yahoo-eng-team team mailing list archive

[OpenStack Infra <1750829@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/534384
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=6b601b7cf6e7f23077f428353a3a4e81084eb3a1
Submitter: Zuul
Branch:    master

commit 6b601b7cf6e7f23077f428353a3a4e81084eb3a1
Author: Kashyap Chamarthy <kchamart@xxxxxxxxxx>
Date:   Tue Jan 16 17:56:51 2018 +0100

    libvirt: Allow to specify granular CPU feature flags
    
    The recent "Meltdown" CVE fixes have resulted in a critical performance
    penalty[*] that will impact every Nova guest with certain CPU models.
    
    I.e. assume you have applied all the "Meltdown" CVE fixes, and performed
    a cold reboot (explicit stop & start) of all Nova guests, for the
    updates to take effect.  Now, if any guests that are booted with certain
    named virtual CPU models (e.g. "IvyBridge", "Westmere", etc), then those
    guests, will incur noticeable performance degradation[*], while being
    protected from the CVE itself.
    
    To alleviate this guest performance impact, it is now important to
    specify an obscure Intel CPU feature flag, 'PCID' (Process-Context ID)
    -- for the virtual CPU models that don't already include it (more on
    this below).  To that end, this change will allow Nova to explicitly
    specify CPU feature flags via a new configuration attribute,
    `cpu_model_extra_flags`, e.g. in `nova.conf`:
    
        ...
        [libvirt]
        cpu_mode = custom
        cpu_model = IvyBridge
        cpu_model_extra_flags = pcid
        ...
    
    NB: In the first iteration, the choices for `cpu_model_extra_flags` is
    restricted to only 'pcid' (the option is case-insensitive) -- to address
    the earlier mentioned guest performance degradation.  A future patch
    will remove this restriction, allowing to add / remove multiple CPU
    feature flags, thus making way for other useful features.
    
    Some have asked: "Why not simply hardcode the 'PCID' CPU feature flag
    into Nova?"  That's not graceful, and more importantly, impractical:
    
      (1) Not every Intel CPU model has 'PCID':
    
           - The only Intel CPU models that include the 'PCID' capability
             are: "Haswell", "Broadwell", and "Skylake" variants.
    
           - The libvirt / QEMU Intel CPU models: "Nehalem", "Westmere",
             "SandyBridge", and "IvyBridge" will *not* expose the 'PCID'
             capability, even if the host CPUs by the same name include it.
             I.e. 'PCID' needs to be explicitly when using the said virtual
             CPU models.
    
      (2) Magically adding new CPU feature flags under the user's feet
          impacts live migration.
    
    [*] https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU
    
    Closes-Bug: #1750829
    Change-Id: I6bb956808aa3df58747c865c92e5b276e61aff44
    BluePrint: libvirt-cpu-model-extra-flags


** Changed in: nova
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1750829

Title:
  RFE: libvirt: Add ability to configure extra CPU flags for named CPU
  models

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) pike series:
  Confirmed
Status in OpenStack Compute (nova) queens series:
  Confirmed

Bug description:
  Motivation
  ----------

  The recent "Meltdown" CVE fixes resulted in critical performance
  penalty, From here[*]:

      [...] However, in examining both the various fixes rolled out in
      actual Linux distros over the past few days and doing some very
      informal surveying of environments I have access to, I discovered
      that the PCID ["process-context identifiers"] processor feature,
      which used to be a virtual no-op, is now a performance AND security
      critical item.[...]

  So if a Nova user has applied all the "Meltdown" CVE fixes, and is using
  a named CPU model (like "IvyBridge", or "Westmere" — which specifically
  lack the said obscure "PCID" feature) they will incur severe performance
  degradation[*].

  Note that some of Intel *physical* CPUs themselves include the 'pcid'
  CPU feature flag; but the named CPU models provided by libvirt & QEMU
  lack that flag — hence we explicitly specify it for virtual CPUs via the
  following proposed config attribute.

  [*] https://groups.google.com/forum/m/#!topic/mechanical-
  sympathy/L9mHTbeQLNU

  Proposed change
  ---------------

  Modify Nova's libvirt driver such that it will be possible to set
  granular CPU feature flags for named CPU models.  E.g. to explicitly
  specify the 'pcid' feature flag with Intel IvyBridge CPU model, set the
  following in /etc/nova.conf:

      ...
      [libvirt]
      cpu_model=IvyBridge
      cpu_model_extra_flags="pcid"
      ...

  The list of known CPU feature flags ('vmx', 'xtpr', 'pcid', et cetera)
  can be found in /usr/share/libvirt/cpu_map.xml.

  Note that before specifying extra CPU feature flags, one should check if
  the named CPU models (provided by libvirt) already include the said
  flags.  E.g. the 'Broadwell', 'Haswell-noTSX' named CPU models provided
  by libvirt already provides the 'pcid' CPU feature flag.

  Other use cases
  ---------------

    - Nested Virtualization — an operator can specify the Intel 'vmx' or
      AMD 'svm' flags in the level-1 guest (i.e. the guest hypervisor)

    - Ability to use 1GB huge pages with Haswell model as one use case for
      extra flags (thanks: Daniel Berrangé, for mentioning this scenario):

          cpu_model_extra_flags=Haswell
          cpu_model_extra_flags="pdpe1gb"

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1750829/+subscriptions