[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] Merge with ia64 xen tree.



# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Date 1184230438 -3600
# Node ID d0477293897c08c7b95257f20212e8a241626dbf
# Parent  f536eb8576eeb7363212911b02fbaff4918172df
# Parent  a9103c71565e69f79458cc19a920cc17fcba9de2
Merge with ia64 xen tree.
---
 docs/xen-api/xenapi-datamodel.tex                |  477 ++++++++++++-----------
 tools/firmware/hvmloader/acpi/dsdt.asl           |   21 -
 tools/firmware/hvmloader/acpi/dsdt.c             |   25 -
 tools/firmware/hvmloader/config.h                |    2 
 tools/firmware/hvmloader/hvmloader.c             |   12 
 tools/firmware/rombios/rombios.c                 |   48 +-
 tools/ioemu/hw/ide.c                             |    3 
 tools/ioemu/target-i386-dm/exec-dm.c             |    6 
 tools/ioemu/vl.c                                 |    5 
 tools/libxc/xc_domain.c                          |   21 +
 tools/libxc/xenctrl.h                            |   14 
 tools/libxen/include/xen/api/xen_acmpolicy.h     |  117 +++++
 tools/libxen/include/xen/api/xen_vdi.h           |   13 
 tools/libxen/include/xen/api/xen_vm.h            |   14 
 tools/libxen/include/xen/api/xen_xspolicy.h      |  271 +++++++++++++
 tools/libxen/include/xen/api/xen_xspolicy_decl.h |   31 +
 tools/libxen/src/xen_acmpolicy.c                 |  234 +++++++++++
 tools/libxen/src/xen_vdi.c                       |   39 +
 tools/libxen/src/xen_vm.c                        |   45 ++
 tools/libxen/src/xen_xspolicy.c                  |  327 +++++++++++++++
 tools/python/xen/xend/XendDomain.py              |    8 
 tools/python/xen/xm/activatepolicy.py            |   86 ++++
 tools/python/xen/xm/addlabel.py                  |  135 ++++--
 tools/python/xen/xm/cfgbootpolicy.py             |   76 ++-
 tools/python/xen/xm/create.dtd                   |    7 
 tools/python/xen/xm/create.py                    |   22 -
 tools/python/xen/xm/getlabel.py                  |   45 +-
 tools/python/xen/xm/getpolicy.py                 |   94 ++++
 tools/python/xen/xm/labels.py                    |   37 +
 tools/python/xen/xm/loadpolicy.py                |   32 +
 tools/python/xen/xm/main.py                      |   72 ++-
 tools/python/xen/xm/makepolicy.py                |   14 
 tools/python/xen/xm/resources.py                 |   33 +
 tools/python/xen/xm/rmlabel.py                   |   65 ++-
 tools/python/xen/xm/setpolicy.py                 |  117 +++++
 tools/python/xen/xm/xenapi_create.py             |   55 ++
 tools/vtpm_manager/util/hashtable_itr.c          |    8 
 tools/xenstore/xsls.c                            |   37 +
 xen/arch/ia64/linux-xen/perfmon.c                |    2 
 xen/arch/ia64/xen/oprofile/perfmon.c             |   11 
 xen/arch/x86/acpi/Makefile                       |    1 
 xen/arch/x86/acpi/power.c                        |  273 +++++++++++++
 xen/arch/x86/acpi/suspend.c                      |   85 ++++
 xen/arch/x86/acpi/wakeup_prot.S                  |  267 ++++++++++++
 xen/arch/x86/apic.c                              |    2 
 xen/arch/x86/boot/Makefile                       |    3 
 xen/arch/x86/boot/head.S                         |    2 
 xen/arch/x86/boot/wakeup.S                       |  212 ++++++++++
 xen/arch/x86/cpu/common.c                        |    8 
 xen/arch/x86/dmi_scan.c                          |    1 
 xen/arch/x86/domain.c                            |   27 +
 xen/arch/x86/e820.c                              |   71 +--
 xen/arch/x86/hvm/hvm.c                           |    3 
 xen/arch/x86/hvm/svm/svm.c                       |    7 
 xen/arch/x86/hvm/vlapic.c                        |    9 
 xen/arch/x86/hvm/vmx/vmcs.c                      |  178 +++++---
 xen/arch/x86/hvm/vmx/vmx.c                       |   20 
 xen/arch/x86/i8259.c                             |    3 
 xen/arch/x86/io_apic.c                           |    3 
 xen/arch/x86/irq.c                               |   33 +
 xen/arch/x86/nmi.c                               |    2 
 xen/arch/x86/oprofile/nmi_int.c                  |   83 +---
 xen/arch/x86/platform_hypercall.c                |   17 
 xen/arch/x86/smpboot.c                           |  336 +++++++++++++++-
 xen/arch/x86/x86_32/traps.c                      |    2 
 xen/arch/x86/x86_64/traps.c                      |    2 
 xen/common/page_alloc.c                          |   20 
 xen/common/sysctl.c                              |   14 
 xen/common/xenoprof.c                            |   52 +-
 xen/drivers/char/ns16550.c                       |    4 
 xen/drivers/char/serial.c                        |    4 
 xen/include/asm-ia64/xenoprof.h                  |    2 
 xen/include/asm-x86/acpi.h                       |    8 
 xen/include/asm-x86/config.h                     |   10 
 xen/include/asm-x86/desc.h                       |    5 
 xen/include/asm-x86/hvm/hvm.h                    |   20 
 xen/include/asm-x86/hvm/vmx/vmcs.h               |    3 
 xen/include/asm-x86/smp.h                        |   13 
 xen/include/asm-x86/system.h                     |    2 
 xen/include/asm-x86/xenoprof.h                   |    4 
 xen/include/public/platform.h                    |   27 +
 xen/include/public/sysctl.h                      |   13 
 xen/include/xen/irq.h                            |   10 
 xen/include/xen/mm.h                             |    2 
 xen/include/xen/xenoprof.h                       |    2 
 85 files changed, 3842 insertions(+), 704 deletions(-)

diff -r f536eb8576ee -r d0477293897c docs/xen-api/xenapi-datamodel.tex
--- a/docs/xen-api/xenapi-datamodel.tex Wed Jul 11 11:32:30 2007 -0600
+++ b/docs/xen-api/xenapi-datamodel.tex Thu Jul 12 09:53:58 2007 +0100
@@ -225,6 +225,249 @@ The following enumeration types are used
 \end{longtable}
 
 \vspace{1cm}
+\newpage
+\section{Error Handling}
+When a low-level transport error occurs, or a request is malformed at the HTTP
+or XML-RPC level, the server may send an XML-RPC Fault response, or the client
+may simulate the same.  The client must be prepared to handle these errors,
+though they may be treated as fatal.  On the wire, these are transmitted in a
+form similar to this:
+
+\begin{verbatim}
+    <methodResponse>
+      <fault>
+        <value>
+          <struct>
+            <member>
+                <name>faultCode</name>
+                <value><int>-1</int></value>
+              </member>
+              <member>
+                <name>faultString</name>
+                <value><string>Malformed request</string></value>
+            </member>
+          </struct>
+        </value>
+      </fault>
+    </methodResponse>
+\end{verbatim}
+
+All other failures are reported with a more structured error response, to
+allow better automatic response to failures, proper internationalisation of
+any error message, and easier debugging.  On the wire, these are transmitted
+like this:
+
+\begin{verbatim}
+    <struct>
+      <member>
+        <name>Status</name>
+        <value>Failure</value>
+      </member>
+      <member>
+        <name>ErrorDescription</name>
+        <value>
+          <array>
+            <data>
+              <value>MAP_DUPLICATE_KEY</value>
+              <value>Customer</value>
+              <value>eSpeil Inc.</value>
+              <value>eSpeil Incorporated</value>
+            </data>
+          </array>
+        </value>
+      </member>
+    </struct>
+\end{verbatim}
+
+Note that {\tt ErrorDescription} value is an array of string values. The
+first element of the array is an error code; the remainder of the array are
+strings representing error parameters relating to that code.  In this case,
+the client has attempted to add the mapping {\tt Customer $\rightarrow$
+eSpiel Incorporated} to a Map, but it already contains the mapping
+{\tt Customer $\rightarrow$ eSpiel Inc.}, and so the request has failed.
+
+The reference below lists each possible error returned by each method.
+As well as the errors explicitly listed, any method may return low-level
+errors as described above, or any of the following generic errors:
+
+\begin{itemize}
+\item HANDLE\_INVALID
+\item INTERNAL\_ERROR
+\item MAP\_DUPLICATE\_KEY
+\item MESSAGE\_METHOD\_UNKNOWN
+\item MESSAGE\_PARAMETER\_COUNT\_MISMATCH
+\item OPERATION\_NOT\_ALLOWED
+\item PERMISSION\_DENIED
+\item SESSION\_INVALID
+\end{itemize}
+
+Each possible error code is documented in the following section.
+
+\subsection{Error Codes}
+
+\subsubsection{HANDLE\_INVALID}
+
+You gave an invalid handle.  The object may have recently been deleted. 
+The class parameter gives the type of reference given, and the handle
+parameter echoes the bad value given.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}HANDLE_INVALID(class, handle)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{INTERNAL\_ERROR}
+
+The server failed to handle your request, due to an internal error.  The
+given message may give details useful for debugging the problem.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}INTERNAL_ERROR(message)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{MAP\_DUPLICATE\_KEY}
+
+You tried to add a key-value pair to a map, but that key is already there. 
+The key, current value, and the new value that you tried to set are all
+echoed.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}MAP_DUPLICATE_KEY(key, current value, new value)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{MESSAGE\_METHOD\_UNKNOWN}
+
+You tried to call a method that does not exist.  The method name that you
+used is echoed.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}MESSAGE_METHOD_UNKNOWN(method)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{MESSAGE\_PARAMETER\_COUNT\_MISMATCH}
+
+You tried to call a method with the incorrect number of parameters.  The
+fully-qualified method name that you used, and the number of received and
+expected parameters are returned.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}MESSAGE_PARAMETER_COUNT_MISMATCH(method, expected, 
received)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{NETWORK\_ALREADY\_CONNECTED}
+
+You tried to create a PIF, but the network you tried to attach it to is
+already attached to some other PIF, and so the creation failed.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}NETWORK_ALREADY_CONNECTED(network, connected PIF)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{OPERATION\_NOT\_ALLOWED}
+
+You attempted an operation that was not allowed.
+
+\vspace{0.3cm}
+No parameters.
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{PERMISSION\_DENIED}
+
+You do not have the required permissions to perform the operation.
+
+\vspace{0.3cm}
+No parameters.
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{PIF\_IS\_PHYSICAL}
+
+You tried to destroy a PIF, but it represents an aspect of the physical
+host configuration, and so cannot be destroyed.  The parameter echoes the
+PIF handle you gave.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}PIF_IS_PHYSICAL(PIF)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{SESSION\_AUTHENTICATION\_FAILED}
+
+The credentials given by the user are incorrect, so access has been denied,
+and you have not been issued a session handle.
+
+\vspace{0.3cm}
+No parameters.
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{SESSION\_INVALID}
+
+You gave an invalid session handle.  It may have been invalidated by a
+server restart, or timed out.  You should get a new session handle, using
+one of the session.login\_ calls.  This error does not invalidate the
+current connection.  The handle parameter echoes the bad value given.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}SESSION_INVALID(handle)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{SESSION\_NOT\_REGISTERED}
+
+This session is not registered to receive events.  You must call
+event.register before event.next.  The session handle you are using is
+echoed.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}SESSION_NOT_REGISTERED(handle)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{VALUE\_NOT\_SUPPORTED}
+
+You attempted to set a value that is not supported by this implementation. 
+The fully-qualified field name and the value that you tried to set are
+returned.  Also returned is a developer-only diagnostic reason.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}VALUE_NOT_SUPPORTED(field, value, reason)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{VLAN\_TAG\_INVALID}
+
+You tried to create a VLAN, but the tag you gave was invalid -- it mmust be
+between 0 and 4095.  The parameter echoes the VLAN tag you gave.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}VLAN_TAG_INVALID(VLAN)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{VM\_BAD\_POWER\_STATE}
+
+You attempted an operation on a VM that was not in an appropriate power
+state at the time; for example, you attempted to start a VM that was
+already running.  The parameters returned are the VM's handle, and the
+expected and actual VM state at the time of the call.
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}VM_BAD_POWER_STATE(vm, expected, actual)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
+
+\subsubsection{VM\_HVM\_REQUIRED}
+
+HVM is required for this operation
+
+\vspace{0.3cm}
+{\bf Signature:}
+\begin{verbatim}VM_HVM_REQUIRED(vm)\end{verbatim}
+\begin{center}\rule{10em}{0.1pt}\end{center}
 
 \newpage
 \section{Class: session}
@@ -275,6 +518,11 @@ session ref
 
 
 ID of newly created session
+
+\vspace{0.3cm}
+
+\noindent{\bf Possible Error Codes:} {\tt SESSION\_AUTHENTICATION\_FAILED}
+
 \vspace{0.3cm}
 \vspace{0.3cm}
 \vspace{0.3cm}
@@ -7100,7 +7348,9 @@ value of the field
 \subsubsection{RPC name:~get\_flags}
 
 {\bf Overview:} 
-Get the flags field of the given host\_cpu.
+Get the flags field of the given host\_cpu.  As of this version of the
+API, the semantics of the returned string are explicitly unspecified,
+and may change in the future.
 
  \noindent {\bf Signature:} 
 \begin{verbatim} string get_flags (session_id s, host_cpu ref 
self)\end{verbatim}
@@ -7132,7 +7382,9 @@ value of the field
 \subsubsection{RPC name:~get\_features}
 
 {\bf Overview:} 
-Get the features field of the given host\_cpu.
+Get the features field of the given host\_cpu. As of this version of the
+API, the semantics of the returned string are explicitly unspecified,
+and may change in the future.
 
  \noindent {\bf Signature:} 
 \begin{verbatim} string get_features (session_id s, host_cpu ref 
self)\end{verbatim}
@@ -14192,224 +14444,3 @@ all fields from the object
 \vspace{0.3cm}
 \vspace{0.3cm}
 
-\vspace{1cm}
-\newpage
-\section{Error Handling}
-When a low-level transport error occurs, or a request is malformed at the HTTP
-or XML-RPC level, the server may send an XML-RPC Fault response, or the client
-may simulate the same.  The client must be prepared to handle these errors,
-though they may be treated as fatal.  On the wire, these are transmitted in a
-form similar to this:
-
-\begin{verbatim}
-    <methodResponse>
-      <fault>
-        <value>
-          <struct>
-            <member>
-                <name>faultCode</name>
-                <value><int>-1</int></value>
-              </member>
-              <member>
-                <name>faultString</name>
-                <value><string>Malformed request</string></value>
-            </member>
-          </struct>
-        </value>
-      </fault>
-    </methodResponse>
-\end{verbatim}
-
-All other failures are reported with a more structured error response, to
-allow better automatic response to failures, proper internationalisation of
-any error message, and easier debugging.  On the wire, these are transmitted
-like this:
-
-\begin{verbatim}
-    <struct>
-      <member>
-        <name>Status</name>
-        <value>Failure</value>
-      </member>
-      <member>
-        <name>ErrorDescription</name>
-        <value>
-          <array>
-            <data>
-              <value>MAP_DUPLICATE_KEY</value>
-              <value>Customer</value>
-              <value>eSpeil Inc.</value>
-              <value>eSpeil Incorporated</value>
-            </data>
-          </array>
-        </value>
-      </member>
-    </struct>
-\end{verbatim}
-
-Note that {\tt ErrorDescription} value is an array of string values. The
-first element of the array is an error code; the remainder of the array are
-strings representing error parameters relating to that code.  In this case,
-the client has attempted to add the mapping {\tt Customer $\rightarrow$
-eSpiel Incorporated} to a Map, but it already contains the mapping
-{\tt Customer $\rightarrow$ eSpiel Inc.}, and so the request has failed.
-
-Each possible error code is documented in the following section.
-
-\subsection{Error Codes}
-
-\subsubsection{HANDLE\_INVALID}
-
-You gave an invalid handle.  The object may have recently been deleted. 
-The class parameter gives the type of reference given, and the handle
-parameter echoes the bad value given.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}HANDLE_INVALID(class, handle)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{INTERNAL\_ERROR}
-
-The server failed to handle your request, due to an internal error.  The
-given message may give details useful for debugging the problem.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}INTERNAL_ERROR(message)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{MAP\_DUPLICATE\_KEY}
-
-You tried to add a key-value pair to a map, but that key is already there. 
-The key, current value, and the new value that you tried to set are all
-echoed.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}MAP_DUPLICATE_KEY(key, current value, new value)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{MESSAGE\_METHOD\_UNKNOWN}
-
-You tried to call a method that does not exist.  The method name that you
-used is echoed.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}MESSAGE_METHOD_UNKNOWN(method)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{MESSAGE\_PARAMETER\_COUNT\_MISMATCH}
-
-You tried to call a method with the incorrect number of parameters.  The
-fully-qualified method name that you used, and the number of received and
-expected parameters are returned.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}MESSAGE_PARAMETER_COUNT_MISMATCH(method, expected, 
received)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{NETWORK\_ALREADY\_CONNECTED}
-
-You tried to create a PIF, but the network you tried to attach it to is
-already attached to some other PIF, and so the creation failed.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}NETWORK_ALREADY_CONNECTED(network, connected PIF)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{OPERATION\_NOT\_ALLOWED}
-
-You attempted an operation that was not allowed.
-
-\vspace{0.3cm}
-No parameters.
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{PIF\_IS\_PHYSICAL}
-
-You tried to destroy a PIF, but it represents an aspect of the physical
-host configuration, and so cannot be destroyed.  The parameter echoes the
-PIF handle you gave.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}PIF_IS_PHYSICAL(PIF)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{SESSION\_AUTHENTICATION\_FAILED}
-
-The credentials given by the user are incorrect, so access has been denied,
-and you have not been issued a session handle.
-
-\vspace{0.3cm}
-No parameters.
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{SESSION\_INVALID}
-
-You gave an invalid session handle.  It may have been invalidated by a
-server restart, or timed out.  You should get a new session handle, using
-one of the session.login\_ calls.  This error does not invalidate the
-current connection.  The handle parameter echoes the bad value given.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}SESSION_INVALID(handle)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{SESSION\_NOT\_REGISTERED}
-
-This session is not registered to receive events.  You must call
-event.register before event.next.  The session handle you are using is
-echoed.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}SESSION_NOT_REGISTERED(handle)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{VALUE\_NOT\_SUPPORTED}
-
-You attempted to set a value that is not supported by this implementation. 
-The fully-qualified field name and the value that you tried to set are
-returned.  Also returned is a developer-only diagnostic reason.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}VALUE_NOT_SUPPORTED(field, value, reason)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{VLAN\_TAG\_INVALID}
-
-You tried to create a VLAN, but the tag you gave was invalid -- it mmust be
-between 0 and 4095.  The parameter echoes the VLAN tag you gave.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}VLAN_TAG_INVALID(VLAN)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{VM\_BAD\_POWER\_STATE}
-
-You attempted an operation on a VM that was not in an appropriate power
-state at the time; for example, you attempted to start a VM that was
-already running.  The parameters returned are the VM's handle, and the
-expected and actual VM state at the time of the call.
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}VM_BAD_POWER_STATE(vm, expected, actual)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
-
-\subsubsection{VM\_HVM\_REQUIRED}
-
-HVM is required for this operation
-
-\vspace{0.3cm}
-{\bf Signature:}
-\begin{verbatim}VM_HVM_REQUIRED(vm)\end{verbatim}
-\begin{center}\rule{10em}{0.1pt}\end{center}
diff -r f536eb8576ee -r d0477293897c tools/firmware/hvmloader/acpi/dsdt.asl
--- a/tools/firmware/hvmloader/acpi/dsdt.asl    Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/firmware/hvmloader/acpi/dsdt.asl    Thu Jul 12 09:53:58 2007 +0100
@@ -123,11 +123,12 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, 
             }
 
             Name(BUFA, ResourceTemplate() {
-                IRQ(Level, ActiveLow, Shared) { 5, 7, 10, 11 }
+                IRQ(Level, ActiveLow, Shared) { 5, 10, 11 }
             })
 
             Name(BUFB, Buffer() {
-                0x23, 0x00, 0x00, 0x18, 0x79, 0
+                0x23, 0x00, 0x00, 0x18, /* IRQ descriptor */
+                0x79, 0                 /* End tag, null checksum */
             })
 
             CreateWordField(BUFB, 0x01, IRQV)
@@ -643,6 +644,22 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, 
                         IRQNoFlags () {4}
                     })
                 }
+
+                Device (LTP1)
+                {
+                    Name (_HID, EisaId ("PNP0400"))
+                    Name (_UID, 0x02)
+                    Method (_STA, 0, NotSerialized)
+                    {
+                        Return (0x0F)
+                    }
+
+                    Name (_CRS, ResourceTemplate()
+                    {
+                        IO (Decode16, 0x0378, 0x0378, 0x08, 0x08)
+                        IRQNoFlags () {7}
+                    })
+                } 
             }
         }
     }
diff -r f536eb8576ee -r d0477293897c tools/firmware/hvmloader/acpi/dsdt.c
--- a/tools/firmware/hvmloader/acpi/dsdt.c      Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/firmware/hvmloader/acpi/dsdt.c      Thu Jul 12 09:53:58 2007 +0100
@@ -1,19 +1,19 @@
 /*
  * 
  * Intel ACPI Component Architecture
- * ASL Optimizing Compiler version 20060707 [Dec 30 2006]
+ * ASL Optimizing Compiler version 20060707 [Feb 16 2007]
  * Copyright (C) 2000 - 2006 Intel Corporation
  * Supports ACPI Specification Revision 3.0a
  * 
- * Compilation of "dsdt.asl" - Sat May 12 16:13:55 2007
+ * Compilation of "dsdt.asl" - Wed Jul 11 13:34:30 2007
  * 
  * C source code output
  *
  */
 unsigned char AmlCode[] =
 {
-    0x44,0x53,0x44,0x54,0x67,0x0D,0x00,0x00,  /* 00000000    "DSDTg..." */
-    0x02,0xE0,0x58,0x65,0x6E,0x00,0x00,0x00,  /* 00000008    "..Xen..." */
+    0x44,0x53,0x44,0x54,0x9F,0x0D,0x00,0x00,  /* 00000000    "DSDT...." */
+    0x02,0x2E,0x58,0x65,0x6E,0x00,0x00,0x00,  /* 00000008    "..Xen..." */
     0x48,0x56,0x4D,0x00,0x00,0x00,0x00,0x00,  /* 00000010    "HVM....." */
     0x00,0x00,0x00,0x00,0x49,0x4E,0x54,0x4C,  /* 00000018    "....INTL" */
     0x07,0x07,0x06,0x20,0x08,0x50,0x4D,0x42,  /* 00000020    "... .PMB" */
@@ -27,7 +27,7 @@ unsigned char AmlCode[] =
     0x04,0x0A,0x07,0x0A,0x07,0x00,0x00,0x08,  /* 00000060    "........" */
     0x50,0x49,0x43,0x44,0x00,0x14,0x0C,0x5F,  /* 00000068    "PICD..._" */
     0x50,0x49,0x43,0x01,0x70,0x68,0x50,0x49,  /* 00000070    "PIC.phPI" */
-    0x43,0x44,0x10,0x4C,0xCE,0x5F,0x53,0x42,  /* 00000078    "CD.L._SB" */
+    0x43,0x44,0x10,0x44,0xD2,0x5F,0x53,0x42,  /* 00000078    "CD.D._SB" */
     0x5F,0x5B,0x82,0x49,0x04,0x4D,0x45,0x4D,  /* 00000080    "_[.I.MEM" */
     0x30,0x08,0x5F,0x48,0x49,0x44,0x0C,0x41,  /* 00000088    "0._HID.A" */
     0xD0,0x0C,0x02,0x08,0x5F,0x43,0x52,0x53,  /* 00000090    "...._CRS" */
@@ -37,7 +37,7 @@ unsigned char AmlCode[] =
     0x00,0x00,0xFF,0xFF,0x09,0x00,0x00,0x00,  /* 000000B0    "........" */
     0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,  /* 000000B8    "........" */
     0x00,0x00,0x00,0x00,0x0A,0x00,0x00,0x00,  /* 000000C0    "........" */
-    0x00,0x00,0x79,0x00,0x5B,0x82,0x49,0xC9,  /* 000000C8    "..y.[.I." */
+    0x00,0x00,0x79,0x00,0x5B,0x82,0x41,0xCD,  /* 000000C8    "..y.[.A." */
     0x50,0x43,0x49,0x30,0x08,0x5F,0x48,0x49,  /* 000000D0    "PCI0._HI" */
     0x44,0x0C,0x41,0xD0,0x0A,0x03,0x08,0x5F,  /* 000000D8    "D.A...._" */
     0x55,0x49,0x44,0x00,0x08,0x5F,0x41,0x44,  /* 000000E0    "UID.._AD" */
@@ -59,7 +59,7 @@ unsigned char AmlCode[] =
     0x00,0xF0,0xFF,0xFF,0xFF,0xF4,0x00,0x00,  /* 00000160    "........" */
     0x00,0x00,0x00,0x00,0x00,0x05,0x79,0x00,  /* 00000168    "......y." */
     0xA4,0x50,0x52,0x54,0x30,0x08,0x42,0x55,  /* 00000170    ".PRT0.BU" */
-    0x46,0x41,0x11,0x09,0x0A,0x06,0x23,0xA0,  /* 00000178    "FA....#." */
+    0x46,0x41,0x11,0x09,0x0A,0x06,0x23,0x20,  /* 00000178    "FA....# " */
     0x0C,0x18,0x79,0x00,0x08,0x42,0x55,0x46,  /* 00000180    "..y..BUF" */
     0x42,0x11,0x09,0x0A,0x06,0x23,0x00,0x00,  /* 00000188    "B....#.." */
     0x18,0x79,0x00,0x8B,0x42,0x55,0x46,0x42,  /* 00000190    ".y..BUFB" */
@@ -348,7 +348,7 @@ unsigned char AmlCode[] =
     0x0C,0x04,0x0C,0xFF,0xFF,0x0F,0x00,0x0A,  /* 00000A68    "........" */
     0x02,0x00,0x0A,0x2F,0x12,0x0C,0x04,0x0C,  /* 00000A70    ".../...." */
     0xFF,0xFF,0x0F,0x00,0x0A,0x03,0x00,0x0A,  /* 00000A78    "........" */
-    0x10,0x5B,0x82,0x44,0x2E,0x49,0x53,0x41,  /* 00000A80    ".[.D.ISA" */
+    0x10,0x5B,0x82,0x4C,0x31,0x49,0x53,0x41,  /* 00000A80    ".[.L1ISA" */
     0x5F,0x08,0x5F,0x41,0x44,0x52,0x0C,0x00,  /* 00000A88    "_._ADR.." */
     0x00,0x01,0x00,0x5B,0x80,0x50,0x49,0x52,  /* 00000A90    "...[.PIR" */
     0x51,0x02,0x0A,0x60,0x0A,0x04,0x10,0x2E,  /* 00000A98    "Q..`...." */
@@ -440,6 +440,13 @@ unsigned char AmlCode[] =
     0x09,0x5F,0x53,0x54,0x41,0x00,0xA4,0x0A,  /* 00000D48    "._STA..." */
     0x0F,0x08,0x5F,0x43,0x52,0x53,0x11,0x10,  /* 00000D50    ".._CRS.." */
     0x0A,0x0D,0x47,0x01,0xF8,0x03,0xF8,0x03,  /* 00000D58    "..G....." */
-    0x01,0x08,0x22,0x10,0x00,0x79,0x00,
+    0x01,0x08,0x22,0x10,0x00,0x79,0x00,0x5B,  /* 00000D60    ".."..y.[" */
+    0x82,0x36,0x4C,0x54,0x50,0x31,0x08,0x5F,  /* 00000D68    ".6LTP1._" */
+    0x48,0x49,0x44,0x0C,0x41,0xD0,0x04,0x00,  /* 00000D70    "HID.A..." */
+    0x08,0x5F,0x55,0x49,0x44,0x0A,0x02,0x14,  /* 00000D78    "._UID..." */
+    0x09,0x5F,0x53,0x54,0x41,0x00,0xA4,0x0A,  /* 00000D80    "._STA..." */
+    0x0F,0x08,0x5F,0x43,0x52,0x53,0x11,0x10,  /* 00000D88    ".._CRS.." */
+    0x0A,0x0D,0x47,0x01,0x78,0x03,0x78,0x03,  /* 00000D90    "..G.x.x." */
+    0x08,0x08,0x22,0x80,0x00,0x79,0x00,
 };
 int DsdtLen=sizeof(AmlCode);
diff -r f536eb8576ee -r d0477293897c tools/firmware/hvmloader/config.h
--- a/tools/firmware/hvmloader/config.h Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/firmware/hvmloader/config.h Thu Jul 12 09:53:58 2007 +0100
@@ -9,7 +9,7 @@
 #define LAPIC_ID(vcpu_id)   ((vcpu_id) * 2)
 
