KVM: x86: WARN and reject loading KVM if NX is supported but not enabled

WARN if NX is reported as supported but not enabled in EFER. All flavors of the kernel, including non-PAE 32-bit kernels, set EFER.NX=1 if NX is supported, even if NX usage is disable via kernel command line. KVM relies on NX being enabled if it's supported, e.g. KVM will generate illegal NPT entries if nx_huge_pages is enabled and NX is supported but not enabled. Signed-off-by: Sean Christopherson <[email protected]> Reviewed-by: Jim Mattson <[email protected]> Message-Id: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
author: Sean Christopherson <[email protected]> 2021-06-15 09:45:34 -0700
committer: Paolo Bonzini <[email protected]> 2021-06-18 06:24:50 -0400
commit: 8bbed95d2cb6e5de8a342d761a89b0a04faed7be (patch)
tree: b29d109013807d563aea7ff33c2b23e6a175a70a
parent: b26a71a1a5b93531bd93305c9c0c7eae2d5cace1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 8b898ec8d349..76dae88cf524 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -10920,6 +10920,9 @@ int kvm_arch_hardware_setup(void *opaque)
 	int r;
 
 	rdmsrl_safe(MSR_EFER, &host_efer);
+	if (WARN_ON_ONCE(boot_cpu_has(X86_FEATURE_NX) &&
+			 !(host_efer & EFER_NX)))
+		return -EIO;
 
 	if (boot_cpu_has(X86_FEATURE_XSAVES))
 		rdmsrl(MSR_IA32_XSS, host_xss);
author	Sean Christopherson <[email protected]>	2021-06-15 09:45:34 -0700
committer	Paolo Bonzini <[email protected]>	2021-06-18 06:24:50 -0400
commit	8bbed95d2cb6e5de8a342d761a89b0a04faed7be (patch)
tree	b29d109013807d563aea7ff33c2b23e6a175a70a
parent	b26a71a1a5b93531bd93305c9c0c7eae2d5cace1 (diff)