CMOS offset from 0x20 to 0x9F is used to store rpmb key information.
vsbl loader will init vrpmb key in CMOS when boot/reboot.
vsbl loader will not init vrpmb key during S3 resume.
vsbl will read vrpmb key via CMOS interface.
After reading, the key value is cleared in CMOS. So the key can only be
read once until next boot.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
In handle_resume(), wakeup_reason is updated before call
ops->ops->resume(). Because ops->ops->resume() needs to know the
latest wakeup reason.
Acked-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
It is necessary to notify the VHM and hypervisor on the completion of a VHM
request even when the UOS is in suspend or system reset mode because the VHM and
hypervisor rely on the notification to reset their own states on the
request.
Currently the VHM request state is checked against REQ_STATE_PROCESSING instead
of REQ_STATE_COMPLETE when handling system reset or suspend/resume, leading to a
completed request unnotified, and causing the HV to complain on an occupied VHM
request when it raises a new one.
This patch fixes this issue by properly notifying completed requests to the VHM
& hypervisor. Some concerns are raised during a discussion on the potential
races which does not hurt for now but may in the future. These considerations
and potential solutions are documented as comments for future reference.
Tracked-On: #895
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
This is the counterpart in DM to the VHM request state update in the
hypervisor. Major changes include:
* Remove accesses to the obsolete 'valid' member.
* Access the 'processed' member using atomic operations.
* Sync the documentation on vhm_request.
In addition, the new state transition also requires a VHM request to be always
handled properly, as there is no 'FAILED' state any more. Instead of crashing
the device model (and thus the UOS as well), the device model should return all
1s or ignore the request when it is to load from or store to an invalid address,
respectively.
Note: there is an issue in vm_system_reset() and vm_suspend_resume() where
completed VHM requests are not properly notified, causing the hypervisor to
complain as it sees uncompleted requests while trying to create a new one. This
issue will be resolved in a separate patch.
v1 -> v2:
* Use macro-defined constants for the default values for invalid PIO/MMIO
reads.
* Change the return type of vmexit_handler_t in DM to void as the return
values are no longer necessary.
* Remove VM_EXITCODE that are no longer used.
Tracked-On: #875
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
We do:
- pause target vm
- suspend all virtual devices
- wait for resume notification
- resume all virtual devices
- reset target vm
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Then, acrnctl could send command to monitor module of DM and call
functions defined in pm ops. One example is: acrnctl resume UOS
after UOS enter S3.
Also add general pm.c and move pm related function to this file.
Signed-off-by: Yan Like <like.yan@intel.com>
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
this patch fixes such an information leaking issue:
in case that after a UOS is destroyed, its memroy
will be reclaimed and maybe re-allocated for a new UOS,
then the previous UOS sensitive data in memory may
be leaked to the new UOS.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
acrn-manager message structure has a flexible member
payload[0], that risks to out-of-boundary memory access,
and usage of uninitialized variable.
And the req/ack message pairs has various types, which
extend mngr_msg. mngr_send_msg() requires programmer cast
the type of input messages to struct mngr_msg, that is
inconvenient.
We replace payload[0] with an union, which contains all
payload data. So that type cast for mngr_send_msg() is no
longer needed. And we can avoid potential out-of-boundary
memory accessing and using of uninitialized variable
Acked-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
This function add high level reset_vdev function. Which is
implemented to call deinit/init pairing to emulate the virtual
device reset operation.
This patch also add the system reset which keep the UOS RAM
content functionality to DM.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Guest has erquirement to support system/full reboot and S3. Which could
trigger different reset path in guest
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
GUEST_CFG_OFFSET is used to pass the memory top info from DM
to HV. The address should be in E820 reserved range to prevent
guest use it for other purpose.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
6300esb has bit in its register to show whether the watchdog
timeout is hit.
This patch adds this bit support. So the guest could query
whether last reset is triggered by watchdog reset.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Cao Minggui <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Tested-by: Binbin Wu <binbin.wu@intel.com>
* introduce EXTRA_VERSION to replace RC_VERSION
* add daily tag into the version information
* unify the hypervisor and device model version
Signed-off-by: Jack Ren <jack.ren@intel.com>
- UOS will boot fail if 'strictio' is enabled ('-e' option), in this
case (with '-e'), device model will block all PIO accesses whose
handlers were not registered, after that, device model program will
exit, hence UOS boot fail.
actually, such kind of accesses exist, e.g. UOS would program
PIT registers (port address: 0x43) if hpet is disabled.
