George Dunlap [Mon, 6 Jul 2015 10:51:39 +0000 (11:51 +0100)]
libxl: Remove linux udev rules
They are no longer needed, having been replaced by a daemon for
driverdomains which will run scripts as necessary.
Worse yet, they seem to be broken for script-based block devices, such
as block-iscsi. This wouldn't matter so much if they were never run
by default; but if you run block-attach without having created a
domain, then the appropriate node to disable running udev scripts will
not have been written yet, and the attach will silently fail.
Rather than try to sort out that issue, just remove them entirely.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
George Dunlap [Mon, 6 Jul 2015 10:51:38 +0000 (11:51 +0100)]
libxl: Make local_initiate_attach more rational
There are a lot of paths through
libxl__device_disk_local_initiate_attach(), but they all really boil
down to one thing: Can we just access the file directly, or do we need
to attach it?
The requirements for direct access are fairly simple:
* Is this local (as opposed to a driver domain)?
* Is this a raw format (as opposed to cooked)?
* Does this have no scripts associated with it?
If it meets all those requirements, we can access it directly;
otherwise we need to attach it.
This fixes a bug where bootloader execution fails for disks with
hotplug scripts.
This should fix a theoretical bug when using a qdisk backend in a
driver domain. (Not tested.)
Based on a patch by Roger Pau Monne <roger.pau@citrix.com>.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Wei Liu [Mon, 6 Jul 2015 13:47:40 +0000 (14:47 +0100)]
libxc: fix PV vNUMA guest memory allocation
In 415b58c1 (tools/libxc: Batch memory allocations for PV guests) the
number of super pages is calculated with the number of total pages. That
is wrong. It breaks PV guest vNUMA. The correct number of super pages
should be derived from the number of pages within that virtual NUMA
node.
Also change the name and type of super page variable to match the naming
convention and type of normal page variable. Make the necessary
adjustment to make code compile.
Reported-by: Dario Faggioli <dario.faggioli@citrix.com> Signed-off-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Ross Lagerwall <ross.lagerwall@citrix.com> Reviewed-and-Tested-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ian Campbell [Wed, 1 Jul 2015 14:43:07 +0000 (15:43 +0100)]
xen: earlycpio: Pull in latest linux earlycpio.[ch]
AFAICT our current version does not correspond to any version in the
Linux history. This commit resynchronised to the state in Linux
commit 598bae70c2a8e35c8d39b610cca2b32afcf047af.
Differences from upstream: find_cpio_data is __init, printk instead of
pr_*.
This appears to fix Debian bug #785187. "Appears" because my test box
happens to be AMD and the issue is that the (valid) cpio generated by
the Intel ucode is not liked by the old Xen code. I've tested by
hacking the hypervisor to look for the Intel path.
Reported-by: Stephan Seitz <stse+debianbugs@fsing.rootsland.net> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Cc: Jan Beulich <jbeulich@suse.com> Cc: Stephan Seitz <stse+debianbugs@fsing.rootsland.net> Cc: 785187@bugs.debian.org Acked-by: Jan Beulich <jbeulich@suse.com>
Ian Campbell [Tue, 7 Jul 2015 08:46:18 +0000 (09:46 +0100)]
xen: arm: consolidate mmio and irq mapping to dom0
The code in the callbacks for dt_for_each_irq_map and
dt_for_each_range is very similar to the code in handle_device for
each non-pci device.
In fact the only major difference is that the irq callback needs to
call irq_set_spi_type in the PCI case. Refactor into a
map_dt_irq_to_domain callback which does the irq_set_spi_type and then
calls map_irq_to_domain which is also used from handle_device.
For mmio map_range_to_domain can already be used directly from
handle_device too. Note that the uses of PAGE_MASK in the
handle_device code here were unnecessary (and already removed from the
map_range_to_domain variant).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Tue, 7 Jul 2015 08:46:17 +0000 (09:46 +0100)]
xen: arm: Import of_bus PCI entry from Linux (as a dt_bus entry)
This provides specific handlers for the PCI bus relating to matching
and translating. It's mostly similar to the defaults but includes some
additional error checks and other PCI specific bits.
There are some subtle differences in how the generic code vs. the pci
specific code here will handle buggy DTs (i.e. #*-cells which are not
as required by the pci bindings). This will mean we tolerate such
device trees better.
I say "buggy", but actually it's not clear to me from reading "PCI Bus
Binding to Open Firmware" that when the device_type is "pci" that
e.g. the text says "The value of "#address-cells" for PCI Bus Nodes is
3." and not "A PCI Bus Node must contain a #address-cells property
containing 3", iow the #address-cells might validly be implicit rather
than an actual property. Maybe that interpretation is bogus, but with
this patch we are are able to cope with DTs written by people who do
read it like that.
