Re: [Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

On 04/01/18 21:21, Andrew Cooper wrote: > This work was developed as an SP3 mitigation, but shelved when it became clear > that it wasn't viable to get done in the timeframe. > > To protect against SP3 attacks, most mappings needs to be flushed while in > user context. However, to protect

[Xen-devel] [xen-4.10-testing test] 117613: regressions - trouble: broken/fail/pass

flight 117613 xen-4.10-testing real [real] http://logs.test-lab.xenproject.org/osstest/logs/117613/ Regressions :-( Tests which did not succeed and are blocking, including tests which could not be run: test-xtf-amd64-amd64-5 broken test-amd64-amd64-xl-qemut-win10-i386

[Xen-devel] [xen-4.9-testing test] 117607: regressions - trouble: blocked/broken/fail/pass

flight 117607 xen-4.9-testing real [real] http://logs.test-lab.xenproject.org/osstest/logs/117607/ Regressions :-( Tests which did not succeed and are blocking, including tests which could not be run: build-armhf broken build-armhf 4

[Xen-devel] Dynamic Disassembling domU Instructions

Greeting, I am trying to modify Xen 4.8 to have it print out the opcode as well as some registers of an HVM domU as it runs. I tried to modify xen/arch/x86/hvm/emulate.c 's hvmemul_insn_fetch to output the content in hvmemul_ctxt->insn_buf with printk. In hvmemul_insn_fetch, it seems that a lot

Re: [Xen-devel] [PATCH net-next v2] xen-netback: make copy batch size configurable

On 12/26/2017 10:22 PM, David Miller wrote: > From: Joao Martins > Date: Thu, 21 Dec 2017 17:24:28 + > >> Commit eb1723a29b9a ("xen-netback: refactor guest rx") refactored Rx >> handling and as a result decreased max grant copy ops from 4352 to 64. >> Before this

[Xen-devel] [linux-3.18 test] 117609: trouble: blocked/broken/fail/pass

flight 117609 linux-3.18 real [real] http://logs.test-lab.xenproject.org/osstest/logs/117609/ Failures and problems with tests :-( Tests which did not succeed and are blocking, including tests which could not be run: test-amd64-i386-libvirt broken

[Xen-devel] [linux-next test] 117597: regressions - trouble: blocked/broken/fail/pass

flight 117597 linux-next real [real] http://logs.test-lab.xenproject.org/osstest/logs/117597/ Regressions :-( Tests which did not succeed and are blocking, including tests which could not be run: test-amd64-i386-xl-qemuu-win10-i386 broken test-amd64-amd64-xl-credit2

[Xen-devel] [xen-4.7-testing test] 117601: trouble: broken/fail/pass

flight 117601 xen-4.7-testing real [real] http://logs.test-lab.xenproject.org/osstest/logs/117601/ Failures and problems with tests :-( Tests which did not succeed and are blocking, including tests which could not be run: test-amd64-amd64-libvirt-xsm broken

Re: [Xen-devel] PCI Device Subtree Change from Traditional to Upstream

On 01/04/2018 07:26 AM, Paul Durrant wrote: >> -Original Message- >> From: Xen-devel [mailto:xen-devel-boun...@lists.xenproject.org] On Behalf >> Of Anthony PERARD >> Sent: 04 January 2018 12:52 >> To: Kevin Stange >> Cc: George Dunlap ; xen-

Re: [Xen-devel] PCI Device Subtree Change from Traditional to Upstream

On 01/04/2018 06:52 AM, Anthony PERARD wrote: > On Wed, Jan 03, 2018 at 05:10:54PM -0600, Kevin Stange wrote: >> On 01/03/2018 11:57 AM, Anthony PERARD wrote: >>> On Wed, Dec 20, 2017 at 11:40:03AM -0600, Kevin Stange wrote: Hi, I've been working on transitioning a number of Windows

[Xen-devel] [PATCH RFC 36/44] x86/monitor: Capture Xen's intent to use monitor at boot time

The ACPI idle driver uses an IPI to retrieve cpuid_ecx(5). This is problematic because it uses a stack pointer, but also wasteful at runtime. Introduce X86_FEATURE_XEN_MONITOR as a synthetic feature bit meaning MONITOR && EXTENSIONS && INTERRUPT_BREAK, and calculate it when a cpu comes up rather

[Xen-devel] [PATCHv2] xen: Add EFI_LOAD_OPTION support

When booting Xen via UEFI the Xen config file can contain multiple sections each describing different boot options. It is currently only possible to choose which section to boot with if the buffer contains a string. UEFI provides a different standard to pass optional arguments to an application,

