[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] Merge with ext/ia64/xen-unstable.hg



# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1234868465 0
# Node ID 6630f99dfc01e4fe6459d596d4c3dc5dbb46a1cc
# Parent  b432c632ebe855c9823e4f5558090aeacb942434
# Parent  09a6fa059b37992cc74a548533eadd7352213a8b
Merge with ext/ia64/xen-unstable.hg
---
 docs/misc/xsm-flask.txt                  |  148 +++++++++++++++++++++++++++++++
 tools/hotplug/Linux/init.d/xendomains    |   65 +++++++++----
 tools/python/xen/xend/XendAPI.py         |    9 +
 tools/python/xen/xend/XendConfig.py      |    3 
 tools/python/xen/xend/XendConstants.py   |    1 
 tools/python/xen/xend/XendDomainInfo.py  |    6 +
 tools/python/xen/xm/create.py            |    7 +
 tools/python/xen/xm/xenapi_create.py     |    1 
 xen/arch/x86/hvm/hvm.c                   |   16 +++
 xen/arch/x86/hvm/vpt.c                   |   26 +++--
 xen/common/timer.c                       |    7 +
 xen/drivers/passthrough/amd/iommu_init.c |    3 
 xen/drivers/passthrough/vtd/iommu.c      |    5 -
 xen/include/public/hvm/params.h          |    5 -
 xen/include/xen/timer.h                  |    3 
 xen/xsm/flask/ss/policydb.c              |    4 
 16 files changed, 270 insertions(+), 39 deletions(-)

