diff --git a/src/xen/.cirrus.yml b/src/xen/.cirrus.yml new file mode 100644 index 0000000000000000000000000000000000000000..d0a9021a77e435a195cb4bc2baca1c3fe6ed46e4 --- /dev/null +++ b/src/xen/.cirrus.yml @@ -0,0 +1,33 @@ +# https://cirrus-ci.org/guide/tips-and-tricks/#sharing-configuration-between-tasks +freebsd_template: &FREEBSD_TEMPLATE + environment: + APPEND_LIB: /usr/local/lib + APPEND_INCLUDES: /usr/local/include + + install_script: pkg install -y seabios gmake ninja bash + pkgconf python libiconv bison perl5 + yajl lzo2 pixman argp-standalone + libxml2 glib git + + build_script: + - cc --version + - ./configure --with-system-seabios=/usr/local/share/seabios/bios.bin + - gmake -j`sysctl -n hw.ncpu` clang=y + +task: + name: 'FreeBSD 13' + freebsd_instance: + image_family: freebsd-13-2 + << : *FREEBSD_TEMPLATE + +task: + name: 'FreeBSD 14' + freebsd_instance: + image_family: freebsd-14-0 + << : *FREEBSD_TEMPLATE + +task: + name: 'FreeBSD 15' + freebsd_instance: + image_family: freebsd-15-0-snap + << : *FREEBSD_TEMPLATE diff --git a/src/xen/CHANGELOG.md b/src/xen/CHANGELOG.md new file mode 100644 index 0000000000000000000000000000000000000000..ddb3ab8db4e7c9f43897fdce4833d3c49609a4c2 --- /dev/null +++ b/src/xen/CHANGELOG.md @@ -0,0 +1,228 @@ +# Changelog + +Notable changes to Xen will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) + +## [4.19.0 UNRELEASED](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=staging) - TBD + +### Changed + - Changed flexible array definitions in public I/O interface headers to not + use "1" as the number of array elements. + - On x86: + - HVM PIRQs are disabled by default. + +### Added + - On x86: + - Introduce a new x2APIC driver that uses Cluster Logical addressing mode + for IPIs and Physical addressing mode for external interrupts. + +### Removed +- caml-stubdom. It hasn't built since 2014, was pinned to Ocaml 4.02, and has + been superseded by the MirageOS/SOLO5 projects. +- /usr/bin/pygrub symlink. This was deprecated in Xen 4.2 (2012) but left for + compatibility reasons. VMs configured with bootloader="/usr/bin/pygrub" + should be updated to just bootloader="pygrub". + +## [4.18.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.18.0) - 2023-11-16 + +### Changed + - Repurpose command line gnttab_max_{maptrack_,}frames options so they don't + cap toolstack provided values. + - Ignore VCPUOP_set_singleshot_timer's VCPU_SSHOTTMR_future flag. The only + known user doesn't use it properly, leading to in-guest breakage. + - The "dom0" option is now supported on Arm and "sve=" sub-option can be used + to enable dom0 guest to use SVE/SVE2 instructions. + - Physical CPU Hotplug downgraded to Experimental and renamed "ACPI CPU + Hotplug" for clarity + +### Added + - On x86: + - On all Intel systems, MSR_ARCH_CAPS is now visible in guests, and + controllable from the VM's config file. For CPUs from ~2019 onwards, + this allows guest kernels to see details about hardware fixes for + speculative mitigations. (Backported as XSA-435 to older releases). + - xl/libxl can customize SMBIOS strings for HVM guests. + - Support for enforcing system-wide operation in Data Operand Independent + Timing Mode. + - Add Intel Hardware P-States (HWP) cpufreq driver. + - Support for features new in AMD Genoa CPUs: + - CPUID_USER_DIS (CPUID Faulting) used by Xen to control PV guest's view + of CPUID data. + - Support for features new in Intel Sapphire Rapids CPUs: + - PKS (Protection Key Supervisor) available to HVM/PVH guests. + - VM-Notify used by Xen to mitigate certain micro-architectural pipeline + livelocks, instead of crashing the entire server. + - Bus-lock detection, used by Xen to mitigate (by rate-limiting) the + system wide impact of a guest misusing atomic instructions. + - Support for features new in Intel Granite Rapids CPUs: + - AVX512-FP16. + - On Arm: + - Xen supports guests running SVE/SVE2 instructions. (Tech Preview) + - Add suport for Firmware Framework for Arm A-profile (FF-A) Mediator (Tech + Preview) + - Experimental support for dynamic addition/removal of Xen device tree + nodes using a device tree overlay binary (.dtbo). + - Introduce two new hypercalls to map the vCPU runstate and time areas by + physical rather than linear/virtual addresses. + - The project has now officially adopted 6 directives and 65 rules of MISRA-C. + +### Removed + - On x86, the "pku" command line option has been removed. It has never + behaved precisely as described, and was redundant with the unsupported + "cpuid=no-pku". Visibility of PKU to guests should be via its vm.cfg file. + - xenpvnetboot removed as unable to convert to Python 3. + +## [4.17.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.17.0) - 2022-12-12 + +### Changed + - On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that + this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen. + - The "gnttab" option now has a new command line sub-option for disabling the + GNTTABOP_transfer functionality. + - The x86 MCE command line option info is now updated. + +### Added / support upgraded + - Out-of-tree builds for the hypervisor now supported. + - __ro_after_init support, for marking data as immutable after boot. + - The project has officially adopted 4 directives and 24 rules of MISRA-C, + added MISRA-C checker build integration, and defined how to document + deviations. + - IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones + when they don't share page tables with the CPU (HAP / EPT / NPT). + - Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD. + - Improved TSC, CPU, and APIC clock frequency calibration on x86. + - Support for Xen using x86 Control Flow Enforcement technology for its own + protection. Both Shadow Stacks (ROP protection) and Indirect Branch + Tracking (COP/JOP protection). + - Add mwait-idle support for SPR and ADL on x86. + - Extend security support for hosts to 12 TiB of memory on x86. + - Add command line option to set cpuid parameters for dom0 at boot time on x86. + - Improved static configuration options on Arm. + - cpupools can be specified at boot using device tree on Arm. + - It is possible to use PV drivers with dom0less guests, allowing statically + booted dom0less guests with PV devices. + - On Arm, p2m structures are now allocated out of a pool of memory set aside at + domain creation. + - Improved mitigations against Spectre-BHB on Arm. + - Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm. + - Allow setting the number of CPUs to activate at runtime from command line + option on Arm. + - Grant-table support on Arm was improved and hardened by implementing + "simplified M2P-like approach for the xenheap pages" + - Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm. + - Add i.MX lpuart and i.MX8QM support on Arm. + - Improved toolstack build system. + - Add Xue - console over USB 3 Debug Capability. + - gitlab-ci automation: Fixes and improvements together with new tests. + +### Removed / support downgraded + - dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options + +## [4.16.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.16.0) - 2021-12-02 + +### Removed + - XENSTORED_ROOTDIR environment variable from configuartion files and + initscripts, due to being unused. + +### Changed + - Quarantining of passed-through PCI devices no longer defaults to directing I/O to a scratch + page, matching original post-XSA-302 behavior (albeit the change was also backported, first + appearing in 4.12.2 and 4.11.4). Prior (4.13...4.15-like) behavior can be arranged for + either by enabling the IOMMU_QUARANTINE_SCRATCH_PAGE setting at build (configuration) time + or by passing "iommu=quarantine=scratch-page" on the hypervisor command line. + - pv-grub stubdoms will no longer be built per default. In order to be able to use pv-grub + configure needs to be called with "--enable-pv-grub" as parameter. + - qemu-traditional based device models (both, qemu-traditional and ioemu-stubdom) will + no longer be built per default. In order to be able to use those, configure needs to + be called with "--enable-qemu-traditional" as parameter. + - Fixes for credit2 scheduler stability in corner case conditions. + - Ongoing improvements in the hypervisor build system. + - vtpmmgr miscellaneous fixes in preparation for TPM 2.0 support. + - 32bit PV guests only supported in shim mode. + - Improved PVH dom0 debug key handling. + - Fix booting on some Intel systems without a PIT (i8254). + - Cleanup of the xenstore library interface. + - Fix truncation of return value from xencall2 by introducing a new helper + that returns a long instead. + - Fix system register accesses on Arm to use the proper 32/64bit access size. + - Various fixes for Arm OP-TEE mediator. + - Switch to domheap for Xen page tables. + +### Added + - 32bit Arm builds to the gitlab-ci automated tests. + - x86 full system tests to the gitlab-ci automated tests. + - Arm limited vPMU support for guests. + - Static physical memory allocation for dom0less on arm64. + - dom0less EFI support on arm64. + - GICD_ICPENDR register handling in vGIC emulation to support Zephyr OS. + - CPU feature leveling on arm64 platform with heterogeneous cores. + - Report unpopulated memory regions safe to use for external mappings, Arm and + device tree only. + - Support of generic DT IOMMU bindings for Arm SMMU v2. + - Limit grant table version on a per-domain basis. + +## [4.15.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.15.0) - 2021-04-08 + +### Added / support upgraded + - ARM IOREQ servers (device emulation etc.) (Tech Preview) + - Renesas IPMMU-VMSA (Supported, not security supported; was Tech Preview) + - ARM SMMUv3 (Tech Preview) + - Switched MSR accesses to deny by default policy. + - Intel Processor Trace support (Tech Preview) + - Named PCI devices for xl/libxl + - Improved documentation for xl PCI configuration format + - Support for zstd-compressed dom0 (x86) and domU kernels + - EFI: Enable booting unified hypervisor/kernel/initrd/DT images + - Reduce ACPI verbosity by default + - Add ucode=allow-same option to test late microcode loading path + - Library improvements from NetBSD ports upstreamed + - CI loop: Add Alpine Linux, Ubuntu Focal targets; drop CentOS 6 + - CI loop: Add qemu-based dom0 / domU test for ARM + - CI loop: Add dom0less aarch64 smoke test + - x86: Allow domains to use AVX-VNNI instructions + - Factored out HVM-specific shadow code, improving code clarity and reducing the size of PV-only hypervisor builds + - Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts, rather than hard-coding /etc/xen/scripts + - xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend + - xenstore can now be live-updated on a running system. (Tech preview) + - Some additional affordances in various xl subcommands. + - Added workarounds for the following ARM errata: Cortex A53 #843419, Cortex A55 #1530923, Cortex A72 #853709, Cortex A73 #858921, Cortex A76 #1286807, Neoverse-N1 #1165522 + - On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging + - Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests + +### Removed / support downgraded + + - qemu-xen-traditional as host process device model, now "No security + support, not recommended". (Use as stub domain device model is still + supported - see SUPPORT.md.) + +## [4.14.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.14.0) - 2020-07-23 + +### Added + - This file and MAINTAINERS entry. + - Use x2APIC mode whenever available, regardless of interrupt remapping + support. + - Performance improvements to guest assisted TLB flushes, either when using + the Xen hypercall interface or the viridian one. + - Assorted pvshim performance and scalability improvements plus some bug + fixes. + - Hypervisor framework to ease porting Xen to run on hypervisors. + - Initial support to run on Hyper-V. + - Initial hypervisor file system (hypfs) support. + - libxl support for running qemu-xen device model in a linux stubdomain. + - New 'domid_policy', allowing domain-ids to be randomly chosen. + - Option to preserve domain-id across migrate or save+restore. + - Support in kdd for initial KD protocol handshake for Win 7, 8 and 10 (64 bit). + - Tech preview support for Control-flow Execution Technology, with Xen using + Supervisor Shadow Stacks for its own protection. + +### Changed + - The CPUID data seen by a guest on boot is now moved in the migration + stream. A guest migrating between non-identical hardware will now no + longer observe details such as Family/Model/Stepping, Cache, etc changing. + An administrator still needs to take care to ensure the features visible to + the guest at boot are compatible with anywhere it might migrate. + +## [4.13.0](https://xenbits.xenproject.org/gitweb/?p=xen.git;a=shortlog;h=RELEASE-4.13.0) - 2019-12-17 + +> Pointer to release from which CHANGELOG tracking starts diff --git a/src/xen/CODING_STYLE b/src/xen/CODING_STYLE new file mode 100644 index 0000000000000000000000000000000000000000..ed13ee2b664b7f9686f9dfa709840147badfe7c8 --- /dev/null +++ b/src/xen/CODING_STYLE @@ -0,0 +1,271 @@ +Coding Style for the Xen Hypervisor +=================================== + +The Xen coding style described below is the coding style used by the +Xen hypervisor itself (xen/*) as well as various associated low-level +libraries (e.g. tools/libxc/*). + +An exception is made for files which are imported from an external +source. In these cases the prevailing coding style of the upstream +source is generally used (commonly the Linux coding style). + +Other parts of the code base may use other coding styles, sometimes +explicitly (e.g. tools/libxl/CODING_STYLE) but often implicitly (Linux +coding style is fairly common). In general you should copy the style +of the surrounding code. If you are unsure please ask. + +SPDX +---- + +New files should start with a single-line SPDX comment to express the +license, e.g.: + +/* SPDX-License-Identifier: GPL-2.0 */ + +See LICENSES/ for a list of licenses and SPDX tags currently used. + +MISRA C +------- + +The Xen Hypervisor follows some MISRA C coding rules. See +docs/misra/rules.rst for details. + +Indentation +----------- + +Indenting uses spaces, not tabs - in contrast to Linux. An indent +level consists of four spaces. Code within blocks is indented by one +extra indent level. The enclosing braces of a block are indented the +same as the code _outside_ the block. e.g. + +void fun(void) +{ + /* One level of indent. */ + + { + /* A second level of indent. */ + } +} + +Due to the behavior of GNU diffutils "diff -p", labels should be +indented by at least one blank. Non-case labels inside switch() bodies +are preferred to be indented the same as the block's case labels. + +White space +----------- + +Space characters are used to spread out logical statements, such as in +the condition of an if or while. Spaces are placed between the +keyword and the brackets surrounding the condition, between the +brackets and the condition itself, and around binary operators (except +the structure access operators, '.' and '->'). e.g. + +if ( (wibble & wombat) == 42 ) +{ + ... + +There should be no trailing white space at the end of lines (including +after the opening /* of a comment block). + +Line Length +----------- + +Lines should be less than 80 characters in length. Long lines should +be split at sensible places and the trailing portions indented. + +User visible strings (e.g., printk() messages) should not be split so +they can searched for more easily. + +Bracing +------- + +Braces ('{' and '}') are usually placed on a line of their own, except +for +- the do/while loop +- the opening brace in definitions of enum, struct, and union +- the opening brace in initializers +- compound literals +This is unlike the Linux coding style and unlike K&R. do/while loops +are one exception. e.g.: + +if ( condition ) +{ + /* Do stuff. */ +} +else +{ + /* Other stuff. */ +} + +while ( condition ) +{ + /* Do stuff. */ +} + +do { + /* Do stuff. */ +} while ( condition ); + +etc. + +Braces should be omitted for blocks with a single statement. e.g., + +if ( condition ) + single_statement(); + +Types +----- + +Use basic C types and C standard mandated typedef-s where possible (and +with preference in this order). This in particular means to avoid u8, +u16, etc despite those types continuing to exist in our code base. +Fixed width types should only be used when a fixed width quantity is +meant (which for example may be a value read from or to be written to a +register). + +Especially with pointer types, whenever the pointed to object is not +(supposed to be) modified, qualify the pointed to type with "const". + +Comments +-------- + +Only C style /* ... */ comments are to be used. C++ style // comments +should not be used. Multi-word comments should begin with a capital +letter. Comments containing a single sentence may end with a full +stop; comments containing several sentences must have a full stop +after each sentence. + +Multi-line comment blocks should start and end with comment markers on +separate lines and each line should begin with a leading '*'. + +/* + * Example, multi-line comment block. + * + * Note beginning and end markers on separate lines and leading '*'. + */ + +Naming convention for files and command line options +---------------------------------------------------- + +'-' should be used to separate words in commandline options and filenames. +E.g. timer-works. + +Note that some of the options and filenames are using '_'. This is now +deprecated. + +Emacs local variables +--------------------- + +A comment block containing local variables for emacs is permitted at +the end of files. It should be: + +/* + * Local variables: + * mode: C + * c-file-style: "BSD" + * c-basic-offset: 4 + * indent-tabs-mode: nil + * End: + */ + +Handling unexpected conditions +------------------------------ + +GUIDELINES: + +Passing errors up the stack should be used when the caller is already +expecting to handle errors, and the state when the error was +discovered isn’t broken, or isn't too hard to fix. + +domain_crash() should be used when passing errors up the stack is too +difficult, and/or when fixing up state of a guest is impractical, but +where fixing up the state of Xen will allow Xen to continue running. +This is particularly appropriate when the guest is exhibiting behavior +well-behaved guests shouldn't. + +BUG_ON() should be used when you can’t pass errors up the stack, and +either continuing or crashing the guest would likely cause an +information leak or privilege escalation vulnerability. + +ASSERT() IS NOT AN ERROR HANDLING MECHANISM. ASSERT is a way to move +detection of a bug earlier in the programming cycle; it is a +more-noticeable printk. It should only be added after one of the +other three error-handling mechanisms has been evaluated for +reliability and security. + +RATIONALE: + +It's frequently the case that code is written with the assumption that +certain conditions can never happen. There are several possible +actions programmers can take in these situations: + +* Programmers can simply not handle those cases in any way, other than +perhaps to write a comment documenting what the assumption is. + +* Programmers can try to handle the case gracefully -- fixing up +in-progress state and returning an error to the user. + +* Programmers can crash the guest. + +* Programmers can use ASSERT(), which will cause the check to be +executed in DEBUG builds, and cause the hypervisor to crash if it's +violated + +* Programmers can use BUG_ON(), which will cause the check to be +executed in both DEBUG and non-DEBUG builds, and cause the hypervisor +to crash if it's violated. + +In selecting which response to use, we want to achieve several goals: + +- To minimize risk of introducing security vulnerabilities, + particularly as the code evolves over time + +- To efficiently spend programmer time + +- To detect violations of assumptions as early as possible + +- To minimize the impact of bugs on production use cases + +The guidelines above attempt to balance these: + +- When the caller is expecting to handle errors, and there is no +broken state at the time the unexpected condition is discovered, or +when fixing the state is straightforward, then fixing up the state and +returning an error is the most robust thing to do. However, if the +caller isn't expecting to handle errors, or if the state is difficult +to fix, then returning an error may require extensive refactoring, +which is not a good use of programmer time when they're certain that +this condition cannot occur. + +- BUG_ON() will stop all hypervisor action immediately. In situations +where continuing might allow an attacker to escalate privilege, a +BUG_ON() can change a privilege escalation or information leak into a +denial-of-service (an improvement). But in situations where +continuing (say, returning an error) might be safe, then BUG_ON() can +change a benign failure into denial-of-service (a degradation). + +- domain_crash() is similar to BUG_ON(), but with a more limited +effect: it stops that domain immediately. In situations where +continuing might cause guest or hypervisor corruption, but destroying +the guest allows the hypervisor to continue, this can change a more +serious bug into a guest denial-of-service. But in situations where +returning an error might be safe, then domain_crash() can change a +benign failure into a guest denial-of-service. + +- ASSERT() will stop the hypervisor during development, but allow +hypervisor action to continue during production. In situations where +continuing will at worst result in a denial-of-service, and at best +may have little effect other than perhaps quirky behavior, using an +ASSERT() will allow violation of assumptions to be detected as soon as +possible, while not causing undue degradation in production +hypervisors. However, in situations where continuing could cause +privilege escalation or information leaks, using an ASSERT() can +introduce security vulnerabilities. + +Note however that domain_crash() has its own traps: callers far up the +call stack may not realize that the domain is now dying as a result of +an innocuous-looking operation, particularly if somewhere on the +callstack between the initial function call and the failure, no error +is returned. Using domain_crash() requires careful inspection and +documentation of the code to make sure all callers at the stack handle +a newly-dead domain gracefully. diff --git a/src/xen/CONTRIBUTING b/src/xen/CONTRIBUTING new file mode 100644 index 0000000000000000000000000000000000000000..5710a8a764505d218af4e73a8e0af7090f3df26f --- /dev/null +++ b/src/xen/CONTRIBUTING @@ -0,0 +1,114 @@ + +CONTRIBUTING +============ + +INBOUND LICENSE +--------------- + +Contributions are governed by the license that applies to relevant +specific file or by the license specified in the COPYING file, that +governs the license of its containing directory and its subdirectories. + +Most of the Xen Project code is licensed under GPLv2, but a number of +directories are primarily licensed under different licenses. + +Most notably: + - tools/libs : LGPL v2.1 + - tools/libxc : LGPL v2.1 + - tools/libxl : LGPL v2.1 + - tools/xl : LGPL v2.1 + - xen/include/public : MIT license + +See LICENSES/ for a list of licenses and SPDX tags currently used. + +When creating new components, new files, or importing code please follow +the conventions outlined below. As a general rule, whenever code using a +license other than GPLv2 is introduced, attention must be drawn to the +difference, such that maintainers can make an informed decision about the +deviation. Any new code must be GPLv2 compatible. + +New components +-------------- + +When creating new components and directories that contain a +significant amount of files that are licensed under licenses other +than GPLv2 or the license specified in the COPYING file, please +create a new COPYING file in that directory containing the SPDX tag +and a rationale for using a different license. This helps ensure that +the license of this new component/directory is maintained consistently +with the original intention. + +New files +--------- + +New files should start with a single-line SPDX comment to express the +license. For instance, if the file is GPLv2, the comment would look +like: + +/* SPDX-License-Identifier... */ + +The recommended license of a directory will depend on the COPYING file. +If the new file is using a different license, this should be highlighted +and discussed in the commit message or cover letter introducing the +file. + +See LICENSES/ for a list of licenses and SPDX tags currently used. + +Importing code +-------------- + +When importing code from other upstream projects into this repository, +please create a README.source file in the directory the code is imported +to, listing the original source of the code. An example can be found at +m4/README.source + +Developer's Certificate of Origin +--------------------------------- + +All patches to the Xen Project code base must include the line +"Signed-off-by: your_name " at the end of the change +description. This is required and indicates that you certify the patch +under the "Developer's Certificate of Origin" which states: + + Developer's Certificate of Origin 1.1 + + By making a contribution to this project, I certify that: + + (a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + + (b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + + (c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + + (d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. + +GOVERNANCE AND WORKFLOW +----------------------- + +The following documents provide a general overview of governance and +contribution guidelines for the Xen Project: + - https://xenproject.org/governance.html + - https://xenproject.org/help/contribution-guidelines.html + +For more information on contributing to this repository, see + - CODING_STYLE file in this directory + - https://wiki.xenproject.org/wiki/Submitting_Xen_Project_Patches + - https://wiki.xenproject.org/wiki/Submitting_Xen_Patches_with_Git + - https://wiki.xenproject.org/wiki/Asking_Developer_Questions + - https://wiki.xenproject.org/wiki/Category:Developers + + diff --git a/src/xen/COPYING b/src/xen/COPYING new file mode 100644 index 0000000000000000000000000000000000000000..824c3aa353b47507241831f4753590f86a162014 --- /dev/null +++ b/src/xen/COPYING @@ -0,0 +1,75 @@ + +GNU General Public License +-------------------------- + +Most files in this repository are licensed under the terms of the GNU +General Public License (GPL), a copy of which is present under the +LICENSES/ directory. Note that the only valid version of the GPL as far +as the files in this repository are concerned is _this_ particular +version of the license (i.e., *only* v2, not v2.2 or v3.x or whatever), +unless explicitly otherwise stated. + +Some code fragments in the hypervisor and associated subsystems +include other license stanzas: the most common ones are listed in +the *License Exceptions* section of this file. + +When these code sections are compiled as part of a +GPLv2-licensed program, such as Xen, the result is licensed under +GPLv2. See the FSF's definition of GPL compatibility: + http://www.gnu.org/licenses/gpl-faq.html#WhatDoesCompatMean +And how this applies to a range of open source licenses: + http://www.gnu.org/licenses/license-list.html + +A number of files will also specify GPL exceptions, such as + - Autoconf exception + - Bison exception + - GCC exception + +In addition the xen directory also contains a XEN NOTICE clarifying +what constitutes a derived work, which applies to the xen directory +and its subdirectories (see xen/COPYING). + +Licensing Exceptions +-------------------- + +For the convenience of users and those who are porting OSes to run as +Xen guests, certain files in this repository are not subject to the +GPL when distributed separately or included in software packages +outside this repository. + +Instead we specify more relaxed licenses, depending on need, such as + - BSD style license (BSD Original, BSD Modified, Intel BSD) + - MIT license + - LGPL 2.1 + +Affected files include the Xen interface headers (xen/include/public), +various drivers, support functions and header files within Xen-aware +Linux source trees. In all such cases, license terms are stated at the +top of the file or in a COPYING file in the same directory. + +Sphinx documentation is licensed under CC-BY 4.0. See +docs/README.source for more specific information. + +In some cases, compatible 3rd party code has been imported into the +Xen tree, retaining the original license, such as + - AES-128 3.0 + - FSF Unlimited License + - Laurikari License + - Public Domain + - ZLIB License + +Significant code imports are highlighted in a README.source file +in the directory into which the file or code snippet was imported. + +Note that *any* file that is modified and then distributed within a +Linux kernel is still subject to the GNU GPL. + +Contributions +------------- + +Contributions are governed by the license that applies to the relevant +specific file or by the license specified in the COPYING file, that +governs the license of its containing directory and its subdirectories. + +For more information, see the CONTRIBUTING file. + diff --git a/src/xen/CREDITS b/src/xen/CREDITS new file mode 100644 index 0000000000000000000000000000000000000000..3ddcdbaac64c47d95f13091e00146cfbde7cc58b --- /dev/null +++ b/src/xen/CREDITS @@ -0,0 +1,16 @@ + This is at least a partial credits-file of people that have + contributed to the Xen project. It is sorted by name and + formatted to allow easy grepping and beautification by + scripts. The fields are: name (N), email (E), web-address + (W), PGP key ID and fingerprint (P), description (D), and + snail-mail address (S). + Thanks, + + Xen team +---------- + +N: Jeremy Fitzhardinge +E: jeremy@goop.org +W: http://www.goop.org/~jeremy +P: 1B40B6D0 +D: Linux pvops diff --git a/src/xen/Config.mk b/src/xen/Config.mk new file mode 100644 index 0000000000000000000000000000000000000000..f7d6d84847be7a3ba64e7359df64f97fd9078709 --- /dev/null +++ b/src/xen/Config.mk @@ -0,0 +1,251 @@ +# -*- mode: Makefile; -*- + +ifeq ($(filter /%,$(XEN_ROOT)),) +$(error XEN_ROOT must be absolute) +endif + +# Convenient variables +comma := , +open := ( +close := ) +squote := ' +#' Balancing squote, to help syntax highlighting +empty := +space := $(empty) $(empty) + +# fallback for older make +realpath = $(wildcard $(foreach file,$(1),$(shell cd -P $(dir $(file)) && echo "$$PWD/$(notdir $(file))"))) +or = $(if $(strip $(1)),$(1),$(if $(strip $(2)),$(2),$(if $(strip $(3)),$(3),$(if $(strip $(4)),$(4))))) + +-include $(XEN_ROOT)/.config + +ifeq ($(origin XEN_COMPILE_ARCH), undefined) +XEN_COMPILE_ARCH := $(shell uname -m | sed -e s/i.86/x86_32/ \ + -e s/i86pc/x86_32/ -e s/amd64/x86_64/ \ + -e s/armv7.*/arm32/ -e s/armv8.*/arm64/ \ + -e s/aarch64/arm64/) +endif + +XEN_TARGET_ARCH ?= $(XEN_COMPILE_ARCH) +ifeq ($(origin XEN_OS), undefined) +XEN_OS := $(shell uname -s) +endif + +CONFIG_$(XEN_OS) := y + +SHELL ?= /bin/sh + +# Tools to run on system hosting the build +HOSTCFLAGS = -Wall -Werror -Wstrict-prototypes -O2 -fomit-frame-pointer +HOSTCFLAGS += -fno-strict-aliasing + +DISTDIR ?= $(XEN_ROOT)/dist +DESTDIR ?= / + +# Allow phony attribute to be listed as dependency rather than fake target +.PHONY: .phony + +# If we are not cross-compiling, default HOSTC{C/XX} to C{C/XX} +ifeq ($(XEN_TARGET_ARCH), $(XEN_COMPILE_ARCH)) +HOSTCC ?= $(CC) +HOSTCXX ?= $(CXX) +endif + +# Use Clang/LLVM instead of GCC? +clang ?= n +ifeq ($(clang),n) +gcc := y +HOSTCC ?= gcc +HOSTCXX ?= g++ +else +gcc := n +HOSTCC ?= clang +HOSTCXX ?= clang++ +endif + +DEPS_INCLUDE = $(addsuffix .d2, $(basename $(wildcard $(DEPS)))) +DEPS_RM = $(DEPS) $(DEPS_INCLUDE) + +%.d2: %.d + sed "s!\(^\| \)$$PWD/! !" $^ >$@.tmp && mv -f $@.tmp $@ + +include $(XEN_ROOT)/config/$(XEN_OS).mk +include $(XEN_ROOT)/config/$(XEN_TARGET_ARCH).mk + +ifneq ($(EXTRA_PREFIX),) +EXTRA_INCLUDES += $(EXTRA_PREFIX)/include +EXTRA_LIB += $(EXTRA_PREFIX)/lib +endif + +PYTHON ?= python +PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" +# The above requires that prefix contains *no spaces*. This variable is here +# to permit the user to set PYTHON_PREFIX_ARG to '' to workaround this bug: +# https://bugs.launchpad.net/ubuntu/+bug/362570 + +# cc-option: Check if compiler supports first option, else fall back to second. +# +# This is complicated by the fact that with most gcc versions unrecognised +# -Wno-* options: +# (a) are ignored unless the compilation emits a warning; and +# (b) even then produce a warning rather than an error +# Further Clang also only warns for unrecognised -W* options. To handle this +# we do a test compile, substituting -Wno-* by -W* and adding -Werror. This +# way all unrecognised options are diagnosed uniformly, allowing us to merely +# check exit status. +# +# Usage: cflags-y += $(call cc-option,$(CC),-march=winchip-c6,-march=i586) +cc-option = $(shell if $(1) $(2:-Wno-%=-W%) -Werror -c -o /dev/null -x c /dev/null >/dev/null 2>&1; \ + then echo "$(2)"; else echo "$(3)"; fi ;) + +# cc-option-add: Add an option to compilation flags, but only if supported. +# Usage: $(call cc-option-add CFLAGS,CC,-march=winchip-c6) +cc-option-add = $(eval $(call cc-option-add-closure,$(1),$(2),$(3))) +define cc-option-add-closure + ifneq ($$(call cc-option,$$($(2)),$(3),n),n) + $(1) += $(3) + endif +endef + +cc-options-add = $(foreach o,$(3),$(call cc-option-add,$(1),$(2),$(o))) + +# cc-ver: Check compiler against the version requirement. Return boolean 'y'/'n'. +# Usage: ifeq ($(call cc-ver,$(CC),ge,0x030400),y) +cc-ver = $(shell if [ $$((`$(1) -dumpversion | awk -F. \ + '{ printf "0x%02x%02x%02x", $$1, $$2, $$3}'`)) -$(2) $$(($(3))) ]; \ + then echo y; else echo n; fi ;) + +# cc-ver-check: Check compiler is at least specified version, else fail. +# Usage: $(call cc-ver-check,CC,0x030400,"Require at least gcc-3.4") +cc-ver-check = $(eval $(call cc-ver-check-closure,$(1),$(2),$(3))) +define cc-ver-check-closure + ifeq ($$(call cc-ver,$$($(1)),ge,$(2)),n) + override $(1) = echo "*** FATAL BUILD ERROR: "$(3) >&2; exit 1; + cc-option := n + endif +endef + +# Require GCC v4.1+ +check-$(gcc) = $(call cc-ver-check,CC,0x040100,"Xen requires at least gcc-4.1") +$(eval $(check-y)) + +ld-ver-build-id = $(shell $(1) --build-id 2>&1 | \ + grep -q build-id && echo n || echo y) + +export XEN_HAS_BUILD_ID ?= n +ifeq ($(call ld-ver-build-id,$(LD)),n) +build_id_linker := +else +CFLAGS += -DBUILD_ID +export XEN_HAS_BUILD_ID=y +build_id_linker := --build-id=sha1 +endif + +define buildmakevars2shellvars + export PREFIX="$(prefix)"; \ + export XEN_SCRIPT_DIR="$(XEN_SCRIPT_DIR)"; \ + export XEN_ROOT="$(XEN_ROOT)" +endef + +# +# Compare $(1) and $(2) and replace $(2) with $(1) if they differ +# +# Typically $(1) is a newly generated file and $(2) is the target file +# being regenerated. This prevents changing the timestamp of $(2) only +# due to being auto regenereated with the same contents. +define move-if-changed + if ! cmp -s $(1) $(2); then mv -f $(1) $(2); else rm -f $(1); fi +endef + +BUILD_MAKE_VARS := sbindir bindir LIBEXEC LIBEXEC_BIN libdir SHAREDIR \ + XENFIRMWAREDIR XEN_CONFIG_DIR XEN_SCRIPT_DIR XEN_LOCK_DIR \ + XEN_RUN_DIR XEN_PAGING_DIR XEN_DUMP_DIR XEN_LOG_DIR \ + XEN_LIB_DIR XEN_RUN_STORED + +buildmakevars2file = $(eval $(call buildmakevars2file-closure,$(1))) +define buildmakevars2file-closure + $(1): .phony + rm -f $(1).tmp; \ + $(foreach var, $(BUILD_MAKE_VARS), \ + echo "$(var)=\"$($(var))\"" >>$(1).tmp;) \ + $(call move-if-changed,$(1).tmp,$(1)) +endef + +CFLAGS += -fno-strict-aliasing + +CFLAGS += -std=gnu99 + +CFLAGS += -Wall -Wstrict-prototypes + +$(call cc-option-add,CFLAGS,CC,-Wno-unused-but-set-variable) +$(call cc-option-add,CFLAGS,CC,-Wno-unused-local-typedefs) + +LDFLAGS += $(foreach i, $(EXTRA_LIB), -L$(i)) +CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i)) +LDFLAGS += $(foreach i, $(PREPEND_LIB), -L$(i)) +CFLAGS += $(foreach i, $(PREPEND_INCLUDES), -I$(i)) +ifeq ($(XEN_TOOLS_RPATH),y) +LDFLAGS += -Wl,-rpath,$(libdir) +endif +APPEND_LDFLAGS += $(foreach i, $(APPEND_LIB), -L$(i)) +APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) + +EMBEDDED_EXTRA_CFLAGS := -fno-pie -fno-stack-protector -fno-stack-protector-all +EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables + +XEN_EXTFILES_URL ?= https://xenbits.xen.org/xen-extfiles +# All the files at that location were downloaded from elsewhere on +# the internet. The original download URL is preserved as a comment +# near the place in the Xen Makefiles where the file is used. + +# Where to look for inlined subtrees (for example, from a tarball) +QEMU_UPSTREAM_INTREE ?= $(XEN_ROOT)/tools/qemu-xen +QEMU_TRADITIONAL_INTREE ?= $(XEN_ROOT)/tools/qemu-xen-traditional + + +# Handle legacy options +ifneq (,$(SEABIOS_UPSTREAM_TAG)) +SEABIOS_UPSTREAM_REVISION ?= $(SEABIOS_UPSTREAM_TAG) +endif +ifneq (,$(QEMU_REMOTE)) +QEMU_TRADITIONAL_URL ?= $(QEMU_REMOTE) +endif +ifneq (,$(CONFIG_QEMU)) +QEMU_TRADITIONAL_LOC ?= $(CONFIG_QEMU) +endif +ifneq (,$(QEMU_TAG)) +QEMU_TRADITIONAL_REVISION ?= $(QEMU_TAG) +endif + +OVMF_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/ovmf.git +OVMF_UPSTREAM_REVISION ?= ba91d0292e593df8528b66f99c1b0b14fadc8e16 + +QEMU_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/qemu-xen.git +QEMU_UPSTREAM_REVISION ?= master + +MINIOS_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/mini-os.git +MINIOS_UPSTREAM_REVISION ?= 090eeeb1631f00a9a41ebf66d9b4aacb97eb51e7 + +SEABIOS_UPSTREAM_URL ?= https://xenbits.xen.org/git-http/seabios.git +SEABIOS_UPSTREAM_REVISION ?= rel-1.16.3 + +ETHERBOOT_NICS ?= rtl8139 8086100e + + +QEMU_TRADITIONAL_URL ?= https://xenbits.xen.org/git-http/qemu-xen-traditional.git +QEMU_TRADITIONAL_REVISION ?= 3d273dd05e51e5a1ffba3d98c7437ee84e8f8764 +# Wed Jul 15 10:01:40 2020 +0100 +# qemu-trad: remove Xen path dependencies + +# Specify which qemu-dm to use. This may be `ioemu' to use the old +# Mercurial in-tree version, or a local directory, or a git URL. +# QEMU_UPSTREAM_LOC ?= `pwd`/$(XEN_ROOT)/../qemu-xen.git + +# Defaults for subtree locations +QEMU_TRADITIONAL_LOC ?= $(call or,$(wildcard $(QEMU_TRADITIONAL_INTREE)),\ + $(QEMU_TRADITIONAL_URL)) + +QEMU_UPSTREAM_LOC ?= $(call or,$(wildcard $(QEMU_UPSTREAM_INTREE)),\ + $(QEMU_UPSTREAM_URL)) + +CONFIG_TESTS ?= y diff --git a/src/xen/INSTALL b/src/xen/INSTALL new file mode 100644 index 0000000000000000000000000000000000000000..88c1464816bd71911cfc0a083cf35e285af64883 --- /dev/null +++ b/src/xen/INSTALL @@ -0,0 +1,363 @@ + +Compiling Xen from source + +* Overview +* Options recognized by configure +* Variables recognized by make +* Systemd support +* History of options +* Examples + +Overview +======== + +The xen source contains four subsystems: xen, tools, stubdom and docs. +All but xen have to be prepared for build with a configure script in the +toplevel directory. configure recognizes certain arguments and +environment variables which are used to adjust various aspects of the +following compile process. Once configure is done, make(1) has to be +called. Also make(1) recognizes certain arguments. The following sections +will give an overview. + +Xen Hypervisor +============== + +Xen itself is configured via a `kconfig' system borrowed from Linux. +See docs/misc/kconfig.txt. + +Note that unlike with Linux, and contrary to that document, you cannot +look at Kconfig files, or the default or generated config files etc., +to find available configuration options. This is because it is only +supported (and security supported) by the Xen Project, to change a +small subset of the options. Attempts to change other options will be +silently overridden. The only way to find which configuration options +are available is to run `make menuconfig' or the like. + +You can counter-override this behaviour by setting XEN_CONFIG_EXPERT=y +in your environment. However, doing this is not supported and the +resulting configurations do not receive security support. If you set +this variable there is nothing stopping you setting dangerously +experimental combinations of features - not even any warnings. + +Options recognized by configure +=============================== + +The configure script in the toplevel directory will recognize these +options. It will pass them to the configure scripts in the tools, +stubdom, and docs directory. + +Individual subsystems can be selected by one of the following options. +Please note that stubdom requires tools. + --disable-xen + --disable-tools + --enable-stubdom + --disable-docs + +The well known GNU configure options to specify the target directories. +Some components of these paths will be compiled into the binaries. +Note: prefix defaults to /usr/local, sysconfdir defaults to /etc, +localstatedir defaults to /var. + --prefix=DIR + --libdir=DIR + --libexecdir=BASEDIR + --bindir=DIR + --sbindir=DIR + --sysconfdir=DIR + --sharedstatedir=DIR + --localstatedir=DIR + --includedir=DIR + --datarootdir=DIR + --datadir=DIR + --mandir=DIR + --docdir=DIR + +To automatically run the toolstack in dom0 during system startup some +sysv runlevel scripts are installed. This option allows to set the path +for a given system. Possible values are /etc/init.d, /etc/rc.d/init.d or +/etc/rc.d. If not specified configure tries to guess the path. + --with-initddir=DIR + +The runlevel scripts load certain configuration files. They are +typically located in a subdirectory of /etc. Possible values are this +subdirectory are "sysconfig" or "default". If not specified configure +tries to guess the subdir. + --with-sysconfig-leaf-dir=SUBDIR + +If the tools are configured with a non-standard --prefix the runtime +linker will either not find the required libraries or it will load them +from a wrong location. Compiling the tools with rpath will force the +linker to look in the correct location. + --enable-rpath + +Disable xenstat and xentop monitoring tools. + --disable-monitors + +Disable build of certain ocaml libraries and tools. To actually build +them ocaml development packages must be installed. If they are missing +configure will automatically disable this option. + --disable-ocamltools + +Disable XSM policy compilation. + --disable-xsmpolicy + +Attempt to build of an OVMF firmware binary. This requires special +versions of development tools. Use at your own risk. + --enable-ovmf + +Use the given OVMF binary instead of compiling a private copy. + --with-system-ovmf=PATH + +Build a private copy of SeaBIOS. + --disable-seabios + +Use the given SeaBIOS binary instead of compiling a private copy. + --with-system-seabios=PATH + +Build the old qemu used by xm/xend. This is required if existing domUs +should be migrated to this host, or if existing domU snapshots should be +started with this version of the tools. Only if all domUs used the new +upstream qemu during initial start it is safe to disable this option. +The old qemu requires rombios, which can be disable along with +qemu-traditional. + --enable-qemu-traditional + --enable-rombios + +The libxl toolstack uses the upstream qemu per default. A private copy +will be built. If desired this private copy can be configured with +additional options passed to its configure script. + --with-extra-qemuu-configure-args="arg1 arg2" + +Use the given qemu binary instead of compiling a private copy. + --with-system-qemu=PATH + +A dom0 requires a set of backend drivers. The configure script already +supplies a list of known drivers which are automatically loaded in dom0. +This internal list can be changed with this option. + --with-linux-backend-modules="kmod1 kmod2" + +Two variants of a xenstored exist: the original xenstored written in C +(xenstored) or the newer and robust one written in Ocaml (oxenstored). +The oxenstored daemon is the default but can only be used if the +required ocaml packages are installed. In case they are missing the +original xenstored will be used. Valid names are xenstored and +oxenstored. + --with-xenstored=name + +The path where to store core dumps for domUs which are configured with +coredump-destroy or coredump-restart can be specified with this option. + --with-xen-dumpdir=DIR + +Instead of starting the tools in dom0 with sysv runlevel scripts they +can also be started by systemd. If this option is enabled xenstored will +receive the communication socked directly from systemd. So starting it +manually will not work anymore. The paths to systemd internals can also +be changed in case the default paths do not fit anymore. +NOTE: if systemd development packages are installed the systemd support +will be the enabled per default. Using --disable-systemd will override +this detection and the sysv runlevel scripts have to be used. + --enable-systemd + --with-systemd=DIR + --with-systemd-modules-load=DIR + +Build various stubom components, some are only example code. Its usually +enough to specify just --enable-stubdom and leave these options alone. + --enable-ioemu-stubdom + --enable-c-stubdom + --disable-pv-grub + --disable-xenstore-stubdom + --enable-vtpm-stubdom + --enable-vtpmmgr-stubdom + --disable-extfiles + +Per default some parts of the tools code will print additional runtime +debug. This option can be used to disable such code paths. + --disable-debug + +The configure script recognizes also many environment variables. Calling +the individual configure scripts in the subdirectories with the "--help" +option will list these environment variables. + +Variables recognized by make +========================== + +The following variables are recognized by the build system. They have to +be passed as make options, like 'make variable=value'. Having these +variables in the environment, like 'env variable=value make', will not +work for most of them. + +In addition to pass variables as make options it is also supported to +create a ".config" file in the toplevel directory. The file will be +sourced by make(1). + +The well known variable to specify an offset during make install, +useful for packaging. +DESTDIR= + +Per default some parts of the tools code will print additional runtime +debug. This option can be used to disable such code paths. +debug=y +debug_symbols=y + +If --prefix= was used during configure the and ocaml was enabled the +resulting libraries will not be installed in the specified path. Instead +the path provided by ocamlfind(1) will be used. This variable can be +used to override this path. Using the environment variable +OCAMLFIND_DESTDIR= and OCAMLFIND_METADIR= will have the same effect. +OCAMLDESTDIR= + +The xen subsystem will install the hypervisor into fixed locations. +BOOT_DIR defaults to /boot, DEBUG_DIR defaults to /usr/lib/debug and +EFI_DIR to /usr/lib64/efi. +BOOT_DIR= +DEBUG_DIR= +EFI_DIR= + +The make target 'rpmball' will build a xen.rpm. This variable can be +used to append a custom string to the name. In addition a string can be +appended to the rpm Release: tag. +PKG_SUFFIX= +PKG_RELEASE= + +The hypervisor will report a certain version string. This variable can +be used to append a custom string to the version. +XEN_VENDORVERSION= + +During boot xen will report a certain user@host string, which can be +changed with these variables. +XEN_WHOAMI= +XEN_DOMAIN= + +Some components of xen and tools will include an unpredictable timestamp +into the binaries. To allow reproducible builds the following variables +can be used to provide fixed timestamps in the expected format. +XEN_BUILD_DATE= +XEN_BUILD_TIME=hh:mm:ss +SMBIOS_REL_DATE=mm/dd/yyyy +VGABIOS_REL_DATE="dd Mon yyyy" + +This variable can be used to point to a different git binary to be used. +GIT= + +During tools build external repos will be cloned into the source tree. +During stubdom build external packages will be downloaded into the +source tree. These variables can be used to point to a different +locations. +XEN_EXTFILES_URL= +OVMF_UPSTREAM_URL= +QEMU_UPSTREAM_URL= +QEMU_TRADITIONAL_URL= +SEABIOS_UPSTREAM_URL= +MINIOS_UPSTREAM_URL= + +Using additional CFLAGS to build tools which will run in dom0 is +required when building distro packages. These variables can be used to +pass RPM_OPT_FLAGS. +EXTRA_CFLAGS_XEN_TOOLS= +EXTRA_CFLAGS_QEMU_TRADITIONAL= +EXTRA_CFLAGS_QEMU_XEN= + +Additional CFLAGS may be supplied to the build of the hypervisor by +using this variable. +EXTRA_CFLAGS_XEN_CORE= + +This variable can be used to use DIR/include and DIR/lib during build. +This is the same as PREPEND_LIB and PREPEND_INCLUDES. APPEND_LIB and +APPEND_INCLUDES= will be appended to the CFLAGS/LDFLAGS variable. +EXTRA_PREFIX=DIR +PREPEND_LIB=DIR +PREPEND_INCLUDES=DIR +APPEND_LIB=DIR +APPEND_INCLUDES=DIR + +While the tools build will set the path to the python binary with the +configure script, the hypervisor build has to use this variable to use a +different python binary. +PYTHON= + +Building the python tools may fail unless certain options are passed to +setup.py. Config.mk contains additional info how to use this variable. +PYTHON_PREFIX_ARG= + +The hypervisor may be built with XSM/Flask support, which can be changed +by running: +make -C xen menuconfig +and enabling XSM/Flask in the 'Common Features' menu. A security policy +is required to use XSM/Flask; if the SELinux policy compiler is +available, the policy from tools can be included in the hypervisor. +This option is enabled by default if XSM is enabled and the compiler +(checkpolicy) is found. The location of this executable can be set +using the environment variable. +CHECKPOLICY= + +Use clang instead of GCC. +clang=y + + +Systemd support +=============== + +If the systemd development packages are available then the support for +systemd will be enabled per default. It is required to manually enable +the installed systemd service files. Systemd has dependency tracking, +which means all dependencies will be started automatically: + +systemctl enable xen-qemu-dom0-disk-backend.service +systemctl enable xen-init-dom0.service +systemctl enable xenconsoled.service + +Other optional services are: +systemctl enable xendomains.service +systemctl enable xen-watchdog.service + + +QEMU Deprivilege +================ +It is recommended to run QEMU as non-root. +See docs/misc/qemu-deprivilege.txt for an explanation on what you need +to do at installation time to run QEMU as a dedicated user. + + +History of options +================== + +Prior to xen-4.5 configure recognized essentially only the --prefix= and +--libdir= option to specify target directories. Starting with xen-4.5 +all paths can be adjusted once with configure. + + +Examples +======== + +* To build a private copy of tools and xen: +configure --prefix=/odd/path --sysconfdir=/odd/path/etc --enable-rpath +make +sudo make install BOOT_DIR=/ood/path/boot EFI_DIR=/odd/path/efi + + +* Use configure and make to build a distro rpm package (it is required + to unset variables set by the rpm configure macro): +%build +export WGET=$(type -P false) +export GIT=$(type -P false) +export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" +export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" +export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS" +%configure \ + --with-initddir=%{_initddir} +unset CFLAGS CXXFLAGS FFLAGS LDFLAGS +make +%install +make install \ + SYSCONFIG_DIR=/var/adm/fillup-templates \ + DESTDIR=$RPM_BUILD_ROOT + + +* To build xen and tools using a cross compiler: +./configure --build=x86_64-unknown-linux-gnu --host=aarch64-linux-gnu +make XEN_TARGET_ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- +make XEN_TARGET_ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- \ + DESTDIR=/some/path install + + + +# vim: tw=72 et diff --git a/src/xen/LICENSES/BSD-2-Clause b/src/xen/LICENSES/BSD-2-Clause new file mode 100644 index 0000000000000000000000000000000000000000..694d8c93221c2f84190b61523901a529716400fc --- /dev/null +++ b/src/xen/LICENSES/BSD-2-Clause @@ -0,0 +1,36 @@ +Valid-License-Identifier: BSD-2-Clause + +SPDX-URL: https://spdx.org/licenses/BSD-2-Clause.html + +Usage-Guide: + + To use the BSD 2-clause "Simplified" License put the following SPDX + tag/value pair into a comment according to the placement guidelines in + the licensing rules documentation: + SPDX-License-Identifier: BSD-2-Clause + +License-Text: + +Copyright (c) . All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/src/xen/LICENSES/BSD-3-Clause b/src/xen/LICENSES/BSD-3-Clause new file mode 100644 index 0000000000000000000000000000000000000000..1441947f92e069411714c47fbac5f6b385c0d7be --- /dev/null +++ b/src/xen/LICENSES/BSD-3-Clause @@ -0,0 +1,40 @@ +Valid-License-Identifier: BSD-3-Clause + +SPDX-URL: https://spdx.org/licenses/BSD-3-Clause.html + +Usage-Guide: + + To use the BSD 3-clause "New" or "Revised" License put the following SPDX + tag/value pair into a comment according to the placement guidelines in + the licensing rules documentation: + SPDX-License-Identifier: BSD-3-Clause + +License-Text: + +Copyright (c) . All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/src/xen/LICENSES/BSD-3-Clause-Clear b/src/xen/LICENSES/BSD-3-Clause-Clear new file mode 100644 index 0000000000000000000000000000000000000000..2b27f24a65a062e0fe89962d93bb3438e0ab78a1 --- /dev/null +++ b/src/xen/LICENSES/BSD-3-Clause-Clear @@ -0,0 +1,45 @@ +Valid-License-Identifier: BSD-3-Clause-Clear + +SPDX-URL: https://spdx.org/licenses/BSD-3-Clause-Clear.html + +Usage-Guide: + + To use the BSD 3-clause "Clear" License put the following SPDX + tag/value pair into a comment according to the placement guidelines in + the licensing rules documentation: + SPDX-License-Identifier: BSD-3-Clause-Clear + +License-Text: + +The Clear BSD License + +Copyright (c) [xxxx]-[xxxx] [Owner Organization] +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted (subject to the limitations in the disclaimer +below) provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + * Neither the name of [Owner Organization] nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE GRANTED BY +THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND +CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT +NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER +OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/src/xen/LICENSES/CC-BY-4.0 b/src/xen/LICENSES/CC-BY-4.0 new file mode 100644 index 0000000000000000000000000000000000000000..4197ceb180fff6370b34566b56af1c0691677b50 --- /dev/null +++ b/src/xen/LICENSES/CC-BY-4.0 @@ -0,0 +1,414 @@ +Valid-License-Identifier: CC-BY-4.0 + +SPDX-URL: https://spdx.org/licenses/CC-BY-4.0 + +Usage-Guide: + + Do NOT use this license for code, but it's acceptable for content like artwork + or documentation. When using it for the latter, it's best to use it together + with a GPL2 compatible license using "OR", as CC-BY-4.0 texts processed by + the kernel's build system might combine it with content taken from more + restrictive licenses. + + To use the Creative Commons Attribution 4.0 International license put + the following SPDX tag/value pair into a comment according to the + placement guidelines in the licensing rules documentation: + SPDX-License-Identifier: CC-BY-4.0 + +License-Text: + +Creative Commons Attribution 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution 4.0 International Public License ("Public License"). To the +extent this Public License may be interpreted as a contract, You are +granted the Licensed Rights in consideration of Your acceptance of +these terms and conditions, and the Licensor grants You such rights in +consideration of benefits the Licensor receives from making the +Licensed Material available under these terms and conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + d. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + e. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + f. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + g. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + h. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + i. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + j. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + k. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + 4. If You Share Adapted Material You produce, the Adapter's + License You apply must not prevent recipients of the Adapted + Material from complying with this Public License. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material; and + + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + + +======================================================================= + +Creative Commons is not a party to its public +licenses. Notwithstanding, Creative Commons may elect to apply one of +its public licenses to material it publishes and in those instances +will be considered the "Licensor." The text of the Creative Commons +public licenses is dedicated to the public domain under the CC0 Public +Domain Dedication. Except for the limited purpose of indicating that +material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the +public licenses. + +Creative Commons may be contacted at creativecommons.org. diff --git a/src/xen/LICENSES/GPL-2.0 b/src/xen/LICENSES/GPL-2.0 new file mode 100644 index 0000000000000000000000000000000000000000..07f332641ccd6ec5b5b927463f2bd9845880fc59 --- /dev/null +++ b/src/xen/LICENSES/GPL-2.0 @@ -0,0 +1,366 @@ +Valid-License-Identifier: GPL-2.0-only +Valid-License-Identifier: GPL-2.0-or-later + +SPDX-URL: https://spdx.org/licenses/GPL-2.0-only.html +SPDX-URL: https://spdx.org/licenses/GPL-2.0-or-later.html + +Deprecated-Identifier: GPL-2.0 +Deprecated-Identifier: GPL-2.0+ + +Usage-Guide: + + To use this license in source code, put one of the following SPDX + tag/value pairs into a comment according to the placement + guidelines in the licensing rules documentation. + + For 'GNU General Public License (GPL) version 2 only' use: + SPDX-License-Identifier: GPL-2.0-only + + For 'GNU General Public License (GPL) version 2 or any later version' use: + SPDX-License-Identifier: GPL-2.0-or-later + + The deprecated tags should not be used for any new additions. Where + possible, their existing uses should be phased out. + +License-Text: + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/src/xen/LICENSES/LGPL-2.0 b/src/xen/LICENSES/LGPL-2.0 new file mode 100644 index 0000000000000000000000000000000000000000..100c72c6db8c4762af8c0c0e908b2e1cb063d9f3 --- /dev/null +++ b/src/xen/LICENSES/LGPL-2.0 @@ -0,0 +1,494 @@ +Valid-License-Identifier: LGPL-2.0-only +Valid-License-Identifier: LGPL-2.0-or-later + +SPDX-URL: https://spdx.org/licenses/LGPL-2.0-only.html +SPDX-URL: https://spdx.org/licenses/LGPL-2.0-or-later.html + +Usage-Guide: + + To use this license in source code, put one of the following SPDX + tag/value pairs into a comment according to the placement + guidelines in the licensing rules documentation. + + For 'GNU Library General Public License (LGPL) version 2.0 only' use: + SPDX-License-Identifier: LGPL-2.0-only + + For 'GNU Library General Public License (LGPL) version 2.0 or any later + version' use: + SPDX-License-Identifier: LGPL-2.0-or-later + +License-Text: + +GNU LIBRARY GENERAL PUBLIC LICENSE +Version 2, June 1991 + +Copyright (C) 1991 Free Software Foundation, Inc. +51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + +[This is the first released version of the library GPL. It is numbered 2 +because it goes with version 2 of the ordinary GPL.] + +Preamble + +The licenses for most software are designed to take away your freedom to +share and change it. By contrast, the GNU General Public Licenses are +intended to guarantee your freedom to share and change free software--to +make sure the software is free for all its users. + +This license, the Library General Public License, applies to some specially +designated Free Software Foundation software, and to any other libraries +whose authors decide to use it. You can use it for your libraries, too. + +When we speak of free software, we are referring to freedom, not price. Our +General Public Licenses are designed to make sure that you have the freedom +to distribute copies of free software (and charge for this service if you +wish), that you receive source code or can get it if you want it, that you +can change the software or use pieces of it in new free programs; and that +you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to +deny you these rights or to ask you to surrender the rights. These +restrictions translate to certain responsibilities for you if you +distribute copies of the library, or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for +a fee, you must give the recipients all the rights that we gave you. You +must make sure that they, too, receive or can get the source code. If you +link a program with the library, you must provide complete object files to +the recipients so that they can relink them with the library, after making +changes to the library and recompiling it. And you must show them these +terms so they know their rights. + +Our method of protecting your rights has two steps: (1) copyright the +library, and (2) offer you this license which gives you legal permission to +copy, distribute and/or modify the library. + +Also, for each distributor's protection, we want to make certain that +everyone understands that there is no warranty for this free library. If +the library is modified by someone else and passed on, we want its +recipients to know that what they have is not the original version, so that +any problems introduced by others will not reflect on the original authors' +reputations. + +Finally, any free program is threatened constantly by software patents. We +wish to avoid the danger that companies distributing free software will +individually obtain patent licenses, thus in effect transforming the +program into proprietary software. To prevent this, we have made it clear +that any patent must be licensed for everyone's free use or not licensed at +all. + +Most GNU software, including some libraries, is covered by the ordinary GNU +General Public License, which was designed for utility programs. This +license, the GNU Library General Public License, applies to certain +designated libraries. This license is quite different from the ordinary +one; be sure to read it in full, and don't assume that anything in it is +the same as in the ordinary license. + +The reason we have a separate public license for some libraries is that +they blur the distinction we usually make between modifying or adding to a +program and simply using it. Linking a program with a library, without +changing the library, is in some sense simply using the library, and is +analogous to running a utility program or application program. However, in +a textual and legal sense, the linked executable is a combined work, a +derivative of the original library, and the ordinary General Public License +treats it as such. + +Because of this blurred distinction, using the ordinary General Public +License for libraries did not effectively promote software sharing, because +most developers did not use the libraries. We concluded that weaker +conditions might promote sharing better. + +However, unrestricted linking of non-free programs would deprive the users +of those programs of all benefit from the free status of the libraries +themselves. This Library General Public License is intended to permit +developers of non-free programs to use free libraries, while preserving +your freedom as a user of such programs to change the free libraries that +are incorporated in them. (We have not seen how to achieve this as regards +changes in header files, but we have achieved it as regards changes in the +actual functions of the Library.) The hope is that this will lead to faster +development of free libraries. + +The precise terms and conditions for copying, distribution and modification +follow. Pay close attention to the difference between a "work based on the +library" and a "work that uses the library". The former contains code +derived from the library, while the latter only works together with the +library. + +Note that it is possible for a library to be covered by the ordinary +General Public License rather than by this special one. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License Agreement applies to any software library which contains a + notice placed by the copyright holder or other authorized party saying + it may be distributed under the terms of this Library General Public + License (also called "this License"). Each licensee is addressed as + "you". + + A "library" means a collection of software functions and/or data + prepared so as to be conveniently linked with application programs + (which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work which + has been distributed under these terms. A "work based on the Library" + means either the Library or any derivative work under copyright law: + that is to say, a work containing the Library or a portion of it, either + verbatim or with modifications and/or translated straightforwardly into + another language. (Hereinafter, translation is included without + limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for making + modifications to it. For a library, complete source code means all the + source code for all modules it contains, plus any associated interface + definition files, plus the scripts used to control compilation and + installation of the library. + + Activities other than copying, distribution and modification are not + covered by this License; they are outside its scope. The act of running + a program using the Library is not restricted, and output from such a + program is covered only if its contents constitute a work based on the + Library (independent of the use of the Library in a tool for writing + it). Whether that is true depends on what the Library does and what the + program that uses the Library does. + +1. You may copy and distribute verbatim copies of the Library's complete + source code as you receive it, in any medium, provided that you + conspicuously and appropriately publish on each copy an appropriate + copyright notice and disclaimer of warranty; keep intact all the notices + that refer to this License and to the absence of any warranty; and + distribute a copy of this License along with the Library. + + You may charge a fee for the physical act of transferring a copy, and + you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Library or any portion of it, + thus forming a work based on the Library, and copy and distribute such + modifications or work under the terms of Section 1 above, provided that + you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices stating + that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no charge to + all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a table + of data to be supplied by an application program that uses the + facility, other than as an argument passed when the facility is + invoked, then you must make a good faith effort to ensure that, in + the event an application does not supply such function or table, the + facility still operates, and performs whatever part of its purpose + remains meaningful. + + (For example, a function in a library to compute square roots has a + purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must be + optional: if the application does not supply it, the square root + function must still compute square roots.) + + These requirements apply to the modified work as a whole. If + identifiable sections of that work are not derived from the Library, and + can be reasonably considered independent and separate works in + themselves, then this License, and its terms, do not apply to those + sections when you distribute them as separate works. But when you + distribute the same sections as part of a whole which is a work based on + the Library, the distribution of the whole must be on the terms of this + License, whose permissions for other licensees extend to the entire + whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest + your rights to work written entirely by you; rather, the intent is to + exercise the right to control the distribution of derivative or + collective works based on the Library. + + In addition, mere aggregation of another work not based on the Library + with the Library (or with a work based on the Library) on a volume of a + storage or distribution medium does not bring the other work under the + scope of this License. + +3. You may opt to apply the terms of the ordinary GNU General Public + License instead of this License to a given copy of the Library. To do + this, you must alter all the notices that refer to this License, so that + they refer to the ordinary GNU General Public License, version 2, + instead of to this License. (If a newer version than version 2 of the + ordinary GNU General Public License has appeared, then you can specify + that version instead if you wish.) Do not make any other change in these + notices. + + Once this change is made in a given copy, it is irreversible for that + copy, so the ordinary GNU General Public License applies to all + subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of the + Library into a program that is not a library. + +4. You may copy and distribute the Library (or a portion or derivative of + it, under Section 2) in object code or executable form under the terms + of Sections 1 and 2 above provided that you accompany it with the + complete corresponding machine-readable source code, which must be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange. + + If distribution of object code is made by offering access to copy from a + designated place, then offering equivalent access to copy the source + code from the same place satisfies the requirement to distribute the + source code, even though third parties are not compelled to copy the + source along with the object code. + +5. A program that contains no derivative of any portion of the Library, but + is designed to work with the Library by being compiled or linked with + it, is called a "work that uses the Library". Such a work, in isolation, + is not a derivative work of the Library, and therefore falls outside the + scope of this License. + + However, linking a "work that uses the Library" with the Library creates + an executable that is a derivative of the Library (because it contains + portions of the Library), rather than a "work that uses the + library". The executable is therefore covered by this License. Section 6 + states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file + that is part of the Library, the object code for the work may be a + derivative work of the Library even though the source code is + not. Whether this is true is especially significant if the work can be + linked without the Library, or if the work is itself a library. The + threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data structure + layouts and accessors, and small macros and small inline functions (ten + lines or less in length), then the use of the object file is + unrestricted, regardless of whether it is legally a derivative + work. (Executables containing this object code plus portions of the + Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may + distribute the object code for the work under the terms of Section + 6. Any executables containing that work also fall under Section 6, + whether or not they are linked directly with the Library itself. + +6. As an exception to the Sections above, you may also compile or link a + "work that uses the Library" with the Library to produce a work + containing portions of the Library, and distribute that work under terms + of your choice, provided that the terms permit modification of the work + for the customer's own use and reverse engineering for debugging such + modifications. + + You must give prominent notice with each copy of the work that the + Library is used in it and that the Library and its use are covered by + this License. You must supply a copy of this License. If the work during + execution displays copyright notices, you must include the copyright + notice for the Library among them, as well as a reference directing the + user to the copy of this License. Also, you must do one of these things: + + a) Accompany the work with the complete corresponding machine-readable + source code for the Library including whatever changes were used in + the work (which must be distributed under Sections 1 and 2 above); + and, if the work is an executable linked with the Library, with the + complete machine-readable "work that uses the Library", as object + code and/or source code, so that the user can modify the Library and + then relink to produce a modified executable containing the modified + Library. (It is understood that the user who changes the contents of + definitions files in the Library will not necessarily be able to + recompile the application to use the modified definitions.) + + b) Accompany the work with a written offer, valid for at least three + years, to give the same user the materials specified in Subsection + 6a, above, for a charge no more than the cost of performing this + distribution. + + c) If distribution of the work is made by offering access to copy from a + designated place, offer equivalent access to copy the above specified + materials from the same place. + + d) Verify that the user has already received a copy of these materials + or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the Library" + must include any data and utility programs needed for reproducing the + executable from it. However, as a special exception, the source code + distributed need not include anything that is normally distributed (in + either source or binary form) with the major components (compiler, + kernel, and so on) of the operating system on which the executable runs, + unless that component itself accompanies the executable. + + It may happen that this requirement contradicts the license restrictions + of other proprietary libraries that do not normally accompany the + operating system. Such a contradiction means you cannot use both them + and the Library together in an executable that you distribute. + +7. You may place library facilities that are a work based on the Library + side-by-side in a single library together with other library facilities + not covered by this License, and distribute such a combined library, + provided that the separate distribution of the work based on the Library + and of the other library facilities is otherwise permitted, and provided + that you do these two things: + + a) Accompany the combined library with a copy of the same work based on + the Library, uncombined with any other library facilities. This must + be distributed under the terms of the Sections above. + + b) Give prominent notice with the combined library of the fact that part + of it is a work based on the Library, and explaining where to find + the accompanying uncombined form of the same work. + +8. You may not copy, modify, sublicense, link with, or distribute the + Library except as expressly provided under this License. Any attempt + otherwise to copy, modify, sublicense, link with, or distribute the + Library is void, and will automatically terminate your rights under this + License. However, parties who have received copies, or rights, from you + under this License will not have their licenses terminated so long as + such parties remain in full compliance. + +9. You are not required to accept this License, since you have not signed + it. However, nothing else grants you permission to modify or distribute + the Library or its derivative works. These actions are prohibited by law + if you do not accept this License. Therefore, by modifying or + distributing the Library (or any work based on the Library), you + indicate your acceptance of this License to do so, and all its terms and + conditions for copying, distributing or modifying the Library or works + based on it. + +10. Each time you redistribute the Library (or any work based on the + Library), the recipient automatically receives a license from the + original licensor to copy, distribute, link with or modify the Library + subject to these terms and conditions. You may not impose any further + restrictions on the recipients' exercise of the rights granted + herein. You are not responsible for enforcing compliance by third + parties to this License. + +11. If, as a consequence of a court judgment or allegation of patent + infringement or for any other reason (not limited to patent issues), + conditions are imposed on you (whether by court order, agreement or + otherwise) that contradict the conditions of this License, they do not + excuse you from the conditions of this License. If you cannot + distribute so as to satisfy simultaneously your obligations under this + License and any other pertinent obligations, then as a consequence you + may not distribute the Library at all. For example, if a patent license + would not permit royalty-free redistribution of the Library by all + those who receive copies directly or indirectly through you, then the + only way you could satisfy both it and this License would be to refrain + entirely from distribution of the Library. + + If any portion of this section is held invalid or unenforceable under + any particular circumstance, the balance of the section is intended to + apply, and the section as a whole is intended to apply in other + circumstances. + + It is not the purpose of this section to induce you to infringe any + patents or other property right claims or to contest validity of any + such claims; this section has the sole purpose of protecting the + integrity of the free software distribution system which is implemented + by public license practices. Many people have made generous + contributions to the wide range of software distributed through that + system in reliance on consistent application of that system; it is up + to the author/donor to decide if he or she is willing to distribute + software through any other system and a licensee cannot impose that + choice. + + This section is intended to make thoroughly clear what is believed to + be a consequence of the rest of this License. + +12. If the distribution and/or use of the Library is restricted in certain + countries either by patents or by copyrighted interfaces, the original + copyright holder who places the Library under this License may add an + explicit geographical distribution limitation excluding those + countries, so that distribution is permitted only in or among countries + not thus excluded. In such case, this License incorporates the + limitation as if written in the body of this License. + +13. The Free Software Foundation may publish revised and/or new versions of + the Library General Public License from time to time. Such new versions + will be similar in spirit to the present version, but may differ in + detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the Library + specifies a version number of this License which applies to it and "any + later version", you have the option of following the terms and + conditions either of that version or of any later version published by + the Free Software Foundation. If the Library does not specify a license + version number, you may choose any version ever published by the Free + Software Foundation. + +14. If you wish to incorporate parts of the Library into other free + programs whose distribution conditions are incompatible with these, + write to the author to ask for permission. For software which is + copyrighted by the Free Software Foundation, write to the Free Software + Foundation; we sometimes make exceptions for this. Our decision will be + guided by the two goals of preserving the free status of all + derivatives of our free software and of promoting the sharing and reuse + of software generally. + +NO WARRANTY + +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY + FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN + OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES + PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER + EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE + ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH + YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL + NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR + REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR + DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL + DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY + (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED + INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF + THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR + OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + +one line to give the library's name and an idea of what it does. +Copyright (C) year name of author + +This library is free software; you can redistribute it and/or modify it +under the terms of the GNU Library General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at your +option) any later version. + +This library is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public +License for more details. + +You should have received a copy of the GNU Library General Public License +along with this library; if not, write to the Free Software Foundation, +Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +signature of Ty Coon, 1 April 1990 +Ty Coon, President of Vice + +That's all there is to it! diff --git a/src/xen/LICENSES/LGPL-2.1 b/src/xen/LICENSES/LGPL-2.1 new file mode 100644 index 0000000000000000000000000000000000000000..d3e213c39c260ad5186a5221b8d2c2b04c88e131 --- /dev/null +++ b/src/xen/LICENSES/LGPL-2.1 @@ -0,0 +1,510 @@ +Valid-License-Identifier: LGPL-2.1-only +Valid-License-Identifier: LGPL-2.1-or-later + +SPDX-URL: https://spdx.org/licenses/LGPL-2.1-only.html +SPDX-URL: https://spdx.org/licenses/LGPL-2.1-or-later.html + +Usage-Guide: + + To use this license in source code, put one of the following SPDX + tag/value pairs into a comment according to the placement + guidelines in the licensing rules documentation. + + For 'GNU Lesser General Public License (LGPL) version 2.1 only' use: + SPDX-License-Identifier: LGPL-2.1-only + + For 'GNU Lesser General Public License (LGPL) version 2.1 or any later + version' use: + SPDX-License-Identifier: LGPL-2.1-or-later + +License-Text: + +GNU LESSER GENERAL PUBLIC LICENSE +Version 2.1, February 1999 + +Copyright (C) 1991, 1999 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts as +the successor of the GNU Library Public License, version 2, hence the +version number 2.1.] + +Preamble + +The licenses for most software are designed to take away your freedom to +share and change it. By contrast, the GNU General Public Licenses are +intended to guarantee your freedom to share and change free software--to +make sure the software is free for all its users. + +This license, the Lesser General Public License, applies to some specially +designated software packages--typically libraries--of the Free Software +Foundation and other authors who decide to use it. You can use it too, but +we suggest you first think carefully about whether this license or the +ordinary General Public License is the better strategy to use in any +particular case, based on the explanations below. + +When we speak of free software, we are referring to freedom of use, not +price. Our General Public Licenses are designed to make sure that you have +the freedom to distribute copies of free software (and charge for this +service if you wish); that you receive source code or can get it if you +want it; that you can change the software and use pieces of it in new free +programs; and that you are informed that you can do these things. + +To protect your rights, we need to make restrictions that forbid +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for you if +you distribute copies of the library or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for +a fee, you must give the recipients all the rights that we gave you. You +must make sure that they, too, receive or can get the source code. If you +link other code with the library, you must provide complete object files to +the recipients, so that they can relink them with the library after making +changes to the library and recompiling it. And you must show them these +terms so they know their rights. + +We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal +permission to copy, distribute and/or modify the library. + +To protect each distributor, we want to make it very clear that there is no +warranty for the free library. Also, if the library is modified by someone +else and passed on, the recipients should know that what they have is not +the original version, so that the original author's reputation will not be +affected by problems that might be introduced by others. + +Finally, software patents pose a constant threat to the existence of any +free program. We wish to make sure that a company cannot effectively +restrict the users of a free program by obtaining a restrictive license +from a patent holder. Therefore, we insist that any patent license obtained +for a version of the library must be consistent with the full freedom of +use specified in this license. + +Most GNU software, including some libraries, is covered by the ordinary GNU +General Public License. This license, the GNU Lesser General Public +License, applies to certain designated libraries, and is quite different +from the ordinary General Public License. We use this license for certain +libraries in order to permit linking those libraries into non-free +programs. + +When a program is linked with a library, whether statically or using a +shared library, the combination of the two is legally speaking a combined +work, a derivative of the original library. The ordinary General Public +License therefore permits such linking only if the entire combination fits +its criteria of freedom. The Lesser General Public License permits more lax +criteria for linking other code with the library. + +We call this license the "Lesser" General Public License because it does +Less to protect the user's freedom than the ordinary General Public +License. It also provides other free software developers Less of an +advantage over competing non-free programs. These disadvantages are the +reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + +For example, on rare occasions, there may be a special need to encourage +the widest possible use of a certain library, so that it becomes a de-facto +standard. To achieve this, non-free programs must be allowed to use the +library. A more frequent case is that a free library does the same job as +widely used non-free libraries. In this case, there is little to gain by +limiting the free library to free software only, so we use the Lesser +General Public License. + +In other cases, permission to use a particular library in non-free programs +enables a greater number of people to use a large body of free +software. For example, permission to use the GNU C Library in non-free +programs enables many more people to use the whole GNU operating system, as +well as its variant, the GNU/Linux operating system. + +Although the Lesser General Public License is Less protective of the users' +freedom, it does ensure that the user of a program that is linked with the +Library has the freedom and the wherewithal to run that program using a +modified version of the Library. + +The precise terms and conditions for copying, distribution and modification +follow. Pay close attention to the difference between a "work based on the +library" and a "work that uses the library". The former contains code +derived from the library, whereas the latter must be combined with the +library in order to run. