Julien Grall [Mon, 25 May 2015 20:44:20 +0000 (21:44 +0100)]
xen/arm: vgic-v3: Clean the emulation of IROUTER
The read emulation of the register IROUTER contains lots of uncessary
code as irouter is already valid and doesn't need any processing before
setting the value in a register.
Also take the opportunity to factorize the code to find a vCPU from the
affinity in a single place. It will be easier to change the way to do it
later.
Razvan Cojocaru [Fri, 5 Jun 2015 10:20:18 +0000 (12:20 +0200)]
vm_event: clean up control-register-write vm_events and add XCR0 event
As suggested by Andrew Cooper, this patch attempts to remove
some redundancy and allow for an easier time when adding vm_events
for new control registers in the future, by having a single
VM_EVENT_REASON_WRITE_CTRLREG vm_event type, meant to serve CR0,
CR3, CR4 and (newly introduced) XCR0. The actual control register
will be deduced by the new .index field in vm_event_write_ctrlreg
(renamed from vm_event_mov_to_cr).
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Tim Deegan <tim@xen.org>
Jan Beulich [Fri, 5 Jun 2015 10:09:18 +0000 (12:09 +0200)]
x86/paging: remove pointless current domain checks
Checking that the subject domain is not the current one is pointless
when already having paused that domain: domain_pause() already
ASSERT()s this to be the case.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org>
Daniel Kiper [Tue, 2 Jun 2015 13:33:26 +0000 (15:33 +0200)]
tools: link executables with libtinfo explicitly
binutils 2.22 changed ld default from --copy-dt-needed-entries
to -no-copy-dt-needed-entries. This revealed that some objects
are linked implicitly with libtinfo and newer ld fails to build
relevant executables.
Below is short explanation why we should not do that...
The default behaviour for ld (my note: before version 2.22) allows
users to 'indirectly' link to required objects/libraries through
intermediate objects/libraries. While this is convenient, it can
also be dangerous because it makes your program's dependencies tied
to the dependencies of other objects. If those objects ever change
their linkages, they can break your program without any changes
to your own code!
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Julien Grall [Wed, 6 May 2015 18:52:30 +0000 (19:52 +0100)]
xen/arm: gic-hip04: Resync the driver with the GICv2
The GIC hip04 driver was differring from GICv2. I suspect that some of
the changes in the common GIC code make boot fail on hip04. Although, I
don't have a platform to check so it has been only build tested.
List of GICv2 commit ported to the HIP04:
commit ce12e6dba4b2d120e35dffd95a745452224e7144
Author: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Date: Fri Apr 10 16:21:10 2015 +1000
xen/arm: Don't write to GICH_MISR
GICH_MISR is read-only in GICv2.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
commit 2eb4f996547dc632aa94b2b7b4f783bec8ffe457
Author: Julien Grall <julien.grall@linaro.org>
Date: Wed Apr 1 17:21:47 2015 +0100
xen/arm: gic: GICv2 & GICv3 only supports 1020 physical interrupts
GICD_TYPER.ITLinesNumber can encode up to 1024 interrupts. Although,
IRQ 1020-1023 are reserved for special purpose.
The result is used by the callers of gic_number_lines in order to check
the validity of an IRQ.
Currently the function to translate IRQ from the device tree is set
unconditionally to be able to be able to retrieve serial/timer IRQ
before the GIC has been initialized.
It assumes that the xlate function won't ever changed. We may also need
to have the primary interrupt controller very early.
Rework the gic initialization in 2 parts:
- gic_preinit: Get the interrupt controller device tree node and
set up GIC and xlate callbacks
- gic_init: Initialize the interrupt controller and the boot CPU
interrupts.
