Disable SMAP in VMs

Linux kernel bug cause hypercall fails from HVM userspace (see
referenced issue). As a simple workaround, do not advertise SMAP to VMs
- but still use it as hypervisor level.

Fixes QubesOS/qubes-issues#2881

templates/libvirt/xen.xml

@@ -10,6 +10,15 @@
         <currentMemory unit="MiB">{{ vm.memory }}</currentMemory>
         <vcpu placement="static">{{ vm.vcpus }}</vcpu>
     {% endblock %}
+    {% block cpu %}
+        <cpu mode='host-passthrough'>
+            <!-- disable nested HVM -->
+            <feature name='vmx' policy='disable'/>
+            <feature name='svm' policy='disable'/>
+            <!-- disable SMAP inside VM, because of Linux bug -->
+            <feature name='smap' policy='disable'/>
+        </cpu>
+    {% endblock %}
     <os>
         {% block os %}
             {% if vm.hvm %}