Update the Makefiel to sync the compiler options with devicemode
and enable options to harden software.
Tracked-On: #1122
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
This commit fixes several compiler warnings before enabling compiler
options to harden software by:
- remove unused variables;
- add parentheses around assignment as compiler suggests;
- print warning if format string is truncated.
Tracked-On: #1122
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
Update the Makefiel to sync the compiler options with devicemode
and enable options to harden software.
Tracked-On: #1122
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
- Print warning if string truncated to avoid the warning generated
by -Wformat-truncation by GCC 7.0 and newer version;
- fixed strncpy size.
Tracked-On: #1122
Signed-off-by: Yan, Like <like.yan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
As a system service, acrnd will launch UOS, that must be done
after all required services and conditions are ready, such as
acrnprobe, weston, etc.
Tracked-On: #1278
Signed-off-by: Tao Yuhong <yuhong.tao@intel.com>
This patch is to sync the compiler options as the Makefile of device model.
Tracked-On: #1122
Signed-off-by: CHEN Gang <gang.c.chen@intel.com>
Reviewed-by: Zhi Jin <zhi.jin@intel.com>
Reviewed-by: Liu, Xinwu <xinwu.liu@intel.com>
This patch is to fix some compiler warnings before enabling the flag to make
compiler warning as compiler error.
The warning message is like:
ignoring return value of ‘write’, declared with attribute warn_unused_result.
Tracked-On: #1122
Signed-off-by: CHEN Gang <gang.c.chen@intel.com>
Reviewed-by: Zhi Jin <zhi.jin@intel.com>
Reviewed-by: Liu, Xinwu <xinwu.liu@intel.com>
MISRA-C states that redundant code reduce the maintainability of code.
In some cases, we would like to keep the current unused static functions
for code completeness, such as checking register info. These functions
might be used later.
This patch removes the unused static function 'mmu_pt_for_pde'.
Looks like it is legacy code and not being used in our project.
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Li, Fei1 <fei1.li@intel.com>
MISRA-C requires that every switch case shall be terminated with break
to avoid the unintentional fall through.
The code will become redundant if we enforce this rule.
So, we will keep the current implementation for the following two cases.
1. The fall through is intentional.
2. The function is returned in the switch case.
If we decide to eliminate the mutiple returns in one function later,
this case would be handled properly at that time.
What this patch does:
- add the mssing break for the default case
- add the pre condition for some functions and remove the corresponding
panic which will never happen since the function caller could guarantee
the pre condition based on the code implementation
v1 -> v2:
* remove the redundant cases above default in 'vlapic_get_lvtptr'
* add the similar pre condition for 'lvt_off_to_idx' as
'vlapic_get_lvtptr' since all the function callers could guarantee it
* remove the assertion in 'lvt_off_to_idx' since the pre condition
could guarantee that the assertion will never happen
* add the similar pre condition for 'vpic_set_irqstate' as
'vioapic_set_irqstate' since all the function callers could guarantee it
* remove the assertion in 'vpic_set_irqstate' since the pre condition
could guarantee that the assertion will never happen
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Netmap/vale attempts to speed up network communication by bypassing the
TCP/IP network stack, which requires patching the physical NIC driver so
that applications developed based on netmap can interact directly with
the physical NIC driver. It may make sense for some specific scenarios
which requres very high bandwith (10Gb/s or 100Gb/s), we can even put up
with the complexity and compatibility introduced by this techology.
However for ACRN, a virtualization solution for IoT, there is no need to
support this backend. For 1Gb NICs or below, the VBS-U/tap solution
can already achieve near-native bandwidth. To keep simplicity and
improve compatibility, remove the netmap/vale support in dm.
Tracked-On: #1313
Signed-off-by: Jie Deng <jie.deng@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
Convert GSI_MASK_IRQ and GSI_UNMASK_IRQ to inline functions.
v1 -> v2:
After changing GSI_MASK_IRQ and GSI_UNMASK_IRQ from MACROs to functions,
'gsi_(mask|unmask)_irq' are the exposed APIs and 'irq_gsi_mask_unmask'
becomes internal.
In order to reflect this change,
- change 'irq_gsi_mask_unmask' as internal function in ioapic.c
- declare 'gsi_(mask|unmask)_irq' in ioapic.h
- define 'gsi_(mask|unmask)_irq' in ioapic.c
Tracked-On: #861
Signed-off-by: Shiqing Gao <shiqing.gao@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
This patch is for "interrupt storm mitigation", used to reduce
the effect on SOS if an "interrupt storm" happens in UOS.
Add a monitor thread to get UOS pass-through devices interrupt
freqency data; currently, if "interrupt storm" happens, it'll
send a command to delay interrupt injection to UOS for some time.
