Clean up MCA MSR virtualization and vMCE injection
Remove all virtual MCE related work into a seperated file.
It also try to do some clean-up on the vMCE, including:
a) renmae some function name like mce_init_msr/mce_rdmsr to be
vmce_init_msr/vmce_rdmsr to make it more straightforward,
b) make the vmca_msrs be a pointer in arch_domain,
to decrease arch_domain's size
c) extract per-bank MCA MSR access to be seperated function
(bank_mce_wrmsr/bank_mce_rdmsr) to make it be a bit cleaner.
d) A new file xen/include/asm-x86/mce.h is added for vmce related
header.
x86: Revert how we calculate 'total system RAM' after c/s 20236.
This approach is more straightforward, in that it simply works the
original e820 map. It's what the user expects, and reporting a smaller
value is never appreciated. ;-)
We recently found that FreeBSD 8.0 guest failed to install and boot on
Xen. The reason was that FreeBSD detected clflush feature and invoked
this instruction to flush MMIO space. This caused a page fault; but
x86_emulate.c failed to emulate this instruction (not supported). As a
result, a page fault was detected inside FreeBSD. A similar issue was
reported earlier.
Due to changes in grub2, menu entry titles now have single quote
around them rather than double quotes, but the memtest entries still
are using double quotes, so we need to catch both.
Signed-off-by: David Markey <david.markey@citrix.com>
Since we moved several NUMA info fields from physinfo into separate
functions/structures, we must adapt the node picking algorithm, too.
Currently xm create complains about undefined hash values.
The patch uses the new Python xc binding to get the information and
create a reverse mapping for node_to_cpu, since we now only have a
cpu_to_node field.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
acpi sleep: Rearrange code for entering system sleep states.
We cannot freeze_domains in hypercall-continuation context any more,
since that is a softirq context which can interrupt an arbitrary
vcpu. Hence sleeping all vcpus in that context can easily deadlock
(against the vcpu we interrupted). So rearrange the code to
freeze_domains before calling continue_hypercall_on_cpu().
Update comments around spin_trylock() usage for sysctl and xenpf locks.
Since the execution of stop_machine_run() via cpu_down() is now always
deferred to a hypercall continuation context, the above locks are not
held at that time. Hence the trylock is not specifically to avoid
deadlock with stop_machine_run(), but rather a more general paranoia
about deadlocks in general.
continue_hypercall_on_cpu() always defers execution of the continuation
...even when scheduled to run on the current physical cpu. This
ensures that locks get dropped correctly before executing the
continuation code, and also allows the original caller to determine
whether the continuation has/will execute based on c_h_o_c()'s
immediate return code.
This is the core credit2 patch. It adds the new credit2 scheduler to
the hypervisor, as the non-default scheduler. It should be emphasized
that this is still in the development phase, and is probably still
unstable. It is known to be suboptimal for multi-socket systems.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
Credit2 shares a runqueue between several cpus. Rather than have
double locking and dealing with the cpu-to-runqueue races, allow
the scheduler to redefine the sched_lock-to-cpu mapping.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
Because credit2 shares a runqueue between several cpus, it needs
to know when a scheduled-out process has finally been context-switched
away so that it can be added to the runqueue again. (Otherwise it may
be grabbed by another processor before the context has been properly
saved.)
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
Add an option that will set up the buffers and listen for updates,
but will not enable tracing. This is useful if you have hacks
in Xen to enable tracing at key points (for example, debugging a
shadow bug).
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
Unfortunately the latter c/s' change to mpparse.c yielded the former
patch non-functional - Xen's serial port IRQ is not in IQR_DISABLED
state, yet must be allowed to get its trigger mode and polarity set
up in order for it to be usable.
Reorder the SCHED_SWITCH trace before the runstate change trace to fix
a problem with the lost records "resume" code.
