dgit.raspbian.org Git

netbsd: build fix with gcc 4.5

Fix build failure with gcc 4.5:
implicit declaration of __builtin_stdarg_start

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
From: David Brownlee <abs@netbsd.org>
Committed-by: Keir Fraser <keir@xen.org>

x86: emulate lea with two register operands correctly

An lea instruction with two register operands should raise an
undefined instruction exception.

Skype does such a instruction and will crash when starting if it does
not get the exception.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Keir Fraser <keir@xen.org>
Committed-by: Keir Fraser <keir@xen.org>

ipxe: update to upstream version

Updated ipxe to current tree, which is
540e5960dc6b49eacf367f7c319fd0546474b845:

Provide PXENV_FILE_EXIT_HOOK only for ipxelinux.0 builds

Removed all the backported patches and updated
boot_prompt_option.patch to apply against current ipxe.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: remove _XOPEN_SOURCE

The _XOPEN_SOURCE define was breaking the compilation under NetBSD.
I've removed it becasue it is not necessary.

Error message:

gcc  -O1 -fno-omit-frame-pointer -m64 -g -fno-strict-aliasing
-std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value
-Wdeclaration-after-statement   -D__XEN_TOOLS__ -MMD -MF
.xenpaging.o.d -fno-optimize-sibling-calls
-I/root/xen-04102011/tools/xenpaging/../../tools/libxc
-I/root/xen-04102011/tools/xenpaging/../../tools/include
-I/root/xen-04102011/tools/xenpaging/../../tools/xenstore
-I/root/xen-04102011/tools/xenpaging/../../tools/include -Werror
-Wno-unused -g  -c -o xenpaging.o xenpaging.c  -I/usr/xen42/include
-I/usr/include
cc1: warnings being treated as errors
xenpaging.c: In function 'xenpaging_init':
xenpaging.c:333: warning: implicit declaration of function 'asprintf'

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/vIRQ: IRR and TMR race condition bug fix

In vlapic_set_irq, we set the IRR register before the TMR. And the IRR
might be serviced before setting TMR, and even worse EOI might occur
before TMR setting, in which case the vioapic_update_EOI won't be
called, and further prevent all the subsequent interrupt injecting.
Reorder setting the TMR and IRR will solve the problem.

Besides, KVM has fixed a similar bug in:
http://markmail.org/search/?q=APIC_TMR#query:APIC_TMR+page:1+mid:rphs4f7lkxjlldne+state:results

Signed-off-by: Yongan Liu<Liuyongan@huawei.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

Rework locking for sched_adjust.

The main idea is to move (as much as possible) locking logic
from generic code to the various pluggable schedulers.

While at it, the following is also accomplished:
- pausing all the non-current VCPUs of a domain while changing its
   scheduling parameters is not effective in avoiding races and it is
   prone to deadlock, so that is removed.
- sedf needs a global lock for preventing races while adjusting
   domains' scheduling parameters (as it is for credit and credit2),
   so that is added.

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

All domains (including dom0) should be best effort on creation

In the sedf scheduler, while trying to guarantee to dom0 the proper
amount of CPU time for being able to do its job, we end up allocating
75% CPU-share to each and every of its VCPUs. This, combined with the
fact that such a scheduler has no load balancing logic at all (and
thus *all* dom0's VCPUs just rise and stay on physical CPU #0), means
that for example on a 12-cores system we're trying to exploit
75x12=3D900% of what we have on a PCPU, which is definitely too much!

Moreover, even if a cleverer mechanism for distributing VCPUs among
the available PCPUs (if not a proper load balancer) will be put in
place some day, it will still be difficult to decide how much
guaranteed CPU bandwidth each of the dom0's VCPUs should be provided
with, without posing the system at risk of livelock or starvation,
even during boot time.

