On 19/02/2018 11:50, David Woodhouse wrote:
> Cope with this by trapping and emulating *all* access to SPEC_CTRL from
> KVM guests when the IBRS_ALL feature is present, so it can never be
> turned off. Guests who see IBRS_ALL should never do anything except
> turn it on at boot anyway. And if they didn't know about IBRS_ALL and
> they keep frobbing IBRS on every kernel entry/exit... well the vmexit
> for a no-op is probably going to be faster than they were expecting
> anyway, so they'll live.
The problem is, it isn't. On a Haswell (which has fairly slow
SPEC_CTRL) toggling IBRS is 200 cycles. This gives a context switch
time of around 2000 clock cycles with PTI enabled.
This is fairly awful, but with a vmexit cost of ~1100 cycles that goes
up to 2000+(1100-200)*2 = 3800. That's more or less doubling the cost
of a system call.
With newer machines SPEC_CTRL cost goes down but vmexit cost doesn't, so
it's only worse.
For now, we really should do something like
if (vmx->spec_ctrl != host_spec_ctrl)
wrmsrl(MSR_IA32_SPEC_CTRL, host_spec_ctrl);
else
lfence();
which later can become
if (vmx->spec_ctrl != host_spec_ctrl)
wrmsrl(MSR_IA32_SPEC_CTRL, host_spec_ctrl);
else {
/* lfence not needed if host_spec_ctrl == 0 */
if (static_cpu_has(BUG_REALLY_WANTS_IBRS))
nospec_barrier();
}
Paolo
