From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38586)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ehabkost@redhat.com>) id 1bKPcr-0001re-Rh
	for qemu-devel@nongnu.org; Tue, 05 Jul 2016 08:38:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ehabkost@redhat.com>) id 1bKPcm-0001Ev-Ri
	for qemu-devel@nongnu.org; Tue, 05 Jul 2016 08:38:53 -0400
Received: from mx1.redhat.com ([209.132.183.28]:51013)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ehabkost@redhat.com>) id 1bKPcm-0001Ed-JK
	for qemu-devel@nongnu.org; Tue, 05 Jul 2016 08:38:48 -0400
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
	(int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E8EBB1176A0
	for <qemu-devel@nongnu.org>; Tue,  5 Jul 2016 12:38:47 +0000 (UTC)
Date: Tue, 5 Jul 2016 09:38:46 -0300
From: Eduardo Habkost <ehabkost@redhat.com>
Message-ID: <20160705123845.GN4131@thinpad.lan.raisama.net>
References: <1467659769-15900-1-git-send-email-dgilbert@redhat.com>
	<20160705094659.GH6553@redhat.com> <20160705094947.GE2118@work-vm>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20160705094947.GE2118@work-vm>
Subject: Re: [Qemu-devel] [PATCH v2 0/6] x86: Physical address limit patches
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org, pbonzini@redhat.com, marcel@redhat.com, mst@redhat.com, kraxel@redhat.com

On Tue, Jul 05, 2016 at 10:49:48AM +0100, Dr. David Alan Gilbert wrote:
> * Daniel P. Berrange (berrange@redhat.com) wrote:
> > On Mon, Jul 04, 2016 at 08:16:03PM +0100, Dr. David Alan Gilbert (git) wrote:
> > > From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> > > 
> > > QEMU sets the guests physical address bits to 40; this is wrong
> > > on most hardware, and can be detected by the guest.
> > > It also stops you using really huge multi-TB VMs.
> > > 
> > > Red Hat has had a patch, that Andrea wrote, downstream for a couple
> > > of years that reads the hosts value and uses that in the guest.  That's
> > > correct as far as the guest sees it, and lets you create huge VMs.
> > > 
> > > The downside, is that if you've got a mix of hosts, say an i7 and a Xeon,
> > > life gets complicated in migration; prior to 2.6 it all apparently
> > > worked (although a guest that looked might spot the change).
> > > In 2.6 Paolo started checking MSR writes and they failed when the
> > > incoming MTRR mask didn't fit.
> > > 
> > > This series:
> > >    a) Fixes up mtrr masks so that if you're migrating between hosts
> > >       of different physical address size it tries to do something sensible.
> > > 
> > >    b) Lets you specify the guest physical address size via a CPU property, i.e.
> > >         -cpu SandyBridge,phys-bits=36
> > > 
> > >       The default on old machine types is to use the existing 40 bits value.
> > > 
> > >    c) Lets you tell qemu to use the same setting as the host, i.e.
> > >         -cpu SandyBridge,phys-bits=0
> > >  
> > >       This is the default on new machine types.
> > 
> > As a general rule we've tried to say that if you pick an explicit CPU
> > model, we're migration safe. By having the phys-bits default value
> > always reflect the host CPU value, it feels like we've made the explicit
> > CPU model choice less safe, just like -cpu host is.
> > 
> > IOW, if choosing a named CPU model, it feels like we should have a
> > corresponding fixed phys-bit value for that CPU model, even if it
> > has to be quiet conservative (eg default to bits=36). A phys-bits=0
> > value should only be used with  -cpu host.
> 
> phys-bits doesn't follow a cpu model in real hardware
>   e.g. a SandyBridge Xeon and a SandyBridge i7 are different.
> 
> So unless we suddenly created at least 2x as many cpu models we can't
> do that.

I believe Daniel's point is not whether the CPU model matches
real hardware (we don't really care), but whether its ABI is
stable and migration-safe.

So, replying to Daniel: the issue you point out is real, but the
problem here is that both options are bad and we need to choose
the least harmful one.

We can't emulate properly a phys-bits=36 VM in a phys-bits=40
host, and vice versa. So keeping phys-bits the same on migration
is also a bad solution. See the v1 discussion thread:

  Subject: Default for phys-addr-bits? (was Re: [PATCH 4/5] x86:
           Allow physical address bits to be set)
  http://article.gmane.org/gmane.comp.emulators.qemu/421132

-- 
Eduardo