Andrew Cooper [Mon, 9 Apr 2018 09:39:32 +0000 (09:39 +0000)]
x86/pv: Fix up erroneous segments for 32bit syscall entry
The existing FLAT_KERNEL_SS expands to the correct value, 0xe02b, but is the
wrong constant to use. Switch to FLAT_USER_SS32.
For compat domains however, the reported values are entirely bogus.
FLAT_USER_SS32 (value 0xe02b) is FLAT_RING3_CS in the 32bit ABI, while
FLAT_USER_CS32 (value 0xe023) is FLAT_RING1_DS with an RPL of 3.
The guests SYSCALL callback is invoked with a broken iret frame, and if left
unmodified by the guest, will fail on the way back out when Xen's iret tries
to load a code segment into %ss.
In practice, this is only a problem for 32bit PV guests on AMD hardware, as
Intel hardware doesn't permit the SYSCALL instruction outside of 64bit mode.
This appears to have been broken ever since 64bit support was added to Xen,
and has gone unnoticed because Linux doesn't use SYSCALL in 32bit builds.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Release-acked-by: Juergen Gross <jgross@suse.com>
Drop the _mfn() wrappers now that page_to_mfn() returns the correct type.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Release-acked-by: Juergen Gross <jgross@suse.com>
Julien Grall [Wed, 21 Feb 2018 13:46:27 +0000 (13:46 +0000)]
xen: Convert page_to_mfn and mfn_to_page to use typesafe MFN
Most of the users of page_to_mfn and mfn_to_page are either overriding
the macros to make them work with mfn_t or use mfn_x/_mfn because the
rest of the function use mfn_t.
So make page_to_mfn and mfn_to_page return mfn_t by default. The __*
version are now dropped as this patch will convert all the remaining
non-typesafe callers.
Only reasonable clean-ups are done in this patch. The rest will use
_mfn/mfn_x for the time being.
Lastly, domain_page_to_mfn is also converted to use mfn_t given that
most of the callers are now switched to _mfn(domain_page_to_mfn(...)).
Signed-off-by: Julien Grall <julien.grall@arm.com> Acked-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Tim Deegan <tim@xen.org> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Julien Grall [Wed, 21 Feb 2018 13:46:26 +0000 (13:46 +0000)]
xen/grant: Switch common/grant_table.c to use typesafe MFN
At the same time replace MFN 0 by INVALID_MFN or drop the initializer
when it is not necessary. This will make clearer that the MFN
initialized is not valid.
Other than MFN 0 -> INVALID_MFN, no functional change intended.
Signed-off-by: Julien Grall <julien.grall@arm.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Julien Grall [Wed, 21 Feb 2018 13:46:26 +0000 (13:46 +0000)]
xen/grant: Switch {create, replace}_grant_p2m_mapping to typesafe MFN
The current prototype is slightly confusing because it takes a guest
physical address and a machine physical frame (not address!). Switching to
MFN will improve safety and reduce the chance to mistakenly invert the
2 parameters.
Signed-off-by: Julien grall <julien.grall@arm.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Julien Grall [Wed, 21 Feb 2018 13:46:25 +0000 (13:46 +0000)]
xen/mm: Switch map_pages_to_xen to use MFN typesafe
The current prototype is slightly confusing because it takes a virtual
address and a physical frame (not address!). Switching to MFN will improve
safety and reduce the chance to mistakenly invert the 2 parameters.
Also, take the opportunity to switch (a - b) >> PAGE_SHIFT to
PFN_DOWN(a - b) in the code modified.
Signed-off-by: Julien Grall <julien.grall@arm.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
Julien Grall [Wed, 21 Feb 2018 13:46:25 +0000 (13:46 +0000)]
xen/mm: Drop the parameter mfn from populate_pt_range
The function populate_pt_range is used to populate in advance the
page-table but it will not do the actual mapping. So passing the MFN in
parameter is pointless. Note that the only caller pass 0...
At the same time replace 0 by INVALID_MFNs. While this does not matter
as the entry will marked as not valid and populated, INVALID_MFN
helps the reader to know the MFN is invalid.
Signed-off-by: Julien Grall <julien.grall@arm.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
--
Cc: Stefano Stabellini <sstabellini@kernel.org> Cc: Julien Grall <julien.grall@arm.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Tim Deegan <tim@xen.org>
Changes in v6:
- Add George's and Wei's reviewed-by
- Add Andrew's acked-by
Changes in v5:
- Update the commit message to explain why 0 -> INVALID_MFN.
Marcello Seri [Thu, 5 Apr 2018 10:40:21 +0000 (11:40 +0100)]
tools: reduce copies b/w ocaml Strings and Bytes
When xenstore was ported to the new safe-string interface, it mostly
happened by making copyies of string into bytes and back. The ideal
fix would be to rewrite all of the relevant interfaces to be uniformly
using bytes, but in the meanwhile we can improve the code by using unsafe
conversion functions (see
https://caml.inria.fr/pub/docs/manual-ocaml/libref/Bytes.html#3_Unsafeconversionsforadvancedusers).
In most cases we own the bytes that we are converting to string, or we
immediately make copies that we then mutate, or we use them immutably
as payloads for writes. In all these cases it is safe to use the unsafe
functions and prevent a copy.
