Xen project Mailing List

[Xen-changelog] [xen-unstable] Merge with PPC Xen tree.

From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>

Date: Fri, 27 Jul 2007 03:07:06 -0700

Delivery-date: Fri, 27 Jul 2007 03:05:13 -0700

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User kfraser@xxxxxxxxxxxxxxxxxxxxx # Date 1184664021 -3600 # Node ID 9559ba7c80f9b4a262e54f780d8fed71e8d23b88 # Parent c9720159b98323a45e1a91c00fee01c680f5d754 # Parent 23dab4b0545531e0ea0476b486c89a42455bcbe1 Merge with PPC Xen tree. --- xen/arch/ia64/vmx/vmx_process.c | 503 ------ .hgignore | 8 Config.mk | 8 docs/xen-api/xenapi-datamodel-graph.dot | 4 docs/xen-api/xenapi-datamodel.tex | 824 ++++++++++ extras/mini-os/arch/ia64/ia64.S | 7 extras/mini-os/arch/ia64/ivt.S | 49 extras/mini-os/include/ia64/ia64_cpu.h | 4 tools/firmware/hvmloader/acpi/dsdt.asl | 21 tools/firmware/hvmloader/acpi/dsdt.c | 25 tools/firmware/hvmloader/config.h | 2 tools/firmware/hvmloader/hvmloader.c | 12 tools/firmware/rombios/rombios.c | 48 tools/ioemu/hw/ide.c | 3 tools/ioemu/hw/rtl8139.c | 11 tools/ioemu/target-i386-dm/exec-dm.c | 6 tools/ioemu/target-i386-dm/helper2.c | 1 tools/ioemu/vl.c | 5 tools/ioemu/vl.h | 9 tools/libxc/ia64/xc_dom_ia64_util.c | 2 tools/libxc/ia64/xc_ia64_hvm_build.c | 21 tools/libxc/xc_domain.c | 33 tools/libxc/xc_linux.c | 2 tools/libxc/xc_ptrace.c | 10 tools/libxc/xenctrl.h | 26 tools/libxen/include/xen/api/xen_acmpolicy.h | 117 + tools/libxen/include/xen/api/xen_vdi.h | 13 tools/libxen/include/xen/api/xen_vm.h | 14 tools/libxen/include/xen/api/xen_xspolicy.h | 271 +++ tools/libxen/include/xen/api/xen_xspolicy_decl.h | 31 tools/libxen/src/xen_acmpolicy.c | 234 ++ tools/libxen/src/xen_vdi.c | 39 tools/libxen/src/xen_vm.c | 45 tools/libxen/src/xen_xspolicy.c | 327 +++ tools/python/xen/util/acmpolicy.py | 81 tools/python/xen/util/security.py | 69 tools/python/xen/xend/XendConfig.py | 2 tools/python/xen/xend/XendDomain.py | 8 tools/python/xen/xend/XendDomainInfo.py | 2 tools/python/xen/xm/activatepolicy.py | 86 + tools/python/xen/xm/addlabel.py | 135 + tools/python/xen/xm/cfgbootpolicy.py | 76 tools/python/xen/xm/create.dtd | 7 tools/python/xen/xm/create.py | 22 tools/python/xen/xm/getlabel.py | 45 tools/python/xen/xm/getpolicy.py | 94 + tools/python/xen/xm/labels.py | 37 tools/python/xen/xm/loadpolicy.py | 32 tools/python/xen/xm/main.py | 88 - tools/python/xen/xm/makepolicy.py | 14 tools/python/xen/xm/resources.py | 33 tools/python/xen/xm/rmlabel.py | 65 tools/python/xen/xm/setpolicy.py | 117 + tools/python/xen/xm/xenapi_create.py | 55 tools/security/policies/security_policy.xsd | 7 tools/vtpm_manager/util/hashtable_itr.c | 8 tools/xenstore/xsls.c | 37 tools/xentrace/xenctx.c | 364 +++- unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h | 9 unmodified_drivers/linux-2.6/netfront/Kbuild | 1 xen/Makefile | 16 xen/arch/ia64/Makefile | 2 xen/arch/ia64/Rules.mk | 2 xen/arch/ia64/linux-xen/efi.c | 5 xen/arch/ia64/linux-xen/perfmon.c | 2 xen/arch/ia64/linux-xen/sn/kernel/irq.c | 15 xen/arch/ia64/linux-xen/sn/kernel/sn2_smp.c | 101 + xen/arch/ia64/vmx/Makefile | 2 xen/arch/ia64/vmx/mmio.c | 15 xen/arch/ia64/vmx/vmmu.c | 3 xen/arch/ia64/vmx/vmx_fault.c | 524 ++++++ xen/arch/ia64/vmx/vmx_init.c | 6 xen/arch/ia64/vmx/vmx_ivt.S | 2 xen/arch/ia64/vmx/vmx_minstate.h | 4 xen/arch/ia64/vmx/vmx_utility.c | 13 xen/arch/ia64/vmx/vmx_vcpu.c | 3 xen/arch/ia64/vmx/vmx_virt.c | 45 xen/arch/ia64/xen/Makefile | 1 xen/arch/ia64/xen/dom0_ops.c | 51 xen/arch/ia64/xen/dom_fw_sn2.c | 92 + xen/arch/ia64/xen/dom_fw_utils.c | 35 xen/arch/ia64/xen/domain.c | 111 + xen/arch/ia64/xen/faults.c | 41 xen/arch/ia64/xen/fw_emul.c | 150 + xen/arch/ia64/xen/hypercall.c | 10 xen/arch/ia64/xen/hyperprivop.S | 48 xen/arch/ia64/xen/ivt.S | 66 xen/arch/ia64/xen/mm.c | 23 xen/arch/ia64/xen/oprofile/perfmon.c | 11 xen/arch/ia64/xen/oprofile/xenoprof.c | 26 xen/arch/ia64/xen/privop.c | 2 xen/arch/ia64/xen/vcpu.c | 86 - xen/arch/ia64/xen/vhpt.c | 2 xen/arch/ia64/xen/xenasm.S | 3 xen/arch/ia64/xen/xenmisc.c | 19 xen/arch/ia64/xen/xenpatch.c | 7 xen/arch/ia64/xen/xensetup.c | 31 xen/arch/ia64/xen/xentime.c | 8 xen/arch/x86/acpi/Makefile | 1 xen/arch/x86/acpi/power.c | 274 +++ xen/arch/x86/acpi/suspend.c | 85 + xen/arch/x86/acpi/wakeup_prot.S | 267 +++ xen/arch/x86/apic.c | 2 xen/arch/x86/boot/Makefile | 3 xen/arch/x86/boot/head.S | 2 xen/arch/x86/boot/wakeup.S | 212 ++ xen/arch/x86/cpu/common.c | 11 xen/arch/x86/crash.c | 4 xen/arch/x86/dmi_scan.c | 1 xen/arch/x86/domain.c | 19 xen/arch/x86/domain_build.c | 3 xen/arch/x86/domctl.c | 40 xen/arch/x86/hvm/hvm.c | 6 xen/arch/x86/hvm/svm/svm.c | 10 xen/arch/x86/hvm/svm/vmcb.c | 10 xen/arch/x86/hvm/vlapic.c | 9 xen/arch/x86/hvm/vmx/vmcs.c | 219 +- xen/arch/x86/hvm/vmx/vmx.c | 96 - xen/arch/x86/i8259.c | 6 xen/arch/x86/io_apic.c | 3 xen/arch/x86/irq.c | 33 xen/arch/x86/machine_kexec.c | 4 xen/arch/x86/mm.c | 23 xen/arch/x86/mm/hap/hap.c | 122 - xen/arch/x86/mm/hap/support.c | 164 + xen/arch/x86/nmi.c | 2 xen/arch/x86/oprofile/nmi_int.c | 83 - xen/arch/x86/platform_hypercall.c | 17 xen/arch/x86/setup.c | 4 xen/arch/x86/shutdown.c | 2 xen/arch/x86/smp.c | 2 xen/arch/x86/smpboot.c | 340 +++- xen/arch/x86/x86_32/traps.c | 2 xen/arch/x86/x86_64/mm.c | 3 xen/arch/x86/x86_64/traps.c | 2 xen/common/grant_table.c | 12 xen/common/page_alloc.c | 58 xen/common/sysctl.c | 14 xen/common/xenoprof.c | 52 xen/drivers/char/ns16550.c | 4 xen/drivers/char/serial.c | 4 xen/include/acm/acm_core.h | 4 xen/include/asm-ia64/config.h | 6 xen/include/asm-ia64/debugger.h | 45 xen/include/asm-ia64/dom_fw_common.h | 1 xen/include/asm-ia64/domain.h | 45 xen/include/asm-ia64/linux-xen/asm/machvec.h | 69 xen/include/asm-ia64/linux-xen/asm/machvec_sn2.h | 7 xen/include/asm-ia64/linux-xen/asm/processor.h | 4 xen/include/asm-ia64/linux-xen/asm/ptrace.h | 42 xen/include/asm-ia64/vcpu.h | 13 xen/include/asm-ia64/vmmu.h | 1 xen/include/asm-ia64/vmx.h | 2 xen/include/asm-ia64/vmx_vcpu.h | 32 xen/include/asm-ia64/xenkregs.h | 15 xen/include/asm-ia64/xenoprof.h | 2 xen/include/asm-x86/acpi.h | 8 xen/include/asm-x86/config.h | 10 xen/include/asm-x86/desc.h | 5 xen/include/asm-x86/hap.h | 3 xen/include/asm-x86/hvm/hvm.h | 21 xen/include/asm-x86/hvm/support.h | 1 xen/include/asm-x86/hvm/vmx/vmcs.h | 9 xen/include/asm-x86/page.h | 15 xen/include/asm-x86/processor.h | 18 xen/include/asm-x86/smp.h | 13 xen/include/asm-x86/system.h | 2 xen/include/asm-x86/xenoprof.h | 4 xen/include/public/arch-ia64.h | 135 - xen/include/public/foreign/reference.size | 6 xen/include/public/platform.h | 27 xen/include/public/sysctl.h | 13 xen/include/xen/cpumask.h | 2 xen/include/xen/irq.h | 10 xen/include/xen/mm.h | 5 xen/include/xen/xenoprof.h | 2 176 files changed, 6619 insertions(+), 2020 deletions(-) diff -r c9720159b983 -r 9559ba7c80f9 .hgignore --- a/.hgignore Mon Jul 16 14:20:16 2007 -0500 +++ b/.hgignore Tue Jul 17 10:20:21 2007 +0100 @@ -130,6 +130,8 @@ ^tools/ioemu/qemu\.1$ ^tools/ioemu/qemu\.pod$ ^tools/libxc/xen/.*$ +^tools/libxc/ia64/asm/acpi\.h$ +^tools/libxc/ia64/xen/list\.h$ ^tools/libxen/libxenapi- ^tools/libxen/test/test_bindings$ ^tools/libxen/test/test_event_handling$ @@ -211,6 +213,7 @@ ^tools/xm-test/lib/XmTestReport/xmtest.py$ ^tools/xm-test/tests/.*\.test$ ^xen/BLOG$ +^xen/System.map$ ^xen/TAGS$ ^xen/arch/x86/asm-offsets\.s$ ^xen/arch/x86/boot/mkelf32$ @@ -218,6 +221,7 @@ ^xen/ddb/.*$ ^xen/include/asm$ ^xen/include/asm-.*/asm-offsets\.h$ +^xen/include/asm-ia64/asm-xsi-offsets\.h$ ^xen/include/compat/.*$ ^xen/include/hypervisor-ifs/arch$ ^xen/include/public/foreign/.*\.(c|h|size)$ @@ -233,6 +237,10 @@ ^xen/xen$ ^xen/xen-syms$ ^xen/xen\..*$ +^xen/arch/ia64/asm-offsets\.s$ +^xen/arch/ia64/asm-xsi-offsets\.s$ +^xen/arch/ia64/map\.out$ +^xen/arch/ia64/xen\.lds\.s$ ^xen/arch/powerpc/dom0\.bin$ ^xen/arch/powerpc/asm-offsets\.s$ ^xen/arch/powerpc/firmware$ diff -r c9720159b983 -r 9559ba7c80f9 Config.mk --- a/Config.mk Mon Jul 16 14:20:16 2007 -0500 +++ b/Config.mk Tue Jul 17 10:20:21 2007 +0100 @@ -81,14 +81,6 @@ CFLAGS += $(foreach i, $(EXTRA_INCLUDES) # n - Do not build the Xen ACM framework ACM_SECURITY ?= n -# If ACM_SECURITY = y and no boot policy file is installed, -# then the ACM defaults to the security policy set by -# ACM_DEFAULT_SECURITY_POLICY -# Supported models are: -# ACM_NULL_POLICY -# ACM_CHINESE_WALL_AND_SIMPLE_TYPE_ENFORCEMENT_POLICY -ACM_DEFAULT_SECURITY_POLICY ?= ACM_NULL_POLICY - # Optional components XENSTAT_XENTOP ?= y VTPM_TOOLS ?= n diff -r c9720159b983 -r 9559ba7c80f9 docs/xen-api/xenapi-datamodel-graph.dot --- a/docs/xen-api/xenapi-datamodel-graph.dot Mon Jul 16 14:20:16 2007 -0500 +++ b/docs/xen-api/xenapi-datamodel-graph.dot Tue Jul 17 10:20:21 2007 +0100 @@ -12,7 +12,7 @@ digraph "Xen-API Class Diagram" { digraph "Xen-API Class Diagram" { fontname="Verdana"; -node [ shape=box ]; session VM host network VIF PIF SR VDI VBD PBD user; +node [ shape=box ]; session VM host network VIF PIF SR VDI VBD PBD user XSPolicy ACMPolicy; node [shape=ellipse]; PIF_metrics VIF_metrics VM_metrics VBD_metrics PBD_metrics VM_guest_metrics host_metrics; node [shape=box]; host_cpu console session -> host [ arrowhead="none" ] @@ -36,4 +36,6 @@ VBD -> VM [ arrowhead="none", arrowtail= VBD -> VM [ arrowhead="none", arrowtail="crow" ] VTPM -> VM [ arrowhead="none", arrowtail="crow" ] VBD -> VBD_metrics [ arrowhead="none" ] +XSPolicy -> host [ arrowhead="none" ] +XSPolicy -> ACMPolicy [ arrowhead="none" ] } diff -r c9720159b983 -r 9559ba7c80f9 docs/xen-api/xenapi-datamodel.tex --- a/docs/xen-api/xenapi-datamodel.tex Mon Jul 16 14:20:16 2007 -0500 +++ b/docs/xen-api/xenapi-datamodel.tex Tue Jul 17 10:20:21 2007 +0100 @@ -46,6 +46,8 @@ Name & Description \\ {\tt console} & A console \\ {\tt user} & A user of the system \\ {\tt debug} & A basic class for testing \\ +{\tt XSPolicy} & A class for handling Xen Security Policies \\ +{\tt ACMPolicy} & A class for handling ACM-type policies \\ \hline \end{tabular}\end{center} \section{Relationships Between Classes} @@ -226,6 +228,7 @@ The following enumeration types are used \vspace{1cm} \newpage + \section{Error Handling} When a low-level transport error occurs, or a request is malformed at the HTTP or XML-RPC level, the server may send an XML-RPC Fault response, or the client @@ -468,6 +471,17 @@ HVM is required for this operation {\bf Signature:} \begin{verbatim}VM_HVM_REQUIRED(vm)\end{verbatim} \begin{center}\rule{10em}{0.1pt}\end{center} + +\subsubsection{SECURITY\_ERROR} + +A security error occurred. The parameter provides the xen security +error code and a message describing the error. + +\vspace{0.3cm} +{\bf Signature:} +\begin{verbatim}SECURITY_ERROR(xserr, message)\end{verbatim} +\begin{center}\rule{10em}{0.1pt}\end{center} + \newpage \section{Class: session} @@ -1401,6 +1415,7 @@ Quals & Field & Type & Description \\ $\mathit{RO}_\mathit{run}$ & {\tt is\_control\_domain} & bool & true if this is a control domain (domain 0 or a driver domain) \\ $\mathit{RO}_\mathit{run}$ & {\tt metrics} & VM\_metrics ref & metrics associated with this VM \\ $\mathit{RO}_\mathit{run}$ & {\tt guest\_metrics} & VM\_guest\_metrics ref & metrics associated with the running guest \\ +$\mathit{RO}_\mathit{run}$ & {\tt security/label} & string & the VM's security label \\ \hline \end{longtable} \subsection{RPCs associated with class: VM} @@ -4395,6 +4410,82 @@ VM\_guest\_metrics ref value of the field +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_security\_label} + +{\bf Overview:} +Get the security label field of the given VM. Refer to the XSPolicy class +for the format of the security label. + + \noindent {\bf Signature:} +\begin{verbatim} string get_security_label (session_id s, VM ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt VM ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +string +} + + +value of the field +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~set\_security\_label} + +{\bf Overview:} +Set the security label field of the given VM. Refer to the XSPolicy class +for the format of the security label. + + \noindent {\bf Signature:} +\begin{verbatim} int set_security_label (session_id s, VM ref self, string +security_label, string old_label)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt VM ref } & self & reference to the object \\ \hline +{\tt string } & security\_label & security label for the VM \\ \hline +{\tt string } & old\_label & Optional label value that the security label \\ +& & must currently have for the change to succeed.\\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +int +} + + +Returns the ssidref in case of an VM that is currently running or +paused, zero in case of a dormant VM (halted, suspended). + +\vspace{0.3cm} + +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR} + \vspace{0.3cm} \vspace{0.3cm} \vspace{0.3cm} @@ -11317,6 +11408,79 @@ void \vspace{0.3cm} \vspace{0.3cm} \vspace{0.3cm} +\subsubsection{RPC name:~set\_security\_label} + +{\bf Overview:} +Set the security label of the given VDI. Refer to the XSPolicy class +for the format of the security label. + + \noindent {\bf Signature:} +\begin{verbatim} void set_security_label (session_id s, VDI ref self, string +security_label, string old_label)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt VDI ref } & self & reference to the object \\ \hline + +{\tt string } & security\_label & New value of the security label \\ \hline +{\tt string } & old\_label & Optional label value that the security label \\ +& & must currently have for the change to succeed.\\ \hline +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +void +} + + +\vspace{0.3cm} + +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR} + +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_security\_label} + +{\bf Overview:} +Get the security label of the given VDI. + + \noindent {\bf Signature:} +\begin{verbatim} string get_security_label (session_id s, VDI ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt VDI ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +string +} + + +value of the given field +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} \subsubsection{RPC name:~create} {\bf Overview:} @@ -13424,6 +13588,38 @@ value of the field \vspace{0.3cm} \vspace{0.3cm} \vspace{0.3cm} +\subsubsection{RPC name:~get\_runtime\_properties} + +{\bf Overview:} +Get the runtime\_properties field of the given VTPM. + +\noindent {\bf Signature:} +\begin{verbatim} ((string -> string) Map) get_runtime_properties (session_id s, VTPM ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt VTPM ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +(string $\rightarrow$ string) Map +} + + +value of the field +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} \subsubsection{RPC name:~create} {\bf Overview:} @@ -14268,6 +14464,634 @@ all fields from the object \vspace{0.3cm} \vspace{1cm} +\newpage +\section{Class: XSPolicy} +\subsection{Fields for class: XSPolicy} +\begin{longtable}{|lllp{0.38\textwidth}|} +\hline +\multicolumn{1}{|l}{Name} & \multicolumn{3}{l|}{\bf XSPolicy} \\ +\multicolumn{1}{|l}{Description} & \multicolumn{3}{l|}{\parbox{11cm}{\em A Xen Security Policy}} \\ +\hline +Quals & Field & Type & Description \\ +\hline +$\mathit{RO}_\mathit{run}$ & {\tt uuid} & string & unique identifier / object reference \\ +$\mathit{RW}$ & {\tt repr} & string & representation of policy, i.e., XML \\ +$\mathit{RO}_\mathit{run}$ & {\tt type} & xs\_type & type of the policy \\ +$\mathit{RO}_\mathit{run}$ & {\tt flags} & xs\_instantiationflags & policy +status flags \\ +\hline +\end{longtable} +\subsection{Semantics of the class: XSPolicy} + +The XSPolicy class is used for administering Xen Security policies. Through +this class a new policy can be uploaded to the system, loaded into the +Xen hypervisor for enforcement and be set as the policy that the +system is automatically loading when the machine is started. + +This class returns information about the currently administered policy, +including a reference to the policy. This reference can then be used with +policy-specific classes, i.e., the ACMPolicy class, to allow retrieval of +information or changes to be made to a particular policy. + +\subsection{Structure and datatypes of class: XSPolicy} + +Format of the security label: + +A security label consist of the three different parts {\it policy type}, +{\it policy name} and {\it label} separated with colons. To specify +the virtual machine label for an ACM-type policy {\it xm-test}, the +security label string would be {\it ACM:xm-test:blue}, where blue +denotes the virtual machine's label. The format of resource labels is +the same.\\[0.5cm] +The following flags are used by this class: + +\begin{longtable}{|l|l|l|} +\hline +{\tt xs\_type} & value & meaning \\ +\hline +\hspace{0.5cm}{\tt XS\_POLICY\_ACM} & (1 $<<$ 0) & ACM-type policy \\ +\hline +\end{longtable} + +\begin{longtable}{|l|l|l|} +\hline +{\tt xs\_instantiationflags} & value & meaning \\ +\hline +\hspace{0.5cm}{\tt XS\_INST\_NONE} & 0 & do nothing \\ +\hspace{0.5cm}{\tt XS\_INST\_BOOT} & (1 $<<$ 0) & make system boot with this policy \\ +\hspace{0.5cm}{\tt XS\_INST\_LOAD} & (1 $<<$ 1) & load policy immediately \\ +\hline +\end{longtable} + +\begin{longtable}{|l|l|l|} +\hline +{\tt xs\_policystate} & type & meaning \\ +\hline +\hspace{0.5cm}{\tt xserr} & int & Error code from operation (if applicable) \\ +\hspace{0.5cm}{\tt xs\_ref} & XSPolicy ref & reference to the XS policy as returned by the API \\ +\hspace{0.5cm}{\tt repr} & string & representation of the policy, i.e., XML \\ +\hspace{0.5cm}{\tt type} & xs\_type & the type of the policy \\ +\hspace{0.5cm}{\tt flags } & xs\_instantiationflags & instantiation flags of the policy \\ +\hspace{0.5cm}{\tt version} & string & version of the policy \\ +\hspace{0.5cm}{\tt errors} & string & Base64-encoded sequence of integer tuples consisting \\ +& & of (error code, detail); will be returned as part \\ +& & of the xs\_setpolicy function. \\ +\hline +\end{longtable} + +\subsection{Additional RPCs associated with class: XSPolicy} +\subsubsection{RPC name:~get\_xstype} + +{\bf Overview:} +Return the Xen Security Policy types supported by this system + + \noindent {\bf Signature:} +\begin{verbatim} xs_type get_xstype (session_id s)\end{verbatim} + + \noindent {\bf Return Type:} +{\tt +xs\_type +} + +flags representing the supported Xen security policy types + \vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~set\_xspolicy} + +{\bf Overview:} +Set the current XSPolicy. This function can also be be used for updating of +an existing policy whose name must be equivalent to the one of the +currently running policy. + +\noindent {\bf Signature:} +\begin{verbatim} xs_policystate set_xspolicy (session_id s, xs_type type, string repr, +xs_instantiationflags flags, bool overwrite)\end{verbatim} + +\noindent{\bf Arguments:} + +\vspace{0.3cm} + +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt xs\_type } & type & the type of policy \\ \hline +{\tt string} & repr & representation of the policy, i.e., XML \\ \hline +{\tt xs\_instantiationflags} & flags & flags for the setting of the policy \\ \hline +{\tt bool} & overwrite & whether to overwrite an existing policy \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + + \noindent {\bf Return Type:} +{\tt +xs\_policystate +} + + +State information about the policy. In case an error occurred, the 'xs\_err' +field contains the error code. The 'errors' may contain further information +about the error. +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_xspolicy} + +{\bf Overview:} +Get information regarding the currently set Xen Security Policy + + \noindent {\bf Signature:} +\begin{verbatim} xs_policystate get_xspolicy (session_id s)\end{verbatim} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +xs\_policystate +} + + +Policy state information. +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~rm\_xsbootpolicy} + +{\bf Overview:} +Remove any policy from the default boot configuration. + + \noindent {\bf Signature:} +\begin{verbatim} void rm_xsbootpolicy (session_id s)\end{verbatim} + +\vspace{0.3cm} + +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR} + +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_labeled\_resources} + +{\bf Overview:} +Get a list of resources that have been labeled. + + \noindent {\bf Signature:} +\begin{verbatim} ((string -> string) Map) get_labeled_resources (session_id s)\end{verbatim} + + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +(string $\rightarrow$ string) Map +} + + +A map of resources with their labels. +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~set\_resource\_label} + +{\bf Overview:} +Label the given resource with the given label. An empty label removes any label +from the resource. + + \noindent {\bf Signature:} +\begin{verbatim} void set_resource_label (session_id s, string resource, string +label, string old_label)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt string } & resource & resource to label \\ \hline +{\tt string } & label & label for the resource \\ \hline +{\tt string } & old\_label & Optional label value that the security label \\ +& & must currently have for the change to succeed. \\ \hline + +\end{tabular} + +\vspace{0.3cm} + +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR} + +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_resource\_label} + +{\bf Overview:} +Get the label of the given resource. + + \noindent {\bf Signature:} +\begin{verbatim} string get_resource_label (session_id s, string resource)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt string } & resource & resource to label \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +string +} + + +The label of the given resource. +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~activate\_xspolicy} + +{\bf Overview:} +Load the referenced policy into the hypervisor. + + \noindent {\bf Signature:} +\begin{verbatim} xs_instantiationflags activate_xspolicy (session_id s, xs_ref xspolicy, +xs_instantiationflags flags)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt xs ref } & self & reference to the object \\ \hline +{\tt xs\_instantiationflags } & flags & flags to activate on a policy; flags + can only be set \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + + \noindent {\bf Return Type:} +{\tt +xs\_instantiationflags +} + + +Currently active instantiation flags. +\vspace{0.3cm} + +\noindent{\bf Possible Error Codes:} {\tt SECURITY\_ERROR} + +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_all} + +{\bf Overview:} +Return a list of all the XSPolicies known to the system. + + \noindent {\bf Signature:} +\begin{verbatim} ((XSPolicy ref) Set) get_all (session_id s)\end{verbatim} + + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +(XSPolicy ref) Set +} + + +A list of all the IDs of all the XSPolicies +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_uuid} + +{\bf Overview:} +Get the uuid field of the given XSPolicy. + + \noindent {\bf Signature:} +\begin{verbatim} string get_uuid (session_id s, XSPolicy ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt XSPolicy ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +string +} + + +value of the field +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_record} + +{\bf Overview:} +Get a record of the referenced XSPolicy. + + \noindent {\bf Signature:} +\begin{verbatim} (XSPolicy record) get_record (session_id s, xs_ref xspolicy)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt xs ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +XSPolicy record +} + + +all fields from the object +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\newpage +\section{Class: ACMPolicy} +\subsection{Fields for class: ACMPolicy} +\begin{longtable}{|lllp{0.38\textwidth}|} +\hline +\multicolumn{1}{|l}{Name} & \multicolumn{3}{l|}{\bf ACMPolicy} \\ +\multicolumn{1}{|l}{Description} & \multicolumn{3}{l|}{\parbox{11cm}{\em An ACM Security Policy}} \\ +\hline +Quals & Field & Type & Description \\ +\hline +$\mathit{RO}_\mathit{run}$ & {\tt uuid} & string & unique identifier / object reference \\ +$\mathit{RW}$ & {\tt repr} & string & representation of policy, in XML \\ +$\mathit{RO}_\mathit{run}$ & {\tt type} & xs\_type & type of the policy \\ +$\mathit{RO}_\mathit{run}$ & {\tt flags} & xs\_instantiationflags & policy +status flags \\ +\hline +\end{longtable} + +\subsection{Structure and datatypes of class: ACMPolicy} + +\vspace{0.5cm} +The following data structures are used: + +\begin{longtable}{|l|l|l|} +\hline +{\tt RIP acm\_policyheader} & type & meaning \\ +\hline +\hspace{0.5cm}{\tt policyname} & string & name of the policy \\ +\hspace{0.5cm}{\tt policyurl } & string & URL of the policy \\ +\hspace{0.5cm}{\tt date} & string & data of the policy \\ +\hspace{0.5cm}{\tt reference} & string & reference of the policy \\ +\hspace{0.5cm}{\tt namespaceurl} & string & namespaceurl of the policy \\ +\hspace{0.5cm}{\tt version} & string & version of the policy \\ +\hline +\end{longtable} + +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_header} + +{\bf Overview:} +Get the referenced policy's header information. + + \noindent {\bf Signature:} +\begin{verbatim} acm_policyheader get_header (session_id s, xs ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt xs ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +acm\_policyheader +} + + +The policy's header information. +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_xml} + +{\bf Overview:} +Get the XML representation of the given policy. + + \noindent {\bf Signature:} +\begin{verbatim} string get_XML (session_id s, xs ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt xs ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +string +} + + +XML representation of the referenced policy +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_map} + +{\bf Overview:} +Get the mapping information of the given policy. + + \noindent {\bf Signature:} +\begin{verbatim} string get_map (session_id s, xs ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt xs ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +string +} + + +Mapping information of the referenced policy. +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_binary} + +{\bf Overview:} +Get the binary policy representation of the referenced policy. + + \noindent {\bf Signature:} +\begin{verbatim} string get_map (session_id s, xs ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt xs ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +string +} + + +Base64-encoded representation of the binary policy. +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_all} + +{\bf Overview:} +Return a list of all the ACMPolicies known to the system. + + \noindent {\bf Signature:} +\begin{verbatim} ((ACMPolicy ref) Set) get_all (session_id s)\end{verbatim} + + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +(ACMPolicy ref) Set +} + + +A list of all the IDs of all the ACMPolicies +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_uuid} + +{\bf Overview:} +Get the uuid field of the given ACMPolicy. + + \noindent {\bf Signature:} +\begin{verbatim} string get_uuid (session_id s, ACMPolicy ref self)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt ACMPolicy ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +string +} + + +value of the field +\vspace{0.3cm} +\vspace{0.3cm} +\vspace{0.3cm} +\subsubsection{RPC name:~get\_record} + +{\bf Overview:} +Get a record of the referenced ACMPolicy. + + \noindent {\bf Signature:} +\begin{verbatim} (XSPolicy record) get_record (session_id s, xs_ref xspolicy)\end{verbatim} + + +\noindent{\bf Arguments:} + + +\vspace{0.3cm} +\begin{tabular}{|c|c|p{7cm}|} + \hline +{\bf type} & {\bf name} & {\bf description} \\ \hline +{\tt xs ref } & self & reference to the object \\ \hline + +\end{tabular} + +\vspace{0.3cm} + + \noindent {\bf Return Type:} +{\tt +XSPolicy record +} + + +all fields from the object + \newpage \section{Class: debug} \subsection{Fields for class: debug} diff -r c9720159b983 -r 9559ba7c80f9 extras/mini-os/arch/ia64/ia64.S --- a/extras/mini-os/arch/ia64/ia64.S Mon Jul 16 14:20:16 2007 -0500 +++ b/extras/mini-os/arch/ia64/ia64.S Tue Jul 17 10:20:21 2007 +0100 @@ -105,7 +105,7 @@ ENTRY(_start) /* * Now pin mappings into the TLB for kernel text and data */ - mov r18=KERNEL_TR_PAGE_SIZE<<2 + mov r18=KERNEL_TR_PAGE_SIZE<<IA64_ITIR_PS movl r17=KERNEL_START ;; mov cr.itir=r18 @@ -204,7 +204,10 @@ 1: /* now we are in virtual mode */ ;; or out0=r16, r15 // make a region 7 address ;; - + ssm psr.i | psr.ic + ;; + srlz.i + ;; br.call.sptk.many rp=start_kernel ;; add r2=3,r0 diff -r c9720159b983 -r 9559ba7c80f9 extras/mini-os/arch/ia64/ivt.S --- a/extras/mini-os/arch/ia64/ivt.S Mon Jul 16 14:20:16 2007 -0500 +++ b/extras/mini-os/arch/ia64/ivt.S Tue Jul 17 10:20:21 2007 +0100 @@ -587,13 +587,11 @@ END(save_special_regs) ENTRY(hypervisor_callback) - // Calculate the stack address for storing. - // Use the kernel stack here because it's mapped wired! - // -> no nested tlb faults! - movl r18=kstack+KSTACK_PAGES * PAGE_SIZE - 16 - TF_SIZE - - //add r18=-TF_SIZE,sp - add r30=0xabab,r0 + /* + * Use the thread stack here for storing the trap frame. + * It's not wired mapped, so nested data tlb faults may occur! + */ + add r18=-TF_SIZE,sp ;; { .mib nop 0x02 @@ -602,7 +600,7 @@ ENTRY(hypervisor_callback) ;; } add sp=-16,r18 // the new stack - alloc r15=ar.pfs,0,0,1,0 // 1 out for do_trap_error + alloc r15=ar.pfs,0,0,1,0 // 1 out for do_hypervisor_callback ;; mov out0=r18 // the trap frame movl r22=XSI_PSR_IC @@ -617,13 +615,8 @@ ENTRY(hypervisor_callback) movl r22=XSI_PSR_IC ;; st4 [r22]=r0 // rsm psr.ic - - add r16=16,sp // load EF-pointer again - ;; - //mov r18=sp - movl r18=kstack+KSTACK_PAGES * PAGE_SIZE - 16 - TF_SIZE - ;; - + add r18=16,sp // load EF-pointer again + ;; // must have r18-efp, calls rfi at the end. br.sptk restore_tf_rse_switch ;; @@ -654,9 +647,7 @@ ENTRY(trap_error) mov out0=r18 // the trap frame add sp=-16,r18 // C-call abi ;; - - //bsw.1 - movl r30=XSI_BANKNUM + movl r30=XSI_BANKNUM // bsw.1 mov r31=1;; #if defined(BIG_ENDIAN) // swap because mini-os is in BE mux1 r31=r31,@rev;; @@ -752,6 +743,7 @@ IVT_ERR(Alternate_Instruction_TLB, 3, 0x IVT_ENTRY(Alternate_Data_TLB, 0x1000) mov r30=4 // trap number +adt_common: mov r16=cr.ifa // where did it happen mov r31=pr // save predicates ;; @@ -765,7 +757,7 @@ IVT_ENTRY(Alternate_Data_TLB, 0x1000) // // No return // //adt_regf_addr: -// extr.u r17=r16,60,4 // get region number +// extr.u r17=r16,60,4 // get region number // ;; // cmp.eq p14,p15=0xf,r17 // ;; @@ -799,8 +791,23 @@ adt_reg7_addr: IVT_END(Alternate_Data_TLB) - -IVT_ERR(Data_Nested_TLB, 5, 0x1400) +/* + * Handling of nested data tlb is needed, because in hypervisor_callback() + * the stack is used to store the register trap frame. This stack is allocated + * dynamically (as identity mapped address) and therewidth no tr mapped page! + */ +IVT_ENTRY(Data_Nested_TLB, 0x1400) + + mov r30=5 // trap number + add r28=-TF_SIZE,sp // r28 is never used in trap handling + ;; + mov cr.ifa=r28 + ;; + br.sptk adt_common +IVT_END(Data_Nested_TLB) + + + IVT_ERR(Instruction_Key_Miss, 6, 0x1800) IVT_ERR(Data_Key_Miss, 7, 0x1c00) IVT_ERR(Dirty_Bit, 8, 0x2000) diff -r c9720159b983 -r 9559ba7c80f9 extras/mini-os/include/ia64/ia64_cpu.h --- a/extras/mini-os/include/ia64/ia64_cpu.h Mon Jul 16 14:20:16 2007 -0500 +++ b/extras/mini-os/include/ia64/ia64_cpu.h Tue Jul 17 10:20:21 2007 +0100 @@ -143,11 +143,11 @@ #define STARTUP_PSR (IA64_PSR_IT | \ IA64_PSR_DT | IA64_PSR_RT | MOS_IA64_PSR_BE | \ - IA64_PSR_BN | IA64_PSR_CPL_2 | IA64_PSR_AC) + IA64_PSR_BN | IA64_PSR_CPL_KERN | IA64_PSR_AC) #define MOS_SYS_PSR (IA64_PSR_IC | IA64_PSR_I | IA64_PSR_IT | \ IA64_PSR_DT | IA64_PSR_RT | MOS_IA64_PSR_BE | \ - IA64_PSR_BN | IA64_PSR_CPL_2 | IA64_PSR_AC) + IA64_PSR_BN | IA64_PSR_CPL_KERN | IA64_PSR_AC) #define MOS_USR_PSR (IA64_PSR_IC | IA64_PSR_I | IA64_PSR_IT | \ IA64_PSR_DT | IA64_PSR_RT | MOS_IA64_PSR_BE | \ diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/hvmloader/acpi/dsdt.asl --- a/tools/firmware/hvmloader/acpi/dsdt.asl Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/firmware/hvmloader/acpi/dsdt.asl Tue Jul 17 10:20:21 2007 +0100 @@ -123,11 +123,12 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, } Name(BUFA, ResourceTemplate() { - IRQ(Level, ActiveLow, Shared) { 5, 7, 10, 11 } + IRQ(Level, ActiveLow, Shared) { 5, 10, 11 } }) Name(BUFB, Buffer() { - 0x23, 0x00, 0x00, 0x18, 0x79, 0 + 0x23, 0x00, 0x00, 0x18, /* IRQ descriptor */ + 0x79, 0 /* End tag, null checksum */ }) CreateWordField(BUFB, 0x01, IRQV) @@ -643,6 +644,22 @@ DefinitionBlock ("DSDT.aml", "DSDT", 2, IRQNoFlags () {4} }) } + + Device (LTP1) + { + Name (_HID, EisaId ("PNP0400")) + Name (_UID, 0x02) + Method (_STA, 0, NotSerialized) + { + Return (0x0F) + } + + Name (_CRS, ResourceTemplate() + { + IO (Decode16, 0x0378, 0x0378, 0x08, 0x08) + IRQNoFlags () {7} + }) + } } } } diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/hvmloader/acpi/dsdt.c --- a/tools/firmware/hvmloader/acpi/dsdt.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/firmware/hvmloader/acpi/dsdt.c Tue Jul 17 10:20:21 2007 +0100 @@ -1,19 +1,19 @@ /* * * Intel ACPI Component Architecture - * ASL Optimizing Compiler version 20060707 [Dec 30 2006] + * ASL Optimizing Compiler version 20060707 [Feb 16 2007] * Copyright (C) 2000 - 2006 Intel Corporation * Supports ACPI Specification Revision 3.0a * - * Compilation of "dsdt.asl" - Sat May 12 16:13:55 2007 + * Compilation of "dsdt.asl" - Wed Jul 11 13:34:30 2007 * * C source code output * */ unsigned char AmlCode[] = { - 0x44,0x53,0x44,0x54,0x67,0x0D,0x00,0x00, /* 00000000 "DSDTg..." */ - 0x02,0xE0,0x58,0x65,0x6E,0x00,0x00,0x00, /* 00000008 "..Xen..." */ + 0x44,0x53,0x44,0x54,0x9F,0x0D,0x00,0x00, /* 00000000 "DSDT...." */ + 0x02,0x2E,0x58,0x65,0x6E,0x00,0x00,0x00, /* 00000008 "..Xen..." */ 0x48,0x56,0x4D,0x00,0x00,0x00,0x00,0x00, /* 00000010 "HVM....." */ 0x00,0x00,0x00,0x00,0x49,0x4E,0x54,0x4C, /* 00000018 "....INTL" */ 0x07,0x07,0x06,0x20,0x08,0x50,0x4D,0x42, /* 00000020 "... .PMB" */ @@ -27,7 +27,7 @@ unsigned char AmlCode[] = 0x04,0x0A,0x07,0x0A,0x07,0x00,0x00,0x08, /* 00000060 "........" */ 0x50,0x49,0x43,0x44,0x00,0x14,0x0C,0x5F, /* 00000068 "PICD..._" */ 0x50,0x49,0x43,0x01,0x70,0x68,0x50,0x49, /* 00000070 "PIC.phPI" */ - 0x43,0x44,0x10,0x4C,0xCE,0x5F,0x53,0x42, /* 00000078 "CD.L._SB" */ + 0x43,0x44,0x10,0x44,0xD2,0x5F,0x53,0x42, /* 00000078 "CD.D._SB" */ 0x5F,0x5B,0x82,0x49,0x04,0x4D,0x45,0x4D, /* 00000080 "_[.I.MEM" */ 0x30,0x08,0x5F,0x48,0x49,0x44,0x0C,0x41, /* 00000088 "0._HID.A" */ 0xD0,0x0C,0x02,0x08,0x5F,0x43,0x52,0x53, /* 00000090 "...._CRS" */ @@ -37,7 +37,7 @@ unsigned char AmlCode[] = 0x00,0x00,0xFF,0xFF,0x09,0x00,0x00,0x00, /* 000000B0 "........" */ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 000000B8 "........" */ 0x00,0x00,0x00,0x00,0x0A,0x00,0x00,0x00, /* 000000C0 "........" */ - 0x00,0x00,0x79,0x00,0x5B,0x82,0x49,0xC9, /* 000000C8 "..y.