It also gets us the ability to parse the flags (cacheability),
although at the moment we only check them for validity rather than use
them.
Functions/types renamed and reindented (because apparently we do
that for these).
Needs a selection of IORESOURCE_* defines, which I've taken from Linux
and have included locally for now until we figure out where else they
might be needed.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Tue, 7 Jul 2015 08:46:16 +0000 (09:46 +0100)]
xen: arm: map child MMIO and IRQs to dom0 for PCI bus DT nodes.
This uses the dt_for_each_{irq_map,range} helpers to map the interrupt
and child MMIO regions to dom0. Since PCI busses are enumerable these
resources may not be otherwise described in the DT (although they can
be).
Although PCI is the only bus we handle this way the code should be
generic enough to apply to similar buses in the future.
This replaces the xgene specific mapping. Tested on Mustang and on a
model with a PCI virtio controller.
This patch doesn't stop recursing when it finds such a node, since
double mapping these resources if they do happen to be described is
(or should be) harmless
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Tue, 7 Jul 2015 08:46:15 +0000 (09:46 +0100)]
xen: arm: drop redundant extra call to vgic_reserve_virq
This is only needed if we are giving the IRQ to dom0 (as opposed to
setting it up for passthrough due to xen,passthrough property). There
is already a call to vgic_reserve_virq inside the if ( need_mapping ),
so drop this one.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Tue, 7 Jul 2015 08:46:14 +0000 (09:46 +0100)]
xen: dt: add dt_for_each_range helper
This function iterates over a node's ranges property and calls a
callback for each region. For now it only supplies the MMIO range (in
terms of CPU addresses, i.e. already translated).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Tue, 7 Jul 2015 08:46:13 +0000 (09:46 +0100)]
xen: dt: add dt_for_each_irq_map helper
This function iterates over a nodes interrupt-map property and calls a
callback for each interrupt. For now it only supplies the translated
IRQ since my use case has no need of e.g. child unit address. These
can be added as needed by any future users.
This follows much the same logic as dt_irq_map_raw when parsing the
interrupt-map, but doesn't walk up the tree doing the actual
translation and it iterates over all entries instead of just looking
for the first match.
I looked into refactoring dt_irq_map_raw but I couldn't find a way
which I was confident in, plus I was reluctant to diverge from the
Linux roots of this function any further.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
Ian Campbell [Tue, 7 Jul 2015 11:51:54 +0000 (12:51 +0100)]
tools: Rerun autogen.sh with Jessie version of autoconf
I have upgraded the box which I use to do committing (and hence run
autogen.sh on) from Debian Wheezy to Jessie, resulting in a upgrade
from autoconf 2.69-1 to 2.69-8. To avoid noise from this transition
when the next configure.ac change occurs regenerate those files now.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
For CAT, COS is maintained in hypervisor only while CBM is exposed to
user space directly to allow getting/setting domain's cache capacity.
For each specified CBM, hypervisor will either use a existed COS which
has the same CBM or allocate a new one if the same CBM is not found. If
the allocation fails because of no enough COS available then error is
returned. The getting/setting are always operated on a specified socket.
For multiple sockets system, the interface may be called several times.
In Xen's implementation, the CAT enforcement granularity is per domain.
Due to the length of CBM and the number of COS may be socket-different,
each domain has COS ID for each socket. The domain get COS=0 by default
and at runtime its COS is then allocated dynamically when user specifies
a CBM for the domain.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
For each socket, a COS to CBM mapping structure is maintained for each
COS. The mapping is indexed by COS and the value is the corresponding
CBM. Different VMs may use the same CBM, a reference count is used to
indicate if the CBM is available.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Detect Intel Cache Allocation Technology(CAT) feature and store the
cpuid information for later use. Currently only L3 cache allocation is
supported. The L3 CAT features may vary among sockets so per-socket
feature information is stored. The initialization can happen either at
boot time or when CPU(s) is hot plugged after booting.
Signed-off-by: Chao Peng <chao.p.peng@linux.intel.com>
Use -1 as notifier priority. Fix typos.
Paul Durrant [Tue, 7 Jul 2015 12:40:04 +0000 (14:40 +0200)]
x86/hvm: make sure emulation is retried if domain is shutting down
The addition of commit 2df1aa01 "x86/hvm: remove hvm_io_pending() check
in hvmemul_do_io()" causes a problem in migration because I/O that was
caught by the test of vcpu_start_shutdown_deferral() in
hvm_send_assist_req() is now considered completed rather than requiring
a retry.
This patch fixes the problem by having hvm_send_assist_req() return
X86EMUL_RETRY rather than X86EMUL_OKAY if the
vcpu_start_shutdown_deferral() test fails and then making sure that
the emulation state is reset if the domain is found to be shutting
down.
