Currently, the driver uses the APIC ID to index into the ioapic_sbdf array.
The current MAX_IO_APICS is 128, which causes the driver initialization
to fail on the system with IOAPIC ID >= 128.
Instead, this patch adds APIC ID in the struct ioapic_sbdf,
which is used to match the entry when searching through the array.
Also, this patch removes the use of ioapic_cmdline bit-map, which is
used to track the ivrs_ioapic options via command line.
Instead, it introduces the cmdline flag in the struct ioapic_sbdf,
to identify if the entry is created during ivrs_ioapic command-line parsing.
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Cédric Bosdonnat [Thu, 10 Nov 2016 16:46:00 +0000 (17:46 +0100)]
libxl: fix gentypes call in Makefile
From the make documentation:
"$* [...] If the target is `dir/a.foo.b' and the target pattern is
`a.%.b' then the stem is `dir/foo'. In a static pattern rule, the
stem is part of the file name that matched the `%' in the target
pattern."
The rule generating the c types files from the idl ones is not
a static pattern rule, but rather an implicit rule. Thus the value
of $* is preceded by the file path, instead of only what matches %.
In order to get this fixed, drop the path using a $(notdir $*).
Signed-off-by: Cédric Bosdonnat <cbosdonnat@suse.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Commit 20b75251d9721d9c050a973c02baac396c794ade introduced an erroneous
negation which gave the isstubdom bool the opposite semantics, causing
the subsequent code to take the wrong code path, which breaks HVM
pci-passthrough.
Paul Durrant [Mon, 12 Dec 2016 08:49:10 +0000 (09:49 +0100)]
x86/hvm: don't unconditionally create a default ioreq server
Avoid doing so if the domain is not under construction.
If upstream QEMU is in use then it will explicitly create an ioreq server
rather than implicitly creating the default ioreq server, which is a
side-effect of reading HVM_PARAM_IOREQ_PFN, HVM_PARAM_BUFIOREQ_PFN,
or HVM_PARAM_BUFIOREQ_EVTCHN (as is done by legacy QEMUs).
However, if the domain is subsequently saved/migrated then those parameters
are read and hence the default server will be unnecessarily instantiated.
This patch adds an extra check of the 'creation_finished' flag when those
HVM params are read and will only instantiate the server if the domain is
under construction, which will always be the case when QEMU is invoked.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Tested-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Mon, 12 Dec 2016 08:41:57 +0000 (09:41 +0100)]
x86emul: use SrcEax/DstEax where suitable for string insns
LODS, SCAS, and STOS all use the accumulator as one of their operands.
This avoids some open coding of things, but requires switching around
operands of SCAS.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Mon, 12 Dec 2016 08:40:06 +0000 (09:40 +0100)]
x86emul: move some of the early operand adjustments
As said in the code comment being added, only adjustments affecting
further processing prior to the x86_decode_*() calls really belong into
x86_decode() itself.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Mon, 12 Dec 2016 08:38:50 +0000 (09:38 +0100)]
x86emul: derive vcpu_must_have() from vcpu_has()
... to avoid introducing further redundancy when adding further feature
flag checks, and to bring its use better in line with its host_and_*()
sibling.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Mon, 12 Dec 2016 08:34:09 +0000 (09:34 +0100)]
make tlbflush_filter()'s first parameter a pointer
This brings it in line with most other functions dealing with CPU
masks. Convert both implementations to inline functions at once.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Julien Grall <julien.grall@arm.com>
Andrew Cooper [Sun, 2 Oct 2016 16:28:11 +0000 (17:28 +0100)]
x86/hvm: Move hvm_hypervisor_cpuid_leaf() handling into cpuid_hypervisor_leaves()
This reduces the net complexity of CPUID handling by having all adjustments in
the same place. Remove the now-unused hvm_funcs.hypervisor_cpuid_leaf()
infrastructure.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Sun, 2 Oct 2016 16:28:11 +0000 (17:28 +0100)]
x86/hvm: Move hvm_funcs.cpuid_intercept() handling into hvm_cpuid()
This reduces the net complexity of CPUID handling by having all adjustments in
the same place. Remove the now-unused hvm_funcs.cpuid_intercept
infrastructure.