[.I." */ + 0x00,0x00,0x79,0x00,0x5B,0x82,0x41,0xCD, /* 000000C8 "..y.[.A." */ 0x50,0x43,0x49,0x30,0x08,0x5F,0x48,0x49, /* 000000D0 "PCI0._HI" */ 0x44,0x0C,0x41,0xD0,0x0A,0x03,0x08,0x5F, /* 000000D8 "D.A...._" */ 0x55,0x49,0x44,0x00,0x08,0x5F,0x41,0x44, /* 000000E0 "UID.._AD" */ @@ -59,7 +59,7 @@ unsigned char AmlCode[] = 0x00,0xF0,0xFF,0xFF,0xFF,0xF4,0x00,0x00, /* 00000160 "........" */ 0x00,0x00,0x00,0x00,0x00,0x05,0x79,0x00, /* 00000168 "......y." */ 0xA4,0x50,0x52,0x54,0x30,0x08,0x42,0x55, /* 00000170 ".PRT0.BU" */ - 0x46,0x41,0x11,0x09,0x0A,0x06,0x23,0xA0, /* 00000178 "FA....#." */ + 0x46,0x41,0x11,0x09,0x0A,0x06,0x23,0x20, /* 00000178 "FA....# " */ 0x0C,0x18,0x79,0x00,0x08,0x42,0x55,0x46, /* 00000180 "..y..BUF" */ 0x42,0x11,0x09,0x0A,0x06,0x23,0x00,0x00, /* 00000188 "B....#.." */ 0x18,0x79,0x00,0x8B,0x42,0x55,0x46,0x42, /* 00000190 ".y..BUFB" */ @@ -348,7 +348,7 @@ unsigned char AmlCode[] = 0x0C,0x04,0x0C,0xFF,0xFF,0x0F,0x00,0x0A, /* 00000A68 "........" */ 0x02,0x00,0x0A,0x2F,0x12,0x0C,0x04,0x0C, /* 00000A70 ".../...." */ 0xFF,0xFF,0x0F,0x00,0x0A,0x03,0x00,0x0A, /* 00000A78 "........" */ - 0x10,0x5B,0x82,0x44,0x2E,0x49,0x53,0x41, /* 00000A80 ".[.D.ISA" */ + 0x10,0x5B,0x82,0x4C,0x31,0x49,0x53,0x41, /* 00000A80 ".[.L1ISA" */ 0x5F,0x08,0x5F,0x41,0x44,0x52,0x0C,0x00, /* 00000A88 "_._ADR.." */ 0x00,0x01,0x00,0x5B,0x80,0x50,0x49,0x52, /* 00000A90 "...[.PIR" */ 0x51,0x02,0x0A,0x60,0x0A,0x04,0x10,0x2E, /* 00000A98 "Q..`...." */ @@ -440,6 +440,13 @@ unsigned char AmlCode[] = 0x09,0x5F,0x53,0x54,0x41,0x00,0xA4,0x0A, /* 00000D48 "._STA..." */ 0x0F,0x08,0x5F,0x43,0x52,0x53,0x11,0x10, /* 00000D50 ".._CRS.." */ 0x0A,0x0D,0x47,0x01,0xF8,0x03,0xF8,0x03, /* 00000D58 "..G....." */ - 0x01,0x08,0x22,0x10,0x00,0x79,0x00, + 0x01,0x08,0x22,0x10,0x00,0x79,0x00,0x5B, /* 00000D60 ".."..y.[" */ + 0x82,0x36,0x4C,0x54,0x50,0x31,0x08,0x5F, /* 00000D68 ".6LTP1._" */ + 0x48,0x49,0x44,0x0C,0x41,0xD0,0x04,0x00, /* 00000D70 "HID.A..." */ + 0x08,0x5F,0x55,0x49,0x44,0x0A,0x02,0x14, /* 00000D78 "._UID..." */ + 0x09,0x5F,0x53,0x54,0x41,0x00,0xA4,0x0A, /* 00000D80 "._STA..." */ + 0x0F,0x08,0x5F,0x43,0x52,0x53,0x11,0x10, /* 00000D88 ".._CRS.." */ + 0x0A,0x0D,0x47,0x01,0x78,0x03,0x78,0x03, /* 00000D90 "..G.x.x." */ + 0x08,0x08,0x22,0x80,0x00,0x79,0x00, }; int DsdtLen=sizeof(AmlCode); diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/hvmloader/config.h --- a/tools/firmware/hvmloader/config.h Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/firmware/hvmloader/config.h Tue Jul 17 10:20:21 2007 +0100 @@ -9,7 +9,7 @@ #define LAPIC_ID(vcpu_id) ((vcpu_id) * 2) #define PCI_ISA_DEVFN 0x08 /* dev 1, fn 0 */ -#define PCI_ISA_IRQ_MASK 0x0ca0U /* ISA IRQs 5,7,10,11 are PCI connected */ +#define PCI_ISA_IRQ_MASK 0x0c20U /* ISA IRQs 5,10,11 are PCI connected */ #define ROMBIOS_SEG 0xF000 #define ROMBIOS_BEGIN 0x000F0000 diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/hvmloader/hvmloader.c --- a/tools/firmware/hvmloader/hvmloader.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/firmware/hvmloader/hvmloader.c Tue Jul 17 10:20:21 2007 +0100 @@ -180,15 +180,13 @@ static void pci_setup(void) unsigned int bar, pin, link, isa_irq; /* Program PCI-ISA bridge with appropriate link routes. */ - link = 0; - for ( isa_irq = 0; isa_irq < 15; isa_irq++ ) - { - if ( !(PCI_ISA_IRQ_MASK & (1U << isa_irq)) ) - continue; + isa_irq = 0; + for ( link = 0; link < 4; link++ ) + { + do { isa_irq = (isa_irq + 1) & 15; + } while ( !(PCI_ISA_IRQ_MASK & (1U << isa_irq)) ); pci_writeb(PCI_ISA_DEVFN, 0x60 + link, isa_irq); printf("PCI-ISA link %u routed to IRQ%u\n", link, isa_irq); - if ( link++ == 4 ) - break; } /* Program ELCR to match PCI-wired IRQs. */ diff -r c9720159b983 -r 9559ba7c80f9 tools/firmware/rombios/rombios.c --- a/tools/firmware/rombios/rombios.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/firmware/rombios/rombios.c Tue Jul 17 10:20:21 2007 +0100 @@ -9146,78 +9146,78 @@ pci_routing_table_structure: db 0 ;; pci bus number db 0x08 ;; pci device number (bit 7-3) db 0x61 ;; link value INTA#: pointer into PCI2ISA config space - dw 0x0ca0 ;; IRQ bitmap INTA# + dw 0x0c20 ;; IRQ bitmap INTA# db 0x62 ;; link value INTB# - dw 0x0ca0 ;; IRQ bitmap INTB# + dw 0x0c20 ;; IRQ bitmap INTB# db 0x63 ;; link value INTC# - dw 0x0ca0 ;; IRQ bitmap INTC# + dw 0x0c20 ;; IRQ bitmap INTC# db 0x60 ;; link value INTD# - dw 0x0ca0 ;; IRQ bitmap INTD# + dw 0x0c20 ;; IRQ bitmap INTD# db 0 ;; physical slot (0 = embedded) db 0 ;; reserved ;; second slot entry: 1st PCI slot db 0 ;; pci bus number db 0x10 ;; pci device number (bit 7-3) db 0x62 ;; link value INTA# - dw 0x0ca0 ;; IRQ bitmap INTA# + dw 0x0c20 ;; IRQ bitmap INTA# db 0x63 ;; link value INTB# - dw 0x0ca0 ;; IRQ bitmap INTB# + dw 0x0c20 ;; IRQ bitmap INTB# db 0x60 ;; link value INTC# - dw 0x0ca0 ;; IRQ bitmap INTC# + dw 0x0c20 ;; IRQ bitmap INTC# db 0x61 ;; link value INTD# - dw 0x0ca0 ;; IRQ bitmap INTD# + dw 0x0c20 ;; IRQ bitmap INTD# db 1 ;; physical slot (0 = embedded) db 0 ;; reserved ;; third slot entry: 2nd PCI slot db 0 ;; pci bus number db 0x18 ;; pci device number (bit 7-3) db 0x63 ;; link value INTA# - dw 0x0ca0 ;; IRQ bitmap INTA# + dw 0x0c20 ;; IRQ bitmap INTA# db 0x60 ;; link value INTB# - dw 0x0ca0 ;; IRQ bitmap INTB# + dw 0x0c20 ;; IRQ bitmap INTB# db 0x61 ;; link value INTC# - dw 0x0ca0 ;; IRQ bitmap INTC# + dw 0x0c20 ;; IRQ bitmap INTC# db 0x62 ;; link value INTD# - dw 0x0ca0 ;; IRQ bitmap INTD# + dw 0x0c20 ;; IRQ bitmap INTD# db 2 ;; physical slot (0 = embedded) db 0 ;; reserved ;; 4th slot entry: 3rd PCI slot db 0 ;; pci bus number db 0x20 ;; pci device number (bit 7-3) db 0x60 ;; link value INTA# - dw 0x0ca0 ;; IRQ bitmap INTA# + dw 0x0c20 ;; IRQ bitmap INTA# db 0x61 ;; link value INTB# - dw 0x0ca0 ;; IRQ bitmap INTB# + dw 0x0c20 ;; IRQ bitmap INTB# db 0x62 ;; link value INTC# - dw 0x0ca0 ;; IRQ bitmap INTC# + dw 0x0c20 ;; IRQ bitmap INTC# db 0x63 ;; link value INTD# - dw 0x0ca0 ;; IRQ bitmap INTD# + dw 0x0c20 ;; IRQ bitmap INTD# db 3 ;; physical slot (0 = embedded) db 0 ;; reserved ;; 5th slot entry: 4rd PCI slot db 0 ;; pci bus number db 0x28 ;; pci device number (bit 7-3) db 0x61 ;; link value INTA# - dw 0x0ca0 ;; IRQ bitmap INTA# + dw 0x0c20 ;; IRQ bitmap INTA# db 0x62 ;; link value INTB# - dw 0x0ca0 ;; IRQ bitmap INTB# + dw 0x0c20 ;; IRQ bitmap INTB# db 0x63 ;; link value INTC# - dw 0x0ca0 ;; IRQ bitmap INTC# + dw 0x0c20 ;; IRQ bitmap INTC# db 0x60 ;; link value INTD# - dw 0x0ca0 ;; IRQ bitmap INTD# + dw 0x0c20 ;; IRQ bitmap INTD# db 4 ;; physical slot (0 = embedded) db 0 ;; reserved ;; 6th slot entry: 5rd PCI slot db 0 ;; pci bus number db 0x30 ;; pci device number (bit 7-3) db 0x62 ;; link value INTA# - dw 0x0ca0 ;; IRQ bitmap INTA# + dw 0x0c20 ;; IRQ bitmap INTA# db 0x63 ;; link value INTB# - dw 0x0ca0 ;; IRQ bitmap INTB# + dw 0x0c20 ;; IRQ bitmap INTB# db 0x60 ;; link value INTC# - dw 0x0ca0 ;; IRQ bitmap INTC# + dw 0x0c20 ;; IRQ bitmap INTC# db 0x61 ;; link value INTD# - dw 0x0ca0 ;; IRQ bitmap INTD# + dw 0x0c20 ;; IRQ bitmap INTD# db 5 ;; physical slot (0 = embedded) db 0 ;; reserved #endif // BX_PCIBIOS diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/hw/ide.c --- a/tools/ioemu/hw/ide.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/ioemu/hw/ide.c Tue Jul 17 10:20:21 2007 +0100 @@ -596,7 +596,8 @@ static void ide_identify(IDEState *s) /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ put_le16(p + 83, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10)); put_le16(p + 84, (1 << 14)); - put_le16(p + 85, (1 << 14)); + /* 14=nop 5=write_cache */ + put_le16(p + 85, (1 << 14) | (1 << 5)); /* 13=flush_cache_ext,12=flush_cache,10=lba48 */ put_le16(p + 86, (1 << 14) | (1 << 13) | (1 <<12) | (1 << 10)); put_le16(p + 87, (1 << 14)); diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/hw/rtl8139.c --- a/tools/ioemu/hw/rtl8139.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/ioemu/hw/rtl8139.c Tue Jul 17 10:20:21 2007 +0100 @@ -53,9 +53,8 @@ /* debug RTL8139 card C+ mode only */ //#define DEBUG_RTL8139CP 1 -/* RTL8139 provides frame CRC with received packet, this feature seems to be - ignored by most drivers, disabled by default */ -//#define RTL8139_CALCULATE_RXCRC 1 +/* Calculate CRCs propoerly on Rx packets */ +#define RTL8139_CALCULATE_RXCRC 1 /* Uncomment to enable on-board timer interrupts */ //#define RTL8139_ONBOARD_TIMER 1 @@ -754,7 +753,7 @@ static void rtl8139_write_buffer(RTL8139 int wrapped = MOD2(s->RxBufAddr + size, s->RxBufferSize); /* write packet data */ - if (wrapped && s->RxBufferSize < 65536 && !rtl8139_RxWrap(s)) + if (wrapped && !(s->RxBufferSize < 65536 && rtl8139_RxWrap(s))) { DEBUG_PRINT((">>> RTL8139: rx packet wrapped in buffer at %d\n", size-wrapped)); @@ -1030,7 +1029,7 @@ static void rtl8139_do_receive(void *opa /* write checksum */ #if defined (RTL8139_CALCULATE_RXCRC) - val = cpu_to_le32(crc32(~0, buf, size)); + val = cpu_to_le32(crc32(0, buf, size)); #else val = 0; #endif @@ -1136,7 +1135,7 @@ static void rtl8139_do_receive(void *opa /* write checksum */ #if defined (RTL8139_CALCULATE_RXCRC) - val = cpu_to_le32(crc32(~0, buf, size)); + val = cpu_to_le32(crc32(0, buf, size)); #else val = 0; #endif diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/target-i386-dm/exec-dm.c --- a/tools/ioemu/target-i386-dm/exec-dm.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/ioemu/target-i386-dm/exec-dm.c Tue Jul 17 10:20:21 2007 +0100 @@ -446,18 +446,16 @@ extern unsigned long logdirty_bitmap_siz #if defined(__x86_64__) || defined(__i386__) static void memcpy_words(void *dst, void *src, size_t n) { - asm ( + asm volatile ( " movl %%edx,%%ecx \n" #ifdef __x86_64__ " shrl $3,%%ecx \n" - " andl $7,%%edx \n" " rep movsq \n" " test $4,%%edx \n" " jz 1f \n" " movsl \n" #else /* __i386__ */ " shrl $2,%%ecx \n" - " andl $3,%%edx \n" " rep movsl \n" #endif "1: test $2,%%edx \n" @@ -467,7 +465,7 @@ static void memcpy_words(void *dst, void " jz 1f \n" " movsb \n" "1: \n" - : : "S" (src), "D" (dst), "d" (n) : "ecx" ); + : "+S" (src), "+D" (dst) : "d" (n) : "ecx", "memory" ); } #else static void memcpy_words(void *dst, void *src, size_t n) diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/target-i386-dm/helper2.c --- a/tools/ioemu/target-i386-dm/helper2.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/ioemu/target-i386-dm/helper2.c Tue Jul 17 10:20:21 2007 +0100 @@ -140,6 +140,7 @@ void cpu_reset(CPUX86State *env) if (xcHandle < 0) fprintf(logfile, "Cannot acquire xenctrl handle\n"); else { + xc_domain_shutdown_hook(xcHandle, domid); sts = xc_domain_shutdown(xcHandle, domid, SHUTDOWN_reboot); if (sts != 0) fprintf(logfile, diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/vl.c --- a/tools/ioemu/vl.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/ioemu/vl.c Tue Jul 17 10:20:21 2007 +0100 @@ -7141,13 +7141,8 @@ int main(int argc, char **argv) serial_devices[i][0] = '\0'; serial_device_index = 0; -#ifndef CONFIG_DM pstrcpy(parallel_devices[0], sizeof(parallel_devices[0]), "vc"); for(i = 1; i < MAX_PARALLEL_PORTS; i++) -#else - /* Xen steals IRQ7 for PCI. Disable LPT1 by default. */ - for(i = 0; i < MAX_PARALLEL_PORTS; i++) -#endif parallel_devices[i][0] = '\0'; parallel_device_index = 0; diff -r c9720159b983 -r 9559ba7c80f9 tools/ioemu/vl.h --- a/tools/ioemu/vl.h Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/ioemu/vl.h Tue Jul 17 10:20:21 2007 +0100 @@ -1498,4 +1498,13 @@ void destroy_hvm_domain(void); /* VNC Authentication */ #define AUTHCHALLENGESIZE 16 +#ifdef __ia64__ +static inline void xc_domain_shutdown_hook(int xc_handle, uint32_t domid) +{ + xc_ia64_save_to_nvram(xc_handle, domid); +} +#else +#define xc_domain_shutdown_hook(xc_handle, domid) do {} while (0) +#endif + #endif /* VL_H */ diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/ia64/xc_dom_ia64_util.c --- a/tools/libxc/ia64/xc_dom_ia64_util.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxc/ia64/xc_dom_ia64_util.c Tue Jul 17 10:20:21 2007 +0100 @@ -104,7 +104,7 @@ xen_ia64_is_vcpu_allocated(struct xc_dom if (rc == 0) return 1; - if (rc != -ESRCH) + if (errno != ESRCH) PERROR("Could not get vcpu info"); return 0; } diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/ia64/xc_ia64_hvm_build.c --- a/tools/libxc/ia64/xc_ia64_hvm_build.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxc/ia64/xc_ia64_hvm_build.c Tue Jul 17 10:20:21 2007 +0100 @@ -623,6 +623,21 @@ copy_from_nvram_to_GFW(int xc_handle, ui /* + *Check is the address where NVRAM data located valid + */ +static int is_valid_address(void *addr) +{ + struct nvram_save_addr *p = (struct nvram_save_addr *)addr; + + if ( p->signature == NVRAM_VALID_SIG ) + return 1; + else { + PERROR("Invalid nvram signature. Nvram save failed!\n"); + return 0; + } +} + +/* * GFW use 4k page. when doing foreign map, we should 16k align * the address and map one more page to guarantee all 64k nvram data * can be got. @@ -667,7 +682,11 @@ copy_from_GFW_to_nvram(int xc_handle, ui return -1; } - addr_from_GFW_4k_align = *((uint64_t *)tmp_ptr); + /* Check is NVRAM data vaild */ + if ( !is_valid_address(tmp_ptr) ) + return -1; + + addr_from_GFW_4k_align = ((struct nvram_save_addr *)tmp_ptr)->addr; munmap(tmp_ptr, PAGE_SIZE); // align address to 16k diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/xc_domain.c --- a/tools/libxc/xc_domain.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxc/xc_domain.c Tue Jul 17 10:20:21 2007 +0100 @@ -586,6 +586,27 @@ int xc_domain_ioport_permission(int xc_h domctl.u.ioport_permission.allow_access = allow_access; return do_domctl(xc_handle, &domctl); +} + +int xc_availheap(int xc_handle, + int min_width, + int max_width, + int node, + uint64_t *bytes) +{ + DECLARE_SYSCTL; + int rc; + + sysctl.cmd = XEN_SYSCTL_availheap; + sysctl.u.availheap.min_bitwidth = min_width; + sysctl.u.availheap.max_bitwidth = max_width; + sysctl.u.availheap.node = node; + + rc = xc_sysctl(xc_handle, &sysctl); + + *bytes = sysctl.u.availheap.avail_bytes; + + return rc; } int xc_vcpu_setcontext(int xc_handle, @@ -697,6 +718,18 @@ int xc_get_hvm_param(int handle, domid_t return rc; } +int xc_domain_setdebugging(int xc_handle, + uint32_t domid, + unsigned int enable) +{ + DECLARE_DOMCTL; + + domctl.cmd = XEN_DOMCTL_setdebugging; + domctl.domain = domid; + domctl.u.setdebugging.enable = enable; + return do_domctl(xc_handle, &domctl); +} + /* * Local variables: * mode: C diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/xc_linux.c --- a/tools/libxc/xc_linux.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxc/xc_linux.c Tue Jul 17 10:20:21 2007 +0100 @@ -456,7 +456,7 @@ void *xc_gnttab_map_grant_refs(int xcg_h map->count = count; - if ( ioctl(xcg_handle, IOCTL_GNTDEV_MAP_GRANT_REF, &map) ) + if ( ioctl(xcg_handle, IOCTL_GNTDEV_MAP_GRANT_REF, map) ) goto out; addr = mmap(NULL, PAGE_SIZE * count, prot, MAP_SHARED, xcg_handle, diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/xc_ptrace.c --- a/tools/libxc/xc_ptrace.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxc/xc_ptrace.c Tue Jul 17 10:20:21 2007 +0100 @@ -566,10 +566,7 @@ xc_ptrace( } if ( request == PTRACE_DETACH ) { - domctl.cmd = XEN_DOMCTL_setdebugging; - domctl.domain = current_domid; - domctl.u.setdebugging.enable = 0; - if ((retval = do_domctl(xc_handle, &domctl))) + if ((retval = xc_domain_setdebugging(xc_handle, current_domid, 0))) goto out_error_domctl; } regs_valid = 0; @@ -593,10 +590,7 @@ xc_ptrace( else if ((retval = xc_domain_pause(xc_handle, current_domid))) goto out_error_domctl; current_is_hvm = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_hvm_guest); - domctl.cmd = XEN_DOMCTL_setdebugging; - domctl.domain = current_domid; - domctl.u.setdebugging.enable = 1; - if ((retval = do_domctl(xc_handle, &domctl))) + if ((retval = xc_domain_setdebugging(xc_handle, current_domid, 1))) goto out_error_domctl; if (get_online_cpumap(xc_handle, &domctl.u.getdomaininfo, &cpumap)) diff -r c9720159b983 -r 9559ba7c80f9 tools/libxc/xenctrl.h --- a/tools/libxc/xenctrl.h Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxc/xenctrl.h Tue Jul 17 10:20:21 2007 +0100 @@ -433,6 +433,18 @@ int xc_domain_send_trigger(int xc_handle uint32_t trigger, uint32_t vcpu); +/** + * This function enables or disable debugging of a domain. + * + * @parm xc_handle a handle to an open hypervisor interface + * @parm domid the domain id to send trigger + * @parm enable true to enable debugging + * return 0 on success, -1 on failure + */ +int xc_domain_setdebugging(int xc_handle, + uint32_t domid, + unsigned int enable); + /* * EVENT CHANNEL FUNCTIONS */ @@ -616,6 +628,20 @@ int xc_get_pfn_type_batch(int xc_handle, /* Get current total pages allocated to a domain. */ long xc_get_tot_pages(int xc_handle, uint32_t domid); +/** + * This function retrieves the the number of bytes available + * in the heap in a specific range of address-widths and nodes. + * + * @parm xc_handle a handle to an open hypervisor interface + * @parm domid the domain to query + * @parm min_width the smallest address width to query (0 if don't care) + * @parm max_width the largest address width to query (0 if don't care) + * @parm node the node to query (-1 for all) + * @parm *bytes caller variable to put total bytes counted + * @return 0 on success, <0 on failure. + */ +int xc_availheap(int xc_handle, int min_width, int max_width, int node, + uint64_t *bytes); /* * Trace Buffer Operations diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/include/xen/api/xen_acmpolicy.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/libxen/include/xen/api/xen_acmpolicy.h Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2007, IBM Corp. + * Copyright (c) 2007, XenSource Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef XEN_ACMPOLICY_H +#define XEN_ACMPOLICY_H + +#include "xen_common.h" +#include "xen_string_string_map.h" +#include "xen_xspolicy_decl.h" +#include "xen_vm_decl.h" + +/* + * Data structures. + */ + +typedef struct xen_acmpolicy_record +{ + xen_xspolicy handle; + char *uuid; + char *repr; + xs_instantiationflags flags; + xs_type type; +} xen_acmpolicy_record; + +/** + * Allocate a xen_acmpolicy_record. + */ +extern xen_acmpolicy_record * +xen_acmpolicy_record_alloc(void); + +/** + * Free the given xen_xspolicy_record, and all referenced values. The + * given record must have been allocated by this library. + */ +extern void +xen_acmpolicy_record_free(xen_acmpolicy_record *record); + + +/** + * Data structures for the policy's header + */ +typedef struct xen_acm_header +{ + char *policyname; + char *policyurl; + char *date; + char *reference; + char *namespaceurl; + char *version; +} xen_acm_header; + +extern xen_acm_header * +xen_acm_header_alloc(void); + +extern void +xen_acm_header_free(xen_acm_header *hdr); + +/** + * Get the referenced policy's record. + */ +bool +xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result, + xen_xspolicy xspolicy); + +/** + * Get the header of a policy. + */ +extern bool +xen_acmpolicy_get_header(xen_session *session, xen_acm_header **hdr, + xen_xspolicy xspolicy); + + +/** + * Get the XML representation of the policy. + */ +extern bool +xen_acmpolicy_get_xml(xen_session *session, char **xml, + xen_xspolicy xspolicy); + +/** + * Get the mapping file of the policy. + */ +extern bool +xen_acmpolicy_get_map(xen_session *session, char **map, + xen_xspolicy xspolicy); + +/** + * Get the binary representation (base64-encoded) of the policy. + */ +extern bool +xen_acmpolicy_get_binary(xen_session *session, char **binary, + xen_xspolicy xspolicy); + +/** + * Get the UUID filed of the given policy. + */ +bool +xen_acmpolicy_get_uuid(xen_session *session, char **result, + xen_xspolicy xspolicy); + +#endif diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/include/xen/api/xen_vdi.h --- a/tools/libxen/include/xen/api/xen_vdi.h Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxen/include/xen/api/xen_vdi.h Tue Jul 17 10:20:21 2007 +0100 @@ -344,4 +344,17 @@ xen_vdi_get_all(xen_session *session, st xen_vdi_get_all(xen_session *session, struct xen_vdi_set **result); +/** + * Set the security label of a VDI. + */ +extern bool +xen_vdi_set_security_label(xen_session *session, int64_t *result, xen_vdi vdi, + char *label, char *oldlabel); + +/** + * Get the security label of a VDI. + */ +extern bool +xen_vdi_get_security_label(xen_session *session, char **result, xen_vdi vdi); + #endif diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/include/xen/api/xen_vm.h --- a/tools/libxen/include/xen/api/xen_vm.h Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxen/include/xen/api/xen_vm.h Tue Jul 17 10:20:21 2007 +0100 @@ -112,6 +112,7 @@ typedef struct xen_vm_record bool is_control_domain; struct xen_vm_metrics_record_opt *metrics; struct xen_vm_guest_metrics_record_opt *guest_metrics; + char *security_label; } xen_vm_record; /** @@ -891,4 +892,17 @@ xen_vm_get_all(xen_session *session, str xen_vm_get_all(xen_session *session, struct xen_vm_set **result); +/** + * Set the security label of a domain. + */ +extern bool +xen_vm_set_security_label(xen_session *session, int64_t *result, xen_vm vm, + char *label, char *oldlabel); + +/** + * Get the security label of a domain. + */ +extern bool +xen_vm_get_security_label(xen_session *session, char **result, xen_vm vm); + #endif diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/include/xen/api/xen_xspolicy.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/libxen/include/xen/api/xen_xspolicy.h Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,271 @@ +/* + * Copyright (c) 2007, IBM Corp. + * Copyright (c) 2007, XenSource Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef XEN_XSPOLICY_H +#define XEN_XSPOLICY_H + +#include "xen_common.h" +#include "xen_xspolicy_decl.h" +#include "xen_string_string_map.h" + + +/* + * The XSPolicy and associated data structures. + * + */ +typedef int64_t xs_type; +typedef int64_t xs_instantiationflags; + +enum xs_type { + XS_POLICY_ACM = (1 << 0), +}; + +enum xs_instantiationflags { + XS_INST_NONE = 0, + XS_INST_BOOT = (1 << 0), + XS_INST_LOAD = (1 << 1), +}; + + +/* Error codes returned by xend following XSPolicy operations */ +#define XSERR_BASE 0x1000 + +#define XSERR_SUCCESS 0 +#define XSERR_GENERAL_FAILURE 1 + XSERR_BASE +#define XSERR_BAD_XML 2 + XSERR_BASE +#define XSERR_XML_PROCESSING 3 + XSERR_BASE +#define XSERR_POLICY_INCONSISTENT 4 + XSERR_BASE +#define XSERR_FILE_ERROR 5 + XSERR_BASE +#define XSERR_BAD_RESOURCE_FORMAT 6 + XSERR_BASE +#define XSERR_BAD_LABEL_FORMAT 7 + XSERR_BASE +#define XSERR_RESOURCE_NOT_LABELED 8 + XSERR_BASE +#define XSERR_RESOURCE_ALREADY_LABELED 9 + XSERR_BASE +#define XSERR_WRONG_POLICY_TYPE 10 + XSERR_BASE +#define XSERR_BOOTPOLICY_INSTALLED 11 + XSERR_BASE +#define XSERR_NO_DEFAULT_BOOT_TITLE 12 + XSERR_BASE +#define XSERR_POLICY_LOAD_FAILED 13 + XSERR_BASE +#define XSERR_POLICY_LOADED 14 + XSERR_BASE +#define XSERR_POLICY_TYPE_UNSUPPORTED 15 + XSERR_BASE +#define XSERR_BAD_CONFLICTSET 20 + XSERR_BASE +#define XSERR_RESOURCE_IN_USE 21 + XSERR_BASE +#define XSERR_BAD_POLICY_NAME 22 + XSERR_BASE +#define XSERR_RESOURCE_ACCESS 23 + XSERR_BASE +#define XSERR_HV_OP_FAILED 24 + XSERR_BASE +#define XSERR_BOOTPOLICY_INSTALL_ERROR 25 + XSERR_BASE + + +/** + * Free the given xen_xspolicy. The given handle must have been allocated + * by this library. + */ +extern void +xen_xspolicy_free(xen_xspolicy xspolicy); + + +typedef struct xen_xspolicy_set +{ + size_t size; + xen_xspolicy *contents[]; +} xen_xspolicy_set; + +/** + * Allocate a xen_xspolicy_set of the given size. + */ +extern xen_xspolicy_set * +xen_xspolicy_set_alloc(size_t size); + +/** + * Free the given xen_xspolicy_set. The given set must have been allocated + * by this library. + */ +extern void +xen_xspolicy_set_free(xen_xspolicy_set *set); + + +typedef struct xen_xspolicy_record +{ + xen_xspolicy handle; + char *uuid; + char *repr; + xs_instantiationflags flags; + xs_type type; +} xen_xspolicy_record; + +/** + * Allocate a xen_xspolicy_record. + */ +extern xen_xspolicy_record * +xen_xspolicy_record_alloc(void); + +/** + * Free the given xen_xspolicy_record, and all referenced values. The + * given record must have been allocated by this library. + */ +extern void +xen_xspolicy_record_free(xen_xspolicy_record *record); + + +typedef struct xen_xspolicy_record_opt +{ + bool is_record; + union + { + xen_xspolicy handle; + xen_xspolicy_record *record; + } u; +} xen_xspolicy_record_opt; + +/** + * Allocate a xen_xspolicy_record_opt. + */ +extern xen_xspolicy_record_opt * +xen_xspolicy_record_opt_alloc(void); + +/** + * Free the given xen_xspolicy_record_opt, and all referenced values. The + * given record_opt must have been allocated by this library. + */ +extern void +xen_xspolicy_record_opt_free(xen_xspolicy_record_opt *record_opt); + + +typedef struct xen_xspolicy_record_set +{ + size_t size; + xen_xspolicy_record *contents[]; +} xen_xspolicy_record_set; + +/** + * Allocate a xen_xspolicy_record_set of the given size. + */ +extern xen_xspolicy_record_set * +xen_xspolicy_record_set_alloc(size_t size); + +/** + * Free the given xen_xspolicy_record_set, and all referenced values. The + * given set must have been allocated by this library. + */ +extern void +xen_xspolicy_record_set_free(xen_xspolicy_record_set *set); + +/** + * Data structures and function declarations for an XS Policy's state + * information. + */ +typedef struct xen_xs_policystate +{ + xen_xspolicy_record_opt *xs_ref; + int64_t xserr; + char *repr; + xs_type type; + xs_instantiationflags flags; + char *version; + char *errors; +} xen_xs_policystate; + +void +xen_xs_policystate_free(xen_xs_policystate *state); + + +/** + * Get the referenced policy's record. + */ +bool +xen_xspolicy_get_record(xen_session *session, xen_xspolicy_record **result, + xen_xspolicy xspolicy); + +/** + * Get the UUID field of the given policy. + */ +bool +xen_xspolicy_get_uuid(xen_session *session, char **result, + xen_xspolicy xspolicy); + +/** + * Get a policy given it's UUID + */ +bool +xen_xspolicy_get_by_uuid(xen_session *session, xen_xspolicy *result, + char *uuid); + + +/** + * Get the types of policies supported by the system. + */ +bool +xen_xspolicy_get_xstype(xen_session *session, xs_type *result); + + +/** + * Get information about the currently managed policy. + * (The API allows only one policy to be on the system.) + */ +bool +xen_xspolicy_get_xspolicy(xen_session *session, xen_xs_policystate **result); + +/** + * Activate the referenced policy by loading it into the hypervisor. + */ +bool +xen_xspolicy_activate_xspolicy(xen_session *session, int64_t *result, + xen_xspolicy xspolicy, + xs_instantiationflags flags); + + +/** + * Set the system's policy to the given information comprising + * type of policy, the xml representation of the policy, some flags + * on whether to load the policy immediately and whether to overwrite + * an existing policy on the system. + */ +bool +xen_xspolicy_set_xspolicy(xen_session *session, xen_xs_policystate **result, + xs_type type, char *repr, int64_t flags, + bool overwrite); + + +/** + * Remove any policy from having the system booted with. + */ +extern bool +xen_xspolicy_rm_xsbootpolicy(xen_session *session); + +/** + * Retrieve all labeled resources. + */ +extern bool +xen_xspolicy_get_labeled_resources(xen_session *session, + xen_string_string_map **resources); + +/** + * Label a resource such as for example a hard drive partition or file + */ +extern bool +xen_xspolicy_set_resource_label(xen_session *session, + char *resource, char *label, + char *oldlabel); + +/** + * Get the label of a resource. + */ +extern bool +xen_xspolicy_get_resource_label(xen_session *session, char **label, + char *resource); + +#endif diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/include/xen/api/xen_xspolicy_decl.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/libxen/include/xen/api/xen_xspolicy_decl.h Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2007, IBM Corp. + * Copyright (c) 2007, XenSource Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef XEN_XSPOLICY_DECL_H +#define XEN_XSPOLICY_DECL_H + +typedef void *xen_xspolicy; + +struct xen_xspolicy_set; +struct xen_xspolicy_record; +struct xen_xspolicy_record_set; +struct xen_xspolicy_record_opt; +struct xen_xspolicy_record_opt_set; + +#endif diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/src/xen_acmpolicy.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/libxen/src/xen_acmpolicy.c Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,234 @@ +/* + * Copyright (c) 2007, IBM Corp. + * Copyright (c) 2007, XenSource Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include <stddef.h> +#include <stdlib.h> + +#include "xen_internal.h" +#include "xen/api/xen_common.h" +#include "xen/api/xen_xspolicy.h" +#include "xen/api/xen_acmpolicy.h" + + +static const struct_member xen_acmpolicy_record_struct_members[] = + { + { .key = "uuid", + .type = &abstract_type_string, + .offset = offsetof(xen_acmpolicy_record, uuid) }, + { .key = "flags", + .type = &abstract_type_int, + .offset = offsetof(xen_acmpolicy_record, flags) }, + { .key = "repr", + .type = &abstract_type_string, + .offset = offsetof(xen_acmpolicy_record, repr) }, + { .key = "type", + .type = &abstract_type_int, + .offset = offsetof(xen_acmpolicy_record, type) }, + }; + +const abstract_type xen_acmpolicy_record_abstract_type_ = + { + .typename = STRUCT, + .struct_size = sizeof(xen_acmpolicy_record), + .member_count = + sizeof(xen_acmpolicy_record_struct_members) / sizeof(struct_member), + .members = xen_acmpolicy_record_struct_members + }; + + +static const struct_member xen_acm_header_struct_members[] = + { + { .key = "policyname", + .type = &abstract_type_string, + .offset = offsetof(xen_acm_header, policyname) }, + { .key = "policyurl", + .type = &abstract_type_string, + .offset = offsetof(xen_acm_header, policyurl) }, + { .key = "date", + .type = &abstract_type_string, + .offset = offsetof(xen_acm_header, date) }, + { .key = "reference", + .type = &abstract_type_string, + .offset = offsetof(xen_acm_header, reference) }, + { .key = "namespaceurl", + .type = &abstract_type_string, + .offset = offsetof(xen_acm_header, namespaceurl) }, + { .key = "version", + .type = &abstract_type_string, + .offset = offsetof(xen_acm_header, version) }, + }; + +const abstract_type xen_acm_header_abstract_type_ = + { + .typename = STRUCT, + .struct_size = sizeof(xen_acm_header), + .member_count = + sizeof(xen_acm_header_struct_members) / + sizeof(struct_member), + .members = xen_acm_header_struct_members, + }; + +void +xen_acm_header_free(xen_acm_header *shdr) +{ + if (shdr == NULL) + { + return; + } + free(shdr->policyname); + free(shdr->policyurl); + free(shdr->date); + free(shdr->reference); + free(shdr->namespaceurl); + free(shdr->version); + free(shdr); +} + + +void +xen_acmpolicy_record_free(xen_acmpolicy_record *record) +{ + if (record == NULL) + { + return; + } + free(record->handle); + free(record->uuid); + free(record->repr); + free(record); +} + + + +bool +xen_acmpolicy_get_record(xen_session *session, xen_acmpolicy_record **result, + xen_xspolicy xspolicy) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy } + }; + + abstract_type result_type = xen_acmpolicy_record_abstract_type_; + + *result = NULL; + XEN_CALL_("ACMPolicy.get_record"); + + if (session->ok) + { + (*result)->handle = xen_strdup_((*result)->uuid); + } + + return session->ok; +} + + +bool +xen_acmpolicy_get_header(xen_session *session, + xen_acm_header **result, + xen_xspolicy xspolicy) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy }, + }; + + abstract_type result_type = xen_acm_header_abstract_type_; + + *result = NULL; + XEN_CALL_("ACMPolicy.get_header"); + return session->ok; +} + + +bool +xen_acmpolicy_get_xml(xen_session *session, + char **result, + xen_xspolicy xspolicy) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy }, + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("ACMPolicy.get_xml"); + return session->ok; +} + + +bool +xen_acmpolicy_get_map(xen_session *session, + char **result, + xen_xspolicy xspolicy) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy }, + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("ACMPolicy.get_map"); + return session->ok; +} + + +bool +xen_acmpolicy_get_binary(xen_session *session, char **result, + xen_xspolicy xspolicy) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy }, + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("ACMPolicy.get_binary"); + return session->ok; +} + + +bool +xen_acmpolicy_get_uuid(xen_session *session, char **result, + xen_xspolicy xspolicy) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy } + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("ACMPolicy.get_uuid"); + return session->ok; +} diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/src/xen_vdi.c --- a/tools/libxen/src/xen_vdi.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxen/src/xen_vdi.c Tue Jul 17 10:20:21 2007 +0100 @@ -534,3 +534,42 @@ xen_vdi_get_uuid(xen_session *session, c XEN_CALL_("VDI.get_uuid"); return session->ok; } + + +bool +xen_vdi_set_security_label(xen_session *session, int64_t *result, xen_vdi vdi, + char *label, char *oldlabel) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = vdi }, + { .type = &abstract_type_string, + .u.string_val = label }, + { .type = &abstract_type_string, + .u.string_val = oldlabel }, + }; + + abstract_type result_type = abstract_type_int; + + *result = 0; + XEN_CALL_("VDI.set_security_label"); + return session->ok; +} + + +bool +xen_vdi_get_security_label(xen_session *session, char **result, xen_vdi vdi) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = vdi }, + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("VDI.get_security_label"); + return session->ok; +} diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/src/xen_vm.c --- a/tools/libxen/src/xen_vm.