Jan Beulich [Mon, 30 Jun 2014 14:01:03 +0000 (16:01 +0200)]
x86: move alternative.c data fully into .init.*
This wasn't done upon the initial addition of the file since the
section processing needs some adjustment for this: We can't mark the
two arrays needing relocations as either __initdata or __initconst, as
both have the potential of creating section conflicts (with -fPIC the
compiler may want to mark the section writable due to the necessary
relocations, colliding with other __initconst uses, and if the compiler
chooses to use the provided section name, __initdata on a constant
object might collide with other __initdata uses). However, local data
known to be referenced only by init code/data can also safely be moved
into .init.*. Hence the respective logic is being tweaked such that it
won't complain on non-empty .*.local sections.
While at it also drop the non-local section names from
SPECIAL_DATA_SECTIONS - they can't be safely converted.
Jan Beulich [Mon, 30 Jun 2014 13:57:40 +0000 (15:57 +0200)]
VT-d/ATS: correct and clean up dev_invalidate_iotlb()
While this was intended to only do cleanup (replace the two bogus
"ret |= " constructs, and a simple formatting correction), this now
also
- fixes the bit manipulations for size_order > 0
a) correct an off-by-one in the use of size_order for shifting (till
now double the requested size got invalidated)
b) in fact setting bit 12 and up if necessary (without which too
small a region might have got invalidated)
c) making them capable of dealing with regions of 4Gb size and up
- corrects the return value handling, such that a later iteration's
success won't clear an earlier iteration's error indication
- uses PCI_BDF2() instead of open coding it
- bail immediately on bad passed in invalidation type, rather than
repeatedly printing the same message for each ATS-capable device, at
once also no longer hiding that failure from the caller
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Yang Zhang <yang.z.zhang@intel.com>
David Vrabel [Fri, 27 Jun 2014 13:57:52 +0000 (14:57 +0100)]
xl: generate a new random VM generation ID if requested
If the "generation_id" option is set in the domain configuration,
generate and set a new random VM generation ID every time a domain is
created or restored.
xl lacks the infrastructure to fully track the lifecycle of VM images
as they are snapshotted and cloned (etc) so always using a new ID is
the safe option and ensures that a new one will be used where it matters.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
David Vrabel [Fri, 27 Jun 2014 13:57:51 +0000 (14:57 +0100)]
libxl: allow a generation ID to be specified at domain creation
Toolstacks may specify a VM generation ID using the u.hvm.ms_vm_genid
field in the libxl_domain_build_info structure, when creating a
domain.
The toolstack is responsible for providing the correct generation ID
according to the Microsoft specification (e.g., generating new random
ones with libxl_ms_vm_genid_generate() as appropriate when restoring).
Although the specification requires that a ACPI Notify event is raised
if the generation ID is changed, the generation ID is never changed
when the domain is in a state to receive such an event (it's either
newly created or suspended).
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Cc: David Scott <dave.scott@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Vijaya Kumar K [Thu, 26 Jun 2014 05:33:53 +0000 (11:03 +0530)]
xen/arm: move io.h as mmio.h to include folder
io.h is local to arch/arm folder. move this file as mmio.h
file to include/asm-arm folder as it might be
required for inclusion in other header files in future.
Signed-off-by: Vijaya Kumar K <Vijaya.Kumar@caviumnetworks.com> Acked-by: Julien Grall <julien.grall@linaro.org> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Thu, 19 Jun 2014 16:32:48 +0000 (18:32 +0200)]
libxc: fix printf formatting error surfaced by 66f8c6
The privcmd hypercall op and arguments on BSDs are unsigned long, so
use the proper printf format especifiers.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Thu, 19 Jun 2014 16:32:47 +0000 (18:32 +0200)]
libxl: remove the gate that only allows block or regular backing images
On FreeBSD ZVOLs/disks/partitions are char devices, so libxl must
allow it's usage. This is already taken care in the OS-specific bits
of libxl by libxl__try_phy_backend, so remove the generic gate.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Thu, 19 Jun 2014 16:32:45 +0000 (18:32 +0200)]
configure: make the libaio test conditional on blktap{1, 2}
libaio is only required for blktap{1,2}, so make the check conditional
on whether the user has requested blktap{1,2} or not.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- reran autogen.sh ]
Roger Pau Monne [Thu, 19 Jun 2014 16:32:44 +0000 (18:32 +0200)]
configure: set blktap2 availability on configure
blktap2 will be enabled by default on Linux systems only, also give
the oportunity to disable it from configure.
