diff --git a/15185-vtpr.patch b/15185-vtpr.patch new file mode 100644 index 0000000..7a934d6 --- /dev/null +++ b/15185-vtpr.patch @@ -0,0 +1,468 @@ + +# HG changeset patch +# User kfraser@localhost.localdomain +# Date 1180540108 -3600 +# Node ID 1f8fb764f843552eb4d20e9cb7b67fd8738006d7 +# Parent 1f1d1b43951eb14eff8c71884b7421da2484af3c +Add VMX memory-mapped Local APIC access optimization. + +Some operating systems access the local APIC TPR very frequently, and +we handle that using software-based local APIC virtualization in Xen +today. Such virtualization incurs a number of VM exits from the +memory-access instructions against the APIC page in the guest. + +The attached patch enables the TPR shadow feature that provides APIC +TPR virtualization in hardware. Our tests indicate it can +significantly boost the performance of such guests including 32-bit +Windows XP/2003. + +Moreover, with the patch, local APIC accesses other than TPR in guests +are intercepted directly as APIC_ACCESS VM exits rather than +PAGE_FAULT VM exits; this can lower the emulation cost of such +accesses. + +Signed-off-by: Dexuan Cui + +Index: xen-3.1-testing/xen/arch/x86/hvm/hvm.c +=================================================================== +--- xen-3.1-testing.orig/xen/arch/x86/hvm/hvm.c ++++ xen-3.1-testing/xen/arch/x86/hvm/hvm.c +@@ -226,6 +226,7 @@ int hvm_domain_initialise(struct domain + + spin_lock_init(&d->arch.hvm_domain.pbuf_lock); + spin_lock_init(&d->arch.hvm_domain.irq_lock); ++ spin_lock_init(&d->arch.hvm_domain.vapic_access_lock); + + rc = paging_enable(d, PG_refcounts|PG_translate|PG_external); + if ( rc != 0 ) +Index: xen-3.1-testing/xen/arch/x86/hvm/vlapic.c +=================================================================== +--- xen-3.1-testing.orig/xen/arch/x86/hvm/vlapic.c ++++ xen-3.1-testing/xen/arch/x86/hvm/vlapic.c +@@ -79,8 +79,6 @@ static unsigned int vlapic_lvt_mask[VLAP + #define vlapic_lvtt_period(vlapic) \ + (vlapic_get_reg(vlapic, APIC_LVTT) & APIC_LVT_TIMER_PERIODIC) + +-#define vlapic_base_address(vlapic) \ +- (vlapic->hw.apic_base_msr & MSR_IA32_APICBASE_BASE) + + /* + * Generic APIC bitmap vector update & search routines. +Index: xen-3.1-testing/xen/arch/x86/hvm/vmx/intr.c +=================================================================== +--- xen-3.1-testing.orig/xen/arch/x86/hvm/vmx/intr.c ++++ xen-3.1-testing/xen/arch/x86/hvm/vmx/intr.c +@@ -67,7 +67,6 @@ static inline int is_interruptibility_st + return __vmread(GUEST_INTERRUPTIBILITY_INFO); + } + +-#ifdef __x86_64__ + static void update_tpr_threshold(struct vlapic *vlapic) + { + int max_irr, tpr; +@@ -75,6 +74,11 @@ static void update_tpr_threshold(struct + if ( !cpu_has_vmx_tpr_shadow ) + return; + ++#ifdef __i386__ ++ if ( !vlapic->mmap_vtpr_enabled ) ++ return; ++#endif ++ + if ( !vlapic_enabled(vlapic) || + ((max_irr = vlapic_find_highest_irr(vlapic)) == -1) ) + { +@@ -85,9 +89,6 @@ static void update_tpr_threshold(struct + tpr = vlapic_get_reg(vlapic, APIC_TASKPRI) & 0xF0; + __vmwrite(TPR_THRESHOLD, (max_irr > tpr) ? (tpr >> 4) : (max_irr >> 4)); + } +-#else +-#define update_tpr_threshold(v) ((void)0) +-#endif + + asmlinkage void vmx_intr_assist(void) + { +Index: xen-3.1-testing/xen/arch/x86/hvm/vmx/vmcs.c +=================================================================== +--- xen-3.1-testing.orig/xen/arch/x86/hvm/vmx/vmcs.c ++++ xen-3.1-testing/xen/arch/x86/hvm/vmx/vmcs.c +@@ -40,6 +40,7 @@ + /* Dynamic (run-time adjusted) execution control flags. */ + u32 vmx_pin_based_exec_control __read_mostly; + u32 vmx_cpu_based_exec_control __read_mostly; ++u32 vmx_secondary_exec_control __read_mostly; + u32 vmx_vmexit_control __read_mostly; + u32 vmx_vmentry_control __read_mostly; + +@@ -60,11 +61,15 @@ static u32 adjust_vmx_controls(u32 ctl_m + return ctl; + } + ++#define vmx_has_secondary_exec_ctls \ ++ (_vmx_cpu_based_exec_control & ACTIVATE_SECONDARY_CONTROLS) ++ + void vmx_init_vmcs_config(void) + { + u32 vmx_msr_low, vmx_msr_high, min, opt; + u32 _vmx_pin_based_exec_control; + u32 _vmx_cpu_based_exec_control; ++ u32 _vmx_secondary_exec_control = 0; + u32 _vmx_vmexit_control; + u32 _vmx_vmentry_control; + +@@ -80,9 +85,8 @@ void