This patch fixes the MISRA-C violations in arch/x86/io.c.
* add the required brackets for logical conjunctions
* add the required 'else' for 'if ... else if' case
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1) Fix procedure has more than one exit point.
2) Add some brackets to make logical conjunctions more readable.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fixes the MISRA-C violations on implicit type conversion.
For ptirq vpin source type, there is no need to define a enum.
Remove enum ptirq_vpin_source.
Define two macro:
- PTDEV_VPIN_IOAPIC
- PTDEV_VPIN_PIC
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
When adding ptirq entries, either successes with all number of entries added or
fails with none entries addes.
So remove added ptirq entries if error occurs during the process.
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixs the MISRA-C violations in arch/x86/assign.c
on multiple exits.
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fix the MISRA-C violations in arch/x86/assign.c
on potential null pointer deference.
Also add a break in case statement.
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixes the MISRA-C violations in arch/x86/assign.c
on implicit type conversion.
Tracked-On: #861
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
before PCI_BDF uses its hex value like "0xC2" for "0:18.2" to
configure, now use "0:18.2" directly to make it more readable
and easier to configure.
Tracked-On: #2031
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit fixed following violations:
- Procedure has more than one exit point: free_irq_vector/request_irq/dispatch_interrupt
- goto detected: dispatch_interrupt
- Pointer param should be declared pointer to const: fixup_idt
- basic type declaration used: fixup_idt
Tracked-On: #861
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixes the MISRA-C violations in arch/x86/lapic.c, change local variable from
uint32_t to uint64_t to avoid potential numeric overflow.
Tracked-On: #861
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1) Separate ASM and C code inserts as pure procedures with a defined interface.
2) Fix procedure has more than one exit point.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Gloabal variable should be declared constant wherever possible to avoid unintentional
modification.
Tracked-On: #861
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixes the MISRA-C violations in arch/x86/vmcs.c.
* make the function have only one exit point
v1 -> v2:
* update 'is_cr0_write_valid' and 'is_cr4_write_valid'
use `if ... else` rather than check 'ret' value
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixes the MISRA-C violations in arch/x86/vmcs.c
and arch/x86/vmx.c.
* add the required 'const' for pointer param if the object
pointed by the pointer is not modified
* remove the unnecessary cast on pointer
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixes the MISRA-C violations in arch/x86/vmcs.c.
* add local variable if the input parameter passed by value
is changed in function definition
* move the variable declaration inside function scope if
this variable is only used in one function
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixes the MISRA-C violations in arch/x86/vmcs.c.
* add the missing space before or after binary operator
* add the required brackets for logical conjunctions
* remove the redefined MACROs
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MIRSA-C requires the const qualifier should be applied to pointer parameters
that address data not subject to change in rule 120D.
Tracked-On #861
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. move out vm related code from arch/pm.
2. remove unnecssary global variables.
3. keep the global variables as static, not used
by other modules directlly.
Tracked-On: #1842
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
-- fix MISRA-C violation "procedure has more than one exit point"
for this api
-- change start_vm to void type since it is always return 0
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add get_ibrs_type API to get ibrs type.
this patch fix Misra C violation:
filename:/hypervisor/arch/x86/security.c function:None offset:19:
reason:Variable should be declared static. : ibrs_type
Tracked-On: #861
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
there are still some security related funcs in cpu_caps.c & cpu.c,
move them out into security.c.
Changes to be committed:
modified: Makefile
modified: arch/x86/cpu.c
modified: arch/x86/cpu_caps.c
modified: arch/x86/guest/vcpu.c
new file: arch/x86/security.c
modified: arch/x86/trusty.c
modified: arch/x86/vmx_asm.S
modified: include/arch/x86/cpu.h
modified: include/arch/x86/cpu_caps.h
modified: include/arch/x86/per_cpu.h
new file: include/arch/x86/security.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
deinfe rule like below:
- must support TPR shadow and apicv access
- based on above, check apicv register support
- based on above, check virtual interrupt delivery and post
interrupt support
Changes to be committed:
modified: arch/x86/cpu_caps.c
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
- we should not use print function before tsc setup
- is_ept_supported is internal API
- add is_apicv_supported to check apicv feature
- rename some functions to verb+obj format or better name
Changes to be committed:
modified: arch/x86/cpu.c
modified: arch/x86/cpu_caps.c
modified: include/arch/x86/cpu_caps.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
has_monitor_cap is more suitable name
v2:
- rename to has_monitor_cap
Changes to be committed:
modified: arch/x86/cpu.c
modified: arch/x86/cpu_caps.c
modified: include/arch/x86/cpu_caps.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
in cpu_caps.c, the vmx_caps & cpu_caps can be combined.
Changes to be committed:
modified: arch/x86/cpu_caps.c
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
move cpu caps related functions like capability init/detect/check
in cpu.c & mmu.c into a new file cpu_caps.c
Changes to be committed:
modified: developer-guides/hld/hv-memmgt.rst
modified: ../hypervisor/Makefile
modified: ../hypervisor/arch/x86/cpu.c
new file: ../hypervisor/arch/x86/cpu_caps.c
modified: ../hypervisor/arch/x86/mmu.c
modified: ../hypervisor/arch/x86/vmx_asm.S
modified: ../hypervisor/include/arch/x86/cpu.h
new file: ../hypervisor/include/arch/x86/cpu_caps.h
modified: ../hypervisor/include/arch/x86/guest/vm.h
modified: ../hypervisor/include/arch/x86/mmu.h
modified: ../hypervisor/include/arch/x86/vmcs.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix violation "procedure has more than one exit point"
for this api.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For security, this patch add one flag per vm and disable snoop control
for sos and enable snoop control for uos by default.
v2: add one flag in vm, not in iommu domain.
v3: add vm null check
Tracked-On: #2086
Signed-off-by: Zhipeng Gong <zhipeng.gong@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
vmx.c should only take care host vmx operations, which should not
contain vcpu reference, so refine vmx on/off APIs, move out use
of vcpu by adding one per cpu vmcs_run pointer.
as now each pcpu only run on one vcpu, so just keep running vmcs
in per cpu vmcs_run pointer is enough.
Changes to be committed:
modified: arch/x86/cpu.c
modified: arch/x86/init.c
modified: arch/x86/pm.c
modified: arch/x86/vmcs.c
modified: arch/x86/vmx.c
modified: include/arch/x86/per_cpu.h
modified: include/arch/x86/vmx.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove no need included header files and macro definitions
Changes to be committed:
modified: arch/x86/vmcs.c
modified: include/arch/x86/vmcs.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
one part is pure vmx operations which keeps in vmx.c
the other part is vmcs operations which is vcpu related, move them
into vmcs.c
Changes to be committed:
modified: Makefile
copied: arch/x86/vmx.c -> arch/x86/vmcs.c
modified: arch/x86/vmx.c
modified: arch/x86/vmx_asm.S
modified: include/arch/x86/hv_arch.h
new file: include/arch/x86/vmcs.h
modified: include/arch/x86/vmx.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
The bit mask for an out instruction is only applied to hv inout
handlers.
Apply the bit mask to dm inout handlers as well.
Tracked-On: #2075
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
By switching AP wakeup from broadcast to one by one, we could
set correct stack for each AP and drop the temp stack used during
AP boot.
Tracked-On: #2034
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
there is no need to clear CR4.TSD as there is no user mode
in ACRN hypervisor.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
now UP2 board use ttyS1 as debug uart in HV, and vuart ttyS0 in
SOS kernel (acrn.conf default configure), its default IRQ is 4,
but SOS kernel will also assign IRQ4 to its ttyS1, they're sharing
one IRQ, and it can cause SOS boot hung issue, for HV not support
sharing IRQ now.
some boards use ttyS0 as debug uart, it has not this issue; for that
board, SOS will assign IRQ5 to its ttyS1, no sharing IRQ.
change it to IRQ6 to avoid the issue.
Tracked-On: #2030
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
106D No prototype for non-static function.
2 functions missing prototyle declarations in header file.
120S Use of bit operator on signed type.
123S Use of underlying enum representation value.
enum values are treated like unsigned integer in vmsr.c
Tracked-On: #861
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
With SMAP enabled, hypervisor can't access pages that
owned by guest(either SOS or UOS), and an override is
is provided: stac()/clac() to enable/disable access to
guest's memory pages.
Pre-conditon:
Mark hypervisor owned pages as supervisor mode (U/S = 0),
and set all othter memory pages as user mode (U/S = 1).
Tracked-On: #2056
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MTRR emulation belongs to virtual CPU component.
- rename mtrr.c to vmtrr.c and move it to arch/x86/guest
- rename mtrr.h to vmtrr.h and move it to include/arch/x86/guest
Tracked-On: #1842
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Intercept IA32_TSC_ADJUST MSR so that writing IA32_TSC_ADJUST from the
guests won't impact the TSC in root mode or potentially other vCPUs in
the same pCPU.
- MSR TSC_ADJUST needs to be isolated between normal and secure world,
so it's included in NUM_WORLD_MSRS.
- Upon writing to either IA32_TSC_ADJUST or IA32_TSC from the guests,
don't write to physical MSRS so it won't impact the host side, but
update the TSC offset VM-execution control.
- don't need to intercept rdmsr for IA32_TIME_STAMP_COUNTER.
