On 06.05.2025 10:31, Roger Pau Monne wrote:
> --- a/xen/arch/x86/hvm/mtrr.c
> +++ b/xen/arch/x86/hvm/mtrr.c
> @@ -605,22 +605,8 @@ int hvm_set_mem_pinned_cacheattr(struct domain *d,
> uint64_t gfn_start,
>
> type = range->type;
> call_rcu(&range->rcu, free_pinne
On 15.05.2025 12:04, Roger Pau Monné wrote:
> On Wed, Mar 22, 2023 at 07:50:09AM +0100, Jan Beulich wrote:
>> We don't permit use of uncachable memory types elsewhere unless a domain
>> meets certain criteria. Enforce this also during registration of pinned
>> cache attribute ranges.
>>
>> Furtherm
[Public]
> -Original Message-
> From: Jan Beulich
> Sent: Monday, May 12, 2025 11:45 PM
> To: Penny, Zheng
> Cc: Huang, Ray ; Andrew Cooper
> ; Anthony PERARD ;
> Orzel, Michal ; Julien Grall ; Roger Pau
> Monné ; Stefano Stabellini ;
> xen-
> de...@lists.xenproject.org
> Subject: Re: [
On 2025/5/16 00:29, Roger Pau Monné wrote:
> On Fri, May 09, 2025 at 05:05:34PM +0800, Jiqian Chen wrote:
>> @@ -786,15 +792,18 @@ static int vpci_init_capability_list(struct pci_dev
>> *pdev)
>>
>> next = pci_find_next_cap_ttl(pdev->sbdf,
>>
Patch 1 introduces use of d->arch.emulation_flags for non-x86 platforms and
hooks emulation_flags to 'q' keyhandler for debugging. emulation_flags on
non-x86 systems can be used for enabling domain emulation features.
Patch 2 rewrites emulation_flags_ok() on x86 with a goal of improving
readabilit
From: Denis Mukhin
Rewrite emulation_flags_ok() to simplify future modifications.
Also, introduce X86_EMU_{BASELINE,OPTIONAL} helper macros.
No functional change intended.
Signed-off-by: Denis Mukhin
---
Changes since v1:
- kept use of non-public X86_EMU_XXX flags
- corrected some comments an
From: Denis Mukhin
Define per-architecture emulation_flags for configuring domain emulation
features.
Print d->arch.emulation_flags from 'q' keyhandler for better traceability
while debugging.
Signed-off-by: Denis Mukhin
---
Changes since v1:
- dropped comments
---
xen/arch/arm/include/asm/do
From: Denis Mukhin
Currently, hypervisor code has two different non-system domain ID allocation
implementations:
(a) Sequential IDs allocation in dom0less Arm code based on max_init_domid;
(b) Sequential IDs allocation in XEN_DOMCTL_createdomain; does not use
max_init_domid (both Arm
From: Denis Mukhin
Remove the hardcoded domain ID 0 allocation for hardware domain and replace it
with a call to get_initial_domain_id() (returns the value of hardware_domid on
Arm).
Update domid_alloc(DOMID_INVALID) case to ensure that get_initial_domain_id()
ID is skipped during domain ID allo
The patch series adds new library calls for allocating domain IDs.
Patch 1 introduces new domid_{init,alloc,free} calls.
Patch 2 adjusts hardware domain ID treatment on Arm.
Link to v5:
https://lore.kernel.org/xen-devel/20250504135544.730906-1-dmuk...@ford.com/
Link to CI:
https://gitlab.com/xen
Hello to all,
please excuse my bad English and I hope this is the right List.
In Xen 4.20 kernel 6.12.19 Xen with CONFIG_SWIOTLB_DYNAMIC enabled I
could not load the xhci driver for my ASMEDIA ASM1042 usb3 controller
in dom0.
it always failes with -EOI (-5) in dma_set_mask (struct device *
From: Denis Mukhin
Introduce conring_flush() to ensure all messages kept in the internal
console ring are sent to all physical consoles (serial, VGA (x86))
after their initialization is completed.
Rename dump_console_ring_key to conring_dump_keyhandler to match the
notation for conring managemen
The patch series introduces a few cleanups aimed at reducing code duplication
in the console driver and improving readability.
