Dario Faggioli [Sat, 7 Dec 2013 00:05:03 +0000 (01:05 +0100)]
libxc/libxl: sanitize error handling in *_get_max_{cpus, nodes}
In libxc, make xc_get_max_{cpus,node}() always return either a
positive number or -1, and change all the callers to deal with
that.
In libxl, make libxl_get_max_{cpus,nodes}() always return either a
positive number or a libxl error code. Thanks to that, it is also
possible to fix loggig for libxl_{cpu,node}_bitmap_alloc(), which
now happens inside the functions themselves, more accurately
reporting what happened.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Dario Faggioli [Sat, 7 Dec 2013 00:04:55 +0000 (01:04 +0100)]
libxl: move libxl_{cpu, node}_bitmap_alloc()
in libxl_utils.c (from .h), as they will be reworked in
the next commit ("libxc/libxl: sanitize error handling in
*_get_max_{cpus,nodes}") and we want to keep code motion
separate from functional changes.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Dario Faggioli [Sat, 7 Dec 2013 00:04:32 +0000 (01:04 +0100)]
xl: match output of vcpu-list with pinning syntax
in fact, pinning to all the pcpus happens by specifying "all"
(either on the command line or in the config file), while `xl
vcpu-list' report it as "any cpu".
Change this into something more consistent, by using "all"
everywhere.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Julien Grall [Sun, 8 Dec 2013 02:32:32 +0000 (02:32 +0000)]
xen/arm: arch_domain_create: don't return 0 when alloc_xenheap_pages has failed
The previous call before alloc_xenheap_pages reset rc to 0 if it success.
If the latter fails, arch_domain_create will return 0 and Xen will consider
the domain as valid. Move rc initialization later.
Andrew Cooper [Fri, 6 Dec 2013 15:09:38 +0000 (16:09 +0100)]
tmem: Fix uses of unmatched __map_domain_page()
__map_domain_page() *must* be matched with an unmap_domain_page(). These five
static inline functions each map a page (or two), then throw away the context
needed to unmap it.
Each of the changes are limited to their respective functions. In two cases,
this involved replacing a large amount of pointer arithmetic with memcpy()
(all callers were relying on memcpy() semantics of positive/negative returns
rather than specifically -1/+1). A third case had its pointer arithmetic
entirely replaced with memcpy().
In addition, remove redundant casts of void pointers and assertions.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Tested-by: Bob Liu <bob.liu@oracle.com>
Bob Liu [Fri, 6 Dec 2013 14:58:00 +0000 (15:58 +0100)]
tmem: fix public header file
Commit 006a687ba4de74d7933c09b43872abc19f126c63 dropped typedef tmem_cli_mfn_t
from public tmem.h which may cause some problem.
This patch added tmem_cli_mfn_t back with #ifdef __XEN_INTERFACE_VERSION__
around.
Signed-off-by: Bob Liu <bob.liu@oracle.com> Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Fabio Fantoni [Tue, 19 Nov 2013 15:20:20 +0000 (16:20 +0100)]
libxl: spice usbredirection support for upstream qemu
Usage: spiceusbredirection=NUMBER (default=0)
Enables spice usbredirection. Creates NUMBER usbredirection channels
for redirection of up to 4 usb devices from spice client to domU's qemu.
It requires an usb controller and if not defined will automatically adds
an usb2 controller.
Changes from v3:
- fixed condition that enable usbversion if it isn't defined in presence
of usbredirection enabled
Changes from v2:
- updated for usbversion patch v7
- now usbredirection cannot be used with usb and usbdevice parameters
- if usbversion is undefined it will creates an usb2 controller
Changes from v1:
- Now can be setted the number of redirection channels.
- Various code improvements.
Fabio Fantoni [Thu, 5 Dec 2013 14:40:47 +0000 (14:40 +0000)]
libxl: usb2 and usb3 controller support for upstream qemu
Usage: usbversion=1|2|3 (default=0, no usb controller defined)
Specifies the type of an emulated USB bus in the guest. 1 for usb1,
2 for usb2 and 3 for usb3, it is available only with upstream qemu.
The old usb and usbdevice parameters cannot be used with this.
Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Campbell [Mon, 2 Dec 2013 14:39:05 +0000 (14:39 +0000)]
xen: arm: improve handling of system with non-contiguous RAM regions
arm32 currently only makes use of memory which is contiguous with the first
bank. On the Midway platform this means that we only use 4GB of the 8GB
available.
