This patch fixes potential hypervisor crash when calling
hc_hcall_write_protect_page()with a crafted GPA in
'struct wp_data' instance, e.g. an invalid GPA that is
out of the scope of target VM's EPT address space.
Tracked-On: #4669
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
TSC would be reset to 0 when enter suspend state on some platform.
This will fail the secure timer checking in secure world because
secure world leverage the TSC as source of secure timer which should
be increased monotonously.
This patch save/restore TSC in host suspend/resume path to guarantee
the mono increasing TSC.
Note: There should no timer setup before TSC resumed.
Tracked-On: #3698
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For apl_sdc_stable branch, we now have stac and clac to set and
clear AC bit of rflags. But it can't handle following sequence:
stac
stac
clac
user mode address access here will trigger page fault
clac
This patch introduce two more functions:
- stac_save: Save the rflags and set AC bit
- ac_restore: Restore the AC bit saved to rflags
Now, only sbuf_put/get are using these new APIs.
Tracked-On: #2525
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Since the profiling utilizes the limited size of buffer to capture
sample data, dropping samples could happen while collecting data
if data is generated faster than flushing by consumer. Capturing
the dropped sample info is critical to understand how much the data
is reliable to use.
To capture the information, the new hypercall "PROFILING_GET_STATUS"
is introduced.
Tracked-On: #2474
Signed-off-by: Manisha Chinthapally <manisha.chinthapally@intel.com>
Signed-off-by: Min Lim <min.yeol.lim@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Min Lim <min.yeol.lim@intel.com>
The patch simplifies the way to merge the msr vmexit loading list with HV,
which was already merged to master.
Tracked-On: #2422
Signed-off-by: Min Lim <min.yeol.lim@intel.com>
tool
The msr load/restore during vmexit/vmenty is enabled in HV by
default. The profiling has assumption that it's only user for this
feature, which could overwrite of HV default setting.
This fix combines the msr load list for vmexit when profiling.
Tracked-On: #2422
Signed-off-by: Min Lim <min.yeol.lim@intel.com>
to edge interrupt, like eth device, it can triger the interrupt again
when its IRQ in softirq entry queue or in timer list.
in current design, for sofrirq entry, it calls "list_del" before
"list_add_tail", to avoid the entry added twice.
so for interrupt delay timer, add to check if it is started
then just drop the next one; to avoid it enqueue twice.
Tracked-On: #2365
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
The array index of 'vm_list' may be out of bound.
Updated size of profiling_vm_info_list
Bug: ACRN-2544
Tracked-On: #2385
Signed-off-by: Manisha Chinthapally <manisha.chinthapally@intel.com>
This is to align the types used in hypervisor core and profiling.
That cleans up unnecessary type conversions. It also fixes inconsistent
tab/space in data structures.
Tracked-On: #2257
Signed-off-by: Min Lim <min.yeol.lim@intel.com>
Profiling tools are broken, which cause page faults during collection.
The issue happens by enabling SMAP recently. Therefore,
stac() and clac() are used to allow access to buffers allocated
by guest.
Tracked-On: #2157
Signed-off-by: Min Lim <min.yeol.lim@intel.com>
IO completion polling will access vcpu and vm structs. If doing it in
idle thread, there might be some race issues between vm destroying and
idle thread. They are running on different cores.
Got suggestion from Fengwei, decouple the polling action from idle
thread and just do it in vcpu thread, then we can guarantee idle thread
in really idle status.
Tracked-On: #1821
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Now, need_reschedule will test_and_clear the bit NEED_RESCHEDULE in
schedule context, then call schedule. It is not a exact match with the
name.
This patch move the flag clearing into scheudle, and need_reschedule
just check and return.
Tracked-On: #1821
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
this function is not from libc but has the same name,
atoi() in libc is unbounded and not safe.
replace this function with 'strtol_deci()' in this case.
Tracked-On: #2187
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- bugfix:the actual 'size' of memory region that
to be updated is incorrect.
- replace CONFIG_UEFI_STUB with DMAR_PARSE_ENABLED
when update memory pages for ACPI_RECLAIM region,
as DMAR_PARSE_ENABLED may be enabled on non-EFI
platform.
V2 update:
wrap roundup to 2M and rounddown to 2M inline
functions.
Tracked-On: #2056
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
acrntrace/log kernel modules will use this hypercall to fetch
pcpu num of hardware platform. Then, initialize driver accordingly.
Tracked-On: #1775;#1776
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
Now one macro is added to define the alignment requirement.
>#define __aligned(x) __attribute__((aligned(x)))
Some code uses the __aligned(x) to define the alignment while the other
code uses the original alignment definition.
So they are unified.
Tracked-On: projectacrn/acrn-hypervisor#2131
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fixes the MISRA-C violations on implicit type conversion.
For ptirq vpin source type, there is no need to define a enum.
Remove enum ptirq_vpin_source.
Define two macro:
- PTDEV_VPIN_IOAPIC
- PTDEV_VPIN_PIC
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Use enhanced rep fast-string operation to refine memcpy_s.
And assume that the destination and the source would not overlap.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
For security, this patch add one flag per vm and disable snoop control
for sos and enable snoop control for uos by default.
v2: add one flag in vm, not in iommu domain.
v3: add vm null check
Tracked-On: #2086
Signed-off-by: Zhipeng Gong <zhipeng.gong@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
By switching AP wakeup from broadcast to one by one, we could
set correct stack for each AP and drop the temp stack used during
AP boot.
Tracked-On: #2034
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
there is no need to clear CR4.TSD as there is no user mode
in ACRN hypervisor.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
36D Prototype and definition name mismatch
pci_scan_bus() and sharing_mode_find_vdev() wrong parameter in prototype.
