Merge with ext/ia64/xen-unstable.hg

16 files changed, 270 insertions, 39 deletions

diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt
new file mode 100644
index 0000000000..e27f651552
--- /dev/null
+++ b/docs/misc/xsm-flask.txt
@@ -0,0 +1,148 @@
+These notes are compiled from xen-devel questions and postings that have occured
+since the inclusion of XSM.  These notes are not intended to be definitive
+documentation but should address many common problems that arrise when
+experimenting with XSM:FLASK.
+
+Xen XSM:FLASK configuration
+---------------------------
+
+1) cd xen-unstable.hg
+2) edit Config.mk in the toplevel xen directory as follows:
+
+	XSM_ENABLE ?= y
+	FLASK_ENABLE ?= y
+	ACM_SECURITY ?= n
+	
+NB: Only one security module can be selected at a time.  If no module is
+selected, then the default DUMMY module will be enforced.  The DUMMY module
+only exercises the security framework and does not enforce any security
+policies.  Changing the security module selection will require recompiling xen.
+These settings will also configure the corresponding toolchain support.  
+
+3) make xen
+4) make tools
+
+
+Xen XSM:FLASK policy
+--------------------
+
+These instructions will enable the configuration and build of the sample policy.
+The sample policy provides the MINIMUM policy necessary to boot a
+paravirtualized dom0 and create a paravirtualized domU.  Many of the 
+default capabilities and usages supported by dom0/domU are disallowed by the
+sample policy.  Further, the policy is comprised of a limited number of types and 
+must be adjusted to meet the specific security goals of the installation. 
+Modification of the policy is straightforward and is covered in a later section.
+
+NB: The policy is not automatically built as part of the tool support because 
+of an external dependancy on the checkpolicy compiler.  The FLASK policy uses 
+the same syntax and structure as SELinux and compiling the policy relies on 
+the SELinux policy toolchain.  This toolchain is available under many 
+distributions as well as the following URL,
+
+	http://userspace.selinuxproject.org/releases/20080909/stable/checkpolicy-1.34.7.tar.gz
+
+1) cd xen-unstable.hg/tools/flask/policy
+2) make policy
+3) cp policy.20 /boot/xenpolicy.20
+4) edit /etc/grub.conf, add a module line to the xen entry,
+
+	module /xenpolicy.20
+
+5) reboot, and select the updated xen entry
+
+NB: The module entry can be inserted on any line after the xen kernel line.  Typical
+configurations use the last module entry or the module entry that immediately 
+follows the xen kernel entry.
+
+Xen configuration of xend
+-------------------------
+
+1) cd /etc/xen
+2) edit xend-config.sxp
+3) uncomment the line containing the key:value pair entry, 
+
+	#(xsm_module_name dummy)
+
+4) change the value entry to 'flask'
+
+	(xsm_module_name flask)
+
+5) restart xend
+
+Creating policy controlled domains
+----------------------------------
+
+2) Edit the domain config file and add the following entry,
+
+	access_control = ["policy=,label=system_u:object_r:domU_t"]
+
+NB: The 'policy' field is not used by XSM:FLASK.  The 'label' must exist in the 
+loaded policy. 'system_u:object_r:domU_t' is one of the existing labels from 
+the sample policy and shown for example purposes.
+
+2) Create the domain using the 'xm create' command.
+3) Use the 'xm list -l' command to list the running domains and their labels.
+
+Updating the XSM:FLASK policy
+-----------------------------
+
+It is recommended that the XSM:FLASK policy be tailored to meet the specific
+security goals of the platform.  The policy is tailored by editing the xen.te 
+file in the 'policy' subdirectory.
+
+1) cd xen-unstable.hg/tools/flask/policy
+2) edit policy/modules/xen/xen.te - make changes to support platform security goals.
+3) make policy
+4) cp policy.20 /boot/xenpolicy.20
+5) reboot
+
+Alternatively, one may reload the policy using the 'flask_loadpolicy' tool
+installed by the xen tools.
+
+1) flask_loadpolicy policy.20
+
+NB: The sample policy permits policy reloads as well as general manipulation of
+the Flask security server only from dom0.  The policy can be tailored further to
+restrict policy reloads and other manipulations to boot-time only, by removing 
+the corresponding statements from the policy.
+
+Enforcing the XSM:FLASK policy
+------------------------------
+
+By default, XSM:FLASK is compiled and installed in permissive mode.  This
+configuration will allow an XSM:FLASK system to start in enforcing mode.
+
+1) edit /etc/grub.conf
+2) append the parameter 'flask_enforcing=1' to the xen kernel line.
+3) reboot, and select the updated xen entry
+
+
+Additional notes on XSM:FLASK
+-----------------------------
+
+1) xen command line parameters
+
+	a) flask_enforcing
+	
+	The default value for flask_enforcing is '0'.  This parameter causes the 
+	platform to boot in permissive mode which means that the policy is loaded 
+	but not enforced.  This mode is often helpful for developing new systems 
+	and policies as the policy violations are reported on the xen console and 
+	may be viewed in dom0 through 'xm dmesg'.
+	
+	To boot the platform into enforcing mode, which means that the policy is
+	loaded and enforced, append 'flask_enforcing=1' on the grub line.
+	
+	This parameter may also be changed through the flask hyercall.
+	
+	b) flask_enabled
+	
+	The default value for flask_enabled is '1'.  This parameter causes the
+	platform to enable the FLASK security module under the XSM framework.
+	The parameter may be enabled/disabled only once per boot.  If the parameter
+	is set to '0', only a reboot can re-enable flask.  When flask_enabled is '0'
+	the DUMMY module is enforced.
+
+	This parameter may also be changed through the flask hypercall.  But may
+	only be performed once per boot.
diff --git a/tools/hotplug/Linux/init.d/xendomains b/tools/hotplug/Linux/init.d/xendomains
index 5c2e492f03..492774c84a 100644
--- a/tools/hotplug/Linux/init.d/xendomains
+++ b/tools/hotplug/Linux/init.d/xendomains
@@ -213,7 +213,7 @@ is_running()
 start() 
 {
     if [ -f $LOCKFILE ]; then 
-	echo -n "xendomains already running (lockfile exists)"
+	echo -e "xendomains already running (lockfile exists)"
 	return; 
     fi
 
