dgit.raspbian.org Git

Correct p2m unlocking during grant table map

We were not putting gfn's consistently.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Don't ASSERT() for a valid mfn on paged p2m entries in guest_physmap_ad

Signed-off-by: Adin Scannell <adin@scannell.ca>
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Improve ring management for memory events. Do not lose guest events

This patch is an amalgamation of the work done by Olaf Hering <olaf@aepfle.de>
and our work.

It combines logic changes to simplify the memory event API, as well as
leveraging wait queues to deal with extreme conditions in which too many
events are generated by a guest vcpu.

In order to generate a new event, a slot in the ring is claimed. If a
guest vcpu is generating the event and there is no space, it is put on a
wait queue. If a foreign vcpu is generating the event and there is no
space, the vcpu is expected to retry its operation. If an error happens
later, the function returns the claimed slot via a cancel operation.

Thus, the API has only four calls: claim slot, cancel claimed slot, put
request in the ring, consume the response.

With all these mechanisms, no guest events are lost.
Our testing includes 1. ballooning down 512 MiBs; 2. using mem access n2rwx, in
which every page access in a four-vCPU guest results in an event, with no vCPU
pausing, and the four vCPUs touching all RAM. No guest events were lost in
either case, and qemu-dm had no mapping problems.

Signed-off-by: Adin Scannell <adin@scannell.ca>
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

add NULL checks in code added by 24492:6c104b46ef89

Also a couple of missing is_hvm_domain() checks.

Further properly pass the PCI segment in a call to pci_get_pdev().

Signed-off-by: Jan Beulich <jbeulich@suse.com>

libxl: VM generation ID: Add missing gate for HVM domain.

This will fix localhost migrate failures found by the automatic tests.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

sched_credit: Use delay to control scheduling frequency

This patch can improve Xen performance:
1. Basically, the "delay method" can achieve 11% overall performance
boost for SPECvirt than original credit scheduler.
2. We have tried 1ms delay and 10ms delay, there is no big difference
between these two configurations. (1ms is enough to achieve a good
performance)
3. We have compared different load level response time/latency (low,
high, peak), "delay method" didn't bring very much response time
increase.
4. 1ms delay can reduce 30% context switch at peak performance, where
produces the benefits. (int sched_ratelimit_us = 1000 is the
recommended setting)

Signed-off-by: Hui Lv <hui.lv@intel.com>
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

Move IOMMU faults handling into softirq for VT-d.

Dealing with interrupts from VT-d IOMMU(s) is deferred to a
softirq-tasklet, raised by the actual IRQ handler. Since a new
interrupt is not generated, even if further faults occur, until we
cleared all the pending ones, there's no need of disabling IRQs, as
the hardware does it by its own. Notice that this may cause the log
to overflow, but none of the existing entry will be overwritten.

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

libxl: drop vfs path -- fsback/front were deleted some time ago

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

ocaml: Correct ocaml type name for Aggregate types.

No change to the generated code because this path isn't used yet.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

cleanup get_gfn_from_base_reg() function.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

fix compat header generation after 24503:86b8a1e3a419

At once also remove the duplicate forced inclusion of
public/xen-compat.h there (it's already done through cppflags-y) and
convert --include to the canonical -include in said c/s' adjustments
to CFLAGS-y and AFLAGS-y.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

sedf: remove useless tracing printk and harmonize comments style.

sched_sedf.c used o have its own mechanism for producing tracing-alike
kind of information (domain block, wakeup, etc.). Nowadays, with an
even not so high number of pCPUs/vCPUs, just trying to enable this
makes the serial console completely unusable, produces tons of very
hard to parse and interpreet logging and can easily livelock
Dom0. Moreover, pretty much the same result this is struggling to get
to, is better achieved by enabling the scheduler-related tracing
events, as it is for the other schedulers (say, credit or credit2).

For all these reasons, this removes that machinery completely. While
at it, check in some cosmetics that harmonize the comments withim
themself and with the rest of the code base.

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>

x86: Make asmlinkage explicitly a no-op, and avoid usage in arch/x86

Signed-off-by: Keir Fraser <keir@xen.org>

libxl: Fix leaks on context init failure

Several of the error exits from libxl_ctx_alloc leaked the context
struct itself and sometimes other resources too.

