mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-10-05 21:15:45 +00:00
hypervisor: Set isolation policy for SNP guest
It's a requirement that a SEV-SNP enabled guest on MSHV must have isolation policy set before launching the guest. Signed-off-by: Jinank Jain <jinankjain@microsoft.com>
This commit is contained in:
parent
3981642dd1
commit
a5763bcb6c
@ -234,6 +234,23 @@ impl hypervisor::Hypervisor for MshvHypervisor {
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Set additional partition property for SEV-SNP partition.
|
||||||
|
if mshv_vm_type == VmType::Snp {
|
||||||
|
let snp_policy = snp::get_default_snp_guest_policy();
|
||||||
|
// SAFETY: access union fields
|
||||||
|
unsafe {
|
||||||
|
debug!(
|
||||||
|
"Setting the partition isolation policy as: 0x{:x}",
|
||||||
|
snp_policy.as_uint64
|
||||||
|
);
|
||||||
|
fd.set_partition_property(
|
||||||
|
hv_partition_property_code_HV_PARTITION_PROPERTY_ISOLATION_POLICY,
|
||||||
|
snp_policy.as_uint64,
|
||||||
|
)
|
||||||
|
.map_err(|e| hypervisor::HypervisorError::SetPartitionProperty(e.into()))?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Default Microsoft Hypervisor behavior for unimplemented MSR is to
|
// Default Microsoft Hypervisor behavior for unimplemented MSR is to
|
||||||
// send a fault to the guest if it tries to access it. It is possible
|
// send a fault to the guest if it tries to access it. It is possible
|
||||||
// to override this behavior with a more suitable option i.e., ignore
|
// to override this behavior with a more suitable option i.e., ignore
|
||||||
|
Loading…
Reference in New Issue
Block a user