The APICv ops is decided once the APICv feature on the physical platform is detected.
We will use apicv_advanced_ops if the physical platform support fully APICv feature;
otherwise, we will use apicv_basic_ops.
This patch only wrap the accept interrupt API for them.
Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Possible buffer overflow will happen in vlapic_set_tmr()
and vlapic_update_ppr(),this path is to fix them.
Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1) Shouldn't try to set APIC-register virtualization if the physical doesn't
support APICV advanced mode.
2) Remove all APICv features VMCS setting when LAPIC is passed through to guest.
Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Not every instruction supports the operand-size bit (w). This patch try to correct
what done in commit-id 9df8790 by setting a flag VIE_OP_F_BYTE_OP to indicate which
instruction supports the operand-size bit (w).
This bug is found by removing VMX_PROCBASED_CTLS2_VAPIC_REGS VMCS setting when the
physical doesn't support this APICv feature. However, if emulated this in MRB board,
the android can't boot because when switch to trusty world, it will check
"Delivery Status" in ICR first. It turns out that this Bit Test instruction is not
emulated correctly.
Tracked-On: #1337
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
This patch removes dead loop in stop_cpus because timeout never occurs.
If target cpu received a NMI and panic, it has called cpu_dead and stop_cpus success.
If target cpu is running, an IPI will be delivered to it and then call cpu_dead.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The physical core of lapic_pt vm should be reset for security and
correctness when shutdown the vm.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch makes the following changes:
- Add one parameter 'mask' to start_cpus for later use.
- Set cpu state as DEAD instead of dead loop when fail to start cpu.
- Panic when there are any failures when start cpus in init_cpu_post and host_enter_s3.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch remove the over design CPU_UP_TIMEOUT and
use CPU_UP_TIMEOUT and CPU_DOWN_TIMEOUT instead.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently, the previous configurations about guest_flags set by DM will
not be cleared when shutdown the vm. Then it might bring issue for the
next dm-launched vm.
For example, if we create one vm with LAPIC_PASSTHROUGH flag and shutdown it.
Then the next dm-launched vm will has the LAPIC_PASSTHROUGH flag set no matter
whether we set it in DM.
This patch clears all the DM set flags when shtudown vm.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently vpid is not released in reset_vcpu() hence the vpid resource
could be exhausted easily if guests are re-launched.
This patch assigns vpid according to the fixed mapping of runtime vm_id
and vcpu_id to guarantee the uniqueness of vpid.
Tracked-On: #2700
Signed-off-by: Zide Chen <zide.chen@intel.com>
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- The target vm in most of hypercalls should be a NORMAL_VM, in some
exceptions it might be a SOS_VM, we should validate them.
- Please be aware that some hypercall might have limitation on specific
target vm like RT or SAFETY VMs, this leaves "TODO" in future;
- Unify the coding style:
int32_t hcall_foo(vm, target_vm_id, ...)
{
int32_t ret = -1;
...
if ((is_valid_vm(target_vm) && is_normal_vm(target_vm)) {
ret = ....
}
return ret;
}
Tracked-On: #2978
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The function vpci_set_ptdev_intr_info() is not compiled for
CONFIG_SHARING_MODE only any more so the #ifndef here is useless.
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently ptdev_release_all_entries() calls ptirq_release_entry() to
release ptdev IRQs, which is not sufficient because free_irq() is not
included in ptirq_release_entry().
Furthermore, function ptirq_deactivate_entry() and ptirq_release_entry()
have lots of overlaps which make the differences between them are not
clear.
This patch does:
- Adds ptirq_deactivate_entry() call in ptdev_release_all_entries() if the
irq has not already freed.
- Remove unnecessary code from ptirq_deactivate_entry() to make it do the
exact opposite to function ptirq_activate_entry(), except that
entry->allocated_pirq is not reset, which is not necessary.
- Added the missing del_timer() to ptirq_release_entry() to make it almost
opposite to ptirq_alloc_entry(); Added memset() to clear the whole entry,
which doesn't have impacts to the functionalities but keep the data structure
clean.
Tracked-On: #2700
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If launch two UOS with same UUID by acrn-dm, current code path will
return same VM instance to the acrn-dm, this will crash the two UOS.
Check VM state and make sure it's in VM_STATE_INVALID state before
creating a VM.
Tracked-On: #2984
Signed-off-by: Cai Yulong <yulongc@hwtc.com.cn>
The 'boot_params' and 'entry' might be dereferenced after they were
positively checked for NULL. Refine checking logic to fix the issue.
