Wei Liu [Wed, 31 Aug 2016 15:26:51 +0000 (16:26 +0100)]
xen: fix gcov compilation
Currently enabling gcov in hypervisor won't build because although 26c9d03d ("gcov: Adding support for coverage information") claimed that
%.init.o files were excluded from applying compilation options, it was
in fact not true.
Fix that by filtering out the options correctly. Because the dependency
of stub.o in x86 EFI build can't be eliminated easily and we prefer a
generalised method going forward, we introduce nogcov-y to explicitly
mark objects that don't need to build with gcov support.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Jan Beulich <JBeulich@suse.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Wei Liu [Wed, 31 Aug 2016 15:26:50 +0000 (16:26 +0100)]
arm64: use "b" to branch to start_xen
The cbz instruction has range limitation. When compiled with gcov
support the object is larger so cbz can't handle that anymore. The error
message is like:
aarch64-linux-gnu-ld -EL -T xen.lds -N prelink.o \
/local/work/xen.git/xen/common/symbols-dummy.o -o /local/work/xen.git/xen/.xen-syms.0
prelink.o: In function `launch':
/local/work/xen.git/xen/arch/arm/arm64/head.S:602:(.text+0x408): relocation truncated to fit: R_AARCH64_CONDBR19 against symbol `start_xen' defined in .init.text section in prelink.o
Use "b" instead.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Julien Grall <julien.grall@arm.com>
Wei Liu [Fri, 26 Aug 2016 10:11:46 +0000 (11:11 +0100)]
libxl: update flex output files
Libxl ships output files from flex (libxlu_*_l.{c,h}). We use the flex
shipped in Debian to generate those files. Debian just patched their
flex (DSA 3653-1) to fix CVE-2016-6354, which is a buffer overrun bug.
Note that libxl is _NOT_ vulnerable to that CVE. See below for Ian's
analysis to security@xen.
It would still be nice that we update our shipped flex output files to
avoid confusion.
===QUOTE===
The bug is that with input >16K[1] flex would usually fail to resize
the input buffer, and then overrun it.
I have read the code in libxlu_cfg_l.c to try to understand the
implications for libxl.
AFAICT
- libxl always does config file reading _from the file_ itself, and
provides flex with a string or buffer.
- so we always call whatever_yy_scan_bytes, not any other flex setup
function to set up a `buffer' (as flex calls it)
- yy_scan_bytes calls yy_scan_buffer to set up the buffer
- yy_scan_buffer sets b->yy_fill_buffer
- The effect of this is that yy_get_next_buffer will always
return early, rather than continuing on to the vulnerable code.
So I think libxl is not vulnerable, regardless of the contents of the
configuration file.
[1] the default buffer size, or whatever other buffer size is
configured (but we don't change it)
===ENDQUOTE===
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Juergen Gross [Fri, 26 Aug 2016 11:58:55 +0000 (13:58 +0200)]
libxc: correct max_pfn calculation for saving domain
Commit 91e204d37f44913913776d0a89279721694f8b32 ("libxc: try to find
last used pfn when migrating") introduced a bug for the case of a
domain supporting the virtual mapped linear p2m list: the maximum pfn
of the domain calculated from the p2m memory allocation might be too
low.
Correct this.
Reported-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Juergen Gross <jgross@suse.com> Tested-by: Stefan Bader <stefan.bader@canonical.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
The struct hvm_domain.vmx is defined in a union along with the svm.
This can causes issue for SVM since this code is used in the common
scheduling code for x86. The logic must check for cpu_has_vmx before
accessing the hvm_domain.vmx sturcture.
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Mon, 29 Aug 2016 14:04:22 +0000 (16:04 +0200)]
pass-through: drop pointless uses of __func__
Non-debugging message text should be (and is in the cases here)
distinguishable without also logging function names. Additionally log
the PCI device coordinates for alloc_pdev() failure.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Daniel Kiper [Thu, 25 Aug 2016 12:03:24 +0000 (14:03 +0200)]
x86/boot: use %ecx instead of %eax
Use %ecx instead of %eax to store low memory upper limit from EBDA.
