Ralf Ramsauer [Tue, 27 Oct 2015 16:26:24 +0000 (17:26 +0100)]
Respect size of io bitmap in vcpu_cell_init()
Previous code copied the IO bitmap without respect to its actual size.
This patch simplifies the copying process and respects the size of the
destination.
vcpu functions were using sizeof() to determine the size of dynamically
allocated I/O bitmap, which won't work. Assign this value statically per
sub-architecture (Intel or AMD).
Xuguo Wang [Thu, 15 Oct 2015 07:13:26 +0000 (15:13 +0800)]
Documentation: articles: LJ-article-04-2015.txt
This document is used for the newbies, so I think the words must
accurate, and command must correct, but in the section of "Configs and
inmates", a command like this :
sudo tools/jailhouse cell stat apic-demo
but actually the right command is :
sudo tools/jailhouse cell stats apic-demo
So I send this patch.
Reported-by: Xuguo Wang <huddy1985@gmail.com> Signed-off-by: Xuguo Wang <huddy1985@gmail.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Thu, 15 Oct 2015 08:53:20 +0000 (10:53 +0200)]
ci: Update Travis Ubuntu environment
The utopic packages are no longer available, we need vivid. It's also a
good point to try out the beta environment based on trusty in to hope to
reduce the number of updates.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Fri, 25 Sep 2015 17:47:18 +0000 (19:47 +0200)]
x86: svm: Fix broken FS base on deactivation
After f93e23934b, we no longer call vmsave, thus will also not find the
right FS base there. This caused sporadic crashes of "jailhouse disable"
on return to userspace.
Fix it by loading the value from the corresponding MSR.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Fri, 18 Sep 2015 16:02:10 +0000 (18:02 +0200)]
core: pci: Fix MMCONFIG handling for root cell
Reorder the initialization in pci_init so that MMCONFIG is set up before
pci_cell_init is invoked for the root cell. Calling pci_cell_init
earlier has the undesired effect that the MMCONFIG region is not
registered for the root cell, and all related accesses will fail with
generic MMIO errors.
Jan Kiszka [Wed, 16 Sep 2015 07:22:23 +0000 (09:22 +0200)]
inmates: x86: Add support for TSC-based timing
Provide a service to calibrate the TSC against the PM timer and read out
the current time in nanoseconds. This service is much faster than the
slow PM timer, and it's also not affected by chipset-induced delays.
Note that the simplistic algorithm only supports measuring relative time
spans of a couple of seconds.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Antonios Motakis [Wed, 12 Aug 2015 16:21:58 +0000 (18:21 +0200)]
core: printk: include asm/bitops.h directly
Currently the implementation in hypervisor/printk.c assumes asm/bitops.h
will be included by asm/spinlock.h. Since this implementation is using
bitops directly, we include the right header file.
Signed-off-by: Antonios Motakis <antonios.motakis@huawei.com>
[Jan: adjust to alphabetic ordering] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Ralf Ramsauer [Thu, 13 Aug 2015 23:23:58 +0000 (01:23 +0200)]
hypervisor, driver: Added signature for .cell files
Inserted signature field in struct jailhouse_cell_desc and
jailhouse_system. Jailhouse kernel driver will refuse loading
a system configuration as a cell configuration et vice versa.
