There is chance to destroy vm whose ept table was not created, for
example, dm fails to setup mem for vm. In this case, it's better
to check the value of eptp before calling free_ept_mem() rather than
relying on assertion in the function.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA C requires that a 'if' statement followed by one or more 'else if'
statement shall be terminated by an 'else' statement which contains either
side-effect or a comment, to ensure that conditions are considered
exhaustively.
Note that a simple 'if' statement is not required to be terminated by 'else'.
This patch fixes such violations by either refactoring the code or add the
'else' statement with either a comment (describing why this case can be skipped)
or logging the event. It may not be satisfactory for the release version where
logging is no-op, but properly handling these non-trivial cases is out of the
scope of this patch.
v1 -> v2:
* Fix unintended semantic changes in add_(msix|intx)_remapping and
io_instr_vmexit_handler.
* Simplify boolean checks in vpic_ocw2.
* Rephrase the comment in strtol_deci.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the current hypervisor, there are many members of CPU_reg_name
used to check range and useless register names.
Define some CPU_REG_XX_FIRST and CPU_REG_XX_LAST MACROs to
make range checking clear;
Remove useless register names CPU_REG_XX_LAST in CPU_reg_name;
Update the related caller.
V1-->V2:
Update a mistake, replace second CPU_REG_SEG_FIRST
with CPU_REG_SEG_LAST in ASSERT.
V2-->V3:
Add '()' for bool expression in ASSERT.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- explicitly declare the array size of 'size2mask[]'
otherwise, the static checking tool treats the array size to be 4, so
that it complains when accessing index '4' or '8'
- unify the comments style and make sure the line length less than 80
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
There are some integer type conversions in the VMX, timer
and MTTR module detected by static analysis tool.
Update related integer type in VMX, timer and MTTR
module.
Add related constant value with 'U/UL' suffix.
V1-->V2:
Resolve few rebase conflicts.
V2-->V3:
Add 'h' for uint16_t argument in log function;
Update the type of temp variable 'type' as uint8_t
in MTTR module to reduce type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Current code has a mistake associating destination with
redirectionhint. So just use the destination mode to work out
destination mode.
When injecting the msi interrupt to vcpu in hypervisor layer,
current code ingnores the redirection hint(RH) bit of msi address
message from guest, and just use the destination mode and
destination ID. So correctly before injecting, check the RH bit,
if set, choose the vcpu that has lowest priority to inject msi.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Zhao, Yakui <yakui.zhao@intel.com>
Reviewed-by: Yin, Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
NR_MAX_IRQS is defined as 272 and IRQ_INVALID as 273 which implies
that 272 is a valid irq number. In this case, an illegal access can
occur at run time when irq_desc_array[] or irq_count[] is accessed
with index 272. This fix stops the illegal access by renaming
NR_MAX_IRQS to NR_IRQS and then places proper conditions for range
checks. If the index is >= NR_IRQS, then index is invalid otherwise
its considered valid for accessing irq arrays. IRQ_INVALID definition
is also changed to 0xffffffffU to indicate maximum unsigned value.
Signed-off-by: Madeeha Javed <madeeha_javed@mentor.com>
ASSERT/panic are called when we get invalid values. It is a little bit strict.
This patch replaces ASSERT/panic with pr_err and return -EINVAL.
v1 -> v2:
- v1 patch name (HV: instr_emul: Remove unnecessary check in decode_xxx)
- keep the check and replace ASSERT/panic with pr_err.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, there are exec_vmread/exec_vmwrite
used for accessing 32-bit fields, 64-bit field and
natural-width fields. This usage will confue developer.
So there are many type casting for the return value and
parameters vmread/vmwrite operations.
Since exec_vmread/exec_vmwrite and exec_vmread64/exec_vmwrite64
are the same, update current exec_vmread/exec_vmwrite
implement into exec_vmread64/exec_vmwrite64 implement
and add MACRO define for exec_vmread/exec_vmwrite in
head file;
To access 64-bit fields in VMCS, callers use
exec_vmread64/exec_vmwrite64;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
Note:Natural-width fields have 64 bits on processors
that support Intel 64 architecture.To access natural-width
fields in VMCS, callers still use exec_vmread/exec_vmwrite,
keep the current implementation.
V1--V2:
This is new part of this patch serial to only
update 64-bit vmread/vmread opertions and related
caller, for netural width fields, still use exec_vmread
or exec_vmwrite.
V2-->V3:
Fix few mistake updations for netural fields in VMCS,
just keep exec_vmread/exec_vmwrite to access them;
Fix few mistake updations for 64-bit fields in VMCS.
V3--V4:
Add "016ll" for 64-bit variable in log function;
Few updates for coding style;
Rename lssd32_idx as tr_sel in VMX module.
V4-->V5:
Use CPU_NATURAL_LAST in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread32/exec_vmwrite32
is for accessing 32-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread32 and exec_vmwrite32 functions to
access 32-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 32 bit vmread/vmread opertions and related
caller.
V2-->V3:
Update related variables type in data structure
for exec_vmread32/exec_vmwrite32.
Rename temp variable 'low' into 'value' for
exec_vmread32;
V3-->V4:
Remove useless type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread16/exec_vmwrite16
is for accessing 16-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread16 and exec_vmwrite16 functions to
access 16-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 16-bit vmread/vmread opertions and related
caller.
V2--V3:
Add "hu" for uint16_t argument in log function;
Add comments for function get_vmcs_field;
Update related variables type for exec_vmread16;
Rename temp variable 'low' into 'value'.
V3-->V4:
Few updates for exec_vmread16.
V4-->V5:
Few updates for coding style;
Replace "hux" with "hu" in log function for 16-bit
variable.
V5-->V6:
CPU_REG_64BIT_LAST is used in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the current "enum cpu_reg_name", there are 16-bit segment
register names, 16-bit descriptor table register names, and
16-bit task register names. These 16-bit register names are
defined among the 64 bit register names. To access these
16-bit fields in VMCS and 32 bit fields in VMCS, more
condition statements need to be used.