- add the missing statement in save_world_ctx() to save the tsc_offset
during world switch.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
hypervisor initilization component triggered by boot component,
and it calls different components initilization functions from
the highest layer.
this patch added init.c and move reorged cpu init functions into
it, keep hardware management functions in cpu.c but move other
components' init function into init.c.
the hypervisor initilization components will call:
- init_cpu_pre
- init_cpu_post
- init_bsp
- init_debug_pre
- init_debug_post
- init_guest
- init_passthru
- enter_guest_mode
the hypervisor initilization component include files:
arch/x86/init.c
include/arch/x86/init.h
this component is higest layer, so there is no reverse dependencies for it.
v2:
- separate into 2 patches, 1 for reorg, 1 for pure move.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
reorg both init functions, separate the initilization of different
components.
v2:
- separate into 2 patches, 1 for reorg, 1 for pure move.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
functions like set_vcpuid_entries & guest_cpuid should only
server for virtual cpuid, so move such kind of functions
to guest/vcpuid.c.
and all native cpuid APIs will keep in cpuid.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Combination of BOARD and FIRMWARE is a more precious definition.
And we decide PLATFORM_XXX based on FIRMWARE, remove relative one in
board config.
We reserve PLATFORM for backward compatibility.
Tracked-On: #1995
Signed-off-by: Tw <wei.tan@intel.com>
Reviewed-by: Yin Fengwei < fengwei.yin@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
- enable NX feature in hypervisor:
1. Set 'XD' bit for all pages, including pages for guests
when initialize MMU tables in hypervisor.
2. remove 'XD' bit for pages that contain hypervisor instructions.
3. enable MSR EFER.NXE,which will enable page access restriction by
preventing instruction fetches form pages with XD bit set.
- remove "-Wl -z noexecstack" GCC flag option in hypervisor
Makefile as it would not affect stack attribute in hyervisor,
which setup stack itself, instead of by loader.
Tracked-On: #1122
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. change its APIs as more indepentent, and modify the callers' code
2. limit its global variables as static, and return const to the callers
3. remove unused code in "CONFIG_CMA"
Tracked-On: #1842
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. e820 is modulized as separated files.
2. move boot_regs into multiboot.h as it's related with
multiboot info header
Tracked-On: #1842
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
based on previous patch, we can move idt.S and idt.h out of boot component
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
we will not enable interrupt until interrupt_init, so we can defer idt
fixup and lidt to interrupt_init.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
we are not using ldt, so just init fs & gs with 0x10 which lead to
data segement descriptor in gdt.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently there are two fields in ext_context to emulate IA32_PAT MSR:
- ia32_pat: hold the value of the emulated IA32_PAT MSR
- vmx_ia32_pat: used for load/store IA32_PAT MSR during world switch
This patch moves ext_context->ia32_pat to the common placeholder for
emulated MSRs acrn_vcpu_arch->guest_msrs[].
Also it renames ext_context->vmx_ia32_pat to ext_context->ia32_pat to
retain same naming convention in struct ext_context.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- implement unified APIs to access guest_msrs[] under struct acrn_vcpu.
- use these new APIs to read/write emulated TSC_DEADLINE MSR
- switch world_msrs[] and guest_msrs[] during world switch for MSRs that
need world isolation
- remove the old guest_msrs[] array and it's index macros.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Create two arrays for emulated MSRs:
- guest_msrs[] in struct acrn_vcpu_arch: emulation for all MSRs that are
included in emulated_guest_msrs[].
- world_msrs[] in struct cpu_context: it has separate copies for secure and
normal world for those MSRs that are in the first NUM_WORLD_MSRS entries
in emulated_guest_msrs[].
Split vmsr.c/emulated_msrs[] into 3 smaller arrays:
- emulated_guest_msrs[]: corresponding MSRs are emulated in guest_msrs[]
- mtrr_msrs[]: emulated MTRRs are saved in vMTRR module
- unsupported_msrs[]: GP for any guest accesses
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Identifier reuse may arise confusion. So should minimize the case of it
as much as possible. This patch is try to do this except the PCI related
module.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
MISRAC requires that the array size should be declared explicitly.
Tracked-On: #861
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Implicit conversion may result in loss of information or undefined behaviour.
So make it with explicit conversion.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
There may the theoretic infinite loop with some code. But actually it doesn't.
This patch make these code more obvious it's not a potentially infinite loop.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
On platforms, that do not support APICv register virtualization, all the
x2APIC MSRs need to intercepted by ACRN for emulation.
Tracked-On: #1973
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
This patch does:
- remove the unused API declaration
- fix use of uninitialized variable in instr_emul.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Since "uint8_t page[CPU_PAGE_SIZE]" wants to ensure the first_page only
took PAGE_SIZE memory space and aligned to PAGE_SIZE. However, it couldn't.
So just make it simpler.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Qi, Yadong <yadong.qi@intel.com>
This patch adds the necessary space before or after binary operator.
v1 -> v2:
* minor fix related to integer
[i - 1] ====> [i - 1U]
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
The function not used in extern c file, must add static.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The result of evaluate expression,it's type should be boolean.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Input parameter of mmio_write64/mmio_write32/mmio_write16/mmio_write8
should be 'void *addr' rather than 'const void *addr' since the object
pointed by 'addr' is modified in these operations.
This patch change the param type of mmio_write** and update its usage
accordingly.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
replace CPU_PAGE_MASK with PAGE_MASK
These two MACROs are duplicated and PAGE_MASK is a more reasonable name.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- replace CPU_PAGE_SHIFT with PAGE_SHIFT
These two MACROs are duplicated and PAGE_SHIFT is a more
reasonable name.
- remove unused MACROs related to page shift in cpu.h
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
replace CPU_PAGE_SIZE with PAGE_SIZE
These two MACROs are duplicated and PAGE_SIZE is a more reasonable name.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
replace serial PCI MMIO base address configure with its BDF configure.
Tracked-On: #1923
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Boot component prepares the very basic platform boot env. It finally call
into platform initilization entries:
- bsp_boot_init & cpu_secondary_init for start up
- or restore_s3_context for wakeup
this patch is the final one, it did some code clean up and move some definition
from vm0_boot.h to boot_context.h.
after this patch, the boot component include files:
arch/x86/boot/cpu_primary.S
arch/x86/boot/trampoline.S
arch/x86/boot/cpu_save_boot_ctx.S
arch/x86/boot/idt.S
boot/reloc.c
boot/include/reloc.h
include/arch/x86/boot/idt.h
include/arch/x86/boot/boot_context.h
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Boot component prepares the very basic platform boot env. It finally call
into platform initilization entries:
- bsp_boot_init & cpu_secondary_init for start up
- or restore_s3_context for wakeup
this patch moves set_idt from header file to irq.c
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Boot component prepares the very basic platform boot env. It finally call
into platform initilization entries:
- bsp_boot_init & cpu_secondary_init for start up
- or restore_s3_context for wakeup
this patch move functions for AP trampoline into trampoline.c from reloc.c
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
The PLATFORM configuration option is not used in any unique way. With simple
changes, we can directly use CONFIG_PLATFORM_UEFI and CONFIG_PLATFORM_SBL to
compile the ACRN hypervisor. This patch removes this config option and adjusts
the hypervisor Makefile accordingly.
The "old" way of specifying the platform from the command-line is not affected
by these changes, e.g.: "make PLATFORM=sbl"
Tracked-On: #1588
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
* Add more Kconfig options documentation for the hypervisor
* Reword some existing one to improve readibility
* Break some help text to not go beyond 80 characters
Tracked-On: #1588
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Co-Authored-By: David B. Kinder <david.b.kinder@intel.com>
This patch fixes the following violations:
1. Implicit conversion: actual to formal param
2. Value is not of appropriate type
3. No cast for widening complex int expression
4. Widening cast on complex integer expression
5. Narrower int conversion without cast.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Now it's using the memory reserve by hypervisor. So there's not
necessaty to map or ummap this region from SOS.
Tracked-On: #1942
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
The previous would reserve memory for trusty in SOS kernel. Howerer,
there would no available 16 MB continue memory any more after a long time.
This result in allocating memory for trusty failed. This patch will reserve
memory for trusty in ACRN hypervisor in which case the memory allocation
for trusty will never fail.
Tracked-On: #1942
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
This patch places all unsupported MSRs in the intercepted_msrs[], but
don't implement any handlers in the switch clauses. Hence any
accesses from guests result in GP exceptions.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Put most of the emulated MSR number in emulated_msrs[], and remove
the individual calls to enable_msr_interception().
- vcpu_thread() injects General Purpose exception to the guest if any
VMEXIT handler doesn't return 0. This patch removes vcpu_inject_gp()
from all MSR VMEXIT handlers to keep the code clean.
- remove dead code.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Regarding SGX, guests could access CPUID.07H.EBX[2] before query CPUID
leaf 12H.
Intel SDM 36.7.2: "If CPUID.(EAX=07H, ECX=0H):EBX.SGX = 1, the processor
also supports querying CPUID with EAX=12H on Intel SGX resource capability
and configuration."
Clear CPUID.07H.ECX[30] SGX_LC to make the guest view consistent.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch allows to disable the serial port directly from Kconfig. This used
to only be possible from the command-line (by passing "uart=disabled"). To
disable the serial port via Kconfig, simply unselect the "Serial IO type"
option.
The default options do not seem to have any effect anymore (and were confusing
anyway) so they are removed and the serial port is enabled for various platforms
in their corresponding *.config file.