vmx_init_vmcs_config(void) + CPU_BASED_ACTIVATE_IO_BITMAP | + CPU_BASED_USE_TSC_OFFSETING); + opt = CPU_BASED_ACTIVATE_MSR_BITMAP; +-#ifdef __x86_64__ + opt |= CPU_BASED_TPR_SHADOW; +-#endif ++ opt |= ACTIVATE_SECONDARY_CONTROLS; + _vmx_cpu_based_exec_control = adjust_vmx_controls( + min, opt, MSR_IA32_VMX_PROCBASED_CTLS_MSR); + #ifdef __x86_64__ +@@ -92,8 +96,19 @@ void vmx_init_vmcs_config(void) + _vmx_cpu_based_exec_control = adjust_vmx_controls( + min, opt, MSR_IA32_VMX_PROCBASED_CTLS_MSR); + } ++#elif defined(__i386__) ++ if ( !vmx_has_secondary_exec_ctls ) ++ _vmx_cpu_based_exec_control &= ~CPU_BASED_TPR_SHADOW; + #endif + ++ if ( vmx_has_secondary_exec_ctls ) ++ { ++ min = 0; ++ opt = SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; ++ _vmx_secondary_exec_control = adjust_vmx_controls( ++ min, opt, MSR_IA32_VMX_PROCBASED_CTLS2); ++ } ++ + min = VM_EXIT_ACK_INTR_ON_EXIT; + opt = 0; + #ifdef __x86_64__ +@@ -113,6 +128,8 @@ void vmx_init_vmcs_config(void) + vmcs_revision_id = vmx_msr_low; + vmx_pin_based_exec_control = _vmx_pin_based_exec_control; + vmx_cpu_based_exec_control = _vmx_cpu_based_exec_control; ++ if ( vmx_has_secondary_exec_ctls ) ++ vmx_secondary_exec_control = _vmx_secondary_exec_control; + vmx_vmexit_control = _vmx_vmexit_control; + vmx_vmentry_control = _vmx_vmentry_control; + } +@@ -121,6 +138,8 @@ void vmx_init_vmcs_config(void) + BUG_ON(vmcs_revision_id != vmx_msr_low); + BUG_ON(vmx_pin_based_exec_control != _vmx_pin_based_exec_control); + BUG_ON(vmx_cpu_based_exec_control != _vmx_cpu_based_exec_control); ++ if ( vmx_has_secondary_exec_ctls ) ++ BUG_ON(vmx_secondary_exec_control != _vmx_secondary_exec_control); + BUG_ON(vmx_vmexit_control != _vmx_vmexit_control); + BUG_ON(vmx_vmentry_control != _vmx_vmentry_control); + } +@@ -296,6 +315,8 @@ static void construct_vmcs(struct vcpu * + __vmwrite(VM_ENTRY_CONTROLS, vmx_vmentry_control); + __vmwrite(CPU_BASED_VM_EXEC_CONTROL, vmx_cpu_based_exec_control); + v->arch.hvm_vcpu.u.vmx.exec_control = vmx_cpu_based_exec_control; ++ if ( vmx_cpu_based_exec_control & ACTIVATE_SECONDARY_CONTROLS ) ++ __vmwrite(SECONDARY_VM_EXEC_CONTROL, vmx_secondary_exec_control); + + if ( cpu_has_vmx_msr_bitmap ) + __vmwrite(MSR_BITMAP, virt_to_maddr(vmx_msr_bitmap)); +@@ -422,7 +443,7 @@ static void construct_vmcs(struct vcpu * + __vmwrite(CR4_READ_SHADOW, v->arch.hvm_vmx.cpu_shadow_cr4); + + #ifdef __x86_64__ +- /* VLAPIC TPR optimisation. */ ++ /* CR8 based VLAPIC TPR optimization. */ + if ( cpu_has_vmx_tpr_shadow ) + { + __vmwrite(VIRTUAL_APIC_PAGE_ADDR, +@@ -431,6 +452,16 @@ static void construct_vmcs(struct vcpu * + } + #endif + ++ /* Memory-mapped based VLAPIC TPR optimization. */ ++ if ( cpu_has_vmx_mmap_vtpr_optimization ) ++ { ++ __vmwrite(VIRTUAL_APIC_PAGE_ADDR, ++ page_to_maddr(vcpu_vlapic(v)->regs_page)); ++ __vmwrite(TPR_THRESHOLD, 0); ++ ++ vcpu_vlapic(v)->mmap_vtpr_enabled = 1; ++ } ++ + __vmwrite(GUEST_LDTR_SELECTOR, 0); + __vmwrite(GUEST_LDTR_BASE, 0); + __vmwrite(GUEST_LDTR_LIMIT, 0); +@@ -501,6 +532,18 @@ void vmx_do_resume(struct vcpu *v) + vmx_set_host_env(v); + } + ++ if ( !v->arch.hvm_vmx.launched && vcpu_vlapic(v)->mmap_vtpr_enabled ) ++ { ++ struct page_info *pg = change_guest_physmap_for_vtpr(v->domain, 1); ++ ++ if ( pg == NULL ) ++ { ++ gdprintk(XENLOG_ERR, "change_guest_physmap_for_vtpr failed!\n"); ++ domain_crash_synchronous(); ++ } ++ __vmwrite(APIC_ACCESS_ADDR, page_to_maddr(pg)); ++ } ++ + debug_state = v->domain->debugger_attached; + if ( unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) ) + { +Index: xen-3.1-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-3.1-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-3.1-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -2416,6 +2416,114 @@ done: + return 1; + } + ++struct page_info * change_guest_physmap_for_vtpr(struct domain *d, ++ int enable_vtpr) ++{ ++ struct page_info *pg; ++ unsigned long pfn, mfn; ++ ++ spin_lock(&d->arch.hvm_domain.vapic_access_lock); ++ ++ pg = d->arch.hvm_domain.apic_access_page; ++ pfn = paddr_to_pfn(APIC_DEFAULT_PHYS_BASE); ++ ++ if ( enable_vtpr ) ++ { ++ if ( d->arch.hvm_domain.physmap_changed_for_vlapic_access ) ++ goto out; ++ ++ if ( pg == NULL ) ++ pg = alloc_domheap_page(d); ++ if ( pg == NULL ) ++ { ++ gdprintk(XENLOG_ERR, "alloc_domheap_pages() failed!