xentrace: Implement cpu mask range parsing of human values (-c).
Instead of just using -c 0x<some hex value> we can
also use: -c <starting cpu>-<end cpu>, -c <cpu1>,<cpu2>, or a
combination of them, or 'all' for all cpus.
This new format can include just singular CPUs: -c <cpu1>,
or ranges without an start or end (and xentrace will figure out
the values), such as: -c -<cpu2> (which will include cpu0, cpu1,
and cpu2) or -c <cpu2>- (which will include cpu2 and up to MAX_CPUS).
That should make it easier to trace the right CPU if
using this along with 'xl vcpu-list'.
The code has been lifted from the Linux kernel, see file
lib/bitmap.c, function __bitmap_parselist.
To make the old behavior and the new function work, we check
to see if the arguments have '0x' in them. If they do
we use the old style parsing (limited to 32 CPUs). If that
does not exist we use the new parsing.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
Roger Pau Monné [Fri, 15 May 2015 08:08:33 +0000 (10:08 +0200)]
x86: rework paging_log_dirty_op to work with hvm guests
When the caller of paging_log_dirty_op is a hvm guest Xen would choke when
trying to copy the dirty bitmap to the guest because the paging lock is
already held.
Fix this by independently mapping each page of the guest bitmap as needed
without the paging lock held.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org>
Roger Pau Monné [Fri, 15 May 2015 08:07:20 +0000 (10:07 +0200)]
x86/shadow: fix shadow_track_dirty_vram to work on hvm guests
Modify shadow_track_dirty_vram to use a local buffer and then flush to the
guest without the paging_lock held. This is modeled after
hap_track_dirty_vram.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org>
Roger Pau Monné [Fri, 15 May 2015 08:06:04 +0000 (10:06 +0200)]
introduce a helper to allocate non-contiguous memory
The allocator uses independent calls to alloc_domheap_pages in order to get
the desired amount of memory and then maps all the independent physical
addresses into a contiguous virtual address space.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Tested-by: Julien Grall <julien.grall@citrix.com> (ARM) Reviewed-by: Tim Deegan <tim@xen.org>
David Vrabel [Fri, 15 May 2015 07:52:25 +0000 (09:52 +0200)]
x86,arm: remove asm/spinlock.h from all architectures
Now that all architecture use a common ticket lock implementation for
spinlocks, remove the architecture specific byte lock implementations.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
David Vrabel [Fri, 15 May 2015 07:49:12 +0000 (09:49 +0200)]
use ticket locks for spin locks
Replace the byte locks with ticket locks. Ticket locks are: a) fair;
and b) peform better when contented since they spin without an atomic
operation.
The lock is split into two ticket values: head and tail. A locker
acquires a ticket by (atomically) increasing tail and using the
previous tail value. A CPU holds the lock if its ticket == head. The
lock is released by increasing head.
spin_lock_irq() and spin_lock_irqsave() now spin with irqs disabled
(previously, they would spin with irqs enabled if possible). This is
required to prevent deadlocks when the irq handler tries to take the
same lock with a higher ticket.
Architectures need only provide arch_fetch_and_add() and two barriers:
arch_lock_acquire_barrier() and arch_lock_release_barrier().
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Yang Hongyang [Thu, 14 May 2015 08:55:18 +0000 (16:55 +0800)]
libxc/restore: add checkpointed flag to the restore context
add checkpointed flag to the restore context.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:17 +0000 (16:55 +0800)]
libxc/restore: introduce setup() and cleanup() on restore
introduce setup() and cleanup() which subsume the
ctx->restore.ops.{setup,cleanup}() calls and also
do memory alloc/free.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:16 +0000 (16:55 +0800)]
libxc/restore: split read/handle qemu info
Split read/handle qemu info. The receiving of qemu info
should be done while we receive the migration stream,
handle_qemu will be called when the stream complete.
Otherwise, it will break Remus because read_record()
won't read qemu info and stream_complete will be called
at failover.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:15 +0000 (16:55 +0800)]
libxc/restore: introduce process_record()
Move record handle codes into a function process_record().
It will be used multiple times by Remus.
No functional change.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:14 +0000 (16:55 +0800)]
libxc/save: reuse send_dirty_pages() in send_all_pages()
introduce bitmap_set() to set the entire bitmap.
in send_all_pages(), set the entire bitmap and call send_dirty_pages().