[Xen-devel] [PATCH RFC 38/44] x86/mca: Move __HYPERVISOR_mca IPI parameters off the stack

do_mca() makes several IPI with huge parameter blocks. All operations are control-plane, and for debugging/development purposes, so restrict them to being serialised. This allows the hypercall parameter block to safely be static. Signed-off-by: Andrew Cooper ---

[Xen-devel] [PATCH RFC 21/44] x86/smp: Switch to using the percpu IDT mappings

The loading of IDTR is moved out of load_system_tables() and into early_switch_to_idle(). One complication for the BSP is that IST references still need to remain uninitalised until reinit_bsp_stack(). Therefore, early_switch_to_idle() is extended to take a bsp boolean. For VT-x guests,

[Xen-devel] [PATCH RFC 18/44] x86/mm: Maintain the correct percpu mappings on context switch

Ensure the pagetables we are switching to have the correct percpu mappings in them. The _PGC_inuse_pgtable check ensures that the pagetables we edit aren't in use elsewhere. One complication however is context switching between two vcpus which both require shadowing. See the code comment for

[Xen-devel] [PATCH RFC 31/44] x86/pv: Drop support for paging out the LDT

Windows is the only OS which pages out kernel datastructures, so chances are good that this is a vestigial remnant of the PV Windows XP experiment. Furthermore the implementation is incomplete; it only functions for a present => not-present transition, rather than a present => read/write

[Xen-devel] [PATCH RFC 32/44] x86: Always reload the LDT on vcpu context switch

... and always zero the LDT for HVM contexts. This causes erroneous execution which manages to reference the LDT fail with a straight #GP fault, rather than possibly finding a stale loaded LDT and wandering the #PF handler. Future changes will cause the loading of LDT to be lazy, at which point

[Xen-devel] [PATCH RFC 27/44] x86/smp: Allocate a percpu linear range for the compat translation area.

The existing translation area claims to be 2 frames and a guard page, but is actually 4 frames with no guard page at all. Allocate 2 frames in the percpu area, which actually has unmapped frames on either side. Signed-off-by: Andrew Cooper --- xen/arch/x86/smpboot.c

[Xen-devel] [PATCH RFC 16/44] xen/ipi: Introduce arch_ipi_param_ok() to check IPI parameters

There are some addresses which are not safe to pass as IPI parameters, as they are not mapped on other cpus (or worse, mapped to something else). Introduce an arch-specific audit hook which is used to check the parameter. ARM has this stubbed to true, whereas x86 now excluses pointers in the

[Xen-devel] [PATCH RFC 35/44] x86/smp: Allocate the stack in the percpu range

This involves allocating a total of 5 frames, which don't have to be an order-3 allocation, and unconditionally has guard pages in place for a primary stack overflow. Signed-off-by: Andrew Cooper --- xen/arch/x86/smpboot.c | 27 ++-

[Xen-devel] [PATCH RFC 43/44] x86/smp: Use the percpu TSS mapping

Construction of the TSS is the final action remaining in load_system_tables(), and is lifted to early_switch_to_idle(). As a single global TSS is in use, the per_cpu init_tss variable is dropped. The setting of HOST_TR_BASE is now a constant, so moves to construct_vmcs(). This means that

[Xen-devel] [PATCH RFC 20/44] x86/smp: Allocate a percpu linear range for the IDT

This change also introduces _alter_percpu_mappings(), a helper for creating and modifying percpu mappings. The code will be extended with extra actions in later patches. The existing IDT heap allocation and idt_tables[] array are kept, although the allocation logic is simplified as an IDT is

[Xen-devel] [PATCH RFC 39/44] x86/smp: Introduce get_smp_ipi_buf() and take more IPI parameters off the stack

A number of hypercalls and softirq tasks pass small stack buffers via IPI. These operate sequentially on a single CPU, so introduce a shared PER_CPU buffer for use. Access to the buffer is via get_smp_ipi_buf(), which performs a range check at compile time. Signed-off-by: Andrew Cooper

[Xen-devel] [PATCH RFC 15/44] x86: Rearrange the virtual layout to introduce a PERCPU linear slot

The PERCPU linear range lives in slot 257, and all later slots slide along to make room. The size of the directmap is reduced by one slot temporarily. Later changes will remove the PERDOMAIN slot, at which point the latter slots will slide back to fill the hole, and end up where they are now.