Fix this by using the standard "rc = ERROR_FOO; goto out" error
handling style throughout.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: Provide more formal libxl__ctx_lock and _unlock

Previously the only official interface for the ctx lock was the
CTX_LOCK and CTX_UNLOCK convenience macros, which assume and use "ctx"
from the surrounding scope.

Instead, provide libxl__ctx_lock and _unlock functions which can be
used by these convenience macros, and other callers who have
nonstandard requirements.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: move a lot more includes into libxl_internal.h

Move a lot of
  #include <stdfoo.h>
from individual files into libxl_internal.h.  This helps avoid
portability mistakes where necessary system headers are omitted from
individual files, and is also of course a convenience when developing.

Also add
  #include "libxl_osdeps.h" /* must come before any other headers */
to the top of most libxl*.c files, so that anyone who adds any headers
before libxl_internal.h will put the in the right place.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

xenstore: New function xs_path_is_subpath

This utility function compares two paths, textually and reports
whether one is a subpath (a child path) of the other.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

libxl: make LIBXL_INIT_GC a statement, not an initialiser

Previously LIBXL_INIT_GC was an initialiser, which you were expected
to use like this:
    libxl__gc gc = LIBXL_INIT_GC(ctx);

But we are going to want to put things in the gc which are to be
initialised using other macros.  That means that LIBXL_INIT_GC has to
become a statement too.  So instead, we make it so that it's used like this:
    libxl_gc gc;
    LIBXL_INIT_GC(gc,ctx);

In fact there are only a couple of callers now,
including GC_INIT which uses this trick:
    libxl_gc gc[1];
    LIBXL_INIT_GC(gc[0],ctx);

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

.gitignore: ocaml: add xenlight.mli

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>

remove inclusion of asm/config.h

This was always bogus (xen/config.h should have been used instead) and
is superfluous now that xen/config.h gets included through the compiler
command line.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

force inclusion of xen/config.h through compiler option

As we expect all source files to include the header as the first thing
anyway, stop doing this by repeating the inclusion in each and every
source file (and in many headers), but rather enforce this uniformly
through the compiler command line.

As a first cleanup step, remove the explicit inclusion from all common
headers. Further cleanup can be done incrementally.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

libxl: fix build with make prior to 3.81

Up to 3.80, make only supported simple 'else' constructs, which got
violated by 24432:e0effa7c04f5.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

.gitignore

Introduce a .gitignore file for the convenience of people who use git.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/mm: Fix operator associativity bug in mm-locks.h

In an order-enforcing wrapper for an "external" recursive lock,
we aim to increment/decrement a recurse count and only update the
lock ordering on zero counts.

Unfortunately we incrementing/decrementing the pointer to the
recurse count, rather than the count itself.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86-64: globally use -mno-sse

This eliminates pointless prologue code from functions having variable
argument lists (since that way xmm registers can't possibly be passed).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86: properly define size_t

Having it defined unilaterally as 'unsigned long' got me surprised
recently when I tried to use the 'z' printk type modifier, as that is
expected by the compiler to be used only on the type it knows size_t
is supposed to have.

Generally the compiler provides a construct to do this, so use it when
available.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Acked-by: Christoph Egger <Christoph.Egger@amd.com>

x86: move and fold certain type property definitions

Not only is it less code to have them consolidated, it also permits
their use virtually everywhere (since config.h is required to be
included everywhere. (Shouldn't we, btw, follow Linux and remove the
explicit inclusion in favor of command line enforced one?)

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

amd iommu: Enable FC bit in iommu host level PTE

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

amd iommu: add ppr log processing into iommu interrupt handling

PPR log and event log share the same interrupt source. Interrupt
handler should check both of them.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

amd iommu: Enable guest level translation

Similar to nested paging for SVM, IOMMUv2 supports two level
translations for DMA. This patch enables this feature.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

amd iommu: Enable ppr log

IOMMUv2 writes peripheral page service request (PPR) records into ppr
log to report guest OS pending DMA page requests from ATS devices.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

amd iommu: Add iommu emulation for hvm guest

ATS device driver that support PASID [1] and PRI [2] capabilites needs
to work with iommu driver in guest OS. We have to expose iommu
functionality to HVM guest, if we want assign ATS device to it. A new
hypervisor mmio handler is added to intercept iommu mmio accesses from
guest.

