In the hypervisor, some strings are assigned to non const
object, this violates MISRA C:2012.
Update the type of the object as const type since it always
points to string.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Once the specific interrupt is marked waiting for inject to
target vcpu, we don't need to mark it again if the same
interrupt is request to inject to same target vcpu.
One example is UP SOS + SMP UOS. It's possible that different
core of UOS try to notify SOS vcpu that there is ioreq pending.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are extra type conversion in the HV since logical_id
type is uint32_t and the input argument of bitmap operations
is uint16_t. BTW, the name of logical_id is not clear enough
to express its usage.
So the following updates are made in this patch:
Update logical_id type as unit_16 to reduce type casting;
Update related print argument;
Rename related logical_id as pcpu_id as needed.
Note: logical_id in the interrupt_init definition have been
updated in cpu_id cleanup patch.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
There are extra type conversion in the HV since cpu_id
type is uint32_t and the return value type of get_cpu_id
is uint16_t. BTW, the name of cpu_id is not clear enough
to express its usage.
So the following updates are made in this patch:
Update cpu_id type as unit_16 to reduce type casting;
Update related temporary variables type;
Update related print argument;
Change the input parameter name of interrupt_init as
cpu_id to keep align with function implement;
Rename cpu_id as pcpu_id as needed.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, virtual cpu id is defined as "int" or "uint32_t"
type in the hypervisor. So there are some sign conversion issues
about virtual cpu id (vcpu_id) reported by static analysis tool.
Sign conversion violates the rules of MISRA C:2012.
BTW, virtual cpu id has different names (vcpu_id, cpu_id, logical_id)
for different modules of HV, its type is defined as "int" or "uint32_t"
in the HV. cpu_id type and logical_id type clean up will be done in
other patchs.
V1-->V2:
More clean up the type of vcpu id;
"%hu" is for vcpu id in the print function.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We pass retval to vmm_emulate_instruction and assign the return value to retval
at the same time. The retval will be passed to mmio_read/write finally as memarg
and the functions don't use the parameter actually. Apparently, we misused the
retval.
This patch fix it by passing 'NULL' to vmm_emulate_instruction.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Rename bit operation function fls as fls32, keep name
style with other bit operation function.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are some cases that we write to VMX_HOST_XXX regs but have debug message
like "pr_dbg("VMX_GUEST_XXX ...")".
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch represents TSC freqeuency in KHz using a 32-bit unsigned integer.
The conversion macros between ticks and us/ms are changed to inline functions to
enforce the types of the input parameters. Note that us_to_ticks accepts only
uint32_t (~4K us at most) and never overflows.
Results of some unit tests on the conversion functions:
calibrate_tsc, tsc_khz=1881600
64us -> ticks: 120422
64us -> ticks -> us: 63
511us -> ticks: 961497
511us -> ticks -> us: 510
1280000 ticks -> us: 680
1280000 ticks -> us -> ticks: 1279488
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ioapic reset function will be called when doing guest reset.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If the vcpu->guest_msrs was allocated, don't allocate the memory
again to avoid memory leak when init_msr_emulation is called
more than once.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
vlapic reset should also zero apic_page and pir_desc if pir is
enabled.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To reduce type conversion in HV:
Update return type of function ffs64 and ffz64 as uint16;
For ffs64, when the input is zero, INVALID_BIT_INDEX is returned;
Update temporary variable type and return value check of caller
when it call ffs64 or ffz64;
Note: In the allocate_mem, there is no return value checking for
calling ffz64, this will be updated latter.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER
Coding style fixing;
INVALID_CPU_ID instead of INVALID_PCPU_ID or INVALID_VCPU_ID;
"%hu" is used to print vcpu id (uint16_t);
Add "U/UL" for constant value as needed.
V2-->V3:
ffs64 return INVALID_BIT_INDEX directly when
the input value is zero;
Remove excess "%hu" updates.
V3-->V4:
Clean up the comments of ffs64;
Add "U" for constant value as needed.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change the return type of function fls64 and clz64 as uint16_t;
When the input is zero, INVALID_ID_INDEX is returned;
Update temporary variable type and return value check of caller
when it call fls64 or clz64;
When input value is zero, clz64 returns 64 directly.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER;
Partly revert apicv_pending_intr udpates;
Add type conversion as needed;
Coding style fixing.
V2-->V3:
Correct type conversion;
fls64 return INVALID_BIT_INDEX directly when
the input value is zero.
V3-->V4:
No updates for this part in PATCH V4.
Note: For instruction "bsrq", destination register value
is undefined when source register value is zero.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change the return type of function fls and clz as uint16_t;
When the input is zero, INVALID_BIT_INDEX is returned;
Update temporary variable type and return value check of caller
when it call fls or clz;
When input value is zero, clz returns 32 directly.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER;
Add type conversion as needed;
Add "U/UL" for constant value as needed;
Codeing style fixing.
V2-->V3:
Use type conversion to remove side effect of
the variable which stores fls/clz return value;
fls return INVALID_BIT_INDEX directly when the
input value is zero.
V3-->v4:
Clean up comments for fls.
Note: For instruction "bsrl", destination register value
is undefined when source register value is zero.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function prepare_vm0_memmap_and_e820 and init_vm0_boot_info are specific for vm0.
There is no need to check is_vm0 again in those functions.
This patch remove the unnecssary checks.
v1 -> v2:
- Add pre-condition comment before the function as Junjie's suggestion.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are multiple helpers for collecting info to be printed on the ACRN uart
console. They are unreachable code in release builds in which the uart console
is removed.
To define a precise boundary for safety-related activities, this patch wraps the
declarations and definitions to these helpers with "#ifdef HV_DEBUG" so that
these unreachable APIs will be dropped in release builds.
v1 -> v2:
* Fix coding style: no empty lines between #ifdef and the wrapped code.
* Also drop get_rte_info() in ioapic.c, which is solely used by
get_ioapic_info().
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With current code, the INIT-STARTUP IPI with EXCLUDING_SELF shorthand
cannot be handled.
This patch is to correct hypervisor to emulate IPI with different
delivery_mode & shorthand.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Similar to cr0/4:
- use context->vmx_ia32_pat to save/restore VMX_GUEST_IA32_PAT field
- use context->ia32_pat to keep track the guest' view of IA32_PAT MSR
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch makes use of IA32_PAT MSR to emulate cache disabled behaviour
When the guest is requesting to set CR0.CD:
- Keep guest's CR0.CD and CR0.NW bits unchanged
- Write IA32_PAT MSR with all-UC entries to change the effective memory
type for all GPA to UC for the guest VCPU
- It depends on trapping wrmsr to IA32_PAT to prevent any entry in
IA32_PAT being changed to non UC type by the guest
When the guest is requesting to clear CR0.CD:
- restore the content of guest's IA32_PAT MSR
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Preparing for emulating guest's CR0.CD and CR0.NW bits:
- Intercept both rdmsr and wrmsr for IA32_PAT
- Track guest's IA32_PAT MSR with vcpu.arch_vcpu.contexts.ia32_pat
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enum cpu state is better than cpu state macro.
V1->V2:
move enum cpu_state under #ifndef ASSEMBLER MACRO to avoid
assembler compiler scan.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We define attr.name in struct vm and named as ("vm_%d", attr.id). attr.name only
be used in debug tool vm_list. It does't deserve to do so in OS created flow
(aka function create_vm). It's better to handle this in vm_list tool.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@inte.com>
struct map_params's member page_table_type is enum _page_table_type,
transferred it.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add a new parameter csar to get_guest_paging_info. We will save one exec_vmread
in this case.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are two prefix (aka TRC and TRACE) for trace event. This patch make all
the trace event prefix consist with TRACE.
No functional change.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
operations
For reducing sign conversion in hypervisor:
Update parameters of bitmap operations as unsigned type;
Update the input of related caller as unsigned type when the
caller's input parameter is const variable or the variable is
only used by bitmap operations.
V1-->V2:
(1) Explicit casting for the first parameter
of all bitmap operations;
(2) Remove mask operation for explicit casting
of all bitmap operations, since masking is
useless. Otherwise, this trucation is dangerous.
V2-->V3:
(1) Explicit casting for all bitmap operations parameter;
(2) Masking bit offset with 6-bit;
(3) Add few comments about bit offset.
