Parse a comma-separated list of CPU flags from
`[libvirt]/cpu_model_extra_flags`. If the CPU flag starts with '+',
enable the feature in Nova guest CPU guest XML, or if it starts with
'-', disable the feature. If neither '+' nor '-' is specified, enable
the flag. For example, on a compute node that is running hardware (e.g.
an Intel server that supports TSX) and virtualization software that
supports the given CPU flags, if a user provides this config:
[libvirt]
cpu_mode = custom
cpu_models = Cascadelake-Server
cpu_model_extra_flags = -hle, -rtm, +ssbd, mtrr
Then Nova should generate this CPU for the guest:
<cpu match='exact'>
<model fallback='forbid'>Cascadelake-Server</model>
<vendor>Intel</vendor>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='mtrr'/>
<feature policy='disable' name='hle'/>
<feature policy='disable' name='rtm'/>
</cpu>
This ability to selectively disable CPU flags lets you avoid any CPU
flags that need to be disabled for any number of reasons. E.g. disable
a CPU flag that is a potential security risk, or disable one that causes
a performance penalty.
blueprint: allow-disabling-cpu-flags
Change-Id: I2ef7c5bef87bd64c087f3b136c2faac9a3865f10
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
bcd6b42047