| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
| |
Signed-off-by: Ryan O'Connor <colossus@interchange.ubc.ca>
|
|
|
|
|
|
|
|
| |
Xen-API already specifies these actions for the 'on_crash' domain exit
event. This patch makes them available for use in traditional domU
config files and through the xm tool as well.
Signed-off-by: Jim Fehlig <jfehlig@novell.com>
|
|
|
|
| |
Signed-off-by: Jim Fehlig <jfehlig@novell.com>
|
|
|
|
|
|
|
| |
The crashed power state is necessary to allow both core-dumping a
crashed but preserved VM and renaming/restarting a crashed VM.
Signed-off-by: Jim Fehlig <jfehlig@novell.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
| |
From: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
| |
From: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In various places in documentation and code, IP addresses are provided
as examples, defaults, or dummy configuration. In general the
specific IP addresses used in Xen are not always appropriate. (For
example, 1.2.3.4 is used in a few places!)
The following addresses should be used:
* For examples and documentation, 192.0.2.0/24. (See RFC3330.)
* For defaults for private networks, a random network from RFC1918.
I have randomly selected 172.30.206.0/24 for this purpose and
documented this in at the only registry I know of,
www.ucam.org/cam-grin. This network should henceforth be used for
default configurations of local bridges, test networks, etc. in
Xen tools.
The following addresses should NOT be used:
* 10.0.*.*, 10.1.*.*, 192.168.0.*, 192.168.1.*, etc. Using these
addresses gives greatly increased likelihood of collision, as
ignorant network administrators and reckless middlebox vendors
often pick networks from the bottom of 10/8 and 192.168/16.
* 169.254.*.*. These are reserved for zeroconf (ad-hoc networking)
and should not be used for Xen private networks, bridges, etc.,
etc. Use of these addresses by Xen scripts causes trouble on hosts
(eg laptops) which find themselves in ad-hoc networking
environments. I think this is not hypothetical (!) since at least
one Linux distribution have specific code to detect this case and
cause Xen startup to fail iff the host already has an external
zeroconf address.
* 1.2.3.4. WTF !?
I have also used 127.0.255.255 in one place where apparently a dummy
address is needed (some Linux kernels won't accept a lack of an NFS
server address). If 127.0.255.255 is mistakenly used it is unlikely
to do any damage to real traffic even if it does escape into the
network at large.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
| |
Add a file for tracking API/ABI changes and additions.
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
| |
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Weidong Han <weidong.han@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Documents the existing 4kby size limit on xenstore message payloads
* Causes xs.c in libxenstore to fail locally rather than violating
said limit (which is good because xenstored kills the client
connection if it's exceeded).
* Introduces some limits on path lengths in xenstored. I trust
no-one is using path lengths >2kby. This is good because currently
a domain client can create a 4kby relative path that the dom0 tools
cannot access since they'd have to specify the somewhat longer
absolute path.
* Removes uses of the host's PATH_MAX (!)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch:
* enables the gdbstubs to properly access hypervisor memory;
* prevents an assertion failure in __spurious_page_fault's call
to map_domain_page if such accesses fail, by testing in_irq();
* prints some additional helpful messages;
* fixes the endianness of register transfers from the gdbstubs
so that gdb is much less confused.
* fixes the documentation in docs/misc/crashdb.txt
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
| |
Added a note on conventional PCI device passthrough.
Signed-off-by: Allen Kay <allen.m.kay@intel.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch adjusts the revision number to 1.0.1 and date in the
Xen-API document and introduces a revision history with entries for
1.0.0 and 1.0.1.
Signed-off-by: Stefan Berger <stefanB@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch extends the Xen-API and the legacy XML-RPC interface with a
function to reset the policy on the system (through an update with the
default policy). I adapted the code in 'xm resetpolicy' to use this
now.
This patch also extends libxen and the documentation to reflect the
new function.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The attached patch adds a new text file docs/misc/xenstore.txt which
describes the actual protocol implemented by xenstored. This was
reverse-engineered from the actual code in tools/xenstore.
I didn't bother making any automatic arrangements to ensure that the
implemented and documented protocols are kept in step (for example,
automatic code generation, etc.) The protocol is rather messy
unfortunately and unsuitable for an xdr approach, and in any case is
not likely to change very quickly.
