Ian Campbell [Sat, 26 Jul 2014 08:04:23 +0000 (09:04 +0100)]
xen: arm: Select ramdisk bootmodule early enough when building dom0
I thought in 0040b649d6df "xen: arm: Only lookup kernel/initrd bootmodule once
while building dom0" that I had identified place_modules as being soon enough,
but I was wrong, since write_properties wants to use it sooner.
Select the initrd boot module in kernel_probe at the same time we select the
kernel to avoid all this.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Andrew Cooper [Fri, 25 Jul 2014 09:55:11 +0000 (11:55 +0200)]
x86/gdbsx: security audit of {,un}pausevcpu and domstatus hypercalls
XEN_DOMCTL_gdbsx_domstatus is already safe. It loops at most over every vcpu
in a domain and breaks at the first vcpu with an event pending, marking it as
not-pending.
XEN_DOMCTL_gdbsx_pausevcpu had an incorrect bounds check against the vcpu id,
allowing an overflow of d->vcpu[] with an id between d->max_vcpus and
MAX_VIRT_CPUS. It was also able to overflow a vcpus pause count by many
repeated hypercalls.
The bounds check is fixed, and vcpu_pause() has been replaced with
vcpu_pause_by_systemcontroller() which cuts out at 255 uses.
XEN_DOMCTL_gdbsx_unpausevcpu suffered from the same bounds problems as its
pause counterpart, and is fixed in exactly the same way. Despite the
atomic_read(&v->pause_count), this code didn't successfully prevent against an
underflow of the vcpu pause count.
The vcpu_unpause() has been replaced with vcpu_pause_by_systemcontroller()
which correctly prevents against underflow. The printk() is updated to have a
proper guest logging level, and provide more useful information in the XSM
case of one domain having debugger privileges over another.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Which will be used by following patches. Reorder the function declarations
for vcpu/domain pause/unpause to group by vcpu/domain and visually separate
them slightly.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Fri, 25 Jul 2014 09:53:31 +0000 (11:53 +0200)]
x86/gdbsx: invert preconditions for XEN_DOMCTL_gdbsx_{,un}pausevcpu hypercalls
c/s 3eb1c708ab "properly reference count DOMCTL_{,un}pausedomain hypercalls"
accidentally inverted the use of d->controller_pause_count.
Revert back to how it was originally, i.e. the XEN_DOMCTL_gdbsx_{,un}pausevcpu
hypercalls are only valid for a domain already paused by the system controller.
Reported-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Paul Durrant [Fri, 25 Jul 2014 09:51:57 +0000 (11:51 +0200)]
x86: fix ioreq-server event channel vulnerability
The code in hvm_send_assist_req_to_ioreq_server() and hvm_do_resume() uses
an event channel port number taken from the page of memory shared with the
emulator. This allows an emulator to corrupt values that are then blindly
used by Xen, leading to assertion failures in some cases. Moreover, in the
case of the default ioreq server the page remains in the guest p2m so a
malicious guest could similarly corrupt those values.
This patch changes the afforementioned functions to get the event channel
port number from an internal structure and also adds an extra check to
hvm_send_assist_req_to_ioreq_server() which will crash the domain should the
guest or an emulator corrupt the port number in the shared page.
Reported-by: Wen Congyang <wency@cn.fujitsu.com> Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
oxenstored: force FD_CLOEXEC with Unix.set_close_on_exec on LSB init
Lets match the systemd active socket activation implementation and
ensure that FD_CLOEXEC is set by usin Unix.set_close_on_exec. David
notes oxenstored likely does not exec but there is no harm in being
careful just in case things change in the future.
Cc: David Scott <dave.scott@eu.citrix.com> Cc: Anil Madhavapeddy <anil@recoil.org> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Vincent Hanquez <Vincent.Hanquez@eu.citrix.com> Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
oxenstored: add support for systemd active sockets
This adds systemd socket activation support for the Ocaml xenstored.
Ocaml lacks systemd library support so we provide our own C helpers
as is done with other functionality lacking on Ocaml.
Active sockets enables oxenstored to be loaded only if required by a system
onto which Xen is installed on. Socket activation is handled by
systemd, once a port for a service which claims a socket is used
systemd will start the required services for it, on demand. For more
details on socket activation refer to Lennart's socket-activation
post regarding this [0].
An important difference with socket activation is that systemd will set
FD_CLOEXEC for us on the socket before giving it to us, we'll sprinkly
the Unix.set_close_on_exec for LSB init next as a separate commit.
Right now this code adds a no-op for this functionality, leaving the
enablement to be done later once systemd is properly hooked into
the build system. The socket activation is ordered in aligment with
the socket activation order passed on to systemd.
