On Fri, 2023-06-02 at 08:09 -0700, Sean Christopherson wrote:
> On Fri, Jun 02, 2023, Robert Hoo wrote:
> > On 6/2/2023 8:58 AM, Sean Christopherson wrote:
> > > @@ -6860,15 +6871,29 @@ static int set_nx_huge_pages(const char *val, const struct kernel_param *kp)
> > > bool old_val = nx_huge_pages;
> > > bool new_val;
> > > + if (nx_hugepage_mitigation_hard_disabled)
> > > + return -EPERM;
> > > +
> > > /* In "auto" mode deploy workaround only if CPU has the bug. */
> > > - if (sysfs_streq(val, "off"))
> > > + if (sysfs_streq(val, "off")) {
> > > new_val = 0;
> > > - else if (sysfs_streq(val, "force"))
> > > + } else if (sysfs_streq(val, "force")) {
> > > new_val = 1;
> > > - else if (sysfs_streq(val, "auto"))
> > > + } else if (sysfs_streq(val, "auto")) {
> > > new_val = get_nx_auto_mode();
> > > - else if (kstrtobool(val, &new_val) < 0)
> > > + } else if (sysfs_streq(val, "never")) {
> > > + new_val = 0;
> > > +
> > > + mutex_lock(&kvm_lock);
> > > + if (!list_empty(&vm_list)) {
> > > + mutex_unlock(&kvm_lock);
> > > + return -EBUSY;
> > > + }
> > > + nx_hugepage_mitigation_hard_disabled = true;
> > > + mutex_unlock(&kvm_lock);
> > > + } else if (kstrtobool(val, &new_val) < 0) {
> > > return -EINVAL;
> > > + }
> > >
> >
> > IIUC, (Initially) "auto_off"/"off" --> create some VM --> turn to "never",
> > the created VMs still have those kthreads, but can never be used, until
> > destroyed with VM.
>
> Shouldn't be able to happen. The above rejects "never" if vm_list isn't empty,
> i.e. if there are any VMs, and sets nx_hugepage_mitigation_hard_disabled under
> kvm_lock to ensure it can't race with KVM_CREATE_VM. I forgot to call this out
> in the changelog though.
Also IIUC once set to "never" userspace will not be able to switch to other
modes, unless userspace reloads KVM. Worth to call out this too?
Acked-by: Kai Huang <kai.huang@xxxxxxxxx>
