From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 9ED249E347 for ; Tue, 6 Jun 2023 17:05:12 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 87ED337BDB for ; Tue, 6 Jun 2023 17:04:42 +0200 (CEST) Received: from bastionodiso.odiso.net (bastionodiso.odiso.net [IPv6:2a0a:1580:2000::2d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 6 Jun 2023 17:04:40 +0200 (CEST) Received: from kvmformation3.odiso.net (formationkvm3.odiso.net [10.3.94.12]) by bastionodiso.odiso.net (Postfix) with ESMTP id 0E6EA8B6B; Tue, 6 Jun 2023 17:04:40 +0200 (CEST) Received: by kvmformation3.odiso.net (Postfix, from userid 0) id E8ECC2F6683; Tue, 6 Jun 2023 17:04:39 +0200 (CEST) From: Alexandre Derumier To: pve-devel@lists.proxmox.com Date: Tue, 6 Jun 2023 17:04:37 +0200 Message-Id: <20230606150439.1888000-1-aderumier@odiso.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.008 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH-SERIES v5 qemu-server/manager] add and set x86-64-v2-AES as default model for new vms X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jun 2023 15:05:12 -0000 Hi, we used kvm64 as default cpumodel since the begin of proxmox. (basically, it's like a pentium4 cpu flags). New distros like rhel9 are compiled to use more modern cpu flags. (and windows already use new flags since year, and we already add some extra cpu flags) " In 2020, AMD, Intel, Red Hat, and SUSE worked together to define three microarchitecture levels on top of the historical x86-64 baseline: * x86-64-v1: original x86_64 baseline instruction set * x86-64-v2: vector instructions up to Streaming SIMD Extensions 4.2 (SSE4.2) and Supplemental Streaming SIMD Extensions 3 (SSSE3), the POPCNT instruction, and CMPXCHG16B * x86-64-v3: vector instructions up to AVX2, MOVBE, and additional bit-manipulation instructions. * x86-64-v4: vector instructions from some of the AVX-512 variants. " This patch series add new models inspired from a patch was found on qemu mailing, but never appplied https://lore.kernel.org/all/20210526144038.278899-1-berrange@redhat.com/T/ In addition to theses model, I have enabled aes too. I think it's really important, because a lot of users use default values and have bad performance with ssl and other crypto stuffs. This was discussed on the qemu mailing " Crypto accelerator caveats ========================== Similarly I'm not a huge fan of leaving out the "aes" instruction for accelerated crypto, as missing "aes" is also one of the key factors in making qemu64 a bad choice. If we include 'aes' in x86-64-v2, then we loose support for Nehalem hosts. If we include 'aes' in x86-64-v3 then we further loose support for Dhyana hosts (an EPYC derived CPU). " Nahelemn is a 2008 cpu, so I think it's ok, we are in 2013 ;) (and user can disable aes flag in gui too) Dhyana is a chinese fork of epyc, so we don't support the vendor I still think than enable aes by default is really the more easy, but for x86-64-v2, just do 1 model without aes (for nehalem), and a model with aes. Like this, users don't need to play manually with flags. This patch series add new models, and set x86-64-v2-AES model as default in pve-manager wizard only. (to not break current vm, where kvm64 is the default when cputype is not defined in configuration) Here the new builtin models: x86-64-v1 : not implemented, as it's basicaly qemu64|kvm64 -vme,-cx16 for compat Opteron_G1 from 2004 so will use it as qemu64|kvm64 is higher are not working on opteron_g1 anyway x86-64-v2 : Derived from qemu, +popcnt;+pni;+sse4.1;+sse4.2;+ssse3 min intel: Nehalem min amd : Opteron_G3 x86-64-v2-AES : Derived from qemu, +aes;+popcnt;+pni;+sse4.1;+sse4.2;+ssse3 min intel: Westmere min amd : Opteron_G3 x86-64-v3 : Derived from qemu64 +aes;+popcnt;+pni;+sse4.1;+sse4.2;+ssse3;+avx;+avx2;+bmi1;+bmi2;+f16c;+fma;+abm;+movbe min intel: Haswell min amd : EPYC_v1 x86-64-v4 : Derived from qemu64 +aes;+popcnt;+pni;+sse4.1;+sse4.2;+ssse3;+avx;+avx2;+bmi1;+bmi2;+f16c;+fma;+abm;+movbe;+avx512f;+avx512bw;+avx512cd;+avx512dq;+avx512vl min intel: Skylake min amd : EPYC_v4 changelog v4: - remove patches for best cpu detection (maybe do a standalone tool later) - use qemu64 as base model and add extra flags - add x64-64-v2-AES (default) - remove x64-64-v1 - add x64-64-v4 - fix fiona comments changelog v5: - fix fiona comments qemu-server: Alexandre Derumier (1): cpuconfig: add new x86-64-vX models PVE/QemuServer/CPUConfig.pm | 48 +++++++++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 5 deletions(-) pve-manager: Alexandre Derumier (1): qemu: processor : set x86-64-v2-AES as default cputype for create wizard www/manager6/qemu/OSDefaults.js | 1 + www/manager6/qemu/OSTypeEdit.js | 1 + 2 files changed, 2 insertions(+) -- 2.30.2