cutemeli/server
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2adfbd9ea73fc04955d459a3e37101263067ebdb
server/usr/share/doc/qemu-system-common/system/i386/cpu.html
cutemeli 2adfbd9ea7 .gitignore angepasst
2026-01-07 20:52:11 +01:00

929 lines
45 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html class="writer-html5" lang="en" data-content_root="../../">
<head>
<meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Recommendations for KVM CPU model configuration on x86 hosts &mdash; QEMU Debian 1:8.2.2+ds-0ubuntu1.11 documentation</title>
<link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../../_static/css/theme.css?v=86f27845" />
<link rel="stylesheet" type="text/css" href="../../_static/theme_overrides.css?v=08e6c168" />
<link rel="shortcut icon" href="../../_static/qemu_32x32.png"/>
<script src="../../_static/jquery.js?v=8dae8fb0"></script>
<script src="../../_static/_sphinx_javascript_frameworks_compat.js?v=2cd50e6c"></script>
<script src="../../_static/documentation_options.js?v=802af9f6"></script>
<script src="../../_static/doctools.js?v=888ff710"></script>
<script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../../_static/custom.js?v=2ab9f71d"></script>
<script src="../../_static/js/theme.js"></script>
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
<link rel="next" title="Hyper-V Enlightenments" href="hyperv.html" />
<link rel="prev" title="i440fx PC (pc-i440fx, pc)" href="pc.html" />
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" style="background: #802400" >
<a href="../../index.html" class="icon icon-home">
QEMU
<img src="../../_static/qemu_128x128.png" class="logo" alt="Logo"/>
</a>
<div class="version">
8.2.2
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div><div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
<p class="caption" role="heading"><span class="caption-text">Contents:</span></p>
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../about/index.html">About QEMU</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../index.html">System Emulation</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../introduction.html">Introduction</a></li>
<li class="toctree-l2"><a class="reference internal" href="../invocation.html">Invocation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../device-emulation.html">Device Emulation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keys.html">Keys in the graphical frontends</a></li>
<li class="toctree-l2"><a class="reference internal" href="../mux-chardev.html">Keys in the character backend multiplexer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../monitor.html">QEMU Monitor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../images.html">Disk Images</a></li>
<li class="toctree-l2"><a class="reference internal" href="../virtio-net-failover.html">QEMU virtio-net standby (net_failover)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../linuxboot.html">Direct Linux Boot</a></li>
<li class="toctree-l2"><a class="reference internal" href="../generic-loader.html">Generic Loader</a></li>
<li class="toctree-l2"><a class="reference internal" href="../guest-loader.html">Guest Loader</a></li>
<li class="toctree-l2"><a class="reference internal" href="../barrier.html">QEMU Barrier Client</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vnc-security.html">VNC security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../tls.html">TLS setup for network services</a></li>
<li class="toctree-l2"><a class="reference internal" href="../secrets.html">Providing secret data to QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="../authz.html">Client authorization</a></li>
<li class="toctree-l2"><a class="reference internal" href="../gdb.html">GDB usage</a></li>
<li class="toctree-l2"><a class="reference internal" href="../replay.html">Record/replay</a></li>
<li class="toctree-l2"><a class="reference internal" href="../managed-startup.html">Managed start up options</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bootindex.html">Managing device boot order with bootindex properties</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cpu-hotplug.html">Virtual CPU hotplug</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pr-manager.html">Persistent reservation managers</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../targets.html">QEMU System Emulator Targets</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../target-arm.html">Arm System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-avr.html">AVR System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-m68k.html">ColdFire System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-mips.html">MIPS System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-ppc.html">PowerPC System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-openrisc.html">OpenRISC System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-riscv.html">RISC-V System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-rx.html">RX System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-s390x.html">s390x System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-sparc.html">Sparc32 System emulator</a></li>
<li class="toctree-l3"><a class="reference internal" href="../target-sparc64.html">Sparc64 System emulator</a></li>
<li class="toctree-l3 current"><a class="reference internal" href="../target-i386.html">x86 System emulator</a><ul class="current">
