diff options
| author | Keir Fraser <keir@xensource.com> | 2007-07-07 10:09:51 +0100 |
|---|---|---|
| committer | Keir Fraser <keir@xensource.com> | 2007-07-07 10:09:51 +0100 |
| commit | 6cd1c1ec4490760495eb9d1836abf27efc26c2d0 (patch) | |
| tree | 70e6aeba48db3f52f1bb66ce033e22beef85d16c | |
| parent | 33665b2280cc26860ebb3928b3b17905a17a470f (diff) | |
| parent | 9153f9add5ebb50ce138f0bebefc62ab8bf1ca16 (diff) | |
| download | xen-6cd1c1ec4490760495eb9d1836abf27efc26c2d0.tar.gz xen-6cd1c1ec4490760495eb9d1836abf27efc26c2d0.tar.bz2 xen-6cd1c1ec4490760495eb9d1836abf27efc26c2d0.zip | |
Merge with PPC tree.
36 files changed, 451 insertions, 252 deletions
diff --git a/docs/man/xm.pod.1 b/docs/man/xm.pod.1 index d00b89266f..57990b8b6c 100644 --- a/docs/man/xm.pod.1 +++ b/docs/man/xm.pod.1 @@ -4,7 +4,7 @@ xm - Xen management user interface =head1 SYNOPSIS -xm <subcommand> [args] +B<xm> I<subcommand> [I<args>] =head1 DESCRIPTION @@ -13,46 +13,50 @@ domains. The program can be used to create, pause, and shutdown domains. It can also be used to list current domains, enable or pin VCPUs, and attach or detach virtual block devices. -The basic structure of every xm command is almost always: +The basic structure of every B<xm> command is almost always: - xm <subcommand> <domain-id> [OPTIONS] +=over 2 -Where I<subcommand> is one of the sub commands listed below, I<domain-id> +B<xm> I<subcommand> I<domain-id> [I<OPTIONS>] + +=back + +Where I<subcommand> is one of the subcommands listed below, I<domain-id> is the numeric domain id, or the domain name (which will be internally -translated to domain id), and I<OPTIONS> are sub command specific +translated to domain id), and I<OPTIONS> are subcommand specific options. There are a few exceptions to this rule in the cases where -the sub command in question acts on all domains, the entire machine, -or directly on the xen hypervisor. Those exceptions will be clear for -each of those sub commands. +the subcommand in question acts on all domains, the entire machine, +or directly on the Xen hypervisor. Those exceptions will be clear for +each of those subcommands. =head1 NOTES All B<xm> operations rely upon the Xen control daemon, aka B<xend>. -For any xm commands to run xend must also be running. For this reason -you should start xend as a service when your system first boots using -xen. +For any B<xm> commands to run, xend must also be running. For this +reason you should start xend as a service when your system first boots +using Xen. Most B<xm> commands require root privileges to run due to the communications channels used to talk to the hypervisor. Running as non root will return an error. Most B<xm> commands act asynchronously, so just because the B<xm> -command returned, doesn't mean the action is complete. This is +command returned doesn't mean the action is complete. This is important, as many operations on domains, like create and shutdown, can take considerable time (30 seconds or more) to bring the machine into a fully compliant state. If you want to know when one of these -actions has finished you must poll through xm list periodically. +actions has finished you must poll through B<xm list> periodically. =head1 DOMAIN SUBCOMMANDS -The following sub commands manipulate domains directly, as stated -previously most commands take domain-id as the first parameter. +The following subcommands manipulate domains directly. As stated +previously, most commands take I<domain-id> as the first parameter. =over 4 =item B<console> I<domain-id> -Attach to domain domain-id's console. If you've set up your Domains to +Attach to domain I<domain-id>'s console. If you've set up your domains to have a traditional log in console this will look much like a normal text log in screen. @@ -63,15 +67,15 @@ The attached console will perform much like a standard serial console, so running curses based interfaces over the console B<is not advised>. Vi tends to get very odd when using it over this interface. -=item B<create> I<[-c]> I<configfile> I<[name=value]>.. +=item B<create> [B<-c>] I<configfile> [I<name>=I<value>].. -The create sub command requires a configfile and can optional take a +The create sub command requires a config file and can optionally take a series of name value pairs that add to or override variables defined in the config file. See L<xmdomain.cfg> for full details of that file format, and possible options used in either the configfile or -Name=Value combinations. +I<name>=I<value> combinations. -Configfile can either be an absolute path to a file, or a relative +I<configfile> can either be an absolute path to a file, or a relative path to a file located in /etc/xen. Create will return B<as soon> as the domain is started. This B<does @@ -116,10 +120,10 @@ virtual networking. (This example comes from the xm-test test suite.) =item B<destroy> I<domain-id> -Immediately terminate the domain domain-id. This doesn't give the domain -OS any chance to react, and it the equivalent of ripping the power -cord out on a physical machine. In most cases you will want to use -the B<shutdown> command instead. +Immediately terminate the domain I<domain-id>. This doesn't give the +domain OS any chance to react, and is the equivalent of ripping the +power cord out on a physical machine. In most cases you will want to +use the B<shutdown> command instead. =item B<domid> I<domain-name> @@ -129,14 +133,14 @@ Converts a domain name to a domain id using xend's internal mapping. Converts a domain id to a domain name using xend's internal mapping. -=item B<help> I<[--long]> +=item B<help> [B<--long>] Displays the short help message (i.e. common commands). -The I<--long> option prints out the complete set of B<xm> subcommands, +The B<--long> option prints out the complete set of B<xm> subcommands, grouped by function. -=item B<list> I<[--long | --label]> I<[domain-id, ...]> +=item B<list> [B<--long> | B<--label>] [I<domain-id> ...] Prints information about one or more domains. If no domains are specified it prints out information about all domains. @@ -151,21 +155,23 @@ An example format for the list is as follows: Mandrake10.2 167 128 1 ------ 2.5 Suse9.2 168 100 1 ------ 1.8 -Name is the name of the domain. ID the domain numeric id. Mem is the -size of the memory allocated to the domain. VCPUS is the number of -VCPUS allocated to domain. State is the run state (see below). Time -is the total run time of the domain as accounted for by Xen. +Name is the name of the domain. ID the numeric domain id. Mem is the +desired amount of memory to allocate to the domain (although it may +not be the currently allocated amount). VCPUs is the number of +virtual CPUs allocated to the domain. State is the run state (see +below). Time is the total run time of the domain as accounted for by +Xen. B<STATES> =over 4 -The State field lists 6 states for a Xen Domain, and which ones the -current Domain is in. +The State field lists 6 states for a Xen domain, and which ones the +current domain is in. =item B<r - running> -The domain is currently running on a CPU +The domain is currently running on a CPU. =item B<b - blocked> @@ -203,12 +209,12 @@ B<LONG OUTPUT> =over 4 -If I<--long> is specified, the output for xm list is not the table +If B<--long> is specified, the output for B<xm list> is not the table view shown above, but instead is an S-Expression representing all information known about all domains asked for. This is mostly only useful