You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Pierre-Luc Dion <pd...@cloudops.com> on 2018/01/09 02:32:48 UTC
[XenServer] meltdown-spectre
Hi,
From recent blog post, I've read that system using full virtualization such
as KVM, VMware or Xen-HVM are not affected? Anyhow, from the latest hotfix
of XenServer 7.1cu1 hf8, it look like they systematically convert VM from
PV to HVM, so in the case of a VM stop/start by CloudStack, a PV vm would
be restarted as HVM.
Look like this could be problematic if your VM kernel does not support
both, we've just starting tested and so far look like our Debian systemvm
template work fine, it can be created as HVM.
Another point is that Citrix released an hotfix for xs7.2, 7.3 but not for
7.1, you need to cumulative update to remain on 7.1 which is LTS.
And last, does anyone did some benchmark before and after the kernel fix
for Meltdown ? Some report state 30-35% cpu usage increase (not hypervisor
specific) and Lucian [1] might indicate it would depend on the cpu model.
Any metrics to share ? We are doing some tests on our side we should be
able to share some stuff soon...
Regards,
[1] http://markmail.org/thread/wkzze3n24mns274x
Re: [XenServer] meltdown-spectre
Posted by Pierre-Luc Dion <pd...@cloudops.com>.
Hi,
Another problem, VR are configured via eth0 (cloudlinklocal) that is
create via PV params of the VM on XenServer. So Creation HVM VR will not
work. We will have to think about an alternative way to setup eth0 on VR on
XenServer.
We will file a jira issue about this. This will be problematic with XS
7,1cu1, 7.2, 7.3
Tim, yes fro XS template, the maping, at least on Xs7.1 seams to work just
fine. They were pretty much all as HVM exept Centos 6, Debian,.. until the
Meltdown hotfix.
On Mon, Jan 8, 2018 at 10:47 PM, Tim Mackey <tm...@gmail.com> wrote:
> PLD,
>
> One thing to add to your testing is template management. When I was doing
> all the Packer stuff with XS 6.5 and 7, ACS needed to know if the template
> was PV or HVM to provision properly. No idea if the ACS template logic has
> changed since then, but something to be aware of.
>
> From a performance perspective with XS 6.5 started having newer XS
> templates follow an HVM model. e.g. CentOS 7 on XS 6.5 was HVM not PV.
> iirc, the performance difference was negligible on reasonably new CPUs
> (Sandy Bridge+ I think).
>
> -tim
>
> On Mon, Jan 8, 2018 at 9:39 PM, Ivan Kudryavtsev <kudryavtsev_ia@bw-sw.com
> >
> wrote:
>
> > Hi. Every kind of virtualization is affected according to qemu
> developers.
> >
> > 9 янв. 2018 г. 9:32 пользователь "Pierre-Luc Dion" <pd...@cloudops.com>
> > написал:
> >
> > > Hi,
> > >
> > > From recent blog post, I've read that system using full virtualization
> > such
> > > as KVM, VMware or Xen-HVM are not affected? Anyhow, from the latest
> > hotfix
> > > of XenServer 7.1cu1 hf8, it look like they systematically convert VM
> from
> > > PV to HVM, so in the case of a VM stop/start by CloudStack, a PV vm
> would
> > > be restarted as HVM.
> > >
> > > Look like this could be problematic if your VM kernel does not support
> > > both, we've just starting tested and so far look like our Debian
> systemvm
> > > template work fine, it can be created as HVM.
> > >
> > > Another point is that Citrix released an hotfix for xs7.2, 7.3 but not
> > for
> > > 7.1, you need to cumulative update to remain on 7.1 which is LTS.
> > >
> > > And last, does anyone did some benchmark before and after the kernel
> fix
> > > for Meltdown ? Some report state 30-35% cpu usage increase (not
> > hypervisor
> > > specific) and Lucian [1] might indicate it would depend on the cpu
> > model.
> > > Any metrics to share ? We are doing some tests on our side we should
> be
> > > able to share some stuff soon...
> > >
> > > Regards,
> > >
> > > [1] http://markmail.org/thread/wkzze3n24mns274x
> > >
> >
>
Re: [XenServer] meltdown-spectre
Posted by Tim Mackey <tm...@gmail.com>.
PLD,
One thing to add to your testing is template management. When I was doing
all the Packer stuff with XS 6.5 and 7, ACS needed to know if the template
was PV or HVM to provision properly. No idea if the ACS template logic has
changed since then, but something to be aware of.
From a performance perspective with XS 6.5 started having newer XS
templates follow an HVM model. e.g. CentOS 7 on XS 6.5 was HVM not PV.
iirc, the performance difference was negligible on reasonably new CPUs
(Sandy Bridge+ I think).
-tim
On Mon, Jan 8, 2018 at 9:39 PM, Ivan Kudryavtsev <ku...@bw-sw.com>
wrote:
> Hi. Every kind of virtualization is affected according to qemu developers.
>
> 9 янв. 2018 г. 9:32 пользователь "Pierre-Luc Dion" <pd...@cloudops.com>
> написал:
>
> > Hi,
> >
> > From recent blog post, I've read that system using full virtualization
> such
> > as KVM, VMware or Xen-HVM are not affected? Anyhow, from the latest
> hotfix
> > of XenServer 7.1cu1 hf8, it look like they systematically convert VM from
> > PV to HVM, so in the case of a VM stop/start by CloudStack, a PV vm would
> > be restarted as HVM.
> >
> > Look like this could be problematic if your VM kernel does not support
> > both, we've just starting tested and so far look like our Debian systemvm
> > template work fine, it can be created as HVM.
> >
> > Another point is that Citrix released an hotfix for xs7.2, 7.3 but not
> for
> > 7.1, you need to cumulative update to remain on 7.1 which is LTS.
> >
> > And last, does anyone did some benchmark before and after the kernel fix
> > for Meltdown ? Some report state 30-35% cpu usage increase (not
> hypervisor
> > specific) and Lucian [1] might indicate it would depend on the cpu
> model.
> > Any metrics to share ? We are doing some tests on our side we should be
> > able to share some stuff soon...
> >
> > Regards,
> >
> > [1] http://markmail.org/thread/wkzze3n24mns274x
> >
>
Re: [XenServer] meltdown-spectre
Posted by Ivan Kudryavtsev <ku...@bw-sw.com>.
Hi. Every kind of virtualization is affected according to qemu developers.
9 янв. 2018 г. 9:32 пользователь "Pierre-Luc Dion" <pd...@cloudops.com>
написал:
> Hi,
>
> From recent blog post, I've read that system using full virtualization such
> as KVM, VMware or Xen-HVM are not affected? Anyhow, from the latest hotfix
> of XenServer 7.1cu1 hf8, it look like they systematically convert VM from
> PV to HVM, so in the case of a VM stop/start by CloudStack, a PV vm would
> be restarted as HVM.
>
> Look like this could be problematic if your VM kernel does not support
> both, we've just starting tested and so far look like our Debian systemvm
> template work fine, it can be created as HVM.
>
> Another point is that Citrix released an hotfix for xs7.2, 7.3 but not for
> 7.1, you need to cumulative update to remain on 7.1 which is LTS.
>
> And last, does anyone did some benchmark before and after the kernel fix
> for Meltdown ? Some report state 30-35% cpu usage increase (not hypervisor
> specific) and Lucian [1] might indicate it would depend on the cpu model.
> Any metrics to share ? We are doing some tests on our side we should be
> able to share some stuff soon...
>
> Regards,
>
> [1] http://markmail.org/thread/wkzze3n24mns274x
>