Originally, patches 2 and 3 were part of NS16550 emulator v3 series [1].
Patch 1 performs a cleanup in conring console.
Patch 2 (see [2]) removes code duplication betwee
From: Denis Mukhin
guest_console_write() duplicates the code from __putstr(), eliminate code
duplication.
Introduce console_send() for sending a message on console devices.
Also, introduce internal console flags to control which console devices
should be used.
No functional change intended.
S
From: Denis Mukhin
Move conring tasklet code close to conring definitions in the console driver
and rename conring tasklet variables by adding conring_ prefix for better
readability.
No functional change.
Signed-off-by: Denis Mukhin
---
Changes since v3:
- dropped 3rd argument from conring_put
On 5/15/25 00:32, Xin Li wrote:
Hi Juergen,
I have some update on this thread while working on it.
If we continue down the path of maintaining pvops MSR APIs as this patch
series does, it seems we’ll need to duplicate the ALTERNATIVE code in
three different places.
1) The MSR access primitive
Sending again with an expanded description. RFC to have a discussion
about the approach.
With hyperlaunch, a domU can start before its console ring is connected
by xenconsoled. With nothing emptying the ring, it can quickly fill
during boot. In domU_write_console(), __write_console returns 0 wh
... when there really are only a few instructions in line.
In some cases, reformat to reduce left-hand margine space.
No functional change.
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
CC: Roger Pau Monné
CC: Stefano Stabellini
CC: Julien Grall
CC: Volodymyr Babchuk
CC: Bertrand Marqui
Since v1, split into multiple patches. Extend to BUG_FRAME and EXTABLE too.
https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/1819941756
Andrew Cooper (3):
xen: Introduce asm inline and use it for BUG_FRAME
x86: Use asm_inline for ALTERNATIVE() and EXTABLE
ARM: Use asm_inline
... when there really are only a few instructions in line.
In some cases, reformat to reduce left-hand margine space.
No functional change.
Signed-off-by: Andrew Cooper
---
CC: Jan Beulich
CC: Roger Pau Monné
CC: Stefano Stabellini
CC: Julien Grall
CC: Volodymyr Babchuk
CC: Bertrand Marqui
Compilers estimate the size of an asm() block for inlining purposes.
Constructs with embedded metadata (BUG_FRAME, ALTERNATIVE, EXTABLE, etc)
appear large, depsite often only being a handful of instructions. asm
inline() overrides the estimation to identify the block as being small.
This has a s
This is reported as a MISRA R16.3 (missing break) violation, but turns out to
be substantially more complicated than expected.
In commit a8fe4ec5320a ("x86emul: support RDRAND/RDSEED"), the switch()
statement had a default case going to cannot_emulate, with both the case 6 and
case 7 labels being
On 5/15/2025 8:29 AM, Ingo Molnar wrote:
* Xin Li (Intel) wrote:
xen_read_msr_safe() currently passes an uninitialized argument err to
xen_do_read_msr(). But as xen_do_read_msr() may not set the argument,
xen_read_msr_safe() could return err with an unpredictable value.
To ensure correctnes
On 5/15/2025 8:27 AM, Ingo Molnar wrote:
* Xin Li (Intel) wrote:
Convert a native_wrmsr() use to native_wrmsrq() to zap meaningless type
conversions when a u64 MSR value is splitted into two u32.
BTW., at this point we should probably just replace
sev_es_wr_ghcb_msr() calls with direct cal
On 22/04/2025 1:52 pm, Jan Beulich wrote:
> On 22.04.2025 13:39, Andrew Cooper wrote:
>> Compilers estimate the size of an asm() block for inlining purposes.
>>
>> Constructs such as ALTERNATIVE appear large due to the metadata, depsite
>> often
>> only being a handful of instructions. asm inline
Thanks for the testing.
I've formally submitted this as:
https://lore.kernel.org/xen-devel/20250515084123.43289-1-roger@citrix.com/
Functionality wise I think it should be the same as the last patch you
tried. Could you give it a spin and maybe provide a Tested-by if
suitable?
Thanks, Rog
On Fri, May 09, 2025 at 05:05:34PM +0800, Jiqian Chen wrote:
> Current logic of emulating legacy capability list is only for domU.
> So, expand it to emulate for dom0 too. Then it will be easy to hide
> a capability whose initialization fails in a function.
