[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] Merge latest xen-unstable into xen-ia64-unstable



# HG changeset patch
# User djm@xxxxxxxxxxxxxxx
# Node ID ef9591d03fdd96c4d290280fd3620e00f8a5ff2b
# Parent  eaedc6b4ec0fdbb5b14ac62f0854477f50fa55b2
# Parent  811559fb02ab1e1c5a7731895bd57ca7f9d6dbfe
Merge latest xen-unstable into xen-ia64-unstable

diff -r eaedc6b4ec0f -r ef9591d03fdd Makefile
--- a/Makefile  Fri Sep 23 21:41:28 2005
+++ b/Makefile  Mon Sep 26 17:07:49 2005
@@ -164,7 +164,7 @@
 uninstall: DESTDIR=
 uninstall: D=$(DESTDIR)
 uninstall:
-       [ -d $(D)/etc/xen ] && mv -f $(D)/etc/xen $(D)/etc/xen.old-`date +%s`
+       [ -d $(D)/etc/xen ] && mv -f $(D)/etc/xen $(D)/etc/xen.old-`date +%s` 
|| true
        rm -rf $(D)/etc/init.d/xend*
        rm -rf $(D)/etc/hotplug/xen-backend.agent
        rm -rf $(D)/var/run/xen* $(D)/var/lib/xen*
diff -r eaedc6b4ec0f -r ef9591d03fdd docs/src/user/installation.tex
--- a/docs/src/user/installation.tex    Fri Sep 23 21:41:28 2005
+++ b/docs/src/user/installation.tex    Mon Sep 26 17:07:49 2005
@@ -21,6 +21,9 @@
 \item [$\dag$] The \path{iproute2} package.
 \item [$\dag$] The Linux bridge-utils\footnote{Available from {\tt
       http://bridge.sourceforge.net}} (e.g., \path{/sbin/brctl})
+\item [$\dag$] The Linux hotplug system\footnote{Available from {\tt
+      http://linux-hotplug.sourceforge.net/}} (e.g., \path{/sbin/hotplug}
+      and related scripts)
 \item [$\dag$] An installation of Twisted~v1.3 or
   above\footnote{Available from {\tt http://www.twistedmatrix.com}}.
   There may be a binary package available for your distribution;
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c
--- a/linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c       Fri Sep 23 
21:41:28 2005
+++ b/linux-2.6-xen-sparse/arch/xen/i386/kernel/smpboot.c       Mon Sep 26 
17:07:49 2005
@@ -1394,9 +1394,7 @@
                        return;
 
                /* get the state value */
-               xenbus_transaction_start("cpu");
                err = xenbus_scanf(dir, "availability", "%s", state);
-               xenbus_transaction_end(0);
 
                if (err != 1) {
                        printk(KERN_ERR
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/arch/xen/kernel/reboot.c
--- a/linux-2.6-xen-sparse/arch/xen/kernel/reboot.c     Fri Sep 23 21:41:28 2005
+++ b/linux-2.6-xen-sparse/arch/xen/kernel/reboot.c     Mon Sep 26 17:07:49 2005
@@ -324,7 +324,7 @@
     int err;
 
  again:
-    err = xenbus_transaction_start("control");
+    err = xenbus_transaction_start();
     if (err)
        return;
     str = (char *)xenbus_read("control", "shutdown", NULL);
@@ -337,7 +337,7 @@
     xenbus_write("control", "shutdown", "");
 
     err = xenbus_transaction_end(0);
-    if (err == -ETIMEDOUT) {
+    if (err == -EAGAIN) {
        kfree(str);
        goto again;
     }
@@ -366,7 +366,7 @@
     int err;
 
  again:
-    err = xenbus_transaction_start("control");
+    err = xenbus_transaction_start();
     if (err)
        return;
     if (!xenbus_scanf("control", "sysrq", "%c", &sysrq_key)) {
@@ -379,7 +379,7 @@
        xenbus_printf("control", "sysrq", "%c", '\0');
 
     err = xenbus_transaction_end(0);
-    if (err == -ETIMEDOUT)
+    if (err == -EAGAIN)
        goto again;
 
     if (sysrq_key != '\0') {
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/drivers/xen/blkback/xenbus.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkback/xenbus.c Fri Sep 23 21:41:28 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkback/xenbus.c Mon Sep 26 17:07:49 2005
@@ -80,8 +80,9 @@
                return;
        }
 
+again:
        /* Supply the information about the device the frontend needs */
-       err = xenbus_transaction_start(be->dev->nodename);
+       err = xenbus_transaction_start();
        if (err) {
                xenbus_dev_error(be->dev, err, "starting transaction");
                return;
@@ -119,7 +120,15 @@
                goto abort;
        }
 
-       xenbus_transaction_end(0);
+       err = xenbus_transaction_end(0);
+       if (err == -EAGAIN)
+               goto again;
+       if (err) {
+               xenbus_dev_error(be->dev, err, "ending transaction",
+                                ring_ref, evtchn);
+               goto abort;
+       }
+
        xenbus_dev_ok(be->dev);
 
        return;
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c      Fri Sep 23 
21:41:28 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/blkfront/blkfront.c      Mon Sep 26 
17:07:49 2005
@@ -572,7 +572,8 @@
                goto out;
        }
 
-       err = xenbus_transaction_start(dev->nodename);
+again:
+       err = xenbus_transaction_start();
        if (err) {
                xenbus_dev_error(dev, err, "starting transaction");
                goto destroy_blkring;
@@ -603,6 +604,8 @@
 
        err = xenbus_transaction_end(0);
        if (err) {
+               if (err == -EAGAIN)
+                       goto again;
                xenbus_dev_error(dev, err, "completing transaction");
                goto destroy_blkring;
        }
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c      Fri Sep 23 
21:41:28 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/netfront/netfront.c      Mon Sep 26 
17:07:49 2005
@@ -1122,7 +1122,8 @@
                goto out;
        }
 
-       err = xenbus_transaction_start(dev->nodename);
+again:
+       err = xenbus_transaction_start();
        if (err) {
                xenbus_dev_error(dev, err, "starting transaction");
                goto destroy_ring;
@@ -1160,6 +1161,8 @@
 
        err = xenbus_transaction_end(0);
        if (err) {
+               if (err == -EAGAIN)
+                       goto again;
                xenbus_dev_error(dev, err, "completing transaction");
                goto destroy_ring;
        }
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/drivers/xen/tpmback/xenbus.c
--- a/linux-2.6-xen-sparse/drivers/xen/tpmback/xenbus.c Fri Sep 23 21:41:28 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/tpmback/xenbus.c Mon Sep 26 17:07:49 2005
@@ -93,7 +93,8 @@
         * Tell the front-end that we are ready to go -
         * unless something bad happens
         */
-       err = xenbus_transaction_start(be->dev->nodename);
+again:
+       err = xenbus_transaction_start();
        if (err) {
                xenbus_dev_error(be->dev, err, "starting transaction");
                return;
@@ -127,7 +128,14 @@
                goto abort;
        }
 
-       xenbus_transaction_end(0);
+       err = xenbus_transaction_end(0);
+       if (err == -EAGAIN)
+               goto again;
+       if (err) {
+               xenbus_dev_error(be->dev, err, "end of transaction");
+               goto abort;
+       }
+
        xenbus_dev_ok(be->dev);
        return;
 abort:
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c
--- a/linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c      Fri Sep 23 
21:41:28 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/tpmfront/tpmfront.c      Mon Sep 26 
17:07:49 2005
@@ -331,7 +331,8 @@
                goto out;
        }
 
-       err = xenbus_transaction_start(dev->nodename);
+again:
+       err = xenbus_transaction_start();
        if (err) {
                xenbus_dev_error(dev, err, "starting transaction");
                goto destroy_tpmring;
@@ -363,6 +364,8 @@
        }
 
        err = xenbus_transaction_end(0);
+       if (err == -EAGAIN)
+               goto again;
        if (err) {
                xenbus_dev_error(dev, err, "completing transaction");
                goto destroy_tpmring;
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c
--- a/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c       Fri Sep 23 
21:41:28 2005
+++ b/linux-2.6-xen-sparse/drivers/xen/xenbus/xenbus_xs.c       Mon Sep 26 
17:07:49 2005
@@ -287,12 +287,11 @@
 
 /* Start a transaction: changes by others will not be seen during this
  * transaction, and changes will not be visible to others until end.
- * Transaction only applies to the given subtree.
  * You can only have one transaction at any time.
  */
-int xenbus_transaction_start(const char *subtree)
-{
-       return xs_error(xs_single(XS_TRANSACTION_START, subtree, NULL));
+int xenbus_transaction_start(void)
+{
+       return xs_error(xs_single(XS_TRANSACTION_START, "", NULL));
 }
 EXPORT_SYMBOL(xenbus_transaction_start);
 
diff -r eaedc6b4ec0f -r ef9591d03fdd 
linux-2.6-xen-sparse/include/asm-xen/xenbus.h
--- a/linux-2.6-xen-sparse/include/asm-xen/xenbus.h     Fri Sep 23 21:41:28 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/xenbus.h     Mon Sep 26 17:07:49 2005
@@ -87,7 +87,7 @@
 int xenbus_mkdir(const char *dir, const char *node);
 int xenbus_exists(const char *dir, const char *node);
 int xenbus_rm(const char *dir, const char *node);
-int xenbus_transaction_start(const char *subtree);
+int xenbus_transaction_start(void);
 int xenbus_transaction_end(int abort);
 
 /* Single read and scanf: returns -errno or num scanned if > 0. */
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/examples/Makefile
--- a/tools/examples/Makefile   Fri Sep 23 21:41:28 2005
+++ b/tools/examples/Makefile   Mon Sep 26 17:07:49 2005
@@ -25,19 +25,13 @@
 XEN_SCRIPTS += block-file
 XEN_SCRIPTS += block-enbd
 
-# no 64-bit specifics in mem-map.sxp
-# so place in /usr/lib, not /usr/lib64
-XEN_BOOT_DIR = /usr/lib/xen/boot
-XEN_BOOT = mem-map.sxp
-
 XEN_HOTPLUG_DIR = /etc/hotplug
 XEN_HOTPLUG_SCRIPTS = xen-backend.agent
 
 all:
 build:
 
-install: all install-initd install-configs install-scripts install-boot \
-        install-hotplug
+install: all install-initd install-configs install-scripts install-hotplug
 
 install-initd:
        [ -d $(DESTDIR)/etc/init.d ] || $(INSTALL_DIR) $(DESTDIR)/etc/init.d
@@ -62,14 +56,6 @@
            $(INSTALL_PROG) $$i $(DESTDIR)$(XEN_SCRIPT_DIR); \
        done
 
-install-boot:
-       [ -d $(DESTDIR)$(XEN_BOOT_DIR) ] || \
-               $(INSTALL_DIR) $(DESTDIR)$(XEN_BOOT_DIR)
-       for i in $(XEN_BOOT); \
-           do [ -a $(DESTDIR)$(XEN_BOOT_DIR)/$$i ] || \
-           $(INSTALL_PROG) $$i $(DESTDIR)$(XEN_BOOT_DIR); \
-       done
-
 install-hotplug:
        [ -d $(DESTDIR)$(XEN_HOTPLUG_DIR) ] || \
                $(INSTALL_DIR) $(DESTDIR)$(XEN_HOTPLUG_DIR)
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/examples/xmexample.vmx
--- a/tools/examples/xmexample.vmx      Fri Sep 23 21:41:28 2005
+++ b/tools/examples/xmexample.vmx      Mon Sep 26 17:07:49 2005
@@ -60,9 +60,6 @@
 # New stuff
 device_model = '/usr/' + arch_libdir + '/xen/bin/qemu-dm'
 
-# Advanced users only. Don't touch if you don't know what you're doing
-memmap = '/usr/lib/xen/boot/mem-map.sxp'
-
 #-----------------------------------------------------------------------------
 # Disk image for 
 #cdrom=
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/firmware/vmxassist/Makefile
--- a/tools/firmware/vmxassist/Makefile Fri Sep 23 21:41:28 2005
+++ b/tools/firmware/vmxassist/Makefile Mon Sep 26 17:07:49 2005
@@ -44,7 +44,7 @@
 vmxloader: roms.h vmxloader.c acpi.h acpi_madt.c
        ${CC} ${CFLAGS} ${DEFINES} -c vmxloader.c -c acpi_madt.c
        $(CC) -o vmxloader.tmp -m32 -nostdlib -Wl,-N -Wl,-Ttext -Wl,0x100000 
vmxloader.o acpi_madt.o
-       objcopy --change-addresses=0xC0000000 vmxloader.tmp vmxloader
+       objcopy vmxloader.tmp vmxloader
        rm -f vmxloader.tmp
 
 vmxassist.bin: vmxassist.ld ${OBJECTS}
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/firmware/vmxassist/vmxloader.c
--- a/tools/firmware/vmxassist/vmxloader.c      Fri Sep 23 21:41:28 2005
+++ b/tools/firmware/vmxassist/vmxloader.c      Mon Sep 26 17:07:49 2005
@@ -34,28 +34,39 @@
 /*
  * C runtime start off
  */
-asm("                                  \n\
-       .text                           \n\
-       .globl  _start                  \n\
-_start:                                        \n\
-       cli                             \n\
-       movl    $stack_top, %esp        \n\
-       movl    %esp, %ebp              \n\
-       call    main                    \n\
-       jmp     halt                    \n\
-                                       \n\
-       .globl  halt                    \n\
-halt:                                  \n\
-       sti                             \n\
-       jmp     .                       \n\
-                                       \n\
-       .bss                            \n\
-       .align  8                       \n\
-       .globl  stack, stack_top        \n\
-stack:                                 \n\
-       .skip   0x4000                  \n\
-stack_top:                             \n\
-");
+asm(
+"      .text                           \n"
+"      .globl  _start                  \n"
+"_start:                               \n"
+"      cld                             \n"
+"      cli                             \n"
+"      lgdt    gdt_desr                \n"
+"      movl    $stack_top, %esp        \n"
+"      movl    %esp, %ebp              \n"
+"      call    main                    \n"
+"      jmp     halt                    \n"
+"                                      \n"
+"gdt_desr:                             \n"
+"      .word   gdt_end - gdt - 1       \n"
+"      .long   gdt                     \n"
+"                                      \n"
+"      .align  8                       \n"
+"gdt:                                  \n"
+"      .quad   0x0000000000000000      \n"
+"      .quad   0x00CF92000000FFFF      \n"
+"      .quad   0x00CF9A000000FFFF      \n"
+"gdt_end:                              \n"
+"                                      \n"
+"halt:                                 \n"
+"      sti                             \n"
+"      jmp     .                       \n"
+"                                      \n"
+"      .bss                            \n"
+"      .align  8                       \n"
+"stack:                                        \n"
+"      .skip   0x4000                  \n"
+"stack_top:                            \n"
+);
 
 void *
 memcpy(void *dest, const void *src, unsigned n)
@@ -95,7 +106,7 @@
 }
 
 int
-main()
+main(void)
 {
        puts("VMXAssist Loader\n");
        puts("Loading ROMBIOS ...\n");
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/ioemu/hw/cirrus_vga.c
--- a/tools/ioemu/hw/cirrus_vga.c       Fri Sep 23 21:41:28 2005
+++ b/tools/ioemu/hw/cirrus_vga.c       Mon Sep 26 17:07:49 2005
@@ -231,6 +231,8 @@
     int cirrus_linear_io_addr;
     int cirrus_linear_bitblt_io_addr;
     int cirrus_mmio_io_addr;
+    unsigned long cirrus_lfb_addr;
+    unsigned long cirrus_lfb_end;
     uint32_t cirrus_addr_mask;
     uint32_t linear_mmio_mask;
     uint8_t cirrus_shadow_gr0;
@@ -2447,6 +2449,10 @@
 {
     unsigned mode;
 
+    extern void unset_vram_mapping(unsigned long addr, unsigned long end);
+    extern void set_vram_mapping(unsigned long addr, unsigned long end);
+    extern int vga_accelerate;
+
     if ((s->sr[0x17] & 0x44) == 0x44) {
         goto generic_io;
     } else if (s->cirrus_srcptr != s->cirrus_srcptr_end) {
@@ -2454,17 +2460,21 @@
     } else {
        if ((s->gr[0x0B] & 0x14) == 0x14) {
             goto generic_io;
-       } else if (s->gr[0x0B] & 0x02) {
-            goto generic_io;
-        }
-        
-       mode = s->gr[0x05] & 0x7;
-       if (mode < 4 || mode > 5 || ((s->gr[0x0B] & 0x4) == 0)) {
+    } else if (s->gr[0x0B] & 0x02) {
+        goto generic_io;
+    }
+
+    mode = s->gr[0x05] & 0x7;
+    if (mode < 4 || mode > 5 || ((s->gr[0x0B] & 0x4) == 0)) {
+            if (vga_accelerate && s->cirrus_lfb_addr && s->cirrus_lfb_end)
+                set_vram_mapping(s->cirrus_lfb_addr, s->cirrus_lfb_end);
             s->cirrus_linear_write[0] = cirrus_linear_mem_writeb;
             s->cirrus_linear_write[1] = cirrus_linear_mem_writew;
             s->cirrus_linear_write[2] = cirrus_linear_mem_writel;
         } else {
         generic_io:
+            if (vga_accelerate && s->cirrus_lfb_addr && s->cirrus_lfb_end)
+                 unset_vram_mapping(s->cirrus_lfb_addr, s->cirrus_lfb_end);
             s->cirrus_linear_write[0] = cirrus_linear_writeb;
             s->cirrus_linear_write[1] = cirrus_linear_writew;
             s->cirrus_linear_write[2] = cirrus_linear_writel;
@@ -3058,6 +3068,8 @@
     /* XXX: add byte swapping apertures */
     cpu_register_physical_memory(addr, s->vram_size,
                                 s->cirrus_linear_io_addr);
+    s->cirrus_lfb_addr = addr;
+    s->cirrus_lfb_end = addr + VGA_RAM_SIZE;
     cpu_register_physical_memory(addr + 0x1000000, 0x400000,
                                 s->cirrus_linear_bitblt_io_addr);
 }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/ioemu/hw/pc.c
--- a/tools/ioemu/hw/pc.c       Fri Sep 23 21:41:28 2005
+++ b/tools/ioemu/hw/pc.c       Mon Sep 26 17:07:49 2005
@@ -385,6 +385,7 @@
     unsigned long bios_offset, vga_bios_offset;
     int bios_size, isa_bios_size;
     PCIBus *pci_bus;
+    extern void * shared_vram;
     
     linux_boot = (kernel_filename != NULL);
 
@@ -511,14 +512,14 @@
     if (cirrus_vga_enabled) {
         if (pci_enabled) {
             pci_cirrus_vga_init(pci_bus, 
-                                ds, phys_ram_base + ram_size, ram_size, 
+                                ds, shared_vram, ram_size, 
                                 vga_ram_size);
         } else {
-            isa_cirrus_vga_init(ds, phys_ram_base + ram_size, ram_size, 
+            isa_cirrus_vga_init(ds, shared_vram, ram_size, 
                                 vga_ram_size);
         }
     } else {
-        vga_initialize(pci_bus, ds, phys_ram_base + ram_size, ram_size, 
+        vga_initialize(pci_bus, ds, shared_vram, ram_size, 
                        vga_ram_size);
     }
 
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/ioemu/hw/vga.c
--- a/tools/ioemu/hw/vga.c      Fri Sep 23 21:41:28 2005
+++ b/tools/ioemu/hw/vga.c      Mon Sep 26 17:07:49 2005
@@ -1568,6 +1568,8 @@
             s->graphic_mode = graphic_mode;
             full_update = 1;
         }
+
+        full_update = 1;
         switch(graphic_mode) {
         case GMODE_TEXT:
             vga_draw_text(s, full_update);
@@ -1848,6 +1850,7 @@
                      unsigned long vga_ram_offset, int vga_ram_size)
 {
     int i, j, v, b;
+    extern void* shared_vram;
 
     for(i = 0;i < 256; i++) {
         v = 0;
@@ -1876,7 +1879,7 @@
 
     /* qemu's vga mem is not detached from phys_ram_base and can cause DM abort
      * when guest write vga mem, so allocate a new one */
-    s->vram_ptr = qemu_mallocz(vga_ram_size);
+    s->vram_ptr = shared_vram;
 
     s->vram_offset = vga_ram_offset;
     s->vram_size = vga_ram_size;
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/ioemu/target-i386-dm/helper2.c
--- a/tools/ioemu/target-i386-dm/helper2.c      Fri Sep 23 21:41:28 2005
+++ b/tools/ioemu/target-i386-dm/helper2.c      Mon Sep 26 17:07:49 2005
@@ -54,6 +54,8 @@
 #include "exec-all.h"
 #include "vl.h"
 
+void *shared_vram;
+
 shared_iopage_t *shared_page = NULL;
 extern int reset_requested;
 
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/ioemu/vl.c
--- a/tools/ioemu/vl.c  Fri Sep 23 21:41:28 2005
+++ b/tools/ioemu/vl.c  Mon Sep 26 17:07:49 2005
@@ -134,6 +134,7 @@
 int prep_enabled = 0;
 int rtc_utc = 1;
 int cirrus_vga_enabled = 1;
+int vga_accelerate = 1;
 int graphic_width = 800;
 int graphic_height = 600;
 int graphic_depth = 15;
@@ -141,6 +142,12 @@
 TextConsole *vga_console;
 CharDriverState *serial_hds[MAX_SERIAL_PORTS];
 int xc_handle;
+unsigned long *vgapage_array;
+unsigned long *freepage_array;
+unsigned long free_pages;
+void *vtop_table;
+unsigned long toptab;
+unsigned long vgaram_pages;
 
 /***********************************************************/
 /* x86 ISA bus support */
@@ -2162,6 +2169,7 @@
            "-isa            simulate an ISA-only system (default is PCI 
system)\n"
            "-std-vga        simulate a standard VGA card with VESA Bochs 
Extensions\n"
            "                (default is CL-GD5446 PCI VGA)\n"
+           "-vgaacc [0|1]   1 to accelerate CL-GD5446 speed, default is 1\n"
 #endif
            "-loadvm file    start right away with a saved state (loadvm in 
monitor)\n"
            "\n"
@@ -2251,6 +2259,7 @@
     QEMU_OPTION_serial,
     QEMU_OPTION_loadvm,
     QEMU_OPTION_full_screen,
+    QEMU_OPTION_vgaacc,
 };
 
 typedef struct QEMUOption {
@@ -2327,6 +2336,7 @@
     { "pci", 0, QEMU_OPTION_pci },
     { "nic-pcnet", 0, QEMU_OPTION_nic_pcnet },
     { "cirrusvga", 0, QEMU_OPTION_cirrusvga },
+    { "vgaacc", HAS_ARG, QEMU_OPTION_vgaacc },
     { NULL },
 };
 
@@ -2342,6 +2352,177 @@
 #define NET_IF_TUN   0
 #define NET_IF_USER  1
 #define NET_IF_DUMMY 2
+
+#include <xg_private.h>
+
+#define L1_PROT (_PAGE_PRESENT|_PAGE_RW|_PAGE_ACCESSED|_PAGE_USER)
+#define L2_PROT (_PAGE_PRESENT|_PAGE_RW|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_USER)
+
+#ifdef __i386__
+#define _LEVEL_3_ 0
+#else
+#define _LEVEL_3_ 1
+#endif
+
+#if _LEVEL_3_
+#define L3_PROT (_PAGE_PRESENT)
+#define L1_PAGETABLE_ENTRIES    512
+#else
+#define L1_PAGETABLE_ENTRIES    1024
+#endif
+
+inline int
+get_vl2_table(unsigned long count, unsigned long start)
+{
+#if _LEVEL_3_
+    return ((start + (count << PAGE_SHIFT)) >> L3_PAGETABLE_SHIFT) & 0x3;
+#else
+    return 0;
+#endif
+}
+
+int
+setup_mapping(int xc_handle, u32 dom, unsigned long toptab, unsigned long  
*mem_page_array, unsigned long *page_table_array, unsigned long v_start, 
unsigned long v_end)
+{
+    l1_pgentry_t *vl1tab=NULL, *vl1e=NULL;
+    l2_pgentry_t *vl2tab[4], *vl2e=NULL, *vl2_table = NULL;
+    unsigned long l1tab;
+    unsigned long ppt_alloc = 0;
+    unsigned long count;
+    int i = 0;
+#if _LEVEL_3_
+    l3_pgentry_t *vl3tab = NULL;
+    unsigned long l2tab;
+    if ( (vl3tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE, 
+                                        PROT_READ|PROT_WRITE, 
+                                        toptab >> PAGE_SHIFT)) == NULL )
+        goto error_out;
+    for (i = 0; i < 4 ; i++) {
+        l2tab = vl3tab[i] & PAGE_MASK;
+        vl2tab[i] = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
+          PROT_READ|PROT_WRITE,
+          l2tab >> PAGE_SHIFT);
+        if(vl2tab[i] == NULL)
+            goto error_out;
+    }
+    munmap(vl3tab, PAGE_SIZE);
+    vl3tab = NULL;
+#else
+    if ( (vl2tab[0] = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE, 
+                                           PROT_READ|PROT_WRITE, 
+                                           toptab >> PAGE_SHIFT)) == NULL )
+        goto error_out;
+#endif
+
+    for ( count = 0; count < ((v_end-v_start)>>PAGE_SHIFT); count++ )
+    {
+        if ( ((unsigned long)vl1e & (PAGE_SIZE-1)) == 0 )
+        {
+            vl2_table = vl2tab[get_vl2_table(count, v_start)];
+            vl2e = &vl2_table[l2_table_offset(
+                v_start + (count << PAGE_SHIFT))];
+
+            l1tab = page_table_array[ppt_alloc++] << PAGE_SHIFT;
+            if ( vl1tab != NULL )
+                munmap(vl1tab, PAGE_SIZE);
+
+            if ( (vl1tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
+                                                PROT_READ|PROT_WRITE,
+                                                l1tab >> PAGE_SHIFT)) == NULL )
+            {
+                goto error_out;
+            }
+            memset(vl1tab, 0, PAGE_SIZE);
+            vl1e = &vl1tab[l1_table_offset(v_start + (count<<PAGE_SHIFT))];
+            *vl2e = l1tab | L2_PROT;
+        }
+
+        *vl1e = (mem_page_array[count] << PAGE_SHIFT) | L1_PROT;
+        vl1e++;
+    }
+error_out:
+    if(vl1tab)  munmap(vl1tab, PAGE_SIZE);
+    for(i = 0; i < 4; i++)
+        if(vl2tab[i]) munmap(vl2tab[i], PAGE_SIZE);
+    return ppt_alloc;
+}
+
+void
+unsetup_mapping(int xc_handle, u32 dom, unsigned long toptab, unsigned long 
v_start, unsigned long v_end)
+{
+    l1_pgentry_t *vl1tab=NULL, *vl1e=NULL;
+    l2_pgentry_t *vl2tab[4], *vl2e=NULL, *vl2_table = NULL;
+    unsigned long l1tab;
+    unsigned long count;
+    int i = 0;
+#if _LEVEL_3_
+    l3_pgentry_t *vl3tab = NULL;
+    unsigned long l2tab;
+    if ( (vl3tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE, 
+                                        PROT_READ|PROT_WRITE, 
+                                        toptab >> PAGE_SHIFT)) == NULL )
+        goto error_out;
+    for (i = 0; i < 4 ; i ++){
+        l2tab = vl3tab[i] & PAGE_MASK;
+        vl2tab[i] = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
+          PROT_READ|PROT_WRITE,
+          l2tab >> PAGE_SHIFT);
+        if(vl2tab[i] == NULL)
+            goto error_out;
+    }
+    munmap(vl3tab, PAGE_SIZE);
+    vl3tab = NULL;
+#else
+    if ( (vl2tab[0] = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE, 
+                                        PROT_READ|PROT_WRITE, 
+                                        toptab >> PAGE_SHIFT)) == NULL )
+        goto error_out;
+#endif
+
+    for ( count = 0; count < ((v_end-v_start)>>PAGE_SHIFT); count++ ){
+        if ( ((unsigned long)vl1e & (PAGE_SIZE-1)) == 0 )
+        {
+            vl2_table = vl2tab[get_vl2_table(count, v_start)];
+            vl2e = &vl2_table[l2_table_offset(v_start + (count << 
PAGE_SHIFT))];
+            l1tab = *vl2e & PAGE_MASK;
+
+            if(l1tab == 0)
+                continue;
+            if ( vl1tab != NULL )
+                munmap(vl1tab, PAGE_SIZE);
+
+            if ( (vl1tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
+                      PROT_READ|PROT_WRITE,
+                      l1tab >> PAGE_SHIFT)) == NULL )
+            {
+                goto error_out;
+            }
+            vl1e = &vl1tab[l1_table_offset(v_start + (count<<PAGE_SHIFT))];
+            *vl2e = 0;
+        }
+
+        *vl1e = 0;
+        vl1e++;
+    }
+error_out:
+    if(vl1tab)  munmap(vl1tab, PAGE_SIZE);
+    for(i = 0; i < 4; i++)
+        if(vl2tab[i]) munmap(vl2tab[i], PAGE_SIZE);
+}
+
+void set_vram_mapping(unsigned long addr, unsigned long end)
+{
+    end = addr + VGA_RAM_SIZE;
+    setup_mapping(xc_handle, domid, toptab,
+      vgapage_array, freepage_array, addr, end);
+}
+
+void unset_vram_mapping(unsigned long addr, unsigned long end)
+{
+    end = addr + VGA_RAM_SIZE;
+    /* FIXME Flush the shadow page */
+    unsetup_mapping(xc_handle, domid, toptab, addr, end);
+}
 
 int main(int argc, char **argv)
 {
@@ -2366,8 +2547,9 @@
     char serial_devices[MAX_SERIAL_PORTS][128];
     int serial_device_index;
     const char *loadvm = NULL;
-    unsigned long nr_pages, *page_array;
+    unsigned long nr_pages, extra_pages, ram_pages, *page_array;
     extern void *shared_page;
+    extern void *shared_vram;
     /* change the qemu-dm to daemon, just like bochs dm */
 //    daemon(0, 0);
     
@@ -2674,6 +2856,17 @@
             case QEMU_OPTION_cirrusvga:
                 cirrus_vga_enabled = 1;
                 break;
+            case QEMU_OPTION_vgaacc:
+                {
+                    const char *p;
+                    p = optarg;
+                    vga_accelerate = strtol(p, (char **)&p, 0);
+                    if (*p != '\0') {
+                        fprintf(stderr, "qemu: invalid vgaacc option\n");
+                        exit(1);
+                    }
+                    break;
+                }
             case QEMU_OPTION_std_vga:
                 cirrus_vga_enabled = 0;
                 break;
@@ -2803,12 +2996,25 @@
     /* init the memory */
     phys_ram_size = ram_size + vga_ram_size + bios_size;
 
-    #define PAGE_SHIFT 12
-    #define PAGE_SIZE  (1 << PAGE_SHIFT)
-
-    nr_pages = ram_size/PAGE_SIZE;
+    ram_pages = ram_size/PAGE_SIZE;
+    vgaram_pages =  (vga_ram_size -1)/PAGE_SIZE + 1;
+    free_pages = vgaram_pages / L1_PAGETABLE_ENTRIES;
+    extra_pages = vgaram_pages + free_pages;
+
     xc_handle = xc_interface_open();
-    
+
+    xc_dominfo_t info;
+    xc_domain_getinfo(xc_handle, domid, 1, &info);
+
+    nr_pages = info.nr_pages + extra_pages;
+
+    if ( xc_domain_setmaxmem(xc_handle, domid,
+            (nr_pages) * PAGE_SIZE/1024 ) != 0)
+    {
+        perror("set maxmem");
+        exit(-1);
+    }
+   
     if ( (page_array = (unsigned long *)
          malloc(nr_pages * sizeof(unsigned long))) == NULL)
     {
@@ -2816,6 +3022,12 @@
            exit(-1);
     }
 
+    if (xc_domain_memory_increase_reservation(xc_handle, domid, 
+          extra_pages , 0, 0, NULL) != 0) {
+        perror("increase reservation");
+        exit(-1);
+    }
+
     if ( xc_get_pfn_list(xc_handle, domid, page_array, nr_pages) != nr_pages )
     {
            perror("xc_get_pfn_list");
@@ -2825,15 +3037,36 @@
     if ((phys_ram_base =  xc_map_foreign_batch(xc_handle, domid,
                                                 PROT_READ|PROT_WRITE,
                                                 page_array,
-                                                nr_pages - 1)) == 0) {
+                                                ram_pages - 1)) == 0) {
            perror("xc_map_foreign_batch");
            exit(-1);
     }
 
     shared_page = xc_map_foreign_range(xc_handle, domid, PAGE_SIZE,
                                       PROT_READ|PROT_WRITE,
-                                      page_array[nr_pages - 1]);
-
+                                      page_array[ram_pages - 1]);
+
+    vgapage_array = &page_array[nr_pages - vgaram_pages];
+
+    if ((shared_vram =  xc_map_foreign_batch(xc_handle, domid,
+                                                PROT_READ|PROT_WRITE,
+                                                vgapage_array,
+                                                vgaram_pages)) == 0) {
+           perror("xc_map_foreign_batch vgaram ");
+           exit(-1);
+     }
+
+
+
+    memset(shared_vram, 0, vgaram_pages * PAGE_SIZE);
+    toptab = page_array[ram_pages] << PAGE_SHIFT;
+
+    vtop_table = xc_map_foreign_range(xc_handle, domid, PAGE_SIZE,
+                                      PROT_READ|PROT_WRITE,
+                                      page_array[ram_pages]);
+
+    freepage_array = &page_array[nr_pages - extra_pages];
+ 
 
     fprintf(logfile, "shared page at pfn:%lx, mfn: %lx\n", (nr_pages-1), 
            (page_array[nr_pages - 1]));
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/libxc/xc_vmx_build.c
--- a/tools/libxc/xc_vmx_build.c        Fri Sep 23 21:41:28 2005
+++ b/tools/libxc/xc_vmx_build.c        Mon Sep 26 17:07:49 2005
@@ -10,7 +10,8 @@
 #include <unistd.h>
 #include <zlib.h>
 #include <xen/io/ioreq.h>
-#include "linux_boot_params.h"
+
+#define VMX_LOADER_ENTR_ADDR  0x00100000
 
 #define L1_PROT (_PAGE_PRESENT|_PAGE_RW|_PAGE_ACCESSED|_PAGE_USER)
 #define L2_PROT (_PAGE_PRESENT|_PAGE_RW|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_USER)
@@ -18,12 +19,28 @@
 #define L3_PROT (_PAGE_PRESENT)
 #endif
 
+#define E820MAX        128
+
+#define E820_RAM          1
+#define E820_RESERVED     2
+#define E820_ACPI         3
+#define E820_NVS          4
+#define E820_IO          16
+#define E820_SHARED_PAGE 17
+#define E820_XENSTORE    18
+
+#define E820_MAP_PAGE        0x00090000
+#define E820_MAP_NR_OFFSET   0x000001E8
+#define E820_MAP_OFFSET      0x000002D0
+
+struct e820entry {
+    u64 addr;
+    u64 size;
+    u32 type;
+} __attribute__((packed));
+
 #define round_pgup(_p)    (((_p)+(PAGE_SIZE-1))&PAGE_MASK)
 #define round_pgdown(_p)  ((_p)&PAGE_MASK)
-
-#define LINUX_BOOT_PARAMS_ADDR   0x00090000
-#define LINUX_KERNEL_ENTR_ADDR   0x00100000
-#define LINUX_PAGE_OFFSET        0xC0000000
 
 static int
 parseelfimage(
@@ -33,78 +50,70 @@
     char *elfbase, int xch, u32 dom, unsigned long *parray,
     struct domain_setup_info *dsi);
 
-static void build_e820map(struct mem_map *mem_mapp, unsigned long mem_size)
-{
-    int nr_map = 0;
+static unsigned char build_e820map(void *e820_page, unsigned long mem_size)
+{
+    struct e820entry *e820entry =
+        (struct e820entry *)(((unsigned char *)e820_page) + E820_MAP_OFFSET);
+    unsigned char nr_map = 0;
 
     /* XXX: Doesn't work for > 4GB yet */
-    mem_mapp->map[nr_map].addr = 0x0;
-    mem_mapp->map[nr_map].size = 0x9F800;
-    mem_mapp->map[nr_map].type = E820_RAM;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_WB;
-    nr_map++;
-
-    mem_mapp->map[nr_map].addr = 0x9F800;
-    mem_mapp->map[nr_map].size = 0x800;
-    mem_mapp->map[nr_map].type = E820_RESERVED;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_UC;
-    nr_map++;
-
-    mem_mapp->map[nr_map].addr = 0xA0000;
-    mem_mapp->map[nr_map].size = 0x20000;
-    mem_mapp->map[nr_map].type = E820_IO;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_UC;
-    nr_map++;
-
-    mem_mapp->map[nr_map].addr = 0xF0000;
-    mem_mapp->map[nr_map].size = 0x10000;
-    mem_mapp->map[nr_map].type = E820_RESERVED;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_UC;
+    e820entry[nr_map].addr = 0x0;
+    e820entry[nr_map].size = 0x9F800;
+    e820entry[nr_map].type = E820_RAM;
+    nr_map++;
+
+    e820entry[nr_map].addr = 0x9F800;
+    e820entry[nr_map].size = 0x800;
+    e820entry[nr_map].type = E820_RESERVED;
+    nr_map++;
+
+    e820entry[nr_map].addr = 0xA0000;
+    e820entry[nr_map].size = 0x20000;
+    e820entry[nr_map].type = E820_IO;
+    nr_map++;
+
+    e820entry[nr_map].addr = 0xF0000;
+    e820entry[nr_map].size = 0x10000;
+    e820entry[nr_map].type = E820_RESERVED;
     nr_map++;
 
 #define STATIC_PAGES    2       /* for ioreq_t and store_mfn */
     /* Most of the ram goes here */
-    mem_mapp->map[nr_map].addr = 0x100000;
-    mem_mapp->map[nr_map].size = mem_size - 0x100000 - STATIC_PAGES*PAGE_SIZE;
-    mem_mapp->map[nr_map].type = E820_RAM;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_WB;
+    e820entry[nr_map].addr = 0x100000;
+    e820entry[nr_map].size = mem_size - 0x100000 - STATIC_PAGES*PAGE_SIZE;
+    e820entry[nr_map].type = E820_RAM;
     nr_map++;
 
     /* Statically allocated special pages */
 
     /* Shared ioreq_t page */
-    mem_mapp->map[nr_map].addr = mem_size - PAGE_SIZE;
-    mem_mapp->map[nr_map].size = PAGE_SIZE;
-    mem_mapp->map[nr_map].type = E820_SHARED;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_WB;
+    e820entry[nr_map].addr = mem_size - PAGE_SIZE;
+    e820entry[nr_map].size = PAGE_SIZE;
+    e820entry[nr_map].type = E820_SHARED_PAGE;
     nr_map++;
 
     /* For xenstore */
-    mem_mapp->map[nr_map].addr = mem_size - 2*PAGE_SIZE;
-    mem_mapp->map[nr_map].size = PAGE_SIZE;
-    mem_mapp->map[nr_map].type = E820_XENSTORE;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_WB;
-    nr_map++;
-
-    mem_mapp->map[nr_map].addr = mem_size;
-    mem_mapp->map[nr_map].size = 0x3 * PAGE_SIZE;
-    mem_mapp->map[nr_map].type = E820_NVS;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_UC;
-    nr_map++;
-
-    mem_mapp->map[nr_map].addr = mem_size + 0x3 * PAGE_SIZE;
-    mem_mapp->map[nr_map].size = 0xA * PAGE_SIZE;
-    mem_mapp->map[nr_map].type = E820_ACPI;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_WB;
-    nr_map++;
-
-    mem_mapp->map[nr_map].addr = 0xFEC00000;
-    mem_mapp->map[nr_map].size = 0x1400000;
-    mem_mapp->map[nr_map].type = E820_IO;
-    mem_mapp->map[nr_map].caching_attr = MEMMAP_UC;
-    nr_map++;
-
-    mem_mapp->nr_map = nr_map;
+    e820entry[nr_map].addr = mem_size - 2*PAGE_SIZE;
+    e820entry[nr_map].size = PAGE_SIZE;
+    e820entry[nr_map].type = E820_XENSTORE;
+    nr_map++;
+
+    e820entry[nr_map].addr = mem_size;
+    e820entry[nr_map].size = 0x3 * PAGE_SIZE;
+    e820entry[nr_map].type = E820_NVS;
+    nr_map++;
+
+    e820entry[nr_map].addr = mem_size + 0x3 * PAGE_SIZE;
+    e820entry[nr_map].size = 0xA * PAGE_SIZE;
+    e820entry[nr_map].type = E820_ACPI;
+    nr_map++;
+
+    e820entry[nr_map].addr = 0xFEC00000;
+    e820entry[nr_map].size = 0x1400000;
+    e820entry[nr_map].type = E820_IO;
+    nr_map++;
+
+    return (*(((unsigned char *)e820_page) + E820_MAP_NR_OFFSET) = nr_map);
 }
 
 /*
@@ -112,19 +121,19 @@
  * vmxloader will use it to config ACPI MADT table
  */
 #define VCPU_MAGIC 0x76637075 /* "vcpu" */
-static int 
-set_nr_vcpus(int xc_handle, u32 dom, unsigned long *pfn_list, 
+static int
+set_nr_vcpus(int xc_handle, u32 dom, unsigned long *pfn_list,
              struct domain_setup_info *dsi, unsigned long vcpus)
 {
     char          *va_map;
     unsigned long *va_vcpus;
-    
+
     va_map = xc_map_foreign_range(
         xc_handle, dom, PAGE_SIZE, PROT_READ|PROT_WRITE,
-        pfn_list[(0x9F000 - dsi->v_start) >> PAGE_SHIFT]);    
+        pfn_list[(0x9F000 - dsi->v_start) >> PAGE_SHIFT]);
     if ( va_map == NULL )
         return -1;
-    
+
     va_vcpus = (unsigned long *)(va_map + 0x800);
     *va_vcpus++ = VCPU_MAGIC;
     *va_vcpus++ = vcpus;
@@ -164,24 +173,23 @@
     return 0;
 }
 
-static int zap_mmio_ranges(int xc_handle, u32 dom,
-                           unsigned long l2tab,
-                           struct mem_map *mem_mapp)
-{
-    int i;
+static int zap_mmio_ranges(int xc_handle, u32 dom, unsigned long l2tab,
+                           unsigned char e820_map_nr, unsigned char *e820map)
+{
+    unsigned int i;
+    struct e820entry *e820entry = (struct e820entry *)e820map;
+
     l2_pgentry_32_t *vl2tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
                                                    PROT_READ|PROT_WRITE,
                                                    l2tab >> PAGE_SHIFT);
     if ( vl2tab == 0 )
         return -1;
 
-    for ( i = 0; i < mem_mapp->nr_map; i++ )
-    {
-        if ( (mem_mapp->map[i].type == E820_IO) &&
-             (mem_mapp->map[i].caching_attr == MEMMAP_UC) &&
+    for ( i = 0; i < e820_map_nr; i++ )
+    {
+        if ( (e820entry[i].type == E820_IO) &&
              (zap_mmio_range(xc_handle, dom, vl2tab,
-                             mem_mapp->map[i].addr,
-                             mem_mapp->map[i].size) == -1) )
+                             e820entry[i].addr, e820entry[i].size) == -1))
             return -1;
     }
 
@@ -200,7 +208,7 @@
     unsigned long vl3e;
     l1_pgentry_t *vl1tab;
     l2_pgentry_t *vl2tab;
- 
+
     mmio_addr = mmio_range_start & PAGE_MASK;
     for ( ; mmio_addr < mmio_range_end; mmio_addr += PAGE_SIZE )
     {
@@ -239,22 +247,22 @@
     return 0;
 }
 
-static int zap_mmio_ranges(int xc_handle, u32 dom,
-                           unsigned long l3tab,
-                           struct mem_map *mem_mapp)
-{
-    int i;
+static int zap_mmio_ranges(int xc_handle, u32 dom, unsigned long l3tab,
+                           unsigned char e820_map_nr, unsigned char *e820map)
+{
+    unsigned int i;
+    struct e820entry *e820entry = (struct e820entry *)e820map;
+
     l3_pgentry_t *vl3tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
                                                 PROT_READ|PROT_WRITE,
                                                 l3tab >> PAGE_SHIFT);
     if (vl3tab == 0)
         return -1;
-    for (i = 0; i < mem_mapp->nr_map; i++) {
-        if ((mem_mapp->map[i].type == E820_IO)
-            && (mem_mapp->map[i].caching_attr == MEMMAP_UC))
-            if (zap_mmio_range(xc_handle, dom, vl3tab,
-                               mem_mapp->map[i].addr, mem_mapp->map[i].size) 
== -1)
-                return -1;
+    for ( i = 0; i < e820_map_nr; i++ ) {
+        if ( (e820entry[i].type == E820_IO) &&
+             (zap_mmio_range(xc_handle, dom, vl3tab,
+                             e820entry[i].addr, e820entry[i].size) == -1) )
+            return -1;
     }
     munmap(vl3tab, PAGE_SIZE);
     return 0;
@@ -265,18 +273,14 @@
 static int setup_guest(int xc_handle,
                        u32 dom, int memsize,
                        char *image, unsigned long image_size,
-                       gzFile initrd_gfd, unsigned long initrd_len,
                        unsigned long nr_pages,
                        vcpu_guest_context_t *ctxt,
-                       const char *cmdline,
                        unsigned long shared_info_frame,
                        unsigned int control_evtchn,
                        unsigned long flags,
                        unsigned int vcpus,
                        unsigned int store_evtchn,
-                       unsigned long *store_mfn,
-                       struct mem_map *mem_mapp
-    )
+                       unsigned long *store_mfn)
 {
     l1_pgentry_t *vl1tab=NULL, *vl1e=NULL;
     l2_pgentry_t *vl2tab=NULL, *vl2e=NULL;
@@ -289,8 +293,8 @@
     unsigned long l1tab;
     unsigned long count, i;
     shared_info_t *shared_info;
-    struct linux_boot_params * boot_paramsp;
-    __u16 * boot_gdtp;
+    void *e820_page;
+    unsigned char e820_map_nr;
     xc_mmu_t *mmu = NULL;
     int rc;
 
@@ -298,12 +302,6 @@
     unsigned long ppt_alloc;
 
     struct domain_setup_info dsi;
-    unsigned long vinitrd_start;
-    unsigned long vinitrd_end;
-    unsigned long vboot_params_start;
-    unsigned long vboot_params_end;
-    unsigned long vboot_gdt_start;
-    unsigned long vboot_gdt_end;
     unsigned long vpt_start;
     unsigned long vpt_end;
     unsigned long v_end;
@@ -322,27 +320,8 @@
         goto error_out;
     }
 
