|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] Merge with ext/ia64/xen-unstable.hg
# HG changeset patch # User Keir Fraser <keir.fraser@xxxxxxxxxx> # Date 1234868465 0 # Node ID 6630f99dfc01e4fe6459d596d4c3dc5dbb46a1cc # Parent b432c632ebe855c9823e4f5558090aeacb942434 # Parent 09a6fa059b37992cc74a548533eadd7352213a8b Merge with ext/ia64/xen-unstable.hg --- docs/misc/xsm-flask.txt | 148 +++++++++++++++++++++++++++++++ tools/hotplug/Linux/init.d/xendomains | 65 +++++++++---- tools/python/xen/xend/XendAPI.py | 9 + tools/python/xen/xend/XendConfig.py | 3 tools/python/xen/xend/XendConstants.py | 1 tools/python/xen/xend/XendDomainInfo.py | 6 + tools/python/xen/xm/create.py | 7 + tools/python/xen/xm/xenapi_create.py | 1 xen/arch/x86/hvm/hvm.c | 16 +++ xen/arch/x86/hvm/vpt.c | 26 +++-- xen/common/timer.c | 7 + xen/drivers/passthrough/amd/iommu_init.c | 3 xen/drivers/passthrough/vtd/iommu.c | 5 - xen/include/public/hvm/params.h | 5 - xen/include/xen/timer.h | 3 xen/xsm/flask/ss/policydb.c | 4 16 files changed, 270 insertions(+), 39 deletions(-) diff -r b432c632ebe8 -r 6630f99dfc01 docs/misc/xsm-flask.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docs/misc/xsm-flask.txt Tue Feb 17 11:01:05 2009 +0000 @@ -0,0 +1,148 @@ +These notes are compiled from xen-devel questions and postings that have occured +since the inclusion of XSM. These notes are not intended to be definitive +documentation but should address many common problems that arrise when +experimenting with XSM:FLASK. + +Xen XSM:FLASK configuration +--------------------------- + +1) cd xen-unstable.hg +2) edit Config.mk in the toplevel xen directory as follows: + + XSM_ENABLE ?= y + FLASK_ENABLE ?= y + ACM_SECURITY ?= n + +NB: Only one security module can be selected at a time. If no module is +selected, then the default DUMMY module will be enforced. The DUMMY module +only exercises the security framework and does not enforce any security +policies. Changing the security module selection will require recompiling xen. +These settings will also configure the corresponding toolchain support. + +3) make xen +4) make tools + + +Xen XSM:FLASK policy +-------------------- + +These instructions will enable the configuration and build of the sample policy. +The sample policy provides the MINIMUM policy necessary to boot a +paravirtualized dom0 and create a paravirtualized domU. Many of the +default capabilities and usages supported by dom0/domU are disallowed by the +sample policy. Further, the policy is comprised of a limited number of types and +must be adjusted to meet the specific security goals of the installation. +Modification of the policy is straightforward and is covered in a later section. + +NB: The policy is not automatically built as part of the tool support because +of an external dependancy on the checkpolicy compiler. The FLASK policy uses +the same syntax and structure as SELinux and compiling the policy relies on +the SELinux policy toolchain. This toolchain is available under many +distributions as well as the following URL, + + http://userspace.selinuxproject.org/releases/20080909/stable/checkpolicy-1.34.7.tar.gz + +1) cd xen-unstable.hg/tools/flask/policy +2) make policy +3) cp policy.20 /boot/xenpolicy.20 +4) edit /etc/grub.conf, add a module line to the xen entry, + + module /xenpolicy.20 + +5) reboot, and select the updated xen entry + +NB: The module entry can be inserted on any line after the xen kernel line. Typical +configurations use the last module entry or the module entry that immediately +follows the xen kernel entry. + +Xen configuration of xend +------------------------- + +1) cd /etc/xen +2) edit xend-config.sxp +3) uncomment the line containing the key:value pair entry, + + #(xsm_module_name dummy) + +4) change the value entry to 'flask' + + (xsm_module_name flask) + +5) restart xend + +Creating policy controlled domains +---------------------------------- + +2) Edit the domain config file and add the following entry, + + access_control = ["policy=,label=system_u:object_r:domU_t"] + +NB: The 'policy' field is not used by XSM:FLASK. The 'label' must exist in the +loaded policy. 'system_u:object_r:domU_t' is one of the existing labels from +the sample policy and shown for example purposes. + +2) Create the domain using the 'xm create' command. +3) Use the 'xm list -l' command to list the running domains and their labels. + +Updating the XSM:FLASK policy +----------------------------- + +It is recommended that the XSM:FLASK policy be tailored to meet the specific +security goals of the platform. The policy is tailored by editing the xen.te +file in the 'policy' subdirectory. + +1) cd xen-unstable.hg/tools/flask/policy +2) edit policy/modules/xen/xen.te - make changes to support platform security goals. +3) make policy +4) cp policy.20 /boot/xenpolicy.20 +5) reboot + +Alternatively, one may reload the policy using the 'flask_loadpolicy' tool +installed by the xen tools. + +1) flask_loadpolicy policy.20 + +NB: The sample policy permits policy reloads as well as general manipulation of +the Flask security server only from dom0. The policy can be tailored further to +restrict policy reloads and other manipulations to boot-time only, by removing +the corresponding statements from the policy. + +Enforcing the XSM:FLASK policy +------------------------------ + +By default, XSM:FLASK is compiled and installed in permissive mode. This +configuration will allow an XSM:FLASK system to start in enforcing mode. + +1) edit /etc/grub.conf +2) append the parameter 'flask_enforcing=1' to the xen kernel line. +3) reboot, and select the updated xen entry + + +Additional notes on XSM:FLASK +----------------------------- + +1) xen command line parameters + + a) flask_enforcing + + The default value for flask_enforcing is '0'. This parameter causes the + platform to boot in permissive mode which means that the policy is loaded + but not enforced. This mode is often helpful for developing new systems + and policies as the policy violations are reported on the xen console and + may be viewed in dom0 through 'xm dmesg'. + + To boot the platform into enforcing mode, which means that the policy is + loaded and enforced, append 'flask_enforcing=1' on the grub line. + + This parameter may also be changed through the flask hyercall. + + b) flask_enabled + + The default value for flask_enabled is '1'. This parameter causes the + platform