aboutsummaryrefslogtreecommitdiffstats
path: root/tools
Commit message (Collapse)AuthorAgeFilesLines
* libxl: correct xenstore permissions on console deviceDaniel De Graaf2013-01-171-0/+2
| | | | | | | | | | When the console is connected to a domain other than dom0, the console device's backend field should be set so the xenstore permissions for the console device reflect the domain that will be accessing them. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* xenconsoled: use grant references instead of map_foreign_rangeDaniel De Graaf2013-01-173-10/+42
| | | | | | | | | | | | | | | Grant references for the xenstore and xenconsole shared pages exist, but currently only xenstore uses these references. Change the xenconsole daemon to prefer using the grant reference over map_foreign_range when mapping the shared console ring. This allows xenconsoled to be run in a domain other than dom0 if set up correctly - for libxl, the xenstore path /tool/xenconsoled/domid specifies the domain containing xenconsoled. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* x86/mm: revert 26399:b0e618cb0233 (multiple vram areas)Tim Deegan2013-01-171-14/+6
| | | | | | | | Although this passed my smoke-tests at commit time, I'm now seeing screen corruption on 32-bit WinXP guests. Reverting for now. :( Signed-off-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
* tools: Update to SeaBIOS 1.7.1Ian Campbell2013-01-171-2/+19
| | | | | | | | | | | | | | Only lightly tested with a Linux HVM guest PXE boot. Accept the defaults for the config options. Many of them are not relevant to Xen but this matches what others (at least the Debian SeaBIOS packages and the binary shipped by Qemu) are doing. The Debian Xen packages are built against Debian's SeaBIOS package so there is value in being similar. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* libxl: don't continue to create the domain if the device model is not spawnedJulien Grall2013-01-171-2/+0
| | | | | | | | | | | When the device model can't be spawned, rc variable is cleared in device_model_spawn_outcome (libxl_dm.c). In this case libxl will continue to create the domain and let it between life and death. Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* Fix pygrub handling non-default entryMiroslav Rezanina2013-01-171-1/+1
| | | | | | | | | If we pass 0 as pygrub --entry argument (i.e. we want to boot first item), default value is used instead. This is dueto wrong check for range of allowed values of index - 0 is index of first item. Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com> Acked-by: Matt Wilson <msw@amazon.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* Switch from select() to poll() in xenconsoled's IO loopWei Liu2013-01-171-72/+140
| | | | | | | | | | | | | | | | | | | In Linux select() typically supports up to 1024 file descriptors. This can be a problem when user tries to boot up many guests. Switching to poll() has minimum impact on existing code and has better scalibility. pollfd array is dynamically allocated / reallocated. If the array fails to expand, we just ignore the incoming fd. Updated: reset *_pollfd after use. This fixes regression 14869. Also remove unused slave_pollfd in strcut domain. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* x86/mm: Provide support for multiple frame buffers in HVM guests.Robert Phillips2013-01-171-6/+14
| | | | | | | | | | | | | | | | | | | | | | Support is provided for both shadow and hardware assisted paging (HAP) modes. This code bookkeeps the set of video frame buffers (vram), detects when the guest has modified any of those buffers and, upon request, returns a bitmap of the modified pages. This lets other software components re-paint the portions of the monitor (or monitors) that have changed. Each monitor has a frame buffer of some size at some position in guest physical memory. The set of frame buffers being tracked can change over time as monitors are plugged and unplugged. Signed-off-by: Robert Phillips <robert.phillips@citrix.com> Acked-by: Tim Deegan <tim@xen.org> Removed a stray #include and a few hard tabs. Signed-off-by: Tim Deegan <tim@xen.org> Committed-by: Tim Deegan <tim@xen.org>
* mergeIan Campbell2013-01-131-136/+73
|\
| * Revert 0b9dfd067b42: Switch from select() to poll() in xenconsoled's IO loopIan Campbell2013-01-131-136/+73
| | | | | | | | | | | | Causes issues with migration etc in test flight 14869 onwards. Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
* | mergeIan Campbell2013-01-117-472/+73
|\ \ | |/ |/|
| * xen/xsm: distinguish scheduler get/set operationsDaniel De Graaf2013-01-112-5/+5
| | | | | | | | | | | | | | | | Add getscheduler and setscheduler permissions to replace the monolithic scheduler permission in the scheduler_op domctl and sysctl. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
| * tmem: add XSM hooksDaniel De Graaf2013-01-111-1/+4
| | | | | | | | | | | | | | | | | | | | | | This adds a pair of XSM hooks for tmem operations: xsm_tmem_op which controls any use of tmem, and xsm_tmem_control which allows use of the TMEM_CONTROL operations. By default, all domains can use tmem while only IS_PRIV domains can use control operations. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Dan Magenheimer <dan.magenheimer@oracle.com> Committed-by: Keir Fraser <keir@xen.org>
