Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4000105pxb;
        Mon, 1 Feb 2021 09:48:43 -0800 (PST)
X-Google-Smtp-Source: ABdhPJynyzTH4bgw1jciMBfWjDEhE7sx3G/b7362KUUZtIHUJ00383Sy9Bl6yyRLqbW2lUTYVLDg
X-Received: by 2002:a17:906:7b84:: with SMTP id s4mr18625525ejo.520.1612201722597;
        Mon, 01 Feb 2021 09:48:42 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1612201722; cv=pass;
        d=google.com; s=arc-20160816;
        b=KJcdvKvFHLLi3W4YrVa1L18aF4xwDynnRxrEh98UJWCt9Vyrlw44kl/DGAhGkM9WW0
         9AaMDk9GIAyi15wxh/h04qdRcuDPuS5I5dLwqYS2C2P1AgALsB++bokdDSunX3Rn2u7s
         WAUZWSEBk47YXkonLO8i3wpfuUva9SpMzfWxkSmx8SCvnYvHjcwxzRIi9sIZCfGZ2jW4
         8XURP4OkN3C5EYpbMbR96jcyuK0uzDtF6A/P5HUioQzFiMHWjSS2B+Nh+8gWiQrtPrbY
         4hJDoAqdLl4S3LlksUsxVj0azMddJ3CWMwTIdk4bKS9k8k2QbWbAnfyYqB3+kmIXmvmG
         f6pQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:content-transfer-encoding
         :msip_labels:content-language:accept-language:in-reply-to:references
         :message-id:date:thread-index:thread-topic:subject:cc:to:from
         :dkim-signature;
        bh=v8/RSzQnCiuhCXLJShGHdqmWCZJCczsqK9F642tpHRk=;
        b=lYh7O+Kr8eAvcpYFNULXBcrKIyyTK+lBL8jtadOlsM5DGf8fUfJ51D/0M9gFhDLFZw
         9vvIshWj1nG8c+IegeQ59WaNmlGHa+4w18/gx/sVMpz0r3yGufeAgRSd8lHE1ksCjD+/
         UppgsUDGf/hF51z+W4pEK8hTvC/4FhAZHEshEnVebqjhgogRn0BwAEhDbU19NmvcP5UY
         HILZf1UZRui5BvzAyLnKJzXYR8ag/OE3uELlV9PO1wLto1p5Tzt1T0c8hy+LsZCQdQNp
         exfNDO7jhPmTJ2MNO5NrwGhj41IPAFiMwKLQ2cAUpaVC5xCnLM1mzZL0BovyQUTFUpmb
         UeZw==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector2 header.b=hG0fsUPS;
       arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b4si614583edk.452.2021.02.01.09.48.17;
        Mon, 01 Feb 2021 09:48:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector2 header.b=hG0fsUPS;
       arc=pass (i=1 spf=pass spfdomain=microsoft.com dkim=pass dkdomain=microsoft.com dmarc=pass fromdomain=microsoft.com);
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231186AbhBARrc (ORCPT <rfc822;lkml.araj@gmail.com> + 99 others);
        Mon, 1 Feb 2021 12:47:32 -0500
Received: from mail-bn8nam08on2091.outbound.protection.outlook.com ([40.107.100.91]:14075
