From: Ben Gardon <bgardon@google.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>, Peter Xu <peterx@redhat.com>,
Sean Christopherson <seanjc@google.com>,
David Matlack <dmatlack@google.com>,
Jim Mattson <jmattson@google.com>,
David Dunn <daviddunn@google.com>,
Jing Zhang <jingzhangos@google.com>,
Junaid Shahid <junaids@google.com>,
Ben Gardon <bgardon@google.com>
Subject: [PATCH v3 00/11] KVM: x86: Add a cap to disable NX hugepages on a VM
Date: Wed, 30 Mar 2022 10:46:10 -0700 [thread overview]
Message-ID: <20220330174621.1567317-1-bgardon@google.com> (raw)
Given the high cost of NX hugepages in terms of TLB performance, it may
be desirable to disable the mitigation on a per-VM basis. In the case of public
cloud providers with many VMs on a single host, some VMs may be more trusted
than others. In order to maximize performance on critical VMs, while still
providing some protection to the host from iTLB Multihit, allow the mitigation
to be selectively disabled.
Disabling NX hugepages on a VM is relatively straightforward, but I took this
as an opportunity to add some NX hugepages test coverage and clean up selftests
infrastructure a bit.
This series was tested with the new selftest and the rest of the KVM selftests
on an Intel Haswell machine.
The following tests failed, but I do not believe that has anything to do with
this series:
userspace_io_test
vmx_nested_tsc_scaling_test
vmx_preemption_timer_test
Changelog:
v1->v2:
Dropped the complicated memslot refactor in favor of Ricardo Koller's
patch with a similar effect.
Incorporated David Dunn's feedback and reviewed by tag: shortened waits
to speed up test.
v2->v3:
Incorporated a suggestion from David on how to build the NX huge pages
test.
Fixed a build breakage identified by David.
Dropped the per-vm nx_huge_pages field in favor of simply checking the
global + per-VM disable override.
Documented the new capability
Separated out the commit to test disabling NX huge pages
Removed permission check when checking if the disable NX capability is
supported.
Added test coverage for the permission check.
Ben Gardon (10):
KVM: selftests: Dump VM stats in binary stats test
KVM: selftests: Test reading a single stat
KVM: selftests: Add memslot parameter to elf_load
KVM: selftests: Improve error message in vm_phy_pages_alloc
KVM: selftests: Add NX huge pages test
KVM: x86/MMU: Factor out updating NX hugepages state for a VM
KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis
KVM: x86: Fix errant brace in KVM capability handling
KVM: x86/MMU: Require reboot permission to disable NX hugepages
selftests: KVM: Test disabling NX hugepages on a VM
Ricardo Koller (1):
KVM: selftests: Add vm_alloc_page_table_in_memslot library function
Documentation/virt/kvm/api.rst | 13 +
arch/x86/include/asm/kvm_host.h | 2 +
arch/x86/kvm/mmu.h | 10 +-
arch/x86/kvm/mmu/mmu.c | 17 +-
arch/x86/kvm/mmu/spte.c | 7 +-
arch/x86/kvm/mmu/spte.h | 3 +-
arch/x86/kvm/mmu/tdp_mmu.c | 3 +-
arch/x86/kvm/x86.c | 17 +-
include/uapi/linux/kvm.h | 1 +
tools/testing/selftests/kvm/Makefile | 7 +-
.../selftests/kvm/include/kvm_util_base.h | 10 +
.../selftests/kvm/kvm_binary_stats_test.c | 6 +
tools/testing/selftests/kvm/lib/elf.c | 13 +-
tools/testing/selftests/kvm/lib/kvm_util.c | 230 +++++++++++++++++-
.../kvm/lib/x86_64/nx_huge_pages_guest.S | 45 ++++
.../selftests/kvm/x86_64/nx_huge_pages_test.c | 178 ++++++++++++++
.../kvm/x86_64/nx_huge_pages_test.sh | 25 ++
17 files changed, 561 insertions(+), 26 deletions(-)
create mode 100644 tools/testing/selftests/kvm/lib/x86_64/nx_huge_pages_guest.S
create mode 100644 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
create mode 100755 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
--
2.35.1.1021.g381101b075-goog
next reply other threads:[~2022-03-30 17:47 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-30 17:46 Ben Gardon [this message]
2022-03-30 17:46 ` [PATCH v3 01/11] KVM: selftests: Add vm_alloc_page_table_in_memslot library function Ben Gardon
2022-03-30 17:46 ` [PATCH v3 02/11] KVM: selftests: Dump VM stats in binary stats test Ben Gardon
2022-03-30 18:50 ` Jing Zhang
2022-04-05 22:19 ` David Matlack
2022-04-06 20:37 ` Ben Gardon
2022-04-08 19:51 ` Sean Christopherson
2022-06-30 21:00 ` Mingwei Zhang
2022-07-07 19:48 ` Sean Christopherson
2022-03-30 17:46 ` [PATCH v3 03/11] KVM: selftests: Test reading a single stat Ben Gardon
2022-03-30 18:51 ` Jing Zhang
2022-04-05 22:24 ` David Matlack
2022-04-06 20:48 ` Ben Gardon
2022-03-30 17:46 ` [PATCH v3 04/11] KVM: selftests: Add memslot parameter to elf_load Ben Gardon
2022-04-05 22:27 ` David Matlack
2022-03-30 17:46 ` [PATCH v3 05/11] KVM: selftests: Improve error message in vm_phy_pages_alloc Ben Gardon
2022-04-05 22:29 ` David Matlack
2022-03-30 17:46 ` [PATCH v3 06/11] KVM: selftests: Add NX huge pages test Ben Gardon
2022-04-05 22:38 ` David Matlack
2022-04-07 16:52 ` Ben Gardon
2022-03-30 17:46 ` [PATCH v3 07/11] KVM: x86/MMU: Factor out updating NX hugepages state for a VM Ben Gardon
2022-04-05 22:40 ` David Matlack
2022-03-30 17:46 ` [PATCH v3 08/11] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis Ben Gardon
2022-04-05 22:46 ` David Matlack
2022-03-30 17:46 ` [PATCH v3 09/11] KVM: x86: Fix errant brace in KVM capability handling Ben Gardon
2022-03-30 17:46 ` [PATCH v3 10/11] KVM: x86/MMU: Require reboot permission to disable NX hugepages Ben Gardon
2022-03-30 18:02 ` Sean Christopherson
2022-03-30 23:42 ` Ben Gardon
2022-03-30 17:46 ` [PATCH v3 11/11] selftests: KVM: Test disabling NX hugepages on a VM Ben Gardon
2022-04-05 22:55 ` David Matlack
2022-04-07 18:26 ` Ben Gardon
2022-04-07 18:39 ` Ben Gardon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220330174621.1567317-1-bgardon@google.com \
--to=bgardon@google.com \
--cc=daviddunn@google.com \
--cc=dmatlack@google.com \
--cc=jingzhangos@google.com \
--cc=jmattson@google.com \
--cc=junaids@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).