Roger Pau Monné [Fri, 17 Feb 2017 15:09:38 +0000 (16:09 +0100)]
build/printf: fix incorrect format specifiers
The following incorrect format specifiers and incorrect number of parameters
passed to printf like functions are reported by clang:
mce.c:601:18: error: data argument not used by format string [-Werror,-Wformat-extra-args]
smp_processor_id());
^
xenpm.c:102:23: error: data argument not used by format string [-Werror,-Wformat-extra-args]
what, argv[argc > 1]);
^
libxl_internal.c:25:69: error: data argument not used by format string
[-Werror,-Wformat-extra-args]
libxl__log(ctx, XTL_CRITICAL, ENOMEM, 0,0, func, INVALID_DOMID, L);
^
libxl_internal.c:24:17: note: expanded from macro 'L'
func, (unsigned long)nmemb, (unsigned long)size
^
libxl_internal.c:26:21: error: data argument not used by format string
[-Werror,-Wformat-extra-args]
fprintf(stderr, L);
^
libxl_internal.c:24:17: note: expanded from macro 'L'
func, (unsigned long)nmemb, (unsigned long)size
^
This patch contains the fixes for them and enables -Wformat for clang.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Roger Pau Monné [Fri, 17 Feb 2017 15:08:37 +0000 (16:08 +0100)]
x86/vmx: fix compilation after 997382
997382 introduced the following errors:
intr.c:342:46: error: address of array 'vlapic->regs->data' will always evaluate to 'true'
[-Werror,-Wpointer-bool-conversion]
if ( vlapic && vlapic->regs->data )
~~ ~~~~~~~~~~~~~~^~~~
intr.c:352:42: error: address of array 'pi_desc->pir' will always evaluate to 'true'
[-Werror,-Wpointer-bool-conversion]
if ( pi_desc && pi_desc->pir )
~~ ~~~~~~~~~^~~
Both of those checks are done against static arrays, which doesn't seem to make
much sense, so just remove them.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Fri, 17 Feb 2017 14:59:15 +0000 (15:59 +0100)]
console: avoid wrapping of console pointers
We particularly want/need to avoid accessing data outside (ahead of)
the ring buffer. Also latch both pointers into local variable to
avoid different steps of the calculation being done with different
values.
Reported-by: Quan Luo <a4651386@163.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Haozhong Zhang [Fri, 17 Feb 2017 14:55:47 +0000 (15:55 +0100)]
x86/mce: remove declarations of non-existing functions in mce.h
Remove declarations of functions
intel_mcheck_timer()
mce_intel_feature_init()
mce_cap_init()
x86_mcinfo_getptr()
whose definitions had been removed long time ago.
Signed-off-by: Haozhong Zhang <haozhong.zhang@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Norbert Manthey [Fri, 17 Feb 2017 14:51:37 +0000 (15:51 +0100)]
x86/mm: fix memory hotplug error cleanup
During destroying the m2p mapping, the loop variable was always incremented
by one, as the current version used a compare operator on the left hand side,
which always evaluated to true, i.e.
i += 1UL < (L2_PAGETABLE_SHIFT - 2)
The fix increments the value of the variable by the actual page size by
using the shift operator instead.
Signed-off-by: Norbert Manthey <nmanthey@amazon.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 17 Feb 2017 14:51:03 +0000 (15:51 +0100)]
x86: package up context switch hook pointers
They're all solely dependent on guest type, so we don't need to repeat
all the same three pointers in every vCPU control structure. Instead use
static const structures, and store pointers to them in the domain
control structure.
Since touching it anyway, take the opportunity and expand
schedule_tail() in the only two places invoking it, allowing the macro
to be dropped.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Jan Beulich [Fri, 17 Feb 2017 14:49:56 +0000 (15:49 +0100)]
VMX: fix VMCS race on context-switch paths
When __context_switch() is being bypassed during original context
switch handling, the vCPU "owning" the VMCS partially loses control of
it: It will appear non-running to remote CPUs, and hence their attempt
to pause the owning vCPU will have no effect on it (as it already
looks to be paused). At the same time the "owning" CPU will re-enable
interrupts eventually (the lastest when entering the idle loop) and
hence becomes subject to IPIs from other CPUs requesting access to the
VMCS. As a result, when __context_switch() finally gets run, the CPU
may no longer have the VMCS loaded, and hence any accesses to it would
fail. Hence we may need to re-load the VMCS in vmx_ctxt_switch_from().
