Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp1154546pxb; Wed, 13 Apr 2022 22:46:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxLxp6cA2nKVNRBa+PimPypRnZcyzxMMF3syVrNOCJLCas+hVcH8qO/sGgha5W1cGfzPzIc X-Received: by 2002:a17:902:f70f:b0:153:ebfe:21b3 with SMTP id h15-20020a170902f70f00b00153ebfe21b3mr46030902plo.119.1649915168796; Wed, 13 Apr 2022 22:46:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649915168; cv=none; d=google.com; s=arc-20160816; b=00/G+EcZAzVwYk/1lDVqZvEWbReB+jGOnrDYW5PkBN/JQIZ66HhkFmt8aRdkldIQfj 0eY3weXoUpE/gQDhRBIr7OMcy6TKr1wJoKZmr9ugp186b17q9z8OEGB6HbWOvAoHg8hl Voz19ZZJkn2rPO+15ODUBANuJKfWmt+1onVcitu0KQgGSF9bzWC5lLIhxpNojdVhXu8R m49ew32HgFQVoipFAOqnT0c/BylWx5Vu/IhZB59yVDiWf807Wm+fmVRZf0mR4L2SiUVH Eual5H+H9TR25AMHQ8YFx9k4AUtydzubpolj+ubGuC9Gszu8ptJrmKPVF3FDSKbf6FKA 5eYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date :dkim-signature; bh=gBJVdHhxm3GylgacmWD4CA/ifDNVdvbWbULAPZqy7VE=; b=FjE7WwgsldsSuUOyhn3p5Q6V/KSVSvRyFIXc3/Fk0lqZGgXtSZaKkRnJa7nYImaxNh Jad8F/1CWLgXzbcq6wwy4X5cSEW92ClToGutzGGvWrtjQXWdRNm+u/0ZLJoqMBhZwDSu 5NJaMJQRNrY43pEZTLw29n4/1maxJcTM+sHyXWc4nUu8SJUp2dltJZd4WBf/+5fnqd5b z4fh3IBPiq6mNC5YTRBTRK2SRzx510zD0stltuxqsk7NmYJt+FksbuymQLYSjTqpzsm2 0Ju3S05yVYqw4DABhsv1uxSiKvVJ+avyfcWK4vL6i5c8d53t00RZO8NAMiHOzzeTv693 0OOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=sd037rf2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a4-20020a170902ecc400b00153b2d165b1si7543450plh.441.2022.04.13.22.45.55; Wed, 13 Apr 2022 22:46:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=sd037rf2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237541AbiDMSCL (ORCPT + 99 others); Wed, 13 Apr 2022 14:02:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235990AbiDMSCJ (ORCPT ); Wed, 13 Apr 2022 14:02:09 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEA8B25596 for ; Wed, 13 Apr 2022 10:59:47 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id z5-20020a170902ccc500b0015716eaec65so1533435ple.14 for ; Wed, 13 Apr 2022 10:59:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=gBJVdHhxm3GylgacmWD4CA/ifDNVdvbWbULAPZqy7VE=; b=sd037rf2A4JxY/GtuAQ7UCl7/Jjdbya15GJrjwsy+a1uDXTrB8Agp7gzicl7WX2K8f lhdo1uHr70KKsqJpPL7YHinTiIn6o8/T9jA4RVjKrm59hZ8q9FcBO0tZARJUeMRyjiJV TalM6uq2LSotD+6t7cdi7Y/b2YeKLGe8xr3UbfEQpWXpOgRVyiKKcm1odgfsTX1yRuq7 wGFlYI1xmnKCwXobpnPZOkc/RcDs8OQHeCjMpGmNiR+psCFbs3wI6o5jLQN3xN+TXYhV VsEl7rUutgZZlp2dRZLDDXPOzZen8er/sgG9EBc/WNbyYuWfrRKxMlgv4oTVj95bs+7U nfTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=gBJVdHhxm3GylgacmWD4CA/ifDNVdvbWbULAPZqy7VE=; b=B69Ll6mkW9c6l/+Zewr7ZG5OFpDS0xzoFQAbtXiYRzIno4OQ/W68WZ8wIocxLuXr5o ZZLyLJeLv7TAwTpNbyN0f0yBRbvpTSScJ5wTpKKoDEbGTT0F6yLPpOYXVaI+RlbUF7BO GnXJp/pCtad58QlvIsx/Th5f1bj5ZTdf7sF3Wmaf8GmYL4jMTpa1CDIe1T/GLCn/q9x1 nTBhN3h1XjERD/dyTktCwdx/uYjwQgpprsRSVTa0sESQcDR4sCoQMDOSiAaLc5NZlHJg 1E/4G6XGqfGuc3qAnXemZTPGyfuaHuFkk7cUpnlU+NreCzI1ZddjpInTeAXDSuhsQ4NW bd5w== X-Gm-Message-State: AOAM532bkMBRFYNI0lxIxwC8OfAvGds4IcIGDtaIllO/8ce7cjK3vqhM F5oXcwV+I9VnTtoG8w4WhVfxpC3NPT/AlBwDRk92KlQisTVCxgxkrO6GIVxcY1XbU1/SjCqB8fx jpbCv7KGaHYMYaaHjiOjfZmPp1MSBZ5KTKDEx/1E59Jy2eYylZzfqiM0HTEmWTGwAZIXwOOeF X-Received: from bgardon.sea.corp.google.com ([2620:15c:100:202:c087:f2f2:f5f0:f73]) (user=bgardon job=sendgmr) by 2002:a17:902:ec86:b0:156:a032:7cf1 with SMTP id x6-20020a170902ec8600b00156a0327cf1mr43256946plg.40.1649872787285; Wed, 13 Apr 2022 10:59:47 -0700 (PDT) Date: Wed, 13 Apr 2022 10:59:34 -0700 Message-Id: <20220413175944.71705-1-bgardon@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.35.1.1178.g4f1659d476-goog Subject: [PATCH v5 00/10] KVM: x86: Add a cap to disable NX hugepages on a VM From: Ben Gardon To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Paolo Bonzini , Peter Xu , Sean