diff -r b432c632ebe8 -r 6630f99dfc01 docs/misc/xsm-flask.txt
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/docs/misc/xsm-flask.txt   Tue Feb 17 11:01:05 2009 +0000
@@ -0,0 +1,148 @@
+These notes are compiled from xen-devel questions and postings that have 
occured
+since the inclusion of XSM.  These notes are not intended to be definitive
+documentation but should address many common problems that arrise when
+experimenting with XSM:FLASK.
+
+Xen XSM:FLASK configuration
+---------------------------
+
+1) cd xen-unstable.hg
+2) edit Config.mk in the toplevel xen directory as follows:
+
+       XSM_ENABLE ?= y
+       FLASK_ENABLE ?= y
+       ACM_SECURITY ?= n
+       
+NB: Only one security module can be selected at a time.  If no module is
+selected, then the default DUMMY module will be enforced.  The DUMMY module
+only exercises the security framework and does not enforce any security
+policies.  Changing the security module selection will require recompiling xen.
+These settings will also configure the corresponding toolchain support.  
+
+3) make xen
+4) make tools
+
+
+Xen XSM:FLASK policy
+--------------------
+
+These instructions will enable the configuration and build of the sample 
policy.
+The sample policy provides the MINIMUM policy necessary to boot a
+paravirtualized dom0 and create a paravirtualized domU.  Many of the 
+default capabilities and usages supported by dom0/domU are disallowed by the
+sample policy.  Further, the policy is comprised of a limited number of types 
and 
+must be adjusted to meet the specific security goals of the installation. 
+Modification of the policy is straightforward and is covered in a later 
section.
+
+NB: The policy is not automatically built as part of the tool support because 
+of an external dependancy on the checkpolicy compiler.  The FLASK policy uses 
+the same syntax and structure as SELinux and compiling the policy relies on 
+the SELinux policy toolchain.  This toolchain is available under many 
+distributions as well as the following URL,
+
+       
http://userspace.selinuxproject.org/releases/20080909/stable/checkpolicy-1.34.7.tar.gz
+
+1) cd xen-unstable.hg/tools/flask/policy
+2) make policy
+3) cp policy.20 /boot/xenpolicy.20
+4) edit /etc/grub.conf, add a module line to the xen entry,
+
+       module /xenpolicy.20
+
+5) reboot, and select the updated xen entry
+
+NB: The module entry can be inserted on any line after the xen kernel line.  
Typical
+configurations use the last module entry or the module entry that immediately 
+follows the xen kernel entry.
+
+Xen configuration of xend
+-------------------------
+
+1) cd /etc/xen
+2) edit xend-config.sxp
+3) uncomment the line containing the key:value pair entry, 
+
+       #(xsm_module_name dummy)
+
+4) change the value entry to 'flask'
+
+       (xsm_module_name flask)
+
+5) restart xend
+
+Creating policy controlled domains
+----------------------------------
+
+2) Edit the domain config file and add the following entry,
+
+       access_control = ["policy=,label=system_u:object_r:domU_t"]
+
+NB: The 'policy' field is not used by XSM:FLASK.  The 'label' must exist in 
the 
+loaded policy. 'system_u:object_r:domU_t' is one of the existing labels from 
+the sample policy and shown for example purposes.
+
+2) Create the domain using the 'xm create' command.
+3) Use the 'xm list -l' command to list the running domains and their labels.
+
+Updating the XSM:FLASK policy
+-----------------------------
+
+It is recommended that the XSM:FLASK policy be tailored to meet the specific
+security goals of the platform.  The policy is tailored by editing the xen.te 
+file in the 'policy' subdirectory.
+
+1) cd xen-unstable.hg/tools/flask/policy
+2) edit policy/modules/xen/xen.te - make changes to support platform security 
goals.
+3) make policy
+4) cp policy.20 /boot/xenpolicy.20
+5) reboot
+
+Alternatively, one may reload the policy using the 'flask_loadpolicy' tool
+installed by the xen tools.
+
+1) flask_loadpolicy policy.20
+
+NB: The sample policy permits policy reloads as well as general manipulation of
+the Flask security server only from dom0.  The policy can be tailored further 
to
+restrict policy reloads and other manipulations to boot-time only, by removing 
+the corresponding statements from the policy.
+
+Enforcing the XSM:FLASK policy
+------------------------------
+
+By default, XSM:FLASK is compiled and installed in permissive mode.  This
+configuration will allow an XSM:FLASK system to start in enforcing mode.
+
+1) edit /etc/grub.conf
+2) append the parameter 'flask_enforcing=1' to the xen kernel line.
+3) reboot, and select the updated xen entry
+
+
+Additional notes on XSM:FLASK
+-----------------------------
+
+1) xen command line parameters
+
+       a) flask_enforcing
+       
+       The default value for flask_enforcing is '0'.  This parameter causes 
the 
+       platform to boot in permissive mode which means that the policy is 
loaded 
+       but not enforced.  This mode is often helpful for developing new 
systems 
+       and policies as the policy violations are reported on the xen console 
and 
+       may be viewed in dom0 through 'xm dmesg'.
+       
+       To boot the platform into enforcing mode, which means that the policy is
+       loaded and enforced, append 'flask_enforcing=1' on the grub line.
+       
+       This parameter may also be changed through the flask hyercall.
+       
+       b) flask_enabled
+       
+       The default value for flask_enabled is '1'.  This parameter causes the
+       platform to enable the FLASK security module under the XSM framework.
+       The parameter may be enabled/disabled only once per boot.  If the 
parameter
+       is set to '0', only a reboot can re-enable flask.  When flask_enabled 
is '0'
+       the DUMMY module is enforced.
+
+       This parameter may also be changed through the flask hypercall.  But may
+       only be performed once per boot.
diff -r b432c632ebe8 -r 6630f99dfc01 tools/hotplug/Linux/init.d/xendomains
--- a/tools/hotplug/Linux/init.d/xendomains     Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/hotplug/Linux/init.d/xendomains     Tue Feb 17 11:01:05 2009 +0000
@@ -213,7 +213,7 @@ start()
 start() 
 {
     if [ -f $LOCKFILE ]; then 
-       echo -n "xendomains already running (lockfile exists)"
+       echo -e "xendomains already running (lockfile exists)"
        return; 
     fi
 
