From: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx> Sent: Tuesday, January 26, 2021 3:57 AM
>
> Restrict the protocol version(s) that will be negotiated with the host
> to be 5.2 or greater if the guest is running isolated. This reduces the
> footprint of the code that will be exercised by Confidential VMs and
> hence the exposure to bugs and vulnerabilities.
>
> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> ---
> drivers/hv/connection.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
> index 11170d9a2e1a5..bcf4d7def6838 100644
> --- a/drivers/hv/connection.c
> +++ b/drivers/hv/connection.c
> @@ -66,6 +66,13 @@ module_param(max_version, uint, S_IRUGO);
> MODULE_PARM_DESC(max_version,
> "Maximal VMBus protocol version which can be negotiated");
>
> +static bool vmbus_is_valid_version(u32 version)
> +{
> + if (hv_is_isolation_supported())
> + return version >= VERSION_WIN10_V5_2;
> + return true;
> +}
> +
> int vmbus_negotiate_version(struct vmbus_channel_msginfo *msginfo, u32 version)
> {
> int ret = 0;
> @@ -233,6 +240,12 @@ int vmbus_connect(void)
> goto cleanup;
>
> version = vmbus_versions[i];
> +
> + if (!vmbus_is_valid_version(version)) {
Outputting a message in this case could be useful. The message should show
what version was negotiated and then deemed invalid.
> + ret = -EINVAL;
> + goto cleanup;
> + }
> +
> if (version > max_version)
> continue;
>
> --
> 2.25.1
