[ovirt-users] Re: Testing ovirt 4.4.1 Nested KVM on Skylake-client (core i5) does not work
Nir Soffer
nsoffer at redhat.com
Mon Sep 14 09:59:12 UTC 2020
On Mon, Sep 14, 2020 at 8:42 AM Yedidyah Bar David <didi at redhat.com> wrote:
>
> On Mon, Sep 14, 2020 at 12:28 AM wodel youchi <wodel.youchi at gmail.com> wrote:
> >
> > Hi,
> >
> > Thanks for the help, I think I found the solution using this link : https://www.berrange.com/posts/2018/06/29/cpu-model-configuration-for-qemu-kvm-on-x86-hosts/
> >
> > When executing : virsh dumpxml on my ovirt hypervisor I saw that the mpx flag was disabled, so I edited the XML file of the hypervisor VM and I did this : add the already enabled features and enable mpx with them. I stopped/started my hyerpvisor VM and voila, le nested VM-Manager has booted successfully.
> >
> >
> > <cpu mode="host-model" check="partial">
> > <feature policy="require" name="ss"/>
> > <feature policy="require" name="vmx"/>
> > <feature policy="require" name="pdcm"/>
> > <feature policy="require" name="hypervisor"/>
> > <feature policy="require" name="tsc_adjust"/>
> > <feature policy="require" name="clflushopt"/>
> > <feature policy="require" name="umip"/>
> > <feature policy="require" name="md-clear"/>
> > <feature policy="require" name="stibp"/>
> > <feature policy="require" name="arch-capabilities"/>
> > <feature policy="require" name="ssbd"/>
> > <feature policy="require" name="xsaves"/>
> > <feature policy="require" name="pdpe1gb"/>
> > <feature policy="require" name="ibpb"/>
> > <feature policy="require" name="amd-ssbd"/>
> > <feature policy="require" name="skip-l1dfl-vmentry"/>
> > <feature policy="require" name="mpx"/>
> > </cpu
>
> Thanks for the report!
>
> Would you like to open a bug about this?
>
> A possible fix is probably to pass relevant options to the
> virt-install command in ovirt-ansible-hosted-engine-setup.
> Either always - no idea what the implications are - or
> optionally, or even allow the user to pass arbitrary options.
I don't think we need to do such change on our side. This seems like a
hard to reproduce libvirt bug.
The strange thing is that after playing with the XML generated by
virt-manager, using
[x] Copy host CPU configuration
Creating this XML:
<cpu mode='custom' match='exact' check='full'>
<model fallback='forbid'>Skylake-Client-IBRS</model>
<vendor>Intel</vendor>
<feature policy='require' name='ss'/>
<feature policy='require' name='vmx'/>
<feature policy='require' name='pdcm'/>
<feature policy='require' name='hypervisor'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clflushopt'/>
<feature policy='require' name='umip'/>
<feature policy='require' name='md-clear'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='arch-capabilities'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='pdpe1gb'/>
<feature policy='require' name='ibpb'/>
<feature policy='require' name='amd-stibp'/>
<feature policy='require' name='amd-ssbd'/>
<feature policy='require' name='skip-l1dfl-vmentry'/>
<feature policy='require' name='pschange-mc-no'/>
<feature policy='disable' name='mpx'/>
</cpu>
Or using this XML in virt-manager:
<cpu mode="host-passthrough" check="none" migratable="on"/>
Both work with these cluster CPU Type:
- Secure Intel Skylake Client Family
- Intel Skylake Client Family
I think the best place to discuss this is libvirt-users mailing list:
https://www.redhat.com/mailman/listinfo/libvirt-users
Nir
> Thanks and best regards,
>
> >
> >
> > Regards.
> >
> > Le dim. 13 sept. 2020 à 19:47, Nir Soffer <nsoffer at redhat.com> a écrit :
> >>
> >> On Sun, Sep 13, 2020 at 8:32 PM wodel youchi <wodel.youchi at gmail.com> wrote:
> >> >
> >> > Hi,
> >> >
> >> > I've been using my core i5 6500 (skylake-client) for some time now to test oVirt on my machine.
> >> > However this is no longer the case.
> >> >
> >> > I am using Fedora 32 as my base system with nested-kvm enabled, when I try to install oVirt 4.4 as HCI single node, I get an error in the last phase which consists of copying the VM-Manager to the engine volume and boot it.