The former function will be called just after the IRQ subsystem as been
initialized.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Frediano Ziglio <frediano.ziglio@huawei.com> Cc: Zoltan Kiss <zoltan.kiss@huawei.com> Signed-off-by: Julien Grall <julien.grall@citrix.com> Cc: Zoltan Kiss <zoltan.kiss@huawei.com> Reviewed-by: Zoltan Kiss <zoltan.kiss@huawei.com> Tested-by: Shameerali Kolothum Thodi <shameerali.kolothum.thodi@huawei.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Mon, 1 Jun 2015 17:24:35 +0000 (18:24 +0100)]
libxl: remove code in stubdom creation failure path and callback
The snippet to destroy stubdom and the callback were added in 1fc3aeb3
("libxl: use new QEMU xenstore protocol"). The intention was to destroy
stubdom when it is not responsive. That approach is problematic because
rc is not propagate back to sdss->callback, hence the guest is leaked.
The solution is simple. The destruction of stubdom can be done later in
sdss->callback. That code path already does the right thing to destroy
both the guest and the stubdom that serves the guest.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Mon, 1 Jun 2015 10:19:14 +0000 (11:19 +0100)]
libxl: fix HVM vNUMA
This patch does two thing:
The original code erroneously fills in xc_hvm_build_args before
generating vmemranges. The effect is that guest memory is populated
without vNUMA information. Move the hunk to right place to fix this.
Move the subtraction of video ram to libxl__vnuma_build_vmemrange_hvm
because it's the central place for generating vmemranges.
Reported-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Dario Faggioli <dario.faggioli@citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Mon, 1 Jun 2015 10:19:13 +0000 (11:19 +0100)]
libxc: rework vnuma bits in setup_guest
Make the setup process similar to PV counterpart. That is, to allocate a
P2M array that covers the whole memory range and start from there. This
is clearer than using an array with no holes in it.
Also the dummy layout should take MMIO hole into consideration. We might
end up having two vmemranges in the dummy layout.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Mon, 1 Jun 2015 10:19:12 +0000 (11:19 +0100)]
libxc: print more error messages when failed
No functional changes introduced.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Mon, 1 Jun 2015 10:19:11 +0000 (11:19 +0100)]
libxc/libxl: fill xc_hvm_build_args in libxl
When building HVM guests, originally some fields of xc_hvm_build_args
are filled in xc_hvm_build (and buried in the wrong function), some are
set in libxl__build_hvm before passing xc_hvm_build_args to
xc_hvm_build. This is fragile.
After examining the code in xc_hvm_build that sets those fields, we can
in fact move setting of mmio_start etc in libxl. This way we consolidate
memory layout setting in libxl.
The setting of firmware data related fields is left in xc_hvm_build
because it depends on parsing ELF image. Those fields only point to
scratch data that doesn't affect memory layout.
There should be no change in the generated guest memory layout. But the
semantic is changed for xc_hvm_build. Toolstack that built directly on
top of libxc need to adjust to this change.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: "Chen, Tiejun" <tiejun.chen@intel.com> Cc: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel De Graaf [Tue, 26 May 2015 18:13:28 +0000 (14:13 -0400)]
xen/flask: change bool_maxstr to PAGE_SIZE
When FLASK_{GET,SET}BOOL is called with a named boolean, the call to
flask_security_resolve_bool is made prior to bool_maxstr being populated
by flask_security_make_bools. This results in the maximum string length
being specified as zero, which is not useful. While it would be
possible to initialize bool_maxstr correctly prior to its use, it is
simpler to use a fixed maximum of PAGE_SIZE as is done for the other
calls to safe_copy_string_from_guest.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Daniel De Graaf [Tue, 26 May 2015 18:13:27 +0000 (14:13 -0400)]
flask/policy: updates from osstest runs
Migration and HVM domain creation both trigger AVC denials that should
be allowed in the default policy; add these rules.
Guest console writes need to be either allowed or denied without audit
depending on the decision of the local administrator; introduce a policy
boolean to switch between these possibilities.
