From: Sean Christopherson <seanjc@google.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Borislav Petkov <bp@kernel.org>, X86 ML <x86@kernel.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
KVM <kvm@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2 3/4] x86/bugs: KVM: Add support for SRSO_MSR_FIX
Date: Wed, 8 Jan 2025 05:38:39 -0800 [thread overview]
Message-ID: <Z35_34GTLUHJTfVQ@google.com> (raw)
In-Reply-To: <20241230111456.GBZ3KAsLTrVs77UmxL@fat_crate.local>
On Mon, Dec 30, 2024, Borislav Petkov wrote:
> On Mon, Dec 16, 2024 at 10:51:13AM -0800, Sean Christopherson wrote:
> Note the WARN_ON_ONCE bracketing. But I know you're doing this on purpose - to
> see if I'm paying attention and not taking your patch blindly :-P
LOL, yeah, totally on purpose.
> With that fixed, this approach still doesn't look sane to me: before I start
> the guest I have all SPEC_REDUCE bits correctly clear:
>
> # rdmsr -a 0xc001102e | uniq -c
> 128 420000
>
> ... start a guest, shut it down cleanly, qemu exits properly...
>
> # rdmsr -a 0xc001102e | uniq -c
...
> so SPEC_REDUCE remains set on some cores. Not good since I'm not running VMs
> anymore.
>
> # rmmod kvm_amd kvm
> # rdmsr -a 0xc001102e | uniq -c
> 128 420000
>
> that looks more like it.
The "host" value will only be restored when the CPU exits to userspace, so if
there are no userspace tasks running on those CPUs, i.e. nothing that forces them
back to userspace, then it's expected for them to have the "guest" value loaded,
even after the guest is long gone. Unloading KVM effectively forces KVM to simulate
a return to userspace and thus restore the host values.
It seems unlikely that someone would care deeply about the performance of a CPU
that is only running kernel code, but I agree it's odd and not exactly desirable.
> Also, this user-return MSR toggling does show up higher in the profile:
>
> 4.31% qemu-system-x86 [kvm] [k] 0x000000000000d23f
> 2.44% qemu-system-x86 [kernel.kallsyms] [k] read_tsc
> 1.66% qemu-system-x86 [kernel.kallsyms] [k] native_write_msr
> 1.50% qemu-system-x86 [kernel.kallsyms] [k] native_write_msr_safe
>
> vs
>
> 1.01% qemu-system-x86 [kernel.kallsyms] [k] native_write_msr
> 0.81% qemu-system-x86 [kernel.kallsyms] [k] native_write_msr_safe
>
> so it really is noticeable.
Hmm, mostly out of curiosity, what's the "workload"? And do you know what 0xd23f
corresponds to?
For most setups, exits all the way to userspace are relatively uncommon. There
are scenarios where the number of userspace exits is quite high, e.g. if the guest
is spamming its emulated serial console, but I wouldn't expect switching the MSR
on user entry/exit to be that noticeable.
> So I wanna say, let's do the below and be done with it. My expectation is that
> this won't be needed in the future anymore either so it'll be a noop on most
> machines...
Yeah, especially if this is all an improvement over the existing mitigation.
Though since it can impact non-virtualization workloads, maybe it should be a
separately selectable mitigation? I.e. not piggybacked on top of ibpb-vmexit?
