RTVM is enforced to use 4KB pages to mitigate CVE-2018-12207 and performance jitter,
which may be introduced by splitting large page into 4KB pages on demand. It works
fine in previous hardware platform where the size of address space for the RTVM is
relatively small. However, this is a problem when the platforms support 64 bits
high MMIO space, which could be super large and therefore consumes large # of
EPT page table pages.
This patch optimize it by using large page for purely data pages, such as MMIO spaces,
even for the RTVM.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Tracked-On: #5788
To mitigate the page size change MCE vulnerability (CVE-2018-12207), ACRN would
clear the execution permission in the EPT paging-structure entries for large pages
and then intercept an EPT execution-permission violation caused by an attempt to
execution an instruction in the guest.
However, the current code would clear the execution permission in the EPT paging-
structure entries for small pages too when we clearing the the execution permission
for large pages. This would trigger extra EPT violation VM exits.
This patch fix this issue.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Tracked-On: #5788
This patch allows the invocation of configuration-related hypervisor
targets from the top-level Makefile. The configuration summary is now
reported by the hypervisor rather than inspecting the variables directly.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The top-level Makefile should not define any default value as the
hypervisor may have its own configurations set by previous builds.
This patch also changes the hypervisor default RELEASE to `n`.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch resolves the following bugs that break the targets `diffconfig`
and `applydiffconfig`:
- Comments after variable definitions cause the varaible to contain
unintended trailing whitespaces.
- HV_CONFIG_XML is no longer defined; it is now HV_SCENARIO_XML.
- '*.asl' files are also generated and should be involved when comparing
the generated configuration files.
- Strings between diacritic marks (`) are intepreted as shell commands
even they are part of informative messages.
- HV_DIFFCONFIG_LIST should not contain duplicated lines.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
For clarity, we now prefer y|n over 0|1 as the values of boolean options on
make command lines. This patch applies this preference to the Makefile of
the device model and tools, while RELEASE=0|1 is still supported for
backward compatibility.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
We already passes BOARD, SCENARIO and RELEASE to recursive `make`, which
makes it unnecessary to export those variables. This patch explicitly
passes TOOLS_OUT as well and removes the explicit export for clarity.
Tracked-On: #5772
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Update the 'acrn-dm' usage information. It is displayed when using
'-h' or when an argument parsing error occured but was not up-to-date
with the actual implementation.
Tracked-On: #5781
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Update the list of arguments and parameters that the ACRN
Device Model ('acrn-dm') can take.
Tracked-On: #5781
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Monitor the listening socket in SOS mode and close any additional
connections after a socket connection is established. This ensures no
more than one post-launched VM can establish a pm_vuart channel.
Tracked-On: #5736
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
- Exit main() if pm_by_vuart_init() fails
- Use SIGHUP to gracefully power off a VM if pm_monitor_loop()
encounters a failure
- Identify a closed socket as a failure in pm_monitor_loop()
Tracked-On: #5736
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
SOS_RAM_SIZE/UOS_RAM_SIZE Kconfig are only used to calculate how many pages we
should reserve for the VM EPT mapping.
Now we reserve pages for each VM EPT pagetable mapping by the PLATFORM_RAM_SIZE
not the VM RAM SIZE. This could simplify the reserve logic for us: not need to
take care variable corner cases. We could make assume we reserve enough pages
base on the VM could not use the resources beyond the platform hardware resources.
So remove these two unused VM ram size kconfig.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Tracked-On: #5788
Add free_page to free page when unmap pagetable.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Tracked-On: #5788
For FuSa's case, we remove all dynamic memory allocation use in ACRN HV. Instead,
we use static memory allocation or embedded data structure. For pagetable page,
we prefer to use an index (hva for MMU, gpa for EPT) to get a page from a special
page pool. The special page pool should be big enougn for each possible index.
This is not a big problem when we don't support 64 bits MMIO. Without 64 bits MMIO
support, we could use the index to search addrss not larger than DRAM_SIZE + 4G.
However, if ACRN plan to support 64 bits MMIO in SOS, we could not use the static
memory alocation any more. This is because there's a very huge hole between the
top DRAM address and the bottom 64 bits MMIO address. We could not reserve such
many pages for pagetable mapping as the CPU physical address bits may very large.
This patch will use dynamic page allocation for pagetable mapping. We also need
reserve a big enough page pool at first. For HV MMU, we don't use 4K granularity
page table mapping, we need reserve PML4, PDPT and PD pages according the maximum
physical address space (PPT va and pa are identical mapping); For each VM EPT,
we reserve PML4, PDPT and PD pages according to the maximum physical address space
too, (the EPT address sapce can't beyond the physical address space), and we reserve
PT pages by real use cases of DRAM, low MMIO and high MMIO.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Tracked-On: #5788
memory_ops structure will be changed to store page table related fields.
However, secure world memory base address is not one of them, it's VM
related. So save sworld_memory_base_hva in vm_arch structure directly.
Signed-off-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Tracked-On: #5788
Remove the the vuart1(tty) and vuart1(pty) poweroff channel from default
non-windows uos launch script xmls.
Tracked-On: #5736
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Current memory allocation algorithm is to find the available address from
the highest possible address below max_address. If the function returns 0,
means all memory is used up and we have to put the resource at address 0,
this is dangerous for a running hypervisor.
Also returns 0 would make code logic very complicated, since memcpy_s()
doesn't support address 0 copy.
