8 files changed, 72 insertions, 31 deletions

diff --git a/tools/firmware/vmxassist/gen.c b/tools/firmware/vmxassist/gen.c
index 298f3f5877..3cdea7240f 100644
--- a/tools/firmware/vmxassist/gen.c
+++ b/tools/firmware/vmxassist/gen.c
@@ -23,7 +23,7 @@
 #include <vm86.h>
 
 int
-main()
+main(void)
 {
 	printf("/* MACHINE GENERATED; DO NOT EDIT */\n");
 	printf("#define VMX_ASSIST_CTX_GS_SEL	0x%x\n",
diff --git a/tools/firmware/vmxassist/head.S b/tools/firmware/vmxassist/head.S
index 1541a1c8e9..1410a730f0 100644
--- a/tools/firmware/vmxassist/head.S
+++ b/tools/firmware/vmxassist/head.S
@@ -110,6 +110,10 @@ rom_gdtr:
 _start:
 	cli
 
+	/* save register parameters to C land */
+	movl	%edx, booting_cpu
+	movl	%ebx, booting_vector
+
 	/* clear bss */
 	cld
 	xorb	%al, %al
@@ -129,7 +133,6 @@ _start:
 	call    main
 	jmp	halt
 
-
 /*
  * Something bad happened, print invoking %eip and loop forever
  */
diff --git a/tools/firmware/vmxassist/setup.c b/tools/firmware/vmxassist/setup.c
index a83705f449..dc253afec0 100644
--- a/tools/firmware/vmxassist/setup.c
+++ b/tools/firmware/vmxassist/setup.c
@@ -29,6 +29,9 @@
 
 #define	min(a, b)	((a) > (b) ? (b) : (a))
 
+/* Which CPU are we booting, and what is the initial CS segment? */
+int booting_cpu, booting_vector;
+
 unsigned long long gdt[] __attribute__ ((aligned(32))) = {
 	0x0000000000000000ULL,		/* 0x00: reserved */
 	0x0000890000000000ULL,		/* 0x08: 32-bit TSS */
@@ -201,12 +204,17 @@ enter_real_mode(struct regs *regs)
 		initialize_real_mode = 0;
 		regs->eflags |= EFLAGS_VM | 0x02;
 		regs->ves = regs->vds = regs->vfs = regs->vgs = 0xF000;
-		regs->cs = 0xF000; /* ROM BIOS POST entry point */
+		if (booting_cpu == 0) {
+			regs->cs = 0xF000; /* ROM BIOS POST entry point */
 #ifdef TEST
-		regs->eip = 0xFFE0;
+			regs->eip = 0xFFE0;
 #else
-		regs->eip = 0xFFF0;
+			regs->eip = 0xFFF0;
 #endif
+		} else {
+			regs->cs = booting_vector << 8; /* AP entry point */
+			regs->eip = 0;
+		}
 		regs->uesp = 0;
 		regs->uss = 0;
 		printf("Starting emulated 16-bit real-mode: ip=%04x:%04x\n",
@@ -215,8 +223,8 @@ enter_real_mode(struct regs *regs)
 		mode = VM86_REAL; /* becomes previous mode */
 		set_mode(regs, VM86_REAL);
 
-                /* this should get us into 16-bit mode */
-                return;
+		/* this should get us into 16-bit mode */
+		return;
 	} else {
 		/* go from protected to real mode */
 		regs->eflags |= EFLAGS_VM;
@@ -334,7 +342,12 @@ start_bios(void)
 {
 	unsigned long cr0;
 
-	printf("Start BIOS ...\n");
+	if (booting_cpu == 0)
+		printf("Start BIOS ...\n");
+	else
+		printf("Start AP %d from %08x ...\n",
+		       booting_cpu, booting_vector << 12);
+
 	initialize_real_mode = 1;
 	cr0 = get_cr0();
 #ifndef TEST
@@ -345,20 +358,28 @@ start_bios(void)
 }
 
 int
-main()
+main(void)
 {
-	banner();
+	if (booting_cpu == 0)
+		banner();
+
 #ifdef TEST
 	setup_paging();
 #endif
+
 	setup_gdt();
 	setup_idt();
+
 #ifndef	TEST
-	set_cr4(get_cr4() | CR4_VME); 
+	set_cr4(get_cr4() | CR4_VME);
 #endif
+
 	setup_ctx();
-	setup_pic();
+
+	if (booting_cpu == 0)
+		setup_pic();
+
 	start_bios();
+
 	return 0;
 }
-
diff --git a/tools/firmware/vmxassist/vmxloader.c b/tools/firmware/vmxassist/vmxloader.c
index 15aad0bf5f..2a2a17bc4f 100644
--- a/tools/firmware/vmxassist/vmxloader.c
+++ b/tools/firmware/vmxassist/vmxloader.c
@@ -132,11 +132,12 @@ main(void)
 		 memcpy((void *)ACPI_PHYSICAL_ADDRESS, acpi, sizeof(acpi));
 	}
 #endif
-			
+
 	puts("Loading VMXAssist ...\n");
 	memcpy((void *)TEXTADDR, vmxassist, sizeof(vmxassist));
+
 	puts("Go ...\n");
-	((void (*)())TEXTADDR)();
+	asm volatile ( "jmp *%%eax" : : "a" (TEXTADDR), "d" (0) );
+
 	return 0;
 }
-
diff --git a/tools/ioemu/vl.c b/tools/ioemu/vl.c
index 2fd60a5aba..5a4617dbc9 100644
--- a/tools/ioemu/vl.c
+++ b/tools/ioemu/vl.c
@@ -2385,7 +2385,8 @@ int
 setup_mapping(int xc_handle, u32 dom, unsigned long toptab, unsigned long  *mem_page_array, unsigned long *page_table_array, unsigned long v_start, unsigned long v_end)
 {
     l1_pgentry_t *vl1tab=NULL, *vl1e=NULL;
-    l2_pgentry_t *vl2tab[4], *vl2e=NULL, *vl2_table = NULL;
+    l2_pgentry_t *vl2tab[4] = {NULL, NULL, NULL, NULL};
+    l2_pgentry_t *vl2e=NULL, *vl2_table = NULL;
     unsigned long l1tab;
     unsigned long ppt_alloc = 0;
     unsigned long count;
diff --git a/xen/arch/x86/shadow32.c b/xen/arch/x86/shadow32.c
index 796767132c..4b2a417c25 100644
--- a/xen/arch/x86/shadow32.c
+++ b/xen/arch/x86/shadow32.c
@@ -755,9 +755,13 @@ void free_monitor_pagetable(struct vcpu *v)
 
