dgit.raspbian.org Git

Fix etags invocation

Don't fail in the case where 'etags' isn't Exuberant Ctags

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>

xend: passthrough: add an option pci-passthrough-strict-check

Currently when assigning device to HVM guest, we use the strict check
for HVM guest by default.(For PV guest we use loose check
automatically if necessary.)

When we assign device to HVM guest, if we meet with the co-assignment
issues or the ACS issue (see changeset 20081: 4a517458406f), we could
try changing the option to 'no' -- however, we have to realize this
may incur security issue and we can't make sure the device assignment
could really work properly even after we do this.

The option is located in /etc/xen/xend-config.sxp:
(pci-passthrough-strict-check yes)

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

vt-d: don't treat IOAPIC RTE of dest_SMI type specially.

We also need to create IRTE for it since we enable EIM and clear CFI,
or else, the IOAPIC RTE's interrupt message would be blocked by IR unit.

In io_apic_read_remap_rte(), we now use
"apic_pin_2_ir_idx[apic][ioapic_pin]"
rather than "(remap_rte->index_15 << 15) | remap_rte->index_0_14" to
avoid the "interrupt remapping table out of bound error".

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

vt-d: some small fixes to apic_pin_2_ir_idx

1) apic_pin_2_ir_idx should be int** rahter than unsigned int**,
because we use the int -1 to indicate that the related IRTE index is
not allocated.
2) shouldn't re-init apic_pin_2_ir_idx when resuming from S3.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

x86: Some cleanups for apic_write, apic_read, apic_wrmsr, apic_rdmsr

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

vt-d: replace the gdprintk with dprintk since it isn't in guest context.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

pygrub: trap exception when python module import fails

Fix the issue when importing 'crypt' module or crypt.crypt fails in
pygrub. The exception is written on the same line like "Failed!"
message but only if there is an exception. If there is no exception,
we don't bother users with details (probably the password they entered
was wrong) so we just display "Failed!" message. Also, the code for
hasPassword() was rewritten not to have try/except block here.

Signed-off-by: Michal Novotny <minovotn@redhat.com>

vt-d: avoid obtaining iommu->register_lock too early in
dma_msi_set_affinity()

If set_desc_affinity() fails, the current code doesn't release the
spinlock. We should obtain the lock at a later place.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

xend: Enable to set config variables in /etc/sysconfig/xend

The attached patch enables to set the environment variables for xend
in /etc/sysconfig/xend.

There are four variables.

XENCONSOLED_TRACE=3D[none|guest|hv|all]
XENSTORED_ROOTDIR=3D/var/lib/xenstored
XENSTORED_TRACE=3D[yes|on|1]
XENBACKENDD_DEBUG=3D[yes|on|1]

The XENCONSOLED_TRACE and XENSTORED_ROOTDIR take strings for each
command's options. And if thease variables have non-zero strings, then
export them.
If the XENSTORED_TRACE and XENBACKENDD_DEBUG take either "yes", "on"
or "1" then export them.

From: Kazuhiro SUZUKI <kaz@jp.fujitsu.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

xend: Revert c/s 17536 which breaks PV passthru of MSI-X devices.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

Add the support of x2apic logical cluster mode.
Add a xen boolean parameter 'x2apic'.
Add a xen boolean parameter 'x2apic_phys'(by default, we use logical
cluster mode).

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

vt-d: use 32-bit Destination ID when Interrupt Remapping with EIM is
enabled

When x2APIC and Interrupt Remapping(IR) with EIM are enabled, we
should use 32-bit Destination ID for IOAPIC and MSI.

We implemented the IR support in xen by hooking the functions like
io_apic_write(),io_apic_modify(), write_msi_message(), and as a
result, in the hook functions in intremap.c, we can only see the 8-bit
dest id rather the 32-bit id, so we can't set IR table Entry that
requires a 32-bit dest id.

To solve the issue throughly, we need find every place in io_apic.c
and msi.c that could write ioapic RTE and and device's msi message and
explicitly handle the 32-bit dest id carefully (namely, when genapic
is x2apic, cpu_mask_to_apic could return a 32-bit value); and we have
to change the iommu_ops->{.update_ire_from_apic, .update_ire_from_msi}
interfaces. We may have to write an over-1000-LOC patch for this.

