| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a VM has all its PCI devices deassigned, need_iommu(d) becomes
false but it might still have DPCI EOI timers that were init_timer()d
but not yet kill_timer()d. That causes xen to crash later because the
linked list of inactive timers gets corrupted, e.g.:
(XEN) Xen call trace:
(XEN) [<ffff82c480126256>] set_timer+0x1c2/0x24f
(XEN) [<ffff82c48011fbf8>] schedule+0x129/0x5dd
(XEN) [<ffff82c480122c1e>] __do_softirq+0x7e/0x89
(XEN) [<ffff82c480122c9d>] do_softirq+0x26/0x28
(XEN) [<ffff82c480153c85>] idle_loop+0x5a/0x5c
(XEN)
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) Assertion 'entry->next->prev == entry' failed at
/local/scratch/tdeegan/xen-unstable.hg/xen/include:172
(XEN) ****************************************
The following patch makes sure that the domain destruction path always
clears up the DPCI state even if !needs_iommu(d).
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
xen-unstable changeset: 23746:aa54b8175954
xen-unstable date: Mon Jul 25 16:41:33 2011 +0100
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is clearer and less fragile than trying to make relative calls
work. In particular, the old approach failed if _start was not
== HVMLOADER_PHYSICAL_ADDRESS. This was the case for some modern
toolchains which reorder functions.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23730:dd5eecf739d1
xen-unstable date: Wed Jul 20 15:02:16 2011 +0100
hvmloader: Remove hard tabs from source files.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23729:4f1109af9c63
xen-unstable date: Wed Jul 20 14:52:16 2011 +0100
|
| |
|
|
|
|
|
|
| |
Backported from xen-4.1-testing.hg 23086:9b5fbd8ff152 -iwj.
Signed-off-by: Fabio Fantoni <fabio.fantoni@heliman.it>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Guests would not manage to run successfully after being migrated to a
host having sufficiently much more memory than the host they were
originally started on.
Subsequently the plan is to re-enable the changes behavior under the
control of a guest kernel announced feature flag.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
xen-unstable changeset: 23706:3dd399873c9e
xen-unstable date: Sat Jul 16 09:18:21 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The result of a CPUID Extended Topology Enumeration leaf for PV guests
is invalid as the level in ECX is ignored. This can cause some guests
to loop endlessly when trying to enumerate the topology.
Since the physical topology isn't useful to PV guests set the topology
leaf as unsupported.
Guests affected include Linux kernels prior 2.6.32 where a workaround
was applied ("xen: mask extended topology info in cpu",
82d6469916c6fcfa345636a49004c9d1753905d1).
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
xen-unstable changeset: 23700:867bb675b57b
xen-unstable date: Sat Jul 16 09:05:45 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some versions of Oracle's Solaris PV drivers make a check that the
maximal Xen hypervisor CPUID leaf is <= base leaf + 2 and refuse to
work if this is not the case. The addition of the time leaf makes the
maximal leaf == base leaf + 3 so this patch introduces a workaround
that obscures the time leaf unless PVRDTSCP is in operation.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
xen-unstable changeset: 23661:8fe6f4be18aa
xen-unstable date: Fri Jul 08 08:31:10 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently different x86 cpu define different attr for cpu_dev.
Some cpu define as __initdata, this would be risk under cpu hotplug.
This patch fix the bug, unify them as __cpuinitdata, as what AMD cpu
define now.
Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Shan, Haitao <haitao.shan@intel.com>
xen-unstable changeset: 23659:7fe0331986c5
xen-unstable date: Fri Jul 08 08:30:41 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since the perf counter that the LAPIC NMI watchdog uses only
runs while the core isn't halted, and all APs are idle at
this point in the boot process, it's possible that remote
CPUs won't see any NMIs during the 10-tick waiting period.
Force all CPUs to busy-wait so we know the timers are running.