For consistency use the new function also in vmx_do_resume(), to
avoid leaving an open-coded incarnation of it around.
Reported-by: Kevin Mayer <Kevin.Mayer@gdata.de> Reported-by: Anshul Makkar <anshul.makkar@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Sergey Dyasli <sergey.dyasli@citrix.com> Tested-by: Sergey Dyasli <sergey.dyasli@citrix.com>
We don't need a lock in vgic_get_target_vcpu anymore, solving the
following lock inversion bug: the rank lock should be taken first, then
the vgic lock. However, gic_update_one_lr is called with the vgic lock
held, and it calls vgic_get_target_vcpu, which tries to obtain the rank
lock.
Jan Beulich [Thu, 16 Feb 2017 17:11:42 +0000 (18:11 +0100)]
x86emul: catch exceptions occurring in stubs
Before adding more use of stubs cloned from decoded guest insns, guard
ourselves against mistakes there: Should an exception (with the
noteworthy exception of #PF) occur inside the stub, forward it to the
guest.
Since the exception fixup table entry can't encode the address of the
faulting insn itself, attach it to the return address instead. This at
once provides a convenient place to hand the exception information
back: The return address is being overwritten by it before branching to
the recovery code.
Take the opportunity and (finally!) add symbol resolution to the
respective log messages (the new one is intentionally not being coded
that way, as it covers stub addresses only, which don't have symbols
associated).
Also take the opportunity and make search_one_extable() static again.
Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Tue, 14 Feb 2017 18:21:22 +0000 (18:21 +0000)]
x86/hypercall: Make the HVM hcall_64bit boolean common
HVM guests currently make use of arch.hvm_vcpu.hcall_64bit to track the ABI of
the hypercall in use.
The rest of Xen deals in terms of the comat ABI or not, so rename the boolean
and make it common, guared by CONFIG_COMPAT to avoid bloat if a compat ABI is
not wanted/needed.
Set hcall_compat uniformly for PV guests as well as HVM guests. This removes
the remaining piece of guest-type-specific knowledge from
hypercall_create_continuation(), allowing it to operate only in terms of the
hypercall ABI in use.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Tue, 14 Feb 2017 17:02:04 +0000 (17:02 +0000)]
x86/hypercall: Make the HVM hcall_preempted boolean common
HVM guests currently make use of arch.hvm_vcpu.hcall_preempted to track
hypercall preemption in struct vcpu. Move this boolean to being common at the
top level of struct vcpu, which will allow it to be reused elsewhere.
Alter the PV preemption logic to use this boolean. This simplifies the code
by removing guest-type-specific knowledge, and removes the risk of accidently
skipping backwards or forwards multiple times and corrupting %rip.
In pv_hypercall() the old_rip bodge can be removed, and parameter clobbering
can happen based on a more obvious condition.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Wed, 15 Feb 2017 18:04:58 +0000 (18:04 +0000)]
xen/include: Include xen/kconfig.h automatically
generated/autoconf.h is already included automatically so CONFIG_* defines are
available. However, the companion macros such as IS_ENABLED() are not
included.
Include them uniformly everywhere.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Julien Grall <julien.grall@arm.com>
George Dunlap [Wed, 15 Feb 2017 17:08:11 +0000 (17:08 +0000)]
tools/libxl: Introduce LIBXL_CPUPOOL_POOLID_ANY
Callers to libxl_cpupool_create() can either request a specific pool
id, or request that Xen do it for them. But at the moment, the
"automatic" selection is indicated by using a magic value, 0. This is
undesirable both because it doesn't obviously have meaning, but also
because '0' is a valid cpupool (albeit one which at the moment can't
be changed).
Introduce a constant, LIBXL_CPUPOOL_POOLID_ANY, to indicate this
instead. Still accept '0' as meaning "ANY" for backwards
compatibility.