This patch updates the code to use the unsafe conversions where possible.
Signed-off-by: Marcello Seri <marcello.seri@citrix.com> Reviewed-by: Christian Lindig <christian.lindig@citrix.com> Release-acked-by: Juergen Gross <jgross@suse.com>
c/s 74fd984ae "tools/libxl: Drop xc_domain_configuration_t from
libxl__domain_build_state" removed state->config completely, but the GIC
version is available in info. Use the up-to-date version.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Juergen Gross <jgross@suse.com>
kdd.c:698:13: error: 'memcpy' offset [-204, -717] is out of the bounds [0, 216] of object 'ctrl' with type 'kdd_ctrl' {aka 'union <anonymous>'} [-Werror=array-bounds]
memcpy(buf, ((uint8_t *)&ctrl.c32) + offset, len);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kdd.c: In function 'kdd_select_callback':
kdd.c:642:14: note: 'ctrl' declared here
kdd_ctrl ctrl;
^~~~
But this is impossible - 'offset' is unsigned and correctly validated
few lines before.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Juergen Gross <jgross@suse.com>
vhd-util-read.c: In function 'vhd_util_read':
vhd-util-read.c:50:24: error: '%lu' directive output may be truncated writing between 1 and 20 bytes into a region of size 15 [-Werror=format-truncation=]
snprintf(nbuf, nsize, "%" PRIu64, num);
^~~
vhd-util-read.c:50:25: note: format string is defined here
snprintf(nbuf, nsize, "%" PRIu64, num);
vhd-util-read.c:50:24: note: directive argument in the range [0, 18446744073709551614]
snprintf(nbuf, nsize, "%" PRIu64, num);
^~~
vhd-util-read.c:50:2: note: 'snprintf' output between 2 and 21 bytes into a destination of size 15
snprintf(nbuf, nsize, "%" PRIu64, num);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vhd-util-read.c:43:24: error: '%#lx' directive output may be truncated writing between 1 and 18 bytes into a region of size 15 [-Werror=format-truncation=]
snprintf(nbuf, nsize, "%#" PRIx64 , num);
^~~~
vhd-util-read.c:43:25: note: format string is defined here
snprintf(nbuf, nsize, "%#" PRIx64 , num);
vhd-util-read.c:43:24: note: directive argument in the range [0, 18446744073709551614]
snprintf(nbuf, nsize, "%#" PRIx64 , num);
^~~~
vhd-util-read.c:43:2: note: 'snprintf' output between 2 and 19 bytes into a destination of size 15
snprintf(nbuf, nsize, "%#" PRIx64 , num);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Make the buffer larger.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Juergen Gross <jgross@suse.com>
tapdisk-vbd.c: In function 'tapdisk_vbd_resume_ring':
tapdisk-vbd.c:1671:53: error: 'snprintf' output may be truncated before the last format character [-Werror=format-truncation=]
snprintf(params.name, sizeof(params.name) - 1, "%s", message);
^
tapdisk-vbd.c:1671:3: note: 'snprintf' output between 1 and 256 bytes into a destination of size 255
snprintf(params.name, sizeof(params.name) - 1, "%s", message);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The "- 1" in buffer size should be actually applied to message, to leave
place for terminating '\0', not the other way around (truncate '\0' even
if it would fit).
In function 'tapdisk_control_open_image',
inlined from 'tapdisk_control_handle_request' at tapdisk-control.c:660:10:
tapdisk-control.c:465:2: error: 'strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation]
strncpy(params.name, vbd->name, BLKTAP2_MAX_MESSAGE_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function 'tapdisk_control_create_socket',
inlined from 'tapdisk_control_open' at tapdisk-control.c:836:9:
tapdisk-control.c:793:2: error: 'strncpy' specified bound 108 equals destination size [-Werror=stringop-truncation]
strncpy(saddr.sun_path, td_control.path, sizeof(saddr.sun_path));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
block-qcow.c: In function 'qcow_create':
block-qcow.c:1216:5: error: 'strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
strncpy(backing_filename, backing_file,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sizeof(backing_filename));
~~~~~~~~~~~~~~~~~~~~~~~~~
I those cases, reduce size of copied string and make sure final '\0' is
added.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Juergen Gross <jgross@suse.com>
gx_main.c: In function 'prepare_stop_reply':
gx_main.c:385:9: error: 'strncpy' output truncated before terminating nul copying 6 bytes from a string of the same length [-Werror=stringop-truncation]
strncpy(buf, "watch:", 6);
^~~~~~~~~~~~~~~~~~~~~~~~~
Since terminating '\0' isn't needed here at all, switch to memcpy.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Juergen Gross <jgross@suse.com>
tools/misc: fix hypothetical buffer overflow in xen-lowmemd
gcc-8 complains:
xen-lowmemd.c: In function 'handle_low_mem':
xen-lowmemd.c:80:55: error: '%s' directive output may be truncated writing up to 511 bytes into a region of size 489 [-Werror=format-truncation=]
snprintf(error, BUFSZ,"Failed to write target %s to xenstore", data);
^~ ~~~~
xen-lowmemd.c:80:9: note: 'snprintf' output between 36 and 547 bytes into a destination of size 512
snprintf(error, BUFSZ,"Failed to write target %s to xenstore", data);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In practice it wouldn't happen, because 'data' contains string
representation of 64-bit unsigned number (20 characters at most).