> >> > It is the boot that causes the problem, I get an error about the CPU :
> >> > the CPU is incompatible with host CPU: Host CPU does not provide required features: mpx
> >> >
> >> > This is the CPU part from virsh domcapabilities on my physical machine
> >> > <cpu>
> >> > <mode name='host-passthrough' supported='yes'/>
> >> > <mode name='host-model' supported='yes'>
> >> > <model fallback='forbid'>Skylake-Client-IBRS</model>
> >> > <vendor>Intel</vendor>
> >> > <feature policy='require' name='ss'/>
> >> > <feature policy='require' name='vmx'/>
> >> > <feature policy='require' name='pdcm'/>
> >> > <feature policy='require' name='hypervisor'/>
> >> > <feature policy='require' name='tsc_adjust'/>
> >> > <feature policy='require' name='clflushopt'/>
> >> > <feature policy='require' name='umip'/>
> >> > <feature policy='require' name='md-clear'/>
> >> > <feature policy='require' name='stibp'/>
> >> > <feature policy='require' name='arch-capabilities'/>
> >> > <feature policy='require' name='ssbd'/>
> >> > <feature policy='require' name='xsaves'/>
> >> > <feature policy='require' name='pdpe1gb'/>
> >> > <feature policy='require' name='invtsc'/>
> >> > <feature policy='require' name='ibpb'/>
> >> > <feature policy='require' name='amd-ssbd'/>
> >> > <feature policy='require' name='skip-l1dfl-vmentry'/>
> >> > </mode>
> >> > <mode name='custom' supported='yes'>
> >> > <model usable='yes'>qemu64</model>
> >> > <model usable='yes'>qemu32</model>
> >> > <model usable='no'>phenom</model>
> >> > <model usable='yes'>pentium3</model>
> >> > <model usable='yes'>pentium2</model>
> >> > <model usable='yes'>pentium</model>
> >> > <model usable='yes'>n270</model>
> >> > <model usable='yes'>kvm64</model>
> >> > <model usable='yes'>kvm32</model>
> >> > <model usable='yes'>coreduo</model>
> >> > <model usable='yes'>core2duo</model>
> >> > <model usable='no'>athlon</model>
> >> > <model usable='yes'>Westmere-IBRS</model>
> >> > <model usable='yes'>Westmere</model>
> >> > <model usable='no'>Skylake-Server-IBRS</model>
> >> > <model usable='no'>Skylake-Server</model>
> >> > <model usable='yes'>Skylake-Client-IBRS</model>
> >> > <model usable='yes'>Skylake-Client</model>
> >> > <model usable='yes'>SandyBridge-IBRS</model>
> >> > <model usable='yes'>SandyBridge</model>
> >> > <model usable='yes'>Penryn</model>
> >> > <model usable='no'>Opteron_G5</model>
> >> > <model usable='no'>Opteron_G4</model>
> >> > <model usable='no'>Opteron_G3</model>
> >> > <model usable='yes'>Opteron_G2</model>
> >> > <model usable='yes'>Opteron_G1</model>
> >> > <model usable='yes'>Nehalem-IBRS</model>
> >> > <model usable='yes'>Nehalem</model>
> >> > <model usable='yes'>IvyBridge-IBRS</model>
> >> > <model usable='yes'>IvyBridge</model>
> >> > <model usable='no'>Icelake-Server</model>
> >> > <model usable='no'>Icelake-Client</model>
> >> > <model usable='yes'>Haswell-noTSX-IBRS</model>
> >> > <model usable='yes'>Haswell-noTSX</model>
> >> > <model usable='yes'>Haswell-IBRS</model>
> >> > <model usable='yes'>Haswell</model>
> >> > <model usable='no'>EPYC-IBPB</model>
> >> > <model usable='no'>EPYC</model>
> >> > <model usable='no'>Dhyana</model>
> >> > <model usable='yes'>Conroe</model>
> >> > <model usable='no'>Cascadelake-Server</model>
> >> > <model usable='yes'>Broadwell-noTSX-IBRS</model>
> >> > <model usable='yes'>Broadwell-noTSX</model>
> >> > <model usable='yes'>Broadwell-IBRS</model>
> >> > <model usable='yes'>Broadwell</model>
> >> > <model usable='yes'>486</model>
> >> > </mode>
> >> > </cpu>
> >> >
> >> > Here is the lscpu of my physical machine
> >> > # lscpu
> >> > Architecture: x86_64
> >> > CPU op-mode(s): 32-bit, 64-bit
> >> > Byte Order: Little Endian
> >> > Address sizes: 39 bits physical, 48 bits virtual
> >> > CPU(s): 4
> >> > On-line CPU(s) list: 0-3
> >> > Thread(s) per core: 1
> >> > Core(s) per socket: 4
> >> > Socket(s): 1
> >> > NUMA node(s): 1
> >> > Vendor ID: GenuineIntel
> >> > CPU family: 6
> >> > Model: 94
> >> > Model name: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
> >> > Stepping: 3
> >> > CPU MHz: 954.588
> >> > CPU max MHz: 3600.0000
> >> > CPU min MHz: 800.0000
> >> > BogoMIPS: 6399.96
> >> > Virtualization: VT-x
> >> > L1d cache: 128 KiB
> >> > L1i cache: 128 KiB
> >> > L2 cache: 1 MiB
> >> > L3 cache: 6 MiB
