diff options
47 files changed, 4122 insertions, 4 deletions
diff --git a/meta-agl-devel.md b/meta-agl-devel.md index 528981a0..757eeec3 100755 --- a/meta-agl-devel.md +++ b/meta-agl-devel.md @@ -27,7 +27,8 @@ The following list provides a summary of these sub-layers: * `meta-speech-framework`: Provides libraries and software packages needed by for speech recognition. -* `meta-agl-jailhouse`: +* `meta-agl-jailhouse`: Provides Jailhouse partitioning hypervisor and + supporting packages. * `templates`: Feature templates that support the `meta-agl-devel` layer. diff --git a/meta-agl-jailhouse/README.md b/meta-agl-jailhouse/README.md index 395b49d4..fb0a3d42 100644 --- a/meta-agl-jailhouse/README.md +++ b/meta-agl-jailhouse/README.md @@ -1,4 +1,44 @@ -JAILHOUSE SUPPORT LAYER ------------------------ +# Jailhouse support layer + +Yocto layer that enables use of the Jailhouse partitioning hypervisor - <https://github.com/siemens/jailhouse>. + +## How to use + +The AGL feature `agl-jailhouse` has to be enabled. That needs to be done when including aglsetup.sh, for example: + + source meta-agl/scripts/aglsetup.sh -m raspberrypi4 agl-demo agl-netboot agl-appfw-smack agl-jailhouse + +That will enable this layer and include the `jailhouse` package in the image. + +Then, in the target system, the cell configurations (*.cell) are placed in `/usr/share/jailhouse/cells/` and the demo inmates (bare-metal applications to run in a non-root cell) are located in `/usr/share/jailhouse/inmates`. + +## Raspberry Pi 4 example + +Use this commands to enable Jailhouse and run the GIC demo inmate in a non-root cell. After issuing these commands, the GIC demo will be mesauring jitter of a timer and print the output on the serial console of the RPi. + + jailhouse enable /usr/share/jailhouse/cells/rpi4.cell + jailhouse cell create /usr/share/jailhouse/cells/rpi4-inmate-demo.cell + jailhouse cell load inmate-demo /usr/share/jailhouse/inmates/gic-demo.bin + jailhouse cell start inmate-demo + +## Dependencies + +This layer depends on: + +* URI: git://git.yoctoproject.org/meta-arm + * branch: dunfell + * revision: 0bd9c740267c0926e89bcfdb489790b7bf1fbd4b + * note: actually only required on the Raspberry Pi 4 target + +## Supported targets + +* Raspberry Pi 4 + * Currently only the 1 GB RAM variant. The other ones will work too, + but will be limited to 1 GB of memory. + +* QEMU x86-64 + * Work in progress. Requires KVM. Nested virtualization must be enabled on the host. Currently, the right configuration of QEMU and Jailhouse to work out-of-box is being worked on. + + + -to be written diff --git a/meta-agl-jailhouse/conf/layer.conf b/meta-agl-jailhouse/conf/layer.conf new file mode 100644 index 00000000..2031e788 --- /dev/null +++ b/meta-agl-jailhouse/conf/layer.conf @@ -0,0 +1,23 @@ +# We have a conf and classes directory, append to BBPATH +BBPATH .= ":${LAYERDIR}" + +# We have a recipes directory, add to BBFILES +BBFILES += "${LAYERDIR}/recipes*/*/*.bb ${LAYERDIR}/recipes*/*/*.bbappend" + +BBFILE_COLLECTIONS += "agl-jailhouse" +BBFILE_PATTERN_agl-jailhouse := "^${LAYERDIR}/" +BBFILE_PRIORITY_agl-jailhouse = "61" + +# This should only be incremented on significant changes that will +# cause compatibility issues with other layers +LAYERVERSION_agl-jailhouse = "1" +LAYERSERIES_COMPAT_agl-jailhouse = "dunfell" + +# This is only needed for Raspberry Pi +# TODO: can this be expressed dynamically? +LAYERDEPENDS_agl-jailhouse = "meta-arm" + +BBFILES_DYNAMIC += " \ + raspberrypi:${LAYERDIR}/dynamic-layers/raspberrypi/*/*/*.bbappend \ +" + diff --git a/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-bsp/bootfiles/rpi-config_git.bbappend b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-bsp/bootfiles/rpi-config_git.bbappend new file mode 100644 index 00000000..178c982a --- /dev/null +++ b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-bsp/bootfiles/rpi-config_git.bbappend @@ -0,0 +1,27 @@ + +do_deploy_append_raspberrypi4() { + # if ARMSTUB is set, it should be set in config.txt by earlier recipes, so replace it + if [ -n "${ARMSTUB}" ]; then + sed -i 's/^armstub=.