Namely: The "lost records" trace includes the currently running
process. But during SCHED_SWITCH, it reads the wrong value, confusing
xenalyze. Making sure there are no trace records between runstate
change trace and the actual context switch fixes it.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
If OOS mode is enabled, after last possible resync, read the guest l1e
one last time. If it's different than the original read, start over
again.
This fixes a race which can result in inconsistent in-sync shadow
tables, leading to corruption:
v1: take page fault, read gl1e from an out-of-sync PT.
v2: modify gl1e, lowering permissions
[v1,v3]: resync l1 which was just read.
v1: propagate change to l1 shadow using stale gl1e
Now we have an in-sync shadow with more permissions than the guest.
The resync can happen either as a result of a 3rd vcpu doing a cr3
update, or under certain conditions by v1 itself.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
ssh is used as the transport by default, although this can be
overridden by specifying a different sshcommand. This is a very
standard approach nowadays and avoids the need for daemons at the
target host in the default configuration, while providing flexibility
to admins. (In the future it might be nice to support plain
unencrypted migration over TCP, which we do not rule out now, although
it is not currently implemented.)
Properties of the migration protocol:
* The domain on the target machine is named "<domname>--incoming"
while it is being transferred.
* The domain on the source machine is renamed
"<domain>--migratedaway"
before we give the target permission to rename and unpause.
* The locking in libxl_domain_rename ensures that of two
simultaneous migration attempts no more than one will succeed.
* We go to some considerable effort to avoid leaving the domain in
a bad state if something goes wrong with one of the ends or the
network, although there is still (inevitably) a possibility of a
unresolvable state (in case of very badly timed network failure)
which is probably best resolved by destroying the domain at both
ends.
Incidental changes:
create_domain now returns a libxl error code rather than exiting on
error.
New ERROR_BADFAIL error code for reporting unpleasant failures.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
* Make create_domain always return to caller
* Have create_domain set its log callback sooner
* Actually write things to logfile, and some error checking
With some combinations of options, create_domain would never return to
the caller, since it would have called daemon and will later exit. So
we fork an additional time, so that we can call daemon in the child
and also return to the caller in the parent. It's a shame that
there's no version of daemon(3) that allows us to do this without the
extra code and pointless extra fork.
daemon(0,0) closes all the fds. So we need to call daemon(0,1) and
organise detaching our stdin/out/err ourselves. Doing this makes
messages actually appear in the xl logfile in /var/log/xen.
Finally, make create_domain call libxl_ctx_set_log sooner. This makes
some lost messages appear.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
xl: New savefile format. Save domain config when saving a domain.
We introduce a new format for saved domains. The new format, in
contrast to the old:
* Has a magic number which can distinguish it from other kinds of
file
* Is extensible
* Can contains the domain configuration file
On domain creation we remember the actual config file used (using the
toolstack data feature of libxl, just introduced), and by default save
it to the save file.
However, options are provided for the following:
* When saving a domain, supplying an alternative config file to
store in the savefile.
* When restoring a domain, supplying an alternative config file.
If a domain is restored with a different config file, it is the
responsibility of the xl user to ensure that the two configs are
"compatible". Changing the targets of virtual devices is supported;
changing other features of the domain is not recommended. Bad changes
may lead to undefined behaviour in the domain, and are in practice
likely to cause resume failures or crashes.
Old format save files generated by old versions of xl are not
supported.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
xl: Remove some duplicated boilerplate. (Improves logging slightly.)
We remove six lines of boilerplate from the top of each function, and
instead have a single struct libxl_ctx which is initialised once at
the top of main.
Likewise we wrap domain_qualifier_to_domid in a new function
find_domain, which does the error handling, and stores the domid and
the specified name (if applicable).
This reduces the size of xl.c by 7% (!)
As a beneficial side effect, the earlier call to libxl_ctx_set_log in
main makes some lost messages appear.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
libxl: Per-domain data storage for the convenience of the library user
We provide a mechanism whereby a user of the libxl library is able to
store some information alongside the domain. The information stored
is a block of bytes. Its lifetime is that of the domain - ie the
userdata is garbage collected alongside the domain if the domain is
destroyed. (This is why the feature needs to be in libxl and cannot
be implemented in the user itself or in libxlutil.)
