Going back several months have been patches out of Google to optimize AMD cache flushing for KVM-based Linux guest virtual machines when making use of Secure Encrypted Virtualization (SEV). As anticipated, that AMD SEV cache flushing optimization work looks like it will be merged for the upcoming Linux 6.17 kernel cycle.
Google engineer Sean Christopherson has been spearheading this work around the optimized cache flushing for AMD SEV guests with KVM. He explained on the patch series:
“This is the combination of Kevin’s WBNOINVD series with Zheyun’s targeted flushing series. The combined goal is to use WBNOINVD instead of WBINVD when doing cached maintenance to prevent data corruption due to C-bit aliasing, and to reduce the number of cache invalidations by only performing flushes on CPUs that have entered the relevant VM since the last cache flush.”
The final patch in that series by Zheyun Shen is what goes on to only flush the cache on CPUs running the SEV guest. Zheyun Shen explains there:
“On AMD CPUs without ensuring cache consistency, each memory page reclamation in an SEV guest triggers a call to do WBNOINVD/WBINVD on all CPUs, thereby affecting the performance of other programs on the host.
Typically, an AMD server may have 128 cores or more, while the SEV guest might only utilize 8 of these cores. Meanwhile, host can use qemu-affinity to bind these 8 vCPUs to specific physical CPUs.
Therefore, keeping a record of the physical core numbers each time a vCPU runs can help avoid flushing the cache for all CPUs every time.”
Thus a performance win by avoiding cache flushing on CPU cores not even dealing with the SEV-protected guest VM.
The news this week is that as of yesterday the prep patches from the series adding the WBINVD/WBNOINVD helpers and the like have been queued up into the tip/tip.git’s x86/core branch. Now that those necessary patches have been queued up via that TIP branch, the KVM-side patches can then be queued via its respective branch.
Sean Christopherson commented yesterday that in turn he’s picked up the remainder of the patch series via the kvm-x86 code. Thus barring any last minute issues from being raised with the code, this smarter cache flushing for AMD SEV KVM guests is then expected to be merged for the upcoming Linux 6.17 kernel cycle.
