[PATCH v8 10/11] KVM: selftests: Test disabling NX hugepages on a VM

From: Ben Gardon
Date: Thu May 26 2022 - 13:55:16 EST

Next message: Ben Gardon: "[PATCH v8 11/11] KVM: selftests: Cache binary stats metadata for duration of test"
Previous message: Ben Gardon: "[PATCH v8 08/11] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis"
In reply to: Ben Gardon: "[PATCH v8 08/11] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis"
Next in thread: Ben Gardon: "[PATCH v8 11/11] KVM: selftests: Cache binary stats metadata for duration of test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Add an argument to the NX huge pages test to test disabling the feature
on a VM using the new capability.

Reviewed-by: David Matlack <dmatlack@xxxxxxxxxx>
Signed-off-by: Ben Gardon <bgardon@xxxxxxxxxx>
---
.../selftests/kvm/include/kvm_util_base.h | 2 +
tools/testing/selftests/kvm/lib/kvm_util.c | 27 +++-
.../selftests/kvm/x86_64/nx_huge_pages_test.c | 140 ++++++++++++------
.../kvm/x86_64/nx_huge_pages_test.sh | 14 +-
4 files changed, 133 insertions(+), 50 deletions(-)

diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h
index 3c9898c59ea1..6aa06a312250 100644
--- a/tools/testing/selftests/kvm/include/kvm_util_base.h
+++ b/tools/testing/selftests/kvm/include/kvm_util_base.h
@@ -447,4 +447,6 @@ static inline uint64_t vm_get_stat(struct kvm_vm *vm, const char *stat_name)

uint32_t guest_get_vcpuid(void);

+int __vm_disable_nx_huge_pages(struct kvm_vm *vm);
+
#endif /* SELFTEST_KVM_UTIL_BASE_H */
diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c
index 385f249c2dc5..33d4d64c1391 100644
--- a/tools/testing/selftests/kvm/lib/kvm_util.c
+++ b/tools/testing/selftests/kvm/lib/kvm_util.c
@@ -112,6 +112,11 @@ int vm_check_cap(struct kvm_vm *vm, long cap)
return ret;
}

+static int __vm_enable_cap(struct kvm_vm *vm, struct kvm_enable_cap *cap)
+{
+ return ioctl(vm->fd, KVM_ENABLE_CAP, cap);
+}
+
/* VM Enable Capability
*
* Input Args:
@@ -128,7 +133,7 @@ int vm_enable_cap(struct kvm_vm *vm, struct kvm_enable_cap *cap)
{
int ret;

- ret = ioctl(vm->fd, KVM_ENABLE_CAP, cap);
+ ret = __vm_enable_cap(vm, cap);
TEST_ASSERT(ret == 0, "KVM_ENABLE_CAP IOCTL failed,\n"
" rc: %i errno: %i", ret, errno);

@@ -2718,3 +2723,23 @@ void __vm_get_stat(struct kvm_vm *vm, const char *stat_name, uint64_t *data,
free(stats_desc);
close(stats_fd);
}
+
+/* VM disable NX huge pages
+ *
+ * Input Args:
+ * vm - Virtual Machine
+ *
+ * Output Args: None
+ *
+ * Return: On success, 0. -ERRNO on failure.
+ *
+ * Disables NX huge pages for the VM.
+ */
+int __vm_disable_nx_huge_pages(struct kvm_vm *vm)
+{
+ struct kvm_enable_cap cap = { 0 };
+
+ cap.cap = KVM_CAP_VM_DISABLE_NX_HUGE_PAGES;
+ cap.args[0] = 0;
+ return __vm_enable_cap(vm, &cap);
+}
diff --git a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
index 09e05cda3dcd..9ff554a572c0 100644
--- a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
+++ b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
@@ -107,52 +107,37 @@ static void wait_for_reclaim(int reclaim_period_ms)
nanosleep(&ts, NULL);
}