        "EHLO NAM04-BN8-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S232432AbhBARrQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 1 Feb 2021 12:47:16 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=dSaG2HK3Pr7uFf+39QZU4p9CMiAM8n98VLNtbcxkUejk4tfZC6vc4izH/vRCJ6//TL/FCc7y/rPEyUtUZa8QbY7po6SGtEfoIeF2A0KVBAnxn6gSLA3LMD4U0M1RbXPl9D7g6zwpqxaL555bIdJ5YPGYV4iNU6dV2quTKNuh/aQw/mDxIklnGQuwsJp9RWS4WEEJqwIZk+BlMsp0leUpKWCNtK862YAbA8ER+EjxxLfMLqQypjjTE+Wezfrd6OkV6LLewgbQsGIFxkCtRHB8eDQj6CdREAvGUcUKmeSeEkNKVCgUrjYDcJbZ5sWiCjVGsXpBOhCMW53U2JsK7RsDAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=v8/RSzQnCiuhCXLJShGHdqmWCZJCczsqK9F642tpHRk=;
 b=CvN1rA6+0wjvWUbHO6AEUmd4kEYShXQRVMMX4pcIXIQ8aUJzRk8fP4vfZEULimNBQ8SE7m2LlPNGVCutOO6vrtj82VP2o+ZAPHYsqW2AYhN0SSCT7NXRhkbavzM8oWk3Z30GgRJEoqGkHFKXhWYhtEJ/cyIKrEJxiJf5yqjmQOazkuDk9BG60txT83bc9oo8VbkkS2+4f0J0tQ1B7faCtFX8YCMj8qpwj+j9HjX9tYjnxgFI7W9jd7XnaO9LYBRkxVtSsPAd9zPgU2LEQX0Amdc9EPjPcUeg4mwIH3MTqr69/AtCZAXKFVjM0L8Qc0YyXsebui3OrJtKVsn8rX2Izg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=microsoft.com; dmarc=pass action=none
 header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=v8/RSzQnCiuhCXLJShGHdqmWCZJCczsqK9F642tpHRk=;
 b=hG0fsUPS26rO+LTCmRKQcid8iJVKOSOkykjvUhhpwZBjaSrzePMR+cOs0oLEEa1CzskZ9Ol0OKQTmuLpGUkSvs3z9vMpzkxNgbxa5JKPlZdBiQUhlx37srsQat5BCwpJduyJ+rlumhJPnU729E+g524thnGFV1ytqFPTNbtP3cI=
Received: from (2603:10b6:301:7c::11) by
 MW4PR21MB1875.namprd21.prod.outlook.com (2603:10b6:303:72::17) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3846.4; Mon, 1 Feb 2021 17:46:50 +0000
Received: from MWHPR21MB1593.namprd21.prod.outlook.com
 ([fe80::9c8:94c9:faf1:17c2]) by MWHPR21MB1593.namprd21.prod.outlook.com
 ([fe80::9c8:94c9:faf1:17c2%9]) with mapi id 15.20.3846.006; Mon, 1 Feb 2021
 17:46:50 +0000
From:   Michael Kelley <mikelley@microsoft.com>
To:     "Andrea Parri (Microsoft)" <parri.andrea@gmail.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
CC:     KY Srinivasan <kys@microsoft.com>,
        Haiyang Zhang <haiyangz@microsoft.com>,
        Stephen Hemminger <sthemmin@microsoft.com>,
        Wei Liu <wei.liu@kernel.org>,
        Tianyu Lan <Tianyu.Lan@microsoft.com>,
        "linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
        Saruhan Karademir <skarade@microsoft.com>,
        Juan Vazquez <juvazq@microsoft.com>
Subject: RE: [PATCH v3 hyperv-next 2/4] Drivers: hv: vmbus: Restrict
 vmbus_devices on isolated guests
Thread-Topic: [PATCH v3 hyperv-next 2/4] Drivers: hv: vmbus: Restrict
 vmbus_devices on isolated guests
