In current code process, hyperv data in struct vm_arch is never cleared
during VM shutdown and is retained to next VM launch. As the enabled
bit of hypercall_page msr is not clear, hypercall page might cause fatal
error such as Windows VM BSOD during VM restart and memory
remapping. Hyperv page destory function can ensure hyperv page is
destory during each VM shutdown so hyperv related config such as
hypercall page is established correctly during each VM launch.
Tracked-On: #8755
Signed-off-by: Yichong Tang <yichong.tang@intel.com>
Add reset_control in acrn_vm. Use this reset_control to simulate
RESET_CONTROL(0xCF9) register in hypervisor.
Tracked-On: #8724
Signed-off-by: Yuan Lu <yuan.y.lu@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Service VM may write 0x6 to port 0xcf9 to trigger a warm reset, but
current hypervisor always performs a cold reset by writing 0xE to CF9.
Hypervisor should reboot the system in the same mode as Service VM
specified. Specific OS features (like linux pstore) requires warm
reset to keep data across reboot.
The behavior of hv console's reboot command (cold reset) remains
unchanged.
Tracked-On: #8539
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Per SDM, VPDPBUSD/VPDPBUSDS/VPDPWSSD/VPDPWSSDS instructions depend on
CPUID Feature Flag 'AVX-VNNI, AVX512_VNNI, AVX512VL'. 'AVX512_VNNI' and
'AVX512VL' are already exposed to any VM.
'AVX-VNNI' is in CPUID.(EAX=07H,ECX=1):EAX.AVX-VNNI[bit 4]. This patch
is to expose all the CPUID.EAX=07H subleaf features to VMs.
Mask corresponding bits if want to disable some features in the future.
Tracked-On: #8710
Reviewed-by: Fei Li <fei1.li@intel.com>
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
Remove unreachable code branch in line 163:
if CR0 enabled WP, supervisor-mode writing a read-only page have
been checked in line 109.
Merge redundant checking:
if smap is enabled, supervisor-mode can't access user-mode address
when eflags.ac disabled.
Tracked-On: #8708
Signed-off-by: Haoyu Tang <haoyu.tang@intel.com>
Some hypercalls return -ENODEV which should be set into RAX as return
value, e.g. HC_ASSIGN_PCIDEV. So, remove the check in
vmcall_vmexit_handler() and change return value to -EACCESS if the
hypercall is not sent from Service VM or allowed VM.
Tracked-On: #8598
Signed-off-by: Yi Sun <yi.y.sun@linux.intel.com>
This patch fixes the following testability issues identified by the dynamic
module test.
Global variables defined in function scope cannot be referenced outside
the function, making it impossible to check the return value of these
functions.
Tracked-On: #861
Signed-off-by: Chen, Jinshi <jinshi.chen@intel.com>
Guest VM, such as Linux, may read RESET_CONTROL(0xCF9) register
before writing to, in this case, ACRN should not always return
dummy value.
Tracked-On: #8688
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
GAI Tooling Notice: These contents may have been developed with support from one
or more generative artificial intelligence solutions.
ACRN hypervisor is decomposed into a series of components and modules. The
module design in hypervisor is to add inline doxygen style comments above
functions, macros, structures, etc.
This patch is to add comments for some elements in hwmgmt_page module.
Tracked-On: #8665
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
GUEST_FLAG_STATELESS indicates guest is running a stateless operating
system and need to be shutdown forcefully without data loss. This flag
is only appalicable to pre-launched VM. For TEE_VM, this flag will be
set implicitly.
Tracked-On: #8671
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Now multiboot modules memory is already reserved from e820 in function
`alloc_mods_memory()` and Service VM will not corrupt pre-launched VM
modules.
So remove the code of Service VM delayed loading.
Tracked-On: #8652
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
This patch is to allow user to pin vUART timer to specific pCPU via ACRN
config tool. User can configure by setting "vUART timer pCPU ID" under
Hypervisor->Advanced Parameters.
Tracked-On: #8648
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
This patch fixes the following error:
error: variable 'sid' is used uninitialized whenever 'if' condition is true
[-Werror,-Wsometimes-uninitialized]
Tracked-On: #861
Signed-off-by: Gao, Shiqing <shiqing.gao@intel.com>
1. Enable Service VM to power off or restart the whole platform even when RTVM is running.
2. Allow Service VM stop the RTVM using acrnctl tool with option "stop -f".
3. Add 'Service VM supervisor role enabled' option in ACRN configurator
Tracked-On: #8618
Signed-off-by: YuanXin-Intel <xin.yuan@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Jian Jun Chen <jian.jun.chen@intel.com>
When resume from s3, Service VM OS will hang because timer interrupt on
BSP is not triggered. Hypervisor won't update physical timer because
there are expired timers on pcpu timer list.
