[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] merge with xen-unstable.hg



# HG changeset patch
# User Alex Williamson <alex.williamson@xxxxxx>
# Date 1186008030 21600
# Node ID d83c9d87ede41918c1d17d67560aed9852bc41d3
# Parent  77c87416fbd056dd9d5b21eed6b43ca252c725ba
# Parent  88bb0d305308a2cab31fd8559a6a2719db1ea55a
merge with xen-unstable.hg
---
 tools/blktap/drivers/blktapctrl.c                              |   44 +-
 tools/blktap/lib/blktaplib.h                                   |    4 
 tools/firmware/hvmloader/smbios.c                              |    2 
 tools/libxc/ia64/Makefile                                      |    2 
 tools/libxc/ia64/dom_fw_acpi.c                                 |   13 
 tools/python/xen/util/acmpolicy.py                             |    7 
 tools/xenstore/utils.c                                         |   80 ----
 tools/xenstore/utils.h                                         |   27 -
 tools/xenstore/xenstored_core.c                                |    9 
 tools/xenstore/xenstored_domain.c                              |    9 
 tools/xenstore/xs_tdb_dump.c                                   |    2 
 tools/xm-test/lib/XmTestLib/acm.py                             |    4 
 tools/xm-test/tests/security-acm/07_security-acm_pol_update.py |    9 
 tools/xm-test/tests/security-acm/09_security-acm_pol_update.py |    9 
 xen/arch/ia64/xen/dom_fw_common.c                              |   11 
 xen/arch/ia64/xen/dom_fw_dom0.c                                |   13 
 xen/arch/powerpc/Makefile                                      |    1 
 xen/arch/powerpc/boot_of.c                                     |  180 
+---------
 xen/arch/powerpc/domain.c                                      |    2 
 xen/arch/powerpc/domain_build.c                                |    3 
 xen/arch/powerpc/domctl.c                                      |    2 
 xen/arch/powerpc/exceptions.h                                  |    3 
 xen/arch/powerpc/memory.c                                      |    3 
 xen/arch/powerpc/mm.c                                          |    2 
 xen/arch/powerpc/oftree.h                                      |    4 
 xen/arch/powerpc/setup.c                                       |  155 +++++---
 xen/arch/powerpc/shadow.c                                      |    2 
 xen/arch/powerpc/sysctl.c                                      |    1 
 xen/arch/x86/acpi/boot.c                                       |   15 
 xen/arch/x86/domain_build.c                                    |    7 
 xen/arch/x86/hvm/instrlen.c                                    |  113 ++----
 xen/arch/x86/hvm/platform.c                                    |   14 
 xen/arch/x86/hvm/svm/intr.c                                    |   83 ++--
 xen/arch/x86/hvm/svm/svm.c                                     |   87 ++--
 xen/arch/x86/hvm/vmx/intr.c                                    |   78 +---
 xen/arch/x86/hvm/vmx/vmcs.c                                    |   17 
 xen/arch/x86/hvm/vmx/vmx.c                                     |  167 +++------
 xen/arch/x86/mm/shadow/multi.c                                 |    2 
 xen/common/libelf/libelf-dominfo.c                             |  101 +++++
 xen/common/libelf/libelf-loader.c                              |   44 ++
 xen/common/libelf/libelf-tools.c                               |   30 +
 xen/drivers/acpi/tables.c                                      |  154 ++++++++
 xen/include/asm-ia64/dom_fw_common.h                           |    1 
 xen/include/asm-powerpc/grant_table.h                          |    5 
 xen/include/asm-powerpc/mm.h                                   |    9 
 xen/include/asm-powerpc/numa.h                                 |   25 +
 xen/include/asm-powerpc/shadow.h                               |   14 
 xen/include/asm-x86/hvm/hvm.h                                  |   70 +++
 xen/include/asm-x86/hvm/svm/vmcb.h                             |    8 
 xen/include/asm-x86/hvm/vmx/vmcs.h                             |    7 
 xen/include/asm-x86/hvm/vmx/vmx.h                              |   36 --
 xen/include/public/libelf.h                                    |   76 ++--
 xen/include/xen/acpi.h                                         |    3 
 53 files changed, 965 insertions(+), 804 deletions(-)

diff -r 77c87416fbd0 -r d83c9d87ede4 tools/blktap/drivers/blktapctrl.c
--- a/tools/blktap/drivers/blktapctrl.c Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/blktap/drivers/blktapctrl.c Wed Aug 01 16:40:30 2007 -0600
@@ -42,6 +42,7 @@
 #include <errno.h>
 #include <sys/types.h>
 #include <linux/types.h>
+#include <sys/wait.h>
 #include <signal.h>
 #include <fcntl.h>
 #include <sys/poll.h>
@@ -472,11 +473,38 @@ static int read_msg(int fd, int msgtype,
 
 }
 
+int launch_tapdisk(char *wrctldev, char *rdctldev)
+{
+       char *argv[] = { "tapdisk", wrctldev, rdctldev, NULL };
+       pid_t child;
+       
+       if ((child = fork()) < 0)
+               return -1;
+
+       if (!child) {
+               int i;
+               for (i = 0 ; i < sysconf(_SC_OPEN_MAX) ; i++)
+                       if (i != STDIN_FILENO &&
+                           i != STDOUT_FILENO &&
+                           i != STDERR_FILENO)
+                               close(i);
+
+               execvp("tapdisk", argv);
+               _exit(1);
+       } else {
+               pid_t got;
+               do {
+                       got = waitpid(child, NULL, 0);
+               } while (got != child);
+       }
+       return 0;
+}
+
 int blktapctrl_new_blkif(blkif_t *blkif)
 {
        blkif_info_t *blk;
        int major, minor, fd_read, fd_write, type, new;
-       char *rdctldev, *wrctldev, *cmd, *ptr;
+       char *rdctldev, *wrctldev, *ptr;
        image_t *image;
        blkif_t *exist = NULL;
        static uint16_t next_cookie = 0;
@@ -504,12 +532,6 @@ int blktapctrl_new_blkif(blkif_t *blkif)
                                free(rdctldev);
                                return -1;
                        }
-                       if (asprintf(&cmd, "tapdisk %s %s", wrctldev, rdctldev) 
== -1) {
-                               free(rdctldev);
-                               free(wrctldev);
-                               return -1;
-                       }
-
                        blkif->fds[READ] = open_ctrl_socket(rdctldev);
                        blkif->fds[WRITE] = open_ctrl_socket(wrctldev);
                        
@@ -517,15 +539,14 @@ int blktapctrl_new_blkif(blkif_t *blkif)
                                goto fail;
 
                        /*launch the new process*/
-                       DPRINTF("Launching process, CMDLINE [%s]\n",cmd);
-                       if (system(cmd) == -1) {
-                               DPRINTF("Unable to fork, cmdline: [%s]\n",cmd);
+                       DPRINTF("Launching process, CMDLINE [tapdisk %s 
%s]\n",wrctldev, rdctldev);
+                       if (launch_tapdisk(wrctldev, rdctldev) == -1) {
+                               DPRINTF("Unable to fork, cmdline: [tapdisk %s 
%s]\n",wrctldev, rdctldev);
                                return -1;
                        }
 
                        free(rdctldev);
                        free(wrctldev);
-                       free(cmd);
                } else {
                        DPRINTF("Process exists!\n");
                        blkif->fds[READ] = exist->fds[READ];
@@ -605,7 +626,6 @@ int open_ctrl_socket(char *devname)
 {
        int ret;
        int ipc_fd;
-       char *cmd;
        fd_set socks;
        struct timeval timeout;
 
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/blktap/lib/blktaplib.h
--- a/tools/blktap/lib/blktaplib.h      Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/blktap/lib/blktaplib.h      Wed Aug 01 16:40:30 2007 -0600
@@ -169,12 +169,14 @@ typedef struct image {
        unsigned int info;
 } image_t;
 
+/* 16-byte message header, immediately followed by message payload. */
 typedef struct msg_hdr {
-       uint16_t    type;
+       uint16_t   type;
        uint16_t   len;
        uint16_t   drivertype;
        uint16_t   cookie;
        uint8_t    readonly;
+       uint8_t    pad[7];
 } msg_hdr_t;
 
 typedef struct msg_newdev {
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/firmware/hvmloader/smbios.c
--- a/tools/firmware/hvmloader/smbios.c Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/firmware/hvmloader/smbios.c Wed Aug 01 16:40:30 2007 -0600
@@ -169,7 +169,7 @@ hvm_write_smbios_tables(void)
     /* temporary variables used to build up Xen version string */
     char *p = NULL; /* points to next point of insertion */
     unsigned len = 0; /* length of string already composed */
-    char *tmp = NULL; /* holds result of itoa() */
+    char tmp[16]; /* holds result of itoa() */
     unsigned tmp_len; /* length of next string to add */
 
     hypercall_xen_version(XENVER_guest_handle, uuid);
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/libxc/ia64/Makefile
--- a/tools/libxc/ia64/Makefile Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/libxc/ia64/Makefile Wed Aug 01 16:40:30 2007 -0600
@@ -5,6 +5,8 @@ GUEST_SRCS-y += ia64/xc_ia64_linux_resto
 GUEST_SRCS-y += ia64/xc_ia64_linux_restore.c
 
 GUEST_SRCS-y += ia64/xc_dom_ia64_util.c
+GUEST_SRCS-y += ia64/dom_fw_acpi.c
+
 DOMFW_SRCS_BASE := dom_fw_common.c dom_fw_domu.c dom_fw_asm.S
 DOMFW_SRCS := $(addprefix ia64/, $(DOMFW_SRCS_BASE))
 $(DOMFW_SRCS):
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/libxc/ia64/dom_fw_acpi.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/ia64/dom_fw_acpi.c    Wed Aug 01 16:40:30 2007 -0600
@@ -0,0 +1,13 @@
+#include <inttypes.h>
+#include <xen/acpi.h>
+
+uint8_t
+generate_acpi_checksum(void *tbl, unsigned long len)
+{
+    uint8_t *ptr, sum = 0;
+
+    for ( ptr = tbl; len > 0 ; len--, ptr++ )
+        sum += *ptr;
+
+    return 0 - sum;
+}
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/python/xen/util/acmpolicy.py
--- a/tools/python/xen/util/acmpolicy.py        Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/python/xen/util/acmpolicy.py        Wed Aug 01 16:40:30 2007 -0600
@@ -818,12 +818,13 @@ class ACMPolicy(XSPolicy):
             if successful,the policy's flags will indicate that the
             policy is the one loaded into the hypervisor
         """
-        (ret, output) = commands.getstatusoutput(
+        if not self.isloaded():
+            (ret, output) = commands.getstatusoutput(
                                    security.xensec_tool +
                                    " loadpolicy " +
                                    self.get_filename(".bin"))
-        if ret != 0:
-            return -xsconstants.XSERR_POLICY_LOAD_FAILED
+            if ret != 0:
+                return -xsconstants.XSERR_POLICY_LOAD_FAILED
         return xsconstants.XSERR_SUCCESS
 
     def isloaded(self):
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/xenstore/utils.c
--- a/tools/xenstore/utils.c    Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/xenstore/utils.c    Wed Aug 01 16:40:30 2007 -0600
@@ -8,20 +8,19 @@
 #include <fcntl.h>
 #include <sys/types.h>
 #include <signal.h>
-
 #include "utils.h"
 
 void xprintf(const char *fmt, ...)
 {
-       static FILE *out = NULL;
        va_list args;
-       if (!out)
-               out = stderr;
+
+       if (!stderr)
+               return; /* could trace()? */
 
        va_start(args, fmt);
-       vfprintf(out, fmt, args);
+       vfprintf(stderr, fmt, args);
        va_end(args);
-       fflush(out);
+       fflush(stderr);
 }
 
 void barf(const char *fmt, ...)
@@ -61,72 +60,3 @@ void barf_perror(const char *fmt, ...)
        }
        exit(1);
 }
-
-void *_realloc_array(void *ptr, size_t size, size_t num)
-{
-       if (num >= SIZE_MAX/size)
-               return NULL;
-       return realloc_nofail(ptr, size * num);
-}
-
-void *realloc_nofail(void *ptr, size_t size)
-{
-       ptr = realloc(ptr, size);
-       if (ptr)
-               return ptr;
-       barf("realloc of %zu failed", size);
-}
-
-void *malloc_nofail(size_t size)
-{
-       void *ptr = malloc(size);
-       if (ptr)
-               return ptr;
-       barf("malloc of %zu failed", size);
-}
-
-/* This version adds one byte (for nul term) */
-void *grab_file(const char *filename, unsigned long *size)
-{
-       unsigned int max = 16384;
-       int ret, fd;
-       void *buffer;
-
-       if (streq(filename, "-"))
-               fd = dup(STDIN_FILENO);
-       else
-               fd = open(filename, O_RDONLY, 0);
-
-       if (fd == -1)
-               return NULL;
-
-       buffer = malloc(max+1);
-       if (!buffer)
-               goto error;
-       *size = 0;
-       while ((ret = read(fd, buffer + *size, max - *size)) > 0) {
-               *size += ret;
-               if (*size == max) {
-                       void *nbuffer;
-                       max *= 2;
-                       nbuffer = realloc(buffer, max + 1);
-                       if (!nbuffer)
-                               goto error;
-                       buffer = nbuffer;
-               }
-       }
-       if (ret < 0)
-               goto error;
-       ((char *)buffer)[*size] = '\0';
-       close(fd);
-       return buffer;
-error:
-       free(buffer);
-       close(fd);
-       return NULL;
-}
-
-void release_file(void *data, unsigned long size __attribute__((unused)))
-{
-       free(data);
-}
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/xenstore/utils.h
--- a/tools/xenstore/utils.h    Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/xenstore/utils.h    Wed Aug 01 16:40:30 2007 -0600
@@ -21,39 +21,12 @@ static inline bool strends(const char *a
 
 #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
 
-#define ___stringify(x)        #x
-#define __stringify(x)         ___stringify(x)
-
-/* Convenient wrappers for malloc and realloc.  Use them. */
-#define new(type) ((type *)malloc_nofail(sizeof(type)))
-#define new_array(type, num) realloc_array((type *)0, (num))
-#define realloc_array(ptr, num) ((__typeof__(ptr))_realloc_array((ptr), 
sizeof((*ptr)), (num)))
-
-void *malloc_nofail(size_t size);
-void *realloc_nofail(void *ptr, size_t size);
-void *_realloc_array(void *ptr, size_t size, size_t num);
-
 void barf(const char *fmt, ...) __attribute__((noreturn));
 void barf_perror(const char *fmt, ...) __attribute__((noreturn));
-
-/* This version adds one byte (for nul term) */
-void *grab_file(const char *filename, unsigned long *size);
-void release_file(void *data, unsigned long size);
-
-/* Signal handling: returns fd to listen on. */
-int signal_to_fd(int signal);
-void close_signal(int fd);
 
 void xprintf(const char *fmt, ...);
 
 #define eprintf(_fmt, _args...) xprintf("[ERR] %s" _fmt, __FUNCTION__, ##_args)
-#define iprintf(_fmt, _args...) xprintf("[INF] %s" _fmt, __FUNCTION__, ##_args)
-
-#ifdef DEBUG
-#define dprintf(_fmt, _args...) xprintf("[DBG] %s" _fmt, __FUNCTION__, ##_args)
-#else
-#define dprintf(_fmt, _args...) ((void)0)
-#endif
 
 /*
  * Mux errno values onto returned pointers.
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/xenstore/xenstored_core.c
--- a/tools/xenstore/xenstored_core.c   Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/xenstore/xenstored_core.c   Wed Aug 01 16:40:30 2007 -0600
@@ -1820,7 +1820,9 @@ int main(int argc, char *argv[])
        if (pidfile)
                write_pidfile(pidfile);
 
-       talloc_enable_leak_report_full();
+       /* Talloc leak reports go to stderr, which is closed if we fork. */
+       if (!dofork)
+               talloc_enable_leak_report_full();
 
