Commit Graph

68 Commits

Author SHA1 Message Date
Glauber de Oliveira Costa
badb1e0402 lguest: introduce vcpu struct
this patch introduces a vcpu struct for lguest. In upcoming patches,
more and more fields will be moved from the lguest struct to the vcpu

Signed-off-by: Glauber de Oliveira Costa <gcosta@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2008-01-30 22:50:04 +11:00
Balaji Rao
ec04b13f67 lguest: Reboot support
Reboot Implemented

(Prevent fd leak, fix style and fix documentation --RR)

Signed-off-by: Balaji Rao <balajirrao@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2008-01-30 22:50:04 +11:00
Glauber de Oliveira Costa
5c55841d16 lguest: remove pv_info dependency
Currently, lguest module can't be compiled without the PARAVIRT flag being
on. This is a fake dependency, since the module itself shouldn't need any
paravirt override. Reason for that is the reference to pv_info structure
in initial loading tests.

This patch removes it in favour of a more generic error message.

Signed-off-by: Glauber de Oliveira Costa <gcosta@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2008-01-30 22:50:03 +11:00
Gautham R Shenoy
86ef5c9a8e cpu-hotplug: replace lock_cpu_hotplug() with get_online_cpus()
Replace all lock_cpu_hotplug/unlock_cpu_hotplug from the kernel and use
get_online_cpus and put_online_cpus instead as it highlights the
refcount semantics in these operations.

The new API guarantees protection against the cpu-hotplug operation, but
it doesn't guarantee serialized access to any of the local data
structures. Hence the changes needs to be reviewed.

In case of pseries_add_processor/pseries_remove_processor, use
cpu_maps_update_begin()/cpu_maps_update_done() as we're modifying the
cpu_present_map there.

Signed-off-by: Gautham R Shenoy <ego@in.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-01-25 21:08:02 +01:00
Rusty Russell
a7da60f415 Remove bogus duplicate CONFIG_LGUEST_GUEST entry.
It was moved to arch/x86/lguest/Kconfig, but I lost the deletion part in a
patch suffle.  My confused one-liner "fix" to turn it on is also reverted:
84f7466ee2

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-01-19 21:29:39 -08:00
Rusty Russell
84f7466ee2 Selecting LGUEST should turn on Guest support, as in 2.6.23.
There's currently no way to turn on Lguest guest support; the planned
Kconfig virtualization reorg didn't get into 2.6.25.

This was unnoticed because if you already had CONFIG_LGUEST_GUEST=y in
your config, it worked.  Too bad about new users...

Also, the Kconfig help was wrong now the virtio drivers are merged.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-01-18 14:05:48 -08:00
Rusty Russell
74b2553f1d virtio: fix module/device unloading
The virtio code never hooked through the ->remove callback.  Although
noone supports device removal at the moment, this code is already
needed for module unloading.

This of course also revealed bugs in virtio_blk, virtio_net and lguest
unloading paths.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-11-19 11:20:42 +11:00
Adrian Bunk
43054412db lguest_user.c: fix memory leak
This patch fixes a memory leak spotted by the Coverity checker.

Signed-off-by: Adrian Bunk <bunk@kernel.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-11-14 18:45:38 -08:00
Rusty Russell
42b36cc0ce virtio: Force use of power-of-two for descriptor ring sizes
The virtio descriptor rings of size N-1 were nicely set up to be
aligned to an N-byte boundary.  But as Anthony Liguori points out, the
free-running indices used by virtio require that the sizes be a power
of 2, otherwise we get problems on wrap (demonstrated with lguest).

So we replace the clever "2^n-1" scheme with a simple "align to page
boundary" scheme: this means that all virtio rings take at least two
pages, but it's safer than guessing cache alignment.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-11-12 13:59:40 +11:00
Rusty Russell
e1e72965ec lguest: documentation update
Went through the documentation doing typo and content fixes.  This
patch contains only comment and whitespace changes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-25 15:02:50 +10:00
Rusty Russell
197bff630a lguest: remove unused "wake" element from struct lguest
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-25 14:10:30 +10:00
Rusty Russell
25c47bb353 lguest: use defines from x86 headers instead of magic numbers
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-25 14:09:53 +10:00
Rusty Russell
2d37f94a28 generalize lgread_u32/lgwrite_u32.
Jes complains that page table code still uses lgread_u32 even though
it now uses general kernel pte types.  The best thing to do is to
generalize lgread_u32 and lgwrite_u32.

