The GPA of TPM device has fixed value TPM_CRB_MMIO_ADDR, remove
TPM_CRB_MMIO_ADDR and allocate GPA base for TPM device
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
The ACPI MMIO devices, like TPM, has a fixed base GPA. Sould support
GPA resource allocating for MMIO devices. GPA region
0xF0000000~0xFE000000 is not used, can allocate GPA from it.
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
There is "void deinit_mmio_devs()" in ./devicemodel/hw/mmio/core.c,
but "int deinit_mmio_devs()" in ./devicemodel/include/mmio_dev.h
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
commit 873ed752d ("misc: sanity check VM config for nested virtualization")
requires that the guest_flag tag can't be empty, or it will fail to build.
This patch changes all instances of "<guest_flag></guest_flag>"
to "<guest_flag>0</guest_flag>".
Tracked-On: #5923
Signed-off-by: Zide Chen <zide.chen@intel.com>
RTCT has been updated to version 2,
this patch updates hypervisor RTCT parser to support
both version 1 and version 2 of RTCT.
Tracked-On: #6020
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Jason CJ Chen <jason.cj.chen@intel.com>
'psram' and 'PSRAM' are legacy names and replaced
with 'ssram' and 'SSRAM' respectively.
Tracked-On: #6012
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Shuang Zheng <shuang.zheng@intel.com>
Define LIST_OF_VMX_MSRS which includes a list of MSRs that are visible to
L1 guests if nested virtualization is enabled.
- If CONFIG_NVMX_ENABLED is set, these MSRs are included in
emulated_guest_msrs[].
- otherwise, they are included in unsupported_msrs[].
In this way we can take advantage of the existing infrastructure to
emulate these MSRs.
Tracked-On: #5923
Spick igned-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In order to support nested virtualization, need to expose the "Enable VMX
outside SMX operation" bit to L1 hypervisor.
Tracked-On: #5923
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch introduces the XML schema `datachecks.xsd` which is the central
place to specify and check assumptions on board characteristics and
scenario settings. Each assumption is expressed as an XSD assertion with
annotation of error severity (e.g. info, warning or error) and detailed
descriptions.
At compile time, the board and scenario XMLs are combined (by putting the
children of the root node together) can checked against the
schema. Assertion failures are categorized according to the defined
severity. Currently only errors will block compilation by outputing the
descriptions of the violated assertions.
The objective of this patch is the introduce the framework to document,
manage and check assumptions. A better way to present assumption violations
to end users (either on the command line or in the configuration editor) is
out of the scope of this series and will be considered in the future.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch extracts information on devices and put them under the
`/acrn-config/devices` node in the board XML.
The generated XML looks like the following:
<devices>
<bus type="system">
<acpi_object>\_SB_</acpi_object>
<bus id="PNP0A08" type="pci" address="0x0" description="...">
<vendor>0x8086</vendor>
<identifier>0x591f</identifier>
<subsystem_vendor>0x1028</subsystem_vendor>
<subsystem_identifier>0x07a1</subsystem_identifier>
<class>0x060000</class>
<acpi_object>\_SB_.PCI0</acpi_object>
<resource type="bus_number" min="0x0" max="0x3e" len="0x3f"/>
<resource type="io_port" min="0x0" max="0xcf7" len="0xcf8"/>
<resource type="io_port" min="0xcf8" max="0xcf8" len="0x8"/>
<resource type="io_port" min="0xd00" max="0xffff" len="0xf300"/>
<resource type="memory" min="0x10000" max="0x1ffff" len="0x0"/>
<resource type="memory" min="0xa0000" max="0xbffff" len="0x20000"/>
<resource type="memory" min="0xc0000" max="0xc3fff" len="0x4000"/>
<resource type="memory" min="0xc4000" max="0xc7fff" len="0x4000"/>
...
<capability id="vendor_specific"/>
<device address="0x1"> ... </device>
...