The SYSCALL feature hiding is tweaked when moved. In principle, an
administrator can choose to explicitly hide the SYSCALL feature from the
guest, as it has a separate feature bit. If this is the case, the feature
shouldn't be set behind the back of the administrators wishes. (Not that many
64bit OSes would function in this scenario.) In reality, SYSCALL will always
be set in edx at this point.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Tue, 4 Oct 2016 19:35:45 +0000 (20:35 +0100)]
x86/vpmu: Remove core2_no_vpmu_ops
core2_no_vpmu_ops exists solely to work around the default-leaking of CPUID/MSR
values in Xen.
With CPUID handling removed from arch_vpmu_ops, the RDMSR handling is the last
remaining hook. Since core2_no_vpmu_ops's introduction in c/s 25250ed7 "vpmu
intel: Add cpuid handling when vpmu disabled", a lot of work has been done and
the nop path in vpmu_do_msr() now suffices.
vpmu_do_msr() also falls into the nop path for un-configured or unprivileged
domains, which enables the removal the duplicate logic in priv_op_read_msr().
Finally, make all arch_vpmu_ops structures const as they are never modified,
and make them static as they are not referred to externally.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Fri, 9 Dec 2016 14:51:18 +0000 (15:51 +0100)]
x86emul: consolidate loop counter handling
Rename _get_rep_prefix() to make it more visibly fit other use cases
and introduce a companion "put". Use them for repeated string insn
handling as well as LOOP/J?CXZ instead of open coding the same logic a
couple of times.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Since I stumbled across this while looking for further constification
opportunities, also correct the insn_fetch() related comment.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 9 Dec 2016 11:04:49 +0000 (12:04 +0100)]
x86emul: defer rIP-relative address calculation
By putting it after all instruction fetching has been done, we can both
simplify the existing handling of immediate operands and take care of
any future instructions allowing rIP-relative operands and getting
additional bytes fetched in x86_decode_*() (the current cases of extra
bytes getting fetched there are only for operands without ModR/M bytes,
or with them only allowing their register forms).
Similarly the new placement of truncate_ea() will take care of any
future cases of non-standard memory operands (the one existing case -
opcodes A0...A3 - are fine with and without this, as they fetch an
ad_bytes sized unsigned address anyway).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 9 Dec 2016 11:04:23 +0000 (12:04 +0100)]
x86emul: avoid undefined behavior when dealing with 10-byte FPU operands
Accessing an 8-byte (or perhaps just 4-byte in the test harness when
built as 32-bit app) field to read/write 10 bytes (leveraging the
successive field) is a latent bug, as the compiler could copy things
around. Use the 32 bytes large SSE/AVX slot instead.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 9 Dec 2016 11:03:48 +0000 (12:03 +0100)]
x86emul: reduce FPU handling code size
Pulling out the {get,put}_fpu() invocations from individual emulation
paths leads to a couple of kb code size reduction in my builds. Note
that this is fine exception-wise:
- #UD and #NM have implementation defined order relative to one
another,
- data read #GP/#SS/#PF now properly are delivered after #NM/#UD.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Consolidate the copying of ea to dst: There's no need to set the type
to OP_MEM, and instead the load cases setting it to OP_NONE allows the
copying to be done just once per major opcode.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 9 Dec 2016 11:02:45 +0000 (12:02 +0100)]
x86emul: simplify FPU source operand handling
Consistently use ea instead of src for passing the memory address to
->read(). This eliminates the need to copy ea to src, resulting in a
couple of hundred bytes smaller binary size.
In addition for opcode DE we can leverage SrcMem16 to eliminate a call
of the ->read() hook. At the same time drop the stray Mov attributes
from D8, DA, DC, and DE: They're meaningful for memory writes only.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 9 Dec 2016 11:02:12 +0000 (12:02 +0100)]
x86emul: extend / amend supported FPU opcodes
First of all there are a number of secondary encodings both Intel and
AMD support, but which aren't formally documented. See e.g.
www.sandpile.org/x86/opc_fpu.htm for inofficial documentation.
Next there are a few more no-ops - instructions which served a purpose
only on 8087 or 287.
