hv: enable SMAP in hypervisor

With SMAP enabled, hypervisor can't access pages that owned by guest(either SOS or UOS), and an override is is provided: stac()/clac() to enable/disable access to guest's memory pages. Pre-conditon: Mark hypervisor owned pages as supervisor mode (U/S = 0), and set all othter memory pages as user mode (U/S = 1). Tracked-On: #2056 Signed-off-by: Yonghua Huang <yonghua.huang@intel.com> Acked-by: Anthony Xu <anthony.xu@intel.com>
2025-09-07 03:40:27 +00:00 · 2018-12-13 16:55:11 +08:00
parent 57dfc7de05
commit 4fc5dcfc3e
22 changed files with 157 additions and 41 deletions
--- a/hypervisor/include/arch/x86/cpu.h
+++ b/hypervisor/include/arch/x86/cpu.h
@@ -531,6 +531,17 @@ write_xcr(int32_t reg, uint64_t val)
 	high = (uint32_t)(val >> 32U);
 	asm volatile("xsetbv" : : "c" (reg), "a" (low), "d" (high));
 }
+
+static inline void stac(void)
+{
+	asm volatile ("stac" : : : "memory");
+}
+
+static inline void clac(void)
+{
+	asm volatile ("clac" : : : "memory");
+}
+
 #else /* ASSEMBLER defined */

 #endif /* ASSEMBLER defined */
--- a/hypervisor/include/arch/x86/mmu.h
+++ b/hypervisor/include/arch/x86/mmu.h
@@ -106,6 +106,14 @@ void enable_paging(void);
 * @return None
 */
 void enable_smep(void);
+
+/**
+ * @brief Supervisor-mode Access Prevention (SMAP) enable
+ *
+ * @return None
+ */
+void enable_smap(void);
+
 /**
 * @brief MMU page tables initialization
 *
@@ -116,6 +124,8 @@ void mmu_add(uint64_t *pml4_page, uint64_t paddr_base, uint64_t vaddr_base,
 		uint64_t size, uint64_t prot, const struct memory_ops *mem_ops);
 void mmu_modify_or_del(uint64_t *pml4_page, uint64_t vaddr_base, uint64_t size,
 		uint64_t prot_set, uint64_t prot_clr, const struct memory_ops *mem_ops, uint32_t type);
+void hv_access_memory_region_update(uint64_t base, uint64_t size);
+
 /**
 * @brief EPT and VPID capability checking
 *