From a4d562daa0d4b9928ec91fef632df999b7a3fd3f Mon Sep 17 00:00:00 2001
From: Yuan Liu <yuan1.liu@intel.com>
Date: Thu, 10 Oct 2019 14:50:34 +0800
Subject: [PATCH] dm: Add Oracle subsystem vendor ID

After Windows 10, version 1607, the cross-signed drivers are forbiden
to load when secure boot is enabled.

Details please refer to
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later-

That means the kvm-guest-drivers-windows can't work when secure boot enabled.
So we found another windows virtio FE drivers from Oracle to resolve this issue
but have to change another subsystem vendor ID for the virtio BE services.

This patch introduces a new DM CMD line "--windows" to launch WaaG with Oracle virtio devices including
virtio-blk, virtio-net, virtio-input instead Redhat. It can make virtio-blk, virtio-net and virtio-input
devices work when WaaG enabling secure boot.

Tracked-On: #3583
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
---
 devicemodel/core/main.c                  | 10 +++++++++-
 devicemodel/hw/pci/virtio/virtio_block.c |  5 ++++-
 devicemodel/hw/pci/virtio/virtio_input.c |  5 ++++-
 devicemodel/hw/pci/virtio/virtio_net.c   |  5 ++++-
 devicemodel/include/dm.h                 |  1 +
 devicemodel/include/virtio.h             |  1 +
 devicemodel/samples/nuc/launch_win.sh    |  1 +
 7 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/devicemodel/core/main.c b/devicemodel/core/main.c
index 989b2d078..ddb4ec843 100644
--- a/devicemodel/core/main.c
+++ b/devicemodel/core/main.c
@@ -87,6 +87,7 @@ char *mac_seed;
 bool stdio_in_use;
 bool lapic_pt;
 bool is_rtvm;
+bool is_winvm;
 bool skip_pci_mem64bar_workaround = false;
 
 static int guest_ncpus;
@@ -175,7 +176,9 @@ usage(int code)
 		"       --rtvm: indicate that the guest is rtvm\n"
 		"       --logger_setting: params like console,level=4;kmsg,level=3\n"
 		"       --pm_notify_channel: define the channel used to notify guest about power event\n"
-		"       --pm_by_vuart:pty,/run/acrn/vuart_vmname or tty,/dev/ttySn\n",
+		"       --pm_by_vuart:pty,/run/acrn/vuart_vmname or tty,/dev/ttySn\n"
+		"       --windows: support Oracle virtio-blk, virtio-net and virtio-input devices\n"
+		"            for windows guest with secure boot\n",
 		progname, (int)strnlen(progname, PATH_MAX), "", (int)strnlen(progname, PATH_MAX), "",
 		(int)strnlen(progname, PATH_MAX), "", (int)strnlen(progname, PATH_MAX), "",
 		(int)strnlen(progname, PATH_MAX), "", (int)strnlen(progname, PATH_MAX), "",
@@ -730,6 +733,7 @@ enum {
 	CMD_OPT_LOGGER_SETTING,
 	CMD_OPT_PM_NOTIFY_CHANNEL,
 	CMD_OPT_PM_BY_VUART,
+	CMD_OPT_WINDOWS,
 };
 
 static struct option long_options[] = {
@@ -769,6 +773,7 @@ static struct option long_options[] = {
 	{"logger_setting",	required_argument,	0, CMD_OPT_LOGGER_SETTING},
 	{"pm_notify_channel",	required_argument,	0, CMD_OPT_PM_NOTIFY_CHANNEL},
 	{"pm_by_vuart",	required_argument,	0, CMD_OPT_PM_BY_VUART},
+	{"windows",		no_argument,		0, CMD_OPT_WINDOWS},
 	{0,			0,			0,  0  },
 };
 
@@ -930,6 +935,9 @@ main(int argc, char *argv[])
 			if (parse_pm_by_vuart(optarg) != 0)
 				errx(EX_USAGE, "invalid pm-by-vuart params %s", optarg);
 			break;
+		case CMD_OPT_WINDOWS:
+			is_winvm = true;
+			break;
 		case 'h':
 			usage(0);
 		default:
diff --git a/devicemodel/hw/pci/virtio/virtio_block.c b/devicemodel/hw/pci/virtio/virtio_block.c
index b368cd6eb..21fecff3c 100644
--- a/devicemodel/hw/pci/virtio/virtio_block.c
+++ b/devicemodel/hw/pci/virtio/virtio_block.c
@@ -544,7 +544,10 @@ virtio_blk_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 	pci_set_cfgdata16(dev, PCIR_VENDOR, VIRTIO_VENDOR);
 	pci_set_cfgdata8(dev, PCIR_CLASS, PCIC_STORAGE);
 	pci_set_cfgdata16(dev, PCIR_SUBDEV_0, VIRTIO_TYPE_BLOCK);
-	pci_set_cfgdata16(dev, PCIR_SUBVEND_0, VIRTIO_VENDOR);
+	if (is_winvm == true)
+		pci_set_cfgdata16(dev, PCIR_SUBVEND_0, ORACLE_VENDOR_ID);
+	else
+		pci_set_cfgdata16(dev, PCIR_SUBVEND_0, VIRTIO_VENDOR);
 
