This is a partial backport of the CR0.WP KVM series[1] to Linux v5.4. It
limits itself to avoid TDP MMU unloading as making CR0.WP a guest owned
bit turned out to be too much of an effort and the partial backport
already being quite effective.
I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on
a grsecurity L1 VM. Below table shows the results (runtime in seconds,
lower is better):
TDP shadow
Linux v5.4.240 8.87s 56.8s
+ patches 5.84s 55.4s
This kernel version had no module parameter to control the TDP MMU
setting, it's always enabled when EPT / NPT is. Therefore its meaning is
likely what became "legacy" in newer kernels.
Please consider applying.
Thanks,
Mathias
[1] https://lore.kernel.org/kvm/20230322013731.102955-1-minipli@xxxxxxxxxxxxxx/
[2] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git
Mathias Krause (2):
KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP
enabled
KVM: x86: Make use of kvm_read_cr*_bits() when testing bits
Paolo Bonzini (1):
KVM: x86/mmu: Avoid indirect call for get_cr3
arch/x86/kvm/mmu.c | 14 +++++++-------
arch/x86/kvm/mmu.h | 11 +++++++++++
arch/x86/kvm/paging_tmpl.h | 2 +-
arch/x86/kvm/vmx/vmx.c | 4 ++--
arch/x86/kvm/x86.c | 14 +++++++++++++-
5 files changed, 34 insertions(+), 11 deletions(-)
--
2.39.2
