sscanf and strcpy are banned according to the security requirements.
So replace them with their safe alternative.
Tracked-on: #1496
Signed-off-by: Jie Deng <jie.deng@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
physical RPMB is accessed if "phisycal_rpmb" is specified
in launch.sh.
Also it reserves some RPMB area with a fixed size(32KB) for
AttKB and future usage, which is RO for UOS.
Tracked-On: #1544
Signed-off-by: Huang, Yang <yang.huang@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
In vmei_start() the HBM host client is created,
it handles HBM protocol.
The HBM client is a management object and
is not exposed by the mei native driver.
The communication between TX and RX threads
is handed via internal pipe(2).
Second, we connect all fixed address clients as the mei
protocol doesn't provide connection mechanism for them,
they appear always connected.
Last, the hw_ready is set.
Define virtio_mei_ops, ass all the handlers are now available.
Tracked-On: #1536
Signed-off-by: Liu Shuo <shuo.a.liu@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Rx is triggered from epoll event (mevent), a host client
is retrieved from associated event data. P proper mei message header is
attached to the packet and sent to the virtio FE device.
Tracked-On: #1536
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
TX from virtio driver is handled firt via
virio tx notify handler vmei_notify_tx(),
placed into host clinet tx circular buffer.
TX thread will then write the data to the device.
Tracked-On: #1536
Signed-off-by: Vitaly Lubart <vitaly.lubart@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Implement the FW part of the HBM protocol.
Currently the support version is 2.0.
The HBM protocol handles client management, such
initialization handshake, connection, power management,
and the flow control.
Tracked-On: #1536
Signed-off-by: Vitaly Lubart <vitaly.lubart@intel.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
ME client enumeration is received from sysfs attributes
of the native device.
V3: Use bounded functions.
Tracked-On: #1536
Signed-off-by: Vitaly Lubart <vitaly.lubart@intel.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
mei mediator perform reset handshake via
the cfgread/write handlers and provide access
to fw status registers.
Tracked-On: #1536
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
There are multiple types of resets that need to be handled
by the mei device.
The reset may be initiated from both sides host or fw.
The host requests reset on probe and remove,
power state transaction, and errors,
while ME FW may request reset upon error.
If the native device undergo reset the host application
has to be notified.
Tracked-On: #1536
Signed-off-by: Aviad Nissel <aviad.nissel@intel.com>
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
1. virtio_mei structure represents an instance of mei device.
2. vmei_me_client represents an ME application in the MEI FW.
3. vmei_host_client represent a host application talking to the
ME application, ME application can support multiple connections.
4. Add debug helpers
Tracked-On: #1536
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
The virtio has two virtio queues, TX and RX.
TX have two segment buffers one for header and one for data.
The virtio_mei declares host buffer of size 128 slots, each
slot is a 4 bytes value.
For synchronization hw_ready and host_reset configuration flags
are used that emulates mei reset flow.
And last fw status registers must be also readable via virtio
mei device.
Tracked-On: #1536
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
mei handles objects on the list, hence reference counting
infrastructure is required for easier multithreading.
Tracked-On: #1536
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
libuuid sports only uuid (big endian encoding),
though mei requires guids (little endian encoding).
The base types are based on <linux/uuid.h> header.
Tracked-On: #1536
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
Remove virtio_heci to be replaced with virtio_mei
Tracked-On: #1536
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Wang, Yu1 <yu1.wang@intel.com>
This patch is one workaround to resolve a crash issue for certain brand
touch screen (eGalaxTouch EXC7200-7368v1.01). The formal fix should
follow the xHCI spec to stop xfer and generate transfer completed event
trb prior to Stop Endpoint Command complete event trb. It should be a
big change and for short term, do nothing for the stop endpoint command
which is no other side effect be observed so far.
Tracked-On: #1413
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Liang Yang <liang3.yang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
The function pci_xhci_get_native_port_index_by_path didn't
compare the bus number during the process of native USB
device searching. This patch is used to fix it.
