The issue with the current kernel config is it's not really "battle tested" and just doing a quick glance it becomes evident with settings that should be enabled but aren't. THP should be enabled with madvise otherwise things that really should use hugepages (vms, malloc implementations, etc) won't (https://github.com/search?q=repo%3Amicrosoft%2Fmimalloc%20MADV_HUGEPAGE%20&type=code).
Configuring a high performing and secure kernel config is basically an art and really requires deep understanding of a lot of variables and for me or anyone else to really fix this would be a game of wack-a-mole or a month or more of man hours just writing down info.
The issue with the current kernel config is it's not really "battle tested" and just doing a quick glance it becomes evident with settings that should be enabled but aren't. THP should be enabled with madvise otherwise things that really should use hugepages (vms, malloc implementations, etc) won't (https://github.com/search?q=repo%3Amicrosoft%2Fmimalloc%20MADV_HUGEPAGE%20&type=code).
Configuring a high performing and secure kernel config is basically an art and really requires deep understanding of a lot of variables and for me or anyone else to really fix this would be a game of wack-a-mole or a month or more of man hours just writing down info.