Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp5665916pxb; Mon, 28 Mar 2022 15:44:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZyn9Z4mQq0FaMWus0ZIKbA6FqgT96EfrS/I1ZttfqGG6aQS+urHMK8jfFjx6ld3L0rm+l X-Received: by 2002:a17:90a:d083:b0:1c9:94bb:732d with SMTP id k3-20020a17090ad08300b001c994bb732dmr1365573pju.106.1648507443691; Mon, 28 Mar 2022 15:44:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648507443; cv=none; d=google.com; s=arc-20160816; b=A+Yt7GybK19n+yZdMlgBCBQxqThMqpJeMjNZexe+mtSvzkR5+jIzNFtA+EtQR11INj lzonuFwwtAEbu2Jaah99VDHWKcR+8Zxg4Yj2QRzSCQS3Rmc4yMNSk6Trjw7mx2jhVPaY mznhkXOC8TZbA0lhZMpzEsfPayvO/Hb/6ArHwPBYLuJS9zY4I0H8gUCvl3GmbPEKjDE4 SBWJ4901ANlCCgkMmd21FEIA9H5ClPJM26qmnHYkrfpCXqFRHE1drWoQJvfuuZ/uZQrt PugCapCHSvCOQcAETCjB9knC8JxC1NSMo6qfyIYelxqMqB5O6YCr5v4rCk2TZDTSz+VP eWnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=/4W3IfBTDwK+tQlKzd86ll/8Sy27cDUhj3fakj6+JPo=; b=hnjxZk2BfmbMcZqf6sdHe1qh1W97JUrEFUlP/pO7LopFqSZU+Dyhif3NNkFEWrNcfo FLOSBjPAS1uKrghspFdo6ousb03rJrz53VrrdQ0DNjG9oaY86A6QVXHoVlinjDpSrPuz J7QX6Z8Ja1ueoV2ZZ6g8U5NMbCXySxKA27q+90Gsh/uqJFIS0G+Q/27yG4yLqZSMmQNT mzxMxNY2T5aEFdeyDy+9fLk/cocxa1QrnX+nyoTnCmzYoVN7ysisB7B2k+sNFEOb8sNa xZTCGmjT/8W0ODPk7/XcRBgDxUSpYic5xAzlzc2XjS60fm4v67oUzUP4kbwvI2lGfWMA DeNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=C1nlR1Gw; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id r10-20020a63204a000000b003640f331246si13512798pgm.3.2022.03.28.15.44.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Mar 2022 15:44:03 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=C1nlR1Gw; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 43D8822F3E8; Mon, 28 Mar 2022 14:51:41 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344976AbiC1UbN (ORCPT + 99 others); Mon, 28 Mar 2022 16:31:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345890AbiC1UbH (ORCPT ); Mon, 28 Mar 2022 16:31:07 -0400 Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 057203CA62 for ; Mon, 28 Mar 2022 13:29:25 -0700 (PDT) Received: by mail-pj1-x1036.google.com with SMTP id l4-20020a17090a49c400b001c6840df4a3so623598pjm.0 for ; Mon, 28 Mar 2022 13:29:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=/4W3IfBTDwK+tQlKzd86ll/8Sy27cDUhj3fakj6+JPo=; b=C1nlR1GwqLJNFMhz656qiqwH5o4GFPTIXwkjQjKbMGwP/QD4l8PzAPCp4bgTqjzVBM VqBPQgmR1FTz3yryHYkvK3JSQ3GeVxXPXpmVTOyR/HLleY71pnyKFC1cAwlmCL6DO+le nDwm1nKgU/CXLyKe8wg81jPHsXOKka4uWJlCRoDKuQclERiNCQzqovS8EX9agiNPduVe +nhBexPK5StGhOj0FU5xT5Z+1KENQFYPbYFpsQTFTTIJxa30CQt38RkraKajtdrO/f/c 7DODTZeMvsqqjVRd5lfrXuXcBBdeJZ7AfKVunW1H4q+u3sX3sduBptFT/n4XyhBjZ24l 1jJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=/4W3IfBTDwK+tQlKzd86ll/8Sy27cDUhj3fakj6+JPo=; b=f272SY5CTZHSeIGbEEdJqpIowDy5ksVbcaSPPsF8Djd6eTZ+etsAlASDZFxufZ+vYD hWpHyDR+PmHzHCAC11WEGZy9xjfDllbN8lL9wtE4gncusUBoIeqYSrrN71RxWq+eyZ1P H0nT7c36G3qH8N4QR6li5QrN5/2hze1UE2BoYrAnkmkCsYBqQQc89/bFTSuvsU8f8sq2 5ex+XAv6sUwC/AYQ3wzDixa7iliwGY5+/pVoenwVyX05WlENar0ziJ/PmHSUqfUEYCfR SSODro9/xMwgjqRzzByC8B+XhFDQz1IfML6ttOkzjKsRSfvjCbfXOQWYumQVZkTK2Kpx KYbw== X-Gm-Message-State: AOAM532Gbn7lFzlK3WJINUhWVucs3cijV8cd6z7v7LAynO15CsCLAazy MjxTDeaVVBRbzYZMHnBVOqQdKA== X-Received: by 2002:a17:90a:5643:b0:1bf:ac1f:a1de with SMTP id d3-20020a17090a564300b001bfac1fa1demr899633pji.224.1648499364345; Mon, 28 Mar 2022 13:29:24 -0700 (PDT) Received: from google.com (254.80.82.34.bc.googleusercontent.com. [34.82.80.254]) by smtp.gmail.com with ESMTPSA id s1-20020a056a00178100b004f731a1a952sm17014176pfg.168.2022.03.28.13.29.