-static void help(char *name)
-{
- puts("");
- printf("usage: %s [-h] [-p period_ms] [-t token]\n", name);
- puts("");
- printf(" -p: The NX reclaim period in miliseconds.\n");
- printf(" -t: The magic token to indicate environment setup is done.\n");
- puts("");
- exit(0);
-}
-
-int main(int argc, char **argv)
+void run_test(int reclaim_period_ms, bool disable_nx_huge_pages,
+ bool reboot_permissions)
{
- int reclaim_period_ms = 0, token = 0, opt;
struct kvm_vm *vm;
+ uint64_t pages;
void *hva;
-
- while ((opt = getopt(argc, argv, "hp:t:")) != -1) {
- switch (opt) {
- case 'p':
- reclaim_period_ms = atoi(optarg);
- break;
- case 't':
- token = atoi(optarg);
- break;
- case 'h':
- default:
- help(argv[0]);
- break;
+ int r;
+
+ pages = vm_pages_needed(VM_MODE_DEFAULT, 1, DEFAULT_GUEST_PHY_PAGES,
+ 0, 0);
+ vm = vm_create_without_vcpus(VM_MODE_DEFAULT, pages);
+
+ if (disable_nx_huge_pages) {
+ /*
+ * Cannot run the test without NX huge pages if the kernel
+ * does not support it.
+ */
+ if (!kvm_check_cap(KVM_CAP_VM_DISABLE_NX_HUGE_PAGES))
+ return;
+
+ r = __vm_disable_nx_huge_pages(vm);
+ if (reboot_permissions) {
+ TEST_ASSERT(!r, "Disabling NX huge pages should succeed if process has reboot permissions");
+ } else {
+ TEST_ASSERT(r == -1 && errno == EPERM,
+ "This process should not have permission to disable NX huge pages");
+ return;
}
}

- if (token != MAGIC_TOKEN) {
- print_skip("This test must be run with the magic token %d.\n"
- "This is done by nx_huge_pages_test.sh, which\n"
- "also handles environment setup for the test.",
- MAGIC_TOKEN);
- exit(KSFT_SKIP);
- }
-
- if (!reclaim_period_ms) {
- print_skip("The NX reclaim period must be specified and non-zero");
- exit(KSFT_SKIP);
- }
-
- vm = vm_create_default(0, 0, guest_code);
+ vm_vcpu_add_default(vm, 0, guest_code);

vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS_HUGETLB,
HPAGE_GPA, HPAGE_SLOT,
@@ -185,31 +170,38 @@ int main(int argc, char **argv)
/*
* Next, the guest will execute from the first huge page, causing it
* to be remapped at 4k.
+ *
+ * If NX huge pages are disabled, this should have no effect.
*/
vcpu_run(vm, 0);
- check_2m_page_count(vm, 1);
- check_split_count(vm, 1);
+ check_2m_page_count(vm, disable_nx_huge_pages ? 2 : 1);
+ check_split_count(vm, disable_nx_huge_pages ? 0 : 1);

/*
* Executing from the third huge page (previously unaccessed) will
* cause part to be mapped at 4k.
+ *
+ * If NX huge pages are disabled, it should be mapped at 2M.
*/
vcpu_run(vm, 0);
- check_2m_page_count(vm, 1);
- check_split_count(vm, 2);
+ check_2m_page_count(vm, disable_nx_huge_pages ? 3 : 1);
+ check_split_count(vm, disable_nx_huge_pages ? 0 : 2);

/* Reading from the first huge page again should have no effect. */
vcpu_run(vm, 0);
- check_2m_page_count(vm, 1);
- check_split_count(vm, 2);
+ check_2m_page_count(vm, disable_nx_huge_pages ? 3 : 1);
+ check_split_count(vm, disable_nx_huge_pages ? 0 : 2);

/* Give recovery thread time to run. */
wait_for_reclaim(reclaim_period_ms);

