The current permission-checking and dispatching mechanism of hypercalls is
not unified because:
1. Some hypercalls require the exact vCPU initiating the call, while the
others only need to know the VM.
2. Different hypercalls have different permission requirements: the
trusty-related ones are enabled by a guest flag, while the others
require the initiating VM to be the Service OS.
Without a unified logic it could be hard to scale when more kinds of
hypercalls are added later.
The objectives of this patch are as follows.
1. All hypercalls have the same prototype and are dispatched by a unified
logic.
2. Permissions are checked by a unified logic without consulting the
hypercall ID.
To achieve the first objective, this patch modifies the type of the first
parameter of hcall_* functions (which are the callbacks implementing the
hypercalls) from `struct acrn_vm *` to `struct acrn_vcpu *`. The
doxygen-style documentations are updated accordingly.
To achieve the second objective, this patch adds to `struct hc_dispatch` a
`permission_flags` field which specifies the guest flags that must ALL be
set for a VM to be able to invoke the hypercall. The default value (which
is 0UL) indicates that this hypercall is for SOS only. Currently only the
`permission_flag` of trusty-related hypercalls have the non-zero value
GUEST_FLAG_SECURE_WORLD_ENABLED.
With `permission_flag`, the permission checking logic of hypercalls is
unified as follows.
1. General checks
i. If the VM is neither SOS nor having any guest flag that allows
certain hypercalls, it gets #UD upon executing the `vmcall`
instruction.
ii. If the VM is allowed to execute the `vmcall` instruction, but
attempts to execute it in ring 1, 2 or 3, the VM gets #GP(0).
2. Hypercall-specific checks
i. If the hypercall is for SOS (i.e. `permission_flag` is 0), the
initiating VM must be SOS and the specified target VM cannot be a
pre-launched VM. Otherwise the hypercall returns -EINVAL without
further actions.
ii. If the hypercall requires certain guest flags, the initiating VM
must have all the required flags. Otherwise the hypercall returns
-EINVAL without further actions.
iii. A hypercall with an unknown hypercall ID makes the hypercall
returns -EINVAL without further actions.
The logic above is different from the current implementation in the
following aspects.
1. A pre-launched VM now gets #UD (rather than #GP(0)) when it attempts
to execute `vmcall` in ring 1, 2 or 3.
2. A pre-launched VM now gets #UD (rather than the return value -EPERM)
when it attempts to execute a trusty hypercall in ring 0.
3. The SOS now gets the return value -EINVAL (rather than -EPERM) when it
attempts to invoke a trusty hypercall.
4. A post-launched VM with trusty support now gets the return value
-EINVAL (rather than #UD) when it attempts to invoke a non-trusty
hypercall or an invalid hypercall.
v1 -> v2:
- Update documentation that describe hypercall behavior.
- Fix Doxygen warnings
Tracked-On: #5924
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. Add whitespace in the string "ubuntu18.04";
2. Update the Kernel version;
3. Update ACRN qemu HV tag format and add a note.
Tracked-On: #5928
Signed-off-by: Kunhui Li <kunhuix.li@intel.com>
Instead of "#include <x86/foo.h>", use "#include <asm/foo.h>".
In other words, we are adopting the same practice in Linux kernel.
Tracked-On: #5920
Signed-off-by: Liang Yi <yi.liang@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
clang-format is now used as part of the config tools creating c files
based on the XML configuration
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add a note to the "Device Model Parameters" document to emphasize
the need to use the '--windows' parameter to use Windows-as-a-Guest
(WaaG), else Windows will not recognize the virtual disk it has
been assigned.
Tracked-On: #5962
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Update known-issues pattern for PDF processing to also work with updated
xelatex tools from Ubuntu 20.04
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
PRs #5945 and #5949 introduced fixes to the doc building process to
support PDF generation of the documentation set. This PR refines the
doc build process, cleaning up the Makefile, adding display of tool
version information, and updates the doc building documentation to
include additional dependencies needed for building the PDF and
instructions for how to build the PDF. The latexpdf make target is
provided to just run the latex and PDF producing process that depends on
the HTML artifacts from a make html run. A new make pdf target is
provided that combines the two steps into one.
A new know-issues pattern file is added that verifies the expected
output from the latexpdf process is returned, as it can't be completely
eliminated without losing potential error messages that need to be
resolved.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Update missing captions on figures to remove remaining broken references
during latexpdf building. Also, require doing a "make html" before
doing a "make latexpdf" to build all the artifacts needed for running
the latexpdf build. (We might change that later if needed.)
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch tweaks the settings in doc/conf.py to allow formatting the
documentation to a PDF file by Sphinx. The changes include:
- Use `xelatex` rather than the default `pdflatex` as the LaTeX engine, as
`pdflatex` is not that good at formatting non-ascii characters out of
the box.
- Use DejaVu fonts (which are available in common Linux distributions) in
the generated PDF.
- Restrict the depths of the table of contents to 3.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Make the description of the "Logial Partitioning" scenario more
generic than what is shown on the figure. This also helps as the
current examples of that scenario in the code base do not use
Safety or RTVM at the moment (as shown on the picture).
Tracked-On: #5903
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
remove UOS_RAM_SIZE and SOS_RAM_SIZE in scenario config since these
two config elements are useless.