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/libxen/src/xen_vm.c Tue Jul 17 10:20:21 2007 +0100 @@ -162,7 +162,10 @@ static const struct_member xen_vm_record .offset = offsetof(xen_vm_record, metrics) }, { .key = "guest_metrics", .type = &abstract_type_ref, - .offset = offsetof(xen_vm_record, guest_metrics) } + .offset = offsetof(xen_vm_record, guest_metrics) }, + { .key = "security_label", + .type = &abstract_type_string, + .offset = offsetof(xen_vm_record, security_label) } }; const abstract_type xen_vm_record_abstract_type_ = @@ -206,6 +209,7 @@ xen_vm_record_free(xen_vm_record *record xen_string_string_map_free(record->other_config); xen_vm_metrics_record_opt_free(record->metrics); xen_vm_guest_metrics_record_opt_free(record->guest_metrics); + free(record->security_label); free(record); } @@ -1738,3 +1742,42 @@ xen_vm_get_uuid(xen_session *session, ch XEN_CALL_("VM.get_uuid"); return session->ok; } + + +bool +xen_vm_set_security_label(xen_session *session, int64_t *result, xen_vm vm, + char *label, char *oldlabel) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = vm }, + { .type = &abstract_type_string, + .u.string_val = label }, + { .type = &abstract_type_string, + .u.string_val = oldlabel }, + }; + + abstract_type result_type = abstract_type_int; + + *result = 0; + XEN_CALL_("VM.set_security_label"); + return session->ok; +} + + +bool +xen_vm_get_security_label(xen_session *session, char **result, xen_vm vm) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = vm }, + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("VM.get_security_label"); + return session->ok; +} diff -r c9720159b983 -r 9559ba7c80f9 tools/libxen/src/xen_xspolicy.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/libxen/src/xen_xspolicy.c Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,327 @@ +/* + * Copyright (c) 2007, IBM Corp. + * Copyright (c) 2007, XenSource Inc. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + + +#include <stddef.h> +#include <stdlib.h> + +#include "xen/api/xen_common.h" +#include "xen/api/xen_internal.h" +#include "xen/api/xen_xspolicy.h" + + +XEN_FREE(xen_xspolicy) +XEN_SET_ALLOC_FREE(xen_xspolicy) +XEN_RECORD_OPT_FREE(xen_xspolicy) + +static const struct_member xen_xspolicy_record_struct_members[] = + { + { .key = "uuid", + .type = &abstract_type_string, + .offset = offsetof(xen_xspolicy_record, uuid) }, + { .key = "flags", + .type = &abstract_type_int, + .offset = offsetof(xen_xspolicy_record, flags) }, + { .key = "repr", + .type = &abstract_type_string, + .offset = offsetof(xen_xspolicy_record, repr) }, + { .key = "type", + .type = &abstract_type_int, + .offset = offsetof(xen_xspolicy_record, type) }, + }; + +const abstract_type xen_xspolicy_record_abstract_type_ = + { + .typename = STRUCT, + .struct_size = sizeof(xen_xspolicy_record), + .member_count = + sizeof(xen_xspolicy_record_struct_members) / sizeof(struct_member), + .members = xen_xspolicy_record_struct_members + }; + + +static const struct_member xen_xs_policystate_struct_members[] = + { + { .key = "xs_ref", + .type = &abstract_type_ref, + .offset = offsetof(xen_xs_policystate, xs_ref) }, + { .key = "xserr", + .type = &abstract_type_int, + .offset = offsetof(xen_xs_policystate, xserr) }, + { .key = "repr", + .type = &abstract_type_string, + .offset = offsetof(xen_xs_policystate, repr) }, + { .key = "type", + .type = &abstract_type_int, + .offset = offsetof(xen_xs_policystate, type) }, + { .key = "flags", + .type = &abstract_type_int, + .offset = offsetof(xen_xs_policystate, flags) }, + { .key = "version", + .type = &abstract_type_string, + .offset = offsetof(xen_xs_policystate, version) }, + { .key = "errors", + .type = &abstract_type_string, + .offset = offsetof(xen_xs_policystate, errors) }, + }; + +const abstract_type xen_xs_policystate_abstract_type_ = + { + .typename = STRUCT, + .struct_size = sizeof(xen_xs_policystate), + .member_count = + sizeof(xen_xs_policystate_struct_members) / + sizeof(struct_member), + .members = xen_xs_policystate_struct_members, + }; + + + + +void +xen_xs_policystate_free(xen_xs_policystate *state) +{ + if (state == NULL) + { + return; + } + xen_xspolicy_record_opt_free(state->xs_ref); + free(state->repr); + free(state->errors); + free(state->version); + free(state); +} + + +void +xen_xspolicy_record_free(xen_xspolicy_record *record) +{ + if (record == NULL) + { + return; + } + free(record->handle); + free(record->uuid); + free(record->repr); + free(record); +} + + +bool +xen_xspolicy_get_record(xen_session *session, xen_xspolicy_record **result, + xen_xspolicy xspolicy) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy } + }; + + abstract_type result_type = xen_xspolicy_record_abstract_type_; + + *result = NULL; + XEN_CALL_("XSPolicy.get_record"); + + if (session->ok) + { + (*result)->handle = xen_strdup_((*result)->uuid); + } + + return session->ok; +} + + +bool +xen_xspolicy_get_uuid(xen_session *session, char **result, + xen_xspolicy xspolicy) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy } + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("XSPolicy.get_uuid"); + return session->ok; +} + + +bool +xen_xspolicy_get_by_uuid(xen_session *session, xen_xspolicy *result, + char *uuid) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = uuid } + }; + + abstract_type result_type = abstract_type_string; + + *result = NULL; + XEN_CALL_("XSPolicy.get_by_uuid"); + return session->ok; +} + + +bool +xen_xspolicy_get_xstype(xen_session *session, xs_type *result) +{ + abstract_value param_values[] = + { + }; + + abstract_type result_type = abstract_type_int; + + *result = 0; + XEN_CALL_("XSPolicy.get_xstype"); + return session->ok; +} + + +bool +xen_xspolicy_set_xspolicy(xen_session *session, xen_xs_policystate **result, + xs_type type, char *repr, + xs_instantiationflags flags, + bool overwrite) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_int, + .u.int_val = type }, + { .type = &abstract_type_string, + .u.string_val = repr }, + { .type = &abstract_type_int, + .u.int_val = flags }, + { .type = &abstract_type_bool, + .u.bool_val = overwrite } + }; + + abstract_type result_type = xen_xs_policystate_abstract_type_; + + *result = NULL; + XEN_CALL_("XSPolicy.set_xspolicy"); + return session->ok; +} + + +bool +xen_xspolicy_get_xspolicy(xen_session *session, xen_xs_policystate **result) +{ + abstract_value param_values[] = + { + }; + + abstract_type result_type = xen_xs_policystate_abstract_type_; + + *result = NULL; + XEN_CALL_("XSPolicy.get_xspolicy"); + return session->ok; +} + + +bool +xen_xspolicy_get_labeled_resources(xen_session *session, + xen_string_string_map **result) +{ + abstract_value param_values[] = + { + }; + + abstract_type result_type = abstract_type_string_string_map; + + *result = NULL; + XEN_CALL_("XSPolicy.get_labeled_resources"); + return session->ok; +} + + +bool +xen_xspolicy_set_resource_label(xen_session *session, + char *resource, char *label, + char *oldlabel) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = resource }, + { .type = &abstract_type_string, + .u.string_val = label }, + { .type = &abstract_type_string, + .u.string_val = oldlabel }, + }; + + xen_call_(session, "XSPolicy.set_resource_label", param_values, 3, + NULL, NULL); + return session->ok; +} + + +bool +xen_xspolicy_get_resource_label(xen_session *session, char **result, + char *resource) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = resource }, + }; + + abstract_type result_type = abstract_type_string; + XEN_CALL_("XSPolicy.get_resource_label"); + return session->ok; +} + + +bool +xen_xspolicy_rm_xsbootpolicy(xen_session *session) +{ + abstract_value param_values[] = + { + }; + + xen_call_(session, "XSPolicy.rm_xsbootpolicy", param_values, 0, + NULL, NULL); + return session->ok; +} + + +bool +xen_xspolicy_activate_xspolicy(xen_session *session, + xs_instantiationflags *result, + xen_xspolicy xspolicy, + xs_instantiationflags flags) +{ + abstract_value param_values[] = + { + { .type = &abstract_type_string, + .u.string_val = xspolicy }, + { .type = &abstract_type_int, + .u.int_val = flags }, + }; + + abstract_type result_type = abstract_type_int; + + *result = 0; + XEN_CALL_("XSPolicy.activate_xspolicy"); + return session->ok; +} diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/util/acmpolicy.py --- a/tools/python/xen/util/acmpolicy.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/util/acmpolicy.py Tue Jul 17 10:20:21 2007 +0100 @@ -57,12 +57,20 @@ class ACMPolicy(XSPolicy): def __init__(self, name=None, dom=None, ref=None, xml=None): if name: self.name = name - self.dom = minidom.parse(self.path_from_policy_name(name)) + try: + self.dom = minidom.parse(self.path_from_policy_name(name)) + except Exception, e: + raise SecurityError(-xsconstants.XSERR_XML_PROCESSING, + str(e)) elif dom: self.dom = dom self.name = self.get_name() elif xml: - self.dom = minidom.parseString(xml) + try: + self.dom = minidom.parseString(xml) + except Exception, e: + raise SecurityError(-xsconstants.XSERR_XML_PROCESSING, + str(e)) self.name = self.get_name() rc = self.validate() if rc != xsconstants.XSERR_SUCCESS: @@ -481,7 +489,8 @@ class ACMPolicy(XSPolicy): strings = [] i = 0 while i < len(node.childNodes): - if node.childNodes[i].nodeName == "Type": + if node.childNodes[i].nodeName == "Type" and \ + len(node.childNodes[i].childNodes) > 0: strings.append(node.childNodes[i].childNodes[0].nodeValue) i += 1 return strings @@ -564,7 +573,8 @@ class ACMPolicy(XSPolicy): while i < len(node.childNodes): if node.childNodes[i].nodeName == "VirtualMachineLabel": name = self.policy_dom_get(node.childNodes[i], "Name") - strings.append(name.childNodes[0].nodeValue) + if len(name.childNodes) > 0: + strings.append(name.childNodes[0].nodeValue) i += 1 return strings @@ -592,23 +602,24 @@ class ACMPolicy(XSPolicy): i = 0 while i < len(node.childNodes): if node.childNodes[i].nodeName == "VirtualMachineLabel": - _res = {} - _res['type'] = xsconstants.ACM_LABEL_VM name = self.policy_dom_get(node.childNodes[i], "Name") - _res['name'] = name.childNodes[0].nodeValue - stes = self.policy_dom_get(node.childNodes[i], - "SimpleTypeEnforcementTypes") - if stes: - _res['stes'] = self.policy_get_types(stes) - else: - _res['stes'] = [] - chws = self.policy_dom_get(node.childNodes[i], - "ChineseWallTypes") - if chws: - _res['chws'] = self.policy_get_types(chws) - else: - _res['chws'] = [] - res.append(_res) + if len(name.childNodes) > 0: + _res = {} + _res['type'] = xsconstants.ACM_LABEL_VM + _res['name'] = name.childNodes[0].nodeValue + stes = self.policy_dom_get(node.childNodes[i], + "SimpleTypeEnforcementTypes") + if stes: + _res['stes'] = self.policy_get_types(stes) + else: + _res['stes'] = [] + chws = self.policy_dom_get(node.childNodes[i], + "ChineseWallTypes") + if chws: + _res['chws'] = self.policy_get_types(chws) + else: + _res['chws'] = [] + res.append(_res) i += 1 return res @@ -628,7 +639,8 @@ class ACMPolicy(XSPolicy): while i < len(node.childNodes): if node.childNodes[i].nodeName == labeltype: name = self.policy_dom_get(node.childNodes[i], "Name") - if name.childNodes[0].nodeValue == label: + if len(name.childNodes) > 0 and \ + name.childNodes[0].nodeValue == label: stes = self.policy_dom_get(node.childNodes[i], "SimpleTypeEnforcementTypes") if not stes: @@ -662,7 +674,7 @@ class ACMPolicy(XSPolicy): if node.childNodes[i].nodeName == labeltype: name = self.policy_dom_get(node.childNodes[i], "Name") from_name = name.getAttribute("from") - if from_name: + if from_name and len(name.childNodes) > 0: res.update({from_name : name.childNodes[0].nodeValue}) i += 1 return res @@ -700,7 +712,7 @@ class ACMPolicy(XSPolicy): name = self.policy_dom_get(node.childNodes[i], "Name") stes = self.policy_dom_get(node.childNodes[i], "SimpleTypeEnforcementTypes") - if stes: + if stes and len(name.childNodes) > 0: strings.append(name.childNodes[0].nodeValue) i += 1 return strings @@ -715,18 +727,19 @@ class ACMPolicy(XSPolicy): i = 0 while i < len(node.childNodes): if node.childNodes[i].nodeName == "ResourceLabel": - _res = {} - _res['type'] = xsconstants.ACM_LABEL_RES name = self.policy_dom_get(node.childNodes[i], "Name") - _res['name'] = name.childNodes[0].nodeValue - stes = self.policy_dom_get(node.childNodes[i], - "SimpleTypeEnforcementTypes") - if stes: - _res['stes'] = self.policy_get_types(stes) - else: - _res['stes'] = [] - _res['chws'] = [] - res.append(_res) + if len(name.childNodes) > 0: + _res = {} + _res['type'] = xsconstants.ACM_LABEL_RES + _res['name'] = name.childNodes[0].nodeValue + stes = self.policy_dom_get(node.childNodes[i], + "SimpleTypeEnforcementTypes") + if stes: + _res['stes'] = self.policy_get_types(stes) + else: + _res['stes'] = [] + _res['chws'] = [] + res.append(_res) i += 1 return res diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/util/security.py --- a/tools/python/xen/util/security.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/util/security.py Tue Jul 17 10:20:21 2007 +0100 @@ -154,75 +154,6 @@ def calc_dom_ssidref_from_info(info): return 0 raise VmError("security.calc_dom_ssidref_from_info: info of type '%s'" "not supported." % type(info)) - -# Assumes a 'security' info [security access_control ...] [ssidref ...] -def get_security_info(info, field): - """retrieves security field from self.info['security']) - allowed search fields: ssidref, label, policy - """ - if isinstance(info, dict): - security = info['security'] - elif isinstance(info, list): - security = sxp.child_value(info, 'security') - if not security: - if field == 'ssidref': - #return default ssid - return 0 - else: - err("Security information not found in info struct.") - - if field == 'ssidref': - search = 'ssidref' - elif field in ['policy', 'label']: - search = 'access_control' - else: - err("Illegal field in get_security_info.") - - for idx in range(0, len(security)): - if search != security[idx][0]: - continue - if search == 'ssidref': - return int(security[idx][1]) - else: - for aidx in range(0, len(security[idx])): - if security[idx][aidx][0] == field: - return str(security[idx][aidx][1]) - - if search == 'ssidref': - return 0 - else: - return None - - -def get_security_printlabel(info): - """retrieves printable security label from self.info['security']), - preferably the label name and otherwise (if label is not specified - in config and cannot be found in mapping file) a hex string of the - ssidref or none if both not available - """ - try: - if not on(): - return "INACTIVE" - if active_policy in ["DEFAULT"]: - return "DEFAULT" - - printlabel = get_security_info(info, 'label') - if printlabel: - return printlabel - ssidref = get_security_info(info, 'ssidref') - if not ssidref: - return None - #try to translate ssidref to a label - result = ssidref2label(ssidref) - if not result: - printlabel = "0x%08x" % ssidref - else: - printlabel = result - return printlabel - except ACMError: - #don't throw an exception in xm list - return "ERROR" - def getmapfile(policyname): diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xend/XendConfig.py --- a/tools/python/xen/xend/XendConfig.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xend/XendConfig.py Tue Jul 17 10:20:21 2007 +0100 @@ -636,6 +636,8 @@ class XendConfig(dict): except ValueError, e: raise XendConfigError('cpus = %s: %s' % (cfg['cpus'], e)) + if not 'security' in cfg and sxp.child_value(sxp_cfg, 'security'): + cfg['security'] = sxp.child_value(sxp_cfg, 'security') if 'security' in cfg and not cfg.get('security_label'): secinfo = cfg['security'] if isinstance(secinfo, list): diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xend/XendDomain.py --- a/tools/python/xen/xend/XendDomain.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xend/XendDomain.py Tue Jul 17 10:20:21 2007 +0100 @@ -1164,6 +1164,10 @@ class XendDomain: if dominfo.getDomid() == DOM0_ID: raise XendError("Cannot dump core for privileged domain %s" % domid) + if dominfo._stateGet() not in (DOM_STATE_PAUSED, DOM_STATE_RUNNING): + raise VMBadState("Domain '%s' is not started" % domid, + POWER_STATE_NAMES[DOM_STATE_PAUSED], + POWER_STATE_NAMES[dominfo._stateGet()]) try: log.info("Domain core dump requested for domain %s (%d) " @@ -1537,6 +1541,10 @@ class XendDomain: dominfo = self.domain_lookup_nr(domid) if not dominfo: raise XendInvalidDomain(str(domid)) + if dominfo._stateGet() not in (DOM_STATE_RUNNING, DOM_STATE_PAUSED): + raise VMBadState("Domain '%s' is not started" % domid, + POWER_STATE_NAMES[DOM_STATE_RUNNING], + POWER_STATE_NAMES[dominfo._stateGet()]) if trigger_name.lower() in TRIGGER_TYPE: trigger = TRIGGER_TYPE[trigger_name.lower()] else: diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xend/XendDomainInfo.py --- a/tools/python/xen/xend/XendDomainInfo.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xend/XendDomainInfo.py Tue Jul 17 10:20:21 2007 +0100 @@ -459,6 +459,7 @@ class XendDomainInfo: hvm_pvdrv = xc.hvm_get_param(self.domid, HVM_PARAM_CALLBACK_IRQ) if not hvm_pvdrv: code = REVERSE_DOMAIN_SHUTDOWN_REASONS[reason] + xc.domain_destroy_hook(self.domid) log.info("HVM save:remote shutdown dom %d!", self.domid) xc.domain_shutdown(self.domid, code) @@ -1593,6 +1594,7 @@ class XendDomainInfo: log.exception("Removing domain path failed.") self._stateSet(DOM_STATE_HALTED) + self.domid = None # Do not push into _stateSet()! finally: self.refresh_shutdown_lock.release() diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/activatepolicy.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/activatepolicy.py Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,86 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2007 International Business Machines Corp. +# Author: Stefan Berger <stefanb@xxxxxxxxxx> +#============================================================================ + +"""Activate the managed policy of the system. +""" + +import sys +from xen.util import xsconstants +from xml.dom import minidom +from xen.xm.opts import OptionError +from xen.xm import getpolicy +from xen.xm import main as xm_main +from xen.xm.main import server + +def help(): + return """ + Usage: xm activatepolicy [options] + + Activate the xend-managed policy. + + The following options are defined: + --load Load the policy into the hypervisor. + --boot Have the system boot with the policy. Changes the default + title in grub.conf. + --noboot Remove the policy from the default entry in grub.conf. + """ + +def activate_policy(flags): + policystate = server.xenapi.XSPolicy.get_xspolicy() + xs_ref = policystate['xs_ref'] + if int(policystate['type']) == 0 or xs_ref == "": + print "No policy is installed." + return + rc = int(server.xenapi.XSPolicy.activate_xspolicy(xs_ref, flags)) + if rc == flags: + print "Successfully activated the policy." + else: + print "An error occurred trying to activate the policy: %s" % \ + xsconstants.xserr2string(rc) + +def remove_bootpolicy(): + server.xenapi.XSPolicy.rm_xsbootpolicy() + +def main(argv): + if xm_main.serverType != xm_main.SERVER_XEN_API: + raise OptionError('xm needs to be configured to use the xen-api.') + flags = 0 + c = 1 + + while c < len(argv): + if '--boot' == argv[c]: + flags |= xsconstants.XS_INST_BOOT + elif '--load' == argv[c]: + flags |= xsconstants.XS_INST_LOAD + elif '--noboot' == argv[c]: + remove_bootpolicy() + else: + raise OptionError("Unknown command line option '%s'" % argv[c]) + c += 1 + + if flags != 0: + activate_policy(flags) + + getpolicy.getpolicy(False) + +if __name__ == '__main__': + try: + main(sys.argv) + except Exception, e: + sys.stderr.write('Error: %s\n' % str(e)) + sys.exit(-1) diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/addlabel.py --- a/tools/python/xen/xm/addlabel.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/addlabel.py Tue Jul 17 10:20:21 2007 +0100 @@ -25,17 +25,29 @@ from xen.util import dictio from xen.util import dictio from xen.util import security from xen.xm.opts import OptionError +from xen.util import xsconstants +from xen.xm import main as xm_main +from xen.xm.main import server def help(): return """ Format: xm addlabel <label> dom <configfile> [<policy>] - xm addlabel <label> res <resource> [<policy>] + xm addlabel <label> mgt <domain name> [<policy type>:<policy>] + xm addlabel <label> res <resource> [[<policy type>:]<policy>] This program adds an acm_label entry into the 'configfile' - for a domain or to the global resource label file for a - resource. It derives the policy from the running hypervisor + for a domain or allows to label a xend-managed domain. + The global resource label file for is extended with labels for + resources. It derives the policy from the running hypervisor if it is not given (optional parameter). If a label already - exists for the given domain or resource, then addlabel fails.""" + exists for the given domain or resource, then addlabel fails. + + For xend-managed domains, the 'mgt' parameter should be used and + the 'xm' tool must have been configured to use the xen-api for + communication with xen. If a policy is provided as last parameter, + its type must also be given. Currently only one type of policy is + supported and identified as 'ACM'. An example for a valid string + is 'ACM:xm-test'. """ def validate_config_file(configfile): @@ -66,32 +78,47 @@ def validate_config_file(configfile): return 1 -def add_resource_label(label, resource, policyref): +def add_resource_label(label, resource, policyref, policy_type): """Adds a resource label to the global resource label file. """ - # sanity check: make sure this label can be instantiated later on - ssidref = security.label2ssidref(label, policyref, 'res') - - #build canonical resource name - resource = security.unify_resname(resource) - - # see if this resource is already in the file - access_control = {} - file = security.res_label_filename - try: - access_control = dictio.dict_read("resources", file) - except: - print "Resource file not found, creating new file at:" - print "%s" % (file) - - if access_control.has_key(resource): - security.err("This resource is already labeled.") - - # write the data to file - new_entry = { resource : tuple([policyref, label]) } - access_control.update(new_entry) - dictio.dict_write(access_control, "resources", file) - + + if xm_main.serverType != xm_main.SERVER_XEN_API: + + # sanity check: make sure this label can be instantiated later on + ssidref = security.label2ssidref(label, policyref, 'res') + + #build canonical resource name + resource = security.unify_resname(resource,mustexist=False) + + # see if this resource is already in the file + access_control = {} + fil = security.res_label_filename + try: + access_control = dictio.dict_read("resources", fil) + except: + print "Resource file not found, creating new file at:" + print "%s" % (fil) + + if access_control.has_key(resource): + security.err("This resource is already labeled.") + + # write the data to file + new_entry = { resource : tuple([policy_type, policyref, label]) } + access_control.update(new_entry) + dictio.dict_write(access_control, "resources", fil) + else: + res = [ policy_type, policyref, label ] + res_xapi = security.format_resource_label(res) + old = server.xenapi.XSPolicy.get_resource_label(resource) + if old == "": + try: + server.xenapi.XSPolicy.set_resource_label(resource, + res_xapi, + "") + except Exception, e: + security.err("Could not label this resource: %s" % e) + else: + security.err("'%s' is already labeled with '%s'" % (resource,old)) def add_domain_label(label, configfile, policyref): # sanity checks: make sure this label can be instantiated later on @@ -109,9 +136,35 @@ def add_domain_label(label, configfile, config_fd.write(new_label) config_fd.close() +def add_domain_label_xapi(label, domainname, policyref, policy_type): + if xm_main.serverType != xm_main.SERVER_XEN_API: + raise OptionError('Xm must be configured to use the xen-api.') + uuids = server.xenapi.VM.get_by_name_label(domainname) + if len(uuids) == 0: + raise OptionError('A VM with that name does not exist.') + if len(uuids) != 1: + raise OptionError('There are multiple domains with the same name.') + uuid = uuids[0] + sec_lab = "%s:%s:%s" % (policy_type, policyref, label) + try: + old_lab = server.xenapi.VM.get_security_label(uuid) + rc = server.xenapi.VM.set_security_label(uuid, sec_lab, old_lab) + except: + rc = -1 + if int(rc) < 0: + raise OptionError('Could not label domain.') + else: + ssidref = int(rc) + if ssidref != 0: + print "Set the label of domain '%s' to '%s'. New ssidref = %08x" % \ + (domainname,label,ssidref) + else: + print "Set the label of dormant domain '%s' to '%s'." % \ + (domainname,label) def main(argv): policyref = None + policy_type = "" if len(argv) not in (4, 5): raise OptionError('Needs either 2 or 3 arguments') @@ -121,6 +174,7 @@ def main(argv): policyref = argv[4] elif security.on(): policyref = security.active_policy + policy_type = xsconstants.ACM_POLICY_ID else: raise OptionError("No active policy. Must specify policy on the " "command line.") @@ -136,11 +190,27 @@ def main(argv): raise OptionError('Invalid config file') else: add_domain_label(label, configfile, policyref) + elif argv[2].lower() == "mgt": + domain = argv[3] + if policy_type == "": + tmp = policyref.split(":") + if len(tmp) != 2: + raise OptionError("Policy name in wrong format.") + policy_type, policyref = tmp + add_domain_label_xapi(label, domain, policyref, policy_type) elif argv[2].lower() == "res": resource = argv[3] - add_resource_label(label, resource, policyref) - else: - raise OptionError('Need to specify either "dom" or "res" as ' + if policy_type == "": + tmp = policyref.split(":") + if len(tmp) == 1: + policy_type = xsconstants.ACM_POLICY_ID + elif len(tmp) == 2: + policy_type, policyref = tmp + else: + raise OptionError("Policy name in wrong format.") + add_resource_label(label, resource, policyref, policy_type) + else: + raise OptionError('Need to specify either "dom", "mgt" or "res" as ' 'object to add label to.') if __name__ == '__main__': @@ -149,6 +219,3 @@ if __name__ == '__main__': except Exception, e: sys.stderr.write('Error: %s\n' % str(e)) sys.exit(-1) - - - diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/cfgbootpolicy.py --- a/tools/python/xen/xm/cfgbootpolicy.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/cfgbootpolicy.py Tue Jul 17 10:20:21 2007 +0100 @@ -31,7 +31,11 @@ from xen.util.security import boot_filen from xen.util.security import boot_filename, altboot_filename from xen.util.security import any_title_re, xen_kernel_re, any_module_re from xen.util.security import empty_line_re, binary_name_re, policy_name_re +from xen.util import xsconstants from xen.xm.opts import OptionError +from xen.xm import main as xm_main +from xen.xm.main import server +from xen.util.acmpolicy import ACMPolicy def help(): return """ @@ -144,6 +148,39 @@ def insert_policy(boot_file, alt_boot_fi pass return extended_titles[0] +def cfgbootpolicy_xapi(policy, user_title=None): + xstype = int(server.xenapi.XSPolicy.get_xstype()) + if xstype & xsconstants.XS_POLICY_ACM == 0: + raise OptionError("ACM policy not supported on system.") + if user_title: + raise OptionError("Only the default title is supported with Xen-API.") + + policystate = server.xenapi.XSPolicy.get_xspolicy() + if int(policystate['type']) == 0: + print "No policy is installed." + return + + if int(policystate['type']) != xsconstants.XS_POLICY_ACM: + print "Unknown policy type '%s'." % policystate['type'] + return + else: + xml = policystate['repr'] + xs_ref = policystate['xs_ref'] + if not xml: + OptionError("No policy installed on system?") + acmpol = ACMPolicy(xml=xml) + if acmpol.get_name() != policy: + OptionError("Policy installed on system '%s' does not match the " + "request policy '%s'" % (acmpol.get_name(), policy)) + flags = int(policystate['flags']) | xsconstants.XS_INST_BOOT + rc = int(server.xenapi.XSPolicy.activate_xspolicy(xs_ref, flags)) + if rc == flags: + print "Successfully enabled the policy for having the system" \ + " booted with." + else: + print "An error occurred during the operation: %s" % \ + xsconstants.xserr2string(rc) + def main(argv): user_kver = None @@ -159,24 +196,27 @@ def main(argv): if not policy_name_re.match(policy): raise OptionError("Illegal policy name: '%s'" % policy) - policy_file = '/'.join([policy_dir_prefix] + policy.split('.')) - src_binary_policy_file = policy_file + ".bin" - #check if .bin exists or if policy file exists - if not os.path.isfile(src_binary_policy_file): - if not os.path.isfile(policy_file + "-security_policy.xml"): - raise OptionError("Unknown policy '%s'" % policy) - else: - err_msg = "Cannot find binary file for policy '%s'." % policy - err_msg += " Please use makepolicy to create binary file." - raise OptionError(err_msg) - - dst_binary_policy_file = "/boot/" + policy + ".bin" - shutil.copyfile(src_binary_policy_file, dst_binary_policy_file) - - entryname = insert_policy(boot_filename, altboot_filename, - user_title, policy) - print "Boot entry '%s' extended and \'%s\' copied to /boot" \ - % (entryname, policy + ".bin") + if xm_main.serverType == xm_main.SERVER_XEN_API: + cfgbootpolicy_xapi(policy) + else: + policy_file = '/'.join([policy_dir_prefix] + policy.split('.')) + src_binary_policy_file = policy_file + ".bin" + #check if .bin exists or if policy file exists + if not os.path.isfile(src_binary_policy_file): + if not os.path.isfile(policy_file + "-security_policy.xml"): + raise OptionError("Unknown policy '%s'" % policy) + else: + err_msg = "Cannot find binary file for policy '%s'." % policy + err_msg += " Please use makepolicy to create binary file." + raise OptionError(err_msg) + + dst_binary_policy_file = "/boot/" + policy + ".bin" + shutil.copyfile(src_binary_policy_file, dst_binary_policy_file) + + entryname = insert_policy(boot_filename, altboot_filename, + user_title, policy) + print "Boot entry '%s' extended and \'%s\' copied to /boot" \ + % (entryname, policy + ".bin") if __name__ == '__main__': try: diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/create.dtd --- a/tools/python/xen/xm/create.dtd Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/create.dtd Tue Jul 17 10:20:21 2007 +0100 @@ -38,6 +38,7 @@ memory, vbd*, vif*, + vtpm*, console*, platform*, vcpu_param*, @@ -49,7 +50,8 @@ actions_after_shutdown %NORMAL_EXIT; #REQUIRED actions_after_reboot %NORMAL_EXIT; #REQUIRED actions_after_crash %CRASH_BEHAVIOUR; #REQUIRED - PCI_bus CDATA #REQUIRED> + PCI_bus CDATA #REQUIRED + security_label CDATA #IMPLIED> <!ELEMENT memory EMPTY> <!ATTLIST memory static_min CDATA #REQUIRED @@ -73,6 +75,9 @@ device CDATA #REQUIRED qos_algorithm_type CDATA #REQUIRED network CDATA #IMPLIED> + +<!ELEMENT vtpm (name*)> +<!ATTLIST vtpm backend CDATA #REQUIRED> <!ELEMENT console (other_config*)> <!ATTLIST console protocol (vt100|rfb|rdp) #REQUIRED> diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/create.py --- a/tools/python/xen/xm/create.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/create.py Tue Jul 17 10:20:21 2007 +0100 @@ -643,22 +643,12 @@ def configure_security(config, vals): ['policy', policy], ['label', label] ] - #ssidref cannot be specified together with access_control - if sxp.child_value(config, 'ssidref'): - err("ERROR: SSIDREF and access_control are mutually exclusive but both specified!") - #else calculate ssidre from label + #calculate ssidref from label ssidref = security.label2ssidref(label, policy, 'dom') if not ssidref : err("ERROR calculating ssidref from access_control.") security_label = ['security', [ config_access_control, ['ssidref' , ssidref ] ] ] config.append(security_label) - elif num == 0: - if hasattr(vals, 'ssidref'): - if not security.on(): - err("ERROR: Security ssidref specified but no policy active.") - ssidref = getattr(vals, 'ssidref') - security_label = ['security', [ [ 'ssidref' , int(ssidref) ] ] ] - config.append(security_label) elif num > 1: err("VM config error: Multiple access_control definitions!") @@ -1231,13 +1221,13 @@ def config_security_check(config, verbos except security.ACMError: print " %s: DENIED" % (resource) - (res_label, res_policy) = security.get_res_label(resource) + (poltype, res_label, res_policy) = security.get_res_label(resource) if not res_label: res_label = "" - print " --> res: %s (%s)" % (str(res_label), - str(res_policy)) - print " --> dom: %s (%s)" % (str(domain_label), - str(domain_policy)) + print " --> res: %s (%s:%s)" % (str(res_label), + str(poltype), str(res_policy)) + print " --> dom: %s (%s:%s)" % (str(domain_label), + str(poltype), str(domain_policy)) answer = 0 diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/getlabel.py --- a/tools/python/xen/xm/getlabel.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/getlabel.py Tue Jul 17 10:20:21 2007 +0100 @@ -21,14 +21,19 @@ import sys, os, re import sys, os, re from xen.util import dictio from xen.util import security +from xen.util import xsconstants from xen.xm.opts import OptionError +from xen.xm import main as xm_main +from xen.xm.main import server def help(): return """ Usage: xm getlabel dom <configfile> + xm getlabel mgt <domain name> xm getlabel res <resource> - This program shows the label for a domain or resource.""" + This program shows the label for a domain, resource or virtual network + interface of a Xend-managed domain.""" def get_resource_label(resource): """Gets the resource label @@ -37,17 +42,24 @@ def get_resource_label(resource): resource = security.unify_resname(resource) # read in the resource file - file = security.res_label_filename + fil = security.res_label_filename try: - access_control = dictio.dict_read("resources", file) + access_control = dictio.dict_read("resources", fil) except: raise OptionError("Resource label file not found") # get the entry and print label if access_control.has_key(resource): - policy = access_control[resource][0] - label = access_control[resource][1] - print "policy="+policy+",label="+label + tmp = access_control[resource] + if len(tmp) == 2: + policy, label = tmp + policytype = xsconstants.ACM_POLICY_ID + elif len(tmp) == 3: + policytype, policy, label = tmp + else: + raise security.ACMError("Resource not properly labeled. " + "Please relabel the resource.") + print policytype+":"+policy+":"+label else: raise security.ACMError("Resource not labeled") @@ -89,8 +101,19 @@ def get_domain_label(configfile): data = data.strip() data = data.lstrip("[\'") data = data.rstrip("\']") - print data + print "policytype=%s," % xsconstants.ACM_POLICY_ID + data +def get_domain_label_xapi(domainname): + if xm_main.serverType != xm_main.SERVER_XEN_API: + raise OptionError('xm needs to be configure to use the xen-api.') + uuids = server.xenapi.VM.get_by_name_label(domainname) + if len(uuids) == 0: + raise OptionError('A VM with that name does not exist.') + if len(uuids) != 1: + raise OptionError('There are multiple domains with the same name.') + uuid = uuids[0] + sec_lab = server.xenapi.VM.get_security_label(uuid) + print "%s" %sec_lab def main(argv): if len(argv) != 3: @@ -99,11 +122,15 @@ def main(argv): if argv[1].lower() == "dom": configfile = argv[2] get_domain_label(configfile) + elif argv[1].lower() == "mgt": + domainname = argv[2] + get_domain_label_xapi(domainname) elif argv[1].lower() == "res": resource = argv[2] get_resource_label(resource) else: - raise OptionError('First subcommand argument must be "dom" or "res"') + raise OptionError('First subcommand argument must be "dom"' + ', "mgt" or "res"') if __name__ == '__main__': try: @@ -111,6 +138,4 @@ if __name__ == '__main__': except Exception, e: sys.stderr.write('Error: %s\n' % str(e)) sys.exit(-1) - - diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/getpolicy.