Bastian Blank
2011-Jan-12 11:39 UTC
[Pkg-xen-changes] r807 - in trunk/xen/debian: . patches
Author: waldi Date: Wed Jan 12 11:39:39 2011 New Revision: 807 Log: * debian/changelog: Update. * debian/patches: Add several upstream patches. Added: trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f trunk/xen/debian/patches/upstream-21335:e854f11d392d trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670 trunk/xen/debian/patches/upstream-21338:12c96d380c48 trunk/xen/debian/patches/upstream-21347:081ba5a13718 trunk/xen/debian/patches/upstream-21348:aced00366822 trunk/xen/debian/patches/upstream-21353:59917443fc50 trunk/xen/debian/patches/upstream-21354:67af28519aed trunk/xen/debian/patches/upstream-21364:f7d54e1d7044 trunk/xen/debian/patches/upstream-21371:aabda497d83f trunk/xen/debian/patches/upstream-21375:179150c0b366 trunk/xen/debian/patches/upstream-21376:43b3f8ceb991 trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c trunk/xen/debian/patches/upstream-21388:b6d75c255bf6 trunk/xen/debian/patches/upstream-21389:2901cbe2eccc trunk/xen/debian/patches/upstream-21395:2548598d110d trunk/xen/debian/patches/upstream-21403:e7d9d8d46730 trunk/xen/debian/patches/upstream-21407:4e689840622f trunk/xen/debian/patches/upstream-21409:a45388506790 trunk/xen/debian/patches/upstream-21413:b05fa0652463 Modified: trunk/xen/debian/changelog trunk/xen/debian/patches/series Modified: trunk/xen/debian/changelog =============================================================================--- trunk/xen/debian/changelog Fri Sep 3 15:16:04 2010 (r806) +++ trunk/xen/debian/changelog Wed Jan 12 11:39:39 2011 (r807) @@ -1,3 +1,28 @@ +xen (4.0.1-2) UNRELEASED; urgency=low + + * Fix races in memory management. + * Make sure that frame-table compression leaves enough alligned. + * Disable XSAVE support. (closes: #595490) + * Check for dying domain instead of raising an assertion. + * Add C6 state with EOI errata for Intel. + * Make some memory management interrupt safe. Unsure if really needed. + * Raise bar for inter-socket migrations on mostly-idle systems. + * Fix interrupt handling for legacy routed interrupts. + * Allow to set maximal domain memory even during a running change. + * Support new partition name in pygrub. (closes: #599243) + * Fix some comparisions "< 0" that may be optimized away. + * Check for MWAIT support before using it. + * Fix endless loop on interrupts on Nehalem cpus. + * Don''t crash upon direct GDT/LDT access. (closes: #609531) + CVE-2010-4255 + * Don''t loose timer ticks after domain restore. + * Reserve some space for IOMMU area in dom0. + * Fix hypercall arguments after trace callout. + * Fix some error paths in vtd support. Memory leak. + * Reinstate ACPI DMAR table. + + -- Bastian Blank <waldi at debian.org> Wed, 12 Jan 2011 11:54:36 +0100 + xen (4.0.1-1) unstable; urgency=low * New upstream release. Modified: trunk/xen/debian/patches/series =============================================================================--- trunk/xen/debian/patches/series Fri Sep 3 15:16:04 2010 (r806) +++ trunk/xen/debian/patches/series Wed Jan 12 11:39:39 2011 (r807) @@ -47,3 +47,24 @@ tools-xenmon-install.diff tools-python-shebang.diff + +upstream-21334:993458f6c5a0+21405:ae381a864b4f +upstream-21335:e854f11d392d +upstream-21336:16867267ac12+21362:b98a20571670 +upstream-21338:12c96d380c48 +upstream-21347:081ba5a13718 +upstream-21348:aced00366822 +upstream-21353:59917443fc50 +upstream-21354:67af28519aed +upstream-21364:f7d54e1d7044 +upstream-21371:aabda497d83f +upstream-21375:179150c0b366 +upstream-21376:43b3f8ceb991 +upstream-21387:711ff9ac4d8c +upstream-21388:b6d75c255bf6 +upstream-21389:2901cbe2eccc +upstream-21395:2548598d110d +upstream-21403:e7d9d8d46730 +upstream-21407:4e689840622f +upstream-21409:a45388506790 +upstream-21413:b05fa0652463 Added: trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,170 @@ +# HG changeset patch +# User Keir Fraser <keir.fraser at citrix.com> +# Date 1283155186 -3600 +# Node ID 993458f6c5a0df2cfeeda9552ece6d18839798dc +# Parent 0aafca182acf609bff75425ed85bd5c06d455073 +ept: Put locks around ept_get_entry + +There''s a subtle race in ept_get_entry, such that if tries to read an +entry that ept_set_entry is modifying, it gets neither the old entry +nor the new entry, but empty. In the case of multi-cpu +populate-on-demand guests, this manifests as a guest crash when one +vcpu tries to read a page which another page is trying to populate, +and ept_get_entry returns p2m_mmio_dm. + +This bug can also be fixed by making both ept_set_entry and +ept_next_level access-once (i.e., ept_next_level reads full ept_entry +and then works with local value; ept_set_entry construct the entry +locally and then sets it in one write). But there doesn''t seem to be +any major performance implications of just making ept_get_entry use +locks; so the simpler, the better. + +Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com> +xen-unstable changeset: 22071:c5aed2e049bc +xen-unstable date: Mon Aug 30 08:39:52 2010 +0100 + +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1292410072 0 +# Node ID ae381a864b4f38edf0c672160091b612346c88d1 +# Parent 9c7b9e65bc37b15b4a227937eee5b2e4368e5ce4 +ept: Remove lock in ept_get_entry, replace with access-once semantics. + +This mirrors the RVI/shadow situation, where p2m read access is +lockless because it''s done in the hardware (linear map of the p2m +table). + +This fixes the original bug (call it bug A) without introducing bug B +(a deadlock). + +Bug A was caused by a race when updating p2m entries: between testing +if it''s valid, and testing if it''s populate-on-demand, it may have +been changed from populate-on-demand to valid. + +My original patch simply introduced a lock into ept_get_entry, but +that caused bug B, caused by circular locking order: p2m_change_type +[grabs p2m lock] -> set_p2m_entry -> ept_set_entry -> +ept_set_middle_level -> p2m_alloc [grabs hap lock] write cr4 -> +hap_update_paging_modes [grabes hap lock] -> hap_update_cr3 -> +gfn_to_mfn -> ept_get_entry -> [grabs p2m lock] + +Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com> +xen-unstable changeset: 22526:7a5ee3800417 +xen-unstable date: Wed Dec 15 10:47:05 2010 +0000 + +--- a/xen/arch/x86/mm/hap/p2m-ept.c ++++ b/xen/arch/x86/mm/hap/p2m-ept.c +@@ -137,7 +137,7 @@ + ept_entry_t **table, unsigned long *gfn_remainder, + u32 shift) + { +- ept_entry_t *ept_entry; ++ ept_entry_t *ept_entry, e; + ept_entry_t *next; + u32 index; + +@@ -145,9 +145,11 @@ + + ept_entry = (*table) + index; + +- if ( !is_epte_present(ept_entry) ) ++ e=*ept_entry; ++ ++ if ( !is_epte_present(&e) ) + { +- if ( ept_entry->avail1 == p2m_populate_on_demand ) ++ if ( e.avail1 == p2m_populate_on_demand ) + return GUEST_TABLE_POD_PAGE; + + if ( read_only ) +@@ -155,15 +157,17 @@ + + if ( !ept_set_middle_entry(d, ept_entry) ) + return GUEST_TABLE_MAP_FAILED; ++ else ++ e=*ept_entry; + } + + /* The only time sp would be set here is if we had hit a superpage */ +- if ( is_epte_superpage(ept_entry) ) ++ if ( is_epte_superpage(&e) ) + return GUEST_TABLE_SUPER_PAGE; + else + { + *gfn_remainder &= (1UL << shift) - 1; +- next = map_domain_page(ept_entry->mfn); ++ next = map_domain_page(e.mfn); + unmap_domain_page(*table); + *table = next; + return GUEST_TABLE_NORMAL_PAGE; +@@ -235,35 +239,39 @@ + if ( mfn_valid(mfn_x(mfn)) || direct_mmio || p2m_is_paged(p2mt) || + (p2mt == p2m_ram_paging_in_start) ) + { +- ept_entry->emt = epte_get_entry_emt(d, gfn, mfn, &ipat, ++ ept_entry_t new_entry; ++ ++ new_entry.emt = epte_get_entry_emt(d, gfn, mfn, &ipat, + direct_mmio); +- ept_entry->ipat = ipat; +- ept_entry->sp = order ? 1 : 0; ++ new_entry.ipat = ipat; ++ new_entry.sp = order ? 1 : 0; + + if ( ret == GUEST_TABLE_SUPER_PAGE ) + { +- if ( ept_entry->mfn == (mfn_x(mfn) - offset) ) ++ if ( new_entry.mfn == (mfn_x(mfn) - offset) ) + need_modify_vtd_table = 0; + else +- ept_entry->mfn = mfn_x(mfn) - offset; ++ new_entry.mfn = mfn_x(mfn) - offset; + +- if ( (ept_entry->avail1 == p2m_ram_logdirty) ++ if ( (new_entry.avail1 == p2m_ram_logdirty) + && (p2mt == p2m_ram_rw) ) + for ( i = 0; i < 512; i++ ) + paging_mark_dirty(d, mfn_x(mfn) - offset + i); + } + else + { +- if ( ept_entry->mfn == mfn_x(mfn) ) ++ if ( new_entry.mfn == mfn_x(mfn) ) + need_modify_vtd_table = 0; + else +- ept_entry->mfn = mfn_x(mfn); ++ new_entry.mfn = mfn_x(mfn); + } + +- ept_entry->avail1 = p2mt; +- ept_entry->avail2 = 0; ++ new_entry.avail1 = p2mt; ++ new_entry.avail2 = 0; ++ ++ ept_p2m_type_to_flags(&new_entry, p2mt); + +- ept_p2m_type_to_flags(ept_entry, p2mt); ++ ept_entry->epte = new_entry.epte; + } + else + ept_entry->epte = 0; +@@ -387,6 +395,10 @@ + int i; + int ret = 0; + mfn_t mfn = _mfn(INVALID_MFN); ++ int do_locking = !p2m_locked_by_me(d->arch.p2m); ++ ++ if ( do_locking ) ++ p2m_lock(d->arch.p2m); + + *t = p2m_mmio_dm; + +@@ -464,6 +476,8 @@ + } + + out: ++ if ( do_locking ) ++ p2m_unlock(d->arch.p2m); + unmap_domain_page(table); + return mfn; + } Added: trunk/xen/debian/patches/upstream-21335:e854f11d392d =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21335:e854f11d392d Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,37 @@ +# HG changeset patch +# User Keir Fraser <keir.fraser at citrix.com> +# Date 1283332901 -3600 +# Node ID e854f11d392d13e5302a219bcc9e6e352a4f1c1b +# Parent 993458f6c5a0df2cfeeda9552ece6d18839798dc +x86_64: Ensure frame-table compression leaves MAX_ORDER aligned +contiguous ranges of page_info structs. This allows page-pointer +arithmetic in places like our buddy allocator. + +This restriction was already implicitly guaranteed, but it is good to +make it explicit in the pdx-related initialisation. + +Signed-off-by: Keir Fraser <keir.fraser at citrix.com> +xen-unstable changeset: 972d90ff3134 +xen-unstable date: Wed Sep 01 10:17:49 2010 +0100 + +diff -r 993458f6c5a0 -r e854f11d392d xen/arch/x86/x86_64/mm.c +--- a/xen/arch/x86/x86_64/mm.c Mon Aug 30 08:59:46 2010 +0100 ++++ b/xen/arch/x86/x86_64/mm.c Wed Sep 01 10:21:41 2010 +0100 +@@ -163,9 +163,15 @@ + + void __init pfn_pdx_hole_setup(unsigned long mask) + { +- unsigned int i, j, bottom_shift, hole_shift; ++ unsigned int i, j, bottom_shift = 0, hole_shift = 0; + +- for ( hole_shift = bottom_shift = j = 0; ; ) ++ /* ++ * We skip the first MAX_ORDER bits, as we never want to compress them. ++ * This guarantees that page-pointer arithmetic remains valid within ++ * contiguous aligned ranges of 2^MAX_ORDER pages. Among others, our ++ * buddy allocator relies on this assumption. ++ */ ++ for ( j = MAX_ORDER-1; ; ) + { + i = find_next_zero_bit(&mask, BITS_PER_LONG, j); + j = find_next_bit(&mask, BITS_PER_LONG, i); Added: trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,75 @@ +# HG changeset patch +# User Keir Fraser <keir.fraser at citrix.com> +# Date 1283332925 -3600 +# Node ID 16867267ac126043712703455b81c16f2549ee23 +# Parent e854f11d392d13e5302a219bcc9e6e352a4f1c1b +x86 intel: Disable XSAVE support. + +It breaks HVM save/restore. + +Signed-off-by: Keir Fraser <keir.fraser at citrix.com> +xen-unstable changeset: ae0cd4e5cc01 +xen-unstable date: Wed Sep 01 10:19:14 2010 +0100 + +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1285340308 -3600 +# Node ID b98a20571670d905bb32eef98e2991a563e9f4fa +# Parent c9f461d6ea1db06e3434f8c1a29f2568f2b45f54 +x86: check CPUID level before enabling xsave + +While not as relevant after c/s 21894, is still seems safer to check +the CPUID level here, just like Linux does. The is particularly +relevant for the 4.0 tree (which doesn''t have said c/s), but also +possibly for nested environments where writing MSR_IA32_MISC_ENABLE +may not actually take effect (Xen itself ignores such writes). + +Signed-off-by: Jan Beulich <jbeulich at novell.com> +xen-unstable changeset: 22213:eb247ea9db8c +xen-unstable date: Fri Sep 24 15:53:31 2010 +0100 + +--- a/xen/arch/x86/cpu/intel.c ++++ b/xen/arch/x86/cpu/intel.c +@@ -30,7 +30,7 @@ + integer_param("cpuid_mask_ecx", opt_cpuid_mask_ecx); + integer_param("cpuid_mask_edx", opt_cpuid_mask_edx); + +-static int use_xsave = 1; ++static int use_xsave; + boolean_param("xsave", use_xsave); + + #ifdef CONFIG_X86_INTEL_USERCOPY +--- a/xen/arch/x86/i387.c ++++ b/xen/arch/x86/i387.c +@@ -132,6 +132,8 @@ + } + } + ++#define XSTATE_CPUID 0xd ++ + /* + * Maximum size (in byte) of the XSAVE/XRSTOR save area required by all + * the supported and enabled features on the processor, including the +@@ -148,7 +150,12 @@ + int cpu = smp_processor_id(); + u32 min_size; + +- cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx); ++ if ( boot_cpu_data.cpuid_level < XSTATE_CPUID ) { ++ printk(XENLOG_ERR "XSTATE_CPUID missing\n"); ++ return; ++ } ++ ++ cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx); + + printk("%s: cpu%d: cntxt_max_size: 0x%x and states: %08x:%08x\n", + __func__, cpu, ecx, edx, eax); +@@ -169,7 +176,7 @@ + */ + set_in_cr4(X86_CR4_OSXSAVE); + set_xcr0(eax & XCNTXT_MASK); +- cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx); ++ cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx); + clear_in_cr4(X86_CR4_OSXSAVE); + + if ( cpu == 0 ) Added: trunk/xen/debian/patches/upstream-21338:12c96d380c48 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21338:12c96d380c48 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,52 @@ +# HG changeset patch +# User Keir Fraser <keir.fraser at citrix.com> +# Date 1284394746 -3600 +# Node ID 12c96d380c48789d6d4c8955af7e014075abf3d9 +# Parent 5ca1d7547a42cc469d856b62f1894408ea8e1723 +page_alloc: Hold heap_lock while adjusting page states to/from PGC_state_free. + +This avoids races with buddy-merging logic in free_heap_pages(). + +Signed-off-by: Keir Fraser <keir.fraser at citrix.com> +xen-unstable changeset: 22135:69e8bb164683 +xen-unstable date: Mon Sep 13 17:08:31 2010 +0100 + +diff -r 5ca1d7547a42 -r 12c96d380c48 xen/common/page_alloc.c +--- a/xen/common/page_alloc.c Mon Sep 13 17:18:07 2010 +0100 ++++ b/xen/common/page_alloc.c Mon Sep 13 17:19:06 2010 +0100 +@@ -378,8 +378,6 @@ + total_avail_pages -= request; + ASSERT(total_avail_pages >= 0); + +- spin_unlock(&heap_lock); +- + cpus_clear(mask); + + for ( i = 0; i < (1 << order); i++ ) +@@ -401,6 +399,8 @@ + page_set_owner(&pg[i], NULL); + } + ++ spin_unlock(&heap_lock); ++ + if ( unlikely(!cpus_empty(mask)) ) + { + perfc_incr(need_flush_tlb_flush); +@@ -496,6 +496,8 @@ + ASSERT(order <= MAX_ORDER); + ASSERT(node >= 0); + ++ spin_lock(&heap_lock); ++ + for ( i = 0; i < (1 << order); i++ ) + { + /* +@@ -523,8 +525,6 @@ + pg[i].tlbflush_timestamp = tlbflush_current_time(); + } + +- spin_lock(&heap_lock); +- + avail[node][zone] += 1 << order; + total_avail_pages += 1 << order; + Added: trunk/xen/debian/patches/upstream-21347:081ba5a13718 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21347:081ba5a13718 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,30 @@ +# HG changeset patch +# User Keir Fraser <keir.fraser at citrix.com> +# Date 1284535364 -3600 +# Node ID 081ba5a13718f12f0d306d8f094c1b73a7f7d173 +# Parent 84510e00ebd1e3bc0a5d7b2f0d996d41e49e17ff +notify_via_xen_event_channel() should check for dying domain. + +Else we can fail on either ASSERTion in that function. + +From: Olaf Hering <olaf at aepfle.de> +Signed-off-by: Keir Fraser <keir.fraser at citrix.com> +xen-unstable changeset: 22159:62edd2611cbb +xen-unstable date: Wed Sep 15 08:18:53 2010 +0100 + +diff -r 84510e00ebd1 -r 081ba5a13718 xen/common/event_channel.c +--- a/xen/common/event_channel.c Wed Sep 15 08:22:16 2010 +0100 ++++ b/xen/common/event_channel.c Wed Sep 15 08:22:44 2010 +0100 +@@ -994,6 +994,12 @@ + + spin_lock(&ld->event_lock); + ++ if ( unlikely(ld->is_dying) ) ++ { ++ spin_unlock(&ld->event_lock); ++ return; ++ } ++ + ASSERT(port_is_valid(ld, lport)); + lchn = evtchn_from_port(ld, lport); + ASSERT(lchn->consumer_is_xen); Added: trunk/xen/debian/patches/upstream-21348:aced00366822 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21348:aced00366822 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,96 @@ +# HG changeset patch +# User Keir Fraser <keir.fraser at citrix.com> +# Date 1284537730 -3600 +# Node ID aced003668226f1007305092086611d12eaff396 +# Parent 081ba5a13718f12f0d306d8f094c1b73a7f7d173 +C6 state with EOI issue fix for some Intel processors + +There is an errata in some of Intel processors. + +AAJ72. EOI Transaction May Not be Sent if Software Enters Core C6 +During an Interrupt Service Routine + +If core C6 is entered after the start of an interrupt service routine +but before a write to the APIC EOI register, the core may not send an +EOI transaction (if needed) and further interrupts from the same +priority level or lower may be blocked. + +This patch fix this issue, by checking if ISR is pending before enter +deep Cx state. If so, it would use power->safe_state instead of deep +Cx state to prevent the above issue happen. + +Signed-off-by: Sheng Yang <sheng at linux.intel.com> +Signed-off-by: Keir Fraser <keir.fraser at citrix.com> +xen-unstable changeset: 22160:1087f9a03ab6 +xen-unstable date: Wed Sep 15 09:00:35 2010 +0100 + +diff -r 081ba5a13718 -r aced00366822 xen/arch/x86/acpi/cpu_idle.c +--- a/xen/arch/x86/acpi/cpu_idle.c Wed Sep 15 08:22:44 2010 +0100 ++++ b/xen/arch/x86/acpi/cpu_idle.c Wed Sep 15 09:02:10 2010 +0100 +@@ -226,6 +226,31 @@ + return atomic_read(&this_cpu(schedule_data).urgent_count); + } + ++/* ++ * "AAJ72. EOI Transaction May Not be Sent if Software Enters Core C6 During ++ * an Interrupt Service Routine" ++ * ++ * There was an errata with some Core i7 processors that an EOI transaction ++ * may not be sent if software enters core C6 during an interrupt service ++ * routine. So we don''t enter deep Cx state if there is an EOI pending. ++ */ ++bool_t errata_c6_eoi_workaround(void) ++{ ++ static bool_t fix_needed = -1; ++ ++ if ( unlikely(fix_needed == -1) ) ++ { ++ int model = boot_cpu_data.x86_model; ++ fix_needed = (cpu_has_apic && !directed_eoi_enabled && ++ (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) && ++ (boot_cpu_data.x86 == 6) && ++ ((model == 0x1a) || (model == 0x1e) || (model == 0x1f) || ++ (model == 0x25) || (model == 0x2c) || (model == 0x2f))); ++ } ++ ++ return (fix_needed && cpu_has_pending_apic_eoi()); ++} ++ + static void acpi_processor_idle(void) + { + struct acpi_processor_power *power = processor_powers[smp_processor_id()]; +@@ -277,6 +302,9 @@ + return; + } + ++ if ( (cx->type == ACPI_STATE_C3) && errata_c6_eoi_workaround() ) ++ cx = power->safe_state; ++ + power->last_state = cx; + + /* +diff -r 081ba5a13718 -r aced00366822 xen/arch/x86/irq.c +--- a/xen/arch/x86/irq.c Wed Sep 15 08:22:44 2010 +0100 ++++ b/xen/arch/x86/irq.c Wed Sep 15 09:02:10 2010 +0100 +@@ -756,6 +756,11 @@ + static DEFINE_PER_CPU(struct pending_eoi, pending_eoi[NR_DYNAMIC_VECTORS]); + #define pending_eoi_sp(p) ((p)[NR_DYNAMIC_VECTORS-1].vector) + ++bool_t cpu_has_pending_apic_eoi(void) ++{ ++ return (pending_eoi_sp(this_cpu(pending_eoi)) != 0); ++} ++ + static inline void set_pirq_eoi(struct domain *d, unsigned int irq) + { + if ( d->arch.pirq_eoi_map ) +diff -r 