[XEN] Allow add_to_physmap to be applied to DOMID_SELF.
Also sanitise handling of existing mappings of Xen heap
frames. Signed-off-by: Steven Smith <ssmith@xensource.com> Signed-off-by: Keir Fraser <keir@xensource.com>
[HVM] Add a concept of HVM parameters to the hypervisor.
Each HVM domain has a space of HVM parameters associated with it,
and these can be manipulated via a new hvm_op hypercall. This means
that the hypervisor no longer needs to parse the hvm_info table, so
remove that code.
Signed-off-by: Steven Smith <ssmith@xensource.com> Signed-off-by: Keir Fraser <keir@xensource.com>
For the purpose of quick compile testing of (namely smaller) changes,
provide a
means to build individual pieces underneath the xen dir (could equally
be applied
to tools, and the top level Makefile could also be made aware of this
logic to
make things even more consistent). At once, add a way to only
pre-process files
in case some of the more complicated macros need change and hence
inspection
of the results.
[LINUX] Allows userspace tools on a domU to set up a watch on the xenstore.
It does this by intercepting XS_WATCH requests written
to /proc/xen/xenbus and then re-submitting the request to the
in-kernel xenstore interface, in
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c. When a callback
occurs, an in-kernel function is invoked, which then reconstructs a
response in the format expected by userspace, and sends this response
through /proc/xen/xenbus.
It was necessary to add some supporting infrastructure to
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_dev.c, such as an
additional mutex to protect the response queue and a list of active
watches associated with each connection.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
[TOOLS] Modify xenstore_client.c to include a new utility, xenstore-chmod.
This utility permits developers and administrators to
manually change the permissions on arbitrary locations in XenStore
from the command line. This is often helpful if you're trying to debug an
application that relies on XenStore and is encountering difficulties
with permissions.
Signed-off-by: Michael LeMay <mdlemay@epoch.ncsc.mil>
[HVM] Place all APIC registers into one page in native format.
With this change we can re-use code at include/asm-x86/apicdef.h,
making the code much cleaner. Also it help for future enhancement.
This patch does not change any logic except the change to
CONTROL_REG_ACCESS_NUM, which should be 0xf for CR8 access.
[VMXASSIST] Fix GDTR accesses when paging mode enabled.
The gdtr information in oldctx is an address for guest, not for
vmxassist. When access descriptor on guest gdt, we need to go through
guest page table if guest enable paging. This error may happen if
guest enable PE/PG in one instruction.
Signed-off-by: Yunhong Jiang <yunhong.jiang@intel.com>=20 Signed-off-by: Xin Li <xin.b.li@intel.com>
[PCI] back: Fix potential infinite loop in pcistub_match_one().
The for loop in pcistub_match_one will loop forever if the
dev->bus->self links to itself at the uppermost bridge. Adding a
check to prevent linking back in on itself prevents this.
Switch blktapctrl.c over to using standard system daemon(3) call. Current patch was not closing all FDs and redirecting output to /dev/null, preventing tapdisk from launching correctly.
[HVM][SVM] Change the calling convention for SVM VMMCALLs so
that they don't conflict with the hypercall calling convention. Signed-off-by: Steven Smith <ssmith@xensource.com>
[XEN] Add hypercall support for HVM guests. This is
fairly useless at the moment, since all of the hypercalls
fail, since copy_from_user doesn't work correctly in HVM
domains.
Signed-off-by: Steven Smith <ssmith@xensource.com>
Add a CPUID hypervisor platform interface at leaf
0x40000000. Allow hypercall transfer page to be filled
in via MSR 0x40000000.
[LINUX] Do not early-unpin pagetables that contain foreign mappings.
This fixes a bug whereby foreign pages were freed by the unpin, which
then become owned by the local domain before it destroys its ptes.
