2 QEMU / KVM CPU model configuration
5 @c man begin DESCRIPTION
8 * recommendations_cpu_models_x86:: Recommendations for KVM CPU model configuration on x86 hosts
9 * recommendations_cpu_models_MIPS:: Supported CPU model configurations on MIPS hosts
10 * cpu_model_syntax_apps:: Syntax for configuring CPU models
13 QEMU / KVM virtualization supports two ways to configure CPU models
17 @item Host passthrough
19 This passes the host CPU model features, model, stepping, exactly to the
20 guest. Note that KVM may filter out some host CPU model features if they
21 cannot be supported with virtualization. Live migration is unsafe when
22 this mode is used as libvirt / QEMU cannot guarantee a stable CPU is
23 exposed to the guest across hosts. This is the recommended CPU to use,
24 provided live migration is not required.
28 QEMU comes with a number of predefined named CPU models, that typically
29 refer to specific generations of hardware released by Intel and AMD.
30 These allow the guest VMs to have a degree of isolation from the host CPU,
31 allowing greater flexibility in live migrating between hosts with differing
35 In both cases, it is possible to optionally add or remove individual CPU
36 features, to alter what is presented to the guest by default.
38 Libvirt supports a third way to configure CPU models known as "Host model".
39 This uses the QEMU "Named model" feature, automatically picking a CPU model
40 that is similar the host CPU, and then adding extra features to approximate
41 the host model as closely as possible. This does not guarantee the CPU family,
42 stepping, etc will precisely match the host CPU, as they would with "Host
43 passthrough", but gives much of the benefit of passthrough, while making
46 @node recommendations_cpu_models_x86
47 @subsection Recommendations for KVM CPU model configuration on x86 hosts
49 The information that follows provides recommendations for configuring
50 CPU models on x86 hosts. The goals are to maximise performance, while
51 protecting guest OS against various CPU hardware flaws, and optionally
52 enabling live migration between hosts with heterogeneous CPU models.
55 * preferred_cpu_models_intel_x86:: Preferred CPU models for Intel x86 hosts
56 * important_cpu_features_intel_x86:: Important CPU features for Intel x86 hosts
57 * preferred_cpu_models_amd_x86:: Preferred CPU models for AMD x86 hosts
58 * important_cpu_features_amd_x86:: Important CPU features for AMD x86 hosts
59 * default_cpu_models_x86:: Default x86 CPU models
60 * other_non_recommended_cpu_models_x86:: Other non-recommended x86 CPUs
63 @node preferred_cpu_models_intel_x86
64 @subsubsection Preferred CPU models for Intel x86 hosts
66 The following CPU models are preferred for use on Intel hosts. Administrators /
67 applications are recommended to use the CPU model that matches the generation
68 of the host CPUs in use. In a deployment with a mixture of host CPU models
69 between machines, if live migration compatibility is required, use the newest
70 CPU model that is compatible across all desired hosts.
73 @item @code{Skylake-Server}
74 @item @code{Skylake-Server-IBRS}
76 Intel Xeon Processor (Skylake, 2016)
79 @item @code{Skylake-Client}
80 @item @code{Skylake-Client-IBRS}
82 Intel Core Processor (Skylake, 2015)
85 @item @code{Broadwell}
86 @item @code{Broadwell-IBRS}
87 @item @code{Broadwell-noTSX}
88 @item @code{Broadwell-noTSX-IBRS}
90 Intel Core Processor (Broadwell, 2014)
94 @item @code{Haswell-IBRS}
95 @item @code{Haswell-noTSX}
96 @item @code{Haswell-noTSX-IBRS}
98 Intel Core Processor (Haswell, 2013)
101 @item @code{IvyBridge}
102 @item @code{IvyBridge-IBRS}
104 Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
107 @item @code{SandyBridge}
108 @item @code{SandyBridge-IBRS}
110 Intel Xeon E312xx (Sandy Bridge, 2011)
113 @item @code{Westmere}
114 @item @code{Westmere-IBRS}
116 Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
120 @item @code{Nehalem-IBRS}
122 Intel Core i7 9xx (Nehalem Class Core i7, 2008)
127 Intel Core 2 Duo P9xxx (Penryn Class Core 2, 2007)
132 Intel Celeron_4x0 (Conroe/Merom Class Core 2, 2006)
136 @node important_cpu_features_intel_x86
137 @subsubsection Important CPU features for Intel x86 hosts
139 The following are important CPU features that should be used on Intel x86
140 hosts, when available in the host CPU. Some of them require explicit
141 configuration to enable, as they are not included by default in some, or all,
142 of the named CPU models listed above. In general all of these features are
143 included if using "Host passthrough" or "Host model".
150 Recommended to mitigate the cost of the Meltdown (CVE-2017-5754) fix
152 Included by default in Haswell, Broadwell & Skylake Intel CPU models.
154 Should be explicitly turned on for Westmere, SandyBridge, and IvyBridge
155 Intel CPU models. Note that some desktop/mobile Westmere CPUs cannot
156 support this feature.
159 @item @code{spec-ctrl}
161 Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715) fix,
162 in cases where retpolines are not sufficient.
