github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-07-04 11:07:51 +00:00
Code Issues Projects Releases Wiki Activity

hv:Unmap AP trampoline region from service VM's EPT

Browse Source 
AP trampoline code should be accessible
 to hypervisor only, this patch is to unmap
 this region from service VM's EPT for security
 reason.

Tracked-On: #3992
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Yonghua Huang 2019-11-02 20:32:35 +08:00 committed by wenlingz
parent d74497eb17
commit 8227804b09
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hypervisor/arch/x86/guest/vm.c
View File

@ -25,6 +25,7 @@
#include <mmu.h> #include <mmu.h>
#include <logmsg.h> #include <logmsg.h>
#include <vboot_info.h> #include <vboot_info.h>
#include <vboot.h>
#include <board.h> #include <board.h>
#include <sgx.h> #include <sgx.h>
#include <sbuf.h> #include <sbuf.h>
@ -380,6 +381,14 @@ static void prepare_sos_vm_memmap(struct acrn_vm *vm)
ept_del_mr(vm, pml4_page, vm_config->memory.start_hpa, vm_config->memory.size); ept_del_mr(vm, pml4_page, vm_config->memory.start_hpa, vm_config->memory.size);
} }
} }
/* unmap AP trampoline code for security
* 'allocate_pages()' in depri boot mode or
* 'e820_alloc_low_memory()' in direct boot
* mode will ensure the base address of tramploline
* code be page-aligned.
*/
ept_del_mr(vm, pml4_page, get_ap_trampoline_buf(), CONFIG_LOW_RAM_SIZE);
} }
/* Add EPT mapping of EPC reource for the VM */ /* Add EPT mapping of EPC reource for the VM */