From: Sean Christopherson <seanjc@google.com>
To: Mathias Krause <minipli@grsecurity.net>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v3 2/6] KVM: VMX: Avoid retpoline call for control register caused exits
Date: Wed, 15 Mar 2023 14:38:33 -0700 [thread overview]
Message-ID: <ZBI62RUnMB3ppRqO@google.com> (raw)
In-Reply-To: <20230201194604.11135-3-minipli@grsecurity.net>
On Wed, Feb 01, 2023, Mathias Krause wrote:
> Complement commit 4289d2728664 ("KVM: retpolines: x86: eliminate
> retpoline from vmx.c exit handlers") and avoid a retpoline call for
> control register accesses as well.
>
> This speeds up guests that make heavy use of it, like grsecurity
> kernels toggling CR0.WP to implement kernel W^X.
I would rather drop this patch for VMX and instead unconditionally make CR0.WP
guest owned when TDP (EPT) is enabled, i.e. drop the module param from patch 6.
> Signed-off-by: Mathias Krause <minipli@grsecurity.net>
> ---
>
> Meanwhile I got my hands on a AMD system and while doing a similar change
> for SVM gives a small measurable win (1.1% faster for grsecurity guests),
Mostly out of curiosity...
Is the 1.1% roughly aligned with the gains for VMX? If VMX sees a significantly
larger improvement, any idea why SVM doesn't benefit as much? E.g. did you double
check that the kernel was actually using RETPOLINE?
> it would provide nothing for other guests, as the change I was testing was
> specifically targeting CR0 caused exits.
>
> A more general approach would instead cover CR3 and, maybe, CR4 as well.
> However, that would require a lot more exit code compares, likely
> vanishing the gains in the general case. So this tweak is VMX only.
I don't think targeting on CR0 exits is a reason to not do this for SVM. With
NPT enabled, CR3 isn't intercepted, and CR4 exits should be very rare. If the
performance benefits are marginal (I don't have a good frame of reference for the
1.1%), then _that's_ a good reason to leave SVM alone. But not giving CR3 and CR4
priority is a non-issue.
> arch/x86/kvm/vmx/vmx.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index c788aa382611..c8198c8a9b55 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -6538,6 +6538,8 @@ static int __vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath)
> return handle_external_interrupt(vcpu);
> else if (exit_reason.basic == EXIT_REASON_HLT)
> return kvm_emulate_halt(vcpu);
> + else if (exit_reason.basic == EXIT_REASON_CR_ACCESS)
> + return handle_cr(vcpu);
> else if (exit_reason.basic == EXIT_REASON_EPT_MISCONFIG)
> return handle_ept_misconfig(vcpu);
> #endif
> --
> 2.39.1
>
next prev parent reply other threads:[~2023-03-15 21:38 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-01 19:45 [PATCH v3 0/6] KVM: MMU: performance tweaks for heavy CR0.WP users Mathias Krause
2023-02-01 19:45 ` [PATCH v3 1/6] KVM: x86/mmu: Avoid indirect call for get_cr3 Mathias Krause
2023-02-01 19:46 ` [PATCH v3 2/6] KVM: VMX: Avoid retpoline call for control register caused exits Mathias Krause
2023-03-15 21:38 ` Sean Christopherson [this message]
2023-03-20 20:43 ` Mathias Krause
2023-02-01 19:46 ` [PATCH v3 3/6] KVM: x86: Do not unload MMU roots when only toggling CR0.WP Mathias Krause
2023-02-07 13:36 ` Zhi Wang
2023-02-08 9:52 ` Mathias Krause
2023-03-15 21:22 ` Sean Christopherson
2023-03-15 22:11 ` Sean Christopherson
2023-03-20 21:13 ` Mathias Krause
2023-02-01 19:46 ` [PATCH v3 4/6] KVM: x86: Make use of kvm_read_cr*_bits() when testing bits Mathias Krause
2023-02-07 13:05 ` Zhi Wang
2023-02-08 9:11 ` Mathias Krause
2023-02-14 11:08 ` Zhi Wang
2023-03-15 22:18 ` Sean Christopherson
2023-03-20 21:34 ` Mathias Krause
2023-03-21 15:57 ` Sean Christopherson
2023-02-01 19:46 ` [PATCH v3 5/6] KVM: x86/mmu: Fix comment typo Mathias Krause
2023-02-01 19:46 ` [PATCH v3 6/6] KVM: VMX: Make CR0.WP a guest owned bit Mathias Krause
2023-03-15 22:30 ` Sean Christopherson
2023-03-20 21:31 ` Mathias Krause
2023-03-06 6:34 ` [PATCH v3 0/6] KVM: MMU: performance tweaks for heavy CR0.WP users Mathias Krause
2023-03-06 18:07 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZBI62RUnMB3ppRqO@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=minipli@grsecurity.net \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.