Further switch from fail_if() to raising of #UD in a couple of places
(as the decoding of FPU opcodes should now be complete except where
explicitly marked as todo).
Also adjust a few comments.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Thu, 8 Dec 2016 15:41:12 +0000 (16:41 +0100)]
Revert "libelf: treat phdr and shdr similarly"
This reverts commit a01b6d464f05dadf28bfd38612283bd1848f1350
as needing further adjustment (namely to properly avoid a
divide by zero issue spotted by Coverity and reported by
Andrew).
Jan Beulich [Thu, 8 Dec 2016 11:22:33 +0000 (12:22 +0100)]
x86emul: simplify {,i}{mul,div} fix
Commit 75066cd4ea ("x86emul: fix {,i}mul and {,i}div") can be had with
less code: Simply do the destination register override depending on
DstEax being in effect (the four other ModRM.reg encoded operations of
these two opcodes all use DstMem).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Julien Grall [Wed, 7 Dec 2016 12:33:53 +0000 (12:33 +0000)]
xen/arm: vgic-v3: Allow AArch32 guest booting with GICv3
AArch32 guest will use co-processor registers to access the GICv3 (see
8.5 in IHI 0069C). Some of the registers have to be trapped and emulated
(e.g ICC_SGI1R), this is the purpose of this patch.
The rest of the emulation already supports access required for AArch32
so nothing has to be changed there.
Note this is only enabling 32-bit guest using GICv3 on Xen ARM64. Further
work would be required to compile GICv3 and vGICv3 for Xen ARM32.
Julien Grall [Wed, 7 Dec 2016 12:33:52 +0000 (12:33 +0000)]
xen/arm: vgic-v3: Move the emulation of ICC_SGI1R_EL1 in a separate helper
The emulation of the co-processor register ICC_SGI1R is the same as the
system register ICC_SGI1R_EL1. So move the emulation outside and use the
newly introduced helper vreg_emulate_sysreg64 to abstract the access.
Julien Grall [Wed, 7 Dec 2016 12:33:50 +0000 (12:33 +0000)]
xen/arm: vreg: Introduce vreg_emulate_cp{32,64}
Factorize the code to emulate 32-bit and 64-bit access to a co-processor
in specific helpers.
The new helpers will be used in different components to simplify the
emulation.
Finally, the prototypes for the callbacks to emulate 32-bit and 64-bit
co-processor access are the same as the sysreg one. Rather than
introducing new ones, repurpose the existent prototypes.
Julien Grall [Wed, 7 Dec 2016 12:33:47 +0000 (12:33 +0000)]
xen/arm: vgic: Clean-up the sysreg emulation
Couple of clean-up for the vgic sysreg emulation:
- Reference the public documentation rather than a non-public one
- Let the vgic emulation decides whether a register needs to be
emulated
- Drop unnecessary debug printk. They don't bring much information
and can be misleading (vGICv2 does not support those registers)
Julien Grall [Wed, 7 Dec 2016 12:33:44 +0000 (12:33 +0000)]
xen/arm: vgic: Switch from bool_t to bool
Since commit 9202342 "xen/build: Use C99 booleans", bool_t is an alias
to bool. Going forward, therer is a preference to use bool rather than
bool_t. Also replace 0 and 1 by false and true when relevant.
Julien Grall [Wed, 7 Dec 2016 12:33:43 +0000 (12:33 +0000)]
xen/arm: traps: Switch from bool_t to bool
Since commit 9202342 "xen/build: Use C99 booleans", bool_t is an alias
to bool. Going forward, there is a preference to use bool rather than
bool_t. Also replace 0 and 1 by true and false when relevant.
Remove useless smp_wmb() barrier after cpumask_set_cpu(cpuid,
&cpu_online_map), which is not synchronizing against anything.
Keep the other smp_wmb(), before the cpumask_set_cpu call, to ensure
that all writes before setting the cpu online are visible to other cpus.
For that to work properly, we need a corresponding smp_rmb() barrier,
after reading the online cpumask from other processors, which is
currently missing. Add it.
Ian Jackson [Mon, 5 Dec 2016 12:28:33 +0000 (12:28 +0000)]
misc/release-checklist: Import from xenbits:~xen/release-checklist
This checklist is what we use when releasing, branching, and making
tarballs. Right I want to commit an exact copy of the live copy kept
on xenbits outside version control. I am fed up of maintaining this
outside version control, and probably xen.git is the best place to put
it.