     /*
      * Then free monitor_table.
+     * Note: for VMX guest, only BSP need do this free.
      */
-    mfn = pagetable_get_pfn(v->arch.monitor_table);
-    free_domheap_page(&frame_table[mfn]);
+    if (!(VMX_DOMAIN(v) && v->vcpu_id)) {
+        mfn = pagetable_get_pfn(v->arch.monitor_table);
+        unmap_domain_page(v->arch.monitor_vtable);
+        free_domheap_page(&frame_table[mfn]);
+    }
 
     v->arch.monitor_table = mk_pagetable(0);
     v->arch.monitor_vtable = 0;
diff --git a/xen/arch/x86/shadow_public.c b/xen/arch/x86/shadow_public.c
index 771e8d0fc1..fad54a7f97 100644
--- a/xen/arch/x86/shadow_public.c
+++ b/xen/arch/x86/shadow_public.c
@@ -256,14 +256,16 @@ void free_monitor_pagetable(struct vcpu *v)
 {
     unsigned long mfn;
 
-//    ASSERT( pagetable_val(v->arch.monitor_table) );
+    ASSERT( pagetable_val(v->arch.monitor_table) );
     /*
      * free monitor_table.
+     * Note: for VMX guest, only BSP need do this free.
      */
-    //mfn = (pagetable_val(v->arch.monitor_table)) >> PAGE_SHIFT;
-    mfn = pagetable_get_pfn(v->arch.monitor_table);
-    unmap_domain_page(v->arch.monitor_vtable);
-    free_domheap_page(&frame_table[mfn]);
+    if (!(VMX_DOMAIN(v) && v->vcpu_id)) {
+        mfn = pagetable_get_pfn(v->arch.monitor_table);
+        unmap_domain_page(v->arch.monitor_vtable);
+        free_domheap_page(&frame_table[mfn]);
+    }
     v->arch.monitor_table = mk_pagetable(0);
     v->arch.monitor_vtable = 0;
 }
@@ -358,9 +360,13 @@ void free_monitor_pagetable(struct vcpu *v)
 
     /*
      * Then free monitor_table.
+     * Note: for VMX guest, only BSP need do this free.
      */
-    mfn = pagetable_get_pfn(v->arch.monitor_table);
-    free_domheap_page(&frame_table[mfn]);
+    if (!(VMX_DOMAIN(v) && v->vcpu_id)) {
+        mfn = pagetable_get_pfn(v->arch.monitor_table);
+        unmap_domain_page(v->arch.monitor_vtable);
+        free_domheap_page(&frame_table[mfn]);
+    }
 
     v->arch.monitor_table = mk_pagetable(0);
     v->arch.monitor_vtable = 0;
diff --git a/xen/arch/x86/vmx_platform.c b/xen/arch/x86/vmx_platform.c
index d7ef47d718..3e805cac8c 100644
--- a/xen/arch/x86/vmx_platform.c
+++ b/xen/arch/x86/vmx_platform.c
@@ -667,6 +667,7 @@ static void mmio_operands(int type, unsigned long gpa, struct instruction *inst,
     mpcip->instr = inst->instr;
     mpcip->operand[0] = inst->operand[0]; /* source */
     mpcip->operand[1] = inst->operand[1]; /* destination */
+    mpcip->immediate = inst->immediate;
 
     if (inst->operand[0] & REGISTER) { /* dest is memory */
         index = operand_index(inst->operand[0]);
@@ -833,12 +834,16 @@ void handle_mmio(unsigned long va, unsigned long gpa)
         mmio_operands(IOREQ_TYPE_XOR, gpa, &mmio_inst, mpcip, regs);
         break;
 
-    case INSTR_CMP:
-        mmio_operands(IOREQ_TYPE_COPY, gpa, &mmio_inst, mpcip, regs);
-        break;
-
+    case INSTR_CMP:        /* Pass through */
     case INSTR_TEST:
-        mmio_operands(IOREQ_TYPE_COPY, gpa, &mmio_inst, mpcip, regs);
+        mpcip->flags = mmio_inst.flags;
+        mpcip->instr = mmio_inst.instr;
+        mpcip->operand[0] = mmio_inst.operand[0]; /* source */
+        mpcip->operand[1] = mmio_inst.operand[1]; /* destination */
+        mpcip->immediate = mmio_inst.immediate;
+
+        /* send the request and wait for the value */
+        send_mmio_req(IOREQ_TYPE_COPY, gpa, 1, mmio_inst.op_size, 0, IOREQ_READ, 0);
         break;
 
     default: