Guidance on Intel TSX impact on OpenStack guests

Solution In Progress - Updated -

Issue

With the Intel June 2021 Microcode Update Intel has disabled and removed "TSX" (Transactional Synchronization Extensions) feature in their latest microcode update. This change has been backported to all supported Red Hat Enterprise Linux releases. The Intel June 2021 Microcode Update was introduced for the following reasons:

  • it is a preemptive measure against potential future security flaws
  • it alleviates the performance penalty of TAA (TSX Asynchronous Abort) mitigations on Intel CascadeLake servers

However, disabling TSX can case live migration to break in certain scenarios. On RHOSP environments 10, 13, and 16.1: live migration breaks only when you explicitly disable TSX (i.e. add tsx=off to the command-line) on some nodes — because by default on RHEL 7 and upto RHEL-8.2 is TSX is enabled. So make sure to have your TSX setting consistent on these environments. On RHOSP 16.2 (running RHEL 8.4), live migration breaks only when user explicitly enables TSX ("tsx=on") on the kernel command-line. This article outlines how Red Hat OpenStack addresses this issue.

This impact applies only to Intel hosts that support the TSX feature. For more information about the CPUs that are affected by this issue, see Affected Configurations.

Environment

The following Red Hat OpenStack Platform environments are affected:

  • Red Hat Openstack Platform 10
  • Red Hat Openstack Platform 13
  • Red Hat Openstack Platform 16.1
  • Red Hat Openstack Platform 16.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content