Trivy scaned one vulnerability three days ago and we fixed it now.
The title for vulnerability is openssl's `MemBio:get_buf` has undefined
behavior with empty buffers.
I tested through building configurator, launching it and generating
scenario.xml & launch scripts. I confirmed the result is correct.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8668
GUEST_FLAG_STATELESS indicates guest is running a stateless operating
system and need to be shutdown forcefully without data loss. This flag
is only appalicable to pre-launched VM. For TEE_VM, this flag will be
set implicitly.
Tracked-On: #8671
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
This patch is to support Main VM, i.e., the Main VM scenario is similar to
paritioned scenario, which select one VM as Main VM and owns the
physical resources.
I extracted all pcis from the board, substracted them with dispatched ones
and then make an assignment to replace the old enums.
This is implemented through two methods called updateSchema which is
to update schema on the current VM and updateLoadSchema which is
to maintain pcis, i.e. removed the pcis listed on the pre-launched VM,
while loading scenario.xml.
I tested locally and confirmed the functionalties above are implemented.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8657
This patch is to change the vUART resource occupied by S5 function
between Service VM and guest VM to avoid the standard UART port
conflict when legacy UART passthrough to guest VM.
Tracked-On: #8622
Signed-off-by: YuanXin-Intel <xin.yuan@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Jian Jun Chen <jian.jun.chen@intel.com>
This patch is to allow user to pin vUART timer to specific pCPU via ACRN
config tool. User can configure by setting "vUART timer pCPU ID" under
Hypervisor->Advanced Parameters.
Tracked-On: #8648
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
Introduce an interface to define Tx/Tx buffer size via ACRN config tool.
User can configure under Hypervisor->Advanced Parameters.
Tracked-On: #8644
Signed-off-by: Haiwei Li <haiwei.li@intel.com>
1. Enable Service VM to power off or restart the whole platform even when RTVM is running.
2. Allow Service VM stop the RTVM using acrnctl tool with option "stop -f".
3. Add 'Service VM supervisor role enabled' option in ACRN configurator
Tracked-On: #8618
Signed-off-by: YuanXin-Intel <xin.yuan@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Jian Jun Chen <jian.jun.chen@intel.com>
As ivshmem has switched from static allocation to E820 allocation,
the hv_ram_size no longer needs to include ivshmem size.
Tracked-On: #8522
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Although my former patch can pass through build procedure but when
I launch configurator and try to load board.xml, the loading
procedure wont finish. So we cannot step forward anymore.
I cannot find a solution right now, so I have to fix the version
to v3.2.33 for several weeks.
This patch is applied to fix vulnerability scanned by Trivy also.
Vulnerability ID is CVE-2024-4068 & fixed version of dependency is 3.0.3.
I added one configuration item named override for package.json.
I tested and confirmed the fix is ok.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8626
This patch will add checking cpu affinity while user click to add new vm.
When I was following client's findings up I found that if I click to add
a new post-launched vm for step 3.Configure settings for scenario and launch
scripts, it failed to show error messages. The current version will check cpu
affinity and serial port for post-launched and hv when creating a new vm, it
wont verify when adding new post-launched & pre-launched vms, it will fail to
save scenario configuration file without any explanation. I've rebuilt and run
configurator, confirmed the checking procedure works.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8601
Reviewed-by: Junjie Mao junjie.mao@intel.com
PCIe extended capability with ID 0x1F is Precise Time Measurement. So
fix typo "TPM" which may confuse users.
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Tracked-On: #5915
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
The vulnerability was scanned by Trivy on May 28,2024.
Vulnerability ID is GHSA-xphf-cx8h-7q9g and severity is medium,
with title iFrames Bypass Origin Checks for Tauri API Access Control.
I fixed the crash and checked by build-install-launch procedure, I confirm it was solved.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8613
I make this change during recent building configurator but got a failure.
The change is to fix the problem caused by vue3's strictly syntax chacking.