Tracked-On: #2979
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
The previous will not check the EPT gpa correctly. This patch try to fix this.
Tracked-On: #2291
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
When shutting down SOS VM, the shared sbuf is released from guest OS, but
the per cpu sbuf pointers in hypervisor keep inact. This creates a problem
that after SOS is re-launched, hypervisor could write to the shared
buffer that no longer exists.
This patch implements sbuf_reset() and call it from reset_vcpu() to
reset sbuf pointers.
Tracked-On: #2700
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Add TPR below threshold implement for "Virtual-interrupt delivery" not support.
Windows will use it to delay interrupt handle.
Complete all the interrupts in IRR as long as they are higher priority than
current TPR. Once current IRR priority is less than current TPR enable TPR
threshold to IRR, so that if guest reduces the TPR threshold, it would be good
to take below TPR threshold exit and let interrupts to go thru.
Tracked-On: #1842
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
ACRN dumps host registers in case of an exception in root mode operation.
This patch adds CR2 register to the dump. It is useful for
page-fault debug in HV to know the offending address.
Tracked-On: #2969
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Enable vMCE feature to boot windows guest.
vMCE is set in EDX from Microsoft TLFS spec, to support windows guest
vMCA and vMCE should be supported by guest CPUID.
Support MSR_IA32_MCG_CAP and MSR_IA32_MCG_STATUS reading when vMCE is enabled,
but they are not emulated yet, so return 0 directly.
Tracked-On: #1867
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the presence of SOS, ACRN uses fallback_iommu_domain which is the same
used by SOS, to assign domain to devices during ACRN init. Also it uses
fallback_iommu_domain when DM requests ACRN to remove device from UOS domain.
This patch changes the design of assign/remove_iommu_device to avoid the
concept of fallback_iommu_domain and its setup. This way ACRN can commonly
treat pre-launched VMs bringup w.r.t. IOMMU domain creation.
Tracked-On: #2965
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
In the current design, logic partition scenario is supported
on KBL NUC i7 since there is no related configuration and
no the cooresponding boot loader supporting.
The boot loader supporting is done in the previous patch.
Add some configurations such physical PCI devices information,
virtual e820 table etc for KBL NUC i7 to enable logical
partition scenario.
In the logical partition of KBL NUC i7, there are two
pre-launched VM, this pre-launched VM doesn't support
local APIC passthrough now. The hypervisor is booted through
GRUB.
TODO: In future, Local APIC passthrough and some real time
fetures are needed for the logic partition scenario of KBL
NUC i7.
V5-->V6:
Update "Tracked-On"
Tracked-On: #2944
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
In the current design, hypervisor only detects two kinds of
multiboot compiliant firwares (UEFI loader and non-UEFI loader),
It can't detect other multiboot compliant firware (such GRUB
loader) and can't detect UEFI loader explicitly since loader
name is not supported by UEFI loader (efi stub). In the
logical partition scenario on KBL NUC i7, one multiboot
compliant firware is used to boot hypervisor and load guest
OS image, and firware runtime service shall be disable to
avoid interference. So GRUB can be selected as a candidate
to enable logical partition scenario on KBL NUC i7.
Update firware detection and operations selecting logic to detect
more multiboot compiliant firware (such as GRUB and UEFI loader)
explicitly, different operations is selected according to the
boot load name through a static mapping table between boot load name
and firmware operations. GRUB loader can use the SBL operations
to handle multiboot information parsing and vm booting since
these multiboot compiliant firmware (SBL/ABL/GRUB) which boots
hypervisor (binary format), provides multiboot information and
the start address of guest OS image(binary format) in the same way,
and only runs on boot time.
From MISRA C view, viarble array is not allowed, so define the
static array for above mapping table;
From security view, it is better use strncmp insteads of strcmp.
TODO: In future, need to redesign boot moudle to suport different
boot loader, different VM boot, and different guest OS.
V2-->V3:
Update firmware detection logic to handle GRUB loader
which is need to provided multiboot information to the
hypervisor (such as the address of guest OS image);
V3-->V4:
Update firmware detection and operations selecting logic
to enable GRUB loader support in hypervisor;
V4-->V5:
Separte UEFI loader name supporting in a separate patch,
and update commit comment to make patch clearer.
V5-->V6:
Update "Tracked-On"
Tracked-On: #2944
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add new hypercall get platform information,
such as physical CPU number.
Tracked-On: #2538
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN builds mptable for pre-launched VMs. It uses CONFIG_PARTITION_MODE
to compile mptable source code and related support. This patch removes
the macro and checks if the type of VM is pre-launched to build mptable.
