bcd6b42047
Parse a comma-separated list of CPU flags from
`[libvirt]/cpu_model_extra_flags`. If the CPU flag starts with '+',
enable the feature in Nova guest CPU guest XML, or if it starts with
'-', disable the feature. If neither '+' nor '-' is specified, enable
the flag. For example, on a compute node that is running hardware (e.g.
an Intel server that supports TSX) and virtualization software that
supports the given CPU flags, if a user provides this config:
[libvirt]
cpu_mode = custom
cpu_models = Cascadelake-Server
cpu_model_extra_flags = -hle, -rtm, +ssbd, mtrr
Then Nova should generate this CPU for the guest:
<cpu match='exact'>
<model fallback='forbid'>Cascadelake-Server</model>
<vendor>Intel</vendor>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='mtrr'/>
<feature policy='disable' name='hle'/>
<feature policy='disable' name='rtm'/>
</cpu>
This ability to selectively disable CPU flags lets you avoid any CPU
flags that need to be disabled for any number of reasons. E.g. disable
a CPU flag that is a potential security risk, or disable one that causes
a performance penalty.
blueprint: allow-disabling-cpu-flags
Change-Id: I2ef7c5bef87bd64c087f3b136c2faac9a3865f10
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
14 lines
577 B
YAML
14 lines
577 B
YAML
---
|
|
features:
|
|
- |
|
|
The libvirt driver now allows explicitly disabling CPU flags for
|
|
guests via the ``[libvirt]cpu_model_extra_flags`` config attribute.
|
|
This is possible via a ``+`` / ``-`` notation, where if you specify
|
|
a CPU flag prefixed with a ``+`` sign (without quotes), it will be
|
|
enabled for the guest, while a prefix of ``-`` will disable it. If
|
|
neither ``+`` nor ``-`` is specified, the CPU flag will be enabled,
|
|
which is the default behaviour.
|
|
|
|
Refer to the ``[libvirt]cpu_model_extra_flags`` documentation for
|
|
more information.
|