>
> And restrict adding PCI_STATUS regis
* Xin Li (Intel) wrote:
> xen_read_msr_safe() currently passes an uninitialized argument err to
> xen_do_read_msr(). But as xen_do_read_msr() may not set the argument,
> xen_read_msr_safe() could return err with an unpredictable value.
>
> To ensure correctness, initialize err to 0 (represent
* Xin Li (Intel) wrote:
> Convert a native_wrmsr() use to native_wrmsrq() to zap meaningless type
> conversions when a u64 MSR value is splitted into two u32.
>
> Signed-off-by: Xin Li (Intel)
> ---
> arch/x86/coco/sev/core.c | 7 +--
> 1 file changed, 1 insertion(+), 6 deletions(-)
>
>
On Wed, May 14, 2025 at 11:58:49AM -0400, Demi Marie Obenour wrote:
> On 5/14/25 10:24 AM, Sergii Dmytruk wrote:
> > On Tue, May 13, 2025 at 09:25:44PM -0400, Demi Marie Obenour wrote:
> >> On 5/13/25 1:05 PM, Sergii Dmytruk wrote:
> > That sentence in the commit message is worth rewording. GRUB i
During domU construction, a page of memory and an event channel must be setup
for the console connection. In this commit, a page from the special page region
of domU is setup as the console page along with an event channel. The page
address and event channel are published in the HVM parameters, so
Move pvh_load_kernel() and its helper functions to the domain builder. With
this move, it is now possible to move the remaining logic of
dom0_construct_pvh() to the domain builder. With all the logic moved, the
function can be dropped.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom0_bui
This commit introduces a per arch builder finalize method where all
post-construction finalization and cleanup can be handled. The call to discard
boot modules relocated from inside the two x86 domain construction paths to the
x86 domain builder finalize method. This will ensure modules are not dis
The only consumer of the function domain_cmdline_size() and the acpi_param
parameter is create_dom(). It is therefore reasonable to move
domain_cmdline_size() and the acpi_param parameter along with its parsing code
at the same time as create_dom0() is moved under the domain builder. While
moving c
Removes the dom0 naming from variables and isolates control/hardware
domain specific logic behind capabilities check.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/domain-builder/domain.c | 47 +++-
1 file changed, 26 insertions(+), 21 deletions(-)
diff --git a/xen/arc
Introduce the builder_create_domains() function that provides the general
domain construction abstraction that selects between classic dom0 construction
and the hyperlaunch domain builder.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/domain-builder/Makefile | 1 +
xen/arch/x86/domain-builder
The function bzimage_parse attempted to prepare the kernel image for copying
into the guest for all supported kernel types, not just bzImage. The result was
convoluted logic to handle three kernel image types, and then within the
bzImage type, also handle three types of payloads.
This commit moves
This commit enables the domain builder to unpause all domains
that have been flagged to start on boot.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/domain-builder/core.c | 20
xen/arch/x86/include/asm/boot-domain.h | 8 +---
xen/arch/x86/setup.c
During domU construction, a page of memory and an event channel must be setup
for xenstore connection. In this commit, a page from the special page region of
domU is setup as the xenstore page along with an event channel. The page
address and event channel are published in the HVM parameters, so th
Signed-off-by: Daniel P. Smith
---
xen/common/domain-builder/fdt.c | 32 +++-
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git a/xen/common/domain-builder/fdt.c b/xen/common/domain-builder/fdt.c
index 1b3492571b15..414bbf5d9fb1 100644
--- a/xen/common/domai
Introduce the logic to loop over boot_info->domains and construct
each valid entry in the array.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/domain-builder/core.c | 30
xen/arch/x86/domain-builder/domain.c | 7 +--
xen/arch/x86/hvm/dom_build.c | 5
This adds the MULTIDOMAIN_BUILDER kconfig option that will be used to enable
the domain construction path to be called multiple times. With the idea of
being able to construct multiple domains now introduced, rename construct_dom0()
to construct_dom().
