Add a reference to the intel.com white paper on MCE avoidance to the
Disable MCE Workaround configuration option
Tracked-On: #7978
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Fixed the problem that acrn can still build normally
when the memory addresses of HV and VM conflict, which
causes the hypervisor to hang.
At the same time, defined a class to process memory to
obtain and check the available memory range.
Memory range obtain and check related functions are
defined as class methods.
Tracked-On: #7913
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Ziheng Li <ziheng.li@intel.com>
Update Getting Started Guide to clarify and improve descriptions of
steps, including adding example commands instead of just describing
them, adding more information about system requirements, making certain
steps explicit, squash the long list of packages to install into fewer
lines, and more.
Move cloning ACRN hypervisor and kernel earlier in the instructions
(anticipating use of a requirements.txt coming from the repo).
[External_System_ID] ACRN-9285
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The current ACRN-Configurator just check the conflict of user setting.
have not check the conflict with native PCI device's bdf.
This patch add an assert to check the above conflict.
Tracked-On: #6690
Signed-off-by: Chenli Wei <chenli.wei@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
ACRN hypervisor shell has been improved to be bash-like shell, so update
its usage
Tracked-On: #7931
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
While we're waiting for a more complete list of specific package version
requirements, let's fix the xmlschema and elementpath version mismatch
now.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
As the type of pthread_t is unsigned long, so the init value for it
should not be '-1'. When the tid is '-1', it will continue to call
pthread_kill/pthread_join. This is incorrect.
Tracked-On: #7960
Signed-off-by: Conghui <conghui.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Add the proxy config file for the HMI VM images, in case install
the packages failed.
Tracked-On: #7820
Signed-off-by: Liu Long <long.liu@linux.intel.com>
Updated the description of Security VM Features per review comments, and
made the option visible (again) in the configurator as an advanced
hypervisor option.
Created a new glossary entry for "Security VM", referenced by this new
description and tooltip.
Tweak wording of virtio console and input device descriptions.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Tracked-On: #7968
Remind readers that internet access from a corporate network typically
requires configuring proxy information.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
In the "Enable ACRN Secure Boot With EFI-Stub" guide, to build EFI-Stub
smoothly, the installation of "gnu-efi" package is added to GSG.
Tracked-On: #7935
Signed-off-by: Ziheng Li <ziheng.li@intel.com>
v1-->v2:
1. instruction displayed regardless of if L3 or L2 cache were available, now it displayed instructions accordingly no matter how many caches
2. let instructions displayed only once above the topmost CAT configuration table
Tracked-On: #7921
Signed-off-by: Chuang-Ke <chuangx.ke@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
add escape charater to fix vBDF pattern match any character issue
for vUART and ivshmem.
Tracked-On: #7925
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Creating VM images is always a pain to users, and it is especially the case
for those who want to set up the ACRN sample application which needs two
different VM images, one with graphical desktop and the other optimized for
real-time.
This patch introduces the so-called "image builder" utility which is a set
of scripts that can automate the creation of those VM images. The scripts
will take care of:
- Forking image files based on Ubuntu cloud images and enlarge the root
file system per needs.
- Setting up users and passwords.
- Installing necessary packages to run either the graphical desktop or
real-time applications.
- Specific to the RT VM image, disabling services and tweaking kernel
command line for optimized real-time performance.
- Copying the sample applications into the images so that users can
start them directly, after they launch the VMs.
Tracked-On: #7820
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Clarify description of CVE fix (only impacts ACRN implementation on
Alder Lake platforms), and improve description of the ACRN shell's new
vmexit command.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Correct the unit of sample-application result, which should be us(microseconds).
Tracked-On #7820
Signed-off-by: Zhang Wei <wei6.zhang@linux.intel.com>
On some platforms the L3 CAT capabilities are not reported via CPUID even
though they are present. The public real-time tuning guide suggests to try
accessing the MSRs directly to detect if L3 CAT is available or not.
This patch implements such guessing logic in the board inspector in order
to enable CAT for users with those kinds of platforms.
Tracked-On: #7948
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The MSR reading and writing routines today has the following issues:
1. The missing of /dev/cpu/*/msr is not properly captured as it is
reported via FileNotFoundError rather than IOError.
