Keir Fraser [Thu, 11 Dec 2008 13:36:45 +0000 (13:36 +0000)]
Fix BUILD_BUG_ON()
As was noticed on the Linux side, using an array here isn't
appropriate
if the condition is not a compile time constant - gcc allows such
arrays, and hence the intended effect of producing a compiler error is
not achieved in that case. Bit field widths do not know similar
language extensions, and hence always produce a compiler error.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
xen-unstable changeset: 18899:1419a73316e1d75d3e5d7c1530ac6ae7e7bc7fb4
xen-unstable date: Thu Dec 11 11:19:01 2008 +0000
Keir Fraser [Wed, 10 Dec 2008 14:35:38 +0000 (14:35 +0000)]
libxc: Fix memory leak in zlib usage
Any call to inflate() must be followed by inflateEnd(), otherwise the
internal zlib state is leaked.
Signed-off-by: Kevin Wolf <kwolf@suse.de>
xen-unstable changeset: 18892:b73f3646a17fa5fb9fa8edd0a5a4d70dd3353c15
xen-unstable date: Wed Dec 10 13:14:13 2008 +0000
Keir Fraser [Wed, 10 Dec 2008 14:33:28 +0000 (14:33 +0000)]
Fix existence check for MMIO-mapped 16550 UARTs
Changeset 982e6fce0e47 added an existence test for UARTs.
Unfortunately, the existence test happens before MMIO UARTs are
ioremapped, therefore it may not be probing where it thinks it's
probing. Rather than moving more code around, I think it's probably
safe to assume the arch code knows what it's doing if it passes in an
MMIO UART.
Signed-off-by: Alex Williamson <alex.williamson@hp.com>
xen-unstable changeset: 18861:cb289056b5233b6a7799633cefdae41a91f8e071
xen-unstable date: Thu Dec 04 11:36:18 2008 +0000
Keir Fraser [Tue, 4 Nov 2008 13:15:11 +0000 (13:15 +0000)]
x86: Fix GRANT_PTE_FLAGS.
Since page table entries created through e.g. GNTTABOP_map_grant_ref
are being passed through adjust_guest_l1e(), they must not generally
get _PAGE_USER set - this will be taken care of by adjust_guest_l1e(),
and it will ensure that these don't get _PAGE_GLOBAL set
inadvertently.
Due to the implied security aspect here (_PAGE_GLOBAL getting set on
kernel pages for x86-64), I'd like to ask that this also be applied to
older maintained branches.
At the same time, set _PAGE_NX for pte-s created for grants (as long
as hardware supports it), since it should be only data pages that
remote
domains are being given access to.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
xen-unstable changeset: 18748:4ec25db9326a7e7f64a8471cbfd7b5852484757c
xen-unstable date: Mon Nov 03 10:32:54 2008 +0000
Keir Fraser [Tue, 4 Nov 2008 13:14:23 +0000 (13:14 +0000)]
x86: relax restrictions on reserved bits in L3 for 32on64 x86 guests
A 32on64 guest cannot copy an existing pinned L3 entry to use as a new
L3 because COMPAT_L3_DISALLOW_MASK contains bits which are added to L3
entries by adjust_guest_l3e (U/S & R/W) or by the hardware (A & D).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 18714:3ff349c7aeb77a0a66a53dd409751e3574a4742b
xen-unstable date: Mon Oct 27 10:08:48 2008 +0000
Keir Fraser [Tue, 21 Oct 2008 11:06:53 +0000 (12:06 +0100)]
vmx: avoid taking locks with irqs disabled
Shuffle the bits of the vmexit handler that run with EFLAGS.IF == 0 up
to the top. Otherwise we end up calling spin_lock() with interrupts
disabled, which can deadlock against the time-synchronization
rendezvous code.
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
xen-unstable changeset: 18658:824892134573b05573ca1945757bb2a99e220a02
xen-unstable date: Mon Oct 20 15:31:54 2008 +0100
Keir Fraser [Tue, 21 Oct 2008 11:06:23 +0000 (12:06 +0100)]
x86: add movnti emulation
Linux added the use of movnti for copying from user to kernel space in
certain cases, and as per reports we got this may happen with the
destination being in MMIO.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
xen-unstable changeset: 18657:c4be040bef6faa4a1eae4ce71636cc1ae88a9f35
xen-unstable date: Mon Oct 20 15:22:58 2008 +0100
Keir Fraser [Thu, 16 Oct 2008 17:26:50 +0000 (18:26 +0100)]
x86/mm: Use l1e_get_pfn() in destroy_grant_pte_mapping().