Tracked-On: #2941
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Enhance "vm_list" command in shell to Show VM UUID;
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently VM id of NORMAL_VM is allocated dymatically, we need to make
VM id statically for FuSa compliance.
This patch will pre-configure UUID for all VMs, then NORMAL_VM could
get its VM id/configuration from vm_configs array by indexing the UUID.
If UUID collisions is found in vm configs array, HV will refuse to
load the VM;
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Return true if vm configs is sanitized successfully, otherwise return false;
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The code mixed the usage on term of UUID and GUID, now use UUID to make
code more consistent, also will use lowercase (i.e. uuid) in variable name
definition.
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1) In x2apic mode, when read ICR, we want to read a 64-bits value.
2) In x2apic mode, write self-IPI will trap out through MSR write when VID isn't enabled.
Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We could call vlapic API directly, remove vlapic_rdmsr/wrmsr to make things easier.
Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
renamed: include/dm/pci.h -> include/hw/pci.h
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Now the io_emul.c is relates with arch,io_req.c is common,
move some APIs from io_emul.c to io_req.c as common like these APIs:
register_pio/mmio_emulation_handler
dm_emulate_pio/mmio_complete
pio_default_read/write
mmio_default_access_handler
hv_emulate_pio/mmio etc
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Move ‘emul_pio[]/default_io_read/default_io_write’
from struct vm_arch to struct acrn_vm
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- this api is related with arch_x86, then move to x86 folder
-- rename 'set_vhm_vector' to 'set_vhm_notification_vector'
-- rename 'acrn_vhm_vector' to 'acrn_vhm_notification_vector'
-- add an API 'get_vhm_notification_vector'
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For Pre-launched VMs, ACRN uses mptable for reporting APIC IDs to guest OS.
In current code, ACRN uses physical LAPIC IDs for vLAPIC IDs.
This patch is to let ACRN use vCPU id for vLAPIC IDs and also report the same
when building mptable. ACRN should still use physical LAPIC IDs for SOS
because host ACPI tables are passthru to SOS.
Tracked-On: #2934
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@Intel.com>
ACRN uses CONFIG_PARTITION_MODE macro to compile out CPU_IRQ_ENABLE/DISABLE
APIs. With vector remapping enabled for pre-launched VMs, this is of no use.
And for VMs with LAPIC pass-thru, interrupts stay disabled in vmexit loop
with the help of is_lapic_pt() API.
Tracked-On: #2903
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now the MAX supported VM number is defined explicitly for each scenario,
so move this config from Kconfig to VM configuration.
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Previously we use unified vm_config.c for all scenarios and use MACROs
for each configuration items, then the initialization of vm_configs[]
becomes more complicated when definition of MACROs increase, so change
the coding style that all configurable items could be explicitly shown in
vm_configuration.c to make code more readable.
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add, update '@return' and '@retval' statements to the API descriptions related
to vCPU operations.
Tracked-On: #1844
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
As vector re-mapping is enabled for pre-launched/partition mode VMs,
there is no more need for separate interrupt routine i.e.
partition_mode_dispatch_interrupt.
Tracked-On: #2879
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
For pre-launched VMs MSI/MSI-x configuration writes are not intercepted by ACRN.
It is pass-thru and interrupts land in ACRN and the guest vector is injected into
the VM's vLAPIC. With this patch, ACRN intercepts MSI/MSI-x config writes and take
the code path to remap interrupt vector/APIC ID as it does for SOS/UOS.
Tracked-On: #2879
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
To keep consistency between HV and DM about PM1A_CNT_ADDR,
it is better to replace the PM1A_CNT related MACROs used in DM
with VIRTUAL_PM1A_CNT related MACROs in acrn_common.h.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
This patch mainly does the following:
- Replace prefix RT_VM_ with VIRTUAL_.
- Remove the check of "addr != RT_VM_PM1A_CNT_ADDR" as the handler is specific for this addr.
- Add comments about the meaning of return value.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Intel SDM Vol3 23.8 says:
The INIT signal is blocked whenever a logical processor is in VMX root operation.
It is not blocked in VMX nonroot operation. Instead, INITs cause VM exits
So, there is no side-effect to send INIT signal regardless of pcpu active status.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
'vector_cnt' is vector count of MSI/MSIX, and it come from 'table_count'
in the the pci_msix struct. 'CONFIG_MAX_MSIX_TABLE_NUM' is the maximum
number of MSI-X tables per device, so 'vector_cnt' must be less then
or equal to 'CONFIG_MAX_MSIX_TABLE_NUM'.
