Commit Graph

7806 Commits

Author SHA1 Message Date
Liu Long a72a2e1795 SampleApplication: Add the proxy setting for HMI
Add the proxy config file for the HMI VM images, in case install
the packages failed.

Tracked-On: #7820
Signed-off-by: Liu Long <long.liu@linux.intel.com>
2022-08-10 16:21:37 +08:00
David B. Kinder b8c85135d9 doc: update Security VM Features config option
Updated the description of Security VM Features per review comments, and
made the option visible (again) in the configurator as an advanced
hypervisor option.

Created a new glossary entry for "Security VM", referenced by this new
description and tooltip.

Tweak wording of virtio console and input device descriptions.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>

Tracked-On: #7968
2022-08-10 10:09:58 +08:00
David B. Kinder cb91722dd5 doc: update rdt config tutorial
Add some clarification and updates for 3.1

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2022-08-09 14:26:25 -07:00
David B. Kinder 785ce3346c doc: add proxy note to GSG
Remind readers that internet access from a corporate network typically
requires configuring proxy information.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2022-08-09 09:22:29 -07:00
zihengL1 82d4f633ed doc: fix Build EFI-Stub fail problem
In the "Enable ACRN Secure Boot With EFI-Stub" guide, to build EFI-Stub
smoothly, the installation of "gnu-efi" package is added to GSG.

Tracked-On: #7935
Signed-off-by: Ziheng Li <ziheng.li@intel.com>
2022-08-09 09:20:16 -07:00
Chuang Ke 481173bf50 v2-config_tool-Instruction-missing-for-L2-only-users
v1-->v2:
1. instruction displayed regardless of if L3 or L2 cache were available, now it displayed instructions accordingly no matter how many caches
2. let instructions displayed only once above the topmost CAT configuration table

Tracked-On: #7921
Signed-off-by: Chuang-Ke <chuangx.ke@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-08-09 22:15:27 +08:00
Kunhui-Li b5097ee3e3 config_tools: fix vBDF schema pattern issue
add escape charater to fix vBDF pattern match any character issue
for vUART and ivshmem.

Tracked-On: #7925
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-08-09 21:45:47 +08:00
Junjie Mao 3f0eb96d85 sample_app: Add scripts to create RT and HMI VM images
Creating VM images is always a pain to users, and it is especially the case
for those who want to set up the ACRN sample application which needs two
different VM images, one with graphical desktop and the other optimized for
real-time.

This patch introduces the so-called "image builder" utility which is a set
of scripts that can automate the creation of those VM images. The scripts
will take care of:

  - Forking image files based on Ubuntu cloud images and enlarge the root
    file system per needs.

  - Setting up users and passwords.

  - Installing necessary packages to run either the graphical desktop or
    real-time applications.

  - Specific to the RT VM image, disabling services and tweaking kernel
    command line for optimized real-time performance.

  - Copying the sample applications into the images so that users can
    start them directly, after they launch the VMs.

Tracked-On: #7820
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
2022-08-08 08:26:43 +08:00
Chuang Ke 88ed588711 vUART and IVSHMEM widgets don't generate address
[config_tool] vUART and IVSHMEM widgets don't generate address

Tracked-On: #7942
Signed-off-by: Chuang-Ke <chuangx.ke@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-08-05 16:43:32 +08:00
David B. Kinder c1a4b77a93 doc: update 3.0.1 release notes
Clarify description of CVE fix (only impacts ACRN implementation on
Alder Lake platforms), and improve description of the ACRN shell's new
vmexit command.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2022-08-04 22:00:05 -07:00
weizhang ddefbfa6b9 SampleApplication: Change the unit of result
Correct the unit of sample-application result, which should be us(microseconds).

Tracked-On #7820
Signed-off-by: Zhang Wei <wei6.zhang@linux.intel.com>
2022-08-05 10:35:10 +08:00
Junjie Mao 2a8b80d0c1 config_tools: board_inspector: guess L3 CAT parameters if not reported via CPUID
On some platforms the L3 CAT capabilities are not reported via CPUID even
though they are present. The public real-time tuning guide suggests to try
accessing the MSRs directly to detect if L3 CAT is available or not.

