OrgACRN
/
acrn-hypervisor
mirror of https://github.com/projectacrn/acrn-hypervisor.git
1
0
Fork 0
Code Issues Releases Wiki Activity
6,463 Commits 48 Branches 666 Tags 233 MiB
C 71.5%
Python 17.9%
JavaScript 2.7%
Vue 2%
XSLT 1.5%
Other 4.4%
Go to file
Shiqing Gao 651d44432c hv: initialize the XSAVE related processor state for guest 
If SOS is using kernel 5.4, hypervisor got panic with #GP.

Here is an example on KBL showing how the panic occurs when kernel 5.4 is used:
Notes:
 * Physical MSR_IA32_XSS[bit 8] is 1 when physical CPU boots up.
 * vcpu_get_guest_msr(vcpu, MSR_IA32_XSS)[bit 8] is initialized to 0.

Following thread switches would happen at run time:
1. idle thread -> vcpu thread
   context_switch_in happens and rstore_xsave_area is called.
   At this moment, vcpu->arch.xsave_enabled is false as vcpu is not launched yet
   and init_vmcs is not called yet (where xsave_enabled is set to true).
   Thus, physical MSR_IA32_XSS is not updated with the value of guest MSR_IA32_XSS.

   States at this point:
    * Physical MSR_IA32_XSS[bit 8] is 1.
    * vcpu_get_guest_msr(vcpu, MSR_IA32_XSS)[bit 8] is 0.

2. vcpu thread -> idle thread
   context_switch_out happens and save_xsave_area is called.
   At this moment, vcpu->arch.xsave_enabled is true. Processor state is saved
   to memory with XSAVES instruction. As physical MSR_IA32_XSS[bit 8] is 1,
   ectx->xs_area.xsave_hdr.hdr.xcomp_bv[bit 8] is set to 1 after the execution
   of XSAVES instruction.

   States at this point:
    * Physical MSR_IA32_XSS[bit 8] is 1.
    * vcpu_get_guest_msr(vcpu, MSR_IA32_XSS)[bit 8] is 0.
    * ectx->xs_area.xsave_hdr.hdr.xcomp_bv[bit 8] is 1.

3. idle thread -> vcpu thread
   context_switch_in happens and rstore_xsave_area is called.
   At this moment, vcpu->arch.xsave_enabled is true. Physical MSR_IA32_XSS is
   updated with the value of guest MSR_IA32_XSS, which is 0.

   States at this point:
    * Physical MSR_IA32_XSS[bit 8] is 0.
    * vcpu_get_guest_msr(vcpu, MSR_IA32_XSS)[bit 8] is 0.
    * ectx->xs_area.xsave_hdr.hdr.xcomp_bv[bit 8] is 1.

   Processor state is restored from memory with XRSTORS instruction afterwards.
   According to SDM Vol1 13.12 OPERATION OF XRSTORS, a #GP occurs if XCOMP_BV
   sets a bit in the range 62:0 that is not set in XCR0 | IA32_XSS.
   So, #GP occurs once XRSTORS instruction is executed.

Such issue does not happen with kernel 5.10. Because kernel 5.10 writes to
MSR_IA32_XSS during initialization, while kernel 5.4 does not do such write.
Once guest writes to MSR_IA32_XSS, it would be trapped to hypervisor, then,
physical MSR_IA32_XSS and the value of MSR_IA32_XSS in vcpu->arch.guest_msrs
are updated with the value specified by guest. So, in the point 2 above,
correct processor state is saved. And #GP would not happen in the point 3.

This patch initializes the XSAVE related processor state for guest.
If vcpu is not launched yet, the processor state is initialized according to
the initial value of vcpu_get_guest_msr(vcpu, MSR_IA32_XSS), ectx->xcr0,
and ectx->xs_area. With this approach, the physical processor state is
consistent with the one presented to guest.

Tracked-On: #6434

Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Li Fei1 <fei1.li@intel.com>
 		2021-08-20 09:46:09 +08:00
.github/ISSUE_TEMPLATE Update bug_report.md 2020-07-23 22:50:26 +08:00
devicemodel ACRN:DM: Fix the Null pointer error 2021-08-20 07:55:25 +08:00
doc doc: update configuration tool names 2021-08-19 16:34:08 -07:00
hypervisor hv: initialize the XSAVE related processor state for guest 2021-08-20 09:46:09 +08:00
misc config_tools: update lpc slot number in script 2021-08-20 08:07:43 +08:00
.checkpatch.conf checkpatch: fix the line limit back to 120 2018-10-29 14:10:22 +08:00
.clang-format config_tools: update clang-format file 2021-06-11 12:59:03 +08:00
.gitignore doc: update doc generation tooling to only work within the $BUILDDIR 2019-10-14 17:26:48 -04:00
CODEOWNERS doc: update CODEOWNERS for tech docs 2021-02-01 16:48:08 +08:00
LICENSE doc: update LICENSE copyright years 2020-12-18 15:12:18 +08:00
Makefile Makefile:add targz-pkg entry in Makefile 2021-08-09 11:52:27 +08:00
README.rst doc: Update address to report security vulnerability 2021-07-13 16:24:46 -07:00
VERSION version: 2.6-unstable 2021-06-25 14:45:38 +08:00
paths.make use variables for installation directories. 2020-06-05 15:25:12 +08:00

