Two utility functions are copied and adapted from hyerpervisor:
ffs64
bitmap_clear_nolock
Two public functions are provided for future use (such as for RTCTv2)
pcpuid_from_vcpuid
lapicid_from_pcpuid
Tracked-On: #6020
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
This allows users to retrieve and use the requested platform_info information from hypervisor
Tracked-On: #6020
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
When a platform reboots or shuts down, the contents of RAM are not immediately
lost but begins to decay. During this period, there is a short timeframe during
which an attacker can turn the platform back on to boot into a program that
dumps the contents of memory (e.g., cold boot attacks). Encryption keys and
other secrets can be easily compromised through this method.
We already erasing the guest memory data when the guest is shut down normally.
However, if the guest is shut down abnormally, the contents of RAM may still
there. This patch mitigate this kind reset attack for a DM launched VM by
erasing the guest memory data by the guest has been created.
Tracked-On: #6061
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Only free rb_entry when we remove this entry from the rb tree, otherwise, a
page fault would trigger when next rb itreation would access the freed rb_entry.
Tracked-On: #6056
Signed-off-by: Li Fei1 <fei1.li@intel.com>
A user can use "--pm_notify_channel uart,allow_trigger_s5" to indicate
the User VM is allowed to trigger system S5.
"--pm_notify_channel uart" means a vuart channel will be created in the
User VM to allow communication with the VM's life_mngr. The Service VM
can then initiate S5 in the guest via its dm's monitor interface. The
additional option, "allow_trigger_s5", will create a socket connection
with the Service VM's life_mngr, allowing this VM to initiate system S5.
v1 -> v2:
- rename pm_notify_channel type to PWR_EVENT_NOTIFY_UART_TRIG_PLAT_S5
Tracked-On: #6034
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Add one more sanity check: If the root port has more than
one child, we won't enable PTM on the guest.
This is not necessarily an error. We flag it as
error just because we don't have this type of hw
configuration at development time thus this configuration
is not tested.
Tracked-On: #5915
Signed-off-by: Rong Liu <rong.l.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Unify two functions definitions/declarifications:
Update the parameters from char array to char pointer.
to fix the build issue:
probeutils.c:61:29: error: argument 1 of type 'char *' declared
as a pointer [-Werror=array-parameter=]
Initialize local variable "c" to fix build issue:
core/mevent.c:122:21: error: 'c' may be used uninitialized
[-Werror=maybe-uninitialized]
Tracked-On: #5993
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
The TPM information in ACPI table is for both VPTM and passthough TPM,
so only one TPM device is allowed.
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
ACRN didn't support dynamic memory allocation. SO it would reserve
a big page pool and use the GPA as index to get a page to do EPT
mapping. In order to save memory, we put high MMIO windows to [4G, 5G].
AFter we support dynamic page allocation for EPT mapping, we move
high MMIO windows to where it used to ([256G, 512G]) for 39 bits physical
address), we could move high memory to where is used to too ([4G, 4G +
size]).
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Windows graphic driver obtains DSM address from in-BAR mmio register
which has passthroughed. Not like the other platforms obtained from
pci configure space register which has virtualized. GPU GuC must use
WOPCM in DSM, besides, Windows OS wants to manage DSM also. These two
reason force acrn has to keep identical mapping to avoid trap mmio
BAR to do the emulation.
Tracked-On: #5880
Signed-off-by: Peng Sun <peng.p.sun@intel.com>
Update the 'acrn-dm' usage information. It is displayed when using
'-h' or when an argument parsing error occured but was not up-to-date
with the actual implementation.
Tracked-On: #5781
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
- Exit main() if pm_by_vuart_init() fails
- Use SIGHUP to gracefully power off a VM if pm_monitor_loop()
encounters a failure
- Identify a closed socket as a failure in pm_monitor_loop()
Tracked-On: #5736
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
resize vm_config buffer from 16KB to 32KB, as 16KB
is not enough on EHL platform, which will result in
crash when accessing this memory.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
GPA base of SW SRAM can't be hardcoded as physical address
of SW SRAM(HPA), as this HPA may vary on different platform.
This patch reserves a dedicated memory slot[GPA: 2G - 8M, 2G)
as SW SRAM region.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch prepares vRTCT for post-RTVM instead of
pass-thru native RTCT:
- Configurations are based on Service VM native RTCT.
- Remap vLAPIC IDs in vRTCT.
- Remap base address of SW SRAM memory regions
from HPA to GPA.
- HPA base of Software SRAM shall be parsed from PTCT
instead of hardcoding.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch add function 'vm_get_config()' to get
configuration information for current VM from hypervisor.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
paddr_guest2host may return NULL, this patch checks the return value
to avoid null pointer dereference.
