In the function scope,the parameter should not be
changed as Misra required.
V1->V2 recover some violations because of ldra's false positive.
V2->V3 sync local variable' type to parameter's type with the prefix of const.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
SOS boot with all physicall cpus, before running UOS, it should free
CPU resource by offline not used cpus
- first do standard cpu offline flow
- then call hcall_sos_offline_cpu hypercall to release cpu resource really
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
if defined CONFIG_VM0_DESC, HV will use predefined vm0_desc to config
VM0, otherwise, HV will run VM0 with all physical cpus.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In vioapic emulating code, the vioapic spinlock is taken twice
in the same context.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Fix x86 directory violations which related to integer problems,
some of problems are skipped because of ldra's false positive.
V1->V2 1.modified the code style
2.fix all macro VM_EXIT_IO_INSTRUCTION related
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The purpos is to unify the layout of general-purpose regs in interrupt/excpetion context.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The general-purpose register layout is identical to instructio emulation context.
So no need to do the mapping.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
In current code, general-purpose register layout in run_context is not align with the
general-purpose register index when vmexit. So hv needs to map the index used during
vmexit to the index of the general-purpose register in run_context.
This patch align the layout, so that no mapping needed.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. fix some description for hv mmu_modify
2. add pml4_page input parameter for ept_mr_modify to keep align with
ept_mr_add and ept_mr_del which will support add or delete MR for trusty.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. rename set_vm_memmap to set_vm_memory_region
2. split ept_mmap into ept_mr_add and ept_mr_del
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, there are many casts from
an void pointer to integer pointer, then from
integer pointer to structure pointer.
These pointer castings are detected by static analysis
tool. All pointer casts are violations, There are
some duplicated pointer cast. This will make deviation
analysis complex.
BTW, there are one useless pointer casting and one
wrong pointer casting in the hypervisor.
Remvoe duplicated pointer casts to make deviation analysis
simple;
Remove one useless pointer casting;
Update one wrong pointer casting.
Note: There are many void type pointer casts, non-void type
pointer is casted to void type pointer, char type pointer casts,
non-char type pointer is casted to char type pointer. These pointer
casting is need by the memory management module, IO moudle etc.
Deviation analysis will be made and recoded in the analysis report.
V1-->V2:
Fix mixing pointer and array voilation.
V2-->V3:
Remvoe pointer casting from integer pointer into
non-void/non-char pointer directly;
Remove redundant type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The plus and minor have the same level of precedence. The Misra-C
considers it as a violation. Added brackets in between addition and
substraction oprators.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Added brackets for expression to make it easy to understand and
reduce the mistake of precedence. The rule is applied to the
mixed same level of prevedence opeartors, high level presedence
operators and logical expression.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Removed comment out unused code in vmexit.c, sprintf.c and vmcall.c
Minor fix in vmx.c to prevent Misra-c consider it as a piece of
code.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- explicitly declare the array size to fix the violation 'Array has no
bounds specified'
- minor changes for comments style
v1 -> v2:
* add the definition for exit reasons from 0x39 to 0x40 based on "SDM
APPENDIX C VMX BASIC EXIT REASONS"
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The fixed MTRR MSR numbers are not contiguous, so it's not correct
to justify it by checking if it falls in certain range.
This patch fixes this issue by removing is_fixed_range_mtrr()
and use get_index_of_fixed_mtrr() to loop fixed_mtrr_map[]
and compare individual MSR values.
Also removed the unused function get_subrange_end_of_fixed_mtrr()
Signed-off-by: Zide Chen <zide.chen@intel.com>
fix all assign.c integer violations except related
"Implicit conversion: actual to formal param".
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This is the final cleanup of the integral type related issues, reported by the
static checker, under common/, mostly including
* make explicit the narrowings of vm_ids passed by register.
* work around the confusion of the static checker by abstracting
sub-expressions to local variables.
The remaining reports that are not trivial to suppress will be in the scope of a
separate document.
v1 -> v2:
* Instead of converting vm_ids inside hcall_xxx, update the prototypes of
these functions and do the conversion in vmcall_vmexit_handler.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Clean up most reported integral-type-related violations still existing under
arch/x86/guest/. The remaining reports that are not trivial to suppress will be
explained in separate documents.
Also move acpi_info outside acrn_common.h as the structure is no longer shared
with DM.
v1 -> v2:
* Move struct acpi_info to bsp_extern.h
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The error code in the hypervisor is 32-bit signed integers. To reduce implicit
conversions, this patch make hcall_xxx returns int32_t, and finally converts it
to uint64_t when assigned to rax whose semantics is properly defined in C99.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Qualified or unqualified int or bool are the only types allowed for bit-field
members in C99, and MISRA C further forbids using plain int.