| * xen: add XSM hook for XENMEM_exchangeDaniel De Graaf2013-01-111-0/+2
| | | | | | | | | | Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
| * arch/x86: use XSM hooks for get_pg_owner access checksDaniel De Graaf2013-01-112-6/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are three callers of get_pg_owner: * do_mmuext_op, which does not have XSM hooks on all subfunctions * do_mmu_update, which has hooks that are inefficient * do_update_va_mapping_otherdomain, which has a simple XSM hook In order to preserve return values for the do_mmuext_op hypercall, an additional XSM hook is required to check the operation even for those subfunctions that do not use the pg_owner field. This also covers the MMUEXT_UNPIN_TABLE operation which did previously have an XSM hook. The XSM hooks in do_mmu_update were capable of replacing the checks in get_pg_owner; however, the hooks are buried in the inner loop of the function - not very good for performance when XSM is enabled and these turn in to indirect function calls. This patch removes the PTE from the hooks and replaces it with a bitfield describing what accesses are being requested. The XSM hook can then be called only when additional bits are set instead of once per iteration of the loop. This patch results in a change in the FLASK permissions used for mapping an MMIO page: the target for the permisison check on the memory mapping is no longer resolved to the device-specific type, and is instead either the domain's own type or domio_t (depending on if the domain uses DOMID_SELF or DOMID_IO in the map command). Device-specific access is still controlled via the "resource use" permisison checked at domain creation (or device hotplug). Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Keir Fraser <keir@xen.org>
| * xsm/flask: add distinct SIDs for self/target accessDaniel De Graaf2013-01-112-15/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Because the FLASK XSM module no longer checks IS_PRIV for remote domain accesses covered by XSM permissions, domains now have the ability to perform memory management and other functions on all domains that have the same type. While it is possible to prevent this by only creating one domain per type, this solution significantly limits the flexibility of the type system. This patch introduces a domain type transition to represent a domain that is operating on itself. In the example policy, this is demonstrated by creating a type with _self appended when declaring a domain type which will be used for reflexive operations. AVCs for a domain of type domU_t will look like the following: scontext=system_u:system_r:domU_t tcontext=system_u:system_r:domU_t_self This change also allows policy to distinguish between event channels a domain creates to itself and event channels created between domains of the same type. The IS_PRIV_FOR check used for device model domains is also no longer checked by FLASK; a similar transition is performed when the target is set and used when the device model accesses its target domain. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
| * xsm/flask: add missing hooksDaniel De Graaf2013-01-111-1/+3
| | | | | | | | | | | | | | | | The FLASK module was missing implementations of some hooks and did not have access vectors defined for 10 domctls; define these now. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
| * xsm: Move flask policy files into hypervisor (missed from earlier commit).Keir Fraser2013-01-115-448/+0
| | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Keir Fraser <keir@xen.org> --HG-- rename : tools/flask/policy/policy/flask/access_vectors => xen/xsm/flask/policy/access_vectors rename : tools/flask/policy/policy/flask/initial_sids => xen/xsm/flask/policy/initial_sids rename : tools/flask/policy/policy/flask/mkaccess_vector.sh => xen/xsm/flask/policy/mkaccess_vector.sh rename : tools/flask/policy/policy/flask/mkflask.sh => xen/xsm/flask/policy/mkflask.sh rename : tools/flask/policy/policy/flask/security_classes => xen/xsm/flask/policy/security_classes
* | Switch from select() to poll() in xenconsoled's IO loopWei Liu2013-01-111-73/+136
| | | | | | | | | | | | | | | | | | | | | | | | | | In Linux select() typically supports up to 1024 file descriptors. This can be a problem when user tries to boot up many guests. Switching to poll() has minimum impact on existing code and has better scalibility. pollfd array is dynamically allocated / reallocated. If the array fails to expand, we just ignore the incoming fd. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* | tools/ocaml: libxc bindings: Correct PCI terminologyAndrew Cooper2013-01-111-17/+17
| | | | | | | | | | | | | | | | | | | | Some renaming to correct the PCI and SBDF terminology. No functional change. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* | tools/ocaml: libxc bindings: Fix SBDF encodingAndrew Cooper2013-01-111-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Changeset 23861:ec7c81fbe0de alters the SBDF encoding expected by the DOMCTL_{de,}assign_device hypercalls. While it updates libxl, libxc and the python bindings, the ocaml bindings got missed. As a result, any attempt to use PCI Passthrough with Xen-4.2 and later will fail. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* | xencommons: Stop QEMU in do_stop()Wei Liu2013-01-111-1/+9