Reported-by: Don Slutz <don.slutz@gmail.com> Signed-off-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Tue, 7 Jul 2015 12:39:40 +0000 (14:39 +0200)]
x86/hvmloader: improve error handling for xenbus interactions
Consume and ignore all XS_DEBUG packets, and pass the response type back to
the caller of xenbus_recv() so the caller can take appropriate action if an
unexpected reply was received.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Andrew Cooper [Tue, 7 Jul 2015 12:39:27 +0000 (14:39 +0200)]
x86/hvmloader: avoid data corruption with xenstore reads/writes
The functions ring_read and ring_write() have logic to try and deal with
partial reads and writes.
However, in all cases where the "while (len)" loop executed twice, data
corruption would occur as the second memcpy() starts from the beginning of
"data" again, rather than from where it got to.
This bug manifested itself as protocol corruption when a reply header crossed
the first wrap of the response ring. However, similar corruption would also
occur if hvmloader observed xenstored performing partial writes of the block
in question, or if hvmloader had to wait for xenstored to make space in either
ring.
Reported-by: Adam Kucia <djexit@o2.pl> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
credit1: properly deal with pCPUs not in any cpupool
Ideally, the pCPUs that are 'free', i.e., not assigned
to any cpupool, should not be considred by the scheduler
for load balancing or anything. In Credit1, we fail at
this, because of how we use cpupool_scheduler_cpumask().
In fact, for a free pCPU, cpupool_scheduler_cpumask()
returns a pointer to cpupool_free_cpus, and hence, near
the top of csched_load_balance():
if ( unlikely(!cpumask_test_cpu(cpu, online)) )
goto out;
is false (the pCPU _is_ free!), and we therefore do not
jump to the end right away, as we should. This, causes
the following splat when resuming from ACPI S3 with
pCPUs not assigned to any pool:
The cure is:
* use cpupool_online_cpumask(), as a better guard to the
case when the cpu is being offlined;
* explicitly check whether the cpu is free.
SEDF is in a similar situation, so fix it too.
Still in Credit1, we must make sure that free (or offline)
CPUs are not considered "ticklable". Not doing so would impair
the load balancing algorithm, making the scheduler think that
it is possible to 'ask' the pCPU to pick up some work, while
in reallity, that will never happen! Evidence of such behavior
is shown in this trace:
Name CPU list
Pool-0 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14
x86 / cpupool: clear the proper cpu_valid bit on pCPU teardown
In fact, when a pCPU goes down, we want to clear its
bit in the correct cpupool's valid mask, rather than
always in cpupool0's one.
Before this commit, all the pCPUs in the non-default
pool(s) will be considered immediately valid, during
system resume, even the one that have not been brought
up yet. As a result, the (Credit1) scheduler will attempt
to run its load balancing logic on them, causing the
following Oops:
The reason why the error is a #GP fault is that, without
this commit, we try to access the per-cpu area of a not
yet allocated and initialized pCPU.
In fact, %rax, which is what is used as pointer, is 80007d2f7fccb780, and we also have this:
When dumping scheduling information (debug key 'r'), what
we print as 'Idle cpupool' is pretty much the same of what
we print immediately after as 'Cpupool0'. In fact, if there
are no pCPUs outside of any cpupools, it is exactly the
same.
If there are free pCPUs, there is some valuable information,
but still a lot of duplication:
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: George Dunlap <george.dunlap@eu.citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jan Beulich [Tue, 7 Jul 2015 08:39:52 +0000 (10:39 +0200)]
x86/nHVM: generic hook adjustments
Some of the generic hooks were unused altogether - drop them.
Some of the hooks were used only to handle calls from the specific
vendor's code (SVM) - drop them too.
Several more hooks were pointlessly implementaed as out-of-line
functions, when most (all?) other HVM hooks use inline ones - make
them inlines. None of them are implemented by only one of SVM or VMX,
so also drop the conditionals. Funnily nhvm_vmcx_hap_enabled(), having
return type bool_t, nevertheless returned -EOPNOTSUPP.
nhvm_vmcx_guest_intercepts_trap() and its hook and implementations are
being made return bool_t, as they should have been from the beginning
(its sole caller only checks for a non-zero result).
Finally, make static whatever can as a result be static.
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Jan Beulich [Tue, 7 Jul 2015 08:34:13 +0000 (10:34 +0200)]
x86: drop is_pv_32on64_domain()
... as being identical to is_pv_32bit_domain() after the x86-32
removal.
In a few cases this includes no longer open-coding is_pv_32bit_vcpu().