Signed-off-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
[Jan: also adjust Linux loader script] Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 5 Aug 2015 10:05:20 +0000 (12:05 +0200)]
arm: Migrate irqchips to generic MMIO dispatcher
Register the GIC distributor and, for the GICv3, also the redistributor
regions with the generic MMIO dispatcher. This allows to drop the GIC-
specific MMIO dispatching from arch_handle_dabt.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 5 Aug 2015 09:44:53 +0000 (11:44 +0200)]
arm: Prepare generic MMIO dispatching
Hook up the generic MMIO dispatcher into arch_handle_dabt without
removing existing handlers. This allows for a step-wise migration of
subsystems to the new dispatcher.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 5 Aug 2015 09:25:49 +0000 (11:25 +0200)]
core, x86: pci: Migrate MSI-X emulation to generic MMIO dispatcher
Register the MMIO BARs of PCI devices with the generic MMIO dispatcher
and remove direct invocation of pci_mmio_access_handler from
vcpu_handle_mmio_access. This particularly avoid having to scan all
PCI devices of a cell with MSI-X support to find out the target of an
MSI-X access.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 5 Aug 2015 09:16:32 +0000 (11:16 +0200)]
core: pci: Migrate MMCONFIG access handling to the new MMIO dispatcher
Register the MMCONFIG memory region, if available, with the generic MMIO
dispatcher and drop the related handler invocation from
pci_mmio_access_handler.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Mon, 6 Jul 2015 07:20:03 +0000 (09:20 +0200)]
core: ivshmem: Move functions unmodified
We will need ivshmem_write_doorbell, ivshmem_register_mmio and
ivshmem_msix_mmio earlier in the code. Move them up unmodified to
prepare this. No functional change.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 5 Aug 2015 08:34:19 +0000 (10:34 +0200)]
x86: Prepare generic MMIO dispatching
Hook up the generic MMIO dispatcher into vcpu_handle_mmio_access without
removing existing handlers. This allows for a step-wise migration of
subsystems to the new dispatcher. Note that the return values of current
handlers are compatible with the mmio_result enum.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 5 Aug 2015 07:19:08 +0000 (09:19 +0200)]
core: Add generic MMIO access dispatching
This introduces the infrastructure for generically dispatching MMIO
accesses. Handlers can now be registered for MMIO regions on a pre-cell
basis, removing the need for probing multiple handlers that decide
themselves if they are in charge.
The backing data structures consist of two sorted tables: one is
describing the region locations and sizes, the other one is holding, in
identical order, the handler and a corresponding opaque parameter.
Dispatching works lock-free and can even run in parallel with region
registration or removal. That latter two steps are protected against
concurrent invocation via a per-cell spinlock.
In order to preallocate sufficient space during cell setup, arch
architecture has to implement arch_mmio_count_regions that calculates
the maximum number of MMIO regions a cell may register during its
lifetime, typically based on static values and the cell configuration.
So far these functions are implemented as dummies because the MMIO
infrastructure is not yet used.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Move ARM's mmio_access structure into the generic MMIO header and polish
it for broader use. It will become the keystone of generic MMIO access
dispatching.
No functional changes, but a lot of variable and field renamings in
order to align ARM in advance with the naming scheme's we will use
throughout the whole core soon.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 5 Aug 2015 05:42:54 +0000 (07:42 +0200)]
arm: Rework arch_mmio_access to arm_mmio_perform_access
First, this is an ARM-specific function, so "arch" is an improper
prefix. And then we always ignored the return value anyway. Drop it and
instead report unsupported sizes via a printk (a candidate for BUG() if
we ever decide to add that).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 29 Jul 2015 07:48:09 +0000 (09:48 +0200)]
x86: vtd: Use pci_get_assigned_device to look up interrupt invalidation targets
Stop using the virtual device list which will be removed eventually and
switch to the pci_get_assigned_device service. It is a bit slower than
the current approach, but we don't consider the emulation of interrupt
invalidation requests as fast path. On the positive side, this change
will allow to simplify the PCI layer a bit.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 8 Jul 2015 04:45:39 +0000 (06:45 +0200)]
core: Split struct cell into generic and arch-dependent parts
ARM already did this, now also introduce this split at top level: move
all arch-specific cell states into the substructure arch_cell. This
refactoring simplifies the management of common cell states across all
architectures.
The common struct cell is now defined in jailhouse/cell.h. From now on,
asm/cell.h shall only be included directly by jailhouse/cell.h.