Tracked-On: #5626
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
In previous code, the rsdp initialization is done in get_rsdp() api implicitly.
The function is called multiple times in following acpi table parsing functions
and the condition (rsdp == NULL) need to be added in each parsing function.
This is not needed since the panic would occur if rsdp is NULL when do acpi
initialization.
Tracked-On: #5626
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
In this way, all multiboot standard data structure could be found in
multiboot_std.h. The multiboot_priv.h stores all private definitions
and multiboot.h is the only public API header file.
Tracked-On: #5661
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
The "Enable GVT-d in ACRN" tutorial includes a number of rightwards
arrows. The source text used the "→" symbol for this but this
is not valid in ReST files. We add a substitution for this and use it
in the tutorial instead.
Tracked-On: #5769
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Loosen the restriction of IVSHMEM_REGION of xsd validation. An ivshmem
region can be shared by more than two vms.
Tracked-On: #5672
Signed-off-by: Yang,Yu-chu <yu-chu.yang@intel.com>
Remove obsolete kernel (i915) parameters from the Apollo Lake (APL)
board configurations.
Tracked-On: #5236
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Accessing to software SRAM region is not allowed when
software SRAM is pass-thru to prelaunch RTVM.
This patch removes software SRAM region from service VM
EPT if it is enabled for prelaunch RTVM.
Tracked-On: #5649
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
- Define 'PRE_RTVM_SW_SRAM_ENABLED' only if both
prelaunch RTVM and Software SRAM are configured in
current scenario.
- Define 'PRE_RTVM_SW_SRAM_BASE_GPA' and
'PRE_RTVM_SW_SRAM_END_GPA' only if
'PRE_RTVM_SW_SRAM_ENABLED' is defined.
Tracked-On: #5649
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Fixing an incorrect struct definition for ir_bits in ioapic_rte. Since bits after
the delivery status in the lower 32 bits are not touched by code,
this has never showed up as an issue. And the higher 32 bits in the RTE
are aligned by the compiler.
Tracked-On: #5773
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
After grand update of all titles to use title-case, we found some more
that needed a manual tweak.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
After grand update of all titles to use title-case, we found a few that
needed a manual tweak.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Some terms in the config option docs (Integer, Boolean) are being
flagged by one of our spell checking tools. Let's make it happy.
Tracked-On: #5692
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Horizontal lines were incorrectly removed during the processing for
using title case on all headings. Put them back.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
While we hoped to make the headings consistent over time while doing
other edits, we should instead just make the squirrels happy and do them
all at once or they'll likely never be made consistent.
A python script was used to find the headings, and then a call to
https://pypi.org/project/titlecase to transform the title. A visual
inspection was used to tweak a few unexpected resulting titles.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Update the tutorial on how to use OpenStack and libvirt:
* Use Ubuntu 20.04 as the host and the 'lxd' snap
* Use the Ubuntu Cloud image (instead of Clear Cloud image)
* Delete a screenshot that wasn't in use
Tracked-On: #5564
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
app
change generic folder to generic_board folder in config app according
to the reorg data folders and update the method to save xmls.
Tracked-On: #5723
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
update entry point address for pre-launched zephyr on ehl-crb-b;
update serial console to /dev/ttyS3 on ehl-crb-b.
Tracked-On: #5689
Signed-off-by: Shuang Zheng <shuang.zheng@intel.com>
Currently the VM bootargs load address is hard-coded at 8KB right before
kernel load address, this should work for Linux kernel only since Linux
kernel is guaranteed to be loadered high than GPA 8K so its load address
would never be overflowed, other OS like Zephyr has no such assumption.
Tracked-On: #5689
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Per ACPI 6.x chapter 6.1, "A device object must contain either an _HID object
or an _ADR object, but should not contain both."
Remove this object otherwise iasl would complain
"Warning 3073 - Multiple types ^ (Device object requires either a _HID
or _ADR, but not both)"
when launch post-launched VM in devicemodel.
Tracked-On: #5719
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Per ACPI 6.x chapter 19.6.109, the Processor Operator is deprecated.
Replace it with Device Operator, otherwise the iasl would complain
"Warning 3168 -
Legacy Processor() keyword detected. Use Device() keyword instead."
when launch post-launched VM in devicemodel.
Tracked-On: #5719
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
ivshmem spec says that the size of BAR0 is 256 bytes. Windows
ivshmem driver will check the size of BAR0. It will refuse to
load the ivshmem driver if BAR0 size is not 256.
For post-launched VM hv land ivshmem BARs are allocated by
device model. For pre-launched VM hv land ivshmem BARs are
allocated by acrn-config tool. Both device model and acrn-config
tool should make sure that the BAR base addr are aligned to 4K
at least.
Tracked-On: #5717
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
PCI spec said that BAR base should be naturally aligned. But on
ACRN if the bar size < PAGE_SIZE, BAR base should be aligned with
PAGE_SIZE. This is because the minimal size that EPT can map/unmap
is PAGE_SIZE.
Tracked-On: #5717
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Fei Li <fei1.li@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Use of :kbd: isn't appropriate as used and isn't rendered right. change
to inline codeblock notation instead.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Documentation mentions a specific Debian 10 ISO image version that no
longer exists. Update to indiate we validated with debian_10.1.0 but
newer versions should also work.
Tracked-On: #5408
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Li Fei1