> >> > NUMA node0 CPU(s): 0-3
> >> > Vulnerability Itlb multihit: KVM: Mitigation: Split huge pages
> >> > Vulnerability L1tf: Mitigation; PTE Inversion; VMX conditional cache flushes, SMT disabled
> >> > Vulnerability Mds: Mitigation; Clear CPU buffers; SMT disabled
> >> > Vulnerability Meltdown: Mitigation; PTI
> >> > Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp
> >> > Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
> >> > Vulnerability Spectre v2: Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, STIBP disabled, RSB filling
> >> > Vulnerability Srbds: Vulnerable: No microcode
> >> > Vulnerability Tsx async abort: Mitigation; Clear CPU buffers; SMT disabled
> >> > Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constan
> >> > t_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16
> >> > xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault invpcid_single pti ssbd
> >> > ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx rdseed adx smap clflushopt in
> >> > tel_pt xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts hwp hwp_notify hwp_act_window hwp_epp md_clear flush_l1d
> >> >
> >> >
> >> >
> >> > Here is the CPU part from virsh dumpxml of my ovirt hypervisor
> >> > <cpu mode='custom' match='exact' check='full'>
> >> > <model fallback='forbid'>Skylake-Client-IBRS</model>
> >> > <vendor>Intel</vendor>
> >> > <feature policy='require' name='ss'/>
> >> > <feature policy='require' name='vmx'/>
> >> > <feature policy='require' name='pdcm'/>
> >> > <feature policy='require' name='hypervisor'/>
> >> > <feature policy='require' name='tsc_adjust'/>
> >> > <feature policy='require' name='clflushopt'/>
> >> > <feature policy='require' name='umip'/>
> >> > <feature policy='require' name='md-clear'/>
> >> > <feature policy='require' name='stibp'/>
> >> > <feature policy='require' name='arch-capabilities'/>
> >> > <feature policy='require' name='ssbd'/>
> >> > <feature policy='require' name='xsaves'/>
> >> > <feature policy='require' name='pdpe1gb'/>
> >> > <feature policy='require' name='ibpb'/>
> >> > <feature policy='require' name='amd-ssbd'/>
> >> > <feature policy='require' name='skip-l1dfl-vmentry'/>
> >> > <feature policy='disable' name='mpx'/>
> >> > </cpu>
> >> >
> >> > Here is the lcpu of my ovirt hypervisor
> >> > [root at node1 ~]# lscpu
> >> > Architecture : x86_64
> >> > Mode(s) opératoire(s) des processeurs : 32-bit, 64-bit
> >> > Boutisme : Little Endian
> >> > Processeur(s) : 4
> >> > Liste de processeur(s) en ligne : 0-3
> >> > Thread(s) par cœur : 1
> >> > Cœur(s) par socket : 1
> >> > Socket(s) : 4
> >> > Nœud(s) NUMA : 1
> >> > Identifiant constructeur : GenuineIntel
> >> > Famille de processeur : 6
> >> > Modèle : 94
> >> > Nom de modèle : Intel Core Processor (Skylake, IBRS)
> >> > Révision : 3
> >> > Vitesse du processeur en MHz : 3191.998
> >> > BogoMIPS : 6383.99
> >> > Virtualisation : VT-x
> >> > Constructeur d'hyperviseur : KVM
> >> > Type de virtualisation : complet
> >> > Cache L1d : 32K
> >> > Cache L1i : 32K
> >> > Cache L2 : 4096K
> >> > Cache L3 : 16384K
> >> > Nœud NUMA 0 de processeur(s) : 0-3
> >> > Drapaux : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc rep_go
> >> > od nopl xtopology cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnow
> >> > prefetch cpuid_fault invpcid_single pti ssbd ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap clflushopt xs
> >> > aveopt xsavec xgetbv1 xsaves arat umip md_clear arch_capabilities
> >> >
> >> > it seems not all the flags are presented to the hypervisor especially the mpx which causes the error
> >> >
> >> > Is there a workaround for this?
> >>
> >> I'm using a similar setup, using older generation CPU works.
> >>
> >> Cluster CPU Type:
> >> Intel Broadwell Family
> >>
> >> It looks like this bug:
> >> https://bugzilla.redhat.com/1609818
> >>
> >> But it cannot be fixed by resetting the cpu type, suggested in:
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1609818#c9
> >>
> >> Nir
> >>
> >>
> >> Nir
> >>
> > _______________________________________________
> > Users mailing list -- users at ovirt.org
> > To unsubscribe send an email to users-leave at ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
>
>
>
> --
> Didi
>
More information about the libvirt-users
mailing list