[Xen-devel] [PATCH RFC 29/44] x86/smp: Allocate percpu resources for the GDT and LDT

Like the mapcache region, we need an L1e which is modifiable in the context switch code. The Xen-reserved GDT frames are proactively mapped for the benefit of future changes to the AP boot path. Signed-off-by: Andrew Cooper --- xen/arch/x86/smpboot.c | 21

[Xen-devel] [PATCH RFC 24/44] x86/mapcache: Reimplement map_domain_page() from scratch

There are two reasons: 1) To stop using the per-domain range for the mapcache 2) To make map_domain_page() safe to use during context switches The new implementation is entirely percpu and rather more simple. See the comment at the top of domain_page.c for a description of the algorithm. A

[Xen-devel] [PATCH RFC 22/44] x86/mm: Track whether the current cr3 has a short or extended directmap

This will be used to remove the mapcache override/current vcpu mechanism when reworking map_domain_page() to be safe in the middle of context switches. Signed-off-by: Andrew Cooper --- xen/arch/x86/mm.c| 11 +++ xen/arch/x86/setup.c | 2 ++

[Xen-devel] [PATCH RFC 44/44] misc debugging

Keyhandlers for the following: '1' - Walk idle_pg_table[] '2' - Walk each percpu_mappings '3' - Dump PT shadow stats --- xen/arch/x86/hvm/save.c| 4 - xen/arch/x86/mm/p2m-ept.c | 5 +- xen/arch/x86/pv/pt-shadow.c| 19 xen/arch/x86/traps.c |

[Xen-devel] [PATCH RFC 30/44] x86/pv: Break handle_ldt_mapping_fault() out of handle_gdt_ldt_mapping_fault()

Future changes will alter the conditions under which we expect to take faults. One adjustment however is to exclude the use of this fixup path for non-PV guests. Well-formed code shouldn't reference the LDT while in HVM vcpu context, but currently on a context switch from PV to HVM context,

[Xen-devel] [PATCH RFC 34/44] x86: Drop the PERDOMAIN mappings

With the mapcache, xlat and GDT/LDT moved over to the PERCPU mappings, there are no remaining users of the PERDOMAIN mappings. Drop the whole PERDOMAIN infrastructure, and remove the PERDOMAIN slot in the virtual address layout. Slide each of the subsequent slots back by one, and extend the

[Xen-devel] [PATCH RFC 25/44] x86/fixmap: Drop percpu fixmap range

The percpu fixmap range was introduced to allow opencoding of map_domain_page() in the middle of a context switch. The new implementation of map_domain_page() is safe to use in a context switch, so drop the percpu fixmap infrastructure. This removes the temporary build-time restriction on

[Xen-devel] [PATCH RFC 42/44] x86/smp: Allocate a percpu linear range for the TSS

With all CPUs using the same virtual stack mapping, the TSS rsp0/ist[0..2] values are compile-time constant. Therefore, we can use a single read-only TSS for the whole system. To faciliate this, a new .rodata.page_aligned section needs introducing. Signed-off-by: Andrew Cooper

[Xen-devel] [PATCH RFC 33/44] x86/smp: Use the percpu GDT/LDT mappings

This is unfortunately quite invasive, because of the impact on the context switch path. PV vcpus gain an array of ldt and gdt ptes (replacing gdt_frames[]), which map the frames loaded by HYPERCALL_set_gdt, or faulted in for the LDT. Each present PTE here which isn't a read-only mapping of

[Xen-devel] [PATCH RFC 10/44] x86/pt-shadow: Initial infrastructure for L4 PV pagetable shadowing

Signed-off-by: Andrew Cooper --- v3: * Switch to using a single structure per cpu, rather than multiple fields. --- xen/arch/x86/pv/Makefile | 1 + xen/arch/x86/pv/pt-shadow.c| 86 ++ xen/arch/x86/smpboot.c

[Xen-devel] [PATCH RFC 17/44] x86/smp: Infrastructure for allocating and freeing percpu pagetables

Pagetables are allocated and freed along with the other smp datastructures, and the root of the pagetables is stored in the percpu_mappings variable. Signed-off-by: Andrew Cooper --- xen/arch/x86/smpboot.c | 91 ++

[Xen-devel] [PATCH RFC 26/44] x86/pt-shadow: Maintain a small cache of shadowed frames

This improves the shadowing performance substantially. In particular, system calls for 64bit PV guests (which switch between the user and kernel pagetables) no longer suffer a 4K copy hit in both directions. See the code comments for reasoning and the algorithm description. Signed-off-by:

[Xen-devel] [PATCH RFC 12/44] x86/fixmap: Temporarily add a percpu fixmap range

This is required to implement an opencoded version of map_domain_page() during context switch. It must fit within l1_fixmap[], which imposes an upper limit on the NR_CPUS. The limit is currently 509, but will be lifted after later changes. Signed-off-by: Andrew Cooper

