github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2026-01-06 08:04:55 +00:00
Code Issues Projects Releases Wiki Activity

hv: disable mpx capability for guest

Browse Source 
This patch hide Memory Protection Extention (MPX) capability from guest.

- vCPUID change:
  Clear cpuid.07H.0.ebx[14]
  Clear cpuid.0DH.0.eax[4:3]
- vMSR change:
  Add MSR_IA32_BNDCFGS to un-supported MSR array.
- XCR0[4:3] is not allowed to set by guest.

Tracked-On: #2821
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Binbin Wu
2019-03-19 10:55:52 +08:00
committed by wenlingz
parent 71ce4c255e
commit f32b59d73d
5 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hypervisor/arch/x86/guest/vmsr.c
View File

@@ -64,7 +64,7 @@ static const uint32_t mtrr_msrs[NUM_MTRR_MSRS] = {
};
/* Following MSRs are intercepted, but it throws GPs for any guest accesses */
#define NUM_UNSUPPORTED_MSRS 103U
#define NUM_UNSUPPORTED_MSRS 104U
static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
/* Variable MTRRs are not supported */
MSR_IA32_MTRR_PHYSBASE_0,
@@ -120,6 +120,9 @@ static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
/* SGX disabled : CPUID.07H.EBX[2] */
MSR_IA32_SGX_SVN_STATUS,
/* MPX disabled: CPUID.07H.EBX[14] */
MSR_IA32_BNDCFGS,
/* SGX disabled : CPUID.12H.EAX[0] */
MSR_SGXOWNEREPOCH0,
MSR_SGXOWNEREPOCH1,