Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp4096807pxj; Tue, 15 Jun 2021 15:31:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwj4fgu9v1ixF88/1iE232so3wVFNE5cshU5IWSGW9BnQF834KIiVZ+Uwu8lkEo8Z2uMTdD X-Received: by 2002:a02:c987:: with SMTP id b7mr1201178jap.129.1623796296095; Tue, 15 Jun 2021 15:31:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623796296; cv=none; d=google.com; s=arc-20160816; b=J6rRI013EIhbQmCeKtIzXXtYCss+i5GO+u3GKYHq/UZkovzhizYtFKQiDOnuZvYxLd HThV65XjMT57TVApNgdL5XdYD6ecO3Kz/+Nj62Btoi0eQPsqakfhfGTSEwu9ASE/BL2F rNVjgxdE4RzUNSLUOmdkrSXoJtaXoqX5yYChbrckH/+96+L/9kB3x+RAfUABCHS8h6Ob OjULc7R2n+wh8pzp2akPqvmqGprSS4dP1v/px6oPVmFDgWdh4YJen6U4QRQmimqgZhn7 uQHFJ2sgC9FviLabIOOU2tbxT+3UfK3sfJBYbzr4HVAiMkx00U3YYn2Nzf3gQaYB0GU2 Q6KA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=YZakAu6vDnZNEmPvqktyn2oZMAH5BhmuwRP0pEeDFUA=; b=SS0hJuUirb/H03xV09AW5l4yc//GbCFkgW0ihC49Z15no43ge1ZyW/RxG5PRhBWBW3 aRraIB/HLdW5XzxVcBUiLHUetyBDU49xjzKZe5WXzCDMTpkYSPFvMwN0CRAP5oZe2zT9 aOOYF/9YKzA+rUgtjhE8ZyiCnG6cqR/y3hB7/x6C+u/7+Rq2gR3zLR6vnA13x3h0qeHm w78nbOpc6VDRuCLuUOhfuV9VV3O3GyRz8AgPXJA4M6JyFUTPJFHzc38/tfUU82F6fdt+ wJTtpjOEpb1i6Ay5QtW81gjBXNOPgYuo7kEOdPT/2svnE/6nglgsJliRJH/CKG92v6jk BMPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jCY7GJXJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y3si556221jad.12.2021.06.15.15.31.23; Tue, 15 Jun 2021 15:31:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=jCY7GJXJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230012AbhFOWcw (ORCPT + 99 others); Tue, 15 Jun 2021 18:32:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35510 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229898AbhFOWcv (ORCPT ); Tue, 15 Jun 2021 18:32:51 -0400 Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDFB0C061574 for ; Tue, 15 Jun 2021 15:30:45 -0700 (PDT) Received: by mail-ot1-x32c.google.com with SMTP id h24-20020a9d64180000b029036edcf8f9a6so527267otl.3 for ; Tue, 15 Jun 2021 15:30:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YZakAu6vDnZNEmPvqktyn2oZMAH5BhmuwRP0pEeDFUA=; b=jCY7GJXJiumTS0wWAuQQNTFjKplqBjVFn5buIpNjm5wqI4A+WpuvrapJtp7KIemCr1 ilDivDkTGRUrU7giBkX6lSYiPmOoc15w01fLye2zsTaDR58bMphtwzZDbHXUBx7i/MHq +3fi7VdsRBbVX0BFYKIa0P7EeemGUMbadQ5cpHI2Hs0lGUJyxKeUvGflJr45yWAkGZSb BE6S3o63B1gyBCepO8lcFAUu9ZgiZuNZBe8V25Dhu2JJNJPc5LUUXe5IhUQDXIlFLk/p VauRSOl5CgYVqMZHQt/w7pgfPfGlMVrxZZPvLm4nAawjrpM0LcDEdwj6Wmg9OIl28zLG dYlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YZakAu6vDnZNEmPvqktyn2oZMAH5BhmuwRP0pEeDFUA=; b=j5oFxyeAd3TBeHE5x9wh7+e1Kkb4iP3FPa10CtM/MYlXIGz4SRdxVIlWSU9JaIL3N0 lzTZMKmajW9l0jzV6jFd5862zTYagDcS8bpz20tznREwSQAPtJYlJBXlm9iGk1A6lY11 1dij6tN/jfZtPZN0EFCh0kg0DySQW6JnMlhmE5XgwAlLs9CZvt0vR5szkYTQ6VAUkBot 2QZEd2Z1DE6wyz2mVWrXyyqf1fal3LFGnCh8UFsXy/b6jw4ehyCx7zXoatMc8pKVJkvN twucip52ChpUoGLJe970F0rEx/etcnE88NkVnzzhgWDVRaE6DbyqQZvTIqTEY/CrN/mG ybcg== X-Gm-Message-State: AOAM530uJJIEAOHA0e/VTceHd8JKL/YsZ/mdoUykrpi8/qdClI8uKRZk AN0Gt+o0UV+AxzGiQ0BoNJGE1J9Pe7ffgPF7/SPf3Q== X-Received: by 2002:a05:6830:124d:: with SMTP id s13mr1175538otp.241.1623796244796; Tue, 15 Jun 2021 15:30:44 -0700 (PDT) MIME-Version: 1.0 References: <20210615164535.2146172-1-seanjc@google.com> <20210615164535.2146172-3-seanjc@google.com> In-Reply-To: <20210615164535.2146172-3-seanjc@google.com> From: Jim Mattson Date: Tue, 15 Jun 2021 15:30:33 -0700 Message-ID: Subject: Re: [PATCH 2/4] KVM: SVM: Refuse to load kvm_amd if NX support is not available To: Sean Christopherson Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , kvm list , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 15, 2021 at 9:45 AM Sean Christopherson wrote: > > Refuse to load KVM if NX support is not available. Shadow paging has > assumed NX support since commit 9167ab799362 ("KVM: vmx, svm: always run > with EFER.NXE=1 when shadow paging is active"), and NPT has assumed NX > support since commit b8e8c8303ff2 ("kvm: mmu: ITLB_MULTIHIT mitigation"). > While the NX huge pages mitigation should not be enabled by default for > AMD CPUs, it can be turned on by userspace at will. > > Unlike Intel CPUs, AMD does not provide a way for firmware to disable NX > support, and Linux always sets EFER.NX=1 if it is supported. Given that > it's extremely unlikely that a CPU supports NPT but not NX, making NX a > formal requirement is far simpler than adding requirements to the > mitigation flow. > > Fixes: 9167ab799362 ("KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active") > Fixes: b8e8c8303ff2 ("kvm: mmu: ITLB_MULTIHIT mitigation") > Signed-off-by: Sean Christopherson Reviewed-by: Jim Mattson