The ivshmem region name format is not ristricted to start with "hv".
Loosen the schema validation so that the region name can start with "hv" or "dm".
Tracked-On: #6009
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Move Cache/TLB arch specific parts into cpu.h
After this change, we should not expose arch specific parts out from mmu.h
Tracked-On: #5830
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Allow guest set CR4_VMXE if CONFIG_NVMX_ENABLED is set:
- move CR4_VMXE from CR4_EMULATED_RESERVE_BITS to CR4_TRAP_AND_EMULATE_BITS
so that CR4_VMXE is removed from cr4_reserved_bits_mask.
- force CR4_VMXE to be removed from cr4_rsv_bits_guest_value so that CR4_VMXE
is able to be set.
Expose VMX feature (CPUID01.01H:ECX[5]) to L1 guests whose GUEST_FLAG_NVMX_ENABLED
is set.
Assuming guest hypervisor (L1) is KVM, and KVM uses EPT for L2 guests.
Constraints on ACRN VM.
- LAPIC passthrough should be enabled.
- use SCHED_NOOP scheduler.
Tracked-On: #5923
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
moving invvpid and invept helper code from mmu.c to mmu.h, so that they
can be accessed by the nested virtualization code.
No logical changes.
Tracked-On: #5923
Signed-off-by: Zide Chen <zide.chen@intel.com>
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- SOS does not allow LAPIC passthru unless nested virtualization is
enabled on SOS.
- Currently nested virtualization requires LAPIC passthru, so if
GUEST_FLAG_VMX_ENABLED is set, GUEST_FLAG_LAPIC_PASSTHROUGH must be
set in same VM.
- Per VM GUEST_FLAG_VMX_ENABLED can be set only if CONFIG_VMX_ENABLED
is set.
Tracked-On: #5923
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
NVMX_ENABLED: ACRN is built to support nested virtualization if set.
GUEST_FLAG_NVMX_ENABLED: indicates that the VMX capability can be present
in this guest to run nested VMs.
Tracked-On: #5923
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
TPAUSE, UMONITOR or UMWAIT instructions execution in guest VM cause
a #UD if "enable user wait and pause" (bit 26) of VMX_PROCBASED_CTLS2
is not set. To fix this issue, set the bit 26 of VMX_PROCBASED_CTLS2.
Besides, these WAITPKG instructions uses MSR_IA32_UMWAIT_CONTROL. So
load corresponding vMSR value during context switch in of a vCPU.
Please note, the TPAUSE or UMWAIT instruction causes a VM exit if the
"RDTSC exiting" and "enable user wait and pause" are both 1. In ACRN
hypervisor, "RDTSC exiting" is always 0. So TPAUSE or UMWAIT doesn't
cause a VM exit.
Performance impact:
MSR_IA32_UMWAIT_CONTROL read costs ~19 cycles;
MSR_IA32_UMWAIT_CONTROL write costs ~63 cycles.
Tracked-On: #6006
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
The xml schema validator would fail the build if RDT_ENABLED is set to ‘y’
in scenario file, saying that "'RDT' Unexpected child with tag 'MBA_DELAY'"
Tracked-On: #5917
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
The macro definition SOS_VM_BOOTARGS in vm_configurations.h calls
macros SOS_ROOTFS, SOS_CONSOLE and SOS_BOOTARGS_DIFF which is defined in
misc_cfg.h and parsed from scenario.xmls.
Add a whitespace in the end of the argument macros to prevent arguments
are concatenated in a single line.
Tracked-On: #5998
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
The current permission-checking and dispatching mechanism of hypercalls is
not unified because:
1. Some hypercalls require the exact vCPU initiating the call, while the
others only need to know the VM.
2. Different hypercalls have different permission requirements: the
trusty-related ones are enabled by a guest flag, while the others
require the initiating VM to be the Service OS.
Without a unified logic it could be hard to scale when more kinds of
hypercalls are added later.
The objectives of this patch are as follows.
1. All hypercalls have the same prototype and are dispatched by a unified
logic.
2. Permissions are checked by a unified logic without consulting the
hypercall ID.
To achieve the first objective, this patch modifies the type of the first
parameter of hcall_* functions (which are the callbacks implementing the
hypercalls) from `struct acrn_vm *` to `struct acrn_vcpu *`. The
doxygen-style documentations are updated accordingly.
To achieve the second objective, this patch adds to `struct hc_dispatch` a
`permission_flags` field which specifies the guest flags that must ALL be
set for a VM to be able to invoke the hypercall. The default value (which
is 0UL) indicates that this hypercall is for SOS only. Currently only the
`permission_flag` of trusty-related hypercalls have the non-zero value
GUEST_FLAG_SECURE_WORLD_ENABLED.
With `permission_flag`, the permission checking logic of hypercalls is
unified as follows.
1. General checks
i. If the VM is neither SOS nor having any guest flag that allows
certain hypercalls, it gets #UD upon executing the `vmcall`
instruction.
ii. If the VM is allowed to execute the `vmcall` instruction, but
attempts to execute it in ring 1, 2 or 3, the VM gets #GP(0).
