Proxmox CPU model kvm64 with PCID and AES flags

[chrone]

Hi Proxmox,

Is there a way to pass through the "aes" instruction to Guest VM by using CPU model kvm64?

I noticed with recent PVE 5.1-35 we could enable the PCID flag on the CPU model from GUI. Would be nice to have AES flag as well.

I know using CPU model host will give all the new CPU instructions, but if we live migrate to different CPU, the qemu might hang, hence the question arise for passing through both PCID and AES-NI instructions to VM with CPU model kvm64.

 

[guletz]

Yes, this would be a great ideea!

 

[LnxBil]

Just edit the config manually and set this:

cpu: kvm64,+aes

I can benchmark it with

openssl speed -evp aes-256-cbc

and it raises 65 MB/sec to 495 MB/sec in throughput

 

[chrone]

Just edit the config manually and set this:

cpu: kvm64,+aes

I can benchmark it with

openssl speed -evp aes-256-cbc

and it raises 65 MB/sec to 495 MB/sec in throughput

I got this error when I use "cpu: kvm64,+aes" on Proxmox 5.1.x the latest.

unable to parse value of 'cpu' - duplicate key in comma-separated list property: cputype

 

[fabian]

we will probably extend the recently introduced flags mechanism to support other flags than "pcid" and "spec-ctrl". in the meantime, you can just set the CPU type to one supporting AESNI (e.g., >= Westmere for Intel IIRC)

 

[chrone]

we will probably extend the recently introduced flags mechanism to support other flags than "pcid" and "spec-ctrl". in the meantime, you can just set the CPU type to one supporting AESNI (e.g., >= Westmere for Intel IIRC)

Awesome! Looking forward for this.

 

[LnxBil]

I got this error when I use "cpu: kvm64,+aes" on Proxmox 5.1.x the latest.

unable to parse value of 'cpu' - duplicate key in comma-separated list property: cputype

Damn, it worked until recently.

 

[chrone]

Damn, it worked until recently.

Hehe, perhaps it was due to the introduction of PCID and SPEC-CTRL CPU flags in Proxmox GUI.

 

[LnxBil]

Hehe, perhaps it was due to the introduction of PCID and SPEC-CTRL CPU flags in Proxmox GUI.

Yes, I suppose so.

 

[fabian]

Damn, it worked until recently.

are you sure about that? I don't really see how based on the code and git history.. the same syntax works on the qemu command line though, so maybe you mixed those two up?

 

[LnxBil]

are you sure about that? I don't really see how based on the code and git history.. the same syntax works on the qemu command line though, so maybe you mixed those two up?

Okay, lets revise: I tested it recently on v4 :-D

 

[fabian]

Okay, lets revise: I tested it recently on v4 :-D

hehe. just out of curiosity - git says it has been an enum before it turned into a property string (with an enum) for a long long time (at least since the switch from svn to git in 2011). possibly enums in the schema were at some point not enforced, but just used to generate docs/... ?

 

[LnxBil]

Yes, it was an enum over the GUI yet you could just add the aforementioned string in the configuration and it passed inspection as long as nobody changed the VM setttings or trigger a reread and rewrite internally. It was a hack, yet it worked.

It goes without saying, setting the cpu to westmere or newer is maybe the way to go.

 

[Sralityhe]

we will probably extend the recently introduced flags mechanism to support other flags than "pcid" and "spec-ctrl". in the meantime, you can just set the CPU type to one supporting AESNI (e.g., >= Westmere for Intel IIRC)

Hello Fabian,

is there allready an ETA for that?

Or is there another "comfort" way to make it accessable via gui? For example add a custom cpu type via config?

kind regards

 

[LnxBil]

If you mean to use a westmere CPU, this is already implemented:

 

[fabian]

is there allready an ETA for that?

no (but patches welcome )

Or is there another "comfort" way to make it accessable via gui? For example add a custom cpu type via config?

no, the CPU types are direct mappings of those in Qemu, which are determined at compile time.

 

[Carl Schiller]

Wrote a small patch that you can add aes, avx, avx2 to the vmconfig file and enable these for your guest.

If someone like the *deb for testing or other cpu-flags feel free to ask.

 

[drdownload]

Any news on this?

 

[Leith Hobson]

Any news on this?

Hi
I know it's a little late... But I came right with the following line in my config "cpu: host,flags=+pcid;+spec-ctrl;+aes"

 

[chrone]

Hi
I know it's a little late... But I came right with the following line in my config "cpu: host,flags=+pcid;+spec-ctrl;+aes"

is this on latest pve 5.2 and only from manual editing the vm conf?