1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Usage: to be run via nx_huge_page_test.sh, which does the necessary 4 * environment setup and teardown 5 * 6 * Copyright (C) 2022, Google LLC. 7 */ 8 #include <fcntl.h> 9 #include <stdint.h> 10 #include <time.h> 11 12 #include <test_util.h> 13 #include "kvm_util.h" 14 #include "processor.h" 15 16 #define HPAGE_SLOT 10 17 #define HPAGE_GPA (4UL << 30) /* 4G prevents collision w/ slot 0 */ 18 #define HPAGE_GVA HPAGE_GPA /* GVA is arbitrary, so use GPA. */ 19 #define PAGES_PER_2MB_HUGE_PAGE 512 20 #define HPAGE_SLOT_NPAGES (3 * PAGES_PER_2MB_HUGE_PAGE) 21 22 /* 23 * Passed by nx_huge_pages_test.sh to provide an easy warning if this test is 24 * being run without it. 25 */ 26 #define MAGIC_TOKEN 887563923 27 28 /* 29 * x86 opcode for the return instruction. Used to call into, and then 30 * immediately return from, memory backed with hugepages. 31 */ 32 #define RETURN_OPCODE 0xC3 33 34 /* Call the specified memory address. */ 35 static void guest_do_CALL(uint64_t target) 36 { 37 ((void (*)(void)) target)(); 38 } 39 40 /* 41 * Exit the VM after each memory access so that the userspace component of the 42 * test can make assertions about the pages backing the VM. 43 * 44 * See the below for an explanation of how each access should affect the 45 * backing mappings. 46 */ 47 void guest_code(void) 48 { 49 uint64_t hpage_1 = HPAGE_GVA; 50 uint64_t hpage_2 = hpage_1 + (PAGE_SIZE * 512); 51 uint64_t hpage_3 = hpage_2 + (PAGE_SIZE * 512); 52 53 READ_ONCE(*(uint64_t *)hpage_1); 54 GUEST_SYNC(1); 55 56 READ_ONCE(*(uint64_t *)hpage_2); 57 GUEST_SYNC(2); 58 59 guest_do_CALL(hpage_1); 60 GUEST_SYNC(3); 61 62 guest_do_CALL(hpage_3); 63 GUEST_SYNC(4); 64 65 READ_ONCE(*(uint64_t *)hpage_1); 66 GUEST_SYNC(5); 67 68 READ_ONCE(*(uint64_t *)hpage_3); 69 GUEST_SYNC(6); 70 } 71 72 static void check_2m_page_count(struct kvm_vm *vm, int expected_pages_2m) 73 { 74 int actual_pages_2m; 75 76 actual_pages_2m = vm_get_stat(vm, "pages_2m"); 77 78 TEST_ASSERT(actual_pages_2m == expected_pages_2m, 79 "Unexpected 2m page count. Expected %d, got %d", 80 expected_pages_2m, actual_pages_2m); 81 } 82 83 static void check_split_count(struct kvm_vm *vm, int expected_splits) 84 { 85 int actual_splits; 86 87 actual_splits = vm_get_stat(vm, "nx_lpage_splits"); 88 89 TEST_ASSERT(actual_splits == expected_splits, 90 "Unexpected NX huge page split count. Expected %d, got %d", 91 expected_splits, actual_splits); 92 } 93 94 static void wait_for_reclaim(int reclaim_period_ms) 95 { 96 long reclaim_wait_ms; 97 struct timespec ts; 98 99 reclaim_wait_ms = reclaim_period_ms * 5; 100 ts.tv_sec = reclaim_wait_ms / 1000; 101 ts.tv_nsec = (reclaim_wait_ms - (ts.tv_sec * 1000)) * 1000000; 102 nanosleep(&ts, NULL); 103 } 104 105 void run_test(int reclaim_period_ms, bool disable_nx_huge_pages, 106 bool reboot_permissions) 107 { 108 struct kvm_vcpu *vcpu; 109 struct kvm_vm *vm; 110 uint64_t nr_bytes; 111 void *hva; 112 int r; 113 114 vm = vm_create(1); 115 116 if (disable_nx_huge_pages) { 117 r = __vm_disable_nx_huge_pages(vm); 118 if (reboot_permissions) { 119 TEST_ASSERT(!r, "Disabling NX huge pages should succeed if process has reboot permissions"); 120 } else { 121 TEST_ASSERT(r == -1 && errno == EPERM, 122 "This process should not have permission to disable NX huge pages"); 123 return; 124 } 125 } 126 127 vcpu = vm_vcpu_add(vm, 0, guest_code); 128 129 vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS_HUGETLB, 130 HPAGE_GPA, HPAGE_SLOT, 131 HPAGE_SLOT_NPAGES, 0); 132 133 nr_bytes = HPAGE_SLOT_NPAGES * vm->page_size; 134 135 /* 136 * Ensure that KVM can map HPAGE_SLOT with huge pages by mapping the 137 * region into the guest with 2MiB pages whenever TDP is disabled (i.e. 138 * whenever KVM is shadowing the guest page tables). 