This means we lose the efficiency of getuser().  We could potentially
regain it if we used __copy_from_user instead of copy_from_user, but
I'm not certain that our range check is equivalent to access_ok() on
all platforms.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Jes Sorensen <jes@sgi.com>
2007-10-23 15:49:56 +10:00
Rusty Russell
19f1537b7b Lguest support for Virtio
This makes lguest able to use the virtio devices.

We change the device descriptor page from a simple array to a variable
length "type, config_len, status, config data..." format, and
implement virtio_config_ops to read from that config data.

We use the virtio ring implementation for an efficient Guest <-> Host
virtqueue mechanism, and the new LHCALL_NOTIFY hypercall to kick the
host when it changes.

We also use LHCALL_NOTIFY on kernel addresses for very very early
console output.  We could have another hypercall, but this hack works
quite well.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:56 +10:00
Rusty Russell
15045275c3 Remove old lguest I/O infrrasructure.
This patch gets rid of the old lguest host I/O infrastructure and
replaces it with a single hypercall "LHCALL_NOTIFY" which takes an
address.

The main change is the removal of io.c: that mainly did inter-guest
I/O, which virtio doesn't yet support.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:55 +10:00
Rusty Russell
0ca49ca946 Remove old lguest bus and drivers.
This gets rid of the lguest bus, drivers and DMA mechanism, to make
way for a generic virtio mechanism.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:55 +10:00
Rusty Russell
47436aa4ad Boot with virtual == physical to get closer to native Linux.
1) This allows us to get alot closer to booting bzImages.

2) It means we don't have to know page_offset.

3) The Guest needs to modify the boot pagetables to create the
   PAGE_OFFSET mapping before jumping to C code.

4) guest_pa() walks the page tables rather than using page_offset.

5) We don't use page_offset to figure out whether to emulate: it was
   always kinda quesationable, and won't work for instructions done
   before remapping (bzImage unpacking in particular).

6) We still want the kernel address for tlb flushing: have the initial
   hypercall give us that, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:54 +10:00
Rusty Russell
c18acd73ff Allow guest to specify syscall vector to use.
(Based on Ron Minnich's LGUEST_PLAN9_SYSCALL patch).

This patch allows Guests to specify what system call vector they want,
and we try to reserve it.  We only allow one non-Linux system call
vector, to try to avoid DoS on the Host.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:53 +10:00
Rusty Russell
ee3db0f2b6 Rename "cr3" to "gpgdir" to avoid x86-specific naming.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:53 +10:00
Matias Zabaljauregui
df29f43e65 Pagetables to use normal kernel types
This is my first step in the migration of page_tables.c to the kernel
types and functions/macros (2.6.23-rc3).  Seems to be working OK.

Signed-off-by: Matias Zabaljauregui <matias.zabaljauregui@cern.ch>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:53 +10:00
Jes Sorensen
d612cde060 Move register setup into i386_core.c
Move setup_regs() to lguest_arch_setup_regs() in i386_core.c given
that this is very architecture specific.

Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:52 +10:00
Jes Sorensen
511801dc31 Change example launcher to use unsigned long not u32
Apply Clue 2x4 to lguest userland<->kernel handling code and the
lguest launcher. Pointers are not to be passed in u32's!

Basic rule of thumb: Anything passing u32's back and forth should be
passing unsigned longs to be portable to 64 bit archs.

For those who forgotten already, I repeat: NO POINTERS IN u32!

Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:52 +10:00
Jes Sorensen
b410e7b149 Make hypercalls arch-independent.
Clean up the hypercall code to make the code in hypercalls.c
architecture independent. First process the common hypercalls and
then call lguest_arch_do_hcall() if the call hasn't been handled.
Rename struct hcall_ring to hcall_args.

This patch requires the previous patch which reorganize the layout of
struct lguest_regs on i386 so they match the layout of struct
hcall_args.

Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:52 +10:00
Rusty Russell
cc6d4fbcef Introduce "hcall" pointer to indicate pending hypercall.
Currently we look at the "trapnum" to see if the Guest wants a
hypercall.  But once the hypercall is done we have to reset trapnum to
a bogus value, otherwise if we exit to userspace and return, we'd run
the same hypercall twice (that was a nasty bug to find!).

