# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1234868465 0
# Node ID 6630f99dfc01e4fe6459d596d4c3dc5dbb46a1cc
# Parent b432c632ebe855c9823e4f5558090aeacb942434
# Parent 09a6fa059b37992cc74a548533eadd7352213a8b
Merge with ext/ia64/xen-unstable.hg
---
docs/misc/xsm-flask.txt | 148 +++++++++++++++++++++++++++++++
tools/hotplug/Linux/init.d/xendomains | 65 +++++++++----
tools/python/xen/xend/XendAPI.py | 9 +
tools/python/xen/xend/XendConfig.py | 3
tools/python/xen/xend/XendConstants.py | 1
tools/python/xen/xend/XendDomainInfo.py | 6 +
tools/python/xen/xm/create.py | 7 +
tools/python/xen/xm/xenapi_create.py | 1
xen/arch/x86/hvm/hvm.c | 16 +++
xen/arch/x86/hvm/vpt.c | 26 +++--
xen/common/timer.c | 7 +
xen/drivers/passthrough/amd/iommu_init.c | 3
xen/drivers/passthrough/vtd/iommu.c | 5 -
xen/include/public/hvm/params.h | 5 -
xen/include/xen/timer.h | 3
xen/xsm/flask/ss/policydb.c | 4
16 files changed, 270 insertions(+), 39 deletions(-)
diff -r b432c632ebe8 -r 6630f99dfc01 docs/misc/xsm-flask.txt
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/docs/misc/xsm-flask.txt Tue Feb 17 11:01:05 2009 +0000
@@ -0,0 +1,148 @@
+These notes are compiled from xen-devel questions and postings that have
occured
+since the inclusion of XSM. These notes are not intended to be definitive
+documentation but should address many common problems that arrise when
+experimenting with XSM:FLASK.
+
+Xen XSM:FLASK configuration
+---------------------------
+
+1) cd xen-unstable.hg
+2) edit Config.mk in the toplevel xen directory as follows:
+
+ XSM_ENABLE ?= y
+ FLASK_ENABLE ?= y
+ ACM_SECURITY ?= n
+
+NB: Only one security module can be selected at a time. If no module is
+selected, then the default DUMMY module will be enforced. The DUMMY module
+only exercises the security framework and does not enforce any security
+policies. Changing the security module selection will require recompiling xen.
+These settings will also configure the corresponding toolchain support.
+
+3) make xen
+4) make tools
+
+
+Xen XSM:FLASK policy
+--------------------
+
+These instructions will enable the configuration and build of the sample
policy.
+The sample policy provides the MINIMUM policy necessary to boot a
+paravirtualized dom0 and create a paravirtualized domU. Many of the
+default capabilities and usages supported by dom0/domU are disallowed by the
+sample policy. Further, the policy is comprised of a limited number of types
and
+must be adjusted to meet the specific security goals of the installation.
+Modification of the policy is straightforward and is covered in a later
section.
+
+NB: The policy is not automatically built as part of the tool support because
+of an external dependancy on the checkpolicy compiler. The FLASK policy uses
+the same syntax and structure as SELinux and compiling the policy relies on
+the SELinux policy toolchain. This toolchain is available under many
+distributions as well as the following URL,
+
+
http://userspace.selinuxproject.org/releases/20080909/stable/checkpolicy-1.34.7.tar.gz
+
+1) cd xen-unstable.hg/tools/flask/policy
+2) make policy
+3) cp policy.20 /boot/xenpolicy.20
+4) edit /etc/grub.conf, add a module line to the xen entry,
+
+ module /xenpolicy.20
+
+5) reboot, and select the updated xen entry
+
+NB: The module entry can be inserted on any line after the xen kernel line.
Typical
+configurations use the last module entry or the module entry that immediately
+follows the xen kernel entry.
