Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp1269344pxb; Thu, 14 Apr 2022 02:12:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzwblkESujm3awUReBI4Zm6rWkJNoPB3VCsP33+a4DlL3vu/YEFUpP/Jmbwtant36Ev/GlS X-Received: by 2002:a63:795:0:b0:39d:ab3a:4fbf with SMTP id 143-20020a630795000000b0039dab3a4fbfmr1524758pgh.210.1649927578152; Thu, 14 Apr 2022 02:12:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649927578; cv=none; d=google.com; s=arc-20160816; b=vz8cLacRjt2m0RDvCZ2PDDnVbNX4QQh4NTyuHgrCLimIfWfZmaXQoWe2zOTeMTqRAC XTgY+MfrB/Zu8qy4aVNbdCXUpvmr4zu7+NhxCWVvD+G1rw0RxtEUOodrJP76VVq7DQbc 9d67KXHvX4N/2rGIwEdVHDhzqh0YY4upnTJbIJOByhNIZObpkpg2spjrB1Y8AoTe/uod NTe2uAxZT2pAUjKvwG3lrPRMpuzQZ6n3lsPUvZge3WPvrlVVa0gDtOBOhMx+kT6+e443 twdDaehgL5WXSdO46m37GxwHk2z5C0fS2n7TRXtPpOfgei8HpRxCSEGhKzN0XLydHAWq +o0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=BWDcRvlcACWbh4dLrXlVIAQiZ0iwUy3CwzcBurn6W5k=; b=Y+/mMJ0bZteVx+I9jcCn6yVAnexhWb5ur+poyJQNYCat73kbiVqo9dbbhfiYUHI7LJ O8onvGloW5bO+UM32H0LrybNC3WsqHRfbDDDBW1x5XBpbcMXIIqjby0GwqoxdCJE1pn4 7IZaVGqXZMsC2N+ONEGrZDONuMk+s/LE8NKOXSBq6g0pbzwP1VTxKjqlqGQgpddlmHcG TexfnCPBwofPgwvixb/kLiS15BdpHcTrTtZj74CIq3h8klhGYoV2YIkYOJZTNtqHFORf WhDlQeBF5FAWQvBz+zZdcADcE2IG7/dEGOmqcse61psTpkgrNCXho2UxGM71Jj6nHWJd IiIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="GLB/dZeX"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m10-20020a1709026bca00b00156b39b2ec0si15519549plt.111.2022.04.14.02.12.45; Thu, 14 Apr 2022 02:12:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="GLB/dZeX"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238138AbiDMWuw (ORCPT + 99 others); Wed, 13 Apr 2022 18:50:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229541AbiDMWuo (ORCPT ); Wed, 13 Apr 2022 18:50:44 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85D0E580FB for ; Wed, 13 Apr 2022 15:48:22 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id md4so3413048pjb.4 for ; Wed, 13 Apr 2022 15:48:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=BWDcRvlcACWbh4dLrXlVIAQiZ0iwUy3CwzcBurn6W5k=; b=GLB/dZeXcK9x0+8IJh6XpIAyQ4Jy+6QuCDLBae2fwpu3/6UxR9BDzB/Mt3reRbQH5O hT1q3Mxf+18dfJZqG8yv4dPR1a0wlGSIRHA99ykan7WPx4XqZbGmi4+W//d1W0Ke93uH BTDmMOxswZ3hR4UQgT/zF18Y/lkmhNApAVHuOYrGtW9H1lgUcNboV65jbfQhRinxmcjR yNbme2jxX5myTnrU64Ni16FgeG46b50uR3oHbMggUhEClTMN4hTbGYv20EVq03ok2p5k RPwydPkkx4VFaXG1wZpbZx26aU0TWPPlV0szbYfjbu0xLU2EsdpccfPfMLW2hfiyuS9r 4qZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=BWDcRvlcACWbh4dLrXlVIAQiZ0iwUy3CwzcBurn6W5k=; b=Anjokrrpl96QULnjjcbCr5KWZGfpCpjxwBEViIObVzSsANhj2/z26p5rubJUoagtgP hhWHQnjq1EsLjdUS7PKRr5zQF0CnzU7Bi9dBI2SNWvlPQdXekWYt6LaNVUJPFoDzf2vg YCAVOyFlE2mgwNmhHBiUeXMZmyxWAAAFAln/aet3dHL6il2dWEbOGjaZERZGpS1xmUYU QSu96ZZ+faobvr4ZQPC7iSsOa0N73tVfZDUHLQsCD6co7tUjDjIpXkALe1QrWZx6e31A BEpWzg6mQOH52SXSC1ejjF8qbsuFeyaxx7mYsWhrXyjstHxUdhrg23tMxOKI0MCvFhtp WRhw== X-Gm-Message-State: AOAM531zo+o83cETGbAWQtdENKZGEaW4f8TCgQcgETA807CjMEDEEk1f 2dcnAdeqrd6D2IxKy4Zls/ZJdw== X-Received: by 2002:a17:90a:5298:b0:1ca:7fb3:145 with SMTP id w24-20020a17090a529800b001ca7fb30145mr442363pjh.200.1649890101837; Wed, 13 Apr 2022 15:48:21 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id u5-20020a17090a3fc500b001cb3fec230bsm97047pjm.14.2022.04.13.15.48.