Jan Beulich [Thu, 23 Jun 2016 15:46:55 +0000 (17:46 +0200)]
VMX: use non-atomic bitops to manage MSR state
All host_msr_state accesses are solely on the owning CPU, and all
guest_msr_state ones solely when the vCPU is current or being switched
to. This, btw, is also in line with the use of find_first_set_bit()
(which would be bogus if ->flags could get updated behind its back).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
Andrew Cooper [Tue, 21 Jun 2016 16:38:25 +0000 (17:38 +0100)]
xen/init: Move initcall infrastructure into .init.data
Its contents is constant.
The ALIGN(32) is also dropped. On x86, there is nothing between it and a
larger alignment. On ARM, __init_end_efi is between the two, but its sole use
is to fill SizeOfRawData in the PE Section Table, and doesn't require any
specific alignment.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com>
Andrew Cooper [Thu, 9 Jun 2016 14:41:27 +0000 (15:41 +0100)]
arm/init: Move .init.proc.info into .init.data
Its contents is constant, and only requires pointer alignment, so move it
adacent to .init.setup.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Julien Grall <julien.grall@arm.com>
Andrew Cooper [Mon, 8 Feb 2016 10:19:34 +0000 (10:19 +0000)]
xen/init: Annotate all command line parameter infrastructure as const
There is no reason for any of it to be modified. Additionally, link
.init.setup beside the other constant .init data.
While editing this area, correct the types used in the extern
declarations for __setup_start and __setup_end to match the types the
linker actually produces.
No functional change.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com>
Jan Beulich [Wed, 22 Jun 2016 10:00:44 +0000 (12:00 +0200)]
x86/vMSI-X: use generic intercept handler in place of MMIO one
This allows us to see the full ioreq without having to peek into state
which is supposedly private to the emulation framework.
Suggested-by: Paul Durrant <Paul.Durrant@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 22 Jun 2016 09:59:39 +0000 (11:59 +0200)]
x86/vMSI-X: drop list lock
msixtbl_pt_{,un}register() already run with both the PCI devices lock
and the domain event lock held, so there's no need for another lock.
Just to be on the safe side, acquire the domain event lock in the
cleanup function (albeit I don't think this is strictly necessary).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 22 Jun 2016 09:58:31 +0000 (11:58 +0200)]
x86/vMSI-X: defer intercept handler registration
There's no point in registering the internal MSI-X table intercept
functions on all domains - it is sufficient to do so once a domain gets
an MSI-X capable device assigned.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:21 +0000 (10:04 -0400)]
xen/xsm: remove .xsm_initcall.init section
Since FLASK is the only implementation of XSM hooks in Xen, using an
iterated initcall dispatch for setup is overly complex. Change this to
a direct function call to a globally visible function; if additional XSM
hooks are added in the future, a switching mechanism will be needed
regardless, and that can be placed in xsm_core.c.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Julien Grall <julien.grall@arm.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:20 +0000 (10:04 -0400)]
flask: improve unknown permission handling
When an unknown domctl, sysctl, or other operation is encountered in the
FLASK security server, use the allow_unknown bit in the security policy
to decide if the permission should be allowed or denied. This allows
new operations to be tested without needing to immediately add security
checks; however, it is not flexible enough to avoid adding the actual
permission checks. An error message is printed to the hypervisor
console when this fallback is encountered.
