> -----Original Message-----
> From: Andrea Parri (Microsoft) <[email protected]>
> Sent: Tuesday, January 26, 2021 6:57 AM
> To: [email protected]
> Cc: KY Srinivasan <[email protected]>; Haiyang Zhang
> <[email protected]>; Stephen Hemminger
> <[email protected]>; Wei Liu <[email protected]>; Michael Kelley
> <[email protected]>; [email protected]; Tianyu Lan
> <[email protected]>; Saruhan Karademir
> <[email protected]>; Juan Vazquez <[email protected]>; Andrea
> Parri (Microsoft) <[email protected]>; Jakub Kicinski
> <[email protected]>; David S. Miller <[email protected]>;
> [email protected]
> Subject: [PATCH v2 4/4] hv_netvsc: Restrict configurations on isolated guests
>
> Restrict the NVSP protocol version(s) that will be negotiated with the host to
> be NVSP_PROTOCOL_VERSION_61 or greater if the guest is running isolated.
> Moreover, do not advertise the SR-IOV capability and ignore
> NVSP_MSG_4_TYPE_SEND_VF_ASSOCIATION messages in isolated guests,
> which are not supposed to support SR-IOV. This reduces the footprint of the
> code that will be exercised by Confidential VMs and hence the exposure to
> bugs and vulnerabilities.
>
> Signed-off-by: Andrea Parri (Microsoft) <[email protected]>
> Acked-by: Jakub Kicinski <[email protected]>
> Cc: "David S. Miller" <[email protected]>
> Cc: Jakub Kicinski <[email protected]>
> Cc: [email protected]
Reviewed-by: Haiyang Zhang <[email protected]>
Thanks.
