When a platform reboots or shuts down, the contents of RAM are not immediately
lost but begins to decay. During this period, there is a short timeframe during
which an attacker can turn the platform back on to boot into a program that
dumps the contents of memory (e.g., cold boot attacks). Encryption keys and
other secrets can be easily compromised through this method.
We already erasing the guest memory data when the guest is shut down normally.
However, if the guest is shut down abnormally, the contents of RAM may still
there. This patch mitigate this kind reset attack for a DM launched VM by
erasing the guest memory data by the guest has been created.
Tracked-On: #6061
Signed-off-by: Li Fei1 <fei1.li@intel.com>
vm_config size can be calced by platform_info.sw.max_vms *
platform_info.sw.vm_config_size.
Change vm_get_config() to call IOCTL ACRN_IOCTL_GET_PLATFORM_INFO
twice, first to get platform_info, second to get the vm_configs
content.
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
IC_ADD_HV_VDEV -> ACRN_IOCTL_CREATE_VDEV
IC_REMOVE_HV_VDEV -> ACRN_IOCTL_DESTROY_VDEV
struct acrn_emul_dev -> struct acrn_vdev
Also, move struct acrn_vdev to acrn_common.h as this structure is used
by both DM and HV.
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
IC_ASSIGN_MMIODEV -> ACRN_IOCTL_ASSIGN_MMIODEV
IC_DEASSIGN_MMIODEV -> ACRN_IOCTL_DEASSIGN_MMIODEV
struct acrn_mmiodev has slight change. Move struct acrn_mmiodev into
acrn_common.h because it is used by both DM and HV.
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
IC_ASSIGN_PCIDEV -> ACRN_IOCTL_ASSIGN_PCIDEV
IC_DEASSIGN_PCIDEV -> ACRN_IOCTL_DEASSIGN_PCIDEV
QUIRK_PTDEV -> ACRN_PTDEV_QUIRK_ASSIGN
struct acrn_assign_pcidev -> struct acrn_pcidev
Move struct acrn_pcidev into acrn_common.h because it is used by both
DM and HV.
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Negative return value of vm_create_ioreq_client is invalid. 0 is valid.
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
vmm.h has some unused definitions.
Keep the useful definitions and delete vmm.h
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
The hypervisor creates vCPUs for a User VM in VM creation interface. The
vm_create_vcpu() interface is not needed anymore.
Remove vm_create_vcpu() from acrn-dm.
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Interface version is not recommended in Linux kernel community. Please
check Documentation/driver-api/ioctl.rst for reasons.
Remove the unused API version check from acrn-dm.
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
return value 'err' of mmio_rb_lookup() being 0 ensures
'entry' is not NULL, hence checking it before 'free(entry)'
is unnecessary.
Tracked-On: #6157
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Two utility functions are copied and adapted from hyerpervisor:
ffs64
bitmap_clear_nolock
Two public functions are provided for future use (such as for RTCTv2)
pcpuid_from_vcpuid
lapicid_from_pcpuid
Tracked-On: #6020
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
This allows users to retrieve and use the requested platform_info information from hypervisor
Tracked-On: #6020
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Only free rb_entry when we remove this entry from the rb tree, otherwise, a
page fault would trigger when next rb itreation would access the freed rb_entry.
Tracked-On: #6056
Signed-off-by: Li Fei1 <fei1.li@intel.com>
A user can use "--pm_notify_channel uart,allow_trigger_s5" to indicate
the User VM is allowed to trigger system S5.
"--pm_notify_channel uart" means a vuart channel will be created in the
User VM to allow communication with the VM's life_mngr. The Service VM
can then initiate S5 in the guest via its dm's monitor interface. The
additional option, "allow_trigger_s5", will create a socket connection
with the Service VM's life_mngr, allowing this VM to initiate system S5.
v1 -> v2:
- rename pm_notify_channel type to PWR_EVENT_NOTIFY_UART_TRIG_PLAT_S5
Tracked-On: #6034
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Add one more sanity check: If the root port has more than
one child, we won't enable PTM on the guest.
This is not necessarily an error. We flag it as
error just because we don't have this type of hw
configuration at development time thus this configuration
is not tested.
Tracked-On: #5915
Signed-off-by: Rong Liu <rong.l.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Unify two functions definitions/declarifications:
Update the parameters from char array to char pointer.
to fix the build issue:
probeutils.c:61:29: error: argument 1 of type 'char *' declared
as a pointer [-Werror=array-parameter=]
Initialize local variable "c" to fix build issue:
core/mevent.c:122:21: error: 'c' may be used uninitialized
[-Werror=maybe-uninitialized]
Tracked-On: #5993
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
The TPM information in ACPI table is for both VPTM and passthough TPM,
so only one TPM device is allowed.
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
ACRN didn't support dynamic memory allocation. SO it would reserve
a big page pool and use the GPA as index to get a page to do EPT
mapping. In order to save memory, we put high MMIO windows to [4G, 5G].
AFter we support dynamic page allocation for EPT mapping, we move
high MMIO windows to where it used to ([256G, 512G]) for 39 bits physical
address), we could move high memory to where is used to too ([4G, 4G +
size]).
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Windows graphic driver obtains DSM address from in-BAR mmio register
which has passthroughed. Not like the other platforms obtained from
pci configure space register which has virtualized. GPU GuC must use
WOPCM in DSM, besides, Windows OS wants to manage DSM also. These two
reason force acrn has to keep identical mapping to avoid trap mmio
BAR to do the emulation.