 	if (virtio_interrupt_init(&blk->base, virtio_uses_msix())) {
 		/* call close only for valid bctxt */
diff --git a/devicemodel/hw/pci/virtio/virtio_input.c b/devicemodel/hw/pci/virtio/virtio_input.c
index 7217117a8..c9411165f 100644
--- a/devicemodel/hw/pci/virtio/virtio_input.c
+++ b/devicemodel/hw/pci/virtio/virtio_input.c
@@ -700,7 +700,10 @@ virtio_input_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 	pci_set_cfgdata8(dev, PCIR_CLASS, PCIC_INPUTDEV);
 	pci_set_cfgdata8(dev, PCIR_SUBCLASS, PCIS_INPUTDEV_OTHER);
 	pci_set_cfgdata16(dev, PCIR_SUBDEV_0, 0x1100);
-	pci_set_cfgdata16(dev, PCIR_SUBVEND_0, VIRTIO_VENDOR);
+	if (is_winvm == true)
+		pci_set_cfgdata16(dev, PCIR_SUBVEND_0, ORACLE_VENDOR_ID);
+	else
+		pci_set_cfgdata16(dev, PCIR_SUBVEND_0, VIRTIO_VENDOR);
 	pci_set_cfgdata16(dev, PCIR_REVID, 1);
 
 	if (virtio_interrupt_init(&vi->base, virtio_uses_msix())) {
diff --git a/devicemodel/hw/pci/virtio/virtio_net.c b/devicemodel/hw/pci/virtio/virtio_net.c
index d38d3ec1e..a61a10af7 100644
--- a/devicemodel/hw/pci/virtio/virtio_net.c
+++ b/devicemodel/hw/pci/virtio/virtio_net.c
@@ -866,7 +866,10 @@ virtio_net_init(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
 	pci_set_cfgdata16(dev, PCIR_VENDOR, VIRTIO_VENDOR);
 	pci_set_cfgdata8(dev, PCIR_CLASS, PCIC_NETWORK);
 	pci_set_cfgdata16(dev, PCIR_SUBDEV_0, VIRTIO_TYPE_NET);
-	pci_set_cfgdata16(dev, PCIR_SUBVEND_0, VIRTIO_VENDOR);
+	if (is_winvm == true)
+		pci_set_cfgdata16(dev, PCIR_SUBVEND_0, ORACLE_VENDOR_ID);
+	else
+		pci_set_cfgdata16(dev, PCIR_SUBVEND_0, VIRTIO_VENDOR);
 
 	/* Link is up if we managed to open tap device */
 	net->config.status = (opts == NULL || net->tapfd >= 0);
diff --git a/devicemodel/include/dm.h b/devicemodel/include/dm.h
index 7bea234f9..f691ab765 100644
--- a/devicemodel/include/dm.h
+++ b/devicemodel/include/dm.h
@@ -48,6 +48,7 @@ extern bool stdio_in_use;
 extern char *mac_seed;
 extern bool lapic_pt;
 extern bool is_rtvm;
+extern bool is_winvm;
 
 int vmexit_task_switch(struct vmctx *ctx, struct vhm_request *vhm_req,
 		       int *vcpu);
diff --git a/devicemodel/include/virtio.h b/devicemodel/include/virtio.h
index 1c7e12e09..5793db382 100644
--- a/devicemodel/include/virtio.h
+++ b/devicemodel/include/virtio.h
@@ -213,6 +213,7 @@ enum {
  * PCI vendor/device IDs
  */
 #define	INTEL_VENDOR_ID		0x8086
+#define	ORACLE_VENDOR_ID	0x108E
 #define	VIRTIO_VENDOR		0x1AF4
 #define	VIRTIO_DEV_NET		0x1000
 #define	VIRTIO_DEV_BLOCK	0x1001
diff --git a/devicemodel/samples/nuc/launch_win.sh b/devicemodel/samples/nuc/launch_win.sh
index c00095a06..6590ab001 100755
--- a/devicemodel/samples/nuc/launch_win.sh
+++ b/devicemodel/samples/nuc/launch_win.sh
@@ -25,6 +25,7 @@ acrn-dm -A -m $mem_size -s 0:0,hostbridge -s 1:0,lpc -l com1,stdio \
   -s 4,virtio-net,tap0 \
   -s 5,passthru,00/1f/3 \
   --ovmf /usr/share/acrn/bios/OVMF.fd \
+  --windows \
   $vm_name
 }