Keir Fraser [Fri, 23 May 2008 08:48:44 +0000 (09:48 +0100)]
tboot, s3: Fix S3 issue of Xen and tboot, since the structure
acpi_sleep_info is changed but some of the code in Xen is not
synchronized up with this change, which causes Xen S3 failure.
Signed-off-by: Shane Wang <shane.wang@intel.com>
Keir Fraser [Fri, 23 May 2008 08:47:45 +0000 (09:47 +0100)]
Remove xend-config-xenapi.sxp and xm-config-xenapi.xml
The contents of these two files are duplicate of xend-config.sxp and
xm-config.xml. They only add maintaining burdens to developers.
This patch removes them permanently.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
Keir Fraser [Fri, 23 May 2008 08:35:57 +0000 (09:35 +0100)]
stubdom: fix constructors/destructors in 64bit mode
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Fri, 23 May 2008 08:35:43 +0000 (09:35 +0100)]
stubdom: fix and clean pthread minimal support
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Fri, 23 May 2008 08:35:23 +0000 (09:35 +0100)]
stubdom: complete libxc support
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Thu, 22 May 2008 14:11:06 +0000 (15:11 +0100)]
xend: fix automatic vcpu NUMA placement
The automatic NUMA placement code (find_relaxed_node) in
XendDomainInfo.py contains several bugs:
1. The domain just created shall not be considered in the load
calculation.
2. Nodes with too less memory for the domain must be considered during
the load calculation phase and abandoned later, currently these nodes
win with a load of 0.
3. CPUs which are offline shall not be considered in load calculation.
4. (Integer-)Dividing the load value by the number of cores per node
may conceal subtle load differences resulting in a non-optimal node to
be chosen.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Keir Fraser [Thu, 22 May 2008 14:09:49 +0000 (15:09 +0100)]
libxc: drop double un?lock_pages definition to fix static linking
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Thu, 22 May 2008 14:09:08 +0000 (15:09 +0100)]
stubdom: support constructors and destructors
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Thu, 22 May 2008 14:08:48 +0000 (15:08 +0100)]
ioemu: drop unused shared_vram variable
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Thu, 22 May 2008 14:08:14 +0000 (15:08 +0100)]
shadow: check for gfn_to_mfn returning INVALID_MFN
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Thu, 22 May 2008 10:04:02 +0000 (11:04 +0100)]
hvmloader: Fix pci_setup() to not skip BAR remapping for virtual VGA devices.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Thu, 22 May 2008 09:41:49 +0000 (10:41 +0100)]
x86: Change a local label in asm entry stubs to really be local.
This prevents it appearing in crash traces, where it can be a bit confusing.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Thu, 22 May 2008 09:40:40 +0000 (10:40 +0100)]
x86: Remove 32-bit non-PAE code from dom0 builder, and avoid use of
get_page_type() on pagetable pages (pending support for preemptive
get_page_type(), as dom0 builder would be an awkward place to deal
with preemption).
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Wed, 21 May 2008 15:55:11 +0000 (16:55 +0100)]
libxc, x86: Fix CPUID inline asm for x86/64.
Must save all 64 bits of RBX, not just the EBX sub-part.
Based on bug diagnosis and patch by Juergen Keil <jk@tools.de>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Wed, 21 May 2008 10:23:03 +0000 (11:23 +0100)]
hvmloader: Lay out memory a bit differently -
* Cleanly define a scratch area for temporary storage
* Raise Etherboot ROM out of the way of larger VGA BIOSes
Also detect virtual VGA adaptors more cleanly.
Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Wed, 21 May 2008 10:19:41 +0000 (11:19 +0100)]
vgabios: Support VESA power management extensions.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Wed, 21 May 2008 10:07:23 +0000 (11:07 +0100)]
Handle IOMMU pagetable allocations when set_p2m_entry is called with
non-zero page order.
Signed-off-by: Xin Xiaohui <xiaohui.xin@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Wed, 21 May 2008 10:02:51 +0000 (11:02 +0100)]
Intel EPT: Add page shattering logic for EPT when a super-page gets partially freed.