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Jan Beulich [Tue, 7 Jul 2015 08:30:12 +0000 (10:30 +0200)]
gnttab: clean up gnttab_set_version()
- drop pointless nr_grant_entries() check from loop over reserved
entries (adding suitable BUILD_BUG_ON()s to validate that)
- adjust types
- rename d to currd
- formatting
Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Jan Beulich [Tue, 7 Jul 2015 08:28:25 +0000 (10:28 +0200)]
gnttab: fix out of range shift count
Commit 213f145114 ("gnttab: fix/adjust gnttab_transfer()") wasn't
careful enough in this regard.
Coverity ID: 1306859 Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
libxc: Fix misleading use of strncpy code in build_hvm_info()
hvm_info->signature is not a string, but an 64 bit int, and is not
NULL terminated. The use of strncpy to populate it is inappropriate and
potentially misleading. A cursory glance might have you thinking someone
had miscounted the length of the string literal - not realising it was
intentionally cropping of the null termination.
Also, since we wish to initialise all of hvm_info->signature, and
certainly no more, the use of sizeof is safer.
Signed-off-by: Jennifer Herbert <jennifer.herbert@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
libxc: Prevent dereferencing NULL pointers returned from xc_dom_allocate()
The return from xc_dom_allocate is not checked for a NULL value.
This patch fixes this, causing it to return from the function with an error.
Signed-off-by: Jennifer Herbert <jennifer.herbert@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
It is not sensible that adding -d would cause different output on
stdout. And that -N would produce less debug output is hardly
surprising in general and not really a problem in this case.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: New patch in this version of the mini-series.
The domid is always NULL (as the domain has not been created at this
stage).
This is annoying if you want to take this output and use it for some
actually useful purpose like domain creation: either it needs to be
massaged, or the the consuming tool needs to be taught to look inside
the json object for the `config' element (which IMO makes no sense as
an interface).
We would like to be able to pass libxl json configs around sensibly.
In the future maybe xl will grow an option to create a domain from a
json config, and this is currently something I want to be able to have
a test tool do.
Note that this change is NOT BACKWARDS COMPATIBLE. But it would only
adversely affects anyone who uses `xl -N create' and then saves and
processes the JSON. (The output from xl list et al is not changed; it
normally needs the domid.) Such a user should probably have already
have complained about the infelicitous output. If they haven't it
would be simple enough for them to bookend the output so as to provide
compatible output.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Ian Campbell <ian.campbell@citrix.com> CC: Wei Liu <wei.liu2@citrix.com> CC: Euan Harris <euan.harris@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: Print json output to correct filehandle
(Using newly introduced flush_stream.)
Ian Jackson [Fri, 3 Jul 2015 11:36:20 +0000 (12:36 +0100)]
xl: Break out flush_stream
We are going to want to reuse this. Adjust the code slightly to
detect right away call sites that pass something other than stdout or
stderr.
No resulting functional change.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: New patch in this version of the mini-series
Ian Campbell [Fri, 26 Jun 2015 11:06:09 +0000 (12:06 +0100)]
stubdom: vtpmmgr: Correctly format size_t with %z when printing.
Also contains a fix from Thomas Leonard (to use %u for "4 + 32", not
%lu) previously posted as part of "mini-os: enable compiler check for
printk format types" but with mini-os now having been split a separate
repo most of that change has been applied there.
This fixes the 32-bit build with updated mini-os which includes format
string checking.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-By: Samuel Thibault <samuel.thibault@ens-lyon.org>
[ ijc -- Updated MINIOS_UPSTREAM_REVISION ]
Chen Baozi [Tue, 30 Jun 2015 08:00:22 +0000 (16:00 +0800)]
xen/arm64: increase MAX_VIRT_CPUS to 128 on arm64
After we have increased the size of GICR in address space for guest
and made use of both AFF0 and AFF1 in (v)MPIDR, we are now able to
support up to 4096 vCPUs in theory. However, it will cost 512M
address space for GICR region, which is unnecessarily big at the
moment. Considering the max CPU number that GIC-500 can support and
the old value of MAX_VIRT_CPUS before commit aa25a61, we increase
its value to 128.
Signed-off-by: Chen Baozi <baozich@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Chen Baozi [Tue, 30 Jun 2015 08:00:21 +0000 (16:00 +0800)]
xen/arm: make domain_max_vcpus return value from vgic_ops
Each vGIC driver supports different maximum numbers of vCPU. For
example, GICv2 is limited to 8 vCPUs, while GICv3 can support up
to 4096 vCPUs if we use both AFF0 and AFF1. Thus, domain_max_vcpus
should depend on not only MAX_VIRT_CPUS but also the version
of vGIC that the guest uses.
