# HG changeset patch
# User Alex Williamson <alex.williamson@xxxxxx>
# Date 1184078366 21600
# Node ID 42586a0f4407528a32ba9da003d14a8ff49193bf
# Parent 87b0b6a08dbdf5882c6223b0b6b7b189a15b0482
# Parent 80099a459d7a2f9c2d7f895ffc8854ca9435206d
merge with xen-unstable.hg
---
tools/xenstore/fake_libxc.c | 143 -
tools/xenstore/speedtest.c | 130 -
tools/xenstore/testsuite/01simple.test | 4
tools/xenstore/testsuite/02directory.test | 45
tools/xenstore/testsuite/03write.test | 28
tools/xenstore/testsuite/04rm.test | 20
tools/xenstore/testsuite/05filepermissions.test | 81 -
tools/xenstore/testsuite/06dirpermissions.test | 119 -
tools/xenstore/testsuite/07watch.test | 176 --
tools/xenstore/testsuite/08transaction.slowtest | 43
tools/xenstore/testsuite/08transaction.test | 92 -
tools/xenstore/testsuite/09domain.test | 19
tools/xenstore/testsuite/10domain-homedir.test | 18
tools/xenstore/testsuite/11domain-watch.test | 50
tools/xenstore/testsuite/12readonly.test | 38
tools/xenstore/testsuite/13watch-ack.test | 21
tools/xenstore/testsuite/14complexperms.test | 68
tools/xenstore/testsuite/test.sh | 64
tools/xenstore/testsuite/vg-suppressions | 9
tools/xenstore/xenstored_test.h | 37
tools/xenstore/xs_crashme.c | 393 ----
tools/xenstore/xs_random.c | 1590 --------------------
tools/xenstore/xs_stress.c | 207 --
tools/xenstore/xs_test.c | 812 ----------
xen/arch/x86/genapic/es7000.h | 120 -
.hgignore | 4
Config.mk | 7
buildconfigs/enable-xen-config | 36
buildconfigs/ketchup | 742 +++++++++
buildconfigs/mk.linux-2.6-mm | 14
buildconfigs/mk.linux-2.6-paravirt | 4
buildconfigs/mk.linux-2.6-rc | 14
buildconfigs/mk.linux-2.6-tip | 14
buildconfigs/mk.linux-2.6-xen | 4
buildconfigs/src.tarball | 12
docs/man/xm.pod.1 | 331 ++--
tools/blktap/drivers/Makefile | 1
tools/blktap/lib/Makefile | 2
tools/examples/init.d/xendomains | 29
tools/examples/xend-config.sxp | 6
tools/firmware/etherboot/README | 5
tools/firmware/rombios/rombios.c | 4
tools/firmware/vmxassist/vm86.c | 190 +-
tools/ioemu/keymaps/ja | 1
tools/ioemu/keymaps/modifiers | 4
tools/ioemu/vnc_keysym.h | 4
tools/libxc/Makefile | 1
tools/libxc/xc_domain.c | 1
tools/libxc/xc_misc.c | 2
tools/libxc/xenctrl.h | 3
tools/python/xen/lowlevel/xc/xc.c | 69
tools/python/xen/util/acmpolicy.py | 1199 +++++++++++++++
tools/python/xen/util/bootloader.py | 521 ++++++
tools/python/xen/util/security.py | 791 ++++++++-
tools/python/xen/util/xsconstants.py | 104 +
tools/python/xen/util/xspolicy.py | 66
tools/python/xen/xend/XendAPI.py | 66
tools/python/xen/xend/XendConfig.py | 40
tools/python/xen/xend/XendDomain.py | 35
tools/python/xen/xend/XendDomainInfo.py | 198 ++
tools/python/xen/xend/XendError.py | 18
tools/python/xen/xend/XendNode.py | 61
tools/python/xen/xend/XendOptions.py | 3
tools/python/xen/xend/XendVDI.py | 12
tools/python/xen/xend/XendXSPolicy.py | 222 ++
tools/python/xen/xend/XendXSPolicyAdmin.py | 314 +++
tools/python/xen/xend/server/SrvDomain.py | 3
tools/python/xen/xend/server/blkif.py | 15
tools/python/xen/xend/server/netif.py | 9
tools/python/xen/xend/server/vfbif.py | 5
tools/python/xen/xm/create.py | 8
tools/python/xen/xm/main.py | 42
tools/security/policies/security_policy.xsd | 29
tools/security/xensec_ezpolicy | 16
tools/xcutils/Makefile | 2
tools/xenmon/xenbaked.c | 2
tools/xenstat/libxenstat/src/xenstat.c | 2
tools/xenstore/Makefile | 94 -
tools/xenstore/xenstored_core.c | 105 -
tools/xenstore/xenstored_domain.c | 4
tools/xenstore/xenstored_transaction.c | 1
tools/xenstore/xenstored_watch.c | 12
tools/xentrace/xentrace.c | 2
tools/xm-test/tests/info/02_info_compiledata_pos.py | 4
xen/arch/ia64/Rules.mk | 2
xen/arch/ia64/xen/dom0_ops.c | 46
xen/arch/powerpc/Makefile | 16
xen/arch/powerpc/Rules.mk | 2
xen/arch/powerpc/boot_of.c | 27
xen/arch/powerpc/domain.c | 2
xen/arch/powerpc/domain_build.c | 136 -
xen/arch/powerpc/external.c | 85 -
xen/arch/powerpc/mm.c | 2
xen/arch/powerpc/mpic_init.c | 58
xen/arch/powerpc/mpic_init.h | 4
xen/arch/powerpc/of_handler/Makefile | 1
xen/arch/powerpc/of_handler/head.S | 26
xen/arch/powerpc/of_handler/ofh.c | 1
xen/arch/powerpc/of_handler/rtas.c | 82 +
xen/arch/powerpc/of_handler/vdevice.c | 2
xen/arch/powerpc/of_handler/xen_hvcall.S | 26
xen/arch/powerpc/ofd_fixup.c | 37
xen/arch/powerpc/oftree.h | 4
xen/arch/powerpc/powerpc64/hypercall_table.S | 2
xen/arch/powerpc/rtas.c | 151 +
xen/arch/powerpc/rtas.h | 31
xen/arch/powerpc/rtas_flash.c | 182 ++
xen/arch/powerpc/rtas_nvram.c | 129 +
xen/arch/powerpc/sysctl.c | 6
xen/arch/powerpc/time.c | 2
xen/arch/x86/Rules.mk | 2
xen/arch/x86/dmi_scan.c | 2
xen/arch/x86/domain.c | 2
xen/arch/x86/domain_build.c | 3
xen/arch/x86/e820.c | 34
xen/arch/x86/genapic/es7000plat.c | 214 --
xen/arch/x86/hvm/svm/emulate.c | 4
xen/arch/x86/hvm/svm/svm.c | 135 +
xen/arch/x86/hvm/vlapic.c | 4
xen/arch/x86/hvm/vmx/intr.c | 67
xen/arch/x86/hvm/vmx/vmcs.c | 15
xen/arch/x86/hvm/vmx/vmx.c | 630 ++++---
xen/arch/x86/mm.c | 34
xen/arch/x86/mm/hap/hap.c | 2
xen/arch/x86/mm/p2m.c | 23
xen/arch/x86/mm/shadow/common.c | 15
xen/arch/x86/mm/shadow/multi.c | 13
xen/arch/x86/mm/shadow/private.h | 4
xen/arch/x86/mpparse.c | 6
xen/arch/x86/setup.c | 126 -
xen/arch/x86/sysctl.c | 32
xen/arch/x86/traps.c | 2
xen/arch/x86/x86_32/seg_fixup.c | 84 +
xen/arch/x86/x86_32/traps.c | 10
xen/arch/x86/x86_32/xen.lds.S | 4
xen/arch/x86/x86_64/compat/traps.c | 25
xen/arch/x86/x86_64/compat_kexec.S | 2
xen/arch/x86/x86_64/entry.S | 1
xen/arch/x86/x86_64/mm.c | 113 -
xen/arch/x86/x86_64/traps.c | 29
xen/arch/x86/x86_64/xen.lds.S | 4
xen/common/compat/kernel.c | 3
xen/common/domain.c | 41
xen/common/domctl.c | 1
xen/common/event_channel.c | 21
xen/common/kernel.c | 21
xen/common/page_alloc.c | 9
xen/include/asm-x86/config.h | 8
xen/include/asm-x86/hvm/svm/svm.h | 40
xen/include/asm-x86/hvm/vmx/vmcs.h | 4
xen/include/asm-x86/hvm/vmx/vmx.h | 24
xen/include/asm-x86/mach-es7000/mach_mpparse.h | 7
xen/include/asm-x86/mach-generic/mach_apic.h | 5
xen/include/asm-x86/mm.h | 3
xen/include/asm-x86/paging.h | 16
xen/include/asm-x86/processor.h | 7
xen/include/asm-x86/regs.h | 5
xen/include/asm-x86/system.h | 4
xen/include/public/domctl.h | 3
xen/include/public/sysctl.h | 20
xen/include/xen/compat.h | 2
xen/include/xen/cpumask.h | 9
xen/include/xen/init.h | 6
firmware/etherboot/eb-rtl8139.zrom | 0
164 files changed, 6505 insertions(+), 6293 deletions(-)
diff -r 87b0b6a08dbd -r 42586a0f4407 .hgignore
--- a/.hgignore Mon Jul 09 09:22:58 2007 -0600
+++ b/.hgignore Tue Jul 10 08:39:26 2007 -0600
@@ -67,6 +67,9 @@
^linux-[^/]*-xen0/.*$
^linux-[^/]*-xenU/.*$
^linux-[^/]*-paravirt/.*$
+^linux-[^/]*-mm/.*$
+^linux-[^/]*-rc/.*$
+^linux-[^/]*-tip/.*$
^linux-[^/]*\.patch$
^mkddbxen$
^netbsd-[^/]*-tools/.*$
@@ -241,6 +244,7 @@
^xen/arch/powerpc/dom0\.bin$
^xen/arch/powerpc/asm-offsets\.s$
^xen/arch/powerpc/firmware$
+^xen/arch/powerpc/firmware.dbg$
^xen/arch/powerpc/firmware_image.bin$
^xen/arch/powerpc/xen\.lds$
^xen/arch/powerpc/\.xen-syms$
diff -r 87b0b6a08dbd -r 42586a0f4407 Config.mk
--- a/Config.mk Mon Jul 09 09:22:58 2007 -0600
+++ b/Config.mk Tue Jul 10 08:39:26 2007 -0600
@@ -17,8 +17,9 @@ SHELL ?= /bin/sh
SHELL ?= /bin/sh
# Tools to run on system hosting the build
-HOSTCC = gcc
-HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer
+HOSTCC = gcc
+HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer
+HOSTCFLAGS += -fno-strict-aliasing
DISTDIR ?= $(XEN_ROOT)/dist
DESTDIR ?= /
@@ -58,6 +59,8 @@ CFLAGS += -g
CFLAGS += -g
endif
+CFLAGS += -fno-strict-aliasing
+
CFLAGS += -std=gnu99
CFLAGS += -Wall -Wstrict-prototypes
diff -r 87b0b6a08dbd -r 42586a0f4407 buildconfigs/enable-xen-config
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/buildconfigs/enable-xen-config Tue Jul 10 08:39:26 2007 -0600
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -ex
+
+if [ $# -ne 1 ] ; then
+ echo "Usage $(basename $0) <config-file>" 1>&2
+ exit 1
+fi
+
+CONFIG=$1
+
+setopt()
+{
+ OPTION=$1
+ VALUE=$2
+
+ # First remove any existing instances of this option
+ sed -e "s/^# ${OPTION} is not set$//g ; s/^^{OPTION}=.$//g" -i
"${CONFIG}"
+
+ # Then append the new value
+ case ${VALUE} in
+ y|m) echo "${OPTION}=${VALUE}" >> "${CONFIG}" ;;
+ n) echo "# ${OPTION} is not set" >> "${CONFIG}" ;;
+ *) echo "Invalid value ${VALUE} for ${OPTION}" 1>&2 ; exit 1 ;;
+ esac
+}
+
+setopt CONFIG_PARAVIRT y
+setopt CONFIG_XEN y
+setopt CONFIG_VMI y
+setopt CONFIG_LGUEST n
+setopt CONFIG_XEN_BLKDEV_FRONTEND y
+setopt CONFIG_XEN_NETDEV_FRONTEND y
+setopt CONFIG_HVC_XEN y
+
+exit 0
diff -r 87b0b6a08dbd -r 42586a0f4407 buildconfigs/ketchup
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/buildconfigs/ketchup Tue Jul 10 08:39:26 2007 -0600
@@ -0,0 +1,742 @@
+#!/usr/bin/python
+#
+# ketchup 0.9.8
+# http://selenic.com/ketchup/wiki
+#
+# Copyright 2004 Matt Mackall <mpm@xxxxxxxxxxx>
+#
+# This software may be used and distributed according to the terms
+# of the GNU General Public License, incorporated herein by reference.
+#
+# Usage:
+#
+# in an existing kernel directory, run:
+#
+# ketchup <version>
+#
+# where version is a complete kernel version, or a branch name to grab
+# the latest version
+#
+# You can override some variables by creating a ~/.ketchuprc file.
