xen/arm: Don't use pl011 UART by default for early printk
Add CONFIG_EARLY_PRINTK options in configs/arm{32,64}.mk to let the user
to choose if he wants to have early output, ie before the console is initialized.
This code is specific for each UART. When CONFIG_EARLY_PRINTK is enabled,
Xen will only be able to run on a board with this UART.
If a developper wants to add support for a new UART, he must implement the
following assembly macro/define:
- EALY_UART_BASE_ADDRESS: variable which contains the physical base address
for the UART
- early_uart_init: initialize the UART
- early_uart_ready: check and wait until the UART can transmit a new
character
- early_uart_transmit: transmit a character
For more details about the parameters of each function,
see arm{32,64}/debug-pl011.inc comments.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Tue, 7 May 2013 23:20:38 +0000 (00:20 +0100)]
xen/arm: Remove setup_irq
All calls to this function in ARM code have been removed. This function SHOULD
not be used. If someone calls this function, a linking error will occur.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Tue, 7 May 2013 23:18:29 +0000 (00:18 +0100)]
xen/arm: Remove request_irq
All calls to this function in ARM code have been removed. This function SHOULD
not be used. If someone calls this function, a linking error will occur.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Currently xen doesn't implement SYS MMU. When a device will talk with dom0
with DMA request the domain will use GFN instead of MFN.
For instance on the arndale board, without this patch the network doesn't
work.
The 1:1 mapping is a workaround and MUST be remove as soon as a SYS MMU is
implemented in XEN.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: Allow Xen to run on multiple platform without recompilation
Xen can include various platform support (ie: exynos5, versatile express...)
and choose during boot time a set of callbacks for the current board.
These callbacks will be called in places where each board can have specific
code. For the moment the callbacks are:
- platform_init: additional initialization for the platform
- platform_init_time: some platform (ie: Exynos 5) needs to initialize
the timer with an uncommon way
- platform_specific_mapping: add mapping to dom0 which are not specified
in the device tree
- platform_reset: reset the platform
- platform_poweroff: poweroff the platform
- platform_quirks: list of quirks for a specific board.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: Add generic UART to get the device in the device tree
This generic UART will find the right UART via xen command line
with dtuart=myserial.
"myserial" is the alias of the UART in the device tree. Xen will retrieve
the information via the device tree and call the initialization function for
this specific UART thanks to the device API.
- Define VGIC base address per domain. For the moment the base addresses
to dom0 base addresses.
- The number of interrupt lines (ie number of SPIs) is equal to:
* 0 for guests
* number of host SPIs for dom0
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Map physical range in virtual memory with a specific mapping attribute.
Also add new mapping attributes for ARM: PAGE_HYPERVISOR_NOCACHE
and PAGE_HYPERVISOR_WC.
This function replaces early_ioremap which is only able to deal with 2Mb
aligned mapping. Therefore, vmap initialization has been moved earlier.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Fri, 10 May 2013 16:22:16 +0000 (17:22 +0100)]
xen/mm: Align virtual address on PAGE_SIZE in iounmap
ioremap function can unlikely return an unaligned virtual address if
the physical address itself is unaligned on a page size.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org>
[ ijc -- include asm/page.h to fix build error on x86 ]
Daniel Kiper [Fri, 10 May 2013 15:33:54 +0000 (17:33 +0200)]
tools/libfsimage: Fix clean and distclean make targets
If there is a single colon for a given target and the target
is redefined in another place (e.g. in included file) then
make executes only new target and displays following warning:
Makefile:35: warning: overriding commands for target `clean'
tools/libfsimage/common/../../../tools/libfsimage/Rules.mk:25:
warning: ignoring old commands for target `clean'
To cope with that issue define all required targets as double-colon
rules. Additionally, remove some redundant stuff.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Christoph Egger [Fri, 10 May 2013 14:07:44 +0000 (16:07 +0200)]
docs: make 'gmake dist-docs' work
doc: buildsystem fixes
- use correct pathes (make gmake dist-docs from toplevel directory work)
- configure detects perl as tools/configure does
Signed-off-by: Christoph Egger <chegger@amazon.de> Reviewed-by: Matthew Wilson <msw@amazon.de> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- reran autogen.sh ]
xen/arm: gic_disable_cpu must be called with interrupts disabled
gic_disable_cpu is only called with interrupt disabled.
