This patch fixes potential hypervisor crash when calling
hc_hcall_write_protect_page()with a crafted GPA in
'struct wp_data' instance, e.g. an invalid GPA that is
out of the scope of target VM's EPT address space.
Tracked-On: #4669
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
AP trampoline code should be accessile to hypervisor only,
Unmap this memory region from service VM's EPT mapping
for security reason..
Tracked-On: #4112
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
1. Print warning message instead of panic when
the caller try to modify the attribute for
memory region or delete memory region that
are not present.
2. To avoid above warning message for memory region
below 1M,its attribute may be updated by Service
VM when updating MTTR setting.
Tracked-On: #4112
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In lib/string.c, strncmp doesn't consider condition "n_arg=0",
just add a process to "n_arg=0".
Tracked-On: #4115
Signed-off-by: fuyanx <yanx.fu@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch is to remove unused info in server.c
Tracked-On: #4111
Signed-off-by: xiaojin2 <xiaojing.liu@intel.com>
Reviewed-by: Liu, Xinwu <xinwu.liu@intel.com>
Acked-by: CHEN Gang <gang.c.chen@intel.com>
The return value of 'strtol()' is not checked properly
in _get_vmname_pid() @acrn_vm_ops.c and parse_opt()@acnrd.c,
the return type of 'strtol' is 'long int', but it is assigned
to a variable with type of 'int' and compared to "LONG_MAX"
and "LONG_MIN", which is always false.
This patch is to fix above error case.
Tracked-On: #4110
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
Acked-by: Yan, Like <like.yan@intel.com>
int snprintf(char *str, size_t size, const char *format, ...)
The functions snprintf() write at most size bytes (including the
terminating null byte('\0')) to str.
only when returned value of snprintf is non-negative and less than size,
the string has been completely written.
Tracked-On: #4109
Signed-off-by: Gao Junhao <junhao.gao@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
In function crb_reg_write() in tpm_rbc.c
'tpm_vdev->request_mutex' will potentially kept
in locked state after crb_reg_write() returns.
Tracked-On: #4108
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Yadong Qi <yadong.qi@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
In acrn_load_elf(), file pointer 'fp' is kept in
open state before exiting if 'load_elf32()' is executed,
this patch is to fix this bug.
Tracked-On: #4107
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
DIR handler is referenced after release, need to be adjusted before
released.
Tracked-On: #4106
Signed-off-by: Gao Junhao <junhao.gao@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
When removing node in list, list_foreach_safe will be safer than
LIST_FOREACH.
Tracked-On: #4104
Signed-off-by: Junhao Gao <junhao.gao@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
this patch is to fix error debug message
for invalid 'param' case, there is no string
variable for '%s' output, which will potenially
trigger hypervisor crash as it may access random
memroy address and trigger SMAP violation.
Tracked-On: #4114
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
checking the inputs explicitly instead of using Assert.
Tracked-On: #3991
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
TSC would be reset to 0 when enter suspend state on some platform.
This will fail the secure timer checking in secure world because
secure world leverage the TSC as source of secure timer which should
be increased monotonously.
This patch save/restore TSC in host suspend/resume path to guarantee
the mono increasing TSC.
Note: There should no timer setup before TSC resumed.
Tracked-On: #3698
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In release environment, binary files must be stripped in
order to remove debugging code sections and symbol information
that aid attackers in the process of disassembly and reverse
engineering.
Use '-s' linking option to remove symbol table and relocation
information from release binaries.
Tracked-On: #3433
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
'pcpu_id' should be less than CONFIG_MAX_PCPU_NUM,
else 'per_cpu_data' will overflow. This commit fixes
this potential overflow issue.
Tracked-On: #3407
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
va_end() was not getting called under certain condition
after the va_start() function call taking the va_list.
Tracked-On: #3406
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
va_end() was not getting called under certain condition
after the va_start() function call taking the va_list
Tracked-On: #3406
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Gang Chen <gang.c.chen@intel.com>
This patch is to fix some potential memory leak issues
1, free mrp if the mmio_rb_lookup() function return 0;
2, free memory allocated by strdup in some error case handling.
Tracked-On: #3333
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
When the IO/MMIO acccess on Android guest causes the trap to hypervisor,
it will be blocked until the ioreq emulation is completed.
In order to get the better performance, it will be better that the ioreq
emulation can be completed ASAP. As it is handled in SOS kernel, the
corresponding thread priority will be raised.
Tracked-On:#3242
Signed-off-by: Liu, Shuo <shuo.liu@intel.com>
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Map SIGINT(2) to watchdog reset.
NOTE:
We required guest to do a full reset after detect the recent last
reset type is watchdog. This is used to resume the passthru devices
in UOS.
Tracked-On: #3103
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
The old logic to process control transfer failure is not complete, this
patch is used to fix this issue.
Tracked-On: #2824
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
On some platforms, the VBus will drop after suspending is done, hence
a disconnect and re-connect for device connected before suspending will
be triggered in DM. But during the stress test, when the free memory is
limited to very low level, and put huge workload to SOS, under certain
possibility, the DM will receive re-connect event first and disconnect
event later, this behavior will result of failing to emulate USB device
to UOS.
The reason is due to a timing issue from libusb. Before we could upstream
fixing patch to libusb or find some other better solution, this workaround
patch will be used to avoid errors happen.
Tracked-On: #2823
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
When disable slot cmd is received by device model, the operation
should be: release the pci_xhci_dev_emu variable first, and signal
xhci_vbdp_thread to wakeup later. Tho old implementation is not
right, this patch is used to fix it.
Tracked-On: #2823
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Applying realtime scheduler to vcpu0 thread could trigger
stability issue. So revert it here.
Tracked-On: #2717
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
When run 'acrnctl add', acrnctl dryruns launch script to get
vmname. Acrnctl assumes there are no more than 64 words in each
line of the script, and creates a buffer to hold 64 pointers to these
words. But we didn't check if the number of words exceed 64 limitation,
which can lead to buffer overflow. This commit fixed this potential
overflow problem.
And also refine some confusing error messages in 'acrnctl add'
Tracked-On: #2734
Acked-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Dynamic memory stored in 'net' allocated through function 'calloc'
should be freed correspondingly when return fail.
Tracked-On: #2704
Signed-off-by: Jie Deng <jie.deng@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Should not set hci_address to zero during USB reset.
Tracked-On: #2633
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
String function of strlen()/vsnprintf() shuould be replaced.
This patch remove the strlen(). And vsnprintf() replaced by vasprintf().
Tracked-On: #2687
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
This patch refined the pmu passthru irq handling, which will re-enable
the PMC interrupt in the vlapic handler. So that can avoid some
interrupt storm situation happens.
This patch can fix the remaining Android perf CTS failure.
Tracked-On: #2598
Signed-off-by: Min He <min.he@intel.com>
For multiple guest os and particular audio features support domain id
and name is required.
Tracked-On: #2652
reviewed-by: Yu Wang <yu1.wang@intel.com>
reviewed-by: Yakui zhao <yakui.zhao@intel.com>
reviewed-by: Binbin Wu <binbin.wu@intel.com>
Signed-off-by: Marcin Pietraszko <marcin.pietraszko@intel.com>
