Andrew Cooper [Thu, 10 May 2012 10:04:32 +0000 (11:04 +0100)]
x86_64: Fix off-by-one error setting up the Interrupt Stack Tables
The Interrupt Stack Table entries in a 64bit TSS are a 1 based data
structure as far as hardware is concerned. As a result, the code
setting up stacks in subarch_percpu_traps_init() fills in the wrong
IST entries.
The result is that the MCE handler executes on the stack set up for
NMIs; the NMI handler executes on a stack set up for Double Faults,
and Double Faults are executed with a stack pointer set to 0.
Once the #DF handler starts to execute, it will usually take a page
fault looking up the address at 0xfffffffffffffff8, which will cause a
triple fault. If a guest has mapped a page in that location, then it
will have some state overwritten, but as the #DF handler always calls
panic(), this is not a problem the guest will have time to care about.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
Liu, Jinsong [Tue, 8 May 2012 11:36:24 +0000 (13:36 +0200)]
fix vmce MCi_ADDR/MCi_MISC wrmsr bug
This patch fixes a bug related to wrmsr vmce MCi_ADDR/MCi_MISC
registers, since they are not read-only.
Intel SDM recommanded os mce driver clear MCi_ADDR/MCi_MISC, so guest
MCE driver may clear MCi_ADDR/MCi_MISC registers. In such case, old
vmce wrmsr logic would generate a #GP fault in guest MCE context,
causing the guest to crash.
When wrmsr MCi_ADDR/MCi_MISC, writing all 1s will cause #GP.
Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Committed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Tue, 8 May 2012 11:34:14 +0000 (13:34 +0200)]
ns16550: adjust suspend/resume logic
- no need to read BAR during suspend
- command register is 16-bits rather than 32
- BAR and command register must be restored before trying to access
the device
- use ps_bdf[] for storing the device coordinates (pb_bdf[] is used to
store the bridge's ones)
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org>
Frediano Ziglio [Mon, 7 May 2012 12:38:57 +0000 (13:38 +0100)]
vgabios: Check if mode is currently supported as vesa specifications
Vesa specification require that mode information return if a given
mode is supported or not so test if we can support it checking
required memory and set correctly supported bit.
Informations are stored in a structure that is smaller than final one.
Previous code copy this structure to stack extending with zeroes then
update it and copy to caller while now the not-extended version is
copied into stack and then is extended during copy reducing stack
usage.
Frediano Ziglio [Mon, 7 May 2012 12:37:10 +0000 (13:37 +0100)]
vgabios: Fix size computation overflow
Remove an overflow computing width x height x bit which does
not fit into a 16 bits. I wrote a routine to multiple these value
and get the size required for framebuffer in segment unit (64k).
Andrew Cooper [Mon, 7 May 2012 12:32:28 +0000 (13:32 +0100)]
kexec: clear notes during setup
Explicity zero the memory backing the crash notes during setup.
This allows the crash environment to be rather more certain whether
the crash notes were actually written, rather than trusting that the
memory was clear beforehand.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
x86/mem_sharing: For shared pages with many references, use a hash table
For shared frames that have many references, the doubly-linked list used to
store the rmap results in costly scans during unshare operations. To alleviate
the overhead, replace the linked list by a hash table. However, hash tables are
space-intensive, so only use them for pages that have "many" (arbitrary
threshold) references.
Unsharing is heaviliy exercised during domain destroy. In experimental testing,
for a domain that points over 100 thousand pages to the same shared frame,
domain destruction dropped from over 7 minutes(!) to less than two seconds.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
x86/mem_sharing: modularize reverse map for shared frames
Each shared frame maintains a reverse map of <domain, gfn> tuples, so we know
which tuples this shared frame is backing. This is useful for auditing and
sanity-checking, and necessary to update all relevant p2m entries when sharing.
