On Wed, Mar 29, 2023, at 18:55, Helmut Grohne wrote:
> -cpu max
> Startup finished in 23.590s (kernel) + 18.210s (userspace) = 41.800s
> -cpu cortex-a57
> Startup finished in 6.090s (kernel) + 8.460s (userspace) = 14.551s
> -cpu max,pauth=off
> Startup finished in 4.756s (kernel) + 5.678s (userspace) = 10.435s
> -cpu max,pauth-impdef=on
> Startup finished in 6.077s (kernel) + 7.241s (userspace) = 13.319s
Ok, so max,pauth-impdef=on no slower than cortex-a57, but
it's slower than cpu=max was with an old kernel or an old
qemu before the addition of pauth.
> So choosing pauth-impdef over pauth should mostly fix performance. So
> given that for kvm we choose cpu=host, I think going higher than
> cortex-something would still be sensible. At this point, my preference
> is max,pauth-impdef=on. Does anyone disagree?
I think the two most sensible options are max,pauth-impdef=on
or max,pauth=off, which is a tradeoff between performance
and features. With pauth-impdef, it becomes a lot safer
to run untrusted userspace code in the guest, as well
as catching buggy code that triggers the pauth checks
by accident, but 30% slowdown is also quite significant.
Between the two, it depends on which use case you want to optimize for.
Arnd
