arch: Check for CPU Vendor compatibility with CPU profile

When generating the common CPUID we utilize a CPU profile if given,
but the current compatibility checks don't check that the CPU vendors
between the current host and the compatibility target coincide. Hence
we introduce this extra check here.

We are happy to have it as a stand alone check for now, but we should
consider making this part of the check_cpuid_compatibility function
in the future.

Signed-Off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de>
On-behalf-of: SAP oliver.anderson@sap.com

Author: olivereanderson

arch/src/x86_64/mod.rs

@@ -18,7 +18,7 @@ mod mptable;
 pub mod regs;
 use std::mem;
 
-use anyhow::Context;
+use anyhow::{Context, anyhow};
 use hypervisor::arch::x86::{CPUID_FLAG_VALID_INDEX, CpuIdEntry};
 use hypervisor::{CpuVendor, HypervisorCpuError, HypervisorError};
 use linux_loader::loader::bootparam::{boot_params, setup_header};
@@ -631,7 +631,7 @@ pub fn generate_common_cpuid(
     let use_custom_profile = config.profile != CpuProfile::Host;
     // Obtain cpuid entries that are adjusted to the specified CPU profile and the cpuid entries of the compatibility target
     // TODO: Try to write this in a clearer way
-    let (mut host_adjusted_to_profile, mut compatibility_target_cpuid) = {
+    let (mut host_adjusted_to_profile, mut compatibility_target_cpuid, profile_cpu_vendor) = {
         config
             .profile
             .data()
@@ -642,22 +642,34 @@ pub fn generate_common_cpuid(
                         &profile_data.adjustments,
                     )),
                     Some(profile_data.compatibility_target),
+                    Some(profile_data.cpu_vendor),
                 )
             })
-            .unwrap_or((None, None))
+            .unwrap_or((None, None, None))
     };
 
+    // There should be relatively few cases where live migration can succeed between hosts from different
+    // CPU vendors and making our checks account for that possibility would complicate things substantially.
+    // We thus require that the host's cpu vendor matches the one used to generate the CPU profile.
+    if let Some(profile_cpu_vendor) = profile_cpu_vendor
+        && profile_cpu_vendor != hypervisor.get_cpu_vendor()
+    {
+        return Err(Error::CpuProfileIncompatibility(anyhow!(
+            "Unable to utilize CPU profile: CPU vendor mismatch detected"
+        ))
+        .into());
+    }
     // We now make the modifications according to the config parameters to each of the cpuid entries
     // declared above and then perform a compatibility check.
     for cpuid_optiion in [
         Some(&mut host_cpuid),
         host_adjusted_to_profile.as_mut(),
         compatibility_target_cpuid.as_mut(),
     ] {
-        let Some(mut cpuid) = cpuid_optiion else {
+        let Some(cpuid) = cpuid_optiion else {
             break;
         };
-        CpuidPatch::patch_cpuid(&mut cpuid, &cpuid_patches);
+        CpuidPatch::patch_cpuid(cpuid, &cpuid_patches);
 
         #[cfg(feature = "tdx")]
         let tdx_capabilities = if config.tdx {