There will be a buffer overflow fisk in delete runc functions.
If the shell command function return length longer or equal to
the length of the buffer, at that time execute strstr function it
will cause buffer overflow issue. Set buffer's last byte to Zero
will avoid the risk.
Tracked-On: #3001
Signed-off-by: Long Liu <long.liu@intel.com>
Acked-by: Like Yan <like.yan@intel.com>
When acrn-dm is started by acrnd as a background process, STDIN is
redirected to journal. In this case mevent_add cannot be called on
the fd of STDIN.
Tracked-On: #2998
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
will access null pointer if 'gvt' is null.
Tracked-On: #1479
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: He, Min <min.he@intel.com>
Possible buffer overflow will happen in vlapic_set_tmr()
and vlapic_update_ppr(),this path is to fix them.
Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1) Shouldn't try to set APIC-register virtualization if the physical doesn't
support APICV advanced mode.
2) Remove all APICv features VMCS setting when LAPIC is passed through to guest.
Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Not every instruction supports the operand-size bit (w). This patch try to correct
what done in commit-id 9df8790 by setting a flag VIE_OP_F_BYTE_OP to indicate which
instruction supports the operand-size bit (w).
This bug is found by removing VMX_PROCBASED_CTLS2_VAPIC_REGS VMCS setting when the
physical doesn't support this APICv feature. However, if emulated this in MRB board,
the android can't boot because when switch to trusty world, it will check
"Delivery Status" in ICR first. It turns out that this Bit Test instruction is not
emulated correctly.
Tracked-On: #1337
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
This patch removes dead loop in stop_cpus because timeout never occurs.
If target cpu received a NMI and panic, it has called cpu_dead and stop_cpus success.
If target cpu is running, an IPI will be delivered to it and then call cpu_dead.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The physical core of lapic_pt vm should be reset for security and
correctness when shutdown the vm.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch makes the following changes:
- Add one parameter 'mask' to start_cpus for later use.
- Set cpu state as DEAD instead of dead loop when fail to start cpu.
- Panic when there are any failures when start cpus in init_cpu_post and host_enter_s3.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch remove the over design CPU_UP_TIMEOUT and
use CPU_UP_TIMEOUT and CPU_DOWN_TIMEOUT instead.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently, the previous configurations about guest_flags set by DM will
not be cleared when shutdown the vm. Then it might bring issue for the
next dm-launched vm.
For example, if we create one vm with LAPIC_PASSTHROUGH flag and shutdown it.
Then the next dm-launched vm will has the LAPIC_PASSTHROUGH flag set no matter
whether we set it in DM.
This patch clears all the DM set flags when shtudown vm.
Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently vpid is not released in reset_vcpu() hence the vpid resource
could be exhausted easily if guests are re-launched.
This patch assigns vpid according to the fixed mapping of runtime vm_id
and vcpu_id to guarantee the uniqueness of vpid.
Tracked-On: #2700
Signed-off-by: Zide Chen <zide.chen@intel.com>
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- The target vm in most of hypercalls should be a NORMAL_VM, in some
exceptions it might be a SOS_VM, we should validate them.
- Please be aware that some hypercall might have limitation on specific
target vm like RT or SAFETY VMs, this leaves "TODO" in future;
- Unify the coding style:
int32_t hcall_foo(vm, target_vm_id, ...)
{
int32_t ret = -1;
...
if ((is_valid_vm(target_vm) && is_normal_vm(target_vm)) {
ret = ....
}
return ret;
}
Tracked-On: #2978
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The function vpci_set_ptdev_intr_info() is not compiled for
CONFIG_SHARING_MODE only any more so the #ifndef here is useless.
Tracked-On: #2291
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently ptdev_release_all_entries() calls ptirq_release_entry() to
release ptdev IRQs, which is not sufficient because free_irq() is not
included in ptirq_release_entry().
Furthermore, function ptirq_deactivate_entry() and ptirq_release_entry()
have lots of overlaps which make the differences between them are not
clear.
This patch does:
- Adds ptirq_deactivate_entry() call in ptdev_release_all_entries() if the
irq has not already freed.
- Remove unnecessary code from ptirq_deactivate_entry() to make it do the
exact opposite to function ptirq_activate_entry(), except that
entry->allocated_pirq is not reset, which is not necessary.
- Added the missing del_timer() to ptirq_release_entry() to make it almost
opposite to ptirq_alloc_entry(); Added memset() to clear the whole entry,
which doesn't have impacts to the functionalities but keep the data structure
clean.
Tracked-On: #2700
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
mmio_hint in mem.c can potentially be accessed concurrently in
emulate_mem() because it only holds a read lock. Use a local variable to
make sure the same entry address is used throughout the function. Since
it only serves as a hint, it's okay if the function does not use the
most up-to-date version of mmio_hint, as long as mmio_hint is accessed
atomically.
Explicitly enforce natural alignment on mmio_hint to guarantee atomic
accesses on x86 and increase code portability, even though compilers
most likely always do it.
Entries in the RB tree are only removed in unregister_mem_int() while
holding a write lock, so accessing mmio_hint while holding a read lock
is safe.