But place a limit to mute gcc warning.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Juergen Gross <jgross@suse.com>
gcc-8 warns about possible truncation of trailing '\0'.
Final character is overridden by '\0' anyway, so don't bother to copy
it.
This fixes compile failure:
xc_pm.c: In function 'xc_set_cpufreq_gov':
xc_pm.c:308:5: error: 'strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]
strncpy(scaling_governor, govname, CPUFREQ_NAME_LEN);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Release-Acked-by: Juergen Gross <jgross@suse.com>
When 0-indexing, maximum index is num_entries - 1. The python xc library had a
sign error where the minus was replaced by a plus, making tools that depended
on it to look for CPUs that did not exist.
libxl: add libxl_domain_suspend_only to simply suspend a domain, without saving it
Similar functionality to libxl_domain_suspend(), but do not save domains
state to any file. Only suspend the domain and keep it in suspended
shutdown state (do not destroy it). Such domain can be later woken up
with libxl_domain_resume. The main reason for this functionality is to
suspend the host while some domains are running, potentially holding PCI
devices. This will give a chance to a driver in such a domain to
properly suspend the device.
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Signed-off-by: Marcus of Wetware Labs <marcus@wetwa.re> Acked-by: Wei Liu <wei.liu2@citrix.com>
Wei Liu [Fri, 9 Mar 2018 17:20:14 +0000 (17:20 +0000)]
x86/mm: skip incrementing mfn if it is not a valid mfn
In a follow-up patch, some callers will be switched to pass
INVALID_MFN instead of zero for non-present mappings. So skip
incrementing mfn if it is not a valid one.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Julien Grall <julien.grall@arm.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Mon, 19 Mar 2018 13:40:12 +0000 (07:40 -0600)]
x86/XPTI: reduce .text.entry
This exposes less code pieces and at the same time reduces the range
covered from slightly above 3 pages to a little below 2 of them.
The code being moved is unchanged, except for the removal of trailing
blanks, insertion of blanks between operands, and a pointless q suffix
from "retq".
A few more small pieces could be moved, but it seems better to me to
leave them where they are to not make it overly hard to follow code
paths.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Mon, 19 Mar 2018 13:39:04 +0000 (07:39 -0600)]
x86: log XPTI enabled status
At the same time also report the state of the two defined
ARCH_CAPABILITIES MSR bits. To avoid further complicating the
conditional around that printk(), drop it (it's a debug level one only
anyway).
Issue the main message without any XENLOG_*, and also drop XENLOG_INFO
from the respective BTI message, to make sure they're visible at default
log level also in release builds.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Tested-by: Juergen Gross <jgross@suse.com> Reviewed-by: Juergen Gross <jgross@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Jan Beulich [Mon, 19 Mar 2018 13:37:54 +0000 (07:37 -0600)]
x86: disable XPTI when RDCL_NO
Use the respective ARCH_CAPABILITIES MSR bit, but don't expose the MSR
to guests yet.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Tested-by: Juergen Gross <jgross@suse.com> Reviewed-by: Juergen Gross <jgross@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Andrew Cooper [Fri, 16 Mar 2018 16:57:18 +0000 (16:57 +0000)]
xen/public: Rename xen_domctl_createdomain.config to arch
This is a tools only hypercall so fine to change. Altering the name avoids
having confusing code such as config->config all over the hypervisor and
toolstack.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Andrew Cooper [Fri, 9 Mar 2018 13:03:26 +0000 (13:03 +0000)]
tools/libxl: Don't prepare or save xc_config when soft resetting a domain
xc_config is only used by xc_domain_create(), but by calling
libxl__arch_domain_{prepare,save}_config() we clobber the real settings with
the default settings.
Move all data and calls relating to xc_domain_create() into the path which
calls it.
As far as I can tell, soft_reset has always been broken for ARM domains using
LIBXL_GIC_VERSION_DEFAULT, which elicits a hard error out of
libxl__arch_domain_save_config(), and only works on x86 because this function
is a no-op.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Andrew Cooper [Fri, 9 Mar 2018 12:24:13 +0000 (12:24 +0000)]
tools/libxl: Drop xc_domain_configuration_t from libxl__domain_build_state
The data it stores is initialised and exclusively used within
libxl__domain_make(), with the important details written back elsewhere by
libxl__arch_domain_save_config(). Prepare xc_config on libxl__domain_make()'s
stack, and drop the parameter.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Sergey Dyasli [Thu, 22 Mar 2018 11:32:36 +0000 (11:32 +0000)]
x86/cpuid: update signature of hvm_cr4_guest_valid_bits()
With the new cpuid infrastructure there is a domain-wide struct cpuid
policy and there is no need to pass a separate struct vcpu * into
hvm_cr4_guest_valid_bits() anymore. Make the function accept struct
domain * instead and update callers.
