[Pkg-xen-changes] r807 - in trunk/xen/debian: . patches

Bastian Blank waldi at alioth.debian.org
Wed Jan 12 11:39:40 UTC 2011


Author: waldi
Date: Wed Jan 12 11:39:39 2011
New Revision: 807

Log:
* debian/changelog: Update.
* debian/patches: Add several upstream patches.

Added:
   trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f
   trunk/xen/debian/patches/upstream-21335:e854f11d392d
   trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670
   trunk/xen/debian/patches/upstream-21338:12c96d380c48
   trunk/xen/debian/patches/upstream-21347:081ba5a13718
   trunk/xen/debian/patches/upstream-21348:aced00366822
   trunk/xen/debian/patches/upstream-21353:59917443fc50
   trunk/xen/debian/patches/upstream-21354:67af28519aed
   trunk/xen/debian/patches/upstream-21364:f7d54e1d7044
   trunk/xen/debian/patches/upstream-21371:aabda497d83f
   trunk/xen/debian/patches/upstream-21375:179150c0b366
   trunk/xen/debian/patches/upstream-21376:43b3f8ceb991
   trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c
   trunk/xen/debian/patches/upstream-21388:b6d75c255bf6
   trunk/xen/debian/patches/upstream-21389:2901cbe2eccc
   trunk/xen/debian/patches/upstream-21395:2548598d110d
   trunk/xen/debian/patches/upstream-21403:e7d9d8d46730
   trunk/xen/debian/patches/upstream-21407:4e689840622f
   trunk/xen/debian/patches/upstream-21409:a45388506790
   trunk/xen/debian/patches/upstream-21413:b05fa0652463
Modified:
   trunk/xen/debian/changelog
   trunk/xen/debian/patches/series

Modified: trunk/xen/debian/changelog
==============================================================================
--- trunk/xen/debian/changelog	Fri Sep  3 15:16:04 2010	(r806)
+++ trunk/xen/debian/changelog	Wed Jan 12 11:39:39 2011	(r807)
@@ -1,3 +1,28 @@
+xen (4.0.1-2) UNRELEASED; urgency=low
+
+  * Fix races in memory management.
+  * Make sure that frame-table compression leaves enough alligned.
+  * Disable XSAVE support. (closes: #595490)
+  * Check for dying domain instead of raising an assertion.
+  * Add C6 state with EOI errata for Intel.
+  * Make some memory management interrupt safe. Unsure if really needed.
+  * Raise bar for inter-socket migrations on mostly-idle systems.
+  * Fix interrupt handling for legacy routed interrupts.
+  * Allow to set maximal domain memory even during a running change.
+  * Support new partition name in pygrub. (closes: #599243)
+  * Fix some comparisions "< 0" that may be optimized away.
+  * Check for MWAIT support before using it.
+  * Fix endless loop on interrupts on Nehalem cpus.
+  * Don't crash upon direct GDT/LDT access. (closes: #609531)
+    CVE-2010-4255  
+  * Don't loose timer ticks after domain restore.
+  * Reserve some space for IOMMU area in dom0.
+  * Fix hypercall arguments after trace callout.
+  * Fix some error paths in vtd support. Memory leak.
+  * Reinstate ACPI DMAR table.
+
+ -- Bastian Blank <waldi at debian.org>  Wed, 12 Jan 2011 11:54:36 +0100
+
 xen (4.0.1-1) unstable; urgency=low
 
   * New upstream release.

Modified: trunk/xen/debian/patches/series
==============================================================================
--- trunk/xen/debian/patches/series	Fri Sep  3 15:16:04 2010	(r806)
+++ trunk/xen/debian/patches/series	Wed Jan 12 11:39:39 2011	(r807)
@@ -47,3 +47,24 @@
 tools-xenmon-install.diff
 
 tools-python-shebang.diff
+
+upstream-21334:993458f6c5a0+21405:ae381a864b4f
+upstream-21335:e854f11d392d
+upstream-21336:16867267ac12+21362:b98a20571670
+upstream-21338:12c96d380c48
+upstream-21347:081ba5a13718
+upstream-21348:aced00366822
+upstream-21353:59917443fc50
+upstream-21354:67af28519aed
+upstream-21364:f7d54e1d7044
+upstream-21371:aabda497d83f
+upstream-21375:179150c0b366
+upstream-21376:43b3f8ceb991
+upstream-21387:711ff9ac4d8c
+upstream-21388:b6d75c255bf6
+upstream-21389:2901cbe2eccc
+upstream-21395:2548598d110d
+upstream-21403:e7d9d8d46730
+upstream-21407:4e689840622f
+upstream-21409:a45388506790
+upstream-21413:b05fa0652463

Added: trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21334:993458f6c5a0+21405:ae381a864b4f	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,170 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1283155186 -3600
+# Node ID 993458f6c5a0df2cfeeda9552ece6d18839798dc
+# Parent  0aafca182acf609bff75425ed85bd5c06d455073
+ept: Put locks around ept_get_entry
+
+There's a subtle race in ept_get_entry, such that if tries to read an
+entry that ept_set_entry is modifying, it gets neither the old entry
+nor the new entry, but empty.  In the case of multi-cpu
+populate-on-demand guests, this manifests as a guest crash when one
+vcpu tries to read a page which another page is trying to populate,
+and ept_get_entry returns p2m_mmio_dm.
+
+This bug can also be fixed by making both ept_set_entry and
+ept_next_level access-once (i.e., ept_next_level reads full ept_entry
+and then works with local value; ept_set_entry construct the entry
+locally and then sets it in one write).  But there doesn't seem to be
+any major performance implications of just making ept_get_entry use
+locks; so the simpler, the better.
+
+Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com>
+xen-unstable changeset:   22071:c5aed2e049bc
+xen-unstable date:        Mon Aug 30 08:39:52 2010 +0100
+
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292410072 0
+# Node ID ae381a864b4f38edf0c672160091b612346c88d1
+# Parent  9c7b9e65bc37b15b4a227937eee5b2e4368e5ce4
+ept: Remove lock in ept_get_entry, replace with access-once semantics.
+
+This mirrors the RVI/shadow situation, where p2m read access is
+lockless because it's done in the hardware (linear map of the p2m
+table).
+
+This fixes the original bug (call it bug A) without introducing bug B
+(a deadlock).
+
+Bug A was caused by a race when updating p2m entries: between testing
+if it's valid, and testing if it's populate-on-demand, it may have
+been changed from populate-on-demand to valid.
+
+My original patch simply introduced a lock into ept_get_entry, but
+that caused bug B, caused by circular locking order: p2m_change_type
+[grabs p2m lock] -> set_p2m_entry -> ept_set_entry ->
+ept_set_middle_level -> p2m_alloc [grabs hap lock] write cr4 ->
+hap_update_paging_modes [grabes hap lock] -> hap_update_cr3 ->
+gfn_to_mfn -> ept_get_entry -> [grabs p2m lock]
+
+Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com>
+xen-unstable changeset:   22526:7a5ee3800417
+xen-unstable date:        Wed Dec 15 10:47:05 2010 +0000
+
+--- a/xen/arch/x86/mm/hap/p2m-ept.c
++++ b/xen/arch/x86/mm/hap/p2m-ept.c
+@@ -137,7 +137,7 @@
+                           ept_entry_t **table, unsigned long *gfn_remainder,
+                           u32 shift)
+ {
+-    ept_entry_t *ept_entry;
++    ept_entry_t *ept_entry, e;
+     ept_entry_t *next;
+     u32 index;
+ 
+@@ -145,9 +145,11 @@
+ 
+     ept_entry = (*table) + index;
+ 
+-    if ( !is_epte_present(ept_entry) )
++    e=*ept_entry;
++
++    if ( !is_epte_present(&e) )
+     {
+-        if ( ept_entry->avail1 == p2m_populate_on_demand )
++        if ( e.avail1 == p2m_populate_on_demand )
+             return GUEST_TABLE_POD_PAGE;
+ 
+         if ( read_only )
+@@ -155,15 +157,17 @@
+ 
+         if ( !ept_set_middle_entry(d, ept_entry) )
+             return GUEST_TABLE_MAP_FAILED;
++        else
++            e=*ept_entry;
+     }
+ 
+     /* The only time sp would be set here is if we had hit a superpage */
+-    if ( is_epte_superpage(ept_entry) )
++    if ( is_epte_superpage(&e) )
+         return GUEST_TABLE_SUPER_PAGE;
+     else
+     {
+         *gfn_remainder &= (1UL << shift) - 1;
+-        next = map_domain_page(ept_entry->mfn);
++        next = map_domain_page(e.mfn);
+         unmap_domain_page(*table);
+         *table = next;
+         return GUEST_TABLE_NORMAL_PAGE;
+@@ -235,35 +239,39 @@
+         if ( mfn_valid(mfn_x(mfn)) || direct_mmio || p2m_is_paged(p2mt) ||
+              (p2mt == p2m_ram_paging_in_start) )
+         {
+-            ept_entry->emt = epte_get_entry_emt(d, gfn, mfn, &ipat,
++            ept_entry_t new_entry;
++
++            new_entry.emt = epte_get_entry_emt(d, gfn, mfn, &ipat,
+                                                 direct_mmio);
+-            ept_entry->ipat = ipat;
+-            ept_entry->sp = order ? 1 : 0;
++            new_entry.ipat = ipat;
++            new_entry.sp = order ? 1 : 0;
+ 
+             if ( ret == GUEST_TABLE_SUPER_PAGE )
+             {
+-                if ( ept_entry->mfn == (mfn_x(mfn) - offset) )
++                if ( new_entry.mfn == (mfn_x(mfn) - offset) )
+                     need_modify_vtd_table = 0;  
+                 else                  
+-                    ept_entry->mfn = mfn_x(mfn) - offset;
++                    new_entry.mfn = mfn_x(mfn) - offset;
+ 
+-                if ( (ept_entry->avail1 == p2m_ram_logdirty)
++                if ( (new_entry.avail1 == p2m_ram_logdirty)
+                      && (p2mt == p2m_ram_rw) )
+                     for ( i = 0; i < 512; i++ )
+                         paging_mark_dirty(d, mfn_x(mfn) - offset + i);
+             }
+             else
+             {
+-                if ( ept_entry->mfn == mfn_x(mfn) )
++                if ( new_entry.mfn == mfn_x(mfn) )
+                     need_modify_vtd_table = 0;
+                 else
+-                    ept_entry->mfn = mfn_x(mfn);
++                    new_entry.mfn = mfn_x(mfn);
+             }
+ 
+-            ept_entry->avail1 = p2mt;
+-            ept_entry->avail2 = 0;
++            new_entry.avail1 = p2mt;
++            new_entry.avail2 = 0;
++
++            ept_p2m_type_to_flags(&new_entry, p2mt);
+ 
+-            ept_p2m_type_to_flags(ept_entry, p2mt);
++            ept_entry->epte = new_entry.epte;
+         }
+         else
+             ept_entry->epte = 0;
+@@ -387,6 +395,10 @@
+     int i;
+     int ret = 0;
+     mfn_t mfn = _mfn(INVALID_MFN);
++    int do_locking = !p2m_locked_by_me(d->arch.p2m);
++
++    if ( do_locking )
++        p2m_lock(d->arch.p2m);
+ 
+     *t = p2m_mmio_dm;
+ 
+@@ -464,6 +476,8 @@
+     }
+ 
+ out:
++    if ( do_locking )
++        p2m_unlock(d->arch.p2m);
+     unmap_domain_page(table);
+     return mfn;
+ }