Generic PCI-related fields are moved into the common structure even
though ARM will not use them. That happens for two reasons:
- 2 of the 3 fields will be removed soon and the remaining one will be
negligible
- ARM is expected to gain PCI support as well one day
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sun, 28 Jun 2015 16:45:09 +0000 (18:45 +0200)]
core: Rework cleanup on cell destruction
Rename destroy_cpu_set to cell_exit and move it into
cell_destroy_internal. The background is that this function will be used
for more cleanups, and the refactoring will avoid cleanup code
duplications.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sun, 9 Aug 2015 19:41:36 +0000 (21:41 +0200)]
x86: Do not call vcpu_cell_exit after failing vcpu_vendor_cell_init
Regression of 328e10028d: vcpu_cell_init does not allocate any
resources prior to calling vcpu_vendor_cell_init. So there is no point
of calling vcpu_cell_exit if the vendor init functions failed, because
the latter is already rolling back. Even worse, the I/O bitmap will not
have been allocated, and vcpu_cell_exit will run into a NULL pointer
dereference.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Describe so far undocumented functions and also the communication region
structure.
For the latter, we have to expand the generic COMM_REGION_GENERIC_HEADER
macro during a doxygen run. This is achieved by including the generic
header from within the arch-specific one, but only for doxygen
processing. This special treatment is required because doxygen processes
each file directly, even if it should have been processed indirectly
already (here asm/jailhouse_hypercall.h via jailhouse/hypercall.h).
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Tue, 14 Jul 2015 05:16:50 +0000 (07:16 +0200)]
core, inmates: Move \r injection into console_write / arch_dbg_write
This moves the injection of \r on \n into the console_write and
arch_dbg_write implementations, causing some minor duplication but also
fixing injection for %s strings. Furthermore, this allows to skip the
injection for consoles the may not need it.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Tue, 14 Jul 2015 05:29:35 +0000 (07:29 +0200)]
arm: Use more panic_printk for fatal error messages
Fatal errors that will leave CPUs unusable and may occur in parallel on
multiple CPUs should be reported via panic_printk to maintain
readability of the output. Adjust some locations for unexpected HYP
exits and failing PSCI_CPU_OFF.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Mon, 13 Jul 2015 07:06:54 +0000 (09:06 +0200)]
arm: Unmap virtual GIC on cell destruction
This fixes a leak on cell destruction because we left the GICv2 mapped,
thus didn't free all paging structures. This also means we need to run
the irqchip cleanup before the cell MMU destruction.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Mon, 13 Jul 2015 07:01:51 +0000 (09:01 +0200)]
arm: Account for errors during irqchip cell_init
The cell_init callback of GICv2 should report the result of the mapping
request, thus needs a channel to return an error code. Extend the call
chain accordingly.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Mon, 13 Jul 2015 06:40:52 +0000 (08:40 +0200)]
arm: Fix arm_page_table_empty
The size of a pt_entry_t is a reference to an entry, not the entry type
itself. So we were calculating with an entry size of 4 instead of 8,
overrunning the table during empty checks. This specifically caused
page leakages during cell destruction.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sun, 12 Jul 2015 08:25:21 +0000 (10:25 +0200)]
arm: smp: Concentrate non-PSCI logic in Versatile Express module
We only keep the non-PSCI CPU hotplug support around for the sake of
old Versatile Express boards/models. No new boards will be accepted that
do not support the PSCI standard. Therefore, concentrate all functions
that were once considered reusable in the smp-vexpress module, folding
them into their only callers.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sun, 12 Jul 2015 08:22:46 +0000 (10:22 +0200)]
arm: Fix coding style of asm blocks
This aligns them with our (kernel) coding style: indent multi-line asm
blocks, end each line with \n\t in multi-line blocks, remove the ending
in single-line statements. No functional changes.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Fri, 10 Jul 2015 20:21:43 +0000 (22:21 +0200)]
core: pci: Add support for devices with more than 16 MSI-X vectors
There are PCI devices with way more than 16 MSI-X vectors on the field,
some users reported up to 80. We don't want to increase the statically
allocated MSI-X shadow table that much as it would quickly increase the
memory usage.
