This patch fixes potential hypervisor crash when calling
hc_hcall_write_protect_page()with a crafted GPA in
'struct wp_data' instance, e.g. an invalid GPA that is
out of the scope of target VM's EPT address space.
Tracked-On: #4669
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
AP trampoline code should be accessile to hypervisor only,
Unmap this memory region from service VM's EPT mapping
for security reason..
Tracked-On: #4112
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
1. Print warning message instead of panic when
the caller try to modify the attribute for
memory region or delete memory region that
are not present.
2. To avoid above warning message for memory region
below 1M,its attribute may be updated by Service
VM when updating MTTR setting.
Tracked-On: #4112
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
TSC would be reset to 0 when enter suspend state on some platform.
This will fail the secure timer checking in secure world because
secure world leverage the TSC as source of secure timer which should
be increased monotonously.
This patch save/restore TSC in host suspend/resume path to guarantee
the mono increasing TSC.
Note: There should no timer setup before TSC resumed.
Tracked-On: #3698
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
'pcpu_id' should be less than CONFIG_MAX_PCPU_NUM,
else 'per_cpu_data' will overflow. This commit fixes
this potential overflow issue.
Tracked-On: #3407
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
This patch refined the pmu passthru irq handling, which will re-enable
the PMC interrupt in the vlapic handler. So that can avoid some
interrupt storm situation happens.
This patch can fix the remaining Android perf CTS failure.
Tracked-On: #2598
Signed-off-by: Min He <min.he@intel.com>
In commit e24899d9c9 ("fix "Recursion in procedure calls found""), it
added a check if vector < 16U in vlapic_trigger_lvt() by a mistake, since
the vector variable in vlapic_trigger_lvt() is not the interrupt vector.
This patch fixed the issue mentioned above.
Tracked-On:#2598
Signed-off-by: Min He <min.he@intel.com>
With APICv enabled, it's possible that the interrupt is not
injected through VMX_ENTRY_INT_INFO_FIELD. In that case, the
isrvec_stk_top will not be increased.
Tracked-On: #2558
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
In write_trampoline_stack_sym(), when do relocation for pcpu's stack,
it wrongly adds an offset. As a result, during booting, when non-BSP
CPU (APs) tries to run trampoline code once they are waken up by BSP
via SIPI, system hangs.
Tracked-On: #2035
Signed-off-by: Chaohong guo <chaohong.guo@intel.com>
when relocation is enabled, the calcuation of HV size in init_paging
routine is not right. As a result, it doesn't enable NX bit for many
pages which don't belong to hypervisor text section.
Tracked-On: #2035
Signed-off-by: Chaohong guo <chaohong.guo@intel.com>
In init_paging(), when modify page table, it does a round up to 2M on
the starting address of HV memory. If the address is not 2M aligned,
memory overwrite occurs, or memory attribute(cache, u/s) may be not
right. Besides, trusty memory (uos_sworld_memory) in .bss section is 2M
aligned during compiling, after enabling HV memroy 2M alignment, when
relocation is enabled, EFI stub or other loaders just needs to find a
2M-aligned starting addr for HV memory.
Tracked-On: #2035
Signed-off-by: Chaohong guo <chaohong.guo@intel.com>
IO completion polling will access vcpu and vm structs. If doing it in
idle thread, there might be some race issues between vm destroying and
idle thread. They are running on different cores.
Got suggestion from Fengwei, decouple the polling action from idle
thread and just do it in vcpu thread, then we can guarantee idle thread
in really idle status.
Tracked-On: #1821
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
- bugfix:the actual 'size' of memory region that
to be updated is incorrect.
- replace CONFIG_UEFI_STUB with DMAR_PARSE_ENABLED
when update memory pages for ACPI_RECLAIM region,
as DMAR_PARSE_ENABLED may be enabled on non-EFI
platform.
V2 update:
wrap roundup to 2M and rounddown to 2M inline
functions.
Tracked-On: #2056
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
According to SDM Vol. 2A 3-191 & Vol. 2A 3-213, leaf 02h has no subleaf.
This patch removes the un-needed code.
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fixed three MISRA-C violations:
11S: No brackets to loop body
7C: Procedure has more than one exit point.
8D: DD data flow anomalies found.
initialize read_map and write_map in the declaration statements.
Fixed one bug:
Use "msr <= 0x1FFFU" instead of "msr < 0x1FFFU" because 0x1FFF is a valid MSR
bitmap address.
Tracked-On: #861
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fixes the MISRA-C violations on implicit type conversion.
For ptirq vpin source type, there is no need to define a enum.
Remove enum ptirq_vpin_source.
Define two macro:
- PTDEV_VPIN_IOAPIC
- PTDEV_VPIN_PIC
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
When adding ptirq entries, either successes with all number of entries added or
fails with none entries addes.
So remove added ptirq entries if error occurs during the process.