081ba5a13718 -r aced00366822 xen/include/asm-x86/irq.h +--- a/xen/include/asm-x86/irq.h Wed Sep 15 08:22:44 2010 +0100 ++++ b/xen/include/asm-x86/irq.h Wed Sep 15 09:02:10 2010 +0100 +@@ -150,4 +150,6 @@ + #define domain_pirq_to_irq(d, pirq) ((d)->arch.pirq_irq[pirq]) + #define domain_irq_to_pirq(d, irq) ((d)->arch.irq_pirq[irq]) + ++bool_t cpu_has_pending_apic_eoi(void); ++ + #endif /* _ASM_HW_IRQ_H */ Added: trunk/xen/debian/patches/upstream-21353:59917443fc50 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21353:59917443fc50 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,95 @@ +# HG changeset patch +# User Keir Fraser <keir.fraser at citrix.com> +# Date 1285010201 -3600 +# Node ID 59917443fc5090cd4833a2381e96c96001007b21 +# Parent 09e971d829482ec045f309949e14ed1de938e845 +x86_32: [un]map_domain_page() is now IRQ safe. + +Signed-off-by: Keir Fraser <keir.fraser at citrix.com> +xen-unstable changeset: 22177:7405e0ddb912 +xen-unstable date: Sat Sep 18 08:57:15 2010 +0100 + +diff -r 09e971d82948 -r 59917443fc50 xen/arch/x86/x86_32/domain_page.c +--- a/xen/arch/x86/x86_32/domain_page.c Mon Sep 20 20:16:22 2010 +0100 ++++ b/xen/arch/x86/x86_32/domain_page.c Mon Sep 20 20:16:41 2010 +0100 +@@ -42,15 +42,13 @@ + + void *map_domain_page(unsigned long mfn) + { +- unsigned long va; +- unsigned int idx, i, flags; ++ unsigned long va, flags; ++ unsigned int idx, i; + struct vcpu *v; + struct mapcache_domain *dcache; + struct mapcache_vcpu *vcache; + struct vcpu_maphash_entry *hashent; + +- ASSERT(!in_irq()); +- + perfc_incr(map_domain_page_count); + + v = mapcache_current_vcpu(); +@@ -58,6 +56,8 @@ + dcache = &v->domain->arch.mapcache; + vcache = &v->arch.mapcache; + ++ local_irq_save(flags); ++ + hashent = &vcache->hash[MAPHASH_HASHFN(mfn)]; + if ( hashent->mfn == mfn ) + { +@@ -69,7 +69,7 @@ + goto out; + } + +- spin_lock_irqsave(&dcache->lock, flags); ++ spin_lock(&dcache->lock); + + /* Has some other CPU caused a wrap? We must flush if so. */ + if ( unlikely(dcache->epoch != vcache->shadow_epoch) ) +@@ -105,11 +105,12 @@ + set_bit(idx, dcache->inuse); + dcache->cursor = idx + 1; + +- spin_unlock_irqrestore(&dcache->lock, flags); ++ spin_unlock(&dcache->lock); + + l1e_write(&dcache->l1tab[idx], l1e_from_pfn(mfn, __PAGE_HYPERVISOR)); + + out: ++ local_irq_restore(flags); + va = MAPCACHE_VIRT_START + (idx << PAGE_SHIFT); + return (void *)va; + } +@@ -119,11 +120,9 @@ + unsigned int idx; + struct vcpu *v; + struct mapcache_domain *dcache; +- unsigned long mfn; ++ unsigned long mfn, flags; + struct vcpu_maphash_entry *hashent; + +- ASSERT(!in_irq()); +- + ASSERT((void *)MAPCACHE_VIRT_START <= va); + ASSERT(va < (void *)MAPCACHE_VIRT_END); + +@@ -135,6 +134,8 @@ + mfn = l1e_get_pfn(dcache->l1tab[idx]); + hashent = &v->arch.mapcache.hash[MAPHASH_HASHFN(mfn)]; + ++ local_irq_save(flags); ++ + if ( hashent->idx == idx ) + { + ASSERT(hashent->mfn == mfn); +@@ -163,6 +164,8 @@ + /* /Second/, mark as garbage. */ + set_bit(idx, dcache->garbage); + } ++ ++ local_irq_restore(flags); + } + + void mapcache_domain_init(struct domain *d) Added: trunk/xen/debian/patches/upstream-21354:67af28519aed =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21354:67af28519aed Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,65 @@ +# HG changeset patch +# User Keir Fraser <keir.fraser at citrix.com> +# Date 1285010305 -3600 +# Node ID 67af28519aed5a68758f34cc37216c008faca9cb +# Parent 59917443fc5090cd4833a2381e96c96001007b21 +sched_credit: Raise bar for inter-socket migrations on mostly-idle systems + +The credit scheduler ties to keep work balanced, even on a mostly idle +system. Unfortunately, if you have one VM burning cpu and another VM +idle, the effect is that the busy VM will flip back and forth between +sockets. + +This patch addresses this, by only migrating to a different socket if +the number of idle processors is twice that of the socket the vcpu is +currently on. + +This will only affect mostly-idle systems; as the system becomes more +busy, other load-balancing code will come into effect. + +Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com> +xen-unstable changeset: 22180:0bc640853cfd +xen-unstable date: Mon Sep 20 18:49:15 2010 +0100 + +diff -r 59917443fc50 -r 67af28519aed xen/common/sched_credit.c +--- a/xen/common/sched_credit.c Mon Sep 20 20:16:41 2010 +0100 ++++ b/xen/common/sched_credit.c Mon Sep 20 20:18:25 2010 +0100 +@@ -420,26 +420,36 @@ + cpumask_t cpu_idlers; + cpumask_t nxt_idlers; + int nxt, weight_cpu, weight_nxt; ++ int migrate_factor; + + nxt = cycle_cpu(cpu, cpus); + + if ( cpu_isset(cpu, per_cpu(cpu_core_map, nxt)) ) + { ++ /* We''re on the same socket, so check the busy-ness of threads. ++ * Migrate if # of idlers is less at all */ + ASSERT( cpu_isset(nxt, per_cpu(cpu_core_map, cpu)) ); ++ migrate_factor = 1; + cpus_and(cpu_idlers, idlers, per_cpu(cpu_sibling_map, cpu)); + cpus_and(nxt_idlers, idlers, per_cpu(cpu_sibling_map, nxt)); + } + else + { ++ /* We''re on different sockets, so check the busy-ness of cores. ++ * Migrate only if the other core is twice as idle */ + ASSERT( !cpu_isset(nxt, per_cpu(cpu_core_map, cpu)) ); ++ migrate_factor = 2; + cpus_and(cpu_idlers, idlers, per_cpu(cpu_core_map, cpu)); + cpus_and(nxt_idlers, idlers, per_cpu(cpu_core_map, nxt)); + } + + weight_cpu = cpus_weight(cpu_idlers); + weight_nxt = cpus_weight(nxt_idlers); +- if ( ( (weight_cpu < weight_nxt) ^ sched_smt_power_savings ) +- && (weight_cpu != weight_nxt) ) ++ /* smt_power_savings: consolidate work rather than spreading it */ ++ if ( ( sched_smt_power_savings ++ && (weight_cpu > weight_nxt) ) ++ || ( !sched_smt_power_savings ++ && (weight_cpu * migrate_factor < weight_nxt) ) ) + { + cpu = cycle_cpu(CSCHED_PCPU(nxt)->idle_bias, nxt_idlers); + if ( commit ) Added: trunk/xen/debian/patches/upstream-21364:f7d54e1d7044 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21364:f7d54e1d7044 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,74 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1286028622 -3600 +# Node ID f7d54e1d7044a7d3836b017b0806021b1c17ac7a +# Parent 7f190f6f1f5a861383fc1a3a877ab63841c00a15 +x86: fix boot failure (regression from pre-4.0 IRQ handling changes) + +With the change to index irq_desc[] by IRQ rather than by vector, the +prior implicit change of the used flow handler when altering the IRQ +routing