-    /*
-     * Why do we need this? The number of page-table frames depends on the 
-     * size of the bootstrap address space. But the size of the address space 
-     * depends on the number of page-table frames (since each one is mapped 
-     * read-only). We have a pair of simultaneous equations in two unknowns, 
-     * which we solve by exhaustive search.
-     */
-    vboot_params_start = LINUX_BOOT_PARAMS_ADDR;
-    vboot_params_end   = vboot_params_start + PAGE_SIZE;
-    vboot_gdt_start    = vboot_params_end;
-    vboot_gdt_end      = vboot_gdt_start + PAGE_SIZE;
-
     /* memsize is in megabytes */
     v_end              = memsize << 20;
-    /* leaving the top 4k untouched for IO requests page use */
-    vinitrd_end        = v_end - PAGE_SIZE;
-    vinitrd_start      = vinitrd_end - initrd_len;
-    vinitrd_start      = vinitrd_start & (~(PAGE_SIZE - 1));
-
-    if(initrd_len == 0)
-        vinitrd_start = vinitrd_end = 0;
 
 #ifdef __i386__
     nr_pt_pages = 1 + ((memsize + 3) >> 2);
@@ -353,24 +332,17 @@
     vpt_end     = vpt_start + (nr_pt_pages * PAGE_SIZE);
 
     printf("VIRTUAL MEMORY ARRANGEMENT:\n"
-           " Boot_params:   %08lx->%08lx\n"
-           " boot_gdt:      %08lx->%08lx\n"
-           " Loaded kernel: %08lx->%08lx\n"
-           " Init. ramdisk: %08lx->%08lx\n"
+           " Loaded VMX loader: %08lx->%08lx\n"
            " Page tables:   %08lx->%08lx\n"
            " TOTAL:         %08lx->%08lx\n",
-           vboot_params_start, vboot_params_end,
-           vboot_gdt_start, vboot_gdt_end,
-           dsi.v_kernstart, dsi.v_kernend, 
-           vinitrd_start, vinitrd_end,
+           dsi.v_kernstart, dsi.v_kernend,
            vpt_start, vpt_end,
            dsi.v_start, v_end);
     printf(" ENTRY ADDRESS: %08lx\n", dsi.v_kernentry);
-    printf(" INITRD LENGTH: %08lx\n", initrd_len);
 
     if ( (v_end - dsi.v_start) > (nr_pages * PAGE_SIZE) )
     {
-        printf("Initial guest OS requires too much space\n"
+        ERROR("Initial guest OS requires too much space\n"
                "(%luMB is greater than %luMB limit)\n",
                (v_end-dsi.v_start)>>20, (nr_pages<<PAGE_SHIFT)>>20);
         goto error_out;
@@ -389,23 +361,6 @@
     }
 
     loadelfimage(image, xc_handle, dom, page_array, &dsi);
-
-    /* Load the initial ramdisk image. */
-    if ( initrd_len != 0 )
-    {
-        for ( i = (vinitrd_start - dsi.v_start); 
-              i < (vinitrd_end - dsi.v_start); i += PAGE_SIZE )
-        {
-            char page[PAGE_SIZE];
-            if ( gzread(initrd_gfd, page, PAGE_SIZE) == -1 )
-            {
-                PERROR("Error reading initrd image, could not");
-                goto error_out;
-            }
-            xc_copy_to_domain_page(xc_handle, dom,
-                                   page_array[i>>PAGE_SHIFT], page);
-        }
-    }
 
     if ( (mmu = xc_init_mmu_updates(xc_handle, dom)) == NULL )
         goto error_out;
@@ -428,15 +383,14 @@
     l2tab = page_array[ppt_alloc++] << PAGE_SHIFT;
     ctxt->ctrlreg[3] = l2tab;
 
-    /* Initialise the page tables. */
-    if ( (vl2tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE, 
-                                        PROT_READ|PROT_WRITE, 
+    if ( (vl2tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
+                                        PROT_READ|PROT_WRITE,
                                         l2tab >> PAGE_SHIFT)) == NULL )
         goto error_out;
     memset(vl2tab, 0, PAGE_SIZE);
     vl2e = &vl2tab[l2_table_offset(dsi.v_start)];
     for ( count = 0; count < ((v_end-dsi.v_start)>>PAGE_SHIFT); count++ )
-    {    
+    {
         if ( ((unsigned long)vl1e & (PAGE_SIZE-1)) == 0 )
         {
             l1tab = page_array[ppt_alloc++] << PAGE_SHIFT;
@@ -460,23 +414,35 @@
     munmap(vl1tab, PAGE_SIZE);
     munmap(vl2tab, PAGE_SIZE);
 #else
-    /* here l3tab means pdpt, only 4 entry is used */
     l3tab = page_array[ppt_alloc++] << PAGE_SHIFT;
     ctxt->ctrlreg[3] = l3tab;
 
-    /* Initialise the page tables. */
-    if ( (vl3tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE, 
-                                        PROT_READ|PROT_WRITE, 
+    if ( (vl3tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
+                                        PROT_READ|PROT_WRITE,
                                         l3tab >> PAGE_SHIFT)) == NULL )
         goto error_out;
     memset(vl3tab, 0, PAGE_SIZE);
 
+    /* Fill in every PDPT entry. */
+    for ( i = 0; i < L3_PAGETABLE_ENTRIES_PAE; i++ )
+    {
+        l2tab = page_array[ppt_alloc++] << PAGE_SHIFT;
+        if ( (vl2tab = xc_map_foreign_range(xc_handle, dom, PAGE_SIZE,
+                                            PROT_READ|PROT_WRITE,
+                                            l2tab >> PAGE_SHIFT)) == NULL )
+            goto error_out;
+        memset(vl2tab, 0, PAGE_SIZE);
+        munmap(vl2tab, PAGE_SIZE);
+        vl3tab[i] = l2tab | L3_PROT;
+    }
+
     vl3e = &vl3tab[l3_table_offset(dsi.v_start)];
 
     for ( count = 0; count < ((v_end-dsi.v_start)>>PAGE_SHIFT); count++ )
     {
-        if (!(count % (1 << (L3_PAGETABLE_SHIFT - L1_PAGETABLE_SHIFT)))){
-            l2tab = page_array[ppt_alloc++] << PAGE_SHIFT;
+        if (!(count & (1 << (L3_PAGETABLE_SHIFT - L1_PAGETABLE_SHIFT)))){
+            l2tab = vl3tab[count >> (L3_PAGETABLE_SHIFT - L1_PAGETABLE_SHIFT)]
+                & PAGE_MASK;
 
             if (vl2tab != NULL)
                 munmap(vl2tab, PAGE_SIZE);
@@ -486,8 +452,6 @@
                                                 l2tab >> PAGE_SHIFT)) == NULL )
                 goto error_out;
 
-            memset(vl2tab, 0, PAGE_SIZE);
-            *vl3e++ = l2tab | L3_PROT;
             vl2e = &vl2tab[l2_table_offset(dsi.v_start + (count << 
PAGE_SHIFT))];
         }
         if ( ((unsigned long)vl1e & (PAGE_SIZE-1)) == 0 )
@@ -519,103 +483,31 @@
     for ( count = 0; count < nr_pages; count++ )
     {
         if ( xc_add_mmu_update(xc_handle, mmu,
-                               (page_array[count] << PAGE_SHIFT) | 
+                               (page_array[count] << PAGE_SHIFT) |
                                MMU_MACHPHYS_UPDATE, count) )
             goto error_out;
     }
 
     set_nr_vcpus(xc_handle, dom, page_array, &dsi, vcpus);
 
-    if ((boot_paramsp = xc_map_foreign_range(
+    *store_mfn = page_array[(v_end-2) >> PAGE_SHIFT];
+    shared_page_frame = (v_end - PAGE_SIZE) >> PAGE_SHIFT;
+
+    if ((e820_page = xc_map_foreign_range(
         xc_handle, dom, PAGE_SIZE, PROT_READ|PROT_WRITE,
-        page_array[(vboot_params_start-dsi.v_start)>>PAGE_SHIFT])) == 0)
-        goto error_out;
-
-    memset(boot_paramsp, 0, sizeof(*boot_paramsp));
-
-    strncpy((char *)boot_paramsp->cmd_line, cmdline, 0x800);
-    boot_paramsp->cmd_line[0x800-1] = '\0';
-    boot_paramsp->cmd_line_ptr = ((unsigned long) vboot_params_start) + 
offsetof(struct linux_boot_params, cmd_line);
-
-    boot_paramsp->setup_sects = 0;
-    boot_paramsp->mount_root_rdonly = 1;
-    boot_paramsp->swapdev = 0x0; 
-    boot_paramsp->ramdisk_flags = 0x0; 
-    boot_paramsp->root_dev = 0x0; /* We must tell kernel root dev by kernel 
command line. */
-
-    /* we don't have a ps/2 mouse now.
-     * 0xAA means a aux mouse is there.
-     * See detect_auxiliary_port() in pc_keyb.c.
-     */
-    boot_paramsp->aux_device_info = 0x0; 
-
-    boot_paramsp->header_magic[0] = 0x48; /* "H" */
-    boot_paramsp->header_magic[1] = 0x64; /* "d" */
-    boot_paramsp->header_magic[2] = 0x72; /* "r" */
-    boot_paramsp->header_magic[3] = 0x53; /* "S" */
-
-    boot_paramsp->protocol_version = 0x0203; /* 2.03 */
-    boot_paramsp->loader_type = 0x71; /* GRUB */
-    boot_paramsp->loader_flags = 0x1; /* loaded high */
-    boot_paramsp->code32_start = LINUX_KERNEL_ENTR_ADDR; /* 1MB */
-    boot_paramsp->initrd_start = vinitrd_start;
-    boot_paramsp->initrd_size = initrd_len;
-
-    i = ((memsize - 1) << 10) - 4;
-    boot_paramsp->alt_mem_k = i; /* alt_mem_k */
-    boot_paramsp->screen.overlap.ext_mem_k = i & 0xFFFF; /* ext_mem_k */
-
-    /*
-     * Stuff SCREAN_INFO
-     */
-    boot_paramsp->screen.info.orig_x = 0;
-    boot_paramsp->screen.info.orig_y = 0;
-    boot_paramsp->screen.info.orig_video_page = 8;
-    boot_paramsp->screen.info.orig_video_mode = 3;
-    boot_paramsp->screen.info.orig_video_cols = 80;
-    boot_paramsp->screen.info.orig_video_ega_bx = 0;
-    boot_paramsp->screen.info.orig_video_lines = 25;
-    boot_paramsp->screen.info.orig_video_isVGA = 1;
-    boot_paramsp->screen.info.orig_video_points = 0x0010;
-
-    /* seems we may NOT stuff boot_paramsp->apm_bios_info */
-    /* seems we may NOT stuff boot_paramsp->drive_info */
-    /* seems we may NOT stuff boot_paramsp->sys_desc_table */
-    *((unsigned short *) &boot_paramsp->drive_info.dummy[0]) = 800;
-    boot_paramsp->drive_info.dummy[2] = 4;
-    boot_paramsp->drive_info.dummy[14] = 32;
-
-    /* memsize is in megabytes */
-    /* If you need to create a special e820map, comment this line
-       and use mem-map.sxp */
-    build_e820map(mem_mapp, memsize << 20);
-    *store_mfn = page_array[(v_end-2) >> PAGE_SHIFT];
+        page_array[E820_MAP_PAGE >> PAGE_SHIFT])) == 0)
+        goto error_out;
+    memset(e820_page, 0, PAGE_SIZE);
+    e820_map_nr = build_e820map(e820_page, v_end);
 #if defined (__i386__)
-    if (zap_mmio_ranges(xc_handle, dom, l2tab, mem_mapp) == -1)
+    if (zap_mmio_ranges(xc_handle, dom, l2tab, e820_map_nr,
+                        ((unsigned char *)e820_page) + E820_MAP_OFFSET) == -1)
 #else
-        if (zap_mmio_ranges(xc_handle, dom, l3tab, mem_mapp) == -1)
+    if (zap_mmio_ranges(xc_handle, dom, l3tab, e820_map_nr,
+                        ((unsigned char *)e820_page) + E820_MAP_OFFSET) == -1)
 #endif
-            goto error_out;
-    boot_paramsp->e820_map_nr = mem_mapp->nr_map;
-    for (i=0; i<mem_mapp->nr_map; i++) {
-        boot_paramsp->e820_map[i].addr = mem_mapp->map[i].addr; 
-        boot_paramsp->e820_map[i].size = mem_mapp->map[i].size; 
-        boot_paramsp->e820_map[i].type = mem_mapp->map[i].type; 
-        if (mem_mapp->map[i].type == E820_SHARED)
-            shared_page_frame = (mem_mapp->map[i].addr >> PAGE_SHIFT);
-    }
-    munmap(boot_paramsp, PAGE_SIZE); 
-
-    if ((boot_gdtp = xc_map_foreign_range(
-        xc_handle, dom, PAGE_SIZE, PROT_READ|PROT_WRITE,
-        page_array[(vboot_gdt_start-dsi.v_start)>>PAGE_SHIFT])) == 0)
-        goto error_out;
-    memset(boot_gdtp, 0, PAGE_SIZE);
-    boot_gdtp[12*4 + 0] = boot_gdtp[13*4 + 0] = 0xffff; /* limit */
-    boot_gdtp[12*4 + 1] = boot_gdtp[13*4 + 1] = 0x0000; /* base */
-    boot_gdtp[12*4 + 2] = 0x9a00; boot_gdtp[13*4 + 2] = 0x9200; /* perms */
-    boot_gdtp[12*4 + 3] = boot_gdtp[13*4 + 3] = 0x00cf; /* granu + top of 
limit */
-    munmap(boot_gdtp, PAGE_SIZE);
+        goto error_out;
+    munmap(e820_page, PAGE_SIZE);
 
     /* shared_info page starts its life empty. */
     if ((shared_info = xc_map_foreign_range(
@@ -651,20 +543,21 @@
     /*
      * Initial register values:
      */
-    ctxt->user_regs.ds = 0x68;
-    ctxt->user_regs.es = 0x0;
-    ctxt->user_regs.fs = 0x0;
-    ctxt->user_regs.gs = 0x0;
-    ctxt->user_regs.ss = 0x68;
-    ctxt->user_regs.cs = 0x60;
+    ctxt->user_regs.ds = 0;
+    ctxt->user_regs.es = 0;
+    ctxt->user_regs.fs = 0;
+    ctxt->user_regs.gs = 0;
+    ctxt->user_regs.ss = 0;
+    ctxt->user_regs.cs = 0;
     ctxt->user_regs.eip = dsi.v_kernentry;
-    ctxt->user_regs.edx = vboot_gdt_start;
-    ctxt->user_regs.eax = 0x800;
-    ctxt->user_regs.esp = vboot_gdt_end;
+    ctxt->user_regs.edx = 0;
+    ctxt->user_regs.eax = 0;
+    ctxt->user_regs.esp = 0;
     ctxt->user_regs.ebx = 0; /* startup_32 expects this to be 0 to signal boot 
cpu */
-    ctxt->user_regs.ecx = mem_mapp->nr_map;
-    ctxt->user_regs.esi = vboot_params_start;
-    ctxt->user_regs.edi = vboot_params_start + 0x2d0;
+    ctxt->user_regs.ecx = 0;
+    ctxt->user_regs.esi = 0;
+    ctxt->user_regs.edi = 0;
+    ctxt->user_regs.ebp = 0;
 
     ctxt->user_regs.eflags = 0;
 
@@ -684,9 +577,9 @@
     int eax, ecx;
 
 #ifdef __i386__
-    __asm__ __volatile__ ("pushl %%ebx; cpuid; popl %%ebx" 
-                          : "=a" (eax), "=c" (ecx) 
-                          : "0" (1) 
+    __asm__ __volatile__ ("pushl %%ebx; cpuid; popl %%ebx"
+                          : "=a" (eax), "=c" (ecx)
+                          : "0" (1)
                           : "dx");
 #elif defined __x86_64__
     __asm__ __volatile__ ("pushq %%rbx; cpuid; popq %%rbx"
@@ -705,9 +598,6 @@
                  u32 domid,
                  int memsize,
                  const char *image_name,
-                 struct mem_map *mem_mapp,
-                 const char *ramdisk_name,
-                 const char *cmdline,
                  unsigned int control_evtchn,
                  unsigned long flags,
                  unsigned int vcpus,
@@ -715,20 +605,18 @@
                  unsigned long *store_mfn)
 {
     dom0_op_t launch_op, op;
-    int initrd_fd = -1;
-    gzFile initrd_gfd = NULL;
     int rc, i;
     vcpu_guest_context_t st_ctxt, *ctxt = &st_ctxt;
     unsigned long nr_pages;
     char         *image = NULL;
-    unsigned long image_size, initrd_size=0;
+    unsigned long image_size;
 
     if ( vmx_identify() < 0 )
     {
         PERROR("CPU doesn't support VMX Extensions");
         goto error_out;
     }
-    
+
     if ( (nr_pages = xc_get_tot_pages(xc_handle, domid)) < 0 )
     {
         PERROR("Could not find total pages for domain");
@@ -738,32 +626,15 @@
     if ( (image = xc_read_kernel_image(image_name, &image_size)) == NULL )
         goto error_out;
 
-    if ( (ramdisk_name != NULL) && (strlen(ramdisk_name) != 0) )
-    {
-        if ( (initrd_fd = open(ramdisk_name, O_RDONLY)) < 0 )
-        {
-            PERROR("Could not open the initial ramdisk image");
-            goto error_out;
-        }
-
-        initrd_size = xc_get_filesz(initrd_fd);
-
-        if ( (initrd_gfd = gzdopen(initrd_fd, "rb")) == NULL )
-        {
-            PERROR("Could not allocate decompression state for initrd");
-            goto error_out;
-        }
-    }
-
     if ( mlock(&st_ctxt, sizeof(st_ctxt) ) )
-    {   
+    {
         PERROR("xc_vmx_build: ctxt mlock failed");
         return 1;
     }
 
     op.cmd = DOM0_GETDOMAININFO;
     op.u.getdomaininfo.domain = (domid_t)domid;
-    if ( (xc_dom0_op(xc_handle, &op) < 0) || 
+    if ( (xc_dom0_op(xc_handle, &op) < 0) ||
          ((u16)op.u.getdomaininfo.domain != domid) )
     {
         PERROR("Could not get info on domain");
@@ -783,21 +654,14 @@
         goto error_out;
     }
 
-    if ( setup_guest(xc_handle, domid, memsize, image, image_size, 
-                     initrd_gfd, initrd_size, nr_pages, 
-                     ctxt, cmdline,
-                     op.u.getdomaininfo.shared_info_frame,
-                     control_evtchn, flags, vcpus, store_evtchn, store_mfn,
-                     mem_mapp) < 0 )
+    if ( setup_guest(xc_handle, domid, memsize, image, image_size, nr_pages,
+                     ctxt, op.u.getdomaininfo.shared_info_frame, 
control_evtchn,
+                     flags, vcpus, store_evtchn, store_mfn) < 0)
     {
         ERROR("Error constructing guest OS");
         goto error_out;
     }
 
-    if ( initrd_fd >= 0 )
-        close(initrd_fd);
-    if ( initrd_gfd )
-        gzclose(initrd_gfd);
     free(image);
 
     ctxt->flags = VGCF_VMX_GUEST;
@@ -813,15 +677,10 @@
 
     /* No LDT. */
     ctxt->ldt_ents = 0;
-    
+
     /* Use the default Xen-provided GDT. */
     ctxt->gdt_ents = 0;
 
-    /* Ring 1 stack is the initial stack. */
-/*
-  ctxt->kernel_ss = FLAT_KERNEL_DS;
-  ctxt->kernel_sp = vstartinfo_start;
-*/
     /* No debugging. */
     memset(ctxt->debugreg, 0, sizeof(ctxt->debugreg));
 
@@ -845,14 +704,10 @@
 
     launch_op.cmd = DOM0_SETDOMAININFO;
     rc = xc_dom0_op(xc_handle, &launch_op);
-    
+
     return rc;
 
  error_out:
-    if ( initrd_gfd != NULL )
-        gzclose(initrd_gfd);
-    else if ( initrd_fd >= 0 )
-        close(initrd_fd);
     free(image);
 
     return -1;
@@ -864,7 +719,7 @@
             ((phdr->p_flags & (PF_W|PF_X)) != 0));
 }
 
-static int parseelfimage(char *elfbase, 
+static int parseelfimage(char *elfbase,
                          unsigned long elfsize,
                          struct domain_setup_info *dsi)
 {
@@ -899,11 +754,11 @@
         ERROR("ELF image has no section-header strings table (shstrtab).");
         return -EINVAL;
     }
-    shdr = (Elf32_Shdr *)(elfbase + ehdr->e_shoff + 
+    shdr = (Elf32_Shdr *)(elfbase + ehdr->e_shoff +
                           (ehdr->e_shstrndx*ehdr->e_shentsize));
     shstrtab = elfbase + shdr->sh_offset;
-    
-    for ( h = 0; h < ehdr->e_phnum; h++ ) 
+
+    for ( h = 0; h < ehdr->e_phnum; h++ )
     {
         phdr = (Elf32_Phdr *)(elfbase + ehdr->e_phoff + (h*ehdr->e_phentsize));
         if ( !is_loadable_phdr(phdr) )
@@ -914,8 +769,8 @@
             kernend = phdr->p_paddr + phdr->p_memsz;
     }
 
-    if ( (kernstart > kernend) || 
-         (ehdr->e_entry < kernstart) || 
+    if ( (kernstart > kernend) ||
+         (ehdr->e_entry < kernstart) ||
          (ehdr->e_entry > kernend) )
     {
         ERROR("Malformed ELF image.");
@@ -924,9 +779,9 @@
 
     dsi->v_start = 0x00000000;
 
-    dsi->v_kernstart = kernstart - LINUX_PAGE_OFFSET;
-    dsi->v_kernend   = kernend - LINUX_PAGE_OFFSET;
-    dsi->v_kernentry = LINUX_KERNEL_ENTR_ADDR;
+    dsi->v_kernstart = kernstart;
+    dsi->v_kernend   = kernend;
+    dsi->v_kernentry = VMX_LOADER_ENTR_ADDR;
 
     dsi->v_end       = dsi->v_kernend;
 
@@ -945,18 +800,18 @@
     char         *va;
     unsigned long pa, done, chunksz;
 
-    for ( h = 0; h < ehdr->e_phnum; h++ ) 
+    for ( h = 0; h < ehdr->e_phnum; h++ )
     {
         phdr = (Elf32_Phdr *)(elfbase + ehdr->e_phoff + (h*ehdr->e_phentsize));
         if ( !is_loadable_phdr(phdr) )
             continue;
-        
+
         for ( done = 0; done < phdr->p_filesz; done += chunksz )
         {
-            pa = (phdr->p_paddr + done) - dsi->v_start - LINUX_PAGE_OFFSET;
+            pa = (phdr->p_paddr + done) - dsi->v_start;
             if ((va = xc_map_foreign_range(
                 xch, dom, PAGE_SIZE, PROT_WRITE,
-                parray[pa>>PAGE_SHIFT])) == 0)
+                parray[pa >> PAGE_SHIFT])) == 0)
                 return -1;
             chunksz = phdr->p_filesz - done;
             if ( chunksz > (PAGE_SIZE - (pa & (PAGE_SIZE-1))) )
@@ -968,10 +823,10 @@
 
         for ( ; done < phdr->p_memsz; done += chunksz )
         {
-            pa = (phdr->p_paddr + done) - dsi->v_start - LINUX_PAGE_OFFSET;
+            pa = (phdr->p_paddr + done) - dsi->v_start;
             if ((va = xc_map_foreign_range(
                 xch, dom, PAGE_SIZE, PROT_WRITE,
-                parray[pa>>PAGE_SHIFT])) == 0)
+                parray[pa >> PAGE_SHIFT])) == 0)
                 return -1;
             chunksz = phdr->p_memsz - done;
             if ( chunksz > (PAGE_SIZE - (pa & (PAGE_SIZE-1))) )
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/libxc/xenguest.h
--- a/tools/libxc/xenguest.h    Fri Sep 23 21:41:28 2005
+++ b/tools/libxc/xenguest.h    Mon Sep 26 17:07:49 2005
@@ -57,9 +57,6 @@
                  uint32_t domid,
                  int memsize,
                  const char *image_name,
-                 struct mem_map *memmap,
-                 const char *ramdisk_name,
-                 const char *cmdline,
                  unsigned int control_evtchn,
                  unsigned long flags,
                  unsigned int vcpus,
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/libxc/xg_private.h
--- a/tools/libxc/xg_private.h  Fri Sep 23 21:41:28 2005
+++ b/tools/libxc/xg_private.h  Mon Sep 26 17:07:49 2005
@@ -28,25 +28,27 @@
 #define _PAGE_PSE       0x080
 #define _PAGE_GLOBAL    0x100
 
+#define L1_PAGETABLE_SHIFT_PAE   12
+#define L2_PAGETABLE_SHIFT_PAE   21
+#define L3_PAGETABLE_SHIFT_PAE   30
+
 #if defined(__i386__)
 #define L1_PAGETABLE_SHIFT       12
 #define L2_PAGETABLE_SHIFT       22
-#define L1_PAGETABLE_SHIFT_PAE   12
-#define L2_PAGETABLE_SHIFT_PAE   21
-#define L3_PAGETABLE_SHIFT_PAE   30
 #elif defined(__x86_64__)
-#define L1_PAGETABLE_SHIFT      12
-#define L2_PAGETABLE_SHIFT      21
-#define L3_PAGETABLE_SHIFT      30
-#define L4_PAGETABLE_SHIFT      39
+#define L1_PAGETABLE_SHIFT       12
+#define L2_PAGETABLE_SHIFT       21
+#define L3_PAGETABLE_SHIFT       30
+#define L4_PAGETABLE_SHIFT       39
 #endif
 
-#if defined(__i386__) 
-#define ENTRIES_PER_L1_PAGETABLE 1024
-#define ENTRIES_PER_L2_PAGETABLE 1024
 #define L1_PAGETABLE_ENTRIES_PAE  512
 #define L2_PAGETABLE_ENTRIES_PAE  512
 #define L3_PAGETABLE_ENTRIES_PAE    4
+
+#if defined(__i386__) 
+#define L1_PAGETABLE_ENTRIES   1024
+#define L2_PAGETABLE_ENTRIES   1024
 #elif defined(__x86_64__)
 #define L1_PAGETABLE_ENTRIES    512
 #define L2_PAGETABLE_ENTRIES    512
@@ -70,17 +72,18 @@
 typedef unsigned long l4_pgentry_t;
 #endif
 
-#if defined(__i386__)
-#define l1_table_offset(_a) \
-          (((_a) >> L1_PAGETABLE_SHIFT) & (ENTRIES_PER_L1_PAGETABLE - 1))
-#define l2_table_offset(_a) \
-          ((_a) >> L2_PAGETABLE_SHIFT)
 #define l1_table_offset_pae(_a) \
   (((_a) >> L1_PAGETABLE_SHIFT_PAE) & (L1_PAGETABLE_ENTRIES_PAE - 1))
 #define l2_table_offset_pae(_a) \
   (((_a) >> L2_PAGETABLE_SHIFT_PAE) & (L2_PAGETABLE_ENTRIES_PAE - 1))
 #define l3_table_offset_pae(_a) \
        (((_a) >> L3_PAGETABLE_SHIFT_PAE) & (L3_PAGETABLE_ENTRIES_PAE - 1))
+
+#if defined(__i386__)
+#define l1_table_offset(_a) \
+          (((_a) >> L1_PAGETABLE_SHIFT) & (L1_PAGETABLE_ENTRIES - 1))
+#define l2_table_offset(_a) \
+          ((_a) >> L2_PAGETABLE_SHIFT)
 #elif defined(__x86_64__)
 #define l1_table_offset(_a) \
   (((_a) >> L1_PAGETABLE_SHIFT) & (L1_PAGETABLE_ENTRIES - 1))
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/lowlevel/xc/xc.c
--- a/tools/python/xen/lowlevel/xc/xc.c Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/lowlevel/xc/xc.c Mon Sep 26 17:07:49 2005
@@ -17,7 +17,6 @@
 #include <arpa/inet.h>
 
 #include "xc_private.h"
-#include "linux_boot_params.h"
 
 /* Needed for Python versions earlier than 2.3. */
 #ifndef PyMODINIT_FUNC
@@ -310,80 +309,24 @@
     XcObject *xc = (XcObject *)self;
 
     u32   dom;
-    char *image, *ramdisk = NULL, *cmdline = "";
-    PyObject *memmap;
+    char *image;
     int   control_evtchn, store_evtchn;
     int flags = 0, vcpus = 1;
-    int numItems, i;
     int memsize;
-    struct mem_map mem_map;
     unsigned long store_mfn = 0;
 
     static char *kwd_list[] = { "dom", "control_evtchn", "store_evtchn",
-                                "memsize", "image", "memmap",
-                               "ramdisk", "cmdline", "flags",
-                               "vcpus", NULL };
-
-    if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iiiisO!|ssii", kwd_list, 
+                                "memsize", "image", "flags", "vcpus", NULL };
+
+    if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iiiisii", kwd_list,
                                       &dom, &control_evtchn, &store_evtchn,
-                                      &memsize,
-                                      &image, &PyList_Type, &memmap,
-                                     &ramdisk, &cmdline, &flags, &vcpus) )
-        return NULL;
-
-    memset(&mem_map, 0, sizeof(mem_map));
-    /* Parse memmap */
-
-    /* get the number of lines passed to us */
-    numItems = PyList_Size(memmap) - 1;        /* removing the line 
-                                          containing "memmap" */
-    mem_map.nr_map = numItems;
-   
-    /* should raise an error here. */
-    if (numItems < 0) return NULL; /* Not a list */
-
-    /* iterate over items of the list, grabbing ranges and parsing them */
-    for (i = 1; i <= numItems; i++) {  // skip over "memmap"
-           PyObject *item, *f1, *f2, *f3, *f4;
-           int numFields;
-           unsigned long lf1, lf2, lf3, lf4;
-           char *sf1, *sf2;
-           
-           /* grab the string object from the next element of the list */
-           item = PyList_GetItem(memmap, i); /* Can't fail */
-
-           /* get the number of lines passed to us */
-           numFields = PyList_Size(item);
-
-           if (numFields != 4)
-                   return NULL;
-
-           f1 = PyList_GetItem(item, 0);
-           f2 = PyList_GetItem(item, 1);
-           f3 = PyList_GetItem(item, 2);
-           f4 = PyList_GetItem(item, 3);
-
-           /* Convert objects to strings/longs */
-           sf1 = PyString_AsString(f1);
-           sf2 = PyString_AsString(f2);
-           lf3 = PyLong_AsLong(f3);
-           lf4 = PyLong_AsLong(f4);
-           if ( sscanf(sf1, "%lx", &lf1) != 1 )
-                return NULL;
-           if ( sscanf(sf2, "%lx", &lf2) != 1 )
-                return NULL;
-
-            mem_map.map[i-1].addr = lf1;
-            mem_map.map[i-1].size = lf2 - lf1;
-            mem_map.map[i-1].type = lf3;
-            mem_map.map[i-1].caching_attr = lf4;
-    }
-
-    if ( xc_vmx_build(xc->xc_handle, dom, memsize, image, &mem_map,
-                        ramdisk, cmdline, control_evtchn, flags,
-                        vcpus, store_evtchn, &store_mfn) != 0 )
-        return PyErr_SetFromErrno(xc_error);
-    
+                                      &memsize, &image, &flags, &vcpus) )
+        return NULL;
+
+    if ( xc_vmx_build(xc->xc_handle, dom, memsize, image, control_evtchn,
+                      flags, vcpus, store_evtchn, &store_mfn) != 0 )
+        return PyErr_SetFromErrno(xc_error);
+
     return Py_BuildValue("{s:i}", "store_mfn", store_mfn);
 }
 
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/lowlevel/xs/xs.c
--- a/tools/python/xen/lowlevel/xs/xs.c Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/lowlevel/xs/xs.c Mon Sep 26 17:07:49 2005
@@ -582,9 +582,8 @@
 }
 
 #define xspy_transaction_start_doc "\n"                                \
-       "Start a transaction on a path.\n"                      \
+       "Start a transaction.\n"                                \
        "Only one transaction can be active at a time.\n"       \
-       " path [string]: xenstore path.\n"                      \
        "\n"                                                    \
        "Returns None on success.\n"                            \
        "Raises RuntimeError on error.\n"                       \
@@ -593,8 +592,8 @@
 static PyObject *xspy_transaction_start(PyObject *self, PyObject *args,
                                         PyObject *kwds)
 {
-    static char *kwd_spec[] = { "path", NULL };
-    static char *arg_spec = "s|";
+    static char *kwd_spec[] = { NULL };
+    static char *arg_spec = "";
     char *path = NULL;
 
     struct xs_handle *xh = xshandle(self);
@@ -606,7 +605,7 @@
     if (!PyArg_ParseTupleAndKeywords(args, kwds, arg_spec, kwd_spec, &path))
         goto exit;
     Py_BEGIN_ALLOW_THREADS
-    xsval = xs_transaction_start(xh, path);
+    xsval = xs_transaction_start(xh);
     Py_END_ALLOW_THREADS
     if (!xsval) {
         PyErr_SetFromErrno(PyExc_RuntimeError);
@@ -623,7 +622,7 @@
        "Attempts to commit the transaction unless abort is true.\n"    \
        " abort [int]: abort flag (default 0).\n"                       \
        "\n"                                                            \
-       "Returns None on success.\n"                                    \
+       "Returns True on success, False if you need to try again.\n"    \
        "Raises RuntimeError on error.\n"                               \
        "\n"
 
@@ -646,11 +645,16 @@
     xsval = xs_transaction_end(xh, abort);
     Py_END_ALLOW_THREADS
     if (!xsval) {
-        PyErr_SetFromErrno(PyExc_RuntimeError);
-        goto exit;
-    }
-    Py_INCREF(Py_None);
-    val = Py_None;
+       if (errno == EAGAIN) {
+           Py_INCREF(Py_False);
+           val = Py_False;
+           goto exit;
+       }
+        PyErr_SetFromErrno(PyExc_RuntimeError);
+        goto exit;
+    }
+    Py_INCREF(Py_True);
+    val = Py_True;
  exit:
     return val;
 }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/xend/PrettyPrint.py
--- a/tools/python/xen/xend/PrettyPrint.py      Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/xend/PrettyPrint.py      Mon Sep 26 17:07:49 2005
@@ -252,7 +252,7 @@
         self.block = self.block.parent
 
     def prettyprint(self, out=sys.stdout):
-        self.top.prettyprint(Line(out, self.width))
+        self.top.prettyprint(Line(out, self.width), self.width)
 
 class SXPPrettyPrinter(PrettyPrinter):
     """An SXP prettyprinter.
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/xend/XendDomain.py
--- a/tools/python/xen/xend/XendDomain.py       Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/xend/XendDomain.py       Mon Sep 26 17:07:49 2005
@@ -433,12 +433,11 @@
             self.domain_shutdowns()
         return val
 
+
     def domain_sysrq(self, id, key):
-        """Send a SysRq to a domain
-        """
-        dominfo = self.domain_lookup(id)
-        val = dominfo.send_sysrq(key)
-        return val
+        """Send a SysRq to the specified domain."""
+        return self.callInfo(id, XendDomainInfo.send_sysrq, key)
+
 
     def domain_shutdowns(self):
         """Process pending domain shutdowns.
@@ -630,73 +629,45 @@
         except Exception, ex:
             raise XendError(str(ex))
 
-    def domain_device_create(self, id, devconfig):
-        """Create a new device for a domain.
-
-        @param id:       domain id
-        @param devconfig: device configuration
-        """
-        dominfo = self.domain_lookup(id)
-        val = dominfo.device_create(devconfig)
-        dominfo.exportToDB()
-        return val
-
-    def domain_device_configure(self, id, devconfig, devid):
-        """Configure an existing device for a domain.
-
-        @param id:   domain id
-        @param devconfig: device configuration
-        @param devid:  device id
+
+    def domain_device_create(self, domid, devconfig):
+        """Create a new device for the specified domain.
+        """
+        return self.callInfo(domid, XendDomainInfo.device_create, devconfig)
+
+
+    def domain_device_configure(self, domid, devconfig, devid):
+        """Configure an existing device in the specified domain.
         @return: updated device configuration
         """
-        dominfo = self.domain_lookup(id)
-        val = dominfo.device_configure(devconfig, devid)
-        dominfo.exportToDB()
-        return val
+        return self.callInfo(domid, XendDomainInfo.device_configure,
+                             devconfig, devid)
+
     
-    def domain_device_refresh(self, id, type, devid):
-        """Refresh a device.
-
-        @param id:  domain id
-        @param devid:  device id
-        @param type: device type
-        """
-        dominfo = self.domain_lookup(id)
-        val = dominfo.device_refresh(type, devid)
-        dominfo.exportToDB()
-        return val
-
-    def domain_device_destroy(self, id, type, devid):
-        """Destroy a device.
-
-        @param id:  domain id
-        @param devid:  device id
-        @param type: device type
-        """
-        dominfo = self.domain_lookup(id)
-        return dominfo.destroyDevice(type, devid)
-
-
-    def domain_devtype_ls(self, id, type):
-        """Get list of device sxprs for a domain.
-
-        @param id:  domain
-        @param type: device type
-        @return: device sxprs
-        """
-        dominfo = self.domain_lookup(id)
-        return dominfo.getDeviceSxprs(type)
-
-    def domain_devtype_get(self, id, type, devid):
+    def domain_device_refresh(self, domid, devtype, devid):
+        """Refresh a device."""
+        return self.callInfo(domid, XendDomainInfo.device_refresh, devtype,
+                             devid)
+
+
+    def domain_device_destroy(self, domid, devtype, devid):
+        """Destroy a device."""
+        return self.callInfo(domid, XendDomainInfo.destroyDevice, devtype,
+                             devid)
+
+
+    def domain_devtype_ls(self, domid, devtype):
+        """Get list of device sxprs for the specified domain."""
+        return self.callInfo(domid, XendDomainInfo.getDeviceSxprs, devtype)
+
+
+    def domain_devtype_get(self, domid, devtype, devid):
         """Get a device from a domain.
         
-        @param id:  domain
-        @param type: device type
-        @param devid:  device id
         @return: device object (or None)
         """
-        dominfo = self.domain_lookup(id)
-        return dominfo.getDevice(type, devid)
+        return self.callInfo(domid, XendDomainInfo.getDevice, devtype, devid)
+
 
     def domain_vif_limit_set(self, id, vif, credit, period):
         """Limit the vif's transmission rate
@@ -723,7 +694,7 @@
         """Set the memory limit for a domain.
 
         @param id: domain
-        @param mem: memory limit (in MB)
+        @param mem: memory limit (in MiB)
         @return: 0 on success, -1 on error
         """
         dominfo = self.domain_lookup(id)
@@ -734,42 +705,37 @@
         except Exception, ex:
             raise XendError(str(ex))
 
-    def domain_mem_target_set(self, id, mem):
+    def domain_mem_target_set(self, domid, mem):
         """Set the memory target for a domain.
 
-        @param id: domain
-        @param mem: memory target (in MB)
-        @return: 0 on success, -1 on error
-        """
-        dominfo = self.domain_lookup(id)
-        return dominfo.setMemoryTarget(mem << 10)
-
-    def domain_vcpu_hotplug(self, id, vcpu, state):
-        """Enable or disable VCPU vcpu in DOM id
-
-        @param id: domain
+        @param mem: memory target (in MiB)
+        """
+        self.callInfo(domid, XendDomainInfo.setMemoryTarget, mem << 10)
+
+
+    def domain_vcpu_hotplug(self, domid, vcpu, state):
+        """Enable or disable specified VCPU in specified domain
+
         @param vcpu: target VCPU in domain
         @param state: which state VCPU will become
-        @return: 0 on success, -1 on error
-        """
-
-        dominfo = self.domain_lookup(id)
-        return dominfo.vcpu_hotplug(vcpu, state)
-
-    def domain_dumpcore(self, id):
-        """Save a core dump for a crashed domain.
-
-        @param id: domain
-        """
-        dominfo = self.domain_lookup(id)
-        corefile = "/var/xen/dump/%s.%s.core" % (dominfo.getName(),
-                                                 dominfo.getDomid())
-        try:
-            xc.domain_dumpcore(dom=dominfo.getDomid(), corefile=corefile)
-        except Exception, ex:
-            log.warning("Dumpcore failed, id=%s name=%s: %s",
-                        dominfo.getDomid(), dominfo.getName(), ex)
-        
+        """
+        self.callInfo(domid, XendDomainInfo.vcpu_hotplug, vcpu, state)
+
+
+    def domain_dumpcore(self, domid):
+        """Save a core dump for a crashed domain."""
+        self.callInfo(domid, XendDomainInfo.dumpCore)
+
+
+    ## private:
+
+    def callInfo(self, domid, fn, *args, **kwargs):
+        self.refresh()
+        dominfo = self.domains.get(domid)
+        if dominfo:
+            return fn(dominfo, *args, **kwargs)
+
+
 def instance():
     """Singleton constructor. Use this instead of the class constructor.
     """
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py   Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/xend/XendDomainInfo.py   Mon Sep 26 17:07:49 2005
@@ -34,6 +34,7 @@
 
 from xen.xend.server.channel import EventChannel
 
+from xen.xend import image
 from xen.xend import sxp
 from xen.xend.XendBootloader import bootloader
 from xen.xend.XendLogging import log
@@ -319,6 +320,7 @@
 
         try:
             defaultInfo('name',         lambda: "Domain-%d" % self.domid)
+            defaultInfo('ssidref',      lambda: 0)
             defaultInfo('restart_mode', lambda: RESTART_ONREBOOT)
             defaultInfo('cpu_weight',   lambda: 1.0)
             defaultInfo('bootloader',   lambda: None)
@@ -511,6 +513,19 @@
                       self.info['backend'], 0)
 
 
+    def dumpCore(self):
+        """Create a core dump for this domain.  Nothrow guarantee."""
+        
+        try:
+            corefile = "/var/xen/dump/%s.%s.core" % (self.info['name'],
+                                                     self.domid)
+            xc.domain_dumpcore(dom = self.domid, corefile = corefile)
+
+        except Exception, exn:
+            log.error("XendDomainInfo.dumpCore failed: id = %s name = %s: %s",
+                      self.domid, self.info['name'], str(exn))
+
+
     def closeStoreChannel(self):
         """Close the store channel, if any.  Nothrow guarantee."""
         
@@ -614,7 +629,7 @@
             sxpr.append(['maxmem', self.info['maxmem_KiB'] / 1024])
 
             if self.infoIsSet('device'):
-                for (n, c) in self.info['device']:
+                for (_, c) in self.info['device']:
                     sxpr.append(['device', c])
 
             def stateChar(name):
@@ -706,13 +721,6 @@
         """
         # todo - add support for scheduling params?
         try:
-            if 'image' not in self.info:
-                raise VmError('Missing image in configuration')
-
-            self.image = ImageHandler.create(self,
-                                             self.info['image'],
-                                             self.info['device'])
-
             self.initDomain()
 
             # Create domain devices.
@@ -737,6 +745,14 @@
 
         self.domid = xc.domain_create(dom = self.domid or 0,
                                       ssidref = self.info['ssidref'])
+
+        if 'image' not in self.info:
+            raise VmError('Missing image in configuration')
+
+        self.image = image.create(self,
+                                  self.info['image'],
+                                  self.info['device'])
+
         if self.domid <= 0:
             raise VmError('Creating domain failed: name=%s' %
                           self.info['name'])
@@ -839,20 +855,20 @@
         """Release all vm devices.
         """
 
-        t = xstransact("%s/device" % self.path)
-
-        for n in controllerClasses.keys():
-            for d in t.list(n):
-                try:
-                    t.remove(d)
-                except ex:
-                    # Log and swallow any exceptions in removal -- there's
-                    # nothing more we can do.
-                    log.exception(
-                        "Device release failed: %s; %s; %s; %s" %
-                        (self.info['name'], n, d, str(ex)))
-        t.commit()
-
+        while True:
+            t = xstransact("%s/device" % self.path)
+            for n in controllerClasses.keys():
+                for d in t.list(n):
+                    try:
+                        t.remove(d)
+                    except ex:
+                        # Log and swallow any exceptions in removal --
+                        # there's nothing more we can do.
+                        log.exception(
+                           "Device release failed: %s; %s; %s; %s" %
+                            (self.info['name'], n, d, str(ex)))
+            if t.commit():
+                break
 
     def eventChannel(self, path=None):
         """Create an event channel to the domain.
@@ -1085,19 +1101,6 @@
 
 
 #============================================================================
-# Register image handlers.
-
-from image import          \
-     addImageHandlerClass, \
-     ImageHandler,         \
-     LinuxImageHandler,    \
-     VmxImageHandler
-
-addImageHandlerClass(LinuxImageHandler)
-addImageHandlerClass(VmxImageHandler)
-
-
-#============================================================================
 # Register device controllers and their device config types.
 
 """A map from device-class names to the subclass of DevController that
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/xend/image.py
--- a/tools/python/xen/xend/image.py    Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/xend/image.py    Mon Sep 26 17:07:49 2005
@@ -33,6 +33,15 @@
 
 MAX_GUEST_CMDLINE = 1024
 
+
+def create(vm, imageConfig, deviceConfig):
+    """Create an image handler for a vm.
+
+    @return ImageHandler instance
+    """
+    return findImageHandlerClass(imageConfig)(vm, imageConfig, deviceConfig)
+
+
 class ImageHandler:
     """Abstract base class for image handlers.
 
