| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Jun 2022 21:25:13 +0000
From: Ben Gardon <bgardon@...gle.com>
To: kvm@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>
Cc: linux-kernel@...r.kernel.org, Peter Xu <peterx@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
David Matlack <dmatlack@...gle.com>,
Jim Mattson <jmattson@...gle.com>,
David Dunn <daviddunn@...gle.com>,
Jing Zhang <jingzhangos@...gle.com>,
Junaid Shahid <junaids@...gle.com>,
Ben Gardon <bgardon@...gle.com>
Subject: [PATCH v9 00/10] KVM: x86: Add a cap to disable NX hugepages on a VM
Given the high cost of NX hugepages in terms of TLB performance, it may
be desirable to disable the mitigation on a per-VM basis. In the case of public
cloud providers with many VMs on a single host, some VMs may be more trusted
than others. In order to maximize performance on critical VMs, while still
providing some protection to the host from iTLB Multihit, allow the mitigation
to be selectively disabled.
Disabling NX hugepages on a VM is relatively straightforward, but I took this
as an opportunity to add some NX hugepages test coverage and clean up selftests
infrastructure a bit.
This series was tested with the new selftest and the rest of the KVM selftests
on an Intel Haswell machine.
Changelog:
v1->v2:
Dropped the complicated memslot refactor in favor of Ricardo Koller's
patch with a similar effect.
Incorporated David Dunn's feedback and reviewed by tag: shortened waits
to speed up test.
v2->v3:
Incorporated a suggestion from David on how to build the NX huge pages
test.
Fixed a build breakage identified by David.
Dropped the per-vm nx_huge_pages field in favor of simply checking the
global + per-VM disable override.
Documented the new capability
Separated out the commit to test disabling NX huge pages
Removed permission check when checking if the disable NX capability is
supported.
Added test coverage for the permission check.
v3->v4:
Collected RB's from Jing and David
Modified stat collection to reduce a memory allocation [David]
Incorporated various improvments to the NX test [David]
Changed the NX disable test to run by default [David]
Removed some now unnecessary commits
Dropped the code to dump KVM stats from the binary stats test, and
factor out parts of the existing test to library functions instead.
[David, Jing, Sean]
Dropped the improvement to a debugging log message as it's no longer
relevant to this series.
v4->v5:
Incorporated cleanup suggestions from David and Sean
Added a patch with style fixes for the binary stats test from Sean
Added a restriction that NX huge pages can only be disabled before
vCPUs are created [Sean]
v5->v6:
Scooped up David's RBs
Added a magic token to skip nx_huge_pages_test when not run via
wrapper script [Sean]
Made the call to nx_huge_pages_test in the wrapper script more
robust [Sean]
Incorportated various nits and comment / documentation suggestions from
Sean.
Improved negative testing of NX disable without reboot permissions. [Sean]
v6->v7:
Collected Peter Xu's Reviewed-by tags
Added stats metadata caching to kvm_util
Misc NX test fixups
v7->v8:
Spell out descriptors in library function names [Sean]
Reorganize stat descriptor size calculation [Sean]
Addded a get_stats_descriptor helper [Sean]
Remove misleading comment about error reporting in read_stat_data() [Sean]
Use unsigned size_t for input to pread [Sean]
Clean up read_stat_data() [Sean]
Add nx_huge_pages_test to .gitignore [Sean]
Fix organization of get_vm_stat() functions. [Sean]
Clean up #defines in NX huge pages test [Sean]
Add flag parsing and reclaim period flag to NX test [Sean]
Don't reduce hugepage allocation for NX test [Sean]
Fix error check when disabling NX huge pages [Sean]
Don't leave reboot permissions on test binary when executing as root [Sean]
v8->v9:
Rebased on top of Sean's giant selftests refactor series
Ben Gardon (9):
KVM: selftests: Remove dynamic memory allocation for stats header
KVM: selftests: Read binary stats header in lib
KVM: selftests: Read binary stats desc in lib
KVM: selftests: Read binary stat data in lib
KVM: selftests: Add NX huge pages test
KVM: x86: Fix errant brace in KVM capability handling
KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis
KVM: selftests: Test disabling NX hugepages on a VM
KVM: selftests: Cache binary stats metadata for duration of test
Sean Christopherson (1):
KVM: selftests: Clean up coding style in binary stats test
Documentation/virt/kvm/api.rst | 16 ++
arch/x86/include/asm/kvm_host.h | 2 +
arch/x86/kvm/mmu/mmu_internal.h | 7 +-
arch/x86/kvm/mmu/spte.c | 7 +-
arch/x86/kvm/mmu/spte.h | 3 +-
arch/x86/kvm/mmu/tdp_mmu.c | 2 +-
arch/x86/kvm/x86.c | 32 ++-
include/uapi/linux/kvm.h | 1 +
tools/testing/selftests/kvm/.gitignore | 1 +
tools/testing/selftests/kvm/Makefile | 10 +
.../selftests/kvm/include/kvm_util_base.h | 59 ++++
.../selftests/kvm/kvm_binary_stats_test.c | 138 +++++----
tools/testing/selftests/kvm/lib/kvm_util.c | 116 ++++++++
.../selftests/kvm/x86_64/nx_huge_pages_test.c | 269 ++++++++++++++++++
.../kvm/x86_64/nx_huge_pages_test.sh | 52 ++++
15 files changed, 635 insertions(+), 80 deletions(-)
create mode 100644 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c
create mode 100755 tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
--
2.36.1.476.g0c4daa206d-goog
Powered by blists - more mailing lists