Version 1.0.0

RIKEN-RCCS · Aug 10, 2022 · 7c3cdec · 7c3cdec
1 parent e5b6949
commit 7c3cdec
Show file tree

Hide file tree

Showing 38 changed files with 3,799 additions and 1,124 deletions.
diff --git a/README.md b/README.md
@@ -15,34 +15,45 @@ We are currently developing MilvusVisor as a research activity to achieve HPC en
 
 Currently, MilvusVisor provides the following function.
 
+You can build with enabling some functions by `make custom_all FEATURES=feature1,feautre2,...`.(`featureN` is described like `Feature Name: feature_name` in each section.)
+
 - Protecting non-volatile data in devices from guest OS (e.g. Firmware, MAC address)
-  - Supported device: Intel I210, Mellanox Technologies MT27800
-- Protecting MilvusVisor itself against DMA attack
+  - Intel I210 (Feature Name: `i210`)
+    - Protect EEPROM from writing access
+  - Mellanox Technologies MT27800 (Feature Name: `mt27800`)
+    - Protect from firmware update
+- Protecting MilvusVisor itself against DMA attack (Feature Name: `smmu`)
   - Using SMMUv3 Stage 2 Page Translation to protect from DMA attack
-- Fast restore: Fast restoring the guest environments without reboot the machine
+  - Stage 1 translation is available from guest OS
+- Fast restore: Fast restoring the guest environments without reboot the machine (Feature Name: `fast_restore`)
   - Taking a snapshot just before the first boot of the guest OS
   - Restoring it on rebooting/shutting down the guest OS
-- Protecting ACPI Tables from write accesses
+- Protecting ACPI Tables from write accesses (Feature Name: `acpi_table_protection`)
   - For the Fast Restore
+- Linked-List Style Memory Allocator (Feature Name:  `advanced_memory_manager`)
+- Contiguous Bit (Feature Name: `contiguous_bit`)
+  - Set contiguous bit enabled  if available (TLB will be optimized by the contiguous bit)
+  - Some machine may noe work fine with the contiguous bit
+- A64FX specific registers' initialization (Feature Name: `a64fx`)
+  - Initialize some a64fx specific registers during boot
 
 ## Tested machines
 
 We have tested MilvusVisor on the following machines.
 
 - FIJITSU FX700
 - GIGABYTE E252-P30
-- AML-S805X-AC
 - QEMU
 
 The following table shows which feature worked on which machines.
 
-| Test items \\ Machine                                       | FX700 | E252-P30 | AML | QEMU |
-|:------------------------------------------------------------|:-----:|:--------:|:---:|:----:|
-| Booting Linux on MilvusVisor (Multi-core)                   | o     | o        | o   | o    |
-| Protecting non-volatile data of Intel I210                  | o     | -        | -   | -    |
-| Protecting firmware update of Mellanox Technologies MT27800 | o     | -        | -   | -    |
-| Protecting MilvusVisor itself against DMA attack            | o     | -        | -   | -    |
-| Fast Restore                                                | o     | -        | -   | -    |
+| Test items \\ Machine                                       | FX700 | E252-P30 | QEMU |
+|:------------------------------------------------------------|:-----:|:--------:|:----:|
+| Booting Linux on MilvusVisor (Multi-core)                   | o     | o        | o   |
+| Protecting non-volatile data of Intel I210                  | o     | -        | -   |
+| Protecting firmware update of Mellanox Technologies MT27800 | o     | -        | -   |
+| Protecting MilvusVisor itself against DMA attack            | o     | -        | -   |
+| Fast Restore                                                | o     | -        | -   |
 