This has two main effects:

1) When Jes's patch changes the hypercall args to be a generic "struct
   hcall_args" we simply change the type of "lg->hcall".  It's set by
   arch code, so if it has to copy args or something it can do so, and
   point "hcall" into lg->arch somewhere.

2) Async hypercalls only get run when an actual hypercall is pending.
   This simplfies the code a little and is a more logical semantic.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:52 +10:00
Jes Sorensen
4614a3a3b6 Reorder guest saved regs to match hyperall order
Move eax next to ebx/ecx/edx in struct lguest_regs on i386, so they
will be located together and allow it to map directly to a struct
hcall_ring entry (which will be renamed struct hcall_args as in a
subsequent patch).

This is in preparation for making the code hcall code architecture
independent.

Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:51 +10:00
Jes Sorensen
625efab1cd Move i386 part of core.c to x86/core.c.
Separate i386 architecture specific from core.c and move it to
x86/core.c and add x86/lguest.h header file to match.

Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:51 +10:00
Rusty Russell
56adbe9ddc Make shadow IDT a complete IDT with 256 entries.
This simplifies the code a little, in preparation for allowing
alternate system call vectors in guests (Plan 9 uses 0x40).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:51 +10:00
Rusty Russell
48245cc070 Remove fixed limit on number of guests, and lguests array.
Back when we had all the Guest state in the switcher, we had a fixed
array of them.  This is no longer necessary.

If we switch the network code to using random_ether_addr (46 bits is
enough to avoid clashes), we can get rid of the concept of "guest id"
altogether.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:51 +10:00
Rusty Russell
3c6b5bfa3c Introduce guest mem offset, static link example launcher
In order to avoid problematic special linking of the Launcher, we give
the Host an offset: this means we can use any memory region in the
Launcher as Guest memory rather than insisting on mmap() at 0.

The result is quite pleasing: a number of casts are replaced with
simple additions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:50 +10:00
Rusty Russell
1f4e1de4f2 Rename switcher.S to x86/switcher_32.S
lguest uses a "switcher" shim mapped high to bounce between host and
guest.  As lguest becomes less i386-centric, we separate this code
into a subdir.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:50 +10:00
Rusty Russell
34b8867a03 Move lguest guest support to arch/x86.
Lguest has two sides: host support (to launch guests) and guest
support (replacement boot path and paravirt_ops).  This moves the
guest side to arch/x86/lguest where it's closer to related code.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Andi Kleen <ak@suse.de>
2007-10-23 15:49:50 +10:00
Tony Breeds
05aa026a62 Clocksource is continuous regardless of the state of the host's TSC.
Currently lguest will spend a lot of of time waking up the host, as it
cannot go tickless (if the [host] TSC has been marked unstable). On my
laptop I was getting ~40% of wakeups from lguest.

With this patch applied, my laptop is much happier!

Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:49 +10:00
Rusty Russell
ebac52524d lguest_devices belongs in lguest_bus.c: it's not i386-specific.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:49 +10:00
Rusty Russell
141341cdae Lguest currently depends on 32-bit x86, not just x86.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:48 +10:00
Jes Sorensen
891ff65ff5 Use copy_to_user() not put_user for struct timespec
Use copy_to_user() when copying a struct timespec to the guest -
put_user() cannot handle two long's in one go on a 64bit arch.

