VMs with side channel mitigations enabled may exhibit performance degradation
search cancel

VMs with side channel mitigations enabled may exhibit performance degradation

book

Article ID: 315649

calendar_today

Updated On:

Products

VMware Desktop Hypervisor

Issue/Introduction

Virtual Machines that have side channel mitigations enabled while running on Fusion on Mac OS 11.0 or later or on Workstation on Windows hosts with virtualization based security enabled may run slowly.

Environment

  • VMware Workstation Pro 16.x (Windows)
  • VMware Fusion 12.x
  • VMware Workstation Pro 15.x (Windows)
  • VMware Fusion 11.x

Cause

The root cause of the performance degradation is most likely due to mitigations for side channel attacks such as Spectre and Meltdown. Side channel attacks allow unauthorized read access by malicious processes or virtual machines to the contents of protected kernel or host memory. CPU vendors have introduced a number of features to protect data against this class of attacks such as indirect branch prediction barriers, single thread indirect branch predictor mode, indirect branch restricted speculation mode and L1 data cache flushing. While these features are effective at preventing side channel attacks they can cause noticeable performance degradation in some cases.

Resolution

The process to Disable Side Channel Mitigations:

To disable side-channel mitigations use the Workstation Pro / Fusion UI.

On Fusion

  1. Start Fusion 
  2. Virtual Machine should be Shut Down
  3. Go to Virtual Machine > Settings > Advanced 
  4. Check "Disable Side Channel Mitigations"


On Workstation Pro

  1. Start Workstation
  2. Virtual Machine should be Shut Down
  3. Go to VM > Settings > Options > Advanced
  4. Check "Disable Side Channel Mitigations for Hyper-V enabled hosts"

Note: Above settings are not applicable in VMware Workstation Player