dgit.raspbian.org Git

xenpaging: drop xc.c, remove xc files

Finally remove xc.c/xc.h and its references since both are empty now.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: drop xc.c, move xc_wait_for_event_or_timeout

Move xc_wait_for_event_or_timeout() into xenpaging and massage it a bit for
further changes in subsequent patches.
Include poll.h instead of sys/poll.h.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: drop xc.c, move xc_mem_paging_flush_ioemu_cache

Move xc_mem_paging_flush_ioemu_cache() into xenpaging and massage it a bit to
use the required members from xenpaging_t.
Also update type of rc to match xs_write() return value.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: drop xc.c, remove xc_wait_for_event

xc_wait_for_event is not used in xenpaging.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: drop xc.c, remove xc_platform_info_t

xc_platform_info_t is not used in xenpaging.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: drop xc.c, remove ASSERT

The ASSERT is not needed, victim is never NULL.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: add xs_handle to struct xenpaging

A xs_handle is currently used in the xc_mem_paging_flush_ioemu_cache()
function and will be used by a subsequent patch.
Add it to struct xenpaging.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

tools: merge several bitop functions into xc_bitops.h

Bitmaps are used in save/restore, xenpaging and blktap2. Merge the code into a
private xc_bitops.h file. All users are single threaded, so locking is not an
issue. The array of bits is handled as volatile because the x86 save/restore
code passes the bitmap to the hypervisor which in turn modifies the bitmap.

blktap2 uses a private bitmap. There was a possible overflow in the
bitmap_size() function, the remainder was not considered.

ia64 save/restore uses a bitmap to send the number of vcpus to the host.

x86 save/restore uses a bitmap to track dirty pages. This bitmap is shared with
the hypervisor. An unused function count_bits() was removed and a new
bitmap_size() function is now used.

xenpaging uses 3 private bitmaps to track the gfns which are in paged-out
state. It had a copy of some Linux bitops.h, which is now obsolete. Also the
BITS_PER_LONG macro was hardcoded to 64 which made it impossible to run 32bit
tools on a 64bit host. Wether this works at all has to be tested, yet.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: remove and hgignore testenum.c

This is an output file from the test idl generator and should not have
been committed.

Reported-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

QEMU_TAG update

libxl: autogenerate to_string and from_string functions for Enumerations.

The generated strings are the lower case enum value names, with underscores.
Accepted string for parsing are the same but are case insensitive.

We provide a table of strings->value for each Enumeration as well as a
convenience function to perform a lookup.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

xl: improve compatibility with xm

/etc/init.d/xendomains relies on simple pattern matching from sructures
being printed by "xl list -l" command. so update xl implementation to
match.

Signed-off-by: Carsten Schiers <carsten@schiers.de>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

tools/ocaml: ask compiler for correct library

OCaml libraries will live in /usr/local/ if the user compiles OCaml
from source. This patch asks the OCaml compiler where we should look
for libraries.

NB: it may be that we should do the same thing for the NetBSD case,
but I don't have a BSD box to test this out.

Signed-off-by: Mike McClurg <mike.mcclurg@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: add all pci devices to xenstore at once (during VM create)

When adding pci devices one by one, pciback notice only the first one. For
every next, "state" is left as is (usualy "4" in that time), so backend will
not rescan xenstore. So when VM is starting all devices should be added at once
and then backend can initialize it.

This applies only to pci, because only pci backend have one xenstore dir for
multiple devices.

Signed-off-by: Marek Marczykowski <marmarek@mimuw.edu.pl>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

make xendomains service save/migrate vms under /etc/xen/auto only

Currently, xendomains service will save or migrate all the running domains in
the host on stop.

Change XENDOMAINS_AUTO_ONLY=true. Then on service stop, it will only
save or migrate all VMs under XENDOMAINS_AUTO (/etc/xen/auto), but always
shutdown all the running VMs.

It's a way to cleanly shutdown all the running VMs on system reboot. If you
want to save/migrate a VM, create a link to /etc/xen/auto.

Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: always set list out parameter of libxl_device_pci_list_assigned

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

xenpaging: remove unused spinlock in pager

The spinlock code in the pager is a no-op because xenpaging is a single
threaded application. There is no locking when put_response() places a
response into the ringbuffer.
The only locking is inside the hypervisor, where mem_event_put_request() and
mem_event_get_response() lock the ringbuffer to protect multiple vcpus from
each other.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

tools/blktap2: tapdisk2 executable usage message documents -D option

Signed-off-by: Philipp Hahn <hahn@univention.de>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

xenctx: add option -C to dump context for all vcpus

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenctx: move xc_* access out of dump_ctx

move xc_* access out of dump_ctx.
Update code paths to return an error instead of calling exit().
On error unpause the guest if it was paused by xenctx.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenctx: move all globals into struct xenctx

Move all globals used for options and libxc data into a new struct xenctx.
This is used in subsequent changes.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenctx: recognize also -S option for --stack-trace

Update help text.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

tools: xen-ringwatch: spot, and work around, broken frontend/backend ring I/O

Adds tool support to debug backends which expose I/O ring state in
sysfs. Currently supports /sys/devices/xen-backend/vbd-*-*/io_ring
nodes for block I/O, where implemented.

Primary function is to observe ring state make progress over a period
of time, then report stuck message queue halves where pending
consumer/event are not moving.

Adding --kick will re-issue event notifications to frontends, and/or
kick backends out of wait state.

Signed-off-by: Daniel Stodden <daniel.stodden@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: remove O_CLOEXEC in xl_cmdimpl.c

Some old linux kernels such as 2.6.18 don't define O_CLOEXEC, so
remove O_CLOEXEC in xl_cmdimpl.c and replace with fcntl.

Signed-off-by: Yongjie Ren <yongjie.ren@intel.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/mm/shadow: adjust early-unshadow heuristic for PAE guests.

PAE guests have 8-byte PTEs but tend to clear memory with 4-byte writes.
This means that when zeroing a former pagetable every second 4-byte
write is unaligned and so the consecutive-zeroes --> unshadow
heuristic never kicks in. Adjust the heuristic not to reset when
a write is >= 4 bytes and writing zero but not PTE-aligned.

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>

xen-detect: Fix cpuid asm for 32-bit PIC compilation.

Signed-off-by: Keir Fraser <keir@xen.org>

tasklets: Switch a few tasklets to run in softirq context.

There are a couple of others which may also be safe. I've converted
only the most obvious one.

Signed-off-by: Keir Fraser <keir@xen.org>

tasklets: Allow tasklets to be created that run in softirq context.

Where this is safe, it can reduce latency and cpu overhead compared
with scheduling the idle vcpu to perform the same tasklet work.

Signed-off-by: Keir Fraser <keir@xen.org>

pv-on-hvm: hvm_domain_use_pirq return positive no matter if the evtchn is bound

This patch fixes PV on HVM interrupt remapping with recent Linux
kernels and upstream qemu. hvm_domain_use_pirq should return positive
even if the evtchn is not currently bound. If it doesn't assert_irq
ends up injecting legacy interrupts even after the guest disabled the
irq.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

Protect xen/stdarg.h for multiple inclusion.

Signed-off-by: Keir Fraser <keir@xen.org>

Use same data array for INTEL and AMD cpufreq handling

The AMD and INTEL specific parts of cpufreq handling used different
per-cpu data structures with nearly identical semantics. Fold the two
structures into one by adding a generic architecture data item.

Signed-off-by: Juergen Gross <juergen.gross@ts.fujitsu.com>

KEXEC: prevent panic on the kexec path when talking to the DMAR
hardware

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86_emulate: Fix decode of FUCOMIP %stN.

Signed-off-by: Keir Fraser <keir@xen.org>

x86: sync thermal monitor LVT handling with Linux

As of 2.6.33, Linux checks that the thermal monitor LVT isn't set to
SMI delivery mode on just the value read on the boot CPU. As of 2.6.39
it additionally avoids writing back the saved value when its delivery
mode is FIXED (as this can cause APIC errors).

Changes done here that aren't in Linux are
- write back the boot CPU value also if delivery mode is FIXED, but
there is also a valid vector
- print the messages when bailing out only once (on the boot CPU)
- when doing the final (enabling) write to the LVT, don't re-read the
old value from the APIC, as we have it in a local variable already

Signed-off-by: Jan Beulich <jbeulich@novell.com>

x86/apic: check maxlvt before accessing certain LVT fields

This follows Linux, including in not checking maxlvt for certain
accesses to APIC_LVTERR.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

x86-64: fix incorrect assertion in __maddr_to_virt()

When memory map sparseness reduction is in use, machine address ranges
can't validly be compared directly against the total size of the
direct mapping range.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

KEXEC: correctly revert x2apic state when kexecing

Introduce the boolean variable 'kexecing' which indicates to functions
whether we are on the kexec path or not.  This is used by
disable_local_APIC() to try and revert the APIC mode back to how it
was found on boot.

