159 changes: 90 additions & 69 deletions devicemodel/hw/pci/core.c

Large diffs are not rendered by default.

8 changes: 6 additions & 2 deletions devicemodel/hw/pci/lpc.c
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,10 @@ lpc_uart_intr_assert(void *arg)
{
struct lpc_uart_vdev *lpc_uart = arg;

assert(lpc_uart->irq >= 0);
if (lpc_uart->irq < 0) {
pr_warn("%s: Invalid irq pin lpc_uart\n", __func__);
return;
}

if (lpc_bridge)
vm_set_gsi_irq(lpc_bridge->vmctx,
Expand Down Expand Up @@ -221,7 +224,8 @@ lpc_init(struct vmctx *ctx)
iop.arg = lpc_uart;

error = register_inout(&iop);
assert(error == 0);
if (error)
goto init_failed;
lpc_uart->enabled = 1;
}

Expand Down
11 changes: 9 additions & 2 deletions devicemodel/hw/pci/virtio/virtio_coreu.c
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,6 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#include <pthread.h>
#include <sysexits.h>
#include <dlfcn.h>
Expand Down Expand Up @@ -181,7 +180,15 @@ virtio_coreu_thread(void *param)

do {
ret = vq_getchain(rvq, &idx, &iov, 1, NULL);
assert(ret > 0);
if (ret < 1) {
pr_err("%s: fail to getchain!\n", __func__);
return NULL;
}
if (ret != 1) {
pr_warn("%s: invalid chain!\n", __func__);
vq_relchain(rvq, idx, 0);
continue;
}

msg = (struct coreu_msg *)(iov.iov_base);

Expand Down
55 changes: 45 additions & 10 deletions devicemodel/hw/pci/virtio/virtio_gpio.c
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@

#include <sys/ioctl.h>
#include <unistd.h>
#include <assert.h>
#include <errno.h>
#include <inttypes.h>
#include <fcntl.h>
Expand Down Expand Up @@ -293,6 +292,15 @@ static void gpio_pio_write(struct virtio_gpio *gpio, int n, uint64_t reg);
static uint32_t gpio_pio_read(struct virtio_gpio *gpio, int n);
static void native_gpio_close_line(struct gpio_line *line);

static void
virtio_gpio_abort(struct virtio_vq_info *vq, uint16_t idx)
{
if (idx < vq->qsize) {
vq_relchain(vq, idx, 1);
vq_endchains(vq, 0);
}
}

static void
native_gpio_update_line_info(struct gpio_line *line)
{
Expand Down Expand Up @@ -642,7 +650,10 @@ virtio_gpio_proc(struct virtio_gpio *gpio, struct iovec *iov, int n)
if (n == 1) { /* provide gpio names for front-end driver */
data = iov[0].iov_base;
len = iov[0].iov_len;
assert(len == gpio->nvline * sizeof(*data));
if (len != gpio->nvline * sizeof(*data)) {
DPRINTF("virtio gpio, invalid virtual gpio %d\n", len);
return 0;
}

for (i = 0; i < gpio->nvline; i++) {
line = gpio->vlines[i];
Expand All @@ -663,11 +674,17 @@ virtio_gpio_proc(struct virtio_gpio *gpio, struct iovec *iov, int n)
} else if (n == 2) { /* handle gpio operations requests */
req = iov[0].iov_base;
len = iov[0].iov_len;
assert(len == sizeof(*req));
if (len != sizeof(*req)) {
DPRINTF("virtio gpio, invalid req size %d\n", len);
return 0;
}

rsp = iov[1].iov_base;
len = iov[1].iov_len;
assert(len == sizeof(*rsp));
if (len != sizeof(*rsp)) {
DPRINTF("virtio gpio, invalid rsp size %d\n", len);
return 0;
}

gpio_request_handler(gpio, req, rsp);
rc = sizeof(*rsp);
Expand All @@ -687,10 +704,15 @@ virtio_gpio_notify(void *vdev, struct virtio_vq_info *vq)
uint16_t idx;
int n, len;

idx = vq->qsize;
gpio = (struct virtio_gpio *)vdev;
if (vq_has_descs(vq)) {
n = vq_getchain(vq, &idx, iov, 2, NULL);
assert(n < 3);
if (n >= 3) {
DPRINTF("virtio gpio, invalid chain number %d\n", n);
virtio_gpio_abort(vq, idx);
return;
}