Tracked-On: #2902
Signed-off-by: Peter Fang <peter.fang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Following up on d648df766c, surgically
remove all the functions related to enable_bar()/disable_bar() that got
introduced in 8787b65fde.
Tracked-On: #2902
Signed-off-by: Peter Fang <peter.fang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
Change return type to bool when returning int is not necessary.
Tracked-On: #2902
Signed-off-by: Peter Fang <peter.fang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
If launch two UOS with same UUID by acrn-dm, current code path will
return same VM instance to the acrn-dm, this will crash the two UOS.
Check VM state and make sure it's in VM_STATE_INVALID state before
creating a VM.
Tracked-On: #2984
Signed-off-by: Cai Yulong <yulongc@hwtc.com.cn>
The 'boot_params' and 'entry' might be dereferenced after they were
positively checked for NULL. Refine checking logic to fix the issue.
Tracked-On: #2979
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
The previous will not check the EPT gpa correctly. This patch try to fix this.
Tracked-On: #2291
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
When shutting down SOS VM, the shared sbuf is released from guest OS, but
the per cpu sbuf pointers in hypervisor keep inact. This creates a problem
that after SOS is re-launched, hypervisor could write to the shared
buffer that no longer exists.
This patch implements sbuf_reset() and call it from reset_vcpu() to
reset sbuf pointers.
Tracked-On: #2700
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Add TPR below threshold implement for "Virtual-interrupt delivery" not support.
Windows will use it to delay interrupt handle.
Complete all the interrupts in IRR as long as they are higher priority than
current TPR. Once current IRR priority is less than current TPR enable TPR
threshold to IRR, so that if guest reduces the TPR threshold, it would be good
to take below TPR threshold exit and let interrupts to go thru.
Tracked-On: #1842
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Add interface to get hardware information and
configurations for current platform.
Tracked-On: #2538
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN dumps host registers in case of an exception in root mode operation.
This patch adds CR2 register to the dump. It is useful for
page-fault debug in HV to know the offending address.
Tracked-On: #2969
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Enable vMCE feature to boot windows guest.
vMCE is set in EDX from Microsoft TLFS spec, to support windows guest
vMCA and vMCE should be supported by guest CPUID.
Support MSR_IA32_MCG_CAP and MSR_IA32_MCG_STATUS reading when vMCE is enabled,
but they are not emulated yet, so return 0 directly.
Tracked-On: #1867
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the presence of SOS, ACRN uses fallback_iommu_domain which is the same
used by SOS, to assign domain to devices during ACRN init. Also it uses
fallback_iommu_domain when DM requests ACRN to remove device from UOS domain.
This patch changes the design of assign/remove_iommu_device to avoid the
concept of fallback_iommu_domain and its setup. This way ACRN can commonly
treat pre-launched VMs bringup w.r.t. IOMMU domain creation.
Tracked-On: #2965
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Per debugging requirement, map the watchdog reset to warm reset.
So the ramconsole could be used to capture the kernel log of UOS
before watchdog is hit.
Tracked-On: #2471
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Update PCIR_SUBDEV_0 and PCIR_REVID in PCI configuration space to adapt
windows virtio-input driver. Otherwise virtio-input driver on Windows
will not be loaded correctly.
Tracked-On: #2962
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Guest OS for example Windows will disable bars before shutdown. Bars
are unregistered when they are disabled. Trying to unregister a bar
which has been unregistered causes a assertion. In pci_emul_free_bars
only those enabled bars should be unregistered.
Tracked-On: #2962
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
ACPI PM timer is disabled in FADT since there is no pm timer emulation
in device model now.
Tracked-On: #2962
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
It is found that windows will issue blkio operation with amount of
sectors in one request. This patch extends the max iov number of
virtio block to 256.
Tracked-On: #2962
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
There is a deadlock when emulate_mem is called on the memory region
of PCI extended configuration space. The call trace is something like:
emulate_mem
-> pci_emul_ecfg_handler
-> pci_cfgrw
-> pci_emul_cmdsts_write
-> unregister_bar/register_bar
-> modify_bar_registration
-> unregister_mem/register_mem
mmio_rwlock is hold in emulate_mem when calling unregister_mem/
register_mem which is trying to acquire mmio_rwlock again, and deadlock
happened.
It is possible that bar address is changed just between a on-going
MMIO access which can bring a race condition in theroy. Guest needs to
take care of the serial operation between bar addess update and MMIO
access of that bar.
Tracked-On: #2962
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Signed-off-by: Liu Shuo A <shuo.a.liu@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Sometimes guest OS writes PCIR_COMMAND register to disable the device,
then update the bar address followed by a write to PCIR_COMMAND register
to enable the device again. In this case unregister_bar/register_bar
should be called otherwise the IO/MMIO regions monitored by device model
will not be updated accordingly.
Tracked-On: #2962
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Signed-off-by: Liu Shuo A <shuo.a.liu@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Windows will set 0x262a0 for smi cmd pio, need to mask the higher bits
due to smi command is 8 bits register. Otherwise, it cause the
ACPI_ENABLE case can't be matched, and windows expecting the SCI_EN of
PM1_CONTROL be set after switch to ACPI mode. Finally, cause windows
trigger panic.
