dgit.raspbian.org Git

xenpaging: install into LIBEXEC dir

In preparation of upcoming libxl integration,
move xenpaging binary from /usr/sbin/ to /usr/lib/xen/bin/

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: retry unpageable gfns

Nomination of gfns can fail, but may succeed later.
Thats the case for a guest that starts ballooned.

v2:
- print debug when clearing uncosumed happens

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxc: add bitmap_clear function

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: improve mainloop exit handling

Remove the if/else logic to exit from the in case a signal arrives.
Update comments.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: move page add/resume loops into its own function.

Move page resume loop into its own function.
Move page eviction loop into its own function.
Allocate all possible slots in a paging file to allow growing and
shrinking of the number of paged-out pages. Adjust other places to
iterate over all slots.

This change is required by subsequent patches.

v2:
- check if victims allocation succeeded

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: track the number of paged-out pages

This change is required by subsequent changes.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: remove xc_dominfo_t from paging_t

Remove xc_dominfo_t from paging_t, record only max_pages.
This value is used to setup internal data structures.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: update xenpaging_init

Move comment about xc_handle to the right place.
Allocate paging early and use calloc.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: print gfn in failure case

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: simplify file_op

Catch lseek() errors.
Use -1 as return value and let caller read errno.
Remove const casts from buffer pointers, the page is writeable.
Use wrapper for write() which matches the read() prototype.
Remove unused stdarg.h inclusion.
Remove unused macro.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: use PERROR to print errno

v3:
- adjust arguments for xc_mem_paging_enable() failures
v2:
- move changes to file_op() to different patch

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: remove obsolete comment in resume path

Remove stale comment.
If a page was populated several times the vcpu is paused and
xenpaging has to unpause it again.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: remove filename from comment

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libvchan: fix segfault in client error path

In libvchan_client_init, go to the error path if the gntdev device is
not available. Otherwise, a segfault happens later as the vchan
context is invalid.

Signed-off-by: Anil Madhavapeddy <anil@recoil.org>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

tools/check: Add files missing from 24205:5c88358164cc

Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

tools: check for libaio unless user has configured CONFIG_SYSTEM_LIBAIO=n

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/mm: Fix liveness of pages in grant copy operations

We were immediately putting the p2m entry translation for grant
copy operations. This allowed for an unnecessary race by which the
page could have been swapped out between the p2m lookup and the actual
use. Hold on to the p2m entries until the grant operation finishes.

Also fixes a small bug: for the source page of the copy, get_page
was assuming the page was owned by the source domain. It may be a
shared page, since we don't perform an unsharing p2m lookup.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Ensure liveness of pages involved in a guest page table walk

Instead of risking deadlock by holding onto the gfn's acquired during
a guest page table walk, acquire an extra reference within the get_gfn/
put_gfn critical section, and drop the extra reference when done with
the map. This ensures liveness of the map, i.e. the underlying page
won't be paged out.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

libvchan: clean *.opic

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86: small fixes to pcpu platform op handling

XENPF_get_cpuinfo should init the flags output field rather than only
modify it.

XENPF_cpu_online must check for the input CPU number to be in range.

XENPF_cpu_offline must also do that, and should also reject attempts to
offline CPU 0 (this fails in cpu_down() too, but preventing this here
appears more correct given that the code here calls
continue_hypercall_on_cpu(0, ...), which would be flawed if cpu_down()
would ever allow bringing down CPU 0 (and a distinct error code is
easier to deal with when debugging issues).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86/mm: ASSERT we are putting the right gfn in the XENMAPSPACE_gmfn* cases

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: handle HVMOP_modified_memory on shared pages

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Signed-off-by: Adin Scannell <adin@scannell.ca>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: fix domain-paging's interaction with log-dirty

Allow pages typed log dirty to be paged out, and the proper type to
restored when paging pages back in.

Signed-off-by: Andres lagar-Cavilla <andres@lagarcavilla.org>
Signed-off-by: Adin Scannell <adin@scannell.ca>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/waitqueue: Because we have per-cpu stacks, we must wake up on teh
same cpu that we slept on. Otherwise stack references are bogus on
wakeup.

