mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2025-01-18 10:35:23 +00:00
arch, vmm: Place KVM identity map region after TSS region
In order to avoid the identity map region to conflict with a possible firmware being placed in the last 4MiB of the 4GiB range, we must set the address to a chosen location. And it makes the most sense to have this region placed right after the TSS region. Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com> (cherry picked from commit 03a606c7ec45046840d06f7a7c41b0aeb82df0cc) Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
parent
42e8e2b933
commit
c6ca964ee6
@ -98,6 +98,10 @@ pub const PCI_MMCONFIG_SIZE: u64 = 256 << 20;
|
||||
pub const KVM_TSS_START: GuestAddress = GuestAddress(PCI_MMCONFIG_START.0 + PCI_MMCONFIG_SIZE);
|
||||
pub const KVM_TSS_SIZE: u64 = (3 * 4) << 10;
|
||||
|
||||
// Identity map is a one page region after the TSS
|
||||
pub const KVM_IDENTITY_MAP_START: GuestAddress = GuestAddress(KVM_TSS_START.0 + KVM_TSS_SIZE);
|
||||
pub const KVM_IDENTITY_MAP_SIZE: u64 = 4 << 10;
|
||||
|
||||
// IOAPIC
|
||||
pub const IOAPIC_START: GuestAddress = GuestAddress(0xfec0_0000);
|
||||
pub const IOAPIC_SIZE: u64 = 0x20;
|
||||
|
@ -275,6 +275,7 @@ fn create_vmm_ioctl_seccomp_rule_kvm() -> Result<Vec<SeccompRule>, BackendError>
|
||||
const KVM_SET_CLOCK: u64 = 0x4030_ae7b;
|
||||
const KVM_SET_CPUID2: u64 = 0x4008_ae90;
|
||||
const KVM_SET_FPU: u64 = 0x41a0_ae8d;
|
||||
const KVM_SET_IDENTITY_MAP_ADDR: u64 = 0x4008_ae48;
|
||||
const KVM_SET_LAPIC: u64 = 0x4400_ae8f;
|
||||
const KVM_SET_MSRS: u64 = 0x4008_ae89;
|
||||
const KVM_SET_SREGS: u64 = 0x4138_ae84;
|
||||
@ -298,6 +299,7 @@ fn create_vmm_ioctl_seccomp_rule_kvm() -> Result<Vec<SeccompRule>, BackendError>
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_CLOCK)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_CPUID2)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_FPU)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_IDENTITY_MAP_ADDR)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_LAPIC)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_SREGS)?],
|
||||
and![Cond::new(1, ArgLen::Dword, Eq, KVM_SET_TSS_ADDR,)?],
|
||||
|
@ -32,7 +32,7 @@ use crate::{
|
||||
use anyhow::anyhow;
|
||||
use arch::get_host_cpu_phys_bits;
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
use arch::layout::KVM_TSS_START;
|
||||
use arch::layout::{KVM_IDENTITY_MAP_START, KVM_TSS_START};
|
||||
#[cfg(all(feature = "tdx", feature = "acpi"))]
|
||||
use arch::x86_64::tdx::TdVmmDataRegionType;
|
||||
#[cfg(feature = "tdx")]
|
||||
@ -756,6 +756,8 @@ impl Vm {
|
||||
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
{
|
||||
vm.set_identity_map_address(KVM_IDENTITY_MAP_START.0)
|
||||
.unwrap();
|
||||
vm.set_tss_address(KVM_TSS_START.0 as usize).unwrap();
|
||||
vm.enable_split_irq().unwrap();
|
||||
}
|
||||
@ -819,6 +821,8 @@ impl Vm {
|
||||
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
{
|
||||
vm.set_identity_map_address(KVM_IDENTITY_MAP_START.0)
|
||||
.unwrap();
|
||||
vm.set_tss_address(KVM_TSS_START.0 as usize).unwrap();
|
||||
vm.enable_split_irq().unwrap();
|
||||
}
|
||||
@ -878,6 +882,8 @@ impl Vm {
|
||||
|
||||
#[cfg(target_arch = "x86_64")]
|
||||
{
|
||||
vm.set_identity_map_address(KVM_IDENTITY_MAP_START.0)
|
||||
.unwrap();
|
||||
vm.set_tss_address(KVM_TSS_START.0 as usize).unwrap();
|
||||
vm.enable_split_irq().unwrap();
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user