Thread-Index: AQHW+KlVVlSOp/l1+0e1OL0fmIK0cqpDkugA
Date:   Mon, 1 Feb 2021 17:46:50 +0000
Message-ID: <MWHPR21MB1593C3DF86DB6B15628F2D67D7B69@MWHPR21MB1593.namprd21.prod.outlook.com>
References: <20210201144814.2701-1-parri.andrea@gmail.com>
 <20210201144814.2701-3-parri.andrea@gmail.com>
In-Reply-To: <20210201144814.2701-3-parri.andrea@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2021-02-01T17:46:49Z;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=cde48340-0b59-4915-abb9-fbf10c3d6a2e;
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: gmail.com; dkim=none (message not signed)
 header.d=none;gmail.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [24.22.167.197]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 73b2847c-c702-4ea6-3838-08d8c6d95aea
x-ms-traffictypediagnostic: MW4PR21MB1875:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MW4PR21MB1875FA7B8CCC9C2F9E465FDBD7B69@MW4PR21MB1875.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2512;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: B/WqTVxkDfYSU/BLFiyfPL1C0iXRyTqO1iRVux/dRFV3lozGVRgaym06DuXbIH+sL+8vCwuubmRZ+k+fV2ujspxRUADqLJIlHEygs9B3fsveXtnipYTtfs+XfCroQgwn3Y53OoiNzUeakYsidiU1u3r6bus+xBmm8br+bURhK1Jf2AmOsozQPf4xmNuO41A2NidepbEUsKXD91bBhBap8zTuoPLf1OtMOPXcDDZ4oie/ZmAe+D1YMcESxeEe3Zpl5pWwXM8qOPArYPBHoUq3xyCgF3303LXupGfmW4At2i1p1cefBgYRjFHgTMJa4A8r2+Jh/hDL5fvd3qQ8APImKDUFegXuRks9xWO/CrKqL6RIqKXkwNAkPtK94O/8sxRblhXS1Re23nm4wC+Xwaf63buKMsWUFFA381kbK4NPah4iR57a8+cpj63+QMJZah/TtnAHOnPNPXFUKldqs2hrbk2vjoRL1IuPEY9N8orcAOgicDEZPuW7qu+Si/OKvhDlXhPgjpOaNTz1KRBK9AIjSg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR21MB1593.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFS:(4636009)(396003)(346002)(366004)(376002)(136003)(39860400002)(66476007)(66446008)(66556008)(110136005)(107886003)(64756008)(54906003)(66946007)(8936002)(316002)(8676002)(8990500004)(52536014)(2906002)(83380400001)(9686003)(55016002)(86362001)(76116006)(82950400001)(82960400001)(33656002)(26005)(186003)(10290500003)(5660300002)(4326008)(71200400001)(478600001)(7696005)(6506007);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?Vhn0DAir+GCwqMatZdUFCTA5mEGly8VY+adt+RB/sbzmn8YIUC8Qw5l+vc0R?=
 =?us-ascii?Q?2zFfmyrxRcAoUlDwf7Scm5gGF5nk3ghh1D1OMc1BVTWFY4YKHIwyF9fhprHC?=
 =?us-ascii?Q?5QLtjWXqxla5DvOaFX0JyAK1h0+Ip+jcJRUCNHrxezI76P/jzMsdgRrYHFJH?=
 =?us-ascii?Q?SsgmJBrsCVP7r4bk8CmPh24qCOQaOr5KsLtZtixWg8EmAssQ6qeDs8yHPJb5?=
