Itlb_multihit Intel mitigation and JVM
Bernd Eckenfels
ecki at zusammenkunft.net
Tue Nov 12 21:13:32 UTC 2019
Hello,
With the latest Linux kernel updates a mitigation for the Intel MCE Problem with multiple iTLB page sizes hit the kernel. KVM Hypervisor will make large pages non executable and split them down to 4K pages if they are fetched for execution.
https://www.phoronix.com/scan.php?page=news_item&px=iITLB-Multihit-TAA-Kernel-Code
The mitigation on the host is visible here
/sys/devices/system/cpu/vulnerabilities/itlb_multihit
Can be controlled with bootflag kvm.nx_huge_pages=off
I researched a bit, it should show up as a split counter nx_largepages_splitted in kvm stats of debugfs on the Hypervisor.
I wonder if anybody did already tests with the JVM under which conditions a JVM running in a KVM Hypervisor will trigger those page splits and suffer from it.
As I understand this would require .text or codecache segments to be large pages. Is this triggered by the JVM, does it for example use transparent HP with madvice (only) on?
Does anybody have studied the impact on KVM Hypervisor and how are the other virtualization solutions protecting against this and holding up (for a mostly JVM based workload).
Gruss
Bernd
--
http://bernd.eckenfels.net
More information about the hotspot-dev
mailing list