Added: trunk/xen/debian/patches/upstream-21335:e854f11d392d
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21335:e854f11d392d	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,37 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1283332901 -3600
+# Node ID e854f11d392d13e5302a219bcc9e6e352a4f1c1b
+# Parent  993458f6c5a0df2cfeeda9552ece6d18839798dc
+x86_64: Ensure frame-table compression leaves MAX_ORDER aligned
+contiguous ranges of page_info structs. This allows page-pointer
+arithmetic in places like our buddy allocator.
+
+This restriction was already implicitly guaranteed, but it is good to
+make it explicit in the pdx-related initialisation.
+
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset:   972d90ff3134
+xen-unstable date:        Wed Sep 01 10:17:49 2010 +0100
+
+diff -r 993458f6c5a0 -r e854f11d392d xen/arch/x86/x86_64/mm.c
+--- a/xen/arch/x86/x86_64/mm.c	Mon Aug 30 08:59:46 2010 +0100
++++ b/xen/arch/x86/x86_64/mm.c	Wed Sep 01 10:21:41 2010 +0100
+@@ -163,9 +163,15 @@
+ 
+ void __init pfn_pdx_hole_setup(unsigned long mask)
+ {
+-    unsigned int i, j, bottom_shift, hole_shift;
++    unsigned int i, j, bottom_shift = 0, hole_shift = 0;
+ 
+-    for ( hole_shift = bottom_shift = j = 0; ; )
++    /*
++     * We skip the first MAX_ORDER bits, as we never want to compress them.
++     * This guarantees that page-pointer arithmetic remains valid within
++     * contiguous aligned ranges of 2^MAX_ORDER pages. Among others, our
++     * buddy allocator relies on this assumption.
++     */
++    for ( j = MAX_ORDER-1; ; )
+     {
+         i = find_next_zero_bit(&mask, BITS_PER_LONG, j);
+         j = find_next_bit(&mask, BITS_PER_LONG, i);

Added: trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21336:16867267ac12+21362:b98a20571670	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,75 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1283332925 -3600
+# Node ID 16867267ac126043712703455b81c16f2549ee23
+# Parent  e854f11d392d13e5302a219bcc9e6e352a4f1c1b
+x86 intel: Disable XSAVE support.
+
+It breaks HVM save/restore.
+
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset:   ae0cd4e5cc01
+xen-unstable date:        Wed Sep 01 10:19:14 2010 +0100
+
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1285340308 -3600
+# Node ID b98a20571670d905bb32eef98e2991a563e9f4fa
+# Parent  c9f461d6ea1db06e3434f8c1a29f2568f2b45f54
+x86: check CPUID level before enabling xsave
+
+While not as relevant after c/s 21894, is still seems safer to check
+the CPUID level here, just like Linux does. The is particularly
+relevant for the 4.0 tree (which doesn't have said c/s), but also
+possibly for nested environments where writing MSR_IA32_MISC_ENABLE
+may not actually take effect (Xen itself ignores such writes).
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+xen-unstable changeset:   22213:eb247ea9db8c
+xen-unstable date:        Fri Sep 24 15:53:31 2010 +0100
+
+--- a/xen/arch/x86/cpu/intel.c
++++ b/xen/arch/x86/cpu/intel.c
+@@ -30,7 +30,7 @@
+ integer_param("cpuid_mask_ecx", opt_cpuid_mask_ecx);
+ integer_param("cpuid_mask_edx", opt_cpuid_mask_edx);
+ 
+-static int use_xsave = 1;
++static int use_xsave;
+ boolean_param("xsave", use_xsave);
+ 
+ #ifdef CONFIG_X86_INTEL_USERCOPY
+--- a/xen/arch/x86/i387.c
++++ b/xen/arch/x86/i387.c
+@@ -132,6 +132,8 @@
+     }
+ }
+ 
++#define XSTATE_CPUID 0xd
++
+ /*
+  * Maximum size (in byte) of the XSAVE/XRSTOR save area required by all
+  * the supported and enabled features on the processor, including the
+@@ -148,7 +150,12 @@
+     int cpu = smp_processor_id();
+     u32 min_size;
+ 
+-    cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);
++    if ( boot_cpu_data.cpuid_level < XSTATE_CPUID ) {
++        printk(XENLOG_ERR "XSTATE_CPUID missing\n");
++        return;
++    }
++
++    cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
+ 
+     printk("%s: cpu%d: cntxt_max_size: 0x%x and states: %08x:%08x\n",
+         __func__, cpu, ecx, edx, eax);
+@@ -169,7 +176,7 @@
+      */
+     set_in_cr4(X86_CR4_OSXSAVE);
+     set_xcr0(eax & XCNTXT_MASK);
+-    cpuid_count(0xd, 0, &eax, &ebx, &ecx, &edx);
++    cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx);
+     clear_in_cr4(X86_CR4_OSXSAVE);
+ 
+     if ( cpu == 0 )

