Keir Fraser [Fri, 27 Jun 2008 16:04:41 +0000 (17:04 +0100)]
hvm rombios: Move function calls out of 'post' function section
Through recent additions to the rombios the code section of the post
function has filled up considerably. When I enable the BX_TCGBIOS
compile time option the BIOS crashes since the post section code
(starts at $e05b) spills over into the nmi entry point (starts at
$e2c3). as86 doesn't cause an error when building.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
xen-unstable changeset: 17901:3edc443ae8ce80742db2e2a90a260ffac1a7377e
xen-unstable date: Fri Jun 27 14:43:29 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 16:04:10 +0000 (17:04 +0100)]
hvmloader: Set up any Intel ICH for legacy IDE. Signed-off-by: Li Zhang <li.zhang@intel.com>
xen-unstable changeset: 17897:be52424a543ec9f1437056ee3bf429a4c48a4ea9
xen-unstable date: Fri Jun 27 14:15:11 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 16:01:31 +0000 (17:01 +0100)]
x86 acpi: Clean up output tracing. Ensure it is synced to serial line
before entering Sx state. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17883:ad156e312aefd4deca7d968c13a6b9ed0ece45f8
xen-unstable date: Fri Jun 20 15:21:04 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 16:00:59 +0000 (17:00 +0100)]
ioemu: Fix usbdevice parameter to encode vbd type.
usbdevice = "disk:<filename>"
expect a raw device (as this probably is the most usual case) and
usbdevice = "disk-qcow:<filename>"
expect a COW image (autodetected, probably qcow2).
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen-unstable changeset: 17877:52592af0204a55abd0898b1fbe390a55036079e2
xen-unstable date: Wed Jun 18 11:55:34 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 15:59:50 +0000 (16:59 +0100)]
ioemu: Disable format auto-probing in monitor command change
Format auto-probing of writable images is a security hole. The last
known remaining instance is monitor command change. Disable probing
there and use raw. This breaks change for images in all other
formats.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
xen-unstable changeset: 17874:9493a853df9ef0c17c6fb12efdcc86c5d67c7e03
xen-unstable date: Wed Jun 18 09:39:14 2008 +0100
Keir Fraser [Fri, 27 Jun 2008 15:59:11 +0000 (16:59 +0100)]
vmx: Allow restore of context from a non-Intel processor. In
particular, VMX requires segment 'granularity' to be set correctly, so
we force it if need be in vmx_set_segment_register().
Keir Fraser [Tue, 17 Jun 2008 10:11:21 +0000 (11:11 +0100)]
vmx realmode: HOST_CR0.TS must be cleared when restoring guest FPU
state, otherwise in-Xen CR0.TS value becomes set again on next
vmexit. Then we crash the next time we try to emulate an FPU
instruction. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 16970:aecbf98aa7099458fe6895bbd8f15d506e0901b3
xen-unstable date: Sun Feb 03 09:30:59 2008 +0000
Keir Fraser [Mon, 16 Jun 2008 10:54:27 +0000 (11:54 +0100)]
x86_emulate: Fix the segment-load function
Fix the non-conforming type check and uses the consistent method to
fetch the cpl value as function get_cpl().
Also make sure vm86 mode is properly handled when determining whether
in real mode or protected mode -- in various respects vm86 mode can
act like both.
Keir Fraser [Thu, 12 Jun 2008 17:31:19 +0000 (18:31 +0100)]
x86: machine_halt() forcibly re-enables IRQs as it may be called from
panic() which itself may be called in an IRQ-safe critical section. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17837:a3319f32496fd93a545fc354ce3944072cc32e5e
xen-unstable date: Thu Jun 12 16:09:08 2008 +0100
Keir Fraser [Thu, 12 Jun 2008 17:30:53 +0000 (18:30 +0100)]
x86/32on64: fix physical address restriction
The allocation bit size setting wasn't working anymore after the
recent fix to properly use PAGE_SHIFT instead of PAGE_SIZE. This was
because the bit size implies a power-of-two range that's accessible,
but if all memory is accessible anyway (and its upper boundary is not
a power of two), the domain would either be needlessly restricted or
wouldn't be able to allocate as much memory as was intended for it
(specifically the case for Dom0 without dom0_mem= boot
parameter). Consequently, don't restrict the bit width if all memory
can be accessed.
To avoid needing to adjust this code in two places in the future (it
may need further touching when memory hotplug gets supported), fold
the logic into a function.
