lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 22 May 2023 21:47:31 -0700
From:   Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>
To:     Sean Christopherson <seanjc@...gle.com>
Cc:     Xiaoyao Li <xiaoyao.li@...el.com>, Chao Gao <chao.gao@...el.com>,
        kvm@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        "H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
        Jim Mattson <jmattson@...gle.com>,
        antonio.gomez.iglesias@...ux.intel.com,
        Daniel Sneddon <daniel.sneddon@...ux.intel.com>,
        asit.k.mallick@...el.com
Subject: Re: [PATCH] KVM: x86: Track supported ARCH_CAPABILITIES in kvm_caps

On Mon, May 22, 2023 at 01:54:55PM -0700, Pawan Gupta wrote:
> On Mon, May 22, 2023 at 10:43:49AM -0700, Sean Christopherson wrote:
> > On Fri, May 19, 2023, Pawan Gupta wrote:
> > > On Thu, May 18, 2023 at 10:33:15AM -0700, Sean Christopherson wrote:
> > > > I made the mistake of digging into why KVM doesn't advertise ARCH_CAP_FB_CLEAR_CTRL...
> > > > 
> > > >   1. I see *nothing* in commit 027bbb884be0 ("KVM: x86/speculation: Disable Fill
> > > >      buffer clear within guests") that justifies 1x RDMSR and 2x WRMSR on every
> > > >      entry+exit.
> > > 
> > > Unnecessary VERWs in guest will have much higher impact than due to MSR
> > > read/write at vmentry/exit.
> > 
> > Can you provide numbers for something closeish to a real world workload?
> 
> I am collecting the numbers, will update here soon.

Looks like avoiding VERW flush behavior in guest results in 2-5%
improvement in performance.

Pybench and CPU bound sysbench test shows minor improvement when
avoiding reading/writing MSR_MCU_OPT_CTRL at VMentry/VMexit.

Baseline : v6.4-rc3
Target   : v6.4-rc3 + No read/write to MSR_MCU_OPT_CTRL at VMentry/VMexit

| Test      | Configuration | Relative |
| --------- | ------------- | -------- |
| nginx     | 200           | 0.977    |
| hackbench | 8 - Process   | 0.975    |
| sysbench  | RAM / Memory  | 0.946    |
| sysbench  | CPU           | 1.002    |
| pybench   | T.F.A.T.T     | 1.007    |

Host configuration (Icelake server):
  CPU family:                      6
  Model:                           106
  Stepping:                        6
  Vulnerability Itlb multihit:     Not affected
  Vulnerability L1tf:              Not affected
  Vulnerability Mds:               Not affected
  Vulnerability Meltdown:          Not affected
  Vulnerability Mmio stale data:   Mitigation; Clear CPU buffers; SMT vulnerable
  Vulnerability Retbleed:          Not affected
  Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl
  Vulnerability Spectre v1:        Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Vulnerability Spectre v2:        Vulnerable: eIBRS with unprivileged eBPF
  Vulnerability Srbds:             Not affected
  Vulnerability Tsx async abort:   Not affected


Guest configuration (Skylake Client):
  CPU family:			  6
  Model:			  94
  Stepping:			  3
  Vulnerabilities:
    Itlb multihit:         KVM: Mitigation: VMX unsupported
    L1tf:                  Mitigation; PTE Inversion
    Mds:                   Vulnerable: Clear CPU buffers attempted, no microcode;
                           SMT Host state unknown
    Meltdown:              Mitigation; PTI
    Mmio stale data:       Vulnerable: Clear CPU buffers attempted, no microcode;
                           SMT Host state unknown
    Retbleed:              Vulnerable
    Spec store bypass:     Vulnerable
    Spectre v1:            Mitigation; usercopy/swapgs barriers and __user pointer
                            sanitization
    Spectre v2:            Mitigation; Retpolines, STIBP disabled, RSB filling, PB
                           RSB-eIBRS Not affected
    Srbds:                 Unknown: Dependent on hypervisor status
    Tsx async abort:       Vulnerable: Clear CPU buffers attempted, no microcode;
                           SMT Host state unknown

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