| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cloning and building a kernel as part of the Xen distribution
implicitly advises that this kernel is the best kernel for all users
and many users appear to be under this impression, even though there
is no fundamental coupling between the Xen distribution and a
particular domain 0 kernel.
There are several choices available for domain 0 kernel, as well as
other user specific variations in requirements e.g. for kernel
configurations. It's not clear that whatever the xen build system
happens to produce (which is really tailored to the needs of the
automated build system) is best for anybody.
Coupling the kernel build with the Xen build has proved problematic
for stable Xen releases as it implicitly blesses the particular kernel
(at a particular point in time) as a constituent part of the Xen
release, while in reality the OS kernels are separate entities with
their own release cycles which may or may not coincide with the
maintenance of Xen stable branches.
Therefore disable the building of a kernel as part of the Xen
distribution by default and instead direct users to use an OS
distribution provided kernel (properly packaged with security updates
via the normal distribution mechanisms etc) where possible and give
pointers to suitable resources providing guidance for cases where it
is not.
This decouples the implicit advice as to the best kernel at any moment
from Xen's own release cycle and removes the implicit suggestion that
only particular domain 0 kernel will do.
The actual infrastructure is left in place since the automated test
system (currently) relies on it (but always asks for the specific
kernel variant it wants for a particular test).
(I also tried to remove Linux-isms from the README's Quick start
guide. In particular I'm not sure what was supposedly Linux specific
about steps 3 and 4 therefore I have removed the suggestion that they
are.)
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
allows users to define more complex (e.g. type-safer) variations on
set_xen_guest_handle if they wish.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
| |
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
|
|
|
|
| |
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
|
|
|
|
|
|
|
| |
single place for additional control that is required in nested VMX.
Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
|
|
|
|
|
|
|
| |
single place for additional control that is required in nested VMX.
Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
|
|
|
|
|
| |
Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
|
|
|
|
|
|
|
|
|
| |
For some reason, the memory region used for vmxon is named as
host_vmcs, which is somewhat misleading, rename it to vmxon_region as
SDM does.
Signed-off-by: Qing He <qing.he@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After a great deal of discussion and review with linux
kernel developers, it appears there are "next-generation"
filesystems (such as btrfs, xfs, Lustre) that will not
be able to use tmem due to an ABI limitation... a field
that represents a unique file identifier is 64-bits in
the tmem ABI and may need to be as large as 192-bits.
So to support these guest filesystems, the tmem ABI must be
revised, from "v0" to "v1".
I *think* it is still the case that tmem is experimental
and is not used anywhere yet in production.
The tmem ABI is designed to support multiple revisions,
so the Xen tmem implementation could be updated to
handle both v0 and v1. However this is a bit
messy and would require data structures for both v0
and v1 to appear in public Xen header files.
I am inclined to update the Xen tmem implementation
to only support v1 and gracefully fail v0. This would
result in only a performance loss (as if tmem were
disabled) for newly launched tmem-v0-enabled guests,
but live-migration between old tmem-v0 Xen and new
tmem-v1 Xen machines would fail, and saved tmem-v0
guests will not be able to be restored on a tmem-v1
Xen machine. I would plan to update both pre-4.0.2
and unstable (future 4.1) to only support v1.
I believe these restrictions are reasonable at this
point in the tmem lifecycle, though they may not
be reasonable in the near future; should the tmem
ABI need to be revised from v1 to v2, I understand
backwards compatibility will be required.
Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After a great deal of discussion and review with linux
kernel developers, it appears there are "next-generation"
filesystems (such as btrfs, xfs, Lustre) that will not
be able to use tmem due to an ABI limitation... a field
that represents a unique file identifier is 64-bits in
the tmem ABI and may need to be as large as 192-bits.
So to support these guest filesystems, the tmem ABI must be
revised, from "v0" to "v1".
I *think* it is still the case that tmem is experimental
and is not used anywhere yet in production.
