In launch script, update cpu offline method to fix the issue
that it isn't offline cpu on ADL-S board.
Tracked-On: #6266
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Guest may not use INVEPT instruction after enabling any of bits 2:0 from
0 to 1 of a present EPT entry, then the shadow EPT entry has no chance
to sync guest EPT entry. According to the SDM,
"""
Software may use the INVEPT instruction after modifying a present EPT
paging-structure entry (see Section 28.2.2) to change any of the
privilege bits 2:0 from 0 to 1.1 Failure to do so may cause an EPT
violation that would not otherwise occur. Because an EPT violation
invalidates any mappings that would be used by the access that caused
the EPT violation (see Section 28.3.3.1), an EPT violation will not
recur if the original access is performed again, even if the INVEPT
instruction is not executed.
"""
Sync the afterthought of privilege bits from guest EPT entry to shadow
EPT entry to cover above case.
Tracked-On: #5923
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MSR_IA32_VMX_EPT_VPID_CAP is 64 bits. Using 32 bits MACROs with it may
cause the bit expression wrong.
Unify the MSR_IA32_VMX_EPT_VPID_CAP operation with 64 bits definition.
Tracked-On: #5923
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With virtio polling mode enabled, a timer is running in the virtio
backend service. And the timer will also be triggered if its frondend
driver didn't do the device reset in shutdown. A freed virtio device
will be accessed in the polling timer handler.
Do the virtio reset() callback specifically to clear the polling timer
before the free.
Tracked-On: #6147
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
enable_s5.rst has a couple of literalinclude directives referencing
sample scripts that were moved and now go through a symbolic link to the
new folder. Symbolic links don't work on Windows, so change the
references in enable_s5.rst to not go through the symbolic link.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch sets the MemoryOverwriteRequestControl (MORCtrl for short)
EFI variable before jumping to hypervisor.
Setting variable MemoryOverwriteRequestControlLock (MORCtrlLock for
short) can also be enabled by manually adding -DMORCTRL_LOCK_ENABLED to
CFLAGS.
Setting MORCtrl indicates to the platform firmware that memory be
cleared upon system reset. Setting MORCtrlLock for the first time will
render both MORCtrl and MORCtrlLock to read-only, until next reset.
Tracked-On: #6241
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
This patch implements the container_load_modules function.
This function loads multiboot modules following multiboot protocol.
Tracked-On: #6241
Signed-off-by: Toshiki Nishioka <toshiki.nishioka@intel.com>
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
This patch implements the container_load_boot_image function.
This function loads boot image following multiboot protocol.
Tracked-On: #6241
Signed-off-by: Toshiki Nishioka <toshiki.nishioka@intel.com>
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Previous patches introduces an abstract struct HV_LOADER to do two
things: load boot image and load boot modules. This patch provides an
implementation barebone of container. The implementation of critical
functions container_load_boot_image and container_load_modules will come
in coming patches.
Tracked-On: #6241
Signed-off-by: Toshiki Nishioka <toshiki.nishioka@intel.com>
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
This patch adds a file containing some helper functions to load
or validate ELF32 images.
Tracked-On: #6241
Signed-off-by: Toshiki Nishioka <toshiki.nishioka@intel.com>
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
This patch adds a file containing some helper functions to search or parse
multiboot headers.
Tracked-On: #6241
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Signed-off-by: Toshiki Nishioka <toshiki.nishioka@intel.com>
This patch adds code to prepare multiboot1 info passed to hypervisor.
Tracked-On: #6241
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Signed-off-by: Toshiki Nishioka <toshiki.nishioka@intel.com>
This patch adds code to prepare multiboot2 info passed to hypervisor.
Currently we prepare only the following information to hypervisor:
Boot command line
Boot loader name
Modules
Memory Map
ACPI table
EFI64 system table
EFI memory map
Tracked-On: #6241
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Signed-off-by: Toshiki Nishioka <toshiki.nishioka@intel.com>
ACRN EFI application based on the legacy efi-stub code provides booting method
of HV on UEFI-BIOS without using the GRUB Bootloader. It is supposed to be used
for secure booting on certain platform. By means of that users can boot HV,
Service VM kernel, pre-launched VM kernel and its ACPI table binary packed in
the Slim Bootloader container boot image file format. ACRN EFI application has
additional dependencies to compile which are not listed in the existing ACRN GSG
doc. Since this is an optional feature but not all users need, it does not get
compiled by default to avoid causing any confusion for existing users. README
for how to use the feature will come later in a separated commit.
This patch adds barebone implementation of this efi-stub. The following
files are reused from a previous version of efi-stub without changes:
efilinux.h, pe.c, stdlib.h
Other files contains stubbed functions, whose implementation will come
in coming patches.
Tracked-On: #6241
Signed-off-by: Toshiki Nishioka <toshiki.nishioka@intel.com>
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Co-developed-by: Yifan Liu <yifan1.liu@intel.com>
1. Update the necessary libraries to consistent with the "Build ACRN From Source"
document in the "Getting Started Guide" document.
2. Delete the related introduction with acrngt.conf and launch_uos_id1.sh files in
"Getting Started Guide" document.
3. Update WHL-IPC-I7 board's processor in Supported HW document.
4. Add cpu_affinity element's description in ACRN Configuration Data.
5. Update the description for shm_region in Launch XML format.
6. Update configurable/readonly attributes values.
7. Update the description for hv.CAPACITIES.MAX_MSIX_TABLE_NUM in schema/config.xsd.
Tracked-On: #5692
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
This patch updates recommendations to upgrade from a prior ACRN version for
v2.5.
v2:
* Apply suggestions from review.
* Remove descriptions on the scenario XML upgrade tool.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
update fixed security vulnerabilities for 2.5 release.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Tweak references to account for renaming the getting started guide in
PR #6226 and create a redirect link from the previous filename.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Updates to the Getting Started Guide:
* Update title to simply be "Getting Started Guide"
* Simplify and remove instructions that are redundant
* Add a note explaining the difference between 'nuc11tnbi5' and
'nuc11tnhi5'
Tracked-On: #6225
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Update the ACRN documentation with regards to the supported HW:
* Remove outdated reference to Apollo Lake and Kaby Lake
* Re-order HW platforms in "Supported HW" to be consistent throughout
the document
* Use the '|copy|' and '|trade|' replacements
* Update the recommendation for creating nnon-existant $(BOARD).xml
Tracked-On: #6227
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
1. Update the rt_industry_ubuntu GSG file from WHL Maxtang to NUC11TNHi5.
2. Update the ACRN-hypervisor branch and ACRN-Kernel version to release_2.5.
3. Update the BIOS setting for NUC11TNHi5.
4. Update the rt-ind-ubun-hw-1.png and rt-ind-ubun-hw-2.png images for NUC11TNHi5;
And add the native-ubuntu-on-NVME-3.png and native-ubuntu-on-SATA-3.png pictures.
5. Update the PCI device IDs and busses in /usr/share/acrn/launch_hard_rt_vm.sh
for this new platform.
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Update the "Enable ACRN Over QEMU/KVM" tutorial:
* Remove the steps explaining how to add the Virtio blk driver
to the Service VM kernel. It is now part of the default
configuration
* Add a note to make it more obvious that the tutorial assumes
that the compilation of ACRN and its kernel is done *inside*
the QEMU VM that will serve as the Service VM for ACRN
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
