| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
migrate_timers_from_cpu() has a stray local_irq_enable() that does
nothing (it's immediately after a spin_unlock_irq()) and has no
matching local_irq_disable().
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apart from properly pairing locks with unlocks, also reduce the lock
scope - no need to do the copy_{from,to}_guest()-s inside the protected
region.
I actually wonder whether the RCU locks are needed here at all.
Reported-by: Tim Deegan <tim@xen.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
| |
It's unused.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xen-unstable c/s 24548:d115844ebfbb introduces a new GNTTABOP to swap
grant refs. However, it fails to validate the two refs passed from
the guest.
The result is that passing out-of-range refs can cause Xen to read
past the end of the grant_table->active[] array, and deference
whatever it finds. Typically, this results in Xen trying to deference
a low pointer and fail with a page-fault.
As this hypercall can be issued by an unprivileged guest, this is a
Denial of Service against Xen. This is XSA-18 / CVE-2012-3516.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Paul Durrant <paul.durrant@citrix.com>
|
|
|
|
|
|
|
|
|
| |
This is being used as a array index, and hence must be validated before
use.
This is XSA-16 / CVE-2012-3498.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
|
|
|
|
|
|
| |
This is XSA-14 / CVE-2012-3496
Signed-off-by: Tim Deegan <tim@xen.org>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
The upper 32 bits of this register are reserved and should be written as
zero.
This is XSA-12 / CVE-2012-3494
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- videoram: Document that only qemu-xen-traditional device-model currently
supports changing the amount of video memory for stdvga graphics device.
- videoram: Better document the default amount of videoram for both stdvga
and Cirrus.
- stdvga: Add a note that stdvga allows bigger amount of videoram and
bigger resolutions.
Signed-off-by: Pasi Kärkkäinen <pasik@iki.fi>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Touch the libxl.api-ok stamp file, and unconditionally put in place
the new _libxl.api-for-check. This avoids needlessly rerunning the
preprocessor on libxl.h each time we call "make".
Ensure that _libxl.api-for-check gets the CFLAGS used for xl, so that
if it is asked for in a standalone make run it can find xentoollog.h.
Remove *.api-ok on clean.
Also fix .gitignore.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
| |
Drop the redundant printk
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <JBeulich@suse.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
| |
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.de>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is useful for passing legacy ISA devices (e.g. com ports,
parallel ports) to guests.
Supported syntax is as described in
http://cmrg.fifthhorseman.net/wiki/xen#grantingaccesstoserialhardwaretoadomU
I tested this using Xen's 'q' key handler which prints out the I/O
port and IRQ ranges allowed for each domain. e.g.:
(XEN) Rangesets belonging to domain 31:
(XEN) I/O Ports { 2e8-2ef, 2f8-2ff }
(XEN) Interrupts { 3, 5-6 }
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Tested-by: Dieter Bloms <dieter@bloms.de>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While triggered by the XSA-9 fix, this really is of more general use;
that fix just pointed out very sharply that the current situation
with all domain creation failures reported to user (tools) space as
-ENOMEM is very unfortunate (actively misleading users _and_ support
personnel).
Pull over the pointer <-> error code conversion infrastructure from
Linux, and use it in domain_create() and all it callers.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
| |
- don't call rtc_timer_update() on REG_A writes when the value didn't
change (doing the call always was reported to cause wall clock time
lagging with the JVM running on Windows)
- don't call rtc_timer_update() on REG_B writes when RTC_PIE didn't
change
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
| |
mm.h's __page_to_virt() has a rather opaque expression. Comment it.
Reported-By: Ian Campbell <ian.campbell@citrix.com>
Suggested-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
| |
Give the l2 guest a chance to finish the delivery of the last injected
interrupt or exception before we emulate a VMEXIT.
For example after a NPF handled by the host there can be an interrupt
for the l1 guest.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A 4.2 changeset forces a preempt_disable/enable with
every lock/unlock.
Tmem has dynamically allocated "objects" that contain a
lock. The lock is held when the object is destroyed.
No reason to unlock something that's about to be destroyed!
But with the preempt_enable/disable in the generic locking code,
and the fact that do_softirq ASSERTs that preempt_count
must be zero, a crash occurs soon after any object is
destroyed.