Signed-off-by: Xin Xiaohui <xiaohui.xin@intel.com>
Keir Fraser [Wed, 21 May 2008 09:59:49 +0000 (10:59 +0100)]
Add statistic interface for cx.
Implement statistic interface for cx via sysctl & libxc. Provide a
easy way to collect processor cx info within dom0.
Signed-off-by: Wei Gang <gang.wei@intel.com>
Keir Fraser [Wed, 21 May 2008 09:59:00 +0000 (10:59 +0100)]
x86: Make cx key handler print simpler but formatted info.
Signed-off-by: Wei Gang <gang.wei@intel.com>
Keir Fraser [Wed, 21 May 2008 09:57:08 +0000 (10:57 +0100)]
xend: Remove XendLogging dependency from a couple of generally useful
support modules.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
Keir Fraser [Wed, 21 May 2008 09:38:57 +0000 (10:38 +0100)]
x86: Fix lapic timer stop issue in deep C state
Local APIC timer may stop at deep C state (C3/C4...) entry/exit. this
patch add the logic that use platform timer (HPET) to reenable local
APIC timer at C state entry/exit.
Signed-off-by: Wei Gang <gang.wei@intel.com>
Signed-off-by: Yu Ke <ke.yu@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 20 May 2008 13:50:45 +0000 (14:50 +0100)]
xend: Support HVM S3 resume.
Signed-off-by: Yu Ke <ke.yu@intel.com>
Signed-off-by: Ke Liping <liping.ke@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 20 May 2008 13:36:05 +0000 (14:36 +0100)]
hvm: rombios interface for HVM S3
- add S3 package in ACPI DSDT table. Guest OS will get S3 value from
this package and write the value to PM1A control register to
trigger S3 suspend.
- Add S3 resume logic in rombios post code. the CMOS shutdown register
is used to indicate if this is a S3 resume.
- if it is s3 resume, rombios will get wakeup vector from ACPI FACS
table and jump to wakeup vector. Per ACPI spec, the wakeup vector
jumping must be the forms CS:IP, in which CS=3D(wakeup vector>>4)
IP=3D(wakeup vector)&0xF, for example, for vector=3D0x12345,
CS:IP=3D0x1234:0x5
Note: clobber_entry_point will clobber the post entry, which make S3
resume not work. We will directly jmp to POST Entry if it in S3
Resume path.
Signed-off-by: Yu Ke <ke.yu@intel.com>
Signed-off-by: Ke Liping <liping.ke@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 20 May 2008 13:28:19 +0000 (14:28 +0100)]
ioemu: HVM virtual S3
- add S3 suspend logic in PM1A control register. when guest write
specific value to this register,
QEMU will trigger S3 sleep by
* reset all qemu device
* set CMOS shutdown status as S3 resume, so that rombios will do
S3 resume later
* request Xen to S3-suspend the guest
Signed-off-by: Yu Ke <ke.yu@intel.com>
Signed-off-by: Liping Ke <liping.ke@intel.com?
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 20 May 2008 13:18:32 +0000 (14:18 +0100)]
xend: Fix bugzilla bug #1253.
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
Keir Fraser [Tue, 20 May 2008 13:17:15 +0000 (14:17 +0100)]
x86 hvm: Xen interface and implementation for virtual S3
Signed-off-by: Tian Kevin <kevin.tian@intel.com>
Signed-off-by: Yu Ke <ke.yu@intel.com>
Signed-off-by: Ke Liping <liping.ke@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 20 May 2008 08:55:50 +0000 (09:55 +0100)]
Merge with ia64
Keir Fraser [Tue, 20 May 2008 08:43:02 +0000 (09:43 +0100)]
xm migrate: Better error report when attempt to migrate non-running domain.
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
Keir Fraser [Tue, 20 May 2008 08:41:52 +0000 (09:41 +0100)]
ioemu: Fix interpretation of missing or zero vfb videoram
Changeset 17289:
d97e61001d81: introduced vfb configuration parameter
videoram, defaulting to zero. Value zero was interpreted as
unlimited. Changeset 17630:
53195719f762 accidentally dropped the
special case for zero, which broke guests that don't specify videoram,
or specify videoram=0. Restore the old behavior.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Isaku Yamahata [Tue, 20 May 2008 02:33:15 +0000 (11:33 +0900)]
merge with xen-unstable.hg
Keir Fraser [Mon, 19 May 2008 09:03:26 +0000 (10:03 +0100)]
svm: Better handling of NMI injection -- avoid nested NMIs.
