... or we fail to enable the functionality on the BSP for other reasons. The only place where hardware announcing the feature is recorded is the raw CPU policy/featureset.
Inspired by https://lore.kernel.org/all/20230921114940.957141-1-pbonz...@redhat.com/. Signed-off-by: Jan Beulich <jbeul...@suse.com> Acked-by: Roger Pau Monné <roger....@citrix.com> --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2543,6 +2543,7 @@ const struct hvm_function_table * __init if ( _svm_cpu_up(true) ) { + setup_clear_cpu_cap(X86_FEATURE_SVM); printk("SVM: failed to initialise.\n"); return NULL; } --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -2162,6 +2162,23 @@ int __init vmx_vmcs_init(void) if ( !ret ) register_keyhandler('v', vmcs_dump, "dump VT-x VMCSs", 1); + else + { + setup_clear_cpu_cap(X86_FEATURE_VMX); + + /* + * _vmx_vcpu_up() may have made it past feature identification. + * Make sure all dependent features are off as well. + */ + vmx_basic_msr = 0; + vmx_pin_based_exec_control = 0; + vmx_cpu_based_exec_control = 0; + vmx_secondary_exec_control = 0; + vmx_vmexit_control = 0; + vmx_vmentry_control = 0; + vmx_ept_vpid_cap = 0; + vmx_vmfunc = 0; + } return ret; }