| | | | | | | | | | | | | | | | | | do_stop() is invoked by "restart" action. We can get multiple QEMUs started up for Dom0 if we don't kill previous ones. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* | fix wrong path while calling pygrub and libxl-save-helperBamvor Jian Zhang2013-01-112-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in current xen x86_64, the default libexec directory is /usr/lib/xen/bin, while the private binder is /usr/lib64/xen/bin. but some commands(pygrub, libxl-save-helper) located in private binder directory is called from libexec directory which lead to the following error: 1, for pygrub bootloader: libxl: debug: libxl_bootloader.c:429:bootloader_disk_attached_cb: /usr/lib/xen/bin/pygrub doesn't exist, falling back to config path 2, for libxl-save-helper: libxl: cannot execute /usr/lib/xen/bin/libxl-save-helper: No such file or directory libxl: error: libxl_utils.c:363:libxl_read_exactly: file/stream truncated reading ipc msg header from domain 3 save/restore helper stdout pipe libxl: error: libxl_exec.c:118:libxl_report_child_exitstatus: domain 3 save/restore helper [10222] exited with error status 255 there are two ways to fix above error. the first one is make such command store in the /usr/lib/xen/bin and /usr/lib64/xen/bin(symbol link to previous), e.g. qemu-dm. The second way is using private binder dir instead of libexec dir. e.g. xenconsole. For these cases, the latter one is suitable. Signed-off-by: Bamvor Jian Zhang <bjzhang@suse.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* | libxc: x86: ensure that the initial mapping fits into the guest's memoryIan Campbell2013-01-112-1/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In particular we need to check that adding 512KB of slack and rounding up to a 4MB boundary do not overflow the guest's memory allocation. Otherwise we run off the end of the p2m when building the guest's initial page tables and populate them with garbage. Wei noticed this when build tiny (2MB) mini-os domains. Reported-by: Wei Liu <Wei.Liu2@citrix.com> Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* | libxl: Set vfb and vkb devid if not done so by the callerJim Fehlig2013-01-111-20/+39
|/ | | | | | | | | | | Other devices set a sensible devid if the caller has not done so. Do the same for vfb and vkb. While at it, factor out the common code used to determine a sensible devid, so it can be used by other libxl__device_*_add functions. Signed-off-by: Jim Fehlig <jfehlig@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* flask: move policy headers into hypervisorDaniel De Graaf2013-01-104-47/+6
| | | | | | | | | | Rather than keeping around headers that are autogenerated in order to avoid adding build dependencies from xen/ to files in tools/, move the relevant parts of the FLASK policy into the hypervisor tree and generate the headers as part of the hypervisor's build. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Committed-by: Keir Fraser <keir@xen.org>
* hvmloader: Allocate 3 pages for Intel GPU OpRegion passthrough.Keir Fraser2013-01-103-3/+5
| | | | | | | The 8kB region may not be page aligned, hence requiring 3 pages to be mapped through. Signed-off-by: Keir Fraser <keir@xen.org>
* HVM firmware passthrough ACPI processingRoss Philipson2013-01-101-1/+53
| | | | | | | | | ACPI table passthrough support allowing additional static tables and SSDTs (AML code) to be loaded. These additional tables are added at the end of the secondary table list in the RSDT/XSDT tables. Signed-off-by: Ross Philipson <ross.philipson@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
* HVM firmware passthrough SMBIOS processingRoss Philipson2013-01-102-25/+363
| | | | | | | | | | | | Passthrough support for the SMBIOS structures including three new DMTF defined types and support for OEM defined tables. Passed in SMBIOS types override the default internal values. Default values can be enabled for the new type 22 portable battery using a xenstore flag. All other new DMTF defined and OEM structures will only be added to the SMBIOS table if passthrough values are present. Signed-off-by: Ross Philipson <ross.philipson@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
* HVM firmware passthrough control tools supportRoss Philipson2013-01-104-8/+135
| | | | | | | | | | | | Xen control tools support for loading the firmware passthrough blocks during domain construction. SMBIOS and ACPI blocks are passed in using the new xc_hvm_build_args structure. Each block is read and loaded into the new domain address space behind the HVMLOADER image. The base address for the two blocks is returned as an out parameter to the caller via the args structure. Signed-off-by: Ross Philipson <ross.philipson@citrix.com> Committed-by: Keir Fraser <keir@xen.org>
* tools/tests: Restrict some tests to x86 onlyIan Campbell2012-12-211-2/+2