Added: trunk/xen/debian/patches/upstream-21338:12c96d380c48
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21338:12c96d380c48	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,52 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1284394746 -3600
+# Node ID 12c96d380c48789d6d4c8955af7e014075abf3d9
+# Parent  5ca1d7547a42cc469d856b62f1894408ea8e1723
+page_alloc: Hold heap_lock while adjusting page states to/from PGC_state_free.
+
+This avoids races with buddy-merging logic in free_heap_pages().
+
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset:   22135:69e8bb164683
+xen-unstable date:        Mon Sep 13 17:08:31 2010 +0100
+
+diff -r 5ca1d7547a42 -r 12c96d380c48 xen/common/page_alloc.c
+--- a/xen/common/page_alloc.c	Mon Sep 13 17:18:07 2010 +0100
++++ b/xen/common/page_alloc.c	Mon Sep 13 17:19:06 2010 +0100
+@@ -378,8 +378,6 @@
+     total_avail_pages -= request;
+     ASSERT(total_avail_pages >= 0);
+ 
+-    spin_unlock(&heap_lock);
+-
+     cpus_clear(mask);
+ 
+     for ( i = 0; i < (1 << order); i++ )
+@@ -401,6 +399,8 @@
+         page_set_owner(&pg[i], NULL);
+     }
+ 
++    spin_unlock(&heap_lock);
++
+     if ( unlikely(!cpus_empty(mask)) )
+     {
+         perfc_incr(need_flush_tlb_flush);
+@@ -496,6 +496,8 @@
+     ASSERT(order <= MAX_ORDER);
+     ASSERT(node >= 0);
+ 
++    spin_lock(&heap_lock);
++
+     for ( i = 0; i < (1 << order); i++ )
+     {
+         /*
+@@ -523,8 +525,6 @@
+             pg[i].tlbflush_timestamp = tlbflush_current_time();
+     }
+ 
+-    spin_lock(&heap_lock);
+-
+     avail[node][zone] += 1 << order;
+     total_avail_pages += 1 << order;
+ 

Added: trunk/xen/debian/patches/upstream-21347:081ba5a13718
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21347:081ba5a13718	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,30 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1284535364 -3600
+# Node ID 081ba5a13718f12f0d306d8f094c1b73a7f7d173
+# Parent  84510e00ebd1e3bc0a5d7b2f0d996d41e49e17ff
+notify_via_xen_event_channel() should check for dying domain.
+
+Else we can fail on either ASSERTion in that function.
+
+From: Olaf Hering <olaf at aepfle.de>
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset:   22159:62edd2611cbb
+xen-unstable date:        Wed Sep 15 08:18:53 2010 +0100
+
+diff -r 84510e00ebd1 -r 081ba5a13718 xen/common/event_channel.c
+--- a/xen/common/event_channel.c	Wed Sep 15 08:22:16 2010 +0100
++++ b/xen/common/event_channel.c	Wed Sep 15 08:22:44 2010 +0100
+@@ -994,6 +994,12 @@
+ 
+     spin_lock(&ld->event_lock);
+ 
++    if ( unlikely(ld->is_dying) )
++    {
++        spin_unlock(&ld->event_lock);
++        return;
++    }
++
+     ASSERT(port_is_valid(ld, lport));
+     lchn = evtchn_from_port(ld, lport);
+     ASSERT(lchn->consumer_is_xen);

Added: trunk/xen/debian/patches/upstream-21348:aced00366822
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21348:aced00366822	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,96 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1284537730 -3600
+# Node ID aced003668226f1007305092086611d12eaff396
+# Parent  081ba5a13718f12f0d306d8f094c1b73a7f7d173
+C6 state with EOI issue fix for some Intel processors
+
+There is an errata in some of Intel processors.
+
+AAJ72. EOI Transaction May Not be Sent if Software Enters Core C6
+During an Interrupt Service Routine
+
+If core C6 is entered after the start of an interrupt service routine
+but before a write to the APIC EOI register, the core may not send an
+EOI transaction (if needed) and further interrupts from the same
+priority level or lower may be blocked.
+
+This patch fix this issue, by checking if ISR is pending before enter
+deep Cx state. If so, it would use power->safe_state instead of deep
+Cx state to prevent the above issue happen.
+
+Signed-off-by: Sheng Yang <sheng at linux.intel.com>
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset:   22160:1087f9a03ab6
+xen-unstable date:        Wed Sep 15 09:00:35 2010 +0100
+
+diff -r 081ba5a13718 -r aced00366822 xen/arch/x86/acpi/cpu_idle.c
+--- a/xen/arch/x86/acpi/cpu_idle.c	Wed Sep 15 08:22:44 2010 +0100
++++ b/xen/arch/x86/acpi/cpu_idle.c	Wed Sep 15 09:02:10 2010 +0100
+@@ -226,6 +226,31 @@
+     return atomic_read(&this_cpu(schedule_data).urgent_count);
+ }
+ 
++/*
++ * "AAJ72. EOI Transaction May Not be Sent if Software Enters Core C6 During 
++ * an Interrupt Service Routine"
++ * 
++ * There was an errata with some Core i7 processors that an EOI transaction 
++ * may not be sent if software enters core C6 during an interrupt service 
++ * routine. So we don't enter deep Cx state if there is an EOI pending.
++ */
++bool_t errata_c6_eoi_workaround(void)
++{
++    static bool_t fix_needed = -1;
++
++    if ( unlikely(fix_needed == -1) )
++    {
++        int model = boot_cpu_data.x86_model;
++        fix_needed = (cpu_has_apic && !directed_eoi_enabled &&
++                      (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) &&
++                      (boot_cpu_data.x86 == 6) &&
++                      ((model == 0x1a) || (model == 0x1e) || (model == 0x1f) ||
++                       (model == 0x25) || (model == 0x2c) || (model == 0x2f)));
++    }
++
++    return (fix_needed && cpu_has_pending_apic_eoi());
++}
++
+ static void acpi_processor_idle(void)
+ {
+     struct acpi_processor_power *power = processor_powers[smp_processor_id()];
+@@ -277,6 +302,9 @@
+         return;
+     }
+ 
++    if ( (cx->type == ACPI_STATE_C3) && errata_c6_eoi_workaround() )
++        cx = power->safe_state;
++
+     power->last_state = cx;
+ 
+     /*
+diff -r 081ba5a13718 -r aced00366822 xen/arch/x86/irq.c
+--- a/xen/arch/x86/irq.c	Wed Sep 15 08:22:44 2010 +0100
++++ b/xen/arch/x86/irq.c	Wed Sep 15 09:02:10 2010 +0100
+@@ -756,6 +756,11 @@
+ static DEFINE_PER_CPU(struct pending_eoi, pending_eoi[NR_DYNAMIC_VECTORS]);
+ #define pending_eoi_sp(p) ((p)[NR_DYNAMIC_VECTORS-1].vector)
+ 
++bool_t cpu_has_pending_apic_eoi(void)
++{
++    return (pending_eoi_sp(this_cpu(pending_eoi)) != 0);
++}
++
+ static inline void set_pirq_eoi(struct domain *d, unsigned int irq)
+ {
+     if ( d->arch.pirq_eoi_map )
+diff -r 081ba5a13718 -r aced00366822 xen/include/asm-x86/irq.h
+--- a/xen/include/asm-x86/irq.h	Wed Sep 15 08:22:44 2010 +0100
++++ b/xen/include/asm-x86/irq.h	Wed Sep 15 09:02:10 2010 +0100
+@@ -150,4 +150,6 @@
+ #define domain_pirq_to_irq(d, pirq) ((d)->arch.pirq_irq[pirq])
+ #define domain_irq_to_pirq(d, irq) ((d)->arch.irq_pirq[irq])
+ 
++bool_t cpu_has_pending_apic_eoi(void);
++
+ #endif /* _ASM_HW_IRQ_H */