+
+Xen configuration of xend
+-------------------------
+
+1) cd /etc/xen
+2) edit xend-config.sxp
+3) uncomment the line containing the key:value pair entry,
+
+ #(xsm_module_name dummy)
+
+4) change the value entry to 'flask'
+
+ (xsm_module_name flask)
+
+5) restart xend
+
+Creating policy controlled domains
+----------------------------------
+
+2) Edit the domain config file and add the following entry,
+
+ access_control = ["policy=,label=system_u:object_r:domU_t"]
+
+NB: The 'policy' field is not used by XSM:FLASK. The 'label' must exist in
the
+loaded policy. 'system_u:object_r:domU_t' is one of the existing labels from
+the sample policy and shown for example purposes.
+
+2) Create the domain using the 'xm create' command.
+3) Use the 'xm list -l' command to list the running domains and their labels.
+
+Updating the XSM:FLASK policy
+-----------------------------
+
+It is recommended that the XSM:FLASK policy be tailored to meet the specific
+security goals of the platform. The policy is tailored by editing the xen.te
+file in the 'policy' subdirectory.
+
+1) cd xen-unstable.hg/tools/flask/policy
+2) edit policy/modules/xen/xen.te - make changes to support platform security
goals.
+3) make policy
+4) cp policy.20 /boot/xenpolicy.20
+5) reboot
+
+Alternatively, one may reload the policy using the 'flask_loadpolicy' tool
+installed by the xen tools.
+
+1) flask_loadpolicy policy.20
+
+NB: The sample policy permits policy reloads as well as general manipulation of
+the Flask security server only from dom0. The policy can be tailored further
to
+restrict policy reloads and other manipulations to boot-time only, by removing
+the corresponding statements from the policy.
+
+Enforcing the XSM:FLASK policy
+------------------------------
+
+By default, XSM:FLASK is compiled and installed in permissive mode. This
+configuration will allow an XSM:FLASK system to start in enforcing mode.
+
+1) edit /etc/grub.conf
+2) append the parameter 'flask_enforcing=1' to the xen kernel line.
+3) reboot, and select the updated xen entry
+
+
+Additional notes on XSM:FLASK
+-----------------------------
+
+1) xen command line parameters
+
+ a) flask_enforcing
+
+ The default value for flask_enforcing is '0'. This parameter causes
the
+ platform to boot in permissive mode which means that the policy is
loaded
+ but not enforced. This mode is often helpful for developing new
systems
+ and policies as the policy violations are reported on the xen console
and
+ may be viewed in dom0 through 'xm dmesg'.
+
+ To boot the platform into enforcing mode, which means that the policy is
+ loaded and enforced, append 'flask_enforcing=1' on the grub line.
+
+ This parameter may also be changed through the flask hyercall.
+
+ b) flask_enabled
+
+ The default value for flask_enabled is '1'. This parameter causes the
+ platform to enable the FLASK security module under the XSM framework.
+ The parameter may be enabled/disabled only once per boot. If the
parameter
+ is set to '0', only a reboot can re-enable flask. When flask_enabled
is '0'
+ the DUMMY module is enforced.
+
+ This parameter may also be changed through the flask hypercall. But may
+ only be performed once per boot.
diff -r b432c632ebe8 -r 6630f99dfc01 tools/hotplug/Linux/init.d/xendomains
--- a/tools/hotplug/Linux/init.d/xendomains Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/hotplug/Linux/init.d/xendomains Tue Feb 17 11:01:05 2009 +0000
@@ -213,7 +213,7 @@ start()
start()
{
if [ -f $LOCKFILE ]; then
- echo -n "xendomains already running (lockfile exists)"
+ echo -e "xendomains already running (lockfile exists)"
return;
fi
@@ -230,10 +230,12 @@ start()
HEADER=`head -c 16 $dom | head -n 1 2> /dev/null`
if [ $HEADER = "LinuxGuestRecord" ]; then
echo -n " ${dom##*/}"
- xm restore $dom
+ XMR=`xm restore $dom 2>&1 1>/dev/null`
+ #xm restore $dom
if [ $? -ne 0 ]; then
+ echo -e "\nAn error occured while restoring domain
${dom##*/}:\n$XMR"
rc_failed $?
- echo -n '!'