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/getpolicy.py Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,94 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2007 International Business Machines Corp. +# Author: Stefan Berger <stefanb@xxxxxxxxxx> +#============================================================================ + +"""Get the managed policy of the system. +""" + +import sys +from xen.util import xsconstants +from xml.dom import minidom +from xen.xm.opts import OptionError +from xen.util.acmpolicy import ACMPolicy +from xen.xm import main as xm_main +from xen.xm.main import server + +def help(): + return """ + Usage: xm getpolicy [options] + + The following options are defined + --dumpxml Display the XML of the policy + + Get the policy managed by xend.""" + +def getpolicy(dumpxml): + if xm_main.serverType != xm_main.SERVER_XEN_API: + raise OptionError('xm needs to be configured to use the xen-api.') + types = [] + xstype = int(server.xenapi.XSPolicy.get_xstype()) + if xstype & xsconstants.XS_POLICY_ACM: + types.append("ACM") + xstype ^= xsconstants.XS_POLICY_ACM + if xstype != 0: + types.append("unsupported (%08x)" % xstype) + print "Supported security subsystems : %s \n" % ", ".join(types) + + policystate = server.xenapi.XSPolicy.get_xspolicy() + if int(policystate['type']) == 0: + print "No policy is installed." + return + if int(policystate['type']) != xsconstants.XS_POLICY_ACM: + print "Unknown policy type '%s'." % policystate['type'] + else: + xml = policystate['repr'] + acmpol = None + if xml: + acmpol = ACMPolicy(xml=xml) + print "Policy installed on the system:" + if acmpol: + print "Policy name : %s" % acmpol.get_name() + print "Policy type : %s" % xsconstants.ACM_POLICY_ID + print "Reference : %s" % policystate['xs_ref'] + print "Version of XML policy : %s" % policystate['version'] + state = [] + flags = int(policystate['flags']) + if flags & xsconstants.XS_INST_LOAD: + state.append("loaded") + if flags & xsconstants.XS_INST_BOOT: + state.append("system booted with") + print "State of the policy : %s" % ", ".join(state) + if dumpxml: + xml = policystate['repr'] + if xml: + dom = minidom.parseString(xml.encode("utf-8")) + print "%s" % dom.toprettyxml(indent=" ",newl="\n") + +def main(argv): + dumpxml = False + + if '--dumpxml' in argv: + dumpxml = True + + getpolicy(dumpxml) + +if __name__ == '__main__': + try: + main(sys.argv) + except Exception, e: + sys.stderr.write('Error: %s\n' % str(e)) + sys.exit(-1) diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/labels.py --- a/tools/python/xen/xm/labels.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/labels.py Tue Jul 17 10:20:21 2007 +0100 @@ -24,6 +24,10 @@ from xen.util.security import ACMError, from xen.util.security import ACMError, err, list_labels, active_policy from xen.util.security import vm_label_re, res_label_re, all_label_re from xen.xm.opts import OptionError +from xen.util.acmpolicy import ACMPolicy +from xen.util import xsconstants +from xen.xm.main import server +from xen.xm import main as xm_main def help(): @@ -48,6 +52,12 @@ def main(argv): else: raise OptionError('Unrecognised option: %s' % arg) + if xm_main.serverType != xm_main.SERVER_XEN_API: + labels(policy, ptype) + else: + labels_xapi(policy, ptype) + +def labels(policy, ptype): if not policy: policy = active_policy if active_policy in ['NULL', 'INACTIVE', 'DEFAULT']: @@ -73,7 +83,30 @@ def main(argv): except: traceback.print_exc(limit = 1) +def labels_xapi(policy, ptype): + policystate = server.xenapi.XSPolicy.get_xspolicy() + if int(policystate['type']) == xsconstants.XS_POLICY_ACM: + acmpol = ACMPolicy(xml=policystate['repr']) + if policy and policy != acmpol.get_name(): + print "Warning: '%s' is not the currently loaded policy." % policy + return labels(policy, ptype) + names1 = [] + names2 = [] + if not ptype or ptype == 'dom' or ptype == 'any': + names1 = acmpol.policy_get_virtualmachinelabel_names() + if ptype == 'res' or ptype == 'any': + names2 = acmpol.policy_get_resourcelabel_names() + if len(names1) > 0: + names = set(names1) + names.union(names2) + else: + names = set(names2) + for n in names: + print n + elif int(policystate['type']) == 0: + print "No policy installed on the system." + else: + print "Unsupported type of policy installed on the system." + if __name__ == '__main__': main(sys.argv) - - diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/loadpolicy.py --- a/tools/python/xen/xm/loadpolicy.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/loadpolicy.py Tue Jul 17 10:20:21 2007 +0100 @@ -22,6 +22,11 @@ import traceback import traceback from xen.util.security import ACMError, err, load_policy from xen.xm.opts import OptionError +from xen.xm import main as xm_main +from xen.util import xsconstants +from xen.xm.activatepolicy import activate_policy +from xen.xm.main import server +from xen.util.acmpolicy import ACMPolicy def help(): return """Load the compiled binary (.bin) policy into the running @@ -30,8 +35,31 @@ def main(argv): def main(argv): if len(argv) != 2: raise OptionError('No policy defined') - - load_policy(argv[1]) + if xm_main.serverType == xm_main.SERVER_XEN_API: + policy = argv[1] + print "This command is deprecated for use with Xen-API " \ + "configuration. Consider using\n'xm activatepolicy'." + policystate = server.xenapi.XSPolicy.get_xspolicy() + if int(policystate['type']) == 0: + print "No policy is installed." + return + + if int(policystate['type']) != xsconstants.XS_POLICY_ACM: + print "Unknown policy type '%s'." % policystate['type'] + return + else: + xml = policystate['repr'] + xs_ref = policystate['xs_ref'] + if not xml: + OptionError("No policy installed on system?") + acmpol = ACMPolicy(xml=xml) + if acmpol.get_name() != policy: + OptionError("Policy installed on system '%s' does not match"\ + " the request policy '%s'" % \ + (acmpol.get_name(), policy)) + activate_policy(xsconstants.XS_INST_LOAD) + else: + load_policy(argv[1]) if __name__ == '__main__': try: diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/main.py --- a/tools/python/xen/xm/main.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/main.py Tue Jul 17 10:20:21 2007 +0100 @@ -50,6 +50,7 @@ from xen.xm.opts import OptionError, Opt from xen.xm.opts import OptionError, Opts, wrap, set_true from xen.xm import console from xen.util.xmlrpcclient import ServerProxy +from xen.util.security import ACMError import XenAPI @@ -171,11 +172,12 @@ SUBCOMMAND_HELP = { # security - 'addlabel' : ('<label> {dom <ConfigFile>|res <resource>} [<policy>]', + 'addlabel' : ('<label> {dom <ConfigFile>|res <resource>|mgt <managed domain>}\n' + ' [<policy>]', 'Add security label to domain.'), - 'rmlabel' : ('{dom <ConfigFile>|res <Resource>}', + 'rmlabel' : ('{dom <ConfigFile>|res <Resource>|mgt<managed domain>}', 'Remove a security label from domain.'), - 'getlabel' : ('{dom <ConfigFile>|res <Resource>}', + 'getlabel' : ('{dom <ConfigFile>|res <Resource>|mgt <managed domain>}', 'Show security label for domain or resource.'), 'dry-run' : ('<ConfigFile>', 'Test if a domain can access its resources.'), @@ -186,6 +188,10 @@ SUBCOMMAND_HELP = { 'loadpolicy' : ('<policy.bin>', 'Load binary policy into hypervisor.'), 'makepolicy' : ('<policy>', 'Build policy and create .bin/.map ' 'files.'), + 'setpolicy' : ('<policytype> <policyfile> [options]', + 'Set the policy of the system.'), + 'getpolicy' : ('[options]', 'Get the policy of the system.'), + 'activatepolicy': ('[options]', 'Activate the xend-managed policy.'), 'labels' : ('[policy] [type=dom|res|any]', 'List <type> labels for (active) policy.'), 'serve' : ('', 'Proxy Xend XMLRPC over stdio.'), @@ -343,6 +349,9 @@ acm_commands = [ "loadpolicy", "cfgbootpolicy", "dumppolicy", + "activatepolicy", + "setpolicy", + "getpolicy", ] all_commands = (domain_commands + host_commands + scheduler_commands + @@ -861,13 +870,13 @@ def parse_doms_info(info): 'up_time' : up_time } - # We're not supporting security stuff just yet via XenAPI - - if serverType != SERVER_XEN_API: - from xen.util import security - parsed_info['seclabel'] = security.get_security_printlabel(info) - else: - parsed_info['seclabel'] = "" + security_label = get_info('security_label', str, '') + tmp = security_label.split(":") + if len(tmp) != 3: + seclabel = "" + else: + seclabel = tmp[2] + parsed_info['seclabel'] = seclabel if serverType == SERVER_XEN_API: parsed_info['mem'] = get_info('memory_actual', int, 0) / 1024 @@ -925,28 +934,26 @@ def xm_brief_list(doms): print format % d def xm_label_list(doms): - print '%-32s %5s %5s %5s %5s %9s %-8s' % \ + print '%-32s %5s %5s %5s %10s %9s %-8s' % \ ('Name', 'ID', 'Mem', 'VCPUs', 'State', 'Time(s)', 'Label') output = [] format = '%(name)-32s %(domid)5s %(mem)5d %(vcpus)5d %(state)10s ' \ '%(cpu_time)8.1f %(seclabel)9s' - if serverType != SERVER_XEN_API: - from xen.util import security + from xen.util import security - for dom in doms: - d = parse_doms_info(dom) - - if security.active_policy not in ['INACTIVE', 'NULL', 'DEFAULT']: - if not d['seclabel']: - d['seclabel'] = 'ERROR' - elif security.active_policy in ['DEFAULT']: - d['seclabel'] = 'DEFAULT' - else: - d['seclabel'] = 'INACTIVE' - - output.append((format % d, d['seclabel'])) + for dom in doms: + d = parse_doms_info(dom) + if security.active_policy not in ['INACTIVE', 'NULL', 'DEFAULT']: + if not d['seclabel']: + d['seclabel'] = 'ERROR' + elif security.active_policy in ['DEFAULT']: + d['seclabel'] = 'DEFAULT' + else: + d['seclabel'] = 'INACTIVE' + + output.append((format % d, d['seclabel'])) #sort by labels output.sort(lambda x,y: cmp( x[1].lower(), y[1].lower())) @@ -1989,16 +1996,24 @@ def xm_block_list(args): % ni) def xm_vtpm_list(args): - xenapi_unsupported() (use_long, params) = arg_check_for_resource_list(args, "vtpm-list") dom = params[0] + + if serverType == SERVER_XEN_API: + vtpm_refs = server.xenapi.VM.get_VTPMs(get_single_vm(dom)) + vtpm_properties = \ + map(server.xenapi.VTPM.get_runtime_properties, vtpm_refs) + devs = map(lambda (handle, properties): [handle, map2sxp(properties)], + zip(range(len(vtpm_properties)), vtpm_properties)) + else: + devs = server.xend.domain.getDeviceSxprs(dom, 'vtpm') + if use_long: - devs = server.xend.domain.getDeviceSxprs(dom, 'vtpm') map(PrettyPrint.prettyprint, devs) else: hdr = 0 - for x in server.xend.domain.getDeviceSxprs(dom, 'vtpm'): + for x in devs: if hdr == 0: print 'Idx BE handle state evt-ch ring-ref BE-path' hdr = 1 @@ -2028,18 +2043,6 @@ def parse_block_configuration(args): ['mode', args[3]]] if len(args) == 5: vbd.append(['backend', args[4]]) - - if serverType != SERVER_XEN_API: - # verify that policy permits attaching this resource - from xen.util import security - - if security.on(): - dominfo = server.xend.domain(dom) - label = security.get_security_printlabel(dominfo) - else: - label = None - - security.res_security_check(args[1], label) return (dom, vbd) @@ -2440,6 +2443,9 @@ IMPORTED_COMMANDS = [ 'getlabel', 'dry-run', 'resources', + 'getpolicy', + 'setpolicy', + 'activatepolicy', ] for c in IMPORTED_COMMANDS: @@ -2563,6 +2569,8 @@ def _run_cmd(cmd, cmd_name, args): print e.usage except XenAPIUnsupportedException, e: err(str(e)) + except ACMError, e: + err(str(e)) except Exception, e: if serverType != SERVER_XEN_API: from xen.util import security diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/makepolicy.py --- a/tools/python/xen/xm/makepolicy.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/makepolicy.py Tue Jul 17 10:20:21 2007 +0100 @@ -20,7 +20,10 @@ import sys import sys import traceback from xen.util.security import ACMError, err, make_policy +from xen.util import xsconstants from xen.xm.opts import OptionError +from xen.xm import main as xm_main +from xen.xm.setpolicy import setpolicy def usage(): print "\nUsage: xm makepolicy <policy>\n" @@ -32,8 +35,13 @@ def main(argv): def main(argv): if len(argv) != 2: raise OptionError('No XML policy file specified') - - make_policy(argv[1]) + if xm_main.serverType == xm_main.SERVER_XEN_API: + print "This command is deprecated for use with Xen-API " \ + "configuration. Consider using\n'xm setpolicy'." + setpolicy(xsconstants.ACM_POLICY_ID, argv[1], + xsconstants.XS_INST_LOAD, True) + else: + make_policy(argv[1]) if __name__ == '__main__': try: @@ -41,5 +49,3 @@ if __name__ == '__main__': except Exception, e: sys.stderr.write('Error: %s\n' % str(e)) sys.exit(-1) - - diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/resources.py --- a/tools/python/xen/xm/resources.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/resources.py Tue Jul 17 10:20:21 2007 +0100 @@ -21,7 +21,10 @@ import sys import sys from xen.util import dictio from xen.util import security +from xen.util import xsconstants from xen.xm.opts import OptionError +from xen.xm import main as xm_main +from xen.xm.main import server def help(): return """ @@ -32,20 +35,32 @@ def print_resource_data(access_control): """Prints out a resource dictionary to stdout """ for resource in access_control: - (policy, label) = access_control[resource] + tmp = access_control[resource] + if len(tmp) == 2: + policytype = xsconstants.ACM_POLICY_ID + (policy, label) = access_control[resource] + elif len(tmp) == 3: + policytype, policy, label = access_control[resource] print resource - print " policy: "+policy - print " label: "+label + print " type: "+ policytype + print " policy: "+ policy + print " label: "+ label def main (argv): if len(argv) > 1: raise OptionError("No arguments required") - - try: - filename = security.res_label_filename - access_control = dictio.dict_read("resources", filename) - except: - raise OptionError("Resource file not found") + + if xm_main.serverType == xm_main.SERVER_XEN_API: + access_control = server.xenapi.XSPolicy.get_labeled_resources() + for key, value in access_control.items(): + access_control[key] = tuple(value.split(':')) + else: + try: + filename = security.res_label_filename + access_control = dictio.dict_read("resources", filename) + print access_control + except: + raise OptionError("Resource file not found") print_resource_data(access_control) diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/rmlabel.py --- a/tools/python/xen/xm/rmlabel.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/rmlabel.py Tue Jul 17 10:20:21 2007 +0100 @@ -22,35 +22,52 @@ from xen.util import dictio from xen.util import dictio from xen.util import security from xen.xm.opts import OptionError +from xen.xm import main as xm_main +from xen.xm.main import server def help(): return """ Example: xm rmlabel dom <configfile> xm rmlabel res <resource> + xm rmlabel mgt <domain name> This program removes an acm_label entry from the 'configfile' - for a domain or from the global resource label file for a - resource. If the label does not exist for the given domain or - resource, then rmlabel fails.""" + for a domain, from a Xend-managed domain, from the global resource label + file for a resource or from the virtual network interface of a Xend-managed + domain. If the label does not exist for the given domain or resource, then + rmlabel fails.""" def rm_resource_label(resource): """Removes a resource label from the global resource label file. """ + # Try Xen-API first if configured to use it + if xm_main.serverType == xm_main.SERVER_XEN_API: + try: + oldlabel = server.xenapi.XSPolicy.get_resource_label(resource) + if oldlabel != "": + server.xenapi.XSPolicy.set_resource_label(resource,"", + oldlabel) + else: + raise security.ACMError("Resource not labeled") + except Exception, e: + print "Could not remove label from resource: %s" % e + return + #build canonical resource name resource = security.unify_resname(resource) # read in the resource file - file = security.res_label_filename + fil = security.res_label_filename try: - access_control = dictio.dict_read("resources", file) + access_control = dictio.dict_read("resources", fil) except: raise security.ACMError("Resource file not found, cannot remove label!") # remove the entry and update file if access_control.has_key(resource): del access_control[resource] - dictio.dict_write(access_control, "resources", file) + dictio.dict_write(access_control, "resources", fil) else: raise security.ACMError("Resource not labeled") @@ -58,15 +75,15 @@ def rm_domain_label(configfile): def rm_domain_label(configfile): # open the domain config file fd = None - file = None + fil = None if configfile[0] == '/': - file = configfile - fd = open(file, "rb") + fil = configfile + fd = open(fil, "rb") else: for prefix in [".", "/etc/xen"]: - file = prefix + "/" + configfile - if os.path.isfile(file): - fd = open(file, "rb") + fil = prefix + "/" + configfile + if os.path.isfile(fil): + fd = open(fil, "rb") break if not fd: raise OptionError("Configuration file '%s' not found." % configfile) @@ -93,9 +110,24 @@ def rm_domain_label(configfile): raise security.ACMError('Domain not labeled') # write the data back out to the file - fd = open(file, "wb") + fd = open(fil, "wb") fd.writelines(file_contents) fd.close() + +def rm_domain_label_xapi(domainname): + if xm_main.serverType != xm_main.SERVER_XEN_API: + raise OptionError('Need to be configure for using xen-api.') + uuids = server.xenapi.VM.get_by_name_label(domainname) + if len(uuids) == 0: + raise OptionError('A VM with that name does not exist.') + if len(uuids) != 1: + raise OptionError('Too many domains with the same name.') + uuid = uuids[0] + try: + old_lab = server.xenapi.VM.get_security_label(uuid) + server.xenapi.VM.set_security_label(uuid, "", old_lab) + except Exception, e: + print('Could not remove label from domain: %s' % e) def main (argv): @@ -103,12 +135,15 @@ def main (argv): if len(argv) != 3: raise OptionError('Requires 2 arguments') - if argv[1].lower() not in ('dom', 'res'): + if argv[1].lower() not in ('dom', 'mgt', 'res'): raise OptionError('Unrecognised type argument: %s' % argv[1]) if argv[1].lower() == "dom": configfile = argv[2] rm_domain_label(configfile) + elif argv[1].lower() == "mgt": + domain = argv[2] + rm_domain_label_xapi(domain) elif argv[1].lower() == "res": resource = argv[2] rm_resource_label(resource) @@ -119,5 +154,3 @@ if __name__ == '__main__': except Exception, e: sys.stderr.write('Error: %s\n' % str(e)) sys.exit(-1) - - diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/setpolicy.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tools/python/xen/xm/setpolicy.py Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,117 @@ +#============================================================================ +# This library is free software; you can redistribute it and/or +# modify it under the terms of version 2.1 of the GNU Lesser General Public +# License as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +#============================================================================ +# Copyright (C) 2007 International Business Machines Corp. +# Author: Stefan Berger <stefanb@xxxxxxxxxx> +#============================================================================ + +"""Get the managed policy of the system. +""" + +import base64 +import struct +import sys +import string +from xen.util import xsconstants +from xen.xm.opts import OptionError +from xen.util.security import policy_dir_prefix +from xen.xm import main as xm_main +from xen.xm.main import server + +def help(): + return """ + Usage: xm setpolicy <policytype> <policy> [options] + + Set the policy managed by xend. + + The only policytype that is currently supported is 'ACM'. + + The following options are defined + --load Load the policy immediately + --boot Have the system load the policy during boot + """ + +def setpolicy(policytype, policy_name, flags, overwrite): + if xm_main.serverType != xm_main.SERVER_XEN_API: + raise OptionError('xm needs to be configured to use the xen-api.') + if policytype != xsconstants.ACM_POLICY_ID: + raise OptionError("Unsupported policytype '%s'." % policytype) + else: + xs_type = xsconstants.XS_POLICY_ACM + + policy_file = policy_dir_prefix + "/" + \ + string.join(string.split(policy_name, "."), "/") + policy_file += "-security_policy.xml" + + try: + f = open(policy_file,"r") + xml = f.read(-1) + f.close() + except: + raise OptionError("Not a valid policy file") + + try: + policystate = server.xenapi.XSPolicy.set_xspolicy(xs_type, + xml, + flags, + overwrite) + except Exception, e: + print "An error occurred setting the policy: %s" % str(e) + return + xserr = int(policystate['xserr']) + if xserr != 0: + print "An error occurred trying to set the policy: %s" % \ + xsconstants.xserr2string(abs(xserr)) + errors = policystate['errors'] + if len(errors) > 0: + print "Hypervisor reported errors:" + err = base64.b64decode(errors) + i = 0 + while i + 7 < len(err): + code, data = struct.unpack("!ii", errors[i:i+8]) + print "(0x%08x, 0x%08x)" % (code, data) + i += 8 + else: + print "Successfully set the new policy." + + +def main(argv): + if len(argv) < 3: + raise OptionError("Need at least 3 arguments.") + + if "-?" in argv: + help() + return + + policytype = argv[1] + policy_name = argv[2] + + flags = 0 + if '--load' in argv: + flags |= xsconstants.XS_INST_LOAD + if '--boot' in argv: + flags |= xsconstants.XS_INST_BOOT + + overwrite = True + if '--nooverwrite' in argv: + overwrite = False + + setpolicy(policytype, policy_name, flags, overwrite) + +if __name__ == '__main__': + try: + main(sys.argv) + except Exception, e: + sys.stderr.write('Error: %s\n' % str(e)) + sys.exit(-1) diff -r c9720159b983 -r 9559ba7c80f9 tools/python/xen/xm/xenapi_create.py --- a/tools/python/xen/xm/xenapi_create.py Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/python/xen/xm/xenapi_create.py Tue Jul 17 10:20:21 2007 +0100 @@ -25,6 +25,7 @@ from xen.xend.XendAPIConstants import XE from xen.xend.XendAPIConstants import XEN_API_ON_NORMAL_EXIT, \ XEN_API_ON_CRASH_BEHAVIOUR from xen.xm.opts import OptionError +from xen.util import xsconstants import sys import os @@ -308,6 +309,12 @@ class xenapi_create: "" } + if vm.attributes.has_key("security_label"): + vm_record.update({ + "security_label": + vm.attributes["security_label"].value + }) + if len(vm.getElementsByTagName("pv")) > 0: vm_record.update({ "PV_bootloader": @@ -348,6 +355,12 @@ class xenapi_create: self.create_vifs(vm_ref, vifs, networks) + # Now create vtpms + + vtpms = vm.getElementsByTagName("vtpm") + + self.create_vtpms(vm_ref, vtpms) + # Now create consoles consoles = vm.getElementsByTagName("console") @@ -441,6 +454,21 @@ class xenapi_create: self._network_refs = server.xenapi.network.get_all() return self._network_refs.pop(0) + def create_vtpms(self, vm_ref, vtpms): + if len(vtpms) > 1: + vtpms = [ vtpms[0] ] + log(DEBUG, "create_vtpms") + return map(lambda vtpm: self.create_vtpm(vm_ref, vtpm), vtpms) + + def create_vtpm(self, vm_ref, vtpm): + vtpm_record = { + "VM": + vm_ref, + "backend": + vtpm.attributes["backend"].value + } + return server.xenapi.VTPM.create(vtpm_record) + def create_consoles(self, vm_ref, consoles): log(DEBUG, "create_consoles") return map(lambda console: self.create_console(vm_ref, console), @@ -482,6 +510,10 @@ class sxp2xml: vifs_sxp = map(lambda x: x[1], [device for device in devices if device[1][0] == "vif"]) + + vtpms_sxp = map(lambda x: x[1], [device for device in devices + if device[1][0] == "vtpm"]) + # Create XML Document impl = getDOMImplementation() @@ -530,6 +562,14 @@ class sxp2xml: = str(get_child_by_name(config, "vcpus", 1)) vm.attributes["vcpus_at_startup"] \ = str(get_child_by_name(config, "vcpus", 1)) + + sec_data = get_child_by_name(config, "security") + if sec_data: + try : + vm.attributes['security_label'] = \ + "%s:%s:%s" % (xsconstants.ACM_POLICY_ID, sec_data[0][1][1],sec_data[0][2][1]) + except Exception, e: + raise "Invalid security data format: %s" % str(sec_data) # Make the name tag @@ -601,6 +641,12 @@ class sxp2xml: map(vm.appendChild, vifs) + # And now the vTPMs + + vtpms = map(lambda vtpm: self.extract_vtpm(vtpm, document), vtpms_sxp) + + map(vm.appendChild, vtpms) + # Last but not least the consoles... consoles = self.extract_consoles(image, document) @@ -707,6 +753,15 @@ class sxp2xml: = get_child_by_name(vif_sxp, "bridge") return vif + + def extract_vtpm(self, vtpm_sxp, document): + + vtpm = document.createElement("vtpm") + + vtpm.attributes["backend"] \ + = get_child_by_name(vtpm_sxp, "backend", "0") + + return vtpm _eths = -1 diff -r c9720159b983 -r 9559ba7c80f9 tools/security/policies/security_policy.xsd --- a/tools/security/policies/security_policy.xsd Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/security/policies/security_policy.xsd Tue Jul 17 10:20:21 2007 +0100 @@ -99,7 +99,7 @@ <xsd:sequence> <xsd:element name="Name" type="NameWithFrom"></xsd:element> <xsd:element ref="SimpleTypeEnforcementTypes" minOccurs="0" maxOccurs="unbounded" /> - <xsd:element name="ChineseWallTypes" type="SingleChineseWallType" /> + <xsd:element ref="ChineseWallTypes" minOccurs="0" maxOccurs="unbounded" /> </xsd:sequence> </xsd:complexType> </xsd:element> @@ -143,9 +143,4 @@ <xsd:element maxOccurs="1" minOccurs="1" ref="Type" /> </xsd:sequence> </xsd:complexType> - <xsd:complexType name="SingleChineseWallType"> - <xsd:sequence> - <xsd:element maxOccurs="1" minOccurs="1" ref="Type" /> - </xsd:sequence> - </xsd:complexType> </xsd:schema> diff -r c9720159b983 -r 9559ba7c80f9 tools/vtpm_manager/util/hashtable_itr.c --- a/tools/vtpm_manager/util/hashtable_itr.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/vtpm_manager/util/hashtable_itr.c Tue Jul 17 10:20:21 2007 +0100 @@ -225,7 +225,7 @@ hashtable_iterator_search(struct hashtab egress: #ifdef HASHTABLE_THREADED - pthread_mutex_lock(&h->mutex); -#endif - return ret; -} + pthread_mutex_unlock(&h->mutex); +#endif + return ret; +} diff -r c9720159b983 -r 9559ba7c80f9 tools/xenstore/xsls.c --- a/tools/xenstore/xsls.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/xenstore/xsls.c Tue Jul 17 10:20:21 2007 +0100 @@ -8,6 +8,7 @@ #include <sys/ioctl.h> #include <termios.h> +#define STRING_MAX PATH_MAX static int max_width = 80; static int desired_width = 60; @@ -19,7 +20,8 @@ void print_dir(struct xs_handle *h, char void print_dir(struct xs_handle *h, char *path, int cur_depth, int show_perms) { char **e; - char newpath[512], *val; + char newpath[STRING_MAX], *val; + int newpath_len; int i; unsigned int num, len; @@ -33,13 +35,26 @@ void print_dir(struct xs_handle *h, char unsigned int nperms; int linewid; - for (linewid=0; linewid<cur_depth; linewid++) putchar(' '); + /* Print indent and path basename */ + for (linewid=0; linewid<cur_depth; linewid++) { + putchar(' '); + } linewid += printf("%.*s", (int) (max_width - TAG_LEN - linewid), e[i]); - sprintf(newpath, "%s%s%s", path, + + /* Compose fullpath and fetch value */ + newpath_len = snprintf(newpath, sizeof(newpath), "%s%s%s", path, path[strlen(path)-1] == '/' ? "" : "/", e[i]); - val = xs_read(h, XBT_NULL, newpath, &len); + if ( newpath_len < sizeof(newpath) ) { + val = xs_read(h, XBT_NULL, newpath, &len); + } + else { + /* Path was truncated and thus invalid */ + val = NULL; + } + + /* Print value */ if (val == NULL) { printf(":\n"); } @@ -88,7 +103,7 @@ void print_dir(struct xs_handle *h, char void usage(int argc, char *argv[]) { - fprintf(stderr, "Usage: %s [-p] [path]\n", argv[0]); + fprintf(stderr, "Usage: %s [-w] [-p] [path]\n", argv[0]); } int main(int argc, char *argv[]) @@ -104,11 +119,14 @@ int main(int argc, char *argv[]) if (!ret) max_width = ws.ws_col - PAD; - while (0 < (c = getopt(argc, argv, "ps"))) { + while (0 < (c = getopt(argc, argv, "psw"))) { switch (c) { + case 'w': + max_width= STRING_MAX - PAD; + desired_width = 0; + break; case 'p': show_perm = 1; - max_width -= 16; break; case 's': socket = 1; @@ -121,6 +139,11 @@ int main(int argc, char *argv[]) } } + /* Adjust the width here to avoid argument order dependency */ + if ( show_perm ) { + max_width -= 16; + } + xsh = socket ? xs_daemon_open() : xs_domain_open(); if (xsh == NULL) err(1, socket ? "xs_daemon_open" : "xs_domain_open"); diff -r c9720159b983 -r 9559ba7c80f9 tools/xentrace/xenctx.c --- a/tools/xentrace/xenctx.c Mon Jul 16 14:20:16 2007 -0500 +++ b/tools/xentrace/xenctx.c Tue Jul 17 10:20:21 2007 +0100 @@ -47,6 +47,13 @@ int stack_trace = 0; #elif defined (__ia64__) /* On ia64, we can't translate virtual address to physical address. */ #define NO_TRANSLATION + +/* Which registers should be displayed. */ +int disp_cr_regs; +int disp_ar_regs; +int disp_br_regs; +int disp_bank_regs; +int disp_tlb; #endif struct symbol { @@ -287,12 +294,12 @@ void print_ctx(vcpu_guest_context_t *ctx #define ITIR_PS_MAX 28 #define RR_RID_SHIFT 8 #define RR_RID_MASK 0xffffff - -void print_ctx(vcpu_guest_context_t *ctx1) -{ - struct vcpu_guest_context_regs *regs = &ctx1->regs; - struct vcpu_tr_regs *tr = &ctx1->regs.tr; - int i, ps_val, ma_val; +#define PSR_BN (1UL << 44) +#define CFM_SOF_MASK 0x3f + +static void print_tr(int i, const struct ia64_tr_entry *tr) +{ + int ps_val, ma_val; unsigned long pa; static const char ps[][5] = {" 4K", " 8K", " 16K", " ", @@ -303,104 +310,204 @@ void print_ctx(vcpu_guest_context_t *ctx static const char ma[][4] = {"WB ", " ", " ", " ", "UC ", "UCE", "WC ", "Nat"}; - printf(" ip: %016lx ", regs->ip); + ps_val = tr->itir >> ITIR_PS_SHIFT & ITIR_PS_MASK; + ma_val = tr->pte >> PTE_MA_SHIFT & PTE_MA_MASK; + pa = (tr->pte >> PTE_PPN_SHIFT & PTE_PPN_MASK) << PTE_PPN_SHIFT; + pa = (pa >> ps_val) << ps_val; + printf(" [%d] %ld %06lx %016lx %013lx %02x %s %ld %ld %ld %ld " + "%ld %d %s %06lx\n", i, + tr->pte >> PTE_P_SHIFT & PTE_P_MASK, + tr->rid >> RR_RID_SHIFT & RR_RID_MASK, + tr->vadr, pa, ps_val, + ((ps_val >= ITIR_PS_MIN && ps_val <= ITIR_PS_MAX) ? + ps[ps_val - ITIR_PS_MIN] : " "), + tr->pte >> PTE_ED_SHIFT & PTE_ED_MASK, + tr->pte >> PTE_PL_SHIFT & PTE_PL_MASK, + tr->pte >> PTE_AR_SHIFT & PTE_AR_MASK, + tr->pte >> PTE_A_SHIFT & PTE_A_MASK, + tr->pte >> PTE_D_SHIFT & PTE_D_MASK, + ma_val, ma[ma_val], + tr->itir >> ITIR_KEY_SHIFT & ITIR_KEY_MASK); +} + +void print_ctx(vcpu_guest_context_t *ctx) +{ + struct vcpu_guest_context_regs *regs = &ctx->regs; + struct vcpu_tr_regs *tr = &ctx->regs.tr; + int i; + unsigned int rbs_size, cfm_sof; + + printf(" ip: %016lx ", regs->ip); print_symbol(regs->ip); printf("\n"); - printf(" psr: %016lx ", regs->psr); - printf(" b0: %016lx\n", regs->b[0]); - printf(" b6: %016lx ", regs->b[6]); - printf(" b7: %016lx\n", regs->b[7]); - printf(" cfm: %016lx ", regs->cfm); - printf(" ar.unat: %016lx\n", regs->ar.unat); - printf(" ar.pfs: %016lx ", regs->ar.pfs); - printf(" ar.rsc: %016lx\n", regs->ar.rsc); - printf(" ar.rnat: %016lx ", regs->ar.rnat); - printf(" ar.bspstore: %016lx\n", regs->ar.bspstore); - printf(" ar.fpsr: %016lx ", regs->ar.fpsr); - printf(" event_callback_ip: %016lx\n", ctx1->event_callback_ip); - printf(" pr: %016lx ", regs->pr); - /* printf(" loadrs: %016lx\n", regs->loadrs); */ - printf(" iva: %016lx\n", regs->cr.iva); - printf(" dcr: %016lx\n", regs->cr.dcr); - - printf("\n"); - printf(" r1: %016lx\n", regs->r[1]); + printf(" psr: %016lx ", regs->psr); + printf(" cfm: %016lx ", regs->cfm); + printf(" pr: %016lx\n", regs->pr); + + if (disp_br_regs) { + printf(" b0: %016lx ", regs->b[0]); + printf(" b1: %016lx ", regs->b[1]); + printf(" b2: %016lx\n", regs->b[2]); + printf(" b3: %016lx ", regs->b[3]); + printf(" b4: %016lx ", regs->b[4]); + printf(" b5: %016lx\n", regs->b[5]); + printf(" b6: %016lx ", regs->b[6]); + printf(" b7: %016lx\n", regs->b[7]); + } else { + printf(" b0: %016lx\n", regs->b[0]); + } + + if (disp_cr_regs) { + printf ("\n" + " CR:\n"); + printf(" dcr: %016lx ", regs->cr.dcr); + printf(" itm: %016lx ", regs->cr.itm); + printf(" iva: %016lx\n", regs->cr.iva); + printf(" pta: %016lx ", regs->cr.pta); + printf(" ipsr: %016lx ", regs->cr.ipsr); + printf(" isr: %016lx\n", regs->cr.isr); + printf(" iip: %016lx ", regs->cr.iip); + printf(" ifa: %016lx ", regs->cr.ifa); + printf(" itir: %016lx\n", regs->cr.itir); + printf(" iipa: %016lx ", regs->cr.iipa); + printf(" ifs: %016lx ", regs->cr.ifs); + printf(" iim: %016lx\n", regs->cr.iim); + printf(" iha: %016lx ", regs->cr.iha); + printf(" lid: %016lx ", regs->cr.lid); + printf(" ivr: %016lx\n", regs->cr.ivr); + printf(" tpr: %016lx ", regs->cr.tpr); + printf(" eoi: %016lx ", regs->cr.eoi); + printf(" irr0: %016lx\n", regs->cr.irr[0]); + printf(" irr1: %016lx ", regs->cr.irr[1]); + printf(" irr2: %016lx ", regs->cr.irr[2]); + printf(" irr3: %016lx\n", regs->cr.irr[3]); + printf(" itv: %016lx ", regs->cr.itv); + printf(" pmv: %016lx ", regs->cr.pmv); + printf(" cmcv: %016lx\n", regs->cr.cmcv); + printf(" lrr0: %016lx ", regs->cr.lrr0); + printf(" lrr1: %016lx ", regs->cr.lrr1); + printf(" ev_cb:%016lx\n", ctx->event_callback_ip); + + } + if (disp_ar_regs) { + printf ("\n" + " AR:\n"); + printf(" kr0: %016lx ", regs->ar.kr[0]); + printf(" kr1: %016lx ", regs->ar.kr[1]); + printf(" kr2: %016lx\n", regs->ar.kr[2]); + printf(" kr3: %016lx ", regs->ar.kr[3]); + printf(" kr4: %016lx ", regs->ar.kr[4]); + printf(" kr5: %016lx\n", regs->ar.kr[5]); + printf(" kr6: %016lx ", regs->ar.kr[6]); + printf(" kr7: %016lx ", regs->ar.kr[7]); + printf(" rsc: %016lx\n", regs->ar.rsc); + printf(" bsp: %016lx ", regs->ar.bsp); + printf(" bsps: %016lx ", regs->ar.bspstore); + printf(" rnat: %016lx\n", regs->ar.rnat); + printf(" csd: %016lx ", regs->ar.csd); + printf(" ccv: %016lx ", regs->ar.ccv); + printf(" unat: %016lx\n", regs->ar.unat); + printf(" fpsr: %016lx ", regs->ar.fpsr); + printf(" itc: %016lx\n", regs->ar.itc); + printf(" pfs: %016lx ", regs->ar.pfs); + printf(" lc: %016lx ", regs->ar.lc); + printf(" ec: %016lx\n", regs->ar.ec); + } + printf("\n"); + printf(" r1: %016lx ", regs->r[1]); printf(" r2: %016lx ", regs->r[2]); printf(" r3: %016lx\n", regs->r[3]); printf(" r4: %016lx ", regs->r[4]); - printf(" r5: %016lx\n", regs->r[5]); - printf(" r6: %016lx ", regs->r[6]); - printf(" r7: %016lx\n", regs->r[7]); + printf(" r5: %016lx ", regs->r[5]); + printf(" r6: %016lx\n", regs->r[6]); + printf(" r7: %016lx ", regs->r[7]); printf(" r8: %016lx ", regs->r[8]); printf(" r9: %016lx\n", regs->r[9]); printf(" r10: %016lx ", regs->r[10]); - printf(" r11: %016lx\n", regs->r[11]); - printf(" sp: %016lx ", regs->r[12]); - printf(" tp: %016lx\n", regs->r[13]); + printf(" r11: %016lx ", regs->r[11]); + printf(" sp: %016lx\n", regs->r[12]); + printf(" tp: %016lx ", regs->r[13]); printf(" r14: %016lx ", regs->r[14]); printf(" r15: %016lx\n", regs->r[15]); - printf(" r16: %016lx ", regs->r[16]); - printf(" r17: %016lx\n", regs->r[17]); - printf(" r18: %016lx ", regs->r[18]); - printf(" r19: %016lx\n", regs->r[19]); - printf(" r20: %016lx ", regs->r[20]); - printf(" r21: %016lx\n", regs->r[21]); - printf(" r22: %016lx ", regs->r[22]); - printf(" r23: %016lx\n", regs->r[23]); - printf(" r24: %016lx ", regs->r[24]); - printf(" r25: %016lx\n", regs->r[25]); - printf(" r26: %016lx ", regs->r[26]); - printf(" r27: %016lx\n", regs->r[27]); - printf(" r28: %016lx ", regs->r[28]); - printf(" r29: %016lx\n", regs->r[29]); - printf(" r30: %016lx ", regs->r[30]); - printf(" r31: %016lx\n", regs->r[31]); - - printf("\n itr: P rid va pa ps ed pl " - "ar a d ma key\n"); - for (i = 0; i < 8; i++) { - ps_val = tr->itrs[i].itir >> ITIR_PS_SHIFT & ITIR_PS_MASK; - ma_val = tr->itrs[i].pte >> PTE_MA_SHIFT & PTE_MA_MASK; - pa = (tr->itrs[i].pte >> PTE_PPN_SHIFT & PTE_PPN_MASK) << - PTE_PPN_SHIFT; - pa = (pa >> ps_val) << ps_val; - printf(" [%d] %ld %06lx %016lx %013lx %02x %s %ld %ld %ld %ld " - "%ld %d %s %06lx\n", i, - tr->itrs[i].pte >> PTE_P_SHIFT & PTE_P_MASK, - tr->itrs[i].rid >> RR_RID_SHIFT & RR_RID_MASK, - tr->itrs[i].vadr, pa, ps_val, - ((ps_val >= ITIR_PS_MIN && ps_val <= ITIR_PS_MAX) ? - ps[ps_val - ITIR_PS_MIN] : " "), - tr->itrs[i].pte >> PTE_ED_SHIFT & PTE_ED_MASK, - tr->itrs[i].pte >> PTE_PL_SHIFT & PTE_PL_MASK, - tr->itrs[i].pte >> PTE_AR_SHIFT & PTE_AR_MASK, - tr->itrs[i].pte >> PTE_A_SHIFT & PTE_A_MASK, - tr->itrs[i].pte >> PTE_D_SHIFT & PTE_D_MASK, - ma_val, ma[ma_val], - tr->itrs[i].itir >> ITIR_KEY_SHIFT & ITIR_KEY_MASK); - } - printf("\n dtr: P rid va pa ps ed pl " - "ar a d ma key\n"); - for (i = 0; i < 8; i++) { - ps_val = tr->dtrs[i].itir >> ITIR_PS_SHIFT & ITIR_PS_MASK; - ma_val = tr->dtrs[i].pte >> PTE_MA_SHIFT & PTE_MA_MASK; - pa = (tr->dtrs[i].pte >> PTE_PPN_SHIFT & PTE_PPN_MASK) << - PTE_PPN_SHIFT; - pa = (pa >> ps_val) << ps_val; - printf(" [%d] %ld %06lx %016lx %013lx %02x %s %ld %ld %ld %ld " - "%ld %d %s %06lx\n", i, - tr->dtrs[i].pte >> PTE_P_SHIFT & PTE_P_MASK, - tr->dtrs[i].rid >> RR_RID_SHIFT & RR_RID_MASK, - tr->dtrs[i].vadr, pa, ps_val, - ((ps_val >= ITIR_PS_MIN && ps_val <= ITIR_PS_MAX) ? - ps[ps_val - ITIR_PS_MIN] : " "), - tr->dtrs[i].pte >> PTE_ED_SHIFT & PTE_ED_MASK, - tr->dtrs[i].pte >> PTE_PL_SHIFT & PTE_PL_MASK, - tr->dtrs[i].pte >> PTE_AR_SHIFT & PTE_AR_MASK, - tr->dtrs[i].pte >> PTE_A_SHIFT & PTE_A_MASK, - tr->dtrs[i].pte >> PTE_D_SHIFT & PTE_D_MASK, - ma_val, ma[ma_val], - tr->dtrs[i].itir >> ITIR_KEY_SHIFT & ITIR_KEY_MASK); + if (disp_bank_regs) { + printf(" Bank %d (current) Bank %d\n", + (regs->psr & PSR_BN) ? 