[Pkg-xen-changes] r807 - in trunk/xen/debian: . patches
Bastian Blank
waldi at alioth.debian.org
Wed Jan 12 11:39:40 UTC 2011
Author: waldi
Date: Wed Jan 12 11:39:39 2011
New Revision: 807
Log:
* debian/changelog: Update.
* debian/patches: Add several upstream patches.
Added:
trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f
trunk/xen/debian/patches/upstream-21335:e854f11d392d
trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670
trunk/xen/debian/patches/upstream-21338:12c96d380c48
trunk/xen/debian/patches/upstream-21347:081ba5a13718
trunk/xen/debian/patches/upstream-21348:aced00366822
trunk/xen/debian/patches/upstream-21353:59917443fc50
trunk/xen/debian/patches/upstream-21354:67af28519aed
trunk/xen/debian/patches/upstream-21364:f7d54e1d7044
trunk/xen/debian/patches/upstream-21371:aabda497d83f
trunk/xen/debian/patches/upstream-21375:179150c0b366
trunk/xen/debian/patches/upstream-21376:43b3f8ceb991
trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c
trunk/xen/debian/patches/upstream-21388:b6d75c255bf6
trunk/xen/debian/patches/upstream-21389:2901cbe2eccc
trunk/xen/debian/patches/upstream-21395:2548598d110d
trunk/xen/debian/patches/upstream-21403:e7d9d8d46730
trunk/xen/debian/patches/upstream-21407:4e689840622f
trunk/xen/debian/patches/upstream-21409:a45388506790
trunk/xen/debian/patches/upstream-21413:b05fa0652463
Modified:
trunk/xen/debian/changelog
trunk/xen/debian/patches/series
Modified: trunk/xen/debian/changelog
==============================================================================
--- trunk/xen/debian/changelog Fri Sep 3 15:16:04 2010 (r806)
+++ trunk/xen/debian/changelog Wed Jan 12 11:39:39 2011 (r807)
@@ -1,3 +1,28 @@
+xen (4.0.1-2) UNRELEASED; urgency=low
+
+ * Fix races in memory management.
+ * Make sure that frame-table compression leaves enough alligned.
+ * Disable XSAVE support. (closes: #595490)
+ * Check for dying domain instead of raising an assertion.
+ * Add C6 state with EOI errata for Intel.
+ * Make some memory management interrupt safe. Unsure if really needed.
+ * Raise bar for inter-socket migrations on mostly-idle systems.
+ * Fix interrupt handling for legacy routed interrupts.
+ * Allow to set maximal domain memory even during a running change.
+ * Support new partition name in pygrub. (closes: #599243)
+ * Fix some comparisions "< 0" that may be optimized away.
+ * Check for MWAIT support before using it.
+ * Fix endless loop on interrupts on Nehalem cpus.
+ * Don't crash upon direct GDT/LDT access. (closes: #609531)
+ CVE-2010-4255
+ * Don't loose timer ticks after domain restore.
+ * Reserve some space for IOMMU area in dom0.
+ * Fix hypercall arguments after trace callout.
+ * Fix some error paths in vtd support. Memory leak.
+ * Reinstate ACPI DMAR table.
+
+ -- Bastian Blank <waldi at debian.org> Wed, 12 Jan 2011 11:54:36 +0100
+
xen (4.0.1-1) unstable; urgency=low
* New upstream release.
Modified: trunk/xen/debian/patches/series
==============================================================================
--- trunk/xen/debian/patches/series Fri Sep 3 15:16:04 2010 (r806)
+++ trunk/xen/debian/patches/series Wed Jan 12 11:39:39 2011 (r807)
@@ -47,3 +47,24 @@
tools-xenmon-install.diff
tools-python-shebang.diff
+
+upstream-21334:993458f6c5a0+21405:ae381a864b4f
+upstream-21335:e854f11d392d
+upstream-21336:16867267ac12+21362:b98a20571670
+upstream-21338:12c96d380c48
+upstream-21347:081ba5a13718
+upstream-21348:aced00366822
+upstream-21353:59917443fc50
+upstream-21354:67af28519aed
+upstream-21364:f7d54e1d7044
+upstream-21371:aabda497d83f
+upstream-21375:179150c0b366
+upstream-21376:43b3f8ceb991
+upstream-21387:711ff9ac4d8c
+upstream-21388:b6d75c255bf6
+upstream-21389:2901cbe2eccc
+upstream-21395:2548598d110d
+upstream-21403:e7d9d8d46730
+upstream-21407:4e689840622f
+upstream-21409:a45388506790
+upstream-21413:b05fa0652463
Added: trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,170 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1283155186 -3600
+# Node ID 993458f6c5a0df2cfeeda9552ece6d18839798dc
+# Parent 0aafca182acf609bff75425ed85bd5c06d455073
+ept: Put locks around ept_get_entry
+
+There's a subtle race in ept_get_entry, such that if tries to read an
+entry that ept_set_entry is modifying, it gets neither the old entry
+nor the new entry, but empty. In the case of multi-cpu
+populate-on-demand guests, this manifests as a guest crash when one
+vcpu tries to read a page which another page is trying to populate,
+and ept_get_entry returns p2m_mmio_dm.
+
+This bug can also be fixed by making both ept_set_entry and
+ept_next_level access-once (i.e., ept_next_level reads full ept_entry
+and then works with local value; ept_set_entry construct the entry
+locally and then sets it in one write). But there doesn't seem to be
+any major performance implications of just making ept_get_entry use
+locks; so the simpler, the better.
+
+Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com>
+xen-unstable changeset: 22071:c5aed2e049bc
+xen-unstable date: Mon Aug 30 08:39:52 2010 +0100
+
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292410072 0
+# Node ID ae381a864b4f38edf0c672160091b612346c88d1
+# Parent 9c7b9e65bc37b15b4a227937eee5b2e4368e5ce4
+ept: Remove lock in ept_get_entry, replace with access-once semantics.
+
+This mirrors the RVI/shadow situation, where p2m read access is
+lockless because it's done in the hardware (linear map of the p2m
+table).
+
+This fixes the original bug (call it bug A) without introducing bug B
+(a deadlock).
+
+Bug A was caused by a race when updating p2m entries: between testing
+if it's valid, and testing if it's populate-on-demand, it may have
+been changed from populate-on-demand to valid.