The tmem ABI is designed to support multiple revisions,
so the Xen tmem implementation could be updated to
handle both v0 and v1. However this is a bit
messy and would require data structures for both v0
and v1 to appear in public Xen header files.
I am inclined to update the Xen tmem implementation
to only support v1 and gracefully fail v0. This would
result in only a performance loss (as if tmem were
disabled) for newly launched tmem-v0-enabled guests,
but live-migration between old tmem-v0 Xen and new
tmem-v1 Xen machines would fail, and saved tmem-v0
guests will not be able to be restored on a tmem-v1
Xen machine. I would plan to update both pre-4.0.2
and unstable (future 4.1) to only support v1.
I believe these restrictions are reasonable at this
point in the tmem lifecycle, though they may not
be reasonable in the near future; should the tmem
ABI need to be revised from v1 to v2, I understand
backwards compatibility will be required.
Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
|
|
|
|
|
|
| |
This avoids races with buddy-merging logic in free_heap_pages().
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
| |
Signed-off-by: Liu Yuan <yuan.b.liu@intel.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
| |
merging in free_heap_pages(). This avoids more convoluted logic in
init_heap_pages().
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a multithreaded caller creates a thread which calls xs_read_watch,
before it has set any watches with xs_watch, the thread in
xs_read_watch will enter read_message and sit reading the xenstored fd
without the appropriate locks held. Other threads can then
concurrently read the xenstored fd, which naturally does not work very
well.
Symptoms of this bug which I have been able to reproduce include
failure of xend startup to finish, due to a deadlock; results could
also include reading corrupted data from xenstore.
In this patch we arrange for xs_read_watch to always rely on the
reader thread created by xs_watch. If no watches have been set, then
xs_read_watch will block until one has been. If the library is
compiled non-threaded xs_read_watch unconditionally does the reading
in the current thread.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent.hanquez@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
When checking the size of the buffer we hold for additional
config parameters passed on the command line we should take the
size of the to-be-added string into account. While at it, rework
the implementation to be cleaner and safer.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
Since we read the text file as is from the disk, there is no
trailing \0 at the end terminating the C string. Therefore we
must not use strcat to this buffer. Also we need to allocate
space for the trailing zero byte.
Signed-off-by: Andre Przywara <andre.przywara@amd.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
| |
A goto statement skips over freeing data structures for no good reason.
It's not a real issue since the next step is to exit() but this cleans
up output of valgrind so that other leaks and errors can be spotted.
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
libxl_build_device_model uses a pointer in a caller supplied data
structure to synthesize a vif-name if one is not supplied. This is bad
juju because the caller may want to free this pointer but by the time it
get's a chance the gc has already done so. Switch to using a local
variable for this pointer and avoid a double-free in the domain create
path.
Gianni Tedesco <gianni.tedesco@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
Assigning malloc'd variables from one structure to another when both of
them are free'd via destructors is a bad idea. Let's use a strdup.
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
Broken by 22124:098790dd9327 "xl: use xlu_cfg_replace_string in a few more places"
[ Identical patch submitted by both Ian C and Gianni ]
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function init_dm_info() is initialising some strings from literals.
This is bad juju because when the destructor is called we cannot know if
the string literal was overridden with a strdup()'d value. Therefore
strdup values in the initialiser then introduce and use the function
libxlu_cfg_replace_string() which free's whatever is set before
strdupping the new value on top of it. The rule for the new call should
be clear due to const vs. non-const arguments - changing the behaviour
of libxlu_cfg_get_string() would cause more complexity than it saves.
[ fixed up for stray ! sign -iwj ]
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
It is an internal function with only one caller.