The reverse map is maintained as a doubly linked list, but the interface is
open-coded throughout the mem_sharing.c subsystem. Bury it inside a level of
abstraction, so it can later support different (more scalable) rmap
implementations.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
x86/mem_sharing: Fix saved mfns stat for failed unsharing
If unsharing fails, the decrease of the nr_saved_mfns stat was not being
undone. This would result in an underflow of the stat, as the retry would later
decrease the counter again.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
Tim Deegan [Thu, 26 Apr 2012 09:03:08 +0000 (10:03 +0100)]
x86/mm/shadow: don't use locking p2m lookups with the paging lock held.
The existing interlock between shadow and p2m (where p2m table updates
are done under the paging lock) keeps us safe from the p2m changing
under our feet, and using the locking lookups is a violation of the
locking discipline (which says always to take the p2m lock first).
Signed-off-by: Tim Deegan <tim@xen.org> Acked-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Committed-by: Tim Deegan <tim@xen.org>
Jan Beulich [Wed, 25 Apr 2012 12:54:36 +0000 (13:54 +0100)]
vvmx: fix instruction decode segment limit check
- no limit check for 64-bit mode (and GS: is not special in any way)
- limit check is needed in compatibility mode
- canonical address check should instead be performed for 64-bit mode
- the last accessed byte must be within limits, not the first byte
- past the accessed range
- segment base address should be ignored for 64-bit mode unless FS: or
GS: is in use
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Keir Fraser <keir@xen.org>
libxl, configure: print a warning if flex/bison are needed
This patch adds better support for both Flex and Bison, which might
be needed to compile libxl. Now configure script sets BISON and FLEX
Makefile vars if bison and flex are found, but doesn't complain if
they are not found.
Also, added some Makefile soccery to print a warning message if
Bison or Flex are needed but not found.
[ Improved the warning message slightly. -iwj ]
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
libxl: set domain scheduling parameters while creating the domU
the domain specific scheduling parameters like cpu_weight, cap, slice, ...
will be set during creating the domain, so this parameters can be defined
in the domain config file
[ Improved the documentation wording slightly. -iwj ]
Signed-off-by: Dieter Bloms <dieter@bloms.de> Acked-by: Ian Campbell <Ian.Campbell@citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
x86-64: Fix memory hotplug epfn upper limit test for updating the compat M2P table
The epfn is being compared to (RDWR_COMPAT_MPT_VIRT_END -
RDWR_COMPAT_MPT_VIRT_START) without a 2 bit shift, resulting in the
epfn being compared to the size of the RDWR_COMPAT_MPT table in bytes
instead of the maximum page frame number that the RDWR_COMPAT_MPT
table can map.
Signed-off-by: Malcolm Crossley <malcolm.crossley@citrix.com> Committed-by: Jan Beulich <jbeulich@suse.com>
Ian Campbell [Wed, 25 Apr 2012 10:35:42 +0000 (11:35 +0100)]
libxl: use libxl_domain_config_init and not memset 0
I missed a couple of memsets in 25237:31489be80c51, we need to use
libxl_domain_config_init everywhere and not memset since not all fields are
initialised to zero now (the type field in particular). This fixes an abort
with "xl list <dom>" for a specific domain due to assert(type == -1) in
libxl_domain_build_info_init_type().
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Christoph Egger [Wed, 25 Apr 2012 10:21:25 +0000 (11:21 +0100)]
tools/firmware: pass PYTHON as an env var to sub-makes in this subtree
This fixes the Seabios build on platforms where just "python" is not
correct, which includes NetBSD.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
libxl: passthrough: avoid passing through devices not owned by pciback
This patch makes sure the passthrough device belongs to pciback before
allow them passthrough to the guest. There are still many other
checks missing.
xm terminates the guest startup process when this type of condition is
found. This patch just allows the guest to continue to boot but with
no device passthrough.
Signed-off-by: Allen Kay <allen.m.kay@intel.com> Signed-off-by: Xudong Hao <xudong.hao@intel.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
George Dunlap [Tue, 24 Apr 2012 17:51:56 +0000 (18:51 +0100)]
[v2] xl: Don't require a config file for cpupools
Since the key information can be fairly simply put on the command-line,
there's no need to require an actual config file.
