Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp803314pxb; Fri, 22 Apr 2022 11:28:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwRUix5A3bk/r3Y9oyoSyUcG8A1e8B5+K2zCrbrEyCABcfnNfQA+d/pzhwbmpHjnzmFzsNC X-Received: by 2002:a63:185f:0:b0:386:1838:8d0 with SMTP id 31-20020a63185f000000b00386183808d0mr5011027pgy.161.1650652101273; Fri, 22 Apr 2022 11:28:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650652101; cv=none; d=google.com; s=arc-20160816; b=cBCk14t2yLnawpACe0o2DeqFCE5ry1dd4rXnfkITv7iMUptmCI8YdQslWRBUWCwNSB IGgl6rvMl6dfRya/OZNQLOVIcRjzQeD+SUa5P9jCwn43mCN8LZwU9KiBlpIE3KjdaW5B tRFRmxxL2az/DVoFb3l+DT87RWvBapYE6PW6+hXPVIrquzVuh2Tyo93JliA78AvEzPFo PC0Uw8pfP7vhBuFChY7a3OYfgOWs5M7VqU3zy5hPYQMu3vkLW+/aK/xU9ZvlUDlp3QxY xnTRmoRR73iF6OAmrc0VRNB+RtSjvHJKmT/8d6BHNSW3NMEo1i9pxUoca44SFlH+BeEW jXeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:mime-version:message-id:date :dkim-signature; bh=tU5Q7AkrYRkb/Zz2lPFDi8k7QtsqyIwswpbby7oV6Iw=; b=MWP7o0fnhLWrMGdj6U8m0jVUZeI6fPd2+jdRfGb9PVj3vwr2TP2aHzFNtHoG959s/O Risq2zJx8U9fxIkmNwgmxZvA8lMmfWo5K0OHk53N9ZKDzqfrhLfB5Ugxlmifq86mHsRN EPIDHb0Bblp5F0A5zTAt1YHJD+7HEHiPDAzOA7d8ROUANn5hWwm772MLCb5g14yXV5wA XtobmKu1+YY1sEF0Tcx5JkeTSSV4aom/7gZKsBgTwGZ4k8BBbxutVSlCM3uD1F83GSxx JLkzaEIxs7ggBb1X9AQcWyhLEmGuxk5+jq2pCSIpp1KO0ffPZkXAoUj2xmNRtvV8AJUM cTjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=AquOJoyB; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id s16-20020a056a0008d000b004fa3a8e006fsi9287399pfu.294.2022.04.22.11.28.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Apr 2022 11:28:21 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=AquOJoyB; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 75D34E2B1D; Fri, 22 Apr 2022 10:57:55 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381132AbiDTRiH (ORCPT + 99 others); Wed, 20 Apr 2022 13:38:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53100 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1381123AbiDTRiE (ORCPT ); Wed, 20 Apr 2022 13:38:04 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9DA02E020 for ; Wed, 20 Apr 2022 10:35:17 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id s2-20020a17090302c200b00158ea215fa2so1213665plk.3 for ; Wed, 20 Apr 2022 10:35:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:message-id:mime-version:subject:from:to:cc; bh=tU5Q7AkrYRkb/Zz2lPFDi8k7QtsqyIwswpbby7oV6Iw=; b=AquOJoyB2fnkjHD6l/OfOFQOR360AjjZZ/PfrEdvVu88ycHUXtWCVzXLlE2VHg+Kqc ZFFKLXaloES0yYy02F1YG2fhY0kSX8RDJzn0ZeXJLSkLwb3+mjCiYVslaQk/g3YiVOX3 E1MoDbIxCA4Kh6gOnx1vxkLzPiufuvExDg9mr/8MRhPzqUg5Lt1qDQq5hj1HXuhFNfB3 01eKcBTRNnUimOyQiV6JlBoZUhjJcgVOIEwuEWXghf+2utrmLJ9iRJzSGQD5K4zEsDMg 0WBDCYoKkZzJriv/49acSi9DbKwIgsCD5qUz6M2vgOoH137ySiMQ5eH9FmKd+3M5zvne X1nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=tU5Q7AkrYRkb/Zz2lPFDi8k7QtsqyIwswpbby7oV6Iw=; b=QNWxbUYnbvNNqfAd2eccVaCeJHqNeAcZNd7W5QQH2hkB6Tjfo0rQZNJp5RozocA6Gq VW8OOjos2iQKaZ9ZCJm8SmfAEWXxr1gCrUz5QwFc2t1MvhVcCDf1OHXeUHQnAAseF3iY C3CmiHYR9K9Bbavb+W9XZr8jNL236cLQTl7flLf1j2G85fRBA22v9nfGku55pZ6sEs+e IgDedekCZJoy5Xw+m+GyjK3M4mbgkp4WRXX2niLdIMX24IijIuJipahZwgOYDGCcD7mm phxkMti9kXsgy97/NluNIizDN2/RKjbouobuLJUeO6W0ObWmjFKYVKRw0dy6+1yJtCOm Z5wQ== X-Gm-Message-State: AOAM530sZO/TBeT3cThNNxs9xOGMcb3MokB2BJmG4k/AKOH+OlZv0LL+ zrkF3HIQFGWDVkwZYkIcLzalW8ObI3F/Tc1xld/glfEFTFRrCkAJ/vUFYz61QpQtQFfIzYWAeWI p9282BCwwLCqGcnhaBeMHdr76nRBk4KNdFe8CiRrBvpwkY6Q4rG6fxC2LS/R6i7fmVE+F/Xqq X-Received: from bgardon.sea.corp.google.com ([2620:15c:100:202:6ea6:489a:aad6:761c]) (user=bgardon job=sendgmr) by 2002:a17:902:d0cb:b0:158:7c60:2297 with SMTP id n11-20020a170902d0cb00b001587c602297mr21509537pln.145.1650476116665; Wed, 20 Apr 2022 10:35:16 -0700 (PDT) Date: Wed, 20 Apr 2022 10:35:03 -0700 Message-Id: <20220420173513.1217360-1-bgardon@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.36.0.rc0.470.gd361397f0d-goog Subject: [PATCH v6 00/10] KVM: x86: Add a cap to disable NX hugepages on a VM From: Ben Gardon To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Paolo Bonzini , Peter Xu , Sean Christopherson , David Matlack , Jim Mattson , David Dunn , Jing Zhang , Junaid Shahid , Ben Gardon Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Given the high cost of NX hugepages in terms of TLB performance, it may be desirable to disable the mitigation on a per-VM basis. In the case of public cloud providers with many VMs on a single host, some VMs may be more trusted than others. In order to maximize performance on critical VMs, while still providing some protection to the host from iTLB Multihit, allow the mitigation to be selectively disabled. Disabling NX hugepages on a VM is relatively straightforward, but I took this as an opportunity to add some NX hugepages test coverage and clean up selftests infrastructure a bit. This series was tested with the new selftest and the rest of the KVM selftests on an Intel Haswell machine. The following tests failed, but I do not believe that has anything to do with this series: userspace_io_test vmx_nested_tsc_scaling_test vmx_preemption_timer_test Changelog: v1->v2: Dropped the complicated memslot refactor in favor of Ricardo Koller's patch with a similar effect. Incorporated David Dunn's feedback and reviewed by tag: shortened waits to speed up test. v2->v3: Incorporated a suggestion from David on how to build the NX huge pages test. Fixed a build breakage identified by David. Dropped the per-vm nx_huge_pages field in favor of simply checking the global + per-VM disable override. Documented the new capability Separated out the commit to test disabling NX huge pages Removed permission check when checking if the disable NX capability is supported. Added test coverage for the permission check. v3->v4: Collected RB's from Jing and David Modified stat collection to reduce a memory allocation [David] Incorporated various improvments to the NX test [David] Changed the NX disable test to run by default [David] Removed some now unnecessary commits Dropped the code to dump KVM stats from the binary stats test, and factor out parts of the existing test to library functions instead. [David, Jing, Sean] Dropped the improvement to a debugging log message as it's no longer relevant to this series. v4->v5: Incorporated cleanup suggestions from David and Sean Added a patch with style fixes for the binary stats test from Sean Added a restriction that NX huge pages can only be disabled before vCPUs are created [Sean] v5->v6: Scooped up David's RBs Added a magic token to skip nx_huge_pages_test when not run via wrapper script [Sean] Made the call to nx_huge_pages_test in the wrapper script more robust [Sean] Incorportated various nits and comment / documentation suggestions from Sean. Improved negative testing of NX disable without reboot permissions. [Sean] Ben Gardon (9): KVM: selftests: Remove dynamic memory allocation for stats header KVM: selftests: Read binary stats header in lib KVM: selftests: Read binary stats desc in lib KVM: selftests: Read binary stat data in lib KVM: selftests: Add NX huge pages test KVM: x86: Fix errant brace in KVM capability handling KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis KVM: selftests: Factor out calculation of pages needed for a VM KVM: selftests: Test disabling NX hugepages on a VM Sean Christopherson (1): KVM: selftests: Clean up coding style in binary stats test Documentation/virt/kvm/api.rst | 17 ++ arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kvm/mmu.h | 8 +- arch/x86/kvm/mmu/spte.c | 7 +- arch/x86/kvm/mmu/spte.h | 3 +- arch/x86/kvm/mmu/tdp_mmu.c | 2 +- arch/x86/kvm/x86.c | 31 ++- include/uapi/linux/kvm.h | 1 + tools/testing/selftests/kvm/Makefile | 10 + .../selftests/kvm/include/kvm_util_base.h | 13 + .../selftests/kvm/kvm_binary_stats_test.c | 142 +++++----- tools/testing/selftests/kvm/lib/kvm_util.c | 248 ++++++++++++++++-- .../selftests/kvm/x86_64/nx_huge_pages_test.c | 224 ++++++++++++++++ .../kvm/x86_64/nx_huge_pages_test.sh | 38 +++ 14 files changed, 652 insertions(+), 94 deletions(-) create mode 100644 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c create mode 100755 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh -- 2.36.0.rc0.470.gd361397f0d-goog