[PATCH v2 00/11] KVM: x86: Add a cap to disable NX hugepages on a VM

From: Ben Gardon
Date: Mon Mar 21 2022 - 19:49:15 EST

Next message: Ben Gardon: "[PATCH v2 01/11] KVM: selftests: Add vm_alloc_page_table_in_memslot library function"
Previous message: Namhyung Kim: "[PATCH 2/2] perf ftrace: Update documentation of ftrace command"
Next in thread: Ben Gardon: "[PATCH v2 01/11] KVM: selftests: Add vm_alloc_page_table_in_memslot library function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Given the high cost of NX hugepages in terms of TLB performance, it may
be desirable to disable the mitigation on a per-VM basis. In the case of public
cloud providers with many VMs on a single host, some VMs may be more trusted
than others. In order to maximize performance on critical VMs, while still
providing some protection to the host from iTLB Multihit, allow the mitigation
to be selectively disabled.

Disabling NX hugepages on a VM is relatively straightforward, but I took this
as an opportunity to add some NX hugepages test coverage and clean up selftests
infrastructure a bit.

This series was tested with the new selftest and the rest of the KVM selftests
on an Intel Haswell machine.

The following tests failed, but I do not believe that has anything to do with
this series:
userspace_io_test
vmx_nested_tsc_scaling_test
vmx_preemption_timer_test

Changelog:
v1->v2:
Dropped the complicated memslot refactor in favor of Ricardo Koller's
patch with a similar effect.
Incorporated David Dunn's feedback and reviewed by tag: shortened waits
to speed up test.

Ben Gardon (10):
KVM: selftests: Dump VM stats in binary stats test
KVM: selftests: Test reading a single stat
KVM: selftests: Add memslot parameter to elf_load
KVM: selftests: Improve error message in vm_phy_pages_alloc
KVM: selftests: Add NX huge pages test
KVM: x86/MMU: Factor out updating NX hugepages state for a VM
KVM: x86/MMU: Track NX hugepages on a per-VM basis
KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis
KVM: x86: Fix errant brace in KVM capability handling
KVM: x86/MMU: Require reboot permission to disable NX hugepages

Ricardo Koller (1):
KVM: selftests: Add vm_alloc_page_table_in_memslot library function

arch/x86/include/asm/kvm_host.h | 3 +
arch/x86/kvm/mmu.h | 9 +-
arch/x86/kvm/mmu/mmu.c | 23 +-
arch/x86/kvm/mmu/spte.c | 7 +-
arch/x86/kvm/mmu/spte.h | 3 +-
arch/x86/kvm/mmu/tdp_mmu.c | 3 +-
arch/x86/kvm/x86.c | 24 +-
include/uapi/linux/kvm.h | 1 +
tools/testing/selftests/kvm/Makefile | 3 +-
.../selftests/kvm/include/kvm_util_base.h | 10 +
.../selftests/kvm/kvm_binary_stats_test.c | 6 +
tools/testing/selftests/kvm/lib/elf.c | 13 +-
tools/testing/selftests/kvm/lib/kvm_util.c | 230 +++++++++++++++++-
.../kvm/lib/x86_64/nx_huge_pages_guest.S | 45 ++++
.../selftests/kvm/x86_64/nx_huge_pages_test.c | 160 ++++++++++++
.../kvm/x86_64/nx_huge_pages_test.sh | 25 ++
16 files changed, 538 insertions(+), 27 deletions(-)
create mode 100644 tools/testing/selftests/kvm/lib/x86_64/nx_huge_pages_guest.S
create mode 100644 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
create mode 100755 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh

--
2.35.1.894.gb6a874cedc-goog

Next message: Ben Gardon: "[PATCH v2 01/11] KVM: selftests: Add vm_alloc_page_table_in_memslot library function"
Previous message: Namhyung Kim: "[PATCH 2/2] perf ftrace: Update documentation of ftrace command"
Next in thread: Ben Gardon: "[PATCH v2 01/11] KVM: selftests: Add vm_alloc_page_table_in_memslot library function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]