Therefore, since sedf is capable of some form of best-effort
scheduling, the best thing we can do is ask for this behaviour for
dom0, as it is for all other domains, right upon creation. It will
then be the sysadmin's job to modify dom0's scheduling parameters to
better fit his particular needs, maybe after spreading the load a bit
by pinning VCPUs on PCPUs, or using cpupools, etc.

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

x86/tboot: fix some coding style issues in tboot.c

Signed-off-by: Gang Wei <gang.wei@intel.com>
Acked-by: Joseph Cihula <joseph.cihula@intel.com>
Committed-by: Keir Fraser <keir@xen.org>

Update the maitainer list for Intel(R) TXT

Signed-off-by: Gang Wei <gang.wei@intel.com>

x86/passthrough: don't leak guest IRQs

As unmap_domain_pirq_emuirq() fails on a never mapped pIRQ, it must not
be called for the non-emu-IRQ case (to prevent the entire unmap
operation failing).

Based on a suggestion from Stefano.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Yongjie Ren <yongjie.ren@intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

X86: Add a delay between INIT & SIPIs for tboot AP bring-up in X2APIC case

Without this delay, Xen could not bring APs up while working with
TXT/tboot, because tboot needs some time in APs to handle INIT before
becoming ready for receiving SIPIs (this delay was removed as part of
c/s 23724 by Tim Deegan).

Signed-off-by: Gang Wei <gang.wei@intel.com>
Acked-by: Keir Fraser <keir@xen.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

Update QEMU_TAG

libxl: report failure to reboot/shutdown due to lackof PV interfaces to caller

This allow the caller to react as they think is appropriate. xl now prints a
message much like the library did previously, although hopefully somewhat more
informative.

Update the xl(1) man page to be similarly more informative.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>

libxl: split libxl_domain_shutdown into libxl_domain_shutdown,..._reboot

The other integer request types which shutdown supported are not
useful. Specifically:

* "suspend" is not usable via this interface since it requires other
scaffolding, libxl_domain_suspend provides this already.
* "halt" is the same as "poweroff".
* "crash" is unused and at least Linux does not implement it. If a user
steps forward then libxl_domain_crash is trivial to add.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>

libxl: Fix, specify open mode to QEMU state file.

Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86: reduce scope of some symbols used with reset_stack_and_jump()

By making the macro properly advertise the use of the input symbol to
the compiler, it is no longer necessary for them to be global if
they're defined and used in just one source file.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86: move some function scope statics into .init.data

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

flask/policy: Update example policy

Rewrite the example policy to make it easier to understand and
demonstrate some of the security goals that FLASK can enforce.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: add libxl__domain_pvcontrol_{available,read,write}

Use instead of open coding.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: improve error handling when saving device model state.

Do not leak a file descriptor (fd2 when used with upstream qemu) or a file (the
save file which is leaked on failure).

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: remove force parameter from libxl__devices_destroy

Remove the force flag, and always use forced destruction.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: remove force parameter from libxl_domain_destroy

Since a destroy is considered a forced shutdown, there's no point in
passing a force parameter. All the occurences of this function have
been replaced with the proper syntax.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: fix incorrect log message in libxl_domain_destroy

Fix a log message that was referring to libxl_devices_dispose instead
of libxl__devices_destroy.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

hotplug: remove debug messages from NetBSD hotplug scripts

Remove unecessary debug messages from NetBSD hotplug scripts, left
error messages only.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: introduce libxl__wait_for_device_state

This is a generic function, that waits for xs watches to reach a
certain state and then executes the passed helper function. Removed
wait_for_dev_destroy and used this new function instead. This
function will also be used by future patches that need to wait for
the initialization of devices before executing hotplug scripts.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: add support for image files for NetBSD

Created a helper function to detect if the OS is capable of using
image files as phy backends. Create two OS specific files, and
changed the Makefile to choose the correct one at compile time.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/AMD: fold redundant parameters of cpu_has_amd_erratum()

The boolean 'osvw' indicator and 'osvw_id' can be folded - the function
can as well distinguish the non-OSVW case by checking for a negative
'osvw_id'. That way the whole variable argument list processing is only
needed on the legacy code path.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Boris Ostrovsky <boris.ostrovsky@amd.com>
Acked-by: Wei Huang <wei.huang2@amd.com>

hvmloader: Re-name xenstore key used to save VM generation ID buffer address.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>

X86-MCE: fix a bug of xen-mceinj tool

Fix a bug of xen-mceinj tool which used to test mce by software way.

Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Committed-by: Keir Fraser <keir@xen.org>

Fix grant_table v2 status mapping.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

Allow VMs to query their own grant table version.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

xl.pod.1: improve documentation of FLASK commands

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm: add checks on PCI configuration access

PCI configuration access is allowed to any privileged domain
regardless of I/O port access restrictions; add XSM hooks for these
accesses.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm: fix up dummy ops

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm: Add missing access checks

Actions requiring IS_PRIV should also require some XSM access control
in order for XSM to be useful in confining multiple privileged
domains. Add XSM hooks for new hypercalls and sub-commands that are
under IS_PRIV but not currently under any access checks.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm: add remote_remap permission

The mmu_update hypercall can be used to manipulate the page tables of
a remote domain. Add a check for this in the XSM hook in addition to
the existing check on mapping pages of a remote domain.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm: only log dummy override if not setting up dummy_xsm_ops

The log messages from dummy overrides appear on every boot with XSM
enabled, and are just noise when filling in the dummy_xsm_ops
structure.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm/flask: report memory and IO ranges in audit messages

This information is useful when determining the cause of an AVC denial
caused by missing label on device memory or IRQs.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm/flask: Add missing unlock on error path

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

Linux/xencommons: Use oxenstored by default when available

oxenstored is an ocaml implementation of the xenstore daemon. It is faster,
more scalable and more reliable than the C xenstored.

In particular the transaction model in oxenstored does not involve taking a
complete copy of the database and aborting on any (even non-conflicting) other
change.

There is a paper on the design and implementation of oxenstored at
http://gazagnaire.org/pub/GH09.pdf which includes a performance evaluation and
comparison with the C daemon etc.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/emulator: workaround for AMD erratum 573

The only cases where we might end up emulating fsincos (as any other
x87 operations without memory operands) are
- when a HVM guest is in real mode (not applicable on AMD)
- between two half page table updates in PAE mode (unlikely, and not
  doing the emulation here does affect only performance, not
  correctness)
- when a guest maliciously (or erroneously) modifies an (MMIO or page
  table update) instruction under emulation (unspecified behavior)

Hence, in order to avoid the erratum to cause harm to the entire host,
don't emulate fsincos on the affected AMD CPU families.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

libxl: remove stubdom device model save file when destroying stubdom

/var/lib/xen/qemu-save.<domid> is created when the stub domain is started
(connected to a stubdom console) and is used to save the device model state on
suspend/migrate but never cleaned up.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

oxenstored: Always log something at start of day (if logging enabled at all)

Otherwise at the default level we rarely log anything at all.

A completely empty log file is a good sign, but only if you know you are
looking in the right place...

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

oxenstored: install configuration file

First though:
  - Move it to /etc/xen/oxenstored.conf.
  - Use /var/run/xenstored.pid as default pid file
  - Disable test-eagain "Randomly failed a transaction with EAGAIN. Used for
    testing Xs user". Doesn't sound fun by default...

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

oxenstored: handle unknown operations by returning an error to the client

Previous an unknown operation would be decoded as a Not_found exception which
would bubble all the way up to the try ... with surrounding the call to
main_loop where it would be logged and ignored.

This would leave the guest hanging waiting for a response to the invalid
request.

Instead introduce a specific "Invalid" operation. Higher level functionality,
such as Process.process_packet, already handles operations which are not
understood with an error reply due to the final wildcard entry in
Process.function_of_type but explicitly handle Invalid this way to make it
clear what is going on.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/AMD: use correct shift count when merging model and stepping

... for legacy errata matching.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86/ucode: fix for AMD Fam15 CPUs

Remove hardcoded maximum size a microcode patch can have. This is
dynamic now.

