github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-19 12:12:16 +00:00
Code Issues Projects Releases Wiki Activity

HV: inject exception for invalid vmcall

Browse Source 
For non-trusty hypercalls, HV should inject #GP(0) to vCPU if they are
from non-ring0 or inject #UD if they are from ring0 of non-SOS. Also
we should not modify RAX of vCPU for these invalid vmcalls.

Tracked-On: #3497

Signed-off-by: Victor Sun <victor.sun@intel.com>
This commit is contained in:
Victor Sun 2019-07-05 16:35:27 +08:00 committed by ACRN System Integration
parent c4f6681045
commit 901a65cb53
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hypervisor/arch/x86/guest/vmcall.c
View File

@ -233,6 +233,7 @@ int32_t vmcall_vmexit_handler(struct acrn_vcpu *vcpu)
if (!is_hypercall_from_ring0()) { if (!is_hypercall_from_ring0()) {
pr_err("hypercall is only allowed from RING-0!\n"); pr_err("hypercall is only allowed from RING-0!\n");
vcpu_inject_gp(vcpu, 0U);
ret = -EACCES; ret = -EACCES;
} else if (hypcall_id == HC_WORLD_SWITCH) { } else if (hypcall_id == HC_WORLD_SWITCH) {
ret = hcall_world_switch(vcpu); ret = hcall_world_switch(vcpu);
@ -248,10 +249,13 @@ int32_t vmcall_vmexit_handler(struct acrn_vcpu *vcpu)
ret = dispatch_sos_hypercall(vcpu); ret = dispatch_sos_hypercall(vcpu);
} else { } else {
pr_err("hypercall %d is only allowed from SOS_VM!\n", hypcall_id); pr_err("hypercall %d is only allowed from SOS_VM!\n", hypcall_id);
vcpu_inject_ud(vcpu);
ret = -ENODEV; ret = -ENODEV;
} }
if ((ret != -EACCES) && (ret != -ENODEV)) {
vcpu_set_gpreg(vcpu, CPU_REG_RAX, (uint64_t)ret); vcpu_set_gpreg(vcpu, CPU_REG_RAX, (uint64_t)ret);
}
TRACE_2L(TRACE_VMEXIT_VMCALL, vm->vm_id, hypcall_id); TRACE_2L(TRACE_VMEXIT_VMCALL, vm->vm_id, hypcall_id);
return 0; return 0;