hypervisor will crash if user try to call hypercall
HC_CREATE_VM in infinite style.
actually, the number of VMs hypervisor can support
depends on the bit width of 'vmid_bitmap'.should
return error in case of overflow.
other cleanup for this function to avoid memory leak
in case of failure.
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add lookup_address to lokup the page table for a virtual address
of primary page table or a physical address of extended page table.
The remaining obtain_last_page_table_entry could be removed with their
called function later.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
The ept_mr_add still use the old map_mem. The old API will
keep for a peroid until the SOS the same refine be merged.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Merge mmu_modify with mmu_del to mmu_modify_or_del(..., type).
While type is MR_MODIFY, the actual action is doing mmu_modify; while
type is MR_DEL, the actual action is doing mmu_del.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add hcall_change_vm_page_wp_perm to change guest one page write permission.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If try to modify a memory region which will cross a large page and the first
page virtual address in it would not align to the large page size, it would
modify the whole large page attributes which is fatal wrong.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
In the function scope,the parameter should not be
changed as Misra required.
V1->V2 recover some violations because of ldra's false positive.
V2->V3 sync local variable' type to parameter's type with the prefix of const.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
SOS boot with all physicall cpus, before running UOS, it should free
CPU resource by offline not used cpus
- first do standard cpu offline flow
- then call hcall_sos_offline_cpu hypercall to release cpu resource really
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
if defined CONFIG_VM0_DESC, HV will use predefined vm0_desc to config
VM0, otherwise, HV will run VM0 with all physical cpus.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
foreach_vcpu will go through all vcpu_array and only call the following
code when vcpu != NULL
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Reviewed-by: Zhao Yakui <yakui.zhao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Remove shell_construct
Change shell_init to void type
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In vioapic emulating code, the vioapic spinlock is taken twice
in the same context.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Fix x86 directory violations which related to integer problems,
some of problems are skipped because of ldra's false positive.
V1->V2 1.modified the code style
2.fix all macro VM_EXIT_IO_INSTRUCTION related
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The purpos is to unify the layout of general-purpose regs in interrupt/excpetion context.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The general-purpose register layout is identical to instructio emulation context.
So no need to do the mapping.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
In current code, general-purpose register layout in run_context is not align with the
general-purpose register index when vmexit. So hv needs to map the index used during
vmexit to the index of the general-purpose register in run_context.
This patch align the layout, so that no mapping needed.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- fix misra integral type violations;
- change struct initilization style to make code more readable;
Signed-off-by: Victor Sun <victor.sun@intel.com>
Reviewed-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- The previous wake vector address just work for ABL, need to change it
to accommodate the latest SBL;
- Fix wrong bit width value in the pm1a gas;
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
1. fix some description for hv mmu_modify
2. add pml4_page input parameter for ept_mr_modify to keep align with
ept_mr_add and ept_mr_del which will support add or delete MR for trusty.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
1. rename set_vm_memmap to set_vm_memory_region
2. split ept_mmap into ept_mr_add and ept_mr_del
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, there are many casts from
an void pointer to integer pointer, then from
integer pointer to structure pointer.
These pointer castings are detected by static analysis
tool. All pointer casts are violations, There are
some duplicated pointer cast. This will make deviation
analysis complex.
BTW, there are one useless pointer casting and one
wrong pointer casting in the hypervisor.
Remvoe duplicated pointer casts to make deviation analysis
simple;
Remove one useless pointer casting;
Update one wrong pointer casting.
Note: There are many void type pointer casts, non-void type
pointer is casted to void type pointer, char type pointer casts,
non-char type pointer is casted to char type pointer. These pointer
casting is need by the memory management module, IO moudle etc.
Deviation analysis will be made and recoded in the analysis report.
V1-->V2:
Fix mixing pointer and array voilation.
V2-->V3:
Remvoe pointer casting from integer pointer into
non-void/non-char pointer directly;
Remove redundant type conversion.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Currently we reply on CONFIG_RELEASE=n to determine if a debug version should be
built. Though this holds due to the configuration overriding in kconfig.mk, this
only applies to make >= 3.82. For make 3.81, $(eval $(call xxx)) does not work
as expected, and thus CONFIG_RELEASE is undefined for debug builds.
Instead of checking CONFIG_RELEASE=n, this patch checks CONFIG_RELEASE=y
instead, which is guaranteed without relying on the behavior of $(eval $(call
xxx)).
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
The plus and minor have the same level of precedence. The Misra-C
considers it as a violation. Added brackets in between addition and
substraction oprators.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Added brackets for expression to make it easy to understand and
reduce the mistake of precedence. The rule is applied to the
mixed same level of prevedence opeartors, high level presedence
operators and logical expression.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Removed comment out unused code in vmexit.c, sprintf.c and vmcall.c
Minor fix in vmx.c to prevent Misra-c consider it as a piece of
code.
Signed-off-by: Yang, Yu-chu <yu-chu.yang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
- explicitly declare the array size to fix the violation 'Array has no
bounds specified'
- minor changes for comments style
v1 -> v2:
* add the definition for exit reasons from 0x39 to 0x40 based on "SDM
APPENDIX C VMX BASIC EXIT REASONS"
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
In current code, struct efi_ctx and dt_addr_t are defined in two places.