 ## How to build the hypervisor
 
@@ -67,7 +78,7 @@ For example, if you want to build the hypervisor only with the device protection
 make custom_all FEATURES=i210,mt27800
 ```
 
-Next (How to run the hypervisor)[＃How to run the hypervisor]
+Next [How to run the hypervisor](#how-to-run-the-hypervisor)
 
 ### By docker
 #### Requirements
@@ -96,7 +107,7 @@ make QEMU_EFI=/usr/share/qemu-efi/QEMU_EFI.fd run #Please set the path of your Q
 ### On a physical machine from a USB memory stick
 #### Requirement
 - Prepare a USB memory that has an EFI (FAT) partition that has `/EFI/BOOT/` directory. Please confirm that there is no important file in the partition.
-- Prepare a physical machine that has ARMv8-A or later, and UEFI firmware.
+- Prepare a physical machine that has ARMv8.1-A or later, and UEFI firmware.
 
 #### Steps
 1. Attach your USB memory stick to the development machine which built the hypervisor binary.

diff --git a/src/Makefile b/src/Makefile
@@ -15,6 +15,8 @@ MKDIR = mkdir -p
 QEMU = qemu-system-aarch64
 RM = rm -rf
 CARGO = cargo
+export PROJECT_HASH := $(shell git rev-parse HEAD 2> /dev/null)
+export RUSTC_VERSION := $(shell rustc --version 2> /dev/null)
 CARGO_BUILD_OPTION = --release
 MOUNT = mount
 UMOUNT = umount

diff --git a/src/common/Cargo.toml b/src/common/Cargo.toml
@@ -6,7 +6,8 @@
 # http://opensource.org/licenses/mit-license.php
 [package]
 name = "common"
-version = "0.4.0"
+version = "1.0.0"
 edition = "2021"
 
-[dependencies]
+[features]
+advanced_memory_manager = []
diff --git a/src/common/src/acpi/madt.rs b/src/common/src/acpi/madt.rs
@@ -16,6 +16,7 @@ const MADT_STRUCT_SIZE: usize = core::mem::size_of::<MADT>();
 
 const STRUCT_TYPE_GICC: u8 = 0x0B;
 const STRUCT_TYPE_GICD: u8 = 0x0C;
+const STRUCT_TYPE_ITS: u8 = 0x0F;
 
 const GICC_FLAGS_ENABLED: u32 = 1;
 
@@ -57,16 +58,17 @@ pub struct GicCpuInterfaceStructure {
     spe_overflow_interrupt: u16,
 }
 
-/// MADTのリストから順次GicCpuInterfaceStructureを検出し、MPIDRを返却するIterです
-///
-/// このIteratorはMADTのInterrupt Controller Structure配列からGicCpuInterfaceStructureを先頭から順に
-/// 取得し、その中にあるMPIDRの値を返します。なお該当MPIDRが有効でない([`GICC_FLAGS_ENABLED`]が立ってない)
-/// 場合はスキップします。
+/// The iterator to get MPIDR which is enabled(`GICC_FLAGS_ENABLED` is enabled)
 pub struct GicCpuInterfaceStructureList {
     pointer: usize,
     limit: usize,
 }
 
+pub struct GicInterruptTranslationServiceStructureList {
+    pointer: usize,
+    limit: usize,
+}
+
 impl MADT {
     pub fn get_gic_list(&self) -> GicCpuInterfaceStructureList {
         let length = self.length as usize - MADT_STRUCT_SIZE;
@@ -91,6 +93,16 @@ impl MADT {
         }
         return None;
     }
+
+    pub fn get_gic_its_list(&self) -> GicInterruptTranslationServiceStructureList {
+        let length = self.length as usize - MADT_STRUCT_SIZE;
+        let pointer = self as *const _ as usize + MADT_STRUCT_SIZE;
+
+        GicInterruptTranslationServiceStructureList {
+            pointer,
+            limit: pointer + length,
+        }
+    }
 }
 
 impl Iterator for GicCpuInterfaceStructureList {
@@ -118,3 +130,21 @@ impl Iterator for GicCpuInterfaceStructureList {
         }
     }
 }
+
+impl Iterator for GicInterruptTranslationServiceStructureList {
+    type Item = usize;
+    fn next(&mut self) -> Option<Self::Item> {
+        if self.pointer >= self.limit {
+            return None;
+        }
+        let record_base = self.pointer;
+        let record_type = unsafe { *(record_base as *const u8) };
+        let record_length = unsafe { *((record_base + 1) as *const u8) };
+
+        self.pointer += record_length as usize;
+        match record_type {
+            STRUCT_TYPE_ITS => Some(unsafe { *((record_base + 8) as *const u64) } as usize),
+            _ => self.next(),
+        }
+    }
+}