+
+My original patch simply introduced a lock into ept_get_entry, but
+that caused bug B, caused by circular locking order: p2m_change_type
+[grabs p2m lock] -> set_p2m_entry -> ept_set_entry ->
+ept_set_middle_level -> p2m_alloc [grabs hap lock] write cr4 ->
+hap_update_paging_modes [grabes hap lock] -> hap_update_cr3 ->
+gfn_to_mfn -> ept_get_entry -> [grabs p2m lock]
+
+Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com>
+xen-unstable changeset: 22526:7a5ee3800417
+xen-unstable date: Wed Dec 15 10:47:05 2010 +0000
+
+--- a/xen/arch/x86/mm/hap/p2m-ept.c
++++ b/xen/arch/x86/mm/hap/p2m-ept.c
+@@ -137,7 +137,7 @@
+ ept_entry_t **table, unsigned long *gfn_remainder,
+ u32 shift)
+ {
+- ept_entry_t *ept_entry;
++ ept_entry_t *ept_entry, e;
+ ept_entry_t *next;
+ u32 index;
+
+@@ -145,9 +145,11 @@
+
+ ept_entry = (*table) + index;
+
+- if ( !is_epte_present(ept_entry) )
++ e=*ept_entry;
++
++ if ( !is_epte_present(&e) )
+ {
+- if ( ept_entry->avail1 == p2m_populate_on_demand )
++ if ( e.avail1 == p2m_populate_on_demand )
+ return GUEST_TABLE_POD_PAGE;
+
+ if ( read_only )
+@@ -155,15 +157,17 @@
+
+ if ( !ept_set_middle_entry(d, ept_entry) )
+ return GUEST_TABLE_MAP_FAILED;
++ else
++ e=*ept_entry;
+ }
+
+ /* The only time sp would be set here is if we had hit a superpage */
+- if ( is_epte_superpage(ept_entry) )
++ if ( is_epte_superpage(&e) )
+ return GUEST_TABLE_SUPER_PAGE;
+ else
+ {
+ *gfn_remainder &= (1UL << shift) - 1;
+- next = map_domain_page(ept_entry->mfn);
++ next = map_domain_page(e.mfn);
+ unmap_domain_page(*table);
+ *table = next;
+ return GUEST_TABLE_NORMAL_PAGE;
+@@ -235,35 +239,39 @@
+ if ( mfn_valid(mfn_x(mfn)) || direct_mmio || p2m_is_paged(p2mt) ||
+ (p2mt == p2m_ram_paging_in_start) )
+ {
+- ept_entry->emt = epte_get_entry_emt(d, gfn, mfn, &ipat,
++ ept_entry_t new_entry;
++
++ new_entry.emt = epte_get_entry_emt(d, gfn, mfn, &ipat,
+ direct_mmio);
+- ept_entry->ipat = ipat;
+- ept_entry->sp = order ? 1 : 0;
++ new_entry.ipat = ipat;
++ new_entry.sp = order ? 1 : 0;
+
+ if ( ret == GUEST_TABLE_SUPER_PAGE )
+ {
+- if ( ept_entry->mfn == (mfn_x(mfn) - offset) )
++ if ( new_entry.mfn == (mfn_x(mfn) - offset) )
+ need_modify_vtd_table = 0;
+ else
+- ept_entry->mfn = mfn_x(mfn) - offset;
++ new_entry.mfn = mfn_x(mfn) - offset;
+
+- if ( (ept_entry->avail1 == p2m_ram_logdirty)
++ if ( (new_entry.avail1 == p2m_ram_logdirty)
+ && (p2mt == p2m_ram_rw) )
+ for ( i = 0; i < 512; i++ )
+ paging_mark_dirty(d, mfn_x(mfn) - offset + i);
+ }
+ else
+ {
+- if ( ept_entry->mfn == mfn_x(mfn) )
++ if ( new_entry.mfn == mfn_x(mfn) )
+ need_modify_vtd_table = 0;
+ else
+- ept_entry->mfn = mfn_x(mfn);
++ new_entry.mfn = mfn_x(mfn);
+ }
+
+- ept_entry->avail1 = p2mt;
+- ept_entry->avail2 = 0;
++ new_entry.avail1 = p2mt;
++ new_entry.avail2 = 0;
++
++ ept_p2m_type_to_flags(&new_entry, p2mt);
+
+- ept_p2m_type_to_flags(ept_entry, p2mt);
++ ept_entry->epte = new_entry.epte;
+ }
+ else
+ ept_entry->epte = 0;
+@@ -387,6 +395,10 @@
+ int i;
+ int ret = 0;
+ mfn_t mfn = _mfn(INVALID_MFN);
++ int do_locking = !p2m_locked_by_me(d->arch.p2m);
++
++ if ( do_locking )
++ p2m_lock(d->arch.p2m);
+
+ *t = p2m_mmio_dm;
+
+@@ -464,6 +476,8 @@
+ }
+
+ out:
++ if ( do_locking )
++ p2m_unlock(d->arch.p2m);
+ unmap_domain_page(table);
+ return mfn;
+ }
Added: trunk/xen/debian/patches/upstream-21335:e854f11d392d
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21335:e854f11d392d Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,37 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1283332901 -3600
+# Node ID e854f11d392d13e5302a219bcc9e6e352a4f1c1b
+# Parent 993458f6c5a0df2cfeeda9552ece6d18839798dc
+x86_64: Ensure frame-table compression leaves MAX_ORDER aligned
+contiguous ranges of page_info structs. This allows page-pointer
+arithmetic in places like our buddy allocator.
+
+This restriction was already implicitly guaranteed, but it is good to
+make it explicit in the pdx-related initialisation.
+
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset: 972d90ff3134
+xen-unstable date: Wed Sep 01 10:17:49 2010 +0100
+
+diff -r 993458f6c5a0 -r e854f11d392d xen/arch/x86/x86_64/mm.c
+--- a/xen/arch/x86/x86_64/mm.c Mon Aug 30 08:59:46 2010 +0100
++++ b/xen/arch/x86/x86_64/mm.c Wed Sep 01 10:21:41 2010 +0100
+@@ -163,9 +163,15 @@
+
+ void __init pfn_pdx_hole_setup(unsigned long mask)
+ {
+- unsigned int i, j, bottom_shift, hole_shift;
++ unsigned int i, j, bottom_shift = 0, hole_shift = 0;
+
+- for ( hole_shift = bottom_shift = j = 0; ; )
++ /*
++ * We skip the first MAX_ORDER bits, as we never want to compress them.
++ * This guarantees that page-pointer arithmetic remains valid within
++ * contiguous aligned ranges of 2^MAX_ORDER pages. Among others, our
++ * buddy allocator relies on this assumption.
++ */
++ for ( j = MAX_ORDER-1; ; )
+ {
+ i = find_next_zero_bit(&mask, BITS_PER_LONG, j);
+ j = find_next_bit(&mask, BITS_PER_LONG, i);
Added: trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,75 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1283332925 -3600
+# Node ID 16867267ac126043712703455b81c16f2549ee23
+# Parent e854f11d392d13e5302a219bcc9e6e352a4f1c1b
+x86 intel: Disable XSAVE support.
+
+It breaks HVM save/restore.
+
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset: ae0cd4e5cc01
+xen-unstable date: Wed Sep 01 10:19:14 2010 +0100
+
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1285340308 -3600
+# Node ID b98a20571670d905bb32eef98e2991a563e9f4fa
+# Parent c9f461d6ea1db06e3434f8c1a29f2568f2b45f54
+x86: check CPUID level before enabling xsave
+
+While not as relevant after c/s 21894, is still seems safer to check
+the CPUID level here, just like Linux does. The is particularly
+relevant for the 4.0 tree (which doesn't have said c/s), but also
+possibly for nested environments where writing MSR_IA32_MISC_ENABLE
+may not actually take effect (Xen itself ignores such writes).
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+xen-unstable changeset: 22213:eb247ea9db8c
+xen-unstable date: Fri Sep 24 15:53:31 2010 +0100
+
+--- a/xen/arch/x86/cpu/intel.c
++++ b/xen/arch/x86/cpu/intel.c
+@@ -30,7 +30,7 @@
+ integer_param("cpuid_mask_ecx", opt_cpuid_mask_ecx);
+ integer_param("cpuid_mask_edx", opt_cpuid_mask_edx);
+
+-static int use_xsave = 1;
++static int use_xsave;
+ boolean_param("xsave", use_xsave);
+
+ #ifdef CONFIG_X86_INTEL_USERCOPY
+--- a/xen/arch/x86/i387.c
++++ b/xen/arch/x86/i387.c
+@@ -132,6 +132,8 @@
+ }
+ }
+
++#define XSTATE_CPUID 0xd
++
+ /*
+ * Maximum size (in byte) of the XSAVE/XRSTOR save area required by all
+ * the supported and enabled features on the processor, including the
+@@ -148,7 +150,12 @@
+ int cpu = smp_processor_id();
+ u32 min_size;
+
+- cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);
++ if ( boot_cpu_data.cpuid_level < XSTATE_CPUID ) {
++ printk(XENLOG_ERR "XSTATE_CPUID missing\n");
++ return;
++ }
++
++ cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
+
+ printk("%s: cpu%d: cntxt_max_size: 0x%x and states: %08x:%08x\n",
+ __func__, cpu, ecx, edx, eax);
+@@ -169,7 +176,7 @@
+ */
+ set_in_cr4(X86_CR4_OSXSAVE);
+ set_xcr0(eax & XCNTXT_MASK);
+- cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);
++ cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
+ clear_in_cr4(X86_CR4_OSXSAVE);
+
+ if ( cpu == 0 )
Added: trunk/xen/debian/patches/upstream-21338:12c96d380c48
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21338:12c96d380c48 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,52 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1284394746 -3600
+# Node ID 12c96d380c48789d6d4c8955af7e014075abf3d9
+# Parent 5ca1d7547a42cc469d856b62f1894408ea8e1723
+page_alloc: Hold heap_lock while adjusting page states to/from PGC_state_free.
