github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-08-12 13:32:31 +00:00
Code Issues Projects Releases Wiki Activity

hypercall: only allow hypercall from RING-0

Browse Source 
only allow hypercall from RING-0

Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Jason Chen CJ 2018-05-21 20:13:26 +08:00 committed by lijinxia
parent d2191401c8
commit f505f338bd
2 changed files with 5 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hypervisor/arch/x86/guest/vmcall.c
View File

@ -52,6 +52,11 @@ int vmcall_vmexit_handler(struct vcpu *vcpu)
/* hypercall param4 from guest, reserved*/ /* hypercall param4 from guest, reserved*/
/* uint64_t param4 = cur_context->guest_cpu_regs.regs.rcx; */ /* uint64_t param4 = cur_context->guest_cpu_regs.regs.rcx; */
if (!is_hypercall_from_ring0()) {
pr_err("hypercall is only allowed from RING-0!\n");
return -1;
}
/* Dispatch the hypercall handler */ /* Dispatch the hypercall handler */
switch (hypcall_id) { switch (hypcall_id) {
case HC_GET_API_VERSION: case HC_GET_API_VERSION:

10
hypervisor/common/trusty_hypercall.c
View File

@ -40,11 +40,6 @@ int64_t hcall_world_switch(struct vcpu *vcpu)
{ {
int next_world_id = !(vcpu->arch_vcpu.cur_context); int next_world_id = !(vcpu->arch_vcpu.cur_context);
if (!is_hypercall_from_ring0()) {
pr_err("%s() is only allowed from RING-0!\n", __func__);
return -1;
}
if (!vcpu->vm->sworld_control.sworld_enabled) { if (!vcpu->vm->sworld_control.sworld_enabled) {
pr_err("Secure World is not enabled!\n"); pr_err("Secure World is not enabled!\n");
return -1; return -1;
@ -64,11 +59,6 @@ int64_t hcall_world_switch(struct vcpu *vcpu)
int64_t hcall_initialize_trusty(struct vcpu *vcpu, uint64_t param) int64_t hcall_initialize_trusty(struct vcpu *vcpu, uint64_t param)
{ {
if (!is_hypercall_from_ring0()) {
pr_err("%s() is only allowed from RING-0!\n", __func__);
return -1;
}
if (!vcpu->vm->sworld_control.sworld_enabled) { if (!vcpu->vm->sworld_control.sworld_enabled) {
pr_err("Secure World is not enabled!\n"); pr_err("Secure World is not enabled!\n");
return -1; return -1;