On 22/01/2026 4:49 pm, Alejandro Vallejo wrote:
> diff --git a/CHANGELOG.md b/CHANGELOG.md
> index 18f3d10f20..eae2f961c7 100644
> --- a/CHANGELOG.md
> +++ b/CHANGELOG.md
> @@ -22,6 +22,10 @@ The format is based on [Keep a
> Changelog](https://keepachangelog.com/en/1.0.0/)
> - Xenoprofile support. Oprofile themselves removed support for Xen in
> 2014
> prior to the version 1.0 release, and there has been no development
> since
> before then in Xen.
> + - Cross-vendor support. Refuse to start domains whose CPU vendor differs
> + from the host so that security mitigations stay consistent. Cross-vendor
> + setups have been unreliable and not practical since 2017 with the
> advent of
> + speculation security.
This is going to want expanding upon, but there's a subtle change in
patch 4 needing addressing first.
> diff --git a/xen/lib/x86/policy.c b/xen/lib/x86/policy.c
> index f033d22785..4c0c5386ea 100644
> --- a/xen/lib/x86/policy.c
> +++ b/xen/lib/x86/policy.c
> @@ -15,7 +15,8 @@ int x86_cpu_policies_are_compatible(const struct cpu_policy
> *host,
> #define FAIL_MSR(m) \
> do { e.msr = (m); goto out; } while ( 0 )
>
> - if ( guest->basic.max_leaf > host->basic.max_leaf )
> + if ( (guest->basic.max_leaf > host->basic.max_leaf) ||
> + (guest->x86_vendor != host->x86_vendor) )
> FAIL_CPUID(0, NA);
if ( guest->x86_vendor != host->x86_vendor ||
guest->basic.max_leaf > host->basic.max_leaf )
please. This function is going to get much much longer when we're done
with it, and I'd like to try and keep the checks in the right cognitive
order.
~Andrew