Signed-off-by: Keir Fraser <keir@xen.org>

waitqueue: Reorder prepare_to_wait() so that vcpu is definitely on the
queue on exit, even after a wakeup.

Otherwise, when we go round the loop in wait_event(), we may not
actually sleep after the first iteration, as we do not put ourselves
back on the queue on wakeup.

Signed-off-by: Keir Fraser <keir@xen.org>

waitqueue: Detect saved-stack overflow and crash the guest.

Signed-off-by: Keir Fraser <keir@xen.org>

Properly compare "pci" token when groking serial port config

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Committed-by: Keir Fraser <keir@xen.org>

Trivial fix for rc val in hap track dirty vram

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Committed-by: Keir Fraser <keir@xen.org>

hvmloader: Intel GPU passthrough, reverse OpRegion

The Intel GPU uses a two pages NVS region called OpRegion.
In order to get full support for the driver in the guest
we need to map this region.

This patch reserves 2 pages on the top of the memory in the
reserved area and mark this region as NVS in the e820. Then
we write the address to the config space (offset 0xfc) so the
device model can map the OpRegion at this address in the guest.

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

x86/mm/p2m: don't overwrite m2p entry of still-shared pages

When updating a p2m mapping to shared, previous code
unconditionally set the m2p entry for the old mfn to invalid.
We now check that the old mfn does not remain shared.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: change return code for log-dirty disabling

Disabling log dirty mode in HAP always returns -EINVAL. Make it
return the correct rc on success.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Signed-off-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm/p2m: fix pod locking

The path p2m-lookup -> p2m-pt->get_entry -> 1GB PoD superpage ->
pod_demand_populate ends in the pod code performing a p2m_set_entry with
no locks held (in order to split the 1GB superpage into 512 2MB ones)

Further, it calls p2m_unlock after that, which will break the spinlock.

This patch attempts to fix that.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

ia64: build fixes (again)

This undoes a single change from c/s 24136:3622d7fae14d
(common/grant_table.c) and several from c/s 24100:be8daf78856a
(common/memory.c). It also completes the former with two previously
missing ia64 specific code adjustments. Authors Cc-ed.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>

libxl: Prevent xl save from segfaulting when control/shutdown key is removed

To acknowledge the tools' setting of control/shutdown it is normal for
PV drivers to rm the key. This leads to libxl__xs_read() returning
NULL and thus a subsequent strcmp on the return value will cause a
segfault.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

tools: use system libaio for blktap1 as well.

24184:4ecd3615e726 missed this because I was accidentally testing with a
.config containing CONFIG_SYSTEM_LIBAIO=n. Tools tree now fully rebuilt
without this. There were no other issues.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

docs: remove some fatally out of date documentation

I think these are better off deleted than remaining to confuse people.

docs/misc/blkif-drivers-explained.txt:

- Talks about Xen 2.0 beta, talks about the old pre-xenstored IPC mechanism.

docs/misc/cpuid-config-for-guest.txt:

- Doesn't really say anything, in particular doesn't actually describe how to
   configure CPUID.

docs/misc/hg-cheatsheet.txt:

- Not out of date per-se wrt mercural but talk about Xen 2.0 and gives URLs
   under www.cl.cam.ac.uk. Talks a lot about bitkeeper. Given that mercurial is
   hardly unusual anymore I think there must be better guides out there so this
   one is not worth resurecting.

docs/misc/network_setup.txt:

- This is more comprehensively documented on the wiki these days.

docs/misc/VMX_changes.txt:

- Is basically a changelog from the initial implementation of VMX in 2004.

I'm not sure about some of the other docs, but these ones seemed fairly
obvious.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

tools: use system installed libaio by default.

I could have sworn I did this years ago.

IIRC the need for our own copy was due to the use of io_set_eventfd which is
not present in version 0.3.106. However it is in 0.3.107 the first version of
which was uploaded to Debian in June 2008 (I can't find a better reference for
the release date).

