hv:add destroy Secure world API

This patch added API destroy_secure_world, which will do: -- clear trusty memory space -- restore memory to SOS ept mapping It will be called when VM is destroyed, furthermore, ept of Secure world will be destroyed as well. Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com> Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com> Reviewed-by: Anthony Xu <anthony.xu@intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
2018-04-03 09:52:52 +08:00 · 2018-04-03 09:52:52 +08:00 · e5be957945
parent ace23b5088
commit e5be957945
4 changed files with 31 additions and 0 deletions
--- a/hypervisor/arch/x86/ept.c
+++ b/hypervisor/arch/x86/ept.c
@ -140,6 +140,9 @@ void destroy_ept(struct vm *vm)
 {
 	free_ept_mem(vm->arch_vm.nworld_eptp);
 	free_ept_mem(vm->arch_vm.m2p);
+	/* Destroy Secure world ept */
+	if (vm->sworld_control.sworld_enabled)
+		free_ept_mem(vm->arch_vm.sworld_eptp);
 }

 uint64_t gpa2hpa_check(struct vm *vm, uint64_t gpa,
--- a/hypervisor/arch/x86/guest/vm.c
+++ b/hypervisor/arch/x86/guest/vm.c
@ -208,6 +208,9 @@ int shutdown_vm(struct vm *vm)
 	/* cleanup and free vioapic */
 	vioapic_cleanup(vm->arch_vm.virt_ioapic);

+	/* Destroy secure world */
+	if (vm->sworld_control.sworld_enabled)
+		destroy_secure_world(vm);
 	/* Free EPT allocated resources assigned to VM */
 	destroy_ept(vm);

--- a/hypervisor/arch/x86/trusty.c
+++ b/hypervisor/arch/x86/trusty.c
@ -173,6 +173,30 @@ static void create_secure_world_ept(struct vm *vm, uint64_t gpa_orig,

 }

+void  destroy_secure_world(struct vm *vm)
+{
+	struct map_params  map_params;
+	struct vm *vm0 = get_vm_from_vmid(0);
+
+	/* clear trusty memory space */
+	memset(HPA2HVA(vm->sworld_control.sworld_memory.base_hpa),
+			0, vm->sworld_control.sworld_memory.length);
+
+	/* restore memory to SOS ept mapping */
+	map_params.page_table_type = PTT_EPT;
+	map_params.pml4_base = vm0->arch_vm.nworld_eptp;
+	map_params.pml4_inverted = vm0->arch_vm.m2p;
+
+	map_mem(&map_params, (void *)vm->sworld_control.sworld_memory.base_hpa,
+			(void *)vm->sworld_control.sworld_memory.base_gpa,
+			vm->sworld_control.sworld_memory.length,
+			(MMU_MEM_ATTR_READ |
+			 MMU_MEM_ATTR_WRITE |
+			 MMU_MEM_ATTR_EXECUTE |
+			 MMU_MEM_ATTR_WB_CACHE));
+
+}
+
 static void save_world_ctx(struct run_context *context)
 {
 	/* VMCS Execution field */
--- a/hypervisor/include/arch/x86/trusty.h
+++ b/hypervisor/include/arch/x86/trusty.h
@ -128,6 +128,7 @@ struct secure_world_control {

 void switch_world(struct vcpu *vcpu, int next_world);
 bool initialize_trusty(struct vcpu *vcpu, uint64_t param);
+void destroy_secure_world(struct vm *vm);

 #endif /* TRUSTY_H_ */