Add suspend and resume ops for modules that use timers.
This patch is just for Service VM OS. Support for User VM will be added
in the future.
Tracked-On: #8623
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
Now only BSP is reset. After Service VM OS resumes from s3, APs'
apic_base_msr are incorrect with x2apic bit en.
To avoid incorrect states, do `reset_vm` after resume.
Tracked-On: #8623
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
After Service VM OS resumes from s3, BSP starts APs asynchronously,
followed by IPIs to APs to resume tsc. This process takes place in
function `host_enter_s3`. While, APs' lapic are not ready to accept IPI
interrupt, so BSP fails to resume tsc.
So enable lapic earlier to make sure that APs are ready.
Tracked-On: #8623
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
In current implementation, if there are multiple continous 4k-aligned
modules, 0-sized e820 entries will be created between these regions.
And for non-4k-aligned modules, when two of them are located in one
page, the second memory range will not be reserved as it was not in
one e820 entry after the first is reserved, making it vulnerable.
This patch fixes it by marking the exact memory range of multiboot
modules as unusable first, then shrinking the e820 entries to page
boundary. If the module crosses multiple e820 entries, possibly due
to a buggy bootloader, hypervisor will panic immediately to prevent
modules getting corrupted.
Tracked-On: #8617
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Some cpuids will return invalid values on hybrid platform because of the
error in the pointer arithmetic. Add `(void *)` before
`cpu_cpuids.leaves`.
Leaf 0x14 is used to report Intel Processor Trace Enumeration and varies
between P-cores and E-cores on hybrid platform. So add it to
`hybrid_leaves`.
Tracked-On: #8608
Fixes: 59a8cc4c2 ("hv: cpuid: make leaf 0x4 per-cpu in hybrid architecture")
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In HV, cpuid uses the lower 32 bits of rax\rbx\rcx\rdx registers to pass parameters,
But the software does not clear the upper 32-bit registers, if the guest
uses 64-bit variables to pass parameters to cpuid,guest will use rax\rbx\rcx\rdx,
not eax\ebx\ecx\edx, the previous value of the high 32 registers will affect the guest.
Tracked-On: #8605
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: andi6 <andi6@xiaomi.com>
P-cores and E-cores accessing leaf 0x2U/0x14U/0x16U/0x18U/0x1A/0x1C/0x80000006U
will have different information in hybrid architecture.
So add them to per-cpu list in hybrid architecture and directly return
the physical value.
Note: 0x14U is hided and return 0.
Tracked-On: #8608
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
Leaf 0x6 returns thermal and power management information. In
hybrid architecture, P-cores and E-cores have different information.
Add leaf 0x6 to per-cpu list in hybrid architecture and handle specific
cpuid access.
Tracked-On: #8608
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
Leaf 0x4 returns deterministic cache parameters for each level. In
hybrid architecture, P-cores and E-cores have different cache
information.
Add leaf 0x4 to per-cpu list in hybrid architecture and handle specific
cpuid access.
Tracked-On: #8608
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
CPUID returns processor identification and feature information.
Different pcpus may return different infos. That is, the info is
per-cpu.
In hybrid architecture, per-cpu leaf is different from the previous. So
introduce a struct percpu_cpuids to indicate the per-cpu leaf. struct
percpu_cpuids will consist of two parts: generic percpu leaves and
hybrid related percpu leaves.
This patch is just to add generic percpu leaves.
Tracked-On: #8608
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
CPUID leaf 1f is preferred superset of leaf 0b, currently ACRN exposes
leaf 0b but leaf 1f is empty so the 2 leaves mismatch, and so
application will follow the SDM to check 1f first.
Tracked-On: #8608
Signed-off-by: Xin Zhang <xin.x.zhang@intel.com>
This patch can fetch the thermal lvt irq and propagate
it to VM.
At this stage we support the case that there is only one VM
governing thermal. And we pass the hardware thermal irq to this VM.
First, we register the handler for thermal lvt interrupt, its irq
vector is THERMAL_VECTOR and the handler is thermal_irq_handler().
Then, when a thermal irq occurs, it flags the SOFTIRQ_THERMAL bit
of softirq_pending, This bit triggers the thermal_softirq() function.
