jailhouse/ti-jailhouse.git
22 months agox86: mmio: add support for 0x66 operand prefix master
Ralf Ramsauer [Thu, 6 Jun 2019 22:44:57 +0000 (00:44 +0200)]
x86: mmio: add support for 0x66 operand prefix

mov (%rax), %ax is a 16-bit data MOV_FROM_MEM that will emit
0x66 0x8b 0x00.

0x66 is the operand-size override prefix which we currently do not support.

We should support it, as we can find this opcode, for example, for some
mmconfig space access from Linux (e.g., pci_generic_config_read).

This also adds appropriate mmio-access tests.

Tested in QEMU virtual target.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
[Jan: dropped redundant EXPECT_EQUAL, adjusted ebx->rax addressing, tuned comment]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
22 months agox86: mmio: move flags to struct parse_context
Ralf Ramsauer [Thu, 6 Jun 2019 22:44:56 +0000 (00:44 +0200)]
x86: mmio: move flags to struct parse_context

We can easier pass them around if flags are stored in struct
parse_context.

Just a preparation, no functional change so far.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
22 months agox86: mmio: fix accidental clears of bits in registers
Ralf Ramsauer [Thu, 6 Jun 2019 22:44:55 +0000 (00:44 +0200)]
x86: mmio: fix accidental clears of bits in registers

We trap certain MMIO accesses and need to emulate their access.

On x86, a 32-bit read will clear bits 32-63 of a register.

Inconsistently, on x86, 16-bit and 8-bit reads must not clear high bits.
Jailhouse erroneously cleared those bits. Prevent this by applying a
preserved mask that keeps bits alive.

Add tests that check correct behaviour.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
[Jan: dropped redundant EXPECT_EQUAL]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
22 months agopyjailhouse: sysfs_parser: fix IVDM memory region definition
Andrej Utz [Wed, 5 Jun 2019 15:39:00 +0000 (17:39 +0200)]
pyjailhouse: sysfs_parser: fix IVDM memory region definition

Second parameter to MemRegion must be its end (inclusive).

Fixes: 5fe206927c05 ("tools: Implement ACPI IVRS table parser")
Signed-off-by: Andrej Utz <andrej.utz@st.oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
22 months agox86: vtd: Use proper MMIO_ERROR instead of -1
Jan Kiszka [Thu, 6 Jun 2019 07:11:44 +0000 (09:11 +0200)]
x86: vtd: Use proper MMIO_ERROR instead of -1

No functional change as the value stays the same.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
22 months agox86: Update CR4 reserved bits to include Intel Protection Keys Extension
Yasser Shalabi [Tue, 21 May 2019 18:03:40 +0000 (13:03 -0500)]
x86: Update CR4 reserved bits to include Intel Protection Keys Extension

Without this users running on recent Intel processors will not be able to
use jailhouse.

It is safe to allow guests to enabl this feature as it does not affects
the host.

Signed-off-by: Yasser Shalabi <yassershalabi@gmail.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
22 months agoinmates: x86: Catch and report exceptions
Jan Kiszka [Wed, 15 May 2019 09:05:31 +0000 (11:05 +0200)]
inmates: x86: Catch and report exceptions

Add basic reporting of exceptions that are triggered by an inmate so
that we stop translating all of them into hypervisor-caught triple
faults. Reporting is optional and need to be enabled explicitly by an
inmate via excp_reporting_init().

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoinmates: x86: Add 32-bit interrupt support
Jan Kiszka [Wed, 15 May 2019 09:02:22 +0000 (11:02 +0200)]
inmates: x86: Add 32-bit interrupt support

Fill in the missing pieces to enable interrupt handling also in 32-bit
inmates.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoinmates: x86: Refactor interrupt handler
Jan Kiszka [Wed, 15 May 2019 08:55:56 +0000 (10:55 +0200)]
inmates: x86: Refactor interrupt handler

This removes one call level by directly dispatching the target handler
from the assembly entry and also doing the EOI from there - micro
optimization.

Also limit the supported interrupt range to 32..63 so that exception
handling can be established for the first 32 vectors. This effectively
removes the possibility to set an NMI handler, but those are not
supported by Jailhouse so far anyway.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoinmates: x86: Register IDT during setup
Jan Kiszka [Wed, 15 May 2019 08:49:35 +0000 (10:49 +0200)]
inmates: x86: Register IDT during setup

This will allow to share it between interrupt and exception handling,
both being optional.

MAX_INTERRUPT_VECTORS is introduced as public API, defining how many
interrupts can be registered at most via int_set_handler().

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoconfigs: x86: Make Comm Region writable in all configs
Jan Kiszka [Wed, 15 May 2019 08:30:31 +0000 (10:30 +0200)]
configs: x86: Make Comm Region writable in all configs

Since we report startup or runtime failures this way, we need this
permission even when not actively participating in the message exchange
protocol.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoinmates: x86: consolidate register definitions
Ralf Ramsauer [Thu, 9 May 2019 21:07:23 +0000 (23:07 +0200)]
inmates: x86: consolidate register definitions

More duplicate register definitions are upcoming, consolidate them
first.

No functional change.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopci: use new PCI_CAP_ID_ definitions from pci_defs.h
Ralf Ramsauer [Thu, 9 May 2019 16:52:31 +0000 (18:52 +0200)]
pci: use new PCI_CAP_ID_ definitions from pci_defs.h

pci.h also defined two IDs for MSI and MSIX. Replace usages of these
definitions with the one defined in pci_defs.h.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopyjailhouse: let the generator produce speaking names for PCI caps
Ralf Ramsauer [Thu, 9 May 2019 16:52:30 +0000 (18:52 +0200)]
pyjailhouse: let the generator produce speaking names for PCI caps

Definitions on C-side are in place, so let the generator produce those
definitions.

Therefore, we autogenerate pyjailhouse/pci_defs.py.

