[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20210126115641.2527-4-parri.andrea@gmail.com>
Date: Tue, 26 Jan 2021 12:56:40 +0100
From: "Andrea Parri (Microsoft)" <parri.andrea@...il.com>
To: linux-kernel@...r.kernel.org
Cc: "K . Y . Srinivasan" <kys@...rosoft.com>,
Haiyang Zhang <haiyangz@...rosoft.com>,
Stephen Hemminger <sthemmin@...rosoft.com>,
Wei Liu <wei.liu@...nel.org>,
Michael Kelley <mikelley@...rosoft.com>,
linux-hyperv@...r.kernel.org,
Tianyu Lan <Tianyu.Lan@...rosoft.com>,
Saruhan Karademir <skarade@...rosoft.com>,
Juan Vazquez <juvazq@...rosoft.com>,
"Andrea Parri (Microsoft)" <parri.andrea@...il.com>
Subject: [PATCH v2 3/4] Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests
Restrict the protocol version(s) that will be negotiated with the host
to be 5.2 or greater if the guest is running isolated. This reduces the
footprint of the code that will be exercised by Confidential VMs and
hence the exposure to bugs and vulnerabilities.
Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@...il.com>
---
drivers/hv/connection.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
index 11170d9a2e1a5..bcf4d7def6838 100644
--- a/drivers/hv/connection.c
+++ b/drivers/hv/connection.c
@@ -66,6 +66,13 @@ module_param(max_version, uint, S_IRUGO);
MODULE_PARM_DESC(max_version,
"Maximal VMBus protocol version which can be negotiated");
+static bool vmbus_is_valid_version(u32 version)
+{
+ if (hv_is_isolation_supported())
+ return version >= VERSION_WIN10_V5_2;
+ return true;
+}
+
int vmbus_negotiate_version(struct vmbus_channel_msginfo *msginfo, u32 version)
{
int ret = 0;
@@ -233,6 +240,12 @@ int vmbus_connect(void)
goto cleanup;
version = vmbus_versions[i];
+
+ if (!vmbus_is_valid_version(version)) {
+ ret = -EINVAL;
+ goto cleanup;
+ }
+
if (version > max_version)
continue;
--
2.25.1
Powered by blists - more mailing lists