Also in this patch are a couple of comments for xenstored_core.c which
help clarify the behaviour of some payload parsing helper functions.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the ACM/sHype user guide chapter. It updates the
examples throughout the chapter and describes advanced security policy
and domain management based on the new ACM xm command extensions that
were submitted this morning (cf.
http://lists.xensource.com/archives/html/xen-devel/2007-12/msg00043.html
and
http://lists.xensource.com/archives/html/xen-devel/2007-12/msg00041.html).
Signed-off: Reiner Sailer <sailer@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch implements a (non Xen-API) legacy XML-RPC interface for the
ACM commands and funnels the calls into code introduced by the Xen-API
support for ACM security management. Since some of the functionality
has changed, also the xm applications have changed. In particular the
following old commands have been removed along with some tools the
have become obsolete now:
- loadpolicy (included in: setpolicy)
- makepolicy (included in: setpolicy)
- cfgbootpolicy (included in: setpolicy)
and the following commands been introduced:
- setpolicy
- getpolicy
- resetpolicy
All tools have been adapted to work in Xen-API and legacy XML-RPC
mode. Both modes support the same functionality.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
| |
update_va_mapping_otherdomain.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
| |
1) PAE as 32-bit Xen default
2) IA64 and Power are supported
3) AMD Virtualization is supported
4) Add console_timestamps boot param
Signed-off-by: Atsushi SAKAI <sakaia@jp.fujitsu.com>
|
|
|
|
|
|
|
| |
docs/misc/vtd.txt is a vt-d how-to document that should answer
questions about how to use vt-d with latest Xen.
Signed-off-by: Allen Kay <allen.m.kay@intel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't share privregs with hvm domain and twist IA64 xen dump core format
slightly. Xen shares privregs pages with IA64 HVM domain for xm dump-core
to dump the pages. However sharing the page allows hvm guest domain
peek/destroy the page contents that might cause xen crash. And the xen
dump core file doesn't need privregs page because cpu context should be
obtained from vcpu context in case of IA64 HVM domain.
Although this patch modify xen dump core format, current crash utility
(at least crash 4.0-4.7) doesn't look into .xen_ia64_mmapped_regs section
and I don't know any other tools to understand xen dump core file.
So this format modification doesn't cause incompatibility issue.
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
|
|
|
|
|
|
|
|
| |
sysctl.physinfo.nr_cpus. This also avoids miscalculation of
sockets_per_node by Xen where the number of CPUs in the system is
clipped.
From: Elizabeth Kon <eak@us.ibm.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
| |
Add get_- and set_other_config methods to the vTPM class. Write the
parameters into the xenstore while the domain is running prefixing it
with 'oc_'. Also I add the methods to the C library as well as the
documentation.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I am extending 'xm dumppolicy' to be used via the Xen-API. For this
there are two new functions in the ACM policy class:
- get the currently enforced policy including statistical data from
the hypervisor
- get the ACM 'ssidref' of a Domain. Since this may be a ACM-specific
variable or type (int) I put it into the ACM class.
I extended the Xen-API documentation with the two new functions.
Signed-off-by: Stefan Berger <Stefanb@us.ibm.com>
|
|
|
|
| |
Signed-off-by: Atsushi SAKAI <sakaia@jp.fujitsu.com>
|
|
|
|
| |
Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
|
|
|
|
| |
Signed-off-by: Stefan Berger <stefanb@usa.ibm.com>
|
|
|
|
| |
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
|
| |
Provides an extension to the Xen-API documentation with the classes
and methods implemented for supporting of managing security policies
using the Xen-API.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the error list to be more prominent, and explicitly document
which generic error codes can be returned by all methods.
Mark host CPU flags/features return value as unspecified.
Document PERMISSION_DENIED.
Document error returns of session.login_with_password.
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
|
|
|
|
|
|
| |
- Fixed description of "Mem" column in "xm list" output.
- Added a bit of text for the credit scheduler.
- Described the --force option to block-detach.
- Made formatting and spelling more consistent.
- etc...
Signed-off-by: Charles Coffing <ccoffing@novell.com>
|
|
|
|
|
| |
code, and make visible at the command line via 'vga=current'.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
| |
Signed-off-by: Charles Coffing <ccoffing@novell.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch changes the XML schema of the ACM policy to require a
version and that every conflict set have a name. Every VM label must
have one Chinese Wall Type and every resource label one Simple Type
Enforcement Type. As a consequence of this some example policies
needed to be changed. Also not offering that many configuration
options for compiling xen anymore to make things simpler.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
|
|
|
|
| |
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
| |
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
| |
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|