Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests

Restrict the protocol version(s) that will be negotiated with the host to be 5.2 or greater if the guest is running isolated. This reduces the footprint of the code that will be exercised by Confidential VMs and hence the exposure to bugs and vulnerabilities. Signed-off-by: Andrea Parri (Microsoft) <[email protected]> Reviewed-by: Michael Kelley <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Wei Liu <[email protected]>
author: Andrea Parri (Microsoft) <[email protected]> 2021-02-01 15:48:13 +0100
committer: Wei Liu <[email protected]> 2021-02-11 08:47:05 +0000
commit: 7ef4b2f0d9adb73eb66e1f87f22953169c3dc7f8 (patch)
tree: 87960b5e528318c31cc688e1c143dff83d6ef1d5
parent: 21a4e356d3588806307555c149b80cec3dedb180 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
index 11170d9a2e1a..c83612cddb99 100644
--- a/drivers/hv/connection.c
+++ b/drivers/hv/connection.c
@@ -244,6 +244,13 @@ int vmbus_connect(void)
 			break;
 	}
 
+	if (hv_is_isolation_supported() && version < VERSION_WIN10_V5_2) {
+		pr_err("Invalid VMBus version %d.%d (expected >= %d.%d) from the host supporting isolation\n",
+		       version >> 16, version & 0xFFFF, VERSION_WIN10_V5_2 >> 16, VERSION_WIN10_V5_2 & 0xFFFF);
+		ret = -EINVAL;
+		goto cleanup;
+	}
+
 	vmbus_proto_version = version;
 	pr_info("Vmbus version:%d.%d\n",
 		version >> 16, version & 0xFFFF);
author	Andrea Parri (Microsoft) <[email protected]>	2021-02-01 15:48:13 +0100
committer	Wei Liu <[email protected]>	2021-02-11 08:47:05 +0000
commit	7ef4b2f0d9adb73eb66e1f87f22953169c3dc7f8 (patch)
tree	87960b5e528318c31cc688e1c143dff83d6ef1d5
parent	21a4e356d3588806307555c149b80cec3dedb180 (diff)