Lines Matching +full:- +full:- +full:without +full:- +full:default +full:- +full:features
15 This passes the host CPU model features, model, stepping, exactly to
16 the guest. Note that KVM may filter out some host CPU model features
31 features, to alter what is presented to the guest by default.
35 a CPU model that is similar the host CPU, and then adding extra features
51 lists the long term stable CPU model versions (eg Haswell-v4).
56 .. _ABI compatibility levels: https://gitlab.com/x86-psABIs/x86-64-ABI/
58 .. csv-table:: x86-64 ABI compatibility levels
59 :file: cpu-models-x86-abi.csv
61 :header-rows: 1
77 ``SierraForest``, ``SierraForest-v2``
78 Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 mitigates
81 ``GraniteRapids``, ``GraniteRapids-v2``
84 ``Cascadelake-Server``, ``Cascadelake-Server-noTSX``
89 ``Skylake-Server``, ``Skylake-Server-IBRS``, ``Skylake-Server-IBRS-noTSX``
92 ``Skylake-Client``, ``Skylake-Client-IBRS``, ``Skylake-Client-noTSX-IBRS}``
95 ``Broadwell``, ``Broadwell-IBRS``, ``Broadwell-noTSX``, ``Broadwell-noTSX-IBRS``
98 ``Haswell``, ``Haswell-IBRS``, ``Haswell-noTSX``, ``Haswell-noTSX-IBRS``
101 ``IvyBridge``, ``IvyBridge-IBR``
102 Intel Xeon E3-12xx v2 (Ivy Bridge, 2012)
104 ``SandyBridge``, ``SandyBridge-IBRS``
107 ``Westmere``, ``Westmere-IBRS``
108 Westmere E56xx/L56xx/X56xx (Nehalem-C, 2010)
110 ``Nehalem``, ``Nehalem-IBRS``
120 Important CPU features for Intel x86 hosts
123 The following are important CPU features that should be used on Intel
125 configuration to enable, as they are not included by default in some, or
127 features are included if using "Host passthrough" or "Host model".
130 Recommended to mitigate the cost of the Meltdown (CVE-2017-5754) fix.
132 Included by default in Haswell, Broadwell & Skylake Intel CPU models.
138 ``spec-ctrl``
139 Required to enable the Spectre v2 (CVE-2017-5715) fix.
141 Included by default in Intel CPU models with -IBRS suffix.
143 Must be explicitly turned on for Intel CPU models without -IBRS
150 Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
159 Required to enable the CVE-2018-3639 fix.
161 Not included by default in any Intel CPU model.
171 Not included by default in any Intel CPU model.
177 ``md-clear``
178 Required to confirm the MDS (CVE-2018-12126, CVE-2018-12127,
179 CVE-2018-12130, CVE-2019-11091) fixes.
181 Not included by default in any Intel CPU model.
188 ``mds-no``
190 to any of the MDS variants ([MFBDS] CVE-2018-12130, [MLPDS]
191 CVE-2018-12127, [MSBDS] CVE-2018-12126).
193 This is an MSR (Model-Specific Register) feature rather than a CPUID feature,
201 ``taa-no``
203 vulnerable to CVE-2019-11135, TSX Asynchronous Abort (TAA).
212 ``tsx-ctrl``
216 processor-level instruction that performs checks on memory access) as
219 …<https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarch…
224 By disabling TSX, KVM-based guests can avoid paying the price of
225 mitigating TSX-based attacks.
227 Note that ``tsx-ctrl`` is also an MSR feature, therefore it does not show
236 ``bhi-no``
238 vulnerable to CVE-2022-0001, Branch History Injection (BHI).
247 ``gds-no``
249 vulnerable to CVE-2022-40982, Gather Data Sampling (GDS).
258 ``rfds-no``
260 vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS).
279 ``EPYC``, ``EPYC-IBPB``
298 Important CPU features for AMD x86 hosts
301 The following are important CPU features that should be used on AMD x86
303 configuration to enable, as they are not included by default in some, or
305 features are included if using "Host passthrough" or "Host model".
308 Required to enable the Spectre v2 (CVE-2017-5715) fix.
310 Included by default in AMD CPU models with -IBPB suffix.
312 Must be explicitly turned on for AMD CPU models without -IBPB suffix.
318 Required to enable stronger Spectre v2 (CVE-2017-5715) fixes in some
326 ``virt-ssbd``
327 Required to enable the CVE-2018-3639 fix
329 Not included by default in any AMD CPU model.
333 This should be provided to guests, even if amd-ssbd is also provided,
340 ``amd-ssbd``
341 Required to enable the CVE-2018-3639 fix
343 Not included by default in any AMD CPU model.
347 This provides higher performance than ``virt-ssbd`` so should be
348 exposed to guests whenever available in the host. ``virt-ssbd`` should
350 kernels only know about ``virt-ssbd``.
352 ``amd-no-ssb``
353 Recommended to indicate the host is not vulnerable CVE-2018-3639
355 Not included by default in any AMD CPU model.
358 CVE-2018-3639, and thus the guest should be told not to enable
359 its mitigations, by exposing amd-no-ssb. This is mutually
360 exclusive with virt-ssbd and amd-ssbd.
365 Not included by default in any AMD CPU model.
372 Default x86 CPU models
375 The default QEMU CPU models are designed such that they can run on all
377 compatibility checks before launching guests, the default is guaranteed
380 The default CPU models will, however, leave the guest OS vulnerable to
390 guests, when no ``-cpu`` argument is given to QEMU, or no ``<cpu>`` is
393 Other non-recommended x86 CPUs
416 CPU models / features in QEMU and libvirt.
423 .. parsed-literal::
425 |qemu_system| -cpu host
429 .. parsed-literal::
431 |qemu_system| -cpu host,vmx=off,...
435 .. parsed-literal::
437 |qemu_system| -cpu Westmere
441 .. parsed-literal::
443 |qemu_system| -cpu Westmere,pcid=on,...
450 <cpu mode='host-passthrough'/>
454 <cpu mode='host-passthrough'>
461 <cpu mode='host-model'/>
465 <cpu mode='host-model'>