\n"); ++ goto out; ++ } ++ ++ mfn = page_to_mfn(pg); ++ d->arch.hvm_domain.apic_access_page = pg; ++ ++ guest_physmap_add_page(d, pfn, mfn); ++ ++ d->arch.hvm_domain.physmap_changed_for_vlapic_access = 1; ++ ++ goto out; ++ } ++ else ++ { ++ if ( d->arch.hvm_domain.physmap_changed_for_vlapic_access ) ++ { ++ mfn = page_to_mfn(pg); ++ guest_physmap_remove_page(d, pfn, mfn); ++ flush_tlb_mask(d->domain_dirty_cpumask); ++ ++ d->arch.hvm_domain.physmap_changed_for_vlapic_access = 0; ++ } ++ pg = NULL; ++ goto out; ++ } ++ ++out: ++ spin_unlock(&d->arch.hvm_domain.vapic_access_lock); ++ return pg; ++} ++ ++static void check_vlapic_msr_for_vtpr(struct vcpu *v) ++{ ++ struct vlapic *vlapic = vcpu_vlapic(v); ++ int mmap_vtpr_enabled = vcpu_vlapic(v)->mmap_vtpr_enabled; ++ uint32_t tmp; ++ ++ ++ if ( vlapic_hw_disabled(vlapic) && mmap_vtpr_enabled ) ++ { ++ vcpu_vlapic(v)->mmap_vtpr_enabled = 0; ++ ++#ifdef __i386__ ++ v->arch.hvm_vcpu.u.vmx.exec_control &= ~CPU_BASED_TPR_SHADOW; ++ __vmwrite(CPU_BASED_VM_EXEC_CONTROL, ++ v->arch.hvm_vcpu.u.vmx.exec_control); ++#elif defined(__x86_64__) ++ if ( !cpu_has_vmx_tpr_shadow ) ++ { ++ v->arch.hvm_vcpu.u.vmx.exec_control &= ~CPU_BASED_TPR_SHADOW; ++ __vmwrite(CPU_BASED_VM_EXEC_CONTROL, ++ v->arch.hvm_vcpu.u.vmx.exec_control); ++ } ++#endif ++ tmp = __vmread(SECONDARY_VM_EXEC_CONTROL); ++ tmp &= ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; ++ __vmwrite(SECONDARY_VM_EXEC_CONTROL, tmp); ++ ++ change_guest_physmap_for_vtpr(v->domain, 0); ++ } ++ else if ( !vlapic_hw_disabled(vlapic) && !mmap_vtpr_enabled && ++ cpu_has_vmx_mmap_vtpr_optimization ) ++ { ++ vcpu_vlapic(v)->mmap_vtpr_enabled = 1; ++ ++ v->arch.hvm_vcpu.u.vmx.exec_control |= ++ ( ACTIVATE_SECONDARY_CONTROLS | CPU_BASED_TPR_SHADOW ); ++ __vmwrite(CPU_BASED_VM_EXEC_CONTROL, ++ v->arch.hvm_vcpu.u.vmx.exec_control); ++ tmp = __vmread(SECONDARY_VM_EXEC_CONTROL); ++ tmp |= SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; ++ __vmwrite(SECONDARY_VM_EXEC_CONTROL, tmp); ++ ++ change_guest_physmap_for_vtpr(v->domain, 1); ++ } ++ ++ if ( vcpu_vlapic(v)->mmap_vtpr_enabled && ++ !vlapic_hw_disabled(vlapic) && ++ (vlapic_base_address(vlapic) != APIC_DEFAULT_PHYS_BASE) ) ++ { ++ gdprintk(XENLOG_ERR, ++ "Local APIC base address is set to 0x%016"PRIx64"!\n", ++ vlapic_base_address(vlapic)); ++ domain_crash_synchronous(); ++ } ++} ++ + static inline int vmx_do_msr_write(struct cpu_user_regs *regs) + { + u32 ecx = regs->ecx; +@@ -2444,6 +2552,7 @@ static inline int vmx_do_msr_write(struc + break; + case MSR_IA32_APICBASE: + vlapic_msr_set(vcpu_vlapic(v), msr_content); ++ check_vlapic_msr_for_vtpr(v); + break; + default: + if ( !long_mode_do_msr_write(regs) ) +@@ -2756,6 +2865,15 @@ asmlinkage void vmx_vmexit_handler(struc + + case EXIT_REASON_TPR_BELOW_THRESHOLD: + break; ++ case EXIT_REASON_APIC_ACCESS: ++ { ++ unsigned long offset; ++ ++ exit_qualification = __vmread(EXIT_QUALIFICATION); ++ offset = exit_qualification & 0x0fffUL; ++ handle_mmio(APIC_DEFAULT_PHYS_BASE | offset); ++ break; ++ } + + default: + exit_and_crash: +Index: xen-3.1-testing/xen/include/asm-x86/hvm/domain.h +=================================================================== +--- xen-3.1-testing.orig/xen/include/asm-x86/hvm/domain.h ++++ xen-3.1-testing/xen/include/asm-x86/hvm/domain.h +@@ -41,6 +41,11 @@ struct hvm_domain { + s64 tsc_frequency; + struct pl_time pl_time; + ++ /* For memory-mapped vLAPIC/vTPR access optimization */ ++ spinlock_t vapic_access_lock; ++ int physmap_changed_for_vlapic_access : 1; ++ struct page_info *apic_access_page; ++ + struct hvm_io_handler io_handler; + + /* Lock protects access to irq, vpic and vioapic. */ +Index: xen-3.1-testing/xen/include/asm-x86/hvm/vlapic.h +=================================================================== +--- xen-3.1-testing.orig/xen/include/asm-x86/hvm/vlapic.h ++++ xen-3.1-testing/xen/include/asm-x86/hvm/vlapic.h +@@ -49,12 +49,17 @@ + #define vlapic_disabled(vlapic) ((vlapic)->hw.disabled) + #define vlapic_enabled(vlapic) (!vlapic_disabled(vlapic)) + ++#define