[pve-devel] cpuflag: pcid needed in guest for good performance after meltdown
Fabian Grünbichler
f.gruenbichler at proxmox.com
Wed Jan 10 08:52:56 CET 2018
On Wed, Jan 10, 2018 at 08:16:51AM +0100, Stefan Priebe - Profihost AG wrote:
> >>
> >> If i understand the patches correctly this means we can't use the old
> >> CPU models any longer but need to use Haswell-IBRS,
> >> Sandybridge-Haswell-IBRS, ...
> >>
> >> See:
> >> http://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg01562.html
> >>
> >> and
> >>
> >> http://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg01563.html
> >>
> >> Stefan
> >
> > IBRS is for the Spectre mitigation. since those are new machine types,
> > they can get the PCID by default without any problems. the unclear ones
> > are the existing Sandybridge (and co) without IBRS.
>
> Yes sure i just wanted to say that qemu itself does not plan to extend
> the existing types.
>
they do (your second link even refers to the patches - [1,2]), but only
for future Qemu releases (PCID is disabled by default for the CPU types
in question on machine types <= 2.11) and it has not yet been decided to
really go ahead with it.
we can pull that in with 2.11 already (upstream plans for 2.12), since we
haven't released any 2.11 packages yet so there cannot be any VMs with
machine type with compat level 2.11. in fact, we could even change
<= 2.11 to <= 2.9 since there are no 2.10 VMs either.
all of this is only about PCID - IBRS (and IBPB and so on) need new
machine types because they require microcode updates on the host first.
1: https://patchew.org/QEMU/20180108205052.24385-1-vincent@bernat.im/
(v1 + discussion)
2: https://patchew.org/QEMU/20180109070112.30806-1-vincent@bernat.im/
(v2)
More information about the pve-devel
mailing list