The necessary version is available in Debian Lenny onwards and is in at least
RHEL 6, Fedora 13 and OpenSuSE 11.3. The necessary version appears to not be
available in RHEL 5 or SLES 11 which is why I haven't simply nuked the in tree
version.

This is based on tools-system-libaio.diff from the Debian packaging although I
have made it optional (but default on).

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

Merge

xenstore: xenbus cannot be opened read-only

In order to read keys from xenstore, the xenstore libraries need to
write the request to the xenbus socket. This means that the socket
cannot be opened read-only.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

move pci_find_ext_capability() into common PCI code

There's nothing architecture specific about it. It requires, however,
that x86-32's pci_conf_read32() tolerates register accesses above 255
(for consistency the adjustment is done to all pci_conf_readNN()
functions).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

libxl: Add a vkbd frontend/backend pair for HVM guests

Linux PV on HVM guests can use vkbd, so add a vkbd frontend/backend
pair for HVM guests by default. It is useful because it doesn't
require frequent qemu wakeups as the usb keyboard/mouse does.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

Update QEMU_TAG

debug: Add domain/vcpu pause_count info to 'd' key.

Signed-off-by: Keir Fraser <keir@xen.org>

xsm/flask: fix resource list range checks

The FLASK security checks for resource ranges were not implemented
correctly - only the permissions on the endpoints of a range were
checked, instead of all items contained in the range. This would allow
certain resources (I/O ports, I/O memory) to be used by domains in
contravention to security policy.

This also corrects a bug where adding overlapping resource ranges did
not trigger an error.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>

xsm/flask: Use correct flag to detect writable grant mappings

The flags passed to xsm_grant_mapref are the flags from the map
operation (GNTMAP_*), not status flags (GTF_*).

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Keir Fraser <keir@xen.org>

amd iommu: Support INVALIDATE_IOMMU_ALL command.

It is one of the new architectural commands supported by iommu v2.
It instructs iommu to clear all address translation and interrupt
remapping caches for all devices and all domains.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Keir Fraser <keir@xen.org>

amd iommu: Factor out iommu command handling functions,
and move them into a new file.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Keir Fraser <keir@xen.org>

amd iommu: Fix incorrect definitions.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Keir Fraser <keir@xen.org>

amd iommu: Advertise iommu extended feature bits to xen.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Keir Fraser <keir@xen.org>

x86,waitqueue: Allocate whole page for shadow stack.

Signed-off-by: Keir Fraser <keir@xen.org>

x86,vmx: Remove broken and unused __vmptrst().

Signed-off-by: Keir Fraser <keir@xen.org>

hvmloader: Fix memory relocation loop.

Signed-off-by: Keir Fraser <keir@xen.org>

x86/vioapic: clear remote IRR when switching RTE to edge triggered mode

Xen itself (as much as Linux) relies on this behavior, so it should
also emulate it properly. Not doing so reportedly gets in the way of
kexec inside a HVM guest.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Olaf Hering <olaf@aepfle.de>

x86: Fix RCU locking in XENMEM_add_to_physmap.

Signed-off-by: Keir Fraser <keir@xen.org>

iommu: Introduce per cpu flag (iommu_dont_flush_iotlb) to avoid unnecessary iotlb flush

Add cpu flag that will be checked by the iommu low level code
to skip iotlb flushes. iommu_iotlb_flush shall be called explicitly.

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

hvmloader: Change memory relocation loop when overlap with PCI hole

Change the way we relocate the memory page if they overlap with pci
hole.  Use new map space (XENMAPSPACE_gmfn_range) to move the loop
into xen.

This code usually get triggered when a device is pass through to a
guest and the PCI hole has to be extended to have enough room to map
the device BARs.  The PCI hole will starts lower and it might overlap
with some RAM that has been alocated for the guest. That usually
happen if the guest has more than 4G of RAM.  We have to relocate
those pages in high mem otherwise they won't be accessible.

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

mm: New XENMEM space, XENMAPSPACE_gmfn_range

XENMAPSPACE_gmfn_range is like XENMAPSPACE_gmfn but it runs on
a range of pages. The size of the range is defined in a new field.