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License Agreement applies to any software library or other program + which contains a notice placed by the copyright holder or other + authorized party saying it may be distributed under the terms of this + Lesser General Public License (also called "this License"). Each + licensee is addressed as "you". + + A "library" means a collection of software functions and/or data + prepared so as to be conveniently linked with application programs + (which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work which + has been distributed under these terms. A "work based on the Library" + means either the Library or any derivative work under copyright law: + that is to say, a work containing the Library or a portion of it, either + verbatim or with modifications and/or translated straightforwardly into + another language. (Hereinafter, translation is included without + limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for making + modifications to it. For a library, complete source code means all the + source code for all modules it contains, plus any associated interface + definition files, plus the scripts used to control compilation and + installation of the library. + + Activities other than copying, distribution and modification are not + covered by this License; they are outside its scope. The act of running + a program using the Library is not restricted, and output from such a + program is covered only if its contents constitute a work based on the + Library (independent of the use of the Library in a tool for writing + it). Whether that is true depends on what the Library does and what the + program that uses the Library does. + +1. You may copy and distribute verbatim copies of the Library's complete + source code as you receive it, in any medium, provided that you + conspicuously and appropriately publish on each copy an appropriate + copyright notice and disclaimer of warranty; keep intact all the notices + that refer to this License and to the absence of any warranty; and + distribute a copy of this License along with the Library. + + You may charge a fee for the physical act of transferring a copy, and + you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Library or any portion of it, + thus forming a work based on the Library, and copy and distribute such + modifications or work under the terms of Section 1 above, provided that + you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices stating + that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no charge to + all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a table + of data to be supplied by an application program that uses the + facility, other than as an argument passed when the facility is + invoked, then you must make a good faith effort to ensure that, in + the event an application does not supply such function or table, the + facility still operates, and performs whatever part of its purpose + remains meaningful. + + (For example, a function in a library to compute square roots has a + purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must be + optional: if the application does not supply it, the square root + function must still compute square roots.) + + These requirements apply to the modified work as a whole. If + identifiable sections of that work are not derived from the Library, and + can be reasonably considered independent and separate works in + themselves, then this License, and its terms, do not apply to those + sections when you distribute them as separate works. But when you + distribute the same sections as part of a whole which is a work based on + the Library, the distribution of the whole must be on the terms of this + License, whose permissions for other licensees extend to the entire + whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest + your rights to work written entirely by you; rather, the intent is to + exercise the right to control the distribution of derivative or + collective works based on the Library. + + In addition, mere aggregation of another work not based on the Library + with the Library (or with a work based on the Library) on a volume of a + storage or distribution medium does not bring the other work under the + scope of this License. + +3. You may opt to apply the terms of the ordinary GNU General Public + License instead of this License to a given copy of the Library. To do + this, you must alter all the notices that refer to this License, so that + they refer to the ordinary GNU General Public License, version 2, + instead of to this License. (If a newer version than version 2 of the + ordinary GNU General Public License has appeared, then you can specify + that version instead if you wish.) Do not make any other change in these + notices. + + Once this change is made in a given copy, it is irreversible for that + copy, so the ordinary GNU General Public License applies to all + subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of the + Library into a program that is not a library. + +4. You may copy and distribute the Library (or a portion or derivative of + it, under Section 2) in object code or executable form under the terms + of Sections 1 and 2 above provided that you accompany it with the + complete corresponding machine-readable source code, which must be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange. + + If distribution of object code is made by offering access to copy from a + designated place, then offering equivalent access to copy the source + code from the same place satisfies the requirement to distribute the + source code, even though third parties are not compelled to copy the + source along with the object code. + +5. A program that contains no derivative of any portion of the Library, but + is designed to work with the Library by being compiled or linked with + it, is called a "work that uses the Library". Such a work, in isolation, + is not a derivative work of the Library, and therefore falls outside the + scope of this License. + + However, linking a "work that uses the Library" with the Library creates + an executable that is a derivative of the Library (because it contains + portions of the Library), rather than a "work that uses the + library". The executable is therefore covered by this License. Section 6 + states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file + that is part of the Library, the object code for the work may be a + derivative work of the Library even though the source code is + not. Whether this is true is especially significant if the work can be + linked without the Library, or if the work is itself a library. The + threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data structure + layouts and accessors, and small macros and small inline functions (ten + lines or less in length), then the use of the object file is + unrestricted, regardless of whether it is legally a derivative + work. (Executables containing this object code plus portions of the + Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may + distribute the object code for the work under the terms of Section + 6. Any executables containing that work also fall under Section 6, + whether or not they are linked directly with the Library itself. + +6. As an exception to the Sections above, you may also combine or link a + "work that uses the Library" with the Library to produce a work + containing portions of the Library, and distribute that work under terms + of your choice, provided that the terms permit modification of the work + for the customer's own use and reverse engineering for debugging such + modifications. + + You must give prominent notice with each copy of the work that the + Library is used in it and that the Library and its use are covered by + this License. You must supply a copy of this License. If the work during + execution displays copyright notices, you must include the copyright + notice for the Library among them, as well as a reference directing the + user to the copy of this License. Also, you must do one of these things: + + a) Accompany the work with the complete corresponding machine-readable + source code for the Library including whatever changes were used in + the work (which must be distributed under Sections 1 and 2 above); + and, if the work is an executable linked with the Library, with the + complete machine-readable "work that uses the Library", as object + code and/or source code, so that the user can modify the Library and + then relink to produce a modified executable containing the modified + Library. (It is understood that the user who changes the contents of + definitions files in the Library will not necessarily be able to + recompile the application to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a copy + of the library already present on the user's computer system, rather + than copying library functions into the executable, and (2) will + operate properly with a modified version of the library, if the user + installs one, as long as the modified version is interface-compatible + with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at least three + years, to give the same user the materials specified in Subsection + 6a, above, for a charge no more than the cost of performing this + distribution. + + d) If distribution of the work is made by offering access to copy from a + designated place, offer equivalent access to copy the above specified + materials from the same place. + + e) Verify that the user has already received a copy of these materials + or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the Library" + must include any data and utility programs needed for reproducing the + executable from it. However, as a special exception, the materials to be + distributed need not include anything that is normally distributed (in + either source or binary form) with the major components (compiler, + kernel, and so on) of the operating system on which the executable runs, + unless that component itself accompanies the executable. + + It may happen that this requirement contradicts the license restrictions + of other proprietary libraries that do not normally accompany the + operating system. Such a contradiction means you cannot use both them + and the Library together in an executable that you distribute. + +7. You may place library facilities that are a work based on the Library + side-by-side in a single library together with other library facilities + not covered by this License, and distribute such a combined library, + provided that the separate distribution of the work based on the Library + and of the other library facilities is otherwise permitted, and provided + that you do these two things: + + a) Accompany the combined library with a copy of the same work based on + the Library, uncombined with any other library facilities. This must + be distributed under the terms of the Sections above. + + b) Give prominent notice with the combined library of the fact that part + of it is a work based on the Library, and explaining where to find + the accompanying uncombined form of the same work. + +8. You may not copy, modify, sublicense, link with, or distribute the + Library except as expressly provided under this License. Any attempt + otherwise to copy, modify, sublicense, link with, or distribute the + Library is void, and will automatically terminate your rights under this + License. However, parties who have received copies, or rights, from you + under this License will not have their licenses terminated so long as + such parties remain in full compliance. + +9. You are not required to accept this License, since you have not signed + it. However, nothing else grants you permission to modify or distribute + the Library or its derivative works. These actions are prohibited by law + if you do not accept this License. Therefore, by modifying or + distributing the Library (or any work based on the Library), you + indicate your acceptance of this License to do so, and all its terms and + conditions for copying, distributing or modifying the Library or works + based on it. + +10. Each time you redistribute the Library (or any work based on the + Library), the recipient automatically receives a license from the + original licensor to copy, distribute, link with or modify the Library + subject to these terms and conditions. You may not impose any further + restrictions on the recipients' exercise of the rights granted + herein. You are not responsible for enforcing compliance by third + parties with this License. + +11. If, as a consequence of a court judgment or allegation of patent + infringement or for any other reason (not limited to patent issues), + conditions are imposed on you (whether by court order, agreement or + otherwise) that contradict the conditions of this License, they do not + excuse you from the conditions of this License. If you cannot + distribute so as to satisfy simultaneously your obligations under this + License and any other pertinent obligations, then as a consequence you + may not distribute the Library at all. For example, if a patent license + would not permit royalty-free redistribution of the Library by all + those who receive copies directly or indirectly through you, then the + only way you could satisfy both it and this License would be to refrain + entirely from distribution of the Library. + + If any portion of this section is held invalid or unenforceable under + any particular circumstance, the balance of the section is intended to + apply, and the section as a whole is intended to apply in other + circumstances. + + It is not the purpose of this section to induce you to infringe any + patents or other property right claims or to contest validity of any + such claims; this section has the sole purpose of protecting the + integrity of the free software distribution system which is implemented + by public license practices. Many people have made generous + contributions to the wide range of software distributed through that + system in reliance on consistent application of that system; it is up + to the author/donor to decide if he or she is willing to distribute + software through any other system and a licensee cannot impose that + choice. + + This section is intended to make thoroughly clear what is believed to + be a consequence of the rest of this License. + +12. If the distribution and/or use of the Library is restricted in certain + countries either by patents or by copyrighted interfaces, the original + copyright holder who places the Library under this License may add an + explicit geographical distribution limitation excluding those + countries, so that distribution is permitted only in or among countries + not thus excluded. In such case, this License incorporates the + limitation as if written in the body of this License. + +13. The Free Software Foundation may publish revised and/or new versions of + the Lesser General Public License from time to time. Such new versions + will be similar in spirit to the present version, but may differ in + detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the Library + specifies a version number of this License which applies to it and "any + later version", you have the option of following the terms and + conditions either of that version or of any later version published by + the Free Software Foundation. If the Library does not specify a license + version number, you may choose any version ever published by the Free + Software Foundation. + +14. If you wish to incorporate parts of the Library into other free + programs whose distribution conditions are incompatible with these, + write to the author to ask for permission. For software which is + copyrighted by the Free Software Foundation, write to the Free Software + Foundation; we sometimes make exceptions for this. Our decision will be + guided by the two goals of preserving the free status of all + derivatives of our free software and of promoting the sharing and reuse + of software generally. + +NO WARRANTY + +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY + FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN + OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES + PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER + EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE + ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH + YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL + NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR + REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR + DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL + DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY + (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED + INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF + THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR + OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + +one line to give the library's name and an idea of what it does. +Copyright (C) year name of author + +This library is free software; you can redistribute it and/or modify it +under the terms of the GNU Lesser General Public License as published by +the Free Software Foundation; either version 2.1 of the License, or (at +your option) any later version. + +This library is distributed in the hope that it will be useful, but WITHOUT +ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +for more details. + +You should have received a copy of the GNU Lesser General Public License +along with this library; if not, write to the Free Software Foundation, +Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add +information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +signature of Ty Coon, 1 April 1990 +Ty Coon, President of Vice +That's all there is to it! diff --git a/src/xen/LICENSES/MIT b/src/xen/LICENSES/MIT new file mode 100644 index 0000000000000000000000000000000000000000..eba1549f93e4a87ae1f1cc04cfd462e17abe2185 --- /dev/null +++ b/src/xen/LICENSES/MIT @@ -0,0 +1,34 @@ +Valid-License-Identifier: MIT + +SPDX-URL: https://spdx.org/licenses/MIT.html + +Usage-Guide: + + To use the MIT License put the following SPDX tag/value pair into a + comment according to the placement guidelines in the licensing rules + documentation: + SPDX-License-Identifier: MIT + +License-Text: + +MIT License + +Copyright (c) + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/src/xen/MAINTAINERS b/src/xen/MAINTAINERS new file mode 100644 index 0000000000000000000000000000000000000000..076cf1e141cbd1d18f7ea58fa1c386779087b687 --- /dev/null +++ b/src/xen/MAINTAINERS @@ -0,0 +1,720 @@ + + List of maintainers and how to submit changes + ============================================= + +Please try to follow the guidelines below. This will make things +easier on the maintainers. Not all of these guidelines matter for every +trivial patch so apply some common sense. + +1. Always _test_ your changes, however small, on at least 4 or + 5 people, preferably many more. + +2. Make sure your changes compile correctly in multiple + configurations. For example, both 32- and 64-bit x86. + +3. Make a patch available to the relevant maintainer in the list. Use + 'diff -u' to make the patch easy to merge. Be prepared to get your + changes sent back with seemingly silly requests about formatting + and variable names. These aren't as silly as they seem. One + job the maintainers do is to keep things looking the same. + + PLEASE see https://wiki.xenproject.org/wiki/Submitting_Xen_Patches for + hints on how to submit a patch to xen-unstable in a suitable + form. + + PLEASE try to include any credit lines you want added with the + patch. It avoids people being missed off by mistake and makes + it easier to know who wants adding and who doesn't. + + PLEASE document known bugs. If it doesn't work for everything + or does something very odd once a month document it. + + PLEASE remember that submissions must be made under the terms + of the "Developer's Certificate of Origin" (DCO) and should include + a Signed-off-by: line. + +4. Make sure you have the right to send any changes you make. If you + do changes at work you may find your employer owns the patch + not you. + +5. Happy hacking. + + + Stable Release Maintenance + ========================== + +The policy for inclusion in a Xen stable release is different to that +for inclusion in xen-unstable. + +Please see https://wiki.xenproject.org/wiki/Xen_Maintenance_Releases for more +information. + +Backport requests should be made on the xen-devel@lists.xenproject.org +list. Remember to copy the appropriate stable branch maintainer who +will be listed in this section of the MAINTAINERS file in the +appropriate branch. + + Unstable Subsystem Maintainers + ============================== + +Descriptions of section entries: + + M: Maintainer: FullName + Maintainers should be CCed on patches. At least one of them + needs to approve changes to the covered files. + R: Designated reviewer: FullName + Reviewers should be CCed on patches. However, they do not + have a formal governance role, and are listed here + simply because of their own request. + L: Mailing list that is relevant to this area + W: Web-page with status/info + T: SCM tree type and location. Type is one of: git, hg, quilt, stgit. + S: Status, one of the following: + Supported: Someone is actually paid to look after this. + Maintained: Someone actually looks after it. + Odd Fixes: It has a maintainer but they don't have time to do + much other than throw the odd patch in. See below.. + Orphan: No current maintainer [but maybe you could take the + role as you write your new code]. + Obsolete: Old code. Something tagged obsolete generally means + it has been replaced by a better system and you + should be using that. + F: Files and directories with wildcard patterns. + A trailing slash includes all files and subdirectory files. + F: drivers/net/ all files in and below drivers/net + F: drivers/net/* all files in drivers/net, but not below + F: */net/* all files in "any top level directory"/net + One pattern per line. Multiple F: lines acceptable. + X: Files and directories that are NOT maintained, same rules as F: + Files exclusions are tested before file matches. + Can be useful for excluding a specific subdirectory, for instance: + F: net/ + X: net/ipv6/ + matches all files in and below net excluding net/ipv6/ + K: Keyword perl extended regex pattern to match content in a + patch or file. For instance: + K: of_get_profile + matches patches or files that contain "of_get_profile" + K: \b(printk|pr_(info|err))\b + matches patches or files that contain one or more of the words + printk, pr_info or pr_err + One regex pattern per line. Multiple K: lines acceptable. + V: Version identifier that must be under THE REST and follows + the format: + xen-maintainers- + + + Check-in policy + =============== + +In order for a patch to be checked in, in general, several conditions +must be met: + +1. In order to get a change to a given file committed, it must have + the approval of at least one maintainer of that file. + + A patch of course needs Acks from the maintainers of each file that + it changes; so a patch which changes xen/arch/x86/traps.c, + xen/arch/x86/mm/p2m.c, and xen/arch/x86/mm/shadow/multi.c would + require an Ack from each of the three sets of maintainers. + + See below for rules on nested maintainership. + +2. Each change must have appropriate approval from someone other than + the person who wrote it. This can be either: + + a. An Acked-by from a maintainer of the code being touched (a + co-maintainer if available, or a more general level maintainer if + not available; see the secton on nested maintainership) + + b. A Reviewed-by by anyone of suitable stature in the community + +3. Sufficient time must have been given for anyone to respond. This + depends in large part upon the urgency and nature of the patch. + For a straightforward uncontroversial patch, a day or two may be + sufficient; for a controversial patch, a week or two may be better. + +4. There must be no "open" objections. + +In a case where one person submits a patch and a maintainer gives an +Ack, the Ack stands in for both the approval requirement (#1) and the +Acked-by-non-submitter requirement (#2). + +In a case where a maintainer themselves submits a patch, the +Signed-off-by meets the approval requirement (#1); so a Review +from anyone in the community suffices for requirement #2. + +Before a maintainer checks in their own patch with another community +member's R-b but no co-maintainer Ack, it is especially important to +give their co-maintainer opportunity to give feedback, perhaps +declaring their intention to check it in without their co-maintainers +ack a day before doing so. + +In the case where two people collaborate on a patch, at least one of +whom is a maintainer -- typically where one maintainer will do an +early version of the patch, and another maintainer will pick it up and +revise it -- there should be two Signed-off-by's and one Acked-by or +Reviewed-by; with the maintainer who did the most recent change +sending the patch, and an Acked-by or Reviewed-by coming from the +maintainer who did not most recently edit the patch. This satisfies +the requirement #2 because a) the Signed-off-by of the sender approves +the final version of the patch; including all parts of the patch that +the sender did not write b) the Reviewed-by approves the final version +of the patch, including all patches that the reviewer did not write. +Thus all code in the patch has been approved by someone who did not +write it. + +Maintainers may choose to override non-maintainer objections in the +case that consensus can't be reached. + +As always, no policy can cover all possible situations. In +exceptional circumstances, committers may commit a patch in absence of +one or more of the above requirements, if they are reasonably +confident that the other maintainers will approve of their decision in +retrospect. + + The meaning of nesting + ====================== + +Many maintainership areas are "nested": for example, there are entries +for xen/arch/x86 as well as xen/arch/x86/mm, and even +xen/arch/x86/mm/shadow; and there is a section at the end called "THE +REST" which lists all committers. The meaning of nesting is that: + +1. Under normal circumstances, the Ack of the most specific maintainer +is both necessary and sufficient to get a change to a given file +committed. So a change to xen/arch/x86/mm/shadow/multi.c requires the +the Ack of the xen/arch/x86/mm/shadow maintainer for that part of the +patch, but would not require the Ack of the xen/arch/x86 maintainer or +the xen/arch/x86/mm maintainer. + +2. In unusual circumstances, a more general maintainer's Ack can stand +in for or even overrule a specific maintainer's Ack. Unusual +circumstances might include: + - The patch is fixing a high-priority issue causing immediate pain, + and the more specific maintainer is not available. + - The more specific maintainer has not responded either to the + original patch, nor to "pings", within a reasonable amount of time. + - The more general maintainer wants to overrule the more specific + maintainer on some issue. (This should be exceptional.) + - In the case of a disagreement between maintainers, THE REST can + settle the matter by majority vote. (This should be very exceptional + indeed.) + + +Maintainers List (try to look for most precise areas first) + + ----------------------------------- + +ACPI +M: Jan Beulich +S: Supported +F: xen/arch/x86/acpi/ +F: xen/drivers/acpi/ +F: xen/include/acpi/ +F: tools/libacpi/ + +AMD IOMMU +M: Jan Beulich +M: Andrew Cooper +S: Maintained +F: xen/drivers/passthrough/amd/ + +AMD SVM +M: Jan Beulich +M: Andrew Cooper +S: Supported +F: xen/arch/x86/hvm/svm/ +F: xen/arch/x86/cpu/vpmu_amd.c + +ARGO +M: Christopher Clark +S: Maintained +F: xen/include/public/argo.h +F: xen/include/xen/argo.h +F: xen/common/argo.c + +ARINC653 SCHEDULER +M: Nathan Studer +M: Stewart Hildebrand +S: Supported +L: xen-devel@dornerworks.com +F: xen/common/sched/arinc653.c +F: tools/libs/ctrl/xc_arinc653.c + +ARM (W/ VIRTUALISATION EXTENSIONS) ARCHITECTURE +M: Stefano Stabellini +M: Julien Grall +M: Bertrand Marquis +M: Michal Orzel +R: Volodymyr Babchuk +S: Supported +L: xen-devel@lists.xenproject.org +F: docs/misc/arm/ +F: xen/arch/arm/ +F: xen/drivers/char/arm-uart.c +F: xen/drivers/char/cadence-uart.c +F: xen/drivers/char/exynos4210-uart.c +F: xen/drivers/char/imx-lpuart.c +F: xen/drivers/char/meson-uart.c +F: xen/drivers/char/mvebu-uart.c +F: xen/drivers/char/omap-uart.c +F: xen/drivers/char/pl011.c +F: xen/drivers/char/scif-uart.c +F: xen/drivers/passthrough/arm/ +F: xen/include/public/arch-arm/ +F: xen/include/public/arch-arm.h + +ARM SMMU +M: Julien Grall +M: Rahul Singh +S: Supported +F: xen/drivers/passthrough/arm/smmu.c + +ARM SMMUv3 +M: Bertrand Marquis +M: Rahul Singh +S: Supported +F: xen/drivers/passthrough/arm/smmu-v3.c + +Change Log +M: Oleksii Kurochko +R: Community Manager +S: Maintained +F: CHANGELOG.md + +Continuous Integration (CI) +M: Doug Goldstein +M: Stefano Stabellini +W: https://gitlab.com/xen-project/xen +S: Supported +F: .gitlab-ci.yml +F: automation/ + +CPU POOLS +M: Juergen Gross +M: Dario Faggioli +S: Supported +F: xen/common/sched/*cpupool.c + +DEVICE TREE +M: Stefano Stabellini +M: Julien Grall +S: Supported +F: xen/common/libfdt/ +F: xen/common/device_tree.c +F: xen/common/dt-overlay.c +F: xen/include/xen/libfdt/ +F: xen/include/xen/device_tree.h +F: xen/drivers/passthrough/device_tree.c + +ECLAIR +R: Simone Ballarin +S: Supported +F: automation/eclair_analysis/ +F: automation/scripts/eclair + +EFI +M: Jan Beulich +S: Supported +F: xen/arch/x86/efi/ +F: xen/arch/x86/include/asm/efi*.h +F: xen/arch/x86/include/asm/x86_*/efi*.h +F: xen/common/efi/ +F: xen/include/efi/ + +GDBSX DEBUGGER +M: Elena Ufimtseva +S: Supported +F: xen/arch/x86/debug.c +F: tools/debugger/gdbsx/ + +GOLANG BINDINGS +M: George Dunlap +M: Nick Rosbrook +S: Maintained +F: tools/golang + +HYPFS +M: Juergen Gross +S: Supported +F: tools/include/xenhypfs.h +F: tools/libs/hypfs/ +F: tools/misc/xenhypfs.c +F: xen/common/hypfs.c +F: xen/include/xen/hypfs.h + +INTEL(R) TRUSTED EXECUTION TECHNOLOGY (TXT) +R: Lukasz Hawrylko +R: Daniel P. Smith +R: Mateusz Mówka +S: Odd Fixes +F: xen/arch/x86/include/asm/tboot.h +F: xen/arch/x86/tboot.c + +INTEL(R) VT FOR DIRECTED I/O (VT-D) +M: Kevin Tian +S: Supported +F: xen/drivers/passthrough/vtd/ + +INTEL(R) VT FOR X86 (VT-X) +M: Jun Nakajima +M: Kevin Tian +S: Supported +F: xen/arch/x86/cpu/vpmu_intel.c +F: xen/arch/x86/hvm/vmx/ +F: xen/arch/x86/include/asm/hvm/vmx/ +F: xen/arch/x86/mm/p2m-ept.c + +IOMMU VENDOR INDEPENDENT CODE +M: Jan Beulich +M: Paul Durrant +R: Roger Pau Monné +S: Supported +F: xen/drivers/passthrough/ +X: xen/drivers/passthrough/amd/ +X: xen/drivers/passthrough/arm/ +X: xen/drivers/passthrough/vtd/ +X: xen/drivers/passthrough/device_tree.c +F: xen/include/xen/iommu.h + +I/O EMULATION (IOREQ) +M: Paul Durrant +S: Supported +F: xen/common/ioreq.c +F: xen/include/xen/ioreq.h +F: xen/include/public/hvm/ioreq.h + +KCONFIG +M: Doug Goldstein +S: Supported +F: docs/misc/kconfig{,-language}.txt +F: xen/tools/kconfig/ + +KDD DEBUGGER +M: Tim Deegan +S: Odd Fixes +F: tools/debugger/kdd/ + +KEXEC +M: Andrew Cooper +S: Supported +F: xen/common/{kexec,kimage}.c +F: xen/include/xen/{kexec,kimage}.h +F: xen/arch/x86/machine_kexec.c +F: xen/arch/x86/x86_64/kexec_reloc.S + +LIBS +M: Wei Liu +M: Anthony PERARD +R: Juergen Gross +S: Supported +F: tools/include/libxenvchan.h +F: tools/include/libxl*.h +F: tools/include/xencall.h +F: tools/include/xenctrl*.h +F: tools/include/xendevicemodel.h +F: tools/include/xenevtchn.h +F: tools/include/xenforeignmemory.h +F: tools/include/xengnttab.h +F: tools/include/xenguest.h +F: tools/include/xenhypfs.h +F: tools/include/xenstat.h +F: tools/include/xentoolcore*.h +F: tools/include/xentoollog.h +F: tools/libs/ + +LIVEPATCH +M: Konrad Rzeszutek Wilk +M: Ross Lagerwall +S: Supported +F: docs/misc/livepatch.pandoc +F: tools/misc/xen-livepatch.c +F: xen/arch/*/include/asm/livepatch.h +F: xen/arch/*/livepatch* +F: xen/arch/*/*/livepatch* +F: xen/common/livepatch* +F: xen/include/xen/livepatch* +F: xen/test/livepatch/* + +MINI-OS +M: Samuel Thibault +M: Juergen Gross +R: Wei Liu +S: Supported +L: minios-devel@lists.xenproject.org +T: git https://xenbits.xenproject.org/git-http/mini-os.git +F: config/MiniOS.mk + +OCAML TOOLS +M: Christian Lindig +M: David Scott +S: Supported +F: tools/ocaml/ + +OVMF UPSTREAM +M: Anthony PERARD +M: Wei Liu +S: Supported +T: git https://xenbits.xenproject.org/git-http/ovmf.git + +POWER MANAGEMENT +M: Jan Beulich +S: Supported +F: xen/arch/x86/acpi/ +X: xen/arch/x86/acpi/boot.c +X: xen/arch/x86/acpi/lib.c +F: xen/drivers/cpufreq/ +F: xen/include/acpi/cpufreq/ + +PPC64 +M: Shawn Anastasio +F: xen/arch/ppc/ + +PUBLIC I/O INTERFACES AND PV DRIVERS DESIGNS +M: Juergen Gross +S: Supported +F: xen/include/public/io/ + +PYTHON BINDINGS +M: Marek Marczykowski-Górecki +S: Supported +F: tools/python + +QEMU-DM +S: Supported +T: git https://xenbits.xenproject.org/git-http/qemu-xen-traditional.git + +QEMU UPSTREAM +M: Stefano Stabellini +M: Anthony Perard +S: Supported +T: git https://xenbits.xenproject.org/git-http/qemu-xen.git + +REMUS +S: Orphan +F: docs/README.remus +F: tools/libs/light/libxl_remus_* +F: tools/libs/light/libxl_netbuffer.c +F: tools/libs/light/libxl_nonetbuffer.c +F: tools/hotplug/Linux/remus-netbuf-setup +F: tools/hotplug/Linux/block-drbd-probe + +RISCV +R: Alistair Francis +R: Bob Eshleman +R: Connor Davis +S: Supported +F: config/riscv64.mk +F: xen/arch/riscv/ + +RTDS SCHEDULER +M: Dario Faggioli +M: Meng Xu +S: Supported +F: xen/common/sched/rt.c + +SCHEDULING +M: George Dunlap +M: Dario Faggioli +S: Supported +F: xen/common/sched/ + +SEABIOS UPSTREAM +M: Wei Liu +S: Supported +T: git https://xenbits.xenproject.org/git-http/seabios.git + +STUB DOMAINS +M: Samuel Thibault +S: Supported +F: config/Stubdom.mk.in +F: m4/stubdom.m4 +F: stubdom/ + +TEE MEDIATORS +M: Volodymyr Babchuk +S: Supported +F: xen/arch/arm/include/asm/tee +F: xen/arch/arm/tee/ + +TOOLSTACK +M: Wei Liu +M: Anthony PERARD +S: Supported +F: autogen.sh +F: config/*.in +F: install.sh +F: m4/ +F: configure +F: docs/Makefile +F: docs/man/ +F: stubdom/Makefile +F: *.ac +F: */configure +F: */*.ac +F: tools/ + +VM EVENT, MEM ACCESS and MONITOR +M: Tamas K Lengyel +R: Alexandru Isaila +R: Petre Pircalabu +S: Supported +F: tools/misc/xen-access.c +F: xen/arch/*/*/mem_access.c +F: xen/arch/*/*/monitor.c +F: xen/arch/*/*/vm_event.c +F: xen/arch/*/include/asm/*/mem_access.h +F: xen/arch/*/include/asm/*/monitor.h +F: xen/arch/*/include/asm/*/vm_event.h +F: xen/arch/*/include/asm/mem_access.h +F: xen/arch/*/include/asm/monitor.h +F: xen/arch/*/include/asm/vm_event.h +F: xen/arch/*/mem_access.c +F: xen/arch/*/monitor.c +F: xen/arch/*/vm_event.c +F: xen/common/mem_access.c +F: xen/common/monitor.c +F: xen/common/vm_event.c +F: xen/include/*/mem_access.h +F: xen/include/*/monitor.h +F: xen/include/*/vm_event.h + +VPCI +M: Roger Pau Monné +S: Supported +F: tools/tests/vpci/ +F: xen/drivers/vpci/ +F: xen/include/xen/vpci.h + +VTPM +M: Daniel De Graaf +M: Quan Xu +S: Supported +F: extras/mini-os/tpm* +F: extras/mini-os/include/tpm* +F: stubdom/vtpm/ +F: stubdom/vtpmmgr/ +F: docs/misc/vtpm-platforms.txt + +X86 ARCHITECTURE +M: Jan Beulich +M: Andrew Cooper +M: Roger Pau Monné +R: Wei Liu +S: Supported +L: xen-devel@lists.xenproject.org +F: xen/arch/x86/ +F: xen/include/public/arch-x86/ +F: xen/include/xen/lib/x86 +F: xen/lib/x86 +F: xen/tools/gen-cpuid.py +F: tools/firmware/hvmloader/ +F: tools/firmware/rombios/ +F: tools/firmware/vgabios/ +F: tools/fuzz/cpu-policy/ +F: tools/fuzz/x86_instruction_emulator/ +F: tools/misc/xen-cpuid.c +F: tools/tests/cpu-policy/ +F: tools/tests/x86_emulator/ + +X86 I/O EMULATION +M: Paul Durrant +S: Supported +F: xen/arch/x86/hvm/emulate.c +F: xen/arch/x86/hvm/intercept.c +F: xen/arch/x86/hvm/io.c +F: xen/arch/x86/hvm/ioreq.c +F: xen/arch/x86/include/asm/hvm/emulate.h +F: xen/arch/x86/include/asm/hvm/io.h +F: xen/arch/x86/include/asm/hvm/ioreq.h +F: xen/arch/x86/include/asm/ioreq.h + +X86 MEMORY MANAGEMENT +M: Jan Beulich +M: Andrew Cooper +R: George Dunlap +S: Supported +F: xen/arch/x86/mm/ + +X86 MEMORY PAGING +S: Orphaned +F: xen/arch/x86/mm/mem_paging.c + +X86 MEMORY SHARING +M: Tamas K Lengyel +S: Odd Fixes +F: xen/arch/x86/mm/mem_sharing.c +F: tools/tests/mem-sharing/ + +X86 SHADOW PAGETABLES +M: Jan Beulich +M: Andrew Cooper +R: Tim Deegan +S: Maintained +F: xen/arch/x86/mm/shadow/ + +X86 VIRIDIAN ENLIGHTENMENTS +M: Paul Durrant +M: Wei Liu +S: Supported +F: xen/arch/x86/guest/hyperv/ +F: xen/arch/x86/hvm/viridian/ +F: xen/arch/x86/include/asm/guest/hyperv.h +F: xen/arch/x86/include/asm/guest/hyperv-hcall.h +F: xen/arch/x86/include/asm/guest/hyperv-tlfs.h +F: xen/arch/x86/include/asm/hvm/viridian.h + +XENSTORE +M: Wei Liu +M: Juergen Gross +R: Julien Grall +S: Supported +F: tools/helpers/init-xenstore-domain.c +F: tools/include/xenstore-compat/ +F: tools/include/xenstore.h +F: tools/include/xenstore_lib.h +F: tools/include/xen-tools/xenstore-common.h +F: tools/libs/store/ +F: tools/xenstored/ +F: tools/xs-clients/ + +XENTRACE +M: George Dunlap +S: Supported +F: tools/xentrace/ +F: xen/common/trace.c +F: xen/include/xen/trace.h + +XEN MISRA ANALYSIS TOOLS +M: Luca Fancellu +S: Supported +F: xen/scripts/xen_analysis/ +F: xen/scripts/xen-analysis.py +F: xen/scripts/diff-report.py +F: xen/tools/cppcheck-plat/ +F: xen/tools/convert_misra_doc.py +F: xen/tools/cppcheck-cc.sh + +XSM/FLASK +M: Daniel P. Smith +S: Supported +F: tools/flask/ +F: xen/include/xsm/ +F: xen/xsm/ +F: docs/misc/xsm-flask.txt +K: xsm_.* +K: \b(xsm|XSM)\b + +THE REST +M: Andrew Cooper +M: George Dunlap +M: Jan Beulich +M: Julien Grall +M: Stefano Stabellini +M: Wei Liu +L: xen-devel@lists.xenproject.org +S: Supported +F: * +F: */ +V: xen-maintainers-1 diff --git a/src/xen/Makefile b/src/xen/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..a6ca348476e6f244d14ab1d66672a9887be9dd42 --- /dev/null +++ b/src/xen/Makefile @@ -0,0 +1,346 @@ +# +# Grand Unified Makefile for Xen. +# + +# Default target must appear before any include lines +.PHONY: all +all: dist + +-include config/Toplevel.mk +SUBSYSTEMS?=xen tools stubdom docs +TARGS_DIST=$(patsubst %, dist-%, $(SUBSYSTEMS)) +TARGS_INSTALL=$(patsubst %, install-%, $(SUBSYSTEMS)) +TARGS_UNINSTALL=$(patsubst %, uninstall-%, $(SUBSYSTEMS)) +TARGS_BUILD=$(patsubst %, build-%, $(SUBSYSTEMS)) +TARGS_CLEAN=$(patsubst %, clean-%, $(SUBSYSTEMS)) +TARGS_DISTCLEAN=$(patsubst %, distclean-%, $(SUBSYSTEMS)) + +export XEN_ROOT=$(CURDIR) +include Config.mk + +.PHONY: mini-os-dir +mini-os-dir: + if [ ! -d $(XEN_ROOT)/extras/mini-os ]; then \ + GIT=$(GIT) $(XEN_ROOT)/scripts/git-checkout.sh \ + $(MINIOS_UPSTREAM_URL) \ + $(MINIOS_UPSTREAM_REVISION) \ + $(XEN_ROOT)/extras/mini-os ; \ + fi + +.PHONY: mini-os-dir-force-update +mini-os-dir-force-update: mini-os-dir + set -ex; \ + if [ "$(MINIOS_UPSTREAM_REVISION)" ]; then \ + cd extras/mini-os-remote; \ + $(GIT) fetch origin; \ + $(GIT) reset --hard $(MINIOS_UPSTREAM_REVISION); \ + fi + +export XEN_TARGET_ARCH +export DESTDIR + +.PHONY: %-tools-public-headers +%-tools-public-headers: + $(MAKE) -C tools/include $* + +# build and install everything into the standard system directories +.PHONY: install +install: $(TARGS_INSTALL) + +.PHONY: build +build: $(TARGS_BUILD) + +.PHONY: build-xen +build-xen: + $(MAKE) -C xen build + +.PHONY: %_defconfig +%_defconfig: + $(MAKE) -C xen $@ + +.PHONY: build-tools +build-tools: build-tools-public-headers + $(MAKE) -C tools build + +.PHONY: build-tools-oxenstored +build-tools-oxenstored: build-tools-public-headers + $(MAKE) -s -C tools/ocaml clean + $(MAKE) -s -C tools/libs + $(MAKE) -C tools/ocaml build-tools-oxenstored + +.PHONY: build-stubdom +build-stubdom: mini-os-dir build-tools-public-headers + $(MAKE) -C stubdom build +ifeq (x86_64,$(XEN_TARGET_ARCH)) + XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom pv-grub-if-enabled +endif + +define do-subtree +$(1)/%: FORCE + $$(MAKE) -C $(1) $$* +endef + +$(foreach m,$(wildcard */Makefile),$(eval $(call do-subtree,$(patsubst %/Makefile,%,$(m))))) + +.PHONY: build-docs +build-docs: + $(MAKE) -C docs build + +# The test target is for unit tests that can run without an installation. Of +# course, many tests require a machine running Xen itself, and these are +# handled elsewhere. +.PHONY: test +test: + $(MAKE) -C tools/python test + +run-tests-%: build-tools-public-headers tools/tests/%/ + $(MAKE) -C tools/tests/$* run + +# For most targets here, +# make COMPONENT-TARGET +# is implemented, more or less, by +# make -C COMPONENT TARGET +# +# Each rule that does this needs to have dependencies on any +# other COMPONENTs that have to be processed first. See +# The install-tools target here for an example. +# +# dist* targets are special: these do not occur in lower-level +# Makefiles. Instead, these are all implemented only here. +# They run the appropriate install targets with DESTDIR set. +# +# Also, we have a number of targets COMPONENT which run +# dist-COMPONENT, for convenience. +# +# The Makefiles invoked with -C from the toplevel should +# generally have the following targets: +# all build install clean distclean + + +.PHONY: dist +dist: DESTDIR=$(DISTDIR)/install +dist: $(TARGS_DIST) dist-misc + +dist-misc: + $(INSTALL_DIR) $(DISTDIR)/ + $(INSTALL_DATA) ./COPYING $(DISTDIR) + $(INSTALL_DATA) ./README $(DISTDIR) + $(INSTALL_PROG) ./install.sh $(DISTDIR) + + +dist-%: DESTDIR=$(DISTDIR)/install +dist-%: install-% + @: # do nothing + +.PHONY: xen tools stubdom docs +xen: dist-xen +tools: dist-tools +stubdom: dist-stubdom +docs: dist-docs + +.PHONY: install-xen +install-xen: + $(MAKE) -C xen install + +.PHONY: install-tools +install-tools: install-tools-public-headers + $(MAKE) -C tools install + +.PHONY: install-stubdom +install-stubdom: mini-os-dir install-tools + $(MAKE) -C stubdom install +ifeq (x86_64,$(XEN_TARGET_ARCH)) + XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom install-grub-if-enabled +endif + +.PHONY: tools/firmware/seabios-dir-force-update +tools/firmware/seabios-dir-force-update: + $(MAKE) -C tools/firmware seabios-dir-force-update + +.PHONY: tools/firmware/ovmf-dir-force-update +tools/firmware/ovmf-dir-force-update: + $(MAKE) -C tools/firmware ovmf-dir-force-update + +.PHONY: install-docs +install-docs: + $(MAKE) -C docs install + +# We only have build-tests install-tests, not uninstall-tests etc. +.PHONY: build-tests +build-tests: build-xen + $(MAKE) -C xen tests + +.PHONY: install-tests +install-tests: install-xen + $(MAKE) -C xen $@ + +# build xen and the tools and place them in the install +# directory. 'make install' should then copy them to the normal system +# directories +.PHONY: world +world: + $(MAKE) clean + $(MAKE) dist + +# Package a build in a debball file, that is inside a .deb format +# container to allow for easy and clean removal. This is not intended +# to be a full featured policy compliant .deb package. +.PHONY: debball +debball: dist + fakeroot sh ./tools/misc/mkdeb $(XEN_ROOT) $$($(MAKE) -C xen xenversion --no-print-directory) + +# Package a build in an rpmball file, that is inside a .rpm format +# container to allow for easy and clean removal. This is not intended +# to be a full featured policy compliant .rpm package. +.PHONY: rpmball +rpmball: dist + bash ./tools/misc/mkrpm $(XEN_ROOT) $$($(MAKE) -C xen xenversion --no-print-directory) + +.PHONY: subtree-force-update +subtree-force-update: mini-os-dir-force-update + $(MAKE) -C tools subtree-force-update + +.PHONY: subtree-force-update-all +subtree-force-update-all: mini-os-dir-force-update + $(MAKE) -C tools subtree-force-update-all + +# Make a source tarball, including qemu sub-trees. +# +# src-tarball will use "git describe" for the version number. This +# will have the most recent tag, number of commits since that tag, and +# git commit id of the head. This is suitable for a "snapshot" +# tarball of an unreleased tree. +# +# src-tarball-release will use "make xenversion" as the version +# number. This is suitable for release tarballs. +.PHONY: src-tarball-release +src-tarball-release: subtree-force-update-all + bash ./tools/misc/mktarball $(XEN_ROOT) $$($(MAKE) -C xen xenversion --no-print-directory) + +.PHONY: src-tarball +src-tarball: subtree-force-update-all + bash ./tools/misc/mktarball $(XEN_ROOT) $$(git describe) + +.PHONY: clean +clean: $(TARGS_CLEAN) + +.PHONY: clean-xen +clean-xen: + $(MAKE) -C xen clean + +.PHONY: clean-tools +clean-tools: clean-tools-public-headers + $(MAKE) -C tools clean + +.PHONY: clean-stubdom +clean-stubdom: clean-tools-public-headers + $(MAKE) -C stubdom crossclean +ifeq (x86_64,$(XEN_TARGET_ARCH)) + XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom crossclean +endif + +.PHONY: clean-docs +clean-docs: + $(MAKE) -C docs clean + +# clean, but blow away tarballs +.PHONY: distclean +distclean: $(TARGS_DISTCLEAN) + rm -rf extras + $(MAKE) -C tools/include distclean + rm -f config/Toplevel.mk + rm -rf dist + rm -rf config.log config.status config.cache autom4te.cache + +.PHONY: distclean-xen +distclean-xen: + $(MAKE) -C xen distclean + +.PHONY: distclean-tools +distclean-tools: + $(MAKE) -C tools distclean + +.PHONY: distclean-stubdom +distclean-stubdom: + $(MAKE) -C stubdom distclean +ifeq (x86_64,$(XEN_TARGET_ARCH)) + XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom distclean +endif + +.PHONY: distclean-docs +distclean-docs: + $(MAKE) -C docs distclean + +# Linux name for GNU distclean +.PHONY: mrproper +mrproper: distclean + +.PHONY: help +help: + @echo 'Installation targets:' + @echo ' install - build and install everything' + @echo ' install-xen - build and install the Xen hypervisor' + @echo ' install-tools - build and install the control tools' + @echo ' install-stubdom - build and install the stubdomain images' + @echo ' install-docs - build and install user documentation' + @echo '' + @echo 'Local dist targets:' + @echo ' dist - build and install everything into local dist directory' + @echo ' world - clean everything then make dist' + @echo ' dist-xen - build Xen hypervisor and install into local dist' + @echo ' dist-tools - build the tools and install into local dist' + @echo ' dist-stubdom - build the stubdomain images and install into local dist' + @echo ' dist-docs - build user documentation and install into local dist' + @echo '' + @echo 'Building targets:' + @echo ' build - build everything' + @echo ' build-xen - build Xen hypervisor' + @echo ' build-tools - build the tools' + @echo ' build-stubdom - build the stubdomain images' + @echo ' build-docs - build user documentation' + @echo '' + @echo 'Cleaning targets:' + @echo ' clean - clean the Xen, tools and docs' + @echo ' distclean - clean plus delete kernel build trees and' + @echo ' local downloaded files' + @echo ' subtree-force-update - Call *-force-update on all git subtrees (qemu, seabios, ovmf)' + @echo '' + @echo 'Miscellaneous targets:' + @echo ' uninstall - attempt to remove installed Xen tools' + @echo ' (use with extreme care!)' + @echo + @echo 'Package targets:' + @echo ' src-tarball-release - make a source tarball with xen and qemu tagged with a release' + @echo ' src-tarball - make a source tarball with xen and qemu tagged with git describe' + @echo + @echo 'Environment:' + @echo ' [ this documentation is sadly not complete ]' + +# Use this target with extreme care! + +.PHONY: uninstall-xen +uninstall-xen: + $(MAKE) -C xen uninstall + +.PHONY: uninstall-tools +uninstall-tools: + $(MAKE) -C tools uninstall + +.PHONY: uninstall-stubdom +uninstall-stubdom: + $(MAKE) -C stubdom uninstall + +.PHONY: uninstall-docs +uninstall-docs: + $(MAKE) -C docs uninstall + +.PHONY: uninstall +uninstall: D=$(DESTDIR) +uninstall: uninstall-tools-public-headers $(TARGS_UNINSTALL) + +.PHONY: xenversion +xenversion: + @$(MAKE) --no-print-directory -C xen xenversion + +.PHONY: FORCE +FORCE: diff --git a/src/xen/README b/src/xen/README new file mode 100644 index 0000000000000000000000000000000000000000..c8a108449e293441cee2c5d081b420dbe925d407 --- /dev/null +++ b/src/xen/README @@ -0,0 +1,205 @@ +############################################################ +__ __ _ _ _ +\ \/ /___ _ __ _ _ _ __ ___| |_ __ _| |__ | | ___ + \ // _ \ '_ \ _____| | | | '_ \/ __| __/ _` | '_ \| |/ _ \ + / \ __/ | | |_____| |_| | | | \__ \ || (_| | |_) | | __/ +/_/\_\___|_| |_| \__,_|_| |_|___/\__\__,_|_.__/|_|\___| + +############################################################ + +https://www.xen.org/ + +What is Xen? +============ + +Xen is a Virtual Machine Monitor (VMM) originally developed by the +Systems Research Group of the University of Cambridge Computer +Laboratory, as part of the UK-EPSRC funded XenoServers project. Xen +is freely-distributable Open Source software, released under the GNU +GPL. Since its initial public release, Xen has grown a large +development community, spearheaded by xen.org (https://www.xen.org). + +This file contains some quick-start instructions to install Xen on +your system. For more information see https://www.xen.org/ and +https://wiki.xen.org/ + +Quick-Start Guide +================= + +First, this is just a quick-start guide. For more comprehensive +information see the INSTALL file and the Xen wiki at +https://wiki.xenproject.org and in particular +https://wiki.xenproject.org/wiki/Getting_Started. + +Second, there are a number of prerequisites for building a Xen source +release. Make sure you have all the following installed, either by +visiting the project webpage or installing a pre-built package +provided by your OS distributor: + * GNU Make v3.80 or later + * C compiler and linker: + - For x86: + - GCC 4.1.2_20070115 or later + - GNU Binutils 2.16.91.0.5 or later + or + - Clang/LLVM 3.5 or later + - For ARM 32-bit: + - GCC 4.9 or later + - GNU Binutils 2.24 or later + - For ARM 64-bit: + - GCC 5.1 or later + - GNU Binutils 2.24 or later + * POSIX compatible awk + * Development install of zlib (e.g., zlib-dev) + * Development install of Python 2.7 or later (e.g., python-dev) + * Development install of curses (e.g., libncurses-dev) + * Development install of openssl (e.g., openssl-dev) + * Development install of x11 (e.g. xorg-x11-dev) + * Development install of uuid (e.g. uuid-dev) + * Development install of yajl (e.g. libyajl-dev) + * Development install of libaio (e.g. libaio-dev) version 0.3.107 or + greater. + * Development install of GLib v2.0 (e.g. libglib2.0-dev) + * Development install of Pixman (e.g. libpixman-1-dev) + * pkg-config + * bridge-utils package (/sbin/brctl) + * iproute package (/sbin/ip) + * GNU bison and GNU flex + * ACPI ASL compiler (iasl) + +In addition to the above there are a number of optional build +prerequisites. Omitting these will cause the related features to be +disabled at compile time: + * Binary-search capable grep (if building Xen with CET support) + * Development install of Ocaml (e.g. ocaml-nox and + ocaml-findlib). Required to build ocaml components which + includes the alternative ocaml xenstored. + * cmake (if building vtpm stub domains) + * pandoc, transfig, pod2{man,html,text} for rendering various pieces of + documentation into alternative formats + * figlet (for generating the traditional Xen start of day banner) + * systemd daemon development files + * Development install of libnl3 (e.g., libnl-3-200, + libnl-3-dev, etc). Required if network buffering is desired + when using Remus with libxl. See docs/README.remus for detailed + information. + * 16-bit x86 assembler, loader and compiler for qemu-traditional / rombios + (dev86 rpm or bin86 & bcc debs) + * Development install of liblzma for rombios + * Development install of libbz2, liblzma, liblzo2, and libzstd for DomU + kernel decompression. + +Second, you need to acquire a suitable kernel for use in domain 0. If +possible you should use a kernel provided by your OS distributor. If +no suitable kernel is available from your OS distributor then refer to +https://wiki.xen.org/wiki/XenDom0Kernels for suggestions for +suitable kernels to use. +If you are looking to compile a Dom0 kernel from source, please refer to +https://wiki.xen.org/wiki/XenParavirtOps. + +[NB. Unless noted otherwise, all the following steps should be +performed with root privileges.] + +1. Download and untar the source tarball file. This will be a + file named xen-unstable-src.tgz, or xen-$version-src.tgz. + You can also pull the current version from the git or mercurial + repositories at https://xenbits.xen.org/ + + # tar xzf xen-unstable-src.tgz + + Assuming you are using the unstable tree, this will + untar into xen-unstable. The rest of the instructions + use the unstable tree as an example, substitute the + version for unstable. + +2. cd to xen-unstable (or whatever you sensibly rename it to). + +3. For the very first build, or if you want to destroy build trees, + perform the following steps: + + # ./configure + # make world + # make install + + See the documentation in the INSTALL file for more info. + + This will create and install onto the local machine. It will build + the xen binary (xen.gz), the tools and the documentation. + + You can override the destination for make install by setting DESTDIR + to some value. + +4. To rebuild an existing tree without modifying the config: + # make dist + + This will build and install xen, tools, and docs into the local dist/ + directory. + + You can override the destination for make install by setting DISTDIR + to some value. + + make install and make dist differ in that make install does the + right things for your local machine (installing the appropriate + version of udev scripts, for example), but make dist includes all + versions of those scripts, so that you can copy the dist directory + to another machine and install from that distribution. + +xenstore: xenstored and oxenstored +==================================== + +Xen uses a configuration database called xenstore [0] to maintain configuration +and status information shared between domains. A daemon is implemented as part +of xenstore to act as an interface for access to the database for dom0 and +guests. Two xenstored daemons are supported, one written in C which we refer +to as the xenstored (sometimes referred to as cxenstored), and another written +in Ocaml called oxenstored. Details for xenstore and the different +implementations can be found on the wiki's xenstore reference guide [1] and +the xenstored [2] page. You can choose which xenstore you want to enable as +default on a system through configure: + + ./configure --with-xenstored=xenstored + ./configure --with-xenstored=oxenstored + +By default oxenstored will be used if the ocaml development tools are found. +If you enable oxenstored the xenstored will still be built and installed, +the xenstored used can be changed through the configuration file: + +/etc/sysconfig/xencommons +or +/etc/default/xencommons + +You can change the preferred xenstored you want to use in the configuration +but since we cannot stop the daemon a reboot will be required to make the +change take effect. + +[0] https://wiki.xen.org/wiki/XenStore +[1] https://wiki.xen.org/wiki/XenStoreReference +[2] https://wiki.xen.org/wiki/Xenstored + +Python Runtime Libraries +======================== + +Various tools, such as pygrub, have the following runtime dependencies: + + * Python 2.7 or later. + URL: https://www.python.org/ + Debian: python + +Intel(R) Trusted Execution Technology Support +============================================= + +Intel's technology for safer computing, Intel(R) Trusted Execution Technology +(Intel(R) TXT), defines platform-level enhancements that provide the building +blocks for creating trusted platforms. For more information, see +https://www.intel.com/technology/security/. + +Intel(R) TXT support is provided by the Trusted Boot (tboot) module in +conjunction with minimal logic in the Xen hypervisor. + +Tboot is an open source, pre- kernel/VMM module that uses Intel(R) TXT to +perform a measured and verified launch of an OS kernel/VMM. + +The Trusted Boot module is available from +http://sourceforge.net/projects/tboot. This project hosts the code in a +mercurial repo at http://tboot.sourceforge.net/hg/tboot.hg and contains +tarballs of the source. Instructions in the tboot README describe how +to modify grub.conf to use tboot to launch Xen. diff --git a/src/xen/SUPPORT.md b/src/xen/SUPPORT.md new file mode 100644 index 0000000000000000000000000000000000000000..a90d1108c9d903395460159a1e7da17eb54d4ba4 --- /dev/null +++ b/src/xen/SUPPORT.md @@ -0,0 +1,1166 @@ +% Support statement for this release + +This document describes the support status +and in particular the security support status of the Xen branch +within which you find it. + +See the bottom of the file +for the definitions of the support status levels etc. + +# Release Support + + Xen-Version: 4.19-unstable + Initial-Release: n/a + Supported-Until: TBD + Security-Support-Until: Unreleased - not yet security-supported + +Release Notes +: RN + +# Feature Support + +## Kconfig + +EXPERT and DEBUG Kconfig options are not security supported. Other +Kconfig options are supported, if the related features are marked as +supported in this document. + +## Host Architecture + +### x86-64 + + Status: Supported + +### ARM v7 + Virtualization Extensions + + Status: Supported + +### ARM v8 + + Status: Supported + Status, Cortex A57 r0p0-r1p1: Supported, not security supported + Status, Cortex A77 r0p0-r1p0: Supported, not security supported + +For the Cortex A57 r0p0 - r1p1, see Errata 832075. +For the Cortex A77 r0p0 - r1p0, see Errata 1508412. + +## Host hardware support + +### ACPI CPU Hotplug + + Status, x86: Experimental + +### Physical Memory + + Status, x86: Supported up to 12 TiB. Hosts with more memory are supported, but not security supported. + Status, Arm32: Supported up to 12 GiB + Status, Arm64: Supported up to 2 TiB + +### Physical Memory Hotplug + + Status, x86: Supported + +### Host ACPI (via Domain 0) + + Status, x86 PV: Supported + Status, ARM: Experimental + +### Host EFI Boot + + Status, x86: Supported + Status, Arm64: Supported + +### Host EFI Secure Boot + + Status, x86: Experimental + Status, Arm64: Experimental + +### x86/Intel Platform QoS Technologies + + Status: Tech Preview + +### IOMMU + + Status, AMD IOMMU: Supported + Status, Intel VT-d: Supported + Status, ARM SMMUv1: Supported, not security supported + Status, ARM SMMUv2: Supported, not security supported + Status, ARM SMMUv3: Tech Preview + Status, Renesas IPMMU-VMSA: Supported, not security supported + +### ARM/GICv3 + +GICv3 is an interrupt controller specification designed by Arm. + + Status, Arm64: Security supported + Status, Arm32: Supported, not security supported + +### ARM/GICv3 ITS + +Extension to the GICv3 interrupt controller to support MSI. + + Status: Experimental + +### ARM Scalable Vector Extension (SVE/SVE2) + +Arm64 domains can use Scalable Vector Extension (SVE/SVE2). + + Status: Tech Preview + +## Guest Type + +### x86/PV + +Traditional Xen PV guest + +No hardware requirements + + Status, x86_64: Supported + Status, x86_32, shim: Supported + Status, x86_32, without shim: Supported, not security supported + +### x86/HVM + +Fully virtualised guest using hardware virtualisation extensions + +Requires hardware virtualisation support (Intel VMX / AMD SVM) + + Status, domU: Supported + +### x86/PVH + +PVH is a next-generation paravirtualized mode +designed to take advantage of hardware virtualization support when possible. +During development this was sometimes called HVMLite or PVHv2. + +Requires hardware virtualisation support (Intel VMX / AMD SVM). + +Dom0 support requires an IOMMU (Intel VT-d / AMD IOMMU). + + Status, domU: Supported + Status, dom0: Experimental + +### ARM + +ARM only has one guest type at the moment + + Status: Supported + +## Guest Limits + +### Memory + + Status, x86: Supported up to 8 TiB. Guests with more memory, but less than 16 TiB, are supported, but not security supported. + Status, Arm32: Supported up to 12 GiB + Status, Arm64: Supported up to 1 TiB + +## Hypervisor file system + +### Build info + + Status: Supported + +### Hypervisor config + + Status: Supported + +### Runtime parameters + + Status: Supported + +## Toolstack + +While 32-bit builds of the tool stack are generally supported, restrictions +apply in particular when running on top of a 64-bit hypervisor. For example, +very large guests aren't expected to be manageable in this case. This includes +guests giving the appearance of being large, by altering their own memory +layouts. + +### xl + + Status: Supported + +### Direct-boot kernel image format + +Format which the toolstack accepts for direct-boot kernels + + Supported, x86: bzImage, ELF + Supported, ARM32: zImage + Supported, ARM64: Image + +### Dom0 init support for xl + + Status, SysV: Supported + Status, systemd: Supported + Status, BSD-style: Supported + +### JSON output support for xl + +Output of information in machine-parseable JSON format + + Status: Experimental + +### Open vSwitch integration for xl + + Status, Linux: Supported + +### Virtual cpu hotplug + + Status: Supported + +### QEMU backend hotplugging for xl + + Status: Supported + +### xenlight Go package + +Go (golang) bindings for libxl + + Status: Experimental + +### Linux device model stubdomains + +Support for running qemu-xen device model in a linux stubdomain. + + Status: Tech Preview + +## Xenstore + +### C xenstored daemon + + Status: Supported + Status, Liveupdate: Tech Preview + +### OCaml xenstored daemon + + Status: Supported + Status, untrusted driver domains: Supported, not security supported + Status, Liveupdate: Not functional + +## Toolstack/3rd party + +### libvirt driver for xl + + Status: Supported, Security support external + +## Debugging, analysis, and crash post-mortem + +### Host serial console + + Status, NS16550: Supported + Status, EHCI: Supported + Status, Cadence UART (ARM): Supported + Status, PL011 UART (ARM): Supported + Status, Exynos 4210 UART (ARM): Supported + Status, OMAP UART (ARM): Supported + Status, SCI(F) UART: Supported + +### Hypervisor 'debug keys' + +These are functions triggered either from the host serial console, +or via the xl 'debug-keys' command, +which cause Xen to dump various hypervisor state to the console. + + Status: Supported, not security supported + +### Hypervisor synchronous console output (sync_console) + +Xen command-line flag to force synchronous console output. + + Status: Supported, not security supported + +Useful for debugging, but not suitable for production environments +due to incurred overhead. + +### gdbsx + + Status, x86: Supported, not security supported + +Debugger to debug ELF guests + +### Soft-reset for PV guests + +Soft-reset allows a new kernel to start 'from scratch' with a fresh VM state, +but with all the memory from the previous state of the VM intact. +This is primarily designed to allow "crash kernels", +which can do core dumps of memory to help with debugging in the event of a crash. + + Status: Supported + +### xentrace + +Tool to capture Xen trace buffer data + + Status, x86: Supported + +### gcov + +Export hypervisor coverage data suitable for analysis by gcov or lcov. + + Status: Supported, Not security supported + +### Processor trace support + +Support for using Intel Processor Trace technology to trace guests +from dom0. + + Status, x86: Tech Preview + +## Memory Management + +### Dynamic memory control + +Allows a guest to add or remove memory after boot-time. +This is typically done by a guest kernel agent known as a "balloon driver". + + Status: Supported + +### Populate-on-demand memory + +This is a mechanism that allows normal operating systems with only a balloon driver +to boot with memory < maxmem. + + Status, x86 HVM: Supported + +### Static Allocation + +Static allocation refers to domains for which memory areas are +pre-defined by configuration using physical address ranges. + + Status, ARM: Tech Preview + +### Static Heap + +Allow reserving parts of RAM through the device tree using physical +address ranges as heap. + + Status, ARM: Tech Preview + +### Memory Sharing + +Allow sharing of identical pages between guests + + Status, x86 HVM: Experimental + +### Static Memory Sharing + +Allow to statically set up shared memory on dom0less system, +enabling domains to do shm-based communication + + Status, ARM: Tech Preview + +### Memory Paging + +Allow pages belonging to guests to be paged to disk + + Status, x86 HVM: Experimental + +### Alternative p2m + +Alternative p2m (altp2m) allows external monitoring of guest memory +by maintaining multiple physical to machine (p2m) memory mappings. + + Status, x86 HVM: Tech Preview + Status, ARM: Tech Preview + +## Resource Management + +### CPU Pools + +Groups physical cpus into distinct groups called "cpupools", +with each pool having the capability +of using different schedulers and scheduling properties. + + Status: Supported + +### Core Scheduling + +Allows to group virtual cpus into virtual cores which are scheduled on the +physical cores. This results in never running different guests at the same +time on the same physical core. + + Status, x86: Experimental + +### Credit Scheduler + +A weighted proportional fair share virtual CPU scheduler. +This is the default scheduler. + + Status: Supported + +### Credit2 Scheduler + +A general purpose scheduler for Xen, +designed with particular focus on fairness, responsiveness, and scalability + + Status: Supported + +### RTDS based Scheduler + +A soft real-time CPU scheduler +built to provide guaranteed CPU capacity to guest VMs on SMP hosts + + Status: Experimental + +### ARINC653 Scheduler + +A periodically repeating fixed timeslice scheduler. + + Status: Supported + +Currently only single-vcpu domains are supported. + +### Null Scheduler + +A very simple, very static scheduling policy +that always schedules the same vCPU(s) on the same pCPU(s). +It is designed for maximum determinism and minimum overhead +on embedded platforms and the x86 PV shim. + + Status: Experimental + Status, x86/shim: Supported + +### NUMA scheduler affinity + +Enables NUMA aware scheduling in Xen + + Status, x86: Supported + +## Scalability + +### Super page support + +NB that this refers to the ability of guests +to have higher-level page table entries point directly to memory, +improving TLB performance. +On ARM, and on x86 in HAP mode, +the guest has whatever support is enabled by the hardware. + +This feature is independent +of the ARM "page granularity" feature (see below). + + Status, x86 HVM/PVH, HAP: Supported + Status, x86 HVM/PVH, Shadow, 2MiB: Supported + Status, ARM: Supported + +On x86 in shadow mode, only 2MiB (L2) superpages are available; +furthermore, they do not have the performance characteristics +of hardware superpages. + +### x86/PVHVM + +This is a useful label for a set of hypervisor features +which add paravirtualized functionality to HVM guests +for improved performance and scalability. +This includes exposing event channels to HVM guests. + + Status: Supported + +## High Availability and Fault Tolerance + +### Remus Fault Tolerance + + Status: Experimental + +### COLO Manager + + Status: Experimental + +### x86/vMCE + +Forward Machine Check Exceptions to appropriate guests + + Status: Supported + +## Virtual driver support, guest side + +### Blkfront + +Guest-side driver capable of speaking the Xen PV block protocol + + Status, Linux: Supported + Status, FreeBSD: Supported, Security support external + Status, NetBSD: Supported, Security support external + Status, OpenBSD: Supported, Security support external + Status, Windows: Supported, with caveats + +Windows frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +### Netfront + +Guest-side driver capable of speaking the Xen PV networking protocol + + Status, Linux: Supported + Status, FreeBSD: Supported, Security support external + Status, NetBSD: Supported, Security support external + Status, OpenBSD: Supported, Security support external + Status, Windows: Supported, with caveats + +Windows frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +### PV Framebuffer (frontend) + +Guest-side driver capable of speaking the Xen PV Framebuffer protocol + + Status, Linux (xen-fbfront): Supported, with caveats + +Linux frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +### PV display (frontend) + +Guest-side driver capable of speaking the Xen PV display protocol + + Status, Linux, outside of "backend allocation" mode: Supported, with caveats + Status, Linux, "backend allocation" mode: Experimental + +Linux frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +### PV Console (frontend) + +Guest-side driver capable of speaking the Xen PV console protocol + + Status, Linux (hvc_xen): Supported + Status, FreeBSD: Supported, Security support external + Status, NetBSD: Supported, Security support external + Status, Windows: Supported, with caveats + +Windows frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +### PV keyboard (frontend) + +Guest-side driver capable of speaking the Xen PV keyboard protocol. +Note that the "keyboard protocol" includes mouse / pointer / +multi-touch support as well. + + Status, Linux (xen-kbdfront): Supported, with caveats + +Linux frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +### PV USB (frontend) + + Status, Linux: Supported, with caveats + +Linux frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +### PV SCSI protocol (frontend) + + Status, Linux: Supported, with caveats + +NB that while the PV SCSI frontend is in Linux and tested regularly, +there is currently no xl support. + +Linux frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +### PV TPM (frontend) + +Guest-side driver capable of speaking the Xen PV TPM protocol + + Status, Linux (xen-tpmfront): Tech Preview + +### PV 9pfs frontend + +Guest-side driver capable of speaking the Xen 9pfs protocol + + Status, Linux: Tech Preview + +### PVCalls (frontend) + +Guest-side driver capable of making pv system calls + + Status, Linux: Tech Preview + +### PV sound (frontend) + +Guest-side driver capable of speaking the Xen PV sound protocol + + Status, Linux: Supported, with caveats + +Linux frontend currently trusts the backend; +bugs in the frontend which allow backend to cause mischief will not be +considered security vulnerabilities. + +## Virtual device support, host side + +For host-side virtual device support, +"Supported" and "Tech preview" include xl/libxl support +unless otherwise noted. + +### Blkback + +Host-side implementations of the Xen PV block protocol. + + Status, Linux (xen-blkback): Supported + Status, QEMU (xen_disk), raw format: Supported + Status, QEMU (xen_disk), qcow format: Supported + Status, QEMU (xen_disk), qcow2 format: Supported + Status, QEMU (xen_disk), vhd format: Supported + Status, FreeBSD (blkback): Supported, Security support external + Status, NetBSD (xbdback): Supported, security support external + Status, Blktap2, raw format: Deprecated + Status, Blktap2, vhd format: Deprecated + +Backends only support raw format unless otherwise specified. + +### Netback + +Host-side implementations of Xen PV network protocol + + Status, Linux (xen-netback): Supported + Status, FreeBSD (netback): Supported, Security support external + Status, NetBSD (xennetback): Supported, Security support external + +### PV Framebuffer (backend) + +Host-side implementation of the Xen PV framebuffer protocol + + Status, QEMU: Supported + +### PV Console (xenconsoled) + +Host-side implementation of the Xen PV console protocol + + Status: Supported + +### PV keyboard (backend) + +Host-side implementation of the Xen PV keyboard protocol. +Note that the "keyboard protocol" includes mouse / pointer support as well. + + Status, QEMU: Supported + +### PV USB (backend) + +Host-side implementation of the Xen PV USB protocol + + Status, QEMU: Supported + +### PV SCSI protocol (backend) + + Status, Linux: Experimental + +NB that while the PV SCSI backend is in Linux and tested regularly, +there is currently no xl support. + +### PV TPM (backend) + + Status: Tech Preview + +### PV 9pfs (backend) + + Status, QEMU: Tech Preview + +### PVCalls (backend) + + Status, Linux: Experimental + +PVCalls backend has been checked into Linux, +but has no xl support. + +### Online resize of virtual disks + + Status: Supported + +## Security + +### Driver Domains + +"Driver domains" means allowing non-Domain 0 domains +with access to physical devices to act as back-ends. + + Status: Supported, with caveats + +See the appropriate "Device Passthrough" section +for more information about security support. + +### Device Model Stub Domains + + Status: Supported, with caveats + +Vulnerabilities of a device model stub domain +to a hostile driver domain (either compromised or untrusted) +are excluded from security support. + +### Device Model Deprivileging + + Status, Linux dom0: Tech Preview, with limited support + +This means adding extra restrictions to a device model in order to +prevent a compromised device model from attacking the rest of the +domain it's running in (normally dom0). + +"Tech preview with limited support" means we will not issue XSAs for +the _additional_ functionality provided by the feature; but we will +issue XSAs in the event that enabling this feature opens up a security +hole that would not be present without the feature disabled. + +For example, while this is classified as tech preview, a bug in libxl +which failed to change the user ID of QEMU would not receive an XSA, +since without this feature the user ID wouldn't be changed. But a +change which made it possible for a compromised guest to read +arbitrary files on the host filesystem without compromising QEMU would +be issued an XSA, since that does weaken security. + +### KCONFIG Expert + + Status: Experimental + +### Live Patching + + Status, x86: Supported + Status, ARM: Experimental + +Compile time disabled for ARM by default. + +### Virtual Machine Introspection + + Status, x86: Supported, not security supported + +### XSM & FLASK + + Status: Experimental + +Compile time disabled by default. + +Also note that using XSM +to delegate various domain control hypercalls +to particular other domains, rather than only permitting use by dom0, +is also specifically excluded from security support for many hypercalls. +Please see XSA-77 for more details. + +### FLASK default policy + + Status: Experimental + +The default policy includes FLASK labels and roles for a "typical" Xen-based system +with dom0, driver domains, stub domains, domUs, and so on. + +## Virtual Hardware, Hypervisor + +### x86/Nested PV + +This means running a Xen hypervisor inside an HVM domain on a Xen system, +with support for PV L2 guests only +(i.e., hardware virtualization extensions not provided +to the guest). + + Status, x86 Xen HVM: Tech Preview + +This works, but has performance limitations +because the L1 dom0 can only access emulated L1 devices. + +Xen may also run inside other hypervisors (KVM, Hyper-V, VMWare), +but nobody has reported on performance. + +### x86/Nested HVM + +This means providing hardware virtulization support to guest VMs +allowing, for instance, a nested Xen to support both PV and HVM guests. +It also implies support for other hypervisors, +such as KVM, Hyper-V, Bromium, and so on as guests. + + Status, x86 HVM: Experimental + +### vPMU + +Virtual Performance Management Unit + + Status, x86 HVM: Supported, Not security supported + Status, ARM: Experimental + +On ARM, support for accessing PMU registers from the guests. +There is no interrupt support and Xen will not save/restore +the register values on context switches. + +Disabled by default. +On ARM, enable with guest parameter. +On x86, enable with hypervisor command line option. + +This feature is not security supported: see https://xenbits.xen.org/xsa/advisory-163.html + +### Argo: Inter-domain message delivery by hypercall + + Status: Experimental + +### x86/PCI Device Passthrough + + Status, x86 PV: Supported, with caveats + Status, x86 HVM: Supported, with caveats + +Only systems using IOMMUs are supported. + +Not compatible with migration, populate-on-demand, altp2m, +introspection, memory sharing, or memory paging. + +Because of hardware limitations +(affecting any operating system or hypervisor), +it is generally not safe to use this feature +to expose a physical device to completely untrusted guests. +However, this feature can still confer significant security benefit +when used to remove drivers and backends from domain 0 +(i.e., Driver Domains). + +### x86/Multiple IOREQ servers + +An IOREQ server provides emulated devices to HVM and PVH guests. +QEMU is normally the only IOREQ server, +but Xen has support for multiple IOREQ servers. +This allows for custom or proprietary device emulators +to be used in addition to QEMU. + + Status: Experimental + +### ARM/IOREQ servers + + Status: Tech Preview + +### ARM/Non-PCI device passthrough + + Status: Supported, not security supported + +Note that this still requires an IOMMU +that covers the DMA of the device to be passed through. + +### ARM: 16K and 64K page granularity in guests + + Status: Supported, with caveats + +No support for QEMU backends in a 16K or 64K domain. + +### ARM: Firmware Framework for Arm A-profile (FF-A) Mediator + + Status, Arm64: Tech Preview + +There are still some code paths where a vCPU may hog a pCPU longer than +necessary. The FF-A mediator is not yet implemented for Arm32. Part of the +FF-A specification is not supported, see the top comment in +xen/arch/arm/tee/ffa.c for limitations. + +### ARM: Guest Device Tree support + + Status: Supported + +### Device Tree Overlays + +Add/Remove device tree nodes using a device tree overlay binary (.dtbo). + + Status, ARM: Experimental + +### ARM: Guest ACPI support + + Status: Supported + +### Arm: OP-TEE Mediator + + Status: Tech Preview + +## Virtual Hardware, QEMU + +This section describes supported devices available in HVM mode using a +qemu devicemodel (the default). + + Status: Support scope restricted + +Note that other devices are available but not security supported. + +### x86/Emulated platform devices (QEMU): + + Status, piix3: Supported + +### x86/Emulated network (QEMU): + + Status, e1000: Supported + Status, rtl8193: Supported + Status, virtio-net: Supported + +### x86/Emulated storage (QEMU): + + Status, piix3 ide: Supported + Status, ahci: Supported + +See the section **Blkback** for image formats supported by QEMU. + +### x86/Emulated graphics (QEMU): + + Status, cirrus-vga: Supported + Status, stdvga: Supported + +### x86/Emulated audio (QEMU): + + Status, sb16: Supported + Status, es1370: Supported + Status, ac97: Supported + +### x86/Emulated input (QEMU): + + Status, usbmouse: Supported + Status, usbtablet: Supported + Status, ps/2 keyboard: Supported + Status, ps/2 mouse: Supported + +### x86/Emulated serial card (QEMU): + + Status, UART 16550A: Supported + +### x86/Host USB passthrough (QEMU): + + Status: Supported, not security supported + +### qemu-xen-traditional ### + +The Xen Project provides an old version of qemu with modifications +which enable use as a device model stub domain. The old version is +normally selected by default only in a stub dm configuration, but it +can be requested explicitly in other configurations, for example in +`xl` with `device_model_version="QEMU_XEN_TRADITIONAL"`. + + Status, Device Model Stub Domains: Supported, with caveats + Status, as host process device model: No security support, not recommended + +qemu-xen-traditional is security supported only for those available +devices which are supported for mainstream QEMU (see above), with +trusted driver domains (see Device Model Stub Domains). + +## Virtual Firmware + +### x86/HVM iPXE + +Booting a guest via PXE. + + Status: Supported, with caveats + +PXE inherently places full trust of the guest in the network, +and so should only be used +when the guest network is under the same administrative control +as the guest itself. + +### x86/HVM BIOS + +Booting a guest via guest BIOS firmware + + Status, SeaBIOS (qemu-xen): Supported + Status, ROMBIOS (qemu-xen-traditional): Supported + +### x86/HVM OVMF + +OVMF firmware implements the UEFI boot protocol. + + Status, qemu-xen: Supported + +## Dom0less + +Guest creation from the hypervisor at boot without Dom0 intervention. + + Status, ARM: Supported + +Memory of dom0less DomUs is not scrubbed at boot when bootscrub=on or +bootscrub=off are passed as Xen command line parameters. (Memory should +be scrubbed with bootscrub=idle.) No XSAs will be issues due to +unscrubbed memory. + +## Static Event Channel + +Allow to setup the static event channel on dom0less system, enabling domains +to send/receive notifications. + + Status, ARM: Tech Preview + +# Format and definitions + +This file contains prose, and machine-readable fragments. +The data in a machine-readable fragment relate to +the section and subsection in which it is found. + +The file is in markdown format. +The machine-readable fragments are markdown literals +containing RFC-822-like (deb822-like) data. + +In each case, descriptions which expand on the name of a feature as +provided in the section heading, precede the Status indications. +Any paragraphs which follow the Status indication are caveats or +qualifications of the information provided in Status fields. + +## Keys found in the Feature Support subsections + +### Status + +This gives the overall status of the feature, +including security support status, functional completeness, etc. +Refer to the detailed definitions below. + +If support differs based on implementation +(for instance, x86 / ARM, Linux / QEMU / FreeBSD), +one line for each set of implementations will be listed. + +## Definition of Status labels + +Each Status value corresponds to levels of security support, +testing, stability, etc., as follows: + +### Experimental + + Functional completeness: No + Functional stability: Here be dragons + Interface stability: Not stable + Security supported: No + +### Tech Preview + + Functional completeness: Yes + Functional stability: Quirky + Interface stability: Provisionally stable + Security supported: No + +#### Supported + + Functional completeness: Yes + Functional stability: Normal + Interface stability: Yes + Security supported: Yes + +#### Deprecated + + Functional completeness: Yes + Functional stability: Quirky + Interface stability: No (as in, may disappear the next release) + Security supported: Yes + +All of these may appear in modified form. +There are several interfaces, for instance, +which are officially declared as not stable; +in such a case this feature may be described as "Stable / Interface not stable". + +## Definition of the status label interpretation tags + +### Functionally complete + +Does it behave like a fully functional feature? +Does it work on all expected platforms, +or does it only work for a very specific sub-case? +Does it have a sensible UI, +or do you have to have a deep understanding of the internals +to get it to work properly? + +### Functional stability + +What is the risk of it exhibiting bugs? + +General answers to the above: + + * **Here be dragons** + + Pretty likely to still crash / fail to work. + Not recommended unless you like life on the bleeding edge. + + * **Quirky** + + Mostly works but may have odd behavior here and there. + Recommended for playing around or for non-production use cases. + + * **Normal** + + Ready for production use + +### Interface stability + +If I build a system based on the current interfaces, +will they still work when I upgrade to the next version? + + * **Not stable** + + Interface is still in the early stages and + still fairly likely to be broken in future updates. + + * **Provisionally stable** + + We're not yet promising backwards compatibility, + but we think this is probably the final form of the interface. + It may still require some tweaks. + + * **Stable** + + We will try very hard to avoid breaking backwards compatibility, + and to fix any regressions that are reported. + +### Security supported + +Will XSAs be issued if security-related bugs are discovered +in the functionality? + +If "no", +anyone who finds a security-related bug in the feature +will be advised to +post it publicly to the Xen Project mailing lists +(or contact another security response team, +if a relevant one exists). + +Bugs found after the end of **Security-Support-Until** +in the Release Support section will receive an XSA +if they also affect newer, security-supported, versions of Xen. +However, the Xen Project will not provide official fixes +for non-security-supported versions. + +Three common 'diversions' from the 'Supported' category +are given the following labels: + + * **Supported, Not security supported** + + Functionally complete, normal stability, + interface stable, but no security support + + * **Supported, Security support external** + + This feature is security supported + by a different organization (not the XenProject). + The extent of support is defined by that organization. + It might be limited, e.g. like described in **Supported, with caveats** + below. + See **External security support** below. + + * **Supported, with caveats** + + This feature is security supported only under certain conditions, + or support is given only for certain aspects of the feature, + or the feature should be used with care + because it is easy to use insecurely without knowing it. + Additional details will be given in the description. + +### Interaction with other features + +Not all features interact well with all other features. +Some features are only for HVM guests; some don't work with migration, &c. + +### External security support + +The XenProject security team +provides security support for XenProject projects. + +We also provide security support for Xen-related code in Linux, +which is an external project but doesn't have its own security process. + +External projects that provide their own security support for Xen-related features are listed below. + + * QEMU https://wiki.qemu.org/index.php/SecurityProcess + + * Libvirt https://libvirt.org/securityprocess.html + + * FreeBSD https://www.freebsd.org/security/ + + * NetBSD http://www.netbsd.org/support/security/ + + * OpenBSD https://www.openbsd.org/security.html diff --git a/src/xen/autogen.sh b/src/xen/autogen.sh new file mode 100755 index 0000000000000000000000000000000000000000..2be836008ac32934e880a597cf2da26bd7f807db --- /dev/null +++ b/src/xen/autogen.sh @@ -0,0 +1,12 @@ +#!/bin/sh -e +autoconf -f +( cd tools + autoconf -f + autoheader +) +( cd stubdom + autoconf -f +) +( cd docs + autoconf -f +) diff --git a/src/xen/automation/build/Makefile b/src/xen/automation/build/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..4df43b040777100956a48569931b8771b653bec7 --- /dev/null +++ b/src/xen/automation/build/Makefile @@ -0,0 +1,40 @@ + +# the base of where these containers will appear +REGISTRY := registry.gitlab.com/xen-project/xen +CONTAINERS := $(filter-out yocto/%,$(subst .dockerfile,,$(wildcard */*.dockerfile))) +CONTAINERS_EXTRA = +DOCKER_CMD ?= docker + +help: + @echo "Builds containers for building Xen based on different distros" + @echo "To build one run 'make DISTRO/VERSION'. Available containers:" + @$(foreach file,$(sort $(CONTAINERS)),echo $(file);) + @echo "Extra containers (not built using make all):" + @$(foreach file,$(sort $(CONTAINERS_EXTRA)),echo $(file);) + @echo "To push container builds, set the env var PUSH" + +include yocto/yocto.inc + +%: %.dockerfile ## Builds containers + $(DOCKER_CMD) build --pull -t $(REGISTRY)/$(@D):$(@F) -f $< $( 4.11, and you want to use containers +that run old glibc (for example, CentOS 6 or SLES11SP4), you may need to add + +``` +vsyscall=emulate +``` + +to the host kernel command line. That enables a legacy interface that is used +by old glibc. + + +Building a container +-------------------- + +There is a makefile to make this process easier. You should be +able to run `make DISTRO/VERSION` to have Docker build the container +for you. If you define the `PUSH` environment variable when running the +former `make` command, it will push the container to the [registry] if +you have access to do so and have your Docker logged into the registry. + +To login you must run `docker login registry.gitlab.com`. For more +information see the [registry help]. + +This example shows how to refresh a container for a rolling release +such as openSUSE Tumbleweed. Login with the gitlab.com credentials. + +``` +docker login registry.gitlab.com/xen-project/xen +make -C automation/build suse/opensuse-tumbleweed +env CONTAINER_NO_PULL=1 \ + CONTAINER=tumbleweed \ + CONTAINER_ARGS='-e CC=gcc -e CXX=g++ -e debug=y' \ + automation/scripts/containerize automation/scripts/build < /dev/null +make -C automation/build suse/opensuse-tumbleweed PUSH=1 +``` + +[registry]: https://gitlab.com/xen-project/xen/container_registry +[registry help]: https://gitlab.com/help/user/project/container_registry + + +Building/Running container for a different architecture +------------------------------------------------------- + +On a x86 host, it is possible to build and run containers for other arch (like +running a container made for Arm) with docker taking care of running the +appropriate software to emulate that arch. For this, simply install the package +`qemu-user-static`, and that's it. Then you can start an Arm container on x86 +host like you would start an x86 container. + +If that doesn't work, you might find some information on +[multiarch/qemu-user-static](https://github.com/multiarch/qemu-user-static). diff --git a/src/xen/automation/build/alpine/3.18-arm64v8.dockerfile b/src/xen/automation/build/alpine/3.18-arm64v8.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..91e90220240fc210a582f52eaa528d167fb140a5 --- /dev/null +++ b/src/xen/automation/build/alpine/3.18-arm64v8.dockerfile @@ -0,0 +1,49 @@ +FROM --platform=linux/arm64/v8 alpine:3.18 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apk --no-cache add \ + \ + # xen build deps + argp-standalone \ + autoconf \ + bash \ + bison \ + curl \ + dev86 \ + dtc-dev \ + flex \ + gcc \ + git \ + iasl \ + libaio-dev \ + libfdt \ + linux-headers \ + make \ + musl-dev \ + ncurses-dev \ + ocaml \ + ocaml-findlib \ + patch \ + python3-dev \ + py3-setuptools \ + texinfo \ + util-linux-dev \ + xz-dev \ + yajl-dev \ + zlib-dev \ + \ + # qemu build deps + glib-dev \ + libattr \ + libcap-ng-dev \ + pixman-dev \ + # qubes test deps + openssh-client \ + fakeroot \ diff --git a/src/xen/automation/build/alpine/3.18.dockerfile b/src/xen/automation/build/alpine/3.18.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..8d5dac05b01f9dd1b4a57da5a2f5306ed9e0d2ee --- /dev/null +++ b/src/xen/automation/build/alpine/3.18.dockerfile @@ -0,0 +1,51 @@ +FROM --platform=linux/amd64 alpine:3.18 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apk --no-cache add \ + \ + # xen build deps + argp-standalone \ + autoconf \ + bash \ + bison \ + clang \ + curl \ + dev86 \ + flex \ + g++ \ + gcc \ + git \ + grep \ + iasl \ + libaio-dev \ + libc6-compat \ + linux-headers \ + make \ + musl-dev \ + ncurses-dev \ + ocaml \ + ocaml-findlib \ + patch \ + python3-dev \ + py3-setuptools \ + texinfo \ + util-linux-dev \ + xz-dev \ + yajl-dev \ + zlib-dev \ + \ + # qemu build deps + glib-dev \ + libattr \ + libcap-ng-dev \ + ninja \ + pixman-dev \ + # livepatch-tools deps + elfutils-dev \ diff --git a/src/xen/automation/build/archlinux/current-riscv64.dockerfile b/src/xen/automation/build/archlinux/current-riscv64.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..af75b5c720ce75a8385a0bc0cab8b5c004aaeed5 --- /dev/null +++ b/src/xen/automation/build/archlinux/current-riscv64.dockerfile @@ -0,0 +1,21 @@ +FROM --platform=linux/amd64 archlinux +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +# Packages needed for the build +RUN pacman --noconfirm --needed -Syu \ + base-devel \ + git \ + inetutils \ + riscv64-linux-gnu-binutils \ + riscv64-linux-gnu-gcc \ + riscv64-linux-gnu-glibc \ + # For test phase + qemu-system-riscv + +# Add compiler path +ENV CROSS_COMPILE=riscv64-linux-gnu- + +RUN useradd --create-home user +USER user +WORKDIR /build diff --git a/src/xen/automation/build/archlinux/current.dockerfile b/src/xen/automation/build/archlinux/current.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..d974a1434fd5396c0b280374f1a74ac3a526e934 --- /dev/null +++ b/src/xen/automation/build/archlinux/current.dockerfile @@ -0,0 +1,55 @@ +FROM --platform=linux/amd64 archlinux:base-devel +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +RUN pacman-key --init + +RUN pacman -S --refresh --sysupgrade --noconfirm --noprogressbar --needed \ + bin86 \ + bridge-utils \ + bzip2 \ + dev86 \ + discount \ + dtc \ + e2fsprogs \ + ghostscript \ + git \ + gnutls \ + go \ + iasl \ + inetutils \ + iproute \ + # lib32-glibc for Xen < 4.15 + lib32-glibc \ + libaio \ + libcacard \ + libgl \ + libjpeg-turbo \ + libnl \ + libpng \ + libseccomp \ + net-tools \ + nss \ + perl \ + pixman \ + pkgconfig \ + python \ + python-setuptools \ + sdl \ + sdl2 \ + spice \ + spice-protocol \ + systemd \ + transfig \ + usbredir \ + wget \ + xz \ + yajl \ + zlib \ + && yes | pacman -S --clean --clean + +ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl + +RUN useradd --create-home user +USER user +WORKDIR /build diff --git a/src/xen/automation/build/centos/7.dockerfile b/src/xen/automation/build/centos/7.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..ab450f0b3a0eede5e54adf4733dc1eccefc65ea6 --- /dev/null +++ b/src/xen/automation/build/centos/7.dockerfile @@ -0,0 +1,50 @@ +FROM --platform=linux/amd64 centos:7 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +RUN mkdir /build +WORKDIR /build + +# work around https://github.com/moby/moby/issues/10180 +# and add EPEL for dev86 +RUN rpm --rebuilddb && \ + yum -y install \ + yum-plugin-ovl \ + epel-release \ + && yum clean all && \ + rm -rf /var/cache/yum + +# install Xen depends +RUN yum -y update \ + && yum -y install \ + gcc \ + gcc-c++ \ + ncurses-devel \ + zlib-devel \ + openssl-devel \ + python-devel \ + libuuid-devel \ + pkgconfig \ + flex \ + bison \ + libaio-devel \ + glib2-devel \ + yajl-devel \ + pixman-devel \ + glibc-devel \ + # glibc-devel.i686 for Xen < 4.15 + glibc-devel.i686 \ + make \ + binutils \ + git \ + wget \ + acpica-tools \ + python-markdown \ + patch \ + checkpolicy \ + dev86 \ + xz-devel \ + bzip2 \ + nasm \ + && yum clean all && \ + rm -rf /var/cache/yum diff --git a/src/xen/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile b/src/xen/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..a05ffeac04f98ec4462a4696fe77911ce73d967d --- /dev/null +++ b/src/xen/automation/build/debian/bookworm-arm64v8-arm32-gcc.dockerfile @@ -0,0 +1,23 @@ +FROM --platform=linux/arm64/v8 debian:bookworm +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root +ENV CROSS_COMPILE /usr/bin/arm-linux-gnueabihf- + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + flex \ + bison \ + git \ + gcc-arm-linux-gnueabihf \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/bookworm-arm64v8.dockerfile b/src/xen/automation/build/debian/bookworm-arm64v8.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..2c432aacb765ee5548c33752c639ed4146821417 --- /dev/null +++ b/src/xen/automation/build/debian/bookworm-arm64v8.dockerfile @@ -0,0 +1,55 @@ +FROM --platform=linux/arm64/v8 debian:bookworm +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python3-dev \ + python3-setuptools \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + libfdt-dev \ + bin86 \ + bcc \ + liblzma-dev \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + # for test phase, qemu-smoke-* jobs + u-boot-qemu \ + u-boot-tools \ + device-tree-compiler \ + curl \ + cpio \ + busybox-static \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/bookworm-cppcheck.dockerfile b/src/xen/automation/build/debian/bookworm-cppcheck.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..633268376d5689329190fd7c17c8665533d5384d --- /dev/null +++ b/src/xen/automation/build/debian/bookworm-cppcheck.dockerfile @@ -0,0 +1,53 @@ +FROM --platform=linux/arm64/v8 debian:bookworm AS builder + +ENV DEBIAN_FRONTEND=noninteractive +ENV CPPCHECK_VERSION=2.7 +ENV USER root + +# dependencies for cppcheck build +RUN apt-get update && \ + apt-get --quiet --yes install \ + curl \ + build-essential \ + python-is-python3 \ + libpcre3-dev + +RUN mkdir /build +WORKDIR /build + +# cppcheck release build (see cppcheck readme.md) +RUN curl -fsSLO https://github.com/danmar/cppcheck/archive/"$CPPCHECK_VERSION".tar.gz && \ + tar xvzf "$CPPCHECK_VERSION".tar.gz && \ + cd cppcheck-"$CPPCHECK_VERSION" && \ + make install -j$(nproc) \ + MATCHCOMPILER=yes \ + FILESDIR=/usr/share/cppcheck \ + HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" + +FROM --platform=linux/arm64/v8 debian:bookworm +COPY --from=builder /usr/bin/cppcheck /usr/bin/cppcheck +COPY --from=builder /usr/share/cppcheck /usr/share/cppcheck + +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# dependencies for cppcheck analysis including Xen-only build/cross-build +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + python-is-python3 \ + libpcre3-dev \ + flex \ + bison \ + gcc-arm-linux-gnueabihf \ + gcc-x86-64-linux-gnu \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/bookworm-i386.dockerfile b/src/xen/automation/build/debian/bookworm-i386.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..89a650338566ff8c162b18d1fa398c10871a1351 --- /dev/null +++ b/src/xen/automation/build/debian/bookworm-i386.dockerfile @@ -0,0 +1,51 @@ +FROM --platform=linux/i386 debian:bookworm +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +ENTRYPOINT ["linux32"] + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python3-dev \ + python3-setuptools \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + libc6-dev \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + apt-transport-https \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/bookworm.dockerfile b/src/xen/automation/build/debian/bookworm.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..459f8e30bdc6ea63a90d4825978a1ac1d8b7d803 --- /dev/null +++ b/src/xen/automation/build/debian/bookworm.dockerfile @@ -0,0 +1,57 @@ +FROM --platform=linux/amd64 debian:bookworm +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python3-dev \ + python3-setuptools \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 + libc6-dev-i386 \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + gnupg \ + apt-transport-https \ + golang \ + # for test phase, qemu-smoke-* jobs + qemu-system-x86 \ + # for test phase, qemu-alpine-* jobs + cpio \ + busybox-static \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/bullseye-ppc64le.dockerfile b/src/xen/automation/build/debian/bullseye-ppc64le.