Google Git
Sign in
android/kernel/common/21a4e356d3588806307555c149b80cec3dedb180^!/./include/linux/hyperv.h
commit
21a4e356d3588806307555c149b80cec3dedb180
[log]
author
Andrea Parri (Microsoft) <[email protected]>
Mon Feb 01 15:48:12 2021 +0100
committer
Wei Liu <[email protected]>
Thu Feb 11 08:47:05 2021 +0000
tree
c4ad61b4490f41e466122fb109c9fcb5642b24a4
parent
a6c76bb08dc7f7ff2b1c381002eb6c7211746182 [diff] [blame]
Drivers: hv: vmbus: Restrict vmbus_devices on isolated guests

Only the VSCs or ICs that have been hardened and that are critical for
the successful adoption of Confidential VMs should be allowed if the
guest is running isolated.  This change reduces the footprint of the
code that will be exercised by Confidential VMs and hence the exposure
to bugs and vulnerabilities.

Signed-off-by: Andrea Parri (Microsoft) <[email protected]>
Reviewed-by: Michael Kelley <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Signed-off-by: Wei Liu <[email protected]>

diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h
index f0d48a3..e3426f8 100644
--- a/include/linux/hyperv.h
+++ b/include/linux/hyperv.h

@@ -789,6 +789,7 @@ struct vmbus_device {
 	u16  dev_type;
 	guid_t guid;
 	bool perf_device;
+	bool allowed_in_isolated;
 };
 
 #define VMBUS_DEFAULT_MAX_PKT_SIZE 4096