Regarding SGX, guests could access CPUID.07H.EBX[2] before query CPUID
leaf 12H.
Intel SDM 36.7.2: "If CPUID.(EAX=07H, ECX=0H):EBX.SGX = 1, the processor
also supports querying CPUID with EAX=12H on Intel SGX resource capability
and configuration."
Clear CPUID.07H.ECX[30] SGX_LC to make the guest view consistent.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
`@return` is dedicated for brief description of return values, not for comments
stating actual return values. In addition, sphinx + breathe does not join
multiple adjacent `@return`. This results in multiple `Return` sections in the
generated document, which is confusing.
This patch replaces `@return` with `@retval` for the lists of return
values. Adjacent `@retval` can be joined into one list by breathe.
v1 -> v2:
* Replace return value descriptions like `negative` and `positive` with
expressions like `<0` and `>0` in `@retval`.
* Keep the list of `@retval` comprehensive, even when there is a `@return` to
generally describe what the return value means.
* Drop duplicated `@return` when it does not give more information than the
`@retval` list.
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
It is preferred to state the absence of a return value explicitly in the
doxygen-stile comments. Currently there are different styles of doing this,
including:
@return None
@return NULL
@return void
@return N/A
This patch unifies the above with `@return None`.
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
As SOS has already adapted to the new state transition of VHM requests for a
month, the old `valid` field can now be safely obsoleted.
This patch changes the `valid` field as reserved and drops all the code that
reads or modifies this field for backward compatibility. The embedded comments
are updated accordingly, following the doxygen style.
Tracked-On: #875
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Boot component prepares the very basic platform boot env. It finally call
into platform initilization entries:
- bsp_boot_init & cpu_secondary_init for start up
- or restore_s3_context for wakeup
This patch just move files into reorg dir.
Tracked-On: #1842
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
V1->V2:
make the return value match to int32_t
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
seperate the function definitions into debug/release directories
to better distinguish debug/release libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
seperate the function definitions into debug/release directories
to better distinguish debug/release libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
seperate the function definitions into debug/release directories
to better distinguish debug/release libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
seperate the function definitions into debug/release directories
to better distinguish debug/release libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
seperate the function definitions into debug/release directories
to better distinguish debug/release libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
seperate the function definitions into debug/release directories
to better distinguish debug/release libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
seperate the function definitions into debug/release directories
to better distinguish debug/release libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch remove early logbuf support which is used to hold
log massges before shared buf setup by SOS.
Tracked-On: #1801
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
Currently guest IA32_TSC_AUX MSR is loaded manually right before VM
entry, and saved right after VM exit.
This patch enables VM-Entry Control and VM-Exit Control to switch
MSR IA32_TSC_AUX between host and guest automatically. This helps to
keep vcpu_thread() function and struct acrn_vcpu cleaner.
Also it removes the dead code of intercepting IA32_TSC_AUX.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG related to shell command in assign.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG in vioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG in ioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now if the vmexit reason is virtulized EOI for level triggered
interrupts, HV will loop all the ptdev entries, it is time-consuming,
this patch add vpin to ptdev entry mapping for vpic and vioapic
when add intx entry for a vm,it can use the ptdev entry directly
according to the mapping for vpin and ptdev entry when EOI vmexit.
v3-->v4:
-- add check vpin in remove_intx_remapping
-- move check vpin from ptdev_add_intx_remapping to add_intx_remapping
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
-- Config MAX_PT_IRQ_ENTRIES 64 in Kconfig
-- Remove ptdev list
-- Add alloc_ptdev_entry_id api
v3-->v4:
-- move is_entry_active from assign.c to ptdev.h
-- Add clear active flag in release_entry
v2-->v3:
-- Remove redundancy active check for ptdev entry
in release_all_entries and get_ptdev_info
v1-->v2:
-- split to small patches
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
- fix code style: mix of tab and white spaces, alignments, etc.
- remove not meaningful comments. Also these comments are below the
source code which makes the code look messy.
- add more MSR register definitions
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch introduce a new mode of IO request completion, polling mode.
Now, the sketch of ioreq process can be,
A. UOS vcpu0 generate PIO/MMIO ->
B. pcpu1(vcpu0 of UOS) trap into HV ->
C. pcpu1 build ioreq, send IPI and enter idle ->
D.1 pcpu0(vcpu0 of SOS) response IPI,
D.2 pcpu0 handle the ioreq in HV, kernel, DM,
D.3 pcpu0 mark ioreq as complete,
D.4 pcpu0 hypercall to enter HV ->
E.1 pcpu0 send IPI to wake pcpu1 up
E.2 UOS vcpu0 continue running
With this change, it skips D.4, E.1 steps. In step C, pcpu1 will enter a
polling ioreq state idle after send out the IPI.
It can save about ~5000 cpu cycles.
In polling mode, we do the polling in idle instead of pause cpu all the
time. It will consume more power. A better way is to use monitor/mwait
instructions which can put cpu into a sleep state with monitoring a
memory address. Unfortunately, APL has bug with monitor. We can gather
all ioreqs state into one monitorable memory and take advantage of
monitor/mwait for future platform.
The way polling or notification is per VM. We can config VMs in
different mode. By default, IO request completion will use notification
mode for all VMs. We can switch it by Kconfig.
Tracked-On: #1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch adds more comments to describe the structures and functions of vtd
that are public to the other components in the hypervisor. The comments are in
doxygen-style for document generation.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Becuase the number of character of a line is 120.
Merge lines for a statement if needed.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG in hypercall.c and vmcall.c
TO-DO:
Enhance Makefile to compile debug/release into 2 libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
CSE FW uses an AEK (Attestation keybox Encryption Key) to encrypt the keybox
with AES-256-GCM algorithm before sending it to Android/Trusty. This key is
derived from the latest platform Seed by CSE FW with KDF (key derivation function)
HMAC-SHA256. After Trusty retrieves this encrypted keybox over HECI/MEI driver,
Trusty needs the same AEKkey to decrypt it. Hence, before Trusty launches,
Hypervisor derives the same AEK key from Platform Seed with the same algorithm
and the same derivation parameters, then sends this AEK along with Trusty vSeed
to Trusty world memory.
Since Platform Seed is only visible to Hypervisor and it must not be
sent to any guest VM, only Hypervisor can derive this AEK from this
Platform Seed, just like previous per-Trusty virtual Seed derivation.
Please note that Android Attestation Keybox is shared in a single hardware
platform, so all the Trusty instance/world can get the same AEK for
decryption even if there are multiple Android User OS/VMs running
on top of Hypervisor.
v1 --> v2:
Add detailed description why we need the patch to derive an extra key
v2 --> v3:
Convert API descriptions to Doxygen
Tracked-On: #1812
Reviewed-by: Bing Zhu <bing.zhu@intel.com>
Reviewed-by: Kai Wang <kai.z.wang@intel.com>
Signed-off-by: Chen Gang G <gang.g.chen@intel.com>
Acked-by: Bing Zhu <bing.zhu@intel.com>
Register separate I/O emulation handlers for I/O port CF8 and CFC. This
makes the code simpler, and offers some flexibilities to be able to handle
CF8 and CFC ports differently.
Tracked-On: #1815
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
An I/O handler is not linked to the I/O access size, so in searching for
the registered I/O handler, don't need to check the I/O request's access
size.
In struct vm_io_handler_desc, change fields addr and len to port_start and
port_end respectively to adapt to this change.
Tracked-On: #1815
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. CPU_SEG_WRITE->CPU_SEG_READ: it's actually seg read
2. 0x%hu -> 0x%x: it need print hex format
Tracked-On: #1833
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
- Remove the usage of HV_DEBUG in hv_main.c
The usage of HV_DEBUG in hv_main.c is for the shell command 'vmexit'.
Since vmexit info has been captured by acrntrace, there is no need to
keep this duplicated feature in shell command.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Adding Kconfig option to define the vuart port base address/IRQ.
By default, use 0x3F8/IRQ4. For MRB, use 0x3E8/IRQ6.
We are experiencing problems on NUC after changing from 0x3F8/IRQ4
to 0x3E8/IRQ6.
Tracked-On: #1817
Change-Id: Ie407e51a7bc25ac0bb4c61453c969f1466fa33ca
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Due to the side-effect to cache of "wbinvd" instruction, just apply it
in case of noncoherent DMA.
Tracked-On: #1824
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
ioreqs acrossing VM reset is meaningless. So we reset their status when
VM reset.
Please note, device model and service os need to handle various ioreqs
pending status in emergency reset condition carefully. Otherwises, the
post processing of such ioreqs might overwrite this reset.
Tracked-On: projectacrn#1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the function call in which the returned
value is discarded shall be clearly indicated using (void).
This patch fixes the violations related to the following
function calls.
- instr_check_gva
- vlapic_set_local_intr
- prepare_vm
- enter_s3
- emulate_instruction
- ptdev_intx_pin_remap
- register_mmio_emulation_handler
v1 -> v2:
* discard the return value of enter_s3
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
fix the following integer violations:
1. Signed/unsigned conversion without cast
2. Literal value requires a U suffix
3. Implicit conversion of underlying type
v3 -> v4:
* change the type of npk_loglevel/mem_loglevel/console_loglevel
from uint32_t to uint16_t
v2 -> v3:
* discard the return value of update_ept
* discard changes related to npk loglevel
v1 -> v2:
* remove the unnecessary changes related to the false positive
issues caused by scanning tool
* change the type of the local variable 'vlapic_id' from uint8_t
to uint32_t in function 'vlapic_build_id'
* change the type of the struct member 'flags' in shared_buf from
uint64_t to uint32_t
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the function call in which the returned
value is discarded shall be clearly indicated using (void).
This patch fixes the violations related to the following
function calls.
- vlapic_set_intr
- vlapic_intr_edge
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Misra C reqires assembly code should comply with
the rules list below:
The assembly code's functionality should match the function's
name.If not,pls encapsulate the assembly code and give a suitable
name for describing the functionality.
V1->V2:
1.remove the dead code
2.update detail comment
V2->V3:
1.replace the macro name with upper case.
2.remove the typedef and rename the struct name
"_descriptor_table_" to "descriptor_table".
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Config MAX_EMULATED_MMIO_REGIONS 16 in Kconfig
-- Add emulated mmio array and emulated mmio regions
in vm structure
-- Remove mmio list in vm structure
-- Remove unregister_mmio_emulation_handler and
vioapic_cleanup APIs
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Add emulated port io index
-- Add emulated pio array in vm structure
-- Remove port list in vm structure
-- Remove free_io_emulation_resource/register_io_handler/
create_io_handler APIs
v2-->v3:
-- not add 'is_emulated', check len == 0U
-- Check if io_read/io_write handler is NULL before calling
-- Replace ENUM with MACRO for emulated pio index to avoid
MISRA-C violations
v1-->v2:
-- Remove EMUL_PIO_NUM in Kconfig, add emulated pio index
for PIC/PCI/UART/RTC/PM
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The the bdf(bus/dev/func) is used to determine which pass-through device should
be assigned/released. Now the hypervisor parses the corresponding bdf from the guest
physical address when hcall_assign_ptdev/hcall_deassign_ptdev is called.
As it is only uint16_t, it is unnecessary to use the GPA to pass the bdf parameter.
Instead the parameter can be used as the bdf directly.
In order to keep the compatibility, it still can get the bdf by using
copy_from_gpa when SOS passes the parameter based on the buffer. But this will
be depreciated.
This is based on the assumption that the GPA in SOS is greater than 0x10000
when one buffer is allocated to pass the corresponding hypercall parameter.
After the SOS uses the bdf to pass the hypercall paremeter, we can remove the code
that gets the bdf by using copy_from_gpa.
V1->V2: Add some comments for hcall_assign_ptdev/hcall_deassign_ptdev.
Tracked-on: #1751
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the controlling expression of an if statement or
an iteration-statement shall be Boolean type.
v1 -> v2:
* update the U suffix of constant to let the type of operands
to bit operations (&) is the same.
* update the type of 'i' from uint64_t to uint16_t in
'profiling_set_control' since it is limited by phys_cpu_num,
which is uint16_t.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Use pre-defined inline function for pci bus/slot/function calculation.
Tracked-on: #1747
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The old doc update commit changed the code by accident and broke
release version build. This patch fix the release build issue.
Tracked-On: #1595
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Fix the integer violations related to the following rules:
1. The operands to shift operations (<<, >>) shall be unsigned
integers.
2. The operands to bit operations (&, |, ~) shall be unsigned
integers.
- Replace 12U with CPU_PAGE_SHIFT when it is address shift case.
v1 -> v2:
* use existed MACRO to get bus/slot/func values
* update PCI_SLOT MACRO to make it more straightforward
* remove the incorrect replacement of 12U with CPU_PAGE_SHIFT
dmar_fault_msi_write
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The print_param struct's member emit who is used for callback,
the forth parameter of it is used for transmit the private data
of the "print_param".
The type translation between "void *" and private date broke the
violations.
Use the same type to fix it out.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Xu Anthony <anthony.xu@intel.com>
Fixed the condition to be able to collect MSR sample data
Also populating addition information to help identifity appropriate data
Tracked-On: #1693
Signed-off-by: Manisha Chinthapally <manisha.chinthapally@intel.com>
For data structure types "struct vm", its name is identical
with variable name in the same scope. This is a MISRA C violation.
Naming convention rule:If the data structure type is used by multi
modules, its corresponding logic resource is exposed to external
components (such as SOS, UOS), and its name meaning is simplistic
(such as vcpu, vm), its name needs prefix "acrn_".
The following udpates are made:
struct vm *vm-->struct acrn_vm *vm
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For data structure types "struct vcpu_arch", its name
shall follow Naming convention.
Naming convention rule:If the data structure type is
used by multi modules, its corresponding logic resource
is exposed to external components (such as SOS, UOS),
and its name meaning is simplistic (such as vcpu, vm),
its name needs prefix "acrn_". Variable name can be
shortened from its data structure type name.
The following udpates are made:
struct vcpu_arch arch_vcpu-->struct acrn_vcpu_arch arch
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For data structure types "struct vcpu", its name is identical
with variable name in the same scope. This is a MISRA C violation.
Naming convention rule:If the data structure type is used by multi
modules, its corresponding logic resource is exposed to external
components (such as SOS, UOS), and its name meaning is simplistic
(such as vcpu, vm), its name needs prefix "acrn_".
The following udpates are made:
struct vcpu *vcpu-->struct acrn_vcpu *vcpu
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
This patch adds more comments to describe the structures and functions that are
public to the other components in the hypervisor. The comments are in
doxygen-style for document generation.
v2 -> v3:
* Reformat the flow in the doc for vhm_io_request.
v1 -> v2:
* Fix typos and inconsistencies in the comments.
* Wrap the text-based diagram in the doc for vhm_request in @verbatim
Tracked-On: #1595
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch adds more comments to describe the structures and functions of vtd
that are public to the other components in the hypervisor. The comments are in
doxygen-style for document generation.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
This patch adds more comment to describe functions that are
interfaces to the other modules in the hypervisor. The comments
are in doxygen-style for document generation.
V1-->V2:
Rebase
Tracked-On: #1595
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
This patch adds comments to the main public functions
of vCPU in the hypervisor. The comments are in doxygen-style
for document generation.
Tracked-On: #1595
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
ACRN, in partition mode, supports LAPIC pass-thru to guests. Guest needs
to use x2APIC mode of LAPIC for pass-thru to be enabled.
ACRN also needs the user to configure lapic_pt to true in vm_desc
for the VM.
