| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Building upon the extended retry logic we can now also make sure to
not ignore errors resulting from writing data back to guest memory.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Multiplying a signed 32-bit quantity with an unsigned 32-bit quantity
produces an unsigned 32-bit result, yet for emulation of backward
string instructions we need the result sign extended before getting
added to the base address.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignoring them generally implies using uninitialized data and, in all
but two of the cases dealt with here, potentially leaking hypervisor
stack contents to guests.
This is CVE-2013-4355 / XSA-63.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
|
|
|
|
|
| |
The emacs variable to set the C style from a local variable block is
c-file-style, not c-set-style.
Signed-off-by: David Vrabel <david.vrabel@citrix.com
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ATS device driver that support PASID [1] and PRI [2] capabilites needs
to work with iommu driver in guest OS. We have to expose iommu
functionality to HVM guest, if we want assign ATS device to it. A new
hypervisor mmio handler is added to intercept iommu mmio accesses from
guest.
Signed-off-by: Wei Wang <wei.wang2@amd.com>
[1] http://www.pcisig.com/specifications/pciexpress/specifications/ECN-PASID-ATS-2011-03-31.pdf
[2] http://www.pcisig.com/members/downloads/specifications/iov/ats_r1.1_26Jan09.pdf
Committed-by: Jan Beulich <jbeulich@suse.com>
|
|
|
|
|
|
|
|
|
|
| |
This patch moves some more, mostly data, extern declarations into
header files. I haven't been as strict as I was with functions;
in particular there are a number of declarations of assembler labels
that are only used in one place. I've also left a few compat-mode
tricks, and all the magic in symbols.c
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is accomplished by converting a couple of embedded arrays (in one
case a structure containing an array) into separately allocated
pointers, and (just as for struct arch_vcpu in a prior patch)
overlaying some PV-only fields with HVM-only ones.
One particularly noteworthy change in the opposite direction is that
of PITState - this field so far lived in the HVM-only portion, but is
being used by PV guests too, and hence needed to be moved out of
struct hvm_domain.
The change to XENMEM_set_memory_map (and hence libxl__build_pre() and
the movement of the E820 related pieces to struct pv_domain) are
subject to a positive response to a query sent to xen-devel regarding
the need for this to happen for HVM guests (see
http://lists.xensource.com/archives/html/xen-devel/2011-03/msg01848.html).
The protection of arch.hvm_domain.irq.dpci accesses by is_hvm_domain()
is subject to confirmation that the field is used for HVM guests only
(see
http://lists.xensource.com/archives/html/xen-devel/2011-03/msg02004.html).
In the absence of any reply to these queries, and given the early
state of 4.2 development, I think it should be acceptable to take the
risk of having to later undo/redo some of this.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
|
|
|
|
|
| |
Add a missing line to record the type passed into
register_io_handler()
Without this line, the BUFFERED_IO handler was never called.
Signed-off-by: Wei Gang <gang.wei@intel.com>
|
|
|
|
|
|
|
|
| |
By default, Xen will handle the old ACPI IO port. But it can switch to
the new one by setting the HVM_PARAM_ACPI_IOPORTS_LOCATION to 1.
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
| |
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Keir Fraser <keir@xen.org>
|
|
|
|
|
|
|
|
|
| |
If pages cannot be unshared immediately (due to lack of free memory required to
create private copies) the VCPU under emulation is paused, and the emulator
returns X86EMUL_RETRY, which will get resolved after some memory is freed back
to Xen (possibly through host paging).
Signed-off-by: Grzegorz Milos <Grzegorz.Milos@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
A new HVMCOPY return value, HVMCOPY_gfn_paged_out is defined to indicate that
a gfn was paged out. This value and PFEC_page_paged, as appropriate, are
caught and passed up as X86EMUL_RETRY to the emulator. This will cause the
emulator to keep retrying the operation until is succeeds (once the page has
been paged in).
Signed-off-by: Patrick Colp <Patrick.Colp@citrix.com>
|
|
|
|
|
|
|
| |
Make various data items const or __read_mostly where
possible/reasonable.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
|
|
|
|
| |
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
|
|
|
| |
Add a new parameter to DOMCTL_bind_pt_irq to allow Xen to know the
guest physical address of MSI-X table. Also add a new MMIO intercept
handler to intercept that gpa in order to handle MSI-X vector mask
bit operation in the hypervisor. This reduces the load of device model
considerably if the guest does mask and unmask frequently
Signed-off-by: Qing He <qing.he@intel.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
|
| |
We continue to use it in asm where it is a greater convenience and
where also it is much more clearly correct.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
| |
Signed-off-by: Weidong Han <weidong.han@intel.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
| |
Re-factor VMX real-mode emulation to use the same harness.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
| |
instructions.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
| |
padding to ioreq and buf_ioreq structs.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
| |
Also, disable stdvga caching on hvm save/restore, as the shadow vga
state is not preserved.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
Corrected a bug in the stdvga code where it did not properly handle 32
bit operations. The buf_ioreq_t can now store 32 bits of data.