This patch will allow operations that are not handled by the existing
hooks only if the policy was compiled with "checkpolicy -U allow". In
previous releases, this bit did nothing, and the default remains to deny
the unknown operations.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:19 +0000 (10:04 -0400)]
flask: remove xen_flask_userlist operation
This operation has no known users, and is primarily useful when an MLS
policy is in use (which has never been shipped with Xen). In addition,
the information it provides does not actually depend on hypervisor
state (only on the XSM policy), so an application that needs it could
compute the results without needing to involve the hypervisor.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:16 +0000 (10:04 -0400)]
flask: unify {get, set}vcpucontext permissions
These permissions were initially split because they were in separate
domctls, but this split is very unlikely to actually provide security
benefits: it would require a carefully contrived situation for a domain
to both need access to one type of CPU register and also need to be
prohibited from accessing another type.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:15 +0000 (10:04 -0400)]
flask/policy: remove unused example
The access vectors defined here have never been used by xenstore.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:14 +0000 (10:04 -0400)]
flask/policy: xenstore stubdom policy
This adds the xenstore_t type to the example policy for use by a
xenstore stub domain; see the init-xenstore-domain tool for how this
type needs to be used.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:13 +0000 (10:04 -0400)]
flask/policy: remove unused support for binary modules
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:11 +0000 (10:04 -0400)]
flask/policy: split out rules for system_r
When the all_system_role module is enabled, any domain type can be
created using the system_r role, which was the default. When it is
disabled, domains not using the default types (dom0_t and domU_t) must
use another role such as vm_r.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Daniel De Graaf [Mon, 20 Jun 2016 14:04:10 +0000 (10:04 -0400)]
flask/policy: split into modules
This makes it easier to enable or disable parts of the XSM policy.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Jan Beulich [Tue, 21 Jun 2016 10:06:58 +0000 (12:06 +0200)]
x86/HVM: use available linear->phys translations in REP MOVS/STOS handling
If we have the translation result available already, we should also use
it here. In my tests with Linux guests this eliminates all calls to
hvmemul_linear_to_phys() from the STOS path and most from the MOVS one.
Also record the translation for re-use at least during response
processing.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Jan Beulich [Tue, 21 Jun 2016 10:06:13 +0000 (12:06 +0200)]
x86: show remote CPU state upon fatal NMI or unknown MCE
Quite frequently the watchdog would hit an innocent CPU, e.g. one
trying to acquire a spin lock a remote CPU holds for extended periods
of time, or a random CPU in TSC calbration rendezvous. In such cases
the register and stack dump for that CPU doesn't really help in the
analysis of the problem.
To keep things reasonable on large systems, only log CS:RIP by default.
This can be overridden via a new command line option such that full
register/stack state would get logged.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Tue, 21 Jun 2016 10:05:09 +0000 (12:05 +0200)]
x86: drop (mostly) unused guest_lNe_get_paddr()
The very few remaining uses don't make their presence really necessary:
Simplify the two L2 ones, and open code the sole common code use.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Acked-by: George Dunlap <george.dunlap@citrix.com>
Juergen Gross [Tue, 21 Jun 2016 10:03:02 +0000 (12:03 +0200)]
add update indicator to vcpu_runstate_info
There has been a report about incorrect vruntime accounting in Linux
guests under Xen. A Linux kernel with CONFIG_PARAVIRT_TIME_ACCOUNTING
set is capable to do correct vruntime accounting, but this would
require the kernel to be able to read the runstate data of other cpus.
A guest mapping vcpu_runstate_info into its memory can't read this
information from another cpu but the one the data is referring to.
Reason is there is no reliable way for the guest to detect a concurrent
data update by the hypervisor. In order to support reading another
vcpu's mapped vcpu_runstate_info an indicator for an occurring update
of the runstate information is needed.
Add the possibility to activate setting this indicator in the highest
bit of state_entry_time via a vm_assist hypercall. When activated the
update indicator will be set before the runstate information is
modified in guest memory and it will be reset after modification is
done. As state_entry_time is guaranteed to be different after each
update the guest can detect any update (either in progress or while
reading the runstate data) by comparing state_entry_time before and
after reading runstate data: in case the values differ or the update
indicator was set the data might be inconsistent and should be reread.
Juergen Gross [Tue, 21 Jun 2016 10:01:55 +0000 (12:01 +0200)]
arm: add support for vm_assist hypercall
Up to now the vm_assist hypercall hasn't been supported on ARM, as
there are only x86 specific features to switch. Add support of
vm_assist on ARM for future use.
Jan Beulich [Tue, 21 Jun 2016 10:01:18 +0000 (12:01 +0200)]
x86: also generate assembler usable equates for synthesized features
... to make it possible to base alternative instruction patching upon
such.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Tested-by: Dario Faggioli <dario.faggioli@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Razvan Cojocaru [Tue, 21 Jun 2016 09:59:37 +0000 (11:59 +0200)]
vm_event: allow subscribing to write events for specific MSR-s
Previously, subscribing to MSR write events was an all-or-none
approach, with special cases for introspection MSR-s. This patch
allows the vm_event consumer to specify exactly what MSR-s it is
interested in, and as a side-effect gets rid of the
vmx_introspection_force_enabled_msrs[] special case.