Tracked-On: #1481
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
`@return` is dedicated for brief description of return values, not for comments
stating actual return values. In addition, sphinx + breathe does not join
multiple adjacent `@return`. This results in multiple `Return` sections in the
generated document, which is confusing.
This patch replaces `@return` with `@retval` for the lists of return
values. Adjacent `@retval` can be joined into one list by breathe.
v1 -> v2:
* Replace return value descriptions like `negative` and `positive` with
expressions like `<0` and `>0` in `@retval`.
* Keep the list of `@retval` comprehensive, even when there is a `@return` to
generally describe what the return value means.
* Drop duplicated `@return` when it does not give more information than the
`@retval` list.
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is preferred to state the absence of a return value explicitly in the
doxygen-stile comments. Currently there are different styles of doing this,
including:
@return None
@return NULL
@return void
@return N/A
This patch unifies the above with `@return None`.
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
As SOS has already adapted to the new state transition of VHM requests for a
month, the old `valid` field can now be safely obsoleted.
This patch changes the `valid` field as reserved and drops all the code that
reads or modifies this field for backward compatibility. The embedded comments
are updated accordingly, following the doxygen style.
Tracked-On: #875
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that if the return value of a function call is
assigned to a local variable, this value shall be used in all paths.
This patch moves the variable assignment right before the moment that
the variable is used.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Boot component prepares the very basic platform boot env. It finally call
into platform initilization entries:
- bsp_boot_init & cpu_secondary_init for start up
- or restore_s3_context for wakeup
This patch just move files into reorg dir.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
v1-v2:
Bypass this case:
When binary arithmetic operators of different precedence (e.g. '+'
and '*') are mixed in an expression, parentheses are added to the
sub-expressions using the operator with a higher precedence.
v1:
The operator precedence rules are complicated and it is easy to make a mistake.
So add brackets to make operator expression more readable.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
MISRA-C required every switch statement shall have a default label.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
replace HV_DEBUG with CONFIG_COM_IRQ which is more reasonable
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
now the size of sanitized_page is 32KB,
revise it to 4KB.
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently guest IA32_TSC_AUX MSR is loaded manually right before VM
entry, and saved right after VM exit.
This patch enables VM-Entry Control and VM-Exit Control to switch
MSR IA32_TSC_AUX between host and guest automatically. This helps to
keep vcpu_thread() function and struct acrn_vcpu cleaner.
Also it removes the dead code of intercepting IA32_TSC_AUX.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG related to shell command in assign.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG in ioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In theory, there would have 256 pending interrupts on lapic ISR.
Add this check to avoid theoretic infinite loop for clearing
lapic isr. Leave the potentially hardware issue to machine check.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Although the lapic base MSR have the same value in per-cpu except that the BSP bit.
However, we would enter s3 on the BSP cpu. After the resume from s3, the BSP bit was
clear on the BSP cpu. This patch fix this bug.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now if the vmexit reason is virtulized EOI for level triggered
interrupts, HV will loop all the ptdev entries, it is time-consuming,
this patch add vpin to ptdev entry mapping for vpic and vioapic
when add intx entry for a vm,it can use the ptdev entry directly
according to the mapping for vpin and ptdev entry when EOI vmexit.
v3-->v4:
-- add check vpin in remove_intx_remapping
-- move check vpin from ptdev_add_intx_remapping to add_intx_remapping
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Move ptdev lock out from add_intx_remapping/add_msix_remapping
/remove_intx_remapping/remove_msix_remapping and make it protect
the whole add entry/remove entry process
v3-->v4:
--move ptdev lock out
v2-->v3:
-- still use ptdev lock for add/remove ptdev entry
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
-- Config MAX_PT_IRQ_ENTRIES 64 in Kconfig
-- Remove ptdev list
-- Add alloc_ptdev_entry_id api
v3-->v4:
-- move is_entry_active from assign.c to ptdev.h
-- Add clear active flag in release_entry
v2-->v3:
-- Remove redundancy active check for ptdev entry
in release_all_entries and get_ptdev_info
v1-->v2:
-- split to small patches
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
This patch introduce a new mode of IO request completion, polling mode.
Now, the sketch of ioreq process can be,
A. UOS vcpu0 generate PIO/MMIO ->
B. pcpu1(vcpu0 of UOS) trap into HV ->
C. pcpu1 build ioreq, send IPI and enter idle ->
D.1 pcpu0(vcpu0 of SOS) response IPI,
D.2 pcpu0 handle the ioreq in HV, kernel, DM,
D.3 pcpu0 mark ioreq as complete,
D.4 pcpu0 hypercall to enter HV ->
E.1 pcpu0 send IPI to wake pcpu1 up
E.2 UOS vcpu0 continue running
With this change, it skips D.4, E.1 steps. In step C, pcpu1 will enter a
polling ioreq state idle after send out the IPI.
It can save about ~5000 cpu cycles.
In polling mode, we do the polling in idle instead of pause cpu all the
time. It will consume more power. A better way is to use monitor/mwait
instructions which can put cpu into a sleep state with monitoring a
memory address. Unfortunately, APL has bug with monitor. We can gather
all ioreqs state into one monitorable memory and take advantage of
monitor/mwait for future platform.
The way polling or notification is per VM. We can config VMs in
different mode. By default, IO request completion will use notification
mode for all VMs. We can switch it by Kconfig.
Tracked-On: #1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch adds more comments to describe the structures and functions of vtd
that are public to the other components in the hypervisor. The comments are in
doxygen-style for document generation.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
1. use error code defined in errno.h instead of 1.
2. panic if error occured while adding devices to VM0 domain.
3. panic if failed to reqeust irq for iommu.
The two panic added would only occurs before any VM starts running.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In current code, DMA remapping is enabled at very early stage, when there is no
device added.
Devices are added to VT-d context table when creating VMs.
There is potential risk that there may be device DMA transactions when DMA remapping is
enabled, but the device is not added to the VT-d context table. (Eg. this could happen in UEFI
enviroment when USB keyboard use in efi intenal shell.)
This patch defers DMA remapping enabling until vm creation.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Current code doesn't init interrupt config when resume from S3.
The related register contect will be lost during S3.
This patch re-init these regiters.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Add an internal API to do action according to action function provided,
which can simplify the code.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Move move public API to the bottom part of the file.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Becuase the number of character of a line is 120.
Merge lines for a statement if needed.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
dmar_uint -> dmar_unit
remove i in line 756 added by accident.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG in hypercall.c and vmcall.c
TO-DO:
Enhance Makefile to compile debug/release into 2 libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
CSE FW uses an AEK (Attestation keybox Encryption Key) to encrypt the keybox
with AES-256-GCM algorithm before sending it to Android/Trusty. This key is
derived from the latest platform Seed by CSE FW with KDF (key derivation function)
HMAC-SHA256. After Trusty retrieves this encrypted keybox over HECI/MEI driver,
Trusty needs the same AEKkey to decrypt it. Hence, before Trusty launches,
Hypervisor derives the same AEK key from Platform Seed with the same algorithm
and the same derivation parameters, then sends this AEK along with Trusty vSeed
to Trusty world memory.
Since Platform Seed is only visible to Hypervisor and it must not be
sent to any guest VM, only Hypervisor can derive this AEK from this
Platform Seed, just like previous per-Trusty virtual Seed derivation.
Please note that Android Attestation Keybox is shared in a single hardware
platform, so all the Trusty instance/world can get the same AEK for
decryption even if there are multiple Android User OS/VMs running
on top of Hypervisor.
v1 --> v2:
Add detailed description why we need the patch to derive an extra key
v2 --> v3:
Convert API descriptions to Doxygen
Tracked-On: #1812
Reviewed-by: Bing Zhu <bing.zhu@intel.com>
Reviewed-by: Kai Wang <kai.z.wang@intel.com>
Signed-off-by: Chen Gang G <gang.g.chen@intel.com>
Acked-by: Bing Zhu <bing.zhu@intel.com>
An I/O handler is not linked to the I/O access size, so in searching for
the registered I/O handler, don't need to check the I/O request's access
size.
In struct vm_io_handler_desc, change fields addr and len to port_start and
port_end respectively to adapt to this change.
Tracked-On: #1815
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. CPU_SEG_WRITE->CPU_SEG_READ: it's actually seg read
2. 0x%hu -> 0x%x: it need print hex format
Tracked-On: #1833
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Adding Kconfig option to define the vuart port base address/IRQ.
By default, use 0x3F8/IRQ4. For MRB, use 0x3E8/IRQ6.
We are experiencing problems on NUC after changing from 0x3F8/IRQ4
to 0x3E8/IRQ6.
Tracked-On: #1817
Change-Id: Ie407e51a7bc25ac0bb4c61453c969f1466fa33ca
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Due to the side-effect to cache of "wbinvd" instruction, just apply it
in case of noncoherent DMA.
Tracked-On: #1824
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
ioreqs acrossing VM reset is meaningless. So we reset their status when
VM reset.
Please note, device model and service os need to handle various ioreqs
pending status in emergency reset condition carefully. Otherwises, the
post processing of such ioreqs might overwrite this reset.
Tracked-On: projectacrn#1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Even in partition mode, we also need to clear vmid in vmid_bitmap to
indicate the VM is not present.
Tracked-On: projectacrn#1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires that the function call in which the returned
value is discarded shall be clearly indicated using (void).