len = virtio_gpio_proc(gpio, iov, n);
/*
Expand Down Expand Up @@ -908,10 +930,16 @@ gpio_irq_deliver_intr(struct virtio_gpio *gpio, uint64_t mask)
uint64_t *data;

vq = &gpio->queues[2];
idx = vq->qsize;
if (vq_has_descs(vq) && mask) {
vq_getchain(vq, &idx, iov, 1, NULL);
data = iov[0].iov_base;
assert(sizeof(*data) == iov[0].iov_len);
if (sizeof(*data) != iov[0].iov_len) {
DPRINTF("virtio gpio, invalid gpio data size %lu\n",
iov[0].iov_len);
virtio_gpio_abort(vq, idx);
return;
}

*data = mask;

Expand Down Expand Up @@ -972,7 +1000,6 @@ gpio_irq_set_pin_state(int fd __attribute__((unused)),
struct gpio_irq_desc *desc;
int err;

assert(arg != NULL);
desc = (struct gpio_irq_desc *) arg;
gpio = (struct virtio_gpio *) desc->data;

Expand Down Expand Up @@ -1036,7 +1063,6 @@ gpio_irq_teardown(void *param)
struct gpio_irq_desc *desc;

DPRINTF("%s", "virtio gpio tear down\n");
assert(param != NULL);
desc = (struct gpio_irq_desc *) param;
desc->mask = false;
desc->mode = IRQ_TYPE_NONE;
Expand Down Expand Up @@ -1158,7 +1184,11 @@ virtio_gpio_irq_proc(struct virtio_gpio *gpio, struct iovec *iov, uint16_t flag)

req = iov[0].iov_base;
len = iov[0].iov_len;
assert(len == sizeof(*req));
if (len != sizeof(*req)) {
DPRINTF("virtio gpio, invalid req size %d\n", len);
return;
}

if (req->pin >= gpio->nvline) {
DPRINTF("virtio gpio, invalid IRQ pin %d, ignore action %d\n",
req->pin, req->action);
Expand Down Expand Up @@ -1222,10 +1252,15 @@ virtio_irq_notify(void *vdev, struct virtio_vq_info *vq)
uint16_t idx, flag;
int n;

idx = vq->qsize;
gpio = (struct virtio_gpio *)vdev;
if (vq_has_descs(vq)) {
n = vq_getchain(vq, &idx, iov, 1, &flag);
assert(n == 1);
if (n != 1) {
DPRINTF("virtio gpio, invalid irq chain %d\n", n);
virtio_gpio_abort(vq, idx);
return;
}

virtio_gpio_irq_proc(gpio, iov, flag);
/*
Expand Down
17 changes: 11 additions & 6 deletions devicemodel/hw/pci/virtio/virtio_hdcp.c
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#include <pthread.h>
#include <sysexits.h>
#include <dlfcn.h>
Expand Down Expand Up @@ -312,17 +311,23 @@ virtio_hdcp_talk_to_daemon(void *param)
* - avoid vring processing due to spurious wakeups
* - catch missing notifications before acquiring rx_mtx
*/
while (!vq_has_descs(rvq)) {
ret = pthread_cond_wait(&vhdcp->rx_cond, &vhdcp->rx_mtx);
assert(ret == 0);
}
while (!vq_has_descs(rvq))
pthread_cond_wait(&vhdcp->rx_cond, &vhdcp->rx_mtx);

vhdcp->in_progress = 1;
pthread_mutex_unlock(&vhdcp->rx_mtx);

do {
ret = vq_getchain(rvq, &idx, &iov, 1, NULL);
assert(ret > 0);
if (ret < 1) {
pr_err("%s: fail to getchain!\n", __func__);
return NULL;
}
if (ret > 1) {
pr_warn("%s: invalid chain!\n", __func__);
vq_relchain(rvq, idx, 0);
continue;
}

msg = (struct SocketData*)(iov.iov_base);

Expand Down
5 changes: 2 additions & 3 deletions devicemodel/hw/pci/virtio/virtio_ipu.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#include <pthread.h>