Added: trunk/xen/debian/patches/upstream-21353:59917443fc50
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21353:59917443fc50	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,95 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1285010201 -3600
+# Node ID 59917443fc5090cd4833a2381e96c96001007b21
+# Parent  09e971d829482ec045f309949e14ed1de938e845
+x86_32: [un]map_domain_page() is now IRQ safe.
+
+Signed-off-by: Keir Fraser <keir.fraser at citrix.com>
+xen-unstable changeset:   22177:7405e0ddb912
+xen-unstable date:        Sat Sep 18 08:57:15 2010 +0100
+
+diff -r 09e971d82948 -r 59917443fc50 xen/arch/x86/x86_32/domain_page.c
+--- a/xen/arch/x86/x86_32/domain_page.c	Mon Sep 20 20:16:22 2010 +0100
++++ b/xen/arch/x86/x86_32/domain_page.c	Mon Sep 20 20:16:41 2010 +0100
+@@ -42,15 +42,13 @@
+ 
+ void *map_domain_page(unsigned long mfn)
+ {
+-    unsigned long va;
+-    unsigned int idx, i, flags;
++    unsigned long va, flags;
++    unsigned int idx, i;
+     struct vcpu *v;
+     struct mapcache_domain *dcache;
+     struct mapcache_vcpu *vcache;
+     struct vcpu_maphash_entry *hashent;
+ 
+-    ASSERT(!in_irq());
+-
+     perfc_incr(map_domain_page_count);
+ 
+     v = mapcache_current_vcpu();
+@@ -58,6 +56,8 @@
+     dcache = &v->domain->arch.mapcache;
+     vcache = &v->arch.mapcache;
+ 
++    local_irq_save(flags);
++
+     hashent = &vcache->hash[MAPHASH_HASHFN(mfn)];
+     if ( hashent->mfn == mfn )
+     {
+@@ -69,7 +69,7 @@
+         goto out;
+     }
+ 
+-    spin_lock_irqsave(&dcache->lock, flags);
++    spin_lock(&dcache->lock);
+ 
+     /* Has some other CPU caused a wrap? We must flush if so. */
+     if ( unlikely(dcache->epoch != vcache->shadow_epoch) )
+@@ -105,11 +105,12 @@
+     set_bit(idx, dcache->inuse);
+     dcache->cursor = idx + 1;
+ 
+-    spin_unlock_irqrestore(&dcache->lock, flags);
++    spin_unlock(&dcache->lock);
+ 
+     l1e_write(&dcache->l1tab[idx], l1e_from_pfn(mfn, __PAGE_HYPERVISOR));
+ 
+  out:
++    local_irq_restore(flags);
+     va = MAPCACHE_VIRT_START + (idx << PAGE_SHIFT);
+     return (void *)va;
+ }
+@@ -119,11 +120,9 @@
+     unsigned int idx;
+     struct vcpu *v;
+     struct mapcache_domain *dcache;
+-    unsigned long mfn;
++    unsigned long mfn, flags;
+     struct vcpu_maphash_entry *hashent;
+ 
+-    ASSERT(!in_irq());
+-
+     ASSERT((void *)MAPCACHE_VIRT_START <= va);
+     ASSERT(va < (void *)MAPCACHE_VIRT_END);
+ 
+@@ -135,6 +134,8 @@
+     mfn = l1e_get_pfn(dcache->l1tab[idx]);
+     hashent = &v->arch.mapcache.hash[MAPHASH_HASHFN(mfn)];
+ 
++    local_irq_save(flags);
++
+     if ( hashent->idx == idx )
+     {
+         ASSERT(hashent->mfn == mfn);
+@@ -163,6 +164,8 @@
+         /* /Second/, mark as garbage. */
+         set_bit(idx, dcache->garbage);
+     }
++
++    local_irq_restore(flags);
+ }
+ 
+ void mapcache_domain_init(struct domain *d)

Added: trunk/xen/debian/patches/upstream-21354:67af28519aed
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21354:67af28519aed	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,65 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser at citrix.com>
+# Date 1285010305 -3600
+# Node ID 67af28519aed5a68758f34cc37216c008faca9cb
+# Parent  59917443fc5090cd4833a2381e96c96001007b21
+sched_credit: Raise bar for inter-socket migrations on mostly-idle systems
+
+The credit scheduler ties to keep work balanced, even on a mostly idle
+system.  Unfortunately, if you have one VM burning cpu and another VM
+idle, the effect is that the busy VM will flip back and forth between
+sockets.
+
+This patch addresses this, by only migrating to a different socket if
+the number of idle processors is twice that of the socket the vcpu is
+currently on.
+
+This will only affect mostly-idle systems; as the system becomes more
+busy, other load-balancing code will come into effect.
+
+Signed-off-by: George Dunlap <george.dunlap at eu.citrix.com>
+xen-unstable changeset:   22180:0bc640853cfd
+xen-unstable date:        Mon Sep 20 18:49:15 2010 +0100
+
+diff -r 59917443fc50 -r 67af28519aed xen/common/sched_credit.c
+--- a/xen/common/sched_credit.c	Mon Sep 20 20:16:41 2010 +0100
++++ b/xen/common/sched_credit.c	Mon Sep 20 20:18:25 2010 +0100
+@@ -420,26 +420,36 @@
+         cpumask_t cpu_idlers;
+         cpumask_t nxt_idlers;
+         int nxt, weight_cpu, weight_nxt;
++        int migrate_factor;
+ 
+         nxt = cycle_cpu(cpu, cpus);
+ 
+         if ( cpu_isset(cpu, per_cpu(cpu_core_map, nxt)) )
+         {
++            /* We're on the same socket, so check the busy-ness of threads.
++             * Migrate if # of idlers is less at all */
+             ASSERT( cpu_isset(nxt, per_cpu(cpu_core_map, cpu)) );
++            migrate_factor = 1;
+             cpus_and(cpu_idlers, idlers, per_cpu(cpu_sibling_map, cpu));
+             cpus_and(nxt_idlers, idlers, per_cpu(cpu_sibling_map, nxt));
+         }
+         else
+         {
++            /* We're on different sockets, so check the busy-ness of cores.
++             * Migrate only if the other core is twice as idle */
+             ASSERT( !cpu_isset(nxt, per_cpu(cpu_core_map, cpu)) );
++            migrate_factor = 2;
+             cpus_and(cpu_idlers, idlers, per_cpu(cpu_core_map, cpu));
+             cpus_and(nxt_idlers, idlers, per_cpu(cpu_core_map, nxt));
+         }
+ 
+         weight_cpu = cpus_weight(cpu_idlers);
+         weight_nxt = cpus_weight(nxt_idlers);
+-        if ( ( (weight_cpu < weight_nxt) ^ sched_smt_power_savings )
+-                && (weight_cpu != weight_nxt) )
++        /* smt_power_savings: consolidate work rather than spreading it */
++        if ( ( sched_smt_power_savings
++               && (weight_cpu > weight_nxt) )
++             || ( !sched_smt_power_savings
++                  && (weight_cpu * migrate_factor < weight_nxt) ) )
+         {
+             cpu = cycle_cpu(CSCHED_PCPU(nxt)->idle_bias, nxt_idlers);
+             if ( commit )

