After Windows 10, version 1607, the cross-signed drivers are forbiden
to load when secure boot is enabled.
Details please refer to
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-policy--windows-vista-and-later-
That means the kvm-guest-drivers-windows can't work when secure boot enabled.
So we found another windows virtio FE drivers from Oracle to resolve this issue
but have to change another subsystem vendor ID for the virtio BE services.
This patch introduces a new DM CMD line "--windows" to launch WaaG with Oracle virtio devices including
virtio-blk, virtio-net, virtio-input instead Redhat. It can make virtio-blk, virtio-net and virtio-input
devices work when WaaG enabling secure boot.
Tracked-On: #3583
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Remove the guest cpu number option '-c', as the guest cpu number is
defined in hypervisor vm configuration file, and the number can be
return by vm_create().
Tracked-On: #3663
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
VM Name length is restricted to 32 characters. kata creates
a VM name with GUID added as a part of VM name making it around
80 characters. So increasing this size to 128.
v1->v2:
It turns out that MAX_VM_OS_NAME_LEN usage in DM and HV are for
different use cases. So removing the macro from acrn_common.h.
Definied macro MAX_VMNAME_LEN for DM purposes in dm.h. Retaining
original macron name MAX_VM_OS_NAME_LEN for HV purposes but defined
in vm_config.h.
Tracked-On: #3138
Signed-off-by: Vijay Dhanraj <vijay.dhanraj@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch add one new parameter --rtvm to indicate if the guest is a RTVM or not.
For RTVM, it may be not interference by SOS.
Tracked-On: #2865
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- don't generate io apic entry for vm with lapic pt.
Tracked-On: #2351
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The patch fix some string operations issues and also improve readability
of several snippet.
Tracked-On: #2133
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Use '--ovmf <OVMF image location>' when launching acrn-dm.
Tracked-On: #1832
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Generic infrastructure for loading BIOS/ROM and providing EPT pages at
High BIOS region.
The size of High BIOS is rounded up to a multiple of 2MB.
v2 -> v3:
- refine mmap_hugetlbfs* to reduce code replication
v1 -> v2:
- make this code generic instead of OVMF-specific
Tracked-On: #1832
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Physical NIC mac address is used for generate UOS mac address.
This patch uses a new parameters to pass this information
instead of vm name.
Tracked-On: #1987
Signed-off-by: Jie Deng <jie.deng@intel.com>
Acked-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
paddr_guest2host has same function with dm_gpa2hva. And There is no
usage of dm_gpa2hva. Remove it.
Tracked-On: #1595
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Fengwei Yin <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch addes the debugexit function to DM. If it's enabled
by DM cmdline (by add --debugexit), the guest could write a
32bit value to port 0xF4 to trigger guest shutdown.
Tracked-on: #1465
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch adds a simple 32bit static elf binary loader to acrn DM.
And if the elf binary follow multiboot protocol, only memory info
will be included in multiboot info.
Tracked-On: #1465
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This is the counterpart in DM to the VHM request state update in the
hypervisor. Major changes include:
* Remove accesses to the obsolete 'valid' member.
* Access the 'processed' member using atomic operations.
* Sync the documentation on vhm_request.
In addition, the new state transition also requires a VHM request to be always
handled properly, as there is no 'FAILED' state any more. Instead of crashing
the device model (and thus the UOS as well), the device model should return all
1s or ignore the request when it is to load from or store to an invalid address,
respectively.
Note: there is an issue in vm_system_reset() and vm_suspend_resume() where
completed VHM requests are not properly notified, causing the hypervisor to
complain as it sees uncompleted requests while trying to create a new one. This
issue will be resolved in a separate patch.
v1 -> v2:
* Use macro-defined constants for the default values for invalid PIO/MMIO
reads.
* Change the return type of vmexit_handler_t in DM to void as the return
values are no longer necessary.
* Remove VM_EXITCODE that are no longer used.
Tracked-On: #875
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Current option of removing vGSI capability is global, which exposes
vIOAPIC link for all ptdev even only one need this. This patch makes
it as ptdev local option to lower the system level impact. To keep
vGSI for MSI capable ptdev, just explicitly append ",keep_gsi" in
option list, like "-s 14,passthru,0/e/0,keep_gsi"
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
With '--ptdev_no_reset', DM doen not abort but warn when assign PCIe
dev without reset capability.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Following functions have never been used anywhere.
Let's remove them.
fbsdrun_muxed()
fbsdrun_vmexit_on_hlt()
fbsdrun_vmexit_on_pause()
fbsdrun_disable_x2apic()
Remove weird prefix "fbsdrun" from following functions' name.
fbsdrun_virtio_msix() --> virtio_uses_msix()
fbsdrun_start_thread() --> start_thread()
Signed-off-by: Jie Deng <jie.deng@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove weird prefix "fbsdrun" from the function name.
Since "fbsdrun_addcpu" has never been called by external
functions, Let's remove its declaration from "dm.h" and
make it as a static function to keep consistency with
"fbsdrun_deletecpu".
Signed-off-by: Jie Deng <jie.deng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The trusty enabled or not will be passed to HV
with create vm hypercall. It's passed to vSBL within
config page also.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There are two things here:
1. Enable basic vsbl boot functionality.
2. add long option to DM to specific vsbl file. So DM could
choice to boot guest with vsbl.
It's hard to find a suitable short option. So only long option
is supported for vsbl file name option.
If long option "--vsbl='vsbl_file_name'" is given in DM
commandline, the "vsbl_file_name" will be loaded by DM
first and running. vsbl will be response to lead guest to
next boot stage.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Yuan Liu