cli: disable smt via cpu_options (#2291)

Disabling SMT dynamically inside the image creates problems on AWS.
The problem should be fixed by disabling smt through the VMM.
By recommendation from AWS: add idle=poll.
This should improve our launch success rate while they investigate some
upstream issues.
This commit is contained in:
Otto Bittner 2023-09-01 11:26:21 +02:00 committed by GitHub
parent 463833433c
commit 75ce11af14
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 1 deletions

View File

@ -51,6 +51,14 @@ resource "aws_launch_template" "launch_template" {
# use "disabled" to disable SEV-SNP (but still require SNP-capable hardware) # use "disabled" to disable SEV-SNP (but still require SNP-capable hardware)
# use null to leave the setting unset (allows non-SNP-capable hardware to be used) # use null to leave the setting unset (allows non-SNP-capable hardware to be used)
amd_sev_snp = var.enable_snp ? "enabled" : null amd_sev_snp = var.enable_snp ? "enabled" : null
# Disable SMT. We are already disabling it inside the image.
# Disabling SMT only in the image, not in the Hypervisor creates problems.
# Thus, also disable it in the Hypervisor.
threads_per_core = 1
# When setting threads_per_core we also have to set core_count.
# For the currently supported SNP instance families (C6a, M6a, R6a) default_cores
# equals the maximum number of available cores.
core_count = data.aws_ec2_instance_type.instance_data.default_cores
} }
lifecycle { lifecycle {
@ -95,3 +103,7 @@ resource "aws_autoscaling_group" "autoscaling_group" {
] ]
} }
} }
data "aws_ec2_instance_type" "instance_data" {
instance_type = var.instance_type
}

View File

@ -6,7 +6,7 @@ Release=38
Format=disk Format=disk
ManifestFormat=json,changelog ManifestFormat=json,changelog
Bootable=yes Bootable=yes
KernelCommandLine=mitigations=auto,nosmt preempt=full rd.shell=0 rd.emergency=reboot loglevel=8 console=ttyS0 KernelCommandLine=mitigations=auto idle=poll preempt=full rd.shell=0 rd.emergency=reboot loglevel=8 console=ttyS0
SplitArtifacts=yes SplitArtifacts=yes
# Enable Secure Boot with own PKI # Enable Secure Boot with own PKI
SecureBoot=yes SecureBoot=yes