Xen project Mailing List

Re: [PATCH 2/4] x86/hvm: Disable non-FEP cross-vendor handling in #UD handler

To: Teddy Astie <teddy.astie@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>

Date: Fri, 23 Jan 2026 13:28:05 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vates.tech smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1iq5sflv63LWyrg4NiWJJtH93bDCkUumyWiTjyyQf5E=; b=uzWCIkfdpwDAdJ2g2O3tVevy//eVmPgjkqwecW2fqzdxt8E9YZqVVVsH0+cudEfKE3dlE/6DE5ZwgQteBDqWo+5IIGLz8jwkUwRuQtbJ4RnYdLadhjKW11rjuW0H4nRXRd5Ugxvtq+I9uYYcnTHQ95+4JkIZ561pQD++Q6lR3GJ9SYQ6UAtKERYI/HixBtHoPjigCxm0zyzr6U2d0HnNDIp3rIeiLJwfT3JESofrhzHwq+S/14XiVNYfH/D3zXybvGJVGgTPci+Ba2Z8qF0dctBs81ukKxlST+ojssTVRLpc8xDSiezpXQU2y1P+MM8K3xYQkemzPGqmidZK4Yj9cQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MTy1xXHBIRFOTSt7DdSGj2bfTQEfaRNDZZGP9JZDSCRCzlW1PQc/o2Iht3/Va6rLvQ/Qo95G0R8IyW+ro4zARk03a5pIaAL1d3O7ADrmDnOQQ1iOG6pv4as6e4iDrrSsWu5+3BbBISEs7NT3m0lbtiptgHC/Rnh3GdnG7vVR+obUVPShxVG/27faLwWUBQAJ0tQObsAzWXLj8E+XlOIM9QTjfsIUbpgzO5iJDiTuGFEjisDAXyFrPuZmcad4cmrk0a2G6QotaNeEZ7YfMIsguZj+BC48w94F7epyEZvQDv0giIGcsbHXcH3RKFpDH9OmI4fze4lCVUWpxPHIPuR4lw==

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jason Andryuk <jason.andryuk@xxxxxxx>

Delivery-date: Fri, 23 Jan 2026 12:28:35 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu Jan 22, 2026 at 6:28 PM CET, Teddy Astie wrote: > Le 22/01/2026 à 17:52, Alejandro Vallejo a écrit : >> Remove cross-vendor support now that VMs can no longer have a different >> vendor than the host, leaving FEP as the sole raison-d'être for #UD >> interception. >> >> Not a functional change. >> >> Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx> >> --- >> xen/arch/x86/hvm/hvm.c | 25 ++++--------------------- >> xen/arch/x86/hvm/svm/svm.c | 4 ++-- >> xen/arch/x86/hvm/vmx/vmx.c | 4 ++-- >> 3 files changed, 8 insertions(+), 25 deletions(-) >> >> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c >> index 4d37a93c57..611ff83a60 100644 >> --- a/xen/arch/x86/hvm/hvm.c >> +++ b/xen/arch/x86/hvm/hvm.c >> @@ -3832,28 +3832,13 @@ int hvm_descriptor_access_intercept(uint64_t >> exit_info, >> return X86EMUL_OKAY; >> } >> >> -static bool cf_check is_cross_vendor( >> - const struct x86_emulate_state *state, const struct x86_emulate_ctxt >> *ctxt) >> -{ >> - switch ( ctxt->opcode ) >> - { >> - case X86EMUL_OPC(0x0f, 0x05): /* syscall */ >> - case X86EMUL_OPC(0x0f, 0x34): /* sysenter */ >> - case X86EMUL_OPC(0x0f, 0x35): /* sysexit */ >> - return true; >> - } >> - >> - return false; >> -} >> - >> +#ifdef CONFIG_HVM_FEP > > I'm not sure it is wise to put it being ifdef given that we have it in > support.h. We already abuse code elision in this manner. See domain_soft_reset(). It's intentional, to avoid polluting the headers. You'll get a link error anyway (as opposed to a compile time error). > > Given that this function now assume we have FEP enabled (since it's only > called in that case), I think we should rename it to reflect that, like > "hvm_fep_intercept" and drop the non-FEP logic. I'm not a big fan of renaming the handler, because it'd force future changes where #UD is invoked in more cases than HVM_FEP to rename it back. But yes to the removal of the non-FEP logic. Cheers, Alejandro

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.