It therefore (erroneously) detects the mappings as local and so
updates reference counts, leading to crashes. Signed-off-by: Keir Fraser <keir@xensource.com>
[XEN] Hide compile-time information values behind a
functional interface, so that the values are contained
within a single object file. Signed-off-by: Keir Fraser <keir@xensource.com>
[ACM] A wxPython GUI tool for sHype/ACM in Xen. It is used
and described in the user guide to demonstrate how to quickly create,
enforce, and test workload protection policies in Xen. The tool is aimed
to improve usability of sHype/ACM for Xen.It is included in a single
file to make it easy to try it out on different platforms (it inherits
the look and feel of the base platform). It is tested on Linux and
Windows. Please read the new user guide section about how to start and
use the tool (section 10.2).
Requirements: python (www.python.org), wxPython (www.wxpython.org or
try 'yum install wxPython').
[DOCS][ACM] Update the user guide for Xen with a chapter describing the
sHype/ACM security module for Xen. Section 10.2 offers a quick guide
showing how to setup and test the workload protection with sHype/ACM
in Xen.
This patch adds TCP Segmentation Offload (TSO) support to the
frontend.
It also advertises this fact through xenbus so that the frontend can
detect this and send through TSO requests only if it is supported.
This is done using an extra request slot which is indicated by a flag
in the first slot. In future checksum offload can be done in the same
way.
Even though only TSO is supported for now the code actually supports
GSO so it can be applied to any other protocol. The only missing bit
is the detection of host support for a specific GSO protocol. Once
that is added we can advertise all supported protocols to the guest.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Disable for now, as in domU->dom0 direction.
This patch adds scatter-and-gather transmission support to the
backend. This allows the MTU to be raised right now and the potential
for TSO in future.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds scatter-and-gather support to the frontend. It also
advertises this fact through xenbus so that the backend can detect
this and send through SG requests only if it is supported.
SG support is required to support skb's larger than one page. This
in turn is needed for either jumbo MTU or TSO. One of these is
required to bring local networking performance up to a level that
is acceptable.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds a tx queue to the backend if the frontend supports rx
refill notification. A queue is needed because SG/TSO greatly reduces
the number of packets that can be stored in the rx ring. Given an rx
ring with 256 entries, a maximum TSO packet can occupy as many as 18
entries, meaning that the entire ring can only hold 14 packets. This
is too small at high bandwidths with large TCP RX windows.
Having a tx queue does not present a new security risk as the queue is
a fixed size buffer just like the rx ring. So each guest can only
hold a
fixed amount of memory (proportional to the tx queue length) on the
host.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cannot BUG_ON netbk_queue_full yet !netbk_can_queue, as this can be
triggered by a misbehaving client. Set req_event appropriately when
stopping the packet queue, or we will not receive a notification.
[XEN] Some suspicion that we may enter an infinite
#PF loop due to broken spurious pagefault detection.
Beef up the tracing on that code path so we can catch
some useful info if it happens. Signed-off-by: Keir Fraser <keir@xensource.com>
Add a transaction_started field in xenstored connection structure instead of
browsing the list of transaction each time
Bump the default to 10, and make it configurable through the command line.
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
[TPM] Remove some stale code from the TPM backend driver. The code
used to be used for sending of vTPM control commands, but now this is
all done with the hotplug scripts.
This patch adds support to the frontend for notifying the backend whenever
the rx ring is refilled. This is required in order for the backend to
get a tx queue.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Modified to only send notification if req_event index is set
appropriately.
[NET] back: Replace netif->status with netif_carrier_ok
The connection status to the frontend can be represented using
netif_carrier_ok instead of netif->status. As a result, we delay
the construction of the dev qdisc until the carrier comes on. This
is a prerequisite for adding a tx queue.
By the same token, netif->active is now simply the conjunction of
netif_running and netif_carrier_ok so it too can be removed.
Because netif_carrier_off/netif_carrier_on and rtnl_lock all entail
memory barriers, there is no need to have extra memory barriers around
them.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch moves all rx request pushing to network_alloc_rx_buffers.
