Current free_irq sequence will release vector first, then use the
released vector to free irq number.It will cause irq leak for MSI IRQ.
At present, there is no one to free the irqs which in irq_static_mappings,
So this patch will only make sure free non-gsi irqs.
Tracked-On: #1359
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Timer IRQ was static mapped IRQ.
It should not be cleaned up when one of the cpu dead.
The patch will retain the timer irq.
Tracked-On: #1359
Signed-off-by: Wei Liu <weix.w.liu@intel.com>
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C states that a void procedure used in expressions is dangerous.
This patch removes the improper 'return' when calling the void procedure
'send_dest_ipi'.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- replace vpic/vioapic_xassert_irq() APIs
with vpic/vioapic_set_irq()
- unify the description of IRQ/PIN state in vpic. & vioapic.c
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. The wrong operand size is assigned in instruction decode phase
if the operand size is 1 byte.
According to the SDM, the bit 0(w bit) of opcode should be checked
first to detect whether the operand size is 1 byte. Then, check
whether there is prefix to overwrite the default operand size.
The original instruction decode doesn't care about the operand
size. But do opsize fixup during instruction emulation phase.
With ACRN we need operand size packed to ioreq and send to DM
after instruction decode.
2. We should always touch the GPA by following opsize to avoid side
effect (especially when GPA is for a MMIO).
Tracked-On: #1337
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fixes the following issue pointed by Xiangyang and Junjie.
There are some macro arguments acting as formal parameter names.
Drop such arguments since they make no difference to the expanded
implementation and they might confuse some developers.
Here is an example.
'ptr' is dropped in this patch, which is acting as a formal parameter
name and make no difference to the expanded implementation.
-#define build_atomic_load(name, size, type, ptr) \
+#define build_atomic_load(name, size, type) \
static inline type name(const volatile type *ptr) \
{ \
type ret; \
asm volatile("mov" size " %1,%0" \
: "=r" (ret) \
: "m" (*ptr) \
: "cc", "memory"); \
return ret; \
}
Some minor coding style fixes are also included in this patch.
- use TAB for the alignment rather than mixing TAB with space
- fix some typo in the comments
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
merge hv_lib.h and hypervisor.h into one file
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, the warning is promoted to error. The warning break ACRN
release build.
Tracked-On: #1343
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the compiler warning and turn on the flag to make
compiler warning as compiler error.
Tracked-On: #1343
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, hypervisor doesn't have the information of pci devices
on the platform when init. In order to reduce boot time and memory
usage, hypervisor set a bus limitation for pci devices when init vtd.
However, maximum bus number varies on different platforms.
This patch add a config for the bus limitation.
Set 0xF as the default value for the maximum bus number on sbl platform.
Set 0xFF as the default value for the maximum bus number on uefi platfrom.
Tracked-On: #1339
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that there should be no unused parameters in
functions.
This patch removes the unused parameters that is not being used
unconditionally.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently the acrn-hypervisor is using the PLATFORM_IPI vector to notify
the sos_kernel. And then sos_kernel will handle the notification from acrn
hypervisor in PLATFORM_IPI ISR. But as the PLATFORM_IPI ISR can be registered
by the other modules, it will have the conflict when trying to register
acrn intr ISR. So the HYPERVISOR_CALLBACK_VECTOR will be used instead.
In order to switch the notification vector from PLATFORM_IPI to
HYPERVISOR_CALLBACK_VECTOR, one API is added so that sos can configure
the up-notifier interrrupt vector.
Tracked-On: https://github.com/projectacrn/acrn-hypervisor/issues/1325
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC checks whether a variable is assigned a value not used in
all branches of a program. Var value which is unused on all paths
can be removed with a consequent improvement in the readability
and efficiency of the code. This patch is used to fix these
violations.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires that there should be no unused parameters in
functions.
In some cases, we will keep the unused parameters.
vmexit handler is one example. It is used as function pointer.
Some of the vmexit handlers use the input parameter 'vcpu', some of
them don't. We still need to keep the unused parameters 'vcpu' for
those handlers don't use 'vcpu'.
This patch removes the unused parameters that is not being used
unconditionally.
v1 -> v2:
* remove the non-implemented API 'vlapic_id_write_handler'
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that every switch case shall be terminated with break
to avoid the unintentional fall through.
The code will become redundant if we enforce this rule.
So, we will keep the current implementation for the following two cases.
1. The fall through is intentional.
2. The function is returned in the switch case.
If we decide to eliminate the mutiple returns in one function later,
this case would be handled properly at that time.
What this patch does:
- add the mssing break for the default case
- add the pre condition for some functions and remove the corresponding
panic which will never happen since the function caller could guarantee
the pre condition based on the code implementation
v1 -> v2:
* remove the redundant cases above default in 'vlapic_get_lvtptr'
* add the similar pre condition for 'lvt_off_to_idx' as
'vlapic_get_lvtptr' since all the function callers could guarantee it
* remove the assertion in 'lvt_off_to_idx' since the pre condition
could guarantee that the assertion will never happen
* add the similar pre condition for 'vpic_set_irqstate' as
'vioapic_set_irqstate' since all the function callers could guarantee it
* remove the assertion in 'vpic_set_irqstate' since the pre condition
could guarantee that the assertion will never happen
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Convert GSI_MASK_IRQ and GSI_UNMASK_IRQ to inline functions.
v1 -> v2:
After changing GSI_MASK_IRQ and GSI_UNMASK_IRQ from MACROs to functions,
'gsi_(mask|unmask)_irq' are the exposed APIs and 'irq_gsi_mask_unmask'
becomes internal.
In order to reflect this change,
- change 'irq_gsi_mask_unmask' as internal function in ioapic.c
- declare 'gsi_(mask|unmask)_irq' in ioapic.h
- define 'gsi_(mask|unmask)_irq' in ioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The hypercall can be used by SOS/DM to monitor UOS
pass-thru devices' interrupt data; and if an "interrupt
storm" happens in UOS, it can be used to delay the UOS
PTdev interrupt's injection for sometime.
The two functions are implemented by one hypercall with
two sub-commands, and with the data/params in the buffer.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch is to enhance the feature of "interrupt storm
mitigation"; when interrupt storm happens on one UOS
it should keep as smaller effect to SOS as possible.
Add variables in PTdev entry & VM, used to record one
UOS's pass-thru devices' interrupt data; add a function
to collect the data.
Also add a timer used to delay UOS pass-thru devices'
interrupt injection if an "interrupt storm" detected
by SOS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Current code enables IOMMU from init_iommu_vm0_domain which is called
from vm0/sos boot sequence. For partition mode VMs, this is not called as
VMs are numbered from 1.
This patch adds support to initialize root table pointer for each IOMMU
and enable all IOMMUs from init_iommu. Hence IOMMUs are enabled even
though ACRN does not boot vm0.
This patch also has changes to fix#1270.
Tracked-On: #1246#1270
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Logically, out-of-range access won't happen at these places. However, it
depends on the behaviour of other codes.
This commit makes changes to explicitly eliminate the possibility in these
functions.
Tracked-On: #1235
Signed-off-by: Yan, Like <like.yan@intel.com>
- use sizeof(struct lapic_regs),instead of arbitrary size
to lear 'apic_page' memory region in vlapic.c
- fix potential buffer overflow issues in vpic.c & ioapic.c
Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If CONFIG_CONSTANT_ACPI is true, then the value in host_acpi_info structure
is constant. Otherwise the host_acpi_info value could be overrided.
This is useful when platform ACPI table value is not fixed in Bootloader
before production.
In production release, this config should be set to yes.
