[v6,7/8] KVM: x86/mmu: explicitly check nx_hugepage in disallowed_hugepage_adjust()
Message ID | 20221019165618.927057-8-seanjc@google.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4ac7:0:0:0:0:0 with SMTP id y7csp432499wrs; Wed, 19 Oct 2022 09:59:37 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6AQ1nel+3BQU/pQQn5NGfo6ZYJKBBl1nt8smX/oI72Xe4U22v/LNktZlDYoPd50clMenBP X-Received: by 2002:a05:6402:1d55:b0:45f:c87f:c753 with SMTP id dz21-20020a0564021d5500b0045fc87fc753mr155324edb.32.1666198776834; Wed, 19 Oct 2022 09:59:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666198776; cv=none; d=google.com; s=arc-20160816; b=U+h2413YYrVyNSIh5gSTiXJ+CrZP56oCIq/LiWKTucdbCgTVST4ZETeq304Ye/P76b eZdmvbaBxI0lKpQ9kVpmRzU1gc93O2mVBP+JswmZLGO61wdGYpvLoy0oPrCK7xriWvuT JFd34wFQXYBztxkYpxXnq0/DTJRNrrJor1h9DzcBtYt8tAx7Vy/nXLAcFt/xwALfedJr yeCLfrrWrGO28rLcT244XLWjVsFsBNZtcgFul5YeU6XKQuNMCek7itOLW7l1q9Slp7Do yWNwXQOkQtsj7H3qH5l5gtrddvyBSeFBMFFxhrotVAWD4sfaqcz+7ta/vJbZpruLjlZH 2yew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:dkim-signature; bh=GscSUgsZGmj923/aia3vL9pbn6x7hvYEHqUbfgDwtc8=; b=ZTgdx6XKBp5oN/6LGOlTQqthtJQraFt2IqUe33J54kPV/Ju+eSvO9sa4XPgWg8brRh gcsePnASh+uqWxWxCxrQgnGYE+yNIulfaM/o66048oc6hDcjLn8+VwuBKHYMiKOch7es y23S1hyJV5PHFx1IqzUcuoSTenDiVENtdoYnXXu6bpBNhJClgw9eMi6imUtR8dVb+fUu krNdTzzOy+RI5kvpuGiUKFA5jwWdJpHI/ewY6pFMRRuNXovAvyQWCMdAuLPnaWDklb2h kJeAaHiF0LmbDO+JlMIZ0fTG2BoffkwdkIjlvhqgDICoHmpmleRiXZ5oGY3IVPxPXk/0 QUuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="EEYb/VsM"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sb10-20020a1709076d8a00b00780076c3322si15641072ejc.432.2022.10.19.09.59.11; Wed, 19 Oct 2022 09:59:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="EEYb/VsM"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231408AbiJSQ5F (ORCPT <rfc822;samuel.l.nystrom@gmail.com> + 99 others); Wed, 19 Oct 2022 12:57:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37622 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231331AbiJSQ4r (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Wed, 19 Oct 2022 12:56:47 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A91B11D066E for <linux-kernel@vger.kernel.org>; Wed, 19 Oct 2022 09:56:35 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id o17-20020a170902d4d100b0018552c4f4bcso6011420plg.13 for <linux-kernel@vger.kernel.org>; Wed, 19 Oct 2022 09:56:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=GscSUgsZGmj923/aia3vL9pbn6x7hvYEHqUbfgDwtc8=; b=EEYb/VsMizKiUoFVd4rA6w3z6WaZeZLTGOTALE6KAhnCcBnYhEXMFPjDuNc4rzrZHO nUFmb16EjwmVJfqiyDksrVEzabLxWMpScBPXbdJQUDqsH3BYALeiEkgnazdHZ08SDTWm pMYzsafuQf6bB0R8JZxi6+3SdTIbQYywOUJJoSeUwfT4C/tI/gURJ7ZZqEljbSEl0pYF ofyj11F5quyUEKESmgKhZz+Qz5tsUxfJJ2toI+fr6KON8xxn9hYtHKa3auN/hKaVVo05 FlFcYetlto1j4ks++Bnrx2snmEGCvmqDASi99sKXlRwH/EXuK7ugvY4BoYkx/gQYd3hz eczw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GscSUgsZGmj923/aia3vL9pbn6x7hvYEHqUbfgDwtc8=; b=4w91cTS5tL1veIwa9KVoViFCVF2WV6NnH9AYnoYXtoIO57eEIrrbH5FR525uRAlJ2I Oev5lTTUAw2UpphHygMzDTxS+CXszQeQpaNVq+D7hNDbBcLzXTYZCgfUXLbDd8KedAt6 