+# The ~/.ketchuprc is just a Python script, eg. it might look like this:
+#
+# kernel_url = 'http://kernel.localdomain/pub/linux/kernel'
+# archive = os.environ["HOME"] + '/tmp/ketchup-archive'
+# gpg = '/weird/path/to/gpg'
+#
+
+import re, sys, urllib, os, getopt, glob, shutil
+
+def error(*args):
+ sys.stderr.write("ketchup: ")
+ for a in args:
+ sys.stderr.write(str(a))
+ sys.stderr.write("\n")
+
+def qprint(*args):
+ if not options["quiet"]:
+ sys.stdout.write(" ".join(map(str, args)))
+ sys.stdout.write("\n")
+
+def lprint(*args):
+ sys.stdout.write(" ".join(map(str, args)))
+ sys.stdout.write("\n")
+
+
+def fancyopts(args, options, state, syntax=''):
+ long = []
+ short = ''
+ map = {}
+ dt = {}
+
+ def help(state, opt, arg, options = options, syntax = syntax):
+ lprint("Usage: ", syntax)
+
+ for s, l, d, c in options:
+ opt = ' '
+ if s: opt = opt + '-' + s + ' '
+ if l: opt = opt + '--' + l + ' '
+ if d: opt = opt + '(' + str(d) + ')'
+ lprint(opt)
+ if c: lprint(' %s' % c)
+ sys.exit(0)
+
+ options = [('h', 'help', help, 'Show usage info')] + options
+
+ for s, l, d, c in options:
+ map['-'+s] = map['--'+l]=l
+ state[l] = d
+ dt[l] = type(d)
+ if not d is None and not type(d) is type(help): s, l = s + ':', l + '='
+ if s: short = short + s
+ if l: long.append(l)
+
+ if os.environ.has_key("KETCHUP_OPTS"):
+ args = os.environ["KETCHUP_OPTS"].split() + args
+
+ try:
+ opts, args = getopt.getopt(args, short, long)
+ except getopt.GetoptError:
+ help(state, None, args)
+ sys.exit(-1)
+
+ for opt, arg in opts:
+ if dt[map[opt]] is type(help): state[map[opt]](state,map[opt],arg)
+ elif dt[map[opt]] is type(1): state[map[opt]] = int(arg)
+ elif dt[map[opt]] is type(''): state[map[opt]] = arg
+ elif dt[map[opt]] is type([]): state[map[opt]].append(arg)
+ elif dt[map[opt]] is type(None): state[map[opt]] = 1
+
+ return args
+
+# Default values
+kernel_url = 'http://www.kernel.org/pub/linux/kernel'
+archive = os.environ["HOME"] + "/.ketchup"
+rename_prefix = 'linux-'
+rename_with_localversion = False
+wget = "/usr/bin/wget"
+gpg = "/usr/bin/gpg"
+precommand = postcommand = None
+default_tree = None
+local_trees = {}
+
+# Functions to parse version strings
+
+def tree(ver):
+ return float(re.match(r'(\d+\.\d+)', ver).group(1))
+
+def rev(ver):
+ p = pre(ver)
+ r = int(re.match(r'\d+\.\d+\.(\d+)', ver).group(1))
+ if p: r = r - 1
+ return r
+
+def pre(ver):
+ try: return re.match(r'\d+\.\d+\.\d+(\.\d+)?-((rc|pre)\d+)', ver).group(2)
+ except: return None
+
+def post(ver):
+ try: return re.match(r'\d+\.\d+\.\d+\.(\d+)', ver).group(1)
+ except: return None
+
+def pretype(ver):
+ try: return re.match(r'\d+\.\d+\.\d+(\.\d+)?-((rc|pre)\d+)', ver).group(3)
+ except: return None
+
+def prenum(ver):
+ try: return int(re.match(r'\d+\.\d+\.\d+-((rc|pre)(\d+))', ver).group(3))
+ except: return None
+
+def prebase(ver):
+ return re.match(r'(\d+\.\d+\.\d+((-(rc|pre)|\.)\d+)?)', ver).group(1)
+
+def revbase(ver):
+ return "%s.%s" % (tree(ver), rev(ver))
+
+def base(ver):
+ v = revbase(ver)
+ if post(ver): v += "." + post(ver)
+ return v
+
+def forkname(ver):
+ try: return re.match(r'\d+.\d+.\d+(\.\d+)?(-(rc|pre)\d+)?(-(\w+?)\d+)?',
+ ver).group(5)
+ except: return None
+
+def forknum(ver):
+ try: return int(
+ re.match(r'\d+.\d+.\d+(\.\d+)?(-(rc|pre)\d+)?(-(\w+?)(\d+))?',
+ ver).group(6))
+ except: return None
+
+def fork(ver):
+ try: return re.match(r'\d+.\d+.\d+(\.\d+)?(-(rc|pre)\d+)?(-(\w+))?',
ver).group(4)
+ except: return None
+
+def get_ver(makefile):
+ """ Read the version information from the specified makefile """
+ part = {}
+ parts = "VERSION PATCHLEVEL SUBLEVEL EXTRAVERSION".split(' ')
+ m = open(makefile)
+ for l in m.readlines():
+ for p in parts:
+ try: part[p] = re.match(r'%s\s*=\s*(\S+)' % p, l).group(1)
+ except: pass
+
+ version = "%s.%s.%s" % tuple([part[p] for p in parts[:3]])
+ version += part.get("EXTRAVERSION","")
+ return version
+
+def get_localversion():
+ v = ''
+
+ for name in glob.glob('localversion*'):
+ try: v += open(name).readline().strip()
+ except: pass
+
+ try:
+ c = open('.config').read()
+ v += re.search(r'^CONFIG_LOCALVERSION="(.+)"', c, re.M).group(1)
+ except: pass
+
+ return v
+
+def compare_ver(a, b):
+ """
+ Compare kernel versions a and b
+
+ Note that -pre and -rc versions sort before the version they modify,
+ -pre sorts before -rc, -bk, -git, and -mm, etc. sort alphabetically.
+ """
+ if a == b: return 0
+
+ c = cmp(float(tree(a)), float(tree(b)))
+ if c: return c
+ c = cmp(rev(a), rev(b))
+ if c: return c
+ c = cmp(int(post(a) or 0), int(post(b) or 0))
+ if c: return c
+ c = cmp(pretype(a), pretype(b)) # pre sorts before rc
+ if c: return c
+ c = cmp(prenum(a), prenum(b))
+ if c: return c
+ c = cmp(forkname(a), forkname(b))
+ if c: return c
+ return cmp(forknum(a), forknum(b))
+
+def last(url, pat="(.*/)"):
+ for l in urllib.urlopen(url).readlines():
+ m = re.search('(?i)<a href="%s">' % pat, l)
+ if m: n = m.group(1)
+ return n
+
+def latest_mm(url, pat):
+ url = kernel_url + '/people/akpm/patches/2.6/'
+ url += last(url)
+ part = last(url)
+ return part[:-1]
+
+def latest_ck(url, pat):
+ url = "http://ck.kolivas.org/patches/2.6/pre-releases/";
+ url += last(url)
+ part = last(url)
+ pre = part[:-1]
+
+ url = "http://ck.kolivas.org/patches/2.6/";
+ url += last(url,"(2.6.*/)")
+ part = last(url)
+ rel = part[:-1]
+
+ l = [pre, rel]
+ l.sort(compare_ver)
+ return l[-1]
+
+def latest_dir(url, pat):
+ """Find the latest link matching pat at url after sorting"""
+ p = []
+ for l in urllib.urlopen(url).readlines():
+ m = re.search('"%s"' % pat, l)
+ if m: p.append(m.group(1))
+
+ if not p: return None
+
+ p.sort(compare_ver)
+ return p[-1]
+
+# mbligh is lazy and has a bunch of empty directories
+def latest_mjb(url, pat):
+ url = kernel_url + '/people/mbligh/'
+
+ # find the last Linus release and search backwards
+ l = [find_ver('2.6'), find_ver("2.6-pre")]
+ l.sort(compare_ver)
+ linus = l[-1]
+
+ p = []
+ for l in urllib.urlopen(url).readlines():
+ m = re.search('"(2\.6\..*/)"', l)
+ if m:
+ v = m.group(1)
+ if compare_ver(v, linus) <= 0:
+ p.append(v)
+
+ p.sort(compare_ver)
+ p.reverse()
+
+ for ver in p:
+ mjb = latest_dir(url + ver, pat)
+ if mjb: return mjb
+
+ return None
+
+def latest_26_tip(url, pat):
+ l = [find_ver('2.6'), find_ver('2.6-git'), find_ver('2.6-pre')]
+ l.sort(compare_ver)
+ return l[-1]
+
+def find_info(ver):
+ b = "%.1f" % tree(ver)
+ f = forkname(ver)
+ p = pre(ver)
+
+ s = b
+ if f:
+ s = "%s-%s" % (b, f)
+ elif p:
+ s = "%s-pre" % b
+
+ return version_info[s]
+
+def version_urls(ver):
+ """ Return the URL for the patch associated with the specified version """
+ i = find_info(ver)[1]
+ if type(i) != type([]):
+ i = [i]
+
+ v = {
+ 'full': ver,
+ 'tree': tree(ver),
+ 'base': base(ver),
+ 'prebase': prebase(ver)
+ }
+
+ l = []
+ for e in i:
+ l.append(e % v)
+
+ return l
+
+def patch_path(ver):
+ return os.path.join(archive, os.path.basename(version_urls(ver)[0]))
+
+def download(url, f):
+ qprint("Downloading %s" % os.path.basename(url))
+ if options["dry-run"]:
+ return 1
+
+ if not options["wget"]:
+ p = urllib.urlopen(url).read()
+ if p.find("<title>404") != -1:
+ return None
+ open(f, 'w').write(p)
+ else:
+ e = os.system("%s -c -O %s %s" %
+ (options["wget"], f + ".partial", url))
+ if e:
+ return None
+ os.rename(f + ".partial", f)
+
+ return 1
+
+def verify(url, f, sign):
+ if options["no-gpg"] or options["dry-run"] or not options["gpg-path"]:
+ return 1
+
+ sf = f + sign
+ if not download(url + sign, sf):
+ error("signature download failed")
+ error("removing files...")
+ os.unlink(f)
+ return 0
+
+ qprint("Verifying signature...")
+ r = os.system("%s --verify %s %s" % (options["gpg-path"], sf, f))
+ if r:
+ error("gpg returned %d" % r)
+ error("removing files...")
+ os.unlink(f)
+ os.unlink(sf)
+ return 0
+
+ return 1
+
+def trydownload(urls, f, sign):
+ for url in urls:
+ if download(url, f):
+ if not sign or verify(url, f, sign):
+ return f
+ if url[-4:] == ".bz2":
+ f2 = f[:-4] + ".gz"
+ url2 = url[:-4] + ".gz"
+ if download(url2, f2):
+ if not sign or verify(url2, f2, sign):
+ return f2
+ return None
+
+def get_patch(ver):
+ """Return the path to patch for given ver, downloading if necessary"""
+ f = patch_path(ver)
+ if os.path.exists(f):
+ return f
+ if f[-4:] == ".bz2":
+ f2 = f[:-4] + ".gz"
+ if os.path.exists(f2):
+ return f2
+
+ urls = version_urls(ver)
+ sign = find_info(ver)[3]
+ if sign == 1: sign = ".sign"
+ f = trydownload(urls, f, sign)
+ if not f:
+ error("patch download failed")
+ sys.exit(-1)
+
+ return f
+
+def apply_patch(ver, reverse = 0):
+ """Find the patch to upgrade from the predecessor of ver to ver and
+ apply or reverse it."""
+ p = get_patch(ver)
+ r = ""
+ if reverse:
+ r = " -R"
+
+ qprint("Applying %s%s" % (os.path.basename(p), r))
+ if options["dry-run"]:
+ return ver
+
+ def cmd(patch, reverse, dry):
+ base = "patch -l -p1%s" % reverse
+ if dry:
+ base += " --dry-run"
+
+ if p[-4:] == ".bz2":
+ pipe = "bzcat %s | %s" % (patch, base)
+ elif p[-3:] == ".gz":
+ pipe = "zcat %s | %s" % (patch, base)
+ else:
+ pipe = "%s < %s" % (base, patch)
+
+ err = os.system(pipe + " > .patchdiag")
+ if err:
+ sys.stderr.write(open(".patchdiag").read())
+ os.unlink(".patchdiag")
+ return err
+
+ err = cmd(p, r, 1)
+ if err:
+ error("patch %s failed: %d" % (p, err))
+ sys.exit(-1)
+
+ err = cmd(p, r, 0)
+ if err:
+ error("patch %s failed while it was supposed to apply: %d" % (p, err))
+ sys.exit(-1)
+
+def untar(tarfile):
+ old = os.getcwd()
+ os.mkdir("ketchup-tmp")
+ os.chdir("ketchup-tmp")
+
+ err = os.system("bzcat %s | tar -xf -" % tarfile)
+ if err:
+ error("Unpacking failed: ", err)
+ sys.exit(-1)
+
+ err = os.system("mv linux*/* linux*/.[^.]* ..; rmdir linux*")
+ if err:
+ error("Unpacking failed: ", err)
+ sys.exit(-1)
+
+ os.chdir(old)
+ shutil.rmtree("ketchup-tmp")
+
+def install_nearest(ver):
+ t = tree(ver)
+ tarballs = glob.glob(archive + "/linux-%s.*.tar.bz2" % t)
+ list = []
+
+ for f in tarballs:
+ m = re.match(r'.*/linux-(.*).tar.bz2$', f)
+ v = m.group(1)
+ d = abs(rev(v) - rev(ver))
+ list.append((d, f, v))
+ list.sort()
+
+ if not list or (options["full-tarball"] and list[0][0]):
+ f = "linux-%s.tar.bz2" % ver
+ url = "%s/v%s/%s" % (kernel_url, t, f)
+ f = archive + "/" + f
+
+ sign = find_info(ver)[3]
+ if sign == 1: sign = ".sign"
+
+ f = trydownload([url], f, sign)
+ if not f:
+ error("Tarball download failed")
+ sys.exit(-1)
+
+ else:
+ f = list[0][1]
+ ver = list[0][2]
+
+ qprint("Unpacking %s" % os.path.basename(f))
+ if options["dry-run"]: return ver
+ untar(f)
+
+ return ver
+
+def find_ver(ver):
+ if ver in version_info.keys():
+ v = version_info[ver]
+ d = v[1]
+ if type(d) is type([]):
+ d = d[0]
+ for n in range(5):
+ return v[0](os.path.dirname(d), v[2])
+ error('retrying version lookup for %s' % ver)
+ else:
+ return ver
+
+def transform(a, b):
+ if a == b:
+ qprint("Nothing to do!")
