[Bug] QEMU TCG warnings after commit c6bd2dd63420 - HTT / CMP_LEG bits

[Bug] QEMU TCG warnings after commit c6bd2dd63420 - HTT / CMP_LEG bits

[Ewan Hai]

Hi Community,

This email contains 3 bugs appear to share the same root cause.

[1] We ran into the following warnings when running QEMU v10.0.0 in TCG mode:

qemu-system-x86_64 \
   -machine q35 \
   -m 4G -smp 4 \
   -kernel ./arch/x86/boot/bzImage \
   -bios /usr/share/ovmf/OVMF.fd \
   -drive file=~/kernel/rootfs.ext4,index=0,format=raw,media=disk \
   -drive file=~/kernel/swap.img,index=1,format=raw,media=disk \
   -nographic \
   -append 'root=/dev/sda rw resume=/dev/sdb console=ttyS0 nokaslr'

qemu-system-x86_64: warning: TCG doesn't support requested feature: 
CPUID.01H:EDX.ht [bit 28]
qemu-system-x86_64: warning: TCG doesn't support requested feature: 
CPUID.80000001H:ECX.cmp-legacy [bit 1]
(repeats 4 times, once per vCPU)

Tracing the history shows that commit c6bd2dd63420 "i386/cpu: Set up CPUID_HT in 
x86_cpu_expand_features() instead of cpu_x86_cpuid()" is what introduced the 
warnings.

Since that commit, TCG unconditionally advertises HTT (CPUID 1 EDX[28]) and 
CMP_LEG (CPUID 8000_0001 ECX[1]). Because TCG itself has no SMT support, these 
bits trigger the warnings above.

[2] Also, Zhao pointed me to a similar report on GitLab:
https://gitlab.com/qemu-project/qemu/-/issues/2894
The symptoms there look identical to what we're seeing.

By convention we file one issue per email, but these two appear to share the 
same root cause, so I'm describing them together here.

[3] My colleague Alan noticed what appears to be a related problem: if we launch 
a guest with '-cpu <model>,-ht --enable-kvm', which means explicitly removing 
the ht flag, but the guest still reports HT(cat /proc/cpuinfo in linux guest) 
enabled. In other words, under KVM the ht bit seems to be forced on even when 
the user tries to disable it.

Best regards,
Ewan

Re: [Bug] QEMU TCG warnings after commit c6bd2dd63420 - HTT / CMP_LEG bits

[Ewan Hai]

On 4/29/25 11:02 AM, Ewan Hai wrote:
> Hi Community,
> 
> This email contains 3 bugs appear to share the same root cause.
> 
> [1] We ran into the following warnings when running QEMU v10.0.0 in TCG mode:
> 
> qemu-system-x86_64 \
>    -machine q35 \
>    -m 4G -smp 4 \
>    -kernel ./arch/x86/boot/bzImage \
>    -bios /usr/share/ovmf/OVMF.fd \
>    -drive file=~/kernel/rootfs.ext4,index=0,format=raw,media=disk \
>    -drive file=~/kernel/swap.img,index=1,format=raw,media=disk \
>    -nographic \
>    -append 'root=/dev/sda rw resume=/dev/sdb console=ttyS0 nokaslr'
> 
> qemu-system-x86_64: warning: TCG doesn't support requested feature: 
> CPUID.01H:EDX.ht [bit 28]
> qemu-system-x86_64: warning: TCG doesn't support requested feature: 
> CPUID.80000001H:ECX.cmp-legacy [bit 1]
> (repeats 4 times, once per vCPU)
> 
> Tracing the history shows that commit c6bd2dd63420 "i386/cpu: Set up CPUID_HT in 
> x86_cpu_expand_features() instead of cpu_x86_cpuid()" is what introduced the 
> warnings.
> 
> Since that commit, TCG unconditionally advertises HTT (CPUID 1 EDX[28]) and 
> CMP_LEG (CPUID 8000_0001 ECX[1]). Because TCG itself has no SMT support, these 
> bits trigger the warnings above.
> 
> [2] Also, Zhao pointed me to a similar report on GitLab:
> https://gitlab.com/qemu-project/qemu/-/issues/2894
> The symptoms there look identical to what we're seeing.
> 
> By convention we file one issue per email, but these two appear to share the 
> same root cause, so I'm describing them together here.
> 
> [3] My colleague Alan noticed what appears to be a related problem: if we launch 
> a guest with '-cpu <model>,-ht --enable-kvm', which means explicitly removing 
> the ht flag, but the guest still reports HT(cat /proc/cpuinfo in linux guest) 
> enabled. In other words, under KVM the ht bit seems to be forced on even when 
> the user tries to disable it.

XiaoYao reminded me that issue [3] stems from a different patch. Please ignore 
it for now—I'll start a separate thread to discuss that one independently.

