Support running TrustVisor in L2 #21
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lxylxy123456
added a commit
that referenced
this pull request
Dec 4, 2022
Support running TrustVisor in L2 High level design * When playing with page tables, hypapp needs to handle EPT12. * For TrustVisor, PAL needs to disable EPT12 for the guest. * When walking page table (L2 guest physical -> XMHF physical), need to walk EPT12, then EPT01. * After hypapp changes EPT01 / EPT12, XMHF automatically merge them to EPT02. * When flushing TLB, hypapp specifies flag to indicate which is changed. * Do not change EPTP (due to race condition discovered) * When not quiescing, software walk of EPT may need to retry if `vcpu->vmx_ept_changed = true` New events hypapp need to handle: * `tv_app_handle_nest_entry`: guest transition from L1 to L2 * `tv_app_handle_nest_exit`: guest transition from L2 to L1 New XMHF interfaces for hypapp: * `VCPU_nested`: return whether CPU in nested virtualization * `xmhf_nested_arch_x86vmx_get_ept12`: get / set EPT12 * `VCPU_disable_nested_interrupt_exit`: disable external interrupt exiting * `VCPU_disable_nested_timer_exit`: disable VMX preemption timer * `VCPU_disable_memory_bitmap`: disable features that use physical memory bitmap Modified XMHF interfaces for hypapp: * `VCPU_*`: if running in nested virtualization, will return L2 state * `xmhf_memprot_flushmappings`: removed * `xmhf_memprot_flushmappings_localtlb`: flush current CPU's TLB, added flags * `xmhf_memprot_flushmappings_alltlb`: flush current CPU's TLB, added flags
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
High level design
vcpu->vmx_ept_changed = trueNew events hypapp need to handle:
tv_app_handle_nest_entry: guest transition from L1 to L2tv_app_handle_nest_exit: guest transition from L2 to L1New XMHF interfaces for hypapp:
VCPU_nested: return whether CPU in nested virtualizationxmhf_nested_arch_x86vmx_get_ept12: get / set EPT12VCPU_disable_nested_interrupt_exit: disable external interrupt exitingVCPU_disable_nested_timer_exit: disable VMX preemption timerVCPU_disable_memory_bitmap: disable features that use physical memory bitmapModified XMHF interfaces for hypapp:
VCPU_*: if running in nested virtualization, will return L2 statexmhf_memprot_flushmappings: removedxmhf_memprot_flushmappings_localtlb: flush current CPU's TLB, added flagsxmhf_memprot_flushmappings_alltlb: flush current CPU's TLB, added flags