Interrupt Command Register (ICR) is the only APIC register that is
intercepted. Reference code in partition/vm_description.c enables
LAPIC pass-thru for vm2.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch adds support for self-IPI virtualization when guest
uses vLAPIC in x2APIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
When guest switches from xAPIC mode to x2APIC mode of vLAPIC operation,
MSRs are used to access vLAPIC. This patch adds APICv support for
MSR accesses to vLAPIC. Switching from xAPIC to x2APIC is supported via
APIC BASE MSR. Other modifications like disabling and switching back to
xAPIC are not supported.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch adds support to return APIC ID if guest uses vLAPIC
in x2APIC mode.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
This patch converts x2APIC MSR accesses to corresponding LAPIC MMIO offset to
utitlize vlapic_write/read APIs to virtualize LAPIC. Also adds support to inject
GP fault when read-only registers are attempted to be written to or vice versa.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
Accessing x2APIC MSRs in xAPIC mode should result in GP exception according
to SDM section 10.12.2. Adding support to ACRN to inject GP into guests for
the same reason.
Tracked-On: #1626
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Xu Anthony <anthony.xu@intel.com>
Replace dynamic memory allocation in memory management with static memory allocation.
Since the static memory allocation can guarantee the allocation never failed, so
split_large_page and construct_pgentry don't need to return a errno any more.
Besides, the destroy_ept don't need to free page any more. Instead, it would memset
the eptp to 0 to make sure we can't walk this paging table again.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Add static paging table allocation API for EPT.
Note: must configure SOS/UOS_REAM_SIZE exactly as the platform.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Add static paging table allocation API for hypervisor.
Note: must configure PLATFORM_RAM_SIZE and PLATFORM_MMIO_SIZE exactly as the platform.
Rename RAM_START/RAM_SIZE to HV_RAM_START/HV_RAM_SIZE for HV.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
It's possible that the up_count_spinlock is not release during
system enter S3. The case is like following:
BSP AP
stop_cpus cpu_dead
cpu_set_current_state
spinlock_abtain
up_count--
wait_for up_count == 1
enter S3
spinlock_release
Especially, considering the real spinlock release could be delayed
by cache.
Actually, the most content protected by up_count_spinlock is per
cpu data and could be changed without lock. Only left is up_count.
This patchset remove the up_count_spinlock and use atomic API
for up_count changing.
Tracked-On: #1691
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
on KBL-NUC when input "vmexit" in hypervisor console,
the console or HV/SOS could be hung, the root cause is:
the log buffer is overflow for 8 CPU cores info.
to resolve the issue:
1. increase the shell log buffer size according to the
physical CPU max number
2. check the snprintf return value, if no buffer left,
just return.
Tracked-On: #1587
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
After enabling vPCI in hypervisor for vm0, UOS may not able be launched
successfully. Consider this scenario (take MSI-X for example):
- DM makes hypercall to hypervisor to do MSI-X remapping on behalf of
UOS guests.
- After the hypercall, VHM module in SOS kernel updates the physical
MSI-X table with the physical Message Data/Addr.
- These MMIO write requests are intercepted by hypervisor, which will
call ptdev_msix_remap() to do MSI-S remapping.
It may fail due to 2 possible reasons:
1) wrong target VM because:
hypervisor thinks it's a VM0 MSI-X device but they have been registered
as UOS guests through HC_SET_PTDEV_INTR_INFO hypercall.
2) wrong ptdev_msi_info->vmsi_data because:
The virtual MSI-X table is supposed to hold virtual Message data/addr
but the SOS VHM writes the physical ones to it.
This patch resolves these problems by ignoring the HC_VM_PCI_MSIX_REMAP
hypercall, so virtual and physical Message Data are the same from SOS'
perspective and it won't mess up the virtual PCI device in HV.
Also in HC_SET_PTDEV_INTR_INFO handler, vpci updates the target VM
when the PCI devices are assigned to different VMs.
The UOS' MSI/MSI-X remapping is triggered by hypervisor when SOS (either
DM or VHM) updates the Message Data/Addr.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
If PBA or other data structures reside in the same BAR with MSI-X,
devicemodel could emulate them and make hypercall SET_MEMORY_REGION
to setup EPT for vm0.
Hypervisor can not intercept the whole range of this BAR, but only
the minimum 4KB pages that cover the MSI-X Table.
Tracked-On: #1568
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Fixed the following violations:
- Widening cast on complex integer expression
- Casting operation to a pointer
- Static procedure is not explicitly called in code analysed
Tracked-On: #1568
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For SOS BSP, we reuse native saved cs.limit
For UOS BSP, we set cs.limit in DM
For AP, we use initialized data from realmode_init_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
Save the native cs limit and reuse it for SOS cs limit. To remove
the hardcode of cs limit for guest in hypervisor.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
--Config LOG_BUF_SIZE 256KB for per cpu
--Replace 'calloc' with static array for sbuf
--Rename 'alloc_earlylog_sbuf' to 'init_earlylog_sbuf'
--Remove deadcode sbuf_free
v2-->v3:
-- put the buffer into per_cpu data structure
v1-->v2:
-- add 'is_early_logbuf' in percpu data structure used for
check if need to do 'do_copy_earlylog'
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- flush L1 cache before VM entry only on platform
affected by L1TF
- flush operation is configurable by below MACRO:
--CONFIG_L1D_FLUSH_VMENTRY_ENABLED
Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
- detect if current processor is affected by L1TF
- detect the presence of of "IA32_FLUSH_CMD(MSR 0x10B)
if processor is affected by L1TF.
Tracked-On: #1672
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
The operands to shift operations (<<, >>) shall be unsigned integers.
v1 -> v2:
* replace 12U with CPU_PAGE_SHIFT when it is address shift case.
* replace 6UL with 0x6UL
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace list of iommu_domains with static array
Tracked-On: #861
Signed-off-by: Tw <wei.tan@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Predefine a dmar_drhd_rt table for all possible dmar unit
Tracked-On: #861
Signed-off-by: Tw <wei.tan@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Below functions are deprecated, remove them from hypercall.h
hc_assert_irqline()/hc_deassert_irqline()/hc_pulse_irqline()
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Compared with partition_mode.c, the major difference between them is
the list of PCI devices is statically defined or dynamically
enumerated and allocated.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Similar to MSI emulation, this patch emulates the Message Control word
within MSI-X Capability Structure.
Also it emulates MSI-X table. MSI-X remapping is triggered when the guest
is changing the Mask bit in Vector Control, or the Message Data/Addr when
MSI-X Enable bit is set.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Emulate MSI Capability structure for vm0 in sharing mode:
- it intercepts the IO requests for MSI Capability structure, emulates
the Message Control word, and bypasses all other I/O requests to the
physical device.
- criteria to trigger MSI remapping: MSI Enable bit is being changed,
Message Data/Addr is being changed when MSI Enable is set.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Add 'struct vpci_ops *ops' to 'struct vpci' so we have clearer structure:
- struct vpci: include struct vpci_ops pointing to different callback
functions for partition or sharing mode repsectively.
- struct pci_vdev: includes struct pci_vdev_ops to handle different vpci
functionalities:
hostbridge emulation
passthrough device BAR emulation
msi/msi-x remapping
This patch moves the code around but doesn't change the underlying logic
in terms of PCI spec handling. More detailed implementation:
- create new file partition_mode.c to house the implementation of partition mode
regarding the vpci layer.
- vpci.c: only keeps the abstract code which calls vpci->ops to functions
in partition_mode.c, and potentially to sharing_mode.c.
- the following functions are moved to partition_mode.c and renamed with
partition_mode prefix.
- vpci_init() -> partition_mode_vpci_init()
- vpci_cleanup() -> partition_mode_vpci_deinit()
- pci_cfg_io_write() -> partition_mode_cfgread()
- pci_cfg_io_read() -> partition_mode_cfgwrite()
Track-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
commit 026ae83bd5 ("hv: include: fix 'Unused procedure parameter'")
removed the then unused parameter handler_private_data from
hv_mem_io_handler_t because MISRA-C requires that there should be no
unused parameters in functions.
This patch removes vcpu from the parameter list as well since this may
not be used by all users. Also it brings back handler_private_data which
is more flexible. For example, vioapic_mmio_access_handler() can use it
to pass vcpu pointer.
Tracked-On: #861
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- It starts from scaning bus 0 and scan other buses only if it is referred
as a Secondary Bus by a PCI-to-PCI bridge.
- Skip to next device if function 0 is not implemented.
- Don't enumerate function 1-7 if a device is not a multi-function device.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In order to allow these functions to be called without an associated
struct pci_pdev (for example, at the time of PCI bus enumeration), these
two functions can not take the struct vdev as input parameter.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- It makes more sense to return bool from pci_bar_access()
- other minor changes for cleanup
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Don't have any logical changes.
- add more common PCI macros
- remove redundant definitions in dmar_parse.c
- move all the common mascos from vpci.h to pci.h
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
--remove 'calloc' for pcpu, change it to static array
--rename 'init_percpu_data_area' to 'init_percpu_lapic_id'
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
--Removed MAX_PCPU_NUM in cpu.h
--Changed the default value from 128 to 8 for
MAX_PCPU_NUM
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
sbuf.h:
Added new shared buffer types for SEP and SOCWATCH
profiling.c
sbuf_next_ptr - returns address of next available buffer
profiling_sbuf_put_variable:
This function allows to write data of variable size into shared buffer.
profiling_generate_data:
Read profiling data and transfer to SOS
Drops transfer of profiling data if sbuf is full/insufficient and log it
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
irq.c/.h:
Added new variables(ctx_rflags, ctx_rip, ctx_cs) in irq_desc
On each interrupt this information is populated
Added api's to access the irq_desc members
profiling.c:
profiling_pmi_handler:On each PMI generates gets the context and other information that caused it
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
profiling_vmenter_handler:Saves vm information
profiling_vmexit_handler: Saves vm information and vm exit reason
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
MSR operations are directly done based on physical cpu's
profiling_handle_msrops:
Per cpu function, performs the MSR operations (Read, Read clear,Write)
For SOCWATCH/ power tool, generates MSR samples.
profiling_msr_ops_all_cpus :
Receives required information for MSR operations from guest,
SMP calls profiling_handle_msrops,
Copies the information collected to guest
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
profiling_set_control:
Receives tool control information from guest and sets control switches accordingly,
tool control information includes:
type - sep/socwatch
action - Start/stop
feature - What to collect(core/lbr/vm switch)
This function provides interface to start and stop profiling data collection
profiling_start_pmu:
Initialize sep state and enable PMU counters
SMP calls profiling_enable_pmu
profiling_stop_pmu:
Reset sep state and Disable all the PMU counters
SMP calls profiling_disable_pmu
profiling_enable_pmu:
Enable all the Performance Monitoring Control registers.
Unmask LAPIC entry for PMC register to enable performance monitoring
Walk through the entries and write to PMU control regiesters
profiling_disable_pmu:
Disable all Performance Monitoring Control registers
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
This patch provides interface to configure(setup before actual
collection) PMI and VM switch tracing information.
profiling_config_pmi:
Receives required information for configuring PMI from guest,
populates the information info per_cpu region and SMP calls profiling_initilaize_pmi
profiling_initialize_pmi:
Configure the PMU's for sep/socwatch profiling.
Initial write of PMU registers.
Walk through the entries and write the value of the register accordingly.
profiling_config_vmsw:
Receives required information for configuring
VMswitch from guest, Configure for VM-switch data on all cpus
profiling_initialize_vmsw: initializes VMSwitch tracing
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Manisha <manisha.chinthapally@intel.com>
This patch includes support to following
1. Collection of physical cpuid information
2. Collection of List of VM's available and information
3. Tool version information
4. Sending tool control information to guest
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
This patch adds support to sep/socwatch profiling
Adds 2 new files include/arch/x86/profiling.h and arch/x86/profiling.c
which contains most of the implementation for profiling,most of the functions
in profiling.c have dummy implementation and will be implemented in next patches
a. cpu.c, Initial profiling setup is done as part of bsp_boot_post
and cpu_secondary_post flow
b. vmcall.c, New ioctl is added for performing profiling related
operations in vmcall_vmexit_handler
ioctl - HC_PROFILING_OPS
function - hcall_profiling_ops()
c. common/hypercall.c, hcall_profiling_ops() implementation.
d. hv_main.c, In vcpu_thread calling profiling related functions
to save vm context
e. acrn_hv_defs.h, list all the profiling command types
Tracked-On: projectacrn#1409
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Chinthapally, Manisha <manisha.chinthapally@intel.com>
Fix violations whose parameter can be read-only.
This patch only fix the parameter whose name is vcpu.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Fix violations for function whose parameter can be read-only.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
bitmap_test parameter addr should be read-only,
the addr is in the asm code "output" region,
change it to the "input" region.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
All the platforms supported by ACRN supports x2APIC. So enabled
x2APIC for ACRN hv. Removed any code that is needed for xAPIC mode
of operation.
Tracked-On: #1455
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed by: Yonghua Huang <yonghua.huang@intel.com>
The commit id "c5f4c5" translats from enum to macro, the content
is not correct,fixed now.
Tracked-On: #1553
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Zhi Jin <zhi.jin@intel.com>
- move the functions to access physical PCI configuration space from
pci_pt.c to the new file dm/hw/pci.c, so they can be accessed in
sharing mode as well. The new folder dm/hw is created in order to
move APIs talking to physical PCI devices out of dm/vpci.
- move the common vpci code from header file pci_priv.h to core.c.
- move file include/dm/vpci/vpci.h one level up. It seems the folder
include/dm/vpci is not necessary.
- This patch only moves code around, and doesn't make any logical
changes. Besides removes the static keyword from pci_pdev_read_cfg()
and pci_pdev_write_cfg()
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- move most of the content of pci_priv.h to include/dm/pci.h.
This allows other code outside dm/vpci to be able to share these macros.
- code cleanup: fix alignments etc.
Tracked-On: #1568
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There's no need to walk these paging tables to transfer HPA to GPA
for a VM, so remove it.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
They're: (a) only SOS would use hpa2gpa and (b) the GPA and HPA
in SOS is identical mapping.
Rename hpa2gpa to vm0_hpa2gpa then.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Pointer param should be declared pointer to const if
the parameter is keeped read-only.
This patch changes pointer param whose name is vm.
Tracked-On:#861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
irq 4 is sharing with idma, after change vuart to level trigger, the idma
driver could handle this irq 4 and send out EOI, which cause the irq storm.
move vuart irq to a not used 6.
Tracked-On: https://github.com/projectacrn/acrn-hypervisor/issues/1476
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
-- Not return NULL for vcpu_from_vid
We have replaced dynamic memory with static memory for vcpu,
then if vcpu_id is valid, this API should not return NULL.
-- Simplify the for-loop when walk through the vcpu
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The base address of LAPIC and IOAPIC should be parsed from MADT table,
so move the definition to platform_acpi_info.h.
Tracked-On: #1500
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The I/O APIC number should be parsed from host ACPI table, so move the
definition from Kconfig to platform_acpi_info.h.
Tracked-On: #1500
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace platform_acpi_info.c with platform_acpi_info.h and define needed
host ACPI info in MACROs. Then the struct host_acpi_info is not needed
any more.
This header file should be generated by offline tool automatically;
Tracked-On: #1500
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ABL pass seed_lists to HV through different interface/structures.
So, in this patch, add interface to retrieve seed from ABL and refactor
the seed parsing logic.
Tracked-On: #1488
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
All the platforms supported by ACRN supports x2APIC. So enabled
x2APIC for ACRN hv. Removed any code that is needed for xAPIC mode
of operation.
Tracked-On: #1455
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed by: Yonghua Huang <yonghua.huang@intel.com>
MISRA-C required the suffix(U/UL), such as:
(1) ---> (1U)
(1) ---> (1UL)
(1U << 0) ---> (1U << 0U)
This patch will add the suffix(U/UL) to come up MISRA-C into
hypervisor/include directory.
Tracked-On: #1468
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
to enable APICv Posted interrupt supported, following the
specifications defined in Intel SDM Section #29.6, Volume3.