*/armstub=bl31.bin/' ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + + if ! grep '^enable_gic' config.txt; then + sed -i 's/^enable_gic=.*/enable_gic=1/' ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + else + echo "enable_gic=1" >> ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + fi + + # otherwise, set it + else + echo "# ARM stub configuration" >> ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + echo "armstub=bl31.bin" >> ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + echo "enable_gic=1" >> ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + fi + + sed -i -e "s#dtoverlay=mcp2515.*##g" ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + echo "# Enable CAN (Waveshare RS485 CAN HAT)" >> ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + echo "dtoverlay=mcp2515-can0,oscillator=8000000,interrupt=25,spimaxfrequency=1000000" >> ${DEPLOYDIR}/bcm2835-bootfiles/config.txt + + +} + + diff --git a/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend new file mode 100644 index 00000000..158eb6e8 --- /dev/null +++ b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend @@ -0,0 +1,21 @@ +COMPATIBLE_MACHINE = "raspberrypi4" +TFA_BUILD_TARGET = "bl31" +TFA_PLATFORM = "rpi4" + +# Skip installing the binary into /lib/firmware. We only need it on the boot +# partition that is generated from the files in DEPLOYDIR +do_install[noexec] = "1" + +FILES_${PN} = "" + +do_deploy() { + if ${@"true" if d.getVar('TFA_DEBUG') == '1' else "false"}; then + BUILD_PLAT=${B}/${BUILD_DIR}/debug/ + else + BUILD_PLAT=${B}/${BUILD_DIR}/release/ + fi + + install -d ${DEPLOYDIR}/bcm2835-bootfiles + cp ${BUILD_PLAT}/bl31.bin ${DEPLOYDIR}/bcm2835-bootfiles/bl31.bin +} + diff --git a/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-extended/jailhouse/jailhouse_%.bbappend b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-extended/jailhouse/jailhouse_%.bbappend new file mode 100644 index 00000000..1d8ea6b7 --- /dev/null +++ b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-extended/jailhouse/jailhouse_%.bbappend @@ -0,0 +1,2 @@ +DEPENDS_append_raspberrypi4 = " trusted-firmware-a" + diff --git a/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend new file mode 100644 index 00000000..0616c06e --- /dev/null +++ b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-raspberrypi_%.bbappend @@ -0,0 +1,2 @@ +# required for Jailhouse to work with the supplied cell confiugrations +CMDLINE_append = " mem=768M"
\ No newline at end of file diff --git a/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.4%.bbappend b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.4%.bbappend new file mode 100644 index 00000000..7e37d21b --- /dev/null +++ b/meta-agl-jailhouse/dynamic-layers/raspberrypi/recipes-kernel/linux/linux-raspberrypi_5.4%.bbappend @@ -0,0 +1,4 @@ +LINUX_VERSION = "5.4.51" +SRCREV = "2c8ec3bb4403a7c76c22ec6d3d5fc4b2a366024e" + +require recipes-kernel/linux/linux-jailhouse-5.4.inc diff --git a/meta-agl-jailhouse/recipes-extended/jailhouse/jailhouse-arch.inc b/meta-agl-jailhouse/recipes-extended/jailhouse/jailhouse-arch.inc new file mode 100644 index 00000000..498b25ed --- /dev/null +++ b/meta-agl-jailhouse/recipes-extended/jailhouse/jailhouse-arch.inc @@ -0,0 +1,22 @@ +# Set jailhouse architecture JH_ARCH variable +# +# return value must match one