Signed-off-by: Sergey Dyasli <sergey.dyasli@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Razvan Cojocaru [Fri, 30 Mar 2018 15:39:05 +0000 (18:39 +0300)]
x86/altp2m: support for setting restrictions for an array of pages
For the default EPT view we have xc_set_mem_access_multi(), which
is able to set an array of pages to an array of access rights with
a single hypercall. However, this functionality was lacking for the
altp2m subsystem, which could only set page restrictions for one
page at a time. This patch addresses the gap.
HVMOP_altp2m_set_mem_access_multi has been added as a HVMOP (as opposed to a
DOMCTL) for consistency with its HVMOP_altp2m_set_mem_access counterpart (and
hence with the original altp2m design, where domains are allowed - with the
proper altp2m access rights - to alter these settings), in the absence of an
official position on the issue from the original altp2m designers.
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Signed-off-by: Petre Pircalabu <ppircalabu@bitdefender.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com>
Wei Liu [Wed, 4 Apr 2018 11:03:14 +0000 (12:03 +0100)]
x86/hvm/ioreq: fix two bugs in hvm_create_ioreq_server
It is possible to call the error path with i pointing beyond the end
of the array.
There is another bug that if there is already a default ioreq server,
the code will actually sets the element to NULL, hence leaking memory.
Move setting NULL to where it is needed.
Coverity-ID: 1433777 Signed-off-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
By using a static inline stub in private.h for OS where this functionality
is not implemented, the various duplicate stubs in the OS-specific source
modules can be avoided.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Paul Durrant [Mon, 31 Jul 2017 15:28:39 +0000 (16:28 +0100)]
tools/libxenforeignmemory: add support for resource mapping
A previous patch introduced a new HYPERVISOR_memory_op to acquire guest
resources for direct priv-mapping.
This patch adds new functionality into libxenforeignmemory to make use
of a new privcmd ioctl [1] that uses the new memory op to make such
resources available via mmap(2).
Paul Durrant [Mon, 30 Oct 2017 11:39:33 +0000 (11:39 +0000)]
x86/mm: add an extra command to HYPERVISOR_mmu_update...
...to allow the calling domain to prevent translation of specified l1e
value.
Despite what the comment in public/xen.h might imply, specifying a
command value of MMU_NORMAL_PT_UPDATE will not simply update an l1e with
the specified value. Instead, mod_l1_entry() tests whether foreign_dom
has PG_translate set in its paging mode and, if it does, assumes that the
the pfn value in the l1e is a gfn rather than an mfn.
To allow PV tools domain to map mfn values from a previously issued
HYPERVISOR_memory_op:XENMEM_acquire_resource, there needs to be a way
to tell HYPERVISOR_mmu_update that the specific l1e value does not
require translation regardless of the paging mode of foreign_dom. This
patch therefore defines a new command value, MMU_PT_UPDATE_NO_TRANSLATE,
which has the same semantics as MMU_NORMAL_PT_UPDATE except that the
paging mode of foreign_dom is ignored and the l1e value is used verbatim.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Paul Durrant [Wed, 9 Aug 2017 16:39:01 +0000 (17:39 +0100)]
x86/hvm/ioreq: add a new mappable resource type...
... XENMEM_resource_ioreq_server
This patch adds support for a new resource type that can be mapped using
the XENMEM_acquire_resource memory op.
If an emulator makes use of this resource type then, instead of mapping
gfns, the IOREQ server will allocate pages which are assigned to the
emulating domain. These pages will never be present in the P2M of the
guest at any point (and are not even shared with the guest) and so are not
vulnerable to any direct attack by the guest.
NOTE: Use of the new resource type is not compatible with use of
XEN_DMOP_get_ioreq_server_info unless the XEN_DMOP_no_gfns flag is
set.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com>
Paul Durrant [Wed, 27 Sep 2017 09:00:54 +0000 (10:00 +0100)]
x86/mm: add HYPERVISOR_memory_op to acquire guest resources
Certain memory resources associated with a guest are not necessarily
present in the guest P2M.
This patch adds the boilerplate for new memory op to allow such a resource
to be priv-mapped directly, by either a PV or HVM tools domain.
NOTE: Whilst the new op is not intrinsically specific to the x86 architecture,
I have no means to test it on an ARM platform and so cannot verify
that it functions correctly.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com>
Paul Durrant [Wed, 9 Aug 2017 15:22:35 +0000 (16:22 +0100)]
x86/hvm/ioreq: defer mapping gfns until they are actually requested
A subsequent patch will introduce a new scheme to allow an emulator to
map ioreq server pages directly from Xen rather than the guest P2M.
This patch lays the groundwork for that change by deferring mapping of
gfns until their values are requested by an emulator. To that end, the
pad field of the xen_dm_op_get_ioreq_server_info structure is re-purposed
to a flags field and new flag, XEN_DMOP_no_gfns, defined which modifies the
behaviour of XEN_DMOP_get_ioreq_server_info to allow the caller to avoid
requesting the gfn values.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Paul Durrant [Wed, 9 Aug 2017 13:19:25 +0000 (14:19 +0100)]
x86/hvm/ioreq: use gfn_t in struct hvm_ioreq_page
This patch adjusts the ioreq server code to use type-safe gfn_t values
where possible. No functional change.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Paul Durrant [Thu, 3 Aug 2017 14:35:26 +0000 (15:35 +0100)]
x86/hvm/ioreq: simplify code and use consistent naming
This patch re-works much of the ioreq server initialization and teardown
code:
- The hvm_map/unmap_ioreq_gfn() functions are expanded to call through
to hvm_alloc/free_ioreq_gfn() rather than expecting them to be called
separately by outer functions.