@@ -230,10 +230,12 @@ start()
                 HEADER=`head -c 16 $dom | head -n 1 2> /dev/null`
                 if [ $HEADER = "LinuxGuestRecord" ]; then
                     echo -n " ${dom##*/}"
-                    xm restore $dom
+                    XMR=`xm restore $dom 2>&1 1>/dev/null`
+                    #xm restore $dom
                     if [ $? -ne 0 ]; then
+                	echo -e "\nAn error occured while restoring domain ${dom##*/}:\n$XMR"
                         rc_failed $?
-                        echo -n '!'
+                        echo -e '!'
                     else
                         # mv $dom ${dom%/*}/.${dom##*/}
                         rm $dom
@@ -241,7 +243,7 @@ start()
                 fi
             fi
         done
-	echo .
+	echo -e
     fi
 
     if contains_something "$XENDOMAINS_AUTO"
@@ -264,16 +266,17 @@ start()
 	    if [ $? -eq 0 ] || is_running $dom; then
 		echo -n "(skip)"
 	    else
-		xm create --quiet --defconfig $dom
-		if [ $? -ne 0 ]; then
+		XMC=`xm create --quiet --defconfig $dom`
+            	if [ $? -ne 0 ]; then
+                    echo -e "\nAn error occured while creating domain ${dom##*/}: $XMC\n"
 		    rc_failed $?
-		    echo -n '!'
+		    echo -e '!'
 		else
 		    usleep $XENDOMAINS_CREATE_USLEEP
 		fi
 	    fi
 	done
-    fi	
+    fi
 }
 