of architectures supported by jailhouse +# +valid_jh_archs = "x86 arm" + +def map_jh_arch(a, d): + import re + + valid_jh_archs = d.getVar('valid_jh_archs', True).split() + + if re.match('(i.86|athlon|x86.64)$', a): return 'x86' + elif re.match('armeb$', a): return 'arm' + elif re.match('aarch64$', a): return 'arm64' + elif re.match('aarch64_be$', a): return 'arm64' + elif a in valid_jh_archs: return a + else: + bb.error("cannot map '%s' to a jailhouse supported architecture" % a) + +export JH_ARCH = "${@map_jh_arch(d.getVar('TARGET_ARCH', True), d)}" + +COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" diff --git a/meta-agl-jailhouse/recipes-extended/jailhouse/jailhouse_git.bb b/meta-agl-jailhouse/recipes-extended/jailhouse/jailhouse_git.bb new file mode 100644 index 00000000..c17e5f48 --- /dev/null +++ b/meta-agl-jailhouse/recipes-extended/jailhouse/jailhouse_git.bb @@ -0,0 +1,77 @@ +SUMMARY = "Linux-based partitioning hypervisor" +DESCRIPTION = "Jailhouse is a partitioning Hypervisor based on Linux. It is able to run bare-metal applications or (adapted) \ +operating systems besides Linux. For this purpose, it configures CPU and device virtualization features of the hardware \ +platform in a way that none of these domains, called 'cells' here, can interfere with each other in an unacceptable way." +HOMEPAGE = "https://github.com/siemens/jailhouse" +SECTION = "jailhouse" +LICENSE = "GPL-2.0 & BSD-2-Clause" + +LIC_FILES_CHKSUM = " \ + file://COPYING;md5=9fa7f895f96bde2d47fd5b7d95b6ba4d \ +" + +SRCREV = "4ce7658dddfd5a1682a379d5ac46657e93fe1ff0" +PV = "0.12+git${SRCPV}" + +SRC_URI = "git://github.com/siemens/jailhouse" + +DEPENDS = "virtual/kernel dtc-native python3-mako-native make-native" + +require jailhouse-arch.inc +inherit module python3native bash-completion setuptools3 + +S = "${WORKDIR}/git" +B = "${S}" + +JH_DATADIR ?= "${datadir}/jailhouse" +JH_EXEC_DIR ?= "${libexecdir}/jailhouse" +CELL_DIR ?= "${JH_DATADIR}/cells" +INMATES_DIR ?= "${JH_DATADIR}/inmates" +DTS_DIR ?= "${JH_DATADIR}/cells/dts" + +JH_CELL_FILES ?= "*.cell" + +EXTRA_OEMAKE = "ARCH=${JH_ARCH} CROSS_COMPILE=${TARGET_PREFIX} CC="${CC}" KDIR=${STAGING_KERNEL_BUILDDIR}" + +do_configure() { + sed -i '1s|^#!/usr/bin/env python$|#!/usr/bin/env python3|' ${B}/tools/${BPN}-* +} + +do_compile() { + oe_runmake +} + +do_install() { + # Install pyjailhouse python modules needed by the tools + distutils3_do_install + + # We want to install the python tools, but we do not want to use pip... + # At least with v0.10, we can work around this with + # 'PIP=":" PYTHON_PIP_USEABLE=yes' + oe_runmake PIP=: PYTHON=python3 PYTHON_PIP_USEABLE=yes DESTDIR=${D} install + + install -d ${D}${CELL_DIR} + install -m 0644 ${B}/configs/${JH_ARCH}/${JH_CELL_FILES} ${D}${CELL_DIR}/ + + install -d ${D}${INMATES_DIR} + install -m 0644 ${B}/inmates/demos/${JH_ARCH}/*.bin ${D}${INMATES_DIR} + + if [ ${JH_ARCH} != "x86" ]; then + install -d ${D}${DTS_DIR} + install -m 0644 ${B}/configs/${JH_ARCH}/dts/*.dtb ${D}${DTS_DIR} + fi +} + +PACKAGE_BEFORE_PN = "kernel-module-jailhouse pyjailhouse ${PN}-tools ${PN}-demos" +FILES_${PN} = "${base_libdir}/firmware ${libexecdir} ${sbindir} ${JH_DATADIR}" +FILES_pyjailhouse = "${PYTHON_SITEPACKAGES_DIR}" +FILES_${PN}-tools = "${libexecdir}/${BPN}/${BPN}-* ${JH_DATADIR}/*.tmpl" +FILES_${PN}-demos = "${JH_DATADIR}/ ${sbindir}/ivshmem-demo" + +RDEPENDS_${PN}-tools = "pyjailhouse python3-mmap python3-math python3-datetime python3-curses python3-compression python3-mako" +RDEPENDS_pyjailhouse = "python3-core python3-ctypes python3-fcntl" +RDEPENDS_${PN}-demos = "jailhouse" + +RRECOMMENDS_${PN} = "${PN}-tools" + +KERNEL_MODULE_AUTOLOAD += "jailhouse" diff --git