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixs the MISRA-C violations in arch/x86/assign.c
on multiple exits.
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
before PCI_BDF uses its hex value like "0xC2" for "0:18.2" to
configure, now use "0:18.2" directly to make it more readable
and easier to configure.
Tracked-On: #2031
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For security, this patch add one flag per vm and disable snoop control
for sos and enable snoop control for uos by default.
v2: add one flag in vm, not in iommu domain.
v3: add vm null check
Tracked-On: #2086
Signed-off-by: Zhipeng Gong <zhipeng.gong@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The bit mask for an out instruction is only applied to hv inout
handlers.
Apply the bit mask to dm inout handlers as well.
Tracked-On: #2075
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
By switching AP wakeup from broadcast to one by one, we could
set correct stack for each AP and drop the temp stack used during
AP boot.
Tracked-On: #2034
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
there is no need to clear CR4.TSD as there is no user mode
in ACRN hypervisor.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
now UP2 board use ttyS1 as debug uart in HV, and vuart ttyS0 in
SOS kernel (acrn.conf default configure), its default IRQ is 4,
but SOS kernel will also assign IRQ4 to its ttyS1, they're sharing
one IRQ, and it can cause SOS boot hung issue, for HV not support
sharing IRQ now.
some boards use ttyS0 as debug uart, it has not this issue; for that
board, SOS will assign IRQ5 to its ttyS1, no sharing IRQ.
change it to IRQ6 to avoid the issue.
Tracked-On: #2030
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
106D No prototype for non-static function.
2 functions missing prototyle declarations in header file.
120S Use of bit operator on signed type.
123S Use of underlying enum representation value.
enum values are treated like unsigned integer in vmsr.c
Tracked-On: #861
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
With SMAP enabled, hypervisor can't access pages that
owned by guest(either SOS or UOS), and an override is
is provided: stac()/clac() to enable/disable access to
guest's memory pages.
Pre-conditon:
Mark hypervisor owned pages as supervisor mode (U/S = 0),
and set all othter memory pages as user mode (U/S = 1).
Tracked-On: #2056
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MTRR emulation belongs to virtual CPU component.
- rename mtrr.c to vmtrr.c and move it to arch/x86/guest
- rename mtrr.h to vmtrr.h and move it to include/arch/x86/guest
Tracked-On: #1842
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Intercept IA32_TSC_ADJUST MSR so that writing IA32_TSC_ADJUST from the
guests won't impact the TSC in root mode or potentially other vCPUs in
the same pCPU.
- MSR TSC_ADJUST needs to be isolated between normal and secure world,
so it's included in NUM_WORLD_MSRS.
- Upon writing to either IA32_TSC_ADJUST or IA32_TSC from the guests,
don't write to physical MSRS so it won't impact the host side, but
update the TSC offset VM-execution control.
- don't need to intercept rdmsr for IA32_TIME_STAMP_COUNTER.
- add the missing statement in save_world_ctx() to save the tsc_offset
during world switch.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
hypervisor initilization component triggered by boot component,
and it calls different components initilization functions from
the highest layer.
this patch added init.c and move reorged cpu init functions into
it, keep hardware management functions in cpu.c but move other
components' init function into init.c.
the hypervisor initilization components will call:
- init_cpu_pre
- init_cpu_post
- init_bsp
- init_debug_pre
- init_debug_post
- init_guest
- init_passthru
- enter_guest_mode
the hypervisor initilization component include files:
arch/x86/init.c
include/arch/x86/init.h
this component is higest layer, so there is no reverse dependencies for it.
v2:
- separate into 2 patches, 1 for reorg, 1 for pure move.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
reorg both init functions, separate the initilization of different
components.
v2:
- separate into 2 patches, 1 for reorg, 1 for pure move.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
functions like set_vcpuid_entries & guest_cpuid should only
server for virtual cpuid, so move such kind of functions
to guest/vcpuid.c.
and all native cpuid APIs will keep in cpuid.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Combination of BOARD and FIRMWARE is a more precious definition.
And we decide PLATFORM_XXX based on FIRMWARE, remove relative one in
board config.
We reserve PLATFORM for backward compatibility.
Tracked-On: #1995
Signed-off-by: Tw <wei.tan@intel.com>
Reviewed-by: Yin Fengwei < fengwei.yin@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
- enable NX feature in hypervisor:
1. Set 'XD' bit for all pages, including pages for guests
when initialize MMU tables in hypervisor.
2. remove 'XD' bit for pages that contain hypervisor instructions.
3. enable MSR EFER.NXE,which will enable page access restriction by
preventing instruction fetches form pages with XD bit set.
- remove "-Wl -z noexecstack" GCC flag option in hypervisor
Makefile as it would not affect stack attribute in hyervisor,
which setup stack itself, instead of by loader.
Tracked-On: #1122
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