to enable the FLASK security module under the XSM framework. + The parameter may be enabled/disabled only once per boot. If the parameter + is set to '0', only a reboot can re-enable flask. When flask_enabled is '0' + the DUMMY module is enforced. + + This parameter may also be changed through the flask hypercall. But may + only be performed once per boot. diff -r b432c632ebe8 -r 6630f99dfc01 tools/hotplug/Linux/init.d/xendomains --- a/tools/hotplug/Linux/init.d/xendomains Fri Feb 13 19:11:38 2009 +0900 +++ b/tools/hotplug/Linux/init.d/xendomains Tue Feb 17 11:01:05 2009 +0000 @@ -213,7 +213,7 @@ start() start() { if [ -f $LOCKFILE ]; then - echo -n "xendomains already running (lockfile exists)" + echo -e "xendomains already running (lockfile exists)" return; fi @@ -230,10 +230,12 @@ start() HEADER=`head -c 16 $dom | head -n 1 2> /dev/null` if [ $HEADER = "LinuxGuestRecord" ]; then echo -n " ${dom##*/}" - xm restore $dom + XMR=`xm restore $dom 2>&1 1>/dev/null` + #xm restore $dom if [ $? -ne 0 ]; then + echo -e "\nAn error occured while restoring domain ${dom##*/}:\n$XMR" rc_failed $? - echo -n '!' + echo -e '!' else # mv $dom ${dom%/*}/.${dom##*/} rm $dom @@ -241,7 +243,7 @@ start() fi fi done - echo . + echo -e fi if contains_something "$XENDOMAINS_AUTO" @@ -264,16 +266,17 @@ start() if [ $? -eq 0 ] || is_running $dom; then echo -n "(skip)" else - xm create --quiet --defconfig $dom - if [ $? -ne 0 ]; then + XMC=`xm create --quiet --defconfig $dom` + if [ $? -ne 0 ]; then + echo -e "\nAn error occured while creating domain ${dom##*/}: $XMC\n" rc_failed $? - echo -n '!' + echo -e '!' else usleep $XENDOMAINS_CREATE_USLEEP fi fi done - fi + fi } all_zombies() @@ -293,18 +296,21 @@ all_zombies() # if it has not exited by that time kill it, so the init script will # succeed within a finite amount of time; if $2 is nonnull, it will # kill the command as well as soon as no domain (except for zombies) -# are left (used for shutdown --all). +# are left (used for shutdown --all). Third parameter, if any, suppresses +# output of dots per working state (formatting issues) watchdog_xm() { if test -z "$XENDOMAINS_STOP_MAXWAIT" -o "$XENDOMAINS_STOP_MAXWAIT" = "0"; then exit fi + usleep 20000 for no in `seq 0 $XENDOMAINS_STOP_MAXWAIT`; do # exit if xm save/migrate/shutdown is finished PSAX=`ps axlw | grep "xm $1" | grep -v grep` if test -z "$PSAX"; then exit; fi - echo -n "."; sleep 1 + if ! test -n "$3"; then echo -n '.'; fi + sleep 1 # go to kill immediately if there's only zombies left if all_zombies && test -n "$2"; then break; fi done @@ -312,10 +318,14 @@ watchdog_xm() read PSF PSUID PSPID PSPPID < <(echo "$PSAX") # kill xm $1 kill $PSPID >/dev/null 2>&1 + + echo -e . } stop() { + exec 3>&2 2> /dev/null + # Collect list of domains to shut down if test "$XENDOMAINS_AUTO_ONLY" = "true"; then rdnames @@ -333,7 +343,7 @@ stop() # nothing ;; (*) - echo -n '(skip)' + echo -e '(skip)' continue ;; esac @@ -345,8 +355,9 @@ stop() if test -n "$XENDOMAINS_SYSRQ"; then for sysrq in $XENDOMAINS_SYSRQ; do echo -n "(SR-$sysrq)" - xm sysrq $id $sysrq + XMR=`xm sysrq $id $sysrq 2>&1 1>/dev/null` if test $? -ne 0; then + echo -e "\nAn error occured while doing sysrq on