a/meta-agl-jailhouse/recipes-kernel/linux/linux-jailhouse-5.4.inc b/meta-agl-jailhouse/recipes-kernel/linux/linux-jailhouse-5.4.inc new file mode 100644 index 00000000..4b571ffd --- /dev/null +++ b/meta-agl-jailhouse/recipes-kernel/linux/linux-jailhouse-5.4.inc @@ -0,0 +1,39 @@ +FILESEXTRAPATHS_prepend := "${THISDIR}/linux:" + +SRC_URI_append = " file://jailhouse.cfg" + +SRC_URI_append = " \ +file://0001-x86-jailhouse-Improve-setup-data-version-comparison.patch \ +file://0002-x86-jailhouse-Only-enable-platform-UARTs-if-availabl.patch \ +file://0003-jailhouse-Add-simple-debug-console-via-the-hyperviso.patch \ +file://0004-arm-Export-__boot_cpu_mode-for-use-in-Jailhouse-driv.patch \ +file://0005-mm-Re-export-ioremap_page_range.patch \ +file://0006-arm-arm64-export-__hyp_stub_vectors.patch \ +file://0007-x86-Export-lapic_timer_period.patch \ +file://0008-arm64-dts-marvell-armada-37xx-Set-pci-domain.patch \ +file://0009-arm64-dts-marvell-armada-8030-mcbin-Set-pci-domain.patch \ +file://0010-uio-Enable-read-only-mappings.patch \ +file://0011-ivshmem-Add-header-file.patch \ +file://0012-uio-Add-driver-for-inter-VM-shared-memory-device.patch \ +file://0013-ivshmem-net-virtual-network-device-for-Jailhouse.patch \ +file://0014-ivshmem-net-Map-shmem-region-as-RAM.patch \ +file://0015-ivshmem-net-fix-race-in-state-machine.patch \ +file://0016-ivshmem-net-Remove-unused-variable.patch \ +file://0017-ivshmem-net-Enable-INTx.patch \ +file://0018-ivshmem-net-Improve-identification-of-resources.patch \ +file://0019-ivshmem-net-Switch-to-reset-state-on-each-net-stop-a.patch \ +file://0020-ivshmem-net-Add-ethtool-register-dump.patch \ +file://0021-ivshmem-net-Fix-stuck-state-machine-during-setup.patch \ +file://0022-ivshmem-net-Switch-to-relative-descriptor-addresses.patch \ +file://0023-ivshmem-net-Switch-to-pci_alloc_irq_vectors.patch \ +file://0024-ivshmem-net-fill-in-and-check-used-descriptor-chain-.patch \ +file://0025-ivshmem-net-slightly-improve-debug-output.patch \ +file://0026-ivshmem-net-set-and-check-descriptor-flags.patch \ +file://0027-ivshmem-net-add-MAC-changing-interface.patch \ +file://0028-ivshmem-net-Silence-compiler-warning.patch \ +file://0029-ivshmem-net-Fix-bogus-transition-to-RESET-state.patch \ +file://0030-ivshmem-net-Refactor-and-comment-ivshm_net_state_cha.patch \ +file://0031-ivshmem-net-Switch-to-netdev_xmit_more-helper.patch \ +file://0032-ivshmem-net-Adjust-to-reworked-version-of-ivshmem-in.patch \ +" + diff --git a/meta-agl-jailhouse/recipes-kernel/linux/linux-yocto_5.4%.bbappend b/meta-agl-jailhouse/recipes-kernel/linux/linux-yocto_5.4%.bbappend new file mode 100644 index 00000000..b13f1eb1 --- /dev/null +++ b/meta-agl-jailhouse/recipes-kernel/linux/linux-yocto_5.4%.bbappend @@ -0,0 +1 @@ +require recipes-kernel/linux/linux-jailhouse-5.4.inc diff --git a/meta-agl-jailhouse/recipes-kernel/linux/linux/0001-x86-jailhouse-Improve-setup-data-version-comparison.patch b/meta-agl-jailhouse/recipes-kernel/linux/linux/0001-x86-jailhouse-Improve-setup-data-version-comparison.patch new file mode 100644 index 00000000..6b5032df --- /dev/null +++ b/meta-agl-jailhouse/recipes-kernel/linux/linux/0001-x86-jailhouse-Improve-setup-data-version-comparison.patch @@ -0,0 +1,198 @@ +From d47ad4c29f1cd34aff896a88b3dfc4a861a15a6a Mon Sep 17 00:00:00 2001 +From: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de> +Date: Thu, 10 Oct 2019 12:21:01 +0200 +Subject: [PATCH 01/32] x86/jailhouse: Improve setup data version comparison + +Soon, setup_data will contain information on passed-through platform +UARTs. This requires some preparational work for the sanity check of the +header and the check of the version. + +Use the following strategy: + + 1. Ensure that the header declares at least