This new field .size is located in the 16 bits padding between .domid
and .space in struct xen_add_to_physmap to stay compatible with older
versions.

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

add_to_physmap: Move the code for XENMEM_add_to_physmap

Move the code for the XENMEM_add_to_physmap case into it's own
function (xenmem_add_to_physmap).

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

iommu: Introduce iommu_flush and iommu_flush_all.

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

vtd: Refactor iotlb flush code

Factorize the iotlb flush code from map_page and unmap_page into
it's own function.

Signed-off-by: Jean Guyader <jean.guyader@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

sched_sedf: Avoid panic when adjusting sedf parameters

When using sedf scheduler in a cpupool the system might panic when
setting sedf scheduling parameters for a domain. Introduces
for_each_domain_in_cpupool macro as it is usable 4 times now. Add
appropriate locking in cpupool_unassign_cpu().

Signed-off-by: Juergen Gross <juergen.gross@ts.fujitsu.com>
Committed-by: Keir Fraser <keir@xen.org>

hvmloader: Add configuration options to selectively disable S3 and S4 ACPI power states.

Introduce acpi_s3 and acpi_s4 configuration options (default=1). The
S3 and S4 packages are moved into separate SSDTs and their inclusion
is controlled by the new configuration options.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

hvmloader: Move acpi_enabled out of hvm_info_table into xenstore

Since hvmloader has a xentore client, use a platform key in xenstore
to indicate whether ACPI is enabled or not rather than the shared
hvm_info_table structure.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

x86/xsave: provide guests with finit-like environment

Without the use of xsave, guests get their initial floating point
environment set up with finit. At least NetWare actually depends on
this (in particular on all exceptions being masked), so to be
consistent set the same environment also when using xsave. This is
also in line with all SSE exceptions getting masked initially.

To avoid further fragile casts in xstate_alloc_save_area() the patch
also changes xsave_struct's fpu_see member to have actually usable
fields.

The patch was tested in its technically identical, but modified-file-
wise different 4.1.2 version.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Charles Arnold <carnold@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86/IRQ: prevent vector sharing within IO-APICs

Following the prevention of vector sharing for MSIs, this change
enforces the same within IO-APICs: Pin based interrupts use the IO-APIC
as their identifying device under the AMD IOMMU (and just like for
MSIs, only the identifying device is used to remap interrupts here,
with no regard to an interrupt's destination).

Additionally, LAPIC initiated EOIs (for level triggered interrupts) too
use only the vector for identifying which interrupts to end. While this
generally causes no significant problem (at worst an interrupt would be
re-raised without a new interrupt event actually having occurred), it
still seems better to avoid the situation.

For this second aspect, a distinction is being made between the
traditional and the directed-EOI cases: In the former, vectors should
not be shared throughout all IO-APICs in the system, while in the
latter case only individual IO-APICs need to be contrained (or, if the
firmware indicates so, sub- groups of them having the same GSI appear
at multiple pins).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

x86/IO-APIC: refine EOI-ing of migrating level interrupts

Rather than going through all IO-APICs and calling io_apic_eoi_vector()
for the vector in question, just use eoi_IO_APIC_irq().

This in turn allows to eliminate quite a bit of other code.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

elf: Fix Elf64 types and structs to match the specification.

The layouts were actually correct, but the type names were a bit
messed up.

Original patch by Volker Eckert <volker.eckert@citrix.com>
Signed-off-by: Keir Fraser <keir@xen.org>

x86/emulator: add feature checks for newer instructions

Certain instructions were introduced only after the i686 or original
x86-64 architecture, so we should not try to emulate them if the guest
is not seeing the respective feature enabled (or, worse, if the
underlying hardware doesn't support them). This affects fisttp,
movnti, and cmpxchg16b.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Keir Fraser <keir@xen.org>

test_x86_emulator: add a "run" target to the test code makefile

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Keir Fraser <keir@xen.org>

x86_emulate: Define and use BUG() and bool_t.

Original patch by Jan Beulich <jbeulich@suse.com>
Signed-off-by: Keir Fraser <keir@xen.org>

test_x86_emulate: Get public Xen headers via tools/include.

