lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Mar 2024 11:59:30 -0400
From: mlevitsk@...hat.com
To: Jim Mattson <jmattson@...gle.com>
Cc: kvm@...r.kernel.org, Will Deacon <will@...nel.org>, Borislav Petkov
 <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, Suravee
 Suthikulpanit <suravee.suthikulpanit@....com>, Thomas Gleixner
 <tglx@...utronix.de>, Paolo Bonzini <pbonzini@...hat.com>, x86@...nel.org,
 Robin Murphy <robin.murphy@....com>,  iommu@...ts.linux.dev, Ingo Molnar
 <mingo@...hat.com>, Joerg Roedel <joro@...tes.org>, Sean Christopherson
 <seanjc@...gle.com>, "H. Peter Anvin" <hpa@...or.com>,
 linux-kernel@...r.kernel.org, David Rientjes <rientjes@...gle.com>
Subject: Re: [PATCH 0/5] AVIC bugfixes and workarounds

On Mon, 2024-03-25 at 20:15 -0700, Jim Mattson wrote:
> > On Thu, Sep 28, 2023 at 8:05 AM Maxim Levitsky <mlevitsk@...hatcom> wrote:
> > > > 
> > > > Hi!
> > > > 
> > > > This patch series includes several fixes to AVIC I found while working
> > > > on a new version of nested AVIC code.
> > > > 
> > > > Also while developing it I realized that a very simple workaround for
> > > > AVIC's errata #1235 exists and included it in this patch series as well.
> > > > 
> > > > Best regards,
> > > >         Maxim Levitsky
> > 
> > Can someone explain why we're still unwilling to enable AVIC by
> > default? Have the performance issues that plagued the Rome
> > implementation been fixed? What is AMD's guidance?
> > 
Hi

This is what I know:

Zen1:
	I never tested it, so I don't know how well AVIC works there and if it has any erratas.

Zen2:
	Has CPU errata in regard to IPI virtualization that makes it unusable in production,
 	but if AVIC's IPI virtualization (borrowing the Intel term here) is disabled,
	then it works just fine and 1:1 equivalent to APICv without IPI.

	I posted patches for this several times, latest version is here, it still applies I think:
	https://lkml.iu.edu/hypermail/linux/kernel/2310.0/00790.html

Zen3:
	For some reason AVIC got disabled by AMD in CPUID. It is still there though and force_avic=1 kvm_amd option
	can make KVM use it and AFAIK it works just fine.

	It is possible that it got disabled due to Zen2 errata that is fixed on Zen3,
	but maybe AMD wasn't sure back then that it will be fixed or it might be due to performance issues with broadcast
	IPIs which I think ended up being a software issue and was fixed a long time ago.

Zen4+
	I haven't tested it much, but AFAIK it should work out of the box. It also got x2avic mode which allows
	to use AVIC with VMs that have more that 254 vCPUs.

IMHO if we merge the workaround I have for IPI virtualization and make IPI virtualization off for Zen2
(and maybe Zen1 as well), then I don't see why we can't make AVIC be the default on.

Best regards,
	Maxim Levitsky

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