- Several functions now test the validity of the hvm_ioreq_page gfn value
to determine whether they need to act. This means can be safely called
for the bufioreq page even when it is not used.
- hvm_add/remove_ioreq_gfn() simply return in the case of the default
IOREQ server so callers no longer need to test before calling.
- hvm_ioreq_server_setup_pages() is renamed to hvm_ioreq_server_map_pages()
to mirror the existing hvm_ioreq_server_unmap_pages().
All of this significantly shortens the code.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com>
Paul Durrant [Wed, 21 Mar 2018 14:00:37 +0000 (14:00 +0000)]
x86/hvm/ioreq: maintain an array of ioreq servers rather than a list
A subsequent patch will remove the current implicit limitation on creation
of ioreq servers which is due to the allocation of gfns for the ioreq
structures and buffered ioreq ring.
It will therefore be necessary to introduce an explicit limit and, since
this limit should be small, it simplifies the code to maintain an array of
that size rather than using a list.
Also, by reserving an array slot for the default server and populating
array slots early in create, the need to pass an 'is_default' boolean
to sub-functions can be avoided.
Some function return values are changed by this patch: Specifically, in
the case where the id of the default ioreq server is passed in, -EOPNOTSUPP
is now returned rather than -ENOENT.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Boris Ostrovsky [Tue, 3 Apr 2018 06:05:21 +0000 (23:05 -0700)]
libxc: Pass e820 map to HVM/PVH guests via hvm_start_info
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Signed-off-by: Maran Wilson <maran.wilson@oracle.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Boris Ostrovsky [Tue, 3 Apr 2018 06:05:20 +0000 (23:05 -0700)]
libxl: Store e820 map in xc_dom_image
We will later copy it to hvm_start_info.
(Also remove stale comment claming that xc_dom_image.start_info_seg is
only used for HVMlite guests)
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Boris Ostrovsky [Tue, 3 Apr 2018 06:05:19 +0000 (23:05 -0700)]
libxl/x86: Build e820 map earlier for HVM/PVH guests
Since hvm_start_info has now been expanded to include memory map (i.e.
e820) we need to know size of this map by the time we create
dom->start_info_seg in alloc_magic_pages_hvm().
To do so we have to call libxl__arch_domain_construct_memmap() earlier,
before xc_dom_build_image(). And since libxl__arch_domain_construct_memmap()
is only used by for x86 we can make this call from x86's
libxl__arch_domain_finalise_hw_description(), at the same time removing
its NOP definition from ARM code and renaming and making it static in
libxl_x86.c
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Maran Wilson [Tue, 3 Apr 2018 06:05:18 +0000 (23:05 -0700)]
x86/PVHv2: Add memory map pointer to hvm_start_info struct
The start info structure that is defined as part of the x86/HVM direct boot
ABI and used for starting Xen PVH guests would be more versatile if it also
included a way to pass information about the memory map to the guest. This
would allow KVM guests to share the same entry point.
Signed-off-by: Maran Wilson <maran.wilson@oracle.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Andre Przywara [Thu, 24 Aug 2017 16:26:32 +0000 (17:26 +0100)]
ARM: VGIC: wire new VGIC(-v2) files into Xen build system
Now that we have both the old VGIC prepared to cope with a sibling and
the code for the new VGIC in place, lets add a Kconfig option to enable
the new code and wire it into the Xen build system.
This will add a compile time option to use either the "old" or the "new"
VGIC.
In the moment this is restricted to a vGIC-v2. To make the build system
happy, we provide a temporary dummy implementation of
vgic_v3_setup_hw() to allow building for now.
Andre Przywara [Thu, 21 Dec 2017 12:41:28 +0000 (12:41 +0000)]
ARM: new VGIC: Allocate two pages for struct vcpu
At the moment we allocate exactly one page for struct vcpu on ARM, also
have a check in place to prevent it growing beyond 4KB.
As the struct includes the state of all 32 private (per-VCPU) interrupts,
we are at 3840 bytes on arm64 at the moment already. Growing the per-IRQ
VGIC structure even slightly makes the VCPU quickly exceed the 4K limit.
The new VGIC will need more space per virtual IRQ. I spent a few hours
trying to trim this down, but couldn't get it below 4KB, even with the
nasty hacks piling up to save some bytes here and there.
It turns out that beyond efficiency, maybe, there is no real technical
reason this struct has to fit in one page, so lifting the limit to two
pages seems like the most pragmatic solution.
Restrict the compilation error to compiling with the new VGIC and for
ARM64 only.
Andre Przywara [Wed, 7 Feb 2018 14:54:23 +0000 (14:54 +0000)]
ARM: new VGIC: vgic-init: implement map_resources
map_resources is the last initialization step needed before the first
VCPU is run. At that stage the code stores the MMIO base addresses used.