 =?us-ascii?Q?WSC3uksm/WbFdJaSx6kjysSnEkBRxQmJs0tlefOxhZepECUEdbamFBt3XDNI?=
 =?us-ascii?Q?8Rox6Dzjub2SjKjixuKseiusTsWVrLNAmTXrhWkbLLYLk7mANhBzsVHydo+w?=
 =?us-ascii?Q?4yVms4eLB2gVTNR4H2rTeRpArs/2Z/bQ050LE+eneXhzR7tyY0reFE89h/hM?=
 =?us-ascii?Q?FP1H6Km8RN6AmRQRszK5RpxsefS91X/sCtZyVTKGqteb7wPtdwfqFM3k/s8R?=
 =?us-ascii?Q?pdMdTkdF8EUGd5Bcpfi17n4l85DANjCpRMwEqYT4v7lJLslI9JuCwXYgXO/s?=
 =?us-ascii?Q?XT8jr1swrjSjSXFnJZGLzb5yVo7TrrMEqZGK2xngtWPOmdpJWUHho8VLLUdb?=
 =?us-ascii?Q?5uvt8ncg/oX63sJYNxdWeMNLNj2Qen+xsFl2Dyqs3UN+pbqFK+q/7xfbnuDc?=
 =?us-ascii?Q?qELwVBS/lbado2TxoX7jmm6YMNIkdeUmjmQmq4/qKmQxXLfcNaHj3TiWaGkP?=
 =?us-ascii?Q?vXdwS1Gm11SykLCVD2/NXFXF3+qgyLWYCjTa0RuNd1x+KcJWaMFz63EQfPtC?=
 =?us-ascii?Q?4goD2RNqjacrlUzUXnELpr5imrcCIRw2d4tOCx9xYCdvW3yFB0btSlpMzn2h?=
 =?us-ascii?Q?6C2lvgPBB8hFr5qrW/4ivLcbykCJASQvyx4alCfcZu1nKpMnygDhZoHa95KV?=
 =?us-ascii?Q?3peJPS0xktXJ7424DuhM3wAxU7nd5rJC1wBjE2aQXqBUkirzNJ826YapK8Cl?=
 =?us-ascii?Q?HiUkG79DuuW7DzmkhDOuuBlaIR37dWaG9AFEIy5aZqbIFWcnbE1BKWpciQAH?=
 =?us-ascii?Q?jXbw0bU7APRvbnnE+4MbWUNwk+MBBi44w2QTenQCbwXDEVTf4ct1ihhwgk67?=
 =?us-ascii?Q?ecRMZ+cpJTGElTPfMz+K+aw9EboRRjt9I9nG1R1Ly1PyNlXEzM7ITsXEUzJv?=
 =?us-ascii?Q?O7avTJOuEetmJ2XRNxB5emFL98eBcKPV9h4w0lIO5iXXkEU3z8c6lZSXt/6k?=
 =?us-ascii?Q?nE7rty9F+y4EHwUVwQXDP4916kcUzGjy/s8Qh6Ln4BTZW4gAGV6a7UhM9H8d?=
 =?us-ascii?Q?ptQ6Z/52Zez0CWsJU/dkFZvu0Y9q68qG78/OfNOd2zOMuYat+AAu0LrPKgEP?=
 =?us-ascii?Q?sR41eQtFpt2ltyzPyB7rtTMe?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MWHPR21MB1593.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 73b2847c-c702-4ea6-3838-08d8c6d95aea
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Feb 2021 17:46:50.7118
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: C8YtrHWOxikXC51LzVhGejXL/+Vp0MfLB/7pBxiJy/A0ABT4L/OcnKLY/PLUsLD4E4vEzZo00OabS1JFxDdwtvsCiEXDP85THk/+FtguD/I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR21MB1875
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Andrea Parri (Microsoft) <parri.andrea@gmail.com> Sent: Monday, Febru=
ary 1, 2021 6:48 AM
>=20
> Only the VSCs or ICs that have been hardened and that are critical for
> the successful adoption of Confidential VMs should be allowed if the
> guest is running isolated.  This change reduces the footprint of the
> code that will be exercised by Confidential VMs and hence the exposure
> to bugs and vulnerabilities.
