On Tue, Jun 15, 2021 at 9:45 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> Refuse to load KVM if NX support is not available and EPT is not enabled.
> Shadow paging has assumed NX support since commit 9167ab799362 ("KVM:
> vmx, svm: always run with EFER.NXE=1 when shadow paging is active"), so
> for all intents and purposes this has been a de facto requirement for
> over a year.
>
> Do not require NX support if EPT is enabled purely because Intel CPUs let
> firmware disable NX support via MSR_IA32_MISC_ENABLES. If not for that,
> VMX (and KVM as a whole) could require NX support with minimal risk to
> breaking userspace.
>
> Fixes: 9167ab799362 ("KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active")
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>