        /* Create sockets for them to listen to. */
        sock = talloc(talloc_autofree_context(), int);
@@ -1881,6 +1883,11 @@ int main(int argc, char *argv[])
                close(STDIN_FILENO);
                close(STDOUT_FILENO);
                close(STDERR_FILENO);
+
+               /* Get ourselves a nice xenstored crash if these are used. */
+               stdin = NULL;
+               stdout = NULL;
+               stderr = NULL;
        }
 
        signal(SIGHUP, trigger_reopen_log);
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/xenstore/xenstored_domain.c
--- a/tools/xenstore/xenstored_domain.c Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/xenstore/xenstored_domain.c Wed Aug 01 16:40:30 2007 -0600
@@ -621,13 +621,8 @@ void domain_entry_fix(unsigned int domid
        struct domain *d;
 
        d = find_domain_by_domid(domid);
-       if (d) {
-               if ((d->nbentry += num) < 0) {
-                       eprintf("invalid domain entry number %d",
-                               d->nbentry);
-                       d->nbentry = 0;
-               }
-       }
+       if (d && ((d->nbentry += num) < 0))
+               d->nbentry = 0;
 }
 
 int domain_entry(struct connection *conn)
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/xenstore/xs_tdb_dump.c
--- a/tools/xenstore/xs_tdb_dump.c      Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/xenstore/xs_tdb_dump.c      Wed Aug 01 16:40:30 2007 -0600
@@ -4,7 +4,7 @@
 #include <fcntl.h>
 #include <stdio.h>
 #include <stdarg.h>
-
+#include <string.h>
 #include "xs_lib.h"
 #include "tdb.h"
 #include "talloc.h"
diff -r 77c87416fbd0 -r d83c9d87ede4 tools/xm-test/lib/XmTestLib/acm.py
--- a/tools/xm-test/lib/XmTestLib/acm.py        Wed Aug 01 09:40:58 2007 -0600
+++ b/tools/xm-test/lib/XmTestLib/acm.py        Wed Aug 01 16:40:30 2007 -0600
@@ -67,6 +67,10 @@ def ACMLoadPolicy(policy='xm-test'):
     if main.serverType == main.SERVER_XEN_API:
         ACMLoadPolicy_XenAPI()
     else:
+        cmd='xm dumppolicy | grep -E "^POLICY REFERENCE = ' + policy + '.$"'
+        s, o = traceCommand(cmd)
+        if o != "":
+            return
         s, o = traceCommand("xm makepolicy %s" % (policy))
         if s != 0:
             FAIL("Need to be able to do 'xm makepolicy %s' but could not" %
diff -r 77c87416fbd0 -r d83c9d87ede4 
tools/xm-test/tests/security-acm/07_security-acm_pol_update.py
--- a/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py    Wed Aug 
01 09:40:58 2007 -0600
+++ b/tools/xm-test/tests/security-acm/07_security-acm_pol_update.py    Wed Aug 
01 16:40:30 2007 -0600
@@ -12,10 +12,19 @@ from xen.util import acmpolicy, security
 from xen.util import acmpolicy, security, xsconstants
 from xen.util.acmpolicy import ACMPolicy
 from xen.xend.XendDomain import DOM0_UUID
+from XmTestLib.acm import *
 
 import commands
 import os
 import base64
+
+if not isACMEnabled():
+    SKIP("Not running this test since ACM not enabled.")
+
+try:
+    session = xapi.connect()
+except:
+    SKIP("Skipping this test since xm is not using the Xen-API.")
 
 xm_test = {}
 xm_test['policyname'] = "xm-test"
diff -r 77c87416fbd0 -r d83c9d87ede4 
tools/xm-test/tests/security-acm/09_security-acm_pol_update.py
--- a/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py    Wed Aug 
01 09:40:58 2007 -0600
+++ b/tools/xm-test/tests/security-acm/09_security-acm_pol_update.py    Wed Aug 
01 16:40:30 2007 -0600
@@ -7,6 +7,7 @@
 
 from XmTestLib import xapi
 from XmTestLib.XenAPIDomain import XmTestAPIDomain
+from XmTestLib.acm import *
 from XmTestLib import *
 from xen.xend import XendAPIConstants
 from xen.util import security, xsconstants
@@ -15,6 +16,14 @@ import base64
 import base64
 import struct
 import time
+
+if not isACMEnabled():
+    SKIP("Not running this test since ACM not enabled.")
+
+try:
+    session = xapi.connect()
+except:
+    SKIP("Skipping this test since xm is not using the Xen-API.")
 
 def typestoxml(types):
     res = ""
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/ia64/xen/dom_fw_common.c
--- a/xen/arch/ia64/xen/dom_fw_common.c Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/ia64/xen/dom_fw_common.c Wed Aug 01 16:40:30 2007 -0600
@@ -207,17 +207,6 @@ print_md(efi_memory_desc_t *md)
                printk("(%luKB)\n", size >> 10);
 }
 
-uint8_t
-generate_acpi_checksum(void *tbl, unsigned long len)
-{
-       uint8_t *ptr, sum = 0;
-
-       for (ptr = tbl; len > 0 ; len--, ptr++)
-               sum += *ptr;
-
-       return 0 - sum;
-}
-
 struct fake_acpi_tables {
        struct acpi20_table_rsdp rsdp;
        struct xsdt_descriptor_rev2 xsdt;
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/ia64/xen/dom_fw_dom0.c
--- a/xen/arch/ia64/xen/dom_fw_dom0.c   Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/ia64/xen/dom_fw_dom0.c   Wed Aug 01 16:40:30 2007 -0600
@@ -103,6 +103,7 @@ acpi_update_madt_checksum(unsigned long 
 /* base is physical address of acpi table */
 static void __init touch_acpi_table(void)
 {
+       int result;
        lsapic_nbr = 0;
 
        if (acpi_table_parse_madt(ACPI_MADT_LSAPIC, acpi_update_lsapic, 0) < 0)
@@ -110,6 +111,18 @@ static void __init touch_acpi_table(void
        if (acpi_table_parse_madt(ACPI_MADT_PLAT_INT_SRC,
                                  acpi_patch_plat_int_src, 0) < 0)
                printk("Error parsing MADT - no PLAT_INT_SRC entries\n");
+
+       result = acpi_table_disable(ACPI_SRAT);
+       if ( result == 0 )
+               printk("Success Disabling SRAT\n");
+       else if ( result != -ENOENT )
+               printk("ERROR: Failed Disabling SRAT\n");
+
+       result = acpi_table_disable(ACPI_SLIT);
+       if ( result == 0 )
+               printk("Success Disabling SLIT\n");
+       else if ( result != -ENOENT )
+               printk("ERROR: Failed Disabling SLIT\n");
 
        acpi_table_parse(ACPI_APIC, acpi_update_madt_checksum);
 
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/Makefile
--- a/xen/arch/powerpc/Makefile Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/Makefile Wed Aug 01 16:40:30 2007 -0600
@@ -27,6 +27,7 @@ obj-y += mm.o
 obj-y += mm.o
 obj-y += mpic.o
 obj-y += mpic_init.o
+obj-y += multiboot2.o
 obj-y += numa.o
 obj-y += of-devtree.o
 obj-y += of-devwalk.o
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/boot_of.c
--- a/xen/arch/powerpc/boot_of.c        Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/boot_of.c        Wed Aug 01 16:40:30 2007 -0600
@@ -22,7 +22,6 @@
 #include <xen/config.h>
 #include <xen/init.h>
 #include <xen/lib.h>
-#include <xen/multiboot.h>
 #include <xen/version.h>
 #include <xen/spinlock.h>
 #include <xen/serial.h>
@@ -30,6 +29,7 @@
 #include <xen/sched.h>
 #include <asm/page.h>
 #include <asm/io.h>
+#include <asm/boot.h>
 #include "exceptions.h"
 #include "of-devtree.h"
 #include "oftree.h"
@@ -54,7 +54,6 @@ static ulong eomem;
 #define MEM_AVAILABLE_PAGES ((32 << 20) >> PAGE_SHIFT)
 static DECLARE_BITMAP(mem_available_pages, MEM_AVAILABLE_PAGES);
 
-extern char builtin_cmdline[];
 extern struct ns16550_defaults ns16550;
 
 #undef OF_DEBUG
@@ -648,23 +647,6 @@ static ulong boot_of_mem_init(void)
     return 0;
 }
 
-static void boot_of_bootargs(multiboot_info_t *mbi)
-{
-    int rc;
-
-    if (builtin_cmdline[0] == '\0') {
-        rc = of_getprop(bof_chosen, "bootargs", builtin_cmdline,
-                CONFIG_CMDLINE_SIZE);
-        if (rc > CONFIG_CMDLINE_SIZE)
-            of_panic("bootargs[] not big enough for /chosen/bootargs\n");
-    }
-
-    mbi->flags |= MBI_CMDLINE;
-    mbi->cmdline = (ulong)builtin_cmdline;
-
-    of_printf("bootargs = %s\n", builtin_cmdline);
-}
-
 static int save_props(void *m, ofdn_t n, int pkg)
 {
     int ret;
@@ -933,8 +915,8 @@ static void __init boot_of_fix_maple(voi
         }
     }
 }
-    
-static int __init boot_of_serial(void *oft)
+
+void __init boot_of_serial(void *oft)
 {
     int n;
     int p;
@@ -1014,11 +996,9 @@ static int __init boot_of_serial(void *o
                   __func__, ns16550.irq);
         ns16550.irq = 0;
     }
-
-    return 1;
-}
-
-static int __init boot_of_rtas(module_t *mod, multiboot_info_t *mbi)
+}
+
+static int __init boot_of_rtas(void)
 {
     int rtas_node;
     int rtas_instance;
@@ -1065,14 +1045,13 @@ static int __init boot_of_rtas(module_t 
     rtas_end = mem + size;
     rtas_msr = of_msr;
 
-    mod->mod_start = rtas_base;
-    mod->mod_end = rtas_end;
     return 1;
 }
 
-static void * __init boot_of_devtree(module_t *mod, multiboot_info_t *mbi)
+void __init *boot_of_devtree(void)
 {
     void *oft;
+    ulong oft_sz = 48 * PAGE_SIZE;
     ulong alloc_sz = 32 << 10;    /* 32KiB should be plenty */
     ulong sz;
 
@@ -1100,108 +1079,9 @@ static void * __init boot_of_devtree(mod
 
     ofd_walk(oft, __func__, OFD_ROOT, /* add_hype_props */ NULL, 2);
 
-    mod->mod_start = (ulong)oft;
-    mod->mod_end = ALIGN_UP(mod->mod_start + sz, PAGE_SIZE);
-
-    if (mod->mod_end -mod->mod_start > alloc_sz)
-        of_panic("Could not fit all devtree module in 0x%lx of memory\n",
-            alloc_sz);
-
-    of_printf("%s: devtree mod @ 0x%016x - 0x%016x\n", __func__,
-              mod->mod_start, mod->mod_end);
-
-    return oft;
-}
-
-static void * __init boot_of_module(ulong r3, ulong r4, multiboot_info_t *mbi)
-{
-    static module_t mods[4];
-    ulong mod0_start;
-    ulong mod0_size;
-    static const char * sepr[] = {" -- ", " || "};
-    int sepr_index;
-    extern char dom0_start[] __attribute__ ((weak));
-    extern char dom0_size[] __attribute__ ((weak));
-    const char *p = NULL;
-    int mod;
-    void *oft;
-
-    if ((r3 > 0) && (r4 > 0)) {
-        /* was it handed to us in registers ? */
-        mod0_start = r3;
-        mod0_size = r4;
-            of_printf("%s: Dom0 was loaded and found using r3/r4:"
-                      "0x%lx[size 0x%lx]\n",
-                      __func__, mod0_start, mod0_size);
-    } else {
-        /* see if it is in the boot params */
-        p = strstr((char *)((ulong)mbi->cmdline), "dom0_start=");
-        if ( p != NULL) {
-            p += 11;
-            mod0_start = simple_strtoul(p, NULL, 0);
-
-            p = strstr((char *)((ulong)mbi->cmdline), "dom0_size=");
-            p += 10;
-            mod0_size = simple_strtoul(p, NULL, 0);
-            of_printf("%s: Dom0 was loaded and found using cmdline:"
-                      "0x%lx[size 0x%lx]\n",
-                      __func__, mod0_start, mod0_size);
-        } else if ( ((ulong)dom0_start != 0) && ((ulong)dom0_size != 0) ) {
-            /* was it linked in ? */
-        
-            mod0_start = (ulong)dom0_start;
-            mod0_size = (ulong)dom0_size;
-            of_printf("%s: Dom0 is linked in: 0x%lx[size 0x%lx]\n",
-                      __func__, mod0_start, mod0_size);
-        } else {
-            mod0_start = (ulong)_end;
-            mod0_size = 0;
-            of_printf("%s: FYI Dom0 is unknown, will be caught later\n",
-                      __func__);
-        }
-    }
-
-    if (mod0_size > 0) {
-        const char *c = (const char *)mod0_start;
-
-        of_printf("mod0: %o %c %c %c\n", c[0], c[1], c[2], c[3]);
-    }
-
-    mod = 0;
-    mods[mod].mod_start = mod0_start;
-    mods[mod].mod_end = mod0_start + mod0_size;
-
-    of_printf("%s: dom0 mod @ 0x%016x[0x%x]\n", __func__,
-              mods[mod].mod_start, mods[mod].mod_end);
-
-    /* look for delimiter: "--" or "||" */
-    for (sepr_index = 0; sepr_index < ARRAY_SIZE(sepr); sepr_index++){
-        p = strstr((char *)(ulong)mbi->cmdline, sepr[sepr_index]);
-        if (p != NULL)
-            break;
-    }
-
-    if (p != NULL) {
-        /* Xen proper should never know about the dom0 args.  */
-        *(char *)p = '\0';
-        p += strlen(sepr[sepr_index]);
-        mods[mod].string = (u32)(ulong)p;
-        of_printf("%s: dom0 mod string: %s\n", __func__, p);
-    }
-
-    ++mod;
-    if (boot_of_rtas(&mods[mod], mbi))
-        ++mod;
-
-    oft = boot_of_devtree(&mods[mod], mbi);
-    if (oft == NULL)
-        of_panic("%s: boot_of_devtree failed\n", __func__);
-
-    ++mod;
-
-    mbi->flags |= MBI_MODULES;
-    mbi->mods_count = mod;
-    mbi->mods_addr = (u32)mods;
+    oftree = (ulong)oft;
+    oftree = (ulong)oft + oft_sz;
+    oftree_len = oft_sz; 
 
     return oft;
 }
@@ -1327,15 +1207,19 @@ static int __init boot_of_cpus(void)
     return 1;
 }
 
-multiboot_info_t __init *boot_of_init(
-        ulong r3, ulong r4, ulong vec, ulong r6, ulong r7, ulong orig_msr)
-{
-    static multiboot_info_t mbi;
-    void *oft;
+void __init boot_of_init(ulong vec, ulong orig_msr)
+{
     int r;
 
     of_vec = vec;
     of_msr = orig_msr;
+
+    if (is_kernel(vec)) {
+        of_panic("Hmm.. OF[0x%lx] seems to have stepped on our image "
+                "that ranges: %p .. %p.\n",
+                vec, _start, _end);
+    }
+    of_printf("%s: _start %p _end %p\n", __func__, _start, _end);
 
     bof_chosen = of_finddevice("/chosen");
     of_getprop(bof_chosen, "stdout", &of_out, sizeof (of_out));
@@ -1346,32 +1230,20 @@ multiboot_info_t __init *boot_of_init(
               xen_compile_by(), xen_compile_domain(),
               xen_compiler(), xen_compile_date());
 
-    of_printf("%s args: 0x%lx 0x%lx 0x%lx 0x%lx 0x%lx\n"
-            "boot msr: 0x%lx\n",
-            __func__,
-            r3, r4, vec, r6, r7, orig_msr);
-
-    if (is_kernel(vec)) {
-        of_panic("Hmm.. OF[0x%lx] seems to have stepped on our image "
-                "that ranges: %p .. %p.\n",
-                vec, _start, _end);
-    }
-    of_printf("%s: _start %p _end %p 0x%lx\n", __func__, _start, _end, r6);
-
     boot_of_fix_maple();
     r = boot_of_mem_init();
     if (r == 0)
         of_panic("failure to initialize memory allocator");
-    boot_of_bootargs(&mbi);
-    oft = boot_of_module(r3, r4, &mbi);
+
+    boot_of_rtas();
     boot_of_cpus();
-    boot_of_serial(oft);
-
+}
+
+void __init boot_of_finish(void)
+{
     /* end of OF */
     of_printf("Quiescing Open Firmware ...\n");
     of_call("quiesce", 0, 0, NULL);
-
-    return &mbi;
 }
 
