The previous would reserve memory for trusty in SOS kernel. Howerer,
there would no available 16 MB continue memory any more after a long time.
This result in allocating memory for trusty failed. This patch will reserve
memory for trusty in ACRN hypervisor in which case the memory allocation
for trusty will never fail.
Tracked-On: #1942
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch introduce a new mode of IO request completion, polling mode.
Now, the sketch of ioreq process can be,
A. UOS vcpu0 generate PIO/MMIO ->
B. pcpu1(vcpu0 of UOS) trap into HV ->
C. pcpu1 build ioreq, send IPI and enter idle ->
D.1 pcpu0(vcpu0 of SOS) response IPI,
D.2 pcpu0 handle the ioreq in HV, kernel, DM,
D.3 pcpu0 mark ioreq as complete,
D.4 pcpu0 hypercall to enter HV ->
E.1 pcpu0 send IPI to wake pcpu1 up
E.2 UOS vcpu0 continue running
With this change, it skips D.4, E.1 steps. In step C, pcpu1 will enter a
polling ioreq state idle after send out the IPI.
It can save about ~5000 cpu cycles.
In polling mode, we do the polling in idle instead of pause cpu all the
time. It will consume more power. A better way is to use monitor/mwait
instructions which can put cpu into a sleep state with monitoring a
memory address. Unfortunately, APL has bug with monitor. We can gather
all ioreqs state into one monitorable memory and take advantage of
monitor/mwait for future platform.
The way polling or notification is per VM. We can config VMs in
different mode. By default, IO request completion will use notification
mode for all VMs. We can switch it by Kconfig.
Tracked-On: #1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In current code, DMA remapping is enabled at very early stage, when there is no
device added.
Devices are added to VT-d context table when creating VMs.
There is potential risk that there may be device DMA transactions when DMA remapping is
enabled, but the device is not added to the VT-d context table. (Eg. this could happen in UEFI
enviroment when USB keyboard use in efi intenal shell.)
This patch defers DMA remapping enabling until vm creation.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
ioreqs acrossing VM reset is meaningless. So we reset their status when
VM reset.
Please note, device model and service os need to handle various ioreqs
pending status in emergency reset condition carefully. Otherwises, the
post processing of such ioreqs might overwrite this reset.
Tracked-On: projectacrn#1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Even in partition mode, we also need to clear vmid in vmid_bitmap to
indicate the VM is not present.
Tracked-On: projectacrn#1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
fix the following integer violations:
1. Signed/unsigned conversion without cast
2. Literal value requires a U suffix
3. Implicit conversion of underlying type
v3 -> v4:
* change the type of npk_loglevel/mem_loglevel/console_loglevel
from uint32_t to uint16_t
v2 -> v3:
* discard the return value of update_ept
* discard changes related to npk loglevel
v1 -> v2:
* remove the unnecessary changes related to the false positive
issues caused by scanning tool
* change the type of the local variable 'vlapic_id' from uint8_t
to uint32_t in function 'vlapic_build_id'
* change the type of the struct member 'flags' in shared_buf from
uint64_t to uint32_t
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Config MAX_EMULATED_MMIO_REGIONS 16 in Kconfig
-- Add emulated mmio array and emulated mmio regions
in vm structure
-- Remove mmio list in vm structure
-- Remove unregister_mmio_emulation_handler and
vioapic_cleanup APIs
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Add emulated port io index
-- Add emulated pio array in vm structure
-- Remove port list in vm structure
-- Remove free_io_emulation_resource/register_io_handler/
create_io_handler APIs
v2-->v3:
-- not add 'is_emulated', check len == 0U
-- Check if io_read/io_write handler is NULL before calling
-- Replace ENUM with MACRO for emulated pio index to avoid
MISRA-C violations
v1-->v2:
-- Remove EMUL_PIO_NUM in Kconfig, add emulated pio index
for PIC/PCI/UART/RTC/PM
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the controlling expression of an if statement or
an iteration-statement shall be Boolean type.
v1 -> v2:
* update the U suffix of constant to let the type of operands
to bit operations (&) is the same.
* update the type of 'i' from uint64_t to uint16_t in
'profiling_set_control' since it is limited by phys_cpu_num,
which is uint16_t.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It is not necessary to use atomic operation to
set the initial value for 'created_vcpu' in vm structure.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
For data structure types "struct vm", its name is identical
with variable name in the same scope. This is a MISRA C violation.