This patch fixes the violations related to the following
function calls.
- instr_check_gva
- vlapic_set_local_intr
- prepare_vm
- enter_s3
- emulate_instruction
- ptdev_intx_pin_remap
- register_mmio_emulation_handler
v1 -> v2:
* discard the return value of enter_s3
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
fix the following integer violations:
1. Signed/unsigned conversion without cast
2. Literal value requires a U suffix
3. Implicit conversion of underlying type
v3 -> v4:
* change the type of npk_loglevel/mem_loglevel/console_loglevel
from uint32_t to uint16_t
v2 -> v3:
* discard the return value of update_ept
* discard changes related to npk loglevel
v1 -> v2:
* remove the unnecessary changes related to the false positive
issues caused by scanning tool
* change the type of the local variable 'vlapic_id' from uint8_t
to uint32_t in function 'vlapic_build_id'
* change the type of the struct member 'flags' in shared_buf from
uint64_t to uint32_t
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
clean up mmio_read/mmio_write in instr_emul.c
- make these two functions inline
- discard the return value and add the pre condition
- rename these two functions to vie_mmio_read/vie_mmio_write
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In current code, there is an out of range access to the array buses defined in struct struct context_table.
This patch defines CONFIG_IOMMU_BUS_NUM to replace CONFIG_IOMMU_INIT_BUS_LIMIT, which is clearer.
CONFIG_IOMMU_BUS_NUM equals to (CONFIG_IOMMU_INIT_BUS_LIMIT + 1).
Tracked-On: #1807
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the function call in which the returned
value is discarded shall be clearly indicated using (void).
This patch fixes the violations related to the following
function calls.
- vlapic_set_intr
- vlapic_intr_edge
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
to decrease the value of 'create_vcpus' in fail case.
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C reqires assembly code should comply with
the rules list below:
The assembly code's functionality should match the function's
name.If not,pls encapsulate the assembly code and give a suitable
name for describing the functionality.
V1->V2:
1.remove the dead code
2.update detail comment
V2->V3:
1.replace the macro name with upper case.
2.remove the typedef and rename the struct name
"_descriptor_table_" to "descriptor_table".
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
this patch is to avoid posisble inconsisent states for
VMs and vCPUs in configuration that SOS is SMP based
and Device Model may be multi-threads based.
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Config MAX_EMULATED_MMIO_REGIONS 16 in Kconfig
-- Add emulated mmio array and emulated mmio regions
in vm structure
-- Remove mmio list in vm structure
-- Remove unregister_mmio_emulation_handler and
vioapic_cleanup APIs
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Branch addressing using registers or memory operands must be prefixed by
a '*' in AT&T ASM language.
This change is to fix these warnings:
arch/x86/cpu.c:409: Warning: indirect call without `*'
arch/x86/cpu.c:553: Warning: indirect call without `*'
arch/x86/trampoline.S:168: Warning: indirect jmp without `*'
Ref: https://csiflabs.cs.ucdavis.edu/~ssdavis/50/att-syntax.htm
Tracked-On: #1764
Signed-off-by: Xinyun Liu <xinyun.liu@intel.com>
Reviewed-By: Yin Fengwei <fengwei.yin@intel.com>
The cpu model name of "Intel(R) Celeron(R) CPU N3350 @ 1.10GHz" is used in
APL UP2 board, which is in Acrn official support list.
Tracked-On: #1767
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Add emulated port io index
-- Add emulated pio array in vm structure
-- Remove port list in vm structure
-- Remove free_io_emulation_resource/register_io_handler/
create_io_handler APIs
v2-->v3:
-- not add 'is_emulated', check len == 0U
-- Check if io_read/io_write handler is NULL before calling
-- Replace ENUM with MACRO for emulated pio index to avoid
MISRA-C violations
v1-->v2:
-- Remove EMUL_PIO_NUM in Kconfig, add emulated pio index
for PIC/PCI/UART/RTC/PM
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Current, SNP control bit is only set in ept_mr_add for cacheable memory.
However, memory type for VM0 is added as uncacheable type.
So SNP control is not set for VM0.
Add code to set SNP control bit for cacheable memory when ept modification.
Tracked-On: #1762
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the controlling expression of an if statement or
an iteration-statement shall be Boolean type.
v1 -> v2:
* update the U suffix of constant to let the type of operands
to bit operations (&) is the same.
* update the type of 'i' from uint64_t to uint16_t in
'profiling_set_control' since it is limited by phys_cpu_num,
which is uint16_t.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
When a macro is expanded, the two tokens on either side of each ‘##’ operator
are combined into a single token, which then replaces the ‘##’ and the two
original tokens in the macro expansion. So we need use CAT__ to expand the
__LINE__ MACRO and use CAT_ to combine the expaneded MACRO.
Tracked-on: #1750
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Use pre-defined inline function for pci bus/slot/function calculation.
Tracked-on: #1747
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It is not necessary to use atomic operation to
set the initial value for 'created_vcpu' in vm structure.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
- Fix the integer violations related to the following rules:
1. The operands to shift operations (<<, >>) shall be unsigned
integers.
2. The operands to bit operations (&, |, ~) shall be unsigned
integers.
- Replace 12U with CPU_PAGE_SHIFT when it is address shift case.
v1 -> v2:
* use existed MACRO to get bus/slot/func values
* update PCI_SLOT MACRO to make it more straightforward
* remove the incorrect replacement of 12U with CPU_PAGE_SHIFT
dmar_fault_msi_write
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For data structure types "struct vm", its name is identical
with variable name in the same scope. This is a MISRA C violation.
Naming convention rule:If the data structure type is used by multi
modules, its corresponding logic resource is exposed to external
components (such as SOS, UOS), and its name meaning is simplistic
(such as vcpu, vm), its name needs prefix "acrn_".
The following udpates are made:
struct vm *vm-->struct acrn_vm *vm
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For data structure types "struct vcpu_arch", its name
shall follow Naming convention.
Naming convention rule:If the data structure type is
used by multi modules, its corresponding logic resource
is exposed to external components (such as SOS, UOS),
and its name meaning is simplistic (such as vcpu, vm),
its name needs prefix "acrn_". Variable name can be
shortened from its data structure type name.
The following udpates are made:
struct vcpu_arch arch_vcpu-->struct acrn_vcpu_arch arch
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For data structure types "struct vcpu", its name is identical
with variable name in the same scope. This is a MISRA C violation.
Naming convention rule:If the data structure type is used by multi
modules, its corresponding logic resource is exposed to external
components (such as SOS, UOS), and its name meaning is simplistic
(such as vcpu, vm), its name needs prefix "acrn_".
The following udpates are made:
struct vcpu *vcpu-->struct acrn_vcpu *vcpu
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
This patch adds more comments to describe the structures and functions that are
public to the other components in the hypervisor. The comments are in
doxygen-style for document generation.
v2 -> v3:
* Reformat the flow in the doc for vhm_io_request.
v1 -> v2:
* Fix typos and inconsistencies in the comments.
* Wrap the text-based diagram in the doc for vhm_request in @verbatim
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Unmap the trusty EPT mapping when destroy_secure_world. The reason is
now the normal world and trusty will share the PD and PT page. Before
we add the mapping for each world, we should unmap it from another world.
Besides, fix a minor bug for condition priority.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
ACRN, in partition mode, supports LAPIC pass-thru to guests. Guest needs
to use x2APIC mode of LAPIC for pass-thru to be enabled.
ACRN also needs the user to configure lapic_pt to true in vm_desc
for the VM.
Interrupt Command Register (ICR) is the only APIC register that is
intercepted. Reference code in partition/vm_description.c enables
LAPIC pass-thru for vm2.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
ACRN does not support platforms that do not have x2APIC mode of LAPIC
in hardware. With this patch, x2APIC is exposed to guests by default.
Extended Topology Leaf 0xb in cpuid returns x2APIC ID and topology
information to OS. This patch adds support to return guest topology
and guest x2APIC ID. Number of SMT siblings is returned as 0.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch adds support for self-IPI virtualization when guest
uses vLAPIC in x2APIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
When guest switches from xAPIC mode to x2APIC mode of vLAPIC operation,
MSRs are used to access vLAPIC. This patch adds APICv support for
MSR accesses to vLAPIC. Switching from xAPIC to x2APIC is supported via
APIC BASE MSR. Other modifications like disabling and switching back to
xAPIC are not supported.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch adds support to return APIC ID if guest uses vLAPIC
in x2APIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch converts x2APIC MSR accesses to corresponding LAPIC MMIO offset to
utitlize vlapic_write/read APIs to virtualize LAPIC. Also adds support to inject
GP fault when read-only registers are attempted to be written to or vice versa.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
When guest uses vLAPIC in x2APIC mode, ICR write is a single MSR write.
Also, the destination field for device interrupts and IPIs should not be
handled in the same way as xAPIC mode. This patch adds support for x2APIC
mode operation of guest vLAPIC.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
x2APIC ID and LDR are in different format compared to xAPIC mode of operation.
This patch adds code to build ID and LDR when guest uses vLAPIC in x2APIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
Extending enable_msr_interception to accept mode as input. Mode specifies
if the API user wants ACRN to intercept on read-only or write-only or both
read and write or disable MSR interception altogether.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
Accessing x2APIC MSRs in xAPIC mode should result in GP exception according
to SDM section 10.12.2. Adding support to ACRN to inject GP into guests for
the same reason.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
In the C99 standard, the order of evaluation associated with multiple #,
multiple ## or a mix of # and ## preprocessor operator is unspecifie.
