qm/cpu: add section for PCID flag

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

qm.adoc

@@ -304,6 +304,34 @@ the kvm64 default. If you don’t care about live migration or have a homogeneou
 cluster where all nodes have the same CPU, set the CPU type to host, as in
 theory this will give your guests maximum performance.
 
+PCID Flag
+^^^^^^^^^
+
+The *PCID* CPU flag helps to improve performance of the Meltdown vulnerability
+footnote:[Meltdown Attack https://meltdownattack.com/] mitigation approach. In
+Linux the mitigation is called 'Kernel Page-Table Isolation (KPTI)', which
+effectively hides the Kernel memory from the user space, which, without PCID,
+is a expensive operation footnote:[PCID is now a critical performance/security
+feature on x86
+https://groups.google.com/forum/m/#!topic/mechanical-sympathy/L9mHTbeQLNU].
+
+There are two requirements to reduce the cost of the mitigation:
+
+* The host CPU must support PCID and propagate it to the guest's virtual CPU(s)
+* The guest Operating System must be updated to a version which mitigates the
+  attack and utilizes the PCID feature marked by its flag.
+
+To check if the {pve} host support PCID, execute the following command as root:
+
+----
+# grep ' pcid ' /proc/cpuinfo
+----
+
+If this does not return empty your hosts CPU has support for PCID. If you use
+`host' as CPU type and the guest OS is able to use it, your done.
+Else, the PCID CPU flag needs to get set for the virtual CPU. This can be done,
+for example, by editing the CPU through the WebUI.
+
 NUMA
 ^^^^
 You can also optionally emulate a *NUMA*