Use spin_lock instead of spin_lock_irq and check the function is
called with interrupts disabled.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Fri, 10 May 2013 02:17:52 +0000 (03:17 +0100)]
xen/arm: Load dtb after dom0 kernel
On some setup, the first linux page table is at 0x40004000. Xen will load
dom0 device tree at 0x4000100. In case of the device tree is big, linux will
corrupt the device tree.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Fri, 10 May 2013 02:17:48 +0000 (03:17 +0100)]
xen/arm: Don't allow dom0 to access to vpl011 UART0 memory range
As vpl011 UART is not initialized for dom 0, when the domain tries to access to
this range, a segfault will occur in Xen. The right behaviour should be a data
abort for the guest.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Fri, 10 May 2013 13:13:52 +0000 (14:13 +0100)]
arm: cast int<->pointer via uintptr_t
Fixes build on arm64:
gic.c: In function ‘gic_irq_eoi’:
gic.c:726:16: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
gic.c: In function ‘maintenance_interrupt’:
gic.c:776:29: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
gic.c:778:64: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
cc1: all warnings being treated as errors
make[3]: *** [gic.o] Error 1
Konrad has graduated to becoming an maintainer in the Xen hypervisor.
Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Tim Deegan [Thu, 2 May 2013 10:37:56 +0000 (11:37 +0100)]
x86/mm/shadow: remove dead code for avoiding Xen entries on 32-bit tables.
All non-external-mode (==PV) guests have 4-level pagetables now that
the PAE build of Xen is gone.
This patch should have no effect, since the condition it removes could
never be true anyway: the l2 offset of HYPERVISOR_VIRT_START on 64-bit
Xen is much higher than any l2 offset we could have seen in the
tables (and indeed bigger than the 'int' type, which clang was
complaining about). Actual compat PV guest xen entries are handled by
the equivalent test in the 64-bit SHADOW_FOREACH_L2E() below.
Reported-by: Julien Grall <julien.grall@linaro.org> Signed-off-by: Tim Deegan <tim@xen.org>
xen/arm: clear pending irq queues on do_psci_cpu_on
Don't inject irqs to vcpus that are down.
Also when (re)activating a vcpu, clear the vgic and gic irq queues: we
don't want to inject any irqs that couldn't be handled by the vcpu right
before going offline.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: run the vtimer Xen timers on the pcpu the vcpu is running on
The Xen physical timer emulator and virtual timer driver use two
internal Xen timers: initialize them on the pcpu the vcpu is running on,
rather than the processor that it's creating the vcpu.
On vcpu restore migrate the phys_timer and the virt_timer to the
pcpu the vcpu is running on.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: send IPIs to inject irqs into guest vcpus running on different pcpus
If we need to inject an irq into a VCPU that is running on a different
processor, we shouldn't just enqueue the irq into the lr_pending and
inflight lists and wait for something to interrupt the guest execution.
Send an IPI to the target pcpu so that Xen can inject the new interrupt
returning to guest.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
We don't want to support the full vcpu_op hypercall interface, just
VCPUOP_register_vcpu_info: introduce an internal ARM-only
do_arm_vcpu_op function to filter out the vcpu_op hypercalls that
we don't want to support.
Call do_arm_vcpu_op instead of do_vcpu_op from traps.c.
Daniel Kiper [Tue, 7 May 2013 11:51:48 +0000 (13:51 +0200)]
Remove traces of IA-64 architecture support
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Daniel Kiper [Tue, 7 May 2013 11:51:44 +0000 (13:51 +0200)]
stubdom/vtpm: Silently ignore rm errors during make clean
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Roger Pau Monne [Fri, 3 May 2013 11:23:01 +0000 (13:23 +0200)]
libxl: correctly parse storage devices on driver domains
Don't try to check physical devices if they belong to a domain
different than the one where the toolstack is running. This prevents
the following error when trying to use storage driver domains:
libxl: debug: libxl_create.c:1246:do_domain_create: ao 0x1819240: create: how=(nil) callback=(nil) poller=0x1818fa0
libxl: debug: libxl_device.c:235:libxl__device_disk_set_backend: Disk vdev=xvda spec.backend=phy
libxl: debug: libxl_device.c:175:disk_try_backend: Disk vdev=xvda, backend phy unsuitable as phys path not a block device
libxl: error: libxl_device.c:278:libxl__device_disk_set_backend: no suitable backend for disk xvda
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Wei Liu [Tue, 7 May 2013 11:28:54 +0000 (12:28 +0100)]
docs: canonicalize representation of boolean type in xl.cfg
The representations of boolean type in xl docs are inconsistent. This patch
replaces occurences of "1", "0", "[Tt]rue" and "[Ff]alse" with "[Tt]rue (1)"
and "[Ff]alse (0)".
