• Vitaly Kuznetsov's avatar
    KVM: x86: hyper-v: Make Hyper-V emulation enablement conditional · 8f014550
    Vitaly Kuznetsov authored
    Hyper-V emulation is enabled in KVM unconditionally. This is bad at least
    from security standpoint as it is an extra attack surface. Ideally, there
    should be a per-VM capability explicitly enabled by VMM but currently it
    is not the case and we can't mandate one without breaking backwards
    compatibility. We can, however, check guest visible CPUIDs and only enable
    Hyper-V emulation when "Hv#1" interface was exposed in
    HYPERV_CPUID_INTERFACE.
    
    Note, VMMs are free to act in any sequence they like, e.g. they can try
    to set MSRs first and CPUIDs later so we still need to allow the host
    to read/write Hyper-V specific MSRs unconditionally.
    Signed-off-by: default avatarVitaly Kuznetsov <vkuznets@redhat.com>
    Message-Id: <20210126134816.1880136-14-vkuznets@redhat.com>
    [Add selftest vcpu_set_hv_cpuid API to avoid breaking xen_vmcall_test. - Paolo]
    Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
    8f014550
x86.c 305 KB