From: Luiz Capitulino <luizcap@amazon.com>
To: <stable@vger.kernel.org>, <seanjc@google.com>,
<christophe.jaillet@wanadoo.fr>
Cc: <lcapitulino@gmail.com>, Luiz Capitulino <luizcap@amazon.com>
Subject: [PATH 6.1.y 0/2] Backport KVM's nx_huge_pages=never module parameter
Date: Fri, 1 Sep 2023 18:34:51 +0000 [thread overview]
Message-ID: <cover.1693593288.git.luizcap@amazon.com> (raw)
Hi,
As part of the mitigation for the iTLB multihit vulnerability, KVM creates
a worker thread in KVM_CREATE_VM ioctl(). This thread calls
cgroup_attach_task_all() which takes cgroup_threadgroup_rwsem for writing
which may incur 100ms+ latency since upstream commit
6a010a49b63ac8465851a79185d8deff966f8e1a.
However, if the CPU is not vulnerable to iTLB multihit one could just
disable the mitigation (and the worker thread creation) with the
newly added KVM module parameter nx_huge_pages=never. This avoids the issue
altogether.
While there's an alternative solution for this issue already supported
in 6.1-stable (ie. cgroup's favordynmods), disabling the mitigation in
KVM is probably preferable if the workload is not impacted by dynamic
cgroup operations since one doesn't need to decide between the trade-off
in using favordynmods, the thread creation code path is avoided at
KVM_CREATE_VM and you avoid creating a thread which does nothing.
Tests performed:
* Measured KVM_CREATE_VM latency and confirmed it goes down to less than 1ms
* We've been performing latency measurements internally w/ this parameter
for some weeks now
Christophe JAILLET (1):
KVM: x86/mmu: Use kstrtobool() instead of strtobool()
Sean Christopherson (1):
KVM: x86/mmu: Add "never" option to allow sticky disabling of
nx_huge_pages
arch/x86/kvm/mmu/mmu.c | 42 +++++++++++++++++++++++++++++++++++++-----
1 file changed, 37 insertions(+), 5 deletions(-)
--
2.40.1
next reply other threads:[~2023-09-01 18:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-01 18:34 Luiz Capitulino [this message]
2023-09-01 18:34 ` [PATH 6.1.y 1/2] KVM: x86/mmu: Use kstrtobool() instead of strtobool() Luiz Capitulino
2023-09-06 0:01 ` Sean Christopherson
2023-09-01 18:34 ` [PATH 6.1.y 2/2] KVM: x86/mmu: Add "never" option to allow sticky disabling of nx_huge_pages Luiz Capitulino
2023-09-06 0:02 ` Sean Christopherson
2023-09-02 7:27 ` [PATH 6.1.y 0/2] Backport KVM's nx_huge_pages=never module parameter Greg KH
2023-09-03 17:28 ` Luiz Capitulino
2023-09-07 11:25 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1693593288.git.luizcap@amazon.com \
--to=luizcap@amazon.com \
--cc=christophe.jaillet@wanadoo.fr \
--cc=lcapitulino@gmail.com \
--cc=seanjc@google.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).