The microcode patch for family15h can be larger than 2048 bytes and
gets silently truncated.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

x86/MCE: add more strict sanity check of one SRAR case

When RIPV = EIPV = 0, it's a little bit tricky. It may be an asynchronic error, currently we have no way to precisely locate whether the error occur at guest or hypervisor.
To avoid handling error in wrong way, we treat it as unrecovered.

Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

x86/MCE: add SRAR handler

Currently Intel SDM add 2 kinds of MCE SRAR errors:
1). Data Load error, error code = 0x134
2). Instruction Fetch error, error code = 0x150
This patch add handler to these new SRAR errors.
It based on existed mce infrastructure, add code to handle SRAR specific error.

Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

XLAT.lst whitespace fix.

Replace spaces with tabs to be in line with file format.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

oxenstored: log Errors and Warnings by default.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

oxenstored: Remove support for PQ defined operations.

It is unused.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: fix cold plugged PCI devices with stubdomains

Since 23565:72eafe80ebc1 the xenstore entries for the stubdomain's PCI were
never created and therefore the stubdom ends up waiting forever for the devices
which it has been asked to insert to show up.

Since the stubdomain is already running when we call the libxl_device_pci_add
loop in do_domain_create we should treat it as if "starting == 0".

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

mini-os: do not wait for pci backend in pcifront_scan

This blocks the main thread indefinitely if there is no PCI backend present in
xenstore.

Even in the case where there are passthrough devices configured libxl creates
the stubdom and waits for it to startup _before_ adding the backend. Since the
stub domains main thread is blocked before it can write the "running" state to
xenstore the toolstack eventually times out and kills everything.

There is already a separate pcifront thread which waits for the backend to
appear and calls init_pcifront at the appropriate time should a backend ever
appear.

Unfortunately I don't have any free test boxes with VT-d so I haven't been able
to test the cases where PCI deivces are passed through but I obviously have
tested that I can now start an HVM domain with stub qemu without PCI devices
passed through which I couldn't do before so this is an improvement. This stuff
is a bit like pushing the lump around the carpet :-/

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: do not leak qemu saved state on restore

In particular do not leak /var/lib/xen/qemu-resume.<domid>.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

pygrub: Fix "a" entry editing in grub2

When user wants to change entry in grub2 menu in pygrub, there's no
response in case of appending command line arguments ('a' key).

Append malfunction is caused by change of keyword used for kernel
record. Grub uses 'kernel' for line with linux kernel but grub2 uses
'linux' instead. This patch adds checking for both grub 1 and 2 keywords.

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

pygrub: Allow scrolling of the list of entries

When user wants to change entry in grub2 menu in pygrub, there
may be crash of pygrub in case of editing item ('e' key).

Crash on editing is caused longer entry list in case of grub2. As entry
window is 10 lines high, it can hold only 8 entries (2 lines for border).
Adding line outside of windows high causes crash. Patch add handling
for longer lists and scrolling through them.

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: Compile with -Wformat-nonliteral.

At least one compiler (some Ubuntu version) uses this by default and it seems
like a good idea anyway and the fixup required is trivial.

One hunk is from a patch by Ian Jackson.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reported-by: Adda Rathbone <addarathbone@googlemail.com>
Tested-by: Adda Rathbone <addarathbone@googlemail.com>
Tested-by: Andrew Pounce <andrew.pounce@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

stubdom: allow to build with older tool chain

GNU make prior to 3.81 doesn't support $(realpath ...). This fixes a
regression introduced in 23368:0f670f5146c8 (the option tested via
cc-option-add got interpreted as the argument of the -I compiler
option, as its intended argument was blank, and hence the compiler was
falsely considered to support *any* option in the pciutils sub-tree).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

