When building with FORTIFY_SOURCE to ensure that return codes of common
functions are checked to avoid some bugs, a few warnings pop up and
become errors due to -Werror. Attached checks the return codes
(or at least stores them to a dummy variable).
Relax BUG_ON() state ment in increase_reservation() in balloon.c.
When xen_feature(XENFEAT_auto_translated_physmap) = 1,
phys_to_machine_mapping_valid(pfn) always returns true.
Relaxed BUG_ON() for xen_feature(XENFEAT_auto_translated_physmap) = 1 case.
Define __XEN_TOOLS__ when building tools. Use this to
automatically build against latest Xen interface version,
and to specifically define GET_XEN_GUEST_HANDLE().
Occasionally large smp machines fail to reboot properly and die under
an IPI storm of smp_call_function() to machine_reboot. Only the boot
processor needs to run machine_restart, so send an IPI to CPU0.
This patch adds the ability to have restricted write access to some
of the structures on the capability list. Specifically, this patch adds
support for reading data through the Vital Product Data capability
structure and for manipulating power management of a card. A driver
domain is not allowed to enable Power Management Events (the PME trace
may be shared across devices in many domains), but it can put a device
in its control to sleep or query it for power usage statistics. This
code could possibly be expanded in the future to add support for AGP,
PCI-X, and MSI/MSIX (all of which are controlled through structures on
the capability list).
This patch also corrects some formatting issues in the PCI backend and
adds some comments to the code regarding permissive mode.
This patch addresses CVE-2006-1056 (information leak from
fxsave/fxrstor on AMD CPUs) and also adjusts 64-bit handling so that
full 64-bit RIP/RDP values get saved/restored. More fine-grained
handling may be needed if 32-bit processes are expected to properly
see their selectors (native Linux doesn't currently do that either,
but there is a patch to adjust it there).
Original patch: Jan Beulich (based on Linux original by Andi Kleen)
xenLinux/ia64 has its own dma_map_page(), dma_unmap_page(), and it needs
linux default implementations of dma_declare_coheremnt_memory() and its
families which is defined in include/linux/dma-mapping.h.
So those in pci-dma-xen.c are unnecessary. #ifdef out them.
PATCHNAME: pci-dma-xen-common
[IA64] Fix the total memory info with xm info command
This small patch intends to provide correct total memory info for
control panel and fixed hardcode for that. The total memory info doesn't
include the memory FW used.
Move contents of switch_to macro from xensystem.h to context_switch function.
Initialize FPU on all processors. FPH is always enabled in Xen.
Speed up context-switch (a little bit!) by not enabling/disabling FPH.
Cleanup (unused function/variablesi/fields, debug printf...)
vmx_ia64_switch_to removed (was unused).
This small patch output message of elf_sanity_check as x86.
Currently this panic is the only following message.
(XEN) *** LOADING DOMAIN 0 ***
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) Could not set up DOM0 guest OS
(XEN) ****************************************
(XEN)
(XEN) Reboot in five seconds...
(XEN) machine_restart called: spinning....
Some of the Linux PCI functions called by the virtual configuration
space handlers were making calls into ACPI code which uses semaphores.
Since semaphores can not be locked while atomic (because they could
sleep), I changed the way the PCI backend responds to requests from the
frontend. Previously, the virtual configuration space handlers ran in
the same context as the event channel interrupt handler (which was often
atomic if not always atomic). Now the interrupt handler schedules a
callback function (a bottom half) in the system work queue (keventd)
that will get called in process context at a slightly later time. This
allows the handlers in the virtual configuration space to run in process
context and to call any core PCI function regardless of whether it will
sleep or not.
While other aspects of the system configuration may still be
controlled by the outcome of the table scan, if apic= was given on the
command line its effect should not be overridden here.
This is a small fix for SMP PAE guest on x86-64.
