Commit Graph

3395 Commits

Author SHA1 Message Date
Shiqing Gao 51068eccd0 doc: re-organize coding guidelines
This patch re-organizes ACRN coding guidelines to support
language-specific guidelines.

Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
2019-04-25 19:45:43 -07:00
Yin Fengwei 8055039545 Makefile: add gcc option to workaround build issue with latest gcc
With latest gcc, there are build error with current ACRN code.
Fixing could involve many code changes. We use gcc option to
remove build error as temperary workaround. And will fix the
build error one by one.

Tracked-On: #3010
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
2019-04-25 21:28:32 +08:00
fuyongjie 2387010fdd DM: virtio-gpio: fix falling or rising irq can't work
When UOS set failling irq type, gpio BE will only request GPIOEVENT_REQUEST_FAILLING_EDGE
event from native gpio driver which will cause the last_level value is always 0.
So last_level can't be used to check whether interrupt should be injected or not.
It is the same for rising irq type.

v2: refine commit message.

Tracked-On: #3010
Reviewed-by: Yuan Liu <yuan1.liu@intel.com>
Signed-off-by: fuyongjie <fuyongjie@neusoft.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
2019-04-25 15:28:13 +08:00
Zhao Yakui 7ef9498fe0 acrn/dm: gvt returns negative errno to terminate the initialization
When the "i915.enable_gvt=0" is added for SOS kernel boot args, ACRN-DM will
fail in course of gvt initialization and errno is returned directly.
As the errno defined in linux/errno.h is positive, it will continue
the unexpected initialization in ACRN-DM and then the segment fault is
triggered.
So negative errno is returned in order to terminate the initialization.

Tracked-On: #2584
Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Reviewed-by: He, Min <min.he@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
2019-04-25 15:11:10 +08:00
Liu, Xinwu 0b37fc0b17 tools:acrn-crashlog: fix the compiling error on gcc version 9.0.1
Meet compiling error:

In function ‘strncpy’,
    inlined from ‘main’ at main.c:88:4:
/usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’
specified bound 4096 equals destination size
[-Werror=stringop-truncation]
  106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos
(__dest));
      |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

This patch aims to fix it.

Tracked-On: #1024
Signed-off-by: Liu, Xinwu <xinwu.liu@intel.com>
Acked-by: Chen, Gang <gang.c.chen@intel.com>
2019-04-25 14:50:58 +08:00
Conghui Chen bed57dd242 HV: vuart: enable connect mode for VM
Enable connection mode for vuart, so that vuart in different VMs can set up
connection.
In pre-launched VM's configuration file, ttyS1 is set to be the connection
port. To enable it in post-launched VM, just add vuart configuration.

Tracked-On: #2987
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-25 11:21:54 +08:00
Conghui Chen 235d886103 HV: vuart: enable vuart console for VM
In previous code, only for pre-launched VM, hypervisor would create
vuart console for each VM. But for post-launched VM, no vuart is
created.
In this patch, create vuart according to configuration in structure
acrn_vm_config. As the new configuration is set for pre-launched VM and
post-launched VM, and the vuart initialize process is common for each
VM, so, remove CONFIG_PARTITION_MODE from vuart related code.

Tracked-On: #2987
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-25 11:21:54 +08:00
Conghui Chen 3c92d7bbc7 HV: vuart: refine vuart config
Add vuart config in acrn_vm_config struct, support configuring 2 vuarts for
each VM. The first vuart is used to work as VM's console. The second vuart
is used to connect to other VM's vuart. When the port base for a vuart
is set to 0, hypervisor will not create this vuart.

Tracked-On: #2987
Signed-off-by: Victor Sun <victor.sun@intel.com>
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-25 11:21:54 +08:00
Conghui Chen 1234f4f7b1 HV: shell: rename sos_console to vm_console
Change sos_console to vm_console, as this command is used to switch
console between VMs.