This patch implements such guessing logic in the board inspector in order
to enable CAT for users with those kinds of platforms.

Tracked-On: #7948
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
2022-08-05 07:36:40 +08:00
Junjie Mao 67d7b8f4c8 config_tools: board_inspector: fix MSR reads and writes
The MSR reading and writing routines today has the following issues:

  1. The missing of /dev/cpu/*/msr is not properly captured as it is
     reported via FileNotFoundError rather than IOError.

  2. The wrmsr logic is not updated to use the tmpdevfs msr file.

This patch fixes the issues above which is a prerequisite of adding
additional MSR parsing classes.

Tracked-On: #7948
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
2022-08-05 07:36:40 +08:00
Junjie Mao a6614e7e2f config_tools: board_inspector: refactors MSR utilities
In v3.0 the msrfield class has its initializer changed in a way that is
incompatible with the parameter names or the getter/setter. When introduced
from the BITS project, that class allows specifying an MSR field of
arbitrary length by being given the index of the most and least significant
bits.

This patch restores the original behavior of that msrfield class and moves
the use-case specific methods, namely is_vmx_cap_supported and
is_ctrl_setting_allowed, to a helper class.

Parsing of the VMX capability reporting MSRs in msr.py are updated
accordingly, and brief documentation of the MSR fields are added as well.

Tracked-On: #7948
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
2022-08-05 07:36:40 +08:00
Junjie Mao 4369896549 config_tools: acpi_gen: generate vRTCT instead of copying a physical one
As the last step to simplify the steps to enable software SRAM passthrough
to a pre-launched RT VM, this patch generates a virtual RTCT which only
contains a compatibility entry (to indicate that the format of the RTCT is
v2) and a couple of SSRAM or SSRAM waymask entries to report the software
SRAM blocks that pre-launched VM has access. That follows the practice how
ACRN device model generates virtual RTCT for post-launched VMs today.

In case RTCT v1 is used physically, this patch still generates a v2 RTCT
for the pre-launched VM but does not add an SSRAM waymask entry there
due to lack of information.

Tracked-On: #7947
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
2022-08-05 07:36:40 +08:00
Junjie Mao eff353700e config_tools: acpi_gen: refactor ACPI table generation logic
While functionally correct, the ACPI table (mostly DSDT) generation logic
in asl_gen.py contains multiple occurrences that share the same code
structure as follows:

    cls = <class of the table>
    length = ctypes.sizeof(cls)
    data = bytearray(length)
    res = cls.from_buffer(data)
    <setting multiple fields in res>

To minimize code duplication, this patch refactors the logic by abstracting
the creation of an ACPI table into a method which returns a newly created
object of the given class after setting the specified fields.

Tracked-On: #7947
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
2022-08-05 07:36:40 +08:00
Junjie Mao 89d54aa5d1 config_tools: board_inspector: record all details from RTCT in board XML
Today users still need to manually copy the RTCT binary file when they want
to passthrough software SRAM to a pre-launched RTVM, which is far from
being user friendly.

To get rid of that step, this patch extracts all information from the RTCT
table and format them in the board XML which is the only file users need to
copy from their target platform to build the hypervisor. The patch that
immediately follows will then use such information to generate vRTCT for
the pre-launched VM.

A side effect of this change is that more ranges, which represents those
reported by RTCT such as the CRL binary or the error log area, will be
added to the `memory` section of the board XML. The `id` attributes of
those range will be used to identify what that range is for. As a result,
getting RAM of the physical platform from the board XML requires additional
conditions on the `id` attributes to avoid counting non-RAM regions
unintendedly.

Tracked-On: #7947
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
2022-08-05 07:36:40 +08:00
Junjie Mao d7bac88e5e config_tools: board_inspector: refactor ACPI RTCT parser
This patch refactors and fixes the following in the ACPI RTCT parser of the
board inspector.

  1. Refactor to expose the RTCTSubtableSoftwareSRAM_v2 class directly as
     it is a fixed-size entry. There is no need to create a dynamic class
     which is mostly for variable-length entries.

  2. Rename the "format" field in RTCT entry header to "format_or_version",
     as that field actually means "version" in RTCT v2.