The generator will extract PCI_CAP_IDs with grep & sed, fill the template and
print the generated python file. The Makefile will redirect the output to the
final destination.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
[Jan: moved pci_defs.py generation, refactored extended caps ID string]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopyjailhouse: implement a helper class ExtendedEnum
Ralf Ramsauer [Thu, 9 May 2019 16:52:29 +0000 (18:52 +0200)]
pyjailhouse: implement a helper class ExtendedEnum

Pythons Enums have the restriction that they only allow instances of a
with qualified known values. Unknown values are not supported.

In case of PCI capabilities, there might be IDs that do not have
speaking names. In this case, we should use the raw representation.

This helper class provides similar features to Python's enums, but is
specialised for generating C definiton-like things.

For very easy usage in code, I want this 'Enum'-like type to be directly
accessible via attributes. This is generally no problem, but we need to make a
tiny rain dance in order to support both, python2 and python3. The
with_metaclass decorator can be removed once Python 2 is EOL or we decide to
only support Python3.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopyjailhouse: sysfs_parser: rearrange ext PCI cap evaluation logic
Ralf Ramsauer [Thu, 9 May 2019 16:52:28 +0000 (18:52 +0200)]
pyjailhouse: sysfs_parser: rearrange ext PCI cap evaluation logic

Make it easier to read for now and required for upcoming changes.

No functional change.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopci, config: add more magic extended caps constants
Ralf Ramsauer [Thu, 9 May 2019 16:52:27 +0000 (18:52 +0200)]
pci, config: add more magic extended caps constants

We will need them later, as the config generator might generate them.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopci, configs: unmystify magic constants
Ralf Ramsauer [Thu, 9 May 2019 16:52:26 +0000 (18:52 +0200)]
pci, configs: unmystify magic constants

Some sugar for the guidance of the reader. Use speaking name instead of
hard-coded constants.

This patch was supported by:
$ git grep -l "\.id = 0x1"  | xargs sed -i 's/id = 0x1,/id = PCI_CAP_ID_PM,/'
$ git grep -l "\.id = 0x3"  | xargs sed -i 's/id = 0x3,/id = PCI_CAP_ID_VPD,/'
$ git grep -l "\.id = 0x5"  | xargs sed -i 's/id = 0x5,/id = PCI_CAP_ID_MSI,/'
$ git grep -l "\.id = 0x8"  | xargs sed -i 's/id = 0x8,/id = PCI_CAP_ID_HT,/'
$ git grep -l "\.id = 0x9"  | xargs sed -i 's/id = 0x9,/id = PCI_CAP_ID_VNDR,/'
$ git grep -l "\.id = 0xa"  | xargs sed -i 's/id = 0xa,/id = PCI_CAP_ID_DBG,/'
$ git grep -l "\.id = 0xd"  | xargs sed -i 's/id = 0xd,/id = PCI_CAP_ID_SSVID,/'
$ git grep -l "\.id = 0xf"  | xargs sed -i 's/id = 0xf,/id = PCI_CAP_ID_SECDEV,/'
$ git grep -l "\.id = 0x10" | xargs sed -i 's/id = 0x10,/id = PCI_CAP_ID_EXP,/'
$ git grep -l "\.id = 0x11" | xargs sed -i 's/id = 0x11,/id = PCI_CAP_ID_MSIX,/'
$ git grep -l "\.id = 0x12" | xargs sed -i 's/id = 0x12,/id = PCI_CAP_ID_SATA,/'
$ git grep -l "\.id = 0x13" | xargs sed -i 's/id = 0x13,/id = PCI_CAP_ID_AF,/'

Extended cap ids were manually replaced.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoScripts: Fix for Parsing DMAR Region under Reserved Section
Hakkı Kurumahmut [Tue, 7 May 2019 16:37:59 +0000 (19:37 +0300)]
Scripts: Fix for Parsing DMAR Region under Reserved Section

While kernel command parameters are intel_iommu=on  intremap=on at
some machines, cat /proc/iomem shows DMAR region under reserved section.
This patch must be done for config creation to complete because of
generating DMAR region not found error although it exist. If this patch is
not apply, an error is throw by "config create" command whether
intel_iommu On or Off because "reserved" regions are currently excluded from
the generated config although DMAR region exists. Thus, DMAR under reserved
section must be parsed by parser.

Signed-off-by: Hakkı Kurumahmut <kurumahmut@gmail.com>
[Jan: adjust style according to pep8]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoinmates: x86: AMD: use the correct vmmcall instruction
Ralf Ramsauer [Tue, 7 May 2019 12:52:29 +0000 (14:52 +0200)]
inmates: x86: AMD: use the correct vmmcall instruction

I silently broke AMD inmates a while ago.

In 4d6eb915ca78, I removed the call of hypercall_init() without
reintroducing it at the right location again. No one noticed so far, as
the bug (crash of the cell due to a wrong instruction) only happens on
AMD machines only if they use the virtual debugging console.

Instead of calling hypercall_init() somewhere inside printk, let's move
it to setup.c, as we now have a arch_init_early() routine, which is the
right place for these kind of initialisations.

Also remove X86_FEATURE_VMX, it was never used.

Fixes: 4d6eb915ca78e ("inmates: x86: Use virtual console as additional console")
Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
[Jan: also remove hypercall_init from inmate.h]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoDocumentation: x86: test-device: document the test-device
Ralf Ramsauer [Tue, 7 May 2019 19:19:57 +0000 (21:19 +0200)]
Documentation: x86: test-device: document the test-device

There was no documentation so far. Let's mention it in
hypervisor-configuration.md, and add some comments to the code.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoDocumentation: debug-output: fix typo
Ralf Ramsauer [Tue, 7 May 2019 12:27:01 +0000 (14:27 +0200)]
Documentation: debug-output: fix typo

Shoud obviously be 8250.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoconfigs: define ARRAY_SIZE in cell-config.h
Ralf Ramsauer [Mon, 6 May 2019 11:43:28 +0000 (13:43 +0200)]
configs: define ARRAY_SIZE in cell-config.h

instead of defining this useful macro in every single config file.

There's only one quirk: ARRAY_SIZE is defined for hypervisor code in util.h,
which we can't include in cell-config.h, as it's GPL-only. So we have to
duplicate the definitions, which might lead to redefinitions of the macro.
Hence, surround the macro by guards.