On x86_64 system, (pte >> PAGE_SHIFT) is not always equal to page
frame number because high bits (63:52) of pte may be used as
flags. This patch corrects the conversion and errors as below
disappear when applied.
(XEN) mm.c:3074:d0 PTE entry 200000a2ec6167 for address a1f09958
doesn't match frame a2ec6
Keir Fraser [Thu, 16 Oct 2008 17:24:40 +0000 (18:24 +0100)]
xend: Move some backend configuration info.
This patch moves some dom0 variables and backend device
configuration from frontend directories to
/local/domain/<backdomid>/backend or /vm.
Also,
- /vm_path/<domid> is introduced, referencing the /vm path
- /vm_path/device/backend holds the backend device location,
rather than storing it in the frontend directory
xend: Make only selected subdirs of /local/domain/<domid> writable by
the guest.
This protects critical data like
/local/domain/<domid>/console/{tty,limit}. It also means we can trust
.../vm, and hence do not need /vm_path. Various parts of the previous
two changesets disappear.
Keir Fraser [Thu, 16 Oct 2008 17:16:19 +0000 (18:16 +0100)]
x86: change _PAGE_GNTTAB
Since Linux started to use one of the 3 low available bits, _PAGE_IO
needed to be moved to a different one. Not remembering about
_PAGE_GNTTAB in debug hypervisors, I ended up assigning it to the same
bit, which made the kernel fail on the debug hypervisor. However,
rather than fixing the kernel it seems more appropriate for the
hypervisor to stay away from these bits, not the least because its
definition was anyway accompanied by a warning that this may be
incompatible with certain OSes.
While obviously the hypervisor has to use some bit (and it's therefore
unavoidable that there's some risk of collision), using one of the
high available bits seems to be the better choice over using one of
the three low ones. Since in 32-bit mode these bits are reserved, the
patch disables the functionality here. The only reasonable alternative
I would see is to disable the functionality by default, but add a
command line option to specify which bit to use.
This small patch fixes an issue leading to a crash (segfault, although
with earlier changesets I was seeing sigbus - not sure what changed)
in qemu-dm when the following conditions occur:
1. A valid mapping for a bucket on a low address exists
2. Immediately after accessing memory mapped in this bucket, an access
occurs to a high (beyond assigned ram) address beyond the 1GB limit
for 32bit map cache wrapping around to the previous bucket's entry
number.
3. The next call to map cache again accesses the low address.
In this scenario, the guest mem for the low bucket has been unmapped
by the remap_bucket caused by 2., but because the valid_mapping
bit-test fails, map_cache returns before last_address_index has been
updated. The subsequent call to map_cache therefore never remaps the
low, valid bucket and instead returns a vaddr pointing to memory that
has failed to get mapped.
Fix HVM guest's save/restore by ignoring the null cdrom string
When we use qcow in hvm config file, like
disk=['tap:qcow:/img/qcow.img,hda,w',',hdc:cdrom,r'],
HVM guest restore would fail.
The patch fixes the issue by ignoring the null cdrom string.
Keir Fraser [Thu, 28 Aug 2008 10:58:12 +0000 (11:58 +0100)]
tools/xenmon/Makefile: Move LDFLAGS after $<
gcc expects libraries needed for object files to be specified after
the object. Linking usually does not fail, unless it is optimized (for
instance, using -Wl,-as-needed).
The related Gentoo bug is 135145 [ https://bugs.gentoo.org/135145 ].
From: Robert Buchholz <rbu@gentoo.org> Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 18386:ab8212bd5604f58635e2b8bc6ffec6eddd211cf9
xen-unstable date: Wed Aug 27 15:02:38 2008 +0100
Keir Fraser [Thu, 28 Aug 2008 10:56:19 +0000 (11:56 +0100)]
Fall back to a timer linked list when the timer heap overflows. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 18381:070688cdf62c7a1ed78404e5277ece18a9b88364
xen-unstable date: Wed Aug 27 13:24:35 2008 +0100
Keir Fraser [Thu, 28 Aug 2008 10:48:36 +0000 (11:48 +0100)]
x86: Assert in_irq() while processing guest-bound interrupts.
Actually a fair amount of infrastructure is onvolved these days, and
we'd like subsystems we call into know that we're in IRQ context so
they can handle that or BUG/ASSERT if appropriate.
Keir Fraser [Thu, 14 Aug 2008 09:21:30 +0000 (10:21 +0100)]
Fix restore crash with certain guest memory sizes
This fixes a crash when restoring guests with certain memory sizes (eg
223MB). The ROUNDUP in the call to memcpy, was the main offender, but
I didn't care for the inplace resizing of the p2m entries either.