Also it registers the respective register frames with the MMIO framework.
This is based on Linux commit cbae53e663ea, written by Eric Auger.
Andre Przywara [Thu, 8 Feb 2018 18:40:45 +0000 (18:40 +0000)]
ARM: new VGIC: vgic-init: implement vgic_init
This patch allocates and initializes the data structures used to model
the vgic distributor and virtual cpu interfaces. At that stage the
number of IRQs and number of virtual CPUs is frozen.
Implement the various functions that the Xen arch code is expecting to
call during domain and VCPU setup to initialize the VGIC.
Their prototypes are already in existing header files.
This is based on Linux commit ad275b8bb1e6, written by Eric Auger.
Andre Przywara [Thu, 8 Feb 2018 18:44:38 +0000 (18:44 +0000)]
ARM: new VGIC: vgic-init: register VGIC
This patch implements the function which is called by Xen when it wants
to register the virtual GIC.
This also implements vgic_max_vcpus() for the new VGIC, which reports
back the maximum number of VCPUs a certain GIC model supports. Similar
to the counterpart in the "old" VGIC, we return some maximum value if
the VGIC has not been initialised yet.
Andre Przywara [Wed, 7 Feb 2018 13:58:19 +0000 (13:58 +0000)]
ARM: new VGIC: Add preliminary stub implementation
The ARM arch code requires an interrupt controller emulation to implement
vgic_clear_pending_irqs(), although it is suspected that it is actually
not necessary. Go with a stub for now to make the linker happy.
Andre Przywara [Mon, 5 Mar 2018 11:13:36 +0000 (11:13 +0000)]
ARM: new VGIC: Implement arch_move_irqs()
When a VCPU moves to another CPU, we need to adjust the target affinity
of any hardware mapped vIRQs, to observe our "physical-follows-virtual"
policy.
Implement arch_move_irqs() to adjust the physical affinity of all hardware
mapped vIRQs targetting this VCPU.
Andrew Cooper [Thu, 22 Mar 2018 17:17:20 +0000 (17:17 +0000)]
x86/pv: Fix the handing of writes to %dr7
c/s 65e35549 "x86/PV: support data breakpoint extension registers"
accidentally broke the handing of writes. The call to activate_debugregs()
doesn't write %dr7 as v->arch.debugreg[7] hasn't been updated yet, and the
break skips the intended write to %dr7.
Remove the break, causing execution to hit the write_debugreg(7, value); in
context at the bottom of the hunk, which in turn causes hardware to be updated
appropriately.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Andre Przywara [Wed, 7 Feb 2018 13:59:07 +0000 (13:59 +0000)]
ARM: new VGIC: Provide system register emulation stub
The Xen arch code traps system registers writes from the guest and will
relay anything GIC related to the VGIC.
Since this affects only GICv3 (which we don't yet emulate), provide a
stub implementation of vgic_emulate() for now.
Andre Przywara [Thu, 8 Feb 2018 12:24:21 +0000 (12:24 +0000)]
ARM: new VGIC: Dump virtual IRQ info
When we dump guest state on the Xen console, we also print the state of
IRQs that are on a VCPU.
Add the code to dump the state of an IRQ handled by the new VGIC.
Andre Przywara [Wed, 7 Feb 2018 13:57:39 +0000 (13:57 +0000)]
ARM: new VGIC: Handle virtual IRQ allocation/reservation
To find an unused virtual IRQ number Xen uses a scheme to track used
virtual IRQs.
Implement this interface in the new VGIC to make the Xen core/arch code
happy.
This is actually somewhat VGIC agnostic, so is mostly a copy of the code
from the old VGIC. But it has to live in the VGIC files, so we can't
easily reuse the existing implementation.
Andre Przywara [Wed, 7 Feb 2018 13:56:57 +0000 (13:56 +0000)]
ARM: new VGIC: Add event channel IRQ handling
The Xen core/arch code relies on two abstracted functions to inject an
event channel IRQ and to query its pending state.
Implement those to query the state of the new VGIC implementation.
Andre Przywara [Wed, 7 Feb 2018 17:08:23 +0000 (17:08 +0000)]
ARM: new VGIC: Handle hardware mapped IRQs
The VGIC supports virtual IRQs to be connected to a hardware IRQ, so
when a guest EOIs the virtual interrupt, it affects the state of that
corresponding interrupt on the hardware side at the same time.
Implement the interface that the Xen arch/core code expects to connect
the virtual and the physical world.
Andre Przywara [Wed, 7 Feb 2018 17:03:50 +0000 (17:03 +0000)]
ARM: new VGIC: Add TARGET registers handlers
The target register handlers are v2 emulation specific, so their
implementation lives entirely in vgic-mmio-v2.c.
We copy the old VGIC behaviour of assigning an IRQ to the first VCPU
set in the target mask instead of making it possibly pending on
multiple VCPUs.
We update the physical affinity of a hardware mapped vIRQ on the way.
This is based on Linux commit 2c234d6f1826, written by Andre Przywara.
Andre Przywara [Wed, 7 Feb 2018 15:53:39 +0000 (15:53 +0000)]
ARM: new VGIC: Add CONFIG registers handlers
The config register handlers are shared between the v2 and v3 emulation,
so their implementation goes into vgic-mmio.c, to be easily referenced
from the v3 emulation as well later.