#include "dm.h"
Expand Down Expand Up @@ -374,8 +373,8 @@ virtio_ipu_deinit(struct vmctx *ctx, struct pci_vdev *dev, char *opts)
virtio_ipu_k_stop(ipu);
virtio_ipu_k_reset(ipu);
ipu->vbs_k.ipu_kstatus = VIRTIO_DEV_INITIAL;
assert(ipu->vbs_k.ipu_fd >= 0);
close(ipu->vbs_k.ipu_fd);
if (ipu->vbs_k.ipu_fd >= 0)
close(ipu->vbs_k.ipu_fd);
ipu->vbs_k.ipu_fd = -1;
}
pthread_mutex_destroy(&ipu->mtx);
Expand Down
24 changes: 17 additions & 7 deletions devicemodel/hw/pci/virtio/virtio_mei.c
Original file line number Diff line number Diff line change
Expand Up @@ -1490,7 +1490,15 @@ vmei_proc_tx(struct virtio_mei *vmei, struct virtio_vq_info *vq)
* The first one is hdr, the second is for payload.
*/
n = vq_getchain(vq, &idx, iov, VMEI_TX_SEGS, NULL);
assert(n == 2);
if (n != VMEI_TX_SEGS) {
if (n == -1 || n == 0)
pr_err("%s: fail to getchain!\n", __func__);
else {
pr_warn("%s: invalid chain, desc number %d!\n", __func__, n);
vq_relchain(vq, idx, 0);
}
return;
}

hdr = (struct mei_msg_hdr *)iov[0].iov_base;
data = (uint8_t *)iov[1].iov_base;
Expand Down Expand Up @@ -1629,7 +1637,6 @@ static void *vmei_tx_thread(void *param)
if (pending_cnt == 0) {
err = pthread_cond_wait(&vmei->tx_cond,
&vmei->tx_mutex);
assert(err == 0);
if (err)
goto out;
} else {
Expand All @@ -1638,7 +1645,6 @@ static void *vmei_tx_thread(void *param)
err = pthread_cond_timedwait(&vmei->tx_cond,
&vmei->tx_mutex,
&max_wait);
assert(err == 0 || err == ETIMEDOUT);
if (err && err != ETIMEDOUT)
goto out;

Expand Down Expand Up @@ -1777,9 +1783,15 @@ vmei_proc_vclient_rx(struct vmei_host_client *hclient,
bool complete = true;

n = vq_getchain(vq, &idx, iov, VMEI_RX_SEGS, NULL);
assert(n == VMEI_RX_SEGS);
if (n != VMEI_RX_SEGS)
if (n != VMEI_RX_SEGS) {
if (n == -1)
pr_err("%s: fail to getchain!\n", __func__);
else {
pr_warn("%s: invalid chain, desc number %d!\n", __func__, n);
vq_relchain(vq, idx, 0);
}
return;
}

len = hclient->recv_offset - hclient->recv_handled;
HCL_DBG(hclient, "RX: DM->UOS: off=%d len=%d\n",
Expand Down Expand Up @@ -1883,7 +1895,6 @@ static void *vmei_rx_thread(void *param)

while (vmei->status != VMEI_STST_DEINIT && !vq_ring_ready(vq)) {
err = pthread_cond_wait(&vmei->rx_cond, &vmei->rx_mutex);
assert(err == 0);
if (err)
goto out;
}
Expand All @@ -1900,7 +1911,6 @@ static void *vmei_rx_thread(void *param)

err = pthread_cond_wait(&vmei->rx_cond,
&vmei->rx_mutex);
assert(err == 0);
if (err || vmei->status == VMEI_STST_DEINIT)
goto out;
}
Expand Down
24 changes: 16 additions & 8 deletions devicemodel/hw/platform/atkbdc.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@
*/

#include <stdint.h>
#include <assert.h>
#include <errno.h>
#include <stdbool.h>
#include <stdlib.h>
Expand All @@ -43,6 +42,7 @@
#include "ps2mouse.h"
#include "vmmapi.h"
#include "mevent.h"
#include "log.h"

static void
atkbdc_assert_kbd_intr(struct atkbdc_base *base)
Expand Down Expand Up @@ -291,7 +291,7 @@ atkbdc_sts_ctl_handler(struct vmctx *ctx, int vcpu, int in, int port,
int bytes, uint32_t *eax, void *arg)
{
struct atkbdc_base *base;
int error, retval;
int retval;

