1. add guest secure boot with OVMF.
2. delete obsolete content.
3. SOS -> Service VM and UOS -> User VM.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
1. Some security features are added into ACRN HV memory management.
2. Dynamic memory allocation is removed. Instead, static memory page allocation is added.
3. The guest to host mapping is not static any more for Service OS after it begins running
since the Service OS support PCI BAR re-pregramming now.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
hypcall_id has a type of uint64_t and should use 'llx' as
formatting flag instead of '%d'. Otherwise, we will get a
confusing error log when not-allowed hypercall occurs.
Without this patch:
[96707209us][cpu=1][sev=3][seq=2386]:hypercall -2147483548 is only allowed from SOS_VM!
With this patch:
[84613395us][cpu=1][sev=3][seq=2136]:hypercall 0x80000064 is only allowed from SOS_VM!
So, we can figure out which not-allowed hypercall has been triggered more conveniently.
BTW, this patch adds hypcall_id which triggered from non-ring0 into error log.
Tracked-On: #4012
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Now ACRN support more and more platforms. However, the default configuration only
support board which memory is less than 16 GB. If a board memory is large than
16 GB, the developer needs to configure the memory configuration according to his
board. Otherwise, the boot will fail. This's because UEFI BIOS will use the high
memory as possible.
This patch try to allocate the memory as eraly as possible. So that the BIOS will
not access this region.
Tracked-On: #4007
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Now the default board memory size is 16 GB. However, ACRN support more and more boards
which may have memory size large than 16 GB. This patch try to filter e820 table which
is over top address space.
Tracked-On: #4007
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Now the e820 structure store ACRN HV memory layout, not the physical memory layout.
Rename e820 to hv_hv_e820 to show this explicitly.
Tracked-On: #4007
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Change APL getting started guide to KBL getting started guide;
Merge some of the contents into preempt-rt getting started guide;
Move the modified kbl getting started guide to the behind of the configuration tutorials;
Fix issues for acrn_quick_setup.sh script.
Signed-off-by: lirui34 <ruix.li@intel.com>
The acrn vhm driver will convert all PCI configure space access to
PCI_CFG type, so the pci_emul_cfgaddr and pci_emul_cfgdata will nerver
be invoked. Remove these useless functions.
Tracked-On: #3999
Signed-off-by: Gao Junhao <junhao.gao@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
AP trampoline code should be accessible
to hypervisor only, this patch is to unmap
this region from service VM's EPT for security
reason.
Tracked-On: #3992
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. Print warning message instead of ASSERT when
the caller try to modify the attribute for
memory region that is not present.
2. To avoid above warning message for memory region
below 1M,its attribute may be updated by Service
VM when updating MTTR setting.
Tracked-On: #3992
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently, memory with size of 'CONFIG_LOW_RAM_SIZE' will be
allocated when 'get_direct_boot_ap_trampoline()' is called.
This patch refine the implementation of of above function, it
returns the base address of trampoline buffer when called, and
the memory is allocated when vboot module is initialized.
Tracked-On: #3992
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Remove redundant copy of ovmf.fd firmware as the lunach script now
instructs the DM to user the OVMF.fd firmware directly from the rootfs.
Tracked-On: #3972
Signed-off-by: Tonny Tzeng <tonny.tzeng@intel.com>
This commit updates the DM parameters reference document to reflect
the removal of the guest cpu number option '-c' implementation.
Tracked-On: #3989
Signed-off-by: Tonny Tzeng <tonny.tzeng@intel.com>
We should use INIT signal to notify the vcpu threads when
powering off the hard RTVM. To achive this, we should set
the vcpu->thread_obj.notify_mode as SCHED_NOTIFY_INIT.
Patch (27163df9 hv: sched: add sleep/wake for thread object)
tries to set the notify_mode according `is_lapic_pt_enabled(vcpu)`
in function prepare_vcpu. But at this point, the is_lapic_pt_enabled(vcpu)
will always return false. Consequently, it will set notify_mode
as SCHED_NOTIFY_IPI. Then leads to the failure of powering off
hard RTVM.