Also improve the help to cross-reference the xlcpupool.cfg manpage.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
George Dunlap [Tue, 24 Apr 2012 17:51:56 +0000 (18:51 +0100)]
xl, cpupools: Create empty pool if no cpus are specified
Currently, if "xl cpupool-create" is called with no cpus configured,
xl will choose a cpu at random from the list of unassigned cpus, and
if no unassigned cpus are available, it will fail.
This seems to me to be a poor interface. For one, it makes it impossible
to create an empty cpupool using the xl command-line, except by creating
a pool and then removing the cpus from it. For two, I don't think assigning
a random cpu is a feature; it's not unreasonable for the user to specify
which cpus to add to which pools.
This patch changes the behavior of "xl cpupool-create" to create an empty
pool if no cpus are specified. I believe this interface to be more expected
and more script-friendly.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Campbell [Thu, 12 Apr 2012 08:12:58 +0000 (09:12 +0100)]
libxl: make most libxl_FOO_path() functions internal.
Only libxl_xen_config_dir_path and libxl_lock_dir_path are used outside the
library. Also bindir, sbindir, sharedir and xenpagingdir appeared to be
completely unused so nuke them.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Campbell [Tue, 24 Apr 2012 17:40:15 +0000 (18:40 +0100)]
libxl: mark internal functions hidden
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
distclean removed config/Tools.mk which was needed by tools/Rules.mk, thus
preventing distclean from running properly in the tools directory. This patch
only enforces config/Tools.mk presence when not performing a clean/distclean
target
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com> Cc: George Dunlap <george.dunlap@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
tools: xen-access: Check return values and clean up on errors during init
Check the return values of the libxc mem_access calls. Free allocated
structures (platform_info, domain_info) on errors during
initialization and exit. Unbind VIRQ, close event channel and
connection to Xen on errors during initialization
Signed-off-by: Aravindh Puthiyaparambil <aravindh@virtuata.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Christoph Egger [Tue, 24 Apr 2012 17:16:30 +0000 (18:16 +0100)]
tools/blktap: fix build error w/o MEMSHR
Do not include memshr.h when MEMSHR is not defined.
Fixes build error when MEMSHR is disabled.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
I think the tmem_destroy functionality pre-dates the
existence of tmem "freeable" memory* and was a way for
a toolset to force the hypervisor to free up the hypervisor
memory used by some or all ephemeral tmem pools. Once the
tmem allocation/free process was directly linked into
alloc_heap_pages() in the hypervisor (see call to
tmem_relinquish_pages()), this forcing function was
no longer needed.
So, bottom line, I *think* it can be ripped out, or at least
for now removed from the definition of the stable xl API/UI.
The libxl.c routine libxl_tmem_destroy() could also be
removed if you like, but I guess I'd prefer to leave the
lower level droppings in xc.c and in the hypervisor in case
I am misremembering.
Accordingly remove this interface from libxl and xl but don't touch libxc or
the hypervisor.
This is the only libxl_tmem_* function which might potentially have required
conversion to be asynchronous and which therefore might have been a potential
API stability concern.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson.citrix.com> Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com>
autoconf: add ovmf, rombios and seabios and configure options
Move this hardcoded options from Config.mk to config/Tools.mk and add the
appropiate configure options.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
This test script runs "xl -N network-attach 0 <foobar>" against various
rate syntax and checks that the output is as expected.
[ Added entries to .hgignore and .gitignore for tools/libxl/tmp.* -iwj ]
Signed-off-by: Mathieu Gagne <mgagne@iweb.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
The `rate` keyword specifies the rate at which the outgoing traffic
will be limited to. The default if this keyword is not specified
is unlimited.
The `rate` keyword supports an optional replenishment interval
parameter for specifying the granularity of credit replenishment.
It determines the frequency at which the vif transmission credit
is replenished. The default interval is 50ms.
For example:
'rate=10Mb/s'
'rate=250KB/s'
'rate=1MB/s@20ms'
Signed-off-by: Mathieu Gagne <mgagne@iweb.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
qemu-xen offers better disk performances than qemu-xen-traditional
because it supports Linux native AIO: use it for PV guests if it is
available.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
libxc: Replace alloca() with mmap() for large array sizes
Replace alloca() with mmap() for array sizes greater than a page in
xc_linux_osdep.c.