Tracked-On: #5927
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
We've validated doc build tool versions, so let's make sure those are
the versions the instructions say to install. The version of doxygen
you get when you use ``sudo apt install doxygen`` may get a newer
version that may still work so let's tell them that.
Also, we no longer use kconfig files in the document build process, so
remove mentioning that in the build documentation.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The ACRN configuration option details are no longer maintained in a
checked-in document. Instead they are generated during the
``make html`` from information in the schema .xsd files.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
- use one command to generate x509 cert file,
remove the intermediate file.
- remove the "Keycontainer" field in INF file,
which is not mandatory.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Remove the Power Management ('pm') parameters from the sample launch scripts,
and update the comments, At most one VM is allowed to use "--pm_notify_channel uart"
at a time, since only one socket connection to SOS life_mngr is allowed.
Remove it by default and allow user to add on demand
rt_industry_ubuntu.rst
enable_s5.rst
Signed-off-by: li shuang <shuangx.li@intel.com>
Update draft release notes with more information about documentation.
Remove code-block extra indenting.
Add label to roscube gsg so we can link to it (in the releaes notes).
Fix style for :option: references to make them look more links links.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Instruct the user to create a copy of the scenario XML file if modifications
are needed. That modified copy should subsequently be used for building ACRN.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Update the ACPI Component Architecture package (acpica-unix) to
the latest version available as of today: 20210105
Tracked-On: #5553
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
v2:
* Add the complete instructions to upgrade Python
* Add libxml2-utils as another additional tool required for building v2.4
* Random typo fixes
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Benjamin Fitch <benjamin.fitch@intel.com>
Some functions that were in arch/x86/irq.h were moved
into common/irq.h and arch/x86/guest/virq.h.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The 'uart=' parameter for the hypervisor takes multiple forms. One
is to specify the BDF (Bus, Device, Function) value of the serial
port PCI device. The description in the documentation used the
previous format (e.g. '0:18.1') but a 16-bit WORD in HEX needs
to be passed nowadays. E.g.: '0:18.1' is specified by 'uart=0xc1'
Tracked-On: #5842
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Signed-off-by: Benjamin Fitch <benjamin.fitch@intel.com>
The ACRN buid system uses 'xmllint' which is provided by the 'libxml2-utils'
package on Ubuntu. This patch adds it to the list of build and development
packages to be installed on the build system to succesfully build ACRN.
Tracked-On: #5861
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
This patch adds explanations and examples of the makefile targets for hypervisor
configuration, including `hvdefconfig`, `hvshowconfig`, `hvdiffconfig` and
`hvapplydiffconfig`.
Tracked-On: #5644
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
This patch modifies the instructions that lead users to modify predefined
scenario XMLs under ``misc/config_tools/data`` which is not a preferred
way. It is recommended to make and edit a local copy, instead.
Also fixes a few references to ``misc/vm_configs`` which has been moved.
v2:
* fix typos in paths
* explain on the candidate values of ``port_base`` and ``irq`` fields
Tracked-On: #5644
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch reorganizes the sections in acrn_configuration_tool.rst for more
natural logic flow and removes step 3 (Auto-Code Generation) of the
configuration workflow which is no longer needed from user point of view.
v2:
- Refactor the sections to introduce the configuration concepts, workflow and
details in order.
- Align names of the components for ACRN configuration.
- Always use "scenario/launch configuration" rather than "scenario/launch
setting".
Tracked-On: #5644
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Co-authored-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Users no longer need to explicitly generate configuration source code as
they are now generated at build time. This patch updates the relevant
instructions in the documentation.
v3:
* RELEASE now defaults to n.
* Cleanup the unnecessary target `all` in the `make` commands
* Remove menuconfig related stuff.
* Refine the introductory paragraph as only steps on Ubuntu is introduced
* Also introduce the targets introduced by PR #5791
v2:
* Add python3 lxml as a dependency
* Explain how to use out-of-tree XML files
Tracked-On: #5644
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Co-authored-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Starting from v2.4, ACRN configuration uses solely XML files to store
configuration data and customized scripts to manipulate
configurations. This patch updates the HLD of compile-time configuration to
reflect this properly.
As the refinement to the configuration toolset itself is still ongoing,
this patch only adds brief introduction to the key generated files involved
in ACRN configuration. More details will be added after the refinement
completes.
Tracked-On: #5644
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Benjamin Fitch <benjamin.fitch@intel.com>
Fix incorrect information about the presence (or not) of a serial
port on Kaby Lake NUC platforms.
Tracked-On: #5812
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add the 'mmio@' parameter to the document describing all the possible
values for 'uart='. This is the command-line argument passed to the
hypervisor in order to overwrite and/or set the serial port.
Tracked-On: #5820
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Update the list of arguments and parameters that the ACRN
Device Model ('acrn-dm') can take.
Tracked-On: #5781
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
The "Enable GVT-d in ACRN" tutorial includes a number of rightwards
arrows. The source text used the "→" symbol for this but this
is not valid in ReST files. We add a substitution for this and use it
in the tutorial instead.
Tracked-On: #5769
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
After grand update of all titles to use title-case, we found some more
that needed a manual tweak.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
After grand update of all titles to use title-case, we found a few that
needed a manual tweak.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Junjie Mao