164 Included by default in Intel CPU models with -IBRS suffix.
166 Must be explicitly turned on for Intel CPU models without -IBRS suffix.
168 Requires the host CPU microcode to support this feature before it
169 can be used for guest CPUs.
174 Required to enable the CVE-2018-3639 fix
176 Not included by default in any Intel CPU model.
178 Must be explicitly turned on for all Intel CPU models.
180 Requires the host CPU microcode to support this feature before it
181 can be used for guest CPUs.
186 Recommended to allow guest OS to use 1GB size pages
188 Not included by default in any Intel CPU model.
190 Should be explicitly turned on for all Intel CPU models.
192 Note that not all CPU hardware will support this feature.
196 @node preferred_cpu_models_amd_x86
197 @subsubsection Preferred CPU models for AMD x86 hosts
199 The following CPU models are preferred for use on Intel hosts. Administrators /
200 applications are recommended to use the CPU model that matches the generation
201 of the host CPUs in use. In a deployment with a mixture of host CPU models
202 between machines, if live migration compatibility is required, use the newest
203 CPU model that is compatible across all desired hosts.
208 @item @code{EPYC-IBPB}
210 AMD EPYC Processor (2017)
213 @item @code{Opteron_G5}
215 AMD Opteron 63xx class CPU (2012)
218 @item @code{Opteron_G4}
220 AMD Opteron 62xx class CPU (2011)
223 @item @code{Opteron_G3}
225 AMD Opteron 23xx (Gen 3 Class Opteron, 2009)
228 @item @code{Opteron_G2}
230 AMD Opteron 22xx (Gen 2 Class Opteron, 2006)
233 @item @code{Opteron_G1}
235 AMD Opteron 240 (Gen 1 Class Opteron, 2004)
238 @node important_cpu_features_amd_x86
239 @subsubsection Important CPU features for AMD x86 hosts
241 The following are important CPU features that should be used on AMD x86
242 hosts, when available in the host CPU. Some of them require explicit
243 configuration to enable, as they are not included by default in some, or all,
244 of the named CPU models listed above. In general all of these features are
245 included if using "Host passthrough" or "Host model".
252 Required to enable the Spectre (CVE-2017-5753 and CVE-2017-5715) fix,
253 in cases where retpolines are not sufficient.
255 Included by default in AMD CPU models with -IBPB suffix.
257 Must be explicitly turned on for AMD CPU models without -IBPB suffix.
259 Requires the host CPU microcode to support this feature before it
260 can be used for guest CPUs.
263 @item @code{virt-ssbd}
265 Required to enable the CVE-2018-3639 fix
267 Not included by default in any AMD CPU model.
269 Must be explicitly turned on for all AMD CPU models.
271 This should be provided to guests, even if amd-ssbd is also
272 provided, for maximum guest compatibility.
274 Note for some QEMU / libvirt versions, this must be force enabled
275 when when using "Host model", because this is a virtual feature
276 that doesn't exist in the physical host CPUs.
279 @item @code{amd-ssbd}
281 Required to enable the CVE-2018-3639 fix
283 Not included by default in any AMD CPU model.
285 Must be explicitly turned on for all AMD CPU models.
287 This provides higher performance than virt-ssbd so should be
288 exposed to guests whenever available in the host. virt-ssbd
289 should none the less also be exposed for maximum guest
290 compatibility as some kernels only know about virt-ssbd.
293 @item @code{amd-no-ssb}
295 Recommended to indicate the host is not vulnerable CVE-2018-3639
297 Not included by default in any AMD CPU model.
299 Future hardware generations of CPU will not be vulnerable to
300 CVE-2018-3639, and thus the guest should be told not to enable
301 its mitigations, by exposing amd-no-ssb. This is mutually
302 exclusive with virt-ssbd and amd-ssbd.
307 Recommended to allow guest OS to use 1GB size pages
309 Not included by default in any AMD CPU model.
311 Should be explicitly turned on for all AMD CPU models.
313 Note that not all CPU hardware will support this feature.
317 @node default_cpu_models_x86
318 @subsubsection Default x86 CPU models
320 The default QEMU CPU models are designed such that they can run on all hosts.
321 If an application does not wish to do perform any host compatibility checks
322 before launching guests, the default is guaranteed to work.
324 The default CPU models will, however, leave the guest OS vulnerable to various
325 CPU hardware flaws, so their use is strongly discouraged. Applications should
326 follow the earlier guidance to setup a better CPU configuration, with host
327 passthrough recommended if live migration is not needed.
333 QEMU Virtual CPU version 2.5+ (32 & 64 bit variants)
335 qemu64 is used for x86_64 guests and qemu32 is used for i686 guests, when no
336 -cpu argument is given to QEMU, or no <cpu> is provided in libvirt XML.
340 @node other_non_recommended_cpu_models_x86
341 @subsubsection Other non-recommended x86 CPUs
343 The following CPUs models are compatible with most AMD and Intel x86 hosts, but
344 their usage is discouraged, as they expose a very limited featureset, which
345 prevents guests having optimal performance.