Also remove the macro from the root cell template.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agox86: test-device: rename comm_base to mmio_base
Ralf Ramsauer [Mon, 6 May 2019 22:01:51 +0000 (00:01 +0200)]
x86: test-device: rename comm_base to mmio_base

the name comm_base is misleading: the adress is in fact one page inside
comm_base. Guests call this page mmio_base, so let's call it mmio_base
as well.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agokbuild: Set our own KBUILD_AFLAGS for hypervisor and inmates
Jan Kiszka [Tue, 7 May 2019 05:21:37 +0000 (07:21 +0200)]
kbuild: Set our own KBUILD_AFLAGS for hypervisor and inmates

So far we relied on the kernel for providing us with a usable
KBUILD_AFLAGS. We only filtered out the enforced asm/unified.h
inclusion. But this is wrong, and it breaks on ARM with Thumb-2 mode
enabled. We should actually define our own, stable KBUILD_AFLAGS.

Reported-by: Arvid Rosén <arvid@softube.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoinmates: apic-demo: Use polling idle to avoid latency spikes
Jan Kiszka [Sun, 5 May 2019 10:05:53 +0000 (12:05 +0200)]
inmates: apic-demo: Use polling idle to avoid latency spikes

It has been observed and also confirmed by Intel that hlt can cause
wake-up delay in the order of microseconds, although no particular power
management is requested this way. That's obviously because of
unpredictable decisions of the CPU how to react on that internally.

As the apic-demo is (also) about demonstrating the minimal possible
interrupt delay, switch to polling.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoinmates: apic-demo: Plug race around message evaluation
Jan Kiszka [Sun, 5 May 2019 10:02:06 +0000 (12:02 +0200)]
inmates: apic-demo: Plug race around message evaluation

If msg_to_cell was not JAILHOUSE_MSG_SHUTDOWN_REQUEST, we took the
default path which also sent back JAILHOUSE_MSG_UNKNOWN - and cleared
msg_to_cell before that. This created a race condition with the
hypervisor trying to sent the cell a message. Due to the hlt, the race
normally didn't matter so far. It will when moving to polling-based
idle.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoREADME: Link cosmetics
Jan Kiszka [Sun, 5 May 2019 10:00:12 +0000 (12:00 +0200)]
README: Link cosmetics

- gmane's web interface is dead, propose mail-archive.com instead
- use clear-text project name with coverity

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoinmates: Fix RIP-relative test mmio-access
Jan Kiszka [Sun, 5 May 2019 09:27:58 +0000 (11:27 +0200)]
inmates: Fix RIP-relative test mmio-access

Avoid using the cmdline as basis which can move around - as in
91332fa77903. Also makes the thing more readable.

Reported-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agox86: ioapic: Simplify ioapic_mask_cell_pins
Jan Kiszka [Sun, 28 Apr 2019 07:56:47 +0000 (09:56 +0200)]
x86: ioapic: Simplify ioapic_mask_cell_pins

After ioapic_get_or_add_phys is called, the shadow_redir_table is
populated with the guest register content. As ioapic_mask_cell_pins is
only called after that function, we can read the mask state from the
shadow table and safe a register access.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agox86: ioapic: Move edge interrupt injection at the end of suppression
Jan Kiszka [Sun, 28 Apr 2019 07:54:52 +0000 (09:54 +0200)]
x86: ioapic: Move edge interrupt injection at the end of suppression

Analogously to MSI: When interrupt remapping is enabled in Linux, we
cannot evaluate the remapping table before the config-commit phase, thus
will never inject a message when trying that earlier.

Fixes: f651754c72e3 ("x86: Virtualize IOAPIC redir table for interrupt remapping support")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopci: Move MSI vector injection to the end of suppression
Jan Kiszka [Sun, 28 Apr 2019 07:49:28 +0000 (09:49 +0200)]
pci: Move MSI vector injection to the end of suppression

This fixes a long-pending issue that actually prevented the injection
when interrupt remapping was in use in the root cell on x86: We are
unable to translate the remapping entry into a physical message before
the 2nd level page table for the root is fully populated. This happens
in init_late, thus after the suppression request. The result is that we
only read invalid messages from the redirection table and did nothing.

By moving the injection to the config-commit phase, we have that full
access to the guest memory and can build the correct message.

Fixes: b50614282cff ("core: Virtualize legacy MSI for interrupt remapping support")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopci: Call arch_pci_suppress_msi also on re-enabling
Jan Kiszka [Sun, 28 Apr 2019 07:40:55 +0000 (09:40 +0200)]
pci: Call arch_pci_suppress_msi also on re-enabling

This will allow to move the injection to the end of the suppression
phase.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopci: Only call pci_suppress_msix() for root cell
Jan Kiszka [Sun, 28 Apr 2019 07:44:02 +0000 (09:44 +0200)]
pci: Only call pci_suppress_msix() for root cell

It is harmless to call pci_suppress_msix(..., false) it also for
non-root cells because it just writes back the config space register
content. But it is unneeded and, thus, potentially confusing.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agopci: Refactor loops in pci_prepare_handover and pci_config_commit
Jan Kiszka [Sun, 28 Apr 2019 07:35:14 +0000 (09:35 +0200)]
pci: Refactor loops in pci_prepare_handover and pci_config_commit

No functional change, just reduction of indention which will also be
beneficial for upcoming changes.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
23 months agoci: Work around incomplete ca-chain of scan.coverity.com
Jan Kiszka [Fri, 26 Apr 2019 05:58:17 +0000 (07:58 +0200)]
ci: Work around incomplete ca-chain of scan.coverity.com

It's missing the intermediate certificate from "Entrust Certification
Authority - L1K". Download that separately and inject it into the script
download to fix curl failing on that. See also
https://travis-ci.community/t/certificate-issue-during-coverity-build/3153

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: k3-am654: Add linux inmate demo dts
Lokesh Vutla [Thu, 11 Apr 2019 12:49:33 +0000 (18:19 +0530)]
configs: k3-am654: Add linux inmate demo dts

Add a demo device tree running Linux as an inmate on AM654 IDK.
Linux is assigned with 256MB RAM, 1 serial port(MCU UART0)
and ability to communicate with system firmware.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: inmates: k3-am654: Add linux inmate demo configuration
Lokesh Vutla [Thu, 11 Apr 2019 12:49:32 +0000 (18:19 +0530)]
configs: inmates: k3-am654: Add linux inmate demo configuration

Add an inmate configuration file for running Linux as an inmate
on AM654 IDK.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: inmates: k3-am654: Add gic and uart demo configurations
Lokesh Vutla [Thu, 11 Apr 2019 12:49:31 +0000 (18:19 +0530)]
configs: inmates: k3-am654: Add gic and uart demo configurations

Add UART and GIC based demos for AM654 IDK.