 #define PCI_ISA_DEVFN       0x08    /* dev 1, fn 0 */
-#define PCI_ISA_IRQ_MASK    0x0ca0U /* ISA IRQs 5,7,10,11 are PCI connected */
+#define PCI_ISA_IRQ_MASK    0x0c20U /* ISA IRQs 5,10,11 are PCI connected */
 
 #define ROMBIOS_SEG            0xF000
 #define ROMBIOS_BEGIN          0x000F0000
diff -r f536eb8576ee -r d0477293897c tools/firmware/hvmloader/hvmloader.c
--- a/tools/firmware/hvmloader/hvmloader.c      Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/firmware/hvmloader/hvmloader.c      Thu Jul 12 09:53:58 2007 +0100
@@ -180,15 +180,13 @@ static void pci_setup(void)
     unsigned int bar, pin, link, isa_irq;
 
     /* Program PCI-ISA bridge with appropriate link routes. */
-    link = 0;
-    for ( isa_irq = 0; isa_irq < 15; isa_irq++ )
-    {
-        if ( !(PCI_ISA_IRQ_MASK & (1U << isa_irq)) )
-            continue;
+    isa_irq = 0;
+    for ( link = 0; link < 4; link++ )
+    {
+        do { isa_irq = (isa_irq + 1) & 15;
+        } while ( !(PCI_ISA_IRQ_MASK & (1U << isa_irq)) );
         pci_writeb(PCI_ISA_DEVFN, 0x60 + link, isa_irq);
         printf("PCI-ISA link %u routed to IRQ%u\n", link, isa_irq);
-        if ( link++ == 4 )
-            break;
     }
 
     /* Program ELCR to match PCI-wired IRQs. */
diff -r f536eb8576ee -r d0477293897c tools/firmware/rombios/rombios.c
--- a/tools/firmware/rombios/rombios.c  Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/firmware/rombios/rombios.c  Thu Jul 12 09:53:58 2007 +0100
@@ -9146,78 +9146,78 @@ pci_routing_table_structure:
   db 0 ;; pci bus number
   db 0x08 ;; pci device number (bit 7-3)
   db 0x61 ;; link value INTA#: pointer into PCI2ISA config space
-  dw 0x0ca0 ;; IRQ bitmap INTA# 
+  dw 0x0c20 ;; IRQ bitmap INTA# 
   db 0x62 ;; link value INTB#
-  dw 0x0ca0 ;; IRQ bitmap INTB# 
+  dw 0x0c20 ;; IRQ bitmap INTB# 
   db 0x63 ;; link value INTC#
-  dw 0x0ca0 ;; IRQ bitmap INTC# 
+  dw 0x0c20 ;; IRQ bitmap INTC# 
   db 0x60 ;; link value INTD#
-  dw 0x0ca0 ;; IRQ bitmap INTD#
+  dw 0x0c20 ;; IRQ bitmap INTD#
   db 0 ;; physical slot (0 = embedded)
   db 0 ;; reserved
   ;; second slot entry: 1st PCI slot
   db 0 ;; pci bus number
   db 0x10 ;; pci device number (bit 7-3)
   db 0x62 ;; link value INTA#
-  dw 0x0ca0 ;; IRQ bitmap INTA# 
+  dw 0x0c20 ;; IRQ bitmap INTA# 
   db 0x63 ;; link value INTB#
-  dw 0x0ca0 ;; IRQ bitmap INTB# 
+  dw 0x0c20 ;; IRQ bitmap INTB# 
   db 0x60 ;; link value INTC#
-  dw 0x0ca0 ;; IRQ bitmap INTC# 
+  dw 0x0c20 ;; IRQ bitmap INTC# 
   db 0x61 ;; link value INTD#
-  dw 0x0ca0 ;; IRQ bitmap INTD#
+  dw 0x0c20 ;; IRQ bitmap INTD#
   db 1 ;; physical slot (0 = embedded)
   db 0 ;; reserved
   ;; third slot entry: 2nd PCI slot
   db 0 ;; pci bus number
   db 0x18 ;; pci device number (bit 7-3)
   db 0x63 ;; link value INTA#
-  dw 0x0ca0 ;; IRQ bitmap INTA# 
+  dw 0x0c20 ;; IRQ bitmap INTA# 
   db 0x60 ;; link value INTB#
-  dw 0x0ca0 ;; IRQ bitmap INTB# 
+  dw 0x0c20 ;; IRQ bitmap INTB# 
   db 0x61 ;; link value INTC#
-  dw 0x0ca0 ;; IRQ bitmap INTC# 
+  dw 0x0c20 ;; IRQ bitmap INTC# 
   db 0x62 ;; link value INTD#
-  dw 0x0ca0 ;; IRQ bitmap INTD#
+  dw 0x0c20 ;; IRQ bitmap INTD#
   db 2 ;; physical slot (0 = embedded)
   db 0 ;; reserved
   ;; 4th slot entry: 3rd PCI slot
   db 0 ;; pci bus number
   db 0x20 ;; pci device number (bit 7-3)
   db 0x60 ;; link value INTA#
-  dw 0x0ca0 ;; IRQ bitmap INTA# 
+  dw 0x0c20 ;; IRQ bitmap INTA# 
   db 0x61 ;; link value INTB#
-  dw 0x0ca0 ;; IRQ bitmap INTB# 
+  dw 0x0c20 ;; IRQ bitmap INTB# 
   db 0x62 ;; link value INTC#
-  dw 0x0ca0 ;; IRQ bitmap INTC# 
+  dw 0x0c20 ;; IRQ bitmap INTC# 
   db 0x63 ;; link value INTD#
-  dw 0x0ca0 ;; IRQ bitmap INTD#
+  dw 0x0c20 ;; IRQ bitmap INTD#
   db 3 ;; physical slot (0 = embedded)
   db 0 ;; reserved
   ;; 5th slot entry: 4rd PCI slot
   db 0 ;; pci bus number
   db 0x28 ;; pci device number (bit 7-3)
   db 0x61 ;; link value INTA#
-  dw 0x0ca0 ;; IRQ bitmap INTA# 
+  dw 0x0c20 ;; IRQ bitmap INTA# 
   db 0x62 ;; link value INTB#
-  dw 0x0ca0 ;; IRQ bitmap INTB# 
+  dw 0x0c20 ;; IRQ bitmap INTB# 
   db 0x63 ;; link value INTC#
-  dw 0x0ca0 ;; IRQ bitmap INTC# 
+  dw 0x0c20 ;; IRQ bitmap INTC# 
   db 0x60 ;; link value INTD#
-  dw 0x0ca0 ;; IRQ bitmap INTD#
+  dw 0x0c20 ;; IRQ bitmap INTD#
   db 4 ;; physical slot (0 = embedded)
   db 0 ;; reserved
   ;; 6th slot entry: 5rd PCI slot
   db 0 ;; pci bus number
   db 0x30 ;; pci device number (bit 7-3)
   db 0x62 ;; link value INTA#
-  dw 0x0ca0 ;; IRQ bitmap INTA# 
+  dw 0x0c20 ;; IRQ bitmap INTA# 
   db 0x63 ;; link value INTB#
-  dw 0x0ca0 ;; IRQ bitmap INTB# 
+  dw 0x0c20 ;; IRQ bitmap INTB# 
   db 0x60 ;; link value INTC#
-  dw 0x0ca0 ;; IRQ bitmap INTC# 
+  dw 0x0c20 ;; IRQ bitmap INTC# 
   db 0x61 ;; link value INTD#
-  dw 0x0ca0 ;; IRQ bitmap INTD#
+  dw 0x0c20 ;; IRQ bitmap INTD#
   db 5 ;; physical slot (0 = embedded)
   db 0 ;; reserved
 #endif // BX_PCIBIOS
diff -r f536eb8576ee -r d0477293897c tools/ioemu/hw/ide.c
--- a/tools/ioemu/hw/ide.c      Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/ioemu/hw/ide.c      Thu Jul 12 09:53:58 2007 +0100
@@ -596,7 +596,8 @@ static void ide_identify(IDEState *s)
     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
     put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
     put_le16(p + 84, (1 << 14));
-    put_le16(p + 85, (1 << 14));
+    /* 14=nop 5=write_cache */
+    put_le16(p + 85, (1 << 14) | (1 << 5));
     /* 13=flush_cache_ext,12=flush_cache,10=lba48 */
     put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10));
     put_le16(p + 87, (1 << 14));
diff -r f536eb8576ee -r d0477293897c tools/ioemu/target-i386-dm/exec-dm.c
--- a/tools/ioemu/target-i386-dm/exec-dm.c      Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/ioemu/target-i386-dm/exec-dm.c      Thu Jul 12 09:53:58 2007 +0100
@@ -446,18 +446,16 @@ extern unsigned long logdirty_bitmap_siz
 #if defined(__x86_64__) || defined(__i386__)
 static void memcpy_words(void *dst, void *src, size_t n)
 {
-    asm (
+    asm volatile (
         "   movl %%edx,%%ecx \n"
 #ifdef __x86_64__
         "   shrl $3,%%ecx    \n"
-        "   andl $7,%%edx    \n"
         "   rep  movsq       \n"
         "   test $4,%%edx    \n"
         "   jz   1f          \n"
         "   movsl            \n"
 #else /* __i386__ */
         "   shrl $2,%%ecx    \n"
-        "   andl $3,%%edx    \n"
         "   rep  movsl       \n"
 #endif
         "1: test $2,%%edx    \n"
@@ -467,7 +465,7 @@ static void memcpy_words(void *dst, void
         "   jz   1f          \n"
         "   movsb            \n"
         "1:                  \n"
-        : : "S" (src), "D" (dst), "d" (n) : "ecx" );
+        : "+S" (src), "+D" (dst) : "d" (n) : "ecx", "memory" );
 }
 #else
 static void memcpy_words(void *dst, void *src, size_t n)
diff -r f536eb8576ee -r d0477293897c tools/ioemu/vl.c
--- a/tools/ioemu/vl.c  Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/ioemu/vl.c  Thu Jul 12 09:53:58 2007 +0100
@@ -7141,13 +7141,8 @@ int main(int argc, char **argv)
         serial_devices[i][0] = '\0';
     serial_device_index = 0;
 
-#ifndef CONFIG_DM
     pstrcpy(parallel_devices[0], sizeof(parallel_devices[0]), "vc");
     for(i = 1; i < MAX_PARALLEL_PORTS; i++)
-#else
-    /* Xen steals IRQ7 for PCI. Disable LPT1 by default. */
-    for(i = 0; i < MAX_PARALLEL_PORTS; i++)
-#endif
         parallel_devices[i][0] = '\0';
     parallel_device_index = 0;
     
diff -r f536eb8576ee -r d0477293897c tools/libxc/xc_domain.c
--- a/tools/libxc/xc_domain.c   Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/libxc/xc_domain.c   Thu Jul 12 09:53:58 2007 +0100
@@ -586,6 +586,27 @@ int xc_domain_ioport_permission(int xc_h
     domctl.u.ioport_permission.allow_access = allow_access;
 
     return do_domctl(xc_handle, &domctl);
+}
+
+int xc_availheap(int xc_handle,
+                 int min_width,
+                 int max_width,
+                 int node,
+                 uint64_t *bytes)
+{
+    DECLARE_SYSCTL;
+    int rc;
+
+    sysctl.cmd = XEN_SYSCTL_availheap;
+    sysctl.u.availheap.min_bitwidth = min_width;
+    sysctl.u.availheap.max_bitwidth = max_width;
+    sysctl.u.availheap.node = node;
+
+    rc = xc_sysctl(xc_handle, &sysctl);
+
+    *bytes = sysctl.u.availheap.avail_bytes;
+
+    return rc;
 }
 
 int xc_vcpu_setcontext(int xc_handle,
diff -r f536eb8576ee -r d0477293897c tools/libxc/xenctrl.h
--- a/tools/libxc/xenctrl.h     Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/libxc/xenctrl.h     Thu Jul 12 09:53:58 2007 +0100
@@ -628,6 +628,20 @@ int xc_get_pfn_type_batch(int xc_handle,
 /* Get current total pages allocated to a domain. */
 long xc_get_tot_pages(int xc_handle, uint32_t domid);
 
+/**
+ * This function retrieves the the number of bytes available
+ * in the heap in a specific range of address-widths and nodes.
+ * 
+ * @parm xc_handle a handle to an open hypervisor interface
+ * @parm domid the domain to query
+ * @parm min_width the smallest address width to query (0 if don't care)
+ * @parm max_width the largest address width to query (0 if don't care)
+ * @parm node the node to query (-1 for all)
+ * @parm *bytes caller variable to put total bytes counted
+ * @return 0 on success, <0 on failure.
+ */
+int xc_availheap(int xc_handle, int min_width, int max_width, int node,
+                 uint64_t *bytes);
 
 /*
  * Trace Buffer Operations
diff -r f536eb8576ee -r d0477293897c 
tools/libxen/include/xen/api/xen_acmpolicy.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/include/xen/api/xen_acmpolicy.h      Thu Jul 12 09:53:58 
2007 +0100
@@ -0,0 +1,117 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ */
+
+#ifndef XEN_ACMPOLICY_H
+#define XEN_ACMPOLICY_H
+
+#include "xen_common.h"
+#include "xen_string_string_map.h"
+#include "xen_xspolicy_decl.h"
+#include "xen_vm_decl.h"
+
+/*
+ * Data structures.
+ */
+
+typedef struct xen_acmpolicy_record
+{
+    xen_xspolicy handle;
+    char *uuid;
+    char *repr;
+    xs_instantiationflags flags;
+    xs_type type;
+} xen_acmpolicy_record;
+
+/**
+ * Allocate a xen_acmpolicy_record.
+ */
+extern xen_acmpolicy_record *
+xen_acmpolicy_record_alloc(void);
+
+/**
+ * Free the given xen_xspolicy_record, and all referenced values.  The
+ * given record must have been allocated by this library.
+ */
+extern void
+xen_acmpolicy_record_free(xen_acmpolicy_record *record);
+
+
+/**
+ * Data structures for the policy's header
+ */
+typedef struct xen_acm_header
+{
+    char *policyname;
+    char *policyurl;
+    char *date;
+    char *reference;
+    char *namespaceurl;
+    char *version;
+} xen_acm_header;
+
+extern xen_acm_header *
+xen_acm_header_alloc(void);
+
+extern void
+xen_acm_header_free(xen_acm_header *hdr);
+
+/**
+ * Get the referenced policy's record.
+ */
+bool
+xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result,
+                         xen_xspolicy xspolicy);
+
+/**
+ * Get the header of a  policy.
+ */
+extern bool
+xen_acmpolicy_get_header(xen_session *session, xen_acm_header **hdr,
+                         xen_xspolicy xspolicy);
+
+
+/**
+ * Get the XML representation of the policy.
+ */
+extern bool
+xen_acmpolicy_get_xml(xen_session *session, char **xml,
+                      xen_xspolicy xspolicy);
+
+/**
+ * Get the mapping file of the policy.
+ */
+extern bool
+xen_acmpolicy_get_map(xen_session *session, char **map,
+                      xen_xspolicy xspolicy);
+
+/**
+ * Get the binary representation (base64-encoded) of the policy.
+ */
+extern bool
+xen_acmpolicy_get_binary(xen_session *session, char **binary,
+                         xen_xspolicy xspolicy);
+
+/**
+ * Get the UUID filed of the given policy.
+ */
+bool
+xen_acmpolicy_get_uuid(xen_session *session, char **result,
+                       xen_xspolicy xspolicy);
+
+#endif
diff -r f536eb8576ee -r d0477293897c tools/libxen/include/xen/api/xen_vdi.h
--- a/tools/libxen/include/xen/api/xen_vdi.h    Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/libxen/include/xen/api/xen_vdi.h    Thu Jul 12 09:53:58 2007 +0100
@@ -344,4 +344,17 @@ xen_vdi_get_all(xen_session *session, st
 xen_vdi_get_all(xen_session *session, struct xen_vdi_set **result);
 
 
+/**
+ * Set the security label of a VDI.
+ */
+extern bool
+xen_vdi_set_security_label(xen_session *session, int64_t *result, xen_vdi vdi,
+                           char *label, char *oldlabel);
+
+/**
+ * Get the security label of a VDI.
+ */
+extern bool
+xen_vdi_get_security_label(xen_session *session, char **result, xen_vdi vdi);
+
 #endif
diff -r f536eb8576ee -r d0477293897c tools/libxen/include/xen/api/xen_vm.h
--- a/tools/libxen/include/xen/api/xen_vm.h     Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/libxen/include/xen/api/xen_vm.h     Thu Jul 12 09:53:58 2007 +0100
@@ -112,6 +112,7 @@ typedef struct xen_vm_record
     bool is_control_domain;
     struct xen_vm_metrics_record_opt *metrics;
     struct xen_vm_guest_metrics_record_opt *guest_metrics;
+    char *security_label;
 } xen_vm_record;
 
 /**
@@ -891,4 +892,17 @@ xen_vm_get_all(xen_session *session, str
 xen_vm_get_all(xen_session *session, struct xen_vm_set **result);
 
 
+/**
+ * Set the security label of a domain.
+ */
+extern bool
+xen_vm_set_security_label(xen_session *session, int64_t *result, xen_vm vm,
+                          char *label, char *oldlabel);
+
+/**
+ * Get the security label of a domain.
+ */
+extern bool
+xen_vm_get_security_label(xen_session *session, char **result, xen_vm vm);
+
 #endif
diff -r f536eb8576ee -r d0477293897c tools/libxen/include/xen/api/xen_xspolicy.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/include/xen/api/xen_xspolicy.h       Thu Jul 12 09:53:58 
2007 +0100
@@ -0,0 +1,271 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ */
+
+#ifndef XEN_XSPOLICY_H
+#define XEN_XSPOLICY_H
+
+#include "xen_common.h"
+#include "xen_xspolicy_decl.h"
+#include "xen_string_string_map.h"
+
+
+/*
+ * The XSPolicy and associated data structures.
+ *
+ */
+typedef int64_t xs_type;
+typedef int64_t xs_instantiationflags;
+
+enum xs_type {
+    XS_POLICY_ACM = (1 << 0),
+};
+
+enum xs_instantiationflags {
+    XS_INST_NONE = 0,
+    XS_INST_BOOT = (1 << 0),
+    XS_INST_LOAD = (1 << 1),
+};
+
+
+/* Error codes returned by xend following XSPolicy operations */
+#define XSERR_BASE                       0x1000
+
+#define XSERR_SUCCESS                    0
+#define XSERR_GENERAL_FAILURE            1 + XSERR_BASE
+#define XSERR_BAD_XML                    2 + XSERR_BASE
+#define XSERR_XML_PROCESSING             3 + XSERR_BASE
+#define XSERR_POLICY_INCONSISTENT        4 + XSERR_BASE
+#define XSERR_FILE_ERROR                 5 + XSERR_BASE
+#define XSERR_BAD_RESOURCE_FORMAT        6 + XSERR_BASE
+#define XSERR_BAD_LABEL_FORMAT           7 + XSERR_BASE
+#define XSERR_RESOURCE_NOT_LABELED       8 + XSERR_BASE
+#define XSERR_RESOURCE_ALREADY_LABELED   9 + XSERR_BASE
+#define XSERR_WRONG_POLICY_TYPE         10 + XSERR_BASE
+#define XSERR_BOOTPOLICY_INSTALLED      11 + XSERR_BASE
+#define XSERR_NO_DEFAULT_BOOT_TITLE     12 + XSERR_BASE
+#define XSERR_POLICY_LOAD_FAILED        13 + XSERR_BASE
+#define XSERR_POLICY_LOADED             14 + XSERR_BASE
+#define XSERR_POLICY_TYPE_UNSUPPORTED   15 + XSERR_BASE
+#define XSERR_BAD_CONFLICTSET           20 + XSERR_BASE
+#define XSERR_RESOURCE_IN_USE           21 + XSERR_BASE
+#define XSERR_BAD_POLICY_NAME           22 + XSERR_BASE
+#define XSERR_RESOURCE_ACCESS           23 + XSERR_BASE
+#define XSERR_HV_OP_FAILED              24 + XSERR_BASE
+#define XSERR_BOOTPOLICY_INSTALL_ERROR  25 + XSERR_BASE
+
+
+/**
+ * Free the given xen_xspolicy.  The given handle must have been allocated
+ * by this library.
+ */
+extern void
+xen_xspolicy_free(xen_xspolicy xspolicy);
+
+
+typedef struct xen_xspolicy_set
+{
+    size_t size;
+    xen_xspolicy *contents[];
+} xen_xspolicy_set;
+
+/**
+ * Allocate a xen_xspolicy_set of the given size.
+ */
+extern xen_xspolicy_set *
+xen_xspolicy_set_alloc(size_t size);
+
+/**
+ * Free the given xen_xspolicy_set.  The given set must have been allocated
+ * by this library.
+ */
+extern void
+xen_xspolicy_set_free(xen_xspolicy_set *set);
+
+
+typedef struct xen_xspolicy_record
+{
+    xen_xspolicy handle;
+    char *uuid;
+    char *repr;
+    xs_instantiationflags flags;
+    xs_type type;
+} xen_xspolicy_record;
+
+/**
+ * Allocate a xen_xspolicy_record.
+ */
+extern xen_xspolicy_record *
+xen_xspolicy_record_alloc(void);
+
+/**
+ * Free the given xen_xspolicy_record, and all referenced values.  The
+ * given record must have been allocated by this library.
+ */
+extern void
+xen_xspolicy_record_free(xen_xspolicy_record *record);
+
+
+typedef struct xen_xspolicy_record_opt
+{
+    bool is_record;
+    union
+    {
+        xen_xspolicy handle;
+        xen_xspolicy_record *record;
+    } u;
+} xen_xspolicy_record_opt;
+
+/**
+ * Allocate a xen_xspolicy_record_opt.
+ */
+extern xen_xspolicy_record_opt *
+xen_xspolicy_record_opt_alloc(void);
+
+/**
+ * Free the given xen_xspolicy_record_opt, and all referenced values.  The
+ * given record_opt must have been allocated by this library.
+ */
+extern void
+xen_xspolicy_record_opt_free(xen_xspolicy_record_opt *record_opt);
+
+
+typedef struct xen_xspolicy_record_set
+{
+    size_t size;
+    xen_xspolicy_record *contents[];
+} xen_xspolicy_record_set;
+
+/**
+ * Allocate a xen_xspolicy_record_set of the given size.
+ */
+extern xen_xspolicy_record_set *
+xen_xspolicy_record_set_alloc(size_t size);
+
+/**
+ * Free the given xen_xspolicy_record_set, and all referenced values.  The
+ * given set must have been allocated by this library.
+ */
+extern void
+xen_xspolicy_record_set_free(xen_xspolicy_record_set *set);
+
+/**
+ * Data structures and function declarations for an XS Policy's state
+ * information.
+ */
+typedef struct xen_xs_policystate
+{
+    xen_xspolicy_record_opt *xs_ref;
+    int64_t xserr;
+    char *repr;
+    xs_type type;
+    xs_instantiationflags flags;
+    char *version;
+    char *errors;
+} xen_xs_policystate;
+
+void
+xen_xs_policystate_free(xen_xs_policystate *state);
+
+
+/**
+ * Get the referenced policy's record.
+ */
+bool
+xen_xspolicy_get_record(xen_session *session, xen_xspolicy_record **result,
+                        xen_xspolicy xspolicy);
+
+/**
+ * Get the UUID field of the given policy.
+ */
+bool
+xen_xspolicy_get_uuid(xen_session *session, char **result,
+                      xen_xspolicy xspolicy);
+
+/**
+ * Get a policy given it's UUID
+ */
+bool
+xen_xspolicy_get_by_uuid(xen_session *session, xen_xspolicy *result,
+                         char *uuid);
+
+
+/**
+ * Get the types of policies supported by the system.
+ */
+bool
+xen_xspolicy_get_xstype(xen_session *session, xs_type *result);
+
+
+/**
+ * Get information about the currently managed policy.
+ * (The API allows only one policy to be on the system.)
+ */
+bool
+xen_xspolicy_get_xspolicy(xen_session *session, xen_xs_policystate **result);
+
+/**
+ * Activate the referenced policy by loading it into the hypervisor.
+ */
+bool
+xen_xspolicy_activate_xspolicy(xen_session *session, int64_t *result,
+                               xen_xspolicy xspolicy,
+                               xs_instantiationflags flags);
+
+
+/**
+ * Set the system's policy to the given information comprising
+ * type of policy, the xml representation of the policy, some flags
+ * on whether to load the policy immediately and whether to overwrite
+ * an existing policy on the system.
+ */
+bool
+xen_xspolicy_set_xspolicy(xen_session *session, xen_xs_policystate **result,
+                          xs_type type, char *repr, int64_t flags,
+                          bool overwrite);
+
+
+/**
+ * Remove any policy from having the system booted with.
+ */
+extern bool
+xen_xspolicy_rm_xsbootpolicy(xen_session *session);
+
+/**
+ * Retrieve all labeled resources.
+ */
+extern bool
+xen_xspolicy_get_labeled_resources(xen_session *session,
+                                   xen_string_string_map **resources);
+
+/**
+ * Label a resource such as for example a hard drive partition or file
+ */
+extern bool
+xen_xspolicy_set_resource_label(xen_session *session,
+                                char *resource, char *label,
+                                char *oldlabel);
+
+/**
+ * Get the label of a resource.
+ */
+extern bool
+xen_xspolicy_get_resource_label(xen_session *session, char **label,
+                                char *resource);
+
+#endif
diff -r f536eb8576ee -r d0477293897c 
tools/libxen/include/xen/api/xen_xspolicy_decl.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/include/xen/api/xen_xspolicy_decl.h  Thu Jul 12 09:53:58 
2007 +0100
@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ */
+
+#ifndef XEN_XSPOLICY_DECL_H
+#define XEN_XSPOLICY_DECL_H
+
+typedef void *xen_xspolicy;
+
+struct xen_xspolicy_set;
+struct xen_xspolicy_record;
+struct xen_xspolicy_record_set;
+struct xen_xspolicy_record_opt;
+struct xen_xspolicy_record_opt_set;
+
+#endif
diff -r f536eb8576ee -r d0477293897c tools/libxen/src/xen_acmpolicy.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/src/xen_acmpolicy.c  Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ */
+
+
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "xen_internal.h"
+#include "xen/api/xen_common.h"
+#include "xen/api/xen_xspolicy.h"
+#include "xen/api/xen_acmpolicy.h"
+
+
+static const struct_member xen_acmpolicy_record_struct_members[] =
+    {
+        { .key = "uuid",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_acmpolicy_record, uuid) },
+        { .key = "flags",
+          .type = &abstract_type_int,
+          .offset = offsetof(xen_acmpolicy_record, flags) },
+        { .key = "repr",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_acmpolicy_record, repr) },
+        { .key = "type",
+          .type = &abstract_type_int,
+          .offset = offsetof(xen_acmpolicy_record, type) },
+    };
+
+const abstract_type xen_acmpolicy_record_abstract_type_ =
+    {
+       .typename = STRUCT,
+       .struct_size = sizeof(xen_acmpolicy_record),
+       .member_count =
+          sizeof(xen_acmpolicy_record_struct_members) / sizeof(struct_member),
+       .members = xen_acmpolicy_record_struct_members
+    };
+
+
+static const struct_member xen_acm_header_struct_members[] =
+    {
+        { .key = "policyname",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_acm_header, policyname) },
+        { .key = "policyurl",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_acm_header, policyurl) },
+        { .key = "date",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_acm_header, date) },
+        { .key = "reference",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_acm_header, reference) },
+        { .key = "namespaceurl",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_acm_header, namespaceurl) },
+        { .key = "version",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_acm_header, version) },
+    };
+
+const abstract_type xen_acm_header_abstract_type_ =
+    {
+        .typename = STRUCT,
+        .struct_size = sizeof(xen_acm_header),
+        .member_count =
+            sizeof(xen_acm_header_struct_members) /
+            sizeof(struct_member),
+        .members = xen_acm_header_struct_members,
+    };
+
+void
+xen_acm_header_free(xen_acm_header *shdr)
+{
+    if (shdr == NULL)
+    {
+        return;
+    }
+    free(shdr->policyname);
+    free(shdr->policyurl);
+    free(shdr->date);
+    free(shdr->reference);
+    free(shdr->namespaceurl);
+    free(shdr->version);
+    free(shdr);
+}
+
+
+void
+xen_acmpolicy_record_free(xen_acmpolicy_record *record)
+{
+    if (record == NULL)
+    {
+        return;
+    }
+    free(record->handle);
+    free(record->uuid);
+    free(record->repr);
+    free(record);
+}
+
+
+
+bool
+xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result,
+                         xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy }
+        };
+
+    abstract_type result_type = xen_acmpolicy_record_abstract_type_;
+
+    *result = NULL;
+    XEN_CALL_("ACMPolicy.get_record");
+
+    if (session->ok)
+    {
+       (*result)->handle = xen_strdup_((*result)->uuid);
+    }
+
+    return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_header(xen_session *session,
+                         xen_acm_header **result,
+                         xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy },
+        };
+
+    abstract_type result_type = xen_acm_header_abstract_type_;
+
+    *result = NULL;
+    XEN_CALL_("ACMPolicy.get_header");
+    return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_xml(xen_session *session,
+                      char **result,
+                      xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy },
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("ACMPolicy.get_xml");
+    return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_map(xen_session *session,
+                      char **result,
+                      xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy },
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("ACMPolicy.get_map");
+    return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_binary(xen_session *session, char **result,
+                         xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy },
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("ACMPolicy.get_binary");
+    return session->ok;
+}
+
+
+bool
+xen_acmpolicy_get_uuid(xen_session *session, char **result,
+                       xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy }
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("ACMPolicy.get_uuid");
+    return session->ok;
+}
diff -r f536eb8576ee -r d0477293897c tools/libxen/src/xen_vdi.c
--- a/tools/libxen/src/xen_vdi.c        Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/libxen/src/xen_vdi.c        Thu Jul 12 09:53:58 2007 +0100
@@ -534,3 +534,42 @@ xen_vdi_get_uuid(xen_session *session, c
     XEN_CALL_("VDI.get_uuid");
     return session->ok;
 }
+
+
+bool
+xen_vdi_set_security_label(xen_session *session, int64_t *result, xen_vdi vdi,
+                           char *label, char *oldlabel)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = vdi },
+            { .type = &abstract_type_string,
+              .u.string_val = label },
+            { .type = &abstract_type_string,
+              .u.string_val = oldlabel },
+        };
+
+    abstract_type result_type = abstract_type_int;
+
+    *result = 0;
+    XEN_CALL_("VDI.set_security_label");
+    return session->ok;
+}
+
+
+bool
+xen_vdi_get_security_label(xen_session *session, char **result, xen_vdi vdi)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = vdi },
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("VDI.get_security_label");
+    return session->ok;
+}
diff -r f536eb8576ee -r d0477293897c tools/libxen/src/xen_vm.c
--- a/tools/libxen/src/xen_vm.c Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/libxen/src/xen_vm.c Thu Jul 12 09:53:58 2007 +0100
@@ -162,7 +162,10 @@ static const struct_member xen_vm_record
           .offset = offsetof(xen_vm_record, metrics) },
         { .key = "guest_metrics",
           .type = &abstract_type_ref,
-          .offset = offsetof(xen_vm_record, guest_metrics) }
+          .offset = offsetof(xen_vm_record, guest_metrics) },
+        { .key = "security_label",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_vm_record, security_label) }
     };
 