We also need some fudging of the x2apic_enabled variable.  It is used
in multiple places over the codebase to mean multiple things,
including:
    What did the user specifify on the command line?
    Did the BIOS boot me in x2apic mode?
    Is the BSP Local APIC in x2apic mode?
    What mode is my Local APIC in?

Therefore, set it up to prevent a protection fault when disabling the
IOAPICs.  (In this case, it is used in the "What mode is my Local APIC
in?" case, so the processor doesnt suffer a protection fault because
of trying to use x2apic MSRs when it should be using xapic MMIO)

Finally, make sure that interrupts are disabled when jumping into the
purgatory code.  It would be bad to service interrupts in the Xen
context when the next kernel is booting.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

IOMMU: add crash_shutdown iommu_op

The kdump kernel has problems booting with interrupt/dma
remapping enabled, so we need a new iommu_ops called
crash_shutdown which is basically suspend but doesn't
need to bother saving state.

Make sure that crash_shutdown is called on the kexec
path.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

IOMMU VTD BUG: disable Extended Interrupt Mode when disabling Interupt
Remapping

Experimental evidence shows that Extended Interrupt Mode remains in
effect even after Interrupt Remapping is disabled in each DMAR Global
Command Register.  A consiquence of this is that when we switch from
x2apic mode back to xapic mode, and disable interrupt remapping for
the kdump kernel, interrupts passing through the IO APICs are in
x2apic format as opposed xapic.  This causes a triple fault in the
kexec kernel.

As EIM is explicitly set up each time Interrup Remapping is enabled,
it is safe for us to clobber this when taring down.

Also, change the header definition of IRTA_REG_EIME_SHIFT.  It caused
verbose and error-prone code, and was only used in 1 place before.  We
now have IRTA_EIME which is the specific bit in the register.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Enable RDWRGSFS feature support for HVM guests

Write/read FS/GS base instructions enable user level code to
read/write FS & GS segment base registers for thread local storage.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>

x86/hvm: Crash domain rather than guest on unexpected PIO IO state

Under certain conditions, if an IO gets into an unexpected state,
hvmemul_do_io can return X86EMUL_UNHANDLEABLE. Unfortunately,
handle_pio() does not expect this state, and calls BUG() if it sees
it, crashing the host.

Other HVM io-related code crashes the guest in this case. This patch
makes handle_pio() do the same.

The crash was seen when executing crash_guest in dom0 to forcibly
crash the guest.

Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>

Nested VMX: n2 MSR handling and capability exposure

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Add VMXE bits in virtual CR4

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Lazy FPU for n2 guest

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: VM exit handler of n2-guest

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: interrupt/exception handling for n2 guest

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Switch shadow/virtual VMCS between n1/n2 guests.

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Extend VMCS control fields for n2 guest

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Emulation of VMRESUME/VMLAUNCH

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Add APIs to switch n1/n2 VMCS.

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nexted VMX: Emulation of guest VMREAD

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Emulation of guest VMWRITE

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Emulation of guest VMCLEAR

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Emulation of guest VMPTRST

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Emulation of guest vmptrld

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Define structure and access APIs for virtual VMCS.

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Emulation of guest VMXON/OFF instruction.

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Add APIs for nestedhvm_ops.

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

Nested VMX: Add data structure for nestedvmx

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

x86/hvm: Move IDT_VECTORING processing code out of intr_assist.

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

x86/hvm: extend nhvm_vmcx_guest_intercepts_trap to include errcode
to assist decision of TRAP_page_fault in VMX.

Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Acked-by: Christoph Egger <Christoph.Egger@amd.com>
Acked-by: Tim Deegan <Tim.Deegan@citrix.com>
Committed-by: Tim Deegan <Tim.Deegan@citrix.com>

x86/mm/p2m: Move check for non-translated guests in one layer
so that direct callers of gfn_to_mfn_type_p2m() can operate safely
on PV domains.

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>

x86: Pass through ERMS CPUID feature for HVM and PV guests

This patch exposes ERMS feature to HVM and PV guests.