Added: trunk/xen/debian/patches/upstream-21364:f7d54e1d7044
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21364:f7d54e1d7044	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,74 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1286028622 -3600
+# Node ID f7d54e1d7044a7d3836b017b0806021b1c17ac7a
+# Parent  7f190f6f1f5a861383fc1a3a877ab63841c00a15
+x86: fix boot failure (regression from pre-4.0 IRQ handling changes)
+
+With the change to index irq_desc[] by IRQ rather than by vector, the
+prior implicit change of the used flow handler when altering the IRQ
+routing path to go through the 8259A didn't work anymore, and hence
+on boards needing the ExtINT delivery workaround failed to boot.
+
+Make make_8259A_irq() a real function again, thus allowing the flow
+handler to be changed there.
+
+Also eliminate the generally superfluous and (at least theoretically)
+dangerous hard coded setting of the flow handler for IRQ0: Earlier
+code should have set this already based on information coming from
+ACPI/MPS, and non-standard systems may e.g. have this IRQ level
+triggered.
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+Tested-by: Markus Schuster <ml at markus.schuster.name>
+xen-unstable changeset:   22222:aed9fd361340
+xen-unstable date:        Sat Oct 02 15:03:15 2010 +0100
+
+diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/arch/x86/i8259.c
+--- a/xen/arch/x86/i8259.c	Sat Oct 02 15:10:01 2010 +0100
++++ b/xen/arch/x86/i8259.c	Sat Oct 02 15:10:22 2010 +0100
+@@ -367,6 +367,12 @@
+     spin_unlock_irqrestore(&i8259A_lock, flags);
+ }
+ 
++void __init make_8259A_irq(unsigned int irq)
++{
++    io_apic_irqs &= ~(1 << irq);
++    irq_to_desc(irq)->handler = &i8259A_irq_type;
++}
++
+ static struct irqaction __read_mostly cascade = { no_action, "cascade", NULL};
+ 
+ void __init init_IRQ(void)
+diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/arch/x86/io_apic.c
+--- a/xen/arch/x86/io_apic.c	Sat Oct 02 15:10:01 2010 +0100
++++ b/xen/arch/x86/io_apic.c	Sat Oct 02 15:10:22 2010 +0100
+@@ -38,9 +38,6 @@
+ #include <io_ports.h>
+ #include <public/physdev.h>
+ 
+-/* Different to Linux: our implementation can be simpler. */
+-#define make_8259A_irq(irq) (io_apic_irqs &= ~(1<<(irq)))
+-
+ int (*ioapic_renumber_irq)(int ioapic, int irq);
+ atomic_t irq_mis_count;
+ 
+@@ -1929,7 +1926,6 @@
+     
+     irq_desc[0].depth  = 0;
+     irq_desc[0].status &= ~IRQ_DISABLED;
+-    irq_desc[0].handler = &ioapic_edge_type;
+ 
+     /*
+      * Subtle, code in do_timer_interrupt() expects an AEOI
+diff -r 7f190f6f1f5a -r f7d54e1d7044 xen/include/asm-x86/irq.h
+--- a/xen/include/asm-x86/irq.h	Sat Oct 02 15:10:01 2010 +0100
++++ b/xen/include/asm-x86/irq.h	Sat Oct 02 15:10:22 2010 +0100
+@@ -94,6 +94,7 @@
+ void mask_8259A(void);
+ void unmask_8259A(void);
+ void init_8259A(int aeoi);
++void make_8259A_irq(unsigned int irq);
+ int i8259A_suspend(void);
+ int i8259A_resume(void);
+ 

Added: trunk/xen/debian/patches/upstream-21371:aabda497d83f
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21371:aabda497d83f	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,40 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1287923177 -3600
+# Node ID aabda497d83f7c289d58c77c321c77bf1f432930
+# Parent  06feba5976f3ad23d5cd73156e5dbbaa5237535a
+Allow max_pages to be set to less than tot_pages
+
+The memory allocation code sometimes needs to enforce that a guest
+that's been told to balloon down isn't going to expand further
+(because it's still executing a previous balloon-up operation).  That
+means being able to set the desired max_pages even before the balloon
+driver has brought tot_pages down to the right level.
+
+Signed-off-by: Tim Deegan <Tim.Deegan at citrix.com>
+Acked-by: Ian Jackson <ian.jackson at eu.citrix.com>
+xen-unstable changeset:   22279:2208a036f8d9
+xen-unstable date:        Sun Oct 24 13:13:04 2010 +0100
+
+diff -r 06feba5976f3 -r aabda497d83f xen/common/domctl.c
+--- a/xen/common/domctl.c	Wed Oct 20 13:35:07 2010 +0100
++++ b/xen/common/domctl.c	Sun Oct 24 13:26:17 2010 +0100
+@@ -764,11 +764,13 @@
+         new_max = op->u.max_mem.max_memkb >> (PAGE_SHIFT-10);
+ 
+         spin_lock(&d->page_alloc_lock);
+-        if ( new_max >= d->tot_pages )
+-        {
+-            d->max_pages = new_max;
+-            ret = 0;
+-        }
++        /*
++         * NB. We removed a check that new_max >= current tot_pages; this means
++         * that the domain will now be allowed to "ratchet" down to new_max. In
++         * the meantime, while tot > max, all new allocations are disallowed.
++         */
++        d->max_pages = new_max;
++        ret = 0;
+         spin_unlock(&d->page_alloc_lock);
+ 
+     max_mem_out:

Added: trunk/xen/debian/patches/upstream-21375:179150c0b366
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21375:179150c0b366	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,27 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1288345463 -3600
+# Node ID 179150c0b36614a6a596ca5e872fea80d852a819
+# Parent  18a752a248116454e2259a2d88c801835d19532f
+pygrub: support grub2 "(hdX,msdosY)" partition syntax
+
+This appeared in Debian Squeeze at some point.
+
+Signed-off-by: Ian Campbell <ian.campbell at citrix.com>
+Signed-off-by: Stefano Stabellini <stefano.stabellini at eu.citrix.com>
+committer: Stefano Stabellini <stefano.stabellini at eu.citrix.com>
+xen-unstable changeset:   22238:6eaab8297681
+xen-unstable date:        Wed Oct 13 11:45:26 2010 +0100
+
+diff -r 18a752a24811 -r 179150c0b366 tools/pygrub/src/GrubConf.py
+--- a/tools/pygrub/src/GrubConf.py	Sun Oct 24 13:30:17 2010 +0100
++++ b/tools/pygrub/src/GrubConf.py	Fri Oct 29 10:44:23 2010 +0100
+@@ -77,6 +77,8 @@
+             self._part = val
+             return
+         val = val.replace("(", "").replace(")", "")
++        if val[:5] == "msdos":
++            val = val[5:]
+         self._part = int(val)
+     part = property(get_part, set_part)
+ 

Added: trunk/xen/debian/patches/upstream-21376:43b3f8ceb991
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21376:43b3f8ceb991	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,83 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1288374294 -3600
+# Node ID 43b3f8ceb991c8410541fa763d2265dc3a539baa
+# Parent  179150c0b36614a6a596ca5e872fea80d852a819
+Xen: fix various checks of unsigned integers < 0
+
+Some of these could be benignly discarded by the compiler but some are
+actual bugs.
+
+Signed-off-by: Tim Deegan <Tim.Deegan at citrix.com>
+xen-unstable changeset:   22336:49803ac994f4
+xen-unstable date:        Fri Oct 29 18:05:50 2010 +0100
+
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/mm.c
+--- a/xen/arch/x86/mm.c	Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/arch/x86/mm.c	Fri Oct 29 18:44:54 2010 +0100
+@@ -4223,7 +4223,7 @@
+         ent.size = (uint64_t)(s - ctxt->s) << PAGE_SHIFT;
+         ent.type = E820_RESERVED;
+         buffer = guest_handle_cast(ctxt->map.buffer, e820entry_t);
+-        if ( __copy_to_guest_offset(buffer, ctxt->n, &ent, 1) < 0 )
++        if ( __copy_to_guest_offset(buffer, ctxt->n, &ent, 1) )
+             return -EFAULT;
+         ctxt->n++;
+     }
+@@ -4439,7 +4439,7 @@
+             }
+             if ( ctxt.map.nr_entries <= ctxt.n + (e820.nr_map - i) )
+                 return -EINVAL;
+-            if ( __copy_to_guest_offset(buffer, ctxt.n, e820.map + i, 1) < 0 )
++            if ( __copy_to_guest_offset(buffer, ctxt.n, e820.map + i, 1) )
+                 return -EFAULT;
+             ctxt.s = PFN_UP(e820.map[i].addr + e820.map[i].size);
+         }
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/physdev.c
+--- a/xen/arch/x86/physdev.c	Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/arch/x86/physdev.c	Fri Oct 29 18:44:54 2010 +0100
+@@ -202,7 +202,7 @@
+         if ( copy_from_guest(&eoi, arg, 1) != 0 )
+             break;
+         ret = -EINVAL;
+-        if ( eoi.irq < 0 || eoi.irq >= v->domain->nr_pirqs )
++        if ( eoi.irq >= v->domain->nr_pirqs )
+             break;
+         if ( v->domain->arch.pirq_eoi_map )
+             evtchn_unmask(v->domain->pirq_to_evtchn[eoi.irq]);
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/platform_hypercall.c
+--- a/xen/arch/x86/platform_hypercall.c	Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/arch/x86/platform_hypercall.c	Fri Oct 29 18:44:54 2010 +0100
+@@ -413,7 +413,6 @@
+         }
+ 
+         if ( (g_info->xen_cpuid >= NR_CPUS) ||
+-             (g_info->xen_cpuid < 0) ||
+              !cpu_present(g_info->xen_cpuid) )
+         {
+             g_info->flags |= XEN_PCPU_FLAGS_INVALID;
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/arch/x86/x86_emulate/x86_emulate.c
+--- a/xen/arch/x86/x86_emulate/x86_emulate.c	Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/arch/x86/x86_emulate/x86_emulate.c	Fri Oct 29 18:44:54 2010 +0100
+@@ -2102,7 +2102,7 @@
+             _regs.edx = (uint32_t)(((int32_t)_regs.eax < 0) ? -1 : 0);
+             break;
+         case 8:
+-            _regs.edx = (_regs.eax < 0) ? -1 : 0;
++            _regs.edx = ((int64_t)_regs.eax < 0) ? -1 : 0;
+             break;
+         }
+         break;
+diff -r 179150c0b366 -r 43b3f8ceb991 xen/drivers/cpufreq/cpufreq.c
+--- a/xen/drivers/cpufreq/cpufreq.c	Fri Oct 29 10:44:23 2010 +0100
++++ b/xen/drivers/cpufreq/cpufreq.c	Fri Oct 29 18:44:54 2010 +0100
+@@ -115,8 +115,7 @@
+     if (!cpu_online(cpu) || !data || !processor_pminfo[cpu])
+         return -ENODEV;
+ 
+-    if ((perf->platform_limit < 0) || 
+-        (perf->platform_limit >= perf->state_count))
++    if (perf->platform_limit >= perf->state_count)
+         return -EINVAL;
+ 
+     memcpy(&policy, data, sizeof(struct cpufreq_policy)); 