Since evtchn_init would call domain_max_vcpus to allocate poll_mask
when the vgic_ops haven't been initialised yet, we make it return
MAX_VIRT_CPUS at that time. On ARM32, event channel doesn't need
to allocate the poll_mask because MAX_VIRT_CPUS < BITS_PER_LONG,
while allocating more memory (2 unsigned long rather than 1) only
for poll_mask on arm64 with GICv2 looks not so expensive.
We didn't keep it as the old static inline form because it will break
compilation when access the member of struct domain:
In file included from xen/include/xen/domain.h:6:0,
from xen/include/xen/sched.h:10,
from arm64/asm-offsets.c:10:
xen/include/asm/domain.h: In function ‘domain_max_vcpus’:
xen/include/asm/domain.h:266:10: error: dereferencing pointer to incomplete type
if (d->arch.vgic.version == GIC_V2)
^
Signed-off-by: Chen Baozi <baozich@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Chen Baozi [Tue, 30 Jun 2015 08:00:20 +0000 (16:00 +0800)]
xen/arm: Set 'reg' of cpu node for dom0 to match MPIDR's affinity
According to ARM CPUs bindings, the reg field should match the MPIDR's
affinity bits. We will use AFF0 and AFF1 when constructing the reg value
of the guest at the moment, for it is enough for the current max vcpu
number.
Signed-off-by: Chen Baozi <baozich@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
[ ijc -- use PRIx64 to format mpidr_aff in node name, fixing 32-bit
build ]
Chen Baozi [Tue, 30 Jun 2015 08:00:19 +0000 (16:00 +0800)]
tools/libxl: Set 'reg' of cpu node equal to MPIDR affinity for domU
According to ARM CPUs bindings, the reg field should match the MPIDR's
affinity bits. We will use AFF0 and AFF1 when constructing the reg value
of the guest at the moment, for it is enough for the current max vcpu
number.
Chen Baozi [Tue, 30 Jun 2015 08:00:18 +0000 (16:00 +0800)]
xen/arm: Use AFF1 when translating ICC_SGI1R_EL1 to cpumask
The old unsigned long type of vcpu_mask can only express 64 cpus at the
most, which might not be enough for the guest which used vGICv3. We
introduce a new struct sgi_target for the target cpu list of SGI, which
holds the affinity path information (only level 1 at the moment). For
GICv2 that has no affinity level, we can just set the corresponding
fields to be 0.
Chen Baozi [Tue, 30 Jun 2015 08:00:17 +0000 (16:00 +0800)]
xen/arm: Use the new functions for vCPUID/vaffinity transformation
There are 3 places to change:
* Initialise vMPIDR value in vcpu_initialise()
* Find the vCPU from vMPIDR affinity information when accessing GICD
registers in vGIC
* Find the vCPU from vMPIDR affinity information when booting with vPSCI
in vGIC
- Both PSCI 0.1 and PSCI 0.2 are modified to respect the MPIDR like.
Chen Baozi [Tue, 30 Jun 2015 08:00:16 +0000 (16:00 +0800)]
xen/arm: Add functions of mapping between vCPUID and virtual affinity
GICv3 restricts that the maximum number of CPUs in affinity 0 (one
cluster) is 16. (See the note of 'Bits[15:0]' in '5.7.29 ICC_SGI0R_EL1
ICC_SGI1R_EL1 and ICC_ASGI1R_EL1, GICv3 Architecture Specification')
That is to say the upper 4 bits of affinity 0 is unused. Current
implementation considers that AFF0 is equal to vCPUID, which makes all
vCPUs in one cluster, limiting its number to 16. If we would like to
support more than 16 number of vCPU in one guest, we need to make use
of AFF1. Considering the unused upper 4 bits, we need to create a pair
of functions mapping the vCPUID and virtual affinity.
libxl: unset info->numa_placement upon successful placement
so that, if the same config is reused later, the following
two (good) things happen:
- we do not trip over warnings because node and/or vcpu
soft affinity now exist (as a consequence of the
successful placement), but numa_placement is still
true;
- we end up always using the results of the original
execution of the placement algorithm, rather than
re-running it at each re-use of the same config,
which is what most users expects and wants.
This fixes the bug reported here:
http://lists.xenproject.org/archives/html/xen-devel/2015-06/msg04454.html
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
libxl: turn NUMA placement misconfigs into warnings
instead than errors. More specifically, in libxl,
b_info->numa_autoplacement is meant as a way to
disable automatic NUMA placement, if one does not
want it to happen. It is, however, useful for
consistency checking as well, i.e., to ensure that
the user provided configuration (such as, for instance,
vcpu hard or soft affinity) and NUMA placement itself
will not clash.
However, right now, if such a clash happens we abort
domain creation and error out, which is too much! It
is, in fact, enough to infom the user/caller that NUMA
placement won't be performed, with a WARN, and that's
what this commit does.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Currently, it's hard to decide whether a part of the domain
initialization should live in gicv_setup (part of the GIC
driver) and domain_init (part of the vGIC driver).
