Update description of passthrough device usecase additions, and improved
description of Issue #6631 (Kata broken)
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Otherwise it will fail to set the GPU opregion/stolen_memory for guest VM in
course of GPU passthrough and the display can't work.
Tracked-On: #6988
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Also cleaned out older versions from list, keeping v1.0,
v1.6.1, v2.0, v2.5, and v2.6.
The documentation for previous releases is still available (by editing
the URL to mention that release (e.g., /2.1/ ).
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
To launch User VM, cpu_affinity parameter is needed for v2.7.
Signed-off-by: fuzhongl <fuzhong.liu@eintel.com>
Reviewed-by: gvancuts <geoffroy.vancutsem@intel.com>
1. Update launch script and replace the apt-get command with apt in GSG documentation.
2. Update the tag to v2.7 in partitioned documentation.
Signed-off-by: zhongzhenx.liu <zhongzhenx.liu@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Add some color styles we can use (via .. rst-class:: style directive) to
add color to rst tables. Also introduce a centered class instead of
using the deprecated .. centered:: directive. Update documentation
guidelines to describe these new styles (background colors).
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The commands in the Getting Started Guide for copying files to and from
the USB stick will fail if the USB stick volume name has a space in it.
Fix this by quoting uses of $disk.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Fix errors in description of changes.
Add mention of SOS -> Service_VM change in config options/values.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Currently in sanitize_vm_config, all LAPIC-PT VM are treated as RTVM,
which can be relaxed: LAPIC PT VM does not have to be RTVM.
Change the logic in sanitize_vm_config to support this relaxation.
Tracked-On: #6968
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, the command "acrnctl suspend" and "acrnctl resume"
is not used by user. This patch removes related code.
Tracked-On: #5921
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, the command "acrnctl suspend" and "acrnctl resume"
is not used by user. This patch removes related code.
v1-->v2:
Remove vm_suspend.
Tracked-On: #5921
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, Service VM may fail to shut down due to some enabled
VFs. ACRN doesn't disable VFs automatically.
In this patch, add a note for user to disable VFs before Service
VM shuts down.
Tracked-On: #5921
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Rename `CONFIG_IOMMU_BUS_NUM` to `ACFG_MAX_PCI_BUS_NUM`. Configure tool
will calculate `ACFG_MAX_PCI_BUS_NUM` base on the max pci num which is
used by VF. So user needn't care about `ACFG_MAX_PCI_BUS_NUM`, and memory
will be used resonable.
Tracked-On: #6942
Signed-off-by: Yuanyuan Zhao <yuanyuan.zhao@linux.intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Victor Sun <victor.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Extract the max pci bus number from board information and generate the
common configuration macro ACFG_MAX_PCI_BUS_NUM automatically.
Tracked-On: #6942
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
remove is_valid_xsave_combination api,
assume the hardware or QEMU can guarantee that support
XSAVE on CPU side and XSAVE_XRSTR on VMX side or not.
will add offline-tool in QEMU platform to avoid the user
use wrong XSAVE configurations.
remov check VMX_PROCBASED_CTLS2_XSVE_XRSTR based on the above reason.
for VMX_PROCBASED_CTLS2_PAUSE_LOOP, now it will panic
if run ACRN over QEMU, here remove it from essential check,
and it will print error information when set this bit
if there is no the hardware capability.
v1-v2:
remove is_valid_xsave_combination
Tracked-On: #6584
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch adds an option CONFIG_KEEP_IRQ_DISABLED to hv (default n) and
config-tool so that when this option is 'y', all interrupts in hv root
mode will be permanently disabled.
With this option to be 'y', all interrupts received in root mode will be
handled in external interrupt vmexit after next VM entry. The postpone
latency is negligible. This new configuration is a requirement from x86
TEE's secure/non-secure interrupt flow support. Many race conditions can be
avoided when keeping IRQ off.
v5:
Rename CONFIG_ACRN_KEEP_IRQ_DISABLED to CONFIG_KEEP_IRQ_DISABLED
v4:
Change CPU_IRQ_ENABLE/DISABLE to
CPU_IRQ_ENABLE_ON_CONFIG/DISABLE_ON_CONFIG and guard them using
CONFIG_ACRN_KEEP_IRQ_DISABLED
v3:
CONFIG_ACRN_DISABLE_INTERRUPT -> CONFIG_ACRN_KEEP_IRQ_DISABLED
Add more comment in commit message
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
"idle=halt " should be avoided in REE since we have to
keep the interrupt always masked in root mode.
Tracked-On: #6571
Signed-off-by: Jie Deng <jie.deng@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Previous upstreamed patches handles the secure/non-secure interrupts in
handle_x86_tee_int. However there is a corner case in which there might
be unhandled secure interrupts (in a very short time window) when TEE
yields vCPU. For this case we always make sure that no secure interrupts
are pending in TEE's vlapic before scheduling REE.
Also in previous patches, if non-secure interrupt comes when TEE is
handling its secure interrupts, hypervisor injects a predefined vector
into TEE's vlapic. TEE does not consume this vector in secure interrupt
handling routine so it stays in vIRR, but it should be cleared because the
actual interrupt will be consumed in REE after VM Entry.
v3:
Fix comments on interrupt priority
v2:
Add comments explaining the priority of secure/non-secure interrupts
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The TEE_NOTIFICATION_VECTOR can sometimes be confused with TEE's PI
notification vector. So rename it to TEE_FIXED_NONSECURE_VECTOR for
better readability.
