Re: [PATCH 5.4 0/3] KVM CR0.WP series backport

On Mon, May 08, 2023, Mathias Krause wrote:

This is a partial backport of the CR0.WP KVM series[1] to Linux v5.4. It limits itself to avoid TDP MMU unloading as making CR0.WP a guest owned bit turned out to be too much of an effort and the partial backport already being quite effective.

I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on a grsecurity L1 VM. Below table shows the results (runtime in seconds, lower is better):

                      TDP    shadow
Linux v5.4.240       8.87s    56.8s
+ patches            5.84s    55.4s

This kernel version had no module parameter to control the TDP MMU setting, it's always enabled when EPT / NPT is. Therefore its meaning is likely what became "legacy" in newer kernels.

Please consider applying.

NAK, same problem as 5.10 and 5.15. Sorry :-(