[ This is the 2nd half of bd331cd1e704, which should have deleted
tools/libxl/xenguest.c, which deletion I accidentally dropped -iwj ]
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's not clear that the namespace rules described in libxl.h are
intended to apply to internal types but I don't see why not.
sed -i -e 's/\<libxl_device\>/libxl__device/g' tools/libxl/*.[ch]
sed -i -e 's/\<libxl_device_kinds\>/libxl__device_kinds/g' tools/libxl/*.[ch]
sed -i -e 's/\<libxl_gc\>/libxl__gc/g' tools/libxl/*.[ch]
sed -i -e 's/\<libxl_gc_owner\>/libxl__gc_owner/g' tools/libxl/*.[ch]
sed -i -e 's/\<libxl_spawn_starting\>/libxl__spawn_starting/g' tools/libxl/*.[ch]
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
It is an internal function with only one caller.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch covers the remaining functions identified by:
rgrep _hidden tools/libxl/*.h | grep -v libxl__
sed -i -e 's/XL_LOG/LIBXL__LOG/g' tools/libxl/*.[ch]
sed -i -e 's/xl_log/libxl__log/g' tools/libxl/*.[ch]
sed -i -e 's/\(build_\(pre\|post\|pv\|hvm\)\)/libxl__\1/g' tools/libxl/*.[ch]
sed -i -e 's/is_hvm/libxl__domain_is_hvm/g' tools/libxl/*.[ch]
sed -i -e 's/get_shutdown_reason/libxl__domain_shutdown_reason/g' tools/libxl/*.[ch]
sed -i -e 's/restore_common/libxl__domain_restore_common/g' tools/libxl/*.[ch]
sed -i -e 's/core_suspend/libxl__domain_suspend_common/g' tools/libxl/*.[ch]
sed -i -e 's/save_device_model/libxl__domain_save_device_model/g' tools/libxl/*.[ch]
sed -i -e 's/device_disk_backend_type_of_phystype/libxl__device_disk_backend_type_of_phystype/g' tools/libxl/*.[ch]
sed -i -e 's/\<libxl_blktap_enabled\>/libxl__blktap_enabled/g' tools/libxl/*.[ch]
sed -i -e 's/\<libxl_blktap_devpath\>/libxl__blktap_devpath/g' tools/libxl/*.[ch]
Add _hidden to libxl__blktap_enabled and libxl__blktap_devpath
Inline dominfo_libxl__domain_shutdown_reason(info) into
libxl__domain_shutdown_reason, its only caller.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch covers all those which could be trivially converted automatically.
sed -n -e 's/_hidden.*[ \*]libxl_\([^_][^()]*\)(.*/\1/pg' tools/libxl/*.h | \
while read i ; do \
sed -i -e "s/libxl_$i/libxl__$i/g" tools/libxl/*.[ch]; \
done
sed -n -e 's/_hidden.*_libxl_\([^_][^()]*\)(.*/\1/pg' tools/libxl/*.h | \
while read i ; do \
sed -i -e "s/_libxl_$i/libxl__$i/g" tools/libxl/*.[ch]; \
done
Check that diffstat includes libxl but not xl.
Fixup tools/libxl/xl_cmdimpl.c which used libxl_device_del instead of
libxl_device_disk_del in a printf.
(Patch runes re-run by Ian Jackson to refresh against tip libxl.)
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
dolog, for which LOG is a macro wrapper, was lacking the printf format
attribute. Add it, and fix the two problems revealed.
(Original patch for one of the occurrences from Ian Campbell.)
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The parent process will have returned to the caller and done whatever
is necessary. The daemon should not return otherwise it will repeat
this work. In the case of the migration receiver this causes it to try
and take part in the migration protocol long after the sender+parent
process have completed it, leading to confusing error messages
(although strangely not much actual damange).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
The attached patch first tries the MTF flag for HVM guest
single step, reverting to manually setting the TF flag if MTF fails.
Tested on 4.0.1. Compile tested on unstable.
Signed-off-by: mukesh.rathor@oracle.com
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
| |
Note that 2.6.18 doesn't have these extensions, so as of this patch
Remus no longer supports 2.6.18 dom0 (2.6.18 is still the preferred
kernel for domU, since it contains the suspend event channel).
Signed-off-by: Brendan Cully <brendan@cs.ubc.ca>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
| |
It was renamed in the pvops [kernel] tree.