Cc: David Scott <dave.scott@eu.citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Vincent Hanquez <Vincent.Hanquez@eu.citrix.com> Acked-by: Dave Scott <Dave.Scott@citrix.com> Acked-by: Anil Madhavapeddy <anil@recoil.org> Signed-off-by: Luis R. Rodriguez <mcgrof@suse.com>
cxenstored: add support for systemd active sockets
This adds systemd socket activation support for the C xenstored.
Active sockets enable xenstored to be loaded only if required by a system
onto which Xen is installed on. Socket activation is handled by
systemd, once a port for a service which claims a socket is used
systemd will start the required services for it, on demand. For more
details on socket activation refer to Lennart's socket-activation
post regarding this [0].
Right now this code adds a no-op for this functionality, leaving the
enablement to be done later once systemd is properly hooked into
the build system. The socket activation is ordered in aligment with
the socket activation order passed on to systemd.
Chunyan Liu [Wed, 23 Jul 2014 09:42:09 +0000 (17:42 +0800)]
fix list_domain_details: check config data length=0
If domain is created through virsh, then in xl, one could see it
with 'xl list', but with 'xl list --long domU', it reports:
"Domain name must be specified."
The reason is xl config data does not exist but it still tries
to parse_config_data in current code.
Improve list_domain_details:
If len of config data is 0, just pass, do not go forward to
parse_config_data, otherwise, it will meet error like
"Domain name not specified" and exit. This error is not expected,
since if code enters list_domain_details, domain name validness
is already checked and domain does exist.
Length of config data is 0 may means: config data does not exist due
to some reason, like: domain is created by libvirt, or in destroying
domain process config data is cleared but domain fails to clean up.
No matter in which case, list_domain_details could just show empty
info, but not error like "Domain name not specified".
Signed-off-by: Chunyan Liu <cyliu@suse.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Andrew Cooper [Tue, 22 Jul 2014 16:17:16 +0000 (17:17 +0100)]
tools/xenconsoled: Log Xen boot messages at startup.
When xenconsoled starts, there will be log lines in the Xen console ring from
boot, even though VIRQ_CON_RING is not yet pending.
Add a force option to handle_hv_logs() which bypasses the event channel check,
allowing xenconsoled to drain the Xen boot messages when it starts, rather
than at the first subsequent time that VIRQ_CON_RING becomes set.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
The size of the Xen console ring is runtime configurable, so the statically
sized 16k buffer is not necessarily sufficient. Make repeated
xc_readconsolering() hypercalls while Xen managed to completely fill the
provided buffer.
Also, change the buffer to being static to save on stack space.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andrew Cooper [Tue, 22 Jul 2014 16:17:14 +0000 (17:17 +0100)]
tools/xenconsoled: Newline on 'Logfile Opened' messages
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Tue, 22 Jul 2014 07:19:17 +0000 (09:19 +0200)]
stubdom: fix -Wextra usage in vtpm_emulator
If -Wextra is appended to CFLAGS it will enable all warnings. Previous
options such as -Wno-unused-parameters have no effect anymore. As a
result compilation will fail with gcc-4.3. Newer versions of gcc will
appearently remember -Wno-* options before -Wextra.
Rearrange warning options for gcc so that -Wextra comes before other -W
options. This fixes compilation of stubdom in SLES11.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Olaf Hering [Tue, 22 Jul 2014 07:19:16 +0000 (09:19 +0200)]
mini-os: tpm: remove usage of inline keyword
Compilation fails with gcc-4.3:
tpmback.c: In function 'tpmback_resp':
tpmback.c:148: error: inlining failed in call to 'tpmdev_check_req': call is unlikely and code size would grow
tpmback.c:165: error: called from here
tpmback.c: In function 'new_tpmif':
tpmback.c:384: error: inlining failed in call to '__init_tpmif': call is unlikely and code size would grow
tpmback.c:425: error: called from here
Adjust code to use static instead of inline, it has the same effect.
Change also tpmif_req_ready and tpmif_req_finished before they start to
cause failures.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Ian Campbell [Wed, 23 Jul 2014 16:45:30 +0000 (17:45 +0100)]
xen: arm: don't release modules which aren't in RAM into the heap
They might be in e.g. flash or something but more likely they could
be in a bank of RAM which we aren't handling or in RAM which the
bootloader hasn't told us about for some reason.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org> Cc: Fu Wei <fu.wei@linaro.org> Cc: Roy Franz <roy.franz@linaro.org>
Ian Campbell [Mon, 21 Jul 2014 13:00:00 +0000 (14:00 +0100)]
xen: arm: Correctly use GLOBAL/ENTRY in head.S, avoid .global
Use ENTRY() for function entry points since it ensures correct
alignment where GLOBAL() doesn't. The exception is the initial start
label which must be at offset 0, so just use GLOBAL() to avoid the
possibility of realignment.