@@ -230,10 +230,12 @@ start()
                 HEADER=`head -c 16 $dom | head -n 1 2> /dev/null`
                 if [ $HEADER = "LinuxGuestRecord" ]; then
                     echo -n " ${dom##*/}"
-                    xm restore $dom
+                    XMR=`xm restore $dom 2>&1 1>/dev/null`
+                    #xm restore $dom
                     if [ $? -ne 0 ]; then
+                       echo -e "\nAn error occured while restoring domain 
${dom##*/}:\n$XMR"
                         rc_failed $?
-                        echo -n '!'
+                        echo -e '!'
                     else
                         # mv $dom ${dom%/*}/.${dom##*/}
                         rm $dom
@@ -241,7 +243,7 @@ start()
                 fi
             fi
         done
-       echo .
+       echo -e
     fi
 
     if contains_something "$XENDOMAINS_AUTO"
@@ -264,16 +266,17 @@ start()
            if [ $? -eq 0 ] || is_running $dom; then
                echo -n "(skip)"
            else
-               xm create --quiet --defconfig $dom
-               if [ $? -ne 0 ]; then
+               XMC=`xm create --quiet --defconfig $dom`
+               if [ $? -ne 0 ]; then
+                    echo -e "\nAn error occured while creating domain 
${dom##*/}: $XMC\n"
                    rc_failed $?
-                   echo -n '!'
+                   echo -e '!'
                else
                    usleep $XENDOMAINS_CREATE_USLEEP
                fi
            fi
        done
-    fi 
+    fi
 }
 
 all_zombies()
@@ -293,18 +296,21 @@ all_zombies()
 # if it has not exited by that time kill it, so the init script will
 # succeed within a finite amount of time; if $2 is nonnull, it will
 # kill the command as well as soon as no domain (except for zombies)
-# are left (used for shutdown --all).
+# are left (used for shutdown --all). Third parameter, if any, suppresses
+# output of dots per working state (formatting issues)
 watchdog_xm()
 {
     if test -z "$XENDOMAINS_STOP_MAXWAIT" -o "$XENDOMAINS_STOP_MAXWAIT" = "0"; 
then
        exit
     fi
+
     usleep 20000
     for no in `seq 0 $XENDOMAINS_STOP_MAXWAIT`; do
        # exit if xm save/migrate/shutdown is finished
        PSAX=`ps axlw | grep "xm $1" | grep -v grep`
        if test -z "$PSAX"; then exit; fi
-       echo -n "."; sleep 1
+       if ! test -n "$3"; then echo -n '.'; fi
+       sleep 1
        # go to kill immediately if there's only zombies left
        if all_zombies && test -n "$2"; then break; fi
     done
@@ -312,10 +318,14 @@ watchdog_xm()
     read PSF PSUID PSPID PSPPID < <(echo "$PSAX")
     # kill xm $1
     kill $PSPID >/dev/null 2>&1
+    
+    echo -e .
 }
 
