29AM +0200, David Hildenbrand wrote:
> On 25.10.19 09:55, Christian Borntraeger wrote:
> > 
> > 
> > On 25.10.19 09:17, David Hildenbrand wrote:
> > > On 25.10.19 04:25, Eduardo Habkost wrote:
> > > > We had introduced versioned CPU models in QEMU 4.1, including a
> > > > method for querying for CPU model versions using
> > > 
> > > Interesting, I was not aware of that.
> > > 
> > > On s390x, we somewhat have versioned CPU models, but we decided against 
> > > giving them explicit names (e.g., z13-v1 or z13-4.1.0), because it didn't 
> > > really seem to be necessary. (and we often implement/add features for 
> > > older CPU models, there is a lot of fluctuation) Actually, you would have 
> > > had to add "z13-z/VM-x.x.x" or "z13-LPAR-x.x.x" or "z13-KVM-x.x.x" to 
> > > model the features you actually see in all the different virtual 
> > > environments ("what a CPU looks like"). Not to talk about QEMU versions 
> > > in addition to that. So we decided to always model what you would see 
> > > under LPAR and are able to specify for a KVM guest. So you can use "z13" 
> > > in an up-to-date LPAR environment, but not in a z/VM environment (you 
> > > would have to disable features).
> > > 
> > > Each (!base) CPU model has a specific feature set per machine. Libvirt 
> > > uses query-cpu-model-expansion() to convert this model+machine to a 
> > > machine-independent representation. That representation is sufficient for 
> > > all use cases we were aware of (esp. "virsh domcapabilities", the host 
> > > CPU model, migration).
> > > 
> > > While s390x has versioned CPU models, we have no explicit way of 
> > > specifying them for older machines, besides going over 
> > > query-cpu-model-expansion and using expanded "base model + features".
> > > 
> > > I can see that this might make sense on x86-64, where you only have maybe 
> > > 3 versions of a CPU (e.g., the one Intel messed up first - Haswell, the 
> > > one Intel messed up next - Haswell-noTSX, and the one that Intel 
> > > eventually did right - Haswell-noTSX-IBRS) and you might want to specify 
> > > "Haswell" vs. "Haswell-IBRS" vs. "Haswell-noTSX-IBRS". But actually, you 
> > > will always want to go for "Haswell-noTSX-IBRS", because you can expect 
> > > to run in updated environments if I am not wrong, everything else are 
> > > corner cases.
> > > 
> > > Of course, versioned CPU model are neat to avoid "base model + list of 
> > > features", but at least for expanding the host model on s390x, it is not 
> > > really helpful. When migrating, the model expansion does the trick.
> > > 
> > > I haven't looked into details of "how to specify or model versions". 
> > > Maybe IBM wants to look into creating versions for all the old models we 
> > > had. But again, not sure if that is of any help for s390x. CCing IBM.
> > 
> > I agree that this does not look very helpful.
> > Especially as several things depend on the kernel version a QEMU version is
> > not sufficient to be guarantee construction success.
> > So we would need something like z14-qemu4.0-kernel-5.2-suse-flavour-onLPAR
> > 
> > Instead we do check if we can construct an equivalent model on the 
> > migration target.
> > And that model is precise. We do even have versions.
> > Right now with QEMU on s390  our models are versioned in a way that we 
> > fence of
> > facilities for old machine versions.
> > 
> > For example
> > -machine s390-virtio-ccw-3.1 -cpu z14 will not have the multiple epoch 
> > facility
> > and
> > -machine s390-virtio-ccw-4.0 -cpu z14 will have the multiple epoch facility.
> > As migration does always require the tuple of machine and cpu this is save. 
> > I fail
> > to see what the benefit of an explicit z14-3.1 would be.
> > 
> 
> AFAIKS the only real benefit of versioned CPU models is that you can add new
> CPU model versions without new QEMU version.

This is very important for backporting CPU security fixes to existing QEMU
releases. 

> 
> Then you can specify "-cpu z13-vX" or "-cpu z13 -cpuv X" (no idea how
> versioned CPU model were implemented) on any QEMU machine. Which is the same
> as telling your customer "please use z13,featX=on" in case you have a good
> reason to not use the host model (along with baselining) but use an explicit
> model.
> 
> If you can change the default model of QEMU machines, you can automate this
> process. I am pretty sure this is a corner case, though (e.g., IBRS).
> Usually you have a new QEMU machine and can simply enable the new feature
> from that point on.

There are now 4 Haswell variants, only some of which are runnable
on any given host, depending on what microcode the user has installed
or what particular Haswell silicon SKU the user purchased. Given the
frequency of new CPU flaws arrived since the first Meltdown/Spectre,
this isn't a corner case, at least for the x86 world & Intel in
particular. Other arches/vendors haven't been quite so badly affected
in this way.

If we tied each new Haswell variant to a machine type, then users would
be blocked from consuming a new machine type depending on runnability of
the CPU model. This is not at all desirable, as mgmt apps now have complex
rules on what machine type they can use.

When dealing with backporting patches for new CPU hardware flaws, the
new CPU features are backported to many old QEMU versions. The new
machine types are not backportable.

Both these called for making CPU versioning independant of machine
type versioning.

Essentially the goal with CPU versioning is that the user can request
a bare "Haswell" and libvirt (or the mgmt app) will automatically
expand this to the best Haswell version that the host is able to
support with its CPUs / microcode / BIOS config combination.



Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|