<li class="toctree-l4"><a class="reference internal" href="../target-i386.html#board-specific-documentation">Board-specific documentation</a></li>
<li class="toctree-l4 current"><a class="reference internal" href="../target-i386.html#architectural-features">Architectural features</a></li>
<li class="toctree-l4"><a class="reference internal" href="../target-i386.html#os-requirements">OS requirements</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../target-xtensa.html">Xtensa System emulator</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../security.html">Security</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multi-process.html">Multi-process QEMU</a></li>
<li class="toctree-l2"><a class="reference internal" href="../confidential-guest-support.html">Confidential Guest Support</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vm-templating.html">QEMU VM templating</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../user/index.html">User Mode Emulation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../tools/index.html">Tools</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../interop/index.html">System Emulation Management and Interoperability</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../specs/index.html">System Emulation Guest Hardware Specifications</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../devel/index.html">Developer Information</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"><nav class="wy-nav-top" aria-label="Mobile navigation menu" style="background: #802400" >
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../../index.html">QEMU</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="Page navigation">
<ul class="wy-breadcrumbs">
<li><a href="../../index.html" class="icon icon-home" aria-label="Home"></a></li>
<li class="breadcrumb-item"><a href="../index.html">System Emulation</a></li>
<li class="breadcrumb-item"><a href="../targets.html">QEMU System Emulator Targets</a></li>
<li class="breadcrumb-item"><a href="../target-i386.html">x86 System emulator</a></li>
<li class="breadcrumb-item active">Recommendations for KVM CPU model configuration on x86 hosts</li>
<li class="wy-breadcrumbs-aside">
<a href="https://gitlab.com/qemu-project/qemu/blob/master/docs/system/i386/cpu.rst" class="fa fa-gitlab"> Edit on GitLab</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<section id="recommendations-for-kvm-cpu-model-configuration-on-x86-hosts">
<h1>Recommendations for KVM CPU model configuration on x86 hosts<a class="headerlink" href="#recommendations-for-kvm-cpu-model-configuration-on-x86-hosts" title="Link to this heading"></a></h1>
<p>The information that follows provides recommendations for configuring
CPU models on x86 hosts. The goals are to maximise performance, while
protecting guest OS against various CPU hardware flaws, and optionally
enabling live migration between hosts with heterogeneous CPU models.</p>
<section id="two-ways-to-configure-cpu-models-with-qemu-kvm">
<h2>Two ways to configure CPU models with QEMU / KVM<a class="headerlink" href="#two-ways-to-configure-cpu-models-with-qemu-kvm" title="Link to this heading"></a></h2>
<ol class="arabic">
<li><p><strong>Host passthrough</strong></p>
<p>This passes the host CPU model features, model, stepping, exactly to
the guest. Note that KVM may filter out some host CPU model features
if they cannot be supported with virtualization. Live migration is
unsafe when this mode is used as libvirt / QEMU cannot guarantee a
stable CPU is exposed to the guest across hosts. This is the
recommended CPU to use, provided live migration is not required.</p>
</li>
<li><p><strong>Named model</strong></p>
<p>QEMU comes with a number of predefined named CPU models, that
typically refer to specific generations of hardware released by
Intel and AMD. These allow the guest VMs to have a degree of
isolation from the host CPU, allowing greater flexibility in live
migrating between hosts with differing hardware. &#64;end table</p>
</li>
</ol>
<p>In both cases, it is possible to optionally add or remove individual CPU
features, to alter what is presented to the guest by default.</p>
<p>Libvirt supports a third way to configure CPU models known as “Host
model”. This uses the QEMU “Named model” feature, automatically picking
a CPU model that is similar the host CPU, and then adding extra features
to approximate the host model as closely as possible. This does not
guarantee the CPU family, stepping, etc will precisely match the host
CPU, as they would with “Host passthrough”, but gives much of the
benefit of passthrough, while making live migration safe.</p>
</section>
<section id="abi-compatibility-levels-for-cpu-models">
<h2>ABI compatibility levels for CPU models<a class="headerlink" href="#abi-compatibility-levels-for-cpu-models" title="Link to this heading"></a></h2>
<p>The x86_64 architecture has a number of <a class="reference external" href="https://gitlab.com/x86-psABIs/x86-64-ABI/">ABI compatibility levels</a>
defined. Traditionally most operating systems and toolchains would
only target the original baseline ABI. It is expected that in
future OS and toolchains are likely to target newer ABIs. The
table that follows illustrates which ABI compatibility levels
can be satisfied by the QEMU CPU models. Note that the table only
lists the long term stable CPU model versions (eg Haswell-v4).
