Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- resorted list in Makefile, moving thunderx entry ]
Philipp Hahn [Sun, 8 Mar 2015 10:54:17 +0000 (11:54 +0100)]
VHD: Fix locale aware character encoding handling
ASCII is 7 bit only, which does not work in UTF-8 environments:
> failed to read parent name
Setup locale in vhd-util to parse LC_CTYPE and use the right codeset
when doing file name encoding and decoding.
Increase allocation for UTF-8 buffer as one UTF-16 character might use
twice as much space in UTF-8 (or more).
Don't check outbytesleft==0 as one UTF-8 characters get encoded into
1..8 bytes, so it's perfectly fine (and expected) for the output to have
remaining bytes left.
libxl_wait_for_memory_target: wait for 2 sec at a time
Use a 2 sec sleep time in the loop to allow the guest to release a
decent amount of memory in an iteration (empirical tests show ballooning
speed to be 512MB/sec or recent boxes).
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Mike Latimer <mlatimer@suse.com> Tested-by: Mike Latimer <mlatimer@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
freemem: remove call to libxl_wait_for_free_memory
Now that libxl_wait_for_memory_target is capable of waiting until dom0
reaches its target, we can remove the other wait function call:
libxl_wait_for_free_memory. No need to wait twice. Once dom0 has met its
target, simply loop again and recalculate free_memkb.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Reviewed-by: Mike Latimer <mlatimer@suse.com> Tested-by: Mike Latimer <mlatimer@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Fri, 6 Mar 2015 11:33:48 +0000 (11:33 +0000)]
libxc: use xc_dom_panic when decompressor is not supported
State explicitly that specific decompressor is not supported by libxc.
Without this change, libxc error message only says the provided kernel
is invalid, which is misleading.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: svenvan.van@gmail.com Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ross Lagerwall [Tue, 10 Mar 2015 12:52:01 +0000 (13:52 +0100)]
EFI: fix getting EFI variable list on some systems
Copy the entire output buffer to the guest because some firmwares update
size on successful calls (contrary to the spec) and the buffer may
contain data beyond the output size that the firmware requires on a
subsequent GetNextVariableName() call (e.g. a NULL character).
Note that this shouldn't change the amount of data copied because on success, a
compliant firmware does not change size and so the entire buffer is copied
anyway. If size is changed, Xen does not copy the buffer.
Without this change, the following (simplified) sequence would occur:
GetNextVariableName: in \0, size 1024 || out AdminPw\0, size 7
GetNextVariableName: in AdminPw\0, size 1024 || out UserPw\0, size 6
GetNextVariableName: in UserPww\0, size 1024 || NOT FOUND
This was seen on an Intel S1200RP_SE with firmware
S1200RP.86B.02.02.0005.102320140911, version 4.6, date 2014-10-23.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Daniel De Graaf [Tue, 10 Mar 2015 12:50:24 +0000 (13:50 +0100)]
flask: create unified "flask=" boot parameter
This unifies the flask_enforcing and flask_enabled boot parameters into
a single parameter with additional states. Defined options are:
enforcing - require policy to be loaded at boot time and enforce it
permissive - a missing or broken policy does not panic
disabled - revert to dummy (no XSM) policy. Was flask_enabled=0
late - bootloader policy is not used; later loadpolicy is enforcing
The default mode remains "permissive" and the flask_enforcing boot
parameter is retained for compatibility. If flask_enforcing=1 is
specified and flask= is not, the bootloader policy will be loaded in
enforcing mode if present, but errors will disable access controls until
a successful loadpolicy instead of causing a panic at boot.
Suggested-by: Julien Grall <julien.grall@linaro.org> Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Tue, 10 Mar 2015 12:45:51 +0000 (13:45 +0100)]
x86emul: fully ignore segment override for register-only operations
For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.
This is CVE-2015-2151 / XSA-123.
