Paolo Bonzini <pbonzini@xxxxxxxxxx> writes:
> On 26/01/21 14:48, Vitaly Kuznetsov wrote:
>> Changes since v1 [Sean]:
>> - Add a few cleanup patches ("Rename vcpu_to_hv_vcpu() to to_hv_vcpu()",
>> "Rename vcpu_to_synic()/synic_to_vcpu()", ...)
>> - Drop unused kvm_hv_vapic_assist_page_enabled()
>> - Stop shadowing global 'current_vcpu' variable in kvm_hv_flush_tlb()/
>> kvm_hv_send_ipi()
>>
>> Original description:
>>
>> Hyper-V emulation is enabled in KVM unconditionally even for Linux guests.
>> This is bad at least from security standpoint as it is an extra attack
>> surface. Ideally, there should be a per-VM capability explicitly enabled by
>> VMM but currently it is not the case and we can't mandate one without
>> breaking backwards compatibility. We can, however, check guest visible CPUIDs
>> and only enable Hyper-V emulation when "Hv#1" interface was exposed in
>> HYPERV_CPUID_INTERFACE.
>>
>> Also (and while on it) per-vcpu Hyper-V context ('struct kvm_vcpu_hv') is
>> currently part of 'struct kvm_vcpu_arch' and thus allocated unconditionally
>> for each vCPU. The context, however, quite big and accounts for more than
>> 1/4 of 'struct kvm_vcpu_arch' (e.g. 2912/9512 bytes). Switch to allocating
>> it dynamically. This may come handy if we ever decide to raise KVM_MAX_VCPUS
>> (and rumor has it some downstream distributions already have more than '288')
>>
>> Vitaly Kuznetsov (15):
>> selftests: kvm: Move kvm_get_supported_hv_cpuid() to common code
>> selftests: kvm: Properly set Hyper-V CPUIDs in evmcs_test
>> KVM: x86: hyper-v: Drop unused kvm_hv_vapic_assist_page_enabled()
>> KVM: x86: hyper-v: Rename vcpu_to_hv_vcpu() to to_hv_vcpu()
>> KVM: x86: hyper-v: Rename vcpu_to_synic()/synic_to_vcpu()
>> KVM: x86: hyper-v: Rename vcpu_to_stimer()/stimer_to_vcpu()
>> KVM: x86: hyper-v: Rename vcpu_to_hv_syndbg() to to_hv_syndbg()
>> KVM: x86: hyper-v: Introduce to_kvm_hv() helper
>> KVM: x86: hyper-v: Stop shadowing global 'current_vcpu' variable
>> KVM: x86: hyper-v: Always use to_hv_vcpu() accessor to get to 'struct
>> kvm_vcpu_hv'
>> KVM: x86: hyper-v: Prepare to meet unallocated Hyper-V context
>> KVM: x86: hyper-v: Allocate 'struct kvm_vcpu_hv' dynamically
>> KVM: x86: hyper-v: Make Hyper-V emulation enablement conditional
>> KVM: x86: hyper-v: Allocate Hyper-V context lazily
>> KVM: x86: hyper-v: Drop hv_vcpu_to_vcpu() helper
>>
...
>>
>
> Queued, thanks.
I was expecting it to appear in kvm/queue but it didn't happen so just
wanted to double-check what happened to these patches. Thanks!
--
Vitaly