1 : 0, (regs->psr & PSR_BN) ? 0 : 1); + printf ("16:%016lx ", regs->r[16]); + printf ("17:%016lx ", regs->r[17]); + printf ("16:%016lx ", regs->bank[0]); + printf ("17:%016lx\n", regs->bank[1]); + printf ("18:%016lx ", regs->r[18]); + printf ("19:%016lx ", regs->r[19]); + printf ("18:%016lx ", regs->bank[2]); + printf ("19:%016lx\n", regs->bank[3]); + printf ("20:%016lx ", regs->r[20]); + printf ("21:%016lx ", regs->r[21]); + printf ("20:%016lx ", regs->bank[4]); + printf ("21:%016lx\n", regs->bank[5]); + printf ("22:%016lx ", regs->r[22]); + printf ("23:%016lx ", regs->r[23]); + printf ("22:%016lx ", regs->bank[6]); + printf ("23:%016lx\n", regs->bank[7]); + printf ("24:%016lx ", regs->r[24]); + printf ("25:%016lx ", regs->r[25]); + printf ("24:%016lx ", regs->bank[8]); + printf ("25:%016lx\n", regs->bank[9]); + printf ("26:%016lx ", regs->r[26]); + printf ("27:%016lx ", regs->r[27]); + printf ("26:%016lx ", regs->bank[10]); + printf ("27:%016lx\n", regs->bank[11]); + printf ("28:%016lx ", regs->r[28]); + printf ("29:%016lx ", regs->r[29]); + printf ("28:%016lx ", regs->bank[12]); + printf ("29:%016lx\n", regs->bank[13]); + printf ("30:%016lx ", regs->r[30]); + printf ("31:%016lx ", regs->r[31]); + printf ("30:%016lx ", regs->bank[14]); + printf ("31:%016lx\n", regs->bank[15]); + } else { + printf(" r16: %016lx ", regs->r[16]); + printf(" r17: %016lx ", regs->r[17]); + printf(" r18: %016lx\n", regs->r[18]); + printf(" r19: %016lx ", regs->r[19]); + printf(" r20: %016lx ", regs->r[20]); + printf(" r21: %016lx\n", regs->r[21]); + printf(" r22: %016lx ", regs->r[22]); + printf(" r23: %016lx ", regs->r[23]); + printf(" r24: %016lx\n", regs->r[24]); + printf(" r25: %016lx ", regs->r[25]); + printf(" r26: %016lx ", regs->r[26]); + printf(" r27: %016lx\n", regs->r[27]); + printf(" r28: %016lx ", regs->r[28]); + printf(" r29: %016lx ", regs->r[29]); + printf(" r30: %016lx\n", regs->r[30]); + printf(" r31: %016lx\n", regs->r[31]); + } + + printf("\n"); + rbs_size = (regs->ar.bsp - regs->ar.bspstore) / 8; + cfm_sof = (regs->cfm & CFM_SOF_MASK); + for (i = 0; i < cfm_sof; i++) { + int off = cfm_sof - i; + unsigned int rbs_off = + (((62 - ((rbs_size + regs->rbs_voff) % 64) + off)) / 63) + off; + if (rbs_off > rbs_size) + break; + printf(" r%02d: %016lx%s", 32 + i, + regs->rbs[rbs_size - rbs_off], + (i % 3) != 2 ? " " : "\n"); + } + if ((i % 3) != 0) + printf ("\n"); + + if (disp_tlb) { + printf("\n itr: P rid va pa ps ed pl " + "ar a d ma key\n"); + for (i = 0; i < 8; i++) + print_tr(i, &tr->itrs[i]); + printf("\n dtr: P rid va pa ps ed pl " + "ar a d ma key\n"); + for (i = 0; i < 8; i++) + print_tr(i, &tr->dtrs[i]); } } #endif @@ -526,9 +633,16 @@ void dump_ctx(int vcpu) { int ret; vcpu_guest_context_t ctx; + xc_dominfo_t dominfo; xc_handle = xc_interface_open(); /* for accessing control interface */ + ret = xc_domain_getinfo(xc_handle, domid, 1, &dominfo); + if (ret < 0) { + perror("xc_domain_getinfo"); + exit(-1); + } + ret = xc_domain_pause(xc_handle, domid); if (ret < 0) { perror("xc_domain_pause"); @@ -537,7 +651,8 @@ void dump_ctx(int vcpu) ret = xc_vcpu_getcontext(xc_handle, domid, vcpu, &ctx); if (ret < 0) { - xc_domain_unpause(xc_handle, domid); + if (!dominfo.paused) + xc_domain_unpause(xc_handle, domid); perror("xc_vcpu_getcontext"); exit(-1); } @@ -548,10 +663,12 @@ void dump_ctx(int vcpu) print_stack(&ctx, vcpu); #endif - ret = xc_domain_unpause(xc_handle, domid); - if (ret < 0) { - perror("xc_domain_unpause"); - exit(-1); + if (!dominfo.paused) { + ret = xc_domain_unpause(xc_handle, domid); + if (ret < 0) { + perror("xc_domain_unpause"); + exit(-1); + } } xc_interface_close(xc_handle); @@ -574,16 +691,28 @@ void usage(void) printf(" -s SYMTAB, --symbol-table=SYMTAB\n"); printf(" read symbol table from SYMTAB.\n"); printf(" --stack-trace print a complete stack trace.\n"); +#ifdef __ia64__ + printf(" -r LIST, --regs=LIST display more registers.\n"); + printf(" -a --all same as --regs=tlb,cr,ar,br,bk\n"); +#endif } int main(int argc, char **argv) { int ch; - const char *sopts = "fs:h"; - const struct option lopts[] = { + static const char *sopts = "fs:h" +#ifdef __ia64__ + "ar:" +#endif + ; + static const struct option lopts[] = { {"stack-trace", 0, NULL, 'S'}, {"symbol-table", 1, NULL, 's'}, {"frame-pointers", 0, NULL, 'f'}, +#ifdef __ia64__ + {"regs", 1, NULL, 'r'}, + {"all", 0, NULL, 'a'}, +#endif {"help", 0, NULL, 'h'}, {0, 0, 0, 0} }; @@ -602,6 +731,39 @@ int main(int argc, char **argv) case 'S': stack_trace = 1; break; +#ifdef __ia64__ + case 'r': + { + char *r; + + r = strtok(optarg, ","); + while (r) { + if (strcmp (r, "cr") == 0) + disp_cr_regs = 1; + else if (strcmp (r, "ar") == 0) + disp_ar_regs = 1; + else if (strcmp (r, "br") == 0) + disp_br_regs = 1; + else if (strcmp (r, "bk") == 0) + disp_bank_regs = 1; + else if (strcmp (r, "tlb") == 0) + disp_tlb = 1; + else { + fprintf(stderr,"unknown register set %s\n", r); + exit(-1); + } + r = strtok(NULL, "'"); + } + } + break; + case 'a': + disp_cr_regs = 1; + disp_ar_regs = 1; + disp_br_regs = 1; + disp_bank_regs = 1; + disp_tlb = 1; + break; +#endif case 'h': usage(); exit(-1); diff -r c9720159b983 -r 9559ba7c80f9 unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h --- a/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h Mon Jul 16 14:20:16 2007 -0500 +++ b/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h Tue Jul 17 10:20:21 2007 +0100 @@ -107,4 +107,13 @@ extern char *kasprintf(gfp_t gfp, const #define __supported_pte_mask ((maddr_t)0) #endif +#if defined(_LINUX_NETDEVICE_H) && LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18) +#define netif_tx_lock_bh(dev) (spin_lock_bh(&(dev)->xmit_lock)) +#define netif_tx_unlock_bh(dev) (spin_unlock_bh(&(dev)->xmit_lock)) #endif + +#if defined(__LINUX_SEQLOCK_H) && !defined(DEFINE_SEQLOCK) +#define DEFINE_SEQLOCK(x) seqlock_t x = SEQLOCK_UNLOCKED +#endif + +#endif diff -r c9720159b983 -r 9559ba7c80f9 unmodified_drivers/linux-2.6/netfront/Kbuild --- a/unmodified_drivers/linux-2.6/netfront/Kbuild Mon Jul 16 14:20:16 2007 -0500 +++ b/unmodified_drivers/linux-2.6/netfront/Kbuild Tue Jul 17 10:20:21 2007 +0100 @@ -2,3 +2,4 @@ include $(M)/overrides.mk obj-m = xen-vnif.o xen-vnif-objs := netfront.o +xen-vnif-objs += accel.o diff -r c9720159b983 -r 9559ba7c80f9 xen/Makefile --- a/xen/Makefile Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/Makefile Tue Jul 17 10:20:21 2007 +0100 @@ -59,7 +59,6 @@ _clean: delete-unfresh-files $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) clean rm -f include/asm *.o $(TARGET)* *~ core rm -f include/asm-*/asm-offsets.h - rm -f include/xen/acm_policy.h .PHONY: _distclean _distclean: clean @@ -72,7 +71,6 @@ _distclean: clean $(TARGET): delete-unfresh-files build-headers $(MAKE) -C tools $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/compile.h - $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/acm_policy.h [ -e include/asm ] || ln -sf asm-$(TARGET_ARCH) include/asm $(MAKE) -f $(BASEDIR)/Rules.mk -C include $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) asm-offsets.s @@ -86,20 +84,6 @@ delete-unfresh-files: @if [ ! -r include/xen/compile.h -o -O include/xen/compile.h ]; then \ rm -f include/xen/compile.h; \ fi - -# acm_policy.h contains security policy for Xen -include/xen/acm_policy.h: - @(set -e; \ - echo "/*"; \ - echo " * DO NOT MODIFY."; \ - echo " *"; \ - echo " * This file was auto-generated by xen/Makefile $<"; \ - echo " *"; \ - echo " */"; \ - echo ""; \ - echo "#ifndef ACM_DEFAULT_SECURITY_POLICY"; \ - echo "#define ACM_DEFAULT_SECURITY_POLICY $(ACM_DEFAULT_SECURITY_POLICY)"; \ - echo "#endif") >$@ # compile.h contains dynamic build info. Rebuilt on every 'make' invocation. include/xen/compile.h: include/xen/compile.h.in diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/Makefile --- a/xen/arch/ia64/Makefile Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/Makefile Tue Jul 17 10:20:21 2007 +0100 @@ -27,7 +27,6 @@ subdir-y += linux-xen > $(BASEDIR)/System.map # Headers do not depend on auto-generated header, but object files do. -HDRS := $(subst $(BASEDIR)/include/asm-ia64/asm-xsi-offsets.h,,$(HDRS)) $(ALL_OBJS): $(BASEDIR)/include/asm-ia64/asm-xsi-offsets.h asm-offsets.s: asm-offsets.c $(BASEDIR)/include/asm-ia64/.offsets.h.stamp @@ -58,6 +57,7 @@ asm-xsi-offsets.s: asm-xsi-offsets.c $(H || ln -sf $(BASEDIR)/include/xen $(BASEDIR)/include/linux [ -e $(BASEDIR)/include/asm-ia64/xen ] \ || ln -sf $(BASEDIR)/include/asm-ia64/linux $(BASEDIR)/include/asm-ia64/xen + touch $@ # I'm sure a Makefile wizard would know a better way to do this xen.lds.s: xen/xen.lds.S $(HDRS) diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/Rules.mk --- a/xen/arch/ia64/Rules.mk Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/Rules.mk Tue Jul 17 10:20:21 2007 +0100 @@ -69,3 +69,5 @@ HDRS += $(wildcard $(BASEDIR)/include/as HDRS += $(wildcard $(BASEDIR)/include/asm-ia64/linux/asm/*.h) HDRS += $(wildcard $(BASEDIR)/include/asm-ia64/linux/byteorder/*.h) HDRS += $(wildcard $(BASEDIR)/include/asm-ia64/hvm/*.h) + +HDRS := $(filter-out %/include/asm-ia64/asm-xsi-offsets.h,$(HDRS)) diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/linux-xen/efi.c --- a/xen/arch/ia64/linux-xen/efi.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/linux-xen/efi.c Tue Jul 17 10:20:21 2007 +0100 @@ -1013,12 +1013,9 @@ efi_memmap_init(unsigned long *s, unsign continue; } #ifdef XEN -// this works around a problem in the ski bootloader -{ - extern long running_on_sim; + /* this works around a problem in the ski bootloader */ if (running_on_sim && md->type != EFI_CONVENTIONAL_MEMORY) continue; -} #endif if (pmd == NULL || !efi_wb(pmd) || efi_md_end(pmd) != md->phys_addr) { contig_low = GRANULEROUNDUP(md->phys_addr); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/linux-xen/perfmon.c --- a/xen/arch/ia64/linux-xen/perfmon.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/linux-xen/perfmon.c Tue Jul 17 10:20:21 2007 +0100 @@ -7729,7 +7729,7 @@ do_perfmon_op(unsigned long cmd, { unsigned long error = 0; - if (!NONPRIV_OP(cmd) && current->domain != xenoprof_primary_profiler) { + if (!NONPRIV_OP(cmd) && current->domain->domain_id !=0) { gdprintk(XENLOG_INFO, "xen perfmon: " "dom %d denied privileged operation %ld\n", current->domain->domain_id, cmd); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/linux-xen/sn/kernel/irq.c --- a/xen/arch/ia64/linux-xen/sn/kernel/irq.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/linux-xen/sn/kernel/irq.c Tue Jul 17 10:20:21 2007 +0100 @@ -27,6 +27,7 @@ #include <asm/sn/sn_sal.h> #ifdef XEN +#define pci_dev_get(dev) do {} while(0) #define move_native_irq(foo) do {} while(0) #endif @@ -264,7 +265,6 @@ void sn_irq_init(void) } } -#ifndef XEN static void register_intr_pda(struct sn_irq_info *sn_irq_info) { int irq = sn_irq_info->irq_irq; @@ -278,6 +278,7 @@ static void register_intr_pda(struct sn_ pdacpu(cpu)->sn_first_irq = irq; } +#ifndef XEN static void unregister_intr_pda(struct sn_irq_info *sn_irq_info) { int irq = sn_irq_info->irq_irq; @@ -339,9 +340,7 @@ static void unregister_intr_pda(struct s spin_unlock(&sn_irq_info_lock); #endif } -#endif /* XEN */ - -#ifndef XEN + static void sn_irq_info_free(struct rcu_head *head) { struct sn_irq_info *sn_irq_info; @@ -351,7 +350,6 @@ static void sn_irq_info_free(struct rcu_ } #endif -#ifndef XEN void sn_irq_fixup(struct pci_dev *pci_dev, struct sn_irq_info *sn_irq_info) { nasid_t nasid = sn_irq_info->irq_nasid; @@ -360,7 +358,9 @@ void sn_irq_fixup(struct pci_dev *pci_de pci_dev_get(pci_dev); sn_irq_info->irq_cpuid = cpu; +#ifndef XEN sn_irq_info->irq_pciioinfo = SN_PCIDEV_INFO(pci_dev); +#endif /* link it into the sn_irq[irq] list */ spin_lock(&sn_irq_info_lock); @@ -379,6 +379,7 @@ void sn_irq_fixup(struct pci_dev *pci_de void sn_irq_unfixup(struct pci_dev *pci_dev) { +#ifndef XEN struct sn_irq_info *sn_irq_info; /* Only cleanup IRQ stuff if this device has a host bus context */ @@ -408,8 +409,8 @@ void sn_irq_unfixup(struct pci_dev *pci_ #endif pci_dev_put(pci_dev); -} -#endif +#endif +} static inline void sn_call_force_intr_provider(struct sn_irq_info *sn_irq_info) diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/linux-xen/sn/kernel/sn2_smp.c --- a/xen/arch/ia64/linux-xen/sn/kernel/sn2_smp.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/linux-xen/sn/kernel/sn2_smp.c Tue Jul 17 10:20:21 2007 +0100 @@ -160,21 +160,97 @@ void sn_tlb_migrate_finish(struct mm_str // static cpumask_t mask_all = CPU_MASK_ALL; #endif +#ifdef XEN +static DEFINE_SPINLOCK(sn2_ptcg_lock); + +struct sn_flush_struct { + unsigned long start; + unsigned long end; + unsigned long nbits; +}; + +static void sn_flush_ptcga_cpu(void *ptr) +{ + struct sn_flush_struct *sn_flush = ptr; + unsigned long start, end, nbits; + + start = sn_flush->start; + end = sn_flush->end; + nbits = sn_flush->nbits; + + /* + * Contention me harder!!! + */ + /* HW requires global serialization of ptc.ga. */ + spin_lock(&sn2_ptcg_lock); + { + do { + /* + * Flush ALAT entries also. + */ + ia64_ptcga(start, (nbits<<2)); + ia64_srlz_i(); + start += (1UL << nbits); + } while (start < end); + } + spin_unlock(&sn2_ptcg_lock); +} + void -#ifndef XEN +sn2_global_tlb_purge(unsigned long start, + unsigned long end, unsigned long nbits) +{ + nodemask_t nodes_flushed; + cpumask_t selected_cpus; + int cpu, cnode, i; + static DEFINE_SPINLOCK(sn2_ptcg_lock2); + + nodes_clear(nodes_flushed); + cpus_clear(selected_cpus); + + spin_lock(&sn2_ptcg_lock2); + node_set(cpu_to_node(smp_processor_id()), nodes_flushed); + i = 0; + for_each_cpu(cpu) { + cnode = cpu_to_node(cpu); + if (!node_isset(cnode, nodes_flushed)) { + cpu_set(cpu, selected_cpus); + i++; + } + node_set(cnode, nodes_flushed); + } + + /* HW requires global serialization of ptc.ga. */ + spin_lock(&sn2_ptcg_lock); + { + do { + /* + * Flush ALAT entries also. + */ + ia64_ptcga(start, (nbits<<2)); + ia64_srlz_i(); + start += (1UL << nbits); + } while (start < end); + } + spin_unlock(&sn2_ptcg_lock); + + if (i) { + struct sn_flush_struct flush_data; + flush_data.start = start; + flush_data.end = end; + flush_data.nbits = nbits; + on_selected_cpus(selected_cpus, sn_flush_ptcga_cpu, + &flush_data, 1, 1); + } + spin_unlock(&sn2_ptcg_lock2); +} +#else +void sn2_global_tlb_purge(struct mm_struct *mm, unsigned long start, -#else -sn2_global_tlb_purge(unsigned long start, -#endif unsigned long end, unsigned long nbits) { int i, ibegin, shub1, cnode, mynasid, cpu, lcpu = 0, nasid; -#ifndef XEN int mymm = (mm == current->active_mm && mm == current->mm); -#else - // struct mm_struct *mm; - int mymm = 0; -#endif int use_cpu_ptcga; volatile unsigned long *ptc0, *ptc1; unsigned long itc, itc2, flags, data0 = 0, data1 = 0, rr_value, old_rr = 0; @@ -206,6 +282,7 @@ sn2_global_tlb_purge(unsigned long start preempt_disable(); +#ifndef XEN if (likely(i == 1 && lcpu == smp_processor_id() && mymm)) { do { ia64_ptcl(start, nbits << 2); @@ -217,13 +294,8 @@ sn2_global_tlb_purge(unsigned long start return; } -#ifndef XEN if (atomic_read(&mm->mm_users) == 1 && mymm) { -#ifndef XEN /* I hate Xen! */ flush_tlb_mm(mm); -#else - flush_tlb_mask(mask_all); -#endif __get_cpu_var(ptcstats).change_rid++; preempt_enable(); return; @@ -335,6 +407,7 @@ sn2_global_tlb_purge(unsigned long start preempt_enable(); } +#endif /* * sn2_ptc_deadlock_recovery diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/Makefile --- a/xen/arch/ia64/vmx/Makefile Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/Makefile Tue Jul 17 10:20:21 2007 +0100 @@ -10,7 +10,7 @@ obj-y += vmx_interrupt.o obj-y += vmx_interrupt.o obj-y += vmx_ivt.o obj-y += vmx_phy_mode.o -obj-y += vmx_process.o +obj-y += vmx_fault.o obj-y += vmx_support.o obj-y += vmx_utility.o obj-y += vmx_vcpu.o diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/mmio.c --- a/xen/arch/ia64/vmx/mmio.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/mmio.c Tue Jul 17 10:20:21 2007 +0100 @@ -200,6 +200,21 @@ static inline void set_os_type(VCPU *v, if (type > OS_BASE && type < OS_END) { v->domain->arch.vmx_platform.gos_type = type; gdprintk(XENLOG_INFO, "Guest OS : %s\n", guest_os_name[type - OS_BASE]); + + if (GOS_WINDOWS(v)) { + struct xen_ia64_opt_feature optf; + + /* Windows identity maps regions 4 & 5 */ + optf.cmd = XEN_IA64_OPTF_IDENT_MAP_REG4; + optf.on = XEN_IA64_OPTF_ON; + optf.pgprot = (_PAGE_P|_PAGE_A|_PAGE_D|_PAGE_MA_WB|_PAGE_AR_RW); + optf.key = 0; + domain_opt_feature(&optf); + + optf.cmd = XEN_IA64_OPTF_IDENT_MAP_REG5; + optf.pgprot = (_PAGE_P|_PAGE_A|_PAGE_D|_PAGE_MA_UC|_PAGE_AR_RW); + domain_opt_feature(&optf); + } } } diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmmu.c --- a/xen/arch/ia64/vmx/vmmu.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/vmmu.c Tue Jul 17 10:20:21 2007 +0100 @@ -540,8 +540,7 @@ IA64FAULT vmx_vcpu_ptc_e(VCPU *vcpu, u64 IA64FAULT vmx_vcpu_ptc_g(VCPU *vcpu, u64 va, u64 ps) { - vmx_vcpu_ptc_ga(vcpu, va, ps); - return IA64_ILLOP_FAULT; + return vmx_vcpu_ptc_ga(vcpu, va, ps); } /* IA64FAULT vmx_vcpu_ptc_ga(VCPU *vcpu, u64 va, u64 ps) diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmx_fault.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/arch/ia64/vmx/vmx_fault.c Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,524 @@ +/* -*- Mode:C; c-basic-offset:4; tab-width:4; indent-tabs-mode:nil -*- */ +/* + * vmx_fault.c: handling VMX architecture-related VM exits + * Copyright (c) 2005, Intel Corporation. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms and conditions of the GNU General Public License, + * version 2, as published by the Free Software Foundation. + * + * This program is distributed in the hope it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 59 Temple + * Place - Suite 330, Boston, MA 02111-1307 USA. + * + * Xiaoyan Feng (Fleming Feng) <fleming.feng@xxxxxxxxx> + * Xuefei Xu (Anthony Xu) (Anthony.xu@xxxxxxxxx) + */ + +#include <xen/config.h> +#include <xen/lib.h> +#include <xen/errno.h> +#include <xen/sched.h> +#include <xen/smp.h> +#include <asm/ptrace.h> +#include <xen/delay.h> + +#include <linux/efi.h> /* FOR EFI_UNIMPLEMENTED */ +#include <asm/sal.h> /* FOR struct ia64_sal_retval */ + +#include <asm/system.h> +#include <asm/io.h> +#include <asm/processor.h> +#include <asm/desc.h> +#include <asm/vlsapic.h> +#include <xen/irq.h> +#include <xen/event.h> +#include <asm/regionreg.h> +#include <asm/privop.h> +#include <asm/ia64_int.h> +#include <asm/debugger.h> +//#include <asm/hpsim_ssc.h> +#include <asm/dom_fw.h> +#include <asm/vmx_vcpu.h> +#include <asm/kregs.h> +#include <asm/vmx.h> +#include <asm/vmmu.h> +#include <asm/vmx_mm_def.h> +#include <asm/vmx_phy_mode.h> +#include <xen/mm.h> +#include <asm/vmx_pal.h> +/* reset all PSR field to 0, except up,mfl,mfh,pk,dt,rt,mc,it */ +#define INITIAL_PSR_VALUE_AT_INTERRUPTION 0x0000001808028034 + + +extern void die_if_kernel(char *str, struct pt_regs *regs, long err); +extern void rnat_consumption (VCPU *vcpu); +extern void alt_itlb (VCPU *vcpu, u64 vadr); +extern void itlb_fault (VCPU *vcpu, u64 vadr); +extern void ivhpt_fault (VCPU *vcpu, u64 vadr); +extern unsigned long handle_fpu_swa (int fp_fault, struct pt_regs *regs, unsigned long isr); + +#define DOMN_PAL_REQUEST 0x110000 +#define DOMN_SAL_REQUEST 0x110001 + +static u64 vec2off[68] = {0x0,0x400,0x800,0xc00,0x1000,0x1400,0x1800, + 0x1c00,0x2000,0x2400,0x2800,0x2c00,0x3000,0x3400,0x3800,0x3c00,0x4000, + 0x4400,0x4800,0x4c00,0x5000,0x5100,0x5200,0x5300,0x5400,0x5500,0x5600, + 0x5700,0x5800,0x5900,0x5a00,0x5b00,0x5c00,0x5d00,0x5e00,0x5f00,0x6000, + 0x6100,0x6200,0x6300,0x6400,0x6500,0x6600,0x6700,0x6800,0x6900,0x6a00, + 0x6b00,0x6c00,0x6d00,0x6e00,0x6f00,0x7000,0x7100,0x7200,0x7300,0x7400, + 0x7500,0x7600,0x7700,0x7800,0x7900,0x7a00,0x7b00,0x7c00,0x7d00,0x7e00, + 0x7f00 +}; + + + +void vmx_reflect_interruption(u64 ifa, u64 isr, u64 iim, + u64 vec, REGS *regs) +{ + u64 status, vector; + VCPU *vcpu = current; + u64 vpsr = VCPU(vcpu, vpsr); + + vector = vec2off[vec]; + + switch (vec) { + case 5: // IA64_DATA_NESTED_TLB_VECTOR + break; + case 22: // IA64_INST_ACCESS_RIGHTS_VECTOR + if (!(vpsr & IA64_PSR_IC)) + goto nested_fault; + if (vhpt_access_rights_fixup(vcpu, ifa, 0)) + return; + break; + + case 25: // IA64_DISABLED_FPREG_VECTOR + if (!(vpsr & IA64_PSR_IC)) + goto nested_fault; + if (FP_PSR(vcpu) & IA64_PSR_DFH) { + FP_PSR(vcpu) = IA64_PSR_MFH; + if (__ia64_per_cpu_var(fp_owner) != vcpu) + __ia64_load_fpu(vcpu->arch._thread.fph); + } + if (!(VCPU(vcpu, vpsr) & IA64_PSR_DFH)) { + regs->cr_ipsr &= ~IA64_PSR_DFH; + return; + } + + break; + + case 32: // IA64_FP_FAULT_VECTOR + if (!(vpsr & IA64_PSR_IC)) + goto nested_fault; + // handle fpswa emulation + // fp fault + status = handle_fpu_swa(1, regs, isr); + if (!status) { + vcpu_increment_iip(vcpu); + return; + } else if (IA64_RETRY == status) + return; + break; + + case 33: // IA64_FP_TRAP_VECTOR + if (!(vpsr & IA64_PSR_IC)) + goto nested_fault; + //fp trap + status = handle_fpu_swa(0, regs, isr); + if (!status) + return; + else if (IA64_RETRY == status) { + vcpu_decrement_iip(vcpu); + return; + } + break; + + case 29: // IA64_DEBUG_VECTOR + case 35: // IA64_TAKEN_BRANCH_TRAP_VECTOR + case 36: // IA64_SINGLE_STEP_TRAP_VECTOR + if (vmx_guest_kernel_mode(regs) + && current->domain->debugger_attached) { + domain_pause_for_debugger(); + return; + } + if (!(vpsr & IA64_PSR_IC)) + goto nested_fault; + break; + + default: + if (!(vpsr & IA64_PSR_IC)) + goto nested_fault; + break; + } + VCPU(vcpu,isr)=isr; + VCPU(vcpu,iipa) = regs->cr_iip; + if (vector == IA64_BREAK_VECTOR || vector == IA64_SPECULATION_VECTOR) + VCPU(vcpu,iim) = iim; + else { + set_ifa_itir_iha(vcpu,ifa,1,1,1); + } + inject_guest_interruption(vcpu, vector); + return; + + nested_fault: + panic_domain(regs, "Guest nested fault vector=%lx!\n", vector); +} + + +IA64FAULT +vmx_ia64_handle_break (unsigned long ifa, struct pt_regs *regs, unsigned long isr, unsigned long iim) +{ + struct domain *d = current->domain; + struct vcpu *v = current; + + perfc_incr(vmx_ia64_handle_break); +#ifdef CRASH_DEBUG + if ((iim == 0 || iim == CDB_BREAK_NUM) && !guest_mode(regs) && + IS_VMM_ADDRESS(regs->cr_iip)) { + if (iim == 0) + show_registers(regs); + debugger_trap_fatal(0 /* don't care */, regs); + } else +#endif + { + if (iim == 0) + vmx_die_if_kernel("Break 0 in Hypervisor.", regs, iim); + + if (ia64_psr(regs)->cpl == 0) { + /* Allow hypercalls only when cpl = 0. */ + if (iim == d->arch.breakimm) { + ia64_hypercall(regs); + vcpu_increment_iip(v); + return IA64_NO_FAULT; + } + else if(iim == DOMN_PAL_REQUEST){ + pal_emul(v); + vcpu_increment_iip(v); + return IA64_NO_FAULT; + }else if(iim == DOMN_SAL_REQUEST){ + sal_emul(v); + vcpu_increment_iip(v); + return IA64_NO_FAULT; + } + } + vmx_reflect_interruption(ifa,isr,iim,11,regs); + } + return IA64_NO_FAULT; +} + + +void save_banked_regs_to_vpd(VCPU *v, REGS *regs) +{ + unsigned long i=0UL, * src,* dst, *sunat, *dunat; + IA64_PSR vpsr; + src=&regs->r16; + sunat=&regs->eml_unat; + vpsr.val = VCPU(v, vpsr); + if(vpsr.bn){ + dst = &VCPU(v, vgr[0]); + dunat =&VCPU(v, vnat); + __asm__ __volatile__ (";;extr.u %0 = %1,%4,16;; \ + dep %2 = %0, %2, 0, 16;; \ + st8 [%3] = %2;;" + ::"r"(i),"r"(*sunat),"r"(*dunat),"r"(dunat),"i"(IA64_PT_REGS_R16_SLOT):"memory"); + + }else{ + dst = &VCPU(v, vbgr[0]); +// dunat =&VCPU(v, vbnat); +// __asm__ __volatile__ (";;extr.u %0 = %1,%4,16;; +// dep %2 = %0, %2, 16, 16;; +// st8 [%3] = %2;;" +// ::"r"(i),"r"(*sunat),"r"(*dunat),"r"(dunat),"i"(IA64_PT_REGS_R16_SLOT):"memory"); + + } + for(i=0; i<16; i++) + *dst++ = *src++; +} + + +// ONLY gets called from ia64_leave_kernel +// ONLY call with interrupts disabled?? (else might miss one?) +// NEVER successful if already reflecting a trap/fault because psr.i==0 +void leave_hypervisor_tail(void) +{ + struct domain *d = current->domain; + struct vcpu *v = current; + + // FIXME: Will this work properly if doing an RFI??? + if (!is_idle_domain(d) ) { // always comes from guest +// struct pt_regs *user_regs = vcpu_regs(current); + local_irq_enable(); + do_softirq(); + local_irq_disable(); + + if (v->vcpu_id == 0) { + unsigned long callback_irq = + d->arch.hvm_domain.params[HVM_PARAM_CALLBACK_IRQ]; + + if ( v->arch.arch_vmx.pal_init_pending ) { + /*inject INIT interruption to guest pal*/ + v->arch.arch_vmx.pal_init_pending = 0; + deliver_pal_init(v); + return; + } + + /* + * val[63:56] == 1: val[55:0] is a delivery PCI INTx line: + * Domain = val[47:32], Bus = val[31:16], + * DevFn = val[15: 8], IntX = val[ 1: 0] + * val[63:56] == 0: val[55:0] is a delivery as GSI + */ + if (callback_irq != 0 && local_events_need_delivery()) { + /* change level for para-device callback irq */ + /* use level irq to send discrete event */ + if ((uint8_t)(callback_irq >> 56) == 1) { + /* case of using PCI INTx line as callback irq */ + int pdev = (callback_irq >> 11) & 0x1f; + int pintx = callback_irq & 3; + viosapic_set_pci_irq(d, pdev, pintx, 1); + viosapic_set_pci_irq(d, pdev, pintx, 0); + } else { + /* case of using GSI as callback irq */ + viosapic_set_irq(d, callback_irq, 1); + viosapic_set_irq(d, callback_irq, 0); + } + } + } + + rmb(); + if (xchg(&v->arch.irq_new_pending, 0)) { + v->arch.irq_new_condition = 0; + vmx_check_pending_irq(v); + return; + } + + if (v->arch.irq_new_condition) { + v->arch.irq_new_condition = 0; + vhpi_detection(v); + } + } +} + +extern ia64_rr vmx_vcpu_rr(VCPU *vcpu, u64 vadr); + +static int vmx_handle_lds(REGS* regs) +{ + regs->cr_ipsr |=IA64_PSR_ED; + return IA64_FAULT; +} + +/* We came here because the H/W VHPT walker failed to find an entry */ +IA64FAULT +vmx_hpw_miss(u64 vadr, u64 vec, REGS* regs) +{ + IA64_PSR vpsr; + int type; + u64 vhpt_adr, gppa, pteval, rr, itir; + ISR misr; + PTA vpta; + thash_data_t *data; + VCPU *v = current; + + vpsr.val = VCPU(v, vpsr); + misr.val = VMX(v,cr_isr); + + if (vec == 1) + type = ISIDE_TLB; + else if (vec == 2) + type = DSIDE_TLB; + else + panic_domain(regs, "wrong vec:%lx\n", vec); + + /* Physical mode and region is 0 or 4. */ + if (is_physical_mode(v) && (!((vadr<<1)>>62))) { + if (vec == 2) { + /* DTLB miss. */ + if (misr.sp) /* Refer to SDM Vol2 Table 4-11,4-12 */ + return vmx_handle_lds(regs); + if (v->domain != dom0 + && __gpfn_is_io(v->domain, (vadr << 1) >> (PAGE_SHIFT + 1))) { + emulate_io_inst(v, ((vadr<<1)>>1),4); // UC + return IA64_FAULT; + } + } + physical_tlb_miss(v, vadr, type); + return IA64_FAULT; + } + +try_again: + if ((data=vtlb_lookup(v, vadr,type)) != 0) { + if (v->domain != dom0 && type == DSIDE_TLB) { + if (misr.sp) { /* Refer to SDM Vol2 Table 4-10,4-12 */ + if ((data->ma == VA_MATTR_UC) || (data->ma == VA_MATTR_UCE)) + return vmx_handle_lds(regs); + } + gppa = (vadr & ((1UL << data->ps) - 1)) + + (data->ppn >> (data->ps - 12) << data->ps); + if (__gpfn_is_io(v->domain, gppa >> PAGE_SHIFT)) { + if (misr.sp) + panic_domain(NULL, "ld.s on I/O page not with UC attr." + " pte=0x%lx\n", data->page_flags); + if (data->pl >= ((regs->cr_ipsr >> IA64_PSR_CPL0_BIT) & 3)) + emulate_io_inst(v, gppa, data->ma); + else { + vcpu_set_isr(v, misr.val); + data_access_rights(v, vadr); + } + return IA64_FAULT; + } + } + thash_vhpt_insert(v, data->page_flags, data->itir, vadr, type); + + } else if (type == DSIDE_TLB) { + struct opt_feature* optf = &(v->domain->arch.opt_feature); + + if (misr.sp) + return vmx_handle_lds(regs); + + vcpu_get_rr(v, vadr, &rr); + itir = rr & (RR_RID_MASK | RR_PS_MASK); + + if (!vhpt_enabled(v, vadr, misr.rs ? RSE_REF : DATA_REF)) { + /* windows use region 4 and 5 for identity mapping */ + if (optf->mask & XEN_IA64_OPTF_IDENT_MAP_REG4 && + REGION_NUMBER(vadr) == 4 && !(regs->cr_ipsr & IA64_PSR_CPL) && + REGION_OFFSET(vadr) <= _PAGE_PPN_MASK) { + + pteval = PAGEALIGN(REGION_OFFSET(vadr), itir_ps(itir)) | + optf->im_reg4.pgprot; + if (thash_purge_and_insert(v, pteval, itir, vadr, type)) + goto try_again; + return IA64_NO_FAULT; + } + if (optf->mask & XEN_IA64_OPTF_IDENT_MAP_REG5 && + REGION_NUMBER(vadr) == 5 && !(regs->cr_ipsr & IA64_PSR_CPL) && + REGION_OFFSET(vadr) <= _PAGE_PPN_MASK) { + + pteval = PAGEALIGN(REGION_OFFSET(vadr), itir_ps(itir)) | + optf->im_reg5.pgprot; + if (thash_purge_and_insert(v, pteval, itir, vadr, type)) + goto try_again; + return IA64_NO_FAULT; + } + if (vpsr.ic) { + vcpu_set_isr(v, misr.val); + alt_dtlb(v, vadr); + return IA64_FAULT; + } else { + nested_dtlb(v); + return IA64_FAULT; + } + } + + vpta.val = vmx_vcpu_get_pta(v); + if (vpta.vf) { + /* Long format is not yet supported. */ + if (vpsr.ic) { + vcpu_set_isr(v, misr.val); + dtlb_fault(v, vadr); + return IA64_FAULT; + } else { + nested_dtlb(v); + return IA64_FAULT; + } + } + + /* avoid recursively walking (short format) VHPT */ + if (!(optf->mask & XEN_IA64_OPTF_IDENT_MAP_REG4) && + !(optf->mask & XEN_IA64_OPTF_IDENT_MAP_REG5) && + (((vadr ^ vpta.val) << 3) >> (vpta.size + 3)) == 0) { + + if (vpsr.ic) { + vcpu_set_isr(v, misr.val); + dtlb_fault(v, vadr); + return IA64_FAULT; + } else { + nested_dtlb(v); + return IA64_FAULT; + } + } + + vhpt_adr = vmx_vcpu_thash(v, vadr); + if (!guest_vhpt_lookup(vhpt_adr, &pteval)) { + /* VHPT successfully read. */ + if (!(pteval & _PAGE_P)) { + if (vpsr.ic) { + vcpu_set_isr(v, misr.val); + dtlb_fault(v, vadr); + return IA64_FAULT; + } else { + nested_dtlb(v); + return IA64_FAULT; + } + } else if ((pteval & _PAGE_MA_MASK) != _PAGE_MA_ST) { + thash_purge_and_insert(v, pteval, itir, vadr, DSIDE_TLB); + return IA64_NO_FAULT; + } else if (vpsr.ic) { + vcpu_set_isr(v, misr.val); + dtlb_fault(v, vadr); + return IA64_FAULT; + } else { + nested_dtlb(v); + return IA64_FAULT; + } + } else { + /* Can't read VHPT. */ + if (vpsr.ic) { + vcpu_set_isr(v, misr.val); + dvhpt_fault(v, vadr); + return IA64_FAULT; + } else { + nested_dtlb(v); + return IA64_FAULT; + } + } + } else if (type == ISIDE_TLB) { + + if (!vpsr.ic) + misr.ni = 1; + if (!vhpt_enabled(v, vadr, INST_REF)) { + vcpu_set_isr(v, misr.val); + alt_itlb(v, vadr); + return IA64_FAULT; + } + + vpta.val = vmx_vcpu_get_pta(v); + if (vpta.vf) { + /* Long format is not yet supported. */ + vcpu_set_isr(v, misr.val); + itlb_fault(v, vadr); + return IA64_FAULT; + } + + + vhpt_adr = vmx_vcpu_thash(v, vadr); + if (!guest_vhpt_lookup(vhpt_adr, &pteval)) { + /* VHPT successfully read. */ + if (pteval & _PAGE_P) { + if ((pteval & _PAGE_MA_MASK) == _PAGE_MA_ST) { + vcpu_set_isr(v, misr.val); + itlb_fault(v, vadr); + return IA64_FAULT; + } + vcpu_get_rr(v, vadr, &rr); + itir = rr & (RR_RID_MASK | RR_PS_MASK); + thash_purge_and_insert(v, pteval, itir, vadr, ISIDE_TLB); + return IA64_NO_FAULT; + } else { + vcpu_set_isr(v, misr.val); + inst_page_not_present(v, vadr); + return IA64_FAULT; + } + } else { + vcpu_set_isr(v, misr.val); + ivhpt_fault(v, vadr); + return IA64_FAULT; + } + } + return IA64_NO_FAULT; +} diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmx_init.c --- a/xen/arch/ia64/vmx/vmx_init.