Red Hat Working On Optimizing KVM Virtualization Performance Stemming From Spectre
The "KVM monolithic" patch series ends up linking the KVM common code both into kvm-intel and kvm-amd so that the common "kvm" kernel module can be dropped. This occupies more disk space but should yield better run-time performance particularly for systems mitigated against Spectre Variant Two.
For default Spectre V2 mitigations with Retpolines, this change has a surprising impact on the Intel and AMD virtualization performance for KVM. Andre noted, "This improves the vmexit performance by two digits percent on microbenchmarks with the spectre_v2 default mitigation on both VMX and SVM. With spectre_v2=off or with CPUs with IBRS_ALL in ARCH_CAPABILITIES this still improve performance but it's more of the order of 1%." Unfortunately there weren't any more detailed results from these double digit percentage improvements.
The Red Hat engineer went on to add, "We'll still have to deal with CPUs without IBRS_ALL for a decade and reducing the vmexit latency is important to pass certain benchmarks with workloads that happen to trigger frequent vmexits without having to set spectre_v2=off in the host (which at least in theory would make the host kernel vulnerable from a spectre v2 attack from the guest, even through hyperthreading)."
These "KVM mono" patches are currently residing on the kernel mailing list. With some luck we could potentially see this KVM performance optimization land as soon as Linux 5.5 in early 2020, two years after Spectre V2 first came to the public spotlight.