 stop()
 {
+    exec 3>&2 2> /dev/null
+    
     # Collect list of domains to shut down
     if test "$XENDOMAINS_AUTO_ONLY" = "true"; then
        rdnames
@@ -333,7 +343,7 @@ stop()
                    # nothing
                    ;;
                (*)
-                   echo -n '(skip)'
+                   echo -e '(skip)'
                    continue
                    ;;
            esac
@@ -345,8 +355,9 @@ stop()
        if test -n "$XENDOMAINS_SYSRQ"; then
            for sysrq in $XENDOMAINS_SYSRQ; do
                echo -n "(SR-$sysrq)"
-               xm sysrq $id $sysrq
+               XMR=`xm sysrq $id $sysrq 2>&1 1>/dev/null`
                if test $? -ne 0; then
+                    echo -e "\nAn error occured while doing sysrq on 
domain:\n$XMR\n"
                    rc_failed $?
                    echo -n '!'
                fi
@@ -362,13 +373,18 @@ stop()
            echo -n "(migr)"
            watchdog_xm migrate &
            WDOG_PID=$!
-           xm migrate $id $XENDOMAINS_MIGRATE
+           XMR=`xm migrate $id $XENDOMAINS_MIGRATE 2>&1 1>/dev/null`
            if test $? -ne 0; then
+                echo -e "\nAn error occured while migrating domain:\n$XMR\n"
                rc_failed $?
-               echo -n '!'
+               echo -e '!'
+
                kill $WDOG_PID >/dev/null 2>&1
            else
                kill $WDOG_PID >/dev/null 2>&1
+               
+               echo -e .
+               usleep 1000
                continue
            fi
        fi
@@ -377,13 +393,16 @@ stop()
            watchdog_xm save &
            WDOG_PID=$!
            mkdir -p "$XENDOMAINS_SAVE"
-           xm save $id $XENDOMAINS_SAVE/$name
+           XMR=`xm save $id $XENDOMAINS_SAVE/$name 2>&1 1>/dev/null`
            if test $? -ne 0; then
+                echo -e "\nAn error occured while saving domain:\n$XMR\n"
                rc_failed $?
-               echo -n '!'
+               echo -e '!'
                kill $WDOG_PID >/dev/null 2>&1
            else
                kill $WDOG_PID >/dev/null 2>&1
+               echo -e .
+               usleep 1000
                continue
            fi
        fi
@@ -392,10 +411,11 @@ stop()
            echo -n "(shut)"
            watchdog_xm shutdown &
            WDOG_PID=$!
-           xm shutdown $id $XENDOMAINS_SHUTDOWN
+           XMR=`xm shutdown $id $XENDOMAINS_SHUTDOWN 2>&1 1>/dev/null`
            if test $? -ne 0; then
+                echo -e "\nAn error occured while shutting down 
domain:\n$XMR\n"
                rc_failed $?
-               echo -n '!'
+               echo -e '!'
            fi
            kill $WDOG_PID >/dev/null 2>&1
        fi
@@ -408,18 +428,21 @@ stop()
     if ! all_zombies && test -n "$XENDOMAINS_SHUTDOWN_ALL"; then
        # XENDOMAINS_SHUTDOWN_ALL should be "--all --halt --wait"
        echo -n " SHUTDOWN_ALL "
-       watchdog_xm shutdown 1 &
+       watchdog_xm shutdown 1 false &
        WDOG_PID=$!
-       xm shutdown $XENDOMAINS_SHUTDOWN_ALL
+       XMR=`xm shutdown $XENDOMAINS_SHUTDOWN_ALL 2>&1 1>/dev/null`
        if test $? -ne 0; then
+            echo -e "\nAn error occured while shutting down all domains: 
$XMR\n"
            rc_failed $?
-           echo -n '!'
+           echo -e '!'
        fi
        kill $WDOG_PID >/dev/null 2>&1
     fi
 
     # Unconditionally delete lock file
     rm -f $LOCKFILE
+    
+    exec 2>&3
 }
 
 check_domain_up()
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendAPI.py
--- a/tools/python/xen/xend/XendAPI.py  Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xend/XendAPI.py  Tue Feb 17 11:01:05 2009 +0000
@@ -29,6 +29,7 @@ import XendDomain, XendDomainInfo, XendN
 import XendDomain, XendDomainInfo, XendNode, XendDmesg
 import XendLogging, XendTaskManager, XendAPIStore
 
+from xen.xend import uuid as genuuid
 from XendAPIVersion import *
 from XendAuthSessions import instance as auth_manager
 from XendError import *
@@ -1867,7 +1868,7 @@ class XendAPI(object):
         dom = xendom.get_vm_by_uuid(vbd_struct['VM'])
         vdi = xennode.get_vdi_by_uuid(vbd_struct['VDI'])
         if not vdi:
-            return xen_api_error(['HANDLE_INVALID', 'VDI', vdi_ref])
+            return xen_api_error(['HANDLE_INVALID', 'VDI', vbd_struct['VDI']])
 
         # new VBD via VDI/SR
         vdi_image = vdi.get_location()
@@ -2392,7 +2393,7 @@ class XendAPI(object):
             tpmif.destroy_vtpmstate(dom.getName())
             return xen_api_success_void()
         else:
-            return xen_api_error(['HANDLE_INVALID', 'VM', vtpm_struct['VM']])
+            return xen_api_error(['HANDLE_INVALID', 'VTPM', vtpm_ref])
 
     # class methods
     def VTPM_create(self, session, vtpm_struct):
@@ -2614,7 +2615,7 @@ class XendAPI(object):
         return xen_api_success_void()
 
     def event_unregister(self, session, unreg_classes):
-        event_unregister(session, reg_classes)
+        event_unregister(session, unreg_classes)
         return xen_api_success_void()
 
     def event_next(self, session):
@@ -2641,7 +2642,7 @@ class XendAPI(object):
         return xen_api_error(['DEBUG_FAIL', session])
 
     def debug_create(self, session):
-        debug_uuid = uuid.createString()
+        debug_uuid = genuuid.createString()
         self._debug[debug_uuid] = None
         return xen_api_success(debug_uuid)
 