This is based on Linux commit 79717e4ac09c, written by Andre Przywara.
Andre Przywara [Wed, 7 Feb 2018 15:53:20 +0000 (15:53 +0000)]
ARM: new VGIC: Add PRIORITY registers handlers
The priority register handlers are shared between the v2 and v3 emulation,
so their implementation goes into vgic-mmio.c, to be easily referenced
from the v3 emulation as well later.
This is based on Linux commit 055658bf48fc, written by Andre Przywara.
Andre Przywara [Wed, 7 Feb 2018 15:52:48 +0000 (15:52 +0000)]
ARM: new VGIC: Add ACTIVE registers handlers
The active register handlers are shared between the v2 and v3 emulation,
so their implementation goes into vgic-mmio.c, to be easily referenced
from the v3 emulation as well later.
Since activation/deactivation of an interrupt may happen entirely in the
guest without it ever exiting, we need some extra logic to properly track
the active state.
For clearing the active state, we would basically have to halt the guest
to make sure this is properly propagated into the respective VCPUs.
This is not yet implemented in Xen.
Fortunately this feature is mostly used to reset a just in initialised
GIC, so chances are we are tasked to clear bits that are already zero.
Add a simple check to avoid pointless warnings in this case.
Andre Przywara [Wed, 7 Feb 2018 15:52:07 +0000 (15:52 +0000)]
ARM: new VGIC: Add PENDING registers handlers
The pending register handlers are shared between the v2 and v3
emulation, so their implementation goes into vgic-mmio.c, to be easily
referenced from the v3 emulation as well later.
For level triggered interrupts the real line level is unaffected by
this write, so we keep this state separate and combine it with the
device's level to get the actual pending state.
Hardware mapped IRQs need some special handling, as their hardware state
has to be coordinated with the virtual pending bit to avoid hanging
or masked interrupts.
This is based on Linux commit 96b298000db4, written by Andre Przywara.
Andre Przywara [Wed, 7 Feb 2018 15:51:12 +0000 (15:51 +0000)]
ARM: new VGIC: Add ENABLE registers handlers
As the enable register handlers are shared between the v2 and v3
emulation, their implementation goes into vgic-mmio.c, to be easily
referenced from the v3 emulation as well later.
This introduces a vgic_sync_hardware_irq() function, which updates the
physical side of a hardware mapped virtual IRQ.
Because the existing locking order between vgic_irq->irq_lock and
irq_desc->lock dictates so, we drop the irq_lock and retake them in the
proper order.
Andre Przywara [Thu, 8 Feb 2018 11:34:40 +0000 (11:34 +0000)]
ARM: new VGIC: Add CTLR, TYPER and IIDR handlers
Those three registers are v2 emulation specific, so their implementation
lives entirely in vgic-mmio-v2.c. Also they are handled in one function,
as their implementation is pretty simple.
We choose to piggy-back on the existing KVM identification registers,
but use a different variant (major revision).
When the guest enables the distributor, we kick all VCPUs to get
potentially pending interrupts serviced.
This is based on Linux commit 2b0cda878965, written by Marc Zyngier.
Andre Przywara [Wed, 7 Feb 2018 11:43:07 +0000 (11:43 +0000)]
ARM: new VGIC: Add GICv2 MMIO handling framework
Create vgic-mmio-v2.c to describe GICv2 emulation specific handlers
using the initializer macros provided by the VGIC MMIO framework.
Provide a function to register the GICv2 distributor registers to
the Xen MMIO framework.
The actual handler functions are still stubs in this patch.
This is based on Linux commit fb848db39661, written by Andre Przywara.
Andre Przywara [Wed, 7 Feb 2018 13:28:55 +0000 (13:28 +0000)]
ARM: new VGIC: Add MMIO handling framework
Add an MMIO handling framework to the VGIC emulation:
Each register is described by its offset, size (or number of bits per
IRQ, if applicable) and the read/write handler functions. We provide
initialization macros to describe each GIC register later easily.
Separate dispatch functions for read and write accesses are connected
to Xen's MMIO handling framework and binary-search for the responsible
register handler based on the offset address within the region.
The register handler prototype are courtesy of Christoffer Dall.
This is based on Linux commit 4493b1c4866a, written by Marc Zyngier.
Andre Przywara [Wed, 7 Feb 2018 12:37:43 +0000 (12:37 +0000)]
ARM: new VGIC: Implement vgic_vcpu_pending_irq
Tell Xen whether a particular VCPU has an IRQ that needs handling
in the guest. This is used to decide whether a VCPU is runnable or
if a hypercall should be preempted to let the guest handle the IRQ.
This is based on Linux commit 90eee56c5f90, written by Eric Auger.
Andre Przywara [Wed, 7 Feb 2018 12:33:16 +0000 (12:33 +0000)]
ARM: new VGIC: Add GICv2 world switch backend
Processing maintenance interrupts and accessing the list registers
are dependent on the host's GIC version.
Introduce vgic-v2.c to contain GICv2 specific functions.
Implement the GICv2 specific code for syncing the emulation state
into the VGIC registers.
