HV: trusty: refine secure_world_control

Define Bitmap flag to indicate secure world's state:
    supported: 0(not supported), 1(supported)
    active:    0(inactive), 1(active)

Refine secure_world_memory:
    base_gpa_in_sos: base_gpa from SOS's view
    base_gpa_in_uos: base_gpa from UOS's view, this is the original base_gpa
                     allocated by bootloader.
    Recording above GPA is for usage of trusty EPT destroy and re-create.
    There is an assumption: the secure world's memory address is contiguous
    in both SOS and physical side.

Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>

hypervisor/arch/x86/ept.c

@@ -106,9 +106,8 @@ void destroy_ept(struct vm *vm)
 	 *  - trusty is enabled. But not initialized yet.
 	 *    Check vm->arch_vm.sworld_eptp.
 	 */
-	if (vm->sworld_control.sworld_enabled &&
-			(vm->arch_vm.sworld_eptp != NULL)) {
-		free_ept_mem(vm->arch_vm.sworld_eptp);
+	if (vm->sworld_control.flag.active) {
+		free_ept_mem(HPA2HVA(vm->arch_vm.sworld_eptp));
 		vm->arch_vm.sworld_eptp = NULL;
 	}
 }

hypervisor/arch/x86/guest/guest.c

@@ -804,7 +804,7 @@ uint64_t create_guest_initial_paging(struct vm *vm)
 	 * FIXME: this is a tempory solution for trusty enabling,
 	 * the final solution is that vSBL will setup guest page tables
 	 */
-	if (vm->sworld_control.sworld_enabled && !is_vm0(vm)) {
+	if (vm->sworld_control.flag.supported && !is_vm0(vm)) {
 		/* clear page entry for trusty */
 		(void)memset(pml4_addr + 6U * PAGE_SIZE_4K, 0U, PAGE_SIZE_4K);
 

hypervisor/arch/x86/guest/vm.c

@@ -156,8 +156,8 @@ int create_vm(struct vm_description *vm_desc, struct vm **rtn_vm)
 #endif
 	} else {
 		/* populate UOS vm fields according to vm_desc */
-		vm->sworld_control.sworld_enabled =
-			vm_desc->sworld_enabled;
+		vm->sworld_control.flag.supported =
+			vm_desc->sworld_supported;
 		(void)memcpy_s(&vm->GUID[0], sizeof(vm->GUID),
 					&vm_desc->GUID[0],
 					sizeof(vm_desc->GUID));
@@ -266,7 +266,7 @@ int shutdown_vm(struct vm *vm)
 	vioapic_cleanup(vm->arch_vm.virt_ioapic);
 
 	/* Destroy secure world */
-	if (vm->sworld_control.sworld_enabled) {
+	if (vm->sworld_control.flag.active) {
 		destroy_secure_world(vm);
 	}
 	/* Free EPT allocated resources assigned to VM */

hypervisor/arch/x86/mmu.c

@@ -175,8 +175,7 @@ void invept(struct vcpu *vcpu)
 		desc.eptp = HVA2HPA(vcpu->vm->arch_vm.nworld_eptp) |
 				(3UL << 3U) | 6UL;
 		local_invept(INVEPT_TYPE_SINGLE_CONTEXT, desc);
-		if (vcpu->vm->sworld_control.sworld_enabled &&
-			vcpu->vm->arch_vm.sworld_eptp != NULL) {
+		if (vcpu->vm->sworld_control.flag.active) {
 			desc.eptp = HVA2HPA(vcpu->vm->arch_vm.sworld_eptp)
 				| (3UL << 3U) | 6UL;
 			local_invept(INVEPT_TYPE_SINGLE_CONTEXT, desc);

hypervisor/arch/x86/trusty.c

@@ -92,9 +92,9 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig,
 		return;
 	}
 
-	if (!vm->sworld_control.sworld_enabled
+	if (!vm->sworld_control.flag.supported
 			|| vm->arch_vm.sworld_eptp != NULL) {
-		pr_err("Sworld is not enabled or Sworld eptp is not NULL");
+		pr_err("Sworld is not supported or Sworld eptp is not NULL");
 		return;
 	}
 
@@ -164,8 +164,9 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig,
 			gpa, size);
 
 	/* Backup secure world info, will be used when
-	 * destroy secure world */
-	vm->sworld_control.sworld_memory.base_gpa = gpa;
+	 * destroy secure world and suspend UOS */
+	vm->sworld_control.sworld_memory.base_gpa_in_sos = gpa;
+	vm->sworld_control.sworld_memory.base_gpa_in_uos = gpa_orig;
 	vm->sworld_control.sworld_memory.base_hpa = hpa;
 	vm->sworld_control.sworld_memory.length = size;
 
@@ -194,7 +195,7 @@ void  destroy_secure_world(struct vm *vm)
 	map_params.pml4_inverted = vm0->arch_vm.m2p;
 
 	map_mem(&map_params, (void *)vm->sworld_control.sworld_memory.base_hpa,
-			(void *)vm->sworld_control.sworld_memory.base_gpa,
+		(void *)vm->sworld_control.sworld_memory.base_gpa_in_sos,
 			vm->sworld_control.sworld_memory.length,
 			(IA32E_EPT_R_BIT |
 			 IA32E_EPT_W_BIT |