So force lock to be released before destroying objects.
Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If libxlu_cfg_y.y encountered a config file error, the code generated
by bison would sometimes _both_ run the %destructor _and_ call
xlu__cfg_set_store for the same XLU_ConfigSetting* semantic value.
The result would be a double free.
This appears to be because of the use of a mid-rule action. There is
some discussion of the problems with destructors and mid-rule action
error handling in "(bison)Mid-Rule Actions". This area is complex and
best avoided.
So fix the bug by abolishing the use of a mid-rule action, which was
in any case not necessary here.
Also while we are there rename the nonterminal rule "setting" to
"assignment", to avoid confusion with the token type "setting", which
had an identically name in a different namespace. This was especially
confusing because the nonterminal "setting" did not have "setting" as
the type of its semantic value! (In fact the nonterminal, now called
"assignment", does not have a value so it does not have a value type.)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This incorrectly removes the $(PYTHON) variable which is used at build
time as well as by the tools.
Remove and revisit for 4.3.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Older kernels, such as those found in Debian Squeeze:
* Have bugs in handling of AIO into foreign pages
* Have blktap modules, which will cause qemu not to use AIO, but
which are not loaded on boot.
Attempt to load blktap in xencommons, to make sure modern qemu's which
use AIO will work properly on those kernels.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Prefer to load blktap2 if it exists. This is the name of the driver in
classic-Xen ports, while in mainline kernels the driver is called just
blktap.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <JBeulich@suse.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LIB_PATH is no longer used, so the AX_DEFAULT_LIB macro is no longer
needed. Additionally lower case make variables are now used as
autoconf substitutions, which allows for more correct overrides at
build time.
I've checked the file layout in dist/install from the build made
before this change versus after with ./configure values of:
1) ./configure (no flags provided)
2) ./configure --libdir=/usr/lib/x86_64-linux-gnu (Debian style)
3) ./configure --libdir='${exec_prefix}/lib' (late variable expansion)
Signed-off-by: Matt Wilson <msw@amazon.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
[ ijc - reran autogen.sh ]
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
Many of the rules here depend on having run configure and the
variables which it defines in config/Tools.mk
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Looks-good: Jan Beulich <JBeulich@suse.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pattern used is very broad and will delete any kernel with xen in
its filename, likewise modules, including those which come packages
from the distribution etc.
I don't think this was ever the right thing to do but it is doubly
wrong now that Xen does not even build or install a kernel by default.
Push cleanup of the installed hypervisor down into xen/Makefile so that
it can cleanup exactly what it actually installs.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Looks-good: Jan Beulich <JBeulich@suse.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
xend used to set the xenbus backend entry "type" to either "phy" or
"file", but now libxl sets it to "phy" for both file and block device.
We have to manually check for the type of the "param" field in order
to detect if we are trying to attach a file or a block device.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
| |
As recommended by Ian Campbell, write the hotplug error to
hotplug-error, just as the Linux hotplug script does.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
xenstore_write doesn't exist, use xenstore-write instead. The error
function is currently broken without this change.
Signed-off-by: Roger Pau Monne <roger.pau@citrix.com>
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xenconsoled expected domains that are being shutdown to end up in the
the DYING state and would only clean-up such domains. HVM domains
either didn't enter the DYING state or weren't in long enough for
xenconsoled to notice.
For every shutdown HVM domain, xenconsoled would leak memory, grow its
list of domains and (if guest console logging was enabled) leak the
log file descriptor. If the file descriptors were leaked and enough
HVM domains were shutdown, no more console connections would work as
the evtchn device could not be opened. Guests would then block
waiting to send console output.
Fix this by tagging domains that exist in enum_domains(). Afterwards,
all untagged domains are assumed to be dead and are shutdown and
cleaned up.
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
| |
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change improves documentation for several Xen command line
parameters. Some of the Itanium-specific options are now removed. A
more thorough check should be performed to remove any other remnants.
I've reformatted some of the entries to fit in 80 column terminals.
Options that are yet undocumented but accept standard boolean /
integer values are now annotated as such.
The size suffixes have been corrected to use the binary prefixes
instead of decimal prefixes.
