Current code has a mistake associating destination with
redirectionhint. So just use the destination mode to work out
destination mode.
When injecting the msi interrupt to vcpu in hypervisor layer,
current code ingnores the redirection hint(RH) bit of msi address
message from guest, and just use the destination mode and
destination ID. So correctly before injecting, check the RH bit,
if set, choose the vcpu that has lowest priority to inject msi.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Zhao, Yakui <yakui.zhao@intel.com>
Reviewed-by: Yin, Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
acrn-manager message structure has a flexible member
payload[0], that risks to out-of-boundary memory access,
and usage of uninitialized variable.
And the req/ack message pairs has various types, which
extend mngr_msg. mngr_send_msg() requires programmer cast
the type of input messages to struct mngr_msg, that is
inconvenient.
We replace payload[0] with an union, which contains all
payload data. So that type cast for mngr_send_msg() is no
longer needed. And we can avoid potential out-of-boundary
memory accessing and using of uninitialized variable
Acked-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
$(OUT_DIR)/acrm_mngr.h miss dependence of ./acrm_mngr.h, that can
cause build problems.
DM & SOS-LCS are built with $(OUT_DIR)/acrm_mngr.h, which is a
copy of tools/acrn-manager/acrm_mngr.h. So when
tools/acrn-manager/acrm_mngr.h is modified, $(OUT_DIR)/acrm_mngr.h
should be updated too.
Acked-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
NR_MAX_IRQS is defined as 272 and IRQ_INVALID as 273 which implies
that 272 is a valid irq number. In this case, an illegal access can
occur at run time when irq_desc_array[] or irq_count[] is accessed
with index 272. This fix stops the illegal access by renaming
NR_MAX_IRQS to NR_IRQS and then places proper conditions for range
checks. If the index is >= NR_IRQS, then index is invalid otherwise
its considered valid for accessing irq arrays. IRQ_INVALID definition
is also changed to 0xffffffffU to indicate maximum unsigned value.
Signed-off-by: Madeeha Javed <madeeha_javed@mentor.com>
The ``.. code-block::`` directive can specify a highlight language for
the body of the directive. Previously the languages "none" and
"console" were the same, but we're now using "console" for creating
terminal-looking output (rather than doing images of terminal windows)
with a black background and white text.
This PR replaces unintended uses of the "console" highlighting language
with "none".
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Reviewed-by: Yan Like <like.yan@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
This is API part of API-GVT-g high level design doc.
Signed-off-by: Xinyun Liu <xinyun.liu@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Reviewed-by: David B. Kinder <david.b.kinder@intel.com>
ASSERT/panic are called when we get invalid values. It is a little bit strict.
This patch replaces ASSERT/panic with pr_err and return -EINVAL.
v1 -> v2:
- v1 patch name (HV: instr_emul: Remove unnecessary check in decode_xxx)
- keep the check and replace ASSERT/panic with pr_err.
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, there are exec_vmread/exec_vmwrite
used for accessing 32-bit fields, 64-bit field and
natural-width fields. This usage will confue developer.
So there are many type casting for the return value and
parameters vmread/vmwrite operations.
Since exec_vmread/exec_vmwrite and exec_vmread64/exec_vmwrite64
are the same, update current exec_vmread/exec_vmwrite
implement into exec_vmread64/exec_vmwrite64 implement
and add MACRO define for exec_vmread/exec_vmwrite in
head file;
To access 64-bit fields in VMCS, callers use
exec_vmread64/exec_vmwrite64;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
Note:Natural-width fields have 64 bits on processors
that support Intel 64 architecture.To access natural-width
fields in VMCS, callers still use exec_vmread/exec_vmwrite,
keep the current implementation.
V1--V2:
This is new part of this patch serial to only
update 64-bit vmread/vmread opertions and related
caller, for netural width fields, still use exec_vmread
or exec_vmwrite.
V2-->V3:
Fix few mistake updations for netural fields in VMCS,
just keep exec_vmread/exec_vmwrite to access them;
Fix few mistake updations for 64-bit fields in VMCS.
V3--V4:
Add "016ll" for 64-bit variable in log function;
Few updates for coding style;
Rename lssd32_idx as tr_sel in VMX module.
