Daniel De Graaf [Thu, 2 Feb 2012 15:24:53 +0000 (15:24 +0000)]
flask: add flask-{get,set}-bool tools
These utilities can be used to modify policy booleans, which allow
minor policy changes without reloading the security policy. This can
be used to make security policy change based on external information
such as time of day, user physical presence, completion of system
boot, or other relevant variables.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Thu, 2 Feb 2012 15:23:43 +0000 (15:23 +0000)]
xsm/flask: allow policy booleans to be addressed by name
Booleans are currently only addressable by using a sequence number
that is not easily accessible to tools. Add new FLASK operations to
get/set booleans by name, and to get the name of a boolean given its
ID.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Thu, 2 Feb 2012 15:23:04 +0000 (15:23 +0000)]
xen/xsm: fix incorrect handling of XSM hook return
If the XSM hook denied access, the execution incorrectly continued on
after an extra unlock domain.
Reported-by: John McDermott <john.mcdermott@nrl.navy.mil> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Thu, 2 Feb 2012 15:21:13 +0000 (15:21 +0000)]
flask/policy: Add user and constraint examples
These examples show how to use constraints and the user field of the
security label to prevent communication between virtual machines of
different customers in a multi-tenant environment.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Thu, 2 Feb 2012 15:20:40 +0000 (15:20 +0000)]
flask/policy: Policy build updates
Eliminate temporary files used in creating FLASK policy to improve
error reporting during policy build. Syntax errors now point to the
file and line number visible to the user, not the intermediate
temporary file.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Thu, 2 Feb 2012 15:19:24 +0000 (15:19 +0000)]
xsm/flask: Improve error reporting for ocontexts
Instead of returning -EINVAL for all errors, return -EEXIST if adding
an entry that overlaps with an existing entry, and -ENOENT if
attempting to remove an entry that does not exist. Adding an ocontext
that already exists with the same SID is no longer an error.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Thu, 2 Feb 2012 15:18:19 +0000 (15:18 +0000)]
xsm: Add xsm_map_domain_pirq hook
When checking permissions in map_domain_pirq, the msi_desc field of
the irq_desc is not yet populated with the PCI device being used. Pass
in the msi_info structure which contains the intended PCI device whose
label will be used in the security check.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Thu, 2 Feb 2012 15:17:46 +0000 (15:17 +0000)]
xsm/flask: Use PCI device label for PCI-MSI IRQs
Because the PCI-MSI IRQ numbers are allocated dynamically, labeling
them by number is not useful. Instead, for all IRQs beyond
nr_irqs_gsi, use the associated msi_desc to find the PCI device and
use the label of the PCI device for the IRQ.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Thu, 2 Feb 2012 15:16:34 +0000 (15:16 +0000)]
xsm: Add security labels to event-channel dump
In FLASK, event channel labels are distinct from the labels of the
domain using them. When debugging policy issues, it is useful to be
able to view the current label of event channels; add this label to
the event channel dump.
This patch also adds the IRQ associated with a PIRQ for event channels
bound to a PIRQ, and moves the xen_consumer flag to the front to
create more consistent alignment in the output.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
x86/mm: Reorder locks used by shadow code in anticipation of synchronized p2m lookups
Currently, mm-locks.h enforces a strict ordering between locks in the mm
layer lest there be an inversion in the order locks are taken and thus
the risk of deadlock.
Once p2m lookups becoming synchronized, get_gfn* calls take the p2m lock, and a
new set of inversion arises. Reorder some of the locks in the shadow code so
that even in this case no deadlocks happen.
After this, synchronized p2m lookups are in principle ready to be enabled in
shadow mode.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
x86/mm: Don't fail to nominate for paging on type flag, rather look at type count
Xen doesn't clean the type flag when dropping the type count for a page to
zero. So, looking at the type flag when nominating a page for paging it's
incorrect. Look at the type count instead.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Signed-off-by: Adin Scannell <adin@scannell.ca> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
xl: allow enable automatic fallback to ACPI events if PV control not available.
Add a -F (fallbacks) option to xl destroy|reboot to cause an ACPI shutdown or
reset event to be sent to the guest in the event that the guest does not
support the PV control interface.
