Re: [PATCH v5 00/10] KVM: x86: Add a cap to disable NX hugepages on a VM
From: David Matlack
Date: Wed Apr 13 2022 - 17:22:09 EST
On Wed, Apr 13, 2022 at 10:59 AM Ben Gardon <bgardon@xxxxxxxxxx> wrote:
>
> Given the high cost of NX hugepages in terms of TLB performance, it may
> be desirable to disable the mitigation on a per-VM basis. In the case of public
> cloud providers with many VMs on a single host, some VMs may be more trusted
> than others. In order to maximize performance on critical VMs, while still
> providing some protection to the host from iTLB Multihit, allow the mitigation
> to be selectively disabled.
For the series:
Reviewed-by: David Matlack <dmatlack@xxxxxxxxxx>
>
> Disabling NX hugepages on a VM is relatively straightforward, but I took this
> as an opportunity to add some NX hugepages test coverage and clean up selftests
> infrastructure a bit.
>
> This series was tested with the new selftest and the rest of the KVM selftests
> on an Intel Haswell machine.
>
> The following tests failed, but I do not believe that has anything to do with
> this series:
> userspace_io_test
> vmx_nested_tsc_scaling_test
> vmx_preemption_timer_test
>
> Changelog:
> v1->v2:
> Dropped the complicated memslot refactor in favor of Ricardo Koller's
> patch with a similar effect.
> Incorporated David Dunn's feedback and reviewed by tag: shortened waits
> to speed up test.
> v2->v3:
> Incorporated a suggestion from David on how to build the NX huge pages
> test.
> Fixed a build breakage identified by David.
> Dropped the per-vm nx_huge_pages field in favor of simply checking the
> global + per-VM disable override.
> Documented the new capability
> Separated out the commit to test disabling NX huge pages
> Removed permission check when checking if the disable NX capability is
> supported.
> Added test coverage for the permission check.
> v3->v4:
> Collected RB's from Jing and David
> Modified stat collection to reduce a memory allocation [David]
> Incorporated various improvments to the NX test [David]
> Changed the NX disable test to run by default [David]
> Removed some now unnecessary commits
> Dropped the code to dump KVM stats from the binary stats test, and
> factor out parts of the existing test to library functions instead.
> [David, Jing, Sean]
> Dropped the improvement to a debugging log message as it's no longer
> relevant to this series.
> v4->v5:
> Incorporated cleanup suggestions from David and Sean
> Added a patch with style fixes for the binary stats test from Sean
> Added a restriction that NX huge pages can only be disabled before
> vCPUs are created [Sean]
>
> Ben Gardon (9):
> KVM: selftests: Remove dynamic memory allocation for stats header
> KVM: selftests: Read binary stats header in lib
> KVM: selftests: Read binary stats desc in lib
> KVM: selftests: Read binary stat data in lib
> KVM: selftests: Add NX huge pages test
> KVM: x86: Fix errant brace in KVM capability handling
> KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis
> KVM: selftests: Factor out calculation of pages needed for a VM
> KVM: selftests: Test disabling NX hugepages on a VM
>
> Sean Christopherson (1):
> KVM: selftests: Clean up coding style in binary stats test
>
> Documentation/virt/kvm/api.rst | 13 +
> arch/x86/include/asm/kvm_host.h | 2 +
> arch/x86/kvm/mmu.h | 9 +-
> arch/x86/kvm/mmu/spte.c | 7 +-
> arch/x86/kvm/mmu/spte.h | 3 +-
> arch/x86/kvm/mmu/tdp_mmu.c | 3 +-
> arch/x86/kvm/x86.c | 25 +-
> include/uapi/linux/kvm.h | 1 +
> tools/testing/selftests/kvm/Makefile | 10 +
> .../selftests/kvm/include/kvm_util_base.h | 13 +
> .../selftests/kvm/kvm_binary_stats_test.c | 142 ++++++-----
> tools/testing/selftests/kvm/lib/kvm_util.c | 232 ++++++++++++++++--
> .../selftests/kvm/x86_64/nx_huge_pages_test.c | 206 ++++++++++++++++
> .../kvm/x86_64/nx_huge_pages_test.sh | 25 ++
> 14 files changed, 597 insertions(+), 94 deletions(-)
> create mode 100644 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
> create mode 100755 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
>
> --
> 2.35.1.1178.g4f1659d476-goog
>