From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Wed, 18 Jan 2017 18:10:41 +0000 (+0000)
Subject: x86/cpuid: Hide VT-x/SVM from HVM-based control domains
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2941
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6949ce5c325b21e6639fcdeb5685f24962f3d9b5;p=xen.git

x86/cpuid: Hide VT-x/SVM from HVM-based control domains

The VT-x/SVM features are hidden from PV dom0 by the pv_featureset[] upper
mask, but nothing thus far has prevented the features being visible in
HVM-based control domains (where there is no toolstack decision to hide the
features).

As a side effect of calling nestedhvm_enabled() earlier during domain
creation, it needs to cope with the params[] array not having been allocated.

Reported-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
index eb829d797e..7b9af1b9cf 100644
--- a/xen/arch/x86/cpuid.c
+++ b/xen/arch/x86/cpuid.c
@@ -3,6 +3,7 @@
 #include <xen/sched.h>
 #include <asm/cpuid.h>
 #include <asm/hvm/hvm.h>
+#include <asm/hvm/nestedhvm.h>
 #include <asm/hvm/vmx/vmcs.h>
 #include <asm/processor.h>
 #include <asm/xstate.h>
@@ -361,14 +362,24 @@ void recalculate_cpuid_policy(struct domain *d)
     cpuid_policy_to_featureset(p, fs);
     cpuid_policy_to_featureset(max, max_fs);
 
-    /*
-     * HVM domains using Shadow paging have further restrictions on their
-     * available paging features.
-     */
-    if ( is_hvm_domain(d) && !hap_enabled(d) )
+    if ( is_hvm_domain(d) )
     {
-        for ( i = 0; i < ARRAY_SIZE(max_fs); i++ )
-            max_fs[i] &= hvm_shadow_featuremask[i];
+        /*
+         * HVM domains using Shadow paging have further restrictions on their
+         * available paging features.
+         */
+        if ( !hap_enabled(d) )
+        {
+            for ( i = 0; i < ARRAY_SIZE(max_fs); i++ )
+                max_fs[i] &= hvm_shadow_featuremask[i];
+        }
+
+        /* Hide nested-virt if it hasn't been explicitly configured. */
+        if ( !nestedhvm_enabled(d) )
+        {
+            __clear_bit(X86_FEATURE_VMX, max_fs);
+            __clear_bit(X86_FEATURE_SVM, max_fs);
+        }
     }
 
     /*
diff --git a/xen/arch/x86/hvm/nestedhvm.c b/xen/arch/x86/hvm/nestedhvm.c
index a400d55e39..f2f7469d86 100644
--- a/xen/arch/x86/hvm/nestedhvm.c
+++ b/xen/arch/x86/hvm/nestedhvm.c
@@ -29,7 +29,8 @@ static unsigned long *shadow_io_bitmap[3];
 /* Nested HVM on/off per domain */
 bool nestedhvm_enabled(const struct domain *d)
 {
-    return is_hvm_domain(d) && d->arch.hvm_domain.params[HVM_PARAM_NESTEDHVM];
+    return is_hvm_domain(d) && d->arch.hvm_domain.params &&
+        d->arch.hvm_domain.params[HVM_PARAM_NESTEDHVM];
 }
 
 /* Nested VCPU */