Remove the gate in the Makefile that only allows enabling blktap{1,2}
on Linux, since this is now done in a more flexible way on configure.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- reran autogen.sh ]
Julien Grall [Thu, 19 Jun 2014 14:09:49 +0000 (15:09 +0100)]
xen/arm: Add some useful debug in coprocessor trapping
XSA-93 adds a couple of new functions to trap coprocessor registers. They
unconditionally inject an undefined instruction to guest.
When debugging an OS at early stage, it may be hard to know why the guest
received an UNDEFINED. Add some debug message to help the developer when Xen
is built in debug mode.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Thu, 19 Jun 2014 14:02:16 +0000 (15:02 +0100)]
xen/arm: Init traps very early
The function init_traps sets up the handler taken when Xen hits a
BUG_ON/ASSERT.
If an error happen before init_traps is called, we lose the backtrace.
When a trap is taken from HYP mode, we need to:
- get the processor ID, percpu has to be initialized and the
smp_processor_id correctly set.
- initialize current, even though it's not used for the time being. Move
the debug sanity earlier.
Andrew Cooper [Wed, 18 Jun 2014 17:18:37 +0000 (18:18 +0100)]
tools/libxc: Improve the *_FIELD() macros
The {GET,SET,MEMCPY,MEMSET_ARRAY}_FIELD() macros previously required
'dinfo->guest_width' to exist in scope, which is somewhat antisocial, and
makes them awkward to use in other contexts.
Update these macros to take guest width as a parameter, and in all cases pass
dinfo->guest_width.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
David Vrabel [Wed, 18 Jun 2014 16:12:54 +0000 (17:12 +0100)]
libxc, libxl, hvmloader: strip out outdated VM generation ID implementation
The VM generation ID support in libxc/libxl was based on a draft
specification which subsequently changed considerably. Remove much of
the code in anticipation of introducing something simpler that
conforms to the current specification from Microsoft.
Switch to using a HVM param (HVM_PARAM_VM_GENERATION_ID_ADDR) instead
of the hvmloader/generation-id-address XenStore key. This simplifies
save/restore since it only needs to transfer the value of this param.
There are no changes to the migration stream format or the public
libxl API.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- updated xc_nomigrate.c for interface change ]
David Vrabel [Wed, 18 Jun 2014 16:12:53 +0000 (17:12 +0100)]
hvm: add HVM_PARAM_VM_GENERATION_ID_ADDR
HVM_PARAM_VM_GENERATION_ID_ADDR is the guest physical address of the
VM Generation ID. This parameter will be written by hvmloader and read
by the toolstack when updating the gen. ID (e.g., after restoring from a
snapshot).
A HVM parameter is easier for the save/restore code to work with (than
a XenStore key).
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com>
David Vrabel [Wed, 18 Jun 2014 16:12:52 +0000 (17:12 +0100)]
hvmloader: add helper functions to get/set HVM params
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
David Vrabel [Wed, 18 Jun 2014 16:12:50 +0000 (17:12 +0100)]
libxc: add xc_hvm_param_get/set() to get/set 64-bit values
HVMOP_get_param and HVMOP_set_param take a uint32_t for the parameter
index and a uint64_t for the value. So add xc_hvm_param_get() and
xc_hvm_param_set() that take the same types.
The existing xc_get_hvm_param() and xc_set_hvm_param() are retained
for compatibility but are deprecated.
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- dropped one hunk against xen-access.c which didn't apply due to
intervening changes ]
Karim Raslan [Thu, 26 Jun 2014 11:28:25 +0000 (12:28 +0100)]
mini-os: added arch_init_gnttab
Moves some x86-specific code into arch/x86.
