This patch fix some potential crash issues, like wild
pointers access, buffer overflow and etc.
Change-Id: Iddd8e1820da426adc6b9b4d9da9e44017d9f365c
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With current implementation:
vm_init_vdevs only handles the negative error code, while passthru_init
returns positive error code when error occurs.
This causes unexpected dm crash since the real error is not being
handled properly.
What this patch does:
Change the error code to be negative value in passthru_init because it
is common in Linux kernel to return negative value when error occurs.
v2 -> v3
* add more comments about the reason to convert the return value
v1 -> v2:
* add a wrapper API to convert the error returned from pci_system_init
to the ERROR we defined in DM
* use the defined errno as the return value rather than -1
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The Intel Trace Hub (aka. North Peak, NPK) is a trace aggregator for
Software, Firmware, and Hardware. On the virtualization platform, it
can be used to output the traces from SOS/UOS/Hypervisor/FW together
with unified timestamps.
There are 2 software visible MMIO space in the npk pci device. One is
the CSR which maps the configuration registers, and the other is the
STMR which is organized as many Masters, and used to send the traces.
Each Master has a fixed number of Channels, which is 128 on GP. Each
channel occupies 64B, so the offset of each Master is 8K (64B*128).
Here is the detailed layout of STMR:
M=NPK_SW_MSTR_STP (1024 on GP)
+-------------------+
| m[M],c[C-1] |
Base(M,C-1) +-------------------+
| ... |
+-------------------+
| m[M],c[0] |
Base(M,0) +-------------------+
| ... |
+-------------------+
| m[i+1],c[1] |
Base(i+1,1) +-------------------+
| m[i+1],c[0] |
Base(i+1,0) +-------------------+
| ... |
+-------------------+
| m[i],c[1] |
Base(i,1)=SW_BAR+0x40 +-------------------+
| m[i],c[0] | 64B
Base(i,0)=SW_BAR +-------------------+
i=NPK_SW_MSTR_STRT (256 on GP)
CSR and STMR are treated differently in npk virtualization because:
1. CSR configuration should come from just one OS, instead of each OS.
In our case, it should come from SOS.
2. For performance and timing concern, the traces from each OS should
be written to STMR directly.
Based on these, the npk virtualization is implemented in this way:
1. The physical CSR is owned by SOS, and dm/npk emulates a software
one for the UOS, to keep the npk driver on UOS unchanged. Some CSR
initial values are configured to make the UOS npk driver think it
is working on a real npk. The CSR configuration from UOS is ignored
by dm, and it will not bring any side-effect. Because traces are the
only things needed from UOS, the location to send traces to and the
trace format are not affected by the CSR configuration.
2. Part of the physical STMR will be reserved for the SOS, and the
others will be passed through to the UOS, so that the UOS can write
the traces to the MMIO space directly.
A parameter is needed to indicate the offset and size of the Masters
to pass through to the UOS. For example, "-s 0:2,npk,512/256", there
are 256 Masters from #768 (256+512, #256 is the starting Master for
software tracing) passed through to the UOS.
CSR STMR
SOS: +--------------+ +----------------------------------+
| physical CSR | | Reserved for SOS | |
+--------------+ +----------------------------------+
UOS: +--------------+ +---------------+
| sw CSR by dm | | mapped to UOS |
+--------------+ +---------------+
Here is an overall flow about how it works.
1. System boots up, and the npk driver on SOS is loaded.
2. The dm is launched with parameters to enable npk virtualization.
3. The dm/npk sets up a bar for CSR, and some values are initialized
based on the parameters, for example, the total number of Masters for
the UOS.
4. The dm/npk sets up a bar for STMR, and maps part of the physical
STMR to it with an offset, according to the parameters.
5. The UOS boots up, and the native npk driver on the UOS is loaded.
6. Enable the traces from UOS, and the traces are written directly to
STMR, but not output by npk for now.
7. Enable the npk output on SOS, and now the traces are output by npk
to the selected target.
8. If the memory is the selected target, the traces can be retrieved
from memory on SOS, after stopping the traces.
Signed-off-by: Zhi Jin <zhi.jin@intel.com>
Reviewed-by: Zhang Di <di.zhang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In virtio_heci struct there have deiniting/pending_reset/resetting
variables. All these variables represent the status of virtio heci devices.
Change them into one enum type variable for vheci status.
Signed-off-by: Long Liu <long.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
NHLT table is used by some audio driver for topology data, but current
default audio driver doens't depend on it. Disable it by default due
to possible boot failure with different SOS firmware.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
This patch implements scalable xHCI parameter for extended capabilities.
For future supported platform, user can be easy to specify their
platform to emulate corresponding xHCI capabilities.
