From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 29 Oct 2019 20:33:57 -0000 Received: from mga05.intel.com ([192.55.52.43]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iPYBg-0006Sn-IY for speck@linutronix.de; Tue, 29 Oct 2019 21:33:56 +0100 Date: Tue, 29 Oct 2019 13:33:53 -0700 From: mark gross Subject: [MODERATED] Re: ***UNCHECKED*** Re: Re: [PATCH v7 3/5] NX 3 Message-ID: <20191029203353.GA10372@u1904> Reply-To: mgross@linux.intel.com References: <1571934870-34323-1-git-send-email-pbonzini@redhat.com> <1571934870-34323-4-git-send-email-pbonzini@redhat.com> <20191025083739.GC7069@suse.de> <20191025090331.GD7069@suse.de> <201e8590-30ed-ab29-6fc2-bbeab1fb5592@redhat.com> <20191025094527.GE7069@suse.de> <801f92a4-befa-79da-8f64-7d721f6e5c8f@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <801f92a4-befa-79da-8f64-7d721f6e5c8f@redhat.com> To: speck@linutronix.de List-ID: On Fri, Oct 25, 2019 at 12:39:58PM +0200, speck for Paolo Bonzini wrote: > On 25/10/19 11:45, speck for Joerg Roedel wrote: > > On Fri, Oct 25, 2019 at 11:08:25AM +0200, speck for Paolo Bonzini wrote: > >> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > >> index e7970a2e8eae..8979d5e7b6f5 100644 > >> --- a/arch/x86/kvm/vmx/vmx.c > >> +++ b/arch/x86/kvm/vmx/vmx.c > >> @@ -969,17 +969,9 @@ static bool update_transition_efer(struct vcpu_vmx *vmx, int efer_offset) > >> u64 guest_efer = vmx->vcpu.arch.efer; > >> u64 ignore_bits = 0; > >> > >> - if (!enable_ept) { > >> - /* > >> - * NX is needed to handle CR0.WP=1, CR4.SMEP=1. Testing > >> - * host CPUID is more efficient than testing guest CPUID > >> - * or CR4. Host SMEP is anyway a requirement for guest SMEP. > >> - */ > >> - if (boot_cpu_has(X86_FEATURE_SMEP)) > >> - guest_efer |= EFER_NX; > >> - else if (!(guest_efer & EFER_NX)) > >> - ignore_bits |= EFER_NX; > >> - } > >> + /* Shadow paging assumes the NX bit to be available. */ > >> + if (!enable_ept) > >> + guest_efer |= EFER_NX; > >> > >> /* > >> * LMA and LME handled by hardware; SCE meaningless outside long mode. > > > > Works with ept on and off, thanks. > > Thanks, I'll include also the AMD version in a new patch and send it out as v8: > > diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c > index 4153ca8cddb7..29feb3ecc91c 100644 > --- a/arch/x86/kvm/svm.c > +++ b/arch/x86/kvm/svm.c > @@ -739,8 +739,12 @@ static int get_npt_level(struct kvm_vcpu *vcpu) > static void svm_set_efer(struct kvm_vcpu *vcpu, u64 efer) > { > vcpu->arch.efer = efer; > - if (!npt_enabled && !(efer & EFER_LMA)) > - efer &= ~EFER_LME; > + if (!npt_enabled) { > + /* Shadow paging assumes the NX bit to be available. */ > + efer |= EFER_NXE; ^EFER_NX ? --mark > + if (!(efer & EFER_LMA)) > + efer &= ~EFER_LME; > + } > > to_svm(vcpu)->vmcb->save.efer = efer | EFER_SVME; > mark_dirty(to_svm(vcpu)->vmcb, VMCB_CR); > > Paolo >