 all_zombies()
@@ -293,18 +296,21 @@ all_zombies()
 # if it has not exited by that time kill it, so the init script will
 # succeed within a finite amount of time; if $2 is nonnull, it will
 # kill the command as well as soon as no domain (except for zombies)
-# are left (used for shutdown --all).
+# are left (used for shutdown --all). Third parameter, if any, suppresses
+# output of dots per working state (formatting issues)
 watchdog_xm()
 {
     if test -z "$XENDOMAINS_STOP_MAXWAIT" -o "$XENDOMAINS_STOP_MAXWAIT" = "0"; then
 	exit
     fi
+
     usleep 20000
     for no in `seq 0 $XENDOMAINS_STOP_MAXWAIT`; do
 	# exit if xm save/migrate/shutdown is finished
 	PSAX=`ps axlw | grep "xm $1" | grep -v grep`
 	if test -z "$PSAX"; then exit; fi
-	echo -n "."; sleep 1
+	if ! test -n "$3"; then echo -n '.'; fi
+	sleep 1
 	# go to kill immediately if there's only zombies left
 	if all_zombies && test -n "$2"; then break; fi
     done
@@ -312,10 +318,14 @@ watchdog_xm()
     read PSF PSUID PSPID PSPPID < <(echo "$PSAX")
     # kill xm $1
     kill $PSPID >/dev/null 2>&1
+    
+    echo -e .
 }
 
 stop()
 {
+    exec 3>&2 2> /dev/null
+    
     # Collect list of domains to shut down
     if test "$XENDOMAINS_AUTO_ONLY" = "true"; then
 	rdnames
@@ -333,7 +343,7 @@ stop()
 		    # nothing
 		    ;;
 		(*)
-		    echo -n '(skip)'
+		    echo -e '(skip)'
 		    continue
 		    ;;
 	    esac
@@ -345,8 +355,9 @@ stop()
 	if test -n "$XENDOMAINS_SYSRQ"; then
 	    for sysrq in $XENDOMAINS_SYSRQ; do
 		echo -n "(SR-$sysrq)"
-		xm sysrq $id $sysrq
+		XMR=`xm sysrq $id $sysrq 2>&1 1>/dev/null`
 		if test $? -ne 0; then
+                    echo -e "\nAn error occured while doing sysrq on domain:\n$XMR\n"
 		    rc_failed $?
 		    echo -n '!'
 		fi
@@ -362,13 +373,18 @@ stop()
 	    echo -n "(migr)"
 	    watchdog_xm migrate &
 	    WDOG_PID=$!
-	    xm migrate $id $XENDOMAINS_MIGRATE
+	    XMR=`xm migrate $id $XENDOMAINS_MIGRATE 2>&1 1>/dev/null`
 	    if test $? -ne 0; then
+                echo -e "\nAn error occured while migrating domain:\n$XMR\n"
 		rc_failed $?
-		echo -n '!'
+		echo -e '!'
+
 		kill $WDOG_PID >/dev/null 2>&1
 	    else
 		kill $WDOG_PID >/dev/null 2>&1
+		
+		echo -e .
+		usleep 1000
 		continue
 	    fi
 	fi
@@ -377,13 +393,16 @@ stop()
 	    watchdog_xm save &
 	    WDOG_PID=$!
 	    mkdir -p "$XENDOMAINS_SAVE"
-	    xm save $id $XENDOMAINS_SAVE/$name
+	    XMR=`xm save $id $XENDOMAINS_SAVE/$name 2>&1 1>/dev/null`
 	    if test $? -ne 0; then
+                echo -e "\nAn error occured while saving domain:\n$XMR\n"
 		rc_failed $?
-		echo -n '!'
+		echo -e '!'
 		kill $WDOG_PID >/dev/null 2>&1
 	    else
 		kill $WDOG_PID >/dev/null 2>&1
+		echo -e .
+		usleep 1000
 		continue
 	    fi
 	fi
@@ -392,10 +411,11 @@ stop()
 	    echo -n "(shut)"
 	    watchdog_xm shutdown &
 	    WDOG_PID=$!
-	    xm shutdown $id $XENDOMAINS_SHUTDOWN
+	    XMR=`xm shutdown $id $XENDOMAINS_SHUTDOWN 2>&1 1>/dev/null`
 	    if test $? -ne 0; then
+                echo -e "\nAn error occured while shutting down domain:\n$XMR\n"
 		rc_failed $?
-		echo -n '!'
+		echo -e '!'
 	    fi
 	    kill $WDOG_PID >/dev/null 2>&1
 	fi
@@ -408,18 +428,21 @@ stop()
     if ! all_zombies && test -n "$XENDOMAINS_SHUTDOWN_ALL"; then
 	# XENDOMAINS_SHUTDOWN_ALL should be "--all --halt --wait"
 	echo -n " SHUTDOWN_ALL "
-	watchdog_xm shutdown 1 &
+	watchdog_xm shutdown 1 false &
 	WDOG_PID=$!
-	xm shutdown $XENDOMAINS_SHUTDOWN_ALL
+	XMR=`xm shutdown $XENDOMAINS_SHUTDOWN_ALL 2>&1 1>/dev/null`
 	if test $? -ne 0; then
+            echo -e "\nAn error occured while shutting down all domains: $XMR\n"
 	    rc_failed $?
-	    echo -n '!'
+	    echo -e '!'
 	fi
 	kill $WDOG_PID >/dev/null 2>&1
     fi
 