This patch fixes it by:
- Initialize the notify_mode as SCHED_NOTIFY_IPI in prepare_vcpu.
- Set notify_mode as SCHED_NOTIFY_INIT after guest is trying to
enable x2apic mode of passthru lapic.
Tracked-On: #3975
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
After adding PCI BAR remap support, mmio_node may unregister when there's others
access it. This patch add a lock to protect mmio_node access.
Tracked-On: #3475
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Concurrent access on PCI device may happened if UOS try to access PCI configuration
space on different vCPUs through IO port. This patch just adds a global PCI lock for
each VM to prevent the concurrent access.
Tracked-On: #3475
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Refine PCI CONFIG_ADDRESS Register definition as its physical layout.
In this case, we could read/write PCI CONFIG_ADDRESS Register atomically.
Tracked-On: #3475
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
updated this chapter based on latest master
some part still need update:
- vSBL need be replaced by OVMF after removed all vSBL stuff
Tracked-On: #3882
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Unmap old mappings in vdev_pt_write_vbar explicitly before set_vbar_base.
Then map new mappings explicitly in vdev_pt_write_vbar.
Tracked-On: #3475
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Lock should be held till all the mmap operations are done. This is to
avoid the mmap failure when multiple guests are created concurrently.
For example consider the following case in which vm1 and vm2 are
created by acrnd concurrently:
- vm1 is created with 4G+2M memory.
- 4G+2M memory is reserved in hugetlb now and vm1 continues to
allocate memory for the lowmem without lock held.
- 2G memory is allocated by vm1 for its lowmem, and 2G+2M memory
is available in hugetlb.
- At this time vm2 is created with 1G+2M memory. It finds that enough
memory is reserved (2G+2M), so it does not try to reserve more
memory.
- vm2 allocates some memory for its lowmem/highmem/ovmf.
- vm1 tries to allocate memory for its highmem/ovmf, the allocation
will fail. vm1 creation failed in this case.
Tracked-On: #3947
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
PR #3665 moved all the doc build artifacts into the _build folder and
updated scripts and Makefile to account for this, except missed a fix in
the script that checks for known issues. This patch fixes that but shows
we've got a bunch of issues that have not been being reported so we'll
need to fix those problems to resolve failing doc builds.
Also fixed process of the VERSION file in conf.py since the path to that
file was changed by PR #3665 as well and was raising an exeception that
was being masked.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
As reported in PR #3959, doc build errors were being masked by a script
error. This PR fixes a chunk of them.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
PR #3665 moved the doc build folder, so files referenced via directives
had an incorrect path (need to add an additional ../../ to the front of
relative paths that were referencing files outside of the doc folder).
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Fix "duplicate label" error (name of a figure collided with the name of
a document). Also fixed very long lines, cleaned up some stray extra
spaces that were breaking up words, and some grammar issues.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Since guest could re-program PCI device MSI-X table BAR, we should add mmio
emulation handler unregister.
However, after add unregister_mmio_emulation_handler API, emul_mmio_regions
is no longer accurate. Just replace it with max_emul_mmio_regions which records
the max index of the emul_mmio_node.
Tracked-On: #3475
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
In theory, guest could re-program PCI BAR address to any address. However, ACRN
hypervisor only support [0, top_address_space) EPT memory mapping. So we need to
check whether the PCI BAR re-program address is within this scope.
Tracked-On: #3475
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
As vm3 for industry scenario was removed from scenario config, so
modify the uos id to proper id.
Tracked-On: #3854
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Acked-by: Victor Sun <victor.sun@intel.com>
We should use launch_$(uos type) for launch function name instead of using
launch_$(board name).
Tracked-On: #3931
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Acked-by: Victor Sun <victor.sun@intel.com>
add mem_size parameter for acrn-dm while generating launch script.
Traked-On: #3932
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Acked-by: Victor Sun <victor.sun@intel.com>
1. Add the character of quotation marks for launch vm script.
2. Audio codec should put together with audio devcie and pass to
vm , otherwise report an error message to webUI.
Tracked-On: #3937
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Acked-by: Victor Sun <victor.sun@intel.com>
lirui34