ACPI: eliminate duplicate IVRS definitions

Use their proper counterparts in include/acpi/actbl*.h instead.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

ACPI: eliminate duplicate DMAR definitions

Use their proper counterparts in include/acpi/actbl*.h instead.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

ACPI: update table interface headers

... to what is being used on Linux 3.1 (and 3.2-rc).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

ACPI: eliminate duplicate MADT parsing and unused SBF definitions

Use their proper counterparts in include/acpi/actbl*.h instead.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

VT-d: bind IRQs to CPUs local to the node the IOMMU is on

This extends create_irq() to take a node parameter, allowing the
resulting IRQ to have its destination set to a CPU on that node right
away, which is more natural than having to post-adjust this (and
get e.g. a new IRQ vector assigned despite a fresh one was just
obtained).

All other callers of create_irq() pass NUMA_NO_NODE for the time being.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

remove the use of -Wno-unused-value

It has been hiding actual mistakes, and there are not too many changes
necessary to make things build without suppressing this warning.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86: remove redundant MCE related MSR definitions

Two definitions (the first register and a macro to calculate the
register for a given bank) are sufficient per kind of register.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86: add platform hypercall to retrieve pCPU-s' family, model, and stepping

With the recent hotplug changes to the Xen part of the microcode
loading, this allows the kernel driver to avoid unnecessary calls into
the hypervisor during pCPU hot-enabling: Knowing that the hypervisor
retains the data for already booted CPUs, only data for CPUs with a
different signature needs to be passed down. Since the microcode
loading code can be pretty verbose, avoiding to invoke it can make the
log much easier to look at in case of problems.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86/microcode: Allow "ucode=" argument to be negative

... to indicate counting from the end of the modules list.

Suggested by Tim Deegan.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86, amd: Disable GartTlbWlkErr when BIOS forgets it

This patch disables GartTlbWlk errors on AMD Fam10h CPUs if the BIOS
forgets to do is (or is just too old). Letting these errors enabled
can cause a sync-flood on the CPU causing a reboot.

The AMD BKDG recommends disabling GART TLB Wlk Error completely.

Based on a Linux patch from Joerg Roedel <joerg.roedel@amd.com>; see e.g.
https://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=patch;h=5bbc097d890409d8eff4e3f1d26f11a9d6b7c07e

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

flask: add tools/flask/utils/flask-label-pci to .hgignore

This was apparently forgotten in 24353:448c48326d6b

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 7e90178b8bbf -r c995cdcc3700 .hgignore
--- a/.hgignore Mon Dec 12 17:48:42 2011 +0000
+++ b/.hgignore Mon Dec 12 17:58:25 2011 +0000
@@ -157,6 +157,7 @@
^tools/flask/utils/flask-getenforce$
^tools/flask/utils/flask-loadpolicy$
^tools/flask/utils/flask-setenforce$
+^tools/flask/utils/flask-label-pci$
^tools/fs-back/fs-backend$
^tools/hotplug/common/hotplugpath\.sh$
^tools/include/xen/.*$

libxl: Use GC_INIT and GC_FREE everywhere

Replace
    libxl__gc gc = LIBXL_INIT_GC(ctx);
    ...
    libxl__free_all(&gc);
with
    GC_INIT(ctx);
    ...
    GC_FREE;
throughout with a couple of perl runes.

We must then adjust uses of the resulting gc for pointerness, which is
mostly just replacing all occurrences of "&gc" with "gc".  Also a
couple of unusual uses of LIBXL_INIT_GC needed to be fixed up by hand.

Here are those runes:
perl -i -pe 's/\Q    libxl__gc gc = LIBXL_INIT_GC(ctx);/    GC_INIT(ctx);/' tools/libxl/*.c
perl -i -pe 's/\Q    libxl__free_all(&gc);/    GC_FREE;/' tools/libxl/*.c

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: libxl_ctx_free should free the ctx

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: make libxl__free_all idempotent

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: make libxl__[v]log const-correct

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: introduce lock in libxl_ctx

This lock will be used to protect data structures which will be hung
off the libxl_ctx in subsequent patches.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: Rationalise #includes

libxl_internal.h now #includes libxl.h and various system headers.

