GPA of software SRAM is available only after
build_vrtct() function is called and the return
value of it is valid(Not NULL).
This patch fix bug in create_and_inject_vrtct()
function which violates above pre-condition when
calling get_software_sram_base_gpa().
Tracked-On: #5973
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Windows graphic driver obtains DSM address from in-BAR mmio register
which has passthroughed. Not like the other platforms obtained from
pci configure space register which has virtualized. GPU GuC must use
WOPCM in DSM, besides, Windows OS wants to manage DSM also. These two
reason force acrn has to keep identical mapping to avoid trap mmio
BAR to do the emulation.
Tracked-On: #5880
Signed-off-by: Peng Sun <peng.p.sun@intel.com>
Both Windows guest and Linux guest use the MSR MSR_IA32_CSTAR, while
Linux uses it rarely. Now vcpu context switch doesn't save/restore it.
Windows detects the change of the MSR and rises a exception.
Do the save/resotre MSR_IA32_CSTAR during context switch.
Tracked-On: #5899
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Remove the Power Management ('pm') parameters from the sample launch scripts.
and update the comments, At most one VM is allowed to use "--pm_notify_channel uart"
at a time, since only one socket connection to SOS life_mngr is allowed.
Remove it by default and allow user to add on demand
Tracked-On: #5736
Signed-off-by: li shuang <shuangx.li@intel.com>
A scenario can enable multiple IVSHMEM_REGIONs, loosen the restriction
to extend multiple regions support.
Tracked-On: #5863
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
This reverts commit ce9d5e8779.
Before readiness of better solution to fix SOS VM e820 and efi memmap mismatch
issue, revert this patch.
Tracked-On: #5626
Signed-off-by: Victor Sun <victor.sun@intel.com>
"is_tpm_passthru" would always return "False" with the existing logic.
1. Replace "get_leaf_tag_map_bool" with "get_leaf_tag_map". Instead returning a dictrionary with boolean diction values, just get the string value.
2. Return "True" if any vm has enabled the passtrhough tpm with option "y".
Tracked-On: #5710
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
ivshmem spec says that the size of BAR0 is 256 bytes. Windows
ivshmem driver will check the size of BAR0. It will refuse to
load the ivshmem driver if BAR0 size is not 256.
For post-launched VM hv land ivshmem BARs are allocated by
device model. For pre-launched VM hv land ivshmem BARs are
allocated by acrn-config tool. Both device model and acrn-config
tool should make sure that the BAR base addr are aligned to 4K
at least.
Tracked-On: #5717
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
PCI spec said that BAR base should be naturally aligned. But on
ACRN if the bar size < PAGE_SIZE, BAR base should be aligned with
PAGE_SIZE. This is because the minimal size that EPT can map/unmap
is PAGE_SIZE.
Tracked-On: #5717
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
RTVM is enforced to use 4KB pages to mitigate CVE-2018-12207 and performance jitter,
which may be introduced by splitting large page into 4KB pages on demand. It works
fine in previous hardware platform where the size of address space for the RTVM is
relatively small. However, this is a problem when the platforms support 64 bits
high MMIO space, which could be super large and therefore consumes large # of
EPT page table pages.
This patch optimize it by using large page for purely data pages, such as MMIO spaces,
even for the RTVM.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Tracked-On: #5788
To mitigate the page size change MCE vulnerability (CVE-2018-12207), ACRN would
clear the execution permission in the EPT paging-structure entries for large pages
and then intercept an EPT execution-permission violation caused by an attempt to
execution an instruction in the guest.
However, the current code would clear the execution permission in the EPT paging-
structure entries for small pages too when we clearing the the execution permission
for large pages. This would trigger extra EPT violation VM exits.
This patch fix this issue.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Tracked-On: #5788
SOS_RAM_SIZE/UOS_RAM_SIZE Kconfig are only used to calculate how many pages we
should reserve for the VM EPT mapping.
Now we reserve pages for each VM EPT pagetable mapping by the PLATFORM_RAM_SIZE
not the VM RAM SIZE. This could simplify the reserve logic for us: not need to
take care variable corner cases. We could make assume we reserve enough pages
base on the VM could not use the resources beyond the platform hardware resources.
So remove these two unused VM ram size kconfig.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Tracked-On: #5788
Add free_page to free page when unmap pagetable.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Tracked-On: #5788
For FuSa's case, we remove all dynamic memory allocation use in ACRN HV. Instead,
we use static memory allocation or embedded data structure. For pagetable page,
we prefer to use an index (hva for MMU, gpa for EPT) to get a page from a special
page pool. The special page pool should be big enougn for each possible index.