Reported-by: Felix Wilhelm <fwilhelm@ernw.de> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Tim Deegan <tim@xen.org> Reviewed-by: Keir Fraser <keir@xen.org>
Daniel De Graaf [Mon, 9 Mar 2015 13:04:55 +0000 (14:04 +0100)]
flask: clean up initialization and #defines
This removes the FLASK_DEVELOP and FLASK_BOOTPARAM configuration
parameters which have never been settable by users. Disabling the
FLASK_DEVELOP configuration option has not produced a compiling
hypervisor for some time, and the FLASK_BOOTPARAM option will be
replaced with a more flexible boot parameter.
This also changes the return type of xsm_initcall_t to void to properly
reflect the fact that the caller ignores the return value.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Roger Pau Monné [Mon, 9 Mar 2015 13:01:40 +0000 (14:01 +0100)]
iommu: fix usage of shared EPT/IOMMU page tables on PVH guests
iommu_share_p2m_table should not prevent PVH guests from using a shared page
table between the IOMMU and EPT. Clean the code by removing the asserts in
the vendor specific implementations (amd_iommu_share_p2m, iommu_set_pgd),
and moving the hap_enabled assert to the caller (iommu_share_p2m_table).
Also fix another incorrect usage of is_hvm_domain usage in
arch_iommu_populate_page_table. This has not given problems so far because
all the pages in PVH guests are of type PGT_writable_page.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Tested-by: David Vrabel <david.vrabel@citrix.com> Reviewed-by: Tim Deegan <tim@xen.org> Acked-by: Kevin Tian <kevin.tian@intel.com>
Jan Beulich [Mon, 9 Mar 2015 13:00:19 +0000 (14:00 +0100)]
VT-d: print_vtd_entries() should cope with superpages
Even if VT-d code alone (i.e. when not sharing tables with EPT) still
doesn't support superpages, this function - invoked upon DMA remapping
faults - needs to cope with such.
While at it also replace a few more plain numbers with suitable named
constants.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
Jan Beulich [Fri, 6 Mar 2015 16:28:54 +0000 (17:28 +0100)]
x86: widen NUMA nodes to be allocated from
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 6 Mar 2015 16:27:33 +0000 (17:27 +0100)]
allow domain heap allocations to specify more than one NUMA node
... using struct domain as a container for passing the respective
affinity mask: Quite a number of allocations are domain specific, yet
not to be accounted for that domain. Introduce a flag suppressing the
accounting altogether (i.e. going beyond MEMF_no_refcount) and use it
right away in common code (x86 and IOMMU code will get adjusted
subsequently).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 6 Mar 2015 16:26:30 +0000 (17:26 +0100)]
x86: allow specifying the NUMA nodes Dom0 should run on
... by introducing a "dom0_nodes" option augmenting the "dom0_mem" and
"dom0_max_vcpus" ones.
Note that this gives meaning to MEMF_exact_node specified alone (i.e.
implicitly combined with NUMA_NO_NODE): In such a case any node inside
the domain's node mask is acceptable, but no other node. This changed
behavior is (implicitly) being exposed through the memop hypercalls.
Note further that this change doesn't take care of moving the initrd
image into memory matching Dom0's affinity when the initrd doesn't get
copied (because of being part of the initial mapping) anyway.
And note finally that this doesn't get us meaningfully closer to
handing vNUMA information to Dom0 (which will require the current
striping of allocations to become node-specific in order for the passed
on information to be meaningful).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Dario Faggioli <dario.faggioli@cirix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 6 Mar 2015 15:56:53 +0000 (16:56 +0100)]
credit: generalize __vcpu_has_soft_affinity()
As pointed out in the discussion of the patch at
http://lists.xenproject.org/archives/html/xen-devel/2015-02/msg03256.html
generalizing the conditions here means code elsewhere doesn't need to
take into consideration internals of how load balancing in the credit
scheduler works.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: George Dunlap <george.dunlap@eu.citrix.com> Reviewed-by: Dario Faggioli <dario.faggioli@citrix.com>
Jan Beulich [Fri, 6 Mar 2015 15:56:16 +0000 (16:56 +0100)]
test_x86_emulate: fix inline assembly in blowfish code
With certain gcc versions, commit 1166ecf781 ("tools/Rules.mk: Don't
optimize debug builds; add macro debugging information") results in the
file scope inline assembly no longer being emitted to the .text section
without explicitly switching to it, which causes the blowfish test to
signal SEGV.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 6 Mar 2015 15:54:53 +0000 (16:54 +0100)]
do_xen_version() cleanup
- use exisiting latched value of current->domain where available
- use __copy_to_guest() instead of copy_to_guest() where possible
- drop redundant inclusion of xen/config.h
- drop pointless braces
- consistenly use typedef names
- formatting
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Tim Deegan <tim@xen.org> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Ian Campbell [Tue, 3 Mar 2015 17:02:22 +0000 (17:02 +0000)]
libxl: Correct license header on libxl_flask.c to be LGPL
libxl is intended to be an LGPL 2.1 licensed library, however this
file inadvertently got given a GPL header.
