Bug 1570610

Summary: [RHOS-13] RFE: add ability to configure extra CPU flags for named CPU models
Product: Red Hat OpenStack Reporter: Kashyap Chamarthy <kchamart>
Component: openstack-novaAssignee: Kashyap Chamarthy <kchamart>
Status: CLOSED CURRENTRELEASE QA Contact: OSP DFG:Compute <osp-dfg-compute>
Severity: high Docs Contact:
Priority: high    
Version: 13.0 (Queens)CC: awaugama, berrange, dasmith, eglynn, jhakimra, kchamart, lyarwood, rhos-docs, sbauza, sclewis, sferdjao, sgordon, srevivo, vromanso
Target Milestone: z2Keywords: FeatureBackport, FutureFeature, TestOnly, Triaged, ZStream
Target Release: 13.0 (Queens)   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-nova-17.0.3-0.20180420001139.el7ost Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1398343 Environment:
Last Closed: 2018-08-09 10:39:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1398343, 1570611, 1570614, 1570617, 1612360    
Bug Blocks: 1547954, 1571741, 1571744, 1571750, 1571756, 1800566, 1800679    

Comment 3 Kashyap Chamarthy 2018-04-23 13:19:12 UTC 
The patch[*] is already in RHOS-13:

    $> git branch --contains 98eb85f
    rhos-13.0-patches

[*] From RHOS-13 branch:

$ git show 98eb85f
commit 98eb85f29c5f0775de480d5ea2946dcbba85fe8a
Author: Kashyap Chamarthy <kchamart>
Date:   Tue Jan 16 17:56:51 2018 +0100

    libvirt: Allow to specify granular CPU feature flags
    
    The recent "Meltdown" CVE fixes have resulted in a critical performance
    penalty[*] that will impact every Nova guest with certain CPU models.
    
    I.e. assume you have applied all the "Meltdown" CVE fixes, and performed
    a cold reboot (explicit stop & start) of all Nova guests, for the
    updates to take effect.  Now, if any guests that are booted with certain
    named virtual CPU models (e.g. "IvyBridge", "Westmere", etc), then those
    guests, will incur noticeable performance degradation[*], while being
    protected from the CVE itself.
    
    To alleviate this guest performance impact, it is now important to
    specify an obscure Intel CPU feature flag, 'PCID' (Process-Context ID)
    -- for the virtual CPU models that don't already include it (more on
    this below).  To that end, this change will allow Nova to explicitly
    specify CPU feature flags via a new configuration attribute,
    `cpu_model_extra_flags`, e.g. in `nova.conf`:
    
    [...]
Comment 7 Jon Schlueter 2018-06-27 19:41:11 UTC 
According to our records, this should be resolved by openstack-nova-17.0.3-0.20180420001141.el7ost.  This build is available now.