We do this by emulating the NMI mask which blocks NMI delivery until
next IRET on native hardware.
Signed-off-by: Gianluca Guida <gianluca.guida@eu.citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Mon, 19 May 2008 08:46:02 +0000 (09:46 +0100)]
Fix showing of CPU Affinity by xm vcpu-list
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
Keir Fraser [Mon, 19 May 2008 08:43:42 +0000 (09:43 +0100)]
x86: Fix kexec reservation
The reservation of space for the kexec area in
kexec_reserve_area is incorrect. It specifies the
start address and size to reserve_e820_mem when
the args should be start and end.
Bug found and fixed by Dave Anderson.
Signed-off-by: Bill Burns <bburns@redhat.com>
Keir Fraser [Mon, 19 May 2008 08:42:18 +0000 (09:42 +0100)]
ioemu: Fix load of PCI-device IRQ state after save/restore.
From: Ian Jackson <Ian.Jackson@eu.citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Mon, 19 May 2008 08:40:53 +0000 (09:40 +0100)]
stdvga: handle 64bit io operations
Handle 64bit operations in stdvga instead of throwing away the
upper 32bits.
This fixes some noisy xen messages like "invalid io size: 8".
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Isaku Yamahata [Fri, 16 May 2008 13:25:47 +0000 (22:25 +0900)]
[IA64] compilation fix of 17669:
d0817f08599a
compilation fix of 17669:
d0817f08599a.
The change set needs the definition of do_get_pm_info().
Define the stub function.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Isaku Yamahata [Fri, 16 May 2008 12:59:38 +0000 (21:59 +0900)]
merge with xen-unstable.hg
Keir Fraser [Fri, 16 May 2008 08:37:19 +0000 (09:37 +0100)]
Provide Px statistic data to user through libxc
Sampling and collecting dynamic Px statistic data, including
Px state value, Px count, Px residency time, Px transition
matrix, etc. Provide Px statistic data to user through libxc.
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
Keir Fraser [Fri, 16 May 2008 08:31:03 +0000 (09:31 +0100)]
[IA64] trivial compilation error fix for 17645:
8d18e52a1b23.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Keir Fraser [Fri, 16 May 2008 08:30:10 +0000 (09:30 +0100)]
ioemu: serial save/load fix
This patch fixes several bugs in serial.c
(1) A typo in serial_save() where qemu_get_8s is called (should be
qemu_put_8s)
(2) No support provided in serial_load() for version_id == 1 (should
unmarshal a 1 byte s->divider and should provide a default value
for s->fcr)
(3) Call serial_ioport_write() to initialize s->fcr. It is not
sufficient to load its value; other hidden values (such as
s->recv_fifo.itl) must be re-initialized.
Signed-off-by: Ben Guthro <bguthro@virtualiron.com>
Signed-off-by: Robert Phillips <rphillips@virtualiron.com>
Keir Fraser [Thu, 15 May 2008 15:40:51 +0000 (16:40 +0100)]
xend: Device configurations of suspended virtual machines are inaccessible
The device configurations of suspended virtual machines are
inaccessible even though for example the UUIDs of the VIFs and VBDs
are known and returned when VM.get_VIFs()/get_VBDs() is called, though
when trying to access their records for example, then handle is
reported as being invalid. This patch fixes this.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
Keir Fraser [Thu, 15 May 2008 14:10:05 +0000 (15:10 +0100)]
ioemu: Do not try to guess backing file format when using qcow vbds.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Keir Fraser [Thu, 15 May 2008 10:09:16 +0000 (11:09 +0100)]
x86, hvm: Support 2MB superpage allocations for HVM guests.
Signed-off-by: Xin Xiaohui <xiaohui.xin@intel.com>
Signed-off-by: Li Xin, B <xin.b.li@intel.com>
Signed-off-by: Wei Huang <wei.huang2@amd.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Thu, 15 May 2008 08:38:00 +0000 (09:38 +0100)]
x86: Fix an S3 bug caused by x_firmware_waking_vector
According to ACPI spec., x_firmware_waking_vector in FACS is for
waking up in protected mode and firmware_waking_vector is for in real
mode. Xen once use x_firmware_waking_vector which can make S3 failed
on some platform. This patch fixed the bug by using non-x one.