+ echo -e '!'
else
# mv $dom ${dom%/*}/.${dom##*/}
rm $dom
@@ -241,7 +243,7 @@ start()
fi
fi
done
- echo .
+ echo -e
fi
if contains_something "$XENDOMAINS_AUTO"
@@ -264,16 +266,17 @@ start()
if [ $? -eq 0 ] || is_running $dom; then
echo -n "(skip)"
else
- xm create --quiet --defconfig $dom
- if [ $? -ne 0 ]; then
+ XMC=`xm create --quiet --defconfig $dom`
+ if [ $? -ne 0 ]; then
+ echo -e "\nAn error occured while creating domain
${dom##*/}: $XMC\n"
rc_failed $?
- echo -n '!'
+ echo -e '!'
else
usleep $XENDOMAINS_CREATE_USLEEP
fi
fi
done
- fi
+ fi
}
all_zombies()
@@ -293,18 +296,21 @@ all_zombies()
# if it has not exited by that time kill it, so the init script will
# succeed within a finite amount of time; if $2 is nonnull, it will
# kill the command as well as soon as no domain (except for zombies)
-# are left (used for shutdown --all).
+# are left (used for shutdown --all). Third parameter, if any, suppresses
+# output of dots per working state (formatting issues)
watchdog_xm()
{
if test -z "$XENDOMAINS_STOP_MAXWAIT" -o "$XENDOMAINS_STOP_MAXWAIT" = "0";
then
exit
fi
+
usleep 20000
for no in `seq 0 $XENDOMAINS_STOP_MAXWAIT`; do
# exit if xm save/migrate/shutdown is finished
PSAX=`ps axlw | grep "xm $1" | grep -v grep`
if test -z "$PSAX"; then exit; fi
- echo -n "."; sleep 1
+ if ! test -n "$3"; then echo -n '.'; fi
+ sleep 1
# go to kill immediately if there's only zombies left
if all_zombies && test -n "$2"; then break; fi
done
@@ -312,10 +318,14 @@ watchdog_xm()
read PSF PSUID PSPID PSPPID < <(echo "$PSAX")
# kill xm $1
kill $PSPID >/dev/null 2>&1
+
+ echo -e .
}
stop()
{
+ exec 3>&2 2> /dev/null
+
# Collect list of domains to shut down
if test "$XENDOMAINS_AUTO_ONLY" = "true"; then
rdnames
@@ -333,7 +343,7 @@ stop()
# nothing
;;
(*)
- echo -n '(skip)'
+ echo -e '(skip)'
continue
;;
esac
@@ -345,8 +355,9 @@ stop()
if test -n "$XENDOMAINS_SYSRQ"; then
for sysrq in $XENDOMAINS_SYSRQ; do
echo -n "(SR-$sysrq)"
- xm sysrq $id $sysrq
+ XMR=`xm sysrq $id $sysrq 2>&1 1>/dev/null`
if test $? -ne 0; then
+ echo -e "\nAn error occured while doing sysrq on
domain:\n$XMR\n"
rc_failed $?
echo -n '!'
fi
@@ -362,13 +373,18 @@ stop()
echo -n "(migr)"
watchdog_xm migrate &
WDOG_PID=$!
- xm migrate $id $XENDOMAINS_MIGRATE
+ XMR=`xm migrate $id $XENDOMAINS_MIGRATE 2>&1 1>/dev/null`
if test $? -ne 0; then
+ echo -e "\nAn error occured while migrating domain:\n$XMR\n"
rc_failed $?
- echo -n '!'
+ echo -e '!'
+
kill $WDOG_PID >/dev/null 2>&1
else
kill $WDOG_PID >/dev/null 2>&1
+
+ echo -e .
+ usleep 1000
continue
fi
fi
@@ -377,13 +393,16 @@ stop()
watchdog_xm save &
WDOG_PID=$!
mkdir -p "$XENDOMAINS_SAVE"
- xm save $id $XENDOMAINS_SAVE/$name
+ XMR=`xm save $id $XENDOMAINS_SAVE/$name 2>&1 1>/dev/null`
if test $? -ne 0; then
+ echo -e "\nAn error occured while saving domain:\n$XMR\n"
rc_failed $?