When mapping in large amounts of pages (in the GB range) from a guest
in to Dom0 using xc_map_foreign_bulk(), a segfault occurs in the libxc
client application. This is because the pfn array in
linux_privcmd_map_foreign_bulk() is being allocated using alloca() and
the subsequent memcpy causes the stack to blow. This patch replaces
the alloca() with mmap() for pfn array sizes greater than a page.
Fix an error print with the correct function name.
Do the same for the map array in linux_gnttab_grant_map()
Signed-off-by: Aravindh Puthiyaparambil <aravindh@virtuata.com> Acked-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
vmx: Allow software (user defined) interrupts to be injected in to the guest
If xc_hvm_inject_trap() is called on a software (user defined)
interrupt, it causes the guest to crash with a vmentry failure. The
following patch fixes this issue.
Tim Deegan [Wed, 18 Apr 2012 15:43:13 +0000 (16:43 +0100)]
x86/mm: BUG() rather than panic() on mm lock order violations
That gives us a backtrace showing where the bad lock happens.
Reported-by: Andres Lagar-Cavilla <andres@lagarcavilla.org Signed-off-by: Tim Deegan <tim@xen.org> Acked-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Committed-by: Tim Deegan <tim@xen.org>
x86/mm/sharing: Clean ups for relinquishing shared pages on destroy
When a domain is destroyed, its pages are freed in relinquish_resources in a
preemptible mode, in the context of a synchronous domctl.
P2m entries pointing to shared pages are, however, released during p2m cleanup
in an RCU callback, and in non-preemptible mode.
This is an O(n) operation for a very large n, which may include actually
freeing shared pages for which the domain is the last holder.
To improve responsiveness, move this operation to the preemtible portion of
domain destruction, during the synchronous domain_kill hypercall. And remove
the bulk of the work from the RCU callback.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
When xc_hvm_set_mem_access(xch, domain_id, default_access, ~0ull, 0)
is called, first_pfn=~0ull is a hint to HVMOP_set_mem_access as to
what the default mem_access type is for the domain. This call was
failing because it was gated by the memory range check in the
HVMOP_set_mem_access case statement in do_hvm_op(). The following
patch fixes this issue.
Anthony PERARD [Tue, 17 Apr 2012 17:22:49 +0000 (18:22 +0100)]
libxl: Query VNC listening port through QMP
Currently `xl vncviewer $dom` does not work because the VNC port is not
registered in xenstore when using qemu-upstream. This patch attempted to fix
this.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Olaf Hering [Tue, 17 Apr 2012 17:18:49 +0000 (18:18 +0100)]
tools/libvchan: Remove unwanted debugging code
-O2 -Wall -Werror triggers these warnings:
io.c: In function 'do_send':
io.c:196: warning: ignoring return value of 'writev', declared with attribute warn_unused_result
io.c: In function 'do_recv':
io.c:287: warning: ignoring return value of 'writev', declared with attribute warn_unused_result
writev to -1 will always fail, silence the warning by removing the offending
(disabled) debug code.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Jan Beulich [Tue, 17 Apr 2012 13:37:05 +0000 (15:37 +0200)]
x86: suppress warning messages on IO-APIC-less systems
Each call to mp_register_gsi() so far produced two warnings (about not
being able to find the corresponding IO-APIC pin).
However, we should use the provided information for setting the ELCR
correctly (we might want to even do this when there is an IO-APIC, if
was absolutely certain that all machines really have this register
[and specifically not some other device at the two I/O ports in
question]). It is in any case questionable that we allow Dom0 to set
this register - it could particularly be the interrupt of a plug-in
serial port card that might not work due to this. The problem is that
all Dom0 kernels to date do so, hence we can't simply #GP on such an
access (which would be the result if we disallowed access to the port
as we should have done from the beginning).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org>
x86/ioapic: Add register level checks to detect bogus io-apic entries
With the recent changes to clear_IO_APIC_pin() which tries to
clear remoteIRR bit explicitly, some of the users started to see
"Unable to reset IRR for apic .." messages.
