Ian Campbell [Fri, 15 Jan 2016 13:24:03 +0000 (13:24 +0000)]
mini-os: Include libxenforeignmemory with libxc
libxenforeignmemory has just been split out from libxc. From mini-os's
point of view we don't care about the distinction, so keep things
simple by just including libxenforeignmemory if libxc is enabled.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Wei Liu <wei.liu2@citrix.com>
Ian Campbell [Fri, 15 Jan 2016 13:24:02 +0000 (13:24 +0000)]
mini-os: Include libxencall with libxc
libxencall has just been split out from libxc. From mini-os's point
of view we don't care about the distinction, so keep things simple by
just including libxencall if libxc is enabled.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Wei Liu <wei.liu2@citrix.com>
Ian Campbell [Fri, 15 Jan 2016 13:24:01 +0000 (13:24 +0000)]
mini-os: Include libxengnttab with libxc
libxengnttab has just been split out from libxc. From mini-os's point
of view we don't care about the distinction, so keep things simple by
just including libxengnttab if libxc is enabled.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Wei Liu <wei.liu2@citrix.com>
Ian Campbell [Fri, 15 Jan 2016 13:24:00 +0000 (13:24 +0000)]
mini-os: Include libxenevtchn with libxc
libxenevtchn has just been split out from libxc. From mini-os's point
of view we don't care about the distinction, so keep things simple by
just including libxenevtchn if libxc is enabled.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Wei Liu <wei.liu2@citrix.com>
Ian Campbell [Thu, 3 Dec 2015 11:23:25 +0000 (11:23 +0000)]
mini-os: Include libxentoollog with libxc
libxentoollog has just been split out from libxc. From mini-os's point
of view we don't care about the distinction, so keep things simple by
just including libxentoollog if libxc is enabled.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Wei Liu <wei.liu2@citrix.com>
Juergen Gross [Fri, 20 Nov 2015 18:32:42 +0000 (19:32 +0100)]
minios: don't rely on specific page table allocation scheme
Today mini-os is making assumptions how the page tables it is started
with are being allocated. Especially it is using the number of page
table frames to calculate which is the first unmapped pfn.
Instead of relying on page table number assumptions just look into the
page tables to find the first pfn not already mapped.
Signed-off-by: Juergen Gross <jgross@suse.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Wei Liu [Tue, 27 Oct 2015 15:43:28 +0000 (15:43 +0000)]
xenbus: notify the other end when necessary
The xenbus thread didn't send notification to other end when it expected
more data or consumed responses, which led to stalling the ring from
time to time.
This is the culprit that guest was less responsive when using stubdom
because the device model was stalled.
Fix this by sending notification to the other end when it consumes a
message. A bunch of memory barriers are also added to ensure
correctness.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Olaf Hering [Tue, 3 Feb 2015 11:45:37 +0000 (12:45 +0100)]
mini-os: sort objects in binary archives
When building stubdom the mini-os objects are also linked into the
binary. Unfortunately the linker will place them in the order found in
the archive. Since this order is random the resulting stubdom binary
differs when it was built from identical sources but on different
build hosts. To help with creating a reproducible binary the elements
in an archive must simply be sorted before passing them to $(AR).
Signed-off-by: Olaf Hering <olaf@aepfle.de> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[ ijc -- massaged paths to apply to external mini-os tree ]
Wei Liu [Thu, 29 Jan 2015 19:10:04 +0000 (19:10 +0000)]
Mini-OS: standalone build
In order to keep the tree bisectable all the changes are done in one
single commit.
Things done in this commit:
1. Import necessary .mk files from Xen.
2. Move all XEN_ related variables to MINIOS_ namespace.
3. Import Xen public header files.
4. Import BSD's list.h and helper script.
Mini-OS's vanilla Config.mk is modified to contain some macros copied
from Xen's Config.mk. It also contains compatibility handling logic for
Xen's stubdom build environment.