gSHYXvPqcI4BlMh/LdM1e191hHCMwfqeEZZjqvyVVp1i4BDf5A9xnd1qMwQ/ZctSJeNB H30MANClchp/yLG5d8S2FdpZXiJU3WNMEaJp/uQFug5wMp6gDIvc0B0uDwQEGfSYfgTy haWth2NmumpyRtqC8IDZdPiEhNn9zeBxsjYM36i+cYErPcSgb95EiHoKpnCxzQmlWIwJ qBbA== X-Gm-Message-State: ACrzQf1j3OwiqeTR7XP1GwwVoDB/oFVyGp/qdrElk1Twp+cy1qW5aiRG dDMf7NhkkUu2FiekCkyMiWq/LS5q4MA= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:c986:b0:205:f08c:a82b with SMTP id w6-20020a17090ac98600b00205f08ca82bmr2823103pjt.1.1666198594436; Wed, 19 Oct 2022 09:56:34 -0700 (PDT) Reply-To: Sean Christopherson <seanjc@google.com> Date: Wed, 19 Oct 2022 16:56:17 +0000 In-Reply-To: <20221019165618.927057-1-seanjc@google.com> Mime-Version: 1.0 References: <20221019165618.927057-1-seanjc@google.com> X-Mailer: git-send-email 2.38.0.413.g74048e4d9e-goog Message-ID: <20221019165618.927057-8-seanjc@google.com> Subject: [PATCH v6 7/8] KVM: x86/mmu: explicitly check nx_hugepage in disallowed_hugepage_adjust() From: Sean Christopherson <seanjc@google.com> To: Sean Christopherson <seanjc@google.com>, Paolo Bonzini <pbonzini@redhat.com> Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Mingwei Zhang <mizhang@google.com>, David Matlack <dmatlack@google.com>, Yan Zhao <yan.y.zhao@intel.com>, Ben Gardon <bgardon@google.com> Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747136048361784718?= X-GMAIL-MSGID: =?utf-8?q?1747136048361784718?= |
Series |
KVM: x86: Apply NX mitigation more precisely
|
|
Commit Message
Sean Christopherson
Oct. 19, 2022, 4:56 p.m. UTC
From: Mingwei Zhang <mizhang@google.com> Explicitly check if a NX huge page is disallowed when determining if a page fault needs to be forced to use a smaller sized page. KVM currently assumes that the NX huge page mitigation is the only scenario where KVM will force a shadow page instead of a huge page, and so unnecessarily keeps an existing shadow page instead of replacing it with a huge page. Any scenario that causes KVM to zap leaf SPTEs may result in having a SP that can be made huge without violating the NX huge page mitigation. E.g. prior to commit 5ba7c4c6d1c7 ("KVM: x86/MMU: Zap non-leaf SPTEs when disabling dirty logging"), KVM would keep shadow pages after disabling dirty logging due to a live migration being canceled, resulting in degraded performance due to running with 4kb pages instead of huge pages. Although the dirty logging case is "fixed", that fix is coincidental, i.e. is an implementation detail, and there are other scenarios where KVM will zap leaf SPTEs. E.g. zapping leaf SPTEs in response to a host page migration (mmu_notifier invalidation) to create a huge page would yield a similar result; KVM would see the shadow-present non-leaf SPTE and assume a huge page is disallowed. Fixes: b8e8c8303ff2 ("kvm: mmu: ITLB_MULTIHIT mitigation") Reviewed-by: Ben Gardon <bgardon@google.com> Reviewed-by: David Matlack <dmatlack@google.com> Signed-off-by: Mingwei Zhang <mizhang@google.com> [sean: use spte_to_child_sp(), massage changelog, fold into if-statement] Signed-off-by: Sean Christopherson <seanjc@google.com> --- arch/x86/kvm/mmu/mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Comments
