hypercall: only allow hypercall from RING-0

JasonChenCJ · lijinxia · commit f505f338bd06 · 2018-05-22T11:38:04.000+08:00
only allow hypercall from RING-0

Signed-off-by: Jason Chen CJ &lt;jason.cj.chen@intel.com&gt;
Acked-by: Eddie Dong &lt;eddie.dong@intel.com&gt;
diff --git a/hypervisor/arch/x86/guest/vmcall.c b/hypervisor/arch/x86/guest/vmcall.c
@@ -52,6 +52,11 @@ int vmcall_vmexit_handler(struct vcpu *vcpu)
 	/* hypercall param4 from guest, reserved*/
 	/* uint64_t param4 = cur_context->guest_cpu_regs.regs.rcx; */
 
+	if (!is_hypercall_from_ring0()) {
+		pr_err("hypercall is only allowed from RING-0!\n");
+		return -1;
+	}
+
 	/* Dispatch the hypercall handler */
 	switch (hypcall_id) {
 	case HC_GET_API_VERSION:
diff --git a/hypervisor/common/trusty_hypercall.c b/hypervisor/common/trusty_hypercall.c
@@ -40,11 +40,6 @@ int64_t hcall_world_switch(struct vcpu *vcpu)
 {
 	int next_world_id = !(vcpu->arch_vcpu.cur_context);
 
-	if (!is_hypercall_from_ring0()) {
-		pr_err("%s() is only allowed from RING-0!\n", __func__);
-		return -1;
-	}
-
 	if (!vcpu->vm->sworld_control.sworld_enabled) {
 		pr_err("Secure World is not enabled!\n");
 		return -1;
@@ -64,11 +59,6 @@ int64_t hcall_world_switch(struct vcpu *vcpu)
 
 int64_t hcall_initialize_trusty(struct vcpu *vcpu, uint64_t param)
 {
-	if (!is_hypercall_from_ring0()) {
-		pr_err("%s() is only allowed from RING-0!\n", __func__);
-		return -1;
-	}
-
 	if (!vcpu->vm->sworld_control.sworld_enabled) {
 		pr_err("Secure World is not enabled!\n");
 		return -1;