Update 16-bit register names position to simplify conditions
in vm_get_register and vm_set_register since different
fields size accessing in VMCS by different vmread/vmwrite
opreation.
Note: After checking the current implementation, the register names of
the same kind of registers (general registers, control registers,
segment registers etc) need to be defined in order, some code checks
the range by using this order. But different kinds of register
names as group, this group position can be adjusted to simplify
conditions.
The follwoing register names group need to be considered in current
implemetation:
(1) General register names group: CPU_REG_RAX~CPU_REG_RDI;
(2) Non-General register names group:CPU_REG_CR0~CPU_REG_LAST;
(3) segment register names group:CPU_REG_ES~CPU_REG_GS.
V1-->V2:
This is new part of this patch serial created in
V2 to rearrange register names as needed.
V2--V3:
Update comment information.
V3-->V4:
Define CPU_REG_NATURAL_LAST and CPU_REG_64BIT_LAST to
make condition more understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
MISRA C requires that all unsigned constants should have
the suffix 'U/UL'(e.g. 0xffU), but the assembler may not
accept such C-style constants.
To work this around, HOST_GDT_RING0_CODE_SEL and
HOST_GDT_RING0_DATA_SEL must be explicitly spells
out in assembly with a comment tracking the original
expression from which the magic number is calculated.
V1-->V2:
Update commit information about HOST_GDT_RING0_CODE_SEL
and HOST_GDT_RING0_DATA_SEL.
V2-->V3:
Update comment for HOST_GDT_RING0_CODE_SEL in assembly
code.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
fix integer type violations,keep some violations which
related to hypcall and msix_entry_index.
V1->V2:1.modified API_MAJOR_VERSION from Makefile
2.sync acrn_common.h changed to device model
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change these 6 APIs to void type:
init_default_irqs
interrupt_init
early_init_lapic
init_lapic
init_iommu
destroy_iommu_domain
It has checked the argument of destroy_iommu_domain in shutdown_vm,
then no need to check it again inside destroy_iommu_domain.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function like macro changed to be inline function to limit
the return type and parameter type.
V1->V2:change the apis to letter case.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function like macro changed to be inline function to limit
the return type and parameter type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch cleans up the integral-type-related violations after the access
pattern to RTEs is unified. Major changes include:
1. vioapic_mmio_read(), vioapic_mmio_write() and vioapic_mmio_rw() assumes
the size of the register to be accessed is always 4, which is checked in
vioapic_mmio_access_handler(). Thus they no longer takes the unused
''size'' parameter.
2. Typical integral-type-related violation fixes including 'U' suffixes,
type of local variables, conversion specification in format strings, etc.
v1 -> v2:
* Drop duplicated definitions to IOAPIC register offsets.
* Drop the ''size'' parameter of vioapic_mmio_[read|write] and
vioapic_mmio_rw since vioapic_mmio_access_handler() ensures that size is
always 4.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are two different ways the current implementation adopts to access ioapic
RTEs:
1. As two 32-bit registers (typically named ''low'' and ''high''), or
2. As one 64-bit register (typically named ''rte'').
Two issues arise due to the mixed use of these two patterns.
1. Additional conversions are introduced. As an example, ioapic_get_rte()
merges two RTE fragments into a uint64_t, while some callers break it
back to ''low'' and ''high'' again.
2. It is tricky to choose the proper width of IOAPIC_RTE_xxx constants. SOS
boot failure is seen when they are 32-bit due to the following code:
/* reg is uint64_t */
vioapic->rtbl[pin].reg &= ~IOAPIC_RTE_REM_IRR;
while making them 64-bit leads to implicit narrowing when the RTEs are accessed
in the low & high pattern.
This patch defines a union ''ioapic_rte'' and unifies the access pattern
to IOAPIC and vIOAPIC RTEs.
v1 -> v2:
* Instead of two 32-bit ''low'' and ''high'', define a union that allows
either 32-bit or 64-bit accesses to RTEs.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The main focus on: constant suffix U/UL; parameters cast like
uint32 to a uint16 variable; unify some APIs interface,
consist with the callers.
also modify some places to unify code style
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Signed/unsigned conversion should add cast explicitily
or change the type of them to the same.
V1->V2:Fixed the 0U to 0UL because of the mistakes.
V2->V3:remove unsed macro
Signed-off-by: HuiHuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The cpu offline requester monitor the target cpu state
to detect whether target cpu is put to offline already.
So we should only update the cpu state to offline after
all other operations are finished.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Eddie Dong <Eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Includes header file of non-static function, and declare the
in-file use function static.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In non real mode, for segment registers other than CS, the guest segment
base should be zero, otherwise the guest's segmentation results in wrong
effective addresses.
Linux boots with the wrong segment registers (base address in hidden part),
because it happens that it assigns the segment registers before using any
of them, which effectively reloads the segment base addresses from GDT.
vmid's type prefered to be uint16_t.
V1->V2:vmid from uint32_t transfer to uint16_t
V2->V3:add range check to hcall's vmid parameter
V3->V4:seperate the declaration and actual code.
V4->V5:remove range check from hcall's vmid parameter
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Use the array for lapic_id directly to avoid the unnecessary pointer
arithmetic.
With current implementation,
lapic_id_base is always a byte array with CPU_PAGE_SIZE elements
What this patch does:
- replace 'uint8_t *lapic_id_base' with 'uint8_t
lapic_id_array[CPU_PAGE_SIZE]' to make the boundary explicit
- add a range check to ensure that there is no overflow
v2 -> v3:
* update the array size of lapic_id_array per discussion with Fengwei
v1 -> v2:
* remove the unnecessary range check in parse_madt in cpu.c
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are some duplicate codes in emulate_xxx functions which update rflags and
it deserves a common function to deal with the situation. So, this patch
introduces a new function vie_update_rflags to updating rflags accordingly.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
We will decode SIB in decode_sib after decode_modrm. So, there is no need to
decode SIB related field in decode_modrm. This patch remove it.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
There so many ASSERT following the function vie_read_register and vm_get_seg_desc.
