github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-06-18 19:57:31 +00:00
Code Issues Projects Releases Wiki Activity

hv: pgtable: move sanitize_pte into pagetable.c

Browse Source 
sanitize_pte is used to set page table entry to map to an sanitized page to
mitigate l1tf. It should belongs to pgtable module. So move it to pagetable.c

Tracked-On: #5830
Signed-off-by: Li Fei1 <fei1.li@intel.com>
This commit is contained in:
Li Fei1 2021-03-22 13:59:29 +08:00 committed by wenlingz
parent ef90bb6db3
commit d1ae797742
6 changed files with 33 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hypervisor/arch/x86/guest/trusty.c
View File

@ -90,8 +90,6 @@ void destroy_secure_world(struct acrn_vm *vm, bool need_clr_mem)
} }
ept_del_mr(vm, vm->arch_vm.sworld_eptp, gpa_uos, size); ept_del_mr(vm, vm->arch_vm.sworld_eptp, gpa_uos, size);
/* sanitize trusty ept page-structures */
sanitize_pte((uint64_t *)vm->arch_vm.sworld_eptp, &vm->arch_vm.ept_pgtable);
vm->arch_vm.sworld_eptp = NULL; vm->arch_vm.sworld_eptp = NULL;
/* Restore memory to guest normal world */ /* Restore memory to guest normal world */

1
hypervisor/arch/x86/guest/vm.c
View File

@ -504,7 +504,6 @@ int32_t create_vm(uint16_t vm_id, uint64_t pcpu_bitmap, struct acrn_vm_config *v
init_ept_pgtable(&vm->arch_vm.ept_pgtable, vm->vm_id); init_ept_pgtable(&vm->arch_vm.ept_pgtable, vm->vm_id);
vm->arch_vm.nworld_eptp = pgtable_create_root(&vm->arch_vm.ept_pgtable); vm->arch_vm.nworld_eptp = pgtable_create_root(&vm->arch_vm.ept_pgtable);
sanitize_pte((uint64_t *)vm->arch_vm.nworld_eptp, &vm->arch_vm.ept_pgtable);
(void)memcpy_s(&vm->uuid[0], sizeof(vm->uuid), (void)memcpy_s(&vm->uuid[0], sizeof(vm->uuid),
&vm_config->uuid[0], sizeof(vm_config->uuid)); &vm_config->uuid[0], sizeof(vm_config->uuid));

23
hypervisor/arch/x86/mmu.c
View File

@ -194,24 +194,6 @@ void invept(const void *eptp)
} }
} }
static inline uint64_t get_sanitized_page(void)
{
return hva2hpa(sanitized_page);
}
void sanitize_pte_entry(uint64_t *ptep, const struct pgtable *table)
{
set_pgentry(ptep, get_sanitized_page(), table);
}
void sanitize_pte(uint64_t *pt_page, const struct pgtable *table)
{
uint64_t i;
for (i = 0UL; i < PTRS_PER_PTE; i++) {
sanitize_pte_entry(pt_page + i, table);
}
}
void enable_paging(void) void enable_paging(void)
{ {
uint64_t tmp64 = 0UL; uint64_t tmp64 = 0UL;
@ -306,6 +288,8 @@ void init_paging(void)
panic("Please configure HV_ADDRESS_SPACE correctly!\n"); panic("Please configure HV_ADDRESS_SPACE correctly!\n");
} }
init_sanitized_page((uint64_t *)sanitized_page, hva2hpa_early(sanitized_page));
/* Allocate memory for Hypervisor PML4 table */ /* Allocate memory for Hypervisor PML4 table */
ppt_mmu_pml4_addr = pgtable_create_root(&ppt_pgtable); ppt_mmu_pml4_addr = pgtable_create_root(&ppt_pgtable);
@ -366,9 +350,6 @@ void init_paging(void)
/* Enable paging */ /* Enable paging */
enable_paging(); enable_paging();
/* set ptep in sanitized_page point to itself */
sanitize_pte((uint64_t *)sanitized_page, &ppt_pgtable);
} }
/* /*