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..6fdfb6bc2b40f7428db88dbcc2a28f8b39ec8a8c --- /dev/null +++ b/src/xen/automation/build/debian/bullseye-ppc64le.dockerfile @@ -0,0 +1,31 @@ +FROM --platform=linux/amd64 debian:bullseye-slim +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +# Add compiler path +ENV CROSS_COMPILE powerpc64le-linux-gnu- + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes --no-install-recommends install \ + bison \ + build-essential \ + checkpolicy \ + flex \ + gawk \ + gcc-powerpc64le-linux-gnu \ + make \ + python3-minimal \ + # QEMU runtime dependencies for test phase + libglib2.0-0 \ + libpixman-1-0 \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/buster-gcc-ibt.dockerfile b/src/xen/automation/build/debian/buster-gcc-ibt.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..6a3e50ef6b3fb500d025d65fbf603ac411634a91 --- /dev/null +++ b/src/xen/automation/build/debian/buster-gcc-ibt.dockerfile @@ -0,0 +1,69 @@ +FROM --platform=linux/amd64 debian:buster-slim AS builder + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN apt-get update && \ + apt-get --quiet --yes --no-install-recommends install \ + bison \ + build-essential \ + ca-certificates \ + flex \ + g++-multilib \ + libc6-dev-i386 \ + libgmp-dev \ + libisl-dev \ + libmpc-dev \ + libmpfr-dev \ + patch \ + wget + +RUN mkdir /build +WORKDIR /build + +RUN wget -q https://ftp.gnu.org/gnu/gcc/gcc-11.3.0/gcc-11.3.0.tar.xz -O - | tar xJ --strip=1 +RUN wget -q https://xenbits.xen.org/people/andrewcoop/gcc-11.2-Add-fcf-check-attribute-yes-no.patch -O - | patch -p1 +RUN ./configure \ + --prefix=/opt/gcc-11-ibt \ + --enable-languages=c \ + --disable-nls \ + --disable-threads \ + --disable-bootstrap \ + --disable-shared \ + --disable-libmudflap \ + --disable-libssp \ + --disable-libgomp \ + --disable-decimal-float \ + --disable-libquadmath \ + --disable-libatomic \ + --disable-libcc1 \ + --disable-libmpx +RUN make -j`nproc` && make -j`nproc` install + + +FROM --platform=linux/amd64 debian:buster-slim +COPY --from=builder /opt/gcc-11-ibt /opt/gcc-11-ibt + +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root +ENV PATH="/opt/gcc-11-ibt/bin:${PATH}" + +RUN mkdir /build +WORKDIR /build + +RUN apt-get update && \ + apt-get --quiet --yes --no-install-recommends install \ + bison \ + build-essential \ + checkpolicy \ + flex \ + gawk \ + make \ + python3-minimal \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/jessie-i386.dockerfile b/src/xen/automation/build/debian/jessie-i386.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..a8dec82bb2997ab7ac292bc91814946dfebce2d5 --- /dev/null +++ b/src/xen/automation/build/debian/jessie-i386.dockerfile @@ -0,0 +1,56 @@ +FROM --platform=linux/i386 debian/eol:jessie +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +ENTRYPOINT ["linux32"] + +# replace repos in archive as release is EOL +RUN cat <<"END" > /etc/apt/sources.list +deb http://archive.debian.org/debian/ jessie main contrib non-free +deb http://archive.debian.org/debian/ jessie-backports main contrib non-free +deb http://archive.debian.org/debian-security/ jessie/updates main contrib non-free +END + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python-dev \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + libc6-dev \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/jessie.dockerfile b/src/xen/automation/build/debian/jessie.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..32fc952fbc2de25e264004f404d1ffe4b5d068da --- /dev/null +++ b/src/xen/automation/build/debian/jessie.dockerfile @@ -0,0 +1,55 @@ +FROM --platform=linux/amd64 debian/eol:jessie +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# replace repos in archive as release is EOL +RUN cat <<"END" > /etc/apt/sources.list +deb http://archive.debian.org/debian/ jessie main contrib non-free +deb http://archive.debian.org/debian/ jessie-backports main contrib non-free +deb http://archive.debian.org/debian-security/ jessie/updates main contrib non-free +END + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python-dev \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 + libc6-dev-i386 \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/stretch-i386.dockerfile b/src/xen/automation/build/debian/stretch-i386.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..da93fed8ea683b405a8376ca2a8ae5c2ffd20ea5 --- /dev/null +++ b/src/xen/automation/build/debian/stretch-i386.dockerfile @@ -0,0 +1,58 @@ +FROM --platform=linux/i386 debian:stretch +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +ENTRYPOINT ["linux32"] + +# replace repos in archive as release is EOL +RUN cat <<"END" > /etc/apt/sources.list +deb http://archive.debian.org/debian/ stretch main contrib non-free +deb http://archive.debian.org/debian/ stretch-backports main contrib non-free +deb http://archive.debian.org/debian-security/ stretch/updates main contrib non-free +END + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python-dev \ + python3-dev \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + libc6-dev \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + apt-transport-https \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/debian/stretch.dockerfile b/src/xen/automation/build/debian/stretch.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..e2706a8f3589cbcf4cf5f72d72bd8a92ffdb0dc8 --- /dev/null +++ b/src/xen/automation/build/debian/stretch.dockerfile @@ -0,0 +1,63 @@ +FROM --platform=linux/amd64 debian:stretch +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# replace repos in archive as release is EOL +RUN cat <<"END" > /etc/apt/sources.list +deb http://archive.debian.org/debian/ stretch main contrib non-free +deb http://archive.debian.org/debian/ stretch-backports main contrib non-free +deb http://archive.debian.org/debian-security/ stretch/updates main contrib non-free +END + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python-dev \ + python3-dev \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 + libc6-dev-i386 \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + gnupg \ + apt-transport-https \ + # for test phase, qemu-smoke-* jobs + qemu-system-x86 \ + # for test phase, qemu-alpine-* jobs + cpio \ + busybox-static \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/fedora/29.dockerfile b/src/xen/automation/build/fedora/29.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..42a87ce6c84bc2ee96c2a25802ae070761833bec --- /dev/null +++ b/src/xen/automation/build/fedora/29.dockerfile @@ -0,0 +1,48 @@ +FROM --platform=linux/amd64 fedora:29 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +# install Xen depends +RUN dnf -y install \ + clang \ + gcc \ + gcc-c++ \ + ncurses-devel \ + zlib-devel \ + openssl-devel \ + python-devel \ + python3-devel \ + libuuid-devel \ + pkgconfig \ + flex \ + bison \ + libaio-devel \ + glib2-devel \ + yajl-devel \ + pixman-devel \ + glibc-devel \ + # glibc-devel.i686 for Xen < 4.15 + glibc-devel.i686 \ + make \ + binutils \ + git \ + wget \ + acpica-tools \ + python-markdown \ + patch \ + checkpolicy \ + dev86 \ + xz-devel \ + bzip2 \ + nasm \ + ocaml \ + ocaml-findlib \ + golang \ + # QEMU + ninja-build \ + && dnf clean all && \ + rm -rf /var/cache/dnf + +RUN useradd --create-home user +USER user +WORKDIR /build diff --git a/src/xen/automation/build/suse/opensuse-leap.dockerfile b/src/xen/automation/build/suse/opensuse-leap.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..e1ec38a41445a34bea18bb23b6b48401178d4c92 --- /dev/null +++ b/src/xen/automation/build/suse/opensuse-leap.dockerfile @@ -0,0 +1,75 @@ +FROM --platform=linux/amd64 opensuse/leap +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +RUN zypper ref && zypper up -y --no-recommends +RUN zypper install -y --no-recommends \ + acpica \ + bc \ + bin86 \ + bison \ + bzip2 \ + checkpolicy \ + clang \ + cmake \ + dev86 \ + diffutils \ + discount \ + flex \ + gawk \ + gcc \ + gcc-c++ \ + git \ + ghostscript \ + glib2-devel \ + glibc-devel \ + # glibc-devel-32bit for Xen < 4.15 + glibc-devel-32bit \ + gzip \ + hostname \ + libaio-devel \ + libbz2-devel \ + libext2fs-devel \ + libgnutls-devel \ + libjpeg62-devel \ + libnl3-devel \ + libnuma-devel \ + libpixman-1-0-devel \ + libpng16-devel \ + libssh2-devel \ + libtasn1-devel \ + libuuid-devel \ + libyajl-devel \ + lzo-devel \ + make \ + nasm \ + ncurses-devel \ + ocaml \ + ocaml-findlib-devel \ + ocaml-ocamlbuild \ + ocaml-ocamldoc \ + pandoc \ + patch \ + pkg-config \ + 'pkgconfig(libpci)' \ + 'pkgconfig(sdl)' \ + 'pkgconfig(sdl2)' \ + python3-devel \ + python3-setuptools \ + systemd-devel \ + tar \ + transfig \ + valgrind-devel \ + wget \ + which \ + xz-devel \ + zlib-devel \ + # QEMU + ninja \ + && \ + zypper clean -a diff --git a/src/xen/automation/build/suse/opensuse-tumbleweed.dockerfile b/src/xen/automation/build/suse/opensuse-tumbleweed.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..38f6fda2ff1b77d73229635b7f335ff5a7df3565 --- /dev/null +++ b/src/xen/automation/build/suse/opensuse-tumbleweed.dockerfile @@ -0,0 +1,76 @@ +FROM --platform=linux/amd64 opensuse/tumbleweed +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +RUN zypper ref && zypper dup -y --no-recommends +RUN zypper install -y --no-recommends \ + acpica \ + bc \ + bin86 \ + bison \ + bzip2 \ + checkpolicy \ + clang \ + cmake \ + dev86 \ + diffutils \ + discount \ + flex \ + gawk \ + gcc \ + gcc-c++ \ + git \ + ghostscript \ + glib2-devel \ + glibc-devel \ + # glibc-devel-32bit for Xen < 4.15 + glibc-devel-32bit \ + gzip \ + hostname \ + libaio-devel \ + libbz2-devel \ + libext2fs-devel \ + libgnutls-devel \ + libjpeg62-devel \ + libnl3-devel \ + libnuma-devel \ + libpixman-1-0-devel \ + libpng16-devel \ + libssh2-devel \ + libtasn1-devel \ + libuuid-devel \ + libyajl-devel \ + libzstd-devel \ + lzo-devel \ + make \ + meson \ + nasm \ + ncurses-devel \ + ninja \ + ocaml \ + ocaml-findlib-devel \ + ocaml-ocamlbuild \ + ocaml-ocamldoc \ + pandoc \ + patch \ + pkg-config \ + 'pkgconfig(libpci)' \ + 'pkgconfig(sdl)' \ + 'pkgconfig(sdl2)' \ + python3-devel \ + python3-setuptools \ + systemd-devel \ + tar \ + transfig \ + valgrind-devel \ + wget \ + which \ + xz-devel \ + zlib-devel \ + && \ + zypper clean -a diff --git a/src/xen/automation/build/ubuntu/bionic.dockerfile b/src/xen/automation/build/ubuntu/bionic.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..77d7f933860c7177b79554d252cee716f3f35311 --- /dev/null +++ b/src/xen/automation/build/ubuntu/bionic.dockerfile @@ -0,0 +1,51 @@ +FROM --platform=linux/amd64 ubuntu:18.04 +LABEL maintainer.name="The Xen Project " \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python-dev \ + python3-dev \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 + libc6-dev-i386 \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + # QEMU + ninja-build \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/ubuntu/focal.dockerfile b/src/xen/automation/build/ubuntu/focal.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..30a9b8e84ffe04fd077f28d7ed7e9b2cea3534a9 --- /dev/null +++ b/src/xen/automation/build/ubuntu/focal.dockerfile @@ -0,0 +1,51 @@ +FROM --platform=linux/amd64 ubuntu:20.04 +LABEL maintainer.name="The Xen Project " \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python3-dev \ + python3-setuptools \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 + libc6-dev-i386 \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + libsystemd-dev \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + # QEMU + ninja-build \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/ubuntu/trusty.dockerfile b/src/xen/automation/build/ubuntu/trusty.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..0d33578c4e1d6ef7782bd3b78dbec91c73895978 --- /dev/null +++ b/src/xen/automation/build/ubuntu/trusty.dockerfile @@ -0,0 +1,54 @@ +FROM --platform=linux/amd64 ubuntu:14.04 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python-dev \ + python3-dev \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 + libc6-dev-i386 \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* + +# Remove expired certificate that Let's Encrypt certificates used to relie on. +# (Not needed anymore) +RUN sed -i 's#mozilla/DST_Root_CA_X3\.crt#!\0#' /etc/ca-certificates.conf && \ + update-ca-certificates diff --git a/src/xen/automation/build/ubuntu/xenial-xilinx.dockerfile b/src/xen/automation/build/ubuntu/xenial-xilinx.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..49f27b322995563e81a40818d2869dd9ee3edabd --- /dev/null +++ b/src/xen/automation/build/ubuntu/xenial-xilinx.dockerfile @@ -0,0 +1,25 @@ +FROM --platform=linux/amd64 ubuntu:16.04 +LABEL maintainer.name="The Xen Project " \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# board bringup depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + snmp \ + snmp-mibs-downloader \ + u-boot-tools \ + device-tree-compiler \ + cpio \ + git \ + gzip \ + file \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/ubuntu/xenial.dockerfile b/src/xen/automation/build/ubuntu/xenial.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..e8035434f80417521abdba21b0d36c241b34d34a --- /dev/null +++ b/src/xen/automation/build/ubuntu/xenial.dockerfile @@ -0,0 +1,49 @@ +FROM --platform=linux/amd64 ubuntu:16.04 +LABEL maintainer.name="The Xen Project " \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + zlib1g-dev \ + libncurses5-dev \ + libssl-dev \ + python-dev \ + python3-dev \ + xorg-dev \ + uuid-dev \ + libyajl-dev \ + libaio-dev \ + libglib2.0-dev \ + clang \ + libpixman-1-dev \ + pkg-config \ + flex \ + bison \ + acpica-tools \ + bin86 \ + bcc \ + liblzma-dev \ + # libc6-dev-i386 for Xen < 4.15 + libc6-dev-i386 \ + libnl-3-dev \ + ocaml-nox \ + libfindlib-ocaml-dev \ + markdown \ + transfig \ + pandoc \ + checkpolicy \ + wget \ + git \ + nasm \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/build/yocto/build-yocto.sh b/src/xen/automation/build/yocto/build-yocto.sh new file mode 100755 index 0000000000000000000000000000000000000000..93ce81ce826cffaa7491bf9e318a617bc626eabe --- /dev/null +++ b/src/xen/automation/build/yocto/build-yocto.sh @@ -0,0 +1,372 @@ +#!/bin/bash +# +# Yocto meta virtualization build and run script +# +# This script is building Yocto xen-image-minimal for qemu targets and run +# them using runqemu inside yocto to check that dom0 is booting properly. +# The build is using a local xen source tree so that specific patches can be +# tested. +# In order to optimize the build time, a build cache is used so that only xen +# packages and its dependencies are rebuilt (qemu and final image mainly). +# +# get command error even when piped. +set -o pipefail + +# Directories +YOCTODIR="$HOME/yocto-layers" +CACHEDIR="$HOME/yocto-cache" +LOGDIR="$HOME/logs" +XENDIR="$HOME/xen" +BUILDDIR="$HOME/build" +OUTPUTDIR=`pwd`/binaries + +# what yocto bsp we support +TARGET_SUPPORTED="qemuarm qemuarm64 qemux86-64" +VERBOSE="n" +TARGETLIST="" +BUILDJOBS="8" + +# actions to do +do_clean="n" +do_build="y" +do_run="y" +do_localsrc="n" +do_dump="n" +do_copy="n" +build_result=0 + +# layers to include in the project +build_layerlist="poky/meta poky/meta-poky poky/meta-yocto-bsp \ + meta-openembedded/meta-oe meta-openembedded/meta-python \ + meta-openembedded/meta-filesystems \ + meta-openembedded/meta-networking meta-virtualization" + +# yocto image to build +build_image="xen-image-minimal" + +function print_progress() { + echo -n "$(date +%T) $*" +} + +function run_task() { + local task_name="$1" + local task_target="$2" + + task_log="${task_name//project_}-${task_target}" + + mkdir -p "${LOGDIR}" + print_progress + echo -n "${task_name//project_} ${task_target}: " + if [ "${VERBOSE}" = "n" ]; then + "$@" > "${LOGDIR}/${task_log}.log" 2>&1 + else + "$@" 2>&1 | tee "${LOGDIR}/${task_log}.log" + fi + + if [ ${?} -ne 0 ]; then + echo "Error" + build_result=$((build_result+1)) + if [ "${do_dump}" = "y" ]; then + echo + echo "############ LOGS-START ############" + cat "${LOGDIR}/${task_log}.log" + echo "############ LOGS-END ############" + echo + fi + return 1 + else + echo "OK" + return 0 + fi +} + +function project_create() { + target="${1:?}" + destdir="${BUILDDIR}/${target}" + + ( + # init yocto project + source "${YOCTODIR}/poky/oe-init-build-env" "${destdir}" + + # add needed layers + for layer in ${build_layerlist}; do + bitbake-layers add-layer "${YOCTODIR}/${layer}" || exit 1 + done + ) || return 1 + + # Detect latest version available in Yocto and use it instead of default + # one. + XENVERS=$(grep -e "^XEN_REL" \ + "${YOCTODIR}"/meta-virtualization/recipes-extended/xen/xen_*.bb \ + 2> /dev/null | tr -d ' ' | tr -d '?' | tr -d '"' \ + | sed -e "s/.*=//" | sort -V | tail -n 1) + + # customize project configuration + cat <> "${destdir}/conf/local.conf" +# Yocto BSP +MACHINE = "${target}" + +# Use local cache to reuse previous builds results +SSTATE_DIR = "${CACHEDIR}/sstate-cache" +DL_DIR = "${CACHEDIR}/downloads" + +# Enable xen and virtualization +DISTRO_FEATURES = " virtualization xen ipv4" + +# Speed up run by not generating ssh host keys +IMAGE_INSTALL:append:pn-xen-image-minimal = " ssh-pregen-hostkeys" + +# Save some disk space +INHERIT += "rm_work" + +# Reduce number of jobs +BB_NUMBER_THREADS="${BUILDJOBS}" + +# Use latest Xen version +PREFERRED_VERSION:pn-xen = "${XENVERS}%" +PREFERRED_VERSION:pn-xen-tools = "${XENVERS}%" + +# Use autorev for now as Xen SHA used by latest yocto recipe for Xen does not +# include fixes required to build x86 on arm +SRCREV:pn-xen = "\${AUTOREV}" +SRCREV:pn-xen-tools = "\${AUTOREV}" + +# Disable all QA errors as the recipe is not up to date with changes in Xen +# when we use local sources +ERROR_QA:pn-xen = "arch" +ERROR_QA:pn-xen-tools = "arch" + +EOF + + if [ "${do_localsrc}" = "y" ]; then + XENBASE=$(dirname "$(realpath -m "${XENDIR}")") + XENSUB=$(basename "$(realpath -m "${XENDIR}")") + + cat <> "${destdir}/conf/local.conf" +# Use local sources for xen and xen-tools +FILESEXTRAPATHS:prepend:pn-xen := "${XENBASE}:" +FILESEXTRAPATHS:prepend:pn-xen-tools := "${XENBASE}:" + +SRC_URI:pn-xen = "file://${XENSUB}/;subdir=local-xen/" +SRC_URI:pn-xen-tools = "file://${XENSUB}/;subdir=local-xen/" + +S:pn-xen = "\${WORKDIR}/local-xen/${XENSUB}" +S:pn-xen-tools = "\${WORKDIR}/local-xen/${XENSUB}" + +SRCPV:pn-xen = "1" +SRCPV:pn-xen-tools = "1" + +EOF + fi +} + +function project_build() { + target="${1:?}" + destdir="${BUILDDIR}/${target}" + + ( + source "${YOCTODIR}/poky/oe-init-build-env" "${destdir}" + + bitbake "${build_image}" || exit 1 + if [ $do_copy = "y" ] + then + if [ $target = "qemuarm" ] + then + mkdir -p $OUTPUTDIR + cp $BUILDDIR/tmp/deploy/images/qemuarm/zImage $OUTPUTDIR + cp $BUILDDIR/tmp/deploy/images/qemuarm/xen-qemuarm $OUTPUTDIR + cp $BUILDDIR/tmp/deploy/images/qemuarm/xen-image-minimal-qemuarm.tar.bz2 $OUTPUTDIR + fi + fi + ) || return 1 +} + +function project_clean() { + target="${1:?}" + destdir="${BUILDDIR}/${target}" + + rm -rf "${destdir}" +} + +function project_run() { + target="${1:?}" + destdir="${BUILDDIR}/${target}" + ( + source "${YOCTODIR}/poky/oe-init-build-env" "${destdir}" > /dev/null 2>&1 + + /usr/bin/expect < $$@ + +endef + +$(eval $(foreach version,$(YOCTO_VERSION),\ + $(foreach target,$(YOCTO_TARGETS),\ + $(foreach arch,$(YOCTO_ARCHS),\ + $(call GEN_DOCKER,$(version),$(target),$(arch),$(if $(filter amd64,$(arch)),,-$(arch))))))) diff --git a/src/xen/automation/eclair_analysis/ECLAIR/Set1.ecl b/src/xen/automation/eclair_analysis/ECLAIR/Set1.ecl new file mode 100644 index 0000000000000000000000000000000000000000..86b8e7e772454f04961931e680bad8a478a937d0 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/Set1.ecl @@ -0,0 +1,59 @@ +-doc_begin="Set 1 of Xen MISRA C guidelines" +-enable=MC3R1.R9.1 +-enable=MC3R1.R12.5 +-enable=MC3R1.R17.3 +-enable=MC3R1.R17.4 +-enable=MC3R1.R17.6 +-enable=MC3R1.R19.1 +-enable=MC3R1.R21.13 +-enable=MC3R1.R21.17 +-enable=MC3R1.R21.18 +-enable=MC3R1.R21.19 +-enable=MC3R1.R21.20 +-enable=MC3R1.R21.21 +-enable=MC3R1.R22.2 +-enable=MC3R1.R22.4 +-enable=MC3R1.R22.5 +-enable=MC3R1.R22.6 +-enable=MC3R1.D1.1 +-enable=MC3R1.D2.1 +-enable=MC3R1.D4.1 +-enable=MC3R1.D4.3 +-enable=MC3R1.D4.7 +-enable=MC3R1.D4.10 +-enable=MC3R1.D4.11 +-enable=MC3R1.D4.14 +-enable=MC3R1.R1.1 +-enable=MC3R1.R1.3 +-enable=MC3R1.R1.4 +-enable=MC3R1.R2.1 +-enable=MC3R1.R2.2 +-enable=MC3R1.R3.1 +-enable=MC3R1.R3.2 +-enable=MC3R1.R4.1 +-enable=MC3R1.R5.1 +-enable=MC3R1.R5.2 +-enable=MC3R1.R5.3 +-enable=MC3R1.R5.4 +-enable=MC3R1.R5.6 +-enable=MC3R1.R6.1 +-enable=MC3R1.R6.2 +-enable=MC3R1.R7.1 +-enable=MC3R1.R7.2 +-enable=MC3R1.R7.3 +-enable=MC3R1.R7.4 +-enable=MC3R1.R8.1 +-enable=MC3R1.R8.2 +-enable=MC3R1.R8.3 +-enable=MC3R1.R8.4 +-enable=MC3R1.R8.5 +-enable=MC3R1.R8.6 +-enable=MC3R1.R8.8 +-enable=MC3R1.R8.10 +-enable=MC3R1.R8.12 +-enable=MC3R1.R8.14 +-enable=MC3R1.R9.2 +-enable=MC3R1.R9.3 +-enable=MC3R1.R9.4 +-enable=MC3R1.R9.5 +-doc_end diff --git a/src/xen/automation/eclair_analysis/ECLAIR/Set2.ecl b/src/xen/automation/eclair_analysis/ECLAIR/Set2.ecl new file mode 100644 index 0000000000000000000000000000000000000000..7608335cf4a8280038a6fe08c95e569e1230b83a --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/Set2.ecl @@ -0,0 +1,25 @@ +-doc_begin="Set 2 of Xen MISRA C guidelines" +-enable=MC3R1.R10.1 +-enable=MC3R1.R10.2 +-enable=MC3R1.R10.3 +-enable=MC3R1.R10.4 +-enable=MC3R1.R10.6 +-enable=MC3R1.R10.7 +-enable=MC3R1.R10.8 +-enable=MC3R1.R11.1 +-enable=MC3R1.R11.2 +-enable=MC3R1.R11.3 +-enable=MC3R1.R11.6 +-enable=MC3R1.R11.7 +-enable=MC3R1.R11.8 +-enable=MC3R1.R11.9 +-enable=MC3R1.R12.2 +-enable=MC3R1.R13.1 +-enable=MC3R1.R13.2 +-enable=MC3R1.R13.5 +-enable=MC3R1.R13.6 +-enable=MC3R1.R14.1 +-enable=MC3R1.R14.2 +-enable=MC3R1.R14.3 +-enable=MC3R1.R14.4 +-doc_end diff --git a/src/xen/automation/eclair_analysis/ECLAIR/Set3.ecl b/src/xen/automation/eclair_analysis/ECLAIR/Set3.ecl new file mode 100644 index 0000000000000000000000000000000000000000..d2c2c4b21f29aa2a825e249232ed87ef8bcdaeec --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/Set3.ecl @@ -0,0 +1,67 @@ +-doc_begin="Set 3 of Xen MISRA C guidelines" +-enable=MC3R1.D4.12 +-enable=MC3R1.R5.5 +-enable=MC3R1.R5.7 +-enable=MC3R1.R5.8 +-enable=MC3R1.R15.2 +-enable=MC3R1.R15.3 +-enable=MC3R1.R15.6 +-enable=MC3R1.R15.7 +-enable=MC3R1.R16.1 +-enable=MC3R1.R16.2 +-enable=MC3R1.R16.3 +-enable=MC3R1.R16.4 +-enable=MC3R1.R16.5 +-enable=MC3R1.R16.6 +-enable=MC3R1.R16.7 +-enable=MC3R1.R17.1 +-enable=MC3R1.R17.2 +-enable=MC3R1.R17.5 +-enable=MC3R1.R17.7 +-enable=MC3R1.R18.1 +-enable=MC3R1.R18.2 +-enable=MC3R1.R18.3 +-enable=MC3R1.R18.6 +-enable=MC3R1.R18.7 +-enable=MC3R1.R18.8 +-enable=MC3R1.R20.2 +-enable=MC3R1.R20.3 +-enable=MC3R1.R20.4 +-enable=MC3R1.R20.6 +-enable=MC3R1.R20.7 +-enable=MC3R1.R20.8 +-enable=MC3R1.R20.9 +-enable=MC3R1.R20.11 +-enable=MC3R1.R20.12 +-enable=MC3R1.R20.13 +-enable=MC3R1.R20.14 +-enable=MC3R1.R21.1 +-enable=MC3R1.R21.2 +-enable=MC3R1.R21.3 +-enable=MC3R1.R21.4 +-enable=MC3R1.R21.5 +-enable=MC3R1.R21.6 +-enable=MC3R1.R21.7 +-enable=MC3R1.R21.8 +-enable=MC3R1.R21.9 +-enable=MC3R1.R21.10 +-enable=MC3R1.R21.12 +-enable=MC3R1.R21.14 +-enable=MC3R1.R21.15 +-enable=MC3R1.R21.16 +-enable=MC3R1.R22.1 +-enable=MC3R1.R22.3 +-enable=MC3R1.R22.7 +-enable=MC3R1.R22.8 +-enable=MC3R1.R22.9 +-enable=MC3R1.R22.10 +-enable=MC3R1.R2.6 +-enable=MC3R1.R4.2 +-doc_end + +-doc_begin="Guidelines added with Xen MISRA C Task (a): Xen Coding Guidelines v1.1, June 1, 2023" +-enable=MC3R1.R21.11 +-enable=MC3R1.D4.4 +-enable=MC3R1.R8.9 +-enable=MC3R1.R12.4 +-doc_end diff --git a/src/xen/automation/eclair_analysis/ECLAIR/action.helpers b/src/xen/automation/eclair_analysis/ECLAIR/action.helpers new file mode 100644 index 0000000000000000000000000000000000000000..df9bf2bd11af7d836aca03e6a55125be30a70516 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/action.helpers @@ -0,0 +1,239 @@ +esc=$(printf '\e') +cr=$(printf '\r') + +if [ -n "${GITLAB_CI:-}" ]; then + ci=gitlab + eol= + link_start="${esc}[33m" + link_end="${esc}[m" +elif [ -n "${GITHUB_ACTION:-}" ]; then + ci=github + eol="\\" + link_start= + link_end= +elif [ -n "${JENKINS_HOME:-}" ]; then + ci=jenkins + eol="
" + link_start= + link_end= +else + echo "Unexpected CI/CD context" >&2 + exit 1 +fi + +open_section() { + id=$1 + title=$2 + collapsed=$3 + echo "${esc}[0Ksection_start:$(date +%s):${id}${collapsed}${cr}${esc}[0K${esc}[1m${esc}[36m${title}${esc}[m" +} + +close_section() { + id=$1 + echo "${esc}[0Ksection_end:$(date +%s):${id}${cr}${esc}[0K" +} + +summary() { + fixedReports= + newReports= + unfixedReports= + while read -r line; do + var=${line%%: *} + val=${line#*: } + eval "${var}=${val}" + done <"${updateLog}" + + case "${ci}" in + github) + eol="\\" + ;; + gitlab) + eol= + ;; + jenkins) + eol="
" + ;; + *) + eol= + ;; + esac + + currentDbReportsUrl="${eclairReportUrlPrefix}/fs${jobDir}/PROJECT.ecd;/by_service.html#service&kind" + if [ -z "${newReports}" ]; then + fixedMsg="No fixed reports as there is no baseline" + unfixedMsg="Unfixed reports: ${unfixedReports}" + referenceReportsMsgTxt= + referenceReportsMsgLog= + else + fixedMsg="Fixed reports: ${fixedReports}" + unfixedMsg="Unfixed reports: ${unfixedReports} [new: ${newReports}]" + case "${event}" in + pull_request | auto_pull_request) + referenceDbReportsUrl="${eclairReportUrlPrefix}/fs${jobDir}/base/PROJECT.ecd;/by_service.html#service&kind" + reference_kind=base + ;; + push) + referenceDbReportsUrl="${eclairReportUrlPrefix}/fs${jobDir}/prev/PROJECT.ecd;/by_service.html#service&kind" + reference_kind=previous + ;; + *) + echo "Unexpected event ${event}" >&2 + exit 1 + ;; + esac + fi + + case "${ci}" in + jenkins) + if [ -n "${newReports}" ]; then + referenceReportsMsgTxt="Browse ${reference_kind} reports" + fi + cat <"${summaryTxt}" +${fixedMsg}${eol} +${unfixedMsg} ${eol} + + + +

${jobHeadline}

+Browse analysis summary +Browse current reports +${referenceReportsMsgTxt} +EOF + ;; + *) + if [ -n "${newReports}" ]; then + referenceReportsMsgTxt="Browse ${reference_kind} reports: ${referenceDbReportsUrl}" + fi + cat <"${summaryTxt}" + + + +Analysis Summary + +${jobHeadline}${eol} +${fixedMsg}${eol} +${unfixedMsg}${eol} +Browse analysis summary: ${indexHtmlUrl} +Browse current reports: ${currentDbReportsUrl} +${referenceReportsMsgTxt} +EOF + ;; + esac + + analysisSummaryMsgLog="Browse analysis summary: ${link_start}${indexHtmlUrl}${link_end}" + currentReportsMsgLog="Browse current reports: ${link_start}${currentDbReportsUrl}${link_end}" + if [ -n "${newReports}" ]; then + referenceReportsMsgLog="Browse ${reference_kind} reports: ${link_start}${referenceDbReportsUrl}${link_end}" + fi + case ${ci} in + github) + cat "${summaryTxt}" >"${GITHUB_STEP_SUMMARY}" + ;; + gitlab) + open_section ECLAIR_summary "ECLAIR analysis summary" "" + # Generate summary and print it (GitLab-specific) + cat <&2 + exit 1 + ;; + esac +} + +log_file() { + section_id=$1 + section_name=$2 + file=$3 + exit_code=$4 + if [ "${exit_code}" = 0 ]; then + collapsed=[collapsed=true] + else + collapsed= + fi + + case ${ci} in + github | jenkins) + echo "${section_name}" + ;; + gitlab) + open_section "${section_id}" "${section_name}" "${collapsed}" + ;; + *) + echo "Unexpected CI/CD context" >&2 + exit 1 + ;; + esac + + cat "${file}" + + case ${ci} in + github | jenkins) ;; + gitlab) + close_section "${section_id}" + ;; + *) ;; + esac +} + +maybe_log_file_exit() { + section_id=$1 + section_name=$2 + file=$3 + exit_code=$4 + + case ${ci} in + github | jenkins) + echo "${section_name}" + ;; + gitlab) + open_section "${section_id}" "${section_name}" "" + ;; + *) + echo "Unexpected CI/CD context" >&2 + exit 1 + ;; + esac + + if [ "${exit_code}" != 0 ]; then + cat "${file}" + fi + + case ${ci} in + github | jenkins) ;; + gitlab) + close_section "${section_id}" + ;; + *) ;; + esac + return "${exit_code}" +} + +is_enabled() { + case "$1" in + true | TRUE | y | Y | yes | YES | 1) + return 0 + ;; + *) + return 1 + ;; + esac +} diff --git a/src/xen/automation/eclair_analysis/ECLAIR/action.settings b/src/xen/automation/eclair_analysis/ECLAIR/action.settings new file mode 100644 index 0000000000000000000000000000000000000000..3cba1a3afb9c164b590fac5be644e3b12c795e03 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/action.settings @@ -0,0 +1,180 @@ +variantSubDir= +variantHeadline= +if [ -n "${VARIANT:-}" ]; then + variantSubDir="/${VARIANT}" + variantHeadline=" [${VARIANT}]" +fi + +# AUTO PR Feature +# If the following variables are defined, then all pipelines +# of other branches will be considered pull-requests to +# autoPRBranch. +# Customized +autoPRRepository="${AUTO_PR_REPOSITORY:-}" +# Customized +autoPRBranch="${AUTO_PR_BRANCH:-}" + +# Customized +artifactsRoot=/var/local/eclair + +case "${ci}" in +github) + # To be customized + repository="${GITHUB_REPOSITORY}" + jobId="${GITHUB_RUN_NUMBER}" + + autoPRRemoteUrl="${GITHUB_SERVER_URL}/${autoPRRepository:-}.git" + + case "${GITHUB_EVENT_NAME}" in + pull_request*) + event=pull_request + pullRequestId="${GITHUB_EVENT_PULL_REQUEST_NUMBER}" + pullRequestHeadRepo="${PR_HEAD_REPO}" + pullRequestHeadRef="${PR_HEAD_REF}" + pullRequestBaseRef="${PR_BASE_REF}" + pullRequestUser="${PR_USER}" + # baseCommitId and headCommitId are the most recent merge points without conflicts + git fetch -q --deepen=2 + baseCommitId=$(git show -s --pretty=%H HEAD^1) + headCommitId=$(git show -s --pretty=%H HEAD^2) + ;; + push | workflow_dispatch) + event=push + # Extract the branch name from "refs/heads/" + ref="${GITHUB_REF#refs/heads/}" + headCommitId="${GITHUB_SHA}" + pushUser="${GITHUB_ACTOR}" + ;; + *) + echo "Unexpected GITHUB_REF ${GITHUB_REF}" >&2 + exit 1 + ;; + esac + ;; +gitlab) + # Customized + repository="${CI_PROJECT_PATH}" + jobId="${CI_JOB_ID}" + + gitlabApiUrl="${CI_SERVER_PROTOCOL}://${CI_SERVER_HOST}:${CI_SERVER_PORT}/api/v4" + autoPRRemoteUrl="${CI_SERVER_PROTOCOL}://${CI_SERVER_HOST}:${CI_SERVER_PORT}/${autoPRRepository:-}.git" + + # Customized + gitlabBotToken="${ECLAIR_BOT_TOKEN:-}" + + case "${CI_PIPELINE_SOURCE}" in + merge_request_event) + event=pull_request + pullRequestId="${CI_MERGE_REQUEST_IID}" + pullRequestHeadRef="${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}" + pullRequestHeadRepo="${CI_MERGE_REQUEST_SOURCE_PROJECT_PATH}" + pullRequestBaseRef="${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}" + pullRequestUser="${GITLAB_USER_LOGIN}" + headCommitId="${CI_COMMIT_SHA}" + baseCommitId="${CI_MERGE_REQUEST_DIFF_BASE_SHA}" + ;; + push | pipeline | web | schedule) + event=push + if [ -n "${CI_COMMIT_BRANCH:-}" ]; then + ref_kind=branch + ref="${CI_COMMIT_BRANCH}" + else + ref_kind=tag + ref="${CI_COMMIT_TAG}" + fi + headCommitId="${CI_COMMIT_SHA}" + pushUser="${GITLAB_USER_NAME}" + ;; + *) + echo "Unexpected event ${CI_PIPELINE_SOURCE}" >&2 + exit 1 + ;; + esac + ;; +jenkins) + # To be customized + repository="${JOB_BASE_NAME}" + project="${JOB_NAME}" + jobId="${BUILD_NUMBER}" + + jenkinsApiUrl="${JENKINS_URL}" + autoPRRemoteUrl="${JENKINS_URL}/${autoPRRepository:-}.git" + + # To be customized + jenkinsBotUsername="${ECLAIR_BOT_USERNAME:-}" + jenkinsBotToken="${ECLAIR_BOT_TOKEN:-}" + + event=push + ref="${GIT_BRANCH}" + headCommitId="${GIT_COMMIT}" + pushUser=$(git show --pretty='format:%aN' -s) + ;; +*) + echo "Unexpected CI/CD context" >&2 + exit 1 + ;; +esac + +if [ "${event}" = "push" ] && [ -n "${autoPRBranch:-}" ]; then + # AUTO PR Feature enabled + if ! [ "${ref}" = "${autoPRBranch}" ] || + ! [ "${repository}" = "${autoPRRepository}" ]; then + event=auto_pull_request + fi +fi + +case "${event}" in +pull_request) + subDir="${pullRequestHeadRepo}.ecdf/${pullRequestBaseRef}" + jobHeadline="ECLAIR ${ANALYSIS_KIND} on repository ${repository}: ${pullRequestUser} wants to merge ${pullRequestHeadRepo}:${pullRequestHeadRef} (${headCommitId}) into ${pullRequestBaseRef} (${baseCommitId})" + ;; +push) + subDir="${ref}" + jobHeadline="ECLAIR ${ANALYSIS_KIND} on repository ${repository}: ${ref_kind} ${ref} (${headCommitId})" + badgeLabel="ECLAIR ${ANALYSIS_KIND} ${ref}${variantHeadline} #${jobId}" + ;; +auto_pull_request) + git remote remove autoPRRemote 2>/dev/null || true + git remote add autoPRRemote "${autoPRRemoteUrl}" + git fetch -q autoPRRemote + subDir="${ref}" + if ! baseCommitId=$(git merge-base "autoPRRemote/${autoPRBranch}" HEAD); then + baseCommitId=no_merge_point + fi + jobHeadline="ECLAIR ${ANALYSIS_KIND} on repository ${repository}: ${pushUser} wants to merge ${repository}:${ref} (${headCommitId}) into ${autoPRRepository}/${autoPRBranch} (${baseCommitId})" + ;; +*) + echo "Unexpected event ${event}" >&2 + exit 1 + ;; +esac + +case "${repository}" in +xen-project/xen) + # Customized + keepOldAnalyses=0 + ;; +xen-project/*) + # Customized + keepOldAnalyses=10 + ;; +*) + echo "Unexpected repository" >&2 + exit 1 + ;; +esac + +ECLAIR_BIN_DIR=/opt/bugseng/eclair/bin/ + +artifactsDir="${artifactsRoot}/xen-project.ecdf/${repository}/ECLAIR_${ANALYSIS_KIND}" +subDir="${subDir}${variantSubDir}" +jobHeadline="${jobHeadline}${variantHeadline}" + +# Customized +eclairReportUrlPrefix=https://saas.eclairit.com:3787 + +jobDir="${artifactsDir}/${subDir}/${jobId}" +updateLog="${analysisOutputDir}/update.log" +commentLog="${analysisOutputDir}/comment.json" +indexHtmlUrl="${eclairReportUrlPrefix}/fs${jobDir}/index.html" +summaryTxt="${analysisOutputDir}/summary.txt" diff --git a/src/xen/automation/eclair_analysis/ECLAIR/action_clean_added.sh b/src/xen/automation/eclair_analysis/ECLAIR/action_clean_added.sh new file mode 100755 index 0000000000000000000000000000000000000000..59bc35fd133e6d152f721e1c72d018d761de761a --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/action_clean_added.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +set -eu + +usage() { + echo "Usage: $0 ANALYSIS_OUTPUT_DIR" >&2 + exit 2 +} + +[ $# -eq 1 ] || usage + +analysisOutputDir=$1 + +cleanAddedTxt="${analysisOutputDir}/clean_added.log" + +# Load settings and helpers +. "$(dirname "$0")/action.helpers" +. "$(dirname "$0")/action.settings" + +unexpectedReports=$("${ECLAIR_BIN_DIR}eclair_report" \ + "-db='${analysisOutputDir}/PROJECT.ecd'" \ + "-sel_unfixed=unfixed" \ + "-sel_tag_glob=clean_added,clean,added" \ + "-print='',reports_count()") + +if [ "${unexpectedReports}" -gt 0 ]; then + cat <"${cleanAddedTxt}" +Failure: ${unexpectedReports} unexpected reports found. +Unexpected reports are tagged 'clean:added'. +EOF + exit 1 +else + cat <"${cleanAddedTxt}" +Success: No unexpected reports. +EOF +fi diff --git a/src/xen/automation/eclair_analysis/ECLAIR/action_log.sh b/src/xen/automation/eclair_analysis/ECLAIR/action_log.sh new file mode 100755 index 0000000000000000000000000000000000000000..67125b08f3515ab9558c293293641ff8f60312c6 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/action_log.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -eu + +usage() { + echo "Usage: $0 SECTION_ID SECTION_NAME FILE EXIT_CODE" >&2 + exit 2 +} + +[ $# -eq 4 ] || usage + +# Load settings and helpers +. "$(dirname "$0")/action.helpers" + +log_file "$@" diff --git a/src/xen/automation/eclair_analysis/ECLAIR/action_pull_request.sh b/src/xen/automation/eclair_analysis/ECLAIR/action_pull_request.sh new file mode 100644 index 0000000000000000000000000000000000000000..68f7e6282eefdaa9c24bbfbb0a2f29a51ceb7ce0 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/action_pull_request.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +set -eu + +usage() { + echo "Usage: $0 WTOKEN ANALYSIS_OUTPUT_DIR COMMIT_ID" >&2 + exit 2 +} + +[ $# -eq 2 ] || usage + +wtoken=$1 +analysisOutputDir=$2 + +# Load settings and helpers +. "$(dirname "$0")/action.helpers" +. "$(dirname "$0")/action.settings" + +curl -sS "${eclairReportUrlPrefix}/ext/update_pull_request" \ + -F "wtoken=${wtoken}" \ + -F "artifactsDir=${artifactsDir}" \ + -F "subDir=${subDir}" \ + -F "jobId=${jobId}" \ + -F "jobHeadline=${jobHeadline}" \ + -F "baseCommitId=${baseCommitId}" \ + -F "keepOldAnalyses=${keepOldAnalyses}" \ + -F "db=@${analysisOutputDir}/PROJECT.ecd" \ + >"${updateLog}" +ex=0 +grep -Fq "unfixedReports: " "${updateLog}" || ex=$? +maybe_log_file_exit PUBLISH_RESULT "Publishing results" "${updateLog}" "${ex}" + +summary + +if is_enabled "${ENABLE_ECLAIR_BOT:-}"; then + case ${ci} in + github) + ex=0 + gh api \ + --method POST \ + "/repos/${repository}/issues/${pullRequestId}/comments" \ + -F "body=@${summaryTxt}" \ + --silent >"${commentLog}" 2>&1 || ex=$? + maybe_log_file_exit ADD_COMMENT "Adding comment" "${commentLog}" "${ex}" + ;; + gitlab) + curl -sS --request POST \ + "${gitlabApiUrl}/projects/${CI_PROJECT_ID}/merge_requests/${pullRequestId}/notes" \ + -H "PRIVATE-TOKEN: ${gitlabBotToken}" \ + -F "body=<${summaryTxt}" >"${commentLog}" + ex=0 + grep -Fq "Unfixed reports: " "${commentLog}" || ex=$? + maybe_log_file_exit ADD_COMMENT "Adding comment" "${commentLog}" "${ex}" + ;; + *) ;; + esac +fi diff --git a/src/xen/automation/eclair_analysis/ECLAIR/action_push.sh b/src/xen/automation/eclair_analysis/ECLAIR/action_push.sh new file mode 100755 index 0000000000000000000000000000000000000000..45215fbf005b951cd9a355d3f4504f4d29d52526 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/action_push.sh @@ -0,0 +1,95 @@ +#!/bin/sh + +set -eu + +usage() { + echo "Usage: $0 WTOKEN ANALYSIS_OUTPUT_DIR" >&2 + exit 2 +} + +[ $# -eq 2 ] || usage + +wtoken=$1 +analysisOutputDir=$2 + +# Load settings and helpers +. "$(dirname "$0")/action.helpers" +. "$(dirname "$0")/action.settings" + +case "${event}" in +push) + curl -sS "${eclairReportUrlPrefix}/ext/update_push" \ + -F "wtoken=${wtoken}" \ + -F "artifactsDir=${artifactsDir}" \ + -F "subDir=${subDir}" \ + -F "jobId=${jobId}" \ + -F "jobHeadline=${jobHeadline}" \ + -F "commitId=${headCommitId}" \ + -F "badgeLabel=${badgeLabel}" \ + -F "keepOldAnalyses=${keepOldAnalyses}" \ + -F "db=@${analysisOutputDir}/PROJECT.ecd" \ + >"${updateLog}" + ;; +auto_pull_request) + curl -sS "${eclairReportUrlPrefix}/ext/update_pull_request" \ + -F "wtoken=${wtoken}" \ + -F "artifactsDir=${artifactsDir}" \ + -F "subDir=${subDir}" \ + -F "jobId=${jobId}" \ + -F "jobHeadline=${jobHeadline}" \ + -F "baseCommitId=${baseCommitId}" \ + -F "keepOldAnalyses=${keepOldAnalyses}" \ + -F "db=@${analysisOutputDir}/PROJECT.ecd" \ + >"${updateLog}" + ;; +*) + echo "Unexpected event ${event}" >&2 + exit 1 + ;; +esac + +ex=0 +grep -Fq "unfixedReports: " "${updateLog}" || ex=$? +maybe_log_file_exit PUBLISH_RESULT "Publishing results" "${updateLog}" "${ex}" + +summary + +if is_enabled "${ENABLE_ECLAIR_BOT:-}"; then + case ${ci} in + github) + ex=0 + gh api \ + --method POST \ + "/repos/${repository}/commits/${headCommitId}/comments" \ + -F "body=@${summaryTxt}" \ + --silent >"${commentLog}" 2>&1 || ex=$? + maybe_log_file_exit ADD_COMMENT "Adding comment" "${commentLog}" "${ex}" + ;; + gitlab) + curl -sS --request POST \ + "${gitlabApiUrl}/projects/${CI_PROJECT_ID}/repository/commits/${CI_COMMIT_SHA}/comments" \ + -H "PRIVATE-TOKEN: ${gitlabBotToken}" \ + -F "note=<${summaryTxt}" >"${commentLog}" + ex=0 + grep -Fq "Unfixed reports: " "${commentLog}" || ex=$? + maybe_log_file_exit ADD_COMMENT "Adding comment" "${commentLog}" "${ex}" + ;; + jenkins) + ex=0 + curl \ + --user "${jenkinsBotUsername}:${jenkinsBotToken}" \ + --data-urlencode "description=$(cat "${summaryTxt}")" \ + --data-urlencode "Submit=Submit" \ + "${jenkinsApiUrl}job/${project}/${jobId}/submitDescription" \ + >"${commentLog}" 2>&1 || ex=$? + curl \ + --user "${jenkinsBotUsername}:${jenkinsBotToken}" \ + --data-urlencode "description=$(cat "${summaryTxt}")" \ + --data-urlencode "Submit=Submit" \ + "${jenkinsApiUrl}job/${project}/submitDescription" \ + >"${commentLog}" 2>&1 || ex=$? + maybe_log_file_exit ADD_COMMENT "Adding comment" "${commentLog}" "${ex}" + ;; + *) ;; + esac +fi diff --git a/src/xen/automation/eclair_analysis/ECLAIR/action_upload_sarif.sh b/src/xen/automation/eclair_analysis/ECLAIR/action_upload_sarif.sh new file mode 100755 index 0000000000000000000000000000000000000000..60b8034fcc00e5f666df408546b56d18a3adf1b9 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/action_upload_sarif.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +set -eu + +usage() { + echo "Usage: $0 SARIF_FILE" >&2 + exit 2 +} + +[ $# -eq 1 ] || usage + +HERE=$( ( + cd "$(dirname "$0")" + echo "${PWD}" +)) + +. "${HERE}/action.helpers" + +sarifFile=$1 +sarifPayload=${HERE}/sarif.gz.b64 +uploadLog=${HERE}/upload_sarif.log + +gzip -c "${sarifFile}" | base64 -w0 >"${sarifPayload}" + +ex=0 +gh api --method POST -H "Accept: application/vnd.github+json" \ + "/repos/${GITHUB_REPOSITORY}/code-scanning/sarifs" \ + -f "commit_sha=${GITHUB_SHA}" -f "ref=${GITHUB_REF}" \ + -F "sarif=@${sarifPayload}" \ + --silent >"${uploadLog}" 2>&1 || ex=$? +maybe_log_file_exit ADD_COMMENT "Uploading SARIF" "${uploadLog}" "${ex}" diff --git a/src/xen/automation/eclair_analysis/ECLAIR/adopted.sh b/src/xen/automation/eclair_analysis/ECLAIR/adopted.sh new file mode 100755 index 0000000000000000000000000000000000000000..9adbc4e58218a0ee5552c09122ff051937974c07 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/adopted.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# Generates the adopted.ecl file + +set -eu + +script_name="$(basename "$0")" +script_dir="$( + cd "$(dirname "$0")" + echo "${PWD}" +)" + +fatal() { + echo "${script_name}: $*" >&2 + exit 1 +} + +usage() { + fatal "Usage: ${script_name}" +} + +exclude_list=$1 +outfile=${script_dir}/adopted.ecl + +( + echo "-doc_begin=\"Adopted files.\"" >"${outfile}" + sed -n -E -e 's|^\s+"rel_path":\s+"([^"]*).*$|-file_tag+={adopted,"^xen/\1$"}|p' "${exclude_list}" | + sed -E -e 's|\.([ch])|\\\\.\1|g' -e 's|\*|.*|g' >>"${outfile}" + printf "%s\n" "-doc_end" >>"${outfile}" +) diff --git a/src/xen/automation/eclair_analysis/ECLAIR/analysis.ecl b/src/xen/automation/eclair_analysis/ECLAIR/analysis.ecl new file mode 100644 index 0000000000000000000000000000000000000000..a604582da335ae3b1050d74d40bd028d37a3683d --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/analysis.ecl @@ -0,0 +1,36 @@ +-setq=set,getenv("SET") +-project_name=getenv("ECLAIR_PROJECT_NAME") +-project_root=getenv("ECLAIR_PROJECT_ROOT") + +setq(data_dir,getenv("ECLAIR_DATA_DIR")) +setq(analysis_kind,getenv("ANALYSIS_KIND")) +setq(scheduled_analysis,nil) + +strings_map("scheduled-analysis",500,"","^.*scheduled$",0,setq(scheduled_analysis,t)) +strings_map("scheduled-analysis",500,"","^.*$",0) +map_strings("scheduled-analysis",analysis_kind) + +-verbose + +-enable=B.REPORT.ECB +-config=B.REPORT.ECB,output=join_paths(data_dir,"FRAME.@FRAME@.ecb") +-config=B.REPORT.ECB,preprocessed=show +-config=B.REPORT.ECB,macros=10 + +-enable=B.EXPLAIN + +-eval_file=toolchain.ecl +-eval_file=public_APIs.ecl +if(not(scheduled_analysis), + eval_file("adopted.ecl") +) +if(not(scheduled_analysis), + eval_file("out_of_scope.ecl") +) +-eval_file=deviations.ecl +-eval_file=call_properties.ecl +-eval_file=tagging.ecl +-eval_file=concat(set,".ecl") + +-doc="Hide reports in external code." +-reports+={hide,all_exp_external} diff --git a/src/xen/automation/eclair_analysis/ECLAIR/analyze.sh b/src/xen/automation/eclair_analysis/ECLAIR/analyze.sh new file mode 100755 index 0000000000000000000000000000000000000000..a127e7aaed2d6a4b327149f4c8835e367ed34723 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/analyze.sh @@ -0,0 +1,109 @@ +#!/bin/bash +# Stop immediately if any executed command has exit status different from 0. +set -e +set -o pipefail + +script_name="$(basename "$0")" + +fatal() { + echo "${script_name}: $*" >&2 + exit 1 +} + +usage() { + fatal "Usage: ${script_name} " +} + +if [[ $# -ne 2 ]]; then + usage +fi + +# Absolute path of the ECLAIR bin directory. +export ECLAIR_BIN_DIR=/opt/bugseng/eclair/bin/ + +# Directory where this script resides: usually in a directory named "ECLAIR". +SCRIPT_DIR="$( + cd "$(dirname "$0")" + echo "${PWD}" +)" +# Directory where to put all ECLAIR output and temporary files. +if [[ -z "${ECLAIR_OUTPUT_DIR:-}" ]]; then + ECLAIR_OUTPUT_DIR="${PWD}/ECLAIR/out" +fi + +export ECLAIR_DIAGNOSTICS_OUTPUT="${ECLAIR_OUTPUT_DIR}/ANALYSIS.log" +# Set the variable for the build log file. +ECLAIR_BUILD_LOG=${ECLAIR_OUTPUT_DIR}/BUILD.log +# Set the variable for the report log file. +ECLAIR_REPORT_LOG=${ECLAIR_OUTPUT_DIR}/REPORT.log + +if [[ "$1" = "X86_64" ]]; then + export CROSS_COMPILE= + export XEN_TARGET_ARCH=x86_64 + EXTRA_ECLAIR_ENV_OPTIONS=-disable=MC3R1.R20.7 +elif [[ "$1" = "ARM64" ]]; then + export CROSS_COMPILE=aarch64-linux-gnu- + export XEN_TARGET_ARCH=arm64 +else + fatal "Unknown configuration: $1" +fi + +VARIANT="${XEN_TARGET_ARCH}" + +# Used in analysis.ecl +case "$2" in +Set0|Set1|Set2|Set3) + export SET="$2" + ;; +*) + fatal "Unknown configuration: $2" + ;; +esac + +export CC_ALIASES="${CROSS_COMPILE}gcc-12" +export CXX_ALIASES="${CROSS_COMPILE}g++-12" +export LD_ALIASES="${CROSS_COMPILE}ld" +export AR_ALIASES="${CROSS_COMPILE}ar" +export AS_ALIASES="${CROSS_COMPILE}as" +export FILEMANIP_ALIASES="cp mv ${CROSS_COMPILE}objcopy" + +# ECLAIR binary data directory and workspace. +export ECLAIR_DATA_DIR="${ECLAIR_OUTPUT_DIR}/.data" +# ECLAIR workspace. +export ECLAIR_WORKSPACE="${ECLAIR_DATA_DIR}/eclair_workspace" + +# Identifies the particular build of the project. +export ECLAIR_PROJECT_NAME="XEN_${VARIANT}-${SET}" +# All paths mentioned in ECLAIR reports that are below this directory +# will be presented as relative to ECLAIR_PROJECT_ROOT. +export ECLAIR_PROJECT_ROOT="${PWD}" + +# Erase and recreate the output directory and the data directory. +rm -rf "${ECLAIR_OUTPUT_DIR:?}/*" +mkdir -p "${ECLAIR_DATA_DIR}" + +# Generate additional configuration files +"${SCRIPT_DIR}/generate_ecl.sh" + +# Perform the build (from scratch) in an ECLAIR environment. +"${ECLAIR_BIN_DIR}eclair_env" \ + "-config_file='${SCRIPT_DIR}/analysis.ecl'" \ + "${EXTRA_ECLAIR_ENV_OPTIONS}" \ + -- "${SCRIPT_DIR}/../build.sh" "$1" | tee "${ECLAIR_BUILD_LOG}" + + +# Create the project database. +PROJECT_ECD="${ECLAIR_OUTPUT_DIR}/PROJECT.ecd" +find "${ECLAIR_DATA_DIR}" -maxdepth 1 -name "FRAME.*.ecb" | + sort | xargs cat | + "${ECLAIR_BIN_DIR}eclair_report" \ + "-create_db='${PROJECT_ECD}'" \ + -load=/dev/stdin > "${ECLAIR_REPORT_LOG}" 2>&1 + +# Create the Jenkins reports file. +"${ECLAIR_BIN_DIR}eclair_report" \ + "-db='${PROJECT_ECD}'" \ + "-eval_file='${SCRIPT_DIR}/report.ecl'" \ + >> "${ECLAIR_REPORT_LOG}" 2>&1 + +"${SCRIPT_DIR}/print_analyzed_files.sh" "${PROJECT_ECD}" "${ECLAIR_OUTPUT_DIR}" diff --git a/src/xen/automation/eclair_analysis/ECLAIR/call_properties.ecl b/src/xen/automation/eclair_analysis/ECLAIR/call_properties.ecl new file mode 100644 index 0000000000000000000000000000000000000000..c2b2a6182eb351a9f2a6fbe4ce8f1bf155d153d4 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/call_properties.ecl @@ -0,0 +1,128 @@ + +-call_properties+={"name(printk)", {"pointee_write(1..=never)", "taken()"}} +-call_properties+={"name(debugtrace_printk)", {"pointee_write(1..=never)", "taken()"}} +-call_properties+={"name(panic)", {"pointee_write(1..=never)", "taken()"}} +-call_properties+={"macro(^domain_crash$)", {"pointee_write(2..=never)", "taken()"}} +-call_properties+={"macro(^(g?d|mm_)?printk$)", {"pointee_write(2..=never)", "taken()"}} +-call_properties+={"macro(^guest_bug_on_failed$)", {"pointee_write(1=never)", "taken()"}} +-call_properties+={"macro(^spin_lock_init_prof$)", {"pointee_write(2=never)", "taken()"}} +-call_properties+={"macro(^sched_test_func$)", {"pointee_write(1..=never)", "taken()"}} +-call_properties+={"macro(^dev_(info|warn)$)", {"pointee_write(1..=never)", "taken()"}} +-call_properties+={"macro(^PAGING_DEBUG$)", {"pointee_write(1..=never)", "taken()"}} +-call_properties+={"macro(^ACPI_(WARNING|ERROR|INFO)$)", {"pointee_write(1..=never)", "taken()"}} +-call_properties+={"name(fdt_get_property_by_offset_)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(read_atomic_size)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(device_tree_get_reg)", {"pointee_write(4..=always)", "pointee_read(4..=never)", "taken()"}} +-call_properties+={"name(dt_get_range)", {"pointee_write(3..=always)", "pointee_read(3..=never)", "taken()"}} +-call_properties+={"name(parse_static_mem_prop)", {"pointee_write(2..=always)", "pointee_read(2..=never)", "taken()"}} +-call_properties+={"name(get_ttbr_and_gran_64bit)", {"pointee_write(1..2=always)", "pointee_read(1..2=never)", "taken()"}} +-call_properties+={"name(hvm_emulate_init_once)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(__vmread)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(hvm_pci_decode_addr)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(vpci_mmcfg_decode_addr)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(x86emul_decode)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(unmap_grant_ref)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(arm_smmu_cmdq_build_cmd)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(pci_size_mem_bar)", {"pointee_write(4=always)", "pointee_read(4=never)", "taken()"}} +-call_properties+={"name(_hvm_read_entry)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(hvm_map_guest_frame_rw)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(guest_cpuid)", {"pointee_write(4=always)", "pointee_read(4=never)", "taken()"}} +-call_properties+={"name(epte_get_entry_emt)", {"pointee_write(5=always)", "pointee_read(5=never)", "taken()"}} +-call_properties+={"name(mcheck_mca_logout)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(set_field_in_reg_u32)", {"pointee_write(5=always)", "pointee_read(5=never)", "taken()"}} +-call_properties+={"name(alloc_affinity_masks)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(xasprintf)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(find_non_smt)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(call_rcu)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(getdomaininfo)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"^MAPPING_(INSERT|SEARCH)\\(.*$", {"pointee_write(2..=always)", "pointee_read(2..=never)", "taken()"}} +-call_properties+={"name(FormatDec)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(FormatHex)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(p2m_get_ioreq_server)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(elf_memset_unchecked)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(set_iommu_pte_present)", {"pointee_write(7=always)", "pointee_read(7=never)", "taken()"}} +-call_properties+={"name(clear_iommu_pte_present)", {"pointee_write(4=always)", "pointee_read(4=never)", "taken()"}} +-call_properties+={"name(vcpu_runstate_get)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(va_start)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(sgi_target_init)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(get_hw_residencies)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(x86_cpu_policy_to_featureset)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"^simple_strtou?ll?\\(.*$", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(msi_compose_msg)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(print_tainted)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(get_hvm_registers)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(x86_insn_modrm)", {"pointee_write(2..3=always)", "pointee_read(2..3=never)", "taken()"}} +-call_properties+={"name(cpuid_count_leaf)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-call_properties+={"name(rcu_lock_remote_domain_by_id)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(cpuid_count)", {"pointee_write(3..=always)", "pointee_read(3..=never)", "taken()"}} +-call_properties+={"name(efi_boot_mem_unused)", {"pointee_write(1..=always)", "pointee_read(1..=never)", "taken()"}} +-call_properties+={"name(collect_time_info)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-call_properties+={"name(setup_xstate_comp)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"name(map_domain_gfn)", {"pointee_read(5=never)", "taken()"}} +-call_properties+={"name(fdt_getprop)", {"pointee_read(4=never)", "taken()"}} +-call_properties+={"name(fdt_get_name)", {"pointee_read(3=never)", "taken()"}} +-call_properties+={"name(fdt_get_property)", {"pointee_read(4=never)", "taken()"}} +-call_properties+={"name(pci_get_host_bridge_segment)", {"pointee_read(2=never)", "taken()"}} +-call_properties+={"name(dt_get_property)", {"pointee_read(3=never)", "taken()"}} +-call_properties+={"name(dt_property_read_u32)", {"pointee_read(3=never)", "taken()"}} +-call_properties+={"name(dt_device_get_paddr)", {"pointee_read(3..4=never)", "taken()"}} +-call_properties+={"name(get_evtchn_dt_property)", {"pointee_write(2..3=maybe)", "pointee_read(2..3=never)", "taken()"}} +-call_properties+={"name(setup_chosen_node)", {"pointee_write(2..3=maybe)", "pointee_read(2..3=never)", "taken()"}} +-call_properties+={"name(queue_remove_raw)", {"pointee_read(2=never)", "taken()"}} +-call_properties+={"macro(^memset$)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"macro(^va_start$)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"macro(^memcmp$)", {"pointee_write(1..2=never)", "taken()"}} +-call_properties+={"macro(^memcpy$)", {"pointee_write(1=always&&2..=never)", "pointee_read(1=never&&2..=always)", "taken()"}} +-call_properties+={"name(get_cpu_info)",{pure}} +-call_properties+={"name(pdx_to_pfn)",{pure}} +-call_properties+={"name(is_pci_passthrough_enabled)",{const}} +-call_properties+={"name(get_cycles)", {"noeffect"}} +-call_properties+={"name(msi_gflags)",{const}} +-call_properties+={"name(hvm_save_size)",{pure}} +-call_properties+={"name(cpu_has)",{pure}} +-call_properties+={"name(boot_cpu_has)",{pure}} +-call_properties+={"name(get_cpu_info)",{pure}} +-call_properties+={"name(put_pte_flags)",{const}} +-call_properties+={"name(is_pv_vcpu)",{pure}} + +-doc_begin="Property inferred as a consequence of the semantics of device_tree_get_reg" +-call_properties+={"name(acquire_static_memory_bank)", {"pointee_write(4..=always)", "pointee_read(4..=never)", "taken()"}} +-doc_end + +-doc_begin="Property inferred as a consequence of the semantics of dt_set_cell" +-call_properties+={"name(set_interrupt)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-doc_end + +-doc_begin="Property inferred as a consequence of the semantics of __p2m_get_mem_access" +-call_properties+={"name(p2m_get_mem_access)", {"pointee_write(3=always)", "pointee_read(3=never)", "taken()"}} +-doc_end + +-doc_begin="This function has alternative definitions with props {write=always,read=never} and {write=never,read=never}" +-call_properties+={"name(alloc_cpumask_var)", {"pointee_write(1=maybe)", "pointee_read(1=never)", "taken()"}} +-doc_end + +-doc_begin="Property inferred as a consequence of the semantics of alloc_cpumask_var" +-call_properties+={"name(xenctl_bitmap_to_cpumask)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-doc_end + +-doc_begin="The call to bitmap_and causes the pointee of dstp to be always written" +-call_properties+={"^cpumask_(and|andnot|clear|copy|complement).*$", {"pointee_write(1=always)", "pointee_read(1=never)" "taken()"}} +-call_properties+={"^bitmap_(andnot|complement|fill).*$", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-doc_end + +-doc_begin="The .*copy_(to|from).* helpers all have a memcpy-like expectation that the destination is a copy of the source. +Furthermore, their uses do initialize the involved variables as needed by futher uses in the caller." +-call_properties+={"macro(^(__)?(raw_)?copy_from_(paddr|guest|compat)(_offset)?$)", {"pointee_write(1=always)", "pointee_read(1=never)", "taken()"}} +-call_properties+={"macro(^(__)?copy_to_(guest|compat)(_offset)?$)", {"pointee_write(2=always)", "pointee_read(2=never)", "taken()"}} +-doc_end + +-doc_begin="Functions generated by build_atomic_read cannot be considered pure +since the input pointer is volatile, but they do not produce any persistent side +effect." +-call_properties+={"^read_u(8|16|32|64|int)_atomic.*$", {noeffect}} +-doc_end + +-doc_begin="Functions generated by TYPE_SAFE are const." +-call_properties+={"^(mfn|gfn|pfn)_x\\(.*$",{const}} +-call_properties+={"^_(mfn|gfn|pfn)\\(.*$",{const}} +-doc_end diff --git a/src/xen/automation/eclair_analysis/ECLAIR/deviations.ecl b/src/xen/automation/eclair_analysis/ECLAIR/deviations.ecl new file mode 100644 index 0000000000000000000000000000000000000000..fd32ff8a9cae4b045387ed048756362651b88623 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/deviations.ecl @@ -0,0 +1,415 @@ +### Set 1 ### + +# +# Series 2. +# + +-doc_begin="The compiler implementation guarantees that the unreachable code is removed. +Constant expressions and unreachable branches of if and switch statements are expected." +-config=MC3R1.R2.1,+reports={safe,"first_area(^.*has an invariantly.*$)"} +-config=MC3R1.R2.1,+reports={safe,"first_area(^.*incompatible with labeled statement$)"} +-doc_end + +-doc_begin="Some functions are intended to be not referenced." +-config=MC3R1.R2.1,+reports={deliberate,"first_area(^.*is never referenced$)"} +-doc_end + +-doc_begin="Unreachability caused by calls to the following functions or macros is deliberate and there is no risk of code being unexpectedly left out." +-config=MC3R1.R2.1,statements+={deliberate,"macro(name(BUG||assert_failed))"} +-config=MC3R1.R2.1,statements+={deliberate, "call(decl(name(__builtin_unreachable||panic||do_unexpected_trap||machine_halt||machine_restart||reboot_or_halt)))"} +-doc_end + +-doc_begin="Unreachability inside an ASSERT_UNREACHABLE() and analogous macro calls is deliberate and safe." +-config=MC3R1.R2.1,reports+={deliberate, "any_area(any_loc(any_exp(macro(name(ASSERT_UNREACHABLE||PARSE_ERR_RET||PARSE_ERR||FAIL_MSR||FAIL_CPUID)))))"} +-doc_end + +-doc_begin="Pure declarations (i.e., declarations without initialization) are +not executable, and therefore it is safe for them to be unreachable." +-config=MC3R1.R2.1,ignored_stmts+={"any()", "pure_decl()"} +-doc_end + +-doc_begin="The following autogenerated file is not linked deliberately." +-file_tag+={C_runtime_failures,"^automation/eclair_analysis/C-runtime-failures\\.rst\\.c$"} +-config=MC3R1.R2.1,reports+={deliberate, "any_area(any_loc(file(C_runtime_failures)))"} +-doc_end + +-doc_begin="Proving compliance with respect to Rule 2.2 is generally impossible: +see https://arxiv.org/abs/2212.13933 for details. Moreover, peer review gives us +confidence that no evidence of errors in the program's logic has been missed due +to undetected violations of Rule 2.2, if any. Testing on time behavior gives us +confidence on the fact that, should the program contain dead code that is not +removed by the compiler, the resulting slowdown is negligible." +-config=MC3R1.R2.2,reports+={disapplied,"any()"} +-doc_end + +-doc_begin="Some labels are unused in certain build configurations, or are deliberately marked as unused, so that the compiler is entitled to remove them." +-config=MC3R1.R2.6,reports+={deliberate, "any_area(text(^.*__maybe_unused.*$))"} +-doc_end + +# +# Series 3. +# + +-doc_begin="Comments starting with '/*' and containing hyperlinks are safe as +they are not instances of commented-out code." +-config=MC3R1.R3.1,reports+={safe, "first_area(text(^.*https?://.*$))"} +-doc_end + +# +# Series 4. +# + +-doc_begin="The directive has been accepted only for the ARM codebase." +-config=MC3R1.D4.3,reports+={disapplied,"!(any_area(any_loc(file(^xen/arch/arm/arm64/.*$))))"} +-doc_end + +-doc_begin="This header file is autogenerated or empty, therefore it poses no +risk if included more than once." +-file_tag+={empty_header, "^xen/arch/arm/efi/runtime\\.h$"} +-file_tag+={autogen_headers, "^xen/include/xen/compile\\.h$||^xen/include/generated/autoconf.h$||^xen/include/xen/hypercall-defs.h$"} +-config=MC3R1.D4.10,reports+={safe, "all_area(all_loc(file(empty_header||autogen_headers)))"} +-doc_end + +-doc_begin="Files that are intended to be included more than once do not need to +conform to the directive." +-config=MC3R1.D4.10,reports+={safe, "first_area(text(^/\\* This file is legitimately included multiple times\\. \\*/$, begin-4))"} +-config=MC3R1.D4.10,reports+={safe, "first_area(text(^/\\* Generated file, do not edit! \\*/$, begin-3))"} +-doc_end + +# +# Series 5. +# + +-doc_begin="The project adopted the rule with an exception listed in +'docs/misra/rules.rst'" +-config=MC3R1.R5.3,reports+={safe, "any_area(any_loc(any_exp(macro(^READ_SYSREG$))&&any_exp(macro(^WRITE_SYSREG$))))"} +-config=MC3R1.R5.3,reports+={safe, "any_area(any_loc(any_exp(macro(^max(_t)?$))&&any_exp(macro(^min(_t)?$))))"} +-config=MC3R1.R5.3,reports+={safe, "any_area(any_loc(any_exp(macro(^read[bwlq]$))&&any_exp(macro(^read[bwlq]_relaxed$))))"} +-config=MC3R1.R5.3,reports+={safe, "any_area(any_loc(any_exp(macro(^per_cpu$))&&any_exp(macro(^this_cpu$))))"} +-config=MC3R1.R5.3,reports+={safe, "any_area(any_loc(any_exp(macro(^__emulate_2op$))&&any_exp(macro(^__emulate_2op_nobyte$))))"} +-config=MC3R1.R5.3,reports+={safe, "any_area(any_loc(any_exp(macro(^read_debugreg$))&&any_exp(macro(^write_debugreg$))))"} +-doc_end + +-doc_begin="The type \"ret_t\" is deliberately defined multiple times, +depending on the guest." +-config=MC3R1.R5.6,reports+={deliberate,"any_area(any_loc(text(^.*ret_t.*$)))"} +-doc_end + +-doc_begin="On X86, the types \"guest_intpte_t\", \"guest_l1e_t\" and +\"guest_l2e_t\" are deliberately defined multiple times, depending on the +number of guest paging levels." +-config=MC3R1.R5.6,reports+={deliberate,"any_area(any_loc(file(^xen/arch/x86/include/asm/guest_pt\\.h$)))&&any_area(any_loc(text(^.*(guest_intpte_t|guest_l[12]e_t).*$)))"} +-doc_end + +-doc_begin="The following files are imported from the gnu-efi package." +-file_tag+={adopted_r5_6,"^xen/include/efi/.*$"} +-file_tag+={adopted_r5_6,"^xen/arch/.*/include/asm/.*/efibind\\.h$"} +-config=MC3R1.R5.6,reports+={deliberate,"any_area(any_loc(file(adopted_r5_6)))"} +-doc_end + +# +# Series 7. +# + +-doc_begin="It is safe to use certain octal constants the way they are defined +in specifications, manuals, and algorithm descriptions." +-config=MC3R1.R7.1,reports+={safe, "any_area(any_loc(any_exp(text(^.*octal-ok.*$))))"} +-doc_end + +-doc_begin="Violations in files that maintainers have asked to not modify in the +context of R7.2." +-file_tag+={adopted_r7_2,"^xen/include/xen/libfdt/.*$"} +-file_tag+={adopted_r7_2,"^xen/arch/x86/include/asm/x86_64/efibind.h$"} +-file_tag+={adopted_r7_2,"^xen/include/efi/efiapi\\.h$"} +-file_tag+={adopted_r7_2,"^xen/include/efi/efidef\\.h$"} +-file_tag+={adopted_r7_2,"^xen/include/efi/efiprot\\.h$"} +-file_tag+={adopted_r7_2,"^xen/arch/x86/cpu/intel\\.c$"} +-file_tag+={adopted_r7_2,"^xen/arch/x86/cpu/amd\\.c$"} +-file_tag+={adopted_r7_2,"^xen/arch/x86/cpu/common\\.c$"} +-config=MC3R1.R7.2,reports+={deliberate,"any_area(any_loc(file(adopted_r7_2)))"} +-doc_end + +-doc_begin="Violations caused by __HYPERVISOR_VIRT_START are related to the +particular use of it done in xen_mk_ulong." +-config=MC3R1.R7.2,reports+={deliberate,"any_area(any_loc(macro(name(BUILD_BUG_ON))))"} +-doc_end + +-doc_begin="Allow pointers of non-character type as long as the pointee is +const-qualified." +-config=MC3R1.R7.4,same_pointee=false +-doc_end + +# +# Series 8. +# + +-doc_begin="The following file is imported from Linux: ignore for now." +-file_tag+={adopted_r8_2,"^xen/common/inflate\\.c$"} +-config=MC3R1.R8.2,reports+={deliberate,"any_area(any_loc(file(adopted_r8_2)))"} +-doc_end + +-doc_begin="The type ret_t is deliberately used and defined as int or long depending on the architecture." +-config=MC3R1.R8.3,reports+={deliberate,"any_area(any_loc(text(^.*ret_t.*$)))"} +-doc_end + +-doc_begin="The following files are imported from Linux and decompress.h defines a unique and documented interface towards all the (adopted) decompress functions." +-file_tag+={adopted_decompress_r8_3,"^xen/common/bunzip2\\.c$"} +-file_tag+={adopted_decompress_r8_3,"^xen/common/unlz4\\.c$"} +-file_tag+={adopted_decompress_r8_3,"^xen/common/unlzma\\.c$"} +-file_tag+={adopted_decompress_r8_3,"^xen/common/unlzo\\.c$"} +-file_tag+={adopted_decompress_r8_3,"^xen/common/unxz\\.c$"} +-file_tag+={adopted_decompress_r8_3,"^xen/common/unzstd\\.c$"} +-config=MC3R1.R8.3,reports+={deliberate,"any_area(any_loc(file(adopted_decompress_r8_3)))&&any_area(any_loc(file(^xen/include/xen/decompress\\.h$)))"} +-doc_end + +-doc_begin="The following file is imported from Linux: ignore for now." +-file_tag+={adopted_time_r8_3,"^xen/arch/x86/time\\.c$"} +-config=MC3R1.R8.3,reports+={deliberate,"any_area(any_loc(file(adopted_time_r8_3)))&&(any_area(any_loc(file(^xen/include/xen/time\\.h$)))||any_area(any_loc(file(^xen/arch/x86/include/asm/setup\\.h$))))"} +-doc_end + +-doc_begin="The following file is imported from Linux: ignore for now." +-file_tag+={adopted_cpu_idle_r8_3,"^xen/arch/x86/acpi/cpu_idle\\.c$"} +-config=MC3R1.R8.3,reports+={deliberate,"any_area(any_loc(file(adopted_cpu_idle_r8_3)))&&any_area(any_loc(file(^xen/include/xen/pmstat\\.h$)))"} +-doc_end + +-doc_begin="The following file is imported from Linux: ignore for now." +-file_tag+={adopted_mpparse_r8_3,"^xen/arch/x86/mpparse\\.c$"} +-config=MC3R1.R8.3,reports+={deliberate,"any_area(any_loc(file(adopted_mpparse_r8_3)))&&any_area(any_loc(file(^xen/arch/x86/include/asm/mpspec\\.h$)))"} +-doc_end + +-doc_begin="The definitions present in this file are meant to generate definitions for asm modules, and are not called by C code. Therefore the absence of prior declarations is safe." +-file_tag+={asm_offsets, "^xen/arch/(arm|x86)/(arm32|arm64|x86_64)/asm-offsets\\.c$"} +-config=MC3R1.R8.4,reports+={safe, "first_area(any_loc(file(asm_offsets)))"} +-doc_end + +-doc_begin="The functions defined in this file are meant to be called from gcc-generated code in a non-release build configuration. +Therefore the absence of prior declarations is safe." +-file_tag+={gcov, "^xen/common/coverage/gcov_base\\.c$"} +-config=MC3R1.R8.4,reports+={safe, "first_area(any_loc(file(gcov)))"} +-doc_end + +-doc_begin="Recognize the occurrence of current_stack_pointer as a declaration." +-file_tag+={asm_defns, "^xen/arch/x86/include/asm/asm_defns\\.h$"} +-config=MC3R1.R8.4,declarations+={safe, "loc(file(asm_defns))&&^current_stack_pointer$"} +-doc_end + +-doc_begin="asmlinkage is a marker to indicate that the function is only used to interface with asm modules." +-config=MC3R1.R8.4,declarations+={safe,"loc(text(^(?s).*asmlinkage.*$, -1..0))"} +-doc_end + +-doc_begin="The following variables are compiled in multiple translation units +belonging to different executables and therefore are safe." +-config=MC3R1.R8.6,declarations+={safe, "name(current_stack_pointer||bsearch||sort)"} +-doc_end + +-doc_begin="Declarations without definitions are allowed (specifically when the +definition is compiled-out or optimized-out by the compiler)" +-config=MC3R1.R8.6,reports+={deliberate, "first_area(^.*has no definition$)"} +-doc_end + +-doc_begin="The search procedure for Unix linkers is well defined, see ld(1) +manual: \"The linker will search an archive only once, at the location where it +is specified on the command line. If the archive defines a symbol which was +undefined in some object which appeared before the archive on the command line, +the linker will include the appropriate file(s) from the archive\". +In Xen, thanks to the order in which file names appear in the build commands, +if arch-specific definitions are present, they get always linked in before +searching in the lib.a archive resulting from xen/lib." +-config=MC3R1.R8.6,declarations+={deliberate, "loc(file(^xen/lib/.*$))"} +-doc_end + +-doc_begin="The gnu_inline attribute without static is deliberately allowed." +-config=MC3R1.R8.10,declarations+={deliberate,"property(gnu_inline)"} +-doc_end + +# +# Series 9. +# + +-doc_begin="Violations in files that maintainers have asked to not modify in the +context of R9.1." +-file_tag+={adopted_r9_1,"^xen/arch/arm/arm64/lib/find_next_bit\\.c$"} +-config=MC3R1.R9.1,reports+={deliberate,"any_area(any_loc(file(adopted_r9_1)))"} +-doc_end + +-doc_begin="The possibility of committing mistakes by specifying an explicit +dimension is higher than omitting the dimension." +-config=MC3R1.R9.5,reports+={deliberate, "any()"} +-doc_end + +### Set 2 ### + +# +# Series 10. +# + +-doc_begin="The value-preserving conversions of integer constants are safe" +-config=MC3R1.R10.1,etypes={safe,"any()","preserved_integer_constant()"} +-config=MC3R1.R10.3,etypes={safe,"any()","preserved_integer_constant()"} +-config=MC3R1.R10.4,etypes={safe,"any()","preserved_integer_constant()||sibling(rhs,preserved_integer_constant())"} +-doc_end + +-doc_begin="Shifting non-negative integers to the right is safe." +-config=MC3R1.R10.1,etypes+={safe, + "stmt(node(binary_operator)&&operator(shr))", + "src_expr(definitely_in(0..))"} +-doc_end + +-doc_begin="Shifting non-negative integers to the left is safe if the result is +still non-negative." +-config=MC3R1.R10.1,etypes+={safe, + "stmt(node(binary_operator)&&operator(shl)&&definitely_in(0..))", + "src_expr(definitely_in(0..))"} +-doc_end + +-doc_begin="Bitwise logical operations on non-negative integers are safe." +-config=MC3R1.R10.1,etypes+={safe, + "stmt(node(binary_operator)&&operator(and||or||xor))", + "src_expr(definitely_in(0..))"} +-doc_end + +-doc_begin="The implicit conversion to Boolean for logical operator arguments is well known to all Xen developers to be a comparison with 0" +-config=MC3R1.R10.1,etypes+={safe, "stmt(operator(logical)||node(conditional_operator||binary_conditional_operator))", "dst_type(ebool||boolean)"} +-doc_end + +-doc_begin="The macro ISOLATE_LSB encapsulates a well-known pattern to obtain +a mask where only the lowest bit set in the argument is set, if any, for unsigned +integers arguments on two's complement architectures +(all the architectures supported by Xen satisfy this requirement)." +-config=MC3R1.R10.1,reports+={safe, "any_area(any_loc(any_exp(macro(^ISOLATE_LSB$))))"} +-doc_end + +### Set 3 ### +-doc_begin="XEN only supports architectures where signed integers are +representend using two's complement and all the XEN developers are aware of +this." +-config=MC3R1.R10.1,etypes+={safe, + "stmt(operator(and||or||xor||not||and_assign||or_assign||xor_assign))", + "any()"} +-doc_end + +-doc_begin="See Section \"4.5 Integers\" of \"GCC_MANUAL\", where it says that +\"Signed `>>' acts on negative numbers by sign extension. As an extension to the +C language, GCC does not use the latitude given in C99 and C11 only to treat +certain aspects of signed `<<' as undefined. However, -fsanitize=shift (and +-fsanitize=undefined) will diagnose such cases. They are also diagnosed where +constant expressions are required.\"" +-config=MC3R1.R10.1,etypes+={safe, + "stmt(operator(shl||shr||shl_assign||shr_assign))", + "any()"} +-doc_end + +# +# Series 11 +# + +-doc_begin="Violations caused by container_of are due to pointer arithmetic operations +with the provided offset. The resulting pointer is then immediately cast back to its +original type, which preserves the qualifier. This use is deemed safe. +Fixing this violation would require to increase code complexity and lower readability." +-config=MC3R1.R11.8,reports+={safe,"any_area(any_loc(any_exp(macro(^container_of$))))"} +-doc_end + +-doc_begin="This construct is used to check if the type is scalar, and for this purpose the use of 0 as a null pointer constant is deliberate." +-config=MC3R1.R11.9,reports+={deliberate, "any_area(any_loc(any_exp(macro(^__ACCESS_ONCE$))))" +} +-doc_end + +# +# Series 13 +# + +-doc_begin="All developers and reviewers can be safely assumed to be well aware +of the short-circuit evaluation strategy of such logical operators." +-config=MC3R1.R13.5,reports+={disapplied,"any()"} +-doc_end + +# +# Series 14 +# + +-doc_begin="The severe restrictions imposed by this rule on the use of for +statements are not balanced by the presumed facilitation of the peer review +activity." +-config=MC3R1.R14.2,reports+={disapplied,"any()"} +-doc_end + +-doc_begin="The XEN team relies on the fact that invariant conditions of 'if' +statements are deliberate" +-config=MC3R1.R14.3,statements={deliberate , "wrapped(any(),node(if_stmt))" } +-doc_end + +-doc_begin="The XEN team relies on the fact that the enum is_dying has the +constant with assigned value 0 act as false and the other ones as true, +therefore have the same behavior of a boolean" +-config=MC3R1.R14.4,etypes+={deliberate, "stmt(child(cond,child(expr,ref(^?::is_dying$))))","src_type(enum)"} +-doc_end + +# +# Series 16. +# + +-doc_begin="Switch clauses ending with continue, goto, return statements are +safe." +-config=MC3R1.R16.3,terminals+={safe, "node(continue_stmt||goto_stmt||return_stmt)"} +-doc_end + +-doc_begin="Switch clauses ending with a call to a function that does not give +the control back (i.e., a function with attribute noreturn) are safe." +-config=MC3R1.R16.3,terminals+={safe, "call(property(noreturn))"} +-doc_end + +-doc_begin="Switch clauses ending with pseudo-keyword \"fallthrough\" are +safe." +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/fallthrough;/))))"} +-doc_end + +-doc_begin="Switch clauses ending with failure method \"BUG()\" are safe." +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(/BUG\\(\\);/))))"} +-doc_end + +-doc_begin="Switch clauses not ending with the break statement are safe if an +explicit comment indicating the fallthrough intention is present." +-config=MC3R1.R16.3,reports+={safe, "any_area(end_loc(any_exp(text(^(?s).*/\\* [fF]all ?through.? \\*/.*$,0..1))))"} +-doc_end + +# +# Series 20. +# + +-doc_begin="Code violating Rule 20.7 is safe when macro parameters are used: (1) +as function arguments; (2) as macro arguments; (3) as array indices; (4) as lhs +in assignments." +-config=MC3R1.R20.7,expansion_context= +{safe, "context(__call_expr_arg_contexts)"}, +{safe, "context(skip_to(__expr_non_syntactic_contexts, stmt_child(node(array_subscript_expr), subscript)))"}, +{safe, "context(skip_to(__expr_non_syntactic_contexts, stmt_child(operator(assign), lhs)))"}, +{safe, "left_right(^[(,\\[]$,^[),\\]]$)"} +-doc_end + +# +# General +# + +-doc_begin="do-while-0 is a well recognized loop idiom by the xen community." +-loop_idioms={do_stmt, "literal(0)"} +-doc_end +-doc_begin="while-[01] is a well recognized loop idiom by the xen community." +-loop_idioms+={while_stmt, "literal(0)||literal(1)"} +-doc_end + +# +# Developer confusion +# + +-doc="Selection for reports that are fully contained in adopted code." +-report_selector+={adopted_report,"all_area(!kind(culprit||evidence)||all_loc(all_exp(adopted||pseudo)))"} + +-doc_begin="Adopted code is not meant to be read, reviewed or modified by human +programmers:no developers' confusion is not possible. In addition, adopted code +is assumed to work as is. Reports that are fully contained in adopted code are +hidden/tagged with the 'adopted' tag." +-service_selector={developer_confusion_guidelines,"^(MC3R1\\.R2\\.1|MC3R1\\.R2\\.2|MC3R1\\.R2\\.3|MC3R1\\.R2\\.4|MC3R1\\.R2\\.5|MC3R1\\.R2\\.6|MC3R1\\.R2\\.7|MC3R1\\.R4\\.1|MC3R1\\.R5\\.3|MC3R1\\.R5\\.6|MC3R1\\.R5\\.7|MC3R1\\.R5\\.8|MC3R1\\.R5\\.9|MC3R1\\.R7\\.1|MC3R1\\.R7\\.2|MC3R1\\.R7\\.3|MC3R1\\.R8\\.7|MC3R1\\.R8\\.8|MC3R1\\.R8\\.9|MC3R1\\.R8\\.11|MC3R1\\.R8\\.12|MC3R1\\.R8\\.13|MC3R1\\.R9\\.3|MC3R1\\.R9\\.4|MC3R1\\.R9\\.5|MC3R1\\.R10\\.2|MC3R1\\.R10\\.5|MC3R1\\.R10\\.6|MC3R1\\.R10\\.7|MC3R1\\.R10\\.8|MC3R1\\.R11\\.9|MC3R1\\.R12\\.1|MC3R1\\.R12\\.3|MC3R1\\.R12\\.4|MC3R1\\.R13\\.5|MC3R1\\.R14\\.1|MC3R1\\.R14\\.2|MC3R1\\.R14\\.3|MC3R1\\.R15\\.1|MC3R1\\.R15\\.2|MC3R1\\.R15\\.3|MC3R1\\.R15\\.4|MC3R1\\.R15\\.5|MC3R1\\.R15\\.6|MC3R1\\.R15\\.7|MC3R1\\.R16\\.1|MC3R1\\.R16\\.2|MC3R1\\.R16\\.3|MC3R1\\.R16\\.4|MC3R1\\.R16\\.5|MC3R1\\.R16\\.6|MC3R1\\.R16\\.7|MC3R1\\.R17\\.7|MC3R1\\.R17\\.8|MC3R1\\.R18\\.4|MC3R1\\.R18\\.5)$" +} +-config=developer_confusion_guidelines,reports+={relied,adopted_report} +-doc_end diff --git a/src/xen/automation/eclair_analysis/ECLAIR/generate_ecl.sh b/src/xen/automation/eclair_analysis/ECLAIR/generate_ecl.sh new file mode 100755 index 0000000000000000000000000000000000000000..de20728eb1f95e38c695a5002b9f3aa3fb19ee8e --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/generate_ecl.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# Generates the .ecl files + +set -eu + +script_dir="$( + cd "$(dirname "$0")" + echo "${PWD}" +)" + +exclude_list="${ECLAIR_PROJECT_ROOT}/docs/misra/exclude-list.json" + +# Generate the exclude list file +"${script_dir}/adopted.sh" "${exclude_list}" diff --git a/src/xen/automation/eclair_analysis/ECLAIR/out_of_scope.ecl b/src/xen/automation/eclair_analysis/ECLAIR/out_of_scope.ecl new file mode 100644 index 0000000000000000000000000000000000000000..9bcec4c69df7275b154dd5fcf7da93d05eec2bf9 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/out_of_scope.ecl @@ -0,0 +1,61 @@ +-doc_begin="Intel specific source files are out of scope." +-file_tag+={out_of_scope,"^xen/arch/x86/cpu/intel\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/cpu/intel_cacheinfo\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/cpu/microcode/intel\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/cpu/shanghai\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/hvm/vmx/.*$"} +-file_tag+={out_of_scope,"^xen/arch/x86/include/asm/hvm/vmx/.*$"} +-file_tag+={out_of_scope,"^xen/drivers/passthrough/vtd/.*$"} +-file_tag+={out_of_scope,"^xen/arch/x86/cpu/mcheck/mce_intel\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/cpu/mwait-idle\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/cpu/vpmu_intel\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/tsx\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/mm/altp2m\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/mm/p2m-ept\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/mm/hap/nested_ept\\.c$"} +-file_tag+={out_of_scope,"^xen/arch/x86/include/asm/altp2m\\.h$"} +-file_tag+={out_of_scope,"^xen/arch/x86/include/asm/intel-family\\.h$"} +-doc_end + +-doc_begin="Build tools are out of scope." +-file_tag+={out_of_scope_tools,"^xen/tools/.*$"} +-file_tag+={out_of_scope_tools,"^xen/arch/x86/efi/mkreloc\\.c$"} +-file_tag+={out_of_scope_tools,"^xen/arch/x86/boot/mkelf32\\.c$"} +-doc_end + +-doc_begin="Out of scope headers." +-file_tag+={out_of_scope,"^xen/include/xen/bitmap\\.h$"} +-file_tag+={out_of_scope,"^xen/include/xen/earlycpio\\.h$"} +-file_tag+={out_of_scope,"^xen/include/xen/lzo\\.h$"} +-file_tag+={out_of_scope,"^xen/include/xen/lz4\\.h$"} +-file_tag+={out_of_scope,"^xen/common/lz4/defs\\.h$"} +-file_tag+={out_of_scope,"^xen/include/xen/radix-tree\\.h$"} +-file_tag+={out_of_scope,"^xen/include/xen/list_sort\\.h$"} +-file_tag+={out_of_scope,"^xen/include/xen/rbtree\\.h$"} +-file_tag+={out_of_scope,"^xen/include/xen/xxhash\\.h$"} +-doc_end + +-doc_begin="Headers under xen/include/public/ are the description of the public +hypercall ABI so the community is extremely conservative in making changes +there, because the interface is maintained for backward compatibility: ignore +for now." +-file_tag+={hypercall_ABI, "^xen/include/public/.*$"} +-source_files+={hide, hypercall_ABI} +-doc_end + +-doc_begin="Consider out-of-scope files external to the project." +-file_tag+={external, out_of_scope} +-doc_end + +-doc_begin="Consider adopted files external to the project." +-file_tag+={external, adopted} +-doc_end + +-doc_begin="Disregard out-of-scope tools." +-frames+={hide,"main(out_of_scope_tools)"} +-doc_end + +-doc_begin="The build performs speculative calls with target /dev/null: this +frames should be ignored." +-frames+={hide,"target(^/dev/null$)"} +-doc_end diff --git a/src/xen/automation/eclair_analysis/ECLAIR/print_analyzed_files.sh b/src/xen/automation/eclair_analysis/ECLAIR/print_analyzed_files.sh new file mode 100755 index 0000000000000000000000000000000000000000..7d231271617cfb5b86e8b7ffc288004ba0162953 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/print_analyzed_files.sh @@ -0,0 +1,68 @@ +#!/bin/bash +# Stop immediately if any executed command has exit status different from 0. +set -eu + +script_name="$(basename "$0")" +script_dir="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" + +fatal() { + echo "${script_name}: $*" >&2 + exit 1 +} + +usage() { + fatal "Usage: ${script_name} DATABASE OUT_DIR" +} + +extrapolate_regex() { + lookbehind=$1 + file=$2 + grep -Po "(?<=${lookbehind}\"\\^).*(?=\\$\")" "${file}" | sed 's/\\\\/\\/' +} + +if [ $# -lt 2 ]; then + usage +fi + +DB=$1 +OUT_DIR=$2 + +files_txt="${OUT_DIR}/files.txt" +files_c_txt="${OUT_DIR}/files_c.txt" +files_h_txt="${OUT_DIR}/files_h.txt" +exclusions_txt="${OUT_DIR}/exclusions.txt" + + +if [[ ! -d "${OUT_DIR}" ]]; then + mkdir -p "${OUT_DIR}" +else + rm -f "${files_txt}" + rm -f "${files_c_txt}" + rm -f "${files_h_txt}" + rm -f "${exclusions_txt}" +fi + +# Generating txt report with files +"${ECLAIR_BIN_DIR}eclair_report" -db="${DB}" -files_txt="${files_txt}" + +{ + # Extracting out of scope and adopted code + adopted_ecl="${script_dir}/adopted.ecl" + extrapolate_regex adopted, "${adopted_ecl}" + out_of_scope_ecl="${script_dir}/out_of_scope.ecl" + extrapolate_regex adopted, "${out_of_scope_ecl}" + extrapolate_regex out_of_scope_tools, "${out_of_scope_ecl}" + extrapolate_regex out_of_scope, "${out_of_scope_ecl}" + extrapolate_regex hypercall_ABI, "${out_of_scope_ecl}" + extrapolate_regex "hide, " "${out_of_scope_ecl}" +} >"${exclusions_txt}" +sort -o "${exclusions_txt}" -u "${exclusions_txt}" + +# Removing exclusions from files_txt +grep -E -v "(object: |/dev/pipe)" "${files_txt}" > "${files_txt}.tmp" +grep -vf "${exclusions_txt}" "${files_txt}.tmp" > "${files_txt}" +rm "${files_txt}.tmp" +# Creating files with only headers +grep -Ev "(xen.*\.(h\w+|[^h]\w*) |.*ecl)" "${files_txt}" > "${files_h_txt}" +# Creating files with only c files +grep -Ev "(xen.*\.(c\w+|[^c]\w*) |.*ecl)" "${files_txt}" > "${files_c_txt}" diff --git a/src/xen/automation/eclair_analysis/ECLAIR/public_APIs.ecl b/src/xen/automation/eclair_analysis/ECLAIR/public_APIs.ecl new file mode 100644 index 0000000000000000000000000000000000000000..9701a295e6f71c01ea42a3cca33467334c75b392 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/public_APIs.ecl @@ -0,0 +1,6 @@ +# Definition of the public APIs. + +-doc="All Xen public headers." +-file_tag+={api:public,"^xen/include/public/.*\\.h$"} + +-public_files+=api:public diff --git a/src/xen/automation/eclair_analysis/ECLAIR/report.ecl b/src/xen/automation/eclair_analysis/ECLAIR/report.ecl new file mode 100644 index 0000000000000000000000000000000000000000..6ee324746c5871ff2d3b2560d8839dca0019a9d5 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/report.ecl @@ -0,0 +1,4 @@ +# eclair_report + +reports_codeclimate("gl-code-quality-report.json") + diff --git a/src/xen/automation/eclair_analysis/ECLAIR/tagging.ecl b/src/xen/automation/eclair_analysis/ECLAIR/tagging.ecl new file mode 100644 index 0000000000000000000000000000000000000000..900c5321962263a07ad2451fe7fb456075f0a5ca --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/tagging.ecl @@ -0,0 +1,48 @@ +-doc="Hide reports marked as compliant." +-remap_rtag={compliant,hide} + +-doc="Hide reports marked as safe." +-remap_rtag={safe,hide} + +-doc="Hide reports marked as relied." +-remap_rtag={relied,hide} + +-doc="Hide reports marked as deliberate." +-remap_rtag={deliberate,hide} + +-doc="Hide reports marked as disapplied." +-remap_rtag={disapplied,hide} + +####################### +# Accepted guidelines # +####################### + +-doc="Accepted guidelines as reported in XEN/docs/misra/rules.rst" +-service_selector={accepted_guidelines, + "MC3R1.D1.1||MC3R1.D2.1||MC3R1.D4.1||MC3R1.D4.3||MC3R1.D4.7||MC3R1.D4.10||MC3R1.D4.11||MC3R1.D4.14||MC3R1.R1.1||MC3R1.R1.3||MC3R1.R1.4||MC3R1.R2.1||MC3R1.R2.2||MC3R1.R2.6||MC3R1.R3.1||MC3R1.R3.2||MC3R1.R4.1||MC3R1.R4.2||MC3R1.R5.1||MC3R1.R5.2||MC3R1.R5.3||MC3R1.R5.4||MC3R1.R5.6||MC3R1.R6.1||MC3R1.R6.2||MC3R1.R7.1||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R7.4||MC3R1.R8.1||MC3R1.R8.2||MC3R1.R8.3||MC3R1.R8.4||MC3R1.R8.5||MC3R1.R8.6||MC3R1.R8.8||MC3R1.R8.10||MC3R1.R8.12||MC3R1.R8.14||MC3R1.R9.1||MC3R1.R9.2||MC3R1.R9.3||MC3R1.R9.4||MC3R1.R9.5||MC3R1.R10.1||MC3R1.R10.2||MC3R1.R10.3||MC3R1.R10.4||MC3R1.R11.7||MC3R1.R11.8||MC3R1.R11.9||MC3R1.R12.5||MC3R1.R13.1||MC3R1.R13.5||MC3R1.R13.6||MC3R1.R14.1||MC3R1.R14.2||MC3R1.R14.3||MC3R1.R16.7||MC3R1.R17.3||MC3R1.R17.4||MC3R1.R17.6||MC3R1.R18.3||MC3R1.R19.1||MC3R1.R20.7||MC3R1.R20.13||MC3R1.R20.14||MC3R1.R21.13||MC3R1.R21.17||MC3R1.R21.18||MC3R1.R21.19||MC3R1.R21.20||MC3R1.R21.21||MC3R1.R22.2||MC3R1.R22.4||MC3R1.R22.5||MC3R1.R22.6" +} +-doc="All reports of accepted guidelines are tagged as accepted." +-reports+={status:accepted,"service(accepted_guidelines)"} + +#################### +# Clean guidelines # +#################### + +-doc_begin="Clean guidelines: new violations for these guidelines are not accepted." + +-service_selector={clean_guidelines_common,"MC3R1.D1.1||MC3R1.D2.1||MC3R1.D4.11||MC3R1.D4.14||MC3R1.R1.1||MC3R1.R1.3||MC3R1.R1.4||MC3R1.R2.2||MC3R1.R3.1||MC3R1.R3.2||MC3R1.R4.1||MC3R1.R4.2||MC3R1.R5.1||MC3R1.R5.2||MC3R1.R5.4||MC3R1.R5.6||MC3R1.R6.1||MC3R1.R6.2||MC3R1.R7.1||MC3R1.R8.1||MC3R1.R8.5||MC3R1.R8.6||MC3R1.R8.8||MC3R1.R8.10||MC3R1.R8.12||MC3R1.R8.14||MC3R1.R9.2||MC3R1.R9.4||MC3R1.R9.5||MC3R1.R12.5||MC3R1.R17.3||MC3R1.R17.4||MC3R1.R17.6||MC3R1.R20.13||MC3R1.R20.14||MC3R1.R21.13||MC3R1.R21.19||MC3R1.R21.21||MC3R1.R22.2||MC3R1.R22.4||MC3R1.R22.5||MC3R1.R22.6" +} + +-setq=target,getenv("XEN_TARGET_ARCH") + +if(string_equal(target,"x86_64"), + service_selector({"additional_clean_guidelines","MC3R1.D4.3"}) +) + +if(string_equal(target,"arm64"), + service_selector({"additional_clean_guidelines","MC3R1.R5.3||MC3R1.R7.2||MC3R1.R7.3||MC3R1.R8.6||MC3R1.R9.3"}) +) + +-reports+={clean:added,"service(clean_guidelines_common||additional_clean_guidelines)"} + +-doc_end diff --git a/src/xen/automation/eclair_analysis/ECLAIR/toolchain.ecl b/src/xen/automation/eclair_analysis/ECLAIR/toolchain.ecl new file mode 100644 index 0000000000000000000000000000000000000000..71a1e2cce029289584035e81feb16b541e8c1b77 --- /dev/null +++ b/src/xen/automation/eclair_analysis/ECLAIR/toolchain.ecl @@ -0,0 +1,275 @@ +# Compilers. +-file_tag+={GCC_ARM64,"^/usr/bin/aarch64-linux-gnu-gcc-12$"} +-file_tag+={GCC_X86_64,"^/usr/bin/x86_64-linux-gnu-gcc-12$"} + +# Manuals. +-setq=GCC_MANUAL,"https://gcc.gnu.org/onlinedocs/gcc-12.1.0/gcc.pdf" +-setq=CPP_MANUAL,"https://gcc.gnu.org/onlinedocs/gcc-12.1.0/cpp.pdf" +-setq=ARM64_ABI_MANUAL,"https://github.com/ARM-software/abi-aa/blob/60a8eb8c55e999d74dac5e368fc9d7e36e38dda4/aapcs64/aapcs64.rst" +-setq=X86_64_ABI_MANUAL,"https://gitlab.com/x86-psABIs/x86-64-ABI/-/jobs/artifacts/master/raw/x86-64-ABI/abi.pdf?job=build" +-setq=ARM64_LIBC_MANUAL,"https://www.gnu.org/software/libc/manual/pdf/libc.pdf" +-setq=X86_64_LIBC_MANUAL,"https://www.gnu.org/software/libc/manual/pdf/libc.pdf" +-setq=C99_STD,"ISO/IEC 9899:1999" + +-doc_begin=" + _Static_assert: see Section \"2.1 C Language\" of "GCC_MANUAL". + asm, __asm__: see Sections \"6.48 Alternate Keywords\" and \"6.47 How to Use Inline Assembly Language in C Code\" of "GCC_MANUAL". + __volatile__: see Sections \"6.48 Alternate Keywords\" and \"6.47.2.1 Volatile\" of "GCC_MANUAL". + __const__ : see Section \"6.48 Alternate Keywords\" of "GCC_MANUAL". + typeof, __typeof__: see Section \"6.7 Referring to a Type with typeof\" of "GCC_MANUAL". + __alignof__, __alignof: see Sections \"6.48 Alternate Keywords\" and \"6.44 Determining the Alignment of Functions, Types or Variables\" of "GCC_MANUAL". + __attribute__: see Section \"6.39 Attribute Syntax\" of "GCC_MANUAL". + __builtin_types_compatible_p: see Section \"6.59 Other Built-in Functions Provided by GCC\" of "GCC_MANUAL". + __builtin_va_arg: non-documented GCC extension. + __builtin_offsetof: see Section \"6.53 Support for offsetof\" of "GCC_MANUAL". +" +-config=STD.tokenext,behavior+={c99, GCC_ARM64, "^(_Static_assert|asm|__asm__|__volatile__|__const__|typeof|__typeof__|__alignof__|__attribute__|__builtin_types_compatible_p|__builtin_va_arg|__builtin_offsetof)$"} +-config=STD.tokenext,behavior+={c99, GCC_X86_64, "^(_Static_assert|asm|__asm__|__volatile__|__const__|typeof|__typeof__|__alignof__|__alignof|__attribute__|__builtin_types_compatible_p|__builtin_va_arg|__builtin_offsetof)$"} +-doc_end + +-doc_begin="Non-documented GCC extension." +-config=STD.emptinit,behavior+={c99,GCC_ARM64,specified} +-config=STD.emptinit,behavior+={c99,GCC_X86_64,specified} +#-config=STD.emptinit,behavior+={c18,GCC_X86_64,specified} +-doc_end + +-doc_begin="See Section \"6.24 Arithmetic on void- and Function-Pointers\" of "GCC_MANUAL"." +-config=STD.vptrarth,behavior+={c99,GCC_ARM64,specified} +-config=STD.vptrarth,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin="See Section \"6.1 Statements and Declarations in Expressions\" of "GCC_MANUAL"." +-config=STD.stmtexpr,behavior+={c99,GCC_ARM64,specified} +-config=STD.stmtexpr,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin="See Section \"6.19 Structures with No Members\" of "GCC_MANUAL"." +-config=STD.emptrecd,behavior+={c99,GCC_ARM64,specified} +-config=STD.emptrecd,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin="See Section \"6.18 Arrays of Length Zero\" of "GCC_MANUAL"." +-config=STD.arayzero,behavior+={c99,GCC_ARM64,specified} +-config=STD.arayzero,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin="See Section \"6.8 Conditionals with Omitted Operands\" of "GCC_MANUAL"." +-config=STD.bincondl,behavior+={c99,GCC_ARM64,specified} +-config=STD.bincondl,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin="See Section \"6.30 Case Ranges\" of "GCC_MANUAL"." +-config=STD.caseuplw,behavior+={c99,GCC_ARM64,specified} +-config=STD.caseuplw,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin="See Section \"6.63 Unnamed Structure and Union Fields\" of "GCC_MANUAL"." +-config=STD.anonfild,behavior+={c99,GCC_ARM64,specified} +-config=STD.anonfild,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin="Non-documented GCC extension." +-config=STD.emptdecl,behavior+={c99,GCC_ARM64,specified} +-config=STD.emptdecl,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin="Non-documented GCC extension." +-config=STD.emptenum,behavior+={c99,GCC_ARM64,specified} +-doc_end + +-doc_begin="Non-documented GCC extension." +-config=STD.pteincmp,behavior+={c99,GCC_ARM64,specified} +-config=STD.pteincmp,behavior+={c99,GCC_X86_64,specified} +#-config=STD.pteincmp,behavior+={c18,GCC_X86_64,specified} +-doc_end + +-doc_begin="Non-documented GCC extension." +-config=STD.funojptr,behavior+={c99,GCC_X86_64,specified} +-doc_end + +-doc_begin=" + ext_paste_comma: see Section \"6.21 Macros with a Variable Number of Arguments\" of "GCC_MANUAL". + ext_missing_varargs_arg: see Section \"6.21 Macros with a Variable Number of Arguments\" of "GCC_MANUAL". + ext_named_variadic_macro: see Section \"6.21 Macros with a Variable Number of Arguments\" of "GCC_MANUAL". + ext_return_has_void_expr: see the documentation for -Wreturn-type in Section \"3.8 Options to Request or Suppress Warnings\" of "GCC_MANUAL". + ext_gnu_statement_expr_macro: see Section \"6.1 Statements and Declarations in Expressions\" of "GCC_MANUAL". + ext_sizeof_alignof_void_type: see Section \"6.24 Arithmetic on void- and Function-Pointers\" of "GCC_MANUAL". + ext_forward_ref_enum_def: see Section \"6.49 Incomplete enum Types\" of "GCC_MANUAL". + ext_flexible_array_in_struct: see Section \"6.18 Arrays of Length Zero\" of "GCC_MANUAL". + ext_flexible_array_in_array: see Section \"6.18 Arrays of Length Zero\" of "GCC_MANUAL". + ext_enum_value_not_int: non-documented GCC extension. + ext_gnu_array_range: see Section \"6.29 Designated Initializers\" of "GCC_MANUAL". +" +-config=STD.diag,behavior+={c99,GCC_ARM64,"^(ext_paste_comma|ext_missing_varargs_arg|ext_named_variadic_macro|ext_return_has_void_expr|ext_gnu_statement_expr_macro|ext_sizeof_alignof_void_type|ext_forward_ref_enum_def|ext_gnu_array_range)$"} +-config=STD.diag,behavior+={c99,GCC_X86_64,"^(ext_paste_comma|ext_missing_varargs_arg|ext_named_variadic_macro|ext_return_has_void_expr|ext_gnu_statement_expr_macro|ext_sizeof_alignof_void_type|ext_flexible_array_in_struct|ext_flexible_array_in_array|ext_enum_value_not_int|ext_gnu_array_range)$"} +-doc_end + +-doc_begin="The maximum size of an object is defined in the MAX_SIZE macro, and for a 32 bit architecture is 8MB. + The maximum size for an array is defined in the PTRDIFF_MAX and in a 32 bit architecture is 2^30-1. + See occurrences of these macros in "GCC_MANUAL"." +-config=STD.byteobjt,behavior+={c99, GCC_ARM64, 8388608} +-config=STD.byteobjt,behavior+={c99, GCC_X86_64, 8388608} +-doc_end + +-doc_begin="See Section \"11.2 Implementation limits\" of "CPP_MANUAL"." +-config=STD.charline,behavior+={c99, GCC_ARM64, 5000} +-config=STD.charline,behavior+={c99, GCC_X86_64, 12000} +-doc_end + +-doc_begin="See Section \"11.2 Implementation limits\" of "CPP_MANUAL"." +-config=STD.inclnest,behavior+={c99, GCC_ARM64, 24} +-config=STD.inclnest,behavior+={c99, GCC_X86_64, 32} +-doc_end + +-doc_begin="FIXME: why is C90 used?" +-config=STD.ppifnest,behavior+={c90, GCC_X86_64, 32} +-doc_end + +-doc_begin="See Section \"4.12 Statements\" of "GCC_MANUAL"." +-config=STD.caselimt,behavior+={c99, GCC_X86_64, 1500} +-doc_end + +-doc_begin="See Section \"6.9 128-bit Integers\" of "GCC_MANUAL"." +-config=STD.stdtypes,behavior+={c99, GCC_X86_64, "__uint128_t"} +-doc_end + +-doc_begin="FIXME: Non-documented GCC extension?" +-config=STD.charescp,behavior={c99, GCC_X86_64, "^m$"} +-doc_end + +-doc_begin="See Section \"4.9 Structures, Unions, Enumerations, and Bit-Fields\" of "GCC_MANUAL"." +-config=STD.bitfldtp, +behavior={c99, GCC_ARM64, "unsigned char;unsigned short;unsigned long;unsigned long long"} +-config=STD.bitfldtp, +behavior={c99, GCC_X86_64, "unsigned char;unsigned short;unsigned long;enum"} +-doc_end + +-doc_begin=" + #pragma pack: see Section \"6.62.11 Structure-Layout Pragmas\" of "GCC_MANUAL". + #pragma GCC visibility: see Section \"6.62.14 Visibility Pragmas\" of "GCC_MANUAL". +" +-config=STD.nonstdc,behavior={c99, GCC_ARM64, "^(pack\\(|GCC visibility (push|pop)).