It's better to move the ASSERT to those two functions and make the code more
compact.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
rename vm_hw_logical_core_ids to vm_pcpu_ids
and changed the type to uint16_t.
V1->V2:rename the vm_hw_logical_core_ids
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1) Change these 5 APIs to void type:
vcpu_inject_pf
uart16550_calc_baud_div
uart16550_set_baud_rate
console_init
ptdev_activate_entry
No need to return 'entry' for ptdev_activate_entry
since the input parameter is 'entry'.
2) no need to check return value for the caller
such as sbuf_put/console_putc/serial_puts/serial_get_rx_data
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Fixs: 7fd3c624 (HV:CPU:Constant values replace with
CPU MACRO)
There is a mistake in the previous MARCO replacing patch,
use CR4 value replaces CR0 MACRO.
Use CR0 value replaces CR0 MACRO.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
To minimize explicit casts, this patch adjusts the types of function parameters
and structure fields related to vlapic and update the types in the internal
implementation accordingly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
Use local variables to hold struct members before using them, which helps us
avoid confusions from static checkers.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
Make the type indicators in formatting strings aligned with the actual variables
passed.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
Most loop variables in vlapic are used in unsigned contexts (include bitops,
arithmetic w/ other unsigned integers, etc). This patch refactors these loop so
the these variables can be unsigned.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
For constants used in unsigned contexts, a 'U' suffix is required per MISRA C
standard.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Dong Eddie <eddie.dong@intel.com>
The patch fixes the issue when SOS can't boot using HV release version.
In current code, the assembly code for "sgdt" & "sidt" is not right.
The operand is output, not input.
Also, current code use "rdmsr" instruction to read MSR_IA32_SYSENTER_CS,
which doesn't sepcify the clobbered registers it uses.
This patch uses API msr_read to read MSR_IA32_SYSENTER_CS.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Define the array for 'struct irq_desc' with its size
The array size for 'struct irq_desc' is constant and will not be
changed.
- Use array rather than a pointer to avoid the pointer arithmetic.
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
The patch fixes integral type related violations on HV pm part.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Per new design of trusty memory allocation: VHM will reserve contiguous
memory for trusty when DM launch guest with trusty enabled. And OSloader
will relocate trusty to 511G directly and pass trusty's base/entry to HV
by trusty_boot_param when call HC_INIITIALIZE_TRUSTY.
So in this patch:
1. Extend trusty_boot_param to support addr/entry above 4G.
2. Remove size check for old version compatibility.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
like: constant of unsigned int need add U/UL as surfix.
enum value can't use to give or compare with int directlly.
unsigned and signed mis-matched
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
MISRA-C requires the use of brackets, even when there is only one
statement in the loop body.
Signed-off-by: Ying Liu <ying2.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With field defined as uint64_t, there are some implicit type conversions when
calling exec_vmwrite/read functions which takes a uint32_t for the first parameter.
This patch fixes it by change field to uint32_t.
v1 - > v2:
- Keep the field as it is and change the defination of field to uint32_t.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
There are some integer type conversions reported by static
analysis tool for vcpu id, number of created vcpus, and
vpid, to reduce these type conversions, redesign vcpu id,
number of created vcpus, and vpid type as uint16_t as per
their usage, related 16-bit atomic operations shall be
added in HV.
MISRA C requires that all unsigned constants should have the suffix 'U'
(e.g. 0xffU), but the assembler may not accept such C-style constants.
Add 16-bit atomic add/dec/store operations;
Update temporary variables type and parameters type of
related caller;
Update vpid type as uint16_t;
Replace Macro with constant value for CPU_PAGE_SIZE.
Note: According to SDM A.10, there are some bits defined
in the IA32_VMX_EPT_VPID_CAP MSR to support the INVVPID
instruction, these bits don't mean actual VPID, so
the vpid field in the data struct vmx_capability doesn't
be updated.
V1--V2:
update comments for assembly code as per coding style;
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
The relocation feature relies on the ld option "-z noreloc-overflow" which is
only available for binutils >= 2.27, while on Ubuntu 16.04 or older the default
version of binutils is 2.26.
This patch wraps the relocation code with a configurable macro and make it
undefined by default to avoid default build failures.
NOTE: This is just a hotfix. The code dropped with undefined CONFIG_RELOC needs
to be reviewed by the original author of this feature. Checks to the binutils
version will also follow up.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
- this patch is to prevent secure world(trusty) from
fetching instructin from normal world memory.
- copy valid PDPTEs from normal world EPT to secure
world EPT, and remove 'IA32E_EPT_X_BIT' attribute in
these entries.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- move all relocatoin code from cpu.c and cpu.h to reloc.c and reloc.h
- no any logic changes
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Yin fengwei <fengwei.yin@intel.com>
- UEFI: change __emalloc() function to allocate from any available memory
under 4G
- Define CONFIG_RAM_START to the lowest possible address 1M, making sure
HV can only be relocated to higher address
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Yin fengwei <fengwei.yin@intel.com>
Build and link hypervisor with "-pie" and remove static linking so that
it generates .rela sections for relocation
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Yin fengwei <fengwei.yin@intel.com>
- Trampoline code doesn't have the same relocation delta with HV,
Need to manually patch them when referenced from HV
- replace all references to CONFIG_RAM_START with the actual HV load
address
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
In cpu_primary.S
- Assign %rsp in cpu_primary_start_64(), so we can call _relocate()
before any references to the symbols that need to be patched
- Move lidtq instruction and the IDT fixup code after _relocate() call
- In code64 part, replace 'mov' with 'lea' for correct addressing
- No relocation is needed in code32 part
In trampoline.S:
- add trampoline_spinlock_ptr pointer, so we may be able to fixup
trampoline code in HV
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
In the current memory module, there are many constatn value
without U/UL suffix, it is reported as MISRA C violations by
static analysis tool.
Add 'U/UL' suffix for unsigned contant value in memory module
as needed.
