yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1852437] Re: Allow ability to disable individual CPU features via `cpu_model_extra_flags`

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Kashyap Chamarthy <1852437@xxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Feb 2021 14:27:15 -0000
Reply-to: Bug 1852437 <1852437@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
       Status: Invalid => Triaged

** Changed in: nova
   Importance: Wishlist => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1852437

Title:
  Allow ability to disable individual CPU features via
  `cpu_model_extra_flags`

Status in OpenStack Compute (nova):
  Triaged

Bug description:
  What?
  -----

  When using a custom CPU model, Nova currently allows enabling
  individual CPU flags/features via the config attribute,
  `cpu_model_extra_flags`:

      [libvirt]
      cpu_mode=custom
      cpu_model=IvyBridge
      cpu_model_extra_flags="pcid,ssbd, md-clear"

  The above only lets you enable the CPU features.  This RFE is to also
  allow _disabling_ individual CPU features.

  
  Why?
  ---

  A couple of reasons:

    - An Operator wants to generate a baseline CPU config (that facilates
      live migration) across his Compute node pool.  However, a certain
      CPU flag is causing an inteolerable performance issue for their
      guest workloads.  If the Operator isolated the problem to _that_
      specific CPU flag, then she would like to disable the flag.

    - More importantly, a specific CPU flag might trigger a CPU
      vulnerability.  In such a case, the mitigation for it could be to
      simply _disable_ the offending CPU flag.

  Allowing disabling of individual CPU flags via Nova would enable the
  above use cases.

  
  How?
  ----

  By allowing the notion of '+' / '-' to indicate whether to enable to
  disable a given CPU flag.

  E.g. if you specify the below in 'nova.conf' (on the Compute nodes):

      [libvirt]
      cpu_mode=custom
      cpu_model=IvyBridge
      cpu_model_extra_flags="+pcid,-mtrr,ssbd"

  Then, when you start an instance, Nova should generate the below XML:

      <cpu match='exact'> 
        <model fallback='forbid'>IvyBridge</model>
        <vendor>Intel</vendor>
        <feature policy='require' name='pcid'/>
        <feature policy='disable' name='mtrr'/>
        <feature policy='require' name='ssbd'/>
      </cpu>

  
  Note that the requirement to specify '+' / '-' for individual flags
  should be optional.  If neither is specified, then we should assume '+',
  and enable the feature (as shown above for the 'ssbd' flag).

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1852437/+subscriptions

References

[Bug 1852437] [NEW] Allow ability to disable individual CPU features via `cpu_model_extra_flags`
From: Kashyap Chamarthy, 2019-11-13