| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add this option to workaround BIOS bugs. Currently it ignores DRHD
if "all" devices under its scope are not pci discoverable. This
workarounds a BIOS bug in some platforms to make VT-d work. But note
that this option doesn't guarantee security, because it might ignore
DRHD.
So there are 3 options which handle BIOS bugs differently:
iommu=1 (default): If detect non-existent device under a DRHD's
scope, or find incorrect RMRR setting (base_address > end_address),
disable VT-d completely in Xen with warning messages. This guarantees
security when VT-d enabled, or just disable VT-d to let Xen work
without VT-d.
iommu=force: it enforces to enable VT-d in Xen. If VT-d cannot be
enabled, it will crashes Xen. This is mainly for users who must need
VT-d.
iommu=workaround_bogus_bios: it workarounds some BIOS bugs to make
VT-d still work. This might be insecure because there might be a
device not protected by any DRHD if the device is re-enabled by
malicious s/w. This is for users who want to use VT-d regardless of
security.
Signed-off-by: Weidong Han <weidong.han@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch exposes the flask_access, flask_avc_cachestats,
flask_avc_hashstats, flask_getavc_threshold, flask_setavc_threshold,
and flask_policyvers functions to user-space. A python wrapper was
created for the flask_access function to facilitate policy based
user-space access control decisions. flask.h was renamed to libflask.h
to remove a naming conflict.
Signed-off-by : Machon Gregory <mbgrego@tycho.ncsc.mil>
|
|
|
|
|
| |
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Tested-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
dev_unplug=[all,][ide-disks,][aux-ide-disks,][nics]
ide-disks: Unplug all emulated IDE disks (but not CD-ROMs)
aux-ide-disks: As above, but doesn't touch primary IDE master
nics: Unplug all emulated NICs
all: ide-disks and nics
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to make Xen more defensive to VT-d related BIOS issue, this
patch ignores a DRHD if all devices under its scope are not pci
discoverable, and regards a DRHD as invalid and then disable whole
VT-d if some devices under its scope are not pci discoverable. But if
iommu=force is set, it will enable all DRHDs reported by BIOS, to
avoid any security vulnerability with malicious s/s re-enabling
"supposed disabled" devices. Pls note that we don't know the devices
under the "Include_all" DRHD are existent or not, because the scope of
"Include_all" DRHD won't enumerate common pci device, it only
enumerates I/OxAPIC and HPET devices.
Signed-off-by: Noboru Iwamatsu <n_iwamatsu@jp.fujitsu.com>
Signed-off-by: Weidong Han <weidong.han@intel.com>
|
|
|
|
|
|
|
|
| |
Download libconfig.tar.gz from xenbits.org extfiles rather than from
upstream. This insulates us from upstream networking failures and any
upstream changes to the files hosted etc.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before igb PF driver is unloaded, dom0 doesn't unload igbvf driver
automatically. When igb drver is unloaded, it invokes the
PHYSDEVOP_manage_pci_remove hypercall to remove the VFs and xen frees
the msi irqs by pci_cleanup_msi() -> ... -> dynamic_irq_cleanup() and
sets the desc->action to NULL. igbvf driver knows the VF is
disappearing via a hook ndo_stop() in dev_close() and tries to unbind
the pirq and xen would crash as the desc->action is NULL now.
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On rebooting a hvm, the blktapctrl daemon has died.
gdb shows the following call trace:
(gdb) where
#0 0x00000039d1830155 in raise () from /lib64/libc.so.6
#1 0x00000039d1831bf0 in abort () from /lib64/libc.so.6
#2 0x00000039d186a38b in __libc_message () from /lib64/libc.so.6
#3 0x00000039d1871634 in _int_free () from /lib64/libc.so.6
#4 0x00000039d1874c5c in free () from /lib64/libc.so.6
#5 0x0000003320a01bdd in ueblktap_probe (h=3D0x6073b0,=20
w=<value optimized out>, bepath_im=<value optimized out>) at
xenbus.c:270
#6 0x0000003320a020e0 in xs_fire_next_watch (h=3D0x6073b0) at
xs_api.c:355
#7 0x0000000000401785 in main (argc=3D<value optimized out>,
argv=<value optimized out>) at blktapctrl.c:907
There is a case that "/local/domain/0/backend/tap/<dom_id>" exists but
"/local/domain/<dom_id>/vm" is not in the xenstore.
Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just like the kernel, the fallback implementation of
xc_map_foreign_bulk() should clear the error indication array upon
success.
Also, a few allocations were needlessly using calloc() instead of
malloc().
Finally, in xc_domain_save() allocate the error indicator array once
(along with the other arrays) instead of using realloc() (without
error checking) in the loop body.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
|
|
|
|
|
|
| |
Allow certain performance-critical hypercall wrappers to register data
buffers via a new interface which allows them to be 'bounced' into a
pre-mlock'ed page-sized per-thread data area. This saves the cost of
mlock/munlock on every such hypercall, which can be very expensive on
modern kernels.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
| |
The (only) two callers of it don't need it, as the MSI-X case of
msi_set_mask_bit() already does the necessary readl().
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
|
|
|
|
| |
Equivalent to dumping IO-APIC state; the question is whether this
ought to live on its own key (as done here), or whether it should be
chanined to from the 'i' handler.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
| |
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
|
|
|
|
|
|
|
|
| |
Attached patch fixes sysfs error path.