Tracked-On: #2987
Signed-off-by: Conghui Chen <conghui.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-25 11:21:54 +08:00
Victor Sun 2362e58509 HV: correct usage of GUEST_FLAG_IO_COMPLETION_POLLING
The guest flags of GUEST_FLAG_IO_COMPLETION_POLLING work for NORMAL_VM only;

Tracked-On: #2291

Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-25 11:07:21 +08:00
Yin Fengwei 578592b566 vlapic: refine IPI broadcast to support x2APIC mode
According to SDM 10.6.1, if dest fields is 0xffU for register
ICR operation, that means the IPI is for broadcast.

According to SDM 10.12.9, 0xffffffffU of dest fields for x2APIC
means IPI is for broadcast.

We add new parameter to vlapic_calc_dest() to show whether the
dest is for broadcast. For IPI, we will set it according to
dest fields. For ioapic and MSI, we hardcode it to false because
no broadcast for ioapic and MSI.

Tracked-On: #3003
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-25 09:12:16 +08:00
Kaige Fu 581c0a239a HV: move AP_MASK to cpu.h
It is better to use an unified MACRO. So, this patch moves AP_MASK to cpu.h
and removes the defination of the MACRO spanning different source files.

Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-24 11:55:23 +08:00
Kaige Fu 7b6fe14517 HV: Remove unnecssary indent in pm.c
This patch just removes unnecessary indent before #include in pm.c.

Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-24 10:50:38 +08:00
Kaige Fu a85d11ca7a HV: Add prefix 'p' before 'cpu' to physical cpu related functions
This patch adds prefix 'p' before 'cpu' to physical cpu related functions.
And there is no code logic change.

Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-24 10:50:28 +08:00
li bing 25741b62db HV: fix the issue of ACRN_REQUEST_EXCP flag is not cleared.
the problem is : System will crash when run crashme.
The root cause of this problem is that when the ACRN_REQUEST_EXCP flag is set by calling
the vcpu_make_request function, the flag is not cleared.
Add the following statement to the vcpu_inject_exception function to fix the problem:
bitmap_test_and_clear_lock(ACRN_REQUEST_EXCP, &vcpu->arch.pending_req);
Tested that one night, there was no crash.

Tracked-On: #2527
Signed-off-by: bing.li<bingx.li@intel.com>
Acked-by:      Eddie Dong<eddie.dong@intel.com>
2019-04-23 15:17:13 +08:00
Li, Fei1 28d50f1b96 hv: vlapic: add apic register offset check API
Add apic rgister offset check before do vlapic read/write.

Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-23 15:16:56 +08:00
Li, Fei1 70dd254456 hv: vmsr: refine x2apic MSR bitmap setting
In theory, we should trap out all the x2apic MSR access if APICv is not enabled.
When "Use TPR shadow" and "Virtualize x2APIC mode" are enabled, we could disable
TPR interception; when APICv is fully enabled, besides TPR, we could disable all
MSR read, EOI and self-IPI interception; when we pass through lapic to guest, we
could disable all the MSR access interception except XAPICID/LDR read and ICR write.

Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-23 15:16:56 +08:00
Li, Fei1 0c347e607a hv: vlapic: wrap APICv check pending delivery interrupt
When in fully APICv mode, we enable VID. All pending delivery interrupts
will inject to VM before VM entry. So there is no pending delivery interrupt.
However, if VID is not enabled, we can only inject pending delivery interrupt
one by one. So we always need to do this check.

Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-23 15:16:56 +08:00
Li, Fei1 037fffc203 hv: vlapic: wrap APICv inject interrupt API
apicv_advanced_inject_intr is used if APICv fully features are supported,
it uses PIR to inject interrupt. otherwise, apicv_basic_inject_intr is used.
it will use VMCS INTR INFO field to inject irq.

Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-23 15:16:56 +08:00
Li, Fei1 1db8123c2d hv: virq: refine pending event inject coding style
In order to combine vlapic_apicv_inject_pir and vcpu_inject_vlapic_int.

Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-23 15:16:56 +08:00
Li, Fei1 fde2c07c0a hv: vlapic: minor fix about APICv inject interrupt
When VID is enabeld, we should always inejct the pending interrupts when vm enter.

Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-23 15:16:56 +08:00
Li, Fei1 846b5cf6b7 hv: vlapic: wrap APICv accept interrupt API
The APICv ops is decided once the APICv feature on the physical platform is detected.
We will use apicv_advanced_ops if the physical platform support fully APICv feature;
otherwise, we will use apicv_basic_ops.
This patch only wrap the accept interrupt API for them.

Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-23 15:16:56 +08:00
Long Liu 7852719a86 ACRN: tool: Fix buffer overflow risk in acrnctl
There will be a buffer overflow fisk in delete runc functions.
If the shell command function return length longer or equal to
the length of the buffer, at that time execute strstr function it
will cause buffer overflow issue. Set buffer's last byte to Zero
will avoid the risk.

Tracked-On: #3001
Signed-off-by: Long Liu <long.liu@intel.com>
Acked-by: Like Yan <like.yan@intel.com>
2019-04-23 15:12:39 +08:00
Liu Yuan 763d218302 DM: virtio-gpio: fix array overflow issue
explicitly initialize the cmd_cap string array.

Tracked-On: #3001
Signed-off-by: Yuan Liu <yuan1.liu@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
2019-04-23 15:12:39 +08:00
Jian Jun Chen f3f870b7be dm: uart: use mevent_add only when it is a tty
When acrn-dm is started by acrnd as a background process, STDIN is
redirected to journal. In this case mevent_add cannot be called on
the fd of STDIN.

Tracked-On: #2998
Signed-off-by: Jian Jun Chen <jian.jun.chen@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
2019-04-23 14:57:56 +08:00
Yonghua Huang 3060956582 dm: fix possible null pointer dereference in pci_gvt_deinit
will access null pointer if 'gvt' is null.

Tracked-On: #1479
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Reviewed-by: He, Min <min.he@intel.com>
2019-04-23 13:44:05 +08:00
Yonghua Huang f991d179b0 hv: fix possible buffer overflow in vlapic.c
Possible buffer overflow will happen in vlapic_set_tmr()
  and vlapic_update_ppr(),this path is to fix them.

Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-23 13:43:25 +08:00
Li, Fei1 2c13ac7400 hv: vmcs: minor fix about APICv feature setting
1) Shouldn't try to set APIC-register virtualization if the physical doesn't
support APICV advanced mode.
2) Remove all APICv features VMCS setting when LAPIC is passed through to guest.

Tracked-On: #1842
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-23 09:47:36 +08:00
Li, Fei1 4fc2009770 hv: instr_emul: check the bit 0(w bit) of opcode when necessary
Not every instruction supports the operand-size bit (w). This patch try to correct
what done in commit-id 9df8790 by setting a flag VIE_OP_F_BYTE_OP to indicate which
instruction supports the operand-size bit (w).

This bug is found by removing VMX_PROCBASED_CTLS2_VAPIC_REGS VMCS setting when the
physical doesn't support this APICv feature. However, if emulated this in MRB board,
the android can't boot because when switch to trusty world, it will check
"Delivery Status" in ICR first. It turns out that this Bit Test instruction is not
emulated correctly.

Tracked-On: #1337
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
2019-04-23 09:47:36 +08:00
Kaige Fu 7ccb44afda HV: Remove dead loop in stop_cpus
This patch removes dead loop in stop_cpus because timeout never occurs.
If target cpu received a NMI and panic, it has called cpu_dead and stop_cpus success.
If target cpu is running, an IPI will be delivered to it and then call cpu_dead.

Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-22 19:58:20 +08:00
Kaige Fu 91c1408197 HV: Reset physical core of lapic_pt vm when shutdown
The physical core of lapic_pt vm should be reset for security and
correctness when shutdown the vm.

Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-22 19:58:20 +08:00
Kaige Fu e52917f7d1 HV: Reshuffle start_cpus and start_cpu
This patch makes the following changes:
  - Add one parameter 'mask' to start_cpus for later use.
  - Set cpu state as DEAD instead of dead loop when fail to start cpu.
  - Panic when there are any failures when start cpus in init_cpu_post and host_enter_s3.

Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-22 19:58:20 +08:00
Kaige Fu cfe8637cc1 HV: Kconfig: Remove CPU_UP_TIMEOUT
This patch remove the over design CPU_UP_TIMEOUT and
use CPU_UP_TIMEOUT and CPU_DOWN_TIMEOUT instead.

Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-22 19:58:20 +08:00
Kaige Fu 565f3c723a HV: Clear DM set guest_flags when shutdown vm
Currently, the previous configurations about guest_flags set by DM will
not be cleared when shutdown the vm. Then it might bring issue for the
next dm-launched vm.

For example, if we create one vm with LAPIC_PASSTHROUGH flag and shutdown it.
Then the next dm-launched vm will has the LAPIC_PASSTHROUGH flag set no matter
whether we set it in DM.

This patch clears all the DM set flags when shtudown vm.

Tracked-On: #2991
Signed-off-by: Kaige Fu <kaige.fu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-22 19:58:20 +08:00
Zide Chen a3207b2bc2 hv: allocate vpid based on vm_id and vcpu_id mapping
Currently vpid is not released in reset_vcpu() hence the vpid resource
could be exhausted easily if guests are re-launched.

This patch assigns vpid according to the fixed mapping of runtime vm_id
and vcpu_id to guarantee the uniqueness of vpid.

Tracked-On: #2700
Signed-off-by: Zide Chen <zide.chen@intel.com>
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
2019-04-22 19:57:28 +08:00
Victor Sun 9673f3dad4 HV: validate target vm in hypercall
- The target vm in most of hypercalls should be a NORMAL_VM, in some
exceptions it might be a SOS_VM, we should validate them.

- Please be aware that some hypercall might have limitation on specific
target vm like RT or SAFETY VMs, this leaves "TODO" in future;

- Unify the coding style:

	int32_t hcall_foo(vm, target_vm_id, ...)
	{
		int32_t ret = -1;
		...

		if ((is_valid_vm(target_vm) && is_normal_vm(target_vm)) {
			ret = ....
		}

		return ret;
	}

Tracked-On: #2978

Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-22 19:57:03 +08:00
Victor Sun 82181f4cdc HV: remove ifndef on vpci_set_ptdev_intr_info
The function vpci_set_ptdev_intr_info() is not compiled for
CONFIG_SHARING_MODE only any more so the #ifndef here is useless.

Tracked-On: #2291

Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-22 19:57:03 +08:00
Zide Chen aef5a4fd29 hv: free ptdev device IRQs when shutting down VM
Currently ptdev_release_all_entries() calls ptirq_release_entry() to
release ptdev IRQs, which is not sufficient because free_irq() is not
included in ptirq_release_entry().

Furthermore, function ptirq_deactivate_entry() and ptirq_release_entry()
have lots of overlaps which make the differences between them are not
clear.

This patch does:

- Adds ptirq_deactivate_entry() call in ptdev_release_all_entries() if the
  irq has not already freed.

- Remove unnecessary code from ptirq_deactivate_entry() to make it do the
  exact opposite to function ptirq_activate_entry(), except that
  entry->allocated_pirq is not reset, which is not necessary.

- Added the missing del_timer() to ptirq_release_entry() to make it almost
  opposite to ptirq_alloc_entry(); Added memset() to clear the whole entry,
  which doesn't have impacts to the functionalities but keep the data structure
  clean.

Tracked-On: #2700
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
2019-04-22 19:56:39 +08:00
Peter Fang 82fa9946e0 dm: safely access MMIO hint in MMIO emulation
mmio_hint in mem.c can potentially be accessed concurrently in
emulate_mem() because it only holds a read lock. Use a local variable to
make sure the same entry address is used throughout the function. Since
it only serves as a hint, it's okay if the function does not use the
most up-to-date version of mmio_hint, as long as mmio_hint is accessed
atomically.

Explicitly enforce natural alignment on mmio_hint to guarantee atomic
accesses on x86 and increase code portability, even though compilers
most likely always do it.