Instead, we could use a workround:
1) for ioapic, in the struct IO_APIC_route_entry, we could use a new
"dest32" to refer to the dest field;
2) for msi, in the struct msi_msg, we could add a new "u32 dest".
And in intremap.c, if x2apic_enabled, we use the new names to refer to
the dest fields.

We can improve this in future.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

vt-d: enhance the support of Interrupt Remapping EIM and x2APIC

1) Clear Interrupt Remapping(IR) unit's CFI (Compatibility Format
Interrupt) to enhance security;
2) Move the iommu_setup() ahead and put it before we begin to use
IOAPIC so we can make sure after we enable Interrupt Remapping, the
later IOAPIC (and MSI) initialization would setup IOAPIC RTEs (and
MSI) with remappable format;
3) Enable x2APIC only when all VT-d engines support IR with EIM
(Extended Interrupt Mode). EIM enables external devices to deliver
interrupts to logical processor with >8-bit APIC ID.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

x86/mmcfg: misc adjustments

- fix the mapping range (end_bus_number is inclusive)
- fix the mapping base address (shifting segment by 22 was set for
  overlapping mappings; assuming the goal was to reduce the virtual
  space used when less than 256 busses are present on all segments,
  adding logic to determine the smallest possible shift value)
- fix PCI_MCFG_VIRT_END, and actually use it to avoid creating
- mappings
  outside the designated range
- fix address calculations (segment numbers must be converted to long
  to avoid truncation)
- add a way (command line option) to suppress the use of mmconfig as
  well as to actually use the AMD Fam10 special code
- correct __init annotations
- use xmalloc()/xmalloc_array() in favor of xmalloc_bytes()
- eliminate dead code and data

Signed-off-by: Jan Beulich <jbeulich@novell.com>

amd iommu: Remove a useless flag and fix I/O page fault for hvm
passthru devices.

Signed-off-by: Wei Wang <wei.wang2@amd.com>

amd iommu: Cleanup initialization functions and fix a fatal page fault
caused by out-of-bounds access to irq_to_iommu array.

Signed-off-by: Wei Wang <wei.wang2@amd.com>

x86-64/mmcfg: add explicit support for nVidia MCP55

This is a simple port from Linux 2.6.31-rc8.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

x86: convert frame_table to a #define

Signed-off-by: Jan Beulich <jbeulich@novell.com>

Tidy evtchn keyhandler a little

Get rid of all the -1s and label the pending and masked columns.

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>

xend: passthrough: fix physdev_map_pirq invocation

For those devices not having INTx (like VFs), avoid calling map_pirq,
otherwise the guest cannot be started successfully.

Also avoid calling this hypercall for hvm guest, this is done in the
device model.

Signed-off-by: Qing He <qing.he@intel.com>

Fix some issues for HVM log dirty:
* Add necessary logging dirty in qemu to avoid guest error with
intensive disk access when live migration
* Take place of shared memory between qemu and migration tools by new
added hypercall, which is clean and simple

Signed-Off-By: Zhai, Edwin <edwin.zhai@intel.com>

x86: Fix PoD cache size when decreasing memory

Certain paths through p2m_pod_decrease_reservation() fail to reduce
the size of the PoD cache if the number of outstanding entries is less
than the size of the cache. Rearrange so this doesn't happen.

Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>

xend: Support "bootloader" mode for "drbd:" devices

To be able to use "bootloader" on drbd devices the following changes
need to be made:

*) Translation of devicename

_parse_uname which is used by blkdev_uname_to_file which is again used
by _configureBootloader in XendDomainInfo needs to be able to resolve
drbd resources to the corresponding blockdevice to feed to the
configured bootloader.

*) Activation of drbd device

If the drbd device isn't in Primary mode when the bootloader tries to
fetch the kernel and initrd, the start of the DomU will fail. To
prevent this the given drbd device will be made Primary before the
bootloader gets executed.

A note on the naming of drbd resouces: drbd uses mostly resource names
in it's userland tools. Because of that drbd VBDs, if configured with
the "drbd:" type, should always use the drbd resource name as
suggested by the drbd documentation at
http://www.drbd.org/users-guide-emb/s-xen-configure-domu.html. My
patches assume that the VBDs are named accordingly.