     # Unconditionally delete lock file
     rm -f $LOCKFILE
+    
+    exec 2>&3
 }
 
 check_domain_up()
diff --git a/tools/python/xen/xend/XendAPI.py b/tools/python/xen/xend/XendAPI.py
index 71aac01f90..b4a33c4be1 100644
--- a/tools/python/xen/xend/XendAPI.py
+++ b/tools/python/xen/xend/XendAPI.py
@@ -29,6 +29,7 @@ import xmlrpclib
 import XendDomain, XendDomainInfo, XendNode, XendDmesg
 import XendLogging, XendTaskManager, XendAPIStore
 
+from xen.xend import uuid as genuuid
 from XendAPIVersion import *
 from XendAuthSessions import instance as auth_manager
 from XendError import *
@@ -1867,7 +1868,7 @@ class XendAPI(object):
         dom = xendom.get_vm_by_uuid(vbd_struct['VM'])
         vdi = xennode.get_vdi_by_uuid(vbd_struct['VDI'])
         if not vdi:
-            return xen_api_error(['HANDLE_INVALID', 'VDI', vdi_ref])
+            return xen_api_error(['HANDLE_INVALID', 'VDI', vbd_struct['VDI']])
 
         # new VBD via VDI/SR
         vdi_image = vdi.get_location()
@@ -2392,7 +2393,7 @@ class XendAPI(object):
             tpmif.destroy_vtpmstate(dom.getName())
             return xen_api_success_void()
         else:
-            return xen_api_error(['HANDLE_INVALID', 'VM', vtpm_struct['VM']])
+            return xen_api_error(['HANDLE_INVALID', 'VTPM', vtpm_ref])
 
     # class methods
     def VTPM_create(self, session, vtpm_struct):
@@ -2614,7 +2615,7 @@ class XendAPI(object):
         return xen_api_success_void()
 
     def event_unregister(self, session, unreg_classes):
-        event_unregister(session, reg_classes)
+        event_unregister(session, unreg_classes)
         return xen_api_success_void()
 
     def event_next(self, session):
@@ -2641,7 +2642,7 @@ class XendAPI(object):
         return xen_api_error(['DEBUG_FAIL', session])
 
     def debug_create(self, session):
-        debug_uuid = uuid.createString()
+        debug_uuid = genuuid.createString()
         self._debug[debug_uuid] = None
         return xen_api_success(debug_uuid)
 