Tracked-On: #2881
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
All if . . else if constructs shall be
terminated with an else statement.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com
The pt_dev.c in board folder is replaced by the one in scenarios folder,
so remove them.
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
After using get_vm_from_vmid(), vm pointer is always not NULL. But there are still many NULL pointer checks.
This commit replaced the NULL vm pointer check with a validation check which checks the vm status.
In addition, NULL check for pointer returned by get_sos_vm() and get_vm_config() is removed.
Tracked-On: #2520
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit renmaes guest_no in shell_to_sos_console() to vm_id, which is commonly used in ACRN.
Tracked-On: #2520
Signed-off-by: Yan, Like <like.yan@intel.com>
For hv shell commands with vm_id option, need to check it is in the valid range [0, CONFIG_MAX_VM].
This commit checks the input vm_id, if it's not in the valid range, an error message will be given,
and vm_id will be assgined to default 0U.
Tracked-On: #2520
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The CLOS is initialized to 0 for each scenarios. User could modify this
configuration in its vm_configurations.h;
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In this scenario, hypervisor will run two logical partition VMs.
Please note that the Kconfig of Hypervisor mode will be removed
gradually. In current Kconfig setting, the CONFIG_PARTITION_MODE
is still kept for now for back-compatibility.
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Previously the vm_configs[] is defined separately for sharing mode and
partition mode, but the concept of hypervisor mode will be removed. Instead
we will introduce scenario Kconfig for hypervisor to load different vm
configurations.
SDC(Software Defined Cockpit) is a typical scenario that ACRN supported
so we introduce this scenario for previously sharing mode and move its
configurations to scenarios/sdc folder. The configuration could be used
for all boards reference.
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Use MACROs in pt_dev.c to replace straight-forward BDF numbers. The
pt devices for each VM will be chosen from Board specific PCI devices
list which defined in pci_devices.h;
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add the default handlers for PIO and MMIO access which returns all
FFs on read and discards write. These default handlers are registered
when SOS VM or pre-launched VM is created.
v3 -> v4:
- use single layer if in hv_emulate_pio
- change the implementation of pio_default_read
v2 -> v3:
- use runtime vm type instead of CONFIG_PARTITION_MODE
- revise the pio/mmio emulation functions
- revise the pio/mmio default read functions according to MISRA C
- revise the commit message
v1 -> v2:
- add default handlers members in struct acrn_vm and add interfaces
to register default handlers for PIO and MMIO.
Tracked-On: #2860
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
When RTVM is trying to poweroff by itself, we use INIT to
kick vCPUs off the non-root mode.
For RTVM, only if vm state equal VM_POWERING_OFF, we take action to pause
the vCPUs with INIT signal. Otherwise, we will reject the pause request.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch makes make_reschedule_request support for kicking
off vCPU using INIT.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This API is only for kick vcpu out of non-root mode when
RTVM poweroff by itself. And the first caller will soon come
along with the next patch.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We set the vm state as VM_POWERING_OFF when RTVM is trying to poweroff by itself.
We will check it when trying to pause vCPUs of RTVM. Only if vm state equal to
VM_POWERING_OFF, we take action to pause the vCPUs of RTVM. Otherwise, we will
reject the pause request.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
The virtual pm port of RTVM is intercepted by HV. But the HV needs to inform the DM as well.
So we will forward the virtual S5 request to DM too
The handler in HV just set the pm state flag (VM_POWERING_OFF) which indicate that the RTVM is powering
off by itself. Meanwhile, there are data resources in VHM and DM should be released once we handle the PM
of RTVM in HV. So, return to DM to go through the entire VM destroy cycles to release the resources.
During the cycles, the DM will try to pause vm through hypercall. In the hypercall handler in HV, we will
check the pm state flag. If it is set, pause all the vCPUs of the vm. Otherwise, reject the request.
In this way, we can make sure that RTVM can only trigger its s5 by itself. All
other S5 request from external will be rejected.
