[pve-devel] [PATCH-SERIES v3 qemu-server/manager/common] add and set x86-64-v2 as default model for new vms and detect best cpumodel

Thu Jun 1 11:06:57 CEST 2023

Le jeudi 01 juin 2023 à 10:34 +0200, Fiona Ebner a écrit :
> Am 31.05.23 um 16:34 schrieb DERUMIER, Alexandre:
> > Le mercredi 31 mai 2023 à 13:36 +0200, Fiona Ebner a écrit :
> > > Am 22.05.23 um 12:25 schrieb Alexandre Derumier:
> > > > In addition to theses model, I have enabled aes too.
> > > > I think it's really important, because a lot of users use
> > > > default
> > > > values and have
> > > > bad performance with ssl and other crypto stuffs.
> > > > 
> > > 
> > > So there is the answer to my aes question :) But shouldn't we
> > > rather
> > > set
> > > it via the UI as a default than change the CPU definition itself?
> > > That
> > > feels cleaner as we'd not diverge from how they defined the ABI.
> > 
> > I don't have looked pve-manager code yet, but do you think it's
> > easy
> > to auto enable/disable the aes flag in the grid when we choose
> > theses
> > models ?
> 
> I also haven't looked at the code, but yeah, it is an issue that it's
> in
> the advanced part and we shouldn't hide it from the user that it's
> on.
> 
> > Maybe could it be better to have 2 differents models, with/without
> > aes
> > (like some qemu models versions like -IBRS,  
> > here we could have
> > 
> > x86-64-v2
> > x86-64-v2-aes   (default)
> > x86-64-v3
> > x86-64-v3-aes
> 
> That might work, but if we do that, please only in the UI. Also not
> ideal, because how would interaction with the flag in the grid work?
> E.g. don't show it, force it on if an -aes model is selected?
> 
mmm, yes, maybe it'll be confusing. (But note that for example we don't
hide -ibrs model, if user disable spectre flag for example)

> Maybe the easiest would be to extract the aes flag out of the grid
> into
> the non-advanced part?
> 
Couldn't be easier to keep aes enable by default in a single model
(even if it's doesn't match the x86-64 spec). and allow user to optin
disable it.
The only server where you need to disable aes if for nahelem, and I
don't think that a lot of users still have this cpu in production.
(so keeping the aes flag in advanced section make sense).
Also, user with really old servers, could keep to use kvm64 model,
where aes is not enabled.