It is reported for newly releases only and before v3.2.25 it is a warning.
I follow the error message and suggestion to change the code.
Error message said "v-model cannot be used on a prop,
because local prop bindings are not writable".
Suggestion said "Use v-bind binding combined with v-on listener to emit update"
I ran the build & install procedure to verify the problem was solved.
Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8596
In hv, we implement the feature of thermal virtualization,
We want to use this GUEST_FLAG_VTM flag to enable and
disable this feature. So we mark this flag in config
tools.
Tracked-On: #8595
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Signed-off-by: Zhangwei6 <wei6.zhang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Python 3.12 adds escape sequence check in strings, if it is invalid,
a SyntaxWarning will be given. Fix it by using raw string notation
in regular expressions, and changing comments in unused string literal
to normal comments.
Tracked-On: #8588
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reported by dependabot and scanned by Trivy, there are two dependancies
for Rust crates and one for JavaScript 3rd-party library.
Select the correct versions to fix the issue and verify already.
Tracked-On: #8592
This patch adds ivshmem region ID configuration support when user
configure ACRN IVSHMEM devices via ACRN config tool, this ID provides
VMs with a stable identification of multiple shared memory regions.
Also add logic to generate launch script with region ID configured
as below:
`add_virtual_device 8 ivshmem hv:/shm_region_0,256,1`
Tracked-On: #8566
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Add a new option CONSOLE_VM in scenario to set the default vm to be
outputted in hv console, when it is not set, acrn console will be
used (current behavior). This is intended for debugging vm boot issues.
Tracked-On: #8518
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Current acpi table adopts the DWordAddressSpace to
present the PCI hole above 4G. It is not correct,
because DWordAddressSpace is used to present the
mem space below 4G.
Follow the ACPI spec, modify to QWordAddressSpace here.
Refer: 19.6.22. CreateQWordField (Create 64-Bit Buffer Field)
Tracked-On: #8552
Signed-off-by: Zhangwei6 <wei6.zhang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
When LAML or LASA of TPM2 event log is 0, the log area is invalid. It
should not be configured in mmiodevs of vm_configurations.c.
Tracked-On: #8540
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Currently, for pre-launched VM, ACPI table is generated only when "reboot=acpi"
is added to cmdline in the scenario file. This patch removes this check support
that ACPI table must be generated automatedly for the Pre-launched VM.
Tracked-On: #8546
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
When enable TPM2 tag in acrn scenario file, can't pass compile:
File "../hypervisor/../misc/config_tools/acpi_gen/bin_gen.py", line 128, in tpm2_acpi_gen
ctype_data.start_method_specific_parameters[i] = int(start_method_parameters[i], 16)
ValueError: invalid literal for int() with base 16: '\n '
Fix this issue in tpm2_acpi_gen.
Tracked-On: #8516
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Some motherboards exposes MCFG1/MCFG2 instead of one ACPI MCFG table,
thus no /sys/firmware/acpi/tables/MCFG exists but MCFG1 and MCFG2.
Read MCFG1 if MCFG doesn't exist.
The same issue report/fix is at https://github.com/intel/pcm/issues/74.
Tracked-On: #8514
Signed-off-by: Xin Zhang <xin.x.zhang@intel.com>
Add four per-vm bvt parameters as the initial bvt parameter values for
vCPU threads.
- bvt_weight
The time sharing of a thread on CPU.
- bvt_warp_value
Boost value of virtual time of a thread (time borrowed from future) to
reduce Effective Virtual Time to prioritize the thread.
- bvt_warp_limit
Max warp time in one warp.
- bvt_unwarp_period
Min unwarp time after a warp.
Tracked-On: #8500
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
Abstract out schedulers config data for vCPU threads and other hypervisor
threads to sched_params structure. And it's used to initialize per
thread scheduler private data. The sched_params for vCPU threads come
from vm_config generated by config tools while other hypervisor threads
need give them explicitly.