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Apr 2022 15:48:21 -0700 (PDT) Date: Wed, 13 Apr 2022 22:48:17 +0000 From: Sean Christopherson To: Ben Gardon Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Paolo Bonzini , Peter Xu , David Matlack , Jim Mattson , David Dunn , Jing Zhang , Junaid Shahid Subject: Re: [PATCH v5 10/10] KVM: selftests: Test disabling NX hugepages on a VM Message-ID: References: <20220413175944.71705-1-bgardon@google.com> <20220413175944.71705-11-bgardon@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220413175944.71705-11-bgardon@google.com> X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 13, 2022, Ben Gardon wrote: > diff --git a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c > index 7f80e48781fd..21c31e1d567e 100644 > --- a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c > +++ b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c > @@ -13,6 +13,8 @@ > #include > #include > #include > +#include > +#include > > #include > #include "kvm_util.h" > @@ -80,13 +82,45 @@ static void check_split_count(struct kvm_vm *vm, int expected_splits) > expected_splits, actual_splits); > } > > -int main(int argc, char **argv) > +void run_test(bool disable_nx) Probably worth naming this disable_nx_workaround or disable_nx_mitigation, it's quite easy to think this means "disable EFER.NX". > { > struct kvm_vm *vm; > struct timespec ts; > + uint64_t pages; > void *hva; > - > - vm = vm_create_default(0, 0, guest_code); > + int r; > + > + pages = vm_pages_needed(VM_MODE_DEFAULT, 1, DEFAULT_GUEST_PHY_PAGES, > + 0, 0); > + vm = vm_create_without_vcpus(VM_MODE_DEFAULT, pages); > + > + if (disable_nx) { > + kvm_check_cap(KVM_CAP_VM_DISABLE_NX_HUGE_PAGES); > + > + /* > + * Check if this process has the reboot permissions needed to > + * disable NX huge pages on a VM. > + * > + * The reboot call below will never have any effect because > + * the magic values are not set correctly, however the > + * permission check is done before the magic value check. > + */ > + r = syscall(SYS_reboot, 0, 0, 0, NULL); > + if (r && errno == EPERM) { > + r = vm_disable_nx_huge_pages(vm); > + TEST_ASSERT(r == EPERM, > + "This process should not have permission to disable NX huge pages"); First off, huge kudos for negative testing! But, it's going to provide poor coverage if we teach everyone to use the runner script, because that'll likely require root on most hosts, e.g. to futz with the module param. Aha! Idea. And it should eliminate the SYS_reboot shenanigans, which while hilarious, are mildy scary. In the runner script, wrap all the modification of sysfs knobs with sudo, and then (again with sudo) do: setcap cap_sys_boot+ep path/to/nx_huge_pages_test path/to/nx_huge_pages_test MAGIC_NUMBER -b where "-b" means "has CAP_SYS_BOOT". And then setcap cap_sys_boot-ep path/to/nx_huge_pages_test path/to/nx_huge_pages_test MAGIC_NUMBER Hmm, and I guess if the script is run as root, just skip the second invocation. > + return; > + } > + > + TEST_ASSERT(r && errno == EINVAL, > + "Reboot syscall should fail with -EINVAL"); > + > + r = vm_disable_nx_huge_pages(vm); > + TEST_ASSERT(!r, "Disabling NX huge pages should succeed if process has reboot permissions"); > + } > + > + vm_vcpu_add_default(vm, 0, guest_code); > > vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS_HUGETLB, > HPAGE_GPA, HPAGE_SLOT, > @@ -121,21 +155,21 @@ int main(int argc, char **argv) > * to be remapped at 4k. > */ > vcpu_run(vm, 0); > - check_2m_page_count(vm, 1); > - check_split_count(vm, 1); > + check_2m_page_count(vm, disable_nx ? 2 : 1); > + check_split_count(vm, disable_nx ? 0 : 1); Can you update the comments to explain why these magic number of pages are expected for NX enabled/disabled? As Jim has pointed out, just because KVM and selftests might agree that 1==2, doesn't mean that their math is correct :-)