Signed-off-by: Michael Renner <michael.renner@geizhals.at>

xend: fix domain_migrate

When the guest(pv-on-hvm guest that cannot suspend) reboot in
LiveMigration, the disconnecting of src-side is not transmitted to
dist-side. As a result, the error processing on the dist side is not
executed.

Signed-off-by: Tomonari Horikoshi <t.horikoshi@jp.fujitsu.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

vt-d: fix Dom0 S3 resume.

When resuming from Dom0 S3, here 'irq' is -1, so we can't use it at
all. We should always use iommu->irq.

With the patch applied on the current tip 20153 and using the 2.6.18
Dom0, Dom0 S3 works fine (at least on my DQ35).

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

x86 vpt: Small performance fixes.

1. once one-shot timer is fired, IRQ is raised repeatedly forever.
2. Test pending_intr_nr before pt_irq_masked(), as it is cheaper.

Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>

xm: Add "tap2" to attach blocktap disks to VM

I detected a problem when using XenAPI. When I started a VM by
using xm create command, blocktap disks were not attached to the
VM.

Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>

x86: com devices's irqaction shouldn't free.

Since irqs of serial devices are initialized in early Xen and
its irqaction is not allocated from heap, so doesn't need free
in release irq logic.

Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

[IOMMU] dynamic VTd page table for HVM guest

This patch makes HVM's VTd page table dynamic just like what PV guest
does, so that avoid the overhead of maintaining page table until a PCI
device is truly assigned to the HVM guest.

Signed-Off-By: Zhai, Edwin <edwin.zhai@intel.com>

libxenguest: Remove unused static inline function is_loadable_phdr()

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>

Enable some SCSI drivers in pvops kernel config

Enables a couple of SCSI host controllers which are found in our test
farm but not enabled in the default upstream kernel. The new drivers
are compiled as modules which is pretty harmless so this should be
safe.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86: Remove the redundant logic in set_msi_affinity

Remove the redundant logic in set_msi_affinity. And it is introduced
accidently, maybe something wrong when I generated the patch.

Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>

xm: Make cpu_{cap|weight} available when using XenAPI

Currently, cpu_weight parameter and cpu_cap parameter in domain=20
configuration files are ignored when using XenAPI.
The parameters are available by this patch.

Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>

x86: rdtsc emulation (PV and HVM) must be monotonically increasing

The Intel SDM (section 18.10) clearly states that rdtsc
returns a "monotonically increasing unique value".
Current emulation code for rdtsc (both PV and HVM) returns
only a monotonically-non-decreasing (non-unique) value,
so ensure stale value is always incremented.

Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>

pygrub: Match bare-metal GRUB behavior for passwords

The password support patch already merged didn't match the bare-metal
GRUB behavior so I created a patch to match it. If password is entered
in grub.conf file, pressing `p` is required exactly like when using
"real" (bare-metal) GRUB. New options are available after the correct
password is entered.

Signed-off-by: Michal Novotny <minovotn@redhat.com>

x86 hvm: remove pt_reset()

Virtual platform timers are not sync'ed with guest's TSC any more
since c/s 17716. Thus pt_reset is now useless.

Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>

x86 passthru:: graphics passthrough

This patch supports basic gfx passthrough on xen side:
  - add a VGA type for gfx passthrough, and get the size of VGA bios
  of passthrouged gfx in hvmloader
  - add a config option 'gfx_passthru' for gfx passthrough

Signed-off-by: Ben Lin <ben.y.lin@intel.com>
Signed-off-by: Weidong Han <weidong.han@intel.com>

x86: Make the hypercall PHYSDEVOP_alloc_irq_vector hypercall dummy.

This patch tends to make the hypercall PHYSDEVOP_alloc_irq_vector
dummy, and defer vector allocation to programe ioapic entries by
dom0. Basically, dom0 shouldn't touch vector namespace which is only
used by hypervisor for servicing real device's interrupts. And this
patch also makes broken NetBSD dom0 work again.

Signed-off-by: Xiantao Zhang <xiantao.zhang.intel.com>

[IA64] Further irq-vector fix.