Reported-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Sat, 23 May 2015 08:24:10 +0000 (08:24 +0000)]
xentrace: install into sbin
Collecting the trace buffer requires root permissions. Adjust Makefile
to install xentrace and xentrace_setsize into sbindir. Leave the
existing support for BIN in place for upcoming changes.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: George Dunlap <george.dunlap@eu.citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Andrew Cooper [Wed, 3 Jun 2015 07:25:43 +0000 (09:25 +0200)]
x86/apic: Disable the LAPIC later in smp_send_stop()
__stop_this_cpu() may reset the LAPIC mode back from x2apic to xapic, but will
leave x2apic_enabled alone. This may cause disconnect_bsp_APIC() in
disable_IO_APIC() to suffer a #GP fault.
Disabling the LAPIC can safely be deferred to being the last action.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
sched_rt.c: In function ‘rt_init’:
sched_rt.c:442:26: error: assignment from incompatible pointer type [-Werror]
_cpumask_scratch = xmalloc_array(cpumask_var_t, nr_cpu_ids);
^
sched_rt.c: In function ‘rt_alloc_pdata’:
sched_rt.c:489:29: error: passing argument 1 of ‘alloc_cpumask_var’ from incompatible pointer type [-Werror]
if ( !alloc_cpumask_var(&_cpumask_scratch[cpu]) )
This is because cpumask_var_t is not a type alias to cpumask_t** when
the number of CPU > 2 * BITS_PER_LONG. The correct type for
_cpumask_scratch should be cpumask_var_t*.
Ross Lagerwall [Tue, 2 Jun 2015 11:44:24 +0000 (13:44 +0200)]
efi: fix allocation problems if ExitBootServices() fails
If calling ExitBootServices() fails, the required memory map size may
have increased. When initially allocating the memory map, allocate a
slightly larger buffer (by an arbitrary 8 entries) to fix this.
The ARM code path was already allocating a larger buffer than required,
so this moves the code to be common for all architectures.
This was seen on the following machine when using the iscsidxe UEFI
driver. The machine would consistently fail the first call to
ExitBootServices().
System Information
Manufacturer: Supermicro
Product Name: X10SLE-F/HF
BIOS Information
Vendor: American Megatrends Inc.
Version: 2.00
Release Date: 04/24/2014
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Roy Franz <roy.franz@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Dario Faggioli [Tue, 2 Jun 2015 11:43:15 +0000 (13:43 +0200)]
sched_rt: print useful affinity info when dumping
In fact, printing the cpupool's CPU online mask
for each vCPU is just redundant, as that is the
same for all the vCPUs of all the domains in the
same cpupool, while hard affinity is already part
of the output of dumping domains info.
Instead, print the intersection between hard
affinity and online CPUs, which is --in case of this
scheduler-- the effective affinity always used for
the vCPUs.
This change also takes the chance to add a scratch
cpumask area, to avoid having to either put one
(more) cpumask_t on the stack, or dynamically
allocate it within the dumping routine. (The former
being bad because hypervisor stack size is limited,
the latter because dynamic allocations can fail, if
the hypervisor was built for a large enough number
of CPUs.) We allocate such scratch area, for all pCPUs,
when the first instance of the RTDS scheduler is
activated and, in order not to loose track/leak it
if other instances are activated in new cpupools,
and when the last instance is deactivated, we (sort
of) refcount it.
Such scratch area can be used to kill most of the
cpumasks{_var}_t local variables in other functions
in the file, but that is *NOT* done in this chage.
Finally, convert the file to use keyhandler scratch,
instead of open coded string buffers.
Andrew Cooper [Mon, 1 Jun 2015 10:00:18 +0000 (12:00 +0200)]
docs: clarification to terms used in hypervisor memory management
Memory management is hard[citation needed]. Furthermore, it isn't helped by
the inconsistent use of terms through the code, or that some terms have
changed meaning over time.
Describe the currently-used terms in a more practical fashon, so new code has
a concrete reference.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Tim Deegan <tim@xen.org>
Ross Lagerwall [Mon, 1 Jun 2015 09:59:14 +0000 (11:59 +0200)]
x86: don't crash when mapping a page using EFI runtime page tables
When an interrupt is received during an EFI runtime service call, Xen
may call map_domain_page() while using the EFI runtime page tables.