[Xen-devel] [PATCH RFC 19/44] x86/boot: Defer TSS/IST setup until later during boot on the BSP

TSS and IST setings are only required for safety when running userspace code. Until we start executing dom0, the boot path is perfectly capable of handling exceptions and interrupts without a loaded TSS. Deferring the TSS setup is necessary to facilitiate moving the BSP onto a percpu stack, which

[Xen-devel] [PATCH RFC 14/44] x86/mm: Added safety checks that pagetables aren't shared

Signed-off-by: Andrew Cooper --- xen/arch/x86/mm.c| 19 ++- xen/arch/x86/setup.c | 1 + xen/include/asm-x86/mm.h | 6 +- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index

[Xen-devel] [PATCH RFC 37/44] x86/misc: Move some IPI parameters off the stack

With percpu stacks, it will not be safe to pass stack pointers. The logic in machine_restart(), time_calibration() and set_mtrr() is singleton, so switch to using static variables. The set_mtrr_data is protected under the mtrr_mutex, which requires mtrr_ap_init() and mtrr_aps_sync_end() to hold

[Xen-devel] [PATCH RFC 11/44] x86/pt-shadow: Always set _PAGE_ACCESSED on L4e updates

Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich --- xen/arch/x86/pv/mm.h | 19 --- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/pv/mm.h b/xen/arch/x86/pv/mm.h index 7502d53..a10b09a 100644 ---

[Xen-devel] [PATCH RFC 41/44] x86/smp: Switch to using the percpu stacks

This is very easy for the APs. __high_start() is modified to switch stacks before entering C. The BSP however is more complicated, and needs to stay on cpu0_stack[] until setup is complete. The end of __start_xen() is modified to copy the top-of-stack data to the percpu stack immediately before

[Xen-devel] [PATCH RFC 08/44] x86/pv: Avoid an opencoded mov to %cr3 in toggle_guest_mode()

Xen will need to track which %cr3 it is running on. Propagate a tlb_maintenance parameter down into write_ptbase(), so toggle_guest_mode() can retain its optimisation of not flushing global mappings and not ticking the TLB clock. Signed-off-by: Andrew Cooper ---

[Xen-devel] [PATCH RFC 09/44] x86/mm: Track the current %cr3 in a per_cpu variable

... and assert that it isn't changing under our feet. early_switch_to_idle() is adjusted to set the shadow initially, when switching off idle_pg_table[]. EFI Runtime Service handling happens synchronously and under lock, so doesn't interact with this path. Signed-off-by: Andrew Cooper

[Xen-devel] [PATCH FAIRLY-RFC 00/44] x86: Prerequisite work for a Xen KAISER solution

This work was developed as an SP3 mitigation, but shelved when it became clear that it wasn't viable to get done in the timeframe. To protect against SP3 attacks, most mappings needs to be flushed while in user context. However, to protect against all cross-VM attacks, it is necessary to ensure

[Xen-devel] [PATCH RFC 05/44] x86/boot: Move arch_init_memory() earlier in the boot sequence

idle_pg_table[] needs all slots populated before it is copied to create the vcpu idle pagetables. One missing slot is for MMCFG, which is now allocated early. Signed-off-by: Andrew Cooper --- xen/arch/x86/setup.c | 4 ++-- xen/arch/x86/x86_64/mm.c | 15

[Xen-devel] [PATCH RFC 04/44] x86/boot: Introduce cpu_smpboot_bsp() to dynamically allocate BSP state

Move the existing stub allocation into the new function, and call it before initialising the idle domain; eventually it will allocate the pagetables for the idle vcpu to use. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich ---

[Xen-devel] [PATCH RFC 02/44] x86/idt: Factor out enabling and disabling of ISTs

All alteration of IST settings (other than the crash path) happen in an identical triple. Introduce helpers to keep the triple in sync, and reduce the risk of opencoded mistakes. Signed-off-by: Andrew Cooper --- xen/arch/x86/cpu/common.c | 4 +---

[Xen-devel] [PATCH RFC 03/44] x86/pv: Rename invalidate_shadow_ldt() to pv_destroy_ldt()

and move it into pv/descriptor-tables.c beside its GDT counterpart. Reduce the !in_irq() check from a BUG_ON() to ASSERT(). Signed-off-by: Andrew Cooper --- v2: * New --- xen/arch/x86/mm.c | 51 -

[Xen-devel] [PATCH RFC 07/44] x86/boot: Use percpu pagetables for the idle vcpus

Introduce early_switch_to_idle() to replace the opencoded switching to idle context in the BSP and AP boot paths, and extend it to switch away from idle_pg_table[] as well. Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich ---

