linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Sean Christopherson <seanjc@google.com>
To: Ben Gardon <bgardon@google.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	Paolo Bonzini <pbonzini@redhat.com>, Peter Xu <peterx@redhat.com>,
	Peter Shier <pshier@google.com>,
	David Dunn <daviddunn@google.com>,
	Junaid Shahid <junaids@google.com>,
	Jim Mattson <jmattson@google.com>,
	David Matlack <dmatlack@google.com>,
	Mingwei Zhang <mizhang@google.com>,
	Jing Zhang <jingzhangos@google.com>
Subject: Re: [PATCH v4 07/10] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis
Date: Tue, 12 Apr 2022 17:54:14 +0000	[thread overview]
Message-ID: <YlW8xkay+EuM/c3M@google.com> (raw)
In-Reply-To: <20220411211015.3091615-8-bgardon@google.com>

On Mon, Apr 11, 2022, Ben Gardon wrote:
> @@ -6079,6 +6080,11 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
>  		}
>  		mutex_unlock(&kvm->lock);
>  		break;
> +	case KVM_CAP_VM_DISABLE_NX_HUGE_PAGES:
> +		kvm->arch.disable_nx_huge_pages = true;

It's probably worth requiring cap->args[0] to be zero, KVM has been burned too many
times by lack of extensibility.

> +		kvm_update_nx_huge_pages(kvm);

Is there actually a use case to do this while the VM is running?  Given that this
is a one-way control, i.e. userspace can't re-enable the mitigation, me thinks the
answer is no.  And logically, I don't see why userspace would suddenly decide to
trust the guest at some random point in time.

So, require this to be done before vCPUs are created, then there's no need to
zap SPTEs because there can't be any SPTEs to zap.  Then the previous patch also
goes away.  Or to be really draconian, disallow the cap if memslots have been
created, though I think created_vcpus will be sufficient now and in the future.

We can always lift the restriction if someone has a use case for toggling this
while the VM is running, but we can't do the reverse.

  reply	other threads:[~2022-04-12 17:54 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-11 21:10 [PATCH v4 00/10] KVM: x86: Add a cap to disable NX hugepages on a VM Ben Gardon
2022-04-11 21:10 ` [PATCH v4 01/10] KVM: selftests: Remove dynamic memory allocation for stats header Ben Gardon
2022-04-11 21:52   ` David Matlack
2022-04-11 22:50     ` Mingwei Zhang
2022-04-11 21:10 ` [PATCH v4 02/10] KVM: selftests: Read binary stats header in lib Ben Gardon
2022-04-11 21:55   ` David Matlack
2022-04-11 21:10 ` [PATCH v4 03/10] KVM: selftests: Read binary stats desc " Ben Gardon
2022-04-11 22:01   ` David Matlack
2022-04-12  0:54   ` Mingwei Zhang
2022-04-12 18:56     ` Ben Gardon
2022-04-12 19:02       ` Sean Christopherson
2022-04-12 20:02         ` Sean Christopherson
2022-04-12 22:12           ` Ben Gardon
2022-04-11 21:10 ` [PATCH v4 04/10] KVM: selftests: Read binary stat data " Ben Gardon
2022-04-11 22:14   ` David Matlack
2022-04-12 19:58     ` Ben Gardon
2022-04-12  1:25   ` Mingwei Zhang
2022-04-11 21:10 ` [PATCH v4 05/10] KVM: selftests: Add NX huge pages test Ben Gardon
2022-04-11 22:27   ` David Matlack
2022-04-12 22:11     ` Ben Gardon
2022-04-12  1:32   ` Mingwei Zhang
2022-04-12 21:51     ` Ben Gardon
2022-04-11 21:10 ` [PATCH v4 06/10] KVM: x86/MMU: Factor out updating NX hugepages state for a VM Ben Gardon
2022-04-11 21:10 ` [PATCH v4 07/10] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis Ben Gardon
2022-04-12 17:54   ` Sean Christopherson [this message]
2022-04-11 21:10 ` [PATCH v4 08/10] KVM: x86: Fix errant brace in KVM capability handling Ben Gardon
2022-04-11 21:10 ` [PATCH v4 09/10] KVM: x86/MMU: Require reboot permission to disable NX hugepages Ben Gardon
2022-04-12 18:08   ` Sean Christopherson
2022-04-11 21:10 ` [PATCH v4 10/10] KVM: selftests: Test disabling NX hugepages on a VM Ben Gardon
2022-04-11 22:37   ` David Matlack
2022-04-11 21:15 ` [PATCH v4 00/10] KVM: x86: Add a cap to disable " Ben Gardon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YlW8xkay+EuM/c3M@google.com \
    --to=seanjc@google.com \
    --cc=bgardon@google.com \
    --cc=daviddunn@google.com \
    --cc=dmatlack@google.com \
    --cc=jingzhangos@google.com \
    --cc=jmattson@google.com \
    --cc=junaids@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mizhang@google.com \
    --cc=pbonzini@redhat.com \
    --cc=peterx@redhat.com \
    --cc=pshier@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).