Signed-off-by: Jan Beulich <jbeulich@novell.com> Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17836:52c0117dd37446bef59e82de133a85a6565b237f
xen-unstable date: Thu Jun 12 16:05:35 2008 +0100
Keir Fraser [Thu, 12 Jun 2008 17:29:27 +0000 (18:29 +0100)]
Allow older PAE Linux guests to access entire compat m2p.
Older PAE guests (prior to xen-unstable.hg 8924:229c602a075a, Feb
2006, this includes some vendor's kernel in the field) use a limit of
0xf6800000 on their code and data segments (i.e. up to the end of the
read-only m2p table).
Newer kernels use a limit of 4G and rely on the hypervisor to clamp to
the actual maximum allowed. 32on64 mode takes advantage of this to
allow a larger m2p than would fit in the PAEonPAE sized hole.
This means that PAE guests with the hardcoded low limit cannot run on
top of a 64 bit hypervisor on a host machine which has more than 16G
of RAM. Fix this by extending any code or data segment which ends
above the start of the hypervisor hole for that guest.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 17809:09dd5492651c34f7cf863683f2ddbca868340eef
xen-unstable date: Mon Jun 09 17:18:27 2008 +0100
Keir Fraser [Mon, 9 Jun 2008 09:11:47 +0000 (10:11 +0100)]
[BUILD] Disable LOCALVERSION_AUTO in upstream Linux builds.
If this option is enabled then the Xen mercurial version ID gets
tacked onto the kernel version (e.g. 2.6.24-git22-hg2593b69b183b)
which is unlikely to be useful or desirable. All the trees which we
build using this method already have uniquely identifying versions
(e.g. 2.6.24-git22 or 2.6.24-mm1).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 17031:761604c6136decb122bb1a45a19de15fa4080cbc
xen-unstable date: Tue Feb 12 14:59:22 2008 +0000
Keir Fraser [Mon, 9 Jun 2008 09:11:22 +0000 (10:11 +0100)]
[BUILD] Fixup support for building upstream kernels.
In particular:
- support merged x86 architecture. To facilitate this it made sense
to encode some existing logic in shell scripts rather than
increasing complicated make conditionals.
- set CONFIG_PARAVIRT_GUEST=y which is required for newer kernels.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 17030:419a141ca16d7b248805addb0465a6b48e9723dc
xen-unstable date: Tue Feb 12 14:59:01 2008 +0000
Keir Fraser [Mon, 2 Jun 2008 09:59:07 +0000 (10:59 +0100)]
vmx: Better diagnostic messages when VMXON might have failed due to
bad setting of the IA32_FEATURE_CONTROL MSR. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17769:a4775034ef83946803eb6a61e0af33fb6971123f
xen-unstable date: Mon Jun 02 10:55:55 2008 +0100
Keir Fraser [Fri, 30 May 2008 15:36:05 +0000 (16:36 +0100)]
x86: Fix reboot failure after S3
"warm reset vector" is used to start APs. At booting time, it is set
by BP, and cleared after all APs have started. When do S3, similar
work need to do. However, when enable non-boot CPUs after S3, Xen just
sets this vector, but forgets to clear it after APs startup.
Keir Fraser [Wed, 28 May 2008 15:31:45 +0000 (16:31 +0100)]
ioemu: Force floppy disk images to be interpreted as raw.
Fixes specifying fda/fdb image names in domain configs. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17736:6b28a18a8c2d22993adbf35fa66712661118dede
xen-unstable date: Tue May 27 11:51:33 2008 +0100
Keir Fraser [Tue, 27 May 2008 09:37:59 +0000 (10:37 +0100)]
vt-d: Do FLR of assigned devices with VT-d
Currently there is a pdev_flr() function to do FLR before device
assignment in qemu, but most of devices don't have FLR capability.
What's more, should do FLR before assignment and deassignment for
keeping correct device status. If the device doesn't have FLR
capablility, this patch implemented to enter D3hot and return to D0 to
do FLR. And exposed pdev_flr() in VT-d utils, then it can be invoked
by assignment and deassignment functions.
Signed-off-by: Weidong Han <weidong.han@intel.com> Signed-off-by: Anthony Xu <anthony.xu@intel.com>
xen-unstable changeset: 16875:74a9bfccddba0fedd59c57e5f1a76d83a4178d7c
xen-unstable date: Thu Jan 24 14:39:38 2008 +0000
Keir Fraser [Fri, 23 May 2008 10:16:44 +0000 (11:16 +0100)]
x86: Fix Xen boot on 8-node AMD machines
In xen/arch/x86/cpu/amd.c the function disable_c1_ramping iterates
over the northbridges using NR_CPUS as an upper bound for the number
of nodes. If there are no more northbridges found, it stops iterating.
