On 30.09.2021 11:26, Michal Orzel wrote: > --- a/xen/common/domain.c > +++ b/xen/common/domain.c > @@ -483,7 +483,7 @@ static int sanitise_domain_config(struct > xen_domctl_createdomain *config) > ~(XEN_DOMCTL_CDF_hvm | XEN_DOMCTL_CDF_hap | > XEN_DOMCTL_CDF_s3_integrity | XEN_DOMCTL_CDF_oos_off | > XEN_DOMCTL_CDF_xs_domain | XEN_DOMCTL_CDF_iommu | > - XEN_DOMCTL_CDF_nested_virt) ) > + XEN_DOMCTL_CDF_nested_virt | XEN_DOMCTL_CDF_pmu) )
Alongside this I think you need to reject the flag in x86 code. Jan