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:13 +0000 (16:55 +0800)]
libxc/save: rename send_some_pages to send_dirty_pages
rename send_some_pages to send_dirty_pages, no functional change.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:12 +0000 (16:55 +0800)]
libxc/save: remove bitmap param from send_some_pages
In last patch we added dirty bitmap to the save context,
we no longer need to pass this param to send_some_pages.
We can get dirty bitmap from the save context.
'entries' should stay as it is a useful sanity check.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:11 +0000 (16:55 +0800)]
libxc/save: adjust the memory allocation for migration
Move the memory allocation before the concrete live/nolive save
in order to avoid the free/alloc memory loop when using Remus.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:10 +0000 (16:55 +0800)]
libxc/save: rename to_send to dirty_bitmap
rename to_send to dirty_bitmap.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:09 +0000 (16:55 +0800)]
libxc/save: introduce setup() and cleanup() on save
introduce setup() and cleanup() which subsume the
ctx->save.ops.{setup,cleanup}() calls.
The SHADOW_OP_OFF hypercall is also included in the cleanup().
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Yang Hongyang [Thu, 14 May 2015 08:55:08 +0000 (16:55 +0800)]
tools/libxc: add a check in xc_hypercall_buffer_free_pages macro
When we use a DECLARE_HYPERCALL_BUFFER_SHADOW it defines a user
pointer '_name' and a shadow xc_hypercall_buffer_t.
When calling xc_hypercall_buffer_free_pages(_xch, _name, _nr),
the complier will report '_name' unused error, because
xc_hypercall_buffer_free_pages() is a MACRO and '_name' is
transparently converted to the hypercall buffer. it confuses
the caller because xc_hypercall_buffer_free_pages() looks
like a function and takes '_name' as an arg.
Add an if check to let the compiler think we are actually
using the argument '_name'.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
[ ijc -- some rewording of the commit message ]
Yang Hongyang [Thu, 14 May 2015 08:55:07 +0000 (16:55 +0800)]
tools/libxc: unused attribute in DECLARE_HYPERCALL_BUFFER_SHADOW
There are cases where we only need to use the hypercall buffer data,
and do not use the xc_hypercall_buffer_t struct.
DECLARE_HYPERCALL_BUFFER_SHADOW defines a user pointer that can allow
us to access the hypercall buffer data but it also defines a
xc_hypercall_buffer_t that we don't use, the compiler will report arg
unused error.
Add __attribute__((unused)) before xc_hypercall_buffer_t to avoid
the compiler error.
Example cases:
In send_all_pages(), we only need to use the hypercall buffer data
which is a dirty bitmap, we set the dirty bitmap to all dirty and call
send_dirty_pages, we will not use the xc_hypercall_buffer_t and hypercall
to retrieve the dirty bitmap.
In send_some_pages(), we will also only need to use the dirty_bitmap.
the retrieve dirty bitmap hypercall are done by the caller.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Thu, 14 May 2015 08:55:06 +0000 (16:55 +0800)]
libxc/migration: Pass checkpoint information into the save algorithm.
The old code checks the callbacks "postcopy & checkpoint", if the
callbacks exists, it will call them. However this is unreliable, so
add this flag to explicitly indicate a checkpointed stream in the new
code. This is backward compatible with the legacy migration just don't
know this flag and will ignore it.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Yang Hongyang <yanghy@cn.fujitsu.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
[ ijc -- added discussion of legacy compat ]
Andrew Cooper [Thu, 14 May 2015 08:55:05 +0000 (16:55 +0800)]
libxc/migration: Specification update for CHECKPOINT records
Checkpointed streams need to signal the end of a consistent view of VM state,
and the start of the libxl data.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: David Vrabel <david.vrabel@citrix.com> Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Thu, 14 May 2015 08:55:04 +0000 (16:55 +0800)]
libxc/save: Adjust stream-position callbacks for checkpointed streams
There are some records which should only be sent once in the stream, and not
repeated for each checkpoint. {start,end}_of_stream() become per-checkpoint,
and a new start_of_stream() is introduced.
There is no resulting change record order, but the X86_PV_INFO record is
identified as once per stream. Currently the X86_PV_P2M_FRAMES record is as
well, but this is because of an implementation bug and can move back to being
on an as-needed basis when fixed.