Posted-interrupt processing is a feature by which a processor
processes the virtual interrupts by recording them as pending
on the virtual-APIC page.
Injecting interrupts to VCPU from remote CPU without causing
VM exit on the destination, following steps in SDM Section 29.6,volume3:
Tracked-On: #1447
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
use pin_state[pin] to record vpic pin signal, and change the interface name
accordingly.
Tracked-On: #1269
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Now we have name reuse definitions in hypervisor as following:
"enum cpu_state cpu_state" in per_cpu.h,
"struct shell_cmd *shell_cmd" in shell_priv.h.
MISRAC requires that tag names shall not be reused anywhere
with in a program.So these definitions violate MISRAC rules
"identifier resue".This patch is used to fix it.
1. modify the definitions to "enum pcpu_boot_state boot_state"
and "struct shell_cmd *cmds".
2. modifty the relevant usage.
v1->v2
update commit message to be more explicit.
v2->v3
update the enum definition.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, UOS will use hypercall to init BSP state, we could remove
set_bsp_real_mode_entry() and set_bsp_protect_mode_regs().
For SOS, GDT will inherit from SBL or UEFI. For UOS, DM will
prepare GDT. We don't need hypervisor to prepare GDT for guest.
The entry_addr of vcpu struct could be removed. The guest entry
is set through BSP rip register.
GUEST_CFG_OFFSET is not needed any more after this patchset.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, we make UOS to set BSP init state by using hypercall. We
could drop the old UOS loader in HV and make vm loader in HV
only for SOS.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
DM will use this hypercall to initialize the UOS BSP state.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The vcpu state is initialized outside of init_guest_state:
- SOS BSP state is initialized in SOS loader
- UOS BSP state is initialized in UOS loader
- AP state is initialized during SIPI signal emulation
We could make init_guest_state only update the vcpu state
to VMCS structure.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
NOTE: this patch is only workaround patch for UOS BSP state init.
Eventually, the DM will call hypercall to init UOS BSP state.
We use this workaround patch here to simplify the init_guest_state.
Will make the caller of init_guest_state calls init_guest_vmx
directly.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With reset_vcpu_regs as pre-condition, we only need to set
cs_selector and cs_base for AP.
We call set_ap_entry in two places:
1. When emulation AP SIPI
2. When sos BSP resume from S3. The BSP is resumed to real
mode with entry set to wakeup_vec. We call set_ap_entry
API here with entry twisted from wakeup_vec.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This reset_vcpu_regs function will reset the vcpu registers to
default value: realmode with entry 0xFFFFFFF0
Make call to reset_vcpu_regs during create_vcpu and reset_vcpu
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If defined CONFIG_VM0_DESC, HV will use predefined vm0_desc
to config VM0,now it is unneccessary, then remove these code.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- add missing brackets for 'if/else' statements based on MISRA-C
requirements
v1 -> v2:
* add brackets for each conditions in 'if' statements to improve
the readability
* modify 'ptdev_init' to make the logic clearer
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
In the current hypervisor design, when HPA is not
found for the specified gpa by calling gpa2hpa or
local_gpa2hpa, 0 will be returned as a error code,
but 0 may be a valid HPA for vm0; error checking
is missed when invoking gpa2hpa or local_gpa2hpa;
when invoking lookup_address, the caller guarantees
that parameter pointer pml4_page and pointer pg_size
is not NULL.
If local_gpa2hpa/gpa2hpa returns a invalid HPA,
it means that this function fails to find the
HPA of the specified gpa of vm. If local_gpa2hpa/gpa2hpa
return value is a valid HPA, it means that this
function have found the HPA of the specified gpa of vm.
Each valid vm's EPTP is initialized during vm creating,
vm's EPTP is valid until this vm is destroyed. So the caller
can guarantee parameter pointer pml4_page is not NULL.
The caller uses a temporary variable to store page size.
So the caller can guarantee parameter pointer pg_size
is not NULL.
In this patch, define a invalid HPA for gpa2hpa and
local_gpa2hpa;add some error checking when invoking
local_gpa2hpa/gpa2hpa;add precondition for lookup_address
function and remove redundant error checking.
V1-->V2:
Define INVALID_HPA as a invalid HPA for gpa2hpa
and local_gpa2hpa;
Updated related error checking when invoking
gpa2hpa or local_gpa2hpa;
V2-->V3:
Add some debug information if specified gpa2hpa
mapping doesn't exit and ept_mr_del is called;
Update INVALID_HPA definition easier to be reviewed.
V3-->V4:
Add vm->id and gpa into pr_error;
Add precondition to ept_mr_del to cover [gpa,gpa+size)
unmapping case.
V4-->V5:
Update comments;
Update pr_error message.
Tracked-On: #1258
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Because of the return type inconsistent,change the
sbuf return type to uint32_t to fix it,and make the
pre-condition to check the parameter whether is NULL.
V1->V2:
1.add () to bool expression
2.add pre-assumption to sbuf_get and sbuf_put
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1.Function return type inconsistent
2.cast on a constant value
V1->V2 add () to return type
V2->V3 keep the sbuf_get and sbuf_put return code
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Page table operation would not fault except:
1. the hypervisor it out of memory to allcate a page for page table operation
2. there is a bug with page table operation in hypervisor or devicemodle
While we assue that these would not happened in our platform when release, so
there is no need to check whether there is a fault with page table operation. However,
for debug version, we would panic the hypervisor if we can't meet the conditions really.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
add is_long_mode to check whether the processor is operating in IA-32e mode
add is_paging_enabled to check whether paging is enabled
add is_pae to check whether physical address extension is enabled.
Tracked-On: #1379
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Loop the global vm_array[] instead of the vm_list.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch is ready for next one,we will switch from
pointer to embedded structures such as structure vcpu,
some const qualifiers can be improper and raise compilation errors,
this patch remove const qualifier for struct vm.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C required the suffix(U), such as:
(1U << 0) ---> (1U << 0U)
This patch will add the suffix(U) to come up MISRA-C.
Tracked-On: #1385
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add active_polarity to decide what signal to call: GSI_SET_LOW, GSI_SET_HIGH,
GSI_FALLING_PULSE or GSI_RAISING_PULSE.
Tracked-On: #1269
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
a guest may use per-cpu vector allocation mechanism which may lead to
same vector on different vcpu for different vioapic pins.
when we broadcast EOI from vlapic to vioapic, it could trigger
ptdev_intx_ack for incorrect vioapic pin which will lead to incorrect
vioapic irq deassert.
old implementation is recording assert & deassert by acnt, like:
- assert -> acnt++
- deassert -> acnt--
which means an incorrect deassert may descrease acnt from 0 to -1, it leads
to error.
this patch change the recording method for a pin assert/deassert, it
just use pin_state bit set/clear to indicate line state:
- high -> pin_state bitmap set
- low -> pin_state bitmap clear
and the irq assert will be triggered based on polarity setting during line
state changing.
it can avoid the failure of incorrect deassert on old implementation, and for
ptdev sharing irq, the dev hardware could re-trigger interrupt after deassert.
but for emulated device, there is no mechanism to re-trigger interrupt if
there is irq sharing - for DM, we already has constraint to restrict vGSI
sharing, so there is no problem of it.
Tracked-On: #1269
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
There are chances that names with leading underscore declared by
developers are conflict with the ones reserved for the compiler.
What this patch does:
- rename these functions/variables/macros starting with
underscore to avoid such unintentational mistakes.
- remove gpr.h without any contents
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The patch is replace irq_static_mappings type from 2 dimension array
into structure and one dimension array.
Tracked-On: #1375
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Reviewed-by: Jason Chen <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Move struct acrn_vcpu_regs, acrn_descriptor_ptr and
acrn_gp_regs to acrn_common.h. The struct acrn_vcpu_regs
will be used as parameter of hypercall
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Doxygen API comment added to hypercall.h was incorrect causing the doc
build process to fail with a warning (parameter not documented).
Fixes: #1353
Tracked-On: #1353
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
For SBL platform, struct acrn_vcpu_regs are used as boot context.
Now the boot_ctx is only for UEFI platform. Rename struct boot_ctx
to efi_context.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Add struct acrn_vcpu_regs and make struct boot_ctx based on
struct acrn_vcpu_regs.
vm0_boot_context is also changed from struct boot_ctx to struct
acrn_vcpu_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
We will define the hypercall to set acrn vcpu registers and
move this struct to acrn_commmon.h for reference from hypercall
parameter definition.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
The printf related functions have been called by other various
functions, e.g. get_ptdev_info(), get_ioapic_info, etc. The patch
is used to clear up the usage.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Timer IRQ was static mapped IRQ.
It should not be cleaned up when one of the cpu dead.
The patch will retain the timer irq.
Tracked-On: #1359
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace dynamic allocation for vuart rx/tx buffer
with static array.
v2-->v3:
-- Reduce the size of vuart tx buffer from 64K to 8K
-- For non-partition mode, will use global rx/tx buffer,
for partition mode, will use per VM rx/tx buffer.
-- Change several APIs to inline
v1-->v2:
-- Move vuart rx/tx buffer into acrn_vuart data structure
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In hypervisor, all the parameter and return value printf related are
unsigned int, this patch is used to fix the function definitions.
v1->v2:
*Modify the return value of various functions, such as printf(),
vprintf(), charout(), do_printf(), charmem, print_pow2(),
print_decimal to void due to never used, no necessary to use,
or has already returned by param.
*Delete the impossible judgement of param->emit due to the type
is unsigned.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- replace vpic/vioapic_xassert_irq() APIs
with vpic/vioapic_set_irq()
- unify the description of IRQ/PIN state in vpic. & vioapic.c
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixes the following issue pointed by Xiangyang and Junjie.
There are some macro arguments acting as formal parameter names.
Drop such arguments since they make no difference to the expanded
implementation and they might confuse some developers.
Here is an example.
'ptr' is dropped in this patch, which is acting as a formal parameter
name and make no difference to the expanded implementation.
-#define build_atomic_load(name, size, type, ptr) \
+#define build_atomic_load(name, size, type) \
static inline type name(const volatile type *ptr) \
{ \
type ret; \
asm volatile("mov" size " %1,%0" \
: "=r" (ret) \
: "m" (*ptr) \
: "cc", "memory"); \
return ret; \
}
Some minor coding style fixes are also included in this patch.
- use TAB for the alignment rather than mixing TAB with space
- fix some typo in the comments
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
merge hv_lib.h and hypervisor.h into one file
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch fixes the typo introduced in atomic operaions refine.
The usage of the parameter in function body was not updated according
to the changes of input parameter.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires that there should be no unused parameters in
functions.
This patch removes the unused parameters that is not being used
unconditionally.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix a Doxygen comment in the hypercall.h header file which is
missing the name of the parameter, this is causing warnings when
generating the documentation related to the
hcall_set_callback_vector() hypercall.
Tracked-On: #1335
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Currently the acrn-hypervisor is using the PLATFORM_IPI vector to notify
the sos_kernel. And then sos_kernel will handle the notification from acrn
hypervisor in PLATFORM_IPI ISR. But as the PLATFORM_IPI ISR can be registered
by the other modules, it will have the conflict when trying to register
acrn intr ISR. So the HYPERVISOR_CALLBACK_VECTOR will be used instead.
In order to switch the notification vector from PLATFORM_IPI to
HYPERVISOR_CALLBACK_VECTOR, one API is added so that sos can configure
the up-notifier interrrupt vector.
Tracked-On: https://github.com/projectacrn/acrn-hypervisor/issues/1325
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It is from the HYPERVISOR_CALLBACK_VECTOR in sos_kernel.
After this vector is used in both kernel and hypervisor, this will be defined
as the default vector.
Tracked-On: https://github.com/projectacrn/acrn-hypervisor/issues/1325
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This is to do the preparation of switch the notifier vector from
PLATFORM_IPI to HYPERVISOR_CALLBACK_VECTOR.
Currently the acrn-hypervisor is using the PLATFORM_IPI vector to notify
the sos_kernel. And then sos_kernel will handle the notification from acrn
hypervisor in PLATFORM_IPI ISR. But as the PLATFORM_IPI ISR can be registered
by the other modules, it will have the conflict when trying to register
acrn intr ISR. So the HYPERVISOR_CALLBACK_VECTOR will be used instead.
Tracked-On: https://github.com/projectacrn/acrn-hypervisor/issues/1325
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that there should be no unused parameters in
functions.
In some cases, we will keep the unused parameters.
vmexit handler is one example. It is used as function pointer.
Some of the vmexit handlers use the input parameter 'vcpu', some of
them don't. We still need to keep the unused parameters 'vcpu' for
those handlers don't use 'vcpu'.
This patch removes the unused parameters that is not being used
unconditionally.
v1 -> v2:
* remove the non-implemented API 'vlapic_id_write_handler'
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C states that redundant code reduce the maintainability of code.
In some cases, we would like to keep the current unused static functions
for code completeness, such as checking register info. These functions
might be used later.
This patch removes the unused static function 'mmu_pt_for_pde'.
Looks like it is legacy code and not being used in our project.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Convert GSI_MASK_IRQ and GSI_UNMASK_IRQ to inline functions.
v1 -> v2:
After changing GSI_MASK_IRQ and GSI_UNMASK_IRQ from MACROs to functions,
'gsi_(mask|unmask)_irq' are the exposed APIs and 'irq_gsi_mask_unmask'
becomes internal.
In order to reflect this change,
- change 'irq_gsi_mask_unmask' as internal function in ioapic.c
- declare 'gsi_(mask|unmask)_irq' in ioapic.h
- define 'gsi_(mask|unmask)_irq' in ioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The hypercall can be used by SOS/DM to monitor UOS
pass-thru devices' interrupt data; and if an "interrupt
storm" happens in UOS, it can be used to delay the UOS
PTdev interrupt's injection for sometime.
The two functions are implemented by one hypercall with
two sub-commands, and with the data/params in the buffer.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch is to enhance the feature of "interrupt storm
mitigation"; when interrupt storm happens on one UOS
it should keep as smaller effect to SOS as possible.
Add variables in PTdev entry & VM, used to record one
UOS's pass-thru devices' interrupt data; add a function
to collect the data.
Also add a timer used to delay UOS pass-thru devices'
interrupt injection if an "interrupt storm" detected
by SOS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- use sizeof(struct lapic_regs),instead of arbitrary size
to lear 'apic_page' memory region in vlapic.c
- fix potential buffer overflow issues in vpic.c & ioapic.c
Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC has requirement about implict conversion: actual to formal
param. This patch is used to fix part of these violations.
1.Add a new structure seg_desc_vmcs to hold the VMCS field address of
segment selector to clean up seg_desc structure.
2.Add the definition of maximum MSI entry and the relevant judgement.
3.The violations in shell.c, logmsg.c will be fixed in other series of
patches with modification of function snprintf(), vsnprintf() and other
related usages.
v1->v2:
*Move the definition of struct seg_desc_vmcs from instr_emul.h to
instr_emul.c.
*Modify the formal parameter type in function definition from uint8_t
to char instead of using cast.
*Drop the const declaration for char data in formal parameter.
v2->v3:
*update the data missing conversion.
*change type of internal parameter len to avoid casting in npklog.c.
*change the conversion from signed char to unsigned int in
uart16550_getc() to solve sign-extension.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C states that redundant macros reduce the maintainability of code.
In some cases, we would like to keep the current unused macros for code
completeness, such as cpu registers. These macros might be used later.
This patch removes some unused macros that is not critical for code
completeness.
v1 -> v2:
* Keep TRUSTY_VERSION in trusty.c.
Yadong will cook another patch which will utilize TRUSTY_VERSION.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current hypervisor hypercall, first all vcpu is
allocated to SOS, vcpu's vm field is initialized to vm0.
When the vcpu is offlined, vcpu will be paused and vcpu's
vm field is set as NULL by DM. When UOS is created, vcpu's
vm field is set as UOS's vm. So when vmcall_vmexit_handler
is invoked, vcpu's vm filed is always non-NULL.
error checking for vm pointer is done in the function
"vmcall_vmexit_handler", vmcall_vmexit_handler will
guarantee that vm is vm0.
So all hypercall functions (these functions is just for handler
hypercall, except vmcall_vmexit_handler) don't need to check
whether invoking vm is NULL and don't need to check whether
invoking vm is vm0 or not.
Remove related invoking vm error checking for hypercall handling.
V1 --> V2:
Add pre-condition for hypercall in the head file.
V2 --> V3:
Add pre-condition for copy_from_gpa and copy_to_gpa.
V3 --> V4:
Add pre-condition both in the head file and source file.
Tracked-On:#1258
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Delete the dead code get_irq_info(), local_get_irq_info() in io_request.c
and definition in guest.h.
v1->v2
*the dead code used pointers which not checked before use, therefore it
causes "pointer not checked for null before use". To make it clearly,
modify the subject to "delete the dead code" directly.
*remove dead code local_get_irq_info() in io_request.c and definition
in guest.h together.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- move the contents in macros.h and stdarg.h to util.h
- remove macros.h and stdarg.h
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC has requirements about literal value requires a U suffix and
signed/unsigned conversion with cast. This patch is used to solve
these violations.
v1->v2
*Drop the cast of sz from uint32_t to int32_t, the signed/unsigned
violation of nchars will be solved by other patch together with
printf/sprintf/console/vuart/uart code.
*Delete the unnecessary L suffix of shifting operand.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Reviewed by: Junjie Mao <junjie.mao@intel.com>
According to SDM 4.6 Access Rights definition, if SMAP/SMEP
is enabled, more conditions are used to decide the access rights
like SMAP/SMEP, EFLAGS.AC, R/W bit in every paging-structure entry
for page walking.
This patch add the check to guest page walking function and inject
page fault accordingly.
Tracked-On: #1207
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- replace the usage of mdelay with udelay
- remove lib/mdelay.c
- rename udelay.c to misc.c
future other small APIs could put in misc.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vlapic' in 'struct vcpu_arch' from pointer
to instance
-- add inline function(vcpu_vlapic) in vcpu.h
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It has been defined in 'struct vcpu_arch'
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
move structure vlapic_pir_desc/vlapic_timer/
acrn_vlapic from vlapic_priv.h to vlapic.h
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace pointer with static memory for msr_bitmap
inside structure vm_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace vmcs pointer with static memory for vmcs region
inside structure vcpu_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- convert function like macros to inline functions based on MISRA-C
requirement
- remove some unused and duplicated macros
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
for each pass-thru device and its entry owned by one VM, so
change the pass-thru device's softirq lock & entry list into
per VM, so one VM's PT device interrupt process will not
interfere with other VMs; especially in case one user OS
"interrupt storm" happens, it will have little effect on
service OS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Change vmx_off/exec_vmxon/exec_vmclear/exec_vmptrld/
exec_vmxon_instr/init_vmcs to void type
-- for vmxon/vmclear/vmptrld, add pre-conditions to
guarantee sucessful execution.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Check if the VMX capability is locked with incorrect value,
at the time when HV do the hardware capability detect.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove vmxon_region_pa from structure per_cpu_region,
and define vmxon_region inside per_cpu_region.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add the brackets for Macro parameter to avoid the unintentional
mistakes.
A simple example that may cause mistakes:
#define minus(x) -x
When the following call is made,
z = minus(a-b)
it becomes:
z = -a-b;
where "-a - b" is equivalent to "(-a) - b" rather than "- (a - b)", as
expected.
v2 -> v3:
* convert DMAR_WAIT_COMPLETION to inline function
* remove the macro PIC_PIN_FOREACH and implement the well-formed
for loop in each case
* replace __CPP_STRING with STRINGIFY and remove the unused CPP_STRING
v1 -> v2:
* Remove some changes to function like macro since MISRA-C requires to
use inline functions if it is possible.
These MACRO brackets violations will be fixed together when fixing
other issues related to function like macro.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
MISRA-C requires that each function defined and declared shall be called
or referenced in code analyzed.
In some cases, we would like to keep the non-called functions for code
completeness, such as
vcpu_inject_extint/vcpu_inject_nmi/vcpu_inject_gp/vcpu_inject_pf
/vcpu_inject_ud/vcpu_inject_ac/vcpu_inject_ss.
This pacth removes some functions that are independent and are not
called in our code base.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that each parameter in the MACRO shall be in brackets.
In some cases, adding brackets for all of the parameters may not be a
perfect solution.
For example, it may affect the code readability when there are many
parameters used in the MACRO.
And duplicated brackets will appear when one MACRO called another MACRO
which is using same parameters.
This patch convert some MACROs to inline functions to avoid such cases.
v1 -> v2:
* Remove the unnecessary changes in hypervisor/bsp/uefi/efi/boot.h
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
- Converted MACROS to functions
- Defined pci_bar_type enum
- Defined pci_bdf as union instead of uint16_t to eliminate macros
- Use L or UL postfix after unsigned integers
Tracked-On: #1126
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
MISRA-C requires that the controlling expression of an if statement or
an iteration-statement shall be Boolean type.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
We don't need find_next_table to walk to the next EPT page table.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Add 1GB large page support limit on our platform.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Since vmexit handling in ACRN partition mode is not complex (since no SOS and
all devices passthru), interrupts can stay disabled in root mode during
vmexit handling.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Change guest_msrs in vcpu data structure from pointer to array, which
could avoid the dynamic memory allocation.
v1 -> v2:
* Remove the unnecessary initialization for guest_msrs[] since vcpu is
allocated by calloc.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
-- rename struct vioapic --> struct acrn_vioapic
-- update 'vioapic' field in 'struct arch_vm' from pointer
to instance
-- change vm_ioapic(vm) to inline, and move it to vm.h
-- change vioapic_init to void type
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vuart' field in 'struct vm' from pointer
to instance
-- replace MACRO with inline function for vm_vuart,
and move it to vm.h
-- change vuart_init to void type
-- rename struct vuart -->struct acrn_vuart
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vpic' field in 'struct vm' from pointer
to instance, and move it from 'struct vm' to 'struct arch_vm'
-- replace MACRO with inline function for vm_pic, and move it
to vm.h
-- changed vpic_init to void type
-- removed vpic_cleanup
-- move struct acrn_vpic/i8259_reg_state from vpic.c to vpic.h
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the gdt.h, it defines unions and parameters which is not used
in hypervisor. Removed them to keep the gdt definition simple.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- by default, ACRN will not support platform without
below APICv features:
-- Use TPR shadow
-- APIC-register virtualization
- remove mmio emualtion of local APIC for guest
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In current code, the address translation type for passthrough devices
in SOS is passthrough type, which means the device in SOS can access
the whole physcial memory.
This patch uses SOS EPT to translate address for passthrough
devices. So that the memory of VMM or trusty can be protected from
SOS PTDev.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The virt_vector/phys_vector are only used for debugging.
Rename msix to is_msix.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Then use the source id to lookup the ptdev remapping entry.
For msi interrupt ptdev: use bdf and vector_index to identify the id;
For intx interrupt ptdev: use pin and pin source to identify the id.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The npk_log is a log destination for the hypervisor, similar to the
console_log and the mem_log. It can be enabled/disabled/configured
by the SOS kernel via the hypercall HC_SETUP_HV_NPK_LOG.
The configuration includes:
1. Set the MMIO base address of the reserved NPK master.
2. Set the log level of the hypervisor NPK log.
After that, the npk_log can be enabled to write the hypervisor logs to
the MMIO address of the reserved NPK master with a simple header.
Signed-off-by: Zhi Jin <zhi.jin@intel.com>
Signed-off-by: Liu, Xiaojing <xiaojing.liu@intel.com>
Reviewed-by: CHEN Gang <gang.c.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The hypercall HC_SETUP_HV_NPK_LOG is added to enable/disable/configure
the hypervisor NPK log.
Signed-off-by: Zhi Jin <zhi.jin@intel.com>
Signed-off-by: Zhonghua Sun <zhonghua.sun@intel.com>
Reviewed-by: CHEN Gang <gang.c.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The apicv is one hardware acceleration feature of vlapic. All vlapic
APIs should keep vlapic_ as the prefix.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Since these APIs always return 0,
change them to void type,
vcpu_set_cr0()
vmx_write_cr0()
vcpu_set_cr4()
vmx_write_cr4()
kick_notification()
tsc_deadline_handler()
dmar_fault_handler()
ptdev_interrupt_handler()
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
- Clean up some code regarding to % and / operations since bit
operations are faster.
x % 64U ---> x & 0x3fU
x % 32U ---> x & 0x1fU
x % 16U ---> x & 0xfU
x % 8U ---> x & 0x7U
x % 4U ---> x & 0x3U
x % 2U ---> x & 0x1U
x / 64U ---> x >> 6U
x / 32U ---> x >> 5U
x / 16U ---> x >> 4U
x / 8U ---> x >> 3U
x / 4U ---> x >> 2U
x / 2U ---> x >> 1U
- Minor changes regarding to coding styles
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit replaces the "used" field of irq_desc with a bitmap to maintain
the irq use status to save memory and LOC, and improve the efficiency as well.
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- update 'apic_page' field in 'struct acrn_vlapic',
from pointer type to 'struct lapic_regs' type.
- delete 'pir' and update 'pir_desc' to 'vlapic_pir_desc'
type.
- fix potential memory leak in 'vlapic_create()'
should free allocated memory in case of registering
mmio handler failure.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
MISRAC requires that the array size should be declared explicitly.
This patch fixes the issues caused by vm0_boot_context.
Fix pattern is like below:
extern char start_of_ROM, end_of_ROM, start_of_FLASH;
memcpy (& start_of_FLASH, & start_of_ROM, & end_of_ROM - &
start_of_ROM);
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Use func(void) rather than func() for the function declaration and
definition based on MISRAC requirement.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Fix the parameter type mismatch between API declaration and definition.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
-- change send_start_ipi/do_copy_earlylog to void type
-- drop the return value for vcpu_queue_execption
when inject GP/PF/UD/AC/SS
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
ACRN in partition mode provides vUART for all VMs. This patch adds
support to add console redirection for multiple VMs.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
-- change two timer callbacks to void type
-- ignore the return value for add_timer
-- add (void) before several functions(memset/memcpy/
vcpu_get_xxx)
v1-->v2:
ignore the return value for add_timer
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
for secure and normal world has different EPTP, in secure world,
it could trap to hypervisor and call gpa2hpa function. So it need
check if it is in normal or secure world for EPTP selection.
Detailed explanation from Yadong Qi <yadong.qi@intel.com>:
Currently, trusty OS does not handle interrupt, so when an interrupt
is delivering in trusty, trusty will set it to LAPIC IRR register by
inject self_ipi() and then call world_switch to switch to Android,
So android will receive/handle the interrupt properly.Since the
vLAPIC is enabled in ACRN, so when trusty try to inject self_ipi(),
APIC-ACCESS vmexit will happen. Then ACRN will do instruction
decode/emulation, so the GPA2HPA will fail since page walk is using
nworld_eptp. It is probability an issue.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit changes the order of functions in arch/x86/irq.c, and internal
function names to make it looks cleaner, with no change within any function.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There are several similar irq handlers with confusing function names and it's
not friendly to call update_irq_handler() to update a proper handler after
request_irq().
With this commit, a single generic irq handler is being used, in which, no lock
need to be acquired because our design could guarantee there is no concurrent
irq handling and irq handler request/free.
A flags field is added to irq_desc struct to select the proper processing flow
for an irq. Irqflags is defined as follows:
IRQF_NONE (0U)
IRQF_LEVEL (1U << 1U) /* 1: level trigger; 0: edge trigger */
IRQF_PT (1U << 2U) /* 1: for passthrough dev */
Because we have only one irq handler, update_irq_handler() should be replace by
set_irq_trigger_mode(), whichs set trigger mode flag of a certian irq.
Accordingly, the code where called update_irq_handler() need to be updated.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit refactors vector allocation/free codes, two functions are
defined to help alloc/free vectors for an irq:
- uint32_t alloc_irq_vector(uint32_t irq)
- alloc a free vector (0x20 ~ 0xDF), and bind it to irq, for legacy irqs
and static mapped irqs, vector has been allocated and bind, so just
check the mapping correctness;
- return: valid vector on success, VECTOR_INVALID on failure.
- void free_irq_vector(uint32_t irq)
- free vector allocated via alloc_irq_vector(), for legacy irqs and static
mapped irqs, nothing need to do.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit refactors the alloc/free irq num, two functions are defined:
- uint32_t alloc_irq_num(uint32_t irq)
- if irq is valid, mark the irq_desc as used; if it's IRQ_INVALID,
alloc a free irq, or else do nothing;
- return: irq num on success, or IRQ_INVALID on failure.
- void free_irq_num(uint32_t irq)
- free the irq num allocated via alloc_irq_num();
And a global spinlock to protect it from concurrent allocation/free.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit cleans up fiels of struct irq_desc:
- remove name, irq_desc_state, irq_cnt and irq_lost_cnt which are not used.
- remove irq_ prefix of irq_lock field of struct irq_desc;
- change enum irq_state to enum irq_use_state;
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Li, Fei <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- Fix the data type violations based on MISRA-C requirements
- Add '-fsigned-char' in Makefile to let the compiler treats 'char' be
signed, like 'signed char'.
Otherwise, the static checker treats 'char', 'signed char' and 'unsigned
char' as three different types.
- Fix some minor coding style issues, such as TAB issues, line over 80
characters issues and comments style
v1 -> v2:
* fix the violation regarding to 'fifo_getchar'
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
V1:
In order to better comply with MISRA C,
add const qualifiers whereeven required.
In the patch, these are being added to pointers
which are normally used in "get" functions.
V2: Corrected the issues in the patch
pointed by Junjie in his review comments.
Moved the const qualifiers to the correct
places. Removed some changes which are not
needed.
V3: Updated patch comment.
This modifies a subset of all the functions
which might need constant qualifiers
for the their parameters.
This is not and exhaustive patch. This only
targets obvious places where we can use
the const qualifier. More changes will be
submitted in future patches, if required.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
This patch adds code to support read-only RTC support for guests
run by partition mode ACRN. It supports RW for CMOS address port 0x70
and RO for CMOS data port 0x71. Reads to CMOS RAM offsets are fetched
by reading CMOS h/w directly and writes to CMOS offsets are discarded.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
MISRA-C requires that shift operation cannot exceed the word length.
What this patch does:
- Fix the bug in 'vuart_init'
The register 'dll' and 'dlh' should be uint8_t rather than char.
'dll' is the lower 8-bit of divisor.
'dlh' is the higher 8-bit of divisor.
So, the shift value should be 8U rather than 16U.