Signed-off-by: Keir Fraser <keir@xen.org>

x86-64/test_x86_emulate: fix blowfish test

Incorrect register usage in the _start() wrapper caused the 64-bit
execution emulation to fail.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Keir Fraser <keir@xen.org>

[shadow] Disable higher level pagetables early unshadow only when the "process dying" hypercall is used.

This patch fixes a performance problem in fully virtualized guests.

Signed-off-by: Gianluca Guida <gianluca.guida@citrix.com>
Tested-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Keir Fraser <keir@xen.org>

hvm: introduce HVM_PARAM_BUFIOREQ_EVTCHN

Introduce an event channel for buffered io event notifications,
advertise the port number using an hvm param. This way the device
model is not forced to check the buffered io page for data several
times a second for the entire life of the VM (buffered io is mostly
used for stdvga emulation in Xen that is switched off after the guest
goes into graphical mode).

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

KEXEC cleanup: IA64 specific functions should not live in generic header files

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

ia64: fix the build

This addresses all remaining build problems introduced over the last
several months.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

xen: avoid crash enabling turbo mode

On a system which has not had P-state information pushed down into the
hypervisor running "xenpm enable-turbo-mode" will reliably crash the host.

(XEN) PM OP 38 on CPU0
(XEN) ----[ Xen-4.2-unstable  x86_64  debug=y  Not tainted ]----
(XEN) CPU:    0
(XEN) RIP:    e008:[<ffff82c48013ceed>] cpufreq_enable_turbo+0x1d/0x29
(XEN) RFLAGS: 0000000000010297   CONTEXT: hypervisor
(XEN) rax: 0000000000000000   rbx: ffff82c48029fe40   rcx: 0000000000000000
(XEN) rdx: 0000000000000000   rsi: 000000000000000a   rdi: 0000000000000000
(XEN) rbp: ffff82c48029fd08   rsp: ffff82c48029fd08   r8:  0000000000000004
(XEN) r9:  0000000000000000   r10: 00000000fffffffd   r11: ffff82c480218f20
(XEN) r12: ffff830106e720b0   r13: 0000000000000000   r14: ffff82c4802bff80
(XEN) r15: ffff82c48025c0e4   cr0: 000000008005003b   cr4: 00000000000026f0
(XEN) cr3: 000000011f459000   cr2: 0000000000000051
(XEN) ds: 007b   es: 007b   fs: 00d8   gs: 0033   ss: 0000   cs: e008
(XEN) Xen stack trace from rsp=ffff82c48029fd08:
(XEN)    ffff82c48029fdb8 ffff82c48014c427 ffff82c48029fd98 ffff82c48016b2d6
(XEN)    ffff82c48029fdb8 ffff82c48029fd60 00000000001196c5 0000000116bbe025
(XEN)    0000000116bbe025 ffff8301196c5338 ffff82f6022d77c0 0000000000000000
(XEN)    ffff82f60205edf0 0000000000000000 0000000000000000 ffff8300dffba000
(XEN)    ffff82c48029fdb8 ffff82c48029ff18 0000000008050004 0000000000000000
(XEN)    ffff82c4802bff80 ffff82c48025c0e4 ffff82c48029fef8 ffff82c480124fd8
(XEN)    0000000000000000 ffff83011f48c000 0000000116bbe025 0000000000000025
(XEN)    ffff82c48029fe28 0000000080167722 ffff82c48029ff08 ffff83011f48c000
(XEN)    ffff82f60232d8a0 ffff8300dffba000 ffff83011f48c000 ffff82f60232d8a0
(XEN)    ffff82c48029fed8 ffff82c48017296a 000000080000000c 0000000000000026
(XEN)    bfb338b000000000 bfb33874bfb33868 b78988f800000000 0000008800000000
(XEN)    b787a6e0b78533a0 ffffffff00000001 080487aeb7897ff4 bfb3389000000001
(XEN)    b7898ab0b7889626 0000000100000000 0000000000000001 0804867800000001
(XEN)    000000000804e998 00000000b78533a0 bfb33e70bfb33a7c 0000000000000000
(XEN)    0000000000000000 ffff8300dffba000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 00007d3b7fd600c7 ffff82c48021511e
(XEN)    00000000c1002467 0000000000000023 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 00000000dbf5bef8 0000000008050004
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000023 00000000bfb33874 00000000bfb33868 0000000000000000
(XEN) Xen call trace:
(XEN)    [<ffff82c48013ceed>] cpufreq_enable_turbo+0x1d/0x29
(XEN)    [<ffff82c48014c427>] do_pm_op+0x884/0x8e7
(XEN)    [<ffff82c480124fd8>] do_sysctl+0x6d8/0x9f0
(XEN)    [<ffff82c48021511e>] compat_hypercall+0xae/0x107
(XEN)
(XEN) Pagetable walk from 0000000000000051:
(XEN)  L4[0x000] = 0000000116dbc027 000000000001bd22
(XEN)  L3[0x000] = 0000000119ba8027 000000000001eb36
(XEN)  L2[0x000] = 0000000000000000 ffffffffffffffff
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) FATAL PAGE FAULT
(XEN) [error_code=0000]
(XEN) Faulting linear address: 0000000000000051
(XEN) ****************************************
(XEN)