Here is sequence chart of RTVM s5.
poweroff
+-----------+ +----------+ +-----------+ +----------+
| vBSP | | vAPs | | HV | | DM |
+-----+-----+ +----------+ +-----+-----+ +-----+----+
| | | |
| Stop all other cpus | | |
+----------------------------+ | |
| | |Disable LAPIC | |
| +<-+ | |
| | | |
| +--+ | |
| | |HLT in | |
| All other cpus stopped | |non-root mode | |
+----------------------------+ | |
| Call ACPI method to enter s5 | |
+-------------------------+---------------------> | |
| | Set s5 flag | |
| | <---------------------+ |
| | APs paused | Re-inject IOREQ TO DM
| | +-------------------> +-------------------> +
| | | Pause VM |
| | Check S5 flag: | <-------------------+
| | - If set, pause vm | VM paused |
| | - If no, reject | +-----------------> +--+
| | | Destroy VM | |Deinit works
| | | <--------------------<-+
| | | VM destroyed |
| | | +-----------------> |
+ + + +
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
This patch makes io_read_fn_t return true or false instead of void.
Returning true means that the handler in HV process the request completely.
Returning false means that we need to re-inject the request to DM after
processing it in HV.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
This patch makes io_write_fn_t return true or false instead of void.
Returning true means that the handler in HV process the request completely.
Returning false means that we need to re-inject the request to DM after
processing it in HV.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch checks if the GUEST_FLAG_RT is set when GUEST_FLAG_LAPIC_PASSTHROUGH is set.
If GUEST_FLAG_RT is not set while GUEST_FLAG_LAPIC_PASSTHROUGH is set, we will refuse
to boot the VM.
Meanwhile, this patch introduces a new API is_rt_vm.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This flag indicates that if the vm is RTVM.
And if a vm has GUEST_FLAG_LAPIC_PASSTHROUGH flag set,
we must set the GUEST_FLAG_RT at the same time.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
In the cases when more than one CPU has something to print, exception
dump from one CPU is overlapped with other CPU's messages and the final
text that is printed on console is all mixed up and does not make any sense.
Changing printf to pr_err so that the messages are printed one after
the other.
Tracked-On: #2858
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
In hypervisor fuzzing test, hypervisor will hang
if issuing HV_VM_SET_MEMORY_REGIONS hypercall after
target VM is destroyed.
this patch is to fix above vulnerability.
Tracked-On: #2849
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The vm_config in hypervisor restricted VM name size to
MAX_CONFIG_NAME_SIZE (32 bytes). When UOS is launched by DM, the vmname
is passed in as the last optional args, we hope to to copy it to vm_config
in the future. So the size of vmname in DM args should be restricted to
MAX_CONFIG_NAME_SIZE, too. Because MAX_CONFIG_NAME_SIZE will be used by DM,
we move it from vm_config.h to acrn_common.h
We also rename MAX_CONFIG_NAME_SIZE to MAX_VM_OS_NAME_LEN, because it will
be used by another components, should has a clear name.
Tracked-On: #2851
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
devicemodel/include/public/acrn_common.h should be identical with
hypervisor/include/public/acrn_common.h, so we can use a soft link
to hypervisor's acrn_common.h for devicemodel.
Tracked-On: #2851
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Since we always enable "Use TPR shadow", so operate on TPR will not
trigger VM exit. So remove these APIs.
Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Delete the 2 files and merge their code into vpci.c:
hypervisor/dm/vpci/partition_mode.c
hypervisor/dm/vpci/sharing_mode.c
And change the Makefile accordingly
Change PCI_PRIV_H_ to VPCI_PRIV_H_ in vpci_priv.h
Some misra c fix:
Add @pre for functions
Add const to function parameters
Tracked-On: #2534
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Instead of using CONFIG_PARTITION_MODE at compile time to compile in and call
the partition mode/sharing mode specific functions, always compile in all sharing
mode and partition code, then calling the corresponding functions dynamically based
on vm type (PRE_LAUNCHED_VM and SOS_VM) at runtime.
Some misra c fix:
Add @pre for functions
Add const to function parameters
Add ASSERT in pci_cfgdata_io_read and pci_cfgdata_io_write
Tracked-On: #2534
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Re-organize the code to remove usage of hypervisor.h from
bsp folder, without changing any functionality.
Tracked-On: #2694
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
Currently MSR IA32_MISC_ENABLE is passthrough to guest.
However, guest may change the value of this MSR, which will cause issue in hypervisor.
This patch uses VMX MSR store area to isolate the MSR IA32_MISC_ENABLE between guest and host.
TODO:
Some bits of the MSR IA32_MISC_ENABLE is not just per core, but per package.
So need to check if need to prevent guest from setting or clearing these bits that may affect other cores.
Tracked-On: #2834
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Rename the field msr_num to msr_index, which is more accurate,
in struct msr_store_entry.