This fails because, although the EFI runtime page tables are a
copy of the idle domain's page tables, current points at a different
domain's vCPU.
To fix this, return NULL from mapcache_current_vcpu() when using the EFI
runtime page tables which is treated equivalently to running in an idle
vCPU.
This issue can be reproduced by repeatedly calling GetVariable() from
dom0 while using VT-d, since VT-d frequently maps a page from interrupt
context.
With Remus, the restore flow should be:
the first full migration stream -> { periodically restore stream }
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Yang Hongyang [Mon, 18 May 2015 07:03:55 +0000 (15:03 +0800)]
libxc/save: implement Remus checkpointed save
With Remus, the save flow should be:
live migration->{ periodically save(checkpointed save) }
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Yang Hongyang [Mon, 18 May 2015 07:03:54 +0000 (15:03 +0800)]
libxc/save: refactor of send_domain_memory_live()
Split the send_domain_memory_live() into three helper function:
- send_memory_live() do the actually live send
- suspend_and_send_dirty() suspend the guest and send dirty pages
- send_memory_verify()
The motivation of this is that when we send checkpointed stream, we
will skip the actually live part.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monné [Thu, 28 May 2015 08:56:08 +0000 (10:56 +0200)]
x86/pvh: disable posted interrupts
Enabling posted interrupts requires the virtual interrupt delivery feature,
which is disabled for PVH guests, so make sure posted interrupts are also
disabled or else vmlaunch will fail.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reported-and-Tested-by: Lars Eggert <lars@netapp.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
Jan Beulich [Fri, 22 May 2015 15:34:51 +0000 (17:34 +0200)]
x86/cpuidle: prevent out of bounds array access
... resulting from fbeef5570c ("x86/cpuidle: get accurate C0 value with
xenpm tool"). For consistency also no longer account an unknown state
to C0 in pmstat_get_cx_stat().
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citirx.com>
Jan Beulich [Fri, 22 May 2015 08:50:14 +0000 (10:50 +0200)]
x86: switch default mapping attributes to non-executable
Only a very limited subset of mappings need to be done as executable
ones; in particular the direct mapping should not be executable to
limit the damage attackers can cause by exploiting security relevant
bugs.
The EFI change at once includes an adjustment to set NX only when
supported by the hardware.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 22 May 2015 08:45:43 +0000 (10:45 +0200)]
x86: move syscall trampolines off the stack
This is needed as stacks are going to become non-executable. Use
separate stub pages (shared among suitable CPUs on the same node)
instead.
Stub areas (currently 128 bytes each) are being split into two parts -
a fixed usage one (the syscall ones) and dynamically usable space,
which will be used by subsequent changes to hold dynamically generated
code during instruction eumlation.
While sharing physical pages among certain CPUs on the same node, for
now the virtual mappings get established in distinct pages for each
CPU. This isn't a strict requirement, but simplifies VA space
management for this initial implementation: Sharing VA space would
require additional tracking of which areas are currently in use. If
the VA and/or TLB overhead turned out to be a problem, such extra code
could easily be added.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 22 May 2015 08:13:30 +0000 (10:13 +0200)]
x86/shadow: fix uninitialized rc in shadow_track_dirty_vram()
Commit bd1b4a71b3 ("x86/shadow: fix shadow_track_dirty_vram to work on
hvm guests"), trying to mirror its HAP counterpart, deleted a couple of
assignments to rc without making sure rc is initialized on all paths.
Coverity ID: 1299410 Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Tim Deegan <tim@xen.org>
Andrew Cooper [Fri, 22 May 2015 08:13:04 +0000 (10:13 +0200)]
x86/irq: limit the maximum number of domain PIRQs
c/s 7e73a6e "have architectures specify the number of PIRQs a hardware domain
gets" increased the default number of pirqs for dom0, as 256 was found to be
too low in some cases.
