cli: disable smt via cpu_options (#2291)

Disabling SMT dynamically inside the image creates problems on AWS.
The problem should be fixed by disabling smt through the VMM.
By recommendation from AWS: add idle=poll.
This should improve our launch success rate while they investigate some
upstream issues.

cli/internal/terraform/terraform/aws/modules/instance_group/main.tf

@@ -51,6 +51,14 @@ resource "aws_launch_template" "launch_template" {
     # use "disabled" to disable SEV-SNP (but still require SNP-capable hardware)
     # use null to leave the setting unset (allows non-SNP-capable hardware to be used)
     amd_sev_snp = var.enable_snp ? "enabled" : null
+    # Disable SMT. We are already disabling it inside the image.
+    # Disabling SMT only in the image, not in the Hypervisor creates problems.
+    # Thus, also disable it in the Hypervisor.
+    threads_per_core = 1
+    # When setting threads_per_core we also have to set core_count.
+    # For the currently supported SNP instance families (C6a, M6a, R6a) default_cores
+    # equals the maximum number of available cores.
+    core_count = data.aws_ec2_instance_type.instance_data.default_cores
   }
 
   lifecycle {
@@ -95,3 +103,7 @@ resource "aws_autoscaling_group" "autoscaling_group" {
     ]
   }
 }
+
+data "aws_ec2_instance_type" "instance_data" {
+  instance_type = var.instance_type
+}

image/mkosi.conf.d/mkosi.conf

@@ -6,7 +6,7 @@ Release=38
 Format=disk
 ManifestFormat=json,changelog
 Bootable=yes
-KernelCommandLine=mitigations=auto,nosmt preempt=full rd.shell=0 rd.emergency=reboot loglevel=8 console=ttyS0
+KernelCommandLine=mitigations=auto idle=poll preempt=full rd.shell=0 rd.emergency=reboot loglevel=8 console=ttyS0
 SplitArtifacts=yes
 # Enable Secure Boot with own PKI
 SecureBoot=yes