Re: [Xen-devel] [PATCH] iommu/quirk: disable shared EPT for Sandybridge and earlier processors.

Based on the discussion below, can I assume there is an agreement for using processor model for filtering or chipset ID will be the preferred candidate. Thanks Anshul Makkar -Original Message- From: Tian, Kevin [mailto:kevin.t...@intel.com] Sent: 26 November 2015 07:17 To: Malcolm

Re: [Xen-devel] [PATCH] iommu/quirk: disable shared EPT for Sandybridge and earlier processors.

Snabbswitch (virtualized switch) also encountered similar problem : https://groups.google.com/forum/#!topic/snabb-devel/xX0yFzeXylI Thanks Anshul Makkar -Original Message- From: Andrew Cooper [mailto:andrew.coop...@citrix.com] Sent: 01 December 2015 10:34 To: Konrad Rzeszutek Wilk

Re: [Xen-devel] [PATCH 01/19] xen: sched: leave CPUs doing tasklet work alone.

be idle. The only thing we can do, therefore, is to remove the BUG_ON() check. Signed-off-by: Dario Faggioli <dario.faggi...@citrix.com> Reviewed-by: Anshul Makkar <anshul.mak...@citrix.com> --- Cc: George Dunlap <george.dun...@citrix.com> Cc: Anshul Makkar <anshul.mak...@

Re: [Xen-devel] [PATCH 03/19] xen: credit2: insert and tickle don't need a cpu parameter

On 18/06/16 00:11, Dario Faggioli wrote: In fact, they always operate on the svc->processor of the csched2_vcpu passed to them. No functional change intended. Signed-off-by: Dario Faggioli <dario.faggi...@citrix.com> Reviewed-by: Anshul Makkar <anshul.mak...@citrix.com>

Re: [Xen-devel] [PATCH 18/19] xen: credit2: implement SMT support independent runq arrangement

com> Reviewed-by: Anshul Makkar <anshul.mak...@citrix.com> --- Cc: George Dunlap <george.dun...@citrix.com> Cc: Anshul Makkar <anshul.mak...@citrix.com> Cc: David Vrabel <david.vra...@citrix.com> --- xen/common/sched_credit2.c | 141

Re: [Xen-devel] [PATCH] flask: change default state to enforcing

-Original Message- From: Xen-devel [mailto:xen-devel-boun...@lists.xen.org] On Behalf Of Konrad Rzeszutek Wilk Sent: 10 March 2016 19:12 To: Daniel De Graaf ; Ian Jackson ; jbeul...@suse.com Cc: xen-de...@lists.xenproject.org;

Re: [Xen-devel] [PATCH v4 03/34] xsm/xen_version: Add XSM for the xen_version hypercall

On 15/03/16 17:56, Konrad Rzeszutek Wilk wrote: All of XENVER_* have now an XSM check for their sub-ops. The subop for XENVER_commandline is now a priviliged operation. To not break guests we still return an string - but it is just '\0'. The rest: XENVER_[version|extraversion|capabilities|

Re: [Xen-devel] [PATCH v2 2/3] xen: add hypercall option to temporarily pin a vcpu

Sorry, lost the original thread so replying at the top of mail chain. +static XSM_INLINE int xsm_schedop_pin_temp(XSM_DEFAULT_VOID) +{ + XSM_ASSERT_ACTION(XSM_PRIV); + return xsm_default_action(action, current->domain, NULL); +} Is the intention is to restrict the hypercall usage to dom0 only ? Anshul Makkar ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel ___ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel

[Xen-devel] [PATCH v2] XSM-Policy: allow source domain access to setpodtarget and getpodtarget for ballooning.

scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t tclass=domain Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> Acked-by: Daniel De Graaf <dgde...@tycho.nsa.gov> --- Changed Since V1: * added getpodtarget. tools/flask/policy/modules/xen.if | 3 ++- 1 fil

[Xen-devel] [PATCH -v3 1/1] ratelimit: Implement rate limit for credit2 scheduler Rate limit assures that a vcpu will execute for a minimum amount of time before being put at the back of a queue or be

It introduces context-switch rate-limiting. The patch enables the VM to batch its work and prevents the system from spending most of its time in context switches because of a VM that is waking/sleeping at high rate. ratelimit can be disabled by setting it to 0. Signed-off-by: Anshul Makkar