- echo -n '!'
+ echo -e '!'
kill $WDOG_PID >/dev/null 2>&1
else
kill $WDOG_PID >/dev/null 2>&1
+ echo -e .
+ usleep 1000
continue
fi
fi
@@ -392,10 +411,11 @@ stop()
echo -n "(shut)"
watchdog_xm shutdown &
WDOG_PID=$!
- xm shutdown $id $XENDOMAINS_SHUTDOWN
+ XMR=`xm shutdown $id $XENDOMAINS_SHUTDOWN 2>&1 1>/dev/null`
if test $? -ne 0; then
+ echo -e "\nAn error occured while shutting down
domain:\n$XMR\n"
rc_failed $?
- echo -n '!'
+ echo -e '!'
fi
kill $WDOG_PID >/dev/null 2>&1
fi
@@ -408,18 +428,21 @@ stop()
if ! all_zombies && test -n "$XENDOMAINS_SHUTDOWN_ALL"; then
# XENDOMAINS_SHUTDOWN_ALL should be "--all --halt --wait"
echo -n " SHUTDOWN_ALL "
- watchdog_xm shutdown 1 &
+ watchdog_xm shutdown 1 false &
WDOG_PID=$!
- xm shutdown $XENDOMAINS_SHUTDOWN_ALL
+ XMR=`xm shutdown $XENDOMAINS_SHUTDOWN_ALL 2>&1 1>/dev/null`
if test $? -ne 0; then
+ echo -e "\nAn error occured while shutting down all domains:
$XMR\n"
rc_failed $?
- echo -n '!'
+ echo -e '!'
fi
kill $WDOG_PID >/dev/null 2>&1
fi
# Unconditionally delete lock file
rm -f $LOCKFILE
+
+ exec 2>&3
}
check_domain_up()
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendAPI.py
--- a/tools/python/xen/xend/XendAPI.py Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xend/XendAPI.py Tue Feb 17 11:01:05 2009 +0000
@@ -29,6 +29,7 @@ import XendDomain, XendDomainInfo, XendN
import XendDomain, XendDomainInfo, XendNode, XendDmesg
import XendLogging, XendTaskManager, XendAPIStore
+from xen.xend import uuid as genuuid
from XendAPIVersion import *
from XendAuthSessions import instance as auth_manager
from XendError import *
@@ -1867,7 +1868,7 @@ class XendAPI(object):
dom = xendom.get_vm_by_uuid(vbd_struct['VM'])
vdi = xennode.get_vdi_by_uuid(vbd_struct['VDI'])
if not vdi:
- return xen_api_error(['HANDLE_INVALID', 'VDI', vdi_ref])
+ return xen_api_error(['HANDLE_INVALID', 'VDI', vbd_struct['VDI']])
# new VBD via VDI/SR
vdi_image = vdi.get_location()
@@ -2392,7 +2393,7 @@ class XendAPI(object):
tpmif.destroy_vtpmstate(dom.getName())
return xen_api_success_void()
else:
- return xen_api_error(['HANDLE_INVALID', 'VM', vtpm_struct['VM']])
+ return xen_api_error(['HANDLE_INVALID', 'VTPM', vtpm_ref])
# class methods
def VTPM_create(self, session, vtpm_struct):
@@ -2614,7 +2615,7 @@ class XendAPI(object):
return xen_api_success_void()
def event_unregister(self, session, unreg_classes):
- event_unregister(session, reg_classes)
+ event_unregister(session, unreg_classes)
return xen_api_success_void()
def event_next(self, session):
@@ -2641,7 +2642,7 @@ class XendAPI(object):
return xen_api_error(['DEBUG_FAIL', session])
def debug_create(self, session):
- debug_uuid = uuid.createString()