  3. Properly parse the RTCT compatibility entry which is currently parsed
     as an unknown entry with raw data.

Tracked-On: #7947
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
2022-08-05 07:36:40 +08:00
Conghui 51e6dc5864 hv: sched: fix bug when reboot vm
BVT schedule rule:
When a new thread is wakeup and added to runqueue, it will get the
smallest avt (svt) from runqueue to initiate its avt. If the svt is
smaller than it's avt, it will keep the original avt. With the svt, it
can prevent a thread from claiming an excessive share of CPU after
sleepting for a long time.

For the reboot issue, when the VM is reboot, it means a new vcpu thread
is wakeup, but at this time, the Service VM's vcpu thread is blocked,
and removed from the runqueue, and the runqueue is empty, so the svt is
0. The new vcpu thread will get avt=0. avt=0 means very high priority,
and can run for a very long time until it catch up with other thread's
avt in runqueue.
At this time, when Service VM's vcpu thread wakeup, it will check the
svt, but the svt is very small, so will not update it's avt according to
the rule, thus has a very low priority and cannot be scheduled.

To fix it, update svt in pick_next handler to make sure svt is align
with the avt of the first obj in runqueue.

Tracked-On: #7944
Signed-off-by: Conghui <conghui.chen@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Wang, Yu1 <yu1.wang@intel.com>
2022-08-05 02:39:54 +08:00
Liu Long b7d70385d9 SampleApplication: Add Makefile for the entire SampleApplication
Add the Makefile in the SampleApplication root directory. User
don't need to separate build the userapp and rtapp, just need make
once at the SampleApplication root directory.

Tracked-On #7820
Signed-off-by: Liu Long <long.liu@linux.intel.com>
2022-08-04 14:22:39 +08:00
Chenli Wei 6ac196d982 misc: add assert to check the duplicate devices
The current ACRN-Configurator allow user add duplicate PCI devices to
passthrough which it is not correct.

This patch add an assert to check the duplicate of PCI devices.

Tracked-On: #6690
Signed-off-by: Chenli Wei <chenli.wei@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-08-03 15:34:06 +08:00
Chenli Wei 030b2f804c dm: fix the secure coding style violations
There was some secure coding style violations of virtio net and tmp,
this patch add some NULL check to fix these violations.

Tracked-On: #6690
Signed-off-by: Chenli Wei <chenli.wei@linux.intel.com>
2022-08-02 18:01:24 +08:00
Conghui 7d987f9b0f dm: virtio-block: support NO_NOTIFY
disable NOTIFY during getting requests from virtqueue. This will improve
the IO performance.

Tracked-On: #7940
Signed-off-by: Conghui <conghui.chen@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
2022-08-02 11:14:54 +08:00
Conghui 1bf3cb61f5 dm: virtio-blk: enable support for iothread
The usage is:

-s <slot> virtio-blk,[iothread,]<filepath>

e.g  -s 3 virtio-blk,iothread,test.img

Tracked-On: #7940
Signed-off-by: Conghui <conghui.chen@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
2022-08-02 11:14:54 +08:00
Conghui fa69f79e33 dm: add iothread support in virtio framework
Add ioeventfd and iothread to virtio framework. When a virtio device
claim to support iothread, virtio framework will register a ioeventfd
and add it to iothread's epoll. After that, the new notify will come
through the iothread instead of the vcpu thread. The notify handler will
be called to process the request.

Tracked-On: #7940
Signed-off-by: Conghui <conghui.chen@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
2022-08-02 11:14:54 +08:00
Conghui 4fd0a1900a dm: support iothread
Supply a decidate thread, which can moniter a set of fds with epoll,
when the data is ready, call the corresponding callback.

This iothread will be created automatically with the first successful
call to iothread_add,  and will be destroyed in iothread_deinit if it
was created.

Note, currenlty only support one iothread.

Tracked-On: #7940
Signed-off-by: Conghui <conghui.chen@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
2022-08-02 11:14:54 +08:00
Chuang Ke 670ccf21f8 config_tool: Instruction missing for L2-only users
In the cache widget, there are instructions: "Drag the ends of the boxes to cover the cache chunks you want to allocate to specific VMs. If you have a real-time VM,ensure its cache chunks do not overlap with any other VM's cache chunks."