 const abstract_type xen_vm_record_abstract_type_ =
@@ -206,6 +209,7 @@ xen_vm_record_free(xen_vm_record *record
     xen_string_string_map_free(record->other_config);
     xen_vm_metrics_record_opt_free(record->metrics);
     xen_vm_guest_metrics_record_opt_free(record->guest_metrics);
+    free(record->security_label);
     free(record);
 }
 
@@ -1738,3 +1742,42 @@ xen_vm_get_uuid(xen_session *session, ch
     XEN_CALL_("VM.get_uuid");
     return session->ok;
 }
+
+
+bool
+xen_vm_set_security_label(xen_session *session, int64_t *result, xen_vm vm,
+                          char *label, char *oldlabel)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = vm },
+            { .type = &abstract_type_string,
+              .u.string_val = label },
+            { .type = &abstract_type_string,
+              .u.string_val = oldlabel },
+        };
+
+    abstract_type result_type = abstract_type_int;
+
+    *result = 0;
+    XEN_CALL_("VM.set_security_label");
+    return session->ok;
+}
+
+
+bool
+xen_vm_get_security_label(xen_session *session, char **result, xen_vm vm)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = vm },
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("VM.get_security_label");
+    return session->ok;
+}
diff -r f536eb8576ee -r d0477293897c tools/libxen/src/xen_xspolicy.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxen/src/xen_xspolicy.c   Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,327 @@
+/*
+ * Copyright (c) 2007, IBM Corp.
+ * Copyright (c) 2007, XenSource Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
+ */
+
+
+#include <stddef.h>
+#include <stdlib.h>
+
+#include "xen/api/xen_common.h"
+#include "xen/api/xen_internal.h"
+#include "xen/api/xen_xspolicy.h"
+
+
+XEN_FREE(xen_xspolicy)
+XEN_SET_ALLOC_FREE(xen_xspolicy)
+XEN_RECORD_OPT_FREE(xen_xspolicy)
+
+static const struct_member xen_xspolicy_record_struct_members[] =
+    {
+        { .key = "uuid",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_xspolicy_record, uuid) },
+        { .key = "flags",
+          .type = &abstract_type_int,
+          .offset = offsetof(xen_xspolicy_record, flags) },
+        { .key = "repr",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_xspolicy_record, repr) },
+        { .key = "type",
+          .type = &abstract_type_int,
+          .offset = offsetof(xen_xspolicy_record, type) },
+    };
+
+const abstract_type xen_xspolicy_record_abstract_type_ =
+    {
+       .typename = STRUCT,
+       .struct_size = sizeof(xen_xspolicy_record),
+       .member_count =
+           sizeof(xen_xspolicy_record_struct_members) / sizeof(struct_member),
+       .members = xen_xspolicy_record_struct_members
+    };
+
+
+static const struct_member xen_xs_policystate_struct_members[] =
+    {
+        { .key = "xs_ref",
+          .type = &abstract_type_ref,
+          .offset = offsetof(xen_xs_policystate, xs_ref) },
+        { .key = "xserr",
+          .type = &abstract_type_int,
+          .offset = offsetof(xen_xs_policystate, xserr) },
+        { .key = "repr",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_xs_policystate, repr) },
+        { .key = "type",
+          .type = &abstract_type_int,
+          .offset = offsetof(xen_xs_policystate, type) },
+        { .key = "flags",
+          .type = &abstract_type_int,
+          .offset = offsetof(xen_xs_policystate, flags) },
+        { .key = "version",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_xs_policystate, version) },
+        { .key = "errors",
+          .type = &abstract_type_string,
+          .offset = offsetof(xen_xs_policystate, errors) },
+    };
+
+const abstract_type xen_xs_policystate_abstract_type_ =
+    {
+        .typename = STRUCT,
+        .struct_size = sizeof(xen_xs_policystate),
+        .member_count =
+            sizeof(xen_xs_policystate_struct_members) /
+            sizeof(struct_member),
+        .members = xen_xs_policystate_struct_members,
+    };
+
+
+
+
+void
+xen_xs_policystate_free(xen_xs_policystate *state)
+{
+    if (state == NULL)
+    {
+        return;
+    }
+    xen_xspolicy_record_opt_free(state->xs_ref);
+    free(state->repr);
+    free(state->errors);
+    free(state->version);
+    free(state);
+}
+
+
+void
+xen_xspolicy_record_free(xen_xspolicy_record *record)
+{
+    if (record == NULL)
+    {
+        return;
+    }
+    free(record->handle);
+    free(record->uuid);
+    free(record->repr);
+    free(record);
+}
+
+
+bool
+xen_xspolicy_get_record(xen_session *session, xen_xspolicy_record **result,
+                        xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy }
+        };
+
+    abstract_type result_type = xen_xspolicy_record_abstract_type_;
+
+    *result = NULL;
+    XEN_CALL_("XSPolicy.get_record");
+
+    if (session->ok)
+    {
+       (*result)->handle = xen_strdup_((*result)->uuid);
+    }
+
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_uuid(xen_session *session, char **result,
+                      xen_xspolicy xspolicy)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy }
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("XSPolicy.get_uuid");
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_by_uuid(xen_session *session, xen_xspolicy *result,
+                         char *uuid)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = uuid }
+        };
+
+    abstract_type result_type = abstract_type_string;
+
+    *result = NULL;
+    XEN_CALL_("XSPolicy.get_by_uuid");
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_xstype(xen_session *session, xs_type *result)
+{
+    abstract_value param_values[] =
+        {
+        };
+
+    abstract_type result_type = abstract_type_int;
+
+    *result = 0;
+    XEN_CALL_("XSPolicy.get_xstype");
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_set_xspolicy(xen_session *session, xen_xs_policystate **result,
+                          xs_type type, char *repr,
+                          xs_instantiationflags flags,
+                          bool overwrite)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_int,
+              .u.int_val = type },
+            { .type = &abstract_type_string,
+              .u.string_val = repr },
+            { .type = &abstract_type_int,
+              .u.int_val = flags },
+            { .type = &abstract_type_bool,
+              .u.bool_val = overwrite }
+        };
+
+    abstract_type result_type = xen_xs_policystate_abstract_type_;
+
+    *result = NULL;
+    XEN_CALL_("XSPolicy.set_xspolicy");
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_xspolicy(xen_session *session, xen_xs_policystate **result)
+{
+    abstract_value param_values[] =
+        {
+        };
+
+    abstract_type result_type = xen_xs_policystate_abstract_type_;
+
+    *result = NULL;
+    XEN_CALL_("XSPolicy.get_xspolicy");
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_labeled_resources(xen_session *session,
+                                   xen_string_string_map **result)
+{
+    abstract_value param_values[] =
+        {
+        };
+
+    abstract_type result_type = abstract_type_string_string_map;
+
+    *result = NULL;
+    XEN_CALL_("XSPolicy.get_labeled_resources");
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_set_resource_label(xen_session *session,
+                                char *resource, char *label,
+                                char *oldlabel)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = resource },
+            { .type = &abstract_type_string,
+              .u.string_val = label },
+            { .type = &abstract_type_string,
+              .u.string_val = oldlabel },
+        };
+
+    xen_call_(session, "XSPolicy.set_resource_label", param_values, 3,
+                       NULL, NULL);
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_get_resource_label(xen_session *session, char **result,
+                                char *resource)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = resource },
+        };
+
+    abstract_type result_type = abstract_type_string;
+    XEN_CALL_("XSPolicy.get_resource_label");
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_rm_xsbootpolicy(xen_session *session)
+{
+    abstract_value param_values[] =
+        {
+        };
+
+    xen_call_(session, "XSPolicy.rm_xsbootpolicy", param_values, 0,
+                       NULL, NULL);
+    return session->ok;
+}
+
+
+bool
+xen_xspolicy_activate_xspolicy(xen_session *session,
+                               xs_instantiationflags *result,
+                               xen_xspolicy xspolicy,
+                               xs_instantiationflags flags)
+{
+    abstract_value param_values[] =
+        {
+            { .type = &abstract_type_string,
+              .u.string_val = xspolicy },
+            { .type = &abstract_type_int,
+              .u.int_val = flags },
+        };
+
+    abstract_type result_type = abstract_type_int;
+
+    *result = 0;
+    XEN_CALL_("XSPolicy.activate_xspolicy");
+    return session->ok;
+}
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xend/XendDomain.py
--- a/tools/python/xen/xend/XendDomain.py       Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xend/XendDomain.py       Thu Jul 12 09:53:58 2007 +0100
@@ -1164,6 +1164,10 @@ class XendDomain:
 
         if dominfo.getDomid() == DOM0_ID:
             raise XendError("Cannot dump core for privileged domain %s" % 
domid)
+        if dominfo._stateGet() not in (DOM_STATE_PAUSED, DOM_STATE_RUNNING):
+            raise VMBadState("Domain '%s' is not started" % domid,
+                             POWER_STATE_NAMES[DOM_STATE_PAUSED],
+                             POWER_STATE_NAMES[dominfo._stateGet()])
 
         try:
             log.info("Domain core dump requested for domain %s (%d) "
@@ -1537,6 +1541,10 @@ class XendDomain:
         dominfo = self.domain_lookup_nr(domid)
         if not dominfo:
             raise XendInvalidDomain(str(domid))
+        if dominfo._stateGet() not in (DOM_STATE_RUNNING, DOM_STATE_PAUSED):
+            raise VMBadState("Domain '%s' is not started" % domid,
+                             POWER_STATE_NAMES[DOM_STATE_RUNNING],
+                             POWER_STATE_NAMES[dominfo._stateGet()])
         if trigger_name.lower() in TRIGGER_TYPE: 
             trigger = TRIGGER_TYPE[trigger_name.lower()]
         else:
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/activatepolicy.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/python/xen/xm/activatepolicy.py     Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,86 @@
+#============================================================================
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of version 2.1 of the GNU Lesser General Public
+# License as published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#============================================================================
+# Copyright (C) 2007 International Business Machines Corp.
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#============================================================================
+
+"""Activate the managed policy of the system.
+"""
+
+import sys
+from xen.util import xsconstants
+from xml.dom import minidom
+from xen.xm.opts import OptionError
+from xen.xm import getpolicy
+from xen.xm import main as xm_main
+from xen.xm.main import server
+
+def help():
+    return """
+    Usage: xm activatepolicy [options]
+
+    Activate the xend-managed policy.
+
+    The following options are defined:
+      --load     Load the policy into the hypervisor.
+      --boot     Have the system boot with the policy. Changes the default
+                 title in grub.conf.
+      --noboot   Remove the policy from the default entry in grub.conf.
+    """
+
+def activate_policy(flags):
+    policystate = server.xenapi.XSPolicy.get_xspolicy()
+    xs_ref = policystate['xs_ref']
+    if int(policystate['type']) == 0 or xs_ref == "":
+        print "No policy is installed."
+        return
+    rc = int(server.xenapi.XSPolicy.activate_xspolicy(xs_ref, flags))
+    if rc == flags:
+        print "Successfully activated the policy."
+    else:
+        print "An error occurred trying to activate the policy: %s" % \
+              xsconstants.xserr2string(rc)
+
+def remove_bootpolicy():
+    server.xenapi.XSPolicy.rm_xsbootpolicy()
+
+def main(argv):
+    if xm_main.serverType != xm_main.SERVER_XEN_API:
+        raise OptionError('xm needs to be configured to use the xen-api.')
+    flags = 0
+    c = 1
+
+    while c < len(argv):
+        if '--boot' == argv[c]:
+            flags |= xsconstants.XS_INST_BOOT
+        elif '--load' == argv[c]:
+            flags |= xsconstants.XS_INST_LOAD
+        elif '--noboot' == argv[c]:
+            remove_bootpolicy()
+        else:
+            raise OptionError("Unknown command line option '%s'" % argv[c])
+        c += 1
+
+    if flags != 0:
+        activate_policy(flags)
+
+    getpolicy.getpolicy(False)
+
+if __name__ == '__main__':
+    try:
+        main(sys.argv)
+    except Exception, e:
+        sys.stderr.write('Error: %s\n' % str(e))
+        sys.exit(-1)
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/addlabel.py
--- a/tools/python/xen/xm/addlabel.py   Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/addlabel.py   Thu Jul 12 09:53:58 2007 +0100
@@ -25,17 +25,29 @@ from xen.util import dictio
 from xen.util import dictio
 from xen.util import security
 from xen.xm.opts import OptionError
+from xen.util import xsconstants
+from xen.xm import main as xm_main
+from xen.xm.main import server
 
 def help():
     return """
     Format: xm addlabel <label> dom <configfile> [<policy>]
-            xm addlabel <label> res <resource> [<policy>]
+            xm addlabel <label> mgt <domain name> [<policy type>:<policy>]
+            xm addlabel <label> res <resource> [[<policy type>:]<policy>]
     
     This program adds an acm_label entry into the 'configfile'
-    for a domain or to the global resource label file for a
-    resource. It derives the policy from the running hypervisor
+    for a domain or allows to label a xend-managed domain.
+    The global resource label file for is extended with labels for
+    resources. It derives the policy from the running hypervisor
     if it is not given (optional parameter). If a label already
-    exists for the given domain or resource, then addlabel fails."""
+    exists for the given domain or resource, then addlabel fails.
+
+    For xend-managed domains, the 'mgt' parameter should be used and
+    the 'xm' tool must have been configured to use the xen-api for
+    communication with xen. If a policy is provided as last parameter,
+    its type must also be given. Currently only one type of policy is
+    supported and identified as 'ACM'. An example for a valid string
+    is 'ACM:xm-test'. """
 
 
 def validate_config_file(configfile):
@@ -66,32 +78,47 @@ def validate_config_file(configfile):
         return 1
 
 
-def add_resource_label(label, resource, policyref):
+def add_resource_label(label, resource, policyref, policy_type):
     """Adds a resource label to the global resource label file.
     """
-    # sanity check: make sure this label can be instantiated later on
-    ssidref = security.label2ssidref(label, policyref, 'res')
-
-    #build canonical resource name
-    resource = security.unify_resname(resource)
-
-    # see if this resource is already in the file
-    access_control = {}
-    file = security.res_label_filename
-    try:
-        access_control = dictio.dict_read("resources", file)
-    except:
-        print "Resource file not found, creating new file at:"
-        print "%s" % (file)
-
-    if access_control.has_key(resource):
-        security.err("This resource is already labeled.")
-
-    # write the data to file
-    new_entry = { resource : tuple([policyref, label]) }
-    access_control.update(new_entry)
-    dictio.dict_write(access_control, "resources", file)
-
+
+    if xm_main.serverType != xm_main.SERVER_XEN_API:
+
+        # sanity check: make sure this label can be instantiated later on
+        ssidref = security.label2ssidref(label, policyref, 'res')
+
+        #build canonical resource name
+        resource = security.unify_resname(resource,mustexist=False)
+
+        # see if this resource is already in the file
+        access_control = {}
+        fil = security.res_label_filename
+        try:
+            access_control = dictio.dict_read("resources", fil)
+        except:
+            print "Resource file not found, creating new file at:"
+            print "%s" % (fil)
+
+        if access_control.has_key(resource):
+            security.err("This resource is already labeled.")
+
+        # write the data to file
+        new_entry = { resource : tuple([policy_type, policyref, label]) }
+        access_control.update(new_entry)
+        dictio.dict_write(access_control, "resources", fil)
+    else:
+        res = [ policy_type, policyref, label ]
+        res_xapi = security.format_resource_label(res)
+        old = server.xenapi.XSPolicy.get_resource_label(resource)
+        if old == "":
+            try:
+                server.xenapi.XSPolicy.set_resource_label(resource,
+                                                          res_xapi,
+                                                          "")
+            except Exception, e:
+                security.err("Could not label this resource: %s" % e)
+        else:
+            security.err("'%s' is already labeled with '%s'" % (resource,old))
 
 def add_domain_label(label, configfile, policyref):
     # sanity checks: make sure this label can be instantiated later on
@@ -109,9 +136,35 @@ def add_domain_label(label, configfile, 
     config_fd.write(new_label)
     config_fd.close()
 
+def add_domain_label_xapi(label, domainname, policyref, policy_type):
+    if xm_main.serverType != xm_main.SERVER_XEN_API:
+        raise OptionError('Xm must be configured to use the xen-api.')
+    uuids = server.xenapi.VM.get_by_name_label(domainname)
+    if len(uuids) == 0:
+        raise OptionError('A VM with that name does not exist.')
+    if len(uuids) != 1:
+        raise OptionError('There are multiple domains with the same name.')
+    uuid = uuids[0]
+    sec_lab = "%s:%s:%s" % (policy_type, policyref, label)
+    try:
+        old_lab = server.xenapi.VM.get_security_label(uuid)
+        rc = server.xenapi.VM.set_security_label(uuid, sec_lab, old_lab)
+    except:
+        rc = -1
+    if int(rc) < 0:
+        raise OptionError('Could not label domain.')
+    else:
+        ssidref = int(rc)
+        if ssidref != 0:
+            print "Set the label of domain '%s' to '%s'. New ssidref = %08x" % 
\
+                  (domainname,label,ssidref)
+        else:
+            print "Set the label of dormant domain '%s' to '%s'." % \
+                  (domainname,label)
 
 def main(argv):
     policyref = None
+    policy_type = ""
     if len(argv) not in (4, 5):
         raise OptionError('Needs either 2 or 3 arguments')
     
@@ -121,6 +174,7 @@ def main(argv):
         policyref = argv[4]
     elif security.on():
         policyref = security.active_policy
+        policy_type = xsconstants.ACM_POLICY_ID
     else:
         raise OptionError("No active policy. Must specify policy on the "
                           "command line.")
@@ -136,11 +190,27 @@ def main(argv):
             raise OptionError('Invalid config file')
         else:
             add_domain_label(label, configfile, policyref)
+    elif argv[2].lower() == "mgt":
+        domain = argv[3]
+        if policy_type == "":
+            tmp = policyref.split(":")
+            if len(tmp) != 2:
+                raise OptionError("Policy name in wrong format.")
+            policy_type, policyref = tmp
+        add_domain_label_xapi(label, domain, policyref, policy_type)
     elif argv[2].lower() == "res":
         resource = argv[3]
-        add_resource_label(label, resource, policyref)
-    else:
-        raise OptionError('Need to specify either "dom" or "res" as '
+        if policy_type == "":
+            tmp = policyref.split(":")
+            if len(tmp) == 1:
+                policy_type = xsconstants.ACM_POLICY_ID
+            elif len(tmp) == 2:
+                policy_type, policyref = tmp
+            else:
+                raise OptionError("Policy name in wrong format.")
+        add_resource_label(label, resource, policyref, policy_type)
+    else:
+        raise OptionError('Need to specify either "dom", "mgt" or "res" as '
                           'object to add label to.')
             
 if __name__ == '__main__':
@@ -149,6 +219,3 @@ if __name__ == '__main__':
     except Exception, e:
         sys.stderr.write('Error: %s\n' % str(e))
         sys.exit(-1)
-    
-
-
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/cfgbootpolicy.py
--- a/tools/python/xen/xm/cfgbootpolicy.py      Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/cfgbootpolicy.py      Thu Jul 12 09:53:58 2007 +0100
@@ -31,7 +31,11 @@ from xen.util.security import boot_filen
 from xen.util.security import boot_filename, altboot_filename
 from xen.util.security import any_title_re, xen_kernel_re, any_module_re
 from xen.util.security import empty_line_re, binary_name_re, policy_name_re
+from xen.util import xsconstants
 from xen.xm.opts import OptionError
+from xen.xm import main as xm_main
+from xen.xm.main import server
+from xen.util.acmpolicy import ACMPolicy
 
 def help():
     return """
@@ -144,6 +148,39 @@ def insert_policy(boot_file, alt_boot_fi
         pass
     return extended_titles[0]
 
+def cfgbootpolicy_xapi(policy, user_title=None):
+    xstype = int(server.xenapi.XSPolicy.get_xstype())
+    if xstype & xsconstants.XS_POLICY_ACM == 0:
+        raise OptionError("ACM policy not supported on system.")
+    if user_title:
+        raise OptionError("Only the default title is supported with Xen-API.")
+
+    policystate = server.xenapi.XSPolicy.get_xspolicy()
+    if int(policystate['type']) == 0:
+        print "No policy is installed."
+        return
+
+    if int(policystate['type']) != xsconstants.XS_POLICY_ACM:
+        print "Unknown policy type '%s'." % policystate['type']
+        return
+    else:
+        xml = policystate['repr']
+        xs_ref = policystate['xs_ref']
+        if not xml:
+            OptionError("No policy installed on system?")
+        acmpol = ACMPolicy(xml=xml)
+        if acmpol.get_name() != policy:
+            OptionError("Policy installed on system '%s' does not match the "
+                        "request policy '%s'" % (acmpol.get_name(), policy))
+        flags = int(policystate['flags']) | xsconstants.XS_INST_BOOT
+        rc = int(server.xenapi.XSPolicy.activate_xspolicy(xs_ref, flags))
+        if rc == flags:
+            print "Successfully enabled the policy for having the system" \
+                  " booted with."
+        else:
+            print "An error occurred during the operation: %s" % \
+                  xsconstants.xserr2string(rc)
+
 
 def main(argv):
     user_kver = None
@@ -159,24 +196,27 @@ def main(argv):
     if not policy_name_re.match(policy):
         raise OptionError("Illegal policy name: '%s'" % policy)
 
-    policy_file = '/'.join([policy_dir_prefix] + policy.split('.'))
-    src_binary_policy_file = policy_file + ".bin"
-    #check if .bin exists or if policy file exists
-    if not os.path.isfile(src_binary_policy_file):
-        if not os.path.isfile(policy_file + "-security_policy.xml"):
-            raise OptionError("Unknown policy '%s'" % policy)
-        else:
-            err_msg = "Cannot find binary file for policy '%s'." % policy
-            err_msg += " Please use makepolicy to create binary file."
-            raise OptionError(err_msg)
-    
-    dst_binary_policy_file = "/boot/" + policy + ".bin"
-    shutil.copyfile(src_binary_policy_file, dst_binary_policy_file)
-    
-    entryname = insert_policy(boot_filename, altboot_filename,
-                              user_title, policy)
-    print "Boot entry '%s' extended and \'%s\' copied to /boot" \
-          % (entryname, policy + ".bin")
+    if xm_main.serverType == xm_main.SERVER_XEN_API:
+        cfgbootpolicy_xapi(policy)
+    else:
+        policy_file = '/'.join([policy_dir_prefix] + policy.split('.'))
+        src_binary_policy_file = policy_file + ".bin"
+        #check if .bin exists or if policy file exists
+        if not os.path.isfile(src_binary_policy_file):
+            if not os.path.isfile(policy_file + "-security_policy.xml"):
+                raise OptionError("Unknown policy '%s'" % policy)
+            else:
+                err_msg = "Cannot find binary file for policy '%s'." % policy
+                err_msg += " Please use makepolicy to create binary file."
+                raise OptionError(err_msg)
+    
+        dst_binary_policy_file = "/boot/" + policy + ".bin"
+        shutil.copyfile(src_binary_policy_file, dst_binary_policy_file)
+    
+        entryname = insert_policy(boot_filename, altboot_filename,
+                                  user_title, policy)
+        print "Boot entry '%s' extended and \'%s\' copied to /boot" \
+              % (entryname, policy + ".bin")
 
 if __name__ == '__main__':
     try:
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/create.dtd
--- a/tools/python/xen/xm/create.dtd    Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/create.dtd    Thu Jul 12 09:53:58 2007 +0100
@@ -38,6 +38,7 @@
                  memory,
                  vbd*,
                  vif*,
+                 vtpm*,
                  console*,
                  platform*,
                  vcpu_param*,
@@ -49,7 +50,8 @@
                  actions_after_shutdown %NORMAL_EXIT; #REQUIRED 
                  actions_after_reboot   %NORMAL_EXIT; #REQUIRED
                  actions_after_crash    %CRASH_BEHAVIOUR; #REQUIRED
-                 PCI_bus                CDATA #REQUIRED> 
+                 PCI_bus                CDATA #REQUIRED
+                 security_label         CDATA #IMPLIED>
 
 <!ELEMENT memory EMPTY> 
 <!ATTLIST memory static_min      CDATA #REQUIRED
@@ -73,6 +75,9 @@
                  device          CDATA       #REQUIRED
                  qos_algorithm_type CDATA    #REQUIRED
                  network         CDATA       #IMPLIED> 
+
+<!ELEMENT vtpm   (name*)>
+<!ATTLIST vtpm   backend         CDATA #REQUIRED>
 
 <!ELEMENT console (other_config*)>
 <!ATTLIST console protocol       (vt100|rfb|rdp) #REQUIRED>
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py     Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/create.py     Thu Jul 12 09:53:58 2007 +0100
@@ -643,22 +643,12 @@ def configure_security(config, vals):
                                  ['policy', policy],
                                  ['label', label] ]
 
-        #ssidref cannot be specified together with access_control
-        if sxp.child_value(config, 'ssidref'):
-            err("ERROR: SSIDREF and access_control are mutually exclusive but 
both specified!")
-        #else calculate ssidre from label
+        #calculate ssidref from label
         ssidref = security.label2ssidref(label, policy, 'dom')
         if not ssidref :
             err("ERROR calculating ssidref from access_control.")
         security_label = ['security', [ config_access_control, ['ssidref' , 
ssidref ] ] ]
         config.append(security_label)
-    elif num == 0:
-        if hasattr(vals, 'ssidref'):
-            if not security.on():
-                err("ERROR: Security ssidref specified but no policy active.")
-            ssidref = getattr(vals, 'ssidref')
-            security_label = ['security', [ [ 'ssidref' , int(ssidref) ] ] ]
-            config.append(security_label)
     elif num > 1:
         err("VM config error: Multiple access_control definitions!")
 