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Nikhil Devshatwar <nikhil.nd@ti.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: k3-am654: Add root cell configuration
Lokesh Vutla [Thu, 11 Apr 2019 12:49:30 +0000 (18:19 +0530)]
configs: k3-am654: Add root cell configuration

Add root cell configuration for TI's AM654 based idk.

Linux root cell DTS should reserve the following memory:
reg = <0x8 0xdfb00000 0x0 0x20500000>;

Signed-off-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoReplicate and re-license printk-core
Jan Kiszka [Wed, 10 Apr 2019 06:26:41 +0000 (08:26 +0200)]
Replicate and re-license printk-core

The inmate library currently uses printk-core.c from the hypervisor in
order to implement printf-like output. While the library has been
changed in 607251b44397 to dual-licensing, this part was ignored. So, if
an inmate uses printk, it can only choose GPL as license which is not
the intention of the re-licensing.

Change this situation by forking off the printk-core into the inmate
lib, now under dual BSD 2-clause / GPL. This is possible without hassle
as all contributions to hypervisor/printk-core.c were done by me, thus
are owned by Siemens. Forking avoids that people contributing to the
hypervisor core accidentally bring in GPL-only code to this part. It
also allows to evolve printk in the inmate library beyond what is needed
for the hypervisor without bloating the latter.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoci: Update travis rules
Jan Kiszka [Sat, 6 Apr 2019 12:25:48 +0000 (14:25 +0200)]
ci: Update travis rules

Xenial is now an official offer. This allows to drop a lot of legacy.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm-common: gic-v3: Forward pending SGIs to virtual queue on enable
Jan Kiszka [Wed, 3 Apr 2019 09:37:26 +0000 (09:37 +0000)]
arm-common: gic-v3: Forward pending SGIs to virtual queue on enable

Analogously to gic-v2: When enabling Jailhouse, Linux may have some SGIs
pending that have to be taken off the physical interface and forwarded
to the virtual one. Otherwise, we would lose them or even confuse
Jailhouse because it expects SGIs to be injected virtually only (done on
interception of GICD_SGIR).

Based on original patch by Peng Fan.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
2 years agoarm-common: gic-v2: Forward pending SGIs to virtual queue on enable
Jan Kiszka [Thu, 4 Apr 2019 06:14:44 +0000 (08:14 +0200)]
arm-common: gic-v2: Forward pending SGIs to virtual queue on enable

When enabling Jailhouse, Linux may have some SGIs pending that have to
be taken off the physical interface and forwarded to the virtual one.
Otherwise, we would lose them or even confuse Jailhouse because it
expects SGIs to be injected virtually only (done on interception of
GICD_SGIR).

Reported-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
2 years agoconfigs: miriac-sbc-ls1046a: adjust memory flags for qbman portals
Henning Schild [Tue, 26 Mar 2019 14:19:59 +0000 (15:19 +0100)]
configs: miriac-sbc-ls1046a: adjust memory flags for qbman portals

The qbman portal regions are split into two, cache-inhibited and
cache-enabled. (see DPAA_PORTAL_C[IE] in drivers/soc/fsl/qbman/)
When the underlying memory is not mapped correctly, like it was before
this commit, you will see TX errors and loose a significant amount of
packets on the DPAA NICs after jailhouse is enabled.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: miriac-sbc-ls1046a: move IVSHMEM region to end of array
Henning Schild [Tue, 26 Mar 2019 14:19:58 +0000 (15:19 +0100)]
configs: miriac-sbc-ls1046a: move IVSHMEM region to end of array

Now that we are not counting anymore, find the one we need to index from
the ARRAY_SIZE.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: miriac-sbc-ls1046a: remove mem region numbering
Henning Schild [Tue, 26 Mar 2019 14:19:57 +0000 (15:19 +0100)]
configs: miriac-sbc-ls1046a: remove mem region numbering

This commit just changes the comments and removes the indices from the
the region comments. These numbers make it hard to add or remove regions
without touching most of the file.

Signed-off-by: Henning Schild <henning.schild@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agopyjailhouse: sysfs_parser: Fix wrong IVRS device ID for IOAPIC
Andrej Utz [Tue, 26 Mar 2019 17:09:45 +0000 (18:09 +0100)]
pyjailhouse: sysfs_parser: Fix wrong IVRS device ID for IOAPIC

If the type of an IVHD device entry is a Special Device (0x48),
then device ID is stored at a different location. The code already
parsed the value to device_id_b, but it was never used.

This set the ID of all IOAPICs to 0x0 in the system configuration.

Fixes: 5fe206927c05 ("tools: Implement ACPI IVRS table parses")

Signed-off-by: Andrej Utz <andrej.utz@st.oth-regensburg.de>
Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agotools: hardware-check: Fix duplicate variable name usage
Jan Kiszka [Mon, 1 Apr 2019 10:16:03 +0000 (12:16 +0200)]
tools: hardware-check: Fix duplicate variable name usage

We already use "n" for the outer loop that iterate over all IOMMUs. Make
the register offset calculation more readable at this chance.

