Add support for accessing EL1 debug registers
For now, the primary vm can access all debug registers, whereas secondary vms
cannot. Debug event exceptions are disabled for secondary vms, so a malicious
primary cannot have active breakpoints or watchpoints for secondary vms.
This code allows us in the future to add debug support to secondary vms, and to
have fine-grained control over which registers are allowed, either by the
primary or secondary, as well as change the behavior for such accesses.
Bug: 132422368
Change-Id: I616454cc12bea6b8dfebbbdb566ac64c0a6625c2
diff --git a/Makefile b/Makefile
index 2d3a885..3473b2e 100644
--- a/Makefile
+++ b/Makefile
@@ -38,9 +38,15 @@
NINJA ?= $(PREBUILTS)/ninja/ninja
export PATH := $(PREBUILTS)/clang/bin:$(PATH)
+
CHECKPATCH := $(PWD)/third_party/linux/scripts/checkpatch.pl \
--ignore BRACES,SPDX_LICENSE_TAG,VOLATILE,SPLIT_STRING,AVOID_EXTERNS,USE_SPINLOCK_T,NEW_TYPEDEFS,INITIALISED_STATIC,FILE_PATH_CHANGES,EMBEDDED_FUNCTION_NAME,SINGLE_STATEMENT_DO_WHILE_MACRO,MACRO_WITH_FLOW_CONTROL --quiet
+# Specifies the grep pattern for ignoring specific files in checkpatch.
+# Separate the different items in the list with a grep or (\|).
+# debug_el1.c : uses XMACROS, which checkpatch doesn't understand.
+CHECKPATCH_IGNORE := "src/arch/aarch64/hypervisor/debug_el1.c"
+
# Select the project to build.
PROJECT ?= reference
@@ -74,10 +80,10 @@
.PHONY: checkpatch
checkpatch:
- @find src/ -name \*.c -o -name \*.h | xargs $(CHECKPATCH) -f
- @find inc/ -name \*.c -o -name \*.h | xargs $(CHECKPATCH) -f
+ @find src/ -name \*.c -o -name \*.h | grep -v $(CHECKPATCH_IGNORE) | xargs $(CHECKPATCH) -f
+ @find inc/ -name \*.c -o -name \*.h | grep -v $(CHECKPATCH_IGNORE) | xargs $(CHECKPATCH) -f
# TODO: enable for test/
- @find project/ -name \*.c -o -name \*.h | xargs $(CHECKPATCH) -f
+ @find project/ -name \*.c -o -name \*.h | grep -v $(CHECKPATCH_IGNORE) | xargs $(CHECKPATCH) -f
# see .clang-tidy.
.PHONY: tidy