path to go through the 8259A didn''t work anymore, and hence +on boards needing the ExtINT delivery workaround failed to boot. + +Make make_8259A_irq() a real function again, thus allowing the flow +handler to be changed there. + +Also eliminate the generally superfluous and (at least theoretically) +dangerous hard coded setting of the flow handler for IRQ0: Earlier +code should have set this already based on information coming from +ACPI/MPS, and non-standard systems may e.g. have this IRQ level +triggered. + +Signed-off-by: Jan Beulich <jbeulich at novell.com> +Tested-by: Markus Schuster <ml at markus.schuster.name> +xen-unstable changeset: 22222:aed9fd361340 +xen-unstable date: Sat Oct 02 15:03:15 2010 +0100 + +diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/arch/x86/i8259.c +--- a/xen/arch/x86/i8259.c Sat Oct 02 15:10:01 2010 +0100 ++++ b/xen/arch/x86/i8259.c Sat Oct 02 15:10:22 2010 +0100 +@@ -367,6 +367,12 @@ + spin_unlock_irqrestore(&i8259A_lock, flags); + } + ++void __init make_8259A_irq(unsigned int irq) ++{ ++ io_apic_irqs &= ~(1 << irq); ++ irq_to_desc(irq)->handler = &i8259A_irq_type; ++} ++ + static struct irqaction __read_mostly cascade = { no_action, "cascade", NULL}; + + void __init init_IRQ(void) +diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/arch/x86/io_apic.c +--- a/xen/arch/x86/io_apic.c Sat Oct 02 15:10:01 2010 +0100 ++++ b/xen/arch/x86/io_apic.c Sat Oct 02 15:10:22 2010 +0100 +@@ -38,9 +38,6 @@ + #include <io_ports.h> + #include <public/physdev.h> + +-/* Different to Linux: our implementation can be simpler. */ +-#define make_8259A_irq(irq) (io_apic_irqs &= ~(1<<(irq))) +- + int (*ioapic_renumber_irq)(int ioapic, int irq); + atomic_t irq_mis_count; + +@@ -1929,7 +1926,6 @@ + + irq_desc[0].depth = 0; + irq_desc[0].status &= ~IRQ_DISABLED; +- irq_desc[0].handler = &ioapic_edge_type; + + /* + * Subtle, code in do_timer_interrupt() expects an AEOI +diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/include/asm-x86/irq.h +--- a/xen/include/asm-x86/irq.h Sat Oct 02 15:10:01 2010 +0100 ++++ b/xen/include/asm-x86/irq.h Sat Oct 02 15:10:22 2010 +0100 +@@ -94,6 +94,7 @@ + void mask_8259A(void); + void unmask_8259A(void); + void init_8259A(int aeoi); ++void make_8259A_irq(unsigned int irq); + int i8259A_suspend(void); + int i8259A_resume(void); + Added: trunk/xen/debian/patches/upstream-21371:aabda497d83f =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21371:aabda497d83f Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,40 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1287923177 -3600 +# Node ID aabda497d83f7c289d58c77c321c77bf1f432930 +# Parent 06feba5976f3ad23d5cd73156e5dbbaa5237535a +Allow max_pages to be set to less than tot_pages + +The memory allocation code sometimes needs to enforce that a guest +that''s been told to balloon down isn''t going to expand further +(because it''s still executing a previous balloon-up operation). That +means being able to set the desired max_pages even before the balloon +driver has brought tot_pages down to the right level. + +Signed-off-by: Tim Deegan <Tim.Deegan at citrix.com> +Acked-by: Ian Jackson <ian.jackson at eu.citrix.com> +xen-unstable changeset: 22279:2208a036f8d9 +xen-unstable date: Sun Oct 24 13:13:04 2010 +0100 + +diff -r 06feba5976f3 -r aabda497d83f xen/common/domctl.c +--- a/xen/common/domctl.c Wed Oct 20 13:35:07 2010 +0100 ++++ b/xen/common/domctl.c Sun Oct 24 13:26:17 2010 +0100 +@@ -764,11 +764,13 @@ + new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT-10); + + spin_lock(&d->page_alloc_lock); +- if ( new_max >= d->tot_pages ) +- { +- d->max_pages = new_max; +- ret = 0; +- } ++ /* ++ * NB. We removed a check that new_max >= current tot_pages; this means ++ * that the domain will now be allowed to "ratchet" down to new_max. In ++ * the meantime, while tot > max, all new allocations are disallowed. ++ */ ++ d->max_pages = new_max; ++ ret = 0; + spin_unlock(&d->page_alloc_lock); + + max_mem_out: Added: trunk/xen/debian/patches/upstream-21375:179150c0b366 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21375:179150c0b366 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,27 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1288345463 -3600 +# Node ID 179150c0b36614a6a596ca5e872fea80d852a819 +# Parent 18a752a248116454e2259a2d88c801835d19532f +pygrub: support grub2 "(hdX,msdosY)" partition syntax + +This appeared in Debian Squeeze at some point. + +Signed-off-by: Ian Campbell <ian.campbell at citrix.com> +Signed-off-by: Stefano Stabellini <stefano.stabellini at eu.citrix.com> +committer: Stefano Stabellini <stefano.stabellini at eu.citrix.com> +xen-unstable changeset: 22238:6eaab8297681 +xen-unstable date: Wed Oct 13 11:45:26 2010 +0100 + +diff -r 18a752a24811 -r 179150c0b366 tools/pygrub/src/GrubConf.py +--- a/tools/pygrub/src/GrubConf.py Sun Oct 24 13:30:17 2010 +0100 ++++ b/tools/pygrub/src/GrubConf.py Fri Oct 29 10:44:23 2010 +0100 +@@ -77,6 +77,8 @@ + self._part = val + return + val = val.replace("(", "").replace(")", "") ++ if val[:5] == "msdos": ++ val = val[5:] + self._part = int(val) + part = property(get_part, set_part) + Added: trunk/xen/debian/patches/upstream-21376:43b3f8ceb991 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21376:43b3f8ceb991 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,83 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1288374294 -3600 +# Node ID 43b3f8ceb991c8410541fa763d2265dc3a539baa +# Parent 179150c0b36614a6a596ca5e872fea80d852a819 +Xen: fix various checks of unsigned integers < 0 + +Some of these could be benignly discarded by the compiler but some are +actual bugs. + +Signed-off-by: Tim Deegan <Tim.Deegan at citrix.com> +xen-unstable changeset: 22336:49803ac994f4 +xen-unstable date: Fri Oct 29 18:05:50 2010 +0100 + +diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/mm.c +--- a/xen/arch/x86/mm.c Fri Oct 29 10:44:23 2010 +0100 ++++ b/xen/arch/x86/mm.c Fri Oct 29 18:44:54 2010 +0100 +@@ -4223,7 +4223,7 @@ + ent.size = (uint64_t)(s - ctxt->s) << PAGE_SHIFT; + ent.type = E820_RESERVED; + buffer = guest_handle_cast(ctxt->map.buffer, e820entry_t); +- if ( __copy_to_guest_offset(buffer, ctxt->n, &ent, 1) < 0 ) ++ if ( __copy_to_guest_offset(buffer, ctxt->n, &ent, 1) ) + return -EFAULT; + ctxt->n++; + } +@@ -4439,7 +4439,7 @@ + } + if ( ctxt.map.nr_entries <= ctxt.n + (e820.nr_map - i) ) + return -EINVAL; +- if ( __copy_to_guest_offset(buffer, ctxt.n, e820.map + i, 1) < 0 ) ++ if ( __copy_to_guest_offset(buffer, ctxt.n, e820.map + i, 1) ) + return -EFAULT; + ctxt.s = PFN_UP(e820.map[i].addr + e820.map[i].size); + } +diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/physdev.c +--- a/xen/arch/x86/physdev.c Fri Oct 29 10:44:23 2010 +0100 ++++ b/xen/arch/x86/physdev.c Fri Oct 29 18:44:54 2010 +0100 +@@ -202,7 +202,7 @@ + if ( copy_from_guest(&eoi, arg, 1) != 0 ) + break; + ret = -EINVAL; +- if ( eoi.irq < 0 || eoi.irq >= v->domain->nr_pirqs ) ++ if ( eoi.irq >= v->domain->nr_pirqs ) + break; + if ( v->domain->arch.pirq_eoi_map ) + evtchn_unmask(v->domain->pirq_to_evtchn[eoi.irq]); +diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/platform_hypercall.c +--- a/xen/arch/x86/platform_hypercall.c Fri Oct 29 10:44:23 2010 +0100 ++++ b/xen/arch/x86/platform_hypercall.c Fri Oct 29 18:44:54 2010 +0100 +@@ -413,7 +413,6 @@ + } + + if ( (g_info->xen_cpuid >= NR_CPUS) || +- (g_info->xen_cpuid < 0) || + !cpu_present(g_info->xen_cpuid) ) + { + g_info->flags |= XEN_PCPU_FLAGS_INVALID; +diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/x86_emulate/x86_emulate.c +--- a/xen/arch/x86/x86_emulate/x86_emulate.c Fri Oct 29 10:44:23 2010 +0100 ++++ b/xen/arch/x86/x86_emulate/x86_emulate.c Fri Oct 29 18:44:54 2010 +0100 +@@ -2102,7 +2102,7 @@ + _regs.edx = (uint32_t)(((int32_t)_regs.eax < 0) ? -1 : 0); + break; + case 8: +- _regs.edx = (_regs.eax < 0) ? -1 : 0; ++ _regs.edx = ((int64_t)_regs.eax < 0) ? -1 : 0; + break; + } + break; +diff -r 179150c0b366 -r 43b3f8ceb991 xen/drivers/cpufreq/cpufreq.c +--- a/xen/drivers/cpufreq/cpufreq.c Fri Oct 29 10:44:23 2010 +0100 ++++ b/xen/drivers/cpufreq/cpufreq.c Fri Oct 29 18:44:54 2010 +0100 +@@ -115,8 +115,7 @@ + if (!cpu_online(cpu) || !data || !processor_pminfo[cpu]) + return -ENODEV; + +- if ((perf->platform_limit < 0) || +- (perf->platform_limit >= perf->state_count)) ++ if (perf->platform_limit >= perf->state_count) + return -EINVAL; + + memcpy(&policy, data, sizeof(struct cpufreq_policy)); Added: trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,24 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1290453249 0 +# Node ID 711ff9ac4d8cb973c1f908c92a43ce06f63a1fad +# Parent e9156d9d996b75b4251a30d2d7eb1ccc7c3009cb +x86: Check for MWAIT in CPUID before using it in ACPI idle code. + +Signed-off-by: Keir Fraser <keir at xen.org> +xen-unstable changeset: 22416:0cc4ed1ce1f3 +xen-unstable date: Mon Nov 22 19:13:00 2010 +0000 + +diff -r e9156d9d996b -r 711ff9ac4d8c xen/arch/x86/acpi/cpu_idle.c +--- a/xen/arch/x86/acpi/cpu_idle.c Tue Nov 16 11:54:48 2010 +0000 ++++ b/xen/arch/x86/acpi/cpu_idle.c Mon Nov 22 19:14:09 2010 +0000 +@@ -717,7 +717,8 @@ + { + case ACPI_ADR_SPACE_FIXED_HARDWARE: + if ( xen_cx->reg.bit_width == VENDOR_INTEL && +- xen_cx->reg.bit_offset == NATIVE_CSTATE_BEYOND_HALT ) ++ xen_cx->reg.bit_offset == NATIVE_CSTATE_BEYOND_HALT && ++ boot_cpu_has(X86_FEATURE_MWAIT) ) + cx->entry_method = ACPI_CSTATE_EM_FFH; + else + cx->entry_method = ACPI_CSTATE_EM_HALT; Added: trunk/xen/debian/patches/upstream-21388:b6d75c255bf6 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21388:b6d75c255bf6 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,105 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1290453490 0 +# Node ID b6d75c255bf69bb5bd1a4b01d4ac583077409001 +# Parent 711ff9ac4d8cb973c1f908c92a43ce06f63a1fad +x86 hvm: Fix VPMU issue on Nehalem cpus + +Fix an issue on Nehalem cpus where performance counter overflows may +lead to endless interrupt loops on this cpu. + +Signed-off-by: Dietmar Hahn <dietmar.hahn at ts.fujitsu.com> +xen-unstable changeset: 22417:c0c1f5f0745e +xen-unstable date: Mon Nov 22 19:16:34 2010 +0000 + +diff -r 711ff9ac4d8c -r b6d75c255bf6 xen/arch/x86/hvm/vmx/vpmu_core2.c +--- a/xen/arch/x86/hvm/vmx/vpmu_core2.c Mon Nov 22 19:14:09 2010 +0000 ++++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c Mon Nov 22 19:18:10 2010 +0000 +@@ -35,6 +35,68 @@ + #include <asm/hvm/vmx/vpmu.h> + #include <asm/hvm/vmx/vpmu_core2.h> + ++/* ++ * QUIRK to workaround an issue on Nehalem processors currently seen ++ * on family 6 cpus E5520 (model 26) and X7542 (model 46). ++ * The issue leads to endless PMC interrupt loops on the processor. ++ * If the interrupt handler is running and a pmc reaches the value 0, this ++ * value remains forever and it triggers immediately a new interrupt after ++ * finishing the handler. ++ * A workaround is to read all flagged counters and if the value is 0 write ++ * 1 (or another value != 0) into it. ++ * There exist no errata and the real cause of this behaviour is unknown. ++ */ ++bool_t __read_mostly is_pmc_quirk; ++ ++static void check_pmc_quirk(void) ++{ ++ u8 family = current_cpu_data.x86; ++ u8 cpu_model = current_cpu_data.x86_model; ++ is_pmc_quirk = 0; ++ if ( family == 6 ) ++ { ++ if ( cpu_model == 46 || cpu_model == 26 ) ++ is_pmc_quirk = 1; ++ } ++} ++ ++static int core2_get_pmc_count(void); ++static void handle_pmc_quirk(u64 msr_content) ++{ ++ int num_gen_pmc = core2_get_pmc_count(); ++ int num_fix_pmc = 3; ++ int i; ++ u64 val; ++ ++ if ( !is_pmc_quirk ) ++ return; ++ ++ val = msr_content; ++ for ( i = 0; i < num_gen_pmc; i++ ) ++ { ++ if ( val & 0x1 ) ++ { ++ u64 cnt; ++ rdmsrl(MSR_P6_PERFCTR0 + i, cnt); ++ if ( cnt == 0 ) ++ wrmsrl(MSR_P6_PERFCTR0 + i, 1); ++ } ++ val >>= 1; ++ } ++ val = msr_content >> 32; ++ for ( i = 0; i < num_fix_pmc; i++ ) ++ { ++ if ( val & 0x1 ) ++ { ++ u64 cnt; ++ rdmsrl(MSR_CORE_PERF_FIXED_CTR0 + i, cnt); ++ if ( cnt == 0 ) ++ wrmsrl(MSR_CORE_PERF_FIXED_CTR0 + i, 1); ++ } ++ val >>= 1; ++ } ++} ++ + u32 core2_counters_msr[] = { + MSR_CORE_PERF_FIXED_CTR0, + MSR_CORE_PERF_FIXED_CTR1, +@@ -497,6 +559,10 @@ + rdmsrl(MSR_CORE_PERF_GLOBAL_STATUS, msr_content); + if ( !msr_content ) + return 0; ++ ++ if ( is_pmc_quirk ) ++ handle_pmc_quirk(msr_content); ++ + core2_vpmu_cxt->global_ovf_status |= msr_content; + msr_content = 0xC000000700000000 | ((1 << core2_get_pmc_count()) - 1); + wrmsrl(MSR_CORE_PERF_GLOBAL_OVF_CTRL, msr_content); +@@ -518,6 +584,7 @@ + + static void core2_vpmu_initialise(struct vcpu *v) + { ++ check_pmc_quirk(); + } + + static void core2_vpmu_destroy(struct vcpu *v) Added: trunk/xen/debian/patches/upstream-21389:2901cbe2eccc =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21389:2901cbe2eccc Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,60 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1291041961 0 +# Node ID 2901cbe2eccc41ebd552bf6c829c8f0c46ba396c +# Parent b6d75c255bf69bb5bd1a4b01d4ac583077409001 +x86-64: don''t crash Xen upon direct pv guest access to GDT/LDT mapping area + +handle_gdt_ldt_mapping_fault() is intended to deal with indirect +accesses (i.e. those caused by descriptor loads) to the GDT/LDT +mapping area only. While for 32-bit segment limits indeed prevent the +function being entered for direct accesses (i.e. a #GP fault will be +raised even before the address translation gets done, on 64-bit even +user mode accesses would lead to control reaching the BUG_ON() at the +beginning of that function. + +Fortunately the fix is simple: Since the guest kernel runs in ring 3, +any guest direct access will have the "user mode" bit set, whereas +descriptor loads always do the translations to access the actual +descriptors as kernel mode ones. + +Signed-off-by: Jan Beulich <jbeulich at novell.com> + +Further, relax the BUG_ON() in handle_gdt_ldt_mapping_fault() to a +check-and-bail. This avoids any problems in future, if we don''t +execute x86_64 guest kernels in ring 3 (e.g., because we use a +lightweight HVM container). + +Signed-off-by: Keir Fraser <keir at xen.org> +xen-unstable changeset: 22448:5cd9612db2bb +xen-unstable date: Mon Nov 29 14:34:32 2010 +0000 + +diff -r b6d75c255bf6 -r 2901cbe2eccc xen/arch/x86/traps.c +--- a/xen/arch/x86/traps.c Mon Nov 22 19:18:10 2010 +0000 ++++ b/xen/arch/x86/traps.c Mon Nov 29 14:46:01 2010 +0000 +@@ -1051,8 +1051,14 @@ + unsigned int is_ldt_area = (offset >> (GDT_LDT_VCPU_VA_SHIFT-1)) & 1; + unsigned int vcpu_area = (offset >> GDT_LDT_VCPU_VA_SHIFT); + +- /* Should never fault in another vcpu''s area. */ +- BUG_ON(vcpu_area != curr->vcpu_id); ++ /* ++ * If the fault is in another vcpu''s area, it cannot be due to ++ * a GDT/LDT descriptor load. Thus we can reasonably exit immediately, and ++ * indeed we have to since map_ldt_shadow_page() works correctly only on ++ * accesses to a vcpu''s own area. ++ */ ++ if ( vcpu_area != curr->vcpu_id ) ++ return 0; + + /* Byte offset within the gdt/ldt sub-area. */ + offset &= (1UL << (GDT_LDT_VCPU_VA_SHIFT-1)) - 1UL; +@@ -1223,7 +1229,7 @@ + + if ( unlikely(IN_HYPERVISOR_RANGE(addr)) ) + { +- if ( !(regs->error_code & PFEC_reserved_bit) && ++ if ( !(regs->error_code & (PFEC_user_mode | PFEC_reserved_bit)) && + (addr >= GDT_LDT_VIRT_START) && (addr < GDT_LDT_VIRT_END) ) + return handle_gdt_ldt_mapping_fault( + addr - GDT_LDT_VIRT_START, regs); Added: trunk/xen/debian/patches/upstream-21395:2548598d110d =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21395:2548598d110d Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,31 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1291889763 0 +# Node ID 2548598d110d38355917b20abaa3422e32636001 +# Parent 6197158f6ba6acea6389ee260bfe8e96a42dfd6e +x86:vlapic: Fix possible guest tick losing after save/restore + +Guest vcpu may totally lose all ticks if the vlapic->pt.irq was not +restored during save/restore process. Fix it. + +Signed-off-by: Wei Gang <gang.wei at intel.com> +xen-unstable changeset: 22470:0c97247c64d6 +xen-unstable date: Thu Dec 09 08:34:59 2010 +0000 + +diff -r 6197158f6ba6 -r 2548598d110d xen/arch/x86/hvm/vlapic.c +--- a/xen/arch/x86/hvm/vlapic.c Thu Dec 09 10:14:57 2010 +0000 ++++ b/xen/arch/x86/hvm/vlapic.c Thu Dec 09 10:16:03 2010 +0000 +@@ -863,12 +863,12 @@ + unsigned long tmict = vlapic_get_reg(s, APIC_TMICT); + uint64_t period; + ++ s->pt.irq = vlapic_get_reg(s, APIC_LVTT) & APIC_VECTOR_MASK; + if ( (tmict = vlapic_get_reg(s, APIC_TMICT)) == 0 ) + return; + + period = ((uint64_t)APIC_BUS_CYCLE_NS * + (uint32_t)tmict * s->hw.timer_divisor); +- s->pt.irq = vlapic_get_reg(s, APIC_LVTT) & APIC_VECTOR_MASK; + create_periodic_time(vlapic_vcpu(s), &s->pt, period, + vlapic_lvtt_period(s) ? period : 0, + s->pt.irq, vlapic_pt_cb, Added: trunk/xen/debian/patches/upstream-21403:e7d9d8d46730 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21403:e7d9d8d46730 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,43 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1292409119 0 +# Node ID e7d9d8d46730f3ca0cd60efd2e55181e2bd4e863 +# Parent 612eb10ba78b5ca72ca9c26fb68f1e003bdba34a +x86/iommu: account for necessary allocations when calculating Dom0''s +initial allocation size + +As of c/s 21812:e382656e4dcc, IOMMU related allocations for Dom0 +happen only after it got all of its memory allocated, and hence the +reserve (mainly for setting up its swiotlb) may get exhausted without +accounting for the necessary allocations up front. + +While not precise, the estimate has been found to be within a couple +of pages for the systems it got tested on. + +For the calculation to be reasonably correct, this depends on the +patch titled "x86/iommu: don''t map RAM holes above 4G" sent out +yesterday. + +Signed-off-by: Jan Beulich <jbeulich at novell.com> +xen-unstable changeset: 22506:618ba64260fa +xen-unstable date: Tue Dec 14 09:54:10 2010 +0000 + +diff -r 612eb10ba78b -r e7d9d8d46730 xen/arch/x86/domain_build.c +--- a/xen/arch/x86/domain_build.c Wed Dec 15 10:31:08 2010 +0000 ++++ b/xen/arch/x86/domain_build.c Wed Dec 15 10:31:59 2010 +0000 +@@ -188,6 +188,15 @@ + if ( is_pv_32on64_domain(d) ) + avail -= opt_dom0_max_vcpus - 1; + ++ /* Reserve memory for iommu_dom0_init() (rough estimate). */ ++ if ( iommu_enabled ) ++ { ++ unsigned int s; ++ ++ for ( s = 9; s < BITS_PER_LONG; s += 9 ) ++ avail -= max_page >> s; ++ } ++ + /* + * If domain 0 allocation isn''t specified, reserve 1/16th of available + * memory for things like DMA buffers. This reservation is clamped to Added: trunk/xen/debian/patches/upstream-21407:4e689840622f =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21407:4e689840622f Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,25 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1292415227 0 +# Node ID 4e689840622fcae76b40d036ca5b3f6003f94997 +# Parent 1bec63e5bcfe06af2f04d00a663df14ce53a9718 +x86-64: fix restoring of hypercall arguments after trace callout + +Signed-off-by: Jan Beulich <jbeulich at novell.com> +xen-unstable changeset: 22539:20c65aa19075 +xen-unstable date: Wed Dec 15 12:09:41 2010 +0000 + +diff -r 1bec63e5bcfe -r 4e689840622f xen/arch/x86/x86_64/entry.S +--- a/xen/arch/x86/x86_64/entry.S Wed Dec 15 12:06:56 2010 +0000 ++++ b/xen/arch/x86/x86_64/entry.S Wed Dec 15 12:13:47 2010 +0000 +@@ -171,8 +171,8 @@ + movq UREGS_rsi+SHADOW_BYTES(%rsp),%rsi /* Arg 2 */ + movq UREGS_rdx+SHADOW_BYTES(%rsp),%rdx /* Arg 3 */ + movq UREGS_r10+SHADOW_BYTES(%rsp),%rcx /* Arg 4 */ +- movq UREGS_rdi+SHADOW_BYTES(%rsp),%r8 /* Arg 5 */ +- movq UREGS_rbp+SHADOW_BYTES(%rsp),%r9 /* Arg 6 */ ++ movq UREGS_r8 +SHADOW_BYTES(%rsp),%r8 /* Arg 5 */ ++ movq UREGS_r9 +SHADOW_BYTES(%rsp),%r9 /* Arg 6 */ + #undef SHADOW_BYTES + 1: leaq hypercall_table(%rip),%r10 + PERFC_INCR(PERFC_hypercalls, %rax, %rbx) Added: trunk/xen/debian/patches/upstream-21409:a45388506790 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21409:a45388506790 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,31 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1292514051 0 +# Node ID a453885067908f8a092b5d7f7d9ad07c8db3be9c +# Parent 66a6203d27fdd02c1b619343e25e4a3d379aaac9 +vtd: Require unmap_vtd_domain_page() on a couple of early exit paths. + +From: Jan Beulich <JBeulich at novell.com> +Signed-off-by: Keir Fraser <keir at xen.org> +xen-unstable changeset: 22549:aa18b8ddaf05 +xen-unstable date: Thu Dec 16 15:38:57 2010 +0000 + +diff -r 66a6203d27fd -r a45388506790 xen/drivers/passthrough/vtd/iommu.c +--- a/xen/drivers/passthrough/vtd/iommu.c Wed Dec 15 12:14:05 2010 +0000 ++++ b/xen/drivers/passthrough/vtd/iommu.c Thu Dec 16 15:40:51 2010 +0000 +@@ -1300,6 +1300,7 @@ + if ( context_set_domain_id(context, domain, iommu) ) + { + spin_unlock(&iommu->lock); ++ unmap_vtd_domain_page(context_entries); + return -EFAULT; + } + +@@ -1631,6 +1632,7 @@ + if ( old.val == new.val ) + { + spin_unlock(&hd->mapping_lock); ++ unmap_vtd_domain_page(page); + return 0; + } + *pte = new; Added: trunk/xen/debian/patches/upstream-21413:b05fa0652463 =============================================================================--- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/xen/debian/patches/upstream-21413:b05fa0652463 Wed Jan 12 11:39:39 2011 (r807) @@ -0,0 +1,151 @@ +# HG changeset patch +# User Keir Fraser <keir at xen.org> +# Date 1292582910 0 +# Node ID b05fa0652463d322c125acdb945341e953616e59 +# Parent eebc0881bdf7dc37e07102101d76c47892623b37 +vtd: Reinstate ACPI DMAR on system shutdown or S3/S4/S5. + +Signed-off-by: Keir Fraser <keir at xen.org> +xen-unstable changeset: 22570:f2dba7ff0828 +xen-unstable date: Fri Dec 17 10:46:43 2010 +0000 + +diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/acpi/power.c +--- a/xen/arch/x86/acpi/power.c Thu Dec 16 20:18:11 2010 +0000 ++++ b/xen/arch/x86/acpi/power.c Fri Dec 17 10:48:30 2010 +0000 +@@ -12,7 +12,6 @@ + + #include <xen/config.h> + #include <asm/io.h> +-#include <asm/acpi.h> + #include <xen/acpi.h> + #include <xen/errno.h> + #include <xen/iocap.h> +@@ -159,6 +158,8 @@ + + freeze_domains(); + ++ acpi_dmar_reinstate(); ++ + disable_nonboot_cpus(); + if ( num_online_cpus() != 1 ) + { +@@ -229,6 +230,7 @@ + cpufreq_add_cpu(0); + microcode_resume_cpu(0); + enable_nonboot_cpus(); ++ acpi_dmar_zap(); + thaw_domains(); + spin_unlock(&pm_lock); + return error; +diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/shutdown.c +--- a/xen/arch/x86/shutdown.c Thu Dec 16 20:18:11 2010 +0000 ++++ b/xen/arch/x86/shutdown.c Fri Dec 17 10:48:30 2010 +0000 +@@ -308,6 +308,8 @@ + console_start_sync(); + spin_debug_disable(); + ++ acpi_dmar_reinstate(); ++ + local_irq_enable(); + + /* Ensure we are the boot CPU. */ +diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/tboot.c +--- a/xen/arch/x86/tboot.c Thu Dec 16 20:18:11 2010 +0000 ++++ b/xen/arch/x86/tboot.c Fri Dec 17 10:48:30 2010 +0000 +@@ -5,6 +5,7 @@ + #include <xen/sched.h> + #include <xen/domain_page.h> + #include <xen/iommu.h> ++#include <xen/acpi.h> + #include <asm/fixmap.h> + #include <asm/page.h> + #include <asm/processor.h> +@@ -479,13 +480,7 @@ + + /* acpi_parse_dmar() zaps APCI DMAR signature in TXT heap table */ + /* but dom0 will read real table, so must zap it there too */ +- dmar_table = NULL; +- acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table); +- if ( dmar_table != NULL ) +- { +- dmar_table->signature[0] = ''X''; +- dmar_table->checksum -= ''X''-''D''; +- } ++ acpi_dmar_zap(); + + return rc; + } +diff -r eebc0881bdf7 -r b05fa0652463 xen/common/kexec.c +--- a/xen/common/kexec.c Thu Dec 16 20:18:11 2010 +0000 ++++ b/xen/common/kexec.c Fri Dec 17 10:48:30 2010 +0000 +@@ -109,20 +109,13 @@ + return out; + } + +-static int acpi_dmar_reinstate(struct acpi_table_header *table) +-{ +- table->signature[0] = ''D''; +- table->checksum += ''X''-''D''; +- return 0; +-} +- + static void kexec_common_shutdown(void) + { + watchdog_disable(); + console_start_sync(); + spin_debug_disable(); + one_cpu_only(); +- acpi_table_parse(ACPI_SIG_DMAR, acpi_dmar_reinstate); ++ acpi_dmar_reinstate(); + } + + void kexec_crash(void) +diff -r eebc0881bdf7 -r b05fa0652463 xen/drivers/passthrough/vtd/dmar.c +--- a/xen/drivers/passthrough/vtd/dmar.c Thu Dec 16 20:18:11 2010 +0000 ++++ b/xen/drivers/passthrough/vtd/dmar.c Fri Dec 17 10:48:30 2010 +0000 +@@ -768,3 +768,34 @@ + { + return parse_dmar_table(acpi_parse_dmar); + } ++ ++static struct acpi_table_header *get_dmar(void) ++{ ++ struct acpi_table_header *dmar_table = NULL; ++ unsigned long flags; ++ ++ /* Disabling IRQs avoids cross-CPU TLB flush in map_pages_to_xen(). */ ++ local_irq_save(flags); ++ acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table); ++ local_irq_restore(flags); ++ ++ return dmar_table; ++} ++ ++void acpi_dmar_reinstate(void) ++{ ++ struct acpi_table_header *dmar_table = get_dmar(); ++ if ( dmar_table == NULL ) ++ return; ++ dmar_table->signature[0] = ''D''; ++ dmar_table->checksum += ''X''-''D''; ++} ++ ++void acpi_dmar_zap(void) ++{ ++ struct acpi_table_header *dmar_table = get_dmar(); ++ if ( dmar_table == NULL ) ++ return; ++ dmar_table->signature[0] = ''X''; ++ dmar_table->checksum -= ''X''-''D''; ++} +diff -r eebc0881bdf7 -r b05fa0652463 xen/include/xen/acpi.h +--- a/xen/include/xen/acpi.h Thu Dec 16 20:18:11 2010 +0000 ++++ b/xen/include/xen/acpi.h Fri Dec 17 10:48:30 2010 +0000 +@@ -421,4 +421,7 @@ + + void acpi_reboot(void); + ++void acpi_dmar_zap(void); ++void acpi_dmar_reinstate(void); ++ + #endif /*_LINUX_ACPI_H*/