for external programs to parse the data. -B<Note:> there is no stable guarantees on the format of this data. +B<Note:> There is no stable guarantees on the format of this data. Use at your own risk. =back @@ -217,10 +223,10 @@ B<LABEL OUTPUT> =over 4 -If I<--label> is specified, the security labels are added to the -output of xm list and the lines are sorted by the labels (ignoring -case). The I<--long> option prints the labels by default and cannot be -combined with I<--label>. See the ACCESS CONTROL SUBCOMMAND section of +If B<--label> is specified, the security labels are added to the +output of B<xm list> and the lines are sorted by the labels (ignoring +case). The B<--long> option prints the labels by default and cannot be +combined with B<--label>. See the ACCESS CONTROL SUBCOMMAND section of this man page for more information about labels. ==back @@ -230,7 +236,7 @@ B<NOTES> =over 4 The Time column is deceptive. Virtual IO (network and block devices) -used by Domains requires coordination by Domain0, which means that +used by domains requires coordination by Domain0, which means that Domain0 is actually charged for much of the time that a DomainU is doing IO. Use of this time value to determine relative utilizations by domains is thus very suspect, as a high IO workload may show as @@ -240,11 +246,11 @@ less utilized than a high CPU workload. Consider yourself warned. =item B<mem-max> I<domain-id> I<mem> -Specify the maximum amount of memory the Domain is able to use. Mem +Specify the maximum amount of memory the domain is able to use. I<mem> is specified in megabytes. The mem-max value may not correspond to the actual memory used in the -Domain, as it may balloon down it's memory to give more back to the OS. +domain, as it may balloon down its memory to give more back to the OS. =item B<mem-set> I<domain-id> I<mem> @@ -252,20 +258,20 @@ Set the domain's used memory using the balloon driver. Because this operation requires cooperation from the domain operating system, there is no guarantee that it will succeed. -B<Warning:> there is no good way to know in advance how small of a +B<Warning:> There is no good way to know in advance how small of a mem-set will make a domain unstable and cause it to crash. Be very careful when using this command on running domains. -=item B<migrate> I<domain-id> I<host> I<[options]> +=item B<migrate> I<domain-id> I<host> [I<OPTIONS>] -Migrate a domain to another Host machine. B<Xend> must be running on -other host machine, it must be running the same version of xen, it +Migrate a domain to another host machine. Xend must be running on +other host machine, it must be running the same version of Xen, it must have the migration TCP port open and accepting connections from the source host, and there must be sufficient resources for the domain to run (memory, disk, etc). -Migration is pretty complicated, and has many security implications, -please read the Xen Users Guide to ensure you understand the +Migration is pretty complicated, and has many security implications. +Please read the Xen User's Guide to ensure you understand the ramifications and limitations on migration before attempting it in production. @@ -273,13 +279,13 @@ B<OPTIONS> =over 4 -=item B<-l, --live> +=item B<-l>, B<--live> Use live migration. This will migrate the domain between hosts -without shutting down the domain. See the Xen Users Guide for more +without shutting down the domain. See the Xen User's Guide for more information. -=item B<-r, --resource> I<Mbs> +=item B<-r>, B<--resource> I<Mbs> Set maximum Mbs allowed for migrating the domain. This ensures that the network link is not saturated with migration traffic while @@ -293,7 +299,7 @@ Pause a domain. When in a paused state the domain will still consume allocated resources such as memory, but will not be eligible for scheduling by the Xen hypervisor. -=item B<reboot> I<[options]> I<domain-id> +=item B<reboot> [I<OPTIONS>] I<domain-id> Reboot a domain. This acts just as if the domain had the B<reboot> command run from the console. The command returns as soon as it has @@ -301,18 +307,18 @@ executed the reboot action, which may be significantly before the domain actually reboots. The behavior of what happens to a domain when it reboots is set by the -I<on_reboot> parameter of the xmdomain.cfg file when the domain was +B<on_reboot> parameter of the xmdomain.cfg file when the domain was created. B<OPTIONS> =over 4 -=item B<-a, --all> +=item B<-a>, B<--all> -Reboot all domains +Reboot all domains. -=item B<-w, --wait> +=item B<-w>, B<--wait> Wait for reboot to complete before returning. This may take a while, as all services in the domain will have to be shut down cleanly. @@ -321,7 +327,7 @@ as all services in the domain will have to be shut down cleanly. =item B<restore> I<state-file> -Build a domain from an B<xm save> state file. See I<save> for more info. +Build a domain from an B<xm save> state file. See B<save> for more info. =item B<save> I<domain-id> I<state-file> @@ -334,16 +340,16 @@ This is roughly equivalent to doing a hibernate on a running computer, with all the same limitations. Open network connections may be severed upon restore, as TCP timeouts may have expired. -=item B<shutdown> I<[options]> I<domain-id> +=item B<shutdown> [I<OPTIONS>] I<domain-id> Gracefully shuts down a domain. This coordinates with the domain OS to perform graceful shutdown, so there is no guarantee that it will succeed, and may take a variable length of time depending on what services must be shutdown in the domain. The command returns -immediately after signally the domain unless that I<-w> flag is used. +immediately after signally the domain unless that B<-w> flag is used. The behavior of what happens to a domain when it reboots is set by the -I<on_shutdown> parameter of the xmdomain.cfg file when the domain was +B<on_shutdown> parameter of the xmdomain.cfg file when the domain was created. B<OPTIONS> @@ -386,7 +392,7 @@ Attempting to set the VCPUs to a number larger than the initially configured VCPU count is an error. Trying to set VCPUs to < 1 will be quietly ignored. -=item B<vcpu-list> I<[domain-id]> +=item B<vcpu-list> [I<domain-id>] Lists VCPU information for a specific domain. If no domain is specified, VCPU information for all domains will be provided. @@ -394,7 +400,7 @@ specified, VCPU information for all domains will be provided. =item B<vcpu-pin> I<domain-id> I<vcpu> I<cpus> Pins the the VCPU to only run on the specific CPUs. The keyword -I<all> can be used to apply the I<cpus> list to all VCPUs in the +B<all> can be used to apply the I<cpus> list to all VCPUs in the domain. Normally VCPUs can float between available CPUs whenever Xen deems a @@ -408,7 +414,7 @@ CPUs. =over 4 -=item B<dmesg> I<[-c]> +=item B<dmesg> [B<-c>] Reads the Xen message buffer, similar to dmesg on a Linux system. The buffer contains informational, warning, and error messages created @@ -419,7 +425,7 @@ B<OPTIONS> =over 4 -=item B<-c, --clear> +=item B<-c>, B<--clear> Clears Xen's message buffer. @@ -431,8 +437,8 @@ Print information about the Xen host in I<name : value> format. When reporting a Xen bug, please provide this information as part of the bug report. -Sample xen domain info looks as follows (lines wrapped manually to -make the man page more readable): +Sample output looks as follows (lines wrapped manually to make the man +page more readable): host : talon release : 2.6.12.6-xen0 @@ -470,36 +476,36 @@ B<FIELDS> Not all fields will be explained here, but some of the less obvious ones deserve explanation: -=item I<hw_caps> +=item B<hw_caps> A vector showing what hardware capabilities are supported by your processor. This is equivalent to, though more cryptic, the flags field in /proc/cpuinfo on a normal Linux machine. -=item I<free_memory> +=item B<free_memory> -Available memory (in MB) not allocated to Xen, or any other Domains. +Available memory (in MB) not allocated to Xen, or any other domains. -=item I<xen_caps> +=item B<xen_caps> -The xen version, architecture. Architecture values can be one of: +The Xen version and architecture. Architecture values can be one of: x86_32, x86_32p (i.e. PAE enabled), x86_64, ia64. -=item I<xen_changeset> +=item B<xen_changeset> -The xen mercurial changeset id. Very useful for determining exactly +The Xen mercurial changeset id. Very useful for determining exactly what version of code your Xen system was built from. =back =item B<log> -Print out the B<xend> log. This log file can be found in +Print out the xend log. This log file can be found in /var/log/xend.log. =item B<top> -Executes the xentop command, which provides real time monitoring of +Executes the B<xentop> command, which provides real time monitoring of domains. Xentop is a curses interface, and reasonably self explanatory. @@ -508,13 +514,41 @@ explanatory. =head1 SCHEDULER SUBCOMMANDS Xen ships with a number of domain schedulers, which can be set at boot -time with the I<sched=> parameter on the Xen command line. By -default I<sedf> is used for scheduling. +time with the B<sched=> parameter on the Xen command line. By +default B<credit> is used for scheduling. FIXME: we really need a scheduler expert to write up this section. =over 4 +=item B<sched-credit> [ B<-d> I<domain-id> [ B<-w>[B<=>I<WEIGHT>] | B<-c>[B<=>I<CAP>] ] ] + +Set credit scheduler parameters. The credit scheduler is a +proportional fair share CPU scheduler built from the ground up to be +work conserving on SMP hosts. + +Each domain (including Domain0) is assigned a weight and a cap. + +B<PARAMETERS> + +=over 4 + +=item I<WEIGHT> + +A domain with a weight of 512 will get twice as much CPU as a domain +with a weight of 256 on a contended host. Legal weights range from 1 +to 65535 and the default is 256. + +=item I<CAP> + +The cap optionally fixes the maximum amount of CPU a domain will be +able to consume, even if the host system has idle CPU cycles. The cap +is expressed in percentage of one physical CPU: 100 is 1 physical CPU, +50 is half a CPU, 400 is 4 CPUs, etc. The default, 0, means there is +no upper cap. + +=back + =item B<sched-sedf> I<period> I<slice> I<latency-hint> I<extratime> I<weight> Set Simple EDF (Earliest Deadline First) scheduler parameters. This @@ -546,7 +580,7 @@ Flag for allowing domain to run in extra time. =item I<weight> -Another way of setting cpu slice. +Another way of setting CPU slice. =back @@ -591,7 +625,7 @@ event. =over 4 -=item B<block-attach> I<domain-id> I<be-dev> I<fe-dev> I<mode> I<[bedomain-id]> +=item B<block-attach> I<domain-id> I<be-dev> I<fe-dev> I<mode> [I<bedomain-id>] Create a new virtual block device. This will trigger a hotplug event for the guest. @@ -619,7 +653,7 @@ devices, or by device id, such as 0x1400 (/dev/hdc device id in hex). =item I<mode> The access mode for the device from the guest domain. Supported modes -are I<w> (read/write) or I<r> (read-only). +are B<w> (read/write) or B<r> (read-only). =item I<bedomain-id> @@ -635,62 +669,65 @@ B<EXAMPLES> xm block-attach guestdomain file://path/to/dsl-2.0RC2.iso /dev/hdc ro -This will mount the dsl iso as /dev/hdc in the guestdomain as a read -only device. This will probably not be detected as a cdrom by the +This will mount the dsl ISO as /dev/hdc in the guestdomain as a read +only device. This will probably not be detected as a CD-ROM by the guest, but mounting /dev/hdc manually will work. =back -=item B<block-detach> I<domain-id> I<devid> +=item B<block-detach> I<domain-id> I<devid> [B<--force>] -Destroy a domain's virtual block device. devid B<must> be the device -id given to the device by domain 0. You will need to run I<xm -block-list> to determine that number. +Detach a domain's virtual block device. I<devid> may be the symbolic +name or the numeric device id given to the device by domain 0. You +will need to run B<xm block-list> to determine that number. -FIXME: this is currently B<broken>. Even though a block device is -removed from domU, it appears to still be allocated in the domain 0. +Detaching the device requires the cooperation of the domain. If the +domain fails to release the device (perhaps because the domain is hung +or is still using the device), the detach will fail. The B<--force> +parameter will forcefully detach the device, but may cause IO errors +in the domain. -=item B<block-list> I<[-l|--long]> I<domain-id> +=item B<block-list> [B<-l>|B<--long>] I<domain-id> List virtual block devices for a domain. The returned output is -formatted as a list or as an S-Expression if the '--long' option was given. +formatted as a list or as an S-Expression if the B<--long> option was given. =head2 NETWORK DEVICES -=item B<network-attach> I<domain-id> I<[script=scriptname]> I<[ip=ipaddr]> -I<[mac=macaddr]> I<[bridge=bridge-name]> I<[backend=bedomain-id]> +=item B<network-attach> I<domain-id> [B<script=>I<scriptname>] [B<ip=>I<ipaddr>] +[B<mac=>I<macaddr>] [B<bridge=>I<bridge-name>] [B<backend=>I<bedomain-id>] -Creates a new network device in the domain specified by domain-id. It +Creates a new network device in the domain specified by I<domain-id>. It takes the following optional options: B<OPTIONS> =over 4 -=item I<script=scriptname> +=item B<script=>I<scriptname> Use the specified script name to bring up the network. Defaults to -the default setting in xend-config.sxp for I<vif-script>. +the default setting in xend-config.sxp for B<vif-script>. -=item I<ip=ipaddr> +=item B<ip=>I<ipaddr> Passes the specified IP Address to the adapter on creation. FIXME: this currently appears to be B<broken>. I'm not sure under what circumstances this should actually work. -=item I<mac=macaddr> +=item B<mac=>I<macaddr> The MAC address that the domain will see on its Ethernet device. If the device is not specified it will be randomly generated with the 00:16:3e vendor id prefix. -=item I<bridge=bridge-name> +=item B<bridge=>I<bridge-name> The name of the bridge to attach the vif to, in case you have more -than one. This defaults to +than one. This defaults to xenbr0. -=item I<backend=bedomain-id> +=item B<backend=>I<bedomain-id> The backend domain id. By default this is domain 0. @@ -705,17 +742,17 @@ I<devid> is the virtual interface device number within the domain FIXME: this is currently B<broken>. Network devices aren't completely removed from domain 0. -=item B<network-list> I<[-l|--long]> I<domain-id> +=item B<network-list> [B<-l>|B<--long>]> I<domain-id> List virtual network interfaces for a domain. The returned output is -formatted as a list or as an S-Expression if the '--long' option was given. +formatted as a list or as an S-Expression if the B<--long> option was given. =head2 VIRTUAL TPM DEVICES -=item B<vtpm-list> I<[-l|--long]> I<domain-id> +=item B<vtpm-list> [B<-l>|B<--long>] I<domain-id> Show the virtual TPM device for a domain. The returned output is -formatted as a list or as an S-Expression if the '--long' option was