This
1. makes the order of header inclusion more predictable
2. explicitly allows libxl_internal.h to use objects defined in libxl.h
3. removes the need for individual files to include these headers

Also
- remove some unnecessary #includes of libxl_utils.h,
flexarray.h, etc. in some libxl*.c files,
- include libxl_osdeps.h at the top of libxl_internal.h
- add missing includes of libxl_osdeps.h to a couple of files
- change libxl.h to libxl_internal.h in a couple of files

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: internal convenience macros

Provide some macros which are useful shorthands for use within libxl:
  * GC_INIT to initialise a gc from a ctx and GC_FREE to free it
  * CTX(gc) to give you back the ctx
  * LIBXL_TAILQ_INSERT_SORTED for inserting things into sorted lists

These will be used by later patches.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: permit declaration after statement

GCC and C99 allow declarations to be mixed with code.  This is a good
idea because:

* It allows variables to be more often initialised as they are
   declared, thus reducing the occurrence of uninitialised variable
   errors.

* Certain alloca-like constructs (arrays allocated at runtime on the
   stack) can more often be written without a spurious { } block.
   Such blocks are confusing to read.

* It makes it easier to write and use macros which declare and
   initialise formulaic variables and do other function setup code,
   because there is no need to worry that such macros might be
   incompatible with each other or have strict ordering constraints.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: idl: Provide struct and union tags

Instead of generating:

   typedef struct {
     ...
   } libxl_foo;

Produce:

   typedef struct libxl_foo {
     ...
   } libxl_foo;

This makes it possible to refer to libxl idl-generated structs and
unions, as incomplete types, before they have been defined.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: idl: support new "private" type attribute

This provides for fields in libxl datatypes which are only present in
the C version of structures and are used only by libxl itself. This
is useful when a libxl datatype wants to contain fields which are used
by libxl internally and which are only present in the structure to
avoid additional memory allocation inconvenience.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: Provide a version of bsd's queue.h as _libxl_list.h

We would like some linked list macros which are (a) well known to be
sane and (b) typesafe. BSD's queue.h meets these criteria.

We also provide some simple perlery to arrange to add the libxl_
namespace prefix to the macros. This will allow us to #include
_libxl_list.h in our public header file without clashing with anyone
else who is also using another version of queue.h.

(A note on copyright: The FreeBSD files we are adding have an
[L]GPL-compatible licence, so there is no need to change our COPYING.
Although FreeBSD's queue.3 still contains the advertising clause, this
has been withdrawn by UCB as recorded in the FreeBSD COPYRIGHT file,
which is included in tools/libxl/external/ for reference.)

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <Ian.campbell@citrix.com>
Tested-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxenstore: Provide xs_check_watch

Event-driven programs want to wait until the xs_fileno triggers for
reading, and then repeatedly call xs_check_watch.

Also xs_read_watch exposes a useless "num" out parameter, which should
always (if things aren't going hideously wrong) be at least 2 and
which the caller shouldn't be interested in. So xs_check_watch
doesn't have one of those.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: Make libxl__xs_* more const-correct

Paths and values which are not modified by these functions should be
declared as "const char *" not "char *".

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

xl: fix compiler warnings

either GCC 4.6.1 or Ubuntu add -Werror=format-security to the -Wall set,
so libxl compilation breaks:
   libxl_create.c: In function 'store_libxl_entry':
   libxl_create.c:454:9: error: format not a string literal and no
format arguments [-Werror=format-security]
   cc1: all warnings being treated as errors

Attached patch fixes this and another occurrence.

Patch from: Uwe Dannowski

Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/Intel: quiesce revised CPUID level message

Print this only once, for the boot CPU, unless "cpuinfo" was specified.
I found this particularly annoying on a machine which also didn't have
it MTRRs consistently set up across cores, resulting in the printing of
those messages being awfully slow (and with a second per-CPU message
added for debugging purposes this even lead to timeouts during AP
bringup).

