Received: by 10.223.176.5 with SMTP id f5csp3153385wra; Mon, 29 Jan 2018 09:33:06 -0800 (PST) X-Google-Smtp-Source: AH8x227NrD7FWIttxdl6bTMFIxR26z1OB+5Ga8aJVcaqqSYIIvmTGpl2ppiAdr1ByIsf6HUyPRF7 X-Received: by 10.99.95.3 with SMTP id t3mr21230581pgb.302.1517247186440; Mon, 29 Jan 2018 09:33:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517247186; cv=none; d=google.com; s=arc-20160816; b=ob+w+Uj5Ro5HhTbf4Sq6zu6cU1pCTdf018bT9aO8a8k3JkzAhjALgjHMNzDfS0KQTL gKQJCLjYgS3I9uZIeZmN1H1II0qaheaU7UhQ/D0H8BQNb/yRC3uVZaakkD7h6720u8E/ wf2zOk2LPQ5kFP6VdjVbn8hls50xBHQMQ92pB4BvqdNl1uIGBgNKSJLbpqF24+sFy5t1 FLiBU53fgJSL0hPt45IhEKgaNIyEy4VqyxyJWjz/A69NJTLSeQVomcz2mqXeQW6MEotK Gh+nJKU3JkGAYDvZD1TeK3UoqNoF5QhB5OfnucQ7NnAU0/9xVnrtkfdX3EK77dibDQCx zgeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=La+lvwd1Sxfif2LZmwrKHC6OmPrUknyMz+2plu+6eBA=; b=xhtQowrRgqmABLEBh/JcZ8q0ZmjWhQCAue04t2i8nfxMXU7s9weSOysdkqWkFRs8DE n872NMnak9dlpQ/1lFfdgYH0Rg3W1mVwLA1NrDc7CQyXGIIDrMDBCgp2BxQdZJQ4qsgo NIHEyfv4n9P7cShQ6zAavj86YXOkKYtoAE1W76RJat3/JKnAUEjbY5uImYEspLa253Vj egESeLS89ISwDqKssjAREI5p++XAyBxArvRwewxYo6/5RVTDlyYNBXyHrla2UIstkQqq WQBnvcZoYdNdgSi7c5BWC8JcNhMfG0sODN+SGV0t7OyBlx9sHSDLEwSaBFXyje+oCIOi yX5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=r1mr2kc1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y8-v6si10045068pli.708.2018.01.29.09.32.51; Mon, 29 Jan 2018 09:33:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2017-10-26 header.b=r1mr2kc1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751764AbeA2Rbr (ORCPT + 99 others); Mon, 29 Jan 2018 12:31:47 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:56468 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751739AbeA2Rbo (ORCPT ); Mon, 29 Jan 2018 12:31:44 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w0THRVJA164328; Mon, 29 Jan 2018 17:31:16 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=corp-2017-10-26; bh=La+lvwd1Sxfif2LZmwrKHC6OmPrUknyMz+2plu+6eBA=; b=r1mr2kc1W3x9m78LHb4i9Q4gm5hEvwilNgZY2JH2oxkDGniKDnmFbVHg2J1ucNNO83UR 6NS+JSUkX5UPZ57uKjeoTX29RYmgjTB17X1ERRxYCO/sMiNdjgPz3fIn41USUiHu5IkA yg8g4nqu8vubyO52QBQDZjVKTZpJzRO2UFbn6oZPCbTLPBwixlqbM921NRQozSVI1Cm4 2/w7Sahk0dUHdYNTbKj6O5ACWBaClFaIPmUEfk3U7C1+eDA464afJ1QLvhrMc6X3+54X S+e4R3Mk1qOiusoC8WjihXNbxhgQ8kiSto+kOgp+FYEXiwdIIO9ZFikxmsczMGJLDkvG +Q== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp2120.oracle.com with ESMTP id 2ft7ft0cdr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 29 Jan 2018 17:31:16 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w0THVGYI004492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Mon, 29 Jan 2018 17:31:16 GMT Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w0THVGpI031410; Mon, 29 Jan 2018 17:31:16 GMT Received: from char.us.oracle.com (/10.137.176.158) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 29 Jan 2018 09:31:15 -0800 Received: by char.us.oracle.com (Postfix, from userid 1000) id 01F2B6A0A22; Mon, 29 Jan 2018 12:31:13 -0500 (EST) Date: Mon, 29 Jan 2018 12:31:13 -0500 From: Konrad Rzeszutek Wilk To: David Woodhouse , daniel.kiper@oracle.com, Mihai Carabas Cc: Liran Alon , luto@kernel.org, tglx@linutronix.de, torvalds@linux-foundation.org, gregkh@linuxfoundation.org, asit.k.mallick@intel.com, dave.hansen@intel.com, karahmed@amazon.de, jun.nakajima@intel.com, dan.j.williams@intel.com, ashok.raj@intel.com, daniel.kiper@oracle.com, arjan.van.de.ven@intel.com, tim.c.chen@linux.intel.com, pbonzini@redhat.com, linux-kernel@vger.kernel.org, ak@linux.intel.com, kvm@vger.kernel.org, aarcange@redhat.com Subject: Re: [PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL Message-ID: <20180129173113.GO22045@char.us.oracle.com> References: <6b9a1ec2-5ebd-4624-a825-3f31db5cefb5@default> <1517215563.6624.118.camel@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1517215563.6624.118.camel@infradead.