V3-->V4:
add '\' for some statement of bitmap macro
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The struct member types should be transfer to non-basic types,
chaned it to length-prefix(uint32_t,int32_t ...) type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Constants represented in an unsigned type should have the 'U' suffix per MISRA C
requirements even for 0 to get rid of implicit signedness conversions which can
be confusing due to the implementation-defined integer formats.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With pins being uint8_t, implicit narrowing conversions arises since unsigned
integer constants, irq IDs and general registers have type ''unsigned
int''. Make such conversions explicit.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
PIC pin IDs should be logically unsigned, while we currently use ''int'' to
represent them.
Following the convention we use unsigned IDs, this patch converts the
representation of pins to uint8_t. A special value VPIC_INVALID_PIN is
introduced to represent the case when a valid target pin cannot be
found (previously -1 is used for this case). The branch conditions are updated
accordingly, following the convention below.
(for ''pin''s representing a per-PIC pin)
if (pin != -1) -> if (pin < NR_VPIC_PINS_PER_CHIP)
if (pin == -1) -> if (pin >= NR_VPIC_PINS_PER_CHIP)
if (pin >= 0 && pin < 8) -> if (pin < NR_VPIC_PINS_PER_CHIP)
if (pin >= 0 && pin <= 7) -> if (pin < NR_VPIC_PINS_PER_CHIP)
if (pin >= 0) -> if (pin < NR_VPIC_PINS_PER_CHIP)
(for ''pin''s representing a pin in the vPIC with 2 cascading PICs)
if (pin >= 0 && pin <= 15) -> if (pin < NR_VPIC_PINS_TOTAL)
if (pin > 15) -> if (pin >= NR_VPIC_PINS_TOTAL)
Related local variables are also changed accordingly.
v1 -> v2:
* Rename the number of pins per PIC to NR_VPIC_PINS_PER_CHIP, and the number
of pins of 2 cascading PICs to NR_VPIC_PINS_TOTAL.
* Using "%hhu" instead of "%d" in format string when a pin is expected.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According intel mannual and ACPI mannual,lapic_id length is 1 byte.
V1->V2:
Add U suffix to the numeric when do arithmetic operation on lapic.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch drops the duplicated definitions to ''true'' and ''false'' and
initializes boolean variables with boolean values instead of integers.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Port I/O handlers are expected to accept unsigned port address and width which
have type uint16_t and size_t accordingly. The internal handlers in vpic, on the
other hand, declares signed addresses and width in their prototypes. This patch
enforces unsignedness of addresses and widths in these handlers.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The number of initialization command word (ICW) and register contents are
logically unsigned and they have already been used in such way. This patch
changes the declaration of them so that the declarations, definitions and uses
are all aligned.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN needs to trap the pm1a/pm1b written/read from VM0. So we
could know when should we put the system to S3.
We will have two path back to VM0:
- S3 enter/exit sucess. Will reset VM0 and jump to VM0 wakeup vec
with real mode
- S3 enter/exit failed. Will return to the next instruction of
pm1a/pm1b register writing. VM0 will read the pm1a/pm1b evt
register to check whether it's waked up or not.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
S3 resume path for VM0 is put bsp of VM0 to real mode and jump
to the wakeup vec of VM0. So we need to extend the init_guest_state
to support start from real mode.
We apply different CS:IP setting for BSP:
- if entry_addr of BSP is larger than 0x100000, it's not wakeup
from S3. We assume it's guest start and set CS:IP by hardcode.
- if entry_addr of BSP is smaller than 0x100000, it's wakeup
from S3. We setup CS:IP according to ACPI spec.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Emulate VM0 resume from S3 state:
- reset BSP of VM0
- set the BSP entry to saved VM0 wakeup vec and set BSP to real mode
- start BSP
To match trampoline_spinlock release on ACRN Sx resume path, acquire
trampoline_spinlock if ACRN Sx enter fails.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enter_s3 is main function for ACRN to enter S3 state with following
process:
- pause vm0
- save the wakeup vec of vm0 and set wakeup vec of ACRN. So
resume from S3 will jump to ACRN wakeup
- offline APs
- update the main entry of trampoline to resume entry. After BSP
is resume from S3, it will jump to resume entry instead of AP
startup routine
- turn off vmx
- suspend devices
- enter S3.
exit S3 with following process:
- release trampoline_spinlock which is hold in trampoline code
- resume devices
- enable vmx
- update the main entry of trampoline to AP startup routine.
- online APs.
The following operations will be resume vm0 which will be added
in next patch.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Couple of small changes merged in this change:
- export main_entry, trampoline_spinlock and stop_cpus.
- change vm_resume() name to resume_vm()
- change resume_console_enable() name to resume_console()
- extend reset_vcpu to reset more fields of vcpu
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The S3 enter lowlevel routine saves the cpu context to memory
and enter S3 state
The S3 wakeup lowlevel routine restore cpu context and return.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- add a commont head file include/common/irq.h, to include the common data
structure and APIs;
- move the common data struct and APIs from arch/x86/irq.h to the common header.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To make the file structure clearer, change the file names:
- rename arch/x86/interrupt.c to virq.c, for the virtual irq relavant code,
such as irq injection etc;
- merge arch/x86/intr_main.c into arch/x86/irq.c;
- rename arch/x86/intr_lapic.c to lapic.c
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C required function return type should be consistented.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It is already assumed that ''long'' has 8-bytes, and thus there is no need to
use ULL to indicate a 8-byte unsigned constant.
This patch changes all ULL suffixes found in the hypervisor to UL.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- to avoid reading operations on MTRR registers if
no MTRR feature support on current platform in "init_mtrr()".
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Snoop control is not supported in the graphics VT-d engine and so should
be disabled in the PTEs. Also enabled iommu for graphics in the
dmar_drhd array.
v2: removed disable iommu in handle_one_drhd and combined if cond.
v3: minor code review changes
v4: moved the snoop control change to ept.c to accomodate upstream changes
Signed-off-by: Anitha Chrisanthus <anitha.chrisanthus@intel.com>
Reviewed-by: Gong Zhipeng <zhipeng.gong@intel.com>
Fix the type for vector in ioapic setup, which is a potential problem:
- return VECTOR_INVALID instead of false in irq_desc_alloc_vector()
when irq is out of range;
- change variable type from int to uint32_t for vector, and correct
the returned value check.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It could be also used by host as well. So we remove GUEST from
MACRO name
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
for bsp_boot_init/cpu_secondary_init, they are on temp stack.
for bsp_boot_post/cpu_secondary_post, they are on runtime stack.
define SWITCH_TO MACRO to switch runtime stack then jump to post functions.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C requires that unsigned constants should have the 'U' suffix, while this
C syntax is not accepted by binutils assembler per binutil manual.
This patch explicitly spells out the unsigned constants used in the assembly
files while tracking the original expressions in comments. This fixes build
failure when using binutils <= 2.26.
v2 -> v3:
* Explicitly spell out the unsigned constants in assembly, instead of
duplicating the macros in headers which break the integrity of the
definitions.
v1 -> v2:
* Define different macros instead of wrapping all unsigned constants.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
phys_cpu_num is more popular than phy_cpu_num, update them
through command.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Update the structure definition to define the address type
(HVA vs HPA vs GPA) explicitly.
Convert address to HVA before access the GPA/HPA type of address.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Before we set the page table, we should know the attribute. So
move configure the page table attribute outside of modify_paging.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C doesn't allowed negative shift, changed any potential signed value
to unsigned value.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The member of width in struct e820_entries,can be declared to
uint32_t(the range of the member is bigger than 0) to avoid
negative shift.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C doesn't allowed negative shift, changed any potential signed value
to unsigned value.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, physical cpu id is defined as "int" or "uint32_t"
type in the hypervisor. So there are some sign conversion issues
about physical cpu id (pcpu_id) reported by static analysis tool.
Sign conversion violates the rules of MISRA C:2012.
In this patch, define physical cpu id as "uint16_t" type for all
modules in the hypervisor and change related codes. The valid
range of pcpu_id is 0~65534, INVALID_PCPU_ID is defined to the
invalid pcpu_id for error detection, BROADCAST_PCPU_ID is
broadcast pcpu_id used to notify all valid pcpu.
The type of pcpu_id in the struct vcpu and vcpu_id is "int" type,
this will be fixed in another patch.
V1-->V2:
* Change the type of pcpu_id from uint32_t to uint16_t;
* Define INVALID_PCPU_ID for error detection;
* Define BROADCAST_PCPU_ID to notify all valid pcpu.
V2-->V3:
* Update comments for INVALID_PCPU_ID and BROADCAST_PCPU_ID;
* Update addtional pcpu_id;
* Convert hexadecimals to unsigned to meet the type of pcpu_id;
* Clean up for MIN_PCPU_ID and MAX_PCPU_ID, they will be
defined by configuration.