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com>
[talex5@gmail.com: split into multiple patches] Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Karim Raslan [Thu, 26 Jun 2014 11:28:23 +0000 (12:28 +0100)]
mini-os: switched initial C entry point to arch_init
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com>
[talex5@gmail.com: separated from big ARM commit]
[talex5@gmail.com: restored comment, moved prototypes to headers] Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[talex5@gmail.com: restored stack address printk on x86]
[talex5@gmail.com: moved first printk's after start_info setup on x86] Signed-off-by: Thomas Leonard <talex5@gmail.com>
Thomas Leonard [Thu, 26 Jun 2014 11:28:22 +0000 (12:28 +0100)]
mini-os: made off_t type signed
POSIX requires this.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Thu, 26 Jun 2014 11:28:21 +0000 (12:28 +0100)]
mini-os: use unbind_evtchn in unbind_all_ports
This marks the channel as closed, in case someone tries to use it again.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Thu, 26 Jun 2014 11:28:20 +0000 (12:28 +0100)]
mini-os: fixed format string error in unbind_evtchn
Would crash if HYPERVISOR_event_channel_op returned an error code.
The other changes in this commit are just fixing indentation.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.cammpbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Thu, 26 Jun 2014 11:28:19 +0000 (12:28 +0100)]
mini-os: fixed shutdown thread
Before, it read "" and started a shutdown immediately. Now, it waits for
a non-empty value and then actually shuts down.
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[talex5@gmail.com: avoid declaration-after-statement in kernel.c] Signed-off-by: Thomas Leonard <talex5@gmail.com>
Thomas Leonard [Thu, 26 Jun 2014 11:28:18 +0000 (12:28 +0100)]
mini-os: build fixes
Make .o rules depend on the includes. Before, only the final link step
depended on setting up the includes directory, making parallel builds
unreliable.
Make symlinks use explicit make rules instead of using a phony target.
Avoids unnecessary rebuilds.
[talex5@gmail.com: bring back "make links", for stubdom] Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Wei Liu [Fri, 20 Jun 2014 16:19:37 +0000 (18:19 +0200)]
libxl/xl: push VCPU affinity pinning down to libxl
This patch introduces an array of libxl_bitmap called "vcpu_hard_affinity"
in libxl IDL to preserve VCPU to PCPU mapping. This is necessary for libxl
to preserve all information to construct a domain.
The array accommodates at most max_vcpus elements, each containing the
affinity of the respective VCPU. If less than max_vcpus bitmaps are
present, the VCPUs associated to the missing elements will just stay with
their default affinity (they'll be free to execute on every PCPU).
In case both this new field, and the already existing cpumap field are
used, the content of the array will override what's set in cpumap. (In
xl, we make sure that this never happens in xl, by using only one of the
two at any given time.)
The proper macro to mark the API change (called
LIBXL_HAVE_BUILDINFO_VCPU_AFFINITY_ARRAYS) is added but it is commented.
It will be uncommented by the patch in the series that completes the
process, by adding the "vcpu_soft_affinity" array. This is because, after
all, these two fields are being added sort-of together, and are very
very similar, in both meaning and usage, so it makes sense for them to
share the same marker.
This patch was originally part of Wei's series about pushing as much
information as possible on domain configuration in libxl, rather than
xl. See here, for more details:
http://lists.xen.org/archives/html/xen-devel/2014-06/msg01026.html
http://lists.xen.org/archives/html/xen-devel/2014-06/msg01031.html
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Dario Faggioli [Fri, 20 Jun 2014 16:19:29 +0000 (18:19 +0200)]
libxl: Change default for b_info->{cpu, node}map to "not allocated"
by avoiding allocating them in libxl__domain_build_info_setdefault.
In fact, back in 7e449837 ("libxl: provide _init and _setdefault for
libxl_domain_build_info") and a5d30c23 ("libxl: allow for explicitly
specifying node-affinity"), it was decided that the default for these
fields was for them to be allocated and filled.