Note:In the most case, CPU_PAGE_SIZE(0x1000) is used as
unsigned integer contant value, so CPU_PAGE_SIZE is defined
as unsigned integer contant value, and it is safety converted
into unsigned long type according to MISRA C standard.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
there is a bug for system hang on SBL bootloader after we enabled turbo mode.
so add tmp patch to disable turbo mode as the work-around.
after SBL fixed it, we revert this patch.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Check return value for the called functions in vmexit handler
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the data struct cpuinfo_x86, some field names have
prefix x86, others don't have prefix.
In order to unify names, update field names of struct
cpuinfo_x86 as per its usage purpose, remove prefix x86.
V1-->V2:
Resolve conflict in cpu.c by rebase command
V2-->V3:
Remove track-on id as per jack's comments
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The MMIO/PIO write APIs in io.h always take a uint32_t value but may uses it as
8, 16 or 32-bit integers. This patch converts the prototypes to align with their
functionality.
The pointer conversion and assignment are splitted to separate statements to
prevent static checkers from being confused about the underlying types.
v1 -> v2:
* Change the prototype of mmio-related functions, instead of keeping the
explicit conversions internal. The addresses are kept void* since in most
cases hva (in void*) is passed.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The assigment should be done outside while loop condition. To fix
it, one assigment initializaion and update statement of for loop
have been applied. The only while loop reminds to avoid very long
for loop expression.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
transfer num_vcpus,exp_num_vcpus to uint16_t.
transfer vm_hw_num_cores to uint16_t.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To follow the Misra C standard, doing one assignment per line to
make code is clearly readable and reduces the confusion of its
intetion or typo.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
To be consistant with inline function mem_write, modifying the
mem_read* and using inline function instead.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
To follow the Misra-c standard, the assignment operation inside
function-like macro should be avoided. Replaced the violations
macro using inline function instead.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
inst_len with 0 length should be treated as invaild value. This patch move 0 length
check to the begainning of the function and return -EINVAL if inst_len == 0.
Tracked-On: ccm0001001-247210
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
There are unsinged constant values don't have 'U/UL' suffix
in the HV reported by static analysis tool.
Add 'U/UL' suffix for unsigned constant values as needed.
Tracked-on: ccm0001001-247033
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
There are some narrow integer conversion violations
in the HV reported by static analysis tools.
The narrow integer conversions are resolved by
following methods:
* Explicit type conversion as needed;
* Update suffix of constant value as 'U'
as needed.
cked-on: ccm0001001-247033
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
This patch cleans up the remaining integral-related violations in ioapic.c,
including
* integral narrowing, and
* explicit conversion between signed & unsigned integers.
Tracked-on: ccm0001001-247033
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently IOAPIC pins are represented using various types, including uint16_t,
int, uint8_t and uint32_t. This patch converts all pins to uint8_t since the
maximum number of interrupt input pins per IOAPIC is limited to 240. The special
value IOAPIC_INVALID_PIN is defined to indicate that a valid pin cannot be
found.
This type clean up also has the following impacts.
* The values in the ''legacy_irq_to_pin'' table are piggybacked with their
trigger mode. This patch splits them as the piggyback prevents us from
using a uint8_t[] for this table, and these two information are never used
at the same time.
* The ''offset'' parameter in ioapic_read_reg32 & ioapic_write_reg32 are
promoted to uint32_t to minimize explicit type conversions and keep
aligned with the type of formal parameters of mmio_(read|write)_long.
Tracked-on: ccm0001001-247033
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According to C99 standard, -1 integer constant with 'U/UL'
suffix has no type.
To explicit the integer constant:
Update -1U or -1UL as ~0U or ~0UL, or invalid number according
to usage case.
V1-->V2:
Update parameter name and type of send_startup_ipi since
the second parameter is used as pcpu_id;
Update related comments for code clearity.
V2-->V3:
Update comments of struct acrn_irqline;
rename cpu_startup_dest as dest_pcpu_id in the second
parameter of send_startup_ipi.
Tracked-on: ccm0001001-247033
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
* introduce EXTRA_VERSION to replace RC_VERSION
* add daily tag into the version information
* unify the hypervisor and device model version
Signed-off-by: Jack Ren <jack.ren@intel.com>
To follow Misra-C standard, only one assignment is allowed in both
initialization and update statement.
Noncompliant example:
for (i = 0, a = arry[0]; ...; i++, a = arry[i]){...}
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
To follow the Misra-c standard, any operators should be done outside
the conditions. Removed the prefix, postfix and bitwise shift from
conditions.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Extend struct trusty_boot_param to hold rpmb_key.
Copy rpmb_key from trusty_boot_param when initialize
trusty.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Reviewed-by: Zhu Bing <bing.zhu@intel.com>
Reviewed-by: Wang Kai <kai.z.wang@intel.com>
Use gpa2hpa() has potential hpa contiguous issue for structure
trusty_boot_param.
Fix it by using copy_from_gpa() instead.
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Reviewed-by: Zhu Bing <bing.zhu@intel.com>
Reviewed-by: Wang Kai <kai.z.wang@intel.com>
According to MISRA C:2012, suffix 'U/UL' shall be for
unsigned const value, the member of enum variable should
not be used to compare with integer variable.
Add 'U/UL' for unsigned const value in the CPU module;
Use Macro insteading of enum feature_word since the member
of feature_word is used to compare with integer variable;
Use hex number insteading of Macro in the assembly code.
V1-->V2:
Update the suffix of some constant value as 'UL'
according to its'storage variable;
Split MACRO updates used in the assembly code
in other patch.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The 23:16 bits in the IOAPIC version register is the highest entry in the I/O
redirection table, which is 1 smaller than the number of interrupt input
pins. But currently we use these bits directly as the number of pins.
This patch abstracts the pin count calculation code and adds 1 to the max rte
entry number to get the right pin count.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
MISRA C requires that all unsigned constants should have
the suffix 'U/UL'(e.g. 0xffU), but the assembler may not
accept such C-style constants.