This is not the default because the response to these triggers is an
guest-internal configuration.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
docs: document /etc/xen/xl.conf
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
libxl: add named enum for timer mode.
Unlike previous iterations of this patch the enum values now match the
underlying domctl values.
I looked at updating xl.cfg(5) for these while I was here but frankly, even
after reading the comment in xen/include/public/hvm/params.h, I don't have a
clue what they mean, no_missed_ticks_pending in particular might as well be
written in klingon...
For the same reason I didn't try and give the enum more user-friendly names.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
libxl: drop libxl_cpuarray -- topology was the only user.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
libxl: expose cpu topology as a single list of cpu->{node,core,socket} maps.
Rather than the previous tripple list which is more complicated to work with
and harder for language bindings.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
ocaml: Topology.get returns an array not a single element.
The stub implementation appears to already be correct.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
ocaml: add helpers for Some/None option types.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
libxl: remove libxl_button_press in favour of libxl_send_trigger.
send_trigger already included all the operations covered by button_press.
Rework send_trigger to take an enum instead of a string.
I stopped short at removing the xl "button-press" command but instead have
marked it as deprecated.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:39 +0000 (16:34 +0000)]
libxl: de-hard-tabbify idl.txt
Hard tabs were in the minority, nuke them.
Also we no longer supply the inaddr_ip builtin.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:38 +0000 (16:34 +0000)]
libxl: Rename libxl IDL infrastructure.
Originally libxltypes.py provided the infrastructure and libxl.idl provided the
specific types.
In 23887:a543e10211f7 libxl.idl became libxl_types.idl (to allow for
libxl_types_internal.idl) which means we now have libxl_types.FOO and
libxltypes.FOO providing different things and annoying people in tab
completion.
Rename the infrastructure as idl.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:38 +0000 (16:34 +0000)]
libxl: only write "disable_pf" key to xenstore when it makes sense
This key is only used by the traditional qemu-dm when servicing an HVM domain.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:38 +0000 (16:34 +0000)]
libxl: remove libxl_device_model_info.
All that is left here is the target domain's domid which we can pass around as
a parameter.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:38 +0000 (16:34 +0000)]
libxl: move "saved_state" to libxl__domain_build_state.
This is internal to the library and need not be exposed to the user.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:34:32 +0000 (16:34 +0000)]
libxl: move device model selection variables to b_info.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:52 +0000 (15:21 +0000)]
libxl: remove uuid from device model info.
This should be managed by libxl and need not be exposed to the user.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:52 +0000 (15:21 +0000)]
libxl: Remove libxl_device_model_info.type.
This is the type of the target guest which is part of the guest config.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:52 +0000 (15:21 +0000)]
libxl: move gfx_passthru setting to b_info->u.hvm
Although xl parsed this value for both PV and HVM domains (and then a second
time for HVM domains) inside libxl it only impacts HVM guests so I think this
is the right place for it.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:52 +0000 (15:21 +0000)]
libxl: HVM device configuration info build_info->u.hvm
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:51 +0000 (15:21 +0000)]
libxl: move HVM emulated GFX support into b_info->u.hvm
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:51 +0000 (15:21 +0000)]
libxl: use vfb[0] directly for xenpv device model
Rather than laundering it via dm info.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:51 +0000 (15:21 +0000)]
libxl: drop dm_info.dom_name
This is always the same as the c_info name which we now have available.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:51 +0000 (15:21 +0000)]
libxl: remove redundant info from dm info.
Remove "target_ram", "acpi", "vcpus" and "vcpu_avail" from device model info
and use domain_build_info instead. These must all be consistently specified to
both the domain and the device model, there is no need (and a great deal of
danger) in exposing a way for a user of libxl to set them differently.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 15:21:51 +0000 (15:21 +0000)]
libxl: now that dm creation takes domain_config stop passing down devices.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 14:41:00 +0000 (14:41 +0000)]
libxl: plumb libxl_domain_config down into device model creation.
Creating the device model derives lots of bits from the guest configuration.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 14:41:00 +0000 (14:41 +0000)]
libxl: define libxl_sdl_info to hold all info about the SDL config
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 14:41:00 +0000 (14:41 +0000)]
libxl: define libxl_spice_info to hold all info about the spice server
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 14:40:59 +0000 (14:40 +0000)]
libxl: define libxl_vnc_info to hold all info about the vnc info
Reduces duplication in libxl_vfb and libxl_device_model.