Change things to make use of non-contiguous memory regions with the
restriction that we require that at least half of the total span of the RAM
addresses contain RAM. The frametable is currently not sparse and so this
restriction avoids problems with allocating enormous amounts of memory for the
frametable to cover holes in the address space and exhausting the actual RAM.
50% is arguably too restrictive. 4GB of RAM requires 32MB of frametable on
arm32 and 56M on arm64, so we could probably cope with a lower ratio of actual
RAM. However half is nice and conservative.
arm64 currently uses all banks without regard for the size of the frametable,
which I have observed causing problems on models. Implement that same
restriction as arm32 there.
Long term we should look at moving to a pfn compression based scheme similar
to x86, which removes the holes from the frametable.
There were some bogus/outdated comments scattered around this code which I
have removed.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Tested-by: Julien Grall <julien.grall@linaro.org> Acked-by: Julien Grall <julien.grall@linaro.org> Cc: George Dunlap <George.Dunlap@eu.citrix.com>
Ian Campbell [Wed, 4 Dec 2013 17:03:02 +0000 (17:03 +0000)]
xen: arm: remove hardcoded gnttab location from dom0
The DT provided to guests (including dom0) includes a Xen node which, among
other things, describes an MMIO region which can be safely used for grant
table mappings (i.e. it is a hole in the physical address space). For domU we
provide a hardcoded values based on our hardcoded guest virtual machine
layout. However for dom0 we need to fit in with the underlying platform.
Leaving this hardcoded was an oversight which on some platforms could result
in the grant table overlaying RAM or MMIO regions which are in use by domain
0.
For the 4.4 release do as we did with the dom0 evtchn PPI and provide a hook
for the platform code to supply a suitable hardcoded address for the platform
(derived from reading the data sheet). Platforms which do not provide the hook
get the existing address as a default.
After 4.4 we should switch to selecting a region of host RAM which is not RAM
in the guest address map. This should be more flexible and safer but the patch
was looking too complex for 4.4.
Platform Gnttab Address
======== ==============
exynos5.c 0xb0000000, confirmed and tested by Julien.
sunxi.c 0x01d00000, confirmed in data sheet.
midway.c 0xff800000, confirmed by Andre, boot tested by Ian.
vexpress.c 0xb0000000, existing hardcoded value was selected for vexpress.
omap5.c 0x4b000000, confirmed by Baozi
xgene-storm.c 0x1f800000, confirmed by Pranavkumar
Andrew Cooper [Fri, 6 Dec 2013 10:28:00 +0000 (11:28 +0100)]
x86/boot: fix BIOS memory corruption on certain IBM systems
IBM System x3530 M4 BIOSes (including the latest available at the time of this
patch) will corrupt a byte at physical address 0x105ff1 to the value of 0x86
if %esp has the value 0x00080000 when issuing an `int $0x15 (ax=0xec00)` to
inform the system about our intended operating mode.
Xen gets unhappy when the bootloader has placed it's .text section in over
this specific region of RAM.
After dropping into 16bit mode, clear all 32 bits of %esp, and for the BIOS
call already documented to be affected by BIOS bugs clear all GPRs.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Keir Fraser <keir@xen.org> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Fri, 6 Dec 2013 10:10:54 +0000 (11:10 +0100)]
Revert "VMX: flush cache when vmentry back to UC guest"
This reverts commit 86d60e85 as well as one related change from 62652c00 ("VMX: fix cr0.cd handling"), on the basis that all of this
flushing is still insufficient and, while not known to fix anything, is
known to negatively affect performance.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Liu Jinsong <jinsong.liu@intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
Yang Zhang [Fri, 6 Dec 2013 10:08:20 +0000 (11:08 +0100)]
Nested VMX: CR emulation fix up
This patch fixs two issues:
1. The CR_READ_SHADOW should only cover the value that L2 wirtes to
CR when L2 is running. But currently, L0 wirtes wrong value to
it during virtual vmentry and L2's CR access emualtion.
2. L2 changed cr[0/4] in a way that did not change any of L1's shadowed
bits, but did change L0 shadowed bits. In this case, the effective cr[0/4]
value that L1 would like to write into the hardware is consist of
the L2-owned bits from the new value combined with the L1-owned bits
from L1's guest cr[0/4].