Added: trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21387:711ff9ac4d8c	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,24 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1290453249 0
+# Node ID 711ff9ac4d8cb973c1f908c92a43ce06f63a1fad
+# Parent  e9156d9d996b75b4251a30d2d7eb1ccc7c3009cb
+x86: Check for MWAIT in CPUID before using it in ACPI idle code.
+
+Signed-off-by: Keir Fraser <keir at xen.org>
+xen-unstable changeset:   22416:0cc4ed1ce1f3
+xen-unstable date:        Mon Nov 22 19:13:00 2010 +0000
+
+diff -r e9156d9d996b -r 711ff9ac4d8c xen/arch/x86/acpi/cpu_idle.c
+--- a/xen/arch/x86/acpi/cpu_idle.c	Tue Nov 16 11:54:48 2010 +0000
++++ b/xen/arch/x86/acpi/cpu_idle.c	Mon Nov 22 19:14:09 2010 +0000
+@@ -717,7 +717,8 @@
+     {
+     case ACPI_ADR_SPACE_FIXED_HARDWARE:
+         if ( xen_cx->reg.bit_width == VENDOR_INTEL &&
+-             xen_cx->reg.bit_offset == NATIVE_CSTATE_BEYOND_HALT )
++             xen_cx->reg.bit_offset == NATIVE_CSTATE_BEYOND_HALT &&
++             boot_cpu_has(X86_FEATURE_MWAIT) )
+             cx->entry_method = ACPI_CSTATE_EM_FFH;
+         else
+             cx->entry_method = ACPI_CSTATE_EM_HALT;

Added: trunk/xen/debian/patches/upstream-21388:b6d75c255bf6
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21388:b6d75c255bf6	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,105 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1290453490 0
+# Node ID b6d75c255bf69bb5bd1a4b01d4ac583077409001
+# Parent  711ff9ac4d8cb973c1f908c92a43ce06f63a1fad
+x86 hvm: Fix VPMU issue on Nehalem cpus
+
+Fix an issue on Nehalem cpus where performance counter overflows may
+lead to endless interrupt loops on this cpu.
+
+Signed-off-by: Dietmar Hahn <dietmar.hahn at ts.fujitsu.com>
+xen-unstable changeset:   22417:c0c1f5f0745e
+xen-unstable date:        Mon Nov 22 19:16:34 2010 +0000
+
+diff -r 711ff9ac4d8c -r b6d75c255bf6 xen/arch/x86/hvm/vmx/vpmu_core2.c
+--- a/xen/arch/x86/hvm/vmx/vpmu_core2.c	Mon Nov 22 19:14:09 2010 +0000
++++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c	Mon Nov 22 19:18:10 2010 +0000
+@@ -35,6 +35,68 @@
+ #include <asm/hvm/vmx/vpmu.h>
+ #include <asm/hvm/vmx/vpmu_core2.h>
+ 
++/*
++ * QUIRK to workaround an issue on Nehalem processors currently seen
++ * on family 6 cpus E5520 (model 26) and X7542 (model 46).
++ * The issue leads to endless PMC interrupt loops on the processor.
++ * If the interrupt handler is running and a pmc reaches the value 0, this
++ * value remains forever and it triggers immediately a new interrupt after
++ * finishing the handler.
++ * A workaround is to read all flagged counters and if the value is 0 write
++ * 1 (or another value != 0) into it.
++ * There exist no errata and the real cause of this behaviour is unknown.
++ */
++bool_t __read_mostly is_pmc_quirk;
++
++static void check_pmc_quirk(void)
++{
++    u8 family = current_cpu_data.x86;
++    u8 cpu_model = current_cpu_data.x86_model;
++    is_pmc_quirk = 0;
++    if ( family == 6 )
++    {
++        if ( cpu_model == 46 || cpu_model == 26 )
++            is_pmc_quirk = 1;
++    }
++}
++
++static int core2_get_pmc_count(void);
++static void handle_pmc_quirk(u64 msr_content)
++{
++    int num_gen_pmc = core2_get_pmc_count();
++    int num_fix_pmc  = 3;
++    int i;
++    u64 val;
++
++    if ( !is_pmc_quirk )
++        return;
++
++    val = msr_content;
++    for ( i = 0; i < num_gen_pmc; i++ )
++    {
++        if ( val & 0x1 )
++        {
++            u64 cnt;
++            rdmsrl(MSR_P6_PERFCTR0 + i, cnt);
++            if ( cnt == 0 )
++                wrmsrl(MSR_P6_PERFCTR0 + i, 1);
++        }
++        val >>= 1;
++    }
++    val = msr_content >> 32;
++    for ( i = 0; i < num_fix_pmc; i++ )
++    {
++        if ( val & 0x1 )
++        {
++            u64 cnt;
++            rdmsrl(MSR_CORE_PERF_FIXED_CTR0 + i, cnt);
++            if ( cnt == 0 )
++                wrmsrl(MSR_CORE_PERF_FIXED_CTR0 + i, 1);
++        }
++        val >>= 1;
++    }
++}
++
+ u32 core2_counters_msr[] =   {
+     MSR_CORE_PERF_FIXED_CTR0,
+     MSR_CORE_PERF_FIXED_CTR1,
+@@ -497,6 +559,10 @@
+     rdmsrl(MSR_CORE_PERF_GLOBAL_STATUS, msr_content);
+     if ( !msr_content )
+         return 0;
++
++    if ( is_pmc_quirk )
++        handle_pmc_quirk(msr_content);
++
+     core2_vpmu_cxt->global_ovf_status |= msr_content;
+     msr_content = 0xC000000700000000 | ((1 << core2_get_pmc_count()) - 1);
+     wrmsrl(MSR_CORE_PERF_GLOBAL_OVF_CTRL, msr_content);
+@@ -518,6 +584,7 @@
+ 
+ static void core2_vpmu_initialise(struct vcpu *v)
+ {
++    check_pmc_quirk();
+ }
+ 
+ static void core2_vpmu_destroy(struct vcpu *v)