Signed-off-by: Daniel P. Smith
---
xen/arch
Introduce hvm_setup_acpi() that will construct an APCI table for a general HVM
domU guest.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom_build.c | 213 ++-
1 file changed, 212 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/hvm/dom_build.c b/xen/
Introduce hvm_setup_e820() that will build the e820 memory map for a general
domU. To populate the ACPI entry, ACPI table size helpers are introduced. A
conditional is added to the domain builder to select between calling
hvm_setup_e820() and dom0_pvh_setup_e820() depending on if it is building dom
When constructing a disaggregated Xen system, there are certain domains with
particular capabilities that must be present and running at start-of-day. The
hardware domain is absolutely required, while a xenstore domain is mostly
required.
The function build_core_domains is introduced to encapsulat
The function pvh_steal_ram() is not pvh specific and can be used on any HVM
domain. Move to the domain builder and rename to hvm_steal_ram.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom0_build.c | 106 +++---
xen/arch/x86/hvm/dom_build.c | 84 +
The function pvh_setup_acpi() is dom0 specific, renaming it to
dom0_pvh_setup_acpi(). Now export the function so that it may be called by the
domain builder.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom0_build.c | 4 ++--
xen/arch/x86/include/asm/dom0_build.h | 2 ++
2 files c
The function bzimage_headroom attempted to determine the necessary headroom for
all supported kernel types, not just bzImage. The result was convoluted logic
to handle three kernel image types, and then within the bzImage type, also
handle three types of payloads.
This commit moves the generalized
Export the function cmdline_cook() so that it can be called outside of setup.c.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/include/asm/setup.h | 2 ++
xen/arch/x86/setup.c | 4 +---
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/include/asm/setup.h b
The late domain init helper is a helper tool for late setup of Xenstore for a
domain that was created by the hypervisor using hyperlaunch.
Signed-off-by: Daniel P. Smith
---
.gitignore| 1 +
tools/helpers/Makefile| 12 +
tools/helpers/late-init-domains.c |
The ramdisk field was incorrectly renamed to module without providing a sound
justification. Doing so creates an unnecessary indirection that can cause more
confusion than utility. The only way the field is populated is via a match of a
boot module of type BOOTMOD_RAMDISK. All usages of the field a
The gzip specification dictates that the last four bytes of a gzip
file will contain the modulo 2^32 of the original image size. Since
this is a function of gzip, relocate the logic under a gzip function.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/bzimage.c | 10 +++---
xen/common/gzi
Convert alloc_dom0_vcpu0() to dom0_set_affinity(), making it only set up the
node affinity based on command line parameters passed. At the same time,
introduce alloc_dom_vcpu0() as the replacement for alloc_dom0_vcpu(). Then have
alloc_dom_vcpu0() call dom0_set_affinity() when the boot domain is th
Relocated the function sched_setup_dom0_vcpus(), which was protected by an
ifdef CONFIG_X86, from common/sched to the hyperlaunch domain builder. Rename
it to alloc_dom_vcpus() to better reflect the purpose of the function.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/domain-builder/domain.c
The function pvh_setup_cpus() is a very general function that is usable by all
HVM domains, not just PVH. As such, renaming to hvm_setup_cpus during move.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom0_build.c | 45 +-
xen/arch/x86/hvm/dom_build.c
Caution is needed when dom0 is being constructed as PV using an older kernel
that does not have the elf note XEN_ELFNOTE_INIT_P2M. The logic for handling
this situation is embedded directly and takes into account whether dom0 memory
parameters were specified using the negative allocation syntax. To
Modeling after libxl__get_required_paging_memory(), refactor
dom0_paging_pages() to calculate the number of paging pages required for a
domain that is not the control or hardware domain. As the function is being
refactored, rename to dom_paging_pages() and move under the domain builder.
Signed-off
Relocate the initial block of hwdom setup code from dom0_construct_pvh() over
to dom_construct_pvh().
