From d1ae797742e37ed25b09b5fd701d9dbb9f5535bf Mon Sep 17 00:00:00 2001 From: Li Fei1 Date: Mon, 22 Mar 2021 13:59:29 +0800 Subject: [PATCH] hv: pgtable: move sanitize_pte into pagetable.c sanitize_pte is used to set page table entry to map to an sanitized page to mitigate l1tf. It should belongs to pgtable module. So move it to pagetable.c Tracked-On: #5830 Signed-off-by: Li Fei1 --- hypervisor/arch/x86/guest/trusty.c | 2 -- hypervisor/arch/x86/guest/vm.c | 1 - hypervisor/arch/x86/mmu.c | 23 ++----------------- hypervisor/arch/x86/pagetable.c | 32 ++++++++++++++++++++++++--- hypervisor/include/arch/x86/mmu.h | 2 -- hypervisor/include/arch/x86/pgtable.h | 2 ++ 6 files changed, 33 insertions(+), 29 deletions(-) diff --git a/hypervisor/arch/x86/guest/trusty.c b/hypervisor/arch/x86/guest/trusty.c index d8a0c7fb7..b7e5fbba8 100644 --- a/hypervisor/arch/x86/guest/trusty.c +++ b/hypervisor/arch/x86/guest/trusty.c @@ -90,8 +90,6 @@ void destroy_secure_world(struct acrn_vm *vm, bool need_clr_mem) } ept_del_mr(vm, vm->arch_vm.sworld_eptp, gpa_uos, size); - /* sanitize trusty ept page-structures */ - sanitize_pte((uint64_t *)vm->arch_vm.sworld_eptp, &vm->arch_vm.ept_pgtable); vm->arch_vm.sworld_eptp = NULL; /* Restore memory to guest normal world */ diff --git a/hypervisor/arch/x86/guest/vm.c b/hypervisor/arch/x86/guest/vm.c index abbdcdafd..fa660edf1 100644 --- a/hypervisor/arch/x86/guest/vm.c +++ b/hypervisor/arch/x86/guest/vm.c @@ -504,7 +504,6 @@ int32_t create_vm(uint16_t vm_id, uint64_t pcpu_bitmap, struct acrn_vm_config *v init_ept_pgtable(&vm->arch_vm.ept_pgtable, vm->vm_id); vm->arch_vm.nworld_eptp = pgtable_create_root(&vm->arch_vm.ept_pgtable); - sanitize_pte((uint64_t *)vm->arch_vm.nworld_eptp, &vm->arch_vm.ept_pgtable); (void)memcpy_s(&vm->uuid[0], sizeof(vm->uuid), &vm_config->uuid[0], sizeof(vm_config->uuid)); diff --git a/hypervisor/arch/x86/mmu.c b/hypervisor/arch/x86/mmu.c index 2e4e3e11b..ce92ea762 100644 --- a/hypervisor/arch/x86/mmu.c +++ b/hypervisor/arch/x86/mmu.c @@ -194,24 +194,6 @@ void invept(const void *eptp) } } -static inline uint64_t get_sanitized_page(void) -{ - return hva2hpa(sanitized_page); -} - -void sanitize_pte_entry(uint64_t *ptep, const struct pgtable *table) -{ - set_pgentry(ptep, get_sanitized_page(), table); -} - -void sanitize_pte(uint64_t *pt_page, const struct pgtable *table) -{ - uint64_t i; - for (i = 0UL; i < PTRS_PER_PTE; i++) { - sanitize_pte_entry(pt_page + i, table); - } -} - void enable_paging(void) { uint64_t tmp64 = 0UL; @@ -306,6 +288,8 @@ void init_paging(void) panic("Please configure HV_ADDRESS_SPACE correctly!