This way we do not wipe multiboot protocol identifier. It is needed
in reloc() to differentiate between multiboot (v1) and
multiboot2 protocol.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Daniel Kiper [Thu, 25 Aug 2016 12:02:53 +0000 (14:02 +0200)]
x86/boot: call reloc() using stdcall calling convention
Current reloc() call method makes confusion and does not scale well
for more arguments. And subsequent patch adding multiboot2 protocol
support have to pass 3 arguments instead of 2. Hence, move reloc()
call to stdcall calling convention. One may argue that we should use
standard cdecl calling convention. However, stdcall is better here
than cdecl because we do not need to remove "manually" arguments from
stack in xen/arch/x86/boot/head.S assembly file.
Suggested-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Daniel Kiper [Thu, 25 Aug 2016 12:00:57 +0000 (14:00 +0200)]
x86/boot: create *.lnk files with linker script
Newer GCC (e.g. gcc version 5.1.1 20150618 (Red Hat 5.1.1-4) (GCC)) does
some code optimizations by creating data sections (e.g. jump addresses
for C switch/case are calculated using data in .rodata section). This
thing is not accepted by *.lnk build recipe which requires that only .text
section lives in output. Potentially we can inhibit this GCC behavior by
using special options, e.g. -fno-tree-switch-conversion. However, this
does not guarantee that in the future new similar optimizations or anything
else which creates not accepted sections will not break our build recipes
again. I do not mention that probably this is not good idea to just disable
random optimizations. So, take over full control on *.lnk linking process
by using linker script and merge all text and data sections into one
.text section.
Additionally, remove .got.plt section which is not used in our final code.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Chris Patterson [Thu, 25 Aug 2016 07:00:59 +0000 (09:00 +0200)]
ns16550: mask transmit holding register empty interrupt when tx is stopped
The uart generates an interrupt whenever the transmit holding register is
empty and UART_IER_ETHREI is set in UART_IER. Currently, Xen's ns16550
driver does not currently mask this interrupt when transmit is stopped,
unlike other platforms such as Linux [1].
Toggle UART_IER_ETHREI flag in the UART_IER according to the state dictated
by stop_tx and start_tx hooks.
On the Tegra platform (forthcoming series), the reset via reading IIR does not
prevent re-assertion of THRE. This causes Xen to hang in the interrupt
handler's while loop whenever there is no data to transmit. This behavior (bug?)
is addressed by utilizing the start & stop tx hooks.
This has been tested on various x86 PCs for any obvious signs of regressions.
Wei Liu [Mon, 22 Aug 2016 12:47:53 +0000 (13:47 +0100)]
hvmloader: use bound checking in get_module_entry
Coverity complains:
overflow_before_widen: Potentially overflowing expression
info->nr_modules * 32U with type unsigned int (32 bits, unsigned) is
evaluated using 32-bit arithmetic, and then used in a context that
expects an expression of type uint64_t (64 bits, unsigned).
The overflow is unlikely to happen in reality because we only expect a
few modules.
Fix that by converting the check to use bound checking to placate
Coverity.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Fri, 19 Aug 2016 14:08:10 +0000 (15:08 +0100)]
xen/physmap: Do not permit a guest to populate PoD pages for itself
PoD is supposed to be entirely transparent to guest, but this interface has
been left exposed for a long time.
The use of PoD requires careful co-ordination by the toolstack with the
XENMEM_{get,set}_pod_target hypercalls, and xenstore ballooning target. The
best a guest can do without toolstack cooperation crash.
