# HG changeset patch # User Joseph Cihula # Date 1188343114 25200 # Node ID de942f6fa6b318009d10a3d3fc86fdd70f45bd75 # Parent 256160ff19b74057f5819af20d68e6e3388c80e3 Intel(R) Trusted Execution Technology (Intel(R) TXT) support for Xen Changes to Xen files. Signed-off-by: Joseph Cihula diff -r 256160ff19b7 -r de942f6fa6b3 .hgignore --- a/.hgignore Thu Aug 16 13:27:59 2007 +0100 +++ b/.hgignore Tue Aug 28 16:18:34 2007 -0700 @@ -3,26 +3,27 @@ .*\.cmo$ .*\.d$ .*\.o$ +.*\.o.*$ .*\.opic$ .*\.pyc$ .*\.so$ +.*\.ko$ .*\.so\..*$ .*\.tar\.bz2$ .*\.tar\.gz$ .*~$ +\#*\#$ .*\.flc$ .*\.orig$ .*\.rej$ .*/a\.out$ -.*/Modules\.symvers$ .*/cscope\..*$ ^cscope.*$ ^[^/]*\.bz2$ ^\.config$ -^\.pc ^TAGS$ ^tags$ -^build-.*$ +^build.*$ ^dist/.*$ ^docs/.*\.aux$ ^docs/.*\.dvi$ @@ -62,11 +63,10 @@ ^extras/mini-os/h/xen-public$ ^extras/mini-os/mini-os.*$ ^install/.*$ -^linux-[^/]*-paravirt/.*$ -^linux-2.6[^/]*/.*$ -^linux-[^/]*-rc/.*$ -^linux-[^/]*-tip/.*$ -^linux-[^/]*-git/.*$ +^linux-[^/]*-native/.*$ +^linux-[^/]*-xen/.*$ +^linux-[^/]*-xen0/.*$ +^linux-[^/]*-xenU/.*$ ^linux-[^/]*\.patch$ ^mkddbxen$ ^netbsd-[^/]*-tools/.*$ @@ -127,11 +127,7 @@ ^tools/ioemu/qemu\.1$ ^tools/ioemu/qemu\.pod$ ^tools/libxc/xen/.*$ -^tools/libxc/ia64/asm/acpi\.h$ -^tools/libxc/ia64/xen/list\.h$ -^tools/libxen/libxenapi- ^tools/libxen/test/test_bindings$ -^tools/libxen/test/test_event_handling$ ^tools/libaio/src/.*\.ol$ ^tools/libaio/src/.*\.os$ ^tools/misc/cpuperf/cpuperf-perfcntr$ @@ -210,7 +206,6 @@ ^tools/xm-test/lib/XmTestReport/xmtest.py$ ^tools/xm-test/tests/.*\.test$ ^xen/BLOG$ -^xen/System.map$ ^xen/TAGS$ ^xen/arch/x86/asm-offsets\.s$ ^xen/arch/x86/boot/mkelf32$ @@ -218,7 +213,6 @@ ^xen/ddb/.*$ ^xen/include/asm$ ^xen/include/asm-.*/asm-offsets\.h$ -^xen/include/asm-ia64/asm-xsi-offsets\.h$ ^xen/include/compat/.*$ ^xen/include/hypervisor-ifs/arch$ ^xen/include/public/foreign/.*\.(c|h|size)$ @@ -234,14 +228,9 @@ ^xen/xen$ ^xen/xen-syms$ ^xen/xen\..*$ -^xen/arch/ia64/asm-offsets\.s$ -^xen/arch/ia64/asm-xsi-offsets\.s$ -^xen/arch/ia64/map\.out$ -^xen/arch/ia64/xen\.lds\.s$ ^xen/arch/powerpc/dom0\.bin$ ^xen/arch/powerpc/asm-offsets\.s$ ^xen/arch/powerpc/firmware$ -^xen/arch/powerpc/firmware.dbg$ ^xen/arch/powerpc/firmware_image.bin$ ^xen/arch/powerpc/xen\.lds$ ^xen/arch/powerpc/\.xen-syms$ @@ -252,3 +241,18 @@ ^unmodified_drivers/linux-2.6/.*\.ko$ ^unmodified_drivers/linux-2.6/.*\.mod\.c$ ^LibVNCServer.* +^sboot/tools/trousers/trousers +^sboot/common/sboot.lds$ +^sboot/sboot$ +^sboot/sboot-syms$ +^sboot/sboot.gz$ +^sboot/tools/lcptools/tpmnv_defindex$ +^sboot/tools/lcptools/tpmnv_getcap$ +^sboot/tools/lcptools/tpmnv_lock$ +^sboot/tools/lcptools/tpmnv_relindex$ +^sboot/tools/lcptools/lcp_crtpconf$ +^sboot/tools/lcptools/lcp_crtpol$ +^sboot/tools/lcptools/lcp_mlehash$ +^sboot/tools/lcptools/lcp_readpol$ +^sboot/tools/lcptools/lcp_writepol$ +^sboot/tools/sb_polgen/sb_polgen$ diff -r 256160ff19b7 -r de942f6fa6b3 Config.mk --- a/Config.mk Thu Aug 16 13:27:59 2007 +0100 +++ b/Config.mk Tue Aug 28 16:18:34 2007 -0700 @@ -88,4 +88,7 @@ XENFB_TOOLS ?= n XENFB_TOOLS ?= n PYTHON_TOOLS ?