This is needed to reduce churn for TSO. More importantly, this makes
it easier to send notifications when adding rx requests which is
required for having a queue in dom0.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[NET] front: Clean up rx ring recovery. Signed-off-by: Keir Fraser <keir@xensource.com>
This is an update to c/s
10855:03c8002068d9d60c7bbfc2f41af975e09b2e2211
which should have contained the following changeset message
(rather than 'Merge.').
[NET] front: Stop using rx->id
With the current protocol for transferring packets from dom0 to domU,
the
rx->id field is useless because it can be derived from the rx request
ring
ID. In particular,
rx->id = (ring_id & NET_RX_RING_SIZE - 1) + 1;
This formula works because the rx response to each request always
occupies
the same slot that the request arrived in. This in turn is a
consequence
of the fact that each packet only occupies one slot.
The other important reason that this works for dom0=>domU but not
domU=>dom0
is that the resource associated with the rx->id is freed immediately
while
in the domU=>dom0 case the resource is held until the skb is liberated
by
dom0.
Using this formula we can essentially remove rx->id from the protocol,
freeing up space that could be instead be used by things like TSO.
The
only constraint is that the backend must obey the rule that each id
must
only be used in the response that occupies the same slot as the
request.
The actual field of rx->id is still maintained for compatibility with
older backends.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
[PCI] Basic documentation for the per-device permissive
flag and the two policy files. However, the general intent of this
patch set is to avoid the need for user interaction, so documentation
is somewhat sparse.
Signed-off-by: Chris Bookholt <hap10@tycho.ncsc.mil>
[PCI] Two policy files written in what is intended to be human-readable SXP.
1. xend-pci-quirks.sxp:
Specifies which PCI device(s) may write to a set of PCI configuration
space registers. A quirky PCI device is identified by its vendor ID,
device ID, subvendor ID, and subdevice ID. If a matching entry is
found, the corresponding fields will be sent to the PCI bus manager.
Fields are composed of a register, size, and mask -- although the mask
field is currently unused.
The included policy file is for a range of tg3 devices, which is the
only type of quirky device I know about. Users with other quirky
devices are invited to either add entries to this policy file or add
an entry in the permissive file, described next. In either case, send an
email to the xen-devel list to make the device known.
2. xend-pci-permissive.sxp
Lists PCI devices that pciback should not prevent from writing to
their configuration space. This can be necessary if, for example, a new
Tigon3 devices is released with different PCI vendor/device values
such that no entry in xend-pci-quirks.sxp is triggered.
Signed-off-by: Chris Bookholt <hap10@tycho.ncsc.mil>
[PCI] Allow per-device configuration for fine-grained control over PCI
configuration space writes, with a goal that was also previously
described by Ryan:
"Permissive mode should only be used as a fall back for unknown
devices.
I think the correct solution for dealing with these device-specific
configuration space registers is to identify them and add the
device-specific fields to the overlay. This patch adds a special
configuration space handler for network cards based on the tg3 linux
network device driver. This handler should allow for reads/writes to
all of the configuration space registers that the tg3 driver requires."
This patch attempts to address concerns with Ryan's original
submission by moving policy from the dom0 kernel into dom0 user-space.
As new quirky devices emerge they can be incorporated into the user-space
policy. An added benefit is that changes to the policy are effective
for domains created after the changes are written (no need rebuild the
hypervisor or restart xend).
Signed-off-by: Chris Bookholt <hap10@tycho.ncsc.mil>
[qemu] Fix reads on unreported memory addresses.
The function cpu_physical_memory_rw() thinks that if an address is
not mmio-related, it is assumed to be a RAM case. This is improper.
When making the assumption, we should make sure the address is less
than the guest physical memory size ram_size.
From: Cui, Dexuan <dexuan.cui@intel.com> Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
projects / xen.git / log