domain:\n$XMR\n" rc_failed $? echo -n '!' fi @@ -362,13 +373,18 @@ stop() echo -n "(migr)" watchdog_xm migrate & WDOG_PID=$! - xm migrate $id $XENDOMAINS_MIGRATE + XMR=`xm migrate $id $XENDOMAINS_MIGRATE 2>&1 1>/dev/null` if test $? -ne 0; then + echo -e "\nAn error occured while migrating domain:\n$XMR\n" rc_failed $? - echo -n '!' + echo -e '!' + kill $WDOG_PID >/dev/null 2>&1 else kill $WDOG_PID >/dev/null 2>&1 + + echo -e . + usleep 1000 continue fi fi @@ -377,13 +393,16 @@ stop() watchdog_xm save & WDOG_PID=$! mkdir -p "$XENDOMAINS_SAVE" - xm save $id $XENDOMAINS_SAVE/$name + XMR=`xm save $id $XENDOMAINS_SAVE/$name 2>&1 1>/dev/null` if test $? -ne 0; then + echo -e "\nAn error occured while saving domain:\n$XMR\n" rc_failed $? - echo -n '!' + echo -e '!' kill $WDOG_PID >/dev/null 2>&1 else kill $WDOG_PID >/dev/null 2>&1 + echo -e . + usleep 1000 continue fi fi @@ -392,10 +411,11 @@ stop() echo -n "(shut)" watchdog_xm shutdown & WDOG_PID=$! - xm shutdown $id $XENDOMAINS_SHUTDOWN + XMR=`xm shutdown $id $XENDOMAINS_SHUTDOWN 2>&1 1>/dev/null` if test $? -ne 0; then + echo -e "\nAn error occured while shutting down domain:\n$XMR\n" rc_failed $? - echo -n '!' + echo -e '!' fi kill $WDOG_PID >/dev/null 2>&1 fi @@ -408,18 +428,21 @@ stop() if ! all_zombies && test -n "$XENDOMAINS_SHUTDOWN_ALL"; then # XENDOMAINS_SHUTDOWN_ALL should be "--all --halt --wait" echo -n " SHUTDOWN_ALL " - watchdog_xm shutdown 1 & + watchdog_xm shutdown 1 false & WDOG_PID=$! - xm shutdown $XENDOMAINS_SHUTDOWN_ALL + XMR=`xm shutdown $XENDOMAINS_SHUTDOWN_ALL 2>&1 1>/dev/null` if test $? -ne 0; then + echo -e "\nAn error occured while shutting down all domains: $XMR\n" rc_failed $? - echo -n '!' + echo -e '!' fi kill $WDOG_PID >/dev/null 2>&1 fi # Unconditionally delete lock file rm -f $LOCKFILE + + exec 2>&3 } check_domain_up() diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendAPI.py --- a/tools/python/xen/xend/XendAPI.py Fri Feb 13 19:11:38 2009 +0900 +++ b/tools/python/xen/xend/XendAPI.py Tue Feb 17 11:01:05 2009 +0000 @@ -29,6 +29,7 @@ import XendDomain, XendDomainInfo, XendN import XendDomain, XendDomainInfo, XendNode, XendDmesg import XendLogging, XendTaskManager, XendAPIStore +from xen.xend import uuid as genuuid from XendAPIVersion import * from XendAuthSessions import instance as auth_manager from XendError import * @@ -1867,7 +1868,7 @@ class XendAPI(object): dom = xendom.get_vm_by_uuid(vbd_struct['VM']) vdi = xennode.get_vdi_by_uuid(vbd_struct['VDI']) if not vdi: - return xen_api_error(['HANDLE_INVALID', 'VDI', vdi_ref]) + return xen_api_error(['HANDLE_INVALID', 'VDI', vbd_struct['VDI']]) # new VBD via VDI/SR vdi_image = vdi.get_location() @@ -2392,7 +2393,7 @@ class XendAPI(object): tpmif.destroy_vtpmstate(dom.getName()) return xen_api_success_void() else: - return xen_api_error(['HANDLE_INVALID', 'VM', vtpm_struct['VM']]) + return xen_api_error(['HANDLE_INVALID', 'VTPM', vtpm_ref]) # class methods def VTPM_create(self, session, vtpm_struct): @@ -2614,7 +2615,7 @@ class XendAPI(object): return xen_api_success_void() def event_unregister(self, session, unreg_classes): - event_unregister(session, reg_classes) + event_unregister(session, unreg_classes) return