Xen-related performance problems

[DemiMarie]

How to file a helpful issue

Qubes OS release

R4.1

Brief summary

The Xen hypervisor has performance problems on certain compute-intensive workloads

Steps to reproduce

See @fepitre for details

Expected behavior

Same (or almost same) performance as bare hardware

Actual behavior

Less performance than bare hardware

[AlxHnr]

I can confirm that this problem is clearly noticeable. My Fedora AppVM with up to 8 GB of memory and all cores assigned to it, runs much slower than a native Fedora install on bare metal. Compiling code takes roughly twice a long. I first blamed the lack of hyperthreading, but passing smt=on sched-gran=core to xen makes no difference in my benchmarks (i7-3632qm):

Benchmark	Slowdown compared to native Fedora
sysbench cpu run	60%
sysbench memory run	1680%
Building some random C++ projects	58%

Watching 1080p@60fps YouTube videos on Qubes OS boils my laptop and doesn't feel like 60fps. Native Fedora handles this much better, despite using only CPU-based video decoders[1].

Startup latency of apps on Qubes OS is much worse. qvm-run personal echo "hello world" takes almost an entire second.

[1] I'm not 100% sure it's CPU-only. But according to htop it hits all my cores really hard, while still being smoother and much cooler than Qubes OS.

[DemiMarie]

Startup latency of apps on Qubes OS is much worse. qvm-run personal echo "hello world" takes almost an entire second.

This is definitely a problem and we’re working on it. It won’t ever be as fast as on bare hardware, but our goal is to go from qvm-run command to the VM spawning init in under 100ms. Runtime CPU performance should be within a few percent of bare silicon, so that it is not is definitely a bug.

I can confirm that this problem is clearly noticeable. My Fedora AppVM with up to 8 GB of memory and all cores assigned to it, runs much slower than a native Fedora install on bare metal. Compiling code takes roughly twice a long. I first blamed the lack of hyperthreading, but passing smt=on sched-gran=core to xen makes no difference in my benchmarks (i7-3632qm):

I suggest reverting this, as it is not security supported upstream. The fact that it did not help your benchmarks indicates that it is not likely to be the culprit.

Benchmark	Slowdown compared to native Fedora
sysbench cpu run	60%
sysbench memory run	1680%
Building some random C++ projects	58%

Yeah that’s not good. For clarification: if native Fedora takes time X to build C++ projects, does this mean Qubes OS takes (X / (1 - 0.58)) time? If you could post the raw benchmark data, that would be very helpful.

sysbench memory run is particularly concerning. Does turning off memory balancing for the qube help?

[crat0z]

I can't exactly reproduce this. More information on the workload is needed I think. In my test, I used Linpack Xtreme. On Qubes, I have SMT enabled, 12 vCPUs in my case and 12GB of RAM assigned to the VM (although linpack only uses about 2GB). The VM is PVH with memory balancing enabled. Everything else default for Xen and kernel-latest. Benchmark VM is the only VM running while testing. CPU frequency started at about 3.5GHz and went down to ~2.1GHz over duration of test. My result was 100 GFlops.

Then I started a fedora 36 iso. However, CPU frequency started at 3.9GHz and went down to about 2.4 or 2.5. My result was 112 GFlops.

Perhaps your CPU is not boosting correctly like mine does?

[AlxHnr]

sysbench memory run is particularly concerning. Does turning off memory balancing for the qube help?

I turned off memory balancing via Qubes Manager and assigned fixed 10 GB of memory to the Qube. No improvement 😕

For clarification: if native Fedora takes time X to build C++ projects, does this mean Qubes OS takes (X / (1 - 0.58)) time?

Yes! I don't have the raw benchmark data anymore, but I'm pretty sure it's the same problem that causes the sysbench deviations.

[AlxHnr]

The result of sysbench inside an AppVM heavily dependends on how many other AppVMs are running. Running only one single AppVM brings the results from sysbench cpu run pretty damn close to the values I get on native Fedora. I assume it's some form of scheduling issue. Running only one single AppVM also improves sysbench memory run results, but it's still way off compared to native Fedora.