That is now causing problem, whenever we have to figure out whether
the caller is using or not one of those fields. In fact, when we see
a full bitmap, is it just the default value, or is the user that
wants it that way?
Since that kind of knowledge has become important, change the default
to be "bitmap not allocated". It then becomes easy to know whether a
libxl caller is using one of the fields, just by checking whether the
bitmap is actually there with a non-zero size.
This is very important for the following patches introducing new ways
of specifying hard and soft affinity. It also allows us to improve
the checks around NUMA automatic placement, during domain creation
(and that bit is done in this very patch).
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Dario Faggioli [Fri, 20 Jun 2014 16:19:12 +0000 (18:19 +0200)]
libxl: get and set soft affinity
Make space a new cpumap in vcpu_info, called cpumap_soft,
for retrieving soft affinity, and amend the relevant API
accordingly.
libxl_set_vcpuaffinity() now takes two cpumaps, one for hard
and one for soft affinity (LIBXL_API_VERSION is exploited to
retain source level backword compatibility). Either of the
two cpumap can be NULL, in which case, only the affinity
corresponding to the non-NULL cpumap will be affected.
Getting soft affinity happens indirectly (see, e.g.,
`xl vcpu-list'), as it is already for hard affinity).
This commit also introduces some logic to check whether the
affinity which will be used by Xen to schedule the vCPU(s)
does actually match with the cpumaps provided. In fact, we
want to allow every possible combination of hard and soft
affinity to be set, but we warn the user upon particularly
weird situations (e.g., hard and soft being disjoint sets
of pCPUs).
This very change also update the error handling for calls
to libxl_set_vcpuaffinity() in xl, as that can now be any
libxl error code, not just only -1.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Reviewed-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Dario Faggioli [Fri, 20 Jun 2014 16:19:01 +0000 (18:19 +0200)]
libxc: get and set soft and hard affinity
by using the flag and the new cpumap arguments introduced in
the parameters of the DOMCTL_{get,set}_vcpuaffinity hypercalls.
Now, both xc_vcpu_setaffinity() and xc_vcpu_getaffinity() have
a new flag parameter, to specify whether the user wants to
set/get hard affinity, soft affinity or both. They also have
two cpumap parameters instead of only one. This way, it is
possible to set/get both hard and soft affinity at the same
time (and, in case of set, each one to its own value).
In xc_vcpu_setaffinity(), the cpumaps are IN/OUT parameters,
as it is for the corresponding arguments of the
DOMCTL_set_vcpuaffinity hypercall. What Xen puts there is the
hard and soft effective affinity, that is what Xen will actually
use for scheduling.
In-tree callers are also fixed to cope with the new interface.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Thu, 26 Jun 2014 08:53:42 +0000 (09:53 +0100)]
xen: arm: take FIQ exceptions to Xen not guest by setting HCR_EL2.FMO
As with HCR_EL2.{IMO,AMO} we want to route FIQs to Xen not the guest. See ARM
ARM DDI 0406C.b B1.8.4.
So far none of the platforms which we support use FIQ for anything, but when we
end up supporting one it would be far better to surprise Xen with them than
whatever guest happens to be running...
Jan Beulich [Wed, 25 Jun 2014 12:42:15 +0000 (14:42 +0200)]
VT-d/qinval: eliminate redundant locking
The qinval-specific lock would only ever get used with the IOMMU's
register lock already held. Along with dropping the lock also drop
another unused field from struct qi_ctrl.
Furthermore the gen_*_dsc() helpers become pretty pointless with the
lock dropped - being each used only in a single place, simply fold
them into their callers.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
Jan Beulich [Wed, 25 Jun 2014 12:40:34 +0000 (14:40 +0200)]
x86/HVM: consolidate and sanitize CR4 guest reserved bit determination
First of all, this is needed by just a single source file, so it gets
moved there instead of getting fed to the compiler for most other
source files too. With that it becomes sensible for this to no longer
be a macro, allowing elimination of the mostly redundant helpers
hvm_vcpu_has_{smep,smap}(). And finally, following the model SMEP and
SMAP already used, tie the determination of reserved bits to the
features the guest is shown rather than the host's.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Wed, 18 Jun 2014 18:04:14 +0000 (19:04 +0100)]
tools/libxl: Fix free() of wild pointer in libxl__initiate_device_remove()
libxl__initiate_device_remove() had a preexisting error path issue where
libxl_dominfo_dispose() could be called on a libxl_dominfo object before it
had been initialised with libxl_dominfo_init().