Since everything happens to already be aligned there should be no
difference to the actual binary. objdump agrees.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Ian Campbell [Mon, 21 Jul 2014 12:59:58 +0000 (13:59 +0100)]
xen: arm: avoid unnecessary additional mappings in boot page tables.
If the identity map is created at one level then avoid creating
entries further down the boot page tables, since these will be aliases at
strange virtual address.
For example consider an arm32 system (for simplicity) with Xen loaded at
address 0x40402000. As a virtual address this corresponds to walking offsets 1,
2 and 2 at the first, second and third levels respectively.
When creating the identity map we will therefore create a 1GB super mapping at
0x40000000 for the identity map, which is the one we want to use.
However when considering the second level we will see the offset 2 and create a
2MB mapping in slot 2 of boot_second. Since boot_second is mapped in slot 0 of
boot_first this corresponds to an unwanted mapping from virtual address
0x00400000 to physical address 0x40400000.
We still do not handle the case where the load address is within the 2MB range
starting just after XEN_VIRT_START. This is not a regression but this patch
tries to provide a more useful diagnostic message. We do handle loading at
exactly XEN_VIRT_START.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Ian Campbell [Mon, 21 Jul 2014 12:59:57 +0000 (13:59 +0100)]
xen: arm: Do not use level 0 section mappings in boot page tables.
Level 0 does not support superpage mappings, meaning that systems on where Xen
is loaded above 512GB (I'm not aware of any such systems) the 1:1 mapping on
the boot page tables is invalid.
In order to avoid this issue we need an additional first level page table
mapped by the appropriate L0 slot and containing a 1:1 superpage mapping.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Currently the boot page tables map Xen at XEN_VIRT_START using a 2MB section
mapping. This means that the bootloader must load Xen at a 2MB aligned address.
Unfortunately this is not the case with UEFI on the Juno platform where Xen
fails to boot. Furthermore the Linux boot protocol (which Xen claims to adhere
to) does not have this restriction, therefore this is our bug and not the
bootloader's.
Fix this by adding third level pagetables to the boot time pagetables, allowing
us to map a Xen which is aligned only to a 4K boundary. This only affects the
boot time page tables since Xen will later relocate itself to a 2MB aligned
address. Strictly speaking the non-boot processors could make use of this and
use a section mapping, but it is simpler if all processors follow the same boot
path.
Strictly speaking the Linux boot protocol doesn't even require 4K alignment
(and apparently Linux can cope with this), but so far all bootloaders appear to
provide it, so support for this is left for another day.
In order to use LPAE_ENTRIES in head.S we need to define it in an asm friendly
way.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
[ ijc -- properly format message "- FOO -\r\n" ]
Ian Campbell [Mon, 21 Jul 2014 11:29:14 +0000 (12:29 +0100)]
libxc: disable valgrind integration when building for minios
The stubdom build system incorrectly picks up on the hosts
installation of Valgrind, which cannot work in a stubdom environment.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Tested-by: Simon Martin <furryfuttock@gmail.com> Reviewed-by: Andrew Cooper<andrew.cooper3@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[ ijc -- s/define/defined/ ]
x86, amd_ucode: support multiple container files appended together
This patch adds support for parsing through multiple AMD container
binaries concatenated together. It is a feature already present in Linux.
Link to linux patch:
http://lkml.kernel.org/r/1370463236-2115-3-git-send-email-jacob.shin@amd.com
Other changes introduced:
- Define HDR_SIZE's explicitly for code clarity.
- Minor cleanup: Remove extra casts in that are used in
install_equiv_cpu_table()
Signed-off-by: Aravind Gopalakrishnan <aravind.gopalakrishnan@amd.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Wed, 23 Jul 2014 16:08:47 +0000 (18:08 +0200)]
x86/kexec: fix kexec on systems which boot in x2apic mode
Moving straight from fully disabled to x2apic mode is an illegal state
transition, and causes an unconditional #GP fault. Bounce through xapic mode
to avoid the fault.
In addition, avoid bouncing through the various apic modes if the mode is
already correct.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Wed, 23 Jul 2014 16:07:11 +0000 (18:07 +0200)]
x86/mem_event: validate the response vcpu_id before acting on it
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Reviewed-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Tested-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
This is a patch repairing a regression in code previously functional in 4.1.x.
It appears that, during some refactoring work, call to hvm_memory_event_cr0 was lost.