Tracked-On: #1434
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Liang Yang <liang3.yang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch is used to support emulation of multiple layers of hubs
under Flat Mode.
Tracked-On: #1434
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch is used to enable multiple hubs in single layer under
Flat Mode.
Tracked-On: #1434
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
To support the multiple hubs and multiple layers of hub, the
port_map_tbl should be replaced by native_ports to record all
native devices' state, including assignment state, emulation
state etc.
Tracked-On: #1434
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
There are many places in USB emulation implementation to get
native USB device infomation, and the related codes are long
and repeated many times. This patch introduces function
usb_get_native_devinfo to remove redundent codes for the
purpose mentioned above.
Tracked-On: #1434
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
This patch introduce struct usb_devpath to indentify uniquely an USB
device, which is basic element for multiple hub support.
Tracked-On: #1434
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Previous design use bus and port(root hub port) for the identification
to the native USB device. It cannot work properly under the multi-hub
situation due to external USB hub is introduced.
This patch removes old hub implementation code, and subsequent patches
will be add support for mutiple hubs.
Tracked-On: #1434
Signed-off-by: Liang Yang <liang3.yang@intel.com>
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
As RPMB mux kernel module is going to be created,
there are two corresponding changes required for DM:
1. The name has been changed to /dev/rpmbmux.
2. DM does NOT check MAC of RPMB result returned by kernel
module because DM doesn't own the real key.
Tracked-On: #1508
Signed-off-by: Huang, Yang <yang.huang@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
Per i6300esb spec, when WDT_INT_TYPE(bit 0 and 1 of WDT config register)
are set to 00, IRQ feature should be supported.
The WDT_INT_ACTIVE bit is set when the first stage of the 35-bit
down-counter reaches zero. An interrupt will be generated if WDT_INT_TYPE
is configured to do so (See WDT Configuration Register). This is a sticky
bit and is only cleared by writing a 1.
SMI feature(WDT_INT_TYPE are set to 0x10) is not supported.
Tracked-On: #1498
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
This patch addes the debugexit function to DM. If it's enabled
by DM cmdline (by add --debugexit), the guest could write a
32bit value to port 0xF4 to trigger guest shutdown.
Tracked-on: #1465
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Current RTC emulation is based on sigevent mechanism, replace with
acrn_timer API which based on timerfd/epoll mechanism to avoid
potential resource accessing conflict in the async thread.
Tracked-On: #1489
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
In the current implementation sigev_notify is configured as
SIGEV_THREAD. When wdt expires an async thread is created and
the registered timer callback is called in the context of this
thread, then the watchdog interrupt emulation would require the
thread to assert intr on this pci dev.
There would be a race condition that when the wdt pci device is
freed in pci device deinit and then a timer expires. In this case
the wdt expired thread will access a freed buffer which would cause
problem such as heap corruption and segment fault.
In this patch we replace timer API with acrn_timer which is based
on timerfd/epoll mechanism to avoid the race condition.
Tracked-On: #1489
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Jian Jun Chen <jian.jun.chen@intel.com>
Reviewed-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
This patch resolves acrn-dm crash issue when acrnd boots up the acrn-dm.
The rootcause is mevent_enable and mevent_disable have NULL pointer as
its parameter if uart backend is not tty capable, so add check code for
the uart backend before invoking mevent_enable and mevent_disable.
The issue can be reproduced when acrnd boots up the acrn-dm.
Tracked-On: #1466
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Tomas Winkler <tomas.winkler@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
VirtIO v1.0 spec 04 5.2.5:
- Protocol unit size is always 512 bytes.
- blk_size (logical block size) and physical_block_exp (physical block
size) do not affect the units in the protocol, only performance.
VirtIO v1.0 spec 04 5.2.6.1:
- A driver MUST NOT submit a request which would cause a read or write
beyond capacity.
