From ed9c432bf262b18827be4906de30ce631d45e0ca Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 4 May 2026 09:32:47 +0000
Subject: [PATCH 1/4] Initial plan


From 71149b4d478d187e9e7f96de39f00f92c0d83935 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 4 May 2026 09:37:53 +0000
Subject: [PATCH 2/4] Remove unused GuestDrivers and VPMEMMultiMapping fields
 from LCOW SandboxOptions

Agent-Logs-Url: https://github.com/microsoft/hcsshim/sessions/5b4958c5-1086-4f2b-8705-70c8f6a141ba

Co-authored-by: rawahars <65640262+rawahars@users.noreply.github.com>
---
 internal/builder/vm/lcow/sandbox_options.go |  7 -------
 internal/builder/vm/lcow/specs.go           | 12 ------------
 test/parity/vm/lcow_doc_test.go             |  1 -
 3 files changed, 20 deletions(-)

diff --git a/internal/builder/vm/lcow/sandbox_options.go b/internal/builder/vm/lcow/sandbox_options.go
index b0b71e00c7..b6cc22f94b 100644
--- a/internal/builder/vm/lcow/sandbox_options.go
+++ b/internal/builder/vm/lcow/sandbox_options.go
@@ -13,9 +13,6 @@ type SandboxOptions struct {
 	// EnableScratchEncryption enables encryption for scratch disks.
 	EnableScratchEncryption bool
 
-	// GuestDrivers lists guest drivers which need to be installed on the UVM.
-	GuestDrivers []string
-
 	// PolicyBasedRouting enables policy-based routing in the guest network stack.
 	PolicyBasedRouting bool
 
@@ -25,10 +22,6 @@ type SandboxOptions struct {
 	// FullyPhysicallyBacked indicates all memory allocations are backed by physical memory.
 	FullyPhysicallyBacked bool
 
-	// VPMEMMultiMapping indicates whether VPMem multi-mapping is enabled,
-	// which allows multiple VHDs to be mapped to a single VPMem device.
-	VPMEMMultiMapping bool
-
 	// ConfidentialConfig carries confidential computing fields that are not
 	// part of the HCS document but are needed for confidential VM setup.
 	ConfidentialConfig *ConfidentialConfig
diff --git a/internal/builder/vm/lcow/specs.go b/internal/builder/vm/lcow/specs.go
index 792e80ca43..78a535aafc 100644
--- a/internal/builder/vm/lcow/specs.go
+++ b/internal/builder/vm/lcow/specs.go
@@ -17,7 +17,6 @@ import (
 	"github.com/Microsoft/hcsshim/internal/oci"
 	"github.com/Microsoft/hcsshim/internal/schemaversion"
 	"github.com/Microsoft/hcsshim/internal/vm/vmutils"
-	"github.com/Microsoft/hcsshim/osversion"
 	shimannotations "github.com/Microsoft/hcsshim/pkg/annotations"
 	"github.com/Microsoft/hcsshim/sandbox-spec/vm/v2"
 
@@ -310,19 +309,8 @@ func parseSandboxOptions(ctx context.Context, platform string, annotations map[s
 		FullyPhysicallyBacked: oci.ParseAnnotationsBool(ctx, annotations, shimannotations.FullyPhysicallyBacked, false),
 		PolicyBasedRouting:    oci.ParseAnnotationsBool(ctx, annotations, iannotations.NetworkingPolicyBasedRouting, false),
 		NoWritableFileShares:  oci.ParseAnnotationsBool(ctx, annotations, shimannotations.DisableWritableFileShares, false),
-		// Multi-mapping is enabled by default on 19H1+, can be disabled via annotation.
-		VPMEMMultiMapping: !(oci.ParseAnnotationsBool(ctx, annotations, shimannotations.VPMemNoMultiMapping, osversion.Build() < osversion.V19H1)),
 	}
 
-	// Parse the list of additional kernel drivers to be injected into the VM.
-	drivers := oci.ParseAnnotationCommaSeparated(shimannotations.VirtualMachineKernelDrivers, annotations)
-	for _, driver := range drivers {
-		if _, err := os.Stat(driver); err != nil {
-			return nil, fmt.Errorf("failed to find path to drivers at %s: %w", driver, err)
-		}
-	}
-	sandboxOptions.GuestDrivers = drivers
-
 	// Determine if this is a confidential VM early, as it affects boot options parsing
 	securityPolicy := oci.ParseAnnotationsString(annotations, shimannotations.LCOWSecurityPolicy, "")
 	noSecurityHardware := oci.ParseAnnotationsBool(ctx, annotations, shimannotations.NoSecurityHardware, false)
diff --git a/test/parity/vm/lcow_doc_test.go b/test/parity/vm/lcow_doc_test.go
index be40be9a9e..f14ad2928b 100644
--- a/test/parity/vm/lcow_doc_test.go
+++ b/test/parity/vm/lcow_doc_test.go
@@ -205,7 +205,6 @@ func checkSandboxOptionsParity(t *testing.T, legacyOpts *uvm.OptionsLCOW, sandbo
 		{"EnableScratchEncryption", legacyOpts.EnableScratchEncryption, sandboxOpts.EnableScratchEncryption},
 		{"PolicyBasedRouting", legacyOpts.PolicyBasedRouting, sandboxOpts.PolicyBasedRouting},
 		{"FullyPhysicallyBacked", legacyOpts.FullyPhysicallyBacked, sandboxOpts.FullyPhysicallyBacked},
-		{"VPMEMMultiMapping", !legacyOpts.VPMemNoMultiMapping, sandboxOpts.VPMEMMultiMapping},
 	}
 
 	for _, c := range checks {

From f2340fe1158535c2a77660dfa8c7f46693a27194 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 4 May 2026 09:43:06 +0000
Subject: [PATCH 3/4] Reject VPMemNoMultiMapping and
 VirtualMachineKernelDrivers annotations in LCOW builder