README.rst 

Project ACRN Embedded Hypervisor
################################


.. raw:: html

   <img src="doc/images/ACRN_Logo_PrimaryLockup_COLOR-300x300-1.png"
   height="175px" align="right">

The open source project ACRN defines a device hypervisor reference stack
and an architecture for running multiple software subsystems, managed
securely, on a consolidated system by means of a virtual machine
manager. It also defines a reference framework implementation for
virtual device emulation, called the "ACRN Device Model".

The ACRN Hypervisor is a Type 1 reference hypervisor stack, running
directly on the bare-metal hardware, and is suitable for a variety of
IoT and embedded device solutions. The ACRN hypervisor addresses the
gap that currently exists between datacenter hypervisors, and hard
partitioning hypervisors. The ACRN hypervisor architecture partitions
the system into different functional domains, with carefully selected
guest OS sharing optimizations for IoT and embedded devices.

.. start_include_here

Community Support
*****************

The Project ACRN Developer Community includes developers from member
organizations and the general community all joining in the development of
software within the project. Members contribute and discuss ideas,
submit bugs and bug fixes. They also help those in need
through the community's forums such as mailing lists and IRC channels. Anyone
can join the developer community and the community is always willing to help
its members and the User Community to get the most out of Project ACRN.

Welcome to the project ARCN community!

We're now holding weekly Technical Community Meetings and encourage you
to call in and learn more about the project. Meeting information is on
the `TCM Meeting page`_ in our `ACRN wiki <https://wiki.projectacrn.org/>`_.

.. _TCM Meeting page:
   https://github.com/projectacrn/acrn-hypervisor/wiki/ACRN-Committee-and-Working-Group-Meetings#technical-community-meetings

Resources
*********

Here's a quick summary of resources to find your way around the Project
ACRN support systems:

* **Project ACRN Website**: The https://projectacrn.org website is the
  central source of information about the project. On this site, you'll
  find background and current information about the project as well as
  relevant links to project material.  For a quick start, refer to the
  `Introduction`_ and `Getting Started Guide`_.

* **Source Code in GitHub**: Project ACRN source code is maintained on a
  public GitHub repository at https://github.com/projectacrn/acrn-hypervisor.
  You'll find information about getting access to the repository and how to
  contribute to the project in this `Contribution Guide`_ document.

* **Documentation**: Project technical documentation is developed
  along with the project's code, and can be found at
  https://projectacrn.github.io.  Additional documentation is maintained in
  the `Project ACRN GitHub wiki`_.

* **Issue Reporting and Tracking**: Requirements and Issue tracking is done in
  the Github issues system: https://github.com/projectacrn/acrn-hypervisor/issues.
  You can browse through the reported issues and submit issues of your own.

* **Reporting a Potential Security Vulnerability**: If you have discovered potential
  security vulnerability in ACRN, please send an e-mail to acrn-security@lists.projectacrn.org.

  It is important to include the following details:

  - The projects and versions affected
  - Detailed description of the vulnerability
  - Information on known exploits

* **Mailing List**: The `Project ACRN Development mailing list`_ is perhaps the most convenient
  way to track developer discussions and to ask your own support questions to
  the project ACRN community.  There are also specific `ACRN mailing list
  subgroups`_ for builds, users, and Technical
  Steering Committee notes, for example.
  You can read through the message archives to follow
  past posts and discussions, a good thing to do to discover more about the
  project.


.. _Introduction: https://projectacrn.github.io/latest/introduction/
.. _Getting Started Guide: https://projectacrn.github.io/latest/getting-started/
.. _Contribution Guide: https://projectacrn.github.io/latest/contribute.html
.. _Project ACRN GitHub wiki: https://github.com/projectacrn/acrn-hypervisor/wiki
.. _PGP Key: https://www.intel.com/content/www/us/en/security-center/pgp-public-key.html
.. _vulnerability handling guidelines:
   https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html
.. _Project ACRN Development mailing list: https://lists.projectacrn.org/g/acrn-dev
.. _ACRN mailing list subgroups: https://lists.projectacrn.org/g/main/subgroups