Signed-off-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
[ wei: removed two trailing spaces ] Signed-off-by: Wei Liu <wei.liu2@citrix.com>
George Dunlap [Wed, 15 Feb 2017 17:08:10 +0000 (17:08 +0000)]
tools/libxc: Introduce XC_CPUPOOL_POOLID_ANY
Callers to xc_cpupool_create() can either request a specific pool id,
or request that Xen do it for them. But at the moment, the
"automatic" selection is indicated by using a magic value, 0. This is
undesirable both because it doesn't obviously have meaning, but also
because '0' is a valid cpupool (albeit one which at the moment can't
be changed).
Introduce a constant, XC_CPUPOOL_POOLID_ANY, to indicate this instead.
Have it be the default for the python bindings.
Manually translate it, even though it's the same underlying value,
because we don't yet have a relaible way of enforcing that these
values are the same.
Signed-off-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Juergen Gross [Wed, 15 Feb 2017 11:11:12 +0000 (12:11 +0100)]
libxl: correct xenstore entry for empty cdrom
Specifying an empty cdrom device will result in a Xenstore entry
params = aio:(null)
as the physical device path isn't existing. This lets a domain booted
via OVMF hang as OVMF is checking for "aio:" only in order to detect
the empty cdrom case.
Use an empty string for the physical device path in this case. As a
cdrom device for HVM is always backed by qdisk we only need to cover this
backend.
Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Julien Grall [Fri, 3 Feb 2017 19:18:45 +0000 (19:18 +0000)]
xen/arm: acpi: Handle correctly detection of GICv2 on GICv3
When the GICv3 is not GICv2 compatible, the associated field in the MADT
will be zeroed. However, the rest of the code expects the variable to
be set to INVALID_PADDR.
This will result to false detection of GICv2 and give I/O access to page
0 for the hardware domain.
Thankfully, it will fail because the size of GICV has not been set.
Fix the detection by converting 0 to INVALID_PADDR for the GICC and
GICV base. At the same time only set the size of each region when the
base address is not 0.
Julien Grall [Fri, 3 Feb 2017 19:21:13 +0000 (19:21 +0000)]
xen/arm: Remove the makefile target xen.axf
Since commit 4557c22 "xen: arm: rewrite start of day page table and cpu
bring up", Xen requires to be launched in NS HYP/EL2.
xen.axf is generated in order to directly boot Xen on ARM models (e.g
Foundation). However they usually start in secure mode, which mean Xen
cannot boot.
The way forward to boot Xen on models is using either EFI or
bootwrapper [1].
Andrew Cooper [Thu, 9 Feb 2017 17:08:44 +0000 (17:08 +0000)]
x86/asm: Use ASM_FLAG_OUT() to simplify atomic and bitop stubs
bitops.h cannot include asm_defns.h, because the static inlines in cpumasks.h
result in forward declarations of the bitops.h contents. Move ASM_FLAG_OUT()
to a new asm/compiler.h to compensate.
While making changes, switch bool_t to bool and use named asm parameters.
No functional change.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
George Dunlap [Wed, 15 Feb 2017 17:13:22 +0000 (17:13 +0000)]
xen/p2m: Fix p2m_flush_table for non-nested cases
Commit 71bb7304e7a7a35ea6df4b0cedebc35028e4c159 added flushing of
nested p2m tables whenever the host p2m table changed. Unfortunately
in the process, it added a filter to p2m_flush_table() function so
that the p2m would only be flushed if it was being used as a nested
p2m. This meant that the p2m was not being flushed at all for altp2m
callers.
Only check np2m_base if p2m_class for nested p2m's.
NB that this is not a security issue: The only time this codepath is
called is in cases where either nestedp2m or altp2m is enabled, and
neither of them are in security support.
Reported-by: Matt Leinhos <matt@starlab.io> Signed-off-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Tested-by: Tamas K Lengyel <tamas@tklengyel.com>
Dario Faggioli [Wed, 15 Feb 2017 15:47:29 +0000 (15:47 +0000)]
xen: sched: harmonize debug dump output among schedulers.
