github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-25 15:02:13 +00:00
Code Issues Projects Releases Wiki Activity

HV: remove execute access attribute in trusty EPT table

Browse Source 
- this patch is to prevent secure world(trusty) from
   fetching instructin from normal world memory.

 - copy valid PDPTEs from normal world EPT to secure
   world EPT, and remove 'IA32E_EPT_X_BIT' attribute in
   these entries.

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Yonghua Huang 2018-07-10 19:42:00 +08:00 committed by lijinxia
parent 4446864eff
commit 5603afb2be
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
hypervisor/arch/x86/trusty.c
View File

@ -82,6 +82,7 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig,
uint64_t table_present = (IA32E_EPT_R_BIT |
IA32E_EPT_W_BIT |
IA32E_EPT_X_BIT);
uint64_t pdpte = 0, *dest_pdpte_p = NULL, *src_pdpte_p = NULL;
void *sub_table_addr = NULL, *pml4_base = NULL;
struct vm *vm0 = get_vm_from_vmid(0);
uint16_t i;
@ -130,8 +131,22 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig,
nworld_pml4e = mem_read64(HPA2HVA(vm->arch_vm.nworld_eptp));
(void)memcpy_s(HPA2HVA(sworld_pml4e & IA32E_REF_MASK), CPU_PAGE_SIZE,
HPA2HVA(nworld_pml4e & IA32E_REF_MASK), CPU_PAGE_SIZE);
/*
* copy PTPDEs from normal world EPT to secure world EPT,
* and remove execute access attribute in these entries
*/
dest_pdpte_p = HPA2HVA(sworld_pml4e & IA32E_REF_MASK);
src_pdpte_p = HPA2HVA(nworld_pml4e & IA32E_REF_MASK);
for (i = 0U; i < IA32E_NUM_ENTRIES - 1; i++) {
pdpte = mem_read64(src_pdpte_p);
if ((pdpte & table_present) != 0UL) {
pdpte &= ~IA32E_EPT_X_BIT;
mem_write64(dest_pdpte_p, pdpte);
}
src_pdpte_p++;
dest_pdpte_p++;
}
/* Map gpa_rebased~gpa_rebased+size
* to secure ept mapping