Drivers: hv: vmbus: Enforce 'VMBus version >= 5.2' on isolated guests

Restrict the protocol version(s) that will be negotiated with the host
to be 5.2 or greater if the guest is running isolated.  This reduces the
footprint of the code that will be exercised by Confidential VMs and
hence the exposure to bugs and vulnerabilities.

Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@gmail.com>
Reviewed-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/20210201144814.2701-4-parri.andrea@gmail.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>

diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c
index 11170d9a2e1a533b6c3a9c1bf93dd2662c92981a..c83612cddb99508e330cc60155bca724e85c300f 100644 (file)
--- a/drivers/hv/connection.c
+++ b/drivers/hv/connection.c
@@ -244,6 +244,13 @@ int vmbus_connect(void)
                        break;
        }
 
+       if (hv_is_isolation_supported() && version < VERSION_WIN10_V5_2) {
+               pr_err("Invalid VMBus version %d.%d (expected >= %d.%d) from the host supporting isolation\n",
+                      version >> 16, version & 0xFFFF, VERSION_WIN10_V5_2 >> 16, VERSION_WIN10_V5_2 & 0xFFFF);
+               ret = -EINVAL;
+               goto cleanup;
+       }
+
        vmbus_proto_version = version;
        pr_info("Vmbus version:%d.%d\n",
                version >> 16, version & 0xFFFF);