This is a backport of the CR0.WP KVM series[1] to Linux v5.15. It differs from the v6.1 backport as in needing additional prerequisite patches from Lai Jiangshan (and fixes for those) to ensure the assumption it's safe to let CR0.WP be a guest owned bit still stand.
I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on a grsecurity L1 VM. Below table shows the results (runtime in seconds, lower is better):
legacy TDP shadow Linux v5.15.106 9.94s 66.1s 64.9s + patches 4.81s 4.79s 64.6s
It's interesting to see that using the TDP MMU is even slower than shadow paging on a vanilla kernel, making the impact of this backport even more significant.
The KVM unit test suite showed no regressions.
Please consider applying.
Thanks, Mathias
[1] https://lore.kernel.org/kvm/20230322013731.102955-1-minipli@grsecurity.net/ [2] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git
Lai Jiangshan (3): KVM: X86: Don't reset mmu context when X86_CR4_PCIDE 1->0 KVM: X86: Don't reset mmu context when toggling X86_CR4_PGE KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed
Mathias Krause (3): KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP enabled KVM: x86: Make use of kvm_read_cr*_bits() when testing bits KVM: VMX: Make CR0.WP a guest owned bit
Paolo Bonzini (1): KVM: x86/mmu: Avoid indirect call for get_cr3
Sean Christopherson (1): KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults
arch/x86/kvm/kvm_cache_regs.h | 2 +- arch/x86/kvm/mmu.h | 42 ++++++++++++++++++++++++++++++---- arch/x86/kvm/mmu/mmu.c | 27 +++++++++++++++++----- arch/x86/kvm/mmu/paging_tmpl.h | 2 +- arch/x86/kvm/pmu.c | 4 ++-- arch/x86/kvm/vmx/nested.c | 4 ++-- arch/x86/kvm/vmx/vmx.c | 6 ++--- arch/x86/kvm/vmx/vmx.h | 18 +++++++++++++++ arch/x86/kvm/x86.c | 27 +++++++++++++++++++--- 9 files changed, 110 insertions(+), 22 deletions(-)