Tracked-On: #1264
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC has requirement about implict conversion: actual to formal
param. This patch is used to fix part of these violations.
1.Add a new structure seg_desc_vmcs to hold the VMCS field address of
segment selector to clean up seg_desc structure.
2.Add the definition of maximum MSI entry and the relevant judgement.
3.The violations in shell.c, logmsg.c will be fixed in other series of
patches with modification of function snprintf(), vsnprintf() and other
related usages.
v1->v2:
*Move the definition of struct seg_desc_vmcs from instr_emul.h to
instr_emul.c.
*Modify the formal parameter type in function definition from uint8_t
to char instead of using cast.
*Drop the const declaration for char data in formal parameter.
v2->v3:
*update the data missing conversion.
*change type of internal parameter len to avoid casting in npklog.c.
*change the conversion from signed char to unsigned int in
uart16550_getc() to solve sign-extension.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C states that redundant macros reduce the maintainability of code.
In some cases, we would like to keep the current unused macros for code
completeness, such as cpu registers. These macros might be used later.
This patch removes some unused macros that is not critical for code
completeness.
v1 -> v2:
* Keep TRUSTY_VERSION in trusty.c.
Yadong will cook another patch which will utilize TRUSTY_VERSION.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current hypervisor hypercall, first all vcpu is
allocated to SOS, vcpu's vm field is initialized to vm0.
When the vcpu is offlined, vcpu will be paused and vcpu's
vm field is set as NULL by DM. When UOS is created, vcpu's
vm field is set as UOS's vm. So when vmcall_vmexit_handler
is invoked, vcpu's vm filed is always non-NULL.
error checking for vm pointer is done in the function
"vmcall_vmexit_handler", vmcall_vmexit_handler will
guarantee that vm is vm0.
So all hypercall functions (these functions is just for handler
hypercall, except vmcall_vmexit_handler) don't need to check
whether invoking vm is NULL and don't need to check whether
invoking vm is vm0 or not.
Remove related invoking vm error checking for hypercall handling.
V1 --> V2:
Add pre-condition for hypercall in the head file.
V2 --> V3:
Add pre-condition for copy_from_gpa and copy_to_gpa.
V3 --> V4:
Add pre-condition both in the head file and source file.
Tracked-On:#1258
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Current code enables IOMMU from init_iommu_vm0_domain which is called
from vm0/sos boot sequence. For partition mode VMs, this is not called as
VMs are numbered from 1.
This patch adds support to initialize root table pointer for each IOMMU
and enable all IOMMUs from init_iommu. Hence IOMMUs are enabled even
though ACRN does not boot vm0.
Tracked-On: #1246
Signed-off-by: Sainath Grandhi sainath.grandhi@intel.com
In current code of suspend_iommu/resume_iommu, there is potential buffer overflow
according to the code.
This patch put the buffer to struct dmar_drhd_rt, so that no need to access the buffer
via index.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Tracked-On: #1252
Acked-by: Eddie Dong <eddie.dong@intel.com>
The vie->opcode should be updated when decode_two_byte_opcode(),
otherwise for two bytes opcode emulate(movzx/movsx) will fail.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
MISRAC has requirements about literal value requires a U suffix and
signed/unsigned conversion with cast. This patch is used to solve
these violations.
v1->v2
*Drop the cast of sz from uint32_t to int32_t, the signed/unsigned
violation of nchars will be solved by other patch together with
printf/sprintf/console/vuart/uart code.
*Delete the unnecessary L suffix of shifting operand.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Reviewed by: Junjie Mao <junjie.mao@intel.com>
According to SDM 4.6 Access Rights definition, if SMAP/SMEP
is enabled, more conditions are used to decide the access rights
like SMAP/SMEP, EFLAGS.AC, R/W bit in every paging-structure entry
for page walking.
This patch add the check to guest page walking function and inject
page fault accordingly.
Tracked-On: #1207
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The current movs emulation has issues:
1. it use gva to get/put data.
2. it only support src and dst operand are memory which does not
apply to our case (one of them should be mmio and triggers
EPT voilation).
This patch fix the issue by:
1. convert the address from gva to hva before access it.
2. handle mmio emulation.
Also fix the issue introduced by previous instruction reshuffle
patchset:
1. the desc validation should be only applied to none-64bit mode.
2. gva2gpa should be given correct guest virtual address.
Specailly for movs, we cache the dst gpa if the check during
movs decoding success. And use it directly during movs
emulation.
Tracked-On: #1207
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Tested-by: Qi Yadong <yadog.qi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- replace the usage of mdelay with udelay
- remove lib/mdelay.c
- rename udelay.c to misc.c
future other small APIs could put in misc.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vlapic' in 'struct vcpu_arch' from pointer
to instance
-- add inline function(vcpu_vlapic) in vcpu.h
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
move structure vlapic_pir_desc/vlapic_timer/
acrn_vlapic from vlapic_priv.h to vlapic.h
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace pointer with static memory for apicv_apic_access_addr
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace pointer with static memory for msr_bitmap
inside structure vm_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Replace vmcs pointer with static memory for vmcs region
inside structure vcpu_arch.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In function start_cpus, we allocated memory under 1M when
preparing AP trampoline code.
With S3 feature enabled, start_cpus is called every time after
ACRN resume from S3 which leaks the allocated memory for AP
trampoline code.
To avoid memory leak, move the AP trampoline preparing function
out of start_cpus to make sure the memory for AP trampoline is
only allocated one time when system boot.
Tracked-On: #1156
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Zide Chen <zide.chen@intel.com>
- convert function like macros to inline functions based on MISRA-C
requirement
- remove some unused and duplicated macros
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
as SOS mapped all memory at the beginning, so trap vlapic need unmap its
memory; for UOS, there is no need as UOS never mapped it.
Tracked-On: #1124
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
error message for "read" or "write" was incorrect.
for developers, we just need print out direction & type value.
Tracked-On: #875
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
for each pass-thru device and its entry owned by one VM, so
change the pass-thru device's softirq lock & entry list into
per VM, so one VM's PT device interrupt process will not
interfere with other VMs; especially in case one user OS
"interrupt storm" happens, it will have little effect on
service OS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The arch_vcpu->irq_window_enabled is almost useless in original code.
This patch use it to avoid unnecessary "interrupt-window exiting"
conditions check if "interrupt-window exiting" is aleady enabled.
Tracked-On: #1190
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The external interrupt events only can be inject if RFLAGS.IF = 1 and no
blocking by both STI and MOV SS. If met this scenario, we need to enable
"interrupt-window exiting" for injection in next VMEXIT.
Tracked-On: #1189
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
If the "virtual-interrupt delivery" is enabled for vmx apicv, then need
avoid to enable interrupt-window exiting. From SDM Vol3, 29.2.1, the
evaluation of pending virtual interrupts only be trigger if
"interrupt-window exiting" is 0.
The original code will enable interrupt-window vmexit if any pending
vlapic interrupts even the "virtual-interrupt delivery" is enabled. It
will cause the pending interrupts can't be evaluate immediately until
guest triggered interrupt-window vmexit.
For "virtual-interrupt delivery" enabled case, just need sync the
pending interrupts to irr and update rvi if needed. And CPU will
evaluate and automatic injecct virtual interrupt at appropriate time. It
doesn't rely on interrupt-window vmexit.
For "virtual-interrupt delivery" disabled case, need to check if satisfy
the virtual interrupt injection conditions before doing the interrupt
injection. If not, then need to enable interrupt-window vmexit and
re-check the conditions in the next time vmexit.
