Disable SMAP in VMs
Linux kernel bug cause hypercall fails from HVM userspace (see referenced issue). As a simple workaround, do not advertise SMAP to VMs - but still use it as hypervisor level. Fixes QubesOS/qubes-issues#2881
This commit is contained in:
parent
3721ae3e8b
commit
75608795b0
@ -10,6 +10,15 @@
|
|||||||
<currentMemory unit="MiB">{{ vm.memory }}</currentMemory>
|
<currentMemory unit="MiB">{{ vm.memory }}</currentMemory>
|
||||||
<vcpu placement="static">{{ vm.vcpus }}</vcpu>
|
<vcpu placement="static">{{ vm.vcpus }}</vcpu>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
{% block cpu %}
|
||||||
|
<cpu mode='host-passthrough'>
|
||||||
|
<!-- disable nested HVM -->
|
||||||
|
<feature name='vmx' policy='disable'/>
|
||||||
|
<feature name='svm' policy='disable'/>
|
||||||
|
<!-- disable SMAP inside VM, because of Linux bug -->
|
||||||
|
<feature name='smap' policy='disable'/>
|
||||||
|
</cpu>
|
||||||
|
{% endblock %}
|
||||||
<os>
|
<os>
|
||||||
{% block os %}
|
{% block os %}
|
||||||
{% if vm.hvm %}
|
{% if vm.hvm %}
|
||||||
|
Loading…
Reference in New Issue
Block a user