Hi again,
updating the table after Yves-Alexis' comment on PCID. Rerunning the test with -cpu=Haswell to enable PCID gave me much better numbers :
On Sun, Jan 07, 2018 at 11:18:56AM +0100, Willy Tarreau wrote:
Hi,
I managed to take a bit of time to run some more tests on PTI both native and hosted in KVM, on stable versions built with CONFIG_PAGE_TABLE_ISOLATION=y. Here it's 4.9.75, used both on the host and the VM. I could compare pti=on/off both in the host and the VM. A single CPU was exposed in the VM.
It was running on my laptop (core i7 3320M at 2.6 GHz, 3.3 GHz single core turbo).
The test was run on haproxy's ability to forward connections. The results are below :
Host | Guest | conn/s | ratio_to_host | ratio_to_VM | Notes ---------+---------+---------+---------------+--------------+---------------- pti=off | - | 27400 | 100.0% | - | host reference pti=off | pti=off | 24200 | 88.3% | 100.0% | VM reference pti=off | pti=on | 13300 | 48.5% | 55.0% | pti=on | - | 23800 | 86.9% | - | protected host pti=on | pti=off | 23100 | 84.3% | 95.5% | pti=on | pti=on | 13300 | 48.5% | 55.0% |
New run :
Host | Guest | conn/s | ratio | Notes ---------+---------+---------+--------+---------------- pti=off | pti=off | 23100 | 100.0% | VM reference without PTI pti=off | pti=on | 19700 | 85.2% | VM with PTI and PCID pti=off | pti=on | 12700 | 55.0% | VM with PTI without PCID
So the performance cut in half was indeed caused by the lack of PCID here. With it the impact is much less, though still important.
Willy