@@ -48,81 +57,39 @@
 
     The method destroy() is called when the domain is destroyed.
     The default is to do nothing.
-    
     """
 
-    #======================================================================
-    # Class vars and methods.
-
-    """Table of image handler classes for virtual machine images.
-    Indexed by image type.
-    """
-    imageHandlerClasses = {}
-
-    def addImageHandlerClass(cls, h):
-        """Add a handler class for an image type
-        @param h:        handler: ImageHandler subclass
-        """
-        cls.imageHandlerClasses[h.ostype] = h
-
-    addImageHandlerClass = classmethod(addImageHandlerClass)
-
-    def findImageHandlerClass(cls, image):
-        """Find the image handler class for an image config.
-
-        @param image config
-        @return ImageHandler subclass or None
-        """
-        ty = sxp.name(image)
-        if ty is None:
-            raise VmError('missing image type')
-        imageClass = cls.imageHandlerClasses.get(ty)
-        if imageClass is None:
-            raise VmError('unknown image type: ' + ty)
-        return imageClass
-
-    findImageHandlerClass = classmethod(findImageHandlerClass)
-
-    def create(cls, vm, imageConfig, deviceConfig):
-        """Create an image handler for a vm.
-
-        @return ImageHandler instance
-        """
-        imageClass = cls.findImageHandlerClass(imageConfig)
-        return imageClass(vm, imageConfig, deviceConfig)
-
-    create = classmethod(create)
-
-    #======================================================================
-    # Instance vars and methods.
-
     ostype = None
 
-    kernel = None
-    ramdisk = None
-    cmdline = None
-
-    flags = 0
 
     def __init__(self, vm, imageConfig, deviceConfig):
         self.vm = vm
+
+        self.kernel = None
+        self.ramdisk = None
+        self.cmdline = None
+        self.flags = 0
+
         self.configure(imageConfig, deviceConfig)
 
     def configure(self, imageConfig, _):
         """Config actions common to all unix-like domains."""
 
-        self.kernel = sxp.child_value(imageConfig, "kernel")
+        def get_cfg(name, default = None):
+            return sxp.child_value(imageConfig, name, default)
+
+        self.kernel = get_cfg("kernel")
         self.cmdline = ""
-        ip = sxp.child_value(imageConfig, "ip", None)
+        ip = get_cfg("ip")
         if ip:
             self.cmdline += " ip=" + ip
-        root = sxp.child_value(imageConfig, "root")
+        root = get_cfg("root")
         if root:
             self.cmdline += " root=" + root
-        args = sxp.child_value(imageConfig, "args")
+        args = get_cfg("args")
         if args:
             self.cmdline += " " + args
-        self.ramdisk = sxp.child_value(imageConfig, "ramdisk", '')
+        self.ramdisk = get_cfg("ramdisk", '')
         
         self.vm.storeVm(("image/ostype", self.ostype),
                         ("image/kernel", self.kernel),
@@ -130,7 +97,7 @@
                         ("image/ramdisk", self.ramdisk))
 
 
-    def handleBootloading():
+    def handleBootloading(self):
         self.unlink(self.kernel)
         self.unlink(self.ramdisk)
 
@@ -194,7 +161,6 @@
         if d.has_key('console_mfn'):
             self.vm.setConsoleRef(d.get('console_mfn'))
 
-addImageHandlerClass = ImageHandler.addImageHandlerClass
 
 class LinuxImageHandler(ImageHandler):
 
@@ -238,22 +204,19 @@
 
     def configure(self, imageConfig, deviceConfig):
         ImageHandler.configure(self, imageConfig, deviceConfig)
-        
-        self.memmap = sxp.child_value(imageConfig, 'memmap')
+
         self.dmargs = self.parseDeviceModelArgs(imageConfig, deviceConfig)
         self.device_model = sxp.child_value(imageConfig, 'device_model')
         if not self.device_model:
             raise VmError("vmx: missing device model")
         self.display = sxp.child_value(imageConfig, 'display')
 
-        self.vm.storeVm(("image/memmap", self.memmap),
-                        ("image/dmargs", " ".join(self.dmargs)),
+        self.vm.storeVm(("image/dmargs", " ".join(self.dmargs)),
                         ("image/device-model", self.device_model),
                         ("image/display", self.display))
 
         self.device_channel = None
         self.pid = 0
-        self.memmap_value = []
 
         self.dmargs += self.configVNC(imageConfig)
 
@@ -261,7 +224,6 @@
     def createImage(self):
         """Create a VM for the VMX environment.
         """
-        self.parseMemmap()
         self.createDomain()
 
     def buildDomain(self):
@@ -278,9 +240,6 @@
         log.debug("control_evtchn = %d", self.device_channel.port2)
         log.debug("store_evtchn   = %d", store_evtchn)
         log.debug("memsize        = %d", self.vm.getMemoryTarget() / 1024)
-        log.debug("memmap         = %s", self.memmap_value)
-        log.debug("cmdline        = %s", self.cmdline)
-        log.debug("ramdisk        = %s", self.ramdisk)
         log.debug("flags          = %d", self.flags)
         log.debug("vcpus          = %d", self.vm.getVCpuCount())
 
@@ -289,9 +248,6 @@
                            control_evtchn = self.device_channel.port2,
                            store_evtchn   = store_evtchn,
                            memsize        = self.vm.getMemoryTarget() / 1024,
-                           memmap         = self.memmap_value,
-                           cmdline        = self.cmdline,
-                           ramdisk        = self.ramdisk,
                            flags          = self.flags,
                            vcpus          = self.vm.getVCpuCount())
         if isinstance(ret, dict):
@@ -299,18 +255,11 @@
             return 0
         return ret
 
-    def parseMemmap(self):
-        if self.memmap is None:
-            return
-        memmap = sxp.parse(open(self.memmap))[0]
-        from xen.util.memmap import memmap_parse
-        self.memmap_value = memmap_parse(memmap)
-        
     # Return a list of cmd line args to the device models based on the
     # xm config file
     def parseDeviceModelArgs(self, imageConfig, deviceConfig):
         dmargs = [ 'cdrom', 'boot', 'fda', 'fdb',
-                   'localtime', 'serial', 'stdvga', 'isa', 'vcpus' ] 
+                   'localtime', 'serial', 'stdvga', 'isa', 'vcpus' ]
         ret = []
         for a in dmargs:
             v = sxp.child_value(imageConfig, a)
@@ -439,3 +388,28 @@
             return 16 * 1024
         else:
             return (1 + ((mem_mb + 3) >> 2)) * 4
+
+
+"""Table of image handler classes for virtual machine images.  Indexed by
+image type.
+"""
+imageHandlerClasses = {}
+
+
+for h in LinuxImageHandler, VmxImageHandler:
+    imageHandlerClasses[h.ostype] = h
+
+
+def findImageHandlerClass(image):
+    """Find the image handler class for an image config.
+
+    @param image config
+    @return ImageHandler subclass or None
+    """
+    ty = sxp.name(image)
+    if ty is None:
+        raise VmError('missing image type')
+    imageClass = imageHandlerClasses.get(ty)
+    if imageClass is None:
+        raise VmError('unknown image type: ' + ty)
+    return imageClass
diff -r eaedc6b4ec0f -r ef9591d03fdd 
tools/python/xen/xend/server/DevController.py
--- a/tools/python/xen/xend/server/DevController.py     Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/xend/server/DevController.py     Mon Sep 26 17:07:49 2005
@@ -126,20 +126,21 @@
         compulsory to use it; subclasses may prefer to allocate IDs based upon
         the device configuration instead.
         """
-        path = self.frontendMiscPath()
-        t = xstransact(path)
-        try:
-            result = t.read("nextDeviceID")
-            if result:
-                result = int(result)
-            else:
-                result = 1
-            t.write("nextDeviceID", str(result + 1))
-            t.commit()
-            return result
-        except:
-            t.abort()
-            raise
+        while True:
+            path = self.frontendMiscPath()
+            t = xstransact(path)
+            try:
+                result = t.read("nextDeviceID")
+                if result:
+                    result = int(result)
+                else:
+                    result = 1
+                t.write("nextDeviceID", str(result + 1))
+                if t.commit():
+                    return result
+            except:
+                t.abort()
+                raise
 
 
     ## private:
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/xend/xenstore/xsnode.py
--- a/tools/python/xen/xend/xenstore/xsnode.py  Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/xend/xenstore/xsnode.py  Mon Sep 26 17:07:49 2005
@@ -280,8 +280,8 @@
                                (', while writing %s : %s' % (str(path),
                                                              str(data))))
 
-    def begin(self, path):
-        self.getxs().transaction_start(path)
+    def begin(self):
+        self.getxs().transaction_start()
 
     def commit(self, abandon=False):
         self.getxs().transaction_end(abort=abandon)
diff -r eaedc6b4ec0f -r ef9591d03fdd 
tools/python/xen/xend/xenstore/xstransact.py
--- a/tools/python/xen/xend/xenstore/xstransact.py      Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/xend/xenstore/xstransact.py      Mon Sep 26 17:07:49 2005
@@ -14,16 +14,8 @@
     def __init__(self, path):
         self.in_transaction = False
         self.path = path.rstrip("/")
-        while True:
-            try:
-                xshandle().transaction_start(path)
-                self.in_transaction = True
-                return
-            except RuntimeError, ex:
-                if ex.args[0] == errno.ENOENT and path != "/":
-                    path = "/".join(path.split("/")[0:-1]) or "/"
-                else:
-                    raise
+        xshandle().transaction_start()
+        self.in_transaction = True
 
     def __del__(self):
         if self.in_transaction:
@@ -175,14 +167,8 @@
             t = cls(path)
             try:
                 v = t.read(*args)
-                t.commit()
+                t.abort()
                 return v
-            except RuntimeError, ex:
-                t.abort()
-                if ex.args[0] == errno.ETIMEDOUT:
-                    pass
-                else:
-                    raise
             except:
                 t.abort()
                 raise
@@ -194,14 +180,8 @@
             t = cls(path)
             try:
                 t.write(*args, **opts)
-                t.commit()
-                return
-            except RuntimeError, ex:
-                t.abort()
-                if ex.args[0] == errno.ETIMEDOUT:
-                    pass
-                else:
-                    raise
+                if t.commit():
+                    return
             except:
                 t.abort()
                 raise
@@ -217,14 +197,8 @@
             t = cls(path)
             try:
                 t.remove(*args)
-                t.commit()
-                return
-            except RuntimeError, ex:
-                t.abort()
-                if ex.args[0] == errno.ETIMEDOUT:
-                    pass
-                else:
-                    raise
+                if t.commit():
+                    return
             except:
                 t.abort()
                 raise
@@ -236,14 +210,8 @@
             t = cls(path)
             try:
                 v = t.list(*args)
-                t.commit()
-                return v
-            except RuntimeError, ex:
-                t.abort()
-                if ex.args[0] == errno.ETIMEDOUT:
-                    pass
-                else:
-                    raise
+                if t.commit():
+                    return v
             except:
                 t.abort()
                 raise
@@ -255,14 +223,8 @@
             t = cls(path)
             try:
                 v = t.gather(*args)
-                t.commit()
-                return v
-            except RuntimeError, ex:
-                t.abort()
-                if ex.args[0] == errno.ETIMEDOUT:
-                    pass
-                else:
-                    raise
+                if t.commit():
+                    return v
             except:
                 t.abort()
                 raise
@@ -274,14 +236,8 @@
             t = cls(path)
             try:
                 v = t.store(*args)
-                t.commit()
-                return v
-            except RuntimeError, ex:
-                t.abort()
-                if ex.args[0] == errno.ETIMEDOUT:
-                    pass
-                else:
-                    raise
+                if t.commit():
+                    return v
             except:
                 t.abort()
                 raise
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/xm/main.py
--- a/tools/python/xen/xm/main.py       Fri Sep 23 21:41:28 2005
+++ b/tools/python/xen/xm/main.py       Mon Sep 26 17:07:49 2005
@@ -1,5 +1,6 @@
 # (C) Copyright IBM Corp. 2005
 # Copyright (C) 2004 Mike Wray
+# Copyright (c) 2005 XenSource Ltd
 #
 # Authors:
 #     Sean Dague <sean at dague dot net>
@@ -169,12 +170,6 @@
 #
 #########################################################################
 
-def xm_create(args):
-    from xen.xm import create
-    # ugly hack because the opt parser apparently wants
-    # the subcommand name just to throw it away!
-    create.main(["bogus"] + args)
-
 def xm_save(args):
     arg_check(args,2,"save")
 
@@ -195,13 +190,6 @@
     id = sxp.child_value(info, 'domid')
     if id is not None:
         server.xend_domain_unpause(domid)
-
-def xm_migrate(args):
-    # TODO: arg_check
-    from xen.xm import migrate
-    # ugly hack because the opt parser apparently wants
-    # the subcommand name just to throw it away!
-    migrate.main(["bogus"] + args)
 
 def xm_list(args):
     use_long = 0
@@ -290,14 +278,6 @@
 def xm_vcpu_list(args):
     xm_list(["-v"] + args)
 
-def xm_destroy(args):
-    arg_check(args,1,"destroy")
-
-    from xen.xm import destroy
-    # ugly hack because the opt parser apparently wants
-    # the subcommand name just to throw it away!
-    destroy.main(["bogus"] + args)
-            
 def xm_reboot(args):
     arg_check(args,1,"reboot")
     from xen.xm import shutdown
@@ -305,20 +285,6 @@
     # the subcommand name just to throw it away!
     shutdown.main(["bogus", "-R"] + args)
 
-def xm_shutdown(args):
-    arg_check(args,1,"shutdown")
-
-    from xen.xm import shutdown
-    # ugly hack because the opt parser apparently wants
-    # the subcommand name just to throw it away!
-    shutdown.main(["bogus"] + args)
-
-def xm_sysrq(args):
-    from xen.xm import sysrq
-    # ugly hack because the opt parser apparently wants
-    # the subcommand name just to throw it away!
-    sysrq.main(["bogus"] + args)
-
 def xm_pause(args):
     arg_check(args, 1, "pause")
     dom = args[0]
@@ -332,6 +298,11 @@
 
     from xen.xend.XendClient import server
     server.xend_domain_unpause(dom)
+
+def xm_subcommand(command, args):
+    cmd = __import__(command, globals(), locals(), 'xen.xm')
+    cmd.main(["bogus"] + args)
+
 
 #############################################################
 
@@ -506,14 +477,6 @@
         sxp.show(x)
         print
 
-def xm_network_attach(args):
-
-    print "Not implemented"
-
-def xm_network_detach(args):
-
-    print "Not implemented"
-    
 def xm_block_list(args):
     arg_check(args,1,"block-list")
     dom = args[0]
@@ -609,11 +572,8 @@
     # domain commands
     "domid": xm_domid,
     "domname": xm_domname,
-    "create": xm_create,
-    "destroy": xm_destroy,
     "restore": xm_restore,
     "save": xm_save,
-    "shutdown": xm_shutdown,
     "reboot": xm_reboot,
     "list": xm_list,
     # memory commands
@@ -625,10 +585,7 @@
     "vcpu-enable": xm_vcpu_enable,
     "vcpu-disable": xm_vcpu_disable,
     "vcpu-list": xm_vcpu_list,
-    # migration
-    "migrate": xm_migrate,
     # special
-    "sysrq": xm_sysrq,
     "pause": xm_pause,
     "unpause": xm_unpause,
     # host commands
@@ -647,13 +604,23 @@
     # network
     "network-limit": xm_network_limit,
     "network-list": xm_network_list,
-    "network-attach": xm_network_attach,
-    "network-detach": xm_network_detach,
     # vnet
     "vnet-list": xm_vnet_list,
     "vnet-create": xm_vnet_create,
     "vnet-delete": xm_vnet_delete,
     }
+
+## The commands supported by a separate argument parser in xend.xm.
+subcommands = [
+    'create',
+    'destroy',
+    'migrate',
+    'sysrq',
+    'shutdown'
+    ]
+
+for c in subcommands:
+    commands[c] = eval('lambda args: xm_subcommand("%s", args)' % c)
 
 aliases = {
     "balloon": "mem-set",
@@ -669,6 +636,7 @@
     "--long": longhelp
    }
 
+
 def xm_lookup_cmd(cmd):
     if commands.has_key(cmd):
         return commands[cmd]
@@ -688,9 +656,7 @@
     err('Option %s is the new replacement, see "xm help %s" for more info' % 
(new, new))
 
 def usage(cmd=None):
-    if cmd == "full":
-        print fullhelp
-    elif help.has_key(cmd):
+    if help.has_key(cmd):
         print help[cmd]
     else:
         print shorthelp
@@ -701,7 +667,7 @@
         usage()
     
     if re.compile('-*help').match(argv[1]):
-       if len(argv) > 2 and help.has_key(argv[2]):
+       if len(argv) > 2:
            usage(argv[2])
        else:
            usage()
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/Makefile
--- a/tools/xenstore/Makefile   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/Makefile   Mon Sep 26 17:07:49 2005
@@ -28,11 +28,11 @@
 CLIENTS += xenstore-write
 CLIENTS_OBJS := $(patsubst xenstore-%,xenstore_%.o,$(CLIENTS))
 
-all: libxenstore.so xenstored $(CLIENTS)
+all: libxenstore.so xenstored $(CLIENTS) xs_tdb_dump
 
 testcode: xs_test xenstored_test xs_random xs_dom0_test
 
-xenstored: xenstored_core.o xenstored_watch.o xenstored_domain.o 
xenstored_transaction.o xs_lib.o talloc.o utils.o
+xenstored: xenstored_core.o xenstored_watch.o xenstored_domain.o 
xenstored_transaction.o xs_lib.o talloc.o utils.o tdb.o
        $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -lxenctrl -o $@
 
 $(CLIENTS): libxenstore.so
@@ -42,13 +42,21 @@
 $(CLIENTS_OBJS): xenstore_%.o: xenstore_client.c
        $(COMPILE.c) -DCLIENT_$(*F) -o $@ $<
 
-xenstored_test: xenstored_core_test.o xenstored_watch_test.o 
xenstored_domain_test.o xenstored_transaction_test.o xs_lib.o talloc_test.o 
fake_libxc.o utils.o
+xenstored_test: xenstored_core_test.o xenstored_watch_test.o 
xenstored_domain_test.o xenstored_transaction_test.o xs_lib.o talloc_test.o 
fake_libxc.o utils.o tdb.o
+       $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
+
+xs_tdb_dump: xs_tdb_dump.o utils.o tdb.o talloc.o
        $(LINK.o) $^ $(LOADLIBES) $(LDLIBS) -o $@
 
 xs_test: xs_test.o xs_lib.o utils.o
 xs_random: xs_random.o xs_test_lib.o xs_lib.o talloc.o utils.o
 xs_stress: xs_stress.o xs_test_lib.o xs_lib.o talloc.o utils.o
 xs_crashme: xs_crashme.o xs_lib.o talloc.o utils.o
+
+speedtest: speedtest.o xs.o xs_lib.o utils.o talloc.o
+
+check-speed: speedtest xenstored_test $(TESTDIR)
+       $(TESTENV) time ./speedtest 100
 
 xs_test.o xs_stress.o xenstored_core_test.o xenstored_watch_test.o 
xenstored_transaction_test.o xenstored_domain_test.o xs_random.o xs_test_lib.o 
talloc_test.o fake_libxc.o xs_crashme.o: CFLAGS=$(BASECFLAGS) $(TESTFLAGS)
 
@@ -98,7 +106,7 @@
 randomcheck: xs_random xenstored_test $(TESTDIR)
        $(TESTENV) ./xs_random --simple --fast /tmp/xs_random 200000 
$(RANDSEED) && echo
        $(TESTENV) ./xs_random --fast /tmp/xs_random 100000 $(RANDSEED) && echo
-       $(TESTENV) ./xs_random --fail /tmp/xs_random 10000 $(RANDSEED)
+#      $(TESTENV) ./xs_random --fail /tmp/xs_random 10000 $(RANDSEED)
 
 crashme:  xs_crashme xenstored_test $(TESTDIR)
        rm -rf $(TESTDIR)/store $(TESTDIR)/transactions /tmp/xs_crashme.vglog* 
/tmp/trace
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/testsuite/04rm.test
--- a/tools/xenstore/testsuite/04rm.test        Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/testsuite/04rm.test        Mon Sep 26 17:07:49 2005
@@ -6,6 +6,8 @@
 # Create file and remove it
 write /test contents
 rm /test
+expect tool
+dir /
 
 # Create directory and remove it.
 mkdir /dir
@@ -15,3 +17,4 @@
 mkdir /dir
 write /dir/test contents
 rm /dir
+
diff -r eaedc6b4ec0f -r ef9591d03fdd 
tools/xenstore/testsuite/08transaction.slowtest
--- a/tools/xenstore/testsuite/08transaction.slowtest   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/testsuite/08transaction.slowtest   Mon Sep 26 17:07:49 2005
@@ -1,21 +1,43 @@
-# Test transaction timeouts.  Take a second each.
+# Test transaction clashes.
 
 mkdir /test
 write /test/entry1 contents
 
-# Transactions can take as long as the want...
-start /test
-sleep 1100
-rm /test/entry1
+# Start transaction, do read-only op, transaction succeeds
+1 start
+1 write /test/entry1 contents2
+expect contents
+read /test/entry1
+1 commit
+expect contents2
+read /test/entry1
+
+# Start transaction, abort other transaction, transaction succeeds.
+1 start
+1 write /test/entry1 contents3
+start
+write /test/entry1 contents
+abort
+1 commit
+expect contents3
+read /test/entry1
+
+# Start transaction, do write op, transaction fails
+1 start
+1 write /test/entry1 contents4
+write /test/entry1 contents
+expect 1: commit failed: Resource temporarily unavailable
+1 commit
+expect contents
+read /test/entry1
+
+# Start transaction, do other transaction, transaction fails
+1 start
+1 write /test/entry1 contents4
+start
+write /test/entry1 contents5
 commit
-dir /test
-
-# ... as long as noone is waiting.
-1 start /test
-notimeout
-2 mkdir /test/dir
-1 mkdir /test/dir
-expect 1:dir
-1 dir /test
-expect 1: commit failed: Connection timed out
+expect 1: commit failed: Resource temporarily unavailable
 1 commit
+expect contents5
+read /test/entry1
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/testsuite/08transaction.test
--- a/tools/xenstore/testsuite/08transaction.test       Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/testsuite/08transaction.test       Mon Sep 26 17:07:49 2005
@@ -3,7 +3,7 @@
 mkdir /test
 
 # Simple transaction: create a file inside transaction.
-1 start /test
+1 start
 1 write /test/entry1 contents
 2 dir /test
 expect 1:entry1
@@ -15,7 +15,7 @@
 rm /test/entry1
 
 # Create a file and abort transaction.
-1 start /test
+1 start
 1 write /test/entry1 contents
 2 dir /test
 expect 1:entry1
@@ -25,7 +25,7 @@
 
 write /test/entry1 contents
 # Delete in transaction, commit
-1 start /test
+1 start
 1 rm /test/entry1
 expect 2:entry1
 2 dir /test
@@ -35,7 +35,7 @@
 
 # Delete in transaction, abort.
 write /test/entry1 contents
-1 start /test
+1 start
 1 rm /test/entry1
 expect 2:entry1
 2 dir /test
@@ -47,7 +47,7 @@
 # Events inside transactions don't trigger watches until (successful) commit.
 mkdir /test/dir
 1 watch /test token
-2 start /test
+2 start
 2 mkdir /test/dir/sub
 expect 1: waitwatch failed: Connection timed out
 1 waitwatch
@@ -55,7 +55,7 @@
 1 close
 
 1 watch /test token
-2 start /test
+2 start
 2 mkdir /test/dir/sub
 2 abort
 expect 1: waitwatch failed: Connection timed out
@@ -63,7 +63,7 @@
 1 close
 
 1 watch /test token
-2 start /test
+2 start
 2 mkdir /test/dir/sub
 2 commit
 expect 1:/test/dir/sub:token
@@ -73,7 +73,7 @@
 
 # Rm inside transaction works like rm outside: children get notified.
 1 watch /test/dir/sub token
-2 start /test
+2 start
 2 rm /test/dir
 2 commit
 expect 1:/test/dir/sub:token
@@ -83,7 +83,7 @@
 
 # Multiple events from single transaction don't trigger assert
 1 watch /test token
-2 start /test
+2 start
 2 write /test/1 contents
 2 write /test/2 contents
 2 commit
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/testsuite/12readonly.test
--- a/tools/xenstore/testsuite/12readonly.test  Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/testsuite/12readonly.test  Mon Sep 26 17:07:49 2005
@@ -13,23 +13,23 @@
 getperm /test
 watch /test token
 unwatch /test token 
-start /
+start
 commit
-start /
+start
 abort
 
 # These don't work
-expect write failed: Read-only file system
+expect write failed: Permission denied
 write /test2 contents
-expect write failed: Read-only file system
+expect write failed: Permission denied
 write /test contents
-expect setperm failed: Read-only file system
+expect setperm failed: Permission denied
 setperm /test 100 NONE
-expect setperm failed: Read-only file system
+expect setperm failed: Permission denied
 setperm /test 100 NONE
-expect shutdown failed: Read-only file system
+expect shutdown failed: Permission denied
 shutdown
-expect introduce failed: Read-only file system
+expect introduce failed: Permission denied
 introduce 1 100 7 /home
 
 # Check that watches work like normal.
diff -r eaedc6b4ec0f -r ef9591d03fdd 
tools/xenstore/testsuite/14complexperms.test
--- a/tools/xenstore/testsuite/14complexperms.test      Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/testsuite/14complexperms.test      Mon Sep 26 17:07:49 2005
@@ -33,14 +33,6 @@
 expect *No such file or directory
 unwatch /dir/file token 
 expect *Permission denied
-start /dir/file
-expect *No such file or directory
-abort
-expect *Permission denied
-start /dir/file
-expect *No such file or directory
-commit
-expect *Permission denied
 introduce 2 100 7 /dir/file
 
 # Now it exists
@@ -73,12 +65,4 @@
 expect *No such file or directory
 unwatch /dir/file token 
 expect *Permission denied
-start /dir/file
-expect *No such file or directory
-abort
-expect *Permission denied
-start /dir/file
-expect *No such file or directory
-commit
-expect *Permission denied
 introduce 2 100 7 /dir/file
diff -r eaedc6b4ec0f -r ef9591d03fdd 
tools/xenstore/testsuite/16block-watch-crash.test
--- a/tools/xenstore/testsuite/16block-watch-crash.test Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/testsuite/16block-watch-crash.test Mon Sep 26 17:07:49 2005
@@ -1,13 +1,14 @@
 # Test case where blocked connection gets sent watch.
 
-mkdir /test
-watch /test token
-1 start /test
-# This will block on above
-noackwrite /test/entry contents
-1 write /test/entry2 contents
-1 commit
-readack
-expect /test/entry2:token
-waitwatch
-ackwatch token
+# FIXME: We no longer block connections 
+# mkdir /test
+# watch /test token
+# 1 start
+# # This will block on above
+# noackwrite /test/entry contents
+# 1 write /test/entry2 contents
+# 1 commit
+# readack
+# expect /test/entry2:token
+# waitwatch
+# ackwatch token
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstore_client.c
--- a/tools/xenstore/xenstore_client.c  Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstore_client.c  Mon Sep 26 17:07:49 2005
@@ -14,6 +14,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <xs.h>
+#include <errno.h>
 
 static void
 usage(const char *progname)
@@ -82,8 +83,8 @@
     }
 #endif
 
-    /* XXX maybe find longest common prefix */
-    success = xs_transaction_start(xsh, "/");
+  again:
+    success = xs_transaction_start(xsh);
     if (!success)
        errx(1, "couldn't start transaction");
 
@@ -145,8 +146,10 @@
 
  out:
     success = xs_transaction_end(xsh, ret ? true : false);
-    if (!success)
+    if (!success) {
+       if (ret == 0 && errno == EAGAIN)
+           goto again;
        errx(1, "couldn't end transaction");
-
+    }
     return ret;
 }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstored.h
--- a/tools/xenstore/xenstored.h        Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstored.h        Mon Sep 26 17:07:49 2005
@@ -75,7 +75,7 @@
        XSD_ERROR(ENOSYS),
        XSD_ERROR(EROFS),
        XSD_ERROR(EBUSY),
-       XSD_ERROR(ETIMEDOUT),
+       XSD_ERROR(EAGAIN),
        XSD_ERROR(EISCONN),
 };
 struct xsd_sockmsg
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstored_core.c
--- a/tools/xenstore/xenstored_core.c   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstored_core.c   Mon Sep 26 17:07:49 2005
@@ -50,10 +50,12 @@
 #include "xenstored_transaction.h"
 #include "xenstored_domain.h"
 #include "xenctrl.h"
+#include "tdb.h"
 
 static bool verbose;
 LIST_HEAD(connections);
 static int tracefd = -1;
+static TDB_CONTEXT *tdb_ctx;
 
 #ifdef TESTING
 static bool failtest = false;
@@ -124,6 +126,23 @@
               "xenstored corruption: connection id %i: err %s: %s",
               conn ? (int)conn->id : -1, strerror(saved_errno), str);
        _exit(2);
+}
+
+TDB_CONTEXT *tdb_context(struct connection *conn)
+{
+       /* conn = NULL used in manual_node at setup. */
+       if (!conn || !conn->transaction)
+               return tdb_ctx;
+       return tdb_transaction_context(conn->transaction);
+}
+
+bool replace_tdb(const char *newname, TDB_CONTEXT *newtdb)
+{
+       if (rename(newname, xs_daemon_tdb()) != 0)
+               return false;
+       tdb_close(tdb_ctx);
+       tdb_ctx = talloc_steal(talloc_autofree_context(), newtdb);
+       return true;
 }
 
 static char *sockmsg_string(enum xsd_sockmsg_type type)
@@ -202,37 +221,6 @@
        write(tracefd, string, strlen(string));
 }
 
-void trace_watch_timeout(const struct connection *conn, const char *node, 
const char *token)
-{
-       char string[64];
-       if (tracefd < 0)
-               return;
-       write(tracefd, "WATCH_TIMEOUT ", strlen("WATCH_TIMEOUT "));
-       sprintf(string, " %p ", conn);
-       write(tracefd, string, strlen(string));
-       write(tracefd, " (", 2);
-       write(tracefd, node, strlen(node));
-       write(tracefd, " ", 1);
-       write(tracefd, token, strlen(token));
-       write(tracefd, ")\n", 2);
-}
-
-static void trace_blocked(const struct connection *conn,
-                         const struct buffered_data *data)
-{
-       char string[64];
-
-       if (tracefd < 0)
-               return;
-
-       write(tracefd, "BLOCKED", strlen("BLOCKED"));
-       sprintf(string, " %p (", conn);
-       write(tracefd, string, strlen(string));
-       write(tracefd, sockmsg_string(data->hdr.msg.type),
-             strlen(sockmsg_string(data->hdr.msg.type)));
-       write(tracefd, ")\n", 2);
-}
-
 void trace(const char *fmt, ...)
 {
        va_list arglist;
@@ -253,7 +241,6 @@
        int ret;
        struct buffered_data *out = conn->out;
 
-       assert(conn->state != BLOCKED);
        if (out->inhdr) {
                if (verbose)
                        xprintf("Writing msg %s (%s) out to %p\n",
@@ -351,24 +338,6 @@
        return max;
 }
 
-/* Read everything from a talloc_open'ed fd. */
-void *read_all(int *fd, unsigned int *size)
-{
-       unsigned int max = 4;
-       int ret;
-       void *buffer = talloc_size(fd, max);
-
-       *size = 0;
-       while ((ret = read(*fd, buffer + *size, max - *size)) > 0) {
-               *size += ret;
-               if (*size == max)
-                       buffer = talloc_realloc_size(fd, buffer, max *= 2);
-       }
-       if (ret < 0)
-               return NULL;
-       return buffer;
-}
-
 static int destroy_fd(void *_fd)
 {
        int *fd = _fd;
@@ -409,42 +378,167 @@
        return child[len] == '/' || child[len] == '\0';
 }
 
-/* Answer never ends in /. */
-char *node_dir_outside_transaction(const char *node)
-{
-       if (streq(node, "/"))
-               return talloc_strdup(node, xs_daemon_store());
-       return talloc_asprintf(node, "%s%s", xs_daemon_store(), node);
-}
-
-static char *node_dir(struct transaction *trans, const char *node)
-{
-       if (!trans || !within_transaction(trans, node))
-               return node_dir_outside_transaction(node);
-       return node_dir_inside_transaction(trans, node);
-}
-
-static char *datafile(const char *dir)
-{
-       return talloc_asprintf(dir, "%s/.data", dir);
-}
-
-static char *node_datafile(struct transaction *trans, const char *node)
-{
-       return datafile(node_dir(trans, node));
-}
-
-static char *permfile(const char *dir)
-{
-       return talloc_asprintf(dir, "%s/.perms", dir);
-}
-
-static char *node_permfile(struct transaction *trans, const char *node)
-{
-       return permfile(node_dir(trans, node));
-}
-
-struct buffered_data *new_buffer(void *ctx)
+/* If it fails, returns NULL and sets errno. */
+static struct node *read_node(struct connection *conn, const char *name)
+{
+       TDB_DATA key, data;
+       u32 *p;
+       struct node *node;
+
+       key.dptr = (void *)name;
+       key.dsize = strlen(name);
+       data = tdb_fetch(tdb_context(conn), key);
+
+       if (data.dptr == NULL) {
+               if (tdb_error(tdb_context(conn)) == TDB_ERR_NOEXIST)
+                       errno = ENOENT;
+               else
+                       errno = EIO;
+               return NULL;
+       }
+
+       node = talloc(name, struct node);
+       node->name = talloc_strdup(node, name);
+       node->parent = NULL;
+       node->tdb = tdb_context(conn);
+       talloc_steal(node, data.dptr);
+
+       /* Datalen, childlen, number of permissions */
+       p = (u32 *)data.dptr;
+       node->num_perms = p[0];
+       node->datalen = p[1];
+       node->childlen = p[2];
+
+       /* Permissions are struct xs_permissions. */
+       node->perms = (void *)&p[3];
+       /* Data is binary blob (usually ascii, no nul). */
+       node->data = node->perms + node->num_perms;
+       /* Children is strings, nul separated. */
+       node->children = node->data + node->datalen;
+
+       return node;
+}
+
+static bool write_node(struct connection *conn, const struct node *node)
+{
+       TDB_DATA key, data;
+       void *p;
+
+       key.dptr = (void *)node->name;
+       key.dsize = strlen(node->name);
+
+       data.dsize = 3*sizeof(u32)
+               + node->num_perms*sizeof(node->perms[0])
+               + node->datalen + node->childlen;
+       data.dptr = talloc_size(node, data.dsize);
+       ((u32 *)data.dptr)[0] = node->num_perms;
+       ((u32 *)data.dptr)[1] = node->datalen;
+       ((u32 *)data.dptr)[2] = node->childlen;
+       p = data.dptr + 3 * sizeof(u32);
+
+       memcpy(p, node->perms, node->num_perms*sizeof(node->perms[0]));
+       p += node->num_perms*sizeof(node->perms[0]);
+       memcpy(p, node->data, node->datalen);
+       p += node->datalen;
+       memcpy(p, node->children, node->childlen);
+
+       /* TDB should set errno, but doesn't even set ecode AFAICT. */
+       if (tdb_store(tdb_context(conn), key, data, TDB_REPLACE) != 0) {
+               errno = ENOSPC;
+               return false;
+       }
+       return true;
+}
+
+static enum xs_perm_type perm_for_conn(struct connection *conn,
+                                      struct xs_permissions *perms,
+                                      unsigned int num)
+{
+       unsigned int i;
+       enum xs_perm_type mask = XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER;
+
+       if (!conn->can_write)
+               mask &= ~XS_PERM_WRITE;
+
+       /* Owners and tools get it all... */
+       if (!conn->id || perms[0].id == conn->id)
+               return (XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER) & mask;
+
+       for (i = 1; i < num; i++)
+               if (perms[i].id == conn->id)
+                       return perms[i].perms & mask;
+
+       return perms[0].perms & mask;
+}
+
+static char *get_parent(const char *node)
+{
+       char *slash = strrchr(node + 1, '/');
+       if (!slash)
+               return talloc_strdup(node, "/");
+       return talloc_asprintf(node, "%.*s", (int)(slash - node), node);
+}
+
+/* What do parents say? */
+static enum xs_perm_type ask_parents(struct connection *conn, const char *name)
+{
+       struct node *node;
+
+       do {
+               name = get_parent(name);
+               node = read_node(conn, name);
+               if (node)
+                       break;
+       } while (!streq(name, "/"));
+
+       /* No permission at root?  We're in trouble. */
+       if (!node)
+               corrupt(conn, "No permissions file at root");
+
+       return perm_for_conn(conn, node->perms, node->num_perms);
+}
+
+/* We have a weird permissions system.  You can allow someone into a
+ * specific node without allowing it in the parents.  If it's going to
+ * fail, however, we don't want the errno to indicate any information
+ * about the node. */
+static int errno_from_parents(struct connection *conn, const char *node,
+                             int errnum, enum xs_perm_type perm)
+{
+       /* We always tell them about memory failures. */
+       if (errnum == ENOMEM)
+               return errnum;
+
+       if (ask_parents(conn, node) & perm)
+               return errnum;
+       return EACCES;
+}
+
+/* If it fails, returns NULL and sets errno. */
+struct node *get_node(struct connection *conn,
+                     const char *name,
+                     enum xs_perm_type perm)
+{
+       struct node *node;
+
+       if (!name || !is_valid_nodename(name)) {
+               errno = EINVAL;
+               return NULL;
+       }
+       node = read_node(conn, name);
+       /* If we don't have permission, we don't have node. */
+       if (node) {
+               if ((perm_for_conn(conn, node->perms, node->num_perms) & perm)
+                   != perm)
+                       node = NULL;
+       }
+       /* Clean up errno if they weren't supposed to know. */
+       if (!node) 
+               errno = errno_from_parents(conn, name, errno, perm);
+       return node;
+}
+
+static struct buffered_data *new_buffer(void *ctx)
 {
        struct buffered_data *data;
 
@@ -457,7 +551,8 @@
 }
 
 /* Return length of string (including nul) at this offset. */
-unsigned int get_string(const struct buffered_data *data, unsigned int offset)
+static unsigned int get_string(const struct buffered_data *data,
+                              unsigned int offset)
 {
        const char *nul;
 
@@ -508,7 +603,6 @@
                conn->waiting_reply = bdata;
        } else
                conn->out = bdata;
-       assert(conn->state != BLOCKED);
        conn->state = BUSY;
 }
 
@@ -567,29 +661,6 @@
        return in->buffer;
 }
 
-/* If it fails, returns NULL and sets errno. */
-static struct xs_permissions *get_perms(const char *dir, unsigned int *num)
-{
-       unsigned int size;
-       char *strings;
-       struct xs_permissions *ret;
-       int *fd;
-
-       fd = talloc_open(permfile(dir), O_RDONLY, 0);
-       if (!fd)
-               return NULL;
-       strings = read_all(fd, &size);
-       if (!strings)
-               return NULL;
-
-       *num = xs_count_strings(strings, size);
-       ret = talloc_array(dir, struct xs_permissions, *num);
-       if (!xs_strings_to_perms(ret, *num, strings))
-               corrupt(NULL, "Permissions corrupt for %s", dir);
-
-       return ret;
-}
-
 static char *perms_to_strings(const void *ctx,
                              struct xs_permissions *perms, unsigned int num,
                              unsigned int *len)
@@ -608,173 +679,6 @@
                *len += strlen(buffer) + 1;
        }
        return strings;
-}
-
-/* Destroy this, and its children, and its children's children. */
-int destroy_path(void *path)
-{
-       DIR *dir;
-       struct dirent *dirent;
-
-       dir = opendir(path);
-       if (!dir) {
-               if (unlink(path) == 0 || errno == ENOENT)
-                       return 0;
-               corrupt(NULL, "Destroying path %s", path);
-       }
-
-       while ((dirent = readdir(dir)) != NULL) {
-               char fullpath[strlen(path) + 1 + strlen(dirent->d_name) + 1];
-               sprintf(fullpath, "%s/%s", (char *)path, dirent->d_name);
-               if (!streq(dirent->d_name,".") && !streq(dirent->d_name,".."))
-                       destroy_path(fullpath);
-       }
-       closedir(dir);
-       if (rmdir(path) != 0)
-               corrupt(NULL, "Destroying directory %s", path);
-       return 0;
-}
-
-/* Create a self-destructing temporary path */
-static char *temppath(const char *path)
-{
-       char *tmppath = talloc_asprintf(path, "%s.tmp", path);
-       talloc_set_destructor(tmppath, destroy_path);
-       return tmppath;
-}
-
-/* Create a self-destructing temporary file */
-static char *tempfile(const char *path, void *contents, unsigned int len)
-{
-       int *fd;
-       char *tmppath = temppath(path);
-
-       fd = talloc_open(tmppath, O_WRONLY|O_CREAT|O_EXCL, 0640);
-       if (!fd)
-               return NULL;
-       if (!xs_write_all(*fd, contents, len))
-               return NULL;
-
-       return tmppath;
-}
-
-static int destroy_opendir(void *_dir)
-{
-       DIR **dir = _dir;
-       closedir(*dir);
-       return 0;
-}
-
-/* Return a pointer to a DIR*, self-closing and attached to this pathname. */
-DIR **talloc_opendir(const char *pathname)
-{
-       DIR **dir;
-
-       dir = talloc(pathname, DIR *);
-       *dir = opendir(pathname);
-       if (!*dir) {
-               int saved_errno = errno;
-               talloc_free(dir);
-               errno = saved_errno;
-               return NULL;
-       }
-       talloc_set_destructor(dir, destroy_opendir);
-       return dir;
-}
-
-/* We assume rename() doesn't fail on moves in same dir. */
-static void commit_tempfile(const char *path)
-{
-       char realname[strlen(path) + 1];
-       unsigned int len = strrchr(path, '.') - path;
-
-       memcpy(realname, path, len);
-       realname[len] = '\0';
-       if (rename(path, realname) != 0)
-               corrupt(NULL, "Committing %s", realname);
-       talloc_set_destructor(path, NULL);
-}
-
-static bool set_perms(struct transaction *transaction,
-                     const char *node,
-                     struct xs_permissions *perms, unsigned int num)
-{
-       unsigned int len;
-       char *permpath, *strings;
-
-       strings = perms_to_strings(node, perms, num, &len);
-       if (!strings)
-               return false;
-
-       /* Create then move. */
-       permpath = tempfile(node_permfile(transaction, node), strings, len);
-       if (!permpath)
-               return false;
-
-       commit_tempfile(permpath);
-       return true;
-}
-
-static char *get_parent(const char *node)
-{
-       char *slash = strrchr(node + 1, '/');
-       if (!slash)
-               return talloc_strdup(node, "/");
-       return talloc_asprintf(node, "%.*s", (int)(slash - node), node);
-}
-
-static enum xs_perm_type perm_for_id(domid_t id,
-                                    struct xs_permissions *perms,
-                                    unsigned int num)
-{
-       unsigned int i;
-
-       /* Owners and tools get it all... */
-       if (!id || perms[0].id == id)
-               return XS_PERM_READ|XS_PERM_WRITE|XS_PERM_OWNER;
-
-       for (i = 1; i < num; i++)
-               if (perms[i].id == id)
-                       return perms[i].perms;
-
-       return perms[0].perms;
-}
-
-/* What do parents say? */
-static enum xs_perm_type ask_parents(struct connection *conn,
-                                    const char *node)
-{
-       struct xs_permissions *perms;
-       unsigned int num;
-
-       do {
-               node = get_parent(node);
-               perms = get_perms(node_dir(conn->transaction, node), &num);
-               if (perms)
-                       break;
-       } while (!streq(node, "/"));
-
-       /* No permission at root?  We're in trouble. */
-       if (!perms)
-               corrupt(conn, "No permissions file at root");
-
-       return perm_for_id(conn->id, perms, num);
-}
-
-/* We have a weird permissions system.  You can allow someone into a
- * specific node without allowing it in the parents.  If it's going to
- * fail, however, we don't want the errno to indicate any information
- * about the node. */
-static int errno_from_parents(struct connection *conn, const char *node,
-                             int errnum)
-{
-       /* We always tell them about memory failures. */
-       if (errnum == ENOMEM)
-               return errnum;
-
-       if (ask_parents(conn, node) & XS_PERM_READ)
-               return errnum;
-       return EACCES;
 }
 
 char *canonicalize(struct connection *conn, const char *node)
@@ -789,46 +693,6 @@
        return (char *)node;
 }
 
-bool check_node_perms(struct connection *conn, const char *node,
-                     enum xs_perm_type perm)
-{
-       struct xs_permissions *perms;
-       unsigned int num;
-
-       if (!node || !is_valid_nodename(node)) {
-               errno = EINVAL;
-               return false;
-       }
-
-       if (!conn->can_write && (perm & XS_PERM_WRITE)) {
-               errno = EROFS;
-               return false;
-       }
-
-       perms = get_perms(node_dir(conn->transaction, node), &num);
-
-       if (perms) {
-               if (perm_for_id(conn->id, perms, num) & perm)
-                       return true;
-               errno = EACCES;
-               return false;
-       }
-
-       /* If it's OK not to exist, we consult parents. */
-       if (errno == ENOENT && (perm & XS_PERM_ENOENT_OK)) {
-               if (ask_parents(conn, node) & perm)
-                       return true;
-               /* Parents say they should not know. */
-               errno = EACCES;
-               return false;
-       }
-
-       /* They might not have permission to even *see* this node, in
-        * which case we return EACCES even if it's ENOENT or EIO. */
-       errno = errno_from_parents(conn, node, errno);
-       return false;
-}
-
 bool check_event_node(const char *node)
 {
        if (!node || !strstarts(node, "@")) {
@@ -838,142 +702,144 @@
        return true;
 }
 
-static void send_directory(struct connection *conn, const char *node)
-{
-       char *path, *reply;
-       unsigned int reply_len = 0;
-       DIR **dir;
-       struct dirent *dirent;
-
-       node = canonicalize(conn, node);
-       if (!check_node_perms(conn, node, XS_PERM_READ)) {
+static void send_directory(struct connection *conn, const char *name)
+{
+       struct node *node;
+
+       name = canonicalize(conn, name);
+       node = get_node(conn, name, XS_PERM_READ);
+       if (!node) {
                send_error(conn, errno);
                return;
        }
 
-       path = node_dir(conn->transaction, node);
-       dir = talloc_opendir(path);
-       if (!dir) {
+       send_reply(conn, XS_DIRECTORY, node->children, node->childlen);
+}
+
+static void do_read(struct connection *conn, const char *name)
+{
+       struct node *node;
+
+       name = canonicalize(conn, name);
+       node = get_node(conn, name, XS_PERM_READ);
+       if (!node) {
                send_error(conn, errno);
                return;
        }
 
