Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp2555409rwl; Mon, 27 Mar 2023 01:42:54 -0700 (PDT) X-Google-Smtp-Source: AKy350ZEKndLZTI3Q6v/pRIJIc7qOcmRlKORjZZLupA7K3Y5nKR4kvapel+UpLdq9ZZ3aryVRAAh X-Received: by 2002:a17:902:e485:b0:1a1:cce7:94ed with SMTP id i5-20020a170902e48500b001a1cce794edmr8271069ple.67.1679906573873; Mon, 27 Mar 2023 01:42:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679906573; cv=none; d=google.com; s=arc-20160816; b=dNvNeINrc1dJBi3Umwxny6XGwnilKCxkw/RsoMm3hNYGgUtI6Ma/aSW8YRymBeUlA8 23lyiQqCwO1KRfFV3MT11aEKKpfqkGL/qLWw1zRJQfgA3MyMq0sYoJa3uVy21SB/HTBz M6aGmgKwuA9EkMDqZuyaL2UepxEoieXwQq2/VHpGpsGu3TytWj7c6Glk1k62BU5pr/LQ kwbWDM82YPcpU/JjlluyBbCxDI6fjTJOvHzECXIfktOXRQS2ljck/G8vJXqGqkN060bP yHCv5nq5L6Y9Cm/Tq5/R+kqoBjZkDCZfppfhNZb55oWztXAXAz4otYAbLsGjet+OVThu YQww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=JCsf64qoJ0zuxLLz8+aL8JaRFiRBBUNP3y6Axhcy5HI=; b=jJN5Qvgt9J6ETpaKpA7JKXWQJQYRhaELhNd00rdRGNMxaje8UmxhWoQVmOXqBhT5jG 9tsrSAjYLaDjKkRaQT+z+jpSMstQjxzKjI63KOCh9rSYr3jmHvkUPVwRU1oiv5lWlV7z NWLhNXr5Iq45DBbXEWnSuJr5N1r0/vcr4Vw6XPCAWEHe/4zofDsfgsxlECHj3CxiLfIs L7wI/Wmy1ji+rBEvFrqlsl4XOY43+J9Ut/7ciiaKTicAQgCivxKOryCnNvR+lDvRw6P/ IFHf+LEsz5Otb+qU7J7bZ2Hi1e0/qjSfCrLzz9wRr33/V8G46mT9GnCsmWPjj4EjyNmp ZlJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@grsecurity.net header.s=grsec header.b=Mq7OBkZq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=grsecurity.net Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q5-20020a17090311c500b001a0aecb8b3dsi28269641plh.588.2023.03.27.01.42.42; Mon, 27 Mar 2023 01:42:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@grsecurity.net header.s=grsec header.b=Mq7OBkZq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=grsecurity.net Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233471AbjC0ImZ (ORCPT + 99 others); Mon, 27 Mar 2023 04:42:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233429AbjC0IlH (ORCPT ); Mon, 27 Mar 2023 04:41:07 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EECBA93FE for ; Mon, 27 Mar 2023 01:37:53 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id i5so32793717eda.0 for ; Mon, 27 Mar 2023 01:37:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=grsecurity.net; s=grsec; t=1679906272; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=JCsf64qoJ0zuxLLz8+aL8JaRFiRBBUNP3y6Axhcy5HI=; b=Mq7OBkZqtWIKDv//IYblZJ0qSp1ocjZ1TDqUTcG8SOT/CnR+mZEQsVGV0aWWQ9h41c vEOVv8OfCmeIiHsqwmPBc1dyAPPXnSOwBslY2SG5nOn+ufnf94iao3iYEYatCKeaTU+5 8PeyeqRDH/Sui7WyMUWw1jauHpWKM1aWdfXn0hgj1F6Ujw64bVY/X5aUCyH38Jm+o6kj v4BM2Wy2kLcOxJwq+cxg8oGGmh4hvZ+UEEb5g4TTjT+k6JDwLrFh+au+SsgWDCZG5RmU 