Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3003313pxb; Tue, 19 Jan 2021 11:05:40 -0800 (PST) X-Google-Smtp-Source: ABdhPJxpC/l3EAVMQH9UFHKEdsnXug+yMMFCJW4OJYinlq/tR3MU6JnFASwX6uU59XaMpFpPp6C5 X-Received: by 2002:a17:906:2c51:: with SMTP id f17mr3697592ejh.62.1611083140757; Tue, 19 Jan 2021 11:05:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611083140; cv=none; d=google.com; s=arc-20160816; b=gQUt2OCM2tm3x0oUkxw6EmCxLqFsXl4V2WrZLkANbTK+iarFIgLHi9C8J1m4+GWc5w GjGXsNBouFoSHkf+/v4Uc3ffpLFk/LRuBfIdD+pfz8vxwMP4wT9LAehbstZZQmPffKi/ pG4QGbIgyulm7fJ2V9ZVHE0sdCdysJSMySHOZ9cQAwGaUiXNgwwgIgZUdVpvG2Cn5u3I /Mb7EgCOwcYEbBxTCHbUrWbyrzqPQ0Ppv11KkZhYjhRJH941DupsDaGRcdUOSHgjM5O3 UTG3/ZZJ/uaIgnvlvf0dtg+PSc/Qn03oJh6tc6WLRge2kIlyEvTFWln6ZKITi9jzr5W4 d5Rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Ud39rUOwi9a+eDdinAxLAEakzSkS3TdE+RD/bhNorzQ=; b=lm7dIPQC6rdAchI1qi9wRSbTdnlcy98GIAJ/kWgXZ+CGyC5wwyWc9QP8tqBS38X9b6 i0y1tRnf8pCo+1xQIioBFt3o+l62JlABS5Omn4lUoDp7q1h7o4u56o6zz+K+ZBIZhFP4 /LZ19oPpvvVeJI64XyAIEJU80LhI3G5pgh5A1YLJeYRgGR+l27TyZiF5qX0fRtD3teW3 4UYZ3SgZNxZN7sZq6DcG8jx6uQNxGNbbl6QLSXaStGMZ+DvkootxoKzilP5HkX8lQ9Hb FjNN1Fhu9N08KOAlX3R4p3O5dWpMjGbfT4zPUD8kRSvNIe9gGfZiia/NFFozWw/WIjn6 mmrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VXR7vmWG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hk25si6184102ejb.7.2021.01.19.11.05.15; Tue, 19 Jan 2021 11:05:40 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=VXR7vmWG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2392091AbhASTBE (ORCPT + 99 others); Tue, 19 Jan 2021 14:01:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41528 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391743AbhASR7j (ORCPT ); Tue, 19 Jan 2021 12:59:39 -0500 Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 71DE6C061573; Tue, 19 Jan 2021 09:58:59 -0800 (PST) Received: by mail-wm1-x336.google.com with SMTP id e15so581563wme.0; Tue, 19 Jan 2021 09:58:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Ud39rUOwi9a+eDdinAxLAEakzSkS3TdE+RD/bhNorzQ=; b=VXR7vmWGIj2jjxYIWeOws2Wl7U9SiEVahWjLU/e+0eN82PYKaoRniIiDIRK7msShQ0 TBfAjeteW6riRRxAoQrjol1Z6EUC/OjkammyFdgHunOCrZtHA2/S6gDYFPSGopFWjlWD glIrEMHhg+sYx/tZy/MByl3pxJr2XDyca5U6qecQ1fxzE4VbsVInnwY68Cy3NeeBetN/ 9o4sKysDN9draRqQv1uBTFPEB8XXm+9dllwXobePv0iuIlgVkSFYjY6Ds/ssTN7xfL/U 58ts6kr6GPaC4gKFgM5/Li01b/rMBs7Fkqrpp0/rQojH4NAGkbMsjrn9ZPgWSxc4g3yd Rrwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Ud39rUOwi9a+eDdinAxLAEakzSkS3TdE+RD/bhNorzQ=; b=BW9amq7I1zUq+i6ZaJzxa6EtekYENN5TFsyYHbsvB0w3VeXHNKvqhBDIVBot9GfGzK 6WBwyCVxS6YcBFwsbolgry4SQuy9KUXhguTCFOCc6CeTZu1IoWhKzc4hfSDueNDyMgBH wcaQQ/2mB2W3jdy6FdNnRqDSGGEDE47hgZulMBKz2thOsQg6RHoU5deDILyyW+1Rj5G8 22pgJ3Azj7EB28P0qyHoBZ17j3otdiZi8raA4YCuk7/c9cH8TJa4tURNVqAWFNvaksc7 