@@ -1231,13 +1221,13 @@ def config_security_check(config, verbos
 
         except security.ACMError:
             print "   %s: DENIED" % (resource)
-            (res_label, res_policy) = security.get_res_label(resource)
+            (poltype, res_label, res_policy) = security.get_res_label(resource)
             if not res_label:
                 res_label = ""
-            print "   --> res: %s (%s)" % (str(res_label),
-                                           str(res_policy))
-            print "   --> dom: %s (%s)" % (str(domain_label),
-                                           str(domain_policy))
+            print "   --> res: %s (%s:%s)" % (str(res_label),
+                                           str(poltype), str(res_policy))
+            print "   --> dom: %s (%s:%s)" % (str(domain_label),
+                                           str(poltype), str(domain_policy))
 
             answer = 0
 
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/getlabel.py
--- a/tools/python/xen/xm/getlabel.py   Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/getlabel.py   Thu Jul 12 09:53:58 2007 +0100
@@ -21,14 +21,19 @@ import sys, os, re
 import sys, os, re
 from xen.util import dictio
 from xen.util import security
+from xen.util import xsconstants
 from xen.xm.opts import OptionError
+from xen.xm import main as xm_main
+from xen.xm.main import server
 
 def help():
     return """
     Usage: xm getlabel dom <configfile>
+           xm getlabel mgt <domain name>
            xm getlabel res <resource>
            
-    This program shows the label for a domain or resource."""
+    This program shows the label for a domain, resource or virtual network
+    interface of a Xend-managed domain."""
 
 def get_resource_label(resource):
     """Gets the resource label
@@ -37,17 +42,24 @@ def get_resource_label(resource):
     resource = security.unify_resname(resource)
 
     # read in the resource file
-    file = security.res_label_filename
+    fil = security.res_label_filename
     try:
-        access_control = dictio.dict_read("resources", file)
+        access_control = dictio.dict_read("resources", fil)
     except:
         raise OptionError("Resource label file not found")
 
     # get the entry and print label
     if access_control.has_key(resource):
-        policy = access_control[resource][0]
-        label = access_control[resource][1]
-        print "policy="+policy+",label="+label
+        tmp = access_control[resource]
+        if len(tmp) == 2:
+            policy, label = tmp
+            policytype = xsconstants.ACM_POLICY_ID
+        elif len(tmp) == 3:
+            policytype, policy, label = tmp
+        else:
+            raise security.ACMError("Resource not properly labeled. "
+                                    "Please relabel the resource.")
+        print policytype+":"+policy+":"+label
     else:
         raise security.ACMError("Resource not labeled")
 
@@ -89,8 +101,19 @@ def get_domain_label(configfile):
     data = data.strip()
     data = data.lstrip("[\'")
     data = data.rstrip("\']")
-    print data
+    print "policytype=%s," % xsconstants.ACM_POLICY_ID + data
 
+def get_domain_label_xapi(domainname):
+    if xm_main.serverType != xm_main.SERVER_XEN_API:
+        raise OptionError('xm needs to be configure to use the xen-api.')
+    uuids = server.xenapi.VM.get_by_name_label(domainname)
+    if len(uuids) == 0:
+        raise OptionError('A VM with that name does not exist.')
+    if len(uuids) != 1:
+        raise OptionError('There are multiple domains with the same name.')
+    uuid = uuids[0]
+    sec_lab = server.xenapi.VM.get_security_label(uuid)
+    print "%s" %sec_lab
 
 def main(argv):
     if len(argv) != 3:
@@ -99,11 +122,15 @@ def main(argv):
     if argv[1].lower() == "dom":
         configfile = argv[2]
         get_domain_label(configfile)
+    elif argv[1].lower() == "mgt":
+        domainname = argv[2]
+        get_domain_label_xapi(domainname)
     elif argv[1].lower() == "res":
         resource = argv[2]
         get_resource_label(resource)
     else:
-        raise OptionError('First subcommand argument must be "dom" or "res"')
+        raise OptionError('First subcommand argument must be "dom"'
+                          ', "mgt" or "res"')
 
 if __name__ == '__main__':
     try:
@@ -111,6 +138,4 @@ if __name__ == '__main__':
     except Exception, e:
         sys.stderr.write('Error: %s\n' % str(e))
         sys.exit(-1)
-        
 
-
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/getpolicy.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/python/xen/xm/getpolicy.py  Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,94 @@
+#============================================================================
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of version 2.1 of the GNU Lesser General Public
+# License as published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#============================================================================
+# Copyright (C) 2007 International Business Machines Corp.
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#============================================================================
+
+"""Get the managed policy of the system.
+"""
+
+import sys
+from xen.util import xsconstants
+from xml.dom import minidom
+from xen.xm.opts import OptionError
+from xen.util.acmpolicy import ACMPolicy
+from xen.xm import main as xm_main
+from xen.xm.main import server
+
+def help():
+    return """
+    Usage: xm getpolicy [options]
+
+    The following options are defined
+      --dumpxml     Display the XML of the policy
+
+    Get the policy managed by xend."""
+
+def getpolicy(dumpxml):
+    if xm_main.serverType != xm_main.SERVER_XEN_API:
+        raise OptionError('xm needs to be configured to use the xen-api.')
+    types = []
+    xstype = int(server.xenapi.XSPolicy.get_xstype())
+    if xstype & xsconstants.XS_POLICY_ACM:
+        types.append("ACM")
+        xstype ^= xsconstants.XS_POLICY_ACM
+    if xstype != 0:
+        types.append("unsupported (%08x)" % xstype)
+    print "Supported security subsystems   : %s \n" % ", ".join(types)
+
+    policystate = server.xenapi.XSPolicy.get_xspolicy()
+    if int(policystate['type']) == 0:
+        print "No policy is installed."
+        return
+    if int(policystate['type']) != xsconstants.XS_POLICY_ACM:
+        print "Unknown policy type '%s'." % policystate['type']
+    else:
+        xml = policystate['repr']
+        acmpol = None
+        if xml:
+            acmpol = ACMPolicy(xml=xml)
+        print "Policy installed on the system:"
+        if acmpol:
+            print "Policy name           : %s" % acmpol.get_name()
+        print "Policy type           : %s" % xsconstants.ACM_POLICY_ID
+        print "Reference             : %s" % policystate['xs_ref']
+        print "Version of XML policy : %s" % policystate['version']
+        state = []
+        flags = int(policystate['flags'])
+        if flags & xsconstants.XS_INST_LOAD:
+            state.append("loaded")
+        if flags & xsconstants.XS_INST_BOOT:
+            state.append("system booted with")
+        print "State of the policy   : %s" % ", ".join(state)
+        if dumpxml:
+            xml = policystate['repr']
+            if xml:
+                dom = minidom.parseString(xml.encode("utf-8"))
+                print "%s" % dom.toprettyxml(indent="   ",newl="\n")
+
+def main(argv):
+    dumpxml = False
+
+    if '--dumpxml' in argv:
+        dumpxml = True
+
+    getpolicy(dumpxml)
+
+if __name__ == '__main__':
+    try:
+        main(sys.argv)
+    except Exception, e:
+        sys.stderr.write('Error: %s\n' % str(e))
+        sys.exit(-1)
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/labels.py
--- a/tools/python/xen/xm/labels.py     Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/labels.py     Thu Jul 12 09:53:58 2007 +0100
@@ -24,6 +24,10 @@ from xen.util.security import ACMError, 
 from xen.util.security import ACMError, err, list_labels, active_policy
 from xen.util.security import vm_label_re, res_label_re, all_label_re
 from xen.xm.opts import OptionError
+from xen.util.acmpolicy import ACMPolicy
+from xen.util import xsconstants
+from xen.xm.main import server
+from xen.xm import main as xm_main
 
 
 def help():
@@ -48,6 +52,12 @@ def main(argv):
         else:
             raise OptionError('Unrecognised option: %s' % arg)
 
+    if xm_main.serverType != xm_main.SERVER_XEN_API:
+        labels(policy, ptype)
+    else:
+        labels_xapi(policy, ptype)
+
+def labels(policy, ptype):
     if not policy:
         policy = active_policy
         if active_policy in ['NULL', 'INACTIVE', 'DEFAULT']:
@@ -73,7 +83,30 @@ def main(argv):
     except:
         traceback.print_exc(limit = 1)
 
+def labels_xapi(policy, ptype):
+    policystate = server.xenapi.XSPolicy.get_xspolicy()
+    if int(policystate['type']) == xsconstants.XS_POLICY_ACM:
+        acmpol = ACMPolicy(xml=policystate['repr'])
+        if policy and policy != acmpol.get_name():
+            print "Warning: '%s' is not the currently loaded policy." % policy
+            return labels(policy, ptype)
+        names1 = []
+        names2 = []
+        if not ptype or ptype == 'dom' or ptype == 'any':
+            names1 = acmpol.policy_get_virtualmachinelabel_names()
+        if ptype == 'res' or ptype == 'any':
+            names2 = acmpol.policy_get_resourcelabel_names()
+        if len(names1) > 0:
+            names = set(names1)
+            names.union(names2)
+        else:
+            names = set(names2)
+        for n in names:
+            print n
+    elif int(policystate['type']) == 0:
+        print "No policy installed on the system."
+    else:
+        print "Unsupported type of policy installed on the system."
+
 if __name__ == '__main__':
     main(sys.argv)
-
-
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/loadpolicy.py
--- a/tools/python/xen/xm/loadpolicy.py Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/loadpolicy.py Thu Jul 12 09:53:58 2007 +0100
@@ -22,6 +22,11 @@ import traceback
 import traceback
 from xen.util.security import ACMError, err, load_policy
 from xen.xm.opts import OptionError
+from xen.xm import main as xm_main
+from xen.util import xsconstants
+from xen.xm.activatepolicy import activate_policy
+from xen.xm.main import server
+from xen.util.acmpolicy import ACMPolicy
 
 def help():
     return """Load the compiled binary (.bin) policy into the running
@@ -30,8 +35,31 @@ def main(argv):
 def main(argv):
     if len(argv) != 2:
         raise OptionError('No policy defined')
-    
-    load_policy(argv[1])
+    if xm_main.serverType == xm_main.SERVER_XEN_API:
+        policy = argv[1]
+        print "This command is deprecated for use with Xen-API " \
+              "configuration. Consider using\n'xm activatepolicy'."
+        policystate = server.xenapi.XSPolicy.get_xspolicy()
+        if int(policystate['type']) == 0:
+            print "No policy is installed."
+            return
+
+        if int(policystate['type']) != xsconstants.XS_POLICY_ACM:
+            print "Unknown policy type '%s'." % policystate['type']
+            return
+        else:
+            xml = policystate['repr']
+            xs_ref = policystate['xs_ref']
+            if not xml:
+                OptionError("No policy installed on system?")
+            acmpol = ACMPolicy(xml=xml)
+            if acmpol.get_name() != policy:
+                OptionError("Policy installed on system '%s' does not match"\
+                            " the request policy '%s'" % \
+                            (acmpol.get_name(), policy))
+            activate_policy(xsconstants.XS_INST_LOAD)
+    else:
+        load_policy(argv[1])
 
 if __name__ == '__main__':
     try:
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/main.py
--- a/tools/python/xen/xm/main.py       Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/main.py       Thu Jul 12 09:53:58 2007 +0100
@@ -50,6 +50,7 @@ from xen.xm.opts import OptionError, Opt
 from xen.xm.opts import OptionError, Opts, wrap, set_true
 from xen.xm import console
 from xen.util.xmlrpcclient import ServerProxy
+from xen.util.security import ACMError
 
 import XenAPI
 
@@ -171,11 +172,12 @@ SUBCOMMAND_HELP = {
 
     # security
 
-    'addlabel'      :  ('<label> {dom <ConfigFile>|res <resource>} [<policy>]',
+    'addlabel'      :  ('<label> {dom <ConfigFile>|res <resource>|mgt <managed 
domain>}\n'
+                        '                   [<policy>]',
                         'Add security label to domain.'),
-    'rmlabel'       :  ('{dom <ConfigFile>|res <Resource>}',
+    'rmlabel'       :  ('{dom <ConfigFile>|res <Resource>|mgt<managed 
domain>}',
                         'Remove a security label from domain.'),
-    'getlabel'      :  ('{dom <ConfigFile>|res <Resource>}',
+    'getlabel'      :  ('{dom <ConfigFile>|res <Resource>|mgt <managed 
domain>}',
                         'Show security label for domain or resource.'),
     'dry-run'       :  ('<ConfigFile>',
                         'Test if a domain can access its resources.'),
@@ -186,6 +188,10 @@ SUBCOMMAND_HELP = {
     'loadpolicy'    :  ('<policy.bin>', 'Load binary policy into hypervisor.'),
     'makepolicy'    :  ('<policy>', 'Build policy and create .bin/.map '
                         'files.'),
+    'setpolicy'     :  ('<policytype> <policyfile> [options]',
+                        'Set the policy of the system.'),
+    'getpolicy'     :  ('[options]', 'Get the policy of the system.'),
+    'activatepolicy':  ('[options]', 'Activate the xend-managed policy.'),
     'labels'        :  ('[policy] [type=dom|res|any]',
                         'List <type> labels for (active) policy.'),
     'serve'         :  ('', 'Proxy Xend XMLRPC over stdio.'),
@@ -343,6 +349,9 @@ acm_commands = [
     "loadpolicy",
     "cfgbootpolicy",
     "dumppolicy",
+    "activatepolicy",
+    "setpolicy",
+    "getpolicy",
     ]
 
 all_commands = (domain_commands + host_commands + scheduler_commands +
@@ -861,13 +870,17 @@ def parse_doms_info(info):
         'up_time'  : up_time
         }
 
-    # We're not supporting security stuff just yet via XenAPI
-
     if serverType != SERVER_XEN_API:
         from xen.util import security
         parsed_info['seclabel'] = security.get_security_printlabel(info)
     else:
-        parsed_info['seclabel'] = ""
+        label = get_info('security_label', unicode, '')
+        tmp = label.split(":")
+        if len(tmp) != 3:
+            label = ""
+        else:
+            label = tmp[2]
+        parsed_info['seclabel'] = label
 
     if serverType == SERVER_XEN_API:
         parsed_info['mem'] = get_info('memory_actual', int, 0) / 1024
@@ -925,28 +938,26 @@ def xm_brief_list(doms):
         print format % d
 
 def xm_label_list(doms):
-    print '%-32s %5s %5s %5s %5s %9s %-8s' % \
+    print '%-32s %5s %5s %5s %10s %9s %-8s' % \
           ('Name', 'ID', 'Mem', 'VCPUs', 'State', 'Time(s)', 'Label')
     
     output = []
     format = '%(name)-32s %(domid)5s %(mem)5d %(vcpus)5d %(state)10s ' \
              '%(cpu_time)8.1f %(seclabel)9s'
 
-    if serverType != SERVER_XEN_API:
-        from xen.util import security
+    from xen.util import security
         
-        for dom in doms:
-            d = parse_doms_info(dom)
-
-            if security.active_policy not in ['INACTIVE', 'NULL', 'DEFAULT']:
-                if not d['seclabel']:
-                    d['seclabel'] = 'ERROR'
-            elif security.active_policy in ['DEFAULT']:
-                d['seclabel'] = 'DEFAULT'
-            else:
-                d['seclabel'] = 'INACTIVE'
-
-            output.append((format % d, d['seclabel']))
+    for dom in doms:
+        d = parse_doms_info(dom)
+        if security.active_policy not in ['INACTIVE', 'NULL', 'DEFAULT']:
+            if not d['seclabel']:
+                d['seclabel'] = 'ERROR'
+        elif security.active_policy in ['DEFAULT']:
+            d['seclabel'] = 'DEFAULT'
+        else:
+            d['seclabel'] = 'INACTIVE'
+
+        output.append((format % d, d['seclabel']))
         
     #sort by labels
     output.sort(lambda x,y: cmp( x[1].lower(), y[1].lower()))
@@ -1989,16 +2000,24 @@ def xm_block_list(args):
                    % ni)
 
 def xm_vtpm_list(args):
-    xenapi_unsupported()
     (use_long, params) = arg_check_for_resource_list(args, "vtpm-list")
 
     dom = params[0]
+
+    if serverType == SERVER_XEN_API:
+        vtpm_refs = server.xenapi.VM.get_VTPMs(get_single_vm(dom))
+        vtpm_properties = \
+            map(server.xenapi.VTPM.get_runtime_properties, vtpm_refs)
+        devs = map(lambda (handle, properties): [handle, map2sxp(properties)],
+                   zip(range(len(vtpm_properties)), vtpm_properties))
+    else:
+        devs = server.xend.domain.getDeviceSxprs(dom, 'vtpm')
+
     if use_long:
-        devs = server.xend.domain.getDeviceSxprs(dom, 'vtpm')
         map(PrettyPrint.prettyprint, devs)
     else:
         hdr = 0
-        for x in server.xend.domain.getDeviceSxprs(dom, 'vtpm'):
+        for x in devs:
             if hdr == 0:
                 print 'Idx  BE handle state evt-ch ring-ref BE-path'
                 hdr = 1
@@ -2440,6 +2459,9 @@ IMPORTED_COMMANDS = [
     'getlabel',
     'dry-run',
     'resources',
+    'getpolicy',
+    'setpolicy',
+    'activatepolicy',
     ]
 
 for c in IMPORTED_COMMANDS:
@@ -2563,6 +2585,8 @@ def _run_cmd(cmd, cmd_name, args):
         print e.usage
     except XenAPIUnsupportedException, e:
         err(str(e))
+    except ACMError, e:
+        err(str(e))
     except Exception, e:
         if serverType != SERVER_XEN_API:
            from xen.util import security
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/makepolicy.py
--- a/tools/python/xen/xm/makepolicy.py Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/makepolicy.py Thu Jul 12 09:53:58 2007 +0100
@@ -20,7 +20,10 @@ import sys
 import sys
 import traceback
 from xen.util.security import ACMError, err, make_policy
+from xen.util import xsconstants
 from xen.xm.opts import OptionError
+from xen.xm import main as xm_main
+from xen.xm.setpolicy import setpolicy
 
 def usage():
     print "\nUsage: xm makepolicy <policy>\n"
@@ -32,8 +35,13 @@ def main(argv):
 def main(argv):
     if len(argv) != 2:
         raise OptionError('No XML policy file specified')
-
-    make_policy(argv[1])
+    if xm_main.serverType == xm_main.SERVER_XEN_API:
+        print "This command is deprecated for use with Xen-API " \
+              "configuration. Consider using\n'xm setpolicy'."
+        setpolicy(xsconstants.ACM_POLICY_ID, argv[1],
+                  xsconstants.XS_INST_LOAD, True)
+    else:
+        make_policy(argv[1])
 
 if __name__ == '__main__':
     try:
@@ -41,5 +49,3 @@ if __name__ == '__main__':
     except Exception, e:
         sys.stderr.write('Error: %s\n' % str(e))
         sys.exit(-1)
-
-
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/resources.py
--- a/tools/python/xen/xm/resources.py  Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/resources.py  Thu Jul 12 09:53:58 2007 +0100
@@ -21,7 +21,10 @@ import sys
 import sys
 from xen.util import dictio
 from xen.util import security
+from xen.util import xsconstants
 from xen.xm.opts import OptionError
+from xen.xm import main as xm_main
+from xen.xm.main import server
 
 def help():
     return """
@@ -32,20 +35,32 @@ def print_resource_data(access_control):
     """Prints out a resource dictionary to stdout
     """
     for resource in access_control:
-        (policy, label) = access_control[resource]
+        tmp = access_control[resource]
+        if len(tmp) == 2:
+            policytype = xsconstants.ACM_POLICY_ID
+            (policy, label) = access_control[resource]
+        elif len(tmp) == 3:
+            policytype, policy, label = access_control[resource]
         print resource
-        print "    policy: "+policy
-        print "    label:  "+label
+        print "      type: "+ policytype
+        print "    policy: "+ policy
+        print "    label:  "+ label
 
 def main (argv):
     if len(argv) > 1:
         raise OptionError("No arguments required")
-    
-    try:
-        filename = security.res_label_filename
-        access_control = dictio.dict_read("resources", filename)
-    except:
-        raise OptionError("Resource file not found")
+
+    if xm_main.serverType == xm_main.SERVER_XEN_API:
+        access_control = server.xenapi.XSPolicy.get_labeled_resources()
+        for key, value in access_control.items():
+            access_control[key] = tuple(value.split(':'))
+    else:
+        try:
+            filename = security.res_label_filename
+            access_control = dictio.dict_read("resources", filename)
+            print access_control
+        except:
+            raise OptionError("Resource file not found")
 
     print_resource_data(access_control)
 
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/rmlabel.py
--- a/tools/python/xen/xm/rmlabel.py    Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/rmlabel.py    Thu Jul 12 09:53:58 2007 +0100
@@ -22,35 +22,52 @@ from xen.util import dictio
 from xen.util import dictio
 from xen.util import security
 from xen.xm.opts import OptionError
+from xen.xm import main as xm_main
+from xen.xm.main import server
 
 def help():
     return """
     Example: xm rmlabel dom <configfile>
              xm rmlabel res <resource>
+             xm rmlabel mgt <domain name>
 
     This program removes an acm_label entry from the 'configfile'
-    for a domain or from the global resource label file for a
-    resource. If the label does not exist for the given domain or
-    resource, then rmlabel fails."""
+    for a domain, from a Xend-managed domain, from the global resource label
+    file for a resource or from the virtual network interface of a Xend-managed
+    domain. If the label does not exist for the given domain or resource, then
+    rmlabel fails."""
 
 
 def rm_resource_label(resource):
     """Removes a resource label from the global resource label file.
     """
+    # Try Xen-API first if configured to use it
+    if xm_main.serverType == xm_main.SERVER_XEN_API:
+        try:
+            oldlabel = server.xenapi.XSPolicy.get_resource_label(resource)
+            if oldlabel != "":
+                server.xenapi.XSPolicy.set_resource_label(resource,"",
+                                                          oldlabel)
+            else:
+                raise security.ACMError("Resource not labeled")
+        except Exception, e:
+            print "Could not remove label from resource: %s" % e
+        return
+
     #build canonical resource name
     resource = security.unify_resname(resource)
 
     # read in the resource file
-    file = security.res_label_filename
+    fil = security.res_label_filename
     try:
-        access_control = dictio.dict_read("resources", file)
+        access_control = dictio.dict_read("resources", fil)
     except:
         raise security.ACMError("Resource file not found, cannot remove 
label!")
 