The code to initialize the domain for a specific vGIC version is always
the same no matter the version of the GIC.
Move all the domain initialization code for the vGIC in the respective
domain_init callback of each vGIC drivers.
New structures have been introduced to store HW information per vGIC.
Each vGIC HW structure contains a boolean to indicate if the current GIC is
able to support this specific version of virtual GIC.
Helpers have been introduced in order to help the GIC correctly setup
the vGIC. The GIC will have to call them to announce support for this
specific version.
Also drop fields that become unnecessary in each global state.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: gic-v3: Rework the messages printed at initialization
- Print all the redistributor regions rather than only the first
one...
- Add # in the format to print 0x for hexadecimal. It's easier to
differentiate from decimal
- Re-order information printed
- Drop print of the virtual addresses. It makes the log more
difficult to read and don't improve user debugging experience (the
value can't be used like as it is).
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen/arm: gic-v3: Fix the distributor region to 64kB
On GICv3, the default size of the distributor region is 64kB (see 5.3
in PRD03-GENC-010745 24.0). This region can be extended to provide an
implementation defined set of pages containing additional aliases for MSI.
Although, the GICv3 driver only access to register within the default
distributor region.
Furthermore, our vGIC driver implementation doesn't support the extended
distributor. Therefore there is no reason to expose it to DOM0.
Finally drop the field dbase_size which is not useful anymore.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Julien Grall [Wed, 17 Jun 2015 13:58:27 +0000 (14:58 +0100)]
xen/arm: Find automatically the gnttab region for DOM0
Currently, the grant table region is hardcoded per-platform. When a new
board is coming up, we have to check the spec in order to find a space
in the memory layout free. Depending on the platform it may be tedious.
A good candidate for the gnttab region is the one used by Xen binary as
some part will never be mapped to the DOM0 address, MMIO are mapped 1:1
and the RAM will be either:
- direct mapped: 1:1 mapping is used => no problem
- non direct mapped: Xen always relocates himself as high as possible
(limited to 4GB on ARM32) and the RAM bank are filled from the first
one. It's very unlikely that the gnttab region will overlap with the
RAM. Although for safety a check may be necessary when we will reenable
the option.
Furthermore, there is plenty of space to contain a big gnttab, the default
size is 32 frame (i.e 128KB) but it can be changed via a command option.
It's not possible to use the whole region used by Xen, as some part of
the binary will be freed after Xen boot and can be used by DOM0 and other
guest. A sensible choice is the text secion as it will always reside in
memory never be mapped to the guest and the size is big enough (~300KB
on ARM64). It could be extended later to use other contiguous sections
such as data...
Note that on ARM64, the grant table region may be after 4GB (Xen is
relocated to the highest address) using DOM0 32 bit with short page table
may not work. Although, I don't think this is a big deal as device may not
work and/or the RAM is too high due to the 1:1 mapping.
This patch also drop the platforms thunderx and xilinx-zynqmp which became
dummy by dropping the hardcoding DOM0 grant table region.
Ian Jackson [Wed, 1 Jul 2015 14:20:03 +0000 (15:20 +0100)]
libxl: Do not try to destroy domain -1 on failed create
Perhaps since f0c4c53f "libxl: domain create: Do not destroy on ao
abort", we have destroyed guest_domid==-1 if domain creation fails
without actually creating a domid.
Reported-by: Julien Grall <julien.grall@citrix.com> CC: Julien Grall <julien.grall@citrix.com> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Liang Li [Mon, 29 Jun 2015 21:27:16 +0000 (05:27 +0800)]
nested EPT: fix the handling of nested EPT
If the host EPT entry is changed, the nested EPT should be updated.
the current code does not do this, and it's wrong.
I have tested this patch, the L2 guest can boot and run as normal.
Signed-off-by: Liang Li <liang.z.li@intel.com> Signed-off-by: Yang Zhang <yang.z.zhang@intel.com> Reported-by: Tim Deegan <tim@xen.org> Reviewed-by: Tim Deegan <tim@xen.org>
Tiejun Chen [Mon, 29 Jun 2015 06:51:36 +0000 (14:51 +0800)]
tools/libxc: check to set args.mmio_size before call xc_hvm_build
After commit 5dff8e9eedc7, "libxc/libxl: fill xc_hvm_build_args in
libxl" is introduced, we won't check to set args.mmio_size inside
xc_hvm_build as before. So instead, we need to do this before call
that.
