Re: [Xen-devel] Can't boot as Xen dom0 due to commit fe055896
From: Andrew Cooper
Date: Fri Dec 16 2016 - 04:34:44 EST
On 16/12/2016 09:01, Borislav Petkov wrote:
> @@ -91,6 +92,17 @@ static bool __init check_loader_disabled_bsp(void)
> if (cmdline_find_option_bool(cmdline, option))
> *res = true;
>
> + if (!have_cpuid_p())
> + *res = true;
> +
> + a = 1;
> + c = 0;
> + native_cpuid(&a, &b, &c, &d);
> +
> + /* CPUID(1).ECX[31]: reserved for hypervisor use */
> + if (c & BIT(31))
> + *res = true;
This will work for any VT-x/SVM based virt, but won't work for ring
de-privileging based virt such as Xen PV and lguest. Without CPUID
Faulting, this will still get the real hardware CPUID without the
hypervisor bit set.
How about an additional cpl check here, which should cover all the ring
de-privileging methods in a virt-neutral way?
~Andrew