+
+This avoids races with buddy-merging logic in free_heap_pages().
+
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset: 22135:69e8bb164683
+xen-unstable date: Mon Sep 13 17:08:31 2010 +0100
+
+diff -r 5ca1d7547a42 -r 12c96d380c48 xen/common/page_alloc.c
+--- a/xen/common/page_alloc.c Mon Sep 13 17:18:07 2010 +0100
++++ b/xen/common/page_alloc.c Mon Sep 13 17:19:06 2010 +0100
+@@ -378,8 +378,6 @@
+ total_avail_pages -= request;
+ ASSERT(total_avail_pages >= 0);
+
+- spin_unlock(&heap_lock);
+-
+ cpus_clear(mask);
+
+ for ( i = 0; i < (1 << order); i++ )
+@@ -401,6 +399,8 @@
+ page_set_owner(&pg[i], NULL);
+ }
+
++ spin_unlock(&heap_lock);
++
+ if ( unlikely(!cpus_empty(mask)) )
+ {
+ perfc_incr(need_flush_tlb_flush);
+@@ -496,6 +496,8 @@
+ ASSERT(order <= MAX_ORDER);
+ ASSERT(node >= 0);
+
++ spin_lock(&heap_lock);
++
+ for ( i = 0; i < (1 << order); i++ )
+ {
+ /*
+@@ -523,8 +525,6 @@
+ pg[i].tlbflush_timestamp = tlbflush_current_time();
+ }
+
+- spin_lock(&heap_lock);
+-
+ avail[node][zone] += 1 << order;
+ total_avail_pages += 1 << order;
+
Added: trunk/xen/debian/patches/upstream-21347:081ba5a13718
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21347:081ba5a13718 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,30 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1284535364 -3600
+# Node ID 081ba5a13718f12f0d306d8f094c1b73a7f7d173
+# Parent 84510e00ebd1e3bc0a5d7b2f0d996d41e49e17ff
+notify_via_xen_event_channel() should check for dying domain.
+
+Else we can fail on either ASSERTion in that function.
+
+From: Olaf Hering <olaf at aepfle.de>
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset: 22159:62edd2611cbb
+xen-unstable date: Wed Sep 15 08:18:53 2010 +0100
+
+diff -r 84510e00ebd1 -r 081ba5a13718 xen/common/event_channel.c
+--- a/xen/common/event_channel.c Wed Sep 15 08:22:16 2010 +0100
++++ b/xen/common/event_channel.c Wed Sep 15 08:22:44 2010 +0100
+@@ -994,6 +994,12 @@
+
+ spin_lock(&ld->event_lock);
+
++ if ( unlikely(ld->is_dying) )
++ {
++ spin_unlock(&ld->event_lock);
++ return;
++ }
++
+ ASSERT(port_is_valid(ld, lport));
+ lchn = evtchn_from_port(ld, lport);
+ ASSERT(lchn->consumer_is_xen);
Added: trunk/xen/debian/patches/upstream-21348:aced00366822
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21348:aced00366822 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,96 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1284537730 -3600
+# Node ID aced003668226f1007305092086611d12eaff396
+# Parent 081ba5a13718f12f0d306d8f094c1b73a7f7d173
+C6 state with EOI issue fix for some Intel processors
+
+There is an errata in some of Intel processors.
+
+AAJ72. EOI Transaction May Not be Sent if Software Enters Core C6
+During an Interrupt Service Routine
+
+If core C6 is entered after the start of an interrupt service routine
+but before a write to the APIC EOI register, the core may not send an
+EOI transaction (if needed) and further interrupts from the same
+priority level or lower may be blocked.
+
+This patch fix this issue, by checking if ISR is pending before enter
+deep Cx state. If so, it would use power->safe_state instead of deep
+Cx state to prevent the above issue happen.
+
+Signed-off-by: Sheng Yang <sheng at linux.intel.com>
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset: 22160:1087f9a03ab6
+xen-unstable date: Wed Sep 15 09:00:35 2010 +0100
+
+diff -r 081ba5a13718 -r aced00366822 xen/arch/x86/acpi/cpu_idle.c
+--- a/xen/arch/x86/acpi/cpu_idle.c Wed Sep 15 08:22:44 2010 +0100
++++ b/xen/arch/x86/acpi/cpu_idle.c Wed Sep 15 09:02:10 2010 +0100
+@@ -226,6 +226,31 @@
+ return atomic_read(&this_cpu(schedule_data).urgent_count);
+ }
+
++/*
++ * "AAJ72. EOI Transaction May Not be Sent if Software Enters Core C6 During
++ * an Interrupt Service Routine"
++ *
++ * There was an errata with some Core i7 processors that an EOI transaction
++ * may not be sent if software enters core C6 during an interrupt service
++ * routine. So we don't enter deep Cx state if there is an EOI pending.
++ */
++bool_t errata_c6_eoi_workaround(void)
++{
++ static bool_t fix_needed = -1;
++
++ if ( unlikely(fix_needed == -1) )
++ {
++ int model = boot_cpu_data.x86_model;
++ fix_needed = (cpu_has_apic && !directed_eoi_enabled &&
++ (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
++ (boot_cpu_data.x86 == 6) &&
++ ((model == 0x1a) || (model == 0x1e) || (model == 0x1f) ||
++ (model == 0x25) || (model == 0x2c) || (model == 0x2f)));
++ }
++
++ return (fix_needed && cpu_has_pending_apic_eoi());
++}
++
+ static void acpi_processor_idle(void)
+ {
+ struct acpi_processor_power *power = processor_powers[smp_processor_id()];
+@@ -277,6 +302,9 @@
+ return;
+ }
+
++ if ( (cx->type == ACPI_STATE_C3) && errata_c6_eoi_workaround() )
++ cx = power->safe_state;
++
+ power->last_state = cx;
+
+ /*
+diff -r 081ba5a13718 -r aced00366822 xen/arch/x86/irq.c
+--- a/xen/arch/x86/irq.c Wed Sep 15 08:22:44 2010 +0100
++++ b/xen/arch/x86/irq.c Wed Sep 15 09:02:10 2010 +0100
+@@ -756,6 +756,11 @@
+ static DEFINE_PER_CPU(struct pending_eoi, pending_eoi[NR_DYNAMIC_VECTORS]);
+ #define pending_eoi_sp(p) ((p)[NR_DYNAMIC_VECTORS-1].vector)
+
++bool_t cpu_has_pending_apic_eoi(void)
++{
++ return (pending_eoi_sp(this_cpu(pending_eoi)) != 0);
++}
++
+ static inline void set_pirq_eoi(struct domain *d, unsigned int irq)
+ {
+ if ( d->arch.pirq_eoi_map )
+diff -r 081ba5a13718 -r aced00366822 xen/include/asm-x86/irq.h
+--- a/xen/include/asm-x86/irq.h Wed Sep 15 08:22:44 2010 +0100
++++ b/xen/include/asm-x86/irq.h Wed Sep 15 09:02:10 2010 +0100
+@@ -150,4 +150,6 @@
+ #define domain_pirq_to_irq(d, pirq) ((d)->arch.pirq_irq[pirq])
+ #define domain_irq_to_pirq(d, irq) ((d)->arch.irq_pirq[irq])
+
++bool_t cpu_has_pending_apic_eoi(void);
++
+ #endif /* _ASM_HW_IRQ_H */
Added: trunk/xen/debian/patches/upstream-21353:59917443fc50
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21353:59917443fc50 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,95 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1285010201 -3600
+# Node ID 59917443fc5090cd4833a2381e96c96001007b21
+# Parent 09e971d829482ec045f309949e14ed1de938e845
+x86_32: [un]map_domain_page() is now IRQ safe.
