qm/cpu: add section for PCID flag

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/qm.adoc b/qm.adoc
index e0d789c0b3b249dda61600cc19802e532a5e6323..9119e44aac2465085b3769a020d694c81e71356f 100644 (file)
--- a/qm.adoc
+++ b/qm.adoc
@@ -304,6 +304,34 @@ the kvm64 default. If you don’t care about live migration or have a homogeneou
 cluster where all nodes have the same CPU, set the CPU type to host, as in
 theory this will give your guests maximum performance.
 
 cluster where all nodes have the same CPU, set the CPU type to host, as in
 theory this will give your guests maximum performance.
 

+PCID Flag
+^^^^^^^^^
+
+The *PCID* CPU flag helps to improve performance of the Meltdown vulnerability
+footnote:[Meltdown Attack https://meltdownattack.com/] mitigation approach. In
+Linux the mitigation is called 'Kernel Page-Table Isolation (KPTI)', which
+effectively hides the Kernel memory from the user space, which, without PCID,
+is a expensive operation footnote:[PCID is now a critical performance/security
+feature on x86
+https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU].
+
+There are two requirements to reduce the cost of the mitigation:
+
+* The host CPU must support PCID and propagate it to the guest's virtual CPU(s)
+* The guest Operating System must be updated to a version which mitigates the
+  attack and utilizes the PCID feature marked by its flag.
+
+To check if the {pve} host support PCID, execute the following command as root:
+
+----
+# grep ' pcid ' /proc/cpuinfo
+----
+
+If this does not return empty your hosts CPU has support for PCID. If you use
+`host' as CPU type and the guest OS is able to use it, your done.
+Else, the PCID CPU flag needs to get set for the virtual CPU. This can be done,
+for example, by editing the CPU through the WebUI.
+

 NUMA
 ^^^^
 You can also optionally emulate a *NUMA*
 NUMA
 ^^^^
 You can also optionally emulate a *NUMA*