Tracked-On: #8500
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
When we do init_all_dev_config() in pci.c, the pdevs added to pci dev_config
will be exposed to Service VM or passthru to prelauched VM. The original code
would find service VM config in every pci pdev init loop, this is unnecessary
and definitely impact performance. Here we generate Service VM config pointer
with config tool so that init_one_dev_config() could refer service VM config
directly.
Tracked-On: #8491
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
Signed-off-by: Victor Sun <victor.sun@intel.com>
An error will be raised if no cache level 3 information in board xml
file. this patch skips getting cache level 3 information when no l3 cache info
in config_summary.py.
Tracked-On: #8438
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
currently, configurator will fail to generate config_summary.rst file if
user enable the "Cache Allocation Technology" because note function in rstcloth
is replaced by self.doc.note.
So this patch updates function and usage to fix this issue.
fixs: 9c2d0f8 ("config_tools: replace RstCloth library with class.")
Tracked-On: #8422
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Set GUEST_FLAG_VHWP guest flag for VMs who own pCPUs. Windows does not
manage CPU frequency in virtualized environment, so this flag is not set
for waag. Platforms without HWP capability should not have this flag
either.
Tracked-On: #8414
Signed-off-by: Wu Zhou <wu.zhou@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
add customized parameters in the launch script generation logic.
If user specify customized parameters in configurator, we will
append them to the dm parameters for launching VMs.
Tracked-On: #8408
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
`modprobe msr` will be invoked if no /dev/cpu/#/msr is found.
If the "msr" module is built-in that check will pass and
no `modprobe msr` should be invoked.
fixes: aeab5a2 ("config_tools: update loading msr driver logic")
Tracked-On: #8410
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
9c2d0f8858 ("config_tools: replace RstCloth library with class.")
removes all usage of rstcloth in code, but the rstcloth package is not
removed from acrn-configurator and it will still download dependencies
for rstcloth. This patch simply removes it.
Tracked-On: #8395
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Currently, Configurator load fail because it needs to download
RstCloth related packages. This patch defines Doc class to replace
RstCloth library to fix this issue.
Tracked-On: #8395
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
If no TURBO_RATIO_LIMIT and TURBO_ACTIVATION_RATIO MSRs info
on target, board inspector will crash because of the IOError exception.
This patch captures the IOError exception to handle this error.
Tracked-On: #8380
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
If we use 5.15 kernel on rpl-p platform, some iomem info dumped with
non-ascii characters, then tool will raise a decode error.
So this patch filters non-ascii characters to handle this error.
Tracked-On: #8388
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The new board xml have add a "module" node under the "processors/die"
which has cause an issue when we run the summary, this patch use "//"
to select all "cpu_id" under the "processors".
Tracked-On: #8385
Signed-off-by: Chenli Wei <chenli.wei@intel.com>
Starting from elementpath 4.0.0, the XPath2Parser class no longer has a
SYMBOLS member and completeness checking based on that are removed as
well. This patch updates the elementpath_overlay in the config tools to fix
the compilation issue when using recent elementpath versions.
Tracked-On: #8368
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
For STANDARD_VM 'own_pcpu' default value is 'n'. But RTVM always own pCPUs.
So check 'own_pcpu' of RTVM and make sure it's set to 'y'.
Tracked-On: #8253
Signed-off-by: Yuanyua Zhao <yuanyuan.zhao@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The division operator in XPATH is `div`, not `/`. Fix it in an error
message of the assertions.
Tracked-On: #6690
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Commit ce6500893 ("board_inspector: use executables found under system
paths") unintendedly changes how acpi.py invokes `rdmsr` and that impacts
the type of the execution results and causes incompatible method calls when
the results are parsed.
Convert the invocation back to shell-style.
Fixes: ce6500893 ("board_inspector: use executables found under system paths")
Tracked-On: #8315
Signed-off-by: Junjie Mao <junjie.mao@intel.com>