I tried running the memory benchmark in dom0, where it is significantly faster. Here the results of sysbench memory run:

Environment	MiB/sec
Native Fedora	5290
dom0	4525
domU (only 1 AppVM)	401
domU (+7 other AppVMs)	267

I'm not sure if there is anything special about my system. My entire xen and kernel setup is pretty vanilla. Only deviation is qubes.enable_insecure_pv_passthrough because I don't have an IOMMU. Enabling/Disabling this flag makes no difference.

[DemiMarie]

@AlxHnr Can you try sysbench memory run in a PV VM (not dom0, sys-net, or sys-usb)?

[marmarek]

Is the domU a PVH (the default on qubes, if no PCI devices)? What CPU that is?

[AlxHnr]

Is the domU a PVH (the default on qubes, if no PCI devices)?

Yes. All my domU's are PVH (default), except sys-usb and sys-net.

@AlxHnr Can you try sysbench memory run in a PV VM (not dom0, sys-net, or sys-usb)?

VM Type	MiB/sec
PVH	243.81
HVM	216.34
PV	54.41

Giving the PV VM more cores and memory makes no difference. PV VMs are slow and laggy to the point of being unusable.

What CPU that is?

i7-3632qm. It supports VT-d, but my motherboard/BIOS/whatever does not.

I hope this problem is not specific to my setup. My goal here is to get to a point where others can reproduce these problems. I don't have much time and care less about temporary fixes for myself. I care more about achieving sane defaults that work for everybody.

[brendanhoar]

I'm seeing about an 8x slowdown in sysbench memory run on a domU PVH vs. dom0 on my ancient quad Sandy Bridge.

B

[DemiMarie]

Is the domU a PVH (the default on qubes, if no PCI devices)?

Yes. All my domU's are PVH (default), except sys-usb and sys-net.

@AlxHnr Can you try sysbench memory run in a PV VM (not dom0, sys-net, or sys-usb)?

VM Type	MiB/sec
PVH	243.81
HVM	216.34
PV	54.41

Giving the PV VM more cores and memory makes no difference. PV VMs are slow and laggy to the point of being unusable.

dom0 is itself a PV VM, so that is strange.

@andyhhp: Do you what could cause such a huge difference between PV dom0 and PV domU? Are super pages only allowed to be used by dom0?

What CPU that is?

i7-3632qm. It supports VT-d, but my motherboard/BIOS/whatever does not.

I hope this problem is not specific to my setup. My goal here is to get to a point where others can reproduce these problems. I don't have much time and care less about temporary fixes for myself. I care more about achieving sane defaults that work for everybody.

Me too.

[andyhhp]

Are super pages only allowed to be used by dom0?

PV guests cannot use superpages at all. dom0 doesn't get them either.

Do you what could cause such a huge difference between PV dom0 and PV domU?

Numbers this bad are usually PV-L1TF and IvyBridge is affected, but Qubes has SHADOW compiled out so it's not that. Do you have xl dmesg from the system? I'm rather lost for ideas.

[DemiMarie]

Are super pages only allowed to be used by dom0?

PV guests cannot use superpages at all. dom0 doesn't get them either.

Makes sense, I see that superpage support on PV got ripped out in 2017. Not surprising in retrospect, considering that at least two of the fatal flaws in PV were due to it.

Do you what could cause such a huge difference between PV dom0 and PV domU?

Numbers this bad are usually PV-L1TF and IvyBridge is affected, but Qubes has SHADOW compiled out so it's not that. Do you have xl dmesg from the system? I'm rather lost for ideas.

@AlxHnr Can you provide xl dmesg? That should give the Xen log. Please be sure to redact any sensitive information before posting it.

[brendanhoar]

Numbers this bad are usually PV-L1TF and IvyBridge is affected, but Qubes has SHADOW compiled out so it's not that. Do you have xl dmesg from the system? I'm rather lost for ideas

Just as an aside, under R4.0 on Sandy Bridge xl dmesg says:

PV L1TF shadowing: Dom0 disabled, DomU enabled

Just checked R4.1 on i7-8850H and same result.

B

[DemiMarie]

PV L1TF shadowing: Dom0 disabled, DomU enabled

That’s normal. The L1TF mitigation code enables shadow paging if the hypervisor was built with that, or calls domain_crash() otherwise.

[DemiMarie]

@fepitre can you provide an xl dmesg from a machine that has performance problems under Xen?