Note: fix bug in the init_lapic(), the pcpu_id shall be less than 8,
this is constraint by implement in the init_lapic().
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Per MISRA C, operands to bit-wise operations should have unsigned
types. However, C99 prioritizes to use signed integers for hexadecimal constants
without the 'U' suffixes, leading to tons of bit operations on signed integers.
This patch series add the 'U' suffixes to the constants which are used in bit
operations, and add the intended width of these integers when applicable
(i.e. the target value is at least 32-bit wide) to avoid functional differences
due to signed vs. unsigned extensions. The rule of thumb is:
'0' for signed char/short/int
'0U' for unsigned char/short/int
'0L' for signed long (should be 64-bit)
'0UL' for unsigned long (should be 64-bit)
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. remove duplicated definitions of mem_loglevel/console_loglevel;
2. Set default loglevels to display important messages:
- CONSOLE_LOGLEVEL_DEFALUT is changed from 2 to 3;
- MEM_LOGLEVEL_DEFAULT is changed from 4 to 5.
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Yan, Like <like.yan@intel.com>
We will get following warnings when build acrn as release version. This patch
fix those warnings.
No functional change.
...
arch/x86/cpu.c: In function ‘stop_cpus’:
arch/x86/cpu.c:727:20: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (get_cpu_id() == i) /* avoid offline itself */
^~
arch/x86/vtd.c: In function ‘dmar_enable_translation’:
arch/x86/vtd.c:84:12: warning: unused variable ‘start’ [-Wunused-variable]
uint64_t start = rdtsc(); \
...
arch/x86/guest/instr_emul.c: In function ‘get_gla’:
arch/x86/guest/instr_emul.c:615:6: warning: variable ‘error’ set but not used [-Wunused-but-set-variable]
int error;
...
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- when init, cr0 & cr4 should read from VMCS
- when world switch, cr0/cr4 read shadow should also be save/restore
v2:
- use context->vmx_cr0/cr4 to save/restore VMX_GUEST_CR0/CR4
- use context->cr0/cr4 to save/restore VMX_CR0/CR4_READ_SHADOW
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
set trusty eptp to 0 after destroy, and only invalidate trusty eptp when it
exist.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
We should use list_del_init here. Otherwise it would misorder the
timer list if we would delete timer more than once if there're more
than one timer on it.
Change-Id: I2d18248173ced1ea1b723352327d2c3d0efc4900
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
MISRA C required that return value should be used, missing for it should
add "(void)" prefix before the function call.
Some function can be declared without return value to avoid this problem.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove_intx_remapping is not global function, make static.
Unlike global functions in C, access to static functions is restricted to the file where they are declared. Another reason for making functions static can be reuse of the same function name in other files
Signed-off-by: Chris Ye <chris.ye@intel.com>
- this patch is to enable SMEP in hypervisor, SMEP protects
guests' memory from supervisor-mode instruction fetches,
in other words, hypervisor which operating in supervisor
mode can't fetch instructions from (guests' memory)
linear addresses that are accessible in user mode.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This reverts commit 3a3aeac09f.
MTRR has been emulated in hypervisor, then don't need this workaround
patch.
Signed-off-by: Fei Jiang <fei.jiang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Move common stuff, like ptdev entry and softirq, to new ptdev.c
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch introduces a configuration symbol RELEASE for managing debug/release
build in a similar way to how we manage PLATFORM.
Note:
1. 'make defconfig RELEASE=1' will still use the CONFIG_RELEASE defined in the
default configuration. The 'RELEASE=1' option has no effect in this case.
2. 'make RELEASE=1' is backward-compatible and enforces a release version to be
built.
v1 -> v2:
* Pass RELEASE instead of CONFIG_RELEASE to silentoldconfig.py to avoid
unintended overriding of the value.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Geoffroy VanCutsem <geoffroy.vancutsem@intel.com>
Since .config has PLATFORM now, it is expected that the PLATFORM= command line
option is no longer necessary as long as a proper .config exists.
This patch implements this expectation. Now the platform to be selected is
determined by the following steps.
1. If PLATFORM= is provided on the command line, the specified value is
used.
2. If there is no PLATFORM= on the command line and PLATFORM is defined in
config.mk, its value is used.
3. If neither PLATFORM= on the command line nor config.mk is available, a
predefined default value is used.
v1 -> v2:
* 'make oldconfig' should not pass CONFIG_xxx to the script since config.mk
can be out-dated.
* Change the default value of PLATFORM to SBL for backward compatibility of
'make all'.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Geoffroy VanCutsem <geoffroy.vancutsem@intel.com>
This change is to fix a guest vm hang issue at vm reset, especially easy to
be seen when it's a watchdog timeout reset.
vlapic_init create and init vlapic.vlapic_timer without deleting the
timer from cpu_times list, which breaks the list, results in a timer remains
with callback points to an invalid location.
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Yan, Like <like.yan@intel.com>
There are some __unused attached to variables. But, those variables
are used by the function actually.
This patch remove them. No functional change.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Now, we only add native msr save/restore functions. The native power
related functions will be put to this file.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
These two functions will be called when ACRN enter/exit S3.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Yan Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
They will be called when acrn enter S3.
NOTE: it's only needed for native BSP because all APs are offline.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Current code is missing to handle the following race condition:
Before:
sti
|
V
handle softirq with
a while loop
| <----- if a new softirq generated at this point,
V it will be missed to be handled.
cli
|
V
return with unclear softirq bitmap
After:
again:
sti
|
V
handle softirq with
a while loop
|
V
cli
|
V
check if a new softirq generated, if yes,
jump back to above again lable point,
and do a while loop again.
|
V
return with clear softirq bitmap
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The hardcoded CPU Px Cx table should be read only, so set them to static
and const for safety.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Intel Atom A3950 SoC also can be used in Acrn, and it has same Cx data as
Atom A3960 SoC.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
The pm S state data is from host ACPI info and needed for S3/S5
implementation.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently irq and vector numbers are used inconsistently.
* Sometimes vector or irq ids is used in bit operations, indicating
that they should be unsigned (which is required by MISRA C).
* At the same time we use -1 to indicate an unknown irq (in
common_register_handler()) or unavailable irq (in
alloc_irq()). Also (irq < 0) or (vector < 0) are used for error
checking. These indicate that irq or vector ids should be signed.
This patch converts irq and vector numbers to unsigned 32-bit integers, and
replace the previous -1 with IRQ_INVALID or VECTOR_INVALID. The branch
conditions are updated accordingly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Also update all the references that need the absolute HPA with the
actual load addresses
- Save the trampoline code address to trampline_start16_paddr
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
- For UEFI boot, allocate memory for trampoline code in ACRN EFI,
and pass the pointer to HV through efi_ctx
- Correct LOW_RAM_SIZE and LOW_RAM_START in Kconfig and bsp_cfg.h
- use trampline_start16_paddr instead of the hardcoded
CONFIG_LOW_RAM_START for initial guest GDT and page tables
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
in real mode part, add extra pointers for page tables and long jump buffer
so it's possible for HV code to patch the relocation offset
in long mode part, use absolute addressing when referring HV symbols,
and use relative addressing for symbols within trampoline code
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
emalloc_for_low_mem() is used if CONFIG_EFI_STUB is defined.
e820_alloc_low_memory() is used for other cases
In either case, the allocated memory will be marked with E820_TYPE_RESERVED
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
MTRR feature was added after commit bce7ed1715 ("HV: config:
add Kconfig and defconfigs"), so the generated config.h doesn't
include CONFIG_MTRR_ENABLED
Signed-off-by: Zide Chen <zide.chen@intel.com>
- vm_gva2gpa is same as gva2gpa, so replace it with gva2gpa directly.
- remove dead usage of vm_gva2gpa in emulate_movs.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
using copy_from_gva to refine function acrn_update_ucode
v2:
- inject #PF if copy_from_gva meet -EFAULT
- remove VCPU_RETAIN_RIP when inject #PF
- refine MACRO GET_DATA_SIZE
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there is no need to use wrap function vm_restart_instruction, we
can use VCPU_RETAIN_RIP directly
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
use copy_from_gva in vie_init, if copy_from_gva meet -EFAULT, inject #PF.
And for decode_instruction, if return -EFAULT, the caller should keep return
path with successful status.
v2:
- remove vm_restart_instruction when inject #PF
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
there are data transfer between guest virtual space(GVA) & hv(HVA), for
example, guest rip fetching during instruction decoding.