     # remove the entry and update file
     if access_control.has_key(resource):
         del access_control[resource]
-        dictio.dict_write(access_control, "resources", file)
+        dictio.dict_write(access_control, "resources", fil)
     else:
         raise security.ACMError("Resource not labeled")
 
@@ -58,15 +75,15 @@ def rm_domain_label(configfile):
 def rm_domain_label(configfile):
     # open the domain config file
     fd = None
-    file = None
+    fil = None
     if configfile[0] == '/':
-        file = configfile
-        fd = open(file, "rb")
+        fil = configfile
+        fd = open(fil, "rb")
     else:
         for prefix in [".", "/etc/xen"]:
-            file = prefix + "/" + configfile
-            if os.path.isfile(file):
-                fd = open(file, "rb")
+            fil = prefix + "/" + configfile
+            if os.path.isfile(fil):
+                fd = open(fil, "rb")
                 break
     if not fd:
         raise OptionError("Configuration file '%s' not found." % configfile)
@@ -93,9 +110,24 @@ def rm_domain_label(configfile):
         raise security.ACMError('Domain not labeled')
 
     # write the data back out to the file
-    fd = open(file, "wb")
+    fd = open(fil, "wb")
     fd.writelines(file_contents)
     fd.close()
+
+def rm_domain_label_xapi(domainname):
+    if xm_main.serverType != xm_main.SERVER_XEN_API:
+        raise OptionError('Need to be configure for using xen-api.')
+    uuids = server.xenapi.VM.get_by_name_label(domainname)
+    if len(uuids) == 0:
+        raise OptionError('A VM with that name does not exist.')
+    if len(uuids) != 1:
+        raise OptionError('Too many domains with the same name.')
+    uuid = uuids[0]
+    try:
+        old_lab = server.xenapi.VM.get_security_label(uuid)
+        server.xenapi.VM.set_security_label(uuid, "", old_lab)
+    except Exception, e:
+        print('Could not remove label from domain: %s' % e)
 
 
 def main (argv):
@@ -103,12 +135,15 @@ def main (argv):
     if len(argv) != 3:
         raise OptionError('Requires 2 arguments')
     
-    if argv[1].lower() not in ('dom', 'res'):
+    if argv[1].lower() not in ('dom', 'mgt', 'res'):
         raise OptionError('Unrecognised type argument: %s' % argv[1])
 
     if argv[1].lower() == "dom":
         configfile = argv[2]
         rm_domain_label(configfile)
+    elif argv[1].lower() == "mgt":
+        domain = argv[2]
+        rm_domain_label_xapi(domain)
     elif argv[1].lower() == "res":
         resource = argv[2]
         rm_resource_label(resource)
@@ -119,5 +154,3 @@ if __name__ == '__main__':
     except Exception, e:
         sys.stderr.write('Error: %s\n' % str(e))
         sys.exit(-1)    
-
-
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/setpolicy.py
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/python/xen/xm/setpolicy.py  Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,117 @@
+#============================================================================
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of version 2.1 of the GNU Lesser General Public
+# License as published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#============================================================================
+# Copyright (C) 2007 International Business Machines Corp.
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#============================================================================
+
+"""Get the managed policy of the system.
+"""
+
+import base64
+import struct
+import sys
+import string
+from xen.util import xsconstants
+from xen.xm.opts import OptionError
+from xen.util.security import policy_dir_prefix
+from xen.xm import main as xm_main
+from xen.xm.main import server
+
+def help():
+    return """
+    Usage: xm setpolicy <policytype> <policy> [options]
+
+    Set the policy managed by xend.
+
+    The only policytype that is currently supported is 'ACM'.
+
+    The following options are defined
+      --load     Load the policy immediately
+      --boot     Have the system load the policy during boot
+    """
+
+def setpolicy(policytype, policy_name, flags, overwrite):
+    if xm_main.serverType != xm_main.SERVER_XEN_API:
+        raise OptionError('xm needs to be configured to use the xen-api.')
+    if policytype != xsconstants.ACM_POLICY_ID:
+        raise OptionError("Unsupported policytype '%s'." % policytype)
+    else:
+        xs_type = xsconstants.XS_POLICY_ACM
+
+        policy_file = policy_dir_prefix + "/" + \
+                      string.join(string.split(policy_name, "."), "/")
+        policy_file += "-security_policy.xml"
+
+        try:
+            f = open(policy_file,"r")
+            xml = f.read(-1)
+            f.close()
+        except:
+            raise OptionError("Not a valid policy file")
+
+        try:
+            policystate = server.xenapi.XSPolicy.set_xspolicy(xs_type,
+                                                              xml,
+                                                              flags,
+                                                              overwrite)
+        except Exception, e:
+            print "An error occurred setting the policy: %s" % str(e)
+            return
+        xserr = int(policystate['xserr'])
+        if xserr != 0:
+            print "An error occurred trying to set the policy: %s" % \
+                  xsconstants.xserr2string(abs(xserr))
+            errors = policystate['errors']
+            if len(errors) > 0:
+                print "Hypervisor reported errors:"
+                err = base64.b64decode(errors)
+                i = 0
+                while i + 7 < len(err):
+                    code, data = struct.unpack("!ii", errors[i:i+8])
+                    print "(0x%08x, 0x%08x)" % (code, data)
+                    i += 8
+        else:
+            print "Successfully set the new policy."
+
+
+def main(argv):
+    if len(argv) < 3:
+       raise OptionError("Need at least 3 arguments.")
+
+    if "-?" in argv:
+        help()
+        return
+
+    policytype  = argv[1]
+    policy_name = argv[2]
+
+    flags = 0
+    if '--load' in argv:
+        flags |= xsconstants.XS_INST_LOAD
+    if '--boot' in argv:
+        flags |= xsconstants.XS_INST_BOOT
+
+    overwrite = True
+    if '--nooverwrite' in argv:
+        overwrite = False
+
+    setpolicy(policytype, policy_name, flags, overwrite)
+
+if __name__ == '__main__':
+    try:
+        main(sys.argv)
+    except Exception, e:
+        sys.stderr.write('Error: %s\n' % str(e))
+        sys.exit(-1)
diff -r f536eb8576ee -r d0477293897c tools/python/xen/xm/xenapi_create.py
--- a/tools/python/xen/xm/xenapi_create.py      Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/python/xen/xm/xenapi_create.py      Thu Jul 12 09:53:58 2007 +0100
@@ -25,6 +25,7 @@ from xen.xend.XendAPIConstants import XE
 from xen.xend.XendAPIConstants import XEN_API_ON_NORMAL_EXIT, \
      XEN_API_ON_CRASH_BEHAVIOUR
 from xen.xm.opts import OptionError
+from xen.util import xsconstants
 
 import sys
 import os
@@ -308,6 +309,12 @@ class xenapi_create:
                ""
             }
 
+        if vm.attributes.has_key("security_label"):
+            vm_record.update({
+                "security_label":
+                    vm.attributes["security_label"].value
+                })
+
         if len(vm.getElementsByTagName("pv")) > 0:
             vm_record.update({
                 "PV_bootloader":
@@ -348,6 +355,12 @@ class xenapi_create:
 
             self.create_vifs(vm_ref, vifs, networks)
 
+            # Now create vtpms
+
+            vtpms = vm.getElementsByTagName("vtpm")
+
+            self.create_vtpms(vm_ref, vtpms)
+
             # Now create consoles
 
             consoles = vm.getElementsByTagName("console")
@@ -441,6 +454,21 @@ class xenapi_create:
             self._network_refs = server.xenapi.network.get_all()
             return self._network_refs.pop(0)
 
+    def create_vtpms(self, vm_ref, vtpms):
+        if len(vtpms) > 1:
+            vtpms = [ vtpms[0] ]
+        log(DEBUG, "create_vtpms")
+        return map(lambda vtpm: self.create_vtpm(vm_ref, vtpm), vtpms)
+
+    def create_vtpm(self, vm_ref, vtpm):
+        vtpm_record = {
+            "VM":
+                vm_ref,
+            "backend":
+                vtpm.attributes["backend"].value
+        }
+        return server.xenapi.VTPM.create(vtpm_record)
+
     def create_consoles(self, vm_ref, consoles):
         log(DEBUG, "create_consoles")
         return map(lambda console: self.create_console(vm_ref, console),
@@ -482,6 +510,10 @@ class sxp2xml:
 
         vifs_sxp = map(lambda x: x[1], [device for device in devices
                                         if device[1][0] == "vif"])
+
+        vtpms_sxp = map(lambda x: x[1], [device for device in devices
+                                         if device[1][0] == "vtpm"])
+
         # Create XML Document
         
         impl = getDOMImplementation()
@@ -530,6 +562,14 @@ class sxp2xml:
             = str(get_child_by_name(config, "vcpus", 1))
         vm.attributes["vcpus_at_startup"] \
             = str(get_child_by_name(config, "vcpus", 1))
+
+        sec_data = get_child_by_name(config, "security")
+        if sec_data:
+            try :
+                vm.attributes['security_label'] = \
+                      "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, 
sec_data[0][1][1],sec_data[0][2][1])
+            except Exception, e:
+                raise "Invalid security data format: %s" % str(sec_data)
 
         # Make the name tag
 
@@ -601,6 +641,12 @@ class sxp2xml:
 
         map(vm.appendChild, vifs)
 
+        # And now the vTPMs
+
+        vtpms = map(lambda vtpm: self.extract_vtpm(vtpm, document), vtpms_sxp)
+
+        map(vm.appendChild, vtpms)
+
         # Last but not least the consoles...
 
         consoles = self.extract_consoles(image, document)
@@ -707,6 +753,15 @@ class sxp2xml:
                 = get_child_by_name(vif_sxp, "bridge")
         
         return vif
+
+    def extract_vtpm(self, vtpm_sxp, document):
+
+        vtpm = document.createElement("vtpm")
+
+        vtpm.attributes["backend"] \
+             = get_child_by_name(vtpm_sxp, "backend", "0")
+
+        return vtpm
 
     _eths = -1
 
diff -r f536eb8576ee -r d0477293897c tools/vtpm_manager/util/hashtable_itr.c
--- a/tools/vtpm_manager/util/hashtable_itr.c   Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/vtpm_manager/util/hashtable_itr.c   Thu Jul 12 09:53:58 2007 +0100
@@ -225,7 +225,7 @@ hashtable_iterator_search(struct hashtab
     
 egress:
 #ifdef HASHTABLE_THREADED
-    pthread_mutex_lock(&h->mutex);
-#endif 
-    return ret;
-}
+    pthread_mutex_unlock(&h->mutex);
+#endif 
+    return ret;
+}
diff -r f536eb8576ee -r d0477293897c tools/xenstore/xsls.c
--- a/tools/xenstore/xsls.c     Wed Jul 11 11:32:30 2007 -0600
+++ b/tools/xenstore/xsls.c     Thu Jul 12 09:53:58 2007 +0100
@@ -8,6 +8,7 @@
 #include <sys/ioctl.h>
 #include <termios.h>
 
+#define STRING_MAX PATH_MAX
 static int max_width = 80;
 static int desired_width = 60;
 
@@ -19,7 +20,8 @@ void print_dir(struct xs_handle *h, char
 void print_dir(struct xs_handle *h, char *path, int cur_depth, int show_perms)
 {
     char **e;
-    char newpath[512], *val;
+    char newpath[STRING_MAX], *val;
+    int newpath_len;
     int i;
     unsigned int num, len;
 
@@ -33,13 +35,26 @@ void print_dir(struct xs_handle *h, char
         unsigned int nperms;
         int linewid;
 
-        for (linewid=0; linewid<cur_depth; linewid++) putchar(' ');
+        /* Print indent and path basename */
+        for (linewid=0; linewid<cur_depth; linewid++) {
+            putchar(' ');
+        }
         linewid += printf("%.*s",
                           (int) (max_width - TAG_LEN - linewid), e[i]);
-        sprintf(newpath, "%s%s%s", path, 
+
+        /* Compose fullpath and fetch value */
+        newpath_len = snprintf(newpath, sizeof(newpath), "%s%s%s", path, 
                 path[strlen(path)-1] == '/' ? "" : "/", 
                 e[i]);
-        val = xs_read(h, XBT_NULL, newpath, &len);
+        if ( newpath_len < sizeof(newpath) ) {
+            val = xs_read(h, XBT_NULL, newpath, &len);
+        }
+        else {
+            /* Path was truncated and thus invalid */
+            val = NULL;
+        }
+
+        /* Print value */
         if (val == NULL) {
             printf(":\n");
         }
@@ -88,7 +103,7 @@ void print_dir(struct xs_handle *h, char
 
 void usage(int argc, char *argv[])
 {
-    fprintf(stderr, "Usage: %s [-p] [path]\n", argv[0]);
+    fprintf(stderr, "Usage: %s [-w] [-p] [path]\n", argv[0]);
 }
 
 int main(int argc, char *argv[])
@@ -104,11 +119,14 @@ int main(int argc, char *argv[])
     if (!ret)
         max_width = ws.ws_col - PAD;
 
-    while (0 < (c = getopt(argc, argv, "ps"))) {
+    while (0 < (c = getopt(argc, argv, "psw"))) {
         switch (c) {
+        case 'w':
+            max_width= STRING_MAX - PAD;
+            desired_width = 0;
+            break;
         case 'p':
             show_perm = 1;
-            max_width -= 16;
             break;
         case 's':
             socket = 1;
@@ -121,6 +139,11 @@ int main(int argc, char *argv[])
         }
     }
 
+    /* Adjust the width here to avoid argument order dependency */
+    if ( show_perm ) {
+        max_width -= 16;
+    }
+
     xsh = socket ? xs_daemon_open() : xs_domain_open();
     if (xsh == NULL)
         err(1, socket ? "xs_daemon_open" : "xs_domain_open");
diff -r f536eb8576ee -r d0477293897c xen/arch/ia64/linux-xen/perfmon.c
--- a/xen/arch/ia64/linux-xen/perfmon.c Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/ia64/linux-xen/perfmon.c Thu Jul 12 09:53:58 2007 +0100
@@ -7729,7 +7729,7 @@ do_perfmon_op(unsigned long cmd,
 {
        unsigned long error = 0;
 
-       if (!NONPRIV_OP(cmd) && current->domain != xenoprof_primary_profiler) {
+       if (!NONPRIV_OP(cmd) && current->domain->domain_id !=0) {
                gdprintk(XENLOG_INFO, "xen perfmon: "
                         "dom %d denied privileged operation %ld\n",
                         current->domain->domain_id, cmd);
diff -r f536eb8576ee -r d0477293897c xen/arch/ia64/xen/oprofile/perfmon.c
--- a/xen/arch/ia64/xen/oprofile/perfmon.c      Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/ia64/xen/oprofile/perfmon.c      Thu Jul 12 09:53:58 2007 +0100
@@ -119,19 +119,10 @@ __exitcall(xenoprof_perfmon_exit);
 ///////////////////////////////////////////////////////////////////////////
 // glue methods for xenoprof and perfmon.
 int
-xenoprof_arch_init(int *num_events, int *is_primary, char *cpu_type)
+xenoprof_arch_init(int *num_events, char *cpu_type)
 {
     *num_events = 0;
     strlcpy(cpu_type, get_cpu_type(), XENOPROF_CPU_TYPE_SIZE);
-
-    *is_primary = 0;
-    if (xenoprof_primary_profiler == NULL) {
-        /* For now, only dom0 can be the primary profiler */
-        if (current->domain->domain_id == 0) {
-            *is_primary = 1;
-        }
-    } else if (xenoprof_primary_profiler == current->domain)
-        *is_primary = 1;
     return 0;
 }
 
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/acpi/Makefile
--- a/xen/arch/x86/acpi/Makefile        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/acpi/Makefile        Thu Jul 12 09:53:58 2007 +0100
@@ -1,1 +1,2 @@ obj-y += boot.o
 obj-y += boot.o
+obj-y += power.o suspend.o wakeup_prot.o
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/acpi/power.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/xen/arch/x86/acpi/power.c Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,273 @@
+/* drivers/acpi/sleep/power.c - PM core functionality for Xen
+ *
+ * Copyrights from Linux side:
+ * Copyright (c) 2000-2003 Patrick Mochel
+ * Copyright (C) 2001-2003 Pavel Machek <pavel@xxxxxxx>
+ * Copyright (c) 2003 Open Source Development Lab
+ * Copyright (c) 2004 David Shaohua Li <shaohua.li@xxxxxxxxx>
+ * Copyright (c) 2005 Alexey Starikovskiy <alexey.y.starikovskiy@xxxxxxxxx>
+ *
+ * Slimmed with Xen specific support.
+ */
+
+#include <xen/config.h>
+#include <asm/io.h>
+#include <asm/acpi.h>
+#include <xen/acpi.h>
+#include <xen/errno.h>
+#include <xen/iocap.h>
+#include <xen/sched.h>
+#include <asm/acpi.h>
+#include <asm/irq.h>
+#include <asm/init.h>
+#include <xen/spinlock.h>
+#include <xen/sched.h>
+#include <xen/domain.h>
+#include <xen/console.h>
+#include <public/platform.h>
+
+#define pmprintk(_l, _f, _a...) printk(_l "<PM>" _f, ## _a )
+
+u8 sleep_states[ACPI_S_STATE_COUNT];
+DEFINE_SPINLOCK(pm_lock);
+
+struct acpi_sleep_info {
+    uint16_t pm1a_cnt;
+    uint16_t pm1b_cnt;
+    uint16_t pm1a_evt;
+    uint16_t pm1b_evt;
+    uint16_t pm1a_cnt_val;
+    uint16_t pm1b_cnt_val;
+    uint32_t sleep_state;
+} acpi_sinfo;
+
+extern void do_suspend_lowlevel(void);
+
+static char *acpi_states[ACPI_S_STATE_COUNT] =
+{
+    [ACPI_STATE_S1] = "standby",
+    [ACPI_STATE_S3] = "mem",
+    [ACPI_STATE_S4] = "disk",
+};
+
+unsigned long acpi_video_flags;
+unsigned long saved_videomode;
+
+/* XXX: Add suspend failure recover later */
+static int device_power_down(void)
+{
+    console_suspend();
+
+    time_suspend();
+
+    i8259A_suspend();
+    
+    ioapic_suspend();
+    
+    lapic_suspend();
+
+    return 0;
+}
+
+static void device_power_up(void)
+{
+    lapic_resume();
+    
+    ioapic_resume();
+
+    i8259A_resume();
+    
+    time_resume();
+
+    console_resume();
+}
+
+static void freeze_domains(void)
+{
+    struct domain *d;
+
+    for_each_domain(d)
+        if (d->domain_id != 0)
+            domain_pause(d);
+}
+
+static void thaw_domains(void)
+{
+    struct domain *d;
+
+    for_each_domain(d)
+        if (d->domain_id != 0)
+            domain_unpause(d);
+}
+
+/* Main interface to do xen specific suspend/resume */
+int enter_state(u32 state)
+{
+    unsigned long flags;
+    int error;
+
+    if (state <= ACPI_STATE_S0 || state > ACPI_S_STATES_MAX)
+        return -EINVAL;
+
+    /* Sync lazy state on ths cpu */
+    __sync_lazy_execstate();
+    pmprintk(XENLOG_INFO, "Flush lazy state\n");
+
+    if (!spin_trylock(&pm_lock))
+        return -EBUSY;
+    
+    freeze_domains();
+
+    hvm_suspend_cpu();
+
+    pmprintk(XENLOG_INFO, "PM: Preparing system for %s sleep\n",
+        acpi_states[state]);
+
+    local_irq_save(flags);
+
+    if ((error = device_power_down()))
+    {
+        printk(XENLOG_ERR "Some devices failed to power down\n");
+        goto Done;
+    }
+
+    ACPI_FLUSH_CPU_CACHE();
+
+    switch (state)
+    {
+        case ACPI_STATE_S3:
+            do_suspend_lowlevel();
+            break;
+        default:
+            error = -EINVAL;
+            break;
+    }
+
+    pmprintk(XENLOG_INFO, "Back to C!\n");
+
+    device_power_up();
+
+    pmprintk(XENLOG_INFO, "PM: Finishing wakeup.\n");
+
+ Done:
+    local_irq_restore(flags);
+
+    hvm_resume_cpu();
+
+    thaw_domains();
+    spin_unlock(&pm_lock);
+    return error;
+}
+
+/*
+ * Xen just requires address of pm1x_cnt, and ACPI interpreter
+ * is still kept in dom0. Address of xen wakeup stub will be
+ * returned, and then dom0 writes that address to FACS.
+ */
+int set_acpi_sleep_info(struct xenpf_set_acpi_sleep *info)
+{
+    if (acpi_sinfo.pm1a_cnt)
+        pmprintk(XENLOG_WARNING, "Multiple setting on acpi sleep info\n");
+
+    acpi_sinfo.pm1a_cnt = info->pm1a_cnt_port;
+    acpi_sinfo.pm1b_cnt = info->pm1b_cnt_port;
+    acpi_sinfo.pm1a_evt = info->pm1a_evt_port;
+    acpi_sinfo.pm1b_evt = info->pm1b_evt_port;
+    info->xen_waking_vec = (uint64_t)bootsym_phys(wakeup_start);
+
+    pmprintk(XENLOG_INFO, "pm1a[%x],pm1b[%x],pm1a_e[%x],pm1b_e[%x]"
+                       "wake[%"PRIx64"]",
+                       acpi_sinfo.pm1a_cnt, acpi_sinfo.pm1b_cnt,
+                       acpi_sinfo.pm1a_evt, acpi_sinfo.pm1b_evt,
+                       info->xen_waking_vec);
+    return 0;
+}
+
+/*
+ * Dom0 issues this hypercall in place of writing pm1a_cnt. Xen then
+ * takes over the control and put the system into sleep state really.
+ * Also video flags and mode are passed here, in case user may use
+ * "acpi_sleep=***" for video resume.
+ *
+ * Guest may issue a two-phases write to PM1x_CNT, to work
+ * around poorly implemented hardware. It's better to keep
+ * this logic here. Two writes can be differentiated by 
+ * enable bit setting.
+ */
+int acpi_enter_sleep(struct xenpf_enter_acpi_sleep *sleep)
+{
+    if (!IS_PRIV(current->domain) || !acpi_sinfo.pm1a_cnt)
+        return -EPERM;
+
+    /* Sanity check */
+    if (acpi_sinfo.pm1b_cnt_val &&
+        ((sleep->pm1a_cnt_val ^ sleep->pm1b_cnt_val) &
+        ACPI_BITMASK_SLEEP_ENABLE))
+    {
+        pmprintk(XENLOG_ERR, "Mismatched pm1a/pm1b setting\n");
+        return -EINVAL;
+    }
+
+    /* Write #1 */
+    if (!(sleep->pm1a_cnt_val & ACPI_BITMASK_SLEEP_ENABLE))
+    {
+        outw((u16)sleep->pm1a_cnt_val, acpi_sinfo.pm1a_cnt);
+        if (acpi_sinfo.pm1b_cnt)
+            outw((u16)sleep->pm1b_cnt_val, acpi_sinfo.pm1b_cnt);
+        return 0;
+    }
+
+    /* Write #2 */
+    acpi_sinfo.pm1a_cnt_val = sleep->pm1a_cnt_val;
+    acpi_sinfo.pm1b_cnt_val = sleep->pm1b_cnt_val;
+    acpi_sinfo.sleep_state = sleep->sleep_state;
+    acpi_video_flags = sleep->video_flags;
+    saved_videomode = sleep->video_mode;
+
+    return enter_state(acpi_sinfo.sleep_state);
+}
+
+static int acpi_get_wake_status(void)
+{
+    uint16_t val;
+
+    /* Wake status is the 15th bit of PM1 status register. (ACPI spec 3.0) */
+    val = inw(acpi_sinfo.pm1a_evt) | inw(acpi_sinfo.pm1b_evt);
+    val &= ACPI_BITMASK_WAKE_STATUS;
+    val >>= ACPI_BITPOSITION_WAKE_STATUS;
+    return val;
+}
+
+/* System is really put into sleep state by this stub */
+acpi_status asmlinkage acpi_enter_sleep_state(u8 sleep_state)
+{
+    ACPI_FLUSH_CPU_CACHE();
+
+    outw((u16)acpi_sinfo.pm1a_cnt_val, acpi_sinfo.pm1a_cnt);
+    if (acpi_sinfo.pm1b_cnt)
+        outw((u16)acpi_sinfo.pm1b_cnt_val, acpi_sinfo.pm1b_cnt);
+    
+    /* Wait until we enter sleep state, and spin until we wake */
+    while (!acpi_get_wake_status());
+    return_ACPI_STATUS(AE_OK);
+}
+
+static int __init acpi_sleep_init(void)
+{
+    int i = 0; 
+
+    pmprintk(XENLOG_INFO, "ACPI (supports");
+    for (i = 0; i < ACPI_S_STATE_COUNT; i++)
+    {
+        if (i == ACPI_STATE_S3)
+        {
+            sleep_states[i] = 1;
+            printk(" S%d", i);
+        }
+        else
+            sleep_states[i] = 0;
+    }
+    printk(")\n");
+    return 0;
+}
+__initcall(acpi_sleep_init);
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/acpi/suspend.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/xen/arch/x86/acpi/suspend.c       Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,85 @@
+/*
+ * Suspend support specific for i386.
+ *
+ * Distribute under GPLv2
+ *
+ * Copyright (c) 2002 Pavel Machek <pavel@xxxxxxx>
+ * Copyright (c) 2001 Patrick Mochel <mochel@xxxxxxxx>
+ */
+#include <xen/config.h>
+#include <xen/acpi.h>
+#include <xen/smp.h>
+#include <asm/processor.h>
+#include <asm/msr.h>
+#include <asm/flushtlb.h>
+#include <asm/hvm/hvm.h>
+#include <asm/hvm/support.h>
+#include <asm/i387.h>
+
+/* Following context save/restore happens on the real context
+ * of current vcpu, with a lazy state sync forced earlier. 
+ */
+#if defined(CONFIG_X86_64)
+unsigned long saved_lstar, saved_cstar;
+#endif
+void save_rest_processor_state(void)
+{
+    /*
+     * Net effect of unlazy_fpu is to set cr0.ts and thus there's no
+     * need to restore fpu after resume.
+     */
+    if (!is_idle_vcpu(current))
+        unlazy_fpu(current);
+
+#if defined(CONFIG_X86_64)
+    rdmsrl(MSR_CSTAR, saved_cstar);
+    rdmsrl(MSR_LSTAR, saved_lstar);
+#endif
+
+    bootsym(video_flags) = acpi_video_flags;
+    bootsym(video_mode) = saved_videomode;
+}
+
+#define loaddebug(_v,_reg) \
+    __asm__ __volatile__ ("mov %0,%%db" #_reg : : "r" ((_v)->debugreg[_reg]))
+
+void restore_rest_processor_state(void)
+{
+    int cpu = smp_processor_id();
+    struct tss_struct *t = &init_tss[cpu];
+    struct vcpu *v = current;
+
+    /* Really scared by suffixed comment from Linux, and keep it for safe */
+    set_tss_desc(cpu, t);    /* This just modifies memory; should not be 
necessary. But... This is necessary, because 386 hardware has concept of busy 
TSS or some similar stupidity. */
+
+    load_TR(cpu);
+
+#if defined(CONFIG_X86_64)
+    /* Recover syscall MSRs */
+    wrmsrl(MSR_LSTAR, saved_lstar);
+    wrmsrl(MSR_CSTAR, saved_cstar);
+    wrmsr(MSR_STAR, 0, (FLAT_RING3_CS32<<16) | __HYPERVISOR_CS);
+    wrmsr(MSR_SYSCALL_MASK, EF_VM|EF_RF|EF_NT|EF_DF|EF_IE|EF_TF, 0U);    
+#else /* !defined(CONFIG_X86_64) */
+    if (supervisor_mode_kernel && cpu_has_sep)
+        wrmsr(MSR_IA32_SYSENTER_ESP, &t->esp1, 0);
+#endif
+
+    /* Maybe load the debug registers. */
+    if ( !is_idle_vcpu(v) && unlikely(v->arch.guest_context.debugreg[7]) )
+    {
+        loaddebug(&v->arch.guest_context, 0);
+        loaddebug(&v->arch.guest_context, 1);
+        loaddebug(&v->arch.guest_context, 2);
+        loaddebug(&v->arch.guest_context, 3);
+        /* no 4 and 5 */
+        loaddebug(&v->arch.guest_context, 6);
+        loaddebug(&v->arch.guest_context, 7);
+    }
+
+    /* Do we start fpu really? Just set cr0.ts to monitor it */
+    stts();
+
+    mtrr_ap_init();
+    mcheck_init(&boot_cpu_data);
+}
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/acpi/wakeup_prot.S
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/xen/arch/x86/acpi/wakeup_prot.S   Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,267 @@
+        .text
+
+#include <xen/config.h>
+#include <xen/multiboot.h>
+#include <public/xen.h>
+#include <asm/asm_defns.h>
+#include <asm/desc.h>
+#include <asm/page.h>
+#include <asm/msr.h>
+
+#if defined(__x86_64__)
+
+        .code64
+
+#define GREG(x)         %r##x
+#define SAVED_GREG(x)   saved_r##x(%rip)
+#define DECLARE_GREG(x) saved_r##x:     .quad   0
+#define SAVE_GREG(x)    movq GREG(x), SAVED_GREG(x)
+#define LOAD_GREG(x)    movq SAVED_GREG(x), GREG(x)
+
+#define REF(x)          x(%rip)
+
+#define RDMSR(ind, m)                   \
+        xorq    %rdx, %rdx;             \
+        mov     $ind, %ecx;             \
+        rdmsr;                          \
+        shlq    $0x20, %rdx;              \
+        orq     %rax, %rdx;             \
+        movq    %rdx, m(%rip);
+
+#define WRMSR(ind, m)                   \
+        mov     $ind, %ecx;             \
+        movq    m(%rip), %rdx;          \
+        mov     %edx, %eax;             \
+        shrq    $0x20, %rdx;              \
+        wrmsr;
+
+#else /* !defined(__x86_64__) */
+
+        .code32
+
+#define GREG(x)         %e##x
+#define SAVED_GREG(x)   saved_e##x
+#define DECLARE_GREG(x) saved_e##x:     .long   0
+#define SAVE_GREG(x)    movl GREG(x), SAVED_GREG(x)
+#define LOAD_GREG(x)    movl SAVED_GREG(x), GREG(x)
+
+#define REF(x)          x
+
+#endif
+
+ENTRY(do_suspend_lowlevel)
+
+        SAVE_GREG(sp)
+        SAVE_GREG(ax)
+        SAVE_GREG(bx)
+        SAVE_GREG(cx)
+        SAVE_GREG(dx)
+        SAVE_GREG(bp)
+        SAVE_GREG(si)
+        SAVE_GREG(di)
+
+#if defined(__x86_64__)
+
+        SAVE_GREG(8)     # save r8...r15
+        SAVE_GREG(9)
+        SAVE_GREG(10)
+        SAVE_GREG(11)
+        SAVE_GREG(12)
+        SAVE_GREG(13)
+        SAVE_GREG(14)
+        SAVE_GREG(15)
+        pushfq;
+        popq    SAVED_GREG(flags)
+
+        mov     %cr8, GREG(ax)
+        mov     GREG(ax), REF(saved_cr8)
+
+        RDMSR(MSR_FS_BASE, saved_fs_base)
+        RDMSR(MSR_GS_BASE, saved_gs_base)
+        RDMSR(MSR_SHADOW_GS_BASE, saved_kernel_gs_base)
+
+#else /* !defined(__x86_64__) */
+
+        pushfl;
+        popl    SAVED_GREG(flags)
+
+#endif
+
+        mov     %ds, REF(saved_ds)
+        mov     %es, REF(saved_es)
+        mov     %fs, REF(saved_fs)
+        mov     %gs, REF(saved_gs)
+        mov     %ss, REF(saved_ss)
+
+        sgdt    REF(saved_gdt)
+        sidt    REF(saved_idt)
+        sldt    REF(saved_ldt)
+
+        mov     %cr0, GREG(ax)
+        mov     GREG(ax), REF(saved_cr0)
+
+        mov     %cr3, GREG(ax)
+        mov     GREG(ax), REF(saved_cr3)
+
+        call    save_rest_processor_state
+
+#if defined(__x86_64__)
+
+        mov     $3, %rdi
+        xor     %eax, %eax
+
+#else /* !defined(__x86_64__) */
+
+        push    $3
+
+#endif
+
+        /* enter sleep state physically */
+        call    acpi_enter_sleep_state
+        jmp     __ret_point
+
+        .align  16
+        .globl  __ret_point
+__ret_point:
+
+        /* mmu_cr4_features contains latest cr4 setting */
+        mov     REF(mmu_cr4_features), GREG(ax)
+        mov     GREG(ax), %cr4
+
+        mov     REF(saved_cr3), GREG(ax)
+        mov     GREG(ax), %cr3
+
+        mov     REF(saved_cr0), GREG(ax)
+        mov     GREG(ax), %cr0
+
+        lgdt    REF(saved_gdt)
+        lidt    REF(saved_idt)
+        lldt    REF(saved_ldt)
+
+        mov     REF(saved_ss), %ss
+        LOAD_GREG(sp)
+
+#if defined(__x86_64__)
+
+        mov     REF(saved_cr8), %rax
+        mov     %rax, %cr8
+
+        pushq   SAVED_GREG(flags)
+        popfq
+
+        /* Idle vcpu doesn't need segment selectors reload, since
+         * those may contain stale value from other domains and 
+         * reload may result page fault due to no matched gdt entry
+         */
+        mov     $(STACK_SIZE - 8), %rax
+        or      %rsp, %rax
+        and     $~7, %rax
+        mov     (%rax), %rax
+        mov     0x10(%rax), %rax
+        cmpw    $0x7fff, (%rax)
+        je      1f
+
+        /* These selectors are from guest, and thus need reload */
+        mov     REF(saved_ds), %ds
+        mov     REF(saved_es), %es
+        mov     REF(saved_fs), %fs
+
+        /* gs load is special */
+        mov     REF(saved_gs), %rsi
+        mov     $3, %rdi        # SEGBASE_GS_USER_SEL
+        call    do_set_segment_base
+
+1:
+        # MSR restore
+        WRMSR(MSR_FS_BASE, saved_fs_base)
+        WRMSR(MSR_GS_BASE, saved_gs_base)
+        WRMSR(MSR_SHADOW_GS_BASE, saved_kernel_gs_base)
+
+#else /* !defined(__x86_64__) */
+
+        pushl   SAVED_GREG(flags)
+        popfl
+
+        /* No reload to fs/gs, which is saved in bottom stack already */
+        mov     REF(saved_ds), %ds
+        mov     REF(saved_es), %es
+
+#endif
+
+        call restore_rest_processor_state
+
+        LOAD_GREG(bp)
+        LOAD_GREG(ax)
+        LOAD_GREG(bx)
+        LOAD_GREG(cx)
+        LOAD_GREG(dx)
+        LOAD_GREG(si)
+        LOAD_GREG(di)
+#if defined(__x86_64__)
+        LOAD_GREG(8)     # save r8...r15
+        LOAD_GREG(9)
+        LOAD_GREG(10)
+        LOAD_GREG(11)
+        LOAD_GREG(12)
+        LOAD_GREG(13)
+        LOAD_GREG(14)
+        LOAD_GREG(15)
+#endif
+        ret 
+
+.data
+        .align 16
+saved_ds:        .word   0
+saved_es:        .word   0
+saved_ss:        .word   0
+saved_gs:        .word   0
+saved_fs:        .word   0
+
+        .align 4
+        .globl   saved_magic
+saved_magic:     .long   0x9abcdef0
+
+        .align 8
+DECLARE_GREG(sp)
+DECLARE_GREG(bp)
+DECLARE_GREG(ax)
+DECLARE_GREG(bx)
+DECLARE_GREG(cx)
+DECLARE_GREG(dx)
+DECLARE_GREG(si)
+DECLARE_GREG(di)
+DECLARE_GREG(flags)
+
+#if defined(__x86_64__)
+
+DECLARE_GREG(8)
+DECLARE_GREG(9)
+DECLARE_GREG(10)
+DECLARE_GREG(11)
+DECLARE_GREG(12)
+DECLARE_GREG(13)
+DECLARE_GREG(14)
+DECLARE_GREG(15)
+
+saved_gdt:      .quad   0,0
+saved_idt:      .quad   0,0
+saved_ldt:      .quad   0,0
+
+saved_cr0:      .quad   0
+saved_cr3:      .quad   0
+saved_cr8:      .quad   0
+
+saved_gs_base:  .quad   0
+saved_fs_base:  .quad   0
+saved_kernel_gs_base:   .quad   0
+
+#else /* !defined(__x86_64__) */
+
+saved_gdt:      .long   0,0
+saved_idt:      .long   0,0
+saved_ldt:      .long   0
+
+saved_cr0:      .long   0
+saved_cr3:      .long   0
+
+#endif 
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/apic.c
--- a/xen/arch/x86/apic.c       Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/apic.c       Thu Jul 12 09:53:58 2007 +0100
@@ -957,7 +957,7 @@ void __setup_APIC_LVTT(unsigned int cloc
     apic_write_around(APIC_TMICT, clocks/APIC_DIVISOR);
 }
 