Signed-off-by: KUWAMURA Shin'ya <kuwa@jp.fujitsu.com>
Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>

xend: Fix c/s 20137 -- do not redefine built-in name 'str'.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

x86 hvm: Clean up VLAPIC interfaces a little, and fix vlapic_ipi().

A boolean flag was overflowing a uint8_t.

Thanks to Dongxiao Xu at Intel for tracking down the bug.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

[IA64] Fix serial console freeze issue

20110:6e83b0ec2d70 is incomplete. irq_to_vector() is still required,
otherwise the serial console freezes without sync_console.

I confirmed that dom0 booted up without sync_console.

Signed-off-by: KUWAMURA Shin'ya <kuwa@jp.fujitsu.com>

libxc: Avoid a constant-zero-sized memset().

Some environments warn about this, which fails the build.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

xend: Greater verbosity on domain creation failure

Attached patch makes error reporting more verbose when
xc.domain_create() fails or raises an Exception.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>

x86/numa: fix c/s 20120 (Fix SRAT check for discontig memory)

That change converted the (wrong) assumption of contiguous nodes'
memory to a similarly wrong one of assuming discontiguous memory (i.e.
each node having separate E820 table entries). The code ought to be
able to deal with both, though, and I hope this change makes it so.

Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Alex Williamson <alex.williamson@hp.com>

properly __initdata-annotate command line option string buffers

Signed-off-by: Jan Beulich <jbeulich@novell.com>

x86: properly __init-annotate time.c

Signed-off-by: Jan Beulich <jbeulich@novell.com>

introduce size_param()

With there being several instances of custom_param() where the handler
is just invoking parse_size_and_unit(), it seems to make sense to
introduce a simplifying abstraction.

Also fix serial_txbufsz not having been guaranteed to be a power of
two.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

x86_emulate: honor failure of in_longmode()

Failure of in_longmode() shouldn't be treated the same as the function
returning 'true'.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

x86, ept: remove execute permission for granted pages' P2M entries

When backporting c/s 20026 I noticed that granted pages get execute
permission, which doesn't seem desirable (and has been avoided for PV
guests for quite a while).

Even for p2m_mmio_direct is seems suspicious to allow execution, but
me being less certain here I left it as is for the time being.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

Adjust non-default sized console ring allocation

Using xmalloc() for objects that are guaranteed to be at least as
large as a page is wasteful, as it will always result in more (here:
double the amount) being allocated.

The other adjustments are more cosmetic:
- Updating conring and conring_size can be done so NMI/MCE generated
  messages don't use the new (larger) size with the old (smaller)
  buffer.
- The size printed can be in KiB (for the value to be easier to grasp)
  since it is always a multiple of the default of 16KiB.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

x86: fix get_free_pirq

GSI should not be allocated for other purpose, so change
the hard code limit.

Also fix the out of loop checking, it should be '<' instead of
'=='.

Signed-off-by: Qing He <qing.he@intel.com>

x86: softtsc for PV domains

Implement softtsc (TSC emulation) for userland code in PV domains.  It
currently is tied to the existing "softtsc" Xen boot option (which
does the same thing but for HVM domains).  Later it should be tied to
a vm.cfg option, but this is sufficient for now to obtain performance
degradation data for PV environments that heavily utilize rdtsc.  To
record emulation frequency, use debug-key "s".

Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

x86: fix msi_free_irq().

1) We should invoke destroy_irq() before msix_put_fixmap().
2) destroy_irq() invokes mask_msi_irq() eventually, so we can remove
the duplicate mask operation in the 'if' statement here.

Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>

[HVM] add super page support for HVM migration

This patch try to allocate 2M pages on target side based on analysis
of pfn sequence sent from source side for HVM migration.

The algorithm is: If pseudo-phys page is not yet populated in target
domain, AND it is first page of a 2MB extent, AND no other pages in
that extent are yet populated, AND the next pages in the save-image
stream populate that extent in order, THEN allocate a super page. If
the next 511 pages (to make the 2MB extent) are split across a batch
boundary, we have to optimistically allocate a super page in this
batch, and then break it into several 4K pages in the next batch,
which is speculative.

This patch is also friendly to PV guest migration.

Signed-Off-By: Zhai Edwin <edwin.zhai@intel.com>

xend: Do not pass pointer to a 16-bit domid_t to PyArg_ParseTuple()
when it expects a full integer.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

xend: Flask MLS security label handling

Changed the way security labels are handled to allow domains to be
labeled with Flask MLS security labels. Changed the error message
generated when an invalid context is submitted to be more useful.

