RFE: libvirt: Add ability to configure extra CPU flags for named CPU models
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Kashyap Chamarthy | ||
Ocata |
Fix Released
|
Medium
|
Lee Yarwood | ||
Pike |
Fix Committed
|
Medium
|
Kashyap Chamarthy | ||
Queens |
Fix Committed
|
Medium
|
Kashyap Chamarthy | ||
OpenStack Nova Compute Charm |
Fix Released
|
Medium
|
Chris MacNaughton |
Bug Description
Motivation
----------
The recent "Meltdown" CVE fixes resulted in critical performance
penalty, From here[*]:
[...] However, in examining both the various fixes rolled out in
actual Linux distros over the past few days and doing some very
informal surveying of environments I have access to, I discovered
that the PCID ["process-context identifiers"] processor feature,
which used to be a virtual no-op, is now a performance AND security
critical item.[...]
So if a Nova user has applied all the "Meltdown" CVE fixes, and is using
a named CPU model (like "IvyBridge", or "Westmere" — which specifically
lack the said obscure "PCID" feature) they will incur severe performance
degradation[*].
Note that some of Intel *physical* CPUs themselves include the 'pcid'
CPU feature flag; but the named CPU models provided by libvirt & QEMU
lack that flag — hence we explicitly specify it for virtual CPUs via the
following proposed config attribute.
[*] https:/
Proposed change
---------------
Modify Nova's libvirt driver such that it will be possible to set
granular CPU feature flags for named CPU models. E.g. to explicitly
specify the 'pcid' feature flag with Intel IvyBridge CPU model, set the
following in /etc/nova.conf:
...
[libvirt]
cpu_
cpu_
...
The list of known CPU feature flags ('vmx', 'xtpr', 'pcid', et cetera)
can be found in /usr/share/
Note that before specifying extra CPU feature flags, one should check if
the named CPU models (provided by libvirt) already include the said
flags. E.g. the 'Broadwell', 'Haswell-noTSX' named CPU models provided
by libvirt already provides the 'pcid' CPU feature flag.
Other use cases
---------------
- Nested Virtualization — an operator can specify the Intel 'vmx' or
AMD 'svm' flags in the level-1 guest (i.e. the guest hypervisor)
- Ability to use 1GB huge pages with Haswell model as one use case for
extra flags (thanks: Daniel Berrangé, for mentioning this scenario):
tags: | added: libvirt |
Changed in nova: | |
assignee: | nobody → Kashyap Chamarthy (kashyapc) |
status: | New → In Progress |
description: | updated |
Changed in nova: | |
importance: | Undecided → High |
Changed in charm-nova-compute: | |
assignee: | nobody → Chris MacNaughton (chris.macnaughton) |
importance: | Undecided → Medium |
milestone: | none → 18.08 |
Changed in charm-nova-compute: | |
status: | Fix Committed → Fix Released |
The (WIP) proposed change: https:/ /review. openstack. org/#/c/ 534384/ -- libvirt: Allow to specify granular CPU feature flags