= y +# Intel(r) Trusted Execution Technology (Intel(r) TXT) +INTEL_TXT ?= n + -include $(XEN_ROOT)/.config diff -r 256160ff19b7 -r de942f6fa6b3 Makefile --- a/Makefile Thu Aug 16 13:27:59 2007 +0100 +++ b/Makefile Tue Aug 28 16:18:34 2007 -0700 @@ -20,12 +20,18 @@ endif # build and install everything into the standard system directories .PHONY: install install: install-xen install-kernels install-tools install-docs +ifeq ($(INTEL_TXT),y) +install: install-sboot +endif .PHONY: build build: kernels $(MAKE) -C xen build $(MAKE) -C tools build $(MAKE) -C docs build +ifeq ($(INTEL_TXT),y) + $(MAKE) -C sboot build +endif # The test target is for unit tests that can run without an installation. Of # course, many tests require a machine running Xen itself, and these are @@ -37,6 +43,9 @@ test: # build and install everything into local dist directory .PHONY: dist dist: DESTDIR=$(DISTDIR)/install +ifeq ($(INTEL_TXT),y) +dist: dist-sboot +endif dist: dist-xen dist-kernels dist-tools dist-docs $(INSTALL_DIR) $(DISTDIR)/check $(INSTALL_DATA) ./COPYING $(DISTDIR) @@ -48,15 +57,20 @@ dist-%: install-% @: # do nothing # Legacy dist targets -.PHONY: xen tools kernels docs +.PHONY: xen tools kernels docs sboot xen: dist-xen tools: dist-tools kernels: dist-kernels docs: dist-docs +sboot: dist-sboot .PHONY: prep-kernels prep-kernels: for i in $(XKERNELS) ; do $(MAKE) $$i-prep || exit 1; done + +.PHONY: install-sboot +install-sboot: install-xen + $(MAKE) -C sboot install .PHONY: install-xen install-xen: @@ -107,6 +121,9 @@ clean:: $(MAKE) -C xen clean $(MAKE) -C tools clean $(MAKE) -C docs clean +ifeq ($(INTEL_TXT),y) + $(MAKE) -C sboot clean +endif # clean, but blow away kernel build tree plus tarballs .PHONY: distclean @@ -114,6 +131,9 @@ distclean: $(MAKE) -C xen distclean $(MAKE) -C tools distclean $(MAKE) -C docs distclean +ifeq ($(INTEL_TXT),y) + $(MAKE) -C sboot distclean +endif rm -rf dist patches/tmp for i in $(ALLKERNELS) ; do $(MAKE) $$i-delete ; done rm -rf patches/*/.makedep @@ -130,6 +150,9 @@ help: @echo ' install-tools - build and install the control tools' @echo ' install-kernels - build and install guest kernels' @echo ' install-docs - build and install user documentation' +ifeq ($(INTEL_TXT),y) + @echo ' install-sboot - build and install the sboot module' +endif @echo '' @echo 'Building targets:' @echo ' dist - build and install everything into local dist directory' @@ -141,6 +164,9 @@ help: @echo ' kbuild - synonym for make kernels' @echo ' docs - build and install user documentation' @echo ' dev-docs - build developer-only documentation' +ifeq ($(INTEL_TXT),y) + @echo ' sboot - build and install sboot module' +endif @echo '' @echo 'Cleaning targets:' @echo ' clean - clean the Xen, tools and docs (but not guest kernel trees)' @@ -194,6 +220,9 @@ uninstall: rm -rf $(D)/usr/share/xen rm -rf $(D)/usr/share/man/man1/xen* rm -rf $(D)/usr/share/man/man8/xen* +ifeq ($(INTEL_TXT),y) + rm -rf $(D)/boot/sboot* +endif # Legacy targets for compatibility .PHONY: linux26 diff -r 256160ff19b7 -r de942f6fa6b3 xen/Makefile --- a/xen/Makefile Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/Makefile Tue Aug 28 16:18:34 2007 -0700 @@ -58,6 +58,9 @@ _clean: delete-unfresh-files $(MAKE) -f $(BASEDIR)/Rules.mk -C acm clean $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) clean rm -f include/asm *.o $(TARGET)* *~ core +ifeq ($(INTEL_TXT),y) + rm -f include/asm-x86/sboot +endif rm -f include/asm-*/asm-offsets.h .PHONY: _distclean @@ -72,6 +75,9 @@ _distclean: clean $(MAKE) -C tools $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/compile.h [ -e include/asm ] || ln -sf asm-$(TARGET_ARCH) include/asm +ifeq ($(INTEL_TXT),y) + [ -e include/asm-x86/sboot ] || ln -sf ../../../sboot/include include/asm-x86/sboot +endif $(MAKE) -f $(BASEDIR)/Rules.mk -C include $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) asm-offsets.s $(MAKE) -f $(BASEDIR)/Rules.mk include/asm-$(TARGET_ARCH)/asm-offsets.h diff -r 256160ff19b7 -r de942f6fa6b3 xen/Rules.mk --- a/xen/Rules.mk Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/Rules.mk Tue Aug 28 16:18:34 2007 -0700 @@ -62,6 +62,7 @@ CFLAGS-$(perfc) += -DPERF_COUNTE CFLAGS-$(perfc) += -DPERF_COUNTERS CFLAGS-$(perfc_arrays) += -DPERF_ARRAYS CFLAGS-$(frame_pointer) += -fno-omit-frame-pointer -DCONFIG_FRAME_POINTER +CFLAGS-$(INTEL_TXT) += -DCONFIG_TXT ifneq ($(max_phys_cpus),) CFLAGS-y += -DMAX_PHYS_CPUS=$(max_phys_cpus) diff -r 256160ff19b7 -r de942f6fa6b3 xen/arch/x86/cpu/centaur.c --- a/xen/arch/x86/cpu/centaur.c Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/arch/x86/cpu/centaur.c Tue Aug 28 16:18:34 2007 -0700 @@ -56,7 +56,7 @@ static u32 __init ramtop(void) /* 16388 * we frob around that catastrophy already */ - if (e820.map[i].type == E820_RESERVED) + if (e820.map[i].type >= E820_RESERVED) { if(e820.map[i].addr >= 0x100000UL && e820.map[i].addr < clip) clip = e820.map[i].addr; diff -r 256160ff19b7 -r de942f6fa6b3 xen/arch/x86/domain_build.c --- a/xen/arch/x86/domain_build.c Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/arch/x86/domain_build.c Tue Aug 28 16:18:34 2007 -0700 @@ -29,6 +29,9 @@ #include #include +#ifdef CONFIG_TXT +#include +#endif extern unsigned long initial_images_nrpages(void); extern void discard_initial_images(void); @@ -989,6 +992,25 @@ int __init construct_dom0( rc |= iomem_deny_access(dom0, mfn, mfn); } +#ifdef CONFIG_TXT + /* remove access to E820_UNUSABLE I/O regions */ + for ( i = 0; i < e820.nr_map; i++ ) + { + if ( e820.map[i].type == E820_UNUSABLE) + { + mfn = paddr_to_pfn(e820.map[i].addr); + /* only unmap I/O pages */ + if ( !mfn_valid(mfn) ) + { + nr_pages = (e820.map[i].size + PAGE_SIZE - 1) >> PAGE_SHIFT; + printk("SBOOT: removing protected range @ mfn %lx, size %lx " + "from dom0\n", mfn, nr_pages); + rc |= iomem_deny_access(dom0, mfn, mfn + nr_pages - 1); + } + } + } +#endif + BUG_ON(rc != 0); return 0; diff -r 256160ff19b7 -r de942f6fa6b3 xen/arch/x86/e820.c --- a/xen/arch/x86/e820.c Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/arch/x86/e820.c Tue Aug 28 16:18:34 2007 -0700 @@ -51,6 +51,9 @@ static void __init print_e820_memory_map break; case