github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2026-06-08 10:04:42 +00:00
Code Issues Projects Releases Wiki Activity

hv: enable/disable snoop control bit per vm

Browse Source 
For security, this patch add one flag per vm and disable snoop control
for sos and enable snoop control for uos by default.

v2: add one flag in vm, not in iommu domain.
v3: add vm null check

Tracked-On: #2086
Signed-off-by: Zhipeng Gong <zhipeng.gong@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit is contained in:
Zhipeng Gong
2018-12-17 14:56:32 +08:00
committed by wenlingz
parent 2028034151
commit c547e9cfb4
4 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hypervisor/arch/x86/ept.c
View File

@@ -187,7 +187,7 @@ void ept_mr_add(struct acrn_vm *vm, uint64_t *pml4_page,
* to force snooping of PCIe devices if the page
* is cachable
*/
if ((prot & EPT_MT_MASK) != EPT_UNCACHED) {
if (((prot & EPT_MT_MASK) != EPT_UNCACHED) && vm->snoopy_mem) {
prot |= EPT_SNOOP_CTRL;
}
@@ -207,7 +207,7 @@ void ept_mr_modify(struct acrn_vm *vm, uint64_t *pml4_page,
dev_dbg(ACRN_DBG_EPT, "%s,vm[%d] gpa 0x%llx size 0x%llx\n", __func__, vm->vm_id, gpa, size);
if ((prot_set & EPT_MT_MASK) != EPT_UNCACHED) {
if (((prot_set & EPT_MT_MASK) != EPT_UNCACHED) && vm->snoopy_mem) {
prot_set |= EPT_SNOOP_CTRL;
}