NX support in the host is required for the shadow pagetable code to handle
SMAP correctly for guests.
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
CC: Wei Liu
CC: Roger Pau Monné
CC: George Dunlap
CC: Tim Deegan
RFC because this is a little thorny.
Strictly speaking, it is "Xen uses NX in HVM guest context" as the
prerequisite. We could in principle allow guests to use NX without using it
in Xen, but that sounds like unnecessary complication. Also, we have no
option to inhibit Xen from using NX if it finds it in hardware.
This dependency also doesn't need to occur for HAP guests.
In practice, all 64bit hardware (save the very first Intel 64bit CPUs)
supports NX, and expressing the interlock like this is far easier than trying
to account for it dynamically.
---
xen/tools/gen-cpuid.py | 5 +
1 file changed, 5 insertions(+)
diff --git a/xen/tools/gen-cpuid.py b/xen/tools/gen-cpuid.py
index 3fecae8..31fdee9 100755
--- a/xen/tools/gen-cpuid.py
+++ b/xen/tools/gen-cpuid.py
@@ -239,6 +239,11 @@ def crunch_numbers(state):
# absence of any enabled xstate.
AVX: [FMA, FMA4, F16C, AVX2, XOP],
+# This dependency exists solely for the shadow pagetable code. If the
+# host doesn't have NX support, the shadow pagetable code can't handle
+# SMAP correctly for guests.
+NX: [SMAP],
+
# CX16 is only encodable in Long Mode. LAHF_LM indicates that the
# SAHF/LAHF instructions are reintroduced in Long Mode. 1GB
# superpages, PCID and PKU are only available in 4 level paging.
--
2.1.4
___
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