Signed-off-by: Jes Sorensen <jes@sgi.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Jes Sorensen <jes@sgi.com>
Cc: Al Viro <viro@ftp.linux.org.uk>
2007-10-23 15:49:48 +10:00
Rusty Russell
25e82eba3a Remove binfmts.h include from lg.h
It wasn't needed since a very early prototype of lguest.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2007-10-23 15:49:47 +10:00
Rusty Russell
d3d1c4bdf1 Normalize config options for guest support
1) Group all the "guest OS" support options together, under a PARAVIRT_GUEST
   menu.
2) Make those options select CONFIG_PARAVIRT, as suggested by Andi.
3) Make kconfig help titles consistent.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Andi Kleen <ak@suse.de>
Cc: Zach Amsden <zach@vmware.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Cc: Chris Wright <chrisw@sous-sol.org>
2007-10-23 15:49:47 +10:00
Linus Torvalds
fb9fc39517 Merge branch 'xen-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen
* 'xen-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen:
  xfs: eagerly remove vmap mappings to avoid upsetting Xen
  xen: add some debug output for failed multicalls
  xen: fix incorrect vcpu_register_vcpu_info hypercall argument
  xen: ask the hypervisor how much space it needs reserved
  xen: lock pte pages while pinning/unpinning
  xen: deal with stale cr3 values when unpinning pagetables
  xen: add batch completion callbacks
  xen: yield to IPI target if necessary
  Clean up duplicate includes in arch/i386/xen/
  remove dead code in pgtable_cache_init
  paravirt: clean up lazy mode handling
  paravirt: refactor struct paravirt_ops into smaller pv_*_ops
2007-10-17 11:10:11 -07:00
H. Peter Anvin
30c826451d [x86] remove uses of magic macros for boot_params access
Instead of using magic macros for boot_params access, simply use the
boot_params structure.

Signed-off-by: H. Peter Anvin <hpa@zytor.com>
2007-10-16 17:38:31 -07:00
Jeremy Fitzhardinge
8965c1c095 paravirt: clean up lazy mode handling
Currently, the set_lazy_mode pv_op is overloaded with 5 functions:
 1. enter lazy cpu mode
 2. leave lazy cpu mode
 3. enter lazy mmu mode
 4. leave lazy mmu mode
 5. flush pending batched operations

This complicates each paravirt backend, since it needs to deal with
all the possible state transitions, handling flushing, etc. In
particular, flushing is quite distinct from the other 4 functions, and
seems to just cause complication.

This patch removes the set_lazy_mode operation, and adds "enter" and
"leave" lazy mode operations on mmu_ops and cpu_ops.  All the logic
associated with enter and leaving lazy states is now in common code
(basically BUG_ONs to make sure that no mode is current when entering
a lazy mode, and make sure that the mode is current when leaving).
Also, flush is handled in a common way, by simply leaving and
re-entering the lazy mode.

The result is that the Xen, lguest and VMI lazy mode implementations
are much simpler.

Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Cc: Andi Kleen <ak@suse.de>
Cc: Zach Amsden <zach@vmware.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Avi Kivity <avi@qumranet.com>
Cc: Anthony Liguory <aliguori@us.ibm.com>
Cc: "Glauber de Oliveira Costa" <glommer@gmail.com>
Cc: Jun Nakajima <jun.nakajima@intel.com>
2007-10-16 11:51:29 -07:00
Jeremy Fitzhardinge
93b1eab3d2 paravirt: refactor struct paravirt_ops into smaller pv_*_ops
This patch refactors the paravirt_ops structure into groups of
functionally related ops:

pv_info - random info, rather than function entrypoints
pv_init_ops - functions used at boot time (some for module_init too)
pv_misc_ops - lazy mode, which didn't fit well anywhere else
pv_time_ops - time-related functions
pv_cpu_ops - various privileged instruction ops
pv_irq_ops - operations for managing interrupt state
pv_apic_ops - APIC operations
pv_mmu_ops - operations for managing pagetables

There are several motivations for this:

1. Some of these ops will be general to all x86, and some will be
   i386/x86-64 specific.  This makes it easier to share common stuff
   while allowing separate implementations where needed.

2. At the moment we must export all of paravirt_ops, but modules only
   need selected parts of it.  This allows us to export on a case by case
   basis (and also choose which export license we want to apply).

3. Functional groupings make things a bit more readable.

Struct paravirt_ops is now only used as a template to generate
patch-site identifiers, and to extract function pointers for inserting
into jmp/calls when patching.  It is only instantiated when needed.

Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Andi Kleen <ak@suse.de>
Cc: Zach Amsden <zach@vmware.com>
Cc: Avi Kivity <avi@qumranet.com>
Cc: Anthony Liguory <aliguori@us.ibm.com>
Cc: "Glauber de Oliveira Costa" <glommer@gmail.com>
Cc: Jun Nakajima <jun.nakajima@intel.com>
2007-10-16 11:51:29 -07:00
Rusty Russell
bbbd2bf00b fix modules oopsing in lguest guests
The assembly templates for lguest guest patching are in the .init.text
section.  This means that modules get patched with "cc cc cc cc" or similar
junk.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-25 08:51:04 -07:00
Rusty Russell
c413fecc76 lguest: Fix guest crash when CONFIG_X86_USE_3DNOW=y
One of the very first things lguest_init() does is a memcpy.  On
Athlon/Duron/K7 or CyrixIII/VIA-C3 or Geode GX/LX, this tries to use
MMX.

memcpy -> _mmx_memcpy -> kernel_fpu_begin -> clts -> paravirt_ops.clts

But we haven't set paravirt_ops.clts yet, so we do the native version
and crash.  The simplest solution is to use __memcpy.