diff --git a/tools/python/xen/xend/XendConfig.py b/tools/python/xen/xend/XendConfig.py
index 4b30c1ae43..2d2138559b 100644
--- a/tools/python/xen/xend/XendConfig.py
+++ b/tools/python/xen/xend/XendConfig.py
@@ -158,6 +158,7 @@ XENAPI_PLATFORM_CFG_TYPES = {
     'vncdisplay': int,
     'vnclisten': str,
     'timer_mode': int,
+    'vpt_align': int,
     'viridian': int,
     'vncpasswd': str,
     'vncunused': int,
@@ -459,6 +460,8 @@ class XendConfig(dict):
                 self['platform']['rtc_timeoffset'] = 0
             if 'hpet' not in self['platform']:
                 self['platform']['hpet'] = 0
+            if 'vpt_align' not in self['platform']:
+                self['platform']['vpt_align'] = 1
             if 'loader' not in self['platform']:
                 # Old configs may have hvmloader set as PV_kernel param
                 if self.has_key('PV_kernel') and self['PV_kernel'] != '':
diff --git a/tools/python/xen/xend/XendConstants.py b/tools/python/xen/xend/XendConstants.py
index 13e046a086..3130f75c08 100644
--- a/tools/python/xen/xend/XendConstants.py
+++ b/tools/python/xen/xend/XendConstants.py
@@ -50,6 +50,7 @@ HVM_PARAM_VIRIDIAN     = 9 # x86
 HVM_PARAM_TIMER_MODE   = 10
 HVM_PARAM_HPET_ENABLED = 11
 HVM_PARAM_ACPI_S_STATE = 14
+HVM_PARAM_VPT_ALIGN    = 16
 
 restart_modes = [
     "restart",
diff --git a/tools/python/xen/xend/XendDomainInfo.py b/tools/python/xen/xend/XendDomainInfo.py
index 5c08992963..b56d3c55ef 100644
--- a/tools/python/xen/xend/XendDomainInfo.py
+++ b/tools/python/xen/xend/XendDomainInfo.py
@@ -2237,6 +2237,12 @@ class XendDomainInfo:
             xc.hvm_set_param(self.domid, HVM_PARAM_HPET_ENABLED,
                              long(hpet))
 
+        # Optionally enable periodic vpt aligning
+        vpt_align = self.info["platform"].get("vpt_align")
+        if hvm and vpt_align is not None:
+            xc.hvm_set_param(self.domid, HVM_PARAM_VPT_ALIGN,
+                             long(vpt_align))
+
         # Set maximum number of vcpus in domain
         xc.domain_max_vcpus(self.domid, int(self.info['VCPUs_max']))
 
diff --git a/tools/python/xen/xm/create.py b/tools/python/xen/xm/create.py
index f87f5ccc53..d1a8ca2e0c 100644
--- a/tools/python/xen/xm/create.py
+++ b/tools/python/xen/xm/create.py
@@ -219,6 +219,10 @@ gopts.var('timer_mode', val='TIMER_MODE',
           use="""Timer mode (0=delay virtual time when ticks are missed;
           1=virtual time is always wallclock time.""")
 
+gopts.var('vpt_align', val='VPT_ALIGN',
+          fn=set_int, default=1,
+          use="Enable aligning all periodic vpt to reduce timer interrupts.")
+
 gopts.var('viridian', val='VIRIDIAN',
           fn=set_int, default=0,
           use="""Expose Viridian interface to x86 HVM guest?
@@ -891,7 +895,8 @@ def configure_hvm(config_image, vals):
              'sdl', 'display', 'xauthority', 'rtc_timeoffset', 'monitor',
              'acpi', 'apic', 'usb', 'usbdevice', 'keymap', 'pci', 'hpet',
              'guest_os_type', 'hap', 'opengl', 'cpuid', 'cpuid_check',
-             'viridian', 'xen_extended_power_mgmt', 'pci_msitranslate' ]
+             'viridian', 'xen_extended_power_mgmt', 'pci_msitranslate',
+             'vpt_align' ]
 
     for a in args:
         if a in vals.__dict__ and vals.__dict__[a] is not None:
diff --git a/tools/python/xen/xm/xenapi_create.py b/tools/python/xen/xm/xenapi_create.py
index 39489e497f..74a534f58c 100644
--- a/tools/python/xen/xm/xenapi_create.py
+++ b/tools/python/xen/xm/xenapi_create.py
@@ -1037,6 +1037,7 @@ class sxp2xml:
             'usbdevice',
             'hpet',
             'timer_mode',
+            'vpt_align',
             'viridian',
             'vhpt',
             'guest_os_type',
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index ff531e3ae2..ae4acb3787 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -542,6 +542,22 @@ static int hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context_t *h)
         return -EINVAL;
     }
 