139 * 140 * When TDP is enabled, KVM should be able to map HPAGE_SLOT with huge 141 * pages irrespective of the guest page size, so map with 4KiB pages 142 * to test that that is the case. 143 */ 144 if (kvm_is_tdp_enabled()) 145 virt_map_level(vm, HPAGE_GVA, HPAGE_GPA, nr_bytes, PG_LEVEL_4K); 146 else 147 virt_map_level(vm, HPAGE_GVA, HPAGE_GPA, nr_bytes, PG_LEVEL_2M); 148 149 hva = addr_gpa2hva(vm, HPAGE_GPA); 150 memset(hva, RETURN_OPCODE, nr_bytes); 151 152 check_2m_page_count(vm, 0); 153 check_split_count(vm, 0); 154 155 /* 156 * The guest code will first read from the first hugepage, resulting 157 * in a huge page mapping being created. 158 */ 159 vcpu_run(vcpu); 160 check_2m_page_count(vm, 1); 161 check_split_count(vm, 0); 162 163 /* 164 * Then the guest code will read from the second hugepage, resulting 165 * in another huge page mapping being created. 166 */ 167 vcpu_run(vcpu); 168 check_2m_page_count(vm, 2); 169 check_split_count(vm, 0); 170 171 /* 172 * Next, the guest will execute from the first huge page, causing it 173 * to be remapped at 4k. 174 * 175 * If NX huge pages are disabled, this should have no effect. 176 */ 177 vcpu_run(vcpu); 178 check_2m_page_count(vm, disable_nx_huge_pages ? 2 : 1); 179 check_split_count(vm, disable_nx_huge_pages ? 0 : 1); 180 181 /* 182 * Executing from the third huge page (previously unaccessed) will 183 * cause part to be mapped at 4k. 184 * 185 * If NX huge pages are disabled, it should be mapped at 2M. 186 */ 187 vcpu_run(vcpu); 188 check_2m_page_count(vm, disable_nx_huge_pages ? 3 : 1); 189 check_split_count(vm, disable_nx_huge_pages ? 0 : 2); 190 191 /* Reading from the first huge page again should have no effect. */ 192 vcpu_run(vcpu); 193 check_2m_page_count(vm, disable_nx_huge_pages ? 3 : 1); 194 check_split_count(vm, disable_nx_huge_pages ? 0 : 2); 195 196 /* Give recovery thread time to run. */ 197 wait_for_reclaim(reclaim_period_ms); 198 199 /* 200 * Now that the reclaimer has run, all the split pages should be gone. 201 * 202 * If NX huge pages are disabled, the relaimer will not run, so 203 * nothing should change from here on. 204 */ 205 check_2m_page_count(vm, disable_nx_huge_pages ? 3 : 1); 206 check_split_count(vm, 0); 207 208 /* 209 * The 4k mapping on hpage 3 should have been removed, so check that 210 * reading from it causes a huge page mapping to be installed. 211 */ 212 vcpu_run(vcpu); 213 check_2m_page_count(vm, disable_nx_huge_pages ? 3 : 2); 214 check_split_count(vm, 0); 215 216 kvm_vm_free(vm); 217 } 218 219 static void help(char *name) 220 { 221 puts(""); 222 printf("usage: %s [-h] [-p period_ms] [-t token]\n", name); 223 puts(""); 224 printf(" -p: The NX reclaim period in milliseconds.\n"); 225 printf(" -t: The magic token to indicate environment setup is done.\n"); 226 printf(" -r: The test has reboot permissions and can disable NX huge pages.\n"); 227 puts(""); 228 exit(0); 229 } 230 231 int main(int argc, char **argv) 232 { 233 int reclaim_period_ms = 0, token = 0, opt; 234 bool reboot_permissions = false; 235 236 while ((opt = getopt(argc, argv, "hp:t:r")) != -1) { 237 switch (opt) { 238 case 'p': 239 reclaim_period_ms = atoi_positive("Reclaim period", optarg); 240 break; 241 case 't': 242 token = atoi_paranoid(optarg); 243 break; 244 case 'r': 245 reboot_permissions = true; 246 break; 247 case 'h': 248 default: 249 help(argv[0]); 250 break; 251 } 252 } 253 254 TEST_REQUIRE(kvm_has_cap(KVM_CAP_VM_DISABLE_NX_HUGE_PAGES)); 255 256 __TEST_REQUIRE(token == MAGIC_TOKEN, 257 "This test must be run with the magic token via '-t %d'.\n" 258 "Running via nx_huge_pages_test.sh, which also handles " 259 "environment setup, is strongly recommended.", MAGIC_TOKEN); 260 261 run_test(reclaim_period_ms, false, reboot_permissions); 262 run_test(reclaim_period_ms, true, reboot_permissions); 263 264 return 0; 265 } 266 267