The REP MOVSB/STOSB instruction can enhance fast strings attempts to
move as much of the data with larger size load/stores as possible.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>

IOMMU VTD BUG: disable Extended Interrupt Mode when disabling Interrupt Remapping

Experimental evidence shows that Extended Interrupt Mode remains in
effect even after Interrupt Remapping is disabled in each DMAR Global
Command Register.  A consiquence of this is that when we switch from
x2apic mode back to xapic mode, and disable interrupt remapping for
the kdump kernel, interrupts passing through the IO APICs are in
x2apic format as opposed xapic.  This causes a triple fault in the
kexec kernel.

As EIM is explicitly set up each time Interrup Remapping is enabled,
it is safe for us to clobber this when taring down.

Also, change the header definition of IRTA_REG_EIME_SHIFT.  It caused
verbose and error-prone code, and was only used in 1 place before.  We
now have IRTA_EIME which is the specific bit in the register.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86/apic: record local APIC state on boot

Xen does not store the boot local APIC state which leads to problems
when shutting down for a kexec jump. This patch records the boot
state so we can return to the boot state when kexecing.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Keir Fraser <keir@xen.org>
Acked-by: Jan Beulich <jbeulich@novell.com>

x86/kexec: nmi_shootdown_cpus() should leave irqs disabled

Signed-off-by: Keir Fraser <keir@xen.org>

x86/apic: fix potential Protection Fault during shutdown

This is a rare case, but if the BIOS is set to uniprocessor, and Xen
is booted with 'lapic x2apic', Xen will switch into x2apic mode, which
will cause a protection fault when disabling the local APIC. This
leads to a general protection fault as this code is also in the fault
handler.

When x2apic mode is enabled, the only tranlsation which does
not result in a protection fault is to clear both the EN and EXTD
bits, which is safe to do in all cases, even if you are in xapic
mode rather than x2apic mode.

The linux code from which this is derrived is protected by an
if ( ! x2apic_mode ...) clause which is how they get away with it.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@novell.com>

x86/amd: Eliminate cache flushing when entering C3 on select AMD processors

AMD Fam15h processors have a shared cache. It does not need=20
to be be flushed when entering C3 and doing so causes reduces
performance. Modify acpi_processor_power_init_bm_check to
prevent these processors from flushing when entering C3.

Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com>

x86/hvm: Make DRNG feature visible in CPUID

This patch exposes DRNG feature to HVM guests.

The RDRAND instruction can provide software with sequences of
random numbers generated from white noise.

Signed-off-by: Yang, Wei <wei.y.yang@intel.com>

x86_32: Fix build: Define machine_to_phys_mapping_valid

Signed-off-by: Keir Fraser <keir@xen.org>

x86/vmx: Small fixes to MSR_IA32_VMX_PROCBASED_CTLS feature probing.

Should check for VIRTUAL_INTR_PENDING as we unconditionally make use
of it. Also check for CR8 exiting unconditionally on x86/64, as this
is of use to nestedvmx, and every 64-bit cpu should support it.

Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Keir Fraser <keir@xen.org>

xenpaging: update machine_to_phys_mapping[] during page deallocation

The machine_to_phys_mapping[] array needs updating during page
deallocation.  If that page is allocated again, a call to
get_gpfn_from_mfn() will still return an old gfn from another guest.
This will cause trouble because this gfn number has no or different
meaning in the context of the current guest.

This happens when the entire guest ram is paged-out before
xen_vga_populate_vram() runs.  Then XENMEM_populate_physmap is called
with gfn 0xff000.  A new page is allocated with alloc_domheap_pages.
This new page does not have a gfn yet.  However, in
guest_physmap_add_entry() the passed mfn maps still to an old gfn
(perhaps from another old guest).  This old gfn is in paged-out state
in this guests context and has no mfn anymore.  As a result, the
ASSERT() triggers because p2m_is_ram() is true for p2m_ram_paging*
types.  If the machine_to_phys_mapping[] array is updated properly,
both loops in guest_physmap_add_entry() turn into no-ops for the new
page and the mfn/gfn mapping will be done at the end of the function.

If XENMEM_add_to_physmap is used with XENMAPSPACE_gmfn,
get_gpfn_from_mfn() will return an appearently valid gfn.  As a
result, guest_physmap_remove_page() is called.  The ASSERT in
p2m_remove_page triggers because the passed mfn does not match the old
mfn for the passed gfn.

Signed-off-by: Olaf Hering <olaf@aepfle.de>

x86: Disable set_gpfn_from_mfn until m2p table is allocated.