[marmarek]

Just checked R4.1 on i7-8850H and same result.

i7-8750H here, about the same result. xl dmesg

[DemiMarie]

Just checked R4.1 on i7-8850H and same result.

i7-8750H here, about the same result. xl dmesg

Thanks! Would you mind posting sysbench results?

[AlxHnr]

Here the important bits from `xl dmesg`

(XEN) Built-in command line: ept=exec-sp
(XEN) parameter "no-real-mode" unknown!
 Xen 4.14.4
(XEN) Xen version 4.14.4 (mockbuild@[unknown]) (gcc (GCC) 10.3.1 20210422 (Red Hat 10.3.1-1)) debug=n  Wed Mar  9 00:00:00 UTC 2022
(XEN) Latest ChangeSet: 
(XEN) Bootloader: GRUB 2.04
(XEN) Command line: placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M ucode=scan smt=off gnttab_max_frames=2048 gnttab_max_maptrack_frames=4096 no-real-mode edd=off
(XEN) Video information:
(XEN)  VGA is graphics mode 1920x1080, 32 bpp
(XEN) Disc information:
(XEN)  Found 0 MBR signatures
(XEN)  Found 2 EDD information structures
(XEN) EFI RAM map:
[...]
(XEN) System RAM: 16203MB (16592532kB)
(XEN) Domain heap initialised
(XEN) ACPI: 32/64X FACS address mismatch in FADT - [...]/0000000000000000, using 32
(XEN) IOAPIC[0]: apic_id 2, version 32, address 0xfec00000, GSI 0-23
(XEN) Enabling APIC mode:  Flat.  Using 1 I/O APICs
(XEN) PCI: Not using MCFG for segment 0000 bus 00-3f
(XEN) Switched to APIC driver x2apic_phys
(XEN) CPU0: 1200 ... 2200 MHz
(XEN) xstate: size: 0x340 and states: 0x7
(XEN) Speculative mitigation facilities:
(XEN)   Hardware hints:
(XEN)   Hardware features: IBPB IBRS STIBP SSBD L1D_FLUSH MD_CLEAR
(XEN)   Compiled-in support: INDIRECT_THUNK
(XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- STIBP- SSBD-, Other: IBPB L1D_FLUSH VERW BRANCH_HARDEN
(XEN)   L1TF: believed vulnerable, maxphysaddr L1D 46, CPUID 36, Safe address 1000000000
(XEN)   Support for HVM VMs: MSR_SPEC_CTRL RSB EAGER_FPU MD_CLEAR
(XEN)   Support for PV VMs: MSR_SPEC_CTRL EAGER_FPU MD_CLEAR
(XEN)   XPTI (64-bit PV only): Dom0 enabled, DomU enabled (without PCID)
(XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
(XEN) Using scheduler: SMP Credit Scheduler rev2 (credit2)
(XEN) Initializing Credit2 scheduler
(XEN) Platform timer is 14.318MHz HPET
(XEN) Detected 2195.012 MHz processor.
(XEN) Unknown cachability for MFNs 0xa0-0xbf
(XEN) Unknown cachability for MFNs 0xdb000-0xdf9ff
(XEN) Unknown cachability for MFNs 0x41e600-0x41efff
(XEN) I/O virtualisation disabled
(XEN) Enabled directed EOI with ioapic_ack_old on!
(XEN) ENABLING IO-APIC IRQs
(XEN)  -> Using old ACK method
(XEN) Allocated console ring of 16 KiB.
(XEN) VMX: Supported advanced features:
(XEN)  - APIC MMIO access virtualisation
(XEN)  - APIC TPR shadow
(XEN)  - Extended Page Tables (EPT)
(XEN)  - Virtual-Processor Identifiers (VPID)
(XEN)  - Virtual NMI
(XEN)  - MSR direct-access bitmap
(XEN)  - Unrestricted Guest
(XEN) HVM: ASIDs enabled.
(XEN) HVM: VMX enabled
(XEN) HVM: Hardware Assisted Paging (HAP) detected
(XEN) HVM: HAP page sizes: 4kB, 2MB
(XEN) Brought up 4 CPUs
(XEN) Scheduling granularity: cpu, 1 CPU per sched-resource
(XEN) Dom0 has maximum 856 PIRQs
(XEN)  Xen  kernel: 64-bit, lsb, compat32
(XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr [...]
(XEN) PHYSICAL MEMORY ARRANGEMENT:
[...]
(XEN) Dom0 has maximum 4 VCPUs
(XEN) Initial low memory virq threshold set at 0x4000 pages.
(XEN) Scrubbing Free RAM in background
(XEN) Std. Loglevel: Errors and warnings
(XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
(XEN) *** Serial input to DOM0 (type 'CTRL-a' three times to switch input)
(XEN) Freed 540kB init memory

