now the size of sanitized_page is 32KB,
revise it to 4KB.
Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
For data structure types "struct logmsg", its name is identical
with variable name in the same scope. This is a MISRA C violation.
This patch fix it.
Tracked-On: #1801
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch remove early logbuf support which is used to hold
log massges before shared buf setup by SOS.
Tracked-On: #1801
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Reviewed-by: Yan, Like <like.yan@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
V1->V2:
update the git comment to describe why comply with the
single-exit rule.
V2->V3:
update the git comment title to give a scope declaration of this
patch.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
IEC 61508,ISO 26262 standards highly recommend single-exit rule.
Reduce the count of the "return entries".
Fix the violations which is comply with the cases list below:
1.Function has 2 return entries.
2.The first return entry is used to return the error code of
checking variable whether is valid.
Fix the violations in "if else" format.
V1->V2:
update the git comment to describe why comply with the
rule(function's return entry should be only one).
V2->V3:
update the git comment title to give a scope declaration of this
patch.
Tracked-On: #861
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently guest IA32_TSC_AUX MSR is loaded manually right before VM
entry, and saved right after VM exit.
This patch enables VM-Entry Control and VM-Exit Control to switch
MSR IA32_TSC_AUX between host and guest automatically. This helps to
keep vcpu_thread() function and struct acrn_vcpu cleaner.
Also it removes the dead code of intercepting IA32_TSC_AUX.
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Some data structure are only used under some condition. This patch move data
structure definition under its corresponding contion. Otherwise, it would
violate MISRA-C 413 S "User type declared but not used in code analysed".
For MACRO, it would violate MISRA-C 628 S "Macro not used in translation unit".
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The signal is used to get camera right and left values.
Tracked-On: #1886
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Simple atomic add/dec do no guarantee reference count full
synchronization without a lock. Compare and swap operations
are required for correct implementation.
Tracked-On: #1875
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
remove the usage of HV_DEBUG related to shell command in assign.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG in vioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove the usage of HV_DEBUG in ioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
to avoid passing guest's memory block into hypervisor internal
process for security.
Tracked-On: #861
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
enhance Makefile to compile debug/release into 2 libraries
v1 -> v2:
* auto make all the libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
When thread_cancel() is called to exit pthread, we can't know
when the thread exit done unless pthread_join() is used to
wait for thread exit.
Tracked-On: #1868
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In theory, there would have 256 pending interrupts on lapic ISR.
Add this check to avoid theoretic infinite loop for clearing
lapic isr. Leave the potentially hardware issue to machine check.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Although the lapic base MSR have the same value in per-cpu except that the BSP bit.
However, we would enter s3 on the BSP cpu. After the resume from s3, the BSP bit was
clear on the BSP cpu. This patch fix this bug.
Tracked-On: #861
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Now if the vmexit reason is virtulized EOI for level triggered
interrupts, HV will loop all the ptdev entries, it is time-consuming,
this patch add vpin to ptdev entry mapping for vpic and vioapic
when add intx entry for a vm,it can use the ptdev entry directly
according to the mapping for vpin and ptdev entry when EOI vmexit.
v3-->v4:
-- add check vpin in remove_intx_remapping
-- move check vpin from ptdev_add_intx_remapping to add_intx_remapping
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Move ptdev lock out from add_intx_remapping/add_msix_remapping
/remove_intx_remapping/remove_msix_remapping and make it protect
the whole add entry/remove entry process
v3-->v4:
--move ptdev lock out
v2-->v3:
-- still use ptdev lock for add/remove ptdev entry
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
-- Config MAX_PT_IRQ_ENTRIES 64 in Kconfig
-- Remove ptdev list
-- Add alloc_ptdev_entry_id api
v3-->v4:
-- move is_entry_active from assign.c to ptdev.h
-- Add clear active flag in release_entry
v2-->v3:
-- Remove redundancy active check for ptdev entry
in release_all_entries and get_ptdev_info
v1-->v2:
-- split to small patches
Tracked-On: #861
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Fix the prefix comparison, we need to compare on prefix length, not
on devpath len, otherwise we always fail.
Tracked-On: #1848
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Acked-by: Yu Wang <yu1.wang@intel.com>
Reset directory name to receive clean prints.
Tracked-On: #1847
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Acked-by: Yu Wang <yu1.wang@intel.com>
Edge triggered mevent on sysfs file is triggered
immediately after mevent_add(), hence this has to be ignored.
The issue that is resolved that the 'first' flag was
global and wasn't reset on each mevent_add().
Tracked-On: #1846
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Acked-by: Yu Wang <yu1.wang@intel.com>
Prevent intercepting reset callback if reset state
transition is already in progress.
Tracked-On: #1846
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Acked-by: Yu Wang <yu1.wang@intel.com>
- fix code style: mix of tab and white spaces, alignments, etc.
- remove not meaningful comments. Also these comments are below the
source code which makes the code look messy.
- add more MSR register definitions
Tracked-On: #1867
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This patch introduce a new mode of IO request completion, polling mode.