In addition to what is listed, there are also many CPU model
aliases which resolve to a different CPU model version,
depending on the machine type is in use.</p>
<table class="docutils align-default" id="id1">
<caption><span class="caption-text">x86-64 ABI compatibility levels</span><a class="headerlink" href="#id1" title="Link to this table"></a></caption>
<colgroup>
<col style="width: 40.0%" />
<col style="width: 15.0%" />
<col style="width: 15.0%" />
<col style="width: 15.0%" />
<col style="width: 15.0%" />
</colgroup>
<thead>
<tr class="row-odd"><th class="head"><p>Model</p></th>
<th class="head"><p>baseline</p></th>
<th class="head"><p>v2</p></th>
<th class="head"><p>v3</p></th>
<th class="head"><p>v4</p></th>
</tr>
<tr class="row-even"><th class="head"><p>486-v1</p></th>
<th class="head"></th>
<th class="head"></th>
<th class="head"></th>
<th class="head"></th>
</tr>
</thead>
<tbody>
<tr class="row-odd"><td><p>Broadwell-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Broadwell-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Broadwell-v3</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Broadwell-v4</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Cascadelake-Server-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-even"><td><p>Cascadelake-Server-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-odd"><td><p>Cascadelake-Server-v3</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-even"><td><p>Cascadelake-Server-v4</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-odd"><td><p>Conroe-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Cooperlake-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-odd"><td><p>Denverton-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Denverton-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Dhyana-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>EPYC-Milan-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>EPYC-Rome-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>EPYC-Rome-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>EPYC-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>EPYC-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>EPYC-v3</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Haswell-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Haswell-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Haswell-v3</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Haswell-v4</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Icelake-Client-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Icelake-Client-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Icelake-Server-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-odd"><td><p>Icelake-Server-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-even"><td><p>Icelake-Server-v3</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-odd"><td><p>Icelake-Server-v4</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-even"><td><p>IvyBridge-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>IvyBridge-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>KnightsMill-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Nehalem-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Nehalem-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Opteron_G1-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Opteron_G2-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Opteron_G3-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Opteron_G4-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Opteron_G5-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Penryn-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>SandyBridge-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>SandyBridge-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Skylake-Client-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Skylake-Client-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Skylake-Client-v3</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Skylake-Server-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-odd"><td><p>Skylake-Server-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-even"><td><p>Skylake-Server-v3</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-odd"><td><p>Skylake-Server-v4</p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
<td><p></p></td>
</tr>
<tr class="row-even"><td><p>Snowridge-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Snowridge-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>Westmere-v1</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>Westmere-v2</p></td>
<td><p></p></td>
<td><p></p></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>athlon-v1</p></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>core2duo-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>coreduo-v1</p></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>kvm32-v1</p></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>kvm64-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>n270-v1</p></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>pentium-v1</p></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>pentium2-v1</p></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>pentium3-v1</p></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>phenom-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-even"><td><p>qemu32-v1</p></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr class="row-odd"><td><p>qemu64-v1</p></td>
<td><p></p></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
</section>
<section id="preferred-cpu-models-for-intel-x86-hosts">
<h2>Preferred CPU models for Intel x86 hosts<a class="headerlink" href="#preferred-cpu-models-for-intel-x86-hosts" title="Link to this heading"></a></h2>
<p>The following CPU models are preferred for use on Intel hosts.
