OpenStack Compute (nova)

Bug #1750829
Comment #10

Comment 10 for bug 1750829

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-04-21: Fix merged to nova (stable/ocata)

#10

Reviewed: https://review.openstack.org/561168
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=1c6b2fce289b68af92afeddf8d30efcda1903f06
Submitter: Zuul
Branch: stable/ocata

commit 1c6b2fce289b68af92afeddf8d30efcda1903f06
Author: Kashyap Chamarthy <email address hidden>
Date: Tue Jan 16 17:56:51 2018 +0100

libvirt: Allow to specify granular CPU feature flags

The recent "Meltdown" CVE fixes have resulted in a critical performance
penalty[*] that will impact every Nova guest with certain CPU models.

    I.e. assume you have applied all the "Meltdown" CVE fixes, and performed
    a cold reboot (explicit stop & start) of all Nova guests, for the
    updates to take effect. Now, if any guests that are booted with certain
    named virtual CPU models (e.g. "IvyBridge", "Westmere", etc), then those
    guests, will incur noticeable performance degradation[*], while being
    protected from the CVE itself.

    To alleviate this guest performance impact, it is now important to
    specify an obscure Intel CPU feature flag, 'PCID' (Process-Context ID)
    -- for the virtual CPU models that don't already include it (more on
    this below). To that end, this change will allow Nova to explicitly
    specify CPU feature flags via a new configuration attribute,
    `cpu_model_extra_flags`, e.g. in `nova.conf`:

        ...
        [libvirt]
        cpu_mode = custom
        cpu_model = IvyBridge
        cpu_model_extra_flags = pcid
        ...

    NB: In the first iteration, the choices for `cpu_model_extra_flags` is
    restricted to only 'pcid' (the option is case-insensitive) -- to address
    the earlier mentioned guest performance degradation. A future patch
    will remove this restriction, allowing to add / remove multiple CPU
    feature flags, thus making way for other useful features.

Some have asked: "Why not simply hardcode the 'PCID' CPU feature flag
into Nova?" That's not graceful, and more importantly, impractical:

(1) Not every Intel CPU model has 'PCID':

- The only Intel CPU models that include the 'PCID' capability
are: "Haswell", "Broadwell", and "Skylake" variants.

           - The libvirt / QEMU Intel CPU models: "Nehalem", "Westmere",
             "SandyBridge", and "IvyBridge" will *not* expose the 'PCID'
             capability, even if the host CPUs by the same name include it.
             I.e. 'PCID' needs to be explicitly when using the said virtual
             CPU models.

(2) Magically adding new CPU feature flags under the user's feet
impacts live migration.

[*] https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU

Conflicts:
nova/virt/libvirt/driver.py

NOTE(lyarwood): The above is a trivial warning log translation conflict
required prior to stable/pike.

    Closes-Bug: #1750829
    Change-Id: I6bb956808aa3df58747c865c92e5b276e61aff44
    (cherry picked from commit 6b601b7cf6e7f23077f428353a3a4e81084eb3a1)
    (cherry picked from commit 98eb85f29c5f0775de480d5ea2946dcbba85fe8a)
    (cherry picked from commit 56350b977e412d59da96a79290d80c6422fa44b1)

Reviewed:  https://review.openstack.org/561168
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=1c6b2fce289b68af92afeddf8d30efcda1903f06
Submitter: Zuul
Branch:    stable/ocata

commit 1c6b2fce289b68af92afeddf8d30efcda1903f06
Author: Kashyap Chamarthy <kchamart@redhat.com>
Date:   Tue Jan 16 17:56:51 2018 +0100

libvirt: Allow to specify granular CPU feature flags
    
    The recent "Meltdown" CVE fixes have resulted in a critical performance
    penalty[*] that will impact every Nova guest with certain CPU models.
    
    I.e. assume you have applied all the "Meltdown" CVE fixes, and performed
    a cold reboot (explicit stop & start) of all Nova guests, for the
    updates to take effect.  Now, if any guests that are booted with certain
    named virtual CPU models (e.g. "IvyBridge", "Westmere", etc), then those
    guests, will incur noticeable performance degradation[*], while being
    protected from the CVE itself.
    
    To alleviate this guest performance impact, it is now important to
    specify an obscure Intel CPU feature flag, 'PCID' (Process-Context ID)
    -- for the virtual CPU models that don't already include it (more on
    this below).  To that end, this change will allow Nova to explicitly
    specify CPU feature flags via a new configuration attribute,
    `cpu_model_extra_flags`, e.g. in `nova.conf`:
    
        ...
        [libvirt]
        cpu_mode = custom
        cpu_model = IvyBridge
        cpu_model_extra_flags = pcid
        ...
    
    NB: In the first iteration, the choices for `cpu_model_extra_flags` is
    restricted to only 'pcid' (the option is case-insensitive) -- to address
    the earlier mentioned guest performance degradation.  A future patch
    will remove this restriction, allowing to add / remove multiple CPU
    feature flags, thus making way for other useful features.
    
    Some have asked: "Why not simply hardcode the 'PCID' CPU feature flag
    into Nova?"  That's not graceful, and more importantly, impractical:
    
      (1) Not every Intel CPU model has 'PCID':
    
           - The only Intel CPU models that include the 'PCID' capability
             are: "Haswell", "Broadwell", and "Skylake" variants.
    
           - The libvirt / QEMU Intel CPU models: "Nehalem", "Westmere",
             "SandyBridge", and "IvyBridge" will *not* expose the 'PCID'
             capability, even if the host CPUs by the same name include it.
             I.e. 'PCID' needs to be explicitly when using the said virtual
             CPU models.
    
      (2) Magically adding new CPU feature flags under the user's feet
          impacts live migration.
    
    [*] https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU
    
    Conflicts:
            nova/virt/libvirt/driver.py
    
    NOTE(lyarwood): The above is a trivial warning log translation conflict
    required prior to stable/pike.
    
    Closes-Bug: #1750829
    Change-Id: I6bb956808aa3df58747c865c92e5b276e61aff44
    (cherry picked from commit 6b601b7cf6e7f23077f428353a3a4e81084eb3a1)
    (cherry picked from commit 98eb85f29c5f0775de480d5ea2946dcbba85fe8a)
    (cherry picked from commit 56350b977e412d59da96a79290d80c6422fa44b1)