Jan Kiszka [Sun, 26 Jun 2016 10:10:25 +0000 (12:10 +0200)]
arm: Remove SPI target reset on cell destruction
There is no point in updating the SPI routing on cell destruction: all
CPUs the cell owned will be given back to the root cell. So any
previously written valid target configuration remain valid.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sun, 26 Jun 2016 08:14:34 +0000 (10:14 +0200)]
arm: Rework spi_in_cell to irqchip_irq_in_cell
Make use of the the fully populated irq_bitmap and enhance spi_in_cell
to consider SGIs and PPIs as well. This allows to simplify
restrict_bitmask_access.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sat, 25 Jun 2016 15:59:35 +0000 (17:59 +0200)]
config, core: Improve irqchip configuration
This aims at supporting irqchips with more than 64 pins. The idea is to
use multiple entries in this case, each describing a distinct set of the
pins. Therefore, a pin_base field is introduced to jailhouse_irqchip.
Moreover, we expand the number of pins for each entry to 128.
We do not exploit the extended pin number on ARM yet, but stick with
64 pins for now. Succeeding change sets will tackle it.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Antonios Motakis [Thu, 12 May 2016 13:00:59 +0000 (15:00 +0200)]
arm: put the value of VTCR for cells in a define
We can reuse the code under hypervisor/arch/arm/mmu_cell.c for the
AArch64 port, save for the value we use for the VTCRL. AArch64 will
need in addition to the flags set by the AArch32 port, to set the
size of the address space.
We put this behind a define in asm/paging.h to allow this reuse.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Antonios Motakis [Thu, 12 May 2016 13:00:59 +0000 (15:00 +0200)]
arm: prepare port for 48 bit PARange support
We currently support 3 levels of page tables for a 39 bits PA range
on ARM. This patch implements support for 4 level page tables,
and 3 level page tables with a concatenated level 1 root page
table.
On AArch32 we stick with the current restriction of building for
a 39 bit physical address space; however this change will allow
us to support a 40 to 48 bit PARange on AArch64.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Antonios Motakis [Tue, 14 Jun 2016 12:16:44 +0000 (14:16 +0200)]
arm: move the handle_irq_route function to the GICv3 module
The handle_irq_route function is not needed with the GICv2.
On the ARMv8 port we will not assign a virt_id to each CPU,
opting to use the MPIDR as much as we can from the start.
GICv3 will need heavier refactoring for this purpose; by moving
this function we can reuse the GICv2 code on ARMv8.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com>
[Jan: implement stub in v2 to reduce #ifdefs] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Antonios Motakis [Thu, 12 May 2016 13:00:59 +0000 (15:00 +0200)]
arm: replace IS_PSCI_FN macro with more explicit versions
The previous version of the macro allows for more false positives
than necessary.
Replace the macro with IS_PSCI_32 and IS_PSCI_UBOOT macros, that
explicitly check for the 32 bit PSCI IDs, and the PSCI 0.1 IDs
used by uboot. ARMv8 will need an additinal check for the IDs
of 64 bit PSCI functions.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Antonios Motakis [Thu, 12 May 2016 13:00:59 +0000 (15:00 +0200)]
arm: psci: support multiple affinity levels in MPIDR
PSCI actually takes CPU parameters by the MPIDR id, which may
differ from the logical id of the CPU. This patch is the first step
into properly handling the CPU affinity levels in the MPIDR.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com>
[Jan: add missing processor.h include to setup.c] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Fri, 17 Jun 2016 12:37:30 +0000 (14:37 +0200)]
core: Add support for aligned page allocation
Refactor page_alloc to page_alloc_internal which accepts an additional
constraint for its allocation: align_mask. The allocated region will now
have its start page chosen so that page_number & align_mask is zero. If
no alignment is required, align_mask just needs to be set to 0. This is
what page_alloc exploits.
However, the new function page_alloc_aligned is introduces to return
page regions aligned according to their size (num pages will be aligned
by num * PAGE_SIZE). This implied that num needs to be a power of two.
This will be used on the AArch64 port of Jailhouse to support physical
address ranges from 40 to 44 bits: in these configurations, the initial
page table level may take up multiple consecutive pages.