enough space for the + version and the compatible_version as it must hold that fields for + any version. The location and semantics of header+version fields + will never change. + + 2. Copy over data -- as much as as possible. The length is either + limited by the header length or the length of setup_data. + + 3. Things are now in place -- sanity check if the header length + complies the actual version. + +For future versions of the setup_data, only step 3 requires alignment. + +Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de> +Signed-off-by: Borislav Petkov <bp@suse.de> +Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> +Cc: Baoquan He <bhe@redhat.com> +Cc: "H. Peter Anvin" <hpa@zytor.com> +Cc: Ingo Molnar <mingo@redhat.com> +Cc: jailhouse-dev@googlegroups.com +Cc: Juergen Gross <jgross@suse.com> +Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> +Cc: Thomas Gleixner <tglx@linutronix.de> +Cc: x86-ml <x86@kernel.org> +Link: https://lkml.kernel.org/r/20191010102102.421035-2-ralf.ramsauer@oth-regensburg.de +--- + arch/x86/include/uapi/asm/bootparam.h | 22 ++++++++------- + arch/x86/kernel/jailhouse.c | 51 ++++++++++++++++++++++------------- + 2 files changed, 45 insertions(+), 28 deletions(-) + +diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h +index c895df5482c5..43be437c9c71 100644 +--- a/arch/x86/include/uapi/asm/bootparam.h ++++ b/arch/x86/include/uapi/asm/bootparam.h +@@ -139,15 +139,19 @@ struct boot_e820_entry { + * setup data structure. + */ + struct jailhouse_setup_data { +- __u16 version; +- __u16 compatible_version; +- __u16 pm_timer_address; +- __u16 num_cpus; +- __u64 pci_mmconfig_base; +- __u32 tsc_khz; +- __u32 apic_khz; +- __u8 standard_ioapic; +- __u8 cpu_ids[255]; ++ struct { ++ __u16 version; ++ __u16 compatible_version; ++ } __attribute__((packed)) hdr; ++ struct { ++ __u16 pm_timer_address; ++ __u16 num_cpus; ++ __u64 pci_mmconfig_base; ++ __u32 tsc_khz; ++ __u32 apic_khz; ++ __u8 standard_ioapic; ++ __u8 cpu_ids[255]; ++ } __attribute__((packed)) v1; + } __attribute__((packed)); + + /* The so-called "zeropage" */ +diff --git a/arch/x86/kernel/jailhouse.c b/arch/x86/kernel/jailhouse.c +index 3ad34f01de2a..cf4eb37ad97b 100644 +--- a/arch/x86/kernel/jailhouse.c ++++ b/arch/x86/kernel/jailhouse.c +@@ -22,6 +22,8 @@ + #include <asm/jailhouse_para.h> + + static __initdata struct jailhouse_setup_data setup_data; ++#define SETUP_DATA_V1_LEN (sizeof(setup_data.hdr) + sizeof(setup_data.v1)) ++ + static unsigned int precalibrated_tsc_khz; + + static uint32_t jailhouse_cpuid_base(void) +@@ -45,7 +47,7 @@ static void jailhouse_get_wallclock(struct timespec64 *now) + + static void __init jailhouse_timer_init(void) + { +- lapic_timer_period = setup_data.apic_khz * (1000 / HZ); ++ lapic_timer_period = setup_data.v1.apic_khz * (1000 / HZ); + } + + static unsigned long jailhouse_get_tsc(void) +@@ -88,14 +90,14 @@ static void __init jailhouse_get_smp_config(unsigned int early) + + register_lapic_address(0xfee00000); + +- for (cpu = 0; cpu < setup_data.num_cpus; cpu++) { +- generic_processor_info(setup_data.cpu_ids[cpu], ++ for (cpu = 0; cpu < setup_data.v1.num_cpus; cpu++) { ++ generic_processor_info(setup_data.v1.cpu_ids[cpu], + boot_cpu_apic_version); + } + + smp_found_config = 1; + +- if (setup_data.standard_ioapic) { ++ if (setup_data.v1.standard_ioapic) { + mp_register_ioapic(0, 0xfec00000, gsi_top, &ioapic_cfg); + + /* Register 1:1 mapping for legacy UART IRQs 3 and 4 */ +@@ -126,9 +128,9 @@ static int __init jailhouse_pci_arch_init(void) + pcibios_last_bus = 0xff; + + #ifdef CONFIG_PCI_MMCONFIG +- if (setup_data.pci_mmconfig_base) { ++ if (setup_data.v1.pci_mmconfig_base) { + pci_mmconfig_add(0, 