flask: Allow initial domain to use XENPF_get_symbol
It looks to be missing in the policy file for the initial
domain. Eventually we may want to extend this access to
non-dom0 domains but for now it certainly dom0-only.
Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Wei Wang [Tue, 6 Oct 2015 15:37:48 +0000 (17:37 +0200)]
x86/cpufreq: add a new driver interface, setpolicy()
In order to better support future Intel processors, intel_pstate
changes to use percentage values to tune P-states. The setpolicy
driver interface is used to configure the intel_pstate internal
policy. The __cpufreq_set_policy needs to be intercepted to use
the setpolicy driver if it exists.
Signed-off-by: Wei Wang <wei.w.wang@intel.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Juergen Gross [Mon, 5 Oct 2015 15:16:38 +0000 (17:16 +0200)]
use masking operation instead of test_bit for CSFLAG bits
Use a bit mask for testing of a set bit instead of test_bit in case no
atomic operation is needed, as this will lead to smaller and more
effective code.
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
Juergen Gross [Fri, 2 Oct 2015 11:44:59 +0000 (13:44 +0200)]
use masking operation instead of test_bit for MCSF bits
Use a bit mask for testing of a set bit instead of test_bit in case no
atomic operation is needed, as this will lead to smaller and more
effective code.
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Juergen Gross [Fri, 2 Oct 2015 11:44:31 +0000 (13:44 +0200)]
use masking operation instead of test_bit for VPF bits
Use a bit mask for testing of a set bit instead of test_bit in case no
atomic operation is needed, as this will lead to smaller and more
effective code.
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Juergen Gross [Fri, 2 Oct 2015 11:44:04 +0000 (13:44 +0200)]
use masking operation instead of test_bit for VGCF bits
Use a bit mask for testing of a set bit instead of test_bit in case no
atomic operation is needed, as this will lead to smaller and more
effective code.
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Juergen Gross [Fri, 2 Oct 2015 11:43:35 +0000 (13:43 +0200)]
use masking operation instead of test_bit for RTDS bits
Use a bit mask for testing of a set bit instead of test_bit in case no
atomic operation is needed, as this will lead to smaller and more
effective code.
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Dario Faggioli <dario.faggioli@citrix.com>
Jan Beulich [Fri, 2 Oct 2015 11:42:01 +0000 (13:42 +0200)]
x86/PoD: shorten certain operations on higher order ranges
Now that p2m->get_entry() always returns a valid order, utilize this
to accelerate some of the operations in PoD code. (There are two uses
of p2m->get_entry() left which don't easily lend themselves to this
optimization.)
Also adjust a few types as needed and remove stale comments from
p2m_pod_cache_add() (to avoid duplicating them yet another time).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com>
Jan Beulich [Fri, 2 Oct 2015 11:41:24 +0000 (13:41 +0200)]
x86/p2m-pt: use pre-calculated IOMMU flags
... instead of recalculating them.
At once clean up formatting of the touched code and drop a stray loop
local variable shadowing a function scope one.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 2 Oct 2015 11:40:36 +0000 (13:40 +0200)]
x86/p2m-pt: tighten conditions of IOMMU mapping updates
Whether the MFN changes does not depend on the new entry being valid
(but solely on the old one), and the need to update or TLB-flush also
depends on permission changes.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com>
Ross Lagerwall [Fri, 2 Oct 2015 11:39:12 +0000 (13:39 +0200)]
x86/EPT: work around hardware erratum setting A bit
Since commit 191b3f3344ee ("p2m/ept: enable PML in p2m-ept for
log-dirty"), the A and D bits of EPT paging entries are set
unconditionally, regardless of whether PML is enabled or not. This
causes a regression in Xen 4.6 on some processors due to Intel Errata
AVR41 -- HVM guests get severe memory corruption when the A bit is set
due to incorrect TLB flushing on mov to cr3. The erratum affects the
Atom C2000 family (Avoton).