This also adds the hook to let Xen setup the host GIC addresses.
This is based on Linux commit 140b086dd197, written by Marc Zyngier.
Andre Przywara [Wed, 7 Feb 2018 12:26:09 +0000 (12:26 +0000)]
ARM: new VGIC: Add IRQ sync/flush framework
Implement the framework for syncing IRQs between our emulation and the
list registers, which represent the guest's view of IRQs.
This is done in vgic_sync_from_lrs() and vgic_sync_to_lrs(), which
get called on guest entry and exit, respectively.
The code talking to the actual GICv2/v3 hardware is added in the
following patches.
This is based on Linux commit 0919e84c0fc1, written by Marc Zyngier.
Roger Pau Monne [Tue, 27 Mar 2018 15:30:26 +0000 (16:30 +0100)]
kconfig: don't select VPCI if building a shim-only binary
Add dummy replacements for some functions used outside of the vpci
code, and also a guard in vmsi.c to prevent vpci arch specific helpers
from being compiled if the option is not selected.
Reported-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Roger Pau Monne [Wed, 28 Mar 2018 11:55:15 +0000 (12:55 +0100)]
libxc/x86: fix mapping of the start_info area
The start_info size calculated in bootlate_hvm is wrong. It should use
HVMLOADER_MODULE_MAX_COUNT instead of dom->num_modules and it doesn't
take into account the size of the modules command line.
This is not a problem so far because the actually used amount of
memory doesn't cross a page boundary, and so no page-fault is
triggered.
Instead of fixing the size calculation done in bootlate_hvm just map
the amount of memory allocated in alloc_magic_pages_hvm.
Suggested-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Roger Pau Monne [Fri, 23 Mar 2018 12:08:23 +0000 (12:08 +0000)]
SUPPORT.md: add PVH Dom0 status
Also fix x86/HVM to spell out that only DomU HVM mode is supported and
remove the 'guest' from the ARM section, ARM supports both Dom0/DomU
using the same mode.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: George Dunlap <george.dunlap@citrix.com>
Anthony PERARD [Mon, 26 Mar 2018 17:38:10 +0000 (18:38 +0100)]
libxl_dm: Replace deprecated -drive if=scsi
.. by -drive if=none,.. -device scsi-disk,...
The use of if=scsi in QEMU is deprecated and has been removed in 2.12 by 1454509726 scsi: Remove automatic creation of SCSI controllers with -drive if=scsi
It used to create a SCSI controller, now we have to explicitly create
it in libxl. This is done ahead of disks creation in order to try to
keep the controller on the PCI slot as it used to be.
The chosen "id" for drive is the same that QEMU used to create.
This patch also take the opportunity to remove the comments in
qemu_disk_scsi_drive_string() which had a typo and is now out of date.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Andre Przywara [Wed, 7 Feb 2018 12:13:36 +0000 (12:13 +0000)]
ARM: new VGIC: Add IRQ sorting
Adds the sorting function to cover the case where you have more IRQs
to consider than you have LRs. We consider their priorities.
This uses the new sort_list() implementation imported from Linux.
This is based on Linux commit 8e4447457965, written by Christoffer Dall.
Andre Przywara [Wed, 7 Feb 2018 12:13:36 +0000 (12:13 +0000)]
Add list_sort() routine from Linux
This pulls in Linux's list_sort.c, which is a merge sort implementation
for linked lists. Apart from adding a full featured license header and
adjusting the #include file, nothing has been changed in this code.
Define a promptless Kconfig which configurations can select when they
need this code and add it to the Makefile.
This is from Linux' lib/list_sort.c, as of commit e327fd7c8667
("lib: add module support to linked list sorting tests").
Signed-off-by: Andre Przywara <andre.przywara@linaro.org> Acked-by: Julien Grall <julien.grall@arm.com>
Andre Przywara [Wed, 7 Feb 2018 12:09:07 +0000 (12:09 +0000)]
ARM: new VGIC: Implement virtual IRQ injection
Provide a vgic_queue_irq_unlock() function which decides whether a
given IRQ needs to be queued to a VCPU's ap_list.
This should be called whenever an IRQ becomes pending or enabled,
either as a result of a hardware IRQ injection, from devices emulated by
Xen (like the architected timer) or from MMIO accesses to the distributor
emulation.
Also provides the necessary functions to allow to inject an IRQ to a guest.
Since this is the first code that starts using our locking mechanism,
we add some (hopefully) clear documentation of our locking strategy and
requirements along with this patch.
This is based on Linux commit 81eeb95ddbab, written by Christoffer Dall.
Andre Przywara [Wed, 7 Feb 2018 11:42:02 +0000 (11:42 +0000)]
ARM: new VGIC: Add accessor to new struct vgic_irq instance
The new VGIC implementation centers around a struct vgic_irq instance
per virtual IRQ.
Provide a function to retrieve the right instance for a given IRQ
number and (in case of private interrupts) the right VCPU.
This also includes the corresponding put function, which does nothing
for private interrupts and SPIs, but handles the ref-counting for LPIs.
This is based on Linux commit 64a959d66e47, written by Christoffer Dall.
projects / xen.git / log