Reported-by: Burak Atalay <Burak.Atalay@rohde-schwarz.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agotools: hardware-check: Fine-tune hardware events test
Jan Kiszka [Sun, 24 Mar 2019 10:16:07 +0000 (11:16 +0100)]
tools: hardware-check: Fine-tune hardware events test

Perform the test also if we have no information from EFR: The features
might have been reported via ACPI.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agotools: hardware-check: Make msr setup Intel-only
Jan Kiszka [Sun, 24 Mar 2019 10:12:00 +0000 (11:12 +0100)]
tools: hardware-check: Make msr setup Intel-only

Not needed for testing AMD systems.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agopyjailhouse: Take root_dir into account when reading /proc/cpuinfo
Jan Kiszka [Sun, 24 Mar 2019 10:06:55 +0000 (11:06 +0100)]
pyjailhouse: Take root_dir into account when reading /proc/cpuinfo

Ensures we use the right CPU vendor when processing a system
configuration offline.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm-common: smccc: fix missing break statement
Ralf Ramsauer [Fri, 22 Mar 2019 14:51:51 +0000 (15:51 +0100)]
arm-common: smccc: fix missing break statement

Without breaking the ARM_SMCCC_OWNER_ARCH case, we will fall through and
end up in the ARM_SMCCC_OWNER_SIP case which is clearly a mistake.

Fix this bug by adding the break statement for the ARM_SMCCC_OWNER_ARCH
case.

Fixes: 075879bd0d48 ("arm-common: crash cell on unhandled SMC traps")
Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agohardware check: Catch errors opening /dev/mem during MMIO check
michael.g.hinton@gmail.com [Fri, 22 Mar 2019 04:10:07 +0000 (21:10 -0700)]
hardware check: Catch errors opening /dev/mem during MMIO check

Catch error, print, and continue, instead of exiting test.

Signed-off-by: Michael Hinton <michael.g.hinton@gmail.com>
[Jan: avoid duplicate error message]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: correct macro name
Peng Fan [Tue, 12 Mar 2019 04:41:34 +0000 (04:41 +0000)]
arm64: correct macro name

Accessing sysreg need to use msr or mrs instructions, not mcr or mrc.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agodriver: pci: Fix refcount leak
Flynn Xu [Thu, 21 Feb 2019 06:47:31 +0000 (06:47 +0000)]
driver: pci: Fix refcount leak

pci_get_domain_bus_and_slot will incease refcount of l_dev, there
should be a pci_dev_put(l_dev) to decrease the refcount, otherwise
the resource will not be free.

Signed-off-by: Flynn xu <flynn.xu@nxp.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: bitops: fix test_and_set_bit
Peng Fan [Thu, 14 Feb 2019 12:21:12 +0000 (12:21 +0000)]
arm64: bitops: fix test_and_set_bit

When compiling code using aarch64 poky gcc 8.2, met the warning:
"
  CC      hypervisor/printk.o
/tmp/cclKpFV2.s: Assembler messages:
/tmp/cclKpFV2.s:1306: Warning: unpredictable: identical transfer and status registers --`stxr w4,x5,[x4]'
"

According to DDI0487D_a_armv8_arm, section "C6.2.285 STXR",
"
if s == n && n != 31 then
    Constraint c = ConstrainUnpredictable();
    assert c IN {Constraint_UNKNOWN, Constraint_NONE, Constraint_UNDEF, Constraint_NOP};
    case c of
        when Constraint_UNKNOWN rn_unknown = TRUE; // address is UNKNOWN
        when Constraint_NONE rn_unknown = FALSE; // address is original base
        when Constraint_UNDEF UNDEFINED;
        when Constraint_NOP EndOfInstruction();
"
And ConstrainUnpredictable means:
"
shared/functions/unpredictable/ConstrainUnpredictable
// Return the appropriate Constraint result to control the caller's behavior. The return value
// is IMPLEMENTATION DEFINED within a permitted list for each UNPREDICTABLE case.
// (The permitted list is determined by an assert or case statement at the call site.)
"

So we need to avoid the situation that s == n returns true.

Without this patch, the asm code as following in panic_prink

    ffffc0207ac0:       91006024        add     x4, x1, #0x18
    ffffc0207ac4:       c85f7c85        ldxr    x5, [x4]
    ffffc0207ac8:       ea0200a3        ands    x3, x5, x2
    ffffc0207acc:       54000041        b.ne    ffffc0207ad4 <panic_printk+0x40>  // b.any
    ffffc0207ad0:       aa0200a5        orr     x5, x5, x2
    ffffc0207ad4:       c8047c85        stxr    w4, x5, [x4]
    ffffc0207ad8:       d5033bbf        dmb     ish
    ffffc0207adc:       35ffff24        cbnz    w4, ffffc0207ac0 <panic_printk+0x2c>

when read and write a register operand, we need to ensure that these
operands are annotated as "early clobber" if the register is written
before all of the input operands have been consumed. So need to add
early clobber for op3 to force it into a different register from op4.
Also need an early-clobber on op0 to force it into a different register
from op2 (which for purposes of register assignment is an input operand
holding an address).

With this patch, the asm code as following:
    ffffc0207a0c:       91006026        add     x6, x1, #0x18
    ffffc0207a10:       c85f7cc5        ldxr    x5, [x6]
    ffffc0207a14:       ea0200a3        ands    x3, x5, x2
    ffffc0207a18:       54000041        b.ne    ffffc0207a20 <panic_printk+0x40>  // b.any
    ffffc0207a1c:       aa0200a5        orr     x5, x5, x2
    ffffc0207a20:       c8047cc5        stxr    w4, x5, [x6]
    ffffc0207a24:       d5033bbf        dmb     ish
    ffffc0207a28:       35ffff24        cbnz    w4, ffffc0207a0c <panic_printk+0x2c>

mail: https://www.mail-archive.com/gcc@gcc.gnu.org/msg87351.html

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: miriac-sbc-ls1046a: Add linux inmate demo dts
Andreas Messerschmid [Tue, 29 Jan 2019 09:00:28 +0000 (10:00 +0100)]
configs: miriac-sbc-ls1046a: Add linux inmate demo dts

Add demo device tree for running Linux as an inmate on
the Microsys Miriac LS1046a SBC.

