The plus and minor have the same level of precedence. The Misra-C
considers it as a violation. Added brackets in between addition and
substraction oprators.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Added brackets for expression to make it easy to understand and
reduce the mistake of precedence. The rule is applied to the
mixed same level of prevedence opeartors, high level presedence
operators and logical expression.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- explicitly declare the array size to fix the violation 'Array has no
bounds specified'
- minor changes for comments style
v1 -> v2:
* add the definition for exit reasons from 0x39 to 0x40 based on "SDM
APPENDIX C VMX BASIC EXIT REASONS"
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Use local variables to hold struct members before using them, which helps us
avoid confusions from static checkers.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
There are some integer type conversions reported by static
analysis tool for vcpu id, number of created vcpus, and
vpid, to reduce these type conversions, redesign vcpu id,
number of created vcpus, and vpid type as uint16_t as per
their usage, related 16-bit atomic operations shall be
added in HV.
MISRA C requires that all unsigned constants should have the suffix 'U'
(e.g. 0xffU), but the assembler may not accept such C-style constants.
Add 16-bit atomic add/dec/store operations;
Update temporary variables type and parameters type of
related caller;
Update vpid type as uint16_t;
Replace Macro with constant value for CPU_PAGE_SIZE.
Note: According to SDM A.10, there are some bits defined
in the IA32_VMX_EPT_VPID_CAP MSR to support the INVVPID
instruction, these bits don't mean actual VPID, so
the vpid field in the data struct vmx_capability doesn't
be updated.
V1--V2:
update comments for assembly code as per coding style;
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
In the current memory module, there are many constatn value
without U/UL suffix, it is reported as MISRA C violations by
static analysis tool.
Add 'U/UL' suffix for unsigned contant value in memory module
as needed.
Note:In the most case, CPU_PAGE_SIZE(0x1000) is used as
unsigned integer contant value, so CPU_PAGE_SIZE is defined
as unsigned integer contant value, and it is safety converted
into unsigned long type according to MISRA C standard.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch cleans up the integral type violations to MISRA C rules, mostly
related to signed constants that should be unsigned but also spelling out two
integer narrowing and dropping some macros negating unsigned integers.
v1 -> v2:
* Drop INT_ROUNDUPx macros since they are never used.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To be consistant with inline function mem_write, modifying the
mem_read* and using inline function instead.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
To follow the Misra-c standard, the assignment operation inside
function-like macro should be avoided. Replaced the violations
macro using inline function instead.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
struct map_params's member page_table_type is enum _page_table_type,
transferred it.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C required function return type should be consistented.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Before we set the page table, we should know the attribute. So
move configure the page table attribute outside of modify_paging.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- this patch is to enable SMEP in hypervisor, SMEP protects
guests' memory from supervisor-mode instruction fetches,
in other words, hypervisor which operating in supervisor
mode can't fetch instructions from (guests' memory)
linear addresses that are accessible in user mode.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
- Add PAGING_REQUEST_TYPE_MODIFY_MT memory map request type
- Update map_mem_region() to allow modifying the memory type related
fields in a page table entry
- Add ept_update_mt()
- add modify_mem_mt() for both EPT and MMU
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Enable VMX vpid ctrl and assign an unique vpid to each vcpu
so that VMX transitions are not required to invalidate any
linear mappings or combined mappings.
SDM Vol 3 - 28.3.3.3
If EPT is in use, the logical processor associates all mappings
it creates with the value of bits 51:12 of current EPTP.
If a VMM uses different EPTP values for different guests, it may
use the same VPID for those guests. Doing so cannot result in one
guest using translations that pertain to the other.
In our UOS, the trusty world and normal world are using different
EPTP. So we can use the same VPID for it.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there are data transfer between guest(GPA) & hv(HPA), especially for
hypercall from guest.
guest should make sure these GPAs are address continous, but hv cannot
assure HPAs which mapped to these GPAs are address continous, for example,
after enable hugetlb, a contious GPA range could come from two different
2M pages.
this patch is handling such case by doing gpa page walking during
copy_from_vm & copy_to_vm.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now just add some basic feature/capability detect (not all). Vapic
didn't add here for if we must support vapic then the code which
for vapic not supported must remove, like mmio apic r/w.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
change its input from map_params to page_table_type, and make it as a
public API.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Before referencing to physical address of devs such as lapic, ioapic,
vtd, and uart, switch to virtual address.
Use a phisical address of pml4 to write CR3.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
- change the input param of check_page_table_present from struct map_params
to page_table_type
- check EPT present bits misconfiguration in check_page_table_present
- change var "table_present" to more suitable name "entry_present"
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Tian, Kevin <kevin.tian@intel.com>
Before this patch, guest temporary page tables were generated by hardcode
at compile time, HV will copy this page tables to guest before guest
launch.
This patch creates temporary page tables at runtime for the range of 0~4G,
and create page tables to cover new range(511G~511G+16M) with trusty
requirement.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- read/write page table entries should use VA which defined as "void *"
- the address data in page table entries should us PA which defined as
"uint64_t"
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- remove unused map_params in get_table_entry
- add error return for both, which is valid under release version,
as at that time, ASSERT in get_table_entry is empty.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
add error return for all, which is valid under release version,
as at that time, ASSERT in modify_paging is empty.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add check_continuous_hpa API:
when create secure world,if the physical
address is not continuous, will assert.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
--add free_paging_struct api, used for free page tables
it will clear memory before free.
--add HPA2HVA translation when free ept memory
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Per SDM Vol. 2:
If CPUID.80000008H:EAX[7:0] is supported, the maximum physical address
number supported should come from this field.
This patch gets the maximum physical address number from CPUID leaf
0x80000008 and calculates the physical address mask when the leaf is
available.
Currently ACRN does not support platforms w/o this leaf and will panic
on such platforms.
Also call get_cpu_capabilities() earlier since the physical address mask
is required for initializing paging.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According to C99:
The empty list in a function declarator that is not part of a definition of
that function specifies that no information about the number or types of the
parameters is supplied.
This means gcc is happy with the following code, which is undesirable.
void foo(); /* declaration with an empty parameter list */
void bar() {
foo(); /* OK */
foo(1); /* OK */
foo(1, 2); /* OK */
}
This patch fixes declarations of functions with empty parameter lists by adding
an unnamed parameter of type void, which is the standard way to specify that a
function has no parameters. The following coccinelle script is used.
@@
type T;
identifier f;
@@
-T f();
+T f(void);
New compilation errors are fixed accordingly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add 'CPU_PAGE_MASK' used for calculate address,
Change IA32E_REF_MASK from 0x7ffffffffffff000 to 0x000ffffffffff000
for MMU/EPT entry, bit62:52(ignore) bit63(VE/XD)
if we want to obtain the address from the MMU/EPT entry,need to clear
bit63:52 by IA32E_REF_MASK
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