[andyhhp]

Hmm - sadly nothing helpful there. Not terribly surprising as it's a release hypervisor, but that's no guarantee that a debug Xen would be any more helpful.

As an unrelated observation, @marmarek you can work around:

(XEN) parameter "no-real-mode" unknown!

by backporting xen-project/xen@e44d986084760 and xen-project/xen@e5046fc6e99db which will silence the spurious warning.

[marmarek]

I've tried Xen with spec-ctrl=no but nothing changed (7128.94 MiB/sec in dom0, 769.83 MiB/sec in domU).
Relevant Xen messages:

(XEN) Speculative mitigation facilities:
(XEN)   Hardware hints: RSBA
(XEN)   Hardware features: IBPB IBRS STIBP SSBD L1D_FLUSH MD_CLEAR SRBDS_CTRL
(XEN)   Compiled-in support: INDIRECT_THUNK
(XEN)   Xen settings: BTI-Thunk JMP, SPEC_CTRL: IBRS- STIBP- SSBD-, Other: SRB_LOCK-
(XEN)   L1TF: believed vulnerable, maxphysaddr L1D 46, CPUID 39, Safe address 8000000000
(XEN)   Support for HVM VMs: MD_CLEAR
(XEN)   Support for PV VMs: MD_CLEAR
(XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled (with PCID)
(XEN)   PV L1TF shadowing: Dom0 disabled, DomU disabled

[marmarek]

When calling sysbench memory run --memory-block-size=16K I get significantly closer numbers (20813.22 MiB/sec in dom0 vs 8135.43 MiB/sec in PVH domU). PV domU performs even worse (5140.72 MiB/sec). The difference between PV dom0 and PV domU surprises me.

[DemiMarie]

When calling sysbench memory run --memory-block-size=16K I get significantly closer numbers (20813.22 MiB/sec in dom0 vs 8135.43 MiB/sec in PVH domU). PV domU performs even worse (5140.72 MiB/sec). The difference between PV dom0 and PV domU surprises me.

It surprises me too. @andyhhp do you have suggestions for debugging this? Is there a way to get stats on TLB misses? I wonder if CPU pinning would help.

[brendanhoar]

[Summary: sysbench's event timing interacts poorly with the high-overhead xen clocksource in PV and some PVH VMs.]

I think we may be seeing a mirage, or rather, a side effect of other system calls being made in parallel with the memory ones.

I played around a bit with strace -f sysbench...

...and noticed that under domU PV but not under dom0 PV, I saw an additional 75K lines in systrace output with this pattern:

[pid 2717] clock_gettime(CLOCK_MONOTONIC, {tv_sec=10331, tv_nsec=199069018}) = 0

After some additional experimenting and googling, I found that I can get "terrible sysbench results" from PV dom0 by performing the following (as root):

echo "xen" > /sys/devices/system/clocksource/clocksource0/current_clocksource # change to what domU uses

And I can then "restore good sysbench results" from PV dom0 by performing the following (as root):

echo "tsc" > /sys/devices/system/clocksource/clocksource0/current_clocksource # the default for dom0

Here's where it gets even stranger (caveat: testing on two different pieces of hardware)

Under R4.0 (Xen 4.8), PVH domU uses "xen" as the clocksource by default but it does not have as severe as an impact, with performance closer to dom0.
Under R4.1 (Xen 4.14), PVH domU uses "xen" as the clocksource by default and appears to be as severely impacted as PV domU, at least on this particular system.

Even more fun:
Under R4.0 PVH domU only have "xen" available as a clocksource, so I can't reverse the experiment with R4.0
Under R4.1 PVH domU default to "xen" but DOES have an available_clocksource of "tsc xen". If I perform do the echo "tsc" command above inside a R4.1 PVH domU, I suddenly "see good sysbench results".