Now, the sketch of ioreq process can be,
A. UOS vcpu0 generate PIO/MMIO ->
B. pcpu1(vcpu0 of UOS) trap into HV ->
C. pcpu1 build ioreq, send IPI and enter idle ->
D.1 pcpu0(vcpu0 of SOS) response IPI,
D.2 pcpu0 handle the ioreq in HV, kernel, DM,
D.3 pcpu0 mark ioreq as complete,
D.4 pcpu0 hypercall to enter HV ->
E.1 pcpu0 send IPI to wake pcpu1 up
E.2 UOS vcpu0 continue running
With this change, it skips D.4, E.1 steps. In step C, pcpu1 will enter a
polling ioreq state idle after send out the IPI.
It can save about ~5000 cpu cycles.
In polling mode, we do the polling in idle instead of pause cpu all the
time. It will consume more power. A better way is to use monitor/mwait
instructions which can put cpu into a sleep state with monitoring a
memory address. Unfortunately, APL has bug with monitor. We can gather
all ioreqs state into one monitorable memory and take advantage of
monitor/mwait for future platform.
The way polling or notification is per VM. We can config VMs in
different mode. By default, IO request completion will use notification
mode for all VMs. We can switch it by Kconfig.
Tracked-On: #1821
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch adds vtd.h to the input of doxygen and replaces hard-coded API docs
with doxygen-generated ones.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
This patch adds more comments to describe the structures and functions of vtd
that are public to the other components in the hypervisor. The comments are in
doxygen-style for document generation.
Tracked-On: #1595
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Clean up of a couple of README.rst files located respectively under hypervisor/
and devicemodel/ to remove obsolete and unmaintained information. Both hold a
basic introduction about the folder content and refer to the official
documentation website for more detailed information.
Tracked-On: #1827
Signed-off-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
1. use error code defined in errno.h instead of 1.
2. panic if error occured while adding devices to VM0 domain.
3. panic if failed to reqeust irq for iommu.
The two panic added would only occurs before any VM starts running.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In current code, DMA remapping is enabled at very early stage, when there is no
device added.
Devices are added to VT-d context table when creating VMs.
There is potential risk that there may be device DMA transactions when DMA remapping is
enabled, but the device is not added to the VT-d context table. (Eg. this could happen in UEFI
enviroment when USB keyboard use in efi intenal shell.)
This patch defers DMA remapping enabling until vm creation.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Current code doesn't init interrupt config when resume from S3.
The related register contect will be lost during S3.
This patch re-init these regiters.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Add an internal API to do action according to action function provided,
which can simplify the code.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Move move public API to the bottom part of the file.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Becuase the number of character of a line is 120.
Merge lines for a statement if needed.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
dmar_uint -> dmar_unit
remove i in line 756 added by accident.
Tracked-On: #1855
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
vcpu thread need to exit when doing VM full reset and VM shutdown.
Change the code to align the logic. This also can fix race condition
between ioreq client destruction and accessing.
Tracked-On: #1857
Signed-off-by: Fengwei Yin <fengwei.yin@intel.com>
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
The guest could write the MSI-X Table fields in DWORD or QWORD. For
example the Message Address could be a QWORD write or two DWORD writes,
the Message Data could be a DWORD write or part of a QWORD write that
is combined with the Vector Control. This patch captures all the
possible combinations when the guest is configuring the MSI-X Table.
Tracked-On: #1568
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
Though guests are not supposed to read Message Data/Addr, it's still better
off to initialize them to 0.
vector_control should be initialize to zero besides the mask bit.
Tracked-On: #1568
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
- in vmsix_cfgwrite(), it should write the new value 'val'.
- in vmsix_table_mmio_access_handler(), mmio_gpa is a typo for intercepted_gpa.
Tracked-On: #1568
Signed-off-by: Zide Chen <zide.chen@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
remove the usage of HV_DEBUG in hypercall.c and vmcall.c
TO-DO:
Enhance Makefile to compile debug/release into 2 libraries
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
CSE FW uses an AEK (Attestation keybox Encryption Key) to encrypt the keybox
with AES-256-GCM algorithm before sending it to Android/Trusty. This key is
derived from the latest platform Seed by CSE FW with KDF (key derivation function)
HMAC-SHA256. After Trusty retrieves this encrypted keybox over HECI/MEI driver,
Trusty needs the same AEKkey to decrypt it. Hence, before Trusty launches,
Hypervisor derives the same AEK key from Platform Seed with the same algorithm
and the same derivation parameters, then sends this AEK along with Trusty vSeed
to Trusty world memory.
Since Platform Seed is only visible to Hypervisor and it must not be
sent to any guest VM, only Hypervisor can derive this AEK from this
Platform Seed, just like previous per-Trusty virtual Seed derivation.
Please note that Android Attestation Keybox is shared in a single hardware
platform, so all the Trusty instance/world can get the same AEK for
decryption even if there are multiple Android User OS/VMs running
on top of Hypervisor.
v1 --> v2:
Add detailed description why we need the patch to derive an extra key
v2 --> v3:
Convert API descriptions to Doxygen
Tracked-On: #1812
Reviewed-by: Bing Zhu <bing.zhu@intel.com>
Reviewed-by: Kai Wang <kai.z.wang@intel.com>
Signed-off-by: Chen Gang G <gang.g.chen@intel.com>
Acked-by: Bing Zhu <bing.zhu@intel.com>
