RE: [PATCH v2 4/4] hv_netvsc: Restrict configurations on isolated guests
From: Haiyang Zhang
Date: Tue Jan 26 2021 - 10:44:49 EST
> -----Original Message-----
> From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> Sent: Tuesday, January 26, 2021 6:57 AM
> To: linux-kernel@xxxxxxxxxxxxxxx
> Cc: KY Srinivasan <kys@xxxxxxxxxxxxx>; Haiyang Zhang
> <haiyangz@xxxxxxxxxxxxx>; Stephen Hemminger
> <sthemmin@xxxxxxxxxxxxx>; Wei Liu <wei.liu@xxxxxxxxxx>; Michael Kelley
> <mikelley@xxxxxxxxxxxxx>; linux-hyperv@xxxxxxxxxxxxxxx; Tianyu Lan
> <Tianyu.Lan@xxxxxxxxxxxxx>; Saruhan Karademir
> <skarade@xxxxxxxxxxxxx>; Juan Vazquez <juvazq@xxxxxxxxxxxxx>; Andrea
> Parri (Microsoft) <parri.andrea@xxxxxxxxx>; Jakub Kicinski
> <kuba@xxxxxxxxxx>; David S. Miller <davem@xxxxxxxxxxxxx>;
> netdev@xxxxxxxxxxxxxxx
> Subject: [PATCH v2 4/4] hv_netvsc: Restrict configurations on isolated guests
>
> Restrict the NVSP protocol version(s) that will be negotiated with the host to
> be NVSP_PROTOCOL_VERSION_61 or greater if the guest is running isolated.
> Moreover, do not advertise the SR-IOV capability and ignore
> NVSP_MSG_4_TYPE_SEND_VF_ASSOCIATION messages in isolated guests,
> which are not supposed to support SR-IOV. This reduces the footprint of the
> code that will be exercised by Confidential VMs and hence the exposure to
> bugs and vulnerabilities.
>
> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> Acked-by: Jakub Kicinski <kuba@xxxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Cc: netdev@xxxxxxxxxxxxxxx
Reviewed-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
Thanks.