Administrators / applications are recommended to use the CPU model that
matches the generation of the host CPUs in use. In a deployment with a
mixture of host CPU models between machines, if live migration
compatibility is required, use the newest CPU model that is compatible
across all desired hosts.</p>
<dl class="simple">
<dt><code class="docutils literal notranslate"><span class="pre">Cascadelake-Server</span></code>, <code class="docutils literal notranslate"><span class="pre">Cascadelake-Server-noTSX</span></code></dt><dd><p>Intel Xeon Processor (Cascade Lake, 2019), with “stepping” levels 6
or 7 only. (The Cascade Lake Xeon processor with <em>stepping 5 is
vulnerable to MDS variants</em>.)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Skylake-Server</span></code>, <code class="docutils literal notranslate"><span class="pre">Skylake-Server-IBRS</span></code>, <code class="docutils literal notranslate"><span class="pre">Skylake-Server-IBRS-noTSX</span></code></dt><dd><p>Intel Xeon Processor (Skylake, 2016)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Skylake-Client</span></code>, <code class="docutils literal notranslate"><span class="pre">Skylake-Client-IBRS</span></code>, <code class="docutils literal notranslate"><span class="pre">Skylake-Client-noTSX-IBRS}</span></code></dt><dd><p>Intel Core Processor (Skylake, 2015)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Broadwell</span></code>, <code class="docutils literal notranslate"><span class="pre">Broadwell-IBRS</span></code>, <code class="docutils literal notranslate"><span class="pre">Broadwell-noTSX</span></code>, <code class="docutils literal notranslate"><span class="pre">Broadwell-noTSX-IBRS</span></code></dt><dd><p>Intel Core Processor (Broadwell, 2014)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Haswell</span></code>, <code class="docutils literal notranslate"><span class="pre">Haswell-IBRS</span></code>, <code class="docutils literal notranslate"><span class="pre">Haswell-noTSX</span></code>, <code class="docutils literal notranslate"><span class="pre">Haswell-noTSX-IBRS</span></code></dt><dd><p>Intel Core Processor (Haswell, 2013)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">IvyBridge</span></code>, <code class="docutils literal notranslate"><span class="pre">IvyBridge-IBR</span></code></dt><dd><p>Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">SandyBridge</span></code>, <code class="docutils literal notranslate"><span class="pre">SandyBridge-IBRS</span></code></dt><dd><p>Intel Xeon E312xx (Sandy Bridge, 2011)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Westmere</span></code>, <code class="docutils literal notranslate"><span class="pre">Westmere-IBRS</span></code></dt><dd><p>Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Nehalem</span></code>, <code class="docutils literal notranslate"><span class="pre">Nehalem-IBRS</span></code></dt><dd><p>Intel Core i7 9xx (Nehalem Class Core i7, 2008)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Penryn</span></code></dt><dd><p>Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Conroe</span></code></dt><dd><p>Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)</p>
</dd>
</dl>
</section>
<section id="important-cpu-features-for-intel-x86-hosts">
<h2>Important CPU features for Intel x86 hosts<a class="headerlink" href="#important-cpu-features-for-intel-x86-hosts" title="Link to this heading"></a></h2>
<p>The following are important CPU features that should be used on Intel
x86 hosts, when available in the host CPU. Some of them require explicit
configuration to enable, as they are not included by default in some, or
all, of the named CPU models listed above. In general all of these
features are included if using “Host passthrough” or “Host model”.</p>
<dl>
<dt><code class="docutils literal notranslate"><span class="pre">pcid</span></code></dt><dd><p>Recommended to mitigate the cost of the Meltdown (CVE-2017-5754) fix.</p>
<p>Included by default in Haswell, Broadwell &amp; Skylake Intel CPU models.</p>
<p>Should be explicitly turned on for Westmere, SandyBridge, and
IvyBridge Intel CPU models. Note that some desktop/mobile Westmere
CPUs cannot support this feature.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">spec-ctrl</span></code></dt><dd><p>Required to enable the Spectre v2 (CVE-2017-5715) fix.</p>
<p>Included by default in Intel CPU models with -IBRS suffix.</p>
<p>Must be explicitly turned on for Intel CPU models without -IBRS
suffix.</p>
<p>Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">stibp</span></code></dt><dd><p>Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
operating systems.</p>