+ return
+ if not a:
+ a = install_nearest(base(b))
+ t = tree(a)
+ if t != tree(b):
+ error("Can't patch %s to %s" % (tree(a), tree(b)))
+ sys.exit(-1)
+ if fork(a):
+ apply_patch(a, 1)
+ a = prebase(a)
+ if prebase(a) != prebase(b):
+ if pre(a):
+ apply_patch(a, 1)
+ a = base(a)
+
+ if post(a) and post(a) != post(b):
+ apply_patch(prebase(a), 1)
+
+ ra, rb = rev(a), rev(b)
+ if ra > rb:
+ for r in range(ra, rb, -1):
+ apply_patch("%s.%s" % (t, r), -1)
+ if ra < rb:
+ for r in range(ra + 1, rb + 1):
+ apply_patch("%s.%s" % (t, r))
+ a = revbase(b)
+
+ if post(b) and post(a) != post(b):
+ apply_patch(prebase(b), 0)
+ a = base(b)
+
+ if pre(b):
+ apply_patch(prebase(b))
+ a = prebase(b)
+
+ if fork(b):
+ a = apply_patch(b)
+
+def rename_dir(v):
+ """Rename the current directory to linux-v, where v is the function arg"""
+ if rename_with_localversion:
+ v += get_localversion()
+ cwd = os.getcwd()
+ basedir = os.path.dirname(cwd)
+ newdir = os.path.join(basedir, rename_prefix + v)
+ if newdir == cwd:
+ return
+ if os.access(newdir, os.F_OK):
+ error("Cannot rename directory, destination exists: %s", newdir);
+ return
+ os.rename(cwd, newdir)
+ qprint('Current directory renamed to %s' % newdir)
+
+
+# latest lookup function, canonical urls, pattern for lookup function,
+# signature flag, description
+version_info = {
+ '2.4': (latest_dir,
+ kernel_url + "/v2.4" + "/patch-%(base)s.bz2",
+ r'patch-(.*?).bz2',
+ 1, "old stable kernel series"),
+ '2.4-pre': (latest_dir,
+ kernel_url + "/v2.4" + "/testing/patch-%(prebase)s.bz2",
+ r'patch-(.*?).bz2',
+ 1, "old stable kernel series prereleases"),
+ '2.6': (latest_dir,
+ kernel_url + "/v2.6" + "/patch-%(prebase)s.bz2",
+ r'patch-(.*?).bz2',
+ 1, "current stable kernel series"),
+ '2.6-rc': (latest_dir,
+ kernel_url + "/v2.6" + "/testing/patch-%(prebase)s.bz2",
+ r'patch-(.*?).bz2',
+ 1, "current stable kernel series prereleases"),
+ '2.6-pre': (latest_dir,
+ kernel_url + "/v2.6" + "/testing/patch-%(prebase)s.bz2",
+ r'patch-(.*?).bz2',
+ 1, "current stable kernel series prereleases"),
+ '2.6-git': (latest_dir,
+ [kernel_url + "/v2.6" + "/snapshots/patch-%(full)s.bz2",
+ kernel_url + "/v2.6" + "/snapshots/old/patch-%(full)s.bz2"],
+ r'patch-(.*?).bz2',
+ 1, "current stable kernel series snapshots"),
+ '2.6-bk': (latest_dir,
+ [kernel_url + "/v2.6" + "/snapshots/patch-%(full)s.bz2",
+ kernel_url + "/v2.6" + "/snapshots/old/patch-%(full)s.bz2"],
+ r'patch-(.*?).bz2',
+ 1, "old stable kernel series snapshots"),
+ '2.6-tip': (latest_26_tip, "", "", 1,
+ "current stable kernel series tip"),
+ '2.6-mm': (latest_mm,
+ kernel_url + "/people/akpm/patches/" +
+ "%(tree)s/%(prebase)s/%(full)s/%(full)s.bz2", "",
+ 1, "Andrew Morton's -mm development tree"),
+ '2.6-tiny': (latest_dir,
+ "http://www.selenic.com/tiny/%(full)s.patch.bz2",
+ r'(2.6.*?).patch.bz2',
+ 1, "Matt Mackall's -tiny tree for small systems"),
+ '2.6-mjb': (latest_mjb,
+ kernel_url + "/people/mbligh/%(prebase)s/patch-%(full)s.bz2",
+ r'patch-(2.6.*?).bz2',
+ 1, "Martin Bligh's random collection 'o crap"),
+ '2.6-rt': (latest_dir,
+ ["http://people.redhat.com/mingo/"; +
+ "realtime-preempt/patch-%(full)s",
+ "http://people.redhat.com/mingo/"; +
+ "realtime-preempt/older/patch-%(full)s"],
+ r'patch-(2.6.*?)',
+ 0, "Ingo Molnar's realtime-preempt kernel"),
+ '2.6-ck': (latest_ck,
+ ["http://ck.kolivas.org/patches/2.6/"; +
+ "%(prebase)s/%(full)s/patch-%(full)s.bz2",
+ "http://ck.kolivas.org/patches/2.6/pre-releases/"; +
+ "%(prebase)s/%(full)s/patch-%(full)s.bz2"],
+ "", ".sig",
+ "Con Kolivas' patches for system responsiveness (desktop)"),
+ '2.6-cks': (latest_dir,
+ "http://ck.kolivas.org/patches/cks/patch-%(full)s.bz2",
+ r'patch-(2.6.*?).bz2', ".sig",
+ "Con Kolivas' patches for system responsiveness (server)")
+ }
+
+# Override defaults with ~/.ketchuprc which is just a Python script
+rcpath = os.path.expanduser('~/.ketchuprc')
+if os.path.isfile(rcpath):
+ try:
+ execfile(rcpath)
+ except Exception, e:
+ sys.exit('Failed parsing %s\nError was: %s' % (rcpath, e))
+
+# Add local trees
+for k,v in local_trees.items():
+ version_info[k] = v
+
+# Environment variables override defaults and ketchuprc
+kernel_url = os.environ.get("KETCHUP_URL", kernel_url)
+archive = os.environ.get("KETCHUP_ARCH", archive)
+
+# And finally command line overrides everything
+if not os.path.exists(wget): wget = ""
+if not os.path.exists(gpg): gpg = ""
+
+options = {}
+opts = [
+ ('a', 'archive', archive, 'cache directory'),
+ ('d', 'directory', '.', 'directory to update'),
+ ('f', 'full-tarball', None, 'if unpacking a tarball, download the latest'),
+ ('g', 'gpg-path', gpg, 'path for GnuPG'),
+ ('G', 'no-gpg', None, 'disable GPG signature verification'),
+ ('k', 'kernel-url', kernel_url, 'base url for kernel.org mirror'),
+ ('l', 'list-trees', None, 'list supported trees'),
+ ('m', 'show-makefile', None, 'output version in makefile <arg>'),
+ ('n', 'dry-run', None, 'don\'t download or apply patches'),
+ ('p', 'show-previous', None, 'output version previous to <arg>'),
+ ('q', 'quiet', None, 'reduce output'),
+ ('r', 'rename-directory', None, 'rename updated directory to %s<v>'
+ % rename_prefix),
+ ('s', 'show-latest', None, 'output the latest version of <arg>'),
+ ('u', 'show-url', None, 'output URL for <arg>'),
+ ('w', 'wget', wget, 'command to use for wget'),
+ ]
+
+args = fancyopts(sys.argv[1:], opts, options,
+ 'ketchup [options] [ver]')
+
+archive = options["archive"]
+kernel_url = options["kernel-url"]
+if options["no-gpg"]: options["gpg-path"] = ''
+
+# Process args
+
+if not os.path.exists(options["directory"]):
+ qprint("Creating target directory", options["directory"])
+ os.mkdir(options["directory"])
+os.chdir(options["directory"])
+
+if os.path.isfile(".ketchuprc"):
+ try:
+ execfile(".ketchuprc")
+ except Exception, e:
+ sys.exit('Failed parsing .ketchuprc\nError was: %s' % (e))
+
+if options["list-trees"]:
+ l = version_info.keys()
+ l.sort()
+ for tree in l:
+ if version_info[tree][3] == 0:
+ lprint(tree, "(unsigned)")
+ else:
+ lprint(tree, "(signed)")
+ lprint(" " + version_info[tree][4])
+ sys.exit(0)
+
+if options["show-makefile"] and len(args) < 2:
+ if not args:
+ lprint(get_ver("Makefile"))
+ else:
+ lprint(get_ver(args[0]))
+ sys.exit(0)
+
+if len(args) == 0 and default_tree:
+ qprint("Using default tree \"%s\"" % (default_tree))
+ args.append(default_tree)
+
+if len(args) != 1:
+ error("No version given on command line and no default in configuration")
+ sys.exit(-1)
+
+if options["show-latest"]:
+ lprint(find_ver(args[0]))
+ sys.exit(0)
+
+if options["show-url"]:
+ lprint(version_urls(find_ver(args[0]))[0])
+ sys.exit(0)
+
+if options["show-previous"]:
+ v = find_ver(args[0])
+ p = prebase(v)
+ if p == v: p = base(v)
+ if p == v:
+ if rev(v) > 0: p = "%.1f.%s" % (tree(v), rev(v) -1)
+ else: p = "unknown"
+ lprint(p)
+ sys.exit(0)
+
+if not os.path.exists(options["archive"]):
+ qprint("Creating cache directory", options["archive"])
+ os.mkdir(options["archive"])
+
+if precommand and os.system(precommand):
+ sys.exit('Precommand "%s" failed!' % precommand)
+
+try:
+ a = get_ver('Makefile')
+except:
+ a = None
+
+if not a and os.listdir("."):
+ error("Can't find kernel version for non-empty directory")
+ sys.exit(-1)
+
+b = find_ver(args[0])
+qprint("%s -> %s" % (a, b))
+transform(a, b)
+if options["rename-directory"] and not options["dry-run"]:
+ rename_dir(b)
+
+if postcommand and os.system(postcommand):
+ sys.exit('Postcommand "%s" failed!' % postcommand)
diff -r 87b0b6a08dbd -r 42586a0f4407 buildconfigs/mk.linux-2.6-mm
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/buildconfigs/mk.linux-2.6-mm Tue Jul 10 08:39:26 2007 -0600
@@ -0,0 +1,14 @@
+XEN_LINUX_SOURCE ?= tarball
+LINUX_VER ?= 2.6-mm
+
+XEN_LINUX_TARBALL_KETCHUP := y
+
+IMAGE_TARGET ?= vmlinux bzImage
+
+XEN_LINUX_ALLOW_INTERFACE_MISMATCH := y
+
+XEN_LINUX_CONFIG_UPDATE := buildconfigs/enable-xen-config
+
+EXTRAVERSION ?=
+
+include buildconfigs/mk.linux-2.6-xen
diff -r 87b0b6a08dbd -r 42586a0f4407 buildconfigs/mk.linux-2.6-paravirt
--- a/buildconfigs/mk.linux-2.6-paravirt Mon Jul 09 09:22:58 2007 -0600
+++ b/buildconfigs/mk.linux-2.6-paravirt Tue Jul 10 08:39:26 2007 -0600
@@ -8,6 +8,8 @@ IMAGE_TARGET ?= vmlinux bzImage
XEN_LINUX_ALLOW_INTERFACE_MISMATCH := y
-EXTRAVERSION ?=
+XEN_LINUX_CONFIG_UPDATE := buildconfigs/enable-xen-config
+
+EXTRAVERSION ?= -paravirt
include buildconfigs/mk.linux-2.6-xen
diff -r 87b0b6a08dbd -r 42586a0f4407 buildconfigs/mk.linux-2.6-rc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/buildconfigs/mk.linux-2.6-rc Tue Jul 10 08:39:26 2007 -0600
@@ -0,0 +1,14 @@
+XEN_LINUX_SOURCE ?= tarball
+LINUX_VER ?= 2.6-rc
+
+XEN_LINUX_TARBALL_KETCHUP := y
+
+IMAGE_TARGET ?= vmlinux bzImage
+
+XEN_LINUX_ALLOW_INTERFACE_MISMATCH := y
+
+XEN_LINUX_CONFIG_UPDATE := buildconfigs/enable-xen-config
+
+EXTRAVERSION ?=
+
+include buildconfigs/mk.linux-2.6-xen
diff -r 87b0b6a08dbd -r 42586a0f4407 buildconfigs/mk.linux-2.6-tip
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/buildconfigs/mk.linux-2.6-tip Tue Jul 10 08:39:26 2007 -0600
@@ -0,0 +1,14 @@
+XEN_LINUX_SOURCE ?= tarball
+LINUX_VER ?= 2.6-tip
+
+XEN_LINUX_TARBALL_KETCHUP := y
+
+IMAGE_TARGET ?= vmlinux bzImage
+
+XEN_LINUX_ALLOW_INTERFACE_MISMATCH := y
+
+XEN_LINUX_CONFIG_UPDATE := buildconfigs/enable-xen-config
+
+EXTRAVERSION ?=
+
+include buildconfigs/mk.linux-2.6-xen
diff -r 87b0b6a08dbd -r 42586a0f4407 buildconfigs/mk.linux-2.6-xen
--- a/buildconfigs/mk.linux-2.6-xen Mon Jul 09 09:22:58 2007 -0600
+++ b/buildconfigs/mk.linux-2.6-xen Tue Jul 10 08:39:26 2007 -0600
@@ -74,6 +74,10 @@ endif
else \
echo "No configuration method found for this kernel" ; \
fi
+ifneq ($(XEN_LINUX_CONFIG_UPDATE),)
+ echo "Updating $(CONFIG_FILE) using $(XEN_LINUX_CONFIG_UPDATE)"
+ sh $(XEN_LINUX_CONFIG_UPDATE) $(CONFIG_FILE)
+endif
ifeq ($(XEN_TARGET_ARCH),x86_32)
ifeq ($(pae),y)
sed -e 's!^CONFIG_HIGHMEM4G=y$$!\# CONFIG_HIGHMEM4G is not set!;s!^\#
CONFIG_HIGHMEM64G is not set$$!CONFIG_HIGHMEM64G=y!' $(CONFIG_FILE) >
$(CONFIG_FILE)- && mv $(CONFIG_FILE)- $(CONFIG_FILE)
diff -r 87b0b6a08dbd -r 42586a0f4407 buildconfigs/src.tarball
--- a/buildconfigs/src.tarball Mon Jul 09 09:22:58 2007 -0600
+++ b/buildconfigs/src.tarball Tue Jul 10 08:39:26 2007 -0600
@@ -1,7 +1,12 @@ XEN_LINUX_MIRROR ?= http://www.kernel.or
XEN_LINUX_MIRROR ?= http://www.kernel.org/pub/linux/kernel/v2.6/
XEN_LINUX_TARBALL ?= linux-$(LINUX_VER)-xen.tar.bz2
+# Update using ketchup instead of manipulating tarball manually.