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py       Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xend/XendConfig.py       Tue Feb 17 11:01:05 2009 +0000
@@ -158,6 +158,7 @@ XENAPI_PLATFORM_CFG_TYPES = {
     'vncdisplay': int,
     'vnclisten': str,
     'timer_mode': int,
+    'vpt_align': int,
     'viridian': int,
     'vncpasswd': str,
     'vncunused': int,
@@ -459,6 +460,8 @@ class XendConfig(dict):
                 self['platform']['rtc_timeoffset'] = 0
             if 'hpet' not in self['platform']:
                 self['platform']['hpet'] = 0
+            if 'vpt_align' not in self['platform']:
+                self['platform']['vpt_align'] = 1
             if 'loader' not in self['platform']:
                 # Old configs may have hvmloader set as PV_kernel param
                 if self.has_key('PV_kernel') and self['PV_kernel'] != '':
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendConstants.py
--- a/tools/python/xen/xend/XendConstants.py    Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xend/XendConstants.py    Tue Feb 17 11:01:05 2009 +0000
@@ -50,6 +50,7 @@ HVM_PARAM_TIMER_MODE   = 10
 HVM_PARAM_TIMER_MODE   = 10
 HVM_PARAM_HPET_ENABLED = 11
 HVM_PARAM_ACPI_S_STATE = 14
+HVM_PARAM_VPT_ALIGN    = 16
 
 restart_modes = [
     "restart",
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py   Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xend/XendDomainInfo.py   Tue Feb 17 11:01:05 2009 +0000
@@ -2237,6 +2237,12 @@ class XendDomainInfo:
             xc.hvm_set_param(self.domid, HVM_PARAM_HPET_ENABLED,
                              long(hpet))
 
+        # Optionally enable periodic vpt aligning
+        vpt_align = self.info["platform"].get("vpt_align")
+        if hvm and vpt_align is not None:
+            xc.hvm_set_param(self.domid, HVM_PARAM_VPT_ALIGN,
+                             long(vpt_align))
+
         # Set maximum number of vcpus in domain
         xc.domain_max_vcpus(self.domid, int(self.info['VCPUs_max']))
 
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py     Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xm/create.py     Tue Feb 17 11:01:05 2009 +0000
@@ -218,6 +218,10 @@ gopts.var('timer_mode', val='TIMER_MODE'
           fn=set_int, default=1,
           use="""Timer mode (0=delay virtual time when ticks are missed;
           1=virtual time is always wallclock time.""")
+
+gopts.var('vpt_align', val='VPT_ALIGN',
+          fn=set_int, default=1,
+          use="Enable aligning all periodic vpt to reduce timer interrupts.")
 
 gopts.var('viridian', val='VIRIDIAN',
           fn=set_int, default=0,
@@ -891,7 +895,8 @@ def configure_hvm(config_image, vals):
              'sdl', 'display', 'xauthority', 'rtc_timeoffset', 'monitor',
              'acpi', 'apic', 'usb', 'usbdevice', 'keymap', 'pci', 'hpet',
              'guest_os_type', 'hap', 'opengl', 'cpuid', 'cpuid_check',
-             'viridian', 'xen_extended_power_mgmt', 'pci_msitranslate' ]
+             'viridian', 'xen_extended_power_mgmt', 'pci_msitranslate',
+             'vpt_align' ]
 
     for a in args:
         if a in vals.__dict__ and vals.__dict__[a] is not None:
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xm/xenapi_create.py
--- a/tools/python/xen/xm/xenapi_create.py      Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xm/xenapi_create.py      Tue Feb 17 11:01:05 2009 +0000
@@ -1037,6 +1037,7 @@ class sxp2xml:
             'usbdevice',
             'hpet',
             'timer_mode',
+            'vpt_align',
             'viridian',
             'vhpt',
             'guest_os_type',
diff -r b432c632ebe8 -r 6630f99dfc01 xen/arch/x86/hvm/hvm.c
--- a/xen/arch/x86/hvm/hvm.c    Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/arch/x86/hvm/hvm.c    Tue Feb 17 11:01:05 2009 +0000
@@ -542,6 +542,22 @@ static int hvm_load_cpu_ctxt(struct doma
         return -EINVAL;
     }
 