To fix, do not set the A bit on this processor family.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Move feature suppression to feature detection code. Add command line
override.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Ian Campbell [Wed, 30 Sep 2015 13:36:03 +0000 (14:36 +0100)]
xen: write a high level description of the sub-arch choices for heap layout
The 3 options which (sub)arches have for the layout of their heaps is
a little subtle (in particular the two CONFIG_SEPARATE_XENHEAP=n
submodes) and can be a bit tricky to derive from the code.
Therefore try and write down some guidance on what the various modes
are.
Note that this is intended more as a high level overview rather than a
detailed guide to the full page allocator interfaces.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com>
xen/arm: Warn when a device tree path will be re-used by Xen
Xen is unconditionally using certain device tree paths to create DOM0
specific node (for instance /psci, /memory and /hypervisor).
Print a warning message on the console to let the user know if we
re-use one of these nodes.
Note that the content of most of those is very common and they
should have already been skipped via the compatible string or type
string. This warning is here to catch unusual device-tree and
compatible string that we may not yet support in Xen.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: Retrieve the correct number of cells when building dom0 DT
The functions dt_n_*_cells return the number of cells for a "reg"
property of a given node. So those numbers won't be correct if the
parent of a given node is passed.
This is fine today because the parent is always the root node which
means there is no upper parent.
Introduce new helpers dt_child_n_*_cells to retrieve the number of
cells for the address and size that can be used to create the "reg"
property of the immediate child of a given parent. Also introduce
dt_child_set_range to pair up with dt_child_n_*_cells.
Use the new helpers when creating the hypervisor and memory node where
we only have the parent in hand. This is because those nodes are created
from scratch by Xen and therefore we don't have a dt_device_node for
them. The only thing we have is a pointer to their future parent.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: gic: Make it clear the GIC node is passed to make_hwdom_dt_node
The callback make_hwdom_dt_node already has the GIC node in parameter.
Rather than using a weird mix between "dt_interrupt_controller" (aliased
to "gic") and "node", rename the callback parameter "node" to "gic" and
remove local GIC definitions in terms of the global
dt_interrupt_interrupt_controller.
Also, add an assert to gic_make_hwdom_dt_node to check that the GIC
really is the global dt_interrupt_controller.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: io: Shorten the name of the fields and clean up
The field names in the IO emulation are really long and use repeatedly
the term handler which make some line cumbersome to read:
mmio_handler->mmio_handler_ops->write_handler
Also take the opportunity to do some clean up:
- Avoid "handler" vs "handle" in register_mmio_handler
- Use a local variable to initialize handler in
register_mmio_handler
- Add a comment explaining the dsb(ish) in register_mmio_handler
- Rename the structure io_handler into vmmio because the io_handler
is in fine handling multiple handlers and the name a the fields was
io_handlers. Also rename the field io_handlers to vmmio
- Rename the field mmio_handler_ops to ops because we are in the
structure mmio_handler to not need to repeat it
- Rename the field mmio_handlers to handlers because we are in the
vmmio structure
- Make it clear that register_mmio_ops is taking an ops and not an
handle
- Clean up local variable to help to understand the code
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
For instance if the region of re-distributor is starting at 0x8d100000
and the stride is 0x30000, an access to the address 0x8d130008 should
be valid and use the re-distributor of vCPU1 with an offset of 0x8.
Although, Xen is returning the vCPU0 and an offset of 0x20008.
I didn't find a way to replace the current computation of the mask with
a valid one. The only solution I have found is to pass the region in
private data of the handler. So we can directly get the offset from the
beginning of the region and find the corresponding vCPU/offset in the
re-distributor.
This is also make the code simpler and avoid fast/slow path.
Free the memory used for the compressed kernel and update the relative
mod->start and mod->size parameters with the uncompressed ones.
To decompress the kernel, allocate memory from dommheap, because freeing
the modules is done by calling init_heap_pages, which frees to domheap.
Map these pages using vmap, because they might not be in the linear 1:1
map.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> CC: ian.campbell@citrix.com Acked-by: Ian Campbell <ian.campbell@citrix.com>
The current gunzip code to decompress the Dom0 kernel is implemented in
inflate.c which is included by bzimage.c.