So it is unsafe to use multiple # or ## in a macro.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Normal world would also setup 511 GB gpa EPT mapping when initialize.
So we couldn't know which the world is from the gpa. But trusty is so
special for that we know where it would get a pml4_page or pdpt_page.
As a result, we could simpler this by just return the pml4_page or
pdpt_page to it when it needs.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Replace dynamic memory allocation in memory management with static memory allocation.
Since the static memory allocation can guarantee the allocation never failed, so
split_large_page and construct_pgentry don't need to return a errno any more.
Besides, the destroy_ept don't need to free page any more. Instead, it would memset
the eptp to 0 to make sure we can't walk this paging table again.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Add static paging table allocation API for EPT.
Note: must configure SOS/UOS_REAM_SIZE exactly as the platform.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Add static paging table allocation API for hypervisor.
Note: must configure PLATFORM_RAM_SIZE and PLATFORM_MMIO_SIZE exactly as the platform.
Rename RAM_START/RAM_SIZE to HV_RAM_START/HV_RAM_SIZE for HV.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
It's possible that the up_count_spinlock is not release during
system enter S3. The case is like following:
BSP AP
stop_cpus cpu_dead
cpu_set_current_state
spinlock_abtain
up_count--
wait_for up_count == 1
enter S3
spinlock_release
Especially, considering the real spinlock release could be delayed
by cache.
Actually, the most content protected by up_count_spinlock is per
cpu data and could be changed without lock. Only left is up_count.
This patchset remove the up_count_spinlock and use atomic API
for up_count changing.
Tracked-On: #1691
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
add size check for other hypervisor console command;
they could be overflow for shell log buffer output.
Tracked-On: #1587
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
After enabling vPCI in hypervisor for vm0, UOS may not able be launched
successfully. Consider this scenario (take MSI-X for example):
- DM makes hypercall to hypervisor to do MSI-X remapping on behalf of
UOS guests.
- After the hypercall, VHM module in SOS kernel updates the physical
MSI-X table with the physical Message Data/Addr.
- These MMIO write requests are intercepted by hypervisor, which will
call ptdev_msix_remap() to do MSI-S remapping.
It may fail due to 2 possible reasons:
1) wrong target VM because:
hypervisor thinks it's a VM0 MSI-X device but they have been registered
as UOS guests through HC_SET_PTDEV_INTR_INFO hypercall.
2) wrong ptdev_msi_info->vmsi_data because:
The virtual MSI-X table is supposed to hold virtual Message data/addr
but the SOS VHM writes the physical ones to it.
This patch resolves these problems by ignoring the HC_VM_PCI_MSIX_REMAP
hypercall, so virtual and physical Message Data are the same from SOS'
perspective and it won't mess up the virtual PCI device in HV.
Also in HC_SET_PTDEV_INTR_INFO handler, vpci updates the target VM
when the PCI devices are assigned to different VMs.
The UOS' MSI/MSI-X remapping is triggered by hypervisor when SOS (either
DM or VHM) updates the Message Data/Addr.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For SOS BSP, we reuse native saved cs.limit
For UOS BSP, we set cs.limit in DM
For AP, we use initialized data from realmode_init_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
Save the native cs limit and reuse it for SOS cs limit. To remove
the hardcode of cs limit for guest in hypervisor.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
--Config LOG_BUF_SIZE 256KB for per cpu
--Replace 'calloc' with static array for sbuf
--Rename 'alloc_earlylog_sbuf' to 'init_earlylog_sbuf'
--Remove deadcode sbuf_free
v2-->v3:
-- put the buffer into per_cpu data structure
v1-->v2:
-- add 'is_early_logbuf' in percpu data structure used for
check if need to do 'do_copy_earlylog'
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-to avoid information leaking from secure world to
normal world on platform affected by L1TF.
Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
- flush L1 cache before VM entry only on platform
affected by L1TF
- flush operation is configurable by below MACRO:
--CONFIG_L1D_FLUSH_VMENTRY_ENABLED
Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
- detect if current processor is affected by L1TF
- detect the presence of of "IA32_FLUSH_CMD(MSR 0x10B)
if processor is affected by L1TF.
Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
- add a function to detect CPU capabilities for security
related features, it will print warning messages if
current ucode can't support the latest security features.
Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
For partition mode, there is no vm0_domain created for iommu.
In current code, it will return error when try to remove a device
from vm0_domain, which casue failure of device assignment in
partition mode.
Tracked-On: #1680
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The operands to shift operations (<<, >>) shall be unsigned integers.
v1 -> v2:
* replace 12U with CPU_PAGE_SHIFT when it is address shift case.
* replace 6UL with 0x6UL
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace list of iommu_domains with static array
Tracked-On: #861
Signed-off-by: Tw <wei.tan@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Predefine a dmar_drhd_rt table for all possible dmar unit
Tracked-On: #861
Signed-off-by: Tw <wei.tan@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Guest OS can use vLAPIC in x2APIC mode. Upon vlapic_reset, vLAPIC should
be set to xAPIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Instead of using the ACPI info template in the source tree, this patch requires
a board-specific ACPI info header to be created by the user and placed under
bsp/include. Currently we'll fall back to the current platform-specific template
if such board-specific info is not available.
A configuration symbol ACPI_ENFORCE_VALIDATED_ACPI_INFO is also added to enforce
the existance of board-specific ACPI info header. Default configurations can set
this symbol if the template does not work on a board.
Updates to the getting started guide will be updated accordingly after the
offline tools to generate such header is available.
v2 -> v3:
* Rephrase the ACPI-info-related messages.
v1 -> v2:
* The generated header should depend on .config so that whenever any
configuration changes, this header will be remade.
Tracked-On: #1520
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
The current defconfigs are BIOS-specific which makes it difficult to maintain
multiple defconfigs for boards running the same BIOS.
This patch re-organizes the defconfigs to be board-specific. A command line
option BOARD is introduced to specify a board on which the current build targets
at. The original PLATFORM is kept for backward compatibility which redirects to
apl-mrb and nuc6cayh for sbl and uefi, respectively.
The getting started guide is also updated accordingly.
v1 -> v2:
* Rewrite 'up2' to 'UP2'.
Tracked-On: #1588
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Add help messages to all visible symbols except those heap-related ones which
will be dropped eventually.
v2 -> v3
* Fix typos and misleading descriptions.
v1 -> v2
* Per kconfig language, help messages shall have a larger indent level than the
attributes.
* Rephrase for clarify.
Tracked-On: #1588
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Compared with partition_mode.c, the major difference between them is
the list of PCI devices is statically defined or dynamically
enumerated and allocated.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Similar to MSI emulation, this patch emulates the Message Control word
within MSI-X Capability Structure.
Also it emulates MSI-X table. MSI-X remapping is triggered when the guest
is changing the Mask bit in Vector Control, or the Message Data/Addr when
MSI-X Enable bit is set.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
commit 026ae83bd5 ("hv: include: fix 'Unused procedure parameter'")
removed the then unused parameter handler_private_data from
hv_mem_io_handler_t because MISRA-C requires that there should be no
unused parameters in functions.
This patch removes vcpu from the parameter list as well since this may
not be used by all users. Also it brings back handler_private_data which
is more flexible. For example, vioapic_mmio_access_handler() can use it
to pass vcpu pointer.
Tracked-On: #861
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Functions shall not call themselves, either directly or indirectly.
V1->V2:
add pre-assumption.
V2->V3:
when vector < 16,call vlapic_set_error
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
--remove 'calloc' for pcpu, change it to static array
--rename 'init_percpu_data_area' to 'init_percpu_lapic_id'
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently we compare vcpu_id with phys_cpu_num,
vcpu_id is not related with phys_cpu_num,
this patch cleanup them.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- check pcpu number in several functions
to avoid overflow
-- rename pcpu_id to pcpu_num in local_parse_madt
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
if the physical number > CONFIG_MAX_PCPU_NUM,
will return error and panic.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
--Removed MAX_PCPU_NUM in cpu.h
--Changed the default value from 128 to 8 for
MAX_PCPU_NUM
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
smp_call_function:
smp_call_mask can be modified by more than one process which can cause kernel hang and timeout
Adding a lock to smp_call_mask to prevent race condition
Tracked-On: #1606
Acked-by: Xu, Anthony <anthony.xu.intel.com>
Signed-off-by: Manisha Chinthapally <manisha.chinthapally@intel.com>
irq.c/.h:
Added new variables(ctx_rflags, ctx_rip, ctx_cs) in irq_desc
On each interrupt this information is populated
Added api's to access the irq_desc members
profiling.c:
profiling_pmi_handler:On each PMI generates gets the context and other information that caused it
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
This patch adds support to sep/socwatch profiling
Adds 2 new files include/arch/x86/profiling.h and arch/x86/profiling.c
which contains most of the implementation for profiling,most of the functions
in profiling.c have dummy implementation and will be implemented in next patches
a. cpu.c, Initial profiling setup is done as part of bsp_boot_post
and cpu_secondary_post flow
b. vmcall.c, New ioctl is added for performing profiling related
operations in vmcall_vmexit_handler
ioctl - HC_PROFILING_OPS
function - hcall_profiling_ops()
c. common/hypercall.c, hcall_profiling_ops() implementation.
d. hv_main.c, In vcpu_thread calling profiling related functions
to save vm context
e. acrn_hv_defs.h, list all the profiling command types
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
When drdh_info_array[0].ignore = false with partition mode enabled,the following
assert error will be triggered when trying to boot vm:
Assertion failed in file arch/x86/vtd.c: fatal error
The root cause is that root_table_addr reading from CPU3(vm2's bsp) is NULL.
