Bug 1570610 - [RHOS-13] RFE: add ability to configure extra CPU flags for named CPU models
Summary: [RHOS-13] RFE: add ability to configure extra CPU flags for named CPU models
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova
Version: 13.0 (Queens)
Hardware: All
OS: Linux
Target Milestone: z2
: 13.0 (Queens)
Assignee: Kashyap Chamarthy
QA Contact: nova-maint
Depends On: 1398343 1570611 1570614 1570617 1612360
Blocks: 1547954 1571741 1571744 1571750 1571756 1800566 1800679
TreeView+ depends on / blocked
Reported: 2018-04-23 10:37 UTC by Kashyap Chamarthy
Modified: 2021-08-30 15:18 UTC (History)
14 users (show)

Fixed In Version: openstack-nova-17.0.3-0.20180420001139.el7ost
Doc Type: Enhancement
Doc Text:
Clone Of: 1398343
Last Closed: 2018-08-09 10:39:05 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1750829 0 None None None 2018-04-23 10:37:27 UTC
OpenStack gerrit 559700 0 'None' MERGED libvirt: Allow to specify granular CPU feature flags 2020-08-05 11:24:34 UTC
Red Hat Knowledge Base (Solution) 2778991 0 None None None 2018-04-23 10:37:27 UTC

Comment 3 Kashyap Chamarthy 2018-04-23 13:19:12 UTC
The patch[*] is already in RHOS-13:

    $> git branch --contains 98eb85f

[*] From RHOS-13 branch:

$ git show 98eb85f
commit 98eb85f29c5f0775de480d5ea2946dcbba85fe8a
Author: Kashyap Chamarthy <kchamart@redhat.com>
Date:   Tue Jan 16 17:56:51 2018 +0100

    libvirt: Allow to specify granular CPU feature flags
    The recent "Meltdown" CVE fixes have resulted in a critical performance
    penalty[*] that will impact every Nova guest with certain CPU models.
    I.e. assume you have applied all the "Meltdown" CVE fixes, and performed
    a cold reboot (explicit stop & start) of all Nova guests, for the
    updates to take effect.  Now, if any guests that are booted with certain
    named virtual CPU models (e.g. "IvyBridge", "Westmere", etc), then those
    guests, will incur noticeable performance degradation[*], while being
    protected from the CVE itself.
    To alleviate this guest performance impact, it is now important to
    specify an obscure Intel CPU feature flag, 'PCID' (Process-Context ID)
    -- for the virtual CPU models that don't already include it (more on
    this below).  To that end, this change will allow Nova to explicitly
    specify CPU feature flags via a new configuration attribute,
    `cpu_model_extra_flags`, e.g. in `nova.conf`:

Comment 7 Jon Schlueter 2018-06-27 19:41:11 UTC
According to our records, this should be resolved by openstack-nova-17.0.3-0.20180420001141.el7ost.  This build is available now.

Note You need to log in before you can comment on or make changes to this bug.