Signed-off-by: Wei Liu <wei.liu2@citrix.com> Cc: Ian Campbell <ian.campbell@citrix.com> Cc: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Quan Xu [Thu, 15 Jan 2015 09:21:46 +0000 (04:21 -0500)]
vTPM/TPM2: TPM2.0 TIS initialization and self test.
call the TPM 2.0 various registers that allow communication between
the TPM 2.0 and platform hardware and software. TPM2_SelfTest causes
the TPM 2.0 to perform a test of its capabilities.
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Martin Lucina [Thu, 4 Dec 2014 13:33:53 +0000 (14:33 +0100)]
Mini-OS: netfront: Fix rx ring starvation in network_rx
In network_rx() we must push the same amount of requests back onto the
ring in the second loop that we consumed in the first loop. Otherwise
the ring will eventually starve itself of free request slots and no
packets will be delivered.
Further, we make the HAVE_LIBC codepath clearer to follow by removing
the "some" variable from the for loop initialisation and conditions.
Signed-off-by: Martin Lucina <martin@lucina.net> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Fri, 3 Oct 2014 09:20:51 +0000 (10:20 +0100)]
mini-os: arm: show registers, stack and exception vector on fault
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
[ ijc -- dropped change to extras/mini-os/ARM-TODO.txt, since the
patch which creates it hasn't been applied yet. ]
Thomas Leonard [Fri, 3 Oct 2014 09:20:48 +0000 (10:20 +0100)]
mini-os: arm: time
Based on an initial patch by Karim Raslan.
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com> Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Emil Condrea [Thu, 30 Oct 2014 13:05:30 +0000 (15:05 +0200)]
vTPM: Fix Atmel timeout bug.
Some versions of Atmel TPMs provide invalid values for TPM_CAP_PROP_TIS_TIMEOUT query.
Because timeouts are invalid, every other command after tpm_get_timeouts will fail.
It is a known issue and it was fixed recently in linux kernel tpm_tis.c on 2014-07-29.
This patch does not allow timeouts to be less than standard values.
I tested it on a Dell Latitude E5520 and after making the changes I was able to start vtpmmgr-stubdom.
Signed-off-by: Emil Condrea <emilcondrea@gmail.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Move xenstore and libxc public headers to include subdir
Also moves xc_dom.h to include as it is used often by other xen tools.
Use the new include subdirectories to build Xen tools, qemu-xen and
stubdoms.
Add the old libxc include path to the programs that need it to build,
on a case by case basis and commeting that they shouldn't require
internal libxc headers to build.
[ And: update QEMU_TRADITIONAL_REVISION to corresponding qemu patch
- Ian jackson ]
Karim Raslan [Fri, 8 Aug 2014 15:47:37 +0000 (16:47 +0100)]
mini-os: arm: events
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com> Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Thomas Leonard [Fri, 8 Aug 2014 15:47:36 +0000 (16:47 +0100)]
mini-os: arm: scheduling
Based on an initial patch by Karim Raslan.
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com> Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Thomas Leonard [Fri, 8 Aug 2014 15:47:35 +0000 (16:47 +0100)]
mini-os: arm: memory management
Based on an initial patch by Karim Raslan.
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com> Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Thomas Leonard [Fri, 8 Aug 2014 15:47:34 +0000 (16:47 +0100)]
mini-os: arm: boot code
Based on an initial patch by Karim Raslan.
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com> Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Karim Raslan [Fri, 8 Aug 2014 15:47:33 +0000 (16:47 +0100)]
mini-os: arm: add header files
Adds header files for future ARM support.
Based on work by Karim Allah Ahmed.
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com> Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Julien Grall <julien.grall@linaro.org> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Fri, 8 Aug 2014 15:47:30 +0000 (16:47 +0100)]
mini-os: don't include lib.h from mm.h
This breaks the include cycle hypervisor.h -> hypercall-x86_32.h -> mm.h
-> lib.h -> gntmap.h -> os.h -> hypervisor.h.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Olaf Hering [Tue, 22 Jul 2014 07:19:16 +0000 (09:19 +0200)]
mini-os: tpm: remove usage of inline keyword
Compilation fails with gcc-4.3:
tpmback.c: In function 'tpmback_resp':
tpmback.c:148: error: inlining failed in call to 'tpmdev_check_req': call is unlikely and code size would grow
tpmback.c:165: error: called from here
tpmback.c: In function 'new_tpmif':
tpmback.c:384: error: inlining failed in call to '__init_tpmif': call is unlikely and code size would grow
tpmback.c:425: error: called from here
Adjust code to use static instead of inline, it has the same effect.