Tracked-On: #1187
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
-- Change vmx_off/exec_vmxon/exec_vmclear/exec_vmptrld/
exec_vmxon_instr/init_vmcs to void type
-- for vmxon/vmclear/vmptrld, add pre-conditions to
guarantee sucessful execution.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Check if the VMX capability is locked with incorrect value,
at the time when HV do the hardware capability detect.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove vmxon_region_pa from structure per_cpu_region,
and define vmxon_region inside per_cpu_region.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add the brackets for Macro parameter to avoid the unintentional
mistakes.
A simple example that may cause mistakes:
#define minus(x) -x
When the following call is made,
z = minus(a-b)
it becomes:
z = -a-b;
where "-a - b" is equivalent to "(-a) - b" rather than "- (a - b)", as
expected.
v2 -> v3:
* convert DMAR_WAIT_COMPLETION to inline function
* remove the macro PIC_PIN_FOREACH and implement the well-formed
for loop in each case
* replace __CPP_STRING with STRINGIFY and remove the unused CPP_STRING
v1 -> v2:
* Remove some changes to function like macro since MISRA-C requires to
use inline functions if it is possible.
These MACRO brackets violations will be fixed together when fixing
other issues related to function like macro.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
If hardware_detect_support() failed,as it return to
bsp_boot_init with a different stack and thus returning
from bsp_boot_init becomes an undefined behavior.
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that each function defined and declared shall be called
or referenced in code analyzed.
In some cases, we would like to keep the non-called functions for code
completeness, such as
vcpu_inject_extint/vcpu_inject_nmi/vcpu_inject_gp/vcpu_inject_pf
/vcpu_inject_ud/vcpu_inject_ac/vcpu_inject_ss.
This pacth removes some functions that are independent and are not
called in our code base.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires that each parameter in the MACRO shall be in brackets.
In some cases, adding brackets for all of the parameters may not be a
perfect solution.
For example, it may affect the code readability when there are many
parameters used in the MACRO.
And duplicated brackets will appear when one MACRO called another MACRO
which is using same parameters.
This patch convert some MACROs to inline functions to avoid such cases.
v1 -> v2:
* Remove the unnecessary changes in hypervisor/bsp/uefi/efi/boot.h
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
MISRA-C requires that the controlling expression of an if statement or
an iteration-statement shall be Boolean type.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
We have two same log message in decode_instruction. It's a little bit confusing.
So, this patch refine the log message to make it more explicit.
BTW, we refine one message in create_vcpu.
Tracked-On: #1136
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch fixes the following issues:
- No newline after semi colon.
- No space after semi colon in for expression.
- No space between if, while, for and expresn.
v1 -> v2:
* Fix the typo for the for loop change.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
We don't need find_next_table to walk to the next EPT page table.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Add 1GB large page support limit on our platform.
Tracked-On: #1124
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
VMs in partition mode uses a kernel patch to switch to physical mode xAPIC.
The kernel patch together with this patch makes sure device MSIs use
physical mode as DM and physical APIC IDs in Destination field.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
To be sure hypervisor and DM are position independent
and executable.
Tracked-On: #1122
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
Acked-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
This patch fixes the following issues:
- Assignment operation in expression.
- For loop incrementation is not simple.
- No brackets to loop body.
- Use of comma operator.
v1 -> v2:
* Replace &x->y with &(x->y) based on our new coding rule
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Since vmexit handling in ACRN partition mode is not complex (since no SOS and
all devices passthru), interrupts can stay disabled in root mode during
vmexit handling.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
There is no requirement to hpa2gpa for trusty memory,
now we use the same inverted eptp for normal world and secure world,
that is it can get some trusty memory information by the inverted
page tables in normal world,then this patch removed the inverted
page tables for trusty memory.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Change guest_msrs in vcpu data structure from pointer to array, which
could avoid the dynamic memory allocation.
v1 -> v2:
* Remove the unnecessary initialization for guest_msrs[] since vcpu is
allocated by calloc.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We should specify gpa for uos or sos when restore memory, otherwise
it would cause resume failure issue.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
-- rename struct vioapic --> struct acrn_vioapic
-- update 'vioapic' field in 'struct arch_vm' from pointer
to instance
-- change vm_ioapic(vm) to inline, and move it to vm.h
-- change vioapic_init to void type
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vuart' field in 'struct vm' from pointer
to instance
-- replace MACRO with inline function for vm_vuart,
and move it to vm.h
-- change vuart_init to void type
-- rename struct vuart -->struct acrn_vuart
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- update 'vpic' field in 'struct vm' from pointer
to instance, and move it from 'struct vm' to 'struct arch_vm'
-- replace MACRO with inline function for vm_pic, and move it
to vm.h
-- changed vpic_init to void type
-- removed vpic_cleanup
-- move struct acrn_vpic/i8259_reg_state from vpic.c to vpic.h
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the gdt.h, it defines unions and parameters which is not used
in hypervisor. Removed them to keep the gdt definition simple.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- by default, ACRN will not support platform without
below APICv features:
-- Use TPR shadow
-- APIC-register virtualization
- remove mmio emualtion of local APIC for guest
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In current code, the address translation type for passthrough devices
in SOS is passthrough type, which means the device in SOS can access
the whole physcial memory.
This patch uses SOS EPT to translate address for passthrough
devices. So that the memory of VMM or trusty can be protected from
SOS PTDev.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
For the instructions other than MOVS, one operand is register
and another one is memory which trigger EPT voilation. In this
case, there is one possibility that EPT voilation happens before
guest fault:
the fault is triggered by related guest PTE access bit
voilation (like write to a gva with R/W bit cleared in PTE).
So we do this kind of check and inject exception to guest
accordingly during instruction decoding phase.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Unlike the other instructions we emulated, MOVS has two operands
both are memory.
So we need to check whether the operand is valid GVA. With VMX
enabled, the src operand is always checked first by VMX. Which
means if src operand is not valid GVA, it will trigger fault
in guest before trigger EPT. So we don't need to check src
operand. Only need to check dst operand here.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Drop the get_gla function and add
- get_gva_di_si_nocheck
get gva from ES:DI and DS(other segment):SI without
check faulure case
- get_gva_di_si_check
get gva from ES:DI and DS(other segment):SI with failure
case checked
TODO:
- Save dst_gpa and src_gpa for instruction emulation phase
use.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We will do check only during instruction decode phase.
vie_calculate_gla will be called both in instruction emulation
phase, we move the check out of vie_calculate_gla.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
According to SDM vol3 25.1.1
With VMX enabled, following exception will be handled by guest
without trigger VM exit:
- faults based on privilege level
- general protection due to relevent segment being unusable
- general protection due to offset beyond limit of relevent segment
- alignment check exception
ACRN always assume VMX is enabled. So we don't need to these check
in instruction emulation. But we need to do page fault related check.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
If rm show there is no SIB following rm field, we should get
base_register info from rm.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- call these functions directly, no need to register
callbacks.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The virt_vector/phys_vector are only used for debugging.
Rename msix to is_msix.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Then we don't need to check whether phys_pin is valid in others.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Then use the source id to lookup the ptdev remapping entry.
For msi interrupt ptdev: use bdf and vector_index to identify the id;
For intx interrupt ptdev: use pin and pin source to identify the id.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The npk_log is a log destination for the hypervisor, similar to the
console_log and the mem_log. It can be enabled/disabled/configured
by the SOS kernel via the hypercall HC_SETUP_HV_NPK_LOG.
The configuration includes:
1. Set the MMIO base address of the reserved NPK master.
2. Set the log level of the hypervisor NPK log.
After that, the npk_log can be enabled to write the hypervisor logs to
the MMIO address of the reserved NPK master with a simple header.