Re: [Xen-devel] [PATCH v2 1/1] ratelimit: Implement rate limit for credit2 scheduler Rate limit assures that a vcpu will execute for a minimum amount of time before being put at the back of a queue or

On 22/07/16 11:36, Dario Faggioli wrote: On Mon, 2016-07-18 at 13:22 +0100, Anshul Makkar wrote: Hey, Anshul. Thanks, and sorry for the delay in reviewing. This version is an improvement, but it looks to me that you've missed a few of the review comments to v1. Sorry about

Re: [Xen-devel] [PATCH -v3 1/1] ratelimit: Implement rate limit for credit2 scheduler Rate limit assures that a vcpu will execute for a minimum amount of time before being put at the back of a queue o

On 03/08/16 11:16, George Dunlap wrote: On 26/07/16 17:21, Dario Faggioli wrote: On Mon, 2016-07-25 at 17:12 +0100, Anshul Makkar wrote: It introduces context-switch rate-limiting. The patch enables the VM The subject, which will become the "title" of the commit, is way too long.

[Xen-devel] [PATCH v2 1/1] ratelimit: Implement rate limit for credit2 scheduler Rate limit assures that a vcpu will execute for a minimum amount of time before being put at the back of a queue or bei

It introduces a minimum amount of latency to enable a VM to batch its work and it also ensures that system is not spending most of its time in VMEXIT/VMENTRY because of VM that is waking/sleeping at high rate. ratelimit can be disabled by setting it to 0. Signed-off-by: Anshul Makkar <anshul.

[Xen-devel] [PATCH] XSM-docs: Flask operates on domain types and not on

Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> --- docs/misc/xsm-flask.txt | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt index 62f15dd..bf8bb6e 100644 --- a/docs/misc/xsm-flask.txt +++ b/docs/mi

[Xen-devel] [PATCH] XSM-docs: Flask operates on domain types and not on individual domain. Updated the documentation to reflect this.

Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> --- * Resending the patch due to incomplete subject in the previous patch. docs/misc/xsm-flask.txt | 8 1 file changed, 4 insertions(+), 4 deletions(-) --- diff --git a/docs/misc/xsm-flask.txt b/docs/misc/xsm-flask.txt

Re: [Xen-devel] [PATCH] XSM-docs: Flask operates on domain types and not on individual domain. Updated the documentation to reflect this.

On 19/07/16 14:30, Doug Goldstein wrote: On 7/19/16 4:05 AM, Anshul Makkar wrote: Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> --- * Resending the patch due to incomplete subject in the previous patch. docs/misc/xsm-flask.txt | 8 1 file changed, 4 insertions

[Xen-devel] [PATCH] XSM-Policy: allow source domain access to setpodtarget for ballooning.

=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t tclass=domain Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> --- --- tools/flask/policy/modules/xen.if | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/m

Re: [Xen-devel] [PATCH] credi2-ratelimit: Implement rate limit for credit2 scheduler

On 13/07/16 09:53, Dario Faggioli wrote: On Tue, 2016-07-12 at 17:16 +0100, George Dunlap wrote: On Wed, Jul 6, 2016 at 6:33 PM, Makkar anshul.mak...@citrix.com wrote: --- a/xen/common/sched_credit2.c +++ b/xen/common/sched_credit2.c +#define MAX_TSLICE(t1, t2) \ + ({

Re: [Xen-devel] default XSM policy for PCI passthrough for unlabeled resources.

On 07/07/16 16:36, Daniel De Graaf wrote: On 07/06/2016 12:19 PM, anshul makkar wrote: On 06/07/16 16:59, Daniel De Graaf wrote: On 07/06/2016 11:34 AM, anshul makkar wrote: Hi, It allows the resource to be added and removed by the source domain to target domain, but its use by target

Re: [Xen-devel] default XSM policy for PCI passthrough for unlabeled resources.