Signed-off-by: Wei Wang <wei.wang2@amd.com>
[1] http://www.pcisig.com/specifications/pciexpress/specifications/ECN-PASID-ATS-2011-03-31.pdf
[2] http://www.pcisig.com/members/downloads/specifications/iov/ats_r1.1_26Jan09.pdf
Committed-by: Jan Beulich <jbeulich@suse.com>

amd iommu: Introduces new helper functions to simplify bitwise operations

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

amd iommu: Refactoring iommu ring buffer definition

Introduce struct ring_buffer to represent iommu cmd buffer, event log and ppr log

Signed-off-by: Wei Wang <wei.wang2@amd.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

move declarations of some required per-arch functions into common headers

... since it is pointless to have each arch declare them on their own
(and now and the - see ia64 - forget to do so).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

ia64: fix build (once again)

24423:069c08b7de46 failed to add a necessary include, and for a long
time kexec.h suffered from a missing structure forward declaration.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86/mm: Code style fixes in mem_sharing.c

No functional changes, only code style issues.

One small diff in mem_sharing_gref_to_gfn() looks like a logic change,
but it's not. The flow was confusing, so it's been clarified.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Signed-off-by: Adin Scannell <adin@scannell.ca>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Disable paging_prep

The only way to page-in a page is now the safe paging_load domctl.
(Unless the page was never paged out in the first place)

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86/mm: Allow a page in p2m_ram_paged_out state to be loaded

This removes the need for a page to be accessed in order to be pageable
again. A pager can now page-in pages at will with no need to map them
in a separate thread.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

x86: add a new SMP bring up way for tboot case

From: Wei, Gang <gang.wei@intel.com>

tboot may be trying to put APs waiting in MWAIT loops before launching
Xen. Xen could check the new flag field in v6 tboot shared page for the
hint. If TB_FLAG_AP_WAKE_SUPPORT bit in flag field is set, Xen BSP have
to write the monitored memory(g_tboot_shared->ap_wake_trigger) to bring
APs out of MWAIT loops. The sipi vector should be written in
g_tboot_shared->ap_wake_addr before waking up APs.

Signed-off-by: Joseph Cihula <joseph.cihula@intel.com>
Signed-off-by: Shane Wang <shane.wang@intel.com>
Signed-off-by: Gang Wei <gang.wei@intel.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

xenpaging: convert mem_event_t to struct mem_event

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: convert xenpaging_t to struct xenpaging

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: convert xenpaging_victim_t to struct victim

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpm: assorted adjustments

- use consistent error values (stop mixing of [positive] errno values
  with literal -E... ones)
- properly format output
- don't use leading zeros in decimal output
- move printing of average frequency into P-state conditional (rather
  than a C-state one)
- don't print some C-state related info when CPU idle management is
  disabled in the hypervisor
- use calloc() for array allocations that also got cleared via memset()
  so far

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

docs: xl.pod.1: introduction to FLASK

Add a simple introduction to FLASK to the xl man page, at the beginning
of the FLASK chapter. Link to the xsm-flask.txt document.
Currently FLASK, TMEM and PCI PASS-THROUGH are defined as =head2 so they
look like sub-chapters of VIRTUAL DEVICE COMMANDS. Make them =head1.

Based on a text written by Daniel De Graaf.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: add feature flag to xenstore for XS_RESET_WATCHES

Tell guest about availibilty of xenstoreds XS_RESET_WATCHES function.
Guests can not issue this command unconditionally because some buggy
toolstacks (such as EC2) do not ignore unknown commands properly.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

flask/policy: add missing manage_domain rules

The updated example policy did not include rules to allow managing the
created domains (pause, unpause, destroy); allow these actions.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

docs: Update xsm-flask documentation

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

blktap2/vhd: add -liconv when linking if using libiconv

If libiconv is detected on the system add -liconv when linking the
libvhd library.