I am looking to doing the same on ARM64 but there is quite a bit of
boilerplate definitions that I would need to import in order for
inflate.c to work correctly.
Instead of copying/pasting the code from x86/bzimage.c, move those
definitions to a new common file, gunzip.c. Export only perform_gunzip
and gzip_check. Leave output_length where it is.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> CC: andrew.cooper3@citrix.com
Wei Liu [Wed, 30 Sep 2015 14:54:11 +0000 (15:54 +0100)]
libxl: don't shadow global "socket" in psr code
SLES11 and OpenSUSE 11.4 complain:
[ 1227s] libxl_psr.c: In function 'libxl_psr_cat_get_l3_info':
[ 1227s] libxl_psr.c:342: error: declaration of 'socket' shadows a > global declaration
Change "socket" to "socketid" to fix the problem.
Reported-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Chao Peng <chao.p.peng@linux.intel.com> Tested-by: Olaf Hering <olaf@aepfle.de> Acked-by: Ian Campbell <ian.campbell@citrix.com>
A previous version of this patch dealing with support for skipping
the current instruction when a vm_event response requested it
computed the instruction length in the hypervisor, adding non-trivial
code dependencies. This patch allows a userspace vm_event client to
simply request that the guest's EIP is set to an arbitary value,
computed by the introspection application. The registers that can
now be set are EAX-EDX, ESP, EBP, ESI, EDI, R8-R15, EFLAGS, and EIP.
CR0, CR3 and CR4 are not set, as at the time of vm_event_resume()
we can't call hvm_set_cr{0,3,4}() and simply setting
v->arch.hvm_vcpu.guest_cr[{0,3,4}] is unlikely to have the desired
effect. The rest of the vm_event registers are not set because
they're not being filled by hvm_event_fill_regs(), but only by
p2m_vm_event_fill_regs(). Currently x86-only.
The VCPU needs to be paused for this flag to take effect.
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
and of (almost every) direct use of cpupool_online_cpumask().
In fact, what we really want for the most of the times,
is the set of valid pCPUs of the cpupool a certain domain
is part of. Furthermore, in case it's called with a NULL
pool as argument, cpupool_scheduler_cpumask() does more
harm than good, by returning the bitmask of free pCPUs!
This commit, therefore:
* gets rid of cpupool_scheduler_cpumask(), in favour of
cpupool_domain_cpumask(), which makes it more evident
what we are after, and accommodates some sanity checking;
* replaces some of the calls to cpupool_online_cpumask()
with calls to the new functions too.
credit1: fix tickling when it happens from a remote pCPU
especially if that is also from a different cpupool than the
processor of the vCPU that triggered the tickling.
In fact, it is possible that we get as far as calling vcpu_unblock()-->
vcpu_wake()-->csched_vcpu_wake()-->__runq_tickle() for the vCPU 'vc',
but all while running on a pCPU that is different from 'vc->processor'.
For instance, this can happen when an HVM domain runs in a cpupool,
with a different scheduler than the default one, and issues IOREQs
to Dom0, running in Pool-0 with the default scheduler.
In fact, right in this case, the following crash can be observed:
In this case, pCPU 7 is not in Pool-0, while the (Dom0's) vCPU being
woken is. pCPU's 7 pool has a different scheduler than credit, but it
is, however, right from pCPU 7 that we are waking the Dom0's vCPUs.
Therefore, the current code tries to access csched_balance_mask for
pCPU 7, but that is not defined, and hence the Oops.
(Note that, in case the two pools run the same scheduler we see no
Oops, but things are still conceptually wrong.)
Cure things by making the csched_balance_mask macro accept a
parameter for fetching a specific pCPU's mask (instead than always
using smp_processor_id()).
Jan Beulich [Tue, 29 Sep 2015 13:11:28 +0000 (15:11 +0200)]
x86/PoD: shorten certain operations on higher order ranges
Now that p2m->get_entry() always returns a valid order, utilize this
to accelerate some of the operations in PoD code. (There are two uses
of p2m->get_entry() left which don't easily lend themselves to this
optimization.)