- Fix other data type issues regarding to the registers in 'struct
vuart'
The registers should be unsigned variables.
v1 -> v2:
* Use a local variable 'uint8_t value_u8 = (uint8_t)value' to avoid
mutiple times type conversion
* Use '(uint8_t)divisor' rather than '(uint8_t)(divisor & 0xFFU)' to
get the lower 8 bit of 'divisor'
Direct type conversion is safe and simple per Xiangyang's suggestion.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
-- Change these APIs to void type, add pre-conditions,
and move parameter-check to upper-layer functions.
handle_vpic_irqline
vpic_set_irqstate
vpic_assert_irq
vpic_deassert_irq
vpic_pulse_irq
vpic_get_irq_trigger
handle_vioapic_irqline
vioapic_assert_irq
vioapic_deassert_irq
vioapic_pulse_irq
-- Remove dead code
vpic_set_irq_trigger
v1-->v2:
add cleanup vpic
change some APIs to void type, add pre-conditions,
and move the parameter-check to upper-layer functions.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
after updated cpu context get/set method, the vcpu_dumreg cmd is not
correct anymore as the registers may read from VMCS but meantime hv
shell may not be running on target vcpu.
this patch take use of smp_call_function for vcpu dumpreg and make the
dump always come from correct vcpu.
v2:
- use str pointer to get vcpu_dumpreg context instead of print out directly
in notify handler.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
take use of VCPU_NOTIFY vector, add smp_call_function support.
added a per_cpu field smp_call_info, and make each smp_call_function
is not re-entered, and the caller CPU is returned when all the target
CPUs complete the call.
v4:
- remove global lock
- take use of wait_sync_change function to do the sequence sync
v3:
- remove per_cpu lock in smp_call_info
- use a global lock to ensure smp_call_function sequence
- use pcpu_sync_sleep to wait IPI complete
v2:
- after new smp function come, if old one exist, changed from overwirte
with the new one to ignore the new one.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
pcpu_sync_sleep monitor "uint64_t sync" change to "1UL << mask_bit",
which is not very clear to take use of it.
change it to wait_sync_change, means monitor "uint64_t sync" change to
"wake_sync", make the function clear to use.
And expose it for the usage of the following patches.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Now the DM has adopted the new VHM request state transitions and
REQ_STATE_FAILED is obsolete since neither VHM nor kernel mediators will set the
state to FAILED.
This patch drops the definition to REQ_STATE_FAILED in the hypervisor, makes
''processed'' unsigned to make the compiler happy about typing and simplifies
error handling in the following ways.
* (dm_)emulate_(pio|mmio)_post no longer returns an error code, by introducing a
constraint that these functions must be called after an I/O request
completes (which is the case in the current design) and assuming
handlers/VHM/DM will always give a value for reads (typically all 1's if the
requested address is invalid).
* emulate_io() now returns a positive value IOREQ_PENDING to indicate that the
request is sent to VHM. This mitigates a potential race between
dm_emulate_pio() and pio_instr_vmexit_handler() which can cause
emulate_pio_post() being called twice for the same request.
* Remove the ''processed'' member in io_request. Previously this mirrors the
state of the VHM request which terminates at either COMPLETE or FAILED. After
the FAILED state is removed, the terminal state will always be constantly
COMPLETE. Thus the mirrored ''processed'' member is no longer useful.
Note that emulate_instruction() will always succeed after a reshuffle, and this
patch takes that assumption in advance. This does not hurt as that returned
value is not currently handled.
This patch makes it explicit that I/O emulation is not expected to fail. One
issue remains, though, which occurs when a non-aligned cross-boundary access
happens. Currently the hypervisor, VHM and DM adopts different policy:
* Hypervisor: inject #GP if it detects that the access crossed boundary
* VHM: deliver to DM if the access does not complete falls in the range of a
client
* DM: a handler covering part of the to-be-accessed region is picked and
assertion failure can be triggered.
A high-level design covering all these components (in addition to instruction
emulation) is needed for this. Thus this patch does not yet cover the issue.
Tracked-On: #875
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISARC has requirements about Marco redefinition, usage of ++ or -- and
assignment operator in boolean expression. This patch is used to solve
these violations.
The modifications are summarized as following:
1.The HC_VM_SET_MEMORY_REGION, HC_VM_GPA2HPA, HC_VM_SET_MEMORY_REGIONS are
redefined twice in acrn_hv_des.h, so delete them to solve the macro
redefinition violations.
2.The macro BUS_LOCK are redefined in bits.h and atomic.h, then delete
the declaration in both two files, add a new declaration in cpu.h and
include the header file.
3.modify the code to solve the improper usage of -- operators in string.c.
4.modify the while loop to for loop to avoid assignment operator in
boolean expression in vlapic.c.
v1 -> v2:
*Modify the format of commit logs and signed-off name.
*Modify the code format from 'd = d-1;' to 'd--;' to be better.
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Thare some debug specific code which don't run on release version, such as vmexit_time,
vmexit_cnt, sbuf related codes, etc...
This patch encloses the codes with #ifdef HV_DEBUG.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit cleans up the irq APIs which are a bit confusing.
- pri_register_handler(), normal_register_handler() and
common_register_handler() into request_irq(), and removed
the unnecessary struct irq_request_info;
- rename the unregister_common_handler() to free_irq();
After the revision, the common irq APIs becomes:
- int32_t request_irq(uint32_t irq,
irq_action_t action_fn,
void *action_data,
const char *name)
- void free_irq(uint32_t irq)
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Since vector is x86 specific concept, we'd like to hide it from common irq APIs.
This commit
- adds static irq:vector mappings for special interrupt such as timer
and cpu notification;
- reserves the irq and vector at initialization;
- removed the vector argument in pri_register_handler(), get reserved vector
from irq_desc in common_register_handler().
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Since we don't support shared irq, dev_handler_node which works as action node,
is not needed anymore.
This commit removes the dev_handler_node struct and does some relevant changes,
including:
- moves necessary fields to struct irq_desc: action, priv_data, name; and
removes unused handler_data;
- changes return type of pri_/normal_register_handler() from dev_handler_node*
to int32_t, which is irq num (>= 0) on success, and errno (> 0) on failure.
- changes unregister_irq_handler() to take argument unint32_t instead of
dev_handler_node*;
- changes are made to the places where these APIs are called.
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Because multiple physical devices sharing a single physical pin would be
assigned to a same VM, so UOS could handle the irq sharing. So that we could
remove the physical irq sharing support in HV.
This commit removes the irq sharing support, changes including:
- removed the dev_list field in irq_desc, and clean up codes for the list
operation;
- replace IRQ_ASSIGNED_SHARED and IRQ_ASSIGNED_NOSHARE with IRQ_ASSIGNED;
- remove argument indicating irq is shared;
- revise irq request flow for pt devices to remove dependency on irq sharing:
register irq on adding remapping entery and unregister irq on removal an
entry, and do not register/unregister at remapping an entry.
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Move the definitions of offset of fields in boot_ctx to the same header
file that the struct boot_ctx is in, to reduce the possibility that some
modification would make the offset inconsistant with the fields within
the structure.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- 'reboot.c' defines 'warm_reboot()' only, and this
function is deprecated.
- remove the eXecution attribute of 'mttr.h'
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1) This patch creates static E820 entries for VMs launced by ACRN in
partition mode.
2) Moves vm_description entries from bsp/sbl/ to partition/
3) Removes unused API get_vm_desc_base
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Current EPT check runs after EPT enabling in init_exec_ctrl. This
patch fixes wrong order.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN in partition mode emulates UART for the VMs directly launced
from HV. This patch adds an option to enable/disable vUART for a
VM.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
For Partition mode ACRN, kernel load address and Boot args load address
are hardcoded. Boot args are currently passed from vm description for
each VM. Renamed init_vm0_boot_info to init_vm_boot_info.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Use func(void) rather than func() for the function declaration and
definition based on MISRAC requirement.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
ACRN in partition mode does not have vector and APIC ID remapping for
device interrupts. Only MSIs are supported. No IOAPIC and legacy interrupts
for the VMs in ACRN partition mode.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Adding code to map memory for UOS in partitioning mode ACRN.
HPA starting above 4GB is used for UOS memory. Supports only contiguous memory
from host for UOS. Current implementation supports only 2 GB for UOS memory.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
It's not necessary to specify priority for dynamic allocated vector, because
nested irq is not supported on HV, and irq of any priority would cause VM exit.
This commit makes the following changes:
- remove the argument indicating priority in struct irq_request_info and
following functions:
ptdev_activate_entry()
find_available_vector()
irq_desc_alloc_vector()
normal_register_handler()
- change the macro of vector ranges:
VECTOR_DYNAMIC_START/END for dynamically allocable vectors;
VECTOR_FIXED_START/END for fixed allocated vectors, such as vector for
timer etc.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- add clear trusty memory flag
In some cases such as UOS power off or UOS full reset,
need to clear trusty memory,no need to clear memory such as
UOS S3 or UOS system reset,then add a flag to distinguish it
when destroy secure world.
-- Restore trusty memory to guest normal world.
-- Moved free trusty EPT inside destroy_secure_world
In some cases such as UOS S3 or UOS system reset,
only need to free trusty EPT, this patch move free
trusty EPT inside destroy_secure_world.
Because PD/PT are shared in both secure world's EPT
and normal world's EPT,before freeing trusty EPT,
it will memset all PDPTEs except trusty memory,
then call 'free_ept_mem', it can only free trusty EPT,
and does't affect shared normal world EPT.
v2-->v3:
-- Used new mmu api ept_mr_add when restore trusty memory
to SOS and normal world
-- Dropped this patch "Removed reverted page tables for trusty memory"
because map_mem will be removed in future
It will have a patch, need to update this api(ept_mr_add),
it will not create inverted page tables for trusty memory.
v1-->v2:
-- free trusty ept
still use free_ept_mem, not add a new api,but need to
memset pdptes except trusty memory
-- Removed reverted page tables for trusty memory.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRAC does not allow the use of an inline function with external
linkage.
What this patch does:
- Add the static keyword for the function that is only used in the
definition file.
- Remove the inline keyword for the function that is used in multiple
files.
v1 -> v2:
* Move some functions to headers as static inline function if it is
possible
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Declare a variable with the static qualifier if it is of file scope and
not used in another file.
v1 -> v2:
* remove the unnecessary change to the following variables, which is
due to the report issue
struct multiboot_info *mbi = (struct multiboot_info *)
(HPA2HVA((uint64_t)boot_regs[1]));
struct multiboot_mmap *mmap =
(struct multiboot_mmap *)
HPA2HVA((uint64_t)mbi->mi_mmap_addr);
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
V4:
- Moved error checking to vdev_hostbridge_cfgwrite/vdev_hostbridge_cfgread
V3:
- Unified ops calling and implemented deinit/cfgwrite/cfgread ops,
previously only init op is implemented
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
V4:
- Renamed members for struct pcibar and changed code accordingly
V3:
- Do not use ASSERT
- Use EPT_XX defines when claling ept_mr_add
- Report 64-bit MMIO physical bar to UOS as 32-bit virtual bar
(assume bar size is always less than 4GB), which removed quite some of
64-bit bar handling code
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
V4:
- Clear address cache info after a full cf8/cfc access
- Add NULL pointer checking when calling init/deinit ops
V3:
- Do not use ASSERT
- Loop through the vdev list defined in vm_desctiption table to call the vdev init/unit functions
- Make the cached vbdf info struct per vm instead of per pcpu
V2:
- Fixed MISRA violations
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
V4:
- Renamed members for struct pcibar
- License header fix
- Added vpci_vdev_array to struct vm_description
V3:
- Defined the static centralized vpci table to reduce code size,
previously many of the settings are obtained/generated dynamically
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
In current code, VM0 BSP start mode is hardcoded, in this patch VM0 BSP
start mode is decided by the boot context prepared by bootloader/BIOS.
In current code, VM0 BSP VMCS is override only on UEFI platform.
In this patch, VM0 BSP VMCS is override on both SBL & UEFI platforms.
Also restructure the code of guest init code.
In this patch, a vcpu run_context is initilaized first according to vcpu mode.
Then write the value to vmcs according to run_context value.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
save_segment/load_segment is common code and can be used outside of trusty,
move to a header file.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The structures defined in acrn_efi.h is x86 related, move it
to acrh/x86/guest/.
Also, the headfile will be used on both SBL & UEFI platforms,
rename it to vm0_boot.h
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
EFI stub code need to reference to the struct cpu_gp_regs, which
is currently defined in vcpu.h, however include vcpu.h in EFI stub code
will include other header files not requried by EFI stub code.
After moving the define of struct cpu_gp_regs to a separate
headfile, the file can be included in EFI stub code without other header
files.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
New field in VM's structure:
sworld_snapshot: save cpu_context of secure world.
New hypercall: HC_SAVE_RESTORE_SWORLD_CTX
In UOS S3 suspend path: trusty kernel driver will call this hypercall
to require Hypervisor save context of secure world.
In UOS S3 resume path: virtual firmware will call this hypercall to
require Hypervisor restore context of secure world.
New bit in secure_world_control.flag:
ctx_saved: indicate whether cpu_context of secure world is saved.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The security information will not pass to HV through Hypercall,
so remove the unused HC_GET_SEC_INFO.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Define Bitmap flag to indicate secure world's state:
supported: 0(not supported), 1(supported)
active: 0(inactive), 1(active)
Refine secure_world_memory:
base_gpa_in_sos: base_gpa from SOS's view
base_gpa_in_uos: base_gpa from UOS's view, this is the original base_gpa
allocated by bootloader.
Recording above GPA is for usage of trusty EPT destroy and re-create.
There is an assumption: the secure world's memory address is contiguous
in both SOS and physical side.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN in partitioning mode boots multiple OS. Adding code to parse
VM description structure and a reference description structure for
booting 2 OSes.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
TO inject the
- Invalid Opcode exception
- Stack Fault exception
- Alignment Check exception
to guest.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
When doing copy_to/from_gva, it's possible the guest no page
happens on none-first page. In this case, we need get correct
fault address from gva2gpa.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
Added prepare_vm function as a wrapper function on top of prepare_vm0.
This makes adding support for partition mode ACRN to boot multiple
VMs from HV cleaner.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
MISRA-C requirement:
The value of an expression shall be the same under any order of
evaluation.
The order in which side effects take place is unspecified and may lead
to unexpected results.
This patch add a temporary variable for temporary storage to avoid the
side effects of evaluation order.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add wrap function cpu_do_idle in default_idle to handle arch cpu specific
idle operation.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, there is cross-references between instr_emul.h and instr_emul_wrapper.h.
User must include both of them when calling instruction emulation functions. This
will raise up some confusion and inconvenience.
So we rearrange the logic of instruction emulation code as following:
- External API -- defined in instr_emul.h
* decode_instruction(struct vcpu *vcpu)
* emulate_instruction(struct vcpu *vcpu)
- Make all other functions as static in instr_emul.c
- Remove instr_emul_wrapper.c/h
No functional change.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
The formal solution has merged,revert this patch.
This reverts commit a9d04cc5ce.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
move most of fields from run_context into ext_context for world switch.
these fields do not need doing runtime save/restore during vm exit/entry.
v3:
- update cr0/cr4 registers switch method
v2:
- use struct name ext_context instead of saved_context
- updated according to previous v2 patch
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there will be 3 types of vcpu runtime contexts:
- runtime contexts always saved/restored during VM exit/entry, which
include general registers rax/rcx/rdx/rbx/rbp/rsi/rdi/r8~r15, cr2 and
msr for spectre control (ia32_spec_ctrl)
- runtime contexts on-demand cached/updated during VM exit/entry, which
include frequently used registers rsp, rip, efer, rflags, cr0 and cr4
- runtime contexts always read/write from/to VMCS, which include left
registers not in above
this patch add get/set register APIs for vcpu runtime contexts, and unified
the save/restore method for them according to above description.
v3:
- update vcpu_get/set_cr0/4 as unified interface to get/set guest cr0/cr4,
use on-demand cache for reading, but always write to VMCS for writing.
v2:
- use reg_cached/reg_updated for on-demand runtime contexts
- always read/write cr3 from/to VMCS
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are potential value outside range of underlying type
in some assignment expressions. This violates Rule 10.3 or
Rule 10.4 of MISRA C:2012.
BTW, all operations shall be conducted in exactly the same
arithmetic (underlying) type, otherwise, there is a
value outside range violation.
Update related assignment expressions.
V1-->V2:
* Fix potential overflow in "pit_calibrate_tsc";
* Move PTDEV_INVALID_PIN definition before
get_entry_info since this MACRO is only used by
debug function.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Since global vector table is being used on all pcpus, it's not necessary to request timer irq
at each cpu init. With this change, per_cpu timer nodes are removed, and only BSP registers
and unregisters timer irq.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the parameter name mismatch between API declaration and definition.
v2 -> v3:
* Fix two more violations which are missed in previous report.
shell_puts and console_write
v1 -> v2:
* Replace 'ret_desc' with 'desc'
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The IOAPIC specification defined EOI register for 0x20 version. The
original vioapic code implemented this register but the version was
still export as 0x11.
