Re: [PATCH] x86/entry/64: Disallow RDPID in paranoid entry if KVM is enabled
From: Paolo Bonzini
Date: Fri Aug 21 2020 - 04:09:14 EST
On 21/08/20 09:47, Borislav Petkov wrote:
> On Thu, Aug 20, 2020 at 07:50:50PM -0700, Sean Christopherson wrote:
>> + * Disallow RDPID if KVM is enabled as it may consume a guest's TSC_AUX
>> + * if an NMI arrives in KVM's run loop. KVM loads guest's TSC_AUX on
>> + * VM-Enter and may not restore the host's value until the CPU returns
>> + * to userspace, i.e. KVM depends on the kernel not using TSC_AUX.
>> */
> And frankly, this is really unfair. The kernel should be able to use any
> MSR. IOW, KVM needs to be fixed here. I'm sure it context-switches other
> MSRs so one more MSR is not a big deal.
The only MSR that KVM needs to context-switch manually are XSS and
SPEC_CTRL. They tend to be the same on host and guest in which case
they can be optimized away.
All the other MSRs (EFER and PAT are those that come to mind) are
handled by the microcode and thus they don't have the slowness of
RDMSR/WRMSR
One more MSR *is* a big deal: KVM's vmentry+vmexit cost is around 1000
cycles, adding 100 clock cycles for 2 WRMSRs is a 10% increase.
Paolo