2. Hypercall-specific checks
i. If the hypercall is for SOS (i.e. `permission_flag` is 0), the
initiating VM must be SOS and the specified target VM cannot be a
pre-launched VM. Otherwise the hypercall returns -EINVAL without
further actions.
ii. If the hypercall requires certain guest flags, the initiating VM
must have all the required flags. Otherwise the hypercall returns
-EINVAL without further actions.
iii. A hypercall with an unknown hypercall ID makes the hypercall
returns -EINVAL without further actions.
The logic above is different from the current implementation in the
following aspects.
1. A pre-launched VM now gets #UD (rather than #GP(0)) when it attempts
to execute `vmcall` in ring 1, 2 or 3.
2. A pre-launched VM now gets #UD (rather than the return value -EPERM)
when it attempts to execute a trusty hypercall in ring 0.
3. The SOS now gets the return value -EINVAL (rather than -EPERM) when it
attempts to invoke a trusty hypercall.
4. A post-launched VM with trusty support now gets the return value
-EINVAL (rather than #UD) when it attempts to invoke a non-trusty
hypercall or an invalid hypercall.
v1 -> v2:
- Update documentation that describe hypercall behavior.
- Fix Doxygen warnings
Tracked-On: #5924
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ehl-crb-b
enable CDP_ENABLED for RT in scenarios, enable ivshmem for industry
scenario, disable vuart0 in launch settings, passthru SATA for RTVM,
set virtio-net and virtio-blk for post-launched WaaG and YaaGs.
Tracked-On: #5955
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
1. Add whitespace in the string "ubuntu18.04";
2. Update the Kernel version;
3. Update ACRN qemu HV tag format and add a note.
Tracked-On: #5928
Signed-off-by: Kunhui Li <kunhuix.li@intel.com>
Fix a couple of typos in text displayed by a helper script
used when building ACRN. No functional change made to the
script itself.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Instead of "#include <x86/foo.h>", use "#include <asm/foo.h>".
In other words, we are adopting the same practice in Linux kernel.
Tracked-On: #5920
Signed-off-by: Liang Yi <yi.liang@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Add "transform" to generate following files with xsltproc in genconf.sh:
- ivshmem_cfg.h
- misc_cfg.h
- pt_intx.c
- vm_configurations.c
- vm_configurations.h
Add code formatter using clang-format. It formats the gernerated code
with customized condfiguration if clang-format package and configuraion
file ".clang-format" exist.
Add sed in genconf.sh "transform" to replace the copyright "YEAR" of generated files.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add comma to the last member of ivshmem pci devices.
If the last element ends without comma, the clang-format would attach
the brackets to the first and last lines.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add a xslt file "misc_cfg.h.xsl". This file is used to
generate misc_cfg.h which is used by hypervisor.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add a xslt file "ivshemem_cfg.h.xsl". This file is used to
generate ivshemem_cfg.h which is used by hypervisor.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add a xslt file "pt_intx.c.xsl". This file is used to
generate pt_intx.c which is used by hypervisor.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add a xslt file "vm_configurations.h.xsl". This file is used to
generate vm_configurations.h which is used by hypervisor.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add a xslt file "vm_configurations.c.xsl". This file is used to
generate vm_configurations.c which is used by hypervisor.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
This file allocates the resource of pio base.
The available pio base is in ['0x3F8', '0x2F8', '0x3E8', '0x2E8'] and it
cannot be used by native device.
When any of sos legacy vuarts are enabled, assign a pio base to legancy
vuarts' base.
The allocator follows rules:
1. An SOS legacy vuart only support PIO vuart.
2. To assign a pio base for sos legacy vuart 0:
- If the hv/DEBUG_OPTIONS/SERIAL_CONSOLE is one of
[ttys0, ttys1, ttys2, ttys3] and it's a pio vuart in the native
environment, the pio base of SOS legacy vuart 0 would be the same as
native one.
- If the hv/DEBUG_OPTIONS/SERIAL_CONSOLE is not one of
[ttys0, ttys1, ttys2, ttys3], assigns a pio base to SOS legacy vuart 0
from avilable pio base.
- If the hv/DEBUG_OPTIONS/SERIAL_CONSOLE is not one of
[ttys0, ttys1, ttys2, ttys3] but a pio vuart, will assigns a pio
base to SOS legacy vuart 0 from avilable pio base and raise a
warning to user.
3. To assign a pio base for sos legacy vuart 1:
- Assigns a pio base to SOS legacy vuart 1 from avilable pio base.
- If all the available pio bases list is empty (which means all are
in used by native), it assigns one of the pio base to SOS legacy
vuart 1 anyway, but raise a warning to user.