On 06/07/16 16:59, Daniel De Graaf wrote: On 07/06/2016 11:34 AM, anshul makkar wrote: Hi, It allows the resource to be added and removed by the source domain to target domain, but its use by target domain is blocked. This rule only mandates the use of resource_type for resource types

[Xen-devel] default XSM policy for PCI passthrough for unlabeled resources.

nce which is expected to be permissive in most of the scenarios so that it doesn't affect the basic functionalities, is this "neverallow" rule needed ? Thanks Anshul Makkar ___ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel

Re: [Xen-devel] [PATCH 4/4] tools/xenalyze: Allow automatic resizing of sample buffers

dun...@citrix.com> --- CC: Ian Jackson <ian.jack...@citrix.com> CC: Wei Liu <wei.l...@citrix.com> CC: Dario Faggioli <dario.faggi...@citrix.com> CC: Anshul Makkar <anshul.mak...@citrix.com> --- tools/xentrace/xenalyze.c | 95 +-

[Xen-devel] PML causing race condition during guest bootstorm and host crash on Broadwell cpu.

are disabled during context switch and execution of vm_write in vmx_fpu_leave.. This has got me confused. Also, I am not sure if I understand the handling of foreign_vmcs correctly, which can also be the cause of the race. Please if you can share some suggestions here. Th

Re: [Xen-devel] PML causing race condition during guest bootstorm and host crash on Broadwell cpu.

May be "causes". But not sure, as disabling this feature solves the issue (no hypervisor crash) and we have reports that the same code base works fine on Haswell (again no hardware support for PML in Haswell, but code base is same. But inherently it leads to non-execution of PML code path, so

Re: [Xen-devel] PML causing race condition during guest bootstorm and host crash on Broadwell cpu.

pus . With a single domain reboot, no race is observed. Commit e18d4274772e52ac81fda1acb246d11ef666e5fe causes this race condition. Anshul On 07/02/17 17:58, anshul makkar wrote: Hi, Sorry, forgot to include you in cc list. Anshul On 07/02/17 17:26, anshul makkar wrote: Hi, Facing a issue wh

Re: [Xen-devel] XenGT GPU virtualization

On 18/01/17 13:21, bharat gohil wrote: Hello I am new to GPU and GPU virtualization and found that xen support intel GPU virtualization using XenGT. I want to know, 1) What are the critical GPU command pass from xen to Dom0? 2) How the Dom0 mediator or xen validate the GPU command which is

Re: [Xen-devel] PML causing race condition during guest bootstorm and host crash on Broadwell cpu.

Hi Jan, On 09/02/17 16:22, Jan Beulich wrote: On 08.02.17 at 16:32, wrote: On 07.02.17 at 18:26, wrote: Facing a issue where bootstorm of guests leads to host crash. I debugged and found that that enabling PML introduces a race condition

Re: [Xen-devel] [PATCH 23/24] xen: credit2: optimize runq_tickle() a little bit

com> --- Cc: George Dunlap <george.dun...@citrix.com> Cc: Anshul Makkar <anshul.mak...@citrix.com> --- xen/common/sched_credit2.c | 43 +++ 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/xen/common/sched_credit2.c b/xen/comm

Re: [Xen-devel] [PATCH 18/24] xen: credit2: soft-affinity awareness fallback_cpu() and cpu_pick()

-- Cc: George Dunlap <george.dun...@citrix.com> Cc: Anshul Makkar <anshul.mak...@citrix.com> --- xen/common/sched_credit2.c | 136 1 file changed, 111 insertions(+), 25 deletions(-) diff --git a/xen/common/sched_credit2.c b/xen/common/sched_credi

Re: [Xen-devel] [PATCH 17/24] xen: credit2: soft-affinity awareness in runq_tickle()

t affinity. In the second step, we fall back to use all the CPUs from its hard affinity (as it is doing now, without this patch). Signed-off-by: Dario Faggioli <dario.faggi...@citrix.com> Signed-off-by: Justin T. Weaver <jtwea...@hawaii.edu> --- Cc: George Dunlap <george.dun...@citr

Re: [Xen-devel] [PATCH 19/24] xen: credit2: soft-affinity awareness in load balancing

ggi...@citrix.com> --- Cc: George Dunlap <george.dun...@citrix.com> Cc: Anshul Makkar <anshul.mak...@citrix.com> --- xen/common/sched_credit2.c | 359 1 file changed, 326 insertions(+), 33 deletions(-) diff --git a/xen/common/sched_cred