xen_api_success_void() def event_next(self, session): @@ -2641,7 +2642,7 @@ class XendAPI(object): return xen_api_error(['DEBUG_FAIL', session]) def debug_create(self, session): - debug_uuid = uuid.createString() + debug_uuid = genuuid.createString() self._debug[debug_uuid] = None return xen_api_success(debug_uuid) diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendConfig.py --- a/tools/python/xen/xend/XendConfig.py Fri Feb 13 19:11:38 2009 +0900 +++ b/tools/python/xen/xend/XendConfig.py Tue Feb 17 11:01:05 2009 +0000 @@ -158,6 +158,7 @@ XENAPI_PLATFORM_CFG_TYPES = { 'vncdisplay': int, 'vnclisten': str, 'timer_mode': int, + 'vpt_align': int, 'viridian': int, 'vncpasswd': str, 'vncunused': int, @@ -459,6 +460,8 @@ class XendConfig(dict): self['platform']['rtc_timeoffset'] = 0 if 'hpet' not in self['platform']: self['platform']['hpet'] = 0 + if 'vpt_align' not in self['platform']: + self['platform']['vpt_align'] = 1 if 'loader' not in self['platform']: # Old configs may have hvmloader set as PV_kernel param if self.has_key('PV_kernel') and self['PV_kernel'] != '': diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendConstants.py --- a/tools/python/xen/xend/XendConstants.py Fri Feb 13 19:11:38 2009 +0900 +++ b/tools/python/xen/xend/XendConstants.py Tue Feb 17 11:01:05 2009 +0000 @@ -50,6 +50,7 @@ HVM_PARAM_TIMER_MODE = 10 HVM_PARAM_TIMER_MODE = 10 HVM_PARAM_HPET_ENABLED = 11 HVM_PARAM_ACPI_S_STATE = 14 +HVM_PARAM_VPT_ALIGN = 16 restart_modes = [ "restart", diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendDomainInfo.py --- a/tools/python/xen/xend/XendDomainInfo.py Fri Feb 13 19:11:38 2009 +0900 +++ b/tools/python/xen/xend/XendDomainInfo.py Tue Feb 17 11:01:05 2009 +0000 @@ -2237,6 +2237,12 @@ class XendDomainInfo: xc.hvm_set_param(self.domid, HVM_PARAM_HPET_ENABLED, long(hpet)) + # Optionally enable periodic vpt aligning + vpt_align = self.info["platform"].get("vpt_align") + if hvm and vpt_align is not None: + xc.hvm_set_param(self.domid, HVM_PARAM_VPT_ALIGN, + long(vpt_align)) + # Set maximum number of vcpus in domain xc.domain_max_vcpus(self.domid, int(self.info['VCPUs_max'])) diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xm/create.py --- a/tools/python/xen/xm/create.py Fri Feb 13 19:11:38 2009 +0900 +++ b/tools/python/xen/xm/create.py Tue Feb 17 11:01:05 2009 +0000 @@ -218,6 +218,10 @@ gopts.var('timer_mode', val='TIMER_MODE' fn=set_int, default=1, use="""Timer mode (0=delay virtual time when ticks are missed; 1=virtual time is always wallclock time.""") + +gopts.var('vpt_align', val='VPT_ALIGN', + fn=set_int, default=1, + use="Enable aligning all periodic vpt to reduce timer interrupts.") gopts.var('viridian', val='VIRIDIAN', fn=set_int, default=0, @@ -891,7 +895,8 @@ def configure_hvm(config_image, vals): 'sdl', 'display', 'xauthority', 'rtc_timeoffset', 'monitor', 'acpi', 'apic', 'usb', 'usbdevice', 'keymap', 'pci', 'hpet', 'guest_os_type', 'hap', 'opengl', 'cpuid', 'cpuid_check', - 'viridian', 'xen_extended_power_mgmt', 'pci_msitranslate' ] + 'viridian', 'xen_extended_power_mgmt', 'pci_msitranslate', + 'vpt_align' ] for a in args: if a in vals.__dict__ and vals.