Commit Graph

4386 Commits

Author SHA1 Message Date
Alexander Merritt
b0acad338e HV: extra methods for extracting header fields
Add some encapsulation of utilities which read PCI header space using
wrapper functions. Also contain verification of PCI vendor to its own
function, rather than having hard-coded integrals exposed among other
code.

v3->v2
        Changed the return type of pci_pdev_read_cfg_secbus
        from 32-bit to 8-bit

v2->v1
	Function names changed to follow Coding guidelines

Tracked-On: #4134
Signed-off-by: Alexander Merritt <alex.merritt@intel.com>
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
2019-12-10 09:52:17 +08:00
Victor Sun
f237ca2104 HV: clean up DMAR MACROs for sample platform acpi info
Remove redundant DMAR MACROs for given platform_acpi_info files because
CONFIG_ACPI_PARSE_ENABLED is enabled for all boards by default. The DMAR
info for nuc7i7dnb is kept as reference in the case that ACPI_PARSE_ENABLED
is not set in Kconfig.

As DMAR info is not provided for apl-mrb, the platform_acpi_info.h under
apl-mrb config folder is meaningless, so also remove this file and let
hypervisor parse ACPI for apl-mrb;

Tracked-On: #3977

Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-12-10 09:52:17 +08:00
Victor Sun
2ba1848980 HV: move dmar info definition to board.c
The DMAR info is board specific so move the structure definition to board.c.
As a configruation file, the whole board.c could be generated by acrn-config
tool for each board.

Please note we only provide DMAR info MACROs for nuc7i7dnb board. For other
boards, ACPI_PARSE_ENABLED must be set to y in Kconfig to let hypervisor parse
DMAR info, or use acrn-config tool to generate DMAR info MACROs if user won't
enable ACPI parse code for FuSa consideration.

The patch also moves the function of get_dmar_info() to vtd.c, so dmar_info.c
could be removed.

Tracked-On: #3977

Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-12-10 09:52:17 +08:00
Victor Sun
e9a1ace1cc HV: link CONFIG_MAX_IOMMU_NUM and MAX_DRHDS to DRHD_COUNT
The value of CONFIG_MAX_IOMMU and MAX_DRHDS are identical to DRHD_COUNT
which defined in platform ACPI table, so remove CONFIG_MAX_IOMMU_NUM
from Kconfig and link these three MACROs together.

Tracked-On: #3977

Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-12-10 09:52:17 +08:00
Jack Ren
bce4b61db7 version: v1.4
Signed-off-by: Jack Ren <jack.ren@intel.com>
2019-11-22 11:53:31 +08:00
lirui34
8f59749ad5 doc: remove rt gsg kernel info
No need rt kernel info in gsg doc.

Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-22 11:25:18 +08:00
Lei, Lu
cf68b00ba8 doc: update acrn ootb doc
1. Update acrn.efi name in acrn ootb scripts
2. Add licenses to acrn ootb scripts
3. Add format U disk step
4. Add execute permission to ootb script
5. Fix wrong img name
6. update clearlinux version to 31600

Signed-off-by: Lei, Lu <leix.lu@intel.com>
2019-11-22 09:11:47 +08:00
lirui34
2f679e4a51 doc: Update 1.4 versions and some words
Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-22 09:11:32 +08:00
David B. Kinder
3c79f980b5 doc: put v1.0 docs back in version menu
We've been keeping the doc version choice list trimmed as new doc
version releases are made, but the v1.0 version should remain.  (Note
that the documents for all previously published versions are still
available on the server, but they were included in the menu choice).
This PR puts the 1.0 choice back in.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-11-21 14:02:05 +08:00
Deb Taylor
da2abd690b Doc: Content edits to the AGL as VMs docs
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-21 14:01:51 +08:00
hongliang
b8e706a953 doc: edit agl-vms.rst adjust to v1.3 2019-11-21 14:01:35 +08:00
Yonghua Huang
05a930529c doc: add mitigation description for CVE-2018-12207 in advisory
Mitigation for this vulnerability is applied in 1.4 release, update
 related notes in adviosry.

Tracked-On: #4101
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
2019-11-21 14:01:21 +08:00
Binbin Wu
bcefd67363 hv: config: add an option to disable mce on psc workaround
Add a option MCE_ON_PSC_WORKAROUND_DISABLED to disable the software
workaround for the issue Machine Check Error on Page Size Change.