The following people have touched this file, although all but Machon's
contributions are trivial and/or mechanical an Ack from each would be
unambiguous:
$ git log --format='%an <%aE>' tools/libxl/libxl_flask.c | sort -u
Ian Campbell <ian.campbell@citrix.com>
Ian Jackson <ian.jackson@eu.citrix.com>
Machon Gregory <mbgrego@tycho.ncsc.mil>
Wei Liu <liuw@liuw.name>
$
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Machon Gregory <mbgrego@tycho.ncsc.mil> Cc: Wei Liu <liuw@liuw.name> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Wei Liu <liuw@liuw.name> Acked-by: M. Gregory <mbgrego@tycho.ncsc.mil>
Wei Liu [Tue, 3 Mar 2015 12:44:38 +0000 (12:44 +0000)]
xsm/policy: remove gawk-ism line in Makefile
Translate gawk regex to mawk regex to allow using mawk. The new regex
works on both gawk and mawk.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Vijaya Kumar K [Wed, 4 Mar 2015 06:06:25 +0000 (11:36 +0530)]
xen/arm: Don't pass the PSCI-0.2 node to DOM0
psci node is generated by xen for dom0.
if the host device tree has psci-0.2 skip parsing this node
and avoid copying from host device tree to dom0 device tree.
Signed-off-by: Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Frediano Ziglio [Tue, 3 Mar 2015 15:41:14 +0000 (15:41 +0000)]
xen/arm: Make gic-v2 code handle hip04-d01 platform
The GIC in this platform is mainly compatible with the standard
GICv2 beside:
- ITARGET is extended to 16 bit to support 16 CPUs;
- SGI mask is extended to support 16 CPUs;
- maximum supported interrupt is 510;
- GICH APR and LR register offsets.
Signed-off-by: Frediano Ziglio <frediano.ziglio@huawei.com> Signed-off-by: Zoltan Kiss <zoltan.kiss@huawei.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Frediano Ziglio [Tue, 3 Mar 2015 15:41:12 +0000 (15:41 +0000)]
xen/arm: Duplicate gic-v2.c file to support hip04 platform version
HiSilison Hip04 platform use a slightly different version.
This is just a verbatim copy of the file to workaround git
not fully supporting copy operation.
Signed-off-by: Frediano Ziglio <frediano.ziglio@huawei.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Add Memory Bandwidth Monitoring(MBM) for VMs. Two types of monitoring
are supported: total and local memory bandwidth monitoring. To use it,
CMT should be enabled in hypervisor.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Jan Beulich [Wed, 4 Mar 2015 09:02:50 +0000 (10:02 +0100)]
domctl: cleanup
- drop redundant "ret = 0" statements
- drop unnecessary braces
- eliminate a few single use local variables
- move break statements inside case-specific braced scopes
- eliminate trailing whitespace
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 4 Mar 2015 09:01:41 +0000 (10:01 +0100)]
vNUMA: validate XEN_DOMCTL_setvnumainfo input
As we get ready to use the information set for a domain here we should
make sure it is actually valid: Both vNode and pNode numbers should be
in range. Do a little bit of other cleanup so the code ends up looking
reasonably consistent in style.