V4-->V5:
Use CPU_NATURAL_LAST in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread32/exec_vmwrite32
is for accessing 32-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread32 and exec_vmwrite32 functions to
access 32-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 32 bit vmread/vmread opertions and related
caller.
V2-->V3:
Update related variables type in data structure
for exec_vmread32/exec_vmwrite32.
Rename temp variable 'low' into 'value' for
exec_vmread32;
V3-->V4:
Remove useless type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the hypervisor, VMCS fields include 16-bit fields,
32-bit fields, 64-bit fields and natural-width fields.
In the current implement, no exec_vmread16/exec_vmwrite16
is for accessing 16-bit fields. So there are many type
casting for the return value and parameters vmread/vmwrite
operations.
Create exec_vmread16 and exec_vmwrite16 functions to
access 16-bit fields in VMCS;
Update related variables type for vmread/vmwrite operations;
Update related caller according to VMCS fields size.
V1--V2:
This is new part of this patch serial to only
update 16-bit vmread/vmread opertions and related
caller.
V2--V3:
Add "hu" for uint16_t argument in log function;
Add comments for function get_vmcs_field;
Update related variables type for exec_vmread16;
Rename temp variable 'low' into 'value'.
V3-->V4:
Few updates for exec_vmread16.
V4-->V5:
Few updates for coding style;
Replace "hux" with "hu" in log function for 16-bit
variable.
V5-->V6:
CPU_REG_64BIT_LAST is used in the vm_get_register and
vm_set_register to make condition statement more
understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
In the current "enum cpu_reg_name", there are 16-bit segment
register names, 16-bit descriptor table register names, and
16-bit task register names. These 16-bit register names are
defined among the 64 bit register names. To access these
16-bit fields in VMCS and 32 bit fields in VMCS, more
condition statements need to be used.
Update 16-bit register names position to simplify conditions
in vm_get_register and vm_set_register since different
fields size accessing in VMCS by different vmread/vmwrite
opreation.
Note: After checking the current implementation, the register names of
the same kind of registers (general registers, control registers,
segment registers etc) need to be defined in order, some code checks
the range by using this order. But different kinds of register
names as group, this group position can be adjusted to simplify
conditions.
The follwoing register names group need to be considered in current
implemetation:
(1) General register names group: CPU_REG_RAX~CPU_REG_RDI;
(2) Non-General register names group:CPU_REG_CR0~CPU_REG_LAST;
(3) segment register names group:CPU_REG_ES~CPU_REG_GS.
V1-->V2:
This is new part of this patch serial created in
V2 to rearrange register names as needed.
V2--V3:
Update comment information.
V3-->V4:
Define CPU_REG_NATURAL_LAST and CPU_REG_64BIT_LAST to
make condition more understandable.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
MISRA C requires that all unsigned constants should have
the suffix 'U/UL'(e.g. 0xffU), but the assembler may not
accept such C-style constants.
To work this around, HOST_GDT_RING0_CODE_SEL and
HOST_GDT_RING0_DATA_SEL must be explicitly spells
out in assembly with a comment tracking the original
expression from which the magic number is calculated.
V1-->V2:
Update commit information about HOST_GDT_RING0_CODE_SEL
and HOST_GDT_RING0_DATA_SEL.
V2-->V3:
Update comment for HOST_GDT_RING0_CODE_SEL in assembly
code.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
fix integer type violations,keep some violations which
related to hypcall and msix_entry_index.
V1->V2:1.modified API_MAJOR_VERSION from Makefile
2.sync acrn_common.h changed to device model
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Change these 6 APIs to void type:
init_default_irqs
interrupt_init
early_init_lapic
init_lapic
init_iommu
destroy_iommu_domain
It has checked the argument of destroy_iommu_domain in shutdown_vm,
then no need to check it again inside destroy_iommu_domain.
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function like macro changed to be inline function to limit
the return type and parameter type.
V1->V2:change the apis to letter case.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Function like macro changed to be inline function to limit
the return type and parameter type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch cleans up the integral-type-related violations after the access
pattern to RTEs is unified. Major changes include:
1. vioapic_mmio_read(), vioapic_mmio_write() and vioapic_mmio_rw() assumes
the size of the register to be accessed is always 4, which is checked in
vioapic_mmio_access_handler(). Thus they no longer takes the unused
''size'' parameter.
2. Typical integral-type-related violation fixes including 'U' suffixes,
type of local variables, conversion specification in format strings, etc.
v1 -> v2:
* Drop duplicated definitions to IOAPIC register offsets.
* Drop the ''size'' parameter of vioapic_mmio_[read|write] and
vioapic_mmio_rw since vioapic_mmio_access_handler() ensures that size is
always 4.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are two different ways the current implementation adopts to access ioapic
RTEs:
1. As two 32-bit registers (typically named ''low'' and ''high''), or
2. As one 64-bit register (typically named ''rte'').
Two issues arise due to the mixed use of these two patterns.
1. Additional conversions are introduced. As an example, ioapic_get_rte()
merges two RTE fragments into a uint64_t, while some callers break it
back to ''low'' and ''high'' again.
2. It is tricky to choose the proper width of IOAPIC_RTE_xxx constants. SOS
boot failure is seen when they are 32-bit due to the following code:
/* reg is uint64_t */
vioapic->rtbl[pin].reg &= ~IOAPIC_RTE_REM_IRR;
while making them 64-bit leads to implicit narrowing when the RTEs are accessed
in the low & high pattern.
This patch defines a union ''ioapic_rte'' and unifies the access pattern
to IOAPIC and vIOAPIC RTEs.
v1 -> v2:
* Instead of two 32-bit ''low'' and ''high'', define a union that allows
either 32-bit or 64-bit accesses to RTEs.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This function add high level reset_vdev function. Which is
implemented to call deinit/init pairing to emulate the virtual
device reset operation.
This patch also add the system reset which keep the UOS RAM
content functionality to DM.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Guest has erquirement to support system/full reboot and S3. Which could
trigger different reset path in guest
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
GUEST_CFG_OFFSET is used to pass the memory top info from DM
to HV. The address should be in E820 reserved range to prevent
guest use it for other purpose.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
version.h is included but not used by per_cpu.h. This results in a forceful
rebuild of almost all files because per_cpu.h (and thus version.h) is depended
on by many files, and version.h is created every time a build is triggered.
This patch breaks this dependency. No further changes needed as sources using
version.h all include that file explicitly.
Also add the missing license header BTW.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
With Kconfig, it would be common to rebuild the hypervisor with a few
configuration symbols changed. But for a proper rebuild, users are required to
execute ''make clean'' first, which deletes the configuration file at all.
This patch leverages the compiler to generate a target that add involved headers
as dependencies to a specific file. Any change to a header will now trigger the
rebuilding of related sources properly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
With the addition of more HLD documents, the developer-guides index was
getting too busy, so push the HLD documents down a level.
Also, the supported hardware document is buried in the getting started
section and hard to find, so promote it.
Trusty isn't really supported (yet) so drop it from the TOC for now.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Console screen shots are hard to maintain, so use the
.. code-block:: console directive to show terminal console-like display
(black background with white text)
Change existing .. code-block:: console uses to .. code-block: none
Replace screen-shot images in apl-nuc getting started guide with
text-based console display.
Update apl-nuc GSG content with v0.1 changes
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
The main focus on: constant suffix U/UL; parameters cast like
uint32 to a uint16 variable; unify some APIs interface,
consist with the callers.
also modify some places to unify code style
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
When system is going to shutdown, or someone kills Acrnd, and
Acrnd still hold some UOS works in its timer list. Thus Acrnd need
to store UOS timer works to file, so that Acrnd can load and
continue these uncompleted works as it is restarted.
Reviewed-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
DM can send ACRND_TIMER to Acrnd, then acrnd will setup a timer
for it. When this time is expired, acrnd will try to make this
UOS run again.
Reviewed-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
SOS-Life-Cycle-Service can send ACRND_RESUME to Acrnd. Acrnd first
check If there is a timer list to be load. Then check wakeup reason,
just wait timer works to expire when wakeup reason is RTC, or acrnd
will start/resume all VMs.
