[pve-devel] [PATCH-SERIES v3 qemu-server/manager/common] add and set x86-64-v2 as default model for new vms and detect best cpumodel

DERUMIER, Alexandre alexandre.derumier at groupe-cyllene.com
Wed May 31 16:34:28 CEST 2023

Le mercredi 31 mai 2023 à 13:36 +0200, Fiona Ebner a écrit :
> Am 22.05.23 um 12:25 schrieb Alexandre Derumier:
> > In addition to theses model, I have enabled aes too.
> > I think it's really important, because a lot of users use default
> > values and have
> > bad performance with ssl and other crypto stuffs.
> > 
> So there is the answer to my aes question :) But shouldn't we rather
> set
> it via the UI as a default than change the CPU definition itself?
> That
> feels cleaner as we'd not diverge from how they defined the ABI.

I don't have looked pve-manager code yet, but do you think it's easy
to auto enable/disable the aes flag in the grid when we choose theses
models ?

Maybe could it be better to have 2 differents models, with/without aes
(like some qemu models versions like -IBRS,  
here we could have

x86-64-v2-aes   (default)

> If we do this, then only at VM create. Changing the CPU at VM start
> is
> just too much magic and can break things, because we don't know what
> the
> guest is fine with.
yes, agreed.

>  Much of the problem would already be solved by
> having something like 
> where the admin can select a sane default for their cluster and we
> can
> help them choose a default with some guidance in the documentation.
> A way to calculate the best model in the cluster can be fine, but
> seems
> to be quite an effort. If we deem it worth it, we can still have a
> separate "calculate best model" tool/command. Changing such things
> automatically just leads to unexpected surprises.
I think that at minimum a tool/command to generate a default value or
give a hint to the admin could be great, because new Intel cpu names
since skylake are really really a mess. (
 (+ the revisions/microcode where you can have up to 6 differents
version, it's almost impossible to do it without testing all versions,
and all flags are not available in /proc/cpu  (you need to read
specific msr like in my patch).

More information about the pve-devel mailing list