<bus>
<bus>
<device> ... <device>
<devices>
The hierarchy of devices are based on the hierarchy of device objects in
the ACPI namespace (which is established by interpreting the ACPI DSDT and
SSDT tables). Typically most device objects are under the predefined
`_SB_` (i.e. System Bus) object under which an object representing the PCI
root complex (`\_SB_.PCI0` in the example above) can be found. The PCI
devices attached to bus 0 are listed as children of the PCI root complex
node.
For each bus or device, the board inspector tries best to parse the
information from both ACPI device objects and PCI configuration space to
extract the following:
- the model (via `_HID` object and PCI vendor ID, device ID and class code),
- assigned resources (via `_CRS` object and PCI BARs),
- capabilities (via the PCI capability list)
v1 -> v2:
- Fix references to undeclared modules or variables.
- Make the ACPI extractor advanced and not enabled by default.
- Extract the secondary I/O and memory-mapped I/O addresses of bridges.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch extracts information on mapping of available RAM and put them
under the `/acrn-config/memory` node in the board XML. Each range of
available RAM is represented by its start (host physical) address, end
address and size (in byte).
The following is an example of the generated XML.
<memory>
<range start="0x0000000000000000" end="0x0000000000057fff" size="360448"/>
<range start="0x0000000000059000" end="0x000000000009dfff" size="282624"/>
<range start="0x0000000000100000" end="0x00000000c9ff9fff"
size="3387924480"/>
<range start="0x00000000c9ffc000" end="0x00000000d984afff"
size="260370432"/>
<range start="0x00000000dbdff000" end="0x00000000dbdfffff" size="4096"/>
<range start="0x0000000100000000" end="0x000000041dffffff"
size="13388218368"/>
</memory>
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch extracts information on cache topology and capabilities and put
them under the `/acrn-config/caches` node in the board XML in the following
manner.
<caches>
<cache level="1" id="0x0" type="1">
<cache_size>32768</cache_size>
<line_size>64</line_size>
<ways>8</ways>
<sets>64</sets>
<partitions>1</partitions>
<self_initializing>1</self_initializing>
<fully_associative>0</fully_associative>
<write_back_invalidate>0</write_back_invalidate>
<cache_inclusiveness>0</cache_inclusiveness>
<complex_cache_indexing>0</complex_cache_indexing>
<processors>
<processor>0x0</processor>
<processor>0x1</processor>
</processors>
</cache>
<cache level="1" id="0x0" type="2"> ... </cache>
<cache level="1" id="0x1" type="1"> ... </cache>
<cache level="1" id="0x1" type="2"> ... </cache>
...
<cache level="2" id="0x0" type="3"> ... </cache>
<cache level="2" id="0x1" type="3"> ... </cache>
...
<cache level="3" id="0x0" type="3"> ... </cache>
</caches>
Each cache block is represented by a separate `cache` node identified by
its level, cache ID and type (as reported by CPUID). More information, such
as the size, characteristics and capabilities, are attached as children of
the node.
The current implementation fetches cache information solely from the CPUID
leaf 4H. In the future more cache-related information, such as those in the
ACPI RTCT tables, will be appended here.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch extracts information on CPU topology and capability and put them
under the `/acrn-config/processors` node in the board XML.
The added information can be divided into two categories.
1. The topology of CPUs like the following. Each thread (which is a leaf
node in the topology) contains its addresses (i.e. CPU ID, APIC ID,
x2APIC ID) and model identifiers (i.e. family, model, stepping IDs, core
types and native model ID).
