According to PCIe specification (since 2.0), absence of any extended
capabilities is required to be indicated by an extended capability header
with a capability ID of FFFFh and a next capability offset of 000h. Thus,
the board inspector today accesses the first extended capability header at
100h in the configuration space of a PCIe function unconditionally.
However, in practice we have seen real PCI functions which has a PCIe
capability but no extended capability header. This will cause the board
inspector to crash due to invalid configuration space accesses.
To fix that, this patch adds a check to the size of the configuration space
before walking the extended capabilities of a PCIe function.
Tracked-On: #6411
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, if user starts acrnd service, acrnd service will fail to
find the folder "/sys/kernel/gvt" in Service VM, fail to start.
Root cause is GVT-g is not supported in current ACRN, the folder
"/sys/kernel/gvt" will not be created in Service VM.
This patch updates acrnd service to remove this condition check.
v1-->v2:
Weston service is optional for ACRN, acrnd should not depend
on it, so remove weston service dependency in acrnd service.
Tracked-On: #6994
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
User should make sure acrnd service has been started
before running acrnctl.
This patch add note about this.
v2-->v3:
Update document about acrnd service enabling.
Tracked-On: #6991
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Currently, while there is no running post-launched User VM and
user executes acrnctl command, he or she will get failure and
error message is "/run/acrn/mngr doesn't exist".
Root cause of this failure is acrnctl only check whether the folder
"/run/acrn/mngr" exist or not, if this folder doesn't exist, will
report failure.
acrnd service will create the folder "/run/acrn/mngr", user should
make sure acrnd service is started before using acrnctl
This patch will update log message while the folder "/run/acrn/mngr"
doesn't exist.
v1-->v2:
Update log message to make it clearer.
Tracked-On: #6991
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
The following parameters have not used by new design:
1. --vsbl <vsbl_file_path>
2. --part_info <part_info_name>
3. -G, --gvtargs <GVT_args>
4. -s <slot>,pci-gvt
5. -Y, --mptgen
6. -s <slot>,virtio-hdcp
7. -s <slot>,npk
8. -s <slot>,virtio-coreu
9. -i, --ioc_node <ioc_mediator_parameters>
10. --pm_by_vuart [pty|tty],<node_path>
11. --pm_notify_channel <channel>
This patch remove these parameters from usage and comment in code to
explain they are all obsoleted now.
Tracked-On: #6690
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Signed-off-by: Chenli Wei <chenli.wei@linux.intel.com>
Update description of passthrough device usecase additions, and improved
description of Issue #6631 (Kata broken)
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Otherwise it will fail to set the GPU opregion/stolen_memory for guest VM in
course of GPU passthrough and the display can't work.
Tracked-On: #6988
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Also cleaned out older versions from list, keeping v1.0,
v1.6.1, v2.0, v2.5, and v2.6.
The documentation for previous releases is still available (by editing
the URL to mention that release (e.g., /2.1/ ).
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
To launch User VM, cpu_affinity parameter is needed for v2.7.
Signed-off-by: fuzhongl <fuzhong.liu@eintel.com>
Reviewed-by: gvancuts <geoffroy.vancutsem@intel.com>
1. Update launch script and replace the apt-get command with apt in GSG documentation.
2. Update the tag to v2.7 in partitioned documentation.
Signed-off-by: zhongzhenx.liu <zhongzhenx.liu@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add some color styles we can use (via .. rst-class:: style directive) to
add color to rst tables. Also introduce a centered class instead of
using the deprecated .. centered:: directive. Update documentation
guidelines to describe these new styles (background colors).
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The commands in the Getting Started Guide for copying files to and from
the USB stick will fail if the USB stick volume name has a space in it.
Fix this by quoting uses of $disk.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Fix errors in description of changes.
Add mention of SOS -> Service_VM change in config options/values.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Currently in sanitize_vm_config, all LAPIC-PT VM are treated as RTVM,
which can be relaxed: LAPIC PT VM does not have to be RTVM.
Change the logic in sanitize_vm_config to support this relaxation.
Tracked-On: #6968
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, the command "acrnctl suspend" and "acrnctl resume"
is not used by user. This patch removes related code.
Tracked-On: #5921
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, the command "acrnctl suspend" and "acrnctl resume"
is not used by user. This patch removes related code.
v1-->v2:
Remove vm_suspend.
Tracked-On: #5921
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, Service VM may fail to shut down due to some enabled
VFs. ACRN doesn't disable VFs automatically.
In this patch, add a note for user to disable VFs before Service
VM shuts down.
Tracked-On: #5921
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Rename `CONFIG_IOMMU_BUS_NUM` to `ACFG_MAX_PCI_BUS_NUM`. Configure tool
will calculate `ACFG_MAX_PCI_BUS_NUM` base on the max pci num which is
used by VF. So user needn't care about `ACFG_MAX_PCI_BUS_NUM`, and memory
will be used resonable.
Tracked-On: #6942
Signed-off-by: Yuanyuan Zhao <yuanyuan.zhao@linux.intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Victor Sun <victor.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Extract the max pci bus number from board information and generate the
common configuration macro ACFG_MAX_PCI_BUS_NUM automatically.