+    /* Older Xen versions used to save the segment arbytes directly 
+     * from the VMCS on Intel hosts.  Detect this and rearrange them
+     * into the struct segment_register format. */
+#define UNFOLD_ARBYTES(_r)                          \
+    if ( (_r & 0xf000) && !(_r & 0x0f00) )          \
+        _r = ((_r & 0xff) | ((_r >> 4) & 0xf00))
+    UNFOLD_ARBYTES(ctxt.cs_arbytes);
+    UNFOLD_ARBYTES(ctxt.ds_arbytes);
+    UNFOLD_ARBYTES(ctxt.es_arbytes);
+    UNFOLD_ARBYTES(ctxt.fs_arbytes);
+    UNFOLD_ARBYTES(ctxt.gs_arbytes);
+    UNFOLD_ARBYTES(ctxt.ss_arbytes);
+    UNFOLD_ARBYTES(ctxt.tr_arbytes);
+    UNFOLD_ARBYTES(ctxt.ldtr_arbytes);
+#undef UNFOLD_ARBYTES
+
     /* Architecture-specific vmcs/vmcb bits */
     if ( hvm_funcs.load_cpu_ctxt(v, &ctxt) < 0 )
         return -EINVAL;
diff -r b432c632ebe8 -r 6630f99dfc01 xen/arch/x86/hvm/vpt.c
--- a/xen/arch/x86/hvm/vpt.c    Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/arch/x86/hvm/vpt.c    Tue Feb 17 11:01:05 2009 +0000
@@ -384,13 +384,25 @@ void create_periodic_time(
     pt->period_cycles = (u64)period;
     pt->one_shot = !period;
     pt->scheduled = NOW() + delta;
-    /*
-     * Offset LAPIC ticks from other timer ticks. Otherwise guests which use
-     * LAPIC ticks for process accounting can see long sequences of process
-     * ticks incorrectly accounted to interrupt processing.
-     */
-    if ( !pt->one_shot && (pt->source == PTSRC_lapic) )
-        pt->scheduled += delta >> 1;
+
+    if ( !pt->one_shot )
+    {
+        if ( v->domain->arch.hvm_domain.params[HVM_PARAM_VPT_ALIGN] )
+        {
+            pt->scheduled = align_timer(pt->scheduled, pt->period);
+        }
+        else if ( pt->source == PTSRC_lapic )
+        {
+            /*
+             * Offset LAPIC ticks from other timer ticks. Otherwise guests
+             * which use LAPIC ticks for process accounting can see long
+             * sequences of process ticks incorrectly accounted to interrupt
+             * processing (seen with RHEL3 guest).
+             */
+            pt->scheduled += delta >> 1;
+        }
+    }
+
     pt->cb = cb;
     pt->priv = data;
 
diff -r b432c632ebe8 -r 6630f99dfc01 xen/common/timer.c
--- a/xen/common/timer.c        Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/common/timer.c        Tue Feb 17 11:01:05 2009 +0000
@@ -473,6 +473,13 @@ void process_pending_timers(void)
         timer_softirq_action();
 }
 
+s_time_t align_timer(s_time_t firsttick, uint64_t period)
+{
+    if ( !period )
+        return firsttick;
+
+    return firsttick + (period - 1) - ((firsttick - 1) % period);
+}
 
 static void dump_timerq(unsigned char key)
 {
diff -r b432c632ebe8 -r 6630f99dfc01 xen/drivers/passthrough/amd/iommu_init.c
--- a/xen/drivers/passthrough/amd/iommu_init.c  Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/drivers/passthrough/amd/iommu_init.c  Tue Feb 17 11:01:05 2009 +0000
@@ -487,11 +487,13 @@ static int set_iommu_interrupt_handler(s
     }
 
     irq_desc[vector].handler = &iommu_msi_type;
+    vector_to_iommu[vector] = iommu;
     ret = request_irq_vector(vector, amd_iommu_page_fault, 0,
                              "amd_iommu", iommu);
     if ( ret )
     {
         irq_desc[vector].handler = &no_irq_type;
+        vector_to_iommu[vector] = NULL;
         free_irq_vector(vector);
         amd_iov_error("can't request irq\n");
         return 0;
@@ -499,7 +501,6 @@ static int set_iommu_interrupt_handler(s
 
