- enable NX feature in hypervisor:
1. Set 'XD' bit for all pages, including pages for guests
when initialize MMU tables in hypervisor.
2. remove 'XD' bit for pages that contain hypervisor instructions.
3. enable MSR EFER.NXE,which will enable page access restriction by
preventing instruction fetches form pages with XD bit set.
- remove "-Wl -z noexecstack" GCC flag option in hypervisor
Makefile as it would not affect stack attribute in hyervisor,
which setup stack itself, instead of by loader.
Tracked-On: #1122
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
EV_MSC is configured as INPUT_PASS_TO_ALL in input driver. There is
a loop in the use case of virtio-input. They should not be forwarded
back to BE since they have already been sent to native driver before
sending to FE.
Tracked-On: #2006
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
To fix the issue that watchdog reset hang issue. At previous change,
we assume the reset comes from guest. But watchdog reset or dm killed
by signal is different. It's possible the vm_loop stick on ioreq
attaching.
The new fixing has two parts:
- fixing from kernel side to remove the race issue in ioreq attach,
req_complete_notify and client destory.
- Move the client destroy before waiting of vm_loop exit.
Tracked-On: #1986
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Liu Shuo <shuo.a.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
1. change its APIs as more indepentent, and modify the callers' code
2. limit its global variables as static, and return const to the callers
3. remove unused code in "CONFIG_CMA"
Tracked-On: #1842
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. e820 is modulized as separated files.
2. move boot_regs into multiboot.h as it's related with
multiboot info header
Tracked-On: #1842
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch adds the runC container config file, we will run acrn-dm
in runC container, and set acrn QoS parameters based on runC.
In the config file we mount SOS root directory to the container and
disable network/mount/ipc namespace.
Tracked-On: projectacrn/acrn-hypervisor#2020
Signed-off-by: Long Liu <long.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
After mutiple usb devices send enable slot commnad and get slot id each
other, address device setup flow is not sorted by slot id. According to
current design, it will casue assert failure. This patch takes off this
restriction.
Tracked-On: #2017
Signed-off-by: Yang Liang <liang3.yang@intel.com>
Reviewed-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
based on previous patch, we can move idt.S and idt.h out of boot component
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
we will not enable interrupt until interrupt_init, so we can defer idt
fixup and lidt to interrupt_init.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
we are not using ldt, so just init fs & gs with 0x10 which lead to
data segement descriptor in gdt.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There is a bug to run 'acrnctl add /[path]/script.sh', when the
launch script has an absolute path. Acrnctl will generate wrong path
for temp files and fail to add VM.
And message '/opt/acrn/conf: No such file or directory' always comes
out, until user once successfully run 'acrnctl add' cmd. That is reported
by _scan_added_vm(), because 'opt/acrn' is missing, only 'acrnctl add'
can create it, we should also check it in _scan_added_vm().
Tracked-On: #2013
Acked-by: Yan, Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
Currently there are two fields in ext_context to emulate IA32_PAT MSR:
- ia32_pat: hold the value of the emulated IA32_PAT MSR
- vmx_ia32_pat: used for load/store IA32_PAT MSR during world switch
This patch moves ext_context->ia32_pat to the common placeholder for
emulated MSRs acrn_vcpu_arch->guest_msrs[].
Also it renames ext_context->vmx_ia32_pat to ext_context->ia32_pat to
retain same naming convention in struct ext_context.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- implement unified APIs to access guest_msrs[] under struct acrn_vcpu.
- use these new APIs to read/write emulated TSC_DEADLINE MSR
- switch world_msrs[] and guest_msrs[] during world switch for MSRs that
need world isolation
- remove the old guest_msrs[] array and it's index macros.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Create two arrays for emulated MSRs:
- guest_msrs[] in struct acrn_vcpu_arch: emulation for all MSRs that are
included in emulated_guest_msrs[].
- world_msrs[] in struct cpu_context: it has separate copies for secure and
normal world for those MSRs that are in the first NUM_WORLD_MSRS entries
in emulated_guest_msrs[].