+ debug_uuid = genuuid.createString()
self._debug[debug_uuid] = None
return xen_api_success(debug_uuid)
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendConfig.py
--- a/tools/python/xen/xend/XendConfig.py Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xend/XendConfig.py Tue Feb 17 11:01:05 2009 +0000
@@ -158,6 +158,7 @@ XENAPI_PLATFORM_CFG_TYPES = {
'vncdisplay': int,
'vnclisten': str,
'timer_mode': int,
+ 'vpt_align': int,
'viridian': int,
'vncpasswd': str,
'vncunused': int,
@@ -459,6 +460,8 @@ class XendConfig(dict):
self['platform']['rtc_timeoffset'] = 0
if 'hpet' not in self['platform']:
self['platform']['hpet'] = 0
+ if 'vpt_align' not in self['platform']:
+ self['platform']['vpt_align'] = 1
if 'loader' not in self['platform']:
# Old configs may have hvmloader set as PV_kernel param
if self.has_key('PV_kernel') and self['PV_kernel'] != '':
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendConstants.py
--- a/tools/python/xen/xend/XendConstants.py Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xend/XendConstants.py Tue Feb 17 11:01:05 2009 +0000
@@ -50,6 +50,7 @@ HVM_PARAM_TIMER_MODE = 10
HVM_PARAM_TIMER_MODE = 10
HVM_PARAM_HPET_ENABLED = 11
HVM_PARAM_ACPI_S_STATE = 14
+HVM_PARAM_VPT_ALIGN = 16
restart_modes = [
"restart",
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xend/XendDomainInfo.py
--- a/tools/python/xen/xend/XendDomainInfo.py Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xend/XendDomainInfo.py Tue Feb 17 11:01:05 2009 +0000
@@ -2237,6 +2237,12 @@ class XendDomainInfo:
xc.hvm_set_param(self.domid, HVM_PARAM_HPET_ENABLED,
long(hpet))
+ # Optionally enable periodic vpt aligning
+ vpt_align = self.info["platform"].get("vpt_align")
+ if hvm and vpt_align is not None:
+ xc.hvm_set_param(self.domid, HVM_PARAM_VPT_ALIGN,
+ long(vpt_align))
+
# Set maximum number of vcpus in domain
xc.domain_max_vcpus(self.domid, int(self.info['VCPUs_max']))
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xm/create.py
--- a/tools/python/xen/xm/create.py Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xm/create.py Tue Feb 17 11:01:05 2009 +0000
@@ -218,6 +218,10 @@ gopts.var('timer_mode', val='TIMER_MODE'
fn=set_int, default=1,
use="""Timer mode (0=delay virtual time when ticks are missed;
1=virtual time is always wallclock time.""")
+
+gopts.var('vpt_align', val='VPT_ALIGN',
+ fn=set_int, default=1,
+ use="Enable aligning all periodic vpt to reduce timer interrupts.")
gopts.var('viridian', val='VIRIDIAN',
fn=set_int, default=0,
@@ -891,7 +895,8 @@ def configure_hvm(config_image, vals):
'sdl', 'display', 'xauthority', 'rtc_timeoffset', 'monitor',
'acpi', 'apic', 'usb', 'usbdevice', 'keymap', 'pci', 'hpet',