Signed-off-by: Robert Phillips <rphillips@virtualiron.com>
Signed-off-by: Ben Guthro <bguthro@virtualiron.com>
|
|
|
|
|
| |
use of volatile too).
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch improves the performance of Standard VGA,
the mode used during Windows boot and by the Linux
splash screen.
It does so by buffering all the stdvga programmed output ops
and memory mapped ops (both reads and writes) that are sent to QEMU.
We maintain locally essential VGA state so we can respond
immediately to input and read ops without waiting for
QEMU. We snoop output and write ops to keep our state
up-to-date.
PIO input ops are satisfied from cached state without
bothering QEMU.
PIO output and mmio ops are passed through to QEMU, including
mmio read ops. This is necessary because mmio reads
can have side effects.
I have changed the format of the buffered_iopage.
It used to contain 80 elements of type ioreq_t (48 bytes each).
Now it contains 672 elements of type buf_ioreq_t (6 bytes each).
Being able to pipeline 8 times as many ops improves
VGA performance by a factor of 8.
I changed hvm_buffered_io_intercept to use the same
registration and callback mechanism as hvm_portio_intercept
rather than the hacky hardcoding it used before.
In platform.c, I fixed send_timeoffset_req() to sets its
ioreq size to 8 (rather than 4), and its count to 1 (which
was missing).
Signed-off-by: Ben Guthro <bguthro@virtualron.com>
Signed-off-by: Robert Phillips <rphillips@virtualiron.com>
|
|
|
|
|
| |
Signed-off-by: Allen Kay <allen.m.kay@intel.com>
Signed-off-by: Guy Zana <guy@neocleus.com>
|
|
|
|
|
|
| |
for intercepted mmio access too.
Signed-off-by: Steven Hand <steven@xensource.com>
|
|
|
|
|
|
|
|
|
|
| |
checks are done under an appropriate lock, allowing the lock-free
protocols surrounding this boolean to be removed.
Also simplification and fixes to code for setting/zapping the ioreq
and buf_ioreq shared pages.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
|
|
| |
On each rtc time update from the hvm domain, we send an ioreq request
to qemu which then updates the time offset xenstore entry. The time
offset is preserved across reboot and can be set on domain creation
by setting the rtc_timeoffset variable in a config file.
From: Andrei Petrov <andrei.petrov@xensource.com>
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
|
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
|
|
|
| |
Pass a buffer and size through instead of fixed-size structure.
Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- All entries are now defined as structs and saved/restored
in self-contained operations.
- Save/restore operations are type-safe, to tie each entry's
typecode to a particular struct and its length.
- Save/restore handlers are registered once per host instead of
per domain.
- Detect buffer overrun before it happens and abort.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Retain safe_strcpy(). It can hide the third argument to strlcpy() in
most cases.
Based on patches from Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|/
|
|
|
|
|
| |
(Since we wouldn't load it anyway)
Also tidy up the plumbing around the hypercalls.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
|
|
|
|
| |
There are various cases where no NULL-terminated strings are
guaranteed and eventual possible overflows. This patch fixes them.
From: Christoph Egger <Christoph.Egger@amd.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
|
|
|
| |
Define public structure for the saved PIT data and use it instead
of a series of explicit loads and stores.
Don't save ephemeral Xen timer structs; rebuild them instead.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
|
|
|
|
|
|
| |
Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
save/restore all dev state in HV such as PIT/PIC/APIC
|
|
|
|
|
|
| |
Signed-off-by: Zhai Edwin <edwin.zhai@intel.com>
add a pair of hyper-call for hvm guest context
|
|
|
|
| |
Signed-off-by: Emmanuel Ackaouy <ack@xensource.com>
|
|
|
|
|
|
| |
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
Signed-off-by: Eddie Dong <eddie.dong@intel.com>
Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
programmed as periodic timer and adds them to abstract layer, which
keeps track of pending_intr_nr to avoid time interrupt lost and
sync'ed timer with TSC.
It also makes some cleanup to the time related code.
Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
Signed-off-by: Yunhong Jiang <yunhong.jiang@intel.com>
|
|
|
|
|
|
|
|
|
|
|
| |
It is much more dangerous than domain_crash() because it
stops execution of teh current context regardless of
current state (e.g., IRQs disabled, locks held).
The preferred method to crash a domain is domain_crash()
and error return to the caller.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
| |
can wake it up now.
Signed-off-by: Xin Li <xin.b.li@intel.com>
|
|
|
|
|
|
|
|
| |
and extra code in hvm_vcpu_initialise(). Remove 'apic' config
option -- HVM CPUs will always have an APIC (which should be
set up in virtual wire mode for backward compatibility, just as
in a real system).
Signed-off-by: Keir Fraser <keir@xensource.com>
|