352 Common KVM processor (32 & 64 bit variants)
354 Legacy models just for historical compatibility with ancient QEMU versions.
361 @item @code{core2duo}
364 @item @code{pentium2}
365 @item @code{pentium3}
367 Various very old x86 CPU models, mostly predating the introduction of
368 hardware assisted virtualization, that should thus not be required for
369 running virtual machines.
372 @node recommendations_cpu_models_MIPS
373 @subsection Supported CPU model configurations on MIPS hosts
375 QEMU supports variety of MIPS CPU models:
378 * cpu_models_MIPS32:: Supported CPU models for MIPS32 hosts
379 * cpu_models_MIPS64:: Supported CPU models for MIPS64 hosts
380 * cpu_models_nanoMIPS:: Supported CPU models for nanoMIPS hosts
381 * preferred_cpu_models_MIPS:: Preferred CPU models for MIPS hosts
384 @node cpu_models_MIPS32
385 @subsubsection Supported CPU models for MIPS32 hosts
387 The following CPU models are supported for use on MIPS32 hosts. Administrators /
388 applications are recommended to use the CPU model that matches the generation
389 of the host CPUs in use. In a deployment with a mixture of host CPU models
390 between machines, if live migration compatibility is required, use the newest
391 CPU model that is compatible across all desired hosts.
394 @item @code{mips32r6-generic}
396 MIPS32 Processor (Release 6, 2015)
401 MIPS32 Processor (P5600, 2014)
407 MIPS32 Processor (M14K, 2009)
412 MIPS32 Processor (74K, 2007)
417 MIPS32 Processor (34K, 2006)
424 MIPS32 Processor (24K, 2003)
434 MIPS32 Processor (4K, 1999)
437 @node cpu_models_MIPS64
438 @subsubsection Supported CPU models for MIPS64 hosts
440 The following CPU models are supported for use on MIPS64 hosts. Administrators /
441 applications are recommended to use the CPU model that matches the generation
442 of the host CPUs in use. In a deployment with a mixture of host CPU models
443 between machines, if live migration compatibility is required, use the newest
444 CPU model that is compatible across all desired hosts.
449 MIPS64 Processor (Release 6, 2014)
452 @item @code{Loongson-2F}
454 MIPS64 Processor (Loongson 2, 2008)
457 @item @code{Loongson-2E}
459 MIPS64 Processor (Loongson 2, 2006)
462 @item @code{mips64dspr2}
464 MIPS64 Processor (Release 2, 2006)
467 @item @code{MIPS64R2-generic}
471 MIPS64 Processor (Release 2, 2002)
476 MIPS64 Processor (20K, 2000)
482 MIPS64 Processor (5K, 1999)
487 MIPS64 Processor (VR, 1998)
492 MIPS64 Processor (MIPS III, 1991)
495 @node cpu_models_nanoMIPS
496 @subsubsection Supported CPU models for nanoMIPS hosts
498 The following CPU models are supported for use on nanoMIPS hosts. Administrators /
499 applications are recommended to use the CPU model that matches the generation
500 of the host CPUs in use. In a deployment with a mixture of host CPU models
501 between machines, if live migration compatibility is required, use the newest
502 CPU model that is compatible across all desired hosts.
507 MIPS I7200 (nanoMIPS, 2018)
511 @node preferred_cpu_models_MIPS
512 @subsubsection Preferred CPU models for MIPS hosts
514 The following CPU models are preferred for use on different MIPS hosts:
517 @item @code{MIPS III}
520 @item @code{MIPS32R2}
523 @item @code{MIPS64R6}
526 @item @code{nanoMIPS}
530 @node cpu_model_syntax_apps
531 @subsection Syntax for configuring CPU models
533 The example below illustrate the approach to configuring the various
534 CPU models / features in QEMU and libvirt
537 * cpu_model_syntax_qemu:: QEMU command line
538 * cpu_model_syntax_libvirt:: Libvirt guest XML
541 @node cpu_model_syntax_qemu
542 @subsubsection QEMU command line
546 @item Host passthrough
549 $ qemu-system-x86_64 -cpu host
552 With feature customization:
555 $ qemu-system-x86_64 -cpu host,-vmx,...
558 @item Named CPU models
561 $ qemu-system-x86_64 -cpu Westmere
564 With feature customization:
567 $ qemu-system-x86_64 -cpu Westmere,+pcid,...
572 @node cpu_model_syntax_libvirt
573 @subsubsection Libvirt guest XML
577 @item Host passthrough
580 <cpu mode='host-passthrough'/>
583 With feature customization:
586 <cpu mode='host-passthrough'>
587 <feature name="vmx" policy="disable"/>
595 <cpu mode='host-model'/>
598 With feature customization:
601 <cpu mode='host-model'>
602 <feature name="vmx" policy="disable"/>
611 <model name="Westmere"/>
615 With feature customization:
619 <model name="Westmere"/>
620 <feature name="pcid" policy="require"/>
631 @setfilename qemu-cpu-models
632 @settitle QEMU / KVM CPU model configuration
635 The HTML documentation of QEMU for more precise information and Linux
636 user mode emulator invocation.