No functional change.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom0_build.c | 44 --
xen/arch/x86/hvm/dom_build.c | 50 ++
Introduce hvm_populate_p2m() for populating domU p2m maps. Rename
pvh_populate_p2m() to dom0_pvh_populate_p2m() and export it. With these
adjustments, move the calls to populate the p2m maps under domain builder.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom0_build.c | 14 +
The function dom_compute_nr_pages() is being moved to the domain builder. For
this to happen, the variable dom0_nodes, and the functions
calculate_dom0_pages() and dom0_pv_restrict_pages() must be exported.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/dom0_build.c | 75 +--
Move invocation of iommu_hwdom_init() to dom_construct_pvh() and guard it
with a hardware domain check.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom0_build.c | 2 --
xen/arch/x86/hvm/dom_build.c | 4
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/hvm
This commit seeks to rework the dom0_compute_nr_pages() function to consume a
boot domain structure that may contain requested memory pages, min pages, max
pages, and the reference for the initrd. With the passing of the boot domain
struct, the initrd_size parameter is dropped. This takes into acco
The amount of pages for a domain to be allocated is based on the physical nodes
a domain may be scheduled. For dom0, this can be restricted down from available
nodes via the dom0_nodes command line parameter.
Refactor dom0_compute_nr_pages() such that only apply the dom0_nodes
restriction only if
Introduce dom_construct_pvh() as a wrapper around dom0_construct_pvh(). This
function will be expanded as dom0 specific construction functions are
generalized.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/dom0_build.c | 5 ++--
xen/arch/x86/hvm/Makefile | 1 +
Generalize pvh_init_p2m() for use on domU and relocate under the domain
builder. To support moving the function, dom0_pvh_setup_e820() was exported.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/hvm/dom0_build.c | 23 +--
xen/arch/x86/hvm/dom_build.c | 25 +
To incrementally convert create_dom0() into being a generalized domain
construction function, move the dom0 specific cpuid policy behind the control
domain capability.
Signed-off-by: Daniel P. Smith
---
xen/arch/x86/setup.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/xe
The domain configuration may request more vcpus than are present in the system.
For dom0, the function dom0_max_vcpus() was used to clamp down to physically
available vcpus. Here we are introducing a generalized version,
dom_max_vcpus(), that takes a boot domain and sets the max vcpus based on the
NOTE: Sending this series as an RFC as it is a follow-on to the hyperlaunch
dom0 device tree series going through rounds of review right now. This
iteration of the RFC series is based off of v6 of the dom0 device tree series.
The Hyperlaunch domain builder series is the third split out for the
int
Add new section to MAINTAINERS for hyperlaunch, including the files
specifically added to this point under the hyperlaunch work.
Signed-off-by: Daniel P. Smith
---
MAINTAINERS | 11 +++
1 file changed, 11 insertions(+)
diff --git a/MAINTAINERS b/MAINTAINERS
index c11b82eca98f..d9a85a0b8
On 5/2/25 03:21, Jan Beulich wrote:
On 30.04.2025 20:56, Daniel P. Smith wrote:
On 4/29/25 08:36, Alejandro Vallejo wrote:
--- a/xen/common/Makefile
+++ b/xen/common/Makefile
@@ -11,6 +11,7 @@ obj-$(filter-out $(CONFIG_X86),$(CONFIG_ACPI)) += device.o
obj-$(CONFIG_HAS_DEVICE_TREE) += device-
On 12.05.25 23:54, Stefano Stabellini wrote:
From: Stefano Stabellini
dm_op hypercalls might come from userspace and pass memory addresses as
parameters. The memory addresses typically correspond to buffers
allocated in userspace to hold extra hypercall parameters.
On ARM, when CONFIG_ARM64_SW
On Mon, May 12, 2025 at 05:38:07PM +0200, Jan Beulich wrote:
> On 06.05.2025 14:55, Roger Pau Monné wrote:
> > On Tue, May 06, 2025 at 12:16:00PM +0100, Andrew Cooper wrote:
> >> On 06/05/2025 9:31 am, Roger Pau Monne wrote:
> >>> When a guest is allowed access to cache control operations such trac
On Mon, May 12, 2025 at 05:24:01PM +0200, Jan Beulich wrote:
> On 06.05.2025 10:31, Roger Pau Monne wrote:
> > Such flag is added to the domain create hypercall, and a matching option is
> > added to xl and libxl to set the flag: `cache_control`. When the flag is
> > set, the domain is allowed the
On Mon, May 12, 2025 at 05:16:02PM +0200, Jan Beulich wrote:
> On 06.05.2025 10:31, Roger Pau Monne wrote:
> > To better describe the underlying implementation. Define
> > cache_flush_permitted() as an alias of has_arch_io_resources(), so that
> > current users of cache_flush_permitted() are not e
On Mon, May 12, 2025 at 05:04:56PM +0200, Jan Beulich wrote:
> On 06.05.2025 10:31, Roger Pau Monne wrote:
> > The current logic partially open-codes memory_type_changed(), but doesn't
> > check whether the type change or the cache flush is actually needed.
