From 79bd3f498f490a731dedb31feab805c7a90e440b Mon Sep 17 00:00:00 2001 From: Victor Sun Date: Fri, 4 Jun 2021 11:45:53 +0800 Subject: [PATCH] HV: avoid pre-launched VM modules being corrupted by SOS kernel load When hypervisor boots, the multiboot modules are loaded by bootloader(GRUB) from HPA 0x100000 in order. The space range of pre-launched VM modules is also exposed to SOS VM, so SOS VM kernel might pick this range to extract kernel when KASLR enabled. This would corrupt pre-launched VM modules and result in pre-launched VM boot fail. This patch will try to fix this issue. The SOS VM will not be loaded to guest space until all pre-launched VMs are loaded successfully. Tracked-On: #5879 Signed-off-by: Victor Sun Reviewed-by: Jason Chen CJ --- hypervisor/arch/x86/guest/vm.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/hypervisor/arch/x86/guest/vm.c b/hypervisor/arch/x86/guest/vm.c index 965ac9bda..1a950a728 100644 --- a/hypervisor/arch/x86/guest/vm.c +++ b/hypervisor/arch/x86/guest/vm.c @@ -874,6 +874,7 @@ void resume_vm_from_s3(struct acrn_vm *vm, uint32_t wakeup_vec) launch_vcpu(bsp); } +static uint8_t loaded_pre_vm_nr = 0U; /** * Prepare to create vm/vcpu for vm * @@ -892,7 +893,30 @@ void prepare_vm(uint16_t vm_id, struct acrn_vm_config *vm_config) build_vrsdp(vm); } + if (is_sos_vm(vm)) { + /* We need to ensure all modules of pre-launched VMs have been loaded already + * before loading SOS VM modules, otherwise the module of pre-launched VMs could + * be corrupted because SOS VM kernel might pick any usable RAM to extract kernel + * when KASLR enabled. + * In case the pre-launched VMs aren't loaded successfuly that cause deadlock here, + * use a 10000ms timer to break the waiting loop. + */ + uint64_t start_tick = cpu_ticks(); + + while (1) { + uint64_t timeout = ticks_to_ms(cpu_ticks() - start_tick); + if ((loaded_pre_vm_nr == PRE_VM_NUM) || (timeout > 10000U)) { + break; + } + } + } + err = vm_sw_loader(vm); + + if (is_prelaunched_vm(vm)) { + loaded_pre_vm_nr++; + } + if (err == 0) { /* start vm BSP automatically */