This was safe until c/s ab44401 added the pointer ssid_label, which point
libxl_dominfo_dispose() free()s.
Unconditionally initialise info in libxl__initiate_device_remove() before
taking an error path which will free it.
Coverity-ID: 1223212 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
Andrew Cooper [Wed, 18 Jun 2014 17:44:44 +0000 (18:44 +0100)]
tools/libxc: Fix missing break in xc_domain_bind_pt_irq()
c/s 568da4f8 "pt-irq fixes and improvements" accidentally forgot a break when
refactoring xc_domain_bind_pt_irq() which results in bind->u.pci.bus being
clobbered by isa_irq for PCI and MSI_TRANSLATE interrupts.
Coverity-ID: 1223210 Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Jan Beulich <JBeulich@suse.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
Dario Faggioli [Fri, 20 Jun 2014 14:09:00 +0000 (16:09 +0200)]
blktap2: Fix two 'maybe uninitialized' variables
for which gcc 4.9.0 complains about, like this:
block-qcow.c: In function `get_cluster_offset':
block-qcow.c:431:3: error: `tmp_ptr' may be used uninitialized in this function
[-Werror=maybe-uninitialized]
memcpy(tmp_ptr, l1_ptr, 4096);
^
block-qcow.c:606:7: error: `tmp_ptr2' may be used uninitialized in this
function [-Werror=maybe-uninitialized]
if (write(s->fd, tmp_ptr2, 4096) != 4096) {
^
cc1: all warnings being treated as errors
/home/dario/Sources/xen/xen/xen.git/tools/blktap2/drivers/../../../tools/Rules.mk:89:
recipe for target 'block-qcow.o' failed
make[5]: *** [block-qcow.o] Error 1
The proper behavior is to return upon allocation failure.
About what to return, 0 seems the best option, looking
at both the function and the call sites.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Yang Hongyang [Fri, 20 Jun 2014 06:59:34 +0000 (14:59 +0800)]
libxl: Rewind toolstack_save_fd in libxl_save_helper when using remus
Commit b327a3f421bb57d262b7d1fb3c43b710852b103b moved the rewinding of
toolstack_save_fd to libxl. This breaks remus, because in remus mode,
toolstack_save_cb will be called in every checkpoint, and if we don't
rewind it in libxl_save_helper, it will surely fail.
This fix is just a hack: in fact the whole toolstack save thing should
be done in libxl. But for now (until migration v2) this fix should
solve both remus and Jason Adryuk's use case.
Signed-off-by: Yang Hongyang <yanghy@cn.fujitsu.com> Tested-by: Jason Andryuk <andryuk@aero.org> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Julien Grall [Mon, 23 Jun 2014 13:27:58 +0000 (14:27 +0100)]
libxc: Fix xc_mem_event.c compilation for ARM
The commit 6ae2df9 "mem_access: Add helper API to setup ring and enable
mem_access¨ break libxc compilation for ARM.
This is because xc_map_foreign_map and xc_domain_decrease_reservation_exact
is taking an xen_pfn_t in parameters. On ARM, xen_pfn_t is always an uin64_t.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Cc: Aravindh Puthiyaparambil <aravindp@cisco.com> Cc: Jan Beulich <jbeulich@suse.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
mem_access: Add helper API to setup ring and enable mem_access
tools/libxc: Add helper function to setup ring for mem events
This patch adds a helper function that maps the ring, enables mem_event
and removes the ring from the guest physmap while the domain is paused.