given. +formatted as a list or as an S-Expression if the B<--long> option was given. =back @@ -728,7 +765,7 @@ out entirely. =over 4 -=item B<vnet-list> I<[-l|--long]> +=item B<vnet-list> [B<-l>|B<--long>] List vnets. @@ -762,7 +799,7 @@ subcommands described below. Currently, the ACP specifies two ways to interpret labels: (1) Simple Type Enforcement: Labels are interpreted to decide access -of domains to comunication means and virtual or physical +of domains to communication means and virtual or physical resources. Communication between domains as well as access to resources are forbidden by default and can only take place if they are explicitly allowed by the security policy. The proper assignment of @@ -796,8 +833,8 @@ time with the B<cfgbootpolicy> subcommand. =over 4 I<policy> is a dot-separated list of names. The last part is the file -name pre-fix for the policy xml file. The preceding name parts are -translated into the local path pointing to the policy xml file +name pre-fix for the policy XML file. The preceding name parts are +translated into the local path pointing to the policy XML file relative to the global policy root directory (/etc/xen/acm-security/policies). For example, example.chwall_ste.client_v1 denotes the policy file @@ -823,16 +860,16 @@ I<boot title> parameter to specify a unique part of the proper title. Prints the current security policy state information of Xen. -=item B<labels> [I<policy>] [I<type>=dom|res|any] +=item B<labels> [I<policy>] [B<type=dom>|B<res>|B<any>] Lists all labels of a I<type> (domain, resource, or both) that are defined in the I<policy>. Unless specified, the default I<policy> is the currently enforced access control policy. The default for I<type> is 'dom'. The labels are arranged in alphabetical order. -=item B<addlabel> I<label> dom I<configfile> [I<policy>] +=item B<addlabel> I<label> B<dom> I<configfile> [I<policy>] -=item B<addlabel> I<label> res I<resource> [I<policy>] +=item B<addlabel> I<label> B<res> I<resource> [I<policy>] Adds the security label with name I<label> to a domain I<configfile> (dom) or to the global resource label file for the @@ -841,17 +878,17 @@ currently enforced access control policy. This subcommand also verifies that the I<policy> definition supports the specified I<label> name. -=item B<rmlabel> dom I<configfile> +=item B<rmlabel> B<dom> I<configfile> -=item B<rmlabel> res I<resource> +=item B<rmlabel> B<res> I<resource> -Works the same as the I<addlabel> command (above), except that this +Works the same as the B<addlabel> command (above), except that this command will remove the label from the domain I<configfile> (dom) or the global resource label file (res). -=item B<getlabel> dom I<configfile> +=item B<getlabel> B<dom> I<configfile> -=item B<getlabel> res I<resource> +=item B<getlabel> B<res> I<resource> Shows the label for the given I<configfile> or I<resource> @@ -881,7 +918,7 @@ Then recompile and install xen and the security tools and then reboot: cd xen_source_dir/xen; make clean; make; cp xen.gz /boot; cd xen_source_dir/tools/security; make install; - reboot into xen + reboot into Xen =back @@ -944,10 +981,10 @@ B<ATTACHING A SECURITY LABEL TO A DOMAIN> =over 4 -The I<addlabel> subcommand can attach a security label to a domain +The B<addlabel> subcommand can attach a security label to a domain configuration file, here a HomeBanking label. The example policy ensures that this domain does not share information with other -non-hombanking user domains (i.e., domains labeled as dom_Fun or +non-homebanking user domains (i.e., domains labeled as dom_Fun or dom_Boinc) and that it will not run simultaneously with domains labeled as dom_Fun. @@ -958,7 +995,7 @@ probably just a browser environment for online-banking. xm addlabel dom_HomeBanking dom myconfig.xm The very simple configuration file might now look as printed -below. The I<addlabel> subcommand added the B<access_control> entry at +below. The B<addlabel> subcommand added the B<access_control> entry at the end of the file, consisting of a label name and the policy that specifies this label name: @@ -986,7 +1023,7 @@ B<ATTACHING A SECURITY LABEL TO A RESOURCE> =over 4 -The I<addlabel> subcommand can also be used to attach a security +The B<addlabel> subcommand can also be used to attach a security label to a resource. Following the home banking example from above, we can label a disk resource (e.g., a physical partition or a file) to make it accessible to the home banking domain. The example policy @@ -1002,7 +1039,7 @@ attaches this disk to the domain at boot time. disk = [ 'phy:hda6,sda2,w' ] Alternatively, the resource can be attached after booting the domain -by using the I<block-attach> subcommand. +by using the B<block-attach> subcommand. xm block-attach homebanking phy:hda6 sda2 w @@ -1010,7 +1047,7 @@ Note that labeled resources cannot be used when security is turned off. Any attempt to use labeled resources with security turned off will result in a failure with a corresponding error message. The solution is to enable security or, if security is no longer desired, -to remove the resource label using the I<rmlabel> subcommand. +to remove the resource label using the B<rmlabel> subcommand. =back @@ -1048,7 +1085,7 @@ B<POLICY REPRESENTATIONS> =over 4 We distinguish three representations of the Xen access control policy: -the I<source XML> version, its I<binary> counterpart, and a I<mapping> +the source XML version, its binary counterpart, and a mapping representation that enables the tools to deterministically translate back and forth between label names of the XML policy and label identifiers of the binary policy. All three versions must be kept @@ -1075,8 +1112,6 @@ their binary identifiers (ssidrefs) used inside Xen. =back -=head1 EXAMPLES - =head1 SEE ALSO B<xmdomain.cfg>(5), B<xentop>(1) diff --git a/tools/examples/xend-config.sxp b/tools/examples/xend-config.sxp index aaddbee076..adbb9e6b69 100644 --- a/tools/examples/xend-config.sxp +++ b/tools/examples/xend-config.sxp @@ -191,3 +191,9 @@ # The default password for VNC console on HVM domain. # Empty string is no authentication. (vncpasswd '') + +# The default keymap to use for the VM's virtual keyboard +# when not specififed in VM's configuration +#(keymap 'en-us') + + diff --git a/tools/firmware/rombios/rombios.c b/tools/firmware/rombios/rombios.c index c0ce1f9981..49f5afdb08 100644 --- a/tools/firmware/rombios/rombios.c +++ b/tools/firmware/rombios/rombios.c @@ -4675,6 +4675,10 @@ int09_function(DI, SI, BP, SP, BX, DX, CX, AX) write_byte(0x0040, 0x18, mf2_flags); break; + case 0x53: /* Del */ + if ((shift_flags & 0x0c) == 0x0c) /* Ctrl + Alt */ + machine_reset(); + /* Fall through */ default: if (scancode & 0x80) return; /* toss key releases ... */ if (scancode > MAX_SCAN_CODE) { diff --git a/tools/ioemu/keymaps/ja b/tools/ioemu/keymaps/ja index 6947cb124c..9d90a78c81 100644 --- a/tools/ioemu/keymaps/ja +++ b/tools/ioemu/keymaps/ja @@ -101,6 +101,7 @@ yen 0x7d bar 0x7d shift underscore 0x73 shift Henkan_Mode 0x79 +Katakana_Real 0x70 Katakana 0x70 Muhenkan 0x7b Henkan_Mode_Real 0x79 diff --git a/tools/ioemu/vnc_keysym.h b/tools/ioemu/vnc_keysym.h index d0d405a5ce..ea9e330f1a 100644 --- a/tools/ioemu/vnc_keysym.h +++ b/tools/ioemu/vnc_keysym.h @@ -290,12 +290,14 @@ static name2keysym_t name2keysym[]={ /* localized keys */ {"BackApostrophe", 0xff21}, {"Muhenkan", 0xff22}, -{"Katakana", 0xff25}, +{"Katakana", 0xff27}, {"Hankaku", 