Sadly it just adds the northbridge number to 0x18 and uses this as a
PCI device number, so probing the 9th northbridge on an 8 node system
will be caught by the newly inserted assertion in pci_conf_read in current
unstable. We fix this by first querying the number of nodes from the
first northbridge to avoid the overflow.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Verified by Mark.Johnson@sun.com
xen-unstable changeset: 17712:5cc5b9c37c6d429502e75536822810219b23b033
xen-unstable date: Fri May 23 11:15:19 2008 +0100
Keir Fraser [Fri, 23 May 2008 10:04:46 +0000 (11:04 +0100)]
x86: Fix kexec reservation
The reservation of space for the kexec area in
kexec_reserve_area is incorrect. It specifies the
start address and size to reserve_e820_mem when
the args should be start and end.
Bug found and fixed by Dave Anderson.
Signed-off-by: Bill Burns <bburns@redhat.com>
xen-unstable changeset: 17653:e66aefdfedcca8319f7ecf9c8d742ae157c2d690
xen-unstable date: Mon May 19 09:43:42 2008 +0100
Keir Fraser [Thu, 15 May 2008 14:11:29 +0000 (15:11 +0100)]
ioemu: Do not try to guess backing file format when using qcow vbds. Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
xen-unstable changeset: 17646:e3b13e1ecf6ca61b84c8bdf5ae3e961268c920f5
xen-unstable date: Thu May 15 15:10:05 2008 +0100
Keir Fraser [Thu, 15 May 2008 08:59:19 +0000 (09:59 +0100)]
Add ZFS libfsimage support patch
Add support to pygrub and libfsimage to boot ZFS root filesystems.
Boot argument of zfs-bootfs is set to describe ZFS root pool and
boot filesystem object number. Boot argument bootpath is set to
describe the virtual device root mirror components.
Signed-off-by: Susan Kamm-Worrell <susan.kamm-worrell@sun.com>
xen-unstable changeset: 17557:64f790e90d3d4797e298cc5abdfc54cb943687f3
xen-unstable date: Thu May 01 16:38:56 2008 +0100
Depending on environments, zfs libfsimage support doesn't compile.
This patch fixes it.
ia64-linux-gnu-gcc -DPIC -O2 -fomit-frame-pointer
-fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes
-Wno-unused-value -Wdeclaration-after-statement
-I/usr/ia64-linux-gnu/
sys-root/usr/include -D__XEN_TOOLS__ -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE -I../../../tools/libfsimage/common/ -Werror
-Wp,-MD,.zfs_lzjb.opic.d -fPIC -c -o zfs_lzjb.opic zfs_
lzjb.c
In file included from fsys_zfs.h:41,
from zfs_lzjb.c:25:
zfs-include/zfs_acl.h:29: error: redefinition of typedef uid_t
/usr/ia64-linux-gnu/sys-root/usr/include/sys/types.h:82: error:
previous declaration of uid_t was here
This depends on how __uid_t is defined in the system header.
No file under the zfs directory uses uid_t so that just removing
the definition in the zfs_acl.h looks reasonable.
Keir Fraser [Thu, 15 May 2008 08:55:53 +0000 (09:55 +0100)]
x86: Fix an S3 bug caused by x_firmware_waking_vector
According to ACPI spec., x_firmware_waking_vector in FACS is for
waking up in protected mode and firmware_waking_vector is for in real
mode. Xen once use x_firmware_waking_vector which can make S3 failed
on some platform. This patch fixed the bug by using non-x one.
Keir Fraser [Thu, 15 May 2008 08:53:32 +0000 (09:53 +0100)]
ioemu: Fix PVFB backend to limit frame buffer size
The recent fix to validate the frontend's frame buffer description
neglected to limit the frame buffer size correctly. This lets a
malicious frontend make the backend attempt to map an arbitrary amount
of guest memory, which could be useful for a denial of service attack
against dom0.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
xen-unstable changeset: 17643:9044705960cb30cec385bdca7305bcf7db096721
xen-unstable date: Thu May 15 09:36:38 2008 +0100
Keir Fraser [Thu, 15 May 2008 08:47:41 +0000 (09:47 +0100)]
xend: fix block protocol mismatch on save/restore
The protocol field of the blkif interface is correct at startup for a
guest of a different mode from dom0 (eg. 32-bit dom0, 64-bit guest).
However, this property is not persisted on save, so a later restore
(or migrate) will setup the block interface with the wrong mode.