Signed-off-by: Zhi Jin <zhi.jin@intel.com>
Signed-off-by: Liu, Xiaojing <xiaojing.liu@intel.com>
Reviewed-by: CHEN Gang <gang.c.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The hypercall HC_SETUP_HV_NPK_LOG is added to enable/disable/configure
the hypervisor NPK log.
Signed-off-by: Zhi Jin <zhi.jin@intel.com>
Signed-off-by: Zhonghua Sun <zhonghua.sun@intel.com>
Reviewed-by: CHEN Gang <gang.c.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Since this interrupt pin is passed through to the guest, we could set
it as we like. There's no need a flag to emulate the masked status.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
The apicv is one hardware acceleration feature of vlapic. All vlapic
APIs should keep vlapic_ as the prefix.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
From SDM Vol3 10.4.6:
Some processors permit software to modify the APIC ID. However, the
ability of software to modify the APIC ID is processor model specific.
Because of this, operating system software should avoid writing to the
local APIC ID register.
So to permit change APIC ID is not one *must* feature. Keep it simple,
we are also reject to modify it.
This patch does code cleaning up for LAPIC ID related emulation.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Since these APIs always return 0,
change them to void type,
vcpu_set_cr0()
vmx_write_cr0()
vcpu_set_cr4()
vmx_write_cr4()
kick_notification()
tsc_deadline_handler()
dmar_fault_handler()
ptdev_interrupt_handler()
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
We didn't emualte them well, so just disable them.
Here are PMU CPUID.0A, Intel RDT CPUID.0F and CPUID.10, Intel SGX CPUID.12,
Intel Processor Trace CPUID.14
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
- Clean up some code regarding to % and / operations since bit
operations are faster.
x % 64U ---> x & 0x3fU
x % 32U ---> x & 0x1fU
x % 16U ---> x & 0xfU
x % 8U ---> x & 0x7U
x % 4U ---> x & 0x3U
x % 2U ---> x & 0x1U
x / 64U ---> x >> 6U
x / 32U ---> x >> 5U
x / 16U ---> x >> 4U
x / 8U ---> x >> 3U
x / 4U ---> x >> 2U
x / 2U ---> x >> 1U
- Minor changes regarding to coding styles
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit replaces the "used" field of irq_desc with a bitmap to maintain
the irq use status to save memory and LOC, and improve the efficiency as well.
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- update 'apic_page' field in 'struct acrn_vlapic',
from pointer type to 'struct lapic_regs' type.
- delete 'pir' and update 'pir_desc' to 'vlapic_pir_desc'
type.
- fix potential memory leak in 'vlapic_create()'
should free allocated memory in case of registering
mmio handler failure.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
MISRAC requires that the array size should be declared explicitly.
This patch fixes the issues caused by vm0_boot_context.
Fix pattern is like below:
extern char start_of_ROM, end_of_ROM, start_of_FLASH;
memcpy (& start_of_FLASH, & start_of_ROM, & end_of_ROM - &
start_of_ROM);
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Fix the parameter type mismatch between API declaration and definition.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
-- change send_start_ipi/do_copy_earlylog to void type
-- drop the return value for vcpu_queue_execption
when inject GP/PF/UD/AC/SS
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
-- change two timer callbacks to void type
-- ignore the return value for add_timer
-- add (void) before several functions(memset/memcpy/
vcpu_get_xxx)
v1-->v2:
ignore the return value for add_timer
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
for secure and normal world has different EPTP, in secure world,
it could trap to hypervisor and call gpa2hpa function. So it need
check if it is in normal or secure world for EPTP selection.
Detailed explanation from Yadong Qi <yadong.qi@intel.com>:
Currently, trusty OS does not handle interrupt, so when an interrupt
is delivering in trusty, trusty will set it to LAPIC IRR register by
inject self_ipi() and then call world_switch to switch to Android,
So android will receive/handle the interrupt properly.Since the
vLAPIC is enabled in ACRN, so when trusty try to inject self_ipi(),
APIC-ACCESS vmexit will happen. Then ACRN will do instruction
decode/emulation, so the GPA2HPA will fail since page walk is using
nworld_eptp. It is probability an issue.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit changes the order of functions in arch/x86/irq.c, and internal
function names to make it looks cleaner, with no change within any function.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There are several similar irq handlers with confusing function names and it's
not friendly to call update_irq_handler() to update a proper handler after
request_irq().
With this commit, a single generic irq handler is being used, in which, no lock
need to be acquired because our design could guarantee there is no concurrent
irq handling and irq handler request/free.
A flags field is added to irq_desc struct to select the proper processing flow
for an irq. Irqflags is defined as follows:
IRQF_NONE (0U)
IRQF_LEVEL (1U << 1U) /* 1: level trigger; 0: edge trigger */
IRQF_PT (1U << 2U) /* 1: for passthrough dev */
Because we have only one irq handler, update_irq_handler() should be replace by
set_irq_trigger_mode(), whichs set trigger mode flag of a certian irq.
Accordingly, the code where called update_irq_handler() need to be updated.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit refactors vector allocation/free codes, two functions are
defined to help alloc/free vectors for an irq:
- uint32_t alloc_irq_vector(uint32_t irq)
- alloc a free vector (0x20 ~ 0xDF), and bind it to irq, for legacy irqs
and static mapped irqs, vector has been allocated and bind, so just
check the mapping correctness;
- return: valid vector on success, VECTOR_INVALID on failure.
- void free_irq_vector(uint32_t irq)
- free vector allocated via alloc_irq_vector(), for legacy irqs and static
mapped irqs, nothing need to do.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit refactors the alloc/free irq num, two functions are defined:
- uint32_t alloc_irq_num(uint32_t irq)
- if irq is valid, mark the irq_desc as used; if it's IRQ_INVALID,
alloc a free irq, or else do nothing;
- return: irq num on success, or IRQ_INVALID on failure.
- void free_irq_num(uint32_t irq)
- free the irq num allocated via alloc_irq_num();
And a global spinlock to protect it from concurrent allocation/free.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This commit cleans up fiels of struct irq_desc:
- remove name, irq_desc_state, irq_cnt and irq_lost_cnt which are not used.
- remove irq_ prefix of irq_lock field of struct irq_desc;
- change enum irq_state to enum irq_use_state;
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Li, Fei <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
removed some unnecessary variables and functions.
v1-->v2:
Replace div-by-zero with an inline ASM code
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1)Fix to take into account the size of proc entries in MPtable.
2)Change APIC ids to virtual APIC IDs
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
V1:
In order to better comply with MISRA C,
add const qualifiers whereeven required.
In the patch, these are being added to pointers
which are normally used in "get" functions.
V2: Corrected the issues in the patch
pointed by Junjie in his review comments.
Moved the const qualifiers to the correct
places. Removed some changes which are not
needed.
V3: Updated patch comment.
This modifies a subset of all the functions
which might need constant qualifiers
for the their parameters.
This is not and exhaustive patch. This only
targets obvious places where we can use
the const qualifier. More changes will be
submitted in future patches, if required.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
vlapic_vmx_vapic_set_tmr is nobody use now, remove it first to avoid
build warning.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
ACRN currently do not support SMM and SMI. Print one explicit warning
for it.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
From SDM Vol3 Table 10-1 Local APIC Register Address Map. The 0x3F0 is
reserved.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Currently, ACRN hasn't expose x2apic capability through cpuid.