> Best regards,
> Ewan

Re: [Bug] QEMU TCG warnings after commit c6bd2dd63420 - HTT / CMP_LEG bits

[Zhao Liu]

> > [3] My colleague Alan noticed what appears to be a related problem: if
> > we launch a guest with '-cpu <model>,-ht --enable-kvm', which means
> > explicitly removing the ht flag, but the guest still reports HT(cat
> > /proc/cpuinfo in linux guest) enabled. In other words, under KVM the ht
> > bit seems to be forced on even when the user tries to disable it.
> 
> XiaoYao reminded me that issue [3] stems from a different patch. Please
> ignore it for now—I'll start a separate thread to discuss that one
> independently.

I haven't found any other thread :-).

By the way, just curious, in what cases do you need to disbale the HT
flag? "-smp 4" means 4 cores with 1 thread per core, and is it not
enough?

As for the “-ht” behavior, I'm also unsure whether this should be fixed
or not - one possible consideration is whether “-ht” would be useful.

Re: [Bug] QEMU TCG warnings after commit c6bd2dd63420 - HTT / CMP_LEG bits

[Ewan Hai]

On 5/8/25 5:04 PM, Zhao Liu wrote:
> 
>>> [3] My colleague Alan noticed what appears to be a related problem: if
>>> we launch a guest with '-cpu <model>,-ht --enable-kvm', which means
>>> explicitly removing the ht flag, but the guest still reports HT(cat
>>> /proc/cpuinfo in linux guest) enabled. In other words, under KVM the ht
>>> bit seems to be forced on even when the user tries to disable it.
>>
>> XiaoYao reminded me that issue [3] stems from a different patch. Please
>> ignore it for now—I'll start a separate thread to discuss that one
>> independently.
> 
> I haven't found any other thread :-).
> 
Please refer to 
https://lore.kernel.org/all/db6ae3bb-f4e5-4719-9beb-623fcff56af2@zhaoxin.com/.

> By the way, just curious, in what cases do you need to disbale the HT
> flag? "-smp 4" means 4 cores with 1 thread per core, and is it not
> enough?
> 
> As for the “-ht” behavior, I'm also unsure whether this should be fixed
> or not - one possible consideration is whether “-ht” would be useful.
> 

I wasn't trying to target any specific use case, using "-ht" was simply a way to 
check how the ht feature behaves under both KVM and TCG. There's no special 
workload behind it; I just wanted to confirm that the flag is respected (or not) 
in each mode.

Re: [Bug] QEMU TCG warnings after commit c6bd2dd63420 - HTT / CMP_LEG bits

[Xiaoyao Li]

On 4/29/2025 11:02 AM, Ewan Hai wrote:
> Hi Community,
> 
> This email contains 3 bugs appear to share the same root cause.
> 
> [1] We ran into the following warnings when running QEMU v10.0.0 in TCG 
> mode:
> 
> qemu-system-x86_64 \
>    -machine q35 \
>    -m 4G -smp 4 \
>    -kernel ./arch/x86/boot/bzImage \
>    -bios /usr/share/ovmf/OVMF.fd \
>    -drive file=~/kernel/rootfs.ext4,index=0,format=raw,media=disk \
>    -drive file=~/kernel/swap.img,index=1,format=raw,media=disk \
>    -nographic \
>    -append 'root=/dev/sda rw resume=/dev/sdb console=ttyS0 nokaslr'
> 
> qemu-system-x86_64: warning: TCG doesn't support requested feature: 
> CPUID.01H:EDX.ht [bit 28]
> qemu-system-x86_64: warning: TCG doesn't support requested feature: 
> CPUID.80000001H:ECX.cmp-legacy [bit 1]
> (repeats 4 times, once per vCPU)
> 
> Tracing the history shows that commit c6bd2dd63420 "i386/cpu: Set up 
> CPUID_HT in x86_cpu_expand_features() instead of cpu_x86_cpuid()" is 
> what introduced the warnings.
> 
> Since that commit, TCG unconditionally advertises HTT (CPUID 1 EDX[28]) 
> and CMP_LEG (CPUID 8000_0001 ECX[1]). Because TCG itself has no SMT 
> support, these bits trigger the warnings above.
> 
> [2] Also, Zhao pointed me to a similar report on GitLab:
> https://gitlab.com/qemu-project/qemu/-/issues/2894
> The symptoms there look identical to what we're seeing.
> 
> By convention we file one issue per email, but these two appear to share 
> the same root cause, so I'm describing them together here.

It was caused by my two patches. I think the fix can be as follow.
If no objection from the community, I can submit the formal patch.

diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 1f970aa4daa6..fb95aadd6161 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -776,11 +776,12 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t 
vendor1,
            CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | CPUID_SEP | \
            CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
            CPUID_PSE36 | CPUID_CLFLUSH | CPUID_ACPI | CPUID_MMX | \
-          CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS | CPUID_DE)
+          CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS | CPUID_DE | \
+          CPUID_HT)
            /* partly implemented:
            CPUID_MTRR, CPUID_MCA, CPUID_CLFLUSH (needed for Win64) */
            /* missing:
-          CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_HT, CPUID_TM, CPUID_PBE */
+          CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_TM, CPUID_PBE */

  /*
   * Kernel-only features that can be shown to usermode programs even if
@@ -848,7 +849,8 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t 
vendor1,

  #define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
            CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A | \
-          CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_KERNEL_FEATURES)
+          CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_KERNEL_FEATURES | \
+          CPUID_EXT3_CMP_LEG)

  #define TCG_EXT4_FEATURES 0

> [3] My colleague Alan noticed what appears to be a related problem: if 
> we launch a guest with '-cpu <model>,-ht --enable-kvm', which means 
> explicitly removing the ht flag, but the guest still reports HT(cat / 
> proc/cpuinfo in linux guest) enabled. In other words, under KVM the ht 
> bit seems to be forced on even when the user tries to disable it.