-       reply = talloc_strdup(node, "");
-       while ((dirent = readdir(*dir)) != NULL) {
-               int len = strlen(dirent->d_name) + 1;
-
-               if (!valid_chars(dirent->d_name))
-                       continue;
-
-               reply = talloc_realloc(path, reply, char, reply_len + len);
-               strcpy(reply + reply_len, dirent->d_name);
-               reply_len += len;
-       }
-
-       send_reply(conn, XS_DIRECTORY, reply, reply_len);
-}
-
-static void do_read(struct connection *conn, const char *node)
-{
-       char *value;
-       unsigned int size;
-       int *fd;
-
-       node = canonicalize(conn, node);
-       if (!check_node_perms(conn, node, XS_PERM_READ)) {
-               send_error(conn, errno);
-               return;
-       }
-
-       fd = talloc_open(node_datafile(conn->transaction, node), O_RDONLY, 0);
-       if (!fd) {
-               /* Data file doesn't exist?  We call that a directory */
-               if (errno == ENOENT)
-                       errno = EISDIR;
-               send_error(conn, errno);
-               return;
-       }
-
-       value = read_all(fd, &size);
-       if (!value)
-               send_error(conn, errno);
-       else
-               send_reply(conn, XS_READ, value, size);
-}
-
-/* Commit this directory, eg. comitting a/b.tmp/c causes a/b.tmp -> a.b */
-static bool commit_dir(char *dir)
-{
-       char *dot, *slash, *dest;
-
-       dot = strrchr(dir, '.');
-       slash = strchr(dot, '/');
-       if (slash)
-               *slash = '\0';
-
-       dest = talloc_asprintf(dir, "%.*s", (int)(dot - dir), dir);
-       return rename(dir, dest) == 0;
-}
-
-/* Create a temporary directory.  Put data in it (if data != NULL) */
-static char *tempdir(struct connection *conn,
-                    const char *node, void *data, unsigned int datalen)
-{
-       struct xs_permissions *perms;
-       char *permstr;
-       unsigned int num, len;
-       int *fd;
-       char *dir;
-
-       dir = temppath(node_dir(conn->transaction, node));
-       if (mkdir(dir, 0750) != 0) {
-               if (errno != ENOENT)
+       send_reply(conn, XS_READ, node->data, node->datalen);
+}
+
+static void delete_node_single(struct connection *conn, struct node *node)
+{
+       TDB_DATA key;
+
+       key.dptr = (void *)node->name;
+       key.dsize = strlen(node->name);
+
+       if (tdb_delete(tdb_context(conn), key) != 0)
+               corrupt(conn, "Could not delete '%s'", node->name);
+}
+
+/* Must not be / */
+static char *basename(const char *name)
+{
+       return strrchr(name, '/') + 1;
+}
+
+static struct node *construct_node(struct connection *conn, const char *name)
+{
+       const char *base;
+       unsigned int baselen;
+       struct node *parent, *node;
+       char *children, *parentname = get_parent(name);
+
+       /* If parent doesn't exist, create it. */
+       parent = read_node(conn, parentname);
+       if (!parent)
+               parent = construct_node(conn, parentname);
+       if (!parent)
+               return NULL;
+       
+       /* Add child to parent. */
+       base = basename(name);
+       baselen = strlen(base) + 1;
+       children = talloc_array(name, char, parent->childlen + baselen);
+       memcpy(children, parent->children, parent->childlen);
+       memcpy(children + parent->childlen, base, baselen);
+       parent->children = children;
+       parent->childlen += baselen;
+
+       /* Allocate node */
+       node = talloc(name, struct node);
+       node->tdb = tdb_context(conn);
+       node->name = talloc_strdup(node, name);
+
+       /* Inherit permissions, except domains own what they create */
+       node->num_perms = parent->num_perms;
+       node->perms = talloc_memdup(node, parent->perms,
+                                   node->num_perms * sizeof(node->perms[0]));
+       if (conn->id)
+               node->perms[0].id = conn->id;
+
+       /* No children, no data */
+       node->children = node->data = NULL;
+       node->childlen = node->datalen = 0;
+       node->parent = parent;
+       return node;
+}
+
+static int destroy_node(void *_node)
+{
+       struct node *node = _node;
+       TDB_DATA key;
+
+       if (streq(node->name, "/"))
+               corrupt(NULL, "Destroying root node!");
+
+       key.dptr = (void *)node->name;
+       key.dsize = strlen(node->name);
+
+       tdb_delete(node->tdb, key);
+       return 0;
+}
+
+/* Be careful: create heirarchy, put entry in existing parent *last*.
+ * This helps fsck if we die during this. */
+static struct node *create_node(struct connection *conn, 
+                               const char *name,
+                               void *data, unsigned int datalen)
+{
+       struct node *node, *i;
+
+       node = construct_node(conn, name);
+       if (!node)
+               return NULL;
+
+       node->data = data;
+       node->datalen = datalen;
+
+       /* We write out the nodes down, setting destructor in case
+        * something goes wrong. */
+       for (i = node; i; i = i->parent) {
+               if (!write_node(conn, i))
                        return NULL;
-
-               dir = tempdir(conn, get_parent(node), NULL, 0);
-               if (!dir)
-                       return NULL;
-
-               dir = talloc_asprintf(dir, "%s%s", dir, strrchr(node, '/'));
-               if (mkdir(dir, 0750) != 0)
-                       return NULL;
-               talloc_set_destructor(dir, destroy_path);
-       }
-
-       perms = get_perms(get_parent(dir), &num);
-       assert(perms);
-       /* Domains own what they create. */
-       if (conn->id)
-               perms->id = conn->id;
-
-       permstr = perms_to_strings(dir, perms, num, &len);
-       fd = talloc_open(permfile(dir), O_WRONLY|O_CREAT|O_EXCL, 0640);
-       if (!fd || !xs_write_all(*fd, permstr, len))
-               return NULL;
-
-       if (data) {
-               char *datapath = datafile(dir);
-
-               fd = talloc_open(datapath, O_WRONLY|O_CREAT|O_EXCL, 0640);
-               if (!fd || !xs_write_all(*fd, data, datalen))
-                       return NULL;
-       }
-       return dir;
-}
-
-static bool node_exists(struct connection *conn, const char *node)
-{
-       struct stat st;
-
-       return lstat(node_dir(conn->transaction, node), &st) == 0;
+               talloc_set_destructor(i, destroy_node);
+       }
+
+       /* OK, now remove destructors so they stay around */
+       for (i = node; i; i = i->parent)
+               talloc_set_destructor(i, NULL);
+       return node;
 }
 
 /* path, data... */
 static void do_write(struct connection *conn, struct buffered_data *in)
 {
        unsigned int offset, datalen;
+       struct node *node;
        char *vec[1] = { NULL }; /* gcc4 + -W + -Werror fucks code. */
-       char *node, *tmppath;
+       char *name;
 
        /* Extra "strings" can be created by binary data. */
        if (get_strings(in, vec, ARRAY_SIZE(vec)) < ARRAY_SIZE(vec)) {
@@ -981,99 +847,115 @@
                return;
        }
 
-       node = canonicalize(conn, vec[0]);
-       if (!within_transaction(conn->transaction, node)) {
-               send_error(conn, EROFS);
-               return;
-       }
-
-       if (transaction_block(conn, node))
-               return;
-
        offset = strlen(vec[0]) + 1;
        datalen = in->used - offset;
 
-       if (!check_node_perms(conn, node, XS_PERM_WRITE|XS_PERM_ENOENT_OK)) {
-               send_error(conn, errno);
-               return;
-       }
-
-       if (!node_exists(conn, node)) {
-               char *dir;
-
-               /* Does not exist... */
+       name = canonicalize(conn, vec[0]);
+       node = get_node(conn, name, XS_PERM_WRITE);
+       if (!node) {
+               /* No permissions, invalid input? */
                if (errno != ENOENT) {
                        send_error(conn, errno);
                        return;
                }
-
-               dir = tempdir(conn, node, in->buffer + offset, datalen);
-               if (!dir || !commit_dir(dir)) {
+               node = create_node(conn, name, in->buffer + offset, datalen);
+               if (!node) {
                        send_error(conn, errno);
                        return;
                }
-               
        } else {
-               /* Exists... */
-               tmppath = tempfile(node_datafile(conn->transaction, node),
-                                  in->buffer + offset, datalen);
-               if (!tmppath) {
+               node->data = in->buffer + offset;
+               node->datalen = datalen;
+               if (!write_node(conn, node)){
                        send_error(conn, errno);
                        return;
                }
-
-               commit_tempfile(tmppath);
-       }
-
-       add_change_node(conn->transaction, node, false);
-       fire_watches(conn, node, false);
+       }
+
+       add_change_node(conn->transaction, name, false);
+       fire_watches(conn, name, false);
        send_ack(conn, XS_WRITE);
 }
 
-static void do_mkdir(struct connection *conn, const char *node)
-{
-       char *dir;
-
-       node = canonicalize(conn, node);
-       if (!check_node_perms(conn, node, XS_PERM_WRITE|XS_PERM_ENOENT_OK)) {
-               send_error(conn, errno);
-               return;
-       }
-
-       if (!within_transaction(conn->transaction, node)) {
-               send_error(conn, EROFS);
-               return;
-       }
-
-       if (transaction_block(conn, node))
-               return;
+static void do_mkdir(struct connection *conn, const char *name)
+{
+       struct node *node;
+
+       name = canonicalize(conn, name);
+       node = get_node(conn, name, XS_PERM_WRITE);
 
        /* If it already exists, fine. */
-       if (node_exists(conn, node)) {
-               send_ack(conn, XS_MKDIR);
-               return;
-       }
-
-       dir = tempdir(conn, node, NULL, 0);
-       if (!dir || !commit_dir(dir)) {
-               send_error(conn, errno);
-               return;
-       }
-
-       add_change_node(conn->transaction, node, false);
-       fire_watches(conn, node, false);
+       if (!node) {
+               /* No permissions? */
+               if (errno != ENOENT) {
+                       send_error(conn, errno);
+                       return;
+               }
+               node = create_node(conn, name, NULL, 0);
+               if (!node) {
+                       send_error(conn, errno);
+                       return;
+               }
+               add_change_node(conn->transaction, name, false);
+               fire_watches(conn, name, false);
+       }
        send_ack(conn, XS_MKDIR);
 }
 
-static void do_rm(struct connection *conn, const char *node)
-{
-       char *tmppath, *path;
-
-       node = canonicalize(conn, node);
-       if (!check_node_perms(conn, node, XS_PERM_WRITE)) {
+static void delete_node(struct connection *conn, struct node *node)
+{
+       unsigned int i;
+
+       /* Delete self, then delete children.  If something goes wrong,
+        * consistency check will clean up this way. */
+       delete_node_single(conn, node);
+
+       /* Delete children, too. */
+       for (i = 0; i < node->childlen; i += strlen(node->children+i) + 1) {
+               struct node *child;
+
+               child = read_node(conn, 
+                                 talloc_asprintf(node, "%s/%s", node->name,
+                                                 node->children + i));
+               if (!child)
+                       corrupt(conn, "No child '%s' found", child);
+               delete_node(conn, child);
+       }
+}
+
+/* Delete memory using memmove. */
+static void memdel(void *mem, unsigned off, unsigned len, unsigned total)
+{
+       memmove(mem + off, mem + off + len, total - off - len);
+}
+
+static bool delete_child(struct connection *conn,
+                        struct node *node, const char *childname)
+{
+       unsigned int i;
+
+       for (i = 0; i < node->childlen; i += strlen(node->children+i) + 1) {
+               if (streq(node->children+i, childname)) {
+                       memdel(node->children, i, strlen(childname) + 1,
+                              node->childlen);
+                       node->childlen -= strlen(childname) + 1;
+                       return write_node(conn, node);
+               }
+       }
+       corrupt(conn, "Can't find child '%s' in %s", childname, node->name);
+}
+
+static void do_rm(struct connection *conn, const char *name)
+{
+       struct node *node, *parent;
+
+       name = canonicalize(conn, name);
+       node = get_node(conn, name, XS_PERM_WRITE);
+       if (!node) {
                /* Didn't exist already?  Fine, if parent exists. */
                if (errno == ENOENT) {
-                       if (node_exists(conn, get_parent(node))) {
+                       node = read_node(conn, get_parent(name));
+                       if (node) {
                                send_ack(conn, XS_RM);
                                return;
                        }
@@ -1084,53 +966,43 @@
                return;
        }
 
-       if (!within_transaction(conn->transaction, node)) {
-               send_error(conn, EROFS);
-               return;
-       }
-
-       if (transaction_block(conn, node))
-               return;
-
-       if (streq(node, "/")) {
+       if (streq(name, "/")) {
                send_error(conn, EINVAL);
                return;
        }
 
-       /* We move the directory to temporary name, destructor cleans up. */
-       path = node_dir(conn->transaction, node);
-       tmppath = talloc_asprintf(node, "%s.tmp", path);
-       talloc_set_destructor(tmppath, destroy_path);
-
-       if (rename(path, tmppath) != 0) {
+       /* Delete from parent first, then if something explodes fsck cleans. */
+       parent = read_node(conn, get_parent(name));
+       if (!parent) {
+               send_error(conn, EINVAL);
+               return;
+       }
+
+       if (!delete_child(conn, parent, basename(name))) {
+               send_error(conn, EINVAL);
+               return;
+       }
+
+       delete_node(conn, node);
+       add_change_node(conn->transaction, name, true);
+       fire_watches(conn, name, true);
+       send_ack(conn, XS_RM);
+}
+
+static void do_get_perms(struct connection *conn, const char *name)
+{
+       struct node *node;
+       char *strings;
+       unsigned int len;
+
+       name = canonicalize(conn, name);
+       node = get_node(conn, name, XS_PERM_READ);
+       if (!node) {
                send_error(conn, errno);
                return;
        }
 
-       add_change_node(conn->transaction, node, true);
-       fire_watches(conn, node, true);
-       send_ack(conn, XS_RM);
-}
-
-static void do_get_perms(struct connection *conn, const char *node)
-{
-       struct xs_permissions *perms;
-       char *strings;
-       unsigned int len, num;
-
-       node = canonicalize(conn, node);
-       if (!check_node_perms(conn, node, XS_PERM_READ)) {
-               send_error(conn, errno);
-               return;
-       }
-
-       perms = get_perms(node_dir(conn->transaction, node), &num);
-       if (!perms) {
-               send_error(conn, errno);
-               return;
-       }
-
-       strings = perms_to_strings(node, perms, num, &len);
+       strings = perms_to_strings(node, node->perms, node->num_perms, &len);
        if (!strings)
                send_error(conn, errno);
        else
@@ -1140,8 +1012,8 @@
 static void do_set_perms(struct connection *conn, struct buffered_data *in)
 {
        unsigned int num;
-       char *node, *permstr;
-       struct xs_permissions *perms;
+       char *name, *permstr;
+       struct node *node;
 
        num = xs_count_strings(in->buffer, in->used);
        if (num < 2) {
@@ -1150,37 +1022,30 @@
        }
 
        /* First arg is node name. */
-       node = canonicalize(conn, in->buffer);
+       name = canonicalize(conn, in->buffer);
        permstr = in->buffer + strlen(in->buffer) + 1;
        num--;
 
-       if (!within_transaction(conn->transaction, node)) {
-               send_error(conn, EROFS);
-               return;
-       }
-
-       if (transaction_block(conn, node))
-               return;
-
        /* We must own node to do this (tools can do this too). */
-       if (!check_node_perms(conn, node, XS_PERM_WRITE|XS_PERM_OWNER)) {
+       node = get_node(conn, name, XS_PERM_WRITE|XS_PERM_OWNER);
+       if (!node) {
                send_error(conn, errno);
                return;
        }
 
-       perms = talloc_array(node, struct xs_permissions, num);
-       if (!xs_strings_to_perms(perms, num, permstr)) {
+       node->perms = talloc_array(node, struct xs_permissions, num);
+       node->num_perms = num;
+       if (!xs_strings_to_perms(node->perms, num, permstr)) {
                send_error(conn, errno);
                return;
        }
-
-       if (!set_perms(conn->transaction, node, perms, num)) {
+       if (!write_node(conn, node)) {
                send_error(conn, errno);
                return;
        }
 
-       add_change_node(conn->transaction, node, false);
-       fire_watches(conn, node, false);
+       add_change_node(conn->transaction, name, false);
+       fire_watches(conn, name, false);
        send_ack(conn, XS_SET_PERMS);
 }
 
@@ -1221,12 +1086,8 @@
        case XS_SHUTDOWN:
                /* FIXME: Implement gentle shutdown too. */
                /* Only tools can do this. */
-               if (conn->id != 0) {
+               if (conn->id != 0 || !conn->can_write) {
                        send_error(conn, EACCES);
-                       break;
-               }
-               if (!conn->can_write) {
-                       send_error(conn, EROFS);
                        break;
                }
                send_ack(conn, XS_SHUTDOWN);
@@ -1263,7 +1124,7 @@
                break;
 
        case XS_TRANSACTION_START:
-               do_transaction_start(conn, onearg(in));
+               do_transaction_start(conn, in);
                break;
 
        case XS_TRANSACTION_END:
@@ -1309,6 +1170,8 @@
        /* For simplicity, we kill the connection on OOM. */
        talloc_set_fail_handler(out_of_mem, &talloc_fail);
        if (setjmp(talloc_fail)) {
+               /* Free in before conn, in case it needs something. */
+               talloc_free(in);
                talloc_free(conn);
                goto end;
        }
@@ -1330,16 +1193,8 @@
        conn->in = new_buffer(conn);
        process_message(conn, in);
 
-       if (conn->state == BLOCKED) {
-               /* Blocked by transaction: queue for re-xmit. */
-               talloc_free(conn->in);
-               conn->in = in;
-               in = NULL;
-               trace_blocked(conn, conn->in);
-       }
-
+       talloc_free(in);
 end:
-       talloc_free(in);
        talloc_set_fail_handler(NULL, NULL);
        if (talloc_total_blocks(NULL)
            != talloc_total_blocks(talloc_autofree_context()) + 1) {
@@ -1350,7 +1205,7 @@
 
 /* Errors in reading or allocating here mean we get out of sync, so we
  * drop the whole client connection. */
-void handle_input(struct connection *conn)
+static void handle_input(struct connection *conn)
 {
        int bytes;
        struct buffered_data *in;
@@ -1402,39 +1257,10 @@
        talloc_free(conn);
 }
 
-void handle_output(struct connection *conn)
+static void handle_output(struct connection *conn)
 {
        if (!write_message(conn))
                talloc_free(conn);
-}
-
-/* If a transaction has ended, see if we can unblock any connections. */
-static void unblock_connections(void)
-{
-       struct connection *i, *tmp;
-
-       list_for_each_entry_safe(i, tmp, &connections, list) {
-               switch (i->state) {
-               case BLOCKED:
-                       if (!transaction_covering_node(i->blocked_by)) {
-                               talloc_free(i->blocked_by);
-                               i->blocked_by = NULL;
-                               i->state = OK;
-                               consider_message(i);
-                       }
-                       break;
-               case BUSY:
-               case OK:
-                       break;
-               }
-       }
-
-       /* To balance bias, move first entry to end. */
-       if (!list_empty(&connections)) {
-               i = list_top(&connections, struct connection, list);
-               list_del(&i->list);
-               list_add_tail(&i->list, &connections);
-       }
 }
 
 struct connection *new_connection(connwritefn_t *write, connreadfn_t *read)
@@ -1451,7 +1277,6 @@
                return NULL;
 
        new->state = OK;
-       new->blocked_by = NULL;
        new->out = new->waiting_reply = NULL;
        new->waiting_for_ack = NULL;
        new->fd = -1;
@@ -1504,25 +1329,9 @@
                close(fd);
 }
 
-/* Calc timespan from now to absolute time. */
-static void time_relative_to_now(struct timeval *tv)
-{
-       struct timeval now;
-
-       gettimeofday(&now, NULL);
-       if (timercmp(&now, tv, >))
-               timerclear(tv);
-       else {
-               tv->tv_sec -= now.tv_sec;
-               if (now.tv_usec > tv->tv_usec) {
-                       tv->tv_sec--;
-                       tv->tv_usec += 1000000;
-               }
-               tv->tv_usec -= now.tv_usec;
-       }
-}
-
 #ifdef TESTING
+/* Valgrind can check our writes better if we don't use mmap */
+#define TDB_FLAGS TDB_NOMMAP
 /* Useful for running under debugger. */
 void dump_connection(void)
 {
@@ -1532,13 +1341,10 @@
                printf("Connection %p:\n", i);
                printf("    state = %s\n",
                       i->state == OK ? "OK"
-                      : i->state == BLOCKED ? "BLOCKED"
                       : i->state == BUSY ? "BUSY"
                       : "INVALID");
                if (i->id)
                        printf("    id = %i\n", i->id);
-               if (i->blocked_by)
-                       printf("    blocked on = %s\n", i->blocked_by);
                if (!i->in->inhdr || i->in->used)
                        printf("    got %i bytes of %s\n",
                               i->in->used, i->in->inhdr ? "header" : "data");
@@ -1559,44 +1365,53 @@
                dump_watches(i);
        }
 }
+#else
+#define TDB_FLAGS 0
 #endif
 
+/* We create initial nodes manually. */
+static void manual_node(const char *name, const char *child)
+{
+       struct node *node;
+       struct xs_permissions perms = { .id = 0, .perms = XS_PERM_READ };
+
+       node = talloc(NULL, struct node);
+       node->name = name;
+       node->perms = &perms;
+       node->num_perms = 1;
+       node->data = NULL;
+       node->datalen = 0;
+       node->children = (char *)child;
+       if (child)
+               node->childlen = strlen(child) + 1;
+       else
+               node->childlen = 0;
+
+       if (!write_node(NULL, node))
+               barf_perror("Could not create initial node %s", name);
+       talloc_free(node);
+}
+
+#
+
 static void setup_structure(void)
 {
-       struct xs_permissions perms = { .id = 0, .perms = XS_PERM_READ };
-       char *root, *dir, *permfile;
-
-       /* Create root directory, with permissions. */
-       if (mkdir(xs_daemon_store(), 0750) != 0) {
-               if (errno != EEXIST)
-                       barf_perror("Could not create root %s",
-                                   xs_daemon_store());
-               return;
-       }
-       root = talloc_strdup(talloc_autofree_context(), "/");
-       if (!set_perms(NULL, root, &perms, 1))
-               barf_perror("Could not create permissions in root");
-
-       /* Create tool directory, with xenstored subdir. */
-       dir = talloc_asprintf(root, "%s/%s", xs_daemon_store(), "tool");
-       if (mkdir(dir, 0750) != 0)
-               barf_perror("Making dir %s", dir);
-       
-       permfile = talloc_strdup(root, "/tool");
-       if (!set_perms(NULL, permfile, &perms, 1))
-               barf_perror("Could not create permissions on %s", permfile);
-
-       dir = talloc_asprintf(root, "%s/%s", dir, "xenstored");
-       if (mkdir(dir, 0750) != 0)
-               barf_perror("Making dir %s", dir);
-       
-       permfile = talloc_strdup(root, "/tool/xenstored");
-       if (!set_perms(NULL, permfile, &perms, 1))
-               barf_perror("Could not create permissions on %s", permfile);
-       talloc_free(root);
-       if (mkdir(xs_daemon_transactions(), 0750) != 0)
-               barf_perror("Could not create transaction dir %s",
-                           xs_daemon_transactions());
+       char *tdbname;
+       tdbname = talloc_strdup(talloc_autofree_context(), xs_daemon_tdb());
+       tdb_ctx = tdb_open(tdbname, 0, TDB_FLAGS, O_RDWR, 0);
+
+       if (!tdb_ctx) {
+               tdb_ctx = tdb_open(tdbname, 7919, TDB_FLAGS, O_RDWR|O_CREAT,
+                                  0640);
+               if (!tdb_ctx)
+                       barf_perror("Could not create tdb file %s", tdbname);
+
+               manual_node("/", "tool");
+               manual_node("/tool", "xenstored");
+               manual_node("/tool/xenstored", NULL);
+       }
+
+       /* FIXME: Fsck */
 }
 
 static void write_pidfile(const char *pidfile)
@@ -1759,17 +1574,8 @@
        /* FIXME: Rewrite so noone can starve. */
        for (;;) {
                struct connection *i;
-               struct timeval *tvp = NULL, tv;
-
-               timerclear(&tv);
-               shortest_transaction_timeout(&tv);
-               shortest_watch_ack_timeout(&tv);
-               if (timerisset(&tv)) {
-                       time_relative_to_now(&tv);
-                       tvp = &tv;
-               }
-
-               if (select(max+1, &inset, &outset, NULL, tvp) < 0) {
+
+               if (select(max+1, &inset, &outset, NULL, NULL) < 0) {
                        if (errno == EINTR)
                                continue;
                        barf_perror("Select failed");
@@ -1818,14 +1624,6 @@
                        }
                }
 
-               if (tvp) {
-                       check_transaction_timeout();
-                       check_watch_ack_timeout();
-               }
-
-               /* If transactions ended, we might be able to do more work. */
-               unblock_connections();
-
                max = initialize_set(&inset, &outset, *sock, *ro_sock,
                                     event_fd);
        }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstored_core.h
--- a/tools/xenstore/xenstored_core.h   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstored_core.h   Mon Sep 26 17:07:49 2005
@@ -28,6 +28,7 @@
 #include "xs_lib.h"
 #include "xenstored.h"
 #include "list.h"
+#include "tdb.h"
 
 struct buffered_data
 {
@@ -49,8 +50,6 @@
 
 enum state
 {
-       /* Blocked by transaction. */
-       BLOCKED,
        /* Doing action, not listening */
        BUSY,
        /* Completed */
@@ -69,9 +68,6 @@
 
        /* Blocked on transaction?  Busy? */
        enum state state;
-
-       /* Node we are waiting for (if state == BLOCKED) */
-       char *blocked_by;
 
        /* Is this a read-only connection? */
        bool can_write;
@@ -103,9 +99,27 @@
 };
 extern struct list_head connections;
 
-/* Return length of string (including nul) at this offset. */
-unsigned int get_string(const struct buffered_data *data,
-                       unsigned int offset);
+struct node {
+       const char *name;
+
+       /* Database I came from */
+       TDB_CONTEXT *tdb;
+
+       /* Parent (optional) */
+       struct node *parent;
+
+       /* Permissions. */
+       unsigned int num_perms;
+       struct xs_permissions *perms;
+
+       /* Contents. */
+       unsigned int datalen;
+       void *data;
+
+       /* Children, each nul-terminated. */
+       unsigned int childlen;
+       char *children;
+};
 
 /* Break input into vectors, return the number, fill in up to num of them. */
 unsigned int get_strings(struct buffered_data *data,
@@ -113,9 +127,6 @@
 
 /* Is child node a child or equal to parent node? */
 bool is_child(const char *child, const char *parent);
-
-/* Create a new buffer with lifetime of context. */
-struct buffered_data *new_buffer(void *ctx);
 
 void send_reply(struct connection *conn, enum xsd_sockmsg_type type,
                const void *data, unsigned int len);
@@ -129,15 +140,22 @@
 /* Canonicalize this path if possible. */
 char *canonicalize(struct connection *conn, const char *node);
 
-/* Check permissions on this node. */
-bool check_node_perms(struct connection *conn, const char *node,
-                     enum xs_perm_type perm);
-
 /* Check if node is an event node. */
 bool check_event_node(const char *node);
 
-/* Path to this node outside transaction. */
-char *node_dir_outside_transaction(const char *node);
+/* Get this node, checking we have permissions. */
+struct node *get_node(struct connection *conn,
+                     const char *name,
+                     enum xs_perm_type perm);
+
+/* Get TDB context for this connection */
+TDB_CONTEXT *tdb_context(struct connection *conn);
+
+/* Destructor for tdbs: required for transaction code */
+int destroy_tdb(void *_tdb);
+
+/* Replace the tdb: required for transaction code */
+bool replace_tdb(const char *newname, TDB_CONTEXT *newtdb);
 
 /* Fail due to excessive corruption, capitalist pigdogs! */
 void __attribute__((noreturn)) corrupt(struct connection *conn,
@@ -145,23 +163,9 @@
 
 struct connection *new_connection(connwritefn_t *write, connreadfn_t *read);
 
-void handle_input(struct connection *conn);
-void handle_output(struct connection *conn);
-
 /* Is this a valid node name? */
 bool is_valid_nodename(const char *node);
 
-/* Return a pointer to an open dir, self-closig and attached to pathname. */
-DIR **talloc_opendir(const char *pathname);
-
-/* Return a pointer to an fd, self-closing and attached to this pathname. */
-int *talloc_open(const char *pathname, int flags, int mode);
-
-/* Convenient talloc-style destructor for paths. */
-int destroy_path(void *path);
-
-/* Read entire contents of a talloced fd. */
-void *read_all(int *fd, unsigned int *size);
 
 /* Tracing infrastructure. */
 void trace_create(const void *data, const char *type);
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstored_domain.c
--- a/tools/xenstore/xenstored_domain.c Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstored_domain.c Mon Sep 26 17:07:49 2005
@@ -309,13 +309,8 @@
                return;
        }
 
-       if (conn->id != 0) {
+       if (conn->id != 0 || !conn->can_write) {
                send_error(conn, EACCES);
-               return;
-       }
-
-       if (!conn->can_write) {
-               send_error(conn, EROFS);
                return;
        }
 
@@ -386,7 +381,7 @@
 
        talloc_free(domain->conn);
 
-       fire_watches(NULL, "@releaseDomain", false);
+       fire_watches(conn, "@releaseDomain", false);
 
        send_ack(conn, XS_RELEASE);
 }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstored_transaction.c
--- a/tools/xenstore/xenstored_transaction.c    Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstored_transaction.c    Mon Sep 26 17:07:49 2005
@@ -26,6 +26,7 @@
 #include <stdarg.h>
 #include <stdlib.h>
 #include <fcntl.h>
+#include <unistd.h>
 #include "talloc.h"
 #include "list.h"
 #include "xenstored_transaction.h"
@@ -51,74 +52,26 @@
        /* Global list of transactions. */
        struct list_head list;
 
+       /* Generation when transaction started. */
+       unsigned int generation;
+
        /* My owner (conn->transaction == me). */
        struct connection *conn;
 
-       /* Subtree this transaction covers */
-       char *node;
-
-       /* Base for this transaction. */
-       char *divert;
+       /* TDB to work on, and filename */
+       TDB_CONTEXT *tdb;
+       char *tdb_name;
 
        /* List of changed nodes. */
        struct list_head changes;
-
-       /* Someone's waiting: time limit. */
-       struct timeval timeout;
-
-       /* We've timed out. */
-       bool destined_to_fail;
 };
 static LIST_HEAD(transactions);
+static unsigned int generation;
 
-bool within_transaction(struct transaction *trans, const char *node)
+/* Return tdb context to use for this connection. */
+TDB_CONTEXT *tdb_transaction_context(struct transaction *trans)
 {
-       if (!trans)
-               return true;
-       return is_child(node, trans->node);
-}
-
-/* You are on notice: this transaction is blocking someone. */
-static void start_transaction_timeout(struct transaction *trans)
-{
-       if (timerisset(&trans->timeout))
-               return;
-
-       /* One second timeout. */
-       gettimeofday(&trans->timeout, NULL);
-       trans->timeout.tv_sec += 1;
-}
-
-struct transaction *transaction_covering_node(const char *node)
-{
-       struct transaction *i;
-
-       list_for_each_entry(i, &transactions, list) {
-               if (i->destined_to_fail)
-                       continue;
-               if (is_child(i->node, node) || is_child(node, i->node))
-                       return i;
-       }
-       return NULL;
-}
-
-bool transaction_block(struct connection *conn, const char *node)
-{
-       struct transaction *trans;
-
-       /* Transactions don't overlap, so we can't be blocked by
-        * others if we're in one. */
-       if (conn->transaction)
-               return false;
-
-       trans = transaction_covering_node(node);
-       if (trans) {
-               start_transaction_timeout(trans);
-               conn->state = BLOCKED;
-               conn->blocked_by = talloc_strdup(conn, node);
-               return true;
-       }
-       return false;
+       return trans->tdb;
 }
 
 /* Callers get a change node (which can fail) and only commit after they've
@@ -127,8 +80,11 @@
 {
        struct changed_node *i;
 
-       if (!trans)
+       if (!trans) {
+               /* They're changing the global database. */
+               generation++;
                return;
+       }
 
        list_for_each_entry(i, &trans->changes, list)
                if (streq(i->node, node))
@@ -140,167 +96,47 @@
        list_add_tail(&i->list, &trans->changes);
 }
 
-char *node_dir_inside_transaction(struct transaction *trans, const char *node)
-{
-       return talloc_asprintf(node, "%s/%s", trans->divert,
-                              node + strlen(trans->node));
-}
-
-void shortest_transaction_timeout(struct timeval *tv)
-{
-       struct transaction *i;
-
-       list_for_each_entry(i, &transactions, list) {
-               if (!timerisset(&i->timeout))
-                       continue;
-
-               if (!timerisset(tv) || timercmp(&i->timeout, tv, <))
-                       *tv = i->timeout;
-       }
-}      
-
-void check_transaction_timeout(void)
-{
-       struct transaction *i;
-       struct timeval now;
-
-       gettimeofday(&now, NULL);
-
-       list_for_each_entry(i, &transactions, list) {
-               if (!timerisset(&i->timeout))
-                       continue;
-
-               if (timercmp(&i->timeout, &now, <))
-                       i->destined_to_fail = true;
-       }
-}
-
 static int destroy_transaction(void *_transaction)
 {
        struct transaction *trans = _transaction;
 
        list_del(&trans->list);
        trace_destroy(trans, "transaction");
-       return destroy_path(trans->divert);
+       if (trans->tdb)
+               tdb_close(trans->tdb);
+       unlink(trans->tdb_name);
+       return 0;
 }
 
-static bool copy_file(const char *src, const char *dst)
+void do_transaction_start(struct connection *conn, struct buffered_data *in)
 {
-       int *infd, *outfd;
-       void *data;
-       unsigned int size;
-
-       infd = talloc_open(src, O_RDONLY, 0);
-       if (!infd)
-               return false;
-       outfd = talloc_open(dst, O_WRONLY|O_CREAT|O_EXCL, 0640);
-       if (!outfd)
-               return false;
-       data = read_all(infd, &size);
-       if (!data)
-               return false;
-       return xs_write_all(*outfd, data, size);
-}
-
-static bool copy_dir(const char *src, const char *dst)
-{
-       DIR **dir;
-       struct dirent *dirent;
-
-       if (mkdir(dst, 0750) != 0)
-               return false;
-
-       dir = talloc_opendir(src);
-       if (!dir)
-               return false;
-
-       while ((dirent = readdir(*dir)) != NULL) {
-               struct stat st;
-               char *newsrc, *newdst;
-
-               if (streq(dirent->d_name, ".") || streq(dirent->d_name, ".."))
-                       continue;
-
-               newsrc = talloc_asprintf(src, "%s/%s", src, dirent->d_name);
-               newdst = talloc_asprintf(src, "%s/%s", dst, dirent->d_name);
-               if (stat(newsrc, &st) != 0)
-                       return false;
-               
-               if (S_ISDIR(st.st_mode)) {
-                       if (!copy_dir(newsrc, newdst))
-                               return false;
-               } else {
-                       if (!copy_file(newsrc, newdst))
-                               return false;
-               }
-               /* Free now so we don't run out of file descriptors */
-               talloc_free(newsrc);
-               talloc_free(newdst);
-       }
-       return true;
-}
-
-void do_transaction_start(struct connection *conn, const char *node)
-{
-       struct transaction *transaction;
-       char *dir;
+       struct transaction *trans;
 
        if (conn->transaction) {
                send_error(conn, EBUSY);
                return;
        }
 
-       node = canonicalize(conn, node);
-       if (!check_node_perms(conn, node, XS_PERM_READ)) {
+       /* Attach transaction to input for autofree until it's complete */
+       trans = talloc(in, struct transaction);
+       INIT_LIST_HEAD(&trans->changes);
+       trans->conn = conn;
+       trans->generation = generation;
+       trans->tdb_name = talloc_asprintf(trans, "%s.%p",
+                                         xs_daemon_tdb(), trans);
+       trans->tdb = tdb_copy(tdb_context(conn), trans->tdb_name);
+       if (!trans->tdb) {
                send_error(conn, errno);
                return;
        }
+       /* Make it close if we go away. */
+       talloc_steal(trans, trans->tdb);
 
-       if (transaction_block(conn, node))
-               return;
-
-       dir = node_dir_outside_transaction(node);
-
-       /* Attach transaction to node for autofree until it's complete */
-       transaction = talloc(node, struct transaction);
-       transaction->node = talloc_strdup(transaction, node);
-       transaction->divert = talloc_asprintf(transaction, "%s/%p", 
-                                             xs_daemon_transactions(),
-                                             transaction);
-       INIT_LIST_HEAD(&transaction->changes);
-       transaction->conn = conn;
-       timerclear(&transaction->timeout);
-       transaction->destined_to_fail = false;
-       list_add_tail(&transaction->list, &transactions);
-       talloc_set_destructor(transaction, destroy_transaction);
-       trace_create(transaction, "transaction");
-
-       if (!copy_dir(dir, transaction->divert)) {
-               send_error(conn, errno);
-               return;
-       }
-
-       talloc_steal(conn, transaction);
-       conn->transaction = transaction;
-       send_ack(transaction->conn, XS_TRANSACTION_START);
-}
-
-static bool commit_transaction(struct transaction *trans)
-{
-       char *tmp, *dir;
-
-       /* Move: orig -> .old, repl -> orig.  Cleanup deletes .old. */
-       dir = node_dir_outside_transaction(trans->node);
-       tmp = talloc_asprintf(trans, "%s.old", dir);
-
-       if (rename(dir, tmp) != 0)
-               return false;
-       if (rename(trans->divert, dir) != 0)
-               corrupt(trans->conn, "Failed rename %s to %s",
-                       trans->divert, dir);
-
-       trans->divert = tmp;
-       return true;
+       /* Now we own it. */
+       conn->transaction = talloc_steal(conn, trans);
+       list_add_tail(&trans->list, &transactions);
+       talloc_set_destructor(trans, destroy_transaction);
+       send_ack(conn, XS_TRANSACTION_START);
 }
 
 void do_transaction_end(struct connection *conn, const char *arg)
@@ -318,25 +154,29 @@
                return;
        }
 
-       /* Set to NULL so fire_watches sends events. */
+       /* Set to NULL so fire_watches sends events, tdb_context works. */
        trans = conn->transaction;
        conn->transaction = NULL;
        /* Attach transaction to arg for auto-cleanup */
        talloc_steal(arg, trans);
 
        if (streq(arg, "T")) {
-               if (trans->destined_to_fail) {
-                       send_error(conn, ETIMEDOUT);
+               /* FIXME: Merge, rather failing on any change. */
+               if (trans->generation != generation) {
+                       send_error(conn, EAGAIN);
                        return;
                }
-               if (!commit_transaction(trans)) {
+               if (!replace_tdb(trans->tdb_name, trans->tdb)) {
                        send_error(conn, errno);
                        return;
                }
+               /* Don't close this: we won! */
+               trans->tdb = NULL;
 
                /* Fire off the watches for everything that changed. */
                list_for_each_entry(i, &trans->changes, list)
                        fire_watches(conn, i->node, i->recurse);
+               generation++;
        }
        send_ack(conn, XS_TRANSACTION_END);
 }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstored_transaction.h
--- a/tools/xenstore/xenstored_transaction.h    Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstored_transaction.h    Mon Sep 26 17:07:49 2005
@@ -22,29 +22,14 @@
 
 struct transaction;
 
-void do_transaction_start(struct connection *conn, const char *node);
+void do_transaction_start(struct connection *conn, struct buffered_data *node);
 void do_transaction_end(struct connection *conn, const char *arg);
 
-/* Is node covered by this transaction? */
-bool within_transaction(struct transaction *trans, const char *node);
-
-/* If a write op on this node blocked by another connections' transaction,
- * mark conn, setup transaction timeout and return true.
- */
-bool transaction_block(struct connection *conn, const char *node);
-
-/* Return transaction which covers this node. */
-struct transaction *transaction_covering_node(const char *node);
-
-/* Return directory of node within transaction t. */
-char *node_dir_inside_transaction(struct transaction *t, const char *node);
+bool transaction_block(struct connection *conn);
 
 /* This node was changed: can fail and longjmp. */
 void add_change_node(struct transaction *trans, const char *node, bool 
recurse);
 
-/* Get shortest timeout: leave tv unset if none. */
-void shortest_transaction_timeout(struct timeval *tv);
-
-/* Have any transactions timed out yet? */
-void check_transaction_timeout(void);
+/* Return tdb context to use for this connection. */
+TDB_CONTEXT *tdb_transaction_context(struct transaction *trans);
 #endif /* _XENSTORED_TRANSACTION_H */
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstored_watch.c
--- a/tools/xenstore/xenstored_watch.c  Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstored_watch.c  Mon Sep 26 17:07:49 2005
@@ -96,36 +96,38 @@
 }
 
 static void add_event(struct connection *conn,
-                     struct watch *watch, const char *node)
-{
-       struct watch_event *event;
-
-       /* Check read permission: no permission, no watch event.
-        * If it doesn't exist, we need permission to read parent.
-        */
-       if (!check_node_perms(conn, node, XS_PERM_READ|XS_PERM_ENOENT_OK) &&
-           !check_event_node(node)) {
-               return;
+                     struct watch *watch,
+                     const char *name)
+{
+       struct watch_event *event;
+
+       if (!check_event_node(name)) {
+               /* Can this conn load node, or see that it doesn't exist? */
+               struct node *node;
+
+               node = get_node(conn, name, XS_PERM_READ);
+               if (!node && errno != ENOENT)
+                       return;
        }
 
        if (watch->relative_path) {
-               node += strlen(watch->relative_path);
-               if (*node == '/') /* Could be "" */
-                       node++;
+               name += strlen(watch->relative_path);
+               if (*name == '/') /* Could be "" */
+                       name++;
        }
 
        event = talloc(watch, struct watch_event);
-       event->len = strlen(node) + 1 + strlen(watch->token) + 1;
+       event->len = strlen(name) + 1 + strlen(watch->token) + 1;
        event->data = talloc_array(event, char, event->len);
-       strcpy(event->data, node);
-       strcpy(event->data + strlen(node) + 1, watch->token);
+       strcpy(event->data, name);
+       strcpy(event->data + strlen(name) + 1, watch->token);
        talloc_set_destructor(event, destroy_watch_event);
        list_add_tail(&event->list, &watch->events);
        trace_create(event, "watch_event");
 }
 
 /* FIXME: we fail to fire on out of memory.  Should drop connections. */
-void fire_watches(struct connection *conn, const char *node, bool recurse)
+void fire_watches(struct connection *conn, const char *name, bool recurse)
 {
        struct connection *i;
        struct watch *watch;
@@ -137,9 +139,9 @@
        /* Create an event for each watch. */
        list_for_each_entry(i, &connections, list) {
                list_for_each_entry(watch, &i->watches, list) {
-                       if (is_child(node, watch->node))
-                               add_event(i, watch, node);
-                       else if (recurse && is_child(watch->node, node))
+                       if (is_child(name, watch->node))
+                               add_event(i, watch, name);
+                       else if (recurse && is_child(watch->node, name))
                                add_event(i, watch, watch->node);
                        else
                                continue;
@@ -154,49 +156,6 @@
 {
        trace_destroy(_watch, "watch");
        return 0;
-}
-
-void shortest_watch_ack_timeout(struct timeval *tv)
-{
-       (void)tv;
-#if 0 /* FIXME */
-       struct watch *watch;
-
-       list_for_each_entry(watch, &watches, list) {
-               struct watch_event *i;
-               list_for_each_entry(i, &watch->events, list) {
-                       if (!timerisset(&i->timeout))
-                               continue;
-                       if (!timerisset(tv) || timercmp(&i->timeout, tv, <))
-                               *tv = i->timeout;
-               }
-       }
-#endif
-}      
-
-void check_watch_ack_timeout(void)
-{
-#if 0
-       struct watch *watch;
-       struct timeval now;
-
-       gettimeofday(&now, NULL);
-       list_for_each_entry(watch, &watches, list) {
-               struct watch_event *i, *tmp;
-               list_for_each_entry_safe(i, tmp, &watch->events, list) {
-                       if (!timerisset(&i->timeout))
-                               continue;
-                       if (timercmp(&i->timeout, &now, <)) {
-                               xprintf("Warning: timeout on watch event %s"
-                                       " token %s\n",
-                                       i->node, watch->token);
-                               trace_watch_timeout(watch->conn, i->node,
-                                                   watch->token);
-                               timerclear(&i->timeout);
-                       }
-               }
-       }
-#endif
 }
 
 void do_watch(struct connection *conn, struct buffered_data *in)
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xenstored_watch.h
--- a/tools/xenstore/xenstored_watch.h  Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xenstored_watch.h  Mon Sep 26 17:07:49 2005
@@ -32,15 +32,9 @@
 /* Look through our watches: if any of them have an event, queue it. */
 void queue_next_event(struct connection *conn);
 
-/* Fire all watches: recurse means all the children are effected (ie. rm).
+/* Fire all watches: recurse means all the children are affected (ie. rm).
  */
-void fire_watches(struct connection *conn, const char *node, bool recurse);
-
-/* Find shortest timeout: if any, reduce tv (may already be set). */
-void shortest_watch_ack_timeout(struct timeval *tv);
-
-/* Check for watches which may have timed out. */
-void check_watch_ack_timeout(void);
+void fire_watches(struct connection *conn, const char *name, bool recurse);
 
 void dump_watches(struct connection *conn);
 
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xs.c
--- a/tools/xenstore/xs.c       Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xs.c       Mon Sep 26 17:07:49 2005
@@ -497,13 +497,12 @@
 
 /* Start a transaction: changes by others will not be seen during this
  * transaction, and changes will not be visible to others until end.
- * Transaction only applies to the given subtree.
  * You can only have one transaction at any time.
  * Returns false on failure.
  */
-bool xs_transaction_start(struct xs_handle *h, const char *subtree)
-{
-       return xs_bool(xs_single(h, XS_TRANSACTION_START, subtree, NULL));
+bool xs_transaction_start(struct xs_handle *h)
+{
+       return xs_bool(xs_single(h, XS_TRANSACTION_START, "", NULL));
 }
 
 /* End a transaction.
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xs.h
--- a/tools/xenstore/xs.h       Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xs.h       Mon Sep 26 17:07:49 2005
@@ -109,16 +109,15 @@
 
 /* Start a transaction: changes by others will not be seen during this
  * transaction, and changes will not be visible to others until end.
- * Transaction only applies to the given subtree.
  * You can only have one transaction at any time.
  * Returns false on failure.
  */
-bool xs_transaction_start(struct xs_handle *h, const char *subtree);
+bool xs_transaction_start(struct xs_handle *h);
 
 /* End a transaction.
  * If abandon is true, transaction is discarded instead of committed.
- * Returns false on failure, which indicates an error: transactions will
- * not fail spuriously.
+ * Returns false on failure: if errno == EAGAIN, you have to restart
+ * transaction.
  */
 bool xs_transaction_end(struct xs_handle *h, bool abort);
 