In addition, a few minor adjustments of comments and layout.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Yang Hongyang <yanghy@cn.fujitsu.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Andrew Cooper [Thu, 14 May 2015 08:55:03 +0000 (16:55 +0800)]
libxc/migration: Be rather stricter with illformed callers
The migration code itself should be able to validly assume all mandatory
callbacks are set up.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Yang Hongyang <yanghy@cn.fujitsu.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Boris Ostrovsky [Wed, 13 May 2015 17:37:35 +0000 (13:37 -0400)]
xenpm: Initialize cputopo pointer
Commit 250f0b43af1a ("libxl/libxc: Move libxl_get_cpu_topology()'s
hypercall buffer management to libxc") broke non-debug compilation:
on error path we may have uninitialized cputopo pointer.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Reported-by: Olaf Hering <olaf@aepfle.de> Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Jan Beulich [Wed, 13 May 2015 14:35:54 +0000 (16:35 +0200)]
IOMMU/x86: avoid pages without GFN in page table creation/updating
Handing INVALID_GFN to functions like hd->platform_ops->map_page()
just can't do any good, and the ioreq server code results in such pages
being on the list of ones owned by a guest.
While - as suggested by Tim - we should use get_gfn()/put_gfn() there
to eliminate races, we really can't due to holding the domain's page
alloc lock. Ultimately arch_iommu_populate_page_table() may need to be
switched to be GFN based. Here is what Tim said in this regard:
"Ideally this loop would be iterating over all gfns in the p2m rather
than over all owned MFNs. As long as needs_iommu gets set first,
such a loop could safely be paused and restarted without worrying
about concurrent updates. The code sould even stay in this file,
though exposing an iterator from the p2m code would be a lot more
efficient."
Original by Andrew Cooper <andrew.cooper3@citrix.com>, using further
suggestions from Tim Deegan <tim@xen.org>.
Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Signed-off-by: Jan Beulich <jbeulich@suse.com> Tested-by: Sander Eikelenboom <linux@eikelenboom.it> Acked-by: Tim Deegan <tim@xen.org> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Yang Zhang <yang.z.zhang@intel.com> Acked-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com>
Boris Ostrovsky [Mon, 11 May 2015 16:31:28 +0000 (12:31 -0400)]
libxl/libxc: Move libxl_get_numainfo()'s hypercall buffer management to libxc
xc_numainfo() is not expected to be used on a hot path and therefore
hypercall buffer management can be pushed into libxc. This will simplify
life for callers.
Also update error logging macros.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Boris Ostrovsky [Mon, 11 May 2015 16:31:27 +0000 (12:31 -0400)]
libxl/libxc: Move libxl_get_cpu_topology()'s hypercall buffer management to libxc
xc_cputopoinfo() is not expected to be used on a hot path and therefore
hypercall buffer management can be pushed into libxc. This will simplify
life for callers.
Also update error reporting macros.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/iommu: arm: Use p2m_ipa_bits as stage2 input size
The Stage2 input-size must match what the CPU uses because
the SMMU and the CPU share page-tables.
Test that the SMMU supports the P2M IPA bit size, use it if
supported or bail out if not.
Reviewed-by: Julien Grall <julien.grall@citrix.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Export p2m_ipa_bits holding the bit size of IPAs used in p2m tables.
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
xen/arm: Re-order iommu_setup to after setup_virt_paging
This is needed to allow the paging setup to probe for
IPA bit sizes to be used in p2m tables prior to iommu setup.
Acked-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
This is because, for free CPUs, -EBUSY were being returned
when trying to tear them down, making cpu_down() unhappy.
It is certainly unpractical to forbid shutting down or
suspenging if there are unassigned CPUs, so this change
fixes the above by just avoiding returning -EBUSY for those
CPUs. If shutting off, that does not matter much anyway. If
suspending, we make sure that the CPUs remain unassigned
when resuming.
While there, take the chance to:
- fix the doc comment of cpupool_cpu_remove() (it was
wrong);
- improve comments in general around and in cpupool_cpu_remove()
and cpupool_cpu_add();
- add a couple of ASSERT()-s for checking consistency.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Julien Grall <julien.grall@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Sun, 10 May 2015 13:14:51 +0000 (14:14 +0100)]
pvgrub: initialise p2m_size
In 84083790 ("libxc: add p2m_size to xc_dom_image") a new field is
added. We should initialised this field in pvgrub as well, otherwise
xc_dom_build_image won't work properly.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andrew Cooper [Mon, 11 May 2015 08:42:35 +0000 (10:42 +0200)]
x86/hvm: permit HVM_PARAM_IDENT_PT to be set more than once
There is no conceptual problem with setting this parameter more than once.
Checkpointed migration streams will typically set it once per checkpoint to
the same value.
The parameter is only actually needed on early-generation VT-x which lacked
the unrestricted guest capability, although it could plausibly be used on
newer VT-x with unusual execution control settings. Short circuit the
expensive operations on non VT-x hardware.