Christopherson , David Matlack , Jim Mattson , David Dunn , Jing Zhang , Junaid Shahid , Ben Gardon Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Given the high cost of NX hugepages in terms of TLB performance, it may be desirable to disable the mitigation on a per-VM basis. In the case of public cloud providers with many VMs on a single host, some VMs may be more trusted than others. In order to maximize performance on critical VMs, while still providing some protection to the host from iTLB Multihit, allow the mitigation to be selectively disabled. Disabling NX hugepages on a VM is relatively straightforward, but I took this as an opportunity to add some NX hugepages test coverage and clean up selftests infrastructure a bit. This series was tested with the new selftest and the rest of the KVM selftests on an Intel Haswell machine. The following tests failed, but I do not believe that has anything to do with this series: userspace_io_test vmx_nested_tsc_scaling_test vmx_preemption_timer_test Changelog: v1->v2: Dropped the complicated memslot refactor in favor of Ricardo Koller's patch with a similar effect. Incorporated David Dunn's feedback and reviewed by tag: shortened waits to speed up test. v2->v3: Incorporated a suggestion from David on how to build the NX huge pages test. Fixed a build breakage identified by David. Dropped the per-vm nx_huge_pages field in favor of simply checking the global + per-VM disable override. Documented the new capability Separated out the commit to test disabling NX huge pages Removed permission check when checking if the disable NX capability is supported. Added test coverage for the permission check. v3->v4: Collected RB's from Jing and David Modified stat collection to reduce a memory allocation [David] Incorporated various improvments to the NX test [David] Changed the NX disable test to run by default [David] Removed some now unnecessary commits Dropped the code to dump KVM stats from the binary stats test, and factor out parts of the existing test to library functions instead. [David, Jing, Sean] Dropped the improvement to a debugging log message as it's no longer relevant to this series. v4->v5: Incorporated cleanup suggestions from David and Sean Added a patch with style fixes for the binary stats test from Sean Added a restriction that NX huge pages can only be disabled before vCPUs are created [Sean] Ben Gardon (9): KVM: selftests: Remove dynamic memory allocation for stats header KVM: selftests: Read binary stats header in lib KVM: selftests: Read binary stats desc in lib KVM: selftests: Read binary stat data in lib KVM: selftests: Add NX huge pages test KVM: x86: Fix errant brace in KVM capability handling KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis KVM: selftests: Factor out calculation of pages needed for a VM KVM: selftests: Test disabling NX hugepages on a VM Sean Christopherson (1): KVM: selftests: Clean up coding style in binary stats test Documentation/virt/kvm/api.rst | 13 + arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/mmu.h | 9 +- arch/x86/kvm/mmu/spte.c | 7 +- arch/x86/kvm/mmu/spte.h | 3 +- arch/x86/kvm/mmu/tdp_mmu.c | 3 +- arch/x86/kvm/x86.c | 25 +- include/uapi/linux/kvm.h | 1 + tools/testing/selftests/kvm/Makefile | 10 + .../selftests/kvm/include/kvm_util_base.h | 13 + .../selftests/kvm/kvm_binary_stats_test.c | 142 ++++++----- tools/testing/selftests/kvm/lib/kvm_util.c | 232 ++++++++++++++++-- .../selftests/kvm/x86_64/nx_huge_pages_test.c | 206 ++++++++++++++++ .../kvm/x86_64/nx_huge_pages_test.sh | 25 ++ 14 files changed, 597 insertions(+), 94 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c create mode 100755 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh -- 2.35.1.1178.g4f1659d476-goog