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
xen-unstable changeset: 23612:6c7a23e08a04
xen-unstable date: Tue Jun 28 09:16:13 2011 +0100
|
| |
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23553:eca057e4475c
xen-unstable date: Fri Jun 17 08:08:13 2011 +0100
|
| |
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23549:a574bf2f5059
xen-unstable date: Thu Jun 16 16:14:51 2011 +0100
|
| |
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23546:d25f2c114ace
xen-unstable date: Wed Jun 15 20:33:58 2011 +0100
|
| |
|
|
|
|
|
|
| |
Thanks to John McDermott <john.mcdermott@nrl.navy.mil> for spotting.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23505:5a557fda70a9
xen-unstable date: Fri Jun 10 08:08:44 2011 +0100
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23461:5839e797a130
xen-unstable date: Thu Jun 02 14:39:50 2011 +0100
|
| |
|
|
|
|
|
| |
From: Xin Li <xin.li@intel.com>
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23441:4d28306d6e33
xen-unstable date: Tue May 31 13:57:45 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than sprinkling panic()s throughout the setup code hoist the
check up into common code.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Keir Fraser <keir@xen.org>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen-unstable changeset: 23402:f979a1a69fe3
xen-unstable date: Thu May 26 08:18:44 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
while implementing core dumping functionality for the libxl driver
of libvirt, I discovered an issue with mapping pages of a pv guest.
After dumping the core of a pv guest the domain was not cleared up
properly and some pages were not unmapped. This issue is similar
to the one reported here:
http://lists.xensource.com/archives/html/xen-devel/2011-05/msg01314.html
In xc_domain_dumpcore_via_callback in the file xc_core.c the function
xc_core_arch_map_p2m is called to map P2M_FL_ENTRIES pages to the
variable p2m.
But to unmap the pages later, the dinfo->p2m_size has to be set
accordingly.
This was not done, instead a variable named p2m_size was set.
This way P2M_FL_ENTRIES was always zero and the pages were left
mapped.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen-unstable changeset: 23374:8bd7b5e98f2a
xen-unstable date: Tue May 24 15:00:16 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With some help from Olaf, I've finally got to the bottom of an issue I
came across while trying to implement save/restore in the libvirt
libxenlight driver. After issuing the save operation, the saved
domain was not being cleaned up properly and left in this state from
xl's perspective
xen33:# xl list
Name ID Mem VCPUs State Time(s)
Domain-0 0 6821 8 r----- 122.5
(null) 2 2 2 --pssd 10.8
Checking the libvirtd /proc/$pid/maps I found this
7f3798984000-7f3798b86000 r--s 00002000 00:03 4026532097
/proc/xen/privcmd
So not all all pages belonging to the domain were unmapped from
libvirtd. In tools/libxc/xc_domain_save.c we found that
P2M_FL_ENTRIES were being mapped but only P2M_FLL_ENTRIES were being
unmapped. The attached patch changes the unmapping to use the same
P2M_FL_ENTRIES macro. I'm not too familiar with this code though so
posting here for review.
I suspect this was not noticed before since most (all?) processes
doing save terminate after the save and are not long-running like
libvirtd.
Ian Campbell writes:
> Looks like I introduced this in 18558:ccf0205255e1, sorry!
>
> I guess it is also wrong in the error path out of map_and_save_p2m_table
> and so we also need [another hunk].
This change should be backported to relevant earlier trees. -iwj
From: Jim Fehlig <jfehlig@novell.com>
From: Ian Campbell <Ian.Campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Olaf Hering <olaf@aepfle.de>
Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen-unstable changeset: 23373:171007b4e2c4
xen-unstable date: Tue May 24 14:50:00 2011 +0100
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a device can't be allocated to dom0 by the IOMMU, don't leave
dom0 in the "domain" field. It causes pci_remove_device()
to crash trying to remove the dev from the domain's list of devices
(and was probably the wrong thing to do anyway).
