virtual RTCT will be created on TCC driver interface, instead of
pass-through native RTCT to ACRN user VMs.
this patch removes dependency on native RTCT table:
- rename build_vrtct() function to init_ssram()
and minor changes inside.
- drop function create_and_inject_vrtct()
- add one API to get virtual RTCT table.
- rename variable 'pt_rtct' to 'ssram'
Tracked-On: #7010
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Wang Yu1 <yu1.wang@intel.com>
The UUID has several usages before:
1, For HV to identify the static VM configuration of post-launched VM.
2, Seed virtualization.
3, Slightly prevent launching malicous VM from SOS as lack of secure
boot.
The UUID is confused to user, user don't understand what it is. And user
don't know where to get/apply the UUID. The worst experience is user
can't launch any VMs w/o re-compile the hv. Everything needs to be
static decided in building phase.
Now we decide to remove UUID and split each usage. For 1st usage, use
vmname as the identifier of static VM configuration. For 2nd one, we
will use --vseed as the new parameter. For 3rd one, will pretect by
SOS's dm-verity.
This patch will remove the UUID parameter and support 1st&3rd usages
from DM part. For 2nd usage, another patch will be submitted later.
Tracked-On: #6685
Signed-off-by: Yuanyuan Zhao <yuanyuan.zhao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
vmm.h has some unused definitions.
Keep the useful definitions and delete vmm.h
Tracked-On: #6282
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
The TPM information in ACPI table is for both VPTM and passthough TPM,
so only one TPM device is allowed.
Tracked-On: #5913
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
In addition to a single OVMF image (OVMF.fd), split images
(OVMF_CODE.fd, OVMF_VARS.fd) can be used to facilitate VM management.
From the OVMF Whitepaper:
The variable store and the firmware executable are also available in
the build output as separate files entitled: "OVMF_VARS.fd" and
"OVMF_CODE.fd". This enables central management and updates of the
firmware executable, while each virtual machine can retain its own
variable store.
An example to launch acrn-dm with the split images:
--ovmf code=/usr/share/acrn/bios/OVMF_CODE.fd, \
vars=/usr/share/acrn/bios/OVMF_VARS.fd
v1 -> v2:
- use memory-mapped file I/O for writeback
- use fcntl to lock OVMF image files
Tracked-On: #5487
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
dm: vptct: add vPTCT for post-launched RTVM
We added vPTCT support for post-launched RTVM:
1. Added a function create_and_inject_vptct. Currently, we
pass-through the whole pSRAM to one RTVM, so we will also pass-
through the PTCT to the very same RTVM. This function will
read the native PTCT from SOS and inject it into post-
launched VM's vACPI.
2. Added some definitions for vPTCT.
Tracked-On: #5330
Signed-off-by: Qian Wang <qian1.wang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
We could add MMIO device pass through by two ways:
a) If the MMIO device only has MMIO regions and no ACPI Table touched, using
"--mmiodev_pt MMIO_regions",
b) If the MMIO device touches ACPI Table, using "--acpidev_pt HID"
Now only support TPM2 MSFT0101 MMIO device pass through through launch script
using "--acpidev_pt MSFT0101". When we want to pass through the TPM2 deivce,
we would not allow to emulate the vTPM2 at the same time. This is becuase
the ACRN-DM emulate the TPM2 as MSFT0101 too. Otherwise, the VM can't boot.
Besides, we could only support one TPM2 device PT and one MMIO device PT.
For TPM2 device PT, the MMIO resources are hard-coded. For the MMIO device PT,
we could pass through the MMIO resources on the cmdline.
ToDo:
1. We may use HID to discover the MMIO regions and ACPI Table instaed of
hard-coded.
2. To identify a MMIO device only by MMIO regions.
3. To allocate virtual MMIO regions in a reserved guest MMIO regions.
Tracked-On: #5053
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Do reset for passthrough PCI device by default when assigning it to post-launched
VM:
1. modify opt "reset" to "no_reset" -- could enable no_reset for debug only
2. remove "ptdev_no_reset" opt. It could be replaced by setting "no_reset" for
each passthrough device.
Tracked-On: #3465
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
After Windows 10, version 1607, the cross-signed drivers are forbiden
to load when secure boot is enabled.
Details please refer to
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later-
That means the kvm-guest-drivers-windows can't work when secure boot enabled.
So we found another windows virtio FE drivers from Oracle to resolve this issue
but have to change another subsystem vendor ID for the virtio BE services.
This patch introduces a new DM CMD line "--windows" to launch WaaG with Oracle virtio devices including
virtio-blk, virtio-net, virtio-input instead Redhat. It can make virtio-blk, virtio-net and virtio-input
devices work when WaaG enabling secure boot.
Tracked-On: #3583
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Remove the guest cpu number option '-c', as the guest cpu number is
defined in hypervisor vm configuration file, and the number can be
return by vm_create().