2. The wrmsr logic is not updated to use the tmpdevfs msr file.
This patch fixes the issues above which is a prerequisite of adding
additional MSR parsing classes.
Tracked-On: #7948
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
In v3.0 the msrfield class has its initializer changed in a way that is
incompatible with the parameter names or the getter/setter. When introduced
from the BITS project, that class allows specifying an MSR field of
arbitrary length by being given the index of the most and least significant
bits.
This patch restores the original behavior of that msrfield class and moves
the use-case specific methods, namely is_vmx_cap_supported and
is_ctrl_setting_allowed, to a helper class.
Parsing of the VMX capability reporting MSRs in msr.py are updated
accordingly, and brief documentation of the MSR fields are added as well.
Tracked-On: #7948
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
As the last step to simplify the steps to enable software SRAM passthrough
to a pre-launched RT VM, this patch generates a virtual RTCT which only
contains a compatibility entry (to indicate that the format of the RTCT is
v2) and a couple of SSRAM or SSRAM waymask entries to report the software
SRAM blocks that pre-launched VM has access. That follows the practice how
ACRN device model generates virtual RTCT for post-launched VMs today.
In case RTCT v1 is used physically, this patch still generates a v2 RTCT
for the pre-launched VM but does not add an SSRAM waymask entry there
due to lack of information.
Tracked-On: #7947
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
While functionally correct, the ACPI table (mostly DSDT) generation logic
in asl_gen.py contains multiple occurrences that share the same code
structure as follows:
cls = <class of the table>
length = ctypes.sizeof(cls)
data = bytearray(length)
res = cls.from_buffer(data)
<setting multiple fields in res>
To minimize code duplication, this patch refactors the logic by abstracting
the creation of an ACPI table into a method which returns a newly created
object of the given class after setting the specified fields.
Tracked-On: #7947
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Today users still need to manually copy the RTCT binary file when they want
to passthrough software SRAM to a pre-launched RTVM, which is far from
being user friendly.
To get rid of that step, this patch extracts all information from the RTCT
table and format them in the board XML which is the only file users need to
copy from their target platform to build the hypervisor. The patch that
immediately follows will then use such information to generate vRTCT for
the pre-launched VM.
A side effect of this change is that more ranges, which represents those
reported by RTCT such as the CRL binary or the error log area, will be
added to the `memory` section of the board XML. The `id` attributes of
those range will be used to identify what that range is for. As a result,
getting RAM of the physical platform from the board XML requires additional
conditions on the `id` attributes to avoid counting non-RAM regions
unintendedly.
Tracked-On: #7947
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch refactors and fixes the following in the ACPI RTCT parser of the
board inspector.
1. Refactor to expose the RTCTSubtableSoftwareSRAM_v2 class directly as
it is a fixed-size entry. There is no need to create a dynamic class
which is mostly for variable-length entries.
2. Rename the "format" field in RTCT entry header to "format_or_version",
as that field actually means "version" in RTCT v2.
3. Properly parse the RTCT compatibility entry which is currently parsed
as an unknown entry with raw data.
Tracked-On: #7947
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
BVT schedule rule:
When a new thread is wakeup and added to runqueue, it will get the
smallest avt (svt) from runqueue to initiate its avt. If the svt is
smaller than it's avt, it will keep the original avt. With the svt, it
can prevent a thread from claiming an excessive share of CPU after
sleepting for a long time.
For the reboot issue, when the VM is reboot, it means a new vcpu thread
is wakeup, but at this time, the Service VM's vcpu thread is blocked,
and removed from the runqueue, and the runqueue is empty, so the svt is
0. The new vcpu thread will get avt=0. avt=0 means very high priority,
and can run for a very long time until it catch up with other thread's
avt in runqueue.
At this time, when Service VM's vcpu thread wakeup, it will check the
svt, but the svt is very small, so will not update it's avt according to
the rule, thus has a very low priority and cannot be scheduled.
To fix it, update svt in pick_next handler to make sure svt is align
with the avt of the first obj in runqueue.
Tracked-On: #7944
Signed-off-by: Conghui <conghui.chen@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Add the Makefile in the SampleApplication root directory. User
don't need to separate build the userapp and rtapp, just need make
once at the SampleApplication root directory.
Tracked-On #7820
Signed-off-by: Liu Long <long.liu@linux.intel.com>
The current ACRN-Configurator allow user add duplicate PCI devices to
passthrough which it is not correct.
