[v4,18/21] i386: be more picky about implicit 'hv-evmcs' enablement

Commit Message

Vitaly Kuznetsov Feb. 10, 2021, 4:40 p.m. UTC

Enlightened VMCS is the only (currently implemented in QEMU) Hyper-V
feature with hardware dependencies, it pairs with Intel VMX. It doesn't
seem right to enable this feature when VMX wasn't enabled in the guest and
when it wasn't explicitly requested on the command line. Currently, the
only possible scenario is 'hv-passthrough' which will enable 'hv-evmcs'
when the host supports it, regardless of guest VMX exposure. The upcoming
'hv-default' should also avoid enabling 'hv-evmcs' without VMX.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
---
 target/i386/kvm/kvm.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

Patch

diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index fca088d4d3b5..480908b2463a 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -1315,8 +1315,17 @@  void kvm_hyperv_expand_features(X86CPU *cpu, Error **errp)
     if (hv_cpuid_check_and_set(cs, HYPERV_FEAT_TLBFLUSH, errp)) {
         return;
     }
-    if (hv_cpuid_check_and_set(cs, HYPERV_FEAT_EVMCS, errp)) {
-        return;
+    /*
+     * 'hv-evmcs' is not enabled when it wasn't explicitly requested and guest
+     * CPU lacks VMX.
+     */
+    if (cpu_has_vmx(&cpu->env) ||
+        (cpu->hyperv_features_on & BIT(HYPERV_FEAT_EVMCS))) {
+        if (hv_cpuid_check_and_set(cs, HYPERV_FEAT_EVMCS, errp)) {
+            return;
+        }
+    } else {
+        cpu->hyperv_features &= ~BIT(HYPERV_FEAT_EVMCS);
     }
     if (hv_cpuid_check_and_set(cs, HYPERV_FEAT_IPI, errp)) {
         return;