Signed-off-by: Huacai Chen <huacai.chen@intel.com>
Keir Fraser [Thu, 15 May 2008 08:36:38 +0000 (09:36 +0100)]
ioemu: Fix PVFB backend to limit frame buffer size
The recent fix to validate the frontend's frame buffer description
neglected to limit the frame buffer size correctly. This lets a
malicious frontend make the backend attempt to map an arbitrary amount
of guest memory, which could be useful for a denial of service attack
against dom0.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Isaku Yamahata [Thu, 15 May 2008 07:23:56 +0000 (16:23 +0900)]
merge with xen-unstable.hg
Isaku Yamahata [Thu, 15 May 2008 05:53:48 +0000 (14:53 +0900)]
[IA64] Build new infrastructure for fast fault handling path.
1. use jump table to dispatch virtualization faults.
2. for virtualization faults, handler is executed with psr.i=0, psr.ic=0,
psr.bn=0. less context switch.
3. use register stack instead of memory stack to switch context.
4. Use C code to handle faults as possible, to reduce maintanance efforts,
remove assembly handlers for rsm , ssm, mov to psr, mov to rr.
5. add fast path C handler for rsm, ssm, mov to psr, rfi.
Signed-off-by: Anthony Xu <anthony.xu@intel.com>
Isaku Yamahata [Thu, 15 May 2008 05:18:38 +0000 (14:18 +0900)]
[IA64] fix sal emulation.
fix sal emulation, SAL_SET_VECTORS, SAL_MC_SET_PARAMS.
It allowed any domains to change system wide state. But only
dom0 is able to change it.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Isaku Yamahata [Thu, 15 May 2008 05:18:38 +0000 (14:18 +0900)]
[IA64] remove warnings in replace_grant_host_mapping()
This patch removes warnings in replace_grant_host_mapping().
> mm.c: In function 'replace_grant_host_mapping':
> mm.c:2194: warning: 'new_page_mfn' may be used uninitialized in this function
> mm.c:2190: warning: 'old_pte.pte' may be used uninitialized in this function
> mm.c:2188: warning: 'cur_pte.pte' may be used uninitialized in this function
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Isaku Yamahata [Thu, 15 May 2008 05:18:38 +0000 (14:18 +0900)]
[IA64] remove warning in vmx_final_setup_guest()
This patch removes the warning in vmx_final_setup_guest()
> vmx_init.c:497: warning: unused variable 'sw'
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
Keir Fraser [Wed, 14 May 2008 13:12:53 +0000 (14:12 +0100)]
x86: Make MSI-X work with 64-bit BARs
The code for working out the base address of a 64-bit BAR currently
puts the two halves together in the wrong order and leaves the type
bits in the resulting value. It also treats
PCI_BASE_ADDRESS_MEM_TYPE_64 as a flag rather than an enumeration
value.
Signed-off-by: Neil Turton <nturton@solarflare.com>
Keir Fraser [Wed, 14 May 2008 12:55:26 +0000 (13:55 +0100)]
x86: Implement cpufreq ondemand policy
Based on initialized cpufreq infrustructure, setup a timer on
each PSD domain, periodicly sample cpu load and driver cpu to
some Px state according to cpu load and cpu coordination.
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
Keir Fraser [Wed, 14 May 2008 12:55:11 +0000 (13:55 +0100)]
x86: Setup cpufreq infrasturcture, driver and tools
Initializing basic Px data structure, setup cpufreq infrastructure:
* cpufreq data structure initializing, including freq table and policy;
* basic driver and tools, to measure freq or drive to Px target;
* setup _PSD domain to coordinately work;
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
Keir Fraser [Wed, 14 May 2008 12:50:46 +0000 (13:50 +0100)]
Get ACPI Px from dom0 and choose Px controller
Add platform op hypercall case to get ACPI Px info from dom0.
Chose Px controller from dom0 (cpufreq=dom0-kernel)
or hypervisor (cpufreq=xen).