Updated bindings but the python ones in particular are unlikely to be useful
until a user presents itself and fixes them up.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 14:40:08 +0000 (14:40 +0000)]
ocaml: use libxl IDL type helpers for C argument passing
Makes handling of nested structs more correct.
Only change to the generated code right now is that the FOO_Val
(C->ocamlC) function for Enumeration types now takes the C argument by
value instead of reference.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 14:39:57 +0000 (14:39 +0000)]
libxl: use keyword arguments for field definitions in aggregate types.
The original code is not so bad now that the comments are gone but this is
still a bit cleaner.
No change in the generated code.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 14:39:57 +0000 (14:39 +0000)]
libxl: remove comment support from IDL
People typically don't look for comments in generated source and the syntax for
specifying them in the IDL makes things harder to follow.
Instead just use source code comments in the IDL itself.
I dropped a bunch of "foo bool # enable or disable foo" type comments. A lot of
the remainder still aren't terribly useful though.
No change to the generate code other than the comments being removed.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 14:39:57 +0000 (14:39 +0000)]
libxl: remove libxl_domain_create_info.poolname
It is redundant with poolid and allowing the user to specify both
opens up the possibility of a disconnect.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: juergen.gross@ts.fujitsu.com
[since v2 - correct default is 0 not -1] Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Roger Pau Monne [Tue, 31 Jan 2012 16:48:06 +0000 (16:48 +0000)]
libxl: add support for yajl 2.x
This patch adds support for yajl versions 2.x, while retaining 1.x
compatibility. All the needed ifdefs can be found in libxl_json.h.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Campbell [Tue, 31 Jan 2012 16:06:14 +0000 (16:06 +0000)]
mini-os: use BSD sys/queue.h instead of Linux list.h
The latter is GPL which makes the whole of mini-os GPL rather than BSD
as intended. In tree users are all GPL or GPL-compatible but we should
fix this so that mini-os is BSD. Do so by using the same BSD
sys/queue.h as we use in libxl.
Tested with the builtin mini-os test app and qemu stubdomain, both of which
appear to still function as expected.
Move tools/libxl/external and the associated sed script to
tools/include/xen-external to allow more sensible access from mini-os.
Also add s/NULL/0/ in the sed script due to NULL not always being
defined in stubdom code when mini-os/wait.h is included.
As well as the obvious ABI changes there are a few API updates
associated with the change:
- struct rw_semaphore.wait_list is unused
- remove_waiter needs to take the wait_queue_head
The latter requires a qemu update, so there is also a QEMU_TAG
update in this changeset.
I sprinkled some extra-emacs local variables around the files I edited
which didn't have them.
I think this should be backported to the stable branches since
external users of mini-os may have been mislead into thinking they
could safely link mini-os against GPL-incompatible code.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Olaf Hering [Tue, 31 Jan 2012 11:35:07 +0000 (11:35 +0000)]
tools/libxc: remove volatile keyword for bitmap operations
All bitmaps maintained by xc_bitops.h are used in single threaded
applications. So nothing will change the bitmaps content, adding
volatile adds just unneeded memory reloads.
xenpaging uses bitmaps alot and using non-volatile versions will
slightly improve performance.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Committed-by: Keir Fraser <keir@xen.org>
Olaf Hering [Tue, 31 Jan 2012 11:33:35 +0000 (11:33 +0000)]
mini-os: convert mlock macros to C functions
mlock and munlock are implemented as macros in mini-os. Their usage
requires casting in common code. Convert them to C syntax and provide
an empty dummy function. Remove the now unneeded (void) cast from two
munlock calls.
Olaf Hering [Mon, 30 Jan 2012 12:06:34 +0000 (13:06 +0100)]
xenpaging: unify return value in nominate and evict
Let p2m_mem_paging_nominate and p2m_mem_paging_evict return just one
error number. EINVAL is not very helpful in case of nominate, it can
happen if the pager tries to nominate a ballooned page. In this case the
gfn is not backed by a mfn, the pager can not know that. Similar with
evict, anything can happen between nominate and evict.
