Itlb_multihit Intel mitigation and JVM
Simonis, Volker
simonisv at amazon.de
Wed Nov 13 10:36:05 UTC 2019
Am 12.11.2019 22:14 schrieb Bernd Eckenfels <ecki at zusammenkunft.net>:
>
> Hello,
>
> With the latest Linux kernel updates a mitigation for the Intel MCE Problem with multiple iTLB page sizes hit the kernel. KVM Hypervisor will make large pages non executable and split them down to 4K pages if they are fetched for execution.
>
> https://www.phoronix.com/scan.php?page=news_item&px=iITLB-Multihit-TAA-Kernel-Code
>
> The mitigation on the host is visible here
> /sys/devices/system/cpu/vulnerabilities/itlb_multihit
> Can be controlled with bootflag kvm.nx_huge_pages=off
> I researched a bit, it should show up as a split counter nx_largepages_splitted in kvm stats of debugfs on the Hypervisor.
>
> I wonder if anybody did already tests with the JVM under which conditions a JVM running in a KVM Hypervisor will trigger those page splits and suffer from it.
>
> As I understand this would require .text or codecache segments to be large pages. Is this triggered by the JVM, does it for example use transparent HP with madvice (only) on?
>
It is not the default, but it can be enabled with the -XX:+UseTranparentHugePages. This will allocate both, the Java Heap and the CodeCache with madvise(..., MADV_HUGEPAGE).
> Does anybody have studied the impact on KVM Hypervisor and how are the other virtualization solutions protecting against this and holding up (for a mostly JVM based workload).
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Ralf Herbrich
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879
More information about the hotspot-dev
mailing list