[pve-devel] [PATCH] add hyperv enlightments : hv_reset, hv_vpindex, hv_runtime

Alexandre DERUMIER aderumier at odiso.com
Fri May 20 11:28:30 CEST 2016


>>Here is a CVE still open affecting Hyper-v Synthetic Interrupt
>>Controller(SynIC) support:
>>CVE-2016-4440 Kernel: kvm: vmx: incorrect state update leading to MSR access

>>We should probably fix that before enabling this, although as we do not
>>have qemu 2.6 in the repos
>>and so this feature isn't yet available (except for user who build qemu
>>them self :)) that
>>isn't a problem yet and until then we will have the CVE fixed (doesn't
>>affects us yet, AFAIK).

This patch don't add hv_synic (and related hv_stimer).
The support is only available in kernel 4.5 currently (and not backported to 4.4)



>>Would it make sense to enable this only if the VM OS is windows? 

it's don't work with xp/2003.

hyper_v is available since win7




----- Mail original -----
De: "Thomas Lamprecht" <t.lamprecht at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 20 Mai 2016 10:59:28
Objet: Re: [pve-devel] [PATCH] add hyperv enlightments : hv_reset, hv_vpindex, hv_runtime

On 05/20/2016 10:26 AM, Alexandre Derumier wrote: 
> add them by default for qemu 2.6 
> (support is already present in qemu 2.5, but we don't want to break live migration for current running vm) 
> 
> vpindex && runtime need host kernel 4.4 
> 
> Theses 3 enlightements are needed by windows to use vmbus 
> http://searchwindowsserver.techtarget.com/definition/Microsoft-Virtual-Machine-Bus-VMBus 
> 
> details : 
> 
> - When Hyper-V "vpindex" is on, guest can use MSR HV_X64_MSR_VP_INDEX 
> to get virtual processor ID. 
Here is a CVE still open affecting Hyper-v Synthetic Interrupt 
Controller(SynIC) support: 
CVE-2016-4440 Kernel: kvm: vmx: incorrect state update leading to MSR access 

We should probably fix that before enabling this, although as we do not 
have qemu 2.6 in the repos 
and so this feature isn't yet available (except for user who build qemu 
them self :)) that 
isn't a problem yet and until then we will have the CVE fixed (doesn't 
affects us yet, AFAIK). 
> 
> - Hyper-V "runtime" enlightement feature allows to use MSR 
> HV_X64_MSR_VP_RUNTIME to get the time the virtual processor consumes 
> running guest code, as well as the time the hypervisor spends running 
> code on behalf of that guest. 
> 
> - Hyper-V "reset" allows guest to reset VM. 
> 
> Signed-off-by: Alexandre Derumier <aderumier at odiso.com> 
> --- 
> PVE/QemuServer.pm | 6 ++++++ 
> 1 file changed, 6 insertions(+) 
> 
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm 
> index 4c0e043..3938c53 100644 
> --- a/PVE/QemuServer.pm 
> +++ b/PVE/QemuServer.pm 
> @@ -3047,6 +3047,12 @@ sub config_to_command { 
> push @$cpuFlags , 'hv_vapic' if !$nokvm; 
> push @$cpuFlags , 'hv_time' if !$nokvm; 
> 
> + if (qemu_machine_feature_enabled ($machine_type, $kvmver, 2, 6)) { 
> + push @$cpuFlags , 'hv_reset' if !$nokvm; 
> + push @$cpuFlags , 'hv_vpindex' if !$nokvm; 
> + push @$cpuFlags , 'hv_runtime' if !$nokvm; 
> + } 
> + 

Would it make sense to enable this only if the VM OS is windows? 

> } else { 
> push @$cpuFlags , 'hv_spinlocks=0xffff' if !$nokvm; 
> } 


_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



More information about the pve-devel mailing list