If a libxl caller does not need to use this feature it can ignore it.
The data is tagged with the (self-declared) name of the libxl user, so
that different users cannot accidentally trip over each others'
userdata. The data is not interpreted at all by libxl.
To assist developers and people debugging, there is a registry of the
known userdata userids, and the corresponding data format as declared
by that libxl user, in libxl.h next to these declarations:
int libxl_userdata_store(struct libxl_ctx *ctx, uint32_t domid,
const char *userdata_userid,
const uint8_t *data, int datalen);
int libxl_userdata_retrieve(struct libxl_ctx *ctx, uint32_t domid,
const char *userdata_userid,
uint8_t **data_r, int *datalen_r);
The next patch will introduce the data for the userid "xl".
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
xl would like to use libxl_report_exitstatus, so expose it in
libxl_utils.h to avoid having to write it twice. Also, give it a
"level" argument to set the loglevel of the resulting message.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
xenstore,libxl: cleanup of xenstore connections across fork()
Provide a new function xs_daemon_destroy_postfork which can be called
by a libxenstore user who has called fork, to close the fd for the
connection to xenstored and free the memory, without trying to do
anything to any threads which libxenstore may have created.
Use this new function in libxl_fork, to avoid accidental use of a
xenstore connection in both parent and child.
Also, fix the doc comment for libxl_spawn_spawn to have the success
return codes the right way round.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
libxl: Expose functions for helping with subprocesses.
* Expose libxl_fork in libxl_utils.h
* Expose libxl_pipe in libxl_utils.h
* Make libxl_exec put SIGPIPE back (so that libxl callers may
have SIGPIPE ignored)
xl would like to use libxl_fork (which is like fork(2) except that it
logs errors) and also a similar function libxl_pipe. So put these in
libxl_utils.[ch] and use them in libxl.c as appropriate, to avoid
having to duplicate code between xl and libxl.
Also, make sure that subprocesses spawned by libxl have SIGPIPE set
back to SIG_DFL as they are entitled to expect. This means that a
libxl caller which sets SIGPIPE to SIG_IGN is no longer buggy. (This
is relevant for xl migration, because xl would like to be such a
caller.)
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
libxl: libxl_domain_restore: Put fd back to blocking mode
libxl_domain_restore calls, indirectly, xc_domain_restore. The
latter, when doing a live migration, sets the fd from blocking mode
(which it must be on entry, or things go wrong) to nonblocking mode
and leaves it this way. Arguably this is a bug in libxc, but to avoid
disrupting any callers we fix it in libxl.
So libxl_domain_restore now puts the fd back into blocking mode
before returning.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
libxl: New utility functions in for reading and writing files.
We introduce these functions in libxl_utils.h:
int libxl_read_file_contents(struct libxl_ctx *ctx, const char
*filename,
void **data_r, int *datalen_r);
int libxl_read_exactly(struct libxl_ctx *ctx, int fd, void *data,
ssize_t sz,
const char *filename, const char *what);
int libxl_write_exactly(struct libxl_ctx *ctx, int fd, const void
*data,
ssize_t sz, const char *filename, const char
*what);
They will be needed by the following patches. They have to be in
libxl.a rather than libxutil.a because they will be used, amongst
other places, in libxl itself.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
This is needed by the following patches. It makes it much more
convenient for libxl functions to return the errno value from the
failure, when they fail.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
To eliminate racing between dbs timer handler and cpufreq_del_cpu,
using kill_timer instead of stop_timer to make sure timer handler
execution finished before other stuff in cpufreq_del_cpu.
BTW, fix a lost point of cpufreq_statistic_lock taking sequence.
The final, flushing call to discard_file_cache also discards any
errors from fsync. Call fsync explicitly before leaving, to check if
all VM memory actually made it to the disk.
