Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests

Restrict the protocol version(s) that will be negotiated with the host to be 5.2 or greater if the guest is running isolated. This reduces the footprint of the code that will be exercised by Confidential VMs and hence the exposure to bugs and vulnerabilities. Signed-off-by: N Andrea Parri (Microsoft) <parri.andrea@gmail.com> Reviewed-by: N Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20210201144814.2701-4-parri.andrea@gmail.comSigned-off-by: N Wei Liu <wei.liu@kernel.org>

Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests
Restrict the protocol version(s) that will be negotiated with the host to be 5.2 or greater if the guest is running isolated. This reduces the footprint of the code that will be exercised by Confidential VMs and hence the exposure to bugs and vulnerabilities. Signed-off-by: N Andrea Parri (Microsoft) <parri.andrea@gmail.com> Reviewed-by: N Michael Kelley <mikelley@microsoft.com> Link: https://lore.kernel.org/r/20210201144814.2701-4-parri.andrea@gmail.comSigned-off-by: N Wei Liu <wei.liu@kernel.org>
7ef4b2f0 · Andrea Parri (Microsoft) · Wei Liu · 21a4e356 · 7ef4b2f0
隐藏空白更改
内联并排

Showing with 7 addition and 0 deletion

drivers/hv/connection.c drivers/hv/connection.c +7 -0

未找到文件。
--- a/drivers/hv/connection.c
+++ b/drivers/hv/connection.c
@@ -244,6 +244,13 @@ int vmbus_connect(void)
 			break;
 	}

+	if (hv_is_isolation_supported() && version < VERSION_WIN10_V5_2) {
+		pr_err("Invalid VMBus version %d.%d (expected >= %d.%d) from the host supporting isolation\n",
+		       version >> 16, version & 0xFFFF, VERSION_WIN10_V5_2 >> 16, VERSION_WIN10_V5_2 & 0xFFFF);
+		ret = -EINVAL;
+		goto cleanup;
+	}
+
 	vmbus_proto_version = version;
 	pr_info("Vmbus version:%d.%d\n",
 		version >> 16, version & 0xFFFF);