1. Patchew
  2. Xen
  3. [RFC PATCH 00/11] x86 vendor check optimisations
  4. View patch

[RFC PATCH 02/11] x86: Reject CPU policies with vendors other than the host's

Alejandro Vallejo posted 11 patches 2 weeks, 3 days ago
[RFC PATCH 02/11] x86: Reject CPU policies with vendors other than the host's
Posted by Alejandro Vallejo 2 weeks, 3 days ago 
While in principle it's possible to have a vendor virtualising another,
this is fairly tricky in practice. Not doing so enables certain
optimisations with regards to vendor checks in later patches.

Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
---
I originally had a Kconfig option to allow cross-vendor virt and
conditionally disable the check on policy compatibility. In practice,
I suspect there's 0% of people that would want that, so I decided to
simply remove it altogether. Happy to put it back if there's anyone
interested.
---
 xen/lib/x86/policy.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/lib/x86/policy.c b/xen/lib/x86/policy.c
index f033d22785..4c0c5386ea 100644
--- a/xen/lib/x86/policy.c
+++ b/xen/lib/x86/policy.c
@@ -15,7 +15,8 @@ int x86_cpu_policies_are_compatible(const struct cpu_policy *host,
 #define FAIL_MSR(m) \
     do { e.msr = (m); goto out; } while ( 0 )
 
-    if ( guest->basic.max_leaf > host->basic.max_leaf )
+    if ( (guest->basic.max_leaf >  host->basic.max_leaf) ||
+         (guest->x86_vendor     != host->x86_vendor) )
         FAIL_CPUID(0, NA);
 
     if ( guest->feat.max_subleaf > host->feat.max_subleaf )
-- 
2.43.0
Re: [RFC PATCH 02/11] x86: Reject CPU policies with vendors other than the host's
Posted by Andrew Cooper 2 weeks, 2 days ago 
On 26/11/2025 4:44 pm, Alejandro Vallejo wrote:
> While in principle it's possible to have a vendor virtualising another,
> this is fairly tricky in practice. Not doing so enables certain
> optimisations with regards to vendor checks in later patches.
>
> Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
> ---
> I originally had a Kconfig option to allow cross-vendor virt and
> conditionally disable the check on policy compatibility. In practice,
> I suspect there's 0% of people that would want that, so I decided to
> simply remove it altogether. Happy to put it back if there's anyone
> interested.

We've debated dropping cross-vendor support several times.

Prior to speculation, it was actually the case that PV guests worked
fairly well (Xen abstracts away the details surprisingly well), and HVM
functioned to a first approximation (emulating the SYS* instructions is
horrible).

After speculation, there's no hope in hell of getting a viable VM in a
cross-vendor environment, so we should drop it.

In addition to this hunk, you'll want to drop is_cross_vendor(),
should_emulate logic in hvm_ud_intercept(), and the cross-vendor aspect
of determining #UD interception in {svm,vmx}_cpuid_policy_changed().

Also, I think you can clean up MSR_IA32_PLATFORM_ID / MSR_AMD_PATCHLEVEL
in guest_rdmsr() which have some pretty well hidden is-cross-vendor checks.

Also you'll want a note in CHANGELOG.md.

I'd also suggest splitting it out of this series.  It's quite different
to the rest of the series.

~Andrew

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.