And x2apic related code in vlapic.c has no real functionality. This
patch clear related code.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In interrupt-window exiting handler, disable it directly even there has
pending interrupts. The later acrn_handle_pending_request will
re-evaluation and re-enable it if needed.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch adds code to support read-only RTC support for guests
run by partition mode ACRN. It supports RW for CMOS address port 0x70
and RO for CMOS data port 0x71. Reads to CMOS RAM offsets are fetched
by reading CMOS h/w directly and writes to CMOS offsets are discarded.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
-- Change these APIs to void type, add pre-conditions,
and move parameter-check to upper-layer functions.
handle_vpic_irqline
vpic_set_irqstate
vpic_assert_irq
vpic_deassert_irq
vpic_pulse_irq
vpic_get_irq_trigger
handle_vioapic_irqline
vioapic_assert_irq
vioapic_deassert_irq
vioapic_pulse_irq
-- Remove dead code
vpic_set_irq_trigger
v1-->v2:
add cleanup vpic
change some APIs to void type, add pre-conditions,
and move the parameter-check to upper-layer functions.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
after updated cpu context get/set method, the vcpu_dumreg cmd is not
correct anymore as the registers may read from VMCS but meantime hv
shell may not be running on target vcpu.
this patch take use of smp_call_function for vcpu dumpreg and make the
dump always come from correct vcpu.
v2:
- use str pointer to get vcpu_dumpreg context instead of print out directly
in notify handler.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
take use of VCPU_NOTIFY vector, add smp_call_function support.
added a per_cpu field smp_call_info, and make each smp_call_function
is not re-entered, and the caller CPU is returned when all the target
CPUs complete the call.
v4:
- remove global lock
- take use of wait_sync_change function to do the sequence sync
v3:
- remove per_cpu lock in smp_call_info
- use a global lock to ensure smp_call_function sequence
- use pcpu_sync_sleep to wait IPI complete
v2:
- after new smp function come, if old one exist, changed from overwirte
with the new one to ignore the new one.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
pcpu_sync_sleep monitor "uint64_t sync" change to "1UL << mask_bit",
which is not very clear to take use of it.
change it to wait_sync_change, means monitor "uint64_t sync" change to
"wake_sync", make the function clear to use.
And expose it for the usage of the following patches.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Now the DM has adopted the new VHM request state transitions and
REQ_STATE_FAILED is obsolete since neither VHM nor kernel mediators will set the
state to FAILED.
This patch drops the definition to REQ_STATE_FAILED in the hypervisor, makes
''processed'' unsigned to make the compiler happy about typing and simplifies
error handling in the following ways.
* (dm_)emulate_(pio|mmio)_post no longer returns an error code, by introducing a
constraint that these functions must be called after an I/O request
completes (which is the case in the current design) and assuming
handlers/VHM/DM will always give a value for reads (typically all 1's if the
requested address is invalid).
* emulate_io() now returns a positive value IOREQ_PENDING to indicate that the
request is sent to VHM. This mitigates a potential race between
dm_emulate_pio() and pio_instr_vmexit_handler() which can cause
emulate_pio_post() being called twice for the same request.
* Remove the ''processed'' member in io_request. Previously this mirrors the
state of the VHM request which terminates at either COMPLETE or FAILED. After
the FAILED state is removed, the terminal state will always be constantly
COMPLETE. Thus the mirrored ''processed'' member is no longer useful.
Note that emulate_instruction() will always succeed after a reshuffle, and this
patch takes that assumption in advance. This does not hurt as that returned
value is not currently handled.
This patch makes it explicit that I/O emulation is not expected to fail. One
issue remains, though, which occurs when a non-aligned cross-boundary access
happens. Currently the hypervisor, VHM and DM adopts different policy:
* Hypervisor: inject #GP if it detects that the access crossed boundary
* VHM: deliver to DM if the access does not complete falls in the range of a
client
* DM: a handler covering part of the to-be-accessed region is picked and
assertion failure can be triggered.
A high-level design covering all these components (in addition to instruction
emulation) is needed for this. Thus this patch does not yet cover the issue.
Tracked-On: #875
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISARC has requirements about Marco redefinition, usage of ++ or -- and
assignment operator in boolean expression. This patch is used to solve
these violations.
The modifications are summarized as following:
1.The HC_VM_SET_MEMORY_REGION, HC_VM_GPA2HPA, HC_VM_SET_MEMORY_REGIONS are
redefined twice in acrn_hv_des.h, so delete them to solve the macro
redefinition violations.
2.The macro BUS_LOCK are redefined in bits.h and atomic.h, then delete
the declaration in both two files, add a new declaration in cpu.h and
include the header file.
3.modify the code to solve the improper usage of -- operators in string.c.
4.modify the while loop to for loop to avoid assignment operator in
boolean expression in vlapic.c.
v1 -> v2:
*Modify the format of commit logs and signed-off name.
*Modify the code format from 'd = d-1;' to 'd--;' to be better.
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Thare some debug specific code which don't run on release version, such as vmexit_time,
vmexit_cnt, sbuf related codes, etc...
This patch encloses the codes with #ifdef HV_DEBUG.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit cleans up the irq APIs which are a bit confusing.
- pri_register_handler(), normal_register_handler() and
common_register_handler() into request_irq(), and removed
the unnecessary struct irq_request_info;
- rename the unregister_common_handler() to free_irq();
After the revision, the common irq APIs becomes:
- int32_t request_irq(uint32_t irq,
irq_action_t action_fn,
void *action_data,
const char *name)
- void free_irq(uint32_t irq)
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Since vector is x86 specific concept, we'd like to hide it from common irq APIs.
This commit
- adds static irq:vector mappings for special interrupt such as timer
and cpu notification;
- reserves the irq and vector at initialization;
- removed the vector argument in pri_register_handler(), get reserved vector
from irq_desc in common_register_handler().
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Since we don't support shared irq, dev_handler_node which works as action node,
is not needed anymore.
This commit removes the dev_handler_node struct and does some relevant changes,
including:
- moves necessary fields to struct irq_desc: action, priv_data, name; and
removes unused handler_data;
- changes return type of pri_/normal_register_handler() from dev_handler_node*
to int32_t, which is irq num (>= 0) on success, and errno (> 0) on failure.
- changes unregister_irq_handler() to take argument unint32_t instead of
dev_handler_node*;
- changes are made to the places where these APIs are called.
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Because multiple physical devices sharing a single physical pin would be
assigned to a same VM, so UOS could handle the irq sharing. So that we could
remove the physical irq sharing support in HV.
This commit removes the irq sharing support, changes including:
- removed the dev_list field in irq_desc, and clean up codes for the list
operation;
- replace IRQ_ASSIGNED_SHARED and IRQ_ASSIGNED_NOSHARE with IRQ_ASSIGNED;
- remove argument indicating irq is shared;
- revise irq request flow for pt devices to remove dependency on irq sharing:
register irq on adding remapping entery and unregister irq on removal an
entry, and do not register/unregister at remapping an entry.
Signed-off-by: Yan, Like <like.yan@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires that shift operation cannot exceed the word length.
What this patch does:
- Add the pre condition for 'init_lapic' regarding to 'pcpu_id'
Currently, max 8 physical cpus are supported.
Re-design will be required if we would like to support more physical
cpus.
So, add the pre condition here to avoid the unintentional shift
operation mistakes.
- Replace the id type with uint8_t in 'vlapic_build_id'
- For VM0, it uses 'lapic_id' as its id, which is uint8_t.
- For non VM0, it uses 'vcpu_id' as its id, which is uint16_t.
Cast this id to uint8_t to make sure there is no loss of data after
left shifting 24U.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add two files to do compile time assert.
One is arch specific, and put in hypervisor/arch/x86/.
The other one is common, and put in hypervisor/common/.
If the statement is not true, there will be error during compile time.
