On Tue, Jun 15, 2021 at 9:45 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > > WARN if NX is reported as supported but not enabled in EFER. All flavors > of the kernel, including non-PAE 32-bit kernels, set EFER.NX=1 if NX is > supported, even if NX usage is disable via kernel command line. KVM relies > on NX being enabled if it's supported, e.g. KVM will generate illegal NPT > entries if nx_huge_pages is enabled and NX is supported but not enabled. > > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> > --- > arch/x86/kvm/x86.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index acc28473dec7..1f6595df45de 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -10981,6 +10981,9 @@ int kvm_arch_hardware_setup(void *opaque) > int r; > > rdmsrl_safe(MSR_EFER, &host_efer); > + if (WARN_ON_ONCE(boot_cpu_has(X86_FEATURE_NX) && > + !(host_efer & EFER_NX))) > + return -EIO; Input/output error? Is that really the most appropriate error here? Why not, say, -ENOTSUP? I'm sure there's some arcane convention here that I'm not privy to. :-) Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>
