Xen project Mailing List

[PATCH 2/4] x86/hvm: Disable non-FEP cross-vendor handling in #UD handler

From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>

Date: Thu, 22 Jan 2026 17:49:38 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9EmXfLyMCmn0zGN/UiCxh5bIuJ3Np7zB11ymzGrJfEo=; b=vDm6BA112AYdrblBXZtcb0LwTsHTIlnZQriQo0wDyHYSsCELDw724NuZTTqESovDs4tUlv8/XMaje2aWXgQF/h8tEZSpjMI5ZAiBFhOOnRBy/aZg4LuPXHAThv+U1anVNEr1UPxr4Tqmb0l+TZpJjpK+c9E+4QeNmdnTnPgbDB30qquFM0k68waSxIG4Q3ihWUFCWJu9Qoewq2N9p5Dc0DnA4kKC7WmqqfBstt2l54hstj9vZTLxjdg8eQlDsBCZqPvUf8tfyNfrkioHXfSj16a0JsFCZoLXEmAHP6fhkHbuDRDR+/wUhsKwcBkyRDPW6Wp++EhAN4pm64lOWi22OA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=F16LbJM365Mjp73ksxnDTLcGqvz77xXQTgRjVNdQoLxG6CansKNb7fWd/h9ij9ih6LEY+xenNB0w/4U+9PLSvV9EBEJ8Mf5SzhzG60Y+wEcPVcTok2XXVoqKAEsbnnSZAjvafXWlcTxTwjJDoEM6ZSjsUMc/A2udQJDYXnaQZymtJE2xVlI4CCjIG6wbXYgxrWbEWop/INi7vZubL2G8u8GFN5snF/S9LIe+JiGnK19UwWbgfFZavVmJadjznkTB9oDFXIm244oc/+711YZubi14pw1uyLkajCbQjAWBNFhxhR3NTMcT3HfhHLxWD0UmvstRIxj1nPAC57VywDiizA==

Cc: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>

Delivery-date: Thu, 22 Jan 2026 16:50:17 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Remove cross-vendor support now that VMs can no longer have a different vendor than the host, leaving FEP as the sole raison-d'être for #UD interception. Not a functional change. Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx> --- xen/arch/x86/hvm/hvm.c | 25 ++++--------------------- xen/arch/x86/hvm/svm/svm.c | 4 ++-- xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- 3 files changed, 8 insertions(+), 25 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 4d37a93c57..611ff83a60 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3832,28 +3832,13 @@ int hvm_descriptor_access_intercept(uint64_t exit_info, return X86EMUL_OKAY; } -static bool cf_check is_cross_vendor( - const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt) -{ - switch ( ctxt->opcode ) - { - case X86EMUL_OPC(0x0f, 0x05): /* syscall */ - case X86EMUL_OPC(0x0f, 0x34): /* sysenter */ - case X86EMUL_OPC(0x0f, 0x35): /* sysexit */ - return true; - } - - return false; -} - +#ifdef CONFIG_HVM_FEP void hvm_ud_intercept(struct cpu_user_regs *regs) { struct vcpu *cur = current; - bool should_emulate = - cur->domain->arch.cpuid->x86_vendor != boot_cpu_data.x86_vendor; struct hvm_emulate_ctxt ctxt; - hvm_emulate_init_once(&ctxt, opt_hvm_fep ? NULL : is_cross_vendor, regs); + hvm_emulate_init_once(&ctxt, NULL, regs); if ( opt_hvm_fep ) { @@ -3878,12 +3863,9 @@ void hvm_ud_intercept(struct cpu_user_regs *regs) regs->rip = (uint32_t)regs->rip; add_taint(TAINT_HVM_FEP); - - should_emulate = true; } } - - if ( !should_emulate ) + else { hvm_inject_hw_exception(X86_EXC_UD, X86_EVENT_NO_EC); return; @@ -3903,6 +3885,7 @@ void hvm_ud_intercept(struct cpu_user_regs *regs) break; } } +#endif /* CONFIG_HVM_FEP */ enum hvm_intblk hvm_interrupt_blocked(struct vcpu *v, struct hvm_intack intack) { diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 18ba837738..0658ca990f 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -589,8 +589,7 @@ static void cf_check svm_cpuid_policy_changed(struct vcpu *v) const struct cpu_policy *cp = v->domain->arch.cpu_policy; u32 bitmap = vmcb_get_exception_intercepts(vmcb); - if ( opt_hvm_fep || - (v->domain->arch.cpuid->x86_vendor != boot_cpu_data.x86_vendor) ) + if ( opt_hvm_fep ) bitmap |= (1U << X86_EXC_UD); else bitmap &= ~(1U << X86_EXC_UD); @@ -2810,6 +2809,7 @@ void asmlinkage svm_vmexit_handler(void) break; case VMEXIT_EXCEPTION_UD: + BUG_ON(!IS_ENABLED(CONFIG_HVM_FEP)); hvm_ud_intercept(regs); break; diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 40e4c71244..34e988ee61 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -797,8 +797,7 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v) const struct cpu_policy *cp = v->domain->arch.cpu_policy; int rc = 0; - if ( opt_hvm_fep || - (v->domain->arch.cpuid->x86_vendor != boot_cpu_data.x86_vendor) ) + if ( opt_hvm_fep ) v->arch.hvm.vmx.exception_bitmap |= (1U << X86_EXC_UD); else v->arch.hvm.vmx.exception_bitmap &= ~(1U << X86_EXC_UD); @@ -4576,6 +4575,7 @@ void asmlinkage vmx_vmexit_handler(struct cpu_user_regs *regs) /* Already handled above. */ break; case X86_EXC_UD: + BUG_ON(!IS_ENABLED(CONFIG_HVM_FEP)); TRACE(TRC_HVM_TRAP, vector); hvm_ud_intercept(regs); break; -- 2.43.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.