hv: mmu: unmap the trusty EPT when destroy_secure_world

Unmap the trusty EPT mapping when destroy_secure_world. The reason is
now the normal world and trusty will share the PD and PT page. Before
we add the mapping for each world, we should unmap it from another world.
Besides, fix a minor bug for condition priority.

Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>

Author: lifeix

hypervisor/arch/x86/mmu.c

@@ -280,7 +280,7 @@ void init_paging(void)
 	 */
 	hv_hpa = get_hv_image_base();
 	mmu_modify_or_del((uint64_t *)ppt_mmu_pml4_addr, hv_hpa & PDE_MASK,
-		CONFIG_HV_RAM_SIZE + ((hv_hpa & (PDE_SIZE - 1UL)) != 0UL) ? PDE_SIZE : 0UL,
+		CONFIG_HV_RAM_SIZE + (((hv_hpa & (PDE_SIZE - 1UL)) != 0UL) ? PDE_SIZE : 0UL),
 			PAGE_CACHE_WB, PAGE_CACHE_MASK | PAGE_USER,
 			&ppt_mem_ops, MR_MODIFY);
 

hypervisor/arch/x86/trusty.c

@@ -166,6 +166,11 @@ void  destroy_secure_world(struct vm *vm, bool need_clr_mem)
 		(void)memset(hpa2hva(hpa), 0U, size);
 	}
 
+	ept_mr_del(vm, vm->arch_vm.sworld_eptp, gpa_uos, size);
+	/* sanitize trusty ept page-structures */
+	sanitize_pte((uint64_t *)vm->arch_vm.sworld_eptp);
+	vm->arch_vm.sworld_eptp = NULL;
+
 	/* restore memory to SOS ept mapping */
 	ept_mr_add(vm0, vm0->arch_vm.nworld_eptp,
 			hpa, gpa_sos, size, EPT_RWX | EPT_WB);
@@ -174,9 +179,6 @@ void  destroy_secure_world(struct vm *vm, bool need_clr_mem)
 	ept_mr_add(vm, vm->arch_vm.nworld_eptp,
 			hpa, gpa_uos, size, EPT_RWX | EPT_WB);
 
-	/* sanitize trusty ept page-structures */
-	sanitize_pte((uint64_t *)vm->arch_vm.sworld_eptp);
-	vm->arch_vm.sworld_eptp = NULL;
 }
 
 static void save_world_ctx(struct vcpu *vcpu, struct ext_context *ext_ctx)