+
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset: 22177:7405e0ddb912
+xen-unstable date: Sat Sep 18 08:57:15 2010 +0100
+
+diff -r 09e971d82948 -r 59917443fc50 xen/arch/x86/x86_32/domain_page.c
+--- a/xen/arch/x86/x86_32/domain_page.c Mon Sep 20 20:16:22 2010 +0100
++++ b/xen/arch/x86/x86_32/domain_page.c Mon Sep 20 20:16:41 2010 +0100
+@@ -42,15 +42,13 @@
+
+ void *map_domain_page(unsigned long mfn)
+ {
+- unsigned long va;
+- unsigned int idx, i, flags;
++ unsigned long va, flags;
++ unsigned int idx, i;
+ struct vcpu *v;
+ struct mapcache_domain *dcache;
+ struct mapcache_vcpu *vcache;
+ struct vcpu_maphash_entry *hashent;
+
+- ASSERT(!in_irq());
+-
+ perfc_incr(map_domain_page_count);
+
+ v = mapcache_current_vcpu();
+@@ -58,6 +56,8 @@
+ dcache = &v->domain->arch.mapcache;
+ vcache = &v->arch.mapcache;
+
++ local_irq_save(flags);
++
+ hashent = &vcache->hash[MAPHASH_HASHFN(mfn)];
+ if ( hashent->mfn == mfn )
+ {
+@@ -69,7 +69,7 @@
+ goto out;
+ }
+
+- spin_lock_irqsave(&dcache->lock, flags);
++ spin_lock(&dcache->lock);
+
+ /* Has some other CPU caused a wrap? We must flush if so. */
+ if ( unlikely(dcache->epoch != vcache->shadow_epoch) )
+@@ -105,11 +105,12 @@
+ set_bit(idx, dcache->inuse);
+ dcache->cursor = idx + 1;
+
+- spin_unlock_irqrestore(&dcache->lock, flags);
++ spin_unlock(&dcache->lock);
+
+ l1e_write(&dcache->l1tab[idx], l1e_from_pfn(mfn, __PAGE_HYPERVISOR));
+
+ out:
++ local_irq_restore(flags);
+ va = MAPCACHE_VIRT_START + (idx << PAGE_SHIFT);
+ return (void *)va;
+ }
+@@ -119,11 +120,9 @@
+ unsigned int idx;
+ struct vcpu *v;
+ struct mapcache_domain *dcache;
+- unsigned long mfn;
++ unsigned long mfn, flags;
+ struct vcpu_maphash_entry *hashent;
+
+- ASSERT(!in_irq());
+-
+ ASSERT((void *)MAPCACHE_VIRT_START <= va);
+ ASSERT(va < (void *)MAPCACHE_VIRT_END);
+
+@@ -135,6 +134,8 @@
+ mfn = l1e_get_pfn(dcache->l1tab[idx]);
+ hashent = &v->arch.mapcache.hash[MAPHASH_HASHFN(mfn)];
+
++ local_irq_save(flags);
++
+ if ( hashent->idx == idx )
+ {
+ ASSERT(hashent->mfn == mfn);
+@@ -163,6 +164,8 @@
+ /* /Second/, mark as garbage. */
+ set_bit(idx, dcache->garbage);
+ }
++
++ local_irq_restore(flags);
+ }
+
+ void mapcache_domain_init(struct domain *d)
Added: trunk/xen/debian/patches/upstream-21354:67af28519aed
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21354:67af28519aed Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,65 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1285010305 -3600
+# Node ID 67af28519aed5a68758f34cc37216c008faca9cb
+# Parent 59917443fc5090cd4833a2381e96c96001007b21
+sched_credit: Raise bar for inter-socket migrations on mostly-idle systems
+
+The credit scheduler ties to keep work balanced, even on a mostly idle
+system. Unfortunately, if you have one VM burning cpu and another VM
+idle, the effect is that the busy VM will flip back and forth between
+sockets.
+
+This patch addresses this, by only migrating to a different socket if
+the number of idle processors is twice that of the socket the vcpu is
+currently on.
+
+This will only affect mostly-idle systems; as the system becomes more
+busy, other load-balancing code will come into effect.
+
+Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com>
+xen-unstable changeset: 22180:0bc640853cfd
+xen-unstable date: Mon Sep 20 18:49:15 2010 +0100
+
+diff -r 59917443fc50 -r 67af28519aed xen/common/sched_credit.c
+--- a/xen/common/sched_credit.c Mon Sep 20 20:16:41 2010 +0100
++++ b/xen/common/sched_credit.c Mon Sep 20 20:18:25 2010 +0100
+@@ -420,26 +420,36 @@
+ cpumask_t cpu_idlers;
+ cpumask_t nxt_idlers;
+ int nxt, weight_cpu, weight_nxt;
++ int migrate_factor;
+
+ nxt = cycle_cpu(cpu, cpus);
+
+ if ( cpu_isset(cpu, per_cpu(cpu_core_map, nxt)) )
+ {
++ /* We're on the same socket, so check the busy-ness of threads.
++ * Migrate if # of idlers is less at all */
+ ASSERT( cpu_isset(nxt, per_cpu(cpu_core_map, cpu)) );
++ migrate_factor = 1;
+ cpus_and(cpu_idlers, idlers, per_cpu(cpu_sibling_map, cpu));
+ cpus_and(nxt_idlers, idlers, per_cpu(cpu_sibling_map, nxt));
+ }
+ else
+ {
++ /* We're on different sockets, so check the busy-ness of cores.
++ * Migrate only if the other core is twice as idle */
+ ASSERT( !cpu_isset(nxt, per_cpu(cpu_core_map, cpu)) );
++ migrate_factor = 2;
+ cpus_and(cpu_idlers, idlers, per_cpu(cpu_core_map, cpu));
+ cpus_and(nxt_idlers, idlers, per_cpu(cpu_core_map, nxt));
+ }
+
+ weight_cpu = cpus_weight(cpu_idlers);
+ weight_nxt = cpus_weight(nxt_idlers);
+- if ( ( (weight_cpu < weight_nxt) ^ sched_smt_power_savings )
+- && (weight_cpu != weight_nxt) )
++ /* smt_power_savings: consolidate work rather than spreading it */
++ if ( ( sched_smt_power_savings
++ && (weight_cpu > weight_nxt) )
++ || ( !sched_smt_power_savings
++ && (weight_cpu * migrate_factor < weight_nxt) ) )
+ {
+ cpu = cycle_cpu(CSCHED_PCPU(nxt)->idle_bias, nxt_idlers);
+ if ( commit )
Added: trunk/xen/debian/patches/upstream-21364:f7d54e1d7044
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21364:f7d54e1d7044 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,74 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1286028622 -3600
+# Node ID f7d54e1d7044a7d3836b017b0806021b1c17ac7a
+# Parent 7f190f6f1f5a861383fc1a3a877ab63841c00a15
+x86: fix boot failure (regression from pre-4.0 IRQ handling changes)
+
+With the change to index irq_desc[] by IRQ rather than by vector, the
+prior implicit change of the used flow handler when altering the IRQ
+routing path to go through the 8259A didn't work anymore, and hence
+on boards needing the ExtINT delivery workaround failed to boot.
+
+Make make_8259A_irq() a real function again, thus allowing the flow
+handler to be changed there.
+
+Also eliminate the generally superfluous and (at least theoretically)
+dangerous hard coded setting of the flow handler for IRQ0: Earlier
+code should have set this already based on information coming from
+ACPI/MPS, and non-standard systems may e.g. have this IRQ level
+triggered.