To reiterate: I don't think this is a memory performance problem.

B

[AlxHnr]

It is disabled by default in Qubes OS, but can be enabled with some grub parameters mentioned earlier in this discussion. I've tried them with no impact on performance.

[AlxHnr]

I've tried them with no impact on performance.

At least no impact that I've noticed. But when my benchmark VM is the only VM running, enabling SMT gives me a reliable extra ~13%. This is consistent across multiple reboots and test runs, but far away from the 2x I hoped for. (Tested with sched-gran=core).

I also found a way to maintain the same performance, even with running a lot of other VMs. This involved tweaking scheduler weights and rate limits. But as my benchmarks get faster, everything else becomes less responsive. Even moving the mouse is stuttering hard. Dom0's CPU graph goes up to 50% during those runs, even if it is not doing anything. I assume this is just the overhead of virtualization. Still, the fastest runs I could achieve took 25% longer than native Fedora.

[DemiMarie]

@AlxHnr How does performance under Qubes compare to that in a KVM VM?

[AlxHnr]

@AlxHnr How does performance under Qubes compare to that in a KVM VM?

I just tested on Fedora 35 (host) and used gnome-boxes to spin up another Fedora 35 (guest) live ISO image. Out of the box, my benchmarks have shown the same identical 25% slowdown that I saw with my fastest Xen runs. But with the difference that the host was still perfectly usable and responsive. I then started 4 additional VMs from the same live ISO image and only saw a negligible slowdown of <1%.

[DemiMarie]

@AlxHnr Is this with core scheduling on the KVM host? For a fairer comparison you might want to turn off SMT in your firmware, or turn it off in both KVM and Xen.

[AlxHnr]

I don't know if it uses core scheduling by default. But disabling SMT only made my tests take 16% longer, both on the host and the KVM guest. The latter one is only slightly behind my best SMT xen run, while the former still beats it.

[DemiMarie]

This involved tweaking scheduler weights and rate limits.

Can you share the specific tweaks you used?

[AlxHnr]

I'm getting my best results with these values. Commands for benchmarking in my development VM:

# Dom0 + 7 other VMs are idling in the background.
# Grub setting: smt=on sched-gran=core
xl sched-credit2 -d development -w 65535 # Value impacts balance of VM performance vs host responsiveness
xl sched-credit2 -s -r 0
xl sched-credit2 | grep -vE 'Name|Domain|development|pool' | grep -oE '^\S+' | xargs -I {} xl sched-credit2 -d {} -c 0

I also tried decreasing the weight of all other VM's instead of setting development to 65535. But that makes no noticeable difference.

[qubesos-bot]

Automated announcement from builder-github

The component linux-kernel (including package kernel-6.1.26-1.qubes.fc32) has been pushed to the r4.1 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

[qubesos-bot]

Automated announcement from builder-github

The component linux-kernel (including package kernel-6.1.35-1.qubes.fc32) has been pushed to the r4.1 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

[iamahuman]

I've abridged workarounds that have been mentioned in this thread. They are listed in the order from the (supposedly) least invasive to the most invasive:

1. Pin VCPUs to PCPUs: the most obvious solution/workaround
   • Xen-related performance problems #7404 (comment)
   • Xen-related performance problems #7404 (comment)
   • Xen-related performance problems #7404 (comment)
2. Adjust sched-credit2 weight of specific DomU
   • Xen-related performance problems #7404 (comment)
3. Adjust ondemand scheduler's up_threshold (xenpm set-up-threshold)
   • Xen-related performance problems #7404 (comment)
4. Disable and re-enable turbo mode (xenpm disable-turbo-mode; xenpm enable-turbo-mode)
   • Xen-related performance problems #7404 (comment)
5. Set clocksource=tsc to DomU's kernel command line (may cause issues for suspend; should be fixed in latest R4.1/4.2)
   • Xen-related performance problems #7404 (comment)

Let me know if I missed anything. Thank you all!

[DemiMarie]

Certainly not fixed: Xen still shatters super pages a lot, so there will be a lot of TLB misses. The only fix I know of is to change Xen to reliably not shatter super pages so that the second-stage TLB is mostly 2M pages.