From: Sean Christopherson <seanjc@google.com>
To: Ben Gardon <bgardon@google.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>, Peter Xu <peterx@redhat.com>,
David Matlack <dmatlack@google.com>,
Jim Mattson <jmattson@google.com>,
David Dunn <daviddunn@google.com>,
Jing Zhang <jingzhangos@google.com>,
Junaid Shahid <junaids@google.com>
Subject: Re: [PATCH v7 10/11] KVM: selftests: Test disabling NX hugepages on a VM
Date: Thu, 5 May 2022 19:14:48 +0000 [thread overview]
Message-ID: <YnQiKJcufscYYq/j@google.com> (raw)
In-Reply-To: <20220503183045.978509-11-bgardon@google.com>
On Tue, May 03, 2022, Ben Gardon wrote:
> + if (disable_nx_huge_pages) {
> + /*
> + * Cannot run the test without NX huge pages if the kernel
> + * does not support it.
> + */
> + if (!kvm_check_cap(KVM_CAP_VM_DISABLE_NX_HUGE_PAGES))
> + return;
> +
> + r = __vm_disable_nx_huge_pages(vm);
> + if (reboot_permissions) {
> + TEST_ASSERT(!r, "Disabling NX huge pages should succeed if process has reboot permissions");
> + } else {
> + TEST_ASSERT(r == -EPERM, "This process should not have permission to disable NX huge pages");
This is wrong, the return value on ioctl() failure is -1, the error code is
in errno and it's a positive value.
LOL, but it passes because EPERM == 1, hilarious. To avoid confusion:
TEST_ASSERT(r == -1 && errno == EPERM,
"This process should not have permission to disable NX huge pages");
> diff --git a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
> index 60bfed8181b9..c21c1f639141 100755
> --- a/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
> +++ b/tools/testing/selftests/kvm/x86_64/nx_huge_pages_test.sh
> @@ -16,6 +16,8 @@ HUGE_PAGES=$(sudo cat /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages)
>
> set +e
>
> +NXECUTABLE="$(dirname $0)/nx_huge_pages_test"
> +
> (
> set -e
>
> @@ -24,7 +26,15 @@ set +e
> sudo echo 100 > /sys/module/kvm/parameters/nx_huge_pages_recovery_period_ms
> sudo echo 3 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages
>
> - "$(dirname $0)"/nx_huge_pages_test 887563923
> + # Test with reboot permissions
> + sudo setcap cap_sys_boot+ep $NXECUTABLE
This leaves cap_sys_boot set on the executable if the script is run as root.
Probably this? It's moderately user friendly without going too crazy on error
handling.
# Test with reboot permissions
if [ $(whoami) != "root" ] ; then
sudo setcap cap_sys_boot+ep $NXECUTABLE
fi
$NXECUTABLE 887563923 1
# Test without reboot permissions
if [ $(whoami) != "root" ] ; then
sudo setcap cap_sys_boot-ep $NXECUTABLE
$NXECUTABLE 887563923 0
fi
> + $NXECUTABLE 887563923 1
> +
> + # Test without reboot permissions
> + if [ $(whoami) != "root" ] ; then
> + sudo setcap cap_sys_boot-ep $NXECUTABLE
> + $NXECUTABLE 887563923 0
I would much prefer a proper flag, not a magic 0 vs. 1.
> + fi
> )
> RET=$?
>
> --
> 2.36.0.464.gb9c8b46e94-goog
>
next prev parent reply other threads:[~2022-05-05 19:14 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-03 18:30 [PATCH v7 00/11] KVM: x86: Add a cap to disable NX hugepages on a VM Ben Gardon
2022-05-03 18:30 ` [PATCH v7 01/11] KVM: selftests: Remove dynamic memory allocation for stats header Ben Gardon
2022-05-03 18:30 ` [PATCH v7 02/11] KVM: selftests: Read binary stats header in lib Ben Gardon
2022-05-03 18:30 ` [PATCH v7 03/11] KVM: selftests: Read binary stats desc " Ben Gardon
2022-05-05 17:08 ` Sean Christopherson
2022-05-05 17:13 ` Sean Christopherson
2022-05-03 18:30 ` [PATCH v7 04/11] KVM: selftests: Clean up coding style in binary stats test Ben Gardon
2022-05-03 18:30 ` [PATCH v7 05/11] KVM: selftests: Read binary stat data in lib Ben Gardon
2022-05-05 18:06 ` Sean Christopherson
2022-05-05 18:38 ` Sean Christopherson
2022-05-03 18:30 ` [PATCH v7 06/11] KVM: selftests: Add NX huge pages test Ben Gardon
2022-05-05 18:59 ` Sean Christopherson
2022-05-03 18:30 ` [PATCH v7 07/11] KVM: x86: Fix errant brace in KVM capability handling Ben Gardon
2022-05-03 18:30 ` [PATCH v7 08/11] KVM: x86/MMU: Allow NX huge pages to be disabled on a per-vm basis Ben Gardon
2022-05-03 18:30 ` [PATCH v7 09/11] KVM: selftests: Factor out calculation of pages needed for a VM Ben Gardon
2022-05-03 18:30 ` [PATCH v7 10/11] KVM: selftests: Test disabling NX hugepages on " Ben Gardon
2022-05-03 18:34 ` Ben Gardon
2022-05-05 19:14 ` Sean Christopherson [this message]
2022-05-03 18:30 ` [PATCH v7 11/11] KVM: selftests: Cache binary stats metadata for duration of test Ben Gardon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YnQiKJcufscYYq/j@google.com \
--to=seanjc@google.com \
--cc=bgardon@google.com \
--cc=daviddunn@google.com \
--cc=dmatlack@google.com \
--cc=jingzhangos@google.com \
--cc=jmattson@google.com \
--cc=junaids@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.