On Tue, Jun 15, 2021 at 9:45 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> Refuse to load KVM if NX support is not available. Shadow paging has
> assumed NX support since commit 9167ab799362 ("KVM: vmx, svm: always run
> with EFER.NXE=1 when shadow paging is active"), and NPT has assumed NX
> support since commit b8e8c8303ff2 ("kvm: mmu: ITLB_MULTIHIT mitigation").
> While the NX huge pages mitigation should not be enabled by default for
> AMD CPUs, it can be turned on by userspace at will.
>
> Unlike Intel CPUs, AMD does not provide a way for firmware to disable NX
> support, and Linux always sets EFER.NX=1 if it is supported. Given that
> it's extremely unlikely that a CPU supports NPT but not NX, making NX a
> formal requirement is far simpler than adding requirements to the
> mitigation flow.
>
> Fixes: 9167ab799362 ("KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active")
> Fixes: b8e8c8303ff2 ("kvm: mmu: ITLB_MULTIHIT mitigation")
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>