The parameter itself must always be latched to avoid issues if the VM
eventually migrates to a host which needs to use the pagetable.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Paul Durrant [Mon, 11 May 2015 08:39:07 +0000 (10:39 +0200)]
x86/hvm: add store and console event channel params to white-list
My recent patch "use white-lists for HVM param guest accessibility checks"
(commit 30efda12d63ff536102ed8e580b4c09765683b44) introduced a regression
when saving and restoring Windows guests running Xen Project PV drivers.
The drivers reset the event channel ABI on resume. This has the effect of
closing the store and console local event channel ports created by the
toolstack. The drivers do not currently use the console port but they
do use the store port and thus, prior to reset, they sample the remote
domain and port and then re-bind the channel - yielding a new and possibly
different local port - after reset. They then store the new local port
value in HVM_PARAM_CONSOLE_EVTCHN. That operation now fails and may
lead to a crash, if using a debug build of the drivers, or a barely
functional connection to xentored if not.
This patch adds HVM_PARAM_STORE_EVTCHN and HVM_PARAM_CONSOLE_EVTCHN to
the guest-settable white-list since either of them can be invalidated
by an event channel ABI reset and thus the guest may indeed need to
write new values to them to make them valid again.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
xen/arm64: Avoid sending SGI when kicking secondary cpus with spin_table
On arm64, either firmware or xen's smp_up_cpu gate uses WFE on secondary
cpus to stand-by when booting. Thus, using SEV is enough for the boot
cpu to kick other secondaries. Further more, the current implementation
of cpu_up_send_sgi would pass a NULL cpumask pointer to send_SGI, which
then lead a data fault on GICv3 send_SGI implementation.
Signed-off-by: Chen Baozi <baozich@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: gic: Refactor the code for creating gic node
Since fdt_begin_node() is called by all gicXX_make_dt_node() to create
the interrupt-controller devicetree node, this patch refactors the call
and moves it inside make_gic_node(). This also matches the fdt_end_node()
call at the end of make_gic_node().
This patch also move the call to gic_make_node() wrapper to be after all
other generic properties are setup. This allows creating sub-node inside
gic_make_node() in order to support v2m sub-node.
Signed-off-by: Suravee Suthikulpanit <Suravee.Suthikulpanit@amd.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Although in principal #interrupt-cells can vary it must always be 3
for a GIC (and we only support GIC as a guest interrupt controller),
so putting it in common code is OK.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
tools/libxl: Create a per-arch function to map IRQ to a domain
ARM and x86 use a different hypercall to map an IRQ to a domain.
The hypercall to give IRQ permission to the domain has also been moved
to be an x86 specific function as ARM guest won't be able to manage the IRQ.
We may want to support it later.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
xen/passthrough: Extend XEN_DOMCTL_*assign_device to support DT device
A device node is described by a path. It will be used to retrieve the
node in the device tree and assign the related device to the domain.
Only non-PCI devices protected by an IOMMU can be assigned to a guest.
Also document the behavior of XEN_DOMCTL_deassign_device in the public
headers which differ between non-PCI and PCI.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Wei Liu <wei.liu2@citrix.com>
xen/xsm: Add helpers to check permission for device tree passthrough
This is a follow-up of commit 525ee49 "xsm: add device tree labeling
support" which add support for device tree labelling in flask.
Those helpers will be use latter when non-pci passthrough (i.e device
tree) will be added.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/passthrough: iommu_deassign_device_dt: By default reassign device to nobody
Currently, when the device is deassigned from a domain, we directly reassign
to DOM0.
As the device may not have been correctly reset, this may lead to corruption or
expose some part of DOM0 memory. Also, we may have no way to reset some
platform devices.
If Xen reassigns the device to "nobody", it may receive some global/context
fault because the transaction has failed (indeed the context has been
marked invalid). Unfortunately there is no simple way to quiesce a buggy
hardware. I think we could live with that for a first version of platform
device passthrough.
DOM0 will have to issue an hypercall to assign the device to itself if it
wants to use it.
xen/passthrough: arm: release the DT devices assigned to a guest earlier
The toolstack may not have deassigned every device used by a guest.
Therefore we have to go through the device list and remove them before
asking the IOMMU drivers to release memory for this domain.
This can be done by moving the call to the release function when we
relinquish the resources. The IOMMU part will be destroyed later when
the domain is freed.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Signed-off-by: Robert VanVossen <robert.vanvossen@dornerworks.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen: guestcopy: Provide an helper to safely copy string from guest
Flask code already provides a helper to copy a string from guest. In a later
patch, the new DT hypercalls will need a similar function.