Signed-off-by: Herbert van den Bergh <herbert.van.den.bergh@oracle.com> Signed-off-by: Kurt Hackel <kurt.hackel@oracle.com>
xen-unstable changeset: 17635:049459aec2b10628a8b7474d43a89e2a89b29405
xen-unstable date: Wed May 14 09:19:05 2008 +0100
Keir Fraser [Thu, 15 May 2008 08:47:08 +0000 (09:47 +0100)]
qemu: Fix shift-insert behavior
This patch is related to Changeset 15635:7bdc9f6407d3
<http://xenbits.xensource.com/staging/xen-unstable.hg?rev/7bdc9f6407d3>
[PVFB] Fix shift key for graphical vnc display.
With above patch, if a user presses shift-insert, qemu sends shift
down, shift up, insert down and then another shift key down (see trace
below). This makes it impossible to do shift insert pasting or use
guest hot shifted-Fkeys.
Shift Insert trace:
do_key_event():1135 keycode:2a shift down
kbd_put_keycode():539 keycode:2a send shift down
do_key_event():1135 keycode:d2 insert down
kbd_put_keycode():539 keycode:aa send shift up
kbd_put_keycode():539 keycode:e0 send insert down
kbd_put_keycode():539 keycode:52
do_key_event():1135 keycode:d2 insert up
kbd_put_keycode():539 keycode:e0 send insert up
kbd_put_keycode():539 keycode:d2
kbd_put_keycode():539 keycode:2a send shift down
do_key_event():1135 keycode:2a shift up
kbd_put_keycode():539 keycode:aa send shift up
This patch adds a check for the keycode being shiftable, something
other than a keypad key, f1-12 , insert, del , etc. before allowing
the press_shift_up() operation.
Signed-off-by: Pat Campbell <plc@novell.com>
xen-unstable changeset: 17634:feec00994a0b06ec093a4a4779484810a138eef2
xen-unstable date: Wed May 14 09:16:40 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:54:31 +0000 (15:54 +0100)]
SVM: clean up __get_instruction_length_from_list()
Remove unused arguments, fix its behaviour near page boundaries,
inject appropriate pagefaults, and inject #GP if the instruction is
not decodable or %eip is not pointing to valid RAM.
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com> Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17575:01aa7c088e983cd54b61faeb3ff533581714a26f
xen-unstable date: Tue May 06 13:32:18 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:34:33 +0000 (15:34 +0100)]
ioemu: Fix PVFB backend to validate frontend's frame buffer
description
A buggy or malicious frontend can describe its shared framebuffer to
the backend in a way that makes the backend map an arbitrary amount of
guest memory, malloc an arbitrarily large internal buffer, copy
arbitrary memory to that buffer, even beyond its end. A domU running
a malicious frontend can abuse the former two for denial of service
attacks against dom0. It can abuse the third to write arbitrary
backend memory. It can abuse all three to terminate or crash the
backend. Arbitrary code execution looks quite feasible.
From: Markus Armbruster <armbru@redhat.com> Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17630:53195719f7621110dab7a97a2bca292b73baa715
xen-unstable date: Tue May 13 15:08:17 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:19:47 +0000 (15:19 +0100)]
ioemu: fix disk format security vulnerability
* make the xenstore reader in qemu-dm's startup determine which
of qemu's block drivers to use according to the xenstore
backend `type' field. This `type' field typically comes from
the front of the drive mapping string in ioemu. The
supported cases are:
xm config file string `type' image format qemu driver
phy:[/dev/]<device> phy raw image bdrv_raw
file:<filename> file raw image bdrv_raw
tap:aio:<filename> tap raw image bdrv_raw
tap:qcow:<image> tap not raw autoprobe
tap:<cow-fmt>:<image> tap named format bdrv_<cow-fmt>
It is still necessary to autoprobe when the image is specified as
`tap:qcow:<image>', because qemu distinguishes `qcow' and `qcow2'
whereas blktap doesn't; `qcow' in xenstore typically means what
qemu calls qcow2. This is OK because qemu can safely distinguish
the different cow formats provided we know it's not a raw image.