Close look shows that these are related to bogus IO-APIC entries
which returns all 1s for their io-apic registers. And the
above mentioned error messages are benign. But kernel should
have ignored such io-apic's in the first place.
Check if register 0, 1, 2 of the listed io-apic are all 1s and
ignore such io-apic.
[original Linux patch:] Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org> Committed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Tue, 17 Apr 2012 13:33:53 +0000 (15:33 +0200)]
x86-64: fix #GP generation in assembly code
When guest use of sysenter (64-bit PV guest) or syscall (32-bit PV
guest) gets converted into a GP fault (due to no callback having got
registered), we must
- honor the GP fault handler's request the keep enabled or mask event
delivery
- not allow TBF_EXCEPTION to remain set past the generation of the
(guest) exception in the vCPU's trap_bounce.flags, as that would
otherwise allow for the next exception occurring in guest mode,
should it happen to get handled in Xen itself, to nevertheless get
bounced to the guest kernel.
Also, just like compat mode syscall handling already did, native mode
sysenter handling should, when converting to #GP, subtract 2 from the
RIP present in the frame so that the guest's GP fault handler would
see the fault pointing to the offending instruction instead of past it.
Finally, since those exception generating code blocks needed to be
modified anyway, convert them to make use of UNLIKELY_{START,END}().
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org>
Jan Beulich [Tue, 17 Apr 2012 13:05:05 +0000 (15:05 +0200)]
gnttab: remove pointless NULL check
Domains in the domain hash (and hence locatable via the usual lookup
functions) can't have a NULL grant table pointer; no other function
performs such a check, so remove it from gnttab_prepare_for_transfer()
for consistency.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Tue, 17 Apr 2012 07:31:07 +0000 (08:31 +0100)]
xsm/flask: clean up auditing output
The audit data for normal MMU updates was incorrectly using the RANGE
type which presented the data badly in audit messages; add a MEMORY
type for this showing the correct names for the fields. This patch
also shows the target domain in event channel mapping checks to make
debugging those denials easier.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
Fix save/restore of guest PAT table in HAP paging mode.
HAP paging mode guests use direct MSR read/write into the VMCS/VMCB
for the guest PAT table, while the current save/restore code was
accessing only the pat_cr field in hvm_vcpu, used when intercepting
the MSR mostly in shadow mode (the Intel scenario is a bit more
complicated). This patch fixes this issue creating a new couple of
hvm_funcs, get/set_guest_pat, that access the right PAT table based on
the paging mode and guest configuration.
Wei Wang [Mon, 16 Apr 2012 11:05:28 +0000 (13:05 +0200)]
x86/cpuidle: do not flush cache unless entering C3
Nor is there a need to disable bus master arbitration in that case.
Signed-off-by: Wei Wang <wei.wang2@amd.com> Modified-by: Zhang, Yang Z <yang.z.zhang@intel.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Committed-by: Jan Beulich <jbeulich@suse.com>
George Dunlap [Fri, 13 Apr 2012 16:13:01 +0000 (17:13 +0100)]
tools: Revert c/s 25150:b490ef93bad7 tools/libfsimage: include Rules.mk first
tools/libfsimage/Rules.mk relies on having certain variables set already; if
they're not set, the definitions dont' work right. The result was a bunch
of empty files and pygrub failing with an uninformative error message.
It's likely that this didn't cause anyone problems becasue changing the
Makefiles didn't cause a re-build; building from a fresh repo results in
completely empty filesystem plugin binaries.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
George Dunlap [Thu, 12 Apr 2012 13:01:27 +0000 (14:01 +0100)]
xen: Fix failure paths for xentrace
Problems this addresses:
* After the allocation of t_info fails, the path the code takes tries
to free t_info. Jump past that part instead.
* The failure code assumes that unused data is zero; but the structure
is never initialized. Zero the structure before using it.
* The t_info pages are shared with dom0 before we know that the whole
operation will succeed, and not un-shared afterwards. Don't share the
pages until we know the whole thing will succeed.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Committed-by: Keir Fraser <keir@xen.org>
David Vrabel [Wed, 11 Apr 2012 15:49:45 +0000 (16:49 +0100)]
x86: fix delta calculation in TSC deadline timer emulation
In the virtual LAPIC, correct the delta calculation when emulating the
TSC deadline timer.
