From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <prvs=6795a92d0=Andrew.Cooper3@citrix.com>
Received: from smtp.ctxuk.citrix.com ([185.25.65.24] helo=SMTP.EU.CITRIX.COM)
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <prvs=6795a92d0=Andrew.Cooper3@citrix.com>)
	id 1fNHGr-0003o1-DB
	for speck@linutronix.de; Mon, 28 May 2018 14:29:06 +0200
Subject: [MODERATED] Re: L1D-Fault KVM mitigation
References: <1524563292.8691.38.camel@infradead.org>
 <20180424110445.GU4043@hirez.programming.kicks-ass.net>
 <1527068745.8186.89.camel@infradead.org>
 <20180524094526.GE12198@hirez.programming.kicks-ass.net>
 <alpine.DEB.2.21.1805241201510.1577@nanos.tec.linutronix.de>
 <alpine.DEB.2.21.1805241729520.1577@nanos.tec.linutronix.de>
 <d2029ba2-bdad-5bb9-596d-f22a9bfa5b9a@linux.intel.com>
 <alpine.DEB.2.21.1805251152400.1581@nanos.tec.linutronix.de>
 <20180526204319.GB4486@tassilo.jf.intel.com>
 <alpine.LFD.2.21.999.1805261345410.7864@i7.lan>
 <20180527182550.GC4486@tassilo.jf.intel.com>
 <alpine.LFD.2.21.999.1805271131170.18753@i7.lan>
 <a42a4c62-9d2f-b9a2-a58c-0e1aed3d5fe1@citrix.com>
 <alpine.LFD.2.21.999.1805271218550.18753@i7.lan>
 <alpine.DEB.2.21.1805272141000.1585@nanos.tec.linutronix.de>
 <3e721f93-bf15-43c4-20e5-de70153287c8@citrix.com>
 <alpine.DEB.2.21.1805280840370.1585@nanos.tec.linutronix.de>
From: Andrew Cooper <andrew.cooper3@citrix.com>
Message-ID: <4aff7d3e-31e6-ea49-e3c0-67c414e337af@citrix.com>
Date: Mon, 28 May 2018 13:26:44 +0100
MIME-Version: 1.0
In-Reply-To: <alpine.DEB.2.21.1805280840370.1585@nanos.tec.linutronix.de>
Content-Type: multipart/mixed; boundary="a008EfxLAxenIqtaicVs6A4PLYWas2f8Q"; protected-headers="v1"
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

--a008EfxLAxenIqtaicVs6A4PLYWas2f8Q
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-GB

On 28/05/2018 07:47, speck for Thomas Gleixner wrote:
> On Sun, 27 May 2018, speck for Andrew Cooper wrote:
>> On 27/05/2018 20:41, speck for Thomas Gleixner wrote:
>>
>> FWIW, my gut feeling at the moment is that the overhead of
>> synchronisation will outweigh disabling hyperthreading, but I'd like t=
o
>> be proved wrong.=C2=A0 Others in the Xen community are looking to exte=
nd
>> shadow paging to be as performant as EPT is currently (because at that=

>> point, the hypervisor control every PTE accessible to the pagewalk), a=
nd
>> again, I'd like to see this succeed, but my gut feeling is that it won=
t.
> It might be a viable solution for some of the common scenarios like mas=
s
> hosting which tends to have a lot of single vcpu guests; there the over=
head
> of shadow page tables might be less than the overhead of forcing siblin=
gs
> into idle and putting restrictions on load balancing etc. At least wort=
h to
> investigate.

Sadly, KPTI has taken what as a manageable performance difference
between shadow and EPT, and wrecked it.=C2=A0 A number of common tasks ar=
e
between 6 and 16 times slower than EPT, due to all the CR3 vmexits.

The CR3-target feature is attractive because it does let writes to CR3
happen, and can even filter on the NOFLUSH bit being set.=C2=A0 The probl=
em
is the lack of a GPA =3D> HPA translation, so a naive hypervisor which
tries to use this has its guests wandering off their shadows, and
everything explodes.

As of this morning, Juergen and I are experimenting with the hypervisor
providing the translation table to the guest, so it can write the
correctly-translated CR3 and avoid the vmexit.=C2=A0 I've also asked whet=
her
this would be feasible to do in microcode, to avoid having to make any
guest modifications.

~Andrew


--a008EfxLAxenIqtaicVs6A4PLYWas2f8Q--