Along with this goes that we don't need an array of unsigned int to
store the pNode number - a nodeid_t one (a quarter the size) suffices.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@cigtrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Wed, 4 Mar 2015 08:59:47 +0000 (09:59 +0100)]
x86/tboot: invalidate FIX_TBOOT_MAP_ADDRESS mapping after use
In order for commit cbeeaa7d ("x86/nmi: fix shootdown of pcpus
running in VMX non-root mode")'s re-use of that fixmap entry to not
cause undesirable (in crash context) cross-CPU TLB flushes, invalidate
the fixmap entry right after use.
Ian Campbell [Wed, 25 Feb 2015 13:39:48 +0000 (13:39 +0000)]
netif.h: describe request/response structures in terms of binary layout
In RFC style, rather than relying on the implicit assumptions of a
particular C ABI.
I have also confirmed, using the Python gdb extension technique in
[0], that the struct offsets (in a Linux binary at least) are the same
as described here.
I took the opportunity to also confirm that x86_32, x86_64, arm32 and
arm64 are all the same.
This highlighted that struct netif_rx_request was missing some
explicit padding, which is added here.
Lastly, fixup some struct names to allow the generated docs to
properly hyperlink, mainly by adding the _t to type names where
appropriate, but also s/netif_tx_extra/netif_extra_info_t/.
Wei Liu [Wed, 25 Feb 2015 14:56:06 +0000 (14:56 +0000)]
libxl: update libxl.h to say _dispose is idempotent
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 25 Feb 2015 14:56:05 +0000 (14:56 +0000)]
testidl: call _init and _dispose several times
Call _init and _dispose between 1 to 10 times on a type to test if _init
and _dispose are idempotent.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 25 Feb 2015 14:56:04 +0000 (14:56 +0000)]
gentypes: make dispose function tolerate NULL
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 25 Feb 2015 14:56:03 +0000 (14:56 +0000)]
gentypes: zero out structure in _dispose function
Original the structure was memset to a poison value. That prevented
_dispose to be made idempotent. We should stop doing so.
Memseting the structure to 0 makes all pointers in structure become
NULL, which can be handled by free().
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 25 Feb 2015 14:56:01 +0000 (14:56 +0000)]
gentest: make testidl valgrind clean
Free the JSON string after use to avoid memory leak. With this change
testidl is valgrind clean.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Wed, 25 Feb 2015 14:56:00 +0000 (14:56 +0000)]
libxl: fix off-by-one error in JSON parser
We need a sentinel slot in the generated libxl_key_value_list.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Mon, 2 Mar 2015 15:54:57 +0000 (15:54 +0000)]
xen/arm: timer: Don't warn if the timer interrupts are high-level
The commit 61d6a84 "xen: arm: Warn if timer interrupts are not level
triggered" added a check to ensure the timer interrupts are level.
Although, the check is only done on low-level interrupts. This will
result to a strange warning on platform using high-level ("WARNING [..]
IRQ is not level triggered").
As high-level interrupt is valid, don't warn on both high-level and
low-level interrupt.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Mon, 2 Mar 2015 15:42:43 +0000 (15:42 +0000)]
xen/iommu: smmu: Advertise when the SMMU support coherent table walk
When SMMU doesn't support coherent table walk, Xen may need to clean
updated PT (see commit 4c5f4cb "xen/arm: p2m: Clean cache PT when the
IOMMU doesn't support coherent walk").
If one SMMU of the platform doesn't support coherent table walk, the
feature is disabled for the whole platform. This is because device is
assigned to a domain after the page table are populated.
This could impact performance on domain which doesn't use device
passthrough. But, as the spec strongly recommends the support of this
feature for mainstream platform, I expect server will always have SMMUs
supporting coherent table walk. If not, we may need to enable this feature
per-domain.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Mon, 2 Mar 2015 11:09:35 +0000 (11:09 +0000)]
xen: arm: Assume level triggered means high, not low.