+XEN_LINUX_TARBALL_KETCHUP ?= n
+
LINUX_SRCDIR ?= linux-$(LINUX_VER)
+
+KETCHUP ?= python buildconfigs/ketchup
vpath linux-%.tar.bz2 $(LINUX_SRC_PATH)
@@ -12,6 +17,11 @@ linux-%.tar.bz2:
# XXX create a pristine tree for diff -Nurp convenience
+ifeq ($(XEN_LINUX_TARBALL_KETCHUP),y)
+%/.valid-src:
+ $(KETCHUP) -d $(@D) $(LINUX_VER)
+ touch $@ # update timestamp to avoid rebuild
+else
%/.valid-src: %.tar.bz2
rm -rf tmp-linux-$* $(@D)
mkdir -p tmp-linux-$*
@@ -19,5 +29,5 @@ linux-%.tar.bz2:
-@rm -f tmp-linux-$*/pax_global_header
mv tmp-linux-$*/* $(@D)
@rm -rf tmp-linux-$*
- touch $(@D)/.hgskip
touch $@ # update timestamp to avoid rebuild
+endif
diff -r 87b0b6a08dbd -r 42586a0f4407 docs/man/xm.pod.1
--- a/docs/man/xm.pod.1 Mon Jul 09 09:22:58 2007 -0600
+++ b/docs/man/xm.pod.1 Tue Jul 10 08:39:26 2007 -0600
@@ -4,7 +4,7 @@ xm - Xen management user interface
=head1 SYNOPSIS
-xm <subcommand> [args]
+B<xm> I<subcommand> [I<args>]
=head1 DESCRIPTION
@@ -13,46 +13,50 @@ domains. It can also be used to list cur
domains. It can also be used to list current domains, enable or pin
VCPUs, and attach or detach virtual block devices.
-The basic structure of every xm command is almost always:
-
- xm <subcommand> <domain-id> [OPTIONS]
-
-Where I<subcommand> is one of the sub commands listed below, I<domain-id>
+The basic structure of every B<xm> command is almost always:
+
+=over 2
+
+B<xm> I<subcommand> I<domain-id> [I<OPTIONS>]
+
+=back
+
+Where I<subcommand> is one of the subcommands listed below, I<domain-id>
is the numeric domain id, or the domain name (which will be internally
-translated to domain id), and I<OPTIONS> are sub command specific
+translated to domain id), and I<OPTIONS> are subcommand specific
options. There are a few exceptions to this rule in the cases where
-the sub command in question acts on all domains, the entire machine,
-or directly on the xen hypervisor. Those exceptions will be clear for
-each of those sub commands.
+the subcommand in question acts on all domains, the entire machine,
+or directly on the Xen hypervisor. Those exceptions will be clear for
+each of those subcommands.
=head1 NOTES
All B<xm> operations rely upon the Xen control daemon, aka B<xend>.
-For any xm commands to run xend must also be running. For this reason
-you should start xend as a service when your system first boots using
-xen.
+For any B<xm> commands to run, xend must also be running. For this
+reason you should start xend as a service when your system first boots
+using Xen.
Most B<xm> commands require root privileges to run due to the
communications channels used to talk to the hypervisor. Running as
non root will return an error.
Most B<xm> commands act asynchronously, so just because the B<xm>
-command returned, doesn't mean the action is complete. This is
+command returned doesn't mean the action is complete. This is
important, as many operations on domains, like create and shutdown,
can take considerable time (30 seconds or more) to bring the machine
into a fully compliant state. If you want to know when one of these
-actions has finished you must poll through xm list periodically.
+actions has finished you must poll through B<xm list> periodically.
=head1 DOMAIN SUBCOMMANDS
-The following sub commands manipulate domains directly, as stated
-previously most commands take domain-id as the first parameter.
+The following subcommands manipulate domains directly. As stated
+previously, most commands take I<domain-id> as the first parameter.
=over 4
=item B<console> I<domain-id>
-Attach to domain domain-id's console. If you've set up your Domains to
+Attach to domain I<domain-id>'s console. If you've set up your domains to
have a traditional log in console this will look much like a normal
text log in screen.
@@ -63,15 +67,15 @@ so running curses based interfaces over
so running curses based interfaces over the console B<is not
advised>. Vi tends to get very odd when using it over this interface.
-=item B<create> I<[-c]> I<configfile> I<[name=value]>..
-
-The create sub command requires a configfile and can optional take a
+=item B<create> [B<-c>] I<configfile> [I<name>=I<value>]..
+
+The create sub command requires a config file and can optionally take a
series of name value pairs that add to or override variables defined
in the config file. See L<xmdomain.cfg> for full details of that file
format, and possible options used in either the configfile or
-Name=Value combinations.
-
-Configfile can either be an absolute path to a file, or a relative
+I<name>=I<value> combinations.
+
+I<configfile> can either be an absolute path to a file, or a relative
path to a file located in /etc/xen.
Create will return B<as soon> as the domain is started. This B<does
@@ -116,10 +120,10 @@ virtual networking. (This example comes
=item B<destroy> I<domain-id>
-Immediately terminate the domain domain-id. This doesn't give the domain
-OS any chance to react, and it the equivalent of ripping the power
-cord out on a physical machine. In most cases you will want to use
-the B<shutdown> command instead.
+Immediately terminate the domain I<domain-id>. This doesn't give the
+domain OS any chance to react, and is the equivalent of ripping the
+power cord out on a physical machine. In most cases you will want to
+use the B<shutdown> command instead.
=item B<domid> I<domain-name>
@@ -129,14 +133,14 @@ Converts a domain name to a domain id us
Converts a domain id to a domain name using xend's internal mapping.
-=item B<help> I<[--long]>
+=item B<help> [B<--long>]
Displays the short help message (i.e. common commands).
-The I<--long> option prints out the complete set of B<xm> subcommands,
+The B<--long> option prints out the complete set of B<xm> subcommands,
grouped by function.
-=item B<list> I<[--long | --label]> I<[domain-id, ...]>
+=item B<list> [B<--long> | B<--label>] [I<domain-id> ...]
Prints information about one or more domains. If no domains are
specified it prints out information about all domains.
@@ -151,21 +155,23 @@ An example format for the list is as fol
Mandrake10.2 167 128 1 ------ 2.5
Suse9.2 168 100 1 ------ 1.8
-Name is the name of the domain. ID the domain numeric id. Mem is the
-size of the memory allocated to the domain. VCPUS is the number of
-VCPUS allocated to domain. State is the run state (see below). Time
-is the total run time of the domain as accounted for by Xen.
+Name is the name of the domain. ID the numeric domain id. Mem is the
+desired amount of memory to allocate to the domain (although it may
+not be the currently allocated amount). VCPUs is the number of
+virtual CPUs allocated to the domain. State is the run state (see
+below). Time is the total run time of the domain as accounted for by
+Xen.
B<STATES>
=over 4
-The State field lists 6 states for a Xen Domain, and which ones the
-current Domain is in.
+The State field lists 6 states for a Xen domain, and which ones the
+current domain is in.
=item B<r - running>
-The domain is currently running on a CPU
+The domain is currently running on a CPU.
=item B<b - blocked>
@@ -203,12 +209,12 @@ B<LONG OUTPUT>
=over 4
-If I<--long> is specified, the output for xm list is not the table
+If B<--long> is specified, the output for B<xm list> is not the table
view shown above, but instead is an S-Expression representing all
information known about all domains asked for. This is mostly only
useful for external programs to parse the data.
-B<Note:> there is no stable guarantees on the format of this data.
+B<Note:> There is no stable guarantees on the format of this data.
Use at your own risk.
=back
@@ -217,10 +223,10 @@ B<LABEL OUTPUT>
=over 4
-If I<--label> is specified, the security labels are added to the
-output of xm list and the lines are sorted by the labels (ignoring
-case). The I<--long> option prints the labels by default and cannot be
-combined with I<--label>. See the ACCESS CONTROL SUBCOMMAND section of
+If B<--label> is specified, the security labels are added to the
+output of B<xm list> and the lines are sorted by the labels (ignoring
+case). The B<--long> option prints the labels by default and cannot be
+combined with B<--label>. See the ACCESS CONTROL SUBCOMMAND section of
this man page for more information about labels.
==back
@@ -230,7 +236,7 @@ B<NOTES>
=over 4
The Time column is deceptive. Virtual IO (network and block devices)
-used by Domains requires coordination by Domain0, which means that
+used by domains requires coordination by Domain0, which means that
Domain0 is actually charged for much of the time that a DomainU is
doing IO. Use of this time value to determine relative utilizations
by domains is thus very suspect, as a high IO workload may show as
@@ -240,11 +246,11 @@ less utilized than a high CPU workload.
=item B<mem-max> I<domain-id> I<mem>
-Specify the maximum amount of memory the Domain is able to use. Mem
+Specify the maximum amount of memory the domain is able to use. I<mem>
is specified in megabytes.
The mem-max value may not correspond to the actual memory used in the
-Domain, as it may balloon down it's memory to give more back to the OS.
+domain, as it may balloon down its memory to give more back to the OS.
=item B<mem-set> I<domain-id> I<mem>
@@ -252,20 +258,20 @@ operation requires cooperation from the
operation requires cooperation from the domain operating system, there
is no guarantee that it will succeed.
-B<Warning:> there is no good way to know in advance how small of a
+B<Warning:> There is no good way to know in advance how small of a
mem-set will make a domain unstable and cause it to crash. Be very
careful when using this command on running domains.
-=item B<migrate> I<domain-id> I<host> I<[options]>
-
-Migrate a domain to another Host machine. B<Xend> must be running on
-other host machine, it must be running the same version of xen, it
+=item B<migrate> I<domain-id> I<host> [I<OPTIONS>]
+
+Migrate a domain to another host machine. Xend must be running on
+other host machine, it must be running the same version of Xen, it
must have the migration TCP port open and accepting connections from
the source host, and there must be sufficient resources for the domain
to run (memory, disk, etc).
-Migration is pretty complicated, and has many security implications,
-please read the Xen Users Guide to ensure you understand the
+Migration is pretty complicated, and has many security implications.
+Please read the Xen User's Guide to ensure you understand the
ramifications and limitations on migration before attempting it in
production.
@@ -273,13 +279,13 @@ B<OPTIONS>
=over 4
-=item B<-l, --live>
+=item B<-l>, B<--live>
Use live migration. This will migrate the domain between hosts
-without shutting down the domain. See the Xen Users Guide for more
+without shutting down the domain. See the Xen User's Guide for more
information.
-=item B<-r, --resource> I<Mbs>
+=item B<-r>, B<--resource> I<Mbs>
Set maximum Mbs allowed for migrating the domain. This ensures that
the network link is not saturated with migration traffic while
@@ -293,7 +299,7 @@ allocated resources such as memory, but
allocated resources such as memory, but will not be eligible for
scheduling by the Xen hypervisor.
-=item B<reboot> I<[options]> I<domain-id>
+=item B<reboot> [I<OPTIONS>] I<domain-id>
Reboot a domain. This acts just as if the domain had the B<reboot>
command run from the console. The command returns as soon as it has
@@ -301,18 +307,18 @@ domain actually reboots.
domain actually reboots.
The behavior of what happens to a domain when it reboots is set by the
-I<on_reboot> parameter of the xmdomain.cfg file when the domain was
+B<on_reboot> parameter of the xmdomain.cfg file when the domain was
created.
B<OPTIONS>
=over 4
-=item B<-a, --all>
-
-Reboot all domains
-
-=item B<-w, --wait>
+=item B<-a>, B<--all>
+
+Reboot all domains.
+
+=item B<-w>, B<--wait>
Wait for reboot to complete before returning. This may take a while,
as all services in the domain will have to be shut down cleanly.
@@ -321,7 +327,7 @@ as all services in the domain will have
=item B<restore> I<state-file>
-Build a domain from an B<xm save> state file. See I<save> for more info.
+Build a domain from an B<xm save> state file. See B<save> for more info.
=item B<save> I<domain-id> I<state-file>
@@ -334,16 +340,16 @@ with all the same limitations. Open net
with all the same limitations. Open network connections may be
severed upon restore, as TCP timeouts may have expired.
-=item B<shutdown> I<[options]> I<domain-id>
+=item B<shutdown> [I<OPTIONS>] I<domain-id>
Gracefully shuts down a domain. This coordinates with the domain OS
to perform graceful shutdown, so there is no guarantee that it will
succeed, and may take a variable length of time depending on what
services must be shutdown in the domain. The command returns
-immediately after signally the domain unless that I<-w> flag is used.
+immediately after signally the domain unless that B<-w> flag is used.
The behavior of what happens to a domain when it reboots is set by the
-I<on_shutdown> parameter of the xmdomain.cfg file when the domain was
+B<on_shutdown> parameter of the xmdomain.cfg file when the domain was
created.
B<OPTIONS>
@@ -386,7 +392,7 @@ configured VCPU count is an error. Tryi
configured VCPU count is an error. Trying to set VCPUs to < 1 will be
quietly ignored.
-=item B<vcpu-list> I<[domain-id]>
+=item B<vcpu-list> [I<domain-id>]
Lists VCPU information for a specific domain. If no domain is
specified, VCPU information for all domains will be provided.
@@ -394,7 +400,7 @@ specified, VCPU information for all doma
=item B<vcpu-pin> I<domain-id> I<vcpu> I<cpus>
Pins the the VCPU to only run on the specific CPUs. The keyword
-I<all> can be used to apply the I<cpus> list to all VCPUs in the
+B<all> can be used to apply the I<cpus> list to all VCPUs in the
domain.
Normally VCPUs can float between available CPUs whenever Xen deems a
@@ -408,7 +414,7 @@ CPUs.
=over 4
-=item B<dmesg> I<[-c]>
+=item B<dmesg> [B<-c>]
Reads the Xen message buffer, similar to dmesg on a Linux system. The
buffer contains informational, warning, and error messages created
@@ -419,7 +425,7 @@ B<OPTIONS>
=over 4
-=item B<-c, --clear>
+=item B<-c>, B<--clear>
Clears Xen's message buffer.
@@ -431,8 +437,8 @@ reporting a Xen bug, please provide this
reporting a Xen bug, please provide this information as part of the
bug report.