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
xen-unstable changeset: 23371:4326bcd88b33
xen-unstable date: Mon May 23 18:35:32 2011 +0100
drivers/passthrough: Revert 23352:ea48976517af -- incorrect bugfix.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23370:2e6719425265
xen-unstable date: Mon May 23 18:35:04 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These disable-warning options are handled specially by GCC:
(a) they are ignored unless the compiler emits a warning; and
(b) even then they produce a warning rather than an error
To handle this, modify the test invocation of GCC to compile a
fragment of code that will always provoke a warning (integer assigned
to pointer). This works around (a) above.
Then, we grep the compiler's stdout/stderr for the option-under-test,
the presence of which would indicate an "unrecognized command-line
option" warning/error. This works around (b) above, letting us
distinguish between the "integer assigned to pointer" and
"unrecognized command-line option" warnings.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23369:37c77bacb52a
xen-unstable date: Mon May 23 17:38:28 2011 +0100
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Avoid "error: variable 'unused' set but not used
[-Werror=unused-but-set-variable]" with gcc 4.6.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
xen-unstable changeset: 23368:0f670f5146c8
xen-unstable date: Sat May 21 07:55:46 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux starting with 2.6.36 uses the XSAVEOPT instruction and has
certain code paths that look only at the feature bit reported through
CPUID leaf 0xd sub-leaf 1 (i.e. without qualifying the check with one
evaluating leaf 4 output). Consequently the hypervisor ought to mimic
actual hardware in clearing leaf 0xd output when not supporting xsave.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
xen-unstable changeset: 23353:a768a10d32b4
xen-unstable date: Fri May 20 08:54:45 2011 +0100
Make this unconditional for 4.0 (no pv xsave support) and fix for domU
guests as well (this was already okay in 4.1 and later).
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
xen-unstable changeset: 23352:ea48976517af
xen-unstable date: Fri May 20 08:52:22 2011 +0100
|
| |
|
|
|
|
|
|
|
| |
These were caused by some declarations happening before the compiler
would have seen the visibility pragma.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
xen-unstable changeset: 23345:ba4bd20e581a
xen-unstable date: Mon May 16 13:32:37 2011 +0100
|
| |
|
|
|
|
|
|
|
|
| |
On error exit from functions, maped pages should be unmapped
and acquired locks released.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Allen Kay <allen.m.kay@intel.com>
xen-unstable changeset: 23343:edcf8fc77b64
xen-unstable date: Mon May 16 13:29:24 2011 +0100
|
| |
|
|
|
|
|
|
| |
..fix and move to write_tsc().
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23342:16d12acccacf
xen-unstable date: Mon May 16 13:24:05 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 4.6 complains:
io_apic.c: In function 'restore_IO_APIC_setup':
/build/user-xen_4.1.0-3-amd64-zSon7K/xen-4.1.0/debian/build/build-hypervisor_amd64_amd64/xen/include/asm/io_apic.h:150:26:
error: '*((void *)&entry+4)' may be used uninitialized in this
function [-Werror=uninitialized]
io_apic.c:221:32: note: '*((void *)&entry+4)' was declared
here
/build/user-xen_4.1.0-3-amd64-zSon7K/xen-4.1.0/debian/build/build-hypervisor_amd64_amd64/xen/include/asm/io_apic.h:150:26:
error: 'entry' may be used uninitialized in this function
[-Werror=uninitialized]
io_apic.c:221:32: note: 'entry' was declared here
cc1: all warnings being treated as errors
Add functions to read/write an entire IO APIC entry using an explicit
union to allow gcc to spot the initialisation.
Reported as Debian bug #625438, thanks to Matthias Klose.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <jbeulich@novell.com>
xen-unstable changeset: 23341:87084ca76c9c
xen-unstable date: Mon May 16 13:13:41 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the absence of VT-d interrupt remapping support, a device can send
arbitrary APIC messages to host CPUs. One class of attack that results
is to confuse the hypervisor by delivering asynchronous interrupts to
vectors that are expected to handle only synchronous
traps/exceptions.