> > Instead switch to using memory_type_c
On Mon, May 12, 2025 at 10:55:18AM -0700, Lira, Victor M wrote:
> On 5/12/2025 9:16 AM, Roger Pau Monné wrote:
> > Caution: This message originated from an External Source. Use proper
> > caution when opening attachments, clicking links, or responding.
> >
> >
> > On Fri, Apr 25, 2025 at 09:47:5
On Thu, May 15, 2025 at 11:24:59AM +0200, Jan Beulich wrote:
> On 15.05.2025 10:41, Roger Pau Monne wrote:
> > For once the message printed when a BAR overlaps with a non-hole regions is
> > not accurate on x86. While the BAR won't be mapped by the vPCI logic, it
> > is quite likely overlapping wi
On 12.05.2025 17:55, Oleksii Kurochko wrote:
> --- a/xen/arch/riscv/Makefile
> +++ b/xen/arch/riscv/Makefile
> @@ -1,5 +1,6 @@
> obj-y += aplic.o
> obj-y += cpufeature.o
> +obj-y += dom0less-build.o
Arm uses
obj-$(CONFIG_DOM0LESS_BOOT) += dom0less-build.init.o
Why the two differences?
> --- /
In preparation for adding support for livepatch signing, add support for
RSA crypto.
The RSA code is extracted from Nettle at tag nettle_3.2_release_20160128
(https://git.lysator.liu.se/nettle/nettle).
The MPI code is extracted from Linux at commit eef0df6a5953 (lib/mpi/*).
Signed-off-by: Ross L
On Wed, Mar 22, 2023 at 07:50:09AM +0100, Jan Beulich wrote:
> We don't permit use of uncachable memory types elsewhere unless a domain
> meets certain criteria. Enforce this also during registration of pinned
> cache attribute ranges.
>
> Furthermore restrict cache flushing to just uncachable ran
On 06.05.2025 18:51, Oleksii Kurochko wrote:
> --- a/xen/arch/riscv/setup.c
> +++ b/xen/arch/riscv/setup.c
> @@ -4,12 +4,16 @@
> #include
> #include
> #include
> +#include
> #include
> #include
> #include
> #include
> +#include
Why's this needed? I can't spot anything ...
> +#incl
On 06.05.2025 18:51, Oleksii Kurochko wrote:
> @@ -58,6 +59,89 @@ int platform_get_irq(const struct dt_device_node *device,
> int index)
> return dt_irq.irq;
> }
>
> +static int _setup_irq(struct irq_desc *desc, unsigned int irqflags,
> + struct irqaction *new)
> +{
>
On 06.05.2025 18:51, Oleksii Kurochko wrote:
> +static void cf_check aplic_set_irq_type(struct irq_desc *desc, unsigned int
> type)
> +{
> +/*
> +* Interrupt 0 isn't possible based on the spec:
> +* Each of an APLIC’s interrupt sources has a fixed unique identity
> number in the ran
Parse the raw data of the embedded RSA key into a form that can be later
used for verifying live patch signatures.
Signed-off-by: Ross Lagerwall
---
In v2:
* Split out from "livepatch: Embed public key in Xen"
xen/common/livepatch.c | 36
1 file changed, 3
Live patch signing support was mentioned as future work in the design
document several years ago. This series finally implements support for
it since it is a requirement of Secure Boot to prevent loading unsigned
code into Xen.
See the individual patches for what has changed in v2.
Jennifer Herbe
Remove a never-implemented description of live patch signing from the
TODO section and document signing as implemented by the following
patches.
Signed-off-by: Ross Lagerwall
---
In v2:
* Use ELF note type and descriptor length rather than a custom header.
* Rename SIGNATURE_SUPPORTED_VERION
On 06.05.2025 18:51, Oleksii Kurochko wrote:
> Introduce intc_init() to initialize the interrupt controller using the
> registered hardware ops.