[Xen-devel] [PATCH RFC 01/44] passthrough/vtd: Don't DMA to the stack in queue_invalidate_wait()

DMA-ing to the stack is generally considered bad practice. In this case, if a timeout occurs because of a sluggish device which is processing the request, the completion notification will corrupt the stack of a subsequent deeper call tree. Place the poll_slot in a percpu area and DMA to that

Re: [Xen-devel] Linux 4.15-rc6 + xen-unstable: BUG: unable to handle kernel NULL pointer dereference at (null), [ 0.000000] IP: zero_resv_unavail+0x8e/0xe1

00] node 0: [mem 0x0010-0x7fff] >> [0.00] Initmem setup node 0 [mem >> 0x1000-0x7fff] >> [0.00] On node 0 totalpages: 524181 >> [0.00] DMA zone: 64 pages used for memmap >> [0.00

Re: [Xen-devel] [PATCH v6.5 15/26] x86/feature: Definitions for Indirect Branch Controls

On Thu, Jan 04, 2018 at 12:15:44AM +, Andrew Cooper wrote: > Contemporary processors are gaining Indirect Branch Controls via microcode > updates. Intel are introducing one bit to indicate IBRS and IBPB support, and > a second bit for STIBP. AMD are introducing IPBP only, so enumerate it

[Xen-devel] [linux-4.9 test] 117595: trouble: broken/fail/pass

flight 117595 linux-4.9 real [real] http://logs.test-lab.xenproject.org/osstest/logs/117595/ Failures and problems with tests :-( Tests which did not succeed and are blocking, including tests which could not be run: test-amd64-amd64-i386-pvgrub broken test-amd64-i386-xl

Re: [Xen-devel] [PATCH] xen: Add EFI_LOAD_OPTION support

>>> On 04.01.18 at 17:35, wrote: > On Thu, Jan 4, 2018 at 9:25 AM, Jan Beulich wrote: > On 04.01.18 at 17:16, wrote: >>> On Thu, Jan 4, 2018 at 8:00 AM, Jan Beulich wrote: >>> On 04.01.18 at 15:39,

Re: [Xen-devel] [PATCH] xen: Add EFI_LOAD_OPTION support

On Thu, Jan 4, 2018 at 9:25 AM, Jan Beulich wrote: On 04.01.18 at 17:16, wrote: >> On Thu, Jan 4, 2018 at 8:00 AM, Jan Beulich wrote: >> On 04.01.18 at 15:39, wrote: On Thu, Jan 4, 2018 at 3:43 AM,

Re: [Xen-devel] [PATCH] xen: Add EFI_LOAD_OPTION support

>>> On 04.01.18 at 17:16, wrote: > On Thu, Jan 4, 2018 at 8:00 AM, Jan Beulich wrote: > On 04.01.18 at 15:39, wrote: >>> On Thu, Jan 4, 2018 at 3:43 AM, Jan Beulich wrote: Just looking at the low bit of

Re: [Xen-devel] [PATCH] xen: Add EFI_LOAD_OPTION support

On Thu, Jan 4, 2018 at 8:00 AM, Jan Beulich wrote: On 04.01.18 at 15:39, wrote: >> On Thu, Jan 4, 2018 at 3:43 AM, Jan Beulich wrote: >>> Just looking at the low bit of the first >>> byte before assuming this could be a load option

[Xen-devel] [xen-unstable-smoke test] 117634: tolerable all pass - PUSHED

flight 117634 xen-unstable-smoke real [real] http://logs.test-lab.xenproject.org/osstest/logs/117634/ Failures :-/ but no regressions. Tests which did not succeed, but are not blocking: test-amd64-amd64-libvirt 13 migrate-support-checkfail never pass test-arm64-arm64-xl-xsm

Re: [Xen-devel] [PATCH] xen: Add EFI_LOAD_OPTION support

>>> On 04.01.18 at 15:39, wrote: > On Thu, Jan 4, 2018 at 3:43 AM, Jan Beulich wrote: >> Just looking at the low bit of the first >> byte before assuming this could be a load option structure, >> however, is too weak a check for my taste. > > There is

Re: [Xen-devel] [PATCH] xen: Add EFI_LOAD_OPTION support

On Thu, Jan 4, 2018 at 3:43 AM, Jan Beulich wrote: On 03.01.18 at 17:53, wrote: >> On Wed, Jan 3, 2018 at 9:36 AM, Jan Beulich wrote: >> On 03.01.18 at 17:04, wrote: On Wed, Jan 3, 2018 at 4:20 AM,

