Hi bluhm, That is interesting. There are very similar guests to the affected system on this same host.
I would describe this environment as an up-to-date Ubuntu 16 LTS hypervisor. It is something to think about, but not something I have run into issues in the past for this use-case. The versions are as follows: gir1.2-libvirt-glib-1.0/xenial,now 0.2.2-0.1ubuntu1 amd64 [installed,automatic] libvirt-bin/xenial-updates,xenial-security,now 1.3.1-1ubuntu10.27 amd64 [installed] libvirt-glib-1.0-0/xenial,now 0.2.2-0.1ubuntu1 amd64 [installed,automatic] libvirt0/xenial-updates,xenial-security,now 1.3.1-1ubuntu10.27 amd64 [installed,automatic] python-libvirt/xenial,now 1.3.1-1ubuntu1 amd64 [installed,upgradable to: 1.3.1-1ubuntu1.1] python3-libvirt/xenial-updates,now 1.3.1-1ubuntu1.1 amd64 [installed] qemu-block-extra/xenial-updates,xenial-security,now 1:2.5+dfsg-5ubuntu10.42 amd64 [installed,automatic] qemu-kvm/xenial-updates,xenial-security,now 1:2.5+dfsg-5ubuntu10.42 amd64 [installed] qemu-system-common/xenial-updates,xenial-security,now 1:2.5+dfsg-5ubuntu10.42 amd64 [installed,automatic] qemu-system-x86/xenial-updates,xenial-security,now 1:2.5+dfsg-5ubuntu10.42 amd64 [installed,automatic] qemu-utils/xenial-updates,xenial-security,now 1:2.5+dfsg-5ubuntu10.42 amd64 [installed,automatic] ~$ libvirtd -V libvirtd (libvirt) 1.3.1 ~$ qemu-system-x86_64 -version QEMU emulator version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.42), Copyright (c) 2003-2008 Fabrice Bellard Regards, Marcos Madeira On 11/01/20 23:18, Alexander Bluhm wrote: > On Sat, Jan 11, 2020 at 09:43:15PM +0000, Marcos Madeira | Secure Networks > wrote: >> cpu0: QEMU Virtual CPU version 2.5+, 3602.34 MHz, 06-06-03 > There is a bug in QEMU cpu emulation. It interpretes some SSE > instruction in the pfctl binary incorrectly. If I remeber correctly > this happnes in set_ipmask(). ipsecctl has the same issue. > > When compiling pfctl with -O0, clang does not put these instructions > into the binary. > > Currently I cannot reproduce it with qemu-4.1.0 from ports. I have > not tried it for a long time. It seems that I ran into this isssue > in 2018. > > Which version of qemu do you use? > > bluhm
