Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp6658873rwb; Wed, 18 Jan 2023 07:54:13 -0800 (PST) X-Google-Smtp-Source: AMrXdXs9QTveIWl2l/HANOgGnLKg3g0QJ+IUXFQOZtY+/tHQqIsSklKBOmxbZOMXjetiwLJN1wzs X-Received: by 2002:a05:6402:642:b0:496:d2f7:77a2 with SMTP id u2-20020a056402064200b00496d2f777a2mr18726419edx.18.1674057252833; Wed, 18 Jan 2023 07:54:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674057252; cv=none; d=google.com; s=arc-20160816; b=m8g67IkupRqxdiPfeLyyWJ/S39ksssIRluav9X08SI7VwzSJgZ2LTBjhh1ncvg4MEc qp6O8Viu0DiJNsI5sBQ1BGQ5ElLX/oCVXRWtrcs0nICyApIiEuNF4LV3zEJcRJ0WN2Jz NrS9wJaxrmS8lH5pz/MbciTeMHg5HZPExSFRpChKOyUxtaYI1WrMrmVEY1CpNmVz6Y9G Dl1FD/le2hnmNhJM50G75ZbYH0xNJ3gAv33dm7Xc7cu/vzop10J6Dfz25pOhGbKU9wLr FhsR61magUDcGYlZHGL70U6PK+qeClmLmuZMN3drtR54C1Iw8Lfyorp00qIlyGrH/eZu /yNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1X9cKTEOns6mbPxiAJGzCLzAUmWNA4hlvu/w3TuUZPU=; b=iOOvQ4CGYwyqxhI8rh5hU+Qj+wNb/lfnLN7UW6Fb6kRHAvndrH/EN3JlUE3tUvnQrn AGaDQd9pSShy3+j2t4aBGHRUn/1ItZ9NorKFKRdvVbpKFs+eaYwstyo2+LkG/4O9nqNM cNWFFdJ9+C7CoXmUqwONkoTFeRlncWDsfQsFb9xv7v3zGosYoGSvO1AYp1IgeZ8qE0eX 6pV3PRTmCAIMLirZF+bdZTFnRBg9Pi5c0924IrEf20eB8qmALTyAju0mJiFV6hOnQiRO FpGvfFtewIxag3fxT2wow2DYm9zuBYPwc5itc2S/mUBmaKafgXKdGqdt8Ie9Cp2z9QVE W07Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@grsecurity.net header.s=grsec header.b=XIcJS96o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=grsecurity.net Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hz4-20020a1709072ce400b008735377d5d9si4870874ejc.236.2023.01.18.07.54.01; Wed, 18 Jan 2023 07:54:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@grsecurity.net header.s=grsec header.b=XIcJS96o; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=grsecurity.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229982AbjAROyu (ORCPT + 45 others); Wed, 18 Jan 2023 09:54:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54830 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230360AbjAROyD (ORCPT ); Wed, 18 Jan 2023 09:54:03 -0500 Received: from mail-ed1-x52d.google.com (mail-ed1-x52d.google.com [IPv6:2a00:1450:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 648C021A0D for ; Wed, 18 Jan 2023 06:48:54 -0800 (PST) Received: by mail-ed1-x52d.google.com with SMTP id s3so11770786edd.4 for ; Wed, 18 Jan 2023 06:48:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=grsecurity.net; s=grsec; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1X9cKTEOns6mbPxiAJGzCLzAUmWNA4hlvu/w3TuUZPU=; b=XIcJS96oA67Hn1nXDnoKQbHuH4zcVXwA50Mjy6FlCanCgJYtLRHrD8yqDVgbDh6z+p 1I8ZymV+22mLjRbNpwIbZt99snoyWphLUFE+CVd+7gbAinmHhJ+RBTbocHZ3XQiud8yP ukeMOSSnCGg3l//ciBp5SHyqmZ5CGHmlemY2A+SP54cAImPLvsUpH2jG3b2A6W4UjvHC lHXz1ZBsjSmZLeuJhMuO/xk2ztPc1Q4k6fLxSHMG4aW518ZIJjm46LqKi1a+SoNzpKvz hes3dNC0ovt5IEsubdBtgmMHyFnKhwLrIcv4/2pYj0uJgLxy8icT5CGlqtxmWUIKPFWb 6RZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1X9cKTEOns6mbPxiAJGzCLzAUmWNA4hlvu/w3TuUZPU=; b=aEoyy5DQ6amJKwGXFNC84QvF/fK5UnU1oxoDcZ/mnSzHjrBqQkcXROcK5muNzoKYiJ z74Ds5wyM3GLk78BAWm0eUG1a9A8tXVe+3R0PLp/YuqbcPizxnnkQhXIG85bhMQSmHD1 +a7sYG+D5PzL/VB4rHuFj2RfGyVIiuZCtocG/WcUZ04PcDdf5uJyh5WlvnGOkIpn0NJK