However, it didn't account for the upper bound presented by the domains EOI
bitmap, registered with the PHYSDEVOP_pirq_eoi_gmfn_v* hypercall.
On a server with 240 cpus, Xen was observed to be attempting to clear the EOI
bit for dom0's pirq 0xb40f, which hit a pagefault.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Huaitong Han [Fri, 22 May 2015 08:12:02 +0000 (10:12 +0200)]
x86/cpuidle: get accurate C0 value with xenpm tool
When checking the ACPI funciton of C-status, after 100 seconds sleep,
the sampling value of C0 status from the xenpm tool decreases.
Because C0=NOW()-C1-C2-C3-C4, when NOW() value is during idle time,
NOW() value is bigger than last C-status update time, and C0 value
is also bigger than ture value. if margin of the second error cannot
make up for margin of the first error, the value of C0 would decrease.
Signed-off-by: Huaitong Han <huaitong.han@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Fri, 22 May 2015 08:10:28 +0000 (10:10 +0200)]
public: restrict xen_arch_domainconfig visibility
As an extension to 931f5777c7 ("public: clarify xen_arch_domainconfig
ABI statement") limit the respective definitions' visibility to
hypervisor and tools.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Thu, 21 May 2015 16:31:39 +0000 (17:31 +0100)]
docs: correct pod syntax
Olaf reports:
[ 146s] man/xl.pod.1 around line 1529: '=item' outside of any '=over'
[ 146s] man/xl.pod.1 around line 1531: You forgot a '=back' before '=head1'
[ 146s] POD document had syntax errors at /usr/bin/pod2text line 84.
[ 146s] Makefile:167: recipe for target 'txt/man/xl.1.txt' failed
[ 146s] make[1]: *** [txt/man/xl.1.txt] Error 255
Reported-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Olaf Hering [Mon, 11 May 2015 15:33:51 +0000 (15:33 +0000)]
tools: add configure --with-dumpdir=DIR option
The current base directory /var/xen/dump for domU dumps will be patched
to /var/lib/xen/dump by most distros to follow FHS.
This change does three things:
- change the default from /var/xen/dump to /var/lib/xen/dump
- provide a configure option to avoid patching the source.
- update docs to refer to the new default location
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- s,/var,LOCALSTATEDIR, in help test, ran autogen.sh ]
Ian Campbell [Wed, 20 May 2015 14:39:00 +0000 (15:39 +0100)]
libxl: assign a default ssidref (XSM label) to guests
We have now arranged for SECINITSID_DOMU and SECINITSID_DOMDM to be
defined (correspondng to system_u:system_r:domU_t and
system_u:system_r:dm_dom_t respectively in the default policy). Use
these as the default for the SSID of every (stub)domain.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Wei.Liu2@citrix.com Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Ian Campbell [Wed, 20 May 2015 14:38:57 +0000 (15:38 +0100)]
xen: flask: Restrict generated header to xen + tools
This isn't strictly necessary but since it is going to be exposed via
tools/include in a later patch this will help prevent accidental
leakage beyond the tools.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Wei Liu [Mon, 18 May 2015 16:37:22 +0000 (17:37 +0100)]
docs: remove qemu-upstream_howto_use_it.markdown
QEMU upstream has been the default for several releases. The only
setting described in that document is no longer required.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Keir Fraser <keir@xen.org> Cc: Tim Deegan <tim@xen.org> Cc: Anthony Perard <anthony.perard@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Fri, 15 May 2015 15:51:19 +0000 (16:51 +0100)]
xen/arm: Drop support of platform where GICH_LR_HW is not working correctly
Until recently, a maintenance IRQ was requested for any IRQ injected to
the guest on x-gene platform.
The commit 50dcb3de603927db2fd87ba09e29c817415aaa44 "xen: arm: X-Gene Storm
check GIC DIST address for EOI quirk" disable the quirk for boards using
the new firmware.