The patch also introduces arch_monitor_init_domain() and
arch_monitor_cleanup_domain(), to do monitor-specific work
(as opposed to the previous way of doing all the setup in
vm_event_init_domain() / vm_event_cleanup_domain()).
This replaces the previously posted "xen: Filter out MSR write
events" patch.
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
arm/acpi: Add Server Base System Architecture UART support
The ARM Server Base System Architecture describes a generic UART
interface. It doesn't support clock control registers, modem
control, DMA and hardware flow control features. So, extend the
driver probe() to handle SBSA interface and skip the accessing
PL011 registers that are not described in SBSA document
(ARM-DEN-0029 Version 3.0, 6 APPENDIX B: GENERIC UART).
drivers/pl011: Use combination of UARTRIS and UARTMSC instead of UARTMIS
The Masked interrupt status register (UARTMIS) is not described in ARM
SBSA 2.x document. Anding of two registers UARTMSC and UARTRIS values
gives the same information as register UARTMIS.
UARTRIS, UARTMSC and UARTMIS definitions are found in PrimeCell UART
PL011 (Revision: r1p4).
- 3.3.10 Interrupt mask set/clear register, UARTIMSC
- 3.3.11 Raw interrupt status register, UARTRIS
- 3.3.12 Masked interrupt status register, UARTMIS
This change is necessary for driver to be SBSA compliant v2.x without
affecting the current driver functionality.
The default baud and clock_hz configuration parameters are hardcoded
(commit 60ff9444480995008caf) for Versatile Express. Other platforms,
these default values may not be valid and might cause problems by
programming registers IBRD and FBRD incorrectly.
So, removing driver logic that sets the baudrate to fix the problem.
The behavior is unchanged because the driver was already relying on
the boot firmware for setting the correct baudrate.
Jan Beulich [Fri, 17 Jun 2016 14:51:22 +0000 (16:51 +0200)]
hvmloader: limit CPUs exposed to guests
Various Linux versions allocate (partial) per-CPU data for all of them,
as there is no indication in MADT whether they're hotpluggable. That's
a little wasteful in terms of resource consumption especially for
- guests with not overly much memory assigned,
- 32-bit guests not having overly much address space available.
Therefore limit what we put into MADT to the "maxvcpus" value, and make
sure AML doesn't touch memory addresses corresponding to CPUs beyond
that value (we can't reasonably make the respective processor objects
disappear).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 17 Jun 2016 14:50:37 +0000 (16:50 +0200)]
x86/HVM: re-order operations in hvm_ud_intercept()
Don't fetch CS explicitly, leverage the fact that hvm_emulate_prepare()
already does (and that hvm_virtual_to_linear_addr() doesn't alter it).
At once increase the length passed to hvm_virtual_to_linear_addr() by
one: There definitely needs to be at least one more opcode byte, and we
can avoid missing a wraparound case this way.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Dario Faggioli [Fri, 17 Jun 2016 10:31:00 +0000 (12:31 +0200)]
xen: sched: use default scheduler upon an invalid "sched="
instead of just the first scheduler we find in the array.
In fact, right now, if someone makes a typo when passing
the "sched=" command line option to Xen, we (with all
schedulers configured in) pick ARINC653, which is most
likely not what one would expect.
Go for the default scheduler instead.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-By: Jonathan Creekmore <jonathan.creekmore@gmail.com>
[ 153s] cc1: warnings being treated as errors
[ 153s] xen-livepatch.c: In function 'main':
[ 153s] xen-livepatch.c:415:12: error: 'j' may be used uninitialized in this function
[ 153s] make[3]: *** [xen-livepatch.o] Error 1
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Wei Liu [Mon, 13 Jun 2016 07:49:08 +0000 (08:49 +0100)]
build: introduce XEN_RUN_STORED
It defaults to /var/run/xenstored. It will be used later to remove some
hard-coded paths in tree. There should be no visible change to default
configuration.
