On 4/26/22 02:35, Jan Beulich wrote:
On 25.04.2022 19:22, Daniel P. Smith wrote:
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -621,6 +621,9 @@ static void noreturn init_done(void)
void *va;
unsigned long start, end;
+if ( xsm_set_system_active() != 0 )
+pa
On 25.04.2022 19:22, Daniel P. Smith wrote:
> --- a/xen/arch/x86/setup.c
> +++ b/xen/arch/x86/setup.c
> @@ -621,6 +621,9 @@ static void noreturn init_done(void)
> void *va;
> unsigned long start, end;
>
> +if ( xsm_set_system_active() != 0 )
> +panic("xsm: unable to set hype
There are new capabilities, dom0less and hyperlaunch, that introduce internal
hypervisor logic which needs to make resource allocation calls that are
protected by XSM access checks. This creates an issue as a subset of the
hypervisor code is executed under a system domain, the idle domain, that is