Based on patch by Antonios Motakis.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Antonios Motakis [Fri, 17 Jun 2016 12:37:30 +0000 (14:37 +0200)]
core: panic_stop: print current cell only if it has been set
Currently during a panic, panic_stop will print the current cell
on the CPU where the panic occurred. However, if the hypervisor
panics sufficiently early during initialization, we may end up in
a situation where the root cell has not been initialized. This can
easily cause a trap loop, making the panic output less useful.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Dmitry Voytik [Fri, 17 Jun 2016 12:37:29 +0000 (14:37 +0200)]
driver: sync I-cache, D-cache and memory
Syncronize I-cache with D-cache after loading the hypervisor
image or a cell image. This must be done in arm64 according to
ARMv8 ARM spec. See page 1712, D3.4.6 "Non-cacheable accesses
and instruction caches".
This patch fixes coherency problems observed on real HW targets.
On x86 this operation is a NOP.
Antonios Motakis [Fri, 17 Jun 2016 12:37:29 +0000 (14:37 +0200)]
driver: ioremap the hypervisor firmware to any kernel address
At the moment the Linux driver maps the Jailhouse binary to
JAILHOUSE_BASE. The underlying assumption is that Linux may map the
firmware (in the Linux kernel space), to the same virtual address it
has been built to run from.
This assumption is unworkable on ARMv8 processors running in AArch64
mode. Kernel memory is allocated in a high address region, that is
not addressable from EL2, where the hypervisor will run from.
This patch removes the assumption, by introducing the
JAILHOUSE_BORROW_ROOT_PT define, which signals the behavior of the
current architectures.
We also turn the entry point in the header, into an offset from the
Jailhouse load address, so we can enter the image regardless of
where it will be mapped.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Thu, 23 Jun 2016 06:31:02 +0000 (08:31 +0200)]
arm: Fix byte-wise write access to GICD_ITARGETSRn
While expanding byte accesses to full words, we forgot to adjust the
address as well. This led to unaligned word accesses on writes, followed
by hypervisor aborts.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sun, 19 Jun 2016 18:54:59 +0000 (20:54 +0200)]
gitignore: Remove user-specific rules
A project's .gitignore should be about project-specific rules, shared by
everyone compiling it. So, instead of adding more and more rules for
user-specific editors or tools, remove them completely and no longer
accept new ones. Users can easily define local rules, see gitignore man
page.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Thu, 16 Jun 2016 16:25:58 +0000 (18:25 +0200)]
arm: Enable / disable maintenance interrupt in distributor
We did not get any maintenance interrupts so far because we didn't
enable the source in the distributor so far. Fix this, but also disable
it again when shutting down.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Thu, 16 Jun 2016 14:28:19 +0000 (16:28 +0200)]
arm: Enable maintenance interrupt also from irqchip_set_pending
In case we set an interrupt pending for the local CPU and cannot queue
it with the hardware, make sure the maintenance interrupt is on.
Otherwise, we risk to delay guest interrupts or cause the guest to get
stuck.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Thu, 16 Jun 2016 09:07:46 +0000 (11:07 +0200)]
arm: Convert software queue of pending interrupts into a ring
This massively simplifies the code and reduces the memory usage in
struct per_cpu. However, adding interrupt priorities later on may
require another rework.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Thu, 16 Jun 2016 08:33:33 +0000 (10:33 +0200)]
arm: Make sure to not queue interrupt that were rejected as duplicates
If the inject_irq callback detect that an interrupt is already queued
in some list register, do not insert it into the software queue, thus
coalesce the event like real hardware does.
The change in the return code of inject_irq is more cosmetic, to reflect
the meaning better.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Tue, 14 Jun 2016 05:30:09 +0000 (07:30 +0200)]
arm: Disable maintenance interrupt on successful injection
We enable the maintenance interrupt when all list registers are in use.
However, there was no disabling of it again. Apparently, it rarely
triggered in the field, otherwise we would have seen a lot of
maintenance interrupt storms, thus locked-up systems.
This introduces another callback to enable or disable the maintenance
interrupt. It is now controlled by irqchip_inject_pending, the function
that is also called when handling a maintenance interrupt.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Mon, 13 Jun 2016 09:47:22 +0000 (11:47 +0200)]
arm: Use asm-defines.h for struct per_cpu members
Port the logic over from x86 and also drop CHECK_ASSUMPTION here.