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
Keir Fraser [Wed, 14 May 2008 12:25:19 +0000 (13:25 +0100)]
ia64: fix domain restore
A domain fails to restore on IA64 since cset 17524:
18727843db60.
This patch fixes it temporarily. Guest CPUID configuration for IA64
might be implemented in the future.
Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
Keir Fraser [Wed, 14 May 2008 08:52:25 +0000 (09:52 +0100)]
Fix XEN_SYSCTL_physinfo to handle NUMA info properly.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Wed, 14 May 2008 08:31:44 +0000 (09:31 +0100)]
hvm_op: Fix public header file to provide limited exposure to
tools-only interface.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Wed, 14 May 2008 08:19:05 +0000 (09:19 +0100)]
xend: fix block protocol mismatch on save/restore
The protocol field of the blkif interface is correct at startup for a
guest of a different mode from dom0 (eg. 32-bit dom0, 64-bit guest).
However, this property is not persisted on save, so a later restore
(or migrate) will setup the block interface with the wrong mode.
Signed-off-by: Herbert van den Bergh <herbert.van.den.bergh@oracle.com>
Signed-off-by: Kurt Hackel <kurt.hackel@oracle.com>
Keir Fraser [Wed, 14 May 2008 08:16:40 +0000 (09:16 +0100)]
qemu: Fix shift-insert behavior
This patch is related to Changeset 15635:
7bdc9f6407d3
<http://xenbits.xensource.com/staging/xen-unstable.hg?rev/
7bdc9f6407d3>
[PVFB] Fix shift key for graphical vnc display.
With above patch, if a user presses shift-insert, qemu sends shift
down, shift up, insert down and then another shift key down (see trace
below). This makes it impossible to do shift insert pasting or use
guest hot shifted-Fkeys.
Shift Insert trace:
do_key_event():1135 keycode:2a shift down
kbd_put_keycode():539 keycode:2a send shift down
do_key_event():1135 keycode:d2 insert down
kbd_put_keycode():539 keycode:aa send shift up
kbd_put_keycode():539 keycode:e0 send insert down
kbd_put_keycode():539 keycode:52
do_key_event():1135 keycode:d2 insert up
kbd_put_keycode():539 keycode:e0 send insert up
kbd_put_keycode():539 keycode:d2
kbd_put_keycode():539 keycode:2a send shift down
do_key_event():1135 keycode:2a shift up
kbd_put_keycode():539 keycode:aa send shift up
This patch adds a check for the keycode being shiftable, something
other than a keypad key, f1-12 , insert, del , etc. before allowing
the press_shift_up() operation.
Signed-off-by: Pat Campbell <plc@novell.com>
Keir Fraser [Wed, 14 May 2008 08:15:02 +0000 (09:15 +0100)]
qemu: Send unit_attention on cd-rom not_ready to ready transition
Patch sends a UNIT_ATTENTION(6), MEDIUM_MAY_HAVE_CHANGED(0x28) sense
when cdrom transitions from not ready to ready.
ATA Packet interface for CD-ROMS, SFF8020i.pdf. See state diagram
Figure 12, page 82 and Table 44 -recommended Sense Key, ASC
With patch in place HVM win2008 server guest sees the CD/DVD contents
have changed when the media is switched.
Signed-off-by: Pat Campbell <plc@novell.com>
Keir Fraser [Wed, 14 May 2008 08:13:48 +0000 (09:13 +0100)]
qemu: add 0xe0 prefix to r-ctrl and r-alt keycodes
Patch puts 0xe0 prefix before putting right alt or right cntrl
keycodes. Also adds keysm definition for ISO_Left_Tab.
Signed-off-by: Pat Campbell <plc@novell.com>
Keir Fraser [Wed, 14 May 2008 08:11:40 +0000 (09:11 +0100)]
ioemu: Fix handling of phy: block devices.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Keir Fraser [Tue, 13 May 2008 14:08:17 +0000 (15:08 +0100)]
ioemu: Fix PVFB backend to validate frontend's frame buffer description
A buggy or malicious frontend can describe its shared framebuffer to
the backend in a way that makes the backend map an arbitrary amount of
guest memory, malloc an arbitrarily large internal buffer, copy
arbitrary memory to that buffer, even beyond its end. A domU running
a malicious frontend can abuse the former two for denial of service
attacks against dom0. It can abuse the third to write arbitrary
backend memory. It can abuse all three to terminate or crash the
backend. Arbitrary code execution looks quite feasible.
