On 24/10/19 23:00, speck for Luck, Tony wrote:
> On Thu, Oct 24, 2019 at 10:53:16PM +0200, speck for Paolo Bonzini wrote:
>> On the other hand, removing bits from CPUID or MSRs can cause issues
>> even if TSX is not enabled in VMs.  Since most VMs won't have MDS_NO
>> set, I think we should drop this patch for now.  After the embargo lifts
>> we can add code to pass TSX_CTRL to the VM just like we do for
>> SPEC_CTRL, including disabling TSX on vmentry/vmexit depending on guest
>> CPUID.
> 
> TSX_CTRL is a slow MSR ... so if you do go this path you may also
> want some heuristic to avoid switching a thread between guests that
> have different settings for TSX.

How slow is it?  Since the kernel doesn't use TSX, we could delay the
restore of the host's TSX_CTRL value till return to userspace and avoid
paying the price on each and every vmexits.  But if the host is
overcommitted, there isn't really an alternative to writing it on
context switch.

The host can still disable TSX if they don't want it in any guest, then
there will be no slow down.

Paolo