The only slightly ugly detail: the PERCPU_SIZE_SHIFT define is now
duplicated in both asm/percpu.h instances because there is no good
generic header yet to hold it. Can be cleaned up later on.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
cyng93 [Sat, 11 Jun 2016 00:40:46 +0000 (08:40 +0800)]
Documentation: More BananaPi documentation
This patch include more details about how to setup Jailhouse on a BananaPi-M1 board.
Basically this documentation covered:
1. Installation of Bananian(BananaPi offical OS) on BananaPi
2. Modifying U-boot configuration on BananaPi to run Jailhouse.
3. Update Bananian to newer kernel so Jailhouse could works.
- Compiling Kernel.
- Installing Kernel.
4. Installing Jailhouse on BananaPi.
5. Simple demo/test: Running Jailhouse with Freertos-cell on BananaPi.
Signed-off-by: CHING-YI NG <cyng93@gmail.com>
[Jan: removed external media link showing FUSE selection - not needed] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sat, 11 Jun 2016 17:00:13 +0000 (19:00 +0200)]
x86: Add missing include to amd_iommu.h
Reported by header-check script: We need this in the header due to the
use of struct jailhouse_memory. Consequently, we can remove the include
from the corresponding amd_iommu.c.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Xuguo Wang [Tue, 31 May 2016 03:44:16 +0000 (11:44 +0800)]
inmates/lib: cmdline.c
There is no point in checking for *p == 0 in the while loop,
after over the blanks, then checking for the parameters, if
find, return true, otherwise continue check the parameters,
if to the end of the cmdline, return false.
Signed-off-by: Xuguo Wang <huddy1985@gmail.com>
[Jan: also removed curly braces] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Georg Schiesser [Fri, 20 May 2016 18:07:06 +0000 (20:07 +0200)]
tools: fix missing hardware-check after make install
Add the new hardware-check script to the HELPERS, such that
"make install" will install it properly, just like the other
scripts, into: $DESTDIR/usr/local/libexec/jailhouse/
Signed-off-by: Georg Schiesser <georg.schiesser@opentech.at> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 18 May 2016 23:17:13 +0000 (01:17 +0200)]
tools: Add hardware feature check
The hypervisor itself is not very helpful when it comes to analyzing
feature deficits of the target platform. This adds another extension
script to the jailhouse command which checks the hardware using the
same key criteria that also the hypervisor applied.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Georg Schiesser [Tue, 10 May 2016 21:40:10 +0000 (23:40 +0200)]
tools: fix gcc sign-compare warnings
Cosmetic change to avoid multiple gcc sign-compare warnings between
signed int argc and unsigned int arg_num, both being small and
non-negative. Alternatively, we could use unsigned int argc or
disable the warning with gcc -Wno-sign-compare.
Signed-off-by: Georg Schiesser <georg.schiesser@opentech.at>
[Jan: reordered lines for visual pleasure] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Georg Schiesser [Tue, 10 May 2016 21:39:42 +0000 (23:39 +0200)]
configs: fixed typo in e1000-demo pio_bitmap
The pio_bitmap initialization incorrectly assigns overlapping ranges to
different values, similar to commit 886ca63f. As Jan pointed out:
"Fortunately, it was harmless because succeeding initializations
overwrote this exceeding one."
see also: https://gcc.gnu.org/onlinedocs/gcc/Designated-Inits.html
Signed-off-by: Georg Schiesser <georg.schiesser@opentech.at> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sat, 7 May 2016 17:02:28 +0000 (19:02 +0200)]
x86: Block DMA from unlisted devices in AMD IOMMU
Invalid device table entries in the AMD IOMMU mean that those devices
are actually allowed to perform DMA requests and issue interrupts. We
have to avoid this case because only devices listed in a config are
permitted to do so. We already achieve this effect when removing an
existing device from the table, but we have to ensure it also for any
unlisted device.
