- 28 Jun, 2016 1 commit
-
-
Quan Xu authored
The parameter 'iommu_dev_iotlb_timeout' specifies the timeout of device IOTLB invalidation in milliseconds. By default, the timeout is 1000 milliseconds, which can be boot-time changed. We also confirmed with VT-d hardware team that 1 milliseconds is large enough for VT-d IOMMU internal invalidation. the existing panic() is eliminated and we bubble up the timeout of device IOTLB invalidation for further processing, as the PCI-e Address Translation Services (ATS) mandates a timeout of 60 seconds for device IOTLB invalidation. Obviously we can't spin for 60 seconds or otherwise Xen hypervisor hangs. Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
-
- 24 Jun, 2016 10 commits
-
-
Daniel De Graaf authored
This adds a Kconfig option and support for including the XSM policy from tools/flask/policy in the hypervisor so that the bootloader does not need to provide a policy to get sane behavior from an XSM-enabled hypervisor. The policy provided by the bootloader, if present, will override the built-in policy. Enabling this option only builds the policy if checkpolicy is available during compilation of the hypervisor; otherwise, it does nothing. The XSM policy is not moved out of tools because that remains the primary location for installing and configuring the policy. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Julien Grall <julien.grall@arm.com>
-
Daniel De Graaf authored
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Daniel De Graaf authored
The only possible value of original_ops was &dummy_xsm_ops, and unregister_xsm was never used. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Daniel De Graaf authored
These functions were only called from __init functions. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Daniel De Graaf authored
Since enabling XSM is required to enable FLASK, place the option for FLASK below the one for XSM. In addition, since it does not make sense to enable XSM without any XSM providers, and FLASK is the only XSM provider, hide the option to disable FLASK under EXPERT. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Jan Beulich authored
__setup_str is used on arrays of char, so there aren't any relocatable items. Hence __initconst has to be used here, not __initconstrel. Whatever led to the revert of commit 59b151d2 (the original version of a6066af5 "xen/init: Annotate all command line parameter infrastructure as const" must have got addressed meanwhile - with the patch here I can't see that old gcc (4.3ish) report a section type conflict anymore. Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
Dirk Behme authored
The scif-uart.c is an ARM specific UART driver for the Renesas RCar SoC family. Signed-off-by: Dirk Behme <dirk.behme@gmail.com>
-
Tamas K Lengyel authored
Mechanical renaming to better describe that the code in hvm/event is part of the monitor subsystem. Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Acked-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Acked-by: Jan Beulich <jbeulich@suse.com>
-
Tamas K Lengyel authored
Mechanical renaming and relocation to the monitor subsystem. Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com> Acked-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com>
-
Tamas K Lengyel authored
The monitor_get_capabilities check actually belongs to the monitor subsystem so relocating and renaming it to sanitize the code's name and location. Mechanical patch, no code changes introduced. Signed-off-by: Tamas K Lengyel <tamas@tklengyel.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Razvan Cojocaru <rcojocaru@bitdefender.com> Acked-by: Julien Grall <julien.grall@arm.com>
-
- 23 Jun, 2016 13 commits
-
-
Wei Liu authored
Originally hvm_fep was guarded by NDEBUG, which means it was only available to debug builds. However there is value in having it in non-debug builds as well. Users can use it to run tests in a setup that replicates a production environment. Make it clear with a sync_console style warning that this option can't be used in production setup. Update command line documentation accordingly. Finally mark Xen as tainted when this feature is used. Add a kconfig option under x86 to configure hvm_fep. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Wei Liu authored
Move the warning text to a static variable and marked that as initconst data. Call warning_add in console_init_preirq. Finally remove all unused bits. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
Wei Liu authored
Use an array to keep track of warning text, provide a function to add warning text to track. Print warnings (if any) in console_endboot. Signed-off-by: Wei Liu <wei.liu2@citrix.com> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
Dirk Behme authored
Besides the 14MHz external clock, the SCIF might be clocked by an internal 66MHz clock. If this is the case, the current clock source selection breaks this configuration. Same for the settings done by the firmware for data bits, stop bits and parity. Completely drop this and rely on the settings done by the firmware. Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com> Reviewed-by: Julien Grall <julien.grall@arm.com> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
-
Dirk Behme authored
The two struct members baud and clock_hz are in the end read only variables nowhere used for anything useful. Removing them makes the code much simpler without changing any functionality. Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com> Reviewed-by: Julien Grall <julien.grall@arm.com> Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
-
Julien Grall authored
The correct acronym for a guest physical frame is gfn. Also use the recently introduced typesafe gfn/mfn to avoid mixing the two different kind of frame. Signed-off-by: Julien Grall <julien.grall@arm.com> Acked-by: Jan Beulich <jbeulich@suse.com> Acked-by: Stefano Stabellini <sstabellini@kernel.org>
-
Jan Beulich authored
The former in an attempt to at least gradually support all simple data movement instructions. The latter just because it shares the opcode with the former. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
Jan Beulich authored
... by using dedicated initializers. Also add an ASSERT() to make sure unintentional addition of holes to the array gets noticed. Ditch MSR_INDEX_SIZE as redundant with VMX_MSR_COUNT. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
-
Jan Beulich authored