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xs_lib.c
--- a/tools/xenstore/xs_lib.c   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xs_lib.c   Mon Sep 26 17:07:49 2005
@@ -50,6 +50,13 @@
        return buf;
 }
 
+const char *xs_daemon_tdb(void)
+{
+       static char buf[PATH_MAX];
+       sprintf(buf, "%s/tdb", xs_daemon_rootdir());
+       return buf;
+}
+
 const char *xs_daemon_socket(void)
 {
        return xs_daemon_path();
@@ -62,24 +69,6 @@
        if (s == NULL)
                return NULL;
        if (snprintf(buf, PATH_MAX, "%s_ro", s) >= PATH_MAX)
-               return NULL;
-       return buf;
-}
-
-const char *xs_daemon_store(void)
-{
-       static char buf[PATH_MAX];
-       if (snprintf(buf, PATH_MAX, "%s/store",
-                    xs_daemon_rootdir()) >= PATH_MAX)
-               return NULL;
-       return buf;
-}
-
-const char *xs_daemon_transactions(void)
-{
-       static char buf[PATH_MAX];
-       if (snprintf(buf, PATH_MAX, "%s/transactions",
-                    xs_daemon_rootdir()) >= PATH_MAX)
                return NULL;
        return buf;
 }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xs_lib.h
--- a/tools/xenstore/xs_lib.h   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xs_lib.h   Mon Sep 26 17:07:49 2005
@@ -36,7 +36,7 @@
 
 struct xs_permissions
 {
-       domid_t id;
+       unsigned int id;
        enum xs_perm_type perms;
 };
 
@@ -46,9 +46,8 @@
 /* Path for various daemon things: env vars can override. */
 const char *xs_daemon_socket(void);
 const char *xs_daemon_socket_ro(void);
-const char *xs_daemon_store(void);
-const char *xs_daemon_transactions(void);
 const char *xs_domain_dev(void);
+const char *xs_daemon_tdb(void);
 
 /* Simple write function: loops for you. */
 bool xs_write_all(int fd, const void *data, unsigned int len);
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xs_random.c
--- a/tools/xenstore/xs_random.c        Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xs_random.c        Mon Sep 26 17:07:49 2005
@@ -41,7 +41,7 @@
                          struct xs_permissions *perms,
                          unsigned int num);
 
-       bool (*transaction_start)(void *h, const char *subtree);
+       bool (*transaction_start)(void *h);
        bool (*transaction_end)(void *h, bool abort);
 
        /* Create and destroy a new handle. */
@@ -53,7 +53,6 @@
 {
        const char *base;
        char *transact_base;
-       char *transact;
 };
 
 static void convert_to_dir(const char *dirname)
@@ -95,31 +94,6 @@
        maybe_convert_to_directory(filename);
        return filename;
 }
-
-/* Is child a subnode of parent, or equal? */
-static bool is_child(const char *child, const char *parent)
-{
-       unsigned int len = strlen(parent);
-
-       /* / should really be "" for this algorithm to work, but that's a
-        * usability nightmare. */
-       if (streq(parent, "/"))
-               return true;
-
-       if (strncmp(child, parent, len) != 0)
-               return false;
-
-       return child[len] == '/' || child[len] == '\0';
-}
-
-static bool write_ok(struct file_ops_info *info, const char *path)
-{
-       if (info->transact && !is_child(path, info->transact)) {
-               errno = EROFS;
-               return false;
-       }
-       return true;
-}      
 
 static char **file_directory(struct file_ops_info *info,
                             const char *path, unsigned int *num)
@@ -184,8 +158,10 @@
 
        ret = grab_file(filename, &size);
        /* Directory exists, .DATA doesn't. */
-       if (!ret && errno == ENOENT && strends(filename, ".DATA"))
-               errno = EISDIR;
+       if (!ret && errno == ENOENT && strends(filename, ".DATA")) {
+               ret = strdup("");
+               size = 0;
+       }
        *len = size;
        return ret;
 }
@@ -270,9 +246,6 @@
                return false;
        }
 
-       if (!write_ok(info, path))
-               return false;
-
        /* Check non-perm file exists/ */
        if (lstat(filename, &st) != 0)
                return false;
@@ -338,9 +311,6 @@
        char *filename = filename_to_data(path_to_name(info, path));
        int fd;
 
-       if (!write_ok(info, path))
-               return false;
-
        make_dirs(parent_filename(filename));
        fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY, 0600);
        if (fd < 0)
@@ -358,9 +328,6 @@
 {
        char *dirname = path_to_name(info, path);
 
-       if (!write_ok(info, path))
-               return false;
-
        make_dirs(parent_filename(dirname));
        if (mkdir(dirname, 0700) != 0)
                return (errno == EEXIST);
@@ -373,11 +340,6 @@
 {
        char *filename = path_to_name(info, path);
        struct stat st;
-
-       if (info->transact && streq(info->transact, path)) {
-               errno = EINVAL;
-               return false;
-       }
 
        if (lstat(filename, &st) != 0) {
                if (lstat(parent_filename(filename), &st) != 0)
@@ -385,9 +347,6 @@
                return true;
        }
 
-       if (!write_ok(info, path))
-               return false;
-
        if (streq(path, "/")) {
                errno = EINVAL;
                return false;
@@ -398,28 +357,20 @@
        return true;
 }
 
-static bool file_transaction_start(struct file_ops_info *info,
-                                  const char *subtree)
+static bool file_transaction_start(struct file_ops_info *info)
 {
        char *cmd;
-       char *filename = path_to_name(info, subtree);
-       struct stat st;
-
-       if (info->transact) {
+
+       if (info->transact_base) {
                errno = EBUSY;
                return false;
        }
 
-       if (lstat(filename, &st) != 0)
-               return false;
-
-       cmd = talloc_asprintf(NULL, "cp -r %s %s.transact",
-                             info->base, info->base);
+       info->transact_base = talloc_asprintf(NULL, "%s.transact", info->base);
+       cmd = talloc_asprintf(NULL, "cp -r %s %s",
+                             info->base, info->transact_base);
        do_command(cmd);
        talloc_free(cmd);
-
-       info->transact_base = talloc_asprintf(NULL, "%s.transact", info->base);
-       info->transact = talloc_strdup(NULL, subtree);
        return true;
 }
 
@@ -427,7 +378,7 @@
 {
        char *old, *cmd;
 
-       if (!info->transact) {
+       if (!info->transact_base) {
                errno = ENOENT;
                return false;
        }
@@ -448,9 +399,7 @@
 
 success:
        talloc_free(cmd);
-       talloc_free(info->transact);
        talloc_free(info->transact_base);
-       info->transact = NULL;
        info->transact_base = NULL;
        return true;
 }
@@ -461,7 +410,6 @@
 
        info->base = dir;
        info->transact_base = NULL;
-       info->transact = NULL;
        return info;
 }
 
@@ -898,11 +846,10 @@
        case 7: {
                if (verbose)
                        printf("START %s\n", name);
-               ret = bool_to_errstring(ops->transaction_start(h, name));
+               ret = bool_to_errstring(ops->transaction_start(h));
                if (streq(ret, "OK")) {
                        talloc_free(ret);
-                       ret = talloc_asprintf(NULL, "OK:START-TRANSACT:%s",
-                                             name);
+                       ret = talloc_asprintf(NULL, "OK:START-TRANSACT");
                }
 
                break;
@@ -978,6 +925,8 @@
                barf_perror("Creating directory %s/tool", dir);
        if (!file_set_perms(h, talloc_strdup(h, "/"), &perm, 1))
                barf_perror("Setting root perms in %s", dir);
+       if (!file_set_perms(h, talloc_strdup(h, "/tool"), &perm, 1))
+               barf_perror("Setting root perms in %s/tool", dir);
        file_close(h);
 }
 
@@ -1071,7 +1020,7 @@
                        goto out;
 
                if (!data->fast) {
-                       if (strstarts(ret, "OK:START-TRANSACT:")) {
+                       if (streq(ret, "OK:START-TRANSACT")) {
                                void *pre = data->ops->handle(data->dir);
 
                                snapshot = dump(data->ops, pre);
@@ -1303,7 +1252,7 @@
                             void *_data)
 {
        void *fileh, *xsh;
-       char *transact = NULL;
+       bool transact = false;
        struct ops *fail;
        struct diff_data *data = _data;
        unsigned int i, print;
@@ -1348,13 +1297,9 @@
                        goto out;
 
                if (strstarts(file, "OK:START-TRANSACT:"))
-                       transact = talloc_strdup(NULL,
-                                                file +
-                                                strlen("OK:START-TRANSACT:"));
-               else if (streq(file, "OK:STOP-TRANSACT")) {
-                       talloc_free(transact);
-                       transact = NULL;
-               }
+                       transact = true;
+               else if (streq(file, "OK:STOP-TRANSACT"))
+                       transact = false;
 
                talloc_free(file);
                talloc_free(xs);
@@ -1379,7 +1324,7 @@
 
                        fail = NULL;
                        if (!ops_equal(&xs_ops, xsh_pre, &file_ops, fileh_pre,
-                                      transact, &fail)) {
+                                      "/", &fail)) {
                                if (fail)
                                        barf("%s failed during transact\n",
                                             fail->name);
@@ -1455,9 +1400,6 @@
 
        fileh = file_handle(data->dir);
        xsh = xs_handle(data->dir);
-
-       sprintf(seed, "%i", data->seed);
-       free(xs_debug_command(xsh, "failtest", seed, strlen(seed)+1));
 
        print = number / 76;
        if (!print)
@@ -1491,8 +1433,12 @@
                if (trymap && !trymap[i])
                        continue;
 
-               if (verbose)
-                       printf("(%i) ", i);
+               /* Turn on failure. */
+               sprintf(seed, "%i", data->seed + i);
+               free(xs_debug_command(xsh, "failtest",seed,strlen(seed)+1));
+
+               if (verbose)
+                       printf("(%i) seed %s ", i, seed);
                ret = do_next_op(&xs_ops, xsh, i + data->seed, verbose);
                if (streq(ret, "FAILED:Connection reset by peer")
                    || streq(ret, "FAILED:Bad file descriptor")
@@ -1549,8 +1495,6 @@
                fail = NULL;
                if (!ops_equal(&xs_ops, tmpxsh, &file_ops, tmpfileh, "/",
                               &fail)) {
-                       xs_close(tmpxsh);
-                       file_close(tmpfileh);
                        if (fail) {
                                if (verbose)
                                        printf("%s failed\n", fail->name);
@@ -1561,10 +1505,16 @@
                                failed = 0;
                                if (verbose)
                                        printf("(Looks like it succeeded)\n");
+                               xs_close(tmpxsh);
+                               file_close(tmpfileh);
                                goto try_applying;
                        }
                        if (verbose)
-                               printf("Two backends not equal\n");
+                               printf("Trees differ:\nXS:%s\nFILE:%s\n",
+                                      dump(&xs_ops, tmpxsh),
+                                      dump(&file_ops, tmpfileh));
+                       xs_close(tmpxsh);
+                       file_close(tmpfileh);
                        goto out;
                }
 
@@ -1572,8 +1522,6 @@
                if (!xsh)
                        file_transaction_end(fileh, true);
 
-               /* Turn failures back on. */
-               free(xs_debug_command(tmpxsh, "failtest",  NULL, 0));
                xs_close(tmpxsh);
                file_close(tmpfileh);
        }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xs_stress.c
--- a/tools/xenstore/xs_stress.c        Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xs_stress.c        Mon Sep 26 17:07:49 2005
@@ -8,6 +8,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <errno.h>
 
 #define NUM_HANDLES 2
 #define DIR_FANOUT 3
@@ -36,24 +37,18 @@
 
        srandom(childnum);
        for (i = 0; i < cycles; i++) {
-               unsigned int lockdepth, j, len;
-               char file[100] = "", lockdir[100];
+               unsigned int j, len;
+               char file[100] = "";
                char *contents, tmp[100];
                struct xs_handle *h = handles[random() % NUM_HANDLES];
 
-               lockdepth = random() % DIR_DEPTH;
-               for (j = 0; j < DIR_DEPTH; j++) {
-                       if (j == lockdepth)
-                               strcpy(lockdir, file);
+               for (j = 0; j < DIR_DEPTH; j++)
                        sprintf(file + strlen(file), "/%li",
                                random()%DIR_FANOUT);
-               }
-               if (streq(lockdir, ""))
-                       strcpy(lockdir, "/");
-
-               if (!xs_transaction_start(h, lockdir))
-                       barf_perror("%i: starting transaction %i on %s",
-                                   childnum, i, lockdir);
+
+               if (!xs_transaction_start(h))
+                       barf_perror("%i: starting transaction %i",
+                                   childnum, i);
 
                sprintf(file + strlen(file), "/count");
                contents = xs_read(h, file, &len);
@@ -68,18 +63,23 @@
                /* Abandon 1 in 10 */
                if (random() % 10 == 0) {
                        if (!xs_transaction_end(h, true))
-                               barf_perror("%i: can't abort transact %s",
-                                           childnum, lockdir);
+                               barf_perror("%i: can't abort transact",
+                                           childnum);
                        i--;
                } else {
-                       if (!xs_transaction_end(h, false))
-                               barf_perror("%i: can't commit transact %s",
-                                           childnum, lockdir);
-
-                       /* Offset when we print . so kids don't all
-                        * print at once. */
-                       if ((i + print/(childnum+1)) % print == 0)
-                               write(STDOUT_FILENO, &id, 1);
+                       if (!xs_transaction_end(h, false)) {
+                               if (errno == EAGAIN) {
+                                       write(STDOUT_FILENO, "!", 1);
+                                       i--;
+                               } else
+                                       barf_perror("%i: can't commit trans",
+                                                   childnum);
+                       } else {
+                               /* Offset when we print . so kids don't all
+                                * print at once. */
+                               if ((i + print/(childnum+1)) % print == 0)
+                                       write(STDOUT_FILENO, &id, 1);
+                       }
                }
        }
 }
@@ -201,7 +201,7 @@
        printf("\nCounting results...\n");
        i = tally_counts();
        if (i != (unsigned)atoi(argv[1]))
-               barf("Total counts %i not %s", i, atoi(argv[1]));
+               barf("Total counts %i not %s", i, argv[1]);
        printf("Success!\n");
        exit(0);
 }
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xs_test.c
--- a/tools/xenstore/xs_test.c  Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xs_test.c  Mon Sep 26 17:07:49 2005
@@ -562,9 +562,9 @@
                failed(handle);
 }
 
-static void do_start(unsigned int handle, const char *node)
-{
-       if (!xs_transaction_start(handles[handle], node))
+static void do_start(unsigned int handle)
+{
+       if (!xs_transaction_start(handles[handle]))
                failed(handle);
 }
 
@@ -791,7 +791,7 @@
                xs_daemon_close(handles[handle]);
                handles[handle] = NULL;
        } else if (streq(command, "start"))
-               do_start(handle, arg(line, 1));
+               do_start(handle);
        else if (streq(command, "commit"))
                do_end(handle, false);
        else if (streq(command, "abort"))
diff -r eaedc6b4ec0f -r ef9591d03fdd xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Fri Sep 23 21:41:28 2005
+++ b/xen/arch/x86/mm.c Mon Sep 26 17:07:49 2005
@@ -2273,8 +2273,7 @@
 
 
 int update_grant_pte_mapping(
-    unsigned long pte_addr, l1_pgentry_t _nl1e, 
-    struct domain *d, struct vcpu *v)
+    unsigned long pte_addr, l1_pgentry_t _nl1e, struct vcpu *v)
 {
     int rc = GNTST_okay;
     void *va;
@@ -2282,6 +2281,7 @@
     struct pfn_info *page;
     u32 type_info;
     l1_pgentry_t ol1e;
+    struct domain *d = v->domain;
 
     ASSERT(spin_is_locked(&d->big_lock));
     ASSERT(!shadow_mode_refcounts(d));
@@ -2318,8 +2318,6 @@
     } 
 
     put_page_from_l1e(ol1e, d);
-
-    rc = (l1e_get_flags(ol1e) & _PAGE_PRESENT) ? GNTST_flush_all : GNTST_okay;
 
     if ( unlikely(shadow_mode_enabled(d)) )
     {
@@ -2415,10 +2413,10 @@
 
 
 int update_grant_va_mapping(
-    unsigned long va, l1_pgentry_t _nl1e, struct domain *d, struct vcpu *v)
-{
-    int rc = GNTST_okay;
+    unsigned long va, l1_pgentry_t _nl1e, struct vcpu *v)
+{
     l1_pgentry_t *pl1e, ol1e;
+    struct domain *d = v->domain;
     
     ASSERT(spin_is_locked(&d->big_lock));
     ASSERT(!shadow_mode_refcounts(d));
@@ -2439,12 +2437,10 @@
 
     put_page_from_l1e(ol1e, d);
 
-    rc = (l1e_get_flags(ol1e) & _PAGE_PRESENT) ? GNTST_flush_one : GNTST_okay;
-
     if ( unlikely(shadow_mode_enabled(d)) )
         shadow_do_update_va_mapping(va, _nl1e, v);
 
-    return rc;
+    return GNTST_okay;
 }
 
 int clear_grant_va_mapping(unsigned long addr, unsigned long frame)
diff -r eaedc6b4ec0f -r ef9591d03fdd xen/arch/x86/vmx_vmcs.c
--- a/xen/arch/x86/vmx_vmcs.c   Fri Sep 23 21:41:28 2005
+++ b/xen/arch/x86/vmx_vmcs.c   Mon Sep 26 17:07:49 2005
@@ -37,19 +37,19 @@
 #endif
 #ifdef CONFIG_VMX
 
-struct vmcs_struct *alloc_vmcs(void) 
+struct vmcs_struct *alloc_vmcs(void)
 {
     struct vmcs_struct *vmcs;
     u32 vmx_msr_low, vmx_msr_high;
 
     rdmsr(MSR_IA32_VMX_BASIC_MSR, vmx_msr_low, vmx_msr_high);
     vmcs_size = vmx_msr_high & 0x1fff;
-    vmcs = alloc_xenheap_pages(get_order_from_bytes(vmcs_size)); 
+    vmcs = alloc_xenheap_pages(get_order_from_bytes(vmcs_size));
     memset((char *)vmcs, 0, vmcs_size); /* don't remove this */
 
     vmcs->vmcs_revision_id = vmx_msr_low;
     return vmcs;
-} 
+}
 
 void free_vmcs(struct vmcs_struct *vmcs)
 {
@@ -65,7 +65,7 @@
     void *io_bitmap_a;
     void *io_bitmap_b;
 
-    error |= __vmwrite(PIN_BASED_VM_EXEC_CONTROL, 
+    error |= __vmwrite(PIN_BASED_VM_EXEC_CONTROL,
                        MONITOR_PIN_BASED_EXEC_CONTROLS);
 
     error |= __vmwrite(VM_EXIT_CONTROLS, MONITOR_VM_EXIT_CONTROLS);
@@ -73,8 +73,8 @@
     error |= __vmwrite(VM_ENTRY_CONTROLS, MONITOR_VM_ENTRY_CONTROLS);
 
     /* need to use 0x1000 instead of PAGE_SIZE */
-    io_bitmap_a = (void*) alloc_xenheap_pages(get_order_from_bytes(0x1000)); 
-    io_bitmap_b = (void*) alloc_xenheap_pages(get_order_from_bytes(0x1000)); 
+    io_bitmap_a = (void*) alloc_xenheap_pages(get_order_from_bytes(0x1000));
+    io_bitmap_b = (void*) alloc_xenheap_pages(get_order_from_bytes(0x1000));
     memset(io_bitmap_a, 0xff, 0x1000);
     /* don't bother debug port access */
     clear_bit(PC_DEBUG_PORT, io_bitmap_a);
@@ -89,8 +89,10 @@
     return error;
 }
 
-#define GUEST_SEGMENT_LIMIT     0xffffffff      
-#define HOST_SEGMENT_LIMIT      0xffffffff      
+#define GUEST_LAUNCH_DS         0x08
+#define GUEST_LAUNCH_CS         0x10
+#define GUEST_SEGMENT_LIMIT     0xffffffff
+#define HOST_SEGMENT_LIMIT      0xffffffff
 
 struct host_execution_env {
     /* selectors */
@@ -110,72 +112,76 @@
     unsigned long tr_base;
     unsigned long ds_base;
     unsigned long cs_base;
-#ifdef __x86_64__ 
-    unsigned long fs_base; 
-    unsigned long gs_base; 
-#endif 
+#ifdef __x86_64__
+    unsigned long fs_base;
+    unsigned long gs_base;
+#endif
 };
 
-#define round_pgdown(_p) ((_p)&PAGE_MASK) /* coped from domain.c */
-
-int vmx_setup_platform(struct vcpu *d, struct cpu_user_regs *regs)
+static void vmx_setup_platform(struct vcpu *v, struct cpu_user_regs *regs)
 {
     int i;
-    unsigned int n;
-    unsigned long *p, mpfn, offset, addr;
-    struct e820entry *e820p;
+    unsigned char e820_map_nr;
+    struct e820entry *e820entry;
+    unsigned char *p;
+    unsigned long mpfn;
     unsigned long gpfn = 0;
 
     local_flush_tlb_pge();
-    regs->ebx = 0;   /* Linux expects ebx to be 0 for boot proc */
-
-    n = regs->ecx;
-    if (n > 32) {
-        VMX_DBG_LOG(DBG_LEVEL_1, "Too many e820 entries: %d", n);
-        return -1;
-    }
-
-    addr = regs->edi;
-    offset = (addr & ~PAGE_MASK);
-    addr = round_pgdown(addr);
-
-    mpfn = get_mfn_from_pfn(addr >> PAGE_SHIFT);
+
+    mpfn = get_mfn_from_pfn(E820_MAP_PAGE >> PAGE_SHIFT);
+    if (mpfn == INVALID_MFN) {
+        printk("Can not find E820 memory map page for VMX domain.\n");
+        domain_crash();
+    }
+
     p = map_domain_page(mpfn);
-
-    e820p = (struct e820entry *) ((unsigned long) p + offset); 
-
-#ifndef NDEBUG
-    print_e820_memory_map(e820p, n);
-#endif
-
-    for ( i = 0; i < n; i++ )
+    if (p == NULL) {
+        printk("Can not map E820 memory map page for VMX domain.\n");
+        domain_crash();
+    }
+
+    e820_map_nr = *(p + E820_MAP_NR_OFFSET);
+    e820entry = (struct e820entry *)(p + E820_MAP_OFFSET);
+
+    for ( i = 0; i < e820_map_nr; i++ )
     {
-        if ( e820p[i].type == E820_SHARED_PAGE )
+        if (e820entry[i].type == E820_SHARED_PAGE)
         {
-            gpfn = (e820p[i].addr >> PAGE_SHIFT);
+            gpfn = (e820entry[i].addr >> PAGE_SHIFT);
             break;
         }
     }
 
-    if ( gpfn == 0 )
-    {
-        unmap_domain_page(p);        
-        return -1;
-    }   
-
-    unmap_domain_page(p);        
+    if ( gpfn == 0 ) {
+        printk("Can not get io request shared page"
+               " from E820 memory map for VMX domain.\n");
+        unmap_domain_page(p);
+        domain_crash();
+    }
+    unmap_domain_page(p);
+
+    if (v->vcpu_id)
+        return;
 
     /* Initialise shared page */
     mpfn = get_mfn_from_pfn(gpfn);
+    if (mpfn == INVALID_MFN) {
+        printk("Can not find io request shared page for VMX domain.\n");
+        domain_crash();
+    }
+
     p = map_domain_page(mpfn);
-    d->domain->arch.vmx_platform.shared_page_va = (unsigned long)p;
-
-    VMX_DBG_LOG(DBG_LEVEL_1, "eport: %x\n", iopacket_port(d->domain));
-
-    clear_bit(iopacket_port(d->domain), 
-              &d->domain->shared_info->evtchn_mask[0]);
-
-    return 0;
+    if (p == NULL) {
+        printk("Can not map io request shared page for VMX domain.\n");
+        domain_crash();
+    }
+    v->domain->arch.vmx_platform.shared_page_va = (unsigned long)p;
+
+    VMX_DBG_LOG(DBG_LEVEL_1, "eport: %x\n", iopacket_port(v->domain));
+
+    clear_bit(iopacket_port(v->domain),
+              &v->domain->shared_info->evtchn_mask[0]);
 }
 
 void vmx_set_host_env(struct vcpu *v)
@@ -203,7 +209,7 @@
     error |= __vmwrite(HOST_TR_BASE, host_env.tr_base);
 }
 
-void vmx_do_launch(struct vcpu *v) 
+void vmx_do_launch(struct vcpu *v)
 {
 /* Update CR3, GDT, LDT, TR */
     unsigned int  error = 0;
@@ -217,7 +223,7 @@
     error |= __vmwrite(GUEST_CR0, cr0);
     cr0 &= ~X86_CR0_PG;
     error |= __vmwrite(CR0_READ_SHADOW, cr0);
-    error |= __vmwrite(CPU_BASED_VM_EXEC_CONTROL, 
+    error |= __vmwrite(CPU_BASED_VM_EXEC_CONTROL,
                        MONITOR_CPU_BASED_EXEC_CONTROLS);
 
     __asm__ __volatile__ ("mov %%cr4,%0" : "=r" (cr4) : );
@@ -247,7 +253,7 @@
     error |= __vmwrite(GUEST_LDTR_SELECTOR, 0);
     error |= __vmwrite(GUEST_LDTR_BASE, 0);
     error |= __vmwrite(GUEST_LDTR_LIMIT, 0);
-        
+
     error |= __vmwrite(GUEST_TR_BASE, 0);
     error |= __vmwrite(GUEST_TR_LIMIT, 0xff);
 
@@ -261,10 +267,8 @@
 /*
  * Initially set the same environement as host.
  */
-static inline int 
-construct_init_vmcs_guest(struct cpu_user_regs *regs, 
-                          struct vcpu_guest_context *ctxt,
-                          struct host_execution_env *host_env)
+static inline int
+construct_init_vmcs_guest(struct cpu_user_regs *regs)
 {
     int error = 0;
     union vmcs_arbytes arbytes;
@@ -292,31 +296,37 @@
     error |= __vmwrite(CR3_TARGET_COUNT, 0);
 
     /* Guest Selectors */
-    error |= __vmwrite(GUEST_CS_SELECTOR, regs->cs);
-    error |= __vmwrite(GUEST_ES_SELECTOR, regs->es);
-    error |= __vmwrite(GUEST_SS_SELECTOR, regs->ss);
-    error |= __vmwrite(GUEST_DS_SELECTOR, regs->ds);
-    error |= __vmwrite(GUEST_FS_SELECTOR, regs->fs);
-    error |= __vmwrite(GUEST_GS_SELECTOR, regs->gs);
+    error |= __vmwrite(GUEST_ES_SELECTOR, GUEST_LAUNCH_DS);
+    error |= __vmwrite(GUEST_SS_SELECTOR, GUEST_LAUNCH_DS);
+    error |= __vmwrite(GUEST_DS_SELECTOR, GUEST_LAUNCH_DS);
+    error |= __vmwrite(GUEST_FS_SELECTOR, GUEST_LAUNCH_DS);
+    error |= __vmwrite(GUEST_GS_SELECTOR, GUEST_LAUNCH_DS);
+    error |= __vmwrite(GUEST_CS_SELECTOR, GUEST_LAUNCH_CS);
+
+    /* Guest segment bases */
+    error |= __vmwrite(GUEST_ES_BASE, 0);
+    error |= __vmwrite(GUEST_SS_BASE, 0);
+    error |= __vmwrite(GUEST_DS_BASE, 0);
+    error |= __vmwrite(GUEST_FS_BASE, 0);
+    error |= __vmwrite(GUEST_GS_BASE, 0);
+    error |= __vmwrite(GUEST_CS_BASE, 0);
 
     /* Guest segment Limits */
-    error |= __vmwrite(GUEST_CS_LIMIT, GUEST_SEGMENT_LIMIT);
     error |= __vmwrite(GUEST_ES_LIMIT, GUEST_SEGMENT_LIMIT);
     error |= __vmwrite(GUEST_SS_LIMIT, GUEST_SEGMENT_LIMIT);
     error |= __vmwrite(GUEST_DS_LIMIT, GUEST_SEGMENT_LIMIT);
     error |= __vmwrite(GUEST_FS_LIMIT, GUEST_SEGMENT_LIMIT);
     error |= __vmwrite(GUEST_GS_LIMIT, GUEST_SEGMENT_LIMIT);
-
-    error |= __vmwrite(GUEST_IDTR_LIMIT, host_env->idtr_limit);
-
-    /* AR bytes */
+    error |= __vmwrite(GUEST_CS_LIMIT, GUEST_SEGMENT_LIMIT);
+
+    /* Guest segment AR bytes */
     arbytes.bytes = 0;
     arbytes.fields.seg_type = 0x3;          /* type = 3 */
     arbytes.fields.s = 1;                   /* code or data, i.e. not system */
     arbytes.fields.dpl = 0;                 /* DPL = 3 */
     arbytes.fields.p = 1;                   /* segment present */
     arbytes.fields.default_ops_size = 1;    /* 32-bit */
-    arbytes.fields.g = 1;   
+    arbytes.fields.g = 1;
     arbytes.fields.null_bit = 0;            /* not null */
 
     error |= __vmwrite(GUEST_ES_AR_BYTES, arbytes.bytes);
@@ -328,35 +338,31 @@
     arbytes.fields.seg_type = 0xb;          /* type = 0xb */
     error |= __vmwrite(GUEST_CS_AR_BYTES, arbytes.bytes);
 
-    error |= __vmwrite(GUEST_GDTR_BASE, regs->edx);
-    regs->edx = 0;
-    error |= __vmwrite(GUEST_GDTR_LIMIT, regs->eax);
-    regs->eax = 0;
-
+    /* Guest GDT */
+    error |= __vmwrite(GUEST_GDTR_BASE, 0);
+    error |= __vmwrite(GUEST_GDTR_LIMIT, 0);
+
+    /* Guest IDT */
+    error |= __vmwrite(GUEST_IDTR_BASE, 0);
+    error |= __vmwrite(GUEST_IDTR_LIMIT, 0);
+
+    /* Guest LDT & TSS */
     arbytes.fields.s = 0;                   /* not code or data segement */
     arbytes.fields.seg_type = 0x2;          /* LTD */
     arbytes.fields.default_ops_size = 0;    /* 16-bit */
-    arbytes.fields.g = 0;   
+    arbytes.fields.g = 0;
     error |= __vmwrite(GUEST_LDTR_AR_BYTES, arbytes.bytes);
 
     arbytes.fields.seg_type = 0xb;          /* 32-bit TSS (busy) */
     error |= __vmwrite(GUEST_TR_AR_BYTES, arbytes.bytes);
     /* CR3 is set in vmx_final_setup_guest */
 
-    error |= __vmwrite(GUEST_ES_BASE, host_env->ds_base);
-    error |= __vmwrite(GUEST_CS_BASE, host_env->cs_base);
-    error |= __vmwrite(GUEST_SS_BASE, host_env->ds_base);
-    error |= __vmwrite(GUEST_DS_BASE, host_env->ds_base);
-    error |= __vmwrite(GUEST_FS_BASE, host_env->ds_base);
-    error |= __vmwrite(GUEST_GS_BASE, host_env->ds_base);
-    error |= __vmwrite(GUEST_IDTR_BASE, host_env->idtr_base);
-
-    error |= __vmwrite(GUEST_RSP, regs->esp);
+    error |= __vmwrite(GUEST_RSP, 0);
     error |= __vmwrite(GUEST_RIP, regs->eip);
 
+    /* Guest EFLAGS */
     eflags = regs->eflags & ~VMCS_EFLAGS_RESERVED_0; /* clear 0s */
     eflags |= VMCS_EFLAGS_RESERVED_1; /* set 1s */
-
     error |= __vmwrite(GUEST_RFLAGS, eflags);
 
     error |= __vmwrite(GUEST_INTERRUPTIBILITY_INFO, 0);
@@ -381,14 +387,14 @@
 #if defined (__i386__)
     error |= __vmwrite(HOST_FS_SELECTOR, host_env->ds_selector);
     error |= __vmwrite(HOST_GS_SELECTOR, host_env->ds_selector);
-    error |= __vmwrite(HOST_FS_BASE, host_env->ds_base); 
-    error |= __vmwrite(HOST_GS_BASE, host_env->ds_base); 
+    error |= __vmwrite(HOST_FS_BASE, host_env->ds_base);
+    error |= __vmwrite(HOST_GS_BASE, host_env->ds_base);
 
 #else
-    rdmsrl(MSR_FS_BASE, host_env->fs_base); 
-    rdmsrl(MSR_GS_BASE, host_env->gs_base); 
-    error |= __vmwrite(HOST_FS_BASE, host_env->fs_base); 
-    error |= __vmwrite(HOST_GS_BASE, host_env->gs_base); 
+    rdmsrl(MSR_FS_BASE, host_env->fs_base);
+    rdmsrl(MSR_GS_BASE, host_env->gs_base);
+    error |= __vmwrite(HOST_FS_BASE, host_env->fs_base);
+    error |= __vmwrite(HOST_GS_BASE, host_env->gs_base);
 
 #endif
     host_env->cs_selector = __HYPERVISOR_CS;
@@ -401,16 +407,16 @@
     error |= __vmwrite(HOST_CR0, crn); /* same CR0 */
 
     /* CR3 is set in vmx_final_setup_hostos */
-    __asm__ __volatile__ ("mov %%cr4,%0" : "=r" (crn) : ); 
+    __asm__ __volatile__ ("mov %%cr4,%0" : "=r" (crn) : );
     error |= __vmwrite(HOST_CR4, crn);
 
     error |= __vmwrite(HOST_RIP, (unsigned long) vmx_asm_vmexit_handler);
-#ifdef __x86_64__ 
-    /* TBD: support cr8 for 64-bit guest */ 
-    __vmwrite(VIRTUAL_APIC_PAGE_ADDR, 0); 
-    __vmwrite(TPR_THRESHOLD, 0); 
-    __vmwrite(SECONDARY_VM_EXEC_CONTROL, 0); 
-#endif 
+#ifdef __x86_64__
+    /* TBD: support cr8 for 64-bit guest */
+    __vmwrite(VIRTUAL_APIC_PAGE_ADDR, 0);
+    __vmwrite(TPR_THRESHOLD, 0);
+    __vmwrite(SECONDARY_VM_EXEC_CONTROL, 0);
+#endif
 
     return error;
 }
@@ -440,37 +446,37 @@
 
     if ((error = __vmpclear (vmcs_phys_ptr))) {
         printk("construct_vmcs: VMCLEAR failed\n");
-        return -EINVAL;         
+        return -EINVAL;
     }
     if ((error = load_vmcs(arch_vmx, vmcs_phys_ptr))) {
         printk("construct_vmcs: load_vmcs failed: VMCS = %lx\n",
                (unsigned long) vmcs_phys_ptr);
-        return -EINVAL; 
+        return -EINVAL;
     }
     if ((error = construct_vmcs_controls(arch_vmx))) {
         printk("construct_vmcs: construct_vmcs_controls failed\n");
-        return -EINVAL;         
+        return -EINVAL;
     }
     /* host selectors */
     if ((error = construct_vmcs_host(&host_env))) {
         printk("construct_vmcs: construct_vmcs_host failed\n");
-        return -EINVAL;         
+        return -EINVAL;
     }
     /* guest selectors */
-    if ((error = construct_init_vmcs_guest(regs, ctxt, &host_env))) {
+    if ((error = construct_init_vmcs_guest(regs))) {
         printk("construct_vmcs: construct_vmcs_guest failed\n");
-        return -EINVAL;         
-    }       
-
-    if ((error |= __vmwrite(EXCEPTION_BITMAP, 
+        return -EINVAL;
+    }
+
+    if ((error |= __vmwrite(EXCEPTION_BITMAP,
                             MONITOR_DEFAULT_EXCEPTION_BITMAP))) {
         printk("construct_vmcs: setting Exception bitmap failed\n");
-        return -EINVAL;         
+        return -EINVAL;
     }
 
     if (regs->eflags & EF_TF)
         __vm_set_bit(EXCEPTION_BITMAP, EXCEPTION_BITMAP_DB);
-    else 
+    else
         __vm_clear_bit(EXCEPTION_BITMAP, EXCEPTION_BITMAP_DB);
 
     return 0;
@@ -491,7 +497,7 @@
     if ((error = load_vmcs(arch_vmx, vmcs_phys_ptr))) {
         printk("modify_vmcs: load_vmcs failed: VMCS = %lx\n",
                (unsigned long) vmcs_phys_ptr);
-        return -EINVAL; 
+        return -EINVAL;
     }
     load_cpu_user_regs(regs);
 
@@ -500,23 +506,23 @@
     return 0;
 }
 
-int load_vmcs(struct arch_vmx_struct *arch_vmx, u64 phys_ptr) 
+int load_vmcs(struct arch_vmx_struct *arch_vmx, u64 phys_ptr)
 {
     int error;
 
     if ((error = __vmptrld(phys_ptr))) {
-        clear_bit(ARCH_VMX_VMCS_LOADED, &arch_vmx->flags); 
+        clear_bit(ARCH_VMX_VMCS_LOADED, &arch_vmx->flags);
         return error;
     }
-    set_bit(ARCH_VMX_VMCS_LOADED, &arch_vmx->flags); 
+    set_bit(ARCH_VMX_VMCS_LOADED, &arch_vmx->flags);
     return 0;
 }
 
-int store_vmcs(struct arch_vmx_struct *arch_vmx, u64 phys_ptr) 
+int store_vmcs(struct arch_vmx_struct *arch_vmx, u64 phys_ptr)
 {
     /* take the current VMCS */
     __vmptrst(phys_ptr);
-    clear_bit(ARCH_VMX_VMCS_LOADED, &arch_vmx->flags); 
+    clear_bit(ARCH_VMX_VMCS_LOADED, &arch_vmx->flags);
     return 0;
 }
 
@@ -536,7 +542,7 @@
     __vmx_bug(guest_cpu_user_regs());
 }
 
-void arch_vmx_do_resume(struct vcpu *v) 
+void arch_vmx_do_resume(struct vcpu *v)
 {
     u64 vmcs_phys_ptr = (u64) virt_to_phys(v->arch.arch_vmx.vmcs);
 
@@ -545,7 +551,7 @@
     reset_stack_and_jump(vmx_asm_do_resume);
 }
 
-void arch_vmx_do_launch(struct vcpu *v) 
+void arch_vmx_do_launch(struct vcpu *v)
 {
     u64 vmcs_phys_ptr = (u64) virt_to_phys(v->arch.arch_vmx.vmcs);
 
diff -r eaedc6b4ec0f -r ef9591d03fdd xen/common/grant_table.c
--- a/xen/common/grant_table.c  Fri Sep 23 21:41:28 2005
+++ b/xen/common/grant_table.c  Mon Sep 26 17:07:49 2005
@@ -24,10 +24,6 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-#define GRANT_DEBUG 0
-#define GRANT_DEBUG_VERBOSE 0
-
-#include <xen/config.h>
 #include <xen/lib.h>
 #include <xen/sched.h>
 #include <xen/shadow.h>
@@ -68,39 +64,32 @@
     t->map_count--;
 }
 
+/*
+ * Returns 0 if TLB flush / invalidate required by caller.
+ * va will indicate the address to be invalidated.
+ * 
+ * addr is _either_ a host virtual address, or the address of the pte to
+ * update, as indicated by the GNTMAP_contains_pte flag.
+ */
 static int
-__gnttab_activate_grant_ref(
-    struct domain   *mapping_d,          /* IN */
-    struct vcpu     *mapping_ed,
-    struct domain   *granting_d,
-    grant_ref_t      ref,
-    u16              dev_hst_ro_flags,
-    u64              addr,
-    unsigned long   *pframe )            /* OUT */
-{
-    domid_t               sdom;
-    u16                   sflags;
+__gnttab_map_grant_ref(
+    gnttab_map_grant_ref_t *uop)
+{
+    domid_t        dom;
+    grant_ref_t    ref;
+    struct domain *ld, *rd;
+    struct vcpu   *led;
+    u16            dev_hst_ro_flags;
+    int            handle;
+    u64            addr;
+    unsigned long  frame = 0;
+    int            rc = GNTST_okay;
     active_grant_entry_t *act;
-    grant_entry_t        *sha;
-    s16                   rc = 1;
-    unsigned long         frame = 0;
-    int                   retries = 0;
-
-    /*
-     * Objectives of this function:
-     * . Make the record ( granting_d, ref ) active, if not already.
-     * . Update shared grant entry of owner, indicating frame is mapped.
-     * . Increment the owner act->pin reference counts.
-     * . get_page on shared frame if new mapping.
-     * . get_page_type if this is first RW mapping of frame.
-     * . Add PTE to virtual address space of mapping_d, if necessary.
-     * Returns:
-     * .  -ve: error
-     * .    1: ok
-     * .    0: ok and TLB invalidate of host_addr needed.
-     *
-     * On success, *pframe contains mfn.
-     */
+
+    /* Entry details from @rd's shared grant table. */
+    grant_entry_t *sha;
+    domid_t        sdom;
+    u16            sflags;
 
     /*
      * We bound the number of times we retry CMPXCHG on memory locations that
@@ -110,11 +99,88 @@
      * the guest to race our updates (e.g., to change the GTF_readonly flag),
      * so we allow a few retries before failing.
      */
-
-    act = &granting_d->grant_table->active[ref];
-    sha = &granting_d->grant_table->shared[ref];
-
-    spin_lock(&granting_d->grant_table->lock);
+    int retries = 0;
+
+    led = current;
+    ld = led->domain;
+
+    /* Bitwise-OR avoids short-circuiting which screws control flow. */
+    if ( unlikely(__get_user(dom, &uop->dom) |
+                  __get_user(ref, &uop->ref) |
+                  __get_user(addr, &uop->host_addr) |
+                  __get_user(dev_hst_ro_flags, &uop->flags)) )
+    {
+        DPRINTK("Fault while reading gnttab_map_grant_ref_t.\n");
+        return -EFAULT; /* don't set status */
+    }
+
+    if ( unlikely(ref >= NR_GRANT_ENTRIES) ||
+         unlikely((dev_hst_ro_flags &
+                   (GNTMAP_device_map|GNTMAP_host_map)) == 0) )
+    {
+        DPRINTK("Bad ref (%d) or flags (%x).\n", ref, dev_hst_ro_flags);
+        (void)__put_user(GNTST_bad_gntref, &uop->handle);
+        return GNTST_bad_gntref;
+    }
+
+    if ( acm_pre_grant_map_ref(dom) )
+    {
+        (void)__put_user(GNTST_permission_denied, &uop->handle);
+        return GNTST_permission_denied;
+    }
+
+    if ( unlikely((rd = find_domain_by_id(dom)) == NULL) ||
+         unlikely(ld == rd) )
+    {
+        if ( rd != NULL )
+            put_domain(rd);
+        DPRINTK("Could not find domain %d\n", dom);
+        (void)__put_user(GNTST_bad_domain, &uop->handle);
+        return GNTST_bad_domain;
+    }
+
+    /* Get a maptrack handle. */
+    if ( unlikely((handle = get_maptrack_handle(ld->grant_table)) == -1) )
+    {
+        int              i;
+        grant_mapping_t *new_mt;
+        grant_table_t   *lgt = ld->grant_table;
+
+        if ( (lgt->maptrack_limit << 1) > MAPTRACK_MAX_ENTRIES )
+        {
+            put_domain(rd);
+            DPRINTK("Maptrack table is at maximum size.\n");
+            (void)__put_user(GNTST_no_device_space, &uop->handle);
+            return GNTST_no_device_space;
+        }
+
+        /* Grow the maptrack table. */
+        new_mt = alloc_xenheap_pages(lgt->maptrack_order + 1);
+        if ( new_mt == NULL )
+        {
+            put_domain(rd);
+            DPRINTK("No more map handles available.\n");
+            (void)__put_user(GNTST_no_device_space, &uop->handle);
+            return GNTST_no_device_space;
+        }
+
+        memcpy(new_mt, lgt->maptrack, PAGE_SIZE << lgt->maptrack_order);
+        for ( i = lgt->maptrack_limit; i < (lgt->maptrack_limit << 1); i++ )
+            new_mt[i].ref_and_flags = (i+1) << MAPTRACK_REF_SHIFT;
+
+        free_xenheap_pages(lgt->maptrack, lgt->maptrack_order);
+        lgt->maptrack          = new_mt;
+        lgt->maptrack_order   += 1;
+        lgt->maptrack_limit  <<= 1;
+
+        DPRINTK("Doubled maptrack size\n");
+        handle = get_maptrack_handle(ld->grant_table);
+    }
+
+    act = &rd->grant_table->active[ref];
+    sha = &rd->grant_table->shared[ref];
+
+    spin_lock(&rd->grant_table->lock);
 
     if ( act->pin == 0 )
     {
@@ -132,10 +198,10 @@
             u32 scombo, prev_scombo, new_scombo;
 
             if ( unlikely((sflags & GTF_type_mask) != GTF_permit_access) ||
-                 unlikely(sdom != mapping_d->domain_id) )
+                 unlikely(sdom != led->domain->domain_id) )
                 PIN_FAIL(unlock_out, GNTST_general_error,
                          "Bad flags (%x) or dom (%d). (NB. expected dom %d)\n",
-                        sflags, sdom, mapping_d->domain_id);
+                        sflags, sdom, led->domain->domain_id);
 
             /* Merge two 16-bit values into a 32-bit combined update. */
             /* NB. Endianness! */
@@ -173,12 +239,12 @@
 
         /* rmb(); */ /* not on x86 */
 
-        frame = __gpfn_to_mfn_foreign(granting_d, sha->frame);
+        frame = __gpfn_to_mfn_foreign(rd, sha->frame);
 
         if ( unlikely(!pfn_valid(frame)) ||
              unlikely(!((dev_hst_ro_flags & GNTMAP_readonly) ?
-                        get_page(&frame_table[frame], granting_d) :
-                        get_page_and_type(&frame_table[frame], granting_d,
+                        get_page(&frame_table[frame], rd) :
+                        get_page_and_type(&frame_table[frame], rd,
                                           PGT_writable_page))) )
         {
             clear_bit(_GTF_writing, &sha->flags);
@@ -208,10 +274,11 @@
             PIN_FAIL(unlock_out, ENOSPC,
                      "Risk of counter overflow %08x\n", act->pin);
 