This has been the behavior of QEMU for many years, not some regression 
introduced by my patches. We can discuss how to address it separately.

> Best regards,
> Ewan

Re: [Bug] QEMU TCG warnings after commit c6bd2dd63420 - HTT / CMP_LEG bits

[Zhao Liu]

On Tue, Apr 29, 2025 at 01:55:59PM +0800, Xiaoyao Li wrote:
> Date: Tue, 29 Apr 2025 13:55:59 +0800
> From: Xiaoyao Li <xiaoyao.li@intel.com>
> Subject: Re: [Bug] QEMU TCG warnings after commit c6bd2dd63420 - HTT /
>  CMP_LEG bits
> 
> On 4/29/2025 11:02 AM, Ewan Hai wrote:
> > Hi Community,
> > 
> > This email contains 3 bugs appear to share the same root cause.
> > 
> > [1] We ran into the following warnings when running QEMU v10.0.0 in TCG
> > mode:
> > 
> > qemu-system-x86_64 \
> >    -machine q35 \
> >    -m 4G -smp 4 \
> >    -kernel ./arch/x86/boot/bzImage \
> >    -bios /usr/share/ovmf/OVMF.fd \
> >    -drive file=~/kernel/rootfs.ext4,index=0,format=raw,media=disk \
> >    -drive file=~/kernel/swap.img,index=1,format=raw,media=disk \
> >    -nographic \
> >    -append 'root=/dev/sda rw resume=/dev/sdb console=ttyS0 nokaslr'
> > 
> > qemu-system-x86_64: warning: TCG doesn't support requested feature:
> > CPUID.01H:EDX.ht [bit 28]
> > qemu-system-x86_64: warning: TCG doesn't support requested feature:
> > CPUID.80000001H:ECX.cmp-legacy [bit 1]
> > (repeats 4 times, once per vCPU)
> > 
> > Tracing the history shows that commit c6bd2dd63420 "i386/cpu: Set up
> > CPUID_HT in x86_cpu_expand_features() instead of cpu_x86_cpuid()" is
> > what introduced the warnings.
> > 
> > Since that commit, TCG unconditionally advertises HTT (CPUID 1 EDX[28])
> > and CMP_LEG (CPUID 8000_0001 ECX[1]). Because TCG itself has no SMT
> > support, these bits trigger the warnings above.
> > 
> > [2] Also, Zhao pointed me to a similar report on GitLab:
> > https://gitlab.com/qemu-project/qemu/-/issues/2894
> > The symptoms there look identical to what we're seeing.
> > 
> > By convention we file one issue per email, but these two appear to share
> > the same root cause, so I'm describing them together here.
> 
> It was caused by my two patches. I think the fix can be as follow.
> If no objection from the community, I can submit the formal patch.
> 
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 1f970aa4daa6..fb95aadd6161 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -776,11 +776,12 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t
> vendor1,
>            CPUID_PAE | CPUID_MCE | CPUID_CX8 | CPUID_APIC | CPUID_SEP | \
>            CPUID_MTRR | CPUID_PGE | CPUID_MCA | CPUID_CMOV | CPUID_PAT | \
>            CPUID_PSE36 | CPUID_CLFLUSH | CPUID_ACPI | CPUID_MMX | \
> -          CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS | CPUID_DE)
> +          CPUID_FXSR | CPUID_SSE | CPUID_SSE2 | CPUID_SS | CPUID_DE | \
> +          CPUID_HT)
>            /* partly implemented:
>            CPUID_MTRR, CPUID_MCA, CPUID_CLFLUSH (needed for Win64) */
>            /* missing:
> -          CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_HT, CPUID_TM, CPUID_PBE */
> +          CPUID_VME, CPUID_DTS, CPUID_SS, CPUID_TM, CPUID_PBE */
> 
>  /*
>   * Kernel-only features that can be shown to usermode programs even if
> @@ -848,7 +849,8 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t
> vendor1,
> 
>  #define TCG_EXT3_FEATURES (CPUID_EXT3_LAHF_LM | CPUID_EXT3_SVM | \
>            CPUID_EXT3_CR8LEG | CPUID_EXT3_ABM | CPUID_EXT3_SSE4A | \
> -          CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_KERNEL_FEATURES)
> +          CPUID_EXT3_3DNOWPREFETCH | CPUID_EXT3_KERNEL_FEATURES | \
> +          CPUID_EXT3_CMP_LEG)
> 
>  #define TCG_EXT4_FEATURES 0

This fix is fine for me...at least from SDM, HTT depends on topology and
it should exist when user sets "-smp 4".