I have reviewed the contents and while it contains much that might be
considered embarrassing, it doesn't contain any secrets :-).
I suggest that:
* This file should live in misc/ rather than docs/ on the grounds
that no-one else is likely to ever want it.
* We maintain the copy in xen.git#staging as the master copy for all
branches. When things change they are more often changes to
infrastructure organisation and so on. So the file will continue
to contain explicit treatment for old Xen branches.
* We will not retain information about branches which are out of
security support. (So some of what is there can be deleted at our
leisure.)
* This file will be maintained by the release technicians (currently
mostly that means me, although others have done some parts of the
task) and commits will be made by release technicians without
further review or acks.
Please argue about the filename :-).
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> CC: George Dunlap <George.Dunlap@eu.citrix.com> CC: Jan Beulich <jbeulich@suse.com> CC: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Tim Deegan <tim@xen.org> CC: Wei Liu <wei.liu2@citrix.com>
Roger Pau Monné [Wed, 7 Dec 2016 16:13:59 +0000 (17:13 +0100)]
libacpi: don't announce a 8042 controller in the FADT for PVHv2 guests
There's no such controler available for PVHv2 guests.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Roger Pau Monné [Wed, 7 Dec 2016 16:10:37 +0000 (17:10 +0100)]
libacpi: set FADT boot flag to notify lack of VGA for PVHv2 guests
PVHv2 guests don't have any VGA card, and as so it must be notified in the FADT.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Roger Pau Monné [Wed, 7 Dec 2016 16:07:09 +0000 (17:07 +0100)]
libacpi: add _FADT_ to the FADT boot flags definitions
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Wed, 7 Dec 2016 14:39:03 +0000 (15:39 +0100)]
x86emul: correct and extend IDT entry checks
In order to pre-determine whether a fault will occur upon software
interrupt injection, it is not sufficient to just check P and DPL. Do
at least all the checks on the IDT entry itself, and in particular do
the #NP check last. The checks for the new CS (and perhaps SS) are left
out for now, though.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citirix.com>
Jan Beulich [Wed, 7 Dec 2016 13:39:08 +0000 (14:39 +0100)]
x86emul: don't assume a memory operand
Especially for x86_insn_operand_ea() to return dependable segment
information even when the caller didn't consider applicability, we
shouldn't have ea.type start out as OP_MEM. Make it OP_NONE instead,
and set it to OP_MEM when we actually encounter memory like operands.
This requires to eliminate the XSA-123 fix, which has been no longer
necessary since the elimination of the union in commit dd766684e7. That
in turn allows restricting the scope of override_seg to x86_decode().
At this occasion also make it have a proper type, instead of plain int.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Daniel Kiper [Wed, 7 Dec 2016 13:37:34 +0000 (14:37 +0100)]
x86: properly calculate xen ELF end of image address
This patch is prereq for "efi: build xen.gz with EFI code" patch which adds,
among others, xen/arch/x86/efi/relocs-dummy.S to xen.gz output. Below there
is a description why it is needed.
Currently xen ELF end of image address is calculated using first line from
"nm -nr xen/xen-syms" output. However, potentially it may contain symbol
address not related to the end of image in any way. It can happen if a symbol
is introduced with address larger than _end symbol address. Such situation
encountered when I linked xen ELF binary with xen/arch/x86/efi/relocs-dummy.S.
Then first line from "nm -nr xen/xen-syms" contained "ffff82d0c0000000 A ALT_START"
and xen ELF image memory size was silently set to 1023 MiB. This issue happened
because there is no check which symbol address is used to calculate end of
image address. So, let's fix it and take ELF end of image address by reading
__2M_rwdata_end symbol address from nm output. This way xen ELF image build
process is not prone to changes in order of nm output.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Daniel Kiper [Wed, 7 Dec 2016 13:36:11 +0000 (14:36 +0100)]
efi: create efi_enabled()
First of all we need to differentiate between legacy BIOS
and EFI platforms during runtime, not during build, because
one image will have legacy and EFI code and can be executed
on both platforms. Additionally, we need more fine grained
knowledge about EFI environment and check for EFI platform
and EFI loader separately to properly support multiboot2
protocol. In general Xen loaded by this protocol uses memory
mappings and loaded modules in similar way to Xen loaded by
multiboot (v1) protocol. Hence, create efi_enabled() which
checks available features in efi_flags. This patch defines
EFI_BOOT, EFI_LOADER and EFI_RS features. EFI_BOOT is equal
to old efi_enabled == 1. EFI_RS ease control on runtime
services usage. EFI_LOADER tells that Xen was loaded
directly from EFI as PE executable.
