git.baikalelectronics.ru Git - kernel.git/commit

author	Vitaly Kuznetsov <vkuznets@redhat.com>
	Tue, 26 Jan 2021 13:48:14 +0000 (14:48 +0100)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 9 Feb 2021 13:39:56 +0000 (08:39 -0500)
commit	e3e551a17a98f027ba000a4824f4b34f11a62967
tree	b18a8f8c96c597d215d831207472d07508e1395b	tree \| snapshot
parent	58b298536d46de430e5495f8e2f278f2abb85d14	commit \| diff

KVM: x86: hyper-v: Make Hyper-V emulation enablement conditional

Hyper-V emulation is enabled in KVM unconditionally. This is bad at least
from security standpoint as it is an extra attack surface. Ideally, there
should be a per-VM capability explicitly enabled by VMM but currently it
is not the case and we can't mandate one without breaking backwards
compatibility. We can, however, check guest visible CPUIDs and only enable
Hyper-V emulation when "Hv#1" interface was exposed in
HYPERV_CPUID_INTERFACE.

Note, VMMs are free to act in any sequence they like, e.g. they can try
to set MSRs first and CPUIDs later so we still need to allow the host
to read/write Hyper-V specific MSRs unconditionally.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20210126134816.1880136-14-vkuznets@redhat.com>
[Add selftest vcpu_set_hv_cpuid API to avoid breaking xen_vmcall_test. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/include/asm/kvm_host.h		diff \| blob \| history
arch/x86/kvm/cpuid.c		diff \| blob \| history
arch/x86/kvm/hyperv.c		diff \| blob \| history
arch/x86/kvm/hyperv.h		diff \| blob \| history
arch/x86/kvm/x86.c		diff \| blob \| history
arch/x86/kvm/xen.c		diff \| blob \| history
tools/testing/selftests/kvm/include/x86_64/processor.h		diff \| blob \| history
tools/testing/selftests/kvm/lib/x86_64/processor.c		diff \| blob \| history
tools/testing/selftests/kvm/x86_64/evmcs_test.c		diff \| blob \| history
tools/testing/selftests/kvm/x86_64/xen_vmcall_test.c		diff \| blob \| history