Tracked-On: #3663
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
VM Name length is restricted to 32 characters. kata creates
a VM name with GUID added as a part of VM name making it around
80 characters. So increasing this size to 128.
v1->v2:
It turns out that MAX_VM_OS_NAME_LEN usage in DM and HV are for
different use cases. So removing the macro from acrn_common.h.
Definied macro MAX_VMNAME_LEN for DM purposes in dm.h. Retaining
original macron name MAX_VM_OS_NAME_LEN for HV purposes but defined
in vm_config.h.
Tracked-On: #3138
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch add one new parameter --rtvm to indicate if the guest is a RTVM or not.
For RTVM, it may be not interference by SOS.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- don't generate io apic entry for vm with lapic pt.
Tracked-On: #2351
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The patch fix some string operations issues and also improve readability
of several snippet.
Tracked-On: #2133
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Use '--ovmf <OVMF image location>' when launching acrn-dm.
Tracked-On: #1832
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Generic infrastructure for loading BIOS/ROM and providing EPT pages at
High BIOS region.
The size of High BIOS is rounded up to a multiple of 2MB.
v2 -> v3:
- refine mmap_hugetlbfs* to reduce code replication
v1 -> v2:
- make this code generic instead of OVMF-specific
Tracked-On: #1832
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Physical NIC mac address is used for generate UOS mac address.
This patch uses a new parameters to pass this information
instead of vm name.
Tracked-On: #1987
Signed-off-by: Jie Deng <jie.deng@intel.com>
Acked-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
paddr_guest2host has same function with dm_gpa2hva. And There is no
usage of dm_gpa2hva. Remove it.
Tracked-On: #1595
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Fengwei Yin <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch addes the debugexit function to DM. If it's enabled
by DM cmdline (by add --debugexit), the guest could write a
32bit value to port 0xF4 to trigger guest shutdown.
Tracked-on: #1465
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch adds a simple 32bit static elf binary loader to acrn DM.
And if the elf binary follow multiboot protocol, only memory info
will be included in multiboot info.
Tracked-On: #1465
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This is the counterpart in DM to the VHM request state update in the
hypervisor. Major changes include:
* Remove accesses to the obsolete 'valid' member.
* Access the 'processed' member using atomic operations.
* Sync the documentation on vhm_request.
In addition, the new state transition also requires a VHM request to be always
handled properly, as there is no 'FAILED' state any more. Instead of crashing
the device model (and thus the UOS as well), the device model should return all
1s or ignore the request when it is to load from or store to an invalid address,
respectively.
Note: there is an issue in vm_system_reset() and vm_suspend_resume() where
completed VHM requests are not properly notified, causing the hypervisor to
complain as it sees uncompleted requests while trying to create a new one. This
issue will be resolved in a separate patch.
v1 -> v2:
* Use macro-defined constants for the default values for invalid PIO/MMIO
reads.
* Change the return type of vmexit_handler_t in DM to void as the return
values are no longer necessary.
* Remove VM_EXITCODE that are no longer used.
Tracked-On: #875
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Current option of removing vGSI capability is global, which exposes
vIOAPIC link for all ptdev even only one need this. This patch makes
it as ptdev local option to lower the system level impact. To keep
vGSI for MSI capable ptdev, just explicitly append ",keep_gsi" in
option list, like "-s 14,passthru,0/e/0,keep_gsi"
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
With '--ptdev_no_reset', DM doen not abort but warn when assign PCIe
dev without reset capability.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Following functions have never been used anywhere.
Let's remove them.
fbsdrun_muxed()
fbsdrun_vmexit_on_hlt()
fbsdrun_vmexit_on_pause()
fbsdrun_disable_x2apic()
Remove weird prefix "fbsdrun" from following functions' name.
fbsdrun_virtio_msix() --> virtio_uses_msix()
fbsdrun_start_thread() --> start_thread()
Signed-off-by: Jie Deng <jie.deng@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove weird prefix "fbsdrun" from the function name.
Since "fbsdrun_addcpu" has never been called by external
functions, Let's remove its declaration from "dm.h" and
make it as a static function to keep consistency with
"fbsdrun_deletecpu".
Signed-off-by: Jie Deng <jie.deng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The trusty enabled or not will be passed to HV
with create vm hypercall. It's passed to vSBL within
config page also.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There are two things here:
1. Enable basic vsbl boot functionality.
2. add long option to DM to specific vsbl file. So DM could
choice to boot guest with vsbl.
It's hard to find a suitable short option. So only long option
is supported for vsbl file name option.
If long option "--vsbl='vsbl_file_name'" is given in DM
commandline, the "vsbl_file_name" will be loaded by DM
first and running. vsbl will be response to lead guest to
next boot stage.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Yonghua Huang