Signed-off-by: Andreas Messerschmid <andreas@linutronix.de>
Reviewed-by: Benedikt Spranger <b.spranger@linutronix.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: miriac-sbc-ls1046a: Add linux inmate demo configuration
Andreas Messerschmid [Tue, 29 Jan 2019 09:00:27 +0000 (10:00 +0100)]
configs: miriac-sbc-ls1046a: Add linux inmate demo configuration

Add an inmate configuration file for running Linux as an inmate on
the Microsys Miriac LS1046a SBC.

Signed-off-by: Andreas Messerschmid <andreas@linutronix.de>
Reviewed-by: Benedikt Spranger <b.spranger@linutronix.de>
[Jan: fix-up whitespace errors]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: miriac-sbc-ls1046a: Add GIC demo inmate configuration
Andreas Messerschmid [Tue, 29 Jan 2019 09:00:26 +0000 (10:00 +0100)]
configs: miriac-sbc-ls1046a: Add GIC demo inmate configuration

Add an inmate configuration file for running the GIC demo on
the Microsys Miriac LS1046a SBC.

Signed-off-by: Andreas Messerschmid <andreas@linutronix.de>
Reviewed-by: Benedikt Spranger <b.spranger@linutronix.de>
[Jan: fix-up whitespace errors]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: miriac-sbc-ls1046a: Add root cell configuration
Andreas Messerschmid [Tue, 29 Jan 2019 09:00:25 +0000 (10:00 +0100)]
configs: miriac-sbc-ls1046a: Add root cell configuration

Add a root cell configuration file for the Microsys
Miriac LS1046a SBC.

Signed-off-by: Andreas Messerschmid <andreas@linutronix.de>
Reviewed-by: Benedikt Spranger <b.spranger@linutronix.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agox86: vtd: Ignore lower two bits when evaluating VTD_REQ_INV_WAIT
Jan Kiszka [Sun, 27 Jan 2019 14:23:50 +0000 (15:23 +0100)]
x86: vtd: Ignore lower two bits when evaluating VTD_REQ_INV_WAIT

If the guest sets the wait request status address to the top of the
page, we crossed the border to the next page and either wrote some bytes
into a guest page that was previously mapped at page 2 in the temporary
mapping range, or we crashed the hypervisor on a fault if nothing was
mapped before.

Fix this by masking out the two lowest bits of the status address which
are actually reserved according to the Intel manual.

Along that, replace the hard-coded shift value with the right symbolic
constant.

Fixes: 20b09b8625d5 ("x86: Emulate interrupt remapping support to enable x2APIC usage")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoTODO: Remove some resolved items
Jan Kiszka [Thu, 24 Jan 2019 08:39:06 +0000 (09:39 +0100)]
TODO: Remove some resolved items

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agopyjailhouse: sysfs_parser: Fix msix_address calculation
Jan Kiszka [Thu, 24 Jan 2019 08:38:12 +0000 (09:38 +0100)]
pyjailhouse: sysfs_parser: Fix msix_address calculation

A missing brace caused 64-bit addresses to be truncated to 32-bit.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agotools, pyjailhouse: Fix offline mode of config generator
Jan Kiszka [Thu, 24 Jan 2019 08:32:30 +0000 (09:32 +0100)]
tools, pyjailhouse: Fix offline mode of config generator

This addresses three issues that were introduced while factoring out the
sysfs parser from the the config generator:

 - sysfs_parser.root_dir cannot be set from outside of he module -
   introduce a setter function instead
 - we need to initialize the root dir prior to performing the jailhouse
   enabled check
 - os.path.join drops any earlier elements if a later one is an absolute
   path - switch back to plain '+'

Fixes: 20a83313ea74 ("Splitting up helpers used in sysfs parsing")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agocore: Update comment according to recent change
Henning Schild [Fri, 11 Jan 2019 11:39:47 +0000 (12:39 +0100)]
core: Update comment according to recent change

37c7b05b21 renamed the flag JAILHOUSE_CON2_TYPE_ROOTPAGE, update that
last remaining comment as well

Signed-off-by: Henning Schild <henning.schild@siemens.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: Add Ultra96 board
Jan Kiszka [Sun, 6 Jan 2019 21:05:59 +0000 (22:05 +0100)]
configs: Add Ultra96 board

This is very similar to the ZCU102 eval board, but still different.
However, we can share at least the inmate device tree.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoDocumentation: Replace remaining JAILHOUSE_CELL_DEBUG_CONSOLE references
Jan Kiszka [Sun, 6 Jan 2019 10:23:46 +0000 (11:23 +0100)]
Documentation: Replace remaining JAILHOUSE_CELL_DEBUG_CONSOLE references

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: account SMC fast path
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:51 +0000 (19:06 +0100)]
arm64: account SMC fast path

Housekeeping: Don't forget to account the fast path. This still fits
into the interrupt vector entry.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm-common: crash cell on unhandled SMC traps
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:50 +0000 (19:06 +0100)]
arm-common: crash cell on unhandled SMC traps

Crash a cell if it calls an unhandled SMC functions.

There are two reason why to do this:
  - Not all SMC calls have return values. If the hypervisor returns with
    UNHANDLED, the guest may silently fail as it takes wrong
    assumptions. (This is what already happened to us)
  - A guest may only invoke SMC functions which it has discovered
    before. If there are new functions that we might have to implement
    in future, the crash will lead us the way.

Note that the default handler crashes the cell in case of
ARCH_SMCCC_WORKAROUND_1, as the default handler path will only be taken
in case of default interrupt vectors, where the workaround is not
available.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
[Jan: preserve function_id variable for better readability]
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: implement a fast path for the Spectre v2 workaround
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:49 +0000 (19:06 +0100)]
arm64: implement a fast path for the Spectre v2 workaround

In case of an EL1 abort, call the mitigation, and try to return to the
guest as fast as possible, if it explicitely called the mitigation.
Otherwise, handle the trap as usual.