It is known that the quirk is fragile and cause performance regression.
Given that firmware is available for people having the board, I think
we can request the user to upgrade to the latest version.
Andrew Cooper [Mon, 18 May 2015 12:57:24 +0000 (13:57 +0100)]
tools: Fix wild memory allocations from c/s 250f0b4 and 85d78b4
These changesets cause the respective libxc functions to unconditonally
dereference their max_cpus/nodes parameters as part of initial memory
allocations. It will fail at obtaining the correct number of cpus/nodes from
Xen, as the guest handles will not be NULL.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Julien Grall [Wed, 6 May 2015 18:56:13 +0000 (19:56 +0100)]
MAINTAINERS: Remove Frediano Ziglio from "HISILICON HIP04 Support"
His email address is bouncing from more than a month.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Keir Fraser <keir@xen.org> Cc: Jan Beulich <jbeulich@suse.com> Cc: Zoltan Kiss <zoltan.kiss@huawei.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Charles Arnold [Fri, 15 May 2015 17:06:04 +0000 (11:06 -0600)]
libxl: 'valid_devs' may be used uninitialized
Using gcc 4.8 to compile with -Werror.
xl_cmdimpl.c:5493:8: error: 'valid_devs' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (valid_devs == 0)
^
xl_cmdimpl.c:5455:9: note: 'valid_devs' was declared here
int valid_devs;
Signed-off-by: Charles Arnold <carnold@suse.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Fri, 15 May 2015 06:23:11 +0000 (06:23 +0000)]
docs: fix typo in xl.cfg:vfb=
Use singular for option, it refers to vfb= itself.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Jan Beulich [Wed, 22 Apr 2015 12:02:16 +0000 (13:02 +0100)]
libxl: fix "xl mem-set" regression from 0c029c4da2
Said commit ("libxl_set_memory_target: retain the same maxmem offset on
top of the current target") caused a regression for "xl mem-set"
against Dom0: While prior to creation of the first domain this works,
the first domain creation involving ballooning breaks. Due to "enforce"
not being set in the domain creation case, and due to Dom0's initial
->max_pages (in the hypervisor) being UINT_MAX, the calculation of
"memorykb" in the first "xl mem-set" adusting the target upwards
subsequent to domain creation and termination may cause an overflow,
resulting in Dom0's maximum getting to a very small value. This small
maximum will the make the subsequent setting of the PoD target fail.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Jackson [Thu, 14 May 2015 12:41:26 +0000 (13:41 +0100)]
xl: Support (by ignoring) xl migrate --live
xm migrate would do non-live migration (effectively, save, transfer
and restore) by default, unless you specified --live.
xl migrate always does live migration. Honour (by ignoring) --live
for compatibility with old callers. Document this.
(This patch should be backported as far as possible.)
Reported-by: Matthew Vernon <mcv21@cam.ac.uk> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Matthew Vernon <mcv21@cam.ac.uk> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 11 May 2015 15:24:55 +0000 (15:24 +0000)]
tools: replace private DOCDIR with automake docdir
Reuse automake variable instead of inventing a private variable.
The result of this command:
git grep -wnl DOCDIR | xargs sed -i 's@DOCDIR@docdir@g'
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 11 May 2015 15:24:54 +0000 (15:24 +0000)]
tools: replace private LIBDIR with automake libdir
Reuse automake variable instead of inventing a private variable.
The result of this command:
git grep -wnl LIBDIR | xargs sed -i 's@LIBDIR@libdir@g'
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 11 May 2015 15:24:53 +0000 (15:24 +0000)]
tools: replace private MANDIR with automake mandir
Reuse automake variable instead of inventing a private variable.
The result of this command:
git grep -wnl MANDIR | xargs sed -i 's@MANDIR@mandir@g'
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 11 May 2015 15:24:52 +0000 (15:24 +0000)]
tools: replace private INCLUDEDIR with automake includedir
Reuse automake variable instead of inventing a private variable.
