OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity
acrn-hypervisor/hypervisor/arch/x86/guest
History
Shuo A Liu 15e6c5b9cf hv: nested: audit guest EPT mapping during shadow EPT entries setup 
generate_shadow_ept_entry() didn't verify the correctness of the requested
guest EPT mapping. That might leak host memory access to L2 VM.

To simplify the implementation of the guest EPT audit, hide capabilities
'map 2-Mbyte page' and 'map 1-Gbyte page' from L1 VM. In addition,
minimize the attribute bits of EPT entry when create a shadow EPT entry.
Also, for invalid requested mapping address, reflect the EPT_VIOLATION to
L1 VM.

Here, we have some TODOs:
1) Enable large page support in generate_shadow_ept_entry()
2) Evaluate if need to emulate the invalid GPA access of L2 in HV directly.
3) Minimize EPT entry attributes.

Tracked-On: #5923
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
 		2021-06-04 13:53:47 +08:00
..
assign.c hv: vlapic: wrap a function to calculate destination vcpu mask by shorthand 2021-05-24 10:27:32 +08:00
ept.c hv: cache: wrap common APIs 2021-05-14 09:18:00 +08:00
guest_memory.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
hyperv.c hv/mod_timer: split tsc handling code from timer. 2021-05-18 16:43:28 +08:00
instr_emul.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
nested.c hv: nested: audit guest EPT mapping during shadow EPT entries setup 2021-06-04 13:53:47 +08:00
pm.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
splitlock.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
trusty.c hv/mod_timer: split tsc handling code from timer. 2021-05-18 16:43:28 +08:00
ucode.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
vcpu.c hv: nested: update run_vcpu() function for nested case 2021-06-03 15:23:25 +08:00
vcpuid.c hv: vcpuid: passthrough host CPUID leaf.0BH to guest VMs 2021-05-26 11:23:06 +08:00
ve820.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
vept.c hv: nested: audit guest EPT mapping during shadow EPT entries setup 2021-06-04 13:53:47 +08:00
virq.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
virtual_cr.c hv: nested: enable nested virtualization 2021-05-13 16:16:30 +08:00
vlapic.c hv: vlapic: a minor refine about vlapic_x2apic_pt_icr_access 2021-05-27 09:00:08 +08:00
vlapic_priv.h hv: add ops to vlapic structure 2019-07-19 16:47:06 +08:00
vm.c hv: nested: support for VMPTRLD emulation 2021-05-24 10:34:01 +08:00
vm_reset.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
vmcall.c hv: hypercalls: refactor permission-checking and dispatching logic 2021-05-12 13:43:41 +08:00
vmcs.c hv: VMPTRLD and VMCLEAR VMCS with the common APIs 2021-05-26 11:22:26 +08:00
vmexit.c hv: nested: implement nested VM exit handler 2021-06-03 15:23:25 +08:00
vmsr.c hv/mod_timer: split tsc handling code from timer. 2021-05-18 16:43:28 +08:00
vmtrr.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
vmx_asm.S hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00
vmx_io.c hv: mod: do not use explicit arch name when including headers 2021-05-08 11:15:46 +08:00