x86_32: don't allow use of nested HVM

There are (indirect) uses of map_domain_page() in the nested HVM code
that are unsafe when not just using the 1:1 mapping.

This is XSA-34 / CVE-2013-0151.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3926,6 +3926,10 @@ long do_hvm_op(unsigned long op, XEN_GUE
                     rc = -EINVAL;
                 break;
             case HVM_PARAM_NESTEDHVM:
+#ifdef __i386__
+                if ( a.value )
+                    rc = -EINVAL;
+#else
                 if ( a.value > 1 )
                     rc = -EINVAL;
                 if ( !is_hvm_domain(d) )
@@ -3940,6 +3944,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
                     for_each_vcpu(d, v)
                         if ( rc == 0 )
                             rc = nestedhvm_vcpu_initialise(v);
+#endif
                 break;
             case HVM_PARAM_BUFIOREQ_EVTCHN:
                 rc = -EINVAL;