This function was originally called in mov_to_cr() of vmx.c, but the commit
http://xenbits.xen.org/hg/xen-unstable.hg/rev/1276926e3795 abstracted the
original code into generic functions up a level in hvm.c, dropping the call
in the process.
The same issue affected the CR3 and CR4 events, which were fixed in patch
http://xenbits.xensource.com/hg/xen-unstable.hg/rev/7ab899e46347.
Signed-off-by: Tamas K Lengyel <tamas.lengyel@zentific.com> Reviewed-by: Tim Deegan <tim@xen.org>
Changeset dab11417d
"x86/HVM: consolidate and sanitize CR4 guest reserved bit determination"
did not take into account the fact that dom0 does not have a cpuid policy. As
a result, PVH dom0s would be given unexpected #GP faults on boot.
In addition to the restore case (where the toolstack has not had time to load
a cpuid policy), unconditionally exempt the hardware domain from needing a
policy.
Reported-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Tested-by: Roger Pau Monné <roger.pau@citrix.com>
avoid crash when doing shutdown with active cpupools
When shutting down the machine while there are cpus in a cpupool other than
Pool-0 a crash is triggered due to cpupool handling rejecting offlining the
non-boot cpus in other cpupools.
It is easy to detect this case and allow offlining those cpus.
Reported-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Juergen Gross <jgross@suse.com> Tested-by: Stefan Bader <stefan.bader@canonical.com>
Ian Campbell [Fri, 18 Jul 2014 13:08:18 +0000 (14:08 +0100)]
xen: arm: support bootmodule type detection by ordering
Assign modules types based on the order in which they are defined in the FDT.
This is supported only for the dom0 kernel and ramdisk when given as the first
and second modules respectively, similar to how
http://wiki.xen.org/wiki?title=Xen_ARM_with_Virtualization_Extensions/Multiboot&oldid=11824
defined the default types from the bootloader side.
This is compatible with how Xen interprets the modules with x86 multiboot and I
think simplifies things for bootloaders which now need not contain similar
guessing code if they only care about the most basic case.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Ian Campbell [Fri, 18 Jul 2014 13:08:17 +0000 (14:08 +0100)]
xen: arm: store per-boot module type instead of relying on index
This is more natural and better matches how multiboot is actually supposed to
work.
As part of this we need to modify consider_modules to handle Xen not
necessarily being module zero any more. To do this we first register a module
for Xen at the original load address and then update after we have relocated.
This is also fixing a latent issue which is that get_xen_paddr() would not
consider Xen's current physical address when picking the target address which
was buggy because the relocation code cannot handle the possibility of the old
and new locations overlapping.
All callers of consider_modules now consider the full range instead of some
skipping slot 0.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Ian Campbell [Fri, 18 Jul 2014 13:08:15 +0000 (14:08 +0100)]
xen: arm: move boot time fdt parsing into separate file.
Move the early code for walking the flattened device tree out of device_tree.c.
The intention is that eventually only the proper (i.e. unflattened) device
tree support will live in device_tree.c.
The new home is bootfdt.c to try and better reflect the purpose of the code.
Although in theory this early code could be generic in reality it is pretty ARM
specific, so place it under xen/arch/arm until a second user wants it.
As part of the move rename device_tree_early_init to boot_fdt_info. Drop
device_tree_dump, it is unused.
Ian Campbell [Fri, 18 Jul 2014 13:08:14 +0000 (14:08 +0100)]
xen: arm: rename early_info structs
There isn't really anything Device Tree specific about the early_info, we just
happen to get it from device tree (but in the future it might come e.g. from
UEFI or ACPI or something else).
Move the relevant structs out of device_tree.h and into asm/setup.h and rename to
be more neutral.
For now the code to parse the DT into the now arch specific structs remains in
common code.
This causes Xen to accept the more generic names specified in
http://wiki.xen.org/wiki/Xen_ARM_with_Virtualization_Extensions/Multiboot as of
2014-06-06.
These names are more generic than those proposed by Andre in
http://thread.gmane.org/gmane.linux.linaro.announce.boot/326 and those
used in earlier drafts of the /Multiboot wiki page.
This will allow bootloaders to not special case Xen (or at least to reduce
the amount which is required).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Ian Campbell [Fri, 18 Jul 2014 13:33:59 +0000 (14:33 +0100)]
xen: arm: avoid reusing incorrect mappings when walking the p2m.
