pub trait ProtectIsolatedMemory: Send + Sync {
// Required methods
fn change_host_visibility(
&self,
shared: bool,
gpns: &[u64],
tlb_access: &mut dyn TlbFlushLockAccess,
) -> Result<(), (HvError, usize)>;
fn query_host_visibility(
&self,
gpns: &[u64],
host_visibility: &mut [HostVisibilityType],
) -> Result<(), (HvError, usize)>;
fn default_vtl0_protections(&self) -> HvMapGpaFlags;
fn change_default_vtl_protections(
&self,
vtl: GuestVtl,
protections: HvMapGpaFlags,
tlb_access: &mut dyn TlbFlushLockAccess,
) -> Result<(), HvError>;
fn change_vtl_protections(
&self,
vtl: GuestVtl,
gpns: &[u64],
protections: HvMapGpaFlags,
tlb_access: &mut dyn TlbFlushLockAccess,
) -> Result<(), (HvError, usize)>;
fn change_hypercall_overlay(
&self,
vtl: GuestVtl,
gpn: u64,
tlb_access: &mut dyn TlbFlushLockAccess,
);
fn disable_hypercall_overlay(
&self,
vtl: GuestVtl,
tlb_access: &mut dyn TlbFlushLockAccess,
);
fn set_vtl1_protections_enabled(&self);
fn vtl1_protections_enabled(&self) -> bool;
}Expand description
Trait for CVM-related protections on guest memory.
Required Methods§
Sourcefn change_host_visibility(
&self,
shared: bool,
gpns: &[u64],
tlb_access: &mut dyn TlbFlushLockAccess,
) -> Result<(), (HvError, usize)>
fn change_host_visibility( &self, shared: bool, gpns: &[u64], tlb_access: &mut dyn TlbFlushLockAccess, ) -> Result<(), (HvError, usize)>
Changes host visibility on guest memory.
Sourcefn query_host_visibility(
&self,
gpns: &[u64],
host_visibility: &mut [HostVisibilityType],
) -> Result<(), (HvError, usize)>
fn query_host_visibility( &self, gpns: &[u64], host_visibility: &mut [HostVisibilityType], ) -> Result<(), (HvError, usize)>
Queries host visibility on guest memory.
Sourcefn default_vtl0_protections(&self) -> HvMapGpaFlags
fn default_vtl0_protections(&self) -> HvMapGpaFlags
Gets the default protections/permissions for VTL 0.
Sourcefn change_default_vtl_protections(
&self,
vtl: GuestVtl,
protections: HvMapGpaFlags,
tlb_access: &mut dyn TlbFlushLockAccess,
) -> Result<(), HvError>
fn change_default_vtl_protections( &self, vtl: GuestVtl, protections: HvMapGpaFlags, tlb_access: &mut dyn TlbFlushLockAccess, ) -> Result<(), HvError>
Changes the default protections/permissions for a VTL. For VBS-isolated VMs, the protections apply to all vtls lower than the specified one. For hardware-isolated VMs, they apply just to the given vtl.
Sourcefn change_vtl_protections(
&self,
vtl: GuestVtl,
gpns: &[u64],
protections: HvMapGpaFlags,
tlb_access: &mut dyn TlbFlushLockAccess,
) -> Result<(), (HvError, usize)>
fn change_vtl_protections( &self, vtl: GuestVtl, gpns: &[u64], protections: HvMapGpaFlags, tlb_access: &mut dyn TlbFlushLockAccess, ) -> Result<(), (HvError, usize)>
Changes the vtl protections on a range of guest memory.
Sourcefn change_hypercall_overlay(
&self,
vtl: GuestVtl,
gpn: u64,
tlb_access: &mut dyn TlbFlushLockAccess,
)
fn change_hypercall_overlay( &self, vtl: GuestVtl, gpn: u64, tlb_access: &mut dyn TlbFlushLockAccess, )
Changes the overlay for the hypercall code page for a target VTL.
Sourcefn disable_hypercall_overlay(
&self,
vtl: GuestVtl,
tlb_access: &mut dyn TlbFlushLockAccess,
)
fn disable_hypercall_overlay( &self, vtl: GuestVtl, tlb_access: &mut dyn TlbFlushLockAccess, )
Disables the overlay for the hypercall code page for a target VTL.
Sourcefn set_vtl1_protections_enabled(&self)
fn set_vtl1_protections_enabled(&self)
Alerts the memory protector that vtl 1 is ready to set vtl protections on lower-vtl memory, and that these protections should be enforced.
Sourcefn vtl1_protections_enabled(&self) -> bool
fn vtl1_protections_enabled(&self) -> bool
Whether VTL 1 is prepared to modify vtl protections on lower-vtl memory, and therefore whether these protections should be enforced.