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/vmx_init.c Tue Jul 17 10:20:21 2007 +0100 @@ -283,9 +283,13 @@ static void vmx_create_event_channels(st } } +/* + * Event channel has destoryed in domain_kill(), so we needn't + * do anything here + */ static void vmx_release_assist_channel(struct vcpu *v) { - free_xen_event_channel(v, v->arch.arch_vmx.xen_port); + return; } /* diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmx_ivt.S --- a/xen/arch/ia64/vmx/vmx_ivt.S Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/vmx_ivt.S Tue Jul 17 10:20:21 2007 +0100 @@ -1001,7 +1001,7 @@ END(vmx_speculation_vector) // 0x5900 Entry 29 (size 16 bundles) Debug (16,28,56) ENTRY(vmx_debug_vector) VMX_DBG_FAULT(29) - VMX_FAULT(29) + VMX_REFLECT(29) END(vmx_debug_vector) .org vmx_ia64_ivt+0x5a00 diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmx_minstate.h --- a/xen/arch/ia64/vmx/vmx_minstate.h Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/vmx_minstate.h Tue Jul 17 10:20:21 2007 +0100 @@ -124,9 +124,9 @@ ;; \ tbit.z p6,p0=r29,IA64_PSR_VM_BIT; \ ;; \ - tbit.nz.or p6,p0 = r18,39; \ + tbit.nz.or p6,p0 = r18,IA64_ISR_NI_BIT; \ ;; \ -(p6) br.sptk.few vmx_panic; \ +(p6) br.spnt.few vmx_panic; \ tbit.z p0,p15=r29,IA64_PSR_I_BIT; \ mov r1=r16; \ /* mov r21=r16; */ \ diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmx_process.c --- a/xen/arch/ia64/vmx/vmx_process.c Mon Jul 16 14:20:16 2007 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,503 +0,0 @@ -/* -*- Mode:C; c-basic-offset:4; tab-width:4; indent-tabs-mode:nil -*- */ -/* - * vmx_process.c: handling VMX architecture-related VM exits - * Copyright (c) 2005, Intel Corporation. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms and conditions of the GNU General Public License, - * version 2, as published by the Free Software Foundation. - * - * This program is distributed in the hope it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place - Suite 330, Boston, MA 02111-1307 USA. - * - * Xiaoyan Feng (Fleming Feng) <fleming.feng@xxxxxxxxx> - * Xuefei Xu (Anthony Xu) (Anthony.xu@xxxxxxxxx) - */ - -#include <xen/config.h> -#include <xen/lib.h> -#include <xen/errno.h> -#include <xen/sched.h> -#include <xen/smp.h> -#include <asm/ptrace.h> -#include <xen/delay.h> - -#include <linux/efi.h> /* FOR EFI_UNIMPLEMENTED */ -#include <asm/sal.h> /* FOR struct ia64_sal_retval */ - -#include <asm/system.h> -#include <asm/io.h> -#include <asm/processor.h> -#include <asm/desc.h> -#include <asm/vlsapic.h> -#include <xen/irq.h> -#include <xen/event.h> -#include <asm/regionreg.h> -#include <asm/privop.h> -#include <asm/ia64_int.h> -#include <asm/debugger.h> -//#include <asm/hpsim_ssc.h> -#include <asm/dom_fw.h> -#include <asm/vmx_vcpu.h> -#include <asm/kregs.h> -#include <asm/vmx.h> -#include <asm/vmmu.h> -#include <asm/vmx_mm_def.h> -#include <asm/vmx_phy_mode.h> -#include <xen/mm.h> -#include <asm/vmx_pal.h> -/* reset all PSR field to 0, except up,mfl,mfh,pk,dt,rt,mc,it */ -#define INITIAL_PSR_VALUE_AT_INTERRUPTION 0x0000001808028034 - - -extern void die_if_kernel(char *str, struct pt_regs *regs, long err); -extern void rnat_consumption (VCPU *vcpu); -extern void alt_itlb (VCPU *vcpu, u64 vadr); -extern void itlb_fault (VCPU *vcpu, u64 vadr); -extern void ivhpt_fault (VCPU *vcpu, u64 vadr); -extern unsigned long handle_fpu_swa (int fp_fault, struct pt_regs *regs, unsigned long isr); - -#define DOMN_PAL_REQUEST 0x110000 -#define DOMN_SAL_REQUEST 0x110001 - -static u64 vec2off[68] = {0x0,0x400,0x800,0xc00,0x1000,0x1400,0x1800, - 0x1c00,0x2000,0x2400,0x2800,0x2c00,0x3000,0x3400,0x3800,0x3c00,0x4000, - 0x4400,0x4800,0x4c00,0x5000,0x5100,0x5200,0x5300,0x5400,0x5500,0x5600, - 0x5700,0x5800,0x5900,0x5a00,0x5b00,0x5c00,0x5d00,0x5e00,0x5f00,0x6000, - 0x6100,0x6200,0x6300,0x6400,0x6500,0x6600,0x6700,0x6800,0x6900,0x6a00, - 0x6b00,0x6c00,0x6d00,0x6e00,0x6f00,0x7000,0x7100,0x7200,0x7300,0x7400, - 0x7500,0x7600,0x7700,0x7800,0x7900,0x7a00,0x7b00,0x7c00,0x7d00,0x7e00, - 0x7f00 -}; - - - -void vmx_reflect_interruption(u64 ifa, u64 isr, u64 iim, - u64 vec, REGS *regs) -{ - u64 status, vector; - VCPU *vcpu = current; - u64 vpsr = VCPU(vcpu, vpsr); - - vector = vec2off[vec]; - if(!(vpsr&IA64_PSR_IC)&&(vector!=IA64_DATA_NESTED_TLB_VECTOR)){ - panic_domain(regs, "Guest nested fault vector=%lx!\n", vector); - } - - switch (vec) { - - case 22: // IA64_INST_ACCESS_RIGHTS_VECTOR - if (vhpt_access_rights_fixup(vcpu, ifa, 0)) - return; - break; - - case 25: // IA64_DISABLED_FPREG_VECTOR - - if (FP_PSR(vcpu) & IA64_PSR_DFH) { - FP_PSR(vcpu) = IA64_PSR_MFH; - if (__ia64_per_cpu_var(fp_owner) != vcpu) - __ia64_load_fpu(vcpu->arch._thread.fph); - } - if (!(VCPU(vcpu, vpsr) & IA64_PSR_DFH)) { - regs->cr_ipsr &= ~IA64_PSR_DFH; - return; - } - - break; - - case 32: // IA64_FP_FAULT_VECTOR - // handle fpswa emulation - // fp fault - status = handle_fpu_swa(1, regs, isr); - if (!status) { - vcpu_increment_iip(vcpu); - return; - } else if (IA64_RETRY == status) - return; - break; - - case 33: // IA64_FP_TRAP_VECTOR - //fp trap - status = handle_fpu_swa(0, regs, isr); - if (!status) - return; - else if (IA64_RETRY == status) { - vcpu_decrement_iip(vcpu); - return; - } - break; - - } - VCPU(vcpu,isr)=isr; - VCPU(vcpu,iipa) = regs->cr_iip; - if (vector == IA64_BREAK_VECTOR || vector == IA64_SPECULATION_VECTOR) - VCPU(vcpu,iim) = iim; - else { - set_ifa_itir_iha(vcpu,ifa,1,1,1); - } - inject_guest_interruption(vcpu, vector); -} - - -IA64FAULT -vmx_ia64_handle_break (unsigned long ifa, struct pt_regs *regs, unsigned long isr, unsigned long iim) -{ - struct domain *d = current->domain; - struct vcpu *v = current; - - perfc_incr(vmx_ia64_handle_break); -#ifdef CRASH_DEBUG - if ((iim == 0 || iim == CDB_BREAK_NUM) && !guest_mode(regs) && - IS_VMM_ADDRESS(regs->cr_iip)) { - if (iim == 0) - show_registers(regs); - debugger_trap_fatal(0 /* don't care */, regs); - } else -#endif - { - if (iim == 0) - vmx_die_if_kernel("Break 0 in Hypervisor.", regs, iim); - - if (ia64_psr(regs)->cpl == 0) { - /* Allow hypercalls only when cpl = 0. */ - if (iim == d->arch.breakimm) { - ia64_hypercall(regs); - vcpu_increment_iip(v); - return IA64_NO_FAULT; - } - else if(iim == DOMN_PAL_REQUEST){ - pal_emul(v); - vcpu_increment_iip(v); - return IA64_NO_FAULT; - }else if(iim == DOMN_SAL_REQUEST){ - sal_emul(v); - vcpu_increment_iip(v); - return IA64_NO_FAULT; - } - } - vmx_reflect_interruption(ifa,isr,iim,11,regs); - } - return IA64_NO_FAULT; -} - - -void save_banked_regs_to_vpd(VCPU *v, REGS *regs) -{ - unsigned long i=0UL, * src,* dst, *sunat, *dunat; - IA64_PSR vpsr; - src=&regs->r16; - sunat=&regs->eml_unat; - vpsr.val = VCPU(v, vpsr); - if(vpsr.bn){ - dst = &VCPU(v, vgr[0]); - dunat =&VCPU(v, vnat); - __asm__ __volatile__ (";;extr.u %0 = %1,%4,16;; \ - dep %2 = %0, %2, 0, 16;; \ - st8 [%3] = %2;;" - ::"r"(i),"r"(*sunat),"r"(*dunat),"r"(dunat),"i"(IA64_PT_REGS_R16_SLOT):"memory"); - - }else{ - dst = &VCPU(v, vbgr[0]); -// dunat =&VCPU(v, vbnat); -// __asm__ __volatile__ (";;extr.u %0 = %1,%4,16;; -// dep %2 = %0, %2, 16, 16;; -// st8 [%3] = %2;;" -// ::"r"(i),"r"(*sunat),"r"(*dunat),"r"(dunat),"i"(IA64_PT_REGS_R16_SLOT):"memory"); - - } - for(i=0; i<16; i++) - *dst++ = *src++; -} - - -// ONLY gets called from ia64_leave_kernel -// ONLY call with interrupts disabled?? (else might miss one?) -// NEVER successful if already reflecting a trap/fault because psr.i==0 -void leave_hypervisor_tail(void) -{ - struct domain *d = current->domain; - struct vcpu *v = current; - - // FIXME: Will this work properly if doing an RFI??? - if (!is_idle_domain(d) ) { // always comes from guest -// struct pt_regs *user_regs = vcpu_regs(current); - local_irq_enable(); - do_softirq(); - local_irq_disable(); - - if (v->vcpu_id == 0) { - unsigned long callback_irq = - d->arch.hvm_domain.params[HVM_PARAM_CALLBACK_IRQ]; - - if ( v->arch.arch_vmx.pal_init_pending ) { - /*inject INIT interruption to guest pal*/ - v->arch.arch_vmx.pal_init_pending = 0; - deliver_pal_init(v); - return; - } - - /* - * val[63:56] == 1: val[55:0] is a delivery PCI INTx line: - * Domain = val[47:32], Bus = val[31:16], - * DevFn = val[15: 8], IntX = val[ 1: 0] - * val[63:56] == 0: val[55:0] is a delivery as GSI - */ - if (callback_irq != 0 && local_events_need_delivery()) { - /* change level for para-device callback irq */ - /* use level irq to send discrete event */ - if ((uint8_t)(callback_irq >> 56) == 1) { - /* case of using PCI INTx line as callback irq */ - int pdev = (callback_irq >> 11) & 0x1f; - int pintx = callback_irq & 3; - viosapic_set_pci_irq(d, pdev, pintx, 1); - viosapic_set_pci_irq(d, pdev, pintx, 0); - } else { - /* case of using GSI as callback irq */ - viosapic_set_irq(d, callback_irq, 1); - viosapic_set_irq(d, callback_irq, 0); - } - } - } - - rmb(); - if (xchg(&v->arch.irq_new_pending, 0)) { - v->arch.irq_new_condition = 0; - vmx_check_pending_irq(v); - return; - } - - if (v->arch.irq_new_condition) { - v->arch.irq_new_condition = 0; - vhpi_detection(v); - } - } -} - -extern ia64_rr vmx_vcpu_rr(VCPU *vcpu, u64 vadr); - -static int vmx_handle_lds(REGS* regs) -{ - regs->cr_ipsr |=IA64_PSR_ED; - return IA64_FAULT; -} - -/* We came here because the H/W VHPT walker failed to find an entry */ -IA64FAULT -vmx_hpw_miss(u64 vadr , u64 vec, REGS* regs) -{ - IA64_PSR vpsr; - int type; - u64 vhpt_adr, gppa, pteval, rr, itir; - ISR misr; - PTA vpta; - thash_data_t *data; - VCPU *v = current; - - vpsr.val = VCPU(v, vpsr); - misr.val = VMX(v,cr_isr); - - if (vec == 1) - type = ISIDE_TLB; - else if (vec == 2) - type = DSIDE_TLB; - else - panic_domain(regs, "wrong vec:%lx\n", vec); - - if(is_physical_mode(v)&&(!(vadr<<1>>62))){ - if(vec==2){ - if (misr.sp) /* Refer to SDM Vol2 Table 4-11,4-12 */ - return vmx_handle_lds(regs); - if (v->domain != dom0 - && __gpfn_is_io(v->domain, (vadr << 1) >> (PAGE_SHIFT + 1))) { - emulate_io_inst(v,((vadr<<1)>>1),4); // UC - return IA64_FAULT; - } - } - physical_tlb_miss(v, vadr, type); - return IA64_FAULT; - } - -try_again: - if((data=vtlb_lookup(v, vadr,type))!=0){ - if (v->domain != dom0 && type == DSIDE_TLB) { - if (misr.sp) { /* Refer to SDM Vol2 Table 4-10,4-12 */ - if ((data->ma == VA_MATTR_UC) || (data->ma == VA_MATTR_UCE)) - return vmx_handle_lds(regs); - } - gppa = (vadr & ((1UL << data->ps) - 1)) + - (data->ppn >> (data->ps - 12) << data->ps); - if (__gpfn_is_io(v->domain, gppa >> PAGE_SHIFT)) { - if (misr.sp) - panic_domain(NULL, "ld.s on I/O page not with UC attr." - " pte=0x%lx\n", data->page_flags); - if (data->pl >= ((regs->cr_ipsr >> IA64_PSR_CPL0_BIT) & 3)) - emulate_io_inst(v, gppa, data->ma); - else { - vcpu_set_isr(v, misr.val); - data_access_rights(v, vadr); - } - return IA64_FAULT; - } - } - thash_vhpt_insert(v, data->page_flags, data->itir, vadr, type); - - }else if(type == DSIDE_TLB){ - - if (misr.sp) - return vmx_handle_lds(regs); - - vcpu_get_rr(v, vadr, &rr); - itir = rr & (RR_RID_MASK | RR_PS_MASK); - - if(!vhpt_enabled(v, vadr, misr.rs?RSE_REF:DATA_REF)){ - if (GOS_WINDOWS(v)) { - /* windows use region 4 and 5 for identity mapping */ - if (REGION_NUMBER(vadr) == 4 && !(regs->cr_ipsr & IA64_PSR_CPL) - && (REGION_OFFSET(vadr)<= _PAGE_PPN_MASK)) { - - pteval = PAGEALIGN(REGION_OFFSET(vadr), itir_ps(itir)) | - (_PAGE_P | _PAGE_A | _PAGE_D | - _PAGE_MA_WB | _PAGE_AR_RW); - - if (thash_purge_and_insert(v, pteval, itir, vadr, type)) - goto try_again; - - return IA64_NO_FAULT; - } - - if (REGION_NUMBER(vadr) == 5 && !(regs->cr_ipsr & IA64_PSR_CPL) - && (REGION_OFFSET(vadr)<= _PAGE_PPN_MASK)) { - - pteval = PAGEALIGN(REGION_OFFSET(vadr),itir_ps(itir)) | - (_PAGE_P | _PAGE_A | _PAGE_D | - _PAGE_MA_UC | _PAGE_AR_RW); - - if (thash_purge_and_insert(v, pteval, itir, vadr, type)) - goto try_again; - - return IA64_NO_FAULT; - } - } - - if(vpsr.ic){ - vcpu_set_isr(v, misr.val); - alt_dtlb(v, vadr); - return IA64_FAULT; - } else{ - nested_dtlb(v); - return IA64_FAULT; - } - } - - vpta.val = vmx_vcpu_get_pta(v); - if (vpta.vf) { - /* Long format is not yet supported. */ - if (vpsr.ic) { - vcpu_set_isr(v, misr.val); - dtlb_fault(v, vadr); - return IA64_FAULT; - } else { - nested_dtlb(v); - return IA64_FAULT; - } - } - - /* avoid recursively walking (short format) VHPT */ - if (!GOS_WINDOWS(v) && - (((vadr ^ vpta.val) << 3) >> (vpta.size + 3)) == 0) { - - if (vpsr.ic) { - vcpu_set_isr(v, misr.val); - dtlb_fault(v, vadr); - return IA64_FAULT; - } else { - nested_dtlb(v); - return IA64_FAULT; - } - } - - vhpt_adr = vmx_vcpu_thash(v, vadr); - if (!guest_vhpt_lookup(vhpt_adr, &pteval)) { - /* VHPT successfully read. */ - if (!(pteval & _PAGE_P)) { - if (vpsr.ic) { - vcpu_set_isr(v, misr.val); - dtlb_fault(v, vadr); - return IA64_FAULT; - } else { - nested_dtlb(v); - return IA64_FAULT; - } - } else if ((pteval & _PAGE_MA_MASK) != _PAGE_MA_ST) { - thash_purge_and_insert(v, pteval, itir, vadr, DSIDE_TLB); - return IA64_NO_FAULT; - } else if (vpsr.ic) { - vcpu_set_isr(v, misr.val); - dtlb_fault(v, vadr); - return IA64_FAULT; - }else{ - nested_dtlb(v); - return IA64_FAULT; - } - } else { - /* Can't read VHPT. */ - if (vpsr.ic) { - vcpu_set_isr(v, misr.val); - dvhpt_fault(v, vadr); - return IA64_FAULT; - } else { - nested_dtlb(v); - return IA64_FAULT; - } - } - }else if(type == ISIDE_TLB){ - - if (!vpsr.ic) - misr.ni = 1; - if (!vhpt_enabled(v, vadr, INST_REF)) { - vcpu_set_isr(v, misr.val); - alt_itlb(v, vadr); - return IA64_FAULT; - } - - vpta.val = vmx_vcpu_get_pta(v); - if (vpta.vf) { - /* Long format is not yet supported. */ - vcpu_set_isr(v, misr.val); - itlb_fault(v, vadr); - return IA64_FAULT; - } - - - vhpt_adr = vmx_vcpu_thash(v, vadr); - if (!guest_vhpt_lookup(vhpt_adr, &pteval)) { - /* VHPT successfully read. */ - if (pteval & _PAGE_P) { - if ((pteval & _PAGE_MA_MASK) == _PAGE_MA_ST) { - vcpu_set_isr(v, misr.val); - itlb_fault(v, vadr); - return IA64_FAULT; - } - vcpu_get_rr(v, vadr, &rr); - itir = rr & (RR_RID_MASK | RR_PS_MASK); - thash_purge_and_insert(v, pteval, itir, vadr, ISIDE_TLB); - return IA64_NO_FAULT; - } else { - vcpu_set_isr(v, misr.val); - inst_page_not_present(v, vadr); - return IA64_FAULT; - } - } else { - vcpu_set_isr(v, misr.val); - ivhpt_fault(v, vadr); - return IA64_FAULT; - } - } - return IA64_NO_FAULT; -} diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmx_utility.c --- a/xen/arch/ia64/vmx/vmx_utility.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/vmx_utility.c Tue Jul 17 10:20:21 2007 +0100 @@ -26,7 +26,7 @@ #include <asm/processor.h> #include <asm/vmx_mm_def.h> - +#ifdef CHECK_FAULT /* * Return: * 0: Not reserved indirect registers @@ -71,6 +71,7 @@ is_reserved_indirect_register ( return 0; } +#endif /* * Return: @@ -207,7 +208,7 @@ check_psr_rsv_fields (u64 value) } - +#ifdef CHECK_FAULT /* * Return: * 1: CR reserved fields are not zero @@ -310,9 +311,9 @@ check_cr_rsv_fields (int index, u64 valu panic ("Unsupported CR"); return 0; } - - - +#endif + +#if 0 /* * Return: * 0: Indirect Reg reserved fields are not zero @@ -361,7 +362,7 @@ check_indirect_reg_rsv_fields ( int type return 1; } - +#endif diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmx_vcpu.c --- a/xen/arch/ia64/vmx/vmx_vcpu.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/vmx_vcpu.c Tue Jul 17 10:20:21 2007 +0100 @@ -96,8 +96,7 @@ vmx_vcpu_set_psr(VCPU *vcpu, unsigned lo */ VCPU(vcpu,vpsr) = value & (~ (IA64_PSR_ID |IA64_PSR_DA | IA64_PSR_DD | - IA64_PSR_SS | IA64_PSR_ED | IA64_PSR_IA - )); + IA64_PSR_ED | IA64_PSR_IA)); if ( !old_psr.i && (value & IA64_PSR_I) ) { // vpsr.i 0->1 diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/vmx/vmx_virt.c --- a/xen/arch/ia64/vmx/vmx_virt.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/vmx/vmx_virt.c Tue Jul 17 10:20:21 2007 +0100 @@ -178,8 +178,8 @@ static IA64FAULT vmx_emul_mov_to_psr(VCP { u64 val; - if(vcpu_get_gr_nat(vcpu, inst.M35.r2, &val) != IA64_NO_FAULT) - panic_domain(vcpu_regs(vcpu),"get_psr nat bit fault\n"); + if (vcpu_get_gr_nat(vcpu, inst.M35.r2, &val) != IA64_NO_FAULT) + panic_domain(vcpu_regs(vcpu),"get_psr nat bit fault\n"); return vmx_vcpu_set_psr_l(vcpu, val); } @@ -914,7 +914,6 @@ static IA64FAULT vmx_emul_mov_to_ibr(VCP static IA64FAULT vmx_emul_mov_to_ibr(VCPU *vcpu, INST64 inst) { u64 r3,r2; - return IA64_NO_FAULT; #ifdef CHECK_FAULT IA64_PSR vpsr; vpsr.val=vmx_vcpu_get_psr(vcpu); @@ -932,7 +931,7 @@ static IA64FAULT vmx_emul_mov_to_ibr(VCP return IA64_FAULT; #endif //CHECK_FAULT } - return (vmx_vcpu_set_ibr(vcpu,r3,r2)); + return vmx_vcpu_set_ibr(vcpu,r3,r2); } static IA64FAULT vmx_emul_mov_to_pmc(VCPU *vcpu, INST64 inst) @@ -1062,6 +1061,7 @@ static IA64FAULT vmx_emul_mov_from_dbr(V static IA64FAULT vmx_emul_mov_from_dbr(VCPU *vcpu, INST64 inst) { u64 r3,r1; + IA64FAULT res; #ifdef CHECK_FAULT if(check_target_register(vcpu, inst.M43.r1)){ set_illegal_op_isr(vcpu); @@ -1092,13 +1092,16 @@ static IA64FAULT vmx_emul_mov_from_dbr(V return IA64_FAULT; } #endif //CHECK_FAULT - r1 = vmx_vcpu_get_dbr(vcpu, r3); + res = vmx_vcpu_get_ibr(vcpu, r3, &r1); + if (res != IA64_NO_FAULT) + return res; return vcpu_set_gr(vcpu, inst.M43.r1, r1,0); } static IA64FAULT vmx_emul_mov_from_ibr(VCPU *vcpu, INST64 inst) { u64 r3,r1; + IA64FAULT res; #ifdef CHECK_FAULT if(check_target_register(vcpu, inst.M43.r1)){ set_illegal_op_isr(vcpu); @@ -1129,7 +1132,9 @@ static IA64FAULT vmx_emul_mov_from_ibr(V return IA64_FAULT; } #endif //CHECK_FAULT - r1 = vmx_vcpu_get_ibr(vcpu, r3); + res = vmx_vcpu_get_dbr(vcpu, r3, &r1); + if (res != IA64_NO_FAULT) + return res; return vcpu_set_gr(vcpu, inst.M43.r1, r1,0); } @@ -1562,21 +1567,37 @@ if ( (cause == 0xff && opcode == 0x1e000 break; case EVENT_VMSW: printk ("Unimplemented instruction %ld\n", cause); - status=IA64_FAULT; + status=IA64_FAULT; break; default: - panic_domain(regs,"unknown cause %ld, iip: %lx, ipsr: %lx\n", cause,regs->cr_iip,regs->cr_ipsr); + panic_domain(regs,"unknown cause %ld, iip: %lx, ipsr: %lx\n", + cause,regs->cr_iip,regs->cr_ipsr); break; }; #if 0 - if (status == IA64_FAULT) + if (status != IA64_NO_FAULT) panic("Emulation failed with cause %d:\n", cause); #endif - if ( status == IA64_NO_FAULT && cause !=EVENT_RFI ) { - vcpu_increment_iip(vcpu); - } + switch (status) { + case IA64_RSVDREG_FAULT: + set_rsv_reg_field_isr(vcpu); + rsv_reg_field(vcpu); + break; + case IA64_ILLOP_FAULT: + set_illegal_op_isr(vcpu); + illegal_op(vcpu); + break; + case IA64_FAULT: + /* Registers aleady set. */ + break; + case IA64_NO_FAULT: + if ( cause != EVENT_RFI ) + vcpu_increment_iip(vcpu); + break; + } + recover_if_physical_mode(vcpu); return; diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/Makefile --- a/xen/arch/ia64/xen/Makefile Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/Makefile Tue Jul 17 10:20:21 2007 +0100 @@ -10,6 +10,7 @@ obj-y += dom_fw_dom0.o obj-y += dom_fw_dom0.o obj-y += dom_fw_domu.o obj-y += dom_fw_utils.o +obj-y += dom_fw_sn2.o obj-y += fw_emul.o obj-y += hpsimserial.o obj-y += hypercall.o diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/dom0_ops.c --- a/xen/arch/ia64/xen/dom0_ops.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/dom0_ops.c Tue Jul 17 10:20:21 2007 +0100 @@ -224,12 +224,6 @@ long arch_do_domctl(xen_domctl_t *op, XE return ret; } -/* - * Temporarily disable the NUMA PHYSINFO code until the rest of the - * changes are upstream. - */ -#undef IA64_NUMA_PHYSINFO - long arch_do_sysctl(xen_sysctl_t *op, XEN_GUEST_HANDLE(xen_sysctl_t) u_sysctl) { long ret = 0; @@ -238,46 +232,47 @@ long arch_do_sysctl(xen_sysctl_t *op, XE { case XEN_SYSCTL_physinfo: { -#ifdef IA64_NUMA_PHYSINFO - int i; - uint32_t *map, cpu_to_node_map[NR_CPUS]; -#endif + int i, node_cpus = 0; + uint32_t max_array_ent; xen_sysctl_physinfo_t *pi = &op->u.physinfo; - pi->threads_per_core = - cpus_weight(cpu_sibling_map[0]); + pi->threads_per_core = cpus_weight(cpu_sibling_map[0]); pi->cores_per_socket = cpus_weight(cpu_core_map[0]) / pi->threads_per_core; pi->nr_nodes = num_online_nodes(); - pi->sockets_per_node = num_online_cpus() / - (pi->nr_nodes * pi->cores_per_socket * pi->threads_per_core); + + /* + * Guess at a sockets_per_node value. Use the maximum number of + * CPUs per node to avoid deconfigured CPUs breaking the average. + */ + for_each_online_node(i) + node_cpus = max(node_cpus, cpus_weight(node_to_cpumask(i))); + + pi->sockets_per_node = node_cpus / + (pi->cores_per_socket * pi->threads_per_core); + pi->total_pages = total_pages; pi->free_pages = avail_domheap_pages(); pi->scrub_pages = avail_scrub_pages(); pi->cpu_khz = local_cpu_data->proc_freq / 1000; memset(pi->hw_cap, 0, sizeof(pi->hw_cap)); - //memcpy(pi->hw_cap, boot_cpu_data.x86_capability, NCAPINTS*4); + + max_array_ent = pi->max_cpu_id; + pi->max_cpu_id = last_cpu(cpu_online_map); + max_array_ent = min_t(uint32_t, max_array_ent, pi->max_cpu_id); + ret = 0; -#ifdef IA64_NUMA_PHYSINFO - /* fetch cpu_to_node pointer from guest */ - get_xen_guest_handle(map, pi->cpu_to_node); - - /* if set, fill out cpu_to_node array */ - if (map != NULL) { - /* copy cpu to node mapping to domU */ - memset(cpu_to_node_map, 0, sizeof(cpu_to_node_map)); - for (i = 0; i < num_online_cpus(); i++) { - cpu_to_node_map[i] = cpu_to_node(i); - if (copy_to_guest_offset(pi->cpu_to_node, i, - &(cpu_to_node_map[i]), 1)) { + if (!guest_handle_is_null(pi->cpu_to_node)) { + for (i = 0; i <= max_array_ent; i++) { + uint32_t node = cpu_online(i) ? cpu_to_node(i) : ~0u; + if (copy_to_guest_offset(pi->cpu_to_node, i, &node, 1)) { ret = -EFAULT; break; } } } -#endif if ( copy_to_guest(u_sysctl, op, 1) ) ret = -EFAULT; diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/dom_fw_sn2.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/arch/ia64/xen/dom_fw_sn2.c Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,92 @@ +/* + * Xen domain0 platform firmware fixups for sn2 + * Copyright (C) 2007 Silicon Graphics Inc. + * Jes Sorensen <jes@xxxxxxx> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include <xen/config.h> +#include <xen/acpi.h> +#include <xen/errno.h> +#include <xen/sched.h> +#include <xen/nodemask.h> + +#include <asm/dom_fw.h> +#include <asm/dom_fw_common.h> +#include <asm/dom_fw_dom0.h> +#include <asm/dom_fw_utils.h> + +#include <asm/sn/arch.h> +#include <asm/sn/addrs.h> +#include <asm/sn/shub_mmr.h> + +#define SWAP_NASID(n, x) ((x & ~NASID_MASK) | NASID_SPACE(n)) + +int __init +sn2_dom_fw_init(domain_t *d, + struct xen_ia64_boot_param *bp, + struct fw_tables *tables) +{ + int node; + short nasid; + unsigned long shubid, shubpicam, shubpiowrite; + + printk("SN2 mapping specific registers to dom0\n"); + + assign_domain_mach_page(d, LOCAL_MMR_OFFSET | SH_RTC, PAGE_SIZE, + ASSIGN_nocache); + + if (is_shub1()) { + /* 0x110060000 */ + shubid = SH1_GLOBAL_MMR_OFFSET + (SH1_SHUB_ID & PAGE_MASK); + /* 0x120050000 */ + shubpicam = SH1_GLOBAL_MMR_OFFSET + + (SH1_PI_CAM_CONTROL & PAGE_MASK); + /* 0x120070000 */ + shubpiowrite = SH1_GLOBAL_MMR_OFFSET + + (SH1_PIO_WRITE_STATUS_0 & PAGE_MASK); + + for_each_online_node(node) { + nasid = cnodeid_to_nasid(node); + shubid = SWAP_NASID(nasid, shubid); + shubpicam = SWAP_NASID(nasid, shubpicam); + shubpiowrite = SWAP_NASID(nasid, shubpiowrite); + + assign_domain_mach_page(d, shubid, PAGE_SIZE, + ASSIGN_nocache); + assign_domain_mach_page(d, shubpicam, PAGE_SIZE, + ASSIGN_nocache); + assign_domain_mach_page(d, shubpiowrite, PAGE_SIZE, + ASSIGN_nocache); + } + + /* map leds */ + assign_domain_mach_page(d, LOCAL_MMR_OFFSET | + SH1_REAL_JUNK_BUS_LED0, + PAGE_SIZE, ASSIGN_nocache); + assign_domain_mach_page(d, LOCAL_MMR_OFFSET | + SH1_REAL_JUNK_BUS_LED1, + PAGE_SIZE, ASSIGN_nocache); + assign_domain_mach_page(d, LOCAL_MMR_OFFSET | + SH1_REAL_JUNK_BUS_LED2, + PAGE_SIZE, ASSIGN_nocache); + assign_domain_mach_page(d, LOCAL_MMR_OFFSET | + SH1_REAL_JUNK_BUS_LED3, + PAGE_SIZE, ASSIGN_nocache); + } else + panic("Unable to build EFI entry for SHUB 2 MMR\n"); + + return 0; +} diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/dom_fw_utils.c --- a/xen/arch/ia64/xen/dom_fw_utils.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/dom_fw_utils.c Tue Jul 17 10:20:21 2007 +0100 @@ -52,7 +52,6 @@ int xen_ia64_is_vcpu_allocated(struct do int xen_ia64_is_running_on_sim(struct domain *unused) { - extern unsigned long running_on_sim; return running_on_sim; } @@ -251,10 +250,28 @@ int dom_fw_setup(domain_t * d, unsigned imva_hypercall_base = (unsigned long)domain_mpa_to_imva (d, FW_HYPERCALL_BASE_PADDR); + /* + * dom_fw_init() + * - [FW_HYPERCALL_BASE_PADDR, FW_HYPERCALL_END_PADDR) + * - [FW_ACPI_BASE_PADDR, FW_ACPI_END_PADDR) + * - [FW_TABLES_BASE_PADDR, tables->fw_tables_end_paddr) + * + * complete_dom0_memmap() for dom0 + * - real machine memory map + * - memmap_info by setup_dom0_memmap_info() + * + * complete_domu_memmap() for old domu builder + * - I/O port + * - conventional memory + * - memmap_info + */ +#define NUM_EXTRA_MEM_DESCS 4 + /* Estimate necessary efi memmap size and allocate memory */ fw_tables_size = sizeof(*fw_tables) + (ia64_boot_param->efi_memmap_size / - ia64_boot_param->efi_memdesc_size + NUM_MEM_DESCS) * + ia64_boot_param->efi_memdesc_size + + NUM_EXTRA_MEM_DESCS) * sizeof(fw_tables->efi_memmap[0]); if (fw_tables_size < FW_TABLES_END_PADDR_MIN - FW_TABLES_BASE_PADDR) @@ -292,14 +309,22 @@ int dom_fw_setup(domain_t * d, unsigned xfree(fw_tables); return ret; } + + ret = platform_fw_init(d, bp, fw_tables); + if (ret < 0) { + xfree(fw_tables); + return ret; + } + if (sizeof(*fw_tables) + fw_tables->num_mds * sizeof(fw_tables->efi_memmap[0]) > fw_tables_size) { - panic("EFI memmap too large. Increase NUM_MEM_DESCS.\n" + panic("EFI memmap too large. " + "Increase NUM_EXTRA_MEM_DESCS.\n" "fw_table_size %ld > %ld num_mds %ld " - "NUM_MEM_DESCS %d.\n", + "NUM_EXTRA_MEM_DESCS %d.\n", fw_tables_size, fw_tables->fw_tables_size, - fw_tables->num_mds, NUM_MEM_DESCS); + fw_tables->num_mds, NUM_EXTRA_MEM_DESCS); } fw_tables_size = sizeof(*fw_tables) + fw_tables->num_mds * sizeof(fw_tables->efi_memmap[0]); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/domain.c --- a/xen/arch/ia64/xen/domain.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/domain.c Tue Jul 17 10:20:21 2007 +0100 @@ -58,8 +58,6 @@ static unsigned int __initdata dom0_max_ static unsigned int __initdata dom0_max_vcpus = 1; integer_param("dom0_max_vcpus", dom0_max_vcpus); -extern unsigned long running_on_sim; - extern char dom0_command_line[]; /* forward declaration */ @@ -237,6 +235,14 @@ void context_switch(struct vcpu *prev, s ia64_disable_vhpt_walker(); lazy_fp_switch(prev, current); + if (prev->arch.dbg_used || next->arch.dbg_used) { + /* + * Load debug registers either because they are valid or to clear + * the previous one. + */ + ia64_load_debug_regs(next->arch.dbr); + } + prev = ia64_switch_to(next); /* Note: ia64_switch_to does not return here at vcpu initialization. */ @@ -361,10 +367,6 @@ void startup_cpu_idle_loop(void) # error "XMAPPEDREGS_SHIFT doesn't match sizeof(mapped_regs_t)." #endif -#if (IA64_RBS_OFFSET % 512) != IA64_GUEST_CONTEXT_RBS_OFFSET -# error "arch-ia64.h: IA64_GUEST_CONTEXT_RBS_OFFSET must be adjusted." -#endif - void hlt_timer_fn(void *data) { struct vcpu *v = data; @@ -607,6 +609,8 @@ int arch_vcpu_reset(struct vcpu *v) /* FIXME: Stub for now */ return 0; } + +#define COPY_FPREG(dst, src) memcpy(dst, src, sizeof(struct ia64_fpreg)) void arch_get_info_guest(struct vcpu *v, vcpu_guest_context_u c) { @@ -674,12 +678,12 @@ void arch_get_info_guest(struct vcpu *v, c.nat->regs.ar.ccv = uregs->ar_ccv; - c.nat->regs.f[6] = uregs->f6; - c.nat->regs.f[7] = uregs->f7; - c.nat->regs.f[8] = uregs->f8; - c.nat->regs.f[9] = uregs->f9; - c.nat->regs.f[10] = uregs->f10; - c.nat->regs.f[11] = uregs->f11; + COPY_FPREG(&c.nat->regs.f[6], &uregs->f6); + COPY_FPREG(&c.nat->regs.f[7], &uregs->f7); + COPY_FPREG(&c.nat->regs.f[8], &uregs->f8); + COPY_FPREG(&c.nat->regs.f[9], &uregs->f9); + COPY_FPREG(&c.nat->regs.f[10], &uregs->f10); + COPY_FPREG(&c.nat->regs.f[11], &uregs->f11); c.nat->regs.r[4] = uregs->r4; c.nat->regs.r[5] = uregs->r5; @@ -689,11 +693,20 @@ void arch_get_info_guest(struct vcpu *v, /* FIXME: to be reordered. */ c.nat->regs.nats = uregs->eml_unat; + c.nat->regs.rbs_voff = (IA64_RBS_OFFSET / 8) % 64; if (rbs_size < sizeof (c.nat->regs.rbs)) - memcpy (c.nat->regs.rbs, (char *)v + IA64_RBS_OFFSET, rbs_size); + memcpy(c.nat->regs.rbs, (char *)v + IA64_RBS_OFFSET, rbs_size); c.nat->privregs_pfn = get_gpfn_from_mfn (virt_to_maddr(v->arch.privregs) >> PAGE_SHIFT); + + for (i = 0; i < IA64_NUM_DBG_REGS; i++) { + vcpu_get_dbr(v, i, &c.nat->regs.dbr[i]); + vcpu_get_ibr(v, i, &c.nat->regs.ibr[i]); + } + + for (i = 0; i < 7; i++) + vcpu_get_rr(v, (unsigned long)i << 61, &c.nat->regs.rr[i]); /* Fill extra regs. */ for (i = 0; i < 8; i++) { @@ -724,7 +737,7 @@ int arch_set_info_guest(struct vcpu *v, struct domain *d = v->domain; int was_initialised = v->is_initialised; unsigned int rbs_size; - int rc; + int rc, i; /* Finish vcpu initialization. */ if (!was_initialised) { @@ -777,7 +790,7 @@ int arch_set_info_guest(struct vcpu *v, if (!was_initialised) uregs->loadrs = (rbs_size) << 16; if (rbs_size == (uregs->loadrs >> 16)) - memcpy ((char *)v + IA64_RBS_OFFSET, c.nat->regs.rbs, rbs_size); + memcpy((char *)v + IA64_RBS_OFFSET, c.nat->regs.rbs, rbs_size); uregs->r1 = c.nat->regs.r[1]; uregs->r12 = c.nat->regs.r[12]; @@ -807,12 +820,12 @@ int arch_set_info_guest(struct vcpu *v, uregs->ar_ccv = c.nat->regs.ar.ccv; - uregs->f6 = c.nat->regs.f[6]; - uregs->f7 = c.nat->regs.f[7]; - uregs->f8 = c.nat->regs.f[8]; - uregs->f9 = c.nat->regs.f[9]; - uregs->f10 = c.nat->regs.f[10]; - uregs->f11 = c.nat->regs.f[11]; + COPY_FPREG(&uregs->f6, &c.nat->regs.f[6]); + COPY_FPREG(&uregs->f7, &c.nat->regs.f[7]); + COPY_FPREG(&uregs->f8, &c.nat->regs.f[8]); + COPY_FPREG(&uregs->f9, &c.nat->regs.f[9]); + COPY_FPREG(&uregs->f10, &c.nat->regs.f[10]); + COPY_FPREG(&uregs->f11, &c.nat->regs.f[11]); uregs->r4 = c.nat->regs.r[4]; uregs->r5 = c.nat->regs.r[5]; @@ -825,12 +838,17 @@ int arch_set_info_guest(struct vcpu *v, if (!d->arch.is_vti) { /* domain runs at PL2/3 */ - uregs->cr_ipsr |= 2UL << IA64_PSR_CPL0_BIT; - uregs->ar_rsc |= (2 << 2); /* force PL2/3 */ + uregs->cr_ipsr = vcpu_pl_adjust(uregs->cr_ipsr, + IA64_PSR_CPL0_BIT); + uregs->ar_rsc = vcpu_pl_adjust(uregs->ar_rsc, 2); } + for (i = 0; i < IA64_NUM_DBG_REGS; i++) { + vcpu_set_dbr(v, i, c.nat->regs.dbr[i]); + vcpu_set_ibr(v, i, c.nat->regs.ibr[i]); + } + if (c.nat->flags & VGCF_EXTRA_REGS) { - int i; struct vcpu_tr_regs *tr = &c.nat->regs.tr; for (i = 0; i < 8; i++) { @@ -1497,3 +1515,48 @@ static void __init parse_dom0_mem(char * dom0_size = parse_size_and_unit(s, NULL); } custom_param("dom0_mem", parse_dom0_mem); + +/* + * Helper function for the optimization stuff handling the identity mapping + * feature. + */ +static inline void +optf_set_identity_mapping(unsigned long* mask, struct identity_mapping* im, + struct xen_ia64_opt_feature* f) +{ + if (f->on) { + *mask |= f->cmd; + im->pgprot = f->pgprot; + im->key = f->key; + } else { + *mask &= ~(f->cmd); + im->pgprot = 0; + im->key = 0; + } +} + +/* Switch a optimization feature on/off. */ +int +domain_opt_feature(struct xen_ia64_opt_feature* f) +{ + struct opt_feature* optf = &(current->domain->arch.opt_feature); + long rc = 0; + + switch (f->cmd) { + case XEN_IA64_OPTF_IDENT_MAP_REG4: + optf_set_identity_mapping(&optf->mask, &optf->im_reg4, f); + break; + case XEN_IA64_OPTF_IDENT_MAP_REG5: + optf_set_identity_mapping(&optf->mask, &optf->im_reg5, f); + break; + case XEN_IA64_OPTF_IDENT_MAP_REG7: + optf_set_identity_mapping(&optf->mask, &optf->im_reg7, f); + break; + default: + printk("%s: unknown opt_feature: %ld\n", __func__, f->cmd); + rc = -ENOSYS; + break; + } + return rc; +} + diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/faults.c --- a/xen/arch/ia64/xen/faults.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/faults.c Tue Jul 17 10:20:21 2007 +0100 @@ -38,10 +38,9 @@ extern int ia64_hyperprivop(unsigned lon extern int ia64_hyperprivop(unsigned long, REGS *); extern IA64FAULT ia64_hypercall(struct pt_regs *regs); -#define IA64_PSR_CPL1 (__IA64_UL(1) << IA64_PSR_CPL1_BIT) // note IA64_PSR_PK removed from following, why is this necessary? #define DELIVER_PSR_SET (IA64_PSR_IC | IA64_PSR_I | \ - IA64_PSR_DT | IA64_PSR_RT | IA64_PSR_CPL1 | \ + IA64_PSR_DT | IA64_PSR_RT | \ IA64_PSR_IT | IA64_PSR_BN) #define DELIVER_PSR_CLR (IA64_PSR_AC | IA64_PSR_DFL | IA64_PSR_DFH | \ @@ -92,6 +91,7 @@ static void reflect_interruption(unsigne regs->cr_iip = ((unsigned long)PSCBX(v, iva) + vector) & ~0xffUL; regs->cr_ipsr = (regs->cr_ipsr & ~DELIVER_PSR_CLR) | DELIVER_PSR_SET; + regs->cr_ipsr = vcpu_pl_adjust(regs->cr_ipsr, IA64_PSR_CPL0_BIT); if (PSCB(v, dcr) & IA64_DCR_BE) regs->cr_ipsr |= IA64_PSR_BE; @@ -137,6 +137,7 @@ void reflect_event(void) regs->cr_iip = v->arch.event_callback_ip; regs->cr_ipsr = (regs->cr_ipsr & ~DELIVER_PSR_CLR) | DELIVER_PSR_SET; + regs->cr_ipsr = vcpu_pl_adjust(regs->cr_ipsr, IA64_PSR_CPL0_BIT); if (PSCB(v, dcr) & IA64_DCR_BE) regs->cr_ipsr |= IA64_PSR_BE; @@ -236,6 +237,8 @@ void ia64_do_page_fault(unsigned long ad ((unsigned long)PSCBX(current, iva) + fault) & ~0xffUL; regs->cr_ipsr = (regs->cr_ipsr & ~DELIVER_PSR_CLR) | DELIVER_PSR_SET; + regs->cr_ipsr = vcpu_pl_adjust(regs->cr_ipsr, + IA64_PSR_CPL0_BIT); if (PSCB(current, hpsr_dfh)) regs->cr_ipsr |= IA64_PSR_DFH; @@ -488,8 +491,6 @@ ia64_fault(unsigned long vector, unsigne panic("Fault in Xen.