Naming convention rule:If the data structure type is used by multi
modules, its corresponding logic resource is exposed to external
components (such as SOS, UOS), and its name meaning is simplistic
(such as vcpu, vm), its name needs prefix "acrn_".
The following udpates are made:
struct vm *vm-->struct acrn_vm *vm
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For data structure types "struct vcpu", its name is identical
with variable name in the same scope. This is a MISRA C violation.
Naming convention rule:If the data structure type is used by multi
modules, its corresponding logic resource is exposed to external
components (such as SOS, UOS), and its name meaning is simplistic
(such as vcpu, vm), its name needs prefix "acrn_".
The following udpates are made:
struct vcpu *vcpu-->struct acrn_vcpu *vcpu
Tracked-On: #861
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Replace dynamic memory allocation in memory management with static memory allocation.
Since the static memory allocation can guarantee the allocation never failed, so
split_large_page and construct_pgentry don't need to return a errno any more.
Besides, the destroy_ept don't need to free page any more. Instead, it would memset
the eptp to 0 to make sure we can't walk this paging table again.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Currently we compare vcpu_id with phys_cpu_num,
vcpu_id is not related with phys_cpu_num,
this patch cleanup them.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
guest software loading is per VM instead of vcpu. So we move it
from prepare_vcpu to prepare_vm. And make sure it's called for
all VMs for partition mode.
Tracked-On: #1565
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There's no need to walk these paging tables to transfer HPA to GPA
for a VM, so remove it.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Pointer param should be declared pointer to const if
the parameter is keeped read-only.
This patch changes pointer param whose name is vm.
Tracked-On:#861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Move vcpu mode set to function vcpu_set_regs.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For UOS, there is no BSP init state saved in hv. We always need
DM to set BSP init state by using hypercall. So we can't auto
start vm during vm reset.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, we make UOS to set BSP init state by using hypercall. We
could drop the old UOS loader in HV and make vm loader in HV
only for SOS.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
NOTE: this patch is only workaround patch for UOS BSP state init.
Eventually, the DM will call hypercall to init UOS BSP state.
We use this workaround patch here to simplify the init_guest_state.
Will make the caller of init_guest_state calls init_guest_vmx
directly.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With reset_vcpu_regs as pre-condition, we only need to set
cs_selector and cs_base for AP.
We call set_ap_entry in two places:
1. When emulation AP SIPI
2. When sos BSP resume from S3. The BSP is resumed to real
mode with entry set to wakeup_vec. We call set_ap_entry
API here with entry twisted from wakeup_vec.
Tracked-On: #1231
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If defined CONFIG_VM0_DESC, HV will use predefined vm0_desc
to config VM0,now it is unneccessary, then remove these code.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- add missing brackets for 'if/else' statements based on MISRA-C
requirements
v1 -> v2:
* add brackets for each conditions in 'if' statements to improve
the readability
* modify 'ptdev_init' to make the logic clearer
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Loop the global vm_array[] instead of the vm_list.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- Replace dynamic memory allocation with static memory
-- Remove the parameter check if the vm is NULL
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch is to enhance the feature of "interrupt storm
mitigation"; when interrupt storm happens on one UOS
it should keep as smaller effect to SOS as possible.
Add variables in PTdev entry & VM, used to record one
UOS's pass-thru devices' interrupt data; add a function
to collect the data.
Also add a timer used to delay UOS pass-thru devices'
interrupt injection if an "interrupt storm" detected
by SOS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Replace pointer with static memory for msr_bitmap
inside structure vm_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
for each pass-thru device and its entry owned by one VM, so
change the pass-thru device's softirq lock & entry list into
per VM, so one VM's PT device interrupt process will not
interfere with other VMs; especially in case one user OS
"interrupt storm" happens, it will have little effect on
service OS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that the controlling expression of an if statement or
an iteration-statement shall be Boolean type.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
-- rename struct vioapic --> struct acrn_vioapic
-- update 'vioapic' field in 'struct arch_vm' from pointer
to instance
-- change vm_ioapic(vm) to inline, and move it to vm.h
-- change vioapic_init to void type
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vuart' field in 'struct vm' from pointer
to instance
-- replace MACRO with inline function for vm_vuart,
and move it to vm.h
-- change vuart_init to void type
-- rename struct vuart -->struct acrn_vuart
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vpic' field in 'struct vm' from pointer
to instance, and move it from 'struct vm' to 'struct arch_vm'
-- replace MACRO with inline function for vm_pic, and move it
to vm.h
-- changed vpic_init to void type
-- removed vpic_cleanup
-- move struct acrn_vpic/i8259_reg_state from vpic.c to vpic.h
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In current code, the address translation type for passthrough devices
in SOS is passthrough type, which means the device in SOS can access
the whole physcial memory.