When we change which PT page we are mapping at a given level then we need to
invalidate any cached mappings further down the tree, otherwise we risk using
them because their offset might match but be based on a different offset
further up the table.
e.g. when remapping first then cur_first_offset and cur_second_offset (which
indicate the currently mapped second and third tables respectively) both become
invalid
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
This patch is with respect to the following discussion on xen-devel -
http://lists.xenproject.org/archives/html/xen-devel/2014-07/msg01991.html
The file extras/mini-os/tpmback.c was failing compilation on certain compilers
because of size mismatch between enum and int. Earlier the code used to read
value of enum using %d format, which failed compilation on some compilers:
tpmback.c: In function ‘tpmif_change_state’:
tpmback.c:350:4: error: format ‘%d’ expects argument of type ‘int *’,
but argument 3 has type ‘enum xenbus_state *’ [-Werror=format=]
if(sscanf(value, "%d", &readst) != 1) {
^
Now the value is read into an actual int variable and then assigned to the
enum.
Signed-off-by:- Dushyant Behl <myselfdushyantbehl@gmail.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[ ijc -- added the actual error to the commit log ]
Thomas Leonard [Wed, 16 Jul 2014 11:07:46 +0000 (12:07 +0100)]
mini-os: use generic local_irq_enable function
__sti is x86 specific.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Andrew Cooper [Wed, 16 Jul 2014 14:32:05 +0000 (15:32 +0100)]
tools/libxc: Shuffle definitions and uses of min()/max() macros
Move the typesafe min() macro from xc_dom_decompress_unsafe_xz.c to
xc_private.h, and complement it with an equivalent max() macro.
Replace current users of type unsafe MIN()/MAX() macros, and remove their
scattered definitions.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
arch/arm: let map_mmio_regions() use start and count
Currently, the arguments given to the function map_mmio_regions() to
describe the memory range to be mapped are the start and end page frame
numbers of the range to be mapped. However, this could give rise to
issues due to the range being inclusive or exclusive of the end gfn
given as parameter. This commit changes the interface of the function
to accept the start gfn and the number of gfns to be mapped.
This commit also changes the interface of the function map_one_mmio(),
helper for the xgene-storm platform, which is a wrapper for the function
map_mmio_regions() and does not need its arguments to be paddr_t.
NOTE: platform-specific code has not been tested, save for the
sunxi and the Arndale Exynos 5 platforms (see the Tested-by
below for the latter).
Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com> Acked-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@eu.citrix.com> Tested-by: Julien Grall <julien.grall@citrix.com> Cc: Dario Faggioli <dario.faggioli@citrix.com> Cc: Paolo Valente <paolo.valente@unimore.it> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Jan Beulich <JBeulich@suse.com> Cc: Keir Fraser <keir@xen.org> Cc: Tim Deegan <tim@xen.org> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: Eric Trudeau <etrudeau@broadcom.com> Cc: Viktor Kleinik <viktor.kleinik@globallogic.com>
[ ijc -- remove stray extra parameter in xgene-storm.c ]
arch/arm: let map_mmio_regions() take pfn as parameters
Currently, the map_mmio_regions() function, defined for the ARM
architecture, has parameters with paddr_t type. This interface,
however, needs caller functions to correctly page-align addresses
given as parameters to map_mmio_regions(). This commit changes the
function's interface to accept page frame numbers as parameters.
This commit also modifies caller functions in an attempt to adapt
them to the new interface.
This commit is meant to produce the minimum indispensable needed
changes; these are also instrumental to making the interface of
map_mmio_regions() symmetric with the unmap_mmio_regions() function,
that will be introduced in one of the next commits of the series
and will feature a pfn-based interface.
NOTE: platform-specific code has not been tested, save for the
sunxi and the Arndale Exynos 5 platforms (see the Tested-by
below for the latter).
Signed-off-by: Arianna Avanzini <avanzini.arianna@gmail.com> Tested-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@eu.citrix.com> Cc: Dario Faggioli <dario.faggioli@citrix.com> Cc: Paolo Valente <paolo.valente@unimore.it> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Jan Beulich <JBeulich@suse.com> Cc: Keir Fraser <keir@xen.org> Cc: Tim Deegan <tim@xen.org> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: Eric Trudeau <etrudeau@broadcom.com> Cc: Viktor Kleinik <viktor.kleinik@globallogic.com>
Chunyan Liu [Fri, 18 Jul 2014 06:18:04 +0000 (14:18 +0800)]
xl: 'xl vncviewer' accesses port 0 by any invalid domid
Currently, with command:
xl vncviewer invalid_domid
it always brings user to the domU using vncport 5900.
The invalid domid could be an non-existing one or Dom0.
It's better to report error in this case.
Correct libxl_vncviewer_exec:
In existing code, when vncport is NULL, it still continues
and will show vncport 5900. So, with 'xl vncviewer 0' it also
wrongly shows domU using vncport 5900. Correct it to report error
if vncport is NULL.
