[SOLVED] Maximum CPU performance for VM (disabling CPU flaw mitigations)

[syfy323]

Hi!

On a trusted system without multiple tenants it is safe to disable all CPU flaw mitigations.
I already set and run these kernel params on the host:
https://make-linux-fast-again.com/

Which CPU flags need to be set / unset under Hardware -> CPU for the VM?
Based on the wording, I would for example set "md-clear" as + and spec-ctrl as -.

It would be worth an wiki article how these mitigations can be disabled for trusted environments (or, one-size-fits-all "trusted vm" option to tick).

Kind regards
Kevin

 

[oguz]

hi,

the flags on the GUI do not change the behavior of the guest kernel or the vcpu (it just tells the guest which hardware mitigations are available on the hypervisor)

you just have to set the same flags in the virtual machine kernel

 

[syfy323]

hi,

the flags on the GUI do not change the behavior of the guest kernel or the vcpu (it just tells the guest which hardware mitigations are available on the hypervisor)

you just have to set the same flags in the virtual machine kernel

With other words, KVM itself does not implement L1TF fixes for example?
I've already set these params on both host and VM, I should be fine then.

 

[oguz]

With other words, KVM itself does not implement L1TF fixes for example?

the flags on the GUI are not for KVM but for Qemu. (KVM _does_ have fixes for L1TF, but you can't disable them per VM, since you turned off the mitigations on your host)

I've already set these params on both host and VM, I should be fine then.

yes.

also you can find scripts on github to check these both on host and VM

 

[syfy323]

Makes sense. I know the script on github but wanted to make sure, I don't run mitigations on the KVM/Qemu layer that neither the host, nor the VM needs.

Thanks for clarification!