Furthermore, there are combinations of features (e.g. c/s c63868ff "libxl:
disallow PCI device assignment for HVM guest when PoD is enabled") which a
toolstack might wish to explicitly prohibit (in this case, because the two
simply don't function in combination). In such cases, the guest mustn't be
able to subvert the configuration chosen by the toolstack.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Fri, 19 Aug 2016 15:04:28 +0000 (17:04 +0200)]
x86: don't needlessly globalize page table labels
Neither l1_identmap[] nor l3_identmap[] get referenced from outside
their defining source file; the latter didn't even have an extern
declaration for use from C sources.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 19 Aug 2016 15:03:33 +0000 (17:03 +0200)]
x86/EFI: don't apply relocations to l{2,3}_bootmap
Other than claimed in commit 2ce5963727's ("x86: construct the
{l2,l3}_bootmap at compile time") the initialization of the two page
tables doesn't take care of everything without furher adjustment: The
compile time initialization obviously requires base relocations, and
those get processed after efi_arch_memory_setup(). Hence without
additional care the correctly initialized values may then get wrongly
"adjusted" again. Except the two table from being subject to base
relocation.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper@citrix.com>
Derek Straka [Fri, 19 Aug 2016 15:02:27 +0000 (17:02 +0200)]
x86: add a tboot Kconfig option
Allows for the conditional inclusion of tboot related functionality
via Kconfig
The default configuration for the new CONFIG_TBOOT option is 'y', so the
behavior out of the box remains unchanged. The addition of the option allows
advanced users to disable system behaviors associated with tboot at compile
time rather than relying on the run-time detection and configuration.
The CONFIG_CRYPTO option is 'n' by default and selected by the individual users
that require the functionality. Currently, the only user is tboot.
Signed-off-by: Derek Straka <derek@asterius.io> Acked-by: Jan Beulich <jbeulich@suse.com>
Anthony PERARD [Thu, 8 Oct 2015 15:26:32 +0000 (16:26 +0100)]
configure: do not depend on SEABIOS_PATH or OVMF_PATH ...
... to compile SeaBIOS and OVMF. Only depend on CONFIG_*.
If --with-system-* configure option is used, then set *_CONFIG=n to not
compile SEABIOS and OVMF.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Anthony PERARD [Wed, 7 Oct 2015 14:45:14 +0000 (15:45 +0100)]
hvmloader: Load OVMF from modules
... and do not include the OVMF ROM into hvmloader anymore.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Anthony PERARD [Tue, 20 Oct 2015 15:57:51 +0000 (16:57 +0100)]
hvmloader: Load SeaBIOS from hvm_start_info modules
... and do not include the SeaBIOS ROM into hvmloader anymore.
This also fix the dependency on roms.inc, hvmloader.o does not include it.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Anthony PERARD [Mon, 19 Oct 2015 14:42:14 +0000 (15:42 +0100)]
hvmloader: Grab the hvm_start_info pointer
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Anthony PERARD [Wed, 16 Sep 2015 14:12:15 +0000 (15:12 +0100)]
libxl: Load guest BIOS from file
The path to the BIOS blob can be overriden by the xl's
bios_path_override option, or provided by u.hvm.bios_firmware in the
domain_build_info struct by other libxl user.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Anthony PERARD [Mon, 28 Sep 2015 18:03:55 +0000 (19:03 +0100)]
configure: #define SEABIOS_PATH and OVMF_PATH
Those paths are to be used by libxl, in order to load the firmware in
memory. If a system path is not defined via --with-system-seabios or
--with-system-ovmf, then default to the Xen firmware directory.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Anthony PERARD [Mon, 21 Sep 2015 11:36:25 +0000 (12:36 +0100)]
libxc: Prepare a start info structure for hvmloader
... and load BIOS/UEFI firmware into guest memory.
This adds a new firmware module, system_firmware_module. It is loaded in
the guest memory and final location is provided to hvmloader via the
hvm_start_info struct.
This patch create the hvm_start_info struct for HVM guest that have a
device model, so this is now common code with HVM guest without device
model.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Anthony PERARD [Fri, 19 Feb 2016 17:35:43 +0000 (17:35 +0000)]
libxc: Rework extra module initialisation
This patch use xc_dom_alloc_segment() to allocate the memory space for the
ACPI modules and the SMBIOS modules. This is to replace the arbitrary
placement of 1MB (+ extra for MB alignement) after the hvmloader image.