GVA is address continuous, but its GPA could be only 4K page address
continuous, this patch adds copy_from_gva & copy_to_gva functions by
doing page walking of GVA to avoid address breaking during accessing GVA.
v2:
- modify API interface based on new gva2gpa function, err_code added
- combine similar code with inline function _copy_gpa
- change API name from vcopy_from/to_vm to copy_from/to_gva
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
V2->V3 modified the description
V1->V2 add __unused to handler_private_data
while misra c analyse callback function, it will dereference the pointer
plus an implicit getting address when extra parentheses with inner
star(example:(*foo)()). the first dereference should be removed.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
reviewed-by: Li,Fei1 <fei1.li@intel.com>
reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
if error code not valid, do not vmwrite VMX_ENTRY_EXCEPTION_EC. In cancel_event_injection, the
inject_info.error_core is not assigned when error code not valid.
Signed-off-by: Chris Ye <chris.ye@intel.com>
This patch drops "#include <bsp_cfg.h>" and include the generated config.h in
CFLAGS for the configuration data.
Also make sure that all configuration data have the 'CONFIG_' prefix.
v4 -> v5:
* No changes.
v3 -> v4:
* Add '-include config.h' to hypervisor/bsp/uefi/efi/Makefile.
* Update comments mentioning bsp_cfg.h.
v2 -> v3:
* Include config.h on the command line instead of in any header or source to
avoid including config.h multiple times.
* Add config.h as an additional dependency for source compilation.
v1 -> v2:
* No changes.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
This patch converts the configuration entries (previously defined in
bsp/*/include/bsp/bsp_cfg.h) to a Kconfig script.
With the platform specified, the default values will be exactly those in the
corresponding bsp_cfg.h.
v4 -> v5:
* No changes.
v3 -> v4:
* No changes.
v2 -> v3:
* No changes.
v1 -> v2:
* No changes.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Now, trampline code is used by both AP start and BSP s3 resume.
For s3 resume, ACPI (5.2.10 Firmware ACPI Control Structure (FACS).
table 5-37) defines the real mode address should be set to:
realmode address = CS(waking_vec >> 4): IP(wakeing_vec & 0x000F)
But not all bootloader (like ABL) follow ACPI definition about the
CS:IP setup before jump to trampline code for S3 resume.
To handle all these cases, a long jmp is issued at very beginning
of trampline code to fixup the CS:IP setup. After the fixup, the
CS is set to: (waking_vect >> 4), the IP is set to: (the_address_
of_next_instruction_of_long_jmp & 0xF). Which is aligned with ACPI
definition.
Another thing is that we can't calculate the fixup CS and IP value.
The reason is related with limitations of real mode (can't get
current ip address without stack). So we calculate the CS and IP
when preparing the trampline code.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
Cleanup "cpu_secondary_xx" in the symbols/section/functions/variables
name in trampline code.
There is item left: the default C entry is Ap start c entry. Before
ACRN enter S3, the c entry will be updated to high level S3 C entry.
So s3 resume will go s3 resume path instead of AP startup path.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
We will reuse this part of code for:
- AP bootup
- BSP wakeup from S3
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
- unmask MTRR from guest CPUID to enable MTRR
- MTRR virtualization can be disabled by commenting out CONFIG_MTRR_ENABLED
Signed-off-by: bliu11 <baohong.liu@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-rdmsr: emulate all MTRR registers besides variable range MTRRs
-wrmsr: emulate all MTRR registers besides variable range MTRRs and MTRRCAP
Signed-off-by: bliu11 <baohong.liu@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MTRRs have no effect on the memory type used for an access to GPA.
This patch updates the EPT MT field according to the memory type
selected by MTRRs, which combines with the PAT, PCD and PWT bits
from the guest paging structures to determine the effective memory type
Signed-off-by: bliu11 <baohong.liu@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Linux commit edfe63ec97ed ("x86/mtrr: Fix Xorg crashes in Qemu sessions")
disables PAT feature if MTRR is not enabled. This patch does partial
emulation of MTRR to prevent this from happening: enable fixed-range
MTRRs and disable virable range MTRRs
By default IA32_PAT MSR (SDM Vol3 11.12.4, Table 11-12) doesn't include
'WC' type. If MTRR is disabled from the guests, Linux doesn't allow
writing IA32_PAT MSR so WC type can't be enabled. This creates some
performance issues for certian applications that rely on WC memory type.
Implementation summary:
- Enable MTRR feature: MTRRdefType.E=1
- Enable fixed range MTRRs: MTRRCAP.fix=1, MTRRdefType.FE=1
- For simplicity, disable variable range MTRRs: MTRRCAP.vcnt=0.
It's expected that this bit is honored by the guests and they won't
change the guest memory type through variable MTRRs.
Signed-off-by: bliu11 <baohong.liu@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Add PAGING_REQUEST_TYPE_MODIFY_MT memory map request type
- Update map_mem_region() to allow modifying the memory type related
fields in a page table entry
- Add ept_update_mt()
- add modify_mem_mt() for both EPT and MMU
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In current code, on uefi platform, vmcs will be overwritten according to
uefi context, using the exec_vmwrite directly.
This patch use vmx_write_cr<#> interface to init control registers.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Ajust the order of control registers just for more clear in logic.
Will not change the guest init state after the ajustment.
- Add a comment to point out the CR4 should be inited before CR0.
The value of CR4 will be used during CR0 set.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- export start_cpus to start/online APs.
- Add stop_cpus to offline APs.
- Update cpu_dead to decrement running cpus number and do cleanup
for AP down
Signed-off-by: Yin Fegnwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
To handle cpu down/up dynamically, arcn needs to support vmx off/on
dynamically. Following changes is introduced:
vmx_off will be used when down AP. It does:
- vmclear the mapped vcpu
- off vmx.
exec_vmxon_instr is updated to handle start and up AP both. It does
- if vmx was on on AP, load the vmxon_region saved. Otherwise,
allocate vmxon_region.
- if there is mapped vcpu, vmptrld mapped vcpu.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Yin Fegnwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
Per performance consideration, we don't flush vcpu context when doing
vcpu swithing (because it's only swithing between vcpu and idle).
But when enter S3, we need to call vmclear against all vcpus attached
to APs. We need to know which vcpu is attached with which pcpu.
This patch introduced API to get vcpu mapped to specific pcpu.
Signed-off-by: Yin Fegnwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
current_vcpu is not correct when there are multi vcpus in one VM,
using it is in-correct, so remove it.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Retrieve dseed from SeedList HOB(Hand-Off-Block).
SBL passes SeedList HOB to ACRN by MBI modules.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Reviewed-by: Zhu Bing <bing.zhu@intel.com>
Reviewed-by: Wang Kai <kai.z.wang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
keep the global variables access exclusive in vcpu pause & resume.
Signed-]off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The current implementation of per_cpu relies on several non-c99 features,
and in additional involves arbitrary pointer arithmetic which is not MIS-
RA C friendly.
This patch introduces struct per_cpu_region which holds all the per_cpu
variables. Allocation of per_cpu data regions and access to per_cpu vari-
ables are greatly simplified, at the cost of making all per_cpu varaibl-
es accessible in files.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Enable VMX vpid ctrl and assign an unique vpid to each vcpu
so that VMX transitions are not required to invalidate any
linear mappings or combined mappings.
SDM Vol 3 - 28.3.3.3
If EPT is in use, the logical processor associates all mappings
it creates with the value of bits 51:12 of current EPTP.
If a VMM uses different EPTP values for different guests, it may
use the same VPID for those guests. Doing so cannot result in one
guest using translations that pertain to the other.
In our UOS, the trusty world and normal world are using different
EPTP. So we can use the same VPID for it.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We need know which tlb to flush: ept or vpid.
1. error handle for invept.
it's the same with invvpid error handle.
change its name to compatible with vpid.
2. the macro name for flush ept tlb request.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Copy CR0 / CR4 value from normal world context to secure world context
when init secure world.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Wang Kai <kai.z.wang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In current code, sos/uos bsp can only start from 64bit mode.
For sbl platform:
This patch start sos bsp from protected mode by default.
CONFIG_START_VM0_BSP_64BIT is defined to allow start sos bsp
from 64bit mode. If a config CONFIG_START_VM0_BSP_64BIT
defined in config file, then sos bsp will start from 64bit mode.
This patch start uos bsp from real mode, which needs the integration
of virtual bootloader (vsbl).
For uefi platform:
This patch sets sos bsp vcpu mode according to the uefi context.
This patch starts uos bsp from protected mode, because vsbl is not ready
to publish for uefi platform yet. After vsbl is ready, can change to
start uos bsp from real mode.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
In current implementation, a vcpu can only start from real mode
or 64bit mode.