Information we currently print for idle vCPUs is
rather useless. Credit2 already stopped showing that,
do the same for Credit and RTDS.
Also, define a new CPU status dump hook, which is
not defined by those schedulers which already dump
such info in other ways (e.g., Credit2, which does
that while dumping runqueue information).
This also means that, still in Credit2, we can keep
the runqueue and pCPU info closer together.
That way we have one person who can: a) poke other maintainers
or pull them in with new drivers are introduced, b) we have
one maintainer who can shepherd the patches along instead of
depending on the REST maintainers which may be busy with
other responsibilities.
Acked-by: Ian Jackson <ian.jackson@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org> Acked-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
There is a possible scenario when (d)->need_iommu remains unset
during guest domain execution. For example, when no devices
were assigned to it. Taking into account that teardown callback
is not called when (d)->need_iommu is unset we might have unreleased
resourses after destroying domain.
So, always call teardown callback to roll back actions
that were performed in init callback.
This is XSA-207.
Signed-off-by: Oleksandr Tyshchenko <olekstysh@gmail.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Tested-by: Jan Beulich <jbeulich@suse.com> Tested-by: Julien Grall <julien.grall@arm.com>
Andrew Cooper [Mon, 13 Feb 2017 11:49:30 +0000 (11:49 +0000)]
x86/hvm: Improve physdev_op hypercall dispatching
hvm_physdev_op() and hvm_physdev_op_compat32() are almost identical, but there
is no need to have two functions instantiated at the end of different function
pointers.
Combine the two into a single hvm_physdev_op() and dispatch to
{do,compat}_physdev_op() based on the hcall_64bit setting.
This also fixes an inconsistency where 64bit PVH hardware domains were
permitted access to extra physdev ops, but 32bit domains weren't.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
hvm_grant_table_op() and hvm_grant_table_op_compat32() are almost identical,
but there is no need to have two functions instantiated at the end of
different function pointers.
Combine the two into a single hvm_grant_table_op() (folding
grant_table_op_is_allowed() into is now-single caller) and dispatch to
{do,compat}_grant_table_op() based on the hcall_64bit setting.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Mon, 13 Feb 2017 11:49:24 +0000 (11:49 +0000)]
x86/hvm: Improve memory_op hypercall dispatching
hvm_memory_op() and hvm_memory_op_compat32() are almost identical, but there
is no need to have two functions instantiated at the end of different function
pointers.
Combine the two into single hvm_memory_op() which dispatches to
{do,compat}_memory_op() based on the hcall_64bit setting.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Fri, 3 Feb 2017 16:21:22 +0000 (16:21 +0000)]
x86/hvm: Rework HVM_HCALL_invalidate handling
Sending an invalidation to the device model is an internal detail of
completing the hypercall; callers should not need to be responsible for it.
Drop HVM_HCALL_invalidate entirely and call send_invalidate_req() when
appropriate.
This makes the function boolean in nature, although the existing
HVM_HCALL_{completed,preempted} constants are kept to aid code clarity. While
updating the return type, drop _do from the name, as it is redundant.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Boris Ostrovsky [Mon, 13 Feb 2017 14:23:58 +0000 (15:23 +0100)]
x86: adjust which files need vpmu.h
asm-x86/vmcs.h doesn't need it while asm-x86/domain.h does.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Roger Pau Monné [Mon, 13 Feb 2017 14:23:34 +0000 (15:23 +0100)]
x86/PVHv2: fix dom0_max_vcpus so it's capped to HVM_MAX_VCPUS for PVHv2 Dom0
PVHv2 Dom0 is limited to 128 vCPUs, as are all HVM guests at the moment. Fix
dom0_max_vcpus so it takes this limitation into account.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Roger Pau Monné [Mon, 13 Feb 2017 14:22:01 +0000 (15:22 +0100)]
x86: split Dom0 build into PV and PVHv2
Split the Dom0 builder into two different functions, one for PV (and classic
PVH), and another one for PVHv2. Introduce a new command line parameter called
'dom0' that can be used to request the creation of a PVHv2 Dom0 by setting the
'hvm' sub-option. A panic has also been added if a user tries to use dom0=hvm
until all the code is in place, then the panic will be removed.