-Sample xen domain info looks as follows (lines wrapped manually to
-make the man page more readable):
+Sample output looks as follows (lines wrapped manually to make the man
+page more readable):
host : talon
release : 2.6.12.6-xen0
@@ -470,36 +476,36 @@ Not all fields will be explained here, b
Not all fields will be explained here, but some of the less obvious
ones deserve explanation:
-=item I<hw_caps>
+=item B<hw_caps>
A vector showing what hardware capabilities are supported by your
processor. This is equivalent to, though more cryptic, the flags
field in /proc/cpuinfo on a normal Linux machine.
-=item I<free_memory>
-
-Available memory (in MB) not allocated to Xen, or any other Domains.
-
-=item I<xen_caps>
-
-The xen version, architecture. Architecture values can be one of:
+=item B<free_memory>
+
+Available memory (in MB) not allocated to Xen, or any other domains.
+
+=item B<xen_caps>
+
+The Xen version and architecture. Architecture values can be one of:
x86_32, x86_32p (i.e. PAE enabled), x86_64, ia64.
-=item I<xen_changeset>
-
-The xen mercurial changeset id. Very useful for determining exactly
+=item B<xen_changeset>
+
+The Xen mercurial changeset id. Very useful for determining exactly
what version of code your Xen system was built from.
=back
=item B<log>
-Print out the B<xend> log. This log file can be found in
+Print out the xend log. This log file can be found in
/var/log/xend.log.
=item B<top>
-Executes the xentop command, which provides real time monitoring of
+Executes the B<xentop> command, which provides real time monitoring of
domains. Xentop is a curses interface, and reasonably self
explanatory.
@@ -508,12 +514,40 @@ explanatory.
=head1 SCHEDULER SUBCOMMANDS
Xen ships with a number of domain schedulers, which can be set at boot
-time with the I<sched=> parameter on the Xen command line. By
-default I<sedf> is used for scheduling.
+time with the B<sched=> parameter on the Xen command line. By
+default B<credit> is used for scheduling.
FIXME: we really need a scheduler expert to write up this section.
=over 4
+
+=item B<sched-credit> [ B<-d> I<domain-id> [ B<-w>[B<=>I<WEIGHT>] |
B<-c>[B<=>I<CAP>] ] ]
+
+Set credit scheduler parameters. The credit scheduler is a
+proportional fair share CPU scheduler built from the ground up to be
+work conserving on SMP hosts.
+
+Each domain (including Domain0) is assigned a weight and a cap.
+
+B<PARAMETERS>
+
+=over 4
+
+=item I<WEIGHT>
+
+A domain with a weight of 512 will get twice as much CPU as a domain
+with a weight of 256 on a contended host. Legal weights range from 1
+to 65535 and the default is 256.
+
+=item I<CAP>
+
+The cap optionally fixes the maximum amount of CPU a domain will be
+able to consume, even if the host system has idle CPU cycles. The cap
+is expressed in percentage of one physical CPU: 100 is 1 physical CPU,
+50 is half a CPU, 400 is 4 CPUs, etc. The default, 0, means there is
+no upper cap.
+
+=back
=item B<sched-sedf> I<period> I<slice> I<latency-hint> I<extratime> I<weight>
@@ -546,7 +580,7 @@ Flag for allowing domain to run in extra
=item I<weight>
-Another way of setting cpu slice.
+Another way of setting CPU slice.
=back
@@ -591,7 +625,7 @@ event.
=over 4
-=item B<block-attach> I<domain-id> I<be-dev> I<fe-dev> I<mode> I<[bedomain-id]>
+=item B<block-attach> I<domain-id> I<be-dev> I<fe-dev> I<mode> [I<bedomain-id>]
Create a new virtual block device. This will trigger a hotplug event
for the guest.
@@ -619,7 +653,7 @@ devices, or by device id, such as 0x1400
=item I<mode>
The access mode for the device from the guest domain. Supported modes
-are I<w> (read/write) or I<r> (read-only).
+are B<w> (read/write) or B<r> (read-only).
=item I<bedomain-id>
@@ -635,62 +669,65 @@ B<EXAMPLES>
xm block-attach guestdomain file://path/to/dsl-2.0RC2.iso /dev/hdc ro
-This will mount the dsl iso as /dev/hdc in the guestdomain as a read
-only device. This will probably not be detected as a cdrom by the
+This will mount the dsl ISO as /dev/hdc in the guestdomain as a read
+only device. This will probably not be detected as a CD-ROM by the
guest, but mounting /dev/hdc manually will work.
=back
-=item B<block-detach> I<domain-id> I<devid>
-
-Destroy a domain's virtual block device. devid B<must> be the device
-id given to the device by domain 0. You will need to run I<xm
-block-list> to determine that number.
-
-FIXME: this is currently B<broken>. Even though a block device is
-removed from domU, it appears to still be allocated in the domain 0.
-
-=item B<block-list> I<[-l|--long]> I<domain-id>
+=item B<block-detach> I<domain-id> I<devid> [B<--force>]
+
+Detach a domain's virtual block device. I<devid> may be the symbolic
+name or the numeric device id given to the device by domain 0. You
+will need to run B<xm block-list> to determine that number.
+
+Detaching the device requires the cooperation of the domain. If the
+domain fails to release the device (perhaps because the domain is hung
+or is still using the device), the detach will fail. The B<--force>
+parameter will forcefully detach the device, but may cause IO errors
+in the domain.
+
+=item B<block-list> [B<-l>|B<--long>] I<domain-id>
List virtual block devices for a domain. The returned output is
-formatted as a list or as an S-Expression if the '--long' option was given.
+formatted as a list or as an S-Expression if the B<--long> option was given.
=head2 NETWORK DEVICES
-=item B<network-attach> I<domain-id> I<[script=scriptname]> I<[ip=ipaddr]>
-I<[mac=macaddr]> I<[bridge=bridge-name]> I<[backend=bedomain-id]>
-
-Creates a new network device in the domain specified by domain-id. It
+=item B<network-attach> I<domain-id> [B<script=>I<scriptname>]
[B<ip=>I<ipaddr>]
+[B<mac=>I<macaddr>] [B<bridge=>I<bridge-name>] [B<backend=>I<bedomain-id>]
+
+Creates a new network device in the domain specified by I<domain-id>. It
takes the following optional options:
B<OPTIONS>
=over 4
-=item I<script=scriptname>
+=item B<script=>I<scriptname>
Use the specified script name to bring up the network. Defaults to
-the default setting in xend-config.sxp for I<vif-script>.
-
-=item I<ip=ipaddr>
+the default setting in xend-config.sxp for B<vif-script>.
+
+=item B<ip=>I<ipaddr>
Passes the specified IP Address to the adapter on creation.
FIXME: this currently appears to be B<broken>. I'm not sure under what
circumstances this should actually work.
-=item I<mac=macaddr>
+=item B<mac=>I<macaddr>
The MAC address that the domain will see on its Ethernet device. If
the device is not specified it will be randomly generated with the
00:16:3e vendor id prefix.
-=item I<bridge=bridge-name>
+=item B<bridge=>I<bridge-name>
The name of the bridge to attach the vif to, in case you have more
-than one. This defaults to
-
-=item I<backend=bedomain-id>
+than one. This defaults to xenbr0.
+
+=item B<backend=>I<bedomain-id>
The backend domain id. By default this is domain 0.
@@ -705,17 +742,17 @@ FIXME: this is currently B<broken>. Net
FIXME: this is currently B<broken>. Network devices aren't completely
removed from domain 0.
-=item B<network-list> I<[-l|--long]> I<domain-id>
+=item B<network-list> [B<-l>|B<--long>]> I<domain-id>
List virtual network interfaces for a domain. The returned output is
-formatted as a list or as an S-Expression if the '--long' option was given.
+formatted as a list or as an S-Expression if the B<--long> option was given.
=head2 VIRTUAL TPM DEVICES
-=item B<vtpm-list> I<[-l|--long]> I<domain-id>
+=item B<vtpm-list> [B<-l>|B<--long>] I<domain-id>
Show the virtual TPM device for a domain. The returned output is
-formatted as a list or as an S-Expression if the '--long' option was given.
+formatted as a list or as an S-Expression if the B<--long> option was given.
=back
@@ -728,7 +765,7 @@ out entirely.
=over 4
-=item B<vnet-list> I<[-l|--long]>
+=item B<vnet-list> [B<-l>|B<--long>]
List vnets.
@@ -762,7 +799,7 @@ interpret labels:
interpret labels:
(1) Simple Type Enforcement: Labels are interpreted to decide access
-of domains to comunication means and virtual or physical
+of domains to communication means and virtual or physical
resources. Communication between domains as well as access to
resources are forbidden by default and can only take place if they are
explicitly allowed by the security policy. The proper assignment of
@@ -796,8 +833,8 @@ time with the B<cfgbootpolicy> subcomman
=over 4
I<policy> is a dot-separated list of names. The last part is the file
-name pre-fix for the policy xml file. The preceding name parts are
-translated into the local path pointing to the policy xml file
+name pre-fix for the policy XML file. The preceding name parts are
+translated into the local path pointing to the policy XML file
relative to the global policy root directory
(/etc/xen/acm-security/policies). For example,
example.chwall_ste.client_v1 denotes the policy file
@@ -823,16 +860,16 @@ I<boot title> parameter to specify a uni
Prints the current security policy state information of Xen.
-=item B<labels> [I<policy>] [I<type>=dom|res|any]
+=item B<labels> [I<policy>] [B<type=dom>|B<res>|B<any>]
Lists all labels of a I<type> (domain, resource, or both) that are
defined in the I<policy>. Unless specified, the default I<policy> is
the currently enforced access control policy. The default for I<type>
is 'dom'. The labels are arranged in alphabetical order.
-=item B<addlabel> I<label> dom I<configfile> [I<policy>]
-
-=item B<addlabel> I<label> res I<resource> [I<policy>]
+=item B<addlabel> I<label> B<dom> I<configfile> [I<policy>]
+
+=item B<addlabel> I<label> B<res> I<resource> [I<policy>]
Adds the security label with name I<label> to a domain
I<configfile> (dom) or to the global resource label file for the
@@ -841,17 +878,17 @@ verifies that the I<policy> definition s
verifies that the I<policy> definition supports the specified I<label>
name.
-=item B<rmlabel> dom I<configfile>
-
-=item B<rmlabel> res I<resource>
-
-Works the same as the I<addlabel> command (above), except that this
+=item B<rmlabel> B<dom> I<configfile>
+
+=item B<rmlabel> B<res> I<resource>
+
+Works the same as the B<addlabel> command (above), except that this
command will remove the label from the domain I<configfile> (dom) or
the global resource label file (res).
-=item B<getlabel> dom I<configfile>
-
-=item B<getlabel> res I<resource>
+=item B<getlabel> B<dom> I<configfile>
+
+=item B<getlabel> B<res> I<resource>
Shows the label for the given I<configfile> or I<resource>
@@ -881,7 +918,7 @@ Then recompile and install xen and the s
cd xen_source_dir/xen; make clean; make; cp xen.gz /boot;
cd xen_source_dir/tools/security; make install;
- reboot into xen
+ reboot into Xen
=back
@@ -944,10 +981,10 @@ B<ATTACHING A SECURITY LABEL TO A DOMAIN
=over 4
-The I<addlabel> subcommand can attach a security label to a domain
+The B<addlabel> subcommand can attach a security label to a domain
configuration file, here a HomeBanking label. The example policy
ensures that this domain does not share information with other
-non-hombanking user domains (i.e., domains labeled as dom_Fun or
+non-homebanking user domains (i.e., domains labeled as dom_Fun or
dom_Boinc) and that it will not run simultaneously with domains
labeled as dom_Fun.
@@ -958,7 +995,7 @@ probably just a browser environment for
xm addlabel dom_HomeBanking dom myconfig.xm
The very simple configuration file might now look as printed
-below. The I<addlabel> subcommand added the B<access_control> entry at
+below. The B<addlabel> subcommand added the B<access_control> entry at
the end of the file, consisting of a label name and the policy that
specifies this label name:
@@ -986,7 +1023,7 @@ B<ATTACHING A SECURITY LABEL TO A RESOUR
=over 4
-The I<addlabel> subcommand can also be used to attach a security
+The B<addlabel> subcommand can also be used to attach a security
label to a resource. Following the home banking example from above,
we can label a disk resource (e.g., a physical partition or a file)
to make it accessible to the home banking domain. The example policy
@@ -1002,7 +1039,7 @@ attaches this disk to the domain at boot
disk = [ 'phy:hda6,sda2,w' ]
Alternatively, the resource can be attached after booting the domain
-by using the I<block-attach> subcommand.
+by using the B<block-attach> subcommand.
xm block-attach homebanking phy:hda6 sda2 w
@@ -1010,7 +1047,7 @@ off. Any attempt to use labeled resourc
off. Any attempt to use labeled resources with security turned off
will result in a failure with a corresponding error message. The
solution is to enable security or, if security is no longer desired,
-to remove the resource label using the I<rmlabel> subcommand.
+to remove the resource label using the B<rmlabel> subcommand.
=back
@@ -1048,7 +1085,7 @@ B<POLICY REPRESENTATIONS>
=over 4
We distinguish three representations of the Xen access control policy:
-the I<source XML> version, its I<binary> counterpart, and a I<mapping>
+the source XML version, its binary counterpart, and a mapping
representation that enables the tools to deterministically translate
back and forth between label names of the XML policy and label
identifiers of the binary policy. All three versions must be kept
@@ -1075,8 +1112,6 @@ their binary identifiers (ssidrefs) used
=back
-=head1 EXAMPLES
-
=head1 SEE ALSO
B<xmdomain.cfg>(5), B<xentop>(1)
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/blktap/drivers/Makefile
--- a/tools/blktap/drivers/Makefile Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/blktap/drivers/Makefile Tue Jul 10 08:39:26 2007 -0600
@@ -10,7 +10,6 @@ LIBAIO_DIR = ../../libaio/src
CFLAGS += -Werror
CFLAGS += -Wno-unused
-CFLAGS += -fno-strict-aliasing
CFLAGS += -I $(XEN_LIBXC) -I $(LIBAIO_DIR)
CFLAGS += $(INCLUDES) -I. -I../../xenstore
CFLAGS += -D_GNU_SOURCE
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/blktap/lib/Makefile
--- a/tools/blktap/lib/Makefile Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/blktap/lib/Makefile Tue Jul 10 08:39:26 2007 -0600
@@ -16,7 +16,7 @@ SRCS += xenbus.c blkif.c xs_api.c
CFLAGS += -Werror
CFLAGS += -Wno-unused
-CFLAGS += -fno-strict-aliasing -fPIC
+CFLAGS += -fPIC
# get asprintf():
CFLAGS += -D _GNU_SOURCE
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/examples/init.d/xendomains
--- a/tools/examples/init.d/xendomains Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/examples/init.d/xendomains Tue Jul 10 08:39:26 2007 -0600
@@ -221,22 +221,26 @@ start()
if [ "$XENDOMAINS_RESTORE" = "true" ] &&
contains_something "$XENDOMAINS_SAVE"
then
- XENDOMAINS_SAVED=`/bin/ls $XENDOMAINS_SAVE/* | grep -v 'lost+found'`
mkdir -p $(dirname "$LOCKFILE")
touch $LOCKFILE
echo -n "Restoring Xen domains:"
saved_domains=`ls $XENDOMAINS_SAVE`
- for dom in $XENDOMAINS_SAVED; do
- echo -n " ${dom##*/}"
- xm restore $dom
- if [ $? -ne 0 ]; then
- rc_failed $?