-        frame = act->frame;
-
-        if ( !(dev_hst_ro_flags & GNTMAP_readonly) && 
-             !((sflags = sha->flags) & GTF_writing) )
+        sflags = sha->flags;
+        frame  = act->frame;
+
+        if ( !(dev_hst_ro_flags & GNTMAP_readonly) &&
+             !(act->pin & (GNTPIN_hstw_mask|GNTPIN_devw_mask)) )
         {
             for ( ; ; )
             {
@@ -264,9 +331,9 @@
      * frame contains the mfn.
      */
 
-    spin_unlock(&granting_d->grant_table->lock);
-
-    if ( (addr != 0) && (dev_hst_ro_flags & GNTMAP_host_map) )
+    spin_unlock(&rd->grant_table->lock);
+
+    if ( dev_hst_ro_flags & GNTMAP_host_map )
     {
         /* Write update into the pagetable. */
         l1_pgentry_t pte;
@@ -278,18 +345,15 @@
             l1e_add_flags(pte,_PAGE_RW);
 
         if ( dev_hst_ro_flags & GNTMAP_contains_pte )
-            rc = update_grant_pte_mapping(addr, pte, mapping_d, mapping_ed);
+            rc = update_grant_pte_mapping(addr, pte, led);
         else
-            rc = update_grant_va_mapping(addr, pte, mapping_d, mapping_ed);
-
-        /* IMPORTANT: rc indicates the degree of TLB flush that is required.
-         * GNTST_flush_one (1) or GNTST_flush_all (2). This is done in the 
-         * outer gnttab_map_grant_ref. */
+            rc = update_grant_va_mapping(addr, pte, led);
+
         if ( rc < 0 )
         {
             /* Failure: undo and abort. */
 
-            spin_lock(&granting_d->grant_table->lock);
+            spin_lock(&rd->grant_table->lock);
 
             if ( dev_hst_ro_flags & GNTMAP_readonly )
             {
@@ -311,160 +375,26 @@
                 put_page(&frame_table[frame]);
             }
 
-            spin_unlock(&granting_d->grant_table->lock);
-        }
-
-    }
-
-    *pframe = frame;
+            spin_unlock(&rd->grant_table->lock);
+        }
+    }
+
+    ld->grant_table->maptrack[handle].domid         = dom;
+    ld->grant_table->maptrack[handle].ref_and_flags =
+        (ref << MAPTRACK_REF_SHIFT) |
+        (dev_hst_ro_flags & MAPTRACK_GNTMAP_MASK);
+
+    (void)__put_user((u64)frame << PAGE_SHIFT, &uop->dev_bus_addr);
+    (void)__put_user(handle, &uop->handle);
+
+    put_domain(rd);
     return rc;
 
+
  unlock_out:
-    spin_unlock(&granting_d->grant_table->lock);
-    return rc;
-}
-
-/*
- * Returns 0 if TLB flush / invalidate required by caller.
- * va will indicate the address to be invalidated.
- * 
- * addr is _either_ a host virtual address, or the address of the pte to
- * update, as indicated by the GNTMAP_contains_pte flag.
- */
-static int
-__gnttab_map_grant_ref(
-    gnttab_map_grant_ref_t *uop,
-    unsigned long *va)
-{
-    domid_t        dom;
-    grant_ref_t    ref;
-    struct domain *ld, *rd;
-    struct vcpu   *led;
-    u16            dev_hst_ro_flags;
-    int            handle;
-    u64            addr;
-    unsigned long  frame = 0;
-    int            rc;
-
-    led = current;
-    ld = led->domain;
-
-    /* Bitwise-OR avoids short-circuiting which screws control flow. */
-    if ( unlikely(__get_user(dom, &uop->dom) |
-                  __get_user(ref, &uop->ref) |
-                  __get_user(addr, &uop->host_addr) |
-                  __get_user(dev_hst_ro_flags, &uop->flags)) )
-    {
-        DPRINTK("Fault while reading gnttab_map_grant_ref_t.\n");
-        return -EFAULT; /* don't set status */
-    }
-
-    if ( (dev_hst_ro_flags & GNTMAP_host_map) &&
-         ( (addr == 0) ||
-           (!(dev_hst_ro_flags & GNTMAP_contains_pte) && 
-            unlikely(!__addr_ok(addr))) ) )
-    {
-        DPRINTK("Bad virtual address (%"PRIx64") or flags (%"PRIx16").\n",
-                addr, dev_hst_ro_flags);
-        (void)__put_user(GNTST_bad_virt_addr, &uop->handle);
-        return GNTST_bad_gntref;
-    }
-
-    if ( unlikely(ref >= NR_GRANT_ENTRIES) ||
-         unlikely((dev_hst_ro_flags &
-                   (GNTMAP_device_map|GNTMAP_host_map)) == 0) )
-    {
-        DPRINTK("Bad ref (%d) or flags (%x).\n", ref, dev_hst_ro_flags);
-        (void)__put_user(GNTST_bad_gntref, &uop->handle);
-        return GNTST_bad_gntref;
-    }
-
-    if (acm_pre_grant_map_ref(dom)) {
-        (void)__put_user(GNTST_permission_denied, &uop->handle);
-        return GNTST_permission_denied;
-    }
-
-    if ( unlikely((rd = find_domain_by_id(dom)) == NULL) ||
-         unlikely(ld == rd) )
-    {
-        if ( rd != NULL )
-            put_domain(rd);
-        DPRINTK("Could not find domain %d\n", dom);
-        (void)__put_user(GNTST_bad_domain, &uop->handle);
-        return GNTST_bad_domain;
-    }
-
-    /* Get a maptrack handle. */
-    if ( unlikely((handle = get_maptrack_handle(ld->grant_table)) == -1) )
-    {
-        int              i;
-        grant_mapping_t *new_mt;
-        grant_table_t   *lgt = ld->grant_table;
-
-        if ( (lgt->maptrack_limit << 1) > MAPTRACK_MAX_ENTRIES )
-        {
-            put_domain(rd);
-            DPRINTK("Maptrack table is at maximum size.\n");
-            (void)__put_user(GNTST_no_device_space, &uop->handle);
-            return GNTST_no_device_space;
-        }
-
-        /* Grow the maptrack table. */
-        new_mt = alloc_xenheap_pages(lgt->maptrack_order + 1);
-        if ( new_mt == NULL )
-        {
-            put_domain(rd);
-            DPRINTK("No more map handles available.\n");
-            (void)__put_user(GNTST_no_device_space, &uop->handle);
-            return GNTST_no_device_space;
-        }
-
-        memcpy(new_mt, lgt->maptrack, PAGE_SIZE << lgt->maptrack_order);
-        for ( i = lgt->maptrack_limit; i < (lgt->maptrack_limit << 1); i++ )
-            new_mt[i].ref_and_flags = (i+1) << MAPTRACK_REF_SHIFT;
-
-        free_xenheap_pages(lgt->maptrack, lgt->maptrack_order);
-        lgt->maptrack          = new_mt;
-        lgt->maptrack_order   += 1;
-        lgt->maptrack_limit  <<= 1;
-
-        DPRINTK("Doubled maptrack size\n");
-        handle = get_maptrack_handle(ld->grant_table);
-    }
-
-#if GRANT_DEBUG_VERBOSE
-    DPRINTK("Mapping grant ref (%hu) for domain (%hu) with flags (%x)\n",
-            ref, dom, dev_hst_ro_flags);
-#endif
-
-    if ( (rc = __gnttab_activate_grant_ref(ld, led, rd, ref, dev_hst_ro_flags,
-                                           addr, &frame)) >= 0 )
-    {
-        /*
-         * Only make the maptrack live _after_ writing the pte, in case we 
-         * overwrite the same frame number, causing a maptrack walk to find it
-         */
-        ld->grant_table->maptrack[handle].domid = dom;
-
-        ld->grant_table->maptrack[handle].ref_and_flags
-            = (ref << MAPTRACK_REF_SHIFT) |
-              (dev_hst_ro_flags & MAPTRACK_GNTMAP_MASK);
-
-        (void)__put_user((u64)frame << PAGE_SHIFT, &uop->dev_bus_addr);
-
-        if ( ( dev_hst_ro_flags & GNTMAP_host_map ) &&
-             !( dev_hst_ro_flags & GNTMAP_contains_pte) )
-            *va = addr;
-
-        (void)__put_user(handle, &uop->handle);
-    }
-    else
-    {
-        (void)__put_user(rc, &uop->handle);
-        put_maptrack_handle(ld->grant_table, handle);
-    }
-
-    put_domain(rd);
+    spin_unlock(&rd->grant_table->lock);
+    (void)__put_user(rc, &uop->handle);
+    put_maptrack_handle(ld->grant_table, handle);
     return rc;
 }
 
@@ -472,25 +402,17 @@
 gnttab_map_grant_ref(
     gnttab_map_grant_ref_t *uop, unsigned int count)
 {
-    int i, rc, flush = 0;
-    unsigned long va = 0;
+    int i;
 
     for ( i = 0; i < count; i++ )
-        if ( (rc =__gnttab_map_grant_ref(&uop[i], &va)) >= 0 )
-            flush += rc;
-
-    if ( flush == 1 )
-        flush_tlb_one_mask(current->domain->cpumask, va);
-    else if ( flush != 0 ) 
-        flush_tlb_mask(current->domain->cpumask);
+        (void)__gnttab_map_grant_ref(&uop[i]);
 
     return 0;
 }
 
 static int
 __gnttab_unmap_grant_ref(
-    gnttab_unmap_grant_ref_t *uop,
-    unsigned long *va)
+    gnttab_unmap_grant_ref_t *uop)
 {
     domid_t          dom;
     grant_ref_t      ref;
@@ -500,7 +422,7 @@
     grant_entry_t   *sha;
     grant_mapping_t *map;
     u16              flags;
-    s16              rc = 1;
+    s16              rc = 0;
     u64              addr, dev_bus_addr;
     unsigned long    frame;
 
@@ -540,11 +462,6 @@
         (void)__put_user(GNTST_bad_domain, &uop->status);
         return GNTST_bad_domain;
     }
-
-#if GRANT_DEBUG_VERBOSE
-    DPRINTK("Unmapping grant ref (%hu) for domain (%hu) with handle (%hu)\n",
-            ref, dom, handle);
-#endif
 
     act = &rd->grant_table->active[ref];
     sha = &rd->grant_table->shared[ref];
@@ -566,8 +483,6 @@
 
         map->ref_and_flags &= ~GNTMAP_device_map;
         (void)__put_user(0, &uop->dev_bus_addr);
-
-        /* Frame is now unmapped for device access. */
     }
 
     if ( (addr != 0) &&
@@ -589,10 +504,6 @@
 
         act->pin -= (flags & GNTMAP_readonly) ? GNTPIN_hstr_inc
                                               : GNTPIN_hstw_inc;
-
-        rc = 0;
-        if ( !( flags & GNTMAP_contains_pte) )
-            *va = addr;
     }
 
     if ( (map->ref_and_flags & (GNTMAP_device_map|GNTMAP_host_map)) == 0)
@@ -632,17 +543,12 @@
 gnttab_unmap_grant_ref(
     gnttab_unmap_grant_ref_t *uop, unsigned int count)
 {
-    int i, flush = 0;
-    unsigned long va = 0;
+    int i;
 
     for ( i = 0; i < count; i++ )
-        if ( __gnttab_unmap_grant_ref(&uop[i], &va) == 0 )
-            flush++;
-
-    if ( flush == 1 )
-        flush_tlb_one_mask(current->domain->cpumask, va);
-    else if ( flush != 0 ) 
-        flush_tlb_mask(current->domain->cpumask);
+        (void)__gnttab_unmap_grant_ref(&uop[i]);
+
+    flush_tlb_mask(current->domain->cpumask);
 
     return 0;
 }
@@ -703,9 +609,9 @@
     return 0;
 }
 
-#if GRANT_DEBUG
 static int
-gnttab_dump_table(gnttab_dump_table_t *uop)
+gnttab_dump_table(
+    gnttab_dump_table_t *uop)
 {
     grant_table_t        *gt;
     gnttab_dump_table_t   op;
@@ -716,6 +622,8 @@
     grant_mapping_t      *maptrack;
     int                   i;
 
+    if ( !IS_PRIV(current->domain) )
+        return -EPERM;
 
     if ( unlikely(copy_from_user(&op, uop, sizeof(op)) != 0) )
     {
@@ -724,9 +632,7 @@
     }
 
     if ( op.dom == DOMID_SELF )
-    {
         op.dom = current->domain->domain_id;
-    }
 
     if ( unlikely((d = find_domain_by_id(op.dom)) == NULL) )
     {
@@ -750,14 +656,11 @@
 
     for ( i = 0; i < NR_GRANT_ENTRIES; i++ )
     {
-        sha_copy =  gt->shared[i];
-
+        sha_copy = gt->shared[i];
         if ( sha_copy.flags )
-        {
             DPRINTK("Grant: dom (%hu) SHARED (%d) flags:(%hx) "
                     "dom:(%hu) frame:(%x)\n",
                     op.dom, i, sha_copy.flags, sha_copy.domid, sha_copy.frame);
-        }
     }
 
     spin_lock(&gt->lock);
@@ -765,28 +668,22 @@
     for ( i = 0; i < NR_GRANT_ENTRIES; i++ )
     {
         act = &gt->active[i];
-
         if ( act->pin )
-        {
             DPRINTK("Grant: dom (%hu) ACTIVE (%d) pin:(%x) "
                     "dom:(%hu) frame:(%lx)\n",
                     op.dom, i, act->pin, act->domid, act->frame);
-        }
     }
 
     for ( i = 0; i < gt->maptrack_limit; i++ )
     {
         maptrack = &gt->maptrack[i];
-
         if ( maptrack->ref_and_flags & MAPTRACK_GNTMAP_MASK )
-        {
             DPRINTK("Grant: dom (%hu) MAP (%d) ref:(%hu) flags:(%x) "
                     "dom:(%hu)\n",
                     op.dom, i,
                     maptrack->ref_and_flags >> MAPTRACK_REF_SHIFT,
                     maptrack->ref_and_flags & MAPTRACK_GNTMAP_MASK,
                     maptrack->domid);
-        }
     }
 
     spin_unlock(&gt->lock);
@@ -794,10 +691,10 @@
     put_domain(d);
     return 0;
 }
-#endif
 
 static long
-gnttab_transfer(gnttab_transfer_t *uop, unsigned int count)
+gnttab_transfer(
+    gnttab_transfer_t *uop, unsigned int count)
 {
     struct domain *d = current->domain;
     struct domain *e;
@@ -810,10 +707,7 @@
     for ( i = 0; i < count; i++ )
     {
         gnttab_transfer_t *gop = &uop[i];
-#if GRANT_DEBUG
-        printk("gnttab_transfer: i=%d mfn=%lx domid=%d gref=%08x\n",
-               i, gop->mfn, gop->domid, gop->handle);
-#endif
+
         page = &frame_table[gop->mfn];
         
         if ( unlikely(IS_XEN_HEAP_FRAME(page)))
@@ -956,11 +850,9 @@
     case GNTTABOP_setup_table:
         rc = gnttab_setup_table((gnttab_setup_table_t *)uop, count);
         break;
-#if GRANT_DEBUG
     case GNTTABOP_dump_table:
         rc = gnttab_dump_table((gnttab_dump_table_t *)uop);
         break;
-#endif
     case GNTTABOP_transfer:
         if (unlikely(!array_access_ok(
             uop, count, sizeof(gnttab_transfer_t))))
@@ -1001,12 +893,6 @@
     int found = 0;
     
     lgt = ld->grant_table;
-    
-#if GRANT_DEBUG_VERBOSE
-    if ( ld->domain_id != 0 )
-        DPRINTK("Foreign unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
-                rd->domain_id, ld->domain_id, frame, readonly);
-#endif
     
     /* Fast exit if we're not mapping anything using grant tables */
     if ( lgt->map_count == 0 )
@@ -1098,11 +984,6 @@
     int            retries = 0;
     unsigned long  target_pfn;
 
-#if GRANT_DEBUG_VERBOSE
-    DPRINTK("gnttab_prepare_for_transfer rd(%hu) ld(%hu) ref(%hu).\n",
-            rd->domain_id, ld->domain_id, ref);
-#endif
-
     if ( unlikely((rgt = rd->grant_table) == NULL) ||
          unlikely(ref >= NR_GRANT_ENTRIES) )
     {
diff -r eaedc6b4ec0f -r ef9591d03fdd xen/include/asm-x86/e820.h
--- a/xen/include/asm-x86/e820.h        Fri Sep 23 21:41:28 2005
+++ b/xen/include/asm-x86/e820.h        Mon Sep 26 17:07:49 2005
@@ -11,6 +11,11 @@
 #define E820_NVS          4
 #define E820_IO          16
 #define E820_SHARED_PAGE 17
+#define E820_XENSTORE    18
+
+#define E820_MAP_PAGE        0x00090000
+#define E820_MAP_NR_OFFSET   0x000001E8
+#define E820_MAP_OFFSET      0x000002D0
 
 #ifndef __ASSEMBLY__
 struct e820entry {
diff -r eaedc6b4ec0f -r ef9591d03fdd xen/include/asm-x86/mm.h
--- a/xen/include/asm-x86/mm.h  Fri Sep 23 21:41:28 2005
+++ b/xen/include/asm-x86/mm.h  Mon Sep 26 17:07:49 2005
@@ -380,11 +380,9 @@
  * hold a reference to the page.
  */
 int update_grant_va_mapping(
-    unsigned long va, l1_pgentry_t _nl1e, 
-    struct domain *d, struct vcpu *v);
+    unsigned long va, l1_pgentry_t _nl1e, struct vcpu *v);
 int update_grant_pte_mapping(
-    unsigned long pte_addr, l1_pgentry_t _nl1e, 
-    struct domain *d, struct vcpu *v);
+    unsigned long pte_addr, l1_pgentry_t _nl1e, struct vcpu *v);
 int clear_grant_va_mapping(unsigned long addr, unsigned long frame);
 int clear_grant_pte_mapping(
     unsigned long addr, unsigned long frame, struct domain *d);
diff -r eaedc6b4ec0f -r ef9591d03fdd xen/include/asm-x86/vmx_platform.h
--- a/xen/include/asm-x86/vmx_platform.h        Fri Sep 23 21:41:28 2005
+++ b/xen/include/asm-x86/vmx_platform.h        Mon Sep 26 17:07:49 2005
@@ -93,7 +93,6 @@
 
 extern void handle_mmio(unsigned long, unsigned long);
 extern void vmx_wait_io(void);
-extern int vmx_setup_platform(struct vcpu *, struct cpu_user_regs *);
 extern void vmx_io_assist(struct vcpu *v);
 
 // XXX - think about this -- maybe use bit 30 of the mfn to signify an MMIO 
frame.
diff -r eaedc6b4ec0f -r ef9591d03fdd xen/include/xen/grant_table.h
--- a/xen/include/xen/grant_table.h     Fri Sep 23 21:41:28 2005
+++ b/xen/include/xen/grant_table.h     Mon Sep 26 17:07:49 2005
@@ -110,8 +110,4 @@
 void
 gnttab_release_dev_mappings(grant_table_t *gt);
 