<p>Must be explicitly turned on for all Intel CPU models.</p>
<p>Requires the host CPU microcode to support this feature before it can
be used for guest CPUs.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">ssbd</span></code></dt><dd><p>Required to enable the CVE-2018-3639 fix.</p>
<p>Not included by default in any Intel CPU model.</p>
<p>Must be explicitly turned on for all Intel CPU models.</p>
<p>Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">pdpe1gb</span></code></dt><dd><p>Recommended to allow guest OS to use 1GB size pages.</p>
<p>Not included by default in any Intel CPU model.</p>
<p>Should be explicitly turned on for all Intel CPU models.</p>
<p>Note that not all CPU hardware will support this feature.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">md-clear</span></code></dt><dd><p>Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11091) fixes.</p>
<p>Not included by default in any Intel CPU model.</p>
<p>Must be explicitly turned on for all Intel CPU models.</p>
<p>Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">mds-no</span></code></dt><dd><p>Recommended to inform the guest OS that the host is <em>not</em> vulnerable
to any of the MDS variants ([MFBDS] CVE-2018-12130, [MLPDS]
CVE-2018-12127, [MSBDS] CVE-2018-12126).</p>
<p>This is an MSR (Model-Specific Register) feature rather than a CPUID feature,
so it will not appear in the Linux <code class="docutils literal notranslate"><span class="pre">/proc/cpuinfo</span></code> in the host or
guest. Instead, the host kernel uses it to populate the MDS
vulnerability file in <code class="docutils literal notranslate"><span class="pre">sysfs</span></code>.</p>
<p>So it should only be enabled for VMs if the host reports &#64;code{Not
affected} in the <code class="docutils literal notranslate"><span class="pre">/sys/devices/system/cpu/vulnerabilities/mds</span></code> file.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">taa-no</span></code></dt><dd><p>Recommended to inform that the guest that the host is <code class="docutils literal notranslate"><span class="pre">not</span></code>
vulnerable to CVE-2019-11135, TSX Asynchronous Abort (TAA).</p>
<p>This too is an MSR feature, so it does not show up in the Linux
<code class="docutils literal notranslate"><span class="pre">/proc/cpuinfo</span></code> in the host or guest.</p>
<p>It should only be enabled for VMs if the host reports <code class="docutils literal notranslate"><span class="pre">Not</span> <span class="pre">affected</span></code>
in the <code class="docutils literal notranslate"><span class="pre">/sys/devices/system/cpu/vulnerabilities/tsx_async_abort</span></code>
file.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">tsx-ctrl</span></code></dt><dd><p>Recommended to inform the guest that it can disable the Intel TSX
(Transactional Synchronization Extensions) feature; or, if the
processor is vulnerable, use the Intel VERW instruction (a
processor-level instruction that performs checks on memory access) as
a mitigation for the TAA vulnerability. (For details, refer to
Intels <a class="reference external" href="https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling">deep dive into MDS</a>.)</p>
<p>Expose this to the guest OS if and only if: (a) the host has TSX
enabled; <em>and</em> (b) the guest has <code class="docutils literal notranslate"><span class="pre">rtm</span></code> CPU flag enabled.</p>
<p>By disabling TSX, KVM-based guests can avoid paying the price of
mitigating TSX-based attacks.</p>
<p>Note that <code class="docutils literal notranslate"><span class="pre">tsx-ctrl</span></code> too is an MSR feature, so it does not show
up in the Linux <code class="docutils literal notranslate"><span class="pre">/proc/cpuinfo</span></code> in the host or guest.</p>
<p>To validate that Intel TSX is indeed disabled for the guest, there are
two ways: (a) check for the <em>absence</em> of <code class="docutils literal notranslate"><span class="pre">rtm</span></code> in the guests
<code class="docutils literal notranslate"><span class="pre">/proc/cpuinfo</span></code>; or (b) the
<code class="docutils literal notranslate"><span class="pre">/sys/devices/system/cpu/vulnerabilities/tsx_async_abort</span></code> file in
the guest should report <code class="docutils literal notranslate"><span class="pre">Mitigation:</span> <span class="pre">TSX</span> <span class="pre">disabled</span></code>.</p>
</dd>
</dl>
</section>
<section id="preferred-cpu-models-for-amd-x86-hosts">
<h2>Preferred CPU models for AMD x86 hosts<a class="headerlink" href="#preferred-cpu-models-for-amd-x86-hosts" title="Link to this heading"></a></h2>
<p>The following CPU models are preferred for use on AMD hosts.