- echo -n '!'
- else
- # mv $dom ${dom%/*}/.${dom##*/}
- rm $dom
- fi
- done
+ for dom in $XENDOMAINS_SAVE/*; do
+ if [ -f $dom ] ; then
+ HEADER=`head -c 16 $dom | head -n 1 2> /dev/null`
+ if [ $HEADER = "LinuxGuestRecord" ]; then
+ echo -n " ${dom##*/}"
+ xm restore $dom
+ if [ $? -ne 0 ]; then
+ rc_failed $?
+ echo -n '!'
+ else
+ # mv $dom ${dom%/*}/.${dom##*/}
+ rm $dom
+ fi
+ fi
+ fi
+ done
echo .
fi
@@ -260,7 +264,6 @@ start()
if [ $? -eq 0 ] || is_running $dom; then
echo -n "(skip)"
else
- echo "(booting)"
xm create --quiet --defconfig $dom
if [ $? -ne 0 ]; then
rc_failed $?
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/examples/xend-config.sxp
--- a/tools/examples/xend-config.sxp Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/examples/xend-config.sxp Tue Jul 10 08:39:26 2007 -0600
@@ -191,3 +191,9 @@
# The default password for VNC console on HVM domain.
# Empty string is no authentication.
(vncpasswd '')
+
+# The default keymap to use for the VM's virtual keyboard
+# when not specififed in VM's configuration
+#(keymap 'en-us')
+
+
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/firmware/etherboot/README
--- a/tools/firmware/etherboot/README Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/firmware/etherboot/README Tue Jul 10 08:39:26 2007 -0600
@@ -1,7 +1,8 @@
This is an Etherboot option ROM for the rtl8139 NIC. It has a few
-non-standard settings, just to do with timeouts and when to give up.
+non-standard settings, most to do with timeouts and when to give up,
+and for stricter DHCP spec compliance.
Rom-o-matic.net will provide this image at the following URL:
-http://rom-o-matic.net/5.4.2/build.php?version=5.4.2&F=ignore&nic=rtl8139%3Artl8139+--+%5B0x10ec%2C0x8139%5D&ofmt=Binary+ROM+Image%28.zrom%29&arch=i386&ASK_BOOT=-1&BOOT_FIRST=BOOT_NIC&BOOT_SECOND=BOOT_NOTHING&BOOT_THIRD=BOOT_NOTHING&BOOT_INDEX=0&STATIC_CLIENT_IP=&STATIC_SUBNET_MASK=&STATIC_SERVER_IP=&STATIC_GATEWAY_IP=&STATIC_BOOTFILE=&EXIT_ON_FILE_LOAD_ERROR=on&DHCP_CLIENT_ID=&DHCP_CLIENT_ID_LEN=&DHCP_CLIENT_ID_TYPE=&DHCP_USER_CLASS=&DHCP_USER_CLASS_LEN=&ALLOW_ONLY_ENCAPSULATED=on&DEFAULT_BOOTFILE=&CONGESTED=on&BACKOFF_LIMIT=7&TIMEOUT=180&TRY_FLOPPY_FIRST=0&EXIT_IF_NO_OFFER=on&TAGGED_IMAGE=on&ELF_IMAGE=on&PXE_IMAGE=on&DOWNLOAD_PROTO_TFTP=on&COMCONSOLE=0x3F8&CONSPEED=9600&COMPARM=0x03&PXE_EXPORT=on&CONFIG_PCI=on&CONFIG_ISA=on&BUILD_ID=&PCBIOS=on&A=Get+ROM
+http://rom-o-matic.net/5.4.3/build.php?version=5.4.3&F=ignore&nic=rtl8139%3Artl8139+--+%5B0x10ec%2C0x8139%5D&ofmt=Binary+ROM+Image%28.zrom%29&arch=i386&ASK_BOOT=-1&BOOT_FIRST=BOOT_NIC&BOOT_SECOND=BOOT_NOTHING&BOOT_THIRD=BOOT_NOTHING&BOOT_INDEX=0&STATIC_CLIENT_IP=&STATIC_SUBNET_MASK=&STATIC_SERVER_IP=&STATIC_GATEWAY_IP=&STATIC_BOOTFILE=&EXIT_ON_FILE_LOAD_ERROR=on&DHCP_CLIENT_ID=&DHCP_CLIENT_ID_LEN=&DHCP_CLIENT_ID_TYPE=&DHCP_USER_CLASS=&DHCP_USER_CLASS_LEN=&ALLOW_ONLY_ENCAPSULATED=on&DEFAULT_BOOTFILE=&CONGESTED=on&BACKOFF_LIMIT=7&TIMEOUT=180&TRY_FLOPPY_FIRST=0&EXIT_IF_NO_OFFER=on&TAGGED_IMAGE=on&ELF_IMAGE=on&PXE_IMAGE=on&DOWNLOAD_PROTO_TFTP=on&COMCONSOLE=0x3F8&CONSPEED=9600&COMPARM=0x03&PXE_EXPORT=on&CONFIG_PCI=on&CONFIG_ISA=on&BUILD_ID=&PCBIOS=on&PXE_DHCP_STRICT=on&A=Get+ROM
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/firmware/etherboot/eb-rtl8139.zrom
Binary file tools/firmware/etherboot/eb-rtl8139.zrom has changed
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/firmware/rombios/rombios.c
--- a/tools/firmware/rombios/rombios.c Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/firmware/rombios/rombios.c Tue Jul 10 08:39:26 2007 -0600
@@ -4675,6 +4675,10 @@ int09_function(DI, SI, BP, SP, BX, DX, C
write_byte(0x0040, 0x18, mf2_flags);
break;
+ case 0x53: /* Del */
+ if ((shift_flags & 0x0c) == 0x0c) /* Ctrl + Alt */
+ machine_reset();
+ /* Fall through */
default:
if (scancode & 0x80) return; /* toss key releases ... */
if (scancode > MAX_SCAN_CODE) {
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/firmware/vmxassist/vm86.c
--- a/tools/firmware/vmxassist/vm86.c Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/firmware/vmxassist/vm86.c Tue Jul 10 08:39:26 2007 -0600
@@ -594,16 +594,24 @@ movr(struct regs *regs, unsigned prefix,
TRACE((regs, regs->eip - eip,
"movb %%e%s, *0x%x", rnames[r], addr));
write8(addr, val);
- break;
+ return 1;
case 0x8A: /* addr32 mov r/m8, r8 */
TRACE((regs, regs->eip - eip,
"movb *0x%x, %%%s", addr, rnames[r]));
setreg8(regs, r, read8(addr));
- break;
+ return 1;
case 0x89: /* addr32 mov r16, r/m16 */
val = getreg32(regs, r);
+ if ((modrm & 0xC0) == 0xC0) {
+ if (prefix & DATA32)
+ setreg32(regs, modrm & 7, val);
+ else
+ setreg16(regs, modrm & 7, MASK16(val));
+ return 1;
+ }
+
if (prefix & DATA32) {
TRACE((regs, regs->eip - eip,
"movl %%e%s, *0x%x", rnames[r], addr));
@@ -613,9 +621,17 @@ movr(struct regs *regs, unsigned prefix,
"movw %%%s, *0x%x", rnames[r], addr));
write16(addr, MASK16(val));
}
- break;
-
- case 0x8B: /* addr32 mov r/m16, r16 */
+ return 1;
+
+ case 0x8B: /* mov r/m16, r16 */
+ if ((modrm & 0xC0) == 0xC0) {
+ if (prefix & DATA32)
+ setreg32(regs, r, addr);
+ else
+ setreg16(regs, r, MASK16(addr));
+ return 1;
+ }
+
if (prefix & DATA32) {
TRACE((regs, regs->eip - eip,
"movl *0x%x, %%e%s", addr, rnames[r]));
@@ -625,7 +641,7 @@ movr(struct regs *regs, unsigned prefix,
"movw *0x%x, %%%s", addr, rnames[r]));
setreg16(regs, r, read16(addr));
}
- break;
+ return 1;
case 0xC6: /* addr32 movb $imm, r/m8 */
if ((modrm >> 3) & 7)
@@ -634,9 +650,9 @@ movr(struct regs *regs, unsigned prefix,
write8(addr, val);
TRACE((regs, regs->eip - eip, "movb $0x%x, *0x%x",
val, addr));
- break;
- }
- return 1;
+ return 1;
+ }
+ return 0;
}
/*
@@ -816,8 +832,8 @@ mov_to_seg(struct regs *regs, unsigned p
* 1) real->protected mode.
* 2) protected->real mode.
*/
- if ((mode != VM86_REAL_TO_PROTECTED) &&
- (mode != VM86_PROTECTED_TO_REAL))
+ if (mode != VM86_REAL_TO_PROTECTED &&
+ mode != VM86_PROTECTED_TO_REAL)
return 0;
/* Register source only. */
@@ -1037,8 +1053,8 @@ set_mode(struct regs *regs, enum vm86_mo
{
switch (newmode) {
case VM86_REAL:
- if ((mode == VM86_PROTECTED_TO_REAL) ||
- (mode == VM86_REAL_TO_PROTECTED)) {
+ if (mode == VM86_PROTECTED_TO_REAL ||
+ mode == VM86_REAL_TO_PROTECTED) {
regs->eflags &= ~EFLAGS_TF;
real_mode(regs);
} else if (mode != VM86_REAL)
@@ -1121,7 +1137,7 @@ jmpl_indirect(struct regs *regs, int pre
if (mode == VM86_REAL_TO_PROTECTED) /* jump to protected
mode */
set_mode(regs, VM86_PROTECTED);
- else if (mode == VM86_PROTECTED_TO_REAL)/* jump to real mode */
+ else if (mode == VM86_PROTECTED_TO_REAL) /* jump to real mode */
set_mode(regs, VM86_REAL);
else
panic("jmpl");
@@ -1147,7 +1163,7 @@ retl(struct regs *regs, int prefix)
if (mode == VM86_REAL_TO_PROTECTED) /* jump to protected
mode */
set_mode(regs, VM86_PROTECTED);
- else if (mode == VM86_PROTECTED_TO_REAL)/* jump to real mode */
+ else if (mode == VM86_PROTECTED_TO_REAL) /* jump to real mode */
set_mode(regs, VM86_REAL);
else
panic("retl");
@@ -1382,9 +1398,7 @@ opcode(struct regs *regs)
case 0x39: /* addr32 cmp r16, r/m16 */
case 0x3B: /* addr32 cmp r/m16, r16 */
- if (mode != VM86_REAL && mode != VM86_REAL_TO_PROTECTED)
- goto invalid;
- if ((prefix & ADDR32) == 0)
+ if (mode == VM86_PROTECTED_TO_REAL || !(prefix &
ADDR32))
goto invalid;
if (!cmp(regs, prefix, opc))
goto invalid;
@@ -1427,37 +1441,17 @@ opcode(struct regs *regs)
}
continue;
- case 0x88: /* mov r8, r/m8 */
- case 0x8A: /* mov r/m8, r8 */
- if (mode != VM86_REAL && mode != VM86_REAL_TO_PROTECTED)
- goto invalid;
- if ((prefix & ADDR32) == 0)
+ case 0x88: /* addr32 mov r8, r/m8 */
+ case 0x8A: /* addr32 mov r/m8, r8 */
+ if (mode == VM86_PROTECTED_TO_REAL || !(prefix &
ADDR32))
goto invalid;
if (!movr(regs, prefix, opc))
goto invalid;
return OPC_EMULATED;
- case 0x89: /* addr32 mov r16, r/m16 */
- if (mode == VM86_PROTECTED_TO_REAL) {
- unsigned modrm = fetch8(regs);
- unsigned addr = operand(prefix, regs, modrm);
- unsigned val, r = (modrm >> 3) & 7;
-
- if (prefix & DATA32) {
- val = getreg16(regs, r);
- write32(addr, val);
- } else {
- val = getreg32(regs, r);
- write16(addr, MASK16(val));
- }
- TRACE((regs, regs->eip - eip,
- "mov %%%s, *0x%x", rnames[r], addr));
- return OPC_EMULATED;
- }
- case 0x8B: /* addr32 mov r/m16, r16 */
- if (mode != VM86_REAL && mode != VM86_REAL_TO_PROTECTED)
- goto invalid;
- if ((prefix & ADDR32) == 0)
+ case 0x89: /* mov r16, r/m16 */
+ case 0x8B: /* mov r/m16, r16 */
+ if (mode != VM86_PROTECTED_TO_REAL && !(prefix &
ADDR32))
goto invalid;
if (!movr(regs, prefix, opc))
goto invalid;
@@ -1469,7 +1463,7 @@ opcode(struct regs *regs)
return OPC_EMULATED;
case 0x8F: /* addr32 pop r/m16 */
- if ((prefix & ADDR32) == 0)
+ if (!(prefix & ADDR32))
goto invalid;
if (!pop(regs, prefix, opc))
goto invalid;
@@ -1498,48 +1492,48 @@ opcode(struct regs *regs)
return OPC_EMULATED;
case 0xA1: /* mov ax, r/m16 */
- {
- int addr, data;
- int seg = segment(prefix, regs, regs->vds);
- int offset = prefix & ADDR32? fetch32(regs) :
fetch16(regs);
-
- if (prefix & DATA32) {
- addr = address(regs, seg, offset);
- data = read32(addr);
- setreg32(regs, 0, data);
- } else {
- addr = address(regs, seg, offset);
- data = read16(addr);
- setreg16(regs, 0, data);
- }
- TRACE((regs, regs->eip - eip, "mov *0x%x,
%%ax", addr));
+ {
+ int addr, data;
+ int seg = segment(prefix, regs, regs->vds);
+ int offset = prefix & ADDR32 ? fetch32(regs) :
fetch16(regs);
+
+ if (prefix & DATA32) {
+ addr = address(regs, seg, offset);
+ data = read32(addr);
+ setreg32(regs, 0, data);
+ } else {
+ addr = address(regs, seg, offset);
+ data = read16(addr);
+ setreg16(regs, 0, data);
}
- return OPC_EMULATED;
+ TRACE((regs, regs->eip - eip, "mov *0x%x, %%ax", addr));
+ return OPC_EMULATED;
+ }
case 0xBB: /* mov bx, imm16 */
- {
- int data;
- if (prefix & DATA32) {
- data = fetch32(regs);
- setreg32(regs, 3, data);
- } else {
- data = fetch16(regs);
- setreg16(regs, 3, data);
- }
- TRACE((regs, regs->eip - eip, "mov $0x%x,
%%bx", data));
+ {
+ int data;
+ if (prefix & DATA32) {
+ data = fetch32(regs);
+ setreg32(regs, 3, data);
+ } else {
+ data = fetch16(regs);