vlapic_base_address(vlapic) \ ++ (vlapic->hw.apic_base_msr & MSR_IA32_APICBASE_BASE) ++ + struct vlapic { + struct hvm_hw_lapic hw; + struct hvm_hw_lapic_regs *regs; + struct periodic_time pt; + s_time_t timer_last_update; + struct page_info *regs_page; ++ ++ int mmap_vtpr_enabled : 1; + }; + + static inline uint32_t vlapic_get_reg(struct vlapic *vlapic, uint32_t reg) +Index: xen-3.1-testing/xen/include/asm-x86/hvm/vmx/vmcs.h +=================================================================== +--- xen-3.1-testing.orig/xen/include/asm-x86/hvm/vmx/vmcs.h ++++ xen-3.1-testing/xen/include/asm-x86/hvm/vmx/vmcs.h +@@ -104,6 +104,7 @@ void vmx_vmcs_exit(struct vcpu *v); + #define CPU_BASED_ACTIVATE_MSR_BITMAP 0x10000000 + #define CPU_BASED_MONITOR_EXITING 0x20000000 + #define CPU_BASED_PAUSE_EXITING 0x40000000 ++#define ACTIVATE_SECONDARY_CONTROLS 0x80000000 + extern u32 vmx_cpu_based_exec_control; + + #define PIN_BASED_EXT_INTR_MASK 0x00000001 +@@ -119,8 +120,16 @@ extern u32 vmx_vmexit_control; + #define VM_ENTRY_DEACT_DUAL_MONITOR 0x00000800 + extern u32 vmx_vmentry_control; + ++#define SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES 0x00000001 ++extern u32 vmx_secondary_exec_control; ++ ++#define cpu_has_vmx_virtualize_apic_accesses \ ++ (vmx_secondary_exec_control & SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES) + #define cpu_has_vmx_tpr_shadow \ + (vmx_cpu_based_exec_control & CPU_BASED_TPR_SHADOW) ++#define cpu_has_vmx_mmap_vtpr_optimization \ ++ (cpu_has_vmx_virtualize_apic_accesses && cpu_has_vmx_tpr_shadow) ++ + #define cpu_has_vmx_msr_bitmap \ + (vmx_cpu_based_exec_control & CPU_BASED_ACTIVATE_MSR_BITMAP) + extern char *vmx_msr_bitmap; +@@ -158,6 +167,8 @@ enum vmcs_field { + TSC_OFFSET_HIGH = 0x00002011, + VIRTUAL_APIC_PAGE_ADDR = 0x00002012, + VIRTUAL_APIC_PAGE_ADDR_HIGH = 0x00002013, ++ APIC_ACCESS_ADDR = 0x00002014, ++ APIC_ACCESS_ADDR_HIGH = 0x00002015, + VMCS_LINK_POINTER = 0x00002800, + VMCS_LINK_POINTER_HIGH = 0x00002801, + GUEST_IA32_DEBUGCTL = 0x00002802, +Index: xen-3.1-testing/xen/include/asm-x86/hvm/vmx/vmx.h +=================================================================== +--- xen-3.1-testing.orig/xen/include/asm-x86/hvm/vmx/vmx.h ++++ xen-3.1-testing/xen/include/asm-x86/hvm/vmx/vmx.h +@@ -33,6 +33,9 @@ void vmx_intr_assist(void); + void vmx_do_resume(struct vcpu *); + void set_guest_time(struct vcpu *v, u64 gtime); + ++extern struct page_info *change_guest_physmap_for_vtpr(struct domain *d, ++ int enable_vtpr); ++ + /* + * Exit Reasons + */ +@@ -81,6 +84,7 @@ void set_guest_time(struct vcpu *v, u64 + #define EXIT_REASON_MACHINE_CHECK 41 + + #define EXIT_REASON_TPR_BELOW_THRESHOLD 43 ++#define EXIT_REASON_APIC_ACCESS 44 + + /* + * Interruption-information format +Index: xen-3.1-testing/xen/include/asm-x86/msr.h +=================================================================== +--- xen-3.1-testing.orig/xen/include/asm-x86/msr.h ++++ xen-3.1-testing/xen/include/asm-x86/msr.h +@@ -116,6 +116,7 @@ static inline void wrmsrl(unsigned int m + #define MSR_IA32_VMX_CR0_FIXED1 0x487 + #define MSR_IA32_VMX_CR4_FIXED0 0x488 + #define MSR_IA32_VMX_CR4_FIXED1 0x489 ++#define MSR_IA32_VMX_PROCBASED_CTLS2 0x48b + #define IA32_FEATURE_CONTROL_MSR 0x3a + #define IA32_FEATURE_CONTROL_MSR_LOCK 0x1 + #define IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON 0x4 diff --git a/hvm_vnc.diff b/hvm_vnc.diff new file mode 100644 index 0000000..eb05061 --- /dev/null +++ b/hvm_vnc.diff @@ -0,0 +1,11 @@ +diff -ru a/tools/python/xen/xend/XendConfig.py b/tools/python/xen/xend/XendConfig.py +--- a/tools/python/xen/xend/XendConfig.py 2007-09-07 11:31:20.000000000 -0600 ++++ b/tools/python/xen/xend/XendConfig.py 2007-09-07 14:07:50.000000000 -0600 +@@ -726,6 +726,7 @@ + + if not has_rfb: + dev_config = ['vfb'] ++ dev_config.append(['type', 'vnc']) + # copy VNC related params from platform config to vfb dev conf + for key in ['vncpasswd', 'vncunused', 'vncdisplay', + 'vnclisten']: diff --git a/network-multinet b/network-multinet index 4077f64..9222fcc 100644 --- a/network-multinet +++ b/network-multinet @@ -1,22 +1,22 @@ #!