     /* Make sure that vector is never re-used. */
     vector_irq[vector] = NEVER_ASSIGN_IRQ;
-    vector_to_iommu[vector] = iommu;
     iommu->vector = vector;
     return vector;
 }
diff -r b432c632ebe8 -r 6630f99dfc01 xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c       Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/drivers/passthrough/vtd/iommu.c       Tue Feb 17 11:01:05 2009 +0000
@@ -870,7 +870,7 @@ static struct hw_interrupt_type dma_msi_
     .set_affinity = dma_msi_set_affinity,
 };
 
-int iommu_set_interrupt(struct iommu *iommu)
+static int iommu_set_interrupt(struct iommu *iommu)
 {
     int vector, ret;
 
@@ -882,10 +882,12 @@ int iommu_set_interrupt(struct iommu *io
     }
 
     irq_desc[vector].handler = &dma_msi_type;
+    vector_to_iommu[vector] = iommu;
     ret = request_irq_vector(vector, iommu_page_fault, 0, "dmar", iommu);
     if ( ret )
     {
         irq_desc[vector].handler = &no_irq_type;
+        vector_to_iommu[vector] = NULL;
         free_irq_vector(vector);
         gdprintk(XENLOG_ERR VTDPREFIX, "IOMMU: can't request irq\n");
         return ret;
@@ -893,7 +895,6 @@ int iommu_set_interrupt(struct iommu *io
 
     /* Make sure that vector is never re-used. */
     vector_irq[vector] = NEVER_ASSIGN_IRQ;
-    vector_to_iommu[vector] = iommu;
 
     return vector;
 }
diff -r b432c632ebe8 -r 6630f99dfc01 xen/include/public/hvm/params.h
--- a/xen/include/public/hvm/params.h   Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/include/public/hvm/params.h   Tue Feb 17 11:01:05 2009 +0000
@@ -103,6 +103,9 @@
 /* TSS used on Intel when CR0.PE=0. */
 #define HVM_PARAM_VM86_TSS     15
 
-#define HVM_NR_PARAMS          16
+/* Boolean: Enable aligning all periodic vpts to reduce interrupts */
+#define HVM_PARAM_VPT_ALIGN    16
+
+#define HVM_NR_PARAMS          17
 
 #endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */
diff -r b432c632ebe8 -r 6630f99dfc01 xen/include/xen/timer.h
--- a/xen/include/xen/timer.h   Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/include/xen/timer.h   Tue Feb 17 11:01:05 2009 +0000
@@ -122,6 +122,9 @@ DECLARE_PER_CPU(s_time_t, timer_deadline
 /* Arch-defined function to reprogram timer hardware for new deadline. */
 extern int reprogram_timer(s_time_t timeout);
 
+/* calculate the aligned first tick time for a given periodic timer */ 
+extern s_time_t align_timer(s_time_t firsttick, uint64_t period);
+
 #endif /* _TIMER_H_ */
 
 /*
diff -r b432c632ebe8 -r 6630f99dfc01 xen/xsm/flask/ss/policydb.c
--- a/xen/xsm/flask/ss/policydb.c       Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/xsm/flask/ss/policydb.c       Tue Feb 17 11:01:05 2009 +0000
@@ -1515,8 +1515,8 @@ int policydb_read(struct policydb *p, vo
     if ( len != strlen(POLICYDB_STRING) )
     {
         printk(KERN_ERR "security:  policydb string length %d does not "
-               "match expected length %Zu\n",
-               len, (u32) strlen(POLICYDB_STRING));
+               "match expected length %lu\n",
+               len, strlen(POLICYDB_STRING));
         goto bad;
     }
     policydb_str = xmalloc_array(char, len + 1);

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.