From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Jon Kohler <jon@nutanix.com>
Cc: Dave Hansen <dave.hansen@intel.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@alien8.de>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Jonathan Corbet <corbet@lwn.net>, Ingo Molnar <mingo@redhat.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>, Brian Gerst <brgerst@gmail.com>,
Brendan Jackman <jackmanb@google.com>,
"Ahmed S. Darwish" <darwi@linutronix.de>,
Alexandre Chartre <alexandre.chartre@oracle.com>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] x86/its: use Sapphire Rapids+ feature to opt out
Date: Tue, 21 Oct 2025 11:46:15 -0400 [thread overview]
Message-ID: <aPeqx-qNnE5_w9PA@char.us.oracle.com> (raw)
In-Reply-To: <5E09F6D2-F6E5-45A2-8264-34DC6DF679B5@nutanix.com>
On Tue, Oct 21, 2025 at 03:35:28PM +0000, Jon Kohler wrote:
>
>
> > On Oct 21, 2025, at 11:27 AM, Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> wrote:
> >
> > > >
> > On Tue, Oct 21, 2025 at 02:39:15PM +0000, Jon Kohler wrote:
> >>
> >>
> >>> On Oct 21, 2025, at 10:01 AM, Dave Hansen <dave.hansen@intel.com> wrote:
> >>>
> >>>>>
> >>> On 10/21/25 06:40, Jon Kohler wrote:
> >>>> So to simplify it down:
> >>>> A guest VM that updates to a ITS-enabled guest kernel sees performance
> >>>> impacts on non-vulnerable hardware, when running on non-BHI_CTRL and/or
> >>>> non-ITS_NO hypervisors, which is a very easy situation to get into, especially
> >>>> on QEMU with live migration-enabled pools.
> >>>
> >>> By non-$FEATURE, do you mean that they chose to not enumerate those
> >>> features, or that they are completely ignorant of them?
> >>
> >> Both cases are true for QEMU.
> >>
> >> For ITS_NO, it is an allowed feature, but its not part of a QEMU model by
> >> default, so the higher level control plane whatever that may be would need to
> >> specifically turn it on, its not automatic.
> >>
> >> For BHI_CTRL, depending on what QEMU the VM was originally *started* on,
> >> the guest may have access to Sapphire Rapids models, but BHI_CTRL may
> >> not have existed in the QEMU source at that time, as those were introduced
> >> into two different timeframes.
> >
> > QEMU provides now a mechanism to update itself to a newer version. See
> >
> > https://urldefense.proofpoint.com/v2/url?u=https-3A__blogs.oracle.com_linux_post_qemu-2Dlive-2Dupdate&d=DwIFaQ&c=s883GpUCOChKOHiocYtGcg&r=NGPRGGo37mQiSXgHKm5rCQ&m=UUSvpPViiTB6CJQtj3GREK4bQFz7MT9uNiAu5AL3O23d6I1yk4vheLDyR41ZcbRI&s=x19gwHU3HGXSlGkK0ppkawex3SIbs8xHj5hPtwNCFwc&e=
> >
> > That should solve your QEMU problem.
>
> Can this live update feature change CPU feature bits (e.g. add on
> -cpu ModelHere … new_flag=yes) during the update?
It is possible, but a pain in operation b/c you have to keep track of
the newer parameters you are adding and if add some device in wrong
order (wrong PCI BDF), well, things won't be nice.
>
> Can it change CPU models during the live update (e.g. change
> -cpu Model-v1 to -cpu Model-v2)?
Not exactly. But you can modify the built-in Model-v1 (in the newer
version) to have the newer CPU flags and it will carry-over.
Anyhow it is all in the latest version of QEMU.
prev parent reply other threads:[~2025-10-21 15:47 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-17 1:12 [PATCH] x86/its: use Sapphire Rapids+ feature to opt out Jon Kohler
2025-10-20 15:48 ` Sean Christopherson
2025-10-20 16:05 ` Jon Kohler
2025-10-20 16:21 ` Dave Hansen
2025-10-20 16:26 ` Jon Kohler
2025-10-20 19:26 ` Pawan Gupta
2025-10-20 19:38 ` Jon Kohler
2025-10-20 19:53 ` Pawan Gupta
2025-10-20 20:29 ` Jon Kohler
2025-10-20 19:44 ` Pawan Gupta
2025-10-20 19:54 ` Jon Kohler
2025-10-20 20:40 ` Pawan Gupta
2025-10-20 21:02 ` Jon Kohler
2025-10-20 22:09 ` Dave Hansen
2025-10-20 22:41 ` Pawan Gupta
2025-10-21 13:40 ` Jon Kohler
2025-10-21 14:01 ` Dave Hansen
2025-10-21 14:39 ` Jon Kohler
2025-10-21 15:21 ` Dave Hansen
2025-10-21 15:40 ` Jon Kohler
2025-10-21 15:27 ` Konrad Rzeszutek Wilk
2025-10-21 15:35 ` Jon Kohler
2025-10-21 15:46 ` Konrad Rzeszutek Wilk [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPeqx-qNnE5_w9PA@char.us.oracle.com \
--to=konrad.wilk@oracle.com \
--cc=alexandre.chartre@oracle.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=corbet@lwn.net \
--cc=darwi@linutronix.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jackmanb@google.com \
--cc=jon@nutanix.com \
--cc=jpoimboe@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox