From 70367f091777419f42e5f68f4206deb641335877 Mon Sep 17 00:00:00 2001 From: Vitaly Kuznetsov Date: Thu, 2 Sep 2021 11:35:26 +0200 Subject: i386: Support KVM_CAP_HYPERV_ENFORCE_CPUID By default, KVM allows the guest to use all currently supported Hyper-V enlightenments when Hyper-V CPUID interface was exposed, regardless of if some features were not announced in guest visible CPUIDs. hv-enforce-cpuid feature alters this behavior and only allows the guest to use exposed Hyper-V enlightenments. The feature is supported by Linux >= 5.14 and is not enabled by default in QEMU. Signed-off-by: Vitaly Kuznetsov Message-Id: <20210902093530.345756-5-vkuznets@redhat.com> Signed-off-by: Paolo Bonzini --- target/i386/cpu.c | 1 + target/i386/cpu.h | 1 + target/i386/kvm/kvm.c | 9 +++++++++ 3 files changed, 11 insertions(+) (limited to 'target') diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 598019de12..2a19eba56d 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6834,6 +6834,7 @@ static Property x86_cpu_properties[] = { DEFINE_PROP_ON_OFF_AUTO("hv-no-nonarch-coresharing", X86CPU, hyperv_no_nonarch_cs, ON_OFF_AUTO_OFF), DEFINE_PROP_BOOL("hv-passthrough", X86CPU, hyperv_passthrough, false), + DEFINE_PROP_BOOL("hv-enforce-cpuid", X86CPU, hyperv_enforce_cpuid, false), DEFINE_PROP_BOOL("check", X86CPU, check_cpuid, true), DEFINE_PROP_BOOL("enforce", X86CPU, enforce_cpuid, false), diff --git a/target/i386/cpu.h b/target/i386/cpu.h index c990150373..8a7209bbf2 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -1719,6 +1719,7 @@ struct X86CPU { uint32_t hyperv_version_id[4]; uint32_t hyperv_limits[3]; uint32_t hyperv_nested[4]; + bool hyperv_enforce_cpuid; bool check_cpuid; bool enforce_cpuid; diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index d6a70c27e5..fbe6b7ac72 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -1531,6 +1531,15 @@ static int hyperv_init_vcpu(X86CPU *cpu) cpu->hyperv_nested[0] = evmcs_version; } + if (cpu->hyperv_enforce_cpuid) { + ret = kvm_vcpu_enable_cap(cs, KVM_CAP_HYPERV_ENFORCE_CPUID, 0, 1); + if (ret < 0) { + error_report("failed to enable KVM_CAP_HYPERV_ENFORCE_CPUID: %s", + strerror(-ret)); + return ret; + } + } + return 0; } -- cgit v1.2.3