| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Just like Linux did many years ago, move them into a separate (data)
section, such that they no longer pollute instruction caches and TLBs.
Assertion frames, requiring two pointers to be stored, occupy two slots
in the array, with the second slot mimicking a frame the location
pointer of which doesn't match any address within .text or .init.text
(it effectively points back to the slot itself, which - being in a data
section - can't be reached by non-buggy execution).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
... using the new per-domain mapping management functions, adding
destroy_perdomain_mapping() to the previously introduced pair.
Rather than using an order-1 Xen heap allocation, use (currently 2)
individual domain heap pages to populate space in the per-domain
mapping area.
Also fix a benign off-by-one mistake in is_compat_arg_xlat_range().
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
| |
The emacs variable to set the C style from a local variable block is
c-file-style, not c-set-style.
Signed-off-by: David Vrabel <david.vrabel@citrix.com
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- fix super page frame table setup for memory hotplug case (should
create full table, or else the hotplug code would need to do the
necessary table population)
- simplify super page frame table setup (can re-use frame table setup
code)
- slightly streamline frame table setup code
- fix (tighten) a BUG_ON() and an ASSERT() condition
- fix spage <-> pdx conversion macros (they had no users so far, and
hence no-one noticed how broken they were)
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... and make restore conditional not only upon having saved the state,
but also upon whether saved state was actually modified (and register
values are known to have been preserved).
Note that RBP is unconditionally considered a volatile register (i.e.
irrespective of CONFIG_FRAME_POINTER), since the RBP handling would
become overly complicated due to the need to save/restore it on the
compat mode hypercall path [6th argument].
Note further that for compat mode code paths, saving/restoring R8...R15
is entirely unnecessary - we don't allow those guests to enter 64-bit
mode, and hence they have no way of seeing these registers' contents
(and there consequently also is no information leak, except if the
context saving domctl would be considered such).
Finally, note that this may not properly deal with gdbstub's needs, yet
(but if so, I can't really suggest adjustments, as I don't know that
code).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Apart from moving some code that is only used here from the header file
to the actual source one, this also
- moves interrupt[] into .init.data,
- prevents generating (unused) stubs for vectors below
FIRST_DYNAMIC_VECTOR, and
- shortens and sanitizes the names of the stubs.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
| |
The use of "or" in GET_CPUINFO_FIELD so far wasn't ideal, as it doesn't
lend itself to folding this operation with a possibly subsequent one
(e.g. the well known mov+add=lea conversion). Split out the sub-
operations, and shorten assembly code slightly with this.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
| |
'pushfq' pushes rflags, not eflags. Fix up naming of the structure.
No functional change.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
| |
This fixes the 32-bit build
Signed-off-by: Tim Deegan <tim@xen.org>
|
| |
|
|
|
|
|
|
|
| |
This conversion is a trivial invocation of virt_to_mfn in 64 bits.
In 32 bits it uses the linear_map.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
| |
Updates from gnu-efi 3.0m. UEFI 2.0 runtime services additions taken
from EDK 1.06.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
| |
|
|
|
| |
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changeset 19632:b0966b6f5180 wasn't really complete: The Xen image
mapping doesn't end at _end, but a full 16Mb gets mapped during boot
(and never got unmapped so far), hence all of this space was subject
to alias mappings when it comes to cache attribute changes. Unmap all
full large pages between _end and the 16Mb boundary, and include all
other pages beyond _end when checking for aliases.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
| |
Taken from gnu-efi-3.0k (slightly edited).
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
| |
When memory map sparseness reduction is in use, machine address ranges
can't validly be compared directly against the total size of the
direct mapping range.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
|
| |
|
|
|
|
|
|
| |
Move all extern declarations into appropriate header files.
This also fixes up a few places where the caller and the definition
had different signatures.
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
|
| |
|
|
|
|
|
|
|
| |
Most users can use _PAGE_NX_BIT directly.
The few genuine users in mm.c can do the cpu_has_nx check more clearly
in other ways.
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
| |
This fixes the build with perfc=y.
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
... thus allowing to make the entries half their current size. Rather
than adjusting all instances to the new layout, abstract the
construction the table entries via a macro (paralleling a similar one
in recent Linux).
Also change the name of the section (to allow easier detection of
missed cases) and merge the final resulting output sections into
.data.read_mostly.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
|
|
| |
These absolutely guarantee to read/write a uint*_t with a single atomic
processor instruction.
Also re-define atomic_read/atomic_write (act on atomic_t) similarly.
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
| |
We don't support !CONFIG_SMP.
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
|
| |
This is a prerequisite for allowing guest descheduling within a
hypercall.
Signed-off-by: Keir Fraser <keir@xen.org>
|
| |
|
|
|
|
| |
Largely this involves avoiding assumptions about 'struct cpu_info'.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current version of superpage mapping takes a PGT_writable
reference to every page in a superpage each time it is mapped. This
is extremely slow, so slow that applications become unusable.
My solution for this is to introduce a superpage table in the
hypervisor, similar to the frametable structure for pages. Currently
this table only has a type_info element. There are three types a
superpage can have, SGT_mark, SGT_dynamic, or SGT_none.
In normal operation, the first time a superpage is mapped, a
PGT_writable reference is taken to each page in the superpage, and the
superpage is set to type SGT_dynamic and the superpage typecount is
incremented. On subsequent mappings and unmappings, only the
superpage typecount changes. On the last unmap, the PGT_writable
reference on each page is removed.