 /*
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/domain.c
--- a/xen/arch/powerpc/domain.c Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/domain.c Wed Aug 01 16:40:30 2007 -0600
@@ -29,7 +29,7 @@
 #include <xen/domain.h>
 #include <xen/console.h>
 #include <xen/shutdown.h>
-#include <xen/shadow.h>
+#include <xen/paging.h>
 #include <xen/mm.h>
 #include <xen/softirq.h>
 #include <asm/htab.h>
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/domain_build.c
--- a/xen/arch/powerpc/domain_build.c   Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/domain_build.c   Wed Aug 01 16:40:30 2007 -0600
@@ -26,10 +26,9 @@
 #include <xen/init.h>
 #include <xen/ctype.h>
 #include <xen/iocap.h>
-#include <xen/shadow.h>
 #include <xen/domain.h>
 #include <xen/version.h>
-#include <xen/shadow.h>
+#include <xen/paging.h>
 #include <asm/processor.h>
 #include <asm/platform.h>
 #include <asm/papr.h>
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/domctl.c
--- a/xen/arch/powerpc/domctl.c Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/domctl.c Wed Aug 01 16:40:30 2007 -0600
@@ -25,7 +25,7 @@
 #include <xen/sched.h>
 #include <xen/domain.h>
 #include <xen/guest_access.h>
-#include <xen/shadow.h>
+#include <xen/paging.h>
 #include <public/xen.h>
 #include <public/domctl.h>
 #include <public/sysctl.h>
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/exceptions.h
--- a/xen/arch/powerpc/exceptions.h     Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/exceptions.h     Wed Aug 01 16:40:30 2007 -0600
@@ -33,9 +33,6 @@ extern void ack_APIC_irq(void);
 extern void ack_APIC_irq(void);
 extern int ioapic_guest_read(unsigned long physbase, unsigned int reg, u32 
*pval);
 extern int ioapic_guest_write(unsigned long physbase, unsigned int reg, u32 
val);
-extern void __start_xen_ppc(
-    ulong r3, ulong r4, ulong r5, ulong r6, ulong r7, ulong orig_msr);
-extern  multiboot_info_t *boot_of_init(ulong r3, ulong r4, ulong vec, ulong 
r6, ulong r7, ulong orig_msr);
 
 extern void do_timer(struct cpu_user_regs *regs);
 extern void do_dec(struct cpu_user_regs *regs);
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/memory.c
--- a/xen/arch/powerpc/memory.c Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/memory.c Wed Aug 01 16:40:30 2007 -0600
@@ -21,6 +21,7 @@
 #include <xen/sched.h>
 #include <xen/mm.h>
 #include <xen/numa.h>
+#include <asm/boot.h>
 #include "of-devtree.h"
 #include "oftree.h"
 #include "rtas.h"
@@ -116,7 +117,7 @@ static void ofd_walk_mem(void *m, walk_m
     }
 }
 
-void memory_init(module_t *mod, int mcount)
+void memory_init(void)
 {
     ulong eomem;
     ulong bitmap_start = ~0UL;
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/mm.c
--- a/xen/arch/powerpc/mm.c     Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/mm.c     Wed Aug 01 16:40:30 2007 -0600
@@ -22,7 +22,7 @@
 
 #include <xen/config.h>
 #include <xen/mm.h>
-#include <xen/shadow.h>
+#include <xen/paging.h>
 #include <xen/kernel.h>
 #include <xen/sched.h>
 #include <xen/perfc.h>
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/oftree.h
--- a/xen/arch/powerpc/oftree.h Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/oftree.h Wed Aug 01 16:40:30 2007 -0600
@@ -13,7 +13,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  *
- * Copyright (C) IBM Corp. 2005
+ * Copyright IBM Corp. 2005
  *
  * Authors: Jimi Xenidis <jimix@xxxxxxxxxxxxxx>
  */
@@ -35,6 +35,4 @@ extern int firmware_image_start[0];
 extern int firmware_image_start[0];
 extern int firmware_image_size[0];
 
-extern void memory_init(module_t *mod, int mcount);
-
 #endif  /* #ifndef _OFTREE_H */
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/setup.c
--- a/xen/arch/powerpc/setup.c  Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/setup.c  Wed Aug 01 16:40:30 2007 -0600
@@ -25,7 +25,7 @@
 #include <xen/lib.h>
 #include <xen/cpumask.h>
 #include <xen/sched.h>
-#include <xen/multiboot.h>
+#include <xen/multiboot2.h>
 #include <xen/serial.h>
 #include <xen/softirq.h>
 #include <xen/console.h>
@@ -48,6 +48,7 @@
 #include <asm/delay.h>
 #include <asm/percpu.h>
 #include <asm/io.h>
+#include <asm/boot.h>
 #include "exceptions.h"
 #include "of-devtree.h"
 #include "oftree.h"
@@ -78,6 +79,17 @@ ulong oftree;
 ulong oftree;
 ulong oftree_len;
 ulong oftree_end;
+
+/* linked-in dom0: */
+extern char dom0_start[] __attribute__ ((weak));
+extern char dom0_size[] __attribute__ ((weak));
+
+char *xen_cmdline;
+char *dom0_cmdline;
+ulong dom0_addr;
+ulong dom0_len;
+ulong initrd_start;
+ulong initrd_len;
 
 uint cpu_hard_id[NR_CPUS] __initdata;
 cpumask_t cpu_present_map;
@@ -286,21 +298,15 @@ void secondary_cpu_init(int cpuid, unsig
     panic("should never get here\n");
 }
 
-static void __init __start_xen(multiboot_info_t *mbi)
-{
-    char *cmdline;
-    module_t *mod = (module_t *)((ulong)mbi->mods_addr);
-    ulong dom0_start, dom0_len;
-    ulong initrd_start, initrd_len;
-
+static void __init __start_xen(void)
+{
     memcpy(0, exception_vectors, exception_vectors_end - exception_vectors);
     synchronize_caches(0, exception_vectors_end - exception_vectors);
 
     ticks_per_usec = timebase_freq / 1000000ULL;
 
     /* Parse the command-line options. */
-    if ((mbi->flags & MBI_CMDLINE) && (mbi->cmdline != 0))
-        cmdline_parse(__va((ulong)mbi->cmdline));
+    cmdline_parse(xen_cmdline);
 
     /* we need to be able to identify this CPU early on */
     init_boot_cpu();
@@ -313,32 +319,20 @@ static void __init __start_xen(multiboot
     serial_init_preirq();
 
     init_console();
-    /* let synchronize until we really get going */
-    console_start_sync();
-
-    /* Check that we have at least one Multiboot module. */
-    if (!(mbi->flags & MBI_MODULES) || (mbi->mods_count == 0)) {
-        panic("FATAL ERROR: Require at least one Multiboot module.\n");
-    }
-
-    /* OF dev tree is the last module */
-    oftree = mod[mbi->mods_count-1].mod_start;
-    oftree_end = mod[mbi->mods_count-1].mod_end;
-    oftree_len = oftree_end - oftree;
-
-    /* remove it from consideration */
-    mod[mbi->mods_count-1].mod_start = 0;
-    mod[mbi->mods_count-1].mod_end = 0;
-    --mbi->mods_count;
-
-    if (rtas_entry) {
-        rtas_init((void *)oftree);
-        /* remove rtas module from consideration */
-        mod[mbi->mods_count-1].mod_start = 0;
-        mod[mbi->mods_count-1].mod_end = 0;
-        --mbi->mods_count;
-    }
-    memory_init(mod, mbi->mods_count);
+    console_start_sync(); /* Stay synchronous for early debugging. */
+
+    rtas_init((void *)oftree);
+
+    memory_init();
+
+    printk("xen_cmdline:  %016lx\n", (ulong)xen_cmdline);
+    printk("dom0_cmdline: %016lx\n", (ulong)dom0_cmdline);
+    printk("dom0_addr:    %016lx\n", (ulong)dom0_addr);
+    printk("dom0_len:     %016lx\n", (ulong)dom0_len);
+    printk("initrd_start: %016lx\n", (ulong)initrd_start);
+    printk("initrd_len:   %016lx\n", (ulong)initrd_len);
+
+    printk("dom0: %016llx\n", *(unsigned long long *)dom0_addr);
 
 #ifdef OF_DEBUG
     key_ofdump(0);
@@ -382,30 +376,22 @@ static void __init __start_xen(multiboot
 
     dom0->is_privileged = 1;
 
-    cmdline = (char *)(mod[0].string ? __va((ulong)mod[0].string) : NULL);
-
     /* scrub_heap_pages() requires IRQs enabled, and we're post IRQ setup... */
     local_irq_enable();
     /* Scrub RAM that is still free and so may go to an unprivileged domain. */
     scrub_heap_pages();
 
-    dom0_start = mod[0].mod_start;
-    dom0_len = mod[0].mod_end - mod[0].mod_start;
-    if (mbi->mods_count > 1) {
-        initrd_start = mod[1].mod_start;
-        initrd_len = mod[1].mod_end - mod[1].mod_start;
-    } else {
-        initrd_start = 0;
-        initrd_len = 0;
-    }
-    if (construct_dom0(dom0, dom0_start, dom0_len,
+    if ((dom0_addr == 0) || (dom0_len == 0))
+        panic("No domain 0 found.\n");
+
+    if (construct_dom0(dom0, dom0_addr, dom0_len,
                        initrd_start, initrd_len,
-                       cmdline) != 0) {
+                       dom0_cmdline) != 0) {
         panic("Could not set up DOM0 guest OS\n");
     }
 
-    init_xenheap_pages(ALIGN_UP(dom0_start, PAGE_SIZE),
-                       ALIGN_DOWN(dom0_start + dom0_len, PAGE_SIZE));
+    init_xenheap_pages(ALIGN_UP(dom0_addr, PAGE_SIZE),
+                       ALIGN_DOWN(dom0_addr + dom0_len, PAGE_SIZE));
     if (initrd_start)
         init_xenheap_pages(ALIGN_UP(initrd_start, PAGE_SIZE),
                            ALIGN_DOWN(initrd_start + initrd_len, PAGE_SIZE));
@@ -426,25 +412,74 @@ static void __init __start_xen(multiboot
     startup_cpu_idle_loop();
 }
 
+static void ofd_bootargs(void)
+{
+    static const char *sepr[] = {" -- ", " || "};
+    char *p;
+    ofdn_t chosen;
+    int sepr_index;
+    int rc;
+
+    if (builtin_cmdline[0] == '\0') {
+        chosen = ofd_node_find((void *)oftree, "/chosen");
+        rc = ofd_getprop((void *)oftree, chosen, "bootargs", builtin_cmdline,
+                         CONFIG_CMDLINE_SIZE);
+    }
+
+    /* look for delimiter: "--" or "||" */
+    for (sepr_index = 0; sepr_index < ARRAY_SIZE(sepr); sepr_index++){
+        p = strstr(builtin_cmdline, sepr[sepr_index]);
+        if (p != NULL) {
+            /* Xen proper should never know about the dom0 args.  */
+            *p = '\0';
+            p += strlen(sepr[sepr_index]);
+            dom0_cmdline = p;
+            break;
+        }
+    }
+
+    xen_cmdline = builtin_cmdline;
+}
+
+void __init __start_xen_ppc(ulong, ulong, ulong, ulong, ulong, ulong);
 void __init __start_xen_ppc(
     ulong r3, ulong r4, ulong r5, ulong r6, ulong r7, ulong orig_msr)
 {
-    multiboot_info_t *mbi = NULL;
-
     /* clear bss */
     memset(__bss_start, 0, (ulong)_end - (ulong)__bss_start);
 
-    if (r5 > 0) {
-        /* we were booted by OpenFirmware */
-        mbi = boot_of_init(r3, r4, r5, r6, r7, orig_msr);
-
+    if (r5) {
+        /* We came from Open Firmware. */
+        boot_of_init(r5, orig_msr);
+        oftree = (ulong)boot_of_devtree(); /* Copy the device tree. */
+        /* Use the device tree to find the Xen console. */
+        boot_of_serial((void *)oftree);
+        boot_of_finish(); /* End firmware. */
     } else {
-        /* booted by someone else that hopefully has a trap handler */
+        /* XXX handle flat device tree here */
         __builtin_trap();
     }
 
-    __start_xen(mbi);
-
+    ofd_bootargs();
+
+    if (r3 == MB2_BOOTLOADER_MAGIC) {
+        /* Get dom0 info from multiboot structures. */
+        parse_multiboot(r4);
+    }
+
+    if ((dom0_len == 0) && r3 && r4) {
+        /* Maybe dom0's location handed to us in registers. */
+        dom0_addr = r3;
+        dom0_len = r4;
+    }
+
+    if (dom0_len == 0) {
+        /* Dom0 had better be built in. */
+        dom0_addr = (ulong)dom0_start;
+        dom0_len = (ulong)dom0_size;
+    }
+
+    __start_xen();
 }
 
 extern void arch_get_xen_caps(xen_capabilities_info_t *info);
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/shadow.c
--- a/xen/arch/powerpc/shadow.c Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/shadow.c Wed Aug 01 16:40:30 2007 -0600
@@ -20,7 +20,7 @@
 
 #include <xen/config.h>
 #include <xen/types.h>
-#include <xen/shadow.h>
+#include <xen/paging.h>
 
 static ulong htab_calc_sdr1(ulong htab_addr, ulong log_htab_size)
 {
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/powerpc/sysctl.c
--- a/xen/arch/powerpc/sysctl.c Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/powerpc/sysctl.c Wed Aug 01 16:40:30 2007 -0600
@@ -24,7 +24,6 @@
 #include <xen/nodemask.h>
 #include <xen/sched.h>
 #include <xen/guest_access.h>
-#include <xen/shadow.h>
 #include <public/xen.h>
 #include <public/domctl.h>
 #include <public/sysctl.h>
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/acpi/boot.c
--- a/xen/arch/x86/acpi/boot.c  Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/acpi/boot.c  Wed Aug 01 16:40:30 2007 -0600
@@ -371,11 +371,18 @@ extern u32 pmtmr_ioport;
 
 #ifdef CONFIG_ACPI_SLEEP
 /* Get pm1x_cnt and pm1x_evt information for ACPI sleep */
-static int __init
+static void __init
 acpi_fadt_parse_sleep_info(struct fadt_descriptor_rev2 *fadt)
 {
+       struct acpi_table_rsdp *rsdp;
+       unsigned long rsdp_phys;
        struct facs_descriptor_rev2 *facs = NULL;
        uint64_t facs_pa;
+
+       rsdp_phys = acpi_find_rsdp();
+       if (!rsdp_phys || acpi_disabled)
+               goto bad;
+       rsdp = __va(rsdp_phys);
 
        if (fadt->revision >= FADT2_REVISION_ID) {
                /* Sanity check on FADT Rev. 2 */
@@ -432,8 +439,7 @@ acpi_fadt_parse_sleep_info(struct fadt_d
                        "FACS is shorter than ACPI spec allow: 0x%x",
                        facs->length);
 
-       if ((acpi_rsdp_rev < 2) ||
-           (facs->length < 32)) {
+       if ((rsdp->revision < 2) || (facs->length < 32)) {
                acpi_sinfo.wakeup_vector = facs_pa + 
                        offsetof(struct facs_descriptor_rev2,
                                 firmware_waking_vector);
@@ -451,10 +457,9 @@ acpi_fadt_parse_sleep_info(struct fadt_d
                acpi_sinfo.pm1a_cnt, acpi_sinfo.pm1b_cnt,
                acpi_sinfo.pm1a_evt, acpi_sinfo.pm1b_cnt,
                acpi_sinfo.wakeup_vector, acpi_sinfo.vector_width);
-       return 0;
+       return;
 bad:
        memset(&acpi_sinfo, 0, sizeof(acpi_sinfo));
-       return 0;
 }
 #endif
 
