Re: [PATCH v4 00/10] KVM: x86: Add a cap to disable NX hugepages on a VM
From: Ben Gardon
Date: Mon Apr 11 2022 - 17:15:27 EST
On Mon, Apr 11, 2022 at 2:10 PM Ben Gardon <bgardon@xxxxxxxxxx> wrote:
>
> Given the high cost of NX hugepages in terms of TLB performance, it may
> be desirable to disable the mitigation on a per-VM basis. In the case of public
> cloud providers with many VMs on a single host, some VMs may be more trusted
> than others. In order to maximize performance on critical VMs, while still
> providing some protection to the host from iTLB Multihit, allow the mitigation
> to be selectively disabled.
>
> Disabling NX hugepages on a VM is relatively straightforward, but I took this
> as an opportunity to add some NX hugepages test coverage and clean up selftests
> infrastructure a bit.
>
> This series was tested with the new selftest and the rest of the KVM selftests
> on an Intel Haswell machine.
>
> The following tests failed, but I do not believe that has anything to do with
> this series:
> userspace_io_test
> vmx_nested_tsc_scaling_test
> vmx_preemption_timer_test
>
> Changelog:
> v1->v2:
> Dropped the complicated memslot refactor in favor of Ricardo Koller's
> patch with a similar effect.
> Incorporated David Dunn's feedback and reviewed by tag: shortened waits
> to speed up test.
> v2->v3:
> Incorporated a suggestion from David on how to build the NX huge pages
> test.
> Fixed a build breakage identified by David.
> Dropped the per-vm nx_huge_pages field in favor of simply checking the
> global + per-VM disable override.
> Documented the new capability
> Separated out the commit to test disabling NX huge pages
> Removed permission check when checking if the disable NX capability is
> supported.
> Added test coverage for the permission check.
> v3->v4:
> Collected RB's from Jing and David
> Modified stat collection to reduce a memory allocation [David]
> Incorporated various improvments to the NX test [David]
> Changed the NX disable test to run by default [David]
> Removed some now unnecessary commits
> Dropped the code to dump KVM stats from the binary stats test, and
> factor out parts of the existing test to library functions instead.
> [David, Jing, Sean]
> Dropped the improvement to a debugging log message as it's no longer
> relevant to this series.
>
> Ben Gardon (10):
> KVM: selftests: Remove dynamic memory allocation for stats header
> KVM: selftests: Read binary stats header in lib
> KVM: selftests: Read binary stats desc in lib
> KVM: selftests: Read binary stat data in lib
> KVM: selftests: Add NX huge pages test
> KVM: x86/MMU: Factor out updating NX hugepages state for a VM
> KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis
> KVM: x86: Fix errant brace in KVM capability handling
> KVM: x86/MMU: Require reboot permission to disable NX hugepages
> KVM: selftests: Test disabling NX hugepages on a VM
Paolo, I'm hoping we can get patches 1-5 in relatively quickly, and I
don't mind merging them first and then iterating on the later commits.
David Matlack and Mingwei Zhang both have series depending on those
test commits, so getting them finalized will help move all three of
our series along.
David, Mingwei, Sean, when you have time, I'd appreciate your reviews
on the first five patches in this series.
>
> Documentation/virt/kvm/api.rst | 13 ++
> arch/x86/include/asm/kvm_host.h | 2 +
> arch/x86/kvm/mmu.h | 10 +-
> arch/x86/kvm/mmu/mmu.c | 17 +-
> arch/x86/kvm/mmu/spte.c | 7 +-
> arch/x86/kvm/mmu/spte.h | 3 +-
> arch/x86/kvm/mmu/tdp_mmu.c | 3 +-
> arch/x86/kvm/x86.c | 17 +-
> include/uapi/linux/kvm.h | 1 +
> tools/testing/selftests/kvm/Makefile | 10 +
> .../selftests/kvm/include/kvm_util_base.h | 11 +
> .../selftests/kvm/kvm_binary_stats_test.c | 75 +++----
> tools/testing/selftests/kvm/lib/kvm_util.c | 125 ++++++++++-
> .../selftests/kvm/x86_64/nx_huge_pages_test.c | 198 ++++++++++++++++++
> .../kvm/x86_64/nx_huge_pages_test.sh | 25 +++
> 15 files changed, 453 insertions(+), 64 deletions(-)
> create mode 100644 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
> create mode 100755 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
>
> --
> 2.35.1.1178.g4f1659d476-goog
>