github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-22 21:47:22 +00:00
Code Issues Projects Releases Wiki Activity

hv:unmap AP trampoline region from service VM's EPT

Browse Source 
AP trampoline code should be accessile to hypervisor only,
 Unmap this memory region from service VM's EPT mapping
 for security reason..

Tracked-On: #4091
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Yonghua Huang 2019-11-12 16:08:45 +08:00 committed by wenlingz
parent 0b6447ad3d
commit 30a773f7b0
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hypervisor/arch/x86/guest/vm.c
View File

@ -25,6 +25,7 @@
#include <cat.h>
#include <firmware.h>
#include <board.h>
#include <trampoline.h>
vm_sw_loader_t vm_sw_loader;
@ -304,6 +305,14 @@ static void prepare_sos_vm_memmap(struct acrn_vm *vm)
*/
hv_hpa = hva2hpa((void *)(get_hv_image_base()));
ept_mr_del(vm, pml4_page, hv_hpa, CONFIG_HV_RAM_SIZE);
/* unmap AP trampoline code for security reason.
* 'allocate_pages()' in efi boot mode or
* 'e820_alloc_low_memory()' in direct boot
* mode will ensure the base address of tramploline
* code be page-aligned.
*/
ept_mr_del(vm, pml4_page, get_trampoline_start16_paddr(), CONFIG_LOW_RAM_SIZE);
}
/**