i386: Hyper-V SynIC requires POST_MESSAGES/SIGNAL_EVENTS privileges

When Hyper-V SynIC is enabled, we may need to allow Windows guests to make hypercalls (POST_MESSAGES/SIGNAL_EVENTS). No issue is currently observed because KVM is very permissive, allowing these hypercalls regarding of guest visible CPUid bits. Reviewed-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Message-Id: <20210608120817.1325125-9-vkuznets@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2021-06-08 14:08:16 +02:00 · 2021-06-08 14:08:16 +02:00 · cce087f628
parent b26f68c36b
commit cce087f628
2 changed files with 12 additions and 0 deletions
--- a/target/i386/kvm/hyperv-proto.h
+++ b/target/i386/kvm/hyperv-proto.h
@ -38,6 +38,12 @@
 #define HV_ACCESS_FREQUENCY_MSRS     (1u << 11)
 #define HV_ACCESS_REENLIGHTENMENTS_CONTROL  (1u << 13)

+/*
+ * HV_CPUID_FEATURES.EBX bits
+ */
+#define HV_POST_MESSAGES             (1u << 4)
+#define HV_SIGNAL_EVENTS             (1u << 5)
+
 /*
 * HV_CPUID_FEATURES.EDX bits
 */
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@ -1346,6 +1346,12 @@ static int hyperv_fill_cpuids(CPUState *cs,
    /* Unconditionally required with any Hyper-V enlightenment */
    c->eax |= HV_HYPERCALL_AVAILABLE;

+    /* SynIC and Vmbus devices require messages/signals hypercalls */
+    if (hyperv_feat_enabled(cpu, HYPERV_FEAT_SYNIC) &&
+        !cpu->hyperv_synic_kvm_only) {
+        c->ebx |= HV_POST_MESSAGES | HV_SIGNAL_EVENTS;
+    }
+
    /* Not exposed by KVM but needed to make CPU hotplug in Windows work */
    c->edx |= HV_CPU_DYNAMIC_PARTITIONING_AVAILABLE;