The file will not increase the size of HV binary.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Move the definitions of offset of fields in boot_ctx to the same header
file that the struct boot_ctx is in, to reduce the possibility that some
modification would make the offset inconsistant with the fields within
the structure.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Sometimes the CPUID(0x15) still returns the zero tsc frequency. In such case
the base frequency of cpuid(0x16) is used as tsc frequency.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The CPUID with 0x16 leaf can report the CPU hz and it is faster. And this
mechanism is widely used in Linux kernel.(native_calibrate_cpu).
As this is not supported on APL, currently sos adds the cpu_khz callback
in pv_cpu_ops to read the cpu frequency. This is quite hack.
(In fact HV leverages the cpuid with 0x40000010 leaf).
If it is emulated, the sos and guest os can use the cpuid to obtain the
corresponding cpu_khz. Then the cpu_khz in pv_cpu_ops can be removed.
V2: Simple the logic of adding unsupported cpuid level entry after the
CPUID 0x16 is emulated. Initialize the vcpuid_entry explicitly with zero
for the unsupported cpuid.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In order to add the emulation of CPUID 0x16, it is expected that it is
handled when the CPUID 0x15 is supported. Otherwise we will have to emulate
other CPUID leaf, which makes it complex.
At the same time as Acrn HV has the requirements on the CPUs, it is restricted
that the CPUID should support the leaf >=0x15.
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- clear run context when reset vcpu;
- destroy trusty without erase trusty memory when reset vm;
changelog:
v1 -> v2: fix misra violation on calling memset();
Signed-off-by: Sun Victor <victor.sun@intel.com>
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Chi Mingqiang <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- 'reboot.c' defines 'warm_reboot()' only, and this
function is deprecated.
- remove the eXecution attribute of 'mttr.h'
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The bracket is required when the level of precedence of
the operators is less than 13. Add the bracket to logical
conjunctions. The commit applys the rule to the files under
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The bracket is required when the level of precedence of
the operators is less than 13. Add the bracket to logical
conjunctions. The commit applys the rule to the files under
hypervisor/arch/x86/guest/*
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
to avoid send IPI to self, also improve the related code:
1. get_cpu_id is uint16_t now
2. MISRA-C requirement. like add {}
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Current EPT check runs after EPT enabling in init_exec_ctrl. This
patch fixes wrong order.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN in partition mode emulates UART for the VMs directly launced
from HV. This patch adds an option to enable/disable vUART for a
VM.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
For Partition mode ACRN, kernel load address and Boot args load address
are hardcoded. Boot args are currently passed from vm description for
each VM. Renamed init_vm0_boot_info to init_vm_boot_info.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Use func(void) rather than func() for the function declaration and
definition based on MISRAC requirement.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
MISRAC requires that a switch statement shall contain a default clause.
This patch add the default clause and some comments for the ones
violated the rule.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There is no SOS and device model in strict partition mode. ACRN emulates IO for
virtual devices. Any access to IO not backed by HV should return all FFs on read
and writes should be discarded.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
ACRN boots multiple OS in partitioning mode. This patch adds code to assign
vm_id in the vm data structure to be same as the one assigned at compile time.
This makes the vm id deterministic for each VM booted from HV directly.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
ACRN in partition mode does not have vector and APIC ID remapping for
device interrupts. Only MSIs are supported. No IOAPIC and legacy interrupts
for the VMs in ACRN partition mode.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
This patch is an extension to the commit 6643adff8b.
It uses the mptable API to build mptable for each VM booted by ACRN in partition mode.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Adding code to map memory for UOS in partitioning mode ACRN.
HPA starting above 4GB is used for UOS memory. Supports only contiguous memory
from host for UOS. Current implementation supports only 2 GB for UOS memory.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
It's not necessary to specify priority for dynamic allocated vector, because
nested irq is not supported on HV, and irq of any priority would cause VM exit.
This commit makes the following changes:
- remove the argument indicating priority in struct irq_request_info and
following functions:
ptdev_activate_entry()
find_available_vector()
irq_desc_alloc_vector()
normal_register_handler()
- change the macro of vector ranges:
VECTOR_DYNAMIC_START/END for dynamically allocable vectors;
VECTOR_FIXED_START/END for fixed allocated vectors, such as vector for
timer etc.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
-- add clear trusty memory flag
In some cases such as UOS power off or UOS full reset,
need to clear trusty memory,no need to clear memory such as
UOS S3 or UOS system reset,then add a flag to distinguish it
when destroy secure world.
-- Restore trusty memory to guest normal world.
-- Moved free trusty EPT inside destroy_secure_world
In some cases such as UOS S3 or UOS system reset,
only need to free trusty EPT, this patch move free
trusty EPT inside destroy_secure_world.
Because PD/PT are shared in both secure world's EPT
and normal world's EPT,before freeing trusty EPT,
it will memset all PDPTEs except trusty memory,
then call 'free_ept_mem', it can only free trusty EPT,
and does't affect shared normal world EPT.
v2-->v3:
-- Used new mmu api ept_mr_add when restore trusty memory
to SOS and normal world
-- Dropped this patch "Removed reverted page tables for trusty memory"
because map_mem will be removed in future
It will have a patch, need to update this api(ept_mr_add),
it will not create inverted page tables for trusty memory.
v1-->v2:
-- free trusty ept
still use free_ept_mem, not add a new api,but need to
memset pdptes except trusty memory
-- Removed reverted page tables for trusty memory.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRAC does not allow the use of an inline function with external
linkage.
What this patch does:
- Add the static keyword for the function that is only used in the
definition file.
- Remove the inline keyword for the function that is used in multiple
files.
v1 -> v2:
* Move some functions to headers as static inline function if it is
possible
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Declare a variable with the static qualifier if it is of file scope and
not used in another file.
v1 -> v2:
* remove the unnecessary change to the following variables, which is
due to the report issue
struct multiboot_info *mbi = (struct multiboot_info *)
(HPA2HVA((uint64_t)boot_regs[1]));
struct multiboot_mmap *mmap =
(struct multiboot_mmap *)
HPA2HVA((uint64_t)mbi->mi_mmap_addr);
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
V4:
- Clear address cache info after a full cf8/cfc access
- Add NULL pointer checking when calling init/deinit ops
V3:
- Do not use ASSERT
- Loop through the vdev list defined in vm_desctiption table to call the vdev init/unit functions
- Make the cached vbdf info struct per vm instead of per pcpu
V2:
- Fixed MISRA violations
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Signed-off-by: dongshen <dongsheng.x.zhang@intel.com>
If SOS start from 64bit mode, it will use the page table
created by bootloader or BIOS. HV doesn't need to create
page table for it.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In current code, VM0 BSP start mode is hardcoded, in this patch VM0 BSP
start mode is decided by the boot context prepared by bootloader/BIOS.
In current code, VM0 BSP VMCS is override only on UEFI platform.
In this patch, VM0 BSP VMCS is override on both SBL & UEFI platforms.
Also restructure the code of guest init code.
In this patch, a vcpu run_context is initilaized first according to vcpu mode.
Then write the value to vmcs according to run_context value.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
save_segment/load_segment is common code and can be used outside of trusty,
move to a header file.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The structures defined in acrn_efi.h is x86 related, move it
to acrh/x86/guest/.
Also, the headfile will be used on both SBL & UEFI platforms,
rename it to vm0_boot.h
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add code to save boot context, which is prepare by the bootloader or
BIOS, the context can be used to init sos vmcs, such as GDT, IDT,
segment selectors, control registers, ia32_efer. In this way, HV can
leverage the data structures built by bootloader or BIOS, without
creating them in HV.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
New field in VM's structure:
sworld_snapshot: save cpu_context of secure world.