Signed-off-by: Chunyan Liu <cyliu@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
George Dunlap [Mon, 14 Jul 2014 16:15:23 +0000 (17:15 +0100)]
make: Normalize config options for external trees
We have four different external trees, and four different naming
conventions for specifying the URL, where they live, and what revision
to check out.
Normalize config options on the following bases:
- QEMU_UPSTREAM
- QEMU_TRADITIONAL
- SEABIOS_UPSTREAM
- OVMF_UPSTREAM
The following suffixes for all trees:
- _URL : A remote repository to clone from
- _REVISION : The revision to check out
And the following suffixes for the qemu trees:
- _INTREE : The location of an inlined tree (for tarball releases)
- _LOC : Where to actually look (either a directory or a URL)
The following parameters are still supported for backwards
compatibility:
- CONFIG_QEMU (=> QEMU_TRADITIONAL_LOC)
- QEMU_REMOTE (=> QEMU_TRADITIONAL_URL)
- QEMU_TAG (=> QEMU_TRADITIONAL_REVISION)
- SEABIOS_UPSTREAM_TAG (=> SEABIOS_UPSTREAM_REVISION)
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
George Dunlap [Mon, 14 Jul 2014 16:15:22 +0000 (17:15 +0100)]
make: Check tools/qemu-xen[-traditional] for qemu before downloading
Currently xen, qemu-xen, and qemu-xen-traditional are kept in separate
repositories, but when we release them as a tarball, qemu-xen and
qemu-xen-traditional are in-lined into the tools/ directory.
In order to make this "just work", at the moment developer doing the
release manually modifies Config.mk as part of the relase process so
that CONFIG_QEMU and QEMU_UPSTREAM_URL point into the tools/ directory
instead.
Modify Config.mk to automatically check there before trying a remote
repository.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
If we have a Guest/DomU with two or more of its VCPUs running
on same host CPU then it can quite likely happen that these
VCPUs fight for same spinlock and one of them will waste CPU
cycles in WFE instruction. This patch makes WFE instruction
trap for VCPU and forces VCPU to yield its timeslice.
The KVM ARM/ARM64 also does similar thing for handling WFE
instructions. (Please refer,
https://lists.cs.columbia.edu/pipermail/kvmarm/2013-November/006259.html)
In general, this patch is more of an optimization for an
oversubscribed system having number of VCPUs more than
underlying host CPUs.
Signed-off-by: Anup Patel <anup.patel@linaro.org> Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org> Tested-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- resolved conflict with "Adding helper function for WFI",
nuked stray hard tab ]
Parth Dixit [Mon, 14 Jul 2014 13:51:53 +0000 (19:21 +0530)]
xen/arm : Adding helper function for WFI
WFI functionality is required at different places in xen.
Moving it to seperate helper function so that it is easier
to call WFI function and avoid duplication of code
Signed-off-by: Parth Dixit <parth.dixit@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Moved an enum definition before the typedef that uses it.
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Jackson [Wed, 28 May 2014 16:04:52 +0000 (17:04 +0100)]
rump kernels: Handle rumpxen host in configure
Support
./configure --host=x86_64-rumpxen-netbsd
./configure --host=i386-rumpxen-netbsd
Setting --host tells configure we are cross compiling and therefore
has various automatic effects.
But in this patch we make some deliberate changes as well:
* We disable a large number of configure tests for libraries
etc. which don't exist.
* We set CONFIG_RUMP in Tools.mk.
* Hence, we automatically set XEN_OS.
(I have only tested the 32-bit build but I think the 64-bit build
should work just as well.)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
---
v3: Add comment to `fi'
v2: Mention x86_64.
Drop an erroneous whitespace change.
Ian Jackson [Wed, 28 May 2014 16:06:02 +0000 (17:06 +0100)]
build system: Introduce nosharedlibs variable.
Introduce a new build variable "nosharedlibs".
In tools/libxc use it instead of $(stubdom).
In tools/xenstore honour it, and build static clients.
If shared libs are disabled, do not try to install or symlink them.
Set nosharedlibs when building for MiniOS or NetBSDRump.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
---
v2: Clarify deliberate INSTALL_SHLIB and SYMLINK_SHLIB breakage.
Ian Jackson [Wed, 28 May 2014 16:06:21 +0000 (17:06 +0100)]
libxc: rump kernels: Use standard xc_osdep_get_info
Do not try to support the dlopen-based xc indirection.
Introduce a local #define DO_DYNAMIC_OSDEP to centralise the condition.
Add comments to the #endifs.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
---
v2: Remove duplication by introducing DO_DYNAMIC_OSDEP.
Add comments to the #endifs.