This patch can help if one add extra ACPI table and hvmloader contain
OVMF (OVMF is a 2MB binary), as in that case the extra ACPI table could
easily be loaded past the address 4MB, but hvmloader use a range of
memory from 4MB to 10MB to perform tests and in the process, clears the
memory, before loading the modules.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Juergen Gross [Thu, 18 Aug 2016 10:04:30 +0000 (12:04 +0200)]
xen: Move the hvm_start_info C representation to the public headers
Instead of having several representation of hvm_start_info in C, define
it in public/arch-x86/hvm/start_info.h so both libxc and hvmloader can
use it.
Also move the comment describing the binary format to be alongside the
C struct.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Jan Beulich [Wed, 17 Aug 2016 13:36:55 +0000 (15:36 +0200)]
x86emul: improve LOCK handling
Certain opcodes would so far not have got #UD when a LOCK prefix was
present. Adjust this by
- moving the too early generic check into destination operand decoding,
where DstNone and DstReg already have respective handling
- switching source and destination of TEST r,r/m, for it to be taken
care of by aforementioned generic checks
- explicitly dealing with all forms of CMP, SHLD, SHRD, as well as
TEST $imm,r/m
To make the handling of opcodes F6 and F7 more obvious, reduce the
amount of state set in the table, and adjust the respective switch()
statement accordingly.
Also eliminate the latent bug of the check in DstNone handling not
considering the opcode extension set.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 17 Aug 2016 13:34:26 +0000 (15:34 +0200)]
x86emul: introduce SrcEax for XCHG
Just like said in commit c0bc0adf24 ("x86emul: use DstEax where
possible"): While it avoids just a few instructions, we should
nevertheless make use of generic code as much as possible. Here we can
arrange for that by simply introducing SrcEax (which requires no other
code adjustments).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 17 Aug 2016 13:33:27 +0000 (15:33 +0200)]
x86emul: don't open code EFLAGS handling for 2-operand IMUL
Slightly extending the emulate_2op*() macro machinery makes it usable
for IMUL r,r/m too, which has the benefit of smaller source code and
the EFLAGS output being guaranteed to match actual hardware behavior.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 17 Aug 2016 13:32:51 +0000 (15:32 +0200)]
x86emul: use DstEax also for {,I}{MUL,DIV}
Just like said in commit c0bc0adf24 ("x86emul: use DstEax where
possible"): While it avoids just a few instructions, we should
nevertheless make use of generic code as much as possible.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 17 Aug 2016 13:31:56 +0000 (15:31 +0200)]
domctl: relax getdomaininfo permissions
Qemu needs access to this for the domain it controls, both due to it
being used by xc_domain_memory_mapping() (which qemu calls) and the
explicit use in hw/xenpv/xen_domainbuild.c:xen_domain_poll(). Extend
permissions to that of any "ordinary" domctl: A domain controlling the
targeted domain can invoke this operation for that target domain (which
is being achieved by no longer passing NULL to xsm_domctl()).
This at once avoids a for_each_domain() loop when the ID of an
existing domain gets passed in.
Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Jan Beulich [Tue, 16 Aug 2016 13:44:05 +0000 (15:44 +0200)]
x86emul: drop SrcInvalid
As of commit a800e4f611 ("x86emul: drop pointless and add useful
default cases") we no longer need the early bailing when "d == 0" (the
default cases in the main switch() statements take care of that),
removal of which renders both callers of internal_error() wrong and
SrcInvalid useless. Drop them, as they're going to get in the way of
completing the decoder to cover all known insns (to allow it to be
used by more callers) without at the same time completing the actual
emulation logic.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Tue, 16 Aug 2016 13:35:13 +0000 (15:35 +0200)]
x86emul: drop RIP-relative special case for TEST
Moving ahead the "early operand adjustments" logic, the "test $imm,r/m"
special logic in the determination of the instruction boundary is no
longer necessary.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Mon, 15 Aug 2016 10:22:14 +0000 (12:22 +0200)]
x86emul: introduce SrcImm16
... and use it for RET, LRET, and ENTER processing to limit the amount
of "manual" insn bytes fetching. Note that for the RET and LRET paths
the change utilizes that SrcImplicit (aka SrcNone) table entries leave
src.val as zero.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Mon, 15 Aug 2016 08:41:48 +0000 (10:41 +0200)]
x86: force suitable alignment in sources rather than in linker script
Besides being more logical this also allows verifying correct recording
of alignments in .o files.
