On Fri, May 12, 2023, Mathias Krause wrote:
This is a backport of the CR0.WP KVM series[1] to Linux v6.3.
As the original series is based on v6.3-rc1, it's mostly a verbatim port. Only the last patch needed adaption, as it was a fix based on v6.4-rc1. However, as for the v6.2 backport, I simply changed the code to make use of the older kvm_is_cr0_bit_set() helper.
I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on a grsecurity L1 VM. Below table shows the results (runtime in seconds, lower is better):
legacy TDP Linux v6.3.1 7.60s 8.29s + patches 3.39s 3.39s Linux v6.3.2 7.82s 7.81s + patches 3.38s 3.38s
I left out the shadow MMU tests this time, as they're not impacted anyways, only take a lot of time to run. I did, however, include separate tests for v6.3.{1,2} -- not because I had an outdated linux-stable git tree lying around *cough, cough* but because the later includes commit 2ec1fe292d6e ("KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated"), the commit I wanted to benchmark against anyways. Apparently, it has only a minor impact for our use case, so this series is still wanted, imho.
Please consider applying.
Thanks, Mathias
[1] https://lore.kernel.org/kvm/20230322013731.102955-1-minipli@grsecurity.net/ [2] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git
Mathias Krause (3): KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP enabled KVM: x86: Make use of kvm_read_cr*_bits() when testing bits KVM: VMX: Make CR0.WP a guest owned bit
Paolo Bonzini (1): KVM: x86/mmu: Avoid indirect call for get_cr3
Sean Christopherson (1): KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults
Acked-by: Sean Christopherson seanjc@google.com