On 30/07/2025 5:40 pm, Teddy Astie wrote:
> When settings HVM_PARAM_IDENT_PT, skip domain pausing when :
> - there is no vcpu
> - unrestricted guest capability is used
>
> Signed-off-by: Teddy Astie <teddy.as...@vates.tech>
> ---
> xen/arch/x86/hvm/hvm.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index e2720daf1e..39ff1bdbe1 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -4286,11 +4286,13 @@ static int hvm_set_param(struct domain *d, uint32_t
> index, uint64_t value)
> rc = -EINVAL;
> break;
> case HVM_PARAM_IDENT_PT:
> + v = domain_vcpu(d, 0);
> +
> /*
> * Only actually required for VT-x lacking unrestricted_guest
> * capabilities. Short circuit the pause if possible.
> */
> - if ( !paging_mode_hap(d) || !cpu_has_vmx )
> + if ( !paging_mode_hap(d) || !cpu_has_vmx || !v ||
> vmx_unrestricted_guest(v) )
> {
> d->arch.hvm.params[index] = value;
> break;
You cannot safely skip these. Otherwise you break a sequence of
migrates which passes through a machine that needs the IDENT_PT.
Although that said, it looks like it will break when passing through a
machine running Shadow too, even though that in principle ought to work.
HVM guests don't reasonably work cross vendor, and we probably should
finally stop pretending it's an option.
~Andrew
