From cce087f628c651e905f5e2097d9bb9f678689669 Mon Sep 17 00:00:00 2001 From: Vitaly Kuznetsov Date: Tue, 8 Jun 2021 14:08:16 +0200 Subject: [PATCH] i386: Hyper-V SynIC requires POST_MESSAGES/SIGNAL_EVENTS privileges When Hyper-V SynIC is enabled, we may need to allow Windows guests to make hypercalls (POST_MESSAGES/SIGNAL_EVENTS). No issue is currently observed because KVM is very permissive, allowing these hypercalls regarding of guest visible CPUid bits. Reviewed-by: Eduardo Habkost Signed-off-by: Vitaly Kuznetsov Message-Id: <20210608120817.1325125-9-vkuznets@redhat.com> Signed-off-by: Eduardo Habkost --- target/i386/kvm/hyperv-proto.h | 6 ++++++ target/i386/kvm/kvm.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/target/i386/kvm/hyperv-proto.h b/target/i386/kvm/hyperv-proto.h index e30d64b4ad..5fbb385cc1 100644 --- a/target/i386/kvm/hyperv-proto.h +++ b/target/i386/kvm/hyperv-proto.h @@ -38,6 +38,12 @@ #define HV_ACCESS_FREQUENCY_MSRS (1u << 11) #define HV_ACCESS_REENLIGHTENMENTS_CONTROL (1u << 13) +/* + * HV_CPUID_FEATURES.EBX bits + */ +#define HV_POST_MESSAGES (1u << 4) +#define HV_SIGNAL_EVENTS (1u << 5) + /* * HV_CPUID_FEATURES.EDX bits */ diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index eee1a6b46e..59ed8327ac 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1346,6 +1346,12 @@ static int hyperv_fill_cpuids(CPUState *cs, /* Unconditionally required with any Hyper-V enlightenment */ c->eax |= HV_HYPERCALL_AVAILABLE; + /* SynIC and Vmbus devices require messages/signals hypercalls */ + if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC) && + !cpu->hyperv_synic_kvm_only) { + c->ebx |= HV_POST_MESSAGES | HV_SIGNAL_EVENTS; + } + /* Not exposed by KVM but needed to make CPU hotplug in Windows work */ c->edx |= HV_CPU_DYNAMIC_PARTITIONING_AVAILABLE;