From: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
To: Alejandro Vallejo <alejandro.garciavallejo@amd.com>,
<xen-devel@lists.xenproject.org>
Cc: "Jan Beulich" <jbeulich@suse.com>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>,
"Jason Andryuk" <jason.andryuk@amd.com>
Subject: Re: [PATCH 2/4] x86/hvm: Disable non-FEP cross-vendor handling in #UD handler
Date: Wed, 28 Jan 2026 13:38:34 +0100 [thread overview]
Message-ID: <DG088FKL52MK.3417MA419BHR2@amd.com> (raw)
In-Reply-To: <20260122164943.20691-3-alejandro.garciavallejo@amd.com>
On Thu Jan 22, 2026 at 5:49 PM CET, Alejandro Vallejo wrote:
> Remove cross-vendor support now that VMs can no longer have a different
> vendor than the host, leaving FEP as the sole raison-d'être for #UD
> interception.
>
> Not a functional change.
>
> Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@amd.com>
> ---
> xen/arch/x86/hvm/hvm.c | 25 ++++---------------------
> xen/arch/x86/hvm/svm/svm.c | 4 ++--
> xen/arch/x86/hvm/vmx/vmx.c | 4 ++--
> 3 files changed, 8 insertions(+), 25 deletions(-)
>
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index 4d37a93c57..611ff83a60 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -3832,28 +3832,13 @@ int hvm_descriptor_access_intercept(uint64_t exit_info,
> return X86EMUL_OKAY;
> }
>
> -static bool cf_check is_cross_vendor(
> - const struct x86_emulate_state *state, const struct x86_emulate_ctxt *ctxt)
> -{
> - switch ( ctxt->opcode )
> - {
> - case X86EMUL_OPC(0x0f, 0x05): /* syscall */
> - case X86EMUL_OPC(0x0f, 0x34): /* sysenter */
> - case X86EMUL_OPC(0x0f, 0x35): /* sysexit */
> - return true;
> - }
> -
> - return false;
> -}
> -
> +#ifdef CONFIG_HVM_FEP
> void hvm_ud_intercept(struct cpu_user_regs *regs)
> {
> struct vcpu *cur = current;
> - bool should_emulate =
> - cur->domain->arch.cpuid->x86_vendor != boot_cpu_data.x86_vendor;
> struct hvm_emulate_ctxt ctxt;
>
> - hvm_emulate_init_once(&ctxt, opt_hvm_fep ? NULL : is_cross_vendor, regs);
> + hvm_emulate_init_once(&ctxt, NULL, regs);
>
> if ( opt_hvm_fep )
> {
> @@ -3878,12 +3863,9 @@ void hvm_ud_intercept(struct cpu_user_regs *regs)
> regs->rip = (uint32_t)regs->rip;
>
> add_taint(TAINT_HVM_FEP);
> -
> - should_emulate = true;
> }
> }
> -
> - if ( !should_emulate )
> + else
review to self. This is buggy. It allows instruction emulation when HVM_FEP is
enabled, but the FEP is absent in the particular instruction that caused the
exception.
#UD should be re-injected when the instruction doesn't have the prefix.
Cheers,
Alejandro
next prev parent reply other threads:[~2026-01-28 12:39 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-22 16:49 [PATCH 0/4] x86: Drop cross-vendor support Alejandro Vallejo
2026-01-22 16:49 ` [PATCH 1/4] x86: Reject CPU policies with vendors other than the host's Alejandro Vallejo
2026-01-22 17:13 ` Teddy Astie
2026-01-23 11:30 ` Alejandro Vallejo
2026-01-23 16:29 ` Andrew Cooper
2026-01-22 16:49 ` [PATCH 2/4] x86/hvm: Disable non-FEP cross-vendor handling in #UD handler Alejandro Vallejo
2026-01-22 17:28 ` Teddy Astie
2026-01-23 12:28 ` Alejandro Vallejo
2026-01-23 18:40 ` Andrew Cooper
2026-01-26 11:58 ` Alejandro Vallejo
2026-01-28 12:38 ` Alejandro Vallejo [this message]
2026-01-22 16:49 ` [PATCH 3/4] x86/hvm: Remove cross-vendor checks from MSR handlers Alejandro Vallejo
2026-01-22 17:34 ` Teddy Astie
2026-01-23 18:35 ` Andrew Cooper
2026-01-26 8:40 ` Jan Beulich
2026-01-26 11:32 ` Alejandro Vallejo
2026-01-22 16:49 ` [PATCH 4/4] x86/svm: Drop emulation of Intel's SYSENTER behaviour Alejandro Vallejo
2026-01-22 17:52 ` Teddy Astie
2026-01-23 12:31 ` Alejandro Vallejo
2026-01-23 18:08 ` Andrew Cooper
2026-01-22 17:10 ` [PATCH 0/4] x86: Drop cross-vendor support Andrew Cooper
2026-01-22 17:42 ` Alejandro Vallejo
2026-01-22 18:16 ` Teddy Astie
2026-01-23 12:10 ` Alejandro Vallejo
2026-01-23 14:05 ` Jan Beulich
2026-01-23 15:45 ` Alejandro Vallejo
2026-01-23 18:25 ` Andrew Cooper
2026-01-22 18:19 ` Andrew Cooper
2026-01-23 11:39 ` Alejandro Vallejo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DG088FKL52MK.3417MA419BHR2@amd.com \
--to=alejandro.garciavallejo@amd.com \
--cc=andrew.cooper3@citrix.com \
--cc=jason.andryuk@amd.com \
--cc=jbeulich@suse.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.