-static void __init setup_APIC_timer(unsigned int clocks)
+static void __devinit setup_APIC_timer(unsigned int clocks)
 {
     unsigned long flags;
     local_irq_save(flags);
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/boot/Makefile
--- a/xen/arch/x86/boot/Makefile        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/boot/Makefile        Thu Jul 12 09:53:58 2007 +0100
@@ -1,3 +1,4 @@ obj-y += head.o
 obj-y += head.o
 
-head.o: head.S $(TARGET_SUBARCH).S trampoline.S mem.S video.S cmdline.S edd.S
+head.o: head.S $(TARGET_SUBARCH).S trampoline.S mem.S video.S \
+       cmdline.S edd.S wakeup.S
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/boot/head.S
--- a/xen/arch/x86/boot/head.S  Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/boot/head.S  Thu Jul 12 09:53:58 2007 +0100
@@ -175,9 +175,11 @@ 1:      stosl   /* low mappings cover up
 
 #include "cmdline.S"
 
+        .align 16
         .globl trampoline_start, trampoline_end
 trampoline_start:
 #include "trampoline.S"
+#include "wakeup.S"
 trampoline_end:
 
         .text
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/boot/wakeup.S
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/xen/arch/x86/boot/wakeup.S        Thu Jul 12 09:53:58 2007 +0100
@@ -0,0 +1,212 @@
+        .code16
+
+#undef wakesym
+/* Used in real mode, to cal offset in current segment */
+#define wakesym(sym) (sym - wakeup_start)
+
+ENTRY(wakeup_start)
+        wakeup_code_start = .
+
+        cli
+        cld
+
+        # setup data segment
+        movw    %cs, %ax
+        movw    %ax, %ds
+        movw    %ax, %ss        # A stack required for BIOS call
+        movw    $wakesym(wakeup_stack), %sp
+
+        pushl   $0              # Kill dangerous flag early
+        popfl
+
+        # check magic number
+        movl    wakesym(real_magic), %eax
+        cmpl    $0x12345678, %eax
+        jne     bogus_real_magic
+
+        # for acpi_sleep=s3_bios
+        testl   $1, wakesym(video_flags)
+        jz      1f
+        lcall   $0xc000, $3
+        movw    %cs, %ax        # In case messed by BIOS
+        movw    %ax, %ds
+        movw    %ax, %ss        # Need this? How to ret if clobbered?
+
+1:      # for acpi_sleep=s3_mode
+        testl   $2, wakesym(video_flags)
+        jz      1f
+        movl    wakesym(video_mode), %eax
+        call    mode_setw
+
+1:      # Show some progress if VGA is resumed
+        movw    $0xb800, %ax
+        movw    %ax, %fs
+        movw    $0x0e00 + 'L', %fs:(0x10)
+
+        # boot trampoline is under 1M, and shift its start into
+        # %fs to reference symbols in that area
+        movl    $BOOT_TRAMPOLINE, %eax
+        shrl    $4, %eax
+        movl    %eax, %fs
+        lidt    %fs:bootsym(idt_48)
+        lgdt    %fs:bootsym(gdt_48)
+
+        movw    $1, %ax
+        lmsw    %ax             # Turn on CR0.PE 
+        jmp     1f
+1:      ljmpl   $BOOT_CS32, $bootsym_phys(wakeup_32)
+
+/* This code uses an extended set of video mode numbers. These include:
+ * Aliases for standard modes
+ *      NORMAL_VGA (-1)
+ *      EXTENDED_VGA (-2)
+ *      ASK_VGA (-3)
+ * Video modes numbered by menu position -- NOT RECOMMENDED because of lack
+ * of compatibility when extending the table. These are between 0x00 and 0xff.
+ */
+#define VIDEO_FIRST_MENU 0x0000
+
+/* Standard BIOS video modes (BIOS number + 0x0100) */
+#define VIDEO_FIRST_BIOS 0x0100
+
+/* VESA BIOS video modes (VESA number + 0x0200) */
+#define VIDEO_FIRST_VESA 0x0200
+
+/* Video7 special modes (BIOS number + 0x0900) */
+#define VIDEO_FIRST_V7 0x0900
+
+# Setting of user mode (AX=mode ID) => CF=success
+mode_setw:
+        movw    %ax, %bx
+        cmpb    $VIDEO_FIRST_VESA>>8, %ah
+        jnc     check_vesaw
+        decb    %ah
+
+setbadw: clc
+        ret
+
+check_vesaw:
+        subb    $VIDEO_FIRST_VESA>>8, %bh
+        orw     $0x4000, %bx                    # Use linear frame buffer
+        movw    $0x4f02, %ax                    # VESA BIOS mode set call
+        int     $0x10
+        cmpw    $0x004f, %ax                    # AL=4f if implemented
+        jnz     _setbadw                        # AH=0 if OK
+
+        stc
+        ret
+
+_setbadw: jmp    setbadw
+
+bogus_real_magic:
+        movw    $0x0e00 + 'B', %fs:(0x12)
+        jmp     bogus_real_magic
+
+        .align 4
+real_magic:     .long 0x12345678
+         .globl video_mode, video_flags
+video_mode:     .long 0
+video_flags:    .long 0
+
+        .code32
+
+        # Now in protect mode, with paging disabled
+        # Add offset for any reference to xen specific symbols
+
+wakeup_32:
+        mov     $BOOT_DS, %eax
+        mov     %eax, %ds
+        mov     %eax, %ss
+        mov     $bootsym_phys(wakeup_stack), %esp
+
+        # check saved magic again
+        mov     $sym_phys(saved_magic), %eax
+        add     bootsym_phys(trampoline_xen_phys_start), %eax
+        mov     (%eax), %eax
+        cmp     $0x9abcdef0, %eax
+        jne     bogus_saved_magic
+        
+        /* fpu init? */
+
+        /* Initialise CR4. */
+#if CONFIG_PAGING_LEVELS == 2
+        mov     $X86_CR4_PSE, %ecx
+#else
+        mov     $X86_CR4_PAE, %ecx
+#endif
+        mov     %ecx, %cr4
+
+        /* Load pagetable base register */
+        mov     $sym_phys(idle_pg_table),%eax
+        add     bootsym_phys(trampoline_xen_phys_start),%eax
+        mov     %eax,%cr3
+
+        /* Will cpuid feature change after resume? */
+#if CONFIG_PAGING_LEVELS != 2
+        /* Set up EFER (Extended Feature Enable Register). */
+        mov     bootsym_phys(cpuid_ext_features),%edi
+        test    $0x20100800,%edi /* SYSCALL/SYSRET, No Execute, Long Mode? */
+        jz      .Lskip_eferw
+        movl    $MSR_EFER,%ecx
+        rdmsr
+#if CONFIG_PAGING_LEVELS == 4
+        btsl    $_EFER_LME,%eax /* Long Mode      */
+        btsl    $_EFER_SCE,%eax /* SYSCALL/SYSRET */
+#endif
+        btl     $20,%edi        /* No Execute?    */
+        jnc     1f
+        btsl    $_EFER_NX,%eax  /* No Execute     */
+1:      wrmsr
+.Lskip_eferw:
+#endif
+
+        wbinvd
+
+        mov     $0x80050033,%eax /* hi-to-lo: PG,AM,WP,NE,ET,MP,PE */
+        mov     %eax,%cr0
+        jmp     1f
+1:
+
+#if defined(__x86_64__)
+
+        /* Now in compatibility mode. Long-jump to 64-bit mode */
+        ljmp    $BOOT_CS64, $bootsym_phys(wakeup_64)
+
+        .code64
+        .align  8
+        .word   0,0,0
+lgdt_descr:
+        .word   LAST_RESERVED_GDT_BYTE
+        .quad   gdt_table - FIRST_RESERVED_GDT_BYTE
+        
+wakeup_64:
+        lgdt    lgdt_descr(%rip)
+        mov     $(__HYPERVISOR_DS64), %eax
+        mov     %eax, %ds
+
+        # long jump to return point, with cs reload
+        rex64 ljmp    *ret_point(%rip)
+
+        .align 8
+ret_point:
+        .quad   __ret_point
+        .word   __HYPERVISOR_CS64
+
+#else /* !defined(__x86_64__) */
+        lgdt    gdt_descr
+        mov     $(__HYPERVISOR_DS), %eax
+        mov     %eax, %ds
+
+        ljmp    $(__HYPERVISOR_CS), $__ret_point
+#endif
+
+bogus_saved_magic:
+        movw    $0x0e00 + 'S', 0xb8014
+        jmp     bogus_saved_magic
+
+        .align  16
+wakeup_stack_begin:     # Stack grows down
+
+        .fill   PAGE_SIZE,1,0
+wakeup_stack:           # Just below end of first page in this section
+ENTRY(wakeup_end)
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/cpu/common.c
--- a/xen/arch/x86/cpu/common.c Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/cpu/common.c Thu Jul 12 09:53:58 2007 +0100
@@ -594,3 +594,11 @@ void __devinit cpu_init(void)
        /* Install correct page table. */
        write_ptbase(current);
 }
+
+#ifdef CONFIG_HOTPLUG_CPU
+void __cpuinit cpu_uninit(void)
+{
+       int cpu = raw_smp_processor_id();
+       cpu_clear(cpu, cpu_initialized);
+}
+#endif
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/dmi_scan.c
--- a/xen/arch/x86/dmi_scan.c   Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/dmi_scan.c   Thu Jul 12 09:53:58 2007 +0100
@@ -184,7 +184,6 @@ static __init int reset_videomode_after_
 static __init int reset_videomode_after_s3(struct dmi_blacklist *d)
 {
        /* See acpi_wakeup.S */
-       extern long acpi_video_flags;
        acpi_video_flags |= 2;
        return 0;
 }
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c     Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/domain.c     Thu Jul 12 09:53:58 2007 +0100
@@ -76,10 +76,37 @@ static void default_idle(void)
         local_irq_enable();
 }
 
+#ifdef CONFIG_HOTPLUG_CPU
+#include <asm/nmi.h>
+/* We don't actually take CPU down, just spin without interrupts. */
+static inline void play_dead(void)
+{
+    __cpu_disable();
+    /* This must be done before dead CPU ack */
+    cpu_exit_clear();
+    wbinvd();
+    mb();
+    /* Ack it */
+    __get_cpu_var(cpu_state) = CPU_DEAD;
+
+    /* With physical CPU hotplug, we should halt the cpu. */
+    local_irq_disable();
+    for ( ; ; )
+        halt();
+}
+#else
+static inline void play_dead(void)
+{
+    BUG();
+}
+#endif /* CONFIG_HOTPLUG_CPU */
+
 void idle_loop(void)
 {
     for ( ; ; )
     {
+        if (cpu_is_offline(smp_processor_id()))
+            play_dead();
         page_scrub_schedule_work();
         default_idle();
         do_softirq();
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/e820.c
--- a/xen/arch/x86/e820.c       Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/e820.c       Thu Jul 12 09:53:58 2007 +0100
@@ -310,23 +310,22 @@ static unsigned long __init find_max_pfn
     return max_pfn;
 }
 
-#ifdef __i386__
-static void __init clip_4gb(void)
-{
-    unsigned long long limit = (1ULL << 30) * MACHPHYS_MBYTES;
-    int i;
-
-    /* 32-bit systems restricted to a 4GB physical memory map,
-     * with PAE to 16 GB (with current memory layout) */
+static void __init clip_to_limit(uint64_t limit, char *warnmsg)
+{
+    int i;
+    char _warnmsg[160];
+
     for ( i = 0; i < e820.nr_map; i++ )
     {
         if ( (e820.map[i].addr + e820.map[i].size) <= limit )
             continue;
-        printk("WARNING: Only the first %d GB of the physical memory map "
-               "can be accessed\n"
-               "         by Xen in 32-bit mode. "
-               "Truncating the memory map...\n",
-              MACHPHYS_MBYTES);
+        if ( warnmsg )
+        {
+            snprintf(_warnmsg, sizeof(_warnmsg), warnmsg, (int)(limit>>30));
+            printk("WARNING: %s\n", _warnmsg);
+        }
+        printk("Truncating memory map to %lukB\n",
+               (unsigned long)(limit >> 10));
         if ( e820.map[i].addr >= limit )
         {
             e820.nr_map = i;
@@ -336,34 +335,6 @@ static void __init clip_4gb(void)
             e820.map[i].size = limit - e820.map[i].addr;
             e820.nr_map = i + 1;                
         }            
-    }
-}
-#else
-#define clip_4gb() ((void)0)
-#endif
-
-static void __init clip_mem(void)
-{
-    int i;
-
-    if ( !opt_mem )
-        return;
-
-    for ( i = 0; i < e820.nr_map; i++ )
-    {
-        if ( (e820.map[i].addr + e820.map[i].size) <= opt_mem )
-            continue;
-        printk("Truncating memory map to %lukB\n",
-               (unsigned long)(opt_mem >> 10));
-        if ( e820.map[i].addr >= opt_mem )
-        {
-            e820.nr_map = i;
-        }
-        else
-        {
-            e820.map[i].size = opt_mem - e820.map[i].addr;
-            e820.nr_map = i + 1;          
-        }
     }
 }
 
@@ -374,8 +345,22 @@ static void __init machine_specific_memo
     sanitize_e820_map(raw, &nr);
     *raw_nr = nr;
     (void)copy_e820_map(raw, nr);
-    clip_4gb();
-    clip_mem();
+
+    if ( opt_mem )
+        clip_to_limit(opt_mem, NULL);
+
+#ifdef __i386__
+    clip_to_limit((1ULL << 30) * MACHPHYS_MBYTES,
+                  "Only the first %u GB of the physical memory map "
+                  "can be accessed by Xen in 32-bit mode.");
+#endif
+
+#ifdef __x86_64__
+    clip_to_limit((uint64_t)(MACH2PHYS_COMPAT_VIRT_END -
+                             __HYPERVISOR_COMPAT_VIRT_START) << 10,
+                  "Only the first %u GB of the physical memory map "
+                  "can be accessed by 32-on-64 guests.");
+#endif
 }
 
 unsigned long __init init_e820(
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/hvm/hvm.c
--- a/xen/arch/x86/hvm/hvm.c    Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/hvm/hvm.c    Thu Jul 12 09:53:58 2007 +0100
@@ -78,8 +78,7 @@ void hvm_enable(struct hvm_function_tabl
 
 void hvm_disable(void)
 {
-    if ( hvm_enabled )
-        hvm_funcs.disable();
+    hvm_suspend_cpu();
 }
 
 void hvm_stts(struct vcpu *v)
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/hvm/svm/svm.c
--- a/xen/arch/x86/hvm/svm/svm.c        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/hvm/svm/svm.c        Thu Jul 12 09:53:58 2007 +0100
@@ -94,9 +94,8 @@ static void svm_inject_exception(struct 
     vmcb->eventinj = event;
 }
 
-static void stop_svm(void)
-{
-    /* We turn off the EFER_SVME bit. */
+static void svm_suspend_cpu(void)
+{
     write_efer(read_efer() & ~EFER_SVME);
 }
 
@@ -974,7 +973,7 @@ static int svm_event_injection_faulted(s
 
 static struct hvm_function_table svm_function_table = {
     .name                 = "SVM",
-    .disable              = stop_svm,
+    .suspend_cpu          = svm_suspend_cpu,
     .domain_initialise    = svm_domain_initialise,
     .domain_destroy       = svm_domain_destroy,
     .vcpu_initialise      = svm_vcpu_initialise,
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/hvm/vlapic.c
--- a/xen/arch/x86/hvm/vlapic.c Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/hvm/vlapic.c Thu Jul 12 09:53:58 2007 +0100
@@ -915,10 +915,17 @@ int vlapic_init(struct vcpu *v)
 int vlapic_init(struct vcpu *v)
 {
     struct vlapic *vlapic = vcpu_vlapic(v);
+    unsigned int memflags = 0;
 
     HVM_DBG_LOG(DBG_LEVEL_VLAPIC, "%d", v->vcpu_id);
 
-    vlapic->regs_page = alloc_domheap_page(NULL);
+#ifdef __i386__
+    /* 32-bit VMX may be limited to 32-bit physical addresses. */
+    if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL )
+        memflags = MEMF_bits(32);
+#endif
+
+    vlapic->regs_page = alloc_domheap_pages(NULL, 0, memflags);
     if ( vlapic->regs_page == NULL )
     {
         dprintk(XENLOG_ERR, "alloc vlapic regs error: %d/%d\n",
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/hvm/vmx/vmcs.c
--- a/xen/arch/x86/hvm/vmx/vmcs.c       Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/hvm/vmx/vmcs.c       Thu Jul 12 09:53:58 2007 +0100
@@ -45,7 +45,9 @@ u32 vmx_vmentry_control __read_mostly;
 u32 vmx_vmentry_control __read_mostly;
 bool_t cpu_has_vmx_ins_outs_instr_info __read_mostly;
 
+static DEFINE_PER_CPU(struct vmcs_struct *, host_vmcs);
 static DEFINE_PER_CPU(struct vmcs_struct *, current_vmcs);
+static DEFINE_PER_CPU(struct list_head, active_vmcs_list);
 
 static u32 vmcs_revision_id __read_mostly;
 
@@ -151,6 +153,14 @@ void vmx_init_vmcs_config(void)
 
     /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */
     BUG_ON((vmx_msr_high & 0x1fff) > PAGE_SIZE);
+
+#ifdef __x86_64__
+    /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */
+    BUG_ON(vmx_msr_high & (1u<<16));
+#endif
+
+    /* Require Write-Back (WB) memory type for VMCS accesses. */
+    BUG_ON(((vmx_msr_high >> 18) & 15) != 6);
 }
 
 static struct vmcs_struct *vmx_alloc_vmcs(void)
@@ -177,34 +187,81 @@ static void __vmx_clear_vmcs(void *info)
 static void __vmx_clear_vmcs(void *info)
 {
     struct vcpu *v = info;
-
-    __vmpclear(virt_to_maddr(v->arch.hvm_vmx.vmcs));
-
-    v->arch.hvm_vmx.active_cpu = -1;
-    v->arch.hvm_vmx.launched   = 0;
-
-    if ( v->arch.hvm_vmx.vmcs == this_cpu(current_vmcs) )
-        this_cpu(current_vmcs) = NULL;
+    struct arch_vmx_struct *arch_vmx = &v->arch.hvm_vmx;
+
+    /* Otherwise we can nest (vmx_suspend_cpu() vs. vmx_clear_vmcs()). */
+    ASSERT(!local_irq_is_enabled());
+
+    if ( arch_vmx->active_cpu == smp_processor_id() )
+    {
+        __vmpclear(virt_to_maddr(arch_vmx->vmcs));
+
+        arch_vmx->active_cpu = -1;
+        arch_vmx->launched   = 0;
+
+        list_del(&arch_vmx->active_list);
+
+        if ( arch_vmx->vmcs == this_cpu(current_vmcs) )
+            this_cpu(current_vmcs) = NULL;
+    }
 }
 
 static void vmx_clear_vmcs(struct vcpu *v)
 {
     int cpu = v->arch.hvm_vmx.active_cpu;
 
-    if ( cpu == -1 )
-        return;
-
-    if ( cpu == smp_processor_id() )
-        return __vmx_clear_vmcs(v);
-
-    on_selected_cpus(cpumask_of_cpu(cpu), __vmx_clear_vmcs, v, 1, 1);
+    if ( cpu != -1 )
+        on_selected_cpus(cpumask_of_cpu(cpu), __vmx_clear_vmcs, v, 1, 1);
 }
 
 static void vmx_load_vmcs(struct vcpu *v)
 {
+    unsigned long flags;
+
+    local_irq_save(flags);
+
+    if ( v->arch.hvm_vmx.active_cpu == -1 )
+    {
+        list_add(&v->arch.hvm_vmx.active_list, &this_cpu(active_vmcs_list));
+        v->arch.hvm_vmx.active_cpu = smp_processor_id();
+    }
+
+    ASSERT(v->arch.hvm_vmx.active_cpu == smp_processor_id());
+
     __vmptrld(virt_to_maddr(v->arch.hvm_vmx.vmcs));
-    v->arch.hvm_vmx.active_cpu = smp_processor_id();
     this_cpu(current_vmcs) = v->arch.hvm_vmx.vmcs;
+
+    local_irq_restore(flags);
+}
+
+void vmx_suspend_cpu(void)
+{
+    struct list_head *active_vmcs_list = &this_cpu(active_vmcs_list);
+    unsigned long flags;
+
+    local_irq_save(flags);
+
+    while ( !list_empty(active_vmcs_list) )
+        __vmx_clear_vmcs(list_entry(active_vmcs_list->next,
+                                    struct vcpu, arch.hvm_vmx.active_list));
+
+    if ( read_cr4() & X86_CR4_VMXE )
+    {
+        __vmxoff();
+        clear_in_cr4(X86_CR4_VMXE);
+    }
+
+    local_irq_restore(flags);
+}
+
+void vmx_resume_cpu(void)
+{
+    if ( !read_cr4() & X86_CR4_VMXE )
+    {
+        set_in_cr4(X86_CR4_VMXE);
+        if ( __vmxon(virt_to_maddr(this_cpu(host_vmcs))) )
+            BUG();
+    }
 }
 
 void vmx_vmcs_enter(struct vcpu *v)
@@ -239,63 +296,40 @@ void vmx_vmcs_exit(struct vcpu *v)
 
 struct vmcs_struct *vmx_alloc_host_vmcs(void)
 {
-    return vmx_alloc_vmcs();
+    ASSERT(this_cpu(host_vmcs) == NULL);
+    this_cpu(host_vmcs) = vmx_alloc_vmcs();
+    INIT_LIST_HEAD(&this_cpu(active_vmcs_list));
+    return this_cpu(host_vmcs);
 }
 
 void vmx_free_host_vmcs(struct vmcs_struct *vmcs)
 {
+    ASSERT(vmcs == this_cpu(host_vmcs));
     vmx_free_vmcs(vmcs);
-}
-
-#define GUEST_SEGMENT_LIMIT     0xffffffff
-
-struct host_execution_env {
-    /* selectors */
-    unsigned short ldtr_selector;
-    unsigned short tr_selector;
-    unsigned short ds_selector;
-    unsigned short cs_selector;
-    /* limits */
-    unsigned short gdtr_limit;
-    unsigned short ldtr_limit;
-    unsigned short idtr_limit;
-    unsigned short tr_limit;
-    /* base */
-    unsigned long gdtr_base;
-    unsigned long ldtr_base;
-    unsigned long idtr_base;
-    unsigned long tr_base;
-    unsigned long ds_base;
-    unsigned long cs_base;
-#ifdef __x86_64__
-    unsigned long fs_base;
-    unsigned long gs_base;
-#endif
+    this_cpu(host_vmcs) = NULL;
+}
+
+struct xgt_desc {
+    unsigned short size;
+    unsigned long address __attribute__((packed));
 };
 
 static void vmx_set_host_env(struct vcpu *v)
 {
     unsigned int tr, cpu;
-    struct host_execution_env host_env;
-    struct Xgt_desc_struct desc;
+    struct xgt_desc desc;
 
     cpu = smp_processor_id();
-    __asm__ __volatile__ ("sidt  (%0) \n" :: "a"(&desc) : "memory");
-    host_env.idtr_limit = desc.size;
-    host_env.idtr_base = desc.address;
-    __vmwrite(HOST_IDTR_BASE, host_env.idtr_base);
-
-    __asm__ __volatile__ ("sgdt  (%0) \n" :: "a"(&desc) : "memory");
-    host_env.gdtr_limit = desc.size;
-    host_env.gdtr_base = desc.address;
-    __vmwrite(HOST_GDTR_BASE, host_env.gdtr_base);
-
-    __asm__ __volatile__ ("str  (%0) \n" :: "a"(&tr) : "memory");
-    host_env.tr_selector = tr;
-    host_env.tr_limit = sizeof(struct tss_struct);
-    host_env.tr_base = (unsigned long) &init_tss[cpu];
-    __vmwrite(HOST_TR_SELECTOR, host_env.tr_selector);
-    __vmwrite(HOST_TR_BASE, host_env.tr_base);
+
+    __asm__ __volatile__ ( "sidt (%0) \n" : : "a" (&desc) : "memory" );
+    __vmwrite(HOST_IDTR_BASE, desc.address);
+
+    __asm__ __volatile__ ( "sgdt (%0) \n" : : "a" (&desc) : "memory" );
+    __vmwrite(HOST_GDTR_BASE, desc.address);
+
+    __asm__ __volatile__ ( "str (%0) \n" : : "a" (&tr) : "memory" );
+    __vmwrite(HOST_TR_SELECTOR, tr);
+    __vmwrite(HOST_TR_BASE, (unsigned long)&init_tss[cpu]);
 