New hypercall: HC_SAVE_RESTORE_SWORLD_CTX
In UOS S3 suspend path: trusty kernel driver will call this hypercall
to require Hypervisor save context of secure world.
In UOS S3 resume path: virtual firmware will call this hypercall to
require Hypervisor restore context of secure world.
New bit in secure_world_control.flag:
ctx_saved: indicate whether cpu_context of secure world is saved.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Define Bitmap flag to indicate secure world's state:
supported: 0(not supported), 1(supported)
active: 0(inactive), 1(active)
Refine secure_world_memory:
base_gpa_in_sos: base_gpa from SOS's view
base_gpa_in_uos: base_gpa from UOS's view, this is the original base_gpa
allocated by bootloader.
Recording above GPA is for usage of trusty EPT destroy and re-create.
There is an assumption: the secure world's memory address is contiguous
in both SOS and physical side.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN in partitioning mode boots multiple OS. Adding code to parse
VM description structure and a reference description structure for
booting 2 OSes.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
It's not reasonable to use push/pop against mmio. So we remove
the push/pop emulation.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We inject invalid opcode if instruction decode fails.
We don't support many instruction. If new type guest hit
the invalid opcode and it's necessary to emulate that
instruction, we could add new instruction then.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
TO inject the
- Invalid Opcode exception
- Stack Fault exception
- Alignment Check exception
to guest.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The DPL from SS access right field is always correct according
to SDM. We use it instead of using CS selector.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
When doing copy_to/from_gva, it's possible the guest no page
happens on none-first page. In this case, we need get correct
fault address from gva2gpa.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
This patch add some comments after the default and before the break
in the switch statement based on MISRA-C requirement.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Added prepare_vm function as a wrapper function on top of prepare_vm0.
This makes adding support for partition mode ACRN to boot multiple
VMs from HV cleaner.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
add wrap function cpu_do_idle in default_idle to handle arch cpu specific
idle operation.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
vm_update_register calls vm_get/set_register to update register and vm_update_rflags
calls vm_update_register to update RFLAGS.
We have make vm_get/set_register as non-failed function in previous patch.
So, this patch make the vm_update_register/rflags as void.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
vie_read/write_bytereg call vm_get/set_register to get/set byteregs.
We have make vm_get/set_register as non-failed function in previous patch.
So, this patch make the vie_read/write_bytereg as non-failed function too.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, vm_set/get_register return -EINVAL when "vcpu == NULL" or reg is invalid.
But, we don't check the return value actually and there is no chance we get an
null-vcpu and invalid reg in current implementation.
This patch add pre-assumptions about valid parameters before the function and make
them as non-failed functions.
- static uint64_t vm_get_register(struct vcpu *vcpu, enum cpu_reg_name reg)
- static void vm_set_register(struct vcpu *vcpu, enum cpu_reg_name reg, uint64_t val)
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, vm_get_seg_desc return -EINVAL when "vcpu == NULL" or seg is invalid.
But, we don't check the return value actually and there is no chance we get an
null-vcpu and invalid seg in current implementation.
This patch adds pre-assumptions and makes the function as void.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch just removes some dead codes related to Instruction Emulation.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Originally, there is cross-references between instr_emul.h and instr_emul_wrapper.h.
User must include both of them when calling instruction emulation functions. This
will raise up some confusion and inconvenience.
So we rearrange the logic of instruction emulation code as following:
- External API -- defined in instr_emul.h
* decode_instruction(struct vcpu *vcpu)
* emulate_instruction(struct vcpu *vcpu)
- Make all other functions as static in instr_emul.c
- Remove instr_emul_wrapper.c/h
No functional change.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
ASSERT is too strict for HV when error happens during emulating instruction.
This patch remove all ASSERT and return a negative error code when failing to
emulate instruction.
Originally, getcc will return -EINVAL when opsize are not one of (1, 2, 4, 8).
But theoretically, opsize in current implementation can only be one of (1, 2, 4, 8).
So, we will always get valid "cc".
This patch add a pre-assumption and make sure that getcc always return valid value.
For the current code, #GP will be injected to guest if something goes wrong with
instruction emulation.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
There are so many __unused prefix spaning the emulate_xxx functions. This patch
unify the parameters of emulate_xxx to avoid it.
- All emulate_xxx functions are defined as emulate_xxx(struct vcpu *vcpu, instr_emul_vie *vie)
or emulate_xxx(struct vcpu *vcpu, instr_emul_vie *vie, struct vm_guest_paging *paging).
- Move mmio_read/write to instr_emul.c and call them directly.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
The formal solution has merged,revert this patch.
This reverts commit a9d04cc5ce.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
move most of fields from run_context into ext_context for world switch.
these fields do not need doing runtime save/restore during vm exit/entry.
v3:
- update cr0/cr4 registers switch method
v2:
- use struct name ext_context instead of saved_context
- updated according to previous v2 patch
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there will be 3 types of vcpu runtime contexts:
- runtime contexts always saved/restored during VM exit/entry, which
include general registers rax/rcx/rdx/rbx/rbp/rsi/rdi/r8~r15, cr2 and
msr for spectre control (ia32_spec_ctrl)
- runtime contexts on-demand cached/updated during VM exit/entry, which
include frequently used registers rsp, rip, efer, rflags, cr0 and cr4
- runtime contexts always read/write from/to VMCS, which include left
registers not in above
this patch add get/set register APIs for vcpu runtime contexts, and unified
the save/restore method for them according to above description.
v3:
- update vcpu_get/set_cr0/4 as unified interface to get/set guest cr0/cr4,
use on-demand cache for reading, but always write to VMCS for writing.
v2:
- use reg_cached/reg_updated for on-demand runtime contexts
- always read/write cr3 from/to VMCS
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are potential value outside range of underlying type
in some assignment expressions. This violates Rule 10.3 or
Rule 10.4 of MISRA C:2012.
BTW, all operations shall be conducted in exactly the same
arithmetic (underlying) type, otherwise, there is a
value outside range violation.
Update related assignment expressions.
V1-->V2:
* Fix potential overflow in "pit_calibrate_tsc";
* Move PTDEV_INVALID_PIN definition before
get_entry_info since this MACRO is only used by
debug function.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Since global vector table is being used on all pcpus, it's not necessary to request timer irq
at each cpu init. With this change, per_cpu timer nodes are removed, and only BSP registers
and unregisters timer irq.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the parameter name mismatch between API declaration and definition.
v2 -> v3:
* Fix two more violations which are missed in previous report.
shell_puts and console_write
v1 -> v2:
* Replace 'ret_desc' with 'desc'
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Two improvements:
Firstly, disable EOI VMEXIT for all vectors by default. Only the level
sensitive irq need to set it due to need emulate send EOI to vioapic to
clear Remote IRR bit.
Secondly, to clear RVI(Requesting virtual interrupt) and SVI(Servicing
virtual interrupt) bits.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In some special scenarios, the LAPIC somehow hasn't send EOI to IOAPIC
which cause the Remote IRR bit can't be clear. To clear it, some OSes
will use EOI Register to clear it for 0x20 version IOAPIC, otherwise
use switch Trigger Mode to Edge Sensitive to clear it.
This patch emulate this IOAPIC behavior to satisfy this requirement.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The IOAPIC specification defined EOI register for 0x20 version. The
original vioapic code implemented this register but the version was
still export as 0x11.
Tried to set 0x20, the Linux kernel has't access this EOI register,
still rely on lapic to send eoi.
From Linux ioapic driver comments, it says that only send EOI via EOI
register when met IOAPIC hardware bug.