This patch adds support to start a vcpu from protected mode.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
In current implementation, on sbl platform, vm0 bsp
starts from 64bit mode. And hv need to prepare init
page table for it.
In this patch series, on sbl platform, vm0 bsp starts
from non-paging protected mode.
This patch prepares an init gdt for vm0 bsp on sbl
platform.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Translate gva2gpa in different paging modes.
Change the definition of gva2gpa.
- return value for error status
- Add a parameter for error code when paging fault.
Change the definition of vm_gva2gpa.
- return value for error status
- Add a parameter for error code when paing fault.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Use # of paging level to identify paging mode
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
In current implemenation, cr0/cr4 host mask value are set
according to the value from fixed0/fixed1 values of cr0/cr4.
In fact, host mask can be set to the bits, which need to be trapped.
This patch, add code to support exiting long mode in CR0 write handling.
Add some check when modify CR0/CR4.
- CR0_PG, CR0_PE, CR0_WP, CR0_NE are trapped for CR0.
PG, PE are trapped to track vcpu mode switch.
WP is trapped for info of protection when paing walk.
NE is always on bit.
- CR4_PSE, CR4_PAE, CR4_VMXE are trapped for CR4.
PSE, PAE are trapped to track paging mode.
VMXE is always on bit.
- Reserved bits and always off bits are not allow to be set by guest.
If guest try to set these bits when vmexit, a #GP will be injected.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
_Static_assert is supported in C11 standard.
Please see N1570(C11 mannual) 6.4.1.
replace _Static_assert with ASSERT.
Signed-off-by: huihuang shi <huihuang.shi@intel.com>
- 'dispatch' will be null and be referenced if
'basic_exit_reason < ARRAY_SIZE(dispatch_table)'
if false.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
The following massages is not fatal error but should be print to serial and
sbuf at the same time. pr_fatal is not a good choice. pr_acrnlog is designed
to deal with the situation. So replace the following misused pr_fatal with
pr_acrnlog.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Hypervisor shouldn't deal with errno return by hypercall.
The SOS should do this. Here just return the errno to SOS.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
vm_state_info in struct vm_arch is not used, remove it
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Guest CR3 read/write operations are not trapped.
Remove CR3 handling in cr_access_vmexit_handler.
Also remove unused API vmx_read_cr3.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Move from vmexit.c to vmx.c
Declare the functions in vmx.h
Rename the functions' name with prefix vmx_.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
There are some massages which is not fatal error but should to print
to serial and sbuf(hvlog) at the same time. pr_fatal is for fatal error
massages and it is not good choice for the situation above.
Introduce a new API pr_acrnlog to deal with the situation. And replace the
following printf with pr_acrnlog for massages should be print to sbuf and
serial. Then developers can get those massages on serial and BTM(Boot Time
Measurement) can use acrnlog to get those massages from sbuf.
BTM refers to Boot Time Measurement which will read acrnlog file to get
timestamps of steps we want.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
When we create an UOS, we didn't indicate the vmid.
Thus we can't get the vm description for the vm
description array.
Instead we use a temporary vm description to save data to
fill the vm structure when crate an UOS. It's uselesss once
UOS has created. So we don't need to maintain vm description
array here for UOS.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Don't panic system when execute vmxon instruction failed.
And let's follow that only print error info when error return
from library function.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
We cleanup ASSERT. This serial try to only panic when create
SOS failed.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Pointer arithmetic is currently used to calculate the address of a specific
Local Vector Table (LVT) register (except LVT_CMCI) in lapic, since the
registers are continuously placed with fixed padding in between. However each of
these registers are declared as a single uint32_t in struct lapic, resulting
pointer arithmetic on a non-array pointer which violates MISRA C requirements.
This patch refactors struct lapic by converting the LVT registers fields (again
except LVT_CMCI) to an array named lvt. The LVT indices are reordered to reflect
the order of the LVT registers on hardware, and reused to index this lvt array.
The code before and after the changes is semantically equivalent.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
filter out HW exception and NMI from idt_vectoring_info first:
- queue HW exception through vcpu_queue_exception
- make NMI request through vcpu_make_request
this is a complement patch for previous commit "exception: refine exception
injection path", here take care un-injected vectors for types HW exception &
NMI, the previous commit take care SW exception & external interrupt.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
use func vcpu_queue_exception for vcpu_inject_gp and exception_vmexit_handler.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
- inject exception based on exception_info
- inject exception according to priority
- for previous not injected vector - idt_vectoring_info, here only take
care about types for SW exception & external interrupt, the HW exception
& NMI will be taken care by vmexit_handler in the following commit "correct
idt_vectoring_info handling"
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
add func vcpu_queue_exception to queue exception based on SDM Vol3 Table 6-5,
which may cause #DF or triple fault
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
the pending_intr is not only serving for interrupt but also for different
request including TLB & TMR updating, so change the function & variants
name accordingly.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It is an extension of GCC CPP to:
* allow omitting a variable macro argument entirely, and
* use ## __VA_ARGS__ to remove the the comma before ## __VA_ARGS__ when
__VA_ARGS__ is empty.
The only use of ## _VA_ARGS__ is to define the pr_xxx() macros, with the first
argument being the format string and the rest the to-be-formatted arguments. The
format string is explicitly spelled out because another macro pr_fmt() is used
to add to the format string a prefix which is customizable by defining what
pr_fmt() expands to.
For C99 compliance, this patch changes the pr_xxx() macros in the following
pattern.
- #define pr_fatal(fmt, ...) \
- do_logmsg(LOG_FATAL, pr_fmt(fmt), ## __VA_ARGS__); \
+ #define pr_fatal(...) \
+ do_logmsg(LOG_FATAL, pr_prefix __VA_ARGS__); \
Reference:
* https://gcc.gnu.org/onlinedocs/gcc/Variadic-Macros.html#Variadic-Macros
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
According to the syntax defined in C99, each struct/union field must have an
identifier. This patch adds names to the previously unnamed fields for C99
compatibility.
Here is a summary of the names (marked with a pair of *stars*) added.
struct trusty_mem:
union {
struct {
struct key_info key_info;
struct trusty_startup_param startup_param;
} *data*;
uint8_t page[CPU_PAGE_SIZE];
} first_page;
struct ptdev_remapping_info:
union {
struct ptdev_msi_info msi;
struct ptdev_intx_info intx;
} *ptdev_intr_info*;
union code_segment_descriptor:
uint64_t value;
struct {
union {
...
} low32;
union {
...
} high32;
} *fields*;
similar changes are made to the following structures.
* union data_segment_descriptor,
* union system_segment_descriptor,
* union tss_64_descriptor, and
* union idt_64_descriptor
struct trace_entry:
union {
struct {
uint32_t a, b, c, d;
} *fields_32*;
struct {
uint8_t a1, a2, a3, a4;
uint8_t b1, b2, b3, b4;
uint8_t c1, c2, c3, c4;
uint8_t d1, d2, d3, d4;
} *fields_8*;
struct {
uint64_t e;
uint64_t f;
} *fields_64*;
char str[16];
} *payload*;
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
According to the syntax defined in C99, each struct/union field must have an
identifier. This patch removes unnamed struct/union fields that can be easily
expressed in a C99-compatible way.
Here is a summary of structs/unions removed.
struct vhm_request:
union {
uint32_t type; uint32_t type;
int32_t reserved0[16]; => int32_t reserved0[15];
};
struct vhm_request_buffer:
struct vhm_request_buffer {
union { union vhm_request_buffer {
struct vhm_request ...; => struct vhm_request ...;
int8_t reserved[4096]; int8_t reserved[4096];
} }
}
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
The macro GET_DATA_SIZE's code style is not correct,
it is merged by accident,the Pull Request
<fix "obsolete use of designated initializer without '='">
have two commid id,the second commit changed the ucode.c
by mistake.
Now fixed.
Signed-off-by: huihuang.shi <huihuang.shi@intel.com>
According to the comments in hypervisor:
" This file includes config header file "bsp_cfg.h" and other
hypervisor used header files.
It should be included in all the source files."
this patch includes all common header files in hypervisor.h
then removes other redundant inclusions
Signed-off-by: Zide Chen <zide.chen@intel.com>
According to the C99 manual 6.5.15
syntax conditional-expression
logical-OR-expression
logical-OR-expression ? expression :conditional-expression
above bnf rules requires expression not be none
Signed-off-by: huihuang.shi <huihuang.shi@intel.com>
- move vmexit handling into vmexit_handler
- add error handling, failure will inject #GP
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there are data transfer between guest(GPA) & hv(HPA), especially for
hypercall from guest.
guest should make sure these GPAs are address continous, but hv cannot
assure HPAs which mapped to these GPAs are address continous, for example,
after enable hugetlb, a contious GPA range could come from two different
2M pages.
this patch is handling such case by doing gpa page walking during
copy_from_vm & copy_to_vm.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
merge these two APIs to 'dump_intr_excp_frame'
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
rename intr_ctx to intr_excp_ctx
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
only trusty related hypercall will come from UOS, others should come from VM0
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Exception type is missing when inject a #GP.