*$"} +-config=STD.nonstdc,behavior={c99, GCC_X86_64, "^(pack\\(|GCC visibility (push|pop)).*$"} +-doc_end + +-doc_begin="See Section \"1.1 Character sets\" of "CPP_MANUAL". We assume the locale is not restricting any UTF-8 characters being part of the source character set." +-config=STD.charset,behavior={c99, GCC_ARM64, "utf8"} +-doc_end + +-doc_begin="See Section \"4.3 Identifiers\" of "GCC_MANUAL"." +-config=STD.extidsig, behavior+={c99, GCC_ARM64, "63"} +-config=STD.extidsig, behavior+={c99, GCC_X86_64, "63"} +-doc_end + +# +# Documentation for relied-upon implementation-defined behaviors (Dir 1.1) +# + +-doc_begin="See Section \"4.4 Characters\" of "GCC_MANUAL" and Section \"8.1 Data types\" of "ARM64_ABI_MANUAL"." +-config=STD.bytebits,behavior={c99, GCC_ARM64, "8"} +-config=STD.charsobj,behavior={c99, GCC_ARM64, "utf8"} +-config=STD.charsval,behavior={c99, GCC_ARM64, "utf8"} +-doc_end + +-doc_begin="See Section \"4.4 Characters\" of "GCC_MANUAL" and Section \"3.1.2 Data Representation\" of "X86_64_ABI_MANUAL"." +-config=STD.bytebits,behavior={c99, GCC_X86_64, "8"} +-config=STD.charsobj,behavior={c99, GCC_X86_64, "utf8"} +-config=STD.charsval,behavior={c99, GCC_X86_64, "utf8"} +-doc_end + +-doc_begin="See Section \"4.4 Characters\" of "GCC_MANUAL" and the documentation for -finput-charset=charset in the same manual." +-config=STD.charsmap,behavior={c99, GCC_ARM64, "specified"} +-config=STD.charsmap,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.4 Characters\" of "GCC_MANUAL" and the documentation for -fexec-charset=charset and -finput-charset=charset in the same manual." +-config=STD.charsmem,behavior={c99, GCC_ARM64, "utf8"} +-config=STD.charsmem,behavior={c99, GCC_X86_64, "utf8"} +-doc_end + +-doc_begin="See Section \"4.1 Translation\" of "GCC_MANUAL"." +-config=STD.diagidnt,behavior={c99, GCC_ARM64, "specified"} +-config=STD.diagidnt,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.4 Characters\" of "GCC_MANUAL" and the documentation for -fexec-charset=charset in the same manual." +-config=STD.execvals,behavior={c99, GCC_ARM64, "specified"} +-config=STD.execvals,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="Given that Xen is compiled in hosted mode, ECLAIR cannot exclude the independency from program termination implementation-defined behavior. See \"Section 25.7 Program Termination\" of "ARM64_LIBC_MANUAL"." +-config=STD.exitstat,behavior={c99, GCC_ARM64, "specified"} +-doc_end + +-doc_begin="Given that Xen is compiled in hosted mode, ECLAIR cannot exclude the independency from program termination implementation-defined behavior. See \"Section 25.7 Program Termination\" of "X86_64_LIBC_MANUAL"." +-config=STD.exitstat,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Chapter \"2 Header Files\" of "CPP_MANUAL"." +-config=STD.inclangl,behavior={c99, GCC_ARM64, "specified"} +-config=STD.inclangl,behavior={c99, GCC_X86_64, "specified"} +-config=STD.inclfile,behavior={c99, GCC_ARM64, "specified"} +-config=STD.inclfile,behavior={c99, GCC_X86_64, "specified"} +-config=STD.inclhead,behavior={c99, GCC_ARM64, "specified"} +-config=STD.inclhead,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.5 Integers\" of "GCC_MANUAL"." +-config=STD.signdint,behavior={c99, GCC_ARM64, "specified"} +-config=STD.signdint,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.15 Architecture\" of "GCC_MANUAL" and Chapter \"5 Data types and alignment\" of "ARM64_ABI_MANUAL"." +-config=STD.objbytes,behavior={c99, GCC_ARM64, "specified"} +-doc_end + +-doc_begin="See Section \"4.15 Architecture\" of "GCC_MANUAL" and Section \"3.1.2 Data Representation\" of "X86_64_ABI_MANUAL"." +-config=STD.objbytes,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"3.4 Stringizing\" of "CPP_MANUAL"." +-config=STD.stringfy,behavior={c99, GCC_ARM64, "specified"} +-config=STD.stringfy,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.9 Structures, Unions, Enumerations, and Bit-Fields\" + of "GCC_MANUAL" and Section \"8.1.8 Bit-fields\" of "ARM64_ABI_MANUAL"." +-config=STD.bitfldby,+behavior={c99, GCC_ARM64, "specified"} +-config=STD.bitfldor,+behavior={c99, GCC_ARM64, "specified"} +-doc_end + +-doc_begin="See Section \"4.9 Structures, Unions, Enumerations, and Bit-Fields\" + of "GCC_MANUAL" and Section \"3.1.2 Data Representation\" of "X86_64_ABI_MANUAL"." +-config=STD.bitfldby,+behavior={c99, GCC_X86_64, "specified"} +-config=STD.bitfldor,+behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.10 Qualifiers\" of "GCC_MANUAL"." +-config=STD.volatltp,+behavior={c99, GCC_ARM64, "specified"} +-config=STD.volatltp,+behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.15 Architecture\" of "GCC_MANUAL" and Chapter \"5 Data types and alignment\" of "ARM64_ABI_MANUAL"." +-config=STD.stdmacro,behavior={c99, GCC_ARM64, "specified"} +-doc_end + +-doc_begin="See Section \"4.15 Architecture\" of "GCC_MANUAL" and Section \"3.1.2 Data Representation\" of "X86_64_ABI_MANUAL"." +-config=STD.stdmacro,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.4 Characters\" of "GCC_MANUAL" and Section \"11.1 Implementation-defined behavior\" of "CPP_MANUAL"." +-config=STD.widestng,behavior={c99, GCC_ARM64, "specified"} +-config=STD.widestng,behavior={c99, GCC_X86_64, "specified"} +-config=STD.multbtsl,behavior={c99, GCC_X86_64, "specified"} +-doc_end + +-doc_begin="See Section \"4.13 Preprocessing Directives\" of "GCC_MANUAL" and Section \"7 Pragmas\" of "CPP_MANUAL"." +-config=STD.pragmdir,behavior={c99, GCC_ARM64, "^(pack\\(|GCC visibility (push|pop)).*$"} +-config=STD.pragmdir,behavior={c99, GCC_X86_64, "^(pack\\(|GCC visibility (push|pop)).*$"} +-doc_end + +-doc_begin="See Section \"6.9 128-bit Integers\" of "GCC_MANUAL"." +-config=STD.extinttp,behavior={c99, GCC_X86_64, "__uint128_t"} +-doc_end + +-doc_begin="See Section \"4.13 Preprocessing Directives\" of "GCC_MANUAL" and Section \"11.1 Implementation-defined behavior\" of "CPP_MANUAL"." +-config=STD.inclexpd,behavior={c99, GCC_X86_64, "specified"} +-doc_end diff --git a/src/xen/automation/eclair_analysis/Makefile.prepare b/src/xen/automation/eclair_analysis/Makefile.prepare new file mode 100644 index 0000000000000000000000000000000000000000..90f4a311723d9ce10b0ec18312c05b1383d7ff3b --- /dev/null +++ b/src/xen/automation/eclair_analysis/Makefile.prepare @@ -0,0 +1,6 @@ +include Makefile +prepare: + $(Q)$(MAKE) $(build)=tools + $(Q)$(MAKE) $(build)=. include/xen/compile.h + $(Q)$(MAKE) $(build)=include all + $(Q)$(MAKE) $(build)=arch/$(SRCARCH) include diff --git a/src/xen/automation/eclair_analysis/build.sh b/src/xen/automation/eclair_analysis/build.sh new file mode 100755 index 0000000000000000000000000000000000000000..122b93b805817ff0aae66ae3ee9cb893e8c1ac91 --- /dev/null +++ b/src/xen/automation/eclair_analysis/build.sh @@ -0,0 +1,67 @@ +#!/bin/bash +# Stop immediately if any executed command has exit status different from 0. +set -e + +script_name="$(basename "$0")" + +fatal() { + echo "${script_name}: $*" >&2 + exit 1 +} + +usage() { + fatal "Usage: ${script_name} " +} + +if [ $# -ne 1 ]; then + usage +fi + +if [ "$1" = "X86_64" ]; then + export CROSS_COMPILE= + export XEN_TARGET_ARCH=x86_64 +elif [ "$1" = "ARM64" ]; then + export CROSS_COMPILE=aarch64-linux-gnu- + export XEN_TARGET_ARCH=arm64 +else + fatal "Unknown configuration: $1" +fi + +if [[ -f /proc/cpuinfo ]]; then + PROCESSORS=$(grep -c ^processor /proc/cpuinfo) +else + PROCESSORS=6 +fi + +# Variables driving the build +CC=${CROSS_COMPILE}gcc-12 +CXX=${CROSS_COMPILE}g++-12 + +runtime_failures_docs() { + doc="C-runtime-failures.rst" + builddir="automation/eclair_analysis" + + cd "${builddir}" + printf "/*\n\n" >"${doc}.c" + sed -e 's|\*/|*//*|g' "../../docs/misra/${doc}" >>"${doc}.c" + + # At least a dummy decl is needed to comply with the C standard. + printf "\n\n*/\ntypedef int dummy_typedef;\n" >>"${doc}.c" + + # The C language standard applicable to Xen is C99 (with extensions), + # therefore even this dummy file needs to be compiled with -std=c99. + # Cannot redirect to /dev/null because it would be excluded from the analysis + "${CC}" -std=c99 -c "${doc}.c" -o "${doc}.o" + cd - +} + +( + runtime_failures_docs + + make "-j${PROCESSORS}" "-l${PROCESSORS}.0" \ + "CROSS_COMPILE=${CROSS_COMPILE}" \ + "CC=${CC}" \ + "CXX=${CXX}" \ + "XEN_TARGET_ARCH=${XEN_TARGET_ARCH}" \ + -C xen +) diff --git a/src/xen/automation/eclair_analysis/prepare.sh b/src/xen/automation/eclair_analysis/prepare.sh new file mode 100755 index 0000000000000000000000000000000000000000..fe9d16e48ecc6cb2340b9f8d91d82382afa2ac13 --- /dev/null +++ b/src/xen/automation/eclair_analysis/prepare.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# Stop immediately if any executed command has exit status different from 0. +set -e + +script_name="$(basename "$0")" +script_dir="$( + cd "$(dirname "$0")" + echo "${PWD}" +)" + +fatal() { + echo "${script_name}: $*" >&2 + exit 1 +} + +usage() { + fatal "Usage: ${script_name}" +} + +if [ $# -ne 1 ]; then + usage + exit 1 +fi + +export XEN_TARGET_ARCH + +if [ "$1" = "X86_64" ]; then + CONFIG_FILE="${script_dir}/xen_x86_config" + XEN_TARGET_ARCH=x86_64 +elif [ "$1" = "ARM64" ]; then + CONFIG_FILE="${script_dir}/xen_arm_config" + XEN_TARGET_ARCH=arm64 +else + fatal "Unknown configuration: $1" +fi + +( + ./configure + cp "${CONFIG_FILE}" xen/.config + make clean + find . -type f -name "*.safparse" -print -delete + cd xen + make -f "${script_dir}/Makefile.prepare" prepare + # Translate the /* SAF-n-safe */ comments into ECLAIR CBTs + scripts/xen-analysis.py --run-eclair --no-build --no-clean +) diff --git a/src/xen/automation/eclair_analysis/xen_arm_config b/src/xen/automation/eclair_analysis/xen_arm_config new file mode 100644 index 0000000000000000000000000000000000000000..ef140ceb738398a44dd0874d38aa4fbf4e3ed968 --- /dev/null +++ b/src/xen/automation/eclair_analysis/xen_arm_config @@ -0,0 +1,141 @@ +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=90400 +CONFIG_CLANG_VERSION=0 +CONFIG_LD_IS_GNU=y +CONFIG_CC_HAS_VISIBILITY_ATTRIBUTE=y +CONFIG_ARM_64=y +CONFIG_ARM=y +CONFIG_ARCH_DEFCONFIG="arch/arm/configs/arm64_defconfig" + +# UBSAN +CONFIG_UBSAN=n + +# +# Architecture Features +# +CONFIG_ARM64_SVE=n +CONFIG_64BIT=y +CONFIG_NR_CPUS=4 +# CONFIG_ACPI is not set +CONFIG_ARM_EFI=y +CONFIG_GICV3=y +CONFIG_HAS_ITS=y +CONFIG_HVM=y +# CONFIG_NEW_VGIC is not set +CONFIG_SBSA_VUART_CONSOLE=y +CONFIG_ARM_SSBD=y +CONFIG_HARDEN_BRANCH_PREDICTOR=y +CONFIG_TEE=n +CONFIG_OPTEE=n +CONFIG_FFA=n +# CONFIG_STATIC_SHM is not set +# end of Architecture Features + +# +# ARM errata workaround via the alternative framework +# +CONFIG_ARM64_ERRATUM_827319=y +CONFIG_ARM64_ERRATUM_824069=y +CONFIG_ARM64_ERRATUM_819472=y +CONFIG_ARM64_ERRATUM_843419=y +CONFIG_ARM64_ERRATUM_832075=y +CONFIG_ARM64_ERRATUM_834220=y +CONFIG_ARM64_ERRATUM_1508412=y +CONFIG_ARM_ERRATUM_858921=y +CONFIG_ARM64_WORKAROUND_REPEAT_TLBI=y +CONFIG_ARM64_ERRATUM_1286807=y +# end of ARM errata workaround via the alternative framework + +CONFIG_ARM64_HARDEN_BRANCH_PREDICTOR=y +# CONFIG_ALL_PLAT is not set +# CONFIG_QEMU is not set +# CONFIG_RCAR3 is not set +CONFIG_MPSOC=y +# CONFIG_NO_PLAT is not set +CONFIG_MPSOC_PLATFORM=y + +# +# Common Features +# +CONFIG_GRANT_TABLE=y +CONFIG_HAS_ALTERNATIVE=y +CONFIG_HAS_DEVICE_TREE=y +CONFIG_HAS_FAST_MULTIPLY=y +CONFIG_HAS_PDX=y +CONFIG_HAS_PMAP=y +# CONFIG_MEM_ACCESS is not set +CONFIG_STATIC_MEMORY=y + +# +# Speculative hardening +# +CONFIG_SPECULATIVE_HARDEN_ARRAY=y +# end of Speculative hardening + +# CONFIG_HYPFS is not set +CONFIG_IOREQ_SERVER=y +# CONFIG_EFI_SET_VIRTUAL_ADDRESS_MAP is not set +# CONFIG_XSM is not set +# CONFIG_ARGO is not set + +# +# Schedulers +# +# CONFIG_SCHED_CREDIT is not set +CONFIG_SCHED_CREDIT2=y +# CONFIG_SCHED_RTDS is not set +# CONFIG_SCHED_ARINC653 is not set +CONFIG_SCHED_NULL=y +CONFIG_SCHED_CREDIT2_DEFAULT=y +# CONFIG_SCHED_NULL_DEFAULT is not set +CONFIG_SCHED_DEFAULT="credit2" +# end of Schedulers + +CONFIG_BOOT_TIME_CPUPOOLS=y +# CONFIG_LIVEPATCH is not set +# CONFIG_ENFORCE_UNIQUE_SYMBOLS is not set +CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS=y +CONFIG_CMDLINE="" +CONFIG_DOM0_MEM="" +CONFIG_DTB_FILE="" +# CONFIG_TRACEBUFFER is not set +# end of Common Features + +# +# Device Drivers +# +# CONFIG_HAS_NS16550 is not set +CONFIG_HAS_CADENCE_UART=y +# CONFIG_HAS_IMX_LPUART is not set +# CONFIG_HAS_MVEBU is not set +# CONFIG_HAS_MESON is not set +CONFIG_HAS_PL011=y +# CONFIG_HAS_SCIF is not set +CONFIG_SERIAL_TX_BUFSIZE=16384 +CONFIG_HAS_PASSTHROUGH=y +CONFIG_ARM_SMMU=y +CONFIG_ARM_SMMU_V3=y +# CONFIG_IPMMU_VMSA is not set +CONFIG_IOMMU_FORCE_PT_SHARE=y +# end of Device Drivers + +CONFIG_EXPERT=y +CONFIG_UNSUPPORTED=y + +# +# Debugging Options +# +CONFIG_DEBUG=y +CONFIG_FRAME_POINTER=y +CONFIG_COVERAGE=y +CONFIG_DEBUG_LOCK_PROFILE=y +CONFIG_DEBUG_LOCKS=y +CONFIG_PERF_COUNTERS=y +CONFIG_PERF_ARRAYS=y +CONFIG_VERBOSE_DEBUG=y +CONFIG_DEVICE_TREE_DEBUG=y +CONFIG_SCRUB_DEBUG=y +CONFIG_DEBUG_TRACE=y +CONFIG_XMEM_POOL_POISON=y +CONFIG_DEBUG_INFO=y +# end of Debugging Options diff --git a/src/xen/automation/eclair_analysis/xen_x86_config b/src/xen/automation/eclair_analysis/xen_x86_config new file mode 100644 index 0000000000000000000000000000000000000000..abc44d43e10819bd736d1f5b83e397eb9bdacc14 --- /dev/null +++ b/src/xen/automation/eclair_analysis/xen_x86_config @@ -0,0 +1,143 @@ +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=90400 +CONFIG_CLANG_VERSION=0 +CONFIG_LD_IS_GNU=y +CONFIG_CC_HAS_VISIBILITY_ATTRIBUTE=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_CC_HAS_INDIRECT_THUNK=y +CONFIG_HAS_AS_CET_SS=y +CONFIG_HAS_CC_CET_IBT=y + +CONFIG_REQUIRE_NX=n + +# +# Architecture Features +# +CONFIG_64BIT=y +CONFIG_NR_CPUS=16 +CONFIG_NR_NUMA_NODES=2 +# CONFIG_PV is not set +CONFIG_HVM=y +# CONFIG_XEN_SHSTK is not set +# CONFIG_XEN_IBT is not set +# CONFIG_SHADOW_PAGING is not set +# CONFIG_BIGMEM is not set +# CONFIG_HVM_FEP is not set +# CONFIG_TBOOT is not set +CONFIG_XEN_ALIGN_DEFAULT=y +# CONFIG_XEN_ALIGN_2M is not set +CONFIG_X2APIC_PHYSICAL=y +# CONFIG_XEN_GUEST is not set +# CONFIG_HYPERV_GUEST is not set +# CONFIG_MEM_PAGING is not set +# CONFIG_MEM_SHARING is not set +# end of Architecture Features + +# +# Common Features +# +CONFIG_COMPAT=y +CONFIG_CORE_PARKING=y +CONFIG_GRANT_TABLE=y +CONFIG_ALTERNATIVE_CALL=y +CONFIG_ARCH_MAP_DOMAIN_PAGE=y +CONFIG_GENERIC_BUG_FRAME=y +CONFIG_HAS_ALTERNATIVE=y +CONFIG_HAS_COMPAT=y +CONFIG_HAS_EX_TABLE=y +CONFIG_HAS_FAST_MULTIPLY=y +CONFIG_HAS_IOPORTS=y +CONFIG_HAS_KEXEC=y +CONFIG_HAS_PDX=y +CONFIG_HAS_SCHED_GRANULARITY=y +CONFIG_HAS_UBSAN=y +CONFIG_MEM_ACCESS_ALWAYS_ON=y +CONFIG_MEM_ACCESS=y +CONFIG_NEEDS_LIBELF=y +CONFIG_NUMA=y + +# +# Speculative hardening +# +CONFIG_INDIRECT_THUNK=y +CONFIG_SPECULATIVE_HARDEN_ARRAY=y +CONFIG_SPECULATIVE_HARDEN_BRANCH=y +# end of Speculative hardening + +# CONFIG_HYPFS is not set +CONFIG_IOREQ_SERVER=y +# CONFIG_KEXEC is not set +# CONFIG_EFI_SET_VIRTUAL_ADDRESS_MAP is not set +# CONFIG_XENOPROF is not set +# CONFIG_XSM is not set +# CONFIG_ARGO is not set + +# +# Schedulers +# +# CONFIG_SCHED_CREDIT is not set +CONFIG_SCHED_CREDIT2=y +# CONFIG_SCHED_RTDS is not set +# CONFIG_SCHED_ARINC653 is not set +CONFIG_SCHED_NULL=y +CONFIG_SCHED_CREDIT2_DEFAULT=y +# CONFIG_SCHED_NULL_DEFAULT is not set +CONFIG_SCHED_DEFAULT="credit2" +# end of Schedulers + +# CONFIG_LIVEPATCH is not set +# CONFIG_ENFORCE_UNIQUE_SYMBOLS is not set +# CONFIG_SUPPRESS_DUPLICATE_SYMBOL_WARNINGS is not set +CONFIG_CMDLINE="" +CONFIG_DOM0_MEM="" +# CONFIG_TRACEBUFFER is not set +# end of Common Features + +# +# Device Drivers +# +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ACPI_NUMA=y +CONFIG_HAS_NS16550=y +CONFIG_HAS_EHCI=y +CONFIG_SERIAL_TX_BUFSIZE=16384 +# CONFIG_XHCI is not set +CONFIG_HAS_CPUFREQ=y +CONFIG_HAS_PASSTHROUGH=y +CONFIG_AMD_IOMMU=y +# CONFIG_INTEL_IOMMU is not set +# CONFIG_IOMMU_QUARANTINE_NONE is not set +CONFIG_IOMMU_QUARANTINE_BASIC=y +# CONFIG_IOMMU_QUARANTINE_SCRATCH_PAGE is not set +CONFIG_HAS_PCI=y +CONFIG_HAS_PCI_MSI=y +CONFIG_VIDEO=y +CONFIG_VGA=y +CONFIG_HAS_VPCI=y +# end of Device Drivers + +CONFIG_EXPERT=y +CONFIG_UNSUPPORTED=y +CONFIG_ARCH_SUPPORTS_INT128=y + +# +# Debugging Options +# +CONFIG_DEBUG=y +# CONFIG_CRASH_DEBUG is not set +CONFIG_GDBSX=y +CONFIG_FRAME_POINTER=y +# CONFIG_COVERAGE is not set +# CONFIG_DEBUG_LOCK_PROFILE is not set +CONFIG_DEBUG_LOCKS=y +# CONFIG_PERF_COUNTERS is not set +CONFIG_VERBOSE_DEBUG=y +CONFIG_SCRUB_DEBUG=y +# CONFIG_UBSAN is not set +# CONFIG_DEBUG_TRACE is not set +CONFIG_XMEM_POOL_POISON=y +CONFIG_DEBUG_INFO=y +# end of Debugging Options diff --git a/src/xen/automation/gitlab-ci/analyze.yaml b/src/xen/automation/gitlab-ci/analyze.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6631db53fa1d8dfa6938087f3b8e4f7eded67049 --- /dev/null +++ b/src/xen/automation/gitlab-ci/analyze.yaml @@ -0,0 +1,110 @@ +.eclair-analysis: + stage: analyze + tags: + - eclair-analysis + variables: + ECLAIR_OUTPUT_DIR: "ECLAIR_out" + ANALYSIS_KIND: "normal" + ENABLE_ECLAIR_BOT: "n" + AUTO_PR_BRANCH: "staging" + AUTO_PR_REPOSITORY: "xen-project/xen" + script: + - ./automation/scripts/eclair 2>&1 | tee "${LOGFILE}" + artifacts: + when: always + paths: + - "${ECLAIR_OUTPUT_DIR}/*.log" + - "${ECLAIR_OUTPUT_DIR}/*.txt" + - '*.log' + reports: + codequality: gl-code-quality-report.json + rules: + - if: $WTOKEN == null + when: never + - when: always + needs: [] + +.eclair-analysis:triggered: + extends: .eclair-analysis + allow_failure: true + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" + when: never + - if: $WTOKEN && $CI_PROJECT_PATH =~ /^xen-project\/people\/.*$/ + when: manual + - !reference [.eclair-analysis, rules] + +eclair-x86_64: + extends: .eclair-analysis:triggered + variables: + LOGFILE: "eclair-x86_64.log" + VARIANT: "X86_64" + RULESET: "Set1" + +eclair-ARM64: + extends: .eclair-analysis:triggered + variables: + LOGFILE: "eclair-ARM64.log" + VARIANT: "ARM64" + RULESET: "Set1" + +.eclair-analysis:on-schedule: + extends: .eclair-analysis + rules: + - if: $CI_PIPELINE_SOURCE != "schedule" + when: never + - !reference [.eclair-analysis, rules] + +eclair-x86_64-Set1:on-schedule: + extends: .eclair-analysis:on-schedule + variables: + VARIANT: "X86_64" + RULESET: "Set1" + ANALYSIS_KIND: "${RULESET}-scheduled" + LOGFILE: "eclair-${VARIANT}-${RULESET}.log" + allow_failure: true + +eclair-x86_64-Set2:on-schedule: + extends: .eclair-analysis:on-schedule + variables: + VARIANT: "X86_64" + RULESET: "Set2" + ANALYSIS_KIND: "${RULESET}-scheduled" + LOGFILE: "eclair-${VARIANT}-${RULESET}.log" + allow_failure: true + +eclair-x86_64-Set3:on-schedule: + extends: .eclair-analysis:on-schedule + variables: + VARIANT: "X86_64" + RULESET: "Set3" + ANALYSIS_KIND: "${RULESET}-scheduled" + LOGFILE: "eclair-${VARIANT}-${RULESET}.log" + allow_failure: true + +eclair-ARM64-Set1:on-schedule: + extends: .eclair-analysis:on-schedule + variables: + VARIANT: "ARM64" + RULESET: "Set1" + ANALYSIS_KIND: "${RULESET}-scheduled" + LOGFILE: "eclair-${VARIANT}-${RULESET}.log" + allow_failure: true + +eclair-ARM64-Set2:on-schedule: + extends: .eclair-analysis:on-schedule + variables: + VARIANT: "ARM64" + RULESET: "Set2" + ANALYSIS_KIND: "${RULESET}-scheduled" + LOGFILE: "eclair-${VARIANT}-${RULESET}.log" + allow_failure: true + +eclair-ARM64-Set3:on-schedule: + extends: .eclair-analysis:on-schedule + variables: + VARIANT: "ARM64" + RULESET: "Set3" + ANALYSIS_KIND: "${RULESET}-scheduled" + LOGFILE: "eclair-${VARIANT}-${RULESET}.log" + allow_failure: true diff --git a/src/xen/automation/gitlab-ci/build-each-commit.sh b/src/xen/automation/gitlab-ci/build-each-commit.sh new file mode 100755 index 0000000000000000000000000000000000000000..19e337b46818b2ad1e3b4cb9e30163616d613494 --- /dev/null +++ b/src/xen/automation/gitlab-ci/build-each-commit.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# For a newly pushed branch the BEFORE_SHA will be all 0s +if [[ ${BASE} == 0000000000000000000000000000000000000000 ]]; then + echo "Newly pushed branch, skipped" + exit 0 +fi + +git merge-base --is-ancestor ${BASE} ${TIP} +if [[ $? -ne 0 ]]; then + echo "${TIP} is not a descendent of ${BASE}, skipped" + exit 0 +fi + +echo "Building ${BASE}..${TIP}" + +NON_SYMBOLIC_REF=1 ./automation/scripts/build-test.sh ${BASE} ${TIP} \ + bash -c "git clean -ffdx && ./automation/scripts/build" diff --git a/src/xen/automation/gitlab-ci/build.yaml b/src/xen/automation/gitlab-ci/build.yaml new file mode 100644 index 0000000000000000000000000000000000000000..32af30ccedc95443af28eeb5c38b7c9631e83b63 --- /dev/null +++ b/src/xen/automation/gitlab-ci/build.yaml @@ -0,0 +1,834 @@ +.build-tmpl: &build + stage: build + image: registry.gitlab.com/xen-project/xen/${CONTAINER} + script: + - ./automation/scripts/build 2>&1 | tee build.log + artifacts: + paths: + - binaries/ + - xen-config + - xen-cppcheck.txt + - '*.log' + - '*/*.log' + when: always + needs: [] + +.gcc-tmpl: + variables: &gcc + CC: gcc + CXX: g++ + +.clang-tmpl: + variables: &clang + CC: clang + CXX: clang++ + clang: y + +.x86-64-build-tmpl: + <<: *build + variables: + XEN_TARGET_ARCH: x86_64 + tags: + - x86_64 + +.x86-64-build: + extends: .x86-64-build-tmpl + variables: + debug: n + +.x86-64-build-debug: + extends: .x86-64-build-tmpl + variables: + debug: y + +.x86-32-build-tmpl: + <<: *build + variables: + XEN_TARGET_ARCH: x86_32 + tags: + - x86_32 + +.x86-32-build: + extends: .x86-32-build-tmpl + variables: + debug: n + +.x86-32-build-debug: + extends: .x86-32-build-tmpl + variables: + debug: y + +.gcc-x86-64-build: + extends: .x86-64-build + variables: + <<: *gcc + +.gcc-x86-64-build-debug: + extends: .x86-64-build-debug + variables: + <<: *gcc + +.gcc-x86-32-build: + extends: .x86-32-build + variables: + <<: *gcc + +.gcc-x86-32-build-debug: + extends: .x86-32-build-debug + variables: + <<: *gcc + +.clang-x86-64-build: + extends: .x86-64-build + variables: + <<: *clang + +.clang-x86-64-build-debug: + extends: .x86-64-build-debug + variables: + <<: *clang + +.clang-x86-32-build: + extends: .x86-32-build + variables: + <<: *clang + +.clang-x86-32-build-debug: + extends: .x86-32-build-debug + variables: + <<: *clang + +.arm32-cross-build-tmpl: + <<: *build + variables: + XEN_TARGET_ARCH: arm32 + tags: + - arm64 + +.arm32-cross-build: + extends: .arm32-cross-build-tmpl + variables: + debug: n + +.arm32-cross-build-debug: + extends: .arm32-cross-build-tmpl + variables: + debug: y + +.gcc-arm32-cross-build: + extends: .arm32-cross-build + variables: + <<: *gcc + +.gcc-arm32-cross-build-debug: + extends: .arm32-cross-build-debug + variables: + <<: *gcc + +.arm64-build-tmpl: + <<: *build + variables: + XEN_TARGET_ARCH: arm64 + tags: + - arm64 + +.arm64-build: + extends: .arm64-build-tmpl + variables: + debug: n + +.arm64-build-debug: + extends: .arm64-build-tmpl + variables: + debug: y + +.gcc-arm64-build: + extends: .arm64-build + variables: + <<: *gcc + +.gcc-arm64-build-debug: + extends: .arm64-build-debug + variables: + <<: *gcc + +.riscv64-cross-build-tmpl: + <<: *build + variables: + XEN_TARGET_ARCH: riscv64 + tags: + - x86_64 + +.riscv64-cross-build: + extends: .riscv64-cross-build-tmpl + variables: + debug: n + +.riscv64-cross-build-debug: + extends: .riscv64-cross-build-tmpl + variables: + debug: y + +.gcc-riscv64-cross-build: + extends: .riscv64-cross-build + variables: + <<: *gcc + +.gcc-riscv64-cross-build-debug: + extends: .riscv64-cross-build-debug + variables: + <<: *gcc + +.ppc64le-cross-build-tmpl: + <<: *build + variables: + XEN_TARGET_ARCH: ppc64 + tags: + - x86_64 + +.ppc64le-cross-build: + extends: .ppc64le-cross-build-tmpl + variables: + debug: n + +.ppc64le-cross-build-debug: + extends: .ppc64le-cross-build-tmpl + variables: + debug: y + +.gcc-ppc64le-cross-build: + extends: .ppc64le-cross-build + variables: + <<: *gcc + +.gcc-ppc64le-cross-build-debug: + extends: .ppc64le-cross-build-debug + variables: + <<: *gcc + +.yocto-test: + stage: build + image: registry.gitlab.com/xen-project/xen/${CONTAINER} + script: + - ./automation/build/yocto/build-yocto.sh -v --log-dir=./logs --xen-dir=`pwd` ${YOCTO_BOARD} ${YOCTO_OUTPUT} + variables: + YOCTO_VERSION: kirkstone + CONTAINER: yocto:${YOCTO_VERSION}-${YOCTO_BOARD}-${YOCTO_HOST} + artifacts: + paths: + - 'logs/*' + - binaries/ + when: always + needs: [] + +.yocto-test-arm64: + extends: .yocto-test + variables: + YOCTO_HOST: arm64v8 + tags: + - arm64 + +# This is not used by any test job as we only run Yocto on arm based machines. +# Keep it here so that someone having x86 hardware can easily add jobs. +.yocto-test-x86-64: + extends: .yocto-test + variables: + YOCTO_HOST: amd64 + tags: + - x86_64 + +.x86-64-cross-build-tmpl: + <<: *build + variables: + XEN_TARGET_ARCH: x86_64 + tags: + - arm64 + +.x86-64-cross-build: + extends: .x86-64-cross-build-tmpl + variables: + debug: n + +.gcc-x86-64-cross-build: + extends: .x86-64-cross-build + variables: + <<: *gcc + +## Test artifacts common + +.test-jobs-artifact-common: + stage: build + needs: [] + +# Arm test artifacts + +alpine-3.18-arm64-rootfs-export: + extends: .test-jobs-artifact-common + image: registry.gitlab.com/xen-project/xen/tests-artifacts/alpine:3.18-arm64v8 + script: + - mkdir binaries && cp /initrd.tar.gz binaries/initrd.tar.gz + artifacts: + paths: + - binaries/initrd.tar.gz + tags: + - arm64 + +kernel-5.19-arm64-export: + extends: .test-jobs-artifact-common + image: registry.gitlab.com/xen-project/xen/tests-artifacts/kernel:5.19-arm64v8 + script: + - mkdir binaries && cp /Image binaries/Image + artifacts: + paths: + - binaries/Image + tags: + - arm64 + +qemu-system-aarch64-6.0.0-arm64-export: + extends: .test-jobs-artifact-common + image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 + script: + - mkdir binaries && cp /qemu-system-aarch64 binaries/qemu-system-aarch64 + artifacts: + paths: + - binaries/qemu-system-aarch64 + tags: + - arm64 + +qemu-system-aarch64-6.0.0-arm32-export: + extends: .test-jobs-artifact-common + image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-aarch64:6.0.0-arm64v8 + script: + - mkdir binaries && cp /qemu-system-arm binaries/qemu-system-arm + artifacts: + paths: + - binaries/qemu-system-arm + tags: + - arm64 + +# ppc64 test artifacts + +qemu-system-ppc64-8.1.0-ppc64-export: + extends: .test-jobs-artifact-common + image: registry.gitlab.com/xen-project/xen/tests-artifacts/qemu-system-ppc64:8.1.0-ppc64 + script: + - mkdir binaries && cp /qemu-system-ppc64 /skiboot.lid binaries/ + artifacts: + paths: + - binaries/qemu-system-ppc64 + - binaries/skiboot.lid + tags: + - x86_64 + +# x86_64 test artifacts + +alpine-3.18-rootfs-export: + extends: .test-jobs-artifact-common + image: registry.gitlab.com/xen-project/xen/tests-artifacts/alpine:3.18 + script: + - mkdir binaries && cp /initrd.tar.gz binaries/initrd.tar.gz + artifacts: + paths: + - binaries/initrd.tar.gz + tags: + - x86_64 + +kernel-6.1.19-export: + extends: .test-jobs-artifact-common + image: registry.gitlab.com/xen-project/xen/tests-artifacts/kernel:6.1.19 + script: + - mkdir binaries && cp /bzImage binaries/bzImage + artifacts: + paths: + - binaries/bzImage + tags: + - x86_64 + +# Jobs below this line + +# Build jobs needed for tests + +alpine-3.18-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: alpine:3.18 + +alpine-3.18-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: alpine:3.18 + +debian-stretch-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: debian:stretch + +debian-bookworm-clang-debug: + extends: .clang-x86-64-build-debug + variables: + CONTAINER: debian:bookworm + +# Arm32 cross-build + +debian-bookworm-gcc-arm32: + extends: .gcc-arm32-cross-build + variables: + CONTAINER: debian:bookworm-arm64v8-arm32-gcc + HYPERVISOR_ONLY: y + +debian-bookworm-gcc-arm32-debug: + extends: .gcc-arm32-cross-build-debug + variables: + CONTAINER: debian:bookworm-arm64v8-arm32-gcc + HYPERVISOR_ONLY: y + +debian-bookworm-gcc-arm32-randconfig: + extends: .gcc-arm32-cross-build + variables: + CONTAINER: debian:bookworm-arm64v8-arm32-gcc + HYPERVISOR_ONLY: y + RANDCONFIG: y + +debian-bookworm-gcc-arm32-debug-randconfig: + extends: .gcc-arm32-cross-build-debug + variables: + CONTAINER: debian:bookworm-arm64v8-arm32-gcc + HYPERVISOR_ONLY: y + RANDCONFIG: y + +debian-bookworm-gcc-arm32-staticmem: + extends: .gcc-arm32-cross-build + variables: + CONTAINER: debian:bookworm-arm64v8-arm32-gcc + HYPERVISOR_ONLY: y + EXTRA_XEN_CONFIG: | + CONFIG_EXPERT=y + CONFIG_UNSUPPORTED=y + CONFIG_STATIC_MEMORY=y + +debian-bookworm-gcc-arm32-debug-staticmem: + extends: .gcc-arm32-cross-build-debug + variables: + CONTAINER: debian:bookworm-arm64v8-arm32-gcc + HYPERVISOR_ONLY: y + EXTRA_XEN_CONFIG: | + CONFIG_EXPERT=y + CONFIG_UNSUPPORTED=y + CONFIG_STATIC_MEMORY=y + +# Arm builds + +debian-bookworm-gcc-arm64: + extends: .gcc-arm64-build + variables: + CONTAINER: debian:bookworm-arm64v8 + +debian-bookworm-gcc-debug-arm64: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: debian:bookworm-arm64v8 + +debian-bookworm-gcc-arm64-randconfig: + extends: .gcc-arm64-build + variables: + CONTAINER: debian:bookworm-arm64v8 + RANDCONFIG: y + +debian-bookworm-gcc-debug-arm64-randconfig: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: debian:bookworm-arm64v8 + RANDCONFIG: y + +alpine-3.18-gcc-arm64: + extends: .gcc-arm64-build + variables: + CONTAINER: alpine:3.18-arm64v8 + +alpine-3.18-gcc-debug-arm64: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: alpine:3.18-arm64v8 + +alpine-3.18-gcc-arm64-randconfig: + extends: .gcc-arm64-build + variables: + CONTAINER: alpine:3.18-arm64v8 + RANDCONFIG: y + +alpine-3.18-gcc-debug-arm64-randconfig: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: alpine:3.18-arm64v8 + RANDCONFIG: y + +alpine-3.18-gcc-arm64-staticmem: + extends: .gcc-arm64-build + variables: + CONTAINER: alpine:3.18-arm64v8 + EXTRA_XEN_CONFIG: | + CONFIG_EXPERT=y + CONFIG_UNSUPPORTED=y + CONFIG_STATIC_MEMORY=y + +alpine-3.18-gcc-debug-arm64-staticmem: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: alpine:3.18-arm64v8 + EXTRA_XEN_CONFIG: | + CONFIG_EXPERT=y + CONFIG_UNSUPPORTED=y + CONFIG_STATIC_MEMORY=y + +alpine-3.18-gcc-arm64-static-shared-mem: + extends: .gcc-arm64-build + variables: + CONTAINER: alpine:3.18-arm64v8 + EXTRA_XEN_CONFIG: | + CONFIG_UNSUPPORTED=y + CONFIG_STATIC_MEMORY=y + CONFIG_STATIC_SHM=y + +alpine-3.18-gcc-debug-arm64-static-shared-mem: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: alpine:3.18-arm64v8 + EXTRA_XEN_CONFIG: | + CONFIG_UNSUPPORTED=y + CONFIG_STATIC_MEMORY=y + CONFIG_STATIC_SHM=y + +alpine-3.18-gcc-arm64-boot-cpupools: + extends: .gcc-arm64-build + variables: + CONTAINER: alpine:3.18-arm64v8 + EXTRA_XEN_CONFIG: | + CONFIG_EXPERT=y + CONFIG_UNSUPPORTED=y + CONFIG_SCHED_NULL=y + CONFIG_BOOT_TIME_CPUPOOLS=y + +alpine-3.18-gcc-debug-arm64-boot-cpupools: + extends: .gcc-arm64-build-debug + variables: + CONTAINER: alpine:3.18-arm64v8 + EXTRA_XEN_CONFIG: | + CONFIG_BOOT_TIME_CPUPOOLS=y + +# RISC-V 64 cross-build +archlinux-current-gcc-riscv64: + extends: .gcc-riscv64-cross-build + variables: + CONTAINER: archlinux:current-riscv64 + KBUILD_DEFCONFIG: tiny64_defconfig + HYPERVISOR_ONLY: y + +archlinux-current-gcc-riscv64-debug: + extends: .gcc-riscv64-cross-build-debug + variables: + CONTAINER: archlinux:current-riscv64 + KBUILD_DEFCONFIG: tiny64_defconfig + HYPERVISOR_ONLY: y + +archlinux-current-gcc-riscv64-randconfig: + extends: .gcc-riscv64-cross-build + variables: + CONTAINER: archlinux:current-riscv64 + KBUILD_DEFCONFIG: tiny64_defconfig + RANDCONFIG: y + EXTRA_FIXED_RANDCONFIG: + CONFIG_COVERAGE=n + +archlinux-current-gcc-riscv64-debug-randconfig: + extends: .gcc-riscv64-cross-build-debug + variables: + CONTAINER: archlinux:current-riscv64 + KBUILD_DEFCONFIG: tiny64_defconfig + RANDCONFIG: y + EXTRA_FIXED_RANDCONFIG: + CONFIG_COVERAGE=n + +# Power cross-build +debian-bullseye-gcc-ppc64le: + extends: .gcc-ppc64le-cross-build + variables: + CONTAINER: debian:bullseye-ppc64le + KBUILD_DEFCONFIG: ppc64_defconfig + HYPERVISOR_ONLY: y + +debian-bullseye-gcc-ppc64le-debug: + extends: .gcc-ppc64le-cross-build-debug + variables: + CONTAINER: debian:bullseye-ppc64le + KBUILD_DEFCONFIG: ppc64_defconfig + HYPERVISOR_ONLY: y + +# Yocto test jobs +yocto-qemuarm64: + extends: .yocto-test-arm64 + variables: + YOCTO_BOARD: qemuarm64 + +yocto-qemuarm: + extends: .yocto-test-arm64 + variables: + YOCTO_BOARD: qemuarm + YOCTO_OUTPUT: --copy-output + +yocto-qemux86-64: + extends: .yocto-test-arm64 + variables: + YOCTO_BOARD: qemux86-64 + +# Cppcheck analysis jobs + +debian-bookworm-gcc-cppcheck: + extends: .gcc-x86-64-cross-build + variables: + CONTAINER: debian:bookworm-cppcheck + CROSS_COMPILE: /usr/bin/x86_64-linux-gnu- + CPPCHECK: y + HYPERVISOR_ONLY: y + +debian-bookworm-gcc-arm32-cppcheck: + extends: .gcc-arm32-cross-build + variables: + CONTAINER: debian:bookworm-cppcheck + CROSS_COMPILE: /usr/bin/arm-linux-gnueabihf- + CPPCHECK: y + HYPERVISOR_ONLY: y + +debian-bookworm-gcc-arm64-cppcheck: + extends: .gcc-arm64-build + variables: + CONTAINER: debian:bookworm-cppcheck + CPPCHECK: y + HYPERVISOR_ONLY: y + +# Build jobs not needed for tests + +alpine-3.18-clang: + extends: .clang-x86-64-build + variables: + CONTAINER: alpine:3.18 + +alpine-3.18-clang-debug: + extends: .clang-x86-64-build-debug + variables: + CONTAINER: alpine:3.18 + +archlinux-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: archlinux:current + +archlinux-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: archlinux:current + +centos-7-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: centos:7 + +centos-7-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: centos:7 + +debian-stretch-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: debian:stretch + +debian-stretch-clang: + extends: .clang-x86-64-build + variables: + CONTAINER: debian:stretch + +debian-stretch-clang-debug: + extends: .clang-x86-64-build-debug + variables: + CONTAINER: debian:stretch + +debian-stretch-32-clang-debug: + extends: .clang-x86-32-build-debug + variables: + CONTAINER: debian:stretch-i386 + +debian-stretch-32-gcc-debug: + extends: .gcc-x86-32-build-debug + variables: + CONTAINER: debian:stretch-i386 + +debian-buster-gcc-ibt: + extends: .gcc-x86-64-build + variables: + CONTAINER: debian:buster-gcc-ibt + RANDCONFIG: y + EXTRA_FIXED_RANDCONFIG: | + CONFIG_XEN_IBT=y + +debian-bookworm-clang: + extends: .clang-x86-64-build + variables: + CONTAINER: debian:bookworm + +debian-bookworm-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: debian:bookworm + +debian-bookworm-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: debian:bookworm + +debian-bookworm-gcc-randconfig: + extends: .gcc-x86-64-build + variables: + CONTAINER: debian:bookworm + RANDCONFIG: y + +debian-bookworm-gcc-debug-randconfig: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: debian:bookworm + RANDCONFIG: y + +debian-bookworm-32-clang-debug: + extends: .clang-x86-32-build-debug + variables: + CONTAINER: debian:bookworm-i386 + +debian-bookworm-32-gcc-debug: + extends: .gcc-x86-32-build-debug + variables: + CONTAINER: debian:bookworm-i386 + +fedora-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: fedora:29 + +fedora-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: fedora:29 + +# Ubuntu Trusty's Clang is 3.4 while Xen requires 3.5 + +ubuntu-trusty-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: ubuntu:trusty + +ubuntu-trusty-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: ubuntu:trusty + +ubuntu-xenial-clang: + extends: .clang-x86-64-build + variables: + CONTAINER: ubuntu:xenial + +ubuntu-xenial-clang-debug: + extends: .clang-x86-64-build-debug + variables: + CONTAINER: ubuntu:xenial + +ubuntu-xenial-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: ubuntu:xenial + +ubuntu-xenial-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: ubuntu:xenial + +ubuntu-bionic-clang: + extends: .clang-x86-64-build + variables: + CONTAINER: ubuntu:bionic + +ubuntu-bionic-clang-debug: + extends: .clang-x86-64-build-debug + variables: + CONTAINER: ubuntu:bionic + +ubuntu-bionic-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: ubuntu:bionic + +ubuntu-bionic-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: ubuntu:bionic + +ubuntu-focal-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: ubuntu:focal + +ubuntu-focal-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: ubuntu:focal + +ubuntu-focal-clang: + extends: .clang-x86-64-build + variables: + CONTAINER: ubuntu:focal + +ubuntu-focal-clang-debug: + extends: .clang-x86-64-build-debug + variables: + CONTAINER: ubuntu:focal + +opensuse-leap-clang: + extends: .clang-x86-64-build + variables: + CONTAINER: suse:opensuse-leap + +opensuse-leap-clang-debug: + extends: .clang-x86-64-build-debug + variables: + CONTAINER: suse:opensuse-leap + +opensuse-leap-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: suse:opensuse-leap + +opensuse-leap-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: suse:opensuse-leap + +opensuse-tumbleweed-clang: + extends: .clang-x86-64-build + variables: + CONTAINER: suse:opensuse-tumbleweed + allow_failure: true + +opensuse-tumbleweed-clang-debug: + extends: .clang-x86-64-build-debug + variables: + CONTAINER: suse:opensuse-tumbleweed + allow_failure: true + +opensuse-tumbleweed-gcc: + extends: .gcc-x86-64-build + variables: + CONTAINER: suse:opensuse-tumbleweed + allow_failure: true + +opensuse-tumbleweed-gcc-debug: + extends: .gcc-x86-64-build-debug + variables: + CONTAINER: suse:opensuse-tumbleweed + allow_failure: true diff --git a/src/xen/automation/gitlab-ci/test.yaml b/src/xen/automation/gitlab-ci/test.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6aabdb9d156f9831ec84b758faed8d48e9a351cb --- /dev/null +++ b/src/xen/automation/gitlab-ci/test.yaml @@ -0,0 +1,461 @@ +.test-jobs-common: + stage: test + image: registry.gitlab.com/xen-project/xen/${CONTAINER} + +.arm64-test-needs: &arm64-test-needs + - alpine-3.18-arm64-rootfs-export + - kernel-5.19-arm64-export + - qemu-system-aarch64-6.0.0-arm64-export + +.arm32-test-needs: &arm32-test-needs + - qemu-system-aarch64-6.0.0-arm32-export + +.x86-64-test-needs: &x86-64-test-needs + - alpine-3.18-rootfs-export + - kernel-6.1.19-export + +.qemu-arm64: + extends: .test-jobs-common + variables: + CONTAINER: debian:bookworm-arm64v8 + LOGFILE: qemu-smoke-arm64.log + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - arm64 + +.qemu-arm32: + extends: .test-jobs-common + variables: + CONTAINER: debian:bookworm-arm64v8 + LOGFILE: qemu-smoke-arm32.log + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - arm64 + +.qemu-x86-64: + extends: .test-jobs-common + variables: + CONTAINER: debian:bookworm + LOGFILE: qemu-smoke-x86-64.log + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - x86_64 + +.qemu-riscv64: + extends: .test-jobs-common + variables: + CONTAINER: archlinux:current-riscv64 + LOGFILE: qemu-smoke-riscv64.log + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - x86_64 + +.qemu-ppc64le: + extends: .test-jobs-common + variables: + CONTAINER: debian:bullseye-ppc64le + LOGFILE: qemu-smoke-ppc64le.log + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + tags: + - x86_64 + +.xilinx-arm64: + extends: .test-jobs-common + variables: + CONTAINER: ubuntu:xenial-xilinx + LOGFILE: qemu-smoke-xilinx.log + artifacts: + paths: + - smoke.serial + - '*.log' + - '*.dtb' + when: always + only: + variables: + - $XILINX_JOBS == "true" && $CI_COMMIT_REF_PROTECTED == "true" + tags: + - xilinx + +.adl-x86-64: + extends: .test-jobs-common + variables: + # the test controller runs on RPi4 + CONTAINER: alpine:3.18-arm64v8 + LOGFILE: smoke-test.log + PCIDEV: "03:00.0" + PCIDEV_INTR: "MSI-X" + CONSOLE_OPTS: "console=com1 com1=115200,8n1" + artifacts: + paths: + - smoke.serial + - '*.log' + when: always + only: + variables: + - $QUBES_JOBS == "true" && $CI_COMMIT_REF_PROTECTED == "true" + tags: + - qubes-hw2 + +.zen3p-x86-64: + # it's really similar to the above + extends: .adl-x86-64 + variables: + PCIDEV: "01:00.0" + PCIDEV_INTR: "MSI-X" + CONSOLE_OPTS: "console=com1 com1=115200,8n1,pci,msi" + tags: + - qubes-hw11 + +# Test jobs +build-each-commit-gcc: + extends: .test-jobs-common + variables: + CONTAINER: debian:bookworm + XEN_TARGET_ARCH: x86_64 + CC: gcc + script: + - BASE=${BASE_SHA:-${CI_COMMIT_BEFORE_SHA}} TIP=${TIP_SHA:-${CI_COMMIT_SHA}} ./automation/gitlab-ci/build-each-commit.sh 2>&1 | tee ../build-each-commit-gcc.log + after_script: + - mv ../build-each-commit-gcc.log . + artifacts: + paths: + - '*.log' + when: always + needs: [] + tags: + - x86_64 + +xilinx-smoke-dom0less-arm64-gcc: + extends: .xilinx-arm64 + script: + - ./automation/scripts/xilinx-smoke-dom0less-arm64.sh 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-arm64 + +xilinx-smoke-dom0less-arm64-gcc-gem-passthrough: + extends: .xilinx-arm64 + script: + - ./automation/scripts/xilinx-smoke-dom0less-arm64.sh gem-passthrough 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-arm64 + +adl-smoke-x86-64-gcc-debug: + extends: .adl-x86-64 + script: + - ./automation/scripts/qubes-x86-64.sh 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-debug + +adl-smoke-x86-64-dom0pvh-gcc-debug: + extends: .adl-x86-64 + script: + - ./automation/scripts/qubes-x86-64.sh dom0pvh 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-debug + +adl-suspend-x86-64-gcc-debug: + extends: .adl-x86-64 + script: + - ./automation/scripts/qubes-x86-64.sh s3 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-debug + +adl-pci-pv-x86-64-gcc-debug: + extends: .adl-x86-64 + script: + - ./automation/scripts/qubes-x86-64.sh pci-pv 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-debug + +adl-pci-hvm-x86-64-gcc-debug: + extends: .adl-x86-64 + script: + - ./automation/scripts/qubes-x86-64.sh pci-hvm 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-debug + +zen3p-smoke-x86-64-gcc-debug: + extends: .zen3p-x86-64 + script: + - ./automation/scripts/qubes-x86-64.sh 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-debug + +zen3p-smoke-x86-64-dom0pvh-gcc-debug: + extends: .zen3p-x86-64 + script: + - ./automation/scripts/qubes-x86-64.sh dom0pvh 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-debug + +zen3p-pci-hvm-x86-64-gcc-debug: + extends: .zen3p-x86-64 + script: + - ./automation/scripts/qubes-x86-64.sh pci-hvm 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc-debug + +qemu-smoke-dom0-arm64-gcc: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0-arm64.sh 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-arm64 + +qemu-smoke-dom0-arm64-gcc-debug: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0-arm64.sh 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64 + +qemu-smoke-dom0less-arm64-gcc: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-arm64 + +qemu-smoke-dom0less-arm64-gcc-debug: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64 + +qemu-smoke-dom0less-arm64-gcc-staticmem: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-mem 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-arm64-staticmem + +qemu-smoke-dom0less-arm64-gcc-debug-staticmem: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-mem 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64-staticmem + +qemu-smoke-dom0less-arm64-gcc-staticheap: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-heap 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-arm64 + +qemu-smoke-dom0less-arm64-gcc-debug-staticheap: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-heap 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64 + +qemu-smoke-dom0less-arm64-gcc-static-shared-mem: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-shared-mem 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-arm64-static-shared-mem + +qemu-smoke-dom0less-arm64-gcc-debug-static-shared-mem: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh static-shared-mem 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64-static-shared-mem + +qemu-smoke-dom0less-arm64-gcc-boot-cpupools: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh boot-cpupools 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-arm64-boot-cpupools + +qemu-smoke-dom0less-arm64-gcc-debug-boot-cpupools: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm64.sh boot-cpupools 2>&1 | tee ${LOGFILE} + needs: + - *arm64-test-needs + - alpine-3.18-gcc-debug-arm64-boot-cpupools + +qemu-xtf-dom0less-arm64-gcc-hyp-xen-version: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-xtf-dom0less-arm64.sh hyp-xen-version 2>&1 | tee ${LOGFILE} + needs: + - alpine-3.18-gcc-arm64 + - qemu-system-aarch64-6.0.0-arm64-export + +qemu-xtf-dom0less-arm64-gcc-debug-hyp-xen-version: + extends: .qemu-arm64 + script: + - ./automation/scripts/qemu-xtf-dom0less-arm64.sh hyp-xen-version 2>&1 | tee ${LOGFILE} + needs: + - alpine-3.18-gcc-debug-arm64 + - qemu-system-aarch64-6.0.0-arm64-export + +qemu-smoke-dom0-arm32-gcc: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0-arm32.sh 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - yocto-qemuarm + +qemu-smoke-dom0less-arm32-gcc: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32 + +qemu-smoke-dom0less-arm32-gcc-debug: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32-debug + +qemu-smoke-dom0less-arm32-gcc-staticmem: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh static-mem 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32-staticmem + +qemu-smoke-dom0less-arm32-gcc-debug-staticmem: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh static-mem 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32-debug-staticmem + +qemu-smoke-dom0less-arm32-gcc-gzip: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh gzip 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32 + +qemu-smoke-dom0less-arm32-gcc-debug-gzip: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh gzip 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32-debug + +qemu-smoke-dom0less-arm32-gcc-without-dom0: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh without-dom0 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32 + +qemu-smoke-dom0less-arm32-gcc-debug-without-dom0: + extends: .qemu-arm32 + script: + - ./automation/scripts/qemu-smoke-dom0less-arm32.sh without-dom0 2>&1 | tee ${LOGFILE} + needs: + - *arm32-test-needs + - debian-bookworm-gcc-arm32-debug + +qemu-alpine-x86_64-gcc: + extends: .qemu-x86-64 + script: + - ./automation/scripts/qemu-alpine-x86_64.sh 2>&1 | tee ${LOGFILE} + needs: + - *x86-64-test-needs + - alpine-3.18-gcc + +qemu-smoke-x86-64-gcc: + extends: .qemu-x86-64 + script: + - ./automation/scripts/qemu-smoke-x86-64.sh pv 2>&1 | tee ${LOGFILE} + needs: + - debian-stretch-gcc-debug + +qemu-smoke-x86-64-clang: + extends: .qemu-x86-64 + script: + - ./automation/scripts/qemu-smoke-x86-64.sh pv 2>&1 | tee ${LOGFILE} + needs: + - debian-bookworm-clang-debug + +qemu-smoke-x86-64-gcc-pvh: + extends: .qemu-x86-64 + script: + - ./automation/scripts/qemu-smoke-x86-64.sh pvh 2>&1 | tee ${LOGFILE} + needs: + - debian-stretch-gcc-debug + +qemu-smoke-x86-64-clang-pvh: + extends: .qemu-x86-64 + script: + - ./automation/scripts/qemu-smoke-x86-64.sh pvh 2>&1 | tee ${LOGFILE} + needs: + - debian-bookworm-clang-debug + +qemu-smoke-riscv64-gcc: + extends: .qemu-riscv64 + script: + - ./automation/scripts/qemu-smoke-riscv64.sh 2>&1 | tee ${LOGFILE} + needs: + - archlinux-current-gcc-riscv64-debug + +qemu-smoke-ppc64le-powernv9-gcc: + extends: .qemu-ppc64le + script: + - ./automation/scripts/qemu-smoke-ppc64le.sh powernv9 2>&1 | tee ${LOGFILE} + needs: + - qemu-system-ppc64-8.1.0-ppc64-export + - debian-bullseye-gcc-ppc64le-debug diff --git a/src/xen/automation/scripts/build b/src/xen/automation/scripts/build new file mode 100755 index 0000000000000000000000000000000000000000..b3c71fb6fb608ba6f4faefb731cbec8a4c6bcb73 --- /dev/null +++ b/src/xen/automation/scripts/build @@ -0,0 +1,105 @@ +#!/bin/bash -ex + +test -f /etc/os-release && cat "$_" + +# Construct $cc such that it matches what `make` will chose when taking +# CROSS_COMPILE into account. Do not modify $CC directly, as that will cause +# `make` to double-account CROSS_COMPILE. +cc="${CROSS_COMPILE}${CC}" + +$cc --version + +# random config or default config +if [[ "${RANDCONFIG}" == "y" ]]; then + + # Append job-specific fixed configuration + if [[ -n "${EXTRA_FIXED_RANDCONFIG}" ]]; then + echo "${EXTRA_FIXED_RANDCONFIG}" >> xen/tools/kconfig/allrandom.config + fi + + make -j$(nproc) -C xen KCONFIG_ALLCONFIG=tools/kconfig/allrandom.config randconfig + + # RANDCONFIG implies HYPERVISOR_ONLY + HYPERVISOR_ONLY="y" +else + # Start off with arch's defconfig + make -C xen defconfig + + echo "CONFIG_DEBUG=${debug}" >> xen/.config + + if [[ -n "${EXTRA_XEN_CONFIG}" ]]; then + echo "${EXTRA_XEN_CONFIG}" >> xen/.config + fi + + make -j$(nproc) -C xen olddefconfig +fi + +# Save the config file before building because build failure causes the script +# to exit early -- bash is invoked with -e. +cp xen/.config xen-config + +# Directory for the artefacts to be dumped into +mkdir -p binaries + +if [[ "${CPPCHECK}" == "y" ]] && [[ "${HYPERVISOR_ONLY}" == "y" ]]; then + # Cppcheck analysis invokes Xen-only build + xen/scripts/xen-analysis.py --run-cppcheck --cppcheck-misra -- -j$(nproc) + + # Preserve artefacts + cp xen/xen binaries/xen + cp xen/cppcheck-report/xen-cppcheck.txt xen-cppcheck.txt +elif [[ "${HYPERVISOR_ONLY}" == "y" ]]; then + # Xen-only build + make -j$(nproc) xen + + # Preserve artefacts + cp xen/xen binaries/xen +else + # Full build. Figure out our ./configure options + cfgargs=() + cfgargs+=("--enable-docs") + + # booleans for which compiler is in use + cc_is_gcc="$($cc --version | grep -q gcc && echo "y" || :)" + cc_is_clang="$($cc --version | grep -q clang && echo "y" || :)" + + # The compiler version as an integer. e.g. GCC 4.9.2 => 0x040902 + cc_ver="$($cc -dumpversion | awk -F. '{ printf "0x%02x%02x%02x", $1, $2, $3 }')" + + if [[ "${cc_is_clang}" == "y" ]]; then + # SeaBIOS cannot be built with clang + cfgargs+=("--with-system-seabios=/usr/share/no-seabios.bin") + # iPXE cannot be built with clang + cfgargs+=("--with-system-ipxe=/usr/share/no-ipxe.pxe") + # newlib cannot be built with clang so we cannot build stubdoms + cfgargs+=("--disable-stubdom") + fi + + if ldd /bin/ls | grep -q musl; then + # disable --disable-werror for QEMUU when building with MUSL + cfgargs+=("--with-extra-qemuu-configure-args=\"--disable-werror\"") + fi + + # Qemu requires Python 3.5 or later, and ninja + # and Clang 10 or later + if ! type python3 || python3 -c "import sys; res = sys.version_info < (3, 5); exit(not(res))" \ + || [[ "$cc_is_clang" == y && "$cc_ver" -lt 0x0a0000 ]] \ + || ! type ninja; then + cfgargs+=("--with-system-qemu=/bin/false") + fi + + # SeaBIOS requires GCC 4.6 or later + if [[ "${cc_is_gcc}" == "y" && "${cc_ver}" -lt 0x040600 ]]; then + cfgargs+=("--with-system-seabios=/usr/share/no-seabios.bin") + fi + + ./configure "${cfgargs[@]}" + make -j$(nproc) dist + + # Preserve artefacts + # Note: Some smoke tests depending on finding binaries/xen on a full build + # even though dist/ contains everything, while some containers don't even + # build Xen + cp -r dist binaries/ + if [[ -f xen/xen ]] ; then cp xen/xen binaries/xen; fi +fi diff --git a/src/xen/automation/scripts/build-test.sh b/src/xen/automation/scripts/build-test.sh new file mode 100755 index 0000000000000000000000000000000000000000..da643adc018bfe7f605822ae8e637b2c4e79d205 --- /dev/null +++ b/src/xen/automation/scripts/build-test.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +# Run command on every commit within the range specified. If no command is +# provided, use the default one to clean and build the whole tree. +# +# The default rune is rather simple. To do a cross-build, please put your usual +# build rune in a shell script and invoke it with this script. +# +# Set NON_SYMBOLIC_REF=1 if you want to use this script in detached HEAD state. +# This is currently used by automated test system. + +if test $# -lt 2 ; then + echo "Usage:" + echo " $0 [CMD]" + echo " If [CMD] is not specified, run the default command" + echo " git clean -fdx && ./configure && make -j4" + exit 1 +fi + +pushd `git rev-parse --show-toplevel` + +status=`git status -s` +if test -n "$status"; then + echo "Tree is dirty, aborted" + exit 1 +fi + +BASE=$1; shift +TIP=$1; shift + +if [[ "_${NON_SYMBOLIC_REF}" != "_1" ]]; then + ORIG=`git symbolic-ref -q --short HEAD` + if test $? -ne 0; then + echo "Detached HEAD, aborted" + exit 1 + fi +else + ORIG=`git rev-parse HEAD` +fi + +ret=1 +while read num rev; do + echo "Testing $num $rev" + + git checkout $rev + ret=$? + if test $ret -ne 0; then + echo "Failed to checkout $num $rev with $ret" + break + fi + + if test $# -eq 0 ; then + git clean -fdx && ./configure && make -j4 + else + "$@" + fi + ret=$? + if test $ret -ne 0; then + echo "Failed at $num $rev with $ret" + break + fi + echo +done < <(git rev-list $BASE..$TIP | nl -ba | tac) + +echo "Restoring original HEAD" +git checkout $ORIG +gco_ret=$? +if test $gco_ret -ne 0; then + echo "Failed to restore orignal HEAD. Check tree status before doing anything else!" + exit $gco_ret +fi + +if test $ret -eq 0; then + echo "ok." +fi +exit $ret diff --git a/src/xen/automation/scripts/containerize b/src/xen/automation/scripts/containerize new file mode 100755 index 0000000000000000000000000000000000000000..acdef1b5481304753299802e646dd9b69f48a6d4 --- /dev/null +++ b/src/xen/automation/scripts/containerize @@ -0,0 +1,115 @@ +#!/bin/bash + +# +# DOCKER_CMD should be either `docker` or `podman`. +# +# if using (rootless) podman, remember to set /etc/subuid +# and /etc/subgid. +# +docker_cmd=${DOCKER_CMD:-"docker"} +[ "$DOCKER_CMD" = "podman" ] && userns_podman="--userns=keep-id" selinux=",z" + +einfo() { + echo "$*" >&2 +} + +die() { + echo "$*" >&2 + exit 1 +} + +# +# The caller is expected to override the CONTAINER environment +# variable with the container they wish to launch. +# +BASE="registry.gitlab.com/xen-project/xen" +case "_${CONTAINER}" in + _alpine) CONTAINER="${BASE}/alpine:3.18" ;; + _alpine-arm64v8) CONTAINER="${BASE}/alpine:3.18-arm64v8" ;; + _archlinux|_arch) CONTAINER="${BASE}/archlinux:current" ;; + _riscv64) CONTAINER="${BASE}/archlinux:current-riscv64" ;; + _centos7) CONTAINER="${BASE}/centos:7" ;; + _fedora) CONTAINER="${BASE}/fedora:29";; + _focal) CONTAINER="${BASE}/ubuntu:focal" ;; + _jessie) CONTAINER="${BASE}/debian:jessie" ;; + _jessie-i386) CONTAINER="${BASE}/debian:jessie-i386" ;; + _bullseye-ppc64le) CONTAINER="${BASE}/debian:bullseye-ppc64le" ;; + _stretch|_) CONTAINER="${BASE}/debian:stretch" ;; + _stretch-i386) CONTAINER="${BASE}/debian:stretch-i386" ;; + _buster-gcc-ibt) CONTAINER="${BASE}/debian:buster-gcc-ibt" ;; + _bookworm|_) CONTAINER="${BASE}/debian:bookworm" ;; + _bookworm-i386) CONTAINER="${BASE}/debian:bookworm-i386" ;; + _bookworm-arm64v8-arm32-gcc) CONTAINER="${BASE}/debian:bookworm-arm64v8-arm32-gcc" ;; + _bookworm-arm64v8) CONTAINER="${BASE}/debian:bookworm-arm64v8" ;; + _bookworm-cppcheck) CONTAINER="${BASE}/debian:bookworm-cppcheck" ;; + _bionic) CONTAINER="${BASE}/ubuntu:bionic" ;; + _trusty) CONTAINER="${BASE}/ubuntu:trusty" ;; + _xenial) CONTAINER="${BASE}/ubuntu:xenial" ;; + _opensuse-leap|_leap) CONTAINER="${BASE}/suse:opensuse-leap" ;; + _opensuse-tumbleweed|_tumbleweed) CONTAINER="${BASE}/suse:opensuse-tumbleweed" ;; +esac + +# Use this variable to control whether root should be used +case "_${CONTAINER_UID0}" in + _1) userarg= ;; + _0|_) userarg="-u $(id -u) $userns_podman" ;; +esac + +# Save the commands for future use +cmd=("$@") + +# If no command was specified, just drop us into a shell if we're interactive +[ $# -eq 0 ] && tty -s && cmd=("/bin/bash") + +# Are we in an interactive terminal? +tty -s && termint=t + +# +# Fetch the latest version of the container in hub.docker.com, +# unless it's a newly created local copy. +# +if [[ "_${CONTAINER_NO_PULL}" != "_1" ]]; then + einfo "*** Ensuring ${CONTAINER} is up to date" + ${docker_cmd} pull ${CONTAINER} > /dev/null || \ + die "Failed to update container" +fi + +if hash greadlink > /dev/null 2>&1; then + READLINK=greadlink +elif [[ $(uname -s) == "Darwin" ]]; then + echo "Unable to forward SSH agent without coreutils installed" + unset SSH_AUTH_SOCK +else + READLINK=readlink +fi + +# Ensure we've got what we need for SSH_AUTH_SOCK +if [[ -n ${SSH_AUTH_SOCK} ]]; then + fullpath_sock=$(${READLINK} -f ${SSH_AUTH_SOCK} 2> /dev/null) + if [ $? -ne 0 ]; then + echo "Invalid SSH_AUTH_SOCK: ${SSH_AUTH_SOCK}" + unset SSH_AUTH_SOCK + else + SSH_AUTH_DIR=$(dirname ${fullpath_sock}) + SSH_AUTH_NAME=$(basename ${fullpath_sock}) + fi +fi + +# Figure out the base of what we want as our sources +# by using the top of the git repo +if [[ -z ${CONTAINER_PATH} ]]; then + CONTAINER_PATH=$(git rev-parse --show-toplevel) +fi + +# Kick off Docker +einfo "*** Launching container ..." +exec ${docker_cmd} run \ + ${userarg} \ + ${SSH_AUTH_SOCK:+-e SSH_AUTH_SOCK="/tmp/ssh-agent/${SSH_AUTH_NAME}"} \ + -v "${CONTAINER_PATH}":/build:rw${selinux} \ + -v "${HOME}/.ssh":/root/.ssh:ro \ + ${SSH_AUTH_DIR:+-v "${SSH_AUTH_DIR}":/tmp/ssh-agent${selinux}} \ + ${CONTAINER_ARGS} \ + -${termint}i --rm -- \ + ${CONTAINER} \ + "${cmd[@]}" diff --git a/src/xen/automation/scripts/eclair b/src/xen/automation/scripts/eclair new file mode 100755 index 0000000000000000000000000000000000000000..14e47a6f97ab492ecc40bf71c8a6a4510b0b0853 --- /dev/null +++ b/src/xen/automation/scripts/eclair @@ -0,0 +1,29 @@ +#!/bin/sh -eu + +ECLAIR_ANALYSIS_DIR=automation/eclair_analysis +ECLAIR_DIR="${ECLAIR_ANALYSIS_DIR}/ECLAIR" +ECLAIR_OUTPUT_DIR=$(realpath "${ECLAIR_OUTPUT_DIR}") + +"${ECLAIR_ANALYSIS_DIR}/prepare.sh" "${VARIANT}" + +ex=0 +"${ECLAIR_DIR}/analyze.sh" "${VARIANT}" "${RULESET}" || ex=$? +"${ECLAIR_DIR}/action_log.sh" ANALYSIS_LOG \ + "ECLAIR analysis log" \ + "${ECLAIR_OUTPUT_DIR}/ANALYSIS.log" \ + "${ex}" +"${ECLAIR_DIR}/action_log.sh" REPORT_LOG \ + "ECLAIR report log" \ + "${ECLAIR_OUTPUT_DIR}/REPORT.log" \ + "${ex}" +[ "${ex}" = 0 ] || exit "${ex}" + +# Fail in case of new reports +"${ECLAIR_DIR}/action_clean_added.sh" "${ECLAIR_OUTPUT_DIR}" || ex=$? +"${ECLAIR_DIR}/action_log.sh" DIFF_CHECK_LOG \ + "ECLAIR diff check" \ + "${ECLAIR_OUTPUT_DIR}/clean_added.log" \ + "${ex}" + +"${ECLAIR_DIR}/action_push.sh" "${WTOKEN}" "${ECLAIR_OUTPUT_DIR}" +[ "${ex}" = 0 ] || exit "${ex}" diff --git a/src/xen/automation/scripts/qemu-alpine-x86_64.sh b/src/xen/automation/scripts/qemu-alpine-x86_64.sh new file mode 100755 index 0000000000000000000000000000000000000000..8e398dcea34b27756015660d43cc938715ff2f13 --- /dev/null +++ b/src/xen/automation/scripts/qemu-alpine-x86_64.sh @@ -0,0 +1,94 @@ +#!/bin/bash + +set -ex + +# DomU Busybox +cd binaries +mkdir -p initrd +mkdir -p initrd/bin +mkdir -p initrd/sbin +mkdir -p initrd/etc +mkdir -p initrd/dev +mkdir -p initrd/proc +mkdir -p initrd/sys +mkdir -p initrd/lib +mkdir -p initrd/var +mkdir -p initrd/mnt +cp /bin/busybox initrd/bin/busybox +initrd/bin/busybox --install initrd/bin +echo "#!/bin/sh + +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev +/bin/sh" > initrd/init +chmod +x initrd/init +# DomU rootfs +cd initrd +find . | cpio --create --format='newc' | gzip > ../initrd.cpio.gz +cd .. + +# initrd.tar.gz is Dom0 rootfs +mkdir -p rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +cp -ar ../dist/install/* . +mv ../initrd.cpio.gz ./root +cp ../bzImage ./root +echo "name=\"test\" +memory=512 +vcpus=1 +kernel=\"/root/bzImage\" +ramdisk=\"/root/initrd.cpio.gz\" +extra=\"console=hvc0 root=/dev/ram0 rdinit=/bin/sh\" +" > root/test.cfg +echo "#!/bin/bash + +set -x + +export LD_LIBRARY_PATH=/usr/local/lib +bash /etc/init.d/xencommons start + +xl list + +xl create -c /root/test.cfg + +" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "rc_verbose=yes" >> etc/rc.conf +# rebuild Dom0 rootfs +find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz +cd ../.. + +cat >> binaries/pxelinux.0 << EOF +#!ipxe + +kernel xen console=com1 console_timestamps=boot +module bzImage console=hvc0 +module xen-rootfs.cpio.gz +boot +EOF + +# Run the test +rm -f smoke.serial +set +e +timeout -k 1 720 \ +qemu-system-x86_64 \ + -cpu qemu64,+svm \ + -m 2G -smp 2 \ + -monitor none -serial stdio \ + -nographic \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=binaries,bootfile=/pxelinux.0 |& \ + # Remove carriage returns from the stdout output, as gitlab + # interface chokes on them + tee smoke.serial | sed 's/\r//' + +set -e +(grep -q "Domain-0" smoke.serial && grep -q "BusyBox" smoke.serial) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qemu-smoke-dom0-arm32.sh b/src/xen/automation/scripts/qemu-smoke-dom0-arm32.sh new file mode 100755 index 0000000000000000000000000000000000000000..d91648905669ada92e18e4a6b1144d685812e641 --- /dev/null +++ b/src/xen/automation/scripts/qemu-smoke-dom0-arm32.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +set -ex + +serial_log="$(pwd)/smoke.serial" + +cd binaries + +mkdir rootfs +cd rootfs +tar xvf ../xen-image-minimal-qemuarm.tar.bz2 +mkdir -p ./root +echo "name=\"test\" +memory=400 +vcpus=1 +kernel=\"/root/zImage\" +ramdisk=\"/root/initrd.cpio.gz\" +extra=\"console=hvc0 root=/dev/ram0 rdinit=/bin/sh\" +" > root/test.cfg +echo "#!/bin/bash + +xl list + +xl create -c /root/test.cfg + +" > ./root/xen.start +echo "bash /root/xen.start" >> ./etc/init.d/xen-watchdog + +curl --fail --silent --show-error --location --output initrd.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/armhf/alpine-minirootfs-3.15.1-armhf.tar.gz +mkdir rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +find . | cpio -H newc -o | gzip > ../root/initrd.cpio.gz +cd .. +rm -rf rootfs +rm initrd.tar.gz + +cp ../zImage ./root +find . | cpio -H newc -o | gzip > ../initrd.gz +cd .. + +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./qemu-system-arm \ + -machine virt \ + -machine virtualization=true \ + -smp 4 \ + -m 2048 \ + -serial stdio \ + -monitor none \ + -display none \ + -machine dumpdtb=virt.dtb + +# XXX disable pci to avoid Linux hang +fdtput virt.dtb -p -t s /pcie@10000000 status disabled + +# ImageBuilder +echo 'MEMORY_START="0x40000000" +MEMORY_END="0xC0000000" + +DEVICE_TREE="virt.dtb" +XEN="xen-qemuarm" +DOM0_KERNEL="zImage" +DOM0_RAMDISK="initrd.gz" +DOM0_CMD="console=hvc0 earlyprintk clk_ignore_unused root=/dev/ram0 rdinit=/sbin/init" +XEN_CMD="console=dtuart dom0_mem=1024M bootscrub=0 console_timestamps=boot" + +NUM_DOMUS=0 + +LOAD_CMD="tftpb" +BOOT_CMD="bootz" +UBOOT_SOURCE="boot.source" +UBOOT_SCRIPT="boot.scr"' > config + +rm -rf imagebuilder +git clone https://gitlab.com/ViryaOS/imagebuilder +bash imagebuilder/scripts/uboot-script-gen -t tftp -d . -c config + +rm -f ${serial_log} +set +e +echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ +timeout -k 1 720 \ +./qemu-system-arm \ + -machine virt \ + -machine virtualization=true \ + -smp 4 \ + -m 2048 \ + -serial stdio \ + -monitor none \ + -display none \ + -no-reboot \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=./ \ + -bios /usr/lib/u-boot/qemu_arm/u-boot.bin |& \ + tee ${serial_log} | sed 's/\r//' + +set -e +(grep -q "Domain-0" ${serial_log} && grep -q "^/ #" ${serial_log}) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qemu-smoke-dom0-arm64.sh b/src/xen/automation/scripts/qemu-smoke-dom0-arm64.sh new file mode 100755 index 0000000000000000000000000000000000000000..e0bb37af3610fb3fc034816bc7e5abfd034f7f54 --- /dev/null +++ b/src/xen/automation/scripts/qemu-smoke-dom0-arm64.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +set -ex + +# DomU Busybox +cd binaries +mkdir -p initrd +mkdir -p initrd/bin +mkdir -p initrd/sbin +mkdir -p initrd/etc +mkdir -p initrd/dev +mkdir -p initrd/proc +mkdir -p initrd/sys +mkdir -p initrd/lib +mkdir -p initrd/var +mkdir -p initrd/mnt +cp /bin/busybox initrd/bin/busybox +initrd/bin/busybox --install initrd/bin +echo "#!/bin/sh + +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev +/bin/sh" > initrd/init +chmod +x initrd/init +cd initrd +find . | cpio --create --format='newc' | gzip > ../initrd.cpio.gz +cd .. + +mkdir -p rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +cp -ar ../dist/install/* . +mv ../initrd.cpio.gz ./root +cp ../Image ./root +echo "name=\"test\" +memory=512 +vcpus=1 +kernel=\"/root/Image\" +ramdisk=\"/root/initrd.cpio.gz\" +extra=\"console=hvc0 root=/dev/ram0 rdinit=/bin/sh\" +" > root/test.cfg +echo "#!/bin/bash + +export LD_LIBRARY_PATH=/usr/local/lib +bash /etc/init.d/xencommons start + +xl list + +xl create -c /root/test.cfg + +" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "rc_verbose=yes" >> etc/rc.conf +find . |cpio -H newc -o|gzip > ../xen-rootfs.cpio.gz +cd ../.. + +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 2048 -smp 2 -display none \ + -machine dumpdtb=binaries/virt-gicv2.dtb + +# XXX disable pl061 to avoid Linux crash +fdtput binaries/virt-gicv2.dtb -p -t s /pl061@9030000 status disabled + +# ImageBuilder +echo 'MEMORY_START="0x40000000" +MEMORY_END="0xC0000000" + +DEVICE_TREE="virt-gicv2.dtb" +XEN="xen" +DOM0_KERNEL="Image" +DOM0_RAMDISK="xen-rootfs.cpio.gz" +XEN_CMD="console=dtuart dom0_mem=1024M console_timestamps=boot" + +NUM_DOMUS=0 + +LOAD_CMD="tftpb" +UBOOT_SOURCE="boot.source" +UBOOT_SCRIPT="boot.scr"' > binaries/config +rm -rf imagebuilder +git clone https://gitlab.com/ViryaOS/imagebuilder +bash imagebuilder/scripts/uboot-script-gen -t tftp -d binaries/ -c binaries/config + + +# Run the test +rm -f smoke.serial +set +e +echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ +timeout -k 1 720 \ +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 2048 -monitor none -serial stdio \ + -smp 2 \ + -no-reboot \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=binaries \ + -bios /usr/lib/u-boot/qemu_arm64/u-boot.bin |& \ + tee smoke.serial | sed 's/\r//' + +set -e +(grep -q "Domain-0" smoke.serial && grep -q "BusyBox" smoke.serial) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qemu-smoke-dom0less-arm32.sh b/src/xen/automation/scripts/qemu-smoke-dom0less-arm32.sh new file mode 100755 index 0000000000000000000000000000000000000000..e31b6b9014e1ebc4f90c45d860b409aaad415326 --- /dev/null +++ b/src/xen/automation/scripts/qemu-smoke-dom0less-arm32.sh @@ -0,0 +1,145 @@ +#!/bin/bash + +set -ex + +test_variant=$1 + +# Prompt to grep for to check if dom0 booted successfully +dom0_prompt="^/ #" + +serial_log="$(pwd)/smoke.serial" + +cd binaries +# Use the kernel from Debian +curl --fail --silent --show-error --location --output vmlinuz https://deb.debian.org/debian/dists/bullseye/main/installer-armhf/current/images/netboot/vmlinuz +# Use a tiny initrd based on busybox from Alpine Linux +curl --fail --silent --show-error --location --output initrd.tar.gz https://dl-cdn.alpinelinux.org/alpine/v3.15/releases/armhf/alpine-minirootfs-3.15.1-armhf.tar.gz + +if [ -z "${test_variant}" ]; then + passed="generic test passed" + domU_check=" +echo \"${passed}\" +" +fi + +if [[ "${test_variant}" == "static-mem" ]]; then + # Memory range that is statically allocated to domU1 + domu_base="0x50000000" + domu_size="0x20000000" + passed="${test_variant} test passed" + domU_check=" +mem_range=$(printf \"%08x-%08x\" ${domu_base} $(( ${domu_base} + ${domu_size} - 1 ))) +if grep -q -x \"\${mem_range} : System RAM\" /proc/iomem; then + echo \"${passed}\" +fi +" +fi + +if [[ "${test_variant}" == "gzip" ]]; then + # Compress kernel image with gzip (keep unmodified one for dom0) + gzip -k vmlinuz + passed="${test_variant} test passed" + domU_check=" +echo \"${passed}\" +" +fi + +if [[ "${test_variant}" == "without-dom0" ]]; then + # Clear dom0 prompt + dom0_prompt="" + passed="${test_variant} test passed" + domU_check=" +echo \"${passed}\" +" +fi + +# dom0/domU rootfs +# We are using the same rootfs for dom0 and domU. The only difference is +# that for the former, we set explictly rdinit to /bin/sh, whereas for the +# latter we rely on using custom /init script with test case inside. +mkdir rootfs +cd rootfs +tar xvzf ../initrd.tar.gz +echo "#!/bin/sh + +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev +${domU_check} +/bin/sh" > init +chmod +x init +find . | cpio -H newc -o | gzip > ../initrd.gz +cd .. + +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./qemu-system-arm \ + -machine virt \ + -machine virtualization=true \ + -smp 4 \ + -m 2048 \ + -serial stdio \ + -monitor none \ + -display none \ + -machine dumpdtb=virt.dtb + +# ImageBuilder +echo 'MEMORY_START="0x40000000" +MEMORY_END="0xC0000000" + +DEVICE_TREE="virt.dtb" +XEN="xen" +XEN_CMD="console=dtuart dom0_mem=512M bootscrub=0 console_timestamps=boot" + +DOM0_KERNEL="vmlinuz" +DOM0_RAMDISK="initrd.gz" +DOM0_CMD="console=hvc0 earlyprintk clk_ignore_unused root=/dev/ram0 rdinit=/bin/sh" + +DOMU_KERNEL[0]="vmlinuz" +DOMU_RAMDISK[0]="initrd.gz" +DOMU_MEM[0]="512" +NUM_DOMUS=1 + +LOAD_CMD="tftpb" +BOOT_CMD="bootz" +UBOOT_SOURCE="boot.source" +UBOOT_SCRIPT="boot.scr"' > config + +if [[ "${test_variant}" == "static-mem" ]]; then + echo -e "\nDOMU_STATIC_MEM[0]=\"${domu_base} ${domu_size}\"" >> config +fi + +if [[ "${test_variant}" == "gzip" ]]; then + sed -i 's/DOMU_KERNEL\[0\]=.*/DOMU_KERNEL\[0\]="vmlinuz.gz"/' config +fi + +if [[ "${test_variant}" == "without-dom0" ]]; then + sed -i '/^DOM0/d' config +fi + +rm -rf imagebuilder +git clone https://gitlab.com/ViryaOS/imagebuilder +bash imagebuilder/scripts/uboot-script-gen -t tftp -d . -c config + +# Run the test +rm -f ${serial_log} +set +e +echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ +timeout -k 1 240 \ +./qemu-system-arm \ + -machine virt \ + -machine virtualization=true \ + -smp 4 \ + -m 2048 \ + -serial stdio \ + -monitor none \ + -display none \ + -no-reboot \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=./ \ + -bios /usr/lib/u-boot/qemu_arm/u-boot.bin |& \ + tee ${serial_log} | sed 's/\r//' + +set -e +(grep -q "${dom0_prompt}" ${serial_log} && grep -q "${passed}" ${serial_log}) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qemu-smoke-dom0less-arm64.sh b/src/xen/automation/scripts/qemu-smoke-dom0less-arm64.sh new file mode 100755 index 0000000000000000000000000000000000000000..e748b8ef169982a1f65dcb4ad482aefd6bb4c680 --- /dev/null +++ b/src/xen/automation/scripts/qemu-smoke-dom0less-arm64.sh @@ -0,0 +1,209 @@ +#!/bin/bash + +set -ex + +test_variant=$1 + +if [ -z "${test_variant}" ]; then + passed="ping test passed" + domU_check=" +until ifconfig eth0 192.168.0.2 &> /dev/null && ping -c 10 192.168.0.1; do + sleep 30 +done +echo \"${passed}\" +" +fi + +if [[ "${test_variant}" == "static-mem" ]]; then + # Memory range that is statically allocated to DOM1 + domu_base="0x50000000" + domu_size="0x10000000" + passed="${test_variant} test passed" + domU_check=" +mem_range=$(printf \"%08x-%08x\" ${domu_base} $(( ${domu_base} + ${domu_size} - 1 ))) +if grep -q -x \"\${mem_range} : System RAM\" /proc/iomem; then + echo \"${passed}\" +fi +" +fi + +if [[ "${test_variant}" == "static-heap" ]]; then + passed="${test_variant} test passed" + domU_check="echo \"${passed}\"" +fi + + +if [[ "${test_variant}" == "static-shared-mem" ]]; then + passed="${test_variant} test passed" + SHARED_MEM_HOST="50000000" + SHARED_MEM_GUEST="4000000" + SHARED_MEM_SIZE="10000000" + SHARED_MEM_ID="my-shared-mem-0" + + domU_check=" +current_id=\$(cat /proc/device-tree/reserved-memory/xen-shmem@4000000/xen,id 2>/dev/null) +expected_id=\"\$(echo ${SHARED_MEM_ID})\" +current_reg=\$(hexdump -e '16/1 \"%02x\"' /proc/device-tree/reserved-memory/xen-shmem@4000000/reg 2>/dev/null) +expected_reg=$(printf \"%016x%016x\" 0x${SHARED_MEM_GUEST} 0x${SHARED_MEM_SIZE}) +if [[ \"\${expected_reg}\" == \"\${current_reg}\" && \"\${current_id}\" == \"\${expected_id}\" ]]; then + echo \"${passed}\" +fi + " +fi + +if [[ "${test_variant}" == "boot-cpupools" ]]; then + # Check if domU0 (id=1) is assigned to Pool-1 with null scheduler + passed="${test_variant} test passed" + dom0_check=" +if xl list -c 1 | grep -q Pool-1 && xl cpupool-list Pool-1 | grep -q Pool-1; then + echo ${passed} +fi +" +fi + +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 2048 -smp 2 -display none \ + -machine dumpdtb=binaries/virt-gicv2.dtb + +# XXX disable pl061 to avoid Linux crash +fdtput binaries/virt-gicv2.dtb -p -t s /pl061@9030000 status disabled + +# Busybox +mkdir -p initrd +mkdir -p initrd/bin +mkdir -p initrd/sbin +mkdir -p initrd/etc +mkdir -p initrd/dev +mkdir -p initrd/proc +mkdir -p initrd/sys +mkdir -p initrd/lib +mkdir -p initrd/var +mkdir -p initrd/mnt +cp /bin/busybox initrd/bin/busybox +initrd/bin/busybox --install initrd/bin +echo "#!/bin/sh + +mount -t proc proc /proc +mount -t sysfs sysfs /sys +mount -t devtmpfs devtmpfs /dev +${domU_check} +/bin/sh" > initrd/init +chmod +x initrd/init +cd initrd +find . | cpio --create --format='newc' | gzip > ../binaries/initrd +cd .. + +# DOM0 rootfs +mkdir -p rootfs +cd rootfs +tar xzf ../binaries/initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +cp -ar ../binaries/dist/install/* . + +echo "#!/bin/bash + +export LD_LIBRARY_PATH=/usr/local/lib +bash /etc/init.d/xencommons start + +/usr/local/lib/xen/bin/init-dom0less + +brctl addbr xenbr0 +brctl addif xenbr0 eth0 +ifconfig eth0 up +ifconfig xenbr0 up +ifconfig xenbr0 192.168.0.1 + +xl network-attach 1 type=vif +${dom0_check} +" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "rc_verbose=yes" >> etc/rc.conf +find . | cpio -H newc -o | gzip > ../binaries/dom0-rootfs.cpio.gz +cd .. + +# ImageBuilder +echo 'MEMORY_START="0x40000000" +MEMORY_END="0x50000000" + +DEVICE_TREE="virt-gicv2.dtb" +XEN="xen" +DOM0_KERNEL="Image" +DOM0_RAMDISK="dom0-rootfs.cpio.gz" +XEN_CMD="console=dtuart dom0_mem=512M console_timestamps=boot" + +NUM_DOMUS=1 +DOMU_KERNEL[0]="Image" +DOMU_RAMDISK[0]="initrd" +DOMU_MEM[0]="256" +DOMU_KERNEL[1]="Image" +DOMU_RAMDISK[1]="initrd" +DOMU_MEM[1]="256" + +LOAD_CMD="tftpb" +UBOOT_SOURCE="boot.source" +UBOOT_SCRIPT="boot.scr"' > binaries/config + +if [[ "${test_variant}" == "static-mem" ]]; then + echo -e "\nDOMU_STATIC_MEM[0]=\"${domu_base} ${domu_size}\"" >> binaries/config +fi + +if [[ "${test_variant}" == "static-shared-mem" ]]; then +echo " +NUM_DOMUS=2 +DOMU_SHARED_MEM[0]=\"${SHARED_MEM_ID} 0x${SHARED_MEM_HOST} 0x${SHARED_MEM_GUEST} 0x${SHARED_MEM_SIZE}\" +DOMU_SHARED_MEM[1]=\"${SHARED_MEM_ID} 0x${SHARED_MEM_HOST} 0x${SHARED_MEM_GUEST} 0x${SHARED_MEM_SIZE}\"" >> binaries/config +fi + +if [[ "${test_variant}" == "static-heap" ]]; then + # ImageBuilder uses the config file to create the uboot script. Devicetree + # will be set via the generated uboot script. + # The valid memory range is 0x40000000 to 0x80000000 as defined before. + # ImageBuillder sets the kernel and ramdisk range based on the file size. + # It will use the memory range between 0x45600000 to 0x47AED1E8, and + # MEMORY_END has been set to 0x50000000 above, so set memory range between + # 0x50000000 and 0x80000000 as static heap. + echo ' +XEN_STATIC_HEAP="0x50000000 0x30000000" +# The size of static heap should be greater than the guest memory +DOMU_MEM[0]="128"' >> binaries/config +fi + +if [[ "${test_variant}" == "boot-cpupools" ]]; then + echo ' +CPUPOOL[0]="cpu@1 null" +DOMU_CPUPOOL[0]=0 +NUM_CPUPOOLS=1' >> binaries/config +fi + +rm -rf imagebuilder +git clone https://gitlab.com/ViryaOS/imagebuilder +bash imagebuilder/scripts/uboot-script-gen -t tftp -d binaries/ -c binaries/config + + +# Run the test +rm -f smoke.serial +set +e +echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ +timeout -k 1 240 \ +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 2048 -monitor none -serial stdio \ + -smp 2 \ + -no-reboot \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=binaries \ + -bios /usr/lib/u-boot/qemu_arm64/u-boot.bin |& \ + tee smoke.serial | sed 's/\r//' + +set -e +(grep -q "^Welcome to Alpine Linux" smoke.serial && grep -q "${passed}" smoke.serial) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qemu-smoke-ppc64le.sh b/src/xen/automation/scripts/qemu-smoke-ppc64le.sh new file mode 100755 index 0000000000000000000000000000000000000000..2adbdac87ef57330d8ca61706011809519720b6b --- /dev/null +++ b/src/xen/automation/scripts/qemu-smoke-ppc64le.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +set -ex + +# machine type from first arg passed directly to qemu -M +machine=$1 + +# Run the test +rm -f smoke.serial +set +e + +touch smoke.serial + +timeout -k 1 20 \ +binaries/qemu-system-ppc64 \ + -bios binaries/skiboot.lid \ + -M $machine \ + -m 2g \ + -smp 1 \ + -vga none \ + -monitor none \ + -nographic \ + -serial file:smoke.serial \ + -kernel binaries/xen + +set -e +(grep -q "Hello, ppc64le!" smoke.serial) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qemu-smoke-riscv64.sh b/src/xen/automation/scripts/qemu-smoke-riscv64.sh new file mode 100755 index 0000000000000000000000000000000000000000..f90df3c051e94113dee9fb68011dfaa5b5640ca3 --- /dev/null +++ b/src/xen/automation/scripts/qemu-smoke-riscv64.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +set -ex + +# Run the test +rm -f smoke.serial +set +e + +timeout -k 1 2 \ +qemu-system-riscv64 \ + -M virt \ + -smp 1 \ + -nographic \ + -m 2g \ + -kernel binaries/xen \ + |& tee smoke.serial | sed 's/\r//' + +set -e +(grep -q "All set up" smoke.serial) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qemu-smoke-x86-64.sh b/src/xen/automation/scripts/qemu-smoke-x86-64.sh new file mode 100755 index 0000000000000000000000000000000000000000..3014d07314b9fdb8220c0b5dbe0d22a6c31c2925 --- /dev/null +++ b/src/xen/automation/scripts/qemu-smoke-x86-64.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +set -ex + +# variant should be either pv or pvh +variant=$1 + +# Clone and build XTF +git clone https://xenbits.xen.org/git-http/xtf.git +cd xtf && make -j$(nproc) && cd - + +case $variant in + pvh) k=test-hvm64-example extra="dom0-iommu=none dom0=pvh" ;; + *) k=test-pv64-example extra= ;; +esac + +rm -f smoke.serial +set +e +timeout -k 1 30 \ +qemu-system-x86_64 -nographic -kernel binaries/xen \ + -initrd xtf/tests/example/$k \ + -append "loglvl=all console=com1 noreboot console_timestamps=boot $extra" \ + -m 512 -monitor none -serial file:smoke.serial +set -e +grep -q 'Test result: SUCCESS' smoke.serial || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qemu-xtf-dom0less-arm64.sh b/src/xen/automation/scripts/qemu-xtf-dom0less-arm64.sh new file mode 100755 index 0000000000000000000000000000000000000000..a667e0412c92b01006d050bcc9a83c7a73f16052 --- /dev/null +++ b/src/xen/automation/scripts/qemu-xtf-dom0less-arm64.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +set -ex + +# Name of the XTF test +xtf_test=$1 + +# Message returned by XTF in case of success +passed="Test result: SUCCESS" + +# XXX QEMU looks for "efi-virtio.rom" even if it is unneeded +curl -fsSLO https://github.com/qemu/qemu/raw/v5.2.0/pc-bios/efi-virtio.rom +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 2048 -smp 2 -display none \ + -machine dumpdtb=binaries/virt-gicv2.dtb + +# XTF +# Build a single XTF test passed as a first parameter to the script. +# Build XTF with GICv2 support to match Qemu configuration and with SBSA UART +# support, so that the test will use an emulated UART for printing messages. +# This will allow us to run the test on both debug and non-debug Xen builds. +rm -rf xtf +git clone https://gitlab.com/xen-project/fusa/xtf.git -b xtf-arm +make -C xtf TESTS=tests/${xtf_test} CONFIG_SBSA_UART=y CONFIG_GICV2=y -j$(nproc) +cp xtf/tests/${xtf_test}/test-mmu64le-${xtf_test} binaries/xtf-test + +# ImageBuilder +echo 'MEMORY_START="0x40000000" +MEMORY_END="0xC0000000" + +XEN="xen" +DEVICE_TREE="virt-gicv2.dtb" + +XEN_CMD="console=dtuart console_timestamps=boot" + +DOMU_KERNEL[0]="xtf-test" +DOMU_MEM[0]="128" + +NUM_DOMUS=1 + +LOAD_CMD="tftpb" +UBOOT_SOURCE="boot.source" +UBOOT_SCRIPT="boot.scr"' > binaries/config + +rm -rf imagebuilder +git clone https://gitlab.com/ViryaOS/imagebuilder +bash imagebuilder/scripts/uboot-script-gen -t tftp -d binaries/ -c binaries/config + +# Run the test +rm -f smoke.serial +set +e +echo " virtio scan; dhcp; tftpb 0x40000000 boot.scr; source 0x40000000"| \ +timeout -k 1 120 \ +./binaries/qemu-system-aarch64 \ + -machine virtualization=true \ + -cpu cortex-a57 -machine type=virt \ + -m 2048 -monitor none -serial stdio \ + -smp 2 \ + -no-reboot \ + -device virtio-net-pci,netdev=n0 \ + -netdev user,id=n0,tftp=binaries \ + -bios /usr/lib/u-boot/qemu_arm64/u-boot.bin |& \ + tee smoke.serial | sed 's/\r//' + +set -e +(grep -q "${passed}" smoke.serial) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/qubes-x86-64.sh b/src/xen/automation/scripts/qubes-x86-64.sh new file mode 100755 index 0000000000000000000000000000000000000000..d81ed7b931cf5a7afacac8e43232b78a85002ddc --- /dev/null +++ b/src/xen/automation/scripts/qubes-x86-64.sh @@ -0,0 +1,241 @@ +#!/bin/sh + +set -ex + +test_variant=$1 + +### defaults +extra_xen_opts= +wait_and_wakeup= +timeout=120 +domU_config=' +type = "pvh" +name = "domU" +kernel = "/boot/vmlinuz" +ramdisk = "/boot/initrd-domU" +extra = "root=/dev/ram0 console=hvc0" +memory = 512 +vif = [ "bridge=xenbr0", ] +disk = [ ] +' + +### test: smoke test & smoke test PVH +if [ -z "${test_variant}" ] || [ "${test_variant}" = "dom0pvh" ]; then + passed="ping test passed" + domU_check=" +ifconfig eth0 192.168.0.2 +until ping -c 10 192.168.0.1; do + sleep 1 +done +echo \"${passed}\" +" + dom0_check=" +set +x +until grep -q \"${passed}\" /var/log/xen/console/guest-domU.log; do + sleep 1 +done +set -x +echo \"${passed}\" +" +if [ "${test_variant}" = "dom0pvh" ]; then + extra_xen_opts="dom0=pvh" +fi + +### test: S3 +elif [ "${test_variant}" = "s3" ]; then + passed="suspend test passed" + wait_and_wakeup="started, suspending" + domU_check=" +ifconfig eth0 192.168.0.2 +echo domU started +" + dom0_check=" +until grep 'domU started' /var/log/xen/console/guest-domU.log; do + sleep 1 +done +echo \"${wait_and_wakeup}\" +# let the above message flow to console, then suspend +sync /dev/stdout +sleep 5 +set -x +echo deep > /sys/power/mem_sleep +echo mem > /sys/power/state +xl list +xl dmesg | grep 'Finishing wakeup from ACPI S3 state' || exit 1 +# check if domU is still alive +ping -c 10 192.168.0.2 || exit 1 +echo \"${passed}\" +" + +### test: pci-pv, pci-hvm +elif [ "${test_variant}" = "pci-pv" ] || [ "${test_variant}" = "pci-hvm" ]; then + + if [ -z "$PCIDEV" ]; then + echo "Please set 'PCIDEV' variable with BDF of test network adapter" >&2 + echo "Optionally set also 'PCIDEV_INTR' to 'MSI' or 'MSI-X'" >&2 + exit 1 + fi + + passed="pci test passed" + + domU_config=' +type = "'${test_variant#pci-}'" +name = "domU" +kernel = "/boot/vmlinuz" +ramdisk = "/boot/initrd-domU" +extra = "root=/dev/ram0 console=hvc0 earlyprintk=xen" +memory = 512 +vif = [ ] +disk = [ ] +pci = [ "'$PCIDEV',seize=1" ] +on_reboot = "destroy" +' + + domU_check=" +set -x -e +interface=eth0 +ip link set \"\$interface\" up +timeout 30s udhcpc -i \"\$interface\" +pingip=\$(ip -o -4 r show default|cut -f 3 -d ' ') +ping -c 10 \"\$pingip\" +echo domU started +pcidevice=\$(basename \$(readlink /sys/class/net/\$interface/device)) +lspci -vs \$pcidevice +" + if [ -n "$PCIDEV_INTR" ]; then + domU_check="$domU_check +lspci -vs \$pcidevice | fgrep '$PCIDEV_INTR: Enable+' +" + fi + domU_check="$domU_check +echo \"${passed}\" +" + + dom0_check=" +tail -F /var/log/xen/qemu-dm-domU.log & +until grep -q \"^domU Welcome to Alpine Linux\" /var/log/xen/console/guest-domU.log; do + sleep 1 +done +" +fi + +# DomU +mkdir -p rootfs +cd rootfs +# fakeroot is needed to preserve device nodes in rootless podman container +fakeroot -s ../fakeroot-save tar xzf ../binaries/initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +echo "#!/bin/sh + +${domU_check} +" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "rc_verbose=yes" >> etc/rc.conf +sed -i -e 's/^Welcome/domU \0/' etc/issue +find . | fakeroot -i ../fakeroot-save cpio -H newc -o | gzip > ../binaries/domU-rootfs.cpio.gz +cd .. +rm -rf rootfs + +# DOM0 rootfs +mkdir -p rootfs +cd rootfs +fakeroot -s ../fakeroot-save tar xzf ../binaries/initrd.tar.gz +mkdir boot +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +cp -ar ../binaries/dist/install/* . + +echo "#!/bin/bash + +export LD_LIBRARY_PATH=/usr/local/lib +bash /etc/init.d/xencommons start + +brctl addbr xenbr0 +brctl addif xenbr0 eth0 +ifconfig eth0 up +ifconfig xenbr0 up +ifconfig xenbr0 192.168.0.1 + +# get domU console content into test log +tail -F /var/log/xen/console/guest-domU.log 2>/dev/null | sed -e \"s/^/(domU) /\" & +xl create /etc/xen/domU.cfg +${dom0_check} +" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "$domU_config" > etc/xen/domU.cfg + +echo "rc_verbose=yes" >> etc/rc.conf +echo "XENCONSOLED_TRACE=all" >> etc/default/xencommons +echo "QEMU_XEN=/bin/false" >> etc/default/xencommons +mkdir -p var/log/xen/console +cp ../binaries/bzImage boot/vmlinuz +cp ../binaries/domU-rootfs.cpio.gz boot/initrd-domU +find . | fakeroot -i ../fakeroot-save cpio -H newc -o | gzip > ../binaries/dom0-rootfs.cpio.gz +cd .. + + +TFTP=/scratch/gitlab-runner/tftp +CONTROLLER=control@thor.testnet + +echo " +multiboot2 (http)/gitlab-ci/xen $CONSOLE_OPTS loglvl=all guest_loglvl=all dom0_mem=4G console_timestamps=boot $extra_xen_opts +module2 (http)/gitlab-ci/vmlinuz console=hvc0 root=/dev/ram0 earlyprintk=xen +module2 (http)/gitlab-ci/initrd-dom0 +" > $TFTP/grub.cfg + +cp -f binaries/xen $TFTP/xen +cp -f binaries/bzImage $TFTP/vmlinuz +cp -f binaries/dom0-rootfs.cpio.gz $TFTP/initrd-dom0 + +# start logging the serial; this gives interactive console, don't close its +# stdin to not close it; the 'cat' is important, plain redirection would hang +# until somebody opens the pipe; opening and closing the pipe is used to close +# the console +mkfifo /tmp/console-stdin +cat /tmp/console-stdin |\ +ssh $CONTROLLER console | tee smoke.serial | sed 's/\r//' & + +# start the system pointing at gitlab-ci predefined config +ssh $CONTROLLER gitlabci poweron +trap "ssh $CONTROLLER poweroff; : > /tmp/console-stdin" EXIT + +if [ -n "$wait_and_wakeup" ]; then + # wait for suspend or a timeout + until grep "$wait_and_wakeup" smoke.serial || [ $timeout -le 0 ]; do + sleep 1; + : $((--timeout)) + done + if [ $timeout -le 0 ]; then + echo "ERROR: suspend timeout, aborting" + exit 1 + fi + # keep it suspended a bit, then wakeup + sleep 30 + ssh $CONTROLLER wake +fi + +set +x +until grep "^Welcome to Alpine Linux" smoke.serial || [ $timeout -le 0 ]; do + sleep 1; + : $((--timeout)) +done +set -x + +tail -n 100 smoke.serial + +if [ $timeout -le 0 ]; then + echo "ERROR: test timeout, aborting" + exit 1 +fi + +sleep 1 + +(grep -q "^Welcome to Alpine Linux" smoke.serial && grep -q "${passed}" smoke.serial) || exit 1 +exit 0 diff --git a/src/xen/automation/scripts/xilinx-smoke-dom0less-arm64.sh b/src/xen/automation/scripts/xilinx-smoke-dom0less-arm64.sh new file mode 100755 index 0000000000000000000000000000000000000000..4a071c6ef14853aaab9c538ea18b060275d1b244 --- /dev/null +++ b/src/xen/automation/scripts/xilinx-smoke-dom0less-arm64.sh @@ -0,0 +1,148 @@ +#!/bin/bash + +set -ex + +test_variant=$1 + +if [ -z "${test_variant}" ]; then + passed="ping test passed" + dom0_check=" +brctl addbr xenbr0 +brctl addif xenbr0 eth0 +ifconfig eth0 up +ifconfig xenbr0 up +ifconfig xenbr0 192.168.0.1 +xl network-attach 1 type=vif +" + domU_check=" +until ifconfig eth0 192.168.0.2 &> /dev/null && ping -c 10 192.168.0.1; do + sleep 30 +done +echo \"${passed}\" +" +fi + +if [[ "${test_variant}" == "gem-passthrough" ]]; then + passed="${test_variant} test passed" + + # For a passthroughed GEM: + # - bring up the network interface + # - dynamically assign IP + # - ping the default gateway + domU_check=" +set -ex +ifconfig eth0 up +udhcpc -i eth0 -n +ping -c 10 \$(ip route | awk '/^default/ {print \$3}') +echo \"${passed}\" +" +fi + +# DomU +mkdir -p rootfs +cd rootfs +tar xzf ../binaries/initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +echo "#!/bin/sh + +${domU_check} +/bin/sh" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "rc_verbose=yes" >> etc/rc.conf +find . | cpio -H newc -o | gzip > ../binaries/domU-rootfs.cpio.gz +cd .. +rm -rf rootfs + +# DOM0 rootfs +mkdir -p rootfs +cd rootfs +tar xzf ../binaries/initrd.tar.gz +mkdir proc +mkdir run +mkdir srv +mkdir sys +rm var/run +cp -ar ../binaries/dist/install/* . + +echo "#!/bin/bash + +export LD_LIBRARY_PATH=/usr/local/lib +bash /etc/init.d/xencommons start + +/usr/local/lib/xen/bin/init-dom0less + +${dom0_check} +" > etc/local.d/xen.start +chmod +x etc/local.d/xen.start +echo "rc_verbose=yes" >> etc/rc.conf +find . | cpio -H newc -o | gzip > ../binaries/dom0-rootfs.cpio.gz +cd .. + + +TFTP=/scratch/gitlab-runner/tftp +START=`pwd` + +# ImageBuilder +echo 'MEMORY_START="0" +MEMORY_END="0x7ff00000" + +DEVICE_TREE="mpsoc_smmu.dtb" +XEN="xen" +DOM0_KERNEL="Image" +DOM0_RAMDISK="dom0-rootfs.cpio.gz" +XEN_CMD="console=dtuart dtuart=serial0 dom0_mem=1024M console_timestamps=boot" + +NUM_DOMUS=1 +DOMU_KERNEL[0]="Image" +DOMU_RAMDISK[0]="domU-rootfs.cpio.gz" +DOMU_MEM[0]="1024" + +LOAD_CMD="tftpb" +UBOOT_SOURCE="boot.source" +UBOOT_SCRIPT="boot.scr"' > $TFTP/config + +cp -f binaries/xen $TFTP/ +cp -f binaries/Image $TFTP/ +cp -f binaries/dom0-rootfs.cpio.gz $TFTP/ +cp -f binaries/domU-rootfs.cpio.gz $TFTP/ +# export dtb to artifacts +cp $TFTP/mpsoc_smmu.dtb . + +if [[ "${test_variant}" == "gem-passthrough" ]]; then + echo " + DOMU_PASSTHROUGH_DTB[0]=\"eth0.dtb\" + DOMU_PASSTHROUGH_PATHS[0]=\"/amba/ethernet@ff0e0000\"" >> $TFTP/config + + # export passthrough dtb to artifacts + cp $TFTP/eth0.dtb . +fi + +rm -rf imagebuilder +git clone https://gitlab.com/ViryaOS/imagebuilder +bash imagebuilder/scripts/uboot-script-gen -t tftp -d $TFTP/ -c $TFTP/config + +# restart the board +cd /scratch/gitlab-runner +bash zcu102.sh 2 +sleep 5 +bash zcu102.sh 1 +sleep 5 +cd $START + +# connect to serial +set +e +stty -F /dev/ttyUSB0 115200 +timeout -k 1 120 nohup sh -c "cat /dev/ttyUSB0 | tee smoke.serial | sed 's/\r//'" + +# stop the board +cd /scratch/gitlab-runner +bash zcu102.sh 2 +cd $START + +set -e +(grep -q "^Welcome to Alpine Linux" smoke.serial && grep -q "${passed}" smoke.serial) || exit 1 +exit 0 diff --git a/src/xen/automation/tests-artifacts/Makefile b/src/xen/automation/tests-artifacts/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..d055cd696bed231e3322701c2efae0eb1578b2a7 --- /dev/null +++ b/src/xen/automation/tests-artifacts/Makefile @@ -0,0 +1,19 @@ + +# the base of where these containers will appear +REGISTRY := registry.gitlab.com/xen-project/xen/tests-artifacts +CONTAINERS = $(subst .dockerfile,,$(wildcard */*.dockerfile)) + +help: + @echo "Containers to build and export tests artifacts." + @echo "To build one run 'make ARTIFACT/VERSION'. Available containers:" + @$(foreach file,$(sort $(CONTAINERS)),echo ${file};) + @echo "To push container builds, set the env var PUSH" + +%: %.dockerfile ## Builds containers + docker build --pull -t $(REGISTRY)/$(@D):$(@F) -f $< $(> /etc/securetty && \ + echo "hvc0" >> /etc/securetty && \ + echo "ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100" >> /etc/inittab && \ + echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt100" >> /etc/inittab && \ + passwd -d "root" root && \ + \ + # Create rootfs + cd / && \ + tar cvzf /initrd.tar.gz bin dev etc home init lib mnt opt root sbin usr var diff --git a/src/xen/automation/tests-artifacts/alpine/3.18.dockerfile b/src/xen/automation/tests-artifacts/alpine/3.18.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..9cde6c9ad4daf2c7fe4895b8d42015bd88bbf1d9 --- /dev/null +++ b/src/xen/automation/tests-artifacts/alpine/3.18.dockerfile @@ -0,0 +1,66 @@ +FROM --platform=linux/amd64 alpine:3.18 +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV USER root + +RUN mkdir /build +WORKDIR /build + +RUN \ + # apk + apk update && \ + \ + # xen runtime deps + apk add musl && \ + apk add libgcc && \ + apk add openrc && \ + apk add busybox && \ + apk add sudo && \ + apk add dbus && \ + apk add bash && \ + apk add python3 && \ + apk add zlib && \ + apk add ncurses && \ + apk add yajl && \ + apk add libaio && \ + apk add xz && \ + apk add util-linux && \ + apk add argp-standalone && \ + apk add libfdt && \ + apk add glib && \ + apk add pixman && \ + apk add curl && \ + apk add udev && \ + apk add pciutils && \ + apk add libelf && \ + \ + # Xen + cd / && \ + # Minimal ramdisk environment in case of cpio output + rc-update add udev && \ + rc-update add udev-trigger && \ + rc-update add udev-settle && \ + rc-update add loopback sysinit && \ + rc-update add bootmisc boot && \ + rc-update add devfs sysinit && \ + rc-update add dmesg sysinit && \ + rc-update add hostname boot && \ + rc-update add hwclock boot && \ + rc-update add hwdrivers sysinit && \ + rc-update add modules boot && \ + rc-update add killprocs shutdown && \ + rc-update add mount-ro shutdown && \ + rc-update add savecache shutdown && \ + rc-update add local default && \ + cp -a /sbin/init /init && \ + echo "ttyS0" >> /etc/securetty && \ + echo "hvc0" >> /etc/securetty && \ + echo "ttyS0::respawn:/sbin/getty -L ttyS0 115200 vt100" >> /etc/inittab && \ + echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt100" >> /etc/inittab && \ + echo > /etc/modules && \ + passwd -d "root" root && \ + \ + # Create rootfs + cd / && \ + tar cvzf /initrd.tar.gz bin dev etc home init lib mnt opt root sbin usr var diff --git a/src/xen/automation/tests-artifacts/kernel/5.19-arm64v8.dockerfile b/src/xen/automation/tests-artifacts/kernel/5.19-arm64v8.