>=20
> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
> ---
>  drivers/hv/channel_mgmt.c | 38 ++++++++++++++++++++++++++++++++++++++
>  include/linux/hyperv.h    |  1 +
>  2 files changed, 39 insertions(+)
>=20
> diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c
> index 68950a1e4b638..f0ed730e2e4e4 100644
> --- a/drivers/hv/channel_mgmt.c
> +++ b/drivers/hv/channel_mgmt.c
> @@ -31,101 +31,118 @@ const struct vmbus_device vmbus_devs[] =3D {
>  	{ .dev_type =3D HV_IDE,
>  	  HV_IDE_GUID,
>  	  .perf_device =3D true,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* SCSI */
>  	{ .dev_type =3D HV_SCSI,
>  	  HV_SCSI_GUID,
>  	  .perf_device =3D true,
> +	  .allowed_in_isolated =3D true,
>  	},
>=20
>  	/* Fibre Channel */
>  	{ .dev_type =3D HV_FC,
>  	  HV_SYNTHFC_GUID,
>  	  .perf_device =3D true,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* Synthetic NIC */
>  	{ .dev_type =3D HV_NIC,
>  	  HV_NIC_GUID,
>  	  .perf_device =3D true,
> +	  .allowed_in_isolated =3D true,
>  	},
>=20
>  	/* Network Direct */
>  	{ .dev_type =3D HV_ND,
>  	  HV_ND_GUID,
>  	  .perf_device =3D true,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* PCIE */
>  	{ .dev_type =3D HV_PCIE,
>  	  HV_PCIE_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* Synthetic Frame Buffer */
>  	{ .dev_type =3D HV_FB,
>  	  HV_SYNTHVID_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* Synthetic Keyboard */
>  	{ .dev_type =3D HV_KBD,
>  	  HV_KBD_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* Synthetic MOUSE */
>  	{ .dev_type =3D HV_MOUSE,
>  	  HV_MOUSE_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* KVP */
>  	{ .dev_type =3D HV_KVP,
>  	  HV_KVP_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* Time Synch */
>  	{ .dev_type =3D HV_TS,
>  	  HV_TS_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D true,
>  	},
>=20
>  	/* Heartbeat */
>  	{ .dev_type =3D HV_HB,
>  	  HV_HEART_BEAT_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D true,
>  	},
>=20
>  	/* Shutdown */
>  	{ .dev_type =3D HV_SHUTDOWN,
>  	  HV_SHUTDOWN_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D true,
>  	},
>=20
>  	/* File copy */
>  	{ .dev_type =3D HV_FCOPY,
>  	  HV_FCOPY_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* Backup */
>  	{ .dev_type =3D HV_BACKUP,
>  	  HV_VSS_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* Dynamic Memory */
>  	{ .dev_type =3D HV_DM,
>  	  HV_DM_GUID,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>=20
>  	/* Unknown GUID */
>  	{ .dev_type =3D HV_UNKNOWN,
>  	  .perf_device =3D false,
> +	  .allowed_in_isolated =3D false,
>  	},
>  };
>=20
> @@ -903,6 +920,20 @@ find_primary_channel_by_offer(const struct
> vmbus_channel_offer_channel *offer)
>  	return channel;
>  }
>=20
> +static bool vmbus_is_valid_device(const guid_t *guid)
> +{
> +	u16 i;
> +
> +	if (!hv_is_isolation_supported())
> +		return true;
> +
> +	for (i =3D 0; i < ARRAY_SIZE(vmbus_devs); i++) {
> +		if (guid_equal(guid, &vmbus_devs[i].guid))
> +			return vmbus_devs[i].allowed_in_isolated;
> +	}
> +	return false;
> +}
> +
>  /*
>   * vmbus_onoffer - Handler for channel offers from vmbus in parent parti=
tion.
>   *
> @@ -917,6 +948,13 @@ static void vmbus_onoffer(struct
> vmbus_channel_message_header *hdr)
>=20
>  	trace_vmbus_onoffer(offer);
>=20
> +	if (!vmbus_is_valid_device(&offer->offer.if_type)) {
> +		pr_err_ratelimited("Invalid offer %d from the host supporting isolatio=
n\n",
> +				   offer->child_relid);
> +		atomic_dec(&vmbus_connection.offer_in_progress);
> +		return;
> +	}
> +
>  	oldchannel =3D find_primary_channel_by_offer(offer);
>=20
>  	if (oldchannel !=3D NULL) {
> diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h
> index f0d48a368f131..e3426f8c12db9 100644
> --- a/include/linux/hyperv.h
> +++ b/include/linux/hyperv.h
> @@ -789,6 +789,7 @@ struct vmbus_device {
>  	u16  dev_type;
>  	guid_t guid;
>  	bool perf_device;
> +	bool allowed_in_isolated;
>  };
>=20
>  #define VMBUS_DEFAULT_MAX_PKT_SIZE 4096
> --
> 2.25.1

Reviewed-by: Michael Kelley <mikelley@microsoft.com>