\n"); } -unsigned long running_on_sim = 0; - /* Also read in hyperprivop.S */ int first_break = 0; @@ -503,7 +504,7 @@ ia64_handle_break(unsigned long ifa, str /* FIXME: don't hardcode constant */ if ((iim == 0x80001 || iim == 0x80002) - && ia64_get_cpl(regs->cr_ipsr) == 2) { + && ia64_get_cpl(regs->cr_ipsr) == CONFIG_CPL0_EMUL) { do_ssc(vcpu_get_gr(current, 36), regs); } #ifdef CRASH_DEBUG @@ -513,7 +514,8 @@ ia64_handle_break(unsigned long ifa, str debugger_trap_fatal(0 /* don't care */ , regs); } #endif - else if (iim == d->arch.breakimm && ia64_get_cpl(regs->cr_ipsr) == 2) { + else if (iim == d->arch.breakimm && + ia64_get_cpl(regs->cr_ipsr) == CONFIG_CPL0_EMUL) { /* by default, do not continue */ v->arch.hypercall_continuation = 0; @@ -523,7 +525,7 @@ ia64_handle_break(unsigned long ifa, str } else reflect_interruption(isr, regs, vector); } else if ((iim - HYPERPRIVOP_START) < HYPERPRIVOP_MAX - && ia64_get_cpl(regs->cr_ipsr) == 2) { + && ia64_get_cpl(regs->cr_ipsr) == CONFIG_CPL0_EMUL) { if (ia64_hyperprivop(iim, regs)) vcpu_increment_iip(current); } else { @@ -544,6 +546,14 @@ ia64_handle_privop(unsigned long ifa, st if (vector != IA64_NO_FAULT && vector != IA64_RFI_IN_PROGRESS) { // Note: if a path results in a vector to reflect that requires // iha/itir (e.g. vcpu_force_data_miss), they must be set there + /* + * IA64_GENEX_VECTOR may contain in the lowest byte an ISR.code + * see IA64_ILLOP_FAULT, ... + */ + if ((vector & ~0xffUL) == IA64_GENEX_VECTOR) { + isr = vector & 0xffUL; + vector = IA64_GENEX_VECTOR; + } reflect_interruption(isr, regs, vector); } } @@ -639,6 +649,11 @@ ia64_handle_reflection(unsigned long ifa PSCB(current, iim) = iim; vector = IA64_SPECULATION_VECTOR; break; + case 29: + vector = IA64_DEBUG_VECTOR; + if (debugger_trap_entry(vector,regs)) + return; + break; case 30: // FIXME: Should we handle unaligned refs in Xen?? vector = IA64_UNALIGNED_REF_VECTOR; @@ -673,19 +688,19 @@ ia64_handle_reflection(unsigned long ifa vector = IA64_LOWERPRIV_TRANSFER_TRAP_VECTOR; break; case 35: - printk("ia64_handle_reflection: handling taken branch trap\n"); vector = IA64_TAKEN_BRANCH_TRAP_VECTOR; + if (debugger_trap_entry(vector,regs)) + return; break; case 36: - printk("ia64_handle_reflection: handling single step trap\n"); vector = IA64_SINGLE_STEP_TRAP_VECTOR; + if (debugger_trap_entry(vector,regs)) + return; break; default: - printk("ia64_handle_reflection: unhandled vector=0x%lx\n", - vector); - while (vector) - /* spin */; + panic_domain(regs, "ia64_handle_reflection: " + "unhandled vector=0x%lx\n", vector); return; } if (check_lazy_cover && (isr & IA64_ISR_IR) && diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/fw_emul.c --- a/xen/arch/ia64/xen/fw_emul.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/fw_emul.c Tue Jul 17 10:20:21 2007 +0100 @@ -23,6 +23,7 @@ #include <asm/pal.h> #include <asm/sal.h> #include <asm/sn/sn_sal.h> +#include <asm/sn/hubdev.h> #include <asm/xenmca.h> #include <public/sched.h> @@ -37,8 +38,6 @@ #include <xen/time.h> static DEFINE_SPINLOCK(efi_time_services_lock); - -extern unsigned long running_on_sim; struct sal_mc_params { u64 param_type; @@ -141,7 +140,7 @@ sal_emulator (long index, unsigned long status = 0; switch (index) { case SAL_FREQ_BASE: - if (!running_on_sim) + if (likely(!running_on_sim)) status = ia64_sal_freq_base(in1,&r9,&r10); else switch (in1) { case SAL_FREQ_BASE_PLATFORM: @@ -380,7 +379,7 @@ sal_emulator (long index, unsigned long case SN_SAL_GET_MASTER_NASID: status = -1; if (current->domain == dom0) { - printk("*** Emulating SN_SAL_GET_MASTER_NASID ***\n"); + /* printk("*** Emulating SN_SAL_GET_MASTER_NASID ***\n"); */ SAL_CALL_NOLOCK(ret_stuff, SN_SAL_GET_MASTER_NASID, 0, 0, 0, 0, 0, 0, 0); status = ret_stuff.status; @@ -392,7 +391,7 @@ sal_emulator (long index, unsigned long case SN_SAL_GET_KLCONFIG_ADDR: status = -1; if (current->domain == dom0) { - printk("*** Emulating SN_SAL_GET_KLCONFIG_ADDR ***\n"); + /* printk("*** Emulating SN_SAL_GET_KLCONFIG_ADDR ***\n"); */ SAL_CALL_NOLOCK(ret_stuff, SN_SAL_GET_KLCONFIG_ADDR, in1, 0, 0, 0, 0, 0, 0); status = ret_stuff.status; @@ -404,9 +403,9 @@ sal_emulator (long index, unsigned long case SN_SAL_GET_SAPIC_INFO: status = -1; if (current->domain == dom0) { - printk("*** Emulating SN_SAL_GET_SAPIC_INFO ***\n"); - SAL_CALL_NOLOCK(ret_stuff, SN_SAL_GET_SAPIC_INFO, in1, - 0, 0, 0, 0, 0, 0); + /* printk("*** Emulating SN_SAL_GET_SAPIC_INFO ***\n"); */ + SAL_CALL_NOLOCK(ret_stuff, SN_SAL_GET_SAPIC_INFO, + in1, 0, 0, 0, 0, 0, 0); status = ret_stuff.status; r9 = ret_stuff.v0; r10 = ret_stuff.v1; @@ -416,9 +415,9 @@ sal_emulator (long index, unsigned long case SN_SAL_GET_SN_INFO: status = -1; if (current->domain == dom0) { - printk("*** Emulating SN_SAL_GET_SN_INFO ***\n"); - SAL_CALL_NOLOCK(ret_stuff, SN_SAL_GET_SN_INFO, in1, - 0, 0, 0, 0, 0, 0); + /* printk("*** Emulating SN_SAL_GET_SN_INFO ***\n"); */ + SAL_CALL_NOLOCK(ret_stuff, SN_SAL_GET_SN_INFO, + in1, 0, 0, 0, 0, 0, 0); status = ret_stuff.status; r9 = ret_stuff.v0; r10 = ret_stuff.v1; @@ -428,9 +427,124 @@ sal_emulator (long index, unsigned long case SN_SAL_IOIF_GET_HUBDEV_INFO: status = -1; if (current->domain == dom0) { - printk("*** Emulating SN_SAL_IOIF_GET_HUBDEV_INFO ***\n"); + /* printk("*** Emulating SN_SAL_IOIF_GET_HUBDEV_INFO ***\n"); */ SAL_CALL_NOLOCK(ret_stuff, SN_SAL_IOIF_GET_HUBDEV_INFO, in1, in2, 0, 0, 0, 0, 0); + status = ret_stuff.status; + r9 = ret_stuff.v0; + r10 = ret_stuff.v1; + r11 = ret_stuff.v2; + } + break; + case SN_SAL_IOIF_INIT: + status = -1; + if (current->domain == dom0) { + /* printk("*** Emulating SN_SAL_IOIF_INIT ***\n"); */ + SAL_CALL_NOLOCK(ret_stuff, SN_SAL_IOIF_INIT, + 0, 0, 0, 0, 0, 0, 0); + status = ret_stuff.status; + r9 = ret_stuff.v0; + r10 = ret_stuff.v1; + r11 = ret_stuff.v2; + } + break; + case SN_SAL_GET_PROM_FEATURE_SET: + status = -1; + if (current->domain == dom0) { + /* printk("*** Emulating SN_SAL_GET_PROM_FEATURE_SET ***\n"); */ + SAL_CALL_NOLOCK(ret_stuff, SN_SAL_GET_PROM_FEATURE_SET, + in1, 0, 0, 0, 0, 0, 0); + status = ret_stuff.status; + r9 = ret_stuff.v0; + r10 = ret_stuff.v1; + r11 = ret_stuff.v2; + } + break; + case SN_SAL_SET_OS_FEATURE_SET: + status = -1; + if (current->domain == dom0) { + /* printk("*** Emulating SN_SAL_SET_OS_FEATURE_SET ***\n"); */ + SAL_CALL_NOLOCK(ret_stuff, SN_SAL_SET_OS_FEATURE_SET, + in1, 0, 0, 0, 0, 0, 0); + status = ret_stuff.status; + r9 = ret_stuff.v0; + r10 = ret_stuff.v1; + r11 = ret_stuff.v2; + } + break; + case SN_SAL_SET_ERROR_HANDLING_FEATURES: + status = -1; + if (current->domain == dom0) { + /* printk("*** Emulating SN_SAL_SET_ERROR_HANDLING_FEATURES ***\n"); */ + SAL_CALL_NOLOCK(ret_stuff, + SN_SAL_SET_ERROR_HANDLING_FEATURES, + in1, 0, 0, 0, 0, 0, 0); + status = ret_stuff.status; + r9 = ret_stuff.v0; + r10 = ret_stuff.v1; + r11 = ret_stuff.v2; + } + break; +#if 0 +/* + * Somehow ACPI breaks if allowing this one + */ + case SN_SAL_SET_CPU_NUMBER: + status = -1; + if (current->domain == dom0) { + printk("*** Emulating SN_SAL_SET_CPU_NUMBER ***\n"); + SAL_CALL_NOLOCK(ret_stuff, SN_SAL_SET_CPU_NUMBER, + in1, 0, 0, 0, 0, 0, 0); + status = ret_stuff.status; + r9 = ret_stuff.v0; + r10 = ret_stuff.v1; + r11 = ret_stuff.v2; + } + break; +#endif + case SN_SAL_LOG_CE: + status = -1; + if (current->domain == dom0) { + static int log_ce = 0; + if (!log_ce) { + printk("*** Emulating SN_SAL_LOG_CE *** " + " this will only be printed once\n"); + log_ce = 1; + } + SAL_CALL_NOLOCK(ret_stuff, SN_SAL_LOG_CE, + 0, 0, 0, 0, 0, 0, 0); + status = ret_stuff.status; + r9 = ret_stuff.v0; + r10 = ret_stuff.v1; + r11 = ret_stuff.v2; + } + break; + case SN_SAL_IOIF_GET_DEVICE_DMAFLUSH_LIST: + status = -1; + if (current->domain == dom0) { + struct sn_flush_device_common flush; + int flush_size; + + flush_size = sizeof(struct sn_flush_device_common); + memset(&flush, 0, flush_size); + SAL_CALL_NOLOCK(ret_stuff, + SN_SAL_IOIF_GET_DEVICE_DMAFLUSH_LIST, + in1, in2, in3, &flush, 0, 0, 0); +#if 0 + printk("*** Emulating " + "SN_SAL_IOIF_GET_DEVICE_DMAFLUSH_LIST ***\n"); +#endif + if (ret_stuff.status == SALRET_OK) { + XEN_GUEST_HANDLE(void) handle = + *(XEN_GUEST_HANDLE(void)*)&in4; + if (copy_to_guest(handle, &flush, 1)) { + printk("SN_SAL_IOIF_GET_DEVICE_" + "DMAFLUSH_LIST can't copy " + "to user!\n"); + ret_stuff.status = SALRET_ERROR; + } + } + status = ret_stuff.status; r9 = ret_stuff.v0; r10 = ret_stuff.v1; @@ -478,7 +592,7 @@ xen_pal_emulator(unsigned long index, u6 unsigned long flags; int processor; - if (running_on_sim) + if (unlikely(running_on_sim)) return pal_emulator_static(index); // pal code must be mapped by a TR when pal is called, however @@ -1259,7 +1373,10 @@ do_ssc(unsigned long ssc, struct pt_regs break; case SSC_OPEN: arg1 = vcpu_get_gr(current,33); // access rights -if (!running_on_sim) { printk("SSC_OPEN, not implemented on hardware. (ignoring...)\n"); arg0 = 0; } + if (!running_on_sim) { + printk("SSC_OPEN, not implemented on hardware. (ignoring...)\n"); + arg0 = 0; + } if (arg0) { // metaphysical address arg0 = translate_domain_mpaddr(arg0, NULL); retval = ia64_ssc(arg0,arg1,0,0,ssc); @@ -1320,7 +1437,10 @@ if (!running_on_sim) { printk("SSC_OPEN, arg1 = vcpu_get_gr(current,33); arg2 = vcpu_get_gr(current,34); arg3 = vcpu_get_gr(current,35); - if (!running_on_sim) { printk("SSC_CONNECT_INTERRUPT, not implemented on hardware. (ignoring...)\n"); break; } + if (!running_on_sim) { + printk("SSC_CONNECT_INTERRUPT, not implemented on hardware. (ignoring...)\n"); + break; + } (void)ia64_ssc(arg0,arg1,arg2,arg3,ssc); break; case SSC_NETDEV_PROBE: diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/hypercall.c --- a/xen/arch/ia64/xen/hypercall.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/hypercall.c Tue Jul 17 10:20:21 2007 +0100 @@ -224,6 +224,16 @@ ia64_hypercall(struct pt_regs *regs) regs->r10 = fpswa_ret.err1; regs->r11 = fpswa_ret.err2; break; + case __HYPERVISOR_opt_feature: { + XEN_GUEST_HANDLE(void) arg; + struct xen_ia64_opt_feature optf; + set_xen_guest_handle(arg, (void*)(vcpu_get_gr(v, 32))); + if (copy_from_guest(&optf, arg, 1) == 0) + regs->r8 = domain_opt_feature(&optf); + else + regs->r8 = -EFAULT; + break; + } default: printk("unknown ia64 fw hypercall %lx\n", regs->r2); regs->r8 = do_ni_hypercall(); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/hyperprivop.S --- a/xen/arch/ia64/xen/hyperprivop.S Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/hyperprivop.S Tue Jul 17 10:20:21 2007 +0100 @@ -18,9 +18,8 @@ #define _PAGE_PPN_MASK 0x0003fffffffff000 //asm/pgtable.h doesn't do assembly -#define PAGE_PHYS 0x0010000000000761 //__pgprot(__DIRTY_BITS| - // _PAGE_PL_2|_PAGE_AR_RWX) -#define _PAGE_PL_2 (2<<7) +#define PAGE_PHYS (0x0010000000000661 | _PAGE_PL_PRIV) + //__pgprot(__DIRTY_BITS|_PAGE_PL_PRIV|_PAGE_AR_RWX) #if 1 // change to 0 to turn off all fast paths # define FAST_HYPERPRIVOPS @@ -62,7 +61,7 @@ #define IA64_PSR_CPL0 (__IA64_UL(1) << IA64_PSR_CPL0_BIT) // note IA64_PSR_PK removed from following, why is this necessary? #define DELIVER_PSR_SET (IA64_PSR_IC | IA64_PSR_I | \ - IA64_PSR_DT | IA64_PSR_RT | IA64_PSR_CPL1 | \ + IA64_PSR_DT | IA64_PSR_RT | \ IA64_PSR_IT | IA64_PSR_BN) #define DELIVER_PSR_CLR (IA64_PSR_AC | IA64_PSR_DFL | IA64_PSR_DFH | \ @@ -249,8 +248,8 @@ ENTRY(hyper_ssm_i) mov r29=r30 ;; movl r28=DELIVER_PSR_SET;; movl r27=~DELIVER_PSR_CLR;; + and r29=r29,r27;; or r29=r29,r28;; - and r29=r29,r27;; // set hpsr_dfh to ipsr adds r28=XSI_HPSR_DFH_OFS-XSI_PSR_IC_OFS,r18;; ld1 r28=[r28];; @@ -258,8 +257,7 @@ ENTRY(hyper_ssm_i) mov cr.ipsr=r29;; // set shared_mem ipsr (from ipsr in r30 with ipsr.ri already set) extr.u r29=r30,IA64_PSR_CPL0_BIT,2;; - cmp.eq p6,p7=3,r29;; -(p6) dep r30=-1,r30,IA64_PSR_CPL0_BIT,2 + cmp.eq p7,p0=CONFIG_CPL0_EMUL,r29;; (p7) dep r30=0,r30,IA64_PSR_CPL0_BIT,2 ;; // FOR SSM_I ONLY, also turn on psr.i and psr.ic @@ -441,20 +439,18 @@ GLOBAL_ENTRY(fast_tick_reflect) st8 [r21]=r16 ;; // set cr.ipsr (make sure cpl==2!) mov r29=r17 ;; - movl r28=DELIVER_PSR_SET;; - movl r27=~(DELIVER_PSR_CLR|IA64_PSR_CPL0);; + movl r28=DELIVER_PSR_SET | (CONFIG_CPL0_EMUL << IA64_PSR_CPL0_BIT);; + movl r27=~(DELIVER_PSR_CLR|IA64_PSR_CPL0|IA64_PSR_CPL1);; + and r29=r29,r27;; or r29=r29,r28;; - and r29=r29,r27;; mov cr.ipsr=r29;; // set shared_mem ipsr (from ipsr in r17 with ipsr.ri already set) extr.u r29=r17,IA64_PSR_CPL0_BIT,2;; - cmp.eq p6,p7=3,r29;; -(p6) dep r17=-1,r17,IA64_PSR_CPL0_BIT,2 + cmp.eq p7,p0=CONFIG_CPL0_EMUL,r29;; (p7) dep r17=0,r17,IA64_PSR_CPL0_BIT,2 ;; movl r28=(IA64_PSR_DT|IA64_PSR_IT|IA64_PSR_RT);; movl r27=~(IA64_PSR_BE|IA64_PSR_PP|IA64_PSR_BN|IA64_PSR_I|IA64_PSR_IC);; - dep r21=-1,r21,IA64_PSR_CPL1_BIT,1 ;; or r17=r17,r28;; and r17=r17,r27;; ld4 r16=[r18];; @@ -620,10 +616,10 @@ ENTRY(fast_reflect) movl r21=THIS_CPU(current_psr_i_addr) mov r29=r30 ;; ld8 r21=[r21] - movl r28=DELIVER_PSR_SET;; - movl r27=~(DELIVER_PSR_CLR|IA64_PSR_CPL0);; + movl r28=DELIVER_PSR_SET | (CONFIG_CPL0_EMUL << IA64_PSR_CPL0_BIT);; + movl r27=~(DELIVER_PSR_CLR|IA64_PSR_CPL0|IA64_PSR_CPL1);; + and r29=r29,r27;; or r29=r29,r28;; - and r29=r29,r27;; // set hpsr_dfh to ipsr adds r28=XSI_HPSR_DFH_OFS-XSI_PSR_IC_OFS,r18;; ld1 r28=[r28];; @@ -631,8 +627,7 @@ ENTRY(fast_reflect) mov cr.ipsr=r29;; // set shared_mem ipsr (from ipsr in r30 with ipsr.ri already set) extr.u r29=r30,IA64_PSR_CPL0_BIT,2;; - cmp.eq p6,p7=3,r29;; -(p6) dep r30=-1,r30,IA64_PSR_CPL0_BIT,2 + cmp.eq p7,p0=CONFIG_CPL0_EMUL,r29;; (p7) dep r30=0,r30,IA64_PSR_CPL0_BIT,2 ;; movl r28=(IA64_PSR_DT|IA64_PSR_IT|IA64_PSR_RT);; @@ -1112,14 +1107,17 @@ 1: // OK now, let's do an rfi. just_do_rfi: // r18=&vpsr.i|vpsr.ic, r21==vpsr, r22=vcr.iip - mov cr.iip=r22;; + mov cr.iip=r22 + extr.u r19=r21,IA64_PSR_CPL0_BIT,2 adds r20=XSI_IFS_OFS-XSI_PSR_IC_OFS,r18 ;; + cmp.gtu p7,p0=CONFIG_CPL0_EMUL,r19 ld8 r20=[r20];; +(p7) mov r19=CONFIG_CPL0_EMUL dep r20=0,r20,38,25;; // ensure ifs has no reserved bits set mov cr.ifs=r20 ;; - // ipsr.cpl == (vcr.ipsr.cpl == 0) 2 : 3; + // ipsr.cpl = max(vcr.ipsr.cpl, IA64_PSR_CPL0_BIT); movl r20=THIS_CPU(current_psr_i_addr) - dep r21=-1,r21,IA64_PSR_CPL1_BIT,1 ;; + dep r21=r19,r21,IA64_PSR_CPL0_BIT,2;; // vpsr.i = vcr.ipsr.i; vpsr.ic = vcr.ipsr.ic ld8 r20=[r20] mov r19=1 @@ -1287,12 +1285,12 @@ ENTRY(rfi_with_interrupt) movl r22=THIS_CPU(current_psr_i_addr) // set cr.ipsr (make sure cpl==2!) mov r29=r17 - movl r28=DELIVER_PSR_SET;; + movl r27=~(DELIVER_PSR_CLR|IA64_PSR_CPL0|IA64_PSR_CPL1) + movl r28=DELIVER_PSR_SET | (CONFIG_CPL0_EMUL << IA64_PSR_CPL0_BIT);; mov r20=1;; ld8 r22=[r22] - movl r27=~(DELIVER_PSR_CLR|IA64_PSR_CPL0) + and r29=r29,r27;; or r29=r29,r28;; - and r29=r29,r27;; mov cr.ipsr=r29;; // v.ipsr and v.iip are already set (and v.iip validated) as rfi target // set shared_mem interrupt_delivery_enabled to 0 @@ -1935,7 +1933,7 @@ ENTRY(fast_insert) or r20=r20,r21 ;; // r20==return value from lookup_domain_mpa // r16=pteval,r20=pteval2 movl r19=_PAGE_PPN_MASK - movl r21=_PAGE_PL_2;; + movl r21=_PAGE_PL_PRIV;; andcm r25=r16,r19;; // r25==pteval & ~_PAGE_PPN_MASK and r22=r20,r19;; or r22=r22,r21;; diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/ivt.S --- a/xen/arch/ia64/xen/ivt.S Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/ivt.S Tue Jul 17 10:20:21 2007 +0100 @@ -154,14 +154,17 @@ late_alt_itlb_miss: movl r17=PAGE_KERNEL movl r19=(((1 << IA64_MAX_PHYS_BITS) - 1) & ~0xfff) ;; + mov r20=cr.itir extr.u r23=r21,IA64_PSR_CPL0_BIT,2 // extract psr.cpl and r19=r19,r16 // clear ed, reserved bits, and PTE ctrl bits extr.u r18=r16,XEN_VIRT_UC_BIT,1 // extract UC bit ;; cmp.ne p8,p0=r0,r23 // psr.cpl != 0? or r19=r17,r19 // insert PTE control bits into r19 + dep r20=0,r20,IA64_ITIR_KEY,IA64_ITIR_KEY_LEN // clear the key ;; dep r19=r18,r19,4,1 // set bit 4 (uncached) if access to UC area. + mov cr.itir=r20 // set itir with cleared key (p8) br.cond.spnt page_fault ;; itc.i r19 // insert the TLB entry @@ -195,6 +198,7 @@ late_alt_dtlb_miss: (p9) cmp.eq.or.andcm p6,p7=IA64_ISR_CODE_LFETCH,r22 // check isr.code field (p8) br.cond.spnt page_fault ;; + mov r20=cr.itir #ifdef CONFIG_VIRTUAL_FRAME_TABLE shr r22=r16,56 // Test for the address of virtual frame_table ;; @@ -204,11 +208,13 @@ late_alt_dtlb_miss: // If it is not a Xen address, handle it via page_fault. extr.u r22=r16,59,5 ;; + dep r20=0,r20,IA64_ITIR_KEY,IA64_ITIR_KEY_LEN // clear the key cmp.ne p8,p0=0x1e,r22 (p8) br.cond.sptk page_fault ;; dep r21=-1,r21,IA64_PSR_ED_BIT,1 or r19=r19,r17 // insert PTE control bits into r19 + mov cr.itir=r20 // set itir with cleared key ;; dep r19=r18,r19,4,1 // set bit 4 (uncached) if access to UC area (p6) mov cr.ipsr=r21 @@ -242,7 +248,7 @@ GLOBAL_ENTRY(frametable_miss) shladd r24=r19,3,r24 // r24=&pte[pte_offset(addr)] ;; (p7) ld8 r24=[r24] // r24=pte[pte_offset(addr)] - mov r25=0x700|(PAGE_SHIFT<<2) // key=7 + mov r25=(PAGE_SHIFT<<IA64_ITIR_PS) (p6) br.spnt.few frametable_fault ;; mov cr.itir=r25 @@ -370,16 +376,6 @@ ENTRY(dkey_miss) DBG_FAULT(7) FAULT_OR_REFLECT(7) END(dkey_miss) - - -#define SAVE_MIN_COVER_DONE DO_SAVE_MIN(,mov r30=cr.ifs,) - -// same as dispatch_break_fault except cover has already been done -GLOBAL_ENTRY(dispatch_slow_hyperprivop) - SAVE_MIN_COVER_DONE - ;; - br.sptk.many dispatch_break_fault_post_save -END(dispatch_slow_hyperprivop) .org ia64_ivt+0x2000 ////////////////////////////////////////////////////////////////////////// @@ -510,7 +506,8 @@ ENTRY(break_fault) (p7) br.spnt.many dispatch_privop_fault ;; #endif - // if (ipsr.cpl == 2 && (iim - HYPERPRIVOP_START) < HYPERPRIVOP_MAX) + // if (ipsr.cpl == CONFIG_CPL0_EMUL && + // (iim - HYPERPRIVOP_START) < HYPERPRIVOP_MAX) // this is a hyperprivop. A hyperprivop is hand-coded assembly with // psr.ic off which means it can make no calls, cannot use r1-r15, // and it can have no memory accesses unless they are to pinned @@ -524,7 +521,7 @@ ENTRY(break_fault) ;; cmp.gtu p7,p0=r21,r20 ;; - cmp.eq.and p7,p0=2,r19 // ipsr.cpl==2 + cmp.eq.and p7,p0=CONFIG_CPL0_EMUL,r19 // ipsr.cpl==CONFIG_CPL0_EMUL (p7) br.sptk.many fast_hyperprivop ;; movl r22=THIS_CPU(cpu_kr)+IA64_KR_CURRENT_OFFSET @@ -535,7 +532,7 @@ ENTRY(break_fault) ;; ld4 r23=[r23];; cmp4.eq p6,p0=r23,r17;; // Xen-reserved breakimm? - cmp.eq.and p6,p0=2,r19 + cmp.eq.and p6,p0=CONFIG_CPL0_EMUL,r19 (p6) br.spnt.many fast_hypercall ;; br.sptk.many fast_break_reflect @@ -736,7 +733,6 @@ ENTRY(interrupt) ENTRY(interrupt) DBG_FAULT(12) mov r31=pr // prepare to save predicates - ;; mov r30=cr.ivr // pass cr.ivr as first arg // FIXME: this is a hack... use cpuinfo.ksoftirqd because its // not used anywhere else and we need a place to stash ivr and @@ -744,7 +740,6 @@ ENTRY(interrupt) movl r29=THIS_CPU(cpu_info)+IA64_CPUINFO_KSOFTIRQD_OFFSET ;; st8 [r29]=r30 - ;; movl r28=slow_interrupt ;; mov r29=rp @@ -805,7 +800,6 @@ dispatch_break_fault_post_save: movl r14=ia64_leave_kernel ;; mov rp=r14 -// br.sptk.many ia64_prepare_handle_break // TODO: why commented out? br.call.sptk.many b6=ia64_handle_break END(dispatch_break_fault) @@ -997,7 +991,6 @@ ENTRY(dispatch_privop_fault) movl r14=ia64_leave_kernel ;; mov rp=r14 -// br.sptk.many ia64_prepare_handle_privop // TODO: why commented out? br.call.sptk.many b6=ia64_handle_privop END(dispatch_privop_fault) @@ -1094,11 +1087,10 @@ ENTRY(daccess_rights) ENTRY(daccess_rights) DBG_FAULT(23) mov r31=pr - ;; mov r16=cr.isr mov r17=cr.ifa mov r19=23 - movl r20=0x5300 + mov r20=0x5300 br.sptk.many fast_access_reflect ;; END(daccess_rights) @@ -1115,9 +1107,6 @@ ENTRY(general_exception) (p6) br.sptk.many dispatch_privop_fault ;; FAULT_OR_REFLECT(24) - ;; - mov r19=24 // fault number - br.sptk.many dispatch_to_fault_handler END(general_exception) .org ia64_ivt+0x5500 @@ -1125,34 +1114,7 @@ END(general_exception) // 0x5500 Entry 25 (size 16 bundles) Disabled FP-Register (35) ENTRY(disabled_fp_reg) DBG_FAULT(25) -#if 0 // TODO: can this be removed? - mov r20=pr - movl r16=0x2000000000000000 - movl r17=0x2000000000176b60 - mov r18=cr.iip - mov r19=rr[r16] - movl r22=0xe95d0439 - ;; - mov pr=r0,-1 - ;; - cmp.eq p6,p7=r22,r19 - ;; - (p6) cmp.eq p8,p9=r17,r18 - (p8) br.sptk.few floating_panic - ;; - mov pr=r20,-1 - ;; -#endif FAULT_OR_REFLECT(25) -//floating_panic: // TODO: can this be removed? -// br.sptk.many floating_panic - ;; - rsm psr.dfh // ensure we can access fph - ;; - srlz.d - mov r31=pr - mov r19=25 - br.sptk.many dispatch_to_fault_handler END(disabled_fp_reg) .org ia64_ivt+0x5600 @@ -1183,11 +1145,7 @@ END(speculation_vector) // 0x5900 Entry 29 (size 16 bundles) Debug (16,28,56) ENTRY(debug_vector) DBG_FAULT(29) -#ifdef XEN FAULT_OR_REFLECT(29) -#else - FAULT(29) -#endif END(debug_vector) .org ia64_ivt+0x5a00 diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/mm.c --- a/xen/arch/ia64/xen/mm.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/mm.c Tue Jul 17 10:20:21 2007 +0100 @@ -546,7 +546,7 @@ u64 translate_domain_pte(u64 pteval, u64 /* Ignore non-addr bits of pteval2 and force PL0->2 (PL3 is unaffected) */ return (pteval & ~_PAGE_PPN_MASK) | - (pteval2 & _PAGE_PPN_MASK) | _PAGE_PL_2; + (pteval2 & _PAGE_PPN_MASK) | _PAGE_PL_PRIV; } // given a current domain metaphysical address, return the physical address @@ -711,7 +711,8 @@ unsigned long lookup_domain_mpa(struct d p2m_entry_set(entry, NULL, __pte(0)); //XXX This is a work around until the emulation memory access to a region // where memory or device are attached is implemented. - return pte_val(pfn_pte(0, __pgprot(__DIRTY_BITS | _PAGE_PL_2 | _PAGE_AR_RWX))); + return pte_val(pfn_pte(0, __pgprot(__DIRTY_BITS | _PAGE_PL_PRIV | + _PAGE_AR_RWX))); } // FIXME: ONLY USE FOR DOMAIN PAGE_SIZE == PAGE_SIZE @@ -785,7 +786,7 @@ __assign_new_domain_page(struct domain * set_pte_rel(pte, pfn_pte(maddr >> PAGE_SHIFT, __pgprot(_PAGE_PGC_ALLOCATED | __DIRTY_BITS | - _PAGE_PL_2 | _PAGE_AR_RWX))); + _PAGE_PL_PRIV | _PAGE_AR_RWX))); smp_mb(); return p; @@ -820,7 +821,7 @@ static unsigned long static unsigned long flags_to_prot (unsigned long flags) { - unsigned long res = _PAGE_PL_2 | __DIRTY_BITS; + unsigned long res = _PAGE_PL_PRIV | __DIRTY_BITS; res |= flags & ASSIGN_readonly ? _PAGE_AR_R: _PAGE_AR_RWX; res |= flags & ASSIGN_nocache ? _PAGE_MA_UC: _PAGE_MA_WB; @@ -2020,20 +2021,6 @@ static int alloc_page_type(struct page_i return 1; } -unsigned long __get_free_pages(unsigned int mask, unsigned int order) -{ - void *p = alloc_xenheap_pages(order); - - memset(p,0,PAGE_SIZE<<order); - return (unsigned long)p; -} - -void __free_pages(struct page_info *page, unsigned int order) -{ - if (order) BUG(); - free_xenheap_page(page); -} - static int opt_p2m_xenheap; boolean_param("p2m_xenheap", opt_p2m_xenheap); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/oprofile/perfmon.c --- a/xen/arch/ia64/xen/oprofile/perfmon.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/oprofile/perfmon.c Tue Jul 17 10:20:21 2007 +0100 @@ -119,19 +119,10 @@ __exitcall(xenoprof_perfmon_exit); /////////////////////////////////////////////////////////////////////////// // glue methods for xenoprof and perfmon. int -xenoprof_arch_init(int *num_events, int *is_primary, char *cpu_type) +xenoprof_arch_init(int *num_events, char *cpu_type) { *num_events = 0; strlcpy(cpu_type, get_cpu_type(), XENOPROF_CPU_TYPE_SIZE); - - *is_primary = 0; - if (xenoprof_primary_profiler == NULL) { - /* For now, only dom0 can be the primary profiler */ - if (current->domain->domain_id == 0) { - *is_primary = 1; - } - } else if (xenoprof_primary_profiler == current->domain) - *is_primary = 1; return 0; } diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/oprofile/xenoprof.c --- a/xen/arch/ia64/xen/oprofile/xenoprof.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/oprofile/xenoprof.c Tue Jul 17 10:20:21 2007 +0100 @@ -28,20 +28,26 @@ int int xenoprofile_get_mode(struct vcpu *v, struct cpu_user_regs * const regs) { - int mode = 0; + int mode; // mode // 0: user, 1: kernel, 2: xen - // Xen/IA64 uses ring2 for kernel, and doesn't use ring1. - if (ring_2(regs)) - mode = 1; - else if (ring_0(regs)) - mode = 2; - else if (ring_1(regs)) { - gdprintk(XENLOG_ERR, "%s:%d ring1 is used!\n", __func__, __LINE__); - mode = 1;// fall back to kernel mode. + switch (ring(regs)) + { + case 3: + mode = 0; + break; + case CONFIG_CPL0_EMUL: + mode = 1; + break; + case 0: + mode = 2; + break; + default: + gdprintk(XENLOG_ERR, "%s:%d ring%d is used!\n", __func__, + __LINE__, 3 - CONFIG_CPL0_EMUL); + mode = 1; /* fall back to kernel mode. */ } - return mode; } diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/privop.c --- a/xen/arch/ia64/xen/privop.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/privop.c Tue Jul 17 10:20:21 2007 +0100 @@ -636,7 +636,7 @@ static IA64FAULT priv_handle_op(VCPU * v } if (slot_type == B && inst.generic.major == 0 && inst.B8.x6 == 0x0) { // break instr for privified cover - } else if (privlvl != 2) + } else if (privlvl > CONFIG_CPL0_EMUL) return IA64_ILLOP_FAULT; switch (slot_type) { case M: diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/vcpu.c --- a/xen/arch/ia64/xen/vcpu.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/vcpu.c Tue Jul 17 10:20:21 2007 +0100 @@ -158,7 +158,7 @@ void vcpu_init_regs(struct vcpu *v) regs->cr_ipsr &= ~(IA64_PSR_BITS_TO_CLEAR | IA64_PSR_RI | IA64_PSR_IS); // domain runs at PL2 - regs->cr_ipsr |= 2UL << IA64_PSR_CPL0_BIT; + regs->cr_ipsr = vcpu_pl_adjust(regs->cr_ipsr,IA64_PSR_CPL0_BIT); // lazy fp PSCB(v, hpsr_dfh) = 1; PSCB(v, hpsr_mfh) = 0; @@ -174,7 +174,7 @@ void vcpu_init_regs(struct vcpu *v) VCPU(v, dcr) = 0; } else { init_all_rr(v); - regs->ar_rsc |= (2 << 2); /* force PL2/3 */ + regs->ar_rsc = vcpu_pl_adjust(regs->ar_rsc, 2); VCPU(v, banknum) = 1; VCPU(v, metaphysical_mode) = 1; VCPU(v, interrupt_mask_addr) = @@ -496,7 +496,7 @@ IA64FAULT vcpu_set_psr(VCPU * vcpu, u64 PSCB(vcpu, interrupt_collection_enabled) = vpsr.ic; vcpu_set_metaphysical_mode(vcpu, !(vpsr.dt && vpsr.rt && vpsr.it)); - newpsr.cpl |= vpsr.cpl | 2; + newpsr.cpl |= max_t(u64, vpsr.cpl, CONFIG_CPL0_EMUL); if (PSCB(vcpu, banknum) != vpsr.bn) { if (vpsr.bn) @@ -535,10 +535,10 @@ u64 vcpu_get_psr(VCPU * vcpu) newpsr.ia64_psr.pp = PSCB(vcpu, vpsr_pp); /* Fool cpl. */ - if (ipsr.ia64_psr.cpl < 3) + if (ipsr.ia64_psr.cpl <= CONFIG_CPL0_EMUL) newpsr.ia64_psr.cpl = 0; else - newpsr.ia64_psr.cpl = 3; + newpsr.ia64_psr.cpl = ipsr.ia64_psr.cpl; newpsr.ia64_psr.bn = PSCB(vcpu, banknum); @@ -1646,7 +1646,7 @@ IA64FAULT vcpu_translate(VCPU * vcpu, u6 } else { *pteval = (address & _PAGE_PPN_MASK) | - __DIRTY_BITS | _PAGE_PL_2 | _PAGE_AR_RWX; + __DIRTY_BITS | _PAGE_PL_PRIV | _PAGE_AR_RWX; *itir = PAGE_SHIFT << 2; perfc_incr(phys_translate); return IA64_NO_FAULT; @@ -1709,11 +1709,13 @@ IA64FAULT vcpu_translate(VCPU * vcpu, u6 vcpu_thash(vcpu, address, iha); if (!(rr & RR_VE_MASK) || !(pta & IA64_PTA_VE)) { REGS *regs = vcpu_regs(vcpu); - // NOTE: This is specific code for linux kernel - // We assume region 7 is identity mapped - if (region == 7 && ia64_psr(regs)->cpl == 2) { + struct opt_feature* optf = &(vcpu->domain->arch.opt_feature); + + /* Optimization for identity mapped region 7 OS (linux) */ + if (optf->mask & XEN_IA64_OPTF_IDENT_MAP_REG7 && + region == 7 && ia64_psr(regs)->cpl == CONFIG_CPL0_EMUL) { pte.val = address & _PAGE_PPN_MASK; - pte.val = pte.val | pgprot_val(PAGE_KERNEL); + pte.val = pte.val | optf->im_reg7.pgprot; goto out; } return is_data ? IA64_ALT_DATA_TLB_VECTOR : @@ -1773,33 +1775,65 @@ IA64FAULT vcpu_tak(VCPU * vcpu, u64 vadr IA64FAULT vcpu_set_dbr(VCPU * vcpu, u64 reg, u64 val) { - // TODO: unimplemented DBRs return a reserved register fault - // TODO: Should set Logical CPU state, not just physical - ia64_set_dbr(reg, val); + if (reg >= IA64_NUM_DBG_REGS) + return IA64_RSVDREG_FAULT; + if ((reg & 1) == 0) { + /* Validate address. */ + if (val >= HYPERVISOR_VIRT_START && val <= HYPERVISOR_VIRT_END) + return IA64_ILLOP_FAULT; + } else { + if (!VMX_DOMAIN(vcpu)) { + /* Mask PL0. */ + val &= ~(1UL << 56); + } + } + if (val != 0) + vcpu->arch.dbg_used |= (1 << reg); + else + vcpu->arch.dbg_used &= ~(1 << reg); + vcpu->arch.dbr[reg] = val; + if (vcpu == current) + ia64_set_dbr(reg, val); return IA64_NO_FAULT; } IA64FAULT vcpu_set_ibr(VCPU * vcpu, u64 reg, u64 val) { - // TODO: unimplemented IBRs return a reserved register fault - // TODO: Should set Logical CPU state, not just physical - ia64_set_ibr(reg, val); + if (reg >= IA64_NUM_DBG_REGS) + return IA64_RSVDREG_FAULT; + if ((reg & 1) == 0) { + /* Validate address. */ + if (val >= HYPERVISOR_VIRT_START && val <= HYPERVISOR_VIRT_END) + return IA64_ILLOP_FAULT; + } else { + if (!VMX_DOMAIN(vcpu)) { + /* Mask PL0. */ + val &= ~(1UL << 56); + } + } + if (val != 0) + vcpu->arch.dbg_used |= (1 << (reg + IA64_NUM_DBG_REGS)); + else + vcpu->arch.dbg_used &= ~(1 << (reg + IA64_NUM_DBG_REGS)); + vcpu->arch.ibr[reg] = val; + if (vcpu == current) + ia64_set_ibr(reg, val); return IA64_NO_FAULT; } IA64FAULT vcpu_get_dbr(VCPU * vcpu, u64 reg, u64 * pval) { - // TODO: unimplemented DBRs return a reserved register fault - u64 val = ia64_get_dbr(reg); - *pval = val; + if (reg >= IA64_NUM_DBG_REGS) + return IA64_RSVDREG_FAULT; + *pval = vcpu->arch.dbr[reg]; return IA64_NO_FAULT; } IA64FAULT vcpu_get_ibr(VCPU * vcpu, u64 reg, u64 * pval) { - // TODO: unimplemented IBRs return a reserved register fault - u64 val = ia64_get_ibr(reg); - *pval = val; + if (reg >= IA64_NUM_DBG_REGS) + return IA64_RSVDREG_FAULT; + *pval = vcpu->arch.ibr[reg]; return IA64_NO_FAULT; } @@ -2002,8 +2036,8 @@ IA64FAULT vcpu_set_rr(VCPU * vcpu, u64 r IA64FAULT vcpu_set_rr(VCPU * vcpu, u64 reg, u64 val) { PSCB(vcpu, rrs)[reg >> 61] = val; - // warning: set_one_rr() does it "live" - set_one_rr(reg, val); + if (vcpu == current) + set_one_rr(reg, val); return IA64_NO_FAULT; } @@ -2062,8 +2096,8 @@ vcpu_set_tr_entry_rid(TR_ENTRY * trp, u6 trp->rid = rid; ps = trp->ps; new_pte.val = pte; - if (new_pte.pl < 2) - new_pte.pl = 2; + if (new_pte.pl < CONFIG_CPL0_EMUL) + new_pte.pl = CONFIG_CPL0_EMUL; trp->vadr = ifa & ~0xfff; if (ps > 12) { // "ignore" relevant low-order bits new_pte.ppn &= ~((1UL << (ps - 12)) - 1); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/vhpt.c --- a/xen/arch/ia64/xen/vhpt.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/vhpt.c Tue Jul 17 10:20:21 2007 +0100 @@ -20,8 +20,6 @@ #include <asm/vcpu.h> #include <asm/vcpumask.h> #include <asm/vmmu.h> - -extern long running_on_sim; DEFINE_PER_CPU (unsigned long, vhpt_paddr); DEFINE_PER_CPU (unsigned long, vhpt_pend); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/xenasm.S --- a/xen/arch/ia64/xen/xenasm.S Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/xenasm.S Tue Jul 17 10:20:21 2007 +0100 @@ -11,6 +11,7 @@ #include <asm/pgtable.h> #include <asm/vhpt.h> #include <asm/asm-xsi-offsets.h> +#include <asm/vmmu.h> #include <public/xen.h> // Change rr7 to the passed value while ensuring @@ -148,7 +149,7 @@ 1: // Shared info mov r24=XSI_SHIFT<<2 - movl r25=__pgprot(__DIRTY_BITS | _PAGE_PL_2 | _PAGE_AR_RW) + movl r25=__pgprot(__DIRTY_BITS | _PAGE_PL_PRIV | _PAGE_AR_RW) ;; ptr.d in3,r24 or r23=in1,r25 // construct PA | page properties diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/xenmisc.c --- a/xen/arch/ia64/xen/xenmisc.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/xenmisc.c Tue Jul 17 10:20:21 2007 +0100 @@ -33,25 +33,6 @@ void hpsim_setup(char **x) #ifdef CONFIG_SMP init_smp_config(); #endif -} - -// called from mem_init... don't think s/w I/O tlb is needed in Xen -//void swiotlb_init(void) { } ...looks like it IS needed - -long -is_platform_hp_ski(void) -{ - int i; - long cpuid[6]; - - for (i = 0; i < 5; ++i) - cpuid[i] = ia64_get_cpuid(i); - if ((cpuid[0] & 0xff) != 'H') return 0; - if ((cpuid[3] & 0xff) != 0x4) return 0; - if (((cpuid[3] >> 8) & 0xff) != 0x0) return 0; - if (((cpuid[3] >> 16) & 0xff) != 0x0) return 0; - if (((cpuid[3] >> 24) & 0x7) != 0x7) return 0; - return 1; } struct pt_regs *guest_cpu_user_regs(void) { return vcpu_regs(current); } diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/xenpatch.c --- a/xen/arch/ia64/xen/xenpatch.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/xenpatch.c Tue Jul 17 10:20:21 2007 +0100 @@ -90,25 +90,26 @@ ia64_patch_imm64 (u64 insn_addr, u64 val ia64_patch(insn_addr + 1, 0x1ffffffffffUL, val >> 22); } -extern char frametable_miss; -extern unsigned long xen_pstart; - /* * Add more patch points in seperate functions as appropriate */ static void __init xen_patch_frametable_miss(u64 offset) { +#ifdef CONFIG_VIRTUAL_FRAME_TABLE + extern char frametable_miss; u64 addr, val; addr = (u64)&frametable_miss; val = get_imm64(addr) + offset; ia64_patch_imm64(addr, val); +#endif } void __init xen_patch_kernel(void) { + extern unsigned long xen_pstart; unsigned long patch_offset; patch_offset = xen_pstart - (KERNEL_START - PAGE_OFFSET); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/xensetup.c --- a/xen/arch/ia64/xen/xensetup.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/xensetup.c Tue Jul 17 10:20:21 2007 +0100 @@ -7,7 +7,6 @@ #include <xen/config.h> #include <xen/lib.h> #include <xen/errno.h> -//#include <xen/spinlock.h> #include <xen/multiboot.h> #include <xen/sched.h> #include <xen/mm.h> @@ -43,7 +42,6 @@ int find_max_pfn (unsigned long, unsigne int find_max_pfn (unsigned long, unsigned long, void *); /* FIXME: which header these declarations should be there ? */ -extern long is_platform_hp_ski(void); extern void early_setup_arch(char **); extern void late_setup_arch(char **); extern void hpsim_serial_init(void); @@ -84,7 +82,6 @@ boolean_param("xencons_poll", opt_xencon */ unsigned int opt_xenheap_megabytes = XENHEAP_DEFAULT_MB; unsigned long xenheap_size = XENHEAP_DEFAULT_SIZE; -extern long running_on_sim; unsigned long xen_pstart; void *xen_pickle_offset __read_mostly; @@ -255,6 +252,31 @@ static void noinline init_done(void) startup_cpu_idle_loop(); } +int running_on_sim; + +static int __init +is_platform_hp_ski(void) +{ + int i; + long cpuid[6]; + + for (i = 0; i < 5; ++i) + cpuid[i] = ia64_get_cpuid(i); + + if ((cpuid[0] & 0xff) != 'H') + return 0; + if ((cpuid[3] & 0xff) != 0x4) + return 0; + if (((cpuid[3] >> 8) & 0xff) != 0x0) + return 0; + if (((cpuid[3] >> 16) & 0xff) != 0x0) + return 0; + if (((cpuid[3] >> 24) & 0x7) != 0x7) + return 0; + + return 1; +} + void __init start_kernel(void) { char *cmdline; @@ -273,9 +295,10 @@ void __init start_kernel(void) /* Be sure the struct shared_info size is <= XSI_SIZE. */ BUILD_BUG_ON(sizeof(struct shared_info) > XSI_SIZE); - running_on_sim = is_platform_hp_ski(); /* Kernel may be relocated by EFI loader */ xen_pstart = ia64_tpa(KERNEL_START); + + running_on_sim = is_platform_hp_ski(); early_setup_arch(&cmdline); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/ia64/xen/xentime.c --- a/xen/arch/ia64/xen/xentime.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/ia64/xen/xentime.c Tue Jul 17 10:20:21 2007 +0100 @@ -126,9 +126,7 @@ xen_timer_interrupt (int irq, void *dev_ new_itm = local_cpu_data->itm_next; - while (time_after(ia64_get_itc(), new_itm)) { - new_itm += local_cpu_data->itm_delta; - + while (1) { if (smp_processor_id() == TIME_KEEPER_ID) { /* * Here we are in the timer irq handler. We have irqs locally @@ -150,6 +148,10 @@ xen_timer_interrupt (int irq, void *dev_ local_cpu_data->itm_next = new_itm; + if (time_after(new_itm, ia64_get_itc())) + break; + + new_itm += local_cpu_data->itm_delta; } if (!is_idle_domain(current->domain) && !VMX_DOMAIN(current)) { diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/acpi/Makefile --- a/xen/arch/x86/acpi/Makefile Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/acpi/Makefile Tue Jul 17 10:20:21 2007 +0100 @@ -1,1 +1,2 @@ obj-y += boot.o obj-y += boot.o +obj-y += power.o suspend.o wakeup_prot.o diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/acpi/power.