From: Andrew Cooper <andrew.cooper3@citrix.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: L1D-Fault KVM mitigation
Date: Mon, 28 May 2018 13:26:44 +0100 [thread overview]
Message-ID: <4aff7d3e-31e6-ea49-e3c0-67c414e337af@citrix.com> (raw)
In-Reply-To: <alpine.DEB.2.21.1805280840370.1585@nanos.tec.linutronix.de>
[-- Attachment #1: Type: text/plain, Size: 1779 bytes --]
On 28/05/2018 07:47, speck for Thomas Gleixner wrote:
> On Sun, 27 May 2018, speck for Andrew Cooper wrote:
>> On 27/05/2018 20:41, speck for Thomas Gleixner wrote:
>>
>> FWIW, my gut feeling at the moment is that the overhead of
>> synchronisation will outweigh disabling hyperthreading, but I'd like to
>> be proved wrong. Others in the Xen community are looking to extend
>> shadow paging to be as performant as EPT is currently (because at that
>> point, the hypervisor control every PTE accessible to the pagewalk), and
>> again, I'd like to see this succeed, but my gut feeling is that it wont.
> It might be a viable solution for some of the common scenarios like mass
> hosting which tends to have a lot of single vcpu guests; there the overhead
> of shadow page tables might be less than the overhead of forcing siblings
> into idle and putting restrictions on load balancing etc. At least worth to
> investigate.
Sadly, KPTI has taken what as a manageable performance difference
between shadow and EPT, and wrecked it. A number of common tasks are
between 6 and 16 times slower than EPT, due to all the CR3 vmexits.
The CR3-target feature is attractive because it does let writes to CR3
happen, and can even filter on the NOFLUSH bit being set. The problem
is the lack of a GPA => HPA translation, so a naive hypervisor which
tries to use this has its guests wandering off their shadows, and
everything explodes.
As of this morning, Juergen and I are experimenting with the hypervisor
providing the translation table to the guest, so it can write the
correctly-translated CR3 and avoid the vmexit. I've also asked whether
this would be feasible to do in microcode, to avoid having to make any
guest modifications.
~Andrew
next prev parent reply other threads:[~2018-05-28 12:29 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-24 9:06 [MODERATED] L1D-Fault KVM mitigation Joerg Roedel
2018-04-24 9:35 ` [MODERATED] " Peter Zijlstra
2018-04-24 9:48 ` David Woodhouse
2018-04-24 11:04 ` Peter Zijlstra
2018-04-24 11:16 ` David Woodhouse
2018-04-24 15:10 ` Jon Masters
2018-05-23 9:45 ` David Woodhouse
2018-05-24 9:45 ` Peter Zijlstra
2018-05-24 14:14 ` Jon Masters
2018-05-24 15:04 ` Thomas Gleixner
2018-05-24 15:33 ` Thomas Gleixner
2018-05-24 15:38 ` [MODERATED] " Jiri Kosina
2018-05-24 17:22 ` Dave Hansen
2018-05-24 17:30 ` Linus Torvalds
2018-05-24 23:18 ` [MODERATED] Encrypted Message Tim Chen
2018-05-24 23:28 ` [MODERATED] Re: L1D-Fault KVM mitigation Linus Torvalds
2018-05-25 8:31 ` Thomas Gleixner
2018-05-28 14:43 ` [MODERATED] " Paolo Bonzini
2018-05-25 18:22 ` [MODERATED] Encrypted Message Tim Chen
2018-05-26 19:14 ` L1D-Fault KVM mitigation Thomas Gleixner
2018-05-26 20:43 ` [MODERATED] " Andi Kleen
2018-05-26 20:48 ` Linus Torvalds
2018-05-27 18:25 ` Andi Kleen
2018-05-27 18:49 ` Linus Torvalds
2018-05-27 18:57 ` Thomas Gleixner
2018-05-27 19:13 ` [MODERATED] " Andrew Cooper
2018-05-27 19:26 ` Linus Torvalds
2018-05-27 19:41 ` Thomas Gleixner
2018-05-27 22:26 ` [MODERATED] " Andrew Cooper
2018-05-28 6:47 ` Thomas Gleixner
2018-05-28 12:26 ` Andrew Cooper [this message]
2018-05-28 14:40 ` [MODERATED] " Paolo Bonzini
2018-05-28 15:56 ` Thomas Gleixner
2018-05-28 17:15 ` [MODERATED] " Paolo Bonzini
2018-05-27 15:42 ` Thomas Gleixner
2018-05-27 16:26 ` [MODERATED] " Linus Torvalds
2018-05-27 18:31 ` Andi Kleen
2018-05-29 19:29 ` [MODERATED] Encrypted Message Tim Chen
2018-05-29 21:14 ` L1D-Fault KVM mitigation Thomas Gleixner
2018-05-30 16:38 ` [MODERATED] Encrypted Message Tim Chen
2018-05-24 15:44 ` [MODERATED] Re: L1D-Fault KVM mitigation Andi Kleen
2018-05-24 15:38 ` Linus Torvalds
2018-05-24 15:59 ` David Woodhouse
2018-05-24 16:35 ` Linus Torvalds
2018-05-24 16:51 ` David Woodhouse
2018-05-24 16:57 ` Linus Torvalds
2018-05-25 11:29 ` David Woodhouse
2018-04-24 10:30 ` [MODERATED] Re: ***UNCHECKED*** " Joerg Roedel
2018-04-24 11:09 ` Thomas Gleixner
2018-04-24 16:06 ` [MODERATED] " Andi Kleen
2018-04-24 12:53 ` Paolo Bonzini
2018-05-03 16:20 ` Konrad Rzeszutek Wilk
2018-05-07 17:11 ` Paolo Bonzini
2018-05-16 8:51 ` Jiri Kosina
2018-05-16 8:53 ` Paolo Bonzini
2018-05-21 10:06 ` David Woodhouse
2018-05-21 13:40 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4aff7d3e-31e6-ea49-e3c0-67c414e337af@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.