The whole hot path of the workaround fits into the interrupt vector
slot, we just have to outsource the regular exit path to el1_trap.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm-common: implement SMCCC feature discovery
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:48 +0000 (19:06 +0100)]
arm-common: implement SMCCC feature discovery

Finally, report supported features to guests. This will only affect
non-root cells. The root-cell boots with absence of jailhouse and will,
thus, use the features it already discovered.

This is not the case for non-root cells. Report availability of
mitigations properly.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: Mitigate CVE 2017-5715 (aka Spectre v2)
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:47 +0000 (19:06 +0100)]
arm64: Mitigate CVE 2017-5715 (aka Spectre v2)

Define an alternative exit vector. This exit vector will be used if
SMCCC_ARCH_WORKAROUND_1 is available, and makes the assumption that
mitigations are required if the workaround is available.

Technically, the mitigations takes place in the monitor, its implementation
depends on the processor. Refer [1].

Similarly to KVM, Jailhouse calls the monitor's mitigation on each exit: IRQs
and guest aborts.

[1] https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: Initialise SMCCC backend
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:46 +0000 (19:06 +0100)]
arm64: Initialise SMCCC backend

by discovering its features.

The first step is to check the PSCI version. Don't even try to do any
SMCCC calls without having checked the proper PSCI version (current QEMU
horribly crashes).

Probe if SMCCC_ARCH_FEATURES is available. If so, probe for
SMCCC_ARCH_WORKAROUND_1 and expose its availability by setting a flag
inside the percpu structure.

The availability is stored per-cpu, as we might have big.LITTLE systems,
where only a subset of cores need mitigations.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm, arm64: add stubs for SMC calls
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:45 +0000 (19:06 +0100)]
arm, arm64: add stubs for SMC calls

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: introduce macro helpers that generate irq vectors
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:44 +0000 (19:06 +0100)]
arm64: introduce macro helpers that generate irq vectors

Logically, we can split up the vmexit_handler in two parts: the early phase,
after which x0-x4 may be clobbered, and the entry phase, that pushes the rest
of the context and enters the exit handler.

These two phases can be rolled out via macros. Later, we use these macro to add
additional (i.e., calling SMCCC_ARCH_WORKAROUND_1) code between the phases.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: remove arch_handle_exit
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:43 +0000 (19:06 +0100)]
arm64: remove arch_handle_exit

The final step: remove arch_handle_exit, and dispatch things directly in
assembly. As a consequence, we get a faster exit path, as we save the
double-dispatching.

We also save one instruction inside the interrupt vector. :-)

For the union registers, replace the exit_reason with __padding. For easier
handling, the padding is located at the beginning of the structure.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: traps: refactor arch_dump_exit to arch_el2_abt
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:42 +0000 (19:06 +0100)]
arm64: traps: refactor arch_dump_exit to arch_el2_abt

Step three of removing arch_handle_exit().

There's *no* way the default case can ever occur: The exit reason is a
hard-coded constant value inside the interrupt vector that will never have an
value outside its limited range. No need for special treatment of the default
handler, we can safely remove the arch_dump_exit() call.

With this, arch_dump_exit() only has one single caller left, so fold all
constant arguments inside the function itself, and refactor its name to
arch_el2_abt().

However, leave the panic_park() for the default handler for now, it's a
bug if it is called.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: Don't call vmreturn from arch_handle_exit
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:41 +0000 (19:06 +0100)]
arm64: Don't call vmreturn from arch_handle_exit

This is the second step to get rid of arch_handle_exit(). There's no need to
call vmreturn() from arch_handle_exit(). Let's move this to assembly.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: move vmexit_total increase to assembly
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:40 +0000 (19:06 +0100)]
arm64: move vmexit_total increase to assembly

This is the first step to get rid of arch_handle_exit().

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: reorder store of registers in exit path
Ralf Ramsauer [Thu, 3 Jan 2019 18:06:39 +0000 (19:06 +0100)]
arm64: reorder store of registers in exit path

If we want to call SMCCC very early in the exit path, we have to store x0-x3
as early as possible. Rearrange the exit path accordingly.

Due to the structure of union registers, we also have to push x4 while not
necessarily required. But this makes things easier at the moment. Nevertheless,
we will benefit from that later: we will use x4 to hold variables that need to
be preserved between SMC calls.

Additionally, decorate things with a few comments.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm-common: rework psci interface
Ralf Ramsauer [Thu, 20 Dec 2018 15:30:03 +0000 (16:30 +0100)]
arm-common: rework psci interface

Rename some macros, and, in particular, use the same naming scheme as Linux.
This scheme highlights in which version a particular function was introduced.

With this, let's also introduce PSCI version {en,de}coder macros. We will later
benefit from this macros.

No functional change.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm64: microoptimise exit path
Ralf Ramsauer [Tue, 18 Dec 2018 13:46:47 +0000 (14:46 +0100)]
arm64: microoptimise exit path

Similar to 6b02cd08a506 ("inmates: arm64: save registers on irq entry"), use
immediate values to address the absolute offset within the stack when storing
registers.

This is a bit more efficient that the previous push-decrement stack
pattern: While "stp xm, xn, [sp, #-16]!" results in a store followed by
a decrement of the stack pointer, "stp xm, xn, [sp, #(1 * 16)]"
addresses the absolute location inside the stack directly saves the
decrement of sp.

This patch also reverses the order of registers when being pushed. We will
later utilise this.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoCONTRIBUTING: Fix a typo and clarify statement
Jan Kiszka [Fri, 16 Nov 2018 14:00:58 +0000 (15:00 +0100)]
CONTRIBUTING: Fix a typo and clarify statement

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm, arm64: use proper return types for traps
Ralf Ramsauer [Mon, 5 Nov 2018 23:01:38 +0000 (23:01 +0000)]
arm, arm64: use proper return types for traps

There is a enum type for the return value of traps: enum trap_return. Use the
proper return type, wherever it is used.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm, arm64: consolidate traps.h
Ralf Ramsauer [Mon, 5 Nov 2018 23:01:37 +0000 (23:01 +0000)]
arm, arm64: consolidate traps.h

traps.h are almost the same for both arm architectures. The only differences
are struct traps_context and an additional routine (access_cell_regs) on armv7.