Added: trunk/xen/debian/patches/upstream-21389:2901cbe2eccc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21389:2901cbe2eccc	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,60 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1291041961 0
+# Node ID 2901cbe2eccc41ebd552bf6c829c8f0c46ba396c
+# Parent  b6d75c255bf69bb5bd1a4b01d4ac583077409001
+x86-64: don't crash Xen upon direct pv guest access to GDT/LDT mapping area
+
+handle_gdt_ldt_mapping_fault() is intended to deal with indirect
+accesses (i.e. those caused by descriptor loads) to the GDT/LDT
+mapping area only. While for 32-bit segment limits indeed prevent the
+function being entered for direct accesses (i.e. a #GP fault will be
+raised even before the address translation gets done, on 64-bit even
+user mode accesses would lead to control reaching the BUG_ON() at the
+beginning of that function.
+
+Fortunately the fix is simple: Since the guest kernel runs in ring 3,
+any guest direct access will have the "user mode" bit set, whereas
+descriptor loads always do the translations to access the actual
+descriptors as kernel mode ones.
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+
+Further, relax the BUG_ON() in handle_gdt_ldt_mapping_fault() to a
+check-and-bail. This avoids any problems in future, if we don't
+execute x86_64 guest kernels in ring 3 (e.g., because we use a
+lightweight HVM container).
+
+Signed-off-by: Keir Fraser <keir at xen.org>
+xen-unstable changeset:   22448:5cd9612db2bb
+xen-unstable date:        Mon Nov 29 14:34:32 2010 +0000
+
+diff -r b6d75c255bf6 -r 2901cbe2eccc xen/arch/x86/traps.c
+--- a/xen/arch/x86/traps.c	Mon Nov 22 19:18:10 2010 +0000
++++ b/xen/arch/x86/traps.c	Mon Nov 29 14:46:01 2010 +0000
+@@ -1051,8 +1051,14 @@
+     unsigned int is_ldt_area = (offset >> (GDT_LDT_VCPU_VA_SHIFT-1)) & 1;
+     unsigned int vcpu_area   = (offset >> GDT_LDT_VCPU_VA_SHIFT);
+ 
+-    /* Should never fault in another vcpu's area. */
+-    BUG_ON(vcpu_area != curr->vcpu_id);
++    /*
++     * If the fault is in another vcpu's area, it cannot be due to
++     * a GDT/LDT descriptor load. Thus we can reasonably exit immediately, and
++     * indeed we have to since map_ldt_shadow_page() works correctly only on
++     * accesses to a vcpu's own area.
++     */
++    if ( vcpu_area != curr->vcpu_id )
++        return 0;
+ 
+     /* Byte offset within the gdt/ldt sub-area. */
+     offset &= (1UL << (GDT_LDT_VCPU_VA_SHIFT-1)) - 1UL;
+@@ -1223,7 +1229,7 @@
+ 
+     if ( unlikely(IN_HYPERVISOR_RANGE(addr)) )
+     {
+-        if ( !(regs->error_code & PFEC_reserved_bit) &&
++        if ( !(regs->error_code & (PFEC_user_mode | PFEC_reserved_bit)) &&
+              (addr >= GDT_LDT_VIRT_START) && (addr < GDT_LDT_VIRT_END) )
+             return handle_gdt_ldt_mapping_fault(
+                 addr - GDT_LDT_VIRT_START, regs);

Added: trunk/xen/debian/patches/upstream-21395:2548598d110d
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21395:2548598d110d	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,31 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1291889763 0
+# Node ID 2548598d110d38355917b20abaa3422e32636001
+# Parent  6197158f6ba6acea6389ee260bfe8e96a42dfd6e
+x86:vlapic: Fix possible guest tick losing after save/restore
+
+Guest vcpu may totally lose all ticks if the vlapic->pt.irq was not
+restored during save/restore process. Fix it.
+
+Signed-off-by: Wei Gang <gang.wei at intel.com>
+xen-unstable changeset:   22470:0c97247c64d6
+xen-unstable date:        Thu Dec 09 08:34:59 2010 +0000
+
+diff -r 6197158f6ba6 -r 2548598d110d xen/arch/x86/hvm/vlapic.c
+--- a/xen/arch/x86/hvm/vlapic.c	Thu Dec 09 10:14:57 2010 +0000
++++ b/xen/arch/x86/hvm/vlapic.c	Thu Dec 09 10:16:03 2010 +0000
+@@ -863,12 +863,12 @@
+     unsigned long tmict = vlapic_get_reg(s, APIC_TMICT);
+     uint64_t period;
+ 
++    s->pt.irq = vlapic_get_reg(s, APIC_LVTT) & APIC_VECTOR_MASK;
+     if ( (tmict = vlapic_get_reg(s, APIC_TMICT)) == 0 )
+         return;
+ 
+     period = ((uint64_t)APIC_BUS_CYCLE_NS *
+               (uint32_t)tmict * s->hw.timer_divisor);
+-    s->pt.irq = vlapic_get_reg(s, APIC_LVTT) & APIC_VECTOR_MASK;
+     create_periodic_time(vlapic_vcpu(s), &s->pt, period,
+                          vlapic_lvtt_period(s) ? period : 0,
+                          s->pt.irq, vlapic_pt_cb,

Added: trunk/xen/debian/patches/upstream-21403:e7d9d8d46730
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21403:e7d9d8d46730	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,43 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292409119 0
+# Node ID e7d9d8d46730f3ca0cd60efd2e55181e2bd4e863
+# Parent  612eb10ba78b5ca72ca9c26fb68f1e003bdba34a
+x86/iommu: account for necessary allocations when calculating Dom0's
+initial allocation size
+
+As of c/s 21812:e382656e4dcc, IOMMU related allocations for Dom0
+happen only after it got all of its memory allocated, and hence the
+reserve (mainly for setting up its swiotlb) may get exhausted without
+accounting for the necessary allocations up front.
+
+While not precise, the estimate has been found to be within a couple
+of pages for the systems it got tested on.
+
+For the calculation to be reasonably correct, this depends on the
+patch titled "x86/iommu: don't map RAM holes above 4G" sent out
+yesterday.
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+xen-unstable changeset:   22506:618ba64260fa
+xen-unstable date:        Tue Dec 14 09:54:10 2010 +0000
+
+diff -r 612eb10ba78b -r e7d9d8d46730 xen/arch/x86/domain_build.c
+--- a/xen/arch/x86/domain_build.c	Wed Dec 15 10:31:08 2010 +0000
++++ b/xen/arch/x86/domain_build.c	Wed Dec 15 10:31:59 2010 +0000
+@@ -188,6 +188,15 @@
+     if ( is_pv_32on64_domain(d) )
+         avail -= opt_dom0_max_vcpus - 1;
+ 
++    /* Reserve memory for iommu_dom0_init() (rough estimate). */
++    if ( iommu_enabled )
++    {
++        unsigned int s;
++
++        for ( s = 9; s < BITS_PER_LONG; s += 9 )
++            avail -= max_page >> s;
++    }
++
+     /*
+      * If domain 0 allocation isn't specified, reserve 1/16th of available
+      * memory for things like DMA buffers. This reservation is clamped to 

Added: trunk/xen/debian/patches/upstream-21407:4e689840622f
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21407:4e689840622f	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,25 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292415227 0
+# Node ID 4e689840622fcae76b40d036ca5b3f6003f94997
+# Parent  1bec63e5bcfe06af2f04d00a663df14ce53a9718
+x86-64: fix restoring of hypercall arguments after trace callout
+
+Signed-off-by: Jan Beulich <jbeulich at novell.com>
+xen-unstable changeset:   22539:20c65aa19075
+xen-unstable date:        Wed Dec 15 12:09:41 2010 +0000
+
+diff -r 1bec63e5bcfe -r 4e689840622f xen/arch/x86/x86_64/entry.S
+--- a/xen/arch/x86/x86_64/entry.S	Wed Dec 15 12:06:56 2010 +0000
++++ b/xen/arch/x86/x86_64/entry.S	Wed Dec 15 12:13:47 2010 +0000
+@@ -171,8 +171,8 @@
+         movq  UREGS_rsi+SHADOW_BYTES(%rsp),%rsi   /* Arg 2        */
+         movq  UREGS_rdx+SHADOW_BYTES(%rsp),%rdx   /* Arg 3        */
+         movq  UREGS_r10+SHADOW_BYTES(%rsp),%rcx   /* Arg 4        */
+-        movq  UREGS_rdi+SHADOW_BYTES(%rsp),%r8    /* Arg 5        */
+-        movq  UREGS_rbp+SHADOW_BYTES(%rsp),%r9    /* Arg 6        */
++        movq  UREGS_r8 +SHADOW_BYTES(%rsp),%r8    /* Arg 5        */
++        movq  UREGS_r9 +SHADOW_BYTES(%rsp),%r9    /* Arg 6        */
+ #undef SHADOW_BYTES
+ 1:      leaq  hypercall_table(%rip),%r10
+         PERFC_INCR(PERFC_hypercalls, %rax, %rbx)

