[xen master] x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware

[patchbot@xxxxxxx]

commit 0b5f149338e35a795bf609ce584640b0977f9e6c
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Jan 9 14:06:34 2024 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Jan 9 14:06:34 2024 +0100

    x86/HVM: hide SVM/VMX when their enabling is prohibited by firmware
    
    ... or we fail to enable the functionality on the BSP for other reasons.
    The only place where hardware announcing the feature is recorded is the
    raw CPU policy/featureset.
    
    Inspired by 
https://lore.kernel.org/all/20230921114940.957141-1-pbonzini@xxxxxxxxxx/.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
---
 xen/arch/x86/hvm/svm/svm.c  |  1 +
 xen/arch/x86/hvm/vmx/vmcs.c | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 88bda6fb4c..65f437e958 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -2543,6 +2543,7 @@ const struct hvm_function_table * __init start_svm(void)
 
     if ( _svm_cpu_up(true) )
     {
+        setup_clear_cpu_cap(X86_FEATURE_SVM);
         printk("SVM: failed to initialise.\n");
         return NULL;
     }
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 0a5348bdc8..4fe1213855 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -2162,6 +2162,23 @@ int __init vmx_vmcs_init(void)
 
     if ( !ret )
         register_keyhandler('v', vmcs_dump, "dump VT-x VMCSs", 1);
+    else
+    {
+        setup_clear_cpu_cap(X86_FEATURE_VMX);
+
+        /*
+         * _vmx_vcpu_up() may have made it past feature identification.
+         * Make sure all dependent features are off as well.
+         */
+        vmx_basic_msr              = 0;
+        vmx_pin_based_exec_control = 0;
+        vmx_cpu_based_exec_control = 0;
+        vmx_secondary_exec_control = 0;
+        vmx_vmexit_control         = 0;
+        vmx_vmentry_control        = 0;
+        vmx_ept_vpid_cap           = 0;
+        vmx_vmfunc                 = 0;
+    }
 
     return ret;
 }
--
generated by git-patchbot for /home/xen/git/xen.git#master