Without this fix, XenServer (which is based on Xen 4.1) does not work
when running as an HVM guest. dom0 fails to boot because its timer
interrupts are very delayed (by several minutes in some cases).
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Committed-by: Keir Fraser <keir@xen.org>
Ian Jackson [Wed, 11 Apr 2012 13:14:18 +0000 (14:14 +0100)]
libxl: provide STATE_AO_GC
Provide a convenience macro for use in ao callback functions, and
document that it should be used.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:18 +0000 (14:14 +0100)]
libxl: Protect fds with CLOEXEC even with forking threads
We introduce a new "carefd" concept, which relates to fds that we care
about not being inherited by long-lived children.
As yet we do not use this anywhere in libxl. Until all locations in
libxl which make such fds are converted, libxl__postfork may not work
entirely properly. If these locations do not use O_CLOEXEC (or use
calls for which there is no O_CLOEXEC) then multithreaded programs may
not work properly.
This introduces a new API call libxl_postfork_child_noexec which must
be called by applications which make long-running non-execing
children. Add the appropriate call to xl's postfork function.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Introduce definition and use of a new function-local macro REQUIRE_FDS
to avoid repeatedly spelling out which fds we are interested in.
We are going to introduce a new fd for the SIGCHLD self-pipe.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:17 +0000 (14:14 +0100)]
libxl: abolish libxl_ctx_postfork
libxl's task has become too complicated (particularly in the presence
of both forking and multithreading) to support reuse of the same
libxl_ctx after fork.
So abolish libxl_ctx_fork. xl instead simply initialises a new
libxl_ctx.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:16 +0000 (14:14 +0100)]
libxl: include <_libxl_paths.h> in libxl_internal.h
Ie, we permit general code in libxl direct access to the manifest
constants such as XEN_RUN_DIR. This simplifies their use in (eg)
format strings.
This might be controversial because it will make it difficult to make
any of these runtime-configurable later without changing lots of use
sites. But I don't think it's likely we'll want to do that.
For the moment, leave existing call sites of all the functions in
libxl_paths.c unchanged. The simplified use arrangements can be used
in new code and when we update call sites for other reasons.
Also correct the dependencies in the Makefile so that _libxl_paths.h
is generated before anything that uses libxl_internal.h.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:15 +0000 (14:14 +0100)]
libxl: Provide libxl_string_list_length
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:15 +0000 (14:14 +0100)]
libxl: include <ctype.h> and introduce CTYPE helper macro
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:14 +0000 (14:14 +0100)]
libxl: Introduce some convenience macros
We introduce:
<type> *GCNEW(<type> *var);
<type> *GCNEW_ARRAY(<type> *var, ssize_t nmemb);
<type> *GCREALLOC_ARRAY(<type> *var, size_t nmemb);
char *GCSPRINTF(const char *fmt, ...);
void LOG(<xtl_level_suffix>, const char *fmt, ...);
void LOGE(<xtl_level_suffix>, const char *fmt, ...);
void LOGEV(<xtl_level_suffix>, int errnoval, const char *fmt, ...);
all of which expect, in the calling context,
libxl__gc *gc;
Most of these will find callers in subsequent patches. The exceptions
are the orthogonally necessary LOGE and LOGEV, and GCREALLOC_ARRAY.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:14 +0000 (14:14 +0100)]
libxl: Make libxl__zalloc et al tolerate a NULL gc
Arrange that if we pass NULL as a gc, we simply don't register the
pointer. This instantly gives us non-gc'ing but error-checking
versions of malloc, realloc, vasprintf, etc.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:13 +0000 (14:14 +0100)]
libxl: Crash (more sensibly) on malloc failure
Formally change the libxl memory allocation failure policy to "crash".
Previously we had a very uneven approach; much code assumed that
libxl__sprintf (for example) would never return NULL, but some code
was written more carefully.