Install and remove it in respective Makefile targets.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Julien Grall [Wed, 15 Jun 2016 13:40:48 +0000 (14:40 +0100)]
xen/arm: gic-v2: Only create GICv2m node when there are GICv2m frame available
Xen will crash on platform where GICv2m is not available with the
following error:
(XEN) Can't find ranges property for the gic node
(XEN) Device tree generation failed (-15).
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) Could not set up DOM0 guest OS
(XEN) ****************************************
This is because the property "ranges" may not be present in the GIC
when there are no GICv2m frames.
Skip the creation of the GICv2m node when the hardware does not
support it.
This fixes boot after commit "xen/arm: Export GICv2m register frames to
DOM0 by device tree".
The current driver ACPI probe fails on hardware which has GICv4
version, even though it is fully compatible to GICv3. This patch
fixed the issue by registering the same probe function for GICv4
hardware.
Peng Fan [Thu, 19 May 2016 09:22:07 +0000 (17:22 +0800)]
xen/arm: smpboot: drop unneeded code in start_secondary
CPU0 boots up secondary CPUs one by one. Before booting
one secondary CPU, CPU0 will assign hwid to smp_up_cpu
and flush cache. After a secondary CPU boots up,
CPU0 will assign MPIDR_INVALID to smp_up_cpu and flush
cache.
There is no need for secondary CPUs to assign MPIDR_INVALID
to smp_up_cpu. So, drop it.
Peng Fan [Thu, 12 May 2016 11:48:48 +0000 (19:48 +0800)]
xen/arm: mm: clean up code in setup_pagetables
The base of address for the relocated xen needs to be mapped
at the same virtual address (BOOT_RELOC_VIRT_START) in both
the boot and runtime page tables. So we can merge the two pieces
of code into one code block.
Also no need to use write_pte when mapping BOOT_RELOC_VIRT_START
in xen_second, because CPU0 is using boot page tables.
xen/arm: gicv2: Export GICv2m register frames to Dom0 by device tree
This patch adds v2m extension support in GIC-v2 driver. The GICv2 driver
detects the MSI frames from device tree and creates corresponding device
tree nodes in dom0's DTB. It also provides one hw_ops callback to map
v2m MMIO regions to dom0 and route v2m SPIs to dom0.
With this GICv2m extension support, the dom0 kernel can do GICv2m frame
setup and initialization.
This patch is based on the GICv2m patch of Suravee Suthikulpanit:
[PATCH 2/2] xen/arm: gicv2: Adding support for GICv2m in Dom0
http://lists.xen.org/archives/html/xen-devel/2015-04/msg02613.html
Quan Xu [Fri, 17 Jun 2016 08:25:52 +0000 (10:25 +0200)]
propagate IOMMU Device-TLB flush error up to EPT update (top level ones)
Propagate the IOMMU Device-TLB flush error up to the ept_set_entry(),
when VT-d shares EPT page table.
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
Jan Beulich [Fri, 17 Jun 2016 08:22:22 +0000 (10:22 +0200)]
APEI: pull a signedness check ahead for Coverity's sake
On 64-bit architectures (which is all we care about right now in ACPI
code), the value coming from a __u32 field makes "len" positive anyway,
but since from an abstract pov the tool is right, let's just re-order
things.
Jan Beulich [Wed, 15 Jun 2016 15:46:36 +0000 (17:46 +0200)]
AMD IOMMU: correctly propagate errors from amd_iommu_init()
... instead of using -ENODEV for any kind of error. It in particular
addresses Coverity ID 1362694 (introduced by commit eb48587210 ["AMD
IOMMU: introduce support for IVHD block type 11h"]).
Jan Beulich [Wed, 15 Jun 2016 15:31:55 +0000 (17:31 +0200)]
x86/HVM: rename mmio_gva field to mmio_gla
... to correctly reflect its purpose. To make things consistent also
rename handle_mmio_with_translation()'s respective parameter (but don't
touch sh_page_fault(), as renaming its parameter would require quite a
few more changes there).
Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Wei Liu [Mon, 13 Jun 2016 07:49:03 +0000 (08:49 +0100)]
tools: install and remove XEN_LIB_DIR in Makefile
The intention of using wild card in uninstall target is to remove both
xen and xenstored directories. Change that to two runes that explicitly
remove each of those directories.
Note that the runes that use hard-coded paths are kept for now to keep
the tree bisectable as I replace hard-coded paths component by
component. Those runes will be removed eventually.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Wei Liu [Mon, 6 Jun 2016 10:52:11 +0000 (11:52 +0100)]
libxl: rename a field in libxl__domain_create_state
The libxl__stub_dm_spawn_state field in libxl__domain_create_state was
named dmss. That was inconsistent with how things were named (usually
acronym) and there was already libxl__dm_spawn_state named dmss in other
places.
Change dmss to sdss and fix up all sites that reference this field. No
functional change.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Quan Xu [Tue, 14 Jun 2016 13:11:48 +0000 (15:11 +0200)]
IOMMU/MMU: enhance the call trees of IOMMU unmapping and mapping
When IOMMU mapping is failed, we issue a best effort rollback, stopping
IOMMU mapping, unmapping the previous IOMMU maps and then reporting the
error up to the call trees. When rollback is not feasible (in early
initialization phase or trade-off of complexity) for the hardware domain,
we do things on a best effort basis, only throwing out an error message.
IOMMU unmapping should continue despite an error, in an attempt to do
best effort cleanup.
Signed-off-by: Quan Xu <quan.xu@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
Quan Xu [Tue, 14 Jun 2016 13:10:57 +0000 (15:10 +0200)]
IOMMU: handle IOMMU mapping and unmapping failures
Treat IOMMU mapping and unmapping failures as a fatal to the DomU
If IOMMU mapping and unmapping failed, crash the DomU and propagate
the error up to the call trees.
No spamming of the log can occur. For DomU, we avoid logging any
message for already dying domains. For Dom0, that'll still be more
verbose than we'd really like, but it at least wouldn't outright
flood the console.
Signed-off-by: Quan Xu <quan.xu@intel.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Tue, 14 Jun 2016 13:10:16 +0000 (15:10 +0200)]
x86/HVM: use available linear->phys translations in REP MOVS/STOS handling
If we have the translation result available already, we should also use
is here. In my tests with Linux guests this eliminates all calls to
hvmemul_linear_to_phys() out of the two functions being changed.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com>
Jan Beulich [Tue, 14 Jun 2016 13:09:51 +0000 (15:09 +0200)]
x86/HVM: latch linear->phys translation results
... to avoid re-doing the same translation later again (in a retry, for
example). This doesn't help very often according to my testing, but
it's pretty cheap to have, and will be of further use subsequently.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Tue, 14 Jun 2016 13:08:47 +0000 (15:08 +0200)]
x86/time: use correct (local) time stamp in constant-TSC calibration fast path
This looks like a copy and paste mistake in commit 1b6a99892d ("x86:
Simpler time handling when TSC is constant across all power saving
states"), responsible for occasional many-microsecond cross-CPU skew of
what NOW() returns.
Also improve the correlation between local TSC and stime stamps
obtained at the end of the two calibration handlers: Compute the stime
one from the TSC one, instead of doing another rdtsc() for that
compuation.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Euan Harris [Thu, 9 Jun 2016 10:14:10 +0000 (10:14 +0000)]
nested vmx: Validate host VMX MSRs before accessing them
Some VMX MSRs may not exist on certain processor models, or may
be disabled because of configuration settings. It is only safe to
access these MSRs if configuration flags in other MSRs are set. These
prerequisites are listed in the Intel 64 and IA-32 Architectures
Software Developer’s Manual, Vol 3, Appendix A.
nvmx_msr_read_intercept() does not check the prerequisites before
accessing MSR_IA32_VMX_PROCBASED_CTLS2, MSR_IA32_VMX_EPT_VPID_CAP,
MSR_IA32_VMX_VMFUNC on the host. Accessing these MSRs from a nested
VMX guest running on a host which does not support them will cause
Xen to crash with a GPF.