Signed-off-by: Matt Wilson <msw@amazon.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
c/s 25336:edd7c7ad1ad2 introduced the concept of a bogus vector, for
in irqs delivered through the i8259 PIC after IO-APICs had been set
up.
However, if supurious PIC vectors are received, many "No irq handler
for vector" log messages can be seen on the console.
This patch adds to the bogus vector logic to detect spurious PIC
vectors and simply ignore them. _mask_and_ack_8259A_irq() has been
modified to return a boolean indicating whether the irq is real or
not, and in the case of a spurious vector, the error in do_IRQ() is
not printed.
One complication is that now, _mask_and_ack_8259A_irq() can get called
whatever the ack mode is, so has been altered to work out whether it
should EOI the irq or not.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
| |
If the L2 guest issue a XSETBV instruction, we need to deliver to
L1 guest.
This could fix the Fedora 17 booting hang issue as a L2 guest.
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
| |
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous order of relinquish resource is:
relinquish_domain_resources() -> vcpu_destroy() ->
nvmx_vcpu_destroy(). However some L1 resources like nv_vvmcx and
io_bitmaps are free in nvmx_vcpu_destroy(), therefore the
relinquish_domain_resources() will not reduce the refcnt of the domain
to 0, therefore the latter vcpu release functions will not be called.
To fix this issue, we need to release the nv_vvmcx and io_bitmaps in
relinquish_domain_resources().
Besides, after destroy the nested vcpu, we need to switch the
vmx->vmcs back to the L1 and let the vcpu_destroy() logic to free the
L1 VMCS page.
Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some UEFI systems do not provide e820 information. In this case we
should take the detailed memory map provided by a multiboot-capable
loader, rather than rely on very conservative values from the e801
bios call. Using the latter on any modern system really hardly makes
good sense.
[Excellent candidate for 4.1 backport]
Signed-off-by: Keir Fraser <keir@xen.org>
Tested-by: Jonathan Tripathy <jonnyt@abpni.co.uk>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
c/s 25779:4ca40e0559c3 introduced a compilation error for any build
system using -Werror=uninitialized, such as the default CentOS 5.7
version of gcc.
And with good reason, because if the global libxl
default_output_format is neither OUTPUT_FORMAT_SXP nor
OUTPUT_FORMAT_JSON, the variable hand will be used before being
initialised.
The attached patch fixes the warning, and futher fixes the logic to
work correctly when a new OUTPUT_FORMAT is added to xl.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This updates libxlu_cfg_y.[ch] to code generated by bison from
Debian squeeze (1:2.4.1.dfsg-3 i386).
There should be no functional change since there is no change to the
source file, but we will inherit bugfixes and behavioural changes from
the new version of bison. So this is more a matter of hope than
knowledge.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
This undoes some systematic changes which were made to
libxlu_cfg_l.[ch] along with manually-edited files (eg, whitespace
changes, emacs local variables) and returns these two files to exactly
the output of flex (Debian squeeze 2.5.35-10 i386).
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
| |
This removes all the autogenerated files.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
| |
All related IA32_VMX_TRUE_*_MSR are not implemented,
so set this bit to 0, otherwise system L1VMM may
get incorrect default1 class settings.
Signed-off-by: Zhang Xiantao <xiantao.zhang@intel.com>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
| |
for IA32_VM_ENTRY_CTLS_MSR.
If set to 1, L2 guest's paging mode maybe mis-judged
and mis-set.
Signed-off-by: Zhang Xiantao <xiantao.zhang@intel.com>
Committed-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bastian Blank reports that the output of this command is just multiple
JSON objects concatenated and is not a single properly formed JSON
object.
Fix this by wrapping in an array. This turned out to be a bit more
intrusive than I was expecting due to the requirement to keep
supporting the SXP output mode.
Python's json module is happy to parse the result...
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although the current implementation has no asynchromous parts I can
envisage it needing to do bits of create/destroy like functionality
which may need async support in the future.
To do this make the meat into an internal libxl__domain_resume
function in order to satisfy the no-internal-callers rule for the
async function.
Since I needed to touch the logging to s/ctx/CTX/ anyway switch to the
LOG* helper macros.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Roger Pau Monne <roger.pau@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|