Re: [Xen-devel] [PATCH 18/24] xen: credit2: soft-affinity awareness fallback_cpu() and cpu_pick()

On 05/09/16 14:26, Dario Faggioli wrote: On Thu, 2016-09-01 at 12:08 +0100, anshul makkar wrote: On 17/08/16 18:19, Dario Faggioli wrote: Can't we just read their workload or we can change the locktype to allow reading ? Reading without taking the lock would race against the load value

Re: [Xen-devel] [PATCH 17/24] xen: credit2: soft-affinity awareness in runq_tickle()

On 05/09/16 15:55, Dario Faggioli wrote: On Thu, 2016-09-01 at 11:52 +0100, anshul makkar wrote: On 17/08/16 18:19, Dario Faggioli wrote: +/* + * We're doing soft-affinity, and we know that the current vcpu on cpu + * has a soft affinity. We now want to know whether cpu itself

Re: [Xen-devel] [PATCH 05/24] xen: credit2: make tickling more deterministic

On 05/09/16 14:47, Dario Faggioli wrote: On Wed, 2016-08-31 at 18:10 +0100, anshul makkar wrote: On 17/08/16 18:18, Dario Faggioli wrote: @@ -1266,6 +1272,7 @@ csched2_alloc_vdata(const struct scheduler *ops, struct vcpu *vc, void *dd) ASSERT(svc->sdom != NULL);

Re: [Xen-devel] [PATCH 05/24] xen: credit2: make tickling more deterministic

consider that), as running somewhere non-ideal is better than not running at all. The commit also adds performance counters for each of the possible situations. Signed-off-by: Dario Faggioli <dario.faggi...@citrix.com> --- Cc: George Dunlap <george.dun...@citrix.com> Cc: Anshul Makkar

Re: [Xen-devel] [PATCH v2 04/10] xen: credit2: only reset credit on reset condition

<dario.faggi...@citrix.com> --- Cc: George Dunlap <george.dun...@eu.citrix.com> Cc: Anshul Makkar <anshul.mak...@citrix.com> --- /* * If a vcpu is meant to be picked up by another processor, and such @@ -2282,6 +2288,7 @@ runq_candidate(struct csched2_

[Xen-devel] xsm support for restrictive policy and dynamic modification

Hi, In Xen-Summit, Toronto, I did a presentation on XSM where two shortcomings with the present implementation were highlighted: 1) Allow more finer grain control. e.g all introspection domain doesn't need to have pci-passthrough capability while few need to have and all should have

[Xen-devel] [PATCH] xsm: allow relevant permission during migrate and gpu-passthrough.

passthrough for hvm guest: avc: denied { send_irq } for domid=0 target=10 scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t tclass=hvm Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> --- tools/flask/policy/modules/xen.if |4 ++-- 1 file changed, 2 insertions

Re: [Xen-devel] [PATCH] x86/VMX: Implement vmptrst

On 11/01/17 05:37, Tian, Kevin wrote: From: Anshul Makkar [mailto:anshul.mak...@citrix.com] Sent: Friday, January 06, 2017 2:42 AM Current codebase doesn't implement and use vmptrst. Implementing it as it may be required in future. Signed-off-by: Anshul Makkar <anshul.mak...@citrix.

[Xen-devel] [PATCH] x86/VMX: Implement vmptrst

Current codebase doesn't implement and use vmptrst. Implementing it as it may be required in future. Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> --- xen/include/asm-x86/hvm/vmx/vmx.h | 22 ++ 1 file changed, 22 insertions(+) diff --git a/xen/include/asm-x

Re: [Xen-devel] Future support of 5-level paging in Xen

On 08/12/16 23:40, Boris Ostrovsky wrote: On 12/08/2016 05:21 PM, Andrew Cooper wrote: On 08/12/2016 19:18, Stefano Stabellini wrote: Of course even the largest virtual machine today (2TB on Amazon AFAIK) is not close to reaching the current memory limit, but it's just a matter of

Re: [Xen-devel] Xen 4.8 + Linux 4.9 + Credit2 = can't bootup

On 05/01/2017 08:39, Dario Faggioli wrote: > On Thu, 2017-01-05 at 02:05 +, Andrew Cooper wrote: >> On 05/01/2017 01:52, Konrad Rzeszutek Wilk wrote: >>> It works just fine with credit1 (see further down the log) >>> but if I try credit2 it ends up hanging during bootup. >>> >>> I am a going

Re: [Xen-devel] [PATCH] xsm: allow relevant permission during migrate and gpu-passthrough.