We block this class of attack by:
(1) setting APIC.TPR=0x10, to block all interrupts below vector
0x20. This blocks delivery to all architectural exception vectors.
(2) checking APIC.ISR[vec] for vectors 0x80 (fast syscall) and 0x82
(hypercall). In these cases we BUG if we detect we are handling a
hardware interrupt -- turning a potentially more severe infiltration
into a straightforward system crash (i.e, DoS).
Thanks to Invisible Things Lab <http://www.invisiblethingslab.com>
for discovery and detailed investigation of this attack.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23337:cc91832a02c7
xen-unstable date: Thu May 12 16:39:31 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
| |
On 64-bit Xen, hypercalls from 32-bit HVM guests are handled as
a special case, but not all the hypercalls are corrently redirected
to their compat-mode wrappers. Use compat_* for xen_version,
sched_op and set_timer_op for consistency.
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
xen-unstable changeset: 23333:fabdd682420c
xen-unstable date: Thu May 12 09:13:18 2011 +0100
|
| |
|
|
|
|
|
| |
From: David Brownlee <abs@netbsd.org>
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
xen-unstable changeset: 23328:6767d92dff13
xen-unstable date: Thu May 12 08:55:12 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The functions which interpret the kernel image supplied for a
paravirtualised guest, and decompress it into memory when booting the
domain, are incautious. Specifically:
(i) Integer overflow in the decompression loop memory allocator might
result in overrunning the buffer used for the decompressed image;
(ii) Integer overflows and lack of checking of certain length fields
can result in the loader reading its own address space beyond the
size of the supplied kernel image file.
(iii) Lack of error checking in the decompression loop can lead to an
infinite loop.
This patch fixes these problems.
CVE-2011-1583.
Signed-off-by: Ian Campbell <Ian.Campbell@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
| |
We don't need so many communication fields between caller and
handler.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23285:a7ac0a0170b0
xen-unstable date: Sun May 01 09:32:48 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduction of Linux Kernel git commit
ceefccc93932b920a8ec6f35f596db05202a12fe (x86: default
CONFIG_PHYSICAL_START and CONFIG_PHYSICAL_ALIGN to 16 MB) revealed
deeply hidden bug in pv-grub. During kernel load stage dom->p2m_host[]
list has been incorrectly initialized.
At the beginning of kernel load stage dom->p2m_host[] list is
populated with current PFN->MFN layout. Later during memory allocation
(memory is allocated page by page in kexec_allocate()) page order is
changed to establish linear layout in new domain. It is done by
exchanging subsequent MFNs with newly allocated MFNs. dom->p2m_host[]
list is indexed by currently requested PFN (it is incremented from 0)
and PFN of newly allocated paged. If PFN of newly allocated page is
less than currently requested PFN then earlier allocated MFN is
overwritten which leads to domain crash later. This patch corrects
that issue. If PFN of newly allocated page is less then currently
requested PFN then relevant PFN/MFN pair is properly calculated and
usual exchange occurs later.
Signed-off-by: Daniel Kiper <dkiper@net-space.pl>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
xen-unstable changeset: 23249:83fe79c0225f
xen-unstable date: Wed Apr 27 13:29:14 2011 +0100
|
| |
|
|
|
|
| |
During boot we only write zero to the TSCs, which is safe.
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
| |
uninitialised.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-4.1-testing changeset: 23034:7c7ef1b6f4e5
xen-4.1-testing date: Tue Apr 26 14:11:18 2011 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This means suppressing the uses in time_calibration_tsc_rendezvous(),
cstate_restore_tsc(), and synchronize_tsc_slave(), and fixes a boot
hang of Linux Dom0 when loading processor.ko on such systems that
have support for C states above C1.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 23228:1329d99b4f16
xen-unstable date: Fri Apr 15 08:52:08 2011 +0100
|