In more detail (ignoring #ifdef CONFIG_STUBDOM code):
The frame buffer is described by the following parameters:
* fb_len (size of shared framebuffer)
* width, height, depth
* row_stride, offset
fb_len is fixed on startup. The frontend can modify the other
parameters by sending a XENFB_TYPE_RESIZE event.
xenfb_read_frontend_fb_config() limits fb_len according to backend
configuration parameter videoram (from xenstore), if present. I
believe videoram is not present by default.
xenfb_map_fb() uses fb_len to map the frontend's framebuffer.
The frontend can make it map arbitrarily much, unless limited by the
videoram configuration parameter. This flaw always existed.
xenfb_register_console() and xenfb_on_fb_event() pass width, height,
depth and rowstride to QEMU's DisplayState object. The object sets
itself up to work directly on the framebuffer (shared_buf true) if
parameters allow that. Else it allocates an internal buffer of size
height * width * depth / 8 (shared_buf false).
The frontend can make it allocate arbitrarily much. This flaw always
existed.
xenfb_register_console() and xenfb_on_fb_event() pass width, height,
depth and rowstride to QEMU's DisplayState object. The object sets
itself up to work directly on the framebuffer (shared_buf true) if
parameters allow that. Else it allocates an internal buffer of size
height * width * depth / 8 (shared_buf false).
The frontend can make it allocate arbitrarily much. This flaw was
introduced by the move of PVFB into QEMU (xen-unstable cset 16220
ff).
xenfb_on_fb_event() uses width and height to clip the area of an
update event. It then passes that area to xenfb_guest_copy().
xenfb_invalidate() passes the complete screen area to
xenfb_guest_copy(). xenfb_guest_copy() copies the argument area (x,
y, w, h) into the internal buffer, unless shared_buf is true. This
copies h blocks of memory. The i-th copy (counting from zero) copies
w * depth / 8 bytes
from
shared framebuffer + offset + (y + i) * row_stride + x * depth / 8
to
internal buffer + (y + i) * ds->linesize + x * ds->depth / 8
where ds->linesize and ds->depth are parameters of the internal buffer
chosen by the backend.
This copy can be made to read from the shared framebuffer and write to
the internal buffer out of bounds. I believe the frontend can abuse
this to write arbitrary backend memory.
The flaw in its current form was introduced by the move of PVFB into
QEMU (xen-unstable cset 16220 ff). Before, the framebuffer was always
shared.
From: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 13 May 2008 11:46:45 +0000 (12:46 +0100)]
[Xend/security] Refactor the code that recalculates the label during a policy update
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
Keir Fraser [Tue, 13 May 2008 11:43:24 +0000 (12:43 +0100)]
Xend: Fix blkif type check for tap devices.
Signed-off-by: Yosuke Iwamatsu <y-iwamatsu@ab.jp.nec.com>
Keir Fraser [Tue, 13 May 2008 09:40:49 +0000 (10:40 +0100)]
Intel vmx: To correctly detect default1 vmx features which may
actually be switched to 0, we must check VMX_BASIC_MSR[55] and
possibly check a set of 'true' feature MSRs.
Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 13 May 2008 09:19:54 +0000 (10:19 +0100)]
Fix guest boot if set empty cdrom in config file
This is because function "uname = config.get('uname', '')" returns '',
rather than None, if uname is not in config variable.
Signed-off-by: Xu Dongxiao <dongxiao.xu@intel.com>
Keir Fraser [Tue, 13 May 2008 09:16:54 +0000 (10:16 +0100)]
x86: Avoid deep recusrsion when destroying a domain and reaping pagetables.
From: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 13 May 2008 08:58:18 +0000 (09:58 +0100)]
Add extra CPUID config examples to sample HVM config file.
From: Jean Guyader <jean.guyader@eu.citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Tue, 13 May 2008 08:48:55 +0000 (09:48 +0100)]
XM/XenAPI: Add cdrom support when creating domains by xm through Xen API.