iFVCXrTuUWZ5Kq41vtMvwkXy/4aqNxYXGNOysn9/NJUuljzsKeNDAhka7hLqVrUSnf1L DNDxO8bbMUcqyKT2ONx/J+8eWfhgJjugZvFg9vSqnbA99XkRDsQkyeGePpa0+cKaukBx uKlA== X-Gm-Message-State: AFqh2koWt3Va+/S3waTctmJtcnP8wDibkT+ac/b/yIAIxBj1aPvAFTAV J4KDERZLkg6Ee+o8Bw49oW92P6BmpbdzlmOa X-Received: by 2002:a50:fa8f:0:b0:49e:31d5:6769 with SMTP id w15-20020a50fa8f000000b0049e31d56769mr6624614edr.41.1674053332988; Wed, 18 Jan 2023 06:48:52 -0800 (PST) Received: from nuc.fritz.box (p200300f6af03d2006e0fc0b921f9db5c.dip0.t-ipconnect.de. [2003:f6:af03:d200:6e0f:c0b9:21f9:db5c]) by smtp.gmail.com with ESMTPSA id p11-20020a05640243cb00b0049e19136c22sm3627509edc.95.2023.01.18.06.48.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Jan 2023 06:48:52 -0800 (PST) From: Mathias Krause To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Sean Christopherson , Paolo Bonzini , Mathias Krause Subject: [PATCH v2 3/3] KVM: x86: do not unload MMU roots when only toggling CR0.WP Date: Wed, 18 Jan 2023 15:50:30 +0100 Message-Id: <20230118145030.40845-4-minipli@grsecurity.net> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230118145030.40845-1-minipli@grsecurity.net> References: <20230118145030.40845-1-minipli@grsecurity.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org There is no need to unload the MMU roots for a direct MMU role when only CR0.WP has changed -- the paging structures are still valid, only the permission bitmap needs to be updated. One heavy user of toggling CR0.WP is grsecurity's KERNEXEC feature to implement kernel W^X. The optimization brings a huge performance gain for this case as the following micro-benchmark running 'ssdd 10 50000' from rt-tests[1] on a grsecurity L1 VM shows (runtime in seconds, lower is better): legacy TDP shadow kvm.git/queue 11.55s 13.91s 75.2s kvm.git/queue+patch 7.32s 7.31s 74.6s For legacy MMU this is ~36% faster, for TTP MMU even ~47% faster. Also TDP and legacy MMU now both have around the same runtime which vanishes the need to disable TDP MMU for grsecurity. Shadow MMU sees no measurable difference and is still slow, as expected. [1] https://git.kernel.org/pub/scm/utils/rt-tests/rt-tests.git Co-developed-by: Sean Christopherson Signed-off-by: Mathias Krause --- v2: handle the CR0.WP case directly in kvm_post_set_cr0() and only for the direct MMU role -- Sean I re-ran the benchmark and it's even faster than with my patch, as the critical path is now the first one handled and is now inline. Thanks a lot for the suggestion, Sean! arch/x86/kvm/x86.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 508074e47bc0..f09bfc0a3cc1 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -902,6 +902,15 @@ EXPORT_SYMBOL_GPL(load_pdptrs); void kvm_post_set_cr0(struct kvm_vcpu *vcpu, unsigned long old_cr0, unsigned long cr0) { + /* + * Toggling just CR0.WP doesn't invalidate page tables per se, only the + * permission bits. + */ + if (vcpu->arch.mmu->root_role.direct && (cr0 ^ old_cr0) == X86_CR0_WP) { + kvm_init_mmu(vcpu); + return; + } + if ((cr0 ^ old_cr0) & X86_CR0_PG) { kvm_clear_async_pf_completion_queue(vcpu); kvm_async_pf_hash_reset(vcpu); -- 2.39.0