* Make the format autoprobing machinery never return `raw'. This has
two purposes: firstly, it arranges that the `tap:qcow:...' case
above can be handled without accidentally falling back to raw
format. Secondly it prevents accidents in case the code changes in
future: autoprobing will now always fail on supposed cow files which
actually contain junk, rather than giving the guest access to the
underlying file.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen-unstable changeset: 17606:e3be00bd6aa963aca563692c271af762f9380ba0
xen-unstable date: Mon May 12 10:09:12 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:16:59 +0000 (15:16 +0100)]
xend: Fix and improve error handling for failed suspend/migrate
This has been broken since cset 16964:5d84464dc1fc
Also deal better with very early errors (close sender side socket)
Signed-off-by: Steven Hand <steven.hand@cl.cam.ac.uk>
xen-unstable changeset: 17601:c99a88623eda83d8e02f4b6d7c32bc4c6d298d8a
xen-unstable date: Thu May 08 14:33:31 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:15:02 +0000 (15:15 +0100)]
x86 hvm: Warn only once per time source when the periodic tiemout is
set 'too small'. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17579:cc953475ab149a61defff06de237295a7feb882d
xen-unstable date: Tue May 06 16:20:54 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:14:34 +0000 (15:14 +0100)]
x86 hvm: Support interrupt delivery for PIT channel 0 when in modes 3 and 4. Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 17578:a95c2e36d6fda747279123ab13bfaf40c4041337
xen-unstable date: Tue May 06 16:20:24 2008 +0100
Keir Fraser [Tue, 13 May 2008 14:12:54 +0000 (15:12 +0100)]
x86, hvm: stdvga cache always on
currently the hypervisor vga cache (stdvga.c) enables itself only in
graphical mode and in the a0000h-affffh range. However there is no
reason for this: it already allocates enought memory to map the whole
vram. I am attaching a patch that implements the bank switching
mechanism in stdvga.c, allowing the cache to be always enabled when
the emulated graphic card is in VGA mode.
Keir Fraser [Tue, 13 May 2008 14:11:11 +0000 (15:11 +0100)]
libxc foreign address translation bug
In the xc_translate_foreign_address function from libxc, there is a
check on the page directory entry to see if the page is 4K or 4M.
However, the check is looking at bit 3, when it should be looking at
bit 7. This patch fixes the problem.
Signed-off-by: Bryan D. Payne <bryan@thepaynes.cc>
xen-unstable changeset: 17558:a353dd2ab9445036351c5da5c14555b82bc85ae6
xen-unstable date: Fri May 02 13:46:16 2008 +0100
Keir Fraser [Thu, 1 May 2008 09:17:39 +0000 (10:17 +0100)]
xenstored: Fix xenstored abort when connection dropped.
If a connection is dropped with pending input and output data then the
connection will be dereferenced by both handle_input and handle_output
resulting in a double free when the main loop dereferences the
connection.
Fix this issue by taking/releasing a reference over the calls to
handle_input and handle_output separately and checking the result of
talloc_free to see if the connection went away.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 17532:5e5bc5b2bb6d4d71c0de97c15448f2f991f4271d
xen-unstable date: Thu May 01 10:00:00 2008 +0100
Keir Fraser [Thu, 1 May 2008 09:17:10 +0000 (10:17 +0100)]
x86 time: Read platform time before locally-extrapolated time during
calibration and frequency changes. This places the variable delay
(acquiring the platform_timer_lock) safely as the very first thing we
do, avoiding a variable delay /between/ computing the two timestamps.
Problem diagnosed by Dave Winchell <dwinchell@virtualiron.com>
1. We cannot rely on BSF/BSR leaving the destination register intact
if the source is zero (according to Intel manuals)
2. We race clear_bit() in find_first_bit(), which may occur after
SCAS but before BSF. So we must handle zero input to BSF.
Cache figlet output across builds, and provide src-tarball target
which creates figlet output and then deletes figlet itself (which is
not licensed under GPL).
x86/64 compat: Replace hypervisor BUG_ON() with a cleaner hypercall failure.
While trying to run a 32-bit PV domU on a 64-bit hypervisor, I
triggered an assert in the hypervisor. The assert dealt with the
maximum number of grants that a domU can have. I made the hypervisor
a bit more graceful by returning an error rather than asserting.
libxc: Move xg_memalign() into a proper source file, so that it
definitely does not leak out of tools/libxc. Return to the
ioemu/osdep.c way of checking for posix_memalign() as this works on
Solaris.
save/restore: Use page-aligned allocations for hypercall args that are
mlock()ed across other hypercall invocations, to avoid aliasing with
other hypercall arguments, causing spurious unlocking.
ioemu: Fix rtl8139 emulation so that reboot works correctly in 64-bit
Windows VMs. Return an error if the guest OS tries to transmit a
packet with the transmitter disabled, so that it doesn't spin forever
waiting for it to complete.
Signed-off-by: Steven Smith <Steven.Smith@eu.citrix.com>
xen-unstable changeset: 17420:40c0dda6eae68ec1bbd3bfd3e812d8b9e34051a0
xen-unstable date: Wed Apr 09 16:03:40 2008 +0100
projects / people / vhanquez / xen.git / log