if (bytes != 1)
return -1;
Expand Down Expand Up @@ -361,9 +361,8 @@ atkbdc_sts_ctl_handler(struct vmctx *ctx, int vcpu, int in, int port,
KBDS_KBD_BUFFER_FULL;
break;
case KBDC_RESET: /* Pulse "cold reset" line */
error = vm_suspend(ctx, VM_SUSPEND_FULL_RESET);
vm_suspend(ctx, VM_SUSPEND_FULL_RESET);
mevent_notify();
assert(error == 0 || errno == EALREADY);
break;
default:
if (*eax >= 0x21 && *eax <= 0x3f) {
Expand Down Expand Up @@ -415,8 +414,10 @@ atkbdc_init(struct vmctx *ctx)
int error;

base = calloc(1, sizeof(struct atkbdc_base));

assert(base != NULL);
if (!base) {
pr_err("%s: alloc memory fail!\n", __func__);
return;
}

base->ctx = ctx;
ctx->atkbdc_base = base;
Expand All @@ -432,7 +433,8 @@ atkbdc_init(struct vmctx *ctx)
iop.arg = base;

error = register_inout(&iop);
assert(error == 0);
if (error < 0)
goto fail;

bzero(&iop, sizeof(struct inout_port));
iop.name = "atkdbc";
Expand All @@ -443,7 +445,8 @@ atkbdc_init(struct vmctx *ctx)
iop.arg = base;

error = register_inout(&iop);
assert(error == 0);
if (error < 0)
goto fail;

pci_irq_reserve(KBD_DEV_IRQ);
base->kbd.irq = KBD_DEV_IRQ;
Expand All @@ -453,6 +456,11 @@ atkbdc_init(struct vmctx *ctx)

base->ps2kbd = ps2kbd_init(base);
base->ps2mouse = ps2mouse_init(base);

return;
fail:
pr_err("%s: fail to init!\n", __func__);
free(base);
}

void
Expand Down
6 changes: 0 additions & 6 deletions devicemodel/hw/platform/cmos_io.c
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
*/

#include <stdio.h>
#include <assert.h>
#include <stdbool.h>

#include "inout.h"
Expand Down Expand Up @@ -63,9 +62,6 @@ cmos_io_handler(struct vmctx *ctx, int vcpu, int in, int port, int bytes,
static int buf_offset;
static int next_ops; /* 0 for addr, 1 for data, in pair (addr,data)*/

assert(port == CMOS_ADDR || port == CMOS_DATA);
assert(bytes == 1);

#ifdef CMOS_DEBUG
if (!dbg_file)
dbg_file = fopen("/tmp/cmos_log", "a+");
Expand All @@ -77,7 +73,6 @@ cmos_io_handler(struct vmctx *ctx, int vcpu, int in, int port, int bytes,
if (port == CMOS_ADDR) {

/* if port is addr, ops should be 0 */
assert(next_ops == 0 && !in);
if (next_ops != 0) {
next_ops = 0;
return -1;
Expand All @@ -88,7 +83,6 @@ cmos_io_handler(struct vmctx *ctx, int vcpu, int in, int port, int bytes,

} else if (port == CMOS_DATA) {

assert(next_ops == 1);
if (next_ops != 1) {
next_ops = 0;
return -1;
Expand Down
9 changes: 2 additions & 7 deletions devicemodel/hw/platform/ioc.c
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <assert.h>
#include <errno.h>
#include <fcntl.h>
#include <pty.h>
Expand Down Expand Up @@ -1329,7 +1328,6 @@ ioc_rx_thread(void *arg)
struct ioc_dev *ioc = (struct ioc_dev *) arg;
struct cbc_request *req = NULL;
struct cbc_pkt packet;
int err;

memset(&packet, 0, sizeof(packet));
packet.cfg = &ioc->rx_config;
Expand All @@ -1338,8 +1336,7 @@ ioc_rx_thread(void *arg)
for (;;) {
pthread_mutex_lock(&ioc->rx_mtx);
while (SIMPLEQ_EMPTY(&ioc->rx_qhead)) {
err = pthread_cond_wait(&ioc->rx_cond, &ioc->rx_mtx);
assert(err == 0);
pthread_cond_wait(&ioc->rx_cond, &ioc->rx_mtx);
if (ioc->closing)
goto exit;
}
Expand Down Expand Up @@ -1382,7 +1379,6 @@ ioc_tx_thread(void *arg)
struct ioc_dev *ioc = (struct ioc_dev *) arg;
struct cbc_request *req = NULL;
struct cbc_pkt packet;
int err;