To work this around, all unsigned constants must be
explicitly spells out in assembly with a comment tracking
the original expression from which the magic number is
calculated.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
It will print error information inside memcpy_s if
the parameteter is invalid, the caller can not check
the return value for memcpy_s/strcpy_s/strncpy_s
code like this:
int a(void) {
return 0;
}
int b(void){
a();
}
fix as follow:
int a(void) {
return 0;
}
int b(void){
(void)a();
}
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
There are some implicit type conversion in the CPU module,
this voilates MISRA C:2012 required rules.
We walk through each functions of CPU module, update
some variable type and the return value type of
the function, and add 'U/UL' for related const value.
V1-->V2:
Rebase the branch, resolve some conflict.
V2-->V3:
Update commit info for V2.
V3-->V4:
Few updates for fixing error instroduced during
resolving conflict.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
IOAPIC pins always fit in 8-bit and we already use uint8_t for virt_pins. This
patch converts pins in vioapic to uint8_t.
This is based on Arindam's previous patch ("was: hv: Cleanup and optimise
vioapic.c"), with SOS boot failure resolved, format string updated, complex
arithmetic expression with implicit type conversion decoupled. Also make some
local variables representing interrupt vectors uint32_t.
Signed-off-by: Arindam Roy <arindam.roy@intel.com>
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Move the existing Trusty document to the doc/ folder (where
it belongs) and convert the text to ReST.
The Documentation/ folder under hypervisor/ is removed as all
documents should be put under doc/.
All technical information has been preserved or was already
available in other documents.
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
No need to check the return value for memset
code like this:
int a(void) {
return 0;
}
int b(void){
a();
}
fix as follow:
int a(void) {
return 0;
}
int b(void){
(void)a();
}
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Most of variables used when decoding instructions are unsigned bit-fields. This
patch adds the 'U' or 'UL' suffix to constants in unsigned context and changes
the type of arguments/local variables when necessary.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The SEG_DESC_* macros are mostly used as branch conditions though they evaluates
to signed int. This patch simplies their definitions and drop the unnecessary
casts accordingly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
This patch makes necessary integer narrowing and/or signedness conversion
explicit.
While some narrowing are expected behavior, the correctness of the others relies
on the specifications of some interfaces (e.g. the higher 32-bit of what
exec_vmread() returns is all 0s if the given field is 32-bit). Add a stub
for now to avoid missing them.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Translate the VIE_OP_* enum constants (which belong to an anonymous enum type)
to macros to ensure that they are always unsigned.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
CPL is represented by a plain int but calculated from shifts and bit-wise
operations. Convert it the uint8_t for consistency.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
get_vmcs_field() returns a VMCS field offset which is normally unsigned, but it
also returns negatives (-1 here) on invalid arguments. Following the convention
we use for vectors, pins, etc., use a special unsigned value to indicate such
errors.
v1 -> v2:
* Use a special value (VMX_INVALID_VMCS_FIELD) instead of a seperate output
parameter to indicate errors.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The current register names in instr_emul are misleading since the register names
are not VM-specific. Rename VM_REG(_GUEST) to CPU_REG in both the hypervisor and
device model.
v1 -> v2:
* Introduced.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The vm_reg_name is a good example of a collection of discrete values. This patch
replaces signed integers with this type whenever applicable to avoid dependence
on the underlying value of such enumeration constants.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Op_sizes are mostly from vie->opsize which is a 4-bit field in struct vie. Use
uint8_t instead of int to represent them.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
- rename 'cpu_set_logical_id()' to 'set_current_cpu_id()'
- rename 'cpu_find_logical_id()' to 'get_cpu_id_from_lapic_id()'
- some clean up in cpu.c & trampolines.s
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
In the hypervisor, some strings are assigned to non const
object, this violates MISRA C:2012.
Update the type of the object as const type since it always
points to string.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Once the specific interrupt is marked waiting for inject to
target vcpu, we don't need to mark it again if the same
interrupt is request to inject to same target vcpu.
One example is UP SOS + SMP UOS. It's possible that different
core of UOS try to notify SOS vcpu that there is ioreq pending.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are extra type conversion in the HV since logical_id
type is uint32_t and the input argument of bitmap operations
is uint16_t. BTW, the name of logical_id is not clear enough
to express its usage.
So the following updates are made in this patch:
Update logical_id type as unit_16 to reduce type casting;
Update related print argument;
Rename related logical_id as pcpu_id as needed.
Note: logical_id in the interrupt_init definition have been
updated in cpu_id cleanup patch.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
There are extra type conversion in the HV since cpu_id
type is uint32_t and the return value type of get_cpu_id
is uint16_t. BTW, the name of cpu_id is not clear enough
to express its usage.
So the following updates are made in this patch:
Update cpu_id type as unit_16 to reduce type casting;
Update related temporary variables type;
Update related print argument;
Change the input parameter name of interrupt_init as
cpu_id to keep align with function implement;
Rename cpu_id as pcpu_id as needed.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, virtual cpu id is defined as "int" or "uint32_t"
type in the hypervisor. So there are some sign conversion issues
about virtual cpu id (vcpu_id) reported by static analysis tool.
Sign conversion violates the rules of MISRA C:2012.
BTW, virtual cpu id has different names (vcpu_id, cpu_id, logical_id)
for different modules of HV, its type is defined as "int" or "uint32_t"
in the HV. cpu_id type and logical_id type clean up will be done in
other patchs.
V1-->V2:
More clean up the type of vcpu id;
"%hu" is for vcpu id in the print function.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We pass retval to vmm_emulate_instruction and assign the return value to retval
at the same time. The retval will be passed to mmio_read/write finally as memarg
and the functions don't use the parameter actually. Apparently, we misused the
retval.
This patch fix it by passing 'NULL' to vmm_emulate_instruction.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Rename bit operation function fls as fls32, keep name
style with other bit operation function.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are some cases that we write to VMX_HOST_XXX regs but have debug message
like "pr_dbg("VMX_GUEST_XXX ...")".
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch represents TSC freqeuency in KHz using a 32-bit unsigned integer.