Change also tpmif_req_ready and tpmif_req_finished before they start to
cause failures.
Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
This patch is with respect to the following discussion on xen-devel -
http://lists.xenproject.org/archives/html/xen-devel/2014-07/msg01991.html
The file extras/mini-os/tpmback.c was failing compilation on certain compilers
because of size mismatch between enum and int. Earlier the code used to read
value of enum using %d format, which failed compilation on some compilers:
tpmback.c: In function ‘tpmif_change_state’:
tpmback.c:350:4: error: format ‘%d’ expects argument of type ‘int *’,
but argument 3 has type ‘enum xenbus_state *’ [-Werror=format=]
if(sscanf(value, "%d", &readst) != 1) {
^
Now the value is read into an actual int variable and then assigned to the
enum.
Signed-off-by:- Dushyant Behl <myselfdushyantbehl@gmail.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[ ijc -- added the actual error to the commit log ]
Thomas Leonard [Wed, 16 Jul 2014 11:07:46 +0000 (12:07 +0100)]
mini-os: use generic local_irq_enable function
__sti is x86 specific.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Karim Raslan [Thu, 26 Jun 2014 11:28:25 +0000 (12:28 +0100)]
mini-os: added arch_init_gnttab
Moves some x86-specific code into arch/x86.
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com>
[talex5@gmail.com: split into multiple patches] Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Karim Raslan [Thu, 26 Jun 2014 11:28:23 +0000 (12:28 +0100)]
mini-os: switched initial C entry point to arch_init
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com>
[talex5@gmail.com: separated from big ARM commit]
[talex5@gmail.com: restored comment, moved prototypes to headers] Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[talex5@gmail.com: restored stack address printk on x86]
[talex5@gmail.com: moved first printk's after start_info setup on x86] Signed-off-by: Thomas Leonard <talex5@gmail.com>
Thomas Leonard [Thu, 26 Jun 2014 11:28:22 +0000 (12:28 +0100)]
mini-os: made off_t type signed
POSIX requires this.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Thu, 26 Jun 2014 11:28:21 +0000 (12:28 +0100)]
mini-os: use unbind_evtchn in unbind_all_ports
This marks the channel as closed, in case someone tries to use it again.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Thu, 26 Jun 2014 11:28:20 +0000 (12:28 +0100)]
mini-os: fixed format string error in unbind_evtchn
Would crash if HYPERVISOR_event_channel_op returned an error code.
The other changes in this commit are just fixing indentation.
Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.cammpbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Thomas Leonard [Thu, 26 Jun 2014 11:28:19 +0000 (12:28 +0100)]
mini-os: fixed shutdown thread
Before, it read "" and started a shutdown immediately. Now, it waits for
a non-empty value and then actually shuts down.
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[talex5@gmail.com: avoid declaration-after-statement in kernel.c] Signed-off-by: Thomas Leonard <talex5@gmail.com>
Thomas Leonard [Thu, 26 Jun 2014 11:28:18 +0000 (12:28 +0100)]
mini-os: build fixes
Make .o rules depend on the includes. Before, only the final link step
depended on setting up the includes directory, making parallel builds
unreliable.
Make symlinks use explicit make rules instead of using a phony target.
Avoids unnecessary rebuilds.
[talex5@gmail.com: bring back "make links", for stubdom] Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Karim Raslan [Wed, 11 Jun 2014 10:30:15 +0000 (11:30 +0100)]
mini-os: moved events code under arch
This is all code motion, except that we now initialise
the ev_actions array before calling the arch-specific code
to make it more robust against future changes.