This can be used by all mem_events but is only enabled for mem_access at
the moment.
tests/xen-access: Use helper API to setup ring and enable mem_access
Prior to this patch, xen-access was setting up the ring page in a way
that would give a malicous guest a window to write in to the shared ring
page. This patch fixes this by using the helper API that does it safely
on behalf of xen-access.
This is XSA-99.
Signed-off-by: Aravindh Puthiyaparambil <aravindp@cisco.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Fri, 20 Jun 2014 12:47:55 +0000 (14:47 +0200)]
VT-d/qinval: clean up error handling
- neither qinval_update_qtail() nor qinval_next_index() can fail: make
the former return "void", and drop caller error checks for the latter
(all of which would otherwise return with a spin lock still held)
- or-ing together error codes is a bad idea
At once drop bogus initializers.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Yang Zhang <yang.z.zhang@intel.com>
Roger Pau Monné [Fri, 20 Jun 2014 08:38:07 +0000 (10:38 +0200)]
x86/PVH: allow guest_remove_page to remove p2m_mmio_direct pages
IF a guest tries to do a foreign/grant mapping in a memory region
marked as p2m_mmio_direct Xen will complain with the following
message:
(XEN) memory.c:241:d0v0 Bad page free for domain 0
Albeit the mapping will succeed. This is specially problematic for PVH
Dom0, in which we map all the e820 holes and memory up to 4GB as
p2m_mmio_direct.
In order to deal with it, add a special casing for p2m_mmio_direct
regions in guest_remove_page if the domain is a hardware domain, that
calls clear_mmio_p2m_entry in order to remove the mappings.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Tim Deegan <tim@xen.org>
Jan Beulich [Fri, 20 Jun 2014 08:26:37 +0000 (10:26 +0200)]
VT-d: drop redundant calls to invalidate_sync()
The call tree iommu_flush_iec_index() -> __iommu_flush_iec() already
invokes invalidate_sync(). Removing the superfluous instances at once
allows the function to become static.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Yang Zhang <yang.z.zhang@intel.com>
Roger Pau Monne [Mon, 2 Jun 2014 15:08:23 +0000 (17:08 +0200)]
build: export linker emulation parameter to SeaBIOS
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Mon, 2 Jun 2014 15:08:22 +0000 (17:08 +0200)]
hvmloader: remove size_t typedef and include stddef.h
The open coded typedef of size_t was clashing with the typedef in
FreeBSD headers. Remove the typedef and include the proper header
where size_t is defined (stddef.h).
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Mon, 2 Jun 2014 15:08:20 +0000 (17:08 +0200)]
libxl: only include utmp.h if it's present
Add a configure check for utmp.h presence, and gate the usage of
utmp.h in libxl to the result of the test.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- resolved minor conflict in configure.ac and reran autogen ]
Roger Pau Monne [Mon, 2 Jun 2014 15:08:14 +0000 (17:08 +0200)]
xenstored: add FreeBSD xenstored device paths
Add the path to FreeBSD special xenstored device, this is all that's
needed to get xenstored working on FreeBSD after the unification of
the implementations.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Mon, 2 Jun 2014 15:08:12 +0000 (17:08 +0200)]
libxc: remove broken endianess gate on lz4 decompressor
The lz4 decompressor had wrongly implemented a gate between
little-endian and big-endian versions of get_unaligned_le{16/32},
which turns out to be broken on all architectures supported by Xen,
because __LITTLE_ENDIAN is not defined. Instead of trying to fix
this, just implement the little-endian version and remove the switch.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Mon, 2 Jun 2014 15:08:11 +0000 (17:08 +0200)]
libxc: add support for FreeBSD
Add the FreeBSD implementation of the privcmd and evtchn devices
interface.
