Parameter's type which is pointer should not be changed in the
scope of function,assign it's value to local variable to fixed
it out.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Reviewed-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
fix all assign.c integer violations except related
"Implicit conversion: actual to formal param".
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are many type conversions in the atomic
operations invoking reported by static analysis tool. These
type conversions voilate MISRA C.
To keep uniform naming convention, rename atomic operation
function names:
atomic_set_int/long --> atomic_set32/64;
atomic_clear_int/long --> atomic_clear32/64;
atomic_load --> atomic_load32;
atomic_store --> atomic_store32;
atomic_swap --> atomic_swap32;
atomic_readandclear --> atomic_readandclear32;
atomic_inc --> atomic_inc32;
atomic_dec --> atomic_dec32;
atomic_cmpxchg --> atomic_cmpxchg32;
atomic_xadd --> atomic_xadd32.
Update the type of atomic_load32/64, atomic_store32/64,
atomic_swap32/64, atomic_cmpxchg32/6.
Update related variables and callers.
Note: the type of return value and parameters of atomic_xadd32/64
still keep signed int/long since caller pass
negative variable to atomic_xadd32/64;
V1-->V2:
Add comments for atomic_set/clear to differ from
bitmap_set/clear.
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Reviewed-by: Junjie.Mao <junjie.mao@intel.com>
MISRA C requires that a 'if' statement followed by one or more 'else if'
statement shall be terminated by an 'else' statement which contains either
side-effect or a comment, to ensure that conditions are considered
exhaustively.
Note that a simple 'if' statement is not required to be terminated by 'else'.
This patch fixes such violations by either refactoring the code or add the
'else' statement with either a comment (describing why this case can be skipped)
or logging the event. It may not be satisfactory for the release version where
logging is no-op, but properly handling these non-trivial cases is out of the
scope of this patch.
v1 -> v2:
* Fix unintended semantic changes in add_(msix|intx)_remapping and
io_instr_vmexit_handler.
* Simplify boolean checks in vpic_ocw2.
* Rephrase the comment in strtol_deci.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Current code has a mistake associating destination with
redirectionhint. So just use the destination mode to work out
destination mode.
When injecting the msi interrupt to vcpu in hypervisor layer,
current code ingnores the redirection hint(RH) bit of msi address
message from guest, and just use the destination mode and
destination ID. So correctly before injecting, check the RH bit,
if set, choose the vcpu that has lowest priority to inject msi.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Zhao, Yakui <yakui.zhao@intel.com>
Reviewed-by: Yin, Fengwei <fengwei.yin@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
fix integer type violations,keep some violations which
related to hypcall and msix_entry_index.
V1->V2:1.modified API_MAJOR_VERSION from Makefile
2.sync acrn_common.h changed to device model
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are two different ways the current implementation adopts to access ioapic
RTEs:
1. As two 32-bit registers (typically named ''low'' and ''high''), or
2. As one 64-bit register (typically named ''rte'').
Two issues arise due to the mixed use of these two patterns.
1. Additional conversions are introduced. As an example, ioapic_get_rte()
merges two RTE fragments into a uint64_t, while some callers break it
back to ''low'' and ''high'' again.
2. It is tricky to choose the proper width of IOAPIC_RTE_xxx constants. SOS
boot failure is seen when they are 32-bit due to the following code:
/* reg is uint64_t */
vioapic->rtbl[pin].reg &= ~IOAPIC_RTE_REM_IRR;
while making them 64-bit leads to implicit narrowing when the RTEs are accessed
in the low & high pattern.
This patch defines a union ''ioapic_rte'' and unifies the access pattern
to IOAPIC and vIOAPIC RTEs.
v1 -> v2:
* Instead of two 32-bit ''low'' and ''high'', define a union that allows
either 32-bit or 64-bit accesses to RTEs.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Signed/unsigned conversion should add cast explicitily
or change the type of them to the same.
V1->V2:Fixed the 0U to 0UL because of the mistakes.
V2->V3:remove unsed macro
Signed-off-by: HuiHuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA-C requires the use of brackets, even when there is only one
statement in the loop body.
Signed-off-by: Ying Liu <ying2.liu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
It will print error information inside memcpy_s if
the parameteter is invalid, the caller can not check
the return value for memcpy_s/strcpy_s/strncpy_s
code like this:
int a(void) {
return 0;
}
int b(void){
a();
}
fix as follow:
int a(void) {
return 0;
}
int b(void){
(void)a();
}
Signed-off-by: Mingqiang Chi <mingqiang.chi@intel.com>
Misra C required signed/unsigned conversion with cast.
V1->V2:
a.split patch to patch series
V2->V3:
a.change the uint64_t type numeric constant's suffix from U to UL
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
There are multiple helpers for collecting info to be printed on the ACRN uart
console. They are unreachable code in release builds in which the uart console
is removed.
To define a precise boundary for safety-related activities, this patch wraps the
declarations and definitions to these helpers with "#ifdef HV_DEBUG" so that
these unreachable APIs will be dropped in release builds.
v1 -> v2:
* Fix coding style: no empty lines between #ifdef and the wrapped code.
* Also drop get_rte_info() in ioapic.c, which is solely used by
get_ioapic_info().
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
In the hypervisor, physical cpu id is defined as "int" or "uint32_t"
type in the hypervisor. So there are some sign conversion issues
about physical cpu id (pcpu_id) reported by static analysis tool.
Sign conversion violates the rules of MISRA C:2012.
In this patch, define physical cpu id as "uint16_t" type for all
modules in the hypervisor and change related codes. The valid
range of pcpu_id is 0~65534, INVALID_PCPU_ID is defined to the
invalid pcpu_id for error detection, BROADCAST_PCPU_ID is
broadcast pcpu_id used to notify all valid pcpu.