Re: [Xen-devel] [PATCH RFC v1 06/74] tools/libelf: fix elf notes check for PVH guest

>>> On 04.01.18 at 14:05, wrote: > PVH only requires PHYS32_ENTRY to be set. Return immediately if that's > the case. So I guess the bug(?) being fixed is that so far loader or guest_os, and xen_ver settings are also required. However, you fail to mention _why_ you think

Re: [Xen-devel] [PATCH RFC v1 02/74] x86: Common cpuid faulting support

>>> On 04.01.18 at 14:05, wrote: > @@ -518,7 +522,7 @@ static void early_init_amd(struct cpuinfo_x86 *c) > if (c == _cpu_data) > amd_init_levelling(); > > - amd_ctxt_switch_levelling(NULL); > + ctxt_switch_levelling(NULL); > } I don't really

Re: [Xen-devel] [PATCH RFC v1 01/74] x86/svm: Offer CPUID Faulting to AMD HVM guests as well

>>> On 04.01.18 at 14:05, wrote: > --- a/xen/arch/x86/msr.c > +++ b/xen/arch/x86/msr.c > @@ -39,7 +39,8 @@ static void __init calculate_hvm_max_policy(void) > return; > > /* 0x00ce MSR_INTEL_PLATFORM_INFO */ > -if ( boot_cpu_data.x86_vendor ==

[Xen-devel] [distros-debian-wheezy test] 73880: trouble: blocked/broken

flight 73880 distros-debian-wheezy real [real] http://osstest.xs.citrite.net/~osstest/testlogs/logs/73880/ Failures and problems with tests :-( Tests which did not succeed and are blocking, including tests which could not be run: build-armhf-pvopsbroken

[Xen-devel] [PATCH RFC v1 43/74] xen: introduce rangeset_reserve_hole

Reserve a hole in a rangeset. Signed-off-by: Roger Pau Monne Signed-off-by: Wei Liu --- xen/common/rangeset.c | 51 ++ xen/include/xen/rangeset.h | 4 2 files changed, 55 insertions(+) diff --git

[Xen-devel] [PATCH RFC v1 60/74] xen/pvshim: set max_pages to the value of tot_pages

From: Roger Pau Monne So that the guest is not able to deplete the memory pool of the shim itself by trying to balloon up. Signed-off-by: Roger Pau Monné --- xen/arch/x86/pv/shim.c | 6 ++ 1 file changed, 6 insertions(+) diff --git

[Xen-devel] [PATCH RFC v1 34/74] x86/guest: add PV console code

From: Sergey Dyasli Signed-off-by: Sergey Dyasli Signed-off-by: Andrew Cooper --- xen/drivers/char/Makefile | 1 + xen/drivers/char/xen_pv_console.c | 198 ++

[Xen-devel] [PATCH RFC v1 64/74] xen/pvshim: use default position for the m2p mappings

From: Roger Pau Monne When running a 32bit kernel as Dom0 on a 64bit hypervisor the hypervisor will try to shrink the hypervisor hole to the minimum needed, and thus requires the Dom0 to use XENMEM_machphys_mapping in order to fetch the position of the start of the

[Xen-devel] [PATCH RFC v1 22/74] x86/boot: Map more than the first 16MB

From: Andrew Cooper TODO: Replace somehow (bootstrap_map() ?) Signed-off-by: Andrew Cooper --- xen/arch/x86/boot/x86_64.S | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen/arch/x86/boot/x86_64.S

[Xen-devel] [PATCH RFC v1 67/74] libxl: libxl__build_hvm: Introduce separate b_info parameter

From: Ian Jackson When running pv-in-pvh, we are going to want to pass this function an exciting config which is a mixture of the user's main domain configuration, and some PVH configuration which we make up. To this end, have libxl__build_hvm take, and honour, a

[Xen-devel] [PATCH RFC v1 38/74] x86/pv-shim: Force CPUID faulting in pv-shim mode

From: Andrew Cooper This is necessary to prevent the PV guest seeing HVM Xen leaves via native cpuid. Signed-off-by: Andrew Cooper --- xen/arch/x86/cpu/common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git

[Xen-devel] [PATCH RFC v1 14/74] tools/ocaml: Expose arch_config in domaininfo

From: Andrew Cooper Signed-off-by: Andrew Cooper --- tools/ocaml/libs/xc/xenctrl.ml | 29 + tools/ocaml/libs/xc/xenctrl.mli | 28 tools/ocaml/libs/xc/xenctrl_stubs.c | 26

[Xen-devel] [PATCH RFC v1 42/74] sched/null: skip vCPUs on the waitqueue that are blocked