The cpu0_stack related ASSERT() in xen.lds.S is now of questionable
value (as it now verifies correct tool chain behavior), but I've left
it in nevertheless.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Mon, 15 Aug 2016 08:41:02 +0000 (10:41 +0200)]
build-id: fix minor quirks
The initial size check in xen_build_id_check() came too late (after the
first access to the structure), but was mostly redundant with checks
done in all callers; convert it to a properly placed ASSERT(). The
"mostly" part being addressed too: xen_build_init() was off by one.
And then there was a stray semicolon.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Jan Beulich [Fri, 12 Aug 2016 14:57:07 +0000 (16:57 +0200)]
x86emul: don't special case fetching unsigned 8-bit immediates
These can be made work using SrcImmByte, making sure the low 8 bits of
src.val get suitably zero extended upon consumption. SHLD and SHRD
require a little more adjustment: Their source operands get changed
away from SrcReg, handling the register access "manually" instead of
the insn byte fetching.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 12 Aug 2016 14:55:48 +0000 (16:55 +0200)]
x86emul: all push flavors are data moves
Make all paths leading to the "push" label have the Mov flag set, and
ASSERT() that to be the case. For the opcode FF group the adjustment is
benign for the paths not leading to "push", as they all set dst.type to
OP_NONE
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 12 Aug 2016 14:54:24 +0000 (16:54 +0200)]
x86emul: don't special case fetching the immediate of PUSH
These immediates follow the standard patterns in all modes, so they're
better fetched by the generic source operand handling code.
To facilitate testing, instead of adding yet another of these pretty
convoluted individual test cases, simply introduce another blowfish run
with -mno-accumulate-outgoing-args (the additional -Dstatic is to
keep the compiler from converting the calling convention to
"regparm(3)", which I did observe it does).
To make this introduction of a new blowfish pass (and potential further
ones later one) have less impact on the readability of the final code,
abstract all such "binary blob" executions via a table to iterate
through.
The resulting native code execution adjustment also uncovered a lack of
clobbers on the asm() in the 64-bit case, which is being fixed at once.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Razvan Cojocaru [Fri, 12 Aug 2016 14:51:36 +0000 (16:51 +0200)]
vm_event: synchronize vCPU state in vm_event_resume()
Vm_event_vcpu_pause() needs to use vcpu_pause_nosync() in order
for the current vCPU to not get stuck. A consequence of this is
that the custom vm_event response handlers will not always see
the real vCPU state in v->arch.user_regs. This patch makes sure
that the state is always synchronized in vm_event_resume, before
any handlers have been called. This problem especially affects
vm_event_set_registers().
Simply checking vm_event_pause_count to make sure the vCPU is
paused suffices since there's only one ring / consumer at a
time, and events are being processed one-by-one, so the
toolstack won't unpause the vCPU behind our backs.
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Acked-by: Tamas K Lengyel <tamas@tklengyel.com>
Andrew Cooper [Thu, 11 Aug 2016 17:21:14 +0000 (17:21 +0000)]
x86/cpufreq: Avoid using processor_pminfo[cpu] when it is NULL
The undefined behaviour sanitiser shows that it really is NULL via the
pre_initcall path.