Signed-off-by: Brendan Cully <brendan@cs.ubc.ca>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In particular this causes us to turn O_NONBLOCK back off if we set it.
The caller may continue to use the fd for it's own protocol needs and
may not be prepared to have it become non-blocking.
This probably only effects Remus now after my previous patch to signal
the last checkpoint, since a regular migration will no longer set the
fd non-blocking.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Brendan Cully <brendan@cs.ubc.ca>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the restore code sees this notification it will restore the
currently in-progress checkpoint when it completes.
This allows the restore end to finish up without waiting for a
spurious timeout on the receive fd and thereby avoids unnecessary
error logging in the case of a successful migration or restore.
In the normal migration or restore case the first checkpoint is always
the last. For a rolling checkpoint (such as Remus) the notification is
currently unused but could be used in the future for example to
provide a controlled failover for reasons other than error
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Brendan Cully <brendan@cs.ubc.ca>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
| |
xc_interface_close() will de-reference a NULL handle, check for this
condition in libxl_ctx_free() before calling.
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
| |
Broken since introduction of libxl_uuid.h which defines a core API
data-type but it's not installed in include directory.
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The userdata is specific to a particular incarnation of a domain and
the patch is therefor required to be unique to each incarnation. If
the user has explicitly configured a UUID in their domain
configuration then the path is no longer unique since
22124:22366e13f76d "xl: randomly generate UUIDs" which (correctly)
caused the uuid domain configuration option to be obeyed.
If userdata is not unique to each incarnation of a domain then
localhost live migration is broken because the target is created (and
writes its userdata) before the sender destroys the domain (and
deletes its userdata).
Strictly speaking I think the UUID is unnecessary but it is perhaps
helpful to people looking in the userdata directory, for debugging
etc.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
| |
Makes "{xl,xm} create -c GUEST" work again with pygrub in interactive
mode which was broken by 21994:2e08ec0028e4
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Stefano Stabellini <Stefano.Stabellini@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
| |
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
| |
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In xc_domain_save ensure that we signal completion at the end of each
batch.
This ensures that the next logged line starts on a new line. e.g. instead of:
Savefile contains xl domain config
xc: Saving memory: iter 3 (last sent 0 skipped 0): 0/32768 0%migration target: Transfer complete, requesting permission to start domain.
migration sender: Target has acknowledged transfer.
what is desired is:
Savefile contains xl domain config
xc: Saving memory: iter 0 (last sent 0 skipped 0): 32768/32768 100%
xc: Saving memory: iter 1 (last sent 32576 skipped 192): 32768/32768 100%
xc: Saving memory: iter 2 (last sent 217 skipped 0): 32768/32768 100%
xc: Saving memory: iter 3 (last sent 0 skipped 0): 32768/32768 100%
migration target: Transfer complete, requesting permission to start domain.
migration sender: Target has acknowledged transfer.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
Reverse engineered from the code, likely contains inaccuracies but I
think provides a base to work from.
Add symbolic names for the minus-flags.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's need for free vtd_mem more memory for guest with
xen-unstable c/s 17529. This memory is freed when guest is
created, but is not freed when guest is restored. So restore
guest fails due to not enough of memory for guest.
Following patch uses same calculation of memory to free in guest
restore as is in guest creation.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currenctly console_autoconnect spawns a child that continues building
the domain while the parent exec's xenconsole; this patch inverts the
logic.
As a consequence autoconnect_console needs to be called twice: once for
pv guests at the beginning and once for hvm guests at the end.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
| |
Implementation of the suspend event channel is completely optional for
a guest so do not log this normal occurrence.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch converts xl to randomly generate UUID's rather than using a
dodgy time-seeded PRNG. I have ignored various suggestions so far on
auto-generation of MAC addresses and left it as a topic for a future
patch to solve. In other words the behaviour stays the same it's just
using a true random source. This patch also implements the "uuid" config
file parameter in xl.
Signed-off-by: Gianni Tedesco <gianni.tedesco@citrix.com>
Acked-By: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|