0xff29}, {"Zenkaku_Hankaku", 0xff2a}, {"Henkan_Mode_Real", 0xff23}, {"Henkan_Mode_Ultra", 0xff3e}, {"backslash_ja", 0xffa5}, +{"Katakana_Real", 0xff25}, +{"Eisu_toggle", 0xff30}, /* dead keys */ {"dead_grave", 0xfe50}, diff --git a/tools/libxc/xc_domain.c b/tools/libxc/xc_domain.c index 92a8b98511..11c14247a2 100644 --- a/tools/libxc/xc_domain.c +++ b/tools/libxc/xc_domain.c @@ -181,6 +181,7 @@ int xc_domain_getinfo(int xc_handle, info->blocked = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_blocked); info->running = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_running); info->hvm = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_hvm_guest); + info->debugged = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_debugged); info->shutdown_reason = (domctl.u.getdomaininfo.flags>>XEN_DOMINF_shutdownshift) & diff --git a/tools/libxc/xc_misc.c b/tools/libxc/xc_misc.c index 85f7921e77..13fa65ff18 100644 --- a/tools/libxc/xc_misc.c +++ b/tools/libxc/xc_misc.c @@ -60,6 +60,8 @@ int xc_physinfo(int xc_handle, sysctl.cmd = XEN_SYSCTL_physinfo; + memcpy(&sysctl.u.physinfo, put_info, sizeof(*put_info)); + if ( (ret = do_sysctl(xc_handle, &sysctl)) != 0 ) return ret; diff --git a/tools/libxc/xenctrl.h b/tools/libxc/xenctrl.h index 25def6b9fc..6ba6c8b034 100644 --- a/tools/libxc/xenctrl.h +++ b/tools/libxc/xenctrl.h @@ -153,7 +153,7 @@ typedef struct xc_dominfo { uint32_t ssidref; unsigned int dying:1, crashed:1, shutdown:1, paused:1, blocked:1, running:1, - hvm:1; + hvm:1, debugged:1; unsigned int shutdown_reason; /* only meaningful if shutdown==1 */ unsigned long nr_pages; unsigned long shared_info_frame; @@ -473,6 +473,7 @@ int xc_readconsolering(int xc_handle, int xc_send_debug_keys(int xc_handle, char *keys); typedef xen_sysctl_physinfo_t xc_physinfo_t; +typedef uint32_t xc_cpu_to_node_t; int xc_physinfo(int xc_handle, xc_physinfo_t *info); diff --git a/tools/python/xen/lowlevel/xc/xc.c b/tools/python/xen/lowlevel/xc/xc.c index afe5d19c27..021d7f2a7a 100644 --- a/tools/python/xen/lowlevel/xc/xc.c +++ b/tools/python/xen/lowlevel/xc/xc.c @@ -680,33 +680,62 @@ static PyObject *pyxc_pages_to_kib(XcObject *self, PyObject *args) static PyObject *pyxc_physinfo(XcObject *self) { +#define MAX_CPU_ID 255 xc_physinfo_t info; char cpu_cap[128], *p=cpu_cap, *q=cpu_cap; - int i; - + int i, j, max_cpu_id; + PyObject *ret_obj, *node_to_cpu_obj; + xc_cpu_to_node_t map[MAX_CPU_ID]; + + set_xen_guest_handle(info.cpu_to_node, map); + info.max_cpu_id = MAX_CPU_ID; + if ( xc_physinfo(self->xc_handle, &info) != 0 ) return pyxc_error_to_exception(); - *q=0; - for(i=0;i<sizeof(info.hw_cap)/4;i++) + *q = 0; + for ( i = 0; i < sizeof(info.hw_cap)/4; i++ ) { - p+=sprintf(p,"%08x:",info.hw_cap[i]); - if(info.hw_cap[i]) - q=p; + p += sprintf(p, "%08x:", info.hw_cap[i]); + if ( info.hw_cap[i] ) + q = p; } - if(q>cpu_cap) - *(q-1)=0; - - return Py_BuildValue("{s:i,s:i,s:i,s:i,s:l,s:l,s:l,s:i,s:s}", - "threads_per_core", info.threads_per_core, - "cores_per_socket", info.cores_per_socket, - "sockets_per_node", info.sockets_per_node, - "nr_nodes", info.nr_nodes, - "total_memory", pages_to_kib(info.total_pages), - "free_memory", pages_to_kib(info.free_pages), - "scrub_memory", pages_to_kib(info.scrub_pages), - "cpu_khz", info.cpu_khz, - "hw_caps", cpu_cap); + if ( q > cpu_cap ) + *(q-1) = 0; + + ret_obj = Py_BuildValue("{s:i,s:i,s:i,s:i,s:i,s:l,s:l,s:l,s:i,s:s}", + "nr_nodes", info.nr_nodes, + "max_cpu_id", info.max_cpu_id, + "threads_per_core", info.threads_per_core, + "cores_per_socket", info.cores_per_socket, + "sockets_per_node", info.sockets_per_node, + "total_memory", pages_to_kib(info.total_pages), + "free_memory", pages_to_kib(info.free_pages), + "scrub_memory", pages_to_kib(info.scrub_pages), + "cpu_khz", info.cpu_khz, + "hw_caps", cpu_cap); + + max_cpu_id = info.max_cpu_id; + if ( max_cpu_id > MAX_CPU_ID ) + max_cpu_id = MAX_CPU_ID; + + /* Construct node-to-cpu lists. */ + node_to_cpu_obj = PyList_New(0); + + /* Make a list for each node. */ + for ( i = 0; i < info.nr_nodes; i++ ) + { + PyObject *cpus = PyList_New(0); + for ( j = 0; j <= max_cpu_id; j++ ) + if ( i == map[j]) + PyList_Append(cpus, PyInt_FromLong(j)); + PyList_Append(node_to_cpu_obj, cpus); + } + + PyDict_SetItemString(ret_obj, "node_to_cpu", node_to_cpu_obj); + + return ret_obj; +#undef MAX_CPU_ID } static PyObject *pyxc_xeninfo(XcObject *self) diff --git a/tools/python/xen/xend/XendConfig.py b/tools/python/xen/xend/XendConfig.py index 17628f337a..0773724919 100644 --- a/tools/python/xen/xend/XendConfig.py +++ b/tools/python/xen/xend/XendConfig.py @@ -22,6 +22,7 @@ import types from xen.xend import sxp from xen.xend import uuid +from xen.xend import XendOptions from xen.xend import XendAPIStore from xen.xend.XendError import VmError from xen.xend.XendDevices import XendDevices @@ -392,6 +393,9 @@ class XendConfig(dict): def _platform_sanity_check(self): if self.is_hvm(): + if 'keymap' not in self['platform'] and XendOptions.instance().get_keymap(): + self['platform']['keymap'] = XendOptions.instance().get_keymap() + if 'device_model' not in self['platform']: self['platform']['device_model'] = DEFAULT_DM diff --git a/tools/python/xen/xend/XendDomain.py b/tools/python/xen/xend/XendDomain.py index f3a832509c..5820bc566c 100644 --- a/tools/python/xen/xend/XendDomain.py +++ b/tools/python/xen/xend/XendDomain.py @@ -1399,10 +1399,15 @@ class XendDomain: dominfo = self.domain_lookup_nr(domid) if not dominfo: raise XendInvalidDomain(str(domid)) - try: - return xc.sched_credit_domain_get(dominfo.getDomid()) - except Exception, ex: - raise XendError(str(ex)) + + if dominfo._stateGet() in (DOM_STATE_RUNNING, DOM_STATE_PAUSED): + try: + return xc.sched_credit_domain_get(dominfo.getDomid()) + except Exception, ex: + raise XendError(str(ex)) + else: + return {'weight' : dominfo.getWeight(), + 'cap' : dominfo.getCap()} def domain_sched_credit_set(self, domid, weight = None, cap = None): """Set credit scheduler parameters for a domain. @@ -1436,7 +1441,9 @@ class XendDomain: assert type(weight) == int assert type(cap) == int - rc = xc.sched_credit_domain_set(dominfo.getDomid(), weight, cap) + rc = 0 + if dominfo._stateGet() in (DOM_STATE_RUNNING, DOM_STATE_PAUSED): + rc = xc.sched_credit_domain_set(dominfo.getDomid(), weight, cap) if rc == 0: if set_weight: dominfo.setWeight(weight) diff --git a/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py index 2f9eb592f5..a142d07301 100644 --- a/tools/python/xen/xend/XendDomainInfo.py +++ b/tools/python/xen/xend/XendDomainInfo.py @@ -502,9 +502,18 @@ class XendDomainInfo: dev_uuid = self.info.device_add(dev_type, cfg_sxp = dev_config) dev_config_dict = self.info['devices'][dev_uuid][1] log.debug("XendDomainInfo.device_create: %s" % scrub_password(dev_config_dict)) - dev_config_dict['devid'] = devid = \ - self._createDevice(dev_type, dev_config_dict) - self._waitForDevice(dev_type, devid) + + if self.domid is not None: + try: + dev_config_dict['devid'] = devid = \ + self._createDevice(dev_type, dev_config_dict) + self._waitForDevice(dev_type, devid) + except VmError, ex: + raise ex + else: + devid = None + + xen.xend.XendDomain.instance().managed_config_save(self) return self.getDeviceController(dev_type).sxpr(devid) def device_configure(self, dev_sxp, devid = None): diff --git a/tools/python/xen/xend/XendNode.py b/tools/python/xen/xend/XendNode.py index b5fa1b7fb4..60189fbe7b 100644 --- a/tools/python/xen/xend/XendNode.py +++ b/tools/python/xen/xend/XendNode.py @@ -533,6 +533,54 @@ class XendNode: ['version', ver], ['machine', mch]] + def list_to_rangepairs(self,cmap): + cmap.sort() + pairs = [] + x = y = 0 + for i in range(0,len(cmap)): + try: + if ((cmap[y+1] - cmap[i]) > 1): + pairs.append((cmap[x],cmap[y])) + x = y = i+1 + else: + y = y + 1 + # if we go off the end, then just add x to y + except IndexError: + pairs.append((cmap[x],cmap[y])) + + return pairs + + def format_pairs(self,pairs): + if not pairs: + return "no cpus" + out = "" + for f,s in pairs: + if (f==s): + out += '%d'%f + else: + out += '%d-%d'%(f,s) + out += ',' + # trim trailing ',' + return out[:-1] + + def list_to_strrange(self,list): + return self.format_pairs(self.list_to_rangepairs(list)) + + def format_node_to_cpu(self, pinfo): + str='' + whitespace='' + try: + node_to_cpu=pinfo['node_to_cpu'] + for i in range(0, pinfo['nr_nodes']): + str+='%snode%d:%s\n' % (whitespace, + i, + self.list_to_strrange(node_to_cpu[i])) + whitespace='%25s' % '' + except: + str='none\n' + return str[:-1]; + + def physinfo(self): info = self.xc.physinfo() @@ -545,6 +593,7 @@ class XendNode: # physinfo is in KiB, need it in MiB info['total_memory'] = info['total_memory'] / 1024 info['free_memory'] = info['free_memory'] / 1024 + info['node_to_cpu'] = self.format_node_to_cpu(info) ITEM_ORDER = ['nr_cpus', 'nr_nodes', @@ -555,6 +604,7 @@ class XendNode: 'hw_caps', 'total_memory', 'free_memory', + 'node_to_cpu' ] return [[k, info[k]] for k in ITEM_ORDER] diff --git a/tools/python/xen/xend/XendOptions.py b/tools/python/xen/xend/XendOptions.py index 73de5a39c3..af09220782 100644 --- a/tools/python/xen/xend/XendOptions.py +++ b/tools/python/xen/xend/XendOptions.py @@ -278,6 +278,9 @@ class XendOptions: return self.get_config_string('vncpasswd', self.vncpasswd_default) + def get_keymap(self): + return self.get_config_value('keymap', None) + class XendOptionsFile(XendOptions): """Default path to the config file.""" diff --git a/tools/python/xen/xend/server/SrvDomain.py b/tools/python/xen/xend/server/SrvDomain.py index 582793b01e..ee9f2d4a7d 100644 --- a/tools/python/xen/xend/server/SrvDomain.py +++ b/tools/python/xen/xend/server/SrvDomain.py @@ -155,7 +155,8 @@ class SrvDomain(SrvDir): def op_domain_sched_credit_set(self, _, req): fn = FormFn(self.xd.domain_sched_credit_set, [['dom', 'int'], - ['weight', 'int']]) + ['weight', 'int'], + ['cap', 'int']]) val = fn(req.args, {'dom': self.dom.domid}) return val diff --git a/tools/python/xen/xend/server/vfbif.py b/tools/python/xen/xend/server/vfbif.py index cbef190248..eb1990e64f 100644 --- a/tools/python/xen/xend/server/vfbif.py +++ b/tools/python/xen/xend/server/vfbif.py @@ -76,6 +76,11 @@ class VfbifController(DevController): args += [ "--listen", vnclisten ] if config.has_key("keymap"): args += ["-k", "%s" % config["keymap"]] + else: + xoptions = xen.xend.XendOptions.instance() + if xoptions.get_keymap(): + args += ["-k", "%s" % xoptions.get_keymap()] + spawn_detached(args[0], args + std_args, os.environ) elif t == "sdl": args = [xen.util.auxbin.pathTo("xen-sdlfb")] diff --git a/tools/python/xen/xm/main.py b/tools/python/xen/xm/main.py index 8bc0efe90a..7f93373bd7 100644 --- a/tools/python/xen/xm/main.py +++ b/tools/python/xen/xm/main.py @@ -1529,7 +1529,7 @@ def xm_sched_credit(args): doms = filter(lambda x : domid_match(domid, x), [parse_doms_info(dom) - for dom in getDomains(None, 'running')]) + for dom in getDomains(None, 'all')]) if weight is None and cap is None: if domid is not None and doms == []: @@ -1545,7 +1545,7 @@ def xm_sched_credit(args): server.xenapi.VM.get_metrics( get_single_vm(d['name']))) else: - info = server.xend.domain.sched_credit_get(d['domid']) + info = server.xend.domain.sched_credit_get(d['name']) except xmlrpclib.Fault: pass @@ -1557,8 +1557,8 @@ def xm_sched_credit(args): info['cap'] = int(info['cap']) info['name'] = d['name'] - info['domid'] = int(d['domid']) - print( ("%(name)-32s %(domid)5d %(weight)6d %(cap)4d") % info) + info['domid'] = str(d['domid']) + print( ("%(name)-32s %(domid)5s %(weight)6d %(cap)4d") % info) else: if domid is None: # place holder for system-wide scheduler parameters @@ -1566,14 +1566,24 @@ def xm_sched_credit(args): usage('sched-credit') if serverType == SERVER_XEN_API: - server.xenapi.VM.add_to_VCPUs_params_live( - get_single_vm(domid), - "weight", - weight) - server.xenapi.VM.add_to_VCPUs_params_live( - get_single_vm(domid), - "cap", - cap) + if doms[0]['domid']: + server.xenapi.VM.add_to_VCPUs_params_live( + get_single_vm(domid), + "weight", + weight) + server.xenapi.VM.add_to_VCPUs_params_live( + get_single_vm(domid), + "cap", + cap) + else: + server.xenapi.VM.add_to_VCPUs_params( + get_single_vm(domid), + "weight", + weight) + server.xenapi.VM.add_to_VCPUs_params( + get_single_vm(domid), + "cap", + cap) else: result = server.xend.domain.sched_credit_set(domid, weight, cap) if result != 0: diff --git a/tools/security/xensec_ezpolicy b/tools/security/xensec_ezpolicy index 970fb380b4..458ff556f2 100644 --- a/tools/security/xensec_ezpolicy +++ b/tools/security/xensec_ezpolicy @@ -1102,8 +1102,10 @@ def org2dict(): for i in iterchildren(app.win.orgs.GetRootItem()): d = [] for j in iterchildren(i): - d.append(str(app.win.orgspanel.orgs.GetItemText(j))) - o.append([str(app.win.orgspanel.orgs.GetItemText(i)) , d]) + d.append( + str(app.win.orgspanel.orgs.GetItemText(j).encode("utf-8"))) + o.append([str(app.win.orgspanel.orgs.GetItemText(i).encode("utf-8")), + d]) dic['orgs'] = o c=[] for i in app.win.conspanel.conflictsets: @@ -1175,12 +1177,14 @@ def printPolicy(fd, types, cons): continue #name is optional but must be set if i[0]: - rer_name = str(i[0]) + rer_name = i[0] else: - rer_name = str("RER") - fd.write(""" <Conflict name=\"%s\">\n""" % rer_name) + rer_name = "RER" + fd.write(""" <Conflict name=\"""" + + rer_name.encode("utf-8") + """\">\n""") for j in i[1]: - fd.write(""" <Type>%s</Type>\n""" % str(j)) + typ = j.encode("utf-8") + fd.write(""" <Type>%s</Type>\n""" % typ) fd.write(""" </Conflict>\n""") fd.write(""" </ConflictSets>\n""") diff --git a/tools/xenmon/xenbaked.c b/tools/xenmon/xenbaked.c index 5908a6c1c9..1587016335 100644 --- a/tools/xenmon/xenbaked.c +++ b/tools/xenmon/xenbaked.c @@ -444,7 +444,7 @@ struct t_rec **init_rec_ptrs(struct t_buf **meta, unsigned int num) */ unsigned int get_num_cpus(void) { - xc_physinfo_t physinfo; + xc_physinfo_t physinfo = { 0 }; int xc_handle = xc_interface_open(); int ret; diff --git a/tools/xenstat/libxenstat/src/xenstat.c b/tools/xenstat/libxenstat/src/xenstat.c index 93d228c2f6..a109960c41 100644 --- a/tools/xenstat/libxenstat/src/xenstat.c +++ b/tools/xenstat/libxenstat/src/xenstat.c @@ -135,7 +135,7 @@ xenstat_node *xenstat_get_node(xenstat_handle * handle, unsigned int flags) { #define DOMAIN_CHUNK_SIZE 256 xenstat_node *node; - xc_physinfo_t physinfo; + xc_physinfo_t physinfo = { 0 }; xc_domaininfo_t domaininfo[DOMAIN_CHUNK_SIZE]; unsigned int new_domains; unsigned int i; diff --git a/tools/xentrace/xentrace.c b/tools/xentrace/xentrace.c index 45fb99f7e7..ad06778592 100644 --- a/tools/xentrace/xentrace.c +++ b/tools/xentrace/xentrace.c @@ -256,7 +256,7 @@ struct t_rec **init_rec_ptrs(struct t_buf **meta, unsigned int num) */ unsigned int get_num_cpus(void) { - xc_physinfo_t physinfo; + xc_physinfo_t physinfo = { 0 }; int xc_handle = xc_interface_open(); int ret; diff --git a/tools/xm-test/tests/info/02_info_compiledata_pos.py