Suggested-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Wed, 7 Dec 2016 12:54:41 +0000 (13:54 +0100)]
x86/HVM: drop hvm_emulate_one_no_write()
It was pointlessly non-static, and being static and a simple wrapper it
can as well be folded into its single caller.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 7 Dec 2016 12:53:50 +0000 (13:53 +0100)]
libelf: treat phdr and shdr similarly
Just like elf_shdr_count(), elf_phdr_count() better bounds checks the
value.
Add table entry size checks to elf_init().
Also both program and section headers are optional, and hence their
checking better is done conditionally only when any such headers are
present.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Jan Beulich [Wed, 7 Dec 2016 12:53:28 +0000 (13:53 +0100)]
libelf: type adjustments
Don't needlessly use uint64_t when unsigned suffices.
Also don't open code elf_phdr_count() and replace a redundant call to
elf_shdr_count().
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Jan Beulich [Wed, 7 Dec 2016 12:52:59 +0000 (13:52 +0100)]
libelf: use UINT_MAX
While Xen indeed doesn't have limits.h, it still does have UINT_MAX, so
we should avoid open coding it (and perhaps - even if unlikely -
getting it wrong).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Jan Beulich [Wed, 7 Dec 2016 12:52:35 +0000 (13:52 +0100)]
libelf: section index 0 is special
When iterating over sections, table entry zero needs to be ignored.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Jan Beulich [Wed, 7 Dec 2016 12:49:08 +0000 (13:49 +0100)]
x86/HVM: prefer structure assignment for seg reg copying
This makes things type safe.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cédric Bosdonnat [Mon, 28 Nov 2016 13:53:57 +0000 (14:53 +0100)]
libxl: invert xc and domain model resume calls in xc_domain_resume()
Resume is sometimes silently failing for HVM guests. Getting the
xc_domain_resume() and libxl__domain_resume_device_model() in the
reverse order than what is in the suspend code fixes the problem.
Signed-off-by: Cédric Bosdonnat <cbosdonnat@suse.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
[ wei: rebase it on top of staging ] Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Andrew Cooper [Wed, 5 Oct 2016 11:42:15 +0000 (12:42 +0100)]
xen/common: Replace incorrect mandatory barriers with SMP barriers
Mandatory barriers are only for use with reduced-cacheability MMIO mappings.
All of these uses are just to deal with shared memory between multiple
processors, so use the smp_*() which are the correct barriers for the purpose.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Julien Grall [Mon, 5 Dec 2016 17:43:23 +0000 (17:43 +0000)]
xen/arm: traps: Emulate ICC_SRE_EL1 as RAZ/WI
Recent Linux kernel (4.4 and onwards [1]) is checking whether it is possible
to enable sysreg access (ICC_SRE_EL1.SRE) when the ID register
(ID_AA64PRF0_EL1.GIC) is reporting the presence of the sysreg interface.
When the guest has been configured to use GICv2, the hypervisor will
disable sysreg access for this vm (via ICC_SRE_EL2.Enable) and therefore
access to system register such as ICC_SRE_EL1 are trapped in EL2.
However, ICC_SRE_EL1 is not emulated by the hypervisor. This means that
Linux will crash as soon as it is trying to access ICC_SRE_EL1.
To solve this problem, Xen can implement ICC_SRE_EL1 as read-as-zero
write-ignore. The emulation will only be used when sysreg are disabled
for EL1.