The conversion macros between ticks and us/ms are changed to inline functions to
enforce the types of the input parameters. Note that us_to_ticks accepts only
uint32_t (~4K us at most) and never overflows.
Results of some unit tests on the conversion functions:
calibrate_tsc, tsc_khz=1881600
64us -> ticks: 120422
64us -> ticks -> us: 63
511us -> ticks: 961497
511us -> ticks -> us: 510
1280000 ticks -> us: 680
1280000 ticks -> us -> ticks: 1279488
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ioapic reset function will be called when doing guest reset.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If the vcpu->guest_msrs was allocated, don't allocate the memory
again to avoid memory leak when init_msr_emulation is called
more than once.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
vlapic reset should also zero apic_page and pir_desc if pir is
enabled.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To reduce type conversion in HV:
Update return type of function ffs64 and ffz64 as uint16;
For ffs64, when the input is zero, INVALID_BIT_INDEX is returned;
Update temporary variable type and return value check of caller
when it call ffs64 or ffz64;
Note: In the allocate_mem, there is no return value checking for
calling ffz64, this will be updated latter.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER
Coding style fixing;
INVALID_CPU_ID instead of INVALID_PCPU_ID or INVALID_VCPU_ID;
"%hu" is used to print vcpu id (uint16_t);
Add "U/UL" for constant value as needed.
V2-->V3:
ffs64 return INVALID_BIT_INDEX directly when
the input value is zero;
Remove excess "%hu" updates.
V3-->V4:
Clean up the comments of ffs64;
Add "U" for constant value as needed.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change the return type of function fls64 and clz64 as uint16_t;
When the input is zero, INVALID_ID_INDEX is returned;
Update temporary variable type and return value check of caller
when it call fls64 or clz64;
When input value is zero, clz64 returns 64 directly.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER;
Partly revert apicv_pending_intr udpates;
Add type conversion as needed;
Coding style fixing.
V2-->V3:
Correct type conversion;
fls64 return INVALID_BIT_INDEX directly when
the input value is zero.
V3-->V4:
No updates for this part in PATCH V4.
Note: For instruction "bsrq", destination register value
is undefined when source register value is zero.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change the return type of function fls and clz as uint16_t;
When the input is zero, INVALID_BIT_INDEX is returned;
Update temporary variable type and return value check of caller
when it call fls or clz;
When input value is zero, clz returns 32 directly.
V1-->V2:
INVALID_BIT_INDEX instead of INVALID_NUMBER;
Add type conversion as needed;
Add "U/UL" for constant value as needed;
Codeing style fixing.
V2-->V3:
Use type conversion to remove side effect of
the variable which stores fls/clz return value;
fls return INVALID_BIT_INDEX directly when the
input value is zero.
V3-->v4:
Clean up comments for fls.
Note: For instruction "bsrl", destination register value
is undefined when source register value is zero.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function prepare_vm0_memmap_and_e820 and init_vm0_boot_info are specific for vm0.
There is no need to check is_vm0 again in those functions.
This patch remove the unnecssary checks.
v1 -> v2:
- Add pre-condition comment before the function as Junjie's suggestion.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are multiple helpers for collecting info to be printed on the ACRN uart
console. They are unreachable code in release builds in which the uart console
is removed.
To define a precise boundary for safety-related activities, this patch wraps the
declarations and definitions to these helpers with "#ifdef HV_DEBUG" so that
these unreachable APIs will be dropped in release builds.
v1 -> v2:
* Fix coding style: no empty lines between #ifdef and the wrapped code.
* Also drop get_rte_info() in ioapic.c, which is solely used by
get_ioapic_info().
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With current code, the INIT-STARTUP IPI with EXCLUDING_SELF shorthand
cannot be handled.
This patch is to correct hypervisor to emulate IPI with different
delivery_mode & shorthand.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Similar to cr0/4:
- use context->vmx_ia32_pat to save/restore VMX_GUEST_IA32_PAT field
- use context->ia32_pat to keep track the guest' view of IA32_PAT MSR
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch makes use of IA32_PAT MSR to emulate cache disabled behaviour
When the guest is requesting to set CR0.CD:
- Keep guest's CR0.CD and CR0.NW bits unchanged
- Write IA32_PAT MSR with all-UC entries to change the effective memory
type for all GPA to UC for the guest VCPU
- It depends on trapping wrmsr to IA32_PAT to prevent any entry in
IA32_PAT being changed to non UC type by the guest
When the guest is requesting to clear CR0.CD:
- restore the content of guest's IA32_PAT MSR
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Preparing for emulating guest's CR0.CD and CR0.NW bits:
- Intercept both rdmsr and wrmsr for IA32_PAT
- Track guest's IA32_PAT MSR with vcpu.arch_vcpu.contexts.ia32_pat
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enum cpu state is better than cpu state macro.
V1->V2:
move enum cpu_state under #ifndef ASSEMBLER MACRO to avoid
assembler compiler scan.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
We define attr.name in struct vm and named as ("vm_%d", attr.id). attr.name only
be used in debug tool vm_list. It does't deserve to do so in OS created flow
(aka function create_vm). It's better to handle this in vm_list tool.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@inte.com>
struct map_params's member page_table_type is enum _page_table_type,
transferred it.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add a new parameter csar to get_guest_paging_info. We will save one exec_vmread
in this case.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are two prefix (aka TRC and TRACE) for trace event. This patch make all
the trace event prefix consist with TRACE.
No functional change.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
operations
For reducing sign conversion in hypervisor:
Update parameters of bitmap operations as unsigned type;
Update the input of related caller as unsigned type when the
caller's input parameter is const variable or the variable is
only used by bitmap operations.
V1-->V2:
(1) Explicit casting for the first parameter
of all bitmap operations;
(2) Remove mask operation for explicit casting
of all bitmap operations, since masking is
useless. Otherwise, this trucation is dangerous.
V2-->V3:
(1) Explicit casting for all bitmap operations parameter;
(2) Masking bit offset with 6-bit;
(3) Add few comments about bit offset.