next prev parent reply other threads:[~2025-01-08 13:38 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-02 12:04 [PATCH v2 0/4] x86/bugs: Adjust SRSO mitigation to new features Borislav Petkov
2024-12-02 12:04 ` [PATCH v2 1/4] x86/bugs: Add SRSO_USER_KERNEL_NO support Borislav Petkov
2024-12-10 6:53 ` Josh Poimboeuf
2024-12-10 15:37 ` Borislav Petkov
2024-12-11 7:53 ` Josh Poimboeuf
2024-12-11 20:38 ` Borislav Petkov
2024-12-11 22:35 ` Sean Christopherson
2024-12-16 17:21 ` Borislav Petkov
2024-12-30 17:02 ` [tip: x86/bugs] " tip-bot2 for Borislav Petkov (AMD)
2024-12-02 12:04 ` [PATCH v2 2/4] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace Borislav Petkov
2024-12-30 17:02 ` [tip: x86/bugs] " tip-bot2 for Borislav Petkov (AMD)
2024-12-02 12:04 ` [PATCH v2 3/4] x86/bugs: KVM: Add support for SRSO_MSR_FIX Borislav Petkov
2024-12-11 22:27 ` Sean Christopherson
2024-12-16 17:31 ` Borislav Petkov
2024-12-16 18:51 ` Sean Christopherson
2024-12-17 9:34 ` Borislav Petkov
2024-12-30 11:14 ` Borislav Petkov
2025-01-08 13:38 ` Sean Christopherson [this message]
2025-01-08 15:49 ` Borislav Petkov
2025-01-08 17:18 ` Sean Christopherson
2025-01-08 18:14 ` Borislav Petkov
2025-01-08 18:37 ` Jim Mattson
2025-01-08 19:14 ` Borislav Petkov
2025-01-08 19:43 ` Jim Mattson
2025-01-08 19:45 ` Borislav Petkov
2025-01-11 12:52 ` [PATCH] " Borislav Petkov
2025-01-17 18:56 ` Sean Christopherson
2025-01-18 15:26 ` Borislav Petkov
2025-01-23 16:25 ` Sean Christopherson
2025-01-23 17:01 ` Borislav Petkov
2025-01-23 18:04 ` Sean Christopherson
2025-01-24 12:58 ` Borislav Petkov
2025-02-11 19:19 ` Jim Mattson
2025-02-11 20:51 ` Borislav Petkov
2025-02-13 10:53 ` Patrick Bellasi
2025-02-13 13:44 ` Patrick Bellasi
2025-02-13 14:28 ` Borislav Petkov
2025-02-13 17:50 ` Patrick Bellasi
2025-02-14 20:10 ` Borislav Petkov
2025-02-15 0:57 ` Yosry Ahmed
2025-02-15 9:15 ` Borislav Petkov
2025-02-17 5:47 ` Yosry Ahmed
2025-02-17 15:26 ` Borislav Petkov
2025-02-15 12:53 ` Borislav Petkov
2025-02-17 5:59 ` Yosry Ahmed
2025-02-17 16:07 ` Borislav Petkov
2025-02-17 19:56 ` Yosry Ahmed
2025-02-17 20:20 ` Borislav Petkov
2025-02-17 20:32 ` Yosry Ahmed
2025-02-18 11:13 ` [PATCH final?] " Borislav Petkov
2025-02-18 14:42 ` Patrick Bellasi
2025-02-18 15:34 ` Borislav Petkov
2025-04-29 13:25 ` x86/bugs: KVM: Add support for SRSO_MSR_FIX, back for moar Borislav Petkov
2025-04-30 23:33 ` Sean Christopherson
2025-05-01 0:42 ` Michael Larabel
2025-05-01 8:19 ` Borislav Petkov
2025-05-01 16:56 ` Sean Christopherson
2025-05-05 15:25 ` Borislav Petkov
2025-05-05 15:40 ` Kaplan, David
2025-05-05 15:47 ` Borislav Petkov
2025-05-05 16:30 ` Sean Christopherson
2025-05-05 16:42 ` Kaplan, David
2025-05-05 18:03 ` Sean Christopherson
2025-05-05 18:25 ` Kaplan, David
2024-12-02 12:04 ` [PATCH v2 4/4] Documentation/kernel-parameters: Fix a typo in kvm.enable_virt_at_load text Borislav Petkov
2024-12-30 17:21 ` [tip: x86/cleanups] " tip-bot2 for Borislav Petkov (AMD)
2024-12-03 14:30 ` [PATCH v2 0/4] x86/bugs: Adjust SRSO mitigation to new features Nikolay Borisov
2025-02-26 14:32 ` [tip: x86/bugs] x86/bugs: KVM: Add support for SRSO_MSR_FIX tip-bot2 for Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z35_34GTLUHJTfVQ@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=bp@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).