-If "virtual-interrupt delivery" VM-execution control is 0,
Processor will causes an APIC-write VM exit if page offset
is 0xB0 (EOI), SDM Vol3, Chapter 29.4.3
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Update the build dependency for Fedora. 'gnu-efi' was listed as
a dependency but it's actually 'gnu-efi-devel' that we need else
the header file ('efi.h') is not installed.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
IPU devices are using I2C device with physical BDF 0:16.0.
The I2C controller has the dependency on ACPI info.
This patch is to add ACPI info for the I2C controller and the two IPU
devices that are under the scope of I2C.
Note:
This patch is specific for GP platform.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
this patch save native lapic configuration and restore it to vm0's vlapic
before its running, then doing hpet timer interrupt injection through vlapic
interface -- this will not mess up vlapic and we can see hpet
timer interrupt coming continuously.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
we added uefi stub for hv, and want vm0 continue running under uefi env to
boot other uefi payload (osloader or bzImage).
during this, the uefi timer irq need be handled elegantly.
there are 3 types for uefi timer:
1. 8254 based on IRQ0 of PIC
2. HPET based on IOAPIC
3. HPET based on MSI
currently, we only support type 3 (HPET+MSI). But we are following a
in-correct flow to handle this timer interrupt:
- we set VMX_ENTRY_INT_INFO_FIELD directly if a timer interrupt happened
before vcpu launching, this will make its vlapic mess up, which finally
cause hpet timer stop.
this patch remove this in-correct approach, the new approach patch will
be followed by next patch.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Linux kernel CF9 reboot is doing things like:
- read value from 0xcf9
- mask out the value according to the reboot type (warm vs cold)
- BIT OR the value with reboot code
- write the value to 0xcf9
If there are two reboot event and the first one is cold
reboot and the second one is warm reboot, vsbl query
reboot type after the second one and will get code reboot
instead of warm reboot.
We should clear the data of 0xcf9 if guest request cold reboot.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
There are bootloaders require cold reboot as ACPI reboot
instead of warm reboot.
So we set 0xE to reset value of FADT to make ACPI reboot
cold reboot.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
If you build for a platform (e.g. uefi) and right after that for
another platform ('sbl'), the new build will fail and a version.h
file is left in the tree (bsp/uefi/include/bsp/version.h or
bsp/sbl/include/bsp/version.h depending on the order you built one
after the other). This commit makes git ignore any of those in case
it is there. Note that 'make clean' with the corresponding
PLATFORM variable will clean this file.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Add a new document describing how doc building and publishing
works and how to setup a doc working directory and build tools to make
it so.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add the 'gnu-efi' dependency required to build the ACRN hypervisor
with "PLATFORM=uefi" on Fedora. 'gnu-efi-devel' is required on CentOS.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
According to the explaination for pref_address
in Documentation/x86/boot.txt, a relocating bootloader
should attempt to load kernel at pref_address if possible.
But due to a non-relocatable kernel will unconditionally
move itself and to run at perf address, no need to copy
kernel to perf_address by bootloader.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
info->phys_pin need be used by ptdev_build_native_rte when updating entry
TODO: currently ptdev entry is virtual based, the better solution should
be physical based.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
It is possible that the vm-entry fails in vmresume instr under some scenarios.
It will pass to next instruction following vmresume. In such case it will call
the vmlaunch again.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
1. refine multiboot related code, move to /boot.
2. firmware files and ramdisk can be stitched in iasImage;
and they will be loaded as multiboot modules.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Add 'CPU_PAGE_MASK' used for calculate address,
Change IA32E_REF_MASK from 0x7ffffffffffff000 to 0x000ffffffffff000
for MMU/EPT entry, bit62:52(ignore) bit63(VE/XD)
if we want to obtain the address from the MMU/EPT entry,need to clear
bit63:52 by IA32E_REF_MASK
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Make the Getting Started Guide instructions more specific and
comprehensive for Clear Linux version 21260 (version of reference)
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Handle version retrieval better when comments are present.
Add warning if Sphinx theme (read_the_docs) is missing.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch is prepared for enabling secure world feature.
this api will create new eptp for secure world, whose PDPT
entries are copied form normal world,the PML4/PDPT for secure
world are separated from Normal World, PD/PT are shared in the
Secure World's EPT and Normal World's EPT.Secure world can
access Normal World's memory, but Normal World can not access
Secure World's memory
This function implemented:
-- Unmap specific memory from guest ept mapping
-- Copy PDPT from Normal world to Secure world
-- Map specific memory for Secure world
-- Unmap specific memory from SOS ept mapping
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Add instructions on how to build the hypervisor and device model
on other operating systems such as Ubuntu/Debian, Fedora/doc/Redhat
and CentOS.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
RELRO rearranges the data sections inside an ELF
executable. It also marks certain areas as 'read-only'
so that these data structures cannot be overwritten while
the process is running.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Enable stack-proctector-strong option for gcc emiting
extra code to check buffer overflow.
Enable noexecstack option for marking the object as not
requiring executable stack.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Replace ASSERT in lib functions with error message print and return a
value indicating error to allow the caller of lib functions to handle
the error.
Change-Id: If166484238dc0734041adfdbb19a5b374c044e33
Signed-off-by: Yan, Like <like.yan@intel.com>
On the APL NUC board (CPU family: 0x6 model: 92), the monitor is buggy.
We can't use it to wake up CPU core from mwait by memory monitor.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add key info structure
add sworld_eptp in vm structure, and rename ept->nworld_eptp
add secure world control structure
Change-Id:
Tracked-On:220921
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Per Project ACRN governance, documentation is under a Creative Commons
Attribution 4.0 International License (CC BY 4.0). This patch updates
this information, and adds a tagline to documentation mentioning this
license.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
"-O2 -D_FORTIFY_SOURCE=2":
GCC C-Compiler can analyze the source code to be compiled and detect
certain insecure sections, that might create a security problem. The
compiler will replace the insecure function calls with special hardened
code that will perform extra runtime checks while the process is
executed.
"-Wformat -Wformat-security":
It warns about calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as in
"printf (foo);". This may be a security hole if the format string came
from untrusted input and contains %n.
Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
make the doc build process quiet and add filtering of known (Sphinx)
issues. Scripting comes from the open source Zephyr project.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Yonghua Huang