On Fri, Sep 01, 2023, Luiz Capitulino wrote: > From: Sean Christopherson <seanjc@xxxxxxxxxx> > > Commit 0b210faf337314e4bc88e796218bc70c72a51209 upstream. > > [ Resolved a small conflict in arch/x86/kvm/mmu/mmu.c::kvm_mmu_post_init_vm() > which is due kvm_nx_lpage_recovery_worker() being renamed in upstream > commit 55c510e26ab6181c132327a8b90c864e6193ce27 ] > > Add a "never" option to the nx_huge_pages module param to allow userspace > to do a one-way hard disabling of the mitigation, and don't create the > per-VM recovery threads when the mitigation is hard disabled. Letting > userspace pinky swear that userspace doesn't want to enable NX mitigation > (without reloading KVM) allows certain use cases to avoid the latency > problems associated with spawning a kthread for each VM. > > E.g. in FaaS use cases, the guest kernel is trusted and the host may > create 100+ VMs per logical CPU, which can result in 100ms+ latencies when > a burst of VMs is created. > > Reported-by: Li RongQing <lirongqing@xxxxxxxxx> > Closes: https://lore.kernel.org/all/1679555884-32544-1-git-send-email-lirongqing@xxxxxxxxx > Cc: Yong He <zhuangel570@xxxxxxxxx> > Cc: Robert Hoo <robert.hoo.linux@xxxxxxxxx> > Cc: Kai Huang <kai.huang@xxxxxxxxx> > Reviewed-by: Robert Hoo <robert.hoo.linux@xxxxxxxxx> > Acked-by: Kai Huang <kai.huang@xxxxxxxxx> > Tested-by: Luiz Capitulino <luizcap@xxxxxxxxxx> > Reviewed-by: Li RongQing <lirongqing@xxxxxxxxx> > Link: https://lore.kernel.org/r/20230602005859.784190-1-seanjc@xxxxxxxxxx > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> > Signed-off-by: Luiz Capitulino <luizcap@xxxxxxxxxx> > --- Acked-by: Sean Christopherson <seanjc@xxxxxxxxxx>