0, pcibios_last_bus, +- setup_data.pci_mmconfig_base); ++ setup_data.v1.pci_mmconfig_base); + pci_mmcfg_arch_init(); + } + #endif +@@ -139,6 +141,7 @@ static int __init jailhouse_pci_arch_init(void) + static void __init jailhouse_init_platform(void) + { + u64 pa_data = boot_params.hdr.setup_data; ++ unsigned long setup_data_len; + struct setup_data header; + void *mapping; + +@@ -163,16 +166,8 @@ static void __init jailhouse_init_platform(void) + memcpy(&header, mapping, sizeof(header)); + early_memunmap(mapping, sizeof(header)); + +- if (header.type == SETUP_JAILHOUSE && +- header.len >= sizeof(setup_data)) { +- pa_data += offsetof(struct setup_data, data); +- +- mapping = early_memremap(pa_data, sizeof(setup_data)); +- memcpy(&setup_data, mapping, sizeof(setup_data)); +- early_memunmap(mapping, sizeof(setup_data)); +- ++ if (header.type == SETUP_JAILHOUSE) + break; +- } + + pa_data = header.next; + } +@@ -180,13 +175,27 @@ static void __init jailhouse_init_platform(void) + if (!pa_data) + panic("Jailhouse: No valid setup data found"); + +- if (setup_data.compatible_version > JAILHOUSE_SETUP_REQUIRED_VERSION) +- panic("Jailhouse: Unsupported setup data structure"); ++ /* setup data must at least contain the header */ ++ if (header.len < sizeof(setup_data.hdr)) ++ goto unsupported; + +- pmtmr_ioport = setup_data.pm_timer_address; ++ pa_data += offsetof(struct setup_data, data); ++ setup_data_len = min_t(unsigned long, sizeof(setup_data), ++ (unsigned long)header.len); ++ mapping = early_memremap(pa_data, setup_data_len); ++ memcpy(&setup_data, mapping, setup_data_len); ++ early_memunmap(mapping, setup_data_len); ++ ++ if (setup_data.hdr.version == 0 || ++ setup_data.hdr.compatible_version != ++ JAILHOUSE_SETUP_REQUIRED_VERSION || ++ (setup_data.hdr.version >= 1 && header.len < SETUP_DATA_V1_LEN)) ++ goto unsupported; ++ ++ pmtmr_ioport = setup_data.v1.pm_timer_address; + pr_debug("Jailhouse: PM-Timer IO Port: %#x\n", pmtmr_ioport); + +- precalibrated_tsc_khz = setup_data.tsc_khz; ++ precalibrated_tsc_khz = setup_data.v1.tsc_khz; + setup_force_cpu_cap(X86_FEATURE_TSC_KNOWN_FREQ); + + pci_probe = 0; +@@ -196,6 +205,10 @@ static void __init jailhouse_init_platform(void) + * are none in a non-root cell. + */ + disable_acpi(); ++ return; ++ ++unsupported: ++ panic("Jailhouse: Unsupported setup data structure"); + } + + bool jailhouse_paravirt(void) +-- +2.11.0 + diff --git a/meta-agl-jailhouse/recipes-kernel/linux/linux/0002-x86-jailhouse-Only-enable-platform-UARTs-if-availabl.patch b/meta-agl-jailhouse/recipes-kernel/linux/linux/0002-x86-jailhouse-Only-enable-platform-UARTs-if-availabl.patch new file mode 100644 index 00000000..d1db6c71 --- /dev/null +++ b/meta-agl-jailhouse/recipes-kernel/linux/linux/0002-x86-jailhouse-Only-enable-platform-UARTs-if-availabl.patch @@ -0,0 +1,200 @@ +From 7f87114a29351547ffb9bd16c4cafb37524806c6 Mon Sep 17 00:00:00 2001 +From: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de> +Date: Thu, 10 Oct 2019 12:21:02 +0200 +Subject: [PATCH 02/32] x86/jailhouse: Only enable platform UARTs if available + +ACPI tables aren't available if Linux runs as guest of the hypervisor +Jailhouse. This makes the 8250 driver probe for all platform UARTs as it +assumes that all UARTs are present in case of !ACPI. Jailhouse will stop +execution of Linux guest due to port access violation. + +So far, these access violations were solved by tuning the 8250.nr_uarts +cmdline parameter, but this has limitations: Only consecutive platform +UARTs can be mapped to Linux, and only in the sequence 0x3f8, 0x2f8, +0x3e8, 0x2e8. + +Beginning from setup_data version 2, Jailhouse will place information of +available platform UARTs in setup_data. This allows for selective +activation