The parameters: interrupt storm threshold and delay time can be
adjusted according differt HW configure and use case.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The hypercall can be used by SOS/DM to monitor UOS
pass-thru devices' interrupt data; and if an "interrupt
storm" happens in UOS, it can be used to delay the UOS
PTdev interrupt's injection for sometime.
The two functions are implemented by one hypercall with
two sub-commands, and with the data/params in the buffer.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
This patch is to enhance the feature of "interrupt storm
mitigation"; when interrupt storm happens on one UOS
it should keep as smaller effect to SOS as possible.
Add variables in PTdev entry & VM, used to record one
UOS's pass-thru devices' interrupt data; add a function
to collect the data.
Also add a timer used to delay UOS pass-thru devices'
interrupt injection if an "interrupt storm" detected
by SOS.
Tracked-On: #866
Signed-off-by: Minggui Cao <minggui.cao@intel.com>
Reviewed-by: Li Fei1 <fei1.li@intel.com>
Acked-by: Anthony Xu <anthony.xu@intel.com>
The .. code-block:: console directive (used for white text on a black
background) didn't handle some CSS cases properly resulting in
unreadable grey text on a black background.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Update the doc build instructions to include how to update the version
navigation selector (bottom of the left nav panel), and make commands
for building and publishing specific tagged releases (e.g., 0.2)
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Update conf.py selector list to include version 0.2 documentation (and
fix an URL typo in the release notes).
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Remove "DRAFT" indicator, and a few tweaks to repo description and
download instructions noticed in PR #1316
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Current code enables IOMMU from init_iommu_vm0_domain which is called
from vm0/sos boot sequence. For partition mode VMs, this is not called as
VMs are numbered from 1.
This patch adds support to initialize root table pointer for each IOMMU
and enable all IOMMUs from init_iommu. Hence IOMMUs are enabled even
though ACRN does not boot vm0.
This patch also has changes to fix#1270.
Tracked-On: #1246#1270
Signed-off-by: Sainath Grandhi <sainath.grandhi@intel.com>
CAVS audio driver depends on the NHLT table to get topology info.
Enable NHLT table in DM for audio passthrough.
Also increase the size reserved for NHLT in ACPI table from 2048B to 2560B.
Tracked-On: #1284
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Reviewed-by: Geoffroy Van Cutsem <geoffroy.vancutsem@intel.com>
Acked-by: Yin Fengwei <fengwei.yin@intel.com>
This patch is to exclude crashlog tool for release version.
Tracked-On: #1024
Signed-off-by: CHEN Gang <gang.c.chen@intel.com>
Reviewed-by: Zhi Jin <zhi.jin@intel.com>
Acked-by: Zhang Di <di.zhang@intel.com>
Some code has switch fallthrough cases, it causes some warning during
compiling. Adding a comment can quiet it.
Tracked-On:#1260
Signed-off-by: Chaohong Guo <chaohong.guo@intel.com>
Acked-by: Gen Zheng <gen.zheng@intel.com>
Due to the last patches, some funcs in malloc.c and stdlib.h files for
EFI stub module are no longer used. This commit just removes them, no
other changes is being introduced. The funcs are:
emalloc/efree, calloc/malloc/free, strstr/strdup
Tracked-On:#1260
Signed-off-by: Chaohong Guo <chaohong.guo@intel.com>
Ackedr-by: Gen Zheng <gen.zheng@intel.com>
emalloc() is called only by construct_mbi() during creating e820 mmap
layout. The switching has two benefits: first, UEFI FW might keep some
memory in pool, unlike call to emalloc(), call to allocate_pool() might
have no impact on e820 mmap; on the other hand, we can remove emalloc()
routine after this switching.
Tracked-On:#1260
Signed-off-by: Chaohong Guo <chaohong.guo@intel.com>
Reviewed-by: Anthony Xu <Anthony.Xu@intel.com>
Acked-by: Gen Zheng <gen.zheng@intel.com>
To reduce the call to dynamic memory allocation, the patch tries to
alloate memroy together with hypervisor when hypervisor is being
relocated by efi stub code. The memory allocated will be right at the
end of HV memory. Three structs will be done in this way: 1) boot_ctx,
which saves EFI boot state and is passed to SOS; 2) multiboot_info,
faked multi-boot header for passing boot info to hypervisor; and 3)
multiboot_mmap, e820 mmap structure.
after this, the EFI stub code (which boot hypervisor) will only have 3
to dynamic memory:
1. the call for hv binary and the 3 struct;
2. the call to CPU boot trampoline code;
3. the call to alloc mmap buf when inquery memory layout from UEFI FW;
Tracked-On:#1260
Signed-off-by: Chaohong Guo <chaohong.guo@intel.com>
Reviewed-by: Jason Chen <jason.cj.chen@intel.com>
Reviewed-by: Anthony Xu <Anthony.Xu@intel.com>
Reviewed-by: Eddie Dong <Eddid.Dong@intel.com>
Acked-by: Gen Zheng <gen.zheng@intel.com>
UEFI provides the func allocate_pages() with the option of AllocateAddress
and AllocateMaxAddress to allocate memory at fixed address or below the
specified address respectively. Make use of the interface, simplify the
memory allocation for hyperivosr when CONFIG_RELOC is enabled.