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
We need to write the irq number to GICC_DIR on the physical cpu that
previously received the interrupt, but currently we are doing it on the
pcpu that received the maintenance interrupt. As a consequence if a
vcpu is migrated to a different pcpu, the irq is going to be EOI'ed on
the wrong pcpu.
This covers the case where dom0 vcpu0 is running on pcpu1 for example
(you can test this scenario by using xl vcpu-pin).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Move virt_start out of ioremap and rename it to early_vmap_start.
Implement arch_vmap_virt_end by returning early_vmap_start.
Allocate virtual addresses in early_ioremap from top to bottom so that
later on when we initialize vmap, we can return the end of the vmap
address space (the last address allocated by early_ioremap).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Trap guest WFI, block the guest VCPU unless it has pending interrupts
(WFI should return if any interrupts arrive even if interrupts are
disabled).
Awake the guest vcpu when a new interrupt for it arrives.
Introduce gic_events_need_delivery: it checks whether the current vcpu
has any interrupts that need to be delivered either on the lrs or in
lr_pending.
Properly implement local_events_need_delivery: check if the guest
disabled interrupts, if they aren't disabled, return positive if
gic_events_need_delivery returns positive. Otherwise we still need to
check whether evtchn_upcall_pending is set but no
VGIC_IRQ_EVTCHN_CALLBACK irqs are in flight: it could be the race
described by commit db453468d92369e7182663fb13e14d83ec4ce456 "arm: vgic:
fix race between evtchn upcall and evtchnop_send". If that is the case
it means that an event needs to be injected.
If all these tests are negative then no events need to be delivered.
Implement local_event_delivery_enable by clearing PSR_IRQ_MASK.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Tue, 7 May 2013 14:54:56 +0000 (16:54 +0200)]
netif: define XEN_NETIF_NR_SLOTS_MIN in public header
Xen network protocol has implicit dependency on MAX_SKB_FRAGS. In order to
remove dependency on MAX_SKB_FRAGS, we derive a constant from historical
MAX_SKB_FRAGS for future reference.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Tue, 7 May 2013 14:51:19 +0000 (16:51 +0200)]
rename IS_PRIV to is_hardware_domain
Since the remaining uses of IS_PRIV are actually concerned with the
domain having control of the hardware (i.e. being the initial domain),
clarify this by renaming IS_PRIV to is_hardware_domain. This also
removes IS_PRIV_FOR since the only remaining user was xsm/dummy.h.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release) Acked-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Tue, 7 May 2013 14:50:28 +0000 (16:50 +0200)]
common: remove rcu_lock_target_domain_by_id
This function (and rcu_lock_remote_target_domain_by_id) has no remaining
users, having been replaced with XSM hooks and the other rcu_lock_*
functions. Remove it.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release) Acked-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Tue, 7 May 2013 14:49:53 +0000 (16:49 +0200)]
arm: remove rcu_lock_target_domain_by_id users
This function has been replaced with rcu_lock_domain_by_any_id and an
XSM check. Two callers already had an XSM check; add a check to the
third.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release) Acked-by: Ian Campbell <ian.campbell@citrix.com> (for thae ARM bits)
Daniel De Graaf [Tue, 7 May 2013 14:49:18 +0000 (16:49 +0200)]
xsm: add hooks for claim
Adds XSM hooks for the recently introduced XENMEM_claim_pages and
XENMEM_get_outstanding_pages operations, and adds FLASK access vectors
for them. This makes the access control decisions for these operations
match those in the rest of the hypervisor.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> (for 4.3 release) Acked-by: Keir Fraser <keir@xen.org>
Update return codes of wrmsr_hypervisor_regs, update callers to deal
with the new return codes:
0: not handled
1: handled
-EAGAIN: retry
Currently wrmsr_hypervisor_regs will not return the following error, it
will be added in a separate patch:
-EINVAL: error during handling
Also update the gdprintk to handle a page value of NULL to avoid
printing a bogus MFN value. Update also computing of MSR value in
gdprintk, the idx was always zero.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Keir Fraser <keir@xen.org>
Ian Jackson [Tue, 7 May 2013 12:41:15 +0000 (13:41 +0100)]
README: update version number
Updated the figlet version number to "Xen 4.3-rc". Also remove the
paragraph touting the benefits of Xen 4.2. At some point we should
replace it with a paragraph touting the benefits of Xen 4.3.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Tue, 7 May 2013 10:39:10 +0000 (11:39 +0100)]
tools: Bump some library sonames
libxc (libxenctrl, libxenguest):
New claim_enabled field in struct xc_dom_image;
New nr_outstanding_pages field in struct xc_dominfo;
New fields in struct xc_hvm_build_args (xenguest.h).
