Andrew Cooper [Mon, 11 May 2015 08:42:35 +0000 (10:42 +0200)]
x86/hvm: permit HVM_PARAM_IDENT_PT to be set more than once
There is no conceptual problem with setting this parameter more than once.
Checkpointed migration streams will typically set it once per checkpoint to
the same value.
The parameter is only actually needed on early-generation VT-x which lacked
the unrestricted guest capability, although it could plausibly be used on
newer VT-x with unusual execution control settings. Short circuit the
expensive operations on non VT-x hardware.
The parameter itself must always be latched to avoid issues if the VM
eventually migrates to a host which needs to use the pagetable.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Paul Durrant [Mon, 11 May 2015 08:39:07 +0000 (10:39 +0200)]
x86/hvm: add store and console event channel params to white-list
My recent patch "use white-lists for HVM param guest accessibility checks"
(commit 30efda12d63ff536102ed8e580b4c09765683b44) introduced a regression
when saving and restoring Windows guests running Xen Project PV drivers.
The drivers reset the event channel ABI on resume. This has the effect of
closing the store and console local event channel ports created by the
toolstack. The drivers do not currently use the console port but they
do use the store port and thus, prior to reset, they sample the remote
domain and port and then re-bind the channel - yielding a new and possibly
different local port - after reset. They then store the new local port
value in HVM_PARAM_CONSOLE_EVTCHN. That operation now fails and may
lead to a crash, if using a debug build of the drivers, or a barely
functional connection to xentored if not.
This patch adds HVM_PARAM_STORE_EVTCHN and HVM_PARAM_CONSOLE_EVTCHN to
the guest-settable white-list since either of them can be invalidated
by an event channel ABI reset and thus the guest may indeed need to
write new values to them to make them valid again.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
xen/arm64: Avoid sending SGI when kicking secondary cpus with spin_table
On arm64, either firmware or xen's smp_up_cpu gate uses WFE on secondary
cpus to stand-by when booting. Thus, using SEV is enough for the boot
cpu to kick other secondaries. Further more, the current implementation
of cpu_up_send_sgi would pass a NULL cpumask pointer to send_SGI, which
then lead a data fault on GICv3 send_SGI implementation.
Signed-off-by: Chen Baozi <baozich@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: gic: Refactor the code for creating gic node
Since fdt_begin_node() is called by all gicXX_make_dt_node() to create
the interrupt-controller devicetree node, this patch refactors the call
and moves it inside make_gic_node(). This also matches the fdt_end_node()
call at the end of make_gic_node().
This patch also move the call to gic_make_node() wrapper to be after all
other generic properties are setup. This allows creating sub-node inside
gic_make_node() in order to support v2m sub-node.
Signed-off-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Although in principal #interrupt-cells can vary it must always be 3
for a GIC (and we only support GIC as a guest interrupt controller),
so putting it in common code is OK.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
tools/libxl: Create a per-arch function to map IRQ to a domain
ARM and x86 use a different hypercall to map an IRQ to a domain.
The hypercall to give IRQ permission to the domain has also been moved
to be an x86 specific function as ARM guest won't be able to manage the IRQ.
We may want to support it later.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
xen/passthrough: Extend XEN_DOMCTL_*assign_device to support DT device
A device node is described by a path. It will be used to retrieve the
node in the device tree and assign the related device to the domain.
Only non-PCI devices protected by an IOMMU can be assigned to a guest.
Also document the behavior of XEN_DOMCTL_deassign_device in the public
headers which differ between non-PCI and PCI.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
xen/xsm: Add helpers to check permission for device tree passthrough
This is a follow-up of commit 525ee49 "xsm: add device tree labeling
support" which add support for device tree labelling in flask.
Those helpers will be use latter when non-pci passthrough (i.e device
tree) will be added.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/passthrough: iommu_deassign_device_dt: By default reassign device to nobody
Currently, when the device is deassigned from a domain, we directly reassign
to DOM0.