V3-->V4:
add '\' for some statement of bitmap macro
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The struct member types should be transfer to non-basic types,
chaned it to length-prefix(uint32_t,int32_t ...) type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Constants represented in an unsigned type should have the 'U' suffix per MISRA C
requirements even for 0 to get rid of implicit signedness conversions which can
be confusing due to the implementation-defined integer formats.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
With pins being uint8_t, implicit narrowing conversions arises since unsigned
integer constants, irq IDs and general registers have type ''unsigned
int''. Make such conversions explicit.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
PIC pin IDs should be logically unsigned, while we currently use ''int'' to
represent them.
Following the convention we use unsigned IDs, this patch converts the
representation of pins to uint8_t. A special value VPIC_INVALID_PIN is
introduced to represent the case when a valid target pin cannot be
found (previously -1 is used for this case). The branch conditions are updated
accordingly, following the convention below.
(for ''pin''s representing a per-PIC pin)
if (pin != -1) -> if (pin < NR_VPIC_PINS_PER_CHIP)
if (pin == -1) -> if (pin >= NR_VPIC_PINS_PER_CHIP)
if (pin >= 0 && pin < 8) -> if (pin < NR_VPIC_PINS_PER_CHIP)
if (pin >= 0 && pin <= 7) -> if (pin < NR_VPIC_PINS_PER_CHIP)
if (pin >= 0) -> if (pin < NR_VPIC_PINS_PER_CHIP)
(for ''pin''s representing a pin in the vPIC with 2 cascading PICs)
if (pin >= 0 && pin <= 15) -> if (pin < NR_VPIC_PINS_TOTAL)
if (pin > 15) -> if (pin >= NR_VPIC_PINS_TOTAL)
Related local variables are also changed accordingly.
v1 -> v2:
* Rename the number of pins per PIC to NR_VPIC_PINS_PER_CHIP, and the number
of pins of 2 cascading PICs to NR_VPIC_PINS_TOTAL.
* Using "%hhu" instead of "%d" in format string when a pin is expected.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According intel mannual and ACPI mannual,lapic_id length is 1 byte.
V1->V2:
Add U suffix to the numeric when do arithmetic operation on lapic.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch drops the duplicated definitions to ''true'' and ''false'' and
initializes boolean variables with boolean values instead of integers.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Port I/O handlers are expected to accept unsigned port address and width which
have type uint16_t and size_t accordingly. The internal handlers in vpic, on the
other hand, declares signed addresses and width in their prototypes. This patch
enforces unsignedness of addresses and widths in these handlers.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The number of initialization command word (ICW) and register contents are
logically unsigned and they have already been used in such way. This patch
changes the declaration of them so that the declarations, definitions and uses
are all aligned.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
ACRN needs to trap the pm1a/pm1b written/read from VM0. So we
could know when should we put the system to S3.
We will have two path back to VM0:
- S3 enter/exit sucess. Will reset VM0 and jump to VM0 wakeup vec
with real mode
- S3 enter/exit failed. Will return to the next instruction of
pm1a/pm1b register writing. VM0 will read the pm1a/pm1b evt
register to check whether it's waked up or not.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
S3 resume path for VM0 is put bsp of VM0 to real mode and jump
to the wakeup vec of VM0. So we need to extend the init_guest_state
to support start from real mode.
We apply different CS:IP setting for BSP:
- if entry_addr of BSP is larger than 0x100000, it's not wakeup
from S3. We assume it's guest start and set CS:IP by hardcode.
- if entry_addr of BSP is smaller than 0x100000, it's wakeup
from S3. We setup CS:IP according to ACPI spec.
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Emulate VM0 resume from S3 state:
- reset BSP of VM0
- set the BSP entry to saved VM0 wakeup vec and set BSP to real mode
- start BSP
To match trampoline_spinlock release on ACRN Sx resume path, acquire
trampoline_spinlock if ACRN Sx enter fails.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enter_s3 is main function for ACRN to enter S3 state with following
process:
- pause vm0
- save the wakeup vec of vm0 and set wakeup vec of ACRN. So
resume from S3 will jump to ACRN wakeup
- offline APs
- update the main entry of trampoline to resume entry. After BSP
is resume from S3, it will jump to resume entry instead of AP
startup routine
- turn off vmx
- suspend devices
- enter S3.
exit S3 with following process:
- release trampoline_spinlock which is hold in trampoline code
- resume devices
- enable vmx
- update the main entry of trampoline to AP startup routine.
- online APs.
The following operations will be resume vm0 which will be added
in next patch.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Couple of small changes merged in this change:
- export main_entry, trampoline_spinlock and stop_cpus.
- change vm_resume() name to resume_vm()
- change resume_console_enable() name to resume_console()
- extend reset_vcpu to reset more fields of vcpu
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The S3 enter lowlevel routine saves the cpu context to memory
and enter S3 state
The S3 wakeup lowlevel routine restore cpu context and return.
Signed-off-by: Zheng Gen <gen.zheng@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- add a commont head file include/common/irq.h, to include the common data
structure and APIs;
- move the common data struct and APIs from arch/x86/irq.h to the common header.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
To make the file structure clearer, change the file names:
- rename arch/x86/interrupt.c to virq.c, for the virtual irq relavant code,
such as irq injection etc;
- merge arch/x86/intr_main.c into arch/x86/irq.c;
- rename arch/x86/intr_lapic.c to lapic.c
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C required function return type should be consistented.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It is already assumed that ''long'' has 8-bytes, and thus there is no need to
use ULL to indicate a 8-byte unsigned constant.
This patch changes all ULL suffixes found in the hypervisor to UL.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- to avoid reading operations on MTRR registers if
no MTRR feature support on current platform in "init_mtrr()".