Since part of the VMX guest initialization is running in the context of
dom0, so when we want to make sure the operation of shadow ops is
always done by vcpu0 of the guest VMX domain, we should make sure
the current vcpu0 is running in guest domain and not in the dom0.
Signed-off-by: Xiaohui Xin xiaohui.xin@intel.com Signed-off-by: Xin Li <xin.b.li@intel.com>
This patch updates the documentation and extends the 'xm' man page with
the integrated access control management commands. The man page is a
good place to start exploring these commands.
This patch integrates the new access control management tools into 'xm'
and 'xend' and supports label/ssid translation support for
migration/life-migration/resume.
This patch adds new python access control management scripts, which
integrate into Xen Management and which support the new access control
labels (labels replace the ssidref numbers at the management user
interface).
This patch adds support in the hypervisor for the policy name attribute
introduced into security policies. It also fixes a minor problem related
to handling unsupported boot policies.
This patch adds support in the hypervisor for the policy name attribute
introduced into security policies. It also fixes a minor problem related
to handling unsupported boot policies.
This patch adds a policy name to the policy definition. This policy name
must be unique and must change if the content of the file changes. The
policy name is used to ensure that the XM tools and the hypervisor work
on the same policy, i.e., interpret the security information on domains
consistently. This patch also simplifies the policy management by moving
policy and labels into a single file.
The Xen checksum offload feature attempts to insert a TCP/UDP
checksums into already encrypted packets (esp4) in dom0. Obviously,
it is not possible to insert a checksum into an already encrypted
packet, so this patch inserts the checksum prior to encrypting
packets in net/ipv4/xfrm4_output.c.
To do this cleanly, the TCP/UDP header pointers need to be pointed to
the correct spot, so this functionality has been abstracted into a new
function.
This patch fixes bug 143 (verified by Jim Dykman). Earlier version
verified by Jon McCune.
Signed-off-by: James Dykman <dykman@us.ibm.com> Signed-off-by: Jon Mason <jdmason@us.ibm.com>
Remove update_vcpu_system_time() call from the per-VCPU timer
callback function. It's unnecessary and in fact may occasionally
even run on the wrong CPU.
Avoid flood of PIT interrupts while debugging an hvm guest.
This is rebased to the new PIT code now. It has the same logic as
earlier. PIT tries to catch up the missed timer ticks by injected all
the ticks one by one so that Guest time stays close to the wall clock.
But while debugging a hvm guest if you stop the guest by debugger and
then continue, the guest sees flood of interrupts compensating the
missed ticks for the stopped time. This patch just check if the guest is
being debugged, if yes then it does not try to catch up with the missed
ticks.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@.intel.com>
Fix command-line parsing in a few respects -- be more
generous about what we accept, avoid stack overflow, and
print the command line during boot (rather useful!).
This should fix the 'lapic' and 'nolapic' boot options.
[IA64] translate_domain_pte must handle ED bit and ignre bit[63:53]
made translate_domain_pte() aware _PAGE_ED bits.
_PAGE_PPN_MASK doesn't mask ED bit.
ED bit must be handled explicitly.
This case can occur by vcpu_itc_d().
Add support to physdev ops, and thus give IOSAPIC RTEs
managed by Xen now. Dom0 now issues hypercall to r/w
RTE entry. Another change is the irq vector allocation
which is also owned by xen now.
After this change, the IOSAPIC is almost owned by xen
with only exception as IOSAPIC EOI which is still issued
by dom0 directly. But that's OK since currently dom0
owns all external physical devices. Later full event
channel mechanism will provide necessary support for
driver domain, and at that time, dom0 instead issues
physdev_op (PHYSDEVOP_IRQ_UNMASK_NOTIFY) naturally as
replace of IOSAPIC EOI.
The attached patch allows external devices to migrate. The patch
contains code that allows to at least detect local migration of a
virtual machine and handles this for the virtual TPM (results in a no-op
for local migr.). If migration of a virtual machine with attached vTPM
to another machine is attempted, XenD will return an error.
projects / xen.git / log