4. Assigned pio bases must be unique.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Create an intx.py which is a static allocator to allocate the irq
resources. The available irq list is based on the native irqs which
are in range [0, 15] and are not used by native os.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
If a cpu_affinity node of SOS is not present in the scenario.xml,
assign the native cpus which are not assigned to pre-launched vm to
SOS vm.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Refine the "append_node" which can add new node with an attribute and
return the appended node.
The method "get_node" finds the xpath value and return it if there is an
unique node exists, otherwise it returns None.
It is used to get an xpath element node or can determine the xpath existence.
The "get_text" is replaced with "get_node". The only get_text in
hv_ram.py is modified accordingly.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add lib.xsl under config_tools/xforms.
This lib.xsl contains the variables and customized functions for
xslt transformation.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Create lib.py which contains the common methods that are shared by static
allocators under misc/config_tools/static_allocators.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Create a file which contains user-defined errors for config-tools.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
<guest_flag/> may be treated as either empty string or null in xslt
transformation and xsd schema validation. Replace it with:
<guest_flag></guest_flag>
to avoid the undefined behavior.
The duplicate guest_flag are removed.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
This temporary release is based on the following commit:
commit 83b4731bab0423e3f9ffccfb37a882090be2f44a
Author: Tao Yuhong <yuhong.tao@intel.com>
Date: Wed Apr 14 07:43:11 2021 -0400
Change 64-bit MMIO BAR window to 256G-512G
DM maps 64-bit mmio BARs of vdev into 4G-5G, for post-launched VMs. At native
platform, 64-bit MMIO BARs which have 39-bit address, are always mapped into
256G-512G address space.
DM will change the address window of 64-bit vdev BARs of post-launched VMs to
256G-512G. That ask OVMF to do the same change, to boot from passthrough SATA/MVME
disks, which have 64-bit MMIO BAR.
Tracked-On: #5913
Signed-off-by: Peter Fang <peter.fang@intel.com>
ACRN didn't support dynamic memory allocation. SO it would reserve
a big page pool and use the GPA as index to get a page to do EPT
mapping. In order to save memory, we put high MMIO windows to [4G, 5G].
AFter we support dynamic page allocation for EPT mapping, we move
high MMIO windows to where it used to ([256G, 512G]) for 39 bits physical
address), we could move high memory to where is used to too ([4G, 4G +
size]).
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
DM maps 64-bit mmio BARs of vdev into 4G-5G, for post-launched VMs. At native
platform, 64-bit MMIO BARs which have 39-bit address, are always mapped into
256G-512G address space.
Change PCI_EMUL_MEMBASE64 to 256G, change PCI_EMUL_MEMLIMIT64 to 512G. So that
the 64-bit vdev BARs of post-launched VMs have same address space with native
platform.
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
clang-format is now used as part of the config tools creating c files
based on the XML configuration
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add a note to the "Device Model Parameters" document to emphasize
the need to use the '--windows' parameter to use Windows-as-a-Guest
(WaaG), else Windows will not recognize the virtual disk it has
been assigned.
Tracked-On: #5962
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
We should only map [low32_max_ram, 4G) MMIO region as UC attribute,
not map [low32_max_ram, low32_max_ram + 4G) region as UC attribute.
Otherwise, the HV will complain [4G, low32_max_ram + 4G) region has
already mapped.
Tracked-On: #5830
Signed-off-by: Li Fei1 <fei1.li@intel.com>
This patch fixes the 'uart=bdf@XXX' mechanism for the PCI serial
port devices which bar0 is not MMIO.
Tracked-On: #5968
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Signed-off-by: Li Fei <fei1.li@intel.com>
GPA of software SRAM is available only after
build_vrtct() function is called and the return
value of it is valid(Not NULL).
This patch fix bug in create_and_inject_vrtct()
function which violates above pre-condition when
calling get_software_sram_base_gpa().
Tracked-On: #5973
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Update known-issues pattern for PDF processing to also work with updated
xelatex tools from Ubuntu 20.04
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
PRs #5945 and #5949 introduced fixes to the doc building process to
support PDF generation of the documentation set. This PR refines the
doc build process, cleaning up the Makefile, adding display of tool
version information, and updates the doc building documentation to
include additional dependencies needed for building the PDF and
instructions for how to build the PDF. The latexpdf make target is
provided to just run the latex and PDF producing process that depends on
the HTML artifacts from a make html run. A new make pdf target is
provided that combines the two steps into one.
A new know-issues pattern file is added that verifies the expected
output from the latexpdf process is returned, as it can't be completely
eliminated without losing potential error messages that need to be
resolved.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
add 2 * max (IVSHMEM_SHM_SIZE, 2M) in HV_RAM_SIZE calculation to
avoid ram overflow caused by additional memory usage for shared
memory alignment.
Tracked-On: #5955
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
Both Windows guest and Linux guest use the MSR MSR_IA32_CSTAR, while
Linux uses it rarely. Now vcpu context switch doesn't save/restore it.
Windows detects the change of the MSR and rises a exception.
Do the save/resotre MSR_IA32_CSTAR during context switch.
Tracked-On: #5899
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