E820_NVS: printk("(ACPI NVS)\n"); + break; + case E820_UNUSABLE: + printk("(unusable)\n"); break; default: printk("type %u\n", map[i].type); break; diff -r 256160ff19b7 -r de942f6fa6b3 xen/arch/x86/hvm/vmx/vmcs.c --- a/xen/arch/x86/hvm/vmx/vmcs.c Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/arch/x86/hvm/vmx/vmcs.c Tue Aug 28 16:18:34 2007 -0700 @@ -36,6 +36,11 @@ #include #include #include +#ifdef CONFIG_TXT +#include +#include +#include +#endif /* Dynamic (run-time adjusted) execution control flags. */ u32 vmx_pin_based_exec_control __read_mostly; @@ -262,7 +267,8 @@ int vmx_cpu_up(void) if ( eax & IA32_FEATURE_CONTROL_MSR_LOCK ) { - if ( !(eax & IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON) ) + if ( !(eax & (IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX | + IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_IN_SMX) ) ) { printk("CPU%d: VMX disabled\n", cpu); return 0; @@ -270,10 +276,19 @@ int vmx_cpu_up(void) } else { - wrmsr(IA32_FEATURE_CONTROL_MSR, - IA32_FEATURE_CONTROL_MSR_LOCK | - IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON, 0); - } + eax = IA32_FEATURE_CONTROL_MSR_LOCK | + IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX | + IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_IN_SMX; + wrmsr(IA32_FEATURE_CONTROL_MSR, eax, 0); + } + +#ifdef CONFIG_TXT + if ( !sboot_in_measured_env() && + !(eax & IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX) ) { + printk("VMX only allowed in SMX but SMX not active\n"); + return 0; + } +#endif vmx_init_vmcs_config(); diff -r 256160ff19b7 -r de942f6fa6b3 xen/arch/x86/mm.c --- a/xen/arch/x86/mm.c Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/arch/x86/mm.c Tue Aug 28 16:18:34 2007 -0700 @@ -213,7 +213,9 @@ void __init arch_init_memory(void) /* Any areas not specified as RAM by the e820 map are considered I/O. */ for ( i = 0, pfn = 0; pfn < max_page; i++ ) { - while ( (i < e820.nr_map) && (e820.map[i].type != E820_RAM) ) + while ( (i < e820.nr_map) && + ( (e820.map[i].type != E820_RAM) && + (e820.map[i].type != E820_UNUSABLE) ) ) i++; if ( i >= e820.nr_map ) @@ -240,6 +242,9 @@ void __init arch_init_memory(void) /* Skip the RAM region. */ pfn = rend_pfn; + /* e820 map may include MMIO regions */ + if ( !mfn_valid(pfn) ) + break; } subarch_init_memory(); diff -r 256160ff19b7 -r de942f6fa6b3 xen/arch/x86/setup.c --- a/xen/arch/x86/setup.c Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/arch/x86/setup.c Tue Aug 28 16:18:34 2007 -0700 @@ -35,6 +35,14 @@ #include #include #include +#ifdef CONFIG_TXT +#include +#include +#include + +/* global holding pointer to shared data; NULL means no measured launch */ +mle_kernel_shared_t *g_mle_shared = NULL; +#endif #if defined(CONFIG_X86_64) #define BOOTSTRAP_DIRECTMAP_END (1UL << 32) /* 4GB */ @@ -598,8 +606,7 @@ void __init __start_xen(unsigned long mb ((u64)map->base_addr_high << 32) | (u64)map->base_addr_low; e820_raw[e820_raw_nr].size = ((u64)map->length_high << 32) | (u64)map->length_low; - e820_raw[e820_raw_nr].type = - (map->type > E820_NVS) ? E820_RESERVED : map->type; + e820_raw[e820_raw_nr].type = map->type; e820_raw_nr++; bytes += map->size + 4; @@ -918,6 +925,39 @@ void __init __start_xen(unsigned long mb paging_init(); +#ifdef CONFIG_TXT + /* look for MLE/kernel shared page: type is E820_RESERVED */ + /* and has {663C8DFF-E8B3-4b82-AABF-19EA4D057A08} UUID */ + for ( i = 0; i < e820.nr_map; i++ ) + { + void *mle_shared; + + if ( e820.map[i].type != E820_RESERVED ) + continue; + + /* check for MLE_SHARED uuid (need to fixmap it in order to check) */ + set_fixmap(FIX_MLE_SHARED_BASE, e820.map[i].addr); + mle_shared = (void *)fix_to_virt(FIX_MLE_SHARED_BASE); + if ( are_uuids_equal(&mle_kernel_shared_uuid, (uuid_t *)mle_shared) ) + { + /* found it, so make type E820_UNUSABLE to prevent dom0 access */ + e820.map[i].type = E820_UNUSABLE; + g_mle_shared = mle_shared; + printk("SBOOT: found MLE/kernel shared page at phys addr %Lx\n", + (unsigned long long)e820.map[i].addr); + printk("SBOOT: MLE/kernel shared page fixmap-ed to %p:\n", + g_mle_shared); + printk("SBOOT:\t version=%x\n", g_mle_shared->version); + printk("SBOOT:\t log_addr=%x\n", g_mle_shared->log_addr); + printk("SBOOT:\t shutdown_entry32=%x\n", + g_mle_shared->shutdown_entry32); + printk("SBOOT:\t shutdown_entry64=%x\n", + g_mle_shared->shutdown_entry64); + break; + } + } +#endif + /* Unmap the first page of CPU0's stack. */ memguard_guard_stack(cpu0_stack); diff -r 256160ff19b7 -r de942f6fa6b3 xen/arch/x86/shutdown.c --- a/xen/arch/x86/shutdown.c Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/arch/x86/shutdown.c Tue Aug 28 16:18:34 2007 -0700 @@ -21,6 +21,11 @@ #include #include #include +#include +#ifdef CONFIG_TXT +#include +#include +#endif /* reboot_str: comma-separated list of reboot options. */ static char __initdata reboot_str[10] = ""; @@ -29,6 +34,8 @@ static long no_idt[2]; static long no_idt[2]; static int reboot_mode; +static void machine_teardown(void *data); + static inline void kb_wait(void) { int i; @@ -38,18 +45,11 @@ static inline void kb_wait(void) break; } -static void __attribute__((noreturn)) __machine_halt(void *unused) -{ - for ( ; ; ) - __asm__ __volatile__ ( "hlt" ); -} - void machine_halt(void) { - watchdog_disable(); - console_start_sync(); - smp_call_function(__machine_halt, NULL, 1, 0); - __machine_halt(NULL); + bool reboot = false; + + machine_teardown(&reboot); } #ifdef __i386__ @@ -197,32 +197,107 @@ static void machine_real_restart(const u #endif -void machine_restart(char *cmd) +#ifdef CONFIG_TXT +/* + * prepare the environment for running sboot including: + * setup page tabble to map both xboot and xen + */ +void trap_in_sboot(bool reboot) +{ + g_mle_shared->shutdown_type = reboot ? SB_SHUTDOWN_REBOOT : SB_SHUTDOWN_S5; + + printk("transfering control from xen to sboot:\n"); + printk("\t shutdown_type=%x\n", g_mle_shared->shutdown_type); + + local_irq_disable(); + + /* create identity map for 0-640k to include sboot code */ + map_pages_to_xen(0, 0, PFN_UP(0xa0000), __PAGE_HYPERVISOR); + set_current(idle_vcpu[0]); + write_ptbase(idle_vcpu[0]); + +#ifdef __x86_64__ + printk("\t shutdown_entry64=0x%x\n", g_mle_shared->shutdown_entry64); + __asm__ __volatile__ ( + "call *%%rdi" :: "D" (g_mle_shared->shutdown_entry64) ); +#else + printk("\t shutdown_entry32=0x%x\n", g_mle_shared->shutdown_entry32); + __asm__ __volatile__ ( + "call *%0" :: "r" (g_mle_shared->shutdown_entry32) ); +#endif + + /* not reach here as no support return back to xen */ + printk("exit trap_in_sboot.