OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity

hv: Hide Service VM hypercalls from REE 

Though REE VM has its load order to be Service_VM, it does not offer
services as Service VM does. The only hypercalls allowed for REE are the
ones with GUEST_FLAG_REE.

Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit is contained in:
Yifan Liu 2021-11-27 01:03:00 +00:00 committed by wenlingz
parent 98bc4cab35
commit b59c489750
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hypervisor/arch/x86/guest/vmcall.c
View File

@ -10,6 +10,7 @@
#include <asm/guest/vcpu.h>
#include <asm/guest/vm.h>
#include <asm/guest/virq.h>
#include <asm/guest/optee.h>
#include <acrn_hv_defs.h>
#include <hypercall.h>
#include <trace.h>
@ -220,9 +221,13 @@ static int32_t dispatch_hypercall(struct acrn_vcpu *vcpu)
uint64_t param1 = vcpu_get_gpreg(vcpu, CPU_REG_RDI); /* hypercall param1 from guest */
uint64_t param2 = vcpu_get_gpreg(vcpu, CPU_REG_RSI); /* hypercall param2 from guest */
if ((permission_flags == 0UL) && is_service_vm(vm)) {
if ((permission_flags == 0UL) && is_service_vm(vm) && !is_ree_vm(vm)) {
/* A permission_flags of 0 indicates that this hypercall is for Service VM to manage
* post-launched VMs.
*
* Though REE VM has its load order to be Service_VM, it does not offer services as
* Service VM does. The only hypercalls allowed for REE are the ones with permission flag
* GUEST_FLAG_REE.
*/
struct acrn_vm *target_vm = parse_target_vm(vm, hcall_id, param1, param2);