4f76285f6d
commit 112022bdb5bc372e00e6e43cb88ee38ea67b97bd upstream
Mark NX as being used for all non-nested shadow MMUs, as KVM will set the
NX bit for huge SPTEs if the iTLB mutli-hit mitigation is enabled.
Checking the mitigation itself is not sufficient as it can be toggled on
at any time and KVM doesn't reset MMU contexts when that happens. KVM
could reset the contexts, but that would require purging all SPTEs in all
MMUs, for no real benefit. And, KVM already forces EFER.NX=1 when TDP is
disabled (for WP=0, SMEP=1, NX=0), so technically NX is never reserved
for shadow MMUs.
Fixes:
|
||
|---|---|---|
| .. | ||
| vmx | ||
| Kconfig | ||
| Makefile | ||
| cpuid.c | ||
| cpuid.h | ||
| debugfs.c | ||
| emulate.c | ||
| hyperv.c | ||
| hyperv.h | ||
| i8254.c | ||
| i8254.h | ||
| i8259.c | ||
| ioapic.c | ||
| ioapic.h | ||
| irq.c | ||
| irq.h | ||
| irq_comm.c | ||
| kvm_cache_regs.h | ||
| lapic.c | ||
| lapic.h | ||
| mmu.c | ||
| mmu.h | ||
| mmu_audit.c | ||
| mmutrace.h | ||
| mtrr.c | ||
| page_track.c | ||
| paging_tmpl.h | ||
| pmu.c | ||
| pmu.h | ||
| pmu_amd.c | ||
| svm.c | ||
| trace.h | ||
| tss.h | ||
| x86.c | ||
| x86.h | ||