> If my guestimate is right, a cold file would go from hitting memory 4 times to hitting it twice. And a file in disk cache would go from 3 times to once; the CPU doesn't need to touch the memory if it's in the disk cache.

You're spot on. I have a slide that I like to show NIC vendors when they question why TLS offload is important. See pages 21 and 22 of: https://people.freebsd.org/~gallatin/talks/euro2019-ktls.pdf