This is a prerequisite for calling set_gpfn_from_mfn() unconditionally
from free_heap_pages().

Signed-off-by: Keir Fraser <keir@xen.org>

x86: Fix argument checking in (privileged) function cpu_add().

Thanks to John McDermott <john.mcdermott@nrl.navy.mil> for spotting.

Signed-off-by: Keir Fraser <keir@xen.org>

x86/hvm: add SMEP support to HVM guest

Intel new CPU supports SMEP (Supervisor Mode Execution Protection). SMEP
prevents software operating with CPL < 3 (supervisor mode) from fetching
instructions from any linear address with a valid translation for which the U/S
flag (bit 2) is 1 in every paging-structure entry controlling the translation
for the linear address.

This patch adds SMEP support to HVM guest.

Signed-off-by: Yang Wei <wei.y.yang@intel.com>
Signed-off-by: Shan Haitao <haitao.shan@intel.com>
Signed-off-by: Li Xin <xin.li@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>

hvmloader: add missing emacs local variables.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

hvmloader: reduce unnecessary e820 reservations for SeaBIOS

SeaBIOS will reserve memory in the e820 as necessary, including BIOS
data structures such as the EBDA, any tables it creates or copies into
pleace etc. Therefore arrange that the memory map provided by
hvmloader to SeaBIOS reserves only things which HVMloader has created.

Since ROMBIOS is more tightly coupled with hvmloader we retain the
ability to reserve BIOS regions in the hvmloader produced e820 and use
that from the ROMBIOS backend.

The code for this could probably have been simpler but the existing
code avoids overlapping e820 areas and so the new code does the same
(many guest OSes sanitize the e820 map to handle this, but I wouldn't
trust that all do, so I didn't take the risk)

For ROMBIOS the resulting e820 map as seen by the guest is the same
except the reserved regions at 0x9e000-0x9fc00,0x9fc00-0xa0000 are
merged into a single region 0x9e000-0xa0000 (Linux guests sanitize the
e820 to look like this anyway).

For SeaBIOS the result is that the lowmem reserved region is from
0x9f000-0xa0000 rather than 0x9e000-0xa0000 which correctly reflects
SeaBIOS's actual usage.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

nestedsvm: Support Decodeassist

Offer l1 guest to use decode assist if available in hardware.

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>

Fix 32-bit build after p2m series

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>

Merge

x86: Enable Supervisor Mode Execution Protection (SMEP)

Intel new CPU supports SMEP (Supervisor Mode Execution
Protection). SMEP prevents software operating with CPL < 3 (supervisor
mode) from fetching instructions from any linear address with a valid
translation for which the U/S flag (bit 2) is 1 in every
paging-structure entry controlling the translation for the linear
address.

This patch enables SMEP in Xen to protect Xen hypervisor from
executing pv guest instructions, whose translation paging-structure
entries' U/S flags are all set.

Signed-off-by: Yang Wei <wei.y.yang@intel.com>
Signed-off-by: Shan Haitao <haitao.shan@intel.com>
Signed-off-by: Li Xin <xin.li@intel.com>
Signed-off-by: Keir Fraser <keir@xen.org>

libxc: Don't refer to meaningless 'word offsets' in xc_cpufeature.h

Signed-off-by: Keir Fraser <keir@xen.org>

hvmloader: reinstate datastructure shared with DSDT in SeaBIOS case.

I mistakenly thought that the "struct bios_info" was a ROMBIOS
specific data structure and so caused it to be populated only in the
ROMBIOS case.

However it turns out that the majority of the struct's fields are
actually referenced from the ACPI DSDT and hence are needed for
SeaBIOS too.

While in principal it might have been possible to continue to mix
ROMBIOS and ACPI bits in this datastructure this is, evidently,
confusing but also leads to header file dependencies from
ROMBIOS->hvmloader which I had been hoping to avoid so as to head-off
future accidental re-entanglement of ROMBIOS and hvmloader.

So instead I have split the ACPI parts into a new "struct acpi_info"
which is defined entirely within the acpi building code in hvmloader
and which comes with a big comment pointing to the DSDT interaction.

This new ACPI info is placed at 0x9F000 which is available under both
ROMBIOS and SeaBIOS. This address is in a reserved region of the E820
and is just above the ROMBIOS stack.