And this function will inject the virtual thermal irq to VM.
Tracked-On: #8595
Signed-off-by: Zhangwei6 <wei6.zhang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In this phase, we only use one VM to control thermal.
So we make thermal MSRs readable and writable by this VM.
This VM is flagged with GUEST_FLAG_VTM, and can
read/write thermal MSRs.
For the VMs not flagged with GUEST_FLAG_VTM,
can only read these thermal MSRs to get current status.
Tracked-On: #8595
Signed-off-by: Zhangwei6 <wei6.zhang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Leave canary of stack protector untouched on pCPU
if it has been initialized, instead of generating a new one.
Tracked-On: #8577
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
ppt_page_pool.bitmap should be zero-initialized. Also fixes the wrong
indention in allocate_ppt_pages().
Tracked-On: #8559
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
In the triple fault handler, post-launched VMs are instantly turned
off. Now a vm event is generated simultaneously. So that
developers can capture the event and decide what to do with it. (e.g.,
logging and populating diagnostics, or poweroff VM)
Tracked-On: #8547
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
This patch creates vm_event support in HV, including:
1. Create vm_event data type.
2. Add vm_event sbuf and its initializer. The sbuf will be allocated by
DM in Service VM. Its page address will then be share to HV through
hypercall.
3. Add an API to send the HV generated event.
Tracked-On: #8547
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Abstract out schedulers config data for vCPU threads and other hypervisor
threads to sched_params structure. And it's used to initialize per
thread scheduler private data. The sched_params for vCPU threads come
from vm_config generated by config tools while other hypervisor threads
need give them explicitly.
Tracked-On: #8500
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
make_request sets the request bit, and signal_event wakes the vcpu
thread. If we signal_event comes first, the target vCPU has a chance to
sleep again before processing the request bit.
Tracked-On: #8507
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
When all vCPU threads on one pCPU are put to sleep (e.g., when all
guests execute HLT), hv would schedule to idle thread. Currently the
idle thread executes PAUSE which does not enter any c-state and consumes
a lot of power. This patch is to support HLT in the idle thread.
When we switch to HLT, we have to make sure events that would wake a
vCPU must also be able to wake the pCPU. Those events are either
generated by local interrupt or issued by other pCPUs followed by an
ipi kick.
Each of them have an interrupt involved, so they are also able to wake
the halted pCPU. Except when the pCPU has just scheduled to idle thread
but not yet halted, interrupts could be missed.
sleep-------schedule to idle------IRQ ON---HLT--(kick missed)
^
wake---kick|
This areas should be protected. This is done by a safe halt
mechanism leveraging STI instruction’s delay effect (same as Linux).
vCPUs with lapic_pt or hv with CONFIG_KEEP_IRQ_DISABLED=y does not allow
interrupts in root mode, so they could never wake from HLT (INIT kick
does not wake HLT in root mode either). They should continue using PAUSE
in idle.
Tracked-On: #8507
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
~0UL is widely used to specify the maximum memory size
when calling e820_alloc_memory(), this patch to define
a MACRO for it to avoid using this magic number.
Tracked-On: #8502
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
For a pdev which allocated to prelaunched VM or owned by HV, we need to check
whether it is a multifuction dev at function 0. If yes we have to emulate a
dummy function dev in Service VM, otherwise the sub-function devices will be
lost in guest OS pci probe process.
Tracked-On: #8492
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
Signed-off-by: Victor Sun <victor.sun@intel.com>
When we do init_all_dev_config() in pci.c, the pdevs added to pci dev_config
will be exposed to Service VM or passthru to prelauched VM. The original code
would find service VM config in every pci pdev init loop, this is unnecessary
and definitely impact performance. Here we generate Service VM config pointer
with config tool so that init_one_dev_config() could refer service VM config
directly.
Tracked-On: #8491
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
Signed-off-by: Victor Sun <victor.sun@intel.com>
Rename is_allocated_to_prelaunched_vm to allocate_to_prelaunched_vm as
it not only checks whether the PCI device is allocated to a Pre-launched
VM but also associate it with Pre-launched VM's dev_config.
Tracked-On: #8491
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
On some platforms, the last e820 entry may not be of type E820_TYPE_RAM,
such as E820_TYPE_ACPI_NVS which may also be used by Service VM.
So we need take all e820 entry types into account when finding the upper
bound of Service VM EPT mapping.