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/domain_build.c
--- a/xen/arch/x86/domain_build.c       Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/domain_build.c       Wed Aug 01 16:40:30 2007 -0600
@@ -316,6 +316,9 @@ int __init construct_dom0(
            parms.pae       ? ", PAE"  : "",
            elf_msb(&elf)   ? "msb"    : "lsb",
            elf.pstart, elf.pend);
+    if ( parms.bsd_symtab )
+        printk(" Dom0 symbol map 0x%" PRIx64 " -> 0x%" PRIx64 "\n",
+               elf.sstart, elf.send);
 
     if ( !compatible )
     {
@@ -385,7 +388,7 @@ int __init construct_dom0(
     v_start          = parms.virt_base;
     vkern_start      = parms.virt_kstart;
     vkern_end        = parms.virt_kend;
-    vinitrd_start    = round_pgup(vkern_end);
+    vinitrd_start    = round_pgup(parms.virt_end);
     vinitrd_end      = vinitrd_start + initrd_len;
     vphysmap_start   = round_pgup(vinitrd_end);
     vphysmap_end     = vphysmap_start + (nr_pages * (!is_pv_32on64_domain(d) ?
@@ -795,7 +798,7 @@ int __init construct_dom0(
 
     /* Copy the OS image and free temporary buffer. */
     elf.dest = (void*)vkern_start;
-    elf_load_binary(&elf);
+    elf_xen_dom_load_binary(&elf, &parms);
 
     if ( UNSET_ADDR != parms.virt_hypercall )
     {
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/hvm/instrlen.c
--- a/xen/arch/x86/hvm/instrlen.c       Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/hvm/instrlen.c       Wed Aug 01 16:40:30 2007 -0600
@@ -7,14 +7,6 @@
  *
  * Essentially a very, very stripped version of Keir Fraser's work in
  * x86_emulate.c.  Used for MMIO.
- */
-
-/*
- * TODO: The way in which we use hvm_instruction_length is very inefficient as
- * it now stands. It will be worthwhile to return the actual instruction buffer
- * along with the instruction length since one of the reasons we are getting
- * the instruction length is to know how many instruction bytes we need to
- * fetch.
  */
 
 #include <xen/config.h>
@@ -194,31 +186,51 @@ static uint8_t twobyte_table[256] = {
 /* 
  * insn_fetch - fetch the next byte from instruction stream
  */
-#define insn_fetch()                                                    \
-({ uint8_t _x;                                                          \
-   if ( length >= 15 )                                                  \
-       return -1;                                                       \
-   if ( inst_copy_from_guest(&_x, pc, 1) != 1 ) {                       \
-       gdprintk(XENLOG_WARNING,                                         \
-                "Cannot read from address %lx (eip %lx, mode %d)\n",    \
-                pc, org_pc, address_bytes);                             \
-       return -1;                                                       \
-   }                                                                    \
-   pc += 1;                                                             \
-   length += 1;                                                         \
-   _x;                                                                  \
+#define insn_fetch()                                                      \
+({ uint8_t _x;                                                            \
+   if ( length >= 15 )                                                    \
+       return -1;                                                         \
+   if ( inst_copy_from_guest(&_x, pc, 1) != 1 ) {                         \
+       unsigned long err;                                                 \
+       struct segment_register cs;                                        \
+       gdprintk(XENLOG_WARNING,                                           \
+                "Cannot read from address %lx (eip %lx, mode %d)\n",      \
+                pc, org_pc, address_bytes);                               \
+       err = 0; /* Must be not-present: we don't enforce reserved bits */ \
+       if ( hvm_nx_enabled(current) )                                     \
+           err |= PFEC_insn_fetch;                                        \
+       hvm_get_segment_register(current, x86_seg_cs, &cs);                \
+       if ( cs.attr.fields.dpl != 0 )                                     \
+           err |= PFEC_user_mode;                                         \
+       hvm_inject_exception(TRAP_page_fault, err, pc);                    \
+       return -1;                                                         \
+   }                                                                      \
+   if ( buf )                                                             \
+       buf[length] = _x;                                                  \
+   length += 1;                                                           \
+   pc += 1;                                                               \
+   _x;                                                                    \
 })
 
+#define insn_skip(_n) do {                      \
+    int _i;                                     \
+    for ( _i = 0; _i < (_n); _i++) {            \
+        (void) insn_fetch();                    \
+    }                                           \
+} while (0)
+
 /**
- * hvm_instruction_length - returns the current instructions length
+ * hvm_instruction_fetch - read the current instruction and return its length
  *
  * @org_pc: guest instruction pointer
- * @mode: guest operating mode
+ * @address_bytes: guest address width
+ * @buf: (optional) buffer to load actual instruction bytes into
  *
- * EXTERNAL this routine calculates the length of the current instruction
- * pointed to by org_pc.  The guest state is _not_ changed by this routine.
+ * Doesn't increment the guest's instruction pointer, but may
+ * issue faults to the guest.  Returns -1 on failure.
  */
-int hvm_instruction_length(unsigned long org_pc, int address_bytes)
+int hvm_instruction_fetch(unsigned long org_pc, int address_bytes,
+                          unsigned char *buf)
 {
     uint8_t b, d, twobyte = 0, rex_prefix = 0, modrm_reg = 0;
     unsigned int op_default, op_bytes, ad_default, ad_bytes, tmp;
@@ -317,18 +329,13 @@ done_prefixes:
             {
             case 0:
                 if ( modrm_rm == 6 ) 
-                {
-                    length += 2;
-                    pc += 2; /* skip disp16 */
-                }
+                    insn_skip(2); /* skip disp16 */
                 break;
             case 1:
-                length += 1;
-                pc += 1; /* skip disp8 */
+                insn_skip(1); /* skip disp8 */
                 break;
             case 2:
-                length += 2;
-                pc += 2; /* skip disp16 */
+                insn_skip(2); /* skip disp16 */
                 break;
             }
         }
@@ -340,33 +347,19 @@ done_prefixes:
             case 0:
                 if ( (modrm_rm == 4) && 
                      ((insn_fetch() & 7) == 5) )
-                {
-                    length += 4;
-                    pc += 4; /* skip disp32 specified by SIB.base */
-                }
+                    insn_skip(4); /* skip disp32 specified by SIB.base */
                 else if ( modrm_rm == 5 )
-                {
-                    length += 4;
-                    pc += 4; /* skip disp32 */
-                }
+                    insn_skip(4); /* skip disp32 */
                 break;
             case 1:
                 if ( modrm_rm == 4 )
-                {
-                    length += 1;
-                    pc += 1;
-                }
-                length += 1;
-                pc += 1; /* skip disp8 */
+                    insn_skip(1);
+                insn_skip(1); /* skip disp8 */
                 break;
             case 2:
                 if ( modrm_rm == 4 )
-                {
-                    length += 1;
-                    pc += 1;
-                }
-                length += 4;
-                pc += 4; /* skip disp32 */
+                    insn_skip(1);
+                insn_skip(4); /* skip disp32 */
                 break;
             }
         }
@@ -387,12 +380,10 @@ done_prefixes:
         tmp = (d & ByteOp) ? 1 : op_bytes;
         if ( tmp == 8 ) tmp = 4;
         /* NB. Immediates are sign-extended as necessary. */
-        length += tmp;
-        pc += tmp;
+        insn_skip(tmp);
         break;
     case SrcImmByte:
-        length += 1;
-        pc += 1;
+        insn_skip(1);
         break;
     }
 
@@ -402,8 +393,7 @@ done_prefixes:
     switch ( b )
     {
     case 0xa0 ... 0xa3: /* mov */
-        length += ad_bytes;
-        pc += ad_bytes; /* skip src/dst displacement */
+        insn_skip(ad_bytes); /* skip src/dst displacement */
         break;
     case 0xf6 ... 0xf7: /* Grp3 */
         switch ( modrm_reg )
@@ -412,8 +402,7 @@ done_prefixes:
             /* Special case in Grp3: test has an immediate source operand. */
             tmp = (d & ByteOp) ? 1 : op_bytes;
             if ( tmp == 8 ) tmp = 4;
-            length += tmp;
-            pc += tmp;
+            insn_skip(tmp);
             break;
         }
         break;
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/hvm/platform.c
--- a/xen/arch/x86/hvm/platform.c       Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/hvm/platform.c       Wed Aug 01 16:40:30 2007 -0600
@@ -1041,17 +1041,13 @@ void handle_mmio(unsigned long gpa)
         /* real or vm86 modes */
         address_bytes = 2;
     inst_addr = hvm_get_segment_base(v, x86_seg_cs) + regs->eip;
-    inst_len = hvm_instruction_length(inst_addr, address_bytes);
+    memset(inst, 0, MAX_INST_LEN);
+    inst_len = hvm_instruction_fetch(inst_addr, address_bytes, inst);
     if ( inst_len <= 0 )
     {
-        printk("handle_mmio: failed to get instruction length\n");
-        domain_crash_synchronous();
-    }
-
-    memset(inst, 0, MAX_INST_LEN);
-    if ( inst_copy_from_guest(inst, inst_addr, inst_len) != inst_len ) {
-        printk("handle_mmio: failed to copy instruction\n");
-        domain_crash_synchronous();
+        gdprintk(XENLOG_DEBUG, "handle_mmio: failed to get instruction\n");
+        /* hvm_instruction_fetch() will have injected a #PF; get out now */
+        return;
     }
 
     if ( mmio_decode(address_bytes, inst, mmio_op, &ad_size,
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/hvm/svm/intr.c
--- a/xen/arch/x86/hvm/svm/intr.c       Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/hvm/svm/intr.c       Wed Aug 01 16:40:30 2007 -0600
@@ -58,7 +58,7 @@ static void svm_inject_nmi(struct vcpu *
 
     event.bytes = 0;
     event.fields.v = 1;
-    event.fields.type = EVENTTYPE_NMI;
+    event.fields.type = X86_EVENTTYPE_NMI;
     event.fields.vector = 2;
 
     ASSERT(vmcb->eventinj.fields.v == 0);
@@ -72,34 +72,39 @@ static void svm_inject_extint(struct vcp
 
     event.bytes = 0;
     event.fields.v = 1;
-    event.fields.type = EVENTTYPE_INTR;
+    event.fields.type = X86_EVENTTYPE_EXT_INTR;
     event.fields.vector = vector;
 
     ASSERT(vmcb->eventinj.fields.v == 0);
     vmcb->eventinj = event;
 }
     
+static void enable_intr_window(struct vcpu *v, enum hvm_intack intr_source)
+{
+    struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
+
+    ASSERT(intr_source != hvm_intack_none);
+
+    /*
+     * Create a dummy virtual interrupt to intercept as soon as the
+     * guest can accept the real interrupt.
+     *
+     * TODO: Better NMI handling. We need a way to skip a MOV SS interrupt
+     * shadow. This is hard to do without hardware support. We should also
+     * track 'NMI blocking' from NMI injection until IRET. This can be done
+     * quite easily in software by intercepting the unblocking IRET.
+     */
+    vmcb->general1_intercepts |= GENERAL1_INTERCEPT_VINTR;
+    HVMTRACE_2D(INJ_VIRQ, v, 0x0, /*fake=*/ 1);
+    svm_inject_dummy_vintr(v);
+}
+
 asmlinkage void svm_intr_assist(void) 
 {
     struct vcpu *v = current;
     struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
     enum hvm_intack intr_source;
     int intr_vector;
-
-    /*
-     * Previous event delivery caused this intercept?
-     * This will happen if the injection is latched by the processor (hence
-     * clearing vintr.fields.irq or eventinj.v) but then subsequently a fault
-     * occurs (e.g., due to lack of shadow mapping of guest IDT or guest-kernel
-     * stack).
-     */
-    if ( vmcb->exitintinfo.fields.v )
-    {
-        vmcb->eventinj = vmcb->exitintinfo;
-        vmcb->exitintinfo.bytes = 0;
-        HVMTRACE_1D(REINJ_VIRQ, v, intr_vector);
-        return;
-    }
 
     /* Crank the handle on interrupt state. */
     pt_update_irq(v);
@@ -111,32 +116,23 @@ asmlinkage void svm_intr_assist(void)
             return;
 
         /*
-         * If the guest can't take an interrupt right now, create a 'fake'
-         * virtual interrupt on to intercept as soon as the guest _can_ take
-         * interrupts.  Do not obtain the next interrupt from the vlapic/pic
-         * if unable to inject.
-         *
-         * Also do this if there is an injection already pending. This is
-         * because the event delivery can arbitrarily delay the injection
-         * of the vintr (for example, if the exception is handled via an
-         * interrupt gate, hence zeroing RFLAGS.IF). In the meantime:
-         * - the vTPR could be modified upwards, so we need to wait until the
-         *   exception is delivered before we can safely decide that an
-         *   interrupt is deliverable; and
-         * - the guest might look at the APIC/PIC state, so we ought not to
-         *   have cleared the interrupt out of the IRR.
-         *
-         * TODO: Better NMI handling. We need a way to skip a MOV SS interrupt
-         * shadow. This is hard to do without hardware support. We should also
-         * track 'NMI blocking' from NMI injection until IRET. This can be done
-         * quite easily in software by intercepting the unblocking IRET.
+         * Pending IRQs must be delayed if:
+         * 1. An event is already pending. This is despite the fact that SVM
+         *    provides a VINTR delivery method quite separate from the EVENTINJ
+         *    mechanism. The event delivery can arbitrarily delay the injection
+         *    of the vintr (for example, if the exception is handled via an
+         *    interrupt gate, hence zeroing RFLAGS.IF). In the meantime:
+         *    - the vTPR could be modified upwards, so we need to wait until
+         *      the exception is delivered before we can safely decide that an
+         *      interrupt is deliverable; and
+         *    - the guest might look at the APIC/PIC state, so we ought not to
+         *      have cleared the interrupt out of the IRR.
+         * 2. The IRQ is masked.
          */
-        if ( !hvm_interrupts_enabled(v, intr_source) ||
-             vmcb->eventinj.fields.v )
+        if ( unlikely(vmcb->eventinj.fields.v) ||
+             !hvm_interrupts_enabled(v, intr_source) )
         {
-            vmcb->general1_intercepts |= GENERAL1_INTERCEPT_VINTR;
-            HVMTRACE_2D(INJ_VIRQ, v, 0x0, /*fake=*/ 1);
-            svm_inject_dummy_vintr(v);
+            enable_intr_window(v, intr_source);
             return;
         }
     } while ( !hvm_vcpu_ack_pending_irq(v, intr_source, &intr_vector) );
@@ -151,6 +147,11 @@ asmlinkage void svm_intr_assist(void)
         svm_inject_extint(v, intr_vector);
         pt_intr_post(v, intr_vector, intr_source);
     }
+
+    /* Is there another IRQ to queue up behind this one? */
+    intr_source = hvm_vcpu_has_pending_irq(v);
+    if ( unlikely(intr_source != hvm_intack_none) )
+        enable_intr_window(v, intr_source);
 }
 
 /*
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/hvm/svm/svm.c
--- a/xen/arch/x86/hvm/svm/svm.c        Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/hvm/svm/svm.c        Wed Aug 01 16:40:30 2007 -0600
@@ -71,8 +71,8 @@ static void *root_vmcb[NR_CPUS] __read_m
 /* hardware assisted paging bits */
 extern int opt_hap_enabled;
 
-static void svm_inject_exception(struct vcpu *v, int trap, 
-                                        int ev, int error_code)
+static void svm_inject_exception(
+    struct vcpu *v, int trap, int ev, int error_code)
 {
     eventinj_t event;
     struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
@@ -84,13 +84,11 @@ static void svm_inject_exception(struct 
 
     event.bytes = 0;            
     event.fields.v = 1;
-    event.fields.type = EVENTTYPE_EXCEPTION;
+    event.fields.type = X86_EVENTTYPE_HW_EXCEPTION;
     event.fields.vector = trap;
     event.fields.ev = ev;
     event.fields.errorcode = error_code;
 
-    ASSERT(vmcb->eventinj.fields.v == 0);
-    
     vmcb->eventinj = event;
 }
 
@@ -362,21 +360,14 @@ int svm_vmcb_save(struct vcpu *v, struct
     c->sysenter_esp = vmcb->sysenter_esp;
     c->sysenter_eip = vmcb->sysenter_eip;
 
