From: Thomas Lamprecht Date: Wed, 10 Jan 2018 09:44:52 +0000 (+0100) Subject: qm/cpu: add section for PCID flag X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=5dba26779e7ee3fbd45f56d9bb1e4f98f05e502c;p=pve-docs.git qm/cpu: add section for PCID flag Signed-off-by: Thomas Lamprecht --- diff --git a/qm.adoc b/qm.adoc index e0d789c..9119e44 100644 --- a/qm.adoc +++ b/qm.adoc @@ -304,6 +304,34 @@ the kvm64 default. If you don’t care about live migration or have a homogeneou cluster where all nodes have the same CPU, set the CPU type to host, as in theory this will give your guests maximum performance. +PCID Flag +^^^^^^^^^ + +The *PCID* CPU flag helps to improve performance of the Meltdown vulnerability +footnote:[Meltdown Attack https://meltdownattack.com/] mitigation approach. In +Linux the mitigation is called 'Kernel Page-Table Isolation (KPTI)', which +effectively hides the Kernel memory from the user space, which, without PCID, +is a expensive operation footnote:[PCID is now a critical performance/security +feature on x86 +https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU]. + +There are two requirements to reduce the cost of the mitigation: + +* The host CPU must support PCID and propagate it to the guest's virtual CPU(s) +* The guest Operating System must be updated to a version which mitigates the + attack and utilizes the PCID feature marked by its flag. + +To check if the {pve} host support PCID, execute the following command as root: + +---- +# grep ' pcid ' /proc/cpuinfo +---- + +If this does not return empty your hosts CPU has support for PCID. If you use +`host' as CPU type and the guest OS is able to use it, your done. +Else, the PCID CPU flag needs to get set for the virtual CPU. This can be done, +for example, by editing the CPU through the WebUI. + NUMA ^^^^ You can also optionally emulate a *NUMA*