Tracked-On: #7921
Signed-off-by: Chuang-Ke <chuangx.ke@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-08-02 08:43:53 +08:00
Kunhui-Li fa8c149a38 cofig_tools: apply vBDF pattern check to vUART and ivshmem
apply vBDF pattern check to vUART and ivshmem.

Tracked-On: #7925
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-07-29 17:33:07 +08:00
Kunhui-Li 9a5f42e187 config_tools: add tooltips for cpu affinity
add tooltips for cpu affinity and tiny fix for virtio console device.

Tracked-On: #7933
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
2022-07-29 17:33:07 +08:00
Kunhui-Li e83bea0882 config_tools: remove invaild hugepage check
Currently, on the whl-ipc-i5 platform, we found a warning message when
building ACRN with the shared scenario XML file from github.
However, this doesn't affect any feature of ACRN according to the QA's
test result.

So this patch removes this check in order not to confuse users at the first.
If necessary, we will add back the check after getting more detail.

v1-->v2
degrade the log level to debug.

Tracked-On: #7926
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-07-29 17:33:07 +08:00
Chenli Wei da44d6337a misc: refine slot issue of launch script
The current launch script allocate bdf for ivshmem by itself and have
not get bdf from scenario.

This patch refine the above logic and generate slot by user settings.

Tracked-On: #6690
Signed-off-by: Chenli Wei <chenli.wei@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-07-29 17:03:45 +08:00
Yonghua Huang 95a938e50a hv: validate inputs in vpci_mmio_cfg_access
This function is registered as PCI MMIO configuration
  access handler, which processes PCI configuration access
  request from ACRN guest hence the inputs shall be validated
  to avoid potential hypervisor crash when handling inputs
  from malicious guests.

Tracked-On: #7902
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2022-07-29 10:30:08 +08:00
Minggui Cao 83164d6030 hv: shell: improve console to modify input easier
1. make memcpy_erms as a public API; add a new one
  memcpy_erms_backwards, which supports to copy data from tail to head.

  2. improve to use right/left/home/end key to move cursor, and support
delete/backspace key to modify current input command.

Tracked-On: #7931
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2022-07-28 23:31:43 +08:00
Minggui Cao d5b2c82156 hv: shell: improve console to buffer history cmds
1. buffer history commands.
  2. support up/down key to select history buffered commands

Tracked-On: #7931
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2022-07-28 23:31:43 +08:00
David B. Kinder 22662b579c doc: add v3.0.1 release notes
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2022-07-27 20:42:31 -07:00
Yonghua Huang 8c4ad317de doc: update security advisory for 3.0.1 release
Update security advisory for release_3.0.1

Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2022-07-27 08:25:25 -07:00
Chuang Ke c46c78591d [config_tool] Order of plus and minus icons is inconsistent
let minus icons in front of plus icons in those views below: Virtio input device, Virtio network device, Virtio console device, CPU affinity.

Tracked-On: projectacrn#7917
Signed-off-by: Chuang-Ke <chuangx.ke@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-07-27 20:57:25 +08:00
chuangxke e5a9c36095 show warning message when users attempt to create a new scenario
fix warning message when users attempt to create a new scenario, or import an existing scenario, for an existing configuration

Tracked-On: #7898
Signed-off-by: Chuang-Ke chuangx.ke@intel.com
Reviewed-by: Junjie Mao junjie.mao@intel.com
2022-07-27 20:22:35 +08:00
Weiyi Feng 715a597e37 config_tools: fix CAT data can not be load back issue
fix CAT data can not be load back issue

Tracked-On: #6691
Signed-off-by: Weiyi Feng <fwy1998@gmail.com>
Signed-off-by: Weiyi Feng <weiyix.feng@intel.com>
2022-07-27 09:54:36 +08:00
Liu Long 49d6a909cd ACRN:DM: Correct vhost_ext_features network bit
Use the VHOST_NET_F_VIRTIO_NET_HDR in linux system header file,
and set the correct feature bit for Virtio net header.