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
Andre Przywara [Thu, 5 Dec 2013 10:08:12 +0000 (11:08 +0100)]
arm64: enable PSCI secondary CPU bringup
If the device tree contains a PSCI node and the DTB CPU node tells us
to use PSCI for enabling secondary cores, we set the function pointer
to the PSCI wrapper function to enable PSCI SMP bringup.
Signed-off-by: Andre Przywara <andre.przywara@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andre Przywara [Thu, 5 Dec 2013 10:08:11 +0000 (11:08 +0100)]
arm32: enable PSCI secondary CPU bringup
If the device tree contains a PSCI node, we bring up secondary CPUs
by invoking the appropriate PSCI handler.
This will take priority over platform specific functions (which could
call the PSCI wrapper themselves if needed), so any PSCI enablement
of a platform will automatically be used (as on Linux).
Signed-off-by: Andre Przywara <andre.przywara@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andre Przywara [Thu, 5 Dec 2013 10:08:10 +0000 (11:08 +0100)]
arm: add a function to invoke the PSCI handler
The PSCI handler is invoked via a secure monitor call with the
arguments defined in registers. Copy the function from the
Linux code and adjust it to work on both ARM32 and ARM64.
Signed-off-by: Andre Przywara <andre.przywara@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andre Przywara [Thu, 5 Dec 2013 10:08:09 +0000 (11:08 +0100)]
arm: parse PSCI node from the host device-tree
The availability of a PSCI handler is advertised in the DTB.
Find and parse the node (described in the Linux device-tree binding)
and save the function number for bringing up a CPU for later usage.
We do some sanity checks, especially we deny using HVC as a calling
method, as it does not make much sense currently under Xen.
Signed-off-by: Andre Przywara <andre.przywara@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andre Przywara [Thu, 5 Dec 2013 10:08:08 +0000 (11:08 +0100)]
arm: move GIC SGI kicking into separate function
Currently we unconditionally send SGIs to all cores on SMP bringup.
Those SGIs (software generated interrupts) are to push a secondary core
through a gate in the Xen bring up code to filter the right CPU. This gate is
necessary on platforms which do not allow us to wake up a specific secondary
processor and will trap all but the CPU we are trying to wake up.
With PSCI we can explicitly specify the core to startup, so we don't need the
kick here because the CPU will fall straight through Xen's gate.
So we move the GIC kick into a function and call it explicitly from the
platforms that need it. This gets us get rid of the empty cpu_up() platform
functions in ARM32 and the comment in there.
Signed-off-by: Andre Przywara <andre.przywara@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- explain more about the Xen gate in the commit message ]
Andre Przywara [Thu, 5 Dec 2013 10:08:07 +0000 (11:08 +0100)]
arm: rename xen/arch/arm/psci.c into vpsci.c
Follow the current convention of prefixing guest related names
with "v" by renaming the guest PSCI functionality into vpsci.c to make
room for the host PSCI functions.
Signed-off-by: Andre Przywara <andre.przywara@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Wed, 4 Dec 2013 14:54:21 +0000 (14:54 +0000)]
xen: arm: Enable 1:1 workaround by default
I was just about to send out patches adding the 1:1 workaround to vexpress
(the foundation model is a vexpress platfrom with DMA) and sunxi.
That would have meant that all platforms now implement the quirk. Instead lets
just make it the default and remove the quirk.
In the future this will likely be set based on the presence absence of an
IOMMU, perhaps with additional overrides by the platform.
This results in some dead code in domain_build for dealing with the non-1:1
case. This is deliberate and is left in anticipation of IOMMU support in 4.5.
PLATFORM_QUIRK_GIC_64K_STRIDE is renumbered as a side effect of this change.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Daniel Kiper [Mon, 2 Dec 2013 19:13:03 +0000 (20:13 +0100)]
libxenctrl: Fix xc_interface_close() crash if it gets NULL as an argument
xc_interface_close() crashes if it gets NULL as an argument. However,
it just calls xc_interface_close_common() which is called by many
others functions. It means that they are also vulnerable. So fix above
mentioned issue by adding NULL check in xc_interface_close_common().
This way we fix similar issue in other functions which calls
xc_interface_close_common() too.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Tue, 3 Dec 2013 15:13:36 +0000 (15:13 +0000)]
xen: arm: TCR_EL1 is 64-bit on arm64
Storing it in a 32-bit variable in struct arch_vcpu caused breakage over
context switch.
There were also several other places which stored this as the 32-bit value.
Update them all.
