ASSERT is only for debug purpose, for release version, it should try
error handling instead of deadloop there.
v1:
- change the ASSERT under release version to empty code
TODO: revise all ASSERT usage
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong (Eddie.dong@intel.com)
Generate all common virtual cpuid entries for flexible support of
guest VCPUID emulation, by decoupling from PCPUID.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Chen, Jason CJ <jason.cj.chen@intel.com>
microcode update from UOS is disabled.
microcode version checking is available for both SOS and UOS.
There are two TODOs of this patch:
1. This patch only update the uCode on pCPUs SOS owned. For the
pCPUs not owned by SOS, the uCode is not updated. To handle
this gap, we will have SOS own all pCPUs at boot time. So
all pCPUs could have uCode updated. This will be handled
in the patch to enable SOS own all pCPUs at boot time.
2. gva2gpa now doesn't check possible page table walk failure.
Will add the failure check in gva2gpa in different patch.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Anthony Xu (anthony.xu@intel.com)
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
Add a global boot_cpu_data to cache common cpu capbility/feature
for detect cpu capbility/feature.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
As mentioned in https://github.com/projectacrn/acrn-documentation/pull/38
on some operating systems, the ``gnu-efi`` package installs the
linker under a ``gnuefi`` folder in ``${LIBDIR}``. This is the
case in Fedora for example. Check if the gnuefi folder is there
and use it if it is in the path to the linker. This PR fixes the
Makefile rather than documenting how to edit it yourself.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
this patch is to detect and enable only APICv features which
are actually supported by the processor, instead fo tuning on
all features by default.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
-If "virtual-interrupt delivery" VM-execution control is 0,
Processor will causes an APIC-write VM exit if page offset
is 0xB0 (EOI), SDM Vol3, Chapter 29.4.3
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
this patch save native lapic configuration and restore it to vm0's vlapic
before its running, then doing hpet timer interrupt injection through vlapic
interface -- this will not mess up vlapic and we can see hpet
timer interrupt coming continuously.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
we added uefi stub for hv, and want vm0 continue running under uefi env to
boot other uefi payload (osloader or bzImage).
during this, the uefi timer irq need be handled elegantly.
there are 3 types for uefi timer:
1. 8254 based on IRQ0 of PIC
2. HPET based on IOAPIC
3. HPET based on MSI
currently, we only support type 3 (HPET+MSI). But we are following a
in-correct flow to handle this timer interrupt:
- we set VMX_ENTRY_INT_INFO_FIELD directly if a timer interrupt happened
before vcpu launching, this will make its vlapic mess up, which finally
cause hpet timer stop.
this patch remove this in-correct approach, the new approach patch will
be followed by next patch.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
If you build for a platform (e.g. uefi) and right after that for
another platform ('sbl'), the new build will fail and a version.h
file is left in the tree (bsp/uefi/include/bsp/version.h or
bsp/sbl/include/bsp/version.h depending on the order you built one
after the other). This commit makes git ignore any of those in case
it is there. Note that 'make clean' with the corresponding
PLATFORM variable will clean this file.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
According to the explaination for pref_address
in Documentation/x86/boot.txt, a relocating bootloader
should attempt to load kernel at pref_address if possible.
But due to a non-relocatable kernel will unconditionally
move itself and to run at perf address, no need to copy
kernel to perf_address by bootloader.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
info->phys_pin need be used by ptdev_build_native_rte when updating entry
TODO: currently ptdev entry is virtual based, the better solution should
be physical based.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
It is possible that the vm-entry fails in vmresume instr under some scenarios.
It will pass to next instruction following vmresume. In such case it will call
the vmlaunch again.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
1. refine multiboot related code, move to /boot.
2. firmware files and ramdisk can be stitched in iasImage;
and they will be loaded as multiboot modules.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Add 'CPU_PAGE_MASK' used for calculate address,
Change IA32E_REF_MASK from 0x7ffffffffffff000 to 0x000ffffffffff000
for MMU/EPT entry, bit62:52(ignore) bit63(VE/XD)
if we want to obtain the address from the MMU/EPT entry,need to clear
bit63:52 by IA32E_REF_MASK
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
This patch is prepared for enabling secure world feature.
this api will create new eptp for secure world, whose PDPT
entries are copied form normal world,the PML4/PDPT for secure
world are separated from Normal World, PD/PT are shared in the
Secure World's EPT and Normal World's EPT.Secure world can
access Normal World's memory, but Normal World can not access
Secure World's memory
This function implemented:
-- Unmap specific memory from guest ept mapping
-- Copy PDPT from Normal world to Secure world
-- Map specific memory for Secure world
-- Unmap specific memory from SOS ept mapping
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Replace ASSERT in lib functions with error message print and return a
value indicating error to allow the caller of lib functions to handle
the error.
Change-Id: If166484238dc0734041adfdbb19a5b374c044e33
Signed-off-by: Yan, Like <like.yan@intel.com>
On the APL NUC board (CPU family: 0x6 model: 92), the monitor is buggy.
We can't use it to wake up CPU core from mwait by memory monitor.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add key info structure
add sworld_eptp in vm structure, and rename ept->nworld_eptp
add secure world control structure
Change-Id:
Tracked-On:220921
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
"-O2 -D_FORTIFY_SOURCE=2":
GCC C-Compiler can analyze the source code to be compiled and detect
certain insecure sections, that might create a security problem. The
compiler will replace the insecure function calls with special hardened
code that will perform extra runtime checks while the process is
executed.
"-Wformat -Wformat-security":
It warns about calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as in
"printf (foo);". This may be a security hole if the format string came
from untrusted input and contains %n.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
acrn.efi is an EFI executable image and not a linux kernel image.
This commit changes linux to efi in the boot-loader configuration.
For more reference please review:
https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/
Signed-off-by: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
