[XM][ACM] Add xm subcommands to work with security resource labels.
This patch adds new xm subcommands to support working with resource
labels. The new subcommands are 'xm resources', 'xm rmlabel', 'xm
getlabel' and 'xm dry-run'. In addition, the 'xm addlabel' subcommand
now uses an updated syntax to support labeling both domains and
resources. See the xm man page for details on each subcommand.
Beyond the new subcommands, this patch allows users to immediately see
when security checks will fail by pushing some basic security checking
into the beginning of 'xm create' and 'xm block-attach'. ACM security
attributes for block devices are added to XenStore in order to support
the final security enforcement, which will be performed in the kernel
and included in a separate patch.
Signed-off-by: Bryan D. Payne <bdpayne@us.ibm.com> Signed-off-by: Reiner Sailer <sailer@us.ibm.com>
[XENTRACE] Remember number of lost trace records when
trace buffer is full and write a 'number of lost records'
entry when space becomes available.
From: Rob Gardner <rob.gardner@hp.com> Signed-off-by: Keir Fraser <keir@xensource.com>
This patch addresses the problem of xenbaked/xenmon not dealing with
large domain ID's. Xen Domain ID's increase monotonically as domains
are created; The ID's are not (often) recycled. Xenbaked was using the
domain
ID's as indices to arrays of data, and this scheme blows up as soon as
a domain ID exceeds the array size. Code has been changed in xenbaked
and xenmon to isolate domain id's from array indices, so everything is
indirect. Users should not notice any difference in behavior.
From: Rob Gardner <rob.gardner@hp.com> Signed-off-by: Keir Fraser <keir@xensource.com>
[XENOPROF] Some fixes for xenoprof passive domain support.
Currently, passive domain samples are being assigned to the wrong
kernel functions. This patch fixes this problem. In addition the patch changes the
encoding of domain switch ESCAPE codes (marks used to separate samples
in oprofile buffers associated with different domains). Instead of
using 2 codes, one for START and one for END of passive domain
samples, a single escape CODE value is used to indicate a domain switch (no
need for a STOP followed by a START). Finally there some other minor style
fixes.
Signed-off-by: Jose Renato Santos <jsantos@hpl.hp.com>
[XEND] Currently a domain's maxmem value is being set with the memory value
even if the user specifies maxmem in config. This patch uses maxmem
value to set maxmem instead of memory.
[VTPM_Tools] Support for (non-local) Migration added. Local migration
works provided that the hotplug scripts deliver the "suspend" before
the "resume," but this is not always true. Signed-off-by: Vinnie Scarlata <vincent.r.scarlata@intel.com>
[NET] net-gso.patch: Fix up GSO packets with broken checksums
Here is the original changelog:
[NET] gso: Fix up GSO packets with broken checksums
Certain subsystems in the stack (e.g., netfilter) can break the
partial
checksum on GSO packets. Until they're fixed, this patch allows
this to
work by recomputing the partial checksums through the GSO
mechanism.
Once they've all been converted to update the partial checksum
instead of
clearing it, this workaround can be removed.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[XENCONSOLE] reference of tty->count in xencons_close() is racy.
It must be protected by tty_sem semaphore like con_close() in
drivers/char/vt.c. and prevent re-opening this tty.
A check_uuid() in this patch checks on uuid of the
VM configuration definition. If specified uuid is
already used with the others VM, the xm create command
does not create the VM. The xm create command error occurs.
[HVM] Fix "Many lost ticks" warning in ia32e guest Signed-off-by: Eddie Dong <eddie.dong@intel.com> Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
[BUILD] Fix re-use of existing config files in dist/install/boot.
- the name of the config file was computed incorrectly because of the
linux version number 4th digit being present in both LINUX_VER and
EXTRAVERSION extracted from the linux Makefile.
- DESTDIR was not set for the prep and config targets.
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
[XEN] Add CPUID hypervisor-info leaves at index 0x40000000.
Currently only a signature leaf is defined ("Xen\0"). Signed-off-by: Keir Fraser <keir@xensource.com>
[MINIOS]Mapping page frames on demand added to the memory management. Signed-off-by: Steven Smith <sos22@cam.ac.uk> Signed-off-by: Grzegorz Milos <gm281@cam.ac.uk>
[XEN] Separate domain creation from vcpu creation.
Creating a domain no longer creates vcpu0 -- that is now
done later. Signed-off-by: Keir Fraser <keir@xensource.com>
[HVM] Fix the kernel build failure issue on HVM SMP guests which
are using 2M PSE pages. Now we can do kernel build on:
1) RHEL4 IA32 SMP guest on PAE host.
2) RHEL4 IA32 SMP guest on IA32e host.
3) IA32e SMP guest on IA32e host.