While there mark the dom0_shadow option that was used by PV Dom0 as deprecated,
it was lacking documentation and was not functional. Point users towards
dom0=shadow instead.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Mon, 13 Feb 2017 14:21:24 +0000 (15:21 +0100)]
x86/time: tsc_check_writability() may need to be run a second time
While we shouldn't remove its current invocation, we need to re-run it
for the case that the X86_FEATURE_TSC_RELIABLE feature flag has been
cleared, in order to avoid using the TSC rendezvous function in case
the TSC can't be written.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Chao Gao [Mon, 13 Feb 2017 14:19:42 +0000 (15:19 +0100)]
y86/vmx: dump PIR and vIRR before ASSERT()
Commit c7bdecae42 ("x86/apicv: fix RTC periodic timer and apicv issue") has
added a assertion that intack.vector is the highest priority vector. But
according to the osstest, the assertion failed sometimes. More discussion can
be found in the thread
(https://lists.xenproject.org/archives/html/xen-devel/2017-01/msg01019.html).
The assertion failure is hard to reproduce. In order to root cause issue, this
patch is to add logs to dump PIR and vIRR when failure takes place. It should
be reverted once the root cause is found.
Signed-off-by: Chao Gao <chao.gao@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
Andrew Cooper [Thu, 9 Feb 2017 18:22:50 +0000 (18:22 +0000)]
x86/bitops: Force __scanbit() to be always inline
It turns out that GCCs 4.9.2 and 6.3.0 instantiate __scanbit() in three
translation units, but never references the result. All real uses of
__scanbit() are already suitably inline.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Juergen Gross [Wed, 8 Feb 2017 16:09:30 +0000 (17:09 +0100)]
libxl: carve out console specific functions from libxl.c
libxl.c has grown to an uncomfortable size. Carve out the console
related functions (including channels, keyboard and frame buffer)
to libxl_console.c.
Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Jan Beulich [Sun, 12 Feb 2017 17:56:05 +0000 (17:56 +0000)]
x86emul/test: fix 32-bit build
Commit 7603eb256 ("x86emul: use eflags definitions in x86-defns.h")
removed the EFLG_* definitions without updating the use sites (which
- oddly enough - happen to all be in 32-bit only code paths).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Roger Pau Monné [Fri, 10 Feb 2017 09:42:47 +0000 (10:42 +0100)]
x86/iommu: add missing break
50a498 failed to add a break in the p2m_mmio_direct case, so Xen was still not
adding IOMMU entries for p2m_mmio_direct regions.
Spotted by Coverity.
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Razvan Cojocaru [Fri, 10 Feb 2017 09:42:02 +0000 (10:42 +0100)]
common/vm_event: prevent guest locking with large max_vcpus
It is currently possible for the guest to lock when subscribing
to synchronous vm_events if max_vcpus is larger than the
number of available ring buffer slots. This patch no longer
blocks already paused VCPUs, fixing the issue for this use
case, and wakes up as many blocked VCPUs as there are slots
available in the ring buffer, eliminating the blockage for
asynchronous events.
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
Roger Pau Monné [Fri, 10 Feb 2017 09:40:29 +0000 (10:40 +0100)]
x86/acpi: fix unmapping of low 1MB memory in acpi_os_unmap_memory
Current code in acpi_os_map_memory uses the direct map in order to map memory
in the low 1MB, but acpi_os_unmap_memory doesn't takes that into account, and
always tries to perform a vunmap, which results in the following WARN:
Roger Pau Monne [Thu, 9 Feb 2017 11:33:12 +0000 (11:33 +0000)]
x86/vmx: fix build with clang 3.8.0
The usage of the __transparent__ attribute in 991033fa introduces some issues
when compiled with clang 3.8.0:
xen/include/asm/hvm/vmx/vmx.h:605:15: error: transparent_union attribute can only be
applied to a union definition; attribute ignored [-Werror,-Wignored-attributes]
typedef union __transparent__ ept_qual {
^
xen/include/xen/compiler.h:50:44: note: expanded from macro '__transparent__'
This can be easily fixed by moving the attribute to the end of the definition,
but then the following error triggers:
xen/include/asm/hvm/vmx/vmx.h:607:5: error: size of field '' (16 bits) does not
match the size of the first field in transparent union; transparent_union attribute ignored
[-Werror,-Wignored-attributes]
struct {
^
xen/include/asm/hvm/vmx/vmx.h:606:19: note: size of first field is 64 bits
unsigned long raw;
^
Which can be fixed by introducing a new field in the nested structure that
contains the padding in order to match the size of an unsigned long.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Tue, 7 Feb 2017 15:15:56 +0000 (15:15 +0000)]
x86/p2m: Reposition p2m_teardown_nestedp2m() to avoid its forward declaration
While adjusting these functions, use unsigned int rather than uint8_t for the
loop variable, and fix the whitespace style.
