The vulnerability was scanned by Trivy on May 28,2024.
Vulnerability ID is GHSA-xphf-cx8h-7q9g and severity is medium,
with title iFrames Bypass Origin Checks for Tauri API Access Control.
I fixed the crash and checked by build-install-launch procedure, I confirm it was solved.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8613
I make this change during recent building configurator but got a failure.
The change is to fix the problem caused by vue3's strictly syntax chacking.
It is reported for newly releases only and before v3.2.25 it is a warning.
I follow the error message and suggestion to change the code.
Error message said "v-model cannot be used on a prop,
because local prop bindings are not writable".
Suggestion said "Use v-bind binding combined with v-on listener to emit update"
I ran the build & install procedure to verify the problem was solved.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8596
In hv, we implement the feature of thermal virtualization,
We want to use this GUEST_FLAG_VTM flag to enable and
disable this feature. So we mark this flag in config
tools.
Tracked-On: #8595
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Signed-off-by: Zhangwei6 <wei6.zhang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Python 3.12 adds escape sequence check in strings, if it is invalid,
a SyntaxWarning will be given. Fix it by using raw string notation
in regular expressions, and changing comments in unused string literal
to normal comments.
Tracked-On: #8588
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reported by dependabot and scanned by Trivy, there are two dependancies
for Rust crates and one for JavaScript 3rd-party library.
Select the correct versions to fix the issue and verify already.
Tracked-On: #8592
This patch adds ivshmem region ID configuration support when user
configure ACRN IVSHMEM devices via ACRN config tool, this ID provides
VMs with a stable identification of multiple shared memory regions.
Also add logic to generate launch script with region ID configured
as below:
`add_virtual_device 8 ivshmem hv:/shm_region_0,256,1`
Tracked-On: #8566
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add a new option CONSOLE_VM in scenario to set the default vm to be
outputted in hv console, when it is not set, acrn console will be
used (current behavior). This is intended for debugging vm boot issues.
Tracked-On: #8518
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Current acpi table adopts the DWordAddressSpace to
present the PCI hole above 4G. It is not correct,
because DWordAddressSpace is used to present the
mem space below 4G.
Follow the ACPI spec, modify to QWordAddressSpace here.
Refer: 19.6.22. CreateQWordField (Create 64-Bit Buffer Field)
Tracked-On: #8552
Signed-off-by: Zhangwei6 <wei6.zhang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
When LAML or LASA of TPM2 event log is 0, the log area is invalid. It
should not be configured in mmiodevs of vm_configurations.c.
Tracked-On: #8540
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Currently, for pre-launched VM, ACPI table is generated only when "reboot=acpi"
is added to cmdline in the scenario file. This patch removes this check support
that ACPI table must be generated automatedly for the Pre-launched VM.
Tracked-On: #8546
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
When enable TPM2 tag in acrn scenario file, can't pass compile:
File "../hypervisor/../misc/config_tools/acpi_gen/bin_gen.py", line 128, in tpm2_acpi_gen
ctype_data.start_method_specific_parameters[i] = int(start_method_parameters[i], 16)
ValueError: invalid literal for int() with base 16: '\n '
Fix this issue in tpm2_acpi_gen.
Tracked-On: #8516
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Some motherboards exposes MCFG1/MCFG2 instead of one ACPI MCFG table,
thus no /sys/firmware/acpi/tables/MCFG exists but MCFG1 and MCFG2.
Read MCFG1 if MCFG doesn't exist.
The same issue report/fix is at https://github.com/intel/pcm/issues/74.
Tracked-On: #8514
Signed-off-by: Xin Zhang <xin.x.zhang@intel.com>
Add four per-vm bvt parameters as the initial bvt parameter values for
vCPU threads.
- bvt_weight
The time sharing of a thread on CPU.
- bvt_warp_value
Boost value of virtual time of a thread (time borrowed from future) to
reduce Effective Virtual Time to prioritize the thread.
- bvt_warp_limit
Max warp time in one warp.
- bvt_unwarp_period
Min unwarp time after a warp.
Tracked-On: #8500
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
Abstract out schedulers config data for vCPU threads and other hypervisor
threads to sched_params structure. And it's used to initialize per
thread scheduler private data. The sched_params for vCPU threads come
from vm_config generated by config tools while other hypervisor threads
need give them explicitly.
Tracked-On: #8500
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
When we do init_all_dev_config() in pci.c, the pdevs added to pci dev_config
will be exposed to Service VM or passthru to prelauched VM. The original code
would find service VM config in every pci pdev init loop, this is unnecessary
and definitely impact performance. Here we generate Service VM config pointer
with config tool so that init_one_dev_config() could refer service VM config
directly.
Tracked-On: #8491
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
Signed-off-by: Victor Sun <victor.sun@intel.com>
1. using sockets_req_system_shutdown_user_vm_handler and sockets_req_system_reboot_user_vm_handler
wrapping function req_user_vm_shutdown_reboot
2. Modify the variable names SHUTDOWN_REQ to SYS_REBOOT_REQ
3. Add a handler for "ACK_REQ_SYS_REBOOT"
Tracked-On: #8431
Signed-off-by: Gaofei Sun <gaofeix.sun@intel.com>
Reviewed-by: Li Fei <fei1.li@intel.com>
Only Windows virtual machines can restart ACRN through life_mngr.
Added Linux and rtvm to restart acrn in life_mngr.
Tracked-On: #8431
Signed-off-by: Gaofei Sun <gaofeix.sun@intel.com>
Reviewed-by: Li Fei <fei1.li@intel.com>
doxygen will warn that documented return type is found for functions
that does not return anything in 1.9.4 or later versions. 'None' is
not a special keyword in doxyge, it will recognize it as description
to the return value that does not exist in void functions.
