From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
qemu-devel@nongnu.org, Igor Mammedov <imammedo@redhat.com>
Subject: Re: [PATCH v7 8/9] i386: Hyper-V SynIC requires POST_MESSAGES/SIGNAL_EVENTS priviliges
Date: Fri, 04 Jun 2021 09:35:27 +0200 [thread overview]
Message-ID: <871r9i13r4.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <20210603230017.3goxm7fdu5fpdkdw@habkost.net>
Eduardo Habkost <ehabkost@redhat.com> writes:
> On Thu, Jun 03, 2021 at 01:48:34PM +0200, Vitaly Kuznetsov wrote:
>> When Hyper-V SynIC is enabled, we may need to allow Windows guests to make
>> hypercalls (POST_MESSAGES/SIGNAL_EVENTS). No issue is currently observed
>> because KVM is very permissive, allowing these hypercalls regarding of
>> guest visible CPUid bits.
>>
>> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
>> ---
>> target/i386/kvm/hyperv-proto.h | 6 ++++++
>> target/i386/kvm/kvm.c | 6 ++++++
>> 2 files changed, 12 insertions(+)
>>
>> diff --git a/target/i386/kvm/hyperv-proto.h b/target/i386/kvm/hyperv-proto.h
>> index e30d64b4ade4..5fbb385cc136 100644
>> --- a/target/i386/kvm/hyperv-proto.h
>> +++ b/target/i386/kvm/hyperv-proto.h
>> @@ -38,6 +38,12 @@
>> #define HV_ACCESS_FREQUENCY_MSRS (1u << 11)
>> #define HV_ACCESS_REENLIGHTENMENTS_CONTROL (1u << 13)
>>
>> +/*
>> + * HV_CPUID_FEATURES.EBX bits
>> + */
>> +#define HV_POST_MESSAGES (1u << 4)
>> +#define HV_SIGNAL_EVENTS (1u << 5)
>> +
>> /*
>> * HV_CPUID_FEATURES.EDX bits
>> */
>> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
>> index a3897d4d8788..6a32d43e6ec1 100644
>> --- a/target/i386/kvm/kvm.c
>> +++ b/target/i386/kvm/kvm.c
>> @@ -1343,6 +1343,12 @@ static int hyperv_fill_cpuids(CPUState *cs,
>> /* Unconditionally required with any Hyper-V enlightenment */
>> c->eax |= HV_HYPERCALL_AVAILABLE;
>>
>> + /* SynIC and Vmbus devices require messages/signals hypercalls */
>> + if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC) &&
>> + !cpu->hyperv_synic_kvm_only) {
>> + c->ebx |= HV_POST_MESSAGES | HV_SIGNAL_EVENTS;
>
> Why exactly is the hyperv_synic_kvm_only check needed?
>
'hyperv_synic_kvm_only' means SynIC is only used for in-KVM stimers and
in this case Post Messages / Signal Events hypercalls are not used. KVM
will also return an error to the guest directly (as it can't forward
them to QEMU). No need to expose HV_POST_MESSAGES | HV_SIGNAL_EVENTS.
> Is the hyperv_synic_kvm_only check the only reason this was done
> here and not at kvm_hyperv_properties?
>
Yes, basically.
>
>> + }
>> +
>> /* Not exposed by KVM but needed to make CPU hotplug in Windows work */
>> c->edx |= HV_CPU_DYNAMIC_PARTITIONING_AVAILABLE;
>>
>> --
>> 2.31.1
>>
--
Vitaly
next prev parent reply other threads:[~2021-06-04 7:36 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-03 11:48 [PATCH v7 0/9] i386: KVM: expand Hyper-V features early Vitaly Kuznetsov
2021-06-03 11:48 ` [PATCH v7 1/9] i386: avoid hardcoding '12' as 'hyperv_vendor_id' length Vitaly Kuznetsov
2021-06-03 22:27 ` Eduardo Habkost
2021-07-08 20:57 ` Eduardo Habkost
2021-06-03 11:48 ` [PATCH v7 2/9] i386: clarify 'hv-passthrough' behavior Vitaly Kuznetsov
2021-06-03 22:28 ` Eduardo Habkost
2021-06-03 11:48 ` [PATCH v7 3/9] i386: hardcode supported eVMCS version to '1' Vitaly Kuznetsov
2021-06-03 22:35 ` Eduardo Habkost
2021-06-04 7:28 ` Vitaly Kuznetsov
2021-06-04 19:00 ` Eduardo Habkost
2021-06-07 8:38 ` Vitaly Kuznetsov
2021-06-03 11:48 ` [PATCH v7 4/9] i386: make hyperv_expand_features() return bool Vitaly Kuznetsov
2021-06-03 22:39 ` Eduardo Habkost
2021-06-03 11:48 ` [PATCH v7 5/9] i386: expand Hyper-V features during CPU feature expansion time Vitaly Kuznetsov
2021-06-03 22:43 ` Eduardo Habkost
2021-06-04 7:31 ` Vitaly Kuznetsov
2021-06-03 11:48 ` [PATCH v7 6/9] i386: kill off hv_cpuid_check_and_set() Vitaly Kuznetsov
2021-06-03 11:48 ` [PATCH v7 7/9] i386: HV_HYPERCALL_AVAILABLE privilege bit is always needed Vitaly Kuznetsov
2021-06-03 22:43 ` Eduardo Habkost
2021-06-03 11:48 ` [PATCH v7 8/9] i386: Hyper-V SynIC requires POST_MESSAGES/SIGNAL_EVENTS priviliges Vitaly Kuznetsov
2021-06-03 23:00 ` Eduardo Habkost
2021-06-04 7:35 ` Vitaly Kuznetsov [this message]
2021-06-07 16:45 ` Eduardo Habkost
2021-06-04 14:06 ` Eric Blake
2021-06-03 11:48 ` [PATCH v7 9/9] qtest/hyperv: Introduce a simple hyper-v test Vitaly Kuznetsov
2021-06-03 23:17 ` Eduardo Habkost
2021-06-04 7:40 ` Vitaly Kuznetsov
2021-07-07 13:59 ` [PATCH v7 0/9] i386: KVM: expand Hyper-V features early Eduardo Habkost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871r9i13r4.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=ehabkost@redhat.com \
--cc=imammedo@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.