From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: =?utf-8?q?=3CBATV+bf513442a924d3f3946d+5357+infradead=2Eorg+d?= =?utf-8?q?wmw2=40twosheds=2Esrs=2Einfradead=2Eorg=3E?= Received: from twosheds.infradead.org ([2001:8b0:10b:1:21d:7dff:fe04:dbe2]) by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from =?utf-8?q?=3CBATV+bf513442a924d3f3946d+5357+infradea?= =?utf-8?q?d=2Eorg+dwmw2=40twosheds=2Esrs=2Einfradead=2Eorg=3E=29?= id 1fAuYd-0002rH-8D for speck@linutronix.de; Tue, 24 Apr 2018 11:48:20 +0200 Received: from [2001:8b0:10b:1::b8f] by twosheds.infradead.org with esmtpsa (Exim 4.90_1 #2 (Red Hat Linux)) id 1fAuYb-0005Zy-Aj for speck@linutronix.de; Tue, 24 Apr 2018 09:48:17 +0000 Message-ID: <1524563292.8691.38.camel@infradead.org> Subject: [MODERATED] Re: L1D-Fault KVM mitigation From: David Woodhouse In-Reply-To: <20180424093537.GC4064@hirez.programming.kicks-ass.net> References: <20180424090630.wlghmrpasn7v7wbn@suse.de> <20180424093537.GC4064@hirez.programming.kicks-ass.net> Date: Tue, 24 Apr 2018 10:48:12 +0100 Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Tue, 2018-04-24 at 11:35 +0200, speck for Peter Zijlstra wrote: > > Another option, that is being explored, is to co-schedule siblings. > So ensure all siblings either run vcpus of the _same_ VM or idle. > > Of course, this is all rather intrusive and ugly and brings with it > setup costs as well, because you'd have to sync up on VMENTER, VMEXIT > and interrupts (on the idle CPUs). I hate to suggest more microcode hacks but... if there was an MSR bit which, when set, would pause any HT sibling that was currently in VMX non-root mode, then we could set that up to be automatically set on vmexit and it would automatically pause the problematic siblings. Meaning that co-ordinating vmexits with them might actually be feasible? The precise definition of 'pause' in the above could survive some bikeshedding, but basically it shouldn't run any more guest instructions, but it *should* be allowed to vmexit on interrupts, etc.