libxl:
new fields in dominfo domain_build_info device_vfb device_vkb
device_disk etc. etc. etc.
libxlu #includes libxl headers so needs to inherit its new soname
Use Xen version for new sonames since we don't in fact guarantee
ABI (as opposed to API) stability across releases.
xenstore (libxenstore):
New flag XS_UNWATCH_FILTER, so bump minor version only.
This was the result of reviewing the output from:
git-checkout staging
cd tools
git-diff RELEASE-4.2.2 `find -name \*.h`
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
George Dunlap [Thu, 2 May 2013 11:03:09 +0000 (12:03 +0100)]
libxl: Don't use tapdisk for cd-roms
blktap does not support the insert / eject commands, and so is not
suitable for cd-roms.
This fixes the bug where libxl uses tapdisk as a cdrom back-end, causing
subsequent eject / insert commands to fail.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> CC: Fabio Fantoni <fabio.fantoni@heliman.it> CC: Stefano Stabellini <stefano.stabellini@citrix.com> CC: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Jan Beulich [Thu, 2 May 2013 15:08:58 +0000 (17:08 +0200)]
VT-d: don't permit SVT_NO_VERIFY entries for known device types
Only in cases where we don't know what to do we should leave the IRTE
blank (suppressing all validation), but we should always log a warning
in those cases (as being insecure).
This is CVE-2013-1952 / XSA-49.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: "Zhang, Xiantao" <xiantao.zhang@intel.com>
Jan Beulich [Thu, 2 May 2013 15:04:14 +0000 (17:04 +0200)]
x86: cleanup after making various page table manipulation operations preemptible
This drops the "preemptible" parameters from various functions where
now they can't (or shouldn't, validated by assertions) be run in non-
preemptible mode anymore, to prove that manipulations of at least L3
and L4 page tables and page table entries are now always preemptible,
i.e. the earlier patches actually fulfill their purpose of fixing the
resulting security issue.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Tim Deegan <tim@xen.org>
Jan Beulich [Thu, 2 May 2013 14:48:22 +0000 (16:48 +0200)]
x86/HVM: fix legacy PIC check in pt_update_irq()
Depending on the IRQ we need to
- not look at the PIC at all is this is the LAPIC timer (in that case
we're dealing with a vector number rather than an IRQ one),
- not look at the PIC for any non-legacy interrupt,
- look at the correct PIC for the IRQ (which will always be PIC 2 for
the RTC, and possibly also for HPET).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Tested-by: Roger Pau Monné <roger.pau@citrix.com> (FreeBSD guest) Reviewed-by: Tim Deegan <tim@xen.org>
Jan Beulich [Thu, 2 May 2013 14:47:32 +0000 (16:47 +0200)]
x86/HVM: fix processing of RTC REG_B writes
We must store the new values before calling rtc_update_irq(), and we
need to call rtc_timer_update() when PIE transitions from 0 to 1 (as we
may have previously turned off the periodic timer due to the guest not
reading REG_C, and hence may have to re-enable it in order to start
IRQs getting delivered to the guest).
Note that the timer is being kept running if PIE transitions from 1 to
0, to match the behavior of keeping it running for a brief period of
time if the guest doesn't clear PF in time (in order to avoid
permanently destroying and re-creating the periodic timer).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Tested-by: Roger Pau Monné <roger.pau@citrix.com> (FreeBSD guest) Reviewed-by: Tim Deegan <tim@xen.org>
projects / people / iwj / xen.git / log