This change helps the pager to decide if the returned error is from the
function itself, or if it happend earlier. In the latter case, it is
most likely fatal and should be handled as such.
nominate and evict return EBUSY, which is supposed to mean
"pager request reached target function, and failed."
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
Ian Jackson [Mon, 30 Jan 2012 15:23:39 +0000 (15:23 +0000)]
libxl: treat "dying" domains as destroyed
Rename the DOMAIN_DESTROY event to DOMAIN_DEATH and have it trigger
when the domain goes into the state indicated by the domaininfo flag
"dying".
This fixes a race which could leak a daemonised xl process, which
would have ignored the domain becoming "dying" and would then wait
forever to be told the domain was destroyed.
After the domain becomes "dying" we can't generate an event when it is
actually destroyed because xenstored will eat the relevant
VIRT_DOM_EXC virq and not generate an @releaseDomain, since xenstored
discards its own record of the domain's existence as soon as it sees
the domain "dying" and will not trigger @releaseDomain watches for
domains it knows nothing about. Arguably this is a bug in xenstored,
and the whole @releaseDomain machinery is rather poor, but let us not
fix that now.
Anyway, xl does not really want to know when the domain is ultimately
destroyed. It is enough for xl to know that it is on the way out, in
the "dying" state (which leads later to destruction by Xen).
Also fix a bug where domain_death_xswatch_callback might read one
domain beyond the valid data in its domaininfos array, by correctly
ordering the checks for empty domain list, end of domain list, and our
domain being missing.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Tested-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Mon, 30 Jan 2012 15:23:38 +0000 (15:23 +0000)]
libxl: domain_death_xswatch_callback: add some debug logging
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Daniel De Graaf [Sat, 28 Jan 2012 13:49:41 +0000 (13:49 +0000)]
xen: Preserve reserved grant entries when switching versions
In order for the toolstack to use reserved grant table entries, the
grant table for a guest must be initialized prior to the guest's boot.
When the guest switches grant table versions (necessary if the guest
is using v2 grant tables, or on kexec if switching grant versions),
these initial grants will be cleared. Instead of clearing them,
preserve the grants across the type change.
Attempting to preserve v2-only features such as sub-page grants will
produce a warning and clear the resulting v1 grant entry.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Sat, 28 Jan 2012 13:49:05 +0000 (13:49 +0000)]
xen: use XSM instead of IS_PRIV for getdomaininfo
The XEN_DOMCTL_getdomaininfo domctl does not allow manipulation of
domains, only basic information such as size and state, so its use
does not fully justify making a domain privileged. XSM modules can
also provide fine-grained control over what domains are visible to
domains that call getdomaininfo.
If XSM is disabled (either at compile time or by using the dummy XSM
module) then there is no change in behavior: only IS_PRIV domains can
use this domctl. If enabled, the XSM module controls access.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Sat, 28 Jan 2012 13:48:03 +0000 (13:48 +0000)]
xen: allow global VIRQ handlers to be delegated to other domains
This patch sends global VIRQs to a domain designated as the VIRQ
handler
instead of sending all global VIRQ events to dom0. This is required in
order to run xenstored in a stubdom, because VIRQ_DOM_EXC must be sent
to xenstored for domain destruction to work properly.
This patch was inspired by the xenstored stubdomain patch series sent
to xen-devel by Alex Zeffertt in 2009.
Signed-off-by: Diego Ongaro <diego.ongaro@citrix.com> Signed-off-by: Alex Zeffertt <alex.zeffertt@eu.citrix.com> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
This patch reinstates the XENMEM_remove_from_physmap hypercall
which was removed in 19041:ee62aaafff46 because it was not used.
However, is now needed in order to support xenstored stub domains.
The xenstored stub domain is not priviliged like dom0 and so cannot
unilaterally map the xenbus page of other guests into it's address
space. Therefore, before creating a domU the domain builder needs to
seed its grant table with a grant ref allowing the xenstored stub
domain to access the new domU's xenbus page.
At present domU's do not start with their grant table mapped.
Instead it gets mapped when the guest requests a grant table from
the hypervisor.
In order to seed the grant table, the domain builder first needs to
map it into dom0 address space. But the hypercall to do this
requires a gpfn (guest pfn), which is an mfn for PV guest, but a pfn
for HVM guests. Therfore, in order to seed the grant table of an
HVM guest, dom0 needs to *temporarily* map it into the guest's
"physical" address space.