From: Roger Pau Monne Avoid scheduling vCPUs that are blocked, there's no point in assigning them to a pCPU because they are not going to run anyway. Since blocked vCPUs are not assigned to pCPUs after this change, force a rescheduling when a vCPU is brought up if it's on

[Xen-devel] [PATCH RFC v1 18/74] x86/link: Relocate program headers

From: Andrew Cooper When the xen binary is loaded by libelf (in the future) we rely on the elf loader to load the binary accordingly. Signed-off-by: Andrew Cooper Signed-off-by: Wei Liu --- xen/arch/x86/xen.lds.S | 22

[Xen-devel] [PATCH RFC v1 65/74] xen/shim: crash instead of reboot in shim mode

From: Roger Pau Monne All guest shutdown operations are forwarded to L0, so the only native calls to machine_restart happen from crash related paths inside the hypervisor, hence switch the reboot code to instead issue a crash shutdown. Signed-off-by: Roger Pau Monné

[Xen-devel] [PATCH RFC v1 17/74] ---- x86/Kconfig: Options for Xen and PVH support

From: Andrew Cooper Signed-off-by: Andrew Cooper --- xen/arch/x86/Kconfig | 17 + 1 file changed, 17 insertions(+) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 7c4582922f..c0b0bcdcb3 100644 ---

[Xen-devel] [PATCH RFC v1 69/74] libxl_bitmap_copy_alloc: copy 0, NULL as 0, NULL

From: Ian Jackson We shouldn't allocate when it's both unnecessary, and not in accordance with the thing we're copying. One effect is to make a copied libxl__domain_build_info more like the original, which is going to be helpful for the pv shim mode. Signed-off-by:

[Xen-devel] [PATCH RFC v1 13/74] xen/domctl: Return arch_config via getdomaininfo

From: Andrew Cooper This allows toolstack software to distinguish HVM from PVH guests. Signed-off-by: Andrew Cooper --- tools/libxc/include/xenctrl.h | 1 + tools/libxc/xc_domain.c | 1 + xen/arch/x86/domctl.c | 2 ++

[Xen-devel] [PATCH RFC v1 27/74] xen/console: Introduce console=xen

From: Andrew Cooper This specifies whether to use Xen specific console output. There are two variants: one is the hypervisor console, the other is the magic debug port 0xe9. Signed-off-by: Andrew Cooper Signed-off-by: Wei Liu

[Xen-devel] [PATCH RFC v1 29/74] x86: xen pv clock time source

It is a variant of TSC clock source. Signed-off-by: Wei Liu Signed-off-by: Andrew Cooper Signed-off-by: Roger Pau Monné --- xen/arch/x86/time.c | 94 + 1 file changed, 94

[Xen-devel] [PATCH RFC v1 56/74] xen/pvshim: add grant table operations

From: Roger Pau Monne Signed-off-by: Roger Pau Monné Signed-off-by: Anthony Liguori Signed-off-by: Andrew Cooper --- xen/arch/x86/pv/shim.c| 174 ++

[Xen-devel] [PATCH RFC v1 49/74] x86/guest: map per-cpu vcpu_info area.

From: Roger Pau Monne So that the limit of XEN_LEGACY_MAX_VCPUS can be lifted. Signed-off-by: Roger Pau Monné --- Should be moved earlier maybe? --- xen/arch/x86/guest/xen.c | 61 +-- xen/arch/x86/time.c

[Xen-devel] [PATCH RFC v1 36/74] --- x86/shim: Kconfig and command line options

From: Andrew Cooper Signed-off-by: Andrew Cooper --- docs/misc/xen-command-line.markdown | 11 ++ xen/arch/x86/Kconfig| 22 +++ xen/arch/x86/pv/Makefile| 1 + xen/arch/x86/pv/shim.c

[Xen-devel] [PATCH RFC v1 55/74] xen/pvshim: forward evtchn ops between L0 Xen and L2 DomU

From: Roger Pau Monne Note that the unmask and the virq operations are handled by the shim itself, and that FIFO event channels are not exposed to the guest. Signed-off-by: Anthony Liguori Signed-off-by: Roger Pau Monné

[Xen-devel] [PATCH RFC v1 37/74] tools/firmware: Build and install xen-shim

From: Andrew Cooper Link a minimum set of files to build the shim. The linkfarm rune can handle creation and deletion of files. We can do better by properly generate the dependency from the list of files but that's an improvement for later. Signed-off-by: Andrew

[Xen-devel] [PATCH RFC v1 21/74] x86/entry: Early PVH boot code

Signed-off-by: Wei Liu Signed-off-by: Andrew Cooper --- xen/arch/x86/Makefile| 1 + xen/arch/x86/boot/head.S | 40 +++- xen/arch/x86/boot/x86_64.S | 2 +- xen/arch/x86/guest/Makefile |