Tried to set 0x20, the Linux kernel has't access this EOI register,
still rely on lapic to send eoi.
From Linux ioapic driver comments, it says that only send EOI via EOI
register when met IOAPIC hardware bug.
This patch removes all 0x20 IOAPIC code to reduce the code size.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
To make vioapic simpler, avoid lots of code to convert variable type
between uint8_t and uint32_t.
This patch changes all variable type of pin related variables to
uint32_t instead of original uint_8.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Remove structure vm_attr
Wrap two APIs alloc_vm_id and free_vm_id
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
'hv_main()' wraps several logic which has no dependencies
each other(enable VMX, prepare to create service os VM..),
in this case, split this function to make code logic clear.
remove 'is_vm0_bsp()' & 'hv_main()'
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add the parameter identifier for typedef function pointer.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In order to comply with MISRA C rules, renamed vairables
and function names starting with "_".
The major changes invloves mostly static function
names, as they are being called inside the same file
by a wrapper function.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
MISRAC requires that the array size should be declared explicitly.
This patch fixes the issues caused by the arrays that are defined in
link_ram.ld.in or assembly file.
v1 -> v2:
* Update the solution based on the info from the following link.
https://sourceware.org/binutils/docs/ld/Source-Code-Reference.html
Fix pattern is like below:
extern char start_of_ROM, end_of_ROM, start_of_FLASH;
memcpy (& start_of_FLASH, & start_of_ROM, & end_of_ROM - &
start_of_ROM);
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change this API to void type
Add pre-condition, state the input parameters are not NULL.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
And export the API to DM. DM will do system reboot/S3 resume based
on this API.
Also add the pre-assumption description for some vm APIs.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the C99 standard, the order of evaluation associated with
multiple #, multiple ## or a mix of # and ## preprocessor
operator is unspecified. For this case, gcc 7.3.0 manual
does not specify related implementation. So it is unsafe
to use multiple # or ## in a macro.
BTW, there are some macros with one or more "##" which are
not used by hypervisor.
Update relate codes to avoid using multiple # or ## in a macro;
Remove unused macros with one or more "##";
Remove "struct __hack;" at the end of GETCC since it is useless.
Note:
'##' operator usage constraints: A ## preprocessing token shall
not occur at the beginning or at the end of a replacement list
for either form of macro definition.
V1--V2:
Update relate codes to avoid using multiple # or ## in a macro.
V2-->V3:
Remove unused macros with one or more "##";
Remove "struct __hack;" at the end of GETCC since it is useless.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
-- Check uart enabled flag, it will return if the flag is false.
-- Add function declaration (uart16550_set_property) in console.h
-- Remove unnecessary function declaration(get_serial_handle)
-- Change uart_enabled and port_mapped to bool
-- Fix MISRA-C integer violations
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the parameter type mismatch between API declaration and definition.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
to remove it as no requirement of bounding i/o handlers
dynamically in hypervisor shell
- update source code related with i/o session
- move shell command definitions from shell_pulic.c
to shell_internal.c
- remove shell_public.c
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently we don't support resume VM in HC API, the real meaning
of the code is to start VM.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. add register_softirq to register a softirq handler
2. rename exec_softirq to do_softirq; raise_softirq to fire_softirq.
3. in do_softirq call registered softirq handler not call
the device softirq handle function directly
4. enable irq after vm exit and disable irq after the first
call do_softirq before vm enter.
5. call do_softirq again when irq disabled to handle the risk
unhandled softirq.
6. rename SOFTIRQ_DEV_ASSIGN to SOFTIRQ_PTDEV
7. remove SOFTIRQ_ATOMIC
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Softirq is not x86 architectural related.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Now, we let guest own most CR4 bit. Which means guest
handles whether the CR4 writting is invalid or not and
GP injection if it's invalid writing.
Two bits are exception here:
we filter VMX and PCID feature to guest (which means
they are supported on native).
So we can't depends on guest to inject GP for these bits.
Instead, we should explicitly trap these CR4 bits update
and inject GP to guest from HV.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
According to SDM:
writing a nonzero value to 63:32 bits of CR0 and CR4 results #GP(0).
writing a nonzero value to reserved bit of CR4 results #GP(0).
We merge the check with always off mask of CR0 and CR4.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For data structure types "enum vpic_wire_mode, struct stack_canary",
its name is identical with variable name in the same scope.
This MISRA C violation is detected by static analysis tool.
For variables "segment_override, pde_index", its name is identical
with function name. This MISRA C violation is detected.
Naming convention rule:Variable name can be shortened from
its data structure type name.
The following udpates are made:
enum vpic_wire_mode vpic_wire_mode-->enum vpic_wire_mode wire_mode
struct stack_canary stack_canary-->struct stack_canary stk_canary
uint8_t segment_override:1 --> uint8_t seg_override:1
uint32_t pde_index--> uint32_t pde_idx
V1-->V2:
Remove update "enum cpu_state cpu_state-->enum cpu_state state"
and "enum irqstate irqstate-->enum irq_ops_mode ops_mode", other
patch will cover it.
V2-->V3:
Update "uint32_t pde_index--> uint32_t pde_idx".
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For data structure types "struct pic and struct iommu_domain",
its name is identical with variable name in the same scope.
This MISRA C violation is detected.
Naming convention rule:If the data structure type is used by only one
module and its name meaning is simplistic, its name needs prefix
shorten module name.
Naming convention rule:Variable name can be shortened from its
data structure type name.
The following udpates are made:
struct pic pic-->struct i8259_reg_state i8259
struct iommu_domain iommu_domain-->struct iommu_domain iommu
V1-->V2:
Update "struct iommu_domain iommu_domain-->struct iommu_domain iommu"
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Instead of using two members for maintaining the state of a VHM request, this
patch replaces the transitions with a single state. Basically the lifecycle of a
VHM request shall be:
FREE -> PENDING -> PROCESSING -> COMPLETE -> FREE -> ...
The structure header of vhm_request has more details of the transitions access
limitations under different states.
Also drop the set but unused member vcpu.ioreq_pending.
For backward-compatibility, the obsolete 'valid' member is still kept and
maintained before SOS and DM adapts to the new state transitions.
v2 -> v3:
* Use complete_ioreq to mark an I/O request finished in
dm_emulate_(pio|mmio)_post.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are some functions for the post work of I/O emulation. This patch moves
these functions to io.c for clarity. No functional change introduced.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently no post-work is done for I/O requests of type PCICFG or WP. The
impacts include:
1. ''valid'' in VHM request buffers are left as 1 even after the I/O request
completes. This violates the pre-condition of acrn_insert_request_wait()
but does not cause failures since a new I/O request can never happen
before the previous one completes.
2. Values read from PCI configuration spaces are never passed to UOS.
This patch adds the post-work for these two kinds of I/O requests. The post-work
for port I/O is invoked for PCICFG since it is essentially a port I/O and the
request structure is compatible. No post-work is needed for WP as it is only
triggered for EPT violations on writes, while post-work is mainly for reads.
v2 -> v3:
* Consistently use 0/1 (not false/true) for the ''valid'' member.
* Add comments to suggest when the hypervisor can see REQ_PCICFG and why
dm_emulate_pio_post also works in such cases.
* Rename: mark_ioreq_done -> complete_ioreq
* Rename: complete_request -> emulate_io_post
* Rename: hcall_notify_req_finish -> hcall_notify_ioreq_finish
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
This is the counterpart to the PIO emulation side.
1. ept_violation_vmexit_handler (entry point for handling vmexit on EPT instruction):
Extract mmio address, size, direction and value (for write only), fill in an
I/O request, invoke do_io to handle that and emulate_pio_post for
post-processing.
2. emulate_io
Handle the given I/O request, either completed by registered MMIO handlers
or sent to VHM.
3. emulate_mmio_post:
Update guest registers after the emulation is done.
v2 -> v3:
* Rename: emulate_mmio_by_handler -> hv_emulate_mmio.
* Inline the original hv_emulate_mmio.
* No longer check alignment. The handlers are responsible for handling
unaligned accesses.
v1 -> v2:
* Rename: do_io -> emulate_io.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch refactors how I/O instructions are emulated, in order for a unify the
I/O emulation path. The major control flow includes:
1. pio_instr_vmexit_handler (entry point for handling vmexit on I/O instruction):
Extract port address, register size, direction and value (for write only),
fill in an I/O request (of type io_request), invokes do_io to handle that
and update the guest registers if the request has been successfully handled
when do_io returns.
2. emulate_io:
Handle the given I/O request. The request is handled or sent to VHM if it
returns 0 (the actual status can be found in io_req->processed). On errors a
negative error code is returned.
3. emulate_pio_by_handler:
Look for the PIO handler for the given request and invoke that
handler. Return 0 if a proper handler is found and invoked (the status of
the emulation can be found in io_req->processed), -EIO when the request
spans across devices, and -ENODEV when no handler is found.
4. emulate_pio_post:
Update guest registers after the emulation is done. Currently this can
happen either right after do_io() or after the vcpu is resumed. Status check
on the I/O request and follow-up actions on failure will also go here.
Note:
Currently do_io can return 0 with io_req->processed being REQ_STATE_PENDING if
the request is sent to VHM for further processing. In this case the current vcpu
will be paused after handling this vm_exit, and dm_emulate_pio_post will be
invoked to do the rest after this vcpu is resumed. When vcpus are scheduled back
to exactly where they are scheduled out later, do_io should be responsible for
the post_work and the processing of do_io results shall be mostly the same.
v2 -> v3:
* Rename: emulate_pio_by_handler -> hv_emulate_pio.
* Properly mask the value passed to port I/O handler.
v1 -> v2:
* Rename: do_io -> emulate_io.
* Rename io_instr_vmexit_handler -> pio_instr_vmexit_handler to reflect the
fact that it handles port I/O only.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The current hierarchy :
CONSOLE --> SERIAL -->UART DRIVER
This patch remove SERIAL layer, that is console will
call UART driver directly, change it to:
CONSOLE --> UART DRIVER
Remove some related data structures and registration and callback.
Cleanup vuart.c
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For data structure types "union lapic_id and struct segment",
its name is identical with variable name in the same scope. This MISRA C
violation is detected by static analysis tool.
Naming convention rule:If the data structure is corresponding
to hardware resource (such as register, segment selector),
its name need resource shorten name suffix (such as _reg, _sel).
The following udpates are made:
union lapic_id-->union lapic_id_reg
struct segment-->struct segment_sel
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
For data structure types "struct key_info, struct pir_desc,
struct map_params", its name is identical with variable name
in the same scope. This MISRA C violation is detected by
static analysis tool.
Naming convention rule:If the data structure type is used by only one
module and its name meaning is simplistic, its name needs prefix
shorten module name.
The following udpates are made:
struct key_info-->struct trusty_key_info
struct pir_desc-->struct vlapic_pir_desc
struct map_params-->struct mem_map_params
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
For data struct type struct vie, emul_ctxt, its name
is identical with variable name in the same scope.
This MISRA C violation is detected by static analysis
tool.
According to naming convention rule: If the data structure
type is used by only one module and its name meaning is
simplistic, its name needs prefix shorten module name.
Follow the same rule, data structure name "vie_op" needs
to be renamed;
The following updates are made in this patch:
struct vie-->struct instr_emul_vie
struct vie_op-->struct instr_emul_vie_op
struct emul_ctxt-->struct instr_emul_ctxt
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The variable timer's name is identical with struct
timer s name. This MISRA C violation is detected
by static analysis tool.
According to naming convention rule: If the data
structure type is used by multi modules, its
corresponding logic resource is only used by
hypervisor/host and isn't exposed to external
components (such as SOS, UOS), its name meaning
is simplistic (such as timer), its name needs prefix
"hv_".
Rename struct timer as struct hv_timer.
Replace regular expression:s/struct timer\([ ),;\t\*]\+\)
/struct hv_timer\1
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
V1:
In order to remove MISRA C violations for rule
219S, rename functions, macros whose name
starts with "_".
Also removed some __mmio functions because they are
duplicates and are not used anywhere.
Renamed functions like __assert, to asm_assert,
because they were only wrappers around asm calls.
V2:
Over and above the changes on V1, modified bitmap
functions names to lock (corresponding to unlock)
introduced in V1
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
Misra c required parameter should not changed in the scope
of function,use local variable to replace it.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Parameter's type which is pointer should not be changed in the
scope of function,assign it's value to local variable to fixed
it out.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. Add strstr_s in lib to support locate substring in a string
2. Parse "ImageBootParamsAddr=" from cmdline and retrieve seed
3. Convert the addresses to SOS GPA since they will be used in
SOS.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Reviewed-by: Wang Kai <kai.z.wang@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many naming violations detected by static analysis
tool. Data structure type name is the same as variable name.
According to naming convention rules, If the data structure
type is used by multi modules and its name meaning is
simplistic (such as vcpu, vm), its name needs prefix "acrn_".
Rename struct vpic as struct acrn_vpic.
Replace regular expression:s/struct vpic\([ ),;\t\*]\+\)/struct acrn_vpic\1
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many naming violations detected by static analysis
tool. Data structure type name is the same as variable name.
According to naming convention rules, If the data structure
type is used by multi modules and its name meaning is
simplistic (such as vcpu, vm), its name needs prefix "acrn_".
Rename struct vlapic as struct acrn_vlapic
Replace regular expression:s/struct vlapic\([ ),;\t\*]\+\)/struct acrn_vlapic\1
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
main focus on integral issues, and change some functions
interface to unify the params data type; also modify to
simplify the code logic.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The current struct vcpu has two members, namely 'struct vhm_request req' and
'struct mem_io mmio', that hold similar info, including the address, direction, size,
value and status of mmio reqeusts.
As a step towards a unified framework for both MMIO/PIO, this patch unifies
these two members by a tailored version of vhm_reqeust, mostly with the reserved
fields dropped. The definitions to request types, directions and process status
are reused.
Handling errors during emulations will be revisited after the I/O emulation
paths are unified. Thus for this patch the mmio.mmio_status in inherited by
io_req.processed which is not yet properly processed.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently the I/O emulation structures and interfaces are scattered among mmu.h,
io.h and guest.h, and tangled with other interfaces there. This patch moves the
former to a separate header ioreq.h.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add lookup_address to lokup the page table for a virtual address
of primary page table or a physical address of extended page table.
The remaining obtain_last_page_table_entry could be removed with their
called function later.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
The ept_mr_add still use the old map_mem. The old API will
keep for a peroid until the SOS the same refine be merged.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Merge mmu_modify with mmu_del to mmu_modify_or_del(..., type).
While type is MR_MODIFY, the actual action is doing mmu_modify; while
type is MR_DEL, the actual action is doing mmu_del.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add hcall_change_vm_page_wp_perm to change guest one page write permission.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the function scope,the parameter should not be
changed as Misra required.
V1->V2 recover some violations because of ldra's false positive.
V2->V3 sync local variable' type to parameter's type with the prefix of const.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
SOS boot with all physicall cpus, before running UOS, it should free
CPU resource by offline not used cpus
- first do standard cpu offline flow
- then call hcall_sos_offline_cpu hypercall to release cpu resource really
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
if defined CONFIG_VM0_DESC, HV will use predefined vm0_desc to config
VM0, otherwise, HV will run VM0 with all physical cpus.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
foreach_vcpu will go through all vcpu_array and only call the following
code when vcpu != NULL
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove shell_construct
Change shell_init to void type
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix x86 directory violations which related to integer problems,
some of problems are skipped because of ldra's false positive.