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

hvmloader: Move acpi_info structure out from low memory.

This avoids a conflict with SeaBIOS's memory management. Moreover
there is no reason that acp_info must live below 1MB, and moving it
out actually simplifies our code.

Signed-off-by: Keir Fraser <keir@xen.org>

tools/check: check for headers and libraries in user defined folders.

Parse EXTRA_INCLUDES, EXTRA_LIB, PREPEND_INCLUDES, PREPEND_LIB,
APPEND_INCLUDES, APPEND_LIB during checks, to search for required
files.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

tools/build: Introduce {PREPEND,APPEND}_{LIB,INCLUDES}

Create two new variables called APPEND_ and PREPEND_ to add compile
flags at the beginning or at the end of the search path.

Added a new semantic for user defined compile flags, here is the list
of possible options:

PREPEND_LIB: add libraries to the search path before xen
             (before xen installation folders).
PREPEND_INCLUDES: add headers to the search path before xen
                  (before xen installation folders).
APPEND_LIB: add libraries to the search path at the end
            (after all xen installation folders have been added).
APPEND_INCLUDES: add libraries to the search path at the end
                 (after all xen installation folders have been added).

EXTRA_INCLUDES and EXTRA_LIB can still be used, and they will have the
same effect as PREPEND_INCLUDES and PREPEND_LIB.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

tools: xend: tolerate empty state/*.xml

Bugzilla 1680: Xend fails to start if /var/lib/xend/state/*.xml are empty
which I get often when replacing the Xen hypervisor with a newer version.

This can be easily be reproduced under Fedora Core 16 by installing
xen RPMs and then replacing the xen.gz with a newer version.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: Anthony Low <shinji@pikopiko.org>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

docs: report if we do not build a doc due to lack of the necessary tool

Previously only some targets did this. An alternative would be to make a hard
dependency on these tools, this might make more sense especially for markdown?

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

xenpaging: munmap all pages after page-in

Do munmap() on all mapped pages, not just the first one. Without this
change the gfns backing the remaining pages can not be paged out again
because the page count does not go down to 1. This change was missing
from changeset 23827:d1d6abc1db20.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

Revert c/s 23666:b96f8bdcaa15 KEXEC: disconnect all PCI devices from the PCI bus on crash

It turns out that this causes all mannor of problems on certain
motherboards (so far with no pattern I can discern)

Problems include:
* Hanging forever checking hlt instruction.
* Panics when trying to change switch root device
* Drivers hanging when trying to check for interrupts.

From: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Keir Fraser <keir@xen.org>
Committed-by: Keir Fraser <keir@xen.org>

Modify naming of queries into the p2m

Callers of lookups into the p2m code are now variants of get_gfn. All
callers need to call put_gfn. The code behind it is a no-op at the
moment, but will change to proper locking in a later patch.