Administrators / applications are recommended to use the CPU model that
matches the generation of the host CPUs in use. In a deployment with a
mixture of host CPU models between machines, if live migration
compatibility is required, use the newest CPU model that is compatible
across all desired hosts.</p>
<dl class="simple">
<dt><code class="docutils literal notranslate"><span class="pre">EPYC</span></code>, <code class="docutils literal notranslate"><span class="pre">EPYC-IBPB</span></code></dt><dd><p>AMD EPYC Processor (2017)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Opteron_G5</span></code></dt><dd><p>AMD Opteron 63xx class CPU (2012)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Opteron_G4</span></code></dt><dd><p>AMD Opteron 62xx class CPU (2011)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Opteron_G3</span></code></dt><dd><p>AMD Opteron 23xx (Gen 3 Class Opteron, 2009)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Opteron_G2</span></code></dt><dd><p>AMD Opteron 22xx (Gen 2 Class Opteron, 2006)</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">Opteron_G1</span></code></dt><dd><p>AMD Opteron 240 (Gen 1 Class Opteron, 2004)</p>
</dd>
</dl>
</section>
<section id="important-cpu-features-for-amd-x86-hosts">
<h2>Important CPU features for AMD x86 hosts<a class="headerlink" href="#important-cpu-features-for-amd-x86-hosts" title="Link to this heading"></a></h2>
<p>The following are important CPU features that should be used on AMD x86
hosts, when available in the host CPU. Some of them require explicit
configuration to enable, as they are not included by default in some, or
all, of the named CPU models listed above. In general all of these
features are included if using “Host passthrough” or “Host model”.</p>
<dl>
<dt><code class="docutils literal notranslate"><span class="pre">ibpb</span></code></dt><dd><p>Required to enable the Spectre v2 (CVE-2017-5715) fix.</p>
<p>Included by default in AMD CPU models with -IBPB suffix.</p>
<p>Must be explicitly turned on for AMD CPU models without -IBPB suffix.</p>
<p>Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">stibp</span></code></dt><dd><p>Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
operating systems.</p>
<p>Must be explicitly turned on for all AMD CPU models.</p>
<p>Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">virt-ssbd</span></code></dt><dd><p>Required to enable the CVE-2018-3639 fix</p>
<p>Not included by default in any AMD CPU model.</p>
<p>Must be explicitly turned on for all AMD CPU models.</p>
<p>This should be provided to guests, even if amd-ssbd is also provided,
for maximum guest compatibility.</p>
<p>Note for some QEMU / libvirt versions, this must be force enabled when
when using “Host model”, because this is a virtual feature that
doesnt exist in the physical host CPUs.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">amd-ssbd</span></code></dt><dd><p>Required to enable the CVE-2018-3639 fix</p>
<p>Not included by default in any AMD CPU model.</p>
<p>Must be explicitly turned on for all AMD CPU models.</p>
<p>This provides higher performance than <code class="docutils literal notranslate"><span class="pre">virt-ssbd</span></code> so should be
exposed to guests whenever available in the host. <code class="docutils literal notranslate"><span class="pre">virt-ssbd</span></code> should
none the less also be exposed for maximum guest compatibility as some
kernels only know about <code class="docutils literal notranslate"><span class="pre">virt-ssbd</span></code>.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">amd-no-ssb</span></code></dt><dd><p>Recommended to indicate the host is not vulnerable CVE-2018-3639</p>
<p>Not included by default in any AMD CPU model.</p>
<p>Future hardware generations of CPU will not be vulnerable to
CVE-2018-3639, and thus the guest should be told not to enable
its mitigations, by exposing amd-no-ssb. This is mutually
exclusive with virt-ssbd and amd-ssbd.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">pdpe1gb</span></code></dt><dd><p>Recommended to allow guest OS to use 1GB size pages</p>
<p>Not included by default in any AMD CPU model.</p>
<p>Should be explicitly turned on for all AMD CPU models.</p>
<p>Note that not all CPU hardware will support this feature.</p>
</dd>
</dl>
</section>
<section id="default-x86-cpu-models">
<h2>Default x86 CPU models<a class="headerlink" href="#default-x86-cpu-models" title="Link to this heading"></a></h2>
<p>The default QEMU CPU models are designed such that they can run on all
hosts. If an application does not wish to do perform any host
compatibility checks before launching guests, the default is guaranteed
to work.</p>
<p>The default CPU models will, however, leave the guest OS vulnerable to
various CPU hardware flaws, so their use is strongly discouraged.