CC: Ian Jackson <ian.jackson@eu.citrix.com> CC: Stefano Stabellini <stefano.stabellini@eu.citrix.com> CC: Ian Campbell <ian.campbell@citrix.com> CC: Wei Liu <wei.liu2@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: Tiejun Chen <tiejun.chen@intel.com>
Ian Campbell [Fri, 26 Jun 2015 09:41:28 +0000 (10:41 +0100)]
xen: Install unstripped version -syms version into /usr/lib/debug
xen-*-syms cannot actually be booted, so putting it in /boot is a bit
misleading. It also happens to cause a warning from update-grub (so at
least it doesn't end up in grub.cfg)
/usr/lib/debug seems to be a pretty common path for installing such
debug info.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com>
[ ijc -- fixed typos ]
Ian Campbell [Fri, 26 Jun 2015 11:39:54 +0000 (12:39 +0100)]
xen: arm: Log a warning message when a deprecated hypercall is used
A few folks have been caught out by OSes which call e.g.
HYPERVISOR_event_channel_op_compat which has been deprecated since
3.2.2 (i.e. long before Xen on ARM). Existing x86 code can still
safely and quietly using those calls, waiting for an unsuspecting ARM
porter to turn up and trip over it. This turns out to be rather
perplexing when it happens, since it can be obscured e.g. by various
conditionals like __XEN_INTERFACE_VERSION__ what is actually being
called.
Note that I'm making a distinction here between hypercalls which are
simply not used/implemented on arm (yet) and those which were
deprecated and replaced by a newer variant prior to Xen on ARM even
being invented. The latter will never be implemented on ARM and have
non-deprecated aliases leading to confusion so those are the ones for
which a warning is useful.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Tested-by: Ard Biesheuvel <ard@linaro.org> Cc: Jan Beulich <JBeulich@suse.com> Cc: Keir Fraser <keir@xen.org> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Cc: Anthony PERARD <anthony.perard@citrix.com> Reviewed-by: Julien Grall <julien.grall@citrix.com>
A find option was forgotten in commit 6592bf60beaf1fa0b4fd36fb73800eb001c739af
"docs: Look for documentation in sub-directories" resulting to get some
docs duplicated and other missing.
Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Ian Jackson [Mon, 29 Jun 2015 14:29:33 +0000 (15:29 +0100)]
libxl: Fix uninitialised rc in libxl__domain_save_device_model
c3c8da9 "libxl: ao: datacopier callback gets an rc" caused
libxl__domain_save_device_model() to pass its rc directly into the
callback.
However in the preexisting code, there were 3 "goto out;" paths which
left rc uninitialised. This causes a build failure with GCC 4.8's
-Wmaybe-uninitialized.
Set the rc explicitly on each goto out path.
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Ian Jackson [Fri, 26 Jun 2015 17:24:22 +0000 (18:24 +0100)]
libxl: Add missing #include of <signal.h>
"libxl: ao abort: Handle SIGTERM in save/restore helper" requires
this; without it we fail to build on BSD.
Reported-by: Ian Campbell <ian.campbell@citrix.com> CC: Ian Campbell <ian.campbell@citrix.com> CC: Roger Pau Monne <roger.pau@citrix.com> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Ian Jackson [Tue, 23 Jun 2015 17:10:51 +0000 (18:10 +0100)]
libxl: spawn: Always debug log middle child process death
Otherwise the debug log is strangely devoid of an explanation for the
spawn completing.
We decorate `what', as otherwise the logged message is rather alarming
(especially if the death is due to us sending SIGKILL, which even
happens on the success path).
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
---
v4: New patch in this version of the series.
Ian Jackson [Tue, 10 Feb 2015 19:37:33 +0000 (19:37 +0000)]
libxl: ao: datacopier callback gets an rc
libxl__datacopier_* now provides its caller's callback function with
an rc value. This relieves the caller of the need to figure out an
appropriate rc value.
Arrange that the `other internal failure' cases now get a valid
positive errno value (EIO).
In a few places, assert that errno is nonzero before passing it to our
caller.
Extend the datacopier callback API to permit the dc to signal ABORTED.
(It doesn't actually do this yet, though.)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> CC: Andrew Cooper <andrew.cooper3@citrix.com> CC: David Vrabel <david.vrabel@citrix.com>
---
v2: New in this version of the series.
Ian Jackson [Tue, 10 Feb 2015 19:10:18 +0000 (19:10 +0000)]
libxl: ao abort: Abort libxc save/restore
Register the the save/restore helper interface with the abort
machinery. When we are informed that save/restore should be aborted,
we make a note of the that in our rc variable, and send the helper a
SIGTERM. It will die in due course.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: New in this version of the series.
Ian Jackson [Tue, 10 Feb 2015 19:05:06 +0000 (19:05 +0000)]
libxl: ao abort: Handle SIGTERM in save/restore helper
During startup of the save/restore helper, set the disposition of
SIGTERM appropriately.