The type of pcpu_id in the struct vcpu and vcpu_id is "int" type,
this will be fixed in another patch.
V1-->V2:
* Change the type of pcpu_id from uint32_t to uint16_t;
* Define INVALID_PCPU_ID for error detection;
* Define BROADCAST_PCPU_ID to notify all valid pcpu.
V2-->V3:
* Update comments for INVALID_PCPU_ID and BROADCAST_PCPU_ID;
* Update addtional pcpu_id;
* Convert hexadecimals to unsigned to meet the type of pcpu_id;
* Clean up for MIN_PCPU_ID and MAX_PCPU_ID, they will be
defined by configuration.
Note: fix bug in the init_lapic(), the pcpu_id shall be less than 8,
this is constraint by implement in the init_lapic().
Signed-off-by: Xiangyang Wu <xiangyang.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C explicit required expression should be boolean when
in branch statements (if,while...).
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
MISRA C required that return value should be used, missing for it should
add "(void)" prefix before the function call.
Some function can be declared without return value to avoid this problem.
Signed-off-by: Huihuang Shi <huihuang.shi@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
remove_intx_remapping is not global function, make static.
Unlike global functions in C, access to static functions is restricted to the file where they are declared. Another reason for making functions static can be reuse of the same function name in other files
Signed-off-by: Chris Ye <chris.ye@intel.com>
Move common stuff, like ptdev entry and softirq, to new ptdev.c
Signed-off-by: Edwin Zhai <edwin.zhai@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
Currently irq and vector numbers are used inconsistently.
* Sometimes vector or irq ids is used in bit operations, indicating
that they should be unsigned (which is required by MISRA C).
* At the same time we use -1 to indicate an unknown irq (in
common_register_handler()) or unavailable irq (in
alloc_irq()). Also (irq < 0) or (vector < 0) are used for error
checking. These indicate that irq or vector ids should be signed.
This patch converts irq and vector numbers to unsigned 32-bit integers, and
replace the previous -1 with IRQ_INVALID or VECTOR_INVALID. The branch
conditions are updated accordingly.
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
According to the syntax defined in C99, each struct/union field must have an
identifier. This patch adds names to the previously unnamed fields for C99
compatibility.
Here is a summary of the names (marked with a pair of *stars*) added.
struct trusty_mem:
union {
struct {
struct key_info key_info;
struct trusty_startup_param startup_param;
} *data*;
uint8_t page[CPU_PAGE_SIZE];
} first_page;
struct ptdev_remapping_info:
union {
struct ptdev_msi_info msi;
struct ptdev_intx_info intx;
} *ptdev_intr_info*;
union code_segment_descriptor:
uint64_t value;
struct {
union {
...
} low32;
union {
...
} high32;
} *fields*;
similar changes are made to the following structures.
* union data_segment_descriptor,
* union system_segment_descriptor,
* union tss_64_descriptor, and
* union idt_64_descriptor
struct trace_entry:
union {
struct {
uint32_t a, b, c, d;
} *fields_32*;
struct {
uint8_t a1, a2, a3, a4;
uint8_t b1, b2, b3, b4;
uint8_t c1, c2, c3, c4;
uint8_t d1, d2, d3, d4;
} *fields_8*;
struct {
uint64_t e;
uint64_t f;
} *fields_64*;
char str[16];
} *payload*;
Signed-off-by: Junjie Mao <junjie.mao@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
According to the comments in hypervisor:
" This file includes config header file "bsp_cfg.h" and other
hypervisor used header files.
It should be included in all the source files."
this patch includes all common header files in hypervisor.h
then removes other redundant inclusions
Signed-off-by: Zide Chen <zide.chen@intel.com>
currently, pass-thru devices are managed by per-vm's remapping entries
which is virtual based:
- MSI entry is identified by virt_bdf+msix_index
- INTx entry is identified by virt_pin+vpin_src
it works but it's not a good design for physical resource management, for
example a physical IOAPIC pin could belong to different vm's INTx entries,
the Device Model then must make sure there is no resource conflict from
application's level.
This patch change the design from virtual to physical based:
- MSI entry is identified by phys_bdf+msix_index
- INTx entry is identified by phys_pin
The physical resource is directly managed in hypervisor, a miss adding
entry will be found by hypervisor and return error message with failure.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Xu, Anthony <anthony.xu@intel.com>
Before using a node of list, initialize it.
Signed-off-by: Zheng, Gen <gen.zheng@intel.com>
Reviewed-by: Yakui, Zhao <yakui.zhao@intel.com>
Reviewed-by: Chen, Jason Cl <jason.cj.chen@intel.com>
for release version, the vuart is not be used - pin 4 then is not used
by hypervisor.
this patch adds check for vm0->vuart to distinguish it.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
functions ptdev_build_physical_rte & activate_physical_ioapic
doesn't need to get parameters like phys_irq, ptdev_intx_info or vector
from caller, instead they can derive from entry.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
this patch is a preparation for changing ptdev remapping entry from
virtual to physical based, it changes the ptdev_lock from per-vm to
global, as entries based on physical mode are global resource.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
this patch is a preparation for changing ptdev remapping entry from
virtual to physical based, it changes the ptdev_list from per-vm to
global, as entries based on physical mode are global resource.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
info->phys_pin need be used by ptdev_build_native_rte when updating entry
TODO: currently ptdev entry is virtual based, the better solution should
be physical based.
Signed-off-by: Jason Chen CJ <jason.cj.chen@intel.com>
Huihuang Shi