Also adjust a few types as needed and remove stale comments from
p2m_pod_cache_add() (to avoid duplicating them yet another time).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com>
Jan Beulich [Tue, 29 Sep 2015 11:54:55 +0000 (13:54 +0200)]
x86/EPT: adjust types in ept_split_super_page()
The function returns a boolean and its current and target level inputs
are unsigned (which in turn allows simplifying the early-out check).
Also convert a non-standard loop variable to an ordinary function scope
one, at once making it unsigned too.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
Elena Ufimtseva [Tue, 29 Sep 2015 11:53:31 +0000 (13:53 +0200)]
PVH Dom0 RMRR IOMMU mapping regression fix
This patch addresses a regression introduced by commit 5ae03990c120a7b3067a52d9784c9aa72c0705a6 in new set_identity_p2m_entry.
RMRRs are not being mapped in IOMMU for PVH Dom0. This causes pages faults and
some long 'hang-like' delays during Dom0 PVH boot and device assignments.
During construct_dom0, in PVH path p2m is being constructed and identity mapped
in IOMMU. The p2m type is p2m_mmio_direct and p2m access p2m_rwx.
New code used to map RMRRs invoked from rmrr_identity_mapping
checks if p2m entry exists with same type and access and if yes, skips iommu
mapping. Since there are p2m entries for pvh dom0 iomem, RMRRs are not being
mapped in IOMMU.
As was mentioned in the earlier discussion, the PVH Dom0 construction code
should be modified to properly map RMRR regions in IOMMU. Since change will be
too invasive, this solution is a temporary fix at this time before better
solution is in. Also as Jan mentioned, there is no need in having 'x' permissions
for p2m entry of a mmio region, thus changed here.
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Section 'IGNORED FOR COMPATIBILITY WITH XM' separates 'CACHE MONITORING
TECHNOLOGY' and 'CACHE ALLOCATION TECHNOLOGY' but they really should be
put together.
Drop the chapter number as it can be confusing when it gets changed in
the referred document.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
[ ijc -- dropped hunk changing URL to specific revision, this is not
needed now that the references do not include a specific
chapter number ]
tools/libxl: return socket id from libxl_psr_cat_get_l3_info
The entries returned from libxl_psr_cat_get_l3_info are assumed
to be socket-continuous. But this is not true in the hotplug case.
This patch gets the socket bitmap for all the sockets on the system
first and stores the socket id in the structure libxl_psr_cat_info in
libxl_psr_cat_get_l3_info. The xl or similar consumers then can display
socket information correctly.
When displaying the CMT information for all the sockets, we assume socket
number is continuous. This is not true in the hotplug case. For instance,
when the 3rd socket is plugged out on a 4-socket system, the available
sockets numbers are 1,2,4 but current we will display the CMT
information for socket 1,2,3.
The fix is getting the socket bitmap for all the sockets on the system
first and then displaying CMT information for_each_set_bit in that bitmap.
fine grained control of REP emulation optimizations
Previously, if vm_event emulation support was enabled, then REP
optimizations were disabled when emulating REP-compatible
instructions. This patch allows fine-tuning of this behaviour by
providing a dedicated libxc helper function.
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
cleanup domain builder declarations and related users
There are several unused function and structure declarations in the
hypervisor related to domain building. Remove them.
Use an enum for elf_dom_parms.pae instead of just hard coding the
values when setting the information and adjust the code to use those
instead of own macros (hypervisor and tools).
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Quan Xu [Fri, 25 Sep 2015 16:03:04 +0000 (18:03 +0200)]
vt-d: fix IM bit unmask of Fault Event Control Register in init_vtd_hw()
Bit 0:29 in Fault Event Control Register are 'Reserved and Preserved',
software cannot write 0 to it unconditionally. Software must preserve
the value read for writes.
