From 5603afb2be561dacbc6170bcbcf7ee42cd4a8b82 Mon Sep 17 00:00:00 2001 From: Yonghua Huang Date: Tue, 10 Jul 2018 19:42:00 +0800 Subject: [PATCH] HV: remove execute access attribute in trusty EPT table - this patch is to prevent secure world(trusty) from fetching instructin from normal world memory. - copy valid PDPTEs from normal world EPT to secure world EPT, and remove 'IA32E_EPT_X_BIT' attribute in these entries. Signed-off-by: Yonghua Huang Reviewed-by: Jason Chen CJ Acked-by: Eddie Dong --- hypervisor/arch/x86/trusty.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/hypervisor/arch/x86/trusty.c b/hypervisor/arch/x86/trusty.c index d9c34cf32..d394afc38 100644 --- a/hypervisor/arch/x86/trusty.c +++ b/hypervisor/arch/x86/trusty.c @@ -82,6 +82,7 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig, uint64_t table_present = (IA32E_EPT_R_BIT | IA32E_EPT_W_BIT | IA32E_EPT_X_BIT); + uint64_t pdpte = 0, *dest_pdpte_p = NULL, *src_pdpte_p = NULL; void *sub_table_addr = NULL, *pml4_base = NULL; struct vm *vm0 = get_vm_from_vmid(0); uint16_t i; @@ -130,8 +131,22 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig, nworld_pml4e = mem_read64(HPA2HVA(vm->arch_vm.nworld_eptp)); - (void)memcpy_s(HPA2HVA(sworld_pml4e & IA32E_REF_MASK), CPU_PAGE_SIZE, - HPA2HVA(nworld_pml4e & IA32E_REF_MASK), CPU_PAGE_SIZE); + + /* + * copy PTPDEs from normal world EPT to secure world EPT, + * and remove execute access attribute in these entries + */ + dest_pdpte_p = HPA2HVA(sworld_pml4e & IA32E_REF_MASK); + src_pdpte_p = HPA2HVA(nworld_pml4e & IA32E_REF_MASK); + for (i = 0U; i < IA32E_NUM_ENTRIES - 1; i++) { + pdpte = mem_read64(src_pdpte_p); + if ((pdpte & table_present) != 0UL) { + pdpte &= ~IA32E_EPT_X_BIT; + mem_write64(dest_pdpte_p, pdpte); + } + src_pdpte_p++; + dest_pdpte_p++; + } /* Map gpa_rebased~gpa_rebased+size * to secure ept mapping