On 03/01/17 18:20, Daniel De Graaf wrote: On 12/19/2016 11:03 PM, Doug Goldstein wrote: On 12/19/16 10:02 AM, Doug Goldstein wrote: On 12/14/16 3:09 PM, Daniel De Graaf wrote: On 12/12/2016 09:00 AM, Anshul Makkar wrote: During guest migrate allow permission to prevent spurious page faults

Re: [Xen-devel] [PATCH] xsm: allow relevant permission during migrate and gpu-passthrough.

On 20/12/2016 04:03, Doug Goldstein wrote: On 12/19/16 10:02 AM, Doug Goldstein wrote: On 12/14/16 3:09 PM, Daniel De Graaf wrote: On 12/12/2016 09:00 AM, Anshul Makkar wrote: During guest migrate allow permission to prevent spurious page faults. Prevents these errors: d73: Non-privileged (73

Re: [Xen-devel] [PATCH 1/6] xen: credit1: simplify csched_runq_steal() a little bit.

On 02/03/17 10:38, Dario Faggioli wrote: Since we're holding the lock on the pCPU from which we are trying to steal, it can't have disappeared, so we can drop the check for that (and convert it in an ASSERT()). And since we try to steal only from busy pCPUs, it's unlikely for such pCPU to be

Re: [Xen-devel] [PATCH 2/6] xen: credit: (micro) optimize csched_runq_steal().

On 02/03/17 10:38, Dario Faggioli wrote: Chacking whether or not a vCPU can be 'stolen' from a peer pCPU's runqueue is relatively cheap. Therefore, let's do that as early as possible, avoiding potentially useless complex checks, and cpumask manipulations. Signed-off-by: Dario Faggioli

[Xen-devel] [PATCH] XenBus: Don't wait for producer to fill the ring if the ring

. e.g case: prod = 1272, cons = 248. Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> --- tools/firmware/hvmloader/xenbus.c | 11 +++ 1 file changed, 11 insertions(+) diff --git a/tools/firmware/hvmloader/xenbus.c b/tools/firmware/hvmloader/xenbus.c index 448157d..f

Re: [Xen-devel] [PATCH] XenBus: Don't wait for producer to fill the ring if the ring

y full. To resolve the situation, check if the buffer is full and then break from the loop. e.g case: prod = 1272, cons = 248. Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> Please avoid indenting the entire commit message. Oh. sorry about that. I saw this f

Re: [Xen-devel] [PATCH 1/7] xen: sched: factor affinity helpers out of sched_credit.c

com> Signed-off-by: Justin T. Weaver <jtwea...@hawaii.edu> Reviewed-by: George Dunlap <george.dun...@citrix.com> --- Cc: Anshul Makkar <anshul.mak...@citrix.com> --- xen/common/sched_credit.c | 97 +++- xen/inclu

Re: [Xen-devel] [PATCH 2/7] xen/tools: credit2: soft-affinity awareness in runq_tickle()

ty, - try to preempt someone that is running outside of its own soft-affinity. The value of the score is added to a trace record, so xenalyze's code and tools/xentrace/formats are updated accordingly. Signed-off-by: Dario Faggioli <dario.faggi...@citrix.com> --- Cc: George Dunlap <george.

[Xen-devel] [[PATCH -v2]] XenBus: Don't wait for the producer to fill the ring if

: check if the ring is full and then break from the loop to consume the items from the ring. eg. case: prod = 1272, cons = 248. Signed-off-by: Anshul Makkar <anshul.mak...@citrix.com> --- v2: * resolved the coding style issue. * modified the "if" condition statement to make it

Re: [Xen-devel] [PATCH 1/4] xen: credit2: implement utilization cap

On 13/06/2017 22:13, Dario Faggioli wrote: On Tue, 2017-06-13 at 17:07 +0100, Anshul Makkar wrote: On 12/06/2017 14:19, Dario Faggioli wrote: @@ -92,6 +92,82 @@ */ what I want to ask is that if the budget of the domain is replenished, but credit for the vcpus of that domain