This patch removes all 0x20 IOAPIC code to reduce the code size.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
To make vioapic simpler, avoid lots of code to convert variable type
between uint8_t and uint32_t.
This patch changes all variable type of pin related variables to
uint32_t instead of original uint_8.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
During ioapic reset, some registers need to be set to the default value
which defined in ioapic spec.
So far, the vioapic function only be called by ioapic itself in
ioapic_init. And just invoked after calloc the vioapic object, so all
the content are already set to zero. But this vioapic_reset function be
exported as one API which maybe invoked by other scenarios in future.
So this patch resolves this potential issue.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The APIC ID field should be bit 24:27 in IOAPIC Identification register.
The bits 28:31 are reserved bits which need to be avoid touched.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For level sensitive trigger mode, the vioapic should not deliver extra
interrupt to vlapic if the previous one hasn't received EOI.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Merge multiple if to switch-case. And set 0xFFFFFFFFU as the default
value of undefined address.
And the IOREGSEL register only bits 7:0 are defined, so mask the other
bits for read operation.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1, Remove vioapic_mmio_read/vioapic_mmio_write, and combine them to
vioapic_mmio_rw.
2, The vioapic_read/write are used for emulate the ioapic indirect
access logic. So change their name with vioapic_indirect as the prefix.
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Remove structure vm_attr
Wrap two APIs alloc_vm_id and free_vm_id
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
'hv_main()' wraps several logic which has no dependencies
each other(enable VMX, prepare to create service os VM..),
in this case, split this function to make code logic clear.
remove 'is_vm0_bsp()' & 'hv_main()'
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
one/two_byte_opcodes is indexed by op_byte. So vie_op->op_byte is unnecessary.
This patch remove it and add a new variable opcode to instr_emul_vie.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There are size2mask array to convert addsize to corresponding mask and function
vie_size2mask doing the same thing except validation check of addrsize.
Theoretically, addrsize can only be one of (1, 2, 4, 8). So, the check of addrsize
is unnecessary.
This patch remove vie_size2mask and use size2maks directly.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We have vm_set/get_register here. There is no need to wrap the function with
vie_read_register.
This patch remove it.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
In order to comply with MISRA C rules, renamed vairables
and function names starting with "_".
The major changes invloves mostly static function
names, as they are being called inside the same file
by a wrapper function.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
MISRAC requires that the array size should be declared explicitly.
This patch fixes the issues caused by the arrays that are defined in
link_ram.ld.in or assembly file.
v1 -> v2:
* Update the solution based on the info from the following link.
https://sourceware.org/binutils/docs/ld/Source-Code-Reference.html
Fix pattern is like below:
extern char start_of_ROM, end_of_ROM, start_of_FLASH;
memcpy (& start_of_FLASH, & start_of_ROM, & end_of_ROM - &
start_of_ROM);
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Reshuffle VMX init code, and check both allowed 0-settings and
1-settings of related MSR to make the final VMCS control value.
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Change this API to void type
Add pre-condition, state the input parameters are not NULL.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- print error message for command parameter error
when callback/handler is called.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
And export the API to DM. DM will do system reboot/S3 resume based
on this API.
Also add the pre-assumption description for some vm APIs.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. We could explicitly use specific register to avoid one more
register allocated.
2. If we explicitly assign register, it's not neccessary to
add the register in clobber list according to gcc mannual.
3. For vmptrld, we add memory to clobber list also.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the C99 standard, the order of evaluation associated with
multiple #, multiple ## or a mix of # and ## preprocessor
operator is unspecified. For this case, gcc 7.3.0 manual
does not specify related implementation. So it is unsafe
to use multiple # or ## in a macro.
BTW, there are some macros with one or more "##" which are
not used by hypervisor.
Update relate codes to avoid using multiple # or ## in a macro;
Remove unused macros with one or more "##";
Remove "struct __hack;" at the end of GETCC since it is useless.
Note:
'##' operator usage constraints: A ## preprocessing token shall
not occur at the beginning or at the end of a replacement list
for either form of macro definition.
V1--V2:
Update relate codes to avoid using multiple # or ## in a macro.
V2-->V3:
Remove unused macros with one or more "##";
Remove "struct __hack;" at the end of GETCC since it is useless.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Adding Kconfig option to choose and compile partitioning mode for ACRN.
Current implementation does not allow ACRN to support sharing mode
and partitioning mode out of a single binary.
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Fix integer related violations.
V1->V2:
clean all memset/calloc integer violations excpet bsp/boot directory
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Fix the parameter type mismatch between API declaration and definition.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently we don't support resume VM in HC API, the real meaning
of the code is to start VM.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. add register_softirq to register a softirq handler
2. rename exec_softirq to do_softirq; raise_softirq to fire_softirq.
3. in do_softirq call registered softirq handler not call
the device softirq handle function directly
4. enable irq after vm exit and disable irq after the first
call do_softirq before vm enter.
5. call do_softirq again when irq disabled to handle the risk
unhandled softirq.
6. rename SOFTIRQ_DEV_ASSIGN to SOFTIRQ_PTDEV
7. remove SOFTIRQ_ATOMIC
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Softirq is not x86 architectural related.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
According to SDM, inject #GP(0) if guest tries to write reserved
bit of CR8.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now, we let guest own most CR4 bit. Which means guest
handles whether the CR4 writting is invalid or not and
GP injection if it's invalid writing.
Two bits are exception here:
we filter VMX and PCID feature to guest (which means
they are supported on native).
So we can't depends on guest to inject GP for these bits.
Instead, we should explicitly trap these CR4 bits update
and inject GP to guest from HV.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
According to SDM:
writing a nonzero value to 63:32 bits of CR0 and CR4 results #GP(0).
writing a nonzero value to reserved bit of CR4 results #GP(0).
We merge the check with always off mask of CR0 and CR4.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Move the check to delicated function and do the check as early
as possible.
Add more check and inject GP to guest if check fails according to
SDM.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
For data structure types "enum vpic_wire_mode, struct stack_canary",
its name is identical with variable name in the same scope.
This MISRA C violation is detected by static analysis tool.
For variables "segment_override, pde_index", its name is identical
with function name. This MISRA C violation is detected.
Naming convention rule:Variable name can be shortened from
its data structure type name.
The following udpates are made:
enum vpic_wire_mode vpic_wire_mode-->enum vpic_wire_mode wire_mode
struct stack_canary stack_canary-->struct stack_canary stk_canary
uint8_t segment_override:1 --> uint8_t seg_override:1
uint32_t pde_index--> uint32_t pde_idx
V1-->V2:
Remove update "enum cpu_state cpu_state-->enum cpu_state state"
and "enum irqstate irqstate-->enum irq_ops_mode ops_mode", other
patch will cover it.
V2-->V3:
Update "uint32_t pde_index--> uint32_t pde_idx".
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
For some function pointer type, its name is identical with
variable name in the same scope. This MISRA C violation is
detected.
Naming convention rule:If the type is function
pointer, its name needs suffix "_fn".
The following udpates are made:
*apicv_set_intr_ready-->*apicv_set_intr_ready_fn
*apicv_pending_intr-->*apicv_pending_intr_fn
*apicv_set_tmr-->*apicv_set_tmr_fn
*apicv_batch_set_tmr-->*apicv_batch_set_tmr_fn
*apicv_intr_accepted-->*apicv_intr_accepted_fn
*apicv_post_intr-->*apicv_post_intr_fn
*enable_x2apic_mode-->*enable_x2apic_mode_fn
V1-->V2:
Update function pointer when it is used as calling
since no need to dereference a function pointer
before calling.
Signed-off-by: Xiangyang Wu <xiangyang.wu@linux.intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
