On Fri, Jun 02, 2023, Robert Hoo wrote:
> On 6/2/2023 8:58 AM, Sean Christopherson wrote:
> > @@ -6860,15 +6871,29 @@ static int set_nx_huge_pages(const char *val, const struct kernel_param *kp)
> > bool old_val = nx_huge_pages;
> > bool new_val;
> > + if (nx_hugepage_mitigation_hard_disabled)
> > + return -EPERM;
> > +
> > /* In "auto" mode deploy workaround only if CPU has the bug. */
> > - if (sysfs_streq(val, "off"))
> > + if (sysfs_streq(val, "off")) {
> > new_val = 0;
> > - else if (sysfs_streq(val, "force"))
> > + } else if (sysfs_streq(val, "force")) {
> > new_val = 1;
> > - else if (sysfs_streq(val, "auto"))
> > + } else if (sysfs_streq(val, "auto")) {
> > new_val = get_nx_auto_mode();
> > - else if (kstrtobool(val, &new_val) < 0)
> > + } else if (sysfs_streq(val, "never")) {
> > + new_val = 0;
> > +
> > + mutex_lock(&kvm_lock);
> > + if (!list_empty(&vm_list)) {
> > + mutex_unlock(&kvm_lock);
> > + return -EBUSY;
> > + }
> > + nx_hugepage_mitigation_hard_disabled = true;
> > + mutex_unlock(&kvm_lock);
> > + } else if (kstrtobool(val, &new_val) < 0) {
> > return -EINVAL;
> > + }
> >
>
> IIUC, (Initially) "auto_off"/"off" --> create some VM --> turn to "never",
> the created VMs still have those kthreads, but can never be used, until
> destroyed with VM.
Shouldn't be able to happen. The above rejects "never" if vm_list isn't empty,
i.e. if there are any VMs, and sets nx_hugepage_mitigation_hard_disabled under
kvm_lock to ensure it can't race with KVM_CREATE_VM. I forgot to call this out
in the changelog though.