Signed-off-by: Machon B. Gregory <mbgrego@tycho.ncsc.mil>
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>

stubdom: Backport fix for SIZE_MAX from newlib 1.17.0

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

Accurate accounting for credit scheduler

Rather than debit a full 10ms of credit on a scheduler tick
(probabilistic), debit credits accurately based on time stamps.

The main problem this is meant to address is an attack on the
scheduler that allows a rogue guest to avoid ever being debited
credits.  The basic idea is that the rogue process checks time (using
rdtsc) periodically, and yields after 9.5ms.  Using this technique, a
guest can "steal" 95% of the cpu.  This is particularly an issue in
cloud environments.

Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>

xend: Fix typos in configure_vtpm

Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>

x86 numa: Fix SRAT check for discontig memory

We currently compare the sum of the pages found in the SRAT table to
the address of the highest memory page found via the e820 table to
validate the SRAT.  This is completely bogus if there's any kind of
discontiguous memory, where the sum of the pages could be much smaller
than the address of the highest page.  I think all that's necessary is
to validate that each usable memory range in the e820 is covered by an
SRAT entry.  This might not be the most efficient way to do it, but
there are usually a relatively small number of entries on each side.

Signed-off-by: Alex Williamson <alex.williamson@hp.com>

xen/xsm/flask: Fix Flask MLS context generation

Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>

pygrub: Set path in #! line of pygrub, too

pygrub currently has a hardcoded path of /usr/bin/python which is not
correct if the version of python at install time is not the same as
that at build time. This patch uses the existing install-wrap and
python/get-path machinery.

(It does not address the currently-existing bug that the get-path
machinery works by assuming that `python' is a symlink, rather than
querying the python interpreter for its version.)

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>

xend: Add support for URI ('file:' and 'data:' scheme) for PV/kernel
and PV/ramdisk

Add support for 'file:' and 'data:' URI schemes for the parameters
'PV/kernel' and 'PV/ramdisk' in the VM.create() call. The 'data:'
scheme handling enables using a file which is stored inside the
management system (from where the XenAPI call is send) as kernel or
ramdisk.

Notes:
o all included: a detailed description can be found in the xenapi
documentation
o bumped up the version of the API document to 1.0.8 (because of
(minimal) interface extension)
o Future enhancements (like http:, ftp: schemes) fit seamlessly into
the current design / classes
o Unittest cases and xm-test case included

Signed-off-by: Andreas Florath <xen@flonatel.org>

libxc: More LZMA/BZIP fixes.

- Fix an error message in xc_try_bzip2_decode()
- Check library installation on demand using a Makefile function,
rather than generating a dependency file. Cleaner and avoids a race
on generating the dep file.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

vtpm: Upgrade to using tpm_emulator-0.5.1

The newer version of the emulator contains several bug fixes, one that
we were seeing in our use of vtpm.

This patch also defines TPM_STRONG_PERSISTENCE for the new emulator.

A couple of important notes about this patch:
-This has only been tested on PVM domU's. In theory it should work for
HVM but I have not tried it at all and can guarantee nothing.
-All the relevant changes in tools/vtpm/vtpm.patch have been ported
to tpm_emulator-0.5.1.
-None of the changes in tpm_emulator.patch have been ported. In
particular this means the BUILD_EMULATOR option, which as I understand
lets you use the tpm_emulator in dom0 for a machine that does
not have a real hardware TPM does not work. This functionality should
be easy to add though because the new emulator already comes with a
kernel module interface.
-No considerations were made for the VTPM_MULTI_VM feature (which is
supposedly unfinished). This patch may or may not break any progress
made on that feature.

Signed-off-by: Matt Fioravante <Matthew.Fioravante@jhuapl.edu>

xend: Allow vtpm instance uuid to be specified on domain creation

Right now xen will create a new vtpm instance everytime you start up a
domU, even if you specify the instance parameter in your config file.
Each vtpm instance is then given a uuid and the vtpm.db file maps
instance numbers to uuid numbers.