The result of this command:
git grep -wnl INCLUDEDIR | xargs sed -i 's@INCLUDEDIR@includedir@g'
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 11 May 2015 15:24:51 +0000 (15:24 +0000)]
tools: replace private PREFIX with automake prefix
Reuse automake variable instead of inventing a private variable.
Only qemu-traditional expects PREFIX in environment, which is provided
by buildmakevars2shellvars.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 11 May 2015 15:24:50 +0000 (15:24 +0000)]
tools: replace private BINDIR with automake bindir
Reuse automake variable instead of inventing a private variable.
The result of this command:
git grep -wnl BINDIR | xargs sed -i 's@BINDIR@bindir@g'
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 11 May 2015 15:24:49 +0000 (15:24 +0000)]
tools: replace private SBINDIR with automake sbindir
Reuse automake variable instead of inventing a private variable.
The result of this command:
git grep -wnl SBINDIR | xargs sed -i 's@SBINDIR@sbindir@g'
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Cc: Mukesh Rathor <mukesh.rathor@oracle.com> Cc: Tim Deegan <tim@xen.org> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: David Scott <dave.scott@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Fri, 8 May 2015 17:01:12 +0000 (18:01 +0100)]
xen/arm: gic-v3: Implement correctly the callback send_SGI
Currently, the GICv3 driver is only able to send an SGI when the cpumask
is provided. Although with the modes SGI_TARGET_OTHERS and SGI_TARGET_SELF,
no cpumask is provided. Any usage of those modes will crash the hypersivor.
Rename gicv3_send_sgi to gicv3_send_sgi_list and implement the
different modes:
- SGI_TARGET_OTHERS: Set the Interrupt Routing Mode (bit 40) to 1
(see Table 4 on Section 4.2.6 PRD03-GENC-010745 24.0)
- SGI_TARGET_SELF: Unlike GICv2, the GICv3 SGI registers don't
provide a specific field. So use gicv3_send_sgi_list and pass
the cpumask of the current CPU
- SGI_TARGET_LIST: Directly call gicv3_send_sgi_list with the given
cpumask
Also, use WRITE_SYSREG64 to write into ICC_SGI1R_EL1 the access is
64-bit on all the architectures.
Olaf Hering [Mon, 20 Apr 2015 13:40:32 +0000 (13:40 +0000)]
libxl: set DISPLAY and XAUTHORITY if sdl is enabled
With this change the following domU.cfg will show the VM window on the
local dom0 display, instead of the remote side (it via ssh -X login):
vnc=0
sdl=1
display=":0"
xauthority="/run/gdm/auth-for-olaf-nMXhOi/database"
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Mon, 20 Apr 2015 13:40:31 +0000 (13:40 +0000)]
libxl: pass environment to device model
Prepare device-model setup functions to pass also environment variables
to the spawned process. This is required for upcoming changes which will
set DISPLAY and XAUTHORITY for SDL.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Wed, 13 May 2015 18:33:41 +0000 (19:33 +0100)]
xl: Add new option dtdev
The option "dtdev" will be used to passthrough a device described
in the device tree to a guest.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
Julien Grall [Wed, 13 May 2015 18:33:40 +0000 (19:33 +0100)]
libxl: Add support for Device Tree passthrough
On ARM, every non-PCI device are described in the device tree. Each of
them can be found via a path.
This patch introduces a very basic support, only the IOMMU will be set
up correctly. The user will have to:
- Describe the device in the partial device tree
- Map manually MMIO/IRQ
This is a first approach, that will allow to have a basic Device Tree
passthrough support in Xen. This could be improved later.
Furthermore add LIBXL_HAVE_DEVICETREE_PASSTHROUGH to indicate we
support Device Tree passthrough and partial device tree (introduced by a
previous patch).
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
Julien Grall [Wed, 13 May 2015 18:33:39 +0000 (19:33 +0100)]
tools/libxl: arm: Use an higher value for the GIC phandle
The partial device tree may contains phandle. The Device Tree Compiler
tends to allocate the phandle from 1.