As the device may not have been correctly reset, this may lead to corruption or
expose some part of DOM0 memory. Also, we may have no way to reset some
platform devices.
If Xen reassigns the device to "nobody", it may receive some global/context
fault because the transaction has failed (indeed the context has been
marked invalid). Unfortunately there is no simple way to quiesce a buggy
hardware. I think we could live with that for a first version of platform
device passthrough.
DOM0 will have to issue an hypercall to assign the device to itself if it
wants to use it.
xen/passthrough: arm: release the DT devices assigned to a guest earlier
The toolstack may not have deassigned every device used by a guest.
Therefore we have to go through the device list and remove them before
asking the IOMMU drivers to release memory for this domain.
This can be done by moving the call to the release function when we
relinquish the resources. The IOMMU part will be destroyed later when
the domain is freed.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Signed-off-by: Robert VanVossen <robert.vanvossen@dornerworks.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen: guestcopy: Provide an helper to safely copy string from guest
Flask code already provides a helper to copy a string from guest. In a later
patch, the new DT hypercalls will need a similar function.
To avoid code duplication, copy the flask helper (flask_copying_string) to
common code:
- Rename into safe_copy_string_from_guest
- Add comment to explain the extra +1
- Return the buffer directly and use the macros provided by
xen/err.h to return an error code if necessary.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Keir Fraser <keir@xen.org>
On x86, an IRQ is assigned in 2 steps to an HVM guest:
- The toolstack is calling PHYSDEVOP_map_pirq in order to create a
guest PIRQ (IRQ bound to an event channel)
- The emulator (QEMU) is calling DOMCTL_bind_pt_irq in order to
bind the IRQ
On ARM, there is no concept of PIRQ as the IRQ can be assigned to a
virtual IRQ using the interrupt controller.
It's not clear if we will need 2 different hypercalls on ARM to assign
IRQ and, for now, only the toolstack will manage IRQ.
In order to avoid re-using a fixed ABI hypercall (PHYSDEVOP_*) for a
different purpose and allow us more time to figure out the right out,
only DOMCTL_{,un}bind_pt_pirq is implemented on ARM.
The DOMCTL is extended with a new type PT_IRQ_TYPE_SPI and only IRQ ==
vIRQ (i.e machine_irq == spi) is supported.
In order to keep the same XSM checks done by the 2 hypercalls on x86,
call both xsm_map_domain_irq & xsm_bind_pt_irq in the ARM implementation.
Note: The toolstack changes for routing an IRQ to a guest will be done
in a separate patch.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Jan Beulich <jbeulich@suse.com>
xen/arm: Release IRQ routed to a domain when it's destroying
Xen has to release IRQ routed to a domain in order to reuse later.
Currently only SPIs can be routed to the guest so we only need to
browse SPIs for a specific domain.
Furthermore, a guest can crash and leave the IRQ in an incorrect state
(i.e has not been EOIed). Xen will have to reset the IRQ in order to
be able to reuse the IRQ later.
Introduce 2 new functions for release an IRQ routed to a domain:
- release_guest_irq: upper level to retrieve the IRQ, call the GIC
code and release the action
- gic_remove_guest_irq: Check if we can remove the IRQ, and reset
it if necessary
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Introduce spi_to_pending in order retrieve the irq_pending structure for
a specific SPI.
It's not possible to re-use irq_to_pending because it's required a VCPU
and some call of the new function may during domain destruction after
the VCPUs are freed.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: Let the toolstack configure the number of SPIs
Each domain may have a different number of IRQs depending on the devices
assigned to it.
Rather than re-using the number of IRQs used by the hardwared GIC, let
the toolstack specify the number of SPIs when the domain is created.
This will avoid wasting memory.