We think it is unlikely that we will be able to make the library
actually robust against allocation failure (since that would be an
awful lot of never-tested error paths) and few calling environments
will be able to cope anyway. So, instead, adopt the alternative
approach: provide allocation functions which never return null, but
will crash the whole process instead.
Consequently,
- New noreturn function libxl__alloc_failed which may be used for
printing a vaguely-useful error message, rather than simply
dereferencing a null pointer.
- libxl__ptr_add now returns void as it crashes on failure.
- libxl__zalloc, _calloc, _strdup, _strndup, crash on failure using
libxl__alloc_failed. So all the code that uses these can no longer
dereference null on malloc failure.
While we're at it, make libxl__ptr_add use realloc rather than
emulating it with calloc and free, and make it grow the array
exponentially rather than linearly.
Things left to do:
- Remove a lot of now-spurious error handling.
- Remove the ERROR_NOMEM error code.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:13 +0000 (14:14 +0100)]
tools: Use PTHREAD_CFLAGS, _LDFLAGS, _LIBS
Replace all literal occurrences of -lpthread and -pthread in Makefiles
by references to PTHREAD_CFLAGS, PTHREAD_LDFLAGS and PTHREAD_LIBS.
These are the new variables set by configure, and currently expand to
-pthread on the compilation and link lines as is required.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:12 +0000 (14:14 +0100)]
libxl: Use PTHREAD_CFLAGS, LDFLAGS, LIBS
This is going to be needed for pthread_atfork. It is a mystery why it
hasn't been needed before.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:11 +0000 (14:14 +0100)]
tools: Correct PTHREAD options in config/StdGNU.mk
It is not correct to say -lpthread. The correct option is -pthread,
which may have sundry other effects on code generation etc. It needs
to be passed both to compilation and linking.
Fix the configure test to test -pthread, and plumb the resulting flag
through to PTHREAD_{CFLAGS,LDFLAGS} in Tools.mk; also substitute
PTHREAD_LIBS (although this will currently always be empty).
Remove PTHREAD_LIBS setting from StdGNU.mk.
Fix the one user (libxc) to use PTHREAD_{CFLAGS,LDFLAGS} too.
There are still some other users in tree which pass -pthread or
-lpthread by adding it as a literal to their own compiler options.
These will be fixed in a later patch.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Roger Pau Monne <roger.pau@entel.upc.edu> Acked-by: Roger Pau Monne <roger.pau@entel.upc.edu> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:10 +0000 (14:14 +0100)]
libxl: Fix leak of ctx->lock
A mutex created with pthread_mutex_init, like ctx->lock, may need to
be destroyed with pthread_mutex_destroy.
Also, previously, if libxl__init_recursive_mutex failed, the nascent
ctx would be leaked. Add some comments which will hopefully make
these kind of mistakes less likely in future.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
libxl: remove poller from list in libxl__poller_get
Remove poller from the list once it has been requested.
Fixes a double-free bug.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com> Acked-by: Ian Jackson <ian.jackson@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:09 +0000 (14:14 +0100)]
libxl: Fix eventloop_iteration over-locking
eventloop_iteration's head comment says that it must be called with
the ctx locked exactly once, and this is indeed true, and it's done
correctly at both the call sites.
However, it takes out the lock an additional time itself. This is
wrong because it prevents the unlocks around poll from being
effective. This would mean that a multithreaded event-loop using
program might suffer from undesired blocking, as one thread trying to
enter libxl might end up stalled by another thread waiting for a slow
event. So remove those two lock calls.
Also add a couple of comments documenting the locking behaviour of
libxl__ao_inprogress and libxl__egc_cleanup.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Wed, 11 Apr 2012 13:14:09 +0000 (14:14 +0100)]
libxl: fix hang due to libxl__initiate_device_remove
libxl__initiate_device_remove might discover that the operation was
complete, immediately (typically, if the device is already removed).
Previously, in this situation, it would return 0 to the caller but
never call libxl__ao_complete. Fix this. This necessitates passing
the egc in from the functions which are the ao initiators.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Roger Pau Monne <roger.pau@entel.upc.edu> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
projects / xen.git / log