Tracked-On: #4121
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-11-18 13:40:24 +08:00
Binbin Wu
241a811f42 hv: ept: apply MCE on page size change mitigation conditionally
Only apply the software workaround on the models that might be
affected by MCE on page size change. For these models that are
known immune to the issue, the mitigation is turned off.

Atom processors are not afftected by the issue.
Also check the CPUID & MSR to check whether the model is immune to the issue:
CPU is not vulnerable when both CPUID.(EAX=07H,ECX=0H).EDX[29] and
IA32_ARCH_CAPABILITIES[IF_PSCHANGE_MC_NO] are 1.

Other cases not listed above, CPU may be vulnerable.

Tracked-On: #4121
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-11-18 13:40:24 +08:00
Binbin Wu
3834f6ac96 hv: ept: disable execute right on large pages
Issue description:
-----------------
Machine Check Error on Page Size Change
Instruction fetch may cause machine check error if page size
and memory type was changed without invalidation on some
processors[1][2]. Malicious guest kernel could trigger this issue.

This issue applies to both primary page table and extended page
tables (EPT), however the primary page table is controlled by
hypervisor only. This patch mitigates the situation in EPT.

Mitigation details:
------------------
Implement non-execute huge pages in EPT.
This patch series clears the execute permission (bit 2) in the
EPT entries for large pages. When EPT violation is triggered by
guest instruction fetch, hypervisor converts the large page to
smaller 4 KB pages and restore the execute permission, and then
re-execute the guest instruction.

The current patch turns on the mitigation by default.
The follow-up patches will conditionally turn on/off the feature
per processor model.

[1] Refer to erratum KBL002 in "7th Generation Intel Processor
Family and 8th Generation Intel Processor Family for U Quad Core
Platforms Specification Update"
https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/7th-gen-core-family-spec-update.pdf
[2] Refer to erratum SKL002 in "6th Generation Intel Processor
Family Specification Update"
https://www.intel.com/content/www/us/en/products/docs/processors/core/desktop-6th-gen-core-family-spec-update.html

Tracked-On: #4121
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
2019-11-18 13:40:24 +08:00
Deb Taylor
e0d14b70e6 Doc: Grammatical edits to the 1.4 Release Notes.
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-12 09:31:02 +08:00
lirui34
d8bd508875 doc: Release notes v1.4
Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-12 09:30:48 +08:00
Deb Taylor
90a611344b Doc: Grammatical edits to the Advisory doc.
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-12 09:30:35 +08:00
lirui34
c6bccd5cea doc: Add Advisory notes
Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-12 09:30:21 +08:00
Deb Taylor
94394ae98d Doc: Grammatical edits to the Enable S5 Guide.
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-12 09:30:08 +08:00
lirui34
b16e598763 doc: enable s5 guide
Add instruction of enabling s5.

Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-12 09:29:53 +08:00
lirui34
d473cafe0f dm: Add licenses to the scripts.
Add licenses to the scripts:
```
devicemodel/samples/apl-mrb/launch_uos.sh
devicemodel/samples/apl-up2/launch_uos.sh
devicemodel/samples/nuc/launch_hard_rt_vm.sh
devicemodel/samples/nuc/launch_uos.sh
devicemodel/samples/nuc/launch_vxworks.sh
devicemodel/samples/nuc/launch_win.sh
devicemodel/samples/nuc/launch_zephyr.sh
hypervisor/scripts/genld.sh
```

Tracked-On: #4061
Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-11 15:32:16 +08:00
Deb Taylor
79294b394f Doc: Final edits for the HLD-Security doc.
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-11 08:56:50 +08:00
Yonghua Huang
865d1a22e6 doc: add hld-security guest secure boot description
1. add guest secure boot with OVMF.
  2. delete obsolete content.
  3. SOS -> Service VM and UOS -> User VM.