9TjzzdKQPXBdY4ljmB9IcBR68duI0xdnXNyqKIeUXIT99W95VwYLE2iUmD1m8HiGP8ai KZcA== X-Gm-Message-State: AOAM5336rHo/LXhbzlFLETMeW98zj5bkG1XO5Yxef33EeudffoavmtBn 0HYhHFTr36FMhdJtMZNte5hC6VIFA/OTPnva X-Received: by 2002:a05:600c:3548:: with SMTP id i8mr747653wmq.104.1611079137762; Tue, 19 Jan 2021 09:58:57 -0800 (PST) Received: from anparri.mshome.net (host-79-50-177-118.retail.telecomitalia.it. [79.50.177.118]) by smtp.gmail.com with ESMTPSA id h125sm5899312wmh.16.2021.01.19.09.58.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Jan 2021 09:58:57 -0800 (PST) From: "Andrea Parri (Microsoft)" To: linux-kernel@vger.kernel.org Cc: "K . Y . Srinivasan" , Haiyang Zhang , Stephen Hemminger , Wei Liu , Michael Kelley , Tianyu Lan , Saruhan Karademir , Juan Vazquez , linux-hyperv@vger.kernel.org, "Andrea Parri (Microsoft)" , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Arnd Bergmann , "David S. Miller" , Jakub Kicinski , x86@kernel.org, linux-arch@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH 0/4] Drivers: hv: vmbus: Restrict devices and configurations on 'isolated' guests Date: Tue, 19 Jan 2021 18:58:37 +0100 Message-Id: <20210119175841.22248-1-parri.andrea@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, To reduce the footprint of the code that will be exercised, and hence the exposure to bugs and vulnerabilities, restrict configurations and devices on 'isolated' VMs. Specs of the Isolation Configuration leaf (cf. patch #1) were derived from internal discussions with the Hyper-V team and, AFAICT, they are not publicly available yet. The series has some minor/naming conflict with on-going work aimed at enabling SNP VMs on Hyper-V[1]; such conflicts can be addressed later at the right time. Applies to hyperv-next. Thanks, Andrea [1] https://github.com/lantianyu/linux # cvm Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: "H. Peter Anvin" Cc: Arnd Bergmann Cc: "David S. Miller" Cc: Jakub Kicinski Cc: x86@kernel.org Cc: linux-arch@vger.kernel.org Cc: netdev@vger.kernel.org Andrea Parri (Microsoft) (4): x86/hyperv: Load/save the Isolation Configuration leaf Drivers: hv: vmbus: Restrict vmbus_devices on isolated guests Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests hv_netvsc: Restrict configurations on isolated guests arch/x86/hyperv/hv_init.c | 15 +++++++++++++ arch/x86/include/asm/hyperv-tlfs.h | 15 +++++++++++++ arch/x86/kernel/cpu/mshyperv.c | 9 ++++++++ drivers/hv/channel_mgmt.c | 36 ++++++++++++++++++++++++++++++ drivers/hv/connection.c | 13 +++++++++++ drivers/net/hyperv/netvsc.c | 21 ++++++++++++++--- include/asm-generic/hyperv-tlfs.h | 1 + include/asm-generic/mshyperv.h | 5 +++++ include/linux/hyperv.h | 1 + 9 files changed, 113 insertions(+), 3 deletions(-) -- 2.25.1