Reject the requests that violate these terms.
v1 -> v2:
- add more comments for clarity
Tracked-On: #1422
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
There is no GEOM framework in Linux. Remove dead code.
v1 -> v2:
- complete removal of the entire GEOM logic
Tracked-On: #1422
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
NHLT table contains the settings some audio drivers need.
An ACPI method is used to get NHLT table address & length.
In current DM code, the NHLT talbe length in the ACPI method
is hardcoded, which will cause troubles when the length of the
table changed.
This patch replaces the hardcoded NHLT table length according to
the table length read from SOS.
Tracked-On: #1461
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
The write_dsdt_xhci function is use for describe the xdci dsdt table.
Correct its name.
Tracked-On: #1444
Signed-off-by: Yu Wang <yu1.wang@intel.com>
Reviewed-by: Binbin Wu <binbin.wu@intel.com>
movb is used for registers STATUS and CFGGENERATION whose size is 1
byte. Previously hv cannot report the correct MMIO trap size for
movb and virtio hard coded their size to 4 as a workaround. hv fixed
movb instruction emulation and MMIO size can be reported correctly.
This patch removes those workaround.
commit 9df8790ffc ("hv: Fix two minor issues in instruction emulation code")
Tracked-On: #1449
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Add a function to do msix table deinit.
1. call api to reset msix entry in hypervisor
2. free virtual msix table memory
3. unmap pba page if any
4. unmap the pages passhtru to uos in MSIX BAR if any
Tracked-On: #1222
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Normally, for devices support MSI-X, PBA is passed-through to guest.
However, PBA and MSI-X table share the same bar, and part of PBA and
MSI-X table may share a same page for some devices.
If that is the case, the part of PBA within the page should be emulated
rather than passed-through.
This patch adds PBA emulation support for MSI-X.
Tracked-On: #1222
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
This is an issue result from incomplete process logic of commit:
"ba68bd4 DM USB: xHCI: fix enumeration error after rebooting".
This patch is used to fix it.
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Liang Yang <liang3.yang@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Tracked-On: #1425
Replace strtok function with strsep function.
Tracked-On: #1401
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Return value check for snprintf function.
Tracked-On: #1401
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Reviewed-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
The patch resolves a bug that signal SteeringWheelSpeechCtrlBtn can not be
received in UOS. the rootcause is signal SteeringWheelSpeechCtrlBtn and
signal SteeringWheelPauseBtn are combined into one multi-signal message and
signal SteeringWheelPauseBtn is not defined.
To fix this, add SteeringWheelPauseBtn definition.
Tracked-On: #1410
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Use strnlen instead of strlen to avoid potential security issue.
Tracked-On: #1364
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
vPIT is used as a source of system timer by UEFI (e.g. OVMF).
This is ported from Bhyve, with a few changes:
- move to user space, using POSIX timer
- support timer mode 3
- improve the emulation of OUT and STATUS byte
- improve the emulation of counter behavior
- improve the emulation of CE update in periodic mode
- treat CR == 0 as 0x10000
Origin: FreeBSD
License: BSD-3-Clause
URL: https://svnweb.freebsd.org/
commit: 283291
Purpose: Adding vPIT support.
Maintained-by: External
Tracked-On: #1392
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
According to PCI spec 3.0 section 6.2.2 "Device Control", guest
could write the command register to control device response to
io/mem access.
The origial code register/unregister the memory range which is
not suitable because it can't handle the sequence:
1. disble the device response to specific memory range
2. reboot guest (DM will try to free the memory range which
was freed in step 1 already)
Tracked-On: #1277
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Remove the workaround and will submit the fixing patch.
Tracked-On: #1277
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Some firmware (e.g. UEFI) uses RTC CMOS to fetch the system's memory
configuration. Put lowmem / highmem info in the designated area.
This is a port of Bhyve vRTC's user-space logic.
v1 -> v2:
* move KB/MB/GB to macros.h
* move nvram offset definitions to rtc.h
Tracked-On: #1390
Signed-off-by: Peter Fang <peter.fang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Jie Deng