Added: trunk/xen/debian/patches/upstream-21409:a45388506790
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21409:a45388506790	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,31 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292514051 0
+# Node ID a453885067908f8a092b5d7f7d9ad07c8db3be9c
+# Parent  66a6203d27fdd02c1b619343e25e4a3d379aaac9
+vtd: Require unmap_vtd_domain_page() on a couple of early exit paths.
+
+From: Jan Beulich <JBeulich at novell.com>
+Signed-off-by: Keir Fraser <keir at xen.org>
+xen-unstable changeset:   22549:aa18b8ddaf05
+xen-unstable date:        Thu Dec 16 15:38:57 2010 +0000
+
+diff -r 66a6203d27fd -r a45388506790 xen/drivers/passthrough/vtd/iommu.c
+--- a/xen/drivers/passthrough/vtd/iommu.c	Wed Dec 15 12:14:05 2010 +0000
++++ b/xen/drivers/passthrough/vtd/iommu.c	Thu Dec 16 15:40:51 2010 +0000
+@@ -1300,6 +1300,7 @@
+     if ( context_set_domain_id(context, domain, iommu) )
+     {
+         spin_unlock(&iommu->lock);
++        unmap_vtd_domain_page(context_entries);
+         return -EFAULT;
+     }
+ 
+@@ -1631,6 +1632,7 @@
+     if ( old.val == new.val )
+     {
+         spin_unlock(&hd->mapping_lock);
++        unmap_vtd_domain_page(page);
+         return 0;
+     }
+     *pte = new;

Added: trunk/xen/debian/patches/upstream-21413:b05fa0652463
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ trunk/xen/debian/patches/upstream-21413:b05fa0652463	Wed Jan 12 11:39:39 2011	(r807)
@@ -0,0 +1,151 @@
+# HG changeset patch
+# User Keir Fraser <keir at xen.org>
+# Date 1292582910 0
+# Node ID b05fa0652463d322c125acdb945341e953616e59
+# Parent  eebc0881bdf7dc37e07102101d76c47892623b37
+vtd: Reinstate ACPI DMAR on system shutdown or S3/S4/S5.
+
+Signed-off-by: Keir Fraser <keir at xen.org>
+xen-unstable changeset:   22570:f2dba7ff0828
+xen-unstable date:        Fri Dec 17 10:46:43 2010 +0000
+
+diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/acpi/power.c
+--- a/xen/arch/x86/acpi/power.c	Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/arch/x86/acpi/power.c	Fri Dec 17 10:48:30 2010 +0000
+@@ -12,7 +12,6 @@
+ 
+ #include <xen/config.h>
+ #include <asm/io.h>
+-#include <asm/acpi.h>
+ #include <xen/acpi.h>
+ #include <xen/errno.h>
+ #include <xen/iocap.h>
+@@ -159,6 +158,8 @@
+ 
+     freeze_domains();
+ 
++    acpi_dmar_reinstate();
++
+     disable_nonboot_cpus();
+     if ( num_online_cpus() != 1 )
+     {
+@@ -229,6 +230,7 @@
+     cpufreq_add_cpu(0);
+     microcode_resume_cpu(0);
+     enable_nonboot_cpus();
++    acpi_dmar_zap();
+     thaw_domains();
+     spin_unlock(&pm_lock);
+     return error;
+diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/shutdown.c
+--- a/xen/arch/x86/shutdown.c	Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/arch/x86/shutdown.c	Fri Dec 17 10:48:30 2010 +0000
+@@ -308,6 +308,8 @@
+     console_start_sync();
+     spin_debug_disable();
+ 
++    acpi_dmar_reinstate();
++
+     local_irq_enable();
+ 
+     /* Ensure we are the boot CPU. */
+diff -r eebc0881bdf7 -r b05fa0652463 xen/arch/x86/tboot.c
+--- a/xen/arch/x86/tboot.c	Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/arch/x86/tboot.c	Fri Dec 17 10:48:30 2010 +0000
+@@ -5,6 +5,7 @@
+ #include <xen/sched.h>
+ #include <xen/domain_page.h>
+ #include <xen/iommu.h>
++#include <xen/acpi.h>
+ #include <asm/fixmap.h>
+ #include <asm/page.h>
+ #include <asm/processor.h>
+@@ -479,13 +480,7 @@
+ 
+     /* acpi_parse_dmar() zaps APCI DMAR signature in TXT heap table */
+     /* but dom0 will read real table, so must zap it there too */
+-    dmar_table = NULL;
+-    acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table);
+-    if ( dmar_table != NULL )
+-    {
+-        dmar_table->signature[0] = 'X';
+-        dmar_table->checksum -= 'X'-'D';
+-    }
++    acpi_dmar_zap();
+ 
+     return rc;
+ }
+diff -r eebc0881bdf7 -r b05fa0652463 xen/common/kexec.c
+--- a/xen/common/kexec.c	Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/common/kexec.c	Fri Dec 17 10:48:30 2010 +0000
+@@ -109,20 +109,13 @@
+     return out;
+ }
+ 
+-static int acpi_dmar_reinstate(struct acpi_table_header *table)
+-{
+-    table->signature[0] = 'D';
+-    table->checksum += 'X'-'D';
+-    return 0;
+-}
+-
+ static void kexec_common_shutdown(void)
+ {
+     watchdog_disable();
+     console_start_sync();
+     spin_debug_disable();
+     one_cpu_only();
+-    acpi_table_parse(ACPI_SIG_DMAR, acpi_dmar_reinstate);
++    acpi_dmar_reinstate();
+ }
+ 
+ void kexec_crash(void)
+diff -r eebc0881bdf7 -r b05fa0652463 xen/drivers/passthrough/vtd/dmar.c
+--- a/xen/drivers/passthrough/vtd/dmar.c	Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/drivers/passthrough/vtd/dmar.c	Fri Dec 17 10:48:30 2010 +0000
+@@ -768,3 +768,34 @@
+ {
+     return parse_dmar_table(acpi_parse_dmar);
+ }
++
++static struct acpi_table_header *get_dmar(void)
++{
++    struct acpi_table_header *dmar_table = NULL;
++    unsigned long flags;
++
++    /* Disabling IRQs avoids cross-CPU TLB flush in map_pages_to_xen(). */
++    local_irq_save(flags);
++    acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table);
++    local_irq_restore(flags);
++
++    return dmar_table;
++}
++
++void acpi_dmar_reinstate(void)
++{
++    struct acpi_table_header *dmar_table = get_dmar();
++    if ( dmar_table == NULL )
++        return;
++    dmar_table->signature[0] = 'D';
++    dmar_table->checksum += 'X'-'D';
++}
++
++void acpi_dmar_zap(void)
++{
++    struct acpi_table_header *dmar_table = get_dmar();
++    if ( dmar_table == NULL )
++        return;
++    dmar_table->signature[0] = 'X';
++    dmar_table->checksum -= 'X'-'D';
++}
+diff -r eebc0881bdf7 -r b05fa0652463 xen/include/xen/acpi.h
+--- a/xen/include/xen/acpi.h	Thu Dec 16 20:18:11 2010 +0000
++++ b/xen/include/xen/acpi.h	Fri Dec 17 10:48:30 2010 +0000
+@@ -421,4 +421,7 @@
+ 
+ void acpi_reboot(void);
+ 
++void acpi_dmar_zap(void);
++void acpi_dmar_reinstate(void);
++
+ #endif /*_LINUX_ACPI_H*/



More information about the Pkg-xen-changes mailing list