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8789 signatures=668655 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=949 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801290226 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 29, 2018 at 08:46:03AM +0000, David Woodhouse wrote: > On Sun, 2018-01-28 at 16:39 -0800, Liran Alon wrote: > > > > Windows use IBRS and Microsoft don't have any plans to switch to retpoline. > > Running a Windows guest should be a pretty common use-case no? > > > > In addition, your handle of the first WRMSR intercept could be different. > > It could signal you to start doing the following: > > 1. Disable intercept on SPEC_CTRL MSR. > > 2. On VMEntry, Write vCPU SPEC_CTRL value into physical MSR. > > 3. On VMExit, read physical MSR into vCPU SPEC_CTRL value. > > (And if IBRS is used at host, also set physical SPEC_CTRL MSR here to 1) > > > > That way, you will both have fastest option as long as guest don't use IBRS > > and also won't have the 3% performance hit compared to Konrad's proposal. > > > > Am I missing something? > > Reads from the SPEC_CTRL MSR are strangely slow. I suspect a large part > of the 3% speedup you observe is because in the above, the vmentry path > doesn't need to *read* the host's value and store it; the host is > expected to restore it for itself anyway? Yes for at least the purpose of correctness. That is based on what I have heard is that you when you transition to a higher ring you have to write 1, then write zero when you transition back to lower rings. That is it is like a knob. But then I heard that on some CPUs it is more like reset button and just writting 1 to IBRS is fine. But again, correctness here. > > I'd actually quite like to repeat the benchmark on the new fixed > microcode, if anyone has it yet, to see if that read/swap slowness is > still quite as excessive. I'm certainly not ruling this out, but I'm > just a little wary of premature optimisation, and I'd like to make sure > we have everything *else* in the KVM patches right first. > > The fact that the save-and-restrict macros I have in the tip of my > working tree at the moment are horrid and causing 0-day nastygrams, > probably doesn't help persuade me to favour the approach ;) > > ... hm, the CPU actually has separate MSR save/restore lists for > entry/exit, doesn't it? Is there any way to sanely make use of that and > do the restoration manually on vmentry but let it be automatic on > vmexit, by having it *only* in the guest's MSR-store area to be saved > on exit and restored on exit, but *not* in the host's MSR-store area? Oh. That sounds sounds interesting > > Reading the code and comparing with the SDM, I can't see where we're > ever setting VM_EXIT_MSR_STORE_{ADDR,COUNT} except in the nested > case... Right. We (well Daniel Kiper, CC-ed) implemented it for this and that is where we got the numbers. Daniel, you OK posting it here? Granted with the caveats thta it won't even compile against upstream as it was based on a distro kernel.