Ian Jackson [Fri, 20 Jun 2014 10:54:56 +0000 (11:54 +0100)]
xenstore: In xenstore_client, avoid stack buffer in recursive function
do_ls is recursive. It had a buffer of size around 5K allocated on
the stack. This combination is not a very good idea: some
environments (eg, Mini-OS) have limited stack sizes (eg 64K).
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
libxl: Use proper path for 'do_flr' functionality.
Commit f74035d3b1e827ff6ff1873e2f10feb011a8d0d2 "xl: PCI code cleanups"
introduced an regression where it changed the name from:
/sys/bus/pci/drivers/pciback/do_flr
to
libxl_sprintf(ctx, "%s/pciback/do_flr", SYSFS_PCI_DEV);
And SYSFS_PCI_DEV is "/sys/bus/pci/devices", meaning we would
do /sys/bus/pci/devices/pciback/do_flr. The proper define
should have been SYSFS_PCIBACK_DRIVER, which is what this patch does.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
- Added an optional argument to allow passing a ramdisk
to the Xenstore domain built by init-xenstore-domain.
- This is needed for Xenstore/MAC to pass initial security
policy.
Signed-off-by: James Bielman <jamesjb@galois.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Wed, 9 Jul 2014 12:07:46 +0000 (13:07 +0100)]
xen: arm: allocate more than one bank for 1:1 domain 0 if needed
Depending on where Xen and the initial modules were loaded into RAM we may not
be able to allocate a suitably contiguous block of memory for dom0. Especially
since the allocations made by alloc_domheap_pages are naturally aligned (e.g. a
1GB allocation must be at a 1GB boundary).
The alignment requirement in particular is a huge limitation, meaning that even
dom0_mem0=1G on a 2GB system is pretty likely to fail unless you are very
careful with your load addresses. People were also having trouble with dom0 >
128MB on the 1GB cubieboard2 when using fairly standard load addresses for
things.
This patch tries to allocate multiple banks of memory in order to try and
satisfy the entire requested domain 0 allocation. Sadly this turns out to be
pretty tricky to arrange (see the large comment in the code).
Ian Campbell [Wed, 9 Jul 2014 12:07:45 +0000 (13:07 +0100)]
xen: arm: use superpages in p2m when pages are suitably aligned
This creates superpage (1G and 2M) mappings in the p2m for both domU and dom0
when the guest and machine addresses are suitably aligned. This relies on the
domain builder to allocate suitably sized regions, this is trivially true for
1:1 mapped dom0's and was arranged for guests in a previous patch. A non-1:1
dom0's memory is not currently deliberately aligned.
Since ARM pagetables are (mostly) consistent at each level this is implemented
by refactoring the handling of a single level of pagetable into a common
function. The two inconsistencies are that there are no superpage mappings at
level zero and that level three entry mappings must set the table bit.
When inserting new mappings the code shatters superpage mappings as necessary,
but currently makes no attempt to coalesce anything again. In particular when
inserting a mapping which could be a superpage over an existing table mapping
we do not attempt to free that lower page table and instead descend into it.
Some p2m statistics are added to keep track of the number of each level of
mapping and the number of times we've had to shatter an existing mapping.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
xen/arm: split vgic driver into generic and vgic-v2 driver
Existing vGIC driver has both generic code and hw specific
code. Segregate vGIC low level driver into vgic-v2.c and
keep generic code in existing vgic.c file.
Some static generic functions in vgic.c is made as non-static
so that these generic functions can be used in vGIC v2 driver.
vGIC v2 driver registers required callbacks to generic vGIC
driver. This helps to plug in next version of vGIC drivers
like vGIC v3. These callbacks are registered per domain
Signed-off-by: Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com> Acked-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: calculate vgic irq rank based on register size
vGIC irq rank was computed assuming the register offset is byte
size.Use the HSR abort address size in calculating register size.
So, with this patch following are achieved
(1) In the code 'dabt.size != number' this number is always
BYTE/HALF_WORD/WORD/DOUBLE defined by HSR register.
Instead of checking for hard coded values use HSR abort
address size values.
(2) The vgic_rank_offset also depends on register size to
compute the rank offset. Though there is no direct relation
between rank offset computation and HSR dabt.size the same
values are used to calculate irq rank.
This make vgic_rank_offset generic as it takes register
size as parameter to calculate irq rank instead of hard coding to
value 2 in previous patches
Also, output of REG_RANK_INDEX macro is modulo by 32 to make
sure register index is always within irq rank
Signed-off-by: Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: move pending_irq structure to vgic header file
gic.h requires definition of pending_irq structure defined
in domain.h and domain.h requires gic_state structure defined
in gic.h and hence there is inter-dependency between domain.h
and gic.h files.