V1->V2 1.modified the code style
2.fix all macro VM_EXIT_IO_INSTRUCTION related
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The purpos is to unify the layout of general-purpose regs in interrupt/excpetion context.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In current code, general-purpose register layout in run_context is not align with the
general-purpose register index when vmexit. So hv needs to map the index used during
vmexit to the index of the general-purpose register in run_context.
This patch align the layout, so that no mapping needed.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. fix some description for hv mmu_modify
2. add pml4_page input parameter for ept_mr_modify to keep align with
ept_mr_add and ept_mr_del which will support add or delete MR for trusty.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. rename set_vm_memmap to set_vm_memory_region
2. split ept_mmap into ept_mr_add and ept_mr_del
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The plus and minor have the same level of precedence. The Misra-C
considers it as a violation. Added brackets in between addition and
substraction oprators.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Added brackets for expression to make it easy to understand and
reduce the mistake of precedence. The rule is applied to the
mixed same level of prevedence opeartors, high level presedence
operators and logical expression.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- explicitly declare the array size to fix the violation 'Array has no
bounds specified'
- minor changes for comments style
v1 -> v2:
* add the definition for exit reasons from 0x39 to 0x40 based on "SDM
APPENDIX C VMX BASIC EXIT REASONS"
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
fix all assign.c integer violations except related
"Implicit conversion: actual to formal param".
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This is the final cleanup of the integral type related issues, reported by the
static checker, under common/, mostly including
* make explicit the narrowings of vm_ids passed by register.
* work around the confusion of the static checker by abstracting
sub-expressions to local variables.
The remaining reports that are not trivial to suppress will be in the scope of a
separate document.
v1 -> v2:
* Instead of converting vm_ids inside hcall_xxx, update the prototypes of
these functions and do the conversion in vmcall_vmexit_handler.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Clean up most reported integral-type-related violations still existing under
arch/x86/guest/. The remaining reports that are not trivial to suppress will be
explained in separate documents.
Also move acpi_info outside acrn_common.h as the structure is no longer shared
with DM.
v1 -> v2:
* Move struct acpi_info to bsp_extern.h
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The error code in the hypervisor is 32-bit signed integers. To reduce implicit
conversions, this patch make hcall_xxx returns int32_t, and finally converts it
to uint64_t when assigned to rax whose semantics is properly defined in C99.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Qualified or unqualified int or bool are the only types allowed for bit-field
members in C99, and MISRA C further forbids using plain int.
Use uint32_t (which is equivalent to unsigned int) for all bit-field members.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Inline function have some violations with parentheses
and return type casting.Fixed it.
V1->V2:modified the parameter to ther letter case
V2->V3:move the delcaration to the inner and reduce suffix UL to U
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now the Intel RDT emulation is working in progress. So disable it
for temporary solution to avoid guest OS running with incorrect RDT
configuration.
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Most of the time, we use the virtual address of EPT PMl4 table,
not physical address.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
mainly focus on: like U/UL as unsigned suffix;
char and int mix usage; also change some function's params
for data type consistent.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Remove those APIs without definition
- Minor changes to make sure the line length is less than 80
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many type conversions in the atomic
operations invoking reported by static analysis tool. These
type conversions voilate MISRA C.
To keep uniform naming convention, rename atomic operation
function names:
atomic_set_int/long --> atomic_set32/64;
atomic_clear_int/long --> atomic_clear32/64;
atomic_load --> atomic_load32;
atomic_store --> atomic_store32;
atomic_swap --> atomic_swap32;
atomic_readandclear --> atomic_readandclear32;
atomic_inc --> atomic_inc32;
atomic_dec --> atomic_dec32;
atomic_cmpxchg --> atomic_cmpxchg32;
atomic_xadd --> atomic_xadd32.
Update the type of atomic_load32/64, atomic_store32/64,
atomic_swap32/64, atomic_cmpxchg32/6.
Update related variables and callers.
Note: the type of return value and parameters of atomic_xadd32/64
still keep signed int/long since caller pass
negative variable to atomic_xadd32/64;
V1-->V2:
Add comments for atomic_set/clear to differ from
bitmap_set/clear.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie.Mao <junjie.mao@intel.com>
While fixing the MISRA C violations related to integral types, we have unified
the type of the following data:
uint8_t:
phys_pin, virt_pin, vpic_pin, ioapic_pin, vioapic_pin
uint16_t:
vm_id, pcpu_id, vcpu_id, vpid
uint32_t:
vector, irq
This patch revisits the types of the fields in vhm_request as well as the
structures used as parameters in the hypercalls, and make them aligned with the
types the hypervisor uses for such data. Reserved fields are added to keep the
size and layout of the structures. Implicit paddings are also made explicit as
reserved fields.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are some integer type conversions in the VMX, timer
and MTTR module detected by static analysis tool.
Update related integer type in VMX, timer and MTTR
module.
Add related constant value with 'U/UL' suffix.
V1-->V2:
Resolve few rebase conflicts.
V2-->V3:
Add 'h' for uint16_t argument in log function;
Update the type of temp variable 'type' as uint8_t
in MTTR module to reduce type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Current code has a mistake associating destination with
redirectionhint. So just use the destination mode to work out
destination mode.
When injecting the msi interrupt to vcpu in hypervisor layer,
current code ingnores the redirection hint(RH) bit of msi address
message from guest, and just use the destination mode and
destination ID. So correctly before injecting, check the RH bit,
if set, choose the vcpu that has lowest priority to inject msi.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Zhao, Yakui <yakui.zhao@intel.com>
Reviewed-by: Yin, Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
NR_MAX_IRQS is defined as 272 and IRQ_INVALID as 273 which implies
that 272 is a valid irq number. In this case, an illegal access can
occur at run time when irq_desc_array[] or irq_count[] is accessed
with index 272. This fix stops the illegal access by renaming
NR_MAX_IRQS to NR_IRQS and then places proper conditions for range
checks. If the index is >= NR_IRQS, then index is invalid otherwise
its considered valid for accessing irq arrays. IRQ_INVALID definition
is also changed to 0xffffffffU to indicate maximum unsigned value.
Signed-off-by: Madeeha Javed <madeeha_javed@mentor.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, there are exec_vmread/exec_vmwrite
used for accessing 32-bit fields, 64-bit field and
natural-width fields. This usage will confue developer.
So there are many type casting for the return value and
parameters vmread/vmwrite operations.
Since exec_vmread/exec_vmwrite and exec_vmread64/exec_vmwrite64
are the same, update current exec_vmread/exec_vmwrite
implement into exec_vmread64/exec_vmwrite64 implement
and add MACRO define for exec_vmread/exec_vmwrite in
head file;
To access 64-bit fields in VMCS, callers use
exec_vmread64/exec_vmwrite64;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
Note:Natural-width fields have 64 bits on processors
that support Intel 64 architecture.To access natural-width
fields in VMCS, callers still use exec_vmread/exec_vmwrite,
keep the current implementation.
V1--V2:
This is new part of this patch serial to only
update 64-bit vmread/vmread opertions and related
caller, for netural width fields, still use exec_vmread
or exec_vmwrite.
V2-->V3:
Fix few mistake updations for netural fields in VMCS,
just keep exec_vmread/exec_vmwrite to access them;
Fix few mistake updations for 64-bit fields in VMCS.
V3--V4:
Add "016ll" for 64-bit variable in log function;
Few updates for coding style;
Rename lssd32_idx as tr_sel in VMX module.
V4-->V5:
Use CPU_NATURAL_LAST in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread32/exec_vmwrite32
is for accessing 32-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread32 and exec_vmwrite32 functions to
access 32-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 32 bit vmread/vmread opertions and related
caller.
V2-->V3:
Update related variables type in data structure
for exec_vmread32/exec_vmwrite32.
Rename temp variable 'low' into 'value' for
exec_vmread32;
V3-->V4:
Remove useless type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread16/exec_vmwrite16
is for accessing 16-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread16 and exec_vmwrite16 functions to
access 16-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 16-bit vmread/vmread opertions and related
caller.
V2--V3:
Add "hu" for uint16_t argument in log function;
Add comments for function get_vmcs_field;
Update related variables type for exec_vmread16;
Rename temp variable 'low' into 'value'.
V3-->V4:
Few updates for exec_vmread16.
V4-->V5:
Few updates for coding style;
Replace "hux" with "hu" in log function for 16-bit
variable.
V5-->V6:
CPU_REG_64BIT_LAST is used in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
fix integer type violations,keep some violations which
related to hypcall and msix_entry_index.
V1->V2:1.modified API_MAJOR_VERSION from Makefile
2.sync acrn_common.h changed to device model
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change these 6 APIs to void type:
init_default_irqs
interrupt_init
early_init_lapic
init_lapic
init_iommu
destroy_iommu_domain
It has checked the argument of destroy_iommu_domain in shutdown_vm,
then no need to check it again inside destroy_iommu_domain.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function like macro changed to be inline function to limit
the return type and parameter type.
V1->V2:change the apis to letter case.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function like macro changed to be inline function to limit
the return type and parameter type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch cleans up the integral-type-related violations after the access
pattern to RTEs is unified. Major changes include:
1. vioapic_mmio_read(), vioapic_mmio_write() and vioapic_mmio_rw() assumes
the size of the register to be accessed is always 4, which is checked in
vioapic_mmio_access_handler(). Thus they no longer takes the unused
''size'' parameter.
2. Typical integral-type-related violation fixes including 'U' suffixes,
type of local variables, conversion specification in format strings, etc.
v1 -> v2:
* Drop duplicated definitions to IOAPIC register offsets.
* Drop the ''size'' parameter of vioapic_mmio_[read|write] and
vioapic_mmio_rw since vioapic_mmio_access_handler() ensures that size is
always 4.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are two different ways the current implementation adopts to access ioapic
RTEs:
1. As two 32-bit registers (typically named ''low'' and ''high''), or
2. As one 64-bit register (typically named ''rte'').
Two issues arise due to the mixed use of these two patterns.
1. Additional conversions are introduced. As an example, ioapic_get_rte()
merges two RTE fragments into a uint64_t, while some callers break it
back to ''low'' and ''high'' again.
2. It is tricky to choose the proper width of IOAPIC_RTE_xxx constants. SOS
boot failure is seen when they are 32-bit due to the following code:
/* reg is uint64_t */
vioapic->rtbl[pin].reg &= ~IOAPIC_RTE_REM_IRR;
while making them 64-bit leads to implicit narrowing when the RTEs are accessed
in the low & high pattern.
This patch defines a union ''ioapic_rte'' and unifies the access pattern
to IOAPIC and vIOAPIC RTEs.
v1 -> v2:
* Instead of two 32-bit ''low'' and ''high'', define a union that allows
either 32-bit or 64-bit accesses to RTEs.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
GUEST_CFG_OFFSET is used to pass the memory top info from DM
to HV. The address should be in E820 reserved range to prevent
guest use it for other purpose.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
version.h is included but not used by per_cpu.h. This results in a forceful
rebuild of almost all files because per_cpu.h (and thus version.h) is depended
on by many files, and version.h is created every time a build is triggered.
This patch breaks this dependency. No further changes needed as sources using
version.h all include that file explicitly.
Also add the missing license header BTW.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The main focus on: constant suffix U/UL; parameters cast like
uint32 to a uint16 variable; unify some APIs interface,
consist with the callers.
also modify some places to unify code style
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Signed/unsigned conversion should add cast explicitily
or change the type of them to the same.
V1->V2:Fixed the 0U to 0UL because of the mistakes.
V2->V3:remove unsed macro
Signed-off-by: HuiHuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Includes header file of non-static function, and declare the
in-file use function static.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
vmid's type prefered to be uint16_t.
V1->V2:vmid from uint32_t transfer to uint16_t
V2->V3:add range check to hcall's vmid parameter
V3->V4:seperate the declaration and actual code.
V4->V5:remove range check from hcall's vmid parameter
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Use the array for lapic_id directly to avoid the unnecessary pointer
arithmetic.
With current implementation,
lapic_id_base is always a byte array with CPU_PAGE_SIZE elements
What this patch does:
- replace 'uint8_t *lapic_id_base' with 'uint8_t
lapic_id_array[CPU_PAGE_SIZE]' to make the boundary explicit
- add a range check to ensure that there is no overflow
v2 -> v3:
* update the array size of lapic_id_array per discussion with Fengwei
v1 -> v2:
* remove the unnecessary range check in parse_madt in cpu.c
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
rename vm_hw_logical_core_ids to vm_pcpu_ids
and changed the type to uint16_t.
V1->V2:rename the vm_hw_logical_core_ids
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1) Change these 5 APIs to void type:
vcpu_inject_pf
uart16550_calc_baud_div
uart16550_set_baud_rate
console_init
ptdev_activate_entry
No need to return 'entry' for ptdev_activate_entry
since the input parameter is 'entry'.
2) no need to check return value for the caller
such as sbuf_put/console_putc/serial_puts/serial_get_rx_data
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
To minimize explicit casts, this patch adjusts the types of function parameters
and structure fields related to vlapic and update the types in the internal
implementation accordingly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
Use local variables to hold struct members before using them, which helps us
avoid confusions from static checkers.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
For constants used in unsigned contexts, a 'U' suffix is required per MISRA C
standard.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
The patch fixes integral type related violations on HV pm part.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Per new design of trusty memory allocation: VHM will reserve contiguous
memory for trusty when DM launch guest with trusty enabled. And OSloader
will relocate trusty to 511G directly and pass trusty's base/entry to HV
by trusty_boot_param when call HC_INIITIALIZE_TRUSTY.
So in this patch:
1. Extend trusty_boot_param to support addr/entry above 4G.
2. Remove size check for old version compatibility.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
like: constant of unsigned int need add U/UL as surfix.
enum value can't use to give or compare with int directlly.
unsigned and signed mis-matched
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires the use of brackets, even when there is only one
statement in the loop body.
Signed-off-by: Ying Liu <ying2.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are some integer type conversions reported by static
analysis tool for vcpu id, number of created vcpus, and
vpid, to reduce these type conversions, redesign vcpu id,
number of created vcpus, and vpid type as uint16_t as per
their usage, related 16-bit atomic operations shall be
added in HV.
MISRA C requires that all unsigned constants should have the suffix 'U'
(e.g. 0xffU), but the assembler may not accept such C-style constants.
Add 16-bit atomic add/dec/store operations;
Update temporary variables type and parameters type of
related caller;
Update vpid type as uint16_t;
Replace Macro with constant value for CPU_PAGE_SIZE.
Note: According to SDM A.10, there are some bits defined
in the IA32_VMX_EPT_VPID_CAP MSR to support the INVVPID
instruction, these bits don't mean actual VPID, so
the vpid field in the data struct vmx_capability doesn't
be updated.
V1--V2:
update comments for assembly code as per coding style;
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
- move all relocatoin code from cpu.c and cpu.h to reloc.c and reloc.h
- no any logic changes
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Yin fengwei <fengwei.yin@intel.com>
In the current memory module, there are many constatn value
without U/UL suffix, it is reported as MISRA C violations by
static analysis tool.
Add 'U/UL' suffix for unsigned contant value in memory module
as needed.
Note:In the most case, CPU_PAGE_SIZE(0x1000) is used as
unsigned integer contant value, so CPU_PAGE_SIZE is defined
as unsigned integer contant value, and it is safety converted
into unsigned long type according to MISRA C standard.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there is a bug for system hang on SBL bootloader after we enabled turbo mode.
so add tmp patch to disable turbo mode as the work-around.
after SBL fixed it, we revert this patch.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the data struct cpuinfo_x86, some field names have
prefix x86, others don't have prefix.
In order to unify names, update field names of struct
cpuinfo_x86 as per its usage purpose, remove prefix x86.