Reviewed-by: Yan Zhao <yan.y.zhao@intel.com> On Wed, Oct 19, 2022 at 04:56:17PM +0000, Sean Christopherson wrote: > From: Mingwei Zhang <mizhang@google.com> > > Explicitly check if a NX huge page is disallowed when determining if a > page fault needs to be forced to use a smaller sized page. KVM currently > assumes that the NX huge page mitigation is the only scenario where KVM > will force a shadow page instead of a huge page, and so unnecessarily > keeps an existing shadow page instead of replacing it with a huge page. > > Any scenario that causes KVM to zap leaf SPTEs may result in having a SP > that can be made huge without violating the NX huge page mitigation. > E.g. prior to commit 5ba7c4c6d1c7 ("KVM: x86/MMU: Zap non-leaf SPTEs when > disabling dirty logging"), KVM would keep shadow pages after disabling > dirty logging due to a live migration being canceled, resulting in > degraded performance due to running with 4kb pages instead of huge pages. > > Although the dirty logging case is "fixed", that fix is coincidental, > i.e. is an implementation detail, and there are other scenarios where KVM > will zap leaf SPTEs. E.g. zapping leaf SPTEs in response to a host page > migration (mmu_notifier invalidation) to create a huge page would yield a > similar result; KVM would see the shadow-present non-leaf SPTE and assume > a huge page is disallowed. > > Fixes: b8e8c8303ff2 ("kvm: mmu: ITLB_MULTIHIT mitigation") > Reviewed-by: Ben Gardon <bgardon@google.com> > Reviewed-by: David Matlack <dmatlack@google.com> > Signed-off-by: Mingwei Zhang <mizhang@google.com> > [sean: use spte_to_child_sp(), massage changelog, fold into if-statement] > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > arch/x86/kvm/mmu/mmu.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c > index f4f1b1591a02..14674c9e10f7 100644 > --- a/arch/x86/kvm/mmu/mmu.c > +++ b/arch/x86/kvm/mmu/mmu.c > @@ -3111,7 +3111,8 @@ void disallowed_hugepage_adjust(struct kvm_page_fault *fault, u64 spte, int cur_ > if (cur_level > PG_LEVEL_4K && > cur_level == fault->goal_level && > is_shadow_present_pte(spte) && > - !is_large_pte(spte)) { > + !is_large_pte(spte) && > + spte_to_child_sp(spte)->nx_huge_page_disallowed) { > /* > * A small SPTE exists for this pfn, but FNAME(fetch) > * and __direct_map would like to create a large PTE > -- > 2.38.0.413.g74048e4d9e-goog >
diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index f4f1b1591a02..14674c9e10f7 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -3111,7 +3111,8 @@ void disallowed_hugepage_adjust(struct kvm_page_fault *fault, u64 spte, int cur_ if (cur_level > PG_LEVEL_4K && cur_level == fault->goal_level && is_shadow_present_pte(spte) && - !is_large_pte(spte)) { + !is_large_pte(spte) && + spte_to_child_sp(spte)->nx_huge_page_disallowed) { /* * A small SPTE exists for this pfn, but FNAME(fetch) * and __direct_map would like to create a large PTE