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..b0875ca0ddd140b22d6452e732e1c7a3607577b3 --- /dev/null +++ b/src/xen/automation/tests-artifacts/kernel/5.19-arm64v8.dockerfile @@ -0,0 +1,37 @@ +FROM --platform=linux/arm64/v8 debian:bookworm +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV LINUX_VERSION=5.19 +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + libssl-dev \ + bc \ + curl \ + flex \ + bison \ + && \ + \ + # Build the kernel + curl -fsSLO https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-"$LINUX_VERSION".tar.xz && \ + tar xvJf linux-"$LINUX_VERSION".tar.xz && \ + cd linux-"$LINUX_VERSION" && \ + make defconfig && \ + sed -i 's/CONFIG_IPV6=m/CONFIG_IPV6=y/g' .config && \ + sed -i 's/CONFIG_BRIDGE=m/CONFIG_BRIDGE=y/g' .config && \ + sed -i 's/# CONFIG_XEN_NETDEV_BACKEND is not set/CONFIG_XEN_NETDEV_BACKEND=y/g' .config && \ + make -j$(nproc) Image.gz && \ + cp arch/arm64/boot/Image / && \ + cd /build && \ + rm -rf linux-"$LINUX_VERSION"* && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/tests-artifacts/kernel/6.1.19.dockerfile b/src/xen/automation/tests-artifacts/kernel/6.1.19.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..3a4096780d203267e95a9d05d62d896237906491 --- /dev/null +++ b/src/xen/automation/tests-artifacts/kernel/6.1.19.dockerfile @@ -0,0 +1,40 @@ +FROM --platform=linux/amd64 debian:bookworm +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV LINUX_VERSION=6.1.19 +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + libssl-dev \ + bc \ + curl \ + flex \ + bison \ + libelf-dev \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* + +# Build the kernel +RUN curl -fsSLO https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-"$LINUX_VERSION".tar.xz && \ + tar xvJf linux-"$LINUX_VERSION".tar.xz && \ + cd linux-"$LINUX_VERSION" && \ + make defconfig && \ + make xen.config && \ + scripts/config --enable BRIDGE && \ + scripts/config --enable IGC && \ + cp .config .config.orig && \ + cat .config.orig | grep XEN | grep =m |sed 's/=m/=y/g' >> .config && \ + make -j$(nproc) bzImage && \ + cp arch/x86/boot/bzImage / && \ + cd /build && \ + rm -rf linux-"$LINUX_VERSION"* diff --git a/src/xen/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile b/src/xen/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..fb7b7b506e9494a733941811c8258aacb0dac686 --- /dev/null +++ b/src/xen/automation/tests-artifacts/qemu-system-aarch64/6.0.0-arm64v8.dockerfile @@ -0,0 +1,76 @@ +FROM --platform=linux/arm64/v8 debian:bookworm +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV QEMU_VERSION=6.0.0 +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + curl \ + python3 \ + ninja-build \ + pkg-config \ + libglib2.0-dev \ + libpixman-1-dev \ + && \ + \ + curl -fsSLO https://download.qemu.org/qemu-"$QEMU_VERSION".tar.xz && \ + tar xvJf qemu-"$QEMU_VERSION".tar.xz && \ + cd qemu-"$QEMU_VERSION" && \ + ./configure \ + --target-list=arm-softmmu,aarch64-softmmu \ + --enable-system \ + --disable-blobs \ + --disable-bsd-user \ + --disable-debug-info \ + --disable-glusterfs \ + --disable-gtk \ + --disable-guest-agent \ + --disable-linux-user \ + --disable-sdl \ + --disable-spice \ + --disable-tpm \ + --disable-vhost-net \ + --disable-vhost-scsi \ + --disable-vhost-user \ + --disable-vhost-vsock \ + --disable-virtfs \ + --disable-vnc \ + --disable-werror \ + --disable-xen \ + --disable-safe-stack \ + --disable-libssh \ + --disable-opengl \ + --disable-tools \ + --disable-virglrenderer \ + --disable-stack-protector \ + --disable-containers \ + --disable-replication \ + --disable-cloop \ + --disable-dmg \ + --disable-vvfat \ + --disable-vdi \ + --disable-parallels \ + --disable-qed \ + --disable-bochs \ + --disable-qom-cast-debug \ + --disable-vhost-vdpa \ + --disable-vhost-kernel \ + --disable-qcow1 \ + --disable-live-block-migration \ + && \ + make -j$(nproc) && \ + cp ./build/qemu-system-aarch64 / && \ + cp ./build/qemu-system-arm / && \ + cd /build && \ + rm -rf qemu-"$QEMU_VERSION"* && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/automation/tests-artifacts/qemu-system-ppc64/8.1.0-ppc64.dockerfile b/src/xen/automation/tests-artifacts/qemu-system-ppc64/8.1.0-ppc64.dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..65857147bf4f7b80d11ee75a6996299ba75e6abf --- /dev/null +++ b/src/xen/automation/tests-artifacts/qemu-system-ppc64/8.1.0-ppc64.dockerfile @@ -0,0 +1,37 @@ +FROM --platform=linux/amd64 debian:bullseye-slim +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@lists.xenproject.org" + +ENV DEBIAN_FRONTEND=noninteractive +ENV QEMU_VERSION=8.1.0 +ENV USER root + +RUN mkdir /build +WORKDIR /build + +# build depends +RUN apt-get update && \ + apt-get --quiet --yes install \ + build-essential \ + curl \ + python3 \ + python3-pip \ + python3-elementpath \ + ninja-build \ + pkg-config \ + libglib2.0-dev \ + libpixman-1-dev \ + && \ + \ + curl -fsSLO https://download.qemu.org/qemu-"$QEMU_VERSION".tar.xz && \ + tar xvJf qemu-"$QEMU_VERSION".tar.xz && \ + cd qemu-"$QEMU_VERSION" && \ + ./configure --target-list=ppc64-softmmu && \ + make -j$(nproc) && \ + cp ./build/qemu-system-ppc64 / && \ + cp ./build/qemu-bundle/usr/local/share/qemu/skiboot.lid / && \ + cd /build && \ + rm -rf qemu-"$QEMU_VERSION"* && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/src/xen/config.guess b/src/xen/config.guess new file mode 100644 index 0000000000000000000000000000000000000000..4cd9454b35c4a1cf8aad593fc56f3bfc2d6320ed --- /dev/null +++ b/src/xen/config.guess @@ -0,0 +1,1658 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright 1992-2019 Free Software Foundation, Inc. + +timestamp='2019-04-28' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). +# +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. +# +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# +# Please send patches to . + + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright 1992-2019 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +tmp= +# shellcheck disable=SC2172 +trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15 + +set_cc_for_build() { + : "${TMPDIR=/tmp}" + # shellcheck disable=SC2039 + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } + dummy=$tmp/dummy + case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in + ,,) echo "int x;" > "$dummy.c" + for driver in cc gcc c89 c99 ; do + if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD="$driver" + break + fi + done + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; + esac +} + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if test -f /.attbin/uname ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +case "$UNAME_SYSTEM" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + set_cc_for_build + cat <<-EOF > "$dummy.c" + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi + ;; +esac + +# Note: order is significant - the case branches are not exclusive. + +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ + echo unknown)` + case "$UNAME_MACHINE_ARCH" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown + ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently (or will in the future) and ABI. + case "$UNAME_MACHINE_ARCH" in + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # Determine ABI tags. + case "$UNAME_MACHINE_ARCH" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "$UNAME_VERSION" in + Debian*) + release='-gnu' + ;; + *) + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "$machine-${os}${release}${abi-}" + exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" + exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" + exit ;; + *:ekkoBSD:*:*) + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" + exit ;; + *:SolidBSD:*:*) + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:MirBSD:*:*) + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:Sortix:*:*) + echo "$UNAME_MACHINE"-unknown-sortix + exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox + exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE=alpha ;; + "EV4.5 (21064)") + UNAME_MACHINE=alpha ;; + "LCA4 (21066/21068)") + UNAME_MACHINE=alpha ;; + "EV5 (21164)") + UNAME_MACHINE=alphaev5 ;; + "EV5.6 (21164A)") + UNAME_MACHINE=alphaev56 ;; + "EV5.6 (21164PC)") + UNAME_MACHINE=alphapca56 ;; + "EV5.7 (21164PC)") + UNAME_MACHINE=alphapca57 ;; + "EV6 (21264)") + UNAME_MACHINE=alphaev6 ;; + "EV6.7 (21264A)") + UNAME_MACHINE=alphaev67 ;; + "EV6.8CB (21264C)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8AL (21264B)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8CX (21264D)") + UNAME_MACHINE=alphaev68 ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE=alphaev69 ;; + "EV7 (21364)") + UNAME_MACHINE=alphaev7 ;; + "EV7.9 (21364A)") + UNAME_MACHINE=alphaev79 ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix"$UNAME_RELEASE" + exit ;; + arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux"$UNAME_RELEASE" + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + set_cc_for_build + SUN_ARCH=i386 + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH=x86_64 + fi + fi + echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos"$UNAME_RELEASE" + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos"$UNAME_RELEASE" + ;; + sun4) + echo sparc-sun-sunos"$UNAME_RELEASE" + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos"$UNAME_RELEASE" + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint"$UNAME_RELEASE" + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint"$UNAME_RELEASE" + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint"$UNAME_RELEASE" + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten"$UNAME_RELEASE" + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten"$UNAME_RELEASE" + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix"$UNAME_RELEASE" + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix"$UNAME_RELEASE" + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix"$UNAME_RELEASE" + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos"$UNAME_RELEASE" + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] + then + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] + then + echo m88k-dg-dgux"$UNAME_RELEASE" + else + echo m88k-dg-dguxbcs"$UNAME_RELEASE" + fi + else + echo i586-dg-dgux"$UNAME_RELEASE" + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "$sc_cpu_version" in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "$sc_kernel_bits" in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "$HP_ARCH" = "" ]; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ "$HP_ARCH" = hppa2.0w ] + then + set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH=hppa2.0w + else + HP_ARCH=hppa64 + fi + fi + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" + exit ;; + 3050*:HI-UX:*:*) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo "$UNAME_MACHINE"-unknown-osf1mk + else + echo "$UNAME_MACHINE"-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi"$UNAME_RELEASE" + exit ;; + *:BSD/OS:*:*) + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" + exit ;; + arm:FreeBSD:*:*) + UNAME_PROCESSOR=`uname -p` + set_cc_for_build + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi + else + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf + fi + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case "$UNAME_PROCESSOR" in + amd64) + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; + esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" + exit ;; + i*:CYGWIN*:*) + echo "$UNAME_MACHINE"-pc-cygwin + exit ;; + *:MINGW64*:*) + echo "$UNAME_MACHINE"-pc-mingw64 + exit ;; + *:MINGW*:*) + echo "$UNAME_MACHINE"-pc-mingw32 + exit ;; + *:MSYS*:*) + echo "$UNAME_MACHINE"-pc-msys + exit ;; + i*:PW*:*) + echo "$UNAME_MACHINE"-pc-pw32 + exit ;; + *:Interix*:*) + case "$UNAME_MACHINE" in + x86) + echo i586-pc-interix"$UNAME_RELEASE" + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix"$UNAME_RELEASE" + exit ;; + IA64) + echo ia64-unknown-interix"$UNAME_RELEASE" + exit ;; + esac ;; + i*:UWIN*:*) + echo "$UNAME_MACHINE"-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-pc-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + *:GNU:*:*) + # the GNU system + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" + exit ;; + *:Minix:*:*) + echo "$UNAME_MACHINE"-unknown-minix + exit ;; + aarch64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arm*:Linux:*:*) + set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + else + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + cris:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + crisv32:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + e2k:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + frv:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + hexagon:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + ia64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + k1om:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m32r*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m68*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + set_cc_for_build + IS_GLIBC=0 + test x"${LIBC}" = xgnu && IS_GLIBC=1 + sed 's/^ //' << EOF > "$dummy.c" + #undef CPU + #undef mips + #undef mipsel + #undef mips64 + #undef mips64el + #if ${IS_GLIBC} && defined(_ABI64) + LIBCABI=gnuabi64 + #else + #if ${IS_GLIBC} && defined(_ABIN32) + LIBCABI=gnuabin32 + #else + LIBCABI=${LIBC} + #endif + #endif + + #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa64r6 + #else + #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa32r6 + #else + #if defined(__mips64) + CPU=mips64 + #else + CPU=mips + #endif + #endif + #endif + + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + MIPS_ENDIAN=el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + MIPS_ENDIAN= + #else + MIPS_ENDIAN= + #endif + #endif +EOF + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`" + test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } + ;; + mips64el:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + openrisc*:Linux:*:*) + echo or1k-unknown-linux-"$LIBC" + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-"$LIBC" + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-"$LIBC" + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-"$LIBC" + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-"$LIBC" + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-"$LIBC" + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-"$LIBC" + exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" + exit ;; + sh64*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sh*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + tile*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + vax:Linux:*:*) + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" + exit ;; + x86_64:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + xtensa*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo "$UNAME_MACHINE"-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo "$UNAME_MACHINE"-unknown-stop + exit ;; + i*86:atheos:*:*) + echo "$UNAME_MACHINE"-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo "$UNAME_MACHINE"-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos"$UNAME_RELEASE" + exit ;; + i*86:*DOS:*:*) + echo "$UNAME_MACHINE"-pc-msdosdjgpp + exit ;; + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}" + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configure will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos"$UNAME_RELEASE" + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos"$UNAME_RELEASE" + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv"$UNAME_RELEASE" + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo "$UNAME_MACHINE"-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo "$UNAME_MACHINE"-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux"$UNAME_RELEASE" + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv"$UNAME_RELEASE" + else + echo mips-unknown-sysv"$UNAME_RELEASE" + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux"$UNAME_RELEASE" + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux"$UNAME_RELEASE" + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux"$UNAME_RELEASE" + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux"$UNAME_RELEASE" + exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux"$UNAME_RELEASE" + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Rhapsody:*:*) + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = x86; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + # shellcheck disable=SC2154 + if test "$cputype" = 386; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo "$UNAME_MACHINE"-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux"$UNAME_RELEASE" + exit ;; + *:DragonFly:*:*) + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "$UNAME_MACHINE" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" + exit ;; + i*86:rdos:*:*) + echo "$UNAME_MACHINE"-pc-rdos + exit ;; + i*86:AROS:*:*) + echo "$UNAME_MACHINE"-pc-aros + exit ;; + x86_64:VMkernel:*:*) + echo "$UNAME_MACHINE"-unknown-esx + exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; + *:Unleashed:*:*) + echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE" + exit ;; +esac + +# No uname command or uname output not recognized. +set_cc_for_build +cat > "$dummy.c" < +#include +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#include +#if defined(_SIZE_T_) || defined(SIGLOST) +#include +#endif +#endif +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); +#endif + +#if defined (vax) +#if !defined (ultrix) +#include +#if defined (BSD) +#if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +#else +#if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#endif +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#else +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname un; + uname (&un); + printf ("vax-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname *un; + uname (&un); + printf ("mips-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("mips-dec-ultrix\n"); exit (0); +#endif +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. +test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } + +echo "$0: unable to guess system type" >&2 + +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <&2 </dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/src/xen/config.sub b/src/xen/config.sub new file mode 100644 index 0000000000000000000000000000000000000000..f53af5a2da7d16b2e6b2e02ac11fbac8e6235878 --- /dev/null +++ b/src/xen/config.sub @@ -0,0 +1,1798 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright 1992-2019 Free Software Foundation, Inc. + +timestamp='2019-01-05' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). + + +# Please send patches to . +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS + +Canonicalize a configuration name. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright 1992-2019 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo "$1" + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Split fields of configuration type +# shellcheck disable=SC2162 +IFS="-" read field1 field2 field3 field4 <&2 + exit 1 + ;; + *-*-*-*) + basic_machine=$field1-$field2 + os=$field3-$field4 + ;; + *-*-*) + # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two + # parts + maybe_os=$field2-$field3 + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc \ + | linux-newlib* | linux-musl* | linux-uclibc* | uclinux-uclibc* \ + | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ + | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ + | storm-chaos* | os2-emx* | rtmk-nova*) + basic_machine=$field1 + os=$maybe_os + ;; + android-linux) + basic_machine=$field1-unknown + os=linux-android + ;; + *) + basic_machine=$field1-$field2 + os=$field3 + ;; + esac + ;; + *-*) + # A lone config we happen to match not fitting any pattern + case $field1-$field2 in + decstation-3100) + basic_machine=mips-dec + os= + ;; + *-*) + # Second component is usually, but not always the OS + case $field2 in + # Prevent following clause from handling this valid os + sun*os*) + basic_machine=$field1 + os=$field2 + ;; + # Manufacturers + dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ + | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ + | unicom* | ibm* | next | hp | isi* | apollo | altos* \ + | convergent* | ncr* | news | 32* | 3600* | 3100* \ + | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ + | ultra | tti* | harris | dolphin | highlevel | gould \ + | cbm | ns | masscomp | apple | axis | knuth | cray \ + | microblaze* | sim | cisco \ + | oki | wec | wrs | winbond) + basic_machine=$field1-$field2 + os= + ;; + *) + basic_machine=$field1 + os=$field2 + ;; + esac + ;; + esac + ;; + *) + # Convert single-component short-hands not valid as part of + # multi-component configurations. + case $field1 in + 386bsd) + basic_machine=i386-pc + os=bsd + ;; + a29khif) + basic_machine=a29k-amd + os=udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=scout + ;; + alliant) + basic_machine=fx80-alliant + os= + ;; + altos | altos3068) + basic_machine=m68k-altos + os= + ;; + am29k) + basic_machine=a29k-none + os=bsd + ;; + amdahl) + basic_machine=580-amdahl + os=sysv + ;; + amiga) + basic_machine=m68k-unknown + os= + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=bsd + ;; + aros) + basic_machine=i386-pc + os=aros + ;; + aux) + basic_machine=m68k-apple + os=aux + ;; + balance) + basic_machine=ns32k-sequent + os=dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=linux + ;; + cegcc) + basic_machine=arm-unknown + os=cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=bsd + ;; + convex-c2) + basic_machine=c2-convex + os=bsd + ;; + convex-c32) + basic_machine=c32-convex + os=bsd + ;; + convex-c34) + basic_machine=c34-convex + os=bsd + ;; + convex-c38) + basic_machine=c38-convex + os=bsd + ;; + cray) + basic_machine=j90-cray + os=unicos + ;; + crds | unos) + basic_machine=m68k-crds + os= + ;; + da30) + basic_machine=m68k-da30 + os= + ;; + decstation | pmax | pmin | dec3100 | decstatn) + basic_machine=mips-dec + os= + ;; + delta88) + basic_machine=m88k-motorola + os=sysv3 + ;; + dicos) + basic_machine=i686-pc + os=dicos + ;; + djgpp) + basic_machine=i586-pc + os=msdosdjgpp + ;; + ebmon29k) + basic_machine=a29k-amd + os=ebmon + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=ose + ;; + gmicro) + basic_machine=tron-gmicro + os=sysv + ;; + go32) + basic_machine=i386-pc + os=go32 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=hms + ;; + harris) + basic_machine=m88k-harris + os=sysv3 + ;; + hp300) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=hpux + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=proelf + ;; + i386mach) + basic_machine=i386-mach + os=mach + ;; + vsta) + basic_machine=i386-pc + os=vsta + ;; + isi68 | isi) + basic_machine=m68k-isi + os=sysv + ;; + m68knommu) + basic_machine=m68k-unknown + os=linux + ;; + magnum | m3230) + basic_machine=mips-mips + os=sysv + ;; + merlin) + basic_machine=ns32k-utek + os=sysv + ;; + mingw64) + basic_machine=x86_64-pc + os=mingw64 + ;; + mingw32) + basic_machine=i686-pc + os=mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=mingw32ce + ;; + monitor) + basic_machine=m68k-rom68k + os=coff + ;; + morphos) + basic_machine=powerpc-unknown + os=morphos + ;; + moxiebox) + basic_machine=moxie-unknown + os=moxiebox + ;; + msdos) + basic_machine=i386-pc + os=msdos + ;; + msys) + basic_machine=i686-pc + os=msys + ;; + mvs) + basic_machine=i370-ibm + os=mvs + ;; + nacl) + basic_machine=le32-unknown + os=nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=sysv4 + ;; + netbsd386) + basic_machine=i386-pc + os=netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=newsos + ;; + news1000) + basic_machine=m68030-sony + os=newsos + ;; + necv70) + basic_machine=v70-nec + os=sysv + ;; + nh3000) + basic_machine=m68k-harris + os=cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=cxux + ;; + nindy960) + basic_machine=i960-intel + os=nindy + ;; + mon960) + basic_machine=i960-intel + os=mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=nonstopux + ;; + os400) + basic_machine=powerpc-ibm + os=os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=ose + ;; + os68k) + basic_machine=m68k-none + os=os68k + ;; + paragon) + basic_machine=i860-intel + os=osf + ;; + parisc) + basic_machine=hppa-unknown + os=linux + ;; + pw32) + basic_machine=i586-unknown + os=pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + os=rdos + ;; + rdos32) + basic_machine=i386-pc + os=rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=coff + ;; + sa29200) + basic_machine=a29k-amd + os=udi + ;; + sei) + basic_machine=mips-sei + os=seiux + ;; + sequent) + basic_machine=i386-sequent + os= + ;; + sps7) + basic_machine=m68k-bull + os=sysv2 + ;; + st2000) + basic_machine=m68k-tandem + os= + ;; + stratus) + basic_machine=i860-stratus + os=sysv4 + ;; + sun2) + basic_machine=m68000-sun + os= + ;; + sun2os3) + basic_machine=m68000-sun + os=sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=sunos4 + ;; + sun3) + basic_machine=m68k-sun + os= + ;; + sun3os3) + basic_machine=m68k-sun + os=sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=sunos4 + ;; + sun4) + basic_machine=sparc-sun + os= + ;; + sun4os3) + basic_machine=sparc-sun + os=sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=solaris2 + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + os= + ;; + sv1) + basic_machine=sv1-cray + os=unicos + ;; + symmetry) + basic_machine=i386-sequent + os=dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=unicos + ;; + t90) + basic_machine=t90-cray + os=unicos + ;; + toad1) + basic_machine=pdp10-xkl + os=tops20 + ;; + tpf) + basic_machine=s390x-ibm + os=tpf + ;; + udi29k) + basic_machine=a29k-amd + os=udi + ;; + ultra3) + basic_machine=a29k-nyu + os=sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=none + ;; + vaxv) + basic_machine=vax-dec + os=sysv + ;; + vms) + basic_machine=vax-dec + os=vms + ;; + vxworks960) + basic_machine=i960-wrs + os=vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=vxworks + ;; + xbox) + basic_machine=i686-pc + os=mingw32 + ;; + ymp) + basic_machine=ymp-cray + os=unicos + ;; + *) + basic_machine=$1 + os= + ;; + esac + ;; +esac + +# Decode 1-component or ad-hoc basic machines +case $basic_machine in + # Here we handle the default manufacturer of certain CPU types. It is in + # some cases the only manufacturer, in others, it is the most popular. + w89k) + cpu=hppa1.1 + vendor=winbond + ;; + op50n) + cpu=hppa1.1 + vendor=oki + ;; + op60c) + cpu=hppa1.1 + vendor=oki + ;; + ibm*) + cpu=i370 + vendor=ibm + ;; + orion105) + cpu=clipper + vendor=highlevel + ;; + mac | mpw | mac-mpw) + cpu=m68k + vendor=apple + ;; + pmac | pmac-mpw) + cpu=powerpc + vendor=apple + ;; + + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + cpu=m68000 + vendor=att + ;; + 3b*) + cpu=we32k + vendor=att + ;; + bluegene*) + cpu=powerpc + vendor=ibm + os=cnk + ;; + decsystem10* | dec10*) + cpu=pdp10 + vendor=dec + os=tops10 + ;; + decsystem20* | dec20*) + cpu=pdp10 + vendor=dec + os=tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + cpu=m68k + vendor=motorola + ;; + dpx2*) + cpu=m68k + vendor=bull + os=sysv3 + ;; + encore | umax | mmax) + cpu=ns32k + vendor=encore + ;; + elxsi) + cpu=elxsi + vendor=elxsi + os=${os:-bsd} + ;; + fx2800) + cpu=i860 + vendor=alliant + ;; + genix) + cpu=ns32k + vendor=ns + ;; + h3050r* | hiux*) + cpu=hppa1.1 + vendor=hitachi + os=hiuxwe2 + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + cpu=m68000 + vendor=hp + ;; + hp9k3[2-9][0-9]) + cpu=m68k + vendor=hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + cpu=hppa1.1 + vendor=hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + i*86v32) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv32 + ;; + i*86v4*) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv4 + ;; + i*86v) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv + ;; + i*86sol2) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=solaris2 + ;; + j90 | j90-cray) + cpu=j90 + vendor=cray + os=${os:-unicos} + ;; + iris | iris4d) + cpu=mips + vendor=sgi + case $os in + irix*) + ;; + *) + os=irix4 + ;; + esac + ;; + miniframe) + cpu=m68000 + vendor=convergent + ;; + *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) + cpu=m68k + vendor=atari + os=mint + ;; + news-3600 | risc-news) + cpu=mips + vendor=sony + os=newsos + ;; + next | m*-next) + cpu=m68k + vendor=next + case $os in + openstep*) + ;; + nextstep*) + ;; + ns2*) + os=nextstep2 + ;; + *) + os=nextstep3 + ;; + esac + ;; + np1) + cpu=np1 + vendor=gould + ;; + op50n-* | op60c-*) + cpu=hppa1.1 + vendor=oki + os=proelf + ;; + pa-hitachi) + cpu=hppa1.1 + vendor=hitachi + os=hiuxwe2 + ;; + pbd) + cpu=sparc + vendor=tti + ;; + pbb) + cpu=m68k + vendor=tti + ;; + pc532) + cpu=ns32k + vendor=pc532 + ;; + pn) + cpu=pn + vendor=gould + ;; + power) + cpu=power + vendor=ibm + ;; + ps2) + cpu=i386 + vendor=ibm + ;; + rm[46]00) + cpu=mips + vendor=siemens + ;; + rtpc | rtpc-*) + cpu=romp + vendor=ibm + ;; + sde) + cpu=mipsisa32 + vendor=sde + os=${os:-elf} + ;; + simso-wrs) + cpu=sparclite + vendor=wrs + os=vxworks + ;; + tower | tower-32) + cpu=m68k + vendor=ncr + ;; + vpp*|vx|vx-*) + cpu=f301 + vendor=fujitsu + ;; + w65) + cpu=w65 + vendor=wdc + ;; + w89k-*) + cpu=hppa1.1 + vendor=winbond + os=proelf + ;; + none) + cpu=none + vendor=none + ;; + leon|leon[3-9]) + cpu=sparc + vendor=$basic_machine + ;; + leon-*|leon[3-9]-*) + cpu=sparc + vendor=`echo "$basic_machine" | sed 's/-.*//'` + ;; + + *-*) + # shellcheck disable=SC2162 + IFS="-" read cpu vendor <&2 + exit 1 + ;; + esac + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $vendor in + digital*) + vendor=dec + ;; + commodore*) + vendor=cbm + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x$os != x ] +then +case $os in + # First match some system type aliases that might get confused + # with valid system types. + # solaris* is a basic system type, with this one exception. + auroraux) + os=auroraux + ;; + bluegene*) + os=cnk + ;; + solaris1 | solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + solaris) + os=solaris2 + ;; + unixware*) + os=sysv4.2uw + ;; + gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # es1800 is here to avoid being matched by es* (a different OS) + es1800*) + os=ose + ;; + # Some version numbers need modification + chorusos*) + os=chorusos + ;; + isc) + os=isc2.2 + ;; + sco6) + os=sco5v6 + ;; + sco5) + os=sco3.2v5 + ;; + sco4) + os=sco3.2v4 + ;; + sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + ;; + sco3.2v[4-9]* | sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + ;; + scout) + # Don't match below + ;; + sco*) + os=sco3.2v2 + ;; + psos*) + os=psos + ;; + # Now accept the basic system types. + # The portable systems comes first. + # Each alternative MUST end in a * to match a version number. + # sysv* is not here because it comes later, after sysvr4. + gnu* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]*\ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | kopensolaris* | plan9* \ + | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ + | aos* | aros* | cloudabi* | sortix* \ + | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ + | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ + | knetbsd* | mirbsd* | netbsd* \ + | bitrig* | openbsd* | solidbsd* | libertybsd* \ + | ekkobsd* | kfreebsd* | freebsd* | riscix* | lynxos* \ + | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ + | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ + | udi* | eabi* | lites* | ieee* | go32* | aux* | hcos* \ + | chorusrdb* | cegcc* | glidix* \ + | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ + | midipix* | mingw32* | mingw64* | linux-gnu* | linux-android* \ + | linux-newlib* | linux-musl* | linux-uclibc* \ + | uxpv* | beos* | mpeix* | udk* | moxiebox* \ + | interix* | uwin* | mks* | rhapsody* | darwin* \ + | openstep* | oskit* | conix* | pw32* | nonstopux* \ + | storm-chaos* | tops10* | tenex* | tops20* | its* \ + | os2* | vos* | palmos* | uclinux* | nucleus* \ + | morphos* | superux* | rtmk* | windiss* \ + | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ + | skyos* | haiku* | rdos* | toppers* | drops* | es* \ + | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ + | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + qnx*) + case $cpu in + x86 | i*86) + ;; + *) + os=nto-$os + ;; + esac + ;; + hiux*) + os=hiuxwe2 + ;; + nto-qnx*) + ;; + nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + sim | xray | os68k* | v88r* \ + | windows* | osx | abug | netware* | os9* \ + | macos* | mpw* | magic* | mmixware* | mon960* | lnews*) + ;; + linux-dietlibc) + os=linux-dietlibc + ;; + linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + lynx*178) + os=lynxos178 + ;; + lynx*5) + os=lynxos5 + ;; + lynx*) + os=lynxos + ;; + mac*) + os=`echo "$os" | sed -e 's|mac|macos|'` + ;; + opened*) + os=openedition + ;; + os400*) + os=os400 + ;; + sunos5*) + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` + ;; + sunos6*) + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` + ;; + wince*) + os=wince + ;; + utek*) + os=bsd + ;; + dynix*) + os=bsd + ;; + acis*) + os=aos + ;; + atheos*) + os=atheos + ;; + syllable*) + os=syllable + ;; + 386bsd) + os=bsd + ;; + ctix* | uts*) + os=sysv + ;; + nova*) + os=rtmk-nova + ;; + ns2) + os=nextstep2 + ;; + nsk*) + os=nsk + ;; + # Preserve the version number of sinix5. + sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + sinix*) + os=sysv4 + ;; + tpf*) + os=tpf + ;; + triton*) + os=sysv3 + ;; + oss*) + os=sysv3 + ;; + svr4*) + os=sysv4 + ;; + svr3) + os=sysv3 + ;; + sysvr4) + os=sysv4 + ;; + # This must come after sysvr4. + sysv*) + ;; + ose*) + os=ose + ;; + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + os=mint + ;; + zvmoe) + os=zvmoe + ;; + dicos*) + os=dicos + ;; + pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $cpu in + arm*) + os=eabi + ;; + *) + os=elf + ;; + esac + ;; + nacl*) + ;; + ios) + ;; + none) + ;; + *-eabi) + ;; + *) + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $cpu-$vendor in + score-*) + os=elf + ;; + spu-*) + os=elf + ;; + *-acorn) + os=riscix1.2 + ;; + arm*-rebel) + os=linux + ;; + arm*-semi) + os=aout + ;; + c4x-* | tic4x-*) + os=coff + ;; + c8051-*) + os=elf + ;; + clipper-intergraph) + os=clix + ;; + hexagon-*) + os=elf + ;; + tic54x-*) + os=coff + ;; + tic55x-*) + os=coff + ;; + tic6x-*) + os=coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=tops20 + ;; + pdp11-*) + os=none + ;; + *-dec | vax-*) + os=ultrix4.2 + ;; + m68*-apollo) + os=domain + ;; + i386-sun) + os=sunos4.0.2 + ;; + m68000-sun) + os=sunos3 + ;; + m68*-cisco) + os=aout + ;; + mep-*) + os=elf + ;; + mips*-cisco) + os=elf + ;; + mips*-*) + os=elf + ;; + or32-*) + os=coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=sysv3 + ;; + sparc-* | *-sun) + os=sunos4.1.1 + ;; + pru-*) + os=elf + ;; + *-be) + os=beos + ;; + *-ibm) + os=aix + ;; + *-knuth) + os=mmixware + ;; + *-wec) + os=proelf + ;; + *-winbond) + os=proelf + ;; + *-oki) + os=proelf + ;; + *-hp) + os=hpux + ;; + *-hitachi) + os=hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=sysv + ;; + *-cbm) + os=amigaos + ;; + *-dg) + os=dgux + ;; + *-dolphin) + os=sysv3 + ;; + m68k-ccur) + os=rtu + ;; + m88k-omron*) + os=luna + ;; + *-next) + os=nextstep + ;; + *-sequent) + os=ptx + ;; + *-crds) + os=unos + ;; + *-ns) + os=genix + ;; + i370-*) + os=mvs + ;; + *-gould) + os=sysv + ;; + *-highlevel) + os=bsd + ;; + *-encore) + os=bsd + ;; + *-sgi) + os=irix + ;; + *-siemens) + os=sysv4 + ;; + *-masscomp) + os=rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=uxpv + ;; + *-rom68k) + os=coff + ;; + *-*bug) + os=coff + ;; + *-apple) + os=macos + ;; + *-atari*) + os=mint + ;; + *-wrs) + os=vxworks + ;; + *) + os=none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +case $vendor in + unknown) + case $os in + riscix*) + vendor=acorn + ;; + sunos*) + vendor=sun + ;; + cnk*|-aix*) + vendor=ibm + ;; + beos*) + vendor=be + ;; + hpux*) + vendor=hp + ;; + mpeix*) + vendor=hp + ;; + hiux*) + vendor=hitachi + ;; + unos*) + vendor=crds + ;; + dgux*) + vendor=dg + ;; + luna*) + vendor=omron + ;; + genix*) + vendor=ns + ;; + clix*) + vendor=intergraph + ;; + mvs* | opened*) + vendor=ibm + ;; + os400*) + vendor=ibm + ;; + ptx*) + vendor=sequent + ;; + tpf*) + vendor=ibm + ;; + vxsim* | vxworks* | windiss*) + vendor=wrs + ;; + aux*) + vendor=apple + ;; + hms*) + vendor=hitachi + ;; + mpw* | macos*) + vendor=apple + ;; + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + vendor=atari + ;; + vos*) + vendor=stratus + ;; + esac + ;; +esac + +echo "$cpu-$vendor-$os" +exit + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/src/xen/config/Docs.mk.in b/src/xen/config/Docs.mk.in new file mode 100644 index 0000000000000000000000000000000000000000..e76e5cd5ffba9e2d0ea2d66ca42d78da9408693a --- /dev/null +++ b/src/xen/config/Docs.mk.in @@ -0,0 +1,9 @@ +-include $(XEN_ROOT)/config/Paths.mk + +# Tools +FIG2DEV := @FIG2DEV@ +POD2MAN := @POD2MAN@ +POD2HTML := @POD2HTML@ +POD2TEXT := @POD2TEXT@ +PANDOC := @PANDOC@ +PERL := @PERL@ diff --git a/src/xen/config/FreeBSD.mk b/src/xen/config/FreeBSD.mk new file mode 100644 index 0000000000000000000000000000000000000000..0062902b257325d7eb175dda2d91c6bb7fffab7d --- /dev/null +++ b/src/xen/config/FreeBSD.mk @@ -0,0 +1,11 @@ +include $(XEN_ROOT)/config/StdGNU.mk + +XEN_ELF_SUB_FLAVOR = _fbsd + +# No wget on FreeBSD base system +WGET = ftp +PKG_INSTALLDIR = ${prefix}/libdata/pkgconfig + +# Add the default pkg install path +APPEND_LIB += /usr/local/lib +APPEND_INCLUDES += /usr/local/include diff --git a/src/xen/config/Linux.mk b/src/xen/config/Linux.mk new file mode 100644 index 0000000000000000000000000000000000000000..2a84b6b0f3fe04c4f510ebe5ee022f10d5b7bb69 --- /dev/null +++ b/src/xen/config/Linux.mk @@ -0,0 +1,3 @@ +include $(XEN_ROOT)/config/StdGNU.mk + +SYSCONFIG_DIR = $(CONFIG_DIR)/$(CONFIG_LEAF_DIR) diff --git a/src/xen/config/MiniOS.mk b/src/xen/config/MiniOS.mk new file mode 100644 index 0000000000000000000000000000000000000000..32260ada91f82c88467c6efc55048f726039ebee --- /dev/null +++ b/src/xen/config/MiniOS.mk @@ -0,0 +1,10 @@ +include $(XEN_ROOT)/config/StdGNU.mk +include $(XEN_ROOT)/extras/mini-os/Config.mk +CFLAGS += $(DEF_CFLAGS) $(ARCH_CFLAGS) +CPPFLAGS += $(DEF_CPPFLAGS) $(ARCH_CPPFLAGS) $(extra_incl) +ASFLAGS += $(DEF_ASFLAGS) $(ARCH_ASFLAGS) +LDFLAGS += $(DEF_LDFLAGS) $(ARCH_LDFLAGS) + +# Override settings for this OS +PTHREAD_LIBS = +nosharedlibs=y diff --git a/src/xen/config/NetBSD.mk b/src/xen/config/NetBSD.mk new file mode 100644 index 0000000000000000000000000000000000000000..cf766e5abc7f0058ff8714738b476f5f5ee1e226 --- /dev/null +++ b/src/xen/config/NetBSD.mk @@ -0,0 +1,3 @@ +include $(XEN_ROOT)/config/StdGNU.mk + +WGET = ftp diff --git a/src/xen/config/NetBSDRump.mk b/src/xen/config/NetBSDRump.mk new file mode 100644 index 0000000000000000000000000000000000000000..74755a1c3699185d9bd04ee3d49114345c2439e5 --- /dev/null +++ b/src/xen/config/NetBSDRump.mk @@ -0,0 +1,8 @@ +include $(XEN_ROOT)/config/StdGNU.mk + +PTHREAD_LIBS = + +WGET = ftp + +XENSTORE_XENSTORED=n +nosharedlibs=y diff --git a/src/xen/config/OpenBSD.mk b/src/xen/config/OpenBSD.mk new file mode 100644 index 0000000000000000000000000000000000000000..6a6bf304f000657f1491f4d24bc081988ebe4f50 --- /dev/null +++ b/src/xen/config/OpenBSD.mk @@ -0,0 +1,3 @@ +include $(XEN_ROOT)/config/StdGNU.mk + +XEN_ELF_SUB_FLAVOR = _obsd diff --git a/src/xen/config/Paths.mk.in b/src/xen/config/Paths.mk.in new file mode 100644 index 0000000000000000000000000000000000000000..38b1bb6b1f958c48872e657b883ff55a8bf101c2 --- /dev/null +++ b/src/xen/config/Paths.mk.in @@ -0,0 +1,59 @@ +# Xen system configuration +# ======================== +# +# Xen uses a set of variables for system configuration and at build time, +# because of this these variables are defined on one master input source file +# and is generated after running ./configure. The master source is located +# on the xen source tree at under config/Paths.mk.in and it is used to +# generate shell or header files by the build system upon demand through the +# use of the helper makefile helper buildmakevars2file(). +# +# For more documentation you can refer to the wiki: +# +# https://wiki.xen.org/wiki/Category:Host_Configuration#System_wide_xen_configuration + +PACKAGE_TARNAME := @PACKAGE_TARNAME@ +prefix := @prefix@ +bindir := @bindir@ +sbindir := @sbindir@ +libdir := @libdir@ +libexecdir := @libexecdir@ +datarootdir := @datarootdir@ +mandir := @mandir@ +docdir := @docdir@ +dvidir := @dvidir@ +htmldir := @htmldir@ +pdfdir := @pdfdir@ +psdir := @psdir@ +includedir := @includedir@ +localstatedir := @localstatedir@ +sysconfdir := @sysconfdir@ + +LIBEXEC := @LIBEXEC@ +LIBEXEC_BIN := @LIBEXEC_BIN@ +LIBEXEC_LIB := @LIBEXEC_LIB@ +LIBEXEC_INC := @LIBEXEC_INC@ + +SHAREDIR := @SHAREDIR@ +MAN1DIR := $(mandir)/man1 +MAN8DIR := $(mandir)/man8 + +XEN_RUN_DIR := @XEN_RUN_DIR@ +XEN_LOG_DIR := @XEN_LOG_DIR@ +XEN_LIB_DIR := @XEN_LIB_DIR@ + +CONFIG_DIR := @CONFIG_DIR@ +INITD_DIR := @INITD_DIR@ +CONFIG_LEAF_DIR := @CONFIG_LEAF_DIR@ +BASH_COMPLETION_DIR := $(CONFIG_DIR)/bash_completion.d +XEN_LOCK_DIR := @XEN_LOCK_DIR@ +XEN_PAGING_DIR := @XEN_PAGING_DIR@ +XEN_DUMP_DIR := @XEN_DUMP_DIR@ +DEBUG_DIR := @DEBUG_DIR@ + +XENFIRMWAREDIR := @XENFIRMWAREDIR@ + +XEN_CONFIG_DIR := @XEN_CONFIG_DIR@ +XEN_SCRIPT_DIR := @XEN_SCRIPT_DIR@ + +PKG_INSTALLDIR := ${libdir}/pkgconfig diff --git a/src/xen/config/StdGNU.mk b/src/xen/config/StdGNU.mk new file mode 100644 index 0000000000000000000000000000000000000000..aaa0d007f721017193df6cd1de93f614759a6047 --- /dev/null +++ b/src/xen/config/StdGNU.mk @@ -0,0 +1,38 @@ +AS = $(CROSS_COMPILE)as +LD = $(CROSS_COMPILE)ld +ifeq ($(clang),y) +CC = $(CROSS_COMPILE)clang +CXX = $(CROSS_COMPILE)clang++ +LD_LTO = $(CROSS_COMPILE)llvm-ld +else +CC = $(CROSS_COMPILE)gcc +CXX = $(CROSS_COMPILE)g++ +LD_LTO = $(CROSS_COMPILE)ld +endif +CPP = $(CC) -E +ADDR2LINE = $(CROSS_COMPILE)addr2line +AR = $(CROSS_COMPILE)ar +RANLIB = $(CROSS_COMPILE)ranlib +NM = $(CROSS_COMPILE)nm +STRIP = $(CROSS_COMPILE)strip +OBJCOPY = $(CROSS_COMPILE)objcopy +OBJDUMP = $(CROSS_COMPILE)objdump +SIZEUTIL = $(CROSS_COMPILE)size + +# Allow git to be wrappered in the environment +GIT ?= git + +INSTALL = install +INSTALL_DIR = $(INSTALL) -d -m0755 -p +INSTALL_DATA = $(INSTALL) -m0644 -p +INSTALL_PROG = $(INSTALL) -m0755 -p + +BOOT_DIR ?= /boot +DEBUG_DIR ?= /usr/lib/debug + +SOCKET_LIBS = +UTIL_LIBS = -lutil + +SONAME_LDFLAG = -soname +SHLIB_LDFLAGS = -shared + diff --git a/src/xen/config/Stubdom.mk.in b/src/xen/config/Stubdom.mk.in new file mode 100644 index 0000000000000000000000000000000000000000..5990fc4e04f938ed9be0bf89a599b21a2adb6bd7 --- /dev/null +++ b/src/xen/config/Stubdom.mk.in @@ -0,0 +1,39 @@ +-include $(XEN_ROOT)/config/Paths.mk + +# Path Programs +CMAKE := @CMAKE@ +FETCHER := @FETCHER@ + +# A debug build of stubdom? //FIXME: Someone make this do something +debug := @debug@ + +STUBDOM_TARGETS := @STUBDOM_TARGETS@ +STUBDOM_BUILD := @STUBDOM_BUILD@ +STUBDOM_INSTALL := @STUBDOM_INSTALL@ + +ZLIB_VERSION := @ZLIB_VERSION@ +ZLIB_URL := @ZLIB_URL@ + +LIBPCI_VERSION := @LIBPCI_VERSION@ +LIBPCI_URL := @LIBPCI_URL@ + +NEWLIB_VERSION := @NEWLIB_VERSION@ +NEWLIB_URL := @NEWLIB_URL@ + +LWIP_VERSION := @LWIP_VERSION@ +LWIP_URL := @LWIP_URL@ + +GRUB_VERSION := @GRUB_VERSION@ +GRUB_URL := @GRUB_URL@ + +OCAML_VERSION := @OCAML_VERSION@ +OCAML_URL := @OCAML_URL@ + +GMP_VERSION := @GMP_VERSION@ +GMP_URL := @GMP_URL@ + +POLARSSL_VERSION := @POLARSSL_VERSION@ +POLARSSL_URL := @POLARSSL_URL@ + +TPMEMU_VERSION := @TPMEMU_VERSION@ +TPMEMU_URL := @TPMEMU_URL@ diff --git a/src/xen/config/SunOS.mk b/src/xen/config/SunOS.mk new file mode 100644 index 0000000000000000000000000000000000000000..f1088e3833043c67f5472b1461442ac731e78d40 --- /dev/null +++ b/src/xen/config/SunOS.mk @@ -0,0 +1,36 @@ +AS = $(CROSS_COMPILE)gas +LD = $(CROSS_COMPILE)gld +CC = $(CROSS_COMPILE)gcc +CPP = $(CROSS_COMPILE)gcc -E +CXX = $(CROSS_COMPILE)g++ +ADDR2LINE = $(CROSS_COMPILE)gaddr2line +AR = $(CROSS_COMPILE)gar +RANLIB = $(CROSS_COMPILE)granlib +NM = $(CROSS_COMPILE)gnm +STRIP = $(CROSS_COMPILE)gstrip +OBJCOPY = $(CROSS_COMPILE)gobjcopy +OBJDUMP = $(CROSS_COMPILE)gobjdump +SIZEUTIL = $(CROSS_COMPILE)gsize + +SHELL = bash + +INSTALL = ginstall +INSTALL_DIR = $(INSTALL) -d -m0755 -p +INSTALL_DATA = $(INSTALL) -m0644 -p +INSTALL_PROG = $(INSTALL) -m0755 -p + +BOOT_DIR ?= /boot +DEBUG_DIR ?= /usr/lib/debug + +SunOS_LIBDIR = /usr/sfw/lib +SunOS_LIBDIR_x86_64 = /usr/sfw/lib/amd64 + +SOCKET_LIBS = -lsocket +PTHREAD_LIBS = -lpthread +UTIL_LIBS = + +SONAME_LDFLAG = -h +SHLIB_LDFLAGS = -R $(SunOS_LIBDIR) -shared + +CFLAGS += -Wa,--divide -D_POSIX_C_SOURCE=200112L -D__EXTENSIONS__ + diff --git a/src/xen/config/Tools.mk.in b/src/xen/config/Tools.mk.in new file mode 100644 index 0000000000000000000000000000000000000000..b54ab21f966b14cace7a388b63d064af3b621b97 --- /dev/null +++ b/src/xen/config/Tools.mk.in @@ -0,0 +1,74 @@ +-include $(XEN_ROOT)/config/Paths.mk + +CONFIG_WERROR := @werror@ +CONFIG_RUMP := @CONFIG_RUMP@ +ifeq ($(CONFIG_RUMP),y) +XEN_OS := NetBSDRump +endif + +# Tools path +BISON := @BISON@ +FLEX := @FLEX@ +PYTHON := @PYTHON@ +PYTHON_PATH := @PYTHONPATH@ +PY_NOOPT_CFLAGS := @PY_NOOPT_CFLAGS@ +PERL := @PERL@ +AS86 := @AS86@ +LD86 := @LD86@ +BCC := @BCC@ +IASL := @IASL@ +AWK := @AWK@ +FETCHER := @FETCHER@ +ABI_DUMPER := @ABI_DUMPER@ + +# Extra folder for libs/includes +PREPEND_INCLUDES := @PREPEND_INCLUDES@ +PREPEND_LIB := @PREPEND_LIB@ +APPEND_INCLUDES := @APPEND_INCLUDES@ +APPEND_LIB := @APPEND_LIB@ + +PTHREAD_CFLAGS := @PTHREAD_CFLAGS@ +PTHREAD_LDFLAGS := @PTHREAD_LDFLAGS@ +PTHREAD_LIBS := @PTHREAD_LIBS@ + +LIBNL3_LIBS := @LIBNL3_LIBS@ +LIBNL3_CFLAGS := @LIBNL3_CFLAGS@ +XEN_TOOLS_RPATH := @rpath@ + +# Optional components +XENSTAT_XENTOP := @monitors@ +OCAML_TOOLS := @ocamltools@ +FLASK_POLICY := @xsmpolicy@ +CONFIG_OVMF := @ovmf@ +CONFIG_ROMBIOS := @rombios@ +CONFIG_SEABIOS := @seabios@ +CONFIG_IPXE := @ipxe@ +CONFIG_QEMU_TRAD := @qemu_traditional@ +CONFIG_QEMU_XEN := @qemu_xen@ +CONFIG_QEMUU_EXTRA_ARGS:= @EXTRA_QEMUU_CONFIGURE_ARGS@ +CONFIG_LIBNL := @libnl@ +CONFIG_GOLANG := @golang@ +CONFIG_PYGRUB := @pygrub@ +CONFIG_LIBFSIMAGE := @libfsimage@ + +CONFIG_SYSTEMD := @systemd@ +SYSTEMD_CFLAGS := @SYSTEMD_CFLAGS@ +SYSTEMD_LIBS := @SYSTEMD_LIBS@ +XEN_SYSTEMD_DIR := @SYSTEMD_DIR@ +XEN_SYSTEMD_MODULES_LOAD := @SYSTEMD_MODULES_LOAD@ +CONFIG_9PFS := @ninepfs@ + +LINUX_BACKEND_MODULES := @LINUX_BACKEND_MODULES@ + +#System options +ZLIB_CFLAGS := @ZLIB_CFLAGS@ +ZLIB_LIBS := @ZLIB_LIBS@ +CONFIG_LIBICONV := @libiconv@ +EXTFS_LIBS := @EXTFS_LIBS@ +CURSES_LIBS := @CURSES_LIBS@ +TINFO_LIBS := @TINFO_LIBS@ +ARGP_LDFLAGS := @argp_ldflags@ + +FILE_OFFSET_BITS := @FILE_OFFSET_BITS@ + +CONFIG_PV_SHIM := @pvshim@ diff --git a/src/xen/config/Toplevel.mk.in b/src/xen/config/Toplevel.mk.in new file mode 100644 index 0000000000000000000000000000000000000000..4db7eafcab5dbafb6195e4d5cc45e9d40b8f64d3 --- /dev/null +++ b/src/xen/config/Toplevel.mk.in @@ -0,0 +1 @@ +SUBSYSTEMS := @SUBSYSTEMS@ diff --git a/src/xen/config/arm32.mk b/src/xen/config/arm32.mk new file mode 100644 index 0000000000000000000000000000000000000000..c38d89cb30fcf8e517beb4a28f09f0ad58e8ca85 --- /dev/null +++ b/src/xen/config/arm32.mk @@ -0,0 +1,14 @@ +CONFIG_ARM := y +CONFIG_ARM_32 := y + +CONFIG_XEN_INSTALL_SUFFIX := + +# -march= -mcpu= + +# Explicitly specifiy 32-bit ARM ISA since toolchain default can be -mthumb: +CFLAGS += -marm + +# Use only if calling $(LD) directly. +LDFLAGS_DIRECT += -EL + +IOEMU_CPU_ARCH ?= arm diff --git a/src/xen/config/arm64.mk b/src/xen/config/arm64.mk new file mode 100644 index 0000000000000000000000000000000000000000..c4662f67d044265340aae8f51c57c36c2b1cfa4a --- /dev/null +++ b/src/xen/config/arm64.mk @@ -0,0 +1,13 @@ +CONFIG_ARM := y +CONFIG_ARM_64 := y + +CONFIG_XEN_INSTALL_SUFFIX := + +CFLAGS += #-marm -march= -mcpu= etc + +# Use only if calling $(LD) directly. +LDFLAGS_DIRECT += -EL + +IOEMU_CPU_ARCH ?= aarch64 + +EFI_DIR ?= /usr/lib64/efi diff --git a/src/xen/config/ppc64.mk b/src/xen/config/ppc64.mk new file mode 100644 index 0000000000000000000000000000000000000000..05f74bb30608de222b5f38218f222e6107bf3e21 --- /dev/null +++ b/src/xen/config/ppc64.mk @@ -0,0 +1,4 @@ +CONFIG_PPC := y +CONFIG_PPC64 := y + +CONFIG_XEN_INSTALL_SUFFIX := diff --git a/src/xen/config/riscv64.mk b/src/xen/config/riscv64.mk new file mode 100644 index 0000000000000000000000000000000000000000..91c6e53da6f8b5e9d77d5ee0b7a17469b27f30a1 --- /dev/null +++ b/src/xen/config/riscv64.mk @@ -0,0 +1,4 @@ +CONFIG_RISCV := y +CONFIG_RISCV_64 := y + +CONFIG_XEN_INSTALL_SUFFIX := diff --git a/src/xen/config/x86_32.mk b/src/xen/config/x86_32.mk new file mode 100644 index 0000000000000000000000000000000000000000..3cc046d9bcf38575d792a2585bcda57947b541dc --- /dev/null +++ b/src/xen/config/x86_32.mk @@ -0,0 +1,12 @@ +CONFIG_X86 := y +CONFIG_X86_32 := y + +CONFIG_MIGRATE := y +CONFIG_XCUTILS := y + +CFLAGS += -m32 -march=i686 + +# Use only if calling $(LD) directly. +LDFLAGS_DIRECT += -melf_i386$(XEN_ELF_SUB_FLAVOR) + +IOEMU_CPU_ARCH ?= i386 diff --git a/src/xen/config/x86_64.mk b/src/xen/config/x86_64.mk new file mode 100644 index 0000000000000000000000000000000000000000..8614457b03d0a2146512ecc55e63acaa191a21b8 --- /dev/null +++ b/src/xen/config/x86_64.mk @@ -0,0 +1,18 @@ +CONFIG_X86 := y +CONFIG_X86_64 := y + +CONFIG_MIGRATE := y +CONFIG_XCUTILS := y + +CONFIG_XEN_INSTALL_SUFFIX := .gz + +CFLAGS += -m64 + +SunOS_LIBDIR = $(SunOS_LIBDIR_x86_64) + +EFI_DIR ?= /usr/lib64/efi + +# Use only if calling $(LD) directly. +LDFLAGS_DIRECT += -melf_x86_64$(XEN_ELF_SUB_FLAVOR) + +IOEMU_CPU_ARCH ?= x86_64 diff --git a/src/xen/configure b/src/xen/configure new file mode 100755 index 0000000000000000000000000000000000000000..df7fec483df7e7ab35d19dc6071a77cd62076bef --- /dev/null +++ b/src/xen/configure @@ -0,0 +1,3649 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for Xen Hypervisor 4.19. +# +# Report bugs to . +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: xen-devel@lists.xen.org about your system, including +$0: any error possibly output before this message. Then +$0: install a modern shell, or manually run the script +$0: under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='Xen Hypervisor' +PACKAGE_TARNAME='xen' +PACKAGE_VERSION='4.19' +PACKAGE_STRING='Xen Hypervisor 4.19' +PACKAGE_BUGREPORT='xen-devel@lists.xen.org' +PACKAGE_URL='https://www.xen.org/' + +ac_unique_file="./xen/common/kernel.c" +enable_option_checking=no +ac_subst_vars='LTLIBOBJS +LIBOBJS +SUBSYSTEMS +docs +stubdom +tools +xen +subdirs +DEBUG_DIR +XEN_DUMP_DIR +XEN_PAGING_DIR +XEN_LOCK_DIR +INITD_DIR +SHAREDIR +XEN_LIB_DIR +XEN_RUN_STORED +XEN_LOG_DIR +XEN_RUN_DIR +XENFIRMWAREDIR +LIBEXEC_INC +LIBEXEC_LIB +LIBEXEC_BIN +LIBEXEC +XEN_SCRIPT_DIR +CONFIG_LEAF_DIR +XEN_CONFIG_DIR +CONFIG_DIR +XENSTORED_PORT +XENSTORED_KVA +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +runstatedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +with_initddir +with_sysconfig_leaf_dir +with_libexec_leaf_dir +with_xen_scriptdir +with_xen_dumpdir +with_rundir +with_debugdir +enable_xen +enable_tools +enable_stubdom +enable_docs +' + ac_precious_vars='build_alias +host_alias +target_alias' +ac_subdirs_all='xen +tools +stubdom +docs' + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir runstatedir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures Xen Hypervisor 4.19 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/xen] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of Xen Hypervisor 4.19:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --disable-xen Disable build and install of xen + --disable-tools Disable build and install of tools + --enable-stubdom Enable build and install of stubdom + --disable-docs Disable build and install of docs + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-initddir=DIR Path to directory with sysv runlevel scripts. + [SYSCONFDIR/init.d] + --with-sysconfig-leaf-dir=SUBDIR + Name of subdirectory in /etc to store runtime + options for runlevel scripts and daemons such as + xenstored. This should be either "sysconfig" or + "default". [sysconfig] + --with-libexec-leaf-dir=SUBDIR + Name of subdirectory in libexecdir to use. + --with-xen-scriptdir=DIR + Path to directory for dom0 hotplug scripts. + [SYSCONFDIR/xen/scripts] + --with-xen-dumpdir=DIR Path to directory for domU crash dumps. + [LOCALSTATEDIR/lib/xen/dump] + --with-rundir=DIR Path to directory for runtime data. + [LOCALSTATEDIR/run] + --with-debugdir=DIR Path to directory for debug symbols. + [PREFIX/lib/debug] + +Report bugs to . +Xen Hypervisor home page: . +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +Xen Hypervisor configure 4.19 +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by Xen Hypervisor $as_me 4.19, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +ac_config_files="$ac_config_files config/Toplevel.mk config/Paths.mk" + + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + + + + + + + + + + + + + + + + + + + + + + + + + + +case "$host_os" in +*freebsd*) XENSTORED_KVA=/dev/xen/xenstored ;; +*) XENSTORED_KVA=/proc/xen/xsd_kva ;; +esac + + +case "$host_os" in +*freebsd*) XENSTORED_PORT=/dev/xen/xenstored ;; +*) XENSTORED_PORT=/proc/xen/xsd_port ;; +esac + + + + +test "x$prefix" = "xNONE" && prefix=$ac_default_prefix +test "x$exec_prefix" = "xNONE" && exec_prefix=${prefix} + +if test "$localstatedir" = '${prefix}/var' ; then + localstatedir=/var +fi + +bindir=`eval echo $bindir` +sbindir=`eval echo $sbindir` +libdir=`eval echo $libdir` + +if test "x$sysconfdir" = 'x${prefix}/etc' ; then + case "$host_os" in + *freebsd*) + sysconfdir=$prefix/etc + ;; + *solaris*) + if test "$prefix" = "/usr" ; then + sysconfdir=/etc + else + sysconfdir=$prefix/etc + fi + ;; + *) + sysconfdir=/etc + ;; + esac +fi + +CONFIG_DIR=$sysconfdir + + +XEN_CONFIG_DIR=$CONFIG_DIR/xen + + +cat >>confdefs.h <<_ACEOF +#define XEN_CONFIG_DIR "$XEN_CONFIG_DIR" +_ACEOF + + + +# Check whether --with-initddir was given. +if test "${with_initddir+set}" = set; then : + withval=$with_initddir; initddir_path=$withval +else + case "$host_os" in + *linux*) + if test -d $sysconfdir/rc.d/init.d ; then + initddir_path=$sysconfdir/rc.d/init.d + else + initddir_path=$sysconfdir/init.d + fi + ;; + *) + initddir_path=$sysconfdir/rc.d + ;; + esac +fi + + + +# Check whether --with-sysconfig-leaf-dir was given. +if test "${with_sysconfig_leaf_dir+set}" = set; then : + withval=$with_sysconfig_leaf_dir; config_leaf_dir=$withval +else + config_leaf_dir=sysconfig + if test ! -d /etc/sysconfig ; then config_leaf_dir=default ; fi +fi + +CONFIG_LEAF_DIR=$config_leaf_dir + + + +# Check whether --with-libexec-leaf-dir was given. +if test "${with_libexec_leaf_dir+set}" = set; then : + withval=$with_libexec_leaf_dir; libexec_subdir=$withval +else + libexec_subdir=$PACKAGE_TARNAME +fi + + + +# Check whether --with-xen-scriptdir was given. +if test "${with_xen_scriptdir+set}" = set; then : + withval=$with_xen_scriptdir; xen_scriptdir_path=$withval +else + xen_scriptdir_path=$XEN_CONFIG_DIR/scripts +fi + +XEN_SCRIPT_DIR=$xen_scriptdir_path + + +cat >>confdefs.h <<_ACEOF +#define XEN_SCRIPT_DIR "$XEN_SCRIPT_DIR" +_ACEOF + + + +# Check whether --with-xen-dumpdir was given. +if test "${with_xen_dumpdir+set}" = set; then : + withval=$with_xen_dumpdir; xen_dumpdir_path=$withval +else + xen_dumpdir_path=$localstatedir/lib/xen/dump +fi + + + +# Check whether --with-rundir was given. +if test "${with_rundir+set}" = set; then : + withval=$with_rundir; rundir_path=$withval +else + rundir_path=$localstatedir/run +fi + + + +# Check whether --with-debugdir was given. +if test "${with_debugdir+set}" = set; then : + withval=$with_debugdir; debugdir_path=$withval +else + debugdir_path=$prefix/lib/debug +fi + + +if test "$libexecdir" = '${exec_prefix}/libexec' ; then + case "$host_os" in + *netbsd*) ;; + *) + libexecdir='${exec_prefix}/lib' + ;; + esac +fi +LIBEXEC=`eval echo $libexecdir/$libexec_subdir` + + +LIBEXEC_BIN=${LIBEXEC}/bin + + +cat >>confdefs.h <<_ACEOF +#define LIBEXEC_BIN "$LIBEXEC_BIN" +_ACEOF + +LIBEXEC_LIB=${LIBEXEC}/lib + +LIBEXEC_INC=${LIBEXEC}/include + +XENFIRMWAREDIR=${LIBEXEC}/boot + + +cat >>confdefs.h <<_ACEOF +#define XENFIRMWAREDIR "$XENFIRMWAREDIR" +_ACEOF + + +XEN_RUN_DIR=$rundir_path/xen + + +cat >>confdefs.h <<_ACEOF +#define XEN_RUN_DIR "$XEN_RUN_DIR" +_ACEOF + + +XEN_LOG_DIR=$localstatedir/log/xen + + +cat >>confdefs.h <<_ACEOF +#define XEN_LOG_DIR "$XEN_LOG_DIR" +_ACEOF + + +XEN_RUN_STORED=$rundir_path/xenstored + + +cat >>confdefs.h <<_ACEOF +#define XEN_RUN_STORED "$XEN_RUN_STORED" +_ACEOF + + +XEN_LIB_DIR=$localstatedir/lib/xen + + +cat >>confdefs.h <<_ACEOF +#define XEN_LIB_DIR "$XEN_LIB_DIR" +_ACEOF + + +SHAREDIR=$prefix/share + + +INITD_DIR=$initddir_path + + +case "$host_os" in +*freebsd*) XEN_LOCK_DIR=$localstatedir/lib ;; +*netbsd*) XEN_LOCK_DIR=$rundir_path ;; +*) XEN_LOCK_DIR=$localstatedir/lock ;; +esac + + +cat >>confdefs.h <<_ACEOF +#define XEN_LOCK_DIR "$XEN_LOCK_DIR" +_ACEOF + + +XEN_PAGING_DIR=$localstatedir/lib/xen/xenpaging + + +XEN_DUMP_DIR=$xen_dumpdir_path + + +cat >>confdefs.h <<_ACEOF +#define XEN_DUMP_DIR "$XEN_DUMP_DIR" +_ACEOF + + +DEBUG_DIR=$debugdir_path + + + +case "$host_cpu" in + i[3456]86|x86_64) + arch_enable_stubdom=y + ;; + *) + arch_enable_stubdom=n + ;; +esac + +case "$host_os" in + freebsd*) + arch_enable_stubdom=n + ;; +esac + + + + +# Check whether --enable-xen was given. +if test "${enable_xen+set}" = set; then : + enableval=$enable_xen; + +if test "x$enableval" = "xyes"; then : + + +xen=y +SUBSYSTEMS="$SUBSYSTEMS xen" + + +else + +if test "x$enableval" = "xno"; then : + + +xen=n + + +fi + +fi + + +else + + +xen=y +SUBSYSTEMS="$SUBSYSTEMS xen" + + +fi + + +if test -e "xen/configure"; then : + +if test "x$xen" = "xy" || test "x$xen" = "x" ; then + subdirs="$subdirs xen" + +fi + +fi + + + + +# Check whether --enable-tools was given. +if test "${enable_tools+set}" = set; then : + enableval=$enable_tools; + +if test "x$enableval" = "xyes"; then : + + +tools=y +SUBSYSTEMS="$SUBSYSTEMS tools" + + +else + +if test "x$enableval" = "xno"; then : + + +tools=n + + +fi + +fi + + +else + + +tools=y +SUBSYSTEMS="$SUBSYSTEMS tools" + + +fi + + +if test -e "tools/configure"; then : + +if test "x$tools" = "xy" || test "x$tools" = "x" ; then + subdirs="$subdirs tools" + +fi + +fi + + + + +# Check whether --enable-stubdom was given. +if test "${enable_stubdom+set}" = set; then : + enableval=$enable_stubdom; + +if test "x$enableval" = "xyes"; then : + + +stubdom=y +SUBSYSTEMS="$SUBSYSTEMS stubdom" + + +else + +if test "x$enableval" = "xno"; then : + + +stubdom=n + + +fi + +fi + + +else + +if test "x$arch_enable_stubdom" = "xy"; then : + + +stubdom=y +SUBSYSTEMS="$SUBSYSTEMS stubdom" + + +else + + +stubdom=n + + +fi + +fi + + +if test -e "stubdom/configure"; then : + +if test "x$stubdom" = "xy" || test "x$stubdom" = "x" ; then + subdirs="$subdirs stubdom" + +fi + +fi + + + + +# Check whether --enable-docs was given. +if test "${enable_docs+set}" = set; then : + enableval=$enable_docs; + +if test "x$enableval" = "xyes"; then : + + +docs=y +SUBSYSTEMS="$SUBSYSTEMS docs" + + +else + +if test "x$enableval" = "xno"; then : + + +docs=n + + +fi + +fi + + +else + + +docs=y +SUBSYSTEMS="$SUBSYSTEMS docs" + + +fi + + +if test -e "docs/configure"; then : + +if test "x$docs" = "xy" || test "x$docs" = "x" ; then + subdirs="$subdirs docs" + +fi + +fi + + + + + + +echo "Will build the following subsystems:" +for x in $SUBSYSTEMS; do + echo " $x" +done + + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +# +# If the first sed substitution is executed (which looks for macros that +# take arguments), then branch to the quote section. Otherwise, +# look for a macro that doesn't take arguments. +ac_script=' +:mline +/\\$/{ + N + s,\\\n,, + b mline +} +t clear +:clear +s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g +t quote +s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g +t quote +b any +:quote +s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/\[/\\&/g +s/\]/\\&/g +s/\$/$$/g +H +:any +${ + g + s/^\n// + s/\n/ /g + p +} +' +DEFS=`sed -n "$ac_script" confdefs.h` + + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by Xen Hypervisor $as_me 4.19, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + +Configuration files: +$config_files + +Report bugs to . +Xen Hypervisor home page: ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +Xen Hypervisor config.status 4.19 +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h | --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config/Toplevel.mk") CONFIG_FILES="$CONFIG_FILES config/Toplevel.mk" ;; + "config/Paths.mk") CONFIG_FILES="$CONFIG_FILES config/Paths.mk" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + + +eval set X " :F $CONFIG_FILES " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + + + + esac + +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi + +# +# CONFIG_SUBDIRS section. +# +if test "$no_recursion" != yes; then + + # Remove --cache-file, --srcdir, and --disable-option-checking arguments + # so they do not pile up. + ac_sub_configure_args= + ac_prev= + eval "set x $ac_configure_args" + shift + for ac_arg + do + if test -n "$ac_prev"; then + ac_prev= + continue + fi + case $ac_arg in + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* \ + | --c=*) + ;; + --config-cache | -C) + ;; + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + ;; + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + ;; + --disable-option-checking) + ;; + *) + case $ac_arg in + *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append ac_sub_configure_args " '$ac_arg'" ;; + esac + done + + # Always prepend --prefix to ensure using the same prefix + # in subdir configurations. + ac_arg="--prefix=$prefix" + case $ac_arg in + *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + ac_sub_configure_args="'$ac_arg' $ac_sub_configure_args" + + # Pass --silent + if test "$silent" = yes; then + ac_sub_configure_args="--silent $ac_sub_configure_args" + fi + + # Always prepend --disable-option-checking to silence warnings, since + # different subdirs can have different --enable and --with options. + ac_sub_configure_args="--disable-option-checking $ac_sub_configure_args" + + ac_popdir=`pwd` + for ac_dir in : $subdirs; do test "x$ac_dir" = x: && continue + + # Do not complain, so a configure script can configure whichever + # parts of a large source tree are present. + test -d "$srcdir/$ac_dir" || continue + + ac_msg="=== configuring in $ac_dir (`pwd`/$ac_dir)" + $as_echo "$as_me:${as_lineno-$LINENO}: $ac_msg" >&5 + $as_echo "$ac_msg" >&6 + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + cd "$ac_dir" + + # Check for guested configure; otherwise get Cygnus style configure. + if test -f "$ac_srcdir/configure.gnu"; then + ac_sub_configure=$ac_srcdir/configure.gnu + elif test -f "$ac_srcdir/configure"; then + ac_sub_configure=$ac_srcdir/configure + elif test -f "$ac_srcdir/configure.in"; then + # This should be Cygnus configure. + ac_sub_configure=$ac_aux_dir/configure + else + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no configuration information is in $ac_dir" >&5 +$as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2;} + ac_sub_configure= + fi + + # The recursion is here. + if test -n "$ac_sub_configure"; then + # Make the cache file name correct relative to the subdirectory. + case $cache_file in + [\\/]* | ?:[\\/]* ) ac_sub_cache_file=$cache_file ;; + *) # Relative name. + ac_sub_cache_file=$ac_top_build_prefix$cache_file ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&5 +$as_echo "$as_me: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&6;} + # The eval makes quoting arguments work. + eval "\$SHELL \"\$ac_sub_configure\" $ac_sub_configure_args \ + --cache-file=\"\$ac_sub_cache_file\" --srcdir=\"\$ac_srcdir\"" || + as_fn_error $? "$ac_sub_configure failed for $ac_dir" "$LINENO" 5 + fi + + cd "$ac_popdir" + done +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + diff --git a/src/xen/configure.ac b/src/xen/configure.ac new file mode 100644 index 0000000000000000000000000000000000000000..19d9311c2ae481618ede44f0504d885c157953f2 --- /dev/null +++ b/src/xen/configure.ac @@ -0,0 +1,45 @@ +# -*- Autoconf -*- +# Process this file with autoconf to produce a configure script. + +AC_PREREQ([2.67]) +AC_INIT([Xen Hypervisor], m4_esyscmd([./version.sh ./xen/Makefile]), + [xen-devel@lists.xen.org], [xen], [https://www.xen.org/]) +AC_CONFIG_SRCDIR([./xen/common/kernel.c]) +AC_CONFIG_FILES([ + config/Toplevel.mk + config/Paths.mk +]) + +AC_CANONICAL_HOST + +m4_include([m4/features.m4]) +m4_include([m4/subsystem.m4]) +m4_include([m4/paths.m4]) + +AX_XEN_EXPAND_CONFIG() + +dnl mini-os is only ported to certain platforms +case "$host_cpu" in + i[[3456]]86|x86_64) + arch_enable_stubdom=y + ;; + *) + arch_enable_stubdom=n + ;; +esac + +dnl Stubdomains need some work in order to compile on FreeBSD +case "$host_os" in + freebsd*) + arch_enable_stubdom=n + ;; +esac + +AX_SUBSYSTEM_DEFAULT_ENABLE([xen]) +AX_SUBSYSTEM_DEFAULT_ENABLE([tools]) +AX_SUBSYSTEM_CONDITIONAL([stubdom], $arch_enable_stubdom) +AX_SUBSYSTEM_DEFAULT_ENABLE([docs]) + +AX_SUBSYSTEM_FINISH + +AC_OUTPUT() diff --git a/src/xen/docs/INDEX b/src/xen/docs/INDEX new file mode 100644 index 0000000000000000000000000000000000000000..e673edd75c313fb4f49a3ab13574d9789a11add2 --- /dev/null +++ b/src/xen/docs/INDEX @@ -0,0 +1,28 @@ +hypercall Hypercall Interfaces +hypercall/arm/index ARM +hypercall/x86_32/index x86_32 +hypercall/x86_64/index x86_64 + +man Man Pages + +misc Miscellaneous Documentation +misc/hvm-emulated-unplug Xen HVM emulated device unplug protocol +misc/console Xen PV Console notes +misc/xen-command-line Xen Hypervisor Command Line Options +misc/crashdb Xen crash debugger notes +misc/grant-tables A Rough Introduction to Using Grant Tables +misc/kexec_and_kdump Kexec and Kdump for Xen +misc/xenstore Xenstore protocol specification +misc/xenstore-paths Xenstore path documentation +misc/distro_mapping Distro Directory Layouts +misc/dump-core-format Xen Core Dump Format +misc/vtd VT-d HOWTO +misc/xen-error-handling Xen Error Handling +misc/xenpaging Xen Paging +misc/xsm-flask XSM/FLASK Configuration +misc/arm/booting How to boot Xen on ARM +misc/arm/early-printk Enabling early printk on ARM +misc/arm/passthrough Passthrough a device described in the Device Tree to a guest +misc/arm/device-tree/booting Device tree bindings to boot Xen +misc/arm/device-tree/passthrough Device tree binding to passthrough a device +features/dom0less.markdown Boot multiple domains from Xen in parallel diff --git a/src/xen/docs/Makefile b/src/xen/docs/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..966a104490ac4f0ab2d01597bb4c8f44da84230e --- /dev/null +++ b/src/xen/docs/Makefile @@ -0,0 +1,245 @@ +XEN_ROOT=$(CURDIR)/.. +include $(XEN_ROOT)/Config.mk +-include $(XEN_ROOT)/config/Docs.mk + +VERSION := $(shell $(MAKE) -C $(XEN_ROOT)/xen --no-print-directory xenversion) +DATE := $(shell date +%Y-%m-%d) + +DOC_ARCHES := arm x86_32 x86_64 +MAN_SECTIONS := 1 5 7 8 + +# Documentation sources to build +MAN-SRC-y := $(sort $(basename $(wildcard man/*.pod man/*.pandoc))) + +RST-SRC-y := $(sort $(filter-out %index.rst,$(shell find * -type f -name '*.rst' -print))) + +TXTSRC-y := $(sort $(shell find misc -name '*.txt' -print)) + +PANDOCSRC-y := $(sort $(shell find designs/ features/ misc/ process/ specs/ \( -name '*.pandoc' -o -name '*.md' \) -print)) + +# Documentation targets +$(foreach i,$(MAN_SECTIONS), \ + $(eval DOC_MAN$(i) := $(patsubst man/%.$(i),man$(i)/%.$(i), \ + $(filter %.$(i),$(MAN-SRC-y))))) + +DOC_HTML := html/SUPPORT.html \ + $(patsubst %.pandoc,html/%.html,$(PANDOCSRC-y)) \ + $(patsubst %.md,html/%.html,$(PANDOCSRC-y)) \ + $(patsubst %.rst,html/%.html,$(RST-SRC-y)) \ + $(patsubst %,html/%.html,$(MAN-SRC-y)) \ + $(patsubst %.txt,html/%.txt,$(TXTSRC-y)) \ + $(patsubst %,html/hypercall/%/index.html,$(DOC_ARCHES)) +DOC_TXT := $(patsubst %.txt,txt/%.txt,$(TXTSRC-y)) \ + $(patsubst %.pandoc,txt/%.txt,$(PANDOCSRC-y)) \ + $(patsubst %.md,txt/%.txt,$(PANDOCSRC-y)) \ + $(patsubst %.rst,txt/%.txt,$(RST-SRC-y)) \ + $(patsubst %,txt/%.txt,$(MAN-SRC-y)) +DOC_PDF := $(patsubst %.pandoc,pdf/%.pdf,$(PANDOCSRC-y)) \ + $(patsubst %.md,pdf/%.pdf,$(PANDOCSRC-y)) \ + $(patsubst %.rst,pdf/%.pdf,$(RST-SRC-y)) + +# Top level build targets +.PHONY: all +all: build + +.PHONY: build +build: html txt pdf man-pages figs + +.PHONY: sphinx-html +sphinx-html: + sphinx-build -b html . sphinx/html + +.PHONY: html +html: $(DOC_HTML) html/index.html + +.PHONY: txt +txt: $(DOC_TXT) + +.PHONY: figs +figs: +ifneq ($(FIG2DEV),) + $(MAKE) -C figs +else + @echo "fig2dev (transfig) not installed; skipping figs." +endif + +.PHONY: pdf +pdf: $(DOC_PDF) + +.PHONY: clean +clean: clean-man-pages + $(MAKE) -C figs clean + rm -rf .word_count *.aux *.dvi *.bbl *.blg *.glo *.idx *~ + rm -rf *.ilg *.log *.ind *.toc *.bak *.tmp core + rm -rf html txt pdf sphinx/html + +.PHONY: distclean +distclean: clean + rm -rf $(XEN_ROOT)/config/Docs.mk config.log config.status config.cache \ + autom4te.cache + +# Top level install targets + +.PHONY: man-pages install-man-pages clean-man-pages uninstall-man-pages + +# Metarules for generating manpages. Run with $(1) substitued for section +define GENERATE_MANPAGE_RULES + +# Real manpages +man$(1)/%.$(1): man/%.$(1).pod Makefile +ifneq ($(POD2MAN),) + @$(INSTALL_DIR) $$(@D) + $(POD2MAN) --release=$(VERSION) --name=$$* -s $(1) -c "Xen" $$< $$@ +else + @echo "pod2man not installed; skipping $$@" +endif + +man$(1)/%.$(1): man/%.$(1).pandoc Makefile +ifneq ($(PANDOC),) + @$(INSTALL_DIR) $$(@D) + $(PANDOC) --standalone -V title=$$* -V section=$(1) \ + -V date="$(DATE)" -V footer="$(VERSION)" \ + -V header=Xen $$< -t man --output $$@ +else + @echo "pandoc not installed; skipping $$@" +endif + +# HTML manpages +# sed used to fix up links between man-pages +# 1) L -> L +# 2) -> +html/man/%.$(1).html: man/%.$(1).pod Makefile +ifneq ($(POD2HTML),) + @$(INSTALL_DIR) $$(@D) + sed -r -e 's%L<([^>]+)\(([1-9])\)>%L<\1(\2)|relative:\1.\2.html>%g' $$< | \ + $(POD2HTML) | \ + sed -r -e 's%( href=")relative:%\1%g' > $$@ +else + @echo "pod2html not installed; skipping $$@" +endif + +html/man/%.$(1).html: man/%.$(1).pandoc Makefile +ifneq ($(PANDOC),) + @$(INSTALL_DIR) $$(@D) + $(PANDOC) --standalone $$< -t html --toc --output $$@ +else + @echo "pandoc not installed; skipping $$@" +endif + +# Text manpages +txt/man/%.$(1).txt: man/%.$(1).pod Makefile +ifneq ($(POD2TEXT),) + @$(INSTALL_DIR) $$(@D) + $(POD2TEXT) $$< $$@ +else + @echo "pod2text not installed; skipping $$@" +endif + +txt/man/%.$(1).txt: man/%.$(1).pandoc Makefile +ifneq ($(PANDOC),) + @$(INSTALL_DIR) $$(@D) + $(PANDOC) --standalone $$< -t plain --output $$@ +else + @echo "pandoc not installed; skipping $$@" +endif + +# Build +.PHONY: man$(1)-pages +man$(1)-pages: $$(DOC_MAN$(1)) + +# Install +.PHONY: install-man$(1)-pages +install-man$(1)-pages: man$(1)-pages + $(INSTALL_DIR) $(DESTDIR)$(mandir) + cp -r man$(1) $(DESTDIR)$(mandir) + +# Clean +.PHONY: clean-man$(1)-pages +clean-man$(1)-pages: + rm -rf man$(1) + +# Uninstall +.PHONY: uninstall-man$(1)-pages +uninstall-man$(1)-pages: + rm -f $(addprefix $(DESTDIR)$(mandir)/,$(DOC_MAN$(1))) + +# Link buld/install/clean to toplevel rules +man-pages: man$(1)-pages +install-man-pages: install-man$(1)-pages +clean-man-pages: clean-man$(1)-pages +uninstall-man-pages: uninstall-man$(1)-pages + +endef + +# Generate manpage rules for each section +$(foreach i,$(MAN_SECTIONS),$(eval $(call GENERATE_MANPAGE_RULES,$(i)))) + +.PHONY: install-html +install-html: html txt figs + $(INSTALL_DIR) $(DESTDIR)$(docdir) + [ ! -d html ] || cp -R html $(DESTDIR)$(docdir) + rm -f $(DESTDIR)$(docdir)/html/hypercall/*/.deps + +.PHONY: install +install: install-man-pages install-html + +.PHONY: uninstall-html +uninstall-html: + rm -rf $(DESTDIR)$(docdir) + +.PHONY: uninstall +uninstall: uninstall-man-pages uninstall-html + +# Individual file build targets +html/index.html: $(DOC_HTML) $(CURDIR)/gen-html-index INDEX + $(PERL) -w -- $(CURDIR)/gen-html-index -i INDEX html $(DOC_HTML) + +html/%.txt: %.txt + @$(INSTALL_DIR) $(@D) + $(INSTALL_DATA) $< $@ + + +# For non-x86 arches exclude the subarch whole x86 arch. +$(foreach i,$(filter-out x86_32 x86_64,$(DOC_ARCHES)),html/hypercall/$(i)/index.html): EXTRA_EXCLUDE := -X arch-x86 + +html/hypercall/%/index.html: $(CURDIR)/xen-headers Makefile + rm -rf $(@D) + $(INSTALL_DIR) $(@D) + $(PERL) -w $(CURDIR)/xen-headers -O $(@D) \ + -T 'arch-$* - Xen public headers' \ + $(patsubst %,-X arch-%,$(filter-out $*,$(DOC_ARCHES))) \ + $(patsubst %,-X xen-%,$(filter-out $*,$(DOC_ARCHES))) \ + $(EXTRA_EXCLUDE) \ + $(XEN_ROOT)/xen include/public include/xen/errno.h + +-include $(wildcard html/hypercall/*/.deps) + +txt/%.txt: %.txt + @$(INSTALL_DIR) $(@D) + $(INSTALL_DATA) $< $@ + +# Metarule for generating pandoc rules. +define GENERATE_PANDOC_RULE_RAW +$(1): $(2) +ifneq ($(PANDOC),) + @$(INSTALL_DIR) $$(@D) + $(PANDOC) --number-sections --toc --standalone $$< --output $$@ +else + @echo "pandoc not installed; skipping $$@" +endif +endef +define GENERATE_PANDOC_RULE +# $(1) is the target documentation format. $(2) is the source format. +$(call GENERATE_PANDOC_RULE_RAW,$(1)/%.$(1),%.$(2)) +endef + +$(foreach dst-fmt,pdf txt html,\ +$(foreach src-fmt,pandoc md rst,\ +$(eval $(call GENERATE_PANDOC_RULE,$(dst-fmt),$(src-fmt))))) + +$(eval $(call GENERATE_PANDOC_RULE_RAW,html/SUPPORT.html,$(XEN_ROOT)/SUPPORT.md)) + +ifeq (,$(findstring clean,$(MAKECMDGOALS))) +$(XEN_ROOT)/config/Docs.mk: + $(error You have to run ./configure before building docs) +endif diff --git a/src/xen/docs/README.colo b/src/xen/docs/README.colo new file mode 100644 index 0000000000000000000000000000000000000000..acb4ee5a0ad8326f3c4b1d3093f0d65003b9d7f5 --- /dev/null +++ b/src/xen/docs/README.colo @@ -0,0 +1,9 @@ +COLO FT/HA (COarse-grain LOck-stepping Virtual Machines for Non-stop Service) +project is a high availability solution. Both primary VM (PVM) and secondary VM +(SVM) run in parallel. They receive the same request from client, and generate +response in parallel too. If the response packets from PVM and SVM are +identical, they are released immediately. Otherwise, a VM checkpoint (on demand) +is conducted. + +See the website at https://wiki.xen.org/wiki/COLO_-_Coarse_Grain_Lock_Stepping +for details. diff --git a/src/xen/docs/README.remus b/src/xen/docs/README.remus new file mode 100644 index 0000000000000000000000000000000000000000..e41e045a109466213b39bf5099ee16652b229ccc --- /dev/null +++ b/src/xen/docs/README.remus @@ -0,0 +1,20 @@ +Remus provides fault tolerance for virtual machines by sending continuous +checkpoints to a backup, which will activate if the target VM fails. + +See the website at https://wiki.xen.org/wiki/Remus for details. + +Using Remus with libxl on Xen 4.5 and higher: + To enable network buffering, you need libnl 3.2.8 + or higher along with the development headers and command line utilities. + If your distro does not have the appropriate libnl3 version, you can find + the latest source tarball of libnl3 at http://www.carisma.slowglass.com/~tgr/libnl/ + +Disk replication: + VMs protected by Remus need to use DRBD based disk backends. Specifically, you + need a compile and install a custom version of DRBD, that is available publicly + at https://github.com/rshriram/remus-drbd + This code is based on DRBD 8.3.11 and uses a new replication protocol (named + protocol D) for asynchronous disk checkpoint replication. A protected VM's DRBD + disks on the primary and backup hosts need to be configured to use protocol D + as the replication protocol. An example resource configuration file can be found + in the aforementioned github repository. diff --git a/src/xen/docs/README.source b/src/xen/docs/README.source new file mode 100644 index 0000000000000000000000000000000000000000..f20fa92c2848b81d7f2f2f9b2491bf35cb0bdce1 --- /dev/null +++ b/src/xen/docs/README.source @@ -0,0 +1,32 @@ +Sphinx documentation: + +All source rendered by Sphinx is licensed under CC-BY-4.0. + +You are free to: + Share: + Copy and redistribute the material in any medium or format. + Adapt: + Remix, transform, and build upon the material for any purpose, even + commercially. + +Under the following terms: + Attribution: + You must give appropriate credit, provide a link to the license, and + indicate if changes were made. You may do so in any reasonable manner, but + not in any way that suggests the licensor endorses you or your use. + No additional restrictions: + You may not apply legal terms or technological measures that legally + restrict others from doing anything the license permits. + +See https://creativecommons.org/licenses/by/4.0/ for full details. + +This includes: + * All ReStructured Text files: docs/*/*.rst + * The Sphinx configuration file: docs/conf.py + * Content in Sphinx-exclusive subdirs: docs/*-guide/* + + +Other documentation: + +There are a variety of text documents in various formats. These, given no +explicit license guidance, fall under Xen's default GPL-2.0 license. diff --git a/src/xen/docs/admin-guide/index.rst b/src/xen/docs/admin-guide/index.rst new file mode 100644 index 0000000000000000000000000000000000000000..54e6f65de347532c900df8ee3434a174c946ea8d --- /dev/null +++ b/src/xen/docs/admin-guide/index.rst @@ -0,0 +1,8 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +Admin Guide +=========== + +.. toctree:: + introduction + microcode-loading diff --git a/src/xen/docs/admin-guide/introduction.rst b/src/xen/docs/admin-guide/introduction.rst new file mode 100644 index 0000000000000000000000000000000000000000..6da2758d709993aa2de625cd3346b7b98e810852 --- /dev/null +++ b/src/xen/docs/admin-guide/introduction.rst @@ -0,0 +1,40 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +Introduction +============ + +Xen is an open source, bare metal hypervisor. It runs as the most privileged +piece of software, and shares the resources of the hardware between virtual +machines. + +In Xen terminology, there are :term:`domains`, commonly abbreviated to +dom, which are identified by their numeric :term:`domid`. + +When Xen boots, dom0 is automatically started as well. Dom0 is a virtual +machine which, by default, is granted full permissions [1]_. A typical setup +might be: + +.. image:: xen-overview.drawio.svg + +Dom0 takes the role of :term:`control domain`, responsible for creating and +managing other virtual machines, and the role of :term:`hardware domain`, +responsible for hardware and marshalling guest I/O. + +Xen is deliberately minimal, and has no device drivers [2]_. Xen manages RAM, +schedules virtual CPUs on the available physical CPUs, and marshals +interrupts. + +Xen also provides a hypercall interface to guests, including event channels +(virtual interrupts), grant tables (shared memory), on which a lot of higher +level functionality is built. + +.. rubric:: Footnotes + +.. [1] A common misconception with Xen's architecture is that dom0 is somehow + different to other guests. The choice of id 0 is not an accident, and + follows in UNIX heritage. + +.. [2] This definition might be fuzzy. Xen can talk to common serial UARTs, + and knows how to drive various CPU internal devices such as IOMMUs, but + has no knowledge of network cards, disks, etc. All of that is the + hardware domains responsibility. diff --git a/src/xen/docs/admin-guide/microcode-loading.rst b/src/xen/docs/admin-guide/microcode-loading.rst new file mode 100644 index 0000000000000000000000000000000000000000..a07e25802fab3ccfb0d4e9a94fbc30bc53625d75 --- /dev/null +++ b/src/xen/docs/admin-guide/microcode-loading.rst @@ -0,0 +1,152 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +Microcode Loading +================= + +Like many other pieces of hardware, CPUs themselves have errata which are +discovered after shipping, and need to be addressed in the field. Microcode +can be considered as firmware for the processor, and updates are published as +needed by the CPU vendors. + +Microcode is included as part of the system firmware by an OEM, and a system +firmware update is the preferred way of obtaining updated microcode. However, +this is often not the most expedient way to get updates, so Xen supports +loading microcode itself. + +Distros typically package microcode updates for users, and may provide hooks +to cause microcode to be automatically loaded at boot time. Consult your dom0 +distro guidance for microcode loading. + +Microcode can make almost arbitrary changes to the processor, including to +software visible features. This includes removing features (e.g. the Haswell +TSX errata which necessitated disabling the feature entirely), or the addition +of brand new features (e.g. the Spectre v2 controls to work around speculative +execution vulnerabilities). + + +Boot time microcode loading +--------------------------- + +Where possible, microcode should be loaded at boot time. This allows the CPU +to be updated to its eventual configuration before Xen starts making setup +decisions based on the visible features. + +Xen will report during boot if it performed a microcode update:: + + [root@host ~]# xl dmesg | grep microcode + (XEN) microcode: CPU0 updated from revision 0x1a to 0x25, date = 2018-04-02 + (XEN) microcode: CPU2 updated from revision 0x1a to 0x25, date = 2018-04-02 + (XEN) microcode: CPU4 updated from revision 0x1a to 0x25, date = 2018-04-02 + (XEN) microcode: CPU6 updated from revision 0x1a to 0x25, date = 2018-04-02 + +The exact details printed are system and microcode specific. After boot, the +current microcode version can obtained from with dom0:: + + [root@host ~]# head /proc/cpuinfo + processor : 0 + vendor_id : GenuineIntel + cpu family : 6 + model : 60 + model name : Intel(R) Xeon(R) CPU E3-1240 v3 @ 3.40GHz + stepping : 3 + microcode : 0x25 + cpu MHz : 3392.148 + cache size : 8192 KB + physical id : 0 + + +Loading microcode from a single file +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Xen handles microcode blobs in the binary form shipped by vendors, which is +also the format which the processor accepts. This format contains header +information which Xen and various userspace tools can use to identify the +correct blob for a specific CPU. + +Tools such as Dracut will identify the correct blob for the current CPU, which +will be a few kilobytes, for minimal overhead during boot. + +Additionally, Xen is capable of handling a number of blobs concatenated +together, and will locate the appropriate blob based on the header +information. + +This option is less efficient during boot, but may be preferred in situations +where the exact CPU details aren't known ahead of booting (e.g. install +media). + +The file containing the blob(s) needs to be accessible to Xen as early as +possible. + +* For multiboot/multiboot2 boots, this is achieved by loading the file as a + multiboot module. The ``ucode=$num`` command line option can be used to + identify which multiboot module contains the microcode, including negative + indexing to count from the end. + +* For EFI boots, there isn't really a concept of modules. A microcode file + can be specified in the EFI configuration file with ``ucode=$file``. Use of + this mechanism will override any ``ucode=`` settings on the command line. + + +Loading microcode from a Linux initrd +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For systems using a Linux based dom0, it usually suffices to install the +appropriate distro package, and add ``ucode=scan`` to Xen's command line. + +Xen is compatible with the Linux initrd microcode protocol. The initrd is +expected to be generated with an uncompressed CPIO archive at the beginning +which contains contains one of these two files:: + + kernel/x86/microcode/GenuineIntel.bin + kernel/x86/microcode/AuthenticAMD.bin + +The ``ucode=scan`` command line option will cause Xen to search through all +modules to find any CPIO archives, and search the archive for the applicable +file. Xen will stop searching at the first match. + + +Runtime microcode loading +------------------------- + +.. warning:: + + If at all possible, microcode updates should be done by firmware updates, + or at boot time. Not all microcode updates (or parts thereof) can be + applied at runtime. + + Given the proprietary nature of microcode, we are unable to make any claim + that runtime microcode loading is risk-free. Any runtime microcode loading + needs adequate testing on a development instance before being rolled out to + production systems. + +The ``xen-ucode`` utility can be used to initiate a runtime microcode load:: + + [root@host ~]# xen-ucode + xen-ucode: Xen microcode updating tool + Usage: xen-ucode + [root@host ~]# + +The details of microcode blobs (if even packaged to begin with) are specific +to the dom0 distribution. Consult your dom0 OS documentation for details. +One example with a Linux dom0 on a Haswell system might look like:: + + [root@host ~]# xen-ucode /lib/firmware/intel-ucode/06-3c-03 + [root@host ~]# + +It will pass the blob to Xen, which will check to see whether the blob is +correct for the processor, and newer than the running microcode. + +If these checks pass, the entire system will be rendezvoused and an update +will be initiated on all CPUs in parallel. As with boot time loading, +diagnostics will be put out onto the console:: + + [root@host ~]# xl dmesg | grep microcode + (XEN) microcode: CPU0 updated from revision 0x1a to 0x25, date = 2018-04-02 + (XEN) microcode: CPU2 updated from revision 0x1a to 0x25, date = 2018-04-02 + (XEN) microcode: CPU4 updated from revision 0x1a to 0x25, date = 2018-04-02 + (XEN) microcode: CPU6 updated from revision 0x1a to 0x25, date = 2018-04-02 + (XEN) 4 cores are to update their microcode + (XEN) microcode: CPU0 updated from revision 0x25 to 0x27, date = 2019-02-26 + (XEN) microcode: CPU4 updated from revision 0x25 to 0x27, date = 2019-02-26 + (XEN) microcode: CPU2 updated from revision 0x25 to 0x27, date = 2019-02-26 + (XEN) microcode: CPU6 updated from revision 0x25 to 0x27, date = 2019-02-26 diff --git a/src/xen/docs/admin-guide/xen-overview.drawio.svg b/src/xen/docs/admin-guide/xen-overview.drawio.svg new file mode 100644 index 0000000000000000000000000000000000000000..f120cdf77a05e1f0e9c3f5ca46e4b2c8868051d3 --- /dev/null +++ b/src/xen/docs/admin-guide/xen-overview.drawio.svg @@ -0,0 +1,97 @@ + + + + + + + + Xen + + + + Dom0 + + + + DomU + + + + DomU + + + + Hardware + + + + NIC + + + + Disk + + + + Systems Services + + + + Applications + + + + Applications + + + + Kernel + + + + Net + + + + Block + + + + Kernel + + + + Kernel + + + + Net + + + + Block + + + + Net + + + + Block + + + + + + + + + + + + + + + + + diff --git a/src/xen/docs/conf.py b/src/xen/docs/conf.py new file mode 100644 index 0000000000000000000000000000000000000000..50e41501db8f95bd186818c49a8e6538d733012b --- /dev/null +++ b/src/xen/docs/conf.py @@ -0,0 +1,194 @@ +# -*- coding: utf-8 -*- +# SPDX-License-Identifier: CC-BY-4.0 +# +# Configuration file for the Sphinx documentation builder. +# +# This file does only contain a selection of the most common options. For a +# full list see the documentation: +# http://www.sphinx-doc.org/en/master/config + +# -- Path setup -------------------------------------------------------------- + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# +# import os +# import sys +# sys.path.insert(0, os.path.abspath('.')) + + +# -- Project information ----------------------------------------------------- + +project = u'Xen' +copyright = u'2019, The Xen development community' +author = u'The Xen development community' + +# Pull the Xen version straight out of the Makefile +try: + xen_ver = xen_subver = xen_extra = None + + for line in open(u"../xen/Makefile"): + if line.startswith(u"export XEN_VERSION"): + xen_ver = line.split(u"=")[1].strip() + elif line.startswith(u"export XEN_SUBVERSION"): + xen_subver = line.split(u"=")[1].strip() + elif line.startswith(u"export XEN_EXTRAVERSION"): + xen_extra = line.split(u"=")[1].split(u"$", 1)[0].strip() +except: + pass +finally: + if xen_ver and xen_subver and xen_extra: + version = xen_ver + u"." + xen_subver + release = version + xen_extra + else: + version = release = u"unknown version" + +# -- General configuration --------------------------------------------------- + +# If your documentation needs a minimal Sphinx version, state it here. +# +needs_sphinx = '1.4' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix(es) of source filenames. +# You can specify multiple suffix as a list of string: +# +# source_suffix = ['.rst', '.md'] +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# +# This is also used if you do content translation via gettext catalogs. +# Usually you set "language" from the command line for these cases. +language = None + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +# This pattern also affects html_static_path and html_extra_path. +exclude_patterns = [u'sphinx/output', 'Thumbs.db', '.DS_Store'] + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = None + +primary_domain = 'c' +highlight_language = 'none' + +# -- Options for HTML output ------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +# +try: + import sphinx_rtd_theme + html_theme = 'sphinx_rtd_theme' + html_theme_path = [sphinx_rtd_theme.get_html_theme_path()] +except ImportError: + sys.stderr.write('Warning: The Sphinx \'sphinx_rtd_theme\' HTML theme was not found. Make sure you have the theme installed to produce pretty HTML output. Falling back to the default theme.