> Also add intc_route_irq_to_xen() to route IRQs to Xen, with support for
> setting IRQ type and priority via new internal helpers intc_set_irq_type()
> a
On 06.05.2025 18:51, Oleksii Kurochko wrote:
> --- a/xen/arch/riscv/aplic-priv.h
> +++ b/xen/arch/riscv/aplic-priv.h
> @@ -14,6 +14,7 @@
> #ifndef ASM__RISCV_PRIV_APLIC_H
> #define ASM__RISCV_PRIV_APLIC_H
>
> +#include
> #include
>
> #include
> @@ -27,6 +28,9 @@ struct aplic_priv {
>
From: Kevin Lampis
Make it possible to embed a public key in Xen to be used when verifying
live patch payloads. Inclusion of the public key is optional.
To avoid needing to include a DER / X.509 parser in the hypervisor, the
public key is unpacked at build time and included in a form that is
con
From: Jennifer Herbert
Verify livepatch signatures against the embedded public key in Xen.
Failing to verify does not prevent the livepatch from being loaded.
In future, this will be changed for certain cases (e.g. when Secure Boot
is enabled).
Signed-off-by: Jennifer Herbert
Signed-off-by: Ros
On 15.05.2025 10:41, Roger Pau Monne wrote:
> For once the message printed when a BAR overlaps with a non-hole regions is
> not accurate on x86. While the BAR won't be mapped by the vPCI logic, it
> is quite likely overlapping with a reserved region in the memory map, and
> already mapped as by de
On Mon, May 12, 2025 at 1:38 PM Jan Beulich wrote:
>
> On 06.05.2025 16:32, Ross Lagerwall wrote:
> > In preparation for adding support for livepatch signing, add support for
> > RSA crypto.
>
> If this is needed just for live-patch, ...
>
> > --- a/xen/common/Makefile
> > +++ b/xen/common/Makefil
On 15.05.2025 10:57, Roger Pau Monne wrote:
> Remove an open-coded instance of rangeset_subtract(). No functional change
> intended.
>
> Signed-off-by: Roger Pau Monné
Acked-by: Jan Beulich
On 06.05.2025 18:51, Oleksii Kurochko wrote:
> --- /dev/null
> +++ b/xen/arch/riscv/aplic-priv.h
> @@ -0,0 +1,34 @@
> +/* SPDX-License-Identifier: MIT */
> +
> +/*
> + * xen/arch/riscv/aplic.h
If already you have such in a comment, please have it be correct.
> + * Private part of aplic.h header.
On Thu, May 08, 2025 at 09:20:33AM -0400, Stewart Hildebrand wrote:
> Introduce rangeset_subtract() to remove regions in r2 from r1.
Oh, you could have replaced the code in arch_iommu_hwdom_init() to
make use of this new helper. I will prepare a patch now.
Regards, Roger.
On Wed, May 14, 2025 at 10:04:26AM +0200, Roger Pau Monne wrote:
> When adding extra memory regions as ballooned pages also adjust the balloon
> target, otherwise when the balloon driver is started it will populate
> memory to match the target value and consume all the extra memory regions
> added.
Remove an open-coded instance of rangeset_subtract(). No functional change
intended.
Signed-off-by: Roger Pau Monné
---
xen/drivers/passthrough/x86/iommu.c | 10 +-
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/xen/drivers/passthrough/x86/iommu.c
b/xen/drivers/passthroug
On 5/13/2025 3:24 PM, H. Peter Anvin wrote:
On May 12, 2025 11:06:02 PM PDT, "Jürgen Groß" wrote:
On 13.05.25 07:55, Xin Li wrote:
On 5/12/2025 4:24 AM, Juergen Gross wrote:
Now with the mentioned patch really attached. :-)
Does it allow patching with an instruction more than 6 bytes long?
On 06.05.2025 18:51, Oleksii Kurochko wrote:
> imsic_init() is introduced to parse device tree node, which has the following
> bindings [2], and based on the parsed information update IMSIC configuration
> which is stored in imsic_cfg.
>
> The following helpers are introduces for imsic_init() usag
For once the message printed when a BAR overlaps with a non-hole regions is
not accurate on x86. While the BAR won't be mapped by the vPCI logic, it
is quite likely overlapping with a reserved region in the memory map, and
already mapped as by default all reserved regions are identity mapped in
th
1 - 100 of 105 matches
Mail list logo
