lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190920212509.2578-1-aarcange@redhat.com>
Date:   Fri, 20 Sep 2019 17:24:52 -0400
From:   Andrea Arcangeli <aarcange@...hat.com>
To:     Paolo Bonzini <pbonzini@...hat.com>
Cc:     Vitaly Kuznetsov <vkuznets@...hat.com>,
        "Dr. David Alan Gilbert" <dgilbert@...hat.com>,
        Marcelo Tosatti <mtosatti@...hat.com>,
        Peter Xu <peterx@...hat.com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH 00/17] KVM monolithic v1

Hello,

This patchset micro optimizes the vmexit to increase performance by
dropping the kvm.ko kernel module.

All common KVM code gets linked twice into kvm-intel and kvm-amd with
the only cons of using more disk space, but the pros of CPU (and RAM)
runtime benefits.

This improves the vmexit performance by two digits percent on
microbenchmarks with the spectre_v2 default mitigation on both VMX and
SVM. With spectre_v2=off or with CPUs with IBRS_ALL in
ARCH_CAPABILITIES this still improve performance but it's more of the
order of 1%.

We'll still have to deal with CPUs without IBRS_ALL for a decade and
reducing the vmexit latency is important to pass certain benchmarks
with workloads that happen to trigger frequent vmexits without having
to set spectre_v2=off in the host (which at least in theory would make
the host kernel vulnerable from a spectre v2 attack from the guest,
even through hyperthreading).

The first patch 1/17 should be splitted off from this series and it's
intended to be merged separately, it's included here only to avoid any
possible erroneous measurement if using kexec for testing, in turn if
using kexec it's recommended to include it in the baseline
measurements too.

A git clonable branch for quick testing is available here:

  https://git.kernel.org/pub/scm/linux/kernel/git/andrea/aa.git/log/?h=kvm-mono1

Thanks,
Andrea

Andrea Arcangeli (17):
  x86: spec_ctrl: fix SPEC_CTRL initialization after kexec
  KVM: monolithic: x86: convert the kvm_x86_ops methods to external
    functions
  KVM: monolithic: x86: handle the request_immediate_exit variation
  KVM: monolithic: x86: convert the kvm_pmu_ops methods to external
    functions
  KVM: monolithic: x86: enable the kvm_x86_ops external functions
  KVM: monolithic: x86: enable the kvm_pmu_ops external functions
  KVM: monolithic: x86: adjust the section prefixes
  KVM: monolithic: adjust the section prefixes in the KVM common code
  KVM: monolithic: x86: remove kvm.ko
  KVM: monolithic: x86: use the external functions instead of
    kvm_x86_ops
  KVM: monolithic: x86: remove exports
  KVM: monolithic: remove exports from KVM common code
  KVM: monolithic: x86: drop the kvm_pmu_ops structure
  KVM: monolithic: x86: inline more exit handlers in vmx.c
  KVM: retpolines: x86: eliminate retpoline from vmx.c exit handlers
  KVM: retpolines: x86: eliminate retpoline from svm.c exit handlers
  x86: retpolines: eliminate retpoline from msr event handlers

 arch/x86/events/intel/core.c     |  11 +
 arch/x86/include/asm/kvm_host.h  |  15 +-
 arch/x86/include/asm/kvm_ops.h   | 166 ++++++++
 arch/x86/include/asm/msr-index.h |   2 +
 arch/x86/kernel/cpu/bugs.c       |  20 +-
 arch/x86/kvm/Makefile            |   5 +-
 arch/x86/kvm/cpuid.c             |  27 +-
 arch/x86/kvm/hyperv.c            |   8 +-
 arch/x86/kvm/irq.c               |   4 -
 arch/x86/kvm/irq_comm.c          |   2 -
 arch/x86/kvm/kvm_cache_regs.h    |  10 +-
 arch/x86/kvm/lapic.c             |  44 +-
 arch/x86/kvm/mmu.c               |  50 +--
 arch/x86/kvm/mmu.h               |   4 +-
 arch/x86/kvm/mtrr.c              |   2 -
 arch/x86/kvm/pmu.c               |  27 +-
 arch/x86/kvm/pmu.h               |  21 +-
 arch/x86/kvm/pmu_amd.c           |  15 +-
 arch/x86/kvm/pmu_amd_ops.c       |  68 ++++
 arch/x86/kvm/pmu_ops.h           |  22 +
 arch/x86/kvm/svm.c               |  19 +-
 arch/x86/kvm/svm_ops.c           | 672 ++++++++++++++++++++++++++++++
 arch/x86/kvm/trace.h             |   4 +-
 arch/x86/kvm/vmx/pmu_intel.c     |  17 +-
 arch/x86/kvm/vmx/pmu_intel_ops.c |  68 ++++
 arch/x86/kvm/vmx/vmx.c           |  36 +-
 arch/x86/kvm/vmx/vmx_ops.c       | 675 +++++++++++++++++++++++++++++++
 arch/x86/kvm/x86.c               | 409 +++++++------------
 arch/x86/kvm/x86.h               |   2 +-
 virt/kvm/eventfd.c               |   1 -
 virt/kvm/kvm_main.c              |  71 +---
 31 files changed, 1982 insertions(+), 515 deletions(-)
 create mode 100644 arch/x86/include/asm/kvm_ops.h
 create mode 100644 arch/x86/kvm/pmu_amd_ops.c
 create mode 100644 arch/x86/kvm/pmu_ops.h
 create mode 100644 arch/x86/kvm/svm_ops.c
 create mode 100644 arch/x86/kvm/vmx/pmu_intel_ops.c
 create mode 100644 arch/x86/kvm/vmx/vmx_ops.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