Reserve the ID 65000 for the GIC phandle. I think we can safely assume
that the partial device tree will never contain a such ID.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
Julien Grall [Wed, 13 May 2015 18:33:38 +0000 (19:33 +0100)]
tools/(lib)xl: Add partial device tree support for ARM
Allow the user to pass additional nodes to the guest device tree. For
this purpose, everything in the node /passthrough from the partial
device tree will be copied into the guest device tree.
The node /aliases will be also copied to allow the user to define
aliases which can be used by the guest kernel.
Note that:
* The interrupt-parent property will be added by the toolstack in
the root node
* The properties compatible, ranges, #address-cells and #size-cells
in /passthrough are mandatory.
The helpers provided by the libfdt don't perform all the necessary
security check on a given device tree. Therefore, only trusted device
tree should be used.
Note: The partial device tree code requires the presence of libfdt
functions which have been only correctly exported in libfdt 1.4.0 and
higher. All the major distributions but Debian Wheezy are using v1.4.0
or higher. It has been decided to disable partial device tree support on
OSes where libfdt doesn't meet the requirement.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- ran autogen.sh ]
Julien Grall [Tue, 17 Mar 2015 17:58:14 +0000 (17:58 +0000)]
tools/libxl: Check if fdt_{first,next}_subnode are present in libfdt
The functions fdt_{first,next}_subnode may not be available because:
* It has been introduced in 2013 => Doesn't work on Wheezy
* The prototype exists but the functions are not exposed. Don't ask
why...
The later has been fixed recently in the dtc repo [1]
When the functions are not available, implement our own in order to use
them in a following patch.
Note that the _hidden attribute is placed in both the prototype and the
declaration because some version of libfdt expose the prototype but not
the declaration.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- ran autogen.sh ]
Andrew Cooper [Thu, 21 May 2015 06:57:19 +0000 (08:57 +0200)]
vmap: avoid hitting an ASSERT with vfree(NULL)
and unconditionally defer the vm_size() call, as it doesn't have a NULL
short circuit.
Reported-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Tested-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Tim Deegan <tim@xen.org>
Andrew Cooper [Thu, 21 May 2015 06:56:01 +0000 (08:56 +0200)]
public: clarify xen_arch_domainconfig ABI statement
This structure is used by XEN_DOMCTL_createdomain, and is liable to be
modified going forwards. Explicitly state that it falls under the
XEN_DOMCTL_INTERFACE_VERSION.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com> Reviewed-by: Don Slutz <dslutz@verizon.com>
Andrew Cooper [Wed, 20 May 2015 11:31:50 +0000 (13:31 +0200)]
x86/domctl: fix getpageframeinfo* handling
In tree, there is one single caller of XEN_DOMCTL_getpageframeinfo3
(xc_get_pfn_type_batch()), and no callers of the older variants.
getpageframeinfo3 and getpageframeinfo2 are compatible if the parameter
contents are considered to be unsigned long, and indeed, a compat guest
calling getpageframeinfo3 falls through into the getpageframeinfo2 handler.
However, getpageframeinfo3 and getpageframeinfo2 have different algorithms for
calculating the eventual frame type, which means that a toolstack will get
different answers depending on whether it is compat or not.
Rewrite getpageframeinfo3 such that the code block can handle both regular and
compat guests, and use the original getpageframeinfo3 algorithm for frame
time, which is more complete.
Remove getpageframeinfo2 and getpageframeinfo1, as they are unused and
obsolete.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Roger Pau Monné [Wed, 20 May 2015 11:26:43 +0000 (13:26 +0200)]
x86/pvh: use a custom IO bitmap for PVH hardware domains
Since a PVH hardware domain has access to the physical hardware create a
custom more permissive IO bitmap. The permissions set on the bitmap are
populated based on the contents of the ioports rangeset.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com>
projects / people / liuw / libxenctrl-split / xen.git / log