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com>
[talex5@gmail.com: separated from big ARM commit] Signed-off-by: Thomas Leonard <talex5@gmail.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Karim Raslan [Wed, 11 Jun 2014 10:30:14 +0000 (11:30 +0100)]
mini-os: tidied up code
Signed-off-by: Karim Allah Ahmed <karim.allah.ahmed@gmail.com>
[talex5@gmail.com: separated from big ARM commit] Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[talex5@gmail.com: use __func__ in DEBUG macro]
[talex5@gmail.com: drop text about "xm create"] Signed-off-by: Thomas Leonard <talex5@gmail.com>
Andrew Cooper [Fri, 24 Jan 2014 18:28:11 +0000 (18:28 +0000)]
minios: Correct HYPERVISOR_physdev_op()
A physdev_op is a two argument hypercall, taking a command parameter and an
optional pointer to a structure.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Mike Neilsen [Wed, 22 Jan 2014 17:41:11 +0000 (11:41 -0600)]
mini-os: Fix stubdom build failures on gcc 4.8
This is a fix for bug 35:
http://bugs.xenproject.org/xen/bug/35
This bug report describes several format string mismatches which prevent
building the stubdom target in Xen 4.3 and Xen 4.4-rc2 on gcc 4.8. This is a
copy of Alex Sharp's original patch with the following modifications:
* Andrew Cooper's recommendation applied to extras/mini-os/xenbus/xenbus.c to
avoid stack corruption
* Samuel Thibault's recommendation to make "fun" an unsigned int rather than an
unsigned long in pcifront_physical_to_virtual and related functions
(extras/mini-os/include/pcifront.h and extras/mini-os/pcifront.c)
Tested on x86_64 gcc Ubuntu/Linaro 4.8.1-10ubuntu9.
Coverity-IDs: 1055807105580810558091055810 Signed-off-by: Mike Neilsen <mneilsen@acm.org> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Matthew Daley <mattjd@gmail.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Ben Cressey [Fri, 6 Sep 2013 19:52:07 +0000 (12:52 -0700)]
minios: fix xenbus_rm() calls in frontend drivers
The commit "minios: refactor xenbus state machine" caused "/state" to
be appended to the local value of nodename. Previously the nodename
variable pointed to dev->nodename.
The xenbus_rm() calls were not updated to reflect this change, and
refer to paths that do not exist.
For example, shutdown_blkfront() for vbd 2049 would issue these calls:
xenbus_rm(XBT_NIL, "device/vbd/2049/state/ring-ref");
xenbus_rm(XBT_NIL, "device/vbd/2049/state/event-channel");
This patch restores the previous behavior, issuing these calls
instead:
xenbus_rm(XBT_NIL, "device/vbd/2049/ring-ref");
xenbus_rm(XBT_NIL, "device/vbd/2049/event-channel");
This causes frontend drivers to not be properly reset when PV-GRUB
exists. Some PV Linux drivers fail to re-initialize frontend devices
if PV-GRUB leaves them in this state.
Signed-off-by: Ben Cressey <bcressey@amazon.com> Reviewed-by: Matt Wilson <msw@amazon.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[msw: adjusted commit message to include consequences, split out
changes into separate patches] Signed-off-by: Matt Wilson <msw@amazon.com>
Ben Cressey [Fri, 6 Sep 2013 19:52:06 +0000 (12:52 -0700)]
minios: clean up unneeded "err = NULL" in frontend drivers
This patch removes cases where the error message pointer is already
NULL and is then set to NULL. These are harmless, but suggest
incorrect practice: the pointer should be passed to free() to
deallocate memory prior to reassignment. There are no functional
changes in this patch.
Signed-off-by: Ben Cressey <bcressey@amazon.com> Reviewed-by: Matt Wilson <msw@amazon.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
[msw: split a larger patch from Ben into this cleanup patch] Signed-off-by: Matt Wilson <msw@amazon.com>
Matt Wilson [Fri, 6 Sep 2013 19:52:05 +0000 (12:52 -0700)]
minios: clean up allocation of char arrays used for xenbus paths
This patch cleans up instances of char array allocation where string
lengths were manually counted to use strlen() instead. There are no
functional changes in this patch.