Signed-off-by: Bruce Rogers <brogers@novell.com>
xen-unstable changeset: 18329:ca7dd77d53652aa55be27746540ec50cb9608ec4
xen-unstable date: Thu Aug 14 10:18:08 2008 +0100
This changeset is back-ported from xen-unstable. Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
The original description of the changeset is:
vtd: Various cleanups and fixes:
* Handle DRHDs with different supported AGAWs. To support this we
create page tables which always have 4 levels, and skip top levels
for units which support only 2 or 3 levels.
* Handle systems with mixed DRHD support for cache snooping. We must
pessimistically CLFLUSH if any DRHD does not support snooping.
Considering Xen 3.2, for 32-bit Xen, maddr_to_virt() can not be used
in print_vtd_entries() since the pages (except the pgd) are allocated
from domheap.
VT-d: remove Xen and tboot range from dom0's VT-d table
This a step forward to fix the security hole introduced by dom0's 1:1
mapping VT-d table: remove the critical code and data from it. The
more flexible solution is to update dom0's VT-d table on demand as
what will be done for other PV domains. However, there could bring a
performance issue even with software optimization. Iotlb flush of some
hardware is time-consuming.
Fix 17725:c0c0f4fa8850: use type paddr_t instead of unsigned long for
physcial memory address Otherwise, the address overflows on PAE system
with memory size > 4G.
USB controller RMRR (0xed000 - 0xeffff) conflicts with HVM guest bios
region. Setting identity mapping for it will cover the guest bios
region in p2m table. This causes system crash.
As VT-d spec says, USB controller RMRR is used in case of DMA
performed by a USB controller under BIOS SMM control for legacy
keyboard emulation. Whereas, current guest BIOS doesn't support
emulating stardand Keyboard/mouse, and it also doesn't support SMM
mode. Actually it is no chance to use USB controller RMRR now.
This patch ignores the USB controller RMRR for HVM guest.
Signed-off-by: Weidong Han <weidong.han@intel.com>
xen-unstable changeset 17248:70f9a2110421cc6f4ce066eb80d4c639a28643bd
xen-unstable date: Wed Mar 19 10:22:49 2008 +0000
Keir Fraser [Fri, 27 Jun 2008 16:04:41 +0000 (17:04 +0100)]
hvm rombios: Move function calls out of 'post' function section
Through recent additions to the rombios the code section of the post
function has filled up considerably. When I enable the BX_TCGBIOS
compile time option the BIOS crashes since the post section code
(starts at $e05b) spills over into the nmi entry point (starts at
$e2c3). as86 doesn't cause an error when building.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
xen-unstable changeset: 17901:3edc443ae8ce80742db2e2a90a260ffac1a7377e
xen-unstable date: Fri Jun 27 14:43:29 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 16:04:10 +0000 (17:04 +0100)]
hvmloader: Set up any Intel ICH for legacy IDE. Signed-off-by: Li Zhang <li.zhang@intel.com>
xen-unstable changeset: 17897:be52424a543ec9f1437056ee3bf429a4c48a4ea9
xen-unstable date: Fri Jun 27 14:15:11 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 16:01:31 +0000 (17:01 +0100)]
x86 acpi: Clean up output tracing. Ensure it is synced to serial line
before entering Sx state. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17883:ad156e312aefd4deca7d968c13a6b9ed0ece45f8
xen-unstable date: Fri Jun 20 15:21:04 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 16:00:59 +0000 (17:00 +0100)]
ioemu: Fix usbdevice parameter to encode vbd type.
usbdevice = "disk:<filename>"
expect a raw device (as this probably is the most usual case) and
usbdevice = "disk-qcow:<filename>"
expect a COW image (autodetected, probably qcow2).
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen-unstable changeset: 17877:52592af0204a55abd0898b1fbe390a55036079e2
xen-unstable date: Wed Jun 18 11:55:34 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 15:59:50 +0000 (16:59 +0100)]
ioemu: Disable format auto-probing in monitor command change
Format auto-probing of writable images is a security hole. The last
known remaining instance is monitor command change. Disable probing
there and use raw. This breaks change for images in all other
formats.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
xen-unstable changeset: 17874:9493a853df9ef0c17c6fb12efdcc86c5d67c7e03
xen-unstable date: Wed Jun 18 09:39:14 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 15:59:11 +0000 (16:59 +0100)]
vmx: Allow restore of context from a non-Intel processor. In
particular, VMX requires segment 'granularity' to be set correctly, so
we force it if need be in vmx_set_segment_register().