Signed-off-by: Euan Harris <euan.harris@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Fri, 10 Jun 2016 18:11:12 +0000 (19:11 +0100)]
xen/hvm: Fix advertisement of available xstates following c/s c52319642
PKU lives in CPUID.7[0].ECX, not EBX. This causes hardware with BMI1 to
accidentally advertise PKU in CPUID.0xD[0].EAX. Any OS which proceeds to
blindly write this into %xcr0 takes a #GP fault. (Experimentally, Windows
Vista 32bit falls into this category.)
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com>
libxenvchan: Change license of header from Lesser GPL v2.1 to BSD
As the xen/COPYING file says:
"A few files are licensed under both GPL and a weaker BSD-style
license. This includes all files within the subdirectory
include/public, as described in include/public/COPYING. All such files
include the non-GPL license text as a source-code comment. Although
the license text refers generically to "the software", the non-GPL
license applies *only* to those source files that explicitly include
the non-GPL license text."
The libxenvchan.h is under xen/include/public/io directory
and the xen/include/public/COPYING says:
"XEN NOTICE
==========
This copyright applies to all files within this subdirectory and its
subdirectories:
include/public/*.h
include/public/hvm/*.h
include/public/io/*.h
The intention is that these files can be freely copied into the source
tree of an operating system when porting that OS to run on Xen. Doing
so does *not* cause the OS to become subject to the terms of the GPL.
All other files in the Xen source distribution are covered by version
2 of the GNU General Public License except where explicitly stated
otherwise within individual source files.
"
Having the libxenvchan.h as Lesser GPL v2.1 where the COPYING file
says otherwise is confusing to say at least.
Upon consulting with the authors of libxenvchan they said:
"FWIW Neither I, nor ITL staff (as author of original libvchan library)
have anything against converting it to the BSD-style licence."
(Marek Marczykowski-Górecki,
http://lists.xen.org/archives/html/xen-devel/2016-06/msg00995.html)
so as such lets change it.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Anil Madhavapeddy <anil@recoil.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: George Dunlap <George.Dunlap@eu.citrix.com> Acked-by: Jan Beulich <JBeulich@suse.com> Acked-by: Jason Andryuk <andryuk@aero.org> Acked-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Acked-by: Matthew Daley <mattjd@gmail.com> Acked-by: Olaf Hering <olaf@aepfle.de> Acked-by: Roger Pau Monne <roger.pau@entel.upc.edu> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
["I have spoken to my line manager. I can confirm that Citrix is happy
with this proposed change. So:
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
This view from Citrix covers all contributions made to these files in
the course of Citrix's employees' employment, which I think is:
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> cc: George Dunlap <George.Dunlap@eu.citrix.com>
> Cc: Ian Campbell <ian.campbell@citrix.com>
> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
> Cc: Roger Pau Monne <roger.pau@entel.upc.edu>
> Cc: Stefano Stabellini <sstabellini@kernel.org>
> Cc: Tim Deegan <tim@xen.org>
> Cc: Wei Liu <wei.liu2@citrix.com>
..
[in subsequent email]:
Wei points out that this ought also to include Keir Fraser's
contribution, which was (only) in 2012.
" (from Ian's email)
In a subsequent mail, Wei also points out that David Scott's
contribution is covered by Ian's ack.
]
Andrew Cooper [Fri, 10 Jun 2016 14:47:15 +0000 (15:47 +0100)]
xen/x86: Always print processor information at boot
It is generally useful information, which isn't directly available in the
hypervisor console log.
To get an appropriate string in this_cpu->c_vendor, drop the notion of
gcv_host_late. All relevent information is available even during early
detection, and even Linux (as the ancestor of this code) as dropped the
distinction.
A sample log now looks like:
(XEN) Domain heap initialised
(XEN) CPU Vendor: Intel, Family 6, Model 71, Stepping 1 (raw 00040671)
(XEN) found SMP MP-table at 000fd6c0
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Local variable "j" would be used only when "i == ARRAY_SIZE(main_options)"
is true. Thus, it is not necessary to update "j" when "i ==
ARRAY_SIZE(main_options)" is false.
Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
projects / xen.git / log