This patch add an assert to check the duplicate of PCI devices.
Tracked-On: #6690
Signed-off-by: Chenli Wei <chenli.wei@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
There was some secure coding style violations of virtio net and tmp,
this patch add some NULL check to fix these violations.
Tracked-On: #6690
Signed-off-by: Chenli Wei <chenli.wei@linux.intel.com>
disable NOTIFY during getting requests from virtqueue. This will improve
the IO performance.
Tracked-On: #7940
Signed-off-by: Conghui <conghui.chen@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Add ioeventfd and iothread to virtio framework. When a virtio device
claim to support iothread, virtio framework will register a ioeventfd
and add it to iothread's epoll. After that, the new notify will come
through the iothread instead of the vcpu thread. The notify handler will
be called to process the request.
Tracked-On: #7940
Signed-off-by: Conghui <conghui.chen@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Supply a decidate thread, which can moniter a set of fds with epoll,
when the data is ready, call the corresponding callback.
This iothread will be created automatically with the first successful
call to iothread_add, and will be destroyed in iothread_deinit if it
was created.
Note, currenlty only support one iothread.
Tracked-On: #7940
Signed-off-by: Conghui <conghui.chen@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
In the cache widget, there are instructions: "Drag the ends of the boxes to cover the cache chunks you want to allocate to specific VMs. If you have a real-time VM,ensure its cache chunks do not overlap with any other VM's cache chunks."
Tracked-On: #7921
Signed-off-by: Chuang-Ke <chuangx.ke@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Currently, on the whl-ipc-i5 platform, we found a warning message when
building ACRN with the shared scenario XML file from github.
However, this doesn't affect any feature of ACRN according to the QA's
test result.
So this patch removes this check in order not to confuse users at the first.
If necessary, we will add back the check after getting more detail.
v1-->v2
degrade the log level to debug.
Tracked-On: #7926
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The current launch script allocate bdf for ivshmem by itself and have
not get bdf from scenario.
This patch refine the above logic and generate slot by user settings.
Tracked-On: #6690
Signed-off-by: Chenli Wei <chenli.wei@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
This function is registered as PCI MMIO configuration
access handler, which processes PCI configuration access
request from ACRN guest hence the inputs shall be validated
to avoid potential hypervisor crash when handling inputs
from malicious guests.
Tracked-On: #7902
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. make memcpy_erms as a public API; add a new one
memcpy_erms_backwards, which supports to copy data from tail to head.
2. improve to use right/left/home/end key to move cursor, and support
delete/backspace key to modify current input command.
Tracked-On: #7931
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. buffer history commands.
2. support up/down key to select history buffered commands
Tracked-On: #7931
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Update security advisory for release_3.0.1
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
let minus icons in front of plus icons in those views below: Virtio input device, Virtio network device, Virtio console device, CPU affinity.
Tracked-On: projectacrn#7917
Signed-off-by: Chuang-Ke <chuangx.ke@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
fix warning message when users attempt to create a new scenario, or import an existing scenario, for an existing configuration
Tracked-On: #7898
Signed-off-by: Chuang-Ke chuangx.ke@intel.com
Reviewed-by: Junjie Mao junjie.mao@intel.com
fix CAT data can not be load back issue
Tracked-On: #6691
Signed-off-by: Weiyi Feng <fwy1998@gmail.com>
Signed-off-by: Weiyi Feng <weiyix.feng@intel.com>
Use the VHOST_NET_F_VIRTIO_NET_HDR in linux system header file,
and set the correct feature bit for Virtio net header.
Tracked-On: #7790
Signed-off-by: Liu Long <long.liu@linux.intel.com>
Free the virtio_vsock struct resource in virtio vsock deinit function
in case memory leak.
Tracked-On: #7759
Signed-off-by: Liu Long <long.liu@linux.intel.com>
Replace the exclamation mark with period mark in debug info and fix
the Guest CID max value macro.
Tracked-On: #7456
Signed-off-by: Liu Long <long.liu@linux.intel.com>
We aluready updated the GSG to discuss how to find and address errors
when using the configurator (specifically doing a save scenario to check
for errors or to verify all errors were resolved). Add a description of
this error interaction model to the configurator tool documentation.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
David B. Kinder