/bin/sh #============================================================================ -# network-multi_net +# network-multinet # -# Version = 1.1.2 -# Date = 2007-07-11 +# Version = 1.3.1 +# Date = 2007-08-29 # # Maintainer(s) = Ron Terry - ron (at) pronetworkconsulting (dot) com # # The latest version can be found at: # -# http://pronetworkconsulting.com/linux/scripts/network-multi_net.html +# http://pronetworkconsulting.com/linux/scripts/network-multinet.html # # Description: # # Replacement for the xen network-bridge, network-nat and network-route # scripts. This script allows for the creation of multiple bridges. # -# This script can create 3 types of bridges: +# This script can create 4 types of bridges: # # traditional bridges: -Bridges that contain both a physical network # device (ethX) and a virtual network device (vethX) @@ -55,6 +55,13 @@ # -These can be used to allow VMs in DomUs to # communicate only with other DomUs and not Dom0. # +# nohost bridges: -Bridges that contain a physical network device +# but not a virtual network device from Dom0. +# -These can be used to allow virtual machines to +# communicate with the outside world but not with +# Dom0. (Usefull if you want to isolate traffic +# away from Dom0) +# # This script accepts the (start|stop|restart|status) parameters. # # This script depends on an unmodified version of the network-bridge script @@ -96,21 +103,26 @@ # is configured as a NAT network and the second host bridge (on veth3) # is configured as a hostonly network. # +# Edit the NOHOST_BRIDGE_LIST variable to define which bridges you would +# like to be connected to the outside world but not Dom0. These are +# usefull if you want to allow VMs to access the outside world but you +# want to isolate traffic away from Dom0. +# # Edit the EMPTY_BRIDGE_LIST variable to define which empty bridges to # create. This list should contain the numbers of the bridges to # create (4 5 6 7) # # To enable this script edit the network-script field in the -# /etc/xen/xen-config.sxp file. +# /etc/xen/xend-config.sxp file. # -# Example: (network-script network-multi_net) +# Example: (network-script network-multinet) # # Depends on: /etc/xen/scripts/xen-network-common.sh # /etc/xen/scripts/network-bridge # -# Config file: /etc/sysconfig/xend +# Config file: /etc/sysconfig/xendconfig # -# Usage: network-multi_net (start|stop|restart|status) +# Usage: network-multinet (start|stop|restart|status) # # Vars: # @@ -123,11 +135,20 @@ # LOCAL_BRIDGE_LIST -Space delimited list of virtual network devices to # create local bridges on using the following format: # -# ,,, +# ,,,, # # Example with 2 virtual devices: # -# "veth2,00:16:3E:01:00:02,172.22.0.1/16,nat veth3,00:16:3E:01:00:03,172.23.0.1/16,hostonly" +# "veth2,00:16:3E:01:00:02,172.22.0.1/16,nat,dhcp-on veth3,00:16:3E:01:00:03,172.23.0.1/16,hostonly,dhcp-off" +# +# NOHOST_BRIDGE_LIST -Space delimited list of bridge numbers/NICs to create +# "no-host" bridges on. +# +# , +# +# Example with 2 devices: +# +# "4,eth1 5.eth2" # # EMPTY_BRIDGE_LIST -Space delimited list of bridge numbers to create as # empty bridges. @@ -148,8 +169,10 @@ . /etc/sysconfig/xend SCRIPT_PATH="/etc/xen/scripts" +CONF_FILE_PATH="/etc/xen/conf" NETWORK_SAVE_PATH="/var/lib/xend/network_save" IPTABLES_SAVE_FILE="$NETWORK_SAVE_PATH/iptables-save" +XEN_DHCP_SCRIPT="$SCRIPT_PATH/xen-dhcpd" #### Script Functions ##################################################### @@ -171,12 +194,17 @@ get_option() { esac } -make_save_dir() { +make_config_dirs() { # Create temporary storage directory if needed. if ! [ -d "$NETWORK_SAVE_PATH" ] then mkdir $NETWORK_SAVE_PATH fi + + if ! [ -d $CONF_FILE_PATH ] + then + mkdir $CONF_FILE_PATH + fi } manage_routing() { @@ -385,6 +413,7 @@ setup_host_interface() { # bring it back up ip link set $DEV up + ip link set $DEV arp on ;; stop) # take the interface down @@ -580,6 +609,89 @@ create_local_bridges() { done } +create_nohost_bridges() { +# Creates bridges attached to an external interface but no devices in Dom0. +# +# This function reads the start,stop,status parameter from the $CMD_OPT +# variable and responds respectively. + + echo "" + echo "============================================================" + for BRIDGE in $NOHOST_BRIDGE_LIST + do + + local DEV=`echo $BRIDGE|cut -d "," -f 1` + local PDEV=p$DEV + local MAC=`ip link show ${i} | grep 'link\/ether' | sed -e 's/.