Agent-Logs-Url: https://github.com/microsoft/hcsshim/sessions/f2729ee4-3f81-4e0d-9cac-97f0153e27de

Co-authored-by: rawahars <65640262+rawahars@users.noreply.github.com>
---
 internal/builder/vm/lcow/specs.go      | 11 ++++++++---
 internal/builder/vm/lcow/specs_test.go | 25 ++++++++++++++++++++++---
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/internal/builder/vm/lcow/specs.go b/internal/builder/vm/lcow/specs.go
index 78a535aafc..e4820061ef 100644
--- a/internal/builder/vm/lcow/specs.go
+++ b/internal/builder/vm/lcow/specs.go
@@ -289,9 +289,14 @@ func processAnnotations(ctx context.Context, opts *runhcsoptions.Options, annota
 	}
 
 	// Check for explicitly unsupported annotations.
-	ncProxy := oci.ParseAnnotationsString(annotations, shimannotations.NetworkConfigProxy, "")
-	if ncProxy != "" {
-		return fmt.Errorf("%s annotation is not supported", shimannotations.NetworkConfigProxy)
+	for _, key := range []string{
+		shimannotations.NetworkConfigProxy,
+		shimannotations.VPMemNoMultiMapping,
+		shimannotations.VirtualMachineKernelDrivers,
+	} {
+		if v := oci.ParseAnnotationsString(annotations, key, ""); v != "" {
+			return fmt.Errorf("%s annotation is not supported", key)
+		}
 	}
 
 	log.G(ctx).Debug("processAnnotations completed successfully")
diff --git a/internal/builder/vm/lcow/specs_test.go b/internal/builder/vm/lcow/specs_test.go
index 1c168b32df..2fb3036231 100644
--- a/internal/builder/vm/lcow/specs_test.go
+++ b/internal/builder/vm/lcow/specs_test.go
@@ -423,9 +423,8 @@ func TestBuildSandboxConfig(t *testing.T) {
 			},
 			spec: &vm.Spec{
 				Annotations: map[string]string{
-					shimannotations.VPMemCount:          "32",
-					shimannotations.VPMemSize:           "8589934592",
-					shimannotations.VPMemNoMultiMapping: "true",
+					shimannotations.VPMemCount: "32",
+					shimannotations.VPMemSize:  "8589934592",
 				},
 			},
 			wantErr:     true,
@@ -1243,6 +1242,26 @@ func TestBuildSandboxConfig_ErrorPaths(t *testing.T) {
 			wantErr:     true,
 			errContains: "annotation is not supported",
 		},
+		{
+			name: "processAnnotations error - unsupported VPMemNoMultiMapping annotation",
+			spec: &vm.Spec{
+				Annotations: map[string]string{
+					shimannotations.VPMemNoMultiMapping: "true",
+				},
+			},
+			wantErr:     true,
+			errContains: "annotation is not supported",
+		},
+		{
+			name: "processAnnotations error - unsupported VirtualMachineKernelDrivers annotation",
+			spec: &vm.Spec{
+				Annotations: map[string]string{
+					shimannotations.VirtualMachineKernelDrivers: "/some/driver/path",
+				},
+			},
+			wantErr:     true,
+			errContains: "annotation is not supported",
+		},
 		{
 			name: "kernel file not found in boot files path",
 			opts: &runhcsoptions.Options{

From 48e1b57408b07dbe56a457bcb590730714426220 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 4 May 2026 17:49:59 +0000
Subject: [PATCH 4/4] Address review: add comment explaining unsupported
 annotations

Agent-Logs-Url: https://github.com/microsoft/hcsshim/sessions/e9eef610-ee26-4800-a063-7ec96478e41a

Co-authored-by: rawahars <65640262+rawahars@users.noreply.github.com>
---
 internal/builder/vm/lcow/specs.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/internal/builder/vm/lcow/specs.go b/internal/builder/vm/lcow/specs.go
index e4820061ef..5a2d44c7bf 100644
--- a/internal/builder/vm/lcow/specs.go
+++ b/internal/builder/vm/lcow/specs.go
@@ -289,6 +289,12 @@ func processAnnotations(ctx context.Context, opts *runhcsoptions.Options, annota
 	}
 
 	// Check for explicitly unsupported annotations.
+	//
+	// These annotations are only handled by the legacy uvm.CreateLCOW path
+	// (e.g. VirtualMachineKernelDrivers is still parsed in internal/hcsoci);
+	// the v2 shim builder has not implemented them yet. Returning an error
+	// here surfaces the gap so users can request the feature rather than
+	// silently having their annotation ignored.
 	for _, key := range []string{
 		shimannotations.NetworkConfigProxy,
 		shimannotations.VPMemNoMultiMapping,