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 28 Mar 2022 13:29:23 -0700 (PDT) Date: Mon, 28 Mar 2022 20:29:19 +0000 From: David Matlack To: Ben Gardon Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Paolo Bonzini , Peter Xu , Sean Christopherson , Jim Mattson , David Dunn , Jing Zhang , Junaid Shahid Subject: Re: [PATCH v2 09/11] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis Message-ID: References: <20220321234844.1543161-1-bgardon@google.com> <20220321234844.1543161-10-bgardon@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220321234844.1543161-10-bgardon@google.com> X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 21, 2022 at 04:48:42PM -0700, Ben Gardon wrote: > In some cases, the NX hugepage mitigation for iTLB multihit is not > needed for all guests on a host. Allow disabling the mitigation on a > per-VM basis to avoid the performance hit of NX hugepages on trusted > workloads. > > Signed-off-by: Ben Gardon > --- > arch/x86/include/asm/kvm_host.h | 1 + > arch/x86/kvm/mmu.h | 1 + > arch/x86/kvm/mmu/mmu.c | 6 ++++-- > arch/x86/kvm/x86.c | 6 ++++++ > include/uapi/linux/kvm.h | 1 + > 5 files changed, 13 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h > index 0a0c54639dd8..04ddfc475ce0 100644 > --- a/arch/x86/include/asm/kvm_host.h > +++ b/arch/x86/include/asm/kvm_host.h > @@ -1242,6 +1242,7 @@ struct kvm_arch { > #endif > > bool nx_huge_pages; > + bool disable_nx_huge_pages; > }; > > struct kvm_vm_stat { > diff --git a/arch/x86/kvm/mmu.h b/arch/x86/kvm/mmu.h > index dd28fe8d13ae..36d8d84ca6c6 100644 > --- a/arch/x86/kvm/mmu.h > +++ b/arch/x86/kvm/mmu.h > @@ -177,6 +177,7 @@ static inline bool is_nx_huge_page_enabled(struct kvm *kvm) > { > return READ_ONCE(kvm->arch.nx_huge_pages); > } > +void kvm_update_nx_huge_pages(struct kvm *kvm); > > static inline int kvm_mmu_do_page_fault(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa, > u32 err, bool prefetch) > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c > index dc9672f70468..a7d387ccfd74 100644 > --- a/arch/x86/kvm/mmu/mmu.c > +++ b/arch/x86/kvm/mmu/mmu.c > @@ -6195,9 +6195,10 @@ static void __set_nx_huge_pages(bool val) > nx_huge_pages = itlb_multihit_kvm_mitigation = val; > } > > -static void kvm_update_nx_huge_pages(struct kvm *kvm) > +void kvm_update_nx_huge_pages(struct kvm *kvm) > { > - kvm->arch.nx_huge_pages = nx_huge_pages; > + kvm->arch.nx_huge_pages = nx_huge_pages && > + !kvm->arch.disable_nx_huge_pages; kvm->arch.nx_huge_pages seems like it could be dropped and is_nx_huge_page_enabled() could just check this condition. > > mutex_lock(&kvm->slots_lock); > kvm_mmu_zap_all_fast(kvm); > @@ -6451,6 +6452,7 @@ int kvm_mmu_post_init_vm(struct kvm *kvm) > int err; > > kvm->arch.nx_huge_pages = READ_ONCE(nx_huge_pages); > + kvm->arch.disable_nx_huge_pages = false; I believe this can be omitted since kvm_arch is zero-initialized. > err = kvm_vm_create_worker_thread(kvm, kvm_nx_lpage_recovery_worker, 0, > "kvm-nx-lpage-recovery", > &kvm->arch.nx_lpage_recovery_thread); > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 51106d32f04e..73df90a6932b 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -4256,6 +4256,7 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext) > case KVM_CAP_SYS_ATTRIBUTES: > case KVM_CAP_VAPIC: > case KVM_CAP_ENABLE_CAP: > + case KVM_CAP_VM_DISABLE_NX_HUGE_PAGES: Please document the new capability. > r = 1; > break; > case KVM_CAP_EXIT_HYPERCALL: > @@ -6048,6 +6049,11 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm, > } > mutex_unlock(&kvm->lock); > break; > + case KVM_CAP_VM_DISABLE_NX_HUGE_PAGES: > + kvm->arch.disable_nx_huge_pages = true; > + kvm_update_nx_huge_pages(kvm); > + r = 0; > + break; > default: > r = -EINVAL; > break; > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index ee5cc9e2a837..6f9fa7ecfd1e 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -1144,6 +1144,7 @@ struct kvm_ppc_resize_hpt { > #define KVM_CAP_S390_MEM_OP_EXTENSION 211 > #define KVM_CAP_PMU_CAPABILITY 212 > #define KVM_CAP_DISABLE_QUIRKS2 213 > +#define KVM_CAP_VM_DISABLE_NX_HUGE_PAGES 214 > > #ifdef KVM_CAP_IRQ_ROUTING > > -- > 2.35.1.894.gb6a874cedc-goog >