     /*
      * Skip end of cpu_user_regs when entering the hypervisor because the
@@ -305,6 +339,8 @@ static void vmx_set_host_env(struct vcpu
     __vmwrite(HOST_RSP,
               (unsigned long)&get_cpu_info()->guest_cpu_user_regs.error_code);
 }
+
+#define GUEST_SEGMENT_LIMIT     0xffffffff
 
 static void construct_vmcs(struct vcpu *v)
 {
@@ -448,11 +484,8 @@ static void construct_vmcs(struct vcpu *
 
     if ( cpu_has_vmx_tpr_shadow )
     {
-        paddr_t virt_page_ma = page_to_maddr(vcpu_vlapic(v)->regs_page);
-        __vmwrite(VIRTUAL_APIC_PAGE_ADDR, virt_page_ma);
-#if defined (CONFIG_X86_PAE)
-        __vmwrite(VIRTUAL_APIC_PAGE_ADDR_HIGH, virt_page_ma >> 32);
-#endif
+        __vmwrite(VIRTUAL_APIC_PAGE_ADDR,
+                  page_to_maddr(vcpu_vlapic(v)->regs_page));
         __vmwrite(TPR_THRESHOLD, 0);
     }
 
@@ -472,12 +505,17 @@ static void construct_vmcs(struct vcpu *
 
 int vmx_create_vmcs(struct vcpu *v)
 {
-    if ( v->arch.hvm_vmx.vmcs == NULL )
-    {
-        if ( (v->arch.hvm_vmx.vmcs = vmx_alloc_vmcs()) == NULL )
+    struct arch_vmx_struct *arch_vmx = &v->arch.hvm_vmx;
+
+    if ( arch_vmx->vmcs == NULL )
+    {
+        if ( (arch_vmx->vmcs = vmx_alloc_vmcs()) == NULL )
             return -ENOMEM;
 
-        __vmx_clear_vmcs(v);
+        INIT_LIST_HEAD(&arch_vmx->active_list);
+        __vmpclear(virt_to_maddr(arch_vmx->vmcs));
+        arch_vmx->active_cpu = -1;
+        arch_vmx->launched   = 0;
     }
 
     construct_vmcs(v);
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/hvm/vmx/vmx.c
--- a/xen/arch/x86/hvm/vmx/vmx.c        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/hvm/vmx/vmx.c        Thu Jul 12 09:53:58 2007 +0100
@@ -907,15 +907,6 @@ static void vmx_ctxt_switch_to(struct vc
     vmx_restore_dr(v);
 }
 
-static void stop_vmx(void)
-{
-    if ( !(read_cr4() & X86_CR4_VMXE) )
-        return;
-
-    __vmxoff();
-    clear_in_cr4(X86_CR4_VMXE);
-}
-
 static void vmx_store_cpu_guest_regs(
     struct vcpu *v, struct cpu_user_regs *regs, unsigned long *crs)
 {
@@ -1244,7 +1235,6 @@ static void disable_intercept_for_msr(u3
 
 static struct hvm_function_table vmx_function_table = {
     .name                 = "VMX",
-    .disable              = stop_vmx,
     .domain_initialise    = vmx_domain_initialise,
     .domain_destroy       = vmx_domain_destroy,
     .vcpu_initialise      = vmx_vcpu_initialise,
@@ -1271,7 +1261,9 @@ static struct hvm_function_table vmx_fun
     .inject_exception     = vmx_inject_exception,
     .init_ap_context      = vmx_init_ap_context,
     .init_hypercall_page  = vmx_init_hypercall_page,
-    .event_injection_faulted = vmx_event_injection_faulted
+    .event_injection_faulted = vmx_event_injection_faulted,
+    .suspend_cpu          = vmx_suspend_cpu,
+    .resume_cpu           = vmx_resume_cpu,
 };
 
 int start_vmx(void)
@@ -2718,7 +2710,7 @@ static void vmx_free_vlapic_mapping(stru
 
 static void vmx_install_vlapic_mapping(struct vcpu *v)
 {
-    paddr_t virt_page_ma, apic_page_ma;
+    unsigned long virt_page_ma, apic_page_ma;
 
     if ( !cpu_has_vmx_virtualize_apic_accesses )
         return;
@@ -2730,10 +2722,6 @@ static void vmx_install_vlapic_mapping(s
     vmx_vmcs_enter(v);
     __vmwrite(VIRTUAL_APIC_PAGE_ADDR, virt_page_ma);
     __vmwrite(APIC_ACCESS_ADDR, apic_page_ma);
-#if defined (CONFIG_X86_PAE)
-    __vmwrite(VIRTUAL_APIC_PAGE_ADDR_HIGH, virt_page_ma >> 32);
-    __vmwrite(APIC_ACCESS_ADDR_HIGH, apic_page_ma >> 32);
-#endif
     vmx_vmcs_exit(v);
 }
 
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/i8259.c
--- a/xen/arch/x86/i8259.c      Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/i8259.c      Thu Jul 12 09:53:58 2007 +0100
@@ -336,7 +336,7 @@ int i8259A_suspend(void)
     return 0;
 }
 
-void __init init_8259A(int auto_eoi)
+void __devinit init_8259A(int auto_eoi)
 {
     unsigned long flags;
 
@@ -396,6 +396,7 @@ void __init init_IRQ(void)
         irq_desc[i].action  = NULL;
         irq_desc[i].depth   = 1;
         spin_lock_init(&irq_desc[i].lock);
+        cpus_setall(irq_desc[i].affinity);
         set_intr_gate(i, interrupt[i]);
     }
 
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/io_apic.c
--- a/xen/arch/x86/io_apic.c    Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/io_apic.c    Thu Jul 12 09:53:58 2007 +0100
@@ -34,9 +34,6 @@
 #include <asm/desc.h>
 #include <mach_apic.h>
 #include <io_ports.h>
-
-#define set_irq_info(irq, mask) ((void)0)
-#define set_native_irq_info(irq, mask) ((void)0)
 
 /* Different to Linux: our implementation can be simpler. */
 #define make_8259A_irq(irq) (io_apic_irqs &= ~(1<<(irq)))
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/irq.c
--- a/xen/arch/x86/irq.c        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/irq.c        Thu Jul 12 09:53:58 2007 +0100
@@ -654,3 +654,36 @@ static int __init setup_dump_irqs(void)
     return 0;
 }
 __initcall(setup_dump_irqs);
+
+#ifdef CONFIG_HOTPLUG_CPU
+#include <asm/mach-generic/mach_apic.h>
+#include <xen/delay.h>
+
+void fixup_irqs(cpumask_t map)
+{
+    unsigned int irq;
+    static int warned;
+
+    for ( irq = 0; irq < NR_IRQS; irq++ )
+    {
+        cpumask_t mask;
+        if ( irq == 2 )
+            continue;
+
+        cpus_and(mask, irq_desc[irq].affinity, map);
+        if ( any_online_cpu(mask) == NR_CPUS )
+        {
+            printk("Breaking affinity for irq %i\n", irq);
+            mask = map;
+        }
+        if ( irq_desc[irq].handler->set_affinity )
+            irq_desc[irq].handler->set_affinity(irq, mask);
+        else if ( irq_desc[irq].action && !(warned++) )
+            printk("Cannot set affinity for irq %i\n", irq);
+    }
+
+    local_irq_enable();
+    mdelay(1);
+    local_irq_disable();
+}
+#endif
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/nmi.c
--- a/xen/arch/x86/nmi.c        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/nmi.c        Thu Jul 12 09:53:58 2007 +0100
@@ -202,7 +202,7 @@ void release_lapic_nmi(void)
         enable_lapic_nmi_watchdog();
 }
 
-#define __pminit __init
+#define __pminit __devinit
 
 /*
  * Activate the NMI watchdog via the local APIC.
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/oprofile/nmi_int.c
--- a/xen/arch/x86/oprofile/nmi_int.c   Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/oprofile/nmi_int.c   Thu Jul 12 09:53:58 2007 +0100
@@ -27,20 +27,15 @@
 #include "op_counter.h"
 #include "op_x86_model.h"
  
+struct op_counter_config counter_config[OP_MAX_COUNTER];
+
 static struct op_x86_model_spec const * model;
 static struct op_msrs cpu_msrs[NR_CPUS];
 static unsigned long saved_lvtpc[NR_CPUS];
 
-#define VIRQ_BITMASK_SIZE (MAX_OPROF_DOMAINS/32 + 1)
-extern int active_domains[MAX_OPROF_DOMAINS];
-extern unsigned int adomains;
-extern struct domain *adomain_ptrs[MAX_OPROF_DOMAINS];
-extern unsigned long virq_ovf_pending[VIRQ_BITMASK_SIZE];
+static char *cpu_type;
+
 extern int is_active(struct domain *d);
-extern int active_id(struct domain *d);
-extern int is_profiled(struct domain *d);
-
-
 
 static int nmi_callback(struct cpu_user_regs *regs, int cpu)
 {
@@ -262,9 +257,7 @@ void nmi_stop(void)
 }
 
 
-struct op_counter_config counter_config[OP_MAX_COUNTER];
-
-static int __init p4_init(char * cpu_type)
+static int __init p4_init(char ** cpu_type)
 { 
        __u8 cpu_model = current_cpu_data.x86_model;
 
@@ -276,20 +269,18 @@ static int __init p4_init(char * cpu_typ
        }
 
 #ifndef CONFIG_SMP
-       strlcpy (cpu_type, "i386/p4", XENOPROF_CPU_TYPE_SIZE);
+       *cpu_type = "i386/p4", XENOPROF_CPU_TYPE_SIZE);
        model = &op_p4_spec;
        return 1;
 #else
        switch (smp_num_siblings) {
                case 1:
-                       strlcpy (cpu_type, "i386/p4", 
-                                XENOPROF_CPU_TYPE_SIZE);
+                       *cpu_type = "i386/p4";
                        model = &op_p4_spec;
                        return 1;
 
                case 2:
-                       strlcpy (cpu_type, "i386/p4-ht", 
-                                XENOPROF_CPU_TYPE_SIZE);
+                       *cpu_type = "i386/p4-ht";
                        model = &op_p4_ht2_spec;
                        return 1;
        }
@@ -300,7 +291,7 @@ static int __init p4_init(char * cpu_typ
 }
 
 
-static int __init ppro_init(char *cpu_type)
+static int __init ppro_init(char ** cpu_type)
 {
        __u8 cpu_model = current_cpu_data.x86_model;
 
@@ -311,41 +302,32 @@ static int __init ppro_init(char *cpu_ty
                return 0;
        }
        else if (cpu_model == 15)
-               strlcpy (cpu_type, "i386/core_2", XENOPROF_CPU_TYPE_SIZE);
+               *cpu_type = "i386/core_2";
        else if (cpu_model == 14)
-               strlcpy (cpu_type, "i386/core", XENOPROF_CPU_TYPE_SIZE);
+               *cpu_type = "i386/core";
        else if (cpu_model == 9)
-               strlcpy (cpu_type, "i386/p6_mobile", XENOPROF_CPU_TYPE_SIZE);
+               *cpu_type = "i386/p6_mobile";
        else if (cpu_model > 5)
-               strlcpy (cpu_type, "i386/piii", XENOPROF_CPU_TYPE_SIZE);
+               *cpu_type = "i386/piii";
        else if (cpu_model > 2)
-               strlcpy (cpu_type, "i386/pii", XENOPROF_CPU_TYPE_SIZE);
+               *cpu_type = "i386/pii";
        else
-               strlcpy (cpu_type, "i386/ppro", XENOPROF_CPU_TYPE_SIZE);
+               *cpu_type = "i386/ppro";
 
        model = &op_ppro_spec;
        return 1;
 }
 
-int nmi_init(int *num_events, int *is_primary, char *cpu_type)
+static int __init nmi_init(void)
 {
        __u8 vendor = current_cpu_data.x86_vendor;
        __u8 family = current_cpu_data.x86;
-       int prim = 0;
  
        if (!cpu_has_apic) {
-               printk("xenoprof: Initialization failed. No apic.\n");
+               printk("xenoprof: Initialization failed. No APIC\n");
                return -ENODEV;
        }
 
-       if (xenoprof_primary_profiler == NULL) {
-               /* For now, only dom0 can be the primary profiler */
-               if (current->domain->domain_id == 0) {
-                       xenoprof_primary_profiler = current->domain;
-                       prim = 1;
-               }
-       }
- 
        switch (vendor) {
                case X86_VENDOR_AMD:
                        /* Needs to be at least an Athlon (or hammer in 32bit 
mode) */
@@ -358,15 +340,13 @@ int nmi_init(int *num_events, int *is_pr
                                return -ENODEV;
                        case 6:
                                model = &op_athlon_spec;
-                               strlcpy (cpu_type, "i386/athlon", 
-                                        XENOPROF_CPU_TYPE_SIZE);
+                               cpu_type = "i386/athlon";
                                break;
                        case 0xf:
                                model = &op_athlon_spec;
-                               /* Actually it could be i386/hammer too, but 
give
-                                  user space an consistent name. */
-                               strlcpy (cpu_type, "x86-64/hammer", 
-                                        XENOPROF_CPU_TYPE_SIZE);
+                               /* Actually it could be i386/hammer too, but
+                                  give user space an consistent name. */
+                               cpu_type = "x86-64/hammer";
                                break;
                        }
                        break;
@@ -375,13 +355,13 @@ int nmi_init(int *num_events, int *is_pr
                        switch (family) {
                                /* Pentium IV */
                                case 0xf:
-                                       if (!p4_init(cpu_type))
+                                       if (!p4_init(&cpu_type))
                                                return -ENODEV;
                                        break;
 
                                /* A P6-class processor */
                                case 6:
-                                       if (!ppro_init(cpu_type))
+                                       if (!ppro_init(&cpu_type))
                                                return -ENODEV;
                                        break;
 
@@ -400,9 +380,16 @@ int nmi_init(int *num_events, int *is_pr
                        return -ENODEV;
        }
 
+       return 0;
+}
+
+__initcall(nmi_init);
+
+int xenoprof_arch_init(int *num_events, char *_cpu_type)
+{
+       if (cpu_type == NULL)
+               return -ENODEV;
        *num_events = model->num_counters;
-       *is_primary = prim;
-
-       return 0;
-}
-
+       strlcpy(_cpu_type, cpu_type, XENOPROF_CPU_TYPE_SIZE);
+       return 0;
+}
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/platform_hypercall.c
--- a/xen/arch/x86/platform_hypercall.c Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/platform_hypercall.c Thu Jul 12 09:53:58 2007 +0100
@@ -18,6 +18,7 @@
 #include <xen/console.h>
 #include <xen/iocap.h>
 #include <xen/guest_access.h>
+#include <xen/acpi.h>
 #include <asm/current.h>
 #include <public/platform.h>
 #include <asm/edd.h>
@@ -247,6 +248,22 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe
         }
         break;
 
+#if 0
+    case XENPF_set_acpi_sleep:
+    {
+        ret = set_acpi_sleep_info(&op->u.set_acpi_sleep);
+        if (!ret && copy_to_guest(u_xenpf_op, op, 1))
+            ret = -EFAULT;
+    }
+    break;
+
+    case XENPF_enter_acpi_sleep:
+    {
+        ret = acpi_enter_sleep(&op->u.enter_acpi_sleep);
+    }
+    break;
+#endif
+
     default:
         ret = -ENOSYS;
         break;
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/smpboot.c
--- a/xen/arch/x86/smpboot.c    Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/smpboot.c    Thu Jul 12 09:53:58 2007 +0100
@@ -110,6 +110,11 @@ EXPORT_SYMBOL(x86_cpu_to_apicid);
 EXPORT_SYMBOL(x86_cpu_to_apicid);
 
 static void map_cpu_to_logical_apicid(void);
+/* State of each CPU. */
+DEFINE_PER_CPU(int, cpu_state) = { 0 };
+
+static void *stack_base[NR_CPUS] __cacheline_aligned;
+spinlock_t cpu_add_remove_lock;
 
 /*
  * The bootstrap kernel entry code has set these up. Save them for
@@ -396,9 +401,11 @@ void __devinit smp_callin(void)
        /*
         *      Synchronize the TSC with the BP
         */
-       if (cpu_has_tsc && cpu_khz && !tsc_sync_disabled)
+       if (cpu_has_tsc && cpu_khz && !tsc_sync_disabled) {
                synchronize_tsc_ap();
-       calibrate_tsc_ap();
+               /* No sync for same reason as above */
+               calibrate_tsc_ap();
+       }
 }
 
 static int cpucount, booting_cpu;
@@ -464,8 +471,12 @@ static void construct_percpu_idt(unsigne
 {
        unsigned char idt_load[10];
 
-       idt_tables[cpu] = xmalloc_array(idt_entry_t, IDT_ENTRIES);
-       memcpy(idt_tables[cpu], idt_table, IDT_ENTRIES*sizeof(idt_entry_t));
+       /* If IDT table exists since last hotplug, reuse it */
+       if (!idt_tables[cpu]) {
+               idt_tables[cpu] = xmalloc_array(idt_entry_t, IDT_ENTRIES);
+               memcpy(idt_tables[cpu], idt_table,
+                               IDT_ENTRIES*sizeof(idt_entry_t));
+       }
 
        *(unsigned short *)(&idt_load[0]) = (IDT_ENTRIES*sizeof(idt_entry_t))-1;
        *(unsigned long  *)(&idt_load[2]) = (unsigned long)idt_tables[cpu];
@@ -488,7 +499,7 @@ void __devinit start_secondary(void *unu
 
        set_processor_id(cpu);
        set_current(idle_vcpu[cpu]);
-        this_cpu(curr_vcpu) = idle_vcpu[cpu];
+       this_cpu(curr_vcpu) = idle_vcpu[cpu];
 
        percpu_traps_init();
 
@@ -516,23 +527,13 @@ void __devinit start_secondary(void *unu
        set_cpu_sibling_map(raw_smp_processor_id());
        wmb();
 
-       /*
-        * We need to hold call_lock, so there is no inconsistency
-        * between the time smp_call_function() determines number of
-        * IPI receipients, and the time when the determination is made
-        * for which cpus receive the IPI. Holding this
-        * lock helps us to not include this cpu in a currently in progress
-        * smp_call_function().
-        */
-       /*lock_ipi_call_lock();*/
        cpu_set(smp_processor_id(), cpu_online_map);
-       /*unlock_ipi_call_lock();*/
-       /*per_cpu(cpu_state, smp_processor_id()) = CPU_ONLINE;*/
+       per_cpu(cpu_state, smp_processor_id()) = CPU_ONLINE;
+
+       init_percpu_time();
 
        /* We can take interrupts now: we're officially "up". */
        local_irq_enable();
-
-        init_percpu_time();
 
        wmb();
        startup_cpu_idle_loop();
@@ -794,6 +795,22 @@ static inline int alloc_cpu_id(void)
        return cpu;
 }
 
+static struct vcpu *prepare_idle_vcpu(unsigned int cpu)
+{
+       if (idle_vcpu[cpu])
+               return idle_vcpu[cpu];
+
+       return alloc_idle_vcpu(cpu);
+}
+
+static void *prepare_idle_stack(unsigned int cpu)
+{
+       if (!stack_base[cpu])
+               stack_base[cpu] = alloc_xenheap_pages(STACK_ORDER);
+
+       return stack_base[cpu];
+}
+
 static int __devinit do_boot_cpu(int apicid, int cpu)
 /*
  * NOTE - on most systems this is a PHYSICAL apic ID, but on multiquad
@@ -811,7 +828,7 @@ static int __devinit do_boot_cpu(int api
 
        booting_cpu = cpu;
 
-       v = alloc_idle_vcpu(cpu);
+       v = prepare_idle_vcpu(cpu);
        BUG_ON(v == NULL);
 
        /* start_eip had better be page-aligned! */
@@ -820,7 +837,7 @@ static int __devinit do_boot_cpu(int api
        /* So we see what's up   */
        printk("Booting processor %d/%d eip %lx\n", cpu, apicid, start_eip);
 
-       stack_start.esp = alloc_xenheap_pages(STACK_ORDER);
+       stack_start.esp = prepare_idle_stack(cpu);
 
        /* Debug build: detect stack overflow by setting up a guard page. */
        memguard_guard_stack(stack_start.esp);
@@ -897,6 +914,51 @@ static int __devinit do_boot_cpu(int api
        return boot_error;
 }
 
+#ifdef CONFIG_HOTPLUG_CPU
+static void idle_task_exit(void)
+{
+       /* Give up lazy state borrowed by this idle vcpu */
+       __sync_lazy_execstate();
+}
+
+void cpu_exit_clear(void)
+{
+       int cpu = raw_smp_processor_id();
+
+       idle_task_exit();
+
+       cpucount --;
+       cpu_uninit();
+
+       cpu_clear(cpu, cpu_callout_map);
+       cpu_clear(cpu, cpu_callin_map);
+
+       cpu_clear(cpu, smp_commenced_mask);
+       unmap_cpu_to_logical_apicid(cpu);
+}
+
+static int __cpuinit __smp_prepare_cpu(int cpu)
+{
+       int     apicid, ret;
+
+       apicid = x86_cpu_to_apicid[cpu];
+       if (apicid == BAD_APICID) {
+               ret = -ENODEV;
+               goto exit;
+       }
+
+       tsc_sync_disabled = 1;
+
+       do_boot_cpu(apicid, cpu);
+
+       tsc_sync_disabled = 0;
+
+       ret = 0;
+exit:
+       return ret;
+}
+#endif
+
 /*
  * Cycle through the processors sending APIC IPIs to boot each.
  */
@@ -923,6 +985,8 @@ static void __init smp_boot_cpus(unsigne
 
        boot_cpu_physical_apicid = GET_APIC_ID(apic_read(APIC_ID));
        x86_cpu_to_apicid[0] = boot_cpu_physical_apicid;
+
+       stack_base[0] = stack_start.esp;
 
        /*current_thread_info()->cpu = 0;*/
        /*smp_tune_scheduling();*/
@@ -1094,11 +1158,238 @@ void __devinit smp_prepare_boot_cpu(void
        cpu_set(smp_processor_id(), cpu_callout_map);
        cpu_set(smp_processor_id(), cpu_present_map);
        cpu_set(smp_processor_id(), cpu_possible_map);
-       /*per_cpu(cpu_state, smp_processor_id()) = CPU_ONLINE;*/
-}
+       per_cpu(cpu_state, smp_processor_id()) = CPU_ONLINE;
+       spin_lock_init(&cpu_add_remove_lock);
+}
+
+#ifdef CONFIG_HOTPLUG_CPU
+static void
+remove_siblinginfo(int cpu)
+{
+       int sibling;
+       struct cpuinfo_x86 *c = cpu_data;
+
+       for_each_cpu_mask(sibling, cpu_core_map[cpu]) {
+               cpu_clear(cpu, cpu_core_map[sibling]);
+               /*
+                * last thread sibling in this cpu core going down
+                */
+               if (cpus_weight(cpu_sibling_map[cpu]) == 1)
+                       c[sibling].booted_cores--;
+       }
+                       
+       for_each_cpu_mask(sibling, cpu_sibling_map[cpu])
+               cpu_clear(cpu, cpu_sibling_map[sibling]);
+       cpus_clear(cpu_sibling_map[cpu]);
+       cpus_clear(cpu_core_map[cpu]);
+       phys_proc_id[cpu] = BAD_APICID;
+       cpu_core_id[cpu] = BAD_APICID;
+       cpu_clear(cpu, cpu_sibling_setup_map);
+}
+
+extern void fixup_irqs(cpumask_t map);
+int __cpu_disable(void)
+{
+       cpumask_t map = cpu_online_map;
+       int cpu = smp_processor_id();
+
+       /*
+        * Perhaps use cpufreq to drop frequency, but that could go
+        * into generic code.
+        *
+        * We won't take down the boot processor on i386 due to some
+        * interrupts only being able to be serviced by the BSP.
+        * Especially so if we're not using an IOAPIC   -zwane
+        */
+       if (cpu == 0)
+               return -EBUSY;
+
+       local_irq_disable();
+       clear_local_APIC();
+       /* Allow any queued timer interrupts to get serviced */
+       local_irq_enable();
+       mdelay(1);
+       local_irq_disable();
+
+       time_suspend();
+
+       remove_siblinginfo(cpu);
+
+       cpu_clear(cpu, map);
+       fixup_irqs(map);
+       /* It's now safe to remove this processor from the online map */
+       cpu_clear(cpu, cpu_online_map);
+       return 0;
+}
+
+void __cpu_die(unsigned int cpu)
+{
+       /* We don't do anything here: idle task is faking death itself. */
+       unsigned int i;
+
+       for (i = 0; i < 10; i++) {
+               /* They ack this in play_dead by setting CPU_DEAD */
+               if (per_cpu(cpu_state, cpu) == CPU_DEAD) {
+                       printk ("CPU %d is now offline\n", cpu);
+                       return;
+               }
+               mdelay(100);
+               mb();
+               process_pending_timers();
+       }
+       printk(KERN_ERR "CPU %u didn't die...\n", cpu);
+}
+
+/* 
+ * XXX: One important thing missed here is to migrate vcpus
+ * from dead cpu to other online ones and then put whole
+ * system into a stop state. It assures a safe environment
+ * for a cpu hotplug/remove at normal running state.
+ *
+ * However for xen PM case, at this point:
+ *     -> All other domains should be notified with PM event,
+ *        and then in following states:
+ *             * Suspend state, or
+ *             * Paused state, which is a force step to all
+ *               domains if they do nothing to suspend
+ *     -> All vcpus of dom0 (except vcpu0) have already beem
+ *        hot removed
+ * with the net effect that all other cpus only have idle vcpu
+ * running. In this special case, we can avoid vcpu migration
+ * then and system can be considered in a stop state.
+ *
+ * So current cpu hotplug is a special version for PM specific
+ * usage, and need more effort later for full cpu hotplug.
+ * (ktian1)
+ */
+int cpu_down(unsigned int cpu)
+{
+       int err = 0;
+       cpumask_t mask;
+
+       spin_lock(&cpu_add_remove_lock);
+       if (num_online_cpus() == 1) {
+               err = -EBUSY;
+               goto out;
+       }
+
+       if (!cpu_online(cpu)) {
+               err = -EINVAL;
+               goto out;
+       }
+
+       printk("Prepare to bring CPU%d down...\n", cpu);
+       /* Send notification to remote idle vcpu */
+       cpus_clear(mask);
+       cpu_set(cpu, mask);
+       per_cpu(cpu_state, cpu) = CPU_DYING;
+       smp_send_event_check_mask(mask);
+
+       __cpu_die(cpu);
+
+       if (cpu_online(cpu)) {
+               printk("Bad state (DEAD, but in online map) on CPU%d\n", cpu);
+               err = -EBUSY;
+       }
+out:
+       spin_unlock(&cpu_add_remove_lock);
+       return err;
+}
+
+int cpu_up(unsigned int cpu)
+{
+       int err = 0;
+
+       spin_lock(&cpu_add_remove_lock);
+       if (cpu_online(cpu)) {
+               printk("Bring up a online cpu. Bogus!\n");
+               err = -EBUSY;
+               goto out;
+       }
+
+       err = __cpu_up(cpu);
+       if (err < 0)
+               goto out;
+
+out:
+       spin_unlock(&cpu_add_remove_lock);
+       return err;
+}
+
+/* From kernel/power/main.c */
+/* This is protected by pm_sem semaphore */
+static cpumask_t frozen_cpus;
+
+void disable_nonboot_cpus(void)
+{
+       int cpu, error;
+
+       error = 0;
+       cpus_clear(frozen_cpus);
+       printk("Freezing cpus ...\n");
+       for_each_online_cpu(cpu) {
+               if (cpu == 0)
+                       continue;
+               error = cpu_down(cpu);
+               if (!error) {
+                       cpu_set(cpu, frozen_cpus);
+                       printk("CPU%d is down\n", cpu);
+                       continue;
+               }
+               printk("Error taking cpu %d down: %d\n", cpu, error);
+       }
+       BUG_ON(raw_smp_processor_id() != 0);
+       if (error)
+               panic("cpus not sleeping");
+}
+
+void enable_nonboot_cpus(void)
+{
+       int cpu, error;
+
+       printk("Thawing cpus ...\n");
+       for_each_cpu_mask(cpu, frozen_cpus) {
+               error = cpu_up(cpu);
+               if (!error) {
+                       printk("CPU%d is up\n", cpu);
+                       continue;
+               }
+               printk("Error taking cpu %d up: %d\n", cpu, error);
+               panic("Not enough cpus");
+       }
+       cpus_clear(frozen_cpus);
+}
+#else /* ... !CONFIG_HOTPLUG_CPU */
+int __cpu_disable(void)
+{
+       return -ENOSYS;
+}
+
+void __cpu_die(unsigned int cpu)
+{
+       /* We said "no" in __cpu_disable */
+       BUG();
+}
+#endif /* CONFIG_HOTPLUG_CPU */
 
 int __devinit __cpu_up(unsigned int cpu)
 {
+#ifdef CONFIG_HOTPLUG_CPU
+       int ret=0;
+
+       /*
+        * We do warm boot only on cpus that had booted earlier
+        * Otherwise cold boot is all handled from smp_boot_cpus().
+        * cpu_callin_map is set during AP kickstart process. Its reset
+        * when a cpu is taken offline from cpu_exit_clear().
+        */
+       if (!cpu_isset(cpu, cpu_callin_map))
+               ret = __smp_prepare_cpu(cpu);
+
+       if (ret)
+               return -EIO;
+#endif
+
        /* In case one didn't come up */
        if (!cpu_isset(cpu, cpu_callin_map)) {
                printk(KERN_DEBUG "skipping cpu%d, didn't come online\n", cpu);
@@ -1117,6 +1408,7 @@ int __devinit __cpu_up(unsigned int cpu)
        return 0;
 }
 