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
2019-11-11 08:56:28 +08:00
David B. Kinder
a4713fce6f doc: add copyright/license header to doc scripts
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-11-09 23:59:27 +08:00
Deb Taylor
047670706b Doc: Final edits to the HV Hypercall doc.
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-09 23:59:06 +08:00
Deb Taylor
dcfa758719 Doc: Final edits to the CPU Virt doc
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-09 23:58:44 +08:00
David B. Kinder
ce46f35db5 doc: review edits for rt_industry doc
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-11-09 23:58:25 +08:00
Deb Taylor
3298891fc4 Doc: Final edits to the HLD Overview doc.
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-09 23:58:05 +08:00
Deb Taylor
a74a75514a Doc: Final edits to Memory Mangt HLD doc.
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-09 23:57:44 +08:00
David B. Kinder
1c3f16f56d doc: review edit for enable_laag_secure_boot
Review update to PR #3938

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-11-09 23:57:25 +08:00
David B. Kinder
ae126bd5fb doc: review edits for acrn_configuration_tool
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-11-09 23:57:02 +08:00
Xie Zhengtian
9687d72e11 doc: add cores and threads for CPU of supported hardware
The default binary will not support 2 core/2 thread hardware from V1.3;
KBL NUC7i5DNH has serial port;
Add cores and threads for CPU of hardware listed;

Signed-off-by: Xie Zhengtian <zhengtian.xie@intel.com>
2019-11-09 23:56:41 +08:00
David B. Kinder
2d0739bfc8 doc: fix error in building_from_source doc
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-11-09 23:56:19 +08:00
lirui34
3b977eef4d doc: clean up the docs in try using acrn table.
Move acrn_ootb / building_acrn_in_docker / up2 gsg to the
develop using acrn guide;

Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-09 23:55:55 +08:00
huyuan3x
2a3178aa0a doc: Update Using Windows as Guest VM on ACRN
Signed-off-by: huyuan3x <yuanx1.hu@intel.com>
2019-11-09 23:55:33 +08:00
wenlingz
9bd274ae40 doc:modfiy ubuntu build on 18.04
Signed-off-by: wenlingz <wenling.zhang@intel.com>
2019-11-09 23:55:10 +08:00
lirui34
7d818c8272 doc: Stop using kconfig to make a customized efi.
Also fix some quick setup script issues.

Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-09 23:54:46 +08:00
Junhao Gao
67c64522fd dm: fix memory free issue for xhci
remove uninitialized variable "dir", then make sure
"xfer->data","xfer->data[i].hcb","xfer->reqs" free correctly.

Tracked-On: #4034
Signed-off-by: Junhao Gao <junhao.gao@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
2019-11-08 14:36:25 +08:00
Deb Taylor
3fb1021dbc Doc: Minor grammatical edits on various files.
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-08 13:20:38 +08:00
David B. Kinder
72f7119246 doc: fix doc build errors previously masked
As reported in PR #3959, doc build errors were being masked by a script
error.  This PR fixes a chunk of them.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-11-08 13:20:04 +08:00
Yan, Like
2a6f2fa822 hv: update virtual interrupts HLD
Signed-off-by: Yan, Like <like.yan@intel.com>
2019-11-08 13:19:17 +08:00
Deb Taylor
3314857a09 Doc: update conf.py file to include v1.4
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-08 09:29:15 +08:00
David B. Kinder
b20a67f839 doc: clean up waag-secure-boot doc
Cleaned up the presentation and formatting problems from the conversion
to ReST, along with English grammar and spelling edits.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2019-11-08 09:29:00 +08:00
lirui34
9d01d8ad9e doc: instruction of enabling the laag secure boot
Add tutorial about how to enable the laag secure boot.

Signed-off-by: lirui34 <ruix.li@intel.com>
2019-11-08 09:28:09 +08:00
Li, Fei1
af61b486de doc: update timer hld
Add two new APIs interfaces design

Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-11-08 09:27:08 +08:00
Li, Fei1
ea601e4241 doc: update memory management hld
1. Some security features are added into ACRN HV memory management.
2. Dynamic memory allocation is removed. Instead, static memory page allocation is added.
3. The guest to host mapping is not static any more for Service OS after it begins running
since the Service OS support PCI BAR re-pregramming now.

Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-11-08 09:26:56 +08:00
Deb Taylor
c8abc7cbfb Added entry for waag-secure-boot tutorial (added in #3883)
Signed-off-by: Deb Taylor <deb.taylor@intel.com>
2019-11-08 09:26:43 +08:00
lkanx
f34f87fa38 doc:update acrn_configuration_tool
Signed-off-by: lkanx <lix.kan@intel.com>
2019-11-08 09:26:25 +08:00
Yuan Liu
0e65254684 doc: add waag secure boot enabling
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
2019-11-08 09:26:10 +08:00