<die id="0">
<core id="0x0">
<thread id="0x0">
<cpu_id>0</cpu_id>
<apic_id>0x0</apic_id>
<x2apic_id>0x0</x2apic_id>
<family_id>0x6</family_id>
<model_id>0x9e</model_id>
<stepping_id>0x9</stepping_id>
<core_type></core_type>
<native_model_id></native_model_id>
</thread>
<thread id="0x1"> ... </thread>
</core>
<core id="0x1">
<thread id="0x2"> ... </thread>
<thread id="0x3"> ... </thread>
</core>
<core id="0x2">
<thread id="0x4"> ... </thread>
<thread id="0x5"> ... </thread>
</core>
<core id="0x3">
<thread id="0x6"> ... </thread>
<thread id="0x7"> ... </thread>
</core>
</die>
2. The CPU models identified by the quadruple (family_id, model_id,
core_type, native_model_id). Each model is described by its brandstring
and capabilities, both of which are fetched from CPUID leaves.
<model description="Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz">
<family_id>0x6</family_id>
<model_id>0x9e</model_id>
<core_type></core_type>
<native_model_id></native_model_id>
<capability id="sse3"/>
<capability id="pclmulqdq"/>
<capability id="dtes64"/>
<capability id="monitor"/>
...
</model>
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch makes the `run.py` enumerate and invoke all extractors (whose
name should be `##-<name>.py` where `##` is a decimal number for ordering)
under the extractors/ directory. Only some helper subroutines are added in
this patch; the actual extractors will be added in the subsequent patches
in this series.
v1 -> v2:
- Allow an extractor to be classified as advanced by defining the variable
`advanced` to True. Advanced extractors are not enabled by default and
can be invoked by passing `--advanced` to the board inspector.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch adds a parser of SMBIOS tables. The tables are fetched from
/sys/firmware/dmi/tables on target board. The parser comes from
BITS (https://biosbits.org/) without modifications, except how the raw
SMBIOS tables are read.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch adds a parser of PCI-compatible configuration space read from
sysfs. The headers and capability lists are fully parsed, but only a couple
of capabilities are parsed completely. Parsing of additional capabilities
will be added on an on-demand basis.
v1 -> v2:
- Fix a typo that causes incorrect parsing of BAR types
- Parse capability structures using from_buffer_copy instead of
from_address
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch adds a parser and interpreter of ACPI DSDT/SSDT tables in
AML (ACPI Machine Language) in order to understand the complete device
layout and resource allocation.
Kindly note that the interpreter is still experimental and not yet
complete.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch adds a parser of the physical E820 memory maps fetched from
/sys/firmware/memmap.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch adds a parser of CPU identification information reported by the
CPUID instruction.
The framework is based on the CPUID parsing facilities in
BITS (https://biosbits.org/), but with the following changes.
1. The CPUID data is fetched by executing the `cpuid` utility, rather than
executing the `cpuid` instruction. This avoids introducing any
additional library or Python/C extension and gets a CPUID leaf on all
physical cores in one shot.
2. Parsers of CPUID leaves 0x10, 0x1A and 0x1F are added. New fields in
existing leaves are also added.
3. A wrapper function, named `parse_cpuid`, is added as the single API that
allows other modules to get an arbitrary CPUID leaf or subleaf.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Starting from Python 3.0 the following changes to the language are
effective:
1. The integer types `int` and `long` have been unified as `int`. See
`https://www.python.org/dev/peps/pep-0237/` for details.
2. The `.iterkeys` method is removed from the `dict` class. See
`https://www.python.org/dev/peps/pep-3106/` for details.
This patch updates `unpack.py`, originally from BITS, so that it can be
used in Python 3.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch reorganize the files of the board inspector as follows.
1. Rename the directory name from `target` to `board_inspector`, in order to
align with the name used in ACRN documentation.
2. Move the scripts that generate the current board XML into the `legacy`
sub-directory. The legacy nodes will be removed after transitioning to the
new board XML schema completely,
3. Add the main script `cli.py` which is the command line interface of the board
inspector.
v1 -> v2:
- Rename `run.py` to `cli.py`.
Tracked-On: #5922
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
For simplification purpose, use 'ssram' instead of
'software sram' for local names inside rtcm module.
