On 10/04/2019 15:24, Ian Jackson wrote: > Since Spectre/Meltdown, shadow has been a lot slower, especially with > KPTI in the guest. Empirically, too slow (with the kernel from Debian > stretch).
The speed of shadow pagetables hasn't changed - I don't think we even touched the shadow code at all for XSA-254. The problem is the change in guest behaviour as a consequence of needing KPTI for a Meltdown mitigation. The guest now flushes its pagetables on every syscall/interrupt/exception rather than once on a process=>process context switch, which is why running a guest using KPTI in shadow mode is boarderline unusable. The actual change to use nopti looks fine. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
