On 15/06/21 18:45, Sean Christopherson wrote:
KVM has silently required EFER.NX support for shadow paging for well over
a year, and for NPT for roughly the same amount of time. Attempting to
run any VM with shadow paging on a system without NX support will fail due
to invalid state, while enabling nx_huge_pages with NPT and no NX will
explode due to setting a reserved bit in the page tables.
I really, really wanted to require NX across the board, because the lack
of bug reports for the shadow paging change strongly suggests no one is
running KVM on a CPU that truly doesn't have NX. But, Intel CPUs let
firmware disable NX via MISC_ENABLES, so it's plausible that there are
users running KVM with EPT and no NX.
Sean Christopherson (4):
KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
KVM: SVM: Refuse to load kvm_amd if NX support is not available
KVM: x86: WARN and reject loading KVM if NX is supported but not
enabled
KVM: x86: Simplify logic to handle lack of host NX support
arch/x86/kvm/cpuid.c | 13 +++++--------
arch/x86/kvm/svm/svm.c | 13 ++++++++++---
arch/x86/kvm/vmx/vmx.c | 6 ++++++
arch/x86/kvm/x86.c | 3 +++
4 files changed, 24 insertions(+), 11 deletions(-)
Queued 1-3, thanks.
Paolo