memset(&packet, 0, sizeof(packet));
packet.cfg = &ioc->tx_config;
Expand All @@ -1391,8 +1387,7 @@ ioc_tx_thread(void *arg)
for (;;) {
pthread_mutex_lock(&ioc->tx_mtx);
while (SIMPLEQ_EMPTY(&ioc->tx_qhead)) {
err = pthread_cond_wait(&ioc->tx_cond, &ioc->tx_mtx);
assert(err == 0);
pthread_cond_wait(&ioc->tx_cond, &ioc->tx_mtx);
if (ioc->closing)
goto exit;
}
Expand Down
10 changes: 5 additions & 5 deletions devicemodel/hw/platform/ps2kbd.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
* SUCH DAMAGE.
*/

#include <assert.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
Expand All @@ -35,6 +34,7 @@
#include "types.h"
#include "atkbdc.h"
#include "console.h"
#include "log.h"

/* keyboard device commands */
#define PS2KC_RESET_DEV 0xff
Expand Down Expand Up @@ -225,8 +225,6 @@ ps2kbd_keysym_queue(struct ps2kbd_info *kbd,
0x22, 0x35, 0x1a, 0x54, 0x5d, 0x5b, 0x0e, 0x00,
};

/* assert(pthread_mutex_isowned_np(&kbd->mtx)); */

switch (keysym) {
case 0x0 ... 0x7f:
if (!down)
Expand Down Expand Up @@ -462,8 +460,10 @@ ps2kbd_init(struct atkbdc_base *base)
struct ps2kbd_info *kbd;

kbd = calloc(1, sizeof(struct ps2kbd_info));

assert(kbd != NULL);
if (!kbd) {
pr_err("%s: alloc memory fail!\n", __func__);
return NULL;
}

pthread_mutex_init(&kbd->mtx, NULL);
fifo_init(kbd);
Expand Down
13 changes: 5 additions & 8 deletions devicemodel/hw/platform/ps2mouse.c
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
* SUCH DAMAGE.
*/

#include <assert.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
Expand All @@ -35,6 +34,7 @@
#include "types.h"
#include "atkbdc.h"
#include "console.h"
#include "log.h"

/* mouse device commands */
#define PS2MC_RESET_DEV 0xff
Expand Down Expand Up @@ -152,8 +152,6 @@ fifo_get(struct ps2mouse_info *mouse, uint8_t *val)
static void
movement_reset(struct ps2mouse_info *mouse)
{
/* assert(pthread_mutex_isowned_np(&mouse->mtx)); */

mouse->delta_x = 0;
mouse->delta_y = 0;
}
Expand All @@ -172,8 +170,6 @@ movement_get(struct ps2mouse_info *mouse)
{
uint8_t val0, val1, val2;

/* assert(pthread_mutex_isowned_np(&mouse->mtx)); */

val0 = PS2M_DATA_AONE;
val0 |= mouse->status & (PS2M_DATA_LEFT_BUTTON |
PS2M_DATA_RIGHT_BUTTON | PS2M_DATA_MID_BUTTON);
Expand Down Expand Up @@ -220,7 +216,6 @@ movement_get(struct ps2mouse_info *mouse)
static void
ps2mouse_reset(struct ps2mouse_info *mouse)
{
/* assert(pthread_mutex_isowned_np(&mouse->mtx)); */
fifo_reset(mouse);
movement_reset(mouse);
mouse->status = PS2M_STS_ENABLE_DEV;
Expand Down Expand Up @@ -395,8 +390,10 @@ ps2mouse_init(struct atkbdc_base *base)
struct ps2mouse_info *mouse;

mouse = calloc(1, sizeof(struct ps2mouse_info));

assert(mouse != NULL);
if (!mouse) {
pr_err("%s: alloc memory fail!\n", __func__);
return NULL;
}

pthread_mutex_init(&mouse->mtx, NULL);
fifo_init(mouse);
Expand Down
33 changes: 26 additions & 7 deletions devicemodel/include/pci_core.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
#include <stdbool.h>
#include "types.h"
#include "pcireg.h"
#include "log.h"