Split vmsr.c/emulated_msrs[] into 3 smaller arrays:
- emulated_guest_msrs[]: corresponding MSRs are emulated in guest_msrs[]
- mtrr_msrs[]: emulated MTRRs are saved in vMTRR module
- unsupported_msrs[]: GP for any guest accesses
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Pass teardown callback when add mevent in mei mediator code.
Which could avoid run_callback calling after the related data
structure is freed.
Tracked-On: #1877
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
There is one race issue between mevent callback (which is called
in mevent_dispatch thread) and mevent_delete (which could be called
in dev thread). And the callback is called after mevent_delete.
libevent have the exactly same issue. The issue is decripted here:
https://github.com/libevent/libevent/blob/master/whatsnew-2.1.txt
The fixing is:
We introduce a teardown callback to mevent and make sure there is
no race issue between callback and teardown call.
This patch updates the mevent API and the caller as well.
Tracked-On: #1877
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Peter, Thomas and Shuo raised one race issue in mevent_del. It
happens like following:
Thread mevent_dispatch Thread
mevent_delete_event
epoll_ctl_del
free(evp)
mevent_handle with freed evp
The fixing is adding sync between mevent_delete_event and
mevent_handle in mevent_dispatch.
Thread mevent_dispatch Thread
mevent_delete_event
add evp to del_list
notify mevent_dispatch
return
mevent_handle
Remove evp from del_list
Remove evp from epoll_fd
closefd()
free(evp)
Tracked-On: #1877
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
this patch is for updating path of the UOS image in launch_uos.sh script to adapt latest getting started guide,
Tracked-On: #2003
Signed-off-by: Ailun258 <ailin.yang@intel.com>
Use these operators in an expression is considered dangerous.
So avoid to use it in an expression which is not in stand-alone
expressions and the 3rd expression of a for loop.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reassign reference parameter may lead to possibly serious errors
and unmaintainability. This patch wants to fix this by avoiding
do this.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Identifier reuse may arise confusion. So should minimize the case of it
as much as possible. This patch is try to do this except the PCI related
module.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
MISRAC requires that the array size should be declared explicitly.
Tracked-On: #861
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1, changed Clear Linux installation from "automatically" to "manually"
2, removed bundle "soft-defined-cockpit" installation
3, removed bundle "openssh-server" installation
4, add a bundle"desktop-autostart" as the default installation. so that a desktop is showing for the first time reboot after setup done
5, add a non room user with “sudoers” privilege to avoid using root directly
6, removed section "Device Manager memory allocation mechanism"
Tracked-On: #1794
Signed-off-by: ailun258 <ailin.yang@intel.com>
Change background colors of API elements to improve readability and
match configuration documentation look.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The tpm patch delete the "break" for CMD_OPT_DEBUGEXIT branch.
Tracked-On: #1978
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Hypervisor uses '-O2' compiler option,
it will omit frame pointer by default for '-O2',
This patch add 'no-omit-frame-pointer' in debug version.
Tracked-On: #1979
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Implicit conversion may result in loss of information or undefined behaviour.
So make it with explicit conversion.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
There may the theoretic infinite loop with some code. But actually it doesn't.
This patch make these code more obvious it's not a potentially infinite loop.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
_FORTIFY_SOURCE is a Glibc feature which adds memory
and string function protection, this flag is only for
Glibc. The _FORTIFY_SOURCE is not used by hypervisor
because hypervisor is not include Glibc.
Tracked-On: #1122
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
If module acrn_hvlog is configured as "m" and we don't insert it before
launching acrnlog tool, acrnlog will run normally instead of throw
out an error in current implementation. And no log files are generated.
It will cause confusing here.
So, this patch throw out an error massage to user about the absence of acrn
hvlog devices.
BTW, this patch replaces cpuid/num related concept to devid/cnt which is more
suitable for /dev/acrn_hvlog_xxx.
Tracked-On: #1975
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Yan, Like <like.yan@intel.com>
Li, Fei1