Tracked-On:#1260
Signed-off-by: Chaohong Guo <chaohong.guo@intel.com>
Reviewedd-by: Anthony Xu <Anthony.Xu@intel.com>
Acked-by: Gen Zheng <gen.zheng@intel.com>
CPU boot binary need to reside in the memory below 1MB. UEFI firmware
does provide that functionality to limit the highest physical addr of
allocated memory. we just call the right UEFI API and no longer do it
in EFI stub code.
Tracked-On:#1260
Signed-off-by: Chaohong Guo <chaohong.guo@intel.com>
Reviewed-by: Jason Chen <jason.cj.chen@intel.com>
Acked-by: Gen Zheng <gen.zheng@intel.com>
Reviewed-by: Anthony Xu <Anthony.Xu@intel.com>
Logically, out-of-range access won't happen at these places. However, it
depends on the behaviour of other codes.
This commit makes changes to explicitly eliminate the possibility in these
functions.
Tracked-On: #1235
Signed-off-by: Yan, Like <like.yan@intel.com>
This is temperory workaround for DM crash when doing fastboot
reboot. In fastboot, it will disable USB host functionality by
disable device respsone to one PCI bar. While DM code just release
the bar in this case. Which break the reboot functionality.
The workaround is to remove the assert to avoid DM abort. This is
safe because reboot will remove all memory range registered.
We will have offiical fixing later.
Tracked-On: #1277
Signed-off-by: Yin Fengwei <fengwei.yin@intel.com>
Acked-by: Yu Wang <yu1.wang@intel.com>
Change launch_uos.sh to enable USB xHCI full emulation support.
Signed-off-by: Xiaoguang Wu <xiaoguang.wu@intel.com>
Reviewed-by: Liang Yang <liang3.yang@intel.com>
Reviewed-by: Yu Wang <yu1.wang@intel.com>
Tracked-On: #1242
- use sizeof(struct lapic_regs),instead of arbitrary size
to lear 'apic_page' memory region in vlapic.c
- fix potential buffer overflow issues in vpic.c & ioapic.c
Tracked-On: #1252
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
These MACROs are never used by current code so remove it. The needed APIC
info is defined in other files with other MACROs.
We will unify kinds of APIC info definition in one place soon.
Tracked-On: #1274
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Add acpi_fixup() api in bsp that can override platform ACPI info when
do init_bsp(), this is useful when platform bootloader is not lock
down before production.
In current code only the wake vector addresses would be parsed after
boot and then override to host_acpi_info, we can add more in furture
based on our needs.
Tracked-On: #1264
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Per ACPI spec, there are two fundamental types of ACPI tables:
Tables that contain AML code produced from the ACPI Source Language (ASL).
These include the DSDT, any SSDTs, and sometimes OEM-specific tables (OEMx).
Tables that contain simple data and no AML byte code. These types of tables
are known as ACPI Data Tables. They include tables such as the FADT, MADT,
ECDT, SRAT, etc. -essentially any table other than a DSDT or SSDT.
The second type of table, the ACPI Data Table, could be parsed here.
If Kconfig of CONSTANT_ACPI is set to yes, this parser is not needed.
Tracked-On: #1264
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
If CONFIG_CONSTANT_ACPI is true, then the value in host_acpi_info structure
is constant. Otherwise the host_acpi_info value could be overrided.
This is useful when platform ACPI table value is not fixed in Bootloader
before production.
In production release, this config should be set to yes.
Tracked-On: #1264
Signed-off-by: Victor Sun <victor.sun@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRAC has requirement about implict conversion: actual to formal
param. This patch is used to fix part of these violations.
1.Add a new structure seg_desc_vmcs to hold the VMCS field address of
segment selector to clean up seg_desc structure.
2.Add the definition of maximum MSI entry and the relevant judgement.
3.The violations in shell.c, logmsg.c will be fixed in other series of
patches with modification of function snprintf(), vsnprintf() and other
related usages.
v1->v2:
*Move the definition of struct seg_desc_vmcs from instr_emul.h to
instr_emul.c.
*Modify the formal parameter type in function definition from uint8_t
to char instead of using cast.
*Drop the const declaration for char data in formal parameter.
v2->v3:
*update the data missing conversion.
*change type of internal parameter len to avoid casting in npklog.c.
*change the conversion from signed char to unsigned int in
uart16550_getc() to solve sign-extension.
Tracked-On: #861
Signed-off-by: Junjun Shan <junjun.shan@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Yan, Like