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/arch/x86/acpi/power.c Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,274 @@ +/* drivers/acpi/sleep/power.c - PM core functionality for Xen + * + * Copyrights from Linux side: + * Copyright (c) 2000-2003 Patrick Mochel + * Copyright (C) 2001-2003 Pavel Machek <pavel@xxxxxxx> + * Copyright (c) 2003 Open Source Development Lab + * Copyright (c) 2004 David Shaohua Li <shaohua.li@xxxxxxxxx> + * Copyright (c) 2005 Alexey Starikovskiy <alexey.y.starikovskiy@xxxxxxxxx> + * + * Slimmed with Xen specific support. + */ + +#include <xen/config.h> +#include <asm/io.h> +#include <asm/acpi.h> +#include <xen/acpi.h> +#include <xen/errno.h> +#include <xen/iocap.h> +#include <xen/sched.h> +#include <asm/acpi.h> +#include <asm/irq.h> +#include <asm/init.h> +#include <xen/spinlock.h> +#include <xen/sched.h> +#include <xen/domain.h> +#include <xen/console.h> +#include <public/platform.h> + +#define pmprintk(_l, _f, _a...) printk(_l "<PM>" _f, ## _a ) + +u8 sleep_states[ACPI_S_STATE_COUNT]; +DEFINE_SPINLOCK(pm_lock); + +struct acpi_sleep_info { + uint16_t pm1a_cnt; + uint16_t pm1b_cnt; + uint16_t pm1a_evt; + uint16_t pm1b_evt; + uint16_t pm1a_cnt_val; + uint16_t pm1b_cnt_val; + uint32_t sleep_state; +} acpi_sinfo; + +extern void do_suspend_lowlevel(void); + +static char *acpi_states[ACPI_S_STATE_COUNT] = +{ + [ACPI_STATE_S1] = "standby", + [ACPI_STATE_S3] = "mem", + [ACPI_STATE_S4] = "disk", +}; + +unsigned long acpi_video_flags; +unsigned long saved_videomode; + +/* XXX: Add suspend failure recover later */ +static int device_power_down(void) +{ + console_suspend(); + + time_suspend(); + + i8259A_suspend(); + + ioapic_suspend(); + + lapic_suspend(); + + return 0; +} + +static void device_power_up(void) +{ + lapic_resume(); + + ioapic_resume(); + + i8259A_resume(); + + time_resume(); + + console_resume(); +} + +static void freeze_domains(void) +{ + struct domain *d; + + for_each_domain(d) + if (d->domain_id != 0) + domain_pause(d); +} + +static void thaw_domains(void) +{ + struct domain *d; + + for_each_domain(d) + if (d->domain_id != 0) + domain_unpause(d); +} + +/* Main interface to do xen specific suspend/resume */ +int enter_state(u32 state) +{ + unsigned long flags; + int error; + + if (state <= ACPI_STATE_S0 || state > ACPI_S_STATES_MAX) + return -EINVAL; + + /* Sync lazy state on ths cpu */ + __sync_lazy_execstate(); + pmprintk(XENLOG_INFO, "Flush lazy state\n"); + + if (!spin_trylock(&pm_lock)) + return -EBUSY; + + freeze_domains(); + + hvm_cpu_down(); + + pmprintk(XENLOG_INFO, "PM: Preparing system for %s sleep\n", + acpi_states[state]); + + local_irq_save(flags); + + if ((error = device_power_down())) + { + printk(XENLOG_ERR "Some devices failed to power down\n"); + goto Done; + } + + ACPI_FLUSH_CPU_CACHE(); + + switch (state) + { + case ACPI_STATE_S3: + do_suspend_lowlevel(); + break; + default: + error = -EINVAL; + break; + } + + pmprintk(XENLOG_INFO, "Back to C!\n"); + + device_power_up(); + + pmprintk(XENLOG_INFO, "PM: Finishing wakeup.\n"); + + Done: + local_irq_restore(flags); + + if ( !hvm_cpu_up() ) + BUG(); + + thaw_domains(); + spin_unlock(&pm_lock); + return error; +} + +/* + * Xen just requires address of pm1x_cnt, and ACPI interpreter + * is still kept in dom0. Address of xen wakeup stub will be + * returned, and then dom0 writes that address to FACS. + */ +int set_acpi_sleep_info(struct xenpf_set_acpi_sleep *info) +{ + if (acpi_sinfo.pm1a_cnt) + pmprintk(XENLOG_WARNING, "Multiple setting on acpi sleep info\n"); + + acpi_sinfo.pm1a_cnt = info->pm1a_cnt_port; + acpi_sinfo.pm1b_cnt = info->pm1b_cnt_port; + acpi_sinfo.pm1a_evt = info->pm1a_evt_port; + acpi_sinfo.pm1b_evt = info->pm1b_evt_port; + info->xen_waking_vec = (uint64_t)bootsym_phys(wakeup_start); + + pmprintk(XENLOG_INFO, "pm1a[%x],pm1b[%x],pm1a_e[%x],pm1b_e[%x]" + "wake[%"PRIx64"]", + acpi_sinfo.pm1a_cnt, acpi_sinfo.pm1b_cnt, + acpi_sinfo.pm1a_evt, acpi_sinfo.pm1b_evt, + info->xen_waking_vec); + return 0; +} + +/* + * Dom0 issues this hypercall in place of writing pm1a_cnt. Xen then + * takes over the control and put the system into sleep state really. + * Also video flags and mode are passed here, in case user may use + * "acpi_sleep=***" for video resume. + * + * Guest may issue a two-phases write to PM1x_CNT, to work + * around poorly implemented hardware. It's better to keep + * this logic here. Two writes can be differentiated by + * enable bit setting. + */ +int acpi_enter_sleep(struct xenpf_enter_acpi_sleep *sleep) +{ + if (!IS_PRIV(current->domain) || !acpi_sinfo.pm1a_cnt) + return -EPERM; + + /* Sanity check */ + if (acpi_sinfo.pm1b_cnt_val && + ((sleep->pm1a_cnt_val ^ sleep->pm1b_cnt_val) & + ACPI_BITMASK_SLEEP_ENABLE)) + { + pmprintk(XENLOG_ERR, "Mismatched pm1a/pm1b setting\n"); + return -EINVAL; + } + + /* Write #1 */ + if (!(sleep->pm1a_cnt_val & ACPI_BITMASK_SLEEP_ENABLE)) + { + outw((u16)sleep->pm1a_cnt_val, acpi_sinfo.pm1a_cnt); + if (acpi_sinfo.pm1b_cnt) + outw((u16)sleep->pm1b_cnt_val, acpi_sinfo.pm1b_cnt); + return 0; + } + + /* Write #2 */ + acpi_sinfo.pm1a_cnt_val = sleep->pm1a_cnt_val; + acpi_sinfo.pm1b_cnt_val = sleep->pm1b_cnt_val; + acpi_sinfo.sleep_state = sleep->sleep_state; + acpi_video_flags = sleep->video_flags; + saved_videomode = sleep->video_mode; + + return enter_state(acpi_sinfo.sleep_state); +} + +static int acpi_get_wake_status(void) +{ + uint16_t val; + + /* Wake status is the 15th bit of PM1 status register. (ACPI spec 3.0) */ + val = inw(acpi_sinfo.pm1a_evt) | inw(acpi_sinfo.pm1b_evt); + val &= ACPI_BITMASK_WAKE_STATUS; + val >>= ACPI_BITPOSITION_WAKE_STATUS; + return val; +} + +/* System is really put into sleep state by this stub */ +acpi_status asmlinkage acpi_enter_sleep_state(u8 sleep_state) +{ + ACPI_FLUSH_CPU_CACHE(); + + outw((u16)acpi_sinfo.pm1a_cnt_val, acpi_sinfo.pm1a_cnt); + if (acpi_sinfo.pm1b_cnt) + outw((u16)acpi_sinfo.pm1b_cnt_val, acpi_sinfo.pm1b_cnt); + + /* Wait until we enter sleep state, and spin until we wake */ + while (!acpi_get_wake_status()); + return_ACPI_STATUS(AE_OK); +} + +static int __init acpi_sleep_init(void) +{ + int i = 0; + + pmprintk(XENLOG_INFO, "ACPI (supports"); + for (i = 0; i < ACPI_S_STATE_COUNT; i++) + { + if (i == ACPI_STATE_S3) + { + sleep_states[i] = 1; + printk(" S%d", i); + } + else + sleep_states[i] = 0; + } + printk(")\n"); + return 0; +} +__initcall(acpi_sleep_init); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/acpi/suspend.c --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/arch/x86/acpi/suspend.c Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,85 @@ +/* + * Suspend support specific for i386. + * + * Distribute under GPLv2 + * + * Copyright (c) 2002 Pavel Machek <pavel@xxxxxxx> + * Copyright (c) 2001 Patrick Mochel <mochel@xxxxxxxx> + */ +#include <xen/config.h> +#include <xen/acpi.h> +#include <xen/smp.h> +#include <asm/processor.h> +#include <asm/msr.h> +#include <asm/flushtlb.h> +#include <asm/hvm/hvm.h> +#include <asm/hvm/support.h> +#include <asm/i387.h> + +/* Following context save/restore happens on the real context + * of current vcpu, with a lazy state sync forced earlier. + */ +#if defined(CONFIG_X86_64) +unsigned long saved_lstar, saved_cstar; +#endif +void save_rest_processor_state(void) +{ + /* + * Net effect of unlazy_fpu is to set cr0.ts and thus there's no + * need to restore fpu after resume. + */ + if (!is_idle_vcpu(current)) + unlazy_fpu(current); + +#if defined(CONFIG_X86_64) + rdmsrl(MSR_CSTAR, saved_cstar); + rdmsrl(MSR_LSTAR, saved_lstar); +#endif + + bootsym(video_flags) = acpi_video_flags; + bootsym(video_mode) = saved_videomode; +} + +#define loaddebug(_v,_reg) \ + __asm__ __volatile__ ("mov %0,%%db" #_reg : : "r" ((_v)->debugreg[_reg])) + +void restore_rest_processor_state(void) +{ + int cpu = smp_processor_id(); + struct tss_struct *t = &init_tss[cpu]; + struct vcpu *v = current; + + /* Really scared by suffixed comment from Linux, and keep it for safe */ + set_tss_desc(cpu, t); /* This just modifies memory; should not be necessary. But... This is necessary, because 386 hardware has concept of busy TSS or some similar stupidity. */ + + load_TR(cpu); + +#if defined(CONFIG_X86_64) + /* Recover syscall MSRs */ + wrmsrl(MSR_LSTAR, saved_lstar); + wrmsrl(MSR_CSTAR, saved_cstar); + wrmsr(MSR_STAR, 0, (FLAT_RING3_CS32<<16) | __HYPERVISOR_CS); + wrmsr(MSR_SYSCALL_MASK, EF_VM|EF_RF|EF_NT|EF_DF|EF_IE|EF_TF, 0U); +#else /* !defined(CONFIG_X86_64) */ + if (supervisor_mode_kernel && cpu_has_sep) + wrmsr(MSR_IA32_SYSENTER_ESP, &t->esp1, 0); +#endif + + /* Maybe load the debug registers. */ + if ( !is_idle_vcpu(v) && unlikely(v->arch.guest_context.debugreg[7]) ) + { + loaddebug(&v->arch.guest_context, 0); + loaddebug(&v->arch.guest_context, 1); + loaddebug(&v->arch.guest_context, 2); + loaddebug(&v->arch.guest_context, 3); + /* no 4 and 5 */ + loaddebug(&v->arch.guest_context, 6); + loaddebug(&v->arch.guest_context, 7); + } + + /* Do we start fpu really? Just set cr0.ts to monitor it */ + stts(); + + mtrr_ap_init(); + mcheck_init(&boot_cpu_data); +} diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/acpi/wakeup_prot.S --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/arch/x86/acpi/wakeup_prot.S Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,267 @@ + .text + +#include <xen/config.h> +#include <xen/multiboot.h> +#include <public/xen.h> +#include <asm/asm_defns.h> +#include <asm/desc.h> +#include <asm/page.h> +#include <asm/msr.h> + +#if defined(__x86_64__) + + .code64 + +#define GREG(x) %r##x +#define SAVED_GREG(x) saved_r##x(%rip) +#define DECLARE_GREG(x) saved_r##x: .quad 0 +#define SAVE_GREG(x) movq GREG(x), SAVED_GREG(x) +#define LOAD_GREG(x) movq SAVED_GREG(x), GREG(x) + +#define REF(x) x(%rip) + +#define RDMSR(ind, m) \ + xorq %rdx, %rdx; \ + mov $ind, %ecx; \ + rdmsr; \ + shlq $0x20, %rdx; \ + orq %rax, %rdx; \ + movq %rdx, m(%rip); + +#define WRMSR(ind, m) \ + mov $ind, %ecx; \ + movq m(%rip), %rdx; \ + mov %edx, %eax; \ + shrq $0x20, %rdx; \ + wrmsr; + +#else /* !defined(__x86_64__) */ + + .code32 + +#define GREG(x) %e##x +#define SAVED_GREG(x) saved_e##x +#define DECLARE_GREG(x) saved_e##x: .long 0 +#define SAVE_GREG(x) movl GREG(x), SAVED_GREG(x) +#define LOAD_GREG(x) movl SAVED_GREG(x), GREG(x) + +#define REF(x) x + +#endif + +ENTRY(do_suspend_lowlevel) + + SAVE_GREG(sp) + SAVE_GREG(ax) + SAVE_GREG(bx) + SAVE_GREG(cx) + SAVE_GREG(dx) + SAVE_GREG(bp) + SAVE_GREG(si) + SAVE_GREG(di) + +#if defined(__x86_64__) + + SAVE_GREG(8) # save r8...r15 + SAVE_GREG(9) + SAVE_GREG(10) + SAVE_GREG(11) + SAVE_GREG(12) + SAVE_GREG(13) + SAVE_GREG(14) + SAVE_GREG(15) + pushfq; + popq SAVED_GREG(flags) + + mov %cr8, GREG(ax) + mov GREG(ax), REF(saved_cr8) + + RDMSR(MSR_FS_BASE, saved_fs_base) + RDMSR(MSR_GS_BASE, saved_gs_base) + RDMSR(MSR_SHADOW_GS_BASE, saved_kernel_gs_base) + +#else /* !defined(__x86_64__) */ + + pushfl; + popl SAVED_GREG(flags) + +#endif + + mov %ds, REF(saved_ds) + mov %es, REF(saved_es) + mov %fs, REF(saved_fs) + mov %gs, REF(saved_gs) + mov %ss, REF(saved_ss) + + sgdt REF(saved_gdt) + sidt REF(saved_idt) + sldt REF(saved_ldt) + + mov %cr0, GREG(ax) + mov GREG(ax), REF(saved_cr0) + + mov %cr3, GREG(ax) + mov GREG(ax), REF(saved_cr3) + + call save_rest_processor_state + +#if defined(__x86_64__) + + mov $3, %rdi + xor %eax, %eax + +#else /* !defined(__x86_64__) */ + + push $3 + +#endif + + /* enter sleep state physically */ + call acpi_enter_sleep_state + jmp __ret_point + + .align 16 + .globl __ret_point +__ret_point: + + /* mmu_cr4_features contains latest cr4 setting */ + mov REF(mmu_cr4_features), GREG(ax) + mov GREG(ax), %cr4 + + mov REF(saved_cr3), GREG(ax) + mov GREG(ax), %cr3 + + mov REF(saved_cr0), GREG(ax) + mov GREG(ax), %cr0 + + lgdt REF(saved_gdt) + lidt REF(saved_idt) + lldt REF(saved_ldt) + + mov REF(saved_ss), %ss + LOAD_GREG(sp) + +#if defined(__x86_64__) + + mov REF(saved_cr8), %rax + mov %rax, %cr8 + + pushq SAVED_GREG(flags) + popfq + + /* Idle vcpu doesn't need segment selectors reload, since + * those may contain stale value from other domains and + * reload may result page fault due to no matched gdt entry + */ + mov $(STACK_SIZE - 8), %rax + or %rsp, %rax + and $~7, %rax + mov (%rax), %rax + mov 0x10(%rax), %rax + cmpw $0x7fff, (%rax) + je 1f + + /* These selectors are from guest, and thus need reload */ + mov REF(saved_ds), %ds + mov REF(saved_es), %es + mov REF(saved_fs), %fs + + /* gs load is special */ + mov REF(saved_gs), %rsi + mov $3, %rdi # SEGBASE_GS_USER_SEL + call do_set_segment_base + +1: + # MSR restore + WRMSR(MSR_FS_BASE, saved_fs_base) + WRMSR(MSR_GS_BASE, saved_gs_base) + WRMSR(MSR_SHADOW_GS_BASE, saved_kernel_gs_base) + +#else /* !defined(__x86_64__) */ + + pushl SAVED_GREG(flags) + popfl + + /* No reload to fs/gs, which is saved in bottom stack already */ + mov REF(saved_ds), %ds + mov REF(saved_es), %es + +#endif + + call restore_rest_processor_state + + LOAD_GREG(bp) + LOAD_GREG(ax) + LOAD_GREG(bx) + LOAD_GREG(cx) + LOAD_GREG(dx) + LOAD_GREG(si) + LOAD_GREG(di) +#if defined(__x86_64__) + LOAD_GREG(8) # save r8...r15 + LOAD_GREG(9) + LOAD_GREG(10) + LOAD_GREG(11) + LOAD_GREG(12) + LOAD_GREG(13) + LOAD_GREG(14) + LOAD_GREG(15) +#endif + ret + +.data + .align 16 +saved_ds: .word 0 +saved_es: .word 0 +saved_ss: .word 0 +saved_gs: .word 0 +saved_fs: .word 0 + + .align 4 + .globl saved_magic +saved_magic: .long 0x9abcdef0 + + .align 8 +DECLARE_GREG(sp) +DECLARE_GREG(bp) +DECLARE_GREG(ax) +DECLARE_GREG(bx) +DECLARE_GREG(cx) +DECLARE_GREG(dx) +DECLARE_GREG(si) +DECLARE_GREG(di) +DECLARE_GREG(flags) + +#if defined(__x86_64__) + +DECLARE_GREG(8) +DECLARE_GREG(9) +DECLARE_GREG(10) +DECLARE_GREG(11) +DECLARE_GREG(12) +DECLARE_GREG(13) +DECLARE_GREG(14) +DECLARE_GREG(15) + +saved_gdt: .quad 0,0 +saved_idt: .quad 0,0 +saved_ldt: .quad 0,0 + +saved_cr0: .quad 0 +saved_cr3: .quad 0 +saved_cr8: .quad 0 + +saved_gs_base: .quad 0 +saved_fs_base: .quad 0 +saved_kernel_gs_base: .quad 0 + +#else /* !defined(__x86_64__) */ + +saved_gdt: .long 0,0 +saved_idt: .long 0,0 +saved_ldt: .long 0 + +saved_cr0: .long 0 +saved_cr3: .long 0 + +#endif diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/apic.c --- a/xen/arch/x86/apic.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/apic.c Tue Jul 17 10:20:21 2007 +0100 @@ -957,7 +957,7 @@ void __setup_APIC_LVTT(unsigned int cloc apic_write_around(APIC_TMICT, clocks/APIC_DIVISOR); } -static void __init setup_APIC_timer(unsigned int clocks) +static void __devinit setup_APIC_timer(unsigned int clocks) { unsigned long flags; local_irq_save(flags); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/boot/Makefile --- a/xen/arch/x86/boot/Makefile Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/boot/Makefile Tue Jul 17 10:20:21 2007 +0100 @@ -1,3 +1,4 @@ obj-y += head.o obj-y += head.o -head.o: head.S $(TARGET_SUBARCH).S trampoline.S mem.S video.S cmdline.S edd.S +head.o: head.S $(TARGET_SUBARCH).S trampoline.S mem.S video.S \ + cmdline.S edd.S wakeup.S diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/boot/head.S --- a/xen/arch/x86/boot/head.S Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/boot/head.S Tue Jul 17 10:20:21 2007 +0100 @@ -175,9 +175,11 @@ 1: stosl /* low mappings cover up #include "cmdline.S" + .align 16 .globl trampoline_start, trampoline_end trampoline_start: #include "trampoline.S" +#include "wakeup.S" trampoline_end: .text diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/boot/wakeup.S --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/xen/arch/x86/boot/wakeup.S Tue Jul 17 10:20:21 2007 +0100 @@ -0,0 +1,212 @@ + .code16 + +#undef wakesym +/* Used in real mode, to cal offset in current segment */ +#define wakesym(sym) (sym - wakeup_start) + +ENTRY(wakeup_start) + wakeup_code_start = . + + cli + cld + + # setup data segment + movw %cs, %ax + movw %ax, %ds + movw %ax, %ss # A stack required for BIOS call + movw $wakesym(wakeup_stack), %sp + + pushl $0 # Kill dangerous flag early + popfl + + # check magic number + movl wakesym(real_magic), %eax + cmpl $0x12345678, %eax + jne bogus_real_magic + + # for acpi_sleep=s3_bios + testl $1, wakesym(video_flags) + jz 1f + lcall $0xc000, $3 + movw %cs, %ax # In case messed by BIOS + movw %ax, %ds + movw %ax, %ss # Need this? How to ret if clobbered? + +1: # for acpi_sleep=s3_mode + testl $2, wakesym(video_flags) + jz 1f + movl wakesym(video_mode), %eax + call mode_setw + +1: # Show some progress if VGA is resumed + movw $0xb800, %ax + movw %ax, %fs + movw $0x0e00 + 'L', %fs:(0x10) + + # boot trampoline is under 1M, and shift its start into + # %fs to reference symbols in that area + movl $BOOT_TRAMPOLINE, %eax + shrl $4, %eax + movl %eax, %fs + lidt %fs:bootsym(idt_48) + lgdt %fs:bootsym(gdt_48) + + movw $1, %ax + lmsw %ax # Turn on CR0.PE + jmp 1f +1: ljmpl $BOOT_CS32, $bootsym_phys(wakeup_32) + +/* This code uses an extended set of video mode numbers. These include: + * Aliases for standard modes + * NORMAL_VGA (-1) + * EXTENDED_VGA (-2) + * ASK_VGA (-3) + * Video modes numbered by menu position -- NOT RECOMMENDED because of lack + * of compatibility when extending the table. These are between 0x00 and 0xff. + */ +#define VIDEO_FIRST_MENU 0x0000 + +/* Standard BIOS video modes (BIOS number + 0x0100) */ +#define VIDEO_FIRST_BIOS 0x0100 + +/* VESA BIOS video modes (VESA number + 0x0200) */ +#define VIDEO_FIRST_VESA 0x0200 + +/* Video7 special modes (BIOS number + 0x0900) */ +#define VIDEO_FIRST_V7 0x0900 + +# Setting of user mode (AX=mode ID) => CF=success +mode_setw: + movw %ax, %bx + cmpb $VIDEO_FIRST_VESA>>8, %ah + jnc check_vesaw + decb %ah + +setbadw: clc + ret + +check_vesaw: + subb $VIDEO_FIRST_VESA>>8, %bh + orw $0x4000, %bx # Use linear frame buffer + movw $0x4f02, %ax # VESA BIOS mode set call + int $0x10 + cmpw $0x004f, %ax # AL=4f if implemented + jnz _setbadw # AH=0 if OK + + stc + ret + +_setbadw: jmp setbadw + +bogus_real_magic: + movw $0x0e00 + 'B', %fs:(0x12) + jmp bogus_real_magic + + .align 4 +real_magic: .long 0x12345678 + .globl video_mode, video_flags +video_mode: .long 0 +video_flags: .long 0 + + .code32 + + # Now in protect mode, with paging disabled + # Add offset for any reference to xen specific symbols + +wakeup_32: + mov $BOOT_DS, %eax + mov %eax, %ds + mov %eax, %ss + mov $bootsym_phys(wakeup_stack), %esp + + # check saved magic again + mov $sym_phys(saved_magic), %eax + add bootsym_phys(trampoline_xen_phys_start), %eax + mov (%eax), %eax + cmp $0x9abcdef0, %eax + jne bogus_saved_magic + + /* fpu init? */ + + /* Initialise CR4. */ +#if CONFIG_PAGING_LEVELS == 2 + mov $X86_CR4_PSE, %ecx +#else + mov $X86_CR4_PAE, %ecx +#endif + mov %ecx, %cr4 + + /* Load pagetable base register */ + mov $sym_phys(idle_pg_table),%eax + add bootsym_phys(trampoline_xen_phys_start),%eax + mov %eax,%cr3 + + /* Will cpuid feature change after resume? */ +#if CONFIG_PAGING_LEVELS != 2 + /* Set up EFER (Extended Feature Enable Register). */ + mov bootsym_phys(cpuid_ext_features),%edi + test $0x20100800,%edi /* SYSCALL/SYSRET, No Execute, Long Mode? */ + jz .Lskip_eferw + movl $MSR_EFER,%ecx + rdmsr +#if CONFIG_PAGING_LEVELS == 4 + btsl $_EFER_LME,%eax /* Long Mode */ + btsl $_EFER_SCE,%eax /* SYSCALL/SYSRET */ +#endif + btl $20,%edi /* No Execute? */ + jnc 1f + btsl $_EFER_NX,%eax /* No Execute */ +1: wrmsr +.Lskip_eferw: +#endif + + wbinvd + + mov $0x80050033,%eax /* hi-to-lo: PG,AM,WP,NE,ET,MP,PE */ + mov %eax,%cr0 + jmp 1f +1: + +#if defined(__x86_64__) + + /* Now in compatibility mode. Long-jump to 64-bit mode */ + ljmp $BOOT_CS64, $bootsym_phys(wakeup_64) + + .code64 + .align 8 + .word 0,0,0 +lgdt_descr: + .word LAST_RESERVED_GDT_BYTE + .quad gdt_table - FIRST_RESERVED_GDT_BYTE + +wakeup_64: + lgdt lgdt_descr(%rip) + mov $(__HYPERVISOR_DS64), %eax + mov %eax, %ds + + # long jump to return point, with cs reload + rex64 ljmp *ret_point(%rip) + + .align 8 +ret_point: + .quad __ret_point + .word __HYPERVISOR_CS64 + +#else /* !defined(__x86_64__) */ + lgdt gdt_descr + mov $(__HYPERVISOR_DS), %eax + mov %eax, %ds + + ljmp $(__HYPERVISOR_CS), $__ret_point +#endif + +bogus_saved_magic: + movw $0x0e00 + 'S', 0xb8014 + jmp bogus_saved_magic + + .align 16 +wakeup_stack_begin: # Stack grows down + + .fill PAGE_SIZE,1,0 +wakeup_stack: # Just below end of first page in this section +ENTRY(wakeup_end) diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/cpu/common.c --- a/xen/arch/x86/cpu/common.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/cpu/common.c Tue Jul 17 10:20:21 2007 +0100 @@ -557,9 +557,6 @@ void __devinit cpu_init(void) } printk(KERN_INFO "Initializing CPU#%d\n", cpu); - if (cpu_has_vme || cpu_has_tsc || cpu_has_de) - clear_in_cr4(X86_CR4_VME|X86_CR4_PVI|X86_CR4_TSD|X86_CR4_DE); - *(unsigned short *)(&gdt_load[0]) = LAST_RESERVED_GDT_BYTE; *(unsigned long *)(&gdt_load[2]) = GDT_VIRT_START(current); __asm__ __volatile__ ( "lgdt %0" : "=m" (gdt_load) ); @@ -594,3 +591,11 @@ void __devinit cpu_init(void) /* Install correct page table. */ write_ptbase(current); } + +#ifdef CONFIG_HOTPLUG_CPU +void __cpuinit cpu_uninit(void) +{ + int cpu = raw_smp_processor_id(); + cpu_clear(cpu, cpu_initialized); +} +#endif diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/crash.c --- a/xen/arch/x86/crash.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/crash.c Tue Jul 17 10:20:21 2007 +0100 @@ -43,7 +43,7 @@ static int crash_nmi_callback(struct cpu kexec_crash_save_cpu(); disable_local_APIC(); atomic_dec(&waiting_for_crash_ipi); - hvm_disable(); + hvm_cpu_down(); for ( ; ; ) __asm__ __volatile__ ( "hlt" ); @@ -99,7 +99,7 @@ void machine_crash_shutdown(void) disable_IO_APIC(); - hvm_disable(); + hvm_cpu_down(); info = kexec_crash_save_info(); info->dom0_pfn_to_mfn_frame_list_list = diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/dmi_scan.c --- a/xen/arch/x86/dmi_scan.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/dmi_scan.c Tue Jul 17 10:20:21 2007 +0100 @@ -184,7 +184,6 @@ static __init int reset_videomode_after_ static __init int reset_videomode_after_s3(struct dmi_blacklist *d) { /* See acpi_wakeup.S */ - extern long acpi_video_flags; acpi_video_flags |= 2; return 0; } diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/domain.c --- a/xen/arch/x86/domain.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/domain.c Tue Jul 17 10:20:21 2007 +0100 @@ -43,6 +43,7 @@ #include <asm/hvm/hvm.h> #include <asm/hvm/support.h> #include <asm/msr.h> +#include <asm/nmi.h> #ifdef CONFIG_COMPAT #include <compat/vcpu.h> #endif @@ -76,10 +77,28 @@ static void default_idle(void) local_irq_enable(); } +static void play_dead(void) +{ + __cpu_disable(); + /* This must be done before dead CPU ack */ + cpu_exit_clear(); + wbinvd(); + mb(); + /* Ack it */ + __get_cpu_var(cpu_state) = CPU_DEAD; + + /* With physical CPU hotplug, we should halt the cpu. */ + local_irq_disable(); + for ( ; ; ) + halt(); +} + void idle_loop(void) { for ( ; ; ) { + if (cpu_is_offline(smp_processor_id())) + play_dead(); page_scrub_schedule_work(); default_idle(); do_softirq(); diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/domain_build.c --- a/xen/arch/x86/domain_build.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/domain_build.c Tue Jul 17 10:20:21 2007 +0100 @@ -434,8 +434,7 @@ int __init construct_dom0( #ifdef __i386__ /* Ensure that our low-memory 1:1 mapping covers the allocation. */ - page = alloc_domheap_pages(d, order, - MEMF_bits(30 + (v_start >> 31))); + page = alloc_domheap_pages(d, order, MEMF_bits(30)); #else page = alloc_domheap_pages(d, order, 0); #endif diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/domctl.c --- a/xen/arch/x86/domctl.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/domctl.c Tue Jul 17 10:20:21 2007 +0100 @@ -427,6 +427,46 @@ long arch_do_domctl( } break; + case XEN_DOMCTL_sendtrigger: + { + struct domain *d; + struct vcpu *v; + + ret = -ESRCH; + if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL ) + break; + + ret = -EINVAL; + if ( domctl->u.sendtrigger.vcpu >= MAX_VIRT_CPUS ) + goto sendtrigger_out; + + ret = -ESRCH; + if ( (v = d->vcpu[domctl->u.sendtrigger.vcpu]) == NULL ) + goto sendtrigger_out; + + switch ( domctl->u.sendtrigger.trigger ) + { + case XEN_DOMCTL_SENDTRIGGER_NMI: + { + ret = -ENOSYS; + if ( !is_hvm_domain(d) ) + break; + + ret = 0; + if ( !test_and_set_bool(v->arch.hvm_vcpu.nmi_pending) ) + vcpu_kick(v); + } + break; + + default: + ret = -ENOSYS; + } + + sendtrigger_out: + rcu_unlock_domain(d); + } + break; + default: ret = -ENOSYS; break; diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/hvm/hvm.c --- a/xen/arch/x86/hvm/hvm.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/hvm/hvm.c Tue Jul 17 10:20:21 2007 +0100 @@ -74,12 +74,6 @@ void hvm_enable(struct hvm_function_tabl hvm_funcs = *fns; hvm_enabled = 1; -} - -void hvm_disable(void) -{ - if ( hvm_enabled ) - hvm_funcs.disable(); } void hvm_stts(struct vcpu *v) diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/hvm/svm/svm.c --- a/xen/arch/x86/hvm/svm/svm.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/hvm/svm/svm.c Tue Jul 17 10:20:21 2007 +0100 @@ -94,9 +94,8 @@ static void svm_inject_exception(struct vmcb->eventinj = event; } -static void stop_svm(void) -{ - /* We turn off the EFER_SVME bit. */ +static void svm_cpu_down(void) +{ write_efer(read_efer() & ~EFER_SVME); } @@ -974,7 +973,7 @@ static int svm_event_injection_faulted(s static struct hvm_function_table svm_function_table = { .name = "SVM", - .disable = stop_svm, + .cpu_down = svm_cpu_down, .domain_initialise = svm_domain_initialise, .domain_destroy = svm_domain_destroy, .vcpu_initialise = svm_vcpu_initialise, @@ -2329,9 +2328,6 @@ static int svm_reset_to_realmode(struct /* clear the vmcb and user regs */ memset(regs, 0, sizeof(struct cpu_user_regs)); - /* VMCB Control */ - vmcb->tsc_offset = 0; - /* VMCB State */ vmcb->cr0 = X86_CR0_ET | X86_CR0_PG | X86_CR0_WP; v->arch.hvm_svm.cpu_shadow_cr0 = X86_CR0_ET; diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/hvm/svm/vmcb.c --- a/xen/arch/x86/hvm/svm/vmcb.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/hvm/svm/vmcb.c Tue Jul 17 10:20:21 2007 +0100 @@ -239,11 +239,11 @@ static int construct_vmcb(struct vcpu *v (HVM_CR4_HOST_MASK & ~X86_CR4_PAE); vmcb->exception_intercepts = HVM_TRAP_MASK; - /* No point in intercepting CR0/3/4 reads, because the hardware - * will return the guest versions anyway. */ - vmcb->cr_intercepts &= ~(CR_INTERCEPT_CR0_READ - |CR_INTERCEPT_CR3_READ - |CR_INTERCEPT_CR4_READ); + /* No point in intercepting CR3/4 reads, because the hardware + * will return the guest versions anyway. Still need to intercept + * CR0 reads to hide the changes we make to CR0.TS in the lazy-fpu + * code. */ + vmcb->cr_intercepts &= ~(CR_INTERCEPT_CR3_READ|CR_INTERCEPT_CR4_READ); /* No point in intercepting INVLPG if we don't have shadow pagetables * that need to be fixed up. */ diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/hvm/vlapic.c --- a/xen/arch/x86/hvm/vlapic.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/hvm/vlapic.c Tue Jul 17 10:20:21 2007 +0100 @@ -915,10 +915,17 @@ int vlapic_init(struct vcpu *v) int vlapic_init(struct vcpu *v) { struct vlapic *vlapic = vcpu_vlapic(v); + unsigned int memflags = 0; HVM_DBG_LOG(DBG_LEVEL_VLAPIC, "%d", v->vcpu_id); - vlapic->regs_page = alloc_domheap_page(NULL); +#ifdef __i386__ + /* 32-bit VMX may be limited to 32-bit physical addresses. */ + if ( boot_cpu_data.x86_vendor == X86_VENDOR_INTEL ) + memflags = MEMF_bits(32); +#endif + + vlapic->regs_page = alloc_domheap_pages(NULL, 0, memflags); if ( vlapic->regs_page == NULL ) { dprintk(XENLOG_ERR, "alloc vlapic regs error: %d/%d\n", diff -r c9720159b983 -r 9559ba7c80f9 xen/arch/x86/hvm/vmx/vmcs.c --- a/xen/arch/x86/hvm/vmx/vmcs.c Mon Jul 16 14:20:16 2007 -0500 +++ b/xen/arch/x86/hvm/vmx/vmcs.c Tue Jul 17 10:20:21 2007 +0100 @@ -45,7 +45,9 @@ u32 vmx_vmentry_control __read_mostly; u32 vmx_vmentry_control __read_mostly; bool_t cpu_has_vmx_ins_outs_instr_info __read_mostly; +static DEFINE_PER_CPU(struct vmcs_struct *, host_vmcs); static DEFINE_PER_CPU(struct vmcs_struct *, current_vmcs); +static DEFINE_PER_CPU(struct list_head, active_vmcs_list); static u32 vmcs_revision_id __read_mostly; @@ -64,7 +66,7 @@ static u32 adjust_vmx_controls(u32 ctl_m return ctl; } -void vmx_init_vmcs_config(void) +static void vmx_init_vmcs_config(void) { u32 vmx_msr_low, vmx_msr_high, min, opt; u32 _vmx_pin_based_exec_control; @@ -128,8 +130,9 @@ void vmx_init_vmcs_config(void) rdmsr(MSR_IA32_VMX_BASIC, vmx_msr_low, vmx_msr_high); - if ( smp_processor_id() == 0 ) - { + if ( !vmx_pin_based_exec_control ) + { + /* First time through. */ vmcs_revision_id = vmx_msr_low; vmx_pin_based_exec_control = _vmx_pin_based_exec_control; vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; @@ -140,6 +143,7 @@ void vmx_init_vmcs_config(void) } else { + /* Globals are already initialised: re-check them. */ BUG_ON(vmcs_revision_id != vmx_msr_low); BUG_ON(vmx_pin_based_exec_control != _vmx_pin_based_exec_control); BUG_ON(vmx_cpu_based_exec_control != _vmx_cpu_based_exec_control); @@ -151,6 +155,14 @@ void vmx_init_vmcs_config(void) /* IA-32 SDM Vol 3B: VMCS size is never greater than 4kB. */ BUG_ON((vmx_msr_high & 0x1fff) > PAGE_SIZE); + +#ifdef __x86_64__ + /* IA-32 SDM Vol 3B: 64-bit CPUs always have VMX_BASIC_MSR[48]==0. */ + BUG_ON(vmx_msr_high & (1u<<16)); +#endif + + /* Require Write-Back (WB) memory type for VMCS accesses. */ + BUG_ON(((vmx_msr_high >> 18) & 15) != 6); } static struct vmcs_struct *vmx_alloc_vmcs(void) @@ -177,34 +189,115 @@ static void __vmx_clear_vmcs(void *info) static void __vmx_clear_vmcs(void *info) { struct vcpu *v = info; - - __vmpclear(virt_to_maddr(v->arch.hvm_vmx.vmcs)); - - v->arch.hvm_vmx.active_cpu = -1; - v->arch.hvm_vmx.launched = 0; - - if ( v->arch.hvm_vmx.vmcs == this_cpu(current_vmcs) ) - this_cpu(current_vmcs) = NULL; + struct arch_vmx_struct *arch_vmx = &v->arch.hvm_vmx; + + /* Otherwise we can nest (vmx_cpu_down() vs. vmx_clear_vmcs()). */ + ASSERT(!local_irq_is_enabled()); + + if ( arch_vmx->active_cpu == smp_processor_id() ) + { + __vmpclear(virt_to_maddr(arch_vmx->vmcs)); + + arch_vmx->active_cpu = -1; + arch_vmx->launched = 0; + + list_del(&arch_vmx->active_list); + + if ( arch_vmx->vmcs == this_cpu(current_vmcs) ) + this_cpu(current_vmcs) = NULL; + } } static void vmx_clear_vmcs(struct vcpu *v) { int cpu = v->arch.hvm_vmx.active_cpu; - if ( cpu == -1 ) - return; - - if ( cpu == smp_processor_id() ) - return __vmx_clear_vmcs(v); - - on_selected_cpus(cpumask_of_cpu(cpu), __vmx_clear_vmcs, v, 1, 1); + if ( cpu != -1 ) + on_selected_cpus(cpumask_of_cpu(cpu), __vmx_clear_vmcs, v, 1, 1); } static void vmx_load_vmcs(struct vcpu *v) { + unsigned long flags; + + local_irq_save(flags); + + if ( v->arch.hvm_vmx.active_cpu == -1 ) + { + list_add(&v->arch.hvm_vmx.active_list, &this_cpu(active_vmcs_list)); + v->arch.hvm_vmx.active_cpu = smp_processor_id(); + } + + ASSERT(v->arch.hvm_vmx.active_cpu == smp_processor_id()); + __vmptrld(virt_to_maddr(v->arch.hvm_vmx.vmcs)); - v->arch.hvm_vmx.active_cpu = smp_processor_id(); this_cpu(current_vmcs) = v->arch.hvm_vmx.vmcs; + + local_irq_restore(flags); +} + +int vmx_cpu_up(void) +{ + u32 eax, edx; + int cpu = smp_processor_id(); + + BUG_ON(!(read_cr4() & X86_CR4_VMXE)); + + rdmsr(IA32_FEATURE_CONTROL_MSR, eax, edx); + + if ( eax & IA32_FEATURE_CONTROL_MSR_LOCK ) + { + if ( !(eax & IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON) ) + { + printk("CPU%d: VMX disabled\n", cpu); + return 0; + } + } + else + { + wrmsr(IA32_FEATURE_CONTROL_MSR, + IA32_FEATURE_CONTROL_MSR_LOCK | + IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON, 0); + } + + vmx_init_vmcs_config(); + + INIT_LIST_HEAD(&this_cpu(active_vmcs_list)); + + if ( this_cpu(host_vmcs) == NULL ) + { + this_cpu(host_vmcs) = vmx_alloc_vmcs(); + if ( this_cpu(host_vmcs) == NULL ) + { + printk("CPU%d: Could not allocate host VMCS\n", cpu); + return 0; + } + } + + if ( __vmxon(virt_to_maddr(this_cpu(host_vmcs))) ) + { + printk("CPU%d: VMXON failed\n", cpu); + return 0; + } + + return 1; +} + +void vmx_cpu_down(void) +{ + struct list_head *active_vmcs_list = &this_cpu(active_vmcs_list); + unsigned long flags; + + local_irq_save(flags); + + while ( !list_empty(active_vmcs_list) ) + __vmx_clear_vmcs(list_entry(active_vmcs_list->next, + struct vcpu, arch.hvm_vmx.active_list)); + + BUG_ON(!(read_cr4() & X86_CR4_VMXE)); + __vmxoff(); + + local_irq_restore(flags); } void vmx_vmcs_enter(struct vcpu *v) @@ -237,65 +330,27 @@ void vmx_vmcs_exit(struct vcpu *v) vcpu_unpause(v); } -struct vmcs_struct *vmx_alloc_host_vmcs(void) -{ - return vmx_alloc_vmcs(); -} - -void vmx_free_host_vmcs(struct vmcs_struct *vmcs) -{ - vmx_free_vmcs(vmcs); -} - -#define GUEST_SEGMENT_LIMIT 0xffffffff - -struct host_execution_env { - /* selectors */ - unsigned short ldtr_selector; - unsigned short tr_selector; - unsigned short ds_selector; - unsigned short cs_selector; - /* limits */ - unsigned short gdtr_limit; - unsigned short ldtr_limit; - unsigned short idtr_limit; - unsigned short tr_limit; - /* base */ - unsigned long gdtr_base; - unsigned long ldtr_base; - unsigned long idtr_base; - unsigned long tr_base; - unsigned long ds_base; - unsigned long cs_base; -#ifdef __x86_64__ - unsigned long fs_base; - unsigned long gs_base; -#endif +struct xgt_desc { + unsigned short size; + unsigned long address __attribute__((packed)); }; static void vmx_set_host_env(struct vcpu *v) { unsigned int tr, cpu; - struct host_execution_env host_env; - struct Xgt_desc_struct desc; + struct xgt_desc desc; cpu = smp_processor_id(); - __asm__ __volatile__ ("sidt (%0) \n" :: "a"(&desc) : "memory"); - host_env.idtr_limit = desc.size; - host_env.idtr_base = desc.address; - __vmwrite(HOST_IDTR_BASE, host_env.idtr_base); - - __asm__ __volatile__ ("sgdt (%0) \n" :: "a"(&desc) : "memory"); - host_env.gdtr_limit = desc.size; - host_env.gdtr_base = desc.address; - __vmwrite(HOST_GDTR_BASE, host_env.gdtr_base); - - __asm__ __volatile__ ("str (%0) \n" :: "a"(&tr) : "memory"); - host_env.tr_selector = tr; - host_env.tr_limit = sizeof(struct tss_struct); - host_env.tr_base = (unsigned long) &init_tss[cpu]; _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.