This patch is a hack that lets you explicitly set the uuid of your
vtpm instance. Everytime you boot up your domU now the vtpm will get
that uuid and thus it will always get the same vtpm instance number
instead of being generated a new one.

So for example, in your config file you would do something like this
vtpm = [ 'backend=0,uuid=dcdb124b-9fed-4040-b149-dd2dfd8d094c' ]

Signed-off-by: Matt Fioravante <Matthew.Fioravante@jhuapl.edu>

vtpm: Fix hashed-memory file writing.

There is a bug in the vtpm_manager that has to do with hashing and
saving the NVM memory files (vtpm_dm_%d.data). The file is not
truncated when it is written and this results in the hash becoming
invalid because of the extra bits at the end of the file.

This patch adds O_TRUNC to the flags when opening the file.

More details on this issue are in the bug report on bugzilla=20
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=3D1488

Signed-off-by: Matt Fioravante <Matthew.Fioravante@jhuapl.edu>

x86: run timers when populating Dom0's P2M table

When booting Dom0 with huge amounts of memory, and/or memory accesses
being sufficiently slow (due to NUMA effects), and the ACPI PM timer
or a high frequency HPET being used, the time it takes to populate the
M2P table may significantly exceed the overflow time of the platform
timer, screwing up time management to the point where Dom0 boot fails.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

x86: Ensure irq is disabled before taking vector_lock.

Fixed debug lock issue for taking vector lock.

Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>

ia64: Fix ia64 build issue introduced by per-cpu vector changes.

ia64 has no per-cpu vector support, so change the related APIs back
through defining macros.

Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>

Update .hgignore for tools/libxc/.zlib.deps

docs/misc: Update XSM Flask documentation

Update the XSM Flask documentation to reflect the support for
policy.24, the updated policy and policy build infrastructure, and how
to enable the optional MLS policy.

Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>

pygrub: Fix elilo handling after password patch.

Signed-off-by: Michal Novotny <minovotn@redhat.com>

Revert 20105:979fd420311b

libxc: Remove minios-specific hack for generating .zlib.deps file

It's not needed if one relative path is replaced.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

libxenguest: Fix libbz2/liblzma dependency computation.

1. Create an empty dep file if neither lib is installed
2. Forcibly disable support for libs if building minios

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

domain builder: Implement bzip2 and LZMA loaders

Recent upstream kernels can be compressed using either gzip,
bzip2, or LZMA. However, the PV kernel loader in Xen currently only
understands gzip, and will fail on the other two types. The attached
patch implements kernel decompression for gzip, bzip2, and LZMA so
that kernels compressed with any of these methods can be launched.

Signed-off-by: Chris Lalancette <clalance@redhat.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

tools/flask/policy: Updates to policy and policy build infrastructure

The original xen policy infrastructure was based off of an early
version of refpolicy. Because of this there was a lot of cruft that
does not apply to building a policy for xen. This patch does several
things. First it cleans up the makefile as to remove many unnecessary
build targets. Second it fixes an issue that the policy build process
wasn't handling interface files properly. Third it pulls in the MLS
suppport functions from current ref policy and makes use of
them. Finally it updates the xen policy with new rules to address
changes in xen since the policy was last worked on, and provides
several new abstractions for creating domains.

Signed-off-by: David P. Quigley <dpquigl@tycho.nsa.gov>

x86_64 hvm: Adjust COMPAT_VIRT_START for 32-bit HVM guests.

The PV limit should not apply as there is no M2P table mapped into an
HVM guest's virtual address space.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

xm-test: Fix testcase '11_block_attach_shared_dom0' for up-to date
linux kernels

New kernels have ext2 disabled by default. This fix uses ext3 for
testcase 11_block_attach_shared_dom0.

Signed-off-by: Andreas Florath <xen@flonatel.org>

pygrub: Add password support

It basically checks for the presence of password line in grub.conf
of the guest image and if this line is present, it supports both clear
text and md5 versions of the password. Editing the grub entries and
command-line are disabled when some password is set in domain's
grub.conf file but the password was not entered yet. Also, new option
to press 'p' in interactive pygrub has been added to allow entering
the grub password. It's been tested on x86_64 with PV guests and was
working fine. Also, the countdown has been stopped after key was
pressed, ie. the user is probably editing the boot configuration.