When reading back the ICFG register we cannot know the polarity of the
configuration, just that it is level or edge.
Since falling edge and low level are invalid for SPIs we should assume
rising edge and high level (we have no better information for PPIs, so
it'll have to do).
We already assumed rising edge, switch to high level as well.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@linaro.org>
libxl_set_memory_target: retain the same maxmem offset on top of the current target
In libxl_set_memory_target when setting the new maxmem, retain the same
offset on top of the current target. In the future the offset will
include memory allocated by QEMU for rom files.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Mon, 2 Mar 2015 15:05:43 +0000 (15:05 +0000)]
stubdom: fix make clean and distclean on a freshly cloned tree
Clean and distclean targets need not depend on existence of the mini-os
tree. Don't check for mini-os and don't try to blindly include
mini-os's Config.mk when doing clean and distclean.
Note that one subtle issue is that $(XEN_ROOT)/Config.mk tries to
include $(XEN_ROOT)/config/$(XEN_OS).mk. In stubdom's case XEN_OS is
"MiniOS". Then $(XEN_ROOT)/config/MiniOS.mk tries to include mini-os's
Config.mk.
Since clean and distclean don't enforce existence of mini-os tree, don't
include $(XEN_ROOT)/Config.mk to avoid getting error due to the
aforementioned issue.
Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andrew Cooper [Mon, 2 Mar 2015 15:04:37 +0000 (15:04 +0000)]
tools/xenconsoled: Increase file descriptor limit
XenServer's VM density testing uncovered a regression when moving from
sysvinit to systemd where the file descriptor limit dropped from 4096 to
1024. (XenServer had previously inserted a ulimit statement into its
initscripts.)
One solution is to use LimitNOFILE=4096 in xenconsoled.service to match the
lost ulimit, but that is only a stopgap solution.
As Xenconsoled genuinely needs a large number of file descriptors if a large
number of domains are running, attempt to increase the limit.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Fri, 27 Feb 2015 15:22:30 +0000 (15:22 +0000)]
tools/pygrub: Add example from Ubuntu 14.04 LTS
(This grub.cfg does not work with Xen 4.4.1's pygrub, but does work
with the extra 4 patches which are in Xen 4.5.0.)
Contributed-by: Owen Dunn <osd1000@cam.ac.uk> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Owen Dunn <osd1000@cam.ac.uk> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Frediano Ziglio [Fri, 27 Feb 2015 14:08:06 +0000 (14:08 +0000)]
xen/arm: Handle translated addresses for hardware domains in GICv2
Translated addresses (in d->arch.vgic.{c,d}base) are bus addresses
which are not always correct in the context of a subnode in the DTB
exposed to domain 0 since they would then be subject to retranslation.
Copy the original addresses from DT directly to get the original
untranslated reg property which will give same d->arch.vgic.{c,d}base
values once translated again by the guest.
Signed-off-by: Frediano Ziglio <frediano.ziglio@huawei.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- attempt to clarify the commit message ]
freemem_slack accounts for the amount of memory to be left free in the
system because empirical experiments seem to demonstrate that is needed
for "stability reasons".
As we don't have any actual data on these stability issues, remove it.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> CC: mlatimer@suse.com CC: ian.campbell@citrix.com Acked-by: Mike Latimer <mlatimer@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Wed, 25 Feb 2015 18:52:59 +0000 (18:52 +0000)]
xen/iommu: smmu: Add Xen specific code to be able to use the driver
The main goal is to modify as little the Linux code to be able to port
easily new feature added in Linux repo for the driver.
To achieve that we:
- Add helpers to Linux function not implemented on Xen
- Add callbacks used by Xen to do our own stuff and call Linux ones
- Only modify when required the code which comes from Linux. If so a
comment has been added with /* Xen: ... */ explaining why it's
necessary.
The support for PCI has been commented because it's not yet supported by
Xen ARM and therefore won't compile.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- fix a couple of typos in comments ]
Julien Grall [Wed, 25 Feb 2015 18:52:56 +0000 (18:52 +0000)]
xen/iommu: Consolidate device assignment ops into a single set
On ARM, the way to assign device tree node is exactly the same as PCI.
