move security related funcs into security.c

there are still some security related funcs in cpu_caps.c & cpu.c, move them out into security.c. Changes to be committed: modified: Makefile modified: arch/x86/cpu.c modified: arch/x86/cpu_caps.c modified: arch/x86/guest/vcpu.c new file: arch/x86/security.c modified: arch/x86/trusty.c modified: arch/x86/vmx_asm.S modified: include/arch/x86/cpu.h modified: include/arch/x86/cpu_caps.h modified: include/arch/x86/per_cpu.h new file: include/arch/x86/security.h Tracked-On: #1842 Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
2025-09-05 02:40:37 +00:00 · 2018-12-18 09:28:27 +08:00
parent 0ad6da998c
commit 5968da4635
11 changed files with 150 additions and 113 deletions
--- a/hypervisor/include/arch/x86/cpu.h
+++ b/hypervisor/include/arch/x86/cpu.h
@@ -246,15 +246,6 @@ enum pcpu_boot_state {
 	PCPU_STATE_DEAD,
 };

-#ifdef STACK_PROTECTOR
-struct stack_canary {
-	/* Gcc generates extra code, using [fs:40] to access canary */
-	uint8_t reserved[40];
-	uint64_t canary;
-};
-void __stack_chk_fail(void);
-#endif
-
 /* Function prototypes */
 void cpu_do_idle(void);
 void cpu_dead(void);
--- a/hypervisor/include/arch/x86/cpu_caps.h
+++ b/hypervisor/include/arch/x86/cpu_caps.h
@@ -7,19 +7,6 @@
 #ifndef CPUINFO_H
 #define CPUINFO_H

-/* type of speculation control
- * 0 - no speculation control support
- * 1 - raw IBRS + IPBP support
- * 2 - with STIBP optimization support
- */
-#define IBRS_NONE	0
-#define IBRS_RAW	1
-#define IBRS_OPT	2
-
-#ifndef ASSEMBLER
-
-extern int32_t ibrs_type;
-
 struct cpu_state_info {
 	uint8_t			 px_cnt;	/* count of all Px states */
 	const struct cpu_px_data *px_data;
@@ -72,6 +59,4 @@ bool check_cpu_security_cap(void);
 void cpu_l1d_flush(void);
 int detect_hardware_support(void);

-#endif /* ASSEMBLER */
-
 #endif /* CPUINFO_H */
--- a/hypervisor/include/arch/x86/per_cpu.h
+++ b/hypervisor/include/arch/x86/per_cpu.h
@@ -18,6 +18,7 @@
 #include <logmsg.h>
 #include "arch/x86/guest/instr_emul.h"
 #include <profiling.h>
+#include <security.h>

 struct per_cpu_region {
 	/* vmxon_region MUST be 4KB-aligned */
--- a/hypervisor/include/arch/x86/security.h
+++ b/hypervisor/include/arch/x86/security.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2018 Intel Corporation. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef SECURITY_H
+#define SECURITY_H
+
+/* type of speculation control
+ * 0 - no speculation control support
+ * 1 - raw IBRS + IPBP support
+ * 2 - with STIBP optimization support
+ */
+#define IBRS_NONE	0
+#define IBRS_RAW	1
+#define IBRS_OPT	2
+
+#ifndef ASSEMBLER
+extern int32_t ibrs_type;
+void cpu_l1d_flush(void);
+bool check_cpu_security_cap(void);
+
+#ifdef STACK_PROTECTOR
+struct stack_canary {
+	/* Gcc generates extra code, using [fs:40] to access canary */
+	uint8_t reserved[40];
+	uint64_t canary;
+};
+void __stack_chk_fail(void);
+void set_fs_base(void);
+#endif
+
+#endif /* ASSEMBLER */
+
+#endif /* SECURITY_H */