No functional change.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com>
Sergey Dyasli [Thu, 9 Feb 2017 10:07:31 +0000 (11:07 +0100)]
x86/vmx: improve vmread_safe()
The original function doesn't distinguish between Valid and Invalid
VMfails. Improved function returns error code depending on the outcome:
VMsucceed: 0
VMfailValid: VM Instruction Error Number
VMfailInvalid: VMX_INSN_FAIL_INVALID (~0)
Existing users of __vmread_safe() are updated and double underscore
prefix is removed from the function's name because such prefixes are
reserved to a compiler.
Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
Roger Pau Monné [Thu, 9 Feb 2017 10:02:11 +0000 (11:02 +0100)]
x86/hvm: add vcpu parameter to guest memory copy function
Current __hvm_copy assumes that the destination memory belongs to the current
vcpu, but this is not always the case since for PVHv2 Dom0 build hvm copy
functions are used with current being the idle vcpu. Add a new vcpu parameter
to hvm copy in order to solve that. Note that only hvm_copy_to_guest_phys is
changed to take a vcpu parameter, because that's the only one at the moment
that's required in order to build a PVHv2 Dom0.
While there, also assert that the passed vcpu belongs to a HVM guest.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Fix the build, retaining prior log message attributes.
Roger Pau Monné [Thu, 9 Feb 2017 10:01:35 +0000 (11:01 +0100)]
x86/iommu: add IOMMU entries for p2m_mmio_direct pages
There's nothing wrong with allowing the domain to perform DMA transfers to
MMIO areas that it already can access from the CPU, and this allows us to
remove the hack in set_identity_p2m_entry for PVH Dom0.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
Jan Beulich [Thu, 9 Feb 2017 10:00:39 +0000 (11:00 +0100)]
VT-d: make print_vtd_entries() less verbose
Especially printing virtual addresses of mappings of the individual
pages seems rather useless here - this mostly obfuscates the important
numbers, and hinders comparing two printouts. Printing the page table
level indexes isn't very useful either, as the immediately following
lines will print the indexes again as part of printing the raw entries.
Take the opportunity and also
- adjust some format specifiers,
- widen (zero-pad) array indexes to their nominal width.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
c/s 11c397c broke the ARM build by introducing a common ACCESS_ONCE() which is
different to the definition in smmu.c
The SMMU code included a scalar typecheck, which is worth keeping in the
common case, given ACCESS_ONCE()'s restrictions. However, express the
typecheck differently so as to avoid Coverity complaints about unused
variables.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org> Acked-by: Julien Grall <julien.grall@arm.com>
Julien Grall [Wed, 8 Feb 2017 10:48:14 +0000 (10:48 +0000)]
xen/arm64: Don't zero BSS when booting using EFI
Commit 146786b "efi: create efi_enabled()" introduced a variable
efi_flags stored in BSS and used to pass information between the stub
and Xen. However on ARM, BSS is zeroed after the stub has finished to
run and before Xen is started. This means that the bits set in efi_flags
will be lost.
We were not affected before because all the variables used to pass
information between Xen and the stub are living in initdata or data.
Looking at the description of the field SizeOfRawData in the PE/COFF
header (see [1]):
"If this is less than VirtualSize, the remainder of the section is
zero-filled. Because the SizeOfRawData field is rounded but the
VirtualSize field is not, it is possible for SizeOfRawData to be greater
than VirtualSize as well. When a section contains only uninitialized
data, this field should be zero."
