@@ -233,6 +233,102 @@ def test_host_vs_guest_cpu_features(uvm_plain_any):
233233 assert host_feats - guest_feats == host_guest_diff_6_1
234234 assert guest_feats - host_feats == INTEL_GUEST_ONLY_FEATS - {"umip" }
235235
236+ case CpuModel .INTEL_SAPPHIRE_RAPIDS :
237+ expected_host_minus_guest = INTEL_HOST_ONLY_FEATS .copy ()
238+ expected_guest_minus_host = INTEL_GUEST_ONLY_FEATS .copy ()
239+
240+ host_version = global_props .host_linux_version_tpl
241+ guest_version = vm .guest_kernel_version
242+
243+ # KVM does not support virtualization of the following hardware features yet for several
244+ # reasons (e.g. security, simply difficulty of implementation).
245+ expected_host_minus_guest |= {
246+ # Intel Total Memory Encryption (TME) is the capability to encrypt the entirety of
247+ # physical memory of a system. TME is enabled by system BIOS/hardware and applies to
248+ # the phyiscal memory as a whole.
249+ "tme" ,
250+ # PCONFIG instruction allows software to configure certain platform features. It
251+ # supports these features multiple leaf functions, selecting a leaf function using
252+ # the value in EAX. As of this writing, the only defined PCONFIG leaf function is
253+ # for key programming for total memory encryption-multi-key (TME-MK).
254+ "pconfig" ,
255+ # Architectural Last Branch Record (Arch LBR) that is a feature that logs the most
256+ # recently executed branch instructions (e.g. source and destination addresses).
257+ # Tradiaional LBR implementations have existed in Intel CPUs for years and the MSR
258+ # interface varied by CPU model. Arch LBR is a standardized version. There is a
259+ # kernel patch created in 2022 but didn't get merged due to a mess.
260+ # https://lore.kernel.org/all/[email protected] / 261+ "arch_lbr" ,
262+ # ENQCMD/ENQCMDS are instructions that allow software to atomically write 64-byte
263+ # commands to enqueue registers, which are special device registers accessed using
264+ # memory-mapped I/O.
265+ "enqcmd" ,
266+ # Intel Resource Director Technology (RDT) feature set provides a set of allocation
267+ # (resource control) capabilities including Cache Allocation Technology (CAT) and
268+ # Code and Data Prioritization (CDP).
269+ # L3 variants are listed in INTEL_HOST_ONLY_FEATS.
270+ "cat_l2" ,
271+ "cdp_l2" ,
272+ # This is a synthesized bit for split lock detection that raise an Alignment Check
273+ # (#AC) exception if an operand of an atomic operation crosses two cache lines. It
274+ # is not enumerated on CPUID, instead detected by actually attempting to read from
275+ # MSR address 0x33 (MSR_MEMORY_CTRL in Intel SDM, MSR_TEST_CTRL in Linux kernel).
276+ "split_lock_detect" ,
277+ }
278+
279+ # The following features are also not virtualized by KVM yet but are only supported on
280+ # newer kernel versions.
281+ if host_version >= (5 , 18 ):
282+ expected_host_minus_guest |= {
283+ # Hardware Feedback Interface (HFI) is a feature that gives OSes a performance
284+ # and energy efficiency capability data for each CPU that can be used to
285+ # influence task placement decisions.
286+ # https://github.com/torvalds/linux/commit/7b8f40b3de75c971a4e5f9308b06deb59118dbac
287+ "hfi" ,
288+ # Indirect Brach Tracking (IBT) is a feature where the CPU ensures that indirect
289+ # branch targets start with ENDBRANCH instruction (`endbr32` or `endbr64`),
290+ # which executes as a no-op; if anything else is found, a control-protection
291+ # (#CP) fault will be raised.
292+ # https://github.com/torvalds/linux/commit/991625f3dd2cbc4b787deb0213e2bcf8fa264b21
293+ "ibt" ,
294+ }
295+
296+ # AVX512 FP16 is supported and passed through on v5.11+.
297+ # https://github.com/torvalds/linux/commit/e1b35da5e624f8b09d2e98845c2e4c84b179d9a4
298+ # https://github.com/torvalds/linux/commit/2224fc9efb2d6593fbfb57287e39ba4958b188ba
299+ if host_version >= (5 , 11 ) and guest_version < (5 , 11 ):
300+ expected_host_minus_guest |= {"avx512_fp16" }
301+
302+ # AVX VNNI support is supported and passed through on v5.12+.
303+ # https://github.com/torvalds/linux/commit/b85a0425d8056f3bd8d0a94ecdddf2a39d32a801
304+ # https://github.com/torvalds/linux/commit/1085a6b585d7d1c441cd10fdb4c7a4d96a22eba7
305+ if host_version >= (5 , 12 ) and guest_version < (5 , 12 ):
306+ expected_host_minus_guest |= {"avx_vnni" }
307+
308+ # Bus lock detection is supported on v5.12+ and passed through on v5.13+.
309+ # https://github.com/torvalds/linux/commit/f21d4d3b97a8603567e5d4250bd75e8ebbd520af
310+ # https://github.com/torvalds/linux/commit/76ea438b4afcd9ee8da3387e9af4625eaccff58f
311+ if host_version >= (5 , 13 ) and guest_version < (5 , 12 ):
312+ expected_host_minus_guest |= {"bus_lock_detect" }
313+
314+ # Intel AMX is supported and passed through on v5.17+.
315+ # https://github.com/torvalds/linux/commit/690a757d610e50c2c3acd2e4bc3992cfc63feff2
316+ if host_version >= (5 , 17 ) and guest_version < (5 , 17 ):
317+ expected_host_minus_guest |= {"amx_bf16" , "amx_int8" , "amx_tile" }
318+
319+ expected_guest_minus_host -= {
320+ # UMIP can be emulated by KVM on Intel processors, but is supported in hardware on
321+ # Intel Sapphire Rapids and passed through.
322+ "umip" ,
323+ # This is a synthesized bit and it is always set on guest thanks to kvm-clock. But
324+ # Intel Sapphire Rapids reports TSC frequency on CPUID leaf 0x15, so the bit is also
325+ # set on host.
326+ "tsc_known_freq" ,
327+ }
328+
329+ assert host_feats - guest_feats == expected_host_minus_guest
330+ assert guest_feats - host_feats == expected_guest_minus_host
331+
236332 case CpuModel .ARM_NEOVERSE_N1 :
237333 expected_guest_minus_host = set ()
238334 expected_host_minus_guest = set ()
0 commit comments