All host_msr_state accesses are solely on the owning CPU, and all guest_msr_state ones solely when the vCPU is current or being switched to. This, btw, is also in line with the use of find_first_set_bit() (which would be bogus if ->flags could get updated behind its back). Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Kevin Tian <kevin.tian@intel.com>
-
Andrew Cooper authored
Both the trampoline copy and BSS initialise can be performed more efficiently by using 4-byte variants of the string operations. On Intel systems with ERMSB (efficient rep movsb), this is no practical difference. On all other systems, this is 4 times more efficient. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
-
Andrew Cooper authored
Its contents is constant. The ALIGN(32) is also dropped. On x86, there is nothing between it and a larger alignment. On ARM, __init_end_efi is between the two, but its sole use is to fill SizeOfRawData in the PE Section Table, and doesn't require any specific alignment. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com>
-
Andrew Cooper authored
Its contents is constant, and only requires pointer alignment, so move it adacent to .init.setup. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Acked-by: Julien Grall <julien.grall@arm.com>
-
Andrew Cooper authored
There is no reason for any of it to be modified. Additionally, link .init.setup beside the other constant .init data. While editing this area, correct the types used in the extern declarations for __setup_start and __setup_end to match the types the linker actually produces. No functional change. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Acked-by: Julien Grall <julien.grall@arm.com>
-
- 22 Jun, 2016 8 commits
-
-
Julien Grall authored
Those helpers will be useful to do common operations without having to unbox/box manually the GFNs/MFNs. Signed-off-by: Julien Grall <julien.grall@arm.com> Acked-by: Jan Beulich <jbeulich@suse.com>
-
Quan Xu authored
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
-
Quan Xu authored
Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
-
Quan Xu authored
The propagation value from IOMMU flush interfaces may be positive, which indicates callers need to flush cache, not one of faliures. when the propagation value is positive, this patch fixes this flush issue as follows: - call iommu_flush_write_buffer() to flush cache. - return zero. Signed-off-by: Quan Xu <quan.xu@intel.com> Acked-by: Kevin Tian <kevin.tian@intel.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
-
Jan Beulich authored
This allows us to see the full ioreq without having to peek into state which is supposedly private to the emulation framework. Suggested-by: Paul Durrant <Paul.Durrant@citrix.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Paul Durrant <paul.durrant@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
Jan Beulich authored
We can calculate the needed value at the single use site more easily. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
Jan Beulich authored
msixtbl_pt_{,un}register() already run with both the PCI devices lock and the domain event lock held, so there's no need for another lock. Just to be on the safe side, acquire the domain event lock in the cleanup function (albeit I don't think this is strictly necessary). Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
Jan Beulich authored
There's no point in registering the internal MSI-X table intercept functions on all domains - it is sufficient to do so once a domain gets an MSI-X capable device assigned. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
- 21 Jun, 2016 8 commits
-
-
Daniel De Graaf authored
Since FLASK is the only implementation of XSM hooks in Xen, using an iterated initcall dispatch for setup is overly complex. Change this to a direct function call to a globally visible function; if additional XSM hooks are added in the future, a switching mechanism will be needed regardless, and that can be placed in xsm_core.c. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Julien Grall <julien.grall@arm.com>
-
Daniel De Graaf authored
When an unknown domctl, sysctl, or other operation is encountered in the FLASK security server, use the allow_unknown bit in the security policy to decide if the permission should be allowed or denied. This allows new operations to be tested without needing to immediately add security checks; however, it is not flexible enough to avoid adding the actual permission checks. An error message is printed to the hypervisor console when this fallback is encountered. This patch will allow operations that are not handled by the existing hooks only if the policy was compiled with "checkpolicy -U allow". In previous releases, this bit did nothing, and the default remains to deny the unknown operations. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Daniel De Graaf authored
This operation has no known users, and is primarily useful when an MLS policy is in use (which has never been shipped with Xen). In addition, the information it provides does not actually depend on hypervisor state (only on the XSM policy), so an application that needs it could compute the results without needing to involve the hypervisor. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Acked-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Daniel De Graaf authored
These callbacks are not used in Xen. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Daniel De Graaf authored
This field was originally used in Linux for a default message code for network interfaces. It has never been used in Xen, so remove it. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Daniel De Graaf authored
These permissions were initially split because they were in separate domctls, but this split is very unlikely to actually provide security benefits: it would require a carefully contrived situation for a domain to both need access to one type of CPU register and also need to be prohibited from accessing another type. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
-
Daniel De Graaf authored
The access vectors defined here have never been used by xenstore. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-
Daniel De Graaf authored
This adds the xenstore_t type to the example policy for use by a xenstore stub domain; see the init-xenstore-domain tool for how this type needs to be used. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> Reviewed-by: Doug Goldstein <cardoe@cardoe.com>
-