Signed-off-by: Jan Beulich <jbeulich@suse.com>

xend: fix insufficient quoting in tapdisk

Fix insufficient quoting between "tap-ctl list" and
xend/server/BlktapController.py

The "line.split(None, 4)" needs to be a "3", because 3 splits needs to
be done to get the 4 parts. Sorry for the mixup.

[ fix to 24335:3915bd95ade5. -iwj ]

Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

docs: Say in xm(1) that xm is obsolete

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

Update QEMU_TAG

x86/mm: New mem access type to log access

This patch adds a new p2m access type, n2rwx. It allows for implement a "log
access" mode in the hypervisor, akin to log dirty but for all types of
accesses. Faults caused by this access mode automatically promote the
access rights of the offending p2m entry, place the event in the ring, and
let the vcpu keep on executing.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Signed-off-by: Adin Scannell <adin@scannell.ca>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: When mem event automatically promotes access rights, let other subsystems know

The mem event fault handler in the p2m can automatically promote the access
rights of a p2m entry. In those scenarios, vcpu's are not paused and they will
immediately retry the faulting instructions. This will generate a second fault
if the underlying entry type requires so (paging, unsharing, pod, etc).
Collapse the two faults into a single one.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

Improve handling of nested page faults

Add checks for access type. Be less reliant on implicit semantics.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Allow dummy responses on the mem_event ring.

Ring semantics require that for every request, a response be put. This
allows consumer to place a dummy response if need be.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Signed-off-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Consume multiple mem event responses off the ring

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Signed-off-by: Adin Scannell <adin@scanneel.ca>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Allow memevent responses to be signaled via the event channel

Don't require a separate domctl to notify the memevent interface that an event
has occured. This domctl can be taxing, particularly when you are scaling
events and paging to many domains across a single system. Instead, we use the
existing event channel to signal when we place something in the ring (as per
normal ring operation).

Signed-off-by: Adin Scannell <adin@scannell.ca>
Signed-off-by: Keir Fraser <keir@xen.org>
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

Create a generic callback mechanism for Xen-bound event channels

For event channels for which Xen is the consumer, there currently is
a single action. With this patch, we allow event channel creators to
specify a generic callback (or no callback). Because the expectation
is that there will be few callbacks, they are stored in a small table.

Signed-off-by: Adin Scannell <adin@scannell.ca>
Signed-off-by: Keir Fraser <keir@xen.org>
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Flag mem_events caused by foreign domains

Add a new flag for mem events, as consumers might need to discriminate
foreign domain-caused from guest-caused events. The vcpu field of an
event is bogus from a consumer p.o.v. for foreign domain-caused events.

Also assert that we shouldn't be pausing foreign vcpus.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

X86: Prepare PCID/INVPCID for hvm

This patch is used to prepare exposing PCID/INVPCID features to hvm
guest.
The specific exposure result depend on hvm paging mode (hap/shadow),
which would be handled at next patch.

Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Committed-by: Keir Fraser <keir@xen.org>

X86: Disable PCID/INVPCID for pv

This patch disable PCID/INVPCID for pv.

Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Committed-by: Keir Fraser <keir@xen.org>

X86: expose Intel new features to pv/hvm

Intel recently release some new features, including
FMA/AVX2/BMI1/BMI2/LZCNT/MOVBE.
Refer to http://software.intel.com/file/36945
This patch expose these new features to pv and hvm.

Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Committed-by: Keir Fraser <keir@xen.org>

KEXEC: fix kexec_get_range_compat to fail vocally.

Fail with -ERANGE rather than silently truncating 64bit values (a
physical address and size) into 32bit integers for dom0 to consume.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Simplify the bitwise arithmetic a bit.

Signed-off-by: Keir Fraser <keir@xen.org>