| | | | | | | | MCE injection and x86_emulator are clearly x86 specific. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
* libxl: move definition of libxl_domain_config into the IDLIan Campbell2012-12-195-209/+18
| | | | | | Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* libxenstore: filter watch events in libxenstore when we unwatchJulien Grall2012-12-172-8/+97
| | | | | | | | | | | | | | | | | | | | XenStore puts in queued watch events via a thread and notifies the user. Sometimes xs_unwatch is called before all related message is read. The use case is non-threaded libevent, we have two event A and B: - Event A will destroy something and call xs_unwatch; - Event B is used to notify that a node has changed in XenStore. As the event is called one by one, event A can be handled before event B. So on next xs_watch_read the user could retrieve an unwatch token and a segfault occured if the token store the pointer of the structure (ie: "backend:0xcafe"). To avoid problem with previous application using libXenStore, this behaviour will only be enabled if XS_UNWATCH_FILTER is given to xs_open. Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Signed-off-by: Julien Grall <julien.grall@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
* libxl: introduce XSM relabel on buildDaniel De Graaf2012-12-137-14/+88
| | | | | | | | | | | | | | | | | | | | | | Allow a domain to be built under one security label and run using a different label. This can be used to prevent the domain builder or control domain from having the ability to access a guest domain's memory via map_foreign_range except during the build process where this is required. Example domain configuration snippet: seclabel='customer_1:vm_r:nomigrate_t' init_seclabel='customer_1:vm_r:nomigrate_t_building' Note: this does not provide complete protection from a malicious dom0; mappings created during the build process may persist after the relabel, and could be used to indirectly access the guest's memory. However, if dom0 correctly unmaps the domain upon building, a the domU is protected against dom0 becoming malicious in the future. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* libxl: qemu trad logdirty: Tolerate ENOENT on ret pathIan Jackson2012-12-131-1/+1
| | | | | | | | | | | It can happen in error conditions that lds->ret_path doesn't exist, and libxl__xs_read_checked signals this by setting got_ret=NULL. If this happens, fail without crashing. Reported-by: Alex Bligh <alex@alex.org.uk>, Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* tools/gdbsx: fix build failure with glibc-2.17Olaf Hering2012-12-061-0/+1
| | | | | Signed-off-by: Olaf Hering <olaf@aepfle.de> Committed-by: Keir Fraser <keir@xen.org>
* X86/vMCE: handle broken page with regard to migrationLiu Jinsong2012-12-064-3/+58
| | | | | | | | | | | | | | | | | | | | | | | At the sender xc_domain_save has a key point: 'to query the types of all the pages with xc_get_pfn_type_batch' 1) if broken page occur before the key point, migration will be fine since proper pfn_type and pfn number will be transferred to the target and then take appropriate action; 2) if broken page occur after the key point, whole system will crash and no need care migration any more; At the target Target will populates pages for guest. As for the case of broken page, we prefer to keep the type of the page for the sake of seamless migration. Target will set p2m as p2m_ram_broken for broken page. If guest access the broken page again it will kill itself as expected. Suggested-by: George Dunlap <george.dunlap@eu.citrix.com> Signed-off-by: Liu Jinsong <jinsong.liu@intel.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Tim Deegan <tim@xen.org> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* libxl: Make an internal function explicitly check existence of expected pathsGeorge Dunlap2012-12-061-20/+47
| | | | | | | | | | | | | | | | | | | | | | | libxl__device_disk_from_xs_be() was failing without error for some missing xenstore nodes in a backend, while assuming (without checking) that other nodes were valid, causing a crash when another internal error wrote these nodes in the wrong place. Make this function consistent by: * Checking the existence of all nodes before using * Choosing a default only when the node is not written in device_disk_add() * Failing with log msg if any node written by device_disk_add() is not present * Returning an error on failure * Disposing of the structure before returning using libxl_device_disk_displose() Also make the callers of the function pay attention to the error and behave appropriately. In the case of libxl__append_disk_list_of_type(), this means only incrementing *ndisks as the disk structures are successfully initialized. Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* xl: Check for duplicate vncdisplay options, and return an errorGeorge Dunlap2012-12-041-0/+11
| | | | | | | | | | | If the user has set a vnc display number both in vnclisten (with "xxxx:yy"), and with vncdisplay, throw an error. Update man pages to match. Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* libxl: fix wrong commentRoger Pau Monne2012-12-041-1/+1