Tracked-On: #2834
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
-- move this api from misc.c to timer.c to avoid
reverse dependency, and remove misc.c
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
- for all cases of referring guest bootargs size, replace MEM_2K with
CONFIG_MAX_BOOTARGS_SIZE for better readability.
- remove duplicated MAX_BOOTARGS_SIZE definition from vm_config.h.
Also fix one minor issue in general_sw_loader() which uses copy_to_gpa()
to copy a string. Since copy_to_gpa() makes use of memncpy_s() to do the
job, the size parameter should include the string null ternimator.
Tracked-On: #2806
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove the unused seed parsing source files under
hypervisor/boot/sbl and related header files.
Tracked-On: #2724
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Added a struct acrn_vm in firmware.h to remove
a compiler warning.
No change in logic.
Tracked-On: #2830
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
Enhance the ACRN shell interactive help. It is close to a 1-1 mapping with
the online documentation but cut a little shorter in various places to make it
more user-friendly when using it from the ACRN console.
Tracked-On: #2829
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
To merge the multiboot bootargs within sbl_init_vm_boot_info(), buffer
overflow could happen when it doesn't provide correct 'dmax' argument
to strncpy_s().
Also, currently it doesn't check the availability of the dest buffer before
overwriting '\0' with a whitespace, which theoretically the dest string
could end up with no null terminator within it's array boundary.
This patch also creates a separate function to merge the cmdline strings,
because after the above fixes some lines in sbl_init_vm_boot_info()
function could have up to 7 tabs in front of the first character, which
looks messy and sbl_init_vm_boot_info() is getting too complicated.
Tracked-On: #2806
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Linux access TSC_ADJUST to verify it has not tampered every time when enter idle.
So for RTVM running rt-linux, the access will cause vm exit which affect real-time performance.
This commit pass through TSC_ADJUST to VM with lapic_pt, to avoid TSC_ADJUST caused vm_exit.
For other VMs, TSC_ADJUST msr access is still trapped and emulated.
Tracked-On: #2813
Signed-off-by: Yan, Like <like.yan@intel.com>
This patch hide Memory Protection Extention (MPX) capability from guest.
- vCPUID change:
Clear cpuid.07H.0.ebx[14]
Clear cpuid.0DH.0.eax[4:3]
- vMSR change:
Add MSR_IA32_BNDCFGS to un-supported MSR array.
- XCR0[4:3] is not allowed to set by guest.
Tracked-On: #2821
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Both sharing mode and partition mode should follow the same coding logic/style
for similar functions:
vdev cfgread/cfgwrite: should all return -ENODEV if the pci reg access is not handled by
it, but previously the partition mode code is not following this logic
vpci cfgread/cfgwrite: if the vdev cfgread/cfgwrite does not handle this reg,
pass on to next vdev cfgread/cfgwrite, if no vdev handles that req, passthru to
physical pci device
Tracked-On: #2534
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Do the pci cfg read/write sanity checking before the request is dispatched to
submodules, so that the checking is centralized rather than scattered across multiple
files/places
Tracked-On: #2534
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In preparation for vpci ops function removal, so that these functions can be
called directly instead by vpci code
Tracked-On: #2534
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove vdev ops for partition mode, change related code to directly call the corresponding
functions instead
Remove struct pci_vdev_ops from vpci.h
Add @pre for pci_find_vdev_by_pbdf and pci_find_vdev_by_vbdf/partition_mode_vpci_init
Change the return value from int32_t to void to comply with misra c and
add ASSERT/panic in the functions (if necessary):
vdev_hostbridge_init
vdev_hostbridge_deinit
vdev_pt_init
vdev_pt_deinit
Still use pr_err in partition_mode_cfgread and partition_mode_cfgwrite to check if vdev cfgread/cfgwrite
access is aligned on 1/2/4 bytes, which is the only case that vdev cfgread/cfgwrite will return
nonzero, pr_err will be removed in subsequent patch titled "unify the sharing
mode and partition mode coding style for similar functions"
Remove @pre for local variables
Add ASSERT in partition_mode_pdev_init to check if pdev is NULL (user config
error)
Tracked-On: #2534
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN uses global invalidation for all DMAR translation caches. Whenever
a UOS is shutdown or rebooted, it ends up clearing entries in translation
caches belonging to other VMs/domains. This patch adds support for
domain/device level invalidation for DMA translation caches and index
based invalidation for Interrupt Remapping Cache.
Tracked-On: #2738
Signed-off-by: Sainath Grandhi sainath.grandhi@intel.com
Acked-by: Eddie Dong eddie.dong@intel.com