Tracked-On: #8425
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
An error will be raised if no cache level 3 information in board xml
file. this patch skips getting cache level 3 information when no l3 cache info
in config_summary.py.
Tracked-On: #8438
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In chroot environment, the running kernel is the host kernel, so uname
command cannot get the kernel verison in image. Since hmi-vm uses
GVT-d, and kernel 5.15 does not support newer iGPUs in 13th Gen
processors, this patch installs the linux-generic-hwe kernel (5.19)
instead of linux-modules-extra package.
In Ubuntu 22.04, package needrestart is installed by default to
interactively prompt user there is a pending kernel upgrade or serivces
need to be restarted in apt. This patch removes it.
Also, this patch expands hmi-vm image by 2GB to hold the new kernel and
runs 'apt autoremove' after everything is installed.
Tracked-On: #8448
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
currently, configurator will fail to generate config_summary.rst file if
user enable the "Cache Allocation Technology" because note function in rstcloth
is replaced by self.doc.note.
So this patch updates function and usage to fix this issue.
fixs: 9c2d0f8 ("config_tools: replace RstCloth library with class.")
Tracked-On: #8422
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Set GUEST_FLAG_VHWP guest flag for VMs who own pCPUs. Windows does not
manage CPU frequency in virtualized environment, so this flag is not set
for waag. Platforms without HWP capability should not have this flag
either.
Tracked-On: #8414
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
add customized parameters in the launch script generation logic.
If user specify customized parameters in configurator, we will
append them to the dm parameters for launching VMs.
Tracked-On: #8408
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
`modprobe msr` will be invoked if no /dev/cpu/#/msr is found.
If the "msr" module is built-in that check will pass and
no `modprobe msr` should be invoked.
fixes: aeab5a2 ("config_tools: update loading msr driver logic")
Tracked-On: #8410
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Linker option "-z,relro" will be automatically added to LDFLAGS when
building debian packages. Since x86_64-w64-mingw32-ld does not support
"-z" option, it causes failure in building the life_mngr windows exe.
And compared with ld, only "-z" option is not supported. This patch
fixes it by skipping the windows build of life_mngr if LDFLAGS contains
any "-z" option.
Tracked-On: #8399
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
9c2d0f8858 ("config_tools: replace RstCloth library with class.")
removes all usage of rstcloth in code, but the rstcloth package is not
removed from acrn-configurator and it will still download dependencies
for rstcloth. This patch simply removes it.
Tracked-On: #8395
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Currently, Configurator load fail because it needs to download
RstCloth related packages. This patch defines Doc class to replace
RstCloth library to fix this issue.
Tracked-On: #8395
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
If no TURBO_RATIO_LIMIT and TURBO_ACTIVATION_RATIO MSRs info
on target, board inspector will crash because of the IOError exception.
This patch captures the IOError exception to handle this error.
Tracked-On: #8380
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
If we use 5.15 kernel on rpl-p platform, some iomem info dumped with
non-ascii characters, then tool will raise a decode error.
So this patch filters non-ascii characters to handle this error.
Tracked-On: #8388
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The new board xml have add a "module" node under the "processors/die"
which has cause an issue when we run the summary, this patch use "//"
to select all "cpu_id" under the "processors".
Tracked-On: #8385
Signed-off-by: Chenli Wei <chenli.wei@intel.com>
Starting from elementpath 4.0.0, the XPath2Parser class no longer has a
SYMBOLS member and completeness checking based on that are removed as
well. This patch updates the elementpath_overlay in the config tools to fix
the compilation issue when using recent elementpath versions.
Tracked-On: #8368
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
LIST_FOREACH() doesn't allow var to be removed or freed within the
loop, but c_dev is freed inside the loop here. gcc 12 also reports
error on it. This patch uses list_foreach_safe() macro instead for
freeing var within the loop safely.
Tracked-On: #8382
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The switch to Ubuntu 22.04 for ACRN v3.2 requires a few changes to the
sample application scripts:
- user _apt cannot access debian packages in user directories, so copy
them to /tmp to install
- HMI-VM image size needs to be bigger (running out of space during
image update)
Tracked-On: #8352
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
For STANDARD_VM 'own_pcpu' default value is 'n'. But RTVM always own pCPUs.
So check 'own_pcpu' of RTVM and make sure it's set to 'y'.
Tracked-On: #8253
Signed-off-by: Yuanyua Zhao <yuanyuan.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The division operator in XPATH is `div`, not `/`. Fix it in an error
message of the assertions.
Tracked-On: #6690
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Commit ce6500893 ("board_inspector: use executables found under system
paths") unintendedly changes how acpi.py invokes `rdmsr` and that impacts
the type of the execution results and causes incompatible method calls when
the results are parsed.
Convert the invocation back to shell-style.
Fixes: ce6500893 ("board_inspector: use executables found under system paths")
Tracked-On: #8315
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Currently we use configurator to generate sample launch scripts and
configuration code, remove old ones and put all generated launch scripts
into generic_board.
Tracked-On: #6690
Signed-off-by: Xie, nanlin <nanlin.xie@intel.com>
Board inspector does not support multiple PCI segment. Stop running and
throw out the message for user to disable VMD from BIOS setting.
Tracked-On: #8327
Signed-off-by: yuchuyang <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Board inspector may throw an error if a usb device is unplugged or
disconnected while extracting usb device information. Print out the
debug message and continue parsing.
Tracked-On: #8325
Signed-off-by: yuchuyang <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