| | | | | | | | | The comment in function libxl__try_phy_backend is wrong, 1 is returned if the backend should be handled as "phy", while 0 is returned if not. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* libxl: Fix bug in libxl_cdrom_insert, make more robust against bad xenstore dataGeorge Dunlap2012-11-271-1/+16
| | | | | | | | | | | | | | | | | libxl_cdrom_insert was failing to initialize the backend type, resulting in the wrong default backend. The result was not only that the CD was not inserted properly, but also that some improper xenstore entries were created, causing further block commands to fail. This patch fixes the bug by setting the disk backend type based on the type of the existing device. It also makes the system more robust by checking to see that it has got a valid path before proceeding to write a partial xenstore entry. Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* libxl: fix a variable underflow in libxl_wait_for_free_memoryRonny Hegewald2012-11-271-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | When xl is called to create a domU and there is not enough memory available, then the autoballooning is called to extract memory from dom0. During the ballooning a loop in libxl_wait_for_free_memory() waits unless enough memory is available to create the domU. But because of a variable-underflow the loop can finish too soon and xl finally aborts with the message: xc: error: panic: xc_dom_boot.c:161: xc_dom_boot_mem_init: can't allocate low memory for domain: Out of memory libxl: error: libxl_dom.c:430:libxl__build_pv: xc_dom_boot_mem_init failed: Device or resource busy libxl: error: libxl_create.c:901:domcreate_rebuild_done: cannot (re-)build domain: -3 The variable-underflow happens when freemem_slack is larger then info.free_pages*4, because the solution of this operation is converted implicit to a unsigned int to match the type of memory_kb. Add a extra check for this condition to solve the problem. Signed-off-by: Ronny Hegewald <Ronny.Hegewald@online.de> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* xenstore-chmod: handle arbitrary number of perms rather than MAX_PERMS constantChunyan Liu2012-11-271-21/+17
| | | | | | | | | | | Constant MAX_PERMS 16 is too small to use in some occasions, e.g. if there are more than 16 domU(s) on one hypervisor (it's easy to achieve) and one wants to do xenstore-chmod PATH to all domU(s). So, remove MAX_PERMS limitation and make it as arbitrary number of perms. Signed-off-by: Chunyan Liu <cyliu@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* xend: enable environment passing in xPopen3Olaf Hering2012-11-231-3/+2
| | | | | | | | | | In changeset 19990:38dd208e1d95 a new parameter 'env' was added to xPopen3, but no code was added to actually pass the environment down to execvpe. Also, the new code was unreachable. Signed-off-by: Olaf Hering <olaf@aepfle.de> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* xl: Suppress spurious warning message for cpupool-listGeorge Dunlap2012-11-231-1/+2
| | | | | | | | | | | | | | | | libxl_cpupool_list() enumerates the cpupools by "probing": calling cpupool_info, starting at 0 and stopping when it gets an error. However, cpupool_info will print an error when the call to xc_cpupool_getinfo() fails, resulting in every xl command that uses libxl_list_cpupool (such as cpupool-list) printing that error message spuriously. Since at the moment the times we want to print the message correspond with the use of the existing "exact" parameter, use it to decide whether to print the message or not. Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* xend: reinstate XendOptionsFile.get_external_migration_toolIan Campbell2012-11-202-0/+6
| | | | | | | | | | | This was removed by 26167:31dcc0e08754 "xend: Remove old vtpm support from xm" but at least one caller was left. Reinstate with s/TPM/device/ since it appears that this functionality could apply elsewhere. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* docs: document/mark-up SCHEDOP_*Ian Campbell2012-11-192-3/+16
| | | | | | | | | | | | | The biggest subtlety here is there additional argument when op == SCHEDOP_shutdown and reason == SHUTDOWN_suspend and its interpretation by xc_domain_{save,restore}. Add some clarifying comments to libxc as well. This patch moves some structs around but there is no functional change other than improved documentation. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* tools: Remove old vtpm stuff from tools/libxenMatthew Fioravante2012-11-196-516/+0
| | | | | | Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* xend: Remove old vtpm support from xmMatthew Fioravante2012-11-1916-507/+4
| | | | | | Signed-off-by: Matthew Fioravante <matthew.fioravante@jhuapl.edu> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>
* libxl: Fix passing of application data to timeout_deregister hookJim Fehlig2012-11-151-1/+1
| | | | | | | | | | When deregistering a timeout, the address of application data was being passed to the timeout_deregister hook instead of the data itself. Signed-off-by: Jim Fehlig <jfehlig@suse.com> Acked-by: Ian Campbell <ian.campbell@citrix.com> Committed-by: Ian Campbell <ian.campbell@citrix.com>