(XEN) ================================================================================
(XEN) UBSAN: Undefined behaviour in cpufreq.c:158:66
(XEN) member access within null pointer of type 'struct processor_pminfo'
(XEN) ----[ Xen-4.8-unstable x86_64 debug=y Not tainted ]----
<snip>
(XEN) [<ffff82d0801c4231>] cpufreq_add_cpu+0x161/0xdc0
(XEN) [<ffff82d0801c6610>] cpufreq.c#cpu_callback+0x20/0x30
(XEN) [<ffff82d0804eefad>] cpufreq.c#cpufreq_presmp_init+0x2d/0x50
(XEN) [<ffff82d0804c5942>] do_presmp_initcalls+0x22/0x30
(XEN) [<ffff82d08051852d>] __start_xen+0x378d/0x42f0
(XEN) [<ffff82d080100073>] __high_start+0x53/0x60
Fix two other occurances of the same buggy logic.
The processor_pminfo[] objects are only allocated as a result of
XENPF_set_processor_pminfo hypercalls, which means that this early cpu
callback will always hit the early NULL check, and is therefore pointless.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Thu, 11 Aug 2016 11:36:42 +0000 (13:36 +0200)]
x86/NUMA: cleanup
- drop the only left CONFIG_NUMA conditional (this is always true)
- drop struct node_data's node_id field (being always equal to the
node_data[] array index used)
- don't open code node_{start,end}_pfn() nor node_spanned_pages()
except when used as lvalues (those could be converted too, but this
seems a little awkward)
- no longer open code pfn_to_paddr() in an expression being modified
anyway
- make dump less verbose by logging actual vs intended node IDs only
when they don't match
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Thu, 11 Aug 2016 11:35:50 +0000 (13:35 +0200)]
page-alloc/x86: don't restrict DMA heap to node 0
When node zero has no memory, the DMA bit width will end up getting set
to 9, which is obviously not helpful to hold back a reasonable amount
of low enough memory for Dom0 to use for DMA purposes. Find the lowest
node with memory below 4Gb instead.
Introduce arch_get_dma_bitsize() to keep this arch-specific logic out
of common code.
Also adjust the original calculation: I think the subtraction of 1
should have been part of the flsl() argument rather than getting
applied to its result. And while previously the division by 4 was valid
to be done on the flsl() result, this now also needs to be converted,
as is should only be applied to the spanned pages value.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Trammell Hudson [Thu, 11 Aug 2016 11:34:59 +0000 (13:34 +0200)]
allow reproducible builds of xen.gz
The mkelf32 executable was using an uninitialized stack buffer for
padding after the ehdr and phdr are written to the xen file, which
leads to non-deterministic bytes in the binary and prevented Xen
hypervisors from being reproducibly built.
Additionally, the file was then compressed with gzip -9 without the
-n | --no-name flag, which lead to the xen.gz file having
non-deterministric bytes (the timestamp) in the compressed file.
Signed-off-by: Trammell Hudson <trammell.hudson@twosigma.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Fri, 5 Aug 2016 13:26:21 +0000 (14:26 +0100)]
x86/microcode: Avoid undefined behaviour from signed integer overflow
The checksums should be calculated using unsigned 32bit integers, as they are
intended to overflow and end at 0. Replace some other signed integers with
unsigned ones, to avoid mixed-sign comparisons.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
Andrew Cooper [Fri, 5 Aug 2016 13:22:48 +0000 (14:22 +0100)]
xen/common: Avoid undefined behaviour by shifting into a sign bit
For d->shutdown_code, change the field to being unsigned and using an unsigned
sentinel. The sentinal needs to be distinguishable from any value
representable in a u8.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andrew Cooper [Wed, 10 Aug 2016 09:41:28 +0000 (10:41 +0100)]
x86/traps: Fix failed ASSERT() in do_guest_trap()
c/s 2e426d6 "x86/traps: Drop use_error_code parameter from do_{,guest_}trap()"
introduced an assertion which covered the correctness of shifting 1u by an
input parameter.
While all other inputs provide a constants vector, the `int $N` handling path
from do_general_protection() passes any vector.