\n') + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# +# html_theme_options = {} + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = [] + +# Custom sidebar templates, must be a dictionary that maps document names +# to template names. +# +# The default sidebars (for documents that don't match any pattern) are +# defined by theme itself. Builtin themes are using these templates by +# default: ``['localtoc.html', 'relations.html', 'sourcelink.html', +# 'searchbox.html']``. +# +# html_sidebars = {} + + +# -- Options for HTMLHelp output --------------------------------------------- + +# Output file base name for HTML help builder. +htmlhelp_basename = 'Xendoc' + + +# -- Options for LaTeX output ------------------------------------------------ + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # + # 'preamble': '', + + # Latex figure (float) alignment + # + # 'figure_align': 'htbp', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + (master_doc, 'Xen.tex', u'Xen Documentation', + u'The Xen development community', 'manual'), +] + + +# -- Options for manual page output ------------------------------------------ + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + (master_doc, 'xen', u'Xen Documentation', + [author], 1) +] + + +# -- Options for Texinfo output ---------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + (master_doc, 'Xen', u'Xen Documentation', + author, 'Xen', 'One line description of project.', + 'Miscellaneous'), +] + + +# -- Options for Epub output ------------------------------------------------- + +# Bibliographic Dublin Core info. +epub_title = project + +# The unique identifier of the text. This can be a ISBN number +# or the project homepage. +# +# epub_identifier = '' + +# A unique identification for the text. +# +# epub_uid = '' + +# A list of files that should not be packed into the epub file. +epub_exclude_files = ['search.html'] diff --git a/src/xen/docs/configure b/src/xen/docs/configure new file mode 100755 index 0000000000000000000000000000000000000000..b55e67e93a8f1fab62420edb9ce55c757e80bb49 --- /dev/null +++ b/src/xen/docs/configure @@ -0,0 +1,3488 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for Xen Hypervisor Documentation 4.19. +# +# Report bugs to . +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and +$0: xen-devel@lists.xen.org about your system, including +$0: any error possibly output before this message. Then +$0: install a modern shell, or manually run the script +$0: under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='Xen Hypervisor Documentation' +PACKAGE_TARNAME='xen' +PACKAGE_VERSION='4.19' +PACKAGE_STRING='Xen Hypervisor Documentation 4.19' +PACKAGE_BUGREPORT='xen-devel@lists.xen.org' +PACKAGE_URL='https://www.xen.org/' + +ac_unique_file="misc/xen-command-line.pandoc" +ac_subst_vars='LTLIBOBJS +LIBOBJS +PERL +PANDOC +POD2TEXT +POD2HTML +POD2MAN +FIG2DEV +DEBUG_DIR +XEN_DUMP_DIR +XEN_PAGING_DIR +XEN_LOCK_DIR +INITD_DIR +SHAREDIR +XEN_LIB_DIR +XEN_RUN_STORED +XEN_LOG_DIR +XEN_RUN_DIR +XENFIRMWAREDIR +LIBEXEC_INC +LIBEXEC_LIB +LIBEXEC_BIN +LIBEXEC +XEN_SCRIPT_DIR +CONFIG_LEAF_DIR +XEN_CONFIG_DIR +CONFIG_DIR +XENSTORED_PORT +XENSTORED_KVA +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +runstatedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +with_initddir +with_sysconfig_leaf_dir +with_libexec_leaf_dir +with_xen_scriptdir +with_xen_dumpdir +with_rundir +with_debugdir +' + ac_precious_vars='build_alias +host_alias +target_alias +FIG2DEV +POD2MAN +POD2HTML +POD2TEXT +PANDOC +PERL' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir runstatedir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures Xen Hypervisor Documentation 4.19 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/xen] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of Xen Hypervisor Documentation 4.19:";; + esac + cat <<\_ACEOF + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-initddir=DIR Path to directory with sysv runlevel scripts. + [SYSCONFDIR/init.d] + --with-sysconfig-leaf-dir=SUBDIR + Name of subdirectory in /etc to store runtime + options for runlevel scripts and daemons such as + xenstored. This should be either "sysconfig" or + "default". [sysconfig] + --with-libexec-leaf-dir=SUBDIR + Name of subdirectory in libexecdir to use. + --with-xen-scriptdir=DIR + Path to directory for dom0 hotplug scripts. + [SYSCONFDIR/xen/scripts] + --with-xen-dumpdir=DIR Path to directory for domU crash dumps. + [LOCALSTATEDIR/lib/xen/dump] + --with-rundir=DIR Path to directory for runtime data. + [LOCALSTATEDIR/run] + --with-debugdir=DIR Path to directory for debug symbols. + [PREFIX/lib/debug] + +Some influential environment variables: + FIG2DEV Path to fig2dev tool + POD2MAN Path to pod2man tool + POD2HTML Path to pod2html tool + POD2TEXT Path to pod2text tool + PANDOC Path to pandoc tool + PERL Path to Perl parser + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to . +Xen Hypervisor Documentation home page: . +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +Xen Hypervisor Documentation configure 4.19 +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by Xen Hypervisor Documentation $as_me 4.19, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + +ac_config_files="$ac_config_files ../config/Docs.mk man/xl.cfg.5.pod man/xl.1.pod man/xl-disk-configuration.5.pod man/xl-network-configuration.5.pod man/xl.conf.5.pod" + +ac_aux_dir= +for ac_dir in ../ "$srcdir"/../; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in ../ \"$srcdir\"/../" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + + +# M4 Macro includes + + + + + + + + + + + + + + +case "$host_os" in +*freebsd*) XENSTORED_KVA=/dev/xen/xenstored ;; +*) XENSTORED_KVA=/proc/xen/xsd_kva ;; +esac + + +case "$host_os" in +*freebsd*) XENSTORED_PORT=/dev/xen/xenstored ;; +*) XENSTORED_PORT=/proc/xen/xsd_port ;; +esac + + + + +test "x$prefix" = "xNONE" && prefix=$ac_default_prefix +test "x$exec_prefix" = "xNONE" && exec_prefix=${prefix} + +if test "$localstatedir" = '${prefix}/var' ; then + localstatedir=/var +fi + +bindir=`eval echo $bindir` +sbindir=`eval echo $sbindir` +libdir=`eval echo $libdir` + +if test "x$sysconfdir" = 'x${prefix}/etc' ; then + case "$host_os" in + *freebsd*) + sysconfdir=$prefix/etc + ;; + *solaris*) + if test "$prefix" = "/usr" ; then + sysconfdir=/etc + else + sysconfdir=$prefix/etc + fi + ;; + *) + sysconfdir=/etc + ;; + esac +fi + +CONFIG_DIR=$sysconfdir + + +XEN_CONFIG_DIR=$CONFIG_DIR/xen + + +cat >>confdefs.h <<_ACEOF +#define XEN_CONFIG_DIR "$XEN_CONFIG_DIR" +_ACEOF + + + +# Check whether --with-initddir was given. +if test "${with_initddir+set}" = set; then : + withval=$with_initddir; initddir_path=$withval +else + case "$host_os" in + *linux*) + if test -d $sysconfdir/rc.d/init.d ; then + initddir_path=$sysconfdir/rc.d/init.d + else + initddir_path=$sysconfdir/init.d + fi + ;; + *) + initddir_path=$sysconfdir/rc.d + ;; + esac +fi + + + +# Check whether --with-sysconfig-leaf-dir was given. +if test "${with_sysconfig_leaf_dir+set}" = set; then : + withval=$with_sysconfig_leaf_dir; config_leaf_dir=$withval +else + config_leaf_dir=sysconfig + if test ! -d /etc/sysconfig ; then config_leaf_dir=default ; fi +fi + +CONFIG_LEAF_DIR=$config_leaf_dir + + + +# Check whether --with-libexec-leaf-dir was given. +if test "${with_libexec_leaf_dir+set}" = set; then : + withval=$with_libexec_leaf_dir; libexec_subdir=$withval +else + libexec_subdir=$PACKAGE_TARNAME +fi + + + +# Check whether --with-xen-scriptdir was given. +if test "${with_xen_scriptdir+set}" = set; then : + withval=$with_xen_scriptdir; xen_scriptdir_path=$withval +else + xen_scriptdir_path=$XEN_CONFIG_DIR/scripts +fi + +XEN_SCRIPT_DIR=$xen_scriptdir_path + + +cat >>confdefs.h <<_ACEOF +#define XEN_SCRIPT_DIR "$XEN_SCRIPT_DIR" +_ACEOF + + + +# Check whether --with-xen-dumpdir was given. +if test "${with_xen_dumpdir+set}" = set; then : + withval=$with_xen_dumpdir; xen_dumpdir_path=$withval +else + xen_dumpdir_path=$localstatedir/lib/xen/dump +fi + + + +# Check whether --with-rundir was given. +if test "${with_rundir+set}" = set; then : + withval=$with_rundir; rundir_path=$withval +else + rundir_path=$localstatedir/run +fi + + + +# Check whether --with-debugdir was given. +if test "${with_debugdir+set}" = set; then : + withval=$with_debugdir; debugdir_path=$withval +else + debugdir_path=$prefix/lib/debug +fi + + +if test "$libexecdir" = '${exec_prefix}/libexec' ; then + case "$host_os" in + *netbsd*) ;; + *) + libexecdir='${exec_prefix}/lib' + ;; + esac +fi +LIBEXEC=`eval echo $libexecdir/$libexec_subdir` + + +LIBEXEC_BIN=${LIBEXEC}/bin + + +cat >>confdefs.h <<_ACEOF +#define LIBEXEC_BIN "$LIBEXEC_BIN" +_ACEOF + +LIBEXEC_LIB=${LIBEXEC}/lib + +LIBEXEC_INC=${LIBEXEC}/include + +XENFIRMWAREDIR=${LIBEXEC}/boot + + +cat >>confdefs.h <<_ACEOF +#define XENFIRMWAREDIR "$XENFIRMWAREDIR" +_ACEOF + + +XEN_RUN_DIR=$rundir_path/xen + + +cat >>confdefs.h <<_ACEOF +#define XEN_RUN_DIR "$XEN_RUN_DIR" +_ACEOF + + +XEN_LOG_DIR=$localstatedir/log/xen + + +cat >>confdefs.h <<_ACEOF +#define XEN_LOG_DIR "$XEN_LOG_DIR" +_ACEOF + + +XEN_RUN_STORED=$rundir_path/xenstored + + +cat >>confdefs.h <<_ACEOF +#define XEN_RUN_STORED "$XEN_RUN_STORED" +_ACEOF + + +XEN_LIB_DIR=$localstatedir/lib/xen + + +cat >>confdefs.h <<_ACEOF +#define XEN_LIB_DIR "$XEN_LIB_DIR" +_ACEOF + + +SHAREDIR=$prefix/share + + +INITD_DIR=$initddir_path + + +case "$host_os" in +*freebsd*) XEN_LOCK_DIR=$localstatedir/lib ;; +*netbsd*) XEN_LOCK_DIR=$rundir_path ;; +*) XEN_LOCK_DIR=$localstatedir/lock ;; +esac + + +cat >>confdefs.h <<_ACEOF +#define XEN_LOCK_DIR "$XEN_LOCK_DIR" +_ACEOF + + +XEN_PAGING_DIR=$localstatedir/lib/xen/xenpaging + + +XEN_DUMP_DIR=$xen_dumpdir_path + + +cat >>confdefs.h <<_ACEOF +#define XEN_DUMP_DIR "$XEN_DUMP_DIR" +_ACEOF + + +DEBUG_DIR=$debugdir_path + + + + + + # Extract the first word of "fig2dev", so it can be a program name with args. +set dummy fig2dev; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_FIG2DEV+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $FIG2DEV in + [\\/]* | ?:[\\/]*) + ac_cv_path_FIG2DEV="$FIG2DEV" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_FIG2DEV="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +FIG2DEV=$ac_cv_path_FIG2DEV +if test -n "$FIG2DEV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FIG2DEV" >&5 +$as_echo "$FIG2DEV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if ! test -x "$ac_cv_path_FIG2DEV"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: fig2dev is not available so some documentation won't be built" >&5 +$as_echo "$as_me: WARNING: fig2dev is not available so some documentation won't be built" >&2;} + +fi + + + + # Extract the first word of "pod2man", so it can be a program name with args. +set dummy pod2man; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_POD2MAN+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $POD2MAN in + [\\/]* | ?:[\\/]*) + ac_cv_path_POD2MAN="$POD2MAN" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_POD2MAN="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +POD2MAN=$ac_cv_path_POD2MAN +if test -n "$POD2MAN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $POD2MAN" >&5 +$as_echo "$POD2MAN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if ! test -x "$ac_cv_path_POD2MAN"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pod2man is not available so some documentation won't be built" >&5 +$as_echo "$as_me: WARNING: pod2man is not available so some documentation won't be built" >&2;} + +fi + + + + # Extract the first word of "pod2html", so it can be a program name with args. +set dummy pod2html; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_POD2HTML+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $POD2HTML in + [\\/]* | ?:[\\/]*) + ac_cv_path_POD2HTML="$POD2HTML" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_POD2HTML="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +POD2HTML=$ac_cv_path_POD2HTML +if test -n "$POD2HTML"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $POD2HTML" >&5 +$as_echo "$POD2HTML" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if ! test -x "$ac_cv_path_POD2HTML"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pod2html is not available so some documentation won't be built" >&5 +$as_echo "$as_me: WARNING: pod2html is not available so some documentation won't be built" >&2;} + +fi + + + + # Extract the first word of "pod2text", so it can be a program name with args. +set dummy pod2text; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_POD2TEXT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $POD2TEXT in + [\\/]* | ?:[\\/]*) + ac_cv_path_POD2TEXT="$POD2TEXT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_POD2TEXT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +POD2TEXT=$ac_cv_path_POD2TEXT +if test -n "$POD2TEXT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $POD2TEXT" >&5 +$as_echo "$POD2TEXT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if ! test -x "$ac_cv_path_POD2TEXT"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pod2text is not available so some documentation won't be built" >&5 +$as_echo "$as_me: WARNING: pod2text is not available so some documentation won't be built" >&2;} + +fi + + + + # Extract the first word of "pandoc", so it can be a program name with args. +set dummy pandoc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PANDOC+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PANDOC in + [\\/]* | ?:[\\/]*) + ac_cv_path_PANDOC="$PANDOC" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PANDOC="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PANDOC=$ac_cv_path_PANDOC +if test -n "$PANDOC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PANDOC" >&5 +$as_echo "$PANDOC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if ! test -x "$ac_cv_path_PANDOC"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pandoc is not available so some documentation won't be built" >&5 +$as_echo "$as_me: WARNING: pandoc is not available so some documentation won't be built" >&2;} + +fi + + + +# Extract the first word of "perl", so it can be a program name with args. +set dummy perl; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PERL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PERL in + [\\/]* | ?:[\\/]*) + ac_cv_path_PERL="$PERL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PERL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_PERL" && ac_cv_path_PERL="no" + ;; +esac +fi +PERL=$ac_cv_path_PERL +if test -n "$PERL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL" >&5 +$as_echo "$PERL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +if test x"${PERL}" = x"no" +then + as_fn_error $? "Unable to find perl, please install perl" "$LINENO" 5 +fi + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +# +# If the first sed substitution is executed (which looks for macros that +# take arguments), then branch to the quote section. Otherwise, +# look for a macro that doesn't take arguments. +ac_script=' +:mline +/\\$/{ + N + s,\\\n,, + b mline +} +t clear +:clear +s/^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*([^)]*)\)[ ]*\(.*\)/-D\1=\2/g +t quote +s/^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)/-D\1=\2/g +t quote +b any +:quote +s/[ `~#$^&*(){}\\|;'\''"<>?]/\\&/g +s/\[/\\&/g +s/\]/\\&/g +s/\$/$$/g +H +:any +${ + g + s/^\n// + s/\n/ /g + p +} +' +DEFS=`sed -n "$ac_script" confdefs.h` + + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by Xen Hypervisor Documentation $as_me 4.19, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + +Configuration files: +$config_files + +Report bugs to . +Xen Hypervisor Documentation home page: ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +Xen Hypervisor Documentation config.status 4.19 +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h | --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "../config/Docs.mk") CONFIG_FILES="$CONFIG_FILES ../config/Docs.mk" ;; + "man/xl.cfg.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl.cfg.5.pod" ;; + "man/xl.1.pod") CONFIG_FILES="$CONFIG_FILES man/xl.1.pod" ;; + "man/xl-disk-configuration.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl-disk-configuration.5.pod" ;; + "man/xl-network-configuration.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl-network-configuration.5.pod" ;; + "man/xl.conf.5.pod") CONFIG_FILES="$CONFIG_FILES man/xl.conf.5.pod" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + + +eval set X " :F $CONFIG_FILES " +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + + + + esac + +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + diff --git a/src/xen/docs/configure.ac b/src/xen/docs/configure.ac new file mode 100644 index 0000000000000000000000000000000000000000..c2e5edd3b3d773f5ac387902d7fa216782ae9041 --- /dev/null +++ b/src/xen/docs/configure.ac @@ -0,0 +1,35 @@ +# -*- Autoconf -*- +# Process this file with autoconf to produce a configure script. + +AC_PREREQ([2.67]) +AC_INIT([Xen Hypervisor Documentation], m4_esyscmd([../version.sh ../xen/Makefile]), + [xen-devel@lists.xen.org], [xen], [https://www.xen.org/]) +AC_CONFIG_SRCDIR([misc/xen-command-line.pandoc]) +AC_CONFIG_FILES([ +../config/Docs.mk +man/xl.cfg.5.pod +man/xl.1.pod +man/xl-disk-configuration.5.pod +man/xl-network-configuration.5.pod +man/xl.conf.5.pod +]) +AC_CONFIG_AUX_DIR([../]) + +# M4 Macro includes +m4_include([../m4/docs_tool.m4]) +m4_include([../m4/path_or_fail.m4]) +m4_include([../m4/features.m4]) +m4_include([../m4/paths.m4]) + +AX_XEN_EXPAND_CONFIG() + +AX_DOCS_TOOL_PROG([FIG2DEV], [fig2dev]) +AX_DOCS_TOOL_PROG([POD2MAN], [pod2man]) +AX_DOCS_TOOL_PROG([POD2HTML], [pod2html]) +AX_DOCS_TOOL_PROG([POD2TEXT], [pod2text]) +AX_DOCS_TOOL_PROG([PANDOC], [pandoc]) + +AC_ARG_VAR([PERL], [Path to Perl parser]) +AX_PATH_PROG_OR_FAIL([PERL], [perl]) + +AC_OUTPUT() diff --git a/src/xen/docs/designs/argo.pandoc b/src/xen/docs/designs/argo.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..e18aacea7c673c350811f85ab4aa7254cc8a39da --- /dev/null +++ b/src/xen/docs/designs/argo.pandoc @@ -0,0 +1,493 @@ +# Argo + +## Introduction + +Argo is an interdomain communication mechanism. It provides Xen hypervisor +primitives to transmit data between VMs, by performing data copies into +receive memory rings registered by domains. It does not require memory +sharing between VMs and does not use the grant tables or Xenstore. + +Argo has requirements for performance isolation between domains, to prevent +negative performance impact from malicious or disruptive activity of other +domains, or even other VCPUs of the same domain operating other rings. + +## Hypervisor-Mediated data eXchange (HMX) + +This term references inter-VM communication protocols that have this +key architectural point: The hypervisor is responsible for performing the +write of data into the guest-accessible memory buffer, in the manner +according to the agreed transfer protocol. This structure ensures that +there is strength to the transport mechanism, because the transmitting side +of the communication is the hypervisor, which can be trusted by the receiver, +and the buffer is isolated from access by any other potential sources +outside the receiver. + +The receiver can trust that the hypervisor will: + +- Provide a protocol implementation adhering to hardware synchronization +requirements for concurrent access to system memory by communicating +components +- Deliver data only from an approved source, enforcing policy for Mandatory +Access Control. +- Indicate the correct sender of the data. +- Transmit only the intended data, adhering to the access protocol of the data +structure in the buffer. If the memory region is being used as a ring, then: + - Data writes will only occur within the ring region that is indicated as + available for incoming data by the ring indexes. + - The indicated length of data written will exactly match the length of + data actually written. + - The write for each piece of data will occur only once. + - Data will be written sequentially in the order that it is sent. +- Issue notification of data delivered correctly. + +This structure allows for augmentation by the hypervisor to identify the +sending entity within the source VM, and then provide the receiver with +assured context information about the data source. This enables the receiver +to make decisions based on fine-grained knowledge of the source of the data. + +This structure is also of strong interest for nested virtualization: +transport via the hypervisor can enable construction of efficient +communications between VMs at different levels of nesting. + +# Locking + +Since Argo operates a data path between domains, sections of this code are +*hot* when the communication paths are in use. To encourage high performance, a +goal is to limit mutual exclusion to only where required and enable significant +concurrency. + +Avoidance of deadlock is essential and since state must frequently be updated +that pertains to more than one domain, a locking protocol defines which locks +are needed and the order of their acquistion. + +## Structure + +The granular locking structure of Argo enables: + +1. Performance isolation of guests +2. Avoidance of DoS of rings by domains that are not authorized to send to them +3. Deadlock-free teardown of state across multiple domains on domain destroy +4. Performance of guests using Argo with concurrent operation of rings. + +Argo uses three per-domain locks to protect three separate data structures. +Access to the ring_hash data structure is confined to domains that a +ring-registering domain has authorized to send data via the ring. The complete +set of Argo locks is: + +* Global : `L1_global_argo_rwlock` +* Per-domain: `rings_L2_rwlock` +* Per-domain: `send_L2_lock` +* Per-domain: `wildcard_L2_lock` +* Per-ring: `L3_lock` + +## Protected State + +The data structures being protected by the locks are all per-domain. The only +global Argo state is the `L1_global_argo_rwlock` used to coordinate access to +data structures of other domains. + +### State: Rings registered and owned by a domain + +This includes the state to run that ring, such as memory frame numbers and +established mappings. Per-ring state is protected by its own lock, so that +multiple VCPUs of the same domain operating different rings do not inhibit the +performance of each other. + +The per-domain ring state also includes the list of pending notifications for +other domains that are waiting for ring space availability. + +### State: Partner rings for which this domain is the single allowed sender + +This state belonging to the permitted sender is written to when a ring is +registered by another domain. The lock that protects this state is subject to +locking at arbitrary frequency by those foreign domains when registering rings +-- which do not need any permission granted by this domain in order to register +a ring to communicate with it -- so it must not inhibit the domain's own +ability to use its own rings, to protect them from DoS. For this reason, this +state is protected by its own lock. + +### State: Pending notifications for wildcard rings registered by other domains + +This data structure is needed when a domain is destroyed, to cancel the +outstanding space availability notifications about the wildcard rings of other +domains that this domain has queried. + +Data is entered into this data structure by the domain that owns it, either by +a space-inhibited sendv or a notify operation. + +Data is removed from this data structure in one of three cases: when space +becomes available in the destination ring and the notification is sent, when +the ring is torn down, or when the awaiting domain is destroyed. + +In the case where a notification is sent, access to the data structure is +triggered by the ring owner domain, rather than the domain waiting for +notification. This data structure is protected by its own lock since doing so +entails less contention than the alternative of reusing an existing lock owned +by the domain. + +## Hierarchical Locking Model and Protocol + +The locking discipline within the Argo code is heirarchical and utilizes +reader/writer locks to enable increased concurrency when operations do not +conflict. None of the Argo locks are reentrant. + +The hierarchy: + +* There is a global rwlock (`L1`) to protect access to all of the per-domain +argo data structures. +* There is a rwlock per-domain (`rings_L2`) to protect the hashtable of the +per-ring data structures. +* There is a lock per ring (`L3`) to protect the per-ring data structure, +`struct argo_ring_info`. + +There are a two other per-domain L2 locks; their operation is similar and they +are described later. + +The protocol to safely acquire write access to the per-ring data structure, +`struct argo_ring_info`, is: + +1) Acquire a Read lock on L1. +2) Acquire a Read lock on L2. +3) Acquire L3. + +An alternative valid sequence is: + +1) Acquire a Read lock on L1. +2) Acquire a Write lock on L2. + +This second sequence grants write access to _all_ of the `argo_ring_info` +structs belonging to the domain, but at the expense of less concurrency: no +other operation can access those structs while the locks are held, which will +inhibit operations on those rings until the locks are released. + +Another alternative valid sequence is: + +1) Acquire a Write lock on L1. + +This grants write access to _all_ of the `argo_ring_info` structs belonging to +_all domains_, but again at the expense of far less concurrency: no other +operation can operate on Argo rings until the locks are released. + +## Lock Definitions + +The full set of locks that are directly operated upon by the Argo code are +described in the following section. + +### The global singleton lock: + +* `L1_global_argo_rwlock` + +The rationale for having a global lock is to be able to enforce system-wide +exclusion for a critical region and simplify the logic required to avoid +deadlock, for teardown of state across multiple domains when a domain is +destroyed. + +The majority of operations take a read-lock on this lock, allowing concurrent +Argo operations by many domains. + +The pointer d->argo on every domain is protected by this lock. A set of more +granular per-domain locks could be used to do that, but since domain start and +stop is expected to be a far less frequent operation than the other argo +operations, acquiring a single read lock to enable access to all the argo +structs of all domains simplifies the protocol. + +Points of write-locking on this lock: + +* `argo_destroy`, where: + * All of the domain's own rings are destroyed. + * All of the notifications pending for other domains are cancelled. + * All of the unicast partner rings owned by other domains for this domain to +send to, are destroyed. + * All of the notifications pending on those rings are cancelled. + * All of the notifications pending for this domain on wildcard rings owned +by other domains are cancelled. +* `argo_soft_reset`, for similar teardown operations as argo_destroy. +* `argo_init`, where the `d->argo` pointer is first populated. + * Since the write lock is taken here, there is serialization all concurrent +Argo operations around this single pointer write; this is the cost of using the +simpler one global lock approach. + +Enforcing that the write_lock is acquired on `L1_global_argo_rwlock` before +executing teardown, ensures that no teardown operations act concurrently and no +other Argo operations happen concurrently with a teardown. The teardown logic +is free to safely modify the Argo state across all domains without having to +acquire per-domain locks and deadlock cannot occur. + +### Per-Domain: Ring hash lock + +`rings_L2_rwlock` + +Protects: the per-domain ring hash table of `argo_ring_info` structs. + +Holding a read lock on `rings_L2` protects the ring hash table and the elements +in the hash table `d->argo->ring_hash`, and the `node` and `id` fields in +struct `argo_ring_info` in the hash table. + +Holding a write lock on `rings_L2` protects all of the elements of all the +struct `argo_ring_info` belonging to this domain. + +To take `rings_L2` you must already have `R(L1)`. `W(L1)` implies `W(rings_L2)` +and `L3`. + +Prerequisites: + +* `R(L1_global_argo_rwlock)` must be acquired before taking either read or +write on `rings_L2_rwlock`. +* `W(L1_global_argo_rwlock)` implies `W(rings_L2_rwlock)`, so if +`W(L1_global_argo_rwlock)` is held, then `rings_L2_rwlock` does not need to be +acquired, and all the data structures that `rings_L2_rwlock` protects can be +accessed as if `W(ring_L2_rwlock)` was held. + +Is accessed by the hypervisor on behalf of: + +* The domain that registered the ring. +* Any domain that is allowed to send to the ring -- so that's the partner +domain, for unicast rings, or any domain, for wildcard rings. + +### Send hash lock + +`send_L2_lock` + +Protects: the per-domain send hash table of `argo_send_info` structs. + +Is accessed by the hypervisor on behalf of: + +* Any domain that registers a ring that specifies the domain as the unicast +sender. +* The domain that has been allowed to send, as part of teardown when the domain +is being destroyed. + + +### Wildcard pending list lock + +`wildcard_L2_lock` + +Protects: the per-domain list of pending notifications to the domain from +wildcard rings owned by other domains. + +Is accessed by the hypervisor on behalf of: + +* The domain that issued a query to another about space availability in one of +its wildcard rings - this can be done by attempting a send operation when there +is insufficient ring space available at the time. +* Any domain that the domain has issued a query to about space availability in +one of their wildcard rings. + +### Per-Ring locks: + +* `L3_lock` + +This lock protects the members of a `struct ring_info` which is the primary +state for a domain's own registered ring. + + +## Reasoning Model + +A common model for reasoning about concurrent code focusses on accesses to +individual variables: if code touches this variable, see that it first acquires +the corresponding lock and then drops it afterwards. A challenge with this +model is in ensuring that the sequence of locks acquired within nested +functions, when operating on data from multiple domains with concurrent +operations, is safe from deadlock. + +An alternative method that is better suited to the Argo software is to consider +the execution path, the full sequence of locks acquired, accesses performed, +and locks released, from entering an operation, to the completion of the work. + +An example code path for an operation: + +`[entry] > -- [ take R(L1) ] -- [ take R(L2) ] -- loop [ take a L3 / drop L3 ] +-- [ drop R(L2) ] -- [ drop R(L1)] -- > [exit]` + +If a function implements a section of the path, it is important to know not +only what variables the function itself operates upon, but also the locking +state that will already have been established at the point when the function is +invoked, since this will affect what data the function can access. For this +reason, comments in the code, or ASSERTs that explicitly check lock state, +communicate what the locking state is expected and intended to be when that +code is invoked. See the macros defined to support this for Argo later in this +document. + + +## Macros to Validate and Document Lock State + +These macros encode the logic to verify that the locking has adhered to the +locking discipline. + +eg. On entry to logic that requires holding at least `R(rings_L2)`, this: + +`ASSERT(LOCKING_Read_rings_L2(d));` + +checks that the lock state is sufficient, validating that one of the following +must be true when executed: + +`R(rings_L2) && R(L1)` +or: `W(rings_L2) && R(L1)` +or: `W(L1)` + +The macros are defined thus: + +``` +#define LOCKING_Write_L1 (rw_is_write_locked(&L1_global_argo_rwlock)) +/* + * While LOCKING_Read_L1 will return true even if the lock is write-locked, + * that's OK because everywhere that a Read lock is needed with these macros, + * holding a Write lock there instead is OK too: we're checking that _at least_ + * the specified level of locks are held. + */ +#define LOCKING_Read_L1 (rw_is_locked(&L1_global_argo_rwlock)) + +#define LOCKING_Write_rings_L2(d) \ + ((LOCKING_Read_L1 && rw_is_write_locked(&(d)->argo->rings_L2_rwlock)) || \ + LOCKING_Write_L1) +/* + * Skip checking LOCKING_Write_rings_L2(d) within this LOCKING_Read_rings_L2 + * definition because the first clause that is testing R(L1) && R(L2) will also + * return true if R(L1) && W(L2) is true, because of the way that rw_is_locked + * behaves. This results in a slightly shorter and faster implementation. + */ +#define LOCKING_Read_rings_L2(d) \ + ((LOCKING_Read_L1 && rw_is_locked(&(d)->argo->rings_L2_rwlock)) || \ + LOCKING_Write_L1) +/* + * Skip checking LOCKING_Write_L1 within this LOCKING_L3 definition because + * LOCKING_Write_rings_L2(d) will return true for that condition. + */ +#define LOCKING_L3(d, r) \ + ((LOCKING_Read_L1 && rw_is_locked(&(d)->argo->rings_L2_rwlock) \ + && spin_is_locked(&(r)->L3_lock)) || LOCKING_Write_rings_L2(d)) + +#define LOCKING_send_L2(d) \ + ((LOCKING_Read_L1 && spin_is_locked(&(d)->argo->send_L2_lock)) || \ + LOCKING_Write_L1) +``` + +Here is an example of a macro in use: + +``` +static void +notify_ring(const struct domain *d, struct argo_ring_info *ring_info, + struct hlist_head *to_notify) +{ + uint32_t space; + + ASSERT(LOCKING_Read_rings_L2(d)); + + spin_lock(&ring_info->L3_lock); + + if ( ring_info->len ) + space = ringbuf_payload_space(d, ring_info); + else + space = 0; + + spin_unlock(&ring_info->L3_lock); + + if ( space ) + pending_find(d, ring_info, space, to_notify); +} + +``` + +In the above example, it can be seen that it is safe to acquire the `L3` lock +because _at least_ `R(rings_L2)` is already held, as documented and verified by +the macro. + +## FAQ / Other Considerations + +### Why not have a single per-domain lock? + +Due to performance isolation / DoS avoidance: if there is a single per-domain +lock, acquiring this lock will stall operations on other active rings owned by +the domain. A malicious domain can loop registering and unregistering rings, +without any consent by the targetted domain, which would experience decreased +throughput due to the contention on the single per-domain lock. The granular +locking structure of Argo prevents this. It also allows concurrent operation of +different rings by multiple VCPUs of the same domain without contention, to +avoid negative application performance interaction. + +## Rationale for Using a Singleton Global Lock: L1 + +### Teardown on domain destroy + +The single global lock enables exclusive access to the argo data structures +across domains when a domain is destroyed. Every unicast ring that the dying +domain is the authorized sender is torn down and any pending space-available +notifications in other domain's wildcard rings are cancelled. This requires +gaining safe access to the data structures on each of the domains involved. + +The 'send hashtable' data structure is needed in order to perform the teardown +of rings when a domain is destroyed. To populate it, whenever a unicast ring is +registered, the lock that protects that data structure must be taken +exclusively. + +There are granular per-domain locks which protect the per-domain data +structures. The global singleton L1 lock operates with-and-above the per-domain +locks and is used to obtain exclusive access to multiple domain's argo data +structures in the infrequent case where it is used -- for domain destroy -- +whilst otherwise allowing concurrent access, via acquiring it with 'read' +access, for the majority of the time. + +To perform the required state teardown on domain destruction, which can require +removing state from the data structures of multiple domains, a locking protocol +to obtain mutual exclusion and safe access to the state is required, without +deadlocking. + +Using the single global lock avoids the need for sequencing the acquisition of +multiple individual per-domain locks (and lower level data structure locks) to +prevent deadlock: taking W(L1) grants access to all and taking R(L1) ensures +that teardown of any domain will not interfere with any Argo hypercall +operation. It enables introducing granular locking without complex or +error-prone lock acquisition logic. + +# Related Material + +## Enabling Argo in Xen + +To enable Argo in a build of the Xen hypervisor, please ensure that +CONFIG_ARGO is enabled in the Xen hypervisor build configuration file. + +To make Argo available for use at runtime on a Xen system, please see the +Argo settings in the Xen command line documentation. + +## Linux Argo drivers + +A Linux kernel device driver for Argo and corresponding Linux userspace +software, libargo, that utilizes it for interdomain communication between +application level software is available and maintained by the OpenXT Project, +at: + +https://github.com/OpenXT/linux-xen-argo + +The repository contains the primary Linux kernel Argo driver, which is derived +from the original XenClient v4v driver. The document at the following link +describes planning and design notes from OpenXT community discussion for +improvements to the driver: + +https://openxt.atlassian.net/wiki/spaces/DC/pages/775389197/New+Linux+Driver+for+Argo + +An alternative Linux Argo driver is also available in the same repository, +implemented to explore a different approach for Linux to use the Argo +primitives under the Vsock address family to allow socket communication between +Xen domains. + +## v4v drivers + +A Windows driver for v4v has previously been used in XenClient and OpenXT +which could be ported to Argo. It may require update for compatibility with +recent versions of Windows software. + +https://github.com/OpenXT/xc-windows/tree/master/xenv4v + +The Linux, Windows and OSX guest tools for the Open Source HP uxen hypervisor +contain drivers for v4v which are relevant as code bases of interest for +porting or developing new guest OS drivers for Argo. + +https://github.com/uxen-virt/uxen/tree/ascara/vm-support + +# Future Work + +- Performance measurement and optimization +- Provide assurance of connection source context to destination +- Policy controls for reducing the duration of hypervisor mappings of +transmission rings, to improve resistance to data read attacks on +hypervisor memory diff --git a/src/xen/docs/designs/dmop.pandoc b/src/xen/docs/designs/dmop.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..49e52b1bcc3ed2b68c17b095d92a9efc4cad751d --- /dev/null +++ b/src/xen/docs/designs/dmop.pandoc @@ -0,0 +1,181 @@ +DMOP +==== + +Introduction +------------ + +The DMOP hypercall has a new ABI design to solve problems in the Xen +ecosystem. First, the ABI is fully stable, to reduce the coupling between +device models and the version of Xen. Specifically, device model software +using DMOP (be it user, stub domain or kernel software) need not be recompiled +to match the version of the running hypervisor. + +Secondly, for device models in userspace, the ABI is designed specifically to +allow a kernel to audit the memory ranges used, without having to know the +internal structure of sub-ops. + +The problem occurs when you a device model issues an hypercall that +includes references to user memory other than the operation structure +itself, such as with Track dirty VRAM (as used in VGA emulation). +Is this case, the address of this other user memory needs to be vetted, +to ensure it is not within restricted address ranges, such as kernel +memory. The real problem comes down to how you would vet this address - +the idea place to do this is within the privcmd driver, without privcmd +having to have specific knowledge of the hypercall's semantics. + +The Design +---------- + +The privcmd driver implements a new restriction ioctl, which takes a domid +parameter. After that restriction ioctl is issued, all unaudited operations +on the privcmd driver will cease to function, including regular hypercalls. +DMOP hypercalls will continue to function as they can be audited. + +A DMOP hypercall consists of a domid (which is audited to verify that it +matches any restriction in place) and an array of buffers and lengths, +with the first one containing the specific DMOP parameters. These can +then reference further buffers from within in the array. Since the only +user buffers passed are that found with that array, they can all can be +audited by privcmd. + +The following code illustrates this idea: + +struct xen_dm_op { + uint32_t op; +}; + +struct xen_dm_op_buf { + XEN_GUEST_HANDLE(void) h; + unsigned long size; +}; +typedef struct xen_dm_op_buf xen_dm_op_buf_t; + +enum neg_errnoval +HYPERVISOR_dm_op(domid_t domid, + xen_dm_op_buf_t bufs[], + unsigned int nr_bufs) + +@domid is the domain the hypercall operates on. +@bufs points to an array of buffers where @bufs[0] contains a struct +dm_op, describing the specific device model operation and its parameters. +@bufs[1..] may be referenced in the parameters for the purposes of +passing extra information to or from the domain. +@nr_bufs is the number of buffers in the @bufs array. + +It is forbidden for the above struct (xen_dm_op) to contain any guest +handles. If they are needed, they should instead be in +HYPERVISOR_dm_op->bufs. + +Validation by privcmd driver +---------------------------- + +If the privcmd driver has been restricted to specific domain (using a + new ioctl), when it received an op, it will: + +1. Check hypercall is DMOP. + +2. Check domid == restricted domid. + +3. For each @nr_bufs in @bufs: Check @h and @size give a buffer + wholly in the user space part of the virtual address space. (e.g. + Linux will use access_ok()). + + +Xen Implementation +------------------ + +Since a DMOP buffers need to be copied from or to the guest, functions for +doing this would be written as below. Note that care is taken to prevent +damage from buffer under- or over-run situations. If the DMOP is called +with incorrectly sized buffers, zeros will be read, while extra is ignored. + +static bool copy_buf_from_guest(xen_dm_op_buf_t bufs[], + unsigned int nr_bufs, void *dst, + unsigned int idx, size_t dst_size) +{ + size_t size; + + if ( idx >= nr_bufs ) + return false; + + memset(dst, 0, dst_size); + + size = min_t(size_t, dst_size, bufs[idx].size); + + return !copy_from_guest(dst, bufs[idx].h, size); +} + +static bool copy_buf_to_guest(xen_dm_op_buf_t bufs[], + unsigned int nr_bufs, unsigned int idx, + void *src, size_t src_size) +{ + size_t size; + + if ( idx >= nr_bufs ) + return false; + + size = min_t(size_t, bufs[idx].size, src_size); + + return !copy_to_guest(bufs[idx].h, src, size); +} + +This leaves do_dm_op easy to implement as below: + +static int dm_op(domid_t domid, + unsigned int nr_bufs, + xen_dm_op_buf_t bufs[]) +{ + struct domain *d; + struct xen_dm_op op; + bool const_op = true; + long rc; + + rc = rcu_lock_remote_domain_by_id(domid, &d); + if ( rc ) + return rc; + + if ( !is_hvm_domain(d) ) + goto out; + + rc = xsm_dm_op(XSM_DM_PRIV, d); + if ( rc ) + goto out; + + if ( !copy_buf_from_guest(bufs, nr_bufs, &op, 0, sizeof(op)) ) + { + rc = -EFAULT; + goto out; + } + + switch ( op.op ) + { + default: + rc = -EOPNOTSUPP; + break; + } + + if ( !rc && + !const_op && + !copy_buf_to_guest(bufs, nr_bufs, 0, &op, sizeof(op)) ) + rc = -EFAULT; + + out: + rcu_unlock_domain(d); + + return rc; +} + +long do_dm_op(domid_t domid, + unsigned int nr_bufs, + XEN_GUEST_HANDLE_PARAM(xen_dm_op_buf_t) bufs) +{ + struct xen_dm_op_buf nat[MAX_NR_BUFS]; + + if ( nr_bufs > MAX_NR_BUFS ) + return -EINVAL; + + if ( copy_from_guest_offset(nat, bufs, 0, nr_bufs) ) + return -EFAULT; + + return dm_op(domid, nr_bufs, nat); +} diff --git a/src/xen/docs/designs/launch/hyperlaunch-devicetree.rst b/src/xen/docs/designs/launch/hyperlaunch-devicetree.rst new file mode 100644 index 0000000000000000000000000000000000000000..b49c98cfbd0d576cc0b42f18a89080cfec7565e4 --- /dev/null +++ b/src/xen/docs/designs/launch/hyperlaunch-devicetree.rst @@ -0,0 +1,343 @@ +------------------------------------- +Xen Hyperlaunch Device Tree Bindings +------------------------------------- + +The Xen Hyperlaunch device tree adopts the dom0less device tree structure and +extends it to meet the requirements for the Hyperlaunch capability. The primary +difference is the introduction of the ``hypervisor`` node that is under the +``/chosen`` node. The move to a dedicated node was driven by: + +1. Reduces the need to walk over nodes that are not of interest, e.g. only + nodes of interest should be in ``/chosen/hypervisor`` + +2. Allows for the domain construction information to easily be sanitized by + simple removing the ``/chosen/hypervisor`` node. + +Example Configuration +--------------------- + +Below are two example device tree definitions for the hypervisor node. The +first is an example of a multiboot-based configuration for x86 and the second +is a module-based configuration for Arm. + +Multiboot x86 Configuration: +"""""""""""""""""""""""""""" + +:: + + hypervisor { + #address-cells = <1>; + #size-cells = <0>; + compatible = “hypervisor,xen” + + // Configuration container + config { + compatible = "xen,config"; + + module { + compatible = "module,microcode", "multiboot,module"; + mb-index = <1>; + }; + + module { + compatible = "module,xsm-policy", "multiboot,module"; + mb-index = <2>; + }; + }; + + // Boot Domain definition + domain { + compatible = "xen,domain"; + + domid = <0x7FF5>; + + // FUNCTION_NONE (0) + // FUNCTION_BOOT (1 << 0) + // FUNCTION_CRASH (1 << 1) + // FUNCTION_CONSOLE (1 << 2) + // FUNCTION_XENSTORE (1 << 30) + // FUNCTION_LEGACY_DOM0 (1 << 31) + functions = <0x00000001>; + + memory = <0x0 0x20000>; + cpus = <1>; + module { + compatible = "module,kernel", "multiboot,module"; + mb-index = <3>; + }; + + module { + compatible = "module,ramdisk", "multiboot,module"; + mb-index = <4>; + }; + module { + compatible = "module,config", "multiboot,module"; + mb-index = <5>; + }; + + // Classic Dom0 definition + domain { + compatible = "xen,domain"; + + domid = <0>; + + // PERMISSION_NONE (0) + // PERMISSION_CONTROL (1 << 0) + // PERMISSION_HARDWARE (1 << 1) + permissions = <3>; + + // FUNCTION_NONE (0) + // FUNCTION_BOOT (1 << 0) + // FUNCTION_CRASH (1 << 1) + // FUNCTION_CONSOLE (1 << 2) + // FUNCTION_XENSTORE (1 << 30) + // FUNCTION_LEGACY_DOM0 (1 << 31) + functions = <0xC0000006>; + + // MODE_PARAVIRTUALIZED (1 << 0) /* PV | PVH/HVM */ + // MODE_ENABLE_DEVICE_MODEL (1 << 1) /* HVM | PVH */ + // MODE_LONG (1 << 2) /* 64 BIT | 32 BIT */ + mode = <5>; /* 64 BIT, PV */ + + // UUID + domain-uuid = [B3 FB 98 FB 8F 9F 67 A3]; + + cpus = <1>; + memory = <0x0 0x20000>; + security-id = “dom0_t; + + module { + compatible = "module,kernel", "multiboot,module"; + mb-index = <6>; + bootargs = "console=hvc0"; + }; + module { + compatible = "module,ramdisk", "multiboot,module"; + mb-index = <7>; + }; + }; + +The multiboot modules supplied when using the above config would be, in order: + +* (the above config, compiled) +* CPU microcode +* XSM policy +* kernel for boot domain +* ramdisk for boot domain +* boot domain configuration file +* kernel for the classic dom0 domain +* ramdisk for the classic dom0 domain + +Module Arm Configuration: +""""""""""""""""""""""""" + +:: + + hypervisor { + compatible = “hypervisor,xen” + + // Configuration container + config { + compatible = "xen,config"; + + module { + compatible = "module,microcode”; + module-addr = <0x0000ff00 0x80>; + }; + + module { + compatible = "module,xsm-policy"; + module-addr = <0x0000ff00 0x80>; + + }; + }; + + // Boot Domain definition + domain { + compatible = "xen,domain"; + + domid = <0x7FF5>; + + // FUNCTION_NONE (0) + // FUNCTION_BOOT (1 << 0) + // FUNCTION_CRASH (1 << 1) + // FUNCTION_CONSOLE (1 << 2) + // FUNCTION_XENSTORE (1 << 30) + // FUNCTION_LEGACY_DOM0 (1 << 31) + functions = <0x00000001>; + + memory = <0x0 0x20000>; + cpus = <1>; + module { + compatible = "module,kernel"; + module-addr = <0x0000ff00 0x80>; + }; + + module { + compatible = "module,ramdisk"; + module-addr = <0x0000ff00 0x80>; + }; + module { + compatible = "module,config"; + module-addr = <0x0000ff00 0x80>; + }; + + // Classic Dom0 definition + domain@0 { + compatible = "xen,domain"; + + domid = <0>; + + // PERMISSION_NONE (0) + // PERMISSION_CONTROL (1 << 0) + // PERMISSION_HARDWARE (1 << 1) + permissions = <3>; + + // FUNCTION_NONE (0) + // FUNCTION_BOOT (1 << 0) + // FUNCTION_CRASH (1 << 1) + // FUNCTION_CONSOLE (1 << 2) + // FUNCTION_XENSTORE (1 << 30) + // FUNCTION_LEGACY_DOM0 (1 << 31) + functions = <0xC0000006>; + + // MODE_PARAVIRTUALIZED (1 << 0) /* PV | PVH/HVM */ + // MODE_ENABLE_DEVICE_MODEL (1 << 1) /* HVM | PVH */ + // MODE_LONG (1 << 2) /* 64 BIT | 32 BIT */ + mode = <5>; /* 64 BIT, PV */ + + // UUID + domain-uuid = [B3 FB 98 FB 8F 9F 67 A3]; + + cpus = <1>; + memory = <0x0 0x20000>; + security-id = “dom0_t”; + + module { + compatible = "module,kernel"; + module-addr = <0x0000ff00 0x80>; + bootargs = "console=hvc0"; + }; + module { + compatible = "module,ramdisk"; + module-addr = <0x0000ff00 0x80>; + }; + }; + +The modules that would be supplied when using the above config would be: + +* (the above config, compiled into hardware tree) +* CPU microcode +* XSM policy +* kernel for boot domain +* ramdisk for boot domain +* boot domain configuration file +* kernel for the classic dom0 domain +* ramdisk for the classic dom0 domain + +The hypervisor device tree would be compiled into the hardware device tree and +provided to Xen using the standard method currently in use. The remaining +modules would need to be loaded in the respective addresses specified in the +`module-addr` property. + + +The Hypervisor node +------------------- + +The hypervisor node is a top level container for the domains that will be built +by hypervisor on start up. On the ``hypervisor`` node the ``compatible`` +property is used to identify the type of hypervisor node present.. + +compatible + Identifies the type of node. Required. + +The Config node +--------------- + +A config node is for detailing any modules that are of interest to Xen itself. +For example this would be where Xen would be informed of microcode or XSM +policy locations. If the modules are multiboot modules and are able to be +located by index within the module chain, the ``mb-index`` property should be +used to specify the index in the multiboot module chain.. If the module will be +located by physical memory address, then the ``module-addr`` property should be +used to identify the location and size of the module. + +compatible + Identifies the type of node. Required. + +The Domain node +--------------- + +A domain node is for describing the construction of a domain. It may provide a +domid property which will be used as the requested domain id for the domain +with a value of “0” signifying to use the next available domain id, which is +the default behavior if omitted. A domain configuration is not able to request +a domid of “0”. After that a domain node may have any of the following +parameters, + +compatible + Identifies the type of node. Required. + +domid + Identifies the domid requested to assign to the domain. Required. + +permissions + This sets what Discretionary Access Control permissions + a domain is assigned. Optional, default is none. + +functions + This identifies what system functions a domain will fulfill. + Optional, the default is none. + +.. note:: The `functions` bits that have been selected to indicate + ``FUNCTION_XENSTORE`` and ``FUNCTION_LEGACY_DOM0`` are the last two bits + (30, 31) such that should these features ever be fully retired, the flags may + be dropped without leaving a gap in the flag set. + +mode + The mode the domain will be executed under. Required. + +domain-uuid + A globally unique identifier for the domain. Optional, + the default is NULL. + +cpus + The number of vCPUs to be assigned to the domain. Optional, + the default is “1”. + +memory + The amount of memory to assign to the domain, in KBs. + Required. + +security-id + The security identity to be assigned to the domain when XSM + is the access control mechanism being used. Optional, + the default is “domu_t”. + +The Module node +--------------- + +This node describes a boot module loaded by the boot loader. The required +compatible property follows the format: module, where type can be +“kernel”, “ramdisk”, “device-tree”, “microcode”, “xsm-policy” or “config”. In +the case the module is a multiboot module, the additional property string +“multiboot,module” may be present. One of two properties is required and +identifies how to locate the module. They are the mb-index, used for multiboot +modules, and the module-addr for memory address based location. + +compatible + This identifies what the module is and thus what the hypervisor + should use the module for during domain construction. Required. + +mb-index + This identifies the index for this module in the multiboot module chain. + Required for multiboot environments. + +module-addr + This identifies where in memory this module is located. Required for + non-multiboot environments. + +bootargs + This is used to provide the boot params to kernel modules. + +.. note:: The bootargs property is intended for situations where the same kernel multiboot module is used for more than one domain. diff --git a/src/xen/docs/designs/launch/hyperlaunch.rst b/src/xen/docs/designs/launch/hyperlaunch.rst new file mode 100644 index 0000000000000000000000000000000000000000..3bed36f976379f400496f74b74261bc9753c1872 --- /dev/null +++ b/src/xen/docs/designs/launch/hyperlaunch.rst @@ -0,0 +1,1007 @@ +########################### +Hyperlaunch Design Document +########################### + +.. sectnum:: :depth: 4 + +This post is a Request for Comment on the included v4 of a design document that +describes Hyperlaunch: a new method of launching the Xen hypervisor, relating +to dom0less and work from the Hyperlaunch project. We invite discussion of this +on this list, at the monthly Xen Community Calls, and at dedicated meetings on +this topic in the Xen Working Group which will be announced in advance on the +Xen Development mailing list. + + +.. contents:: :depth: 3 + + +Introduction +============ + +This document describes the design and motivation for the funded development of +a new, flexible system for launching the Xen hypervisor and virtual machines +named: "Hyperlaunch". + +The design enables seamless transition for existing systems that require a +dom0, and provides a new general capability to build and launch alternative +configurations of virtual machines, including support for static partitioning +and accelerated start of VMs during host boot, while adhering to the principles +of least privilege. It incorporates the existing dom0less functionality, +extended to fold in the new developments from the Hyperlaunch project, with +support for both x86 and Arm platform architectures, building upon and +replacing the earlier 'late hardware domain' feature for disaggregation of +dom0. + +Hyperlaunch is designed to be flexible and reusable across multiple use cases, +and our aim is to ensure that it is capable, widely exercised, comprehensively +tested, and well understood by the Xen community. + +Document Structure +================== + +This is the primary design document for Hyperlaunch, to provide an overview of +the feature. Separate additional documents will cover specific aspects of +Hyperlaunch in further detail, including: + + - The Device Tree specification for Hyperlaunch metadata + - New Domain Roles for Xen and the Xen Security Modules (XSM) policy + - Passthrough of PCI devices with Hyperlaunch + +Approach +======== + +Born out of improving support for Dynamic Root of Trust for Measurement (DRTM), +the Hyperlaunch project is focused on restructuring the system launch of Xen. +The Hyperlaunch design provides a security architecture that builds on the +principles of Least Privilege and Strong Isolation, achieving this through the +disaggregation of system functions. It enables this with the introduction of a +boot domain that works in conjunction with the hypervisor to provide the +ability to launch multiple domains as part of host boot while maintaining a +least privilege implementation. + +While the Hyperlaunch project inception was and continues to be driven by a +focus on security through disaggregation, there are multiple use cases with a +non-security focus that require or benefit from the ability to launch multiple +domains at host boot. This was proven by the need that drove the implementation +of the dom0less capability in the Arm branch of Xen. + +Hyperlaunch is designed to be flexible and reusable across multiple use cases, +and our aim is to ensure that it is capable, widely exercised, comprehensively +tested, and provides a robust foundation for current and emerging system launch +requirements of the Xen community. + + +Objectives +---------- + +* In general strive to maintain compatibility with existing Xen behavior +* A default build of the hypervisor should be capable of booting both legacy-compatible and new styles of launch: + + * classic Xen boot: starting a single, privileged Dom0 + * classic Xen boot with late hardware domain: starting a Dom0 that transitions hardware access/control to another domain + * a dom0less boot: starting multiple domains without privilege assignment controls + * Hyperlaunch: starting one or more VMs, with flexible configuration + +* Preferred that it be managed via KCONFIG options to govern inclusion of support for each style +* The selection between classic boot and Hyperlaunch boot should be automatic + + * Preferred that it not require a kernel command line parameter for selection + +* It should not require modification to boot loaders +* It should provide a user friendly interface for its configuration and management +* It must provide a method for building systems that fallback to console access in the event of misconfiguration +* It should be able to boot an x86 Xen environment without the need for a Dom0 domain + + +Requirements and Design +======================= + +Hyperlaunch is defined as the ability of a hypervisor to construct and start +one or more virtual machines at system launch in a specific way. A hypervisor +can support one or both modes of configuration, Hyperlaunch Static and +Hyperlaunch Dynamic. The Hyperlaunch Static mode functions as a static +partitioning hypervisor ensuring only the virtual machines started at system +launch are running on the system. The Hyperlaunch Dynamic mode functions as a +dynamic hypervisor allowing for additional virtual machines to be started after +the initial virtual machines have started. The Xen hypervisor is capable of +both modes of configuration from the same binary and when paired with its XSM +flask, provides strong controls that enable fine grained system partitioning. + +Hypervisor Launch Landscape +--------------------------- + +This comparison table presents the distinctive capabilities of Hyperlaunch with +reference to existing launch configurations currently available in Xen and +other hypervisors. + +:: + + +---------------+-----------+------------+-----------+-------------+---------------------+ + | **Xen Dom0** | **Linux** | **Late** | **Jail** | **Xen** | **Xen Hyperlaunch** | + | **(Classic)** | **KVM** | **HW Dom** | **house** | **dom0less**+---------+-----------+ + | | | | | | Static | Dynamic | + +===============+===========+============+===========+=============+=========+===========+ + | Hypervisor able to launch multiple VMs during host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | Y | Y | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Hypervisor supports Static Partitioning | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | Y | Y | Y | | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Able to launch VMs dynamically after host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Y | Y | Y* | Y | Y* | | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Supports strong isolation between all VMs started at host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | Y | Y | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Enables flexible sequencing of VM start during host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Prevent all-powerful static root domain being launched at boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | Y* | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Operates without a Highly-privileged management VM (eg. Dom0) | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | Y* | | Y* | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Operates without a privileged toolstack VM (Control Domain) | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | Y* | Y | | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Extensible VM configuration applied before launch of VMs at host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Flexible granular assignment of permissions and functions to VMs | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | Supports extensible VM measurement architecture for DRTM and attestation | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | PCI passthrough configured at host boot | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + | | | | | | Y | Y | + +---------------+-----------+------------+-----------+-------------+---------+-----------+ + + +Domain Construction +------------------- + +An important aspect of the Hyperlaunch architecture is that the hypervisor +performs domain construction for all the Initial Domains, ie. it builds each +domain that is described in the Launch Control Module. More specifically, the +hypervisor will perform the function of *domain creation* for each Initial +Domain: it allocates the unique domain identifier assigned to the virtual +machine and records essential metadata about it in the internal data structure +that enables scheduling the domain to run. It will also perform *basic domain +construction*: build the initial page tables with data from the kernel and +initial ramdisk supplied, and as appropriate for the domain type, populate the +p2m table and ACPI tables. + +Subsequent to this, the boot domain can apply additional configuration to the +initial domains from the data in the LCM, in *extended domain construction*. + +The benefits of this structure include: + +* Security: Contrains the permissions required by the boot domain: it does not + require the capability to create domains in this structure. This aligns with + the principles of least privilege. +* Flexibility: Enables policy-based dynamic assignment of hardware by the boot + domain, customizable according to use-case and able to adapt to hardware + discovery +* Compatibility: Supports reuse of familiar tools with use-case customized boot + domains. +* Commonality: Reuses the same logic for initial basic domain building across + diverse Xen deployments. + + * It aligns the x86 initial domain construction with the existing Arm + dom0less feature for construction of multiple domains at boot. + + * The boot domain implementation may vary significantly with different + deployment use cases, whereas the hypervisor implementation is common. + +* Correctness: Increases confidence in the implementation of domain + construction, since it is performed by the hypervisor in well maintained and + centrally tested logic. +* Performance: Enables launch for configurations where a fast start of + multiple domains at boot is a requirement. +* Capability: Supports launch of advanced configurations where a sequenced + start of multiple domains is required, or multiple domains are involved in + startup of the running system configuration + + * eg. for PCI passthrough on systems where the toolstack runs in a separate + domain to the hardware management. + +Please, see the ‘Hyperlaunch Device Tree’ design document, which describes the +configuration module that is provided to the hypervisor by the bootloader. + +The hypervisor determines how these domains are started as host boot completes: +in some systems the Boot Domain acts upon the extended boot configuration +supplied as part of launch, performing configuration tasks for preparing the +other domains for the hypervisor to commence running them. + +Common Boot Configurations +-------------------------- + +When looking across those that have expressed interest or discussed a need for +launching multiple domains at host boot, the Hyperlaunch approach is to provide +the means to start nearly any combination of domains. Below is an enumerated +selection of common boot configurations for reference in the following section. + +Dynamic Launch with a Highly-Privileged Domain 0 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Hyperlaunch Classic: Dom0 + This configuration mimics the classic Xen start and domain construction + where a single domain is constructed with all privileges and functions for + managing hardware and running virtualization toolstack software. + +Hyperlaunch Classic: Extended Launch Dom0 + This configuration is where a Dom0 is started via a Boot Domain that runs + first. This is for cases where some preprocessing in a less privileged domain + is required before starting the all-privileged Domain 0. + +Hyperlaunch Classic: Basic Cloud + This configuration constructs a Dom0 that is started in parallel with some + number of workload domains. + +Hyperlaunch Classic: Cloud + This configuration builds a Dom0 and some number of workload domains, launched + via a Boot Domain that runs first. + + +Static Launch Configurations: without a Domain 0 or a Control Domain +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Hyperlaunch Static: Basic + Simple static partitioning where all domains that can be run on this system are + built and started during host boot and where no domain is started with the + Control Domain permissions, thus making it not possible to create/start any + further new domains. + +Hyperlaunch Static: Standard + This is a variation of the “Hyperlaunch Static: Basic” static partitioning + configuration with the introduction of a Boot Domain. This configuration allows + for use of a Boot Domain to be able to apply extended configuration + to the Initial Domains before they are started and + sequence the order in which they start. + +Hyperlaunch Static: Disaggregated + This is a variation of the “Hyperlaunch Static: Standard” configuration with + the introduction of a Boot Domain and an illustration that some functions can + be disaggregated to dedicated domains. + +Dynamic Launch of Disaggregated System Configurations +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Hyperlaunch Dynamic: Hardware Domain + This configuration mimics the existing Xen feature late hardware domain with + the one difference being that the hardware domain is constructed by the + hypervisor at startup instead of later by Dom0. + +Hyperlaunch Dynamic: Flexible Disaggregation + This configuration is similar to the “Hyperlaunch Classic: Dom0” configuration + except that it includes starting a separate hardware domain during Xen startup. + It is also similar to “Hyperlaunch Dynamic: Hardware Domain” configuration, but + it launches via a Boot Domain that runs first. + +Hyperlaunch Dynamic: Full Disaggregation + In this configuration it is demonstrated how it is possible to start a fully + disaggregated system: the virtualization toolstack runs in a Control Domain, + separate from the domains responsible for managing hardware, XenStore, the Xen + Console and Crash functions, each launched via a Boot Domain. + + +Example Use Cases and Configurations +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following example use cases can be matched to configurations listed in the +previous section. + +Use case: Modern cloud hypervisor +""""""""""""""""""""""""""""""""" + +**Option:** Hyperlaunch Classic: Cloud + +This configuration will support strong isolation for virtual TPM domains and +measured launch in support of attestation to infrastructure management, while +allowing the use of existing Dom0 virtualization toolstack software. + +Use case: Edge device with security or safety requirements +"""""""""""""""""""""""""""""""""""""""""""""""""""""""""" + +**Option:** Hyperlaunch Static: Boot + +This configuration runs without requiring a highly-privileged Dom0, and enables +extended VM configuration to be applied to the Initial VMs prior to launching +them, optionally in a sequenced start. + +Use case: Client hypervisor +""""""""""""""""""""""""""" + +**Option:** Hyperlaunch Dynamic: Flexible Disaggregation + +**Option:** Hyperlaunch Dynamic: Full Disaggregation + +These configurations enable dynamic client workloads, strong isolation for the +domain running the virtualization toolstack software and each domain managing +hardware, with PCI passthrough performed during host boot and support for +measured launch. + +Hyperlaunch Disaggregated Launch +-------------------------------- + + +Existing in Xen today are two primary permissions, *control domain* and +*hardware domain*, and two functions, *console domain* and *xenstore domain*, +that can be assigned to a domain. Traditionally all of these permissions and +functions are all assigned to Dom0 at start and can then be delegated to other +domains created by the toolstack in Dom0. With Hyperlaunch it becomes possible +to assign these permissions and functions to any domain for which there is a +definition provided at startup. + +Additionally, two further functions are introduced: the *recovery domain*, +intended to assist with recovery from failures encountered starting VMs during +host boot, and the *boot domain*, for performing aspects of domain construction +during startup. + +Supporting the booting of each of the above common boot configurations is +accomplished by considering the set of initial domains and the assignment of +Xen’s permissions and functions, including the ones introduced by Hyperlaunch, +to these domains. A discussion of these will be covered later but for now they +are laid out in a table with a mapping to the common boot configurations. This +table is not intended to be an exhaustive list of configurations and does not +account for flask policy specified functions that are use case specific. + +In the table each number represents a separate domain being +constructed by the Hyperlaunch construction path as Xen starts, and the +designator, ``{n}`` signifies that there may be “n” additional domains that may +be constructed that do not have any special role for a general Xen system. + +:: + + +-------------------+------------------+-----------------------------------+ + | Configuration | Permission | Function | + | +------+------+----+------+--------+--------+----------+ + | | None | Ctrl | HW | Boot |Recovery| Console| Xenstore | + +===================+======+======+====+======+========+========+==========+ + | Classic: Dom0 | | 0 | 0 | | 0 | 0 | 0 | + +-------------------+------+------+----+------+--------+--------+----------+ + | Classic: Extended | | 1 | 1 | 0 | 1 | 1 | 1 | + | Launch Dom0 | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Classic: | {n} | 0 | 0 | | 0 | 0 | 0 | + | Basic Cloud | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Classic: Cloud | {n} | 1 | 1 | 0 | 1 | 1 | 1 | + +-------------------+------+------+----+------+--------+--------+----------+ + | Static: Basic | {n} | | 0 | | 0 | 0 | 0 | + +-------------------+------+------+----+------+--------+--------+----------+ + | Static: Standard | {n} | | 1 | 0 | 1 | 1 | 1 | + +-------------------+------+------+----+------+--------+--------+----------+ + | Static: | {n} | | 2 | 0 | 3 | 4 | 1 | + | Disaggregated | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Dynamic: | | 0 | 1 | | 0 | 0 | 0 | + | Hardware Domain | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Dynamic: Flexible | {n} | 1 | 2 | 0 | 1 | 1 | 1 | + | Disaggregation | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + | Dynamic: Full | {n} | 2 | 3 | 0 | 4 | 5 | 1 | + | Disaggregation | | | | | | | | + +-------------------+------+------+----+------+--------+--------+----------+ + +Overview of Hyperlaunch Flow +---------------------------- + +Before delving into Hyperlaunch, a good basis to start with is an understanding +of the current process to create a domain. A way to view this process starts +with the core configuration which is the information the hypervisor requires to +make the call to `domain_create`, followed by basic construction to provide the +memory image to run, including the kernel and ramdisk. A subsequent step +applies the extended configuration used by the toolstack to provide a domain +with any additional configuration information. Until the extended configuration +is completed, a domain has access to no resources except its allocated vcpus +and memory. The exception to this is Dom0, which the hypervisor explicitly +grants control and access to all system resources, except for those that only +the hypervisor should have control over. This exception for Dom0 is driven by +the system structure with a monolithic Dom0 domain predating introduction of +support for disaggregation into Xen, and the corresponding default assignment +of multiple roles within the Xen system to Dom0. + +While not a different domain creation path, there does exist the Hardware +Domain (hwdom), sometimes also referred to as late-Dom0. It is an early effort +to disaggregate Dom0’s roles into a separate control domain and hardware +domain. This capability is activated by the passing of a domain id to the +`hardware_dom` kernel command line parameter, and the Xen hypervisor will then +flag that domain id as the hardware domain. Later when the toolstack constructs +a domain with that domain id as the requested domid, the hypervisor will +transfer all device I/O from Dom0 to this domain. In addition it will also +transfer the “host shutdown on domain shutdown” flag from Dom0 to the hardware +domain. It is worth mentioning that this approach for disaggregation was +created in this manner due to the inability of Xen to launch more than one +domain at startup. + +Hyperlaunch Xen startup +^^^^^^^^^^^^^^^^^^^^^^^ + +The Hyperlaunch approach’s primary focus is on how to assign the roles +traditionally granted to Dom0 to one or more domains at host boot. While the +statement is simple to make, the implications are not trivial by any means. +This also explains why the Hyperlaunch approach is orthogonal to the existing +dom0less capability. The dom0less capability focuses on enabling the launch of +multiple domains in parallel with Dom0 at host boot. A corollary for dom0less +is that for systems that don’t require Dom0 after all guest domains have +started, they are able to do the host boot without a Dom0. Though it should be +noted that it may be possible to start Dom0 at a later point. Whereas with +Hyperlaunch, its approach of separating Dom0’s roles requires the ability to +launch multiple domains at host boot. The direct consequences from this +approach are profound and provide a myriad of possible configurations for which +a sample of common boot configurations were already presented. + +To enable the Hyperlaunch approach a new alternative path for host boot within +the hypervisor must be introduced. This alternative path effectively branches +just before the current point of Dom0 construction and begins an alternate +means of system construction. The determination if this alternate path should +be taken is through the inspection of the boot chain. If the bootloader has +loaded a specific configuration, as described later, it will enable Xen to +detect that a Hyperlaunch configuration has been provided. Once a Hyperlaunch +configuration is detected, this alternate path can be thought of as occurring +in phases: domain creation, domain preparation, and launch finalization. + +Domain Creation +""""""""""""""" + +The domain creation phase begins with Xen parsing the bootloader provided +material, to understand the content of the modules provided. It will then load +any microcode or XSM policy it discovers. For each domain configuration Xen +finds, it parses the configuration to construct the necessary domain definition +to instantiate an instance of the domain and leave it in a paused state. When +all domain configurations have been instantiated as domains, if one of them is +flagged as the Boot Domain, that domain will be unpaused starting the domain +preparation phase. If there is no Boot Domain defined, then the domain +preparation phase will be skipped and Xen will trigger the launch finalization +phase. + +Domain Preparation Phase +"""""""""""""""""""""""" + +The domain preparation phase is an optional check point for the execution of a +workload specific domain, the Boot Domain. While the Boot Domain is the first +domain to run and has some degree of control over the system, it is extremely +restricted in both system resource access and hypervisor operations. Its +purpose is to: + +* Access the configuration provided by the bootloader +* Finalize the configuration of the domains +* Conduct any setup and launch related operations +* Do an ordered unpause of domains that require an ordered start + +When the Boot Domain has completed, it will notify the hypervisor that it is +done triggering the launch finalization phase. + + +Launch Finalization +""""""""""""""""""" + +The hypervisor handles the launch finalization phase which is equivalent to the +clean up phase. As such the steps taken by the hypervisor, not necessarily in +implementation order, are as follows, + +* Free the boot module chain +* If a Boot Domain was used, reclaim Boot Domain resources +* Unpause any domains still in a paused state +* Boot Domain uses a reserved function thus can never be respawned + +While the focus thus far has been on how the Hyperlaunch capability will work, +it is worth mentioning what it does not do or limit from occurring. It does not +stop or inhibit the assigning of the control domain role which gives the domain +the ability to create, start, stop, restart, and destroy domains or the +hardware domain role which gives access to all I/O devices except those that +the hypervisor has reserved for itself. In particular it is still possible to +construct a domain with all the privileged roles, i.e. a Dom0, with or without +the domain id being zero. In fact what limitations are imposed now become fully +configurable without the risk of circumvention by an all privileged domain. + +Structuring of Hyperlaunch +-------------------------- + +The structure of Hyperlaunch is built around the existing capabilities of the +host boot protocol. This approach was driven by the objective not to require +modifications to the boot loader. The only requirement is that the boot loader +supports the Multiboot2 (MB2) protocol. For UEFI boot, our recommendation is to +use GRUB.efi to load Xen and the initial domain materials via the multiboot2 +method. On Arm platforms, Hyperlaunch is compatible with the existing interface +for boot into the hypervisor. + + +x86 Multiboot2 +^^^^^^^^^^^^^^ + +The MB2 protocol has no concept of a manifest to tell the initial kernel what +is contained in the chain, leaving it to the kernel to impose a loading +convention, use magic number identification, or both. When considering the +passing of multiple kernels, ramdisks, and domain configuration along with any +existing modules already passed, there is no sane convention that could be +imposed and magic number identification is nearly impossible when considering +the objective not to impose unnecessary complication to the hypervisor. + +As it was alluded to previously, a manifest describing the contents in the MB2 +chain and how they relate within a Xen context is needed. To address this need +the Launch Control Module (LCM) was designed to provide such a manifest. The +LCM was designed to have a specific set of properties, + +* minimize the complexity of the parsing logic required by the hypervisor +* allow for expanding and optional configuration fragments without breaking + backwards compatibility + +To enable automatic detection of a Hyperlaunch configuration, the LCM must be +the first MB2 module in the MB2 module chain. The LCM is implemented using the +Device Tree as defined in the Hyperlaunch Device Tree design document. With the +LCM implemented in Device Tree, it has a magic number that enables the +hypervisor to detect its presence when used in a Multiboot2 module chain. The +hypervisor can confirm that it is a proper LCM Device Tree by checking for a +compliant Hyperlaunch Device Tree. The Hyperlaunch Device Tree nodes are +designed to allow, + +* for the hypervisor to parse only those entries it understands, +* for packing custom information for a custom boot domain, +* the ability to use a new LCM with an older hypervisor, +* and the ability to use an older LCM with a new hypervisor. + +Arm Device Tree +^^^^^^^^^^^^^^^ + +As discussed the LCM is in Device Tree format and was designed to co-exist in +the Device Tree ecosystem, and in particular in parallel with dom0less Device +Tree entries. On Arm, Xen is already designed to boot from a host Device Tree +description (dtb) file and the LCM entries can be embedded into this host dtb +file. This makes detecting the LCM entries and supporting Hyperlaunch on Arm +relatively straight forward. Relative to the described x86 approach, at the +point where Xen inspects the first MB2 module, on Arm Xen will check if the top +level LCM node exists in the host dtb file. If the LCM node does exist, then at +that point it will enter into the same code path as the x86 entry would go. + +Xen hypervisor +^^^^^^^^^^^^^^ + +It was previously discussed at a higher level of the new host boot flow that +will be introduced. Within this new flow is the configuration parsing and +domain creation phase which will be expanded upon here. The hypervisor will +inspect the LCM for a config node and if found will iterate through all modules +nodes. The module nodes are used to identify if any modules contain microcode +or an XSM policy. As it processes domain nodes, it will construct the domain +using the node properties and the modules nodes. Once it has completed +iterating through all the entries in the LCM, if a constructed domain has the +Boot Domain attribute, it will then be unpaused. Otherwise the hypervisor will +start the launch finalization phase. + +Boot Domain +^^^^^^^^^^^ + +Traditionally domain creation was controlled by the user within the Dom0 +environment whereby custom toolstacks could be implemented to impose +requirements on the process. The Boot Domain is a means to enable the user to +continue to maintain a degree of that control over domain creation but within a +limited privilege environment. The Boot Domain will have access to the LCM and +the boot chain along with access to a subset of the hypercall operations. When +the Boot Domain is finished it will notify the hypervisor through a hypercall +op. + +Recovery Domain +^^^^^^^^^^^^^^^ + +With the existing Dom0 host boot path, when a failure occurs there are several +assumptions that can safely be made to get the user to a console for +troubleshooting. With the Hyperlaunch host boot path those assumptions can no +longer be made, thus a means is needed to get the user to a console in the case +of a recoverable failure. The recovery domain is configured by a domain +configuration entry in the LCM, in the same manner as the other initial +domains, and it will not be unpaused at launch finalization unless a failure is +encountered starting the initial domains. + +Xen has existing support for a Crash Environment where memory can be reserved +at host boot and a kernel loaded into it, to be jumped into at any point while +the system is running when a crash is detected. The Recovery Domain +functionality is a separate, complementary capability. The Crash Environment +replaces the previously active hypervisor and running guests, and enables a +process for mounting disks to write out log information prior to rebooting the +system. In contrast, the Recovery Domain is able to use the functionality of +the Xen hypervisor, that is still present and running, to perform recovery +handling for errors encountered with starting the initial domains. + +Deferred Design +""""""""""""""" + +To be determined: + +* Define what is detected as a crash +* Explain how crash detection is performed and which components are involved +* Explain how the recovery domain is unpaused +* Explain how and when the resources assigned to the recovery domain are reclaimed +* Define what the recovery domain is able to do +* Determine what permissions the recovery domain requires to perform its job + + +Control Domain +^^^^^^^^^^^^^^ + +The concept of the Control Domain already exists within Xen as a boolean, +`is_privileged`, that governs access to many of the privileged interfaces of +the hypervisor that support a domain running a virtualization system toolstack. +Hyperlaunch will allow the `is_privileged` flag to be set on any domain that is +created at launch, rather than only a Dom0. It may potentially be set on +multiple domains. + +Hardware Domain +^^^^^^^^^^^^^^^ + +The Hardware Domain is also an existing concept for Xen that is enabled through +the `is_hardware_domain` check. With Hyperlaunch the previous process of I/O +accesses being assigned to Dom0 for later transfer to the hardware domain would +no longer be required. Instead during the configuration phase the Xen +hypervisor would directly assign the I/O accesses to the domain with the +hardware domain permission bit enabled. + +Console Domain +^^^^^^^^^^^^^^ + +Traditionally the Xen console is assigned to the control domain and then +reassignable by the toolstack to another domain. With Hyperlaunch it becomes +possible to construct a boot configuration where there is no control domain or +have a use case where the Xen console needs to be isolated. As such it becomes +necessary to be able to designate which of the initial domains should be +assigned the Xen console. Therefore Hyperlaunch introduces the ability to +specify an initial domain which the console is assigned along with a convention +of ordered assignment for when there is no explicit assignment. + +Communication of Domain Configurations +====================================== + +There are several standard methods for an Operating System to access machine +configuration and environment information: ACPI is common on x86 systems, +whereas Device Tree is more typical on Arm platforms. There are currently +implementations of both in Xen. + +* For dom0less, guest Device Trees are dynamically constructed by the + hypervisor to convey domain configuration data + +* For PVH dom0 on x86, ACPI tables are built by the hypervisor before the + domain is started + +Note that both of these mechanisms convey static data that is fixed prior to +the point of domain construction. Hyperlaunch will retain both the existing +ACPI and Device Tree methods. + +Communication of data between a Boot Domain and a Control Domain is of note +since they may not be running concurrently: the method used will depend on +their specific implementations, but one option available is to use Xen’s hypfs +for transfer of basic data to support system bootstrap. + +------------------------------------------------------------------------------- + +Appendix +======== + +Appendix 1: Flow Sequence of Steps of a Hyperlaunch Boot +-------------------------------------------------------- + +Provided here is an ordered flow of a Hyperlaunch with a highlight logic +decision points. Not all branch points are recorded, specifically for the +variety of error conditions that may occur. :: + + 1. Hypervisor Startup: + 2a. (x86) Inspect first module provided by the bootloader + a. Is the module an LCM + i. YES: proceed with the Hyperlaunch host boot path + ii. NO: proceed with a Dom0 host boot path + 2b. (Arm) Inspect host dtb for `/chosen/hypervisor` node + a. Is the LCM present + i. YES: proceed with the Hyperlaunch host boot path + ii. NO: proceed with a Dom0/dom0less host boot path + 3. Iterate through the LCM entries looking for the module description + entry + a. Check if any of the modules are microcode or policy and if so, + load + 4. Iterate through the LCM entries processing all domain description + entries + a. Use the details from the Basic Configuration to call + `domain_create` + b. Record if a domain is flagged as the Boot Domain + c. Record if a domain is flagged as the Recovery Domain + 5. Was a Boot Domain created + a. YES: + i. Attach console to Boot Domain + ii. Unpause Boot Domain + iii. Goto Boot Domain (step 6) + b. NO: Goto Launch Finalization (step 10) + 6. Boot Domain: + 7. Boot Domain comes online and may do any of the following actions + a. Process the LCM + b. Validate the MB2 chain + c. Make additional configuration settings for staged domains + d. Unpause any precursor domains + e. Set any runtime configurations + 8. Boot Domain does any necessary cleanup + 9. Boot Domain make hypercall op call to signal it is finished + i. Hypervisor reclaims all Boot Domain resources + ii. Hypervisor records that the Boot Domain ran + ii. Goto Launch Finalization (step 9) + 10. Launch Finalization + 11. If a configured domain was flagged to have the console, the + hypervisor assigns it + 12. The hypervisor clears the LCM and bootloader loaded module, + reclaiming the memory + 13. The hypervisor iterates through domains unpausing any domain not + flagged as the recovery domain + + +Appendix 2: Considerations in Naming the Hyperlaunch Feature +------------------------------------------------------------ + +* The term “Launch” is preferred over “Boot” + + * Multiple individual component boots can occur in the new system start + process; Launch is preferable for describing the whole process + * Fortunately there is consensus in the current group of stakeholders + that the term “Launch” is good and appropriate + +* The names we define must support becoming meaningful and simple to use + outside the Xen community + + * They must be able to be resolved quickly via search engine to a clear + explanation (eg. Xen marketing material, documentation or wiki) + * We prefer that the terms be helpful for marketing communications + * Consequence: avoid the term “domain” which is Xen-specific and + requires a definition to be provided each time when used elsewhere + + +* There is a need to communicate that Xen is capable of being used as a Static + Partitioning hypervisor + + * The community members using and maintaining dom0less are the current + primary stakeholders for this + +* There is a need to communicate that the new launch functionality provides new + capabilities not available elsewhere, and is more than just supporting Static + Partitioning + + * No other hypervisor known to the authors of this document is capable + of providing what Hyperlaunch will be able to do. The launch sequence is + designed to: + + * Remove dependency on a single, highly-privileged initial domain + * Allow the initial domains started to be independent and fully + isolated from each other + * Support configurations where no further VMs can be launched + once the initial domains have started + * Use a standard, extensible format for conveying VM + configuration data + * Ensure that domain building of all initial domains is + performed by the hypervisor from materials supplied by the + bootloader + * Enable flexible configuration to be applied to all initial + domains by an optional Boot Domain, that runs with limited + privilege, before any other domain starts and obtains the VM + configuration data from the bootloader materials via the + hypervisor + * Enable measurements of all of the boot materials prior to + their use, in a sequence with minimized privilege + * Support use-case-specific customized Boot Domains + * Complement the hypervisor’s existing ability to enforce + policy-based Mandatory Access Control + + +* “Static” and “Dynamic” have different and important meanings in different + communities + + * Static and Dynamic Partitioning describe the ability to create new + virtual machines, or not, after the initial host boot process + completes + * Static and Dynamic Root of Trust describe the nature of the trust + chain for a measured launch. In this case Static is referring to the + fact that the trust chain is fixed and non-repeatable until the next + host reboot or shutdown. Whereas Dynamic in this case refers to the + ability to conduct the measured launch at any time and potentially + multiple times before the next host reboot or shutdown. + + * We will be using Hyperlaunch with both Static and Dynamic + Roots of Trust, to launch both Static and Dynamically + Partitioned Systems, and being clear about exactly which + combination is being started will be very important (eg. for + certification processes) + + * Consequence: uses of “Static” and “Dynamic” need to be qualified if + they are incorporated into the naming of this functionality + + * This can be done by adding the preceding, stronger branded + term: “Hyperlaunch”, before “Static” or “Dynamic” + * ie. “Hyperlaunch Static” describes launch of a + Statically Partitioned system + * and “Hyperlaunch Dynamic” describes launch of a + Dynamically Partitioned system. + * In practice, this means that “Hyperlaunch Static” describes + starting a Static Partitioned system where no new domains can + be started later (ie. no VM has the Control Domain + permission), whereas “Hyperlaunch Dynamic” will launch some + VM with the Control Domain permission, able to create VMs + dynamically at a later point. + +**Naming Proposal:** + +* New Term: “Hyperlaunch” : the ability of a hypervisor to construct and start + one or more virtual machines at system launch, in the following manner: + + * The hypervisor must build all of the domains that it starts at host + boot + + * Similar to the way the dom0 domain is built by the hypervisor + today, and how dom0less works: it will run a loop to build + them all, driven from the configuration provided + * This is a requirement for ensuring that there is Strong + Isolation between each of the initial VMs + + * A single file contains the VM configs (“Launch Control Module”: LCM, + in Device Tree binary format) is provided to the hypervisor + + * The hypervisor parses it and builds domains + * If the LCM config says that a Boot Domain should run first, + then the LCM file itself is made available to the Boot Domain + for it to parse and act on, to invoke operations via the + hypervisor to apply additional configuration to the other VMs + (ie. executing a privilege-constrained toolstack) + +* New Term: “Hyperlaunch Static”: starts a Static Partitioned system, where + only the virtual machines started at system launch are running on the system + +* New Term: “Hyperlaunch Dynamic”: starts a system where virtual machines may + be dynamically added after the initial virtual machines have started. + + +In the default configuration, Xen will be capable of both styles of Hyperlaunch +from the same hypervisor binary, when paired with its XSM flask, provides +strong controls that enable fine grained system partitioning. + + +* Retiring Term: “DomB”: will no longer be used to describe the optional first + domain that is started. It is replaced with the more general term: “Boot + Domain”. + +* Retiring Term: “Dom0less”: it is to be replaced with “Hyperlaunch Static” + + +Appendix 3: Terminology +----------------------- + +To help ensure clarity in reading this document, the following is the +definition of terminology used within this document. + + +Basic Configuration + the minimal information the hypervisor requires to instantiate a domain instance + + +Boot Domain + a domain with limited privileges launched by the hypervisor during a + Multiple Domain Boot that runs as the first domain started. In the Hyperlaunch + architecture, it is responsible for assisting with higher level operations of + the domain setup process. + + +Classic Launch + a backwards-compatible host boot that ends with the launch of a single domain (Dom0) + + +Console Domain + a domain that has the Xen console assigned to it + + +Control Domain + a privileged domain that has been granted Control Domain permissions which + are those that are required by the Xen toolstack for managing other domains. + These permissions are a subset of those that are granted to Dom0. + + +Device Tree + a standardized data structure, with