+    /* Older Xen versions used to save the segment arbytes directly 
+     * from the VMCS on Intel hosts.  Detect this and rearrange them
+     * into the struct segment_register format. */
+#define UNFOLD_ARBYTES(_r)                          \
+    if ( (_r & 0xf000) && !(_r & 0x0f00) )          \
+        _r = ((_r & 0xff) | ((_r >> 4) & 0xf00))
+    UNFOLD_ARBYTES(ctxt.cs_arbytes);
+    UNFOLD_ARBYTES(ctxt.ds_arbytes);
+    UNFOLD_ARBYTES(ctxt.es_arbytes);
+    UNFOLD_ARBYTES(ctxt.fs_arbytes);
+    UNFOLD_ARBYTES(ctxt.gs_arbytes);
+    UNFOLD_ARBYTES(ctxt.ss_arbytes);
+    UNFOLD_ARBYTES(ctxt.tr_arbytes);
+    UNFOLD_ARBYTES(ctxt.ldtr_arbytes);
+#undef UNFOLD_ARBYTES
+
     /* Architecture-specific vmcs/vmcb bits */
     if ( hvm_funcs.load_cpu_ctxt(v, &ctxt) < 0 )
         return -EINVAL;
diff --git a/xen/arch/x86/hvm/vpt.c b/xen/arch/x86/hvm/vpt.c
index 5dae7cd505..fe4ec99129 100644
--- a/xen/arch/x86/hvm/vpt.c
+++ b/xen/arch/x86/hvm/vpt.c
@@ -384,13 +384,25 @@ void create_periodic_time(
     pt->period_cycles = (u64)period;
     pt->one_shot = !period;
     pt->scheduled = NOW() + delta;
-    /*
-     * Offset LAPIC ticks from other timer ticks. Otherwise guests which use
-     * LAPIC ticks for process accounting can see long sequences of process
-     * ticks incorrectly accounted to interrupt processing.
-     */
-    if ( !pt->one_shot && (pt->source == PTSRC_lapic) )
-        pt->scheduled += delta >> 1;
+
+    if ( !pt->one_shot )
+    {
+        if ( v->domain->arch.hvm_domain.params[HVM_PARAM_VPT_ALIGN] )
+        {
+            pt->scheduled = align_timer(pt->scheduled, pt->period);
+        }
+        else if ( pt->source == PTSRC_lapic )
+        {
+            /*
+             * Offset LAPIC ticks from other timer ticks. Otherwise guests
+             * which use LAPIC ticks for process accounting can see long
+             * sequences of process ticks incorrectly accounted to interrupt
+             * processing (seen with RHEL3 guest).
+             */
+            pt->scheduled += delta >> 1;
+        }
+    }
+
     pt->cb = cb;
     pt->priv = data;
 
diff --git a/xen/common/timer.c b/xen/common/timer.c
index d5f08d370f..eca25b3fb7 100644
--- a/xen/common/timer.c
+++ b/xen/common/timer.c
@@ -473,6 +473,13 @@ void process_pending_timers(void)
         timer_softirq_action();
 }
 
+s_time_t align_timer(s_time_t firsttick, uint64_t period)
+{
+    if ( !period )
+        return firsttick;
+
+    return firsttick + (period - 1) - ((firsttick - 1) % period);
+}
 
 static void dump_timerq(unsigned char key)
 {
diff --git a/xen/drivers/passthrough/amd/iommu_init.c b/xen/drivers/passthrough/amd/iommu_init.c
index 2951035108..4c1edf96ba 100644
--- a/xen/drivers/passthrough/amd/iommu_init.c
+++ b/xen/drivers/passthrough/amd/iommu_init.c
@@ -487,11 +487,13 @@ static int set_iommu_interrupt_handler(struct amd_iommu *iommu)
     }
 
     irq_desc[vector].handler = &iommu_msi_type;
+    vector_to_iommu[vector] = iommu;
     ret = request_irq_vector(vector, amd_iommu_page_fault, 0,
                              "amd_iommu", iommu);
     if ( ret )
     {
         irq_desc[vector].handler = &no_irq_type;
+        vector_to_iommu[vector] = NULL;
         free_irq_vector(vector);
         amd_iov_error("can't request irq\n");
         return 0;
@@ -499,7 +501,6 @@ static int set_iommu_interrupt_handler(struct amd_iommu *iommu)
 
