A patch series is baking for likely upstreaming in the Linux v6.17 kernel cycle later in the year to optimize AMD CPU cache flushing when making use of Secure Encrypted Virtualization (SEV) with KVM.
An updated patch series was posted last week to optimize AMD EPYC CPU cache flushing when making use of KVM virtualization with SEV. The patch series explains:
“This is the combination of Kevin’s WBNOINVD series with Zheyun’s targeted flushing series. The combined goal is to use WBNOINVD instead of WBINVD when doing cached maintenance to prevent data corruption due to C-bit aliasing, and to reduce the number of cache invalidations by only performing flushes on CPUs that have entered the relevant VM since the last cache flush.
Assuming I get the appropate acks (and that I didn’t manage to break anything when rebasing), my plan is to take this through the kvm-x86 tree in the 6.17 timeframe.
…
On AMD CPUs without ensuring cache consistency, each memory page reclamation in an SEV guest triggers a call to do WBNOINVD/WBINVD on all CPUs, thereby affecting the performance of other programs on the host.Typically, an AMD server may have 128 cores or more, while the SEV guest might only utilize 8 of these cores. Meanwhile, host can use qemu-affinity to bind these 8 vCPUs to specific physical CPUs.
Therefore, keeping a record of the physical core numbers each time a vCPU runs can help avoid flushing the cache for all CPUs every time.”
THhis optimized AMD CPU cache flushing for only on CPUs running a given SEV guest should help with performance though no benchmark numbers were provided as part of this patch series for highlighting the benefits. In any event look for this patch series providing optimized AMD cache flushing for SEV to likely land later in 2025.