To calculate the number of SPIs, we take advantage of the fact that the
libxl interface can only expose 1:1 mapping and look for the largest SPI
in the list.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Wei Liu <wei.liu2@citrix.com>
Andrew Cooper [Fri, 8 May 2015 12:54:34 +0000 (13:54 +0100)]
tools/libxc: Properly bracket macro parameters
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Yang Hongyang <yanghy@cn.fujitsu.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- s/quoted/bracket/ in the subject ]
Olaf Hering [Thu, 7 May 2015 08:54:26 +0000 (08:54 +0000)]
libxlu: handle NULL pointer in xlu_cfg_destroy
Handle NULL pointer passed to xlu_cfg_destroy. libvirt calls it in its
libxlDriverConfigDispose function. If the XLU_Config was not initialized
yet for some reason a crash would occur on cleanup.
Avoid the crash just like libxl_ctx_free and xtl_logger_destroy do when
called from the same context.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Wei Liu [Fri, 24 Apr 2015 09:03:41 +0000 (10:03 +0100)]
libxl: remove redundant assignment of spawn-xspath
Reported-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
libxl: Add qxl vga interface support for upstream qemu
Usage:
vga="qxl"
Qxl vga support many resolutions that not supported by stdvga,
mainly the 16:9 ones and other high up to 2560x1600.
With QXL you can get improved performance and smooth video also
with high resolutions and high quality.
Require their drivers installed in the domU and spice used
otherwise act as a simple stdvga.
Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> Signed-off-by: Zhou Peng <zpengxen@gmail.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
George Dunlap [Thu, 23 Apr 2015 13:29:40 +0000 (09:29 -0400)]
libxc/xentrace: Use xc_cpumap_t for xc_tbuf_set_cpu_mask
xentrace is the only caller at the moment. Split the cpu and event
mask setting out into seperate functions, but leave the current limit
of 32 bits for masks passed in from the command-line.
Based on a patch from Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
libxl/cpumap: Add xc_cpumap_[setcpu, clearcpu, testcpu] to complement xc_cpumap_alloc.
We export the xc_cpumap_alloc but not the bit operations.
One could include 'xc_bitops.h' but that is naughty - so instead
we just export the proper functions to do it on the xc_cpumap_t
typedef.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
----
v2: Use our own macro to make sure ARM is not affected negatively
v3: Lifted Ian's explanation.
Ian Campbell [Mon, 30 Mar 2015 13:53:35 +0000 (14:53 +0100)]
xen: arm: Annotate registers trapped by MDCR_EL2.TDRA
DBGDRAR and DBGDSAR are actually two cp or sys registers each, one
32-bit and one 64-bit. The cpregs #define is suffixed "64" and
annotations are added to both handlers.
MDRAR_EL1 (arm64 version of DBGDRAR) wasn't handled, so add that here.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Mon, 30 Mar 2015 11:33:49 +0000 (12:33 +0100)]
xen: arm: provide and use a handle_raz_wi helper
Reduces the use of goto in the trap handlers to none.
Some explicitly 32-bit types become register_t here, but that's OK, on
32-bit they are 32-bit already and on 64-bit it is fine/harmless to
set the larger register, a 32-bit guest won't see the top half in any
case.
Per section B1.2.1 (ARMv8 DDI0487 A.d) writes to wN registers are zero
extended, so there is no risk of leaking the top half here.
Unlike the previous code the advancing of PC is handled within the
helper, rather than after the end of the switch as before. So return
as the handler is called.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Mon, 30 Mar 2015 11:18:08 +0000 (12:18 +0100)]
xen: arm: Fix handling of ICC_{SGI1R,SGI0R,ASGI1R}_EL1
Having injected an undefined instruction we don't want to also advance
pc. So return.
The ICC_{SGI0R,ASGI1R}_EL1 case was previously missing a break, so
would have fallen through to the default case and injected a second
undef, corrupting SPSR_EL1 and ELR_EL1 for the guest.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
x86/pvh: use a custom IO bitmap for PVH hardware domains
Since a PVH hardware domain has access to the physical hardware create a
custom more permissive IO bitmap. The permissions set on the bitmap are
populated based on the contents of the ioports rangeset.