#define PCI_BARMAX PCIR_MAX_BAR_0 /* BAR registers in a Type 0 header */
#define PCI_BDF(b, d, f) (((b & 0xFF) << 8) | ((d & 0x1F) << 3) | ((f & 0x7)))
Expand Down Expand Up @@ -311,7 +312,7 @@ int pci_msix_table_bar(struct pci_vdev *pi);
int pci_msix_pba_bar(struct pci_vdev *pi);
int pci_msi_maxmsgnum(struct pci_vdev *pi);
int pci_parse_slot(char *opt);
void pci_populate_msicap(struct msicap *cap, int msgs, int nextptr);
int pci_populate_msicap(struct msicap *cap, int msgs, int nextptr);
int pci_emul_add_msixcap(struct pci_vdev *pi, int msgnum, int barnum);
int pci_emul_msix_twrite(struct pci_vdev *pi, uint64_t offset, int size,
uint64_t value);
Expand Down Expand Up @@ -343,7 +344,10 @@ struct pci_vdev *pci_get_vdev_info(int slot);
static inline void
pci_set_cfgdata8(struct pci_vdev *dev, int offset, uint8_t val)
{
assert(offset <= PCI_REGMAX);
if (offset > PCI_REGMAX) {
pr_err("%s: out of range of PCI config space!\n", __func__);
return;
}
*(uint8_t *)(dev->cfgdata + offset) = val;
}

Expand All @@ -359,7 +363,10 @@ pci_set_cfgdata8(struct pci_vdev *dev, int offset, uint8_t val)
static inline void
pci_set_cfgdata16(struct pci_vdev *dev, int offset, uint16_t val)
{
assert(offset <= (PCI_REGMAX - 1) && (offset & 1) == 0);
if ((offset > PCI_REGMAX - 1) || (offset & 1) != 0) {
pr_err("%s: out of range of PCI config space!\n", __func__);
return;
}
*(uint16_t *)(dev->cfgdata + offset) = val;
}

Expand All @@ -375,7 +382,10 @@ pci_set_cfgdata16(struct pci_vdev *dev, int offset, uint16_t val)
static inline void
pci_set_cfgdata32(struct pci_vdev *dev, int offset, uint32_t val)
{
assert(offset <= (PCI_REGMAX - 3) && (offset & 3) == 0);
if ((offset > PCI_REGMAX - 3) || (offset & 3) != 0) {
pr_err("%s: out of range of PCI config space!\n", __func__);
return;
}
*(uint32_t *)(dev->cfgdata + offset) = val;
}

Expand All @@ -390,7 +400,10 @@ pci_set_cfgdata32(struct pci_vdev *dev, int offset, uint32_t val)
static inline uint8_t
pci_get_cfgdata8(struct pci_vdev *dev, int offset)
{
assert(offset <= PCI_REGMAX);
if (offset > PCI_REGMAX) {
pr_err("%s: out of range of PCI config space!\n", __func__);
return 0xff;
}
return (*(uint8_t *)(dev->cfgdata + offset));
}

Expand All @@ -405,7 +418,10 @@ pci_get_cfgdata8(struct pci_vdev *dev, int offset)
static inline uint16_t
pci_get_cfgdata16(struct pci_vdev *dev, int offset)
{
assert(offset <= (PCI_REGMAX - 1) && (offset & 1) == 0);
if ((offset > PCI_REGMAX - 1) || (offset & 1) != 0) {
pr_err("%s: out of range of PCI config space!\n", __func__);
return 0xffff;
}
return (*(uint16_t *)(dev->cfgdata + offset));
}

Expand All @@ -420,7 +436,10 @@ pci_get_cfgdata16(struct pci_vdev *dev, int offset)
static inline uint32_t
pci_get_cfgdata32(struct pci_vdev *dev, int offset)
{
assert(offset <= (PCI_REGMAX - 3) && (offset & 3) == 0);
if ((offset > PCI_REGMAX - 3) || (offset & 3) != 0) {
pr_err("%s: out of range of PCI config space!\n", __func__);
return 0xffffffff;
}
return (*(uint32_t *)(dev->cfgdata + offset));
}

Expand Down
1 change: 1 addition & 0 deletions devicemodel/include/types.h
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

#include "macros.h"
#include <stdint.h>
#include <stdarg.h>
#include <sched.h>
#include <sys/types.h>

