Commit a1a3692d15 for qemu.org
commit a1a3692d159df7ed657d96a9c957d85f1d859f37
Author: Mohamed Mediouni <mohamed@unpredictable.fr>
Date: Wed Apr 22 23:42:24 2026 +0200
whpx: i386: add SeparateSecurityDomain flag and make default
For workloads where isolation is less important, -accel whpx,ssd=off
will provide significantly higher MMIO performance.
Signed-off-by: Mohamed Mediouni <mohamed@unpredictable.fr>
Link: https://lore.kernel.org/r/20260422214225.2242-37-mohamed@unpredictable.fr
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/accel/whpx/whpx-common.c b/accel/whpx/whpx-common.c
index d846e08714..247e12db81 100644
--- a/accel/whpx/whpx-common.c
+++ b/accel/whpx/whpx-common.c
@@ -556,6 +556,7 @@ static void whpx_accel_instance_init(Object *obj)
whpx->hyperv_enlightenments_enabled = false;
whpx->ignore_unknown_msr = true;
whpx->intercept_msr_gp = false;
+ whpx->separate_security_domain = true;
}
static const TypeInfo whpx_accel_type = {
diff --git a/include/system/whpx-internal.h b/include/system/whpx-internal.h
index 15027a7d52..c295c5a529 100644
--- a/include/system/whpx-internal.h
+++ b/include/system/whpx-internal.h
@@ -47,6 +47,8 @@ struct whpx_state {
bool hyperv_enlightenments_required;
bool hyperv_enlightenments_enabled;
+ bool separate_security_domain;
+
bool ignore_unknown_msr;
bool intercept_msr_gp;
};
diff --git a/target/i386/whpx/whpx-all.c b/target/i386/whpx/whpx-all.c
index d6bc36686c..9d0c391e36 100644
--- a/target/i386/whpx/whpx-all.c
+++ b/target/i386/whpx/whpx-all.c
@@ -2962,6 +2962,39 @@ static void whpx_set_intercept_msr_gp(Object *obj, Visitor *v,
}
}
+static void whpx_set_ssd(Object *obj, Visitor *v,
+ const char *name, void *opaque,
+ Error **errp)
+{
+ struct whpx_state *whpx = &whpx_global;
+ OnOffAuto mode;
+
+ if (!visit_type_OnOffAuto(v, name, &mode, errp)) {
+ return;
+ }
+
+ switch (mode) {
+ case ON_OFF_AUTO_ON:
+ whpx->separate_security_domain = true;
+ break;
+
+ case ON_OFF_AUTO_OFF:
+ whpx->separate_security_domain = false;
+ break;
+
+ case ON_OFF_AUTO_AUTO:
+ whpx->separate_security_domain = true;
+ break;
+ default:
+ /*
+ * The value was checked in visit_type_OnOffAuto() above. If
+ * we get here, then something is wrong in QEMU.
+ */
+ abort();
+ }
+}
+
+
void whpx_arch_accel_class_init(ObjectClass *oc)
{
object_class_property_add(oc, "ignore-unknown-msr", "OnOffAuto",
@@ -2974,6 +3007,11 @@ void whpx_arch_accel_class_init(ObjectClass *oc)
NULL, NULL);
object_class_property_set_description(oc, "intercept-msr-gp",
"Intercept #GP to log erroring MSR accesses.");
+ object_class_property_add(oc, "ssd", "OnOffAuto",
+ NULL, whpx_set_ssd,
+ NULL, NULL);
+ object_class_property_set_description(oc, "ssd",
+ "Separate security domain");
}
int whpx_accel_init(AccelState *as, MachineState *ms)
@@ -3169,6 +3207,32 @@ int whpx_accel_init(AccelState *as, MachineState *ms)
}
}
+ /*
+ * The combination of separate security domain off
+ * and disabling specifically these features results
+ * in a significant vmexit performance improvement
+ * by skipping speculative execution mitigations.
+ */
+ if (!whpx->separate_security_domain) {
+ processor_features.Bank0.IbrsSupport = 0;
+ processor_features.Bank0.StibpSupport = 0;
+ processor_features.Bank0.IbpbSupport = 0;
+ processor_features.Bank0.SsbdSupport = 0;
+ processor_features.Bank0.IbrsAllSupport = 0;
+ processor_features.Bank1.PsfdSupport = 0;
+ memset(&prop, 0, sizeof(WHV_PARTITION_PROPERTY));
+ prop.SeparateSecurityDomain = 0;
+ hr = whp_dispatch.WHvSetPartitionProperty(
+ whpx->partition,
+ WHvPartitionPropertyCodeSeparateSecurityDomain,
+ &prop,
+ sizeof(WHV_PARTITION_PROPERTY));
+ if (FAILED(hr)) {
+ error_report("WHPX: failed to unset separate security domain, hr=%08lx", hr);
+ /* Some old Windows 10 releases didn't have this, so not fatal*/
+ }
+ }
+
hr = whp_dispatch.WHvSetPartitionProperty(
whpx->partition,
WHvPartitionPropertyCodeProcessorFeaturesBanks,