No logic change.
v3:
Add more comments in commit message.
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Sometimes HV would like to know if there are specific interrupt
pending in vIRR, and clears them if necessary (such as in x86_tee case).
This patch adds two APIs: get_next_pending_intr and clear_pending_intr.
This patch also moves the inline api prio() from
vlapic.c to vlapic.h
v3:
Remove apicv_get_next_pending_intr and apicv_clear_pending_intr
and use vlapic_get_next_pending_intr and vlapic_clear_pending_intr
directly.
v2:
get_pending_intr -> get_next_pending_intr
apicv_basic/advanced_clear_pending_intr -> apicv_clear_pending_intr
apicv_basic/advanced_get_pending_intr -> apicv_get_next_pending_intr
has_pending_intr kept
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In pci_enumerate_ext_cap we assume the extended capability linked lists
are always legal and correct, which might not be true when there was a
faulty hardware. This patch adds checks (time to live) to guard against malformed
extended capability linked lists.
v2:
Add error printing when node_limit <= 0.
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Though REE VM has its load order to be Service_VM, it does not offer
services as Service VM does. The only hypercalls allowed for REE are the
ones with GUEST_FLAG_REE.
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch wraps the check of GUEST_FLAG_TEE/REE into functions
is_tee_vm/is_ree_vm for readability. No logic changes.
Tracked-On: #6571
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For WaaG VM, the User VM name is hard coded in the
lifecycle manager, this User VM ("windows") is needed
for guest shutdown.
Note: libvirt will be used to do guest shutdown and
the WaaG VM name will be configurable in furture.
The lifecycle manager starup picture in WaaG VM is out
of data, update it in this patch.
Tracked-on: #6652
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
This patch updates recommendations to upgrade from a prior ACRN version
for v2.7, and updates the what's new summary.
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The CONFIG_LOG_DESTINATION parameter selects where the logging messages
send to,serial console or memory or npk device MMIO region.
Now we want to remove it and check the loglevel of each channel,close the
output when the loglevel is ZERO.
Tracked-On: #6934
Signed-off-by: Chenli Wei <chenli.wei@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. remove LOG_DESTINATION in the related python code, schema and
all existing scenario XML files.
2. for MEM_LOGLEVEL, NPK_LOGLEVEL and CONSOLE_LOGLEVEL,
update the loglevel range to [0, 5] from [0, 6].
Tracked-On: #6934
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
fix memory leakage issue in function 'acrn_parse_cpu_affinity()',
memory pointed by 'cp' is not released before function return.
Tracked-On: #6919
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Currently, if board.xml and scenario.xml are specified,
the variable $(BOARD) and $(SCENARIO) are path, but the
parameters passed in to generate debian package should be
board and scenario name. So add a conversion function to
ensure that the function passed to the generated debian
package is board and scenario name.
Tracked-On: #6688
Signed-off-by: Hu Fenglin <fenglin.hu@intel.com>
- Replace SOS or Service OS with Service VM
- Replace UOS or User OS with User VM
- Replace VHM with HSM
Signed-off-by: Amy Reyes <amy.reyes@intel.com>
- Replace SOS or Service OS with Service VM
- Replace UOS or User OS with User VM
- Clean up some of the grammar
Signed-off-by: Amy Reyes <amy.reyes@intel.com>
- Replace UOS or User OS with User VM
- Replace SOS or Service OS with Service VM
- Clean up some of the grammar
Signed-off-by: Amy Reyes <amy.reyes@intel.com>
- Replace SOS or Service OS with Service VM
- Replace UOS or User OS with User VM
- Replace VHM with HSM
Signed-off-by: Amy Reyes <amy.reyes@intel.com>
- Replace SOS or Service OS with Service VM
- Replace UOS or User OS with User VM
- Capitalize ACRN Configurator
Signed-off-by: Amy Reyes <amy.reyes@intel.com>
Currently, in RTVM with multi vCPUs, lapic pass through is
configured, each vCPU works in x2apic mode. When one vCPU sends
IPI to all other vCPUs through writes ICR register with virtual
value 0x00000000000c00f8, this ICR writting will be intercepted,
the hypervisor passes destination shorthand field 11B (All Excluding
Self) in the virtual ICR value into physical ICR value during IPI
emulation, this IPI will be sent to each physical CPU core
in the platform according to 10.6.1 Interrupt Command Register (ICR),
Vol 3, SDM.
One vCPU in User VM with lapic pass through configuration can
send IPI with destination shorthand (10B or 11B) and any vector
(such as NMI or reboot vector) to other vCPUs, this IPI will sent
other VMs in the platform by hypervisor, this interference may
cause other VMs hang.
In this patch, set "Destination Shorthand" field of the
ICR value as 00B (No Shorthand) since the emulation is done
through sending IPI to each VCPU in dmask one by one.
Tracked-On: #6908
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Chen, Jason CJ <jason.cj.chen@intel.com>
David B. Kinder