Expand Down
2 changes: 1 addition & 1 deletion hypervisor/arch/x86/guest/pm.c
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ static bool rt_vm_pm1a_io_write(struct acrn_vm *vm, uint16_t addr, size_t width,
if (width != 2U) {
pr_dbg("Invalid address (0x%x) or width (0x%x)", addr, width);
} else {
if (((v & VIRTUAL_PM1A_SLP_EN) && (((v & VIRTUAL_PM1A_SLP_TYP) >> 10U) == 5U)) != 0U) {
if ((((v & VIRTUAL_PM1A_SLP_EN) != 0U) && (((v & VIRTUAL_PM1A_SLP_TYP) >> 10U) == 5U)) != 0U) {
vm->state = VM_POWERING_OFF;
}
}
Expand Down
29 changes: 16 additions & 13 deletions hypervisor/arch/x86/guest/vcpu.c
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ inline uint64_t vcpu_get_rip(struct acrn_vcpu *vcpu)
struct run_context *ctx =
&vcpu->arch.contexts[vcpu->arch.cur_context].run_ctx;

if (bitmap_test(CPU_REG_RIP, &vcpu->reg_updated) == 0 &&
if (!bitmap_test(CPU_REG_RIP, &vcpu->reg_updated) &&
bitmap_test_and_set_lock(CPU_REG_RIP, &vcpu->reg_cached) == 0)
ctx->rip = exec_vmread(VMX_GUEST_RIP);
return ctx->rip;
Expand Down Expand Up @@ -75,9 +75,10 @@ inline uint64_t vcpu_get_efer(struct acrn_vcpu *vcpu)
struct run_context *ctx =
&vcpu->arch.contexts[vcpu->arch.cur_context].run_ctx;

if (bitmap_test(CPU_REG_EFER, &vcpu->reg_updated) == 0 &&
bitmap_test_and_set_lock(CPU_REG_EFER, &vcpu->reg_cached) == 0)
if (!bitmap_test(CPU_REG_EFER, &vcpu->reg_updated) &&
!bitmap_test_and_set_lock(CPU_REG_EFER, &vcpu->reg_cached)) {
ctx->ia32_efer = exec_vmread64(VMX_GUEST_IA32_EFER_FULL);
}
return ctx->ia32_efer;
}

Expand All @@ -93,10 +94,11 @@ inline uint64_t vcpu_get_rflags(struct acrn_vcpu *vcpu)
struct run_context *ctx =
&vcpu->arch.contexts[vcpu->arch.cur_context].run_ctx;

if (bitmap_test(CPU_REG_RFLAGS, &vcpu->reg_updated) == 0 &&
bitmap_test_and_set_lock(CPU_REG_RFLAGS,
&vcpu->reg_cached) == 0 && vcpu->launched)
if (!bitmap_test(CPU_REG_RFLAGS, &vcpu->reg_updated) &&
!bitmap_test_and_set_lock(CPU_REG_RFLAGS,
&vcpu->reg_cached) && vcpu->launched) {
ctx->rflags = exec_vmread(VMX_GUEST_RFLAGS);
}
return ctx->rflags;
}

Expand Down Expand Up @@ -186,14 +188,14 @@ struct acrn_vcpu *get_ever_run_vcpu(uint16_t pcpu_id)
static void set_vcpu_mode(struct acrn_vcpu *vcpu, uint32_t cs_attr, uint64_t ia32_efer,
uint64_t cr0)
{
if (ia32_efer & MSR_IA32_EFER_LMA_BIT) {
if (cs_attr & 0x2000U) {
if ((ia32_efer & MSR_IA32_EFER_LMA_BIT) != 0UL) {
if ((cs_attr & 0x2000U) != 0U) {
/* CS.L = 1 */
vcpu->arch.cpu_mode = CPU_MODE_64BIT;
} else {
vcpu->arch.cpu_mode = CPU_MODE_COMPATIBILITY;
}
} else if (cr0 & CR0_PE) {
} else if ((cr0 & CR0_PE) != 0UL) {
vcpu->arch.cpu_mode = CPU_MODE_PROTECTED;
} else {
vcpu->arch.cpu_mode = CPU_MODE_REAL;
Expand All @@ -216,7 +218,7 @@ void set_vcpu_regs(struct acrn_vcpu *vcpu, struct acrn_vcpu_regs *vcpu_regs)
* If the set_vcpu_regs is used not only for vcpu state
* initialization, this part of code needs be revised.
*/
if (vcpu_regs->cr0 & CR0_PE) {
if ((vcpu_regs->cr0 & CR0_PE) != 0UL) {
attr = PROTECTED_MODE_DATA_SEG_AR;
limit = PROTECTED_MODE_SEG_LIMIT;
} else {
Expand Down Expand Up @@ -451,7 +453,7 @@ int32_t run_vcpu(struct acrn_vcpu *vcpu)
pr_info("VM %d Starting VCPU %hu",
vcpu->vm->vm_id, vcpu->vcpu_id);

if (vcpu->arch.vpid)
if (vcpu->arch.vpid != 0U)
exec_vmwrite16(VMX_VPID, vcpu->arch.vpid);

/*
Expand Down Expand Up @@ -518,10 +520,11 @@ int32_t run_vcpu(struct acrn_vcpu *vcpu)

if (status != 0) {
/* refer to 64-ia32 spec section 24.9.1 volume#3 */
if (vcpu->arch.exit_reason & VMX_VMENTRY_FAIL)
if ((vcpu->arch.exit_reason & VMX_VMENTRY_FAIL) != 0U) {
pr_fatal("vmentry fail reason=%lx", vcpu->arch.exit_reason);
else
} else {
pr_fatal("vmexit fail err_inst=%x", exec_vmread32(VMX_INSTR_ERROR));
}

ASSERT(status == 0, "vm fail");
}
Expand Down
8 changes: 6 additions & 2 deletions hypervisor/arch/x86/guest/vm.c
Original file line number Diff line number Diff line change
Expand Up @@ -659,8 +659,12 @@ void pause_vm(struct acrn_vm *vm)

if (vm->state != VM_PAUSED) {
if (is_rt_vm(vm)) {
/* Only when RTVM is powering off by itself, we can pause vcpu */
if (vm->state == VM_POWERING_OFF) {
/**
* For RTVM, we can only pause its vCPUs when it stays at following states:
* - It is powering off by itself
* - It is created but doesn't start
*/
if ((vm->state == VM_POWERING_OFF) || (vm->state == VM_CREATED)) {
foreach_vcpu(i, vm, vcpu) {
pause_vcpu(vcpu, VCPU_ZOMBIE);
}
Expand Down
7 changes: 3 additions & 4 deletions hypervisor/boot/cmdline.c
Original file line number Diff line number Diff line change
Expand Up @@ -20,14 +20,13 @@ int32_t parse_hv_cmdline(void)
struct multiboot_info *mbi = NULL;

if (boot_regs[0] != MULTIBOOT_INFO_MAGIC) {
ASSERT(0, "no multiboot info found");
return -EINVAL;
}

mbi = (struct multiboot_info *)(hpa2hva((uint64_t)boot_regs[1]));
dev_dbg(ACRN_DBG_PARSE, "Multiboot detected, flag=0x%x", mbi->mi_flags);

if (!(mbi->mi_flags & MULTIBOOT_INFO_HAS_CMDLINE)) {
if ((mbi->mi_flags & MULTIBOOT_INFO_HAS_CMDLINE) == 0U) {
dev_dbg(ACRN_DBG_PARSE, "no hv cmdline!");
return -EINVAL;
}
Expand All @@ -40,15 +39,15 @@ int32_t parse_hv_cmdline(void)
start++;

end = start + 1;
while (*end != ' ' && *end)
while ((*end != ' ') && ((*end) != '\0'))
end++;

if (!handle_dbg_cmd(start, end - start)) {
/* if not handled by handle_dbg_cmd, it can be handled further */
}
start = end + 1;

} while (*end && *start);
} while (((*end) != '\0') && ((*start) != '\0'));

return 0;
}
2 changes: 1 addition & 1 deletion hypervisor/debug/console.c
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ struct acrn_vuart *vuart_console_active(void)
}
}

return (vu && vu->active) ? vu : NULL;
return ((vu != NULL) && vu->active) ? vu : NULL;
}

static void console_timer_callback(__unused void *data)
Expand Down
2 changes: 1 addition & 1 deletion hypervisor/dm/vuart.c
Original file line number Diff line number Diff line change
Expand Up @@ -346,7 +346,7 @@ static bool vuart_write(struct acrn_vm *vm, uint16_t offset_arg,
offset -= vu->port_base;
target_vu = vu->target_vu;

if (!(vu->mcr & MCR_LOOPBACK) &&
if (((vu->mcr & MCR_LOOPBACK) == 0U) &&
(offset == UART16550_THR) && (target_vu != NULL)) {
send_to_target(target_vu, value_u8);
} else {
Expand Down