The "struct vcpu_guest_context" case needs special consideration. This struct
is in theory is exposed to guests, via the VCPUOP_initialise hypercall.
However as discussed in
http://lists.xen.org/archives/html/xen-devel/2013-10/msg00912.html this isn't
really a guest visible interface since ARM uses PSCI for VCPU bringup
(VCPUOP_initialise simply isn't available) The other users of this interface
are the domctls, which are not a stable API. Therefore while fixing the ttbcr
size also surround the struct in ifdefs to restrict the struct to the
hypervisor and the tools only (omitting the extra complexity of renaming as I
suggested in the referenced thread).
NB TCR_EL1 on arm64 is known as TTBCR on arm32, hence the apparent naming
inconsistencies.
Nathan Studer [Wed, 4 Dec 2013 12:29:00 +0000 (13:29 +0100)]
arinc: add cpu-pool support to scheduler
1. Remove the restriction that dom0 must be in the schedule, since dom-0 may
not belong to the scheduler's pool.
2. Add a schedule entry for each of dom-0's vcpus as they are created.
3. Add code to deal with empty schedules in the do_schedule function.
4. Call the correct idle task for the pcpu on which the scheduling decision
is being made in do_schedule.
5. Add code to prevent migration of a vcpu.
6. Implement a proper cpu_pick function, which prefers the current processor.
7. Add a scheduler lock to protect access to global variables from multiple
PCPUs.
These changes do not implement arinc653 multicore. Since the schedule only
supports 1 vcpu entry per slot, even if the vcpus of a domain are run on
multiple pcpus, the scheduler will essentially serialize their execution.
Signed-off-by: Nathan Studer <nate.studer@dornerworks.com> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Daniel Kiper [Wed, 4 Dec 2013 12:26:37 +0000 (13:26 +0100)]
x86: fix early boot command line parsing
There is no reliable way to encode NUL character as a character so encode
it as a number. Read: http://sourceware.org/binutils/docs/as/Characters.html.
Octal and hex encoding do not work on at least one system (GNU assembler
version 2.22 (x86_64-linux-gnu) using BFD version (GNU Binutils for Debian) 2.22).
Without this fix e.g. no-real-mode option at the end of xen.gz command line
is not detected.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Keir Fraser <keir@xen.org>
Jan Beulich [Wed, 4 Dec 2013 12:23:27 +0000 (13:23 +0100)]
nested VMX: fix I/O port exit emulation
For multi-byte operations all affected ports' bits in the bitmap need
to be checked, not just the first port's one.
Reported-by: Matthew Daley <mattd@bugfuzz.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
Jan Beulich [Tue, 3 Dec 2013 11:41:54 +0000 (12:41 +0100)]
use return value of domain_adjust_tot_pages() where feasible
This is generally cheaper than re-reading ->tot_pages.
While doing so I also noticed an improper use (lacking error handling)
of get_domain() as well as lacks of ->is_dying checks in the memory
sharing code, which the patch fixes at once. In the course of doing
this I further noticed other error paths there pointlessly calling
put_page() et al with ->page_alloc_lock still held, which is also being
reversed.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Acked-by: Keir Fraser <keir@xen.org>
Apart from the Coverity-detected lock order reversal (a domain's
page_alloc_lock taken with the heap lock already held), calling
put_page() with heap_lock is a bad idea too (as a possible descendant
from put_page() is free_heap_pages(), which wants to take this very
lock).
From all I can tell the region over which heap_lock was held was far
too large: All we need to protect are the call to mark_page_offline()
and reserve_heap_page() (and I'd even put under question the need for
the former). Hence by slightly re-arranging the if/else-if chain we
can drop the lock much earlier, at once no longer covering the two
put_page() invocations.
Once at it, do a little bit of other cleanup: Put the "pod_replace"
code path inline rather than at its own label, and drop the effectively
unused variable "ret".
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Tim Deegan <tim@xen.org> Acked-by: Keir Fraser <keir@xen.org>
Andrew Cooper [Tue, 3 Dec 2013 11:39:22 +0000 (12:39 +0100)]
fix string inconsistencies in callers of panic()
panic() (as well as early_panic() in arm) is inconsistently called with or
without a trailing newline. This results in cases where the lower line of
*****s is not on its own line.
Change panic() to always print a newline itself, and update callers not to.