-    /* Save any event/interrupt that was being injected when we last exited. */
-    if ( vmcb->exitintinfo.fields.v )
-    {
-        c->pending_event = vmcb->exitintinfo.bytes & 0xffffffff;
-        c->error_code = vmcb->exitintinfo.fields.errorcode;
-    }
-    else if ( vmcb->eventinj.fields.v ) 
-    {
-        c->pending_event = vmcb->eventinj.bytes & 0xffffffff;
+    c->pending_event = 0;
+    c->error_code = 0;
+    if ( vmcb->eventinj.fields.v &&
+         hvm_event_needs_reinjection(vmcb->eventinj.fields.type,
+                                     vmcb->eventinj.fields.vector) )
+    {
+        c->pending_event = (uint32_t)vmcb->eventinj.bytes;
         c->error_code = vmcb->eventinj.fields.errorcode;
-    }
-    else 
-    {
-        c->pending_event = 0;
-        c->error_code = 0;
     }
 
     return 1;
@@ -495,11 +486,11 @@ int svm_vmcb_restore(struct vcpu *v, str
     vmcb->sysenter_esp = c->sysenter_esp;
     vmcb->sysenter_eip = c->sysenter_eip;
 
-    /* update VMCB for nested paging restore */
-    if ( paging_mode_hap(v->domain) ) {
+    if ( paging_mode_hap(v->domain) )
+    {
         vmcb->cr0 = v->arch.hvm_svm.cpu_shadow_cr0;
-        vmcb->cr4 = v->arch.hvm_svm.cpu_shadow_cr4 |
-                    (HVM_CR4_HOST_MASK & ~X86_CR4_PAE);
+        vmcb->cr4 = (v->arch.hvm_svm.cpu_shadow_cr4 |
+                     (HVM_CR4_HOST_MASK & ~X86_CR4_PAE));
         vmcb->cr3 = c->cr3;
         vmcb->np_enable = 1;
         vmcb->g_pat = 0x0007040600070406ULL; /* guest PAT */
@@ -514,26 +505,23 @@ int svm_vmcb_restore(struct vcpu *v, str
         gdprintk(XENLOG_INFO, "Re-injecting 0x%"PRIx32", 0x%"PRIx32"\n",
                  c->pending_event, c->error_code);
 
-        /* VMX uses a different type for #OF and #BP; fold into "Exception"  */
-        if ( c->pending_type == 6 ) 
-            c->pending_type = 3;
-        /* Sanity check */
-        if ( c->pending_type == 1 || c->pending_type > 4 
-             || c->pending_reserved != 0 )
+        if ( (c->pending_type == 1) || (c->pending_type > 6) ||
+             (c->pending_reserved != 0) )
         {
             gdprintk(XENLOG_ERR, "Invalid pending event 0x%"PRIx32"\n", 
                      c->pending_event);
             return -EINVAL;
         }
-        /* Put this pending event in exitintinfo and svm_intr_assist()
-         * will reinject it when we return to the guest. */
-        vmcb->exitintinfo.bytes = c->pending_event;
-        vmcb->exitintinfo.fields.errorcode = c->error_code;
+
+        if ( hvm_event_needs_reinjection(c->pending_type, c->pending_vector) )
+        {
+            vmcb->eventinj.bytes = c->pending_event;
+            vmcb->eventinj.fields.errorcode = c->error_code;
+        }
     }
 
     paging_update_paging_modes(v);
-    /* signal paging update to ASID handler */
-    svm_asid_g_update_paging (v);
+    svm_asid_g_update_paging(v);
 
     return 0;
  
@@ -965,10 +953,10 @@ static void svm_hvm_inject_exception(
     svm_inject_exception(v, trapnr, (errcode != -1), errcode);
 }
 
-static int svm_event_injection_faulted(struct vcpu *v)
-{
-    struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
-    return vmcb->exitintinfo.fields.v;
+static int svm_event_pending(struct vcpu *v)
+{
+    struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
+    return vmcb->eventinj.fields.v;
 }
 
 static struct hvm_function_table svm_function_table = {
@@ -1000,7 +988,7 @@ static struct hvm_function_table svm_fun
     .inject_exception     = svm_hvm_inject_exception,
     .init_ap_context      = svm_init_ap_context,
     .init_hypercall_page  = svm_init_hypercall_page,
-    .event_injection_faulted = svm_event_injection_faulted
+    .event_pending        = svm_event_pending
 };
 
 static void svm_npt_detect(void)
@@ -1667,6 +1655,17 @@ static int svm_set_cr0(unsigned long val
     unsigned long old_base_mfn;
   
     HVM_DBG_LOG(DBG_LEVEL_VMMU, "Update CR0 value = %lx", value);
+
+    if ( (u32)value != value )
+    {
+        HVM_DBG_LOG(DBG_LEVEL_1,
+                    "Guest attempts to set upper 32 bits in CR0: %lx",
+                    value);
+        svm_inject_exception(v, TRAP_gp_fault, 1, 0);
+        return 0;
+    }
+
+    value &= ~HVM_CR0_GUEST_RESERVED_BITS;
 
     /* ET is reserved and should be always be 1. */
     value |= X86_CR0_ET;
@@ -2420,6 +2419,7 @@ asmlinkage void svm_vmexit_handler(struc
     unsigned long eip;
     struct vcpu *v = current;
     struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
+    eventinj_t eventinj;
     int inst_len, rc;
 
     exit_reason = vmcb->exitcode;
@@ -2434,6 +2434,13 @@ asmlinkage void svm_vmexit_handler(struc
 
     perfc_incra(svmexits, exit_reason);
     eip = vmcb->rip;
+
+    /* Event delivery caused this intercept? Queue for redelivery. */
+    eventinj = vmcb->exitintinfo;
+    if ( unlikely(eventinj.fields.v) &&
+         hvm_event_needs_reinjection(eventinj.fields.type,
+                                     eventinj.fields.vector) )
+        vmcb->eventinj = eventinj;
 
     switch ( exit_reason )
     {
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/hvm/vmx/intr.c
--- a/xen/arch/x86/hvm/vmx/intr.c       Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/hvm/vmx/intr.c       Wed Aug 01 16:40:30 2007 -0600
@@ -76,10 +76,9 @@ static void enable_intr_window(struct vc
     u32 *cpu_exec_control = &v->arch.hvm_vmx.exec_control;
     u32 ctl = CPU_BASED_VIRTUAL_INTR_PENDING;
 
-    if ( unlikely(intr_source == hvm_intack_none) )
-        return;
+    ASSERT(intr_source != hvm_intack_none);
 
-    if ( unlikely(intr_source == hvm_intack_nmi) && cpu_has_vmx_vnmi )
+    if ( (intr_source == hvm_intack_nmi) && cpu_has_vmx_vnmi )
     {
         /*
          * We set MOV-SS blocking in lieu of STI blocking when delivering an
@@ -131,68 +130,27 @@ asmlinkage void vmx_intr_assist(void)
     int intr_vector;
     enum hvm_intack intr_source;
     struct vcpu *v = current;
-    unsigned int idtv_info_field;
-    unsigned long inst_len;
+    unsigned int intr_info;
 
+    /* Crank the handle on interrupt state. */
     pt_update_irq(v);
-
     hvm_set_callback_irq_level();
-
-    update_tpr_threshold(vcpu_vlapic(v));
 
     do {
         intr_source = hvm_vcpu_has_pending_irq(v);
+        if ( likely(intr_source == hvm_intack_none) )
+            goto out;
 
-        if ( unlikely(v->arch.hvm_vmx.vector_injected) )
-        {
-            v->arch.hvm_vmx.vector_injected = 0;
-            enable_intr_window(v, intr_source);
-            return;
-        }
-
-        /* This could be moved earlier in the VMX resume sequence. */
-        idtv_info_field = __vmread(IDT_VECTORING_INFO_FIELD);
-        if ( unlikely(idtv_info_field & INTR_INFO_VALID_MASK) )
-        {
-            /* See SDM 3B 25.7.1.1 and .2 for info about masking resvd bits. */
-            __vmwrite(VM_ENTRY_INTR_INFO_FIELD,
-                      idtv_info_field & ~INTR_INFO_RESVD_BITS_MASK);
-
-            /*
-             * Safe: the length will only be interpreted for software
-             * exceptions and interrupts. If we get here then delivery of some
-             * event caused a fault, and this always results in defined
-             * VM_EXIT_INSTRUCTION_LEN.
-             */
-            inst_len = __vmread(VM_EXIT_INSTRUCTION_LEN); /* Safe */
-            __vmwrite(VM_ENTRY_INSTRUCTION_LEN, inst_len);
-
-            if ( unlikely(idtv_info_field & 0x800) ) /* valid error code */
-                __vmwrite(VM_ENTRY_EXCEPTION_ERROR_CODE,
-                          __vmread(IDT_VECTORING_ERROR_CODE));
-
-            /*
-             * Clear NMI-blocking interruptibility info if an NMI delivery
-             * faulted. Re-delivery will re-set it (see SDM 3B 25.7.1.2).
-             */
-            if ( (idtv_info_field&INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI )
-                __vmwrite(GUEST_INTERRUPTIBILITY_INFO,
-                          __vmread(GUEST_INTERRUPTIBILITY_INFO) &
-                          ~VMX_INTR_SHADOW_NMI);
-
-            enable_intr_window(v, intr_source);
-
-            HVM_DBG_LOG(DBG_LEVEL_1, "idtv_info_field=%x", idtv_info_field);
-            return;
-        }
-
-        if ( likely(intr_source == hvm_intack_none) )
-            return;
-
-        if ( !hvm_interrupts_enabled(v, intr_source) )
+        /*
+         * An event is already pending or the pending interrupt is masked?
+         * Then the pending interrupt must be delayed.
+         */
+        intr_info = __vmread(VM_ENTRY_INTR_INFO);
+        if ( unlikely(intr_info & INTR_INFO_VALID_MASK) ||
+             !hvm_interrupts_enabled(v, intr_source) )
         {
             enable_intr_window(v, intr_source);
-            return;
+            goto out;
         }
     } while ( !hvm_vcpu_ack_pending_irq(v, intr_source, &intr_vector) );
 
@@ -206,6 +164,14 @@ asmlinkage void vmx_intr_assist(void)
         vmx_inject_extint(v, intr_vector);
         pt_intr_post(v, intr_vector, intr_source);
     }
+
+    /* Is there another IRQ to queue up behind this one? */
+    intr_source = hvm_vcpu_has_pending_irq(v);
+    if ( unlikely(intr_source != hvm_intack_none) )
+        enable_intr_window(v, intr_source);
+
+ out:
+    update_tpr_threshold(vcpu_vlapic(v));
 }
 
 /*
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/hvm/vmx/vmcs.c
--- a/xen/arch/x86/hvm/vmx/vmcs.c       Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/hvm/vmx/vmcs.c       Wed Aug 01 16:40:30 2007 -0600
@@ -240,8 +240,23 @@ int vmx_cpu_up(void)
 {
     u32 eax, edx;
     int cpu = smp_processor_id();
+    u64 cr0, vmx_cr0_fixed0, vmx_cr0_fixed1;
 
     BUG_ON(!(read_cr4() & X86_CR4_VMXE));
+
+    /* 
+     * Ensure the current processor operating mode meets 
+     * the requred CRO fixed bits in VMX operation. 
+     */
+    cr0 = read_cr0();
+    rdmsrl(MSR_IA32_VMX_CR0_FIXED0, vmx_cr0_fixed0);
+    rdmsrl(MSR_IA32_VMX_CR0_FIXED1, vmx_cr0_fixed1);
+    if ( (~cr0 & vmx_cr0_fixed0) || (cr0 & ~vmx_cr0_fixed1) )
+    {
+        printk("CPU%d: some settings of host CR0 are " 
+               "not allowed in VMX operation.\n", cpu);
+        return 0;
+    }
 
     rdmsr(IA32_FEATURE_CONTROL_MSR, eax, edx);
 
@@ -418,7 +433,7 @@ static void construct_vmcs(struct vcpu *
     __vmwrite(VM_EXIT_MSR_LOAD_COUNT, 0);
     __vmwrite(VM_ENTRY_MSR_LOAD_COUNT, 0);
 
-    __vmwrite(VM_ENTRY_INTR_INFO_FIELD, 0);
+    __vmwrite(VM_ENTRY_INTR_INFO, 0);
 
     __vmwrite(CR0_GUEST_HOST_MASK, ~0UL);
     __vmwrite(CR4_GUEST_HOST_MASK, ~0UL);
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/hvm/vmx/vmx.c
--- a/xen/arch/x86/hvm/vmx/vmx.c        Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/hvm/vmx/vmx.c        Wed Aug 01 16:40:30 2007 -0600
@@ -613,28 +613,13 @@ void vmx_vmcs_save(struct vcpu *v, struc
     c->sysenter_esp = __vmread(GUEST_SYSENTER_ESP);
     c->sysenter_eip = __vmread(GUEST_SYSENTER_EIP);
 
-    /*
-     * Save any event/interrupt that was being injected when we last
-     * exited. IDT_VECTORING_INFO_FIELD has priority, as anything in
-     * VM_ENTRY_INTR_INFO_FIELD is either a fault caused by the first
-     * event, which will happen the next time, or an interrupt, which we
-     * never inject when IDT_VECTORING_INFO_FIELD is valid.
-     */
-    if ( (ev = __vmread(IDT_VECTORING_INFO_FIELD)) & INTR_INFO_VALID_MASK )
-    {
-        c->pending_event = ev;
-        c->error_code = __vmread(IDT_VECTORING_ERROR_CODE);
-    }
-    else if ( (ev = __vmread(VM_ENTRY_INTR_INFO_FIELD)) &
-              INTR_INFO_VALID_MASK )
+    c->pending_event = 0;
+    c->error_code = 0;
+    if ( ((ev = __vmread(VM_ENTRY_INTR_INFO)) & INTR_INFO_VALID_MASK) &&
+         hvm_event_needs_reinjection((ev >> 8) & 7, ev & 0xff) )
     {
         c->pending_event = ev;
         c->error_code = __vmread(VM_ENTRY_EXCEPTION_ERROR_CODE);
-    }
-    else
-    {
-        c->pending_event = 0;
-        c->error_code = 0;
     }
 
     vmx_vmcs_exit(v);
@@ -754,34 +739,9 @@ int vmx_vmcs_restore(struct vcpu *v, str
 
     if ( c->pending_valid )
     {
-        vmx_vmcs_enter(v);
-
         gdprintk(XENLOG_INFO, "Re-injecting 0x%"PRIx32", 0x%"PRIx32"\n",
                  c->pending_event, c->error_code);
 
-        /* SVM uses type 3 ("Exception") for #OF and #BP; VMX uses type 6 */
-        if ( (c->pending_type == 3) &&
-             ((c->pending_vector == 3) || (c->pending_vector == 4)) )
-            c->pending_type = 6;
-
-        /* For software exceptions, we need to tell the hardware the
-         * instruction length as well (hmmm). */
-        if ( c->pending_type > 4 )
-        {
-            int addrbytes, ilen;
-            if ( (c->cs_arbytes & X86_SEG_AR_CS_LM_ACTIVE) &&
-                 (c->msr_efer & EFER_LMA) )
-                addrbytes = 8;
-            else if ( c->cs_arbytes & X86_SEG_AR_DEF_OP_SIZE )
-                addrbytes = 4;
-            else
-                addrbytes = 2;
-
-            ilen = hvm_instruction_length(c->rip, addrbytes);
-            __vmwrite(VM_ENTRY_INSTRUCTION_LEN, ilen);
-        }
-
-        /* Sanity check */
         if ( (c->pending_type == 1) || (c->pending_type > 6) ||
              (c->pending_reserved != 0) )
         {
@@ -790,12 +750,13 @@ int vmx_vmcs_restore(struct vcpu *v, str
             return -EINVAL;
         }
 
-        /* Re-inject the exception */
-        __vmwrite(VM_ENTRY_INTR_INFO_FIELD, c->pending_event);
-        __vmwrite(VM_ENTRY_EXCEPTION_ERROR_CODE, c->error_code);
-        v->arch.hvm_vmx.vector_injected = 1;
-
-        vmx_vmcs_exit(v);
+        if ( hvm_event_needs_reinjection(c->pending_type, c->pending_vector) )
+        {
+            vmx_vmcs_enter(v);
+            __vmwrite(VM_ENTRY_INTR_INFO, c->pending_event);
+            __vmwrite(VM_ENTRY_EXCEPTION_ERROR_CODE, c->error_code);
+            vmx_vmcs_exit(v);
+        }
     }
 
     return 0;
@@ -1203,14 +1164,10 @@ static void vmx_update_vtpr(struct vcpu 
     /* VMX doesn't have a V_TPR field */
 }
 