-/* Extra GNTST_ values, for internal use only. */
-#define GNTST_flush_all        (2)  /* Success, need to flush entire TLB.    */
-#define GNTST_flush_one        (1)  /* Success, need to flush a vaddr.       */
-
 #endif /* __XEN_GRANT_H__ */
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/check/check_hotplug
--- /dev/null   Fri Sep 23 21:41:28 2005
+++ b/tools/check/check_hotplug Mon Sep 26 17:07:49 2005
@@ -0,0 +1,10 @@
+#!/bin/bash
+# CHECK-INSTALL
+
+function error {
+   echo
+   echo '  *** Check for the hotplug scripts (hotplug) FAILED'
+   exit 1
+}
+
+which hotplug 1>/dev/null 2>&1 || error
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/speedtest.c
--- /dev/null   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/speedtest.c        Mon Sep 26 17:07:49 2005
@@ -0,0 +1,130 @@
+/* 
+    Xen Store Daemon Speed test
+    Copyright (C) 2005 Rusty Russell IBM Corporation
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+*/
+
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <errno.h>
+#include "utils.h"
+#include "xs.h"
+#include "list.h"
+#include "talloc.h"
+
+static void do_command(const char *cmd)
+{
+       int ret;
+
+       ret = system(cmd);
+       if (ret == -1 || !WIFEXITED(ret) || WEXITSTATUS(ret) != 0)
+               barf_perror("Failed '%s': %i", cmd, ret);
+}
+
+static int start_daemon(void)
+{
+       int fds[2], pid;
+
+       do_command(talloc_asprintf(NULL, "rm -rf testsuite/tmp/*"));
+
+       /* Start daemon. */
+       pipe(fds);
+       if ((pid = fork())) {
+               /* Child writes PID when its ready: we wait for that. */
+               char buffer[20];
+               close(fds[1]);
+               if (read(fds[0], buffer, sizeof(buffer)) < 0)
+                       barf("Failed to summon daemon");
+               close(fds[0]);
+       } else {
+               dup2(fds[1], STDOUT_FILENO);
+               close(fds[0]);
+#if 0
+               execlp("valgrind", "valgrind", "-q", 
"--suppressions=testsuite/vg-suppressions", "xenstored_test", "--output-pid",
+                      "--no-fork", "--trace-file=/tmp/trace", NULL);
+#else
+               execlp("./xenstored_test", "xenstored_test", "--output-pid", 
"--no-fork", NULL);
+//             execlp("strace", "strace", "-o", "/tmp/out", 
"./xenstored_test", "--output-pid", "--no-fork", NULL);
+#endif
+               exit(1);
+       }
+       return pid;
+}
+
+static void kill_daemon(int pid)
+{
+       int saved_errno = errno;
+       kill(pid, SIGTERM);
+       errno = saved_errno;
+}
+
+#define NUM_ENTRIES 50
+
+/* We create the given number of trees, each with NUM_ENTRIES, using
+ * transactions. */
+int main(int argc, char *argv[])
+{
+       int i, j, pid, print;
+       struct xs_handle *h;
+
+       if (argc != 2)
+               barf("Usage: speedtest <numdomains>");
+
+       pid = start_daemon();
+       h = xs_daemon_open();
+       print = atoi(argv[1]) / 76;
+       if (!print)
+               print = 1;
+       for (i = 0; i < atoi(argv[1]); i ++) {
+               char name[64];
+
+               if (i % print == 0)
+                       write(1, ".", 1);
+               if (!xs_transaction_start(h, "/")) {
+                       kill_daemon(pid);
+                       barf_perror("Starting transaction");
+               }
+               sprintf(name, "/%i", i);
+               if (!xs_mkdir(h, name)) {
+                       kill_daemon(pid);
+                       barf_perror("Making directory %s", name);
+               }
+
+               for (j = 0; j < NUM_ENTRIES; j++) {
+                       sprintf(name, "/%i/%i", i, j);
+                       if (!xs_write(h, name, name, strlen(name))) {
+                               kill_daemon(pid);
+                               barf_perror("Making directory %s", name);
+                       }
+               }
+               if (!xs_transaction_end(h, false)) {
+                       kill_daemon(pid);
+                       barf_perror("Ending transaction");
+               }
+       }
+       write(1, "\n", 1);
+
+       kill_daemon(pid);
+       wait(NULL);
+       return 0;
+}
+       
+       
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/tdb.c
--- /dev/null   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/tdb.c      Mon Sep 26 17:07:49 2005
@@ -0,0 +1,2151 @@
+ /* 
+   Unix SMB/CIFS implementation.
+
+   trivial database library
+
+   Copyright (C) Andrew Tridgell              1999-2004
+   Copyright (C) Paul `Rusty' Russell             2000
+   Copyright (C) Jeremy Allison                           2000-2003
+   
+     ** NOTE! The following LGPL license applies to the tdb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+*/
+
+
+#ifndef _SAMBA_BUILD_
+#if HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <sys/mman.h>
+#include <sys/stat.h>
+#include "tdb.h"
+#include <stdarg.h>
+#include "talloc.h"
+#define HAVE_MMAP
+#else
+#include "includes.h"
+#include "lib/tdb/include/tdb.h"
+#include "system/time.h"
+#include "system/shmem.h"
+#include "system/filesys.h"
+#endif
+
+#define TDB_MAGIC_FOOD "TDB file\n"
+#define TDB_VERSION (0x26011967 + 6)
+#define TDB_MAGIC (0x26011999U)
+#define TDB_FREE_MAGIC (~TDB_MAGIC)
+#define TDB_DEAD_MAGIC (0xFEE1DEAD)
+#define TDB_ALIGNMENT 4
+#define MIN_REC_SIZE (2*sizeof(struct list_struct) + TDB_ALIGNMENT)
+#define DEFAULT_HASH_SIZE 131
+#define TDB_PAGE_SIZE 0x2000
+#define FREELIST_TOP (sizeof(struct tdb_header))
+#define TDB_ALIGN(x,a) (((x) + (a)-1) & ~((a)-1))
+#define TDB_BYTEREV(x) 
(((((x)&0xff)<<24)|((x)&0xFF00)<<8)|(((x)>>8)&0xFF00)|((x)>>24))
+#define TDB_DEAD(r) ((r)->magic == TDB_DEAD_MAGIC)
+#define TDB_BAD_MAGIC(r) ((r)->magic != TDB_MAGIC && !TDB_DEAD(r))
+#define TDB_HASH_TOP(hash) (FREELIST_TOP + (BUCKET(hash)+1)*sizeof(tdb_off))
+#define TDB_DATA_START(hash_size) (TDB_HASH_TOP(hash_size-1))
+
+
+/* NB assumes there is a local variable called "tdb" that is the
+ * current context, also takes doubly-parenthesized print-style
+ * argument. */
+#define TDB_LOG(x) tdb->log_fn x
+
+/* lock offsets */
+#define GLOBAL_LOCK 0
+#define ACTIVE_LOCK 4
+
+#ifndef MAP_FILE
+#define MAP_FILE 0
+#endif
+
+#ifndef MAP_FAILED
+#define MAP_FAILED ((void *)-1)
+#endif
+
+#ifndef discard_const_p
+# if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
+#  define discard_const(ptr) ((void *)((intptr_t)(ptr)))
+# else
+#  define discard_const(ptr) ((void *)(ptr))
+# endif
+# define discard_const_p(type, ptr) ((type *)discard_const(ptr))
+#endif
+
+/* free memory if the pointer is valid and zero the pointer */
+#ifndef SAFE_FREE
+#define SAFE_FREE(x) do { if ((x) != NULL) {talloc_free(discard_const_p(void 
*, (x))); (x)=NULL;} } while(0)
+#endif
+
+#define BUCKET(hash) ((hash) % tdb->header.hash_size)
+TDB_DATA tdb_null;
+
+/* all contexts, to ensure no double-opens (fcntl locks don't nest!) */
+static TDB_CONTEXT *tdbs = NULL;
+
+static int tdb_munmap(TDB_CONTEXT *tdb)
+{
+       if (tdb->flags & TDB_INTERNAL)
+               return 0;
+
+#ifdef HAVE_MMAP
+       if (tdb->map_ptr) {
+               int ret = munmap(tdb->map_ptr, tdb->map_size);
+               if (ret != 0)
+                       return ret;
+       }
+#endif
+       tdb->map_ptr = NULL;
+       return 0;
+}
+
+static void tdb_mmap(TDB_CONTEXT *tdb)
+{
+       if (tdb->flags & TDB_INTERNAL)
+               return;
+
+#ifdef HAVE_MMAP
+       if (!(tdb->flags & TDB_NOMMAP)) {
+               tdb->map_ptr = mmap(NULL, tdb->map_size, 
+                                   PROT_READ|(tdb->read_only? 0:PROT_WRITE), 
+                                   MAP_SHARED|MAP_FILE, tdb->fd, 0);
+
+               /*
+                * NB. When mmap fails it returns MAP_FAILED *NOT* NULL !!!!
+                */
+
+               if (tdb->map_ptr == MAP_FAILED) {
+                       tdb->map_ptr = NULL;
+                       TDB_LOG((tdb, 2, "tdb_mmap failed for size %d (%s)\n", 
+                                tdb->map_size, strerror(errno)));
+               }
+       } else {
+               tdb->map_ptr = NULL;
+       }
+#else
+       tdb->map_ptr = NULL;
+#endif
+}
+
+/* Endian conversion: we only ever deal with 4 byte quantities */
+static void *convert(void *buf, u32 size)
+{
+       u32 i, *p = buf;
+       for (i = 0; i < size / 4; i++)
+               p[i] = TDB_BYTEREV(p[i]);
+       return buf;
+}
+#define DOCONV() (tdb->flags & TDB_CONVERT)
+#define CONVERT(x) (DOCONV() ? convert(&x, sizeof(x)) : &x)
+
+/* the body of the database is made of one list_struct for the free space
+   plus a separate data list for each hash value */
+struct list_struct {
+       tdb_off next; /* offset of the next record in the list */
+       tdb_len rec_len; /* total byte length of record */
+       tdb_len key_len; /* byte length of key */
+       tdb_len data_len; /* byte length of data */
+       u32 full_hash; /* the full 32 bit hash of the key */
+       u32 magic;   /* try to catch errors */
+       /* the following union is implied:
+               union {
+                       char record[rec_len];
+                       struct {
+                               char key[key_len];
+                               char data[data_len];
+                       }
+                       u32 totalsize; (tailer)
+               }
+       */
+};
+
+/* a byte range locking function - return 0 on success
+   this functions locks/unlocks 1 byte at the specified offset.
+
+   On error, errno is also set so that errors are passed back properly
+   through tdb_open(). */
+static int tdb_brlock(TDB_CONTEXT *tdb, tdb_off offset, 
+                     int rw_type, int lck_type, int probe)
+{
+       struct flock fl;
+       int ret;
+
+       if (tdb->flags & TDB_NOLOCK)
+               return 0;
+       if ((rw_type == F_WRLCK) && (tdb->read_only)) {
+               errno = EACCES;
+               return -1;
+       }
+
+       fl.l_type = rw_type;
+       fl.l_whence = SEEK_SET;
+       fl.l_start = offset;
+       fl.l_len = 1;
+       fl.l_pid = 0;
+
+       do {
+               ret = fcntl(tdb->fd,lck_type,&fl);
+       } while (ret == -1 && errno == EINTR);
+
+       if (ret == -1) {
+               if (!probe && lck_type != F_SETLK) {
+                       /* Ensure error code is set for log fun to examine. */
+                       tdb->ecode = TDB_ERR_LOCK;
+                       TDB_LOG((tdb, 5,"tdb_brlock failed (fd=%d) at offset %d 
rw_type=%d lck_type=%d\n", 
+                                tdb->fd, offset, rw_type, lck_type));
+               }
+               /* Generic lock error. errno set by fcntl.
+                * EAGAIN is an expected return from non-blocking
+                * locks. */
+               if (errno != EAGAIN) {
+               TDB_LOG((tdb, 5, "tdb_brlock failed (fd=%d) at offset %d 
rw_type=%d lck_type=%d: %s\n", 
+                                tdb->fd, offset, rw_type, lck_type, 
+                                strerror(errno)));
+               }
+               return TDB_ERRCODE(TDB_ERR_LOCK, -1);
+       }
+       return 0;
+}
+
+/* lock a list in the database. list -1 is the alloc list */
+static int tdb_lock(TDB_CONTEXT *tdb, int list, int ltype)
+{
+       if (list < -1 || list >= (int)tdb->header.hash_size) {
+               TDB_LOG((tdb, 0,"tdb_lock: invalid list %d for ltype=%d\n", 
+                          list, ltype));
+               return -1;
+       }
+       if (tdb->flags & TDB_NOLOCK)
+               return 0;
+
+       /* Since fcntl locks don't nest, we do a lock for the first one,
+          and simply bump the count for future ones */
+       if (tdb->locked[list+1].count == 0) {
+               if (tdb_brlock(tdb,FREELIST_TOP+4*list,ltype,F_SETLKW, 0)) {
+                       TDB_LOG((tdb, 0,"tdb_lock failed on list %d ltype=%d 
(%s)\n", 
+                                          list, ltype, strerror(errno)));
+                       return -1;
+               }
+               tdb->locked[list+1].ltype = ltype;
+       }
+       tdb->locked[list+1].count++;
+       return 0;
+}
+
+/* unlock the database: returns void because it's too late for errors. */
+       /* changed to return int it may be interesting to know there
+          has been an error  --simo */
+static int tdb_unlock(TDB_CONTEXT *tdb, int list,
+                     int ltype __attribute__((unused)))
+{
+       int ret = -1;
+
+       if (tdb->flags & TDB_NOLOCK)
+               return 0;
+
+       /* Sanity checks */
+       if (list < -1 || list >= (int)tdb->header.hash_size) {
+               TDB_LOG((tdb, 0, "tdb_unlock: list %d invalid (%d)\n", list, 
tdb->header.hash_size));
+               return ret;
+       }
+
+       if (tdb->locked[list+1].count==0) {
+               TDB_LOG((tdb, 0, "tdb_unlock: count is 0\n"));
+               return ret;
+       }
+
+       if (tdb->locked[list+1].count == 1) {
+               /* Down to last nested lock: unlock underneath */
+               ret = tdb_brlock(tdb, FREELIST_TOP+4*list, F_UNLCK, F_SETLKW, 
0);
+       } else {
+               ret = 0;
+       }
+       tdb->locked[list+1].count--;
+
+       if (ret)
+               TDB_LOG((tdb, 0,"tdb_unlock: An error occurred unlocking!\n")); 
+       return ret;
+}
+
+/* This is based on the hash algorithm from gdbm */
+static u32 default_tdb_hash(TDB_DATA *key)
+{
+       u32 value;      /* Used to compute the hash value.  */
+       u32   i;        /* Used to cycle through random values. */
+
+       /* Set the initial value from the key size. */
+       for (value = 0x238F13AF * key->dsize, i=0; i < key->dsize; i++)
+               value = (value + (key->dptr[i] << (i*5 % 24)));
+
+       return (1103515243 * value + 12345);  
+}
+
+/* check for an out of bounds access - if it is out of bounds then
+   see if the database has been expanded by someone else and expand
+   if necessary 
+   note that "len" is the minimum length needed for the db
+*/
+static int tdb_oob(TDB_CONTEXT *tdb, tdb_off len, int probe)
+{
+       struct stat st;
+       if (len <= tdb->map_size)
+               return 0;
+       if (tdb->flags & TDB_INTERNAL) {
+               if (!probe) {
+                       /* Ensure ecode is set for log fn. */
+                       tdb->ecode = TDB_ERR_IO;
+                       TDB_LOG((tdb, 0,"tdb_oob len %d beyond internal malloc 
size %d\n",
+                                (int)len, (int)tdb->map_size));
+               }
+               return TDB_ERRCODE(TDB_ERR_IO, -1);
+       }
+
+       if (fstat(tdb->fd, &st) == -1)
+               return TDB_ERRCODE(TDB_ERR_IO, -1);
+
+       if (st.st_size < (off_t)len) {
+               if (!probe) {
+                       /* Ensure ecode is set for log fn. */
+                       tdb->ecode = TDB_ERR_IO;
+                       TDB_LOG((tdb, 0,"tdb_oob len %d beyond eof at %d\n",
+                                (int)len, (int)st.st_size));
+               }
+               return TDB_ERRCODE(TDB_ERR_IO, -1);
+       }
+
+       /* Unmap, update size, remap */
+       if (tdb_munmap(tdb) == -1)
+               return TDB_ERRCODE(TDB_ERR_IO, -1);
+       tdb->map_size = st.st_size;
+       tdb_mmap(tdb);
+       return 0;
+}
+
+/* write a lump of data at a specified offset */
+static int tdb_write(TDB_CONTEXT *tdb, tdb_off off, void *buf, tdb_len len)
+{
+       if (tdb_oob(tdb, off + len, 0) != 0)
+               return -1;
+
+       if (tdb->map_ptr)
+               memcpy(off + (char *)tdb->map_ptr, buf, len);
+#ifdef HAVE_PWRITE
+       else if (pwrite(tdb->fd, buf, len, off) != (ssize_t)len) {
+#else
+       else if (lseek(tdb->fd, off, SEEK_SET) != (off_t)off
+                || write(tdb->fd, buf, len) != (off_t)len) {
+#endif
+               /* Ensure ecode is set for log fn. */
+               tdb->ecode = TDB_ERR_IO;
+               TDB_LOG((tdb, 0,"tdb_write failed at %d len=%d (%s)\n",
+                          off, len, strerror(errno)));
+               return TDB_ERRCODE(TDB_ERR_IO, -1);
+       }
+       return 0;
+}
+
+/* read a lump of data at a specified offset, maybe convert */
+static int tdb_read(TDB_CONTEXT *tdb,tdb_off off,void *buf,tdb_len len,int cv)
+{
+       if (tdb_oob(tdb, off + len, 0) != 0)
+               return -1;
+
+       if (tdb->map_ptr)
+               memcpy(buf, off + (char *)tdb->map_ptr, len);
+#ifdef HAVE_PREAD
+       else if (pread(tdb->fd, buf, len, off) != (off_t)len) {
+#else
+       else if (lseek(tdb->fd, off, SEEK_SET) != (off_t)off
+                || read(tdb->fd, buf, len) != (off_t)len) {
+#endif
+               /* Ensure ecode is set for log fn. */
+               tdb->ecode = TDB_ERR_IO;
+               TDB_LOG((tdb, 0,"tdb_read failed at %d len=%d (%s)\n",
+                          off, len, strerror(errno)));
+               return TDB_ERRCODE(TDB_ERR_IO, -1);
+       }
+       if (cv)
+               convert(buf, len);
+       return 0;
+}
+
+/* don't allocate memory: used in tdb_delete path. */
+static int tdb_key_eq(TDB_CONTEXT *tdb, tdb_off off, TDB_DATA key)
+{
+       char buf[64];
+       u32 len;
+
+       if (tdb_oob(tdb, off + key.dsize, 0) != 0)
+               return -1;
+
+       if (tdb->map_ptr)
+               return !memcmp(off + (char*)tdb->map_ptr, key.dptr, key.dsize);
+
+       while (key.dsize) {
+               len = key.dsize;
+               if (len > sizeof(buf))
+                       len = sizeof(buf);
+               if (tdb_read(tdb, off, buf, len, 0) != 0)
+                       return -1;
+               if (memcmp(buf, key.dptr, len) != 0)
+                       return 0;
+               key.dptr += len;
+               key.dsize -= len;
+               off += len;
+       }
+       return 1;
+}
+
+/* read a lump of data, allocating the space for it */
+static char *tdb_alloc_read(TDB_CONTEXT *tdb, tdb_off offset, tdb_len len)
+{
+       char *buf;
+
+       if (!(buf = talloc_size(tdb, len))) {
+               /* Ensure ecode is set for log fn. */
+               tdb->ecode = TDB_ERR_OOM;
+               TDB_LOG((tdb, 0,"tdb_alloc_read malloc failed len=%d (%s)\n",
+                          len, strerror(errno)));
+               return TDB_ERRCODE(TDB_ERR_OOM, buf);
+       }
+       if (tdb_read(tdb, offset, buf, len, 0) == -1) {
+               SAFE_FREE(buf);
+               return NULL;
+       }
+       return buf;
+}
+
+/* read/write a tdb_off */
+static int ofs_read(TDB_CONTEXT *tdb, tdb_off offset, tdb_off *d)
+{
+       return tdb_read(tdb, offset, (char*)d, sizeof(*d), DOCONV());
+}
+static int ofs_write(TDB_CONTEXT *tdb, tdb_off offset, tdb_off *d)
+{
+       tdb_off off = *d;
+       return tdb_write(tdb, offset, CONVERT(off), sizeof(*d));
+}
+
+/* read/write a record */
+static int rec_read(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
+{
+       if (tdb_read(tdb, offset, rec, sizeof(*rec),DOCONV()) == -1)
+               return -1;
+       if (TDB_BAD_MAGIC(rec)) {
+               /* Ensure ecode is set for log fn. */
+               tdb->ecode = TDB_ERR_CORRUPT;
+               TDB_LOG((tdb, 0,"rec_read bad magic 0x%x at offset=%d\n", 
rec->magic, offset));
+               return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
+       }
+       return tdb_oob(tdb, rec->next+sizeof(*rec), 0);
+}
+static int rec_write(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
+{
+       struct list_struct r = *rec;
+       return tdb_write(tdb, offset, CONVERT(r), sizeof(r));
+}
+
+/* read a freelist record and check for simple errors */
+static int rec_free_read(TDB_CONTEXT *tdb, tdb_off off, struct list_struct 
*rec)
+{
+       if (tdb_read(tdb, off, rec, sizeof(*rec),DOCONV()) == -1)
+               return -1;
+
+       if (rec->magic == TDB_MAGIC) {
+               /* this happens when a app is showdown while deleting a record 
- we should
+                  not completely fail when this happens */
+               TDB_LOG((tdb, 0,"rec_free_read non-free magic 0x%x at offset=%d 
- fixing\n", 
+                        rec->magic, off));
+               rec->magic = TDB_FREE_MAGIC;
+               if (tdb_write(tdb, off, rec, sizeof(*rec)) == -1)
+                       return -1;
+       }
+
+       if (rec->magic != TDB_FREE_MAGIC) {
+               /* Ensure ecode is set for log fn. */
+               tdb->ecode = TDB_ERR_CORRUPT;
+               TDB_LOG((tdb, 0,"rec_free_read bad magic 0x%x at offset=%d\n", 
+                          rec->magic, off));
+               return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
+       }
+       if (tdb_oob(tdb, rec->next+sizeof(*rec), 0) != 0)
+               return -1;
+       return 0;
+}
+
+/* update a record tailer (must hold allocation lock) */
+static int update_tailer(TDB_CONTEXT *tdb, tdb_off offset,
+                        const struct list_struct *rec)
+{
+       tdb_off totalsize;
+
+       /* Offset of tailer from record header */
+       totalsize = sizeof(*rec) + rec->rec_len;
+       return ofs_write(tdb, offset + totalsize - sizeof(tdb_off),
+                        &totalsize);
+}
+
+static tdb_off tdb_dump_record(TDB_CONTEXT *tdb, tdb_off offset)
+{
+       struct list_struct rec;
+       tdb_off tailer_ofs, tailer;
+
+       if (tdb_read(tdb, offset, (char *)&rec, sizeof(rec), DOCONV()) == -1) {
+               printf("ERROR: failed to read record at %u\n", offset);
+               return 0;
+       }
+
+       printf(" rec: offset=0x%08x next=0x%08x rec_len=%d key_len=%d 
data_len=%d full_hash=0x%x magic=0x%x\n",
+              offset, rec.next, rec.rec_len, rec.key_len, rec.data_len, 
rec.full_hash, rec.magic);
+
+       tailer_ofs = offset + sizeof(rec) + rec.rec_len - sizeof(tdb_off);
+       if (ofs_read(tdb, tailer_ofs, &tailer) == -1) {
+               printf("ERROR: failed to read tailer at %u\n", tailer_ofs);
+               return rec.next;
+       }
+
+       if (tailer != rec.rec_len + sizeof(rec)) {
+               printf("ERROR: tailer does not match record! tailer=%u 
totalsize=%u\n",
+                               (unsigned int)tailer, (unsigned 
int)(rec.rec_len + sizeof(rec)));
+       }
+       return rec.next;
+}
+
+static int tdb_dump_chain(TDB_CONTEXT *tdb, int i)
+{
+       tdb_off rec_ptr, top;
+
+       top = TDB_HASH_TOP(i);
+
+       if (tdb_lock(tdb, i, F_WRLCK) != 0)
+               return -1;
+
+       if (ofs_read(tdb, top, &rec_ptr) == -1)
+               return tdb_unlock(tdb, i, F_WRLCK);
+
+       if (rec_ptr)
+               printf("hash=%d\n", i);
+
+       while (rec_ptr) {
+               rec_ptr = tdb_dump_record(tdb, rec_ptr);
+       }
+
+       return tdb_unlock(tdb, i, F_WRLCK);
+}
+
+void tdb_dump_all(TDB_CONTEXT *tdb)
+{
+       unsigned int i;
+       for (i=0;i<tdb->header.hash_size;i++) {
+               tdb_dump_chain(tdb, i);
+       }
+       printf("freelist:\n");
+       tdb_dump_chain(tdb, -1);
+}
+
+int tdb_printfreelist(TDB_CONTEXT *tdb)
+{
+       int ret;
+       long total_free = 0;
+       tdb_off offset, rec_ptr;
+       struct list_struct rec;
+
+       if ((ret = tdb_lock(tdb, -1, F_WRLCK)) != 0)
+               return ret;
+
+       offset = FREELIST_TOP;
+
+       /* read in the freelist top */
+       if (ofs_read(tdb, offset, &rec_ptr) == -1) {
+               tdb_unlock(tdb, -1, F_WRLCK);
+               return 0;
+       }
+
+       printf("freelist top=[0x%08x]\n", rec_ptr );
+       while (rec_ptr) {
+               if (tdb_read(tdb, rec_ptr, (char *)&rec, sizeof(rec), DOCONV()) 
== -1) {
+                       tdb_unlock(tdb, -1, F_WRLCK);
+                       return -1;
+               }
+
+               if (rec.magic != TDB_FREE_MAGIC) {
+                       printf("bad magic 0x%08x in free list\n", rec.magic);
+                       tdb_unlock(tdb, -1, F_WRLCK);
+                       return -1;
+               }
+
+               printf("entry offset=[0x%08x], rec.rec_len = [0x%08x (%d)] (end 
= 0x%08x)\n", 
+                      rec_ptr, rec.rec_len, rec.rec_len, rec_ptr + 
rec.rec_len);
+               total_free += rec.rec_len;
+
+               /* move to the next record */
+               rec_ptr = rec.next;
+       }
+       printf("total rec_len = [0x%08x (%d)]\n", (int)total_free, 
+               (int)total_free);
+
+       return tdb_unlock(tdb, -1, F_WRLCK);
+}
+
+/* Remove an element from the freelist.  Must have alloc lock. */
+static int remove_from_freelist(TDB_CONTEXT *tdb, tdb_off off, tdb_off next)
+{
+       tdb_off last_ptr, i;
+
+       /* read in the freelist top */
+       last_ptr = FREELIST_TOP;
+       while (ofs_read(tdb, last_ptr, &i) != -1 && i != 0) {
+               if (i == off) {
+                       /* We've found it! */
+                       return ofs_write(tdb, last_ptr, &next);
+               }
+               /* Follow chain (next offset is at start of record) */
+               last_ptr = i;
+       }
+       TDB_LOG((tdb, 0,"remove_from_freelist: not on list at off=%d\n", off));
+       return TDB_ERRCODE(TDB_ERR_CORRUPT, -1);
+}
+
+/* Add an element into the freelist. Merge adjacent records if
+   neccessary. */
+static int tdb_free(TDB_CONTEXT *tdb, tdb_off offset, struct list_struct *rec)
+{
+       tdb_off right, left;
+
+       /* Allocation and tailer lock */
+       if (tdb_lock(tdb, -1, F_WRLCK) != 0)
+               return -1;
+
+       /* set an initial tailer, so if we fail we don't leave a bogus record */
+       if (update_tailer(tdb, offset, rec) != 0) {
+               TDB_LOG((tdb, 0, "tdb_free: upfate_tailer failed!\n"));
+               goto fail;
+       }
+
+       /* Look right first (I'm an Australian, dammit) */
+       right = offset + sizeof(*rec) + rec->rec_len;
+       if (right + sizeof(*rec) <= tdb->map_size) {
+               struct list_struct r;
+
+               if (tdb_read(tdb, right, &r, sizeof(r), DOCONV()) == -1) {
+                       TDB_LOG((tdb, 0, "tdb_free: right read failed at %u\n", 
right));
+                       goto left;
+               }
+
+               /* If it's free, expand to include it. */
+               if (r.magic == TDB_FREE_MAGIC) {
+                       if (remove_from_freelist(tdb, right, r.next) == -1) {
+                               TDB_LOG((tdb, 0, "tdb_free: right free failed 
at %u\n", right));
+                               goto left;
+                       }
+                       rec->rec_len += sizeof(r) + r.rec_len;
+               }
+       }
+
+left:
+       /* Look left */
+       left = offset - sizeof(tdb_off);
+       if (left > TDB_DATA_START(tdb->header.hash_size)) {
+               struct list_struct l;
+               tdb_off leftsize;
+               
+               /* Read in tailer and jump back to header */
+               if (ofs_read(tdb, left, &leftsize) == -1) {
+                       TDB_LOG((tdb, 0, "tdb_free: left offset read failed at 
%u\n", left));
+                       goto update;
+               }
+               left = offset - leftsize;
+
+               /* Now read in record */
+               if (tdb_read(tdb, left, &l, sizeof(l), DOCONV()) == -1) {
+                       TDB_LOG((tdb, 0, "tdb_free: left read failed at %u 
(%u)\n", left, leftsize));
+                       goto update;
+               }
+
+               /* If it's free, expand to include it. */
+               if (l.magic == TDB_FREE_MAGIC) {
+                       if (remove_from_freelist(tdb, left, l.next) == -1) {
+                               TDB_LOG((tdb, 0, "tdb_free: left free failed at 
%u\n", left));
+                               goto update;
+                       } else {
+                               offset = left;
+                               rec->rec_len += leftsize;
+                       }
+               }
+       }
+
+update:
+       if (update_tailer(tdb, offset, rec) == -1) {
+               TDB_LOG((tdb, 0, "tdb_free: update_tailer failed at %u\n", 
offset));
+               goto fail;
+       }
+
+       /* Now, prepend to free list */
+       rec->magic = TDB_FREE_MAGIC;
+
+       if (ofs_read(tdb, FREELIST_TOP, &rec->next) == -1 ||
+           rec_write(tdb, offset, rec) == -1 ||
+           ofs_write(tdb, FREELIST_TOP, &offset) == -1) {
+               TDB_LOG((tdb, 0, "tdb_free record write failed at offset=%d\n", 
offset));
+               goto fail;
+       }
+
+       /* And we're done. */
+       tdb_unlock(tdb, -1, F_WRLCK);
+       return 0;
+
+ fail:
+       tdb_unlock(tdb, -1, F_WRLCK);
+       return -1;
+}
+
+
+/* expand a file.  we prefer to use ftruncate, as that is what posix
+  says to use for mmap expansion */
+static int expand_file(TDB_CONTEXT *tdb, tdb_off size, tdb_off addition)
+{
+       char buf[1024];
+#if HAVE_FTRUNCATE_EXTEND
+       if (ftruncate(tdb->fd, size+addition) != 0) {
+               TDB_LOG((tdb, 0, "expand_file ftruncate to %d failed (%s)\n", 
+                          size+addition, strerror(errno)));
+               return -1;
+       }
+#else
+       char b = 0;
+
+#ifdef HAVE_PWRITE
+       if (pwrite(tdb->fd,  &b, 1, (size+addition) - 1) != 1) {
+#else
+       if (lseek(tdb->fd, (size+addition) - 1, SEEK_SET) != 
(off_t)(size+addition) - 1 || 
+           write(tdb->fd, &b, 1) != 1) {
+#endif
+               TDB_LOG((tdb, 0, "expand_file to %d failed (%s)\n", 
+                          size+addition, strerror(errno)));
+               return -1;
+       }
+#endif
+
+       /* now fill the file with something. This ensures that the file isn't 
sparse, which would be
+          very bad if we ran out of disk. This must be done with write, not 
via mmap */
+       memset(buf, 0x42, sizeof(buf));
+       while (addition) {
+               int n = addition>sizeof(buf)?sizeof(buf):addition;
+#ifdef HAVE_PWRITE
+               int ret = pwrite(tdb->fd, buf, n, size);
+#else
+               int ret;
+               if (lseek(tdb->fd, size, SEEK_SET) != (off_t)size)
+                       return -1;
+               ret = write(tdb->fd, buf, n);
+#endif
+               if (ret != n) {
+                       TDB_LOG((tdb, 0, "expand_file write of %d failed 
(%s)\n", 
+                                  n, strerror(errno)));
+                       return -1;
+               }
+               addition -= n;
+               size += n;
+       }
+       return 0;
+}
+
+
+/* expand the database at least size bytes by expanding the underlying
+   file and doing the mmap again if necessary */
+static int tdb_expand(TDB_CONTEXT *tdb, tdb_off size)
+{
+       struct list_struct rec;
+       tdb_off offset;
+
+       if (tdb_lock(tdb, -1, F_WRLCK) == -1) {
+               TDB_LOG((tdb, 0, "lock failed in tdb_expand\n"));
+               return -1;
+       }
+
+       /* must know about any previous expansions by another process */
+       tdb_oob(tdb, tdb->map_size + 1, 1);
+
+       /* always make room for at least 10 more records, and round
+           the database up to a multiple of TDB_PAGE_SIZE */
+       size = TDB_ALIGN(tdb->map_size + size*10, TDB_PAGE_SIZE) - 
tdb->map_size;
+
+       if (!(tdb->flags & TDB_INTERNAL))
+               tdb_munmap(tdb);
+
+       /*
+        * We must ensure the file is unmapped before doing this
+        * to ensure consistency with systems like OpenBSD where
+        * writes and mmaps are not consistent.
+        */
+
+       /* expand the file itself */
+       if (!(tdb->flags & TDB_INTERNAL)) {
+               if (expand_file(tdb, tdb->map_size, size) != 0)
+                       goto fail;
+       }
+
+       tdb->map_size += size;
+
+       if (tdb->flags & TDB_INTERNAL) {
+               char *new_map_ptr = talloc_realloc_size(tdb, tdb->map_ptr,
+                                                       tdb->map_size);
+               if (!new_map_ptr) {
+                       tdb->map_size -= size;
+                       goto fail;
+               }
+               tdb->map_ptr = new_map_ptr;
+       } else {
+               /*
+                * We must ensure the file is remapped before adding the space
+                * to ensure consistency with systems like OpenBSD where
+                * writes and mmaps are not consistent.
+                */
+
+               /* We're ok if the mmap fails as we'll fallback to read/write */
+               tdb_mmap(tdb);
+       }
+
+       /* form a new freelist record */
+       memset(&rec,'\0',sizeof(rec));
+       rec.rec_len = size - sizeof(rec);
+
+       /* link it into the free list */
+       offset = tdb->map_size - size;
+       if (tdb_free(tdb, offset, &rec) == -1)
+               goto fail;
+
+       tdb_unlock(tdb, -1, F_WRLCK);
+       return 0;
+ fail:
+       tdb_unlock(tdb, -1, F_WRLCK);
+       return -1;
+}
+
+
+/* 
+   the core of tdb_allocate - called when we have decided which
+   free list entry to use
+ */
+static tdb_off tdb_allocate_ofs(TDB_CONTEXT *tdb, tdb_len length, tdb_off 
rec_ptr,
+                               struct list_struct *rec, tdb_off last_ptr)
+{
+       struct list_struct newrec;
+       tdb_off newrec_ptr;
+
+       memset(&newrec, '\0', sizeof(newrec));
+
+       /* found it - now possibly split it up  */
+       if (rec->rec_len > length + MIN_REC_SIZE) {
+               /* Length of left piece */
+               length = TDB_ALIGN(length, TDB_ALIGNMENT);
+               
+               /* Right piece to go on free list */
+               newrec.rec_len = rec->rec_len - (sizeof(*rec) + length);
+               newrec_ptr = rec_ptr + sizeof(*rec) + length;
+               
+               /* And left record is shortened */
+               rec->rec_len = length;
+       } else {
+               newrec_ptr = 0;
+       }
+       
+       /* Remove allocated record from the free list */
+       if (ofs_write(tdb, last_ptr, &rec->next) == -1) {
+               return 0;
+       }
+       
+       /* Update header: do this before we drop alloc
+          lock, otherwise tdb_free() might try to
+          merge with us, thinking we're free.
+          (Thanks Jeremy Allison). */
+       rec->magic = TDB_MAGIC;
+       if (rec_write(tdb, rec_ptr, rec) == -1) {
+               return 0;
+       }
+       
+       /* Did we create new block? */
+       if (newrec_ptr) {
+               /* Update allocated record tailer (we
+                  shortened it). */
+               if (update_tailer(tdb, rec_ptr, rec) == -1) {
+                       return 0;
+               }
+               
+               /* Free new record */
+               if (tdb_free(tdb, newrec_ptr, &newrec) == -1) {
+                       return 0;
+               }
+       }
+       
+       /* all done - return the new record offset */
+       return rec_ptr;
+}
+
+/* allocate some space from the free list. The offset returned points
+   to a unconnected list_struct within the database with room for at
+   least length bytes of total data
+
+   0 is returned if the space could not be allocated
+ */
+static tdb_off tdb_allocate(TDB_CONTEXT *tdb, tdb_len length,
+                           struct list_struct *rec)
+{
+       tdb_off rec_ptr, last_ptr, newrec_ptr;
+       struct {
+               tdb_off rec_ptr, last_ptr;
+               tdb_len rec_len;
+       } bestfit = { 0, 0, 0 };
+
+       if (tdb_lock(tdb, -1, F_WRLCK) == -1)
+               return 0;
+
+       /* Extra bytes required for tailer */
+       length += sizeof(tdb_off);
+
+ again:
+       last_ptr = FREELIST_TOP;
+
+       /* read in the freelist top */
+       if (ofs_read(tdb, FREELIST_TOP, &rec_ptr) == -1)
+               goto fail;
+
+       bestfit.rec_ptr = 0;
+
+       /* 
+          this is a best fit allocation strategy. Originally we used
+          a first fit strategy, but it suffered from massive fragmentation
+          issues when faced with a slowly increasing record size.
+        */
+       while (rec_ptr) {
+               if (rec_free_read(tdb, rec_ptr, rec) == -1) {
+                       goto fail;
+               }
+
+               if (rec->rec_len >= length) {
+                       if (bestfit.rec_ptr == 0 ||
+                           rec->rec_len < bestfit.rec_len) {
+                               bestfit.rec_len = rec->rec_len;
+                               bestfit.rec_ptr = rec_ptr;
+                               bestfit.last_ptr = last_ptr;
+                               /* consider a fit to be good enough if we 
aren't wasting more than half the space */
+                               if (bestfit.rec_len < 2*length) {
+                                       break;
+                               }
+                       }
+               }
+
+               /* move to the next record */
+               last_ptr = rec_ptr;
+               rec_ptr = rec->next;
+       }
+
+       if (bestfit.rec_ptr != 0) {
+               if (rec_free_read(tdb, bestfit.rec_ptr, rec) == -1) {
+                       goto fail;
+               }
+
+               newrec_ptr = tdb_allocate_ofs(tdb, length, bestfit.rec_ptr, 
rec, bestfit.last_ptr);
+               tdb_unlock(tdb, -1, F_WRLCK);
+               return newrec_ptr;
+       }
+
+       /* we didn't find enough space. See if we can expand the
+          database and if we can then try again */
+       if (tdb_expand(tdb, length + sizeof(*rec)) == 0)
+               goto again;
+ fail:
+       tdb_unlock(tdb, -1, F_WRLCK);
+       return 0;
+}
+
+/* initialise a new database with a specified hash size */
+static int tdb_new_database(TDB_CONTEXT *tdb, int hash_size)
+{
+       struct tdb_header *newdb;
+       int size, ret = -1;
+
+       /* We make it up in memory, then write it out if not internal */
+       size = sizeof(struct tdb_header) + (hash_size+1)*sizeof(tdb_off);
+       if (!(newdb = talloc_zero_size(tdb, size)))
+               return TDB_ERRCODE(TDB_ERR_OOM, -1);
+
+       /* Fill in the header */
+       newdb->version = TDB_VERSION;
+       newdb->hash_size = hash_size;
+       if (tdb->flags & TDB_INTERNAL) {
+               tdb->map_size = size;
+               tdb->map_ptr = (char *)newdb;
+               memcpy(&tdb->header, newdb, sizeof(tdb->header));
+               /* Convert the `ondisk' version if asked. */
+               CONVERT(*newdb);
+               return 0;
+       }
+       if (lseek(tdb->fd, 0, SEEK_SET) == -1)
+               goto fail;
+
+       if (ftruncate(tdb->fd, 0) == -1)
+               goto fail;
+
+       /* This creates an endian-converted header, as if read from disk */
+       CONVERT(*newdb);
+       memcpy(&tdb->header, newdb, sizeof(tdb->header));
+       /* Don't endian-convert the magic food! */
+       memcpy(newdb->magic_food, TDB_MAGIC_FOOD, strlen(TDB_MAGIC_FOOD)+1);
+       if (write(tdb->fd, newdb, size) != size)
+               ret = -1;
+       else
+               ret = 0;
+
+  fail:
+       SAFE_FREE(newdb);
+       return ret;
+}
+
+/* Returns 0 on fail.  On success, return offset of record, and fills
+   in rec */
+static tdb_off tdb_find(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash,
+                       struct list_struct *r)
+{
+       tdb_off rec_ptr;
+       
+       /* read in the hash top */
+       if (ofs_read(tdb, TDB_HASH_TOP(hash), &rec_ptr) == -1)
+               return 0;
+
+       /* keep looking until we find the right record */
+       while (rec_ptr) {
+               if (rec_read(tdb, rec_ptr, r) == -1)
+                       return 0;
+
+               if (!TDB_DEAD(r) && hash==r->full_hash && 
key.dsize==r->key_len) {
+                       /* a very likely hit - read the key */
+                       int cmp = tdb_key_eq(tdb, rec_ptr + sizeof(*r), key);
+                       if (cmp < 0)
+                               return 0;
+                       else if (cmp > 0)
+                               return rec_ptr;
+               }
+               rec_ptr = r->next;
+       }
+       return TDB_ERRCODE(TDB_ERR_NOEXIST, 0);
+}
+
+/* As tdb_find, but if you succeed, keep the lock */
+static tdb_off tdb_find_lock_hash(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash, 
int locktype,
+                            struct list_struct *rec)
+{
+       u32 rec_ptr;
+
+       if (tdb_lock(tdb, BUCKET(hash), locktype) == -1)
+               return 0;
+       if (!(rec_ptr = tdb_find(tdb, key, hash, rec)))
+               tdb_unlock(tdb, BUCKET(hash), locktype);
+       return rec_ptr;
+}
+
+enum TDB_ERROR tdb_error(TDB_CONTEXT *tdb)
+{
+       return tdb->ecode;
+}
+
+static struct tdb_errname {
+       enum TDB_ERROR ecode; const char *estring;
+} emap[] = { {TDB_SUCCESS, "Success"},
+            {TDB_ERR_CORRUPT, "Corrupt database"},
+            {TDB_ERR_IO, "IO Error"},
+            {TDB_ERR_LOCK, "Locking error"},
+            {TDB_ERR_OOM, "Out of memory"},
+            {TDB_ERR_EXISTS, "Record exists"},
+            {TDB_ERR_NOLOCK, "Lock exists on other keys"},
+            {TDB_ERR_NOEXIST, "Record does not exist"} };
+
+/* Error string for the last tdb error */
+const char *tdb_errorstr(TDB_CONTEXT *tdb)
+{
+       u32 i;
+       for (i = 0; i < sizeof(emap) / sizeof(struct tdb_errname); i++)
+               if (tdb->ecode == emap[i].ecode)
+                       return emap[i].estring;
+       return "Invalid error code";
+}
+
+/* update an entry in place - this only works if the new data size
+   is <= the old data size and the key exists.
+   on failure return -1.
+*/
+
+static int tdb_update_hash(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash, TDB_DATA 
dbuf)
+{
+       struct list_struct rec;
+       tdb_off rec_ptr;
+
+       /* find entry */
+       if (!(rec_ptr = tdb_find(tdb, key, hash, &rec)))
+               return -1;
+
+       /* must be long enough key, data and tailer */
+       if (rec.rec_len < key.dsize + dbuf.dsize + sizeof(tdb_off)) {
+               tdb->ecode = TDB_SUCCESS; /* Not really an error */
+               return -1;
+       }
+
+       if (tdb_write(tdb, rec_ptr + sizeof(rec) + rec.key_len,
+                     dbuf.dptr, dbuf.dsize) == -1)
+               return -1;
+
+       if (dbuf.dsize != rec.data_len) {
+               /* update size */
+               rec.data_len = dbuf.dsize;
+               return rec_write(tdb, rec_ptr, &rec);
+       }
+ 
+       return 0;
+}
+
+/* find an entry in the database given a key */
+/* If an entry doesn't exist tdb_err will be set to
+ * TDB_ERR_NOEXIST. If a key has no data attached
+ * then the TDB_DATA will have zero length but
+ * a non-zero pointer
+ */
+
+TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+       tdb_off rec_ptr;
+       struct list_struct rec;
+       TDB_DATA ret;
+       u32 hash;
+
+       /* find which hash bucket it is in */
+       hash = tdb->hash_fn(&key);
+       if (!(rec_ptr = tdb_find_lock_hash(tdb,key,hash,F_RDLCK,&rec)))
+               return tdb_null;
+
+       ret.dptr = tdb_alloc_read(tdb, rec_ptr + sizeof(rec) + rec.key_len,
+                                 rec.data_len);
+       ret.dsize = rec.data_len;
+       tdb_unlock(tdb, BUCKET(rec.full_hash), F_RDLCK);
+       return ret;
+}
+
+/* check if an entry in the database exists 
+
+   note that 1 is returned if the key is found and 0 is returned if not found
+   this doesn't match the conventions in the rest of this module, but is
+   compatible with gdbm
+*/
+static int tdb_exists_hash(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash)
+{
+       struct list_struct rec;
+       
+       if (tdb_find_lock_hash(tdb, key, hash, F_RDLCK, &rec) == 0)
+               return 0;
+       tdb_unlock(tdb, BUCKET(rec.full_hash), F_RDLCK);
+       return 1;
+}
+
+int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+       u32 hash = tdb->hash_fn(&key);
+       return tdb_exists_hash(tdb, key, hash);
+}
+
+/* record lock stops delete underneath */
+static int lock_record(TDB_CONTEXT *tdb, tdb_off off)
+{
+       return off ? tdb_brlock(tdb, off, F_RDLCK, F_SETLKW, 0) : 0;
+}
+/*
+  Write locks override our own fcntl readlocks, so check it here.
+  Note this is meant to be F_SETLK, *not* F_SETLKW, as it's not
+  an error to fail to get the lock here.
+*/
+ 
+static int write_lock_record(TDB_CONTEXT *tdb, tdb_off off)
+{
+       struct tdb_traverse_lock *i;
+       for (i = &tdb->travlocks; i; i = i->next)
+               if (i->off == off)
+                       return -1;
+       return tdb_brlock(tdb, off, F_WRLCK, F_SETLK, 1);
+}
+
+/*
+  Note this is meant to be F_SETLK, *not* F_SETLKW, as it's not
+  an error to fail to get the lock here.
+*/
+
+static int write_unlock_record(TDB_CONTEXT *tdb, tdb_off off)
+{
+       return tdb_brlock(tdb, off, F_UNLCK, F_SETLK, 0);
+}
+/* fcntl locks don't stack: avoid unlocking someone else's */
+static int unlock_record(TDB_CONTEXT *tdb, tdb_off off)
+{
+       struct tdb_traverse_lock *i;
+       u32 count = 0;
+
+       if (off == 0)
+               return 0;
+       for (i = &tdb->travlocks; i; i = i->next)
+               if (i->off == off)
+                       count++;
+       return (count == 1 ? tdb_brlock(tdb, off, F_UNLCK, F_SETLKW, 0) : 0);
+}
+
+/* actually delete an entry in the database given the offset */
+static int do_delete(TDB_CONTEXT *tdb, tdb_off rec_ptr, struct list_struct*rec)
+{
+       tdb_off last_ptr, i;
+       struct list_struct lastrec;
+
+       if (tdb->read_only) return -1;
+
+       if (write_lock_record(tdb, rec_ptr) == -1) {
+               /* Someone traversing here: mark it as dead */
+               rec->magic = TDB_DEAD_MAGIC;
+               return rec_write(tdb, rec_ptr, rec);
+       }
+       if (write_unlock_record(tdb, rec_ptr) != 0)
+               return -1;
+
+       /* find previous record in hash chain */
+       if (ofs_read(tdb, TDB_HASH_TOP(rec->full_hash), &i) == -1)
+               return -1;
+       for (last_ptr = 0; i != rec_ptr; last_ptr = i, i = lastrec.next)
+               if (rec_read(tdb, i, &lastrec) == -1)
+                       return -1;
+
+       /* unlink it: next ptr is at start of record. */
+       if (last_ptr == 0)
+               last_ptr = TDB_HASH_TOP(rec->full_hash);
+       if (ofs_write(tdb, last_ptr, &rec->next) == -1)
+               return -1;
+
+       /* recover the space */
+       if (tdb_free(tdb, rec_ptr, rec) == -1)
+               return -1;
+       return 0;
+}
+
+/* Uses traverse lock: 0 = finish, -1 = error, other = record offset */
+static int tdb_next_lock(TDB_CONTEXT *tdb, struct tdb_traverse_lock *tlock,
+                        struct list_struct *rec)
+{
+       int want_next = (tlock->off != 0);
+
+       /* Lock each chain from the start one. */
+       for (; tlock->hash < tdb->header.hash_size; tlock->hash++) {
+
+               /* this is an optimisation for the common case where
+                  the hash chain is empty, which is particularly
+                  common for the use of tdb with ldb, where large
+                  hashes are used. In that case we spend most of our
+                  time in tdb_brlock(), locking empty hash chains.
+
+                  To avoid this, we do an unlocked pre-check to see
+                  if the hash chain is empty before starting to look
+                  inside it. If it is empty then we can avoid that
+                  hash chain. If it isn't empty then we can't believe
+                  the value we get back, as we read it without a
+                  lock, so instead we get the lock and re-fetch the
+                  value below.
+
+                  Notice that not doing this optimisation on the
+                  first hash chain is critical. We must guarantee
+                  that we have done at least one fcntl lock at the
+                  start of a search to guarantee that memory is
+                  coherent on SMP systems. If records are added by
+                  others during the search then thats OK, and we
+                  could possibly miss those with this trick, but we
+                  could miss them anyway without this trick, so the
+                  semantics don't change.
+
+                  With a non-indexed ldb search this trick gains us a
+                  factor of around 80 in speed on a linux 2.6.x
+                  system (testing using ldbtest).
+                */
+               if (!tlock->off && tlock->hash != 0) {
+                       u32 off;
+                       if (tdb->map_ptr) {
+                               for (;tlock->hash < 
tdb->header.hash_size;tlock->hash++) {
+                                       if (0 != *(u32 
*)(TDB_HASH_TOP(tlock->hash) + (unsigned char *)tdb->map_ptr)) {
+                                               break;
+                                       }
+                               }
+                               if (tlock->hash == tdb->header.hash_size) {
+                                       continue;
+                               }
+                       } else {
+                               if (ofs_read(tdb, TDB_HASH_TOP(tlock->hash), 
&off) == 0 &&
+                                   off == 0) {
+                                       continue;
+                               }
+                       }
+               }
+
+               if (tdb_lock(tdb, tlock->hash, F_WRLCK) == -1)
+                       return -1;
+
+               /* No previous record?  Start at top of chain. */
+               if (!tlock->off) {
+                       if (ofs_read(tdb, TDB_HASH_TOP(tlock->hash),
+                                    &tlock->off) == -1)
+                               goto fail;
+               } else {
+                       /* Otherwise unlock the previous record. */
+                       if (unlock_record(tdb, tlock->off) != 0)
+                               goto fail;
+               }
+
+               if (want_next) {
+                       /* We have offset of old record: grab next */
+                       if (rec_read(tdb, tlock->off, rec) == -1)
+                               goto fail;
+                       tlock->off = rec->next;
+               }
+
+               /* Iterate through chain */
+               while( tlock->off) {
+                       tdb_off current;
+                       if (rec_read(tdb, tlock->off, rec) == -1)
+                               goto fail;
+
+                       /* Detect infinite loops. From "Shlomi Yaakobovich" 
<Shlomi@xxxxxxxxxx>. */
+                       if (tlock->off == rec->next) {
+                               TDB_LOG((tdb, 0, "tdb_next_lock: loop 
detected.\n"));
+                               goto fail;
+                       }
+
+                       if (!TDB_DEAD(rec)) {
+                               /* Woohoo: we found one! */
+                               if (lock_record(tdb, tlock->off) != 0)
+                                       goto fail;
+                               return tlock->off;
+                       }
+
+                       /* Try to clean dead ones from old traverses */
+                       current = tlock->off;
+                       tlock->off = rec->next;
+                       if (!tdb->read_only && 
+                           do_delete(tdb, current, rec) != 0)
+                               goto fail;
+               }
+               tdb_unlock(tdb, tlock->hash, F_WRLCK);
+               want_next = 0;
+       }
+       /* We finished iteration without finding anything */
+       return TDB_ERRCODE(TDB_SUCCESS, 0);
+
+ fail:
+       tlock->off = 0;
+       if (tdb_unlock(tdb, tlock->hash, F_WRLCK) != 0)
+               TDB_LOG((tdb, 0, "tdb_next_lock: On error unlock failed!\n"));
+       return -1;
+}
+
+/* traverse the entire database - calling fn(tdb, key, data) on each element.
+   return -1 on error or the record count traversed
+   if fn is NULL then it is not called
+   a non-zero return value from fn() indicates that the traversal should stop
+  */
+int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *private)
+{
+       TDB_DATA key, dbuf;
+       struct list_struct rec;
+       struct tdb_traverse_lock tl = { NULL, 0, 0 };
+       int ret, count = 0;
+
+       /* This was in the initializaton, above, but the IRIX compiler
+        * did not like it.  crh
+        */
+       tl.next = tdb->travlocks.next;
+
+       /* fcntl locks don't stack: beware traverse inside traverse */
+       tdb->travlocks.next = &tl;
+
+       /* tdb_next_lock places locks on the record returned, and its chain */
+       while ((ret = tdb_next_lock(tdb, &tl, &rec)) > 0) {
+               count++;
+               /* now read the full record */
+               key.dptr = tdb_alloc_read(tdb, tl.off + sizeof(rec), 
+                                         rec.key_len + rec.data_len);
+               if (!key.dptr) {
+                       ret = -1;
+                       if (tdb_unlock(tdb, tl.hash, F_WRLCK) != 0)
+                               goto out;
+                       if (unlock_record(tdb, tl.off) != 0)
+                               TDB_LOG((tdb, 0, "tdb_traverse: key.dptr == 
NULL and unlock_record failed!\n"));
+                       goto out;
+               }
+               key.dsize = rec.key_len;
+               dbuf.dptr = key.dptr + rec.key_len;
+               dbuf.dsize = rec.data_len;
+
+               /* Drop chain lock, call out */
+               if (tdb_unlock(tdb, tl.hash, F_WRLCK) != 0) {
+                       ret = -1;
+                       goto out;
+               }
+               if (fn && fn(tdb, key, dbuf, private)) {
+                       /* They want us to terminate traversal */
+                       ret = count;
+                       if (unlock_record(tdb, tl.off) != 0) {
+                               TDB_LOG((tdb, 0, "tdb_traverse: unlock_record 
failed!\n"));;
+                               ret = -1;
+                       }
+                       tdb->travlocks.next = tl.next;
+                       SAFE_FREE(key.dptr);
+                       return count;
+               }
+               SAFE_FREE(key.dptr);
+       }
+out:
+       tdb->travlocks.next = tl.next;
+       if (ret < 0)
+               return -1;
+       else
+               return count;
+}
+
+/* find the first entry in the database and return its key */
+TDB_DATA tdb_firstkey(TDB_CONTEXT *tdb)
+{
+       TDB_DATA key;
+       struct list_struct rec;
+
+       /* release any old lock */
+       if (unlock_record(tdb, tdb->travlocks.off) != 0)
+               return tdb_null;
+       tdb->travlocks.off = tdb->travlocks.hash = 0;
+
+       if (tdb_next_lock(tdb, &tdb->travlocks, &rec) <= 0)
+               return tdb_null;
+       /* now read the key */
+       key.dsize = rec.key_len;
+       key.dptr =tdb_alloc_read(tdb,tdb->travlocks.off+sizeof(rec),key.dsize);
+       if (tdb_unlock(tdb, BUCKET(tdb->travlocks.hash), F_WRLCK) != 0)
+               TDB_LOG((tdb, 0, "tdb_firstkey: error occurred while 
tdb_unlocking!\n"));
+       return key;
+}
+
+/* find the next entry in the database, returning its key */
+TDB_DATA tdb_nextkey(TDB_CONTEXT *tdb, TDB_DATA oldkey)
+{
+       u32 oldhash;
+       TDB_DATA key = tdb_null;
+       struct list_struct rec;
+       char *k = NULL;
+
+       /* Is locked key the old key?  If so, traverse will be reliable. */
+       if (tdb->travlocks.off) {
+               if (tdb_lock(tdb,tdb->travlocks.hash,F_WRLCK))
+                       return tdb_null;
+               if (rec_read(tdb, tdb->travlocks.off, &rec) == -1
+                   || !(k = tdb_alloc_read(tdb,tdb->travlocks.off+sizeof(rec),
+                                           rec.key_len))
+                   || memcmp(k, oldkey.dptr, oldkey.dsize) != 0) {
+                       /* No, it wasn't: unlock it and start from scratch */
+                       if (unlock_record(tdb, tdb->travlocks.off) != 0)
+                               return tdb_null;
+                       if (tdb_unlock(tdb, tdb->travlocks.hash, F_WRLCK) != 0)
+                               return tdb_null;
+                       tdb->travlocks.off = 0;
+               }
+
+               SAFE_FREE(k);
+       }
+
+       if (!tdb->travlocks.off) {
+               /* No previous element: do normal find, and lock record */
+               tdb->travlocks.off = tdb_find_lock_hash(tdb, oldkey, 
tdb->hash_fn(&oldkey), F_WRLCK, &rec);
+               if (!tdb->travlocks.off)
+                       return tdb_null;
+               tdb->travlocks.hash = BUCKET(rec.full_hash);
+               if (lock_record(tdb, tdb->travlocks.off) != 0) {
+                       TDB_LOG((tdb, 0, "tdb_nextkey: lock_record failed 
(%s)!\n", strerror(errno)));
+                       return tdb_null;
+               }
+       }
+       oldhash = tdb->travlocks.hash;
+
+       /* Grab next record: locks chain and returned record,
+          unlocks old record */
+       if (tdb_next_lock(tdb, &tdb->travlocks, &rec) > 0) {
+               key.dsize = rec.key_len;
+               key.dptr = tdb_alloc_read(tdb, tdb->travlocks.off+sizeof(rec),
+                                         key.dsize);
+               /* Unlock the chain of this new record */
+               if (tdb_unlock(tdb, tdb->travlocks.hash, F_WRLCK) != 0)
+                       TDB_LOG((tdb, 0, "tdb_nextkey: WARNING tdb_unlock 