[Xen-devel] [PATCH RFC v1 28/74] x86: initialise shared_info page

Signed-off-by: Wei Liu Signed-off-by: Andrew Cooper --- xen/arch/x86/guest/xen.c| 24 xen/arch/x86/setup.c| 3 +++ xen/include/asm-x86/fixmap.h| 3 +++ xen/include/asm-x86/guest/xen.h | 10

[Xen-devel] [PATCH RFC v1 23/74] x86/entry: Probe for Xen early during boot

From: Andrew Cooper Signed-off-by: Andrew Cooper --- xen/arch/x86/guest/Makefile | 2 ++ xen/arch/x86/guest/xen.c| 75 + xen/arch/x86/setup.c| 2 ++

[Xen-devel] [PATCH RFC v1 71/74] libxl: pvshim: Provide first-class config settings to enable shim mode

From: Ian Jackson ** NOTE: This patch does not currently work! ** ** NOTE: I intend to change the config names from "pvhshim" to "pvshim" ** This is API-compatible because old callers are supposed to call libxl_*_init to initialise the struct; and the updated

[Xen-devel] [PATCH RFC v1 15/74] tools/ocaml: Extend domain_create() to take arch_domainconfig

From: Jon Ludlam No longer passing NULL into xc_domain_create() allows for the creation of PVH guests. Signed-off-by: Jon Ludlam Signed-off-by: Andrew Cooper --- tools/ocaml/libs/xc/xenctrl.ml | 2 +-

[Xen-devel] [PATCH RFC v1 16/74] x86/fixmap: Modify fix_to_virt() to return a void pointer

From: Andrew Cooper Almost all users of fix_to_virt() actually want a pointer. Include the cast within the definition, so the callers don't need to. Two users which need the integer value are switched to using __fix_to_virt() directly. A few users stay fully

[Xen-devel] [PATCH RFC v1 12/74] xen/acpi: mark the PM timer FADT field as optional

From: Roger Pau Monne According to the ACPI 6.1 specification this field is optional, so mark it as such. Signed-off-by: Roger Pau Monné --- xen/drivers/acpi/tables/tbfadt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[Xen-devel] [PATCH RFC v1 57/74] x86/pv-shim: shadow PV console's page for L2 DomU

From: Sergey Dyasli Signed-off-by: Sergey Dyasli --- xen/arch/x86/pv/shim.c | 31 -- xen/drivers/char/Makefile | 1 + xen/drivers/char/console.c | 4 ++ xen/drivers/char/consoled.c | 145

[Xen-devel] [PATCH RFC v1 50/74] xen/pvshim: remove Dom0 kernel support check

From: Roger Pau Monne Signed-off-by: Roger Pau Monné --- xen/arch/x86/pv/dom0_build.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/pv/dom0_build.c b/xen/arch/x86/pv/dom0_build.c index 23d5993b7e..95347c6fd2

[Xen-devel] [PATCH RFC v1 41/74] xen/pvh: do not mark the low 1MB as IO mem

From: Roger Pau Monne On PVH there's nothing special on the low 1MB Signed-off-by: Roger Pau Monné Signed-off-by: Andrew Cooper --- xen/arch/x86/mm.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff

[Xen-devel] [PATCH RFC v1 47/74] x86/guest: fix upcall vector setup

From: Roger Pau Monne Instead of forcing no pending event on the vCPU, just mask all event channels when setting up the BSP and further patches will unmask them as event channels are being setup. Signed-off-by: Roger Pau Monné --- To be squashed with

[Xen-devel] [PATCH RFC v1 32/74] x86: don't swallow the first command line item in pvh mode

Instead, special case GRUB1 rather assuming that all bootloaders except GRUB2 need a parameter stripping. Signed-off-by: Wei Liu Signed-off-by: Andrew Cooper --- xen/arch/x86/setup.c | 10 +- 1 file changed, 5 insertions(+), 5

[Xen-devel] [PATCH RFC v1 54/74] xen/pvshim: set correct domid value

From: Roger Pau Monne If domid is not provided by L0 set domid to 1 by default. Since the domain created is no longer the hardware domain add a hook to the domain shutdown path in order to forward shutdown operations to the L0 hypervisor. Signed-off-by: Roger Pau Monné

[Xen-devel] [PATCH RFC v1 10/74] x86/time: Print a more helpful error when a platform timer can't be found

From: Andrew Cooper Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu --- xen/arch/x86/time.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c index

  1   2   >