This patch removes one copy of the definitions.
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Jack Ren <jack.ren@intel.com>
The fixed MTRR MSR numbers are not contiguous, so it's not correct
to justify it by checking if it falls in certain range.
This patch fixes this issue by removing is_fixed_range_mtrr()
and use get_index_of_fixed_mtrr() to loop fixed_mtrr_map[]
and compare individual MSR values.
Also removed the unused function get_subrange_end_of_fixed_mtrr()
Signed-off-by: Zide Chen <zide.chen@intel.com>
fix all assign.c integer violations except related
"Implicit conversion: actual to formal param".
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This is the final cleanup of the integral type related issues, reported by the
static checker, under common/, mostly including
* make explicit the narrowings of vm_ids passed by register.
* work around the confusion of the static checker by abstracting
sub-expressions to local variables.
The remaining reports that are not trivial to suppress will be in the scope of a
separate document.
v1 -> v2:
* Instead of converting vm_ids inside hcall_xxx, update the prototypes of
these functions and do the conversion in vmcall_vmexit_handler.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Clean up most reported integral-type-related violations still existing under
arch/x86/guest/. The remaining reports that are not trivial to suppress will be
explained in separate documents.
Also move acpi_info outside acrn_common.h as the structure is no longer shared
with DM.
v1 -> v2:
* Move struct acpi_info to bsp_extern.h
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
The error code in the hypervisor is 32-bit signed integers. To reduce implicit
conversions, this patch make hcall_xxx returns int32_t, and finally converts it
to uint64_t when assigned to rax whose semantics is properly defined in C99.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Qualified or unqualified int or bool are the only types allowed for bit-field
members in C99, and MISRA C further forbids using plain int.
Use uint32_t (which is equivalent to unsigned int) for all bit-field members.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Inline function have some violations with parentheses
and return type casting.Fixed it.
V1->V2:modified the parameter to ther letter case
V2->V3:move the delcaration to the inner and reduce suffix UL to U
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Transfer DMAR_[GS]ET_BITSLICE to inline function
to limit the parameter type and return type.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Now the Intel RDT emulation is working in progress. So disable it
for temporary solution to avoid guest OS running with incorrect RDT
configuration.
Signed-off-by: Shuo Liu <shuo.a.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Most of the time, we use the virtual address of EPT PMl4 table,
not physical address.
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
mainly focus on: like U/UL as unsigned suffix;
char and int mix usage; also change some function's params
for data type consistent.
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Remove those APIs without definition
- Minor changes to make sure the line length is less than 80
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many type conversions in the atomic
operations invoking reported by static analysis tool. These
type conversions voilate MISRA C.
To keep uniform naming convention, rename atomic operation
function names:
atomic_set_int/long --> atomic_set32/64;
atomic_clear_int/long --> atomic_clear32/64;
atomic_load --> atomic_load32;
atomic_store --> atomic_store32;
atomic_swap --> atomic_swap32;
atomic_readandclear --> atomic_readandclear32;
atomic_inc --> atomic_inc32;
atomic_dec --> atomic_dec32;
atomic_cmpxchg --> atomic_cmpxchg32;
atomic_xadd --> atomic_xadd32.
Update the type of atomic_load32/64, atomic_store32/64,
atomic_swap32/64, atomic_cmpxchg32/6.
Update related variables and callers.
Note: the type of return value and parameters of atomic_xadd32/64
still keep signed int/long since caller pass
negative variable to atomic_xadd32/64;
V1-->V2:
Add comments for atomic_set/clear to differ from
bitmap_set/clear.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie.Mao <junjie.mao@intel.com>
There is chance to destroy vm whose ept table was not created, for
example, dm fails to setup mem for vm. In this case, it's better
to check the value of eptp before calling free_ept_mem() rather than
relying on assertion in the function.
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
While fixing the MISRA C violations related to integral types, we have unified
the type of the following data:
uint8_t:
phys_pin, virt_pin, vpic_pin, ioapic_pin, vioapic_pin
uint16_t:
vm_id, pcpu_id, vcpu_id, vpid
uint32_t:
vector, irq
This patch revisits the types of the fields in vhm_request as well as the
structures used as parameters in the hypercalls, and make them aligned with the
types the hypervisor uses for such data. Reserved fields are added to keep the
size and layout of the structures. Implicit paddings are also made explicit as
reserved fields.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C requires that a 'if' statement followed by one or more 'else if'
statement shall be terminated by an 'else' statement which contains either
side-effect or a comment, to ensure that conditions are considered
exhaustively.
Note that a simple 'if' statement is not required to be terminated by 'else'.
This patch fixes such violations by either refactoring the code or add the
'else' statement with either a comment (describing why this case can be skipped)
or logging the event. It may not be satisfactory for the release version where
logging is no-op, but properly handling these non-trivial cases is out of the
scope of this patch.
v1 -> v2:
* Fix unintended semantic changes in add_(msix|intx)_remapping and
io_instr_vmexit_handler.
* Simplify boolean checks in vpic_ocw2.
* Rephrase the comment in strtol_deci.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Yonghua Huang