This path is triggered by XTF, which uses `int 0x20` to facilitate returning
to kernel mode after running specific tests in user mode.
No vectors above 32 have an error code, so adjust the logic to cope.
Reported-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Boris Ostrovsky [Wed, 10 Aug 2016 09:58:34 +0000 (11:58 +0200)]
hvmloader: acpi_build_tables() can't take acpi_config as const
We'd need to update other routines' definitions. However, acpi_config
is not really a const since new_vm_gid() wants to update
acpi_config.vm_gid_addr.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
By doing this we can move hvmloader-private interfaces (such as
uart_exists(), lpt_exists() etc.) out of the ACPI builder. This will
help us with allowing to call the builder from places other than
hvmloader.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
George Dunlap [Mon, 8 Aug 2016 09:42:50 +0000 (10:42 +0100)]
tools/xenalyze: Allow automatic resizing of sample buffers
Rather than have large fixed-size buffers, start with smaller buffers
and allow them to grow as needed (doubling each time), with a fairly
large maximum. Allow this maximum to be set by a command-line
parameter.
Signed-off-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
George Dunlap [Mon, 8 Aug 2016 09:42:49 +0000 (10:42 +0100)]
tools/xenalyze: Get rid of extraneous data structure
The only difference between event_cycle_summary and cycle_summary was
that the former has a separate counter for "events" which had
zero-cycle events. But a lot of the code dealing with them had to be
duplicated with slightly different fields.
Remove event_cycle_summary, add an "event_count" field to
cycle_symmary, and use cycle_summary for everything.
Signed-off-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
George Dunlap [Mon, 8 Aug 2016 09:42:48 +0000 (10:42 +0100)]
tools/xenalyze: Remove weighted cpi summaries
At the moment these structures are not used, and half of the code for
collecting it is commented out. To be used they require further
support for collecting hardware instruction counter data inside of
Xen.
Remove the code entirely; when they're wanted again they will be here
in the git log.
Signed-off-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Andrew Cooper [Wed, 3 Aug 2016 16:56:56 +0000 (16:56 +0000)]
x86/traps: Drop use_error_code parameter from do_{,guest_}trap()
Whether or not an error code is needed can be determinted entirely from the
trapnr paramter, as error codes are architecturally specified.
Introduce TRAP_HAVE_EC as a bitmap of reserved vectors which have error codes,
and drop the use_error_code from all callsites.
As a result, the DO_ERROR{,_NOCODE}() macros become entirely superflouous and
can be dropped. Update the exception_table to point straight at do_trap().
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Wei Liu [Mon, 1 Aug 2016 09:55:59 +0000 (10:55 +0100)]
xl: use xenconsole startup protocol
If user asks xl to automatically connect to console when creating a
guest, use the new startup protocol before trying to unpause domain so
that we don't lose any console output.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
George Dunlap [Mon, 8 Aug 2016 10:07:46 +0000 (11:07 +0100)]
CODING_STYLE: Allow single-sentence comments without full stops
One of the common ways in which contributors trip up over the
CODING_STYLE guides is by not putting a full stop at the end of a
comment when there is only a single sentence. Calling these out is a
waste of everybody's time: The full stop at the end of a comment with
a single sentence (or a single phrase) adds absolutely nothing to the
legibility of the code.
Modify CODING_STYLE to allow comments with a single sentence or
sentence fragment to either have a full stop or not, while making it
clear that comments with multiple sentences must have a full stop at
the end of each sentence.
Signed-off-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Ian Jackson <ian.jackson@citrix.com>
Dario Faggioli [Thu, 4 Aug 2016 08:59:03 +0000 (10:59 +0200)]
tools: xenalyze: kill spurious sched_switch output in non dump mode.
In fact, 52cf096df7 ("xenalyze: handle scheduling event"),
when dealing with TRC_SCHED_SWITCH, forgot to check whether
we actually are in dump mode, causing the printf() in
dump_sched_switch() to always produce its output, which
is not what we want.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
projects / xen.git / log