9e9RHQxm5zcSsDhTHt+efBDb3sCOiCYzNxHZW45mQpjzCeupQTdgrkCTQgWbbiYhPjp7 2p6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679906272; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JCsf64qoJ0zuxLLz8+aL8JaRFiRBBUNP3y6Axhcy5HI=; b=ykSJvR1DXtEna0Gi5ePmuNDpvLrXcVFmaU4g1kCxKvhHLIRnE8djquHZr25l3KWUh7 v8VpfDywC0kFV5BdZmwup/tSCsjL/khAIhYAnomB0+LkllNQQNFA7y4v4gIyv+wCJ3y5 Ap72PiNsF+gnKnCCR1SEc3biY9SgIQQjl1XkY+nSL5i8WfJLDEdkFkzEabw2xGlw6Yor 16LcpmHMJt3fSVHVjkP5nYYZEz7JUiRqyFTO9aOP4Wb30R4JE1dzf6eq4BLweRvba8eu uzpwDcWGWZmk4wMhD7DdwVvth7sP6pxdGdfg7Wfk3gE9jm0FDxCkEXtCVhshzeZwbcaN 3NeQ== X-Gm-Message-State: AAQBX9dyffY3x1wJJW7ax7XmbWh7AqWeG/qu0M+y9oJmK5NBKHZu2MLK QLD9ec77yE7N+AK3dKHpMLK0Dg== X-Received: by 2002:aa7:db96:0:b0:4fd:2ad2:13c4 with SMTP id u22-20020aa7db96000000b004fd2ad213c4mr11648851edt.21.1679906272487; Mon, 27 Mar 2023 01:37:52 -0700 (PDT) Received: from ?IPV6:2003:f6:af49:5500:8c4f:f203:6182:1e2b? (p200300f6af4955008c4ff20361821e2b.dip0.t-ipconnect.de. [2003:f6:af49:5500:8c4f:f203:6182:1e2b]) by smtp.gmail.com with ESMTPSA id r3-20020a50d683000000b004c0239e41d8sm14390419edi.81.2023.03.27.01.37.51 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 Mar 2023 01:37:52 -0700 (PDT) Message-ID: <814c8975-17ad-f1bb-3b26-2175d79a1153@grsecurity.net> Date: Mon, 27 Mar 2023 10:37:50 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH v4 6/6] KVM: VMX: Make CR0.WP a guest owned bit Content-Language: en-US, de-DE To: Xiaoyao Li , kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Sean Christopherson , Paolo Bonzini References: <20230322013731.102955-1-minipli@grsecurity.net> <20230322013731.102955-7-minipli@grsecurity.net> <9261e319-084b-b6fe-550e-31b3683776c4@intel.com> From: Mathias Krause In-Reply-To: <9261e319-084b-b6fe-550e-31b3683776c4@intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 27.03.23 10:33, Xiaoyao Li wrote: > On 3/22/2023 9:37 AM, Mathias Krause wrote: >> Guests like grsecurity that make heavy use of CR0.WP to implement kernel >> level W^X will suffer from the implied VMEXITs. >> >> With EPT there is no need to intercept a guest change of CR0.WP, so >> simply make it a guest owned bit if we can do so. > > I'm interested in the performance gain. Do you have data like Patch 2? It's mentioned in the cover letter[1], quoted below: [1] https://lore.kernel.org/kvm/20230322013731.102955-1-minipli@grsecurity.net/ : I used 'ssdd 10 50000' from rt-tests[5] as a micro-benchmark, running on a : grsecurity L1 VM. Below table shows the results (runtime in seconds, lower : is better): : : legacy TDP shadow : kvm-x86/next@d8708b 8.43s 9.45s 70.3s : + patches 1-3 5.39s 5.63s 70.2s : + patches 4-6 3.51s 3.47s 67.8s Thanks, Mathias