hypercall: only allow hypercall from RING-0

only allow hypercall from RING-0 Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
projectacrn · May 22, 2018 · f505f33 · f505f33
1 parent d219140
commit f505f33
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 10 deletions.
diff --git a/hypervisor/arch/x86/guest/vmcall.c b/hypervisor/arch/x86/guest/vmcall.c
@@ -52,6 +52,11 @@ int vmcall_vmexit_handler(struct vcpu *vcpu)
 	/* hypercall param4 from guest, reserved*/
 	/* uint64_t param4 = cur_context->guest_cpu_regs.regs.rcx; */
 
+	if (!is_hypercall_from_ring0()) {
+		pr_err("hypercall is only allowed from RING-0!\n");
+		return -1;
+	}
+
 	/* Dispatch the hypercall handler */
 	switch (hypcall_id) {
 	case HC_GET_API_VERSION:

diff --git a/hypervisor/common/trusty_hypercall.c b/hypervisor/common/trusty_hypercall.c
@@ -40,11 +40,6 @@ int64_t hcall_world_switch(struct vcpu *vcpu)
 {
 	int next_world_id = !(vcpu->arch_vcpu.cur_context);
 
-	if (!is_hypercall_from_ring0()) {
-		pr_err("%s() is only allowed from RING-0!\n", __func__);
-		return -1;
-	}
-
 	if (!vcpu->vm->sworld_control.sworld_enabled) {
 		pr_err("Secure World is not enabled!\n");
 		return -1;
@@ -64,11 +59,6 @@ int64_t hcall_world_switch(struct vcpu *vcpu)
 
 int64_t hcall_initialize_trusty(struct vcpu *vcpu, uint64_t param)
 {
-	if (!is_hypercall_from_ring0()) {
-		pr_err("%s() is only allowed from RING-0!\n", __func__);
-		return -1;
-	}
-
 	if (!vcpu->vm->sworld_control.sworld_enabled) {
 		pr_err("Secure World is not enabled!\n");
 		return -1;