Signed-off-by: Xiaohui Xin <xiaohui.xin@intel.com> Signed-off-by: Xin Li <xin.b.li@intel.com>
[MINIOS]Events handling cleaned up. The interface extended to provide
void* pointer to handlers. Signed-off-by: Steven Smith <sos22@cam.ac.uk> Signed-off-by: Grzegorz Milos <gm281@cam.ac.uk>
[HVM][VMX] expose PSE feature to HVM guests if PAE is turned on in
config file, with this change, RHEL4 IA32 SMP guest can boot.
But because we don't support 4Mbytes PSE pages, so x86_32 HVM guest
can NOT use PSE feature. However user may have "pae=1" in config file,
which causes PSE feature seen by x86_32 HVM guest, and it will then use
4Mbytes PSE pages. In this case, we will have to crash x86_32 HVM.
So when running x86_32 HVM guest, user need pay attention not to have
"pae=1" in config file.
Signed-off-by: Xin Li <xin.b.li@intel.com> Signed-off-by: Xiaohui Xin <xiaohui.xin@intel.com>
[NET] front: Zero negotiated bits in xen_set_features
When we reconnect to the backend we need to first zero all negotiated
bits as the functions xen_set_sg and xen_set_tso do not (and are not
supposed to) zero bits when they fail to set them.
This patch also permanently enables the NETIF_F_GSO_ROBUST bit as we
never parse any GSO fields ourselves (even if we did the backend could
not trust us so it's wasted effort).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
The generalised extra request info patch introduced a bug with the use
of netbk_tx_err since it advanced the req_cons pointer by one. This
patch fixes thing by delaying the increment in netbk_tx_err.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[BUILD] Miscellaneous build-system fixes and tweaks.
* Don't delete non-existent %.tar.bz2 in buildconfigs/Rules.mk's %-mrproper
* Add a mrpropper target to buildconfigs/mk.linux-2.6-xen, and
have this delete the local tarball
- This should also delete the local patch, if there is one, but I am not
sure how to do this with the current incarntation of the code, and I
will post a subsequent patch which makes this easier and effects this
chang. As there currently is no local patch this is not a big deal at
this moment. (Horms)
* Stop kclean from erroring out if the kernel directory doesn't exist
* Remove patches/*/.makedep in top level Makefile rather than in
buildconfigs/Rules.mk, as calling rules in the latter causes
patches/*/.make to be created (Magnus)
Signed-Off-By: Magnus Damm <magnus@valinux.co.jp> Signed-Off-By: Horms <horms@verge.net.au>
Allow 32-bit libxc to load 64-bit ELF files.
- use 64-bit integral types for addresses in struct domain_start_info
- use stroull() to parse 64-bit values
- remove redundant _p(a) definition and add a comment
- printf format changes for the new types
[XEN] Mark two more opcodes (C6 and C7) as Mov instructions.
From: Mats Petersson <Mats.Petersson@amd.com> Signed-off-by: Keir Fraser <keir@xensource.com>
[XENBUS] Another fix to the wait-for-device-connection code.
The new method for printing unconnected device status is arguably
cleaner and also does not screw up reference counts (previous code
called bus_find_device() with no put_device() on the result. Signed-off-by: Keir Fraser <keir@xensource.com>
[XENBUS] Improve the code for waiting for devices to connect. Provide
a more useful error when devices fail to connect.
From: Mark McLoughlin <markmc@redhat.com> Signed-off-by: Keir Fraser <keir@xensource.com>
I wasn't paranoid enough in verifying GSO information. A bogus gso_segs
could upset drivers as much as a bogus header would. Let's reset it in
the per-protocol gso_segment functions.
I didn't verify gso_size because that can be verified by the source of
the dodgy packets.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[BLK] back: Only remove sysfs attributes if they were previously
added. Also check for errors during attribute creation. Signed-off-by: Keir Fraser <keir@xensource.com>
[XEN] Various softirq cleanups. Main one is to always
call smp_processor_id() after any softirq, as rescheduling
may cause us to move to another processor on ia64
(spotted by Isaku Yamahata). Also get rid of many direct
callers of do_softirq() by creating new function
process_pending_timers(). Signed-off-by: Keir Fraser <keir@xensource.com>
[HVM][SVM] Don't BUG when VMRUN exitcode==-1, just crash the domain.
If there's any consistency problems in the VMCB, the VMRUN will return
an exitcode of -1 to indicate that the guest-state is "bad". Prior to
this change, it would cause the hypervisor to reboot. This is not at
all necessary - the VMCB may be bad, but the system is most likely
still intact. [In particular, a guest could cause a crash of the
system by setting up PAE with an invalid set of PDPE's, which is
definitely not a desired behaviour]
Now also print out the VMCB, as that MAY help identify the cause of
the exitcode of -1.
evtchn_do_upcall() has a micro optimization which is depends on that xchg is a barrier.
However xchg of IA64 has acquire semantics so that event
channel notification is lost sometimes. This patch fixes it.