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Snoop control is not supported in the graphics VT-d engine and so should
be disabled in the PTEs. Also enabled iommu for graphics in the
dmar_drhd array.
v2: removed disable iommu in handle_one_drhd and combined if cond.
v3: minor code review changes
v4: moved the snoop control change to ept.c to accomodate upstream changes
Signed-off-by: Anitha Chrisanthus <anitha.chrisanthus@intel.com>
Reviewed-by: Gong Zhipeng <zhipeng.gong@intel.com>
Fix the type for vector in ioapic setup, which is a potential problem:
- return VECTOR_INVALID instead of false in irq_desc_alloc_vector()
when irq is out of range;
- change variable type from int to uint32_t for vector, and correct
the returned value check.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It could be also used by host as well. So we remove GUEST from
MACRO name
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <Eddie.dong@intel.com>
for bsp_boot_init/cpu_secondary_init, they are on temp stack.
for bsp_boot_post/cpu_secondary_post, they are on runtime stack.
define SWITCH_TO MACRO to switch runtime stack then jump to post functions.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C requires that unsigned constants should have the 'U' suffix, while this
C syntax is not accepted by binutils assembler per binutil manual.
This patch explicitly spells out the unsigned constants used in the assembly
files while tracking the original expressions in comments. This fixes build
failure when using binutils <= 2.26.
v2 -> v3:
* Explicitly spell out the unsigned constants in assembly, instead of
duplicating the macros in headers which break the integrity of the
definitions.
v1 -> v2:
* Define different macros instead of wrapping all unsigned constants.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
phys_cpu_num is more popular than phy_cpu_num, update them
through command.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Update the structure definition to define the address type
(HVA vs HPA vs GPA) explicitly.
Convert address to HVA before access the GPA/HPA type of address.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Before we set the page table, we should know the attribute. So
move configure the page table attribute outside of modify_paging.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C doesn't allowed negative shift, changed any potential signed value
to unsigned value.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The member of width in struct e820_entries,can be declared to
uint32_t(the range of the member is bigger than 0) to avoid
negative shift.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C doesn't allowed negative shift, changed any potential signed value
to unsigned value.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, physical cpu id is defined as "int" or "uint32_t"
type in the hypervisor. So there are some sign conversion issues
about physical cpu id (pcpu_id) reported by static analysis tool.
Sign conversion violates the rules of MISRA C:2012.
In this patch, define physical cpu id as "uint16_t" type for all
modules in the hypervisor and change related codes. The valid
range of pcpu_id is 0~65534, INVALID_PCPU_ID is defined to the
invalid pcpu_id for error detection, BROADCAST_PCPU_ID is
broadcast pcpu_id used to notify all valid pcpu.
The type of pcpu_id in the struct vcpu and vcpu_id is "int" type,
this will be fixed in another patch.
V1-->V2:
* Change the type of pcpu_id from uint32_t to uint16_t;
* Define INVALID_PCPU_ID for error detection;
* Define BROADCAST_PCPU_ID to notify all valid pcpu.
V2-->V3:
* Update comments for INVALID_PCPU_ID and BROADCAST_PCPU_ID;
* Update addtional pcpu_id;
* Convert hexadecimals to unsigned to meet the type of pcpu_id;
* Clean up for MIN_PCPU_ID and MAX_PCPU_ID, they will be
defined by configuration.
Note: fix bug in the init_lapic(), the pcpu_id shall be less than 8,
this is constraint by implement in the init_lapic().
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Per MISRA C, operands to bit-wise operations should have unsigned
types. However, C99 prioritizes to use signed integers for hexadecimal constants
without the 'U' suffixes, leading to tons of bit operations on signed integers.
This patch series add the 'U' suffixes to the constants which are used in bit
operations, and add the intended width of these integers when applicable
(i.e. the target value is at least 32-bit wide) to avoid functional differences
due to signed vs. unsigned extensions. The rule of thumb is:
'0' for signed char/short/int
'0U' for unsigned char/short/int
'0L' for signed long (should be 64-bit)
'0UL' for unsigned long (should be 64-bit)
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. remove duplicated definitions of mem_loglevel/console_loglevel;
2. Set default loglevels to display important messages:
- CONSOLE_LOGLEVEL_DEFALUT is changed from 2 to 3;
- MEM_LOGLEVEL_DEFAULT is changed from 4 to 5.
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Yan, Like <like.yan@intel.com>
We will get following warnings when build acrn as release version. This patch
fix those warnings.
No functional change.
...
arch/x86/cpu.c: In function ‘stop_cpus’:
arch/x86/cpu.c:727:20: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (get_cpu_id() == i) /* avoid offline itself */
^~
arch/x86/vtd.c: In function ‘dmar_enable_translation’:
arch/x86/vtd.c:84:12: warning: unused variable ‘start’ [-Wunused-variable]
uint64_t start = rdtsc(); \
...
arch/x86/guest/instr_emul.c: In function ‘get_gla’:
arch/x86/guest/instr_emul.c:615:6: warning: variable ‘error’ set but not used [-Wunused-but-set-variable]
int error;
...
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- when init, cr0 & cr4 should read from VMCS
- when world switch, cr0/cr4 read shadow should also be save/restore
v2:
- use context->vmx_cr0/cr4 to save/restore VMX_GUEST_CR0/CR4
- use context->cr0/cr4 to save/restore VMX_CR0/CR4_READ_SHADOW
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
set trusty eptp to 0 after destroy, and only invalidate trusty eptp when it
exist.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
We should use list_del_init here. Otherwise it would misorder the
timer list if we would delete timer more than once if there're more
than one timer on it.
Change-Id: I2d18248173ced1ea1b723352327d2c3d0efc4900
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
MISRA C required that return value should be used, missing for it should
add "(void)" prefix before the function call.
Some function can be declared without return value to avoid this problem.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove_intx_remapping is not global function, make static.
Unlike global functions in C, access to static functions is restricted to the file where they are declared. Another reason for making functions static can be reuse of the same function name in other files
Signed-off-by: Chris Ye <chris.ye@intel.com>
- this patch is to enable SMEP in hypervisor, SMEP protects
guests' memory from supervisor-mode instruction fetches,
in other words, hypervisor which operating in supervisor
mode can't fetch instructions from (guests' memory)
linear addresses that are accessible in user mode.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