Tracked-On: #8495
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
doxygen will warn that documented return type is found for functions
that does not return anything in 1.9.4 or later versions. 'None' is
not a special keyword in doxyge, it will recognize it as description
to the return value that does not exist in void functions.
Tracked-On: #8425
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The Hardware Feedback Interface (HFI) and Intel® Thread Director (ITD)
features require OS to provide a physical page address to
IA32_HW_FEEDBACK_PTR. Then the hardware will update the processor
information to the page address. The issue is that guest VM will program
its GPA to that MSR, causing great risk of tempering memory.
So HFI and ITD should be made invisible to guests, until we provide
proper virtulization of those features.
Tracked-On: #8463
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
ffs64() returns INVALID_BIT_INDEX (0xffffU) when it tries to deal with
zero input value. This may happen In calculate_logical_dest_mask() when
the guest tries to write some illegal destination IDs to MSI config
registers of a pt-device. The ffs64() return value is used as per_cpu
array index, and it would cause a page fault.
This patch adds protection to the per_cpu array, making this function
return zero on illegal value. As in logical destination's definition, a
zero logical designation would point to no CPU.
Fixes: 89d11d91e
Tracked-On: #8454
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
According to SDM Vol3 11.12.10, in x2APIC mode, Logical Destination has
two parts:
- Cluster ID (LDR[31:16])
- Logical ID (LDR[15:0])
Cluster ID is a numerical address, while Logical ID is a 16bit mask. We
can only use Logical ID to address multi destinations within a Cluster.
So we can't just 'or' all the Logical Destination in LDR registers to
get one mask for all target pCPUs. This would get a wrong destination
mask if the target Destinations are from different Clusters.
For example in ADL/RPL x2APIC LDRs for core 2-5 are 0x10001 0x10100
0x20001 0x20100. If we 'or' them together, we would get a Logical
Destination of 0x30101, which points to core 6 and another core.
If core 6 is running a RTVM, then the irq is unable to get to
core 2-5, causing the guest on core 2-5 driver fail.
Guests working in xAPIC mode may use 'Flat Model' to select an
arbitrary list of CPUs as its irq destination. HV may not be able to
include them all when transfering to physical destinations, because
the HW is working in x2APIC mode and can only use 'Cluster Model'.
There would be no perfect fix for this issue. This patch is a simple
fix, by just keep the first Cluster of all target Logical Destinations.
Tracked-On: #8435
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Guests bootloader may read MSR_PLATFORM_INFO to get TSC frequency for
time measurement, so injecting #GP on read may crash the vm on boot.
This patch emulates MSR_PLATFORM_INFO with 0, same behavior in kvm, to
tell the guest it's a virtualized environment.
Tracked-On: #8406
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Thermal events are delivered through lapic thermal LVT. Currently
ACRN does not support delivering those interrupts to guests by
virtual lapic. They need to be virtualized to provide guests some
thermal management abilities. Currently we just hide thermal
lvt from guests, including:
1. Thermal LVT:
There is no way to hide thermal LVT from guests. But we need do
something to make sure no interrupt can be actually trigered:
- skip thermal LVT in vlapic_trigger_lvt()
- trap-and-emulate thermal LVT in lapic-pt mode
2. As We have plan to introduce virtualization of thermal monitor in the
future, we use a vm flag GUEST_FLAG_VTM which is default 0 to control
the access to it. So that it can help enabling VTM in the future.
Tracked-On: #8414
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Changes made by this patch includes:
1. Emulate HWP and pstate MSRs/CPUIDs. Those are exposed to guest when
the GUEST_FLAG_VHWP is set:
- CPUID[6].EAX[7,9,10]: MSR_IA32_PM_ENABLE(enabled by hv, always read
1), MSR_IA32_HWP_CAPABILITIES, MSR_IA32_HWP_REQUEST,
MSR_IA32_HWP_STATUS,
- CPUID[6].ECX[0]: MSR_IA32_MPERF, MSR_IA32_APERF
- MSR_IA32_PERF_STATUS(read as base frequency when not owning pCPU)
- MSR_IA32_PERF_CTL(ignore writes)
2. Always hide HWP interrupt and package control MSRs/CPUIDs:
- CPUID[6].EAX[8]: MSR_IA32_HWP_INTERRUPT(currently ACRN is not able
to deliver thermal LVT virtual interrupt to guests)
- CPUID[6].EAX[11,22]: MSR_IA32_HWP_REQUEST_PKG, MSR_IA32_HWP_CTL
Tracked-On: #8414
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
