Trait ProtectIsolatedMemory

Source
pub trait ProtectIsolatedMemory: Send + Sync {
    // Required methods
    fn change_host_visibility(
        &self,
        vtl: GuestVtl,
        shared: bool,
        gpns: &[u64],
        tlb_access: &mut dyn TlbFlushLockAccess,
    ) -> Result<(), (HvError, usize)>;
    fn query_host_visibility(
        &self,
        gpns: &[u64],
        host_visibility: &mut [HostVisibilityType],
    ) -> Result<(), (HvError, usize)>;
    fn default_vtl0_protections(&self) -> HvMapGpaFlags;
    fn change_default_vtl_protections(
        &self,
        calling_vtl: Vtl,
        target_vtl: GuestVtl,
        protections: HvMapGpaFlags,
        tlb_access: &mut dyn TlbFlushLockAccess,
    ) -> Result<(), HvError>;
    fn change_vtl_protections(
        &self,
        calling_vtl: Vtl,
        target_vtl: GuestVtl,
        gpns: &[u64],
        protections: HvMapGpaFlags,
        tlb_access: &mut dyn TlbFlushLockAccess,
    ) -> Result<(), (HvError, usize)>;
    fn register_overlay_page(
        &self,
        vtl: GuestVtl,
        gpn: u64,
        check_perms: HvMapGpaFlags,
        new_perms: Option<HvMapGpaFlags>,
        tlb_access: &mut dyn TlbFlushLockAccess,
    ) -> Result<(), HvError>;
    fn unregister_overlay_page(
        &self,
        vtl: GuestVtl,
        gpn: u64,
        tlb_access: &mut dyn TlbFlushLockAccess,
    ) -> Result<(), HvError>;
    fn is_overlay_page(&self, vtl: GuestVtl, gpn: u64) -> bool;
    fn lock_gpns(
        &self,
        vtl: GuestVtl,
        gpns: &[u64],
    ) -> Result<(), GuestMemoryBackingError>;
    fn unlock_gpns(&self, vtl: GuestVtl, gpns: &[u64]);
    fn set_vtl1_protections_enabled(&self);
    fn vtl1_protections_enabled(&self) -> bool;
}
Expand description

Trait for CVM-related protections on guest memory.

Required Methods§

Source

fn change_host_visibility( &self, vtl: GuestVtl, shared: bool, gpns: &[u64], tlb_access: &mut dyn TlbFlushLockAccess, ) -> Result<(), (HvError, usize)>

Changes host visibility on guest memory.

Source

fn query_host_visibility( &self, gpns: &[u64], host_visibility: &mut [HostVisibilityType], ) -> Result<(), (HvError, usize)>

Queries host visibility on guest memory.

Source

fn default_vtl0_protections(&self) -> HvMapGpaFlags

Gets the default protections/permissions for VTL 0.

Source

fn change_default_vtl_protections( &self, calling_vtl: Vtl, target_vtl: GuestVtl, protections: HvMapGpaFlags, tlb_access: &mut dyn TlbFlushLockAccess, ) -> Result<(), HvError>

Changes the default protections/permissions for a VTL. For VBS-isolated VMs, the protections apply to all vtls lower than the specified one. For hardware-isolated VMs, they apply just to the given vtl.

Source

fn change_vtl_protections( &self, calling_vtl: Vtl, target_vtl: GuestVtl, gpns: &[u64], protections: HvMapGpaFlags, tlb_access: &mut dyn TlbFlushLockAccess, ) -> Result<(), (HvError, usize)>

Changes the vtl protections on a range of guest memory.

Source

fn register_overlay_page( &self, vtl: GuestVtl, gpn: u64, check_perms: HvMapGpaFlags, new_perms: Option<HvMapGpaFlags>, tlb_access: &mut dyn TlbFlushLockAccess, ) -> Result<(), HvError>

Registers a page as an overlay page by first validating it has the required permissions, optionally modifying them, then locking them.

Source

fn unregister_overlay_page( &self, vtl: GuestVtl, gpn: u64, tlb_access: &mut dyn TlbFlushLockAccess, ) -> Result<(), HvError>

Unregisters an overlay page, removing its permission lock and restoring the previous permissions.

Source

fn is_overlay_page(&self, vtl: GuestVtl, gpn: u64) -> bool

Checks whether a page is currently registered as an overlay page.

Source

fn lock_gpns( &self, vtl: GuestVtl, gpns: &[u64], ) -> Result<(), GuestMemoryBackingError>

Locks the permissions and mappings for a set of guest pages.

Source

fn unlock_gpns(&self, vtl: GuestVtl, gpns: &[u64])

Unlocks the permissions and mappings for a set of guest pages.

Panics if asked to unlock a page that was not previously locked. The caller must ensure that the given slice has the same ordering as the one passed to lock_gpns.

Source

fn set_vtl1_protections_enabled(&self)

Alerts the memory protector that vtl 1 is ready to set vtl protections on lower-vtl memory, and that these protections should be enforced.

Source

fn vtl1_protections_enabled(&self) -> bool

Whether VTL 1 is prepared to modify vtl protections on lower-vtl memory, and therefore whether these protections should be enforced.

Implementors§