Hence the need to reinstate the XENMEM_remove_from_physmap hypercall.
Signed-off-by: Alex Zeffertt <alex.zeffertt@eu.citrix.com> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
Andrew Cooper [Sat, 28 Jan 2012 13:42:25 +0000 (13:42 +0000)]
vesa: flush lfb after zeroing
If Xen is going to relinquish the VGA console, flush the linear frame
buffer after zeroing it in vesa_endboot().
Failing to do so in some circumstances leads to the actual linear
framebuffer on the graphics card still containing the output of the
Xen boot console can lead to ugly graphics output when dom0 is setting
up the graphics card for its own use.
While the patch is quite large, it is mostly just code motion to
prevent having to forward declare lfb_flush(). The only functional
change to vesa_endboot() is to insert a call to lbf_flush().
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
Andrew Cooper [Sat, 28 Jan 2012 13:41:42 +0000 (13:41 +0000)]
Console: introduce console=none command line parameter
Currenty, not specifying 'console=<foo>' on the command line causes
Xen to default to 'vga'. Alternativly, the user can explicitly
specifiy 'console=vga|com1|com2'.
However, there is no way to specify that neither vga nor serial should
be used. Specifying 'console=' does have the effect that neither vga
nor serial is set up, but at the cost of an "Bad console= option ''"
warning.
Therefore, expliticly support a 'console=none' option which does not
set up vga and does not set up serial, but does not trigger the bad
console warning.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
Wei Wang [Sat, 28 Jan 2012 13:40:36 +0000 (13:40 +0000)]
amd iommu: disable iommu emulation on non-iommu systems
Introduce a new flag to disable iommu emulation on old iommu systems.
This patch is taken from my v4 patch queue, which is till pending, to
make old or non-iommu system to run cleanly without interfered by
iommuv2 codes. This might be helpful to isolate iommuv2 code in
debugging unstable regressions. The reset part of v4 will be re-based.
Signed-off-by: Wei Wang <wei.wang2@amd.com> Committed-by: Keir Fraser <keir@xen.org>
Dario Faggioli [Fri, 27 Jan 2012 19:17:03 +0000 (19:17 +0000)]
libxl: allow for specifying the CPU affinity in the config file.
Enable CPU affinity specification in a VM's config file with the
exact syntax `xl vcpu-pin' provides.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Olaf Hering [Fri, 27 Jan 2012 19:03:37 +0000 (19:03 +0000)]
xenpaging: make file_op largefile aware
lseek() takes an off_t, the used "int << shiftsize" does not automatically
convert the int into a larger type. This leads to write errors with pagefiles
larger than 2G. Fix this by shifting an off_t instead of an int.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Olaf Hering [Fri, 27 Jan 2012 18:32:55 +0000 (18:32 +0000)]
tools/libxc: handle fallback in linux_privcmd_map_foreign_bulk properly
If the first ioctl fails with ENOENT it means the command is known. If a
second attempt to map each gfn happens to fail then there is no need to
run the fallback code. Some gfns are paged and the fallback code would
not fix the failure. Instead return the EINVAL to the caller.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
tools: memshrtool: tool to test and exercise the sharing subsystem
This is demo code meant to showcase how to perform sharing
operations. It is useful for testing.
[ Added appropriate lines to .hgignore and .gitignore -iwj ]
Signed-off-by: Adin Scannell <adin@scannell.ca> Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Roger Pau Monne [Fri, 27 Jan 2012 17:48:14 +0000 (17:48 +0000)]
libxl: fix mutex initialization
The macro PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP is not defined on
NetBSD, so define mutex attributes manually.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:26 +0000 (17:01 +0000)]
libxl: Convert to asynchronous: device removal
Convert libxl_FOO_device_remove, and the function which does the bulk
of the work, libxl__device_remove, to the new async ops scheme.
Adjust all callers.