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+Tested-by: Markus Schuster <ml at markus.schuster.name>
+xen-unstable changeset: 22222:aed9fd361340
+xen-unstable date: Sat Oct 02 15:03:15 2010 +0100
+
+diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/arch/x86/i8259.c
+--- a/xen/arch/x86/i8259.c Sat Oct 02 15:10:01 2010 +0100
++++ b/xen/arch/x86/i8259.c Sat Oct 02 15:10:22 2010 +0100
+@@ -367,6 +367,12 @@
+ spin_unlock_irqrestore(&i8259A_lock, flags);
+ }
+
++void __init make_8259A_irq(unsigned int irq)
++{
++ io_apic_irqs &= ~(1 << irq);
++ irq_to_desc(irq)->handler = &i8259A_irq_type;
++}
++
+ static struct irqaction __read_mostly cascade = { no_action, "cascade", NULL};
+
+ void __init init_IRQ(void)
+diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/arch/x86/io_apic.c
+--- a/xen/arch/x86/io_apic.c Sat Oct 02 15:10:01 2010 +0100
++++ b/xen/arch/x86/io_apic.c Sat Oct 02 15:10:22 2010 +0100
+@@ -38,9 +38,6 @@
+ #include <io_ports.h>
+ #include <public/physdev.h>
+
+-/* Different to Linux: our implementation can be simpler. */
+-#define make_8259A_irq(irq) (io_apic_irqs &= ~(1<<(irq)))
+-
+ int (*ioapic_renumber_irq)(int ioapic, int irq);
+ atomic_t irq_mis_count;
+
+@@ -1929,7 +1926,6 @@
+
+ irq_desc[0].depth = 0;
+ irq_desc[0].status &= ~IRQ_DISABLED;
+- irq_desc[0].handler = &ioapic_edge_type;
+
+ /*
+ * Subtle, code in do_timer_interrupt() expects an AEOI
+diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/include/asm-x86/irq.h
+--- a/xen/include/asm-x86/irq.h Sat Oct 02 15:10:01 2010 +0100
++++ b/xen/include/asm-x86/irq.h Sat Oct 02 15:10:22 2010 +0100
+@@ -94,6 +94,7 @@
+ void mask_8259A(void);
+ void unmask_8259A(void);
+ void init_8259A(int aeoi);
++void make_8259A_irq(unsigned int irq);
+ int i8259A_suspend(void);
+ int i8259A_resume(void);
+
Added: trunk/xen/debian/patches/upstream-21371:aabda497d83f
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21371:aabda497d83f Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,40 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1287923177 -3600
+# Node ID aabda497d83f7c289d58c77c321c77bf1f432930
+# Parent 06feba5976f3ad23d5cd73156e5dbbaa5237535a
+Allow max_pages to be set to less than tot_pages
+
+The memory allocation code sometimes needs to enforce that a guest
+that's been told to balloon down isn't going to expand further
+(because it's still executing a previous balloon-up operation). That
+means being able to set the desired max_pages even before the balloon
+driver has brought tot_pages down to the right level.
+
+Signed-off-by: Tim Deegan <Tim.Deegan at citrix.com>
+Acked-by: Ian Jackson <ian.jackson at eu.citrix.com>
+xen-unstable changeset: 22279:2208a036f8d9
+xen-unstable date: Sun Oct 24 13:13:04 2010 +0100
+
+diff -r 06feba5976f3 -r aabda497d83f xen/common/domctl.c
+--- a/xen/common/domctl.c Wed Oct 20 13:35:07 2010 +0100
++++ b/xen/common/domctl.c Sun Oct 24 13:26:17 2010 +0100
+@@ -764,11 +764,13 @@
+ new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT-10);
+
+ spin_lock(&d->page_alloc_lock);
+- if ( new_max >= d->tot_pages )
+- {
+- d->max_pages = new_max;
+- ret = 0;
+- }
++ /*
++ * NB. We removed a check that new_max >= current tot_pages; this means
++ * that the domain will now be allowed to "ratchet" down to new_max. In
++ * the meantime, while tot > max, all new allocations are disallowed.
++ */
++ d->max_pages = new_max;
++ ret = 0;
+ spin_unlock(&d->page_alloc_lock);
+
+ max_mem_out:
Added: trunk/xen/debian/patches/upstream-21375:179150c0b366
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21375:179150c0b366 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,27 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1288345463 -3600
+# Node ID 179150c0b36614a6a596ca5e872fea80d852a819
+# Parent 18a752a248116454e2259a2d88c801835d19532f
+pygrub: support grub2 "(hdX,msdosY)" partition syntax
+
+This appeared in Debian Squeeze at some point.
+
+Signed-off-by: Ian Campbell <ian.campbell at citrix.com>
+Signed-off-by: Stefano Stabellini <stefano.stabellini at eu.citrix.com>
+committer: Stefano Stabellini <stefano.stabellini at eu.citrix.com>
+xen-unstable changeset: 22238:6eaab8297681
+xen-unstable date: Wed Oct 13 11:45:26 2010 +0100
+
+diff -r 18a752a24811 -r 179150c0b366 tools/pygrub/src/GrubConf.py
+--- a/tools/pygrub/src/GrubConf.py Sun Oct 24 13:30:17 2010 +0100
++++ b/tools/pygrub/src/GrubConf.py Fri Oct 29 10:44:23 2010 +0100
+@@ -77,6 +77,8 @@
+ self._part = val
+ return
+ val = val.replace("(", "").replace(")", "")
++ if val[:5] == "msdos":
++ val = val[5:]
+ self._part = int(val)
+ part = property(get_part, set_part)
+
Added: trunk/xen/debian/patches/upstream-21376:43b3f8ceb991
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21376:43b3f8ceb991 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,83 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1288374294 -3600
+# Node ID 43b3f8ceb991c8410541fa763d2265dc3a539baa
+# Parent 179150c0b36614a6a596ca5e872fea80d852a819
+Xen: fix various checks of unsigned integers < 0
+
+Some of these could be benignly discarded by the compiler but some are
+actual bugs.