Signed-off-by: Matt Wilson <msw@amazon.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-By: Samuel Thibault <samuel.thibault@ens-lyon.org>
Matt Wilson [Fri, 6 Sep 2013 19:52:04 +0000 (12:52 -0700)]
minios: correct char array allocation for xenbus paths
The char arrays used to hold xenbus paths have historically been
allocated by manually counting the length longest string constants
included in constructing the path. This has led to improperly sized
buffers, both too large (with little consequence) and too small (which
obviously causes problems). This patch corrects the instances where
the length was incorrectly calculated by using strlen() on the longest
string constant used in building a xenbus path.
A follow-on clean-up patch will change all instances to use strlen().
Signed-off-by: Ben Cressey <bcressey@amazon.com> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Acked-By: Samuel Thibault <samuel.thibault@ens-lyon.org>
[msw: split this patch from a larger patch from Ben, reworked to use
strlen()] Signed-off-by: Matt Wilson <msw@amazon.com>
Ian Jackson [Tue, 25 Jun 2013 10:24:22 +0000 (11:24 +0100)]
libxl: Restrict permissions on PV console device xenstore nodes
Matthew Daley has observed that the PV console protocol places sensitive host
state into a guest writeable xenstore locations, this includes:
- The pty used to communicate between the console backend daemon and its
client, allowing the guest administrator to read and write arbitrary host
files.
- The output file, allowing the guest administrator to write arbitrary host
files or to target arbitrary qemu chardevs which include sockets, udp, ptr,
pipes etc (see -chardev in qemu(1) for a more complete list).
- The maximum buffer size, allowing the guest administrator to consume more
resources than the host administrator has configured.
- The backend to use (qemu vs xenconsoled), potentially allowing the guest
administrator to confuse host software.
So we arrange to make the sensitive keys in the xenstore frontend directory
read only for the guest. This is safe since the xenstore permissions model,
unlike POSIX directory permissions, does not allow the guest to remove and
recreate a node if it has write access to the containing directory.
There are a few associated wrinkles:
- The primary PV console is "special". It's xenstore node is not under the
usual /devices/ subtree and it does not use the customary xenstore state
machine protocol. Unfortunately its directory is used for other things,
including the vnc-port node, which we do not want the guest to be able to
write to. Rather than trying to track down all the possible secondary uses
of this directory just make it r/o to the guest. All newly created
subdirectories inherit these permissions and so are now safe by default.
- The other serial consoles do use the customary xenstore state machine and
therefore need write access to at least the "protocol" and "state" nodes,
however they may also want to use arbitrary "feature-foo" nodes (although
I'm not aware of any) and therefore we cannot simply lock down the entire
frontend directory. Instead we add support to libxl__device_generic_add for
frontend keys which are explicitly read only and use that to lock down the
sensitive keys.
- Minios' console frontend wants to write the "type" node, which it has no
business doing since this is a host/toolstack level decision. This fails
now that the node has become read only to the PV guest. Since the toolstack
already writes this node just remove the attempt to set it.
This is a security issue, XSA-57.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Jan Beulich [Fri, 21 Jun 2013 06:39:43 +0000 (08:39 +0200)]
tpmif: fix identifier prefixes
The definitions here shouldn't use vtpm_ or VPTM_ as their prefixes,
the interface should instead make use of tpmif_ and TPMIF_. This
fixes a build failure after syncing the public headers to
linux-2.6.18-xen.hg (where a struct vtpm_state already exists).
Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
mini-os/x86-64 entry: check against nested events and try to fix up
In hypervisor_callback, check against event re-entrant.
If we came from the critical region in interrupt context,
try to fix up by coalescing the two stack frames.
The execution is resumed as if the second event never happened.
Signed-off-by: Xu Zhang <xzhang@cs.uic.edu> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
mini-os/x86-64 entry: defer RESTORE_REST until return
No need to do a RESTORE_REST at this point because if we saw pending
events after we enabled event delivery, we have to do a SAVE_REST again.
Instead, we do a "lazy" RESTORE_REST, deferring it until actual return.
The offset of saved-on-stack rflags register is changed as well.
Signed-off-by: Xu Zhang <xzhang@cs.uic.edu> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
We don't need to block events here because:
- if we came from "hypervisor_callback", events are disabled at this point,
no need to block again;
- if we came from "error_entry", we shouldn't touch event mask, for
exception hanlding are meant to be interrupted by Xen events (virtual
irq).