The SGT_mark type is set and cleared through two new MMUEXT
hypercalls, mark_super and unmark_super. When the hypercall is made,
the superpage's type is set to SGT_mark and a PGT_writable reference
is taken to its pages. On unmark, the type is cleared and the
reference removed.
If a page is already set to SGT_dynamic when mark_super is called, the
type is changed to SGT_mark and no additional PGT_writable reference
is taken. If there are still outstanding mappings of this superpage
when unmark_super is called, the type is set to SGT_dynamic and the
PGT_writable reference is not removed.
Fast superpage mapping is only supported on 64 bit hypervisors. For
32 bit hyperviors, superpage mapping is supported but will be
extremely slow.
Signed-off-by: Dave McCracken <dave.mccracken@oracle.com>
|
| |
|
|
|
|
| |
At the same time, the data area starts life zeroed.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This has two advantages:
(a) We can move the allocations to a context where we can handle
failure.
(b) We can implement matching deallocations on CPU offline.
Only the idle vcpu structure is now not freed on CPU offline. This
probably does not really matter.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
|
| |
- remove redundant declarations
- add/move prototypes to headers
- move things where they belong to
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Avoid backing frame table holes with memory, when those holes are
large enough to cover an exact multiple of large pages. This is based
on the introduction of a bit map, where each bit represents one such
range, thus allowing mfn_valid() checks to easily filter out those
MFNs that now shouldn't be used to index the frame table.
This allows for saving a couple of 2M pages even on "normal" systems.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduces a virtual space conserving transformation on the MFN thus
far used to index 1:1 mapping and frame table, removing the largest
range of contiguous bits (below the most significant one) which are
zero for all valid MFNs from the MFN representation, to be used to
index into those arrays, thereby cutting the virtual range these
tables must cover approximately by half with each bit removed.
Since this should account for hotpluggable memory (in order to not
requiring a re-write when that gets supported), the determination of
which bits are candidates for removal must not be based on the E820
information, but instead has to use the SRAT. That in turn requires a
change to the ordering of steps done during early boot.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
| |
Extend the virtual range reserved for the 1:1 mapping to cover 5Tb,
and make the virtual size of the frame table gets match whatever the
1:1 table can cover.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
|
| |
The existing single page is not quite large enough to translate a
XENMEM_exchange hypercall with order=3D9. Since Linux uses
MAX_CONTIG_ORDER of 9 this seems like a reasonable upper bound to
support.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
| |
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the original logic already implied that the kernel part of the
guest's address space is identical on all vCPU-s (i.e. for all guest
processes), it didn't fully leverage the potential here: As long as
the top page table currently active is owned by the subject domain
(currently only Dom0), the stack dump can be done without extra
effort.
For x86-64, additionally add page table traversal so that the stack
can be dumped in all cases (unless it's invalid or user space).
I left the 32-bit variant of do_page_walk() unimplemented for the
moment as I couldn't convince myself using map_domain_page() there is
a good idea, and didn't want to introduce new fixmap entries either.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since it's only the string pointer representations that differ between
i386 and x86-64, abstract out those and make everything else shared.
While touching this code, also use
- proper instructions rather than a mixture of such and raw .byte/
.long/.quad data emissions,
- PC-relative pointers on x86-64 to cut the amount of storage (and
in particular cache space) needed for string references by half.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
| |
Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
|
| |
|
|
| |
Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also removes an inconsistency in that x86-64's __save_flags() had
a memory clobber, while x86_32's didn't.
It further adds type checking since blindly using {pop,push}{l,q} on a
memory operand of unknown size bares the risk of corrupting other
data.
Finally, it eliminates the redundant (with local_irq_restore())
__restore_flags() macro and renames __save_flags() to
local_save_flags(), making the naming consistent with Linux (again?).
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
| |
Hugepage support must be enabled via the hypervisor command line
option "allowhugepage". There is currently no support in the tools for
saving/restoring/migrating guests who use hugepages.
Signed-off-by: Dave McCracken <dave.mccracken@oracle.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since page table entries created through e.g. GNTTABOP_map_grant_ref
are being passed through adjust_guest_l1e(), they must not generally
get _PAGE_USER set - this will be taken care of by adjust_guest_l1e(),
and it will ensure that these don't get _PAGE_GLOBAL set
inadvertently.
Due to the implied security aspect here (_PAGE_GLOBAL getting set on
kernel pages for x86-64), I'd like to ask that this also be applied to
older maintained branches.
At the same time, set _PAGE_NX for pte-s created for grants (as long
as hardware supports it), since it should be only data pages that remote
domains are being given access to.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
|
|
|
|
| |
A 32on64 guest cannot copy an existing pinned L3 entry to use as a new
L3 because COMPAT_L3_DISALLOW_MASK contains bits which are added to L3
entries by adjust_guest_l3e (U/S & R/W) or by the hardware (A & D).
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Linux started to use one of the 3 low available bits, _PAGE_IO
needed to be moved to a different one. Not remembering about
_PAGE_GNTTAB in debug hypervisors, I ended up assigning it to the same
bit, which made the kernel fail on the debug hypervisor. However,
rather than fixing the kernel it seems more appropriate for the
hypervisor to stay away from these bits, not the least because its
definition was anyway accompanied by a warning that this may be
incompatible with certain OSes.
While obviously the hypervisor has to use some bit (and it's therefore
unavoidable that there's some risk of collision), using one of the
high available bits seems to be the better choice over using one of
the three low ones. Since in 32-bit mode these bits are reserved, the
patch disables the functionality here. The only reasonable alternative
I would see is to disable the functionality by default, but add a
command line option to specify which bit to use.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
