ANDROID: pkvm: x86: Enforce pVM vcpu state protection to the PV interfaces
With most of the vmexits have been handled by the pkvm hypervisor, the pVM vcpu state can be protected against the host now. Add vcpu state protection mechanism when loads a pkvm_vcpu. For a npVM, its vcpu is always accessiable to the host so no protection will be performed. For the npVM, the PV interfaces which can access the vcpu state (except relating with the interrupt) are restricted. As the host still needs to pre-configure pVM's vcpu state for booting, the protection is enforced by the pkvm hypervisor only if the vcpu has started running. If the host doesn't need to do so, then the protection can be enforced directly. Bug: 391539939 Test: pKVM works Upstream-Task: 402758258 Change-Id: Ibd05ebbfb376eef36e21d57ba4dd97d0b7c71d93 Signed-off-by:Chuanxiao Dong <chuanxiao.dong@intel.com> Signed-off-by:
Dmytro Maluka <dmaluka@google.com>
Loading
Please sign in to comment