Re: [Xen-devel] DESIGN: CPUID part 3

On 08/06/2017 14:12, Andrew Cooper wrote: Presented herewith is the a plan for the final part of CPUID work, which primarily covers better Xen/Toolstack interaction for configuring the guests CPUID policy. A PDF version of this document is available from:

Re: [Xen-devel] [PATCH 1/4] xen: credit2: implement utilization cap

On 12/06/2017 14:19, Dario Faggioli wrote: Hey, Budget is burned by the domain's vCPUs, in a similar way to how credits are. When a domain runs out of budget, its vCPUs can't run any longer. if the vcpus of a domain have credit and if budget has run out, will the vcpus won't be scheduled.

Re: [Xen-devel] [PATCH 1/4] xen: credit2: implement utilization cap

. Signed-off-by: Dario Faggioli <dario.faggi...@citrix.com> --- Cc: George Dunlap <george.dun...@eu.citrix.com> Cc: Anshul Makkar <anshul.mak...@citrix.com> Cc: Andrew Cooper <andrew.coop...@citrix.com> Cc: Jan Beulich <jbeul...@suse.com> Cc: Ian Jackson <ian.jack...@

Re: [Xen-devel] [PATCH 0/4] xen: sched: optimize exclusive pinning and soft-affinity checking

On 9/15/17 6:35 PM, Dario Faggioli wrote: Hello, Dario Faggioli (4): xen: sched: introduce 'adjust_affinity' hook. xen: sched: optimize exclusive pinning case (Credit1 & 2) xen: sched: improve checking soft-affinity xen: sched: simplify (and speedup) checking

Re: [Xen-devel] [PATCH 2/4] xen: sched: optimize exclusive pinning case (Credit1 & 2)

On 9/15/17 6:35 PM, Dario Faggioli wrote: static unsigned int __read_mostly opt_migrate_resist = 500; integer_param("sched_credit2_migrate_resist", opt_migrate_resist); @@ -1453,6 +1459,26 @@ runq_tickle(const struct scheduler *ops, struct csched2_vcpu *new, s_time_t now)

Re: [Xen-devel] [PATCH v2 1/4] xen: credit2: implement utilization cap

On 8/18/17 4:50 PM, Dario Faggioli wrote: @@ -474,6 +586,12 @@ static inline struct csched2_runqueue_data *c2rqd(const struct scheduler *ops, return _priv(ops)->rqd[c2r(cpu)]; } +/* Does the domain of this vCPU have a cap? */ +static inline bool has_cap(const struct csched2_vcpu

Re: [Xen-devel] [PATCH 2/3] credit2: libxl related changes to add support for runqueue per cpupool.

[Trimming the Cc-list a bit] On 9/14/17 7:37 AM, Juergen Gross wrote: On 12/09/17 02:45, anshulmakkar wrote: Introduces scheduler specific parameter at libxl level which are passed on to libxc. eg runqueue for credit2 Signed-off-by: Anshul Makkar <anshulmak...@gmail.com>

[Xen-devel] [PATCH] iommu/quirk: disable shared EPT for Sandybridge and earlier processors.

From: Anshul Makkar <anshul.mak...@citrix.com> Sandybridge or earlier processors don't have huge page support for IOTLB which leads to fallback on 4k pages and causes performance issues. Shared EPT will be disabled only if the user has not provided explicit choice on the command line.

[Xen-devel] [PATCH] XSM/policy: Allow the source domain access to settime and setdomainhandle domctls while creating domain.

From: Anshul Makkar <anshul.mak...@citrix.com> This patch resolves the following permission denied scenarios while creating new domU : avc: denied { setdomainhandle } for domid=0 target=1 scontext=system_u:system_r:dom0_t tcontext=system_u:system_r:domU_t tclass=domain avc: denied { s

[Xen-devel] [PATCH] credi2-ratelimit: Implement rate limit for credit2 scheduler

From: Anshul Makkar <anshul.mak...@citrix.com> Rate limit assures that a vcpu will execute for a minimum amount of time before being put at the back of a queue or being preempted by higher priority thread. It introduces a minimum amount of latency to enable a VM to batch its work and i