+
+Signed-off-by: Tim Deegan <Tim.Deegan at citrix.com>
+xen-unstable changeset: 22336:49803ac994f4
+xen-unstable date: Fri Oct 29 18:05:50 2010 +0100
+
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/mm.c
+--- a/xen/arch/x86/mm.c Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/arch/x86/mm.c Fri Oct 29 18:44:54 2010 +0100
+@@ -4223,7 +4223,7 @@
+ ent.size = (uint64_t)(s - ctxt->s) << PAGE_SHIFT;
+ ent.type = E820_RESERVED;
+ buffer = guest_handle_cast(ctxt->map.buffer, e820entry_t);
+- if ( __copy_to_guest_offset(buffer, ctxt->n, &ent, 1) < 0 )
++ if ( __copy_to_guest_offset(buffer, ctxt->n, &ent, 1) )
+ return -EFAULT;
+ ctxt->n++;
+ }
+@@ -4439,7 +4439,7 @@
+ }
+ if ( ctxt.map.nr_entries <= ctxt.n + (e820.nr_map - i) )
+ return -EINVAL;
+- if ( __copy_to_guest_offset(buffer, ctxt.n, e820.map + i, 1) < 0 )
++ if ( __copy_to_guest_offset(buffer, ctxt.n, e820.map + i, 1) )
+ return -EFAULT;
+ ctxt.s = PFN_UP(e820.map[i].addr + e820.map[i].size);
+ }
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/physdev.c
+--- a/xen/arch/x86/physdev.c Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/arch/x86/physdev.c Fri Oct 29 18:44:54 2010 +0100
+@@ -202,7 +202,7 @@
+ if ( copy_from_guest(&eoi, arg, 1) != 0 )
+ break;
+ ret = -EINVAL;
+- if ( eoi.irq < 0 || eoi.irq >= v->domain->nr_pirqs )
++ if ( eoi.irq >= v->domain->nr_pirqs )
+ break;
+ if ( v->domain->arch.pirq_eoi_map )
+ evtchn_unmask(v->domain->pirq_to_evtchn[eoi.irq]);
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/platform_hypercall.c
+--- a/xen/arch/x86/platform_hypercall.c Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/arch/x86/platform_hypercall.c Fri Oct 29 18:44:54 2010 +0100
+@@ -413,7 +413,6 @@
+ }
+
+ if ( (g_info->xen_cpuid >= NR_CPUS) ||
+- (g_info->xen_cpuid < 0) ||
+ !cpu_present(g_info->xen_cpuid) )
+ {
+ g_info->flags |= XEN_PCPU_FLAGS_INVALID;
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/x86_emulate/x86_emulate.c
+--- a/xen/arch/x86/x86_emulate/x86_emulate.c Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/arch/x86/x86_emulate/x86_emulate.c Fri Oct 29 18:44:54 2010 +0100
+@@ -2102,7 +2102,7 @@
+ _regs.edx = (uint32_t)(((int32_t)_regs.eax < 0) ? -1 : 0);
+ break;
+ case 8:
+- _regs.edx = (_regs.eax < 0) ? -1 : 0;
++ _regs.edx = ((int64_t)_regs.eax < 0) ? -1 : 0;
+ break;
+ }
+ break;
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/drivers/cpufreq/cpufreq.c
+--- a/xen/drivers/cpufreq/cpufreq.c Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/drivers/cpufreq/cpufreq.c Fri Oct 29 18:44:54 2010 +0100
+@@ -115,8 +115,7 @@
+ if (!cpu_online(cpu) || !data || !processor_pminfo[cpu])
+ return -ENODEV;
+
+- if ((perf->platform_limit < 0) ||
+- (perf->platform_limit >= perf->state_count))
++ if (perf->platform_limit >= perf->state_count)
+ return -EINVAL;
+
+ memcpy(&policy, data, sizeof(struct cpufreq_policy));
Added: trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,24 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1290453249 0
+# Node ID 711ff9ac4d8cb973c1f908c92a43ce06f63a1fad
+# Parent e9156d9d996b75b4251a30d2d7eb1ccc7c3009cb
+x86: Check for MWAIT in CPUID before using it in ACPI idle code.
+
+Signed-off-by: Keir Fraser <keir at xen.org>
+xen-unstable changeset: 22416:0cc4ed1ce1f3
+xen-unstable date: Mon Nov 22 19:13:00 2010 +0000
+
+diff -r e9156d9d996b -r 711ff9ac4d8c xen/arch/x86/acpi/cpu_idle.c
+--- a/xen/arch/x86/acpi/cpu_idle.c Tue Nov 16 11:54:48 2010 +0000
++++ b/xen/arch/x86/acpi/cpu_idle.c Mon Nov 22 19:14:09 2010 +0000
+@@ -717,7 +717,8 @@
+ {
+ case ACPI_ADR_SPACE_FIXED_HARDWARE:
+ if ( xen_cx->reg.bit_width == VENDOR_INTEL &&
+- xen_cx->reg.bit_offset == NATIVE_CSTATE_BEYOND_HALT )
++ xen_cx->reg.bit_offset == NATIVE_CSTATE_BEYOND_HALT &&
++ boot_cpu_has(X86_FEATURE_MWAIT) )
+ cx->entry_method = ACPI_CSTATE_EM_FFH;
+ else
+ cx->entry_method = ACPI_CSTATE_EM_HALT;
Added: trunk/xen/debian/patches/upstream-21388:b6d75c255bf6
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21388:b6d75c255bf6 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,105 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1290453490 0
+# Node ID b6d75c255bf69bb5bd1a4b01d4ac583077409001
+# Parent 711ff9ac4d8cb973c1f908c92a43ce06f63a1fad
+x86 hvm: Fix VPMU issue on Nehalem cpus
+
+Fix an issue on Nehalem cpus where performance counter overflows may
+lead to endless interrupt loops on this cpu.
+
+Signed-off-by: Dietmar Hahn <dietmar.hahn at ts.fujitsu.com>
+xen-unstable changeset: 22417:c0c1f5f0745e
+xen-unstable date: Mon Nov 22 19:16:34 2010 +0000
+
+diff -r 711ff9ac4d8c -r b6d75c255bf6 xen/arch/x86/hvm/vmx/vpmu_core2.c
+--- a/xen/arch/x86/hvm/vmx/vpmu_core2.c Mon Nov 22 19:14:09 2010 +0000
++++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c Mon Nov 22 19:18:10 2010 +0000
+@@ -35,6 +35,68 @@
+ #include <asm/hvm/vmx/vpmu.h>
+ #include <asm/hvm/vmx/vpmu_core2.h>
+
++/*
++ * QUIRK to workaround an issue on Nehalem processors currently seen
++ * on family 6 cpus E5520 (model 26) and X7542 (model 46).
++ * The issue leads to endless PMC interrupt loops on the processor.
++ * If the interrupt handler is running and a pmc reaches the value 0, this
++ * value remains forever and it triggers immediately a new interrupt after
++ * finishing the handler.
++ * A workaround is to read all flagged counters and if the value is 0 write
++ * 1 (or another value != 0) into it.
++ * There exist no errata and the real cause of this behaviour is unknown.
++ */
++bool_t __read_mostly is_pmc_quirk;
++
++static void check_pmc_quirk(void)
++{
++ u8 family = current_cpu_data.x86;
++ u8 cpu_model = current_cpu_data.x86_model;
++ is_pmc_quirk = 0;
++ if ( family == 6 )
++ {
++ if ( cpu_model == 46 || cpu_model == 26 )
++ is_pmc_quirk = 1;
++ }
++}
++
++static int core2_get_pmc_count(void);
++static void handle_pmc_quirk(u64 msr_content)
++{
++ int num_gen_pmc = core2_get_pmc_count();
++ int num_fix_pmc = 3;
++ int i;
++ u64 val;
++
++ if ( !is_pmc_quirk )
++ return;
++
++ val = msr_content;
++ for ( i = 0; i < num_gen_pmc; i++ )
++ {
++ if ( val & 0x1 )
++ {
++ u64 cnt;
++ rdmsrl(MSR_P6_PERFCTR0 + i, cnt);
++ if ( cnt == 0 )
++ wrmsrl(MSR_P6_PERFCTR0 + i, 1);
++ }
++ val >>= 1;
++ }
++ val = msr_content >> 32;
++ for ( i = 0; i < num_fix_pmc; i++ )
++ {
++ if ( val & 0x1 )
++ {
++ u64 cnt;
++ rdmsrl(MSR_CORE_PERF_FIXED_CTR0 + i, cnt);
++ if ( cnt == 0 )
++ wrmsrl(MSR_CORE_PERF_FIXED_CTR0 + i, 1);
++ }
++ val >>= 1;
++ }
++}
++
+ u32 core2_counters_msr[] = {
+ MSR_CORE_PERF_FIXED_CTR0,
+ MSR_CORE_PERF_FIXED_CTR1,
+@@ -497,6 +559,10 @@
+ rdmsrl(MSR_CORE_PERF_GLOBAL_STATUS, msr_content);
+ if ( !msr_content )
+ return 0;
++
++ if ( is_pmc_quirk )
++ handle_pmc_quirk(msr_content);
++
+ core2_vpmu_cxt->global_ovf_status |= msr_content;
+ msr_content = 0xC000000700000000 | ((1 << core2_get_pmc_count()) - 1);
+ wrmsrl(MSR_CORE_PERF_GLOBAL_OVF_CTRL, msr_content);
+@@ -518,6 +584,7 @@
+
+ static void core2_vpmu_initialise(struct vcpu *v)
+ {
++ check_pmc_quirk();
+ }
+
+ static void core2_vpmu_destroy(struct vcpu *v)
Added: trunk/xen/debian/patches/upstream-21389:2901cbe2eccc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21389:2901cbe2eccc Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,60 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1291041961 0
+# Node ID 2901cbe2eccc41ebd552bf6c829c8f0c46ba396c
+# Parent b6d75c255bf69bb5bd1a4b01d4ac583077409001
+x86-64: don't crash Xen upon direct pv guest access to GDT/LDT mapping area
+
+handle_gdt_ldt_mapping_fault() is intended to deal with indirect
+accesses (i.e. those caused by descriptor loads) to the GDT/LDT
+mapping area only. While for 32-bit segment limits indeed prevent the
+function being entered for direct accesses (i.e. a #GP fault will be
+raised even before the address translation gets done, on 64-bit even
+user mode accesses would lead to control reaching the BUG_ON() at the
+beginning of that function.