b/tools/xm-test/tests/info/02_info_compiledata_pos.py index 189fce17cb..9430ecf62f 100644 --- a/tools/xm-test/tests/info/02_info_compiledata_pos.py +++ b/tools/xm-test/tests/info/02_info_compiledata_pos.py @@ -18,9 +18,7 @@ map = {} for line in lines: pieces = line.split(" : ", 1) - if len(pieces) < 2: - FAIL("Found invalid line: [%s]" % line) - else: + if len(pieces) > 1: map[pieces[0]] = pieces[1] for field in ["cores_per_socket", "threads_per_core", "cpu_mhz", diff --git a/xen/arch/ia64/xen/dom0_ops.c b/xen/arch/ia64/xen/dom0_ops.c index 3651a55f8f..4a18fd57df 100644 --- a/xen/arch/ia64/xen/dom0_ops.c +++ b/xen/arch/ia64/xen/dom0_ops.c @@ -240,8 +240,7 @@ long arch_do_sysctl(xen_sysctl_t *op, XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) { #ifdef IA64_NUMA_PHYSINFO int i; - node_data_t *chunks; - u64 *map, cpu_to_node_map[MAX_NUMNODES]; + uint32_t *map, cpu_to_node_map[NR_CPUS]; #endif xen_sysctl_physinfo_t *pi = &op->u.physinfo; @@ -250,11 +249,9 @@ long arch_do_sysctl(xen_sysctl_t *op, XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) cpus_weight(cpu_sibling_map[0]); pi->cores_per_socket = cpus_weight(cpu_core_map[0]) / pi->threads_per_core; - pi->sockets_per_node = - num_online_cpus() / cpus_weight(cpu_core_map[0]); -#ifndef IA64_NUMA_PHYSINFO - pi->nr_nodes = 1; -#endif + pi->nr_nodes = num_online_nodes(); + pi->sockets_per_node = num_online_cpus() / + (pi->nr_nodes * pi->cores_per_socket * pi->threads_per_core); pi->total_pages = total_pages; pi->free_pages = avail_domheap_pages(); pi->scrub_pages = avail_scrub_pages(); @@ -264,41 +261,6 @@ long arch_do_sysctl(xen_sysctl_t *op, XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) ret = 0; #ifdef IA64_NUMA_PHYSINFO - /* fetch memory_chunk pointer from guest */ - get_xen_guest_handle(chunks, pi->memory_chunks); - - printk("chunks=%p, num_node_memblks=%u\n", chunks, num_node_memblks); - /* if it is set, fill out memory chunk array */ - if (chunks != NULL) { - if (num_node_memblks == 0) { - /* Non-NUMA machine. Put pseudo-values. */ - node_data_t data; - data.node_start_pfn = 0; - data.node_spanned_pages = total_pages; - data.node_id = 0; - /* copy memory chunk structs to guest */ - if (copy_to_guest_offset(pi->memory_chunks, 0, &data, 1)) { - ret = -EFAULT; - break; - } - } else { - for (i = 0; i < num_node_memblks && i < PUBLIC_MAXCHUNKS; i++) { - node_data_t data; - data.node_start_pfn = node_memblk[i].start_paddr >> - PAGE_SHIFT; - data.node_spanned_pages = node_memblk[i].size >> PAGE_SHIFT; - data.node_id = node_memblk[i].nid; - /* copy memory chunk structs to guest */ - if (copy_to_guest_offset(pi->memory_chunks, i, &data, 1)) { - ret = -EFAULT; - break; - } - } - } - } - /* set number of notes */ - pi->nr_nodes = num_online_nodes(); - /* fetch cpu_to_node pointer from guest */ get_xen_guest_handle(map, pi->cpu_to_node); diff --git a/xen/arch/powerpc/mm.c b/xen/arch/powerpc/mm.c index 51a4e54ed7..16b6ab02f5 100644 --- a/xen/arch/powerpc/mm.c +++ b/xen/arch/powerpc/mm.c @@ -187,7 +187,7 @@ int replace_grant_host_mapping( unsigned long addr, unsigned long frame, unsigned long new_addr, unsigned int flags) { - if (new_addr) + if (new_addr) { printk("%s: new_addr not supported\n", __func__); BUG(); return GNTST_general_error; diff --git a/xen/arch/powerpc/sysctl.c b/xen/arch/powerpc/sysctl.c index 3b25b5f89b..5f9a5432c8 100644 --- a/xen/arch/powerpc/sysctl.c +++ b/xen/arch/powerpc/sysctl.c @@ -45,10 +45,10 @@ long arch_do_sysctl(struct xen_sysctl *sysctl, cpus_weight(cpu_sibling_map[0]); pi->cores_per_socket = cpus_weight(cpu_core_map[0]) / pi->threads_per_core; - pi->sockets_per_node = - num_online_cpus() / cpus_weight(cpu_core_map[0]); + pi->sockets_per_node = num_online_cpus() / + (num_online_nodes() * pi->cores_per_socket * pi->threads_per_core); - pi->nr_nodes = 1; + pi->nr_nodes = num_online_nodes(); pi->total_pages = total_pages; pi->free_pages = avail_domheap_pages(); pi->cpu_khz = cpu_khz; diff --git a/xen/arch/x86/hvm/vmx/intr.c b/xen/arch/x86/hvm/vmx/intr.c index bdc6c50838..fd28603f9b 100644 --- a/xen/arch/x86/hvm/vmx/intr.c +++ b/xen/arch/x86/hvm/vmx/intr.c @@ -73,7 +73,7 @@ static void enable_intr_window(struct vcpu *v, enum hvm_intack intr_source) { - u32 *cpu_exec_control = &v->arch.hvm_vcpu.u.vmx.exec_control; + u32 *cpu_exec_control = &v->arch.hvm_vmx.exec_control; u32 ctl = CPU_BASED_VIRTUAL_INTR_PENDING; if ( unlikely(intr_source == hvm_intack_none) ) diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 40e9891e75..e9bf41f3ab 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -80,7 +80,7 @@ void vmx_init_vmcs_config(void) min, opt, MSR_IA32_VMX_PINBASED_CTLS); min = (CPU_BASED_HLT_EXITING | - CPU_BASED_INVDPG_EXITING | + CPU_BASED_INVLPG_EXITING | CPU_BASED_MWAIT_EXITING | CPU_BASED_MOV_DR_EXITING | CPU_BASED_ACTIVATE_IO_BITMAP | @@ -318,7 +318,7 @@ static void construct_vmcs(struct vcpu *v) __vmwrite(VM_EXIT_CONTROLS, vmx_vmexit_control); __vmwrite(VM_ENTRY_CONTROLS, vmx_vmentry_control); __vmwrite(CPU_BASED_VM_EXEC_CONTROL, vmx_cpu_based_exec_control); - v->arch.hvm_vcpu.u.vmx.exec_control = vmx_cpu_based_exec_control; + v->arch.hvm_vmx.exec_control = vmx_cpu_based_exec_control; if ( vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_SECONDARY_CONTROLS ) __vmwrite(SECONDARY_VM_EXEC_CONTROL, vmx_secondary_exec_control); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 50e757ac14..3b52c35d2a 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -433,8 +433,8 @@ static inline void vmx_save_dr(struct vcpu *v) /* Clear the DR dirty flag and re-enable intercepts for DR accesses. */ v->arch.hvm_vcpu.flag_dr_dirty = 0; - v->arch.hvm_vcpu.u.vmx.exec_control |= CPU_BASED_MOV_DR_EXITING; - __vmwrite(CPU_BASED_VM_EXEC_CONTROL, v->arch.hvm_vcpu.u.vmx.exec_control); + v->arch.hvm_vmx.exec_control |= CPU_BASED_MOV_DR_EXITING; + __vmwrite(CPU_BASED_VM_EXEC_CONTROL, v->arch.hvm_vmx.exec_control); savedebug(&v->arch.guest_context, 0); savedebug(&v->arch.guest_context, 1); @@ -1440,9 +1440,9 @@ static void vmx_dr_access(unsigned long exit_qualification, __restore_debug_registers(v); /* Allow guest direct access to DR registers */ - v->arch.hvm_vcpu.u.vmx.exec_control &= ~CPU_BASED_MOV_DR_EXITING; + v->arch.hvm_vmx.exec_control &= ~CPU_BASED_MOV_DR_EXITING; __vmwrite(CPU_BASED_VM_EXEC_CONTROL, - v->arch.hvm_vcpu.u.vmx.exec_control); + v->arch.hvm_vmx.exec_control); } /* @@ -2984,15 +2984,15 @@ asmlinkage void vmx_vmexit_handler(struct cpu_user_regs *regs) break; case EXIT_REASON_PENDING_VIRT_INTR: /* Disable the interrupt window. */ - v->arch.hvm_vcpu.u.vmx.exec_control &= ~CPU_BASED_VIRTUAL_INTR_PENDING; + v->arch.hvm_vmx.exec_control &= ~CPU_BASED_VIRTUAL_INTR_PENDING; __vmwrite(CPU_BASED_VM_EXEC_CONTROL, - v->arch.hvm_vcpu.u.vmx.exec_control); + v->arch.hvm_vmx.exec_control); break; case EXIT_REASON_PENDING_VIRT_NMI: /* Disable the NMI window. */ - v->arch.hvm_vcpu.u.vmx.exec_control &= ~CPU_BASED_VIRTUAL_NMI_PENDING; + v->arch.hvm_vmx.exec_control &= ~CPU_BASED_VIRTUAL_NMI_PENDING; __vmwrite(CPU_BASED_VM_EXEC_CONTROL, - v->arch.hvm_vcpu.u.vmx.exec_control); + v->arch.hvm_vmx.exec_control); break; case EXIT_REASON_TASK_SWITCH: goto exit_and_crash; diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index eb015b7a1b..7e53c23a36 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -506,7 +506,9 @@ void shadow_promote(struct vcpu *v, mfn_t gmfn, unsigned int type) ASSERT(mfn_valid(gmfn)); /* We should never try to promote a gmfn that has writeable mappings */ - ASSERT(sh_remove_write_access(v, gmfn, 0, 0) == 0); + ASSERT((page->u.inuse.type_info & PGT_type_mask) != PGT_writable_page + || (page->u.inuse.type_info & PGT_count_mask) == 0 + || v->domain->is_shutting_down); /* Is the page already shadowed? */ if ( !test_and_set_bit(_PGC_page_table, &page->count_info) ) @@ -1850,11 +1852,12 @@ int sh_remove_write_access(struct vcpu *v, mfn_t gmfn, perfc_incr(shadow_writeable_bf); hash_foreach(v, callback_mask, callbacks, gmfn); - /* If that didn't catch the mapping, something is very wrong */ + /* If that didn't catch the mapping, then there's some non-pagetable + * mapping -- ioreq page, grant mapping, &c. */ if ( (mfn_to_page(gmfn)->u.inuse.type_info & PGT_count_mask) != 0 ) { - SHADOW_ERROR("can't find all writeable mappings of mfn %lx: " - "%lu left\n", mfn_x(gmfn), + SHADOW_ERROR("can't remove write access to mfn %lx: guest has " + "%lu special-use mappings of it\n", mfn_x(gmfn), (mfn_to_page(gmfn)->u.inuse.type_info&PGT_count_mask)); domain_crash(v->domain); } diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index 962caa05ee..6e2f7b92b2 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -2719,10 +2719,21 @@ static int sh_page_fault(struct vcpu *v, if ( guest_walk_tables(v, va, &gw, 1) != 0 ) { - SHADOW_PRINTK("malformed guest pagetable!"); + SHADOW_PRINTK("malformed guest pagetable\n"); print_gw(&gw); } + /* It's possible that the guest has put pagetables in memory that it has + * already used for some special purpose (ioreq pages, or granted pages). + * If that happens we'll have killed the guest already but it's still not + * safe to propagate entries out of the guest PT so get out now. */ + if ( unlikely(d->is_shutting_down) ) + { + SHADOW_PRINTK("guest is shutting down\n"); + shadow_unlock(d); + return 0; + } + sh_audit_gw(v, &gw); // We do not look at the gw->l1e, as that will not exist for superpages. diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c index fe4c049908..ff7018a930 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -23,6 +23,10 @@ #include <asm/hvm/hvm.h> #include <asm/hvm/support.h> #include <asm/processor.h> +#include <asm/numa.h> +#include <xen/nodemask.h> + +#define get_xen_guest_handle(val, hnd) do { val = (hnd).p; } while (0) long arch_do_sysctl( struct xen_sysctl *sysctl, XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) @@ -34,25 +38,41 @@ long arch_do_sysctl( case XEN_SYSCTL_physinfo: { + uint32_t i, max_array_ent; + xen_sysctl_physinfo_t *pi = &sysctl->u.physinfo; pi->threads_per_core = cpus_weight(cpu_sibling_map[0]); pi->cores_per_socket = cpus_weight(cpu_core_map[0]) / pi->threads_per_core; - pi->sockets_per_node = - num_online_cpus() / cpus_weight(cpu_core_map[0]); + pi->nr_nodes = num_online_nodes(); + pi->sockets_per_node = num_online_cpus() / + (pi->nr_nodes * pi->cores_per_socket * pi->threads_per_core); - pi->nr_nodes = 1; pi->total_pages = total_pages; pi->free_pages = avail_domheap_pages(); pi->scrub_pages = avail_scrub_pages(); pi->cpu_khz = cpu_khz; memset(pi->hw_cap, 0, sizeof(pi->hw_cap)); memcpy(pi->hw_cap, boot_cpu_data.x86_capability, NCAPINTS*4); - ret = 0; - if ( copy_to_guest(u_sysctl, sysctl, 1) ) - ret = -EFAULT; + + max_array_ent = pi->max_cpu_id; + pi->max_cpu_id = last_cpu(cpu_online_map); + max_array_ent = min_t(uint32_t, max_array_ent, pi->max_cpu_id); + + ret = -EFAULT; + if ( !guest_handle_is_null(pi->cpu_to_node) ) + { + for ( i = 0; i <= max_array_ent; i++ ) + { + uint32_t node = cpu_online(i) ? cpu_to_node(i) : ~0u; + if ( copy_to_guest_offset(pi->cpu_to_node, i, &node, 1) ) + break; + } + } + + ret = copy_to_guest(u_sysctl, sysctl, 1) ? -EFAULT : 0; } break; diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 4ecb3625b9..91020dfa81 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -117,6 +117,7 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) (d->is_dying ? XEN_DOMINF_dying : 0) | (d->is_shut_down ? XEN_DOMINF_shutdown : 0) | (d->is_paused_by_controller ? XEN_DOMINF_paused : 0) | + (d->debugger_attached ? XEN_DOMINF_debugged : 0) | d->shutdown_code << XEN_DOMINF_shutdownshift; if ( is_hvm_domain(d) ) diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h index e4174e10b6..40a784458f 100644 --- a/xen/include/asm-x86/hvm/vmx/vmcs.h +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -97,7 +97,7 @@ void vmx_vmcs_exit(struct vcpu *v); #define CPU_BASED_VIRTUAL_INTR_PENDING 0x00000004 #define CPU_BASED_USE_TSC_OFFSETING 0x00000008 #define CPU_BASED_HLT_EXITING 0x00000080 -#define CPU_BASED_INVDPG_EXITING 0x00000200 +#define CPU_BASED_INVLPG_EXITING 0x00000200 #define CPU_BASED_MWAIT_EXITING 0x00000400 #define CPU_BASED_RDPMC_EXITING 0x00000800 #define CPU_BASED_RDTSC_EXITING 0x00001000 diff --git a/xen/include/public/domctl.h b/xen/include/public/domctl.h index 1b5e816aaa..fa1dbd96f4 100644 --- a/xen/include/public/domctl.h +++ b/xen/include/public/domctl.h @@ -85,6 +85,9 @@ struct xen_domctl_getdomaininfo { /* Domain is currently running. */ #define _XEN_DOMINF_running 5 #define XEN_DOMINF_running (1U<<_XEN_DOMINF_running) + /* Being debugged. */ +#define _XEN_DOMINF_debugged 6 +#define XEN_DOMINF_debugged (1U<<_XEN_DOMINF_debugged) /* CPU to which this domain is bound. */ #define XEN_DOMINF_cpumask 255 #define XEN_DOMINF_cpushift 8 diff --git a/xen/include/public/sysctl.h b/xen/include/public/sysctl.h index d51052aefe..06eb0e78c5 100644 --- a/xen/include/public/sysctl.h +++ b/xen/include/public/sysctl.h @@ -34,7 +34,7 @@ #include "xen.h" #include "domctl.h" -#define XEN_SYSCTL_INTERFACE_VERSION 0x00000003 +#define XEN_SYSCTL_INTERFACE_VERSION 0x00000004 /* * Read console content from Xen buffer ring. @@ -76,6 +76,7 @@ DEFINE_XEN_GUEST_HANDLE(xen_sysctl_tbuf_op_t); */ #define XEN_SYSCTL_physinfo 3 struct xen_sysctl_physinfo { + /* IN variables. */ uint32_t threads_per_core; uint32_t cores_per_socket; uint32_t sockets_per_node; @@ -85,6 +86,23 @@ struct xen_sysctl_physinfo { uint64_aligned_t free_pages; uint64_aligned_t scrub_pages; uint32_t hw_cap[8]; + + /* IN/OUT variables. */ + /* + * IN: maximum addressable entry in the caller-provided cpu_to_node array. + * OUT: largest cpu identifier in the system. + * If OUT is greater than IN then the cpu_to_node array is truncated! + */ + uint32_t max_cpu_id; + /* + * If not NULL, this array is filled with node identifier for each cpu. + * If a cpu has no node information (e.g., cpu not present) then the + * sentinel value ~0u is written. + * The size of this array is specified by the caller in @max_cpu_id. + * If the actual @max_cpu_id is smaller than the array then the trailing + * elements of the array will not be written by the sysctl. + */ + XEN_GUEST_HANDLE_64(uint32_t) cpu_to_node; }; typedef struct xen_sysctl_physinfo xen_sysctl_physinfo_t; DEFINE_XEN_GUEST_HANDLE(xen_sysctl_physinfo_t); diff --git a/xen/include/xen/cpumask.h b/xen/include/xen/cpumask.h index d9296201cb..7e24f84876 100644 --- a/xen/include/xen/cpumask.h +++ b/xen/include/xen/cpumask.h @@ -222,6 +222,15 @@ static inline int __next_cpu(int n, const cpumask_t *srcp, int nbits) return min_t(int, nbits, find_next_bit(srcp->bits, nbits, n+1)); } +#define last_cpu(src) __last_cpu(&(src), NR_CPUS) +static inline int __last_cpu(const cpumask_t *srcp, int nbits) +{ + int cpu, pcpu = NR_CPUS; + for (cpu = first_cpu(*srcp); cpu < NR_CPUS; cpu = next_cpu(cpu, *srcp)) + pcpu = cpu; + return pcpu; +} + #define cpumask_of_cpu(cpu) \ ({ \ typeof(_unused_cpumask_arg_) m; \ |