\n"); +} +#endif + +/* + * generic teardown (i.e. kill watchdog, disable hvm, disable IO APIC, etc.) + * + * will teardown APs and leave in hlt loop + * will teardown BSP and reboot or halt + * + */ +static void machine_teardown(void *data) { int i; - - watchdog_disable(); - console_start_sync(); - - local_irq_enable(); + int timeout = 10; + bool reboot = *(bool *)data; /* Ensure we are the boot CPU. */ if ( GET_APIC_ID(apic_read(APIC_ID)) != boot_cpu_physical_apicid ) { + printk("machine_teardown() not called on BSP\n"); /* Send IPI to the boot CPU (logical cpu 0). */ - on_selected_cpus(cpumask_of_cpu(0), (void *)machine_restart, - NULL, 1, 0); + on_selected_cpus(cpumask_of_cpu(0), (void *)machine_teardown, + data, 1, 0); + /* park us until smp_send_stop() sends us to our shutdown handler */ for ( ; ; ) safe_halt(); } + + watchdog_disable(); + + console_start_sync(); + + local_irq_enable(); /* * Stop all CPUs and turn off local APICs and the IO-APIC, so * other OSs see a clean IRQ state. */ + printk("num_online_cpus=%d\n", num_online_cpus()); smp_send_stop(); + disable_IO_APIC(); + hvm_cpu_down(); + + /* BSP needs to wait until all APs have gone through shutdown (disabled */ + /* VMX, etc.) before TXT teardown else will hang; but also a good */ + /* practice even for non-TXT shutdown */ + while ( num_online_cpus() > 1 && timeout > 0 ) { + /* TBD: determine why this printk is necessary to prevent timeout */ + printk("loop: num_online_cpus=%d\n", num_online_cpus()); + /* if not all APs have shutdown, wait a little */ + udelay(5); + timeout--; + } + +#ifdef CONFIG_TXT + /* if sboot launched us, let it exit measured environment properly */ + if ( sboot_in_measured_env() ) { + trap_in_sboot(reboot); + /* we should never return back here */ + printk("sboot_shutdown should never have returned\n"); + } +#endif + + /* just shutdown, not reboot */ + if ( !reboot ) { + for ( ; ; ) + __asm__ __volatile__ ( "hlt" ); + } /* Rebooting needs to touch the page at absolute address 0. */ *((unsigned short *)__va(0x472)) = reboot_mode; @@ -246,6 +321,13 @@ void machine_restart(char *cmd) } } machine_real_restart(jump_to_bios, sizeof(jump_to_bios)); +} + +void machine_restart(char * __unused) +{ + bool reboot = true; + + machine_teardown(&reboot); } #ifndef reboot_thru_bios @@ -333,3 +415,15 @@ static int __init reboot_init(void) return 0; } __initcall(reboot_init); + + + +/* + * Local variables: + * mode: C + * c-set-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff -r 256160ff19b7 -r de942f6fa6b3 xen/arch/x86/smp.c --- a/xen/arch/x86/smp.c Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/arch/x86/smp.c Tue Aug 28 16:18:34 2007 -0700 @@ -306,12 +306,13 @@ int on_selected_cpus( static void stop_this_cpu (void *dummy) { - cpu_clear(smp_processor_id(), cpu_online_map); - local_irq_disable(); disable_local_APIC(); hvm_cpu_down(); + /* don't clear until just before we shutdown */ + cpu_clear(smp_processor_id(), cpu_online_map); + for ( ; ; ) __asm__ __volatile__ ( "hlt" ); } diff -r 256160ff19b7 -r de942f6fa6b3 xen/include/asm-x86/cpufeature.h --- a/xen/include/asm-x86/cpufeature.h Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/include/asm-x86/cpufeature.h Tue Aug 28 16:18:34 2007 -0700 @@ -77,6 +77,7 @@ #define X86_FEATURE_MWAIT (4*32+ 3) /* Monitor/Mwait support */ #define X86_FEATURE_DSCPL (4*32+ 4) /* CPL Qualified Debug Store */ #define X86_FEATURE_VMXE (4*32+ 5) /* Virtual Machine Extensions */ +#define X86_FEATURE_SMXE (4*32+ 6) /* Safer Mode Extensions */ #define X86_FEATURE_EST (4*32+ 7) /* Enhanced SpeedStep */ #define X86_FEATURE_TM2 (4*32+ 8) /* Thermal Monitor 2 */ #define X86_FEATURE_CID (4*32+10) /* Context ID */ diff -r 256160ff19b7 -r de942f6fa6b3 xen/include/asm-x86/e820.h --- a/xen/include/asm-x86/e820.h Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/include/asm-x86/e820.h Tue Aug 28 16:18:34 2007 -0700 @@ -8,6 +8,7 @@ #define E820_RESERVED 2 #define E820_ACPI 3 #define E820_NVS 4 +#define E820_UNUSABLE 5 struct e820entry { uint64_t addr; diff -r 256160ff19b7 -r de942f6fa6b3 xen/include/asm-x86/fixmap.h --- a/xen/include/asm-x86/fixmap.h Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/include/asm-x86/fixmap.h Tue Aug 28 16:18:34 2007 -0700 @@ -40,6 +40,9 @@ enum fixed_addresses { FIX_KEXEC_BASE_0, FIX_KEXEC_BASE_END = FIX_KEXEC_BASE_0 \ + ((KEXEC_XEN_NO_PAGES >> 1) * KEXEC_IMAGE_NR) - 1, +#ifdef CONFIG_TXT + FIX_MLE_SHARED_BASE, +#endif __end_of_fixed_addresses }; diff -r 256160ff19b7 -r de942f6fa6b3 xen/include/asm-x86/msr.h --- a/xen/include/asm-x86/msr.h Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/include/asm-x86/msr.h Tue Aug 28 16:18:34 2007 -0700 @@ -123,7 +123,10 @@ static inline void wrmsrl(unsigned int m #define MSR_IA32_VMX_PROCBASED_CTLS2 0x48b #define IA32_FEATURE_CONTROL_MSR 0x3a #define IA32_FEATURE_CONTROL_MSR_LOCK 0x1 -#define IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON 0x4 +#define IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_IN_SMX 0x2 +#define IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX 0x4 +#define IA32_FEATURE_CONTROL_MSR_SENTER_PARAM_CTL 0x7f00 +#define IA32_FEATURE_CONTROL_MSR_ENABLE_SENTER 0x8000 /* AMD/K8 specific MSRs */ #define MSR_EFER 0xc0000080 /* extended feature register */ diff -r 256160ff19b7 -r de942f6fa6b3 xen/include/asm-x86/processor.h --- a/xen/include/asm-x86/processor.h Thu Aug 16 13:27:59 2007 +0100 +++ b/xen/include/asm-x86/processor.h Tue Aug 28 16:18:34 2007 -0700 @@ -80,6 +80,7 @@ #define X86_CR4_OSFXSR 0x0200 /* enable fast FPU save and restore */ #define X86_CR4_OSXMMEXCPT 0x0400 /* enable unmasked SSE exceptions */ #define X86_CR4_VMXE 0x2000 /* enable VMX */ +#define X86_CR4_SMXE 0x4000 /* enable SMX */ /* * Trap/fault mnemonics.