Also remove libxl__wait_for_device_state which is now obsolete.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:25 +0000 (17:01 +0000)]
libxl: Introduce libxl__ev_devstate
Provide a new-style asynchronous facility for waiting for device
states on xenbus. This will replace libxl__wait_for_device_state,
after the callers have been updated in later patches.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:24 +0000 (17:01 +0000)]
libxl: New convenience macro CONTAINER_OF
Provide a convenient and type-safe wrapper which does the correct
dance to subtract offsetof. This is very similar to the
"container_of" macro in the Linux kernel, but it has an additional
feature that instead of the type argument you may also pass an
expression of that type; this makes initialising a variable with
CONTAINER_OF easier.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Provide a new set of machinery for writing public libxl functions
which may take a long time. The application gets to decide whether
they want the function to be synchronous, or whether they'd prefer to
get a callback, or an event, when the operation is complete.
User(s) of this machinery will be introduced in later patch(es).
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:23 +0000 (17:01 +0000)]
libxl: Permit multithreaded event waiting
Previously, the context would be locked whenever we were waiting in
libxl's own call to poll (waiting for operating system events).
This would mean that multiple simultaneous calls to libxl_event_wait
in different threads with different parameters would not work
properly.
If we simply unlock the context, it would be possible for another
thread to discover the occurrence of the event we were waiting for,
without us even waking up, and we would remain in poll. So we need a
way to wake up other threads: a pipe, one for each thread in poll.
We also need to move some variables from globals in the ctx to be
per-polling-thread.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
We want a function for setting fds to nonblocking, so introduce one.
This is a very similar requirement to that for libxl_fd_set_cloexec,
so make it common with that.
While we're at it, fix a few deficiences that make this latter
function less desirable than it could be:
* Change the return from 0/-1 (like a syscall) to a libxl error code
* Take a boolean parameter for turning the flag on and off
* Log on error (and so, take a ctx for this purpose)
Change callers of libxl_fd_set_cloexec to notice errors. (Although,
such errors are highly unlikely.)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:22 +0000 (17:01 +0000)]
libxl: New event generation API
Replace the existing API for retrieving high-level events (events
about domains, etc.) from libxl with a new one.
This changes the definition and semantics of the `libxl_event'
structure, and replaces the calls for obtaining information about
domain death and disk eject events.
This is an incompatible change, sorry. The alternative was to try to
provide both the previous horrid API and the new one, and would also
involve never using the name `libxl_event' for the new interface.
The new "libxl_event" structure is blacklisted in the ocaml bindings
for two reasons:
- It has a field name "type" (which is a keyword in ocaml);
the ocaml idl generator should massage this field name on
output, to "type_" perhaps.
- The ocaml idl generator does not support KeyedUnion.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:21 +0000 (17:01 +0000)]
ocaml, libxl: support "private" fields
The changeset
24378:b4365e2c2595 libxl: idl: support new "private" type attribute
is not complete. Actually using this feature does not work because
the ocaml idl generator does not know about it.
So add that support.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:20 +0000 (17:01 +0000)]
libxl: New API for providing OS events to libxl
We provide a new set of functions and related structures
libxl_osevent_*
which are to be used by event-driven applications to receive
information from libxl about which fds libxl is interested in, and
what timeouts libxl is waiting for, and to pass back to libxl
information about which fds are readable/writeable etc., and which
timeouts have occurred. Ie, low-level events.
In this patch, this new machinery is still all unused. Callers will
appear in the next patch in the series, which introduces a new API for
applications to receive high-level events about actual domains etc.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:19 +0000 (17:01 +0000)]
xl: fix a couple of memory leaks
* dolog leaked the log message (!)
* main() leaked the config_data (perhaps a false positive from valgrind,
but it's nicer to tidy it up).
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Jan 2012 17:01:18 +0000 (17:01 +0000)]
.gitignore/.hgignore: New names for ioemu dirs, seabios
* Add new seabios clone directories to .gitignore.
* Add new qemu clone directories to .gitignore.
* Remove old tools/ioemu (long-obsolete) from .gitignore and .hgignore.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Roger Pau Monne [Thu, 26 Jan 2012 17:38:05 +0000 (17:38 +0000)]
libxl: fix parse_backend_path and device_backend_path to be mutual
Currently if libxl__parse_backend_path is used and then you try to get
the original path again with libxl__device_backend_path the
result is wrong. This patch fixes the issue, so transformation from
path to libxl__device and back is reciprocal.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
projects / xen.git / log