Futhermore, all devices can be represented by a 'device_t'.
Therefore there is no need to add separate ops.
The x86 iommu drivers has not been modified to replace 'struct pci_dev'
by "device_t" because the latter is an alias of the former.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>\ Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Wed, 25 Feb 2015 18:52:55 +0000 (18:52 +0000)]
xen/arm: Introduce a generic way to describe device
Currently, Xen is supporting PCI and Platform device (based on Device Tree).
While Xen only supports Platform device on ARM, Xen will gain support of
PCI soon.
Some drivers, such as IOMMU drivers, may handle PCI and platform device in
the same way. Only few lines of code differs.
Rather than requesting to provide 2 set of functions (one for PCI and
one for platform device), introduce a generic structure "device" which
is embedded in each specialized device.
As x86 only supports PCI, introduce a new type device_t which will be an
alias to pci_dev for this architecture. It will avoid to add a new field
for this place.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> CC: Keir Fraser <keir@xen.org> CC: Andrew Cooper <andrew.cooper3@citrix.com>
Wei Liu [Fri, 30 Jan 2015 16:03:18 +0000 (16:03 +0000)]
Remove in-tree mini-os directory
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Fri, 30 Jan 2015 15:58:38 +0000 (15:58 +0000)]
build system: stubdom targets now depends on mini-os target
Provide mini-os url and revision in Config.mk
Make stubdom targets depend on mini-os-dir target. Make
subtree-force-update{,-all} depend on mini-os-dir-force-update.
Also make mktarball script generate mini-os archive.
Original mini-os directory is renamed to mini-os-intree to help reduce
patch length. That directory will be deleted in a separate patch.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
Changes in v3:
1. Put mini-os targets in main Makefile.
2. Stubdom clean and distclean don't depend on mini-os-dir.
Wei Liu [Thu, 29 Jan 2015 19:10:04 +0000 (19:10 +0000)]
Mini-OS: standalone build
In order to keep the tree bisectable all the changes are done in one
single commit.
Things done in this commit:
1. Import necessary .mk files from Xen.
2. Move all XEN_ related variables to MINIOS_ namespace.
3. Import Xen public header files.
4. Import BSD's list.h and helper script.
Mini-OS's vanilla Config.mk is modified to contain some macros copied
from Xen's Config.mk. It also contains compatibility handling logic for
Xen's stubdom build environment.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Wei Liu [Sun, 25 Jan 2015 16:30:21 +0000 (16:30 +0000)]
git-checkout.sh: use "mkdir -p"
Otherwise mkdir extras/mini-os fails because extras doesn't exist.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Tue, 24 Feb 2015 17:37:04 +0000 (17:37 +0000)]
stubdom: no need to clean mini-os
All objects are placed inside stubdom's directories, so there is no need
to enter mini-os and clean.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Sun, 25 Jan 2015 14:43:43 +0000 (14:43 +0000)]
stubdom: don't look for mini-os source file during configure
Don't look for mini-os source file during configure. Mini-os source code
will be fetched during build.
Instead look for xenstore-minios.cfg.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Jan Beulich [Fri, 27 Feb 2015 15:12:39 +0000 (16:12 +0100)]
x86/traps: consolidate PV RDMSR emulation paths
Settle on just using one variable (val), and move the other into
WRMSR's local scope. Chain up further success paths to the
rdmsr_writeback label rather than open coding them.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Fri, 27 Feb 2015 15:09:27 +0000 (16:09 +0100)]
complete conversion set_bit() -> __cpumask_set_cpu() by 4aaca0e9cd
While converting to __cpumask_set_cpu() was correct, the first argument
passed should have been corrected to be "cpu" instead of "nr" at once.
The wrong construct results in problems on systems with relatively few
CPUs.