defined file formats, for describing + initial system configuration + + +Disaggregation + the separation of system roles and responsibilities across multiple + connected components that work together to provide functionality + + +Dom0 + the highly-privileged, first and only domain started at host boot on a + conventional Xen system + + +Dom0less + an existing feature of Xen on Arm that provides Multiple Domain Boot + + +Domain + a running instance of a virtual machine; (as the term is commonly used in + the Xen Community) + +DomB +  the former name for Hyperlaunch + + +Extended Configuration + any configuration options for a domain beyond its Basic Configuration + + +Hardware Domain + a privileged domain that has been granted permissions to access and manage + host hardware. These permissions are a subset of those that are granted to + Dom0. + + +Host Boot + the system startup of Xen using the configuration provided by the bootloader + + +Hyperlaunch + a flexible host boot that ends with the launch of one or more domains + + +Initial Domain + a domain that is described in the LCM that is run as part of a multiple + domain boot. This includes the Boot Domain, Recovery Domain and all Launched + Domains. + + +Late Hardware Domain + a Hardware Domain that is launched after host boot has already completed + with a running Dom0. When the Late Hardware Domain is started, Dom0 + relinquishes and transfers the permissions to access and manage host hardware + to it.. + + +Launch Control Module (LCM) + A file supplied to the hypervisor by the bootloader that contains + configuration data for the hypervisor and the initial set of virtual machines + to be run at boot + + +Launched Domain + a domain, aside from the boot domain and recovery domain, that is started as + part of a multiple domain boot and remains running once the boot process is + complete + + +Multiple Domain Boot + a system configuration where the hypervisor and multiple virtual machines + are all launched when the host system hardware boots + + +Recovery Domain + an optional fallback domain that the hypervisor may start in the event of a + detectable error encountered during the multiple domain boot process + + +System Device Tree + this is the product of an Arm community project to extend Device Tree to + cover more aspects of initial system configuration + + +Appendix 4: Copyright License +----------------------------- + +This work is licensed under a Creative Commons Attribution 4.0 International +License. A copy of this license may be obtained from the Creative Commons +website (https://creativecommons.org/licenses/by/4.0/legalcode). + +| Contributions by: +| Christopher Clark are Copyright © 2021 Star Lab Corporation +| Daniel P. Smith are Copyright © 2021 Apertus Solutions, LLC diff --git a/src/xen/docs/designs/non-cooperative-migration.md b/src/xen/docs/designs/non-cooperative-migration.md new file mode 100644 index 0000000000000000000000000000000000000000..4b876d809fb5b8aac02d29fd7760a5c0d5b86d87 --- /dev/null +++ b/src/xen/docs/designs/non-cooperative-migration.md @@ -0,0 +1,280 @@ +# Non-Cooperative Migration of Guests on Xen + +## Background + +The normal model of migration in Xen is driven by the guest because it was +originally implemented for PV guests, where the guest must be aware it is +running under Xen and is hence expected to co-operate. This model dates from +an era when it was assumed that the host administrator had control of at +least the privileged software running in the guest (i.e. the guest kernel) +which may still be true in an enterprise deployment but is not generally +true in a cloud environment. The aim of this design is to provide a model +which is purely host driven, requiring no co-operation from the software +running in the guest, and is thus suitable for cloud scenarios. + +PV guests are out of scope for this project because, as is outlined above, +they have a symbiotic relationship with the hypervisor and therefore a +certain level of co-operation is required. + +x86 HVM guests can already be migrated on Xen without guest co-operation +but only if they don’t have PV drivers installed[1] or are not in ACPI +power state S0. The reason for not expecting co-operation if the guest is +any sort of suspended state is obvious, but the reason co-operation is +expected if PV drivers are installed is due to the nature of PV protocols. + +## Xenstore Nodes and Domain ID + +The PV driver model consists of a *frontend* and a *backend*. The frontend +runs inside the guest domain and the backend runs inside a *service domain* +which may or may not be domain 0. The frontend and backend typically pass +data via memory pages which are shared between the two domains, but this +channel of communication is generally established using xenstore (the store +protocol itself being an exception to this for obvious chicken-and-egg +reasons). + +Typical protocol establishment is based on use of two separate xenstore +*areas*. If we consider PV drivers for the *netif* protocol (i.e. class vif) +and assume the guest has domid X, the service domain has domid Y, and the +vif has index Z then the frontend area will reside under the parent node: + +`/local/domain/Y/device/vif/Z` + +All backends, by convention, typically reside under parent node: + +`/local/domain/X/backend` + +and the normal backend area for vif Z would be: + +`/local/domain/X/backend/vif/Y/Z` + +but this should not be assumed. + +The toolstack will place two nodes in the frontend area to explicitly locate +the backend: + + * `backend`: the fully qualified xenstore path of the backend area + * `backend-id`: the domid of the service domain + +and similarly two nodes in the backend area to locate the frontend area: + + * `frontend`: the fully qualified xenstore path of the frontend area + * `frontend-id`: the domid of the guest domain + + +The guest domain only has write permission to the frontend area and +similarly the service domain only has write permission to the backend area, +but both ends have read permission to both areas. + +Under both frontend and backend areas is a node called *state*. This is key +to protocol establishment. Upon PV device creation the toolstack will set +the value of both state nodes to 1 (XenbusStateInitialising[2]). This +should cause enumeration of appropriate devices in both the guest and +service domains. The backend device, once it has written any necessary +protocol specific information into the xenstore backend area (to be read +by the frontend driver) will update the backend state node to 2 +(XenbusStateInitWait). From this point on PV protocols differ slightly; the +following illustration is true of the netif protocol. + +Upon seeing a backend state value of 2, the frontend driver will then read +the protocol specific information, write details of grant references (for +shared pages) and event channel ports (for signalling) that it has created, +and set the state node in the frontend area to 4 (XenbusStateConnected). +Upon see this frontend state, the backend driver will then read the grant +references (mapping the shared pages) and event channel ports (opening its +end of them) and set the state node in the backend area to 4. Protocol +establishment is now complete and the frontend and backend start to pass +data. + +Because the domid of both ends of a PV protocol forms a key part of +negotiating the data plane for that protocol (because it is encoded into +both xenstore nodes and node paths), and because guest’s own domid and the +domid of the service domain are visible to the guest in xenstore (and hence +ay cached internally), and neither are necessarily preserved during +migration, it is hence necessary to have the co-operation of the frontend +in re-negotiating the protocol using the new domid after migration. + +Moreover the backend-id value will be used by the frontend driver in +setting up grant table entries and event channels to communicate with the +service domain, so the co-operation of the guest is required to +re-establish these in the new host environment after migration. + +Thus if we are to change the model and support migration of a guest with PV +drivers, without the co-operation of the frontend driver code, the paths and +values in both the frontend and backend xenstore areas must remain unchanged +and valid in the new host environment, and the grant table entries and event +channels must be preserved (and remain operational once guest execution is +resumed). + +Because the service domain’s domid is used directly by the guest in setting +up grant entries and event channels, the backend drivers in the new host +environment must be provided by service domain with the same domid. Also, +because the guest can sample its own domid from the frontend area and use +it in hypercalls (e.g. HVMOP_set_param) rather than DOMID_SELF, the guest +domid must also be preserved to maintain the ABI. + +Furthermore, it will necessary to modify backend drivers to re-establish +communication with frontend drivers without perturbing the content of the +backend area or requiring any changes to the values of the xenstore state +nodes. + +## Other Para-Virtual State + +### Shared Rings + +Because the console and store protocol shared pages are actually part of +the guest memory image (in an E820 reserved region just below 4G in x86 +VMs) then the content will get migrated as part of the guest memory image. +Hence no additional code is require to prevent any guest visible change in +the content. + +### Shared Info + +There is already a record defined in *libxenctrl Domain Image Format* [3] +called `SHARED_INFO` which simply contains a complete copy of the domain’s +shared info page. It is not currently incuded in an HVM (type `0x0002`) +migration stream. It may be feasible to include it as an optional record +but it is not clear that the content of the shared info page ever needs +to be preserved for an HVM guest. + +For a PV guest the `arch_shared_info` sub-structure contains important +information about the guest’s P2M, but this information is not relevant for +an HVM guest where the P2M is not directly manipulated via the guest. The +other state contained in the `shared_info` structure relates the domain +wall-clock (the state of which should already be transferred by the `RTC` +HVM context information which contained in the `HVM_CONTEXT` save record) +and some event channel state (particularly if using the *2l* protocol). +Event channel state will need to be fully transferred if we are not going +to require the guest co-operation to re-open the channels and so it should +be possible to re-build a shared info page for an HVM guest from such other +state. + +Note that the shared info page also contains an array of +`XEN_LEGACY_MAX_VCPUS` (32 for x86) `vcpu_info` structures. A domain may +nominate a different guest physical address to use for the vcpu info. This +is mandatory if a domain wants to use more than XEN_LEGACY_MAX_VCPUS vCPUs +and optional otherwise. This mapping is not currently transferred in the +migration state so this will either need to be added into an existing save +record, or an additional type of save record will be needed. + +### Xenstore Watches + +As mentioned above, no domain Xenstore state is currently transferred in +the migration stream. There is a record defined in *libxenlight Domain +Image Format* [4] called `EMULATOR_XENSTORE_DATA` for transferring Xenstore +nodes relating to emulators but no record type is defined for nodes +relating to the domain itself, nor for registered *watches*. A XenStore +watch is a mechanism used by PV frontend and backend drivers to request a +notification if the value of a particular node (e.g. the other end’s state +node) changes, so it is important that watches continue to function after a +migration. One or more new save records will therefore be required to +transfer Xenstore state. It will also be necessary to extend the *store* +protocol[5] with mechanisms to allow the toolstack to acquire the list of +watches that the guest has registered and for the toolstack to register a +watch on behalf of a domain. + +### Event channels + +Event channels are essentially the para-virtual equivalent of interrupts. +They are an important part of post PV protocols. Normally a frontend driver +creates an *inter-domain* event channel between its own domain and the +domain running the backend, which it discovers using the `backend-id` node +in Xenstore (see above), by making a `EVTCHNOP_alloc_unbound` hypercall. +This hypercall allocates an event channel object in the hypervisor and +assigns a *local port* number which is then written into the frontend area +in Xenstore. The backend driver then reads this port number and *binds* to +the event channel by specifying it, and the value of `frontend-id`, as +*remote domain* and *remote port* (respectively) to a +`EVTCHNOP_bind_interdomain` hypercall. Once connection is established in +this fashion frontend and backend drivers can use the event channel as a +*mailbox* to notify each other when a shared ring has been updated with new +requests or response structures. + +Currently no event channel state is preserved on migration, requiring +frontend and backend drivers to create and bind a complete new set of event +channels in order to re-establish a protocol connection. Hence, one or more +new save records will be required to transfer event channel state in order +to avoid the need for explicit action by frontend drivers running in the +guest. Note that the local port numbers need to preserved in this state as +they are the only context the guest has to refer to the hypervisor event +channel objects. + +Note also that the PV *store* (Xenstore access) and *console* protocols +also rely on event channels which are set up by the toolstack. Normally, +early in migration, the toolstack running on the remote host would set up a +new pair of event channels for these protocols in the destination domain. +These may not be assigned the same local port numbers as the protocols +running in the source domain. For non-cooperative migration these channels +must either be created with fixed port numbers, or their creation must be +avoided and instead be included in the general event channel state +record(s). + +### Grant table + +The grant table is essentially the para-virtual equivalent of an IOMMU. For +example, the shared rings of a PV protocol are *granted* by a frontend +driver to the backend driver by allocating *grant entries* in the guest’s +table, filling in details of the memory pages and then writing the *grant +references* (the index values of the grant entries) into Xenstore. The +grant references of the protocol buffers themselves are typically written +directly into the request structures passed via a shared ring. + +The guest is responsible for managing its own grant table. No hypercall is +required to grant a memory page to another domain. It is sufficient to find +an unused grant entry and set bits in the entry to give read and/or write +access to a remote domain also specified in the entry along with the page +frame number. Thus the layout and content of the grant table logically +forms part of the guest state. + +Currently no grant table state is migrated, requiring a guest to separately +maintain any state that it wishes to persist elsewhere in its memory image +and then restore it after migration. Thus to avoid the need for such +explicit action by the guest, one or more new save records will be required +to migrate the contents of the grant table. + +# Outline Proposal + +* PV backend drivers will be modified to unilaterally re-establish +connection to a frontend if the backend state node is restored with value 4 +(XenbusStateConnected)[6]. + +* The toolstack choose a randomized domid for initial creation or default +migration, but preserve the source domid non-cooperative migration. +Non-Cooperative migration will have to be denied if the domid is +unavailable on the target host, but randomization of domid on creation +should hopefully minimize the likelihood of this. Non-Cooperative migration +to localhost will clearly not be possible. + +* `xenstored` should be modified to implement the new mechanisms needed. +See *Other Para-Virtual State* above. A further design document will +propose additional protocol messages. + +* Within the migration stream extra save records will be defined as +required. See *Other Para-Virtual State* above. A further design document +will propose modifications to the libxenlight and libxenctrl Domain Image +Formats. + +* An option should be added to the toolstack to initiate a non-cooperative +migration, instead of the (default) potentially co-operative migration. +Essentially this should skip the check to see if PV drivers and migrate as +if there are none present, but also enabling the extra save records. Note +that at least some of the extra records should only form part of a +non-cooperative migration stream. For example, migrating event channel +state would be counter productive in a normal migration as this will +essentially leak event channel objects at the receiving end. Others, such +as grant table state, could potentially harmlessly form part of a normal +migration stream. + +* * * +[1] PV drivers are deemed to be installed if the HVM parameter +*HVM_PARAM_CALLBACK_IRQ* has been set to a non-zero value. + +[2] See https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/include/public/io/xenbus.h + +[3] See https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/specs/libxc-migration-stream.pandoc + +[4] See https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/specs/libxl-migration-stream.pandoc + +[5] See https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/misc/xenstore.txt + +[6] `xen-blkback` and `xen-netback` have already been modified in Linux to do +this. diff --git a/src/xen/docs/designs/qemu-deprivilege.md b/src/xen/docs/designs/qemu-deprivilege.md new file mode 100644 index 0000000000000000000000000000000000000000..81a5f5c05da6028b6b6c4e2176805d3fe3fffc30 --- /dev/null +++ b/src/xen/docs/designs/qemu-deprivilege.md @@ -0,0 +1,322 @@ +# Introduction + +The goal of deprilvileging qemu is this: Even if there is a bug (for +example in qemu) which permits a domain to gain control of the device +model, the compromised device model process is prevented from +violating the system's overall security properties. Ie, a guest +cannot "escape" from the virtualisation by using a qemu bug. + +This document lists the various technical measures which we either +have taken, or plan to take to effect this goal. Some of them are +required to be considered secure (that is, there are known attack +vectors which they close); others are "just in case" (that is, there +are no known attack vectors, but we perform the restrictions to reduce +the possibility of unknown attack vectors). + +# Restrictions done + +The following restrictions are currently implemented. + +## Having qemu switch user + +'''Description''': As mentioned above, having QEMU switch to a +non-root user, one per domain id. Not being the root user limits what +a compromised QEMU process can do to the system, and having one user +per domain id limits what a comprimised QEMU process can do to the +QEMU processes of other VMs. + +'''Implementation''': The toolstack adds the following to the qemu command-line: + + -runas : + +'''How to test''': + + grep /proc//status [UG]id + +'''Testing Status''': Not tested + +## Xen library / file-descriptor restrictions + +'''Description''': Close and restrict Xen-related file descriptors. +Specifically: + * Close all xenstore-related file descriptors + * Make sure that all open instances of `privcmd` and `evtchn` file +descriptors have had `IOCTL_PRIVCMD_RESTRICT` and +`IOCTL_EVTCHN_RESTRICT_DOMID` ioctls called on them, respectively. + +'''Implementation''': Toolstack adds the following to the qemu command-line: + + -xen-domid-restrict + +'''How to test''': + +Use `fishdescriptor` to pull a file descriptor from a running QEMU, +then use `depriv-fd-checker` to check that it has the desired +properties, and that hypercalls which are meant to fail do fail. (In +Debian `fishdescriptor` can be found in the binary package +`chiark-scripts`; the `depriv-fd-checker` is included in the Xen +source tree.) + +'''Testing status''': Tested + +## Chroot + +'''Description''': Qemu runs in its own chroot, such that even if it +could call an 'open' command of some sort, there would be nothing for +it to see. + +'''Implementation''': The toolstack creates a directory in the libxl "run-dir"; e.g. +`/var/run/xen/qemu-root-` + +Then adds the following to the qemu command-line: + + -chroot /var/run/xen/qemu-root- + +'''How to test''': Check `/proc//root` + +'''Tested''': Not tested + +## Namespaces for unused functionality (Linux only) + +'''Description''': QEMU doesn't use the functionality associated with +mount and IPC namespaces. (IPC namespaces contol non-file-based IPC +mechanisms within the kernel; unix and network sockets are not +affected by this.) Making separate namespaces for these for QEMU +won't affect normal operation, but it does mean that even if other +restrictions fail, the process won't be able to even name system mount +points or existing non-file-based IPC descriptors to attempt to attack +them. + +'''Implementation''': + +In theory this could be done in QEMU (similar to -sandbox, -runas, +-chroot, and so on), but a patch doing this in QEMU was NAKed upstream +(see [qemu-namespaces]). They preferred that this was done as a setup step by +whatever executes QEMU; i.e., have the process which exec's QEMU first +call: + + unshare(CLONE_NEWNS | CLONE_NEWIPC) + +'''How to test''': Check `/proc//ns/[ipc,mnt]` + +'''Tested''': Not tested + +[qemu-namespaces]: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg04723.html + +### Basic RLIMITs + +'''Description''': A number of limits on the resources that a given +process / userid is allowed to consume. These can limit the ability +of a compromised QEMU process to DoS domain 0 by exhausting various +resources available to it. + +'''Implementation''' + +Limits that can be implemented immediately without much effort: + - RLIMIT_FSIZE` (file size) to 256KiB. + +Probably not necessary but why not: + - RLIMIT_CORE: 0 + - RLIMIT_MSGQUEUE: 0 + - RLIMIT_LOCKS: 0 + - RLIMIT_MEMLOCK: 0 + +Note: mlock() is used by QEMU only when both "realtime" and "mlock" +are specified; this does not apply to QEMU running as a Xen DM. + +'''How to test''': Check `/proc//limits` + +'''Tested''': Not tested + +### libxl UID cleanup + +'''Description''': Domain IDs are reused, and thus restricted UIDs are +reused. If a compromised QEMU can fork (due to seccomp or +RLIMIT_NPROC limits being ineffective for some reason), it may avoid +being killed when its domain dies, then wait until the domain ID is +reused again, at which point it will have control over the domain in +question (which probably belongs to someone else). + +libxl should kill all UIDs associated with a domain both when the VM +is destroyed, and before starting a VM with the same UID. + +'''Implementation''': This is unnecessarily tricky. + +The kill() system call can have three kinds of targets: + - A single pid + - A process group + - "Every process except me to which I am allowed to send a signal" (-1) + +Targeting a single pid is racy and likely to be beaten by the +following loop: + + while(1) { + if(fork()) + _exit(0); + } + +That is, by the time you've read the process list and found the +process id you want to kill, that process has exited and there is a +new process whose pid you don't know about. + +Targeting a process group will be ineffective, as unprivileged +processes are allowed to make their own process groups. + +kill(-1) can be used but must be done with care. Consider the +following code, for example: + + setuid(target_uid); + kill(-1, 9); + +This looks like it will do the trick; but by setting all of the user +ids (effective, real, and saved), it opens the 'killing' process up to +being killed by the target process: + + while(1) { + if(fork()) + _exit(0); + else + kill(-1, 9); + } + +Fortunately there is an assymetry we can take advantage of. From the +POSIX spec: + +> For a process to have permission to send a signal to a process +> designated by pid, unless the sending process has appropriate +> privileges, the real or effective user ID of the sending process shall +> match the real or saved set-user-ID of the receiving process. + +The solution is to allocate a second "reaper" uid that is only used to kill +target processes. We set the euid of the killing process to the `target_uid`, +but the ruid of the killing process to `reaper_uid`, leaving the suid of the +killing process as 0: + + setresuid(reaper_uid, target_uid, 0); + kill(-1, 9); + +NOTE: We cannot use `setreuid(reaper_uid, target_uid)` here, as that +will set *both* euid *and* suid to `target_uid`, making the killing +process vulnerable to the target process again. + +Since this will kill all other `reaper_uid` processes as well, we must +either allocate a separate `reaper_uid` per domain, or use locking to +ensure that only one killing process is active at a time. + +# Restrictions / improvements still to do + +This lists potential restrictions still to do. It is meant to be +listed in order of ease of implementation, with low-hanging fruit +first. + +### Further RLIMITs + +RLIMIT_AS limits the total amount of memory; but this includes the +virtual memory which QEMU uses as a mapcache. xen-mapcache.c already +fiddles with this; it would be straightforward to make it *set* the +rlimit to what it thinks a sensible limit is. + +RLIMIT_NPROC limits total number of processes or threads. QEMU uses +threads for some devices, so this would require some thought. + +Other things that would take some cleverness / changes to QEMU to +utilize due to ordering constrants: + - RLIMIT_NOFILES (after all necessary files are opened) + +## libxl: Treat QMP connection as untrusted + +'''Description''': Currently libxl talks with QEMU via QMP; but its +interactions have not historically considered from a security point of +view. For example, qmp_synchronous_send() waits for a response from +QEMU, which a compromised QEMU could simply not send (thus preventing +the toolstack from making forward progress). + +'''Implementation''': Audit toolstack interactions with QEMU which +happen after the guest has started running, and assume QEMU has been +compromised. + +### seccomp filtering (Linux only) + +'''Description''': Turn on seccomp filtering to disable syscalls which +QEMU doesn't need. + +'''Implementation''': Enable from the command-line: + + -sandbox on,obsolete=deny,elevateprivileges=allow,spawn=deny,resourcecontrol=deny + +`elevateprivileges` is currently required to allow `-runas` to work. +Removing this requirement would mean making sure that the uid change +happened before the seccomp2 call, perhaps by changing the uid before +executing QEMU. (But this would then require other changes to create +the QMP socket, VNC socket, and so on). + +It should be noted that `-sandbox` is implemented as a blacklist, not +a whitelist; that is, it disables known-unsed functionality which may +be harmful, rather than disabling all functionality except that known +to be safe and needed. This is unfortunately necessary since qemu +doesn't know what system calls libraries might end up making. (See +[lwn-seccomp] for a more complete discussion.) + +This feature is not on by default and may not be available in all +environments. We therefore need to either: + 1. Require that this feature be enabled to build qemu + 2. Check for `-sandbox` support at runtime before + +[lwn-seccomp]: https://lwn.net/Articles/738694/ + +### Disks + +The chroot (and seccomp?) happens late enough such that QEMU can +initialize itself and open its disks. If you want to add a disk at run +time via or insert a CD, you can't pass a path because QEMU is +chrooted. Instead use the add-fd QMP command and use +/dev/fdset/ as the path. + +A further layer of restriction could be to set RLIMIT_NOFILES to '0', +and hand all disks over QMP. + +## Migration + +When calling xen-save-devices-state, since QEMU is running in a chroot +it is not useful to pass a filename (it doesn't even have write access +inside the chroot). Instead, give it an open fd using the add-fd +mechanism. + +Additionally, all the restrictions need to be applied to the qemu +started up on the post-migration side. One issue that needs to be +solved is how to signal the toolstack on restore that qemu is ready +for the domain to be started (since this is normally done via +xenstore, and at this point the xenstore connections will have been +closed). + +### Network namespacing (Linux only) + +Enter QEMU into its own network namespace (in addition to mount & IPC +namespaces): + + unshare(CLONE_NEWNET); + +QEMU does actually use the network namespace as a Xen DM for two +purposes: 1) To set up network tap devices 2) To open vnc connections. + +#### Network + +If QEMU runs in its own network namespace, it can't open the tap +device itself because the interface won't be visible outside of its +own namespace. So instead, have the toolstack open the device and pass +it as an fd on the command-line: + + -device rtl8139,netdev=tapnet0,mac=... -netdev tap,id=tapnet0,fd= + +#### VNC + +If QEMU runs in its own network namespace, it is not straightforward +to listen on a TCP socket outside of its own network namespace. One +option would be to use VNC over a UNIX socket: + + -vnc unix:/var/run/xen/vnc- + +However, this would break functionality in the general case; I think +we need to have the toolstack open a socket and pass the fd to QEMU +(which requires changes to QEMU). + diff --git a/src/xen/docs/designs/xenstore-migration.md b/src/xen/docs/designs/xenstore-migration.md new file mode 100644 index 0000000000000000000000000000000000000000..5022268386cb17a6f25f1c781038e68a2273e532 --- /dev/null +++ b/src/xen/docs/designs/xenstore-migration.md @@ -0,0 +1,570 @@ +# Xenstore Migration + +## Background + +The design for *Non-Cooperative Migration of Guests*[1] explains that extra +save records are required in the migrations stream to allow a guest running PV +drivers to be migrated without its co-operation. Moreover the save records must +include details of registered xenstore watches as well as content; information +that cannot currently be recovered from `xenstored`, and hence some extension +to the xenstored implementations will also be required. + +As a similar set of data is needed for transferring xenstore data from one +instance to another when live updating xenstored this document proposes an +image format for a 'migration stream' suitable for both purposes. + +## Proposal + +The image format consists of a _header_ followed by 1 or more _records_. Each +record consists of a type and length field, followed by any data mandated by +the record type. At minimum there will be a single record of type `END` +(defined below). + +### Header + +The header identifies the stream as a `xenstore` stream, including the version +of the specification that it complies with. + +All fields in this header must be in _big-endian_ byte order, regardless of +the setting of the endianness bit. + + +``` + 0 1 2 3 4 5 6 7 octet ++-------+-------+-------+-------+-------+-------+-------+-------+ +| ident | ++-------------------------------+-------------------------------| +| version | flags | ++-------------------------------+-------------------------------+ +``` + + +| Field | Description | +|-----------|---------------------------------------------------| +| `ident` | 0x78656e73746f7265 ('xenstore' in ASCII) | +| | | +| `version` | The version of the specification, defined values: | +| | 0x00000001: all fields and records without any | +| | explicitly mentioned version | +| | dependency are valid. | +| | 0x00000002: all fields and records valid for | +| | version 1 plus fields and records | +| | explicitly stated to be supported in | +| | version 2 are valid. | +| | | +| `flags` | 0 (LSB): Endianness: 0 = little, 1 = big | +| | | +| | 1-31: Reserved (must be zero) | + +### Records + +Records immediately follow the header and have the following format: + + +``` + 0 1 2 3 4 5 6 7 octet ++-------+-------+-------+-------+-------+-------+-------+-------+ +| type | len | ++-------------------------------+-------------------------------+ +| body +... +| | padding (0 to 7 octets) | ++-------+-------------------------------------------------------+ +``` + +NOTE: padding octets or fields not valid in the used version here and in all + subsequent format specifications must be written as zero and should be + ignored when the stream is read. + + +| Field | Description | +|--------|------------------------------------------------------| +| `type` | 0x00000000: END | +| | 0x00000001: GLOBAL_DATA | +| | 0x00000002: CONNECTION_DATA | +| | 0x00000003: WATCH_DATA | +| | 0x00000004: TRANSACTION_DATA | +| | 0x00000005: NODE_DATA | +| | 0x00000006: GLOBAL_QUOTA_DATA | +| | 0x00000007: DOMAIN_DATA | +| | 0x00000008: WATCH_DATA_EXTENDED (version 2 and up) | +| | 0x00000009 - 0xFFFFFFFF: reserved for future use | +| | | +| `len` | The length (in octets) of `body` | +| | | +| `body` | The type-specific record data | + +Some records will depend on other records in the migration stream. Records +upon which other records depend must always appear earlier in the stream. + +The various formats of the type-specific data are described in the following +sections: + +\pagebreak + +### END + +The end record marks the end of the image, and is the final record +in the stream. + +``` + 0 1 2 3 4 5 6 7 octet ++-------+-------+-------+-------+-------+-------+-------+-------+ +``` + + +The end record contains no fields; its body length is 0. + +\pagebreak + +### GLOBAL_DATA + +This record is only relevant for live update. It contains details of global +xenstored state that needs to be restored. + +``` + 0 1 2 3 octet ++-------+-------+-------+-------+ +| rw-socket-fd | ++-------------------------------+ +| evtchn-fd | ++-------------------------------+ +``` + + +| Field | Description | +|----------------|----------------------------------------------| +| `rw-socket-fd` | The file descriptor of the socket accepting | +| | read-write connections | +| | | +| `evtchn-fd` | The file descriptor used to communicate with | +| | the event channel driver | + +xenstored will resume in the original process context. Hence `rw-socket-fd` +simply specifies the file descriptor of the socket. Sockets are not always +used, however, and so -1 will be used to denote an unused socket. + +\pagebreak + +### CONNECTION_DATA + +For live update the image format will contain a `CONNECTION_DATA` record for +each connection to xenstore. For migration it will only contain a record for +the domain being migrated. + + +``` + 0 1 2 3 4 5 6 7 octet ++-------+-------+-------+-------+-------+-------+-------+-------+ +| conn-id | conn-type | | ++-------------------------------+---------------+---------------+ +| conn-spec +... ++---------------+---------------+-------------------------------+ +| in-data-len | out-resp-len | out-data-len | ++---------------+---------------+-------------------------------+ +| data +... +``` + + +| Field | Description | +|----------------|----------------------------------------------| +| `conn-id` | A non-zero number used to identify this | +| | connection in subsequent connection-specific | +| | records | +| | | +| `conn-type` | 0x0000: shared ring | +| | 0x0001: socket | +| | 0x0002 - 0xFFFF: reserved for future use | +| | | +| `conn-spec` | See below | +| | | +| `in-data-len` | The length (in octets) of any data read | +| | from the connection not yet processed | +| | | +| `out-resp-len` | The length (in octets) of a partial response | +| | not yet written to the connection | +| | | +| `out-data-len` | The length (in octets) of any pending data | +| | not yet written to the connection, including | +| | a partial response (see `out-resp-len`) | +| | | +| `data` | Pending data: first in-data-len octets of | +| | read data, then out-data-len octets of | +| | written data (any of both may be empty) | + +In case of live update the connection record for the connection via which +the live update command was issued will contain the response for the live +update command in the pending not yet written data. + +\pagebreak + +The format of `conn-spec` is dependent upon `conn-type`. + +For `shared ring` connections it is as follows: + + +``` + 0 1 2 3 4 5 6 7 octet ++---------------+---------------+---------------+---------------+ +| domid | tdomid | evtchn | ++-------------------------------+-------------------------------+ +``` + + +| Field | Description | +|-----------|---------------------------------------------------| +| `domid` | The domain-id that owns the shared page | +| | | +| `tdomid` | The domain-id that `domid` acts on behalf of if | +| | it has been subject to an SET_TARGET | +| | operation [2] or DOMID_INVALID [3] otherwise | +| | | +| `evtchn` | The port number of the interdomain channel used | +| | by xenstored to communicate with `domid` | +| | | + +The GFN of the shared page is not preserved because the ABI reserves +entry 1 in `domid`'s grant table to point to the xenstore shared page. +Note there is no guarantee the page will still be valid at the time of +the restore because a domain can revoke the permission. + +For `socket` connections it is as follows: + + +``` ++---------------+---------------+---------------+---------------+ +| socket-fd | pad | ++-------------------------------+-------------------------------+ +``` + + +| Field | Description | +|-------------|-------------------------------------------------| +| `socket-fd` | The file descriptor of the connected socket | + +This type of connection is only relevant for live update, where the xenstored +resumes in the original process context. Hence `socket-fd` simply specify +the file descriptor of the socket connection. + +\pagebreak + +### WATCH_DATA + +The image format will contain either a `WATCH_DATA` or a `WATCH_DATA_EXTENDED` +record for each watch registered by a connection for which there is +`CONNECTION_DATA` record previously present. + +``` + 0 1 2 3 octet ++-------+-------+-------+-------+ +| conn-id | ++---------------+---------------+ +| wpath-len | token-len | ++---------------+---------------+ +| wpath +... +| token +... +``` + + +| Field | Description | +|-------------|-------------------------------------------------| +| `conn-id` | The connection that issued the `WATCH` | +| | operation [2] | +| | | +| `wpath-len` | The length (in octets) of `wpath` including the | +| | NUL terminator | +| | | +| `token-len` | The length (in octets) of `token` including the | +| | NUL terminator | +| | | +| `wpath` | The watch path, as specified in the `WATCH` | +| | operation | +| | | +| `token` | The watch identifier token, as specified in the | +| | `WATCH` operation | + +\pagebreak + +### WATCH_DATA_EXTENDED + +The image format will contain either a `WATCH_DATA` or a `WATCH_DATA_EXTENDED` +record for each watch registered by a connection for which there is +`CONNECTION_DATA` record previously present. The `WATCH_DATA_EXTENDED` record +type is valid only in version 2 and later. + +``` + 0 1 2 3 octet ++-------+-------+-------+-------+ +| conn-id | ++---------------+---------------+ +| wpath-len | token-len | ++---------------+---------------+ +| depth | pad | ++---------------+---------------+ +| wpath +... +| token +... +``` + + +| Field | Description | +|-------------|-------------------------------------------------| +| `conn-id` | The connection that issued the `WATCH` | +| | operation [2] | +| | | +| `wpath-len` | The length (in octets) of `wpath` including the | +| | NUL terminator | +| | | +| `token-len` | The length (in octets) of `token` including the | +| | NUL terminator | +| | | +| `depth` | The number of directory levels below the | +| | watched path to consider for a match. | +| | A value of 0xffff is used for unlimited depth. | +| | | +| `wpath` | The watch path, as specified in the `WATCH` | +| | operation | +| | | +| `token` | The watch identifier token, as specified in the | +| | `WATCH` operation | + +\pagebreak + +### TRANSACTION_DATA + +The image format will contain a `TRANSACTION_DATA` record for each transaction +that is pending on a connection for which there is `CONNECTION_DATA` record +previously present. + + +``` + 0 1 2 3 octet ++-------+-------+-------+-------+ +| conn-id | ++-------------------------------+ +| tx-id | ++-------------------------------+ +``` + + +| Field | Description | +|----------------|----------------------------------------------| +| `conn-id` | The connection that issued the | +| | `TRANSACTION_START` operation [2] | +| | | +| `tx-id` | The transaction id passed back to the domain | +| | by the `TRANSACTION_START` operation | + +\pagebreak + +### NODE_DATA + +For live update the image format will contain a `NODE_DATA` record for each +node in xenstore. For migration it will only contain a record for the nodes +relating to the domain being migrated. The `NODE_DATA` may be related to +a _committed_ node (globally visible in xenstored) or a _pending_ node (created +or modified by a transaction for which there is also a `TRANSACTION_DATA` +record previously present). + +Each _committed_ node in the stream is required to have an already known parent +node. A parent node is known if it was either in the node data base before the +stream was started to be processed, or if a `NODE_DATA` record for that parent +node has already been processed in the stream. + + +``` + 0 1 2 3 octet ++-------+-------+-------+-------+ +| conn-id | ++-------------------------------+ +| tx-id | ++---------------+---------------+ +| path-len | value-len | ++---------------+---------------+ +| access | perm-count | ++---------------+---------------+ +| perm1 | ++-------------------------------+ +... ++-------------------------------+ +| permN | ++---------------+---------------+ +| path +... +| value +... +``` + + +| Field | Description | +|--------------|------------------------------------------------| +| `conn-id` | If this value is non-zero then this record | +| | related to a pending transaction | +| | | +| `tx-id` | This value should be ignored if `conn-id` is | +| | zero. Otherwise it specifies the id of the | +| | pending transaction | +| | | +| `path-len` | The length (in octets) of `path` including the | +| | NUL terminator | +| | | +| `value-len` | The length (in octets) of `value` (which will | +| | be zero for a deleted node) | +| | | +| `access` | This value should be ignored if this record | +| | does not relate to a pending transaction, | +| | otherwise it specifies the accesses made to | +| | the node and hence is a bitwise OR of: | +| | | +| | 0x0001: read | +| | 0x0002: written | +| | | +| | The value will be zero for a deleted node | +| | | +| `perm-count` | The number (N) of node permission specifiers | +| | (which will be 0 for a node deleted in a | +| | pending transaction) | +| | | +| `perm1..N` | A list of zero or more node permission | +| | specifiers (see below) | +| | | +| `path` | The absolute path of the node | +| | | +| `value` | The node value (which may be empty or contain | +| | NUL octets) | + + +A node permission specifier has the following format: + + +``` + 0 1 2 3 octet ++-------+-------+-------+-------+ +| perm | flags | domid | ++-------+-------+---------------+ +``` + +| Field | Description | +|---------|-----------------------------------------------------| +| `perm` | One of the ASCII values `w`, `r`, `b` or `n` as | +| | specified for the `SET_PERMS` operation [2] | +| | | +| `flags` | A bit-wise OR of: | +| | 0x01: stale permission, ignore when checking | +| | permissions | +| | | +| `domid` | The domain-id to which the permission relates | + +Note that perm1 defines the domain owning the node. See [4] for more +explanation of node permissions. + +\pagebreak + +### GLOBAL_QUOTA_DATA + +This record is only relevant for live update. It contains the global settings +of xenstored quota. + +``` + 0 1 2 3 octet ++-------+-------+-------+-------+ +| n-dom-quota | n-glob-quota | ++---------------+---------------+ +| quota-val 1 | ++-------------------------------+ +... ++-------------------------------+ +| quota-val N | ++-------------------------------+ +| quota-names +... +``` + + +| Field | Description | +|----------------|----------------------------------------------| +| `n-dom-quota` | Number of quota values which apply per | +| | domain by default. | +| | | +| `n-glob-quota` | Number of quota values which apply globally | +| | only. | +| | | +| `quota-val` | Quota values, first the ones applying per | +| | domain, then the ones applying globally. A | +| | value of 0 has the semantics of "unlimited". | +| | | +| `quota-names` | 0 delimited strings of the quota names in | +| | the same sequence as the `quota-val` values. | + + +Allowed quota names are those explicitly named in [2] for the `GET_QUOTA` +and `SET_QUOTA` commands, plus implementation specific ones. Quota names not +recognized by the receiving side should not have any effect on behavior for +the receiving side (they can be ignored or preserved for inclusion in +future live migration/update streams). + +\pagebreak + +### DOMAIN_DATA + +This record is optional and can be present once for each domain. + + +``` + 0 1 2 3 octet ++-------+-------+-------+-------+ +| domain-id | n-quota | ++---------------+---------------+ +| features | ++-------------------------------+ +| quota-val 1 | ++-------------------------------+ +... ++-------------------------------+ +| quota-val N | ++-------------------------------+ +| quota-names +... +``` + + +| Field | Description | +|----------------|----------------------------------------------| +| `domain-id` | The domain-id of the domain this record | +| | belongs to. | +| | | +| `n-quota` | Number of quota values. | +| | | +| `features` | Value of the feature field visible by the | +| | guest at offset 2064 of the ring page. | +| | Only valid for version 2 and later. | +| | | +| `quota-val` | Quota values, a value of 0 has the semantics | +| | "unlimited". | +| | | +| `quota-names` | 0 delimited strings of the quota names in | +| | the same sequence as the `quota-val` values. | + +Allowed quota names are those explicitly named in [2] for the `GET_QUOTA` +and `SET_QUOTA` commands, plus implementation specific ones. Quota names not +recognized by the receiving side should not have any effect on behavior for +the receiving side (they can be ignored or preserved for inclusion in +future live migration/update streams). + +\pagebreak + + +* * * + +[1] See https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/designs/non-cooperative-migration.md + +[2] See https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/misc/xenstore.txt + +[3] See https://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=xen/include/public/xen.h;hb=HEAD#l612 + +[4] https://wiki.xen.org/wiki/XenBus diff --git a/src/xen/docs/features/dom0less.pandoc b/src/xen/docs/features/dom0less.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..725afa055838611a7619b929c54f37493eb17ded --- /dev/null +++ b/src/xen/docs/features/dom0less.pandoc @@ -0,0 +1,173 @@ +Dom0less +======== + +"Dom0less" is a set of Xen features that enable the deployment of a Xen +system without an control domain (often referred to as "dom0"). Each +feature can be used independently from the others, unless otherwise +stated. + +Booting Multiple Domains from Device Tree +----------------------------------------- + +This feature enables Xen to create a set of DomUs at boot time. +Information about the DomUs to be created by Xen is passed to the +hypervisor via Device Tree. Specifically, the existing Device Tree based +Multiboot specification has been extended to allow for multiple domains +to be passed to Xen. See docs/misc/arm/device-tree/booting.txt for more +information about the Multiboot specification and how to use it. + +Currently, a control domain ("dom0") is still required to manage the DomU +domains, but the system can start also without dom0 if the Device Tree +doesn't specify the dom0 kernel and it declares one or more domUs. +Instead of waiting for the control domain (when declared) to be fully +booted and the Xen tools to become available, domains created by Xen +this way are started right away in parallel. Hence, their boot time is +typically much shorter. + + +Configuration +------------- + +### Loading binaries into memory ### + +U-Boot needs to load not just Xen, the device tree binary, the dom0 kernel and +ramdisk. It also needs to load the kernel and ramdisk of any additional domains +to boot. For example if this is the bootcmd for Xen and Dom0: + + tftpb 0x1280000 xen.dtb + tftpb 0x0x80000 xen-Image + tftpb 0x1400000 xen.ub + tftpb 0x9000000 xen-rootfs.cpio.gz.u-boot + + bootm 0x1400000 0x9000000 0x1280000 + +If we want to add one DomU with Image-DomU as the DomU kernel +and ramdisk-DomU as DomU ramdisk: + + tftpb 0x1280000 xen.dtb + tftpb 0x80000 xen-Image + tftpb 0x1400000 xen.ub + tftpb 0x9000000 xen-rootfs.cpio.gz.u-boot + + tftpb 0x2000000 Image-DomU + tftpb 0x3000000 ramdisk-DomU + + bootm 0x1400000 0x9000000 0x1280000 + + +### Device Tree configuration ### + +In addition to loading the necessary binaries, we also need to advertise +the presence of the additional VM and its configuration. It is done via +device tree adding a node under /chosen as follows: + + domU1 { + #address-cells = <1>; + #size-cells = <1>; + compatible = "xen,domain"; + memory = <0 0x20000>; + cpus = <1>; + vpl011; + + module@2000000 { + compatible = "multiboot,kernel", "multiboot,module"; + reg = <0x2000000 0xffffff>; + bootargs = "console=ttyAMA0"; + }; + + module@30000000 { + compatible = "multiboot,ramdisk", "multiboot,module"; + reg = <0x3000000 0xffffff>; + }; + }; + +Where memory is the memory of the VM in KBs, cpus is the number of +cpus. module@2000000 and module@3000000 advertise where the kernel and +ramdisk are in memory. + +Note: the size specified should exactly match the size of the Kernel/initramfs. +Otherwise, they may be unusable in Xen (for instance if they are compressed). + +See docs/misc/arm/device-tree/booting.txt for more information. + +PV Drivers +---------- + +It is possible to use PV drivers with dom0less guests with some +restrictions: + +- dom0less domUs that want to use PV drivers support should have the + "xen,enhanced" property set under their device tree nodes (see + docs/misc/arm/device-tree/booting.txt) +- a dom0 must be present (or another domain with enough privileges to + run the toolstack) +- after dom0 is booted, the utility "init-dom0less" must be run +- do not run "init-dom0less" while creating other guests with xl + +After the execution of init-dom0less, it is possible to use "xl" to +hotplug PV drivers to dom0less guests. E.g. xl network-attach domU. + +The implementation works as follows: +- Xen allocates the xenstore event channel for each dom0less domU that + has the "xen,enhanced" property, and sets HVM_PARAM_STORE_EVTCHN +- Xen does *not* allocate the xenstore page and sets HVM_PARAM_STORE_PFN + to ~0ULL (invalid) +- Dom0less domU kernels check that HVM_PARAM_STORE_PFN is set to invalid + - Old kernels will continue without xenstore support (Note: some old + buggy kernels might crash because they don't check the validity of + HVM_PARAM_STORE_PFN before using it! Disable "xen,enhanced" in + those cases) + - New kernels will wait for a notification on the xenstore event + channel (HVM_PARAM_STORE_EVTCHN) before continuing with the + initialization +- Once dom0 is booted, init-dom0less is executed: + - it allocates the xenstore shared page and sets HVM_PARAM_STORE_PFN + - it calls xs_introduce_domain +- Xenstored notices the new domain, initializes interfaces as usual, and + sends an event channel notification to the domain using the xenstore + event channel (HVM_PARAM_STORE_EVTCHN) +- The Linux domU kernel receives the event channel notification, checks + HVM_PARAM_STORE_PFN again and continue with the initialization + + +Limitations +----------- + +Domains started by Xen at boot time currently have the following +limitations: + +- They cannot be properly shutdown or rebooted using xl. If one of them + crashes, the whole platform should be rebooted. + +- Some xl operations might not work as expected. xl is meant to be used + with domains that have been created by it. Using xl with domains + started by Xen at boot might not work as expected. + +- The GIC version is the native version. In absence of other + information, the GIC version exposed to the domains started by Xen at + boot is the same as the native GIC version. + +- Pinning vCPUs of domains started by Xen at boot can be + done from the control domain, using `xl vcpu-pin` as usual. It is not + currently possible to configure vCPU pinning without a control domain. + However, the NULL scheduler can be selected by passing `sched=null` to + the Xen command line. The NULL scheduler automatically assigns and + pins vCPUs to pCPUs, but the vCPU-pCPU assignments cannot be + configured. + +Notes +----- + +- 'xl console' command will not attach to the domain's console in case + of dom0less. DomU are domains created by Xen (similar to Dom0) and + therefore they are all managed by Xen and some of the commands may not work. + + A user is allowed to configure the key sequence to switch input. + Pressing the Xen "conswitch" (Ctrl-A by default) three times + switches input in case of dom0less mode. + +- Domains created by Xen will have no name at boot. Domain-0 has a name + thanks to the helper xen-init-dom0 called at boot by the initscript. + If you want to setup DomU name, then you will have to create the xenstore + node associated. By default DomU names are shown as '(null)' in the + xl domains list. diff --git a/src/xen/docs/features/feature-levelling.pandoc b/src/xen/docs/features/feature-levelling.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..171a42c358409f4ab24f0d783628187a367c15b8 --- /dev/null +++ b/src/xen/docs/features/feature-levelling.pandoc @@ -0,0 +1,216 @@ +% Feature Levelling +% Revision 1 + +\clearpage + +# Basics + +---------------- ---------------------------------------------------- + Status: **Supported** + + Architecture: x86 + + Component: Hypervisor, toolstack, guest +---------------- ---------------------------------------------------- + + +# Overview + +On native hardware, a kernel will boot, detect features, typically optimise +certain codepaths based on the available features, and expect the features to +remain available until it shuts down. + +The same expectation exists for virtual machines, and it is up to the +hypervisor/toolstack to fulfill this expectation for the lifetime of the +virtual machine, including across migrate/suspend/resume. + + +# User details + +Many factors affect the featureset which a VM may use: + +* The CPU itself +* The BIOS/firmware/microcode version and settings +* The hypervisor version and command line settings +* Further restrictions the toolstack chooses to apply + +A firmware or software upgrade might reduce the available set of features +(e.g. Intel disabling TSX in a microcode update for certain Haswell/Broadwell +processors), as may editing the settings. + +It is unsafe to make any assumption about features remaining consistent across +a host reboot. Xen recalculates all information from scratch each boot, and +provides the information for the toolstack to consume. + +`xl` currently has no facilities to help the user collect appropriate feature +information from relevant hosts and compute appropriate feature specifications +for use in host or domain configurations. (`xl` being a single-host +toolstack, it would in any case need external support for accessing remote +hosts eg via ssh, in the form of automation software like GNU parallel or +ansible.) + +# Technical details + +The `CPUID` instruction is used by software to query for features. In the +virtualisation usecase, guest software should query Xen rather than hardware +directly. However, `CPUID` is an unprivileged instruction which doesn't +fault, complicating the task of hiding hardware features from guests. + +Important files: + +* Hypervisor + * `xen/arch/x86/cpu/*.c` + * `xen/arch/x86/cpuid.c` + * `xen/include/asm-x86/cpuid-autogen.h` + * `xen/include/public/arch-x86/cpufeatureset.h` + * `xen/tools/gen-cpuid.py` +* `libxc` + * `tools/libxc/xc_cpuid_x86.c` + +## Ability to control CPUID + +### HVM + +HVM guests (using `Intel VT-x` or `AMD SVM`) will unconditionally exit to Xen +on all `CPUID` instructions, allowing Xen full control over all information. + +### PV + +The `CPUID` instruction is unprivileged, so executing it in a PV guest will +not trap, leaving Xen no direct ability to control the information returned. + +### Xen Forced Emulation Prefix + +Xen-aware PV software can make use of the 'Forced Emulation Prefix' + +> `ud2a; .ascii 'xen'; cpuid` + +which Xen recognises as a deliberate attempt to get the fully-controlled +`CPUID` information rather than the hardware-reported information. This only +works with cooperative software. + +### Masking and Override MSRs + +AMD CPUs from the `K8` onwards support _Feature Override_ MSRs, which allow +direct control of the values returned for certain `CPUID` leaves. These MSRs +allow any result to be returned, including the ability to advertise features +which are not actually supported. + +Intel CPUs between `Nehalem` and `SandyBridge` have differing numbers of +_Feature Mask_ MSRs, which are a simple AND-mask applied to all `CPUID` +instructions requesting specific feature bitmap sets. The exact MSRs, and +which feature bitmap sets they affect are hardware specific. These MSRs allow +features to be hidden by clearing the appropriate bit in the mask, but does +not allow unsupported features to be advertised. + +### CPUID Faulting + +Intel CPUs from `IvyBridge` onwards have _CPUID Faulting_, which allows Xen to +cause `CPUID` instruction executed in PV guests to fault. This allows Xen +full control over all information, exactly like HVM guests. + +## Compile time + +As some features depend on other features, it is important that, when +disabling a certain feature, we disable all features which depend on it. This +allows runtime logic to be simplified, by being able to rely on testing only +the single appropriate feature, rather than the entire feature dependency +chain. + +To speed up runtime calculation of feature dependencies, the dependency chain +is calculated and flattened by `xen/tools/gen-cpuid.py` to create +`xen/include/asm-x86/cpuid-autogen.h` from +`xen/include/public/arch-x86/cpufeatureset.h`, allowing the runtime code to +disable all dependent features of a specific disabled feature in constant +time. + +## Host boot + +As Xen boots, it will enumerate the features it can see. This is stored as +the *raw_featureset*. + +Errata checks and command line arguments are then taken into account to reduce +the *raw_featureset* into the *host_featureset*, which is the set of +features Xen uses. On hardware with masking/override MSRs, the default MSR +values are picked from the *host_featureset*. + +The *host_featureset* is then used to calculate the *pv_featureset* and +*hvm_featureset*, which are the maximum featuresets Xen is willing to offer +to PV and HVM guests respectively. + +In addition, Xen will calculate how much control it has over non-cooperative +PV `CPUID` instructions, storing this information as *levelling_caps*. + +## Domain creation + +The toolstack can query each of the calculated featureset via +`XEN_SYSCTL_get_cpu_featureset`, and query for the levelling caps via +`XEN_SYSCTL_get_cpu_levelling_caps`. + +These data should be used by the toolstack when choosing the eventual +featureset to offer to the guest. + +Once a featureset has been chosen, it is set (implicitly or explicitly) via +`XEN_DOMCTL_set_cpuid`. Xen will clamp the toolstacks choice to the +appropriate PV or HVM featureset. On hardware with masking/override MSRs, the +guest cpuid policy is reflected in the MSRs, which are context switched with +other vcpu state. + +# Limitations + +A guest which ignores the provided feature information and manually probes for +features will be able to find some of them. e.g. There is no way of forcibly +preventing a guest from using 1GB superpages if the hardware supports it. + +Some information simply cannot be hidden from guests. There is no way to +control certain behaviour such as the hardware MXCSR_MASK or x87 FPU exception +behaviour. + + +# Testing + +Feature levelling is a very wide area, and used all over the hypervisor. +Please ask on xen-devel for help identifying more specific tests which could +be of use. + + +# Known issues / Areas for improvement + +The feature querying and levelling functions should exposed in a +convenient-to-use way by `xl`. + +Xen currently has no concept of per-{socket,core,thread} CPUID information. +As a result, details such as APIC IDs, topology and cache information do not +match real hardware, and do not match the documented expectations in the Intel +and AMD system manuals. + +The CPU feature flags are the only information which the toolstack has a +sensible interface for querying and levelling. Other information in the CPUID +policy is important and should be levelled (e.g. maxphysaddr). + +The CPUID policy is currently regenerated from scratch by the receiving side, +once memory and vcpu content has been restored. This means that the receiving +Xen cannot verify the memory/vcpu content against the CPUID policy, and can +end up running a guest which will subsequently crash. The CPUID policy should +be at the head of the migration stream. + +MSRs are another source of features for guests. There is no general provision +for controlling the available MSRs. E.g. 64bit versions of Windows notice +changes in IA32_MISC_ENABLE, and suffer a BSOD 0x109 (Critical Structure +Corruption) + + +# References + +[Intel Flexmigration](http://www.intel.co.uk/content/dam/www/public/us/en/documents/application-notes/virtualization-technology-flexmigration-application-note.pdf) + +[AMD Extended Migration Technology](http://developer.amd.com/wordpress/media/2012/10/43781-3.00-PUB_Live-Virtual-Machine-Migration-on-AMD-processors.pdf) + + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2016-05-31 1 Xen 4.7 Document written +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/hypervisorfs.pandoc b/src/xen/docs/features/hypervisorfs.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..a0a0ead05735a083930aff985446450ff7a45507 --- /dev/null +++ b/src/xen/docs/features/hypervisorfs.pandoc @@ -0,0 +1,92 @@ +% Hypervisor FS +% Revision 1 + +\clearpage + +# Basics +---------------- --------------------- + Status: **Supported** + + Architectures: all + + Components: Hypervisor, toolstack +---------------- --------------------- + +# Overview + +The Hypervisor FS is a hierarchical name-value store for reporting +information to guests, especially dom0. It is similar to the Linux +kernel's sysfs. Entries and directories are created by the hypervisor, +while the toolstack is able to use a hypercall to query the entry +values or (if allowed by the hypervisor) to modify them. + +# User details + +With: + + xenhypfs ls + +the user can list the entries of a specific path of the FS. Using: + + xenhypfs cat + +the content of an entry can be retrieved. Using: + + xenhypfs write + +a writable entry can be modified. With: + + xenhypfs tree + +the complete Hypervisor FS entry tree can be printed. + +The FS paths are documented in `docs/misc/hypfs-paths.pandoc`. + +# Technical details + +Access to the hypervisor filesystem is done via the stable new hypercall +__HYPERVISOR_filesystem_op. This hypercall supports a sub-command +XEN_HYPFS_OP_get_version which will return the highest version of the +interface supported by the hypervisor. Additions to the interface need +to bump the interface version. The hypervisor is required to support the +previous interface versions, too (this implies that additions will always +require new sub-commands in order to allow the hypervisor to decide which +version of the interface to use). + +* hypercall interface specification + * `xen/include/public/hypfs.h` +* hypervisor internal files + * `xen/include/xen/hypfs.h` + * `xen/common/hypfs.c` +* `libxenhypfs` + * `tools/libs/libxenhypfs/*` +* `xenhypfs` + * `tools/misc/xenhypfs.c` +* path documentation + * `docs/misc/hypfs-paths.pandoc` + +# Testing + +Any new parameters or hardware mitigations should be verified to show up +correctly in the filesystem. + +# Areas for improvement + +* More detailed access rights +* Entries per domain and/or per cpupool + +# Known issues + +* None + +# References + +* None + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2020-01-23 1 Xen 4.14 Document written +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/intel_psr_cat_cdp.pandoc b/src/xen/docs/features/intel_psr_cat_cdp.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..1fb02ea1e6746ee2e87e12bb08c0454997ed397a --- /dev/null +++ b/src/xen/docs/features/intel_psr_cat_cdp.pandoc @@ -0,0 +1,512 @@ +% Intel Cache Allocation Technology and Code and Data Prioritization Features +% Revision 1.17 + +\clearpage + +# Basics + +---------------- ---------------------------------------------------- + Status: **Tech Preview** + +Architecture(s): Intel x86 + + Component(s): Hypervisor, toolstack + + Hardware: L3 CAT: Haswell and beyond CPUs + CDP : Broadwell and beyond CPUs + L2 CAT: Atom codename Goldmont and beyond CPUs +---------------- ---------------------------------------------------- + +# Terminology + +* CAT Cache Allocation Technology +* CBM Capacity BitMasks +* CDP Code and Data Prioritization +* CMT Cache Monitoring Technology +* COS/CLOS Class of Service +* MSRs Machine Specific Registers +* PSR Intel Platform Shared Resource + +# Overview + +Intel provides a set of allocation capabilities including Cache Allocatation +Technology (CAT) and Code and Data Prioritization (CDP). + +CAT allows an OS or hypervisor to control allocation of a CPU's shared cache +based on application/domain priority or Class of Service (COS). Each COS is +configured using capacity bitmasks (CBMs) which represent cache capacity and +indicate the degree of overlap and isolation between classes. Once CAT is +configured, the processor allows access to portions of cache according to the +established COS. Intel Xeon processor E5 v4 family (and some others) introduce +capabilities to configure and make use of the CAT mechanism on the L3 cache. +Intel Goldmont processor provides support for control over the L2 cache. + +Code and Data Prioritization (CDP) Technology is an extension of CAT. CDP +enables isolation and separate prioritization of code and data fetches to +the L3 cache in a SW configurable manner, which can enable workload +prioritization and tuning of cache capacity to the characteristics of the +workload. CDP extends CAT by providing separate code and data masks per Class +of Service (COS). When SW configures to enable CDP, L3 CAT is disabled. + +# User details + +* Feature Enabling: + + Add "psr=cat" to boot line parameter to enable all supported level CAT + features. Add "psr=cdp" to enable L3 CDP but disables L3 CAT by SW. + +* xl interfaces: + + 1. `psr-cat-show [OPTIONS] domain-id`: + + Show L2 CAT or L3 CAT/CDP CBM of the domain designated by Xen domain-id. + + Option `-l`: + + `-l2`: Show cbm for L2 cache. + + `-l3`: Show cbm for L3 cache. + + If `-lX` is specified and LX is not supported, print error. + If no `-l` is specified, level 3 is the default option. + + 2. `psr-cat-set [OPTIONS] domain-id cbm`: + + Set L2 CAT or L3 CAT/CDP CBM to the domain designated by Xen domain-id. + + Option `-s`: Specify the socket to process, otherwise all sockets are + processed. + + Option `-l`: + + `-l2`: Specify cbm for L2 cache. + + `-l3`: Specify cbm for L3 cache. + + If `-lX` is specified and LX is not supported, print error. + If no `-l` is specified, level 3 is the default option. + + Option `-c` or `-d`: + + `-c`: Set L3 CDP code cbm. + + `-d`: Set L3 CDP data cbm. + + 3. `psr-hwinfo [OPTIONS]`: + + Show CMT & L2 CAT & L3 CAT/CDP HW information on every socket. + + Option `-m, --cmt`: Show Cache Monitoring Technology (CMT) hardware + info. + + Option `-a, --cat`: Show CAT/CDP hardware info. + +# Technical details + +L3 CAT/CDP and L2 CAT are all members of Intel PSR features, they share the base +PSR infrastructure in Xen. + +## Hardware perspective + +CAT/CDP defines a range of MSRs to assign different cache access patterns +which are known as CBMs, each CBM is associated with a COS. + +E.g. L2 CAT: + + +----------------------------+----------------+ + IA32_PQR_ASSOC | MSR (per socket) | Address | + +----+---+-------+ +----------------------------+----------------+ + | |COS| | | IA32_L2_QOS_MASK_0 | 0xD10 | + +----+---+-------+ +----------------------------+----------------+ + +-------------> | ... | ... | + +----------------------------+----------------+ + | IA32_L2_QOS_MASK_n | 0xD10+n (n<64) | + +----------------------------+----------------+ + +L3 CAT/CDP uses a range of MSRs from 0xC90 ~ 0xC90+n (n<128). + +L2 CAT uses a range of MSRs from 0xD10 ~ 0xD10+n (n<64), following the L3 +CAT/CDP MSRs, setting different L2 cache accessing patterns from L3 cache is +supported. + +Every MSR stores a CBM value. A capacity bitmask (CBM) provides a hint to the +hardware indicating the cache space a domain should be limited to as well as +providing an indication of overlap and isolation in the CAT-capable cache from +other domains contending for the cache. + +Sample cache capacity bitmasks for a bitlength of 8 are shown below. Please +note that all (and only) contiguous '1' combinations are allowed (e.g. FFFFH, +0FF0H, 003CH, etc.). + + +----+----+----+----+----+----+----+----+ + | M7 | M6 | M5 | M4 | M3 | M2 | M1 | M0 | + +----+----+----+----+----+----+----+----+ + COS0 | A | A | A | A | A | A | A | A | Default Bitmask + +----+----+----+----+----+----+----+----+ + COS1 | A | A | A | A | A | A | A | A | + +----+----+----+----+----+----+----+----+ + COS2 | A | A | A | A | A | A | A | A | + +----+----+----+----+----+----+----+----+ + + +----+----+----+----+----+----+----+----+ + | M7 | M6 | M5 | M4 | M3 | M2 | M1 | M0 | + +----+----+----+----+----+----+----+----+ + COS0 | A | A | A | A | A | A | A | A | Overlapped Bitmask + +----+----+----+----+----+----+----+----+ + COS1 | | | | | A | A | A | A | + +----+----+----+----+----+----+----+----+ + COS2 | | | | | | | A | A | + +----+----+----+----+----+----+----+----+ + + +----+----+----+----+----+----+----+----+ + | M7 | M6 | M5 | M4 | M3 | M2 | M1 | M0 | + +----+----+----+----+----+----+----+----+ + COS0 | A | A | A | A | | | | | Isolated Bitmask + +----+----+----+----+----+----+----+----+ + COS1 | | | | | A | A | | | + +----+----+----+----+----+----+----+----+ + COS2 | | | | | | | A | A | + +----+----+----+----+----+----+----+----+ + +We can get the CBM length through CPUID. The default value of CBM is calculated +by `(1ull << cbm_len) - 1`. That is a fully open bitmask, all ones bitmask. +The COS\[0\] always stores the default value without change. + +There is a `IA32_PQR_ASSOC` register which stores the COS ID of the VCPU. HW +enforces cache allocation according to the corresponding CBM. + +## The relationship between L3 CAT/CDP and L2 CAT + +HW may support all features. By default, CDP is disabled on the processor. +If the L3 CAT MSRs are used without enabling CDP, the processor operates in +a traditional CAT-only mode. When CDP is enabled: + +* the CAT mask MSRs are re-mapped into interleaved pairs of mask MSRs for + data or code fetches. + +* the range of COS for CAT is re-indexed, with the lower-half of the COS + range available for CDP. + +L2 CAT is independent of L3 CAT/CDP, which means L2 CAT can be enabled while +L3 CAT/CDP is disabled, or L2 CAT and L3 CAT/CDP are both enabled. + +As a requirement, the bits of CBM of CAT/CDP must be continuous. + +N.B. L2 CAT and L3 CAT/CDP share the same COS field in the same associate +register `IA32_PQR_ASSOC`, which means one COS is associated with a pair of +L2 CAT CBM and L3 CAT/CDP CBM. + +Besides, the max COS of L2 CAT may be different from L3 CAT/CDP (or other +PSR features in future). In some cases, a domain is permitted to have a COS +that is beyond one (or more) of PSR features but within the others. For +instance, let's assume the max COS of L2 CAT is 8 but the max COS of L3 +CAT is 16, when a domain is assigned 9 as COS, the L3 CAT CBM associated to +COS 9 would be enforced, but for L2 CAT, the HW works as default value is +set since COS 9 is beyond the max COS (8) of L2 CAT. + +## Design Overview + +* Core COS/CBM association + + When enforcing CAT/CDP, all cores of domains have the same default COS + (COS0) which is associated with the fully open CBM (all ones bitmask) to + access all cache. The default COS is used only in hypervisor and is + transparent to tool stack and user. + + System administrator can change PSR allocation policy at runtime by tool + stack. Since L2 CAT shares COS with L3 CAT/CDP, a COS corresponds to a + 2-tuple, like \[L2 CBM, L3 CBM\] with only-CAT enabled, when CDP is + enabled, one COS corresponds to a 3-tuple, like \[L2 CBM, L3 Code_CBM, + L3 Data_CBM\]. If neither L3 CAT nor L3 CDP is enabled, things would be + easier, one COS corresponds to one L2 CBM. + +* VCPU schedule + + When context switch happens, the COS of VCPU is written to per-thread MSR + `IA32_PQR_ASSOC`, and then hardware enforces cache allocation according to + the corresponding CBM. + +* Multi-sockets + + Different sockets may have different CAT/CDP capability (e.g. max COS) + although it is consistent on the same socket. So the capability of + per-socket CAT/CDP is specified. + + 'psr-cat-set' can set CBM for one domain per socket. On each socket, we + maintain a COS array for all domains. One domain uses one COS at one time. + One COS stores the CBM of the domain to work. So, when a VCPU of the domain + is migrated from socket 1 to socket 2, it follows configuration on socket 2. + + E.g. user sets domain 1 CBM on socket 1 to 0x7f which uses COS 9 but sets + domain 1 CBM on socket 2 to 0x3f which uses COS 7. When VCPU of this domain + is migrated from socket 1 to 2, the COS ID used is 7, that means 0x3f is the + CBM to work for this domain 1 now. + +## Implementation Description + +* Hypervisor interfaces: + + 1. Boot line parameter "psr=cat" enables L2 CAT and L3 CAT if hardware + supported. "psr=cdp" enables CDP if hardware supported. + + 2. SYSCTL: + + * XEN_SYSCTL_PSR_CAT_get_l3_info: Get L3 CAT/CDP information. + * XEN_SYSCTL_PSR_CAT_get_l2_info: Get L2 CAT information. + + 3. DOMCTL: + + * XEN_DOMCTL_PSR_CAT_OP_GET_L3_CBM: Get L3 CBM for a domain. + * XEN_DOMCTL_PSR_CAT_OP_SET_L3_CBM: Set L3 CBM for a domain. + * XEN_DOMCTL_PSR_CAT_OP_GET_L3_CODE: Get CDP Code CBM for a domain. + * XEN_DOMCTL_PSR_CAT_OP_SET_L3_CODE: Set CDP Code CBM for a domain. + * XEN_DOMCTL_PSR_CAT_OP_GET_L3_DATA: Get CDP Data CBM for a domain. + * XEN_DOMCTL_PSR_CAT_OP_SET_L3_DATA: Set CDP Data CBM for a domain. + * XEN_DOMCTL_PSR_CAT_OP_GET_L2_CBM: Get L2 CBM for a domain. + * XEN_DOMCTL_PSR_CAT_OP_SET_L2_CBM: Set L2 CBM for a domain. + +* xl interfaces: + + 1. psr-cat-show -lX domain-id + + Show LX cbm for a domain. + + => XEN_SYSCTL_PSR_CAT_get_l3_info / + XEN_SYSCTL_PSR_CAT_get_l2_info / + XEN_DOMCTL_PSR_CAT_OP_GET_L3_CBM / + XEN_DOMCTL_PSR_CAT_OP_GET_L3_CODE / + XEN_DOMCTL_PSR_CAT_OP_GET_L3_DATA / + XEN_DOMCTL_PSR_CAT_OP_GET_L2_CBM + + 2. psr-cat-set -lX domain-id cbm + + Set LX cbm for a domain. + + => XEN_DOMCTL_PSR_CAT_OP_SET_L3_CBM / + XEN_DOMCTL_PSR_CAT_OP_SET_L3_CODE / + XEN_DOMCTL_PSR_CAT_OP_SET_L3_DATA / + XEN_DOMCTL_PSR_CAT_OP_SET_L2_CBM + + 3. psr-hwinfo + + Show PSR HW information, including L3 CAT/CDP/L2 CAT + + => XEN_SYSCTL_PSR_CAT_get_l3_info / + XEN_SYSCTL_PSR_CAT_get_l2_info + +* Key data structure: + + 1. Feature properties + + static const struct feat_props { + unsigned int cos_num; + enum cbm_type type[PSR_MAX_COS_NUM]; + enum cbm_type alt_type; + bool (*get_feat_info)(const struct feat_node *feat, + uint32_t data[], unsigned int array_len); + void (*write_msr)(unsigned int cos, uint32_t val, + enum cbm_type type); + } *feat_props[PSR_SOCKET_FEAT_NUM]; + + Every feature has its own properties, e.g. some data and actions. A + feature property pointer array is declared to save every feature's + properties. + + * Member `cos_num` + + `cos_num` is the number of COS registers the feature uses, e.g. + L3/L2 CAT uses 1 register but CDP uses 2 registers. + + * Member `type` + + `type` is an array to save all 'enum cbm_type' values of the + feature. It is used with cos_num together to get/write a feature's + COS registers values one by one. + + * Member `alt_type` + + `alt_type` is 'alternative type'. When this 'alt_type' is input, + the feature does some special operations. + + * Member `get_feat_info` + + `get_feat_info` is used to return feature HW info through sysctl. + + * Member `write_msr` + + `write_msr` is used to write out feature MSR register. + + 2. Feature node + + struct feat_node { + unsigned int cos_max; + unsigned int cbm_len; + uint32_t cos_reg_val[MAX_COS_REG_CNT]; + }; + + When a PSR enforcement feature is enabled, it will be added into a + feature array. + + * Member `cos_max` + + `cos_max` is one of the hardware info of CAT. It means the max + number of COS registers. As L3 CAT/CDP/L2 CAT all have it, it is + declared in `feat_node`. + + * Member `cbm_len` + + `cbm_len` is one of the hardware info of CAT. It means the max + number of bits to set. + + * Member `cos_reg_val` + + `cos_reg_val` is an array to maintain the value set in all COS + registers of the feature. The array is indexed by COS ID. + + 3. Per-socket PSR features information structure + + struct psr_socket_info { + bool feat_init; + struct feat_node *features[PSR_SOCKET_FEAT_NUM]; + spinlock_t ref_lock; + unsigned int cos_ref[MAX_COS_REG_CNT]; + DECLARE_BITMAP(dom_ids, DOMID_IDLE + 1); + }; + + We collect all PSR allocation features information of a socket in this + `struct psr_socket_info`. + + * Member `feat_init` + + feat_init` is a flag, to indicate whether the CPU init on a socket + has been done. + + * Member `features` + + `features` is a pointer array to save all enabled features pointers + according to feature position defined in `enum psr_feat_type`. + + * Member `ref_lock` + + `ref_lock` is a spin lock to protect `cos_ref`. + + * Member `cos_ref` + + `cos_ref` is an array which maintains the reference of one COS. + It maps to cos_reg_val\[MAX_COS_REG_NUM\] in `struct feat_node`. + If one COS is used by one domain, the corresponding reference will + increase by one. If a domain releases the COS, the reference will + decrease by one. The array is indexed by COS ID. + + * Member `dom_ids` + + `dom_ids` is a bitmap, every bit corresponds to a domain. Index is + domain_id. It is used to help restore the cos_id of the domain to 0 + when a socket is offline and then online again. + +# Limitations + +CAT/CDP can only work on HW which enables it(check by CPUID). So far, there is +no HW which enables both L2 CAT and L3 CAT/CDP. But SW implementation has +considered such scenario to enable both L2 CAT and L3 CAT/CDP. + +# Testing + +We can execute above xl commands to verify L2 CAT and L3 CAT/CDP on different +HWs support them. + +For example: + + root@:~$ xl psr-hwinfo --cat + Cache Allocation Technology (CAT): L2 + Socket ID : 0 + Maximum COS : 3 + CBM length : 8 + Default CBM : 0xff + + root@:~$ xl psr-cat-cbm-set -l2 1 0x7f + + root@:~$ xl psr-cat-show -l2 1 + Socket ID : 0 + Default CBM : 0xff + ID NAME CBM + 1 ubuntu14 0x7f + +# Areas for improvement + +A hexadecimal number is used to set/show CBM for a domain now. Although this +is convenient to cover overlap/isolated bitmask requirement, it is not +user-friendly. + +To improve this, the libxl interfaces can be wrapped in libvirt to provide more +user-friendly interfaces to user, e.g. a percentage number of the cache to set +and show. + +# Known issues + +N/A + +# References + +"INTEL RESOURCE DIRECTOR TECHNOLOGY (INTEL RDT) ALLOCATION FEATURES" [Intel 64 and IA-32 Architectures Software Developer Manuals, vol3](http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html) + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2016-08-12 1.0 Xen 4.9 Design document written + +2017-02-13 1.7 Xen 4.9 Changes: + + 1. Modify the design document to cover L3 + CAT/CDP and L2 CAT; + + 2. Fix typos; + + 3. Amend description of `feat_mask` to make + it clearer; + + 4. Other minor changes. + +2017-02-15 1.8 Xen 4.9 Changes: + + 1. Add content in 'Areas for improvement'; + + 2. Adjust revision number. + +2017-03-16 1.9 Xen 4.9 Changes: + + 1. Add 'CMT' in 'Terminology'; + + 2. Change 'feature list' to 'feature array'. + + 3. Modify data structure descriptions. + + 4. Adjust revision number. + +2017-05-03 1.11 Xen 4.9 Changes: + + 1. Modify data structure descriptions. + + 2. Adjust revision number. + +2017-07-13 1.14 Xen 4.10 Changes: + + 1. Fix a typo. + +2017-08-01 1.15 Xen 4.10 Changes: + + 1. Add 'alt_type' in 'feat_props' structure. + +2017-08-04 1.16 Xen 4.10 Changes: + + 1. Remove special character which may cause + html creation failure. + +2018-07-10 1.17 Xen 4.12 Changes: + + 1. Reformat complete document to enable PDF + creation. + +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/intel_psr_mba.pandoc b/src/xen/docs/features/intel_psr_mba.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..86df661ba8866b2d0a099682230ffad1b97f4408 --- /dev/null +++ b/src/xen/docs/features/intel_psr_mba.pandoc @@ -0,0 +1,297 @@ +% Intel Memory Bandwidth Allocation (MBA) Feature +% Revision 1.8 + +\clearpage + +# Basics + +---------------- ---------------------------------------------------- + Status: **Tech Preview** + +Architecture(s): Intel x86 + + Component(s): Hypervisor, toolstack + + Hardware: MBA is supported on Skylake Server and beyond +---------------- ---------------------------------------------------- + +# Terminology + +* CAT Cache Allocation Technology +* CBM Capacity BitMasks +* CDP Code and Data Prioritization +* COS/CLOS Class of Service +* HW Hardware +* MBA Memory Bandwidth Allocation +* MSRs Machine Specific Registers +* PSR Intel Platform Shared Resource +* THRTL Throttle value or delay value + +# Overview + +The Memory Bandwidth Allocation (MBA) feature provides indirect and approximate +control over memory bandwidth available per-core. This feature provides OS/ +hypervisor the ability to slow misbehaving apps/domains by using a credit-based +throttling mechanism. + +# User details + +* Feature Enabling: + + Add "psr=mba" to boot line parameter to enable MBA feature. + +* xl interfaces: + + 1. `psr-mba-show [domain-id|domain-name]`: + + Show memory bandwidth throttling for domain. Under different modes, it + shows different type of data. + + There are two modes: + Linear mode: the input precision is defined as 100-(MBA_MAX). For instance, + if the MBA_MAX value is 90, the input precision is 10%. Values not an even + multiple of the precision (e.g., 12%) will be rounded down (e.g., to 10% + delay applied) by HW automatically. The response of throttling value is + linear. + + Non-linear mode: input delay values are powers-of-two from zero to the + MBA_MAX value from CPUID. In this case any values not a power of two will + be rounded down the next nearest power of two by HW automatically. The + response of throttling value is non-linear. + + For linear mode, it shows the decimal value. For non-linear mode, it shows + hexadecimal value. + + 2. `psr-mba-set [OPTIONS] `: + + Set memory bandwidth throttling for domain. + + Options: + '-s': Specify the socket to process, otherwise all sockets are processed. + + Throttling value set in register implies the approximate amount of delaying + the traffic between core and memory. Higher throttling value result in + lower bandwidth. The max throttling value (MBA_MAX) supported can be + obtained through CPUID inside hypervisor. Users can fetch the MBA_MAX value + using the `psr-hwinfo` xl command. + +# Technical details + +MBA is a member of Intel PSR features, it shares the base PSR infrastructure +in Xen. + +## Hardware perspective + + MBA defines a range of MSRs to support specifying a delay value (Thrtl) per + COS, with details below. + + ``` + +----------------------------+----------------+ + | MSR (per socket) | Address | + +----------------------------+----------------+ + | IA32_L2_QOS_Ext_BW_Thrtl_0 | 0xD50 | + +----------------------------+----------------+ + | ... | ... | + +----------------------------+----------------+ + | IA32_L2_QOS_Ext_BW_Thrtl_n | 0xD50+n | + +----------------------------+----------------+ + ``` + + When context switch happens, the COS ID of domain is written to per-hyper- + thread MSR `IA32_PQR_ASSOC`, and then hardware enforces bandwidth allocation + according to the throttling value stored in the Thrtl MSR register. + +## The relationship between MBA and CAT/CDP + + Generally speaking, MBA is completely independent of CAT/CDP, and any + combination may be applied at any time, e.g. enabling MBA with CAT + disabled. + + But it needs to be noticed that MBA shares COS infrastructure with CAT, + although MBA is enumerated by different CPUID leaf from CAT (which + indicates that the max COS of MBA may be different from CAT). In some + cases, a domain is permitted to have a COS that is beyond one (or more) + of PSR features but within the others. For instance, let's assume the max + COS of MBA is 8 but the max COS of L3 CAT is 16, when a domain is assigned + 9 as COS, the L3 CAT CBM associated to COS 9 would be enforced, but for MBA, + the HW works as default value is set since COS 9 is beyond the max COS (8) + of MBA. + +## Design Overview + +* Core COS/Thrtl association + + When enforcing Memory Bandwidth Allocation, all cores of domains have + the same default Thrtl MSR (COS0) which stores the same Thrtl (0). The + default Thrtl MSR is used only in hypervisor and is transparent to tool stack + and user. + + System administrators can change PSR allocation policy at runtime by + using the tool stack. Since MBA shares COS ID with CAT/CDP, a COS ID + corresponds to a 2-tuple, like [CBM, Thrtl] with only-CAT enabled, when CDP + is enabled, the COS ID corresponds to a 3-tuple, like [Code_CBM, Data_CBM, + Thrtl]. If neither CAT nor CDP is enabled, things are easier, since one COS + ID corresponds to one Thrtl. + +* VCPU schedule + + This part reuses CAT COS infrastructure. + +* Multi-sockets + + Different sockets may have different MBA capabilities (like max COS) + although it is consistent on the same socket. So the capability + of per-socket MBA is specified. + + This part reuses CAT COS infrastructure. + +## Implementation Description + +* Hypervisor interfaces: + + 1. Boot line param: "psr=mba" to enable the feature. + + 2. SYSCTL: + - XEN_SYSCTL_PSR_MBA_get_info: Get system MBA information. + + 3. DOMCTL: + - XEN_DOMCTL_PSR_MBA_OP_GET_THRTL: Get throttling for a domain. + - XEN_DOMCTL_PSR_MBA_OP_SET_THRTL: Set throttling for a domain. + +* xl interfaces: + + 1. psr-mba-show [domain-id] + Show system/domain runtime MBA throttling value. For linear mode, + it shows the decimal value. For non-linear mode, it shows hexadecimal + value. + => XEN_SYSCTL_PSR_MBA_get_info/XEN_DOMCTL_PSR_MBA_OP_GET_THRTL + + 2. psr-mba-set [OPTIONS] + Set bandwidth throttling for a domain. + => XEN_DOMCTL_PSR_MBA_OP_SET_THRTL + + 3. psr-hwinfo + Show PSR HW information, including L3 CAT/CDP/L2 CAT/MBA. + => XEN_SYSCTL_PSR_MBA_get_info + +* Key data structure: + + 1. Feature HW info + + ``` + struct { + unsigned int thrtl_max; + bool linear; + } mba; + + - Member `thrtl_max` + + `thrtl_max` is the max throttling value to be set, i.e. MBA_MAX. + + - Member `linear` + + `linear` means the response of delay value is linear or not. + + As mentioned above, MBA is a member of Intel PSR features, it shares the + base PSR infrastructure in Xen. For example, the 'cos_max' is a common HW + property for all features. So, for other data structure details, please + refer to 'intel_psr_cat_cdp.pandoc'. + +# Limitations + +MBA can only work on HW which supports it (check CPUID). + +# Testing + +We can execute these commands to verify MBA on different HWs supporting them. + +For example: + 1. User can get the MBA hardware info through 'psr-hwinfo' command. From + result, user can know if this hardware works under linear mode or non- + linear mode, the max throttling value (MBA_MAX) and so on. + + root@:~$ xl psr-hwinfo --mba + Memory Bandwidth Allocation (MBA): + Socket ID : 0 + Linear Mode : Enabled + Maximum COS : 7 + Maximum Throttling Value: 90 + Default Throttling Value: 0 + + 2. Then, user can set a throttling value to a domain. For example, set '10', + i.e 10% delay. + + root@:~$ xl psr-mba-set 1 10 + + 3. User can check the current configuration of the domain through + 'psr-mab-show'. For linear mode, the decimal value is shown. + + root@:~$ xl psr-mba-show 1 + Socket ID : 0 + Default THRTL : 0 + ID NAME THRTL + 1 ubuntu14 10 + +# Areas for improvement + +N/A + +# Known issues + +N/A + +# References + +"INTEL RESOURCE DIRECTOR TECHNOLOGY (INTEL RDT) ALLOCATION FEATURES" [Intel 64 and IA-32 Architectures Software Developer Manuals, vol3](http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html) + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2017-01-10 1.0 Xen 4.9 Design document written +2017-07-10 1.1 Xen 4.10 Changes: + 1. Modify data structure according to latest + codes; + 2. Add content for 'Areas for improvement'; + 3. Other minor changes. +2017-08-09 1.2 Xen 4.10 Changes: + 1. Remove a special character to avoid error when + building pandoc. +2017-08-15 1.3 Xen 4.10 Changes: + 1. Add terminology 'HW'. + 2. Change 'COS ID of VCPU' to 'COS ID of domain'. + 3. Change 'COS register' to 'Thrtl MSR'. + 4. Explain the value shown for 'psr-mba-show' under + different modes. + 5. Remove content in 'Areas for improvement'. +2017-08-16 1.4 Xen 4.10 Changes: + 1. Add '<>' for mandatory argument. +2017-08-30 1.5 Xen 4.10 Changes: + 1. Modify words in 'Overview' to make it easier to + understand. + 2. Explain 'linear/non-linear' modes before mention + them. + 3. Explain throttling value more accurate. + 4. Explain 'MBA_MAX'. + 5. Correct some words in 'Design Overview'. + 6. Change 'mba_info' to 'mba' according to code + changes. Also, modify contents of it. + 7. Add context in 'Testing' part to make things + more clear. + 8. Remove 'n<64' to avoid out-of-sync. +2017-09-21 1.6 Xen 4.10 Changes: + 1. Add 'domain-name' as parameter of 'psr-mba-show/ + psr-mba-set'. + 2. Fix some wordings. + 3. Explain how user can know the MBA_MAX. + 4. Move the description of 'Linear mode/Non-linear + mode' into section of 'psr-mba-show'. + 5. Change 'per-thread' to 'per-hyper-thread'. +2017-09-29 1.7 Xen 4.10 Changes: + 1. Correct some words. + 2. Change 'xl psr-mba-set 1 0xa' to + 'xl psr-mba-set 1 10' +2017-10-08 1.8 Xen 4.10 Changes: + 1. Correct some words. +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/livepatch.pandoc b/src/xen/docs/features/livepatch.