\n"); } + init_sanitized_page((uint64_t *)sanitized_page, hva2hpa_early(sanitized_page)); + /* Allocate memory for Hypervisor PML4 table */ ppt_mmu_pml4_addr = pgtable_create_root(&ppt_pgtable); @@ -366,9 +350,6 @@ void init_paging(void) /* Enable paging */ enable_paging(); - - /* set ptep in sanitized_page point to itself */ - sanitize_pte((uint64_t *)sanitized_page, &ppt_pgtable); } /* diff --git a/hypervisor/arch/x86/pagetable.c b/hypervisor/arch/x86/pagetable.c index 8a40fbc0e..4891b5844 100644 --- a/hypervisor/arch/x86/pagetable.c +++ b/hypervisor/arch/x86/pagetable.c @@ -13,6 +13,31 @@ #define DBG_LEVEL_MMU 6U +static uint64_t sanitized_page_hpa; + +static void sanitize_pte_entry(uint64_t *ptep, const struct pgtable *table) +{ + set_pgentry(ptep, sanitized_page_hpa, table); +} + +static void sanitize_pte(uint64_t *pt_page, const struct pgtable *table) +{ + uint64_t i; + for (i = 0UL; i < PTRS_PER_PTE; i++) { + sanitize_pte_entry(pt_page + i, table); + } +} + +void init_sanitized_page(uint64_t *sanitized_page, uint64_t hpa) +{ + uint64_t i; + + sanitized_page_hpa = hpa; + /* set ptep in sanitized_page point to itself */ + for (i = 0UL; i < PTRS_PER_PTE; i++) { + *(sanitized_page + i) = sanitized_page_hpa; + } +} static void try_to_free_pgtable_page(const struct pgtable *table, uint64_t *pde, uint64_t *pt_page, uint32_t type) @@ -432,7 +457,9 @@ void pgtable_add_map(uint64_t *pml4_page, uint64_t paddr_base, uint64_t vaddr_ba void *pgtable_create_root(const struct pgtable *table) { - return (uint64_t *)alloc_page(table->pool); + uint64_t *page = (uint64_t *)alloc_page(table->pool); + sanitize_pte(page, table); + return page; } void *pgtable_create_trusty_root(const struct pgtable *table, @@ -450,8 +477,7 @@ void *pgtable_create_trusty_root(const struct pgtable *table, * Normal World.PD/PT are shared in both Secure world's EPT * and Normal World's EPT */ - pml4_base = alloc_page(table->pool); - sanitize_pte((uint64_t *)pml4_base, table); + pml4_base = pgtable_create_root(table); /* The trusty memory is remapped to guest physical address * of gpa_rebased to gpa_rebased + size diff --git a/hypervisor/include/arch/x86/mmu.h b/hypervisor/include/arch/x86/mmu.h index c2f55c454..70a10a779 100644 --- a/hypervisor/include/arch/x86/mmu.h +++ b/hypervisor/include/arch/x86/mmu.h @@ -81,8 +81,6 @@ static inline uint64_t round_pde_down(uint64_t val) #define PAGE_SIZE_2M MEM_2M #define PAGE_SIZE_1G MEM_1G -void sanitize_pte_entry(uint64_t *ptep, const struct pgtable *table); -void sanitize_pte(uint64_t *pt_page, const struct pgtable *table); /** * @brief MMU paging enable * diff --git a/hypervisor/include/arch/x86/pgtable.h b/hypervisor/include/arch/x86/pgtable.h index 2cb569b51..363e8b7ae 100644 --- a/hypervisor/include/arch/x86/pgtable.h +++ b/hypervisor/include/arch/x86/pgtable.h @@ -304,6 +304,8 @@ static inline uint64_t pdpte_large(uint64_t pdpte) return pdpte & PAGE_PSE; } +void init_sanitized_page(uint64_t *sanitized_page, uint64_t hpa); + void *pgtable_create_root(const struct pgtable *table); void *pgtable_create_trusty_root(const struct pgtable *table, void *nworld_pml4_page, uint64_t prot_table_present, uint64_t prot_clr);