Suggested-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Quan Xu <quan.xu@intel.com>
Although we already have 'gfx_passthru' in b_info, this doesn't suffice
after we want to handle IGD specifically. Now we define a new field of
type, gfx_passthru_kind, to indicate we're trying to pass IGD. Actually
this means we can benefit this to support other specific devices just
by extending gfx_passthru_kind. And then we can cooperate with
gfx_passthru to address IGD cases as follows:
gfx_passthru = 0 => sets build_info.u.gfx_passthru to false
gfx_passthru = 1 => sets build_info.u.gfx_passthru to true and
build_info.u.gfx_passthru_kind to DEFAULT
gfx_passthru = "igd" => sets build_info.u.gfx_passthru to true
and build_info.u.gfx_passthru_kind to IGD
Here if gfx_passthru_kind = DEFAULT, we will call
libxl__is_igd_vga_passthru() to check if we're hitting that table to need
to pass that option to qemu. But if gfx_passthru_kind = "igd" we always
force to pass that.
And "-gfx_passthru" is just introduced to work for qemu-xen-traditional
so we should get this away from libxl__build_device_model_args_new() in
the case of qemu upstream.
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
While working with qemu, IGD is a specific device in the case of pass through
so we need to identify that to handle more later. Here we define a table to
record all IGD types currently we can support. Also we need to introduce two
helper functions to get vendor and device ids to lookup that table.
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Quan Xu [Fri, 25 Sep 2015 07:08:22 +0000 (09:08 +0200)]
vt-d: fix IM bit mask and unmask of Fault Event Control Register
Bit 0:29 in Fault Event Control Register are 'Reserved and Preserved',
software cannot write 0 to it unconditionally. Software must preserve
the value read for writes.
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Yang Zhang <yang.z.zhang@intel.com>
Andrew Cooper [Fri, 25 Sep 2015 07:06:34 +0000 (09:06 +0200)]
keyhandler: rework keyhandler infrastructure
struct keyhandler does not contain much information, and requires a lot
of boilerplate to use. It is far more convenient to have
register_keyhandler() take each piece of information a parameter,
especially when introducing temporary debugging keyhandlers.
This in turn allows struct keyhandler itself to become private to
keyhandler.c and for the key_table to become more efficient.
key_table doesn't need to contain 256 entries; all keys are ASCII which
limits them to 7 bits of index, rather than 8. It can also become a
straight array, rather than an array of pointers. The overall effect of
this is the key_table grows in size by 50%, but there are no longer
24-byte keyhandler structures all over the data section.
All of the key_table entries in keyhandler.c can be initialised at
compile time rather than runtime.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Fri, 25 Sep 2015 07:05:29 +0000 (09:05 +0200)]
x86/PV: properly populate descriptor tables
Us extending the GDT limit past the Xen descriptors so far meant that
guests (including user mode programs) accessing any descriptor table
slot above the original OS'es limit but below the first Xen descriptor
caused a #PF, converted to a #GP in our #PF handler. Which is quite
different from the native behavior, where some of such accesses (LAR
and LSL) don't fault. Mimic that behavior by mapping a blank page into
unused slots.
While not strictly required, treat the LDT the same for consistency.
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Mike Belopuhov [Fri, 25 Sep 2015 07:04:24 +0000 (09:04 +0200)]
add missing license and copyright statements to public interface headers
The copyright line indicates a person, a group of people and/or a company
granting rights stated in the license text and is a required part of the
license.
The year of the copyright is chosen to be the same as when the license has
been applied to the file or when the file has been created in case there
was no license. It is possible to update or add additional years if major
changes have been done to the the file, but is generally not a requirement.
Signed-off-by: Mike Belopuhov <mike.belopuhov@esdenera.com>
PDX-es are 64 bits wide in that case, and hence no limit needs to be
enforced.
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
xen/arm: gic-v3: Clean-up the GIC*_PIDR2_* definitions
GICR_PIDR2 and GICD_PIDR2 use the same register layout. Rather than
define twice, one of which is an alias to the other, introduce GIC_PIDR2_*
defines.
Also:
* Use the same prefix for the mask and the value
* Integrate the shift in the value to avoid shifting in the code
* Use GICv* to match the value name in the spec
* Move them in a proper place
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Use existing create/restore path to perform 'soft reset' for HVM
domains. Tear everything down, e.g. destroy domain's device model,
remove the domain from xenstore, save toolstack record and start
over.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
libxl: fix the cleanup of the backend path when using driver domains
With the current libxl implementation the control domain will remove both
the frontend and the backend xenstore paths of a device that's handled by a
driver domain. This is incorrect, since the driver domain possibly needs to
access the backend path in order to perform the disconnection and cleanup of
the device.