+ setreg16(regs, 3, data);
}
- return OPC_EMULATED;
+ TRACE((regs, regs->eip - eip, "mov $0x%x, %%bx", data));
+ return OPC_EMULATED;
+ }
case 0xC6: /* addr32 movb $imm, r/m8 */
- if ((prefix & ADDR32) == 0)
+ if (!(prefix & ADDR32))
goto invalid;
if (!movr(regs, prefix, opc))
goto invalid;
return OPC_EMULATED;
case 0xCB: /* retl */
- if ((mode == VM86_REAL_TO_PROTECTED) ||
- (mode == VM86_PROTECTED_TO_REAL)) {
+ if (mode == VM86_REAL_TO_PROTECTED ||
+ mode == VM86_PROTECTED_TO_REAL) {
retl(regs, prefix);
return OPC_INVALID;
}
@@ -1576,37 +1570,37 @@ opcode(struct regs *regs)
return OPC_EMULATED;
case 0xEA: /* jmpl */
- if ((mode == VM86_REAL_TO_PROTECTED) ||
- (mode == VM86_PROTECTED_TO_REAL)) {
+ if (mode == VM86_REAL_TO_PROTECTED ||
+ mode == VM86_PROTECTED_TO_REAL) {
jmpl(regs, prefix);
return OPC_INVALID;
}
goto invalid;
- case 0xFF: /* jmpl (indirect) */
- {
- unsigned modrm = fetch8(regs);
- switch((modrm >> 3) & 7) {
- case 5: /* jmpl (indirect) */
- if ((mode == VM86_REAL_TO_PROTECTED) ||
- (mode ==
VM86_PROTECTED_TO_REAL)) {
- jmpl_indirect(regs, prefix,
modrm);
- return OPC_INVALID;
- }
- goto invalid;
-
- case 6: /* push r/m16 */
- pushrm(regs, prefix, modrm);
- return OPC_EMULATED;
-
- default:
- goto invalid;
+ case 0xFF:
+ {
+ unsigned modrm = fetch8(regs);
+ switch((modrm >> 3) & 7) {
+ case 5: /* jmpl (indirect) */
+ if (mode == VM86_REAL_TO_PROTECTED ||
+ mode == VM86_PROTECTED_TO_REAL) {
+ jmpl_indirect(regs, prefix, modrm);
+ return OPC_INVALID;
}
+ goto invalid;
+
+ case 6: /* push r/m16 */
+ pushrm(regs, prefix, modrm);
+ return OPC_EMULATED;
+
+ default:
+ goto invalid;
}
+ }
case 0xEB: /* short jump */
- if ((mode == VM86_REAL_TO_PROTECTED) ||
- (mode == VM86_PROTECTED_TO_REAL)) {
+ if (mode == VM86_REAL_TO_PROTECTED ||
+ mode == VM86_PROTECTED_TO_REAL) {
disp = (char) fetch8(regs);
TRACE((regs, 2, "jmp 0x%x", regs->eip + disp));
regs->eip += disp;
@@ -1629,7 +1623,7 @@ opcode(struct regs *regs)
continue;
case 0xF6: /* addr32 testb $imm, r/m8 */
- if ((prefix & ADDR32) == 0)
+ if (!(prefix & ADDR32))
goto invalid;
if (!test(regs, prefix, opc))
goto invalid;
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/ioemu/keymaps/ja
--- a/tools/ioemu/keymaps/ja Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/ioemu/keymaps/ja Tue Jul 10 08:39:26 2007 -0600
@@ -101,6 +101,7 @@ bar 0x7d shift
bar 0x7d shift
underscore 0x73 shift
Henkan_Mode 0x79
+Katakana_Real 0x70
Katakana 0x70
Muhenkan 0x7b
Henkan_Mode_Real 0x79
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/ioemu/keymaps/modifiers
--- a/tools/ioemu/keymaps/modifiers Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/ioemu/keymaps/modifiers Tue Jul 10 08:39:26 2007 -0600
@@ -11,8 +11,8 @@ Control_L 0x1d
# Translate Super to Windows keys.
# This is hardcoded. See documentation for details.
-Super_R 0xdb
-Super_L 0xdc
+Super_R 0xdc
+Super_L 0xdb
# Translate Menu to the Windows Application key.
Menu 0xdd
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/ioemu/vnc_keysym.h
--- a/tools/ioemu/vnc_keysym.h Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/ioemu/vnc_keysym.h Tue Jul 10 08:39:26 2007 -0600
@@ -290,12 +290,14 @@ static name2keysym_t name2keysym[]={
/* localized keys */
{"BackApostrophe", 0xff21},
{"Muhenkan", 0xff22},
-{"Katakana", 0xff25},
+{"Katakana", 0xff27},
{"Hankaku", 0xff29},
{"Zenkaku_Hankaku", 0xff2a},
{"Henkan_Mode_Real", 0xff23},
{"Henkan_Mode_Ultra", 0xff3e},
{"backslash_ja", 0xffa5},
+{"Katakana_Real", 0xff25},
+{"Eisu_toggle", 0xff30},
/* dead keys */
{"dead_grave", 0xfe50},
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/libxc/Makefile
--- a/tools/libxc/Makefile Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/libxc/Makefile Tue Jul 10 08:39:26 2007 -0600
@@ -57,7 +57,6 @@ GUEST_SRCS-$(CONFIG_POWERPC) += xc_dom_p
-include $(XEN_TARGET_ARCH)/Makefile
CFLAGS += -Werror -Wmissing-prototypes
-CFLAGS += -fno-strict-aliasing
CFLAGS += $(INCLUDES) -I. -I../xenstore
# Needed for posix_fadvise64() in xc_linux.c
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/libxc/xc_domain.c
--- a/tools/libxc/xc_domain.c Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/libxc/xc_domain.c Tue Jul 10 08:39:26 2007 -0600
@@ -181,6 +181,7 @@ int xc_domain_getinfo(int xc_handle,
info->blocked = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_blocked);
info->running = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_running);
info->hvm = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_hvm_guest);
+ info->debugged = !!(domctl.u.getdomaininfo.flags&XEN_DOMINF_debugged);
info->shutdown_reason =
(domctl.u.getdomaininfo.flags>>XEN_DOMINF_shutdownshift) &
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/libxc/xc_misc.c
--- a/tools/libxc/xc_misc.c Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/libxc/xc_misc.c Tue Jul 10 08:39:26 2007 -0600
@@ -59,6 +59,8 @@ int xc_physinfo(int xc_handle,
DECLARE_SYSCTL;
sysctl.cmd = XEN_SYSCTL_physinfo;
+
+ memcpy(&sysctl.u.physinfo, put_info, sizeof(*put_info));
if ( (ret = do_sysctl(xc_handle, &sysctl)) != 0 )
return ret;
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/libxc/xenctrl.h
--- a/tools/libxc/xenctrl.h Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/libxc/xenctrl.h Tue Jul 10 08:39:26 2007 -0600
@@ -153,7 +153,7 @@ typedef struct xc_dominfo {
uint32_t ssidref;
unsigned int dying:1, crashed:1, shutdown:1,
paused:1, blocked:1, running:1,
- hvm:1;
+ hvm:1, debugged:1;
unsigned int shutdown_reason; /* only meaningful if shutdown==1 */
unsigned long nr_pages;
unsigned long shared_info_frame;
@@ -485,6 +485,7 @@ int xc_send_debug_keys(int xc_handle, ch
int xc_send_debug_keys(int xc_handle, char *keys);
typedef xen_sysctl_physinfo_t xc_physinfo_t;
+typedef uint32_t xc_cpu_to_node_t;
int xc_physinfo(int xc_handle,
xc_physinfo_t *info);
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/python/xen/lowlevel/xc/xc.c
--- a/tools/python/xen/lowlevel/xc/xc.c Mon Jul 09 09:22:58 2007 -0600
+++ b/tools/python/xen/lowlevel/xc/xc.c Tue Jul 10 08:39:26 2007 -0600
@@ -680,33 +680,62 @@ static PyObject *pyxc_pages_to_kib(XcObj
static PyObject *pyxc_physinfo(XcObject *self)
{
+#define MAX_CPU_ID 255
xc_physinfo_t info;
char cpu_cap[128], *p=cpu_cap, *q=cpu_cap;
- int i;
-
+ int i, j, max_cpu_id;
+ PyObject *ret_obj, *node_to_cpu_obj;
+ xc_cpu_to_node_t map[MAX_CPU_ID];
+
+ set_xen_guest_handle(info.cpu_to_node, map);
+ info.max_cpu_id = MAX_CPU_ID;
+
if ( xc_physinfo(self->xc_handle, &info) != 0 )
return pyxc_error_to_exception();
- *q=0;
- for(i=0;i<sizeof(info.hw_cap)/4;i++)
+ *q = 0;
+ for ( i = 0; i < sizeof(info.hw_cap)/4; i++ )
{
- p+=sprintf(p,"%08x:",info.hw_cap[i]);
- if(info.hw_cap[i])
- q=p;
+ p += sprintf(p, "%08x:", info.hw_cap[i]);
+ if ( info.hw_cap[i] )
+ q = p;
}
- if(q>cpu_cap)
- *(q-1)=0;
-
- return Py_BuildValue("{s:i,s:i,s:i,s:i,s:l,s:l,s:l,s:i,s:s}",
- "threads_per_core", info.threads_per_core,
- "cores_per_socket", info.cores_per_socket,
- "sockets_per_node", info.sockets_per_node,
- "nr_nodes", info.nr_nodes,
- "total_memory", pages_to_kib(info.total_pages),
- "free_memory", pages_to_kib(info.free_pages),
- "scrub_memory", pages_to_kib(info.scrub_pages),
- "cpu_khz", info.cpu_khz,
- "hw_caps", cpu_cap);
+ if ( q > cpu_cap )
+ *(q-1) = 0;
+
+ ret_obj = Py_BuildValue("{s:i,s:i,s:i,s:i,s:i,s:l,s:l,s:l,s:i,s:s}",
+ "nr_nodes", info.nr_nodes,
+ "max_cpu_id", info.max_cpu_id,
+ "threads_per_core", info.threads_per_core,
+ "cores_per_socket", info.cores_per_socket,
+ "sockets_per_node", info.sockets_per_node,
+ "total_memory", pages_to_kib(info.total_pages),
+ "free_memory", pages_to_kib(info.free_pages),
+ "scrub_memory", pages_to_kib(info.scrub_pages),
+ "cpu_khz", info.cpu_khz,
+ "hw_caps", cpu_cap);
+
+ max_cpu_id = info.max_cpu_id;
+ if ( max_cpu_id > MAX_CPU_ID )
+ max_cpu_id = MAX_CPU_ID;
+
+ /* Construct node-to-cpu lists. */
+ node_to_cpu_obj = PyList_New(0);
+
+ /* Make a list for each node. */
+ for ( i = 0; i < info.nr_nodes; i++ )
+ {
+ PyObject *cpus = PyList_New(0);
+ for ( j = 0; j <= max_cpu_id; j++ )
+ if ( i == map[j])
+ PyList_Append(cpus, PyInt_FromLong(j));
+ PyList_Append(node_to_cpu_obj, cpus);
+ }
+
+ PyDict_SetItemString(ret_obj, "node_to_cpu", node_to_cpu_obj);
+
+ return ret_obj;
+#undef MAX_CPU_ID
}
static PyObject *pyxc_xeninfo(XcObject *self)
diff -r 87b0b6a08dbd -r 42586a0f4407 tools/python/xen/util/acmpolicy.py
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/python/xen/util/acmpolicy.py Tue Jul 10 08:39:26 2007 -0600
@@ -0,0 +1,1199 @@
+#============================================================================
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of version 2.1 of the GNU Lesser General Public
+# License as published by the Free Software Foundation.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#============================================================================
+# Copyright (C) 2006,2007 International Business Machines Corp.
+# Author: Stefan Berger <stefanb@xxxxxxxxxx>
+#============================================================================
+
+import os
+import commands
+import struct
+import stat
+import array
+from xml.dom import minidom, Node
+from xen.xend.XendLogging import log
+from xen.util import security, xsconstants, bootloader, mkdir
+from xen.util.xspolicy import XSPolicy
+from xen.util.security import ACMError
+from xen.xend.XendError import SecurityError
+
+ACM_POLICIES_DIR = security.policy_dir_prefix + "/"
+
+# Constants needed for generating a binary policy from its XML
+# representation
+ACM_POLICY_VERSION = 3 # Latest one
+ACM_CHWALL_VERSION = 1
+
+ACM_STE_VERSION = 1
+
+ACM_MAGIC = 0x001debc;
+
+ACM_NULL_POLICY = 0
+ACM_CHINESE_WALL_POLICY = 1
+ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY = 2
+ACM_POLICY_UNDEFINED = 15
+
+
+ACM_SCHEMA_FILE = "/etc/xen/acm-security/policies/security_policy.xsd"
+
+class ACMPolicy(XSPolicy):
+ """
+ ACMPolicy class. Implements methods for getting information from
+ the XML representation of the policy as well as compilation and
+ loading of a policy into the HV.