Signed-off-by: Yosuke Iwamatsu <y-iwamatsu@ab.jp.nec.com>
Keir Fraser [Tue, 13 May 2008 08:48:40 +0000 (09:48 +0100)]
XM/XenAPI: Add blktap support when creating domains by xm through Xen API.
Signed-off-by: Yosuke Iwamatsu <y-iwamatsu@ab.jp.nec.com>
Keir Fraser [Tue, 13 May 2008 08:47:52 +0000 (09:47 +0100)]
minios: free fbfront resources on error/shutdown
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Tue, 13 May 2008 08:21:28 +0000 (09:21 +0100)]
Add missing MSI related part in public pciif.h
Signed-off-by: Shan Haitao <Haitao.shan@intel.com>
Keir Fraser [Tue, 13 May 2008 08:20:23 +0000 (09:20 +0100)]
Further minor ssl relo fixes.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
Keir Fraser [Tue, 13 May 2008 08:19:07 +0000 (09:19 +0100)]
Fix relocation ssl/tls support
* Make a wrapper of read/write sock.fileno().
* Makes pyOpenSSL an optional package.
* Implement reference:
http://twistedmatrix.com/trac/browser/trunk/twisted/internet/tcp.py
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
Keir Fraser [Mon, 12 May 2008 10:19:09 +0000 (11:19 +0100)]
xend: Add syntax check for block devices
If we define wrong values to a disk parameter in domain configuration
files, we get an error message or a guest OS panic.
1. If we define a wrong disk type, xm create command error occurs
about 100 seconds later.
e.g. disk=['xyz:/xen/root-vm1.img,hda1,w']
2. If we forget a disk type, a guest OS panic occurs.
e.g. disk=['/xen/root-vm1.img,hda1,w']
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
Keir Fraser [Mon, 12 May 2008 10:16:43 +0000 (11:16 +0100)]
ioemu: Fix build: use uint64_t rather than u64.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Mon, 12 May 2008 10:01:21 +0000 (11:01 +0100)]
minios: free blkfront resources on error/shutdown
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Mon, 12 May 2008 09:36:27 +0000 (10:36 +0100)]
minios: free netfront resources on error/shutdown
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Mon, 12 May 2008 09:16:18 +0000 (10:16 +0100)]
x86: only print pages' mfn-s in dump_pageframe_info()
Printing page_to_maddr() and page_to_mfn() of the same page is
redundant, and _p(page_to_maddr(page)) is even incorrect on x86/PAE.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Keir Fraser [Mon, 12 May 2008 09:15:07 +0000 (10:15 +0100)]
x86: fix a few 32-on-64 compat mode issues
- handle VCPUOP_register_vcpu_info and VCPUOP_get_physid (and add
respective layout checks)
- add missing structure size check for struct vcpu_info
- add missing layout check for vcpu_set_periodic_timer
- handle VCPUOP_set_singleshot_timer via argument translation as the
structure sizes differ (due to padding in 64-bits)
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Keir Fraser [Mon, 12 May 2008 09:14:01 +0000 (10:14 +0100)]
ia64 pv-on-hvm: __XEN_INTERFACE_VERSION__ is needed to assemble
platform-pci/xcom_asm.S, otherwise incompatible kernel module is
built.
Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
Keir Fraser [Mon, 12 May 2008 09:13:15 +0000 (10:13 +0100)]
Fix xmexamples to reflect new meaning of cpus= config option.
Signed-off-by: Masaki Kanno <kanno.masaki@jp.fujitsu.com>
Keir Fraser [Mon, 12 May 2008 09:11:23 +0000 (10:11 +0100)]
stubdom: let lwIP check TCP sums as they are now correct.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Mon, 12 May 2008 09:10:45 +0000 (10:10 +0100)]
minios: clear FB content since _xmalloc may return non-zeroed memory
(in debug mode, notably).
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Mon, 12 May 2008 09:10:03 +0000 (10:10 +0100)]
pvfb/ioemu: transmit refresh interval advice from backend to frontend
which permits the frontend to avoid useless polls.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Mon, 12 May 2008 09:09:12 +0000 (10:09 +0100)]
ioemu: fix disk format security vulnerability
* make the xenstore reader in qemu-dm's startup determine which
of qemu's block drivers to use according to the xenstore
backend `type' field. This `type' field typically comes from
the front of the drive mapping string in ioemu. The
supported cases are:
xm config file string `type' image format qemu driver
phy:[/dev/]<device> phy raw image bdrv_raw
file:<filename> file raw image bdrv_raw
tap:aio:<filename> tap raw image bdrv_raw
tap:qcow:<image> tap not raw autoprobe
tap:<cow-fmt>:<image> tap named format bdrv_<cow-fmt>
It is still necessary to autoprobe when the image is specified as
`tap:qcow:<image>', because qemu distinguishes `qcow' and `qcow2'
whereas blktap doesn't; `qcow' in xenstore typically means what
qemu calls qcow2. This is OK because qemu can safely distinguish
the different cow formats provided we know it's not a raw image.
* Make the format autoprobing machinery never return `raw'. This has
two purposes: firstly, it arranges that the `tap:qcow:...' case
above can be handled without accidentally falling back to raw
format. Secondly it prevents accidents in case the code changes in
future: autoprobing will now always fail on supposed cow files which
actually contain junk, rather than giving the guest access to the
underlying file.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Keir Fraser [Mon, 12 May 2008 09:07:26 +0000 (10:07 +0100)]
x86 hvm: Support MSI-X for HVM domains.
Signed-off-by: Shan Haitao <Haitao.shan@intel.com>
Keir Fraser [Mon, 12 May 2008 09:06:40 +0000 (10:06 +0100)]
x86 hvm: Clean MSI related data when destroy domain.
Signed-off-by: Shan Haitao <Haitao.shan@intel.com>
Keir Fraser [Mon, 12 May 2008 09:01:01 +0000 (10:01 +0100)]
x86: Fix fatal page fault when vram dirty logic handles MMIO of passthrough devices.
Signed-off-by: Qing He <qing.he@intel.com>
Keir Fraser [Thu, 8 May 2008 15:58:33 +0000 (16:58 +0100)]
Clean up shadow code after the removal of non-PAE 32-bit builds
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Keir Fraser [Thu, 8 May 2008 13:33:31 +0000 (14:33 +0100)]
xend: Fix and improve error handling for failed suspend/migrate
This has been broken since cset 16964:
5d84464dc1fc
Also deal better with very early errors (close sender side socket)
Signed-off-by: Steven Hand <steven.hand@cl.cam.ac.uk>
Keir Fraser [Thu, 8 May 2008 13:32:11 +0000 (14:32 +0100)]
i386: Remove non-PAE hypervisor build target.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Thu, 8 May 2008 12:40:40 +0000 (13:40 +0100)]
Remove defunct powerpc port.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Thu, 8 May 2008 12:15:45 +0000 (13:15 +0100)]
shadow: drop guest VRAM write access after some idleness
If the video RAM has been kept clean for at least 2 seconds, we can
afford taking the time to drop guest write access, which allows us to
save the dirty bit scanning entirely until we get a guest page handle.
From: Samuel Thibault <samuel.thibault@eu.citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Keir Fraser [Thu, 8 May 2008 12:14:27 +0000 (13:14 +0100)]
minios: fix and enforce block_domain atomicity
To ensure that the timer event is not lost, block_domain requires that
event delivery is disabled. SCHEDOP_block re-enables them, so for
coherency (and fixing a bug actually), we should re-disable them
after. Also, make sure that the caller disabled them.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Thu, 8 May 2008 10:55:13 +0000 (11:55 +0100)]
minios: in non-x86 case, use wmb to enforce ordering between
evtchn_upcall_pending and evtchn_pending_sel stores.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Thu, 8 May 2008 10:53:39 +0000 (11:53 +0100)]
minios: clear the event before calling the handler since (especially
in the SMP case) the handler may make another domain send an event
again, and that must not be lost.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
Keir Fraser [Thu, 8 May 2008 10:27:22 +0000 (11:27 +0100)]
minios: fix port selection shifts
Event selectors span unsigned longs, whose size is not always 32 bits.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
projects / xen.git / log