Boris Ostrovsky [Fri, 8 May 2015 09:02:41 +0000 (11:02 +0200)]
sysctl: add sysctl interface for querying PCI topology
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
David Vrabel [Fri, 8 May 2015 08:59:44 +0000 (10:59 +0200)]
arm: provide arch_fetch_and_add()
arch_fetch_and_add() atomically adds a value and returns the previous
value.
This generic arm implementation uses the GCC __sync_fetch_and_add()
builtin. This builtin resulted in suitable inlined asm for GCC 4.8.3
(arm64) and GCC 4.6.3 (arm32).
This is needed to implement ticket locks.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Paul Durrant [Thu, 7 May 2015 13:08:43 +0000 (15:08 +0200)]
x86/hvm: use white-lists for HVM param guest accessibility checks
There are actually very few HVM parameters that a guest needs to read
and even fewer that a guest needs to write. Use white-lists to specify
those parameters and also ensre that, by default, newly introduced
parameters are not accessible.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Paul Durrant [Thu, 7 May 2015 13:07:57 +0000 (15:07 +0200)]
x86/hvm: introduce functions for HVMOP_get/set_param allowance checks
Some parameters can only (validly) be set once. Some should not be set
by a guest for its own domain, and others must not be set since they
require the domain to be paused. Consolidate these checks, along with
the XSM check, in a new hvm_allow_set_param() function for clarity.
Also, introduce hvm_allow_get_param() for similar reasons.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Paul Durrant [Thu, 7 May 2015 13:06:25 +0000 (15:06 +0200)]
x86/hvm: give HVMOP_set_param and HVMOP_get_param their own functions
The level of switch nesting in those ops is getting unreadable. Giving
them their own functions does introduce some code duplication in the
the pre-op checks but the overall result is easier to follow.
This patch is code movement (including style fixes). There is no
functional change.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Tue, 5 May 2015 16:01:33 +0000 (18:01 +0200)]
x86: allow 64-bit PV guest kernels to suppress user mode exposure of M2P
Xen L4 entries being uniformly installed into any L4 table and 64-bit
PV kernels running in ring 3 means that user mode was able to see the
read-only M2P presented by Xen to the guests. While apparently not
really representing an exploitable information leak, this still very
certainly was never meant to be that way.
Building on the fact that these guests already have separate kernel and
user mode page tables we can allow guest kernels to tell Xen that they
don't want user mode to see this table. We can't, however, do this by
default: There is no ABI requirement that kernel and user mode page
tables be separate. Therefore introduce a new VM-assist flag allowing
the guest to control respective hypervisor behavior:
- when not set, L4 tables get created with the respective slot blank,
and whenever the L4 table gets used as a kernel one the missing
mapping gets inserted,
- when set, L4 tables get created with the respective slot initialized
as before, and whenever the L4 table gets used as a user one the
mapping gets zapped.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org>
xen/arm64: Use virtual address when setting up early_printk fixmap
We have already switched to the boot pagetable when reaching the point
of early_printk fixmap setup. Thus t is no longer necessary to
calculate physical address of xen_fixmap.
Julien Grall [Tue, 5 May 2015 15:02:09 +0000 (16:02 +0100)]
xen/arm: p2m: Restrict preemption check in apply_p2m_changes
The commit 569fb6c "xen/arm: Data abort exception (R/W) mem_access
events" makes apply_p2m_changes to call hypercall_preempt_check for any
operation rather than for relinquish.
The function hypercall_preempt_check call local_events_need_delivery
which rely on the current VCPU is not an idle VCPU.
Although, during DOM0 building the current VCPU is an idle one. This
would make Xen crash with the following stack trace:
hypercall_preempt_check is expecting to be call only when the current
VCPU belong to a real domain (see x86 behavior).