14D Attempt to change parameter passed by value.
vmsix_table_rw() uses function parameter as local viarable.
Tracked-On: #861
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
106D No prototype for non-static function.
2 functions missing prototyle declarations in header file.
120S Use of bit operator on signed type.
123S Use of underlying enum representation value.
enum values are treated like unsigned integer in vmsr.c
Tracked-On: #861
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
With SMAP enabled, hypervisor can't access pages that
owned by guest(either SOS or UOS), and an override is
is provided: stac()/clac() to enable/disable access to
guest's memory pages.
Pre-conditon:
Mark hypervisor owned pages as supervisor mode (U/S = 0),
and set all othter memory pages as user mode (U/S = 1).
Tracked-On: #2056
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MTRR emulation belongs to virtual CPU component.
- rename mtrr.c to vmtrr.c and move it to arch/x86/guest
- rename mtrr.h to vmtrr.h and move it to include/arch/x86/guest
Tracked-On: #1842
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Intercept IA32_TSC_ADJUST MSR so that writing IA32_TSC_ADJUST from the
guests won't impact the TSC in root mode or potentially other vCPUs in
the same pCPU.
- MSR TSC_ADJUST needs to be isolated between normal and secure world,
so it's included in NUM_WORLD_MSRS.
- Upon writing to either IA32_TSC_ADJUST or IA32_TSC from the guests,
don't write to physical MSRS so it won't impact the host side, but
update the TSC offset VM-execution control.
- don't need to intercept rdmsr for IA32_TIME_STAMP_COUNTER.
- add the missing statement in save_world_ctx() to save the tsc_offset
during world switch.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
hypervisor initilization component triggered by boot component,
and it calls different components initilization functions from
the highest layer.
this patch added init.c and move reorged cpu init functions into
it, keep hardware management functions in cpu.c but move other
components' init function into init.c.
the hypervisor initilization components will call:
- init_cpu_pre
- init_cpu_post
- init_bsp
- init_debug_pre
- init_debug_post
- init_guest
- init_passthru
- enter_guest_mode
the hypervisor initilization component include files:
arch/x86/init.c
include/arch/x86/init.h
this component is higest layer, so there is no reverse dependencies for it.
v2:
- separate into 2 patches, 1 for reorg, 1 for pure move.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
This patch fixes incorrect vm_id captured when sampling PMU data. Currently,
the vm_id gets attributed to ACRN hypervisor, rather than actual guest vm_id.
The issue is identified that the existing code captures the guest vm info
after vmexit_hander function is completed, in which the profiling module
points its context to VMM. When the vmexit happens by PMI, the guest context
should be captured so that the attribution to proper guest vm can happen.
This change will also allow to capture more accurate TSC when vmexit happens.
Tracked-On: #2043
Signed-off-by: Min Lim <min.yeol.lim@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
functions like set_vcpuid_entries & guest_cpuid should only
server for virtual cpuid, so move such kind of functions
to guest/vcpuid.c.
and all native cpuid APIs will keep in cpuid.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- enable NX feature in hypervisor:
1. Set 'XD' bit for all pages, including pages for guests
when initialize MMU tables in hypervisor.
2. remove 'XD' bit for pages that contain hypervisor instructions.
3. enable MSR EFER.NXE,which will enable page access restriction by
preventing instruction fetches form pages with XD bit set.
- remove "-Wl -z noexecstack" GCC flag option in hypervisor
Makefile as it would not affect stack attribute in hyervisor,
which setup stack itself, instead of by loader.
Tracked-On: #1122
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. change its APIs as more indepentent, and modify the callers' code
2. limit its global variables as static, and return const to the callers
3. remove unused code in "CONFIG_CMA"
Tracked-On: #1842
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. e820 is modulized as separated files.
2. move boot_regs into multiboot.h as it's related with
multiboot info header
Tracked-On: #1842
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
based on previous patch, we can move idt.S and idt.h out of boot component
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently there are two fields in ext_context to emulate IA32_PAT MSR:
- ia32_pat: hold the value of the emulated IA32_PAT MSR
- vmx_ia32_pat: used for load/store IA32_PAT MSR during world switch
This patch moves ext_context->ia32_pat to the common placeholder for
emulated MSRs acrn_vcpu_arch->guest_msrs[].
Also it renames ext_context->vmx_ia32_pat to ext_context->ia32_pat to
retain same naming convention in struct ext_context.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- implement unified APIs to access guest_msrs[] under struct acrn_vcpu.
- use these new APIs to read/write emulated TSC_DEADLINE MSR
- switch world_msrs[] and guest_msrs[] during world switch for MSRs that
need world isolation
- remove the old guest_msrs[] array and it's index macros.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Create two arrays for emulated MSRs:
- guest_msrs[] in struct acrn_vcpu_arch: emulation for all MSRs that are
included in emulated_guest_msrs[].
- world_msrs[] in struct cpu_context: it has separate copies for secure and
normal world for those MSRs that are in the first NUM_WORLD_MSRS entries
in emulated_guest_msrs[].
Split vmsr.c/emulated_msrs[] into 3 smaller arrays:
- emulated_guest_msrs[]: corresponding MSRs are emulated in guest_msrs[]
- mtrr_msrs[]: emulated MTRRs are saved in vMTRR module
- unsupported_msrs[]: GP for any guest accesses
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Identifier reuse may arise confusion. So should minimize the case of it
as much as possible. This patch is try to do this except the PCI related
module.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
On platforms, that do not support APICv register virtualization, all the
x2APIC MSRs need to intercepted by ACRN for emulation.
Tracked-On: #1973
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