+ """
+
+ def __init__(self, name=None, dom=None, ref=None, xml=None):
+ if name:
+ self.name = name
+ self.dom = minidom.parse(self.path_from_policy_name(name))
+ elif dom:
+ self.dom = dom
+ self.name = self.get_name()
+ elif xml:
+ self.dom = minidom.parseString(xml)
+ self.name = self.get_name()
+ rc = self.validate()
+ if rc != xsconstants.XSERR_SUCCESS:
+ raise SecurityError(rc)
+ mkdir.parents(ACM_POLICIES_DIR, stat.S_IRWXU)
+ if ref:
+ from xen.xend.XendXSPolicy import XendACMPolicy
+ self.xendacmpolicy = XendACMPolicy(self, {}, ref)
+ else:
+ self.xendacmpolicy = None
+ XSPolicy.__init__(self, name=self.name, ref=ref)
+
+ def get_dom(self):
+ return self.dom
+
+ def get_name(self):
+ return self.policy_dom_get_hdr_item("PolicyName")
+
+ def get_type(self):
+ return xsconstants.XS_POLICY_ACM
+
+ def get_type_name(self):
+ return xsconstants.ACM_POLICY_ID
+
+ def __str__(self):
+ return self.get_name()
+
+
+ def validate(self):
+ """
+ validate against the policy's schema Does not fail if the
+ libxml2 python lib is not installed
+ """
+ rc = xsconstants.XSERR_SUCCESS
+ try:
+ import libxml2
+ except Exception, e:
+ log.warn("Libxml2 python-wrapper is not installed on the system.")
+ return xsconstants.XSERR_SUCCESS
+ try:
+ parserctxt = libxml2.schemaNewParserCtxt(ACM_SCHEMA_FILE)
+ schemaparser = parserctxt.schemaParse()
+ valid = schemaparser.schemaNewValidCtxt()
+ doc = libxml2.parseDoc(self.toxml())
+ if doc.schemaValidateDoc(valid) != 0:
+ rc = -xsconstants.XSERR_BAD_XML
+ except Exception, e:
+ log.warn("Problem with the schema: %s" % str(e))
+ rc = -xsconstants.XSERR_GENERAL_FAILURE
+ if rc != xsconstants.XSERR_SUCCESS:
+ log.warn("XML did not validate against schema")
+ rc = self.__validate_name_and_labels()
+ return rc
+
+ def __validate_name_and_labels(self):
+ """ no ':' allowed in the policy name and the labels """
+ if ':' in self.get_name():
+ return -xsconstants.XSERR_BAD_POLICY_NAME
+ for s in self.policy_get_resourcelabel_names():
+ if ':' in s:
+ return -xsconstants.XSERR_BAD_LABEL
+ for s in self.policy_get_virtualmachinelabel_names():
+ if ':' in s:
+ return -xsconstants.XSERR_BAD_LABEL
+ return xsconstants.XSERR_SUCCESS
+
+
+ def update(self, xml_new):
+ """
+ Update the policy with the new XML. The hypervisor decides
+ whether the new policy can be applied.
+ """
+ rc = -xsconstants.XSERR_XML_PROCESSING
+ errors = ""
+ acmpol_old = self
+ try:
+ acmpol_new = ACMPolicy(xml=xml_new)
+ except Exception:
+ return -xsconstants.XSERR_XML_PROCESSING, errors
+
+ vmlabel_map = acmpol_new.policy_get_vmlabel_translation_map()
+ # An update requires version information in the current
+ # and new policy. The version number of the current policy
+ # must be the same as what is in the FromPolicy/Version node
+ # in the new one and the current policy's name must be the
+ # same as in FromPolicy/PolicyName
+
+ now_vers = acmpol_old.policy_dom_get_hdr_item("Version")
+ now_name = acmpol_old.policy_dom_get_hdr_item("PolicyName")
+ req_oldvers = acmpol_new.policy_dom_get_frompol_item("Version")
+ req_oldname = acmpol_new.policy_dom_get_frompol_item("PolicyName")
+
+ if now_vers == "" or \
+ now_vers != req_oldvers or \
+ now_name != req_oldname:
+ log.info("Policy rejected: %s != %s or %s != %s" % \
+ (now_vers,req_oldvers,now_name,req_oldname))
+ return -xsconstants.XSERR_VERSION_PREVENTS_UPDATE, errors
+
+ if not self.isVersionUpdate(acmpol_new):
+ log.info("Policy rejected since new version is not an update.")
+ return -xsconstants.XSERR_VERSION_PREVENTS_UPDATE, errors
+
+ if self.isloaded():
+ newvmnames = \
+ acmpol_new.policy_get_virtualmachinelabel_names_sorted()
+ oldvmnames = \
+ acmpol_old.policy_get_virtualmachinelabel_names_sorted()
+ del_array = ""
+ chg_array = ""
+ for o in oldvmnames:
+ if o not in newvmnames:
+ old_idx = oldvmnames.index(o) + 1 # for _NULL_LABEL_
+ if vmlabel_map.has_key(o):
+ #not a deletion, but a renaming
+ new = vmlabel_map[o]
+ new_idx = newvmnames.index(new) + 1 # for _NULL_LABEL_
+ chg_array += struct.pack("ii", old_idx, new_idx)
+ else:
+ del_array += struct.pack("i", old_idx)
+ for v in newvmnames:
+ if v in oldvmnames:
+ old_idx = oldvmnames.index(v) + 1 # for _NULL_LABEL_
+ new_idx = newvmnames.index(v) + 1 # for _NULL_LABEL_
+ if old_idx != new_idx:
+ chg_array += struct.pack("ii", old_idx, new_idx)
+
+ # VM labels indicated in the 'from' attribute of a VM or
+ # resource node but that did not exist in the old policy
+ # are considered bad labels.
+ bad_renamings = set(vmlabel_map.keys()) - set(oldvmnames)
+ if len(bad_renamings) > 0:
+ log.error("Bad VM label renamings: %s" %
+ list(bad_renamings))
+ return -xsconstants.XSERR_BAD_LABEL, errors
+
+ reslabel_map = acmpol_new.policy_get_reslabel_translation_map()
+ oldresnames = acmpol_old.policy_get_resourcelabel_names()
+ bad_renamings = set(reslabel_map.keys()) - set(oldresnames)
+ if len(bad_renamings) > 0:
+ log.error("Bad resource label renamings: %s" %
+ list(bad_renamings))
+ return -xsconstants.XSERR_BAD_LABEL, errors
+
+ #Get binary and map from the new policy
+ rc, map, bin_pol = acmpol_new.policy_create_map_and_bin()
+ if rc != xsconstants.XSERR_SUCCESS:
+ log.error("Could not build the map and binary policy.")
+ return rc, errors
+
+ #Need to do / check the following:
+ # - relabel all resources where there is a 'from' field in
+ # the policy and mark those as unlabeled where the label
+ # does not appear in the new policy anymore
+ # - relabel all VMs where there is a 'from' field in the
+ # policy and mark those as unlabeled where the label
+ # does not appear in the new policy anymore; no running
+ # or paused VM may be unlabeled through this
+ # - check that under the new labeling conditions the VMs
+ # still have access to their resources as before. Unlabeled
+ # resources are inaccessible. If this check fails, the
+ # update failed.
+ # - Attempt changes in the hypervisor; if this step fails,
+ # roll back the relabeling of resources and VMs
+ # - Commit the relabeling of resources
+
+
+ rc, errors = security.change_acm_policy(bin_pol,
+ del_array, chg_array,
+ vmlabel_map, reslabel_map,
+ self, acmpol_new)
+
+ if rc == 0:
+ # Replace the old DOM with the new one and save it
+ self.dom = acmpol_new.dom
+ self.compile()
+ log.info("ACM policy update was successful")
+ else:
+ #Not loaded in HV
+ self.dom = acmpol_new.dom
+ self.compile()
+ return rc, errors
+
+ def compareVersions(self, v1, v2):
+ """
+ Compare two policy versions given their tuples of major and
+ minor.
+ Return '0' if versions are equal, '>0' if v1 > v2 and
+ '<' if v1 < v2
+ """
+ rc = v1[0] - v2[0]
+ if rc == 0:
+ rc = v1[1] - v2[1]
+ return rc
+
+ def getVersionTuple(self, item="Version"):
+ v_str = self.policy_dom_get_hdr_item(item)
+ return self.__convVersionToTuple(v_str)
+
+ def get_version(self):
+ return self.policy_dom_get_hdr_item("Version")
+
+ def isVersionUpdate(self, polnew):
+ if self.compareVersions(polnew.getVersionTuple(),
+ self.getVersionTuple()) > 0:
+ return True
+ return False
+
+ def __convVersionToTuple(self, v_str):
+ """ Convert a version string, formatted according to the scheme
+ "%d.%d" into a tuple of (major, minor). Return (0,0) if the
+ string is empty.
+ """
+ major = 0
+ minor = 0
+ if v_str != "":
+ tmp = v_str.split(".")
+ major = int(tmp[0])
+ if len(tmp) > 1:
+ minor = int(tmp[1])
+ return (major, minor)
+
+
+ def policy_path(self, name, prefix = ACM_POLICIES_DIR ):
+ path = prefix + name.replace('.','/')
+ _path = path.split("/")
+ del _path[-1]
+ mkdir.parents("/".join(_path), stat.S_IRWXU)
+ return path
+
+ def path_from_policy_name(self, name):
+ return self.policy_path(name) + "-security_policy.xml"
+
+ #
+ # Functions interacting with the bootloader
+ #
+ def vmlabel_to_ssidref(self, vm_label):
+ """ Convert a VMlabel into an ssidref given the current
+ policy
+ Return xsconstants.INVALID_SSIDREF if conversion failed.
+ """
+ ssidref = xsconstants.INVALID_SSIDREF
+ names = self.policy_get_virtualmachinelabel_names_sorted()
+ try:
+ vmidx = names.index(vm_label) + 1 # for _NULL_LABEL_
+ ssidref = (vmidx << 16) | vmidx
+ except:
+ pass
+ return ssidref
+
+ def set_vm_bootlabel(self, vm_label):
+ parms="<>"
+ if vm_label != "":
+ ssidref = self.vmlabel_to_ssidref(vm_label)
+ if ssidref == xsconstants.INVALID_SSIDREF:
+ return -xsconstants.XSERR_BAD_LABEL
+ parms = "0x%08x:%s:%s:%s" % \
+ (ssidref, xsconstants.ACM_POLICY_ID, \
+ self.get_name(),vm_label)
+ else:
+ ssidref = 0 #Identifier for removal
+ try:
+ def_title = bootloader.get_default_title()
+ bootloader.set_kernel_attval(def_title, "ssidref", parms)
+ except:
+ return -xsconstants.XSERR_GENERAL_FAILURE
+ return ssidref
+
+ #
+ # Utility functions related to the policy's files
+ #
+ def get_filename(self, postfix, prefix = ACM_POLICIES_DIR, dotted=False):
+ """
+ Create the filename for the policy. The prefix is prepended
+ to the path. If dotted is True, then a policy name like
+ 'a.b.c' will remain as is, otherwise it will become 'a/b/c'
+ """
+ name = self.get_name()
+ if name:
+ p = name.split(".")
+ path = ""
+ if dotted == True:
+ sep = "."
+ else:
+ sep = "/"
+ if len(p) > 1:
+ path = sep.join(p[0:len(p)-1])
+ if prefix != "" or path != "":
+ allpath = prefix + path + sep + p[-1] + postfix
+ else:
+ allpath = p[-1] + postfix
+ return allpath
+ return None
+
+ def __readfile(self, name):
+ cont = ""
+ filename = self.get_filename(name)
+ f = open(filename, "r")
+ if f:
+ cont = f.read()
+ f.close()
+ return cont
+
+ def get_map(self):
+ return self.__readfile(".map")
+
+ def get_bin(self):
+ return self.__readfile(".bin")
+
+ #
+ # DOM-related functions
+ #
+
+ def policy_dom_get(self, parent, key, createit=False):
+ for node in parent.childNodes:
+ if node.nodeType == Node.ELEMENT_NODE:
+ if node.nodeName == key:
+ return node
+ if createit:
+ self.dom_create_node(parent, key)
+ return self.policy_dom_get(parent, key)
+
+ def dom_create_node(self, parent, newname, value=" "):
+ xml = "<a><"+newname+">"+ value +"</"+newname+"></a>"
+ frag = minidom.parseString(xml)
+ frag.childNodes[0].nodeType = Node.DOCUMENT_FRAGMENT_NODE
+ parent.appendChild(frag.childNodes[0])
+ return frag.childNodes[0]
+
+ def dom_get_node(self, path, createit=False):
+ node = None
+ parts = path.split("/")
+ doc = self.get_dom()
+ if len(parts) > 0:
+ node = self.policy_dom_get(doc.documentElement, parts[0])
+ if node:
+ i = 1
+ while i < len(parts):
+ _node = self.policy_dom_get(node, parts[i], createit)
+ if not _node:
+ if not createit:
+ break
+ else:
+ self.dom_create_node(node, parts[i])
+ _node = self.policy_dom_get(node, parts[i])
+ node = _node
+ i += 1
+ return node
+
+ #
+ # Header-related functions
+ #
+ def policy_dom_get_header_subnode(self, nodename):
+ node = self.dom_get_node("PolicyHeader/%s" % nodename)
+ return node
+
+ def policy_dom_get_hdr_item(self, name, default=""):
+ node = self.policy_dom_get_header_subnode(name)
+ if node and len(node.childNodes) > 0:
+ return node.childNodes[0].nodeValue
+ return default
+
+ def policy_dom_get_frompol_item(self, name, default="", createit=False):
+ node = self.dom_get_node("PolicyHeader/FromPolicy",createit)
+ if node:
+ node = self.policy_dom_get(node, name, createit)
+ if node and len(node.childNodes) > 0:
+ return node.childNodes[0].nodeValue
+ return default
+
+ def get_header_fields_map(self):
+ header = {
+ 'policyname' : self.policy_dom_get_hdr_item("PolicyName"),
+ 'policyurl' : self.policy_dom_get_hdr_item("PolicyUrl"),
+ 'reference' : self.policy_dom_get_hdr_item(&qu |
Home