Tracked-On: #6942
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
remove is_valid_xsave_combination api,
assume the hardware or QEMU can guarantee that support
XSAVE on CPU side and XSAVE_XRSTR on VMX side or not.
will add offline-tool in QEMU platform to avoid the user
use wrong XSAVE configurations.
remov check VMX_PROCBASED_CTLS2_XSVE_XRSTR based on the above reason.
for VMX_PROCBASED_CTLS2_PAUSE_LOOP, now it will panic
if run ACRN over QEMU, here remove it from essential check,
and it will print error information when set this bit
if there is no the hardware capability.
v1-v2:
remove is_valid_xsave_combination
Tracked-On: #6584
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch adds an option CONFIG_KEEP_IRQ_DISABLED to hv (default n) and
config-tool so that when this option is 'y', all interrupts in hv root
mode will be permanently disabled.
With this option to be 'y', all interrupts received in root mode will be
handled in external interrupt vmexit after next VM entry. The postpone
latency is negligible. This new configuration is a requirement from x86
TEE's secure/non-secure interrupt flow support. Many race conditions can be
avoided when keeping IRQ off.
v5:
Rename CONFIG_ACRN_KEEP_IRQ_DISABLED to CONFIG_KEEP_IRQ_DISABLED
v4:
Change CPU_IRQ_ENABLE/DISABLE to
CPU_IRQ_ENABLE_ON_CONFIG/DISABLE_ON_CONFIG and guard them using
CONFIG_ACRN_KEEP_IRQ_DISABLED
v3:
CONFIG_ACRN_DISABLE_INTERRUPT -> CONFIG_ACRN_KEEP_IRQ_DISABLED
Add more comment in commit message
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
"idle=halt " should be avoided in REE since we have to
keep the interrupt always masked in root mode.
Tracked-On: #6571
Signed-off-by: Jie Deng <jie.deng@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Previous upstreamed patches handles the secure/non-secure interrupts in
handle_x86_tee_int. However there is a corner case in which there might
be unhandled secure interrupts (in a very short time window) when TEE
yields vCPU. For this case we always make sure that no secure interrupts
are pending in TEE's vlapic before scheduling REE.
Also in previous patches, if non-secure interrupt comes when TEE is
handling its secure interrupts, hypervisor injects a predefined vector
into TEE's vlapic. TEE does not consume this vector in secure interrupt
handling routine so it stays in vIRR, but it should be cleared because the
actual interrupt will be consumed in REE after VM Entry.
v3:
Fix comments on interrupt priority
v2:
Add comments explaining the priority of secure/non-secure interrupts
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The TEE_NOTIFICATION_VECTOR can sometimes be confused with TEE's PI
notification vector. So rename it to TEE_FIXED_NONSECURE_VECTOR for
better readability.
No logic change.
v3:
Add more comments in commit message.
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Sometimes HV would like to know if there are specific interrupt
pending in vIRR, and clears them if necessary (such as in x86_tee case).
This patch adds two APIs: get_next_pending_intr and clear_pending_intr.
This patch also moves the inline api prio() from
vlapic.c to vlapic.h
v3:
Remove apicv_get_next_pending_intr and apicv_clear_pending_intr
and use vlapic_get_next_pending_intr and vlapic_clear_pending_intr
directly.
v2:
get_pending_intr -> get_next_pending_intr
apicv_basic/advanced_clear_pending_intr -> apicv_clear_pending_intr
apicv_basic/advanced_get_pending_intr -> apicv_get_next_pending_intr
has_pending_intr kept
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In pci_enumerate_ext_cap we assume the extended capability linked lists
are always legal and correct, which might not be true when there was a
faulty hardware. This patch adds checks (time to live) to guard against malformed
extended capability linked lists.
v2:
Add error printing when node_limit <= 0.
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Though REE VM has its load order to be Service_VM, it does not offer
services as Service VM does. The only hypercalls allowed for REE are the
ones with GUEST_FLAG_REE.
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch wraps the check of GUEST_FLAG_TEE/REE into functions
is_tee_vm/is_ree_vm for readability. No logic changes.
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For WaaG VM, the User VM name is hard coded in the
lifecycle manager, this User VM ("windows") is needed
for guest shutdown.
Note: libvirt will be used to do guest shutdown and
the WaaG VM name will be configurable in furture.
The lifecycle manager starup picture in WaaG VM is out
of data, update it in this patch.
Tracked-on: #6652
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
This patch updates recommendations to upgrade from a prior ACRN version
for v2.7, and updates the what's new summary.
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The CONFIG_LOG_DESTINATION parameter selects where the logging messages
send to,serial console or memory or npk device MMIO region.
Now we want to remove it and check the loglevel of each channel,close the
output when the loglevel is ZERO.
Tracked-On: #6934
Signed-off-by: Chenli Wei <chenli.wei@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. remove LOG_DESTINATION in the related python code, schema and
all existing scenario XML files.
2. for MEM_LOGLEVEL, NPK_LOGLEVEL and CONSOLE_LOGLEVEL,
update the loglevel range to [0, 5] from [0, 6].
Tracked-On: #6934
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