-static int vmx_event_injection_faulted(struct vcpu *v)
-{
-    unsigned int idtv_info_field;
-
+static int vmx_event_pending(struct vcpu *v)
+{
     ASSERT(v == current);
-
-    idtv_info_field = __vmread(IDT_VECTORING_INFO_FIELD);
-    return (idtv_info_field & INTR_INFO_VALID_MASK);
+    return (__vmread(VM_ENTRY_INTR_INFO) & INTR_INFO_VALID_MASK);
 }
 
 static void disable_intercept_for_msr(u32 msr)
@@ -1261,7 +1218,7 @@ static struct hvm_function_table vmx_fun
     .inject_exception     = vmx_inject_exception,
     .init_ap_context      = vmx_init_ap_context,
     .init_hypercall_page  = vmx_init_hypercall_page,
-    .event_injection_faulted = vmx_event_injection_faulted,
+    .event_pending        = vmx_event_pending,
     .cpu_up               = vmx_cpu_up,
     .cpu_down             = vmx_cpu_down,
 };
@@ -2199,6 +2156,17 @@ static int vmx_set_cr0(unsigned long val
     unsigned long old_base_mfn;
 
     HVM_DBG_LOG(DBG_LEVEL_VMMU, "Update CR0 value = %lx", value);
+
+    if ( (u32)value != value )
+    {
+        HVM_DBG_LOG(DBG_LEVEL_1,
+                    "Guest attempts to set upper 32 bits in CR0: %lx",
+                    value);
+        vmx_inject_hw_exception(v, TRAP_gp_fault, 0);
+        return 0;
+    }
+
+    value &= ~HVM_CR0_GUEST_RESERVED_BITS;
 
     /* ET is reserved and should be always be 1. */
     value |= X86_CR0_ET;
@@ -2842,47 +2810,6 @@ static void vmx_do_extint(struct cpu_use
     }
 }
 
-static void vmx_reflect_exception(struct vcpu *v)
-{
-    int error_code, intr_info, vector;
-
-    intr_info = __vmread(VM_EXIT_INTR_INFO);
-    vector = intr_info & 0xff;
-    if ( intr_info & INTR_INFO_DELIVER_CODE_MASK )
-        error_code = __vmread(VM_EXIT_INTR_ERROR_CODE);
-    else
-        error_code = VMX_DELIVER_NO_ERROR_CODE;
-
-#ifndef NDEBUG
-    {
-        unsigned long rip;
-
-        rip = __vmread(GUEST_RIP);
-        HVM_DBG_LOG(DBG_LEVEL_1, "rip = %lx, error_code = %x",
-                    rip, error_code);
-    }
-#endif /* NDEBUG */
-
-    /*
-     * According to Intel Virtualization Technology Specification for
-     * the IA-32 Intel Architecture (C97063-002 April 2005), section
-     * 2.8.3, SW_EXCEPTION should be used for #BP and #OV, and
-     * HW_EXCEPTION used for everything else.  The main difference
-     * appears to be that for SW_EXCEPTION, the EIP/RIP is incremented
-     * by VM_ENTER_INSTRUCTION_LEN bytes, whereas for HW_EXCEPTION,
-     * it is not.
-     */
-    if ( (intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_SW_EXCEPTION )
-    {
-        int ilen = __get_instruction_length(); /* Safe: software exception */
-        vmx_inject_sw_exception(v, vector, ilen);
-    }
-    else
-    {
-        vmx_inject_hw_exception(v, vector, error_code);
-    }
-}
-
 static void vmx_failed_vmentry(unsigned int exit_reason,
                                struct cpu_user_regs *regs)
 {
@@ -2919,7 +2846,7 @@ static void vmx_failed_vmentry(unsigned 
 
 asmlinkage void vmx_vmexit_handler(struct cpu_user_regs *regs)
 {
-    unsigned int exit_reason;
+    unsigned int exit_reason, idtv_info;
     unsigned long exit_qualification, inst_len = 0;
     struct vcpu *v = current;
 
@@ -2934,6 +2861,30 @@ asmlinkage void vmx_vmexit_handler(struc
 
     if ( unlikely(exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY) )
         return vmx_failed_vmentry(exit_reason, regs);
+
+    /* Event delivery caused this intercept? Queue for redelivery. */
+    idtv_info = __vmread(IDT_VECTORING_INFO);
+    if ( unlikely(idtv_info & INTR_INFO_VALID_MASK) )
+    {
+        if ( hvm_event_needs_reinjection((idtv_info>>8)&7, idtv_info&0xff) )
+        {
+            /* See SDM 3B 25.7.1.1 and .2 for info about masking resvd bits. */
+            __vmwrite(VM_ENTRY_INTR_INFO,
+                      idtv_info & ~INTR_INFO_RESVD_BITS_MASK);
+            if ( idtv_info & INTR_INFO_DELIVER_CODE_MASK )
+                __vmwrite(VM_ENTRY_EXCEPTION_ERROR_CODE,
+                          __vmread(IDT_VECTORING_ERROR_CODE));
+        }
+
+        /*
+         * Clear NMI-blocking interruptibility info if an NMI delivery faulted.
+         * Re-delivery will re-set it (see SDM 3B 25.7.1.2).
+         */
+        if ( (idtv_info & INTR_INFO_INTR_TYPE_MASK) == (X86_EVENTTYPE_NMI<<8) )
+            __vmwrite(GUEST_INTERRUPTIBILITY_INFO,
+                      __vmread(GUEST_INTERRUPTIBILITY_INFO) &
+                      ~VMX_INTR_SHADOW_NMI);
+    }
 
     switch ( exit_reason )
     {
@@ -2957,7 +2908,7 @@ asmlinkage void vmx_vmexit_handler(struc
          * (NB. If we emulate this IRET for any reason, we should re-clear!)
          */
         if ( unlikely(intr_info & INTR_INFO_NMI_UNBLOCKED_BY_IRET) &&
-             !(__vmread(IDT_VECTORING_INFO_FIELD) & INTR_INFO_VALID_MASK) &&
+             !(__vmread(IDT_VECTORING_INFO) & INTR_INFO_VALID_MASK) &&
              (vector != TRAP_double_fault) )
             __vmwrite(GUEST_INTERRUPTIBILITY_INFO,
                     __vmread(GUEST_INTERRUPTIBILITY_INFO)|VMX_INTR_SHADOW_NMI);
@@ -2995,14 +2946,12 @@ asmlinkage void vmx_vmexit_handler(struc
             vmx_inject_hw_exception(v, TRAP_page_fault, regs->error_code);
             break;
         case TRAP_nmi:
-            if ( (intr_info & INTR_INFO_INTR_TYPE_MASK) == INTR_TYPE_NMI )
-            {
-                HVMTRACE_0D(NMI, v);
-                vmx_store_cpu_guest_regs(v, regs, NULL);
-                do_nmi(regs); /* Real NMI, vector 2: normal processing. */
-            }
-            else
-                vmx_reflect_exception(v);
+            if ( (intr_info & INTR_INFO_INTR_TYPE_MASK) !=
+                 (X86_EVENTTYPE_NMI << 8) )
+                goto exit_and_crash;
+            HVMTRACE_0D(NMI, v);
+            vmx_store_cpu_guest_regs(v, regs, NULL);
+            do_nmi(regs); /* Real NMI, vector 2: normal processing. */
             break;
         case TRAP_machine_check:
             HVMTRACE_0D(MCE, v);
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c    Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/arch/x86/mm/shadow/multi.c    Wed Aug 01 16:40:30 2007 -0600
@@ -2905,7 +2905,7 @@ static int sh_page_fault(struct vcpu *v,
          * stack is currently considered to be a page table, so we should
          * unshadow the faulting page before exiting.
          */
-        if ( unlikely(hvm_event_injection_faulted(v)) )
+        if ( unlikely(hvm_event_pending(v)) )
         {
             gdprintk(XENLOG_DEBUG, "write to pagetable during event "
                      "injection: cr2=%#lx, mfn=%#lx\n", 
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/common/libelf/libelf-dominfo.c
--- a/xen/common/libelf/libelf-dominfo.c        Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/common/libelf/libelf-dominfo.c        Wed Aug 01 16:40:30 2007 -0600
@@ -333,6 +333,99 @@ static int elf_xen_note_check(struct elf
     return 0;
 }
 
+
+static void elf_xen_loadsymtab(struct elf_binary *elf,
+                               struct elf_dom_parms *parms)
+{
+    unsigned long maxva, len;
+
+    if ( !parms->bsd_symtab )
+        return;
+
+    /* Calculate the required additional kernel space for the elf image */
+
+    /* The absolute base address of the elf image */
+    maxva = elf_round_up(elf, parms->virt_kend);
+    maxva += sizeof(long); /* Space to store the size of the elf image */
+    /* Space for the elf and elf section headers */
+    maxva += (elf_uval(elf, elf->ehdr, e_ehsize) +
+              elf_shdr_count(elf) * elf_uval(elf, elf->ehdr, e_shentsize));
+    maxva = elf_round_up(elf, maxva);
+
+    /* Space for the symbol and string tabs */
+    len = (unsigned long)elf->send - (unsigned long)elf->sstart;
+    maxva = elf_round_up(elf, maxva + len);
+
+    /* The address the kernel must expanded to */
+    parms->virt_end = maxva;
+}
+
+int elf_xen_dom_load_binary(struct elf_binary *elf,
+                            struct elf_dom_parms *parms)
+{
+    elf_ehdr *sym_ehdr;
+    unsigned long shdr, symtab_addr;
+    unsigned long maxva, symbase;
+    uint8_t i;
+    char *p;
+
+    elf_load_binary(elf);
+
+    if ( !parms->bsd_symtab )
+        return 0;
+
+#define elf_hdr_elm(_elf, _hdr, _elm, _val)     \
+do {                                            \
+    if ( elf_64bit(_elf) )                      \
+        (_hdr)->e64._elm = _val;                \
+    else                                        \
+        (_hdr)->e32._elm = _val;                \
+} while ( 0 )
+
+    /* ehdr right after the kernel image (4 byte aligned) */
+    symbase = elf_round_up(elf, parms->virt_kend);
+    symtab_addr = maxva = symbase + sizeof(long);
+
+    /* Set up Elf header. */
+    sym_ehdr = (elf_ehdr *)symtab_addr;
+    maxva = elf_copy_ehdr(elf, sym_ehdr);
+
+    elf_hdr_elm(elf, sym_ehdr, e_phoff, 0);
+    elf_hdr_elm(elf, sym_ehdr, e_shoff, elf_uval(elf, elf->ehdr, e_ehsize));
+    elf_hdr_elm(elf, sym_ehdr, e_phentsize, 0);
+    elf_hdr_elm(elf, sym_ehdr, e_phnum, 0);
+
+    /* Copy Elf section headers. */
+    shdr = maxva;
+    maxva = elf_copy_shdr(elf, (elf_shdr *)shdr);
+
+    for ( i = 0; i < elf_shdr_count(elf); i++ )
+    {
+        uint8_t type;
+        unsigned long tmp;
+        type = elf_uval(elf, (elf_shdr *)shdr, sh_type);
+        if ( (type == SHT_STRTAB) || (type == SHT_SYMTAB) )
+        {
+             elf_msg(elf, "%s: shdr %i at 0x%p -> 0x%p\n", __func__, i,
+                     elf_section_start(elf, (elf_shdr *)shdr), (void *)maxva);
+             tmp = elf_copy_section(elf, (elf_shdr *)shdr, (void *)maxva);
+             /* Mangled to be based on ELF header location. */
+             elf_hdr_elm(elf, (elf_shdr *)shdr, sh_offset,
+                         maxva - symtab_addr);
+             maxva = tmp;
+        }
+        shdr += elf_uval(elf, elf->ehdr, e_shentsize);
+    }
+
+    /* Write down the actual sym size. */
+    p = (char *)symbase;
+    *(long *)p = maxva - symtab_addr; /* sym size */
+
+#undef elf_ehdr_elm
+
+    return 0;
+}
+
 static int elf_xen_addr_calc_check(struct elf_binary *elf,
                                    struct elf_dom_parms *parms)
 {
@@ -374,9 +467,13 @@ static int elf_xen_addr_calc_check(struc
     parms->virt_offset = parms->virt_base - parms->elf_paddr_offset;
     parms->virt_kstart = elf->pstart + parms->virt_offset;
     parms->virt_kend   = elf->pend   + parms->virt_offset;
+    parms->virt_end    = parms->virt_kend;
 
     if ( parms->virt_entry == UNSET_ADDR )
         parms->virt_entry = elf_uval(elf, elf->ehdr, e_entry);
+
+    if ( parms->bsd_symtab )
+        elf_xen_loadsymtab(elf, parms);
 
     elf_msg(elf, "%s: addresses:\n", __FUNCTION__);
     elf_msg(elf, "    virt_base        = 0x%" PRIx64 "\n", parms->virt_base);
@@ -384,12 +481,14 @@ static int elf_xen_addr_calc_check(struc
     elf_msg(elf, "    virt_offset      = 0x%" PRIx64 "\n", parms->virt_offset);
     elf_msg(elf, "    virt_kstart      = 0x%" PRIx64 "\n", parms->virt_kstart);
     elf_msg(elf, "    virt_kend        = 0x%" PRIx64 "\n", parms->virt_kend);
+    elf_msg(elf, "    virt_end         = 0x%" PRIx64 "\n", parms->virt_end);
     elf_msg(elf, "    virt_entry       = 0x%" PRIx64 "\n", parms->virt_entry);
 
     if ( (parms->virt_kstart > parms->virt_kend) ||
          (parms->virt_entry < parms->virt_kstart) ||
          (parms->virt_entry > parms->virt_kend) ||
-         (parms->virt_base > parms->virt_kstart) )
+         (parms->virt_base > parms->virt_kstart) ||
+         (parms->virt_kend > parms->virt_end) )
     {
         elf_err(elf, "%s: ERROR: ELF start or entries are out of bounds.\n",
                 __FUNCTION__);
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/common/libelf/libelf-loader.c
--- a/xen/common/libelf/libelf-loader.c Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/common/libelf/libelf-loader.c Wed Aug 01 16:40:30 2007 -0600
@@ -10,6 +10,8 @@ int elf_init(struct elf_binary *elf, con
 {
     const elf_shdr *shdr;
     uint64_t i, count, section, offset;
+    uint64_t low = -1;
+    uint64_t high = 0;
 
     if ( !elf_is_elfbinary(image) )
     {
@@ -24,7 +26,11 @@ int elf_init(struct elf_binary *elf, con
     elf->class = elf->ehdr->e32.e_ident[EI_CLASS];
     elf->data = elf->ehdr->e32.e_ident[EI_DATA];
 
-    /* sanity check phdr */
+#ifdef VERBOSE
+    elf_set_verbose(elf);
+#endif
+
+    /* Sanity check phdr. */
     offset = elf_uval(elf, elf->ehdr, e_phoff) +
         elf_uval(elf, elf->ehdr, e_phentsize) * elf_phdr_count(elf);
     if ( offset > elf->size )
@@ -34,7 +40,7 @@ int elf_init(struct elf_binary *elf, con
         return -1;
     }
 
-    /* sanity check shdr */
+    /* Sanity check shdr. */
     offset = elf_uval(elf, elf->ehdr, e_shoff) +
         elf_uval(elf, elf->ehdr, e_shentsize) * elf_shdr_count(elf);
     if ( offset > elf->size )
@@ -44,29 +50,55 @@ int elf_init(struct elf_binary *elf, con
         return -1;
     }
 
-    /* find section string table */
+    /* Find section string table. */
     section = elf_uval(elf, elf->ehdr, e_shstrndx);
     shdr = elf_shdr_by_index(elf, section);
     if ( shdr != NULL )
         elf->sec_strtab = elf_section_start(elf, shdr);
 