Use uint32_t (which is equivalent to unsigned int) for all bit-field members.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Transfer DMAR_[GS]ET_BITSLICE to inline function
to limit the parameter type and return type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Now the Intel RDT emulation is working in progress. So disable it
for temporary solution to avoid guest OS running with incorrect RDT
configuration.
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Most of the time, we use the virtual address of EPT PMl4 table,
not physical address.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
mainly focus on: like U/UL as unsigned suffix;
char and int mix usage; also change some function's params
for data type consistent.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many type conversions in the atomic
operations invoking reported by static analysis tool. These
type conversions voilate MISRA C.
To keep uniform naming convention, rename atomic operation
function names:
atomic_set_int/long --> atomic_set32/64;
atomic_clear_int/long --> atomic_clear32/64;
atomic_load --> atomic_load32;
atomic_store --> atomic_store32;
atomic_swap --> atomic_swap32;
atomic_readandclear --> atomic_readandclear32;
atomic_inc --> atomic_inc32;
atomic_dec --> atomic_dec32;
atomic_cmpxchg --> atomic_cmpxchg32;
atomic_xadd --> atomic_xadd32.
Update the type of atomic_load32/64, atomic_store32/64,
atomic_swap32/64, atomic_cmpxchg32/6.
Update related variables and callers.
Note: the type of return value and parameters of atomic_xadd32/64
still keep signed int/long since caller pass
negative variable to atomic_xadd32/64;
V1-->V2:
Add comments for atomic_set/clear to differ from
bitmap_set/clear.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie.Mao <junjie.mao@intel.com>
There is chance to destroy vm whose ept table was not created, for
example, dm fails to setup mem for vm. In this case, it's better
to check the value of eptp before calling free_ept_mem() rather than
relying on assertion in the function.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA C requires that a 'if' statement followed by one or more 'else if'
statement shall be terminated by an 'else' statement which contains either
side-effect or a comment, to ensure that conditions are considered
exhaustively.
Note that a simple 'if' statement is not required to be terminated by 'else'.
This patch fixes such violations by either refactoring the code or add the
'else' statement with either a comment (describing why this case can be skipped)
or logging the event. It may not be satisfactory for the release version where
logging is no-op, but properly handling these non-trivial cases is out of the
scope of this patch.
v1 -> v2:
* Fix unintended semantic changes in add_(msix|intx)_remapping and
io_instr_vmexit_handler.
* Simplify boolean checks in vpic_ocw2.
* Rephrase the comment in strtol_deci.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current hypervisor, there are many members of CPU_reg_name
used to check range and useless register names.
Define some CPU_REG_XX_FIRST and CPU_REG_XX_LAST MACROs to
make range checking clear;
Remove useless register names CPU_REG_XX_LAST in CPU_reg_name;
Update the related caller.
V1-->V2:
Update a mistake, replace second CPU_REG_SEG_FIRST
with CPU_REG_SEG_LAST in ASSERT.
V2-->V3:
Add '()' for bool expression in ASSERT.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- explicitly declare the array size of 'size2mask[]'
otherwise, the static checking tool treats the array size to be 4, so
that it complains when accessing index '4' or '8'
- unify the comments style and make sure the line length less than 80
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
There are some integer type conversions in the VMX, timer
and MTTR module detected by static analysis tool.
Update related integer type in VMX, timer and MTTR
module.
Add related constant value with 'U/UL' suffix.
V1-->V2:
Resolve few rebase conflicts.
V2-->V3:
Add 'h' for uint16_t argument in log function;
Update the type of temp variable 'type' as uint8_t
in MTTR module to reduce type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Current code has a mistake associating destination with
redirectionhint. So just use the destination mode to work out
destination mode.
When injecting the msi interrupt to vcpu in hypervisor layer,
current code ingnores the redirection hint(RH) bit of msi address
message from guest, and just use the destination mode and
destination ID. So correctly before injecting, check the RH bit,
if set, choose the vcpu that has lowest priority to inject msi.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Zhao, Yakui <yakui.zhao@intel.com>
Reviewed-by: Yin, Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
NR_MAX_IRQS is defined as 272 and IRQ_INVALID as 273 which implies
that 272 is a valid irq number. In this case, an illegal access can
occur at run time when irq_desc_array[] or irq_count[] is accessed
with index 272. This fix stops the illegal access by renaming
NR_MAX_IRQS to NR_IRQS and then places proper conditions for range
checks. If the index is >= NR_IRQS, then index is invalid otherwise
its considered valid for accessing irq arrays. IRQ_INVALID definition
is also changed to 0xffffffffU to indicate maximum unsigned value.
Signed-off-by: Madeeha Javed <madeeha_javed@mentor.com>
ASSERT/panic are called when we get invalid values. It is a little bit strict.
