Re: [PATCH 4/4] hv_netvsc: Restrict configurations on isolated guests

From: Jakub Kicinski
Date: Wed Jan 20 2021 - 20:47:50 EST

Next message: Peng Fan: "RE: [PATCH V8 10/10] remoteproc: imx_proc: enable virtio/mailbox"
Previous message: peng . fan: "[PATCH V9 09/10] remoteproc: imx_rproc: ignore mapping vdev regions"
In reply to: Andrea Parri: "Re: [PATCH 4/4] hv_netvsc: Restrict configurations on isolated guests"
Next in thread: Andrea Parri (Microsoft): "[PATCH 2/4] Drivers: hv: vmbus: Restrict vmbus_devices on isolated guests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 19 Jan 2021 18:58:41 +0100 Andrea Parri (Microsoft) wrote:
> Restrict the NVSP protocol version(s) that will be negotiated with the
> host to be NVSP_PROTOCOL_VERSION_61 or greater if the guest is running
> isolated. Moreover, do not advertise the SR-IOV capability and ignore
> NVSP_MSG_4_TYPE_SEND_VF_ASSOCIATION messages in isolated guests, which
> are not supposed to support SR-IOV. This reduces the footprint of the
> code that will be exercised by Confidential VMs and hence the exposure
> to bugs and vulnerabilities.
>
> Signed-off-by: Andrea Parri (Microsoft) <parri.andrea@xxxxxxxxx>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Cc: netdev@xxxxxxxxxxxxxxx

Nothing exciting here from networking perspective, so:

Acked-by: Jakub Kicinski <kuba@xxxxxxxxxx>

Next message: Peng Fan: "RE: [PATCH V8 10/10] remoteproc: imx_proc: enable virtio/mailbox"
Previous message: peng . fan: "[PATCH V9 09/10] remoteproc: imx_rproc: ignore mapping vdev regions"
In reply to: Andrea Parri: "Re: [PATCH 4/4] hv_netvsc: Restrict configurations on isolated guests"
Next in thread: Andrea Parri (Microsoft): "[PATCH 2/4] Drivers: hv: vmbus: Restrict vmbus_devices on isolated guests"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]