'assert' usage cleanup to avoid possible software vulnerabilities
Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
cleanup 'assert' usage to avoid possible software vulnerabilities.
Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
cleanup 'assert' to avoid possible software vulnerabilities
Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
- 'assert' cleanup to avoid possible software vulnerabilities.
Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
cleanup 'assert' to avoid possible vulnerabilities.
Tracked-On: #3252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
The current implement doesn't clear which access type we support for
APIC-Access VM Exit:
1) linear access for an instruction fetch
-- APIC-access page is mapped as UC which doesn't support fetch
2) linear access (read or write) during event delivery
-- Which is not happened in normal case except the guest went wrong, such as,
set the IDT table in APIC-access page. In this case, we don't need to support.
3) guest-physical access during event delivery;
guest-physical access for an instruction fetch or during instruction execution
-- Do we plan to support enable APIC in real mode ? I don't think so.
Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In hcall_inject_msi, we check vlapic state of SOS by mistake.
If the SOS's vlapic state doesn't equal to target_vm's, the OVMF will
hang when boot up. Instead, we should check the target_vm's
vlapic state.
Tracked-On: #3069
Acked-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
This patch is to clean up assert from virtio-net.
Tracked-On: #3252
Signed-off-by: Jie Deng <jie.deng@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
This patch is to fix some potential memory leak issues
1, free mrp if the mmio_rb_lookup() function return 0;
2, free memory allocated by strdup in some error case handling.
Tracked-On: #3277
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Replace strlen function with strnlen function in DM
Tracked-On: #3276
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Use strncpy instead of strcpy to avoid buf overflow.
Fix strncpy null-terminated issues.
Tracked-On: #3245
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Remove the use of assert() in passthrough driver.
Tracked-On: #3252
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
When FE virtio devices work in polling mode, sshd.service can't start
normally and blocks at generating random bytes. When reading from
the random source, getrandom() blocks caused by no random bytes.
Tracked-On: #3268
Signed-off-by: Gao Junhao <junhao.gao@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Clear Linux changed from systemd-networkd to NetworkManager as default
"network manager", We need to install "systemd-networkd-autostart"
bundle to enable systemd-networkd to create ACRN network bridges and Tap
devices.
Signed-off-by: Lei Lu <leix.lu@intel.com>
The doxygen-collected API information about function preconditions has a
uninspired title of "pre". This change tweaks that to be
"preconditions" in the generated HTML output by editing the generated
xml output before it is processed by Sphinx/Breathe.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The patch adds new argument for launch_uos script for NUC.
In the patch add "-C" parameter for launch_uos script. When launch
the script with the parameter the ACRN-dm will be launched in the
runC container. For more information about this please refer to
ACRN-dm QoS document.
Tracked-On: #2020
Signed-off-by: Long Liu <long.liu@intel.com>
Reviewed-by: Binbin Wu binbin.wu@intel.com
Reviewed-by: Geoffroy Van Cutsem geoffroy.vancutsem@intel.com
Rename MSI-X struct, pci_msix, member from tables to table_entries
Tracked-On: #3265
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
support compiling system initialization code
to sys_init_mod.a
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
support compiling virtual platform hypercall to vp_hcall_mod.a
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
modified: Makefile
support compiling virtual platform trusty to vp_trusty_mod.a
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
modified: Makefile
support compiling virtual platform device model layer
to vp_dm_mod.a
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
modified: Makefile
support compiling virtual platform base layer to
vp_base_mod.a
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
modified: Makefile
support compiling hw management code to hw_mod.a
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
modified: Makefile
support compiling boot code to boot_mod.a
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
modified: Makefile
HV has been divided into the following layers
according to Jason's modularization documentation
high: 70 -- system initialization
60 -- virtual platform hypercall
50 -- virtual platform trusty
40 -- virtual platform device model
30 -- virtual platform base
20 -- hardware management
10 -- platform boot
low: 00 -- library
this patch is only for library layer,
support compiling library layer to lib_mod.a
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
modified: Makefile
This patch introduces check_vm_vlapic_state API instead of is_lapic_pt_enabled
to check if all the vCPUs of a VM are using x2APIC mode and LAPIC
pass-through is enabled on all of them.
When the VM is in VM_VLAPIC_TRANSITION or VM_VLAPIC_DISABLED state,
following conditions apply.
1) For pass-thru MSI interrupts, interrupt source is not programmed.
2) For DM emulated device MSI interrupts, interrupt is not delivered.
3) For IPIs, it will work only if the sender and destination are both in x2APIC mode.