If -liconv is not added when compiling libvhd with libiconv the
following error occours when linking vhd-util and vhd-update:

gcc -o vhd-util vhd-util.o -Llib -lvhd
lib/libvhd.so: undefined reference to `libiconv_open'
lib/libvhd.so: undefined reference to `libiconv_close'
lib/libvhd.so: undefined reference to `libiconv'

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

build: detect if libiconv is present

Detect if libiconv is present in the system, since we will have to
link against it when using iconv.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

blktap2: remove local definitions and include byteswap.h

Use the same approach as tools/blktap2/include/libvhd.h, remove local
definitions of bswap* and include byteswap.h. Also remove the
HAVE_BYTESWAP_H ifdef, since it was not defined in this context (it's
defined by QEMU).

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

blktap: remove local definitions and include byteswap.h

Use the same approach as tools/blktap2/include/libvhd.h, remove local
definitions of bswap* and include byteswap.h. Also remove the
HAVE_BYTESWAP_H ifdef, since it was not defined in this context (it's
defined by QEMU).

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

tools: VM generation ID save/restore and migrate.

Add code to track the address of the VM generation ID buffer across a
save/restore or migrate, and increment it as necessary.
The address of the buffer is written into xenstore by hvmloader at
boot time. It must be read from xenstore by the caller of
xc_domain_save() and then written back again by the caller of
xc_domain_restore().

Note that the changes to xc_save.c and xc_restore.c are merely
sufficient for them to build.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: Add hvm specific ro and rw nodes.

The hvmloader node was created by libxl__create_device_model() but it
needs to be moved earlier so that it can parent the new rw
generation-id-address node.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: Open code rw and ro node creation.

Use a new libxl__xs_mkdir() to do this and also clean up extraneous
node creation while in the neighbourhood. Checking 'xenstore-ls -fp'
output before and after shows that, as well as the disappearance of
error, drivers, messages and domid, the following perms change is also
present:

-device/suspend = "" (ndomU)
+device/suspend = "" (n0,rdomU)

I believe the new perms are more desirable than the old ones.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

Add correct const-ness to memshr tool functions

This patch addresses some of the compile and link issues with the memshr
module.

Signed-off-by: Adin Scannell <adin@scannell.ca>
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

Fix types used in xc_memshr_* functions

Currently the memshr functions use uint32_t for the domid. This actually leads
to a funny domid_t -> uint32_t -> domid_t sequence of casts. This patch
updates the API functions to be domid_t in the first place.

No tools need to be modified with this patch, the casts were implicit.

Signed-off-by: Adin Scannell <adin@scannell.ca>
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxc: Only retry mapping pages when ENOENT is returned

If the return value from the ioctl() is not ENOENT, it's possible that err[i]
will not be updated and libxc will just loop forever. Although it's unlikely
that err[i] would not be updated after the ioctl() gets through at least once,
it's better to be defensive.

Signed-off-by: Adin Scannell <adin@scannell.ca>
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

VMX: print Pause Loop Exiting disabled message just once

... rather than per booting CPU.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

PCI: properly abstract out per-architecture extensions to struct pci_dev

x86's used_vectors member was both misplaced (in struct pci_dev_info,
which acts as a hypercall input data passing container only) and
improperly abstracted (requiring a CONFIG_X86 conditional in a generic
header).

The adjustment requires hiding several more lines in IA64's pci.h, but
as a benefit this allows removing one of the "null" headers.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

PCI: shrink pci_dev_info's is_extfn/is_virtfn members

They are used as boolean flags only, so convert them accordingly
(shrinking the structure size by 8 bytes).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

Update QEMU_TAG

ipxe: remove tarball on clean

This prevents us picking up a stale tarball when the tag changes.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

pygrub: fix extlinux parsing

pygrub was unable to parse extlinux config files correctly, exactly
the ones like:

LABEL grsec
KERNEL vmlinuz-3.0.10-grsec
APPEND initrd=initramfs-3.0.10-grsec
root=UUID=cfd4a7b4-8c40-4025-b877-8205f1c622ee
modules=sd-mod,usb-storage,ext4 xen quiet

This patch fixes it, adding a new case when parsing the "append" line,
that searches for the initrd image.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Campbell <ian.campbell.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: write vifname in xenstore if set.

Simple fix to enable user to specify vif names.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Campbell <ian.campbell.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: print out vifname in create dryrun.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Campbell <ian.campbell.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

netbsd: build fix with gcc 4.5

Fix build failure with gcc 4.5:
implicit declaration of __builtin_stdarg_start

Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
From: David Brownlee <abs@netbsd.org>
Committed-by: Keir Fraser <keir@xen.org>

x86: emulate lea with two register operands correctly

An lea instruction with two register operands should raise an
undefined instruction exception.