The resulting "struct rombios_info" is hardly worthy of its own
structure but keep it anyway.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

hvmloader: allocate ACPI tables as we go

Rather than building the tables twice, once purely to figure out the
size, just allocate each individual table as we go.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

hvmloader: removed unused/incorrect define.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

hvmloader: reduce minimum allocation alignment from 1024 bytes to 16.

1024 bytes create a lot of wastage when the majority of allocations
are of BIOS table data structures which are generally happy with much
lower alignment. I conservatively chose 16 bytes.

Most callers pass 0 for the alignment anyway, for the rombios high
code allocation I kept it 1024 byte aligned since it was the only case
that didn't seem obviously ok with a smaller alignment.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>

tools/hotplug: Fix hotplug hook script arrangements not to always fail

The new feature introduced in 23401:a44b12ee2fd3 was broken; it in
general always fails, at least if there are no hotplug scripts.

If there are no hooks, call_hooks ends up running this:
  [ -x ".....*.hook" ] && . "..... *.hook"

This does not directly trigger set -e and sigerr.  However, it is the
last command exected in call_hooks.  So the return status of
call_hooks is an error, and thus a sigerr happens when call_hooks
returns.

The bug affects xl and xm.  However xl does not detect failure of the
hotplug script.

Change the script to use if...then rather than &&, as the latter has
very confusing and undesirable semantics.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: disks: rename disk param "unpluggable" to "removable"

This property corresponds to what is called "removable" in xenstore,
and is the conventional meaning of "removable": ie, the _media_ can be
removed even as the _device_ remains present.

"unpluggable" is a misleading name for this.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: disks: expose new "script" parameter for external block scripts

This is not currently implemented. Applications setting it to
anything but NULL will cause an error. Code to set it from xl
configuration files will appear later in this series.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: make libxl_ctx_free tolerate NULL ctx argument

This is purely for convenience (eg, when debugging).

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: provide TOSTRING in libxl_internal.h and libxlu_internal.h

Provide a copy of the standard TOSTRING macro in libxlu_internal.h,
for the benefit of patches later in this series.

Also, move TOSTRING to libxl_internal.h from a .c file for the
benefit of future other callers in libxl proper.

(These cannot be combined because libxlu cannot include
libxl_internal.h and libxl should not include libxlu_internal.h.)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: add missing copyright notices to autogenerated files

Copyright notices in libxlu_cfg_[ly].[ly] end up in the .[ch] files,
copied there by flex and bison. Regenerate those files (flex 2.5.35
and bison 2.3, from Debian lenny i386).

No manual edits in this patch.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: add missing copyright notices to some files

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: fix wrong mask of function number

Function number is 3 bits. So the mask should be 0x7 instead 0x3.

Signed-off-by: Yang Zhang <yang.z.zhang@intel.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

xl: print sxp on dry-run of create.

The help text for xm create's --dry-run says "Dry run - prints the
resulting configuration in SXP but does not create the domain." so
update xl implementation to match. At least the xendomains initscript
relies on this (for better or worse).

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Carsten Schiers <carsten@schiers.de>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: flask xsm support

Adds support for assigning a label to domains, obtaining and setting the
current enforcing mode, and loading a policy with xl command and libxl
header when the Flask XSM is in use. Adheres to the changes made by the
patch to remove exposure of libxenctrl/libxenstore headers via libxl.h.

Signed-Off-By: Machon Gregory <mbgrego@tycho.ncsc.mil>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: check return values of read/write

Some distros enable -D_FORTIFY_SOURCE=2 by default
(https://wiki.ubuntu.com/CompilerFlags) which adds the warn_unused_result
attribute to several functions including read(2) and write(2)

Although we don't really care about error reading or writing the libxl spawn fd
catch them anyway to keep this warning happy.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Tested-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: avoid build warning when _libxl_types.h does not initially exist.

Olaf Hering reports:
if ! cmp _libxl_paths.h.2.tmp _libxl_paths.h; then mv -f _libxl_paths.h.2.tmp _libxl_paths.h; fi
cmp: _libxl_paths.h: No such file or directory

Use "cmp -s" to silence the error. cmp returns 2 in this case and so the mv
does occur.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Tested-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: remove stray "atoi" in debug code.

I switched from atoi to strtol but failed to actually remove it...

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxc: Simplify and clean up xc_cpufeature.h

* Remove Linux-private defns with no direct relation to CPUID
* Remove word offsets into Linux-defined cpu_caps array
* Hard tabs -> soft tabs

Signed-off-by: Keir Fraser <keir@xen.org>