Fix this by making sure the control domain only cleans the frontend path,
leaving the backend path to be cleaned by the driver domain. Note that if
the device is not handled by a driver domain the control domain will perform
the removal of both the frontend and the backend paths.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Reported-by: Alex Velazquez <alex.j.velazquez@gmail.com> Cc: Alex Velazquez <alex.j.velazquez@gmail.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
The current flow of the devd helper (in charge of launching hotplug scripts
inside of driver domains) is to wait for the device backend to switch to
state 6 (XenbusStateClosed) and then remove it. This is not correct, since
a domain can reconnect it's PV devices as many times as it wants.
In order to fix this, introduce the following logic: the control domain will
set the "online" backend node to 0 when it wants the driver domain to
disconnect the device, so now the condition applied in devd is that "state"
must be 6 and "online" 0 in order to proceed with the disconnection.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reported-by: Alex Velazquez <alex.j.velazquez@gmail.com> Cc: Alex Velazquez <alex.j.velazquez@gmail.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: vgic: Correctly emulate write when byte is used
When a guest is writing a byte, the value will be located in bits[7:0]
of the register.
Although the current implementation is expecting the byte at the Nth
byte of the register where N = address & 4;
When the address is not 4-byte aligned, the corresponding byte in the
internal state will always be set to zero rather.
Note that byte access are only used for GICD_IPRIORITYR and
GICD_ITARGETSR. So the worst things that could happen is not setting the
priority correctly and ignore the target vCPU written.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andrew Cooper [Wed, 23 Sep 2015 09:16:51 +0000 (11:16 +0200)]
x86/hvm: fold opt_hap_{2mb,1gb} into hap_capabilities
This allows all runtime users to simply check hap_has_{2mb,1gb} rather than
having to check opt_hap_{2mb,1gb} as well.
As a result, opt_hap_{2mb,1gb} can move into __initdata.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
Andrew Cooper [Wed, 23 Sep 2015 09:16:08 +0000 (11:16 +0200)]
x86/hvm: refine hap_has_{2mb,1gb} checks
HAP superpages are a host property and not dependent on domain configuration.
Drop the domain paramter (which was only used in one of the two callsites),
and drop the redundant hvm_ prefix to mirror the cpu_has_* style of feature
detection.
Finally, convert the checks to being proper booleans rather than just non-zero
integers.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
Jan Beulich [Wed, 23 Sep 2015 09:14:05 +0000 (11:14 +0200)]
x86/p2m: add PoD accounting to set_typed_p2m_entry()
While neither PoD together with pass-through nor PVH are currently
supported we still shouldn't leave in place such latent issues.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Tim Deegan <tim@xen.org> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
xen/xsm: Make p->policyvers be a local variable (ver) to shut up GCC 5.1.1 warnings.
policydb.c: In function ‘user_read’:
policydb.c:1443:26: error: ‘buf[2]’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
usrdatum->bounds = le32_to_cpu(buf[2]);
^
cc1: all warnings being treated as errors
Which (as Andrew mentioned) is because GCC cannot assume
that 'p->policyvers' has the same value between checks.
We make it local, optimize the name to 'ver' and the warnings go away.
We also update another call site with this modification to
make it more inline with the rest of the functions.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Andrew Cooper [Tue, 22 Sep 2015 10:42:21 +0000 (12:42 +0200)]
improve x86's alloc_vcpu_guest_context()
This essentially reverts c/s 2037f2adb "x86: introduce
alloc_vcpu_guest_context()", including the newer arm bits, but achieves
the same end goal by using the newer vmalloc() infrastructure.