This patch move the init_iommu which initialize root_table_addr before starting
secondary cores and flush the cache at the end if the function to avoid getting
NULL pointer from secondary cores.
Tracked-On: #1160
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Binin Wu <binbin.wu@intel.com>
Fix violations whose parameter can be read-only.
This patch only fix the parameter whose name is vcpu.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Fix violations for function whose parameter can be read-only.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
guest software loading is per VM instead of vcpu. So we move it
from prepare_vcpu to prepare_vm. And make sure it's called for
all VMs for partition mode.
Tracked-On: #1565
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
All the platforms supported by ACRN supports x2APIC. So enabled
x2APIC for ACRN hv. Removed any code that is needed for xAPIC mode
of operation.
Tracked-On: #1455
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed by: Yonghua Huang <yonghua.huang@intel.com>
There's no need to walk these paging tables to transfer HPA to GPA
for a VM, so remove it.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
They're: (a) only SOS would use hpa2gpa and (b) the GPA and HPA
in SOS is identical mapping.
Rename hpa2gpa to vm0_hpa2gpa then.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Pointer param should be declared pointer to const if
the parameter is keeped read-only.
This patch changes pointer param whose name is vm.
Tracked-On:#861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
irq 4 is sharing with idma, after change vuart to level trigger, the idma
driver could handle this irq 4 and send out EOI, which cause the irq storm.
move vuart irq to a not used 6.
Tracked-On: https://github.com/projectacrn/acrn-hypervisor/issues/1476
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
-- Not return NULL for vcpu_from_vid
We have replaced dynamic memory with static memory for vcpu,
then if vcpu_id is valid, this API should not return NULL.
-- Simplify the for-loop when walk through the vcpu
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The base address of LAPIC and IOAPIC should be parsed from MADT table,
so move the definition to platform_acpi_info.h.
Tracked-On: #1500
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The I/O APIC number should be parsed from host ACPI table, so move the
definition from Kconfig to platform_acpi_info.h.
Tracked-On: #1500
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace platform_acpi_info.c with platform_acpi_info.h and define needed
host ACPI info in MACROs. Then the struct host_acpi_info is not needed
any more.
This header file should be generated by offline tool automatically;
Tracked-On: #1500
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According to SDM 6.5 exception classification, if the fault
happens, the CPU will return to the faulting instruction. So
we shouldn't change rip to the next instruction if inject fault
to guest.
Tracked-On: #1473
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
All the platforms supported by ACRN supports x2APIC. So enabled
x2APIC for ACRN hv. Removed any code that is needed for xAPIC mode
of operation.
Tracked-On: #1455
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed by: Yonghua Huang <yonghua.huang@intel.com>
Return value should be checked,fix it by add
"void" when the function return value is not used.
V1->V2:
replace printf with pr_warn.
V2->V3:
change the commit to make read easily.
Tracked-On:#861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C required the suffix(U/UL), such as:
(1) ---> (1U)
(1) ---> (1UL)
(1U << 0) ---> (1U << 0U)
This patch will add the suffix(U/UL) to come up MISRA-C into
hypervisor/include directory.
Tracked-On: #1468
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
An issue reported on KBL NUC (No APIC-V), when runing GVT test
case, it is easily to cause SOS/UOS hung. This patch is to root
cause it and how to avoid it.
On some platforms with no APIC-V support, this modidication can
avoid SOS hung when no IRR but event pending bit set.
If no APIC-V, interrupt injection will use IRR in vLAPIC and
event pending bitmap; work logic as following (set ABC for notes):
1. in ISR or when UOS send an interrupt to SOS/VHM (like IO request),
step A: set IRR --> step B: set event pending bit;
2. in SOS event handing, step C: check/clear event pending bit -->
step D: probe/get IRR --> step E: clear/handle IRR.
3. after that, it will probe IRR again to check if other IRR left:
step F: probe IRR --> step G: set event pending bit --> step H:
enable IRQ window in VMX.
Before, from step C to D, if pending bit checked, but no IRR, it will
return -1, then the CPU will goto ZOMBIE status. It can cause
SOS hung. It can happen occasionally under following case :
4. between UOS step A and step B, SOS can goto step F, so it
gets IRR, and step G --> step H, then SOS enter non-root mode, for
IRQ window enabled, it will cause vmexit to continue step C/D/E.
5. then UOS does step B, to set pending bit, but no IRR now. When next
vmexit, SOS does step C and D, it can't get IRR, failure happens.
In summary, a failed case steps: A-->F-->G-->H-->C-->D-->E-->B-->C-->D
So we allow that when event pending bit checked, IRR could be cleared
already.It just wastes one probe time occasionally.
Tracked-On: #1363
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
to enable APICv Posted interrupt supported, following the
specifications defined in Intel SDM Section #29.6, Volume3.
Posted-interrupt processing is a feature by which a processor
processes the virtual interrupts by recording them as pending
on the virtual-APIC page.
Injecting interrupts to VCPU from remote CPU without causing
VM exit on the destination, following steps in SDM Section 29.6,volume3:
Tracked-On: #1447
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now we have name reuse definitions in hypervisor as following:
"enum cpu_state cpu_state" in per_cpu.h,
"struct shell_cmd *shell_cmd" in shell_priv.h.
MISRAC requires that tag names shall not be reused anywhere
with in a program.So these definitions violate MISRAC rules
"identifier resue".This patch is used to fix it.
1. modify the definitions to "enum pcpu_boot_state boot_state"
and "struct shell_cmd *cmds".
2. modifty the relevant usage.
v1->v2
update commit message to be more explicit.
v2->v3
update the enum definition.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, UOS will use hypercall to init BSP state, we could remove
set_bsp_real_mode_entry() and set_bsp_protect_mode_regs().
For SOS, GDT will inherit from SBL or UEFI. For UOS, DM will
prepare GDT. We don't need hypervisor to prepare GDT for guest.
The entry_addr of vcpu struct could be removed. The guest entry
is set through BSP rip register.
GUEST_CFG_OFFSET is not needed any more after this patchset.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Move vcpu mode set to function vcpu_set_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For UOS, there is no BSP init state saved in hv. We always need
DM to set BSP init state by using hypercall. So we can't auto
start vm during vm reset.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, we make UOS to set BSP init state by using hypercall. We
could drop the old UOS loader in HV and make vm loader in HV
only for SOS.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
DM will use this hypercall to initialize the UOS BSP state.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Use customized function to generate proper config.h
which depend on kconfig,write the customized format
to support it.
V1->V2:
Add comments.
Tracked-On: #861
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
From SDM Vol3 26.3.2.5:
Once the virtual interrupt is recognized, it will be delivered in VMX
non-root operation immediately after VM entry(including any specified
event injection) completes.
So the hardware can handle vmcs event injection and evaluation/delivery
of apicv virtual interrupts in one time vm-entry.
This patch move the apicv irr/rvi sync before handle vmcs events
injection. The old code cause the apicv virtual interrupt evaluation and
delivery be handled until next vm-exit if met pending exceptions.
Tracked-On: #1443
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The vcpu state is initialized outside of init_guest_state:
- SOS BSP state is initialized in SOS loader
- UOS BSP state is initialized in UOS loader
- AP state is initialized during SIPI signal emulation
We could make init_guest_state only update the vcpu state
to VMCS structure.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
NOTE: this patch is only workaround patch for UOS BSP state init.
Eventually, the DM will call hypercall to init UOS BSP state.
We use this workaround patch here to simplify the init_guest_state.
Will make the caller of init_guest_state calls init_guest_vmx
directly.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We move the SOS BSP state init to vm loader and drop
function init_guest_context_vm0_bsp.
Update the definition of vm0_boot_context to fix code
violations.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With reset_vcpu_regs as pre-condition, we only need to set
cs_selector and cs_base for AP.
We call set_ap_entry in two places:
1. When emulation AP SIPI
2. When sos BSP resume from S3. The BSP is resumed to real
mode with entry set to wakeup_vec. We call set_ap_entry
API here with entry twisted from wakeup_vec.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This reset_vcpu_regs function will reset the vcpu registers to
default value: realmode with entry 0xFFFFFFF0
Make call to reset_vcpu_regs during create_vcpu and reset_vcpu
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If defined CONFIG_VM0_DESC, HV will use predefined vm0_desc
to config VM0,now it is unneccessary, then remove these code.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
TR selector initianlization using pre-defined HOST_GDT_RING0_CPU_TSS_SEL
rather than loading from register. Instead calculating real base address
of TSS based on TR selector and gdt, getting it from per cpu data.
Tracked-On: #1394
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- add missing brackets for 'if/else' statements based on MISRA-C
requirements
v1 -> v2:
* add brackets for each conditions in 'if' statements to improve
the readability
* modify 'ptdev_init' to make the logic clearer
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
In the current hypervisor design, when HPA is not
found for the specified gpa by calling gpa2hpa or
local_gpa2hpa, 0 will be returned as a error code,
but 0 may be a valid HPA for vm0; error checking
is missed when invoking gpa2hpa or local_gpa2hpa;
when invoking lookup_address, the caller guarantees
that parameter pointer pml4_page and pointer pg_size
is not NULL.