Reviewed-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
SOS-Life-Cycle-Service can ask acrnd to stop UOSs, by sending
ACRND_STOP to Acrnd. Acrnd handles this request by:
1. Try stop all running VMs, and return the result to SOS-LCS.
2. Store pending works of restarting/resuming VMs to file
Reviewed-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
There will be a daemon running on SOS: to forward wakeup_reason to
acrn-dm; to co-ordinate the lifecycle of VMs and SOS; to handle
ioc-timed wakeup/poweron.
1.to forward wakeup_reason to acrn-dm
acrnd is responsible to retrive wakeup_reason from SOS lifecycle
service and attach the wakeup_reason to acrn-dm parameter for ioc-dm;
2.co-ordinate the lifecycle of VMs and SOS
When SOS is about to suspend/shutdown, SOS lifecycle service will
send a request to acrnd to guarantee all guest VMs are suspended
or shutdown before SOS suspending/shutdown process continue. On
receiver the request, acrnd starts polling the guest VMs state, and
notify SOS lifecycle service when all guest VMs are put in proper
state gracefully.
3.handle ioc-timed wakeup/poweron
For vechile specific mode like garage mode, guest UOS may need to
wakeup/poweron in a future time for tasks such as map updating etc.
To setup a timed wakeup/poweron, ioc-dm will send request to acrnd,
acrnd maintains a list of timed requests from guest VMs, and acrnd
selects the nearest request and send it to SOS lifecycle service
who will setup the physical IOC.
Reviewed-by: Yan Like <like.yan@intel.com>
Acked-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
There are some problems to use VM operations in a deamon process,
such as Acrnd. the list_vm() does not return VM informations, it
just print VM information to stdio, so we have get_vm_list()
to get VM list head vmngr_head; get_vm_list() always creates a
new fresh vm list every time, and must use put_vm_list() to delete
old list. So Acrnd need to create and destroy vm list frequently.
In fact we just need the vmngr_head to be an extern variable. And
to make it refreshable.We can insert new VMs, remove dead ones,
and update their state.
Reviewed-by: Yan Like <like.yan@intel.com>
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
The array size of upper_hex_digits and lower_hex_digits are same and
constant.
Use an array rather than a pointer to fix the violation - 'Declaration
does not specify an array'
v3 -> v4:
* Update the array size of 'digits'
* Update the usage of 'digits'
v2 -> v3:
* Update the usage of 'digits'
v1 -> v2:
* Define a MACRO for the array size of 'digits'
* Simplify the declaration of 'digits'
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Signed/unsigned conversion should add cast explicitily
or change the type of them to the same.
V1->V2:Fixed the 0U to 0UL because of the mistakes.
V2->V3:remove unsed macro
Signed-off-by: HuiHuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The cpu offline requester monitor the target cpu state
to detect whether target cpu is put to offline already.
So we should only update the cpu state to offline after
all other operations are finished.
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Eddie Dong <Eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
commit ia23549aa915e7dc2c ("build: make relocation-related code
configurable") adds CONFIG_RELOC to make relocation configurable
This patch corrects the behavior when CONFIG_RELOC is disabled
- Don't use "CFLAGS += -fpie" and put back "LDFLAGS += -static"
- __emalloc(): forced to allocate exactly the asked address, which is
CONFIG_RAM_START
Includes header file of non-static function, and declare the
in-file use function static.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In non real mode, for segment registers other than CS, the guest segment
base should be zero, otherwise the guest's segmentation results in wrong
effective addresses.
Linux boots with the wrong segment registers (base address in hidden part),
because it happens that it assigns the segment registers before using any
of them, which effectively reloads the segment base addresses from GDT.
With current implementation:
If the case 'entry->length < sizeof(struct acpi_subtable_header)' is
triggered, it will lead to a dead loop.
What this patch does:
Gracefully return when this case is triggered.
Why:
If 'entry->length < sizeof(struct acpi_subtable_header)', it means that
there is no valid 'struct acpi_subtable_header' starting from the entry.
There must be something wrong. It should not happen in normal case.
v1 -> v2:
* Remove the unacceptable ASSERT, just gracefully return
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