This patch uses SOS EPT to translate address for passthrough
devices. So that the memory of VMM or trusty can be protected from
SOS PTDev.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch adds code to support read-only RTC support for guests
run by partition mode ACRN. It supports RW for CMOS address port 0x70
and RO for CMOS data port 0x71. Reads to CMOS RAM offsets are fetched
by reading CMOS h/w directly and writes to CMOS offsets are discarded.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
- clear run context when reset vcpu;
- destroy trusty without erase trusty memory when reset vm;
changelog:
v1 -> v2: fix misra violation on calling memset();
Signed-off-by: Sun Victor <victor.sun@intel.com>
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Chi Mingqiang <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN in partition mode emulates UART for the VMs directly launced
from HV. This patch adds an option to enable/disable vUART for a
VM.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
For Partition mode ACRN, kernel load address and Boot args load address
are hardcoded. Boot args are currently passed from vm description for
each VM. Renamed init_vm0_boot_info to init_vm_boot_info.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
ACRN boots multiple OS in partitioning mode. This patch adds code to assign
vm_id in the vm data structure to be same as the one assigned at compile time.
This makes the vm id deterministic for each VM booted from HV directly.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
This patch is an extension to the commit 6643adff8b.
It uses the mptable API to build mptable for each VM booted by ACRN in partition mode.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Adding code to map memory for UOS in partitioning mode ACRN.
HPA starting above 4GB is used for UOS memory. Supports only contiguous memory
from host for UOS. Current implementation supports only 2 GB for UOS memory.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
-- add clear trusty memory flag
In some cases such as UOS power off or UOS full reset,
need to clear trusty memory,no need to clear memory such as
UOS S3 or UOS system reset,then add a flag to distinguish it
when destroy secure world.
-- Restore trusty memory to guest normal world.
-- Moved free trusty EPT inside destroy_secure_world
In some cases such as UOS S3 or UOS system reset,
only need to free trusty EPT, this patch move free
trusty EPT inside destroy_secure_world.
Because PD/PT are shared in both secure world's EPT
and normal world's EPT,before freeing trusty EPT,
it will memset all PDPTEs except trusty memory,
then call 'free_ept_mem', it can only free trusty EPT,
and does't affect shared normal world EPT.
v2-->v3:
-- Used new mmu api ept_mr_add when restore trusty memory
to SOS and normal world
-- Dropped this patch "Removed reverted page tables for trusty memory"
because map_mem will be removed in future
It will have a patch, need to update this api(ept_mr_add),
it will not create inverted page tables for trusty memory.
v1-->v2:
-- free trusty ept
still use free_ept_mem, not add a new api,but need to
memset pdptes except trusty memory
-- Removed reverted page tables for trusty memory.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
V4:
- Clear address cache info after a full cf8/cfc access
- Add NULL pointer checking when calling init/deinit ops
V3:
- Do not use ASSERT
- Loop through the vdev list defined in vm_desctiption table to call the vdev init/unit functions
- Make the cached vbdf info struct per vm instead of per pcpu
V2:
- Fixed MISRA violations
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
Define Bitmap flag to indicate secure world's state:
supported: 0(not supported), 1(supported)
active: 0(inactive), 1(active)
Refine secure_world_memory:
base_gpa_in_sos: base_gpa from SOS's view
base_gpa_in_uos: base_gpa from UOS's view, this is the original base_gpa
allocated by bootloader.
Recording above GPA is for usage of trusty EPT destroy and re-create.
There is an assumption: the secure world's memory address is contiguous
in both SOS and physical side.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