Skype does such a instruction and will crash when starting if it does
not get the exception.

Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Keir Fraser <keir@xen.org>
Committed-by: Keir Fraser <keir@xen.org>

ipxe: update to upstream version

Updated ipxe to current tree, which is
540e5960dc6b49eacf367f7c319fd0546474b845:

Provide PXENV_FILE_EXIT_HOOK only for ipxelinux.0 builds

Removed all the backported patches and updated
boot_prompt_option.patch to apply against current ipxe.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

xenpaging: remove _XOPEN_SOURCE

The _XOPEN_SOURCE define was breaking the compilation under NetBSD.
I've removed it becasue it is not necessary.

Error message:

gcc  -O1 -fno-omit-frame-pointer -m64 -g -fno-strict-aliasing
-std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value
-Wdeclaration-after-statement   -D__XEN_TOOLS__ -MMD -MF
.xenpaging.o.d -fno-optimize-sibling-calls
-I/root/xen-04102011/tools/xenpaging/../../tools/libxc
-I/root/xen-04102011/tools/xenpaging/../../tools/include
-I/root/xen-04102011/tools/xenpaging/../../tools/xenstore
-I/root/xen-04102011/tools/xenpaging/../../tools/include -Werror
-Wno-unused -g  -c -o xenpaging.o xenpaging.c  -I/usr/xen42/include
-I/usr/include
cc1: warnings being treated as errors
xenpaging.c: In function 'xenpaging_init':
xenpaging.c:333: warning: implicit declaration of function 'asprintf'

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/vIRQ: IRR and TMR race condition bug fix

In vlapic_set_irq, we set the IRR register before the TMR. And the IRR
might be serviced before setting TMR, and even worse EOI might occur
before TMR setting, in which case the vioapic_update_EOI won't be
called, and further prevent all the subsequent interrupt injecting.
Reorder setting the TMR and IRR will solve the problem.

Besides, KVM has fixed a similar bug in:
http://markmail.org/search/?q=APIC_TMR#query:APIC_TMR+page:1+mid:rphs4f7lkxjlldne+state:results

Signed-off-by: Yongan Liu<Liuyongan@huawei.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>

Rework locking for sched_adjust.

The main idea is to move (as much as possible) locking logic
from generic code to the various pluggable schedulers.

While at it, the following is also accomplished:
- pausing all the non-current VCPUs of a domain while changing its
   scheduling parameters is not effective in avoiding races and it is
   prone to deadlock, so that is removed.
- sedf needs a global lock for preventing races while adjusting
   domains' scheduling parameters (as it is for credit and credit2),
   so that is added.

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

All domains (including dom0) should be best effort on creation

In the sedf scheduler, while trying to guarantee to dom0 the proper
amount of CPU time for being able to do its job, we end up allocating
75% CPU-share to each and every of its VCPUs. This, combined with the
fact that such a scheduler has no load balancing logic at all (and
thus *all* dom0's VCPUs just rise and stay on physical CPU #0), means
that for example on a 12-cores system we're trying to exploit
75x12=3D900% of what we have on a PCPU, which is definitely too much!

Moreover, even if a cleverer mechanism for distributing VCPUs among
the available PCPUs (if not a proper load balancer) will be put in
place some day, it will still be difficult to decide how much
guaranteed CPU bandwidth each of the dom0's VCPUs should be provided
with, without posing the system at risk of livelock or starvation,
even during boot time.

Therefore, since sedf is capable of some form of best-effort
scheduling, the best thing we can do is ask for this behaviour for
dom0, as it is for all other domains, right upon creation. It will
then be the sysadmin's job to modify dom0's scheduling parameters to
better fit his particular needs, maybe after spreading the load a bit
by pinning VCPUs on PCPUs, or using cpupools, etc.

Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

x86/tboot: fix some coding style issues in tboot.c

Signed-off-by: Gang Wei <gang.wei@intel.com>
Acked-by: Joseph Cihula <joseph.cihula@intel.com>
Committed-by: Keir Fraser <keir@xen.org>

Update the maitainer list for Intel(R) TXT

Signed-off-by: Gang Wei <gang.wei@intel.com>

x86/passthrough: don't leak guest IRQs

As unmap_domain_pirq_emuirq() fails on a never mapped pIRQ, it must not
be called for the non-emu-IRQ case (to prevent the entire unmap
operation failing).

