From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1fAvkf-0004LH-DX for speck@linutronix.de; Tue, 24 Apr 2018 13:04:50 +0200 Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=hirez.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux)) id 1fAvkc-0007qm-CM for speck@linutronix.de; Tue, 24 Apr 2018 11:04:46 +0000 Date: Tue, 24 Apr 2018 13:04:45 +0200 From: Peter Zijlstra Subject: [MODERATED] Re: L1D-Fault KVM mitigation Message-ID: <20180424110445.GU4043@hirez.programming.kicks-ass.net> References: <20180424090630.wlghmrpasn7v7wbn@suse.de> <20180424093537.GC4064@hirez.programming.kicks-ass.net> <1524563292.8691.38.camel@infradead.org> MIME-Version: 1.0 In-Reply-To: <1524563292.8691.38.camel@infradead.org> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Tue, Apr 24, 2018 at 10:48:12AM +0100, speck for David Woodhouse wrote: > On Tue, 2018-04-24 at 11:35 +0200, speck for Peter Zijlstra wrote: > > > > Another option, that is being explored, is to co-schedule siblings. > > So ensure all siblings either run vcpus of the _same_ VM or idle. > > > > Of course, this is all rather intrusive and ugly and brings with it > > setup costs as well, because you'd have to sync up on VMENTER, VMEXIT > > and interrupts (on the idle CPUs). > > I hate to suggest more microcode hacks but... if there was an MSR bit > which, when set, would pause any HT sibling that was currently in VMX > non-root mode, then we could set that up to be automatically set on > vmexit and it would automatically pause the problematic siblings. > Meaning that co-ordinating vmexits with them might actually be > feasible? Not sure I'm following. The above assumes a sibling is running a VCPU of another VM, right? But it could equally well run any regular old task (including idle). So only pausing siblings in VMX mode wouldn't help anything. The !VMX tasks could still be loading stuff into L1.