If local_gpa2hpa/gpa2hpa returns a invalid HPA,
it means that this function fails to find the
HPA of the specified gpa of vm. If local_gpa2hpa/gpa2hpa
return value is a valid HPA, it means that this
function have found the HPA of the specified gpa of vm.
Each valid vm's EPTP is initialized during vm creating,
vm's EPTP is valid until this vm is destroyed. So the caller
can guarantee parameter pointer pml4_page is not NULL.
The caller uses a temporary variable to store page size.
So the caller can guarantee parameter pointer pg_size
is not NULL.
In this patch, define a invalid HPA for gpa2hpa and
local_gpa2hpa;add some error checking when invoking
local_gpa2hpa/gpa2hpa;add precondition for lookup_address
function and remove redundant error checking.
V1-->V2:
Define INVALID_HPA as a invalid HPA for gpa2hpa
and local_gpa2hpa;
Updated related error checking when invoking
gpa2hpa or local_gpa2hpa;
V2-->V3:
Add some debug information if specified gpa2hpa
mapping doesn't exit and ept_mr_del is called;
Update INVALID_HPA definition easier to be reviewed.
V3-->V4:
Add vm->id and gpa into pr_error;
Add precondition to ept_mr_del to cover [gpa,gpa+size)
unmapping case.
V4-->V5:
Update comments;
Update pr_error message.
Tracked-On: #1258
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
- improve the readability of ept_cap_detect
right shift 32 bits of msr_val to check bits 63:32 of msr_val
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1.Function return type inconsistent
2.cast on a constant value
V1->V2 add () to return type
V2->V3 keep the sbuf_get and sbuf_put return code
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Expression should be boolean immediate before 'if','while' key-words.
V1->V2 add () to bool expression
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Page table operation would not fault except:
1. the hypervisor it out of memory to allcate a page for page table operation
2. there is a bug with page table operation in hypervisor or devicemodle
While we assue that these would not happened in our platform when release, so
there is no need to check whether there is a fault with page table operation. However,
for debug version, we would panic the hypervisor if we can't meet the conditions really.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Sometimes we need to invalidate cached translation information for guest
when change some bits in CR0/CR4 which related to paging. Here're two cases:
1. If there change some bits to enable/disable paging (mode) or access rights.
For CR0: PG/WP/CD/NW; For CR4: PGE/PSE/PAE/SMEP/SMAP/PKE
2. When guest using PAE paging, we should reload the PDPTE registers sometimes,
detail in SDM Vol 3 Chap 4.4.1 and Chap 4.11.1
Tracked-On: #1379
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add is_long_mode to check whether the processor is operating in IA-32e mode
add is_paging_enabled to check whether paging is enabled
add is_pae to check whether physical address extension is enabled.
Tracked-On: #1379
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Loop the global vm_array[] instead of the vm_list.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Replace dynamic memory allocation with static memory
-- Remove the parameter check if the vm is NULL
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch is ready for next one,we will switch from
pointer to embedded structures such as structure vcpu,
some const qualifiers can be improper and raise compilation errors,
this patch remove const qualifier for struct vm.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add active_polarity to decide what signal to call: GSI_SET_LOW, GSI_SET_HIGH,
GSI_FALLING_PULSE or GSI_RAISING_PULSE.
Tracked-On: #1269
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
There are chances that names with leading underscore declared by
developers are conflict with the ones reserved for the compiler.
What this patch does:
- rename these functions/variables/macros starting with
underscore to avoid such unintentational mistakes.
- remove gpr.h without any contents
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Commit 6085781 replaced __emalloc() with a call to uefi allocate_page()
and allows UEFI FW to allocate memory for hypervisor from high to low
address below 4GB. However, this change triggers an issue (might be
memory corruption), in turn, PXE boot cannot work.
Since root cause the issue might take some time, the PXE boot issue
blocks auto-test, we disable hypervisor relocation by default for the
time being in config option, and users can enable it by themselves. In
the following weeks, if we root cause the issue, we can re-enable
relocation feature.`
Tracked-On: #1371
Signed-off-by: Chaohong guo <chaohong.guo@intel.com>
The patch is replace irq_static_mappings type from 2 dimension array
into structure and one dimension array.
Tracked-On: #1375
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Reviewed-by: Jason Chen <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For SBL platform, struct acrn_vcpu_regs are used as boot context.
Now the boot_ctx is only for UEFI platform. Rename struct boot_ctx
to efi_context.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Add struct acrn_vcpu_regs and make struct boot_ctx based on
struct acrn_vcpu_regs.
vm0_boot_context is also changed from struct boot_ctx to struct
acrn_vcpu_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
We will define the hypercall to set acrn vcpu registers and
move this struct to acrn_commmon.h for reference from hypercall
parameter definition.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
struct seg_desc_vmcs is actually for segment descriptor vmcs fields.
Change its name to vmcs_seg_field
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The printf related functions have been called by other various
functions, e.g. get_ptdev_info(), get_ioapic_info, etc. The patch
is used to clear up the usage.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Current free_irq sequence will release vector first, then use the
released vector to free irq number.It will cause irq leak for MSI IRQ.
At present, there is no one to free the irqs which in irq_static_mappings,
So this patch will only make sure free non-gsi irqs.
Tracked-On: #1359
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Timer IRQ was static mapped IRQ.
It should not be cleaned up when one of the cpu dead.
The patch will retain the timer irq.
Tracked-On: #1359
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C states that a void procedure used in expressions is dangerous.
This patch removes the improper 'return' when calling the void procedure
'send_dest_ipi'.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- replace vpic/vioapic_xassert_irq() APIs
with vpic/vioapic_set_irq()
- unify the description of IRQ/PIN state in vpic. & vioapic.c
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. The wrong operand size is assigned in instruction decode phase
if the operand size is 1 byte.
According to the SDM, the bit 0(w bit) of opcode should be checked
first to detect whether the operand size is 1 byte. Then, check
whether there is prefix to overwrite the default operand size.
The original instruction decode doesn't care about the operand
size. But do opsize fixup during instruction emulation phase.
With ACRN we need operand size packed to ioreq and send to DM
after instruction decode.
2. We should always touch the GPA by following opsize to avoid side
effect (especially when GPA is for a MMIO).
Tracked-On: #1337
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fixes the following issue pointed by Xiangyang and Junjie.
There are some macro arguments acting as formal parameter names.
Drop such arguments since they make no difference to the expanded
implementation and they might confuse some developers.
Here is an example.
'ptr' is dropped in this patch, which is acting as a formal parameter
name and make no difference to the expanded implementation.
-#define build_atomic_load(name, size, type, ptr) \
+#define build_atomic_load(name, size, type) \
static inline type name(const volatile type *ptr) \
{ \
type ret; \
asm volatile("mov" size " %1,%0" \
: "=r" (ret) \
: "m" (*ptr) \
: "cc", "memory"); \
return ret; \
}
Some minor coding style fixes are also included in this patch.
- use TAB for the alignment rather than mixing TAB with space
- fix some typo in the comments
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
merge hv_lib.h and hypervisor.h into one file
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, the warning is promoted to error. The warning break ACRN
release build.
Tracked-On: #1343
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the compiler warning and turn on the flag to make
compiler warning as compiler error.
Tracked-On: #1343
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, hypervisor doesn't have the information of pci devices
on the platform when init. In order to reduce boot time and memory
usage, hypervisor set a bus limitation for pci devices when init vtd.
However, maximum bus number varies on different platforms.
This patch add a config for the bus limitation.
Set 0xF as the default value for the maximum bus number on sbl platform.
Set 0xFF as the default value for the maximum bus number on uefi platfrom.
Tracked-On: #1339
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that there should be no unused parameters in
functions.
This patch removes the unused parameters that is not being used
unconditionally.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently the acrn-hypervisor is using the PLATFORM_IPI vector to notify
the sos_kernel. And then sos_kernel will handle the notification from acrn
hypervisor in PLATFORM_IPI ISR. But as the PLATFORM_IPI ISR can be registered
by the other modules, it will have the conflict when trying to register
acrn intr ISR. So the HYPERVISOR_CALLBACK_VECTOR will be used instead.
In order to switch the notification vector from PLATFORM_IPI to
HYPERVISOR_CALLBACK_VECTOR, one API is added so that sos can configure
the up-notifier interrrupt vector.
Tracked-On: https://github.com/projectacrn/acrn-hypervisor/issues/1325
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC checks whether a variable is assigned a value not used in
all branches of a program. Var value which is unused on all paths
can be removed with a consequent improvement in the readability
and efficiency of the code. This patch is used to fix these
violations.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires that there should be no unused parameters in
functions.
In some cases, we will keep the unused parameters.
vmexit handler is one example. It is used as function pointer.
Some of the vmexit handlers use the input parameter 'vcpu', some of
them don't. We still need to keep the unused parameters 'vcpu' for
those handlers don't use 'vcpu'.
This patch removes the unused parameters that is not being used
unconditionally.
v1 -> v2:
* remove the non-implemented API 'vlapic_id_write_handler'
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that every switch case shall be terminated with break
to avoid the unintentional fall through.
The code will become redundant if we enforce this rule.