Tracked-On: #5514
Signed-off-by: Liu Long <long.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Update and light clean-up of the buit-in list of arguments from 'acrn-dm'
* Added options in the top part (list with no explanation)
* Remove a couple of arguments that are no longer valid ('vmcfg' and 'dump')
Tracked-On: #5445
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
In addition to a single OVMF image (OVMF.fd), split images
(OVMF_CODE.fd, OVMF_VARS.fd) can be used to facilitate VM management.
From the OVMF Whitepaper:
The variable store and the firmware executable are also available in
the build output as separate files entitled: "OVMF_VARS.fd" and
"OVMF_CODE.fd". This enables central management and updates of the
firmware executable, while each virtual machine can retain its own
variable store.
An example to launch acrn-dm with the split images:
--ovmf code=/usr/share/acrn/bios/OVMF_CODE.fd, \
vars=/usr/share/acrn/bios/OVMF_VARS.fd
v1 -> v2:
- use memory-mapped file I/O for writeback
- use fcntl to lock OVMF image files
Tracked-On: #5487
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Windows graphic driver obtains DSM address from in-BAR mmio register
which has passthroughed. Not like the other platforms obtained from
pci configure space register which has virtualized. So TGL has to
keep identical mapping to avoid trap mmio BAR to do the emulation.
To keep simple, this patch hardcode the TGL DSM region in vE820
table, this will cause memory waste here. In the near future, we
need refine the entire vE820 logic as it is hard to maintained
due to many reserved regions have introduced in recently.
Signed-off-by: Sun Peng <peng.p.sun@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Tracked-On: #5461
dm: pSRAM: added a command line parameter "--psram" to enable pSRAM
support for post-launched RTVM
Added "--psram" in DM command line to enable pSRAM support for
post-launched RTVM
Tracked-On: #5330
Signed-off-by: Qian Wang <qian1.wang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
dm: modify vE820 to adapt to pSRAM for post-launched RTVM
When pSRAM is enabled for post-launched RTVM, we add a segment in vE820 for
pSRAM, and therefore the lowmem RAM will be split into part1 and part2.
Also, code of post vE820 initialization is refined
Tracked-On: #5330
Signed-off-by: Qian Wang <qian1.wang@intel.com>
dm: vptct: add vPTCT for post-launched RTVM
We added vPTCT support for post-launched RTVM:
1. Added a function create_and_inject_vptct. Currently, we
pass-through the whole pSRAM to one RTVM, so we will also pass-
through the PTCT to the very same RTVM. This function will
read the native PTCT from SOS and inject it into post-
launched VM's vACPI.
2. Added some definitions for vPTCT.
Tracked-On: #5330
Signed-off-by: Qian Wang <qian1.wang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
We don't reserve PCI MMIO in e820 Table, it's included in DSDT ACPI Table.
About 0xA0000 - 0x100000 entry, we don't have any ACPI Table touch this region.
So we could remove it too.
After this change, we could only pass the reserved e820 table which we must
reserve to OVMF. In this case, the OVMF could trust ACRN-DM and pass the
reserved e820 table to guest instead of dropping it.
This patch needs the corresponding modify in OVMF. Otherwise, the guest could
not boot.
Tracked-On: #4550
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
pm_vuart stops listening and relays the message right away if it
encounters EAGAIN during read(). This causes the messages relayed to be
fragmented.
Only relay the message when it encounters a null character or a newline
character, or when the buffer is full.
Tracked-On: #5429
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Fix typo error "--apicdev_pt HID" to pass through a TPM device. Fix it to
"--acpidev_pt HID"
Tracked-On: #5401
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Add Null pointer check in init vq ring and add vq ring descriptor
check in case cause Nullpointer exception.
Tracked-On: #5355
Signed-off-by: Liu Long <long.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Add IC_CREATE_DEVICE and IC_DESTROY_DEVICE ioctls to create and
destroy an emulated device in hypervisor
v3: change IC_CREATE_DEVICE and IC_DESTROY_DEVICE to IC_CREATE_HV_VDEV
and IC_DESTROY_HV_VDEV
Tracked-On: #4853
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
We could add MMIO device pass through by two ways:
a) If the MMIO device only has MMIO regions and no ACPI Table touched, using
"--mmiodev_pt MMIO_regions",
b) If the MMIO device touches ACPI Table, using "--acpidev_pt HID"
Now only support TPM2 MSFT0101 MMIO device pass through through launch script
using "--acpidev_pt MSFT0101". When we want to pass through the TPM2 deivce,
we would not allow to emulate the vTPM2 at the same time. This is becuase
the ACRN-DM emulate the TPM2 as MSFT0101 too. Otherwise, the VM can't boot.
Besides, we could only support one TPM2 device PT and one MMIO device PT.
For TPM2 device PT, the MMIO resources are hard-coded. For the MMIO device PT,
we could pass through the MMIO resources on the cmdline.
ToDo:
1. We may use HID to discover the MMIO regions and ACPI Table instaed of
hard-coded.
2. To identify a MMIO device only by MMIO regions.
3. To allocate virtual MMIO regions in a reserved guest MMIO regions.
Tracked-On: #5053
Signed-off-by: Li Fei1 <fei1.li@intel.com>
hugetlb_lv_max will get wrong value if the HUGETLB_LV2 mount failed.
Once hugetlb_lv_max is wrong, the following code logic messes up.
Tracked-On: #4937
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
- re-arange the code to make static code analysis tool happy.
- If no valid conversion could be performed, a zero value is returned
(0L) from strtol(), so add a sanity check "isdigit(cp[0])" to ensure
that it won't unexpectedly parse CPU 0 if the string starts or ends
with the valid delimiters ',' or '-', for example:
-- cpu_affinity 1,
-- cpu_affinity ,1
Tracked-On: #4616
Signed-off-by: Zide Chen <zide.chen@intel.com>
To remove the limit of 4MB ramdisk size simply adjust layout
dynamically according to ramdisk size rounded up to a 4K boundary.
This enables ramdisk based virtual machines which tend to have
large ramdisk memory requirements (128MB and above).
Tracked-On: #4840
Signed-off-by: Helmut Buchsbaum <helmut.buchsbaum@opensource.tttech-industrial.com>
The 'pause/continue' acrnctl cmd is never used and their action are not
defined for ACRN VMs. Devicemodel minitor doesn't need to handle these 2
msg, should be removed.
Tracked-On: #4790
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
Remove the 'p' argument from the list as it is now obsolete and there is no
implementation for it in the code.
Tracked-On: #4732
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
User has a chance to specify VCPU affinity through acrn-dm command line
argument. Examples of the command line:
3 PCPUs: 1/2/3
--cpu_affinity 1-3
5 PCPUs: 2/3/6/7/8
--cpu_affinity 2,3,6-8
8 PCPUs: 2/3/6/7/9/10/11/12
--cpu_affinity 2,3,6-7,9,10-12
The specified pCPUs must be included in the guest VM's statically
defined vm_config[].cpu_affinity_bitmap.
Tracked-On: #4616
Signed-off-by: Zide Chen <zide.chen@intel.com>
now VM state transition only allows VM_PAUSED to
VM_POWERED_OFF, this patch call vm_pause before vm_destroy
in some vm failure cases.
Tracked-On: #4320
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
it will send "acked" message to UOS if it receives
"shutdown" command from UOS, then wait UOS poweroff itself,
it will send shutdown to life_mngr running on SOS to
shutdown system.
Tracked-On: #4446
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Change shutdown_uos_thread to pm_monitor thread,
the shutdown_uos_thread can do:
--send shutdown request to UOS
--receive acked message from UOS
the pm_monitor can do:
--send shutdown request to UOS
--receive acked message from UOS
--receive shutdown request from UOS
Tracked-On: #4446
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
set the attributes during pm-vuart initialization
to avoid the pm-vuart in an indefinite state.
Currently we have implemented S5 triggered by SOS,
these patch series both support S5 triggered by SOS and RTVM.
the fully steps for S5 triggered by SOS:
1) S5-Trigger: it initiates the platform shutdown actions;
it calls “acrnctl stop vmX” to do that,
and check the VM's status, power-off SOS itself.
2) acrnctl will send “stop” to “acrn-dm”
3) acrn-dm will send “shutdown” command to VMx by v-UART.
4) when life-cycle manager in VMx receives the “shutdown” command,
it will give an “acked” to acrn-dm, and then poweroff itself.
the fully steps for S5 triggered by RTVM:
1) S5-Trigger in RTVM: it initiates the platform shutdown actions;
it’ll send shutdown command for platform shutdown to
life-cycle manager
2) when life-cycle manager in RTVM receive the message,
it will send “shutdown” command to acrn-dm in SOS by v-UART.
3) when acrn-dm receives the “shutdown” command from RTVM,
it will give an “acked” to RTVM, RTVM’s life-cycle manager can
power off itself
4) acrn-dm will send “shutdown” command to its own life-cycle manager
by socket.
5) when life-cycle manager in SOS receives the “shutdown” command,
it can call “s5_trigger” script to shutdown platform.
Tracked-On: #4446
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
