From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx2.suse.de ([195.135.220.15]) by Galois.linutronix.de with esmtps (TLS1.0:DHE_RSA_CAMELLIA_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1fAvDg-00042j-Gc for speck@linutronix.de; Tue, 24 Apr 2018 12:30:45 +0200 Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id AE5D9AE5D for ; Tue, 24 Apr 2018 10:30:37 +0000 (UTC) Date: Tue, 24 Apr 2018 12:30:37 +0200 From: Joerg Roedel Subject: [MODERATED] Re: ***UNCHECKED*** Re: L1D-Fault KVM mitigation Message-ID: <20180424103037.2lwafyzyoxbinapv@suse.de> References: <20180424090630.wlghmrpasn7v7wbn@suse.de> <20180424093537.GC4064@hirez.programming.kicks-ass.net> MIME-Version: 1.0 In-Reply-To: <20180424093537.GC4064@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Tue, Apr 24, 2018 at 11:35:37AM +0200, speck for Peter Zijlstra wrote: > Another option, that is being explored, is to co-schedule siblings. > So ensure all siblings either run vcpus of the _same_ VM or idle. > > Of course, this is all rather intrusive and ugly and brings with it > setup costs as well, because you'd have to sync up on VMENTER, VMEXIT > and interrupts (on the idle CPUs). Not to mention that it is going to be a maintenance nightmare for the years to come. And even if we end up with gang-scheduling in the end, which I don't see coming yet, we need a simpler plan to have a mitigation when the embargo lifts. Regards, Joerg