Signed-off-by: Michal Novotny <minovotn@redhat.com>

x86: shadow_alloc_p2m_page() should call shadow_prealloc() before shadow_alloc()

shadow_alloc_p2m_page() fails to call shadow_prealloc() before calling
shadow_alloc(). In certain conditions, notably when PoD is being
exercised, this may cause shadow_alloc() to fail, crashing Xen.

Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>

x86 vmx: Update EIP when appropriate during task switch

Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

Fix xapi xm-tests.

There were a couple of small bugs in the xapi xm-test:
o outdated XenAPI calls were removed from testcase
  (02_xapi-vbd_basic)
o minor problem with XendLocalStorageRepository
  is fixed (missed list_images() function - which
  is moved from the XenQCoWStroageRepo to the common
  base class XendStorageRepository)
  which was detected running 02_xapi-vbd_basic.
o XenAPI session handling and connecting is fixed.
o 03_xapi-network_pos was rewritten and now uses
  XenAPI.

Signed-off-by: Andreas Florath <xen@flonatel.org>

xm-test: Add status section to xm-test/README

The resport functionality is not removed because there is the hope
that somebody sets up the server side infrastructure.

Signed-off-by: Andreas Florath <xen@flonatel.org>

x86: Remove global percpu_mm_info structure, to make dataflow through
mm code clearer.

The FOREIGNDOM method was just confusing and pointless. The deferred
TLB flushing is of questionable value now that much automatic flushing has to be
synchronous to avoid guest SMP races.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

x86: teardown_msi_irq is not needed.

teardown_msi_irq logic is covered in destroy_irq,
so remove it to avoid freeing msi resource twice.

Signed-off-by: Xiantao Zhang<xiantao.zhang@intel.com>

x86: calculate nr_irqs_gsi correctly.

Should be a typo, this issue is introduced by Cset20076,
and it may break VT-d device assignment.

Signed-off-by: Xiantao Zhang <xiantao.zhang@intel.com>

xend: Fix error caused by VT-d ACS patch.

Signed-off-by: Allen Kay <allen.m.kay@intel.com>

pygrub: Revert 19322:3118041f2259, as it breaks timeout=0 behaviour

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

x86: Fix arch/x86/xen.lds dependencies.

gcc can get the dependency target name wrong (appends .o).

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

AMD IOMMU: support "passthrough" and "no-intremap" parameters.

Signed-off-by: Wei Wang <wei.wang2@amd.com>

Update Xen Flask module to policy.24.

This is a back-port of the latest SELinux code to Xen, adjusted
for Xen coding style and interfaces. Unneeded functionality such
as most object context config data, handle_unknown, MLS field
defaulting, etc has been omitted.

Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov>
Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil>

xen-hvmctx: don't compile for ia64.

xen-hvmctx is a x86 specific tool so that it shouldn't compile for ia64.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>

[IA64] define BYTES_PER_LONG to fix compilation error.

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>

x86 hvm: Clean up vlapic/vioapic/vmsi delivery.

In particular, avoid intermediate delivery bitmaps which restrict
number of vcpus supported.

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

xen pm trace utility cleanup

xenpm trace utility gtraceview cleanup

- add gtraceview help info on how to get raw data by xentrace
- make trace_exit_reason compiled in non-debug mode. trace_exit_reason
can be enable/disabled by xentrace at runtime, so no need to disable
it at build time.

Signed-off-by: Yu Ke <ke.yu@intel.com>

x86 hvm: Remove vendor-specific feature masking of 0x1:ECX.

Vendors are respecting each others bits.

Signed-off-by: Andre Przywara <andre.przywara@amd.com>

xend: passthrough: check if a device is behind PCIe switch that lacks ACS

Imagine a PCIe switch, which doesn't support ACS (Access Control
Services), has 2 downstream ports: A and B, according to PCIe spec,
the PCIe switch should directly route the transaction that is from A
and to a device under B -- the Root Complex and IOMMU engine are
bypassed -- this doesn't work at all in the case of hvm guest and can
even incur potential security issue, so we should not allow such kind
of device assignment.

If all the intermediate PCIe swiches between a device and Root Complex
support and enable ACS, we can safely asssign the device to guest.

Cc: Allen Kay <allen.m.kay@intel.com>
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>