+
+Fortunately the fix is simple: Since the guest kernel runs in ring 3,
+any guest direct access will have the "user mode" bit set, whereas
+descriptor loads always do the translations to access the actual
+descriptors as kernel mode ones.
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+
+Further, relax the BUG_ON() in handle_gdt_ldt_mapping_fault() to a
+check-and-bail. This avoids any problems in future, if we don't
+execute x86_64 guest kernels in ring 3 (e.g., because we use a
+lightweight HVM container).
+
+Signed-off-by: Keir Fraser <keir at xen.org>
+xen-unstable changeset: 22448:5cd9612db2bb
+xen-unstable date: Mon Nov 29 14:34:32 2010 +0000
+
+diff -r b6d75c255bf6 -r 2901cbe2eccc xen/arch/x86/traps.c
+--- a/xen/arch/x86/traps.c Mon Nov 22 19:18:10 2010 +0000
++++ b/xen/arch/x86/traps.c Mon Nov 29 14:46:01 2010 +0000
+@@ -1051,8 +1051,14 @@
+ unsigned int is_ldt_area = (offset >> (GDT_LDT_VCPU_VA_SHIFT-1)) & 1;
+ unsigned int vcpu_area = (offset >> GDT_LDT_VCPU_VA_SHIFT);
+
+- /* Should never fault in another vcpu's area. */
+- BUG_ON(vcpu_area != curr->vcpu_id);
++ /*
++ * If the fault is in another vcpu's area, it cannot be due to
++ * a GDT/LDT descriptor load. Thus we can reasonably exit immediately, and
++ * indeed we have to since map_ldt_shadow_page() works correctly only on
++ * accesses to a vcpu's own area.
++ */
++ if ( vcpu_area != curr->vcpu_id )
++ return 0;
+
+ /* Byte offset within the gdt/ldt sub-area. */
+ offset &= (1UL << (GDT_LDT_VCPU_VA_SHIFT-1)) - 1UL;
+@@ -1223,7 +1229,7 @@
+
+ if ( unlikely(IN_HYPERVISOR_RANGE(addr)) )
+ {
+- if ( !(regs->error_code & PFEC_reserved_bit) &&
++ if ( !(regs->error_code & (PFEC_user_mode | PFEC_reserved_bit)) &&
+ (addr >= GDT_LDT_VIRT_START) && (addr < GDT_LDT_VIRT_END) )
+ return handle_gdt_ldt_mapping_fault(
+ addr - GDT_LDT_VIRT_START, regs);
Added: trunk/xen/debian/patches/upstream-21395:2548598d110d
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21395:2548598d110d Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,31 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1291889763 0
+# Node ID 2548598d110d38355917b20abaa3422e32636001
+# Parent 6197158f6ba6acea6389ee260bfe8e96a42dfd6e
+x86:vlapic: Fix possible guest tick losing after save/restore
+
+Guest vcpu may totally lose all ticks if the vlapic->pt.irq was not
+restored during save/restore process. Fix it.
+
+Signed-off-by: Wei Gang <gang.wei at intel.com>
+xen-unstable changeset: 22470:0c97247c64d6
+xen-unstable date: Thu Dec 09 08:34:59 2010 +0000
+
+diff -r 6197158f6ba6 -r 2548598d110d xen/arch/x86/hvm/vlapic.c
+--- a/xen/arch/x86/hvm/vlapic.c Thu Dec 09 10:14:57 2010 +0000
++++ b/xen/arch/x86/hvm/vlapic.c Thu Dec 09 10:16:03 2010 +0000
+@@ -863,12 +863,12 @@
+ unsigned long tmict = vlapic_get_reg(s, APIC_TMICT);
+ uint64_t period;
+
++ s->pt.irq = vlapic_get_reg(s, APIC_LVTT) & APIC_VECTOR_MASK;
+ if ( (tmict = vlapic_get_reg(s, APIC_TMICT)) == 0 )
+ return;
+
+ period = ((uint64_t)APIC_BUS_CYCLE_NS *
+ (uint32_t)tmict * s->hw.timer_divisor);
+- s->pt.irq = vlapic_get_reg(s, APIC_LVTT) & APIC_VECTOR_MASK;
+ create_periodic_time(vlapic_vcpu(s), &s->pt, period,
+ vlapic_lvtt_period(s) ? period : 0,
+ s->pt.irq, vlapic_pt_cb,
Added: trunk/xen/debian/patches/upstream-21403:e7d9d8d46730
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21403:e7d9d8d46730 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,43 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292409119 0
+# Node ID e7d9d8d46730f3ca0cd60efd2e55181e2bd4e863
+# Parent 612eb10ba78b5ca72ca9c26fb68f1e003bdba34a
+x86/iommu: account for necessary allocations when calculating Dom0's
+initial allocation size
+
+As of c/s 21812:e382656e4dcc, IOMMU related allocations for Dom0
+happen only after it got all of its memory allocated, and hence the
+reserve (mainly for setting up its swiotlb) may get exhausted without
+accounting for the necessary allocations up front.
+
+While not precise, the estimate has been found to be within a couple
+of pages for the systems it got tested on.
+
+For the calculation to be reasonably correct, this depends on the
+patch titled "x86/iommu: don't map RAM holes above 4G" sent out
+yesterday.
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+xen-unstable changeset: 22506:618ba64260fa
+xen-unstable date: Tue Dec 14 09:54:10 2010 +0000
+
+diff -r 612eb10ba78b -r e7d9d8d46730 xen/arch/x86/domain_build.c
+--- a/xen/arch/x86/domain_build.c Wed Dec 15 10:31:08 2010 +0000
++++ b/xen/arch/x86/domain_build.c Wed Dec 15 10:31:59 2010 +0000
+@@ -188,6 +188,15 @@
+ if ( is_pv_32on64_domain(d) )
+ avail -= opt_dom0_max_vcpus - 1;
+
++ /* Reserve memory for iommu_dom0_init() (rough estimate). */
++ if ( iommu_enabled )
++ {
++ unsigned int s;
++
++ for ( s = 9; s < BITS_PER_LONG; s += 9 )
++ avail -= max_page >> s;
++ }
++
+ /*
+ * If domain 0 allocation isn't specified, reserve 1/16th of available
+ * memory for things like DMA buffers. This reservation is clamped to
Added: trunk/xen/debian/patches/upstream-21407:4e689840622f
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21407:4e689840622f Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,25 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292415227 0
+# Node ID 4e689840622fcae76b40d036ca5b3f6003f94997
+# Parent 1bec63e5bcfe06af2f04d00a663df14ce53a9718
+x86-64: fix restoring of hypercall arguments after trace callout
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+xen-unstable changeset: 22539:20c65aa19075
+xen-unstable date: Wed Dec 15 12:09:41 2010 +0000
+
+diff -r 1bec63e5bcfe -r 4e689840622f xen/arch/x86/x86_64/entry.S
+--- a/xen/arch/x86/x86_64/entry.S Wed Dec 15 12:06:56 2010 +0000
++++ b/xen/arch/x86/x86_64/entry.S Wed Dec 15 12:13:47 2010 +0000
+@@ -171,8 +171,8 @@
+ movq UREGS_rsi+SHADOW_BYTES(%rsp),%rsi /* Arg 2 */
+ movq UREGS_rdx+SHADOW_BYTES(%rsp),%rdx /* Arg 3 */
+ movq UREGS_r10+SHADOW_BYTES(%rsp),%rcx /* Arg 4 */
+- movq UREGS_rdi+SHADOW_BYTES(%rsp),%r8 /* Arg 5 */
+- movq UREGS_rbp+SHADOW_BYTES(%rsp),%r9 /* Arg 6 */
++ movq UREGS_r8 +SHADOW_BYTES(%rsp),%r8 /* Arg 5 */
++ movq UREGS_r9 +SHADOW_BYTES(%rsp),%r9 /* Arg 6 */
+ #undef SHADOW_BYTES
+ 1: leaq hypercall_table(%rip),%r10
+ PERFC_INCR(PERFC_hypercalls, %rax, %rbx)
Added: trunk/xen/debian/patches/upstream-21409:a45388506790
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21409:a45388506790 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,31 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292514051 0
+# Node ID a453885067908f8a092b5d7f7d9ad07c8db3be9c
+# Parent 66a6203d27fdd02c1b619343e25e4a3d379aaac9
+vtd: Require unmap_vtd_domain_page() on a couple of early exit paths.