The evtchn device interface is the same as the Linux one, while the
privcmd map interface is simplified because FreeBSD only supports
IOCTL_PRIVCMD_MMAPBATCH.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Mon, 2 Jun 2014 15:08:10 +0000 (17:08 +0200)]
include: import FreeBSD headers for evtchn and privcmd devices
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com>
Roger Pau Monne [Mon, 2 Jun 2014 15:08:09 +0000 (17:08 +0200)]
configure: disable ROMBIOS if qemu-trad is disabled
ROMBIOS only works with qemu-traditional, so if it is disabled,
disable ROMBIOS also.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- ran autogen.sh ]
Roger Pau Monne [Mon, 2 Jun 2014 15:08:08 +0000 (17:08 +0200)]
configure: disable qemu-trad on FreeBSD systems by default
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Cc: Ian Jackson <Ian.Jackson@eu.citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc -- ran autogen.sh ]
Fabio Fantoni [Tue, 27 May 2014 15:01:39 +0000 (17:01 +0200)]
libxl: disable usbredirection if spice is disabled
Now if usbredirection is enabled in domU's xl cfg is added also
if spice is disabled and then usbredirection remain unused.
This patch if usbredirection is enabled but spice not disable
usbredirection and show a warning.
Andrew Cooper [Wed, 18 Jun 2014 12:57:58 +0000 (13:57 +0100)]
tools/libxc: rename pfn_to_mfn to xc_pfn_to_mfn
Also refactor the contents of xc_pfn_to_mfn(). It is functionally identical,
but contains less lisp, fewer magic numbers, and more description of why 32bit
guests are treated differently.
Note that this does not affect pfn_to_mfn() in xc_domain_save.c That was
already a macro which aliased pfn_to_mfn() in xg_private.h but without
actually using it.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Introduce vgic_rank_irq: a new helper function that gives you the struct
vgic_irq_rank corresponding to a given irq number.
Use it in vgic_vcpu_inject_irq.
Andrew Cooper [Wed, 11 Jun 2014 18:31:55 +0000 (19:31 +0100)]
tools/pygrub: Fix extlinux when /boot is a separate partition from /
Grub and Grub2 already cope with this.
Reported-by: Joseph Hom <jhom@softlayer.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Tue, 17 Jun 2014 09:32:21 +0000 (10:32 +0100)]
xl / libxl: push parsing of SSID and CPU pool ID down to libxl
This patch pushes parsing of "init_seclabel", "seclabel",
"device_model_stubdomain_seclabel" and "pool" down to libxl level.
Originally the parsing is done in xl level, which is not ideal because
libxl won't have the truely relevant information. With this patch libxl
holds important information by itself.
The libxl IDL is extended to hold the string of labels and pool name.
And if there those strings are present they take precedence over the
numeric representations.
As all relevant structures (libxl_dominfo etc) have a field called
X_name / X_label now, a string is also copied there so that callers
won't have to do ID to name / label translation.
In order to be compatible with users of older versions of libxl, this
patch also defines LIBXL_HAVE_SSID_LABEL and LIBXL_HAVE_CPUPOOL_NAME. If
they are defined, the respective strings are available. And if those
strings are not NULL, libxl will do the parsing and ignore the numeric
values.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Dario Faggioli <dario.faggioli@citrix.com> Cc: Juergen Gross <jgross@suse.com> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Tue, 17 Jun 2014 20:44:28 +0000 (21:44 +0100)]
xen/arm: Panic when we receive an unexpected trap
The current implementation of do_unexpected_trap make Xen spin forever
on the current physical CPU. This may lead to stall guests VCPU and print
unhelpful message (RCU stall...).
Usually when Xen receives an unexpected trap, it means that something goes
wrong either in the hypervisor or in the CPU. In this case we should
directly panic to also stop the other CPUs.
Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Andrew Cooper [Tue, 17 Jun 2014 17:26:18 +0000 (18:26 +0100)]
tools/python: Remove some legacy scripts
Nothing in scripts/ is referenced by the current Xen build system. It is a
legacy version of the XenAPI bindings, other parts of which have already been
removed from the tree.
