| Message ID | 20230508154457.29956-1-minipli@grsecurity.net (mailing list archive) |
|---|---|
| Headers | show |
| Series | KVM CR0.WP series backport | expand |
On Mon, May 08, 2023, Mathias Krause wrote: > This is a backport of the CR0.WP KVM series[1] to Linux v6.2. All > commits applied either clean or with only minor changes needed to > account for missing prerequisite patches, e.g. the lack of a > kvm_is_cr0_bit_set() helper for patch 5 or the slightly different > surrounding context in patch 4 (__always_inline vs. plain inline for > to_kvm_vmx()). > > I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on > a grsecurity L1 VM. Below table shows the results (runtime in seconds, > lower is better): > > legacy TDP shadow > Linux v6.2.10 7.61s 7.98s 68.6s > + patches 3.37s 3.41s 70.2s > > The KVM unit test suite showed no regressions. > > Please consider applying. > > Thanks, > Mathias > > [1] https://lore.kernel.org/kvm/20230322013731.102955-1-minipli@grsecurity.net/ > [2] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git > > > Mathias Krause (3): > KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP > enabled > KVM: x86: Make use of kvm_read_cr*_bits() when testing bits > KVM: VMX: Make CR0.WP a guest owned bit > > Paolo Bonzini (1): > KVM: x86/mmu: Avoid indirect call for get_cr3 > > Sean Christopherson (1): > KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission > faults Acked-by: Sean Christopherson <seanjc@google.com>
On Mon, May 08, 2023 at 05:44:52PM +0200, Mathias Krause wrote: >This is a backport of the CR0.WP KVM series[1] to Linux v6.2. All >commits applied either clean or with only minor changes needed to >account for missing prerequisite patches, e.g. the lack of a >kvm_is_cr0_bit_set() helper for patch 5 or the slightly different >surrounding context in patch 4 (__always_inline vs. plain inline for >to_kvm_vmx()). > >I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on >a grsecurity L1 VM. Below table shows the results (runtime in seconds, >lower is better): > > legacy TDP shadow > Linux v6.2.10 7.61s 7.98s 68.6s > + patches 3.37s 3.41s 70.2s > >The KVM unit test suite showed no regressions. > >Please consider applying. On our end waiting for ack from the KVM maintainers.
On Thu, May 11, 2023 at 08:24:59PM -0400, Sasha Levin wrote: >On Mon, May 08, 2023 at 05:44:52PM +0200, Mathias Krause wrote: >>This is a backport of the CR0.WP KVM series[1] to Linux v6.2. All >>commits applied either clean or with only minor changes needed to >>account for missing prerequisite patches, e.g. the lack of a >>kvm_is_cr0_bit_set() helper for patch 5 or the slightly different >>surrounding context in patch 4 (__always_inline vs. plain inline for >>to_kvm_vmx()). >> >>I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on >>a grsecurity L1 VM. Below table shows the results (runtime in seconds, >>lower is better): >> >> legacy TDP shadow >> Linux v6.2.10 7.61s 7.98s 68.6s >> + patches 3.37s 3.41s 70.2s >> >>The KVM unit test suite showed no regressions. >> >>Please consider applying. > >On our end waiting for ack from the KVM maintainers. Just saw Sean's reply. Queueing up, thanks!
On 11.05.23 23:16, Sean Christopherson wrote: > On Mon, May 08, 2023, Mathias Krause wrote: >> [...] >> >> Mathias Krause (3): >> KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP >> enabled >> KVM: x86: Make use of kvm_read_cr*_bits() when testing bits >> KVM: VMX: Make CR0.WP a guest owned bit >> >> Paolo Bonzini (1): >> KVM: x86/mmu: Avoid indirect call for get_cr3 >> >> Sean Christopherson (1): >> KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission >> faults > > Acked-by: Sean Christopherson <seanjc@google.com> Thanks, Sean! I just realized, I missed to send a backport for 6.3, will do that in a moment (already running tests, but as the initial series was based on v6.3-rc1, I don't expect any surprises). Thanks, Mathias
This is a backport of the CR0.WP KVM series[1] to Linux v6.2. All commits applied either clean or with only minor changes needed to account for missing prerequisite patches, e.g. the lack of a kvm_is_cr0_bit_set() helper for patch 5 or the slightly different surrounding context in patch 4 (__always_inline vs. plain inline for to_kvm_vmx()). I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on a grsecurity L1 VM. Below table shows the results (runtime in seconds, lower is better): legacy TDP shadow Linux v6.2.10 7.61s 7.98s 68.6s + patches 3.37s 3.41s 70.2s The KVM unit test suite showed no regressions. Please consider applying. Thanks, Mathias [1] https://lore.kernel.org/kvm/20230322013731.102955-1-minipli@grsecurity.net/ [2] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git Mathias Krause (3): KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP enabled KVM: x86: Make use of kvm_read_cr*_bits() when testing bits KVM: VMX: Make CR0.WP a guest owned bit Paolo Bonzini (1): KVM: x86/mmu: Avoid indirect call for get_cr3 Sean Christopherson (1): KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults arch/x86/kvm/kvm_cache_regs.h | 2 +- arch/x86/kvm/mmu.h | 26 ++++++++++++++++++- arch/x86/kvm/mmu/mmu.c | 46 ++++++++++++++++++++++++++-------- arch/x86/kvm/mmu/paging_tmpl.h | 2 +- arch/x86/kvm/pmu.c | 4 +-- arch/x86/kvm/vmx/nested.c | 4 +-- arch/x86/kvm/vmx/vmx.c | 6 ++--- arch/x86/kvm/vmx/vmx.h | 18 +++++++++++++ arch/x86/kvm/x86.c | 12 +++++++++ 9 files changed, 99 insertions(+), 21 deletions(-)