+
+From: Jan Beulich <JBeulich at novell.com>
+Signed-off-by: Keir Fraser <keir at xen.org>
+xen-unstable changeset: 22549:aa18b8ddaf05
+xen-unstable date: Thu Dec 16 15:38:57 2010 +0000
+
+diff -r 66a6203d27fd -r a45388506790 xen/drivers/passthrough/vtd/iommu.c
+--- a/xen/drivers/passthrough/vtd/iommu.c Wed Dec 15 12:14:05 2010 +0000
++++ b/xen/drivers/passthrough/vtd/iommu.c Thu Dec 16 15:40:51 2010 +0000
+@@ -1300,6 +1300,7 @@
+ if ( context_set_domain_id(context, domain, iommu) )
+ {
+ spin_unlock(&iommu->lock);
++ unmap_vtd_domain_page(context_entries);
+ return -EFAULT;
+ }
+
+@@ -1631,6 +1632,7 @@
+ if ( old.val == new.val )
+ {
+ spin_unlock(&hd->mapping_lock);
++ unmap_vtd_domain_page(page);
+ return 0;
+ }
+ *pte = new;
Added: trunk/xen/debian/patches/upstream-21413:b05fa0652463
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21413:b05fa0652463 Wed Jan 12 11:39:39 2011 (r807)
@@ -0,0 +1,151 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292582910 0
+# Node ID b05fa0652463d322c125acdb945341e953616e59
+# Parent eebc0881bdf7dc37e07102101d76c47892623b37
+vtd: Reinstate ACPI DMAR on system shutdown or S3/S4/S5.
+
+Signed-off-by: Keir Fraser <keir at xen.org>
+xen-unstable changeset: 22570:f2dba7ff0828
+xen-unstable date: Fri Dec 17 10:46:43 2010 +0000
+
+diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/acpi/power.c
+--- a/xen/arch/x86/acpi/power.c Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/arch/x86/acpi/power.c Fri Dec 17 10:48:30 2010 +0000
+@@ -12,7 +12,6 @@
+
+ #include <xen/config.h>
+ #include <asm/io.h>
+-#include <asm/acpi.h>
+ #include <xen/acpi.h>
+ #include <xen/errno.h>
+ #include <xen/iocap.h>
+@@ -159,6 +158,8 @@
+
+ freeze_domains();
+
++ acpi_dmar_reinstate();
++
+ disable_nonboot_cpus();
+ if ( num_online_cpus() != 1 )
+ {
+@@ -229,6 +230,7 @@
+ cpufreq_add_cpu(0);
+ microcode_resume_cpu(0);
+ enable_nonboot_cpus();
++ acpi_dmar_zap();
+ thaw_domains();
+ spin_unlock(&pm_lock);
+ return error;
+diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/shutdown.c
+--- a/xen/arch/x86/shutdown.c Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/arch/x86/shutdown.c Fri Dec 17 10:48:30 2010 +0000
+@@ -308,6 +308,8 @@
+ console_start_sync();
+ spin_debug_disable();
+
++ acpi_dmar_reinstate();
++
+ local_irq_enable();
+
+ /* Ensure we are the boot CPU. */
+diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/tboot.c
+--- a/xen/arch/x86/tboot.c Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/arch/x86/tboot.c Fri Dec 17 10:48:30 2010 +0000
+@@ -5,6 +5,7 @@
+ #include <xen/sched.h>
+ #include <xen/domain_page.h>
+ #include <xen/iommu.h>
++#include <xen/acpi.h>
+ #include <asm/fixmap.h>
+ #include <asm/page.h>
+ #include <asm/processor.h>
+@@ -479,13 +480,7 @@
+
+ /* acpi_parse_dmar() zaps APCI DMAR signature in TXT heap table */
+ /* but dom0 will read real table, so must zap it there too */
+- dmar_table = NULL;
+- acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table);
+- if ( dmar_table != NULL )
+- {
+- dmar_table->signature[0] = 'X';
+- dmar_table->checksum -= 'X'-'D';
+- }
++ acpi_dmar_zap();
+
+ return rc;
+ }
+diff -r eebc0881bdf7 -r b05fa0652463 xen/common/kexec.c
+--- a/xen/common/kexec.c Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/common/kexec.c Fri Dec 17 10:48:30 2010 +0000
+@@ -109,20 +109,13 @@
+ return out;
+ }
+
+-static int acpi_dmar_reinstate(struct acpi_table_header *table)
+-{
+- table->signature[0] = 'D';
+- table->checksum += 'X'-'D';
+- return 0;
+-}
+-
+ static void kexec_common_shutdown(void)
+ {
+ watchdog_disable();
+ console_start_sync();
+ spin_debug_disable();
+ one_cpu_only();
+- acpi_table_parse(ACPI_SIG_DMAR, acpi_dmar_reinstate);
++ acpi_dmar_reinstate();
+ }
+
+ void kexec_crash(void)
+diff -r eebc0881bdf7 -r b05fa0652463 xen/drivers/passthrough/vtd/dmar.c
+--- a/xen/drivers/passthrough/vtd/dmar.c Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/drivers/passthrough/vtd/dmar.c Fri Dec 17 10:48:30 2010 +0000
+@@ -768,3 +768,34 @@
+ {
+ return parse_dmar_table(acpi_parse_dmar);
+ }
++
++static struct acpi_table_header *get_dmar(void)
++{
++ struct acpi_table_header *dmar_table = NULL;
++ unsigned long flags;
++
++ /* Disabling IRQs avoids cross-CPU TLB flush in map_pages_to_xen(). */
++ local_irq_save(flags);
++ acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table);
++ local_irq_restore(flags);
++
++ return dmar_table;
++}
++
++void acpi_dmar_reinstate(void)
++{
++ struct acpi_table_header *dmar_table = get_dmar();
++ if ( dmar_table == NULL )
++ return;
++ dmar_table->signature[0] = 'D';
++ dmar_table->checksum += 'X'-'D';
++}
++
++void acpi_dmar_zap(void)
++{
++ struct acpi_table_header *dmar_table = get_dmar();
++ if ( dmar_table == NULL )
++ return;
++ dmar_table->signature[0] = 'X';
++ dmar_table->checksum -= 'X'-'D';
++}
+diff -r eebc0881bdf7 -r b05fa0652463 xen/include/xen/acpi.h
+--- a/xen/include/xen/acpi.h Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/include/xen/acpi.h Fri Dec 17 10:48:30 2010 +0000
+@@ -421,4 +421,7 @@
+
+ void acpi_reboot(void);
+
++void acpi_dmar_zap(void);
++void acpi_dmar_reinstate(void);
++
+ #endif /*_LINUX_ACPI_H*/
More information about the Pkg-xen-changes
mailing list