Signed-off-by: Daniel Stodden <daniel.stodden@citrix.com>
Starting with Family 0x10, model 10 processors, some AMD processors
will have support for the APERF/MPERF MSRs. This patch adds the
checks necessary to support those MSRs.
It also makes the get_measured_perf function defined inside cpufreq.c
driver independent. max_freq is taken from the policy definition
instead of being a private argument in struct acpi_cpufreq_data.
The struct member is entirely removed from the function since it
is no longer used.
Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com>
Add support for disabling AMD's Boost feature. Boost is similar to
Intel's Turbo and uses the same high level interface. The low
level implementation is different and encapsulated in the powernow
driver for cpufreq.
Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com>
Refactor the existing code that supports the Intel Turbo feature to
move all the driver specific bits in the cpufreq driver. Create
a tri-state interface for the Turbo feature that can distinguish
amongst enabled Turbo, disabled Turbo, and processors that don't
support Turbo at all.
Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com>
tmem: fix ia64 build
/xen/common/built_in.o: In function `tmh_get_first_byte':
/xen/include/xen/tmem_xen.h:350: undefined reference to
`__map_domain_page'
xen: allow guests to set caching attributes for MMIOs
This patch allows guests that have directly mapped MMIO regions to set
the caching attributes for them, and only for them.
Currently we have just an on/off check for a directly assigned device
instead of looking for directly mapped MMIO regions.
'xm info' command now also gives the cpu topology & host numa
information. This will be later used to build guest numa support. The
patch basically changes physinfo sysctl, and adds topology_info &
numa_info sysctls, and also changes the python & libxc code
accordingly.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
This fixes xenbus initialization of blkfront, netfront and pcifront
by uniformizing with fbfront: after writing parameters, set state to
initialised, then wait for backend to switch to connect state, and
then only read its parameter and switch to the connect state.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
When no fb is available, init_fbfront will return, so the local
semaphore for synchronization with the kbd thread would get dropped.
Using a global static semaphore instead fixes this.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
tmem: add page deduplication with optional compression or trailing-zero-elimination
Add "page deduplication" capability (with optional compression
and trailing-zero elimination) to Xen's tmem.
(Transparent to tmem-enabled guests.) Ephemeral pages
that have the exact same content are "combined" so that only
one page frame is needed. Since ephemeral pages are essentially
read-only, no C-O-W (and thus no equivalent of swapping) is
necessary. Deduplication can be combined with compression
or "trailing zero elimination" for even more space savings.
Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
This patch adds a new field in hvm to indicate 1gb is supported by
CPU. In addition, users can turn 1GB feature on/off using a Xen
option ("hap_1gb", default is off). Per Tim's suggestion, I also add
an assertion check in shadow/common.c file to prevent affecting shadow
code.
This patch changes Xen tools to allocate 1GB first. If such requests
fail, it will fall back to 2MB and then 4KB. We skip 1GB allocation
for the MMIO space between 3GB and 4GB.
Limiting the number of idle cpus tickled for vcpu migration purpose
to ONLY ONE to get rid of a lot of IPI events which may impact the
average cpu idle residency time.
The default on option 'tickle_one_idle_cpu=0' can be used to disable
this optimization if needed.
cpuidle: mwait on softirq_pending & remove wakeup ipis
For cpu which enter deep C state via monitor/mwait, wakeup can be done
by writing to the monitored memory. So once monitor softirq_pending,
we can remove the redundant ipis.
Signed-off-by: Yu Ke <ke.yu@intel.com> Signed-off-by: Wei Gang <gang.wei@intel.com>
Allow all unused GSI to be configured via IO-APIC by new pv_ops dom0
Currently Xen disallows setting up any GSI < 16. This makes it
impossible by the kernel to use any PCI devices without ACPI override
but a mapping to this interrupts via IO-APIC.
The patch allows all unused interrupts to be setup via IO-APIC.
projects / xen.git / log