This is not a big problem when we don't support 64 bits MMIO. Without 64 bits MMIO
support, we could use the index to search addrss not larger than DRAM_SIZE + 4G.
However, if ACRN plan to support 64 bits MMIO in SOS, we could not use the static
memory alocation any more. This is because there's a very huge hole between the
top DRAM address and the bottom 64 bits MMIO address. We could not reserve such
many pages for pagetable mapping as the CPU physical address bits may very large.
This patch will use dynamic page allocation for pagetable mapping. We also need
reserve a big enough page pool at first. For HV MMU, we don't use 4K granularity
page table mapping, we need reserve PML4, PDPT and PD pages according the maximum
physical address space (PPT va and pa are identical mapping); For each VM EPT,
we reserve PML4, PDPT and PD pages according to the maximum physical address space
too, (the EPT address sapce can't beyond the physical address space), and we reserve
PT pages by real use cases of DRAM, low MMIO and high MMIO.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Tracked-On: #5788
memory_ops structure will be changed to store page table related fields.
However, secure world memory base address is not one of them, it's VM
related. So save sworld_memory_base_hva in vm_arch structure directly.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Tracked-On: #5788
Per-core software SRAM L2 cache may be flushed by 'mwait'
extension instruction, which guest VM may execute to enter
core deep sleep. Such kind of flushing is not expected when
software SRAM is enabled for RTVM.
Hypervisor disables MONITOR-WAIT support on both hypervisor
and VMs sides to protect above software SRAM from being flushed.
This patch disable ACRN guest MONITOR-WAIT support if software
SRAM is configured.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Per-core software SRAM L2 cache may be flushed by 'mwait'
extension instruction, which guest VM may execute to enter
core deep sleep. Such kind of flushing is not expected when
software SRAM is enabled for RTVM.
Hypervisor disables MONITOR-WAIT support on both hypervisor
and VMs sides to protect above software SRAM from being flushed.
This patch disable hypervisor(host) MONITOR-WAIT support.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Below boolean function are defined in this patch:
- is_software_sram_enabled() to check if SW SRAM
feature is enabled or not.
- set global variable 'is_sw_sram_initialized'
to file static.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Before the ACRN HV entered the S3, we would call cache_flush_invalidate_all to
flush all the caches into memory and invalidate the caches on each logical cpu
before we halt the cpu.
This was not a problem before we support pSRAM. Once pSRAM binary code has been
executed on the logical cpu, we could not flush the pSRAM cache into memory then.
Otherwise, the pSRAM cache can't been locked.
This patch removes cache_flush_invalidate_all in cpu_dead since we would not
support to put the ACRN HV into S3. Once we want to support put the ACRN HV into
S3, we would try other ways to flush the data caches in this cpu into memory and
valid whether that way is practical or not.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Tracked-On: #5806
add "--psram" in acrn dm arguments in launch scripts
when PSRAM_ENABLED=y and the VM is post-launched RTVM.
Tracked-On: #5649
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Acked-by: Victor Sun <victor.sun@intel.com>
This patch allows the invocation of configuration-related hypervisor
targets from the top-level Makefile. The configuration summary is now
reported by the hypervisor rather than inspecting the variables directly.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The top-level Makefile should not define any default value as the
hypervisor may have its own configurations set by previous builds.
This patch also changes the hypervisor default RELEASE to `n`.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch resolves the following bugs that break the targets `diffconfig`
and `applydiffconfig`:
- Comments after variable definitions cause the varaible to contain
unintended trailing whitespaces.
- HV_CONFIG_XML is no longer defined; it is now HV_SCENARIO_XML.
- '*.asl' files are also generated and should be involved when comparing
the generated configuration files.
- Strings between diacritic marks (`) are intepreted as shell commands
even they are part of informative messages.
- HV_DIFFCONFIG_LIST should not contain duplicated lines.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
For clarity, we now prefer y|n over 0|1 as the values of boolean options on
make command lines. This patch applies this preference to the Makefile of
the device model and tools, while RELEASE=0|1 is still supported for
backward compatibility.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
We already passes BOARD, SCENARIO and RELEASE to recursive `make`, which
makes it unnecessary to export those variables. This patch explicitly
passes TOOLS_OUT as well and removes the explicit export for clarity.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This hypercall handler may result in hypervisor
crash when an invalid 'gpa' is set, e.g. set its
top reserved bits.