The new usage:
-s <n>,xhci,[bus1-port1,bus2-port2]:[tablet]:[log=x]:[cap=x]
The old usage:
-s <n>,xhci,[bus1-port1,bus2-port2]:[tablet]:[log=x]
Change-Id: Ie8ba056d57cac9446bcf3f39b342c7ac22245c61
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Reviewed-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
This patch implements Intel ApolloLake xHCI extended capabilities. It
includes two dual role switch registers for switching shared
USB2&USB3 phys between xHCI and xDCI.
Change-Id: I2533537d8a4224da3cf9b2e7475aab9f65347a4a
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Reviewed-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Some xHCI extended capabilities are writable. This patch adds the
writing function for excap.
Change-Id: Ie8b144b47ffa261f97d0461bf97b0c4d312a9333
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Reviewed-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Every platform should have their own xHCI specific extended
capabilities, but the current xHCI DM is not scalable for them. This
patch refines related logic to make it scalable.
Current code only support 4 registers(4*32) as basic extended
capabilites. Base on this new implementation, the mmio range from
excapoff to regsend will cover real excap size according to the cap
parameter.
Change-Id: Ic55a4494e090ec255939cdb8f32950e3c8a66082
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Reviewed-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
The VIRTIO_PCI_CAP_PCI_CFG capability creates an alternative access
method to the common configuration, notification, ISR and device-
specific configuration regions.
To access a device region, the driver writes into the capability
structure (ie. within the PCI configuration space) as follows:
- The driver sets the BAR to access by writing to cap.bar
- The driver sets the size of the access by writing 1, 2 or 4 to
cap.length
- The driver sets the offset within the BAR by writing to cap.offset
At that point, pci_cfg_data will provide a window of size cap.length
into the given cap.bar at offset cap.offset.
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Virtio 1.0 introduced several PCIY_VENDOR capabilities. When trying to
write to these capabilities no action is taken so the registers in
the capability of VIRTIO_PCI_CAP_PCI_CFG such as bar, offset and length
remain the default value 0. Later a read or write of pci_cfg_data needs
these information to perform the indirect read or write to the bar
region.
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
pci_emul_find_capability can be used to get the offset of a PCI
capability in PCI configuration space.
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Move rpmb_sim.c and rpmb_backend.c to hw/platform/rpmb/
Signed-off-by: Huang Yang <yang.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
A simulated rpmbfile requires to enable 4MB access by writing
the last byte.
Otherwise, the read operation should be failed if no write
was operated on the address greater than the read address.
Writing the last byte during file creating ensures the whole
4MB address is readable.
Signed-off-by: Huang Yang <yang.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Fix by a fixed string length and correcting return value
Signed-off-by: Huang Yang <yang.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
With '--ptdev_no_reset', DM doen not abort but warn when assign PCIe
dev without reset capability.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Check reset method for PCIe dev according to 'reset' in sysfs, which
indicates reset capability, like FLR and secondary bus reset. PCIe dev
without reset capability is refused for passthrough to avoid failure
after UOS reboot.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Support log level options, which could change the related log level
without code change.
The new usage:
-s <n>,xhci,[bus1-port1,bus2-port2]:[tablet]:[log=x]
eg: -s 8,xhci,1-2,2-2:log=D
eg: -s 7,xhci,tablet
eg: -s 7,xhci,1-2,2-2:tablet
Note: please follow the board hardware design, assign the ports
according to the receptacle connection
Change-Id: I44639c7b076d21a40eb8f7b99cea8decc5c13c0c
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Re-write the xHCI option parse function to support port mapper.
The new usage:
-s <n>,xhci,[bus1-port1,bus2-port2]:[tablet]
eg: -s 8,xhci,1-2,2-2
eg: -s 7,xhci,tablet
eg: -s 7,xhci,1-2,2-2:tablet
Note: please follow the board hardware design, assign the ports
according to the receptacle connection
Change-Id: I3c8392f7e15580cf768c8c4a619d705411da699d
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add support for xHCI de-initialization when the guest
dose shutdown or reboot.
Change-Id: I3dfc1ed1a905b455ef455dff2065e872aa5c1ef8
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add support for xHCI port sharing feature, which enable the ability
to assign different native ports to different multi-UOSes. For
example:
1-2,1-2 assigned to UOS-1.
1-1,2-1 assigned to UOS-2.
Change-Id: I899070f7a8a6eb23179e41e7b1f1da24c52482b2
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
New USB APIs:
usb_native_is_bus_existed/usb_native_is_port_existed: Check if specific
usb bus or port are valid or not.
usb_native_is_ss_port: Check if the specific port is supper speed usb port.
Change-Id: I9ab54f6e81742321128d6abd5845ef966f0e9f37
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Implements the disconnect callback of libusb which will be called once
USB device plug out.
Change-Id: Ic5f072f08a92270e6e5836b49e5066da783af243
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Support USB mouse, USB keyboard and USB flash drive by enabling the
USB bulk and interrupt transfer for port mapper.
