Hi again,
updating the table after Yves-Alexis' comment on PCID. Rerunning the test
with -cpu=Haswell to enable PCID gave me much better numbers :
On Sun, Jan 07, 2018 at 11:18:56AM +0100, Willy Tarreau wrote:
> Hi,
>
> I managed to take a bit of time to run some more tests on PTI both
> native and hosted in KVM, on stable versions built with
> CONFIG_PAGE_TABLE_ISOLATION=y. Here it's 4.9.75, used both on the
> host and the VM. I could compare pti=on/off both in the host and the
> VM. A single CPU was exposed in the VM.
>
> It was running on my laptop (core i7 3320M at 2.6 GHz, 3.3 GHz single
> core turbo).
>
> The test was run on haproxy's ability to forward connections. The
> results are below :
>
> Host | Guest | conn/s | ratio_to_host | ratio_to_VM | Notes
> ---------+---------+---------+---------------+--------------+----------------
> pti=off | - | 27400 | 100.0% | - | host reference
> pti=off | pti=off | 24200 | 88.3% | 100.0% | VM reference
> pti=off | pti=on | 13300 | 48.5% | 55.0% |
> pti=on | - | 23800 | 86.9% | - | protected host
> pti=on | pti=off | 23100 | 84.3% | 95.5% |
> pti=on | pti=on | 13300 | 48.5% | 55.0% |
New run :
Host | Guest | conn/s | ratio | Notes
---------+---------+---------+--------+----------------
pti=off | pti=off | 23100 | 100.0% | VM reference without PTI
pti=off | pti=on | 19700 | 85.2% | VM with PTI and PCID
pti=off | pti=on | 12700 | 55.0% | VM with PTI without PCID
So the performance cut in half was indeed caused by the lack of PCID
here. With it the impact is much less, though still important.
Willy