Reported-by: Sander Eikelenboom <linux@eikelenboom.it> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citirx.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Thu, 26 Feb 2015 15:38:16 +0000 (15:38 +0000)]
Config.mk: update OVMF revision
Update OVMF revision to the latest tested commit.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Anthony Perard <anthony.perard@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Tim Deegan [Fri, 27 Feb 2015 09:46:34 +0000 (09:46 +0000)]
Automatically check xen's public headers for C++ pitfalls.
Add a check, like the existing check for non-ANSI C in the public
headers, that runs the public headers through a C++ compiler to
flag non-C++-friendly constructs.
Unlike the ANSI C check, we accept GCC-isms (gnu++98), and we also
check various tools-only headers.
Also tidy up the runes for these checks to be a bit more readable.
io/ring.h uses 'private' as a field name, which is a keyword in C++;
this patch doesn't change that. Instead the check works around it.
Reported-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Signed-off-by: Tim Deegan <tim@xen.org> Acked-by: Jan Beulich <JBeulich@suse.com> Tested-by: Don Slutz <dslutz@verizon.com>
Boris Ostrovsky [Thu, 26 Feb 2015 13:05:13 +0000 (14:05 +0100)]
x86/numa: allow arbitrary value of PXM in PXM<->node mapping
ACPI defines proximity domain identifier as a 32-bit integer. While
in most cases the values will be zero-based this is not guaranteed,
making current pxm2node[256] mapping structure not appropriate.
We will instead use MAX_NUMNODES-sized array of struct pxm2node to
store PXM-to-node mapping. To accommodate common case of zero-based
and contiguios PXMs we will, whenever possible, try to use PXM as
index into this array for fast lookups.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Use ARRAY_SIZE(pxm2node) instead of MAX_NUMNODES in bounds checks.
Rename struct pxm_to_node to struct pxm2node (the structure tag
aliasing with the array defined using it is better than it aliasing
with a function name).
Jan Beulich [Thu, 26 Feb 2015 13:00:21 +0000 (14:00 +0100)]
x86/Dom0: minor command line parsing adjustments
Remove a redundant statement from parse_dom0_mem() and refuse bogus
ranges (with a separator other than a dash) passed to
parse_dom0_max_vcpus(). Fix coding style issues in the latter function
at the same time.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Jan Beulich [Thu, 26 Feb 2015 12:58:54 +0000 (13:58 +0100)]
honor MEMF_no_refcount in alloc_heap_pages()
Non-anonymous allocations with this flag set should - for the purpose
of the availability check - be treated just like anonymous ones, as
they wouldn't lead to a reduction of ->outstanding_pages.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Tim Deegan <tim@xen.org>
Razvan Cojocaru [Thu, 26 Feb 2015 12:57:34 +0000 (13:57 +0100)]
minor modifications to platform.h to make it C++-friendly
Moved the definition of struct xenpf_efi_guid and struct
xenpf_efi_time to file scope to avoid compilation errors with C++
(structs defined inside unnamed structs become unavailable
outside their scope with C++). The change allows C++ applications
to use platform.h with no consequences for current C clients.
Julien Grall [Thu, 19 Feb 2015 18:12:04 +0000 (18:12 +0000)]
xen/arm: Automatically find a PPI for the DOM0 event channel interrupt
Use the new vgic interface to know which virtual PPI is free and use it
for the event channel code.
At the DOM0 creation time, Xen doesn't know which vIRQ will be free.
All the vIRQ will be reserved when we parse the device tree. So we can
allocate the vIRQ just after the device tree has been parsed.
It's safe to defer the allocation because no vIRQ can be injected as
long as the vCPU is not online.
As the device tree node "hypervisor" containing the description of the
event channel interrupt is created earlier, add a placeholder which will
be fix up once Xen has allocated the PPI.
Also correct the check in arch_domain_create to use is_hardware_domain.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Thu, 19 Feb 2015 18:12:03 +0000 (18:12 +0000)]
xen/arm: vgic: Keep track of vIRQ used by a domain
While it's easy to know which hardware IRQ is assigned to a domain, there
is no way to know which vIRQ is allocated by Xen for a specific domain.