'guest_os_type', 'hap', 'opengl', 'cpuid', 'cpuid_check',
- 'viridian', 'xen_extended_power_mgmt', 'pci_msitranslate' ]
+ 'viridian', 'xen_extended_power_mgmt', 'pci_msitranslate',
+ 'vpt_align' ]
for a in args:
if a in vals.__dict__ and vals.__dict__[a] is not None:
diff -r b432c632ebe8 -r 6630f99dfc01 tools/python/xen/xm/xenapi_create.py
--- a/tools/python/xen/xm/xenapi_create.py Fri Feb 13 19:11:38 2009 +0900
+++ b/tools/python/xen/xm/xenapi_create.py Tue Feb 17 11:01:05 2009 +0000
@@ -1037,6 +1037,7 @@ class sxp2xml:
'usbdevice',
'hpet',
'timer_mode',
+ 'vpt_align',
'viridian',
'vhpt',
'guest_os_type',
diff -r b432c632ebe8 -r 6630f99dfc01 xen/arch/x86/hvm/hvm.c
--- a/xen/arch/x86/hvm/hvm.c Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/arch/x86/hvm/hvm.c Tue Feb 17 11:01:05 2009 +0000
@@ -542,6 +542,22 @@ static int hvm_load_cpu_ctxt(struct doma
return -EINVAL;
}
+ /* Older Xen versions used to save the segment arbytes directly
+ * from the VMCS on Intel hosts. Detect this and rearrange them
+ * into the struct segment_register format. */
+#define UNFOLD_ARBYTES(_r) \
+ if ( (_r & 0xf000) && !(_r & 0x0f00) ) \
+ _r = ((_r & 0xff) | ((_r >> 4) & 0xf00))
+ UNFOLD_ARBYTES(ctxt.cs_arbytes);
+ UNFOLD_ARBYTES(ctxt.ds_arbytes);
+ UNFOLD_ARBYTES(ctxt.es_arbytes);
+ UNFOLD_ARBYTES(ctxt.fs_arbytes);
+ UNFOLD_ARBYTES(ctxt.gs_arbytes);
+ UNFOLD_ARBYTES(ctxt.ss_arbytes);
+ UNFOLD_ARBYTES(ctxt.tr_arbytes);
+ UNFOLD_ARBYTES(ctxt.ldtr_arbytes);
+#undef UNFOLD_ARBYTES
+
/* Architecture-specific vmcs/vmcb bits */
if ( hvm_funcs.load_cpu_ctxt(v, &ctxt) < 0 )
return -EINVAL;
diff -r b432c632ebe8 -r 6630f99dfc01 xen/arch/x86/hvm/vpt.c
--- a/xen/arch/x86/hvm/vpt.c Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/arch/x86/hvm/vpt.c Tue Feb 17 11:01:05 2009 +0000
@@ -384,13 +384,25 @@ void create_periodic_time(
pt->period_cycles = (u64)period;
pt->one_shot = !period;
pt->scheduled = NOW() + delta;
- /*
- * Offset LAPIC ticks from other timer ticks. Otherwise guests which use
- * LAPIC ticks for process accounting can see long sequences of process
- * ticks incorrectly accounted to interrupt processing.
- */
- if ( !pt->one_shot && (pt->source == PTSRC_lapic) )
- pt->scheduled += delta >> 1;
+
+ if ( !pt->one_shot )
+ {
+ if ( v->domain->arch.hvm_domain.params[HVM_PARAM_VPT_ALIGN] )
+ {
+ pt->scheduled = align_timer(pt->scheduled, pt->period);
+ }
+ else if ( pt->source == PTSRC_lapic )
+ {
+ /*
+ * Offset LAPIC ticks from other timer ticks. Otherwise guests
+ * which use LAPIC ticks for process accounting can see long
+ * sequences of process ticks incorrectly accounted to interrupt
+ * processing (seen with RHEL3 guest).