/*
* Now that the reclaimer has run, all the split pages should be gone.
+ *
+ * If NX huge pages are disabled, the relaimer will not run, so
+ * nothing should change from here on.
*/
- check_2m_page_count(vm, 1);
+ check_2m_page_count(vm, disable_nx_huge_pages ? 3 : 1);
check_split_count(vm, 0);

/*
@@ -217,10 +209,62 @@ int main(int argc, char **argv)
* reading from it causes a huge page mapping to be installed.
*/
vcpu_run(vm, 0);
- check_2m_page_count(vm, 2);
+ check_2m_page_count(vm, disable_nx_huge_pages ? 3 : 2);
check_split_count(vm, 0);

kvm_vm_free(vm);
+}
+
+static void help(char *name)
+{
+ puts("");
+ printf("usage: %s [-h] [-p period_ms] [-t token]\n", name);
+ puts("");
+ printf(" -p: The NX reclaim period in miliseconds.\n");
+ printf(" -t: The magic token to indicate environment setup is done.\n");
+ printf(" -r: The test has reboot permissions and can disable NX huge pages.\n");
+ puts("");
+ exit(0);
+}
+
+int main(int argc, char **argv)
+{
+ int reclaim_period_ms = 0, token = 0, opt;
+ bool reboot_permissions = false;
+
+ while ((opt = getopt(argc, argv, "hp:t:r")) != -1) {
+ switch (opt) {
+ case 'p':
+ reclaim_period_ms = atoi(optarg);
+ break;
+ case 't':
+ token = atoi(optarg);
+ break;
+ case 'r':
+ reboot_permissions = true;
+ break;
+ case 'h':
+ default:
+ help(argv[0]);
+ break;
+ }
+ }
+
+ if (token != MAGIC_TOKEN) {
+ print_skip("This test must be run with the magic token %d.\n"
+ "This is done by nx_huge_pages_test.sh, which\n"
+ "also handles environment setup for the test.",
+ MAGIC_TOKEN);
+ exit(KSFT_SKIP);
+ }
+
+ if (!reclaim_period_ms) {
+ print_skip("The NX reclaim period must be specified and non-zero");
+ exit(KSFT_SKIP);
+ }
+
+ run_test(reclaim_period_ms, false, reboot_permissions);
+ run_test(reclaim_period_ms, true, reboot_permissions);

return 0;
}
diff --git a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
index 4e090a84f5f3..6bd8e026ee61 100755
--- a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
+++ b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
@@ -20,6 +20,8 @@ function sudo_echo () {
echo "$1" | sudo tee -a "$2" > /dev/null
}

+NXECUTABLE="$(dirname $0)/nx_huge_pages_test"
+
(
set -e

@@ -28,7 +30,17 @@ function sudo_echo () {
sudo_echo 100 /sys/module/kvm/parameters/nx_huge_pages_recovery_period_ms
sudo_echo "$(( $HUGE_PAGES + 3 ))" /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages

- "$(dirname $0)"/nx_huge_pages_test -t 887563923 -p 100
+ # Test with reboot permissions
+ if [ $(whoami) != "root" ] ; then
+ sudo setcap cap_sys_boot+ep $NXECUTABLE
+ fi
+ $NXECUTABLE -t 887563923 -p 100 -r
+
+ # Test without reboot permissions
+ if [ $(whoami) != "root" ] ; then
+ sudo setcap cap_sys_boot-ep $NXECUTABLE
+ $NXECUTABLE -t 887563923 -p 100
+ fi
)
RET=$?

--
2.36.1.124.g0e6072fb45-goog

Next message: Ben Gardon: "[PATCH v8 11/11] KVM: selftests: Cache binary stats metadata for duration of test"
Previous message: Ben Gardon: "[PATCH v8 08/11] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis"
In reply to: Ben Gardon: "[PATCH v8 08/11] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis"
Next in thread: Ben Gardon: "[PATCH v8 11/11] KVM: selftests: Cache binary stats metadata for duration of test"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]