github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-07-17 00:41:30 +00:00
Code Issues Projects Releases Wiki Activity

HV: wrap security related CPU capabilities checking

Browse Source 
- add a function to detect CPU capabilities for security
   related features, it will print warning messages if
   current ucode can't support the latest security features.

Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
This commit is contained in:
Yonghua Huang 2018-09-06 23:01:17 +08:00 committed by lijinxia
parent 25c2d4d781
commit 2731628e27
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
hypervisor/arch/x86/cpu.c
View File

@ -416,6 +416,16 @@ void bsp_boot_init(void)
SWITCH_TO(rsp, bsp_boot_post); SWITCH_TO(rsp, bsp_boot_post);
} }
static bool check_cpu_security_config(void)
{
if (!cpu_has_cap(X86_FEATURE_IBRS_IBPB) &&
!cpu_has_cap(X86_FEATURE_STIBP)) {
return false;
}
return true;
}
static void bsp_boot_post(void) static void bsp_boot_post(void)
{ {
#ifdef STACK_PROTECTOR #ifdef STACK_PROTECTOR
@ -465,8 +475,7 @@ static void bsp_boot_post(void)
} }
/* Warn for security feature not ready */ /* Warn for security feature not ready */
if (!cpu_has_cap(X86_FEATURE_IBRS_IBPB) && if (!check_cpu_security_config()) {
!cpu_has_cap(X86_FEATURE_STIBP)) {
pr_fatal("SECURITY WARNING!!!!!!"); pr_fatal("SECURITY WARNING!!!!!!");
pr_fatal("Please apply the latest CPU uCode patch!"); pr_fatal("Please apply the latest CPU uCode patch!");
} }