In addition, panic() was occasionally called with a leading newline, and
occaionally with trailing punctuation which seems rather redundant given the
surrounding context. Fix up these sitiuations as well.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Tim Deegan <tim@xen.org> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Keir Fraser <keir@xen.org>
Roger Pau Monné [Tue, 3 Dec 2013 11:33:58 +0000 (12:33 +0100)]
blkif: add indirect descriptors interface to public headers
Indirect descriptors introduce a new block operation
(BLKIF_OP_INDIRECT) that passes grant references instead of segments
in the request. This grant references are filled with arrays of
blkif_request_segment_aligned, this way we can send more segments in a
request.
This interface is already implemented in Linux >= 3.11.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Keir Fraser <keir@xen.org>
Jan Beulich [Tue, 3 Dec 2013 08:57:41 +0000 (09:57 +0100)]
common/vsprintf: fix return value when formatting symbolic addresses
When the buffer to be formatted to is too small, the function return
value is expected to be the number of characters that would be printed
(particularly important if that value is then used for allocating a
buffer). Hence incrementing the active pointer must always be
independent of actually storing a character.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Keir Fraser <keir@xen.org>
Ian Campbell [Mon, 2 Dec 2013 11:11:40 +0000 (11:11 +0000)]
xen: arm: avoid truncation in mfn to paddr conversions
Although MFNs are 64-bit in the hypercall ABI they are most often unsigned
long internally, and therefore be 32-bit on arm32. Physical addresses are
always 64-bit via paddr_t.
This means that the common "mfn << PAGE_SHIFT" pattern risks losing some of
the top bits of the address is high enough. This need not imply a high amount
of RAM, just a sparse physical address map.
The correct form is ((paddr_t)mfn)<<PAGE_SHIFT and we have the pfn_to_paddr
macro which implements this. Grep for PAGE_SHIFT and << and switch to the
macro everywhere we can in the arch specific code. Note that page.h is
included by mm.h which defines the macro and so remains with the open coded
cast. I have inspected the common code matching this pattern and it uses the
correct casts where necessary (x86 also has pfn_to_paddr, so as a further
cleanup we could fix the common code too, but I haven't done that here).
I observed this as failure to boot a guest on midway, due to trying to map a
foreign page which belonged to no guest. I think this likely explains the
crashes which Julien has seen too.
Andrew Cooper [Fri, 22 Nov 2013 21:09:53 +0000 (21:09 +0000)]
xen/build: Remove unreferenced figlet files
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Keir Fraser <keir@xen.org> CC: Jan Beulich <JBeulich@suse.com> CC: Tim Deegan <tim@xen.org> Acked-by: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
Andrew Cooper [Fri, 22 Nov 2013 21:08:00 +0000 (21:08 +0000)]
xen/build: Use a distro version of figlet
It is quite inappropriate to keep a hacked up versions of figlet in our source
tree, especially when the purpose of the hackary is just to provide a text to
octal conversion.
This version of figlet contributes a surprisingly large proportion of the
Coverity issues found under xen/ (and therefore attributed against Xen)
Figlet can be found in all distros, so make use of it. We keep xen.flf (being
the Xen figlet font) and replace the hacked up octal transform with a short
python script.
The Xen Makefile has been tweaked in such a way that it still prints the
figlet banner for the build.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Keir Fraser <keir@xen.org> CC: Jan Beulich <JBeulich@suse.com> CC: Tim Deegan <tim@xen.org> Acked-by: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
Matthew Daley [Sun, 1 Dec 2013 10:14:59 +0000 (23:14 +1300)]
libxl: remove unsigned less-than-0 comparison
...from libxl_cpuid_parse_config_xend. value is unsigned so this doesn't
work, and either way the following comparison on it being bigger than 3
does what was intended here anyway.
Coverity-ID: 1055614 Signed-off-by: Matthew Daley <mattd@bugfuzz.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Matthew Daley [Mon, 2 Dec 2013 00:27:27 +0000 (13:27 +1300)]
libxl: don't leak p in libxl__wait_for_backend
Use libxl__xs_read_checked instead of xs_read. While at it, tidy up the
function as well.
Coverity-ID: 1055891 Signed-off-by: Matthew Daley <mattd@bugfuzz.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Jean-Yves Migeon [Fri, 29 Nov 2013 10:39:23 +0000 (11:39 +0100)]
Fix ptr calculation when converting from a VA
The ptr calculation shall take the offset into the page into account
when ptr is valid.
