QEMU full virtualization – CPU emulations (enable/disable CPU flags/instruction sets)

After the two QEMU full virtualization howtos

You can use qemu have a nearly native full virtualization. Here are some important tips for the guest CPU to consider when using qemu directly (without any virtualization manager like virt-manager, libvirt and so on).

TIP 1)Choose your host CPU emulation

You can see what options are available for host emulation with:

srv@local ~$ qemu-system-x86_64 -cpu help

x86           qemu64  QEMU Virtual CPU version 2.0.0                  
x86           phenom  AMD Phenom(tm) 9550 Quad-Core Processor         
x86         core2duo  Intel(R) Core(TM)2 Duo CPU     T7700  @ 2.40GHz 
x86            kvm64  Common KVM processor                            
x86           qemu32  QEMU Virtual CPU version 2.0.0                  
x86            kvm32  Common 32-bit KVM processor                     
x86          coreduo  Genuine Intel(R) CPU           T2600  @ 2.16GHz 
x86              486                                                  
x86          pentium                                                  
x86         pentium2                                                  
x86         pentium3                                                  
x86           athlon  QEMU Virtual CPU version 2.0.0                  
x86             n270  Intel(R) Atom(TM) CPU N270   @ 1.60GHz          
x86           Conroe  Intel Celeron_4x0 (Conroe/Merom Class Core 2)   
x86           Penryn  Intel Core 2 Duo P9xxx (Penryn Class Core 2)    
x86          Nehalem  Intel Core i7 9xx (Nehalem Class Core i7)       
x86         Westmere  Westmere E56xx/L56xx/X56xx (Nehalem-C)          
x86      SandyBridge  Intel Xeon E312xx (Sandy Bridge)                
x86          Haswell  Intel Core Processor (Haswell)                  
x86       Opteron_G1  AMD Opteron 240 (Gen 1 Class Opteron)           
x86       Opteron_G2  AMD Opteron 22xx (Gen 2 Class Opteron)          
x86       Opteron_G3  AMD Opteron 23xx (Gen 3 Class Opteron)          
x86       Opteron_G4  AMD Opteron 62xx class CPU                      
x86       Opteron_G5  AMD Opteron 63xx class CPU                      
x86             host  KVM processor with all supported host features (only available in KVM mode)

Recognized CPUID flags:
  pbe ia64 tm ht ss sse2 sse fxsr mmx acpi ds clflush pn pse36 pat cmov mca pge mtrr sep apic cx8 mce pae msr tsc pse de vme fpu
  hypervisor rdrand f16c avx osxsave xsave aes tsc-deadline popcnt movbe x2apic sse4.2|sse4_2 sse4.1|sse4_1 dca pcid pdcm xtpr cx16 fma cid ssse3 tm2 est smx vmx ds_cpl monitor dtes64 pclmulqdq|pclmuldq pni|sse3
  smap adx rdseed rtm invpcid erms bmi2 smep avx2 hle bmi1 fsgsbase
  3dnow 3dnowext lm|i64 rdtscp pdpe1gb fxsr_opt|ffxsr mmxext nx|xd syscall
  perfctr_nb perfctr_core topoext tbm nodeid_msr tce fma4 lwp wdt skinit xop ibs osvw 3dnowprefetch misalignsse sse4a abm cr8legacy extapic svm cmp_legacy lahf_lm
  pmm-en pmm phe-en phe ace2-en ace2 xcrypt-en xcrypt xstore-en xstore
  kvm_pv_unhalt kvm_pv_eoi kvm_steal_time kvm_asyncpf kvmclock kvm_mmu kvm_nopiodelay kvmclock
  pfthreshold pause_filter decodeassists flushbyasid vmcb_clean tsc_scale nrip_save svm_lock lbrv npt

The host server will expose different instruction set to the guest server (the emulated CPU), so when you choose your host to emulate for example “qemu64” with:

qemu-system-x86_64 -enable-kvm  \
-cpu qemu64,+ssse3,+sse4.1,+sse4.2,+x2apic -smp 2,maxcpus=8 \
-daemonize -vnc 192.168.0.10:1 \
-drive file=/mnt/storage/qemu/roofs/srv_virt.qcow2,index=0,cache=none,aio=threads,if=virtio \
-cdrom /mnt/storage/images/install-amd64-minimal-20140327.iso -boot d \
-net nic,model=virtio,macaddr=$(< /sys/class/net/macvtap0/address) \
-net tap,fd=3 3<>/dev/tap$(< /sys/class/net/macvtap0/ifindex) \
-balloon virtio -m 8192 \
-monitor telnet:127.0.0.1:5801,server,nowait -writeconfig /opt/qemu/config/srv_virt.qcow2.conf

The guest server (the virtual machine) will have the following CPU and instruction set:

vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.0.0
stepping        : 3
microcode       : 0x1
cpu MHz         : 2133.408
cache size      : 4096 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni ssse3 cx16 sse4_1 x2apic popcnt hypervisor lahf_lm
bogomips        : 4266.81
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 6
model name      : QEMU Virtual CPU version 2.0.0
stepping        : 3
microcode       : 0x1
cpu MHz         : 2133.408
cache size      : 4096 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 4
wp              : yes
flags           : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni ssse3 cx16 sse4_1 x2apic popcnt hypervisor lahf_lm
bogomips        : 4266.81
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

