From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 17 Feb 2017 15:47:31 +0000 (+0000)
Subject: x86/cpuid: Disallow policy updates once the domain is running
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2685
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3d0cab7b5d97e522f3dd89ef2935898ee3aaeea8;p=xen.git

x86/cpuid: Disallow policy updates once the domain is running

On real hardware, the bulk of CPUID data is system-specific and constant.
Hold the toolstack to the same behaviour when constructing domains.

Values which are expected to change dynamically (e.g. OSXSAVE) are unaffected
and continue to function as before.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 364283e362..a3dd27638c 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -941,6 +941,8 @@ long arch_do_domctl(
     case XEN_DOMCTL_set_cpuid:
         if ( d == currd ) /* no domain_pause() */
             ret = -EINVAL;
+        else if ( d->creation_finished )
+            ret = -EEXIST; /* No changing once the domain is running. */
         else
         {
             domain_pause(d);