1 Recommendations for KVM CPU model configuration on x86 hosts
2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4 The information that follows provides recommendations for configuring
5 CPU models on x86 hosts. The goals are to maximise performance, while
6 protecting guest OS against various CPU hardware flaws, and optionally
7 enabling live migration between hosts with heterogeneous CPU models.
10 Two ways to configure CPU models with QEMU / KVM
11 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
13 (1) **Host passthrough**
15 This passes the host CPU model features, model, stepping, exactly to
16 the guest. Note that KVM may filter out some host CPU model features
17 if they cannot be supported with virtualization. Live migration is
18 unsafe when this mode is used as libvirt / QEMU cannot guarantee a
19 stable CPU is exposed to the guest across hosts. This is the
20 recommended CPU to use, provided live migration is not required.
24 QEMU comes with a number of predefined named CPU models, that
25 typically refer to specific generations of hardware released by
26 Intel and AMD. These allow the guest VMs to have a degree of
27 isolation from the host CPU, allowing greater flexibility in live
28 migrating between hosts with differing hardware. @end table
30 In both cases, it is possible to optionally add or remove individual CPU
31 features, to alter what is presented to the guest by default.
33 Libvirt supports a third way to configure CPU models known as "Host
34 model". This uses the QEMU "Named model" feature, automatically picking
35 a CPU model that is similar the host CPU, and then adding extra features
36 to approximate the host model as closely as possible. This does not
37 guarantee the CPU family, stepping, etc will precisely match the host
38 CPU, as they would with "Host passthrough", but gives much of the
39 benefit of passthrough, while making live migration safe.
42 Preferred CPU models for Intel x86 hosts
43 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
45 The following CPU models are preferred for use on Intel hosts.
46 Administrators / applications are recommended to use the CPU model that
47 matches the generation of the host CPUs in use. In a deployment with a
48 mixture of host CPU models between machines, if live migration
49 compatibility is required, use the newest CPU model that is compatible
50 across all desired hosts.
52 ``Skylake-Server``, ``Skylake-Server-IBRS``
53 Intel Xeon Processor (Skylake, 2016)
55 ``Skylake-Client``, ``Skylake-Client-IBRS``
56 Intel Core Processor (Skylake, 2015)
58 ``Broadwell``, ``Broadwell-IBRS``, ``Broadwell-noTSX``, ``Broadwell-noTSX-IBRS``
59 Intel Core Processor (Broadwell, 2014)
61 ``Haswell``, ``Haswell-IBRS``, ``Haswell-noTSX``, ``Haswell-noTSX-IBRS``
62 Intel Core Processor (Haswell, 2013)
64 ``IvyBridge``, ``IvyBridge-IBR``
65 Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
67 ``SandyBridge``, ``SandyBridge-IBRS``
68 Intel Xeon E312xx (Sandy Bridge, 2011)
70 ``Westmere``, ``Westmere-IBRS``
71 Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
73 ``Nehalem``, ``Nehalem-IBRS``
74 Intel Core i7 9xx (Nehalem Class Core i7, 2008)
77 Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
80 Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
83 Important CPU features for Intel x86 hosts
84 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
86 The following are important CPU features that should be used on Intel
87 x86 hosts, when available in the host CPU. Some of them require explicit
88 configuration to enable, as they are not included by default in some, or
89 all, of the named CPU models listed above. In general all of these
90 features are included if using "Host passthrough" or "Host model".
93 Recommended to mitigate the cost of the Meltdown (CVE-2017-5754) fix.
95 Included by default in Haswell, Broadwell & Skylake Intel CPU models.
97 Should be explicitly turned on for Westmere, SandyBridge, and
98 IvyBridge Intel CPU models. Note that some desktop/mobile Westmere
99 CPUs cannot support this feature.
102 Required to enable the Spectre v2 (CVE-2017-5715) fix.
104 Included by default in Intel CPU models with -IBRS suffix.
106 Must be explicitly turned on for Intel CPU models without -IBRS
109 Requires the host CPU microcode to support this feature before it
110 can be used for guest CPUs.
113 Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
116 Must be explicitly turned on for all Intel CPU models.
118 Requires the host CPU microcode to support this feature before it can
119 be used for guest CPUs.
122 Required to enable the CVE-2018-3639 fix.
124 Not included by default in any Intel CPU model.
126 Must be explicitly turned on for all Intel CPU models.
128 Requires the host CPU microcode to support this feature before it
129 can be used for guest CPUs.
132 Recommended to allow guest OS to use 1GB size pages.
134 Not included by default in any Intel CPU model.
136 Should be explicitly turned on for all Intel CPU models.
138 Note that not all CPU hardware will support this feature.
141 Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127,
142 CVE-2018-12130, CVE-2019-11091) fixes.
144 Not included by default in any Intel CPU model.
146 Must be explicitly turned on for all Intel CPU models.
148 Requires the host CPU microcode to support this feature before it
149 can be used for guest CPUs.