Change-Id: Ia202729e0cfb26fb44a6b278cf4306f2b0b6fa36
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch implements the port change event related function, it
triggered when USB device be hot plugged in.
Change-Id: I065c1e93779f85f8ee6031960e129b59146e1bb7
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch implements the control transfer for port mapper. With this
patch, USB2.0 device can be enumerated successfully in user OS.
Change-Id: I567bd00ca310d68375acd94a5cc5bcd287665df1
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Allocate an emulated USB instance in connect callback function. This
instance is the entity of virtual USB device which will be enumerated
by the UOS.
Change-Id: I948d2ce9eca7e9d5bbab673f2505efc0a03c03b4
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Introduce the struct usb_dev which is used to abstract the physical USB
devices. And APIs for external call are also provided.
Change-Id: Ia25d52a6c670040da787f82b3bea34eee9f3d04d
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change the DPRINTF macro to UPRINTF for USB subsystem. The
UPRINTF will print log according to certain log level.
Change-Id: I5db8813357c9f684c25f23650e7c914f9063f842
Signed-off-by: Wu, Xiaoguang <xiaoguang.wu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Full logic to supprot vRPMB:
1. Automatic switch between physical or simulated RPMB.
But hardcode to use simulated one.
2. Parse RPMB cmd to basic APIs to:
2.1 check request frame HMAC with uos vkey
2.2 replace RPMB frame with real values.
3. RPMB partitioning for multiple UOS.
It's hardcoded for coming config file support.
Signed-off-by: Huang Yang <yang.huang@intel.com>
Signed-off-by: Du Min <minx.du@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
Create file as simulated RPMB storage for pre-production usage.
Add RPMB APIs to emulate behavior of physical RPMB controllor.
Signed-off-by: Huang Yang <yang.huang@intel.com>
Signed-off-by: Du Min <minx.du@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
This patch implements virtio rpmb backend VBS-U component,
it includes the basic module interface with DM. This
component will work with vRPMB FE driver together to
provide one communication channel between UOS and SOS.
Signed-off-by: weideng <wei.a.deng@intel.com>
Signed-off-by: yingbinx <yingbinx.zeng@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
suspicious dereference of pointer 'fi->fi_devi'
by passing it to function 'pci_emul_free_bars()'
before NULL check.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
This commit is reported to cause UOS reboot fail becasue the
pci_businfo[] only be allocated when calling pci_parse_slot
in dm initialization while UOS reboot will not allocate again.
So we can't free it here.
This reverts commit 7aaff68798.
Signed-off-by: Jie Deng <jie.deng@intel.com>
Entries of pci_businfo[] allocated in function "pci_parse_slot"
using calloc need to be freed when deinit.
Signed-off-by: Jie Deng <jie.deng@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Right now, the virtio_heci_proc_rx only process the first
available client at a time, then clear rx_need_sched flag to make
rx_thread sleep. It cause the remain data available clients lost the
current change to be processed. This patch resolves this issue, to
process all data available clients in a round prior to push rx_thread
enter sleep.
Signed-off-by: Long Liu <long.liu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With rare probability, the two threads may try to get&put client
together. For client getting, the subsequent thread will get one
destroyed client. For client putting, it will cause acrn-dm get crashed
due to assert be triggered in virtio_heci_client_put.
Signed-off-by: Long Liu <long.liu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The original code assume there is only one configuration for
virtio-blk, and 'b' is just located after that configuration,
so to get the value of 'b', it will end char *config by adding
'\0' after the first configuration.
Thus, char *config will change from:
/XXXX_vdisk_file,range=xxx/xxx
to:
/XXXX_vdisk_file
and char *b will point to:
range=xxx/xxx
So, the range will never take effect for virtio-blk.
Now, 'b' is designed to located just after emul, and
char *config will point to all configurations after 'b'.
Note: only ",b," is taken for boot device option.
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
All related resources are freed in virtio_input_deinit.
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The implementation of virtio_input_get_config is based on ioctl of
evdev fd. The following properties of input device are got by ioctl
to service configuation request from FE driver:
- name and devids
- propbit
- evbit: keybit/relbit/absbit/mscbit/swbit
- absbit
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Input events are read from host evdev fd and cached into a local queue.
When SYN_REPORT is read, the cached input events are sent to guest via
EVENT virtqueue. Guest input events are read from STATUS virtqueue then
written to host evdev fd.
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch implements the callbacks required by virtio_input_ops:
reset/cfgread/cfgwrite/apply_features/set_status.
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The following are done in virtio_input_init:
- parse the command line to get the path of host evdev
- parse the command line to get the optional serial string
- calloc struct virtio_input and initialize it
- call virtio framework APIs to initialize virtio PCI
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch adds the data structures and macros used to implement
virtio-input.
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Hao Li <hao.l.li@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