-    /* find symbol table, symbol string table */
+    /* Find symbol table and symbol string table. */
     count = elf_shdr_count(elf);
     for ( i = 0; i < count; i++ )
     {
+        const char *sh_symend, *sh_strend;
+
         shdr = elf_shdr_by_index(elf, i);
         if ( elf_uval(elf, shdr, sh_type) != SHT_SYMTAB )
             continue;
         elf->sym_tab = shdr;
+        sh_symend = (const char *)elf_section_end(elf, shdr);
         shdr = elf_shdr_by_index(elf, elf_uval(elf, shdr, sh_link));
         if ( shdr == NULL )
         {
             elf->sym_tab = NULL;
+            sh_symend = 0;
             continue;
         }
         elf->sym_strtab = elf_section_start(elf, shdr);
-        break;
-    }
+        sh_strend = (const char *)elf_section_end(elf, shdr);
+
+        if ( low > (unsigned long)elf->sym_tab )
+            low = (unsigned long)elf->sym_tab;
+        if ( low > (unsigned long)shdr )
+            low = (unsigned long)shdr;
+
+        if ( high < ((unsigned long)sh_symend) )
+            high = (unsigned long)sh_symend;
+        if ( high < ((unsigned long)sh_strend) )
+            high = (unsigned long)sh_strend;
+
+        elf_msg(elf, "%s: shdr: sym_tab=%p size=0x%" PRIx64 "\n",
+                __FUNCTION__, elf->sym_tab,
+                elf_uval(elf, elf->sym_tab, sh_size));
+        elf_msg(elf, "%s: shdr: str_tab=%p size=0x%" PRIx64 "\n",
+                __FUNCTION__, elf->sym_strtab, elf_uval(elf, shdr, sh_size));
+
+        elf->sstart = low;
+        elf->send = high;
+        elf_msg(elf, "%s: symbol map: 0x%" PRIx64 " -> 0x%" PRIx64 "\n",
+                __FUNCTION__, elf->sstart, elf->send);
+    }
+
     return 0;
 }
 
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/common/libelf/libelf-tools.c
--- a/xen/common/libelf/libelf-tools.c  Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/common/libelf/libelf-tools.c  Wed Aug 01 16:40:30 2007 -0600
@@ -236,6 +236,36 @@ int elf_phdr_is_loadable(struct elf_bina
     uint64_t p_flags = elf_uval(elf, phdr, p_flags);
 
     return ((p_type == PT_LOAD) && (p_flags & (PF_W | PF_X)) != 0);
+}
+
+unsigned long
+elf_copy_ehdr(struct elf_binary *elf, void *dest)
+{
+    uint64_t size;
+
+    size = elf_uval(elf, elf->ehdr, e_ehsize);
+    memcpy(dest, elf->ehdr, size);
+    return elf_round_up(elf, (unsigned long)(dest) + size);
+}
+
+unsigned long
+elf_copy_shdr(struct elf_binary *elf, void *dest)
+{
+    uint64_t size;
+
+    size = elf_shdr_count(elf) * elf_uval(elf, elf->ehdr, e_shentsize);
+    memcpy(dest, elf->image + elf_uval(elf, elf->ehdr, e_shoff), size);
+    return elf_round_up(elf, (unsigned long)(dest) + size);
+}
+
+unsigned long
+elf_copy_section(struct elf_binary *elf, const elf_shdr *shdr, void *dest)
+{
+    uint64_t size;
+
+    size = elf_uval(elf, shdr, sh_size);
+    memcpy(dest, elf_section_start(elf, shdr), size);
+    return elf_round_up(elf, (unsigned long)(dest) + size);
 }
 
 /*
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/drivers/acpi/tables.c
--- a/xen/drivers/acpi/tables.c Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/drivers/acpi/tables.c Wed Aug 01 16:40:30 2007 -0600
@@ -73,7 +73,6 @@ struct acpi_table_sdt {
 
 static unsigned long sdt_pa;   /* Physical Address */
 static unsigned long sdt_count;        /* Table count */
-unsigned char acpi_rsdp_rev;
 
 static struct acpi_table_sdt sdt_entry[ACPI_MAX_TABLES] __initdata;
 
@@ -227,6 +226,17 @@ void acpi_table_print_madt_entry(acpi_ta
        }
 }
 
+uint8_t
+generate_acpi_checksum(void *tbl, unsigned long len)
+{
+       uint8_t *ptr, sum = 0;
+
+       for (ptr = tbl; len > 0 ; len--, ptr++)
+               sum += *ptr;
+
+       return 0 - sum;
+}
+
 static int
 acpi_table_compute_checksum(void *table_pointer, unsigned long length)
 {
@@ -599,8 +609,6 @@ int __init acpi_table_init(void)
               "RSDP (v%3.3d %6.6s                                ) @ 0x%p\n",
               rsdp->revision, rsdp->oem_id, (void *)rsdp_phys);
 
-       acpi_rsdp_rev = rsdp->revision;
-
        if (rsdp->revision < 2)
                result =
                    acpi_table_compute_checksum(rsdp,
@@ -623,3 +631,143 @@ int __init acpi_table_init(void)
 
        return 0;
 }
+
+int __init
+acpi_table_disable(enum acpi_table_id table_id)
+{
+       struct acpi_table_header *header = NULL;
+       struct acpi_table_rsdp *rsdp;
+       unsigned long rsdp_phys;
+       char *table_name;
+       int id;
+
+       rsdp_phys = acpi_find_rsdp();
+       if (!rsdp_phys)
+               return -ENODEV;
+
+       rsdp = (struct acpi_table_rsdp *)__acpi_map_table(rsdp_phys,
+               sizeof(struct acpi_table_rsdp));
+       if (!rsdp)
+               return -ENODEV;
+
+       for (id = 0; id < sdt_count; id++)
+               if (sdt_entry[id].id == table_id)
+                       break;
+
+       if (id == sdt_count)
+               return -ENOENT;
+
+       table_name = acpi_table_signatures[table_id];
+
+       /* First check XSDT (but only on ACPI 2.0-compatible systems) */
+
+       if ((rsdp->revision >= 2) &&
+           (((struct acpi20_table_rsdp *)rsdp)->xsdt_address)) {
+
+               struct acpi_table_xsdt *mapped_xsdt = NULL;
+
+               sdt_pa = ((struct acpi20_table_rsdp *)rsdp)->xsdt_address;
+
+               /* map in just the header */
+               header = (struct acpi_table_header *)
+                   __acpi_map_table(sdt_pa, sizeof(struct acpi_table_header));
+
+               if (!header) {
+                       printk(KERN_WARNING PREFIX
+                              "Unable to map XSDT header\n");
+                       return -ENODEV;
+               }
+
+               /* remap in the entire table before processing */
+               mapped_xsdt = (struct acpi_table_xsdt *)
+                   __acpi_map_table(sdt_pa, header->length);
+               if (!mapped_xsdt) {
+                       printk(KERN_WARNING PREFIX "Unable to map XSDT\n");
+                       return -ENODEV;
+               }
+               header = &mapped_xsdt->header;
+
+               if (strncmp(header->signature, "XSDT", 4)) {
+                       printk(KERN_WARNING PREFIX
+                              "XSDT signature incorrect\n");
+                       return -ENODEV;
+               }
+
+               if (acpi_table_compute_checksum(header, header->length)) {
+                       printk(KERN_WARNING PREFIX "Invalid XSDT checksum\n");
+                       return -ENODEV;
+               }
+
+               if (id < sdt_count) {
+                       header = (struct acpi_table_header *)
+                          __acpi_map_table(mapped_xsdt->entry[id], 
sizeof(struct acpi_table_header));
+               } else {
+                       printk(KERN_WARNING PREFIX
+                              "Unable to disable entry %d\n",
+                              id);
+                       return -ENODEV;
+               }
+       }
+
+       /* Then check RSDT */
+
+       else if (rsdp->rsdt_address) {
+
+               struct acpi_table_rsdt *mapped_rsdt = NULL;
+
+               sdt_pa = rsdp->rsdt_address;
+
+               /* map in just the header */
+               header = (struct acpi_table_header *)
+                   __acpi_map_table(sdt_pa, sizeof(struct acpi_table_header));
+               if (!header) {
+                       printk(KERN_WARNING PREFIX
+                              "Unable to map RSDT header\n");
+                       return -ENODEV;
+               }
+
+               /* remap in the entire table before processing */
+               mapped_rsdt = (struct acpi_table_rsdt *)
+                   __acpi_map_table(sdt_pa, header->length);
+               if (!mapped_rsdt) {
+                       printk(KERN_WARNING PREFIX "Unable to map RSDT\n");
+                       return -ENODEV;
+               }
+               header = &mapped_rsdt->header;
+
+               if (strncmp(header->signature, "RSDT", 4)) {
+                       printk(KERN_WARNING PREFIX
+                              "RSDT signature incorrect\n");
+                       return -ENODEV;
+               }
+
+               if (acpi_table_compute_checksum(header, header->length)) {
+                       printk(KERN_WARNING PREFIX "Invalid RSDT checksum\n");
+                       return -ENODEV;
+               }
+               if (id < sdt_count) {
+                       header = (struct acpi_table_header *)
+                          __acpi_map_table(mapped_rsdt->entry[id], 
sizeof(struct acpi_table_header));
+               } else {
+                       printk(KERN_WARNING PREFIX
+                              "Unable to disable entry %d\n",
+                              id);
+                       return -ENODEV;
+               }
+       }
+
+       else {
+               printk(KERN_WARNING PREFIX
+                      "No System Description Table (RSDT/XSDT) specified in 
RSDP\n");
+               return -ENODEV;
+       }
+
+       memcpy(header->signature, "OEMx", 4);
+       memcpy(header->oem_id, "xxxxxx", 6);
+       memcpy(header->oem_id+1, table_name, 4);
+       memcpy(header->oem_table_id, "Xen     ", 8);
+       header->checksum = 0;
+       header->checksum = generate_acpi_checksum(header, header->length);
+
+       return 0;
+}
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-ia64/dom_fw_common.h
--- a/xen/include/asm-ia64/dom_fw_common.h      Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-ia64/dom_fw_common.h      Wed Aug 01 16:40:30 2007 -0600
@@ -85,7 +85,6 @@ xen_ia64_efi_make_md(efi_memory_desc_t *
 xen_ia64_efi_make_md(efi_memory_desc_t *md,
                      uint32_t type, uint64_t attr, 
                      uint64_t start, uint64_t end);
-uint8_t generate_acpi_checksum(void *tbl, unsigned long len);
 struct fake_acpi_tables;
 void dom_fw_fake_acpi(domain_t *d, struct fake_acpi_tables *tables);
 int efi_mdt_cmp(const void *a, const void *b); 
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-powerpc/grant_table.h
--- a/xen/include/asm-powerpc/grant_table.h     Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-powerpc/grant_table.h     Wed Aug 01 16:40:30 2007 -0600
@@ -51,6 +51,11 @@ int replace_grant_host_mapping(
 #define gnttab_shared_gmfn(d, t, i)                     \
     (mfn_to_gmfn(d, gnttab_shared_mfn(d, t, i)))
 
+static inline void mark_dirty(struct domain *d, unsigned int mfn)
+{
+    return;
+}
+#define gnttab_mark_dirty(d, f) mark_dirty((d), (f))
 #define gnttab_log_dirty(d, f) mark_dirty((d), (f))
 
 static inline void gnttab_clear_flag(unsigned long nr, uint16_t *addr)
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-powerpc/mm.h
--- a/xen/include/asm-powerpc/mm.h      Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-powerpc/mm.h      Wed Aug 01 16:40:30 2007 -0600
@@ -35,7 +35,6 @@
 #define memguard_unguard_range(_p,_l)    ((void)0)
 
 extern unsigned long xenheap_phys_end;
-extern int boot_of_mem_avail(int pos, ulong *start, ulong *end);
 
 /*
  * Per-page-frame information.
@@ -275,4 +274,12 @@ extern int steal_page(struct domain *d, 
 
 #define domain_get_maximum_gpfn(d) (-ENOSYS)
 
+extern int guest_physmap_max_mem_pages(struct domain *d, unsigned long 
new_max);
+
+extern void guest_physmap_add_page(
+    struct domain *d, unsigned long gpfn, unsigned long mfn);
+
+extern void guest_physmap_remove_page(
+    struct domain *d, unsigned long gpfn, unsigned long mfn);
+
 #endif
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-powerpc/numa.h
--- a/xen/include/asm-powerpc/numa.h    Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-powerpc/numa.h    Wed Aug 01 16:40:30 2007 -0600
@@ -1,3 +1,28 @@
+/*
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Copyright (C) IBM Corp. 2007
+ *
+ * Authors: Hollis Blanchard <hollisb@xxxxxxxxxx>
+ */
+
+#ifndef __ASM_NUMA_H__
+#define __ASM_NUMA_H__
+
 #include <xen/init.h>
 #include "../asm-x86/numa.h"
 extern void numa_initmem_init(unsigned long start_pfn, unsigned long end_pfn);
+
+#endif
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-powerpc/shadow.h
--- a/xen/include/asm-powerpc/shadow.h  Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-powerpc/shadow.h  Wed Aug 01 16:40:30 2007 -0600
@@ -32,22 +32,8 @@
       ? machine_to_phys_mapping[(mfn)]                 \
       : (mfn) )
 
-extern int guest_physmap_max_mem_pages(struct domain *d, unsigned long 
new_max);
-
-extern void guest_physmap_add_page(
-    struct domain *d, unsigned long gpfn, unsigned long mfn);
-
-extern void guest_physmap_remove_page(
-    struct domain *d, unsigned long gpfn, unsigned long mfn);
-
 extern void shadow_drop_references(
     struct domain *d, struct page_info *page);
-
-static inline void mark_dirty(struct domain *d, unsigned int mfn)
-{
-    return;
-}
-#define gnttab_mark_dirty(d, f) mark_dirty((d), (f))
 
 extern int shadow_domctl(struct domain *d, 
                    xen_domctl_shadow_op_t *sc,
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-x86/hvm/hvm.h
--- a/xen/include/asm-x86/hvm/hvm.h     Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-x86/hvm/hvm.h     Wed Aug 01 16:40:30 2007 -0600
@@ -154,7 +154,7 @@ struct hvm_function_table {
 
     void (*init_hypercall_page)(struct domain *d, void *hypercall_page);
 
-    int  (*event_injection_faulted)(struct vcpu *v);
+    int  (*event_pending)(struct vcpu *v);
 
     int  (*cpu_up)(void);
     void (*cpu_down)(void);
@@ -229,7 +229,8 @@ hvm_guest_x86_mode(struct vcpu *v)
     return hvm_funcs.guest_x86_mode(v);
 }
 
-int hvm_instruction_length(unsigned long pc, int address_bytes);
+int hvm_instruction_fetch(unsigned long pc, int address_bytes,
+                          unsigned char *buf);
 
 static inline void
 hvm_update_host_cr3(struct vcpu *v)
@@ -295,24 +296,71 @@ hvm_inject_exception(unsigned int trapnr
 
 int hvm_bringup_ap(int vcpuid, int trampoline_vector);
 
-static inline int hvm_event_injection_faulted(struct vcpu *v)
-{
-    return hvm_funcs.event_injection_faulted(v);
-}
+static inline int hvm_event_pending(struct vcpu *v)
+{
+    return hvm_funcs.event_pending(v);
+}
+
+/* These reserved bits in lower 32 remain 0 after any load of CR0 */
+#define HVM_CR0_GUEST_RESERVED_BITS             \
+    (~((unsigned long)                          \
+       (X86_CR0_PE | X86_CR0_MP | X86_CR0_EM |  \
+        X86_CR0_TS | X86_CR0_ET | X86_CR0_NE |  \
+        X86_CR0_WP | X86_CR0_AM | X86_CR0_NW |  \
+        X86_CR0_CD | X86_CR0_PG)))
 
 /* These bits in CR4 are owned by the host. */
 #define HVM_CR4_HOST_MASK (mmu_cr4_features & \
     (X86_CR4_VMXE | X86_CR4_PAE | X86_CR4_MCE))
 