Common routines and definitions have their home inside arm-common, so
de-duplicate redundant definitions and give them a new home.

No functional change.

Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoconfigs: orangepi0: Permit access to another clock
Jan Kiszka [Sat, 10 Nov 2018 14:10:12 +0000 (15:10 +0100)]
configs: orangepi0: Permit access to another clock

This is required when using 4.19 as root kernel.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agoarm-common: account for SMC exits
Ralf Ramsauer [Thu, 18 Oct 2018 14:36:08 +0000 (16:36 +0200)]
arm-common: account for SMC exits

Statistics on ARM currently has some imbalances: the total number of
exits doesn't equal the sum of the fine granular exit counters: we
aren't accounting for SMCCC exits.

Fix this by adding a new statistic counter for SMCCC.

PSCI exits are already accounted inside psci_dispatch(), move SMCCC
accounting to the dispatcher routine handle_smc().

Fixes: 7688e96c815b ("arm-common: Rework handling of SMC")
Signed-off-by: Ralf Ramsauer <ralf.ramsauer@oth-regensburg.de>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agox86: Fix CONFIG_CRASH_CELL_ON_PANIC
Jan Kiszka [Wed, 17 Oct 2018 13:05:22 +0000 (15:05 +0200)]
x86: Fix CONFIG_CRASH_CELL_ON_PANIC

As it is not enabled by default, this became silently broken.

Fixes: 13c472715e29 ("core: Move failed into public per-cpu section")
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agotools: cell-stats: Visualize also CPU-specific statistics
Jan Kiszka [Fri, 12 Oct 2018 05:57:12 +0000 (07:57 +0200)]
tools: cell-stats: Visualize also CPU-specific statistics

Add a mode to step through the cell CPUs and display CPU-specific
statistics, just like the overall sum that is shown by default.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agodriver: Add per-cpu statistics
Jan Kiszka [Fri, 12 Oct 2018 05:47:01 +0000 (07:47 +0200)]
driver: Add per-cpu statistics

The hypervisor already provides us the counter CPU-specific, we just
need to expose them separated, in addition to the existing accumulated
representation. This helps to identify hypervisor interferences in
multicore cells that use core-specific workload.

The CPU-specific statistics are created for all CPUs during root cell
setup as separate kobjects. When a non-root cell is create the kobjects
associated with those CPUs that this cell is assigned are simply moved
from the root cell to the new one. On non-root cell destruction, the
kobjects are moved back. They are truly destroyed on root cell
tear-down.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agodriver: Prepare for per-cpu statistics
Jan Kiszka [Fri, 12 Oct 2018 05:40:22 +0000 (07:40 +0200)]
driver: Prepare for per-cpu statistics

This refactors the sysfs statistics code so that we can later add
per-CPU counters under the <cell-id>/statistics/ path. Primarily, this
means switching from a attribute group to a kobject for statistics.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agotools: cell-stats: Filter on statistic entries
Jan Kiszka [Thu, 11 Oct 2018 19:06:54 +0000 (21:06 +0200)]
tools: cell-stats: Filter on statistic entries

We are going to add CPU directories, so we need to be stricter with what
we consider a statistic entry.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agox86, driver: Add MSR_X2APIC_ISR exit counter
Jan Kiszka [Thu, 11 Oct 2018 16:28:45 +0000 (18:28 +0200)]
x86, driver: Add MSR_X2APIC_ISR exit counter

ICR accesses are a frequent source of vmexits for multicore cells
when the communicate via IPIs between the cores. Account for these exits
separately.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agox86: Push MSR statistic down to the dispatching points
Jan Kiszka [Thu, 11 Oct 2018 16:04:17 +0000 (18:04 +0200)]
x86: Push MSR statistic down to the dispatching points

This is another step in preparing more fine-grained statistics.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agox86: vmx: Use local variable for stats in vcpu_handle_exit
Jan Kiszka [Thu, 11 Oct 2018 15:43:06 +0000 (17:43 +0200)]
x86: vmx: Use local variable for stats in vcpu_handle_exit

Shortens lines and makes it more readable as well.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agox86, driver: Prepare for finer-grained MSR exist statistics
Jan Kiszka [Thu, 11 Oct 2018 15:29:27 +0000 (17:29 +0200)]
x86, driver: Prepare for finer-grained MSR exist statistics

We will add separate counters for specific frequent MSR accesses.
Prepare by reordering renaming the existing existing counter to
"MSR_OTHER".

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agotsc_read() renamed tsc_read_ns() to avoid misunderstandings.
Claudio Scordino [Tue, 9 Oct 2018 06:54:41 +0000 (08:54 +0200)]
tsc_read() renamed tsc_read_ns() to avoid misunderstandings.

Signed-off-by: Claudio Scordino <claudio@evidence.eu.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agox86: Clarify and improve rejection of NMI IPIs
Jan Kiszka [Mon, 8 Oct 2018 20:10:11 +0000 (22:10 +0200)]
x86: Clarify and improve rejection of NMI IPIs

While technically doable, re-injecting NMIs from the hypervisor into a
guest is far from being simple. On Intel, we need to take care of
various cases where injection could have failed. On AMD, it even takes
single-stepping over the IRET instruction in order to get to the end of
an NMI-blocking window.

So, remove the to-do note, replacing it with a hint that NMI IPIs will
likely remain unsupported for a longer time. At this chance augment the
printed message with the target CPU of the IPI. This may help to
correlate the effect of a missing NMI or the reason for the injection
(stalled CPU).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
2 years agodriver: x86: Catch unsupported assignment of CPU 0 to non-root cells
Jan Kiszka [Mon, 8 Oct 2018 20:07:27 +0000 (22:07 +0200)]
driver: x86: Catch unsupported assignment of CPU 0 to non-root cells

Due to the way how CPU 0 is offlined on x86, we cannot "steal" it from
the root cell and give it to a different owner. Catch any configuration
that tries to do so and reject this attempt.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>