Thanks to Michael Rasenberger for the bug report.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-09-12 12:19:46 -07:00
Rusty Russell
8057d763ed Fix lguest page-pinning logic ("lguest: bad stack page 0xc057a000")
If the stack pointer is 0xc057a000, then the first stack page is at
0xc0579000 (the stack pointer is decremented before use).  Not
calculating this correctly caused guests with CONFIG_DEBUG_PAGEALLOC=y
to be killed with a "bad stack page" message: the initial kernel stack
was just proceeding the .smp_locks section which
CONFIG_DEBUG_PAGEALLOC marks read-only when freeing.

Thanks to Frederik Deweerdt for the bug report!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-30 09:58:22 -07:00
Alexey Dobriyan
deec595047 lguest should depend on CONFIG_FUTEX
It uses get_futex_key().

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-23 21:23:33 -07:00
Andi Kleen
ab144f5ec6 i386: Make patching more robust, fix paravirt issue
Commit 19d36ccdc3 "x86: Fix alternatives
and kprobes to remap write-protected kernel text" uses code which is
being patched for patching.

In particular, paravirt_ops does patching in two stages: first it
calls paravirt_ops.patch, then it fills any remaining instructions
with nop_out().  nop_out calls text_poke() which calls
lookup_address() which calls pgd_val() (aka paravirt_ops.pgd_val):
that call site is one of the places we patch.

If we always do patching as one single call to text_poke(), we only
need make sure we're not patching the memcpy in text_poke itself.
This means the prototype to paravirt_ops.patch needs to change, to
marshal the new code into a buffer rather than patching in place as it
does now.  It also means all patching goes through text_poke(), which
is known to be safe (apply_alternatives is also changed to make a
single patch).

AK: fix compilation on x86-64 (bad rusty!)
AK: fix boot on x86-64 (sigh)
AK: merged with other patches

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-11 15:58:13 -07:00
Jes Sorensen
b1a47190a6 lguest files should explicitly include asm/paravirt.h
Files using bits from paravirt.h should explicitly include it rather than
relying on it being pulled in by something else.

Signed-off-by: Jes Sorensen <jes@sgi.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-11 15:47:42 -07:00
Rusty Russell
0d027c01cd lguest: Fix Malicious Guest GDT Host Crash
If a Guest makes hypercall which sets a GDT entry to not present, we
currently set any segment registers using that GDT entry to 0.
Unfortunately, this is not sufficient: there are other ways of
altering GDT entries which will cause a fault.

The correct solution to do what Linux does: let them set any GDT value
they want and handle the #GP when popping causes a fault.  This has
the added benefit of making our Switcher slightly more robust in the
case of any other bugs which cause it to fault.

We kill the Guest if it causes a fault in the Switcher: it's the
Guest's responsibility to make sure it's not using segments when it
changes them.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-09 08:14:56 -07:00
Rusty Russell
37250097e1 Fix non-TSC guest clocksource lockup
lguest uses a host-supplied wallclock-based clocksource when the TSC
is not reliable.  As this is already in nanoseconds, I naively used a
multiplier of 1 and a shift of 0.

But update_wall_time() in its infinite wisdom decides to adjust the
clock a little (where does it think it's getting a more accurate time
from?)

It will happily tweak the multiplier... to 0, then -1.

So the "fix" is to use a shift of 22 like everyone else, and a
multiplier of 1 << 22.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-09 08:14:56 -07:00
Rusty Russell
cc1ff43b70 Enable lguest drivers in Kconfig
Lguest drivers need to default to "Y" otherwise they're never selected
for new builds.  (We don't bother prompting, because they're less than
4k combined, and implied by selecting lguest support).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-08-06 18:21:15 -07:00