To avoid code duplication, copy the flask helper (flask_copying_string) to
common code:
- Rename into safe_copy_string_from_guest
- Add comment to explain the extra +1
- Return the buffer directly and use the macros provided by
xen/err.h to return an error code if necessary.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Keir Fraser <keir@xen.org>
On x86, an IRQ is assigned in 2 steps to an HVM guest:
- The toolstack is calling PHYSDEVOP_map_pirq in order to create a
guest PIRQ (IRQ bound to an event channel)
- The emulator (QEMU) is calling DOMCTL_bind_pt_irq in order to
bind the IRQ
On ARM, there is no concept of PIRQ as the IRQ can be assigned to a
virtual IRQ using the interrupt controller.
It's not clear if we will need 2 different hypercalls on ARM to assign
IRQ and, for now, only the toolstack will manage IRQ.
In order to avoid re-using a fixed ABI hypercall (PHYSDEVOP_*) for a
different purpose and allow us more time to figure out the right out,
only DOMCTL_{,un}bind_pt_pirq is implemented on ARM.
The DOMCTL is extended with a new type PT_IRQ_TYPE_SPI and only IRQ ==
vIRQ (i.e machine_irq == spi) is supported.
In order to keep the same XSM checks done by the 2 hypercalls on x86,
call both xsm_map_domain_irq & xsm_bind_pt_irq in the ARM implementation.
Note: The toolstack changes for routing an IRQ to a guest will be done
in a separate patch.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Jan Beulich <jbeulich@suse.com>
xen/arm: Release IRQ routed to a domain when it's destroying
Xen has to release IRQ routed to a domain in order to reuse later.
Currently only SPIs can be routed to the guest so we only need to
browse SPIs for a specific domain.
Furthermore, a guest can crash and leave the IRQ in an incorrect state
(i.e has not been EOIed). Xen will have to reset the IRQ in order to
be able to reuse the IRQ later.
Introduce 2 new functions for release an IRQ routed to a domain:
- release_guest_irq: upper level to retrieve the IRQ, call the GIC
code and release the action
- gic_remove_guest_irq: Check if we can remove the IRQ, and reset
it if necessary
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Introduce spi_to_pending in order retrieve the irq_pending structure for
a specific SPI.
It's not possible to re-use irq_to_pending because it's required a VCPU
and some call of the new function may during domain destruction after
the VCPUs are freed.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: Let the toolstack configure the number of SPIs
Each domain may have a different number of IRQs depending on the devices
assigned to it.
Rather than re-using the number of IRQs used by the hardwared GIC, let
the toolstack specify the number of SPIs when the domain is created.
This will avoid wasting memory.
To calculate the number of SPIs, we take advantage of the fact that the
libxl interface can only expose 1:1 mapping and look for the largest SPI
in the list.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Wei Liu <wei.liu2@citrix.com>
Andrew Cooper [Fri, 8 May 2015 12:54:34 +0000 (13:54 +0100)]
tools/libxc: Properly bracket macro parameters
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Yang Hongyang <yanghy@cn.fujitsu.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- s/quoted/bracket/ in the subject ]
Olaf Hering [Thu, 7 May 2015 08:54:26 +0000 (08:54 +0000)]
libxlu: handle NULL pointer in xlu_cfg_destroy
Handle NULL pointer passed to xlu_cfg_destroy. libvirt calls it in its
libxlDriverConfigDispose function. If the XLU_Config was not initialized
yet for some reason a crash would occur on cleanup.
Avoid the crash just like libxl_ctx_free and xtl_logger_destroy do when
called from the same context.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
Wei Liu [Fri, 24 Apr 2015 09:03:41 +0000 (10:03 +0100)]
libxl: remove redundant assignment of spawn-xspath
Reported-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
libxl: Add qxl vga interface support for upstream qemu
Usage:
vga="qxl"
Qxl vga support many resolutions that not supported by stdvga,
mainly the 16:9 ones and other high up to 2560x1600.
With QXL you can get improved performance and smooth video also
with high resolutions and high quality.
Require their drivers installed in the domU and spice used
otherwise act as a simple stdvga.
Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> Signed-off-by: Zhou Peng <zpengxen@gmail.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
George Dunlap [Thu, 23 Apr 2015 13:29:40 +0000 (09:29 -0400)]
libxc/xentrace: Use xc_cpumap_t for xc_tbuf_set_cpu_mask
xentrace is the only caller at the moment. Split the cpu and event
mask setting out into seperate functions, but leave the current limit
of 32 bits for masks passed in from the command-line.
Based on a patch from Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
libxl/cpumap: Add xc_cpumap_[setcpu, clearcpu, testcpu] to complement xc_cpumap_alloc.
We export the xc_cpumap_alloc but not the bit operations.
One could include 'xc_bitops.h' but that is naughty - so instead
we just export the proper functions to do it on the xc_cpumap_t
typedef.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
----
v2: Use our own macro to make sure ARM is not affected negatively
v3: Lifted Ian's explanation.
Ian Campbell [Mon, 30 Mar 2015 13:53:35 +0000 (14:53 +0100)]
xen: arm: Annotate registers trapped by MDCR_EL2.TDRA
DBGDRAR and DBGDSAR are actually two cp or sys registers each, one
32-bit and one 64-bit. The cpregs #define is suffixed "64" and
annotations are added to both handlers.
MDRAR_EL1 (arm64 version of DBGDRAR) wasn't handled, so add that here.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Mon, 30 Mar 2015 11:33:49 +0000 (12:33 +0100)]
xen: arm: provide and use a handle_raz_wi helper
Reduces the use of goto in the trap handlers to none.
Some explicitly 32-bit types become register_t here, but that's OK, on
32-bit they are 32-bit already and on 64-bit it is fine/harmless to
set the larger register, a 32-bit guest won't see the top half in any
case.
Per section B1.2.1 (ARMv8 DDI0487 A.d) writes to wN registers are zero
extended, so there is no risk of leaking the top half here.
Unlike the previous code the advancing of PC is handled within the
helper, rather than after the end of the switch as before. So return
as the handler is called.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Mon, 30 Mar 2015 11:18:08 +0000 (12:18 +0100)]
xen: arm: Fix handling of ICC_{SGI1R,SGI0R,ASGI1R}_EL1
Having injected an undefined instruction we don't want to also advance
pc. So return.
The ICC_{SGI0R,ASGI1R}_EL1 case was previously missing a break, so
would have fallen through to the default case and injected a second
undef, corrupting SPSR_EL1 and ELR_EL1 for the guest.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Roger Pau Monné [Fri, 8 May 2015 09:05:29 +0000 (11:05 +0200)]
x86/pvh: use a custom IO bitmap for PVH hardware domains
Since a PVH hardware domain has access to the physical hardware create a
custom more permissive IO bitmap. The permissions set on the bitmap are
populated based on the contents of the ioports rangeset.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Boris Ostrovsky [Fri, 8 May 2015 09:02:41 +0000 (11:02 +0200)]
sysctl: add sysctl interface for querying PCI topology
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
David Vrabel [Fri, 8 May 2015 08:59:44 +0000 (10:59 +0200)]
arm: provide arch_fetch_and_add()
arch_fetch_and_add() atomically adds a value and returns the previous
value.
This generic arm implementation uses the GCC __sync_fetch_and_add()
builtin. This builtin resulted in suitable inlined asm for GCC 4.8.3
(arm64) and GCC 4.6.3 (arm32).
This is needed to implement ticket locks.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Paul Durrant [Thu, 7 May 2015 13:08:43 +0000 (15:08 +0200)]
x86/hvm: use white-lists for HVM param guest accessibility checks
There are actually very few HVM parameters that a guest needs to read
and even fewer that a guest needs to write. Use white-lists to specify
those parameters and also ensre that, by default, newly introduced
parameters are not accessible.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Paul Durrant [Thu, 7 May 2015 13:07:57 +0000 (15:07 +0200)]
x86/hvm: introduce functions for HVMOP_get/set_param allowance checks
Some parameters can only (validly) be set once. Some should not be set
by a guest for its own domain, and others must not be set since they
require the domain to be paused. Consolidate these checks, along with
the XSM check, in a new hvm_allow_set_param() function for clarity.
Also, introduce hvm_allow_get_param() for similar reasons.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Paul Durrant [Thu, 7 May 2015 13:06:25 +0000 (15:06 +0200)]
x86/hvm: give HVMOP_set_param and HVMOP_get_param their own functions
The level of switch nesting in those ops is getting unreadable. Giving
them their own functions does introduce some code duplication in the
the pre-op checks but the overall result is easier to follow.
This patch is code movement (including style fixes). There is no
functional change.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
projects / people / liuw / libxenctrl-split / xen.git / log