of platform UARTs. + +Query setup_data version and only activate available UARTS. This +patch comes with backward compatibility, and will still support older +setup_data versions. In case of older setup_data versions, Linux falls +back to the old behaviour. + +Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de> +Signed-off-by: Borislav Petkov <bp@suse.de> +Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> +Cc: Baoquan He <bhe@redhat.com> +Cc: "H. Peter Anvin" <hpa@zytor.com> +Cc: Ingo Molnar <mingo@redhat.com> +Cc: jailhouse-dev@googlegroups.com +Cc: Juergen Gross <jgross@suse.com> +Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> +Cc: Thomas Gleixner <tglx@linutronix.de> +Cc: x86-ml <x86@kernel.org> +Link: https://lkml.kernel.org/r/20191010102102.421035-3-ralf.ramsauer@oth-regensburg.de +--- + arch/x86/include/uapi/asm/bootparam.h | 3 ++ + arch/x86/kernel/jailhouse.c | 85 +++++++++++++++++++++++++++++------ + 2 files changed, 75 insertions(+), 13 deletions(-) + +diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h +index 43be437c9c71..db1e24e56e94 100644 +--- a/arch/x86/include/uapi/asm/bootparam.h ++++ b/arch/x86/include/uapi/asm/bootparam.h +@@ -152,6 +152,9 @@ struct jailhouse_setup_data { + __u8 standard_ioapic; + __u8 cpu_ids[255]; + } __attribute__((packed)) v1; ++ struct { ++ __u32 flags; ++ } __attribute__((packed)) v2; + } __attribute__((packed)); + + /* The so-called "zeropage" */ +diff --git a/arch/x86/kernel/jailhouse.c b/arch/x86/kernel/jailhouse.c +index cf4eb37ad97b..6eb8b50ea07e 100644 +--- a/arch/x86/kernel/jailhouse.c ++++ b/arch/x86/kernel/jailhouse.c +@@ -11,6 +11,7 @@ + #include <linux/acpi_pmtmr.h> + #include <linux/kernel.h> + #include <linux/reboot.h> ++#include <linux/serial_8250.h> + #include <asm/apic.h> + #include <asm/cpu.h> + #include <asm/hypervisor.h> +@@ -21,11 +22,24 @@ + #include <asm/setup.h> + #include <asm/jailhouse_para.h> + +-static __initdata struct jailhouse_setup_data setup_data; ++static struct jailhouse_setup_data setup_data; + #define SETUP_DATA_V1_LEN (sizeof(setup_data.hdr) + sizeof(setup_data.v1)) ++#define SETUP_DATA_V2_LEN (SETUP_DATA_V1_LEN + sizeof(setup_data.v2)) + + static unsigned int precalibrated_tsc_khz; + ++static void jailhouse_setup_irq(unsigned int irq) ++{ ++ struct mpc_intsrc mp_irq = { ++ .type = MP_INTSRC, ++ .irqtype = mp_INT, ++ .irqflag = MP_IRQPOL_ACTIVE_HIGH | MP_IRQTRIG_EDGE, ++ .srcbusirq = irq, ++ .dstirq = irq, ++ }; ++ mp_save_irq(&mp_irq); ++} ++ + static uint32_t jailhouse_cpuid_base(void) + { + if (boot_cpu_data.cpuid_level < 0 || +@@ -79,11 +93,6 @@ static void __init jailhouse_get_smp_config(unsigned int early) + .type = IOAPIC_DOMAIN_STRICT, + .ops = &mp_ioapic_irqdomain_ops, + }; +- struct mpc_intsrc mp_irq = { +- .type = MP_INTSRC, +- .irqtype = mp_INT, +- .irqflag = MP_IRQPOL_ACTIVE_HIGH | MP_IRQTRIG_EDGE, +- }; + unsigned int cpu; + + jailhouse_x2apic_init(); +@@ -100,12 +109,12 @@ static void __init jailhouse_get_smp_config(unsigned int early) + if (setup_data.v1.standard_ioapic) { + mp_register_ioapic(0, 0xfec00000, gsi_top, &ioapic_cfg); + +- /* Register 1:1 mapping for legacy UART IRQs 3 and 4 */ +- mp_irq.srcbusirq = mp_irq.dstirq = 3; +- mp_save_irq(&mp_irq); +- +- mp_irq.srcbusirq = mp_irq.dstirq = 4; +- mp_save_irq(&mp_irq); ++ if (IS_ENABLED(CONFIG_SERIAL_8250) && ++ setup_data.hdr.version < 2) { ++ /* Register 1:1 mapping for legacy UART IRQs 3 and 4 */ ++ jailhouse_setup_irq(3); ++ jailhouse_setup_irq(4); ++ } + } + } + +@@ -138,6 +147,53 @@ static int __init jailhouse_pci_arch_init(void) + return 0; + } + ++#ifdef CONFIG_SERIAL_8250 ++static inline bool jailhouse_uart_enabled(unsigned int uart_nr) ++{ ++ return setup_data.v2.flags & BIT(uart_nr); ++} ++ ++static void jailhouse_serial_fixup(int port, struct uart_port *up, ++ u32 *capabilities) ++{ ++ static const u16 pcuart_base[] = {0x3f8, 0x2f8, 0x3e8, 0x2e8}; ++ unsigned int n; ++ ++ for (n = 0; n < ARRAY_SIZE(pcuart_base); n++) { ++ if (pcuart_base[n] != up->iobase) ++ continue; ++ ++ if (jailhouse_uart_enabled(n)) { ++ pr_info("Enabling UART%u (port 0x%lx)\n", n, ++ up->iobase); ++ jailhouse_setup_irq(up->irq); ++ } else { ++ /* Deactivate UART if access isn't allowed */ ++ up->iobase = 0; ++ } ++ break; ++ } ++} ++ ++static void __init jailhouse_serial_workaround(void) ++{ ++ /* ++ * There are flags inside setup_data that indicate availability of ++ * platform UARTs since setup data version 2. ++ * ++ * In case of version 1, we don't know which UARTs belong Linux. In ++ * this case, unconditionally register 1:1 mapping for legacy UART IRQs ++ * 3 and 4. ++ */ ++ if (setup_data.hdr.version > 1) ++ serial8250_set_isa_configurator(jailhouse_serial_fixup); ++} ++#else /* !CONFIG_SERIAL_8250 */ ++static inline void jailhouse_serial_workaround(void) ++{ ++} ++#endif /* CONFIG_SERIAL_8250 */ ++ + static void __init jailhouse_init_platform(void) + { + u64 pa_data = boot_params.hdr.setup_data; +@@ -189,7 +245,8 @@ static void __init jailhouse_init_platform(void) + if (setup_data.hdr.version == 0 || + setup_data.hdr.compatible_version != + JAILHOUSE_SETUP_REQUIRED_VERSION || +- (setup_data.hdr.version >= 1 && header.len < SETUP_DATA_V1_LEN)) ++ (setup_data.hdr.version == 1 && header.len < SETUP_DATA_V1_LEN) || ++ (setup_data.hdr.version >= 2 && header.len < SETUP_DATA_V2_LEN)) + goto unsupported; + + pmtmr_ioport = setup_data.v1.pm_timer_address; +@@ -205,6 +262,8 @@ static void __init jailhouse_init_platform(void) + * are none in a non-root cell. + */ + disable_acpi(); ++ ++ jailhouse_serial_workaround(); + return; + + unsupported: +-- +2.11.0 + diff --git a/meta-agl-jailhouse/recipes-kernel/linux/linux/0003-jailhouse-Add-simple-debug-console-via-the-hyperviso.patch b/meta-agl-jailhouse/recipes-kernel/linux/linux/0003-jailhouse-Add-simple-debug-console-via-the-hyperviso.patch new file mode 100644 index 00000000..289f54ac --- /dev/null +++ b/meta-agl-jailhouse/recipes-kernel/linux/linux/0003-jailhouse-Add-simple-debug-console-via-the-hyperviso.patch @@ -0,0 +1,174 @@ +From faa349f4d096554c6d5bfe74634599d2e26f64a7 Mon Sep 17 00:00:00 2001 +From: Jan Kiszka <jan.kiszka@siemens.com> +Date: Sun, 11 Sep 2016 23:30:04 +0200 +Subject: [PATCH 03/32] jailhouse: Add simple debug console via the hypervisor + +Jailhouse allows explicitly enabled cells to write character-wise +messages to the hypervisor debug console. Make use of this for a +platform-agnostic boot diagnosis channel, specifically for non-root +cells. This also comes with earlycon support. + +Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> +--- + MAINTAINERS | 1 + + drivers/virt/Kconfig | 11 +++++ + drivers/virt/Makefile | 1 + + drivers/virt/jailhouse_dbgcon.c | 103 ++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 116 insertions(+) + create mode 100644 drivers/virt/jailhouse_dbgcon.c + +diff --git a/MAINTAINERS b/MAINTAINERS +index 9d3a5c54a41d..07cb4d674c93 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -8761,6 +8761,7 @@ L: jailhouse-dev@googlegroups.com + S: Maintained + F: arch/x86/kernel/jailhouse.c + F: arch/x86/include/asm/jailhouse_para.h ++F: drivers/virt/jailhouse_dbgcon.c + + JC42.4 TEMPERATURE SENSOR DRIVER + M: Guenter Roeck <linux@roeck-us.net> +diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig +index 363af2eaf2ba..99c5eaca6952 100644 +--- a/drivers/virt/Kconfig ++++ b/drivers/virt/Kconfig +@@ -31,5 +31,16 @@ config FSL_HV_MANAGER + 4) A kernel |