Introduce a bitmap to keep track of every vIRQ used by a domain. This
will be used later to find free vIRQ for interrupt device assignment and
emulated interrupt.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Thu, 19 Feb 2015 15:24:03 +0000 (15:24 +0000)]
xen: arm: Warn if timer interrupts are not level triggered
Edge trigger arch timer interrupts really don't make much sense, so if
we discover we are booting on such a system issue a warning.
So far this has only been seen on the fast model emulators which have
both an incorrect DT description of the interrupt and a writeable
ICFGR allowing us to program the incorrect configuration. Other
platforms have incorrect DT descriptions (warned about by previous
patch) but the corresponding ICFGR isn't actually writeable so the
eventual configuration is level as desired.
I did consider overriding the incorrect DT on such systems but since
so far it has only been observed on emulators and we have code in
place to deal with edge triggering here I think warning is sufficient
for now.
Ian Campbell [Thu, 19 Feb 2015 15:24:02 +0000 (15:24 +0000)]
xen: arm: log warning for interrupt configuration mismatch
The ICFGR register is not necessarily writeable, in particular it is
IMPLEMENTATION DEFINED for a PPI if the configuration register is
writeable. Log a warning if the hardware has ignored our write and
update the actual type in the irq descriptor so subsequent code can do
the right thing.
This most likely implies a buggy firmware description (e.g.
device-tree).
The issue is observed for example on the APM Mustang board where the
device tree (as shipped by Linux) describes all 3 timer interrupts as
rising edge but the PPI is hard-coded to level triggered (as makes
sense for an arch timer interrupt).
Olaf Hering [Tue, 3 Feb 2015 11:45:36 +0000 (12:45 +0100)]
etherboot: [build] sort objects in blib.a
When building hvmloader for Xen tools the ipxe objects are also linked
into the binary. Unfortunately the linker will place them in the order
found in the archive. Since this order is random the resulting hvmloader
binary differs when it was built from identical sources but on different
build hosts. To help with creating a reproducible binary the elements in
blib.a must simply be sorted before passing them to $(AR).
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Olaf Hering [Tue, 3 Feb 2015 11:45:35 +0000 (12:45 +0100)]
docs: create reproducible html
The Makefile uses wildcard to collect a list of files. The resulting
list of files is in directory order, which is random. As a result the
generated html files will differ when build on different hosts.
Use the built-in sort function to get a stable list of files.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ross Lagerwall [Tue, 24 Feb 2015 08:05:50 +0000 (08:05 +0000)]
tools/hotplug: systemd: Don't ever kill xenstored
Don't kill xenstored as part of the usual service shutdown process to
prevent hangs on shutdown where the kernel tries to unplug a VIF
after xenstored has exited.
In an ideal case with all guests cooperating, xendomains will have shut
down all guests before xenstored is killed.
However in the uncooperative case, malicious or crashed guests may still
be running after xendomains has exited and this should not block the
shutdown/reboot of dom0.
Xenstored has no state to sync to disk, and never used to be killed in
the sysvinit case; observe the warning in xencommons. Our testing has
shown regressions caused by the change in behaviour between sysvinit and
systemd when it comes to killing xenstored.
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
[ ijc -- added systemd to title ]
Andrew Cooper [Thu, 12 Feb 2015 20:08:33 +0000 (20:08 +0000)]
tools/Coverity: Audit of MISSING_BREAK defects
Coverity uses several heuristics to identify when one case statement
legitimately falls through into the next, and a comment as the final item in a
case statement is one heuristic (the assumption being that it is a
justification for the fallthrough).
Use this to perform an audit of defects and hide the legitimate fallthroughs.
There are two bugfixes identified in the audit, both minor:
* 'n' command line handling for gtracestat
* BKSPC handling in xentop
All other identified defaults are legitimate fallthoughs
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Coverity-IDs: 1055464, 1055465, 1055467, 1055468, 1055481, 1055482 CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Xen Coverity Team <coverity@xen.org> Acked-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Don Koch <dkoch@verizon.com>
projects / people / gdunlap / xen.git / log