Re: [Xen-devel] Can't boot as Xen dom0 due to commit fe055896

From: Andrew Cooper
Date: Fri Dec 16 2016 - 04:34:44 EST

Next message: Johannes Berg: "Re: [PATCH 3/5] firmware: revamp firmware documentation"
Previous message: Luis R. Rodriguez: "Re: [PATCH 4/5] firmware: add SmPL report for custom fallback mechanism"
In reply to: Borislav Petkov: "Re: Can't boot as Xen dom0 due to commit fe055896"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 16/12/2016 09:01, Borislav Petkov wrote:
> @@ -91,6 +92,17 @@ static bool __init check_loader_disabled_bsp(void)
> if (cmdline_find_option_bool(cmdline, option))
> *res = true;
>
> + if (!have_cpuid_p())
> + *res = true;
> +
> + a = 1;
> + c = 0;
> + native_cpuid(&a, &b, &c, &d);
> +
> + /* CPUID(1).ECX[31]: reserved for hypervisor use */
> + if (c & BIT(31))
> + *res = true;

This will work for any VT-x/SVM based virt, but won't work for ring
de-privileging based virt such as Xen PV and lguest. Without CPUID
Faulting, this will still get the real hardware CPUID without the
hypervisor bit set.

How about an additional cpl check here, which should cover all the ring
de-privileging methods in a virt-neutral way?

~Andrew

Next message: Johannes Berg: "Re: [PATCH 3/5] firmware: revamp firmware documentation"
Previous message: Luis R. Rodriguez: "Re: [PATCH 4/5] firmware: add SmPL report for custom fallback mechanism"
In reply to: Borislav Petkov: "Re: Can't boot as Xen dom0 due to commit fe055896"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]