So move pending_irq to vgic.h which is relevant place for this
structure and break domain.h and gic.h interdependency
By this move irq_to_pending function declaration from gic.h
to vgic.h
Signed-off-by: Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Wei Liu [Wed, 9 Jul 2014 09:45:29 +0000 (10:45 +0100)]
libxl IDL: generate deep copy functions
Introduces copy_fn for a type.
For most builtin types we can use direct assignment. For those builtin
types which cannot use direct assignment we use the copy functions in
previous patch.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 9 Jul 2014 09:45:27 +0000 (10:45 +0100)]
libxl/gentest.py: test JSON parser
The test is done in following steps:
1. initialise libxl_FOO struct
2. generate JSON string A for libxl_FOO struct FOO1
3. convert JSON string A to libxl_FOO struct FOO2
4. generate JSON string B for libxl_FOO struct FOO2
5. compare A and B
If A and B are identical then we are good.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 9 Jul 2014 09:45:26 +0000 (10:45 +0100)]
libxl IDL: generate code to parse libxl__json_object to libxl_FOO struct
libxl_FOO_parse_json functions are generated.
Note that these functions are used to parse libxl__json_object to
libxl__FOO struct. They don't consume JSON string.
The new function definitions are generated to new header files called
__libxl_types_*_private.h so that they don't contaminate public header.
The suffix "private is chosen so we can avoid clashing with
libxl_types_internal.idl stuffs.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 9 Jul 2014 09:45:25 +0000 (10:45 +0100)]
libxl: clean up namespace violation
In 752f181f ("libxl_json: introduce parser functions for builtin types")
a bunch of parser functions were introduced. Unfortunately they
polluted the public namespace with a prefix "libxl_", while they should
be internal functions.
This patch changes the prefix to "libxl__". No functional change
introduced.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 9 Jul 2014 09:45:24 +0000 (10:45 +0100)]
libxl/gentypes.py: don't generate default values
If a field:
0. is not of aggregate type
and
1. is of array type and the array is not empty
or 2. is of a type which has init_val and has been set to init_val,
or 3. is of builtin type and has been set to internal default value,
or 4. is of a type which has no init_val and has been set to 0
then there's no need to generate output for that field in JSON
output.
Note that 0 can result in output like
{
...
FOO : { }
...
}
where FOO is aggregate type but all its fields are set to default, hence
no JSON output in {} at all. This is not pretty, but it's still valid
JSON. And the parser should be able to skip touching those fields in the
resulting C structures. When the parser consumes that generated JSON
object, all default values should be automatically filled in.
Also change some non-zero init_vals to LIBXL_* for better readability in
generated C code.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 11 Jun 2014 16:35:07 +0000 (17:35 +0100)]
libxl_internal: functions to check default values for builtin types
They will be used in later patch to determine whether we should generate
JSON output for a type. If that type has default value we just skip
generating JSON output.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
GICH_LR_HW doesn't work as expected on X-Gene: request maintenance
interrupts and perform EOIs in the hypervisor for hardware interrupts as
a workaround. Trigger this behaviour with a per platform option.
This patch assumes that GICC_DIR can be written on any pcpu for a given
SPI, not matter where GICC_IAR has been read before.
The file xen/arm/time.c contains some unused code:
- calibrate_timer: firmware already set correctly CNTFRQ. If it's
not the case the device tree will containt a property clock-frequency
in the timer node
- USE_HYP_TIMER: It's set unconditionally to 1. I didn't see any
recent model having issue with the hyp timer. I think we can drop
it safely.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andrew Cooper [Mon, 7 Jul 2014 10:26:48 +0000 (11:26 +0100)]
tools/python: Improve .gitignore and clean Makefile rule
Ignore all intermediate python files, and use find in the clean rule as there
are no Makefiles in subdirectories to participate in a recursive clean.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
When an idle VCPU is running, Xen will never exit the hypervisor mode.
Futhermore, some part of the VCPU/domain initialization is already skipped for
them to avoid memory consumption.
Actually each save/restore functions are checking themself if the vcpu is
an idle one or not. We can safely skipped the context switch in one place
and gain a bit of time when we {,un}schedule idle VCPU. This is because
the saving part will take care of disabling anything related to guest (such
as GICv).
Also replace every check of and idle VCPU in save/restore functions by an
ASSERT, to know if someone is calling them with an idle VCPU in argument.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andrew Cooper [Fri, 4 Jul 2014 16:06:20 +0000 (17:06 +0100)]
tools/xenctx: Correct use of xc_domain_{, un}pause()
The previous code never worked correctly. There was a TOCTOU race between
checking dominfo and pausing the domain.
Since c/s 3eb1c708, Xen properly reference counts pause hypercalls, so
unconditionally pause and unpause the domain.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
projects / xen.git / log