Keir Fraser [Tue, 17 Jun 2008 10:11:21 +0000 (11:11 +0100)]
vmx realmode: HOST_CR0.TS must be cleared when restoring guest FPU
state, otherwise in-Xen CR0.TS value becomes set again on next
vmexit. Then we crash the next time we try to emulate an FPU
instruction. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 16970:aecbf98aa7099458fe6895bbd8f15d506e0901b3
xen-unstable date: Sun Feb 03 09:30:59 2008 +0000
Keir Fraser [Mon, 16 Jun 2008 10:54:27 +0000 (11:54 +0100)]
x86_emulate: Fix the segment-load function
Fix the non-conforming type check and uses the consistent method to
fetch the cpl value as function get_cpl().
Also make sure vm86 mode is properly handled when determining whether
in real mode or protected mode -- in various respects vm86 mode can
act like both.
Keir Fraser [Thu, 12 Jun 2008 17:31:19 +0000 (18:31 +0100)]
x86: machine_halt() forcibly re-enables IRQs as it may be called from
panic() which itself may be called in an IRQ-safe critical section. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17837:a3319f32496fd93a545fc354ce3944072cc32e5e
xen-unstable date: Thu Jun 12 16:09:08 2008 +0100
Keir Fraser [Thu, 12 Jun 2008 17:30:53 +0000 (18:30 +0100)]
x86/32on64: fix physical address restriction
The allocation bit size setting wasn't working anymore after the
recent fix to properly use PAGE_SHIFT instead of PAGE_SIZE. This was
because the bit size implies a power-of-two range that's accessible,
but if all memory is accessible anyway (and its upper boundary is not
a power of two), the domain would either be needlessly restricted or
wouldn't be able to allocate as much memory as was intended for it
(specifically the case for Dom0 without dom0_mem= boot
parameter). Consequently, don't restrict the bit width if all memory
can be accessed.
To avoid needing to adjust this code in two places in the future (it
may need further touching when memory hotplug gets supported), fold
the logic into a function.
Signed-off-by: Jan Beulich <jbeulich@novell.com> Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17836:52c0117dd37446bef59e82de133a85a6565b237f
xen-unstable date: Thu Jun 12 16:05:35 2008 +0100
Keir Fraser [Thu, 12 Jun 2008 17:29:27 +0000 (18:29 +0100)]
Allow older PAE Linux guests to access entire compat m2p.
Older PAE guests (prior to xen-unstable.hg 8924:229c602a075a, Feb
2006, this includes some vendor's kernel in the field) use a limit of
0xf6800000 on their code and data segments (i.e. up to the end of the
read-only m2p table).
Newer kernels use a limit of 4G and rely on the hypervisor to clamp to
the actual maximum allowed. 32on64 mode takes advantage of this to
allow a larger m2p than would fit in the PAEonPAE sized hole.
This means that PAE guests with the hardcoded low limit cannot run on
top of a 64 bit hypervisor on a host machine which has more than 16G
of RAM. Fix this by extending any code or data segment which ends
above the start of the hypervisor hole for that guest.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 17809:09dd5492651c34f7cf863683f2ddbca868340eef
xen-unstable date: Mon Jun 09 17:18:27 2008 +0100
Keir Fraser [Mon, 9 Jun 2008 09:11:47 +0000 (10:11 +0100)]
[BUILD] Disable LOCALVERSION_AUTO in upstream Linux builds.
If this option is enabled then the Xen mercurial version ID gets
tacked onto the kernel version (e.g. 2.6.24-git22-hg2593b69b183b)
which is unlikely to be useful or desirable. All the trees which we
build using this method already have uniquely identifying versions
(e.g. 2.6.24-git22 or 2.6.24-mm1).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 17031:761604c6136decb122bb1a45a19de15fa4080cbc
xen-unstable date: Tue Feb 12 14:59:22 2008 +0000
Keir Fraser [Mon, 9 Jun 2008 09:11:22 +0000 (10:11 +0100)]
[BUILD] Fixup support for building upstream kernels.
In particular:
- support merged x86 architecture. To facilitate this it made sense
to encode some existing logic in shell scripts rather than
increasing complicated make conditionals.
- set CONFIG_PARAVIRT_GUEST=y which is required for newer kernels.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 17030:419a141ca16d7b248805addb0465a6b48e9723dc
xen-unstable date: Tue Feb 12 14:59:01 2008 +0000
projects / people / vhanquez / xen.git / log