Both VirtualSize and SizeOfRawData are correctly set in the header (see
arch/arm/arm64/head.S) so the EFI firmware will zero BSS for us.
Therefore we don't need to zero BSS before running the EFI stub and can
skip the one between the EFI stub and Xen.
To avoid another branch instruction, slightly refactor the code. The
register x26 is allocated to hold whether BSS is skipped. The value will
be:
- 0 when the code is running on CPU0 and EFI is not used
- 1 when EFI is used or running on other processor than the boot one.
Andrew Cooper [Tue, 7 Feb 2017 14:01:29 +0000 (14:01 +0000)]
x86/p2m: Stop other vcpus using a nested p2m before clearing it
Until the IPI has completed, other processors might be running on this nested
p2m object. clear_domain_page() does not guarantee to make 8-byte atomic
updates, which means that a pagewalk on a remote processor might encounter a
partial update.
This is currently safe as other issues prevents a nested p2m ever being shared
between two cpus (although this is contrary to the original plan).
Setting p2m->np2m_base to P2M_BASE_EADDR before the IPI ensures that the IPI'd
processors won't continue to use the flushed mappings.
While modifying this function, remove all the trailing whitespace and tweak
style in the affected areas.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Wed, 7 Dec 2016 13:52:02 +0000 (13:52 +0000)]
x86/time: Adjust init-time handling of pit0_ticks
There is no need for the volatile cast in the timer interrupt; the compiler
may not elide the update. This reduces the generated assembly from a read,
local modify, write to a single add instruction.
Drop the memory barriers from timer_irq_works(), as they are not needed.
pit0_ticks is only modified by timer_interrupt() running on the same CPU, so
all that is required is a volatile reference to prevent the compiler from
eliding the second read.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Mon, 30 Jan 2017 16:43:39 +0000 (16:43 +0000)]
x86/vmx: Drop ept_get_*() helpers
The ept_get_*() helpers are not used consistently, and are more verbose than
the code they wrap. Drop the wrappers and use the internal union names
consistently.
While making these adjustments, drop the redundant ept_* prefix from mt, wl
and ad, and rename the asr field to mfn for consistency with Xen's existing
terminology.
No functional change.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
Fatih Acar [Thu, 2 Feb 2017 12:20:49 +0000 (13:20 +0100)]
xl: Make the devid attribute manually settable for nics
This permits to have control over the devid attribute when attaching new nics.
It may become useful if one has its own nic indexing somewhere else than xl/xenstore.
Signed-off-by: Fatih Acar <fatih.acar@gandi.net> Signed-off-by: Nikita Kozlov <nikita.kozlov@gandi.net> Signed-off-by: Vincent Legout <vincent.legout@gandi.net> Signed-off-by: Baptiste Daroussin <baptiste.daroussin@gandi.net> Acked-by: Wei Liu <wei.liu2@citrix.com>
Jan Beulich [Tue, 7 Feb 2017 13:32:40 +0000 (14:32 +0100)]
x86/time: correctly honor late clearing of TSC related feature flags
As such clearing of flags may have an impact on the selected rendezvous
function, defer the establishing of a rendezvous function other than
the initial default one (std) until after all APs have been brought up.
But don't allow such feature flags to be cleared during CPU hotplug:
Platform and local system times may have diverged significantly by
then, potentially causing noticeably (even if only temporary) strange
behavior. As we're anyway expecting only sufficiently similar CPUs to
appear during hotplug, this shouldn't be introducing new limitations.
Reported-by: Joao Martins <joao.m.martins@oracle.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Tue, 7 Feb 2017 13:32:05 +0000 (14:32 +0100)]
page_alloc: clear nr_bootmem_regions in end_boot_allocator()
... to make alloc_boot_pages() fail for late callers. Don't rely on
reaching the BOOT_BUG_ON(1) near the end of that function though, but
instead make this situation easier to distinguish from actual
allocation failures by adding an explicit check.
While there, make the iteration variable unsigned and guard against
underflow.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
projects / xen.git / log