32
hypervisor/arch/x86/pagetable.c
View File

@ -13,6 +13,31 @@
#define DBG_LEVEL_MMU 6U #define DBG_LEVEL_MMU 6U
static uint64_t sanitized_page_hpa;
static void sanitize_pte_entry(uint64_t *ptep, const struct pgtable *table)
{
set_pgentry(ptep, sanitized_page_hpa, table);
}
static void sanitize_pte(uint64_t *pt_page, const struct pgtable *table)
{
uint64_t i;
for (i = 0UL; i < PTRS_PER_PTE; i++) {
sanitize_pte_entry(pt_page + i, table);
}
}
void init_sanitized_page(uint64_t *sanitized_page, uint64_t hpa)
{
uint64_t i;
sanitized_page_hpa = hpa;
/* set ptep in sanitized_page point to itself */
for (i = 0UL; i < PTRS_PER_PTE; i++) {
*(sanitized_page + i) = sanitized_page_hpa;
}
}
static void try_to_free_pgtable_page(const struct pgtable *table, static void try_to_free_pgtable_page(const struct pgtable *table,
uint64_t *pde, uint64_t *pt_page, uint32_t type) uint64_t *pde, uint64_t *pt_page, uint32_t type)
@ -432,7 +457,9 @@ void pgtable_add_map(uint64_t *pml4_page, uint64_t paddr_base, uint64_t vaddr_ba
void *pgtable_create_root(const struct pgtable *table) void *pgtable_create_root(const struct pgtable *table)
{ {
return (uint64_t *)alloc_page(table->pool); uint64_t *page = (uint64_t *)alloc_page(table->pool);
sanitize_pte(page, table);
return page;
} }
void *pgtable_create_trusty_root(const struct pgtable *table, void *pgtable_create_trusty_root(const struct pgtable *table,
@ -450,8 +477,7 @@ void *pgtable_create_trusty_root(const struct pgtable *table,
* Normal World.PD/PT are shared in both Secure world's EPT * Normal World.PD/PT are shared in both Secure world's EPT
* and Normal World's EPT * and Normal World's EPT
*/ */
pml4_base = alloc_page(table->pool); pml4_base = pgtable_create_root(table);
sanitize_pte((uint64_t *)pml4_base, table);
/* The trusty memory is remapped to guest physical address /* The trusty memory is remapped to guest physical address
* of gpa_rebased to gpa_rebased + size * of gpa_rebased to gpa_rebased + size

2
hypervisor/include/arch/x86/mmu.h
View File

@ -81,8 +81,6 @@ static inline uint64_t round_pde_down(uint64_t val)
#define PAGE_SIZE_2M MEM_2M #define PAGE_SIZE_2M MEM_2M
#define PAGE_SIZE_1G MEM_1G #define PAGE_SIZE_1G MEM_1G
void sanitize_pte_entry(uint64_t *ptep, const struct pgtable *table);
void sanitize_pte(uint64_t *pt_page, const struct pgtable *table);
/** /**
* @brief MMU paging enable * @brief MMU paging enable
* *

2
hypervisor/include/arch/x86/pgtable.h
View File

@ -304,6 +304,8 @@ static inline uint64_t pdpte_large(uint64_t pdpte)
return pdpte & PAGE_PSE; return pdpte & PAGE_PSE;
} }
void init_sanitized_page(uint64_t *sanitized_page, uint64_t hpa);
void *pgtable_create_root(const struct pgtable *table); void *pgtable_create_root(const struct pgtable *table);
void *pgtable_create_trusty_root(const struct pgtable *table, void *pgtable_create_trusty_root(const struct pgtable *table,
void *nworld_pml4_page, uint64_t prot_table_present, uint64_t prot_clr); void *nworld_pml4_page, uint64_t prot_table_present, uint64_t prot_clr);