     /* Make sure that vector is never re-used. */
     vector_irq[vector] = NEVER_ASSIGN_IRQ;
-    vector_to_iommu[vector] = iommu;
     iommu->vector = vector;
     return vector;
 }
diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
index 9aaa6400a8..386b0f9a16 100644
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -870,7 +870,7 @@ static struct hw_interrupt_type dma_msi_type = {
     .set_affinity = dma_msi_set_affinity,
 };
 
-int iommu_set_interrupt(struct iommu *iommu)
+static int iommu_set_interrupt(struct iommu *iommu)
 {
     int vector, ret;
 
@@ -882,10 +882,12 @@ int iommu_set_interrupt(struct iommu *iommu)
     }
 
     irq_desc[vector].handler = &dma_msi_type;
+    vector_to_iommu[vector] = iommu;
     ret = request_irq_vector(vector, iommu_page_fault, 0, "dmar", iommu);
     if ( ret )
     {
         irq_desc[vector].handler = &no_irq_type;
+        vector_to_iommu[vector] = NULL;
         free_irq_vector(vector);
         gdprintk(XENLOG_ERR VTDPREFIX, "IOMMU: can't request irq\n");
         return ret;
@@ -893,7 +895,6 @@ int iommu_set_interrupt(struct iommu *iommu)
 
     /* Make sure that vector is never re-used. */
     vector_irq[vector] = NEVER_ASSIGN_IRQ;
-    vector_to_iommu[vector] = iommu;
 
     return vector;
 }
diff --git a/xen/include/public/hvm/params.h b/xen/include/public/hvm/params.h
index d5511bdd0a..15d828fe14 100644
--- a/xen/include/public/hvm/params.h
+++ b/xen/include/public/hvm/params.h
@@ -103,6 +103,9 @@
 /* TSS used on Intel when CR0.PE=0. */
 #define HVM_PARAM_VM86_TSS     15
 
-#define HVM_NR_PARAMS          16
+/* Boolean: Enable aligning all periodic vpts to reduce interrupts */
+#define HVM_PARAM_VPT_ALIGN    16
+
+#define HVM_NR_PARAMS          17
 
 #endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */
diff --git a/xen/include/xen/timer.h b/xen/include/xen/timer.h
index f3d2705d82..0379d950a3 100644
--- a/xen/include/xen/timer.h
+++ b/xen/include/xen/timer.h
@@ -122,6 +122,9 @@ DECLARE_PER_CPU(s_time_t, timer_deadline);
 /* Arch-defined function to reprogram timer hardware for new deadline. */
 extern int reprogram_timer(s_time_t timeout);
 
+/* calculate the aligned first tick time for a given periodic timer */ 
+extern s_time_t align_timer(s_time_t firsttick, uint64_t period);
+
 #endif /* _TIMER_H_ */
 
 /*
diff --git a/xen/xsm/flask/ss/policydb.c b/xen/xsm/flask/ss/policydb.c
index 6e488e0507..42b23b08b7 100644
--- a/xen/xsm/flask/ss/policydb.c
+++ b/xen/xsm/flask/ss/policydb.c
@@ -1515,8 +1515,8 @@ int policydb_read(struct policydb *p, void *fp)
     if ( len != strlen(POLICYDB_STRING) )
     {
         printk(KERN_ERR "security:  policydb string length %d does not "
-               "match expected length %Zu\n",
-               len, (u32) strlen(POLICYDB_STRING));
+               "match expected length %lu\n",
+               len, strlen(POLICYDB_STRING));
         goto bad;
     }
     policydb_str = xmalloc_array(char, len + 1);