A base set of instructions (flags) with the explicitly included by our command with

+ssse3,+sse4.1,+sse4.2,+x2apic

. The format:

-cpu qemu64,+ssse3,+sse4.1,+sse4.2,+x2apic

IF you choose the last option:

-cpu host

the host server will try to emulate and expose to the virtual machine its processor and all flags:

qemu-system-x86_64 -enable-kvm  \
-cpu host -smp 2,maxcpus=8 \
-daemonize -vnc 192.168.0.10:1 \
-drive file=/mnt/storage/qemu/roofs/srv_virt.qcow2,index=0,cache=none,aio=threads,if=virtio \
-cdrom /mnt/storage/images/install-amd64-minimal-20140327.iso -boot d \
-net nic,model=virtio,macaddr=$(< /sys/class/net/macvtap0/address) \
-net tap,fd=3 3<>/dev/tap$(< /sys/class/net/macvtap0/ifindex) \
-balloon virtio -m 8192 \
-monitor telnet:127.0.0.1:5801,server,nowait -writeconfig /opt/qemu/config/srv_virt.qcow2.conf

The virtual machine:

[root@vm0 ~]# cat /proc/cpuinfo 
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 44
model name      : Intel(R) Xeon(R) CPU           E5606  @ 2.13GHz
stepping        : 2
microcode       : 0x1
cpu MHz         : 2133.408
cache size      : 8192 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes hypervisor lahf_lm tsc_adjust
bogomips        : 4266.81
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

The host server:

[root@srv0 ~]# cat /proc/cpuinfo 
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 44
model name      : Intel(R) Xeon(R) CPU           E5606  @ 2.13GHz
stepping        : 2
microcode       : 0x14
cpu MHz         : 1200.000
cache size      : 8192 KB
physical id     : 0
siblings        : 4
core id         : 0
cpu cores       : 4
apicid          : 0
initial apicid  : 0
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 popcnt aes lahf_lm tpr_shadow vnmi flexpriority ept vpid dtherm arat
bogomips        : 4266.41
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

TIP 2) Disable certain CPU flags (instruction sets)

As you can see with the above CPU options you can hide your exact type of processor and you could disable specific CPU flags (instruction sets) to the user’s virtual machine. The purpose is up to the user and one reason for example could be not offer “avx” (or “avx2”) to discourage crypto mining with the virtual machine. Or limit the SSE2/3/4/4.2/SSSE3 and other “multimedia” instruction sets to discourage video encoding and so on. Probably you would like to be used It’s up to you what to offer to the virtual machine user.
Here is the command to emulate the host CPU with all supported flags but disable “sse4.1” and “sse4.2”:
The syntax:

-cpu host,-sse4.1,-sse4.2

And the qemu command is:

qemu-system-x86_64 -enable-kvm \
-cpu host,-sse4.1,-sse4.2 \
-smp 2,maxcpus=8 \
-daemonize -vnc 192.168.0.10:1 \
-drive file=/mnt/storage/qemu/roofs/srv_virt.qcow2,index=0,cache=none,aio=threads,if=virtio \
-cdrom /mnt/storage/images/install-amd64-minimal-20140327.iso -boot d \
-net nic,model=virtio,macaddr=$(< /sys/class/net/macvtap0/address) \
-net tap,fd=3 3<>/dev/tap$(< /sys/class/net/macvtap0/ifindex) \
-balloon virtio -m 8192 \
-monitor telnet:127.0.0.1:5801,server,nowait -writeconfig /opt/qemu/config/srv_virt.qcow2.conf

So the virtual machine lacks the disabled flags:

flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl pni pclmulqdq ssse3 cx16 pcid x2apic popcnt tsc_deadline_timer aes hypervisor lahf_lm tsc_adjust

TIP 3) Number of virtual processors in the virtual machine

The syntax

-smp 2,maxcpus=8

of the qemu command:

qemu-system-x86_64 -enable-kvm  -cpu host \
-smp 2,maxcpus=8 \
-daemonize -vnc 192.168.0.10:1 \
-drive file=/mnt/storage/qemu/roofs/srv_virt.qcow2,index=0,cache=none,aio=threads,if=virtio \
-cdrom /mnt/storage/images/install-amd64-minimal-20140327.iso -boot d \
-net nic,model=virtio,macaddr=$(< /sys/class/net/macvtap0/address) \
-net tap,fd=3 3<>/dev/tap$(< /sys/class/net/macvtap0/ifindex) \
-balloon virtio -m 8192 \
-monitor telnet:127.0.0.1:5801,server,nowait -writeconfig /opt/qemu/config/srv_virt.qcow2.conf

will start up the virtual machine with 2 processors and you can hot add a cpu up to 8 total in any time you want with the management console listening on 127.0.0.1:5801.

Leave a Reply

Your email address will not be published. Required fields are marked *