TD Guest performance

Question

TD Guest performance

Icegrave0391 opened this issue a month ago · comments

Hi, I would like to ask some questions about the performance of the TD guest.

I'm currently using the run_td.sh to boot the TD guest, and using ssh -p 10022 root@localhost inside the host to SSH into the guest. However, during the operation, I experience very long latency between the host keyboard typing and the responding within the TD guest. To be specific, here are some concrete lists of performance slowdown:

Using git clone to download a repo, TD guest's network throughput is 10x slower than running it as a normal KVM guest.
Using sysbench cpu --threads=1 run to test the CPU performance, TD Guest's CPU speed (events per second) is 160, while running it as a normal KVM guest's CPU speed (events per second) is 2239.15.

I'm not sure whether the performance issue is due to TDX's protection or my bad TD guest configuration. The current performance of our TD guest makes it really hard to execute any realistic workloads. Are there any suggestions to optimize its performance?

Host Settings: INTEL(R) XEON(R) PLATINUM 8570 with 224 CPU threads, and 1TB memory.

TD Guest Settings: 32 VCPU cores, and 24GB memory.

Here are the detailed options to boot the TD:

qemu-system-x86_64 -D /tmp/tdx-guest-td.log \
		   -accel kvm \
		   -m 24G\
           -cpu host,-pdpe1gb \
           -smp 32,maxcpus=32 \
		   -name ${PROCESS_NAME},process=${PROCESS_NAME}\
		   -object tdx-guest,id=tdx \
		   -machine q35,kernel_irqchip=split,confidential-guest-support=tdx,hpet=off \
		   -bios ${TDVF_FIRMWARE} \
		   -nographic\
		   -nodefaults -daemonize\
		   -no-reboot \
           -netdev user,id=nic0_td,hostfwd=tcp::${SSH_PORT}-:22 \
           -device virtio-net-pci,netdev=nic0_td \
		   -drive file=${VMDISK_TDX},if=none,id=virtio-disk0 \
		   -device virtio-blk-pci,drive=virtio-disk0 \
		   ${QUOTE_ARGS} \
		   -pidfile /tmp/tdx-demo-td-pid.pid

syncronize-issues-to-jira · Answer 1 · Sat Jun 01 2024 11:25:24 GMT+0800 (China Standard Time)

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/PEK-705.

This message was autogenerated

Hector Cao · Answer 2 · Thu Jun 06 2024 06:40:26 GMT+0800 (China Standard Time)

Hello, we experience a performance drop with old version of the firmware. Please update your firmware to the latest firmware we are using : TDX Module . Please see : #91

Chuqiz · Answer 3 · Thu Jun 06 2024 08:32:08 GMT+0800 (China Standard Time)

@hector-cao Thanks. Where can I obtain the signed TDX module of TDX_1.5.05.46.698?

Hector Cao · Answer 4 · Thu Jun 06 2024 08:34:37 GMT+0800 (China Standard Time)

The most straightforward way is to update the BIOS to latest version, i think you can reach out to your hardware vendor (OEM).

Chuqiz · Answer 5 · Thu Jun 06 2024 08:49:59 GMT+0800 (China Standard Time)

Thanks. Is there any way I can check my TDX module version?

From my dmesg | grep -i tdx, the host shows:

[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.8.1+ root=UUID=8617a4cb-7c3d-4ca9-a741-4743cecc4ce0 ro kvm_intel.tdx=1 nohibernate nomodeset
[    2.447228] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.8.1+ root=UUID=8617a4cb-7c3d-4ca9-a741-4743cecc4ce0 ro kvm_intel.tdx=1 nohibernate nomodeset
[    5.331762] virt/tdx: BIOS enabled: private KeyID range [64, 128)
[    5.331766] virt/tdx: Disable ACPI S3. Turn off TDX in the BIOS to use ACPI S3.
[   16.382463] virt/tdx: TDX module: attributes 0x0, vendor_id 0x8086, major_version 1, minor_version 5, build_date 20231008, build_num 595

Hector Cao · Answer 6 · Thu Jun 06 2024 08:54:37 GMT+0800 (China Standard Time)

This is where you can get the version : major_version 1, minor_version 5, build_date 20231008, build_num 595

Bun K Tan · Answer 7 · Thu Jun 06 2024 11:45:39 GMT+0800 (China Standard Time)

@Icegrave0391 - Please try the latest recommended version TDX_1.5.05.46.698.

Diego Araujo · Answer 8 · Mon Jun 10 2024 18:28:55 GMT+0800 (China Standard Time)

@bktan8 Do you know where I can get the new version? I can't find it anywhere

Bun K Tan · Answer 9 · Mon Jun 10 2024 22:39:28 GMT+0800 (China Standard Time)

@bktan8 Do you know where I can get the new version? I can't find it anywhere

Hi @diegoara96 - Can you contact your system vendor? They might have the latest firmware.

Diego Araujo · Answer 10 · Mon Jun 10 2024 23:34:06 GMT+0800 (China Standard Time)

@bktan8 thanks, In the end I tried updating the entire BIOS and that updated the tdx as well.

Bun K Tan · Answer 11 · Mon Jun 10 2024 23:40:39 GMT+0800 (China Standard Time)

@bktan8 thanks, In the end I tried updating the entire BIOS and that updated the tdx as well.

Very nice. Which TDX module version did you end up with?

Diego Araujo · Answer 12 · Mon Jun 10 2024 23:50:04 GMT+0800 (China Standard Time)

@bktan8 thanks, In the end I tried updating the entire BIOS and that updated the tdx as well.

Very nice. Which TDX module version did you end up with?

I think it's the last one
[ 7.421728] virt/tdx: TDX module: attributes 0x0, vendor_id 0x8086, major_version 1, minor_version 5, build_date 20240129, build_num 698

Chuqiz · Answer 13 · Thu Jun 13 2024 01:17:28 GMT+0800 (China Standard Time)

Hi @bktan8 and @hector-cao ,

Thanks for your suggestions. Updating the firmware to TDX_1.5.05.46.698 does resolve the problem. I observed a x10 performance gain by using the latest firmware.

Bun K Tan · Answer 14 · Thu Jun 13 2024 01:21:42 GMT+0800 (China Standard Time)

Great! Issue resolved.