For restore, we can simply die immediately - there is no point trying
to do any kind of cleanup on what is now going to be a trashed domain.
For save, we want to arrange that libxc's cleanup code (eg turning off
logdirty) takes place. So our signal handler replaces the fd with one
on which writes will fail, causing libxc's own loop to fail next time
it actually tries to do a write.
Currently this has only a minor beneficial effect: we don't send the
helper a SIGTERM ourselves, and if someone else contrives to send our
helper a SIGTERM they have probably sent one to libxl too in which
case things are going to be a bit messy anyway.
But in the next patch libxl itself is going to use SIGTERM to
implement ao abort requests.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: New in this version of the series.
Ian Jackson [Tue, 10 Feb 2015 17:53:21 +0000 (17:53 +0000)]
libxl: ao abort: Support aborting where we spot domain death
Make an active libxl__domaindeathcheck contain an active
libxl__ao_abortable.
Consequential changes are:
* domaindeath callbacks now take an rc value.
* libxl__domaindeathcheck_start takes an ao, not a gc.
* bootloader_domaindeath plumbs the rc through to its caller.
* libxl__domaindeathcheck_init and _stop are not quite trivial any
more so are moved from (inline functions) in libxl_internal.h, to
ordinary functions defined in libxl_event.c.
* libxl__domaindeathcheck_start is not trivial any more, and now has
the standard error-handling pattern.
The only current user of libxl__domaindeathcheck is the bootloader.
So the result is that now it is possible to effectively abort domain
creation while the bootloader is running.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: New in this version of the series.
Ian Jackson [Tue, 10 Feb 2015 17:48:40 +0000 (17:48 +0000)]
libxl: Introduce DOMAIN_DESTROYED error code
This is currently reported only by the bootloader code, if the domain
is destroyed while the bootloader is running.
In the future it would be nice to return it for other circumstances
where the domain existed when the operation started but subsequently
vanished.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v4: Add a comment about the new error code's semantics
v2: New in this version of the series.
Ian Jackson [Tue, 10 Feb 2015 17:18:23 +0000 (17:18 +0000)]
libxl: ao abort: Note that driver domain task cannot be usefully aborted
In practice, aborting this task will cause all subsequent actual
backend operations to fail, but will not actually cause the
libxl_device_events_handler operation to complete.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> CC: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: New in this version of the series.
Ian Jackson [Fri, 20 Dec 2013 18:02:54 +0000 (18:02 +0000)]
libxl: ao abort: Make timeouts abortable
Make libxl__ev_time* register with the abort machinery, so that
libxl_ao_abort can stop any operation which has a timeout.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
---
v4: Do not immediately deregister the abortable (!)
(v3 was Acked-by: Ian Campbell <ian.campbell@citrix.com>)
Ian Jackson [Tue, 10 Feb 2015 19:16:08 +0000 (19:16 +0000)]
libxl: ao abort: Provide explicit internal abort check API
Some places in libxl which can't handle abort via a
libxl__ao_abortable callback might nevertheless benefit from being
able to explicitly check whether abort has been requested.
Provide the (fairly trivial) internal API function to do this.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: New in this version of the series.
Ian Jackson [Fri, 20 Dec 2013 16:34:50 +0000 (16:34 +0000)]
libxl: ao abort: Provide public ao abort request API
Provide libxl_ao_abort.
There is machinery to allow an ao to register an interest in abort
requests, using a libxl__ao_abortable.
This API is not currently very functional: requesting abort will
never have any effect.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com>
---
v5: Clarify API doc comment re aborting synchronous operations.
v4: Rename from cancel to abort.
Actually record aos on aos_inprogress.
(Report from Koushik Chakravarty at Citrix.)
Do not mark libxl_ao_cancel hidden (!)
Abolish ERROR_NOTIMPLEMENTED from libxl_ao_cancel.
All operations are supposed to support cancellation.
v2: Minor comment improvements
Ian Jackson [Fri, 20 Dec 2013 16:34:41 +0000 (16:34 +0000)]
libxl: ao: Provide manip_refcnt
Previously we used in_initiator to stop the ao being freed while we
were still in the initiator function (which would result in the
initiator's call to libxl__ao_inprogress accessing the ao after it had
been freed).
We are going to introduce a new libxl entrypoint which finds, and
operates on, ongoing aos. This function needs the same protection,
and might even end up running on the same ao multiple times
concurrently.
So do this with reference counting instead, with a new variable
ao->manip_refcnt.
We keep ao->in_initiator because that allows us to keep some useful
asserts about the sequencing of libxl__ao_inprogress, etc.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v5: Fix typo in commit message.
v3: Add a missing space.
Mention locking in the comment.
projects / xen.git / log