From f505f338bd06134d2df08134b125b865aacad453 Mon Sep 17 00:00:00 2001
From: Jason Chen CJ <jason.cj.chen@intel.com>
Date: Mon, 21 May 2018 20:13:26 +0800
Subject: [PATCH] hypercall: only allow hypercall from RING-0

only allow hypercall from RING-0

Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
---
 hypervisor/arch/x86/guest/vmcall.c   |  5 +++++
 hypervisor/common/trusty_hypercall.c | 10 ----------
 2 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/hypervisor/arch/x86/guest/vmcall.c b/hypervisor/arch/x86/guest/vmcall.c
index a61675ca9..ffd599407 100644
--- a/hypervisor/arch/x86/guest/vmcall.c
+++ b/hypervisor/arch/x86/guest/vmcall.c
@@ -52,6 +52,11 @@ int vmcall_vmexit_handler(struct vcpu *vcpu)
 	/* hypercall param4 from guest, reserved*/
 	/* uint64_t param4 = cur_context->guest_cpu_regs.regs.rcx; */
 
+	if (!is_hypercall_from_ring0()) {
+		pr_err("hypercall is only allowed from RING-0!\n");
+		return -1;
+	}
+
 	/* Dispatch the hypercall handler */
 	switch (hypcall_id) {
 	case HC_GET_API_VERSION:
diff --git a/hypervisor/common/trusty_hypercall.c b/hypervisor/common/trusty_hypercall.c
index 0789ef990..64aeaa64a 100644
--- a/hypervisor/common/trusty_hypercall.c
+++ b/hypervisor/common/trusty_hypercall.c
@@ -40,11 +40,6 @@ int64_t hcall_world_switch(struct vcpu *vcpu)
 {
 	int next_world_id = !(vcpu->arch_vcpu.cur_context);
 
-	if (!is_hypercall_from_ring0()) {
-		pr_err("%s() is only allowed from RING-0!\n", __func__);
-		return -1;
-	}
-
 	if (!vcpu->vm->sworld_control.sworld_enabled) {
 		pr_err("Secure World is not enabled!\n");
 		return -1;
@@ -64,11 +59,6 @@ int64_t hcall_world_switch(struct vcpu *vcpu)
 
 int64_t hcall_initialize_trusty(struct vcpu *vcpu, uint64_t param)
 {
-	if (!is_hypercall_from_ring0()) {
-		pr_err("%s() is only allowed from RING-0!\n", __func__);
-		return -1;
-	}
-
 	if (!vcpu->vm->sworld_control.sworld_enabled) {
 		pr_err("Secure World is not enabled!\n");
 		return -1;