On Mon, Apr 11, 2022 at 2:10 PM Ben Gardon <bgardon@xxxxxxxxxx> wrote: > > Add an argument to the NX huge pages test to test disabling the feature > on a VM using the new capability. > > Signed-off-by: Ben Gardon <bgardon@xxxxxxxxxx> > --- > .../selftests/kvm/include/kvm_util_base.h | 2 + > tools/testing/selftests/kvm/lib/kvm_util.c | 19 ++++++- > .../selftests/kvm/x86_64/nx_huge_pages_test.c | 53 +++++++++++++++---- > 3 files changed, 64 insertions(+), 10 deletions(-) > > diff --git a/tools/testing/selftests/kvm/include/kvm_util_base.h b/tools/testing/selftests/kvm/include/kvm_util_base.h > index f9c2ac0a5b97..15f24be6d93f 100644 > --- a/tools/testing/selftests/kvm/include/kvm_util_base.h > +++ b/tools/testing/selftests/kvm/include/kvm_util_base.h > @@ -412,4 +412,6 @@ uint64_t vm_get_single_stat(struct kvm_vm *vm, const char *stat_name); > > uint32_t guest_get_vcpuid(void); > > +int vm_disable_nx_huge_pages(struct kvm_vm *vm); > + > #endif /* SELFTEST_KVM_UTIL_BASE_H */ > diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c > index 833c7e63d62d..5fa5608eef03 100644 > --- a/tools/testing/selftests/kvm/lib/kvm_util.c > +++ b/tools/testing/selftests/kvm/lib/kvm_util.c > @@ -112,6 +112,15 @@ int vm_check_cap(struct kvm_vm *vm, long cap) > return ret; > } > > +static int __vm_enable_cap(struct kvm_vm *vm, struct kvm_enable_cap *cap) > +{ > + int ret; > + > + ret = ioctl(vm->fd, KVM_ENABLE_CAP, cap); > + > + return ret; > +} > + > /* VM Enable Capability > * > * Input Args: > @@ -128,7 +137,7 @@ int vm_enable_cap(struct kvm_vm *vm, struct kvm_enable_cap *cap) > { > int ret; > > - ret = ioctl(vm->fd, KVM_ENABLE_CAP, cap); > + ret = __vm_enable_cap(vm, cap); > TEST_ASSERT(ret == 0, "KVM_ENABLE_CAP IOCTL failed,\n" > " rc: %i errno: %i", ret, errno); > > @@ -2662,3 +2671,11 @@ uint64_t vm_get_single_stat(struct kvm_vm *vm, const char *stat_name) > stat_name, ret); > return data; > } > + > +int vm_disable_nx_huge_pages(struct kvm_vm *vm) > +{ > + struct kvm_enable_cap cap = { 0 }; > + > + cap.cap = KVM_CAP_VM_DISABLE_NX_HUGE_PAGES; > + return __vm_enable_cap(vm, &cap); > +} > diff --git a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c > index 3f21726b22c7..f8edf7910950 100644 > --- a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c > +++ b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.c > @@ -13,6 +13,8 @@ > #include <fcntl.h> > #include <stdint.h> > #include <time.h> > +#include <linux/reboot.h> > +#include <sys/syscall.h> > > #include <test_util.h> > #include "kvm_util.h" > @@ -77,14 +79,41 @@ static void check_split_count(struct kvm_vm *vm, int expected_splits) > expected_splits, actual_splits); > } > > -int main(int argc, char **argv) > +void run_test(bool disable_nx) > { > struct kvm_vm *vm; > struct timespec ts; > void *hva; > + int r; > > vm = vm_create_default(0, 0, guest_code); > > + if (disable_nx) { > + kvm_check_cap(KVM_CAP_VM_DISABLE_NX_HUGE_PAGES); > + > + /* > + * Check if this process has the reboot permissions needed to > + * disable NX huge pages on a VM. > + * > + * The reboot call below will never have any effect because > + * the magic values are not set correctly, however the > + * permission check is done before the magic value check. > + */ > + r = syscall(SYS_reboot, 0, 0, 0, NULL); > + if (errno == EPERM) { Should this be: if (r && errno == EPERM) { ? Otherwise errno might contain a stale value. > + r = vm_disable_nx_huge_pages(vm); > + TEST_ASSERT(r == EPERM, TEST_ASSERT(r && errno == EPERM, > + "This process should not have permission to disable NX huge pages"); > + return; > + } > + > + TEST_ASSERT(errno == EINVAL, r && errno == EINVAL ? > + "Reboot syscall should fail with -EINVAL"); > + > + r = vm_disable_nx_huge_pages(vm); > + TEST_ASSERT(!r, "Disabling NX huge pages should not fail if process has reboot permissions"); nit: s/not fail/succeed/ > + } > + > vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS_HUGETLB, > HPAGE_GPA, HPAGE_SLOT, > HPAGE_SLOT_NPAGES, 0); > @@ -118,21 +147,21 @@ int main(int argc, char **argv) > * to be remapped at 4k. > */ > vcpu_run(vm, 0); > - check_2m_page_count(vm, 1); > - check_split_count(vm, 1); > + check_2m_page_count(vm, disable_nx ? 2 : 1); > + check_split_count(vm, disable_nx ? 0 : 1); > > /* > * Executing from the third huge page (previously unaccessed) will > * cause part to be mapped at 4k. > */ > vcpu_run(vm, 0); > - check_2m_page_count(vm, 1); > - check_split_count(vm, 2); > + check_2m_page_count(vm, disable_nx ? 3 : 1); > + check_split_count(vm, disable_nx ? 0 : 2); > > /* Reading from the first huge page again should have no effect. */ > vcpu_run(vm, 0); > - check_2m_page_count(vm, 1); > - check_split_count(vm, 2); > + check_2m_page_count(vm, disable_nx ? 3 : 1); > + check_split_count(vm, disable_nx ? 0 : 2); > > /* > * Give recovery thread time to run. The wrapper script sets > @@ -145,7 +174,7 @@ int main(int argc, char **argv) > /* > * Now that the reclaimer has run, all the split pages should be gone. > */ > - check_2m_page_count(vm, 1); > + check_2m_page_count(vm, disable_nx ? 3 : 1); > check_split_count(vm, 0); > > /* > @@ -153,10 +182,16 @@ int main(int argc, char **argv) > * reading from it causes a huge page mapping to be installed. > */ > vcpu_run(vm, 0); > - check_2m_page_count(vm, 2); > + check_2m_page_count(vm, disable_nx ? 3 : 2); > check_split_count(vm, 0); > > kvm_vm_free(vm); > +} > + > +int main(int argc, char **argv) > +{ > + run_test(false); > + run_test(true); > > return 0; > } > -- > 2.35.1.1178.g4f1659d476-goog >