Applications should follow the earlier guidance to setup a better CPU
configuration, with host passthrough recommended if live migration is
not needed.</p>
<dl class="simple">
<dt><code class="docutils literal notranslate"><span class="pre">qemu32</span></code>, <code class="docutils literal notranslate"><span class="pre">qemu64</span></code></dt><dd><p>QEMU Virtual CPU version 2.5+ (32 &amp; 64 bit variants)</p>
</dd>
</dl>
<p><code class="docutils literal notranslate"><span class="pre">qemu64</span></code> is used for x86_64 guests and <code class="docutils literal notranslate"><span class="pre">qemu32</span></code> is used for i686
guests, when no <code class="docutils literal notranslate"><span class="pre">-cpu</span></code> argument is given to QEMU, or no <code class="docutils literal notranslate"><span class="pre">&lt;cpu&gt;</span></code> is
provided in libvirt XML.</p>
</section>
<section id="other-non-recommended-x86-cpus">
<h2>Other non-recommended x86 CPUs<a class="headerlink" href="#other-non-recommended-x86-cpus" title="Link to this heading"></a></h2>
<p>The following CPUs models are compatible with most AMD and Intel x86
hosts, but their usage is discouraged, as they expose a very limited
featureset, which prevents guests having optimal performance.</p>
<dl>
<dt><code class="docutils literal notranslate"><span class="pre">kvm32</span></code>, <code class="docutils literal notranslate"><span class="pre">kvm64</span></code></dt><dd><p>Common KVM processor (32 &amp; 64 bit variants).</p>
<p>Legacy models just for historical compatibility with ancient QEMU
versions.</p>
</dd>
<dt><code class="docutils literal notranslate"><span class="pre">486</span></code>, <code class="docutils literal notranslate"><span class="pre">athlon</span></code>, <code class="docutils literal notranslate"><span class="pre">phenom</span></code>, <code class="docutils literal notranslate"><span class="pre">coreduo</span></code>, <code class="docutils literal notranslate"><span class="pre">core2duo</span></code>, <code class="docutils literal notranslate"><span class="pre">n270</span></code>, <code class="docutils literal notranslate"><span class="pre">pentium</span></code>, <code class="docutils literal notranslate"><span class="pre">pentium2</span></code>, <code class="docutils literal notranslate"><span class="pre">pentium3</span></code></dt><dd><p>Various very old x86 CPU models, mostly predating the introduction
of hardware assisted virtualization, that should thus not be
required for running virtual machines.</p>
</dd>
</dl>
</section>
</section>
<section id="syntax-for-configuring-cpu-models">
<h1>Syntax for configuring CPU models<a class="headerlink" href="#syntax-for-configuring-cpu-models" title="Link to this heading"></a></h1>
<p>The examples below illustrate the approach to configuring the various
CPU models / features in QEMU and libvirt.</p>
<section id="qemu-command-line">
<h2>QEMU command line<a class="headerlink" href="#qemu-command-line" title="Link to this heading"></a></h2>
<p>Host passthrough:</p>
<pre class="literal-block">qemu-system-x86_64 -cpu host</pre>
<p>Host passthrough with feature customization:</p>
<pre class="literal-block">qemu-system-x86_64 -cpu host,vmx=off,...</pre>
<p>Named CPU models:</p>
<pre class="literal-block">qemu-system-x86_64 -cpu Westmere</pre>
<p>Named CPU models with feature customization:</p>
<pre class="literal-block">qemu-system-x86_64 -cpu Westmere,pcid=on,...</pre>
</section>
<section id="libvirt-guest-xml">
<h2>Libvirt guest XML<a class="headerlink" href="#libvirt-guest-xml" title="Link to this heading"></a></h2>
<p>Host passthrough:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">cpu</span> <span class="n">mode</span><span class="o">=</span><span class="s1">&#39;host-passthrough&#39;</span><span class="o">/&gt;</span>
</pre></div>