*ether \(..:..:..:..:..:..\).*/\1/'` + local BRIDGE_NUM=`echo $BRIDGE|cut -d "," -f 2` + local BR_NAME=$BRIDGE_NAME$BRIDGE_NUM + + case $CMD_OPT in + start) + if ! brctl show | grep -qw "^$BR_NAME" + then + echo "" + echo "============================================================" + echo "Configuring Virtual No-Host Bridge: $BR_NAME" + echo "" + echo " using- Virtual Device: $DEV" + + # create the bridge + create_bridge $BR_NAME + + # back up the interface's info (MAC, etc) + echo $MAC > $NETWORK_SAVE_PATH/$DEV-info + + # configure the interface as a bridge port + setup_bridge_port $DEV + + # rename the physical interface + ip link set $DEV name $PDEV + + # add the interface to the bridge + add_to_bridge $BR_NAME $PDEV + fi + ;; + stop) + if brctl show | grep -qw "^$BR_NAME" + then + echo "============================================================" + echo "Removing Virtual No-Host Bridge: $BR_NAME" + echo "" + + # bring the bridge down + ip link set $BR_NAME down + + # remove the interface from the bridge + brctl delif $BR_NAME $PDEV + + # remove the bridge + brctl delbr $BR_NAME + + # bring the interface down + ip link set down $PDEV + + # reset the interface back to normal + ip link set $PDEV arp on + ip link set $PDEV multicast on + + # reset the interface back to its original name and MAC + ip link set $PDEV name $DEV + ip link set $DEV addr `cat $NETWORK_SAVE_PATH/$DEV-info` + rm -f `cat $NETWORK_SAVE_PATH/$DEV-info` + + # bring the interface back up + ifup $DEV + fi + ;; + status) + brctl show $BR_NAME | grep -w "^$BR_NAME" + ;; + esac + done + echo "============================================================" +} + create_empty_bridges() { # Creates bridges attached to no devices in Dom0. # @@ -625,12 +737,13 @@ start_xend_network() { echo "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%" echo " Starting the xend network environment" echo "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%" - make_save_dir + make_config_dirs manage_susefirewall2 || manage_iptables create_traditional_bridges manage_routing create_local_bridges create_empty_bridges + create_nohost_bridges } stop_xend_network() { @@ -641,6 +754,7 @@ stop_xend_network() { create_traditional_bridges create_local_bridges create_empty_bridges + create_nohost_bridges manage_routing manage_susefirewall2 || manage_iptables } @@ -649,28 +763,58 @@ show_xend_network_status() { create_traditional_bridges create_local_bridges create_empty_bridges + create_nohost_bridges } -#### Maid Code Body ####################################################### +#### Main Code Body ####################################################### get_option "$1" case $CMD_OPT in start) + # Start the Xen network start_xend_network + + # Start the DHCP server if it exists + if [ -e $XEN_DHCP_SCRIPT ] + then + $XEN_DHCP_SCRIPT start + fi ;; stop) + # Stop the DHCP server if it exists + if [ -e $XEN_DHCP_SCRIPT ] + then + $XEN_DHCP_SCRIPT stop + fi + + # Stop the Xen network stop_xend_network ;; restart) + # Stop the DHCP server if it exists + if [ -e $XEN_DHCP_SCRIPT ] + then + $XEN_DHCP_SCRIPT stop + fi + + # Stop the Xen network CMD_OPT="stop" stop_xend_network + # Start the Xen network CMD_OPT="start" start_xend_network + + # Start the DHCP server if it exists + if [ -e $XEN_DHCP_SCRIPT ] + then + $XEN_DHCP_SCRIPT start + fi ;; status) show_xend_network_status + $XEN_DHCP_SCRIPT status ;; esac diff --git a/svm-cr8-performance.diff b/svm-cr8-performance.diff new file mode 100644 index 0000000..3e38cce --- /dev/null +++ b/svm-cr8-performance.diff @@ -0,0 +1,85 @@ +[SVM] Greatly reduce total number of CR8 intercepts + +This patch reduces the number of CR8 intercept to a fraction of the +number of CR8 intercepts without. First, CR8 read intercepts are +completely disabled since the SVM vTPR is kept kept in sync with the HVM +vLAPIC. Second, CR8 write intercepts are enabled and disabled based +upon certain conditions. Most of the time, CR8 write intercepts are +disabled. They are enabled only when there is a pending interrupt that +can't be delivered because of either the current ISR or TPR (aka PPR) +because this is the only time the TPR matters. + +With this patch, the number of CR8 intercepts dropped from around +10,000,000 to around 6,000 during boot of Windows 2003 Server 64-bit +(this is a rough estimate). + +Signed-off-by: Travis Betak + +Index: xen-3.1-testing/xen/arch/x86/hvm/svm/intr.c +=================================================================== +--- xen-3.1-testing.orig/xen/arch/x86/hvm/svm/intr.c ++++ xen-3.1-testing/xen/arch/x86/hvm/svm/intr.c +@@ -63,9 +63,20 @@ static inline int svm_inject_extint(stru + asmlinkage void svm_intr_assist(void) + { + struct vcpu *v = current; ++ struct vlapic *vlapic = vcpu_vlapic(v); + struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; + int intr_type = APIC_DM_EXTINT; + int intr_vector = -1; ++ vintr_t *intr = &vmcb->vintr; ++ ++ /* ++ * Before doing anything else, we need to sync up the VLAPIC's TPR with ++ * SVM's vTPR if CR8 writes are currently disabled. It's OK if the ++ * guest doesn't touch the CR8 (e.g. 32-bit Windows) because we update ++ * the vTPR on MMIO writes to the TPR ++ */ ++ if ( !(vmcb->cr_intercepts & CR_INTERCEPT_CR8_WRITE) ) ++ vlapic_set_reg(vlapic, APIC_TASKPRI, (intr->fields.tpr & 0x0F) << 4); + + /* + * Previous Interrupt delivery caused this intercept? +@@ -98,7 +109,22 @@ asmlinkage void svm_intr_assist(void) + pt_update_irq(v); + hvm_set_callback_irq_level(); + if ( !cpu_has_pending_irq(v) ) ++ { ++ /* ++ * Before we return, let's check if there is a pending interrupt ++ * that just happens to be blocked (either ISR or TPR aka PPR). ++ * Enable CR8 write intercepts in case the guest unmasks the ++ * pending interrupt. ++ */ ++ if ( vlapic_enabled(vlapic) ++ && (vlapic_find_highest_irr(vlapic) != -1) ) ++ vmcb->cr_intercepts |= CR_INTERCEPT_CR8_WRITE; ++ + return; ++ } ++ ++ /* It should be fairly safe to disable CR8 write intercepts here */ ++ vmcb->cr_intercepts &= ~CR_INTERCEPT_CR8_WRITE; + + /* + * If the guest can't take an interrupt right now, create a 'fake' +Index: xen-3.1-testing/xen/arch/x86/hvm/svm/vmcb.c +=================================================================== +--- xen-3.1-testing.orig/xen/arch/x86/hvm/svm/vmcb.c ++++ xen-3.1-testing/xen/arch/x86/hvm/svm/vmcb.c +@@ -130,8 +130,13 @@ static int construct_vmcb(struct vcpu *v + /* Intercept all debug-register writes. */ + vmcb->dr_intercepts = DR_INTERCEPT_ALL_WRITES; + +- /* Intercept all control-register accesses, except to CR2. */ +- vmcb->cr_intercepts = ~(CR_INTERCEPT_CR2_READ | CR_INTERCEPT_CR2_WRITE); ++ /* ++ * Intercept all control-register accesses except for CR2 reads/writes ++ * and CR8 reads (and actually CR8 writes, but that's a special case ++ * that's handled in svm/intr.c). ++ */ ++ vmcb->cr_intercepts = ~(CR_INTERCEPT_CR2_READ | CR_INTERCEPT_CR2_WRITE ++ | CR_INTERCEPT_CR8_READ); + + /* I/O and MSR permission bitmaps. */ + arch_svm->msrpm = alloc_xenheap_pages(get_order_from_bytes(MSRPM_SIZE)); diff --git a/xen.changes b/xen.changes index 066c7ac..a3386b3 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Sep 7 14:17:11 MDT 2007 - jfehlig@novell.com + +- #297125: Expose 'type vnc' in vfb device sexp for HVM guests. + +------------------------------------------------------------------- +Thu Sep 6 14:42:19 MDT 2007 - ccoffing@novell.com + +- #302106: Update network-multinet + +------------------------------------------------------------------- +Wed Sep 5 09:12:31 MDT 2007 - carnold@novell.com + +- #307458: AMD-V CR8 intercept reduction for HVM windows 64b guests + ------------------------------------------------------------------- Wed Aug 29 16:20:48 MDT 2007 - ccoffing@novell.com diff --git a/xen.spec b/xen.spec index 65e08a2..232d15c 100644 --- a/xen.spec +++ b/xen.spec @@ -34,7 +34,7 @@ BuildRequires: glibc-32bit glibc-devel-32bit BuildRequires: kernel-source kernel-syms module-init-tools xorg-x11 %endif Version: 3.1.0_15042 -Release: 38 +Release: 41 License: GPL v2 only Group: System/Kernel Autoreqprov: on @@ -69,46 +69,47 @@ Patch8: 15157_xend_device_destroy.patch Patch9: 15168-check-dup-domians.patch Patch10: 15173-32on64-runstate.patch Patch11: 