github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-23 14:07:42 +00:00
Code Issues Projects Releases Wiki Activity

hv:unmap AP trampoline region from service VM's EPT

Browse Source 
AP trampoline code should be accessile to hypervisor only,
 Unmap this memory region from service VM's EPT mapping
 for security reason..

Tracked-On: #4112
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is contained in:
Yonghua Huang 2019-11-12 16:08:45 +08:00 committed by wenlingz
parent 52a968db2f
commit 66d824d677
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hypervisor/arch/x86/guest/guest.c
View File

@ -9,6 +9,7 @@
#include <multiboot.h> #include <multiboot.h>
#include <reloc.h> #include <reloc.h>
#include <e820.h> #include <e820.h>
#include <trampoline.h>
#define ACRN_DBG_GUEST 6U #define ACRN_DBG_GUEST 6U
@ -507,5 +508,14 @@ int32_t prepare_vm0_memmap(struct acrn_vm *vm)
*/ */
hv_hpa = get_hv_image_base(); hv_hpa = get_hv_image_base();
ept_mr_del(vm, pml4_page, hv_hpa, CONFIG_HV_RAM_SIZE); ept_mr_del(vm, pml4_page, hv_hpa, CONFIG_HV_RAM_SIZE);
/* unmap AP trampoline code for security reason.
* 'allocate_pages()' in efi boot mode or
* 'e820_alloc_low_memory()' in direct boot
* mode will ensure the base address of tramploline
* code be page-aligned.
*/
ept_mr_del(vm, pml4_page, trampoline_start16_paddr, CONFIG_LOW_RAM_SIZE);
return 0; return 0;
} }