[pve-devel] [PATCH docs] qm/cpu: add section for PCID flag

[Thomas Lamprecht]

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
 qm.adoc | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/qm.adoc b/qm.adoc
index e0d789c..1c7373e 100644
--- a/qm.adoc
+++ b/qm.adoc
@@ -304,6 +304,33 @@ the kvm64 default. If you don’t care about live migration or have a homogeneou
 cluster where all nodes have the same CPU, set the CPU type to host, as in
 theory this will give your guests maximum performance.
 
+PCID Flag
++++++++++
+
+The *PCID* CPU flag helps to improve performance of the Meltdown vulnerability
+footnote:[Meltdown Attack https://meltdownattack.com/] mitigation approach. In
+Linux the mitigation is called 'Kernel Page-Table Isolation (KPTI)', it hides
+the Kernel from the user space memory, which, without PCID, is a expensive
+operation footnote:[PCID is now a critical performance/security feature on x86
+https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU].
+
+There are two requirements to reduce the cost of the mitigation:
+
+* The host CPU must support PCID and propagate it to the guests virtual CPU(s)
+* The guest Operating System must be updated to a version which mitigates the
+  attack and utilizes the PCID feature marked by its flag.
+
+To check if the {pve} host support PCID, execute the following command as root:
+
+----
+# grep ' pcid ' /proc/cpuinfo
+----
+
+If this does not return empty your hosts CPU has support for PCID. If you use
+`host' as CPU type and the guest OS is able to use it, your done.
+Else, the PCID CPU flag needs to get set for the virtual CPU. This can be done,
+for example, by editing the CPU through the WebUI.
+
 NUMA
 ^^^^
 You can also optionally emulate a *NUMA*
-- 
2.11.0