Tracked-On: #6015
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The ivshmem region name format is not ristricted to start with "hv".
Loosen the schema validation so that the region name can start with "hv" or "dm".
Tracked-On: #6009
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Move Cache/TLB arch specific parts into cpu.h
After this change, we should not expose arch specific parts out from mmu.h
Tracked-On: #5830
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Allow guest set CR4_VMXE if CONFIG_NVMX_ENABLED is set:
- move CR4_VMXE from CR4_EMULATED_RESERVE_BITS to CR4_TRAP_AND_EMULATE_BITS
so that CR4_VMXE is removed from cr4_reserved_bits_mask.
- force CR4_VMXE to be removed from cr4_rsv_bits_guest_value so that CR4_VMXE
is able to be set.
Expose VMX feature (CPUID01.01H:ECX[5]) to L1 guests whose GUEST_FLAG_NVMX_ENABLED
is set.
Assuming guest hypervisor (L1) is KVM, and KVM uses EPT for L2 guests.
Constraints on ACRN VM.
- LAPIC passthrough should be enabled.
- use SCHED_NOOP scheduler.
Tracked-On: #5923
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
moving invvpid and invept helper code from mmu.c to mmu.h, so that they
can be accessed by the nested virtualization code.
No logical changes.
Tracked-On: #5923
Signed-off-by: Zide Chen <zide.chen@intel.com>
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- SOS does not allow LAPIC passthru unless nested virtualization is
enabled on SOS.
- Currently nested virtualization requires LAPIC passthru, so if
GUEST_FLAG_VMX_ENABLED is set, GUEST_FLAG_LAPIC_PASSTHROUGH must be
set in same VM.
- Per VM GUEST_FLAG_VMX_ENABLED can be set only if CONFIG_VMX_ENABLED
is set.
Tracked-On: #5923
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
NVMX_ENABLED: ACRN is built to support nested virtualization if set.
GUEST_FLAG_NVMX_ENABLED: indicates that the VMX capability can be present
in this guest to run nested VMs.
Tracked-On: #5923
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
TPAUSE, UMONITOR or UMWAIT instructions execution in guest VM cause
a #UD if "enable user wait and pause" (bit 26) of VMX_PROCBASED_CTLS2
is not set. To fix this issue, set the bit 26 of VMX_PROCBASED_CTLS2.
Besides, these WAITPKG instructions uses MSR_IA32_UMWAIT_CONTROL. So
load corresponding vMSR value during context switch in of a vCPU.
Please note, the TPAUSE or UMWAIT instruction causes a VM exit if the
"RDTSC exiting" and "enable user wait and pause" are both 1. In ACRN
hypervisor, "RDTSC exiting" is always 0. So TPAUSE or UMWAIT doesn't
cause a VM exit.
Performance impact:
MSR_IA32_UMWAIT_CONTROL read costs ~19 cycles;
MSR_IA32_UMWAIT_CONTROL write costs ~63 cycles.
Tracked-On: #6006
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
The xml schema validator would fail the build if RDT_ENABLED is set to ‘y’
in scenario file, saying that "'RDT' Unexpected child with tag 'MBA_DELAY'"
Tracked-On: #5917
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
The macro definition SOS_VM_BOOTARGS in vm_configurations.h calls
macros SOS_ROOTFS, SOS_CONSOLE and SOS_BOOTARGS_DIFF which is defined in
misc_cfg.h and parsed from scenario.xmls.
Add a whitespace in the end of the argument macros to prevent arguments
are concatenated in a single line.
Tracked-On: #5998
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
The current permission-checking and dispatching mechanism of hypercalls is
not unified because:
1. Some hypercalls require the exact vCPU initiating the call, while the
others only need to know the VM.
2. Different hypercalls have different permission requirements: the
trusty-related ones are enabled by a guest flag, while the others
require the initiating VM to be the Service OS.
Without a unified logic it could be hard to scale when more kinds of
hypercalls are added later.
