Re: [XEN PATCH v1 13/15] x86: wire cpu_has_{svm/vmx}_* to false when svm/vmx not enabled

[Stefano Stabellini <sstabellini@xxxxxxxxxx>]

On Thu, 18 Apr 2024, Sergiy Kibrik wrote:
> 16.04.24 16:26, Andrew Cooper:
> > I'm afraid this is going in an unhelpful direction.  We want to move
> > both of these files to be local to arch/x86/hvm/{vmx,svm}/.
> > 
> > cpu_has_svm_* isn't actually used outside of svm/; only the plain
> > SVM_FEATURE_* constants are, and that's only because they're not
> > expressed as plain cpu features yet.
> > 
> > cpu_has_vmx_* has a few more users, but most are unlikely to remain in
> > this form.  One critical set of changes to fix vulnerabilities in
> > nested-virt is to make almost of of these decisions based on per-domain
> > state, not host state.  The aspects which are host state should be in
> > regular cpu features.
> > 
> > I already volunteered to sort out the SEV feature leaf properly, and I
> > was going to do the SVM leaf while I was at it.  If you can wait a few
> > days, I might be able to make half of this problem disappear.
> 
> I guess it can wait, surely if a better solution is to be crafted at the end.
> 
> Stefano, what's your opinion on that?

I think Andrew's suggested direction is cleaner. We can certainly wait a
few days for Andrew to make progress. We can also follow Andrew's
suggestion in the next version of the series ourselves.