152 Preferred CPU models for AMD x86 hosts
153 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
155 The following CPU models are preferred for use on Intel hosts.
156 Administrators / applications are recommended to use the CPU model that
157 matches the generation of the host CPUs in use. In a deployment with a
158 mixture of host CPU models between machines, if live migration
159 compatibility is required, use the newest CPU model that is compatible
160 across all desired hosts.
162 ``EPYC``, ``EPYC-IBPB``
163 AMD EPYC Processor (2017)
166 AMD Opteron 63xx class CPU (2012)
169 AMD Opteron 62xx class CPU (2011)
172 AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
175 AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
178 AMD Opteron 240 (Gen 1 Class Opteron, 2004)
181 Important CPU features for AMD x86 hosts
182 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
184 The following are important CPU features that should be used on AMD x86
185 hosts, when available in the host CPU. Some of them require explicit
186 configuration to enable, as they are not included by default in some, or
187 all, of the named CPU models listed above. In general all of these
188 features are included if using "Host passthrough" or "Host model".
191 Required to enable the Spectre v2 (CVE-2017-5715) fix.
193 Included by default in AMD CPU models with -IBPB suffix.
195 Must be explicitly turned on for AMD CPU models without -IBPB suffix.
197 Requires the host CPU microcode to support this feature before it
198 can be used for guest CPUs.
201 Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
204 Must be explicitly turned on for all AMD CPU models.
206 Requires the host CPU microcode to support this feature before it
207 can be used for guest CPUs.
210 Required to enable the CVE-2018-3639 fix
212 Not included by default in any AMD CPU model.
214 Must be explicitly turned on for all AMD CPU models.
216 This should be provided to guests, even if amd-ssbd is also provided,
217 for maximum guest compatibility.
219 Note for some QEMU / libvirt versions, this must be force enabled when
220 when using "Host model", because this is a virtual feature that
221 doesn't exist in the physical host CPUs.
224 Required to enable the CVE-2018-3639 fix
226 Not included by default in any AMD CPU model.
228 Must be explicitly turned on for all AMD CPU models.
230 This provides higher performance than ``virt-ssbd`` so should be
231 exposed to guests whenever available in the host. ``virt-ssbd`` should
232 none the less also be exposed for maximum guest compatibility as some
233 kernels only know about ``virt-ssbd``.
236 Recommended to indicate the host is not vulnerable CVE-2018-3639
238 Not included by default in any AMD CPU model.
240 Future hardware generations of CPU will not be vulnerable to
241 CVE-2018-3639, and thus the guest should be told not to enable
242 its mitigations, by exposing amd-no-ssb. This is mutually
243 exclusive with virt-ssbd and amd-ssbd.
246 Recommended to allow guest OS to use 1GB size pages
248 Not included by default in any AMD CPU model.
250 Should be explicitly turned on for all AMD CPU models.
252 Note that not all CPU hardware will support this feature.
255 Default x86 CPU models
256 ^^^^^^^^^^^^^^^^^^^^^^
258 The default QEMU CPU models are designed such that they can run on all
259 hosts. If an application does not wish to do perform any host
260 compatibility checks before launching guests, the default is guaranteed
263 The default CPU models will, however, leave the guest OS vulnerable to
264 various CPU hardware flaws, so their use is strongly discouraged.
265 Applications should follow the earlier guidance to setup a better CPU
266 configuration, with host passthrough recommended if live migration is
269 ``qemu32``, ``qemu64``
270 QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
272 ``qemu64`` is used for x86_64 guests and ``qemu32`` is used for i686
273 guests, when no ``-cpu`` argument is given to QEMU, or no ``<cpu>`` is
274 provided in libvirt XML.
276 Other non-recommended x86 CPUs
277 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
279 The following CPUs models are compatible with most AMD and Intel x86
280 hosts, but their usage is discouraged, as they expose a very limited
281 featureset, which prevents guests having optimal performance.
284 Common KVM processor (32 & 64 bit variants).
286 Legacy models just for historical compatibility with ancient QEMU
289 ``486``, ``athlon``, ``phenom``, ``coreduo``, ``core2duo``, ``n270``, ``pentium``, ``pentium2``, ``pentium3``
290 Various very old x86 CPU models, mostly predating the introduction
291 of hardware assisted virtualization, that should thus not be
292 required for running virtual machines.
295 Syntax for configuring CPU models
296 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
298 The examples below illustrate the approach to configuring the various
299 CPU models / features in QEMU and libvirt.
308 |qemu_system| -cpu host
310 Host passthrough with feature customization:
314 |qemu_system| -cpu host,-vmx,...
320 |qemu_system| -cpu Westmere
322 Named CPU models with feature customization:
326 |qemu_system| -cpu Westmere,+pcid,...
333 <cpu mode='host-passthrough'/>
335 Host passthrough with feature customization::
337 <cpu mode='host-passthrough'>
338 <feature name="vmx" policy="disable"/>
344 <cpu mode='host-model'/>
346 Host model with feature customization::
348 <cpu mode='host-model'>
349 <feature name="vmx" policy="disable"/>
356 <model name="Westmere"/>
359 Named model with feature customization::
362 <model name="Westmere"/>
363 <feature name="pcid" policy="require"/>