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..17f1cd0d0597442657c07e9a1d99f9edece05eb9 --- /dev/null +++ b/src/xen/docs/features/livepatch.pandoc @@ -0,0 +1,106 @@ +% Live Patching +% Revision 1 + +\clearpage + +# Basics + +---------------- ---------------------------------------------------- + Status: **Supported** + + Architecture: x86 + + Status: **Tech Preview/Experimental** + + Architecture: ARM + + Component: Hypervisor, toolstack +---------------- ---------------------------------------------------- + + +# Details + +Xen Live Patching has been available as tech preview feature since Xen +4.7 and has now had a couple of releases to stabilize. Xen Live patching +has been used by multiple vendors to fix several real-world security +issues without any severe bugs encountered. Additionally, there are now +tests in OSSTest that test live patching to ensure that no regressions +are introduced. + +Based on the amount of testing and usage it has had, we are ready to +declare live patching as a 'Supported' feature on x86. + +Live patching is slightly peculiar when it comes to support because it +allows the host administrator to break their system rather easily +depending on the content of the live patch. Because of this, it is +worth detailing the scope of security support: + +1) Unprivileged access to live patching operations: + Live patching operations should only be accessible to privileged + guests and it shall be treated as a security issue if this is not + the case. + +2) Bugs in the patch-application code such that vulnerabilities exist + after application: + If a correct live patch is loaded but it is not applied correctly + such that it might result in an insecure system (e.g. not all + functions are patched), it shall be treated as a security issue. + +3) Bugs in livepatch-build-tools creating an incorrect live patch that + results in an insecure host: + If livepatch-build-tools creates an incorrect live patch that + results in an insecure host, this shall not be considered a security + issue. A live patch should be checked to verify that it is valid + before loading. + +4) Loading an incorrect live patch that results in an insecure host or + host crash: + If a live patch (whether created using livepatch-build-tools or some + alternative) is loaded and it results in an insecure host or host + crash due to the content of the live patch being incorrect or the + issue being inappropriate to live patch, this is not considered as a + security issue. + +5) Bugs in the live patch parsing code (the ELF loader): + Bugs in the live patch parsing code such as out-of-bounds reads + caused by invalid ELF files are not considered to be security issues + because the it can only be triggered by a privileged domain. + +6) Bugs which allow a guest to prevent the application of a livepatch: + A guest should not be able to prevent the application of a live + patch. If an unprivileged guest can somehow prevent the application + of a live patch despite pausing it (xl pause ...), it shall be + treated as a security issue. + +Note: It is expected that live patches are tested in a test environment +before being used in production to avoid unexpected issues. In +particular, to avoid the issues described by (3), (4), & (5). + +There are also some generic security questions which are worth asking: + +1) Is guest->host privilege escalation possible? + +The new live patching sysctl subops are only accessible to privileged +domains and this is tested by OSSTest with an XTF test. +There is a caveat -- an incorrect live patch can introduce a guest->host +privilege escalation. + +2) Is guest user->guest kernel escalation possible? + +No, although an incorrect live patch can introduce a guest user->guest +kernel privilege escalation. + +3) Is there any information leakage? + +The new live patching sysctl subops are only accessible to privileged +domains so it is not possible for an unprivileged guest to access the +list of loaded live patches. This is tested by OSSTest with an XTF test. +There is a caveat -- an incorrect live patch can introduce an +information leakage. + +4) Can a Denial-of-Service be triggered? + +There are no known ways that an unprivileged guest can prevent a live +patch from being loaded. +Once again, there is a caveat that an incorrect live patch can introduce +an arbitrary denial of service. diff --git a/src/xen/docs/features/migration.pandoc b/src/xen/docs/features/migration.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..5334536d48f5250d9f755fbe43f2dd6bf7126bf8 --- /dev/null +++ b/src/xen/docs/features/migration.pandoc @@ -0,0 +1,124 @@ +% Migration +% Revision 2 + +\clearpage + +# Basics +--------------- ------------- + Status: **Supported** + + Architecture: x86 + + Component: Toolstack +--------------- ------------- + +# Overview + +Migration is a mechanism to move a virtual machine while the VM is +running. Live migration moves a running virtual machine between two +physical servers, but the same mechanism can be used for non-live +migration (pause and copy) and suspend/resume from disk. + +# User details + +No hardware requirements, although hypervisor logdirty support is +required for live migration. + +From the command line, `xl migrate/save/restore` are the top level +interactions. e.g. + + xl create my-vm.cfg + xl migrate my-vm localhost + +or + + xl create my-vm.cfg + xl save my-vm /path/to/save/file + xl restore /path/to/save/file + +Xen 4.6 sees the introduction of Migration v2. There is no change for +people using `xl`, although the `libxl` API has had an extension. + +# Technical details + +Migration is formed of several layers. `libxc` is responsible for the +contents of the VM (ram, vcpus, etc) and the live migration loop, while +`libxl` is responsible for items such as emulator state. + +The format of the migration v2 stream is specified in two documents, and +is architecture neutral. Compatibility with legacy streams is +maintained via the `convert-legacy-stream` script which transforms a +legacy stream into a migration v2 stream. + +* Documents + * `docs/specs/libxc-migration-stream.pandoc` + * `docs/specs/libxl-migration-stream.pandoc` +* `libxc` + * `tools/libs/guest/xg_sr_*.[hc]` +* `libxl` + * `tools/libs/light/libxl_stream_{read,write}.c` + * `tools/libs/light/libxl_convert_callout.c` +* Scripts + * `tools/python/xen/migration/*.py` + * `tools/python/scripts/convert-legacy-stream` + * `tools/python/scripts/verify-stream-v2` + +## libxl + +With migration v2 support, LIBXL_HAVE_SRM_V2 and LIBXL_HAVE_SRM_V1 +are introduced to indicate support. `domain_restore_params` gains a new +parameter, `stream_version`, which is used to distinguish between legacy and +v2 migration streams, and hence whether legacy conversion is required. + +# Limitations + +Hypervisor logdirty support is incompatible with hardware passthrough, +as IOMMU faults cannot be used to track writes. + +While not a bug in migration specifically, VMs are very sensitive to +changes in cpuid information, and cpuid levelling support currently has +its issues. Extreme care should be taken when migrating VMs between +non-identical CPUs until the cpuid levelling improvements are complete. + +# Testing + +Changes in libxc should be tested with every guest type (32bit PV, 64bit +PV, HVM), while changes in libxl should test HVM guests with both +qemu-traditional and qemu-upstream. + +In general, testing can be done on a single host using `xl +save/restore` or `xl migrate $VM localhost`. + +Any changes to the conversion script should be tested in all upgrade +scenarios, which will involve starting with VMs from Xen 4.5 + +# Areas for improvement + +* Arm support +* Live looping parameters + +# Known issues + +* x86 HVM guest physmap operations (not reflected in logdirty bitmap) +* x86 HVM with PoD pages (attempts to map cause PoD allocations) +* x86 HVM with nested-virt (no relevant information included in the + stream) +* x86 PV ballooning (P2M marked dirty, target frame not marked) +* x86 PV P2M structure changes (not noticed, stale mappings used) for + guests not using the linear p2m layout + +# References + +Xen Developer Summit 2015 Presentation +[video](https://www.youtube.com/watch?v=RwiDeG21lrc) and +[slides](http://events.linuxfoundation.org/sites/events/files/slides/migv2.pdf) +for Migration v2 + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2015-10-24 1 Xen 4.6 Document written +2015-12-11 2 Xen 4.7 Support of linear p2m list +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/qemu-deprivilege.pandoc b/src/xen/docs/features/qemu-deprivilege.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..4ef119c8214a02ca12f9720586625a6aeb44a953 --- /dev/null +++ b/src/xen/docs/features/qemu-deprivilege.pandoc @@ -0,0 +1,136 @@ +% QEMU Deprivileging / dm_restrict +% Revision 1 + +\clearpage + +# Basics + +---------------- ---------------------------------------------------- + Status: **Tech Preview** + +Architecture(s): x86 + + Component(s): toolstack + +---------------- ---------------------------------------------------- + +# Overview + +By default, the QEMU device model is run in domain 0. If an attacker +can gain control of a QEMU process, it could easily take control of a +system. + +dm_restrict is a set of operations to restrict QEMU running in domain +0. It consists of two halves: + + 1. Mechanisms to restrict QEMU to only being able to affect its own +domain + 2. Mechanisms to restruct QEMU's ability to interact with domain 0. + +# User details + +## Getting the right versions of software + +Linux: 4.11+ + +Qemu: 3.0+ (Or the version that comes with Xen 4.12+) + +## Setting up a group and userid range + +For maximum security, libxl needs to run the devicemodel for each +domain under a user id (UID) corresponding to its domain id. There +are 32752 possible domain IDs, and so libxl needs 32752 user ids set +aside for it. Setting up a group for all devicemodels to run at is +also recommended. + +The simplest and most effective way to do this is to allocate a +contiguous block of UIDs, and create a single user named +`xen-qemuuser-range-base` with the first UID. For example, under +Debian: + + adduser --system --uid 131072 --group --no-create-home xen-qemuuser-range-base + +Two comments on this method: + + 1. Most modern systems have 32-bit UIDs, and so can in theory go up +to 2^31 (or 2^32 if uids are unsigned). POSIX only guarantees 16-bit +UIDs however; UID 65535 is reserved for an invalid value, and 65534 is +normally allocated to "nobody". + 2. Additionally, some container systems have proposed using the +upper 16 bits of the uid for a container ID. Using a multiple of 2^16 +for the range base (as is done above) will result in all UIDs being +interpreted by such systems as a single container ID. + +Another, less-secure way is to run all QEMUs as the same UID. To do +this, create a user named `xen-qemuuser-shared`; for example: + + adduser --no-create-home --system xen-qemuuser-shared + +A final way to set up a separate process for qemus is to allocate one +UID per VM, and set the UID in the domain config file with the +`device_model_user` argument. For example, suppose you have a VM +named `c6-01`. You might do the following: + + adduser --system --no-create-home --group xen-qemuuser-c6-01 + +And then in your config file, the following line: + + device_model_user="xen-qemuuser-c6-01" + +If you use this method, you should also allocate one "reaper" user to +be used for killing device models: + + adduser --system --no-create-home --group xen-qemuuser-reaper + +NOTE: It is important when using `device_model_user` that EACH VM HAVE +A SEPARATE UID, and that none of these UIDs map to root. xl will +throw an error a uid maps to zero, but not if multiple VMs have the +same uid. Multiple VMs with the same device model uid will cause +problems. + +It is also important that `xen-qemuuser-reaper` not have any processes +associated with it, as they will be destroyed when deprivileged qemu +processes are destroyed. + +## Domain config changes + +The core domain config change is to add the following line to the +domain configuration: + + dm_restrict=1 + +This will perform a number of restrictions, outlined below in the +'Technical details' section. + +# Technical details + +See docs/design/qemu-deprivilege.md for technical details. + +# Limitations + +The following features still need to be implemented: + +* Inserting a new cdrom while the guest is running (xl cdrom-insert) +* Support for qdisk backends + +A number of restrictions still need to be implemented. A compromised +device model may be able to do the following: + +* Delay or exploit weaknesses in the toolstack +* Launch "fork bombs" or other resource exhaustion attacks +* Make network connections on the management network +* Break out of the restrictions after migration + +Additionally, getting PCI passthrough to work securely would require a +significant rework of how passthrough works at the moment. It may be +implemented at some point but is not a near-term priority. + +See SUPPORT.md for security support status. + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2018-09-14 1 Xen 4.12 Imported from docs/misc +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/sched_credit.pandoc b/src/xen/docs/features/sched_credit.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..706513de6e449eec33f4864eed18cb327a053b42 --- /dev/null +++ b/src/xen/docs/features/sched_credit.pandoc @@ -0,0 +1,100 @@ +% Credit Scheduler +% Revision 1 + +\clearpage + +# Basics +---------------- ---------------------------------------------------- + Status: **Supported** + + Component: Hypervisor +---------------- ---------------------------------------------------- + +# Overview + +Credit (also known as Credit1) is the old virtual CPU (vCPU) scheduler +of the Xen hypervisor. + +It is a general purpose, weighted fair-share scheduler. + +# User details + +Xen supports multiple schedulers. Credit is no longer the default. In +order to use it as the Xen scheduler the following parameter should be +passed to the hypervisor at boot: + + `sched=credit` + +Once the system is live, for creating a cpupool with Credit as its +scheduler, either compile a cpupool configuration file, as described +in `docs/man/xlcpupool.cfg.pod.5` (and as exemplified in +`tools/examples/cpupool`), or use just `xl` directly: + + xl cpupool-create name=\"pool1\" sched=\"credit\" cpus=[4,8] + +Two kind of interactions with the scheduler are possible: + +* checking or changing the global parameters, via, e.g.: + * `xl sched-credit -s` + * `xl sched-credit -s -p pool1` + * `xl sched-credit -s -t 20` +* checking or changing a VM's scheduling parameters, via, e.g.: + * `xl sched-credit -d vm1` + * `xl sched-credit -d vm1 -w 512` + +# Technical details + +Implementation entirely lives in the hypervisor. Xen has a pluggable, +hook based, architecture for schedulers. Thanks to this, Credit code +is all contained in `xen/common/sched_credit.c`. + +# Limitations + +In Credit, a vCPU has a priority, a status (i.e., active or inactive), +a weight and some credits... and all these things interact in a rather +involved way. Also, with years of use, things have gotten even more +complex (due to, e.g., the introduction of boosting, caps and vCPU +soft-affinity). + +Dealing with such complexity is starting to be an issue. Odd behavior +or subtle scheduling anomalies, that is not always possible to act upon, +have been identified already. [1][2][3] + +A certain lack of scalability and difficulties and weakness in dealing +with mixed workloads and VMs with low latency requirements are other +known problems. [4] For all these reasons, effort is ongoing to have +Credit2 become the new default scheduler. + +# Testing + +Any change to Credit code must to be tested by doing at least the following: + +* create a few virtual machine and verify that they boot and can + run some basic workload (e.g., login into them and run simple commands), +* shutdown/reboot the virtual machines, +* shutdown the system. + +Ideally, all the above steps should **also** be performed in a configuration +that includes cpupools, better if with pools using different schedulers, and +by also doing the following: + +* move the virtual machines between cpupools. + +# References + +* [potential non-ideal behavior on hyperthreaded systems](https://lists.xenproject.org/archives/html/xen-devel/2014-07/msg01848.html) [1] +* [long standing BOOST vs. migration bug](https://lists.xen.org/archives/html/xen-devel/2015-10/msg02851.html) [2] +* [priority handling issues](https://lists.xenproject.org/archives/html/xen-devel/2016-05/msg01362.html) [3] +* "Scheduler development update", XenSummit Asia 2009 [whitepaper](http://www-archive.xenproject.org/files/xensummit_intel09/George_Dunlap.pdf) [4] +* "Scheduling in Xen" [XPDS15 Presentation](http://events.linuxfoundation.org/sites/events/files/slides/Faggioli_XenSummit.pdf) +* "The Credit Scheduler" [on the Xen-Project wiki](https://wiki.xenproject.org/wiki/Credit_Scheduler) +* "Xen Project Schedulers" [on the Xen-Project wiki](https://wiki.xenproject.org/wiki/Xen_Project_Schedulers) + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2016-10-14 1 Xen 4.8 Document written +2019-02-7 3 Xen 4.12 No longer default scheduler +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/sched_credit2.pandoc b/src/xen/docs/features/sched_credit2.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..ef07e463cb078eadcc12a284bd9985b6866ec786 --- /dev/null +++ b/src/xen/docs/features/sched_credit2.pandoc @@ -0,0 +1,108 @@ +% Credit2 Scheduler +% Revision 2 + +\clearpage + +# Basics +---------------- ---------------------------------------------------- + Status: **Supported** + + Component: Hypervisor +---------------- ---------------------------------------------------- + +# Overview + +Credit2 is the default virtual CPU (vCPU) scheduler available in the +Xen hypervisor. + +Credit2 was designed as a general purpose scheduler, with particular +focus on improving handling of mixed workloads, scalability and +support for low latency applications inside VMs. + +# User details + +Xen supports multiple schedulers. As said, Credit2 is the default, so +it is used automatically, unless the `sched=$SCHED` (with `$SCHED` +different than `credit2`) parameter is passed to Xen via the +bootloader. + +Other parameters are available for tuning the behavior of Credit2 +(see `docs/misc/xen-command-line.pandoc` for a complete list and +for their meaning). + +Once the system is live, for creating a cpupool with Credit2 as +its scheduler, either compile a cpupool configuration file, as +described in `docs/man/xlcpupool.cfg.pod.5` (and as exemplified +in `tools/examples/cpupool`), or use just `xl` directly: + + xl cpupool-create name=\"pool1\" sched=\"credit2\" cpus=[1,2] + +Two kind of interactions with the scheduler are possible: + +* checking or changing the global parameters, via, e.g.: + * `xl sched-credit2 -s` + * `xl sched-credit2 -s -p pool1` + * `xl sched-credit2 -s -r 100` +* checking or changing a VM scheduling parameters, via, e.g.: + * `xl sched-credit2 -d vm1` + * `xl sched-credit2 -d vm1 -w 1024` + +# Technical details + +Implementation entirely lives in the hypervisor. Xen has a pluggable, +hook based, architecture for schedulers. Thanks to this, Credit2 code +is all contained in `xen/common/sched_credit2.c`. + +Global scheduling parameters, such as context switching rate +limiting, is only available from Xen 4.8 onward. In libxl, the +LIBXL_HAVE_SCHED_CREDIT2_PARAMS symbol is introduced to +indicate their availability. + +# Testing + +Any change done in Credit2 wants to be tested by doing at least the +following: + +* boot the system with `sched=credit2`, +* create a few virtual machine and verify that they boot and can + run some basic workload (e.g., login into them and run simple commands), +* shutdown/reboot the virtual machines, +* shutdown/reboot the system. + +Ideally, all the above steps should **also** be performed in a configuration +where Credit2 is used as the scheduler of a cpupool, and by also doing the +following: + +* move a virtual machine inside and outside a Credit2 cpupool. + +# Areas for improvement + +* vCPUs' reservations (similar to caps, but providing a vCPU with guarantees + about some pCPU time it will always be able to execute for); +* benchmarking for assessing the best combination of values for the various + parameters (`sched_credit2_migrate_resist`, `credit2_balance_over`, + `credit2_balance_under`) + +# Known issues + +* I/O oriented benchmarks (like network and disk throughput) have given + contradictory and non-conclusive results so far. Need to run more of + those. + +# References + +* "Scheduler development update", XenSummit Asia 2009 [whitepaper](http://www-archive.xenproject.org/files/xensummit_intel09/George_Dunlap.pdf) +* "Scheduling in Xen" [XPDS15 Presentation](http://events.linuxfoundation.org/sites/events/files/slides/Faggioli_XenSummit.pdf) +* "Scope and Performance of Credit-2 Scheduler" [XPDS16 Presentation](http://www.slideshare.net/xen_com_mgr/xpds16-scope-and-performance-of-credit2-scheduler-anshul-makkar-ctirix-systems-uk-ltd) +* "The Credit2 Scheduler" [on the Xen-Project wiki](https://wiki.xenproject.org/wiki/Credit2_Scheduler_Development) +* "Xen Project Schedulers" [on the Xen-Project wiki](https://wiki.xenproject.org/wiki/Xen_Project_Schedulers) + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2016-10-14 1 Xen 4.8 Document written +2017-11-6 2 Xen 4.10 Soft-affinity and caps implemented +2019-02-7 3 Xen 4.12 Made the default scheduler +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/sched_rtds.pandoc b/src/xen/docs/features/sched_rtds.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..4ccf704b53d08cd6ef618e3b521c293b87eb88ad --- /dev/null +++ b/src/xen/docs/features/sched_rtds.pandoc @@ -0,0 +1,122 @@ +% RTDS Scheduler +% Revision 1 + +\clearpage + +# Basics +---------------- ---------------------------------------------------- + Status: **Experimental** + + Component: Hypervisor +---------------- ---------------------------------------------------- + +# Overview + +RTDS is one of the virtual CPU (vCPU) scheduler available in the Xen +hypervisor. + +RTDS is a real-time scheduler, so its purpose is enabling +**deterministic** scheduling of the virtual machine's vCPUs. It has +been originally developed in the context of the RT-Xen project. + +# User details + +RTDS is not in use by default. In order to use it as the Xen scheduler +the following parameter should be passed to the hypervisor at boot: + + `sched=rtds` + +Once the system is live, for creating a cpupool with RTDS as its +scheduler, either compile a cpupool configuration file, as described +in `docs/man/xlcpupool.cfg.pod.5` (and as exemplified in +`tools/examples/cpupool`), or use just `xl` directly: + + xl cpupool-create name=\"pool-rt\" sched=\"rtds\" cpus=[4,5,6,8] + +For checking or changing a VM's scheduling parameters from xl, do +as follows: + * `xl sched-rtds -d vm-rt -v all` + * `xl sched-rtds -d vm-rt -v all -p 10000 -b 2500` + +It is possible, for a multiple vCPUs VM, to change the parameters of +each vCPU individually: + * `xl sched-rtds -d vm-rt -v 0 -p 20000 -b 10000 -e 1 -v 1 -p 45000 -b 12000 -e 0` + +# Technical details + +Implementation entirely lives in the hypervisor. Xen has a pluggable, +hook based, architecture for schedulers. Thanks to this, RTDS code +is all contained in `xen/common/sched_rtds.c`. + +In libxl, the availability of the RTDS scheduler is advertised by +the presence of the LIBXL_HAVE_SCHED_RTDS symbol. The ability of +specifying different scheduling parameters for each vcpu has been +introduced later, and is available if the following symbols are defined: + * LIBXL_HAVE_VCPU_SCHED_PARAMS, + * LIBXL_HAVE_SCHED_RTDS_VCPU_PARAMS, + * LIBXL_HAVE_SCHED_RTDS_VCPU_EXTRA. + +# Limitations + +RTDS is a special purpose scheduling. This is by design, and not at +all a limitation, but it is certainly something to keep in mind when +thinking about using it. The purpose of the scheduler is enabling +deterministic and statically analyzable behavior (as per the +real-time academic literature), according to the scheduling parameters +assigned to each vCPU. + +Using RTDS a the Xen scheduler, and/or for general purpose workloads +is definitely possible, but the vCPU scheduling parameters (of both +Domain0 and of the various VMs) would probably require tweaking, with +respect to their default values. + +# Testing + +Any change done in RTDS must be tested by doing the following: + +* create a cpupool with RTDS as its scheduler, +* create a few virtual machines a move them in and out of the pool, +* create a few virtual machines, directly inside the pool, and verify + that they boot and can run some basic workload (e.g., login into them + and run simple commands), +* shutdown/reboot the virtual machines, + +The fact that the system boots fine when passing `sched=rtds` to Xen +should also be verified. + +Finally, to check that the scheduler is working properly (although only +at a macroscopic level), the following should be done: + +* create a VM with 1 vCPU and put it in the RTDS cpupool, +* set the scheduling parameters such as it has a 50% reservation, with + `xl sched-rtds -d vm -v all -p 100000 -b 50000`, +* run a CPU-burning process inside the VM (e.g., `yes`), +* check with `xentop` (in Domain0) that the VM is getting no more than + 50% pCPU time. + +# Areas for improvement + +* performance assessment, especially focusing on what level of real-time + behavior the scheduler enables. + +# Known issues + +* OSSTest reports occasional failures on ARM. + +# References + +* "RT-Xen: Real-Time Virtualization" [XPDS14 Presentation](http://events.linuxfoundation.org/sites/events/files/slides/2014_Xen_Developer_Summit_0.pdf) +* "Scheduling in Xen" [XPDS15 Presentation](http://events.linuxfoundation.org/sites/events/files/slides/Faggioli_XenSummit.pdf) +* [RT-Xen Project](https://sites.google.com/site/realtimexen/) +* [RTDS-Based-Scheduler](https://wiki.xenproject.org/wiki/RTDS-Based-Scheduler) +* "The RTDS Scheduler" [on the Xen-Project wiki](https://wiki.xenproject.org/wiki/RTDS-Based-Scheduler) +* "Xen Project Schedulers" [on the Xen-Project wiki](https://wiki.xenproject.org/wiki/Xen_Project_Schedulers) + +# History + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +2016-10-14 1 Xen 4.8 Document written +2017-08-31 2 Xen 4.10 Revise for work conserving feature +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/features/template.pandoc b/src/xen/docs/features/template.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..82881e3d219bbdb6b9414c0e31e6dc23c769cd25 --- /dev/null +++ b/src/xen/docs/features/template.pandoc @@ -0,0 +1,75 @@ +% Template for feature documents +% Revision $N + +\clearpage + +This is a suggested template for formatting of a Xen feature document in +tree. + +The purpose of this document is to provide a concrete support statement +for the feature (indicating its security status), as well as brief user +and technical documentation. + +# Basics + +A table with an overview of the support status and applicability. + +---------------- ---------------------------------------------------- + Status: e.g. **Supported**/**Tech Preview**/**Experimental** + +Architecture(s): e.g. x86, arm + + Component(s): e.g. Hypervisor, toolstack, guest + + Hardware: _where applicable_ +---------------- ---------------------------------------------------- + +# Overview + +A short description the feature, similar to an abstract for a +paper/presentation. + +# User details + +Information for a user attempting to use the feature. Should include +how to enable the feature (is it enabled by default? If not, how to turn +it on?), and how to interact with the feature (typically via `xl`). + +# Technical details + +Information for a developer or power user. Should include where to look +in-tree for detailed documents and code. + +# Limitations + +Information concerning incompatibilities with other features or hardware +combinations. + +# Testing + +Information concerning how to properly test changes affecting this feature. + +# Areas for improvement + +List of enhancements which could be undertaken, e.g. to improve the +feature itself, or improve interaction with other features. + +# Known issues + +List of known issues or bugs. For tech preview or experimental +features, this section must contain the list of items needing fixing for +its status to be upgraded. + +# References + +Relevant external references for this feature. + +# History + +A table of changes to the document, in chronological order. + +------------------------------------------------------------------------ +Date Revision Version Notes +---------- -------- -------- ------------------------------------------- +YYYY-MM-DD N Xen X.Y ... +---------- -------- -------- ------------------------------------------- diff --git a/src/xen/docs/figs/Makefile b/src/xen/docs/figs/Makefile new file mode 100644 index 0000000000000000000000000000000000000000..e128a4364fad3b49565769e78f1397cf13a7976d --- /dev/null +++ b/src/xen/docs/figs/Makefile @@ -0,0 +1,15 @@ + +XEN_ROOT=$(CURDIR)/../.. +include $(XEN_ROOT)/Config.mk +-include $(XEN_ROOT)/config/Docs.mk + +TARGETS= network-bridge.png network-basic.png + +all: $(TARGETS) + +%.png: %.fig + $(FIG2DEV) -L png $< >$@.tmp + mv -f $@.tmp $@ + +clean: + rm -f *~ *.png diff --git a/src/xen/docs/figs/network-basic.fig b/src/xen/docs/figs/network-basic.fig new file mode 100644 index 0000000000000000000000000000000000000000..b343deff9fa8c57cb4fbca652db3472d6072bf9f --- /dev/null +++ b/src/xen/docs/figs/network-basic.fig @@ -0,0 +1,73 @@ +#FIG 3.2 Produced by xfig version 3.2.5b +Landscape +Center +Metric +A4 +100.00 +Single +-2 +1200 2 +0 32 #c0c0c0 +6 4275 5160 6105 6315 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 6090 5175 4290 5175 4290 6075 6090 6075 6090 5175 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 4965 6075 5865 6075 5865 6300 4965 6300 4965 6075 +2 1 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 4 + 6090 5400 5865 5400 5865 5625 6090 5625 +-6 +6 7170 5145 9000 6300 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 7185 5160 8985 5160 8985 6060 7185 6060 7185 5160 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 8310 6060 7410 6060 7410 6285 8310 6285 8310 6060 +2 1 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 4 + 7185 5385 7410 5385 7410 5610 7185 5610 +-6 +6 900 4050 9225 4950 +4 0 0 50 -1 0 16 0.0000 4 195 1335 1170 4860 of the world\001 +4 0 0 50 -1 0 16 0.0000 4 240 1815 1080 4590 interface, to rest\001 +4 0 0 50 -1 0 16 0.0000 4 255 1890 990 4320 Physical network\001 +4 0 0 50 -1 0 16 0.0000 4 255 1485 4050 4860 guest's traffic\001 +4 0 0 50 -1 0 16 0.0000 4 195 1305 4050 4590 backend for\001 +4 0 0 50 -1 0 16 0.0000 4 195 1905 3960 4320 Virtual interface:\001 +4 0 0 50 -1 0 16 0.0000 4 195 1290 7515 4860 Xen drivers\001 +4 0 0 50 -1 0 16 0.0000 4 255 1290 7425 4590 provided by\001 +4 0 0 50 -1 0 16 0.0000 4 195 1905 7155 4320 Virtual interface:\001 +-6 +2 2 0 2 0 29 50 -1 20 0.000 0 0 7 0 0 5 + 660 5160 2460 5160 2460 6060 660 6060 660 5160 +2 2 0 2 0 29 50 -1 20 0.000 0 0 7 0 0 5 + 1785 6060 885 6060 885 6285 1785 6285 1785 6060 +2 1 0 2 0 29 50 -1 20 0.000 0 0 7 0 0 4 + 660 5385 885 5385 900 5625 675 5625 +2 1 0 2 0 29 50 -1 -1 0.000 0 0 7 0 0 3 + 675 6300 675 4950 450 4950 +2 1 0 3 1 29 50 -1 -1 0.000 0 0 7 0 0 2 + 6075 5490 7200 5490 +2 1 0 3 4 29 50 -1 -1 0.000 0 0 -1 0 0 2 + 675 5490 0 5490 +2 1 0 3 4 29 50 -1 -1 0.000 0 0 -1 0 0 2 + 0 2475 0 6525 +2 2 0 1 0 32 100 -1 20 0.000 0 0 7 0 0 5 + 675 2250 9675 2250 9675 6750 675 6750 675 2250 +2 2 0 1 0 7 70 -1 20 0.000 0 0 7 0 0 5 + 6300 2925 900 2925 900 6525 6300 6525 6300 2925 +2 2 0 1 0 7 70 -1 20 0.000 0 0 7 0 0 5 + 6975 6525 9450 6525 9450 2925 6975 2925 6975 6525 +2 2 0 1 7 7 125 -1 20 0.000 0 0 -1 0 0 5 + -225 2025 9900 2025 9900 6975 -225 6975 -225 2025 +4 0 0 50 -1 18 20 0.0000 4 240 735 1170 5490 ethN\001 +4 0 0 50 -1 18 20 0.0000 4 240 945 4500 5490 vifA.B\001 +4 0 0 50 -1 16 20 0.0000 4 315 1410 4500 5850 e.g. vif4.0\001 +4 0 0 50 -1 16 20 0.0000 4 315 1260 1125 5850 e.g. eth0\001 +4 0 0 50 -1 0 16 1.5708 4 255 1395 225 5400 physical link\001 +4 0 0 50 -1 18 20 0.0000 4 240 735 7875 5490 ethB\001 +4 0 0 50 -1 16 20 0.0000 4 315 1260 7650 5850 e.g. eth0\001 +4 0 0 50 -1 0 20 0.0000 4 300 1995 1530 3870 typically dom0\001 +4 0 0 50 -1 0 20 0.0000 4 285 3330 990 3420 Backend (driver) domain\001 +4 0 0 50 -1 0 20 0.0000 4 300 1785 7155 3420 guest domain\001 +4 0 0 50 -1 0 20 0.0000 4 300 1410 7155 3810 domU e.g.\001 +4 0 0 50 -1 16 20 0.0000 4 240 810 8550 3825 dom4\001 +4 0 0 50 -1 0 20 0.0000 4 300 1320 900 2700 Computer\001 +4 0 0 50 -1 0 16 1.5708 4 195 1350 6750 6210 virtual link\001 diff --git a/src/xen/docs/figs/network-bridge.fig b/src/xen/docs/figs/network-bridge.fig new file mode 100644 index 0000000000000000000000000000000000000000..63c6ac4b5bb6df3f82d8df36eb607123aa65a080 --- /dev/null +++ b/src/xen/docs/figs/network-bridge.fig @@ -0,0 +1,125 @@ +#FIG 3.2 Produced by xfig version 3.2.5b +Landscape +Center +Metric +A4 +100.00 +Single +-2 +1200 2 +0 32 #ffc3ff +0 33 #c0c0c0 +6 -225 3825 2475 8325 +2 2 0 2 0 29 50 -1 20 0.000 0 0 7 0 0 5 + 660 6735 2460 6735 2460 7635 660 7635 660 6735 +2 2 0 2 0 29 50 -1 20 0.000 0 0 7 0 0 5 + 1785 7635 885 7635 885 7860 1785 7860 1785 7635 +2 1 0 2 0 29 50 -1 20 0.000 0 0 7 0 0 4 + 660 6960 885 6960 900 7200 675 7200 +2 1 0 2 0 29 50 -1 -1 0.000 0 0 7 0 0 3 + 675 7875 675 6525 450 6525 +2 1 0 3 4 29 50 -1 -1 0.000 0 0 -1 0 0 2 + 675 7065 0 7065 +2 1 0 3 4 29 50 -1 -1 0.000 0 0 -1 0 0 2 + 0 4050 0 8100 +4 0 0 50 -1 18 20 0.0000 4 240 675 1170 7065 eth0\001 +-6 +6 1936 4020 3149 5850 +2 2 0 2 0 32 50 -1 19 0.000 0 0 7 0 0 5 + 1951 5835 1951 4035 2898 4035 2898 5835 1951 5835 +2 2 0 2 0 32 50 -1 19 0.000 0 0 7 0 0 5 + 2898 4710 2898 5610 3134 5610 3134 4710 2898 4710 +2 1 0 2 0 32 50 -1 19 0.000 0 0 7 0 0 4 + 2187 5835 2187 5610 2424 5610 2424 5835 +-6 +6 4275 5160 6105 6315 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 6090 5175 4290 5175 4290 6075 6090 6075 6090 5175 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 4965 6075 5865 6075 5865 6300 4965 6300 4965 6075 +2 1 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 4 + 6090 5400 5865 5400 5865 5625 6090 5625 +-6 +6 7170 5145 9000 6300 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 7185 5160 8985 5160 8985 6060 7185 6060 7185 5160 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 8310 6060 7410 6060 7410 6285 8310 6285 8310 6060 +2 1 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 4 + 7185 5385 7410 5385 7410 5610 7185 5610 +-6 +6 4275 7815 6105 8970 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 6090 7830 4290 7830 4290 8730 6090 8730 6090 7830 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 4965 8730 5865 8730 5865 8955 4965 8955 4965 8730 +2 1 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 4 + 6090 8055 5865 8055 5865 8280 6090 8280 +-6 +6 7170 7800 9000 8955 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 7185 7815 8985 7815 8985 8715 7185 8715 7185 7815 +2 2 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 5 + 8310 8715 7410 8715 7410 8940 8310 8940 8310 8715 +2 1 0 2 0 11 50 -1 28 0.000 0 0 7 0 0 4 + 7185 8040 7410 8040 7410 8265 7185 8265 +-6 +6 6975 6750 9450 9225 +6 6975 6750 9450 9225 +2 2 0 1 0 7 70 -1 20 0.000 0 0 7 0 0 5 + 6975 9225 9450 9225 9450 6750 6975 6750 6975 9225 +4 0 0 50 -1 0 20 0.0000 4 270 705 7200 7200 guest\001 +4 0 0 50 -1 16 20 0.0000 4 240 810 8100 7200 dom7\001 +4 0 0 50 -1 16 20 0.0000 4 225 2070 7200 7650 198.51.100.32\001 +-6 +-6 +2 1 0 3 1 29 50 -1 -1 0.000 0 0 -1 0 0 2 + 4275 5625 3375 5625 +2 1 0 3 1 29 50 -1 -1 0.000 0 0 -1 0 0 2 + 4275 8325 3375 8325 +2 1 0 3 1 29 50 -1 -1 0.000 0 0 -1 0 0 2 + 3375 7200 2475 7200 +2 1 0 3 1 29 50 -1 -1 0.000 0 0 -1 0 0 2 + 3375 9000 3375 5220 +2 1 0 3 1 29 50 -1 -1 0.000 0 0 -1 0 0 3 + 2250 5850 2250 6300 3375 6300 +2 2 0 1 0 7 70 -1 20 0.000 0 0 7 0 0 5 + 6300 2925 900 2925 900 9450 6300 9450 6300 2925 +2 2 0 1 0 33 100 -1 20 0.000 0 0 7 0 0 5 + 675 2250 9675 2250 9675 9675 675 9675 675 2250 +2 2 0 1 7 7 125 -1 20 0.000 0 0 7 0 0 5 + -225 9900 9900 9900 9900 2025 -225 2025 -225 9900 +2 1 0 3 1 29 50 -1 -1 0.000 0 0 7 0 0 2 + 6075 5490 7200 5490 +2 2 0 1 0 7 70 -1 20 0.000 0 0 7 0 0 5 + 6975 6525 9450 6525 9450 2925 6975 2925 6975 6525 +2 1 0 3 1 29 50 -1 -1 0.000 0 0 7 0 0 2 + 6075 8145 7200 8145 +2 2 0 1 0 7 70 -1 20 0.000 0 0 7 0 0 5 + 6975 6525 9450 6525 9450 5580 6975 5580 6975 6525 +2 2 0 1 0 29 50 -1 -1 0.000 0 0 -1 0 0 5 + 1395 4230 5670 4230 5670 9180 1395 9180 1395 4230 +4 0 0 50 -1 0 16 1.5708 4 255 1395 225 5400 physical link\001 +4 0 0 50 -1 0 20 0.0000 4 300 1320 900 2700 Computer\001 +4 0 0 50 -1 0 20 0.0000 4 285 3330 990 3420 Backend (driver) domain\001 +4 0 0 50 -1 0 16 1.5708 4 195 1515 3690 7560 virtual switch\001 +4 0 0 50 -1 16 20 0.0000 4 225 1890 1440 3960 198.51.100.1\001 +4 0 0 50 -1 18 20 1.5708 4 240 1095 2250 5400 xenbr0\001 +4 0 0 50 -1 0 16 1.5708 4 255 1185 2520 5490 O/S bridge\001 +4 0 0 50 -1 0 16 1.5708 4 195 990 2790 5310 interface\001 +4 0 0 50 -1 0 20 0.0000 4 300 840 4680 4590 bridge\001 +4 0 0 50 -1 0 20 0.0000 4 225 1185 3330 4590 Software\001 +4 0 0 50 -1 0 20 0.0000 4 300 1785 7155 3420 guest domain\001 +4 0 0 50 -1 0 20 0.0000 4 300 1410 7155 3810 domU e.g.\001 +4 0 0 50 -1 16 20 0.0000 4 240 810 8550 3825 dom4\001 +4 0 0 50 -1 18 20 0.0000 4 240 825 4500 5490 vif4.0\001 +4 0 0 50 -1 18 20 0.0000 4 240 675 7875 5490 eth0\001 +4 0 0 50 -1 16 20 0.0000 4 225 2070 7200 4950 198.51.100.27\001 +4 0 0 50 -1 0 16 0.0000 4 255 1080 4500 5850 (netback)\001 +4 0 0 50 -1 0 16 0.0000 4 255 1140 7560 5850 (netfront)\001 +4 0 0 50 -1 0 16 1.5708 4 195 1350 6750 6210 virtual link\001 +4 0 0 50 -1 0 16 0.0000 4 255 1080 4500 8505 (netback)\001 +4 0 0 50 -1 0 16 0.0000 4 255 1140 7560 8505 (netfront)\001 +4 0 0 50 -1 0 16 1.5708 4 195 1350 6750 8865 virtual link\001 +4 0 0 50 -1 18 20 0.0000 4 240 825 4500 8190 vif7.0\001 +4 0 0 50 -1 18 20 0.0000 4 240 675 7830 8190 eth0\001 diff --git a/src/xen/docs/figs/xenlogo.eps b/src/xen/docs/figs/xenlogo.eps new file mode 100644 index 0000000000000000000000000000000000000000..aa5f2f99dc3f285e3db324e706179ce528cc803c --- /dev/null +++ b/src/xen/docs/figs/xenlogo.eps @@ -0,0 +1,1479 @@ +%!PS-Adobe-3.0 EPSF-3.0 +%%Creator: (ImageMagick) +%%Title: (/homes/kaf24/xenlogo.eps) +%%CreationDate: (Tue Oct 28 13:52:11 2003) +%%BoundingBox: 155 324 445 461 +%%DocumentData: Clean7Bit +%%LanguageLevel: 1 +%%Pages: 1 +%%EndComments + +%%BeginDefaults +%%EndDefaults + +%%BeginProlog +% +% Display a color image. The image is displayed in color on +% Postscript viewers or printers that support color, otherwise +% it is displayed as grayscale. +% +/DirectClassPacket +{ + % + % Get a DirectClass packet. + % + % Parameters: + % red. + % green. + % blue. + % length: number of pixels minus one of this color (optional). + % + currentfile color_packet readhexstring pop pop + compression 0 eq + { + /number_pixels 3 def + } + { + currentfile byte readhexstring pop 0 get + /number_pixels exch 1 add 3 mul def + } ifelse + 0 3 number_pixels 1 sub + { + pixels exch color_packet putinterval + } for + pixels 0 number_pixels getinterval +} bind def + +/DirectClassImage +{ + % + % Display a DirectClass image. + % + systemdict /colorimage known + { + columns rows 8 + [ + columns 0 0 + rows neg 0 rows + ] + { DirectClassPacket } false 3 colorimage + } + { + % + % No colorimage operator; convert to grayscale. + % + columns rows 8 + [ + columns 0 0 + rows neg 0 rows + ] + { GrayDirectClassPacket } image + } ifelse +} bind def + +/GrayDirectClassPacket +{ + % + % Get a DirectClass packet; convert to grayscale. + % + % Parameters: + % red + % green + % blue + % length: number of pixels minus one of this color (optional). + % + currentfile color_packet readhexstring pop pop + color_packet 0 get 0.299 mul + color_packet 1 get 0.587 mul add + color_packet 2 get 0.114 mul add + cvi + /gray_packet exch def + compression 0 eq + { + /number_pixels 1 def + } + { + currentfile byte readhexstring pop 0 get + /number_pixels exch 1 add def + } ifelse + 0 1 number_pixels 1 sub + { + pixels exch gray_packet put + } for + pixels 0 number_pixels getinterval +} bind def + +/GrayPseudoClassPacket +{ + % + % Get a PseudoClass packet; convert to grayscale. + % + % Parameters: + % index: index into the colormap. + % length: number of pixels minus one of this color (optional). + % + currentfile byte readhexstring pop 0 get + /offset exch 3 mul def + /color_packet colormap offset 3 getinterval def + color_packet 0 get 0.299 mul + color_packet 1 get 0.587 mul add + color_packet 2 get 0.114 mul add + cvi + /gray_packet exch def + compression 0 eq + { + /number_pixels 1 def + } + { + currentfile byte readhexstring pop 0 get + /number_pixels exch 1 add def + } ifelse + 0 1 number_pixels 1 sub + { + pixels exch gray_packet put + } for + pixels 0 number_pixels getinterval +} bind def + +/PseudoClassPacket +{ + % + % Get a PseudoClass packet. + % + % Parameters: + % index: index into the colormap. + % length: number of pixels minus one of this color (optional). + % + currentfile byte readhexstring pop 0 get + /offset exch 3 mul def + /color_packet colormap offset 3 getinterval def + compression 0 eq + { + /number_pixels 3 def + } + { + currentfile byte readhexstring pop 0 get + /number_pixels exch 1 add 3 mul def + } ifelse + 0 3 number_pixels 1 sub + { + pixels exch color_packet putinterval + } for + pixels 0 number_pixels getinterval +} bind def + +/PseudoClassImage +{ + % + % Display a PseudoClass image. + % + % Parameters: + % class: 0-PseudoClass or 1-Grayscale. + % + currentfile buffer readline pop + token pop /class exch def pop + class 0 gt + { + currentfile buffer readline pop + token pop /depth exch def pop + /grays columns 8 add depth sub depth mul 8 idiv string def + columns rows depth + [ + columns 0 0 + rows neg 0 rows + ] + { currentfile grays readhexstring pop } image + } + { + % + % Parameters: + % colors: number of colors in the colormap. + % colormap: red, green, blue color packets. + % + currentfile buffer readline pop + token pop /colors exch def pop + /colors colors 3 mul def + /colormap colors string def + currentfile colormap readhexstring pop pop + systemdict /colorimage known + { + columns rows 8 + [ + columns 0 0 + rows neg 0 rows + ] + { PseudoClassPacket } false 3 colorimage + } + { + % + % No colorimage operator; convert to grayscale. + % + columns rows 8 + [ + columns 0 0 + rows neg 0 rows + ] + { GrayPseudoClassPacket } image + } ifelse + } ifelse +} bind def + +/DisplayImage +{ + % + % Display a DirectClass or PseudoClass image. + % + % Parameters: + % x & y translation. + % x & y scale. + % label pointsize. + % image label. + % image columns & rows. + % class: 0-DirectClass or 1-PseudoClass. + % compression: 0-none or 1-RunlengthEncoded. + % hex color packets. + % + gsave + /buffer 512 string def + /byte 1 string def + /color_packet 3 string def + /pixels 768 string def + + currentfile buffer readline pop + token pop /x exch def + token pop /y exch def pop + x y translate + currentfile buffer readline pop + token pop /x exch def + token pop /y exch def pop + currentfile buffer readline pop + token pop /pointsize exch def pop + /Times-Roman findfont pointsize scalefont setfont + x y scale + currentfile buffer readline pop + token pop /columns exch def + token pop /rows exch def pop + currentfile buffer readline pop + token pop /class exch def pop + currentfile buffer readline pop + token pop /compression exch def pop + class 0 gt { PseudoClassImage } { DirectClassImage } ifelse + grestore +} bind def +%%EndProlog +%%Page: 1 1 +%%PageBoundingBox: 155 324 445 461 +userdict begin +DisplayImage +155 324 +289.992 137.145 +12.000000 +302 143 +1 +1 +1 +8 +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8e6 +d4cec2b6b6aa9e9e9e9e9e9e9e9eb6b6b6c8cee0e6ffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffff2e0c8b6a49e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +aabccee6ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffff8e0c2aa9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb6ceecffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffffffffffffffffffffffff8dabc9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +aac8ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffe0bc9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaac8f2ffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffff8ceaa9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb6e0 +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffffffffffffffffffffff2c29e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9eaadaffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffff2c29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaadaffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffff8c29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9eaadaffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffcea49e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb6e6ffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffe6aa9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9ec2f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffff8c29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea4e0ffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe6aa9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea1acb6bac4c8c8d6d6d6d6d6d6 +d6cfc8c8bdbaafa89e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9ebcf8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffc89e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea8b6c4 +cfd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8bdafa19e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaaecffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffff8b09e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9ea1afc1d2d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6cbbaa89e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ed4ffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeca49e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eafc1d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cfbaa59e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9ec2f8ffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffda9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea1bacfd6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6c8af9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb0f8ffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffc89e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9ea5c1d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cfb39e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9ea4ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc29e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea5c1d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cf +b39e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea4ecffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffc29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea1bdd6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cfaf9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea4 +daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffc29e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9eb3d2d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8a59e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9edaffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffc29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea5c8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d2b69e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9edaffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffc29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb3d2d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8a59e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9ea4ecffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffc29e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9ea1c4d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d2af9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea4ecffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffda9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea8cbd6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6bd9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9ea4f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffe09e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eafd2 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +c8a19e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb0f8ffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeca49e9e9e9e +9e9e9e9e9e9e9e9e9e9e9eb3d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cba89e9e9e9e9e9e9e9e9e9e9e9e9e9e9ec2ffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffff8b09e9e9e9e9e9e9e9e9e9e9e9e9e9e9ec1d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d2a89e9e9e9e +9e9e9e9e9e9e9e9e9e9e9ed4ffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffc29e9e9e9e9e9e9e9e9e9e9e9e9e9e +9ec1d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d2a89e9e9e9e9e9e9e9e9e9e9e9e9e9e9eecffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffda9e +9e9e8027272727272727272727272b353535353535353535353535353535353535353535 +353535353535add6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c85035353535353535322727272727272727272727 +272727272d3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f5fefffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffff2a49e9e9e9e45000000000000000000000000000000000000 +00000000000000000000000000000000000000001ac8d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad28000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00003fefffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffb69e9e9e9e9e9e27000000 +000000000000000000000000000000000000000000000000000000000000000000000050 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6930d0000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000007fffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffd49e9e9e9e9e9e9e9413000000000000000000000000000000000000000000000000 +000000000000000000000000000085d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d66b0000000000000000000000000000000000 +0000000000000000000000000000000000000000000000000000000fbfffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffff8a49e9e9e9e9e9e9e9e8009000000000000000000 +000000000000000000000000000000000000000000000000000000000dadd6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c83500000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000002fdfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc29e9e9e9e9e9e +9e9e9e9e6200000000000000000000000000000000000000000000000000000000000000 +0000000000000028c8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6ad1a000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000006fffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffe69e9e9e9e9e9e9e9e9e9e9e9e4500000000000000000000000000000000 +0000000000000000000000000000000000000000000050d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6850d0000000000000000000000000000 +00000000000000000000000000000000000000000000000000000000000fafffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffb69e9e9e9e9e9e9e9e9e9e9e9e9e2b00 +000000000000000000000000000000000000000000000000000000000000000000000000 +0085d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d65d0000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000002fcfffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe09e9e +9e9e9e9e9e9e9e9e9e9e9ea8c81a00000000000000000000000000000000000000000000 +0000000000000000000000000000000dadd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6c83500000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000005fefffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffaa9e9e9e9e9e9e9e9e9e9e9e9e9ecbd6ad0d00000000000000 +00000000000000000000000000000000000000000000000000000000000028d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad1a000000000000000000000000 +00000000000000000000000000000000000000000000000000000000000000009fffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffda9e9e9e9e9e9e9e9e9e9e9e +9e9ebad6d6d6850000000000000000000000000000000000000000000000000000000000 +0000000000000000005dd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d685 +0d0000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000001fcfffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffaa9e9e9e9e9e9e9e9e9e9e9e9ea5d6d6d6d6d65d0000000000000000000000000000 +00000000000000000000000000000000000000000000000093d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d65d0000000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000049efffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffe69e9e9e9e9e9e9e9e9e9e9e9e9ec8d6d6d6d6d6d6 +350000000000000000000000000000000000000000000000000000000000000000000000 +00000dbbd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c83500000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000004faa +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffb69e9e9e9e9e9e +9e9e9e9e9e9eacd6d6d6d6d6d6d6c81a0000000000000000000000000000000000000000 +000000000000000000000000000000000028d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6ad1a000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000009769e9ee0ffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffff29e9e9e9e9e9e9e9e9e9e9e9e9ecbd6d6d6d6d6d6d6d6ad0d0000000000 +00000000000000000000000000000000000000000000000000000000000000005dd6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6850d0000000000000000000000000000000000000000 +00000000000000000000000000000000000000000000001d949e9e9eb6ffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffc29e9e9e9e9e9e9e9e9e9e9e9eb3d6d6 +d6d6d6d6d6d6d6d685000000000000000000000000000000000000000000000000000000 +000000000000000000000093d6d6d6d6d6d6d6d6d6d6d6d6d6d6d65d0000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +459e9e9e9e9e9ef2ffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa49e +9e9e9e9e9e9e9e9e9e9e9ecfd6d6d6d6d6d6d6d6d6d6d65d000000000000000000000000 +000000000000000000000000000000000000000000000000000dbbd6d6d6d6d6d6d6d6d6 +d6d6d6c83500000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000096c9e9e9e9e9e9e9ec8ffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffda9e9e9e9e9e9e9e9e9e9e9e9eacd6d6d6d6d6d6d6d6d6d6d6 +d6d635000000000000000000000000000000000000000000000000000000000000000000 +0000000035d6d6d6d6d6d6d6d6d6d6d6ad1a000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000001d8a9e9e9e9e9e9e9e9eaa +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffbc9e9e9e9e9e9e9e9e9e9e +9e9ec8d6d6d6d6d6d6d6d6d6d6d6d6d6c81a000000000000000000000000000000000000 +000000000000000000000000000000000000006bd6d6d6d6d6d6d6d6d6850d0000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00003b949e9e9e9e9e9e9e9e9e9ee0ffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffff89e9e9e9e9e9e9e9e9e9e9e9ea5d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad0d000000 +00000000000000000000000000000000000000000000000000000000000000000000a0d6 +d6d6d6d6d6d65d0000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000d7b9e9e9e9e9e9e9e9e9e9e9e9ec2ffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffda9e9e9e9e9e9e9e9e9e9e9e9ebdd6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d68500000000000000000000000000000000000000000000000000 +0000000000000000000000000dc8d6d6d6d6c83500000000000000000000000000000000 +0000000000000000000000000000000000000000000000000000001aadd6a59e9e9e9e9e +9e9e9e9e9e9ea4ffffffffffffffdfbf8f7f5f3f3f1f0000000000000000000000000000 +001f3f3f5f7f8fbfcfffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbc9e9e9e9e9e +9e9e9e9e9e9e9ed2d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d65000000000000000000000 +00000000000000000000000000000000000000000000000000000035d6d6d6ad0d000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000042c8d6d6bd9e9e9e9e9e9e9e9e9e9e9e9ee6ffcf9f5f3f000000000000000000 +0000000000000000000000000000000000000000000000002f5f8fcfffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbf8f7f +3f3f0f000000000000000000003f3f7f9fdfffffffffffffffffffffffffffffffffffff +ffffffffffffffffa49e9e9e9e9e9e9e9e9e9e9eafd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d62800000000000000000000000000000000000000000000000000000000000000 +0000000000006bd685000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000078d6d6d6d6cf9e9e9e9e9e9e9e9e9e9e9e6c47 +1f0000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000f4f9fdfffffffffffffffffffffffffffffffffffffffffffffffffffff +ffbf3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3fefffffffffff +ffffffffffffffaf6f2f000000000000000000000000000000000000000000001f6fcfff +ffffffffffffffffffffffffffffffffffffffffffe69e9e9e9e9e9e9e9e9e9e9e9ec1d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c80d00000000000000000000000000000000 +000000000000000000000000000000000000000000350000000000000000000000000000 +00000000000000000000000000000000000000000000000000000000000da0d6d6d6d6d6 +d6a89e9e9e9e9e9e9e763b09000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000004f9fffffffffffffffffffff +ffffffffffffffffffffffffffffff6f0000000000000000000000000000000000000000 +000000000000001fffffffffffffffffffff9f4f00000000000000000000000000000000 +000000000000000000000000003fafffffffffffffffffffffffffffffffffffffffffce +9e9e9e9e9e9e9e9e9e9e9e9ed2d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad0000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000035c8d6d6d6d6d6d6d6bd9e9e9e9e94621300000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000f7fefffffffffffffffffffffffffffffffffffffffffffff3f000000000000 +0000000000000000000000000000000000000000004fffffffffffffffdf6f0f00000000 +00000000000000000000000000000000000000000000000000000000003fdfffffffffff +ffffffffffffffffffffffffffb69e9e9e9e9e9e9e9e9e9e9eafd6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6850000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000005dd6d6d6d6d6d6d6d6d6cf9e9e944f0900 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000f8fffffffffffffffffffffffffffff +ffffffffffffff000000000000000000000000000000000000000000000000000000008f +ffffffffffdf5f0000000000000000000000000000000000000000000000000000000000 +00000000000000000f9fffffffffffffffffffffffffffffffffff9e9e9e9e9e9e9e9e9e +9e9e9ebdd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6500000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000d93d6d6d6 +d6d6d6d6d6d6d6d69b4f0900000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +2fcfffffffffffffffffffffffffffffffffffffbf000000000000000000000000000000 +00000000000000000000000000bfffffffef5f0000000000000000000000000000000000 +0000000000000000000000000000000000000000000000009fffffffffffffffffffffff +ffffffffe69e9e9e9e9e9e9e9e9e9e9e9ecbd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6280000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000028bbd6d6d6d6d6d6d6d6d6d6d6850d00000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000f9fffffffffffffffffffffffffffffffffff8f00 +000000000000000000000000000000000000000000000000000000ffffff8f0f00000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000009fffffffffffffffffffffffffffffd49e9e9e9e9e9e9e9e9e9e9ea1d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c80d0000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000050c8d6d6d6d6d6d6d6d6d6d6ad3500 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000006fffffffff +ffffffffffffffffffffffff5f0000000000000000000000000000000000000000000000 +000000003fffef3f00000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000bfffffffffffffffffffffffffffc89e9e9e +9e9e9e9e9e9e9e9eafd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000000000000000000000000d85d6 +d6d6d6d6d6d6d6d6d6d66b00000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000005fffffffffffffffffffffffffffffff1f000000000000000000 +0000000000000000000000000000000000006fbf0f000000000000000000000000000000 +00000000000000000000000000000000000000000000000000000000000000001fffffff +ffffffffffffffffffffb69e9e9e9e9e9e9e9e9e9e9ebad6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d685000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000028add6d6d6d6d6d6d6d6d6d6c835000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000005fffffffffffffffffffff +ffffffef000000000000000000000000000000000000000000000000000000003f000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000009fffffffffffffffffffffffffa49e9e9e9e9e9e9e9e9e9e9e +c8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d650000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000042c8d6d6d6d6d6d6d6d6d6d6ad +0d0000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000007fffffffffffffffffffffffffaf000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000002fffffffffffffffffffff +ffff9e9e9e9e9e9e9e9e9e9e9e9ed2d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d628000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +78d6d6d6d6d6d6d6d6d6d6d6850000000000000000000000000000000000000000000000 +000000000000000000000000001f3f3f3f3f3f3f00000000000000000000000000000000 +00000000000000000000000000000000000000bfffffffffffffffffffffff7f00000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000dfffffffffffffffffffffe69e9e9e9e9e9e9e9e9e9e9e9ed6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c80d000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000dadd6d6d6d6d6d6d6d6d6d6d68500000000000000000000 +00000000000000000000000000000000000000000000000f5fafefffffffffffffffffcf +8f2f000000000000000000000000000000000000000000000000000000000000001fefff +ffffffffffffffffff3f0000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000bfffffffffffffffffffffe69e9e9e9e9e9e +9e9e9e9e9eacd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6ad00000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000000035c8d6d6d6d6d6d6d6d6d6 +d6d68500000000000000000000000000000000000000000000000000000000000000001f +9fffffffffffffffffffffffffffffffbf3f000000000000000000000000000000000000 +0000000000000000000000007fffffffffffffffffffff0f000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000000000000000000000000009fffffff +ffffffffffffffce9e9e9e9e9e9e9e9e9e9e9eacd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d68500000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00006bd6d6d6d6d6d6d6d6d6d6d6d6930000000000000000000000000000000000000000 +00000000000000000000000f8fffffffffffffffffffffffffffffffffffffff8f000000 +00000000000000000000000000000000000000000000000000000fefffffffffffffffff +cf0000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000008fffffffffffffffffffffce9e9e9e9e9e9e9e9e9e9e9ebad6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d65000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000d93d6d6d6d6d6d6d6d6d6d6d6d6ad0d000000000000 +0000000000000000000000000000000000000000000000002fdfffffffffffffffffffff +ffffffffffffffffffffff9f000000000000000000000000000000000000000000000000 +00000000008fffffffffffffffff9f000000000000000000000000000000000000000000 +00000000000000000000000000000000000000003f3f3f3f3f0f00000000000000000000 +000000000000000000000000000000000000000000000000bfffffffffffffffffffffce +9e9e9e9e9e9e9e9e9e9e9ebad6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d62800000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000000000000000028bbd6d6d6d6d6d6d6 +d6d6d6d6d6c81a0000000000000000000000000000000000000000000000000000000000 +005fefffffffffffffffffffffffffffffffffffffffffffffff3f000000000000000000 +000000000000000000000000000000000000002fffffffffffffffff5f00000000000000 +0000000000000000000000000000000000000000000000000000000000001f6fcfffffff +ffffffffaf2f000000000000000000000000000000000000000000000000000000000000 +0000bfffffffffffffffffffffbc9e9e9e9e9e9e9e9e9e9e9ebad6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c80d00000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000050d6d6d6d6d6d6d6d6d6d6d6d6d6d64200000000000000000000000000000000 +00000000000000000000000000005fffffffffffffffffffffffffffffffffffffffffff +ffffffffaf0000000000000000000000000000000000000000000000000000000000efff +ffffffffffff2f0000000000000000000000000000000000000000000000000000000000 +0000000000000f9fffffffffffffffffffffffef2f000000000000000000000000000000 +00000000000000000000000000000000cfffffffffffffffffffffb69e9e9e9e9e9e9e9e +9e9e9ec8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6ad0000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000d85d6d6d6d6d6d6d6d6d6d6d6d6d6d693000000 +0000000000000000000000000000000000000000000000000000002fefffffffffffffff +ffffffffffffffffffffffffffffffffffffff0000000000000000000000000000000000 +000000000000000000000000bfffffffffffffff00000000000000000000000000000000 +000000000000000000000000000000000000004fefffffffffffffffffffffffffffaf00 +000000000000000000000000000000000000000000000000000000000000ffffffffffff +ffffffffffb69e9e9e9e9e9e9e9e9e9e9ec8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6780000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000028add6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d61a00000000000000000000000000000000000000000000000000 +000000000fcfffffffffffffffffffffffffffffffffffffffffffffffffffffff1f0000 +00000000000000000000000000000000000000000000000000007fffffffffffffbf0000 +00000000000000000000000000000000000000000000000000000000000000008fffffff +ffffffffffffffffffffffffff0000000000000000000000000000000000000000000000 +000000000000001fffffffffffffffffffffffb69e9e9e9e9e9e9e9e9e9e9ec8d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad1a000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000042c8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d66b000000000000000000000000 +0000000000000000000000000000000000007fffffffffffffffffffffffffffffffffff +ffffffffffffffffffffff1f000000000000000000000000000000000000000000000000 +000000007fffffffffffff7f000000000000000000000000000000000000000000000000 +0000000000000000009fffffffffffffffffffffffffffffffffff000000000000000000 +0000000000000000000000000000000000000000003fffffffffffffffffffffffb69e9e +9e9e9e9e9e9e9e9e9ec8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d685000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000078d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d60d00000000000000000000000000000000000000000000000000000000001fffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000000000 +0000000000000000000000000000000000004fffffffffffff4f00000000000000000000 +000000000000000000000000000000000000000000006fffffffffffffffffffffffffff +ffffffffff0000000000000000000000000000000000000000000000000000000000007f +ffffffffffffffffffffffb69e9e9e9e9e9e9e9e9e9e9ec8d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8500000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000001aadd6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d685000000000000000000000000000000000000000000 +0000000000000000009fffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffbf00000000000000000000000000000000000000000000000000000000003fffffff +ffffff0f000000000000000000000000000000000000000000000000000000000000003f +ffffffffffffffffffffffffffffffffffffcf0000000000000000000000000000000000 +00000000000000000000000000afffffffffffffffffffffffb69e9e9e9e9e9e9e9e9e9e +9ec8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad2800 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000001ac8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d62800000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000007fffffffffffdf00000000000000000000000000000000000000 +0000000000000000000000000fdfffffffffffffffffffffffffffffffffffffaf000000 +000000000000000000000000000000000000000000000000000000cfffffffffffffffff +ffffffb69e9e9e9e9e9e9e9e9e9e9ec8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6930d000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000a0d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6bb000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000007fffffffffffaf0000000000 +00000000000000000000000000000000000000000000000000007fffffffffffffffffff +ffffffffffffffffffff7f00000000000000000000000000000000000000000000000000 +0000000000ffffffffffffffffffffffffbc9e9e9e9e9e9e9e9e9e9e9ebad6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d65d000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000dc8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d68500000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000afffffffffff6f000000000000000000000000000000000000000000000000000000 +0000000fefffffffffffffffffffffffffffffffffffffff3f0000000000000000000000 +0000000000000000000000000000000000003fffffffffffffffffffffffffce9e9e9e9e +9e9e9e9e9e9e9ebad6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8 +280000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000028d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6500000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000cfffffffffff3f00000000000000000000000000 +00000000000000000000000000000000007fffffffffffffffffffffffffffffffffffff +ffff0f00000000000000000000000000000000000000000000000000000000007fffffff +ffffffffffffffffffce9e9e9e9e9e9e9e9e9e9e9ebad6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6a00d00000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000005dd6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d635000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000ffffffffffff +00000000000000000000000000000000000000000000000000000000000000dfffffffff +ffffffffffffffffffffffffffffffdf0000000000000000000000000000000000000000 +00000000000000000000afffffffffffffffffffffffffce9e9e9e9e9e9e9e9e9e9e9eac +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d66b00000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000093d6d6d6d6d6d6d6d6d6d6d6d6d6d60000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000003fffffffffffbf00000000000000000000000000000000000000000000 +00000000000000004fffffffffffffffffffffffffffffffffffffffffaf000000000000 +000000000000000000000000000000000000000000000000dfffffffffffffffffffffff +ffe69e9e9e9e9e9e9e9e9e9e9eacd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6c835000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000000dbbd6d6d6d6d6d6d6d6d6d6 +d6d6d6000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000006fffffffffff8f0000000000000000 +000000000000000000000000000000000000000000009fffffffffffffffffffffffffff +ffffffffffffff7f00000000000000000000000000000000000000000000000000000000 +000fffffffffffffffffffffffffffe69e9e9e9e9e9e9e9e9e9e9e9ed6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad1a0000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000028c8d6d6d6d6d6d6d6d6d6d6d6d600000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000000000000000000000000000af +ffffffffff5f000000000000000000000000000000000000000000000000000000000000 +efffffffffffffffffffffffffffffffffffffffff3f0000000000000000000000000000 +0000000000000000000000000000004fffffffffffffffffffffffffffff9e9e9e9e9e9e +9e9e9e9e9e9ed2d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6780000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000050d6d6d6d6d6d6d6d6d6d6d6d60000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000dfffffffffff1f00000000000000000000000000000000 +000000000000000000000000002fffffffffffffffffffffffffffffffffffffffffff0f +00000000000000000000000000000000000000000000000000000000007fffffffffffff +ffffffffffffffffa49e9e9e9e9e9e9e9e9e9e9ec8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6c85000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000000000000000000000000000085d6d6 +d6d6d6d6d6d6d6d6d6000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000000000000001fffffffffffef000000 +0000000000000000000000000000000000000000000000000000006fffffffffffffffff +ffffffffffffffffffffffffdf0000000000000000000000000000000000000000000000 +00000000000000bfffffffffffffffffffffffffffffb69e9e9e9e9e9e9e9e9e9e9ebad6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad28000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000dadd6d6d6d6d6d6d6d6d6d600000000000000000000000000 +0000000000000000000000000000000027737f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f +7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f +7f7f7f7f9fffffffffffaf00000000000000000000000000000000000000000000000000 +00000000009fffffffffffffffffffffffffffffffffffffffff9f000000000000000000 +000000000000000000000000000000000000000000efffffffffffffffffffffffffffff +c89e9e9e9e9e9e9e9e9e9e9eafd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6850d0000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000028c8d6d6d6d6d6d6d6d6 +d60d000000000000000000000000000000000000000000000000000000003becffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffff7f0000000000000000000000 +00000000000000000000000000000000000000cfffffffffffffffffffffffffffffffff +ffffffff6f00000000000000000000000000000000000000000000000000000000002fff +ffffffffffffffffffffffffffffd49e9e9e9e9e9e9e9e9e9e9ea1d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d65d0000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000050d6d6d6d6d6d6d6d6d6350000000000000000000000000000000000000000 +00000000000000001dffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffff3f00000000000000000000000000000000000000000000000000000000000fffffff +ffffffffffffffffffffffffffffffffffff3f0000000000000000000000000000000000 +0000000000000000000000005fffffffffffffffffffffffffffffffe69e9e9e9e9e9e9e +9e9e9e9e9ecbd6d6d6d6d6d6d6d6d6d6d6d6bb2800000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000078d6d6d6d6d6d6d6d66b000000000000 +0000000000000000000000000000000000000000000000dfffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffff0f00000000000000000000000000000000000000 +000000000000000000003fffffffffffffffffffffffffffffffffffffffffff00000000 +00000000000000000000000000000000000000000000000000008fffffffffffffffffff +ffffffffffffff9e9e9e9e9e9e9e9e9e9e9e9ebdd6d6d6d6d6d6d6d6d6d6d6a00d000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000000000000000000000000000ad +d6d6d6d6d6d6d6a000000000000000000000000000000000000000000000000000000000 +006fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffcf000000000000 +0000000000000000000000000000000000000000000000007fffffffffffffffffffffff +ffffffffffffffffffbf0000000000000000000000000000000000000000000000000000 +00000000cfffffffffffffffffffffffffffffffffb69e9e9e9e9e9e9e9e9e9e9eafd6d6 +d6d6d6d6d6d6d6d66b000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000001ac8d6d6d6d6d6d6d60d00000000000000000000000000 +0000000000000000000000000000000fdfffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffff9f00000000000000000000000000000000000000000000000000000000 +0000bfffffffffffffffffffffffffffffffffffffffff8f000000000000000000000000 +000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffce +9e9e9e9e9e9e9e9e9e9e9e9ed2d6d6d6d6d6d6d6c8350000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000000000000042d6d6d6d6d6d6d6 +6b00000000000000000000000000000000000000000000000000000000003fffffffffff +ffffffffffffffffffffffffffffffffffffffcf3f3f3f3f5f7f7f7fafbfbfbfffffffff +ffffffffffffffffffffffffffffffffffffffffff5f0000000000000000000000000000 +00000000000000000000000000000000efffffffffffffffffffffffffffffffffffffff +ff5f00000000000000000000000000000000000000000000000000000000003fffffffff +ffffffffffffffffffffffffffe69e9e9e9e9e9e9e9e9e9e9e9ec1d6d6d6d6d6d6ad0d00 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000006bd6d6d6d6d6d6bb000000000000000000000000000000000000000000 +0000000000000000005fffffffffffffffffffffffffffffffffffffffffffffaf0f0000 +000000000000000000000000000f3f3f3f5f7f7f7fafbfbfbfffffffffffffffffffff2f +00000000000000000000000000000000000000000000000000000000001fffffffffffff +ffffffffffffffffffffffffffffff1f0000000000000000000000000000000000000000 +0000000000000000006fffffffffffffffffffffffffffffffffffffa49e9e9e9e9e9e9e +9e9e9e9eafd6d6d6d6d67800000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000005d35000000000000000000000000000000 +00000000000000000000000000000000000000000000a0d6d6d6d6d6d65d000000000000 +0000000000000000000000000000000000000000000000004fefffffffffffffffffffff +ffffffffffffffffdf4f0000000000000000000000000000000000000000000000000000 +00000000003fffffffffffffff0000000000000000000000000000000000000000000000 +000000000000005fffffffffffffffffffffffffffffffffffffffffef00000000000000 +0000000000000000000000000000000000000000000000afffffffffffffffffffffffff +ffffffffffffbc9e9e9e9e9e9e9e9e9e9e9e9ed2d6d6c842000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000085d6c80d +000000000000000000000000000000000000000000000000000000000000000000000000 +0dc8d6d6d6d6d6c80d000000000000000000000000000000000000000000000000000000 +0000000f7fefffffffffffffffffffffffffffffcf5f0000000000000000000000000000 +0000000000000000000000000000000000002fefffffffffffffbf000000000000000000 +0000000000000000000000000000000000000000008fffffffffffffffffffffffffffff +ffffffffffffbf0000000000000000000000000000000000000000000000000000000000 +00dfffffffffffffffffffffffffffffffffffffda9e9e9e9e9e9e9e9e9e9e9e9ebdd6ad +280000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000dadd6d6d69300000000000000000000000000000000000000000000 +00000000000000000000000000000035d6d6d6d6d6d69300000000000000000000000000 +000000000000000000000000000000000000000f4f8fbfffffffffffffffbf9f6f1f0000 +000000000000000000000000000000000000000000000000000000000000000fefffffff +ffffffff7f000000000000000000000000000000000000000000000000000000000000cf +ffffffffffffffffffffffffffffffffffffffff7f000000000000000000000000000000 +00000000000000000000000000000ffffffffffffffffffffffffffffffffffffffff89e +9e9e9e9e9e9e9e9e9e9e9ea5850d00000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000028c8d6d6d6d6d64200000000000000 +0000000000000000000000000000000000000000000000000000000000005dd6d6d6d6d6 +d65d00000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000fcfffffffffffffffff4f0000000000000000000000000000000000 +00000000000000000000000000ffffffffffffffffffffffffffffffffffffffffff3f00 +000000000000000000000000000000000000000000000000000000004fffffffffffffff +ffffffffffffffffffffffffffbc9e9e9e9e9e9e9e9e9e9e9e3b00000000000000000000 +0000000000000000000000000000000000000000000000000000000000000000000050d6 +d6d6d6d6d6d6c81a00000000000000000000000000000000000000000000000000000000 +00000000000000000093d6d6d6d6d6d65000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000002fdfffffffffffffffffff0f000000 +00000000000000000000000000000000000000000000000000003fffffffffffffffffff +ffffffffffffffffffffffff0f0000000000000000000000000000000000000000000000 +0000000000007fffffffffffffffffffffffffffffffffffffffffda9e9e9e9e9e9e9e9e +9e8a1d000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000078d6d6d6d6d6d6d6d6d6a00000000000000000000000000000 +00000000000000000000000000000000000000000000000dbbd6d6d6d6d6c82800000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000003fef +ffffffffffffffffffdf0000000000000000000000000000000000000000000000000000 +000000006fffffffffffffffffffffffffffffffffffffffffdf00000000000000000000 +0000000000000000000000000000000000000000bfffffffffffffffffffffffffffffff +ffffffffffffa49e9e9e9e9e9e9e6c090000000000000000000000000000000000000000 +00000000000000000000000000000000000000000000000da0d6d6d6d6d6d6d6d6d6d6d6 +5d0000000000000000000000000000000000000000000000000000000000000000000000 +000028d6d6d6d6d6d6c85000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000006fffffffffffffffffffffffaf000000000000000000000000 +000000000000000000000000000000000000afffffffffffffffffffffffffffffffffff +ffffff9f000000000000000000000000000000000000000000000000000000000000efff +ffffffffffffffffffffffffffffffffffffffffc29e9e9e9e9e9e450000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +28add6d6d6d6d6d6d6d6d6d6d6d6d6280000000000000000000000000000000000000000 +00000000000000000000000000000000005dd6d6d6d6d6d6d65d00000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000000000000000fbfffffffffffffffffffffff +ff6f000000000000000000000000000000000000000000000000000000000000dfffffff +ffffffffffffffffffffffffffffffffff6f000000000000000000000000000000000000 +00000000000000000000002ffffffffffffffffffffffffffffffffffffffffffffff29e +9e9e9e942700000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000042c8d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad000000000000 +000000000000000000000000000000000000000000000000000000000000000085d6d6d6 +d6d6d6d6850d000000000000000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +6fefffffffffffffffffffffffffff3f0000000000000000000000000000000000000000 +0000000000000000001fffffffffffffffffffffffffffffffffffffffffff3f00000000 +000000000000000000000000000000000000000000000000005fffffffffffffffffffff +ffffffffffffffffffffffffffb69e9e7609000000000000000000000000000000000000 +00000000000000000000000000000000000000000000000000006bd6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d678000000000000000000000000000000000000000000000000000000 +000000000000000000000dadd6d6d6d6d6d6d6bb35000000000000000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000003fcfffffffffffffffffffffffffffffff00000000000000 +00000000000000000000000000000000000000000000004fffffffffffffffffffffffff +ffffffffffffffffff000000000000000000000000000000000000000000000000000000 +0000008fffffffffffffffffffffffffffffffffffffffffffffffe69e58000000000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +00000d85d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d635000000000000000000000000 +0000000000000000000000000000000000000000000000000028c8d6d6d6d6d6d6d6ac6c +130000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000003fbfffffffffffffffffffff +ffffffffffffbf0000000000000000000000000000000000000000000000000000000000 +007fffffffffffffffffffffffffffffffffffffffffbf00000000000000000000000000 +0000000000000000000000000000000000bfffffffffffffffffffffffffffffffffffff +ffffffffffef310000000000000000000000000000000000000000000000000000000000 +0000000000000000000000000000001aadd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6bb0d000000000000000000000000000000000000000000000000000000000000000000 +0000000050d6d6d6d6d6d6c49e9e9e6c2700000000000000000000000000000000000000 +00000000000000000000000000000000000000000000000000000000000000000000000f +6fdfffffffffffffffffffffffffffffffffffff8f000000000000000000000000000000 +000000000000000000000000000000bfffffffffffffffffffffffffffffffffffffffff +8f000000000000000000000000000000000000000000000000000000000000ffffffffff +ffffffffffffffffffffffffffffffffffffcf1f00000000000000000000000000000000 +0000000000000000000000000000000000000000000000000000000028c8d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d69300000000000000000000000000000000000000 +0000000000000000000000000000000000000085d6d6d6d6d2a59e9e9e9e9e8a45130000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000000000000000f5fafffffffffffffffffffffffffffffffffffffffffff5f00 +0000000000000000000000000000000000000000000000000000000000ffffffffffffff +ffffffffffffffffffffffffffff5f000000000000000000000000000000000000000000 +00000000000000003fffffffffffffffffffffffffffffffffffffffffffff9f0f000000 +000000000000000000000000000000000000000000000000000000000000000000000000 +000000000050d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d64200000000 +00000000000000000000000000000000000000000000000000000000000000000000add6 +d6d6b69e9e9e9e9e9e9e9e9e805831090000000000000000000000000000000000000000 +00000000000000000000000000000000000000000f4f8fcfffffffffffffffffffffffff +ffffffffffffffffffffffff1f0000000000000000000000000000000000000000000000 +0000000000002fffffffffffffffffffffffffffffffffffffffffff1f00000000000000 +000000000000000000000000000000000000000000006fffffffffffffffffffffffffff +ffffffffffffffef5f000000000000000000000000000000000000000000000000000000 +00000000000000000000000000000000000085d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6c81a00000000000000000000000000000000000000000000000000 +0000000000000000000000001ac8d6c89e9e9e9e9e9e9e9e9e9e9e9e9eaacf9f7f3f1f00 +00000000000000000000000000000000000000000000000000000000002f3f7fafcfffff +ffffffffffffffffffffffffffffffffffffffffffffffffffef00000000000000000000 +00000000000000000000000000000000000000006fffffffffffffffffffffffffffffff +ffffffffffef000000000000000000000000000000000000000000000000000000000000 +9fffffffffffffffffffffffffffffffffffffffdf2f0000000000000000000000000000 +0000000000000000000000000000000000000000000000000000000000000da0d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6a00000000000000000000000 +00000000000000000000000000000000000000000000000000000042d2a59e9e9e9e9e9e +9e9e9e9e9e9e9edaffffffffffffcfbf9f7f7f6f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f3f +7f7f7fafbfdfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffdf7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7fbfff +ffffffffffffffffffffffffffffffffffffffdf7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f +7f7f7f7f7f7f7f7f7f7f7f7f7f7fdfffffffffffffffffffffffffffffffffffffaf0f00 +000000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000028bbd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d65d0000000000000000000000000000000000000000000000000000000000000000 +0000000000005f9e9e9e9e9e9e9e9e9e9e9e9e9eb6ffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffff6f00000000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000050c8d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6280000000000000000000000000000000000 +000000000000000000000000000000000000000000809e9e9e9e9e9e9e9e9e9e9e9eecff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffef2f000000000000000000000000 +0000000000000000000000000000000000000000000000000000000000000000006bd6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6ad000000 +000000000000000000000000000000000000000000000000000000000000000000000009 +949e9e9e9e9e9e9e9e9e9ec8ffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffbf +0f0000000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000d93d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d678000000000000000000000000000000000000000000000000 +0000000000000000000000000000279e9e9e9e9e9e9e9e9ea4f8ffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffff7f0000000000000000000000000000000000000000000000 +000000000000000000000000000000000000000000001aadd6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d635000000000000000000 +00000000000000000000000000000000000000000000000000000000004f9e9e9e9e9e9e +9e9ee0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffef4f00000000000000000000 +000000000000000000000000000000000000000000000000000000000000000000000035 +c8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6bb0d000000000000000000000000000000000000000000000000000000000000 +0000000000000000769e9e9e9e9e9ec2ffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffcf1f000000000000000000000000000000000000000000000000000000000000000000 +0000000000000000000000005dd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d69300000000000000000000000000000000 +00000000000000000000000000000000000000000000098a9e9e9e9eaaf8ffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffff9f000000000000000000000000000000000000000000 +0000000000000000000000000000000000000000000000000085d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d64200 +000000000000000000000000000000000000000000000000000000000000000000000000 +001d9e9e9e9eecffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffdf7f7f7f7f7f7f7f7f +7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f7f614f4f4f4f4f4f4f4f4f4f4f4f4f4f4f566b6b6b +6b6badd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6c86b6b6b6b6b6b6b6b6b6b6b6b6b6b6b6b6b6b6b6b6b6b6b +6b6b674f4f4f4f4f4f4f4f4f4f4f4f4f8a9e9ed4ffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeca49e9e9e9e +9e9e9e9e9e9e9e9e9e9e9eb3d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cba89e9e9e9e9e9e9e9e9e9e9e9e9e9e9ec2ffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffe09e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eafd2d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8a19e9e9e9e9e9e +9e9e9e9e9e9e9e9e9eb0f8ffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffda9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9ea8cbd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6bd9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea4f8ffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffc29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea1c4d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d2af9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea4 +ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffc29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +b3d2d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8a59e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9ea4ecffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc29e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea5c8d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d2b69e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9edaffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffc29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb3d2d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8a59e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9edaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffc29e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9ea1bad6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cfac9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea4daffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffc29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea5c1d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6cfb39e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea4ecffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffc89e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9ea5c1d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cfb39e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9ea4ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +da9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea1bacfd6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8af9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb0f8ffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffeca49e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9eafc1d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6cfbaa59e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ec2f8ffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8b09e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea1afc1d2d6d6d6d6d6d6d6d6d6d6d6d6d6 +d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6cbbaa89e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9ed4ffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffc89e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9ea8b6c4cfd6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6d6c8bdafa19e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaaecffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffe6aa9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ea1acb3bac4c8c8d6d6d6d6d6d6d6cfc8c8 +bdbaafa89e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ebcf8ff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffff8c89e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9ea4e0ffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffe6aa9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9ec2f8ffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +cea49e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eb6e6 +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffff8c29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9eaadaffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff2c29e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaadaffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffff2c29e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaada +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffffffffffffffffffffff8ceaa9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9eb6e0ffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffe0bc9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaac8f2ffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffffffffffffffff8dabc9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaac8ecff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffff8e0c2aa9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e +9e9e9e9e9e9e9eb6d4ecffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffffffffffffffffffffffffffffffffffffff2e0c8b6a49e9e9e9e9e9e9e9e +9e9e9e9e9e9e9e9e9e9e9e9e9e9e9e9eaabccee6ffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +fffffffffffff8e6d4cec2b6b6aa9e9e9e9e9e9e9e9eb6b6b6c8cee0e6ffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff +ffffffffffffffffffffffffffffffffffffffffffffff +end +%%PageTrailer +%%Trailer +%%EOF diff --git a/src/xen/docs/gen-html-index b/src/xen/docs/gen-html-index new file mode 100644 index 0000000000000000000000000000000000000000..4fad6db974888a94699f151ef99678f0a1bbed7a --- /dev/null +++ b/src/xen/docs/gen-html-index @@ -0,0 +1,177 @@ +#!/usr/bin/env perl + +# +# Generate indexes for html documentation +# + +use strict; +use warnings; + +use Getopt::Long; +use IO::File; +use File::Basename; + +Getopt::Long::Configure('bundling'); + +@ARGV >= 2 or die; + +our @docs; +our @dirs; +our %index; + +our $outdir; +our $debug; + +GetOptions("i=s" => sub { read_index(@_);}, + "D" => \$debug) + or die; + +($outdir,@docs) = @ARGV; + +sub write_file ($$) { + my ($opath, $odata) = @_; + print STDOUT "Writing: $opath\n"; + my $out = new IO::File "$opath.new", '>' or die "$opath $!"; + print $out $odata or die $!; + rename "$opath.new", "$opath" or die "$opath $!"; +} + +sub make_page ($$$) { + my ($file,$title,$content) = @_; + my $o = ''; + my $h1; + if ( $title eq "" ) + { + $title = $h1 = "Xen Documentation"; + } + else + { + $h1 = "Xen Documentation - $title"; + $title = "Xen Documentation - $title"; + } + $o .= <$title + +

$h1

+
    +$content +
+ +END + write_file($file, $o); +} + +sub make_linktext ($) { + my ($l) = @_; + return "$1($2)" if $l =~ m,^man/(.*)\.([0-9].*)\.html,; + $l =~ s/.(?:html|txt)$//g; + return $index{$l} if exists $index{$l}; + + my $from_html; + eval { + require HTML::TreeBuilder::XPath; + my $tree = new HTML::TreeBuilder::XPath; + my $f = "$outdir/$l.html"; + open F, '<', $f or die "$l $f $!"; + $tree->parse_file(\*F) or die; + close F; + $from_html = $tree->findvalue("/html/head/title"); + }; + print "$l: get title: $@" if $@ && $debug; + return $from_html if $from_html; + + return basename($l); +} + +sub make_link ($$) { + my ($ref,$base) = @_; + + my $txt = make_linktext($ref); + $ref =~ s,^$base/,, if $base; #/ + + return "
  • $txt
    • \n"; +} + +sub make_links ($@) { + my ($dir,@docs) = @_; + my $idx = ''; + foreach my $of (sort { make_linktext($a) cmp make_linktext($b) } @docs) { + $idx .= make_link($of,$dir); + } + return $idx; +} + +sub read_index ($$) { + my ($opt, $val) = @_; + my $idx = new IO::File "$val", '<' or die "$val $!"; + while ($_ = $idx->getline()) { + s/^\s+//; + s/\s+$//; + next if m/^\#/; + next unless m/\S/; + m/^(\S+)\s+(\S.*)$/ or die; + $index{$1} = $2; + } