Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp349787pxa; Fri, 31 Jul 2020 13:53:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBVtYDcrQdO7bxpSNSb5+TFmZKvmXj+uz1xepr79PyMn5xStS+ZsHHCl8lax4XiFNoH+f4 X-Received: by 2002:a50:a187:: with SMTP id 7mr5724242edk.71.1596228833006; Fri, 31 Jul 2020 13:53:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596228832; cv=none; d=google.com; s=arc-20160816; b=VihYi+EjFG1F8TR0aElP0aPHseQOuwqN5KSdt/06WYA6l81Cqewyb5j112K63TbI4V Fc4ZbRkEh1OMYv3DuVYradI+FLIBEdyNpzSCwiKrAVggXyqOenHfSYGlbD1je2akm/Ou NlOnN/8tJNOMWzbiJd6i8enqgRrm4kvrcig+h6GszgXqfGTAY+KTYREmOrI3O1F9konU X4EYCaSQPEkHUfqlv+rc3G87HL108HD9JO2pvt0Ht4OVnvJqg/FhmYUmeV+Tdq/dFuax 6ey+7RbP7UHM2/CX17TynULd+3gi3kuqkigk4spcRdZh5Wqu4JO2i8AZGUp2ddLYU3UV tsUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:ironport-sdr:ironport-sdr; bh=PD13uJtACbnLN5G2ub4oEgKs3F+SN3YNA47vcq7kdQQ=; b=tFom42mEc1TaMXkdrPFty67rs71DLcX6JS6dTSa+2a9vYoqD96Y77juNrfJXjm4Tl8 +7lJxyMvs4vPQ4S7O9hpwKJublcppl2rvtnMUSwTOVCiUzS1h18KdGP/lPmpQrn/6AhA FFbXmsbo/mgNVmD8g3FZYaTszpV5i2ICHIOMMQUTqmr8Z2cT7jClK6wO8+Q6zPOtfXa+ HCI0aZhCT0Z2iNJ6e/YUNsdLJiRzQtjbZhUEjHcgX9XlF1GGz7aC8vQ1OM7T2aB61iZR aBny0x6AyI7vIsuhHPMatrujODiyZMA51VPPrtk1DUddhflomowf1H2CmCARlT8qti/R ndnA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ss14si5534855ejb.651.2020.07.31.13.53.30; Fri, 31 Jul 2020 13:53:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728078AbgGaUvS (ORCPT + 99 others); Fri, 31 Jul 2020 16:51:18 -0400 Received: from mga12.intel.com ([192.55.52.136]:25207 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727782AbgGaUvS (ORCPT ); Fri, 31 Jul 2020 16:51:18 -0400 IronPort-SDR: 3/83gqLT5a1hxU6ShYEj8zvQGTA2tEw1lGNdV9YWEXAzgLOV4PJK3QrlJPYxwW2zgW2jEjKcxD PCsW9/qMWHWQ== X-IronPort-AV: E=McAfee;i="6000,8403,9698"; a="131435570" X-IronPort-AV: E=Sophos;i="5.75,419,1589266800"; d="scan'208";a="131435570" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Jul 2020 13:51:18 -0700 IronPort-SDR: c5kp/zR5mS/FK+QSpEKU2MlhBeSqEi5dyMntHl6dWMCco2meH524leym/UdmY2jbPnAhBc3BnH mbgsmZZcKo9A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,419,1589266800"; d="scan'208";a="329340987" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.160]) by FMSMGA003.fm.intel.com with ESMTP; 31 Jul 2020 13:51:16 -0700 From: Sean Christopherson To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Tom Lendacky , Brijesh Singh Subject: [RFC PATCH] KVM: SVM: Disallow SEV if NPT is disabled Date: Fri, 31 Jul 2020 13:51:16 -0700 Message-Id: <20200731205116.14891-1-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Forcefully turn off SEV if NPT is disabled, e.g. via module param. SEV requires NPT as the C-bit only exists if NPT is active. Fixes: e9df09428996f ("KVM: SVM: Add sev module_param") Cc: stable@vger.kernel.org Cc: Tom Lendacky Cc: Brijesh Singh Signed-off-by: Sean Christopherson --- RFC as it's entirely possible that I am completely misunderstanding how SEV works. Compile tested only. arch/x86/kvm/svm/svm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 783330d0e7b88..e30629593458b 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -860,8 +860,14 @@ static __init int svm_hardware_setup(void) kvm_enable_efer_bits(EFER_SVME | EFER_LMSLE); } + if (!boot_cpu_has(X86_FEATURE_NPT)) + npt_enabled = false; + + if (npt_enabled && !npt) + npt_enabled = false; + if (sev) { - if (boot_cpu_has(X86_FEATURE_SEV) && + if (boot_cpu_has(X86_FEATURE_SEV) && npt_enabled && IS_ENABLED(CONFIG_KVM_AMD_SEV)) { r = sev_hardware_setup(); if (r) @@ -879,12 +885,6 @@ static __init int svm_hardware_setup(void) goto err; } - if (!boot_cpu_has(X86_FEATURE_NPT)) - npt_enabled = false; - - if (npt_enabled && !npt) - npt_enabled = false; - kvm_configure_mmu(npt_enabled, PG_LEVEL_1G); pr_info("kvm: Nested Paging %sabled\n", npt_enabled ? "en" : "dis"); -- 2.28.0