Reported regression on NetBSD's port-xen with last known working libxen
being rev 2.9. This corrupts the kernel symbol table when the table is
not loaded on a page boundary.
Issue was tracked down by FastIce and Jeff Rizzo. See also
http://mail-index.netbsd.org/port-xen/2013/10/16/msg008088.html
Signed-off-by: Jean-Yves Migeon <jym@NetBSD.org> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Paul Durrant [Wed, 13 Nov 2013 16:09:32 +0000 (16:09 +0000)]
docs: Add some words describing xen-pvdevice
This patch adds a short description of xen-pvdevice to
pci-device-reservations.txt, which contains the canonical list
of device IDs that may be used to create xen-pvdevice instances.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- ran expand to de-tabbify ]
Ian Campbell [Thu, 21 Nov 2013 10:49:14 +0000 (10:49 +0000)]
xen: arm: Remove useless and incorrect EXPORT_SYMBOLS
Dietmar noticed that one of these was incorrect, but in actual fact they are
not even used. They are defined as nops in Xen for the benefit of code
imported to Linux which ARM's smpboot.c is not.
Just get rid of them.
Reported-by: Dietmar Hahn <dietmar.hahn@ts.fujitsu.com> Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen: arm: flush dcache while preparing the device tree for Dom0
Without flushing dcache the hypervisor couldn't copy the device tree
correctly when booting the kernel dom0 Image (memory with device tree
is corrupted). As the result - when we try to load the kernel dom0
Image - dom0 hungs frequently. This issue is not reproduced with the
kernel dom0 zImage because the zImage decompressor code flushes all
dcache before starting the decompressed kernel Image. When the
hypervisor loads the kernel image or initrd, this memory region
isn't corrupted because the hypervisor code flushes the dcache.
Anthony PERARD [Wed, 27 Nov 2013 18:21:34 +0000 (18:21 +0000)]
libxl: Handle xen_platform_pci=0 case with qemu-xen.
This should result in QEMU *not* adding the xen-platform device.
Since QEMU 1.6, this can be achieved by using a different qemu machine.
The one used by libxl is "xenfv", but using QEMU >=1.6 with "-machine
pc,accel=xen" works as well with only one difference compared to
"xenfv", there is no xen-platform device.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Wed, 20 Nov 2013 13:46:41 +0000 (13:46 +0000)]
xen: arm: improve early memory map readability
Purely cosmetic, put a blank line after the early memory map to separate it
from the subsequent information. This looks better since the memory map is
preceded by a blank line too.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
Ian Campbell [Fri, 11 Oct 2013 16:23:18 +0000 (17:23 +0100)]
xen: arm: enable synchronous console while starting secondary CPUs
Setting synchronous console ensures that any printk hits the buffer
immediately and that any outstanding queued log messages are flushed. This
ensures that such log messages are not being printed while the secondary CPU
may be using early_printk during early bringup.
Currently the hardcoded use of GUEST_EVTCHN_PPI is problematic if that is a
real PPI on the platform.
We really need to be smarter about selecting an unused PPI but in the meantime
we can at least give the platform code the option of hardcoding a number which
works for the platform.
Ian Campbell [Thu, 21 Nov 2013 15:55:37 +0000 (15:55 +0000)]
xen: arm: add a quirk to handle platforms with unusual GIC layout
On some platforms the pages are placed at a 64K stride instead of as
contiguous 4K pages.
This is because the ARM64 architecture allows for page sizes of 4/16/64K in
the MMU so a larger stride allow more granular control of mappings. We only
currently support 4K.
Use this quirk on the xgene platform.
This should ideally be fixed by an extension to the device tree bindings as
described in http://www.spinics.net/lists/devicetree/msg10473.html especially
http://www.spinics.net/lists/devicetree/msg10478.html. However for the time
being a platform specific quirk will do.
Note that we always map the GICV to the guest (including dom0) at a 4K stride
length and this is reflected in the DTB passed to the guest.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Julien Grall <julien.grall@linaro.org>
xen: arm64: Add Basic Platform support for APM X-Gene Storm.
This patch adds initial platform stubs for APM X-Gene.
Signed-off-by: Anup Patel <anup.patel@linaro.org> Signed-off-by: Pranavkumar Sawargaonkar <pranavkumar@linaro.org>
Drop earlyprintk (split into earlier patch). Only build on ARM64.
Drop empty init and reset hooks and enable 1:1 workaround.