Tracked-On: #2962
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
This patch adds the support of inet socket as the backend of uart
emulation. Data written by guest uart is transferred to a socket and
data from socket is forwarded to guest uart. This enables something
called "Uart Over TCP" which is useful in some case such as WinDbg
connection over uart. The command line syntax is as follows:
-l comX,tcp:port_number
Tracked-On: #2962
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
In the current design, logic partition scenario is supported
on KBL NUC i7 since there is no related configuration and
no the cooresponding boot loader supporting.
The boot loader supporting is done in the previous patch.
Add some configurations such physical PCI devices information,
virtual e820 table etc for KBL NUC i7 to enable logical
partition scenario.
In the logical partition of KBL NUC i7, there are two
pre-launched VM, this pre-launched VM doesn't support
local APIC passthrough now. The hypervisor is booted through
GRUB.
TODO: In future, Local APIC passthrough and some real time
fetures are needed for the logic partition scenario of KBL
NUC i7.
V5-->V6:
Update "Tracked-On"
Tracked-On: #2944
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
In the current design, hypervisor only detects two kinds of
multiboot compiliant firwares (UEFI loader and non-UEFI loader),
It can't detect other multiboot compliant firware (such GRUB
loader) and can't detect UEFI loader explicitly since loader
name is not supported by UEFI loader (efi stub). In the
logical partition scenario on KBL NUC i7, one multiboot
compliant firware is used to boot hypervisor and load guest
OS image, and firware runtime service shall be disable to
avoid interference. So GRUB can be selected as a candidate
to enable logical partition scenario on KBL NUC i7.
Update firware detection and operations selecting logic to detect
more multiboot compiliant firware (such as GRUB and UEFI loader)
explicitly, different operations is selected according to the
boot load name through a static mapping table between boot load name
and firmware operations. GRUB loader can use the SBL operations
to handle multiboot information parsing and vm booting since
these multiboot compiliant firmware (SBL/ABL/GRUB) which boots
hypervisor (binary format), provides multiboot information and
the start address of guest OS image(binary format) in the same way,
and only runs on boot time.
From MISRA C view, viarble array is not allowed, so define the
static array for above mapping table;
From security view, it is better use strncmp insteads of strcmp.
TODO: In future, need to redesign boot moudle to suport different
boot loader, different VM boot, and different guest OS.
V2-->V3:
Update firmware detection logic to handle GRUB loader
which is need to provided multiboot information to the
hypervisor (such as the address of guest OS image);
V3-->V4:
Update firmware detection and operations selecting logic
to enable GRUB loader support in hypervisor;
V4-->V5:
Separte UEFI loader name supporting in a separate patch,
and update commit comment to make patch clearer.
V5-->V6:
Update "Tracked-On"
Tracked-On: #2944
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current design, UEFI loader name is not supported,
it is hard to ditinguish UEFI boot loader (efi stub in
the code) from other multiboot compiliant boot loader (such
as SBL, ABL, GRUB etc) explicitly. From long term, it is
better that detect boot loader according to loader name and
use different boot method according to different boot loader
and VM configuration flag.
Allocate memory to store UEFI loader name statically, set
MULTIBOOT_INFO_BOOT_LOADER_NAME in flag of the multiboot header,
store host physical start address of loader name in the multiboot
header according to multiboot protocol.
V5-->V6:
Update "Tracked-On"
Tracked-On: #2944
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch is to fix some possible memory leak issues, which are
reported by static analysis tool.
1. free uptime in error case handling of function parse_uptime.
2. unmap f in error case handling of function _file_read_key_value.
Tracked-On: #2917
Reviewed-by: Liu, Xinwu <xinwu.liu@intel.com>
Reviewed-by: Zhi Jin <zhi.jin@intel.com>
Signed-off-by: CHEN Gang <gang.c.chen@intel.com>
Acked-by: Zhang Di <di.zhang@intel.com>
add new hypercall get platform information,
such as physical CPU number.
Tracked-On: #2538
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There is an enhancement requirement about the VM auto-start for debug:
allowing the end user to optionally prevent automatic and immediate launching
of all Guest VM.
This commit adds a parameter to acrnd indicating the delay time before VM
auto-start, within the delayed period, user could stop acrnd to prevent the VM
auto-start. The default delay time is 0.
And definition of MACROs and static varialbes are moved to the beginning of
the source file.
Tracked-On: #2947
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Ported form apl_sdc_stable branch.
The wait_for_stop() first check if all VM are stopped or suspended.
It first check if VMs are stopped, then check if they are suspend.
If the VMs change state from running to stoped, after check VMs
stopped fail, before start check suspend state. wait_for_stop() will
mistake resopnse 'All vms have entered S3 state successfully'
To fix that, wait_for_stop() must only update VMs's state once, and
see if they are stopped, or suspended.
Tracked-On: #2398
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yan, Like <like.yan@intel.com>
Long Liu