[pve-devel] [PATCH 0/7] Add basics for custom CPU models

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon Sep 9 12:00:50 CEST 2019


On September 2, 2019 4:27 pm, Stefan Reiter wrote:
> Based on the RFC and following on- and off-list discussion about custom CPU
> models [0].
> 
> In essence, this revised patch allows a user to specify custom CPU models in
> /etc/pve/cpu-models.conf (section-config style [1]), where VMs using that CPU
> model inherit details from the definition. This removes any fragile
> "auto-magical" CPU flag detection, while still giving the user a way to create
> VMs with the best possible subset of CPU features maintaining live-migration
> compatibility.
> 
> Includes the infrastructure for broadcasting supported CPU flags for each
> cluster-node via the key-value store - this is not necessary for the
> custom-cpu feature in particular, but I think could prove useful for
> implementing the GUI part (e.g. show the user which flags are supported on which
> nodes).
> 
> I intentionally wanted to send this series before starting any GUI or new API
> work, to get some feedback if this approach works better than the cluster-cpu
> one.
> 
> [0]: https://pve.proxmox.com/pipermail/pve-devel/2019-July/038268.html
> [1]: e.g.:
> cpu-model: custom-cpu-name
>     host-phys-bits 1
>     flags +aes;+avx;+avx2
>     basemodel kvm64

some more detailed feedback on individual patches, here a summary of open
questions from my side:
- nested models, or just custom models derived from qemu-provided base model
- namespacing of custom models? where, how, ...?
- versioning/live-migration

and some things for the 'future' part:
- permissions? who can create a custom model?
- is there a security risk associated with any of the flags (besides 
  making the VM itself easier to attack)? do we want to have some global 
  whitelist of flags that we have closely looked at and deemed 
  unproblematic?
- do we want to make the whole CRUD of models root/admin only (probably 
  need to, unless we want to create permission paths for CPU models?)

I like the direction this is going, although a lot of the magic will be 
in how to make it straight-forward to generate a new model using the 
available information, which is not yet part of this series ;)

> 
> 
> qemu: Stefan Reiter (1):
>   Trigger pve-api-updates on update
> 
>  debian/triggers | 1 +
>  1 file changed, 1 insertion(+)
>  create mode 100644 debian/triggers
> 
> manager: Stefan Reiter (1):
>   Broadcast supported CPU flags
> 
>  PVE/Service/pvestatd.pm | 28 ++++++++++++++++++++++++++--
>  1 file changed, 26 insertions(+), 2 deletions(-)
> 
> qemu-server: Stefan Reiter (5):
>   Add QEMU CPU flag querying helpers
>   Add CustomCPUConfig for storing/parsing custom CPU models
>   Support custom CPU types in get_cpu_options
>   Handle CPU flags defined in custom CPU type
>   Allow custom CPU types in API
> 
>  PVE/QemuServer.pm                 | 173 +++++++++++++++++++++++++++++-
>  PVE/QemuServer/CustomCPUConfig.pm | 129 ++++++++++++++++++++++
>  PVE/QemuServer/Makefile           |   1 +
>  3 files changed, 299 insertions(+), 4 deletions(-)
>  create mode 100644 PVE/QemuServer/CustomCPUConfig.pm
> 
> -- 
> 2.20.1
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 




More information about the pve-devel mailing list