This patch replaces ASSERT/panic with pr_err and return -EINVAL.
v1 -> v2:
- v1 patch name (HV: instr_emul: Remove unnecessary check in decode_xxx)
- keep the check and replace ASSERT/panic with pr_err.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, there are exec_vmread/exec_vmwrite
used for accessing 32-bit fields, 64-bit field and
natural-width fields. This usage will confue developer.
So there are many type casting for the return value and
parameters vmread/vmwrite operations.
Since exec_vmread/exec_vmwrite and exec_vmread64/exec_vmwrite64
are the same, update current exec_vmread/exec_vmwrite
implement into exec_vmread64/exec_vmwrite64 implement
and add MACRO define for exec_vmread/exec_vmwrite in
head file;
To access 64-bit fields in VMCS, callers use
exec_vmread64/exec_vmwrite64;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
Note:Natural-width fields have 64 bits on processors
that support Intel 64 architecture.To access natural-width
fields in VMCS, callers still use exec_vmread/exec_vmwrite,
keep the current implementation.
V1--V2:
This is new part of this patch serial to only
update 64-bit vmread/vmread opertions and related
caller, for netural width fields, still use exec_vmread
or exec_vmwrite.
V2-->V3:
Fix few mistake updations for netural fields in VMCS,
just keep exec_vmread/exec_vmwrite to access them;
Fix few mistake updations for 64-bit fields in VMCS.
V3--V4:
Add "016ll" for 64-bit variable in log function;
Few updates for coding style;
Rename lssd32_idx as tr_sel in VMX module.
V4-->V5:
Use CPU_NATURAL_LAST in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread32/exec_vmwrite32
is for accessing 32-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread32 and exec_vmwrite32 functions to
access 32-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 32 bit vmread/vmread opertions and related
caller.
V2-->V3:
Update related variables type in data structure
for exec_vmread32/exec_vmwrite32.
Rename temp variable 'low' into 'value' for
exec_vmread32;
V3-->V4:
Remove useless type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread16/exec_vmwrite16
is for accessing 16-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread16 and exec_vmwrite16 functions to
access 16-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 16-bit vmread/vmread opertions and related
caller.
V2--V3:
Add "hu" for uint16_t argument in log function;
Add comments for function get_vmcs_field;
Update related variables type for exec_vmread16;
Rename temp variable 'low' into 'value'.
V3-->V4:
Few updates for exec_vmread16.
V4-->V5:
Few updates for coding style;
Replace "hux" with "hu" in log function for 16-bit
variable.
V5-->V6:
CPU_REG_64BIT_LAST is used in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the current "enum cpu_reg_name", there are 16-bit segment
register names, 16-bit descriptor table register names, and
16-bit task register names. These 16-bit register names are
defined among the 64 bit register names. To access these
16-bit fields in VMCS and 32 bit fields in VMCS, more
condition statements need to be used.
Update 16-bit register names position to simplify conditions
in vm_get_register and vm_set_register since different
fields size accessing in VMCS by different vmread/vmwrite
opreation.
Note: After checking the current implementation, the register names of
the same kind of registers (general registers, control registers,
segment registers etc) need to be defined in order, some code checks
the range by using this order. But different kinds of register
names as group, this group position can be adjusted to simplify
conditions.
The follwoing register names group need to be considered in current
implemetation:
(1) General register names group: CPU_REG_RAX~CPU_REG_RDI;
(2) Non-General register names group:CPU_REG_CR0~CPU_REG_LAST;
(3) segment register names group:CPU_REG_ES~CPU_REG_GS.
V1-->V2:
This is new part of this patch serial created in
V2 to rearrange register names as needed.
V2--V3:
Update comment information.
V3-->V4:
Define CPU_REG_NATURAL_LAST and CPU_REG_64BIT_LAST to
make condition more understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
MISRA C requires that all unsigned constants should have
the suffix 'U/UL'(e.g. 0xffU), but the assembler may not
accept such C-style constants.
To work this around, HOST_GDT_RING0_CODE_SEL and
HOST_GDT_RING0_DATA_SEL must be explicitly spells
out in assembly with a comment tracking the original
expression from which the magic number is calculated.
V1-->V2:
Update commit information about HOST_GDT_RING0_CODE_SEL
and HOST_GDT_RING0_DATA_SEL.
V2-->V3:
Update comment for HOST_GDT_RING0_CODE_SEL in assembly
code.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
fix integer type violations,keep some violations which
related to hypcall and msix_entry_index.
V1->V2:1.modified API_MAJOR_VERSION from Makefile
2.sync acrn_common.h changed to device model
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change these 6 APIs to void type:
init_default_irqs
interrupt_init
early_init_lapic
init_lapic
init_iommu
destroy_iommu_domain
It has checked the argument of destroy_iommu_domain in shutdown_vm,
then no need to check it again inside destroy_iommu_domain.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function like macro changed to be inline function to limit
the return type and parameter type.
V1->V2:change the apis to letter case.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function like macro changed to be inline function to limit
the return type and parameter type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
