[pve-devel] [PATCH] add hyperv enlightments : hv_reset, hv_vpindex, hv_runtime
Alexandre DERUMIER
aderumier at odiso.com
Fri May 20 11:28:30 CEST 2016
>>Here is a CVE still open affecting Hyper-v Synthetic Interrupt
>>Controller(SynIC) support:
>>CVE-2016-4440 Kernel: kvm: vmx: incorrect state update leading to MSR access
>>We should probably fix that before enabling this, although as we do not
>>have qemu 2.6 in the repos
>>and so this feature isn't yet available (except for user who build qemu
>>them self :)) that
>>isn't a problem yet and until then we will have the CVE fixed (doesn't
>>affects us yet, AFAIK).
This patch don't add hv_synic (and related hv_stimer).
The support is only available in kernel 4.5 currently (and not backported to 4.4)
>>Would it make sense to enable this only if the VM OS is windows?
it's don't work with xp/2003.
hyper_v is available since win7
----- Mail original -----
De: "Thomas Lamprecht" <t.lamprecht at proxmox.com>
À: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Vendredi 20 Mai 2016 10:59:28
Objet: Re: [pve-devel] [PATCH] add hyperv enlightments : hv_reset, hv_vpindex, hv_runtime
On 05/20/2016 10:26 AM, Alexandre Derumier wrote:
> add them by default for qemu 2.6
> (support is already present in qemu 2.5, but we don't want to break live migration for current running vm)
>
> vpindex && runtime need host kernel 4.4
>
> Theses 3 enlightements are needed by windows to use vmbus
> http://searchwindowsserver.techtarget.com/definition/Microsoft-Virtual-Machine-Bus-VMBus
>
> details :
>
> - When Hyper-V "vpindex" is on, guest can use MSR HV_X64_MSR_VP_INDEX
> to get virtual processor ID.
Here is a CVE still open affecting Hyper-v Synthetic Interrupt
Controller(SynIC) support:
CVE-2016-4440 Kernel: kvm: vmx: incorrect state update leading to MSR access
We should probably fix that before enabling this, although as we do not
have qemu 2.6 in the repos
and so this feature isn't yet available (except for user who build qemu
them self :)) that
isn't a problem yet and until then we will have the CVE fixed (doesn't
affects us yet, AFAIK).
>
> - Hyper-V "runtime" enlightement feature allows to use MSR
> HV_X64_MSR_VP_RUNTIME to get the time the virtual processor consumes
> running guest code, as well as the time the hypervisor spends running
> code on behalf of that guest.
>
> - Hyper-V "reset" allows guest to reset VM.
>
> Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
> ---
> PVE/QemuServer.pm | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
> index 4c0e043..3938c53 100644
> --- a/PVE/QemuServer.pm
> +++ b/PVE/QemuServer.pm
> @@ -3047,6 +3047,12 @@ sub config_to_command {
> push @$cpuFlags , 'hv_vapic' if !$nokvm;
> push @$cpuFlags , 'hv_time' if !$nokvm;
>
> + if (qemu_machine_feature_enabled ($machine_type, $kvmver, 2, 6)) {
> + push @$cpuFlags , 'hv_reset' if !$nokvm;
> + push @$cpuFlags , 'hv_vpindex' if !$nokvm;
> + push @$cpuFlags , 'hv_runtime' if !$nokvm;
> + }
> +
Would it make sense to enable this only if the VM OS is windows?
> } else {
> push @$cpuFlags , 'hv_spinlocks=0xffff' if !$nokvm;
> }
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list