This patch does not change functionality. Only naming, and adds
put_gfn's.

set_p2m_entry retains its name because it is always called with
p2m_lock held.

This patch is humongous, unfortunately, given the dozens of call sites
involved.

After this patch, anyone using old style gfn_to_mfn will not succeed
in compiling their code. This is on purpose: adapt to the new API.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Keir Fraser <keir@xen.org>

ia64: introduce atomic_{read,write}NN()

These are required to be able to build certain portions of common code.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

Decompressors: check input size in unlzo.c

From: Lasse Collin <lasse.collin@tukaani.org>

The code assumes that the input is valid and not truncated. Add checks to
avoid reading past the end of the input buffer. Change the type of "skip"
from u8 to int to fix a possible integer overflow.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

Decompressors: check for write errors in unlzo.c

From: Lasse Collin <lasse.collin@tukaani.org>

The return value of flush() is not checked in unlzo(). This means that
the decompressor won't stop even if the caller doesn't want more data.
This can happen e.g. with a corrupt LZO-compressed initramfs image.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

Decompressors: validate match distance in unlzma.c

From: Lasse Collin <lasse.collin@tukaani.org>

Validate the newly decoded distance (rep0) in process_bit1(). This is to
detect corrupt LZMA data quickly. The old code can run for long time
producing garbage until it hits the end of the input.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

Decompressors: check for write errors in unlzma.c

From: Lasse Collin <lasse.collin@tukaani.org>

The return value of wr->flush() is not checked in write_byte(). This
means that the decompressor won't stop even if the caller doesn't want
more data. This can happen e.g. with corrupt LZMA-compressed initramfs.
Returning the error quickly allows the user to see the error message
quicker.

There is a similar missing check for wr.flush() near the end of unlzma().

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

Decompressors: check for read errors in unlzma.c

From: Lasse Collin <lasse.collin@tukaani.org>

Return value of rc->fill() is checked in rc_read() and error() is called
when needed, but then the code continues as if nothing had happened.

rc_read() is a void function and it's on the top of performance critical
call stacks, so propagating the error code via return values doesn't sound
like the best fix. It seems better to check rc->buffer_size (which holds
the return value of rc->fill()) in the main loop. It does nothing bad
that the code runs a little with unknown data after a failed rc->fill().

This fixes an infinite loop in initramfs decompression if the
LZMA-compressed initramfs image is corrupt.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

Decompressors: fix header validation in unlzma.c

From: Lasse Collin <lasse.collin@tukaani.org>

Validation of header.pos calls error() but doesn't make the function
return to indicate an error to the caller. Instead the decoding is
attempted with invalid header.pos. This fixes it.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

Decompressors: remove unused function from unlzma.c

From: Lasse Collin <lasse.collin@tukaani.org>

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

bzip2: Add missing checks for malloc returning NULL

From: Phillip Lougher <phillip@lougher.demon.co.uk>

Signed-off-by: Phillip Lougher <phillip@lougher.demon.co.uk>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

Decompressors: get rid of set_error_fn() macro

From: Lasse Collin <lasse.collin@tukaani.org>

set_error_fn() is a useless complication. Only unlzma.c had some use
for it and that was easy to change too.

This also gets rid of the static function pointer "error".

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>

multicall: don't ignore failure from __copy_to_guest() upon preemption

At once adjust perf counter updates to also count calls from here even
if a guest memory access failed.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86/amd-ucode: further turn down verbosity

Turn up the log level on various (mostly debug-only) messages.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86: quiesce cpuidle code

So far these messages got pointlessly (as the code in other places
assumes symmetric configuration) emitted once per CPU. Hide the debug
one behind opt_cpu_info, and issue the info one just once (if the code
gets adjusted to support assymtric configurations, this would need to
be revisited, but ideally without producing per-CPU messages again).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

amd iommu: Introduce iommu_has_cap() function

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

amd iommu: Compress hyper-transport flags into a single byte

These flags are single bit, no need to be saved as integers.
Add 3 inline helpers to make single bit access easier.
Introduce iommu_has_ht_flag and set_iommu_ht_flags

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>