[1] 963fcd409 "arm64: cpufeatures: Check ICC_EL1_SRE.SRE before
enabling ARM64_HAS_SYSREG_GIC_CPUIF"
arm/irq: Reorder check when the IRQ is already used by someone
Call irq_get_domain for the IRQ we are interested in
only after making sure that it is the guest IRQ to avoid
ASSERT(test_bit(_IRQ_GUEST, &desc->status)) triggering.
The restriction on non contiguous memory was resolved by commit 2d02b05c77fc5e7c76bf6f112db84bbaa44fdcb5:
"xen: arm: improve handling of system with non-contiguous RAM regions"
So, reverting this change,to enable Xen image placement at the end of the
useable system RAM.
Peng Fan [Fri, 23 Sep 2016 02:55:34 +0000 (10:55 +0800)]
xen/arm: domain_build: allocate lowmem for dom0 as much as possible
On AArch64 SoCs, some IPs may only have the capability to access
32 bits address space. The physical memory assigned for Dom0 maybe
not in 4GB address space, then the IPs will not work properly.
So need to allocate memory under 4GB for Dom0.
There is no restriction that how much lowmem needs to be allocated for
Dom0 ,so allocate lowmem as much as possible for Dom0.
This patch does not affect 32-bit domain, because Variable "lowmem" is
set to true at the beginning. If failed to allocate bank0 under 4GB,
need to panic for 32-bit domain, because 32-bit domain requires bank0
be allocated under 4GB.
For 64-bit domain, set "lowmem" to false, and continue allocating
memory from above 4GB.
Jun Sun [Mon, 10 Oct 2016 19:27:56 +0000 (12:27 -0700)]
Don't clear HCR_VM bit when updating VTTBR.
Currently function p2m_restore_state() would clear HCR_VM bit, i.e.,
disabling stage2 translation, before updating VTTBR register. After
some research and talking to ARM support, I got confirmed that this is not
necessary. We are currently working on a new platform that would need this
to be removed.
The patch is tested on FVP foundation model.
Signed-off-by: Jun Sun <jsun@junsun.net> Acked-by: Steve Capper <steve.capper@linaro.org> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Juergen Gross [Tue, 6 Dec 2016 06:41:54 +0000 (07:41 +0100)]
tools/xenstore: avoid unterminated string in xs_directory_part()
Commit d4016288ab1f ("xenstore: support XS_DIRECTORY_PART in
libxenstore") introduced a theoretical bug: the generation count of
the read node is transferred via strncpy without forcing a NUL byte
at the end. Correct this.
Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Wei Liu [Mon, 5 Dec 2016 16:45:36 +0000 (16:45 +0000)]
Travis-ci: specify KCONFIG_ALLCONFIG for randconfig
The file provided contains symbols that must be set to certain values.
This then prevents random build breakage in travis due to
known-incompatible symbol selections.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
Andrew Cooper [Tue, 25 Oct 2016 18:41:01 +0000 (19:41 +0100)]
x86/emul: Debugging improvements to the test harness
Disable stdout buffering, so logging gets out even if the harness crashes.
Add a verbose option (compile time disabled) which dumps all read/write calls
the harness makes
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Fri, 2 Dec 2016 18:23:02 +0000 (18:23 +0000)]
x86/shadow: Drop stale adjustment in the PAE second-half search
This shouldn't have been present in c/s 29a57c992 "x86/emul: Rework emulator
event injection". It was a leftover from a previous version of the series.
This conditional has no effect on the behaviour following it, as both
X86EMUL_EXCEPTION and X86EMUL_UNHANDLEABLE fall into the same "return back to
guest" path.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Tim Deegan <tim@xen.org>
Andrew Cooper [Tue, 24 May 2016 10:56:58 +0000 (11:56 +0100)]
x86/pagewalk: Improve print_gw()
print_gw() has no callers, meaning that it only gets used as part of manual
debugging. As such, the FILE/LINE references are of no practical use, and
voluminous in the log. Additionally, the function becoming empty in a
non-debug build is unhelpful. Switch from gdprintk() to gprintk().
Print the entry and mfn for a specific level on the same line. This halves
the number of lines printed overall. There needs to be a small adjustment to
the #ifdef'ary to maintain the proper l3e behaviour for 3-level paging, where
there is no l3mfn to print.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Tim Deegan <tim@xen.org>
projects / xen.git / log