NetBSD also has a /proc/mounts file but no sysfs.
On Linux you can test this with sysfs not mounted.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
| |
Signed-off-by: Weidong Han <weidong.han@intel.com>
|
|
|
|
|
|
|
|
|
| |
20827:fad80160c001 cannot be compiled on ia64:
xentrace.c:647: error: 'PAGE_SIZE' undeclared (first use in this
This patch fixes it.
Signed-off-by: KUWAMURA Shin'ya <kuwa@jp.fujitsu.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, Xen checks RMRR range and disables VT-d if RMRR range is
set incorrectly in BIOS rigorously. But, actually we can ignore the
RMRR if the device under its scope are not pci discoverable, because
the RMRR won't be used by non-existed or disabled devices.
This patch ignores the RMRR if the device under its scope are not pci
discoverable, and only checks the validity of RMRRs that are actually
used. In order to avoid duplicate pci device detection code, this
patch defines a function pci_device_detect for it.
Signed-off-by: Weidong Han <weidong.han@intel.com>
|
|
|
|
|
|
|
|
|
|
| |
deassign_device may fail, so need to capture its failure for
appropriate handling. This patch captures return values of
deassign_device, and prints error messages if it fails.
In addition, this patch also fixes some code style issues.
Signed-off-by: Weidong Han <Weidong.han@intel.com>
|
|
|
|
|
|
|
|
| |
0b138a019292 was a little too ambitious replacing xc_map_foreign_batch
with xc_map_foreign_pages in xc_domain_restore. With HVM, some of the
mappings are expected to fail (as "XTAB" pages).
Signed-off-by: Brendan Cully <brendan@cs.ubc.ca>
|
|
|
|
|
|
|
|
| |
vm.image does not exist at this point in the restore process.
I haven't looked at the memory_sharing code. It's likely something
better is needed to make that work across relocation.
Signed-off-by: Brendan Cully <brendan@cs.ubc.ca>
|
|
|
|
| |
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
|
|
|
|
| |
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current xentrace configuration, xentrace buffers are all
allocated in a single contiguous chunk, and then divided among logical
cpus, one buffer per cpu. The size of an allocatable chunk is fairly
limited, in my experience about 128 pages (512KiB). As the number of
logical cores increase, this means a much smaller maximum per-cpu
trace buffer per cpu; on my dual-socket quad-core nehalem box with
hyperthreading (16 logical cpus), that comes to 8 pages per logical
cpu.
This patch addresses this issue by allocating per-cpu buffers
separately.
Signed-off-by: George Dunlap <dunlapg@umich.edu>
|
|
|
|
|
|
|
| |
Converting an Python Int, sizeof(long) already returns byte length
rather than bit length so do not divide-by-8.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
Can be disabled with 'iommu=0' boot parameter.
Note that iommu_inclusive_mapping is now also enabled by default, to
deal with systems with broken BIOS tables specifying bad RMRRs. Old
behaviour can be specified via 'iommu_inclusive_mapping=0'.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
Set the feature by default and disable it if we can detect TSC warp,
rather than leaving the feature cleared and setting it if we happen
not to detect TSC warp.
This way round fixes dom0 kernel boot for Masaki Kanno.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
| |
Due to recent changes related to xc_map_foreign_bulk, xc_domain_save
segfaults because it tries to use pfn_err without allocating it first.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
|
|
|
|
|
|
|
| |
This simple patch fixes the "xl list" output and cleans
libxl_list_domain after the recent API changes to list domains and
VMs.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
|
|
|
|
|
|
| |
In order to do so it modifies map_frames_ex and do_map_frames to take
an int *err as parameter and return any error that way.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
| |
after boot. Avoids doing the allocations on the CPU itself, while in a
not-fully-online state and with irqs disabled. This way we avoid
assertions about irqs being disabled in e.g., tlb flush logic.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Back in c/s 18950 the default cpufreq governor was set to userspace
(it had previously been performance). However, since there is no
supplied userspace program or script that will change the frequency
this is at best a no-op. Worse, on some hardware with some BIOS
revisions, this actually sets the CPUs running at their lowest
frequency rather than their highest and there is a corresponding (and
initially puzzling) drop in performance.
This patch changes the default governor to "ondemand" which should
make it the same as the Linux default and will provide power savings
for the majority without needing to write a userspace governor. For
those that want to install their own governor, that is still possible.
Signed-off-by: John Haxby <john.haxby@oracle.com>
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent.hanquez@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
previously list_domain was something between listing VM and domains.
provide 2 separates API calls to list domains and list vms. the list
vms API filters utility domains like stubdomains, and domain 0
change is_stubdom to properly check the integer and also return a
boolean value.
Signed-off-by: Vincent Hanquez <vincent.hanquez@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
nodes without memory will currently be disabled by also moving the
physical cores connected to them to other nodes. This leads to nodes
without CPUs and thus to a division by zero in the node allocation
algorithm. Attached patch fixes this by checking for 0 before the
division. This fixes domain creation on boxes with memory-less nodes.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
|
|
|
|
| |
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
|
|
|
|
|
|
|
|
| |
privcmd_ioctl returns EINVAL if the type is not supported.
This fixes the guest booting issue caused by C/S 20791.
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
| |
Enumerate the best nodes and add CPU affinity until all VCPUs can be
backed by at least one physical core. This should fix problems with
asymmetric NUMA configurations and cropped number of CPUs in Xen.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
|