The objectives of this patch are as follows.
1. All hypercalls have the same prototype and are dispatched by a unified
logic.
2. Permissions are checked by a unified logic without consulting the
hypercall ID.
To achieve the first objective, this patch modifies the type of the first
parameter of hcall_* functions (which are the callbacks implementing the
hypercalls) from `struct acrn_vm *` to `struct acrn_vcpu *`. The
doxygen-style documentations are updated accordingly.
To achieve the second objective, this patch adds to `struct hc_dispatch` a
`permission_flags` field which specifies the guest flags that must ALL be
set for a VM to be able to invoke the hypercall. The default value (which
is 0UL) indicates that this hypercall is for SOS only. Currently only the
`permission_flag` of trusty-related hypercalls have the non-zero value
GUEST_FLAG_SECURE_WORLD_ENABLED.
With `permission_flag`, the permission checking logic of hypercalls is
unified as follows.
1. General checks
i. If the VM is neither SOS nor having any guest flag that allows
certain hypercalls, it gets #UD upon executing the `vmcall`
instruction.
ii. If the VM is allowed to execute the `vmcall` instruction, but
attempts to execute it in ring 1, 2 or 3, the VM gets #GP(0).
2. Hypercall-specific checks
i. If the hypercall is for SOS (i.e. `permission_flag` is 0), the
initiating VM must be SOS and the specified target VM cannot be a
pre-launched VM. Otherwise the hypercall returns -EINVAL without
further actions.
ii. If the hypercall requires certain guest flags, the initiating VM
must have all the required flags. Otherwise the hypercall returns
-EINVAL without further actions.
iii. A hypercall with an unknown hypercall ID makes the hypercall
returns -EINVAL without further actions.
The logic above is different from the current implementation in the
following aspects.
1. A pre-launched VM now gets #UD (rather than #GP(0)) when it attempts
to execute `vmcall` in ring 1, 2 or 3.
2. A pre-launched VM now gets #UD (rather than the return value -EPERM)
when it attempts to execute a trusty hypercall in ring 0.
3. The SOS now gets the return value -EINVAL (rather than -EPERM) when it
attempts to invoke a trusty hypercall.
4. A post-launched VM with trusty support now gets the return value
-EINVAL (rather than #UD) when it attempts to invoke a non-trusty
hypercall or an invalid hypercall.
v1 -> v2:
- Update documentation that describe hypercall behavior.
- Fix Doxygen warnings
Tracked-On: #5924
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ehl-crb-b
enable CDP_ENABLED for RT in scenarios, enable ivshmem for industry
scenario, disable vuart0 in launch settings, passthru SATA for RTVM,
set virtio-net and virtio-blk for post-launched WaaG and YaaGs.
Tracked-On: #5955
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
1. Add whitespace in the string "ubuntu18.04";
2. Update the Kernel version;
3. Update ACRN qemu HV tag format and add a note.
Tracked-On: #5928
Signed-off-by: Kunhui Li <kunhuix.li@intel.com>
Fix a couple of typos in text displayed by a helper script
used when building ACRN. No functional change made to the
script itself.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Instead of "#include <x86/foo.h>", use "#include <asm/foo.h>".
In other words, we are adopting the same practice in Linux kernel.
Tracked-On: #5920
Signed-off-by: Liang Yi <yi.liang@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Add "transform" to generate following files with xsltproc in genconf.sh:
- ivshmem_cfg.h
- misc_cfg.h
- pt_intx.c
- vm_configurations.c
- vm_configurations.h
Add code formatter using clang-format. It formats the gernerated code
with customized condfiguration if clang-format package and configuraion
file ".clang-format" exist.
Add sed in genconf.sh "transform" to replace the copyright "YEAR" of generated files.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add comma to the last member of ivshmem pci devices.
If the last element ends without comma, the clang-format would attach
the brackets to the first and last lines.
Tracked-On: #5980
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