GP should be injected even when guest irq disabled.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
- MMIO access size is not initialized before
instruction emulation.
- rename 'analyze_instruction()' to 'decode_instruction()'
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
rename atomic_cmpxchg_int to atomic_cmpxchg
replace atomic_cmpset_long with atomic_cmpxchg64
rename atomic_readandclear_long to atomic_readandclear64
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@Intel.com>
1. vpic_wire_mode no need to atomically set its value.
2. uart open conut want to atomically set its value not atomically set
its bits.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Check ept rwx misconfigurations when config memory attribute,
if misconfig it will assert.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Lock should be on target vcpu in function pause_vcpu(), not current vcpu.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add set_memmaps hypercall to support multi regions memmap.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
allocated all pcpus to vm0 to handle possible AP wakeup flow for all cpus,
as we pass org ACPI table to VM0 - that means VM0 can see all CPUs.
SOS(VM0) start expected CPUs through "maxcpus=" kernel cmdline option.
During first hypercall from SOS, calling vm_fixup to free un-expect-enabled
vcpus from VM0.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove sipi_from_efi_boot_service_exit & efi_deferred_wakeup_pcpu workaround
for uefi boot flow
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
wakeup AP need INIT-SIPI-SIPI sequence in old time, now we only need
INIT-SIPI.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- device driver should register valid i/o handlers
in any cases, avoid referencing to default handler
- remove i/o handler test code as they shall
never be NULL.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
If the optimization option is enabled, it is possible that one variable is
not initialized before using in the get_vioapic_info. (In fact the warning is
bogus)
This is only to reduce the compiling warning.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Now one uint64_t type is used to obtain the corresponding descriptor_table
for GDT/IDT. This will cause the stack protect corruption under -O2.
So the descriptor_table struct is added to configure the GDT/IDT of VMCS.
V1->V2: Move the descriptor_table into vmx.h header file
And its type is renamed from dt_addr_t to descriptor_table.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The RFLAGS will be touched in some inline assembly.(exec_vmxon/
RFLAGS_RESTORE). The "cc" constraint should be added. Otherwise
it won't be handled under -O2 option.
And "%%XXX" register should also be added into constraints.
Otherwise it will be optimized incorrectly.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add vlapic_create_timer/vlapic_reset_timer to setup/reset a timer.
Add vlapic_update_lvtt to disarm timer when mode changes.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Using __func__ instead of function string name.
Using tab instead of more whitespace.
Using macro instead of numeric constants.
Remove unnecessary function declaration.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
These code is useless since it just pseudocode. Current it doesn't
support vlapic one-shot/periodic timer.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
make the timer list be ordered to speed up expried timer
process and next timer event finding.
Add timer would not schedule timer unless it's the next
timer event.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
V2->V3: Updated variable name: trampoline_code_paddr
V1->V2: changed variable name: init_ap_code_addr
These page tablea are sitting right after the trampoline code, so adjust it according to
the actual loaded address for trampoline code
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
V3->V4: Updated function/variable names for accurancy
V2->V3: Changed a few function/variable names to make it less confusing
V1->V2: removed the unneccesary cache flushing
- For UEFI boot, allocate memory for trampoline code in ACRN EFI,
and pass the pointer to HV through efi_ctx
- For other boot, scan E820 to allocate memory in HV run time
- update_trampoline_code_refs() updates all the references that need the
absolute PA with the actual load address
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
V2->V3: Fixed the booting issue on MRB board and removed the restriction
of allocate memory from address 0
1) Fix the booting from MRB issue
-#define CONFIG_LOW_RAM_SIZE 0x000CF000
+#define CONFIG_LOW_RAM_SIZE 0x00010000
2) changed e820_alloc_low_memory() to handle corner case of unaligned e820 entries
and enable it to allocate memory at address 0
+ a length = end > start ? (end - start) : 0;
- /* We don't want the first page */
- if ((length == size) && (start == 0))
- continue;
3) changed emalloc_for_low_mem() to enable to allocate memory at address 0
- /* We don't want the first page */
- if (start == 0)
- start = EFI_PAGE_SIZE;
V1->V2: moved e820_alloc_low_memory() to guest.c and added the logic to
handle unaligned E820 entries
emalloc_for_low_mem() is used if CONFIG_EFI_STUB is defined.
e820_alloc_low_memory() is used for other cases
In either case, the allocated memory will be marked with E820_TYPE_RESERVED
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
V1->V2: removed CONFIG_LOW_RAM_START and added ".org 0" to
cpu_secondary.S
The assumption is trampoline code is relocated while HV is not, so:
trampoline code is built at address 0, and CS register is updated
by SIPI to reflect the correct vector
in real mode part, added extra pointers for page tables and long jump buffer
so it's possible for HV code to patch the relocation offset
in long mode part, use absolute addressing when referring HV symbols,
and use relative addressing for symbols within trampoline code
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Currently config_page_table_attr() treats MMU_MEM_ATTR_READ exactly as
MMU_MEM_ATTR_BIT_READ_WRITE for PTT_HOST, so even when MMU_MEM_ATTR_WRITE
is not used, the R/W bit in PTE is still being set
Signed-off-by: Zide Chen <zide.chen@intel.com>
- According to Intel SDM 24.9.2,Vol3, should check the
validity of "VM-exit interruption information" before
extracting the vector of interrupt.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
- rename it to 'io_shared_page' to keep consistent
with ACRN HDL foils.
- update related code that reference this data structure.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
- Add "DBG" or "REL" to indicate the DBG build or REL build explicityly;
- Change the build time format to "%F %T".
Example:
HV version 0.1-rc4-2018-04-28 14:20:32-b2d7282-dirty DBG build by like
Change-Id: Ib410064b0a6603e3c90f30dffa722237c07fc069
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Make assert on max px cnt of boot cpu data, since it shouldn't happen if
px data is properly initialized in boot process.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
The initial of iobitmap pointer should be moved out of loop since address
is sequentially incremented.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
with this patch guest could access idle io port and enter idle normally.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Each VM would have its own Cx data, for now we copy it from boot_cpu_info.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
The cx data is hardcoded within HV, load it to boot_cpu_data when HV boot.
The patch provide a3960 soc cx data for example.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
currently, pass-thru devices are managed by per-vm's remapping entries
which is virtual based:
- MSI entry is identified by virt_bdf+msix_index
- INTx entry is identified by virt_pin+vpin_src
it works but it's not a good design for physical resource management, for
example a physical IOAPIC pin could belong to different vm's INTx entries,
the Device Model then must make sure there is no resource conflict from
application's level.
This patch change the design from virtual to physical based:
- MSI entry is identified by phys_bdf+msix_index
- INTx entry is identified by phys_pin
The physical resource is directly managed in hypervisor, a miss adding
entry will be found by hypervisor and return error message with failure.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
add initialize_timer to initialize or reset a timer;
add_timer add timer to corresponding physical cpu timer list.
del_timer delete timer from corresponding physical cpu timer list.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Get tsc hz by cpuid 0x15 if we supported, otherwise
calibrate tsc by pit timer.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If guest reboot is issued before trusty init hypercall is issued,
we shouldn't destroy ept fo trusty memory because the ept is not
created yet.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Using eax will truncate the high 32bit part of 64bit virtual address.
And the type of sync is unsigned long, so using rbx instead of ebx.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
This is to do the clean-up of IOAPIC mmio-access. Use the same API to
access the IOAPIC register. At the same time it also helps to avoid the
optimization in direct access mode.(The volatile is already added in
mmio_read_long/mmio_write_long)
V1->V2: Follow Fengwei's suggestion to use the mmio_read/write_long
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Now just add some basic feature/capability detect (not all). Vapic
didn't add here for if we must support vapic then the code which
for vapic not supported must remove, like mmio apic r/w.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Split pm.c from cpu_state_tbl.c to put guest power management related
functions, keep cpu_state_tbl.c to store host cpu state table and
related functions.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
for timer list is operated by per-cpu; and no interrupt
service operates it too. So it's unnecessary for spinlock.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
adding "hugepagesz=1G" and "hugepages=X" into SOS cmdline, for X, current
strategy is making it equal
e820_mem.total_mem_size -CONFIG_REMAIN_1G_PAGES
if CONFIG_REMAIN_1G_PAGES is not set, it will use 3 by default.