- For debug, we can trap unexpected PIO access in 'default_inout()'
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Current option of removing vGSI capability is global, which exposes
vIOAPIC link for all ptdev even only one need this. This patch makes
it as ptdev local option to lower the system level impact. To keep
vGSI for MSI capable ptdev, just explicitly append ",keep_gsi" in
option list, like "-s 14,passthru,0/e/0,keep_gsi"
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Update the vcpu id type as uint16_t for vm_create_vcpu, this
keeps alignment with the updates for the structure acrn_create_vcpu
used by hcall_create_vcpu in the hypervisor.
In the device model, the caller is responsible for vcpu id type
conversion; vcpu id type is uint16_t for external interface in the
current implement.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
check if there are enough free huge pages(1GB & 2MB now) for UOS,
if no, it will try to reserve more pages for UOS.
here are two examples
1. if system has free huge pages: 1 page of 1GB size, 0 page of 2MB.
one UOS need 2GB + 500MB memory, it will try to reserve one more 1GB
page and 250 2MB pages from system. If enough free system memory, it
can succeed.
2. if system has free huge pages: 4 pages of 1GB size, 0 page of 2MB.
one UOS need 2GB + 500MB, 1GB huge pages 4 > 2, it's enough, and 2 pages
left. It will try to reserve 250 2MB pages from system free memory,
if failed, it will try to release 1 of the 2 left 1GB pages. And then
try to reserve 250 2MB pages.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
when add/create vcpu failed, before it just exits,
and the resource will not released; now if failed,
let DM release the resource.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
pincpu and vmexit_pause both aligned to lower p, it is a bug, vmexit_pause should align with P(upper).
Missing enable_bvmcons usage so add -b in help prints.
remove redundant tab blank to keep same indentation.
Signed-off-by: Chris Ye <chris.ye@intel.com>
vsbl layout has been changed.
Previously, vsbl start from 64bit mode.
This patch changes the vsbl load code according to the
layout change of vSBL.
The new vsbl binary added reset vector support.
It will start from reset vector in real mode.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
For the platform without virtual bootloader, dm will load uos kernel
directly, and hv will set rip according to uos kernel entry.
In current code, uos bsp starts from 64bit mode, so 64bit kernel entry
is used.
This patch series sets uos bsp to protected mode on such platform, so
32bit kernel entry is choosed.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Adapt dm-monitor and acrnctl to use the helper functions and new message
definitions in acrn_mngr.h.
These jobs must be done in one commit to avoid build problems:
1. message transmission and callback registration code are moved
to libacrn-mngr.a, so old functions in dm-monitor could be removed to
make code clean;
2. remove unnecessary monior_msg.h;
3. minor changes to acrnctl accordingly.
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Wang, Yu <yu1.wang@intel.com>
signed-off-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
With '--ptdev_no_reset', DM doen not abort but warn when assign PCIe
dev without reset capability.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
-memory was dereferenced after being freed:
MACRO 'LIST_FOREACH()' dereference
'client' for next list node after 'client'
was freed.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Current only 8 vioapic pins for pci irq (total 24 with 16 reserved),
which easily leads virtual GSI sharing with more and more passthrough
devices. This patch doulbes vioapic pin count and adds reboot hooks to
allocate from same pin after each reboot.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
With curren code, DM will ignore the SIGHUP signal generated from
SOS reboot that causes DM will not release resource when SOS reboot
occurs.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Move all virtual devices init/deinit to function to simplify the
failure path of main loop. In the future, new virtual device will
not touch main loop.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
- Move the variable local_time from main.c to rtc.c
- Change vrtc_init to return int instead of pointer to vrtc. We do
track vrtc in struct vmctx.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Print an error message and exit rather than using assert, so it is
more obvious what the problem is and no core files are produced.
Fixes#61
Signed-off-by: Icarus Sparry <icarus.w.sparry@intel.com>
Following functions have never been used anywhere.
Let's remove them.
fbsdrun_muxed()
fbsdrun_vmexit_on_hlt()
fbsdrun_vmexit_on_pause()
fbsdrun_disable_x2apic()
Remove weird prefix "fbsdrun" from following functions' name.
fbsdrun_virtio_msix() --> virtio_uses_msix()
fbsdrun_start_thread() --> start_thread()
Signed-off-by: Jie Deng <jie.deng@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove weird prefix "fbsdrun" from the function name.
Since "fbsdrun_addcpu" has never been called by external
functions, Let's remove its declaration from "dm.h" and
make it as a static function to keep consistency with
"fbsdrun_deletecpu".
Signed-off-by: Jie Deng <jie.deng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