As the bug prevents Xen booting on some platform, fix it by only check
preemption when the current VCPU is an idle one for now. We could
improve it later.
Reported-by: Riku Voipio <riku.voipio@linaro.org> Signed-off-by: Julien Grall <julien.grall@citrix.com> CC: Tamas K Lengyel <tklengyel@sec.in.tum.de> Acked-by: Ian Campbell <ian.campbell@citrix.com>
David Vrabel [Tue, 3 Jun 2014 13:48:12 +0000 (14:48 +0100)]
docs: libxc migration stream specification
Add the specification for a new migration stream format. The document
includes all the details but to summarize:
The existing (legacy) format is dependant on the word size of the
toolstack. This prevents domains from migrating from hosts running
32-bit toolstacks to hosts running 64-bit toolstacks (and vice-versa).
The legacy format lacks any version information making it difficult to
extend in compatible way.
The new format has a header (the image header) with version information,
a domain header with basic information of the domain and a stream of
records for the image data.
The format will be used for future domain types (such as on ARM).
The specification is pandoc format (an extended markdown format) and the
documentation build system is extended to support pandoc format documents.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Tue, 17 Feb 2015 18:20:23 +0000 (18:20 +0000)]
tools/libxc: common restore code
Restore a domain from the new format. This reads and validates the domain and
image header and loads the guest memory from the PAGE_DATA records, populating
the p2m as it does so.
This provides the xc_domain_restore2() function as an alternative to the
existing xc_domain_restore().
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Sun, 8 Jun 2014 02:03:29 +0000 (03:03 +0100)]
tools/libxc: common save code
Save a domain, calling domain type specific function at the appropriate
points. This implements the xc_domain_save2() API function which is
equivalent to the existing xc_domain_save().
This writes the image and domain headers, and writes all the PAGE_DATA records
using a "live" process.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Sat, 7 Jun 2014 20:17:51 +0000 (21:17 +0100)]
tools/libxc: x86 HVM restore code
Restore the x86 HVM specific parts of a domain. This is the HVM_CONTEXT and
HVM_PARAMS records.
There is no need for any page localisation.
This also includes writing the trailing qemu save record to a file because
this is what libxc currently does. This is intended to be moved into libxl
proper in the future.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Sat, 7 Jun 2014 20:17:33 +0000 (21:17 +0100)]
tools/libxc: x86 HVM save code
Save the x86 HVM specific parts of the domain. This is considerably simpler
than an x86 PV domain. Only the HVM_CONTEXT and HVM_PARAMS records are
needed.
There is no need for any page normalisation.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Sat, 7 Jun 2014 20:17:02 +0000 (21:17 +0100)]
tools/libxc: x86 PV save code
Save the x86 PV specific parts of a domain. This is the X86_PV_INFO record,
the P2M_FRAMES, the X86_PV_SHARED_INFO, the three different VCPU context
records, and the MSR records.
The normalise_page callback used by the common code when writing the PAGE_DATA
records, converts MFNs in page tables to PFNs.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Sat, 15 Mar 2014 20:18:45 +0000 (20:18 +0000)]
tools/libxc: C implementation of stream format
Provide the C structures matching the binary (wire) format of the new
stream format. All header/record fields are naturally aligned and
explicit padding fields are used to ensure the correct layout (i.e.,
there is no need for any non-standard structure packing pragma or
attribute).
Provide some helper functions for converting types to string for
diagnostic purposes.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Thu, 24 Jul 2014 12:05:27 +0000 (13:05 +0100)]
libxc/progress: Extend the progress interface
Progress information is logged via a different logger to regular libxc log
messages, and currently can only express a range. However, not everything
which needs reporting as progress comes with a range. Extend the interface to
allow reporting of a single statement.
The programming interface now looks like:
xc_set_progress_prefix()
set the prefix string to be used
xc_report_progress_single()
report a single action
xc_report_progress_step()
report $X of $Y
The new programming interface is implemented in a compatible way with the
existing caller interface (by reporting a single action as "0 of 0").