15183-32on64-multicall.patch -Patch12: 15189-pmtimer.patch -Patch13: 15190-clocksource-opt.patch -Patch14: 15217-hvm-save-restore.patch -Patch15: 15228-hvm-usb-windows-crash.patch -Patch16: 15230-hvm-usb-windows-crash.patch -Patch17: 15234-hvm-usb-windows-crash.patch -Patch18: 15250_xend_device_destroy.patch -Patch19: 15257-hvm-save-restore.patch -Patch20: 15273_libxenapi.patch -Patch21: 15274_xenapi.patch -Patch22: 15275_xenapi.patch -Patch23: 15277-hvm-intel2amd-windows-migrate.patch -Patch24: 15381-log-svm-npt.patch -Patch25: 15383-hvm-usb-windows-crash.patch -Patch26: 15389-32on64-memop-error-path.patch -Patch27: 15390-32on64-setup-error-path.patch -Patch28: 15391-32on64-setup-pgtable.patch -Patch29: 15410-domain-restore.patch -Patch30: 15416-x86_64-failsafe.patch -Patch31: 15418-hvm-usb-windows-crash.patch -Patch32: 15433-pae-ptwr-check.patch -Patch33: 15444-vmxassist-p2r.patch -Patch34: 15469-hvm-save-restore.patch -Patch35: 15477_dev_attach.patch -Patch36: 15480-man-xm.patch -Patch37: 15528-hvm-sles9-install.patch -Patch38: 15587-domid-reset.patch -Patch39: 15595-rtl8139-data-corruption.patch -Patch40: 15596-rtl8139-crc-fix.patch -Patch41: 15609-save-mem-values.patch -Patch42: 15642_uuid_unique.patch -Patch43: 15645-hvm-save-restore.patch -Patch44: 15649_xenapi.patch -Patch45: 15650_xenapi.patch -Patch46: 15651_xenapi.patch -Patch47: 15689_dev_destroy_cleanup.patch -Patch48: 15691-hvm-save-restore.patch -Patch49: 15693-32on64-gnttab-err.patch -Patch50: 15716_dev_detach.patch -Patch51: fix_15716.patch +Patch12: 15185-vtpr.patch +Patch13: 15189-pmtimer.patch +Patch14: 15190-clocksource-opt.patch +Patch15: 15217-hvm-save-restore.patch +Patch16: 15228-hvm-usb-windows-crash.patch +Patch17: 15230-hvm-usb-windows-crash.patch +Patch18: 15234-hvm-usb-windows-crash.patch +Patch19: 15250_xend_device_destroy.patch +Patch20: 15257-hvm-save-restore.patch +Patch21: 15273_libxenapi.patch +Patch22: 15274_xenapi.patch +Patch23: 15275_xenapi.patch +Patch24: 15277-hvm-intel2amd-windows-migrate.patch +Patch25: 15381-log-svm-npt.patch +Patch26: 15383-hvm-usb-windows-crash.patch +Patch27: 15389-32on64-memop-error-path.patch +Patch28: 15390-32on64-setup-error-path.patch +Patch29: 15391-32on64-setup-pgtable.patch +Patch30: 15410-domain-restore.patch +Patch31: 15416-x86_64-failsafe.patch +Patch32: 15418-hvm-usb-windows-crash.patch +Patch33: 15433-pae-ptwr-check.patch +Patch34: 15444-vmxassist-p2r.patch +Patch35: 15469-hvm-save-restore.patch +Patch36: 15477_dev_attach.patch +Patch37: 15480-man-xm.patch +Patch38: 15528-hvm-sles9-install.patch +Patch39: 15587-domid-reset.patch +Patch40: 15595-rtl8139-data-corruption.patch +Patch41: 15596-rtl8139-crc-fix.patch +Patch42: 15609-save-mem-values.patch +Patch43: 15642_uuid_unique.patch +Patch44: 15645-hvm-save-restore.patch +Patch45: 15649_xenapi.patch +Patch46: 15650_xenapi.patch +Patch47: 15651_xenapi.patch +Patch48: 15689_dev_destroy_cleanup.patch +Patch49: 15691-hvm-save-restore.patch +Patch50: 15693-32on64-gnttab-err.patch +Patch51: 15716_dev_detach.patch +Patch52: fix_15716.patch # Our patches Patch100: xen-config.diff Patch101: xend-config.diff @@ -155,6 +156,8 @@ Patch152: bridge-hostonly.diff Patch153: bridge-vlan.diff Patch154: pci-passthru-reboot-fix.patch Patch155: keymap_nl-be.patch +Patch156: svm-cr8-performance.diff +Patch157: hvm_vnc.diff # Patches from Jan Patch200: inval-sh-ldt.patch Patch201: 32on64-cpuid.patch @@ -610,6 +613,7 @@ Authors: %patch49 -p1 %patch50 -p1 %patch51 -p1 +%patch52 -p1 %patch100 -p1 %patch101 -p1 %patch102 -p1 @@ -655,6 +659,8 @@ Authors: %patch153 -p1 %patch154 -p1 %patch155 -p1 +%patch156 -p1 +%patch157 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 @@ -997,6 +1003,12 @@ rm -f $RPM_BUILD_ROOT/%pysite/*.egg-info /sbin/ldconfig %changelog +* Fri Sep 07 2007 - jfehlig@novell.com +- #297125: Expose 'type vnc' in vfb device sexp for HVM guests. +* Thu Sep 06 2007 - ccoffing@novell.com +- #302106: Update network-multinet +* Wed Sep 05 2007 - carnold@novell.com +- #307458: AMD-V CR8 intercept reduction for HVM windows 64b guests * Wed Aug 29 2007 - ccoffing@novell.com - Update block-iscsi to match changes to open-iscsi. * Mon Aug 27 2007 - carnold@novell.com