Tracked-On: #7790
Signed-off-by: Liu Long <long.liu@linux.intel.com>
2022-07-27 07:57:29 +08:00
Liu Long 73c529a903 ACRN:DM: Free virtio_vsock struct resource in deinit function
Free the virtio_vsock struct resource in virtio vsock deinit function
in case memory leak.

Tracked-On: #7759
Signed-off-by: Liu Long <long.liu@linux.intel.com>
2022-07-27 07:57:29 +08:00
Liu Long 6e18d2bd8f ACRN: DM: Fix the vsock error info.
Replace the exclamation mark with period mark in debug info and fix
the Guest CID max value macro.

Tracked-On: #7456
Signed-off-by: Liu Long <long.liu@linux.intel.com>
2022-07-27 07:57:29 +08:00
David B. Kinder ad0297ff02 doc: explain configurator error check and display model
We aluready updated the GSG to discuss how to find and address errors
when using the configurator (specifically doing a save scenario to check
for errors or to verify all errors were resolved). Add a description of
this error interaction model to the configurator tool documentation.

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2022-07-26 09:33:51 -07:00
Jian Jun Chen 22a302599a hv: tlfs: fix the incorrect vLAPIC freq MSR
When LAPIC timer is working in oneshot or periodic mode, OS uses
initial counter register/current counter register to program
a timer. Both initial counter and current counter depend on the
LAPIC frequency. ACRN emulated vLAPIC timer based on the TSC.
vLAPIC freq is the same as TSC freq.

Tracked-On: #7876
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
2022-07-26 05:53:19 +08:00
chuangxke a3449c4893 config_tools: add two spaces for error messgae.
add two spacings in alert sentence.

Tracked-On: #7915
Signed-off-by: Chuang-Ke <chuangx.ke@intel.com>
Reviewed-by:Junjie Mao <junjie.mao@intel.com>
2022-07-25 10:32:26 +08:00
zihengL1 6ced747e10 config-tools: fix board inspector crashed error
Fixed the problem of exception handling of the
incoming type error in reading GSI number method
in 40-acpi-tables.py line 37 when dmesg command
line is too long.

Tracked-On: #7906
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Ziheng Li <ziheng.li@intel.com>
2022-07-22 10:15:21 +08:00
Yifan Liu 4f4da08490 hv: cve hotfix: Disable RRSBA on platform using retpoline
For platform that supports RRSBA (Restricted Return Stack Buffer
Alternate), using retpoline may not be sufficient to guard against branch
history injection or intra-mode branch target injection. RRSBA must
be disabled to prevent CPUs from using alternate predictors for RETs.

Quoting Intel CVE-2022-0001/CVE-2022-0002:

Where software is using retpoline as a mitigation for BHI or intra-mode BTI,
and the processor both enumerates RRSBA and enumerates RRSBA_DIS controls,
it should disable this behavior.
...
Software using retpoline as a mitigation for BHI or intra-mode BTI should use
these new indirect predictor controls to disable alternate predictors for RETs.

See: https://www.intel.com/content/www/us/en/developer/articles/technical/
 software-security-guidance/technical-documentation/branch-history-injection.html

Tracked-On: #7907
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
2022-07-22 09:38:41 +08:00
Kunhui-Li de8877e71a config_tools: add tooltips for virtio devices
add tooltips for virtio network, input and console.

Tracked-On: #7897
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-07-21 16:49:36 +08:00
Kunhui-Li 3aee139da9 config_tools: left-align the plus icon in the virtio devices
left-align the plus icon in the virtio devices so that they
match the alignment in the IVSHMEM widget.

Tracked-On: #7897
Signed-off-by: Kunhui-Li <kunhuix.li@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
2022-07-21 16:49:36 +08:00
Yifan Liu 2edd704a3b misc: configurator: bugfix: incorrect path split
Board files with multiple dots in their name may be splitted
incorrectly, and os.path.basename assumes os.name == posix in pyodide
environment. This workaround partially fixes this problem whenever the
the board filename does not contain '\' character.

Tracked-On: #7582
Signed-off-by: Yifan Liu <yifan1.liu@intel.com>
2022-07-20 12:19:42 +08:00