Signed-off-by: Xu Zhang <xzhang@cs.uic.edu> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
mini-os/x86-64 entry: code refactoring; no functional changes
Re-arrange assembly code blocks so that they are in called
order instead of jumping around, enhancing readability.
Macros are grouped together as well.
Signed-off-by: Xu Zhang <xzhang@cs.uic.edu> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:21 +0000 (16:11 -0400)]
mini-os/tpmback: Replace UUID field with opaque pointer
Instead of only recording the UUID field, which may not be of interest
to all tpmback implementations, provide a user-settable opaque pointer
associated with the tpmback instance.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:20 +0000 (16:11 -0400)]
mini-os/tpmback: set up callbacks before enumeration
The open/close callbacks in tpmback cannot be properly initalized in
order to catch the initial enumeration events because init_tpmback
clears the callbacks and then asynchronously starts the enumeration of
existing tpmback devices. Fix this by passing the callbacks to
init_tpmback so they can be installed before enumeration.
This also removes the unused callbacks for suspend and resume.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Daniel De Graaf [Thu, 21 Mar 2013 20:11:19 +0000 (16:11 -0400)]
mini-os/tpm{back, front}: Allow device repoens
Allow the vtpm device to be disconnected and reconnected so that a
bootloader (like pv-grub) can submit measurements and return the vtpm
device to its initial state before booting the target kernel.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Daniel De Graaf [Thu, 11 Apr 2013 16:20:25 +0000 (12:20 -0400)]
mini-os/tpm{back, front}: Change shared page ABI
This changes the vTPM shared page ABI from a copy of the Xen network
interface to a single-page interface that better reflects the expected
behavior of a TPM: only a single request packet can be sent at any given
time, and every packet sent generates a single response packet. This
protocol change should also increase efficiency as it avoids mapping and
unmapping grants when possible. The vtpm xenbus device now requires a
feature-protocol-v2 node in xenstore to avoid conflicts with existing
(xen-patched) kernels supporting the old interface.
While the contents of the shared page have been defined to allow packets
larger than a single page (actually 4088 bytes) by allowing the client
to add extra grant references, the mapping of these extra references has
not been implemented; a feature node in xenstore may be used in the
future to indicate full support for the multi-page protocol. Most uses
of the TPM should not require this feature.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Jan Beulich <JBeulich@suse.com>
David Vrabel [Wed, 30 Jan 2013 10:38:37 +0000 (02:38 -0800)]
mini-os: build fixes for lwip 1.3.2
Various fixes to mini-os needed to build lwip 1.3.2:
- Don't build the tests.
- Add BSD-style endianness macros to endian.h.
- free() is called via a function pointer so it needs to be a real
function. Do the same for malloc() and realloc().
Signed-off-by: David Vrabel <david.vrabel@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Committed-by: Keir Fraser <keir@xen.org>
Samuel Thibault [Wed, 9 Jan 2013 08:43:53 +0000 (08:43 +0000)]
mini-os: Notify shutdown through weak function call instead of wake queue
To allow for more flexibility, this notifies domain shutdown through a
function rather than a wake queue, to let the application use a wake
queue only if it wishes.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Committed-by: Keir Fraser <keir@xen.org>
Samuel Thibault [Thu, 6 Dec 2012 09:22:31 +0000 (09:22 +0000)]
mini-os: drop shutdown variables when CONFIG_XENBUS=n
Shutdown variables are meaningless when CONFIG_XENBUS=n since no
shutdown event will ever happen. Better make sure that no code tries
to use it and never get the hoped shutdown event.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Committed-by: Keir Fraser <keir@xen.org>
Andrew Cooper [Fri, 30 Nov 2012 09:37:13 +0000 (09:37 +0000)]
minios/console: console_input() weak reference
In exactly the same style as app_main() in kernel.c, create a weak
reference console_input() function for applications to override to
quickly gain access to the console.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Committed-by: Keir Fraser <keir@xen.org>
projects / people / liuw / mini-os.git / log