This patch adds one more sanity check on input
'gpa' address from service VM to avoid potential
hypervisor crash.
Tracked-On: #5802
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Add the capability to disable or enable #AC for Split-locked Access
through <scenario>.xmls. This was implemented through Kconfig. Move this
configuration from Kconfig to xmls.
Tracked-On: #5798
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Monitor the listening socket in SOS mode and close any additional
connections after a socket connection is established. This ensures no
more than one post-launched VM can establish a pm_vuart channel.
Tracked-On: #5736
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
- Exit main() if pm_by_vuart_init() fails
- Use SIGHUP to gracefully power off a VM if pm_monitor_loop()
encounters a failure
- Identify a closed socket as a failure in pm_monitor_loop()
Tracked-On: #5736
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
RDT_ENABLED and PSRAM_ENABLED should not by y simultaneously.
Tracked-On: #5649
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Reviewed-by: Mao, Junjie <junjie.mao@intel.com>
Remove the the vuart1(tty) and vuart1(pty) poweroff channel from default
non-windows uos launch script xmls.
Tracked-On: #5736
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Accessing to software SRAM region is not allowed when
software SRAM is pass-thru to prelaunch RTVM.
This patch removes software SRAM region from service VM
EPT if it is enabled for prelaunch RTVM.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Define 'PRE_RTVM_SW_SRAM_ENABLED' only if both
prelaunch RTVM and Software SRAM are configured in
current scenario.
- Define 'PRE_RTVM_SW_SRAM_BASE_GPA' and
'PRE_RTVM_SW_SRAM_END_GPA' only if
'PRE_RTVM_SW_SRAM_ENABLED' is defined.
Tracked-On: #5649
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Per ACPI 6.x chapter 6.1, "A device object must contain either an _HID object
or an _ADR object, but should not contain both."
Remove this object otherwise iasl would complain
"Warning 3073 - Multiple types ^ (Device object requires either a _HID
or _ADR, but not both)"
when launch post-launched VM in devicemodel.
Tracked-On: #5719
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Per ACPI 6.x chapter 19.6.109, the Processor Operator is deprecated.
Replace it with Device Operator, otherwise the iasl would complain
"Warning 3168 -
Legacy Processor() keyword detected. Use Device() keyword instead."
when launch post-launched VM in devicemodel.
Tracked-On: #5719
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Provide EFI support for SOS could cause weird issues. For example, hypervisor
works based on E820 table whereras it's possible that the memory map from EFI
table is not aligned with E820 table. The SOS kernel kaslr will try to find the
random address for extracted kernel image in EFI table first. So it's possible
that none-RAM in E820 is picked for extracted kernel image. This will make
kernel boot fail.
This patch removes EFI support for SOS by not passing struct boot_efi_info to
SOS kernel zeropage, and reserve a memory to store RSDP table for SOS and pass
the RSDP address to SOS kernel zeropage for SOS to locate ACPI table.
The patch requires SOS kernel version be high than 4.20, otherwise the kernel
might fail to find the RSDP.
Tracked-On: #5626
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Current memory allocation algorithm is to find the available address from
the highest possible address below max_address. If the function returns 0,
means all memory is used up and we have to put the resource at address 0,
this is dangerous for a running hypervisor.
Also returns 0 would make code logic very complicated, since memcpy_s()
doesn't support address 0 copy.
Tracked-On: #5626
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
In previous code, the rsdp initialization is done in get_rsdp() api implicitly.
The function is called multiple times in following acpi table parsing functions
and the condition (rsdp == NULL) need to be added in each parsing function.
This is not needed since the panic would occur if rsdp is NULL when do acpi
initialization.
Tracked-On: #5626
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
In this way, all multiboot standard data structure could be found in
multiboot_std.h. The multiboot_priv.h stores all private definitions
and multiboot.h is the only public API header file.
Tracked-On: #5661
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
The device descriptor describes general information about a device,
the bcdUSB field contains a BCD version number. The version 3.2 is
represented with value of 0x320H. Add the missed BCD version in the
bcdUSB case statement. And modify the return value of address device
command in case create device failed.
Tracked-On: #5712
Signed-off-by: Liu Long <long.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Loosen the restriction of IVSHMEM_REGION of xsd validation. An ivshmem
region can be shared by more than two vms.
Tracked-On: #5672
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
