> -----Original Message----- > From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > Sent: Tuesday, January 26, 2021 6:57 AM > To: linux-kernel@xxxxxxxxxxxxxxx > Cc: KY Srinivasan <kys@xxxxxxxxxxxxx>; Haiyang Zhang > <haiyangz@xxxxxxxxxxxxx>; Stephen Hemminger > <sthemmin@xxxxxxxxxxxxx>; Wei Liu <wei.liu@xxxxxxxxxx>; Michael Kelley > <mikelley@xxxxxxxxxxxxx>; linux-hyperv@xxxxxxxxxxxxxxx; Tianyu Lan > <Tianyu.Lan@xxxxxxxxxxxxx>; Saruhan Karademir > <skarade@xxxxxxxxxxxxx>; Juan Vazquez <juvazq@xxxxxxxxxxxxx>; Andrea > Parri (Microsoft) <parri.andrea@xxxxxxxxx>; Jakub Kicinski > <kuba@xxxxxxxxxx>; David S. Miller <davem@xxxxxxxxxxxxx>; > netdev@xxxxxxxxxxxxxxx > Subject: [PATCH v2 4/4] hv_netvsc: Restrict configurations on isolated guests > > Restrict the NVSP protocol version(s) that will be negotiated with the host to > be NVSP_PROTOCOL_VERSION_61 or greater if the guest is running isolated. > Moreover, do not advertise the SR-IOV capability and ignore > NVSP_MSG_4_TYPE_SEND_VF_ASSOCIATION messages in isolated guests, > which are not supposed to support SR-IOV. This reduces the footprint of the > code that will be exercised by Confidential VMs and hence the exposure to > bugs and vulnerabilities. > > Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> > Acked-by: Jakub Kicinski <kuba@xxxxxxxxxx> > Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> > Cc: Jakub Kicinski <kuba@xxxxxxxxxx> > Cc: netdev@xxxxxxxxxxxxxxx Reviewed-by: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx> Thanks.