So, we will keep the current implementation for the following two cases.
1. The fall through is intentional.
2. The function is returned in the switch case.
If we decide to eliminate the mutiple returns in one function later,
this case would be handled properly at that time.
What this patch does:
- add the mssing break for the default case
- add the pre condition for some functions and remove the corresponding
panic which will never happen since the function caller could guarantee
the pre condition based on the code implementation
v1 -> v2:
* remove the redundant cases above default in 'vlapic_get_lvtptr'
* add the similar pre condition for 'lvt_off_to_idx' as
'vlapic_get_lvtptr' since all the function callers could guarantee it
* remove the assertion in 'lvt_off_to_idx' since the pre condition
could guarantee that the assertion will never happen
* add the similar pre condition for 'vpic_set_irqstate' as
'vioapic_set_irqstate' since all the function callers could guarantee it
* remove the assertion in 'vpic_set_irqstate' since the pre condition
could guarantee that the assertion will never happen
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Convert GSI_MASK_IRQ and GSI_UNMASK_IRQ to inline functions.
v1 -> v2:
After changing GSI_MASK_IRQ and GSI_UNMASK_IRQ from MACROs to functions,
'gsi_(mask|unmask)_irq' are the exposed APIs and 'irq_gsi_mask_unmask'
becomes internal.
In order to reflect this change,
- change 'irq_gsi_mask_unmask' as internal function in ioapic.c
- declare 'gsi_(mask|unmask)_irq' in ioapic.h
- define 'gsi_(mask|unmask)_irq' in ioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The hypercall can be used by SOS/DM to monitor UOS
pass-thru devices' interrupt data; and if an "interrupt
storm" happens in UOS, it can be used to delay the UOS
PTdev interrupt's injection for sometime.
The two functions are implemented by one hypercall with
two sub-commands, and with the data/params in the buffer.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch is to enhance the feature of "interrupt storm
mitigation"; when interrupt storm happens on one UOS
it should keep as smaller effect to SOS as possible.
Add variables in PTdev entry & VM, used to record one
UOS's pass-thru devices' interrupt data; add a function
to collect the data.
Also add a timer used to delay UOS pass-thru devices'
interrupt injection if an "interrupt storm" detected
by SOS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Current code enables IOMMU from init_iommu_vm0_domain which is called
from vm0/sos boot sequence. For partition mode VMs, this is not called as
VMs are numbered from 1.
This patch adds support to initialize root table pointer for each IOMMU
and enable all IOMMUs from init_iommu. Hence IOMMUs are enabled even
though ACRN does not boot vm0.
This patch also has changes to fix#1270.
Tracked-On: #1246#1270
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Logically, out-of-range access won't happen at these places. However, it
depends on the behaviour of other codes.
This commit makes changes to explicitly eliminate the possibility in these
functions.
Tracked-On: #1235
Signed-off-by: Yan, Like <like.yan@intel.com>
- use sizeof(struct lapic_regs),instead of arbitrary size
to lear 'apic_page' memory region in vlapic.c
- fix potential buffer overflow issues in vpic.c & ioapic.c
Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If CONFIG_CONSTANT_ACPI is true, then the value in host_acpi_info structure
is constant. Otherwise the host_acpi_info value could be overrided.
This is useful when platform ACPI table value is not fixed in Bootloader
before production.
In production release, this config should be set to yes.
Tracked-On: #1264
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC has requirement about implict conversion: actual to formal
param. This patch is used to fix part of these violations.
1.Add a new structure seg_desc_vmcs to hold the VMCS field address of
segment selector to clean up seg_desc structure.
2.Add the definition of maximum MSI entry and the relevant judgement.
3.The violations in shell.c, logmsg.c will be fixed in other series of
patches with modification of function snprintf(), vsnprintf() and other
related usages.
v1->v2:
*Move the definition of struct seg_desc_vmcs from instr_emul.h to
instr_emul.c.
*Modify the formal parameter type in function definition from uint8_t
to char instead of using cast.
*Drop the const declaration for char data in formal parameter.
v2->v3:
*update the data missing conversion.
*change type of internal parameter len to avoid casting in npklog.c.
*change the conversion from signed char to unsigned int in
uart16550_getc() to solve sign-extension.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C states that redundant macros reduce the maintainability of code.
In some cases, we would like to keep the current unused macros for code
completeness, such as cpu registers. These macros might be used later.
This patch removes some unused macros that is not critical for code
completeness.
v1 -> v2:
* Keep TRUSTY_VERSION in trusty.c.
Yadong will cook another patch which will utilize TRUSTY_VERSION.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current hypervisor hypercall, first all vcpu is
allocated to SOS, vcpu's vm field is initialized to vm0.
When the vcpu is offlined, vcpu will be paused and vcpu's
vm field is set as NULL by DM. When UOS is created, vcpu's
vm field is set as UOS's vm. So when vmcall_vmexit_handler
is invoked, vcpu's vm filed is always non-NULL.
error checking for vm pointer is done in the function
"vmcall_vmexit_handler", vmcall_vmexit_handler will
guarantee that vm is vm0.
So all hypercall functions (these functions is just for handler
hypercall, except vmcall_vmexit_handler) don't need to check
whether invoking vm is NULL and don't need to check whether
invoking vm is vm0 or not.
Remove related invoking vm error checking for hypercall handling.
V1 --> V2:
Add pre-condition for hypercall in the head file.
V2 --> V3:
Add pre-condition for copy_from_gpa and copy_to_gpa.
V3 --> V4:
Add pre-condition both in the head file and source file.
Tracked-On:#1258
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Current code enables IOMMU from init_iommu_vm0_domain which is called
from vm0/sos boot sequence. For partition mode VMs, this is not called as
VMs are numbered from 1.
This patch adds support to initialize root table pointer for each IOMMU
and enable all IOMMUs from init_iommu. Hence IOMMUs are enabled even
though ACRN does not boot vm0.
Tracked-On: #1246
Signed-off-by: Sainath Grandhi sainath.grandhi@intel.com
In current code of suspend_iommu/resume_iommu, there is potential buffer overflow
according to the code.
This patch put the buffer to struct dmar_drhd_rt, so that no need to access the buffer
via index.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Tracked-On: #1252
Acked-by: Eddie Dong <eddie.dong@intel.com>
The vie->opcode should be updated when decode_two_byte_opcode(),
otherwise for two bytes opcode emulate(movzx/movsx) will fail.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
MISRAC has requirements about literal value requires a U suffix and
signed/unsigned conversion with cast. This patch is used to solve
these violations.
v1->v2
*Drop the cast of sz from uint32_t to int32_t, the signed/unsigned
violation of nchars will be solved by other patch together with
printf/sprintf/console/vuart/uart code.
*Delete the unnecessary L suffix of shifting operand.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Reviewed by: Junjie Mao <junjie.mao@intel.com>
According to SDM 4.6 Access Rights definition, if SMAP/SMEP
is enabled, more conditions are used to decide the access rights
like SMAP/SMEP, EFLAGS.AC, R/W bit in every paging-structure entry
for page walking.
This patch add the check to guest page walking function and inject
page fault accordingly.
Tracked-On: #1207
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The current movs emulation has issues:
1. it use gva to get/put data.
2. it only support src and dst operand are memory which does not
apply to our case (one of them should be mmio and triggers
EPT voilation).
This patch fix the issue by:
1. convert the address from gva to hva before access it.
2. handle mmio emulation.
Also fix the issue introduced by previous instruction reshuffle
patchset:
1. the desc validation should be only applied to none-64bit mode.
2. gva2gpa should be given correct guest virtual address.
Specailly for movs, we cache the dst gpa if the check during
movs decoding success. And use it directly during movs
emulation.
Tracked-On: #1207
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Tested-by: Qi Yadong <yadog.qi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- replace the usage of mdelay with udelay
- remove lib/mdelay.c
- rename udelay.c to misc.c
future other small APIs could put in misc.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vlapic' in 'struct vcpu_arch' from pointer
to instance
-- add inline function(vcpu_vlapic) in vcpu.h
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
move structure vlapic_pir_desc/vlapic_timer/
acrn_vlapic from vlapic_priv.h to vlapic.h
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace pointer with static memory for apicv_apic_access_addr
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace pointer with static memory for msr_bitmap
inside structure vm_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace vmcs pointer with static memory for vmcs region
inside structure vcpu_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In function start_cpus, we allocated memory under 1M when
preparing AP trampoline code.
With S3 feature enabled, start_cpus is called every time after
ACRN resume from S3 which leaks the allocated memory for AP
trampoline code.
To avoid memory leak, move the AP trampoline preparing function
out of start_cpus to make sure the memory for AP trampoline is
only allocated one time when system boot.
Tracked-On: #1156
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Zide Chen <zide.chen@intel.com>
- convert function like macros to inline functions based on MISRA-C
requirement
- remove some unused and duplicated macros
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
as SOS mapped all memory at the beginning, so trap vlapic need unmap its
memory; for UOS, there is no need as UOS never mapped it.
Tracked-On: #1124
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
error message for "read" or "write" was incorrect.
for developers, we just need print out direction & type value.
Tracked-On: #875
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
for each pass-thru device and its entry owned by one VM, so
change the pass-thru device's softirq lock & entry list into
per VM, so one VM's PT device interrupt process will not
interfere with other VMs; especially in case one user OS
"interrupt storm" happens, it will have little effect on
service OS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