</div>
<p>Host passthrough with feature customization:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">cpu</span> <span class="n">mode</span><span class="o">=</span><span class="s1">&#39;host-passthrough&#39;</span><span class="o">&gt;</span>
<span class="o">&lt;</span><span class="n">feature</span> <span class="n">name</span><span class="o">=</span><span class="s2">&quot;vmx&quot;</span> <span class="n">policy</span><span class="o">=</span><span class="s2">&quot;disable&quot;</span><span class="o">/&gt;</span>
<span class="o">...</span>
<span class="o">&lt;/</span><span class="n">cpu</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>Host model:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">cpu</span> <span class="n">mode</span><span class="o">=</span><span class="s1">&#39;host-model&#39;</span><span class="o">/&gt;</span>
</pre></div>
</div>
<p>Host model with feature customization:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">cpu</span> <span class="n">mode</span><span class="o">=</span><span class="s1">&#39;host-model&#39;</span><span class="o">&gt;</span>
<span class="o">&lt;</span><span class="n">feature</span> <span class="n">name</span><span class="o">=</span><span class="s2">&quot;vmx&quot;</span> <span class="n">policy</span><span class="o">=</span><span class="s2">&quot;disable&quot;</span><span class="o">/&gt;</span>
<span class="o">...</span>
<span class="o">&lt;/</span><span class="n">cpu</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>Named model:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">cpu</span> <span class="n">mode</span><span class="o">=</span><span class="s1">&#39;custom&#39;</span><span class="o">&gt;</span>
<span class="o">&lt;</span><span class="n">model</span> <span class="n">name</span><span class="o">=</span><span class="s2">&quot;Westmere&quot;</span><span class="o">/&gt;</span>
<span class="o">&lt;/</span><span class="n">cpu</span><span class="o">&gt;</span>
</pre></div>
</div>
<p>Named model with feature customization:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="o">&lt;</span><span class="n">cpu</span> <span class="n">mode</span><span class="o">=</span><span class="s1">&#39;custom&#39;</span><span class="o">&gt;</span>
<span class="o">&lt;</span><span class="n">model</span> <span class="n">name</span><span class="o">=</span><span class="s2">&quot;Westmere&quot;</span><span class="o">/&gt;</span>
<span class="o">&lt;</span><span class="n">feature</span> <span class="n">name</span><span class="o">=</span><span class="s2">&quot;pcid&quot;</span> <span class="n">policy</span><span class="o">=</span><span class="s2">&quot;require&quot;</span><span class="o">/&gt;</span>
<span class="o">...</span>
<span class="o">&lt;/</span><span class="n">cpu</span><span class="o">&gt;</span>
</pre></div>
</div>
</section>
</section>
</div>
</div>
<footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
<a href="pc.html" class="btn btn-neutral float-left" title="i440fx PC (pc-i440fx, pc)" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
<a href="hyperv.html" class="btn btn-neutral float-right" title="Hyper-V Enlightenments" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
</div>
<hr/>
<div role="contentinfo">
<p>&#169; Copyright 2025, The QEMU Project Developers.</p>
</div>
Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
<a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
provided by <a href="https://readthedocs.org">Read the Docs</a>.
<!-- Empty para to force a blank line after "Built with Sphinx ..." -->
<p></p>
<p>This documentation is for QEMU version 8.2.2.</p>
<p><a href="../../about/license.html">QEMU and this manual are released under the
GNU General Public License, version 2.</a></p>
</footer>
</div>
</div>
</section>
</div>
<script>
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink