Commit 8bbed95d authored by Sean Christopherson's avatar Sean Christopherson Committed by Paolo Bonzini

KVM: x86: WARN and reject loading KVM if NX is supported but not enabled

WARN if NX is reported as supported but not enabled in EFER.  All flavors
of the kernel, including non-PAE 32-bit kernels, set EFER.NX=1 if NX is
supported, even if NX usage is disable via kernel command line.  KVM relies
on NX being enabled if it's supported, e.g. KVM will generate illegal NPT
entries if nx_huge_pages is enabled and NX is supported but not enabled.
Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
Reviewed-by: default avatarJim Mattson <jmattson@google.com>
Message-Id: <20210615164535.2146172-4-seanjc@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent b26a71a1
...@@ -10920,6 +10920,9 @@ int kvm_arch_hardware_setup(void *opaque) ...@@ -10920,6 +10920,9 @@ int kvm_arch_hardware_setup(void *opaque)
int r; int r;
rdmsrl_safe(MSR_EFER, &host_efer); rdmsrl_safe(MSR_EFER, &host_efer);
if (WARN_ON_ONCE(boot_cpu_has(X86_FEATURE_NX) &&
!(host_efer & EFER_NX)))
return -EIO;
if (boot_cpu_has(X86_FEATURE_XSAVES)) if (boot_cpu_has(X86_FEATURE_XSAVES))
rdmsrl(MSR_IA32_XSS, host_xss); rdmsrl(MSR_IA32_XSS, host_xss);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment