From 65d437283e3ccd76c9e538f864ec07464a0f7cb5 Mon Sep 17 00:00:00 2001
From: Binbin Wu <binbin.wu@intel.com>
Date: Wed, 22 May 2019 15:22:52 +0800
Subject: [PATCH] hv: vm: build ept for sgx epc reource

Build EPT entries for SGX EPC resource for VMs.
- SOS: EPC resrouce will be removed from EPT of SOS, don't support SGX virtualization for SOS.
- Non-SOS: build ept mapping for EPC resource for guest.
  Guest base address and size is specified in vm configuration.

Tracked-On: #3179
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
---
 hypervisor/arch/x86/guest/vm.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/hypervisor/arch/x86/guest/vm.c b/hypervisor/arch/x86/guest/vm.c
index 0976822ba..8877500da 100644
--- a/hypervisor/arch/x86/guest/vm.c
+++ b/hypervisor/arch/x86/guest/vm.c
@@ -25,6 +25,7 @@
 #include <vboot.h>
 #include <vboot_info.h>
 #include <board.h>
+#include <sgx.h>
 
 vm_sw_loader_t vm_sw_loader;
 
@@ -321,6 +322,7 @@ static void prepare_sos_vm_memmap(struct acrn_vm *vm)
 	uint64_t hv_hpa;
 	struct acrn_vm_config *vm_config;
 	uint64_t *pml4_page = (uint64_t *)vm->arch_vm.nworld_eptp;
+	struct epc_section* epc_secs;
 
 	const struct e820_entry *entry;
 	uint32_t entries_count = vm->e820_entry_num;
@@ -353,6 +355,15 @@ static void prepare_sos_vm_memmap(struct acrn_vm *vm)
 		pr_dbg("BaseAddress: 0x%016llx length: 0x%016llx\n", entry->baseaddr, entry->length);
 	}
 
+	/* Unmap all platform EPC resource from SOS.
+	 * This part has already been marked as reserved by BIOS in E820
+	 * will cause EPT violation if sos accesses EPC resource.
+	 */
+	epc_secs = get_phys_epc();
+	for (i = 0U; (i < MAX_EPC_SECTIONS) && (epc_secs[i].size != 0UL); i++) {
+		ept_mr_del(vm, pml4_page, epc_secs[i].base, epc_secs[i].size);
+	}
+
 	/* unmap hypervisor itself for safety
 	 * will cause EPT violation if sos accesses hv memory
 	 */
@@ -367,6 +378,21 @@ static void prepare_sos_vm_memmap(struct acrn_vm *vm)
 	}
 }
 
+/* Add EPT mapping of EPC reource for the VM */
+static void prepare_epc_vm_memmap(struct acrn_vm *vm)
+{
+	struct epc_map* vm_epc_maps;
+	uint32_t i;
+
+	if (is_vsgx_supported(vm->vm_id)) {
+		vm_epc_maps = get_epc_mapping(vm->vm_id);
+		for (i = 0U; (i < MAX_EPC_SECTIONS) && (vm_epc_maps[i].size != 0UL); i++) {
+			ept_mr_add(vm, (uint64_t *)vm->arch_vm.nworld_eptp, vm_epc_maps[i].hpa,
+				vm_epc_maps[i].gpa, vm_epc_maps[i].size, EPT_RWX | EPT_WB);
+		}
+	}
+}
+
 /**
  * @pre vm_id < CONFIG_MAX_VM_NUM && vm_config != NULL && rtn_vm != NULL
  * @pre vm->state == VM_POWERED_OFF
@@ -432,6 +458,8 @@ int32_t create_vm(uint16_t vm_id, struct acrn_vm_config *vm_config, struct acrn_
 	}
 
 	if (status == 0) {
+		prepare_epc_vm_memmap(vm);
+
 		INIT_LIST_HEAD(&vm->softirq_dev_entry_list);
 		spinlock_init(&vm->softirq_dev_lock);
 		vm->intr_inject_delay_delta = 0UL;