CONFIG_CMA is added to indicate using cma cmdline option for SOS kernel,
by default system will use hugetlb cmdline option if no CONFIG_CMA defined.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
change its input from map_params to page_table_type, and make it as a
public API.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
before just AP can run "rdtscp" intruction, if run it on BSP,
it will cause "illegal instruction"; now align BSP & AP.
also remove duplicated code.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. exception vector and other information
can be extracted from 'VM-Exit Interrupt-Information'
field of VMCS only if bit31 (Valid) is set.
-Intel SDM 24.9.2, Vol3
2. Rename 'exit-interrupt_info' to 'idt_vectoring_info'
in 'struct vcpu_arch', which is consistent with
SDM 24.9.3, Vol3
3. 'IDT-vectoring information' in VMCS is 32bit
-Intel SDM 24.9.3, Vol3
Update the type of 'idt_vectoring_info' in
'struct vcpu_arch'from 'uint32_t' to 'uint64_t'.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Before referencing to physical address of devs such as lapic, ioapic,
vtd, and uart, switch to virtual address.
Use a phisical address of pml4 to write CR3.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
SDM 24.9.1 Volume3:
- 'Exit reason' field in VMCS is 32 bits.
SDM 24.9.4 in Volume3
- 'VM-exit instruction length' field
in VMCS is 32 bits.
This patch is to redefine the data types of above fields
in 'struct vcpu_arch' and udpate the code using these
two fields.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Since we get cpu feature/capability in boot_cpu_data at boot initialization,
then there no need to get this feature/capability using cpuid again.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Update X86_FEATURE_OSXSAVE when enabled and replace is_xsave_supported
with cpu_has_cap(X86_FEATURE_OSXSAVE).
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add cpu_has_cap API for cpu feature/capability detect instead of
add get_xxx_cap for each feature/capability detect.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove data defination of mmio_addr_t, vaddr_t, paddr_t,
and ioport_t.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
This address maybe invalid if a hostile address was set
in hypercall 'HC_SET_IOREQ_BUFFER'.it should be validated
before using.
Update:
-- save HVA to guest OS's request buffer in hyperviosr
-- change type of 'req_buf' from 'uint64_t' to 'void *'
-- remove HPA to HVA translation code when using this addr.
-- use error number instead of -1 when return error cases.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This is workaround patch to resolve Disti performance issue.
In kernel 4.14, PAT is skipped to initialize if MTRR is not enabled,
while graphics driver need set WC to GGTT memory to accelerate memcpy,
if PAT is not initialized, default PAT register will treat UC- as
uncacheable, which will impact gfx performance. Change PAT default
register value to treat UC- as WC to workaroud this problem.
Revert me when PAT/MTRR strong correlation is removed in kernel.
Signed-off-by: Fei Jiang <fei.jiang@intel.com>
Switch all the referenced virtual address to physical address
include ept mapping, vmcs field, vmxon, vmclear, and vmptrld.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Chen, Jason Cl <jason.cj.chen@intel.com>
Reviewed-by: Yakui, Zhao <yakui.zhao@intel.com>
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Before using a node of list, initialize it.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Yakui, Zhao <yakui.zhao@intel.com>
Reviewed-by: Chen, Jason Cl <jason.cj.chen@intel.com>
Guest OS rdtsc/rdtscp doesn't trap into hypervisor, so remove them.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
if failed to allocate page structure for root_table or context_table,
ASSERT system and return.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
add necessary HPA2HVA/HVA2HPA transition for context_table_addr
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
add necessary HPA2HVA/HVA2HPA transition for root_table_addr
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
when host mmu got updated, it should invalidate TLB & page-struct cache.
currently, there is no mmu update will be done after any AP start, so the
simplest way(to avoid shootdown) is just do invlpg for BSP.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
- change the input param of check_page_table_present from struct map_params
to page_table_type
- check EPT present bits misconfiguration in check_page_table_present
- change var "table_present" to more suitable name "entry_present"
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
check IA32_VMX_EPT_VPID_CAP MSR to see if ept execution only capability
is supported or not
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
cpu_halt actually mean cpu dead in current code, so change it with
more clear name.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
use pcpu_active_bitmap presents which cpu is active
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
APIC-access page which write into VMCS should be hpa
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
virtual-ACPI page which write into VMCS should be hpa
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Guest write tsc: cache the offset into run_context.tsc_offset;
Guest read tsc : use run_context.tsc_offset to calculate guest_tsc.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Before this patch, guest temporary page tables were generated by hardcode
at compile time, HV will copy this page tables to guest before guest
launch.
This patch creates temporary page tables at runtime for the range of 0~4G,
and create page tables to cover new range(511G~511G+16M) with trusty
requirement.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Per trusty design, trusty requires a monotonic increasing
secure tick(TSC) at run time. This secure tick will used
to mitigate password/pin force attack, control key expiration,
etc.
Currently, the TSC_OFFSET is enabled. And guest will got
(host_tsc + tsc_offset) when execute rdtsc/rdtscp/rdmsr to
aquire tsc value. The host_tsc is always keeping increasing
during the runtime.
So initialize tsc_offset of trusty to 0 will ensure the
secure tick feature.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
eptp should be record as PA.
this patch changed nworld_eptp, sworld_eptp and m2p eptp to PA type,
necessary HPA2HVA/HVA2HPA transition is used for them after the change.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- read/write page table entries should use VA which defined as "void *"
- the address data in page table entries should us PA which defined as
"uint64_t"
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The cpu model name of "Intel(R) Celeron(R) CPU J3455 @ 1.50GHz" is used for
APL NUC which is in Acrn official suport list.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Currently acrn partitions cpus between SOS and UOS, so the default
policy is to allow guest managing CPU px state. However we would
not blindly passthrough perf_ctrl MSR to guest. Instead guest access
is always trapped and validated by acrn hypervisor before forwarding
to pcpu. Doing so leaves room for future power budget control in
hypervisor, e.g. limiting turbo percentage that a cpu can enter.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
We can use this interface for VHM to pass per-cpu power state data
to guest per its request.
For now the vcpu power state is per-vm, this could be changed if
per-cpu power state support is required in the future.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
The vm px info would be used for guest Pstate control.
Currently it is copied from host boot cpu.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
The patch takes Intel ATOM A3960 as example that hard code all Px info
which is needed for Px control into Acrn HV and load it in boot process.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
The cpu model name would be used to distinguish which hard coded data
need to be loaded to boot_cpu_data;
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
all callers for fetch_page_table_offset should already make sure
it will not come to an unknown table_leve, so just panic here.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
- walk_paging_struct should return sub_table_addr, if something wrong,
it return NULL
- update_page_table_entry should return adjusted_size, if something wrong
it return 0
the change is valid under release version, as at that time, ASSERT in
walk_paging_struct is empty.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- remove unused map_params in get_table_entry
- add error return for both, which is valid under release version,
as at that time, ASSERT in get_table_entry is empty.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
function break_page_table should return next_level_page_size, if
something wrong, it return 0.
the change is valid for release version, as at that time ASSERT()
in break_page_table is empty.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
function map_mem_region should return mapped_size, if something wrong,
it return 0.
the change is valid for release version, as at that time ASSERT()
in map_mem_region is empty.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add error return for all, which is valid under release version,
as at that time, ASSERT in modify_paging is empty.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
malloc: allocate a block of memory, the contents of the block are undefined.
calloc: allocate a block of memory for an array of num elements and initializes all its bits to zero.
Signed-off-by: yechunliang <yechunliangcn@163.com>
Add check_continuous_hpa API:
when create secure world,if the physical
address is not continuous, will assert.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch added API destroy_secure_world, which will do:
-- clear trusty memory space
-- restore memory to SOS ept mapping
It will be called when VM is destroyed, furthermore, ept of
Secure world will be destroyed as well.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove TODO comments since it has been done below the comments.
Typo fix: startup_info --> startup_param.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1.it doesn't support VMX for guest OS
2.for MSR out of control, inject GP to guest OS.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
--add free_paging_struct api, used for free page tables
it will clear memory before free.
--add HPA2HVA translation when free ept memory
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Before this patch, HV accesses PML4E of secure world when the PML4
doesn't exist,will access null pointer.
Fix as follow:
Before the copy of PDPTE,will allocate memory and write PML4E,
then copy the PDPTE.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Per SDM Vol. 2:
If CPUID.80000008H:EAX[7:0] is supported, the maximum physical address
number supported should come from this field.
