| Message ID | 20230512132024.4029-1-minipli@grsecurity.net (mailing list archive) |
|---|---|
| Headers | show |
| Series | KVM CR0.WP series backport | expand |
On Fri, May 12, 2023, Mathias Krause wrote: > This is a backport of the CR0.WP KVM series[1] to Linux v6.3. > > As the original series is based on v6.3-rc1, it's mostly a verbatim > port. Only the last patch needed adaption, as it was a fix based on > v6.4-rc1. However, as for the v6.2 backport, I simply changed the code > to make use of the older kvm_is_cr0_bit_set() helper. > > I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on > a grsecurity L1 VM. Below table shows the results (runtime in seconds, > lower is better): > > legacy TDP > Linux v6.3.1 7.60s 8.29s > + patches 3.39s 3.39s > > Linux v6.3.2 7.82s 7.81s > + patches 3.38s 3.38s > > I left out the shadow MMU tests this time, as they're not impacted > anyways, only take a lot of time to run. I did, however, include > separate tests for v6.3.{1,2} -- not because I had an outdated > linux-stable git tree lying around *cough, cough* but because the later > includes commit 2ec1fe292d6e ("KVM: x86: Preserve TDP MMU roots until > they are explicitly invalidated"), the commit I wanted to benchmark > against anyways. Apparently, it has only a minor impact for our use > case, so this series is still wanted, imho. > > Please consider applying. > > Thanks, > Mathias > > [1] https://lore.kernel.org/kvm/20230322013731.102955-1-minipli@grsecurity.net/ > [2] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git > > > Mathias Krause (3): > KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP > enabled > KVM: x86: Make use of kvm_read_cr*_bits() when testing bits > KVM: VMX: Make CR0.WP a guest owned bit > > Paolo Bonzini (1): > KVM: x86/mmu: Avoid indirect call for get_cr3 > > Sean Christopherson (1): > KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission > faults Acked-by: Sean Christopherson <seanjc@google.com>
This is a backport of the CR0.WP KVM series[1] to Linux v6.3. As the original series is based on v6.3-rc1, it's mostly a verbatim port. Only the last patch needed adaption, as it was a fix based on v6.4-rc1. However, as for the v6.2 backport, I simply changed the code to make use of the older kvm_is_cr0_bit_set() helper. I used 'ssdd 10 50000' from rt-tests[2] as a micro-benchmark, running on a grsecurity L1 VM. Below table shows the results (runtime in seconds, lower is better): legacy TDP Linux v6.3.1 7.60s 8.29s + patches 3.39s 3.39s Linux v6.3.2 7.82s 7.81s + patches 3.38s 3.38s I left out the shadow MMU tests this time, as they're not impacted anyways, only take a lot of time to run. I did, however, include separate tests for v6.3.{1,2} -- not because I had an outdated linux-stable git tree lying around *cough, cough* but because the later includes commit 2ec1fe292d6e ("KVM: x86: Preserve TDP MMU roots until they are explicitly invalidated"), the commit I wanted to benchmark against anyways. Apparently, it has only a minor impact for our use case, so this series is still wanted, imho. Please consider applying. Thanks, Mathias [1] https://lore.kernel.org/kvm/20230322013731.102955-1-minipli@grsecurity.net/ [2] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git Mathias Krause (3): KVM: x86: Do not unload MMU roots when only toggling CR0.WP with TDP enabled KVM: x86: Make use of kvm_read_cr*_bits() when testing bits KVM: VMX: Make CR0.WP a guest owned bit Paolo Bonzini (1): KVM: x86/mmu: Avoid indirect call for get_cr3 Sean Christopherson (1): KVM: x86/mmu: Refresh CR0.WP prior to checking for emulated permission faults arch/x86/kvm/kvm_cache_regs.h | 2 +- arch/x86/kvm/mmu.h | 26 ++++++++++++++++++- arch/x86/kvm/mmu/mmu.c | 46 ++++++++++++++++++++++++++-------- arch/x86/kvm/mmu/paging_tmpl.h | 2 +- arch/x86/kvm/pmu.c | 4 +-- arch/x86/kvm/vmx/nested.c | 4 +-- arch/x86/kvm/vmx/vmx.c | 6 ++--- arch/x86/kvm/vmx/vmx.h | 18 +++++++++++++ arch/x86/kvm/x86.c | 12 +++++++++ 9 files changed, 99 insertions(+), 21 deletions(-)