+ */
+ pt->scheduled += delta >> 1;
+ }
+ }
+
pt->cb = cb;
pt->priv = data;
diff -r b432c632ebe8 -r 6630f99dfc01 xen/common/timer.c
--- a/xen/common/timer.c Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/common/timer.c Tue Feb 17 11:01:05 2009 +0000
@@ -473,6 +473,13 @@ void process_pending_timers(void)
timer_softirq_action();
}
+s_time_t align_timer(s_time_t firsttick, uint64_t period)
+{
+ if ( !period )
+ return firsttick;
+
+ return firsttick + (period - 1) - ((firsttick - 1) % period);
+}
static void dump_timerq(unsigned char key)
{
diff -r b432c632ebe8 -r 6630f99dfc01 xen/drivers/passthrough/amd/iommu_init.c
--- a/xen/drivers/passthrough/amd/iommu_init.c Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/drivers/passthrough/amd/iommu_init.c Tue Feb 17 11:01:05 2009 +0000
@@ -487,11 +487,13 @@ static int set_iommu_interrupt_handler(s
}
irq_desc[vector].handler = &iommu_msi_type;
+ vector_to_iommu[vector] = iommu;
ret = request_irq_vector(vector, amd_iommu_page_fault, 0,
"amd_iommu", iommu);
if ( ret )
{
irq_desc[vector].handler = &no_irq_type;
+ vector_to_iommu[vector] = NULL;
free_irq_vector(vector);
amd_iov_error("can't request irq\n");
return 0;
@@ -499,7 +501,6 @@ static int set_iommu_interrupt_handler(s
/* Make sure that vector is never re-used. */
vector_irq[vector] = NEVER_ASSIGN_IRQ;
- vector_to_iommu[vector] = iommu;
iommu->vector = vector;
return vector;
}
diff -r b432c632ebe8 -r 6630f99dfc01 xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/drivers/passthrough/vtd/iommu.c Tue Feb 17 11:01:05 2009 +0000
@@ -870,7 +870,7 @@ static struct hw_interrupt_type dma_msi_
.set_affinity = dma_msi_set_affinity,
};
-int iommu_set_interrupt(struct iommu *iommu)
+static int iommu_set_interrupt(struct iommu *iommu)
{
int vector, ret;
@@ -882,10 +882,12 @@ int iommu_set_interrupt(struct iommu *io
}
irq_desc[vector].handler = &dma_msi_type;
+ vector_to_iommu[vector] = iommu;
ret = request_irq_vector(vector, iommu_page_fault, 0, "dmar", iommu);
if ( ret )
{
irq_desc[vector].handler = &no_irq_type;
+ vector_to_iommu[vector] = NULL;
free_irq_vector(vector);
gdprintk(XENLOG_ERR VTDPREFIX, "IOMMU: can't request irq\n");
return ret;
@@ -893,7 +895,6 @@ int iommu_set_interrupt(struct iommu *io
/* Make sure that vector is never re-used. */
vector_irq[vector] = NEVER_ASSIGN_IRQ;
- vector_to_iommu[vector] = iommu;
return vector;
}
diff -r b432c632ebe8 -r 6630f99dfc01 xen/include/public/hvm/params.h
--- a/xen/include/public/hvm/params.h Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/include/public/hvm/params.h Tue Feb 17 11:01:05 2009 +0000
@@ -103,6 +103,9 @@
/* TSS used on Intel when CR0.PE=0. */
#define HVM_PARAM_VM86_TSS 15
-#define HVM_NR_PARAMS 16
+/* Boolean: Enable aligning all periodic vpts to reduce interrupts */
+#define HVM_PARAM_VPT_ALIGN 16
+
+#define HVM_NR_PARAMS 17
#endif /* __XEN_PUBLIC_HVM_PARAMS_H__ */
diff -r b432c632ebe8 -r 6630f99dfc01 xen/include/xen/timer.h
--- a/xen/include/xen/timer.h Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/include/xen/timer.h Tue Feb 17 11:01:05 2009 +0000
@@ -122,6 +122,9 @@ DECLARE_PER_CPU(s_time_t, timer_deadline
/* Arch-defined function to reprogram timer hardware for new deadline. */
extern int reprogram_timer(s_time_t timeout);
+/* calculate the aligned first tick time for a given periodic timer */
+extern s_time_t align_timer(s_time_t firsttick, uint64_t period);
+
#endif /* _TIMER_H_ */
/*
diff -r b432c632ebe8 -r 6630f99dfc01 xen/xsm/flask/ss/policydb.c
--- a/xen/xsm/flask/ss/policydb.c Fri Feb 13 19:11:38 2009 +0900
+++ b/xen/xsm/flask/ss/policydb.c Tue Feb 17 11:01:05 2009 +0000
@@ -1515,8 +1515,8 @@ int policydb_read(struct policydb *p, vo
if ( len != strlen(POLICYDB_STRING) )
{
printk(KERN_ERR "security: policydb string length %d does not "
- "match expected length %Zu\n",
- len, (u32) strlen(POLICYDB_STRING));
+ "match expected length %lu\n",
+ len, strlen(POLICYDB_STRING));
goto bad;
}
policydb_str = xmalloc_array(char, len + 1);
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home