Based on a suggestion from Stefano.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Yongjie Ren <yongjie.ren@intel.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

X86: Add a delay between INIT & SIPIs for tboot AP bring-up in X2APIC case

Without this delay, Xen could not bring APs up while working with
TXT/tboot, because tboot needs some time in APs to handle INIT before
becoming ready for receiving SIPIs (this delay was removed as part of
c/s 23724 by Tim Deegan).

Signed-off-by: Gang Wei <gang.wei@intel.com>
Acked-by: Keir Fraser <keir@xen.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

Update QEMU_TAG

libxl: report failure to reboot/shutdown due to lackof PV interfaces to caller

This allow the caller to react as they think is appropriate. xl now prints a
message much like the library did previously, although hopefully somewhat more
informative.

Update the xl(1) man page to be similarly more informative.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>

libxl: split libxl_domain_shutdown into libxl_domain_shutdown,..._reboot

The other integer request types which shutdown supported are not
useful. Specifically:

* "suspend" is not usable via this interface since it requires other
scaffolding, libxl_domain_suspend provides this already.
* "halt" is the same as "poweroff".
* "crash" is unused and at least Linux does not implement it. If a user
steps forward then libxl_domain_crash is trivial to add.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>

libxl: Fix, specify open mode to QEMU state file.

Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86: reduce scope of some symbols used with reset_stack_and_jump()

By making the macro properly advertise the use of the input symbol to
the compiler, it is no longer necessary for them to be global if
they're defined and used in just one source file.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

x86: move some function scope statics into .init.data

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

flask/policy: Update example policy

Rewrite the example policy to make it easier to understand and
demonstrate some of the security goals that FLASK can enforce.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: add libxl__domain_pvcontrol_{available,read,write}

Use instead of open coding.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>

libxl: improve error handling when saving device model state.

Do not leak a file descriptor (fd2 when used with upstream qemu) or a file (the
save file which is leaked on failure).

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: remove force parameter from libxl__devices_destroy

Remove the force flag, and always use forced destruction.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: remove force parameter from libxl_domain_destroy

Since a destroy is considered a forced shutdown, there's no point in
passing a force parameter. All the occurences of this function have
been replaced with the proper syntax.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: fix incorrect log message in libxl_domain_destroy

Fix a log message that was referring to libxl_devices_dispose instead
of libxl__devices_destroy.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

hotplug: remove debug messages from NetBSD hotplug scripts

Remove unecessary debug messages from NetBSD hotplug scripts, left
error messages only.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: introduce libxl__wait_for_device_state

This is a generic function, that waits for xs watches to reach a
certain state and then executes the passed helper function. Removed
wait_for_dev_destroy and used this new function instead. This
function will also be used by future patches that need to wait for
the initialization of devices before executing hotplug scripts.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

libxl: add support for image files for NetBSD

Created a helper function to detect if the OS is capable of using
image files as phy backends. Create two OS specific files, and
changed the Makefile to choose the correct one at compile time.

Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

x86/AMD: fold redundant parameters of cpu_has_amd_erratum()

The boolean 'osvw' indicator and 'osvw_id' can be folded - the function
can as well distinguish the non-OSVW case by checking for a negative
'osvw_id'. That way the whole variable argument list processing is only
needed on the legacy code path.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Boris Ostrovsky <boris.ostrovsky@amd.com>
Acked-by: Wei Huang <wei.huang2@amd.com>

hvmloader: Re-name xenstore key used to save VM generation ID buffer address.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>

X86-MCE: fix a bug of xen-mceinj tool

Fix a bug of xen-mceinj tool which used to test mce by software way.

Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Committed-by: Keir Fraser <keir@xen.org>

Fix grant_table v2 status mapping.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

Allow VMs to query their own grant table version.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>

xl.pod.1: improve documentation of FLASK commands

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm: add checks on PCI configuration access

PCI configuration access is allowed to any privileged domain
regardless of I/O port access restrictions; add XSM hooks for these
accesses.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>

xsm: fix up dummy ops

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>