This patch gets the maximum physical address number from CPUID leaf
0x80000008 and calculates the physical address mask when the leaf is
available.
Currently ACRN does not support platforms w/o this leaf and will panic
on such platforms.
Also call get_cpu_capabilities() earlier since the physical address mask
is required for initializing paging.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Per SDM:
When CPUID executes with EAX set to 80000000H, the processor returns
the highest value the processor recognizes for returning extended
processor information. The value is returned in the EAX register and is
processor specific.
This patch caches this value in the global cpuinfo_x86.cpuid_leaves. This
value will be used to check the availability of any CPUID extended
function.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enable TSC offset in VMX, so if TSC MSR is changed by guest OS,
write a caculated value into TSC-offset, then host TSC will not be changed.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Reviewed-by: He, Min <min.he@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enable Xsave feature and pass-through it to guests
update based on v2:
- enable host xsave before expose it to guests.
- add validation for the value to be set to 'xcr0' before call xsetbv
when handling xsetbv vmexit.
- tested in SOS guest, created two threads to do different
FP calculations,test code runs in user land of sos.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According to C99:
The empty list in a function declarator that is not part of a definition of
that function specifies that no information about the number or types of the
parameters is supplied.
This means gcc is happy with the following code, which is undesirable.
void foo(); /* declaration with an empty parameter list */
void bar() {
foo(); /* OK */
foo(1); /* OK */
foo(1, 2); /* OK */
}
This patch fixes declarations of functions with empty parameter lists by adding
an unnamed parameter of type void, which is the standard way to specify that a
function has no parameters. The following coccinelle script is used.
@@
type T;
identifier f;
@@
-T f();
+T f(void);
New compilation errors are fixed accordingly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
A bugfix for saving secure world memory info.
Maybe there are multiple UOS, each VM has its own secure
world and normal world, should save memory info into individual VM.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
On some toolchain configurations direct struct assignments will
default to a memcpy operation which is not present in this
environment, so explicitly use the internal memcpy_s function.
Signed-of-by: Rusty Lynch <rusty.lynch@intel.com>
Save the pointer of efi_ctx in mi_drivers_addr field of
multiboot structure and pass to hypervisor, not by
saving in register RDX(the third default parameter in
64bit call function).
With this method, we can be compatible with the original
32bit boot parameters passing method and no need to
large the array size of boot_regs in hypervisor.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Currently, the serial log is printed through IO(0x3f8).
Secure World will print serial log by port 0x3f8. So
remove the ASSERT for Secure World booting.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
For trusty bring-up, key_info is needed.
Currently, bootloader did not transfer key_info to hypervisor.
So in this patch, use dummy key_info temporarily.
Derive vSeed from dSeed before trusty startup, the vSeed will
bind with UUID of each VM.
Remove key_info from sworld_control structure.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
UOS_Loader will trigger boot of Trusty-OS by HC_INITIALIZE_TRUSTY.
UOS_Loader will load trusty image and alloc runtime memory for
trusty. UOS_Loader will transfer these information include
trusty runtime memory base address, entry address and memory
size to hypervisor by trusty_boot_param structure.
In hypervisor, once HC_INITIALIZE_TRUSTY received, it will create
EPT for Secure World, save Normal World vCPU context, init
Secure World vCPU context and switch World state to Secure World.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
For ARM, The SMC instruction is used to generate a synchronous
exception that is handled by Secure Monitor code running in EL3.
In the ARM architecture, synchronous control is transferred between
the normal Non-secure state and the Secure state through Secure
Monitor Call exceptions. SMC exceptions are generated by the SMC
instruction, and handled by the Secure Monitor.The operation of
the Secure Monitor is determined by the parameters that are passed
in through registers.
For ACRN, Hypervisor will simulate SMC by hypercall to switch vCPU
State between Normal World and Secure World.
There are 4 registers(RDI, RSI, RDX, RBX) reserved for paramters
passing between Normal World and Secure World.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
for release version, the vuart is not be used - pin 4 then is not used
by hypervisor.
this patch adds check for vm0->vuart to distinguish it.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
functions ptdev_build_physical_rte & activate_physical_ioapic
doesn't need to get parameters like phys_irq, ptdev_intx_info or vector
from caller, instead they can derive from entry.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
this patch is a preparation for changing ptdev remapping entry from
virtual to physical based, it changes the ptdev_lock from per-vm to
global, as entries based on physical mode are global resource.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
this patch is a preparation for changing ptdev remapping entry from
virtual to physical based, it changes the ptdev_list from per-vm to
global, as entries based on physical mode are global resource.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Generate all common virtual cpuid entries for flexible support of
guest VCPUID emulation, by decoupling from PCPUID.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Chen, Jason CJ <jason.cj.chen@intel.com>
microcode update from UOS is disabled.
microcode version checking is available for both SOS and UOS.
There are two TODOs of this patch:
1. This patch only update the uCode on pCPUs SOS owned. For the
pCPUs not owned by SOS, the uCode is not updated. To handle
this gap, we will have SOS own all pCPUs at boot time. So
all pCPUs could have uCode updated. This will be handled
in the patch to enable SOS own all pCPUs at boot time.
2. gva2gpa now doesn't check possible page table walk failure.
Will add the failure check in gva2gpa in different patch.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Anthony Xu (anthony.xu@intel.com)
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
Add a global boot_cpu_data to cache common cpu capbility/feature
for detect cpu capbility/feature.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
this patch is to detect and enable only APICv features which
are actually supported by the processor, instead fo tuning on
all features by default.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
-If "virtual-interrupt delivery" VM-execution control is 0,
Processor will causes an APIC-write VM exit if page offset
is 0xB0 (EOI), SDM Vol3, Chapter 29.4.3
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
this patch save native lapic configuration and restore it to vm0's vlapic
before its running, then doing hpet timer interrupt injection through vlapic
interface -- this will not mess up vlapic and we can see hpet
timer interrupt coming continuously.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
we added uefi stub for hv, and want vm0 continue running under uefi env to
boot other uefi payload (osloader or bzImage).
during this, the uefi timer irq need be handled elegantly.
there are 3 types for uefi timer:
1. 8254 based on IRQ0 of PIC
2. HPET based on IOAPIC
3. HPET based on MSI
currently, we only support type 3 (HPET+MSI). But we are following a
in-correct flow to handle this timer interrupt:
- we set VMX_ENTRY_INT_INFO_FIELD directly if a timer interrupt happened
before vcpu launching, this will make its vlapic mess up, which finally
cause hpet timer stop.
this patch remove this in-correct approach, the new approach patch will
be followed by next patch.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
According to the explaination for pref_address
in Documentation/x86/boot.txt, a relocating bootloader
should attempt to load kernel at pref_address if possible.
But due to a non-relocatable kernel will unconditionally
move itself and to run at perf address, no need to copy
kernel to perf_address by bootloader.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
info->phys_pin need be used by ptdev_build_native_rte when updating entry
TODO: currently ptdev entry is virtual based, the better solution should
be physical based.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
It is possible that the vm-entry fails in vmresume instr under some scenarios.
It will pass to next instruction following vmresume. In such case it will call
the vmlaunch again.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
1. refine multiboot related code, move to /boot.
2. firmware files and ramdisk can be stitched in iasImage;
and they will be loaded as multiboot modules.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Add 'CPU_PAGE_MASK' used for calculate address,
Change IA32E_REF_MASK from 0x7ffffffffffff000 to 0x000ffffffffff000
for MMU/EPT entry, bit62:52(ignore) bit63(VE/XD)
if we want to obtain the address from the MMU/EPT entry,need to clear
bit63:52 by IA32E_REF_MASK
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
This patch is prepared for enabling secure world feature.
this api will create new eptp for secure world, whose PDPT
entries are copied form normal world,the PML4/PDPT for secure
world are separated from Normal World, PD/PT are shared in the
Secure World's EPT and Normal World's EPT.Secure world can
access Normal World's memory, but Normal World can not access
Secure World's memory
This function implemented:
-- Unmap specific memory from guest ept mapping
-- Copy PDPT from Normal world to Secure world
-- Map specific memory for Secure world
-- Unmap specific memory from SOS ept mapping
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
On the APL NUC board (CPU family: 0x6 model: 92), the monitor is buggy.
We can't use it to wake up CPU core from mwait by memory monitor.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add key info structure
add sworld_eptp in vm structure, and rename ept->nworld_eptp
add secure world control structure
Change-Id:
Tracked-On:220921
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