Entries in the RB tree are only removed in unregister_mem_int() while
holding a write lock, so accessing mmio_hint while holding a read lock
is safe.

Tracked-On: #2902
Signed-off-by: Peter Fang <peter.fang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
2019-04-22 15:18:21 +08:00
Peter Fang 4c38ff00c6 dm: completely remove enable_bar()/disable_bar() functions
Following up on d648df766c, surgically
remove all the functions related to enable_bar()/disable_bar() that got
introduced in 8787b65fde.

Tracked-On: #2902
Signed-off-by: Peter Fang <peter.fang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
2019-04-22 15:18:21 +08:00
Peter Fang a718fbe860 dm: pci: change return type to bool
Change return type to bool when returning int is not necessary.

Tracked-On: #2902
Signed-off-by: Peter Fang <peter.fang@intel.com>
Reviewed-by: Shuo A Liu <shuo.a.liu@intel.com>
2019-04-22 15:18:21 +08:00
Cai Yulong 887d41683b hv: check vm state before creating a VM
If launch two UOS with same UUID by acrn-dm, current code path will
return same VM instance to the acrn-dm, this will crash the two UOS.

Check VM state and make sure it's in VM_STATE_INVALID state before
creating a VM.

Tracked-On: #2984
Signed-off-by: Cai Yulong <yulongc@hwtc.com.cn>
2019-04-22 15:18:03 +08:00
Qi Yadong fa47554054 hv: seed: fix potential NULL pointer dereferencing
The 'boot_params' and 'entry' might be dereferenced after they were
positively checked for NULL. Refine checking logic to fix the issue.

Tracked-On: #2979
Signed-off-by: Qi Yadong <yadong.qi@intel.com>
Acked-by: Zhu Bing <bing.zhu@intel.com>
2019-04-22 15:17:33 +08:00
Li, Fei1 334c5ae701 hv: ept: correct EPT mapping gpa check
The previous will not check the EPT gpa correctly. This patch try to fix this.

Tracked-On: #2291
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
2019-04-22 11:49:30 +08:00
Zide Chen aee9f3c666 hv: reset per cpu sbuf pointers during vcpu reset
When shutting down SOS VM, the shared sbuf is released from guest OS, but
the per cpu sbuf pointers in hypervisor keep inact. This creates a problem
that after SOS is re-launched, hypervisor could write to the shared
buffer that no longer exists.

This patch implements sbuf_reset() and call it from reset_vcpu() to
reset sbuf pointers.

Tracked-On: #2700
Signed-off-by: Zide Chen <zide.chen@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
2019-04-19 16:20:34 +08:00
Li, Fei1 56acaacc29 hv: vlapic: add TPR below threshold implement
Add TPR below threshold implement for "Virtual-interrupt delivery" not support.
Windows will use it to delay interrupt handle.

Complete all the interrupts in IRR as long as they are higher priority than
current TPR. Once current IRR priority is less than current TPR enable TPR
threshold to IRR, so that if guest reduces the TPR threshold, it would be good
to take below TPR threshold exit and let interrupts to go thru.

Tracked-On: #1842
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Signed-off-by: Li, Fei1 <fei1.li@intel.com>
2019-04-19 11:11:54 +08:00
Mingqiang Chi a4c9cb997e hv:change register_mmio_emulation_handler to void
change this api to void type

Tracked-On: #1842
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
2019-04-19 09:02:15 +08:00
Yonghua Huang f1aa35a27c doc: add security advisory section in ACRN introduction website
Add survivability plan for ACRN Open source project.

Tracked-On: #2945
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
2019-04-18 05:27:07 -07:00
Shiqing Gao 3e19d62b9c doc: update coding guidelines
This patch updates some rules in coding guidelines.

Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
2019-04-18 05:26:10 -07:00
ruix.li bba432905e Setting up KBL serial console on the GSG
Signed-off-by: ruix.li <ruix.li@intel.com>
2019-04-18 05:23:19 -07:00