Additionally, prevent the install target from creating an $(SBINDIR) directory
but putting nothing in it. This appears to be something missed when removing
Xend.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Jan Beulich [Wed, 18 Jun 2014 13:53:27 +0000 (15:53 +0200)]
x86/EFI: allow FPU/XMM use in runtime service functions
UEFI spec update 2.4B developed a requirement to enter runtime service
functions with CR0.TS (and CR0.EM) clear, thus making feasible the
already previously stated permission for these functions to use some of
the XMM registers. Enforce this requirement (along with the connected
ones on FPU control word and MXCSR) by going through a full FPU save
cycle (if the FPU was dirty) in efi_rs_enter() (along with loading the
specified values into the other two registers).
Note that the UEFI spec mandates that extension registers other than
XMM ones (for our purposes all that get restored eagerly) are preserved
across runtime function calls, hence there's nothing we need to restore
in efi_rs_leave() (they do get saved, but just for simplicity's sake).
Roger Pau Monné [Wed, 18 Jun 2014 13:52:25 +0000 (15:52 +0200)]
x86: prevent PVH Dom0 from having pages with more than one ref
On PV guests a reference is taken when a page gets added to the page
tables, which makes pages added to the page tables have two
references, but this is not suitable for PVH that doesn't use the
PVMMU. In the PVH case only one reference has to be taken or else the
page would not be freed when the memory of the domain is decreased.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Wed, 18 Jun 2014 13:51:28 +0000 (15:51 +0200)]
x86/mce: sanitise the #MC entry path
The 'error_code' function parameters are not used at all; drop it from the
call chain. If it is needed at some point in the future, it is available via
cpu_user_regs.
Having do_machine_check() call the non-inlineable machine_check_vector() just
to get at the static function pointer '_machine_check_vector' is silly. Move
do_machine_check() from traps.c to mce.c and do away with
machine_check_vector() entirely.
Both {intel,amd}_init_mce() register their own local function as the #MC
handler, each of which call mcheck_cmn_handler() in an identical way. Fix
this craziness by actually turning mcheck_cmn_handler() into a valid #MC
handler (as its comments already state), and have {intel,amd}_init_mce()
register it instead of their own private handlers.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Christoph Egger <chegger@amazon.de>
Malcolm Crossley [Wed, 18 Jun 2014 13:50:02 +0000 (15:50 +0200)]
IOMMU: prevent VT-d device IOTLB operations on wrong IOMMU
PCIe ATS allows for devices to contain IOTLBs, the VT-d code was iterating
around all ATS capable devices and issuing IOTLB operations for all IOMMUs,
even though each ATS device is only accessible via one particular IOMMU.
Issuing an IOMMU operation to a device not accessible via that IOMMU results
in an IOMMU timeout because the device does not reply. VT-d IOMMU timeouts
result in a Xen panic.
Therefore this bug prevents any Intel system with 2 or more ATS enabled IOMMUs,
each with an ATS device connected to them, from booting Xen.
The patch adds a IOMMU pointer to the ATS device struct so the VT-d code can
ensure it does not issue IOMMU ATS operations on the wrong IOMMU. A void
pointer has to be used because AMD and Intel IOMMU implementations do not have
a common IOMMU structure or indexing mechanism.
Signed-off-by: Malcolm Crossley <malcolm.crossley@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/arm: gic_events_need_delivery and irq priorities
Introduce GIC_IRQ_GUEST_ACTIVE to track which irqs are currently
active in the guest.
gic_events_need_delivery should only return positive if an outstanding
pending irq has an higher group priority than the currently active group
priotity and the priority mask.
Read GICH_APR to find the active group priority.
Read GICH_VMCR to find the priority mask.
Find the highest priority non-active enabled irq by going through the
inflight list.
In gic_restore_pending_irqs replace lower priority pending (and not
active) irqs in GICH_LRs with higher priority irqs if no more GICH_LRs
are available.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
GICH_LR registers and GICH_VMCR only support 5 bits for guest irq
priorities.
Introduce a macro to reduce the 8-bit priority fields to 5 bits; use it
in gic.c.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: don't protect GICH and lr_queue accesses with gic.lock
GICH is banked, protect accesses by disabling interrupts.
Protect lr_queue accesses with the vgic.lock only.
gic.lock only protects accesses to GICD now.
projects / xen.git / log