Hi all, To reduce the footprint of the code that will be exercised, and hence the exposure to bugs and vulnerabilities, restrict configurations and devices on 'isolated' VMs. Specs of the Isolation Configuration leaf (cf. patch #1) were derived from internal discussions with the Hyper-V team and, AFAICT, they are not publicly available yet. The series has some minor/naming conflict with on-going work aimed at enabling SNP VMs on Hyper-V[1]; such conflicts can be addressed later at the right time. Applies to hyperv-next. Thanks, Andrea [1] https://github.com/lantianyu/linux # cvm Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx> Cc: Ingo Molnar <mingo@xxxxxxxxxx> Cc: Borislav Petkov <bp@xxxxxxxxx> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx> Cc: Arnd Bergmann <arnd@xxxxxxxx> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> Cc: Jakub Kicinski <kuba@xxxxxxxxxx> Cc: x86@xxxxxxxxxx Cc: linux-arch@xxxxxxxxxxxxxxx Cc: netdev@xxxxxxxxxxxxxxx Andrea Parri (Microsoft) (4): x86/hyperv: Load/save the Isolation Configuration leaf Drivers: hv: vmbus: Restrict vmbus_devices on isolated guests Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests hv_netvsc: Restrict configurations on isolated guests arch/x86/hyperv/hv_init.c | 15 +++++++++++++ arch/x86/include/asm/hyperv-tlfs.h | 15 +++++++++++++ arch/x86/kernel/cpu/mshyperv.c | 9 ++++++++ drivers/hv/channel_mgmt.c | 36 ++++++++++++++++++++++++++++++ drivers/hv/connection.c | 13 +++++++++++ drivers/net/hyperv/netvsc.c | 21 ++++++++++++++--- include/asm-generic/hyperv-tlfs.h | 1 + include/asm-generic/mshyperv.h | 5 +++++ include/linux/hyperv.h | 1 + 9 files changed, 113 insertions(+), 3 deletions(-) -- 2.25.1
