[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH 02/11] x86: Reject CPU policies with vendors other than the host's
- To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
- Date: Wed, 26 Nov 2025 17:44:04 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AG5qf8fjfZnqrZGtIec0mAOfLvxnAIAvkXF8a3VTY3Y=; b=mOY4VHOloWM8SsQYadPRrbObs5Q4DU5vVcXmkIamkvqZsy0hf2To3Unropv1ZDrHAaKtdGTRQUlUHdzPEwySsYXtar2S4NcNRxnWouees36s1act71UPIJjqe8Ai/toE2JCCkKvMwISu+xJ1/DH2v1BWQ0SzYDpMXkZJ1lmYX4IpIUM/eMNNVLBJ5Nxb/hH438hL6biA7XFgM4t5BL7/M/GfRP1ljLggKQNUuElpjFAybKPtLRM3Z9iFnoyH3iRo8RMpgGiFVYUZNpkqjouI6Ia5C/DYa63JPnLHg3a9IkVOb1hdu+cbBb7ej306a9aSlta8cxDthRHMTx+p+awY5g==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=h7bLo7oo8FUPWMYvgVHDHYuUDGFcnpCGiaTWsZBg2zV1IiH9S6lY0FQsldWS8bDCUNlPHecrkiglWKziSMoVgIBGEdxL+6LrQQybPqM8K4iyPoAeevJ6f2qZTrDcvoZduN5iQMFOWhirVzn53HXBZXlJi/rZ3v4SeJzhNjGLRwVjNu6Js+8Vwj3hhk6772xEx/RYKa6/EzNRpSw6xIWoj1qr19+/CfEhm1y1Rb5K8m9q7VIvTrNDb4jtm52l/LTsexyN57Cdemu3PahOc/wSzb3Zs9AF0fi0Yha9xZTf7hx/ij2BDd4l4Wvg44Lr2Nb3SxBKhCe0wPab0JX+MWK65g==
- Cc: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>, Xenia Ragiadakou <xenia.ragiadakou@xxxxxxx>, "Stefano Stabellini" <sstabellini@xxxxxxxxxx>
- Delivery-date: Wed, 26 Nov 2025 16:45:21 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
While in principle it's possible to have a vendor virtualising another,
this is fairly tricky in practice. Not doing so enables certain
optimisations with regards to vendor checks in later patches.
Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
---
I originally had a Kconfig option to allow cross-vendor virt and
conditionally disable the check on policy compatibility. In practice,
I suspect there's 0% of people that would want that, so I decided to
simply remove it altogether. Happy to put it back if there's anyone
interested.
---
xen/lib/x86/policy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xen/lib/x86/policy.c b/xen/lib/x86/policy.c
index f033d22785..4c0c5386ea 100644
--- a/xen/lib/x86/policy.c
+++ b/xen/lib/x86/policy.c
@@ -15,7 +15,8 @@ int x86_cpu_policies_are_compatible(const struct cpu_policy
*host,
#define FAIL_MSR(m) \
do { e.msr = (m); goto out; } while ( 0 )
- if ( guest->basic.max_leaf > host->basic.max_leaf )
+ if ( (guest->basic.max_leaf > host->basic.max_leaf) ||
+ (guest->x86_vendor != host->x86_vendor) )
FAIL_CPUID(0, NA);
if ( guest->feat.max_subleaf > host->feat.max_subleaf )
--
2.43.0
|