Replace my previous patch with equivalent fix from linux-2.6.17.
Might as well stay as close to that as we can... Signed-off-by: Emmanuel Ackaouy <ack@xensource.com>
[XM] When two or more domain parameters are given, the xm reboot
command doesn't give a command error. This problem is also
included in the xm shutdown command.
This patch checks on domain parameter. If two or more domain
parameters are given, the command error occurs.
[XEN] Work around timeout bug in old Linux kernels where
timeout would erroneously be set far out in the future. Signed-off-by: Keir Fraser <keir@xensource.com>
Fail save if we have an out-of-sync P2M/M2P (since otherwise the restore
will fail later).
A better fix would be to tolerate temporary out-of-sync situations so we
can make a nicer fix to the kunmap_atomic() iossue (c/f -unstable csets
10529 & 10533) but this requires some more thought.
Replace changesets 10521, 10526, and 10527 with this new version that does not
use xml.marshal.
This patch adds new xm subcommands to support working with resource
labels. The new subcommands are 'xm resources', 'xm rmlabel', 'xm
getlabel' and 'xm dry-run'. In addition, the 'xm addlabel' subcommand
now uses an updated syntax to support labeling both domains and
resources. See the xm man page for details on each subcommand.
Beyond the new subcommands, this patch allows users to immediately see
when security checks will fail by pushing some basic security checking
into the beginning of 'xm create' and 'xm block-attach'. ACM security
attributes for block devices are added to XenStore in order to support
the final security enforcement, which will be performed in the kernel
and included in a separate patch.
Signed-off-by: Bryan D. Payne <bdpayne@us.ibm.com> Signed-off-by: Reiner Sailer <sailer@us.ibm.com>
Fix the kunmap_atomic() change in 10529:4260eb8c08740de0000081c61a6237ffcb95b2d5.
Mustn't zap the PTE if the virtual address is not in kmap_atomic range! Signed-off-by: Keir Fraser <keir@xensource.com>
Fix next_timer_interrupt() in patch and update caller
to deal with the case of existing pending timers.
Fixes a dom0 hang at boot time on some HPs where some
dubious USB code is invoked from pci_init() that
potentially calls msleep(10) a few times. Signed-off-by: Emmanuel Ackaouy <ack@xensource.com>
Use address types in elf parser that match elf headers.
Necessary if a long is a different size to addresses in elf
file being parsed.
From: Jimi Xenidis <jimix@watson.ibm.com> Signed-off-by: Keir Fraser <keir@xensource.com>
kunmap_atomic() must zap the PTE to avoid dangling references
when attempting to free memory back to Xen. We can implement
something more efficient in future.
Also add debug print message if guest tries to free 'in use'
memory. We'll make it a real guest-visible error in future.
[TPM] Add 3 more test cases to the xm testsuite that extend the
state of a PCR register and test that the value remains the same during
a suspend/resume cycle and during live and non-live local migration.
The patch adapts existing tests to the changes in the driver (moving of
the sysfs entry). Some problems with existing tests are fixed.
[TPM] Add an upgrade patch to bring TPM subsystem to 2.6.17-rc4.
This patch adds the updated and newer driver plugins appearing in
2.6.17-rc4 to the 2.6.16.13 kernel. The patch needs to be placed into
the patches/linux-2.6.16.13 directory and should be removed once an
upgrade is done to 2.6.17-rc4 or later version.
[TPM] Update the TPM drivers in the repository to a newer version
and also fixes the following:
- a problem introduced by a recent change to the xenbus_driver structure
requires driver-specific data to be stored in another data structures
- removes the #define'd MIN by min/min_t
- moves the sysfs entry to /sys/devices/xen/<vtpm-%d>
- fixes a bug occurring during cancellation of requests
- updates the default configuration to also compile the TPM V1.2 driver
submitted in part 2 of this patch
- all changes made to the generic TPM driver are surrounded by #ifdef
CONFIG_XEN's.
[XEN] BUG() places console in sync mode.
Also move the BUG code out of line.
Original patch from Jimi Xenidis. Signed-off-by: Keir Fraser <keir@xensource.com>
This patch adds new xm subcommands to support working with resource
labels. The new subcommands are 'xm resources', 'xm rmlabel', 'xm
getlabel' and 'xm dry-run'. In addition, the 'xm addlabel' subcommand
now uses an updated syntax to support labeling both domains and
resources. See the xm man page for details on each subcommand.
Beyond the new subcommands, this patch allows users to immediately see
when security checks will fail by pushing some basic security checking
into the beginning of 'xm create' and 'xm block-attach'. ACM security
attributes for block devices are added to XenStore in order to support
the final security enforcement, which will be performed in the kernel
and included in a separate patch.
Signed-off-by: Bryan D. Payne <bdpayne@us.ibm.com> Signed-off-by: Reiner Sailer <sailer@us.ibm.com>
projects / xen.git / log