Instead, implement an on-demand allocation pattern like we already use
for CPU bitmaps: up to 16 vectors are allocated statically, if more are
needed, allocation switches to a dynamic scheme.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sat, 4 Jul 2015 20:04:28 +0000 (22:04 +0200)]
core: ivshmem: Convert static virt_pci_bar information into constants
There is no need to carry the virt_pci_bar array in each endpoint
structure. The flags field is unused, and the sizes can easily be
expressed as constants - they do not change.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sat, 4 Jul 2015 21:31:27 +0000 (23:31 +0200)]
core: ivshmem: Fix cell disconnection
Move the disconnect call before the potential endpoint copy operation.
Otherwise we risk to update the stale second entry, not the now active
first one.
This change also ensures that disconnect is performed even for the last
endpoint. This will allow us to put cleanup tasks into that function
that have to be executed unconditionally.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sat, 4 Jul 2015 21:14:30 +0000 (23:14 +0200)]
core: ivshmem: Mark BARs as 64-bit again
Regression of 294110a887: Like physical devices fill their bar array
during setup, virtual devices need to do this as well. Namely, the
64-bit flag got lost during migration to generic BAR emulation.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sat, 4 Jul 2015 11:36:53 +0000 (13:36 +0200)]
x86: Prevent usage of MMX, SSE, and AVX by compiler
The compiler may decide to use MMX, SSE or even AVX for copying data or
similar purposes. Prevent this because we neither initialize the related
units nor save/restore their state between the different worlds.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Wed, 1 Jul 2015 05:03:20 +0000 (07:03 +0200)]
x86: Embed page for EPT/NPT root_table into cell structure
Both Intel and AMD need this page and currently allocate it
programmatically. We can safe some logic, specifically error handling,
by reserving the page in the cell structure.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
"Get to know" Jailhouse originally appeared in Linux Journal issue
252 (April 2015). As of May 2015, it can be redistributed freely,
so add its slightly updated version to Documentation.
Signed-off-by: Valentine Sinitsyn <valentine.sinitsyn@gmail.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
We are preparing to import yet another article about Jailhouse, so
it makes sense to have dedicated place to store them. Also, add a
timestamp to article's filename, so one can easily say its
publication date.
Signed-off-by: Valentine Sinitsyn <valentine.sinitsyn@gmail.com> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sun, 24 May 2015 08:39:28 +0000 (10:39 +0200)]
configs: Add a linux-x86-demo cell configuration
This demonstrates non-root Linux booting. It is targeting the QEMU
reference setup but can easily be tailored for physical setups as well.
The config contains an ivshmem device to demonstrate both PCI device
discovery and inter-cell communication. Of the four available CPUs in
the QEMU setup, 3 are assigned to the cell to show that SMP works.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Jan Kiszka [Sun, 24 May 2015 08:10:22 +0000 (10:10 +0200)]
tools, inmates: Add "cell linux" subcommand to jailhouse tool
This adds support for loading and booting paravirtualized x86 Linux
kernels in non-root cells. The jailhouse tool is extended for this
purpose with a new subcommand "cell linux" that accepts the cell
configuration, the kernel image and an optional initrd as input. Also a
kernel command line can be specified. The script then creates the cell,
unless it already exists, load kernel, initrd, a special boot loader and
the required parameters for that loader into the cell RAM. Finally, it
starts the cell.
The interface between python helper and the boot loader inmate is based
on the kernels boot_params structure with a custom setup_data extension.
The former is initialized by the python help, specifically to inform
Linux about the location of its initrd and the command line. It also
contains an e820 list to report the memory layout. The setup_data is
filled by the boot loader with information about the PM timer address
and the available CPUs as well as their physical APIC IDs. For that
purpose, the Linux cell requires a communication region.
Although the loader script is currently x86-only, extension to ARM is
surely feasible as well.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>