For both x86 and ARM, {alloc,free}_vcpu_guest_context() become arch-local
static inlines (which avoids a call into a separate translation),
and removes an x86 scalability limit when compiling with a large NR_CPUS.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
tools/libxc: arm: Check the index before accessing the bank
When creating a guest with more than 3GB of memory, the 2 banks will be
used and the loop with overrunning. The code will fail later on because
Xen will deny to populate the region:
This is because we are currently accessing the bank before checking the
validity of the index. AFAICT, on Debian Jessie, the compiler (gcc 4.9.2) is
assuming that it's not necessary to verify the index because it's used
before. This is a valid assumption because the operand of && are
execute from from left to right.
Re-order the checks to verify the validity of the index before accessing
the bank.
The problem has been present since the introduction of the multi-bank
feature in commit 45d9867837f099e9eed4189dac5ed39d1fe2ed49 " tools: arm:
prepare domain builder for multiple banks of guest RAM".
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: vgic-v2: Map the GIC virtual CPU interface with the correct size
On GICv2, the GIC virtual CPU interface is at minimum 8KB. Due some to
some necessary quirk for GIC using 64KB stride, we are mapping the
region in 2 time.
The first mapping is 4KB and the second one is 8KB, i.e 12KB in total.
Although the minimum supported size (and widely used) is 8KB. This means
that we are mapping 4KB more to any guest using GICv2.
While this looks scary at first glance, the GIC virtual CPU interface is
most frequently at the end the GIC I/O region. So we will most likely
map an an unused I/O region or a mirrored version of GICV for platform
using 64KB stride.
Nonetheless, fix the second mapping to only map 4KB.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
The current libxl code doesn't deal with read-only drives at all.
Upstream QEMU and qemu-xen only support read-only cdrom drives: make
sure to specify "readonly=on" for cdrom drives and return error in case
the user requested a non-cdrom read-only drive.
This is XSA-142, discovered by Lin Liu
(https://bugzilla.redhat.com/show_bug.cgi?id=1257893).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
tools/xen-mceinj: Pass in GPA when injecting through MSR_MCI_ADDR
This patch removes the address translation in xen-mceinj which
translates the guest physical address passed-in through the argument of
'-p' to the host machine address. Instead, xen-mceinj now passes a flag
MC_MSRINJ_F_GPADDR to ask do_mca() in the hypervisor to do this
translation.
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Christoph Egger <chegger@amazon.de> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
x86/mce: translate passed-in GPA to host machine address
This patch adds a new flag MC_MSRINJ_F_GPADDR to
xen_mc_msrinject.mcinj_flags, and makes do_mca() to translate the
guest physical address passed-in through
xen_mc_msrinject.mcinj_msr[i].value to the host machine address if
this flag is present.
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Acked-by: Christoph Egger <chegger@amazon.de>
Andrew Cooper [Wed, 16 Sep 2015 09:22:00 +0000 (11:22 +0200)]
x86/sysctl: don't clobber memory if NCAPINTS > ARRAY_SIZE(pi->hw_cap)
There is no current problem, as both NCAPINTS and pi->hw_cap are 8 entries,
but the limit should be calculated appropriately so as to avoid hypervisor
stack corruption if the two do get out of sync.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Since commit 3848058e7dd6 (vtd/iommu: permit group devices to
passthrough in relaxed mode) is introduced, we always print
message as XENLOG_G_WARNING but its not correct in the case of
strict mode. So here is making this message depending on the
specific mode.
Signed-off-by: Tiejun Chen <tiejun.chen@intel.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
David Vrabel [Mon, 3 Aug 2015 11:29:19 +0000 (12:29 +0100)]
arm: reduce power use by contented spin locks with WFE/SEV
Instead of cpu_relax() while spinning and observing the ticket head,
introduce arch_lock_relax() which executes a WFE instruction. After
the ticket head is changed call arch_lock_signal() to execute an SEV
instruction (with the required DSB first) to wake any spinners.
This should improve power consumption when locks are contented and
spinning.
For consistency also move arch_lock_(acquire|release)_barrier to
asm/spinlock.h.
Booted the result on arm32 (Midway) and arm64 (Mustang). Build test
only on amd64.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
[ijc: add barrier, rename as arch_lock_*, move arch_lock_*_barrier, test] Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
projects / people / liuw / libxenctrl-split / xen.git / log