Devices with IDs not covered by any table are blocked by the IOMMU, see
AMD I/O Virtualization Technology spec, 2.2.2.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Mon, 9 May 2016 17:55:45 +0000 (19:55 +0200)]
x86: Use safer pattern with AMD IOMMU to block DMA requests
The AMD IOMMU spec is not 100% clear if a device table entry with V=1
but TV=0 implies that DMA requests from that device are blocked. Play
safe and use the pattern that Linux uses as well: TV=1, Mode=0 and IW as
well as IR cleared.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
driver: fix unsigned long overflow in leave_hypervisor
When shutting down the hypervisor, in the leave_hypervisor
function, the Linux driver touches every hypervisor page, to
ensure all pages are mapped. However, the current implementation
assumes hv_core_and_percpu_size is aligned to PAGE_SIZE. This may
not be the case, if PAGE_SIZE is different on the hypervisor side.
This can cause an unsigned long overflow, leading to an infinite
loop of touching successive pages starting from hypervisor_mem.
The loop will be broken as soon as Linux tries to touch an invalid
page, leading to a kernel crash.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
core: map the zero page to the full hypervisor memory region
During initialization, in init_early, the hypervisor maps the
memory used by the hypervisor with empty pages for the root cell.
However, if the root cell tries to access the region used by the
hypervisor, this is only safe if both sides agree on PAGE_SIZE.
It is a long shot to try to guess the granularity used by the
root cell; the safest bet is to map the full range that has been
allocated for the hypervisor to use.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Tue, 1 Mar 2016 22:31:31 +0000 (23:31 +0100)]
x86: Unify AMD page tables for CPU and IOMMU
This exploits AMD's architecture feature that you can reuse the nested
page tables also for the IOMMU.
Both tables have the same depth (4), share the same address fields, the
valid bit - but all other bits are separate. Therefore, we need to
enhance the NPT paging handlers so that they fold both bit sets into an
entry.
The rewards are saving of several lines of code as well as a bunch of
hypervisor pages (typically some dozen).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Add iommu_pending_faults() for amd_iommu. This looks into
Hardware Event Register first, and then loops over the event log
printing what's in it. This way, we don't miss errors that happen
when event logging is unavailable.
Signed-off-by: Valentine Sinitsyn <valentine.sinitsyn@gmail.com>
[Jan: Cleanups] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Add functions to read event logs AMD IOMMU provides and print their
contents. The latter is rather basic, but decoding all possible log
entries is hairy, so we'd better wait and collect stats which
problems occur most often.
Jan Kiszka [Wed, 15 Jul 2015 19:34:47 +0000 (00:34 +0500)]
x86: Add iommu_commit_config() for amd_iommu
Implement functions to apply configuration for an IOMMU.
In case something goes wrong, we need to trigger an NMI, which
amd_iommu_init_fault_nmi() configures.
Based on patch by Valentine Sinitsyn.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 15 Jul 2015 19:13:05 +0000 (00:13 +0500)]
x86: Add device management functions for amd_iommu
Implement iommu_add_pci_device() for amd_iommu.
Basically, this is all about filling DTE entry. However, there is no way
to allocate device tables sparsely with ADM IOMMU. To save some memory,
Device Table Segmentation (Revision 2.6 and up) is used whenever possible,
and this adds some infrastructure.
Based on patch by Valentine Sinitsyn.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Add basic infrastructure (heavily influenced by Linux amd_iommu driver)
to submit commands to AMD IOMMU command buffer. For now, having only
INVALIDATE_IOMMU_PAGES and COMPLETION_WAIT seems to be sufficient.
Signed-off-by: Valentine Sinitsyn <valentine.sinitsyn@gmail.com>
[Jan: Cleanups, simplification of draining] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Tue, 1 Mar 2016 06:15:38 +0000 (07:15 +0100)]
x86: Extend bit range returned by x86_64_get_flags
In order to support also the AMD IOMMU with x86_64_paging, we extend
the set of bits returned by get_flags handler. We now include all bits
ignored by the MMU, which includes the bits relevant for the AMD IOMMU.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Fri, 13 Mar 2015 17:41:02 +0000 (22:41 +0500)]
core, configs, tools: Add AMD-specific fields to struct jailhouse_iommu
For AMD, we also need to store the PCI address, capability offset and
IOMMU feature bits coming from ACPI (overwriting what the hardware
reports) in the cell configuration file.
Based on patches by Valentine Sinitsyn.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>