 /* These bits in CR4 cannot be set by the guest. */
-#define HVM_CR4_GUEST_RESERVED_BITS \
-    ~(X86_CR4_VME | X86_CR4_PVI | X86_CR4_TSD | \
-      X86_CR4_DE  | X86_CR4_PSE | X86_CR4_PAE | \
-      X86_CR4_MCE | X86_CR4_PGE | X86_CR4_PCE | \
-      X86_CR4_OSFXSR | X86_CR4_OSXMMEXCPT)
+#define HVM_CR4_GUEST_RESERVED_BITS                     \
+    (~((unsigned long)                                  \
+       (X86_CR4_VME | X86_CR4_PVI | X86_CR4_TSD |       \
+        X86_CR4_DE  | X86_CR4_PSE | X86_CR4_PAE |       \
+        X86_CR4_MCE | X86_CR4_PGE | X86_CR4_PCE |       \
+        X86_CR4_OSFXSR | X86_CR4_OSXMMEXCPT)))
 
 /* These exceptions must always be intercepted. */
 #define HVM_TRAP_MASK (1U << TRAP_machine_check)
+
+/*
+ * x86 event types. This enumeration is valid for:
+ *  Intel VMX: {VM_ENTRY,VM_EXIT,IDT_VECTORING}_INTR_INFO[10:8]
+ *  AMD SVM: eventinj[10:8] and exitintinfo[10:8] (types 0-4 only)
+ */
+#define X86_EVENTTYPE_EXT_INTR              0    /* external interrupt */
+#define X86_EVENTTYPE_NMI                   2    /* NMI                */
+#define X86_EVENTTYPE_HW_EXCEPTION          3    /* hardware exception */
+#define X86_EVENTTYPE_SW_INTERRUPT          4    /* software interrupt */
+#define X86_EVENTTYPE_SW_EXCEPTION          6    /* software exception */
+
+/*
+ * Need to re-inject a given event? We avoid re-injecting software exceptions
+ * and interrupts because the faulting/trapping instruction can simply be
+ * re-executed (neither VMX nor SVM update RIP when they VMEXIT during
+ * INT3/INTO/INTn).
+ */
+static inline int hvm_event_needs_reinjection(uint8_t type, uint8_t vector)
+{
+    switch ( type )
+    {
+    case X86_EVENTTYPE_EXT_INTR:
+    case X86_EVENTTYPE_NMI:
+        return 1;
+    case X86_EVENTTYPE_HW_EXCEPTION:
+        /*
+         * SVM uses type 3 ("HW Exception") for #OF and #BP. We explicitly
+         * check for these vectors, as they are really SW Exceptions. SVM has
+         * not updated RIP to point after the trapping instruction (INT3/INTO).
+         */
+        return (vector != 3) && (vector != 4);
+    default:
+        /* Software exceptions/interrupts can be re-executed (e.g., INT n). */
+        break;
+    }
+    return 0;
+}
 
 static inline int hvm_cpu_up(void)
 {
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-x86/hvm/svm/vmcb.h
--- a/xen/include/asm-x86/hvm/svm/vmcb.h        Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-x86/hvm/svm/vmcb.h        Wed Aug 01 16:40:30 2007 -0600
@@ -319,14 +319,6 @@ typedef union
         u64 errorcode:32;
     } fields;
 } __attribute__ ((packed)) eventinj_t;
-
-enum EVENTTYPES
-{
-    EVENTTYPE_INTR = 0,
-    EVENTTYPE_NMI = 2,
-    EVENTTYPE_EXCEPTION = 3,
-    EVENTTYPE_SWINT = 4,
-};
 
 typedef union 
 {
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-x86/hvm/vmx/vmcs.h
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h        Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h        Wed Aug 01 16:40:30 2007 -0600
@@ -66,9 +66,6 @@ struct arch_vmx_struct {
 
     /* Cache of cpu execution control. */
     u32                  exec_control;
-
-    /* If there is vector installed in the INTR_INFO_FIELD. */
-    u32                  vector_injected;
 
     unsigned long        cpu_cr0; /* copy of guest CR0 */
     unsigned long        cpu_shadow_cr0; /* copy of guest read shadow CR0 */
@@ -198,7 +195,7 @@ enum vmcs_field {
     VM_EXIT_MSR_LOAD_COUNT          = 0x00004010,
     VM_ENTRY_CONTROLS               = 0x00004012,
     VM_ENTRY_MSR_LOAD_COUNT         = 0x00004014,
-    VM_ENTRY_INTR_INFO_FIELD        = 0x00004016,
+    VM_ENTRY_INTR_INFO              = 0x00004016,
     VM_ENTRY_EXCEPTION_ERROR_CODE   = 0x00004018,
     VM_ENTRY_INSTRUCTION_LEN        = 0x0000401a,
     TPR_THRESHOLD                   = 0x0000401c,
@@ -207,7 +204,7 @@ enum vmcs_field {
     VM_EXIT_REASON                  = 0x00004402,
     VM_EXIT_INTR_INFO               = 0x00004404,
     VM_EXIT_INTR_ERROR_CODE         = 0x00004406,
-    IDT_VECTORING_INFO_FIELD        = 0x00004408,
+    IDT_VECTORING_INFO              = 0x00004408,
     IDT_VECTORING_ERROR_CODE        = 0x0000440a,
     VM_EXIT_INSTRUCTION_LEN         = 0x0000440c,
     VMX_INSTRUCTION_INFO            = 0x0000440e,
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/asm-x86/hvm/vmx/vmx.h
--- a/xen/include/asm-x86/hvm/vmx/vmx.h Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/asm-x86/hvm/vmx/vmx.h Wed Aug 01 16:40:30 2007 -0600
@@ -94,11 +94,6 @@ void vmx_vlapic_msr_changed(struct vcpu 
 #define INTR_INFO_VALID_MASK            0x80000000      /* 31 */
 #define INTR_INFO_RESVD_BITS_MASK       0x7ffff000
 
-#define INTR_TYPE_EXT_INTR              (0 << 8)    /* external interrupt */
-#define INTR_TYPE_NMI                   (2 << 8)    /* NMI                */
-#define INTR_TYPE_HW_EXCEPTION          (3 << 8)    /* hardware exception */
-#define INTR_TYPE_SW_EXCEPTION          (6 << 8)    /* software exception */
-
 /*
  * Exit Qualifications for MOV for Control Register Access
  */
@@ -263,8 +258,8 @@ static inline int __vmxon (u64 addr)
     return rc;
 }
 
-static inline void __vmx_inject_exception(struct vcpu *v, int trap, int type,
-                                         int error_code, int ilen)
+static inline void __vmx_inject_exception(
+    struct vcpu *v, int trap, int type, int error_code)
 {
     unsigned long intr_fields;
 
@@ -276,16 +271,13 @@ static inline void __vmx_inject_exceptio
      *   VM entry]", PRM Vol. 3, 22.6.1 (Interruptibility State).
      */
 
-    intr_fields = (INTR_INFO_VALID_MASK | type | trap);
+    intr_fields = (INTR_INFO_VALID_MASK | (type<<8) | trap);
     if ( error_code != VMX_DELIVER_NO_ERROR_CODE ) {
         __vmwrite(VM_ENTRY_EXCEPTION_ERROR_CODE, error_code);
         intr_fields |= INTR_INFO_DELIVER_CODE_MASK;
     }
 
-    if ( ilen )
-      __vmwrite(VM_ENTRY_INSTRUCTION_LEN, ilen);
-
-    __vmwrite(VM_ENTRY_INTR_INFO_FIELD, intr_fields);
+    __vmwrite(VM_ENTRY_INTR_INFO, intr_fields);
 
     if (trap == TRAP_page_fault)
         HVMTRACE_2D(PF_INJECT, v, v->arch.hvm_vmx.cpu_cr2, error_code);
@@ -296,29 +288,19 @@ static inline void vmx_inject_hw_excepti
 static inline void vmx_inject_hw_exception(
     struct vcpu *v, int trap, int error_code)
 {
-    v->arch.hvm_vmx.vector_injected = 1;
-    __vmx_inject_exception(v, trap, INTR_TYPE_HW_EXCEPTION, error_code, 0);
-}
-
-static inline void vmx_inject_sw_exception(
-    struct vcpu *v, int trap, int instruction_len)
-{
-    v->arch.hvm_vmx.vector_injected = 1;
-    __vmx_inject_exception(v, trap, INTR_TYPE_SW_EXCEPTION,
-                           VMX_DELIVER_NO_ERROR_CODE,
-                           instruction_len);
+    __vmx_inject_exception(v, trap, X86_EVENTTYPE_HW_EXCEPTION, error_code);
 }
 
 static inline void vmx_inject_extint(struct vcpu *v, int trap)
 {
-    __vmx_inject_exception(v, trap, INTR_TYPE_EXT_INTR,
-                           VMX_DELIVER_NO_ERROR_CODE, 0);
+    __vmx_inject_exception(v, trap, X86_EVENTTYPE_EXT_INTR,
+                           VMX_DELIVER_NO_ERROR_CODE);
 }
 
 static inline void vmx_inject_nmi(struct vcpu *v)
 {
-    __vmx_inject_exception(v, 2, INTR_TYPE_NMI,
-                           VMX_DELIVER_NO_ERROR_CODE, 0);
+    __vmx_inject_exception(v, 2, X86_EVENTTYPE_NMI,
+                           VMX_DELIVER_NO_ERROR_CODE);
 }
 
 #endif /* __ASM_X86_HVM_VMX_VMX_H__ */
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/public/libelf.h
--- a/xen/include/public/libelf.h       Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/public/libelf.h       Wed Aug 01 16:40:30 2007 -0600
@@ -65,6 +65,8 @@ struct elf_binary {
 
     /* loaded to */
     char *dest;
+    uint64_t sstart;
+    uint64_t send;
     uint64_t pstart;
     uint64_t pend;
     uint64_t reloc_offset;
@@ -91,33 +93,32 @@ struct elf_binary {
 #define elf_lsb(elf)   (ELFDATA2LSB == (elf)->data)
 #define elf_swap(elf)  (NATIVE_ELFDATA != (elf)->data)
 
-#define elf_uval(elf, str, elem)                       \
-       ((ELFCLASS64 == (elf)->class)                   \
-       ? elf_access_unsigned((elf), (str),             \
-               offsetof(typeof(*(str)),e64.elem),      \
-               sizeof((str)->e64.elem))                \
-       : elf_access_unsigned((elf), (str),             \
-               offsetof(typeof(*(str)),e32.elem),      \
-               sizeof((str)->e32.elem)))
-
-#define elf_sval(elf, str, elem)                       \
-       ((ELFCLASS64 == (elf)->class)                   \
-       ? elf_access_signed((elf), (str),               \
-               offsetof(typeof(*(str)),e64.elem),      \
-               sizeof((str)->e64.elem))                \
-       : elf_access_signed((elf), (str),               \
-               offsetof(typeof(*(str)),e32.elem),      \
-               sizeof((str)->e32.elem)))
-
-#define elf_size(elf, str)             \
-       ((ELFCLASS64 == (elf)->class)   \
-       ? sizeof((str)->e64)            \
-       : sizeof((str)->e32))
+#define elf_uval(elf, str, elem)                                        \
+    ((ELFCLASS64 == (elf)->class)                                       \
+     ? elf_access_unsigned((elf), (str),                                \
+                           offsetof(typeof(*(str)),e64.elem),           \
+                           sizeof((str)->e64.elem))                     \
+     : elf_access_unsigned((elf), (str),                                \
+                           offsetof(typeof(*(str)),e32.elem),           \
+                           sizeof((str)->e32.elem)))
+
+#define elf_sval(elf, str, elem)                                        \
+    ((ELFCLASS64 == (elf)->class)                                       \
+     ? elf_access_signed((elf), (str),                                  \
+                         offsetof(typeof(*(str)),e64.elem),             \
+                         sizeof((str)->e64.elem))                       \
+     : elf_access_signed((elf), (str),                                  \
+                         offsetof(typeof(*(str)),e32.elem),             \
+                         sizeof((str)->e32.elem)))
+
+#define elf_size(elf, str)                              \
+    ((ELFCLASS64 == (elf)->class)                       \
+     ? sizeof((str)->e64) : sizeof((str)->e32))
 
 uint64_t elf_access_unsigned(struct elf_binary *elf, const void *ptr,
-                            uint64_t offset, size_t size);
+                             uint64_t offset, size_t size);
 int64_t elf_access_signed(struct elf_binary *elf, const void *ptr,
-                         uint64_t offset, size_t size);
+                          uint64_t offset, size_t size);
 
 uint64_t elf_round_up(struct elf_binary *elf, uint64_t addr);
 
@@ -149,6 +150,11 @@ int elf_is_elfbinary(const void *image);
 int elf_is_elfbinary(const void *image);
 int elf_phdr_is_loadable(struct elf_binary *elf, const elf_phdr * phdr);
 
+unsigned long elf_copy_ehdr(struct elf_binary *elf, void *dest);
+unsigned long elf_copy_shdr(struct elf_binary *elf, void *dest);
+unsigned long elf_copy_section(struct elf_binary *elf,
+                               const elf_shdr *shdr, void *dest);
+
 /* ------------------------------------------------------------------------ */
 /* xc_libelf_loader.c                                                       */
 
@@ -185,8 +191,8 @@ struct xen_elfnote {
     enum xen_elfnote_type type;
     const char *name;
     union {
-       const char *str;
-       uint64_t num;
+        const char *str;
+        uint64_t num;
     } data;
 };
 
@@ -215,7 +221,8 @@ struct elf_dom_parms {
     /* calculated */
     uint64_t virt_offset;
     uint64_t virt_kstart;
-    uint64_t virt_kend;
+    uint64_t virt_kend; /* end of kernel image */
+    uint64_t virt_end;  /* end of kernel symtab (== virt_kend if none) */
 };
 
 static inline void elf_xen_feature_set(int nr, uint32_t * addr)
@@ -228,14 +235,17 @@ static inline int elf_xen_feature_get(in
 }
 
 int elf_xen_parse_features(const char *features,
-                          uint32_t *supported,
-                          uint32_t *required);
+                           uint32_t *supported,
+                           uint32_t *required);
 int elf_xen_parse_note(struct elf_binary *elf,
-                      struct elf_dom_parms *parms,
-                      const elf_note *note);
+                       struct elf_dom_parms *parms,
+                       const elf_note *note);
 int elf_xen_parse_guest_info(struct elf_binary *elf,
-                            struct elf_dom_parms *parms);
+                             struct elf_dom_parms *parms);
 int elf_xen_parse(struct elf_binary *elf,
-                 struct elf_dom_parms *parms);
+                  struct elf_dom_parms *parms);
+
+int elf_xen_dom_load_binary(struct elf_binary *elf,
+                            struct elf_dom_parms *parms);
 
 #endif /* __XC_LIBELF__ */
diff -r 77c87416fbd0 -r d83c9d87ede4 xen/include/xen/acpi.h
--- a/xen/include/xen/acpi.h    Wed Aug 01 09:40:58 2007 -0600
+++ b/xen/include/xen/acpi.h    Wed Aug 01 16:40:30 2007 -0600
@@ -383,6 +383,7 @@ int acpi_numa_init (void);
 int acpi_numa_init (void);
 
 int acpi_table_init (void);
+int acpi_table_disable(enum acpi_table_id table_id);
 int acpi_table_parse (enum acpi_table_id id, acpi_table_handler handler);
 int acpi_get_table_header_early (enum acpi_table_id id, struct 
acpi_table_header **header);
 int acpi_table_parse_madt (enum acpi_madt_entry_id id, acpi_madt_entry_handler 
handler, unsigned int max_entries);
@@ -390,6 +391,7 @@ void acpi_table_print (struct acpi_table
 void acpi_table_print (struct acpi_table_header *header, unsigned long 
phys_addr);
 void acpi_table_print_madt_entry (acpi_table_entry_header *madt);
 void acpi_table_print_srat_entry (acpi_table_entry_header *srat);
+uint8_t generate_acpi_checksum(void *tbl, unsigned long len);
 
 /* the following four functions are architecture-dependent */
 void acpi_numa_slit_init (struct acpi_table_slit *slit);
@@ -534,6 +536,5 @@ static inline int acpi_get_pxm(acpi_hand
 #endif
 
 extern int pnpacpi_disabled;
-extern unsigned char acpi_rsdp_rev;
 
 #endif /*_LINUX_ACPI_H*/

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.