On Wed, Jan 13, 2021, Vitaly Kuznetsov wrote: > Hyper-V emulation is enabled in KVM unconditionally. This is bad at least > from security standpoint as it is an extra attack surface. Ideally, there > should be a per-VM capability explicitly enabled by VMM but currently it Would adding a module param buy us anything (other than complexity)? > is not the case and we can't mandate one without breaking backwards > compatibility. We can, however, check guest visible CPUIDs and only enable > Hyper-V emulation when "Hv#1" interface was exposed in > HYPERV_CPUID_INTERFACE.