V1-->V2:
Resolve conflict in cpu.c by rebase command
V2-->V3:
Remove track-on id as per jack's comments
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch cleans up the integral type violations to MISRA C rules, mostly
related to signed constants that should be unsigned but also spelling out two
integer narrowing and dropping some macros negating unsigned integers.
v1 -> v2:
* Drop INT_ROUNDUPx macros since they are never used.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The MMIO/PIO write APIs in io.h always take a uint32_t value but may uses it as
8, 16 or 32-bit integers. This patch converts the prototypes to align with their
functionality.
The pointer conversion and assignment are splitted to separate statements to
prevent static checkers from being confused about the underlying types.
v1 -> v2:
* Change the prototype of mmio-related functions, instead of keeping the
explicit conversions internal. The addresses are kept void* since in most
cases hva (in void*) is passed.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
GCC preprocessor expands __LINE__ to signed decimal integers. Keep the prototype
of __assert aligned with this.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current trace.h, the entries use proper unsigned types while some
function prototypes and local variables still use plain 'int', resulting in
implicit signedness conversions.
This patch makes the following conversions:
* evid: int -> uint32_t,
* n_data & cpu: 8-bit bit-field -> uint8_t,
* local variable holding the value from strnlen_s(): int -> size_t.
Note: In the following definition:
struct trace_entry {
uint64_t tsc; /* TSC */
uint64_t id:48;
....
The type of bit-field ''id'' cannot be uint32_t since gcc complains about
bit-fields larger than the type. Thus this patch keeps it as is.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
transfer num_vcpus,exp_num_vcpus to uint16_t.
transfer vm_hw_num_cores to uint16_t.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To be consistant with inline function mem_write, modifying the
mem_read* and using inline function instead.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
To follow the Misra-c standard, the assignment operation inside
function-like macro should be avoided. Replaced the violations
macro using inline function instead.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
There are unsinged constant values don't have 'U/UL' suffix
in the HV reported by static analysis tool.
Add 'U/UL' suffix for unsigned constant values as needed.
Tracked-on: ccm0001001-247033
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
There are some narrow integer conversion violations
in the HV reported by static analysis tools.
The narrow integer conversions are resolved by
following methods:
* Explicit type conversion as needed;
* Update suffix of constant value as 'U'
as needed.
cked-on: ccm0001001-247033
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Currently IOAPIC pins are represented using various types, including uint16_t,
int, uint8_t and uint32_t. This patch converts all pins to uint8_t since the
maximum number of interrupt input pins per IOAPIC is limited to 240. The special
value IOAPIC_INVALID_PIN is defined to indicate that a valid pin cannot be
found.
This type clean up also has the following impacts.
* The values in the ''legacy_irq_to_pin'' table are piggybacked with their
trigger mode. This patch splits them as the piggyback prevents us from
using a uint8_t[] for this table, and these two information are never used
at the same time.
* The ''offset'' parameter in ioapic_read_reg32 & ioapic_write_reg32 are
promoted to uint32_t to minimize explicit type conversions and keep
aligned with the type of formal parameters of mmio_(read|write)_long.
Tracked-on: ccm0001001-247033
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According to C99 standard, -1 integer constant with 'U/UL'
suffix has no type.
To explicit the integer constant:
Update -1U or -1UL as ~0U or ~0UL, or invalid number according
to usage case.
V1-->V2:
Update parameter name and type of send_startup_ipi since
the second parameter is used as pcpu_id;
Update related comments for code clearity.
V2-->V3:
Update comments of struct acrn_irqline;
rename cpu_startup_dest as dest_pcpu_id in the second
parameter of send_startup_ipi.
Tracked-on: ccm0001001-247033
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Extend struct trusty_boot_param to hold rpmb_key.
Copy rpmb_key from trusty_boot_param when initialize
trusty.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Reviewed-by: Zhu Bing <bing.zhu@intel.com>
Reviewed-by: Wang Kai <kai.z.wang@intel.com>
According to MISRA C:2012, suffix 'U/UL' shall be for
unsigned const value, the member of enum variable should
not be used to compare with integer variable.
Add 'U/UL' for unsigned const value in the CPU module;
Use Macro insteading of enum feature_word since the member
of feature_word is used to compare with integer variable;
Use hex number insteading of Macro in the assembly code.
V1-->V2:
Update the suffix of some constant value as 'UL'
according to its'storage variable;
Split MACRO updates used in the assembly code
in other patch.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C requires that all unsigned constants should have
the suffix 'U/UL'(e.g. 0xffU), but the assembler may not
accept such C-style constants.
To work this around, all unsigned constants must be
explicitly spells out in assembly with a comment tracking
the original expression from which the magic number is
calculated.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Here is how the recursion might happen:
when there is something wrong
|
sbuf_put -> memcpy_s -> pr_err -> do_logmsg
| |
-----------------------------------
Replace 'pr_err' with 'ASSERT' in 'memcpy_s' to break this kind of
recursion.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
IOAPIC pins always fit in 8-bit and we already use uint8_t for virt_pins. This
patch converts pins in vioapic to uint8_t.
This is based on Arindam's previous patch ("was: hv: Cleanup and optimise
vioapic.c"), with SOS boot failure resolved, format string updated, complex
arithmetic expression with implicit type conversion decoupled. Also make some
local variables representing interrupt vectors uint32_t.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
A couple of diagram were written using text characters. This
commit changes that to use pictures instead.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Move the existing Trusty document to the doc/ folder (where
it belongs) and convert the text to ReST.
The Documentation/ folder under hypervisor/ is removed as all
documents should be put under doc/.
All technical information has been preserved or was already
available in other documents.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
This patch makes necessary integer narrowing and/or signedness conversion
explicit.
While some narrowing are expected behavior, the correctness of the others relies
on the specifications of some interfaces (e.g. the higher 32-bit of what
exec_vmread() returns is all 0s if the given field is 32-bit). Add a stub
for now to avoid missing them.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
- rename 'cpu_set_logical_id()' to 'set_current_cpu_id()'
- rename 'cpu_find_logical_id()' to 'get_cpu_id_from_lapic_id()'
- some clean up in cpu.c & trampolines.s
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
In the hypervisor, some strings are assigned to non const
object, this violates MISRA C:2012.
Update the type of the object as const type since it always
points to string.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
We need bitmap bit ops API for 32bit operators like vlapic irr
registers.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are extra type conversion in the HV since logical_id
type is uint32_t and the input argument of bitmap operations
is uint16_t. BTW, the name of logical_id is not clear enough
to express its usage.
So the following updates are made in this patch:
Update logical_id type as unit_16 to reduce type casting;
Update related print argument;
Rename related logical_id as pcpu_id as needed.
Note: logical_id in the interrupt_init definition have been
updated in cpu_id cleanup patch.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
There are extra type conversion in the HV since cpu_id
type is uint32_t and the return value type of get_cpu_id
is uint16_t. BTW, the name of cpu_id is not clear enough
to express its usage.
So the following updates are made in this patch:
Update cpu_id type as unit_16 to reduce type casting;
Update related temporary variables type;
Update related print argument;
Change the input parameter name of interrupt_init as
cpu_id to keep align with function implement;
Rename cpu_id as pcpu_id as needed.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, virtual cpu id is defined as "int" or "uint32_t"
type in the hypervisor. So there are some sign conversion issues
about virtual cpu id (vcpu_id) reported by static analysis tool.
Sign conversion violates the rules of MISRA C:2012.
BTW, virtual cpu id has different names (vcpu_id, cpu_id, logical_id)
for different modules of HV, its type is defined as "int" or "uint32_t"
in the HV. cpu_id type and logical_id type clean up will be done in
other patchs.
V1-->V2:
More clean up the type of vcpu id;
"%hu" is for vcpu id in the print function.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.Change the API tgt_uart/ static int uart16550_get_rx_err(uint32_t rx_data) to return uint32_t
b.modified the format of if from "if (length > 32*(length/32))" to
"if (length % 32U > 0)"
V3->V4:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
logmsg() expects the severity given to be uint32_t. This patch adds the 'U'
suffix to the severity constants.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Rename bit operation function fls as fls32, keep name
style with other bit operation function.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch represents TSC freqeuency in KHz using a 32-bit unsigned integer.
The conversion macros between ticks and us/ms are changed to inline functions to
enforce the types of the input parameters. Note that us_to_ticks accepts only
uint32_t (~4K us at most) and never overflows.
Results of some unit tests on the conversion functions:
calibrate_tsc, tsc_khz=1881600
64us -> ticks: 120422
64us -> ticks -> us: 63
511us -> ticks: 961497
511us -> ticks -> us: 510
1280000 ticks -> us: 680
1280000 ticks -> us -> ticks: 1279488
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The parameter to udelay is the microseconds to wait for, which should be an
unsigned integer.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ioapic reset function will be called when doing guest reset.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To reduce type conversion in HV:
Update return type of function ffs64 and ffz64 as uint16;
For ffs64, when the input is zero, INVALID_BIT_INDEX is returned;
Update temporary variable type and return value check of caller
when it call ffs64 or ffz64;
Note: In the allocate_mem, there is no return value checking for
calling ffz64, this will be updated latter.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER
Coding style fixing;
INVALID_CPU_ID instead of INVALID_PCPU_ID or INVALID_VCPU_ID;
"%hu" is used to print vcpu id (uint16_t);
Add "U/UL" for constant value as needed.
V2-->V3:
ffs64 return INVALID_BIT_INDEX directly when
the input value is zero;
Remove excess "%hu" updates.
V3-->V4:
Clean up the comments of ffs64;
Add "U" for constant value as needed.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change the return type of function fls64 and clz64 as uint16_t;
When the input is zero, INVALID_ID_INDEX is returned;
Update temporary variable type and return value check of caller
when it call fls64 or clz64;
When input value is zero, clz64 returns 64 directly.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER;
Partly revert apicv_pending_intr udpates;
Add type conversion as needed;
Coding style fixing.
V2-->V3:
Correct type conversion;
fls64 return INVALID_BIT_INDEX directly when
the input value is zero.
V3-->V4:
No updates for this part in PATCH V4.
Note: For instruction "bsrq", destination register value
is undefined when source register value is zero.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change the return type of function fls and clz as uint16_t;
When the input is zero, INVALID_BIT_INDEX is returned;
Update temporary variable type and return value check of caller
when it call fls or clz;
When input value is zero, clz returns 32 directly.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER;
Add type conversion as needed;
Add "U/UL" for constant value as needed;
Codeing style fixing.
V2-->V3:
Use type conversion to remove side effect of
the variable which stores fls/clz return value;
fls return INVALID_BIT_INDEX directly when the
input value is zero.
V3-->v4:
Clean up comments for fls.
Note: For instruction "bsrl", destination register value
is undefined when source register value is zero.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are multiple helpers for collecting info to be printed on the ACRN uart
console. They are unreachable code in release builds in which the uart console
is removed.
To define a precise boundary for safety-related activities, this patch wraps the
declarations and definitions to these helpers with "#ifdef HV_DEBUG" so that
these unreachable APIs will be dropped in release builds.
v1 -> v2:
* Fix coding style: no empty lines between #ifdef and the wrapped code.
* Also drop get_rte_info() in ioapic.c, which is solely used by
get_ioapic_info().
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Similar to cr0/4:
- use context->vmx_ia32_pat to save/restore VMX_GUEST_IA32_PAT field
- use context->ia32_pat to keep track the guest' view of IA32_PAT MSR
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch makes use of IA32_PAT MSR to emulate cache disabled behaviour
When the guest is requesting to set CR0.CD:
- Keep guest's CR0.CD and CR0.NW bits unchanged
- Write IA32_PAT MSR with all-UC entries to change the effective memory
type for all GPA to UC for the guest VCPU
- It depends on trapping wrmsr to IA32_PAT to prevent any entry in
IA32_PAT being changed to non UC type by the guest
When the guest is requesting to clear CR0.CD:
- restore the content of guest's IA32_PAT MSR
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Preparing for emulating guest's CR0.CD and CR0.NW bits:
- Intercept both rdmsr and wrmsr for IA32_PAT
- Track guest's IA32_PAT MSR with vcpu.arch_vcpu.contexts.ia32_pat
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enum cpu state is better than cpu state macro.
V1->V2:
move enum cpu_state under #ifndef ASSEMBLER MACRO to avoid
assembler compiler scan.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We define attr.name in struct vm and named as ("vm_%d", attr.id). attr.name only
be used in debug tool vm_list. It does't deserve to do so in OS created flow
(aka function create_vm). It's better to handle this in vm_list tool.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@inte.com>
struct map_params's member page_table_type is enum _page_table_type,
transferred it.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are two prefix (aka TRC and TRACE) for trace event. This patch make all
the trace event prefix consist with TRACE.
No functional change.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
operations
For reducing sign conversion in hypervisor:
Update parameters of bitmap operations as unsigned type;
Update the input of related caller as unsigned type when the
caller's input parameter is const variable or the variable is
only used by bitmap operations.
V1-->V2:
(1) Explicit casting for the first parameter
of all bitmap operations;
(2) Remove mask operation for explicit casting
of all bitmap operations, since masking is
useless. Otherwise, this trucation is dangerous.
V2-->V3:
(1) Explicit casting for all bitmap operations parameter;
(2) Masking bit offset with 6-bit;
(3) Add few comments about bit offset.
V3-->V4:
add '\' for some statement of bitmap macro
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The struct member types should be transfer to non-basic types,
chaned it to length-prefix(uint32_t,int32_t ...) type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- replace 'strtol()' with 'strtol_deci()'
-- supports string with decimal format
- replace 'strtoul()' with 'strtoul_hex()'
-- support string with hex format
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According intel mannual and ACPI mannual,lapic_id length is 1 byte.
V1->V2:
Add U suffix to the numeric when do arithmetic operation on lapic.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Later patch will refactor acrntrace to make trace data output as raw data(binary)
and introduce a new tool(acrntrace_format) to parse raw data to human-readable
file.
Adding nr of data and cpuid to trace_entry will make it easy for acrntrace_format
to parse data file and inditify which cpu this trace entry belong to.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
The local variable type should be transfer to non-basic type,
chaned it to length-prefix(uint32_t,int32_t ...) type.
Char *type or char array type which used to pointer a string
will be keeped.
V1->V2 add extra comments.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN needs to trap the pm1a/pm1b written/read from VM0. So we
could know when should we put the system to S3.
We will have two path back to VM0:
- S3 enter/exit sucess. Will reset VM0 and jump to VM0 wakeup vec
with real mode
- S3 enter/exit failed. Will return to the next instruction of
pm1a/pm1b register writing. VM0 will read the pm1a/pm1b evt
register to check whether it's waked up or not.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Emulate VM0 resume from S3 state:
- reset BSP of VM0
- set the BSP entry to saved VM0 wakeup vec and set BSP to real mode
- start BSP
To match trampoline_spinlock release on ACRN Sx resume path, acquire
trampoline_spinlock if ACRN Sx enter fails.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enter_s3 is main function for ACRN to enter S3 state with following
process:
- pause vm0
- save the wakeup vec of vm0 and set wakeup vec of ACRN. So
resume from S3 will jump to ACRN wakeup
- offline APs
- update the main entry of trampoline to resume entry. After BSP
is resume from S3, it will jump to resume entry instead of AP
startup routine
- turn off vmx
- suspend devices
- enter S3.
exit S3 with following process:
- release trampoline_spinlock which is hold in trampoline code
- resume devices
- enable vmx
- update the main entry of trampoline to AP startup routine.
- online APs.
The following operations will be resume vm0 which will be added
in next patch.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Couple of small changes merged in this change:
- export main_entry, trampoline_spinlock and stop_cpus.
- change vm_resume() name to resume_vm()
- change resume_console_enable() name to resume_console()
- extend reset_vcpu to reset more fields of vcpu
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The S3 enter lowlevel routine saves the cpu context to memory
and enter S3 state
The S3 wakeup lowlevel routine restore cpu context and return.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We will add host_pm.h for ACRN power manager header file.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