Tracked-On: #5880
Signed-off-by: Peng Sun <peng.p.sun@intel.com>
Update the 'acrn-dm' usage information. It is displayed when using
'-h' or when an argument parsing error occured but was not up-to-date
with the actual implementation.
Tracked-On: #5781
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
- Exit main() if pm_by_vuart_init() fails
- Use SIGHUP to gracefully power off a VM if pm_monitor_loop()
encounters a failure
- Identify a closed socket as a failure in pm_monitor_loop()
Tracked-On: #5736
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
resize vm_config buffer from 16KB to 32KB, as 16KB
is not enough on EHL platform, which will result in
crash when accessing this memory.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
GPA base of SW SRAM can't be hardcoded as physical address
of SW SRAM(HPA), as this HPA may vary on different platform.
This patch reserves a dedicated memory slot[GPA: 2G - 8M, 2G)
as SW SRAM region.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch prepares vRTCT for post-RTVM instead of
pass-thru native RTCT:
- Configurations are based on Service VM native RTCT.
- Remap vLAPIC IDs in vRTCT.
- Remap base address of SW SRAM memory regions
from HPA to GPA.
- HPA base of Software SRAM shall be parsed from PTCT
instead of hardcoding.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch add function 'vm_get_config()' to get
configuration information for current VM from hypervisor.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
paddr_guest2host may return NULL, this patch checks the return value
to avoid null pointer dereference.
Tracked-On: #5514
Signed-off-by: Liu Long <long.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Update and light clean-up of the buit-in list of arguments from 'acrn-dm'
* Added options in the top part (list with no explanation)
* Remove a couple of arguments that are no longer valid ('vmcfg' and 'dump')
Tracked-On: #5445
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
In addition to a single OVMF image (OVMF.fd), split images
(OVMF_CODE.fd, OVMF_VARS.fd) can be used to facilitate VM management.
From the OVMF Whitepaper:
The variable store and the firmware executable are also available in
the build output as separate files entitled: "OVMF_VARS.fd" and
"OVMF_CODE.fd". This enables central management and updates of the
firmware executable, while each virtual machine can retain its own
variable store.
An example to launch acrn-dm with the split images:
--ovmf code=/usr/share/acrn/bios/OVMF_CODE.fd, \
vars=/usr/share/acrn/bios/OVMF_VARS.fd
v1 -> v2:
- use memory-mapped file I/O for writeback
- use fcntl to lock OVMF image files
Tracked-On: #5487
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Windows graphic driver obtains DSM address from in-BAR mmio register
which has passthroughed. Not like the other platforms obtained from
pci configure space register which has virtualized. So TGL has to
keep identical mapping to avoid trap mmio BAR to do the emulation.
To keep simple, this patch hardcode the TGL DSM region in vE820
table, this will cause memory waste here. In the near future, we
need refine the entire vE820 logic as it is hard to maintained
due to many reserved regions have introduced in recently.
Signed-off-by: Sun Peng <peng.p.sun@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Tracked-On: #5461
dm: pSRAM: added a command line parameter "--psram" to enable pSRAM
support for post-launched RTVM
Added "--psram" in DM command line to enable pSRAM support for
post-launched RTVM
Tracked-On: #5330
Signed-off-by: Qian Wang <qian1.wang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
dm: modify vE820 to adapt to pSRAM for post-launched RTVM
When pSRAM is enabled for post-launched RTVM, we add a segment in vE820 for
pSRAM, and therefore the lowmem RAM will be split into part1 and part2.
Also, code of post vE820 initialization is refined
Tracked-On: #5330
Signed-off-by: Qian Wang <qian1.wang@intel.com>
dm: vptct: add vPTCT for post-launched RTVM
We added vPTCT support for post-launched RTVM:
1. Added a function create_and_inject_vptct. Currently, we
pass-through the whole pSRAM to one RTVM, so we will also pass-
through the PTCT to the very same RTVM. This function will
read the native PTCT from SOS and inject it into post-
launched VM's vACPI.
2. Added some definitions for vPTCT.
Tracked-On: #5330
Signed-off-by: Qian Wang <qian1.wang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
We don't reserve PCI MMIO in e820 Table, it's included in DSDT ACPI Table.
About 0xA0000 - 0x100000 entry, we don't have any ACPI Table touch this region.
So we could remove it too.
After this change, we could only pass the reserved e820 table which we must
reserve to OVMF. In this case, the OVMF could trust ACRN-DM and pass the
reserved e820 table to guest instead of dropping it.
This patch needs the corresponding modify in OVMF. Otherwise, the guest could
not boot.
Tracked-On: #4550
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
pm_vuart stops listening and relays the message right away if it
encounters EAGAIN during read(). This causes the messages relayed to be
fragmented.
Only relay the message when it encounters a null character or a newline
character, or when the buffer is full.
Tracked-On: #5429
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Fix typo error "--apicdev_pt HID" to pass through a TPM device. Fix it to
"--acpidev_pt HID"
Tracked-On: #5401
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Add Null pointer check in init vq ring and add vq ring descriptor
check in case cause Nullpointer exception.
Tracked-On: #5355
Signed-off-by: Liu Long <long.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Unifies the logs to pr_* interfaces instead of printf for better log management.
Tracked-On: #5267
Signed-off-by: Sun Peng <peng.p.sun@intel.com>
Reviewed-by: Chi Mingqiang <mingqiang.chi@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Li Fei1