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Tue, 1 Jul 2014 18:10:35 +0000 (19:10 +0100)]
tools/libxc: Implement writev_exact() in the same style as write_exact()
This implementation of writev_exact() will cope with an iovcnt greater than
IOV_MAX because glibc will actually let this work anyway, and it is very
useful not to have to work about this in the caller of writev_exact(). The
caller is still required to ensure that the sum of iov_len's doesn't overflow
a ssize_t.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
In old X-Gene Storm firmware and DT, secure mode addresses have been
mentioned in GICv2 node. In this case maintenance interrupt is used
instead of EOI HW method.
This patch checks the GIC Distributor Base Address to enable EOI quirk
for old firmware.
Olaf Hering [Fri, 24 Apr 2015 09:07:14 +0000 (09:07 +0000)]
libxl: convert strings and ints to xenbus_state
Convert all plain ints and strings which are used for xenbus "state"
files to xenbus_state. This makes it easier to find code which deals
with backend/frontend state changes.
Convert usage of libxl__sprintf to GCSPRINTF.
No change in behaviour is expected by this change, beside a small
increase of runtime memory usage in places that used a string constant.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Boris Ostrovsky [Thu, 23 Apr 2015 02:49:18 +0000 (22:49 -0400)]
tools/libxc: Set HVM_PARAM_CONSOLE_EVTCHN during restore
When resuming, the guest needs to check whether the port has changed. HVM
guests use this parameter to get the port number.
(We can't always use xenstore where this value is also written: for example
on Linux the console is resumed very early, before the store is up).
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Kai Huang [Mon, 4 May 2015 10:19:25 +0000 (12:19 +0200)]
p2m/ept: enable PML in p2m-ept for log-dirty
This patch firstly enables EPT A/D bits if PML is used, as PML depends on EPT
A/D bits to work. A bit is set for all present p2m types in middle and leaf EPT
entries, and D bit is set for all writable types in EPT leaf entry, except for
log-dirty type with PML.
With PML, for 4K pages, instead of setting EPT entry to read-only, we just need
to clear D bit in order to log that GFN. For superpages, we still need to set it
to read-only as we need to split superpage to 4K pages in EPT violation.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com> Acked-by: Tim Deegan <tim@xen.org> Acked-by: Kevin Tian <kevin.tian@intel.com>
Kai Huang [Mon, 4 May 2015 10:18:51 +0000 (12:18 +0200)]
log-dirty: refine common code to support PML
Using PML, it's possible there are dirty GPAs logged in vcpus' PML buffers
when userspace peek/clear dirty pages, therefore we need to flush them befor
reporting dirty pages to userspace. This applies to both video ram tracking and
paging_log_dirty_op.
This patch adds new p2m layer functions to enable/disable PML and flush PML
buffers. The new functions are named to be generic to cover potential futher
PML-like features for other platforms.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com> Acked-by: Tim Deegan <tim@xen.org>
Kai Huang [Mon, 4 May 2015 10:17:10 +0000 (12:17 +0200)]
vmx: handle PML enabling in vmx_vcpu_initialise
It's possible domain has already been in log-dirty mode when creating vcpu, in
which case we should enable PML for this vcpu if PML has been enabled for the
domain.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com> Acked-by: Tim Deegan <tim@xen.org> Acked-by: Kevin Tian <kevin.tian@intel.com>
Kai Huang [Mon, 4 May 2015 10:14:15 +0000 (12:14 +0200)]
vmx: add new data structure member to support PML
A new 4K page pointer is added to arch_vmx_struct as PML buffer for vcpu. And a
new 'status' field is added to vmx_domain to indicate whether PML is enabled for
the domain or not.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com> Acked-by: Tim Deegan <tim@xen.org> Acked-by: Kevin Tian <kevin.tian@intel.com>
Kai Huang [Mon, 4 May 2015 10:12:11 +0000 (12:12 +0200)]
vmx: add PML definition and feature detection
The patch adds PML definition and feature detection. Note PML won't be detected
if PML is disabled from boot parameter. PML is also disabled in construct_vmcs,
as it will only be enabled when domain is switched to log dirty mode.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com> Acked-by: Tim Deegan <tim@xen.org> Acked-by: Kevin Tian <kevin.tian@intel.com>
Kai Huang [Mon, 4 May 2015 10:10:41 +0000 (12:10 +0200)]
log-dirty: add new paging_mark_gfn_dirty
PML logs GPA in PML buffer. Original paging_mark_dirty takes MFN as parameter
but it gets guest pfn internally and use guest pfn to as index for looking up
radix log-dirty tree. In flushing PML buffer, calling paging_mark_dirty directly
introduces redundant p2m lookups (gfn->mfn->gfn), therefore we introduce
paging_mark_gfn_dirty which is bulk of paging_mark_dirty but takes guest pfn as
parameter, and in flushing PML buffer we call paging_mark_gfn_dirty directly.