__dict__[a] is not None: diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xm/xenapi_create.py --- a/tools/python/xen/xm/xenapi_create.py Fri Feb 13 19:11:38 2009 +0900 +++ b/tools/python/xen/xm/xenapi_create.py Tue Feb 17 11:01:05 2009 +0000 @@ -1037,6 +1037,7 @@ class sxp2xml: 'usbdevice', 'hpet', 'timer_mode', + 'vpt_align', 'viridian', 'vhpt', 'guest_os_type', diff -r b432c632ebe8 -r 6630f99dfc01 xen/arch/x86/hvm/hvm.c --- a/xen/arch/x86/hvm/hvm.c Fri Feb 13 19:11:38 2009 +0900 +++ b/xen/arch/x86/hvm/hvm.c Tue Feb 17 11:01:05 2009 +0000 @@ -542,6 +542,22 @@ static int hvm_load_cpu_ctxt(struct doma return -EINVAL; } + /* Older Xen versions used to save the segment arbytes directly + * from the VMCS on Intel hosts. Detect this and rearrange them + * into the struct segment_register format. */ +#define UNFOLD_ARBYTES(_r) \ + if ( (_r & 0xf000) && !(_r & 0x0f00) ) \ + _r = ((_r & 0xff) | ((_r >> 4) & 0xf00)) + UNFOLD_ARBYTES(ctxt.cs_arbytes); + UNFOLD_ARBYTES(ctxt.ds_arbytes); + UNFOLD_ARBYTES(ctxt.es_arbytes); + UNFOLD_ARBYTES(ctxt.fs_arbytes); + UNFOLD_ARBYTES(ctxt.gs_arbytes); + UNFOLD_ARBYTES(ctxt.ss_arbytes); + UNFOLD_ARBYTES(ctxt.tr_arbytes); + UNFOLD_ARBYTES(ctxt.ldtr_arbytes); +#undef UNFOLD_ARBYTES + /* Architecture-specific vmcs/vmcb bits */ if ( hvm_funcs.load_cpu_ctxt(v, &ctxt) < 0 ) return -EINVAL; diff -r b432c632ebe8 -r 6630f99dfc01 xen/arch/x86/hvm/vpt.c --- a/xen/arch/x86/hvm/vpt.c Fri Feb 13 19:11:38 2009 +0900 +++ b/xen/arch/x86/hvm/vpt.c Tue Feb 17 11:01:05 2009 +0000 @@ -384,13 +384,25 @@ void create_periodic_time( pt->period_cycles = (u64)period; pt->one_shot = !period; pt->scheduled = NOW() + delta; - /* - * Offset LAPIC ticks from other timer ticks. Otherwise guests which use - * LAPIC ticks for process accounting can see long sequences of process - * ticks incorrectly accounted to interrupt processing. - */ - if ( !pt->one_shot && (pt->source == PTSRC_lapic) ) - pt->scheduled += delta >> 1; + + if ( !pt->one_shot ) + { + if ( v->domain->arch.hvm_domain.params[HVM_PARAM_VPT_ALIGN] ) + { + pt->scheduled = align_timer(pt->scheduled, pt->period); + } + else if ( pt->source == PTSRC_lapic ) + { + /* + * Offset LAPIC ticks from other timer ticks. Otherwise guests + * which use LAPIC ticks for process accounting can see long + * sequences of process ticks incorrectly accounted to interrupt + * processing (seen with RHEL3 guest). + */ + pt->scheduled += delta >> 1; + } + } + pt->cb = cb; pt->priv = data; diff -r b432c632ebe8 -r 6630f99dfc01 xen/common/timer.c --- a/xen/common/timer.c Fri Feb 13 19:11:38 2009 +0900 +++ b/xen/common/timer.c Tue Feb 17 11:01:05 2009 +0000 @@ -473,6 +473,13 @@ void process_pending_timers(void) timer_softirq_action(); } +s_time_t align_timer(s_time_t firsttick, uint64_t period) +{ + if ( !period ) + return firsttick; + + return firsttick + (period - 1) - ((firsttick - 1) % period); +} static void dump_timerq(unsigned char key) { diff -r b432c632ebe8 -r 6630f99dfc01 xen/drivers/passthrough/amd/iommu_init.c --- a/xen/drivers/passthrough/amd/iommu_init.c Fri Feb 13 19:11:38 2009 +0900 +++ b/xen/drivers/passthrough/amd/iommu_init.c Tue Feb 17 11:01:05 2009 +0000 @@ -487,11 +487,13 @@ static int set_iommu_interrupt_handler(s } irq_desc[vector].handler = &iommu_msi_type; + vector_to_iommu[vector] = iommu; ret = request_irq_vector(vector, amd_iommu_page_fault, 0, "amd_iommu", iommu); if ( ret ) { irq_desc[vector].handler = &no_irq_type; + vector_to_iommu[vector] = NULL; free_irq_vector(vector); amd_iov_error("can't request irq\n"); return 0; @@ -499,7 +501,6 @@ static int set_iommu_interrupt_handler(s /* Make sure that vector is never re-used. */ vector_irq[vector] = NEVER_ASSIGN_IRQ; - vector_to_iommu[vector] = iommu; iommu->vector = vector; return vector; } diff -r b432c632ebe8 -r 6630f99dfc01 xen/drivers/passthrough/vtd/iommu.c --- a/xen/drivers/passthrough/vtd/iommu.c Fri Feb 13 19:11:38 2009 +0900 +++ b/xen/drivers/passthrough/vtd/iommu.c Tue Feb 17 11:01:05 2009 +0000 @@ -870,7 +870,7 @@ static struct hw_interrupt_type dma_msi_ .set_affinity = dma_msi_set_affinity, }; -int iommu_set_interrupt(struct iommu *iommu) +static int iommu_set_interrupt(struct iommu *iommu) { int vector, ret; @@ -882,10 +882,12 @@ int iommu_set_interrupt(struct iommu *io } irq_desc[vector].handler = &dma_msi_type; + vector_to_iommu[vector] = iommu; ret = request_irq_vector(vector, iommu_page_fault, 0, "dmar", iommu); if ( ret ) { irq_desc[vector].handler = &no_irq_type; + vector_to_iommu[vector] = NULL; free_irq_vector(vector); gdprintk(XENLOG_ERR VTDPREFIX, "IOMMU: can't request irq\n"); return ret; @@ -893,7 +895,6 @@ int iommu_set_interrupt(struct iommu *io /* Make sure that vector is never re-used. */ vector_irq[vector] = NEVER_ASSIGN_IRQ; - vector_to_iommu[vector] = iommu; return vector; } diff -r b432c632ebe8 -r 6630f99dfc01 xen/include/public/hvm/params.h --- a/xen/include/public/hvm/params.h Fri Feb 13 19:11:38 2009 +0900 +++ b/xen/include/public/hvm/params.h Tue Feb 17 11:01:05 2009 +0000 @@ -103,6 +103,9 @@ /* TSS used on Intel when CR0.PE=0. */ #define HVM_PARAM_VM86_TSS 15 -#define HVM_NR_PARAMS 16 +/* Boolean: Enable aligning all periodic vpts to reduce interrupts */ +#define HVM_PARAM_VPT_ALIGN 16 + +#define HVM_NR_PARAMS 17 #endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */ diff -r b432c632ebe8 -r 6630f99dfc01 xen/include/xen/timer.h --- a/xen/include/xen/timer.h Fri Feb 13 19:11:38 2009 +0900 +++ b/xen/include/xen/timer.h Tue Feb 17 11:01:05 2009 +0000 @@ -122,6 +122,9 @@ DECLARE_PER_CPU(s_time_t, timer_deadline /* Arch-defined function to reprogram timer hardware for new deadline. */ extern int reprogram_timer(s_time_t timeout); +/* calculate the aligned first tick time for a given periodic timer */ +extern s_time_t align_timer(s_time_t firsttick, uint64_t period); + #endif /* _TIMER_H_ */ /* diff -r b432c632ebe8 -r 6630f99dfc01 xen/xsm/flask/ss/policydb.c --- a/xen/xsm/flask/ss/policydb.c Fri Feb 13 19:11:38 2009 +0900 +++ b/xen/xsm/flask/ss/policydb.c Tue Feb 17 11:01:05 2009 +0000 @@ -1515,8 +1515,8 @@ int policydb_read(struct policydb *p, vo if ( len != strlen(POLICYDB_STRING) ) { printk(KERN_ERR "security: policydb string length %d does not " - "match expected length %Zu\n", - len, (u32) strlen(POLICYDB_STRING)); + "match expected length %lu\n", + len, strlen(POLICYDB_STRING)); goto bad; } policydb_str = xmalloc_array(char, len + 1); _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |