TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 9726c2553a1014f32cb36d22dfe779d2e8cfa051^! / . / inc / vmapi / hf / abi.h
commit9726c2553a1014f32cb36d22dfe779d2e8cfa051[log] [tgz]
authorAndrew Scull <ascull@google.com>Wed Jan 23 13:44:19 2019 +0000
committerAndrew Scull <ascull@google.com>Wed Jan 23 18:03:28 2019 +0000
tree5c126dda845a709c15dfbc33879e289d1a322f4b
parentb790f65a721cd63b3cf8f0dba7561c01a579ae40 [diff] [blame]
Handle VMs misbehaving.

If a VM accesses memory it is not allowed to or otherwise triggers and
unhandled exception it will be aborted such that none of the vCPUs can
be run again.

The VM remains unchanged from the point of view of other VMs other than
it will not make any further progress.

Change-Id: I352e1c714f1e4b1b43185269f92e7fa41e09a4db

diff --git a/inc/vmapi/hf/abi.h b/inc/vmapi/hf/abi.h
index 4716f01..39d6fb6 100644
--- a/inc/vmapi/hf/abi.h
+++ b/inc/vmapi/hf/abi.h

@@ -24,14 +24,14 @@
 	 * scheduling quantum has not expired, the scheduler MUST call
 	 * `hf_vcpu_run` on the vCPU to allow it to continue.
 	 */
-	HF_VCPU_RUN_PREEMPTED,
+	HF_VCPU_RUN_PREEMPTED = 0,
 
 	/**
 	 * The vCPU has voluntarily yielded the CPU. The scheduler SHOULD take a
 	 * scheduling decision to give cycles to those that need them but MUST
 	 * call `hf_vcpu_run` on the vCPU at a later point.
 	 */
-	HF_VCPU_RUN_YIELD,
+	HF_VCPU_RUN_YIELD = 1,
 
 	/**
 	 * The vCPU is blocked waiting for an interrupt. The scheduler MUST take
@@ -39,7 +39,7 @@
 	 * has injected an interrupt, sent it a message, or got a
 	 * `HF_VCPU_RUN_WAKE_UP` for it from another vCPU.
 	 */
-	HF_VCPU_RUN_WAIT_FOR_INTERRUPT,
+	HF_VCPU_RUN_WAIT_FOR_INTERRUPT = 2,
 
 	/**
 	 * The vCPU would like `hf_vcpu_run` to be called on another vCPU,
@@ -48,13 +48,13 @@
 	 * re-run it if it is already running somewhere. This gives Hafnium a
 	 * chance to update any CPU state which might have changed.
 	 */
-	HF_VCPU_RUN_WAKE_UP,
+	HF_VCPU_RUN_WAKE_UP = 3,
 
 	/**
 	 * A new message is available for the scheduler VM, as specified by
 	 * `hf_vcpu_run_return.message`.
 	 */
-	HF_VCPU_RUN_MESSAGE,
+	HF_VCPU_RUN_MESSAGE = 4,
 
 	/**
 	 * Like `HF_VCPU_RUN_WAIT_FOR_INTERRUPT`, but for a limited amount of
@@ -63,14 +63,21 @@
 	 * `HF_VCPU_RUN_WAIT_FOR_INTERRUPT` occur, the scheduler MUST call
 	 * `hf_vcpu_run` on it again.
 	 */
-	HF_VCPU_RUN_SLEEP,
+	HF_VCPU_RUN_SLEEP = 5,
 
 	/**
 	 * The vCPU has made the mailbox writable and there are pending waiters.
 	 * The scheduler MUST call hf_mailbox_waiter_get() repeatedly and notify
 	 * all waiters by injecting an HF_MAILBOX_WRITABLE_INTID interrupt.
 	 */
-	HF_VCPU_RUN_NOTIFY_WAITERS,
+	HF_VCPU_RUN_NOTIFY_WAITERS = 6,
+
+	/**
+	 * The vCPU has aborted triggering the whole VM to abort. The scheduler
+	 * MUST treat this as `HF_VCPU_RUN_WAIT_FOR_INTERRUPT` for this vCPU and
+	 * `HF_VCPU_RUN_WAKE_UP` for all the other vCPUs of the VM.
+	 */
+	HF_VCPU_RUN_ABORTED = 7,
 };
 
 struct hf_vcpu_run_return {