+
 void __init smp_cpus_done(unsigned int max_cpus)
 {
 #ifdef CONFIG_X86_IO_APIC
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/x86_32/traps.c
--- a/xen/arch/x86/x86_32/traps.c       Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/x86_32/traps.c       Thu Jul 12 09:53:58 2007 +0100
@@ -232,7 +232,7 @@ unsigned long do_iret(void)
     return 0;
 }
 
-void __init percpu_traps_init(void)
+void __devinit percpu_traps_init(void)
 {
     struct tss_struct *tss = &doublefault_tss;
     asmlinkage int hypercall(void);
diff -r f536eb8576ee -r d0477293897c xen/arch/x86/x86_64/traps.c
--- a/xen/arch/x86/x86_64/traps.c       Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/arch/x86/x86_64/traps.c       Thu Jul 12 09:53:58 2007 +0100
@@ -285,7 +285,7 @@ static int write_stack_trampoline(
     return 34;
 }
 
-void __init percpu_traps_init(void)
+void __devinit percpu_traps_init(void)
 {
     char *stack_bottom, *stack;
     int   cpu = smp_processor_id();
diff -r f536eb8576ee -r d0477293897c xen/common/page_alloc.c
--- a/xen/common/page_alloc.c   Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/common/page_alloc.c   Thu Jul 12 09:53:58 2007 +0100
@@ -936,6 +936,21 @@ void free_domheap_pages(struct page_info
         put_domain(d);
 }
 
+unsigned long avail_domheap_pages_region(
+    unsigned int node, unsigned int min_width, unsigned int max_width)
+{
+    int zone_lo, zone_hi;
+
+    zone_lo = min_width ? (min_width - (PAGE_SHIFT + 1)) : (MEMZONE_XEN + 1);
+    zone_lo = max_t(int, MEMZONE_XEN + 1, zone_lo);
+    zone_lo = min_t(int, NR_ZONES - 1, zone_lo);
+
+    zone_hi = max_width ? (max_width - (PAGE_SHIFT + 1)) : (NR_ZONES - 1);
+    zone_hi = max_t(int, MEMZONE_XEN + 1, zone_hi);
+    zone_hi = min_t(int, NR_ZONES - 1, zone_hi);
+
+    return avail_heap_pages(zone_lo, zone_hi, node);
+}
 
 unsigned long avail_domheap_pages(void)
 {
@@ -955,11 +970,6 @@ unsigned long avail_domheap_pages(void)
         avail_dma = 0;
 
     return avail_nrm + avail_dma;
-}
-
-unsigned long avail_nodeheap_pages(int node)
-{
-    return avail_heap_pages(0, NR_ZONES - 1, node);
 }
 
 static void pagealloc_keyhandler(unsigned char key)
diff -r f536eb8576ee -r d0477293897c xen/common/sysctl.c
--- a/xen/common/sysctl.c       Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/common/sysctl.c       Thu Jul 12 09:53:58 2007 +0100
@@ -21,6 +21,8 @@
 #include <xen/keyhandler.h>
 #include <asm/current.h>
 #include <public/sysctl.h>
+#include <asm/numa.h>
+#include <xen/nodemask.h>
 
 extern long arch_do_sysctl(
     struct xen_sysctl *op, XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl);
@@ -166,6 +168,18 @@ long do_sysctl(XEN_GUEST_HANDLE(xen_sysc
 
         if ( copy_to_guest(u_sysctl, op, 1) )
             ret = -EFAULT;
+    }
+    break;
+
+    case XEN_SYSCTL_availheap:
+    { 
+        op->u.availheap.avail_bytes = avail_domheap_pages_region(
+            op->u.availheap.node,
+            op->u.availheap.min_bitwidth,
+            op->u.availheap.max_bitwidth);
+        op->u.availheap.avail_bytes <<= PAGE_SHIFT;
+
+        ret = copy_to_guest(u_sysctl, op, 1) ? -EFAULT : 0;
     }
     break;
 
diff -r f536eb8576ee -r d0477293897c xen/common/xenoprof.c
--- a/xen/common/xenoprof.c     Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/common/xenoprof.c     Thu Jul 12 09:53:58 2007 +0100
@@ -21,26 +21,26 @@
 /* Lock protecting the following global state */
 static DEFINE_SPINLOCK(xenoprof_lock);
 
-struct domain *active_domains[MAX_OPROF_DOMAINS];
-int active_ready[MAX_OPROF_DOMAINS];
-unsigned int adomains;
-
-struct domain *passive_domains[MAX_OPROF_DOMAINS];
-unsigned int pdomains;
-
-unsigned int activated;
-struct domain *xenoprof_primary_profiler;
-int xenoprof_state = XENOPROF_IDLE;
+static struct domain *active_domains[MAX_OPROF_DOMAINS];
+static int active_ready[MAX_OPROF_DOMAINS];
+static unsigned int adomains;
+
+static struct domain *passive_domains[MAX_OPROF_DOMAINS];
+static unsigned int pdomains;
+
+static unsigned int activated;
+static struct domain *xenoprof_primary_profiler;
+static int xenoprof_state = XENOPROF_IDLE;
 static unsigned long backtrace_depth;
 
-u64 total_samples;
-u64 invalid_buffer_samples;
-u64 corrupted_buffer_samples;
-u64 lost_samples;
-u64 active_samples;
-u64 passive_samples;
-u64 idle_samples;
-u64 others_samples;
+static u64 total_samples;
+static u64 invalid_buffer_samples;
+static u64 corrupted_buffer_samples;
+static u64 lost_samples;
+static u64 active_samples;
+static u64 passive_samples;
+static u64 idle_samples;
+static u64 others_samples;
 
 int is_active(struct domain *d)
 {
@@ -48,13 +48,13 @@ int is_active(struct domain *d)
     return ((x != NULL) && (x->domain_type == XENOPROF_DOMAIN_ACTIVE));
 }
 
-int is_passive(struct domain *d)
+static int is_passive(struct domain *d)
 {
     struct xenoprof *x = d->xenoprof;
     return ((x != NULL) && (x->domain_type == XENOPROF_DOMAIN_PASSIVE));
 }
 
-int is_profiled(struct domain *d)
+static int is_profiled(struct domain *d)
 {
     return (is_active(d) || is_passive(d));
 }
@@ -543,24 +543,24 @@ void xenoprof_log_event(struct vcpu *vcp
 
 static int xenoprof_op_init(XEN_GUEST_HANDLE(void) arg)
 {
+    struct domain *d = current->domain;
     struct xenoprof_init xenoprof_init;
     int ret;
 
     if ( copy_from_guest(&xenoprof_init, arg, 1) )
         return -EFAULT;
 
-    if ( (ret = xenoprof_arch_init(&xenoprof_init.num_events, 
-                                   &xenoprof_init.is_primary, 
+    if ( (ret = xenoprof_arch_init(&xenoprof_init.num_events,
                                    xenoprof_init.cpu_type)) )
         return ret;
 
-    if ( copy_to_guest(arg, &xenoprof_init, 1) )
-        return -EFAULT;
-
+    xenoprof_init.is_primary = 
+        ((xenoprof_primary_profiler == d) ||
+         ((xenoprof_primary_profiler == NULL) && (d->domain_id == 0)));
     if ( xenoprof_init.is_primary )
         xenoprof_primary_profiler = current->domain;
 
-    return 0;
+    return (copy_to_guest(arg, &xenoprof_init, 1) ? -EFAULT : 0);
 }
 
 #endif /* !COMPAT */
diff -r f536eb8576ee -r d0477293897c xen/drivers/char/ns16550.c
--- a/xen/drivers/char/ns16550.c        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/drivers/char/ns16550.c        Thu Jul 12 09:53:58 2007 +0100
@@ -170,7 +170,7 @@ static int ns16550_getc(struct serial_po
     return 1;
 }
 
-static void __init ns16550_init_preirq(struct serial_port *port)
+static void __devinit ns16550_init_preirq(struct serial_port *port)
 {
     struct ns16550 *uart = port->uart;
     unsigned char lcr;
@@ -214,7 +214,7 @@ static void __init ns16550_init_preirq(s
         port->tx_fifo_size = 16;
 }
 
-static void __init ns16550_init_postirq(struct serial_port *port)
+static void __devinit ns16550_init_postirq(struct serial_port *port)
 {
     struct ns16550 *uart = port->uart;
     int rc, bits;
diff -r f536eb8576ee -r d0477293897c xen/drivers/char/serial.c
--- a/xen/drivers/char/serial.c Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/drivers/char/serial.c Thu Jul 12 09:53:58 2007 +0100
@@ -348,7 +348,7 @@ int serial_tx_space(int handle)
     return SERIAL_TXBUFSZ - (port->txbufp - port->txbufc);
 }
 
-void __init serial_init_preirq(void)
+void __devinit serial_init_preirq(void)
 {
     int i;
     for ( i = 0; i < ARRAY_SIZE(com); i++ )
@@ -356,7 +356,7 @@ void __init serial_init_preirq(void)
             com[i].driver->init_preirq(&com[i]);
 }
 
-void __init serial_init_postirq(void)
+void __devinit serial_init_postirq(void)
 {
     int i;
     for ( i = 0; i < ARRAY_SIZE(com); i++ )
diff -r f536eb8576ee -r d0477293897c xen/include/asm-ia64/xenoprof.h
--- a/xen/include/asm-ia64/xenoprof.h   Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-ia64/xenoprof.h   Thu Jul 12 09:53:58 2007 +0100
@@ -24,7 +24,7 @@
 #ifndef __ASM_XENOPROF_H__
 #define __ASM_XENOPROF_H__
 
-int xenoprof_arch_init(int *num_events, int *is_primary, char *cpu_type);
+int xenoprof_arch_init(int *num_events, char *cpu_type);
 int xenoprof_arch_reserve_counters(void);
 int xenoprof_arch_counter(XEN_GUEST_HANDLE(void) arg);
 int xenoprof_arch_setup_events(void);
diff -r f536eb8576ee -r d0477293897c xen/include/asm-x86/acpi.h
--- a/xen/include/asm-x86/acpi.h        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-x86/acpi.h        Thu Jul 12 09:53:58 2007 +0100
@@ -173,6 +173,14 @@ extern unsigned long acpi_wakeup_address
 /* early initialization routine */
 extern void acpi_reserve_bootmem(void);
 
+extern unsigned long acpi_video_flags;
+extern unsigned long saved_videomode;
+struct xenpf_set_acpi_sleep;
+struct xenpf_enter_acpi_sleep;
+extern int set_acpi_sleep_info(struct xenpf_set_acpi_sleep *info);
+extern int acpi_enter_sleep(struct xenpf_enter_acpi_sleep *sleep);
+extern int acpi_enter_state(u32 state);
+
 #endif /*CONFIG_ACPI_SLEEP*/
 
 extern u8 x86_acpiid_to_apicid[];
diff -r f536eb8576ee -r d0477293897c xen/include/asm-x86/config.h
--- a/xen/include/asm-x86/config.h      Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-x86/config.h      Thu Jul 12 09:53:58 2007 +0100
@@ -25,9 +25,7 @@
 #define CONFIG_X86_PM_TIMER 1
 #define CONFIG_HPET_TIMER 1
 #define CONFIG_X86_MCE_P4THERMAL 1
-#define CONFIG_ACPI_NUMA 1
 #define CONFIG_NUMA 1
-#define CONFIG_ACPI_SRAT 1
 #define CONFIG_DISCONTIGMEM 1
 #define CONFIG_NUMA_EMU 1
 
@@ -36,8 +34,14 @@
 
 #define CONFIG_ACPI 1
 #define CONFIG_ACPI_BOOT 1
+#define CONFIG_ACPI_SLEEP 1
+#define CONFIG_ACPI_NUMA 1
+#define CONFIG_ACPI_SRAT 1
 
 #define CONFIG_VGA 1
+
+#define CONFIG_HOTPLUG 1
+#define CONFIG_HOTPLUG_CPU 1
 
 #define HZ 100
 
@@ -100,6 +104,8 @@ extern char trampoline_realmode_entry[];
 extern char trampoline_realmode_entry[];
 extern unsigned int trampoline_xen_phys_start;
 extern unsigned char trampoline_cpu_started;
+extern char wakeup_start[];
+extern unsigned int video_mode, video_flags;
 #endif
 
 #if defined(__x86_64__)
diff -r f536eb8576ee -r d0477293897c xen/include/asm-x86/desc.h
--- a/xen/include/asm-x86/desc.h        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-x86/desc.h        Thu Jul 12 09:53:58 2007 +0100
@@ -203,11 +203,6 @@ extern struct desc_struct compat_gdt_tab
 # define compat_gdt_table gdt_table
 #endif
 
-struct Xgt_desc_struct {
-    unsigned short size;
-    unsigned long address __attribute__((packed));
-};
-
 extern void set_intr_gate(unsigned int irq, void * addr);
 extern void set_system_gate(unsigned int n, void *addr);
 extern void set_task_gate(unsigned int n, unsigned int sel);
diff -r f536eb8576ee -r d0477293897c xen/include/asm-x86/hvm/hvm.h
--- a/xen/include/asm-x86/hvm/hvm.h     Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-x86/hvm/hvm.h     Thu Jul 12 09:53:58 2007 +0100
@@ -72,11 +72,6 @@ struct hvm_function_table {
     char *name;
 
     /*
-     *  Disable HVM functionality
-     */
-    void (*disable)(void);
-
-    /*
      * Initialise/destroy HVM domain/vcpu resources
      */
     int  (*domain_initialise)(struct domain *d);
@@ -160,6 +155,9 @@ struct hvm_function_table {
     void (*init_hypercall_page)(struct domain *d, void *hypercall_page);
 
     int  (*event_injection_faulted)(struct vcpu *v);
+
+    void (*suspend_cpu)(void);
+    void (*resume_cpu)(void);
 };
 
 extern struct hvm_function_table hvm_funcs;
@@ -316,4 +314,16 @@ static inline int hvm_event_injection_fa
 /* These exceptions must always be intercepted. */
 #define HVM_TRAP_MASK (1U << TRAP_machine_check)
 
+static inline void hvm_suspend_cpu(void)
+{
+    if ( hvm_funcs.suspend_cpu )
+        hvm_funcs.suspend_cpu();
+}
+
+static inline void hvm_resume_cpu(void)
+{
+    if ( hvm_funcs.resume_cpu )
+        hvm_funcs.resume_cpu();
+}
+
 #endif /* __ASM_X86_HVM_HVM_H__ */
diff -r f536eb8576ee -r d0477293897c xen/include/asm-x86/hvm/vmx/vmcs.h
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h        Thu Jul 12 09:53:58 2007 +0100
@@ -28,6 +28,8 @@ extern void vmcs_dump_vcpu(void);
 extern void vmcs_dump_vcpu(void);
 extern void vmx_init_vmcs_config(void);
 extern void setup_vmcs_dump(void);
+extern void vmx_suspend_cpu(void);
+extern void vmx_resume_cpu(void);
 
 struct vmcs_struct {
     u32 vmcs_revision_id;
@@ -59,6 +61,7 @@ struct arch_vmx_struct {
      *  - Activated on a CPU by VMPTRLD. Deactivated by VMCLEAR.
      *  - Launched on active CPU by VMLAUNCH when current VMCS.
      */
+    struct list_head     active_list;
     int                  active_cpu;
     int                  launched;
 
diff -r f536eb8576ee -r d0477293897c xen/include/asm-x86/smp.h
--- a/xen/include/asm-x86/smp.h Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-x86/smp.h Thu Jul 12 09:53:58 2007 +0100
@@ -50,9 +50,22 @@ extern u8 x86_cpu_to_apicid[];
 
 #define cpu_physical_id(cpu)   x86_cpu_to_apicid[cpu]
 
+/* State of each CPU. */
+#define CPU_ONLINE     0x0002  /* CPU is up */
+#define CPU_DYING      0x0003  /* CPU is requested to die */
+#define CPU_DEAD       0x0004  /* CPU is dead */
+DECLARE_PER_CPU(int, cpu_state);
+
 #ifdef CONFIG_HOTPLUG_CPU
+#define cpu_is_offline(cpu) unlikely(per_cpu(cpu_state,cpu) == CPU_DYING)
+extern int cpu_down(unsigned int cpu);
+extern int cpu_up(unsigned int cpu);
 extern void cpu_exit_clear(void);
 extern void cpu_uninit(void);
+extern void disable_nonboot_cpus(void);
+extern void enable_nonboot_cpus(void);
+#else
+static inline int cpu_is_offline(int cpu) {return 0;}
 #endif
 
 /*
diff -r f536eb8576ee -r d0477293897c xen/include/asm-x86/system.h
--- a/xen/include/asm-x86/system.h      Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-x86/system.h      Thu Jul 12 09:53:58 2007 +0100
@@ -313,6 +313,8 @@ static always_inline unsigned long long 
 #define __sti()                        __asm__ __volatile__("sti": : :"memory")
 /* used in the idle loop; sti takes one instruction cycle to complete */
 #define safe_halt()            __asm__ __volatile__("sti; hlt": : :"memory")
+/* used when interrupts are already enabled or to shutdown the processor */
+#define halt()                 __asm__ __volatile__("hlt": : :"memory")
 
 /* For spinlocks etc */
 #if defined(__i386__)
diff -r f536eb8576ee -r d0477293897c xen/include/asm-x86/xenoprof.h
--- a/xen/include/asm-x86/xenoprof.h    Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/asm-x86/xenoprof.h    Thu Jul 12 09:53:58 2007 +0100
@@ -23,7 +23,6 @@
 #ifndef __ASM_X86_XENOPROF_H__
 #define __ASM_X86_XENOPROF_H__
 
-int nmi_init(int *num_events, int *is_primary, char *cpu_type);
 int nmi_reserve_counters(void);
 int nmi_setup_events(void);
 int nmi_enable_virq(void);
@@ -32,8 +31,7 @@ void nmi_disable_virq(void);
 void nmi_disable_virq(void);
 void nmi_release_counters(void);
 
-#define xenoprof_arch_init(num_events, is_primary, cpu_type)    \
-    nmi_init(num_events, is_primary, cpu_type)
+int xenoprof_arch_init(int *num_events, char *cpu_type);
 #define xenoprof_arch_reserve_counters()        nmi_reserve_counters()
 #define xenoprof_arch_setup_events()            nmi_setup_events()
 #define xenoprof_arch_enable_virq()             nmi_enable_virq()
diff -r f536eb8576ee -r d0477293897c xen/include/public/platform.h
--- a/xen/include/public/platform.h     Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/public/platform.h     Thu Jul 12 09:53:58 2007 +0100
@@ -153,6 +153,31 @@ typedef struct xenpf_firmware_info xenpf
 typedef struct xenpf_firmware_info xenpf_firmware_info_t;
 DEFINE_XEN_GUEST_HANDLE(xenpf_firmware_info_t);
 
+#define XENPF_set_acpi_sleep      51
+struct xenpf_set_acpi_sleep {
+    /* IN variables. */
+    uint16_t pm1a_cnt_port;
+    uint16_t pm1b_cnt_port;
+    uint16_t pm1a_evt_port;
+    uint16_t pm1b_evt_port;
+    /* OUT variables */
+    uint64_t xen_waking_vec;   /* Tell dom0 to set FACS waking vector */
+};
+typedef struct xenpf_set_acpi_sleep xenpf_set_acpi_sleep_t;
+DEFINE_XEN_GUEST_HANDLE(xenpf_set_acpi_sleep_t);
+
+#define XENPF_enter_acpi_sleep    52
+struct xenpf_enter_acpi_sleep {
+    /* IN variables */
+    uint16_t pm1a_cnt_val;
+    uint16_t pm1b_cnt_val;
+    uint32_t sleep_state;       /* Which state to enter */
+    uint32_t video_flags;       /* S3_bios or s3_mode */
+    uint32_t video_mode;        /* Mode setting for s3_mode */
+};
+typedef struct xenpf_enter_acpi_sleep xenpf_enter_acpi_sleep_t;
+DEFINE_XEN_GUEST_HANDLE(xenpf_enter_acpi_sleep_t);
+
 struct xen_platform_op {
     uint32_t cmd;
     uint32_t interface_version; /* XENPF_INTERFACE_VERSION */
@@ -164,6 +189,8 @@ struct xen_platform_op {
         struct xenpf_microcode_update  microcode;
         struct xenpf_platform_quirk    platform_quirk;
         struct xenpf_firmware_info     firmware_info;
+        struct xenpf_set_acpi_sleep    set_acpi_sleep;
+        struct xenpf_enter_acpi_sleep  enter_acpi_sleep;
         uint8_t                        pad[128];
     } u;
 };
diff -r f536eb8576ee -r d0477293897c xen/include/public/sysctl.h
--- a/xen/include/public/sysctl.h       Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/public/sysctl.h       Thu Jul 12 09:53:58 2007 +0100
@@ -185,6 +185,18 @@ typedef struct xen_sysctl_getcpuinfo xen
 typedef struct xen_sysctl_getcpuinfo xen_sysctl_getcpuinfo_t;
 DEFINE_XEN_GUEST_HANDLE(xen_sysctl_getcpuinfo_t); 
 
+#define XEN_SYSCTL_availheap         9
+struct xen_sysctl_availheap {
+    /* IN variables. */
+    uint32_t min_bitwidth;  /* Smallest address width (zero if don't care). */
+    uint32_t max_bitwidth;  /* Largest address width (zero if don't care). */
+    int32_t  node;          /* NUMA node of interest (-1 for all nodes). */
+    /* OUT variables. */
+    uint64_t avail_bytes;   /* Bytes available in the specified region. */
+};
+typedef struct xen_sysctl_availheap xen_sysctl_availheap_t;
+DEFINE_XEN_GUEST_HANDLE(xen_sysctl_availheap_t);
+ 
 struct xen_sysctl {
     uint32_t cmd;
     uint32_t interface_version; /* XEN_SYSCTL_INTERFACE_VERSION */
@@ -197,6 +209,7 @@ struct xen_sysctl {
         struct xen_sysctl_getdomaininfolist getdomaininfolist;
         struct xen_sysctl_debug_keys        debug_keys;
         struct xen_sysctl_getcpuinfo        getcpuinfo;
+        struct xen_sysctl_availheap         availheap;
         uint8_t                             pad[128];
     } u;
 };
diff -r f536eb8576ee -r d0477293897c xen/include/xen/irq.h
--- a/xen/include/xen/irq.h     Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/xen/irq.h     Thu Jul 12 09:53:58 2007 +0100
@@ -57,6 +57,7 @@ typedef struct {
     struct irqaction *action;  /* IRQ action list */
     unsigned int depth;                /* nested irq disables */
     spinlock_t lock;
+    cpumask_t affinity;
 } __cacheline_aligned irq_desc_t;
 
 extern irq_desc_t irq_desc[NR_IRQS];
@@ -74,4 +75,13 @@ extern int pirq_guest_bind(struct vcpu *
 extern int pirq_guest_bind(struct vcpu *v, int irq, int will_share);
 extern int pirq_guest_unbind(struct domain *d, int irq);
 
+static inline void set_native_irq_info(int irq, cpumask_t mask)
+{
+       irq_desc[irq].affinity = mask;
+}
+
+static inline void set_irq_info(int irq, cpumask_t mask)
+{
+       set_native_irq_info(irq, mask);
+}
 #endif /* __XEN_IRQ_H__ */
diff -r f536eb8576ee -r d0477293897c xen/include/xen/mm.h
--- a/xen/include/xen/mm.h      Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/xen/mm.h      Thu Jul 12 09:53:58 2007 +0100
@@ -61,6 +61,8 @@ struct page_info *__alloc_domheap_pages(
     struct domain *d, unsigned int cpu, unsigned int order, 
     unsigned int memflags);
 void free_domheap_pages(struct page_info *pg, unsigned int order);
+unsigned long avail_domheap_pages_region(
+    unsigned int node, unsigned int min_width, unsigned int max_width);
 unsigned long avail_domheap_pages(void);
 #define alloc_domheap_page(d) (alloc_domheap_pages(d,0,0))
 #define free_domheap_page(p)  (free_domheap_pages(p,0))
diff -r f536eb8576ee -r d0477293897c xen/include/xen/xenoprof.h
--- a/xen/include/xen/xenoprof.h        Wed Jul 11 11:32:30 2007 -0600
+++ b/xen/include/xen/xenoprof.h        Thu Jul 12 09:53:58 2007 +0100
@@ -69,6 +69,4 @@ int xenoprof_add_trace(struct domain *d,
 int xenoprof_add_trace(struct domain *d, struct vcpu *v, 
                        unsigned long eip, int mode);
 
-extern struct domain *xenoprof_primary_profiler;
-
 #endif  /* __XEN__XENOPROF_H__ */

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.