failed!\n"));
+       }
+       /* Unlock the chain of old record */
+       if (tdb_unlock(tdb, BUCKET(oldhash), F_WRLCK) != 0)
+               TDB_LOG((tdb, 0, "tdb_nextkey: WARNING tdb_unlock failed!\n"));
+       return key;
+}
+
+/* delete an entry in the database given a key */
+static int tdb_delete_hash(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash)
+{
+       tdb_off rec_ptr;
+       struct list_struct rec;
+       int ret;
+
+       if (!(rec_ptr = tdb_find_lock_hash(tdb, key, hash, F_WRLCK, &rec)))
+               return -1;
+       ret = do_delete(tdb, rec_ptr, &rec);
+       if (tdb_unlock(tdb, BUCKET(rec.full_hash), F_WRLCK) != 0)
+               TDB_LOG((tdb, 0, "tdb_delete: WARNING tdb_unlock failed!\n"));
+       return ret;
+}
+
+int tdb_delete(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+       u32 hash = tdb->hash_fn(&key);
+       return tdb_delete_hash(tdb, key, hash);
+}
+
+/* store an element in the database, replacing any existing element
+   with the same key 
+
+   return 0 on success, -1 on failure
+*/
+int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag)
+{
+       struct list_struct rec;
+       u32 hash;
+       tdb_off rec_ptr;
+       char *p = NULL;
+       int ret = 0;
+
+       /* find which hash bucket it is in */
+       hash = tdb->hash_fn(&key);
+       if (tdb_lock(tdb, BUCKET(hash), F_WRLCK) == -1)
+               return -1;
+
+       /* check for it existing, on insert. */
+       if (flag == TDB_INSERT) {
+               if (tdb_exists_hash(tdb, key, hash)) {
+                       tdb->ecode = TDB_ERR_EXISTS;
+                       goto fail;
+               }
+       } else {
+               /* first try in-place update, on modify or replace. */
+               if (tdb_update_hash(tdb, key, hash, dbuf) == 0)
+                       goto out;
+               if (tdb->ecode == TDB_ERR_NOEXIST &&
+                   flag == TDB_MODIFY) {
+                       /* if the record doesn't exist and we are in TDB_MODIFY 
mode then
+                        we should fail the store */
+                       goto fail;
+               }
+       }
+       /* reset the error code potentially set by the tdb_update() */
+       tdb->ecode = TDB_SUCCESS;
+
+       /* delete any existing record - if it doesn't exist we don't
+           care.  Doing this first reduces fragmentation, and avoids
+           coalescing with `allocated' block before it's updated. */
+       if (flag != TDB_INSERT)
+               tdb_delete_hash(tdb, key, hash);
+
+       /* Copy key+value *before* allocating free space in case malloc
+          fails and we are left with a dead spot in the tdb. */
+
+       if (!(p = (char *)talloc_size(tdb, key.dsize + dbuf.dsize))) {
+               tdb->ecode = TDB_ERR_OOM;
+               goto fail;
+       }
+
+       memcpy(p, key.dptr, key.dsize);
+       if (dbuf.dsize)
+               memcpy(p+key.dsize, dbuf.dptr, dbuf.dsize);
+
+       /* we have to allocate some space */
+       if (!(rec_ptr = tdb_allocate(tdb, key.dsize + dbuf.dsize, &rec)))
+               goto fail;
+
+       /* Read hash top into next ptr */
+       if (ofs_read(tdb, TDB_HASH_TOP(hash), &rec.next) == -1)
+               goto fail;
+
+       rec.key_len = key.dsize;
+       rec.data_len = dbuf.dsize;
+       rec.full_hash = hash;
+       rec.magic = TDB_MAGIC;
+
+       /* write out and point the top of the hash chain at it */
+       if (rec_write(tdb, rec_ptr, &rec) == -1
+           || tdb_write(tdb, rec_ptr+sizeof(rec), p, key.dsize+dbuf.dsize)==-1
+           || ofs_write(tdb, TDB_HASH_TOP(hash), &rec_ptr) == -1) {
+               /* Need to tdb_unallocate() here */
+               goto fail;
+       }
+ out:
+       SAFE_FREE(p); 
+       tdb_unlock(tdb, BUCKET(hash), F_WRLCK);
+       return ret;
+fail:
+       ret = -1;
+       goto out;
+}
+
+/* Attempt to append data to an entry in place - this only works if the new 
data size
+   is <= the old data size and the key exists.
+   on failure return -1. Record must be locked before calling.
+*/
+static int tdb_append_inplace(TDB_CONTEXT *tdb, TDB_DATA key, u32 hash, 
TDB_DATA new_dbuf)
+{
+       struct list_struct rec;
+       tdb_off rec_ptr;
+
+       /* find entry */
+       if (!(rec_ptr = tdb_find(tdb, key, hash, &rec)))
+               return -1;
+
+       /* Append of 0 is always ok. */
+       if (new_dbuf.dsize == 0)
+               return 0;
+
+       /* must be long enough for key, old data + new data and tailer */
+       if (rec.rec_len < key.dsize + rec.data_len + new_dbuf.dsize + 
sizeof(tdb_off)) {
+               /* No room. */
+               tdb->ecode = TDB_SUCCESS; /* Not really an error */
+               return -1;
+       }
+
+       if (tdb_write(tdb, rec_ptr + sizeof(rec) + rec.key_len + rec.data_len,
+                     new_dbuf.dptr, new_dbuf.dsize) == -1)
+               return -1;
+
+       /* update size */
+       rec.data_len += new_dbuf.dsize;
+       return rec_write(tdb, rec_ptr, &rec);
+}
+
+/* Append to an entry. Create if not exist. */
+
+int tdb_append(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA new_dbuf)
+{
+       struct list_struct rec;
+       u32 hash;
+       tdb_off rec_ptr;
+       char *p = NULL;
+       int ret = 0;
+       size_t new_data_size = 0;
+
+       /* find which hash bucket it is in */
+       hash = tdb->hash_fn(&key);
+       if (tdb_lock(tdb, BUCKET(hash), F_WRLCK) == -1)
+               return -1;
+
+       /* first try in-place. */
+       if (tdb_append_inplace(tdb, key, hash, new_dbuf) == 0)
+               goto out;
+
+       /* reset the error code potentially set by the tdb_append_inplace() */
+       tdb->ecode = TDB_SUCCESS;
+
+       /* find entry */
+       if (!(rec_ptr = tdb_find(tdb, key, hash, &rec))) {
+               if (tdb->ecode != TDB_ERR_NOEXIST)
+                       goto fail;
+
+               /* Not found - create. */
+
+               ret = tdb_store(tdb, key, new_dbuf, TDB_INSERT);
+               goto out;
+       }
+
+       new_data_size = rec.data_len + new_dbuf.dsize;
+
+       /* Copy key+old_value+value *before* allocating free space in case 
malloc
+          fails and we are left with a dead spot in the tdb. */
+
+       if (!(p = (char *)talloc_size(tdb, key.dsize + new_data_size))) {
+               tdb->ecode = TDB_ERR_OOM;
+               goto fail;
+       }
+
+       /* Copy the key in place. */
+       memcpy(p, key.dptr, key.dsize);
+
+       /* Now read the old data into place. */
+       if (rec.data_len &&
+               tdb_read(tdb, rec_ptr + sizeof(rec) + rec.key_len, p + 
key.dsize, rec.data_len, 0) == -1)
+                       goto fail;
+
+       /* Finally append the new data. */
+       if (new_dbuf.dsize)
+               memcpy(p+key.dsize+rec.data_len, new_dbuf.dptr, new_dbuf.dsize);
+
+       /* delete any existing record - if it doesn't exist we don't
+           care.  Doing this first reduces fragmentation, and avoids
+           coalescing with `allocated' block before it's updated. */
+
+       tdb_delete_hash(tdb, key, hash);
+
+       if (!(rec_ptr = tdb_allocate(tdb, key.dsize + new_data_size, &rec)))
+               goto fail;
+
+       /* Read hash top into next ptr */
+       if (ofs_read(tdb, TDB_HASH_TOP(hash), &rec.next) == -1)
+               goto fail;
+
+       rec.key_len = key.dsize;
+       rec.data_len = new_data_size;
+       rec.full_hash = hash;
+       rec.magic = TDB_MAGIC;
+
+       /* write out and point the top of the hash chain at it */
+       if (rec_write(tdb, rec_ptr, &rec) == -1
+           || tdb_write(tdb, rec_ptr+sizeof(rec), p, 
key.dsize+new_data_size)==-1
+           || ofs_write(tdb, TDB_HASH_TOP(hash), &rec_ptr) == -1) {
+               /* Need to tdb_unallocate() here */
+               goto fail;
+       }
+
+ out:
+       SAFE_FREE(p); 
+       tdb_unlock(tdb, BUCKET(hash), F_WRLCK);
+       return ret;
+
+fail:
+       ret = -1;
+       goto out;
+}
+
+static int tdb_already_open(dev_t device,
+                           ino_t ino)
+{
+       TDB_CONTEXT *i;
+       
+       for (i = tdbs; i; i = i->next) {
+               if (i->device == device && i->inode == ino) {
+                       return 1;
+               }
+       }
+
+       return 0;
+}
+
+/* open the database, creating it if necessary 
+
+   The open_flags and mode are passed straight to the open call on the
+   database file. A flags value of O_WRONLY is invalid. The hash size
+   is advisory, use zero for a default value.
+
+   Return is NULL on error, in which case errno is also set.  Don't 
+   try to call tdb_error or tdb_errname, just do strerror(errno).
+
+   @param name may be NULL for internal databases. */
+TDB_CONTEXT *tdb_open(const char *name, int hash_size, int tdb_flags,
+                     int open_flags, mode_t mode)
+{
+       return tdb_open_ex(name, hash_size, tdb_flags, open_flags, mode, NULL, 
NULL);
+}
+
+/* a default logging function */
+static void null_log_fn(TDB_CONTEXT *tdb __attribute__((unused)),
+                       int level __attribute__((unused)),
+                       const char *fmt __attribute__((unused)), ...)
+{
+}
+
+
+TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+                        int open_flags, mode_t mode,
+                        tdb_log_func log_fn,
+                        tdb_hash_func hash_fn)
+{
+       TDB_CONTEXT *tdb;
+       struct stat st;
+       int rev = 0, locked = 0;
+       uint8_t *vp;
+       u32 vertest;
+
+       if (!(tdb = talloc_zero(name, TDB_CONTEXT))) {
+               /* Can't log this */
+               errno = ENOMEM;
+               goto fail;
+       }
+       tdb->fd = -1;
+       tdb->name = NULL;
+       tdb->map_ptr = NULL;
+       tdb->flags = tdb_flags;
+       tdb->open_flags = open_flags;
+       tdb->log_fn = log_fn?log_fn:null_log_fn;
+       tdb->hash_fn = hash_fn ? hash_fn : default_tdb_hash;
+
+       if ((open_flags & O_ACCMODE) == O_WRONLY) {
+               TDB_LOG((tdb, 0, "tdb_open_ex: can't open tdb %s write-only\n",
+                        name));
+               errno = EINVAL;
+               goto fail;
+       }
+       
+       if (hash_size == 0)
+               hash_size = DEFAULT_HASH_SIZE;
+       if ((open_flags & O_ACCMODE) == O_RDONLY) {
+               tdb->read_only = 1;
+               /* read only databases don't do locking or clear if first */
+               tdb->flags |= TDB_NOLOCK;
+               tdb->flags &= ~TDB_CLEAR_IF_FIRST;
+       }
+
+       /* internal databases don't mmap or lock, and start off cleared */
+       if (tdb->flags & TDB_INTERNAL) {
+               tdb->flags |= (TDB_NOLOCK | TDB_NOMMAP);
+               tdb->flags &= ~TDB_CLEAR_IF_FIRST;
+               if (tdb_new_database(tdb, hash_size) != 0) {
+                       TDB_LOG((tdb, 0, "tdb_open_ex: tdb_new_database 
failed!"));
+                       goto fail;
+               }
+               goto internal;
+       }
+
+       if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+               TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
+                        name, strerror(errno)));
+               goto fail;      /* errno set by open(2) */
+       }
+
+       /* ensure there is only one process initialising at once */
+       if (tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0) == -1) {
+               TDB_LOG((tdb, 0, "tdb_open_ex: failed to get global lock on %s: 
%s\n",
+                        name, strerror(errno)));
+               goto fail;      /* errno set by tdb_brlock */
+       }
+
+       /* we need to zero database if we are the only one with it open */
+       if ((tdb_flags & TDB_CLEAR_IF_FIRST) &&
+               (locked = (tdb_brlock(tdb, ACTIVE_LOCK, F_WRLCK, F_SETLK, 0) == 
0))) {
+               open_flags |= O_CREAT;
+               if (ftruncate(tdb->fd, 0) == -1) {
+                       TDB_LOG((tdb, 0, "tdb_open_ex: "
+                                "failed to truncate %s: %s\n",
+                                name, strerror(errno)));
+                       goto fail; /* errno set by ftruncate */
+               }
+       }
+
+       if (read(tdb->fd, &tdb->header, sizeof(tdb->header)) != 
sizeof(tdb->header)
+           || strcmp(tdb->header.magic_food, TDB_MAGIC_FOOD) != 0
+           || (tdb->header.version != TDB_VERSION
+               && !(rev = (tdb->header.version==TDB_BYTEREV(TDB_VERSION))))) {
+               /* its not a valid database - possibly initialise it */
+               if (!(open_flags & O_CREAT) || tdb_new_database(tdb, hash_size) 
== -1) {
+                       errno = EIO; /* ie bad format or something */
+                       goto fail;
+               }
+               rev = (tdb->flags & TDB_CONVERT);
+       }
+       vp = (uint8_t *)&tdb->header.version;
+       vertest = (((u32)vp[0]) << 24) | (((u32)vp[1]) << 16) |
+                 (((u32)vp[2]) << 8) | (u32)vp[3];
+       tdb->flags |= (vertest==TDB_VERSION) ? TDB_BIGENDIAN : 0;
+       if (!rev)
+               tdb->flags &= ~TDB_CONVERT;
+       else {
+               tdb->flags |= TDB_CONVERT;
+               convert(&tdb->header, sizeof(tdb->header));
+       }
+       if (fstat(tdb->fd, &st) == -1)
+               goto fail;
+
+       /* Is it already in the open list?  If so, fail. */
+       if (tdb_already_open(st.st_dev, st.st_ino)) {
+               TDB_LOG((tdb, 2, "tdb_open_ex: "
+                        "%s (%d,%d) is already open in this process\n",
+                        name, (int)st.st_dev, (int)st.st_ino));
+               errno = EBUSY;
+               goto fail;
+       }
+
+       if (!(tdb->name = (char *)talloc_strdup(tdb, name))) {
+               errno = ENOMEM;
+               goto fail;
+       }
+
+       tdb->map_size = st.st_size;
+       tdb->device = st.st_dev;
+       tdb->inode = st.st_ino;
+       tdb->locked = talloc_zero_array(tdb, struct tdb_lock_type,
+                                       tdb->header.hash_size+1);
+       if (!tdb->locked) {
+               TDB_LOG((tdb, 2, "tdb_open_ex: "
+                        "failed to allocate lock structure for %s\n",
+                        name));
+               errno = ENOMEM;
+               goto fail;
+       }
+       tdb_mmap(tdb);
+       if (locked) {
+               if (tdb_brlock(tdb, ACTIVE_LOCK, F_UNLCK, F_SETLK, 0) == -1) {
+                       TDB_LOG((tdb, 0, "tdb_open_ex: "
+                                "failed to take ACTIVE_LOCK on %s: %s\n",
+                                name, strerror(errno)));
+                       goto fail;
+               }
+
+       }
+
+       /* We always need to do this if the CLEAR_IF_FIRST flag is set, even if
+          we didn't get the initial exclusive lock as we need to let all other
+          users know we're using it. */
+
+       if (tdb_flags & TDB_CLEAR_IF_FIRST) {
+       /* leave this lock in place to indicate it's in use */
+       if (tdb_brlock(tdb, ACTIVE_LOCK, F_RDLCK, F_SETLKW, 0) == -1)
+               goto fail;
+       }
+
+
+ internal:
+       /* Internal (memory-only) databases skip all the code above to
+        * do with disk files, and resume here by releasing their
+        * global lock and hooking into the active list. */
+       if (tdb_brlock(tdb, GLOBAL_LOCK, F_UNLCK, F_SETLKW, 0) == -1)
+               goto fail;
+       tdb->next = tdbs;
+       tdbs = tdb;
+       return tdb;
+
+ fail:
+       { int save_errno = errno;
+
+       if (!tdb)
+               return NULL;
+       
+       if (tdb->map_ptr) {
+               if (tdb->flags & TDB_INTERNAL)
+                       SAFE_FREE(tdb->map_ptr);
+               else
+                       tdb_munmap(tdb);
+       }
+       SAFE_FREE(tdb->name);
+       if (tdb->fd != -1)
+               if (close(tdb->fd) != 0)
+                       TDB_LOG((tdb, 5, "tdb_open_ex: failed to close tdb->fd 
on error!\n"));
+       SAFE_FREE(tdb->locked);
+       SAFE_FREE(tdb);
+       errno = save_errno;
+       return NULL;
+       }
+}
+
+/**
+ * Close a database.
+ *
+ * @returns -1 for error; 0 for success.
+ **/
+int tdb_close(TDB_CONTEXT *tdb)
+{
+       TDB_CONTEXT **i;
+       int ret = 0;
+
+       if (tdb->map_ptr) {
+               if (tdb->flags & TDB_INTERNAL)
+                       SAFE_FREE(tdb->map_ptr);
+               else
+                       tdb_munmap(tdb);
+       }
+       SAFE_FREE(tdb->name);
+       if (tdb->fd != -1)
+               ret = close(tdb->fd);
+       SAFE_FREE(tdb->locked);
+
+       /* Remove from contexts list */
+       for (i = &tdbs; *i; i = &(*i)->next) {
+               if (*i == tdb) {
+                       *i = tdb->next;
+                       break;
+               }
+       }
+
+       memset(tdb, 0, sizeof(*tdb));
+       SAFE_FREE(tdb);
+
+       return ret;
+}
+
+/* lock/unlock entire database */
+int tdb_lockall(TDB_CONTEXT *tdb)
+{
+       u32 i;
+
+       /* There are no locks on read-only dbs */
+       if (tdb->read_only)
+               return TDB_ERRCODE(TDB_ERR_LOCK, -1);
+       for (i = 0; i < tdb->header.hash_size; i++) 
+               if (tdb_lock(tdb, i, F_WRLCK))
+                       break;
+
+       /* If error, release locks we have... */
+       if (i < tdb->header.hash_size) {
+               u32 j;
+
+               for ( j = 0; j < i; j++)
+                       tdb_unlock(tdb, j, F_WRLCK);
+               return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
+       }
+
+       return 0;
+}
+void tdb_unlockall(TDB_CONTEXT *tdb)
+{
+       u32 i;
+       for (i=0; i < tdb->header.hash_size; i++)
+               tdb_unlock(tdb, i, F_WRLCK);
+}
+
+/* lock/unlock one hash chain. This is meant to be used to reduce
+   contention - it cannot guarantee how many records will be locked */
+int tdb_chainlock(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+       return tdb_lock(tdb, BUCKET(tdb->hash_fn(&key)), F_WRLCK);
+}
+
+int tdb_chainunlock(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+       return tdb_unlock(tdb, BUCKET(tdb->hash_fn(&key)), F_WRLCK);
+}
+
+int tdb_chainlock_read(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+       return tdb_lock(tdb, BUCKET(tdb->hash_fn(&key)), F_RDLCK);
+}
+
+int tdb_chainunlock_read(TDB_CONTEXT *tdb, TDB_DATA key)
+{
+       return tdb_unlock(tdb, BUCKET(tdb->hash_fn(&key)), F_RDLCK);
+}
+
+
+/* register a loging function */
+void tdb_logging_function(TDB_CONTEXT *tdb, void (*fn)(TDB_CONTEXT *, int , 
const char *, ...))
+{
+       tdb->log_fn = fn?fn:null_log_fn;
+}
+
+
+/* reopen a tdb - this can be used after a fork to ensure that we have an 
independent
+   seek pointer from our parent and to re-establish locks */
+int tdb_reopen(TDB_CONTEXT *tdb)
+{
+       struct stat st;
+
+       if (tdb->flags & TDB_INTERNAL)
+               return 0; /* Nothing to do. */
+       if (tdb_munmap(tdb) != 0) {
+               TDB_LOG((tdb, 0, "tdb_reopen: munmap failed (%s)\n", 
strerror(errno)));
+               goto fail;
+       }
+       if (close(tdb->fd) != 0)
+               TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd 
failed!\n"));
+       tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
+       if (tdb->fd == -1) {
+               TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", 
strerror(errno)));
+               goto fail;
+       }
+       if (fstat(tdb->fd, &st) != 0) {
+               TDB_LOG((tdb, 0, "tdb_reopen: fstat failed (%s)\n", 
strerror(errno)));
+               goto fail;
+       }
+       if (st.st_ino != tdb->inode || st.st_dev != tdb->device) {
+               TDB_LOG((tdb, 0, "tdb_reopen: file dev/inode has changed!\n"));
+               goto fail;
+       }
+       tdb_mmap(tdb);
+       if ((tdb->flags & TDB_CLEAR_IF_FIRST) && (tdb_brlock(tdb, ACTIVE_LOCK, 
F_RDLCK, F_SETLKW, 0) == -1)) {
+               TDB_LOG((tdb, 0, "tdb_reopen: failed to obtain active lock\n"));
+               goto fail;
+       }
+
+       return 0;
+
+fail:
+       tdb_close(tdb);
+       return -1;
+}
+
+/* Not general: only works if single writer. */
+TDB_CONTEXT *tdb_copy(TDB_CONTEXT *tdb, const char *outfile)
+{
+       int fd, saved_errno;
+       TDB_CONTEXT *copy;
+
+       fd = open(outfile, O_TRUNC|O_CREAT|O_WRONLY, 0640);
+       if (fd < 0)
+               return NULL;
+       if (tdb->map_ptr) {
+               if (write(fd,tdb->map_ptr,tdb->map_size) != (int)tdb->map_size)
+                       goto fail;
+       } else {
+               char buf[65536];
+               int r;
+
+               lseek(tdb->fd, 0, SEEK_SET);
+               while ((r = read(tdb->fd, buf, sizeof(buf))) > 0) {
+                       if (write(fd, buf, r) != r)
+                               goto fail;
+               }
+               if (r < 0)
+                       goto fail;
+       }
+       copy = tdb_open(outfile, 0, 0, O_RDWR, 0);
+       if (!copy)
+               goto fail;
+       close(fd);
+       return copy;
+
+fail:
+       saved_errno = errno;
+       close(fd);
+       unlink(outfile);
+       errno = saved_errno;
+       return NULL;
+}
+
+/* reopen all tdb's */
+int tdb_reopen_all(void)
+{
+       TDB_CONTEXT *tdb;
+
+       for (tdb=tdbs; tdb; tdb = tdb->next) {
+               /* Ensure no clear-if-first. */
+               tdb->flags &= ~TDB_CLEAR_IF_FIRST;
+               if (tdb_reopen(tdb) != 0)
+                       return -1;
+       }
+
+       return 0;
+}
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/tdb.h
--- /dev/null   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/tdb.h      Mon Sep 26 17:07:49 2005
@@ -0,0 +1,157 @@
+#ifndef __TDB_H__
+#define __TDB_H__
+
+/* 
+   Unix SMB/CIFS implementation.
+
+   trivial database library
+
+   Copyright (C) Andrew Tridgell 1999-2004
+   
+     ** NOTE! The following LGPL license applies to the tdb
+     ** library. This does NOT imply that all of Samba is released
+     ** under the LGPL
+   
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+*/
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/* flags to tdb_store() */
+#define TDB_REPLACE 1
+#define TDB_INSERT 2
+#define TDB_MODIFY 3
+
+/* flags for tdb_open() */
+#define TDB_DEFAULT 0 /* just a readability place holder */
+#define TDB_CLEAR_IF_FIRST 1
+#define TDB_INTERNAL 2 /* don't store on disk */
+#define TDB_NOLOCK   4 /* don't do any locking */
+#define TDB_NOMMAP   8 /* don't use mmap */
+#define TDB_CONVERT 16 /* convert endian (internal use) */
+#define TDB_BIGENDIAN 32 /* header is big-endian (internal use) */
+
+#define TDB_ERRCODE(code, ret) ((tdb->ecode = (code)), ret)
+
+/* error codes */
+enum TDB_ERROR {TDB_SUCCESS=0, TDB_ERR_CORRUPT, TDB_ERR_IO, TDB_ERR_LOCK, 
+               TDB_ERR_OOM, TDB_ERR_EXISTS, TDB_ERR_NOLOCK, 
TDB_ERR_LOCK_TIMEOUT,
+               TDB_ERR_NOEXIST};
+
+#ifndef u32
+#define u32 unsigned
+#endif
+
+typedef struct TDB_DATA {
+       char *dptr;
+       size_t dsize;
+} TDB_DATA;
+
+typedef u32 tdb_len;
+typedef u32 tdb_off;
+
+/* this is stored at the front of every database */
+struct tdb_header {
+       char magic_food[32]; /* for /etc/magic */
+       u32 version; /* version of the code */
+       u32 hash_size; /* number of hash entries */
+       tdb_off rwlocks;
+       tdb_off reserved[31];
+};
+
+struct tdb_lock_type {
+       u32 count;
+       u32 ltype;
+};
+
+struct tdb_traverse_lock {
+       struct tdb_traverse_lock *next;
+       u32 off;
+       u32 hash;
+};
+
+#ifndef PRINTF_ATTRIBUTE
+#define PRINTF_ATTRIBUTE(a,b)
+#endif
+
+/* this is the context structure that is returned from a db open */
+typedef struct tdb_context {
+       char *name; /* the name of the database */
+       void *map_ptr; /* where it is currently mapped */
+       int fd; /* open file descriptor for the database */
+       tdb_len map_size; /* how much space has been mapped */
+       int read_only; /* opened read-only */
+       struct tdb_lock_type *locked; /* array of chain locks */
+       enum TDB_ERROR ecode; /* error code for last tdb error */
+       struct tdb_header header; /* a cached copy of the header */
+       u32 flags; /* the flags passed to tdb_open */
+       struct tdb_traverse_lock travlocks; /* current traversal locks */
+       struct tdb_context *next; /* all tdbs to avoid multiple opens */
+       dev_t device;   /* uniquely identifies this tdb */
+       ino_t inode;    /* uniquely identifies this tdb */
+       void (*log_fn)(struct tdb_context *tdb, int level, const char *, ...) 
PRINTF_ATTRIBUTE(3,4); /* logging function */
+       u32 (*hash_fn)(TDB_DATA *key);
+       int open_flags; /* flags used in the open - needed by reopen */
+} TDB_CONTEXT;
+
+typedef int (*tdb_traverse_func)(TDB_CONTEXT *, TDB_DATA, TDB_DATA, void *);
+typedef void (*tdb_log_func)(TDB_CONTEXT *, int , const char *, ...);
+typedef u32 (*tdb_hash_func)(TDB_DATA *key);
+
+TDB_CONTEXT *tdb_open(const char *name, int hash_size, int tdb_flags,
+                     int open_flags, mode_t mode);
+TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags,
+                        int open_flags, mode_t mode,
+                        tdb_log_func log_fn,
+                        tdb_hash_func hash_fn);
+
+int tdb_reopen(TDB_CONTEXT *tdb);
+int tdb_reopen_all(void);
+void tdb_logging_function(TDB_CONTEXT *tdb, tdb_log_func);
+enum TDB_ERROR tdb_error(TDB_CONTEXT *tdb);
+const char *tdb_errorstr(TDB_CONTEXT *tdb);
+TDB_DATA tdb_fetch(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_delete(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_store(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA dbuf, int flag);
+int tdb_append(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA new_dbuf);
+int tdb_close(TDB_CONTEXT *tdb);
+TDB_DATA tdb_firstkey(TDB_CONTEXT *tdb);
+TDB_DATA tdb_nextkey(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_traverse(TDB_CONTEXT *tdb, tdb_traverse_func fn, void *);
+int tdb_exists(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_lockall(TDB_CONTEXT *tdb);
+void tdb_unlockall(TDB_CONTEXT *tdb);
+
+/* Low level locking functions: use with care */
+int tdb_chainlock(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_chainunlock(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_chainlock_read(TDB_CONTEXT *tdb, TDB_DATA key);
+int tdb_chainunlock_read(TDB_CONTEXT *tdb, TDB_DATA key);
+TDB_CONTEXT *tdb_copy(TDB_CONTEXT *tdb, const char *outfile);
+
+/* Debug functions. Not used in production. */
+void tdb_dump_all(TDB_CONTEXT *tdb);
+int tdb_printfreelist(TDB_CONTEXT *tdb);
+
+extern TDB_DATA tdb_null;
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* tdb.h */
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/xenstore/xs_tdb_dump.c
--- /dev/null   Fri Sep 23 21:41:28 2005
+++ b/tools/xenstore/xs_tdb_dump.c      Mon Sep 26 17:07:49 2005
@@ -0,0 +1,82 @@
+/* Simple program to dump out all records of TDB */
+#include <stdint.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdarg.h>
+
+#include "xs_lib.h"
+#include "tdb.h"
+#include "talloc.h"
+#include "utils.h"
+
+struct record_hdr {
+       u32 num_perms;
+       u32 datalen;
+       u32 childlen;
+       struct xs_permissions perms[0];
+};
+
+static u32 total_size(struct record_hdr *hdr)
+{
+       return sizeof(*hdr) + hdr->num_perms * sizeof(struct xs_permissions) 
+               + hdr->datalen + hdr->childlen;
+}
+
+static char perm_to_char(enum xs_perm_type perm)
+{
+       return perm == XS_PERM_READ ? 'r' :
+               perm == XS_PERM_WRITE ? 'w' :
+               perm == XS_PERM_NONE ? '-' :
+               perm == (XS_PERM_READ|XS_PERM_WRITE) ? 'b' :
+               '?';
+}
+
+int main(int argc, char *argv[])
+{
+       TDB_DATA key;
+       TDB_CONTEXT *tdb;
+
+       if (argc != 2)
+               barf("Usage: xs_tdb_dump <tdbfile>");
+
+       tdb = tdb_open(talloc_strdup(NULL, argv[1]), 0, 0, O_RDONLY, 0);
+       if (!tdb)
+               barf_perror("Could not open %s", argv[1]);
+
+       key = tdb_firstkey(tdb);
+       while (key.dptr) {
+               TDB_DATA data;
+               struct record_hdr *hdr;
+
+               data = tdb_fetch(tdb, key);
+               hdr = (void *)data.dptr;
+               if (data.dsize < sizeof(*hdr))
+                       fprintf(stderr, "%.*s: BAD truncated\n",
+                               key.dsize, key.dptr);
+               else if (data.dsize != total_size(hdr))
+                       fprintf(stderr, "%.*s: BAD length %i for %i/%i/%i 
(%i)\n",
+                               key.dsize, key.dptr, data.dsize,
+                               hdr->num_perms, hdr->datalen,
+                               hdr->childlen, total_size(hdr));
+               else {
+                       unsigned int i;
+                       char *p;
+
+                       printf("%.*s: ", key.dsize, key.dptr);
+                       for (i = 0; i < hdr->num_perms; i++)
+                               printf("%s%c%i",
+                                      i == 0 ? "" : ",",
+                                      perm_to_char(hdr->perms[i].perms),
+                                      hdr->perms[i].id);
+                       p = (void *)&hdr->perms[hdr->num_perms];
+                       printf(" %.*s\n", hdr->datalen, p);
+                       p += hdr->datalen;
+                       for (i = 0; i < hdr->childlen; i += strlen(p+i)+1)
+                               printf("\t-> %s\n", p+i);
+               }
+               key = tdb_nextkey(tdb, key);
+       }
+       return 0;
+}
+
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/examples/mem-map.sxp
--- a/tools/examples/mem-map.sxp        Fri Sep 23 21:41:28 2005
+++ /dev/null   Mon Sep 26 17:07:49 2005
@@ -1,10 +0,0 @@
-(memmap
- (0000000000000000  000000000009f800 "AddressRangeMemory"   WB)
- (000000000009f800  00000000000a0000 "AddressRangeReserved" UC)
- (00000000000a0000  00000000000bffff "AddressRangeIO"       UC)
- (00000000000f0000  0000000000100000 "AddressRangeReserved" UC)
- (0000000000100000  0000000008000000 "AddressRangeMemory"   WB)
- (0000000007fff000  0000000008000000 "AddressRangeShared"   WB)
- (0000000008000000  0000000008003000 "AddressRangeNVS"      UC)
- (0000000008003000  000000000800d000 "AddressRangeACPI"     WB)
- (00000000fec00000  0000000100000000 "AddressRangeIO"       UC))
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/libxc/linux_boot_params.h
--- a/tools/libxc/linux_boot_params.h   Fri Sep 23 21:41:28 2005
+++ /dev/null   Mon Sep 26 17:07:49 2005
@@ -1,166 +0,0 @@
-#ifndef __LINUX_BOOT_PARAMS_H__
-#define __LINUX_BOOT_PARAMS_H__
-
-#include <asm/types.h>
-
-#define E820MAX        32
-
-struct mem_map {
-    int nr_map;
-    struct entry {
-        u64 addr;      /* start of memory segment */
-        u64 size;      /* size of memory segment */
-        u32 type;              /* type of memory segment */
-#define E820_RAM        1
-#define E820_RESERVED   2
-#define E820_ACPI       3 /* usable as RAM once ACPI tables have been read */
-#define E820_NVS        4
-#define E820_IO         16
-#define E820_SHARED     17
-#define E820_XENSTORE   18
-
-        u32 caching_attr;    /* used by hypervisor */
-#define MEMMAP_UC      0
-#define MEMMAP_WC      1
-#define MEMMAP_WT      4
-#define MEMMAP_WP      5
-#define MEMMAP_WB      6
-
-    }map[E820MAX];
-};
-
-struct e820entry {
-       u64 addr;       /* start of memory segment */
-       u64 size;       /* size of memory segment */
-       u32 type;       /* type of memory segment */
-}__attribute__((packed));
-
-struct e820map {
-    u32 nr_map;
-    struct e820entry map[E820MAX];
-}__attribute__((packed));
-
-struct drive_info_struct { __u8 dummy[32]; }; 
-
-struct sys_desc_table { 
-    __u16 length; 
-    __u8 table[318]; 
-}; 
-
-struct screen_info {
-    unsigned char  orig_x;             /* 0x00 */
-    unsigned char  orig_y;             /* 0x01 */
-    unsigned short dontuse1;           /* 0x02 -- EXT_MEM_K sits here */
-    unsigned short orig_video_page;    /* 0x04 */
-    unsigned char  orig_video_mode;    /* 0x06 */
-    unsigned char  orig_video_cols;    /* 0x07 */
-    unsigned short unused2;            /* 0x08 */
-    unsigned short orig_video_ega_bx;  /* 0x0a */
-    unsigned short unused3;            /* 0x0c */
-    unsigned char  orig_video_lines;   /* 0x0e */
-    unsigned char  orig_video_isVGA;   /* 0x0f */
-    unsigned short orig_video_points;  /* 0x10 */
-    
-    /* VESA graphic mode -- linear frame buffer */
-    unsigned short lfb_width;          /* 0x12 */
-    unsigned short lfb_height;         /* 0x14 */
-    unsigned short lfb_depth;          /* 0x16 */
-    unsigned int   lfb_base;           /* 0x18 */
-    unsigned int   lfb_size;           /* 0x1c */
-    unsigned short dontuse2, dontuse3; /* 0x20 -- CL_MAGIC and CL_OFFSET here 
*/
-    unsigned short lfb_linelength;     /* 0x24 */
-    unsigned char  red_size;           /* 0x26 */
-    unsigned char  red_pos;            /* 0x27 */
-    unsigned char  green_size;         /* 0x28 */
-    unsigned char  green_pos;          /* 0x29 */
-    unsigned char  blue_size;          /* 0x2a */
-    unsigned char  blue_pos;           /* 0x2b */
-    unsigned char  rsvd_size;          /* 0x2c */
-    unsigned char  rsvd_pos;           /* 0x2d */
-    unsigned short vesapm_seg;         /* 0x2e */
-    unsigned short vesapm_off;         /* 0x30 */
-    unsigned short pages;              /* 0x32 */
-                                       /* 0x34 -- 0x3f reserved for future 
expansion */
-};
-
-struct screen_info_overlap { 
-    __u8 reserved1[2]; /* 0x00 */ 
-    __u16 ext_mem_k; /* 0x02 */ 
-    __u8 reserved2[0x20 - 0x04]; /* 0x04 */ 
-    __u16 cl_magic; /* 0x20 */ 
-#define CL_MAGIC_VALUE 0xA33F 
-    __u16 cl_offset; /* 0x22 */ 
-    __u8 reserved3[0x40 - 0x24]; /* 0x24 */ 
-}; 
-
-
-struct apm_bios_info {
-    __u16 version;
-    __u16  cseg;
-    __u32   offset;
-    __u16  cseg_16;
-    __u16  dseg;
-    __u16  flags;
-    __u16  cseg_len;
-    __u16  cseg_16_len;
-    __u16  dseg_len;
-};
- 
-struct linux_boot_params { 
-    union { /* 0x00 */ 
-       struct screen_info info; 
-       struct screen_info_overlap overlap; 
-    } screen; 
- 
-    struct apm_bios_info apm_bios_info; /* 0x40 */ 
-    __u8 reserved4[0x80 - 0x54]; /* 0x54 */ 
-    struct drive_info_struct drive_info; /* 0x80 */ 
-    struct sys_desc_table sys_desc_table; /* 0xa0 */ 
-    __u32 alt_mem_k; /* 0x1e0 */ 
-    __u8 reserved5[4]; /* 0x1e4 */ 
-    __u8 e820_map_nr; /* 0x1e8 */ 
-    __u8 reserved6[8]; /* 0x1e9 */ 
-    __u8 setup_sects; /* 0x1f1 */ 
-    __u16 mount_root_rdonly; /* 0x1f2 */ 
-    __u16 syssize; /* 0x1f4 */ 
-    __u16 swapdev; /* 0x1f6 */ 
-    __u16 ramdisk_flags; /* 0x1f8 */ 
-#define RAMDISK_IMAGE_START_MASK 0x07FF 
-#define RAMDISK_PROMPT_FLAG 0x8000 
-#define RAMDISK_LOAD_FLAG 0x4000 
-    __u16 vid_mode; /* 0x1fa */ 
-    __u16 root_dev; /* 0x1fc */ 
-    __u8 reserved9[1]; /* 0x1fe */ 
-    __u8 aux_device_info; /* 0x1ff */ 
-    /* 2.00+ */ 
-    __u8 reserved10[2]; /* 0x200 */ 
-    __u8 header_magic[4]; /* 0x202 */ 
-    __u16 protocol_version; /* 0x206 */ 
-    __u8 reserved11[8]; /* 0x208 */ 
-    __u8 loader_type; /* 0x210 */ 
-#define LOADER_TYPE_LOADLIN 1 
-#define LOADER_TYPE_BOOTSECT_LOADER 2 
-#define LOADER_TYPE_SYSLINUX 3 
-#define LOADER_TYPE_ETHERBOOT 4 
-#define LOADER_TYPE_UNKNOWN 0xFF 
-    __u8 loader_flags; /* 0x211 */ 
-    __u8 reserved12[2]; /* 0x212 */ 
-    __u32 code32_start; /* 0x214 */ 
-    __u32 initrd_start; /* 0x218 */ 
-    __u32 initrd_size; /* 0x21c */ 
-    __u8 reserved13[4]; /* 0x220 */ 
-    /* 2.01+ */ 
-    __u16 heap_end_ptr; /* 0x224 */ 
-    __u8 reserved14[2]; /* 0x226 */ 
-    /* 2.02+ */ 
-    __u32 cmd_line_ptr; /* 0x228 */ 
-    /* 2.03+ */ 
-    __u32 ramdisk_max; /* 0x22c */ 
-    __u8 reserved15[0x2d0 - 0x230]; /* 0x230 */ 
-    struct e820entry e820_map[E820MAX]; /* 0x2d0 */ 
-    __u64 shared_info; /* 0x550 */
-    __u8 padding[0x800 - 0x558]; /* 0x558 */ 
-    __u8 cmd_line[0x800]; /* 0x800 */
-} __attribute__((packed)); 
-
-#endif /* __LINUX_BOOT_PARAMS_H__ */
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/util/memmap.py
--- a/tools/python/xen/util/memmap.py   Fri Sep 23 21:41:28 2005
+++ /dev/null   Mon Sep 26 17:07:49 2005
@@ -1,41 +0,0 @@
-mem_caching_attr = {
-    'UC' : 0,
-    'WC' : 1,
-    'WT' : 4,
-    'WP' : 5,
-    'WB' : 6,
-    };
-
-e820_mem_type = {
-    'AddressRangeMemory'    : 1,
-    'AddressRangeReserved'  : 2,
-    'AddressRangeACPI'      : 3,
-    'AddressRangeNVS'       : 4,
-    'AddressRangeIO'        : 16,
-    'AddressRangeShared'    : 17,
-};
-
-MT_COL = 2
-MA_COL = 3
-
-def strmap(row):
-   if (type(row) != type([])):
-       return row
-   row[MT_COL] = e820_mem_type[row[MT_COL]]
-   row[MA_COL] = mem_caching_attr[row[MA_COL]]
-   return row
-
-def memmap_parse(memmap):
-    return map(strmap, memmap)
-
-if __name__ == '__main__':
-   memmap = [ 'memmap',
-              [ '1', '2', 'AddressRangeMemory', 'UC'],
-              [ '1', '2', 'AddressRangeReserved', 'UC'],
-              [ '1', '2', 'AddressRangeACPI', 'WB'],
-              [ '1', '2', 'AddressRangeNVS', 'WB'],
-              [ '1', '2', 'AddressRangeIO', 'WB'],
-              [ '1', '2', 'AddressRangeShared', 'WB']]
-   print memmap_parse(memmap);
-
-
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/util/tempfile.py
--- a/tools/python/xen/util/tempfile.py Fri Sep 23 21:41:28 2005
+++ /dev/null   Mon Sep 26 17:07:49 2005
@@ -1,451 +0,0 @@
-"""Temporary files.
-
-This module provides generic, low- and high-level interfaces for
-creating temporary files and directories.  The interfaces listed
-as "safe" just below can be used without fear of race conditions.
-Those listed as "unsafe" cannot, and are provided for backward
-compatibility only.
-
-This module also provides some data items to the user:
-
-  TMP_MAX  - maximum number of names that will be tried before
-             giving up.
-  template - the default prefix for all temporary names.
-             You may change this to control the default prefix.
-  tempdir  - If this is set to a string before the first use of
-             any routine from this module, it will be considered as
-             another candidate location to store temporary files.
-"""
-
-__all__ = [
-    "NamedTemporaryFile", "TemporaryFile", # high level safe interfaces
-    "mkstemp", "mkdtemp",                  # low level safe interfaces
-    "mktemp",                              # deprecated unsafe interface
-    "TMP_MAX", "gettempprefix",            # constants
-    "tempdir", "gettempdir"
-   ]
-
-
-# Imports.
-
-import os as _os
-import errno as _errno
-from random import Random as _Random
-
-if _os.name == 'mac':
-    import Carbon.Folder as _Folder
-    import Carbon.Folders as _Folders
-
-try:
-    import fcntl as _fcntl
-    # If PYTHONCASEOK is set on Windows, stinking FCNTL.py gets
-    # imported, and we don't get an ImportError then.  Provoke
-    # an AttributeError instead in that case.
-    _fcntl.fcntl
-except (ImportError, AttributeError):
-    def _set_cloexec(fd):
-        pass
-else:
-    def _set_cloexec(fd):
-        flags = _fcntl.fcntl(fd, _fcntl.F_GETFD, 0)
-        if flags >= 0:
-            # flags read successfully, modify
-            flags |= _fcntl.FD_CLOEXEC
-            _fcntl.fcntl(fd, _fcntl.F_SETFD, flags)
-
-
-try:
-    import thread as _thread
-except ImportError:
-    import dummy_thread as _thread
-_allocate_lock = _thread.allocate_lock
-
-_text_openflags = _os.O_RDWR | _os.O_CREAT | _os.O_EXCL
-if hasattr(_os, 'O_NOINHERIT'):
-    _text_openflags |= _os.O_NOINHERIT
-if hasattr(_os, 'O_NOFOLLOW'):
-    _text_openflags |= _os.O_NOFOLLOW
-
-_bin_openflags = _text_openflags
-if hasattr(_os, 'O_BINARY'):
-    _bin_openflags |= _os.O_BINARY
-
-if hasattr(_os, 'TMP_MAX'):
-    TMP_MAX = _os.TMP_MAX
-else:
-    TMP_MAX = 10000
-
-template = "tmp"
-
-tempdir = None
-
-# Internal routines.
-
-_once_lock = _allocate_lock()
-
-class _RandomNameSequence:
-    """An instance of _RandomNameSequence generates an endless
-    sequence of unpredictable strings which can safely be incorporated
-    into file names.  Each string is six characters long.  Multiple
-    threads can safely use the same instance at the same time.
-
-    _RandomNameSequence is an iterator."""
-
-    characters = ("abcdefghijklmnopqrstuvwxyz" +
-                  "ABCDEFGHIJKLMNOPQRSTUVWXYZ" +
-                  "0123456789-_")
-
-    def __init__(self):
-        self.mutex = _allocate_lock()
-        self.rng = _Random()
-        self.normcase = _os.path.normcase
-
-    def __iter__(self):
-        return self
-
-    def next(self):
-        m = self.mutex
-        c = self.characters
-        choose = self.rng.choice
-
-        m.acquire()
-        try:
-            letters = [choose(c) for dummy in "123456"]
-        finally:
-            m.release()
-
-        return self.normcase(''.join(letters))
-
-def _candidate_tempdir_list():
-    """Generate a list of candidate temporary directories which
-    _get_default_tempdir will try."""
-
-    dirlist = []
-
-    # First, try the environment.
-    for envname in 'TMPDIR', 'TEMP', 'TMP':
-        dirname = _os.getenv(envname)
-        if dirname: dirlist.append(dirname)
-
-    # Failing that, try OS-specific locations.
-    if _os.name == 'mac':
-        try:
-            fsr = _Folder.FSFindFolder(_Folders.kOnSystemDisk,
-                                              _Folders.kTemporaryFolderType, 1)
-            dirname = fsr.as_pathname()
-            dirlist.append(dirname)
-        except _Folder.error:
-            pass
-    elif _os.name == 'riscos':
-        dirname = _os.getenv('Wimp$ScrapDir')
-        if dirname: dirlist.append(dirname)
-    elif _os.name == 'nt':
-        dirlist.extend([ r'c:\temp', r'c:\tmp', r'\temp', r'\tmp' ])
-    else:
-        dirlist.extend([ '/tmp', '/var/tmp', '/usr/tmp' ])
-
-    # As a last resort, the current directory.
-    try:
-        dirlist.append(_os.getcwd())
-    except (AttributeError, _os.error):
-        dirlist.append(_os.curdir)
-
-    return dirlist
-
-def _get_default_tempdir():
-    """Calculate the default directory to use for temporary files.
-    This routine should be called exactly once.
-
-    We determine whether or not a candidate temp dir is usable by
-    trying to create and write to a file in that directory.  If this
-    is successful, the test file is deleted.  To prevent denial of
-    service, the name of the test file must be randomized."""
-
-    namer = _RandomNameSequence()
-    dirlist = _candidate_tempdir_list()
-    flags = _text_openflags
-
-    for dir in dirlist:
-        if dir != _os.curdir:
-            dir = _os.path.normcase(_os.path.abspath(dir))
-        # Try only a few names per directory.
-        for seq in xrange(100):
-            name = namer.next()
-            filename = _os.path.join(dir, name)
-            try:
-                fd = _os.open(filename, flags, 0600)
-                fp = _os.fdopen(fd, 'w')
-                fp.write('blat')
-                fp.close()
-                _os.unlink(filename)
-                del fp, fd
-                return dir
-            except (OSError, IOError), e:
-                if e[0] != _errno.EEXIST:
-                    break # no point trying more names in this directory
-                pass
-    raise IOError, (_errno.ENOENT,
-                    ("No usable temporary directory found in %s" % dirlist))
-
-_name_sequence = None
-
-def _get_candidate_names():
-    """Common setup sequence for all user-callable interfaces."""
-
-    global _name_sequence
-    if _name_sequence is None:
-        _once_lock.acquire()
-        try:
-            if _name_sequence is None:
-                _name_sequence = _RandomNameSequence()
-        finally:
-            _once_lock.release()
-    return _name_sequence
-
-
-def _mkstemp_inner(dir, pre, suf, flags):
-    """Code common to mkstemp, TemporaryFile, and NamedTemporaryFile."""
-
-    names = _get_candidate_names()
-
-    for seq in xrange(TMP_MAX):
-        name = names.next()
-        file = _os.path.join(dir, pre + name + suf)
-        try:
-            fd = _os.open(file, flags, 0600)
-            _set_cloexec(fd)
-            return (fd, file)
-        except OSError, e:
-            if e.errno == _errno.EEXIST:
-                continue # try again
-            raise
-
-    raise IOError, (_errno.EEXIST, "No usable temporary file name found")
-
-
-# User visible interfaces.
-
-def gettempprefix():
-    """Accessor for tempdir.template."""
-    return template
-
-tempdir = None
-
-def gettempdir():
-    """Accessor for tempdir.tempdir."""
-    global tempdir
-    if tempdir is None:
-        _once_lock.acquire()
-        try:
-            if tempdir is None:
-                tempdir = _get_default_tempdir()
-        finally:
-            _once_lock.release()
-    return tempdir
-
-def mkstemp(suffix="", prefix=template, dir=None, text=False):
-    """mkstemp([suffix, [prefix, [dir, [text]]]])
-    User-callable function to create and return a unique temporary
-    file.  The return value is a pair (fd, name) where fd is the
-    file descriptor returned by os.open, and name is the filename.
-
-    If 'suffix' is specified, the file name will end with that suffix,
-    otherwise there will be no suffix.
-
-    If 'prefix' is specified, the file name will begin with that prefix,
-    otherwise a default prefix is used.
-
-    If 'dir' is specified, the file will be created in that directory,
-    otherwise a default directory is used.
-
-    If 'text' is specified and true, the file is opened in text
-    mode.  Else (the default) the file is opened in binary mode.  On
-    some operating systems, this makes no difference.
-
-    The file is readable and writable only by the creating user ID.
-    If the operating system uses permission bits to indicate whether a
-    file is executable, the file is executable by no one. The file
-    descriptor is not inherited by children of this process.
-
-    Caller is responsible for deleting the file when done with it.
-    """
-
-    if dir is None:
-        dir = gettempdir()
-
-    if text:
-        flags = _text_openflags
-    else:
-        flags = _bin_openflags
-
-    return _mkstemp_inner(dir, prefix, suffix, flags)
-
-
-def mkdtemp(suffix="", prefix=template, dir=None):
-    """mkdtemp([suffix, [prefix, [dir]]])
-    User-callable function to create and return a unique temporary
-    directory.  The return value is the pathname of the directory.
-
-    Arguments are as for mkstemp, except that the 'text' argument is
-    not accepted.
-
-    The directory is readable, writable, and searchable only by the
-    creating user.
-
-    Caller is responsible for deleting the directory when done with it.
-    """
-
-    if dir is None:
-        dir = gettempdir()
-
-    names = _get_candidate_names()
-
-    for seq in xrange(TMP_MAX):
-        name = names.next()
-        file = _os.path.join(dir, prefix + name + suffix)
-        try:
-            _os.mkdir(file, 0700)
-            return file
-        except OSError, e:
-            if e.errno == _errno.EEXIST:
-                continue # try again
-            raise
-
-    raise IOError, (_errno.EEXIST, "No usable temporary directory name found")
-
-def mktemp(suffix="", prefix=template, dir=None):
-    """mktemp([suffix, [prefix, [dir]]])
-    User-callable function to return a unique temporary file name.  The
-    file is not created.
-
-    Arguments are as for mkstemp, except that the 'text' argument is
-    not accepted.
-
-    This function is unsafe and should not be used.  The file name
-    refers to a file that did not exist at some point, but by the time
-    you get around to creating it, someone else may have beaten you to
-    the punch.
-    """
-
-##    from warnings import warn as _warn
-##    _warn("mktemp is a potential security risk to your program",
-##          RuntimeWarning, stacklevel=2)
-
-    if dir is None:
-        dir = gettempdir()
-
-    names = _get_candidate_names()
-    for seq in xrange(TMP_MAX):
-        name = names.next()
-        file = _os.path.join(dir, prefix + name + suffix)
-        if not _os.path.exists(file):
-            return file
-
-    raise IOError, (_errno.EEXIST, "No usable temporary filename found")
-
-class _TemporaryFileWrapper:
-    """Temporary file wrapper
-
-    This class provides a wrapper around files opened for
-    temporary use.  In particular, it seeks to automatically
-    remove the file when it is no longer needed.
-    """
-
-    def __init__(self, file, name):
-        self.file = file
-        self.name = name
-        self.close_called = False
-
-    def __getattr__(self, name):
-        file = self.__dict__['file']
-        a = getattr(file, name)
-        if type(a) != type(0):
-            setattr(self, name, a)
-        return a
-
-    # NT provides delete-on-close as a primitive, so we don't need
-    # the wrapper to do anything special.  We still use it so that
-    # file.name is useful (i.e. not "(fdopen)") with NamedTemporaryFile.
-    if _os.name != 'nt':
-
-        # Cache the unlinker so we don't get spurious errors at
-        # shutdown when the module-level "os" is None'd out.  Note
-        # that this must be referenced as self.unlink, because the
-        # name TemporaryFileWrapper may also get None'd out before
-        # __del__ is called.
-        unlink = _os.unlink
-
-        def close(self):
-            if not self.close_called:
-                self.close_called = True
-                self.file.close()
-                self.unlink(self.name)
-
-        def __del__(self):
-            self.close()
-
-def NamedTemporaryFile(mode='w+b', bufsize=-1, suffix="",
-                       prefix=template, dir=None):
-    """Create and return a temporary file.
-    Arguments:
-    'prefix', 'suffix', 'dir' -- as for mkstemp.
-    'mode' -- the mode argument to os.fdopen (default "w+b").
-    'bufsize' -- the buffer size argument to os.fdopen (default -1).
-    The file is created as mkstemp() would do it.
-
-    Returns a file object; the name of the file is accessible as
-    file.name.  The file will be automatically deleted when it is
-    closed.
-    """
-
-    if dir is None:
-        dir = gettempdir()
-
-    if 'b' in mode:
-        flags = _bin_openflags
-    else:
-        flags = _text_openflags
-
-    # Setting O_TEMPORARY in the flags causes the OS to delete
-    # the file when it is closed.  This is only supported by Windows.
-    if _os.name == 'nt':
-        flags |= _os.O_TEMPORARY
-
-    (fd, name) = _mkstemp_inner(dir, prefix, suffix, flags)
-    file = _os.fdopen(fd, mode, bufsize)
-    return _TemporaryFileWrapper(file, name)
-
-if _os.name != 'posix' or _os.sys.platform == 'cygwin':
-    # On non-POSIX and Cygwin systems, assume that we cannot unlink a file
-    # while it is open.
-    TemporaryFile = NamedTemporaryFile
-
-else:
-    def TemporaryFile(mode='w+b', bufsize=-1, suffix="",
-                      prefix=template, dir=None):
-        """Create and return a temporary file.
-        Arguments:
-        'prefix', 'suffix', 'directory' -- as for mkstemp.
-        'mode' -- the mode argument to os.fdopen (default "w+b").
-        'bufsize' -- the buffer size argument to os.fdopen (default -1).
-        The file is created as mkstemp() would do it.
-
-        Returns a file object.  The file has no name, and will cease to
-        exist when it is closed.
-        """
-
-        if dir is None:
-            dir = gettempdir()
-
-        if 'b' in mode:
-            flags = _bin_openflags
-        else:
-            flags = _text_openflags
-
-        (fd, name) = _mkstemp_inner(dir, prefix, suffix, flags)
-        try:
-            _os.unlink(name)
-            return _os.fdopen(fd, mode, bufsize)
-        except:
-            _os.close(fd)
-            raise
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/xend/Blkctl.py
--- a/tools/python/xen/xend/Blkctl.py   Fri Sep 23 21:41:28 2005
+++ /dev/null   Mon Sep 26 17:07:49 2005
@@ -1,43 +0,0 @@
-"""Xend interface to block control scripts.
-"""
-import os
-import os.path
-import sys
-import string
-import xen.util.process
-
-from xen.xend import XendRoot
-
-xroot = XendRoot.instance()
-
-"""Where network control scripts live."""
-SCRIPT_DIR = xroot.block_script_dir
-
-def block(op, type, dets, script=None):
-    """Call a block control script.
-    Xend calls this with op 'bind' when it is about to export a block device
-    (other than a raw partition).  The script is called with unbind when a
-    device is no longer in use and should be removed.
-
-    @param op:        operation (start, stop, status)
-    @param type:      type of block device (determines the script used)
-    @param dets:      arguments to the control script
-    @param script:    block script name
-    """
-    
-    if op not in ['bind', 'unbind']:
-        raise ValueError('Invalid operation:' + op)
-
-    # Special case phy devices - they don't require any (un)binding
-    # Parallax also doesn't need script-based binding.
-    if (type == 'phy') or (type == 'parallax'):
-        return dets
-    
-    if script is None:
-        script = xroot.get_block_script(type)
-    script = os.path.join(SCRIPT_DIR, script)
-    args = [op] + string.split(dets, ':')
-    args = ' '.join(args)
-    ret = xen.util.process.runscript(script + ' ' + args)
-    if len(ret):
-        return ret.splitlines()[0]
diff -r eaedc6b4ec0f -r ef9591d03fdd tools/python/xen/xend/XendDB.py
--- a/tools/python/xen/xend/XendDB.py   Fri Sep 23 21:41:28 2005
+++ /dev/null   Mon Sep 26 17:07:49 2005
@@ -1,127 +0,0 @@
-#============================================================================
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of version 2.1 of the GNU Lesser General Public
-# License as published by the Free Software Foundation.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-#============================================================================
-# Copyright (C) 2004, 2005 Mike Wray <mike.wray@xxxxxx>
-#============================================================================
-
-import os
-import os.path
-import errno
-import dircache
-import time
-
-import sxp
-import XendRoot
-xroot = XendRoot.instance()
-
-class XendDB:
-    """Persistence for Xend. Stores data in files and directories.
-    """
-
-    def __init__(self, path=None):
-        self.dbpath = xroot.get_dbroot()
-        if path:
-            self.dbpath = os.path.join(self.dbpath, path)
-        pass
-
-    def listdir(self, dpath):
-        try:
-            return dircache.listdir(dpath)
-        except:
-            return []
-
-    def filepath(self, path):
-        return os.path.join(self.dbpath, path)
-        
-    def fetch(self, path):
-        fpath = self.filepath(path)
-        return self.fetchfile(fpath)
-
-    def fetchfile(self, fpath):
-        pin = sxp.Parser()
-        fin = file(fpath, "rb")
-        try:
-            while 1:
-                try:
-                    buf = fin.read(1024)
-                except IOError, ex:
-                    if ex.errno == errno.EINTR:
-                        continue
-                    else:
-                        raise
-                pin.input(buf)
-                if buf == '':
-                    pin.input_eof()
-                    break
-        finally:
-            fin.close()
-        return pin.get_val()
-
-    def save(self, path, sxpr):
-        fpath = self.filepath(path)
-        return self.savefile(fpath, sxpr)
-    
-    def savefile(self, fpath, sxpr):
-        backup = False
-        fdir = os.path.dirname(fpath)
-        if not os.path.isdir(fdir):
-            os.makedirs(fdir)
-        if os.path.exists(fpath):
-            backup = True
-            real_fpath = fpath
-            fpath += ".new."
-            
-        fout = file(fpath, "wb+")
-        try:
-            try:
-                t = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
-                fout.write("# %s %s\n" % (fpath, t))
-                sxp.show(sxpr, out=fout)
-            finally:
-                fout.close()
-        except:
-            if backup:
-                try:
-                    os.unlink(fpath)
-                except:
-                    pass
-                raise
-        if backup:
-            os.rename(fpath, real_fpath)
-
-    def fetchall(self, path):
-        dpath = self.filepath(path)
-        d = {}
-        for k in self.listdir(dpath):
-            try:
-                v = self.fetchfile(os.path.join(dpath, k))
-                d[k] = v
-            except:
-                pass
-        return d
-
-    def saveall(self, path, d):
-        for (k, v) in d.items():
-            self.save(os.path.join(path, k), v)
-
-    def delete(self, path):
-        dpath = self.filepath(path)
-        os.unlink(dpath)
-
-    def ls(self, path):
-        dpath = self.filepath(path)
-        return self.listdir(dpath)
-        
-
-        

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.