Original paging_mark_dirty then simply is a wrapper of paging_mark_gfn_dirty.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com> Acked-by: Tim Deegan <tim@xen.org>
Kai Huang [Mon, 4 May 2015 10:09:03 +0000 (12:09 +0200)]
vmx: add new boot parameter to control PML enabling
A top level EPT parameter "ept=<options>" and a sub boolean "opt_pml_enabled"
are added to control PML. Other booleans can be further added for any other EPT
related features.
The document description for the new parameter is also added.
Signed-off-by: Kai Huang <kai.huang@linux.intel.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Tim Deegan <tim@xen.org> Acked-by: Kevin Tian <kevin.tian@intel.com>
x86_emulate: fix EFLAGS setting of CMPXCHG emulation
CMPXCHG sets CF, PF, AF, SF, and OF flags according to the results of the
comparison the rAX with the operand of the instruction.
rAX must be the first argument of the comparison (a minuend), the operand
must be the second one (a subtrahend).
Due to improper order of comparison arguments, CF, PF, AF, SF and OF flags were
set incorrectly in the case of inequality. Need to swap them.
Chao Peng [Mon, 4 May 2015 09:54:39 +0000 (11:54 +0200)]
x86: improve psr scheduling code
Switching RMID from previous vcpu to next vcpu only needs to write
MSR_IA32_PSR_ASSOC once. Write it with the value of next vcpu is enough,
no need to write '0' first. Idle domain has RMID set to 0 and because MSR
is already updated lazily, so just switch it as it does.
Also move the initialization of per-CPU variable which used for lazy
update from context switch to CPU starting.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com>
Paul Durrant [Fri, 24 Apr 2015 10:14:23 +0000 (12:14 +0200)]
x86/hvm: implicitly disable an ioreq server when it is destroyed
Currently, unless a (non-default) ioreq server is explicitly disabled before
being destroyed, its gmfns will not be placed back into the p2m but still
released back into the ioreq_gmfn mask. This is somewhat counter-intuitive
and easily remedied by this small patch.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Paul Durrant [Fri, 24 Apr 2015 10:13:48 +0000 (12:13 +0200)]
x86/hvm: actually release ioreq server pages
hvm_free_ioreq_gmfn has the sense of the ioreq_gmfn mask inverted; it
needs to set a bit to release the gmfn, not clear it.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
use 'Hardware domain' instead of 'Domain 0' in hwdom_shutdown()
hwdom_shutdown() operates with hardware domains, use the proper wording.
Eliminate pointless braces from switch cases.
Use hardware_domain->domain_id instead of hardware_domid to print the actual
domain ID as in some cases it can differ (e.g. Dom0 dies before the actual HW
domain got created, kexec for the HW domain is being performed,...).
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Signed-off-by: Jan Beulich <jbeulich@suse.com>
projects / xen.git / log