Xen project Mailing List

Re: [PATCH 1/4] x86: Reject CPU policies with vendors other than the host's

To: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 23 Jan 2026 16:29:12 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LEOtKeBGlUPLIMFURNRfGSxbS9QzFPGX1/pq2kd9dcE=; b=IVzP61+F1HxOxpWd08i08kuKZS3vniBzQ0tce6W7yUWj0bFCS2mmTgC0kg4mAtKWUv3Pl5R49jWmZkY/o36/hzWYoT+I3dD/hXKFD3ABvj2XB/9WhB/E7vtRlAZJKhC8B0EI1D2MsJT3FShEpX1RF/OF4r5sxzTlKbZDYDAMWq9ux+K9n02dQ/IjfVydGkxQWxy8Wm3NNb/aTQAn5wNMTKuvGPmVvt/x33sR6WDQ1YCE+KUmAy15G+jtL0hsnccgs7F85gA6ziwth4wOqWsJvFovvfFLYYRpbLrBh1bpMFVMvrJ3A949tgYq6oZ36qjItCl7VHhziCOnx/RlNtbg4w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jtkr/L1ItME57x83BnfaXuziLuT8IJtnY/JD6NvEsFuM9fm/IOb/wwAMl5RxXY50g9V7yEQv4EEtTy1fvG23fo49NHcOz/zul6AP+tHIY+DnHSYaQUSQT1HFMf832VHn1CdexFFROqq2IR8Od4QHNeM5CATZNGM/l8tHaamT15AZlxn8++d2X55qC5hmGgyT9c0C2Z2BqyTFUmNjuBFRm6/LF2H4WDW1211C8c0HqePsVmMWdaghl8yE2Lv36a4wLXzIDpi8eI7zR1GbH6YS7uCJvkYFoKRVXUWyL+m+AyCqUjK2xzFpDUYhzwvN6zFHUcTu3jPYdrFwqH7J6zZ/+Q==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, Community Manager <community.manager@xxxxxxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Fri, 23 Jan 2026 16:29:43 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22/01/2026 4:49 pm, Alejandro Vallejo wrote: > diff --git a/CHANGELOG.md b/CHANGELOG.md > index 18f3d10f20..eae2f961c7 100644 > --- a/CHANGELOG.md > +++ b/CHANGELOG.md > @@ -22,6 +22,10 @@ The format is based on [Keep a > Changelog](https://keepachangelog.com/en/1.0.0/) > - Xenoprofile support. Oprofile themselves removed support for Xen in > 2014 > prior to the version 1.0 release, and there has been no development > since > before then in Xen. > + - Cross-vendor support. Refuse to start domains whose CPU vendor differs > + from the host so that security mitigations stay consistent. Cross-vendor > + setups have been unreliable and not practical since 2017 with the > advent of > + speculation security. This is going to want expanding upon, but there's a subtle change in patch 4 needing addressing first. > diff --git a/xen/lib/x86/policy.c b/xen/lib/x86/policy.c > index f033d22785..4c0c5386ea 100644 > --- a/xen/lib/x86/policy.c > +++ b/xen/lib/x86/policy.c > @@ -15,7 +15,8 @@ int x86_cpu_policies_are_compatible(const struct cpu_policy > *host, > #define FAIL_MSR(m) \ > do { e.msr = (m); goto out; } while ( 0 ) > > - if ( guest->basic.max_leaf > host->basic.max_leaf ) > + if ( (guest->basic.max_leaf > host->basic.max_leaf) || > + (guest->x86_vendor != host->x86_vendor) ) > FAIL_CPUID(0, NA); if ( guest->x86_vendor != host->x86_vendor || guest->basic.max_leaf > host->basic.max_leaf ) please. This function is going to get much much longer when we're done with it, and I'd like to try and keep the checks in the right cognitive order. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.