arm: flush vcpu when switching domain

This avoids information about vcpu state being leaked across domains. Signed-off-by: Corey Lewis <corey.lewis@proofcraft.systems>
2024-09-10 18:17:28 +10:00
parent 2734df9217
commit e558631c73
7 changed files with 29 additions and 0 deletions
--- a/include/arch/arm/arch/object/vcpu.h
+++ b/include/arch/arm/arch/object/vcpu.h
@@ -123,6 +123,7 @@ exception_t decodeARMVCPUInvocation(

 void vcpu_restore(vcpu_t *cpu);
 void vcpu_switch(vcpu_t *cpu);
+void vcpu_flush(void);
 #ifdef ENABLE_SMP_SUPPORT
 void handleVCPUInjectInterruptIPI(vcpu_t *vcpu, unsigned long index, virq_t virq);
 #endif /* ENABLE_SMP_SUPPORT */
@@ -206,6 +207,7 @@ static inline VPPIEventIRQ_t irqVPPIEventIndex(irq_t irq)

 #define vcpu_boot_init() do {} while(0)
 #define vcpu_switch(x) do {} while(0)
+#define vcpu_flush() do {} while(0)
 static inline void VGICMaintenance(void) {}

 #endif /* end of !CONFIG_ARM_HYPERVISOR_SUPPORT */
--- a/include/kernel/thread.h
+++ b/include/kernel/thread.h
@@ -164,6 +164,7 @@ void Arch_switchToThread(tcb_t *tcb);
 void Arch_switchToIdleThread(void);
 void Arch_configureIdleThread(tcb_t *tcb);
 void Arch_activateIdleThread(tcb_t *tcb);
+void Arch_prepareNextDomain(void);

 void NORETURN idle_thread(void);

--- a/src/arch/arm/kernel/thread.c
+++ b/src/arch/arm/kernel/thread.c
@@ -10,3 +10,10 @@ void Arch_postModifyRegisters(tcb_t *tptr)
 {
    /* Nothing to do */
 }
+
+void Arch_prepareNextDomain(void)
+{
+    if (config_set(CONFIG_ARM_HYPERVISOR_SUPPORT)) {
+        vcpu_flush();
+    }
+}
--- a/src/arch/arm/object/vcpu.c
+++ b/src/arch/arm/object/vcpu.c
@@ -264,6 +264,14 @@ static void vcpu_invalidate_active(void)
    ARCH_NODE_STATE(armHSCurVCPU) = NULL;
 }

+void vcpu_flush(void)
+{
+    if (ARCH_NODE_STATE(armHSCurVCPU)) {
+        vcpu_save(ARCH_NODE_STATE(armHSCurVCPU), ARCH_NODE_STATE(armHSVCPUActive));
+        vcpu_invalidate_active();
+    }
+}
+
 void vcpu_finalise(vcpu_t *vcpu)
 {
    if (vcpu->vcpuTCB) {
--- a/src/arch/riscv/kernel/thread.c
+++ b/src/arch/riscv/kernel/thread.c
@@ -55,3 +55,8 @@ void Arch_postModifyRegisters(tcb_t *tptr)
 {
    /* Nothing to do */
 }
+
+void Arch_prepareNextDomain(void)
+{
+    /* Don't need to do anything */
+}
--- a/src/arch/x86/kernel/thread.c
+++ b/src/arch/x86/kernel/thread.c
@@ -11,3 +11,8 @@ void Arch_postModifyRegisters(tcb_t *tptr)
 {
    Mode_postModifyRegisters(tptr);
 }
+
+void Arch_prepareNextDomain(void)
+{
+    /* Don't need to do anything */
+}
--- a/src/kernel/thread.c
+++ b/src/kernel/thread.c
@@ -314,6 +314,7 @@ void prepareSetDomain(tcb_t *tptr, dom_t dom)

 static void prepareNextDomain(void)
 {
+    Arch_prepareNextDomain();
 #ifdef CONFIG_HAVE_FPU
    /* Save FPU state now to avoid touching cross-domain state later */
    switchLocalFpuOwner(NULL);