Xen's Hyper-V hypercall extensions (aka Viridian) not enabled for Windows Qubes

[tcosprojects]

Qubes OS release

Qubes OS 4.2

Brief summary

I've prepared 2 patches (with tests!) backported to 8.9.0 implementing the <hyperv/> flags for Xen. This allows users of Qubes Stable to opt-in to these features by editing their xen.xml template, while not affecting existing users with the <viridian/> flag set.

Despite <viridian/> being set in the libvirt domain config files, it doesn't seem to be taking effect.

Logs under /var/log/libvirt/libxl show "viridian": "False". I've confirmed the HV cpu flags are not enabled (only Xen's flags are visible) using the cpuid command on a Linux HVM qube.

  hypervisor_id (0x40000000) = "XenVMMXenVMM"
   hypervisor version (0x40000001/eax):
      version = 4.17
   hypervisor features (0x40000002):
      number of hypercall-transfer pages = 0x1 (1)
      MSR base address                   = 0x40000000
      MMU_PT_UPDATE_PRESERVE_AD supported = false

Reviewing the libvirt source code shows that this feature is unimplemented or perhaps regressed in a refactor.

Steps to reproduce

1. Launch a Windows VM
2. See sluggish performance
3. Use cpuid to confirm that no HV enlightments are enabled

Expected behavior

Xen Hyper-V interfaces are exposed to Windows to improve performance.

Actual behavior

The <viridian/> setting is ignored.

Additional information

I've built and tested libvirt 8.9.0 with these changes under a Linux HVM (with PCIe passthrough), Windows 10 and Windows 2025. Linux is appropriately unchanged, while Windows 10 and Server 2025 have much better performance.

Linux HVM showing HV flags:

 hypervisor_id (0x40000000) = "Microsoft Hv"
   hypervisor interface identification (0x40000001/eax):
      version = "Hv#1"
   hypervisor system identity (0x40000002):
      build          = 0
      version        = 0.0
      service pack   = 0
      service branch = 0
      service number = 0
   hypervisor feature identification (0x40000003/eax):
      VP run time                      = false
      partition reference counter      = true
      basic synIC MSRs                 = true
      synthetic timer MSRs             = true
      APIC access MSRs                 = true
      hypercall MSRs                   = true
      access virtual process index MSR = true
      virtual system reset MSR         = false
      map/unmap statistics pages MSR   = false
      reference TSC access             = true
      guest idle state MSR             = false
      TSC/APIC frequency MSRs          = true
      guest debugging MSRs             = false
      reenlightenment MSRs             = false
      invariant TSC MSR                = false
...
   hypervisor_id (0x40000100) = "XenVMMXenVMM"
   hypervisor version (0x40000101/eax):
      version = 4.17
   hypervisor features (0x40000102):
      number of hypercall-transfer pages = 0x1 (1)
      MSR base address                   = 0x40000200
      MMU_PT_UPDATE_PRESERVE_AD supported = false

cpuid (cygwin) on Windows confirms flags are on and recommended:

 hypervisor recommendations (0x40000004/eax):
      use hypercalls for AS switches            = false
      use hypercalls for local TLB flushes      = false
      use hypercalls for remote TLB flushes     = true
      use MSRs to access EOI, ICR, TPR          = true
      use MSRs to initiate system RESET         = false
      use relaxed timing                        = true
      use DMA remapping                         = false
      use interrupt remapping                   = false
      use x2APIC MSRs                           = false
      deprecate AutoEOI                         = false
      use SyntheticClusterIpi hypercall         = true
      use ExProcessorMasks                      = true
      hypervisor is nested with Hyper-V         = false
      use INT for MBEC system calls             = false
      use enlightened VMCS interface            = false
      use synced timeline                       = false
      use direct local flush entire             = false
      no non-architectural core sharing         = false
      use hypercalls for MMIO config space I/O  = false
      physical address width                    = 0x0 (0)
      maximum number of spinlock retry attempts = 0x7ff (2047)

[tcosprojects]

0001-Implement-hyperv-flag-configuration-for-Xen.patch.txt
0002-Add-trusted-flag-to-tests-to-work-with-Qubes-patches.patch.txt

[marmarek]

Since you've already written it, please send it upstream first (libvirt mailing list) - at least the first one (the second looks specific to qubes, right?). When accepted there, we can backport to our package.

[tcosprojects]

Alright, I'll send the patch upstream. Yes, the 2nd patch is just for Qubes to make the RPM build.