Mukesh Rathor [Wed, 27 Nov 2013 14:17:02 +0000 (15:17 +0100)]
PVH dom0: iommu related changes
- For now, iommu is required for PVH dom0. Check for that.
- For pvh, we need to do mfn_to_gmfn before calling mapping function
intel_iommu_map_page/amd_iommu_map_page which expects a gfn.
Signed-off-by: Mukesh Rathor <mukesh.rathor@oracle.com> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Feng Wu [Wed, 27 Nov 2013 14:15:43 +0000 (15:15 +0100)]
x86: properly handle MSI-X unmask operation from guests
For a pass-through device with MSI-x capability, when guest tries
to unmask the MSI-x interrupt for the passed through device, xen
doesn't clear the mask bit for MSI-x in hardware in the following
scenario, which will cause network disconnection:
1. Guest masks the MSI-x interrupt
2. Guest updates the address and data for it
3. Guest unmasks the MSI-x interrupt (This is the problematic step)
In the step #3 above, Xen doesn't handle it well. When guest tries
to unmask MSI-X interrupt, it traps to Xen, Xen just returns to Qemu
if it notices that address or data has been modified by guest before,
then Qemu will update Xen with the latest value of address/data by
hypercall. However, in this whole process, the MSI-X interrupt unmask
operation is missing, which means Xen doesn't clear the mask bit in
hardware for the MSI-X interrupt, so it remains disabled, that is why
it loses the network connection.
This patch fixes this issue.
Signed-off-by: Feng Wu <feng.wu@intel.com>
Only latch the address if the guest really is unmasking the entry.
Clean up the entire change.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Wed, 27 Nov 2013 14:13:48 +0000 (15:13 +0100)]
kexec: prevent deadlock on reentry to the crash path
In some cases, such as suffering a queued-invalidation timeout while
performing an iommu_crash_shutdown(), Xen can end up reentering the crash
path. Previously, this would result in a deadlock in one_cpu_only(), as the
test_and_set_bit() would fail.
The crash path is not reentrant, and even if it could be made to be so, it is
almost certain that we would fall over the same reentry condition again.
The new code can distinguish a reentry case from multiple cpus racing down the
crash path. In the case that a reentry is detected, return back out to the
nested panic() call, which will maybe_reboot() on our behalf. This requires a
bit of return plumbing back up to kexec_crash().
While fixing this deadlock, also fix up an minor niggle seen recently from a
XenServer crash report. The report was from a Bank 8 MCE, which had managed
to crash on all cpus at once. The result was a lot of stack traces with cpus
in kexec_common_shutdown(), which was infact the inlined version of
one_cpu_only(). The kexec crash path is not a hotpath, so we can easily
afford to prevent inlining for the sake of clarity in the stack traces.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Update the comment to clarify that libxl_sigchld_owner_libxl_always
implies having only one libxl_ctx, and that
libxl_sigchld_owner_mainloop requires one call to
libxl_childproc_exited per ctx.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com> CC: Keir Fraser <keir@xen.org> CC: Jan Beulich <JBeulich@suse.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com> CC: Keir Fraser <keir@xen.org> CC: Jan Beulich <JBeulich@suse.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
Roger Pau Monne [Fri, 22 Nov 2013 11:54:09 +0000 (12:54 +0100)]
xl: fixes for do_daemonize
Fix usage of CHK_ERRNO in do_daemonize and also remove the usage of a
bogus for(;;).
Coverity-ID: 1130516 and 1130520 Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
Roger Pau Monne [Fri, 22 Nov 2013 11:54:08 +0000 (12:54 +0100)]
libxl: fix fd check in libxl__spawn_local_dm
Checking the logfile_w fd for -1 on failure is no longer true, because
libxl__create_qemu_logfile will now return ERROR_FAIL on failure which
is -3.
While there also add an error check for opening /dev/null.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: Tim Deegan <tim@xen.org>
Use _SEGMENT_* instead of plain numbers and adjust a comment.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Roger Pau Monné [Tue, 26 Nov 2013 08:52:47 +0000 (09:52 +0100)]
x86/pvh: set only minimal cr0 and cr4 flags in order to use paging
Right now Xen sets the WP and NE flags on cr0 for PVH, which are not
needed in order to boot with paging enabled. The same happens with
cr4, at least on my system OSFXSR, OSXMMEXCPT and MCE are enabled by
default when there's no need.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Mukesh Rathor <mukesh.rathor@oracle.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
projects / xen.git / log