ept: set trusty eptp to 0 after destroy and only invalidate it when exist

set trusty eptp to 0 after destroy, and only invalidate trusty eptp when it
exist.

Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>

hypervisor/arch/x86/ept.c

@@ -103,8 +103,10 @@ void destroy_ept(struct vm *vm)
 	 *  - trusty is enabled. But not initialized yet.
 	 *    Check vm->arch_vm.sworld_eptp.
 	 */
-	if (vm->sworld_control.sworld_enabled && vm->arch_vm.sworld_eptp)
+	if (vm->sworld_control.sworld_enabled && vm->arch_vm.sworld_eptp) {
 		free_ept_mem(HPA2HVA(vm->arch_vm.sworld_eptp));
+		vm->arch_vm.sworld_eptp = 0;
+	}
 }
 
 uint64_t _gpa2hpa(struct vm *vm, uint64_t gpa, uint32_t *size)

hypervisor/arch/x86/mmu.c

@@ -180,11 +180,11 @@ void invept(struct vcpu *vcpu)
 	if (cpu_has_vmx_ept_cap(VMX_EPT_INVEPT_SINGLE_CONTEXT)) {
 		desc.eptp = vcpu->vm->arch_vm.nworld_eptp | (3 << 3) | 6;
 		_invept(INVEPT_TYPE_SINGLE_CONTEXT, desc);
-		if (vcpu->vm->sworld_control.sworld_enabled) {
+		if (vcpu->vm->sworld_control.sworld_enabled &&
+			vcpu->vm->arch_vm.sworld_eptp) {
 			desc.eptp = vcpu->vm->arch_vm.sworld_eptp
 				| (3 << 3) | 6;
 			_invept(INVEPT_TYPE_SINGLE_CONTEXT, desc);
-
 		}
 	} else if (cpu_has_vmx_ept_cap(VMX_EPT_INVEPT_GLOBAL_CONTEXT))
 		_invept(INVEPT_TYPE_ALL_CONTEXTS, desc);