OpenStack Compute (nova)

Add ability to configure extra CPU flags for CPU models

Registered by Kashyap Chamarthy

The recent "Meltdown" CVE fixes, while protecting you from the CVE itself, have resulted in critical performance penalty. I.e. assume an Operator has applied all the "Meltdown" CVE fixes the following way: update 'microcode', host and guest kernels, libvirt, and QEMU packages, followed by a cold reboot (explicit stop & start) of guests. Now if any guests that are booted with certain named virtual CPU models, e.g. "IvyBridge", or "Westmere", they (the guests) now will incur severe performance degradation. To alleviate this performance degradation, it is now important to specify (for the virtual CPU models that don't already provide it) an obscure CPU feature flag, called "PCID". To that end, this Blueprint will let Nova to allow specifying individual CPU feature flags via a new configuration attribute, 'cpu_model_extra_flags', in 'nova.conf'.

Blueprint information

Status:
Complete
Approver:
melanie witt
Priority:
High
Drafter:
Kashyap Chamarthy
Direction:
Approved
Assignee:
Kashyap Chamarthy
Definition:
Approved
Series goal:
Accepted for rocky
Implementation:
Implemented
Milestone target:
milestone icon rocky-3
Started by
Matt Riedemann
Completed by
Matt Riedemann

Related branches

Sprints

Whiteboard

https://review.openstack.org/#/c/534384/

Gerrit topic: https://review.openstack.org/#q,topic:bug/1750829,n,z

Addressed by: https://review.openstack.org/534384
    libvirt: Allow to specify granular CPU feature flags

We discussed this on IRC in #openstack-nova today and agreed on an approach where the backportable version of the implementation (first patch) has a single choice 'pcid' for the 'cpu_model_extra_flags' option and the following master-only patch removes the choices and we'll validate on startup of the driver the 'cpu_model_extra_flags' value based on the host capabilities (if we can). We'll also validate the one-choice backportable version too if possible (discussion taking place on the patch above ^). Approving for Rocky. -- melwitt 20180322

Since the "libvirt: Allow to specify granular CPU feature flags" is merged and backported, lift the restriction for 'cpu_model_extra_flags' for choices, and also allow it for all three CPU modes. -- kashyap 20180427

Addressed by: https://review.openstack.org/559700
    libvirt: Allow to specify granular CPU feature flags

Addressed by: https://review.openstack.org/559702
    libvirt: Allow to specify granular CPU feature flags

Gerrit topic: https://review.openstack.org/#q,topic:bug/1766208,n,z

Addressed by: https://review.openstack.org/563926
    libvirt: Lift the restriction of choices for `cpu_model_extra_flags`

Gerrit topic: https://review.openstack.org/#q,topic:lift_restriction_on_cpu_model_extra_flags,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bp/libvirt-cpu-model-extra-flags,n,z

Addressed by: https://review.openstack.org/565043
    libvirt: Make `cpu_model_extra_flags` case-insensitive for real

Addressed by: https://review.openstack.org/565044
    libvirt: Lift the restriction of choices for `cpu_model_extra_flags`

From kashyap: "About that blueprint, it has one item pending: to allow to explcitly _remove_ CPU flags too. But that can wait and be handled separately; and you can mark it as complete."

-- mriedem 20180622

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.