Tracked-On: #3253
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch introduces vLAPIC state for a VM. The VM vLAPIC state can
be one of the following
* VM_VLAPIC_X2APIC - All the vCPUs/vLAPICs (Except for those in Disabled mode) of this
VM use x2APIC mode
* VM_VLAPIC_XAPIC - All the vCPUs/vLAPICs (Except for those in Disabled mode) of this
VM use xAPIC mode
* VM_VLAPIC_DISABLED - All the vCPUs/vLAPICs of this VM are in Disabled mode
* VM_VLAPIC_TRANSITION - Some of the vCPUs/vLAPICs of this VM (Except for those in Disabled mode)
are in xAPIC and the others in x2APIC
Upon a vCPU updating the IA32_APIC_BASE MSR to switch LAPIC mode, this
API is called to sync the vLAPIC state of the VM. Upon VM creation and reset,
vLAPIC state is set to VM_VLAPIC_XAPIC, as ACRN starts the vCPUs vLAPIC in
XAPIC mode.
Tracked-On: #3253
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
is_xapic_enabled API returns true if vLAPIC is in xAPIC mode. In
all other cases, it returns false.
Tracked-On: #3253
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove static and inline attributes to the API is_x2apic_enabled
and declare a prototype in vlapic.h. Also fix the check performed on guest
APICBASE_MSR value to query vLAPIC mode.
Tracked-On: #3253
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch changes the code in vlapic_set_apicbase for the following reasons
1) Better readability as it first checks if the new value programmed into
MSR is any different from the existing value cached in guest structures
2) Check if both bits 11:10 are set before enabling x2APIC mode for guest.
Current code does not check if Bit 11 is set.
3) Add TODO in the comments, to detail about the current gaps in
IA32_APIC_BASE MSR emulation.
Tracked-On: #3253
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The ACRN primer has be replaced by an updated set of ACRN High-Level Design
documents. Remove the primer (and images), and replace a link to the
graphics mediation section (from API documentation) to the corresponding
section in the APL GVT-g document.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
when DM exit, it is better to call deinit_loggers
to do some cleanup work.
Tracked-On: #3012
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
also add "\n" in the end of each log.
Tracked-On: #3012
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
disk-logger used to save persistent log as file in disk.
log path: /var/log/acrn-dm/
each log file size is 2MB; default 8 log files; the log
files' suffix will be increased; when file count more than 8,
the last one added, the first one is removed, like form 1-8 to
2-9 to 3-10 ...
Tracked-On: #3012
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
variables defined by struct logger_ops just used
in local file, so add static to them.
Tracked-On: #3012
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Old implementation does nothing when Stop Endpoint cmd is received,
it is not right. The new implementation will cancel all the libusb
requests in processing.
Tracked-On: #3054
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Change it to usb_dev_comp_cb, which is more accurate for what
it does. This patch doesn't change original program logic.
Tracked-On: #3054
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
The old implementation processes isoch TRB one by one, this method
can't support scenario which needs high performance, such as real
time USB camera video.
New implementions will compose all the isoch TRBs for one Door Bell
Ring, and give them to libusb as a single request. The test result
shows that this method could greatly improve the porfermance.
Tracked-On: #3054
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
The names for the two variables are too long, change to shorter
name. This patch doesn't change any logic, just clean up.
Tracked-On: #3054
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
The chained field could help to describe the relationship of USB
data blocks.
Tracked-On: #3054
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Save the MaxPacketSize value for every endpoint of virtual
USB device.
Tracked-On: #3054
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
When the SOS kernel/pre-launched OS access the 0xCF8/0xCFC, it will cause
the vm-exit and then the hypervisor tries to emulate the PCI_cfg access.
0xCF8 write: The bdf/reg is captured. cache_reg = value & (0xFF);
0xCFC-0xCFF read/write: offset = address - 0xCFC. Then cached_reg + offset is
used as the offset to access the pci_cfg.
If the aligned reg is passed in 0xCF8 register, it can work well. But when
the unaligned reg is passed in 0xCF8 register, the cached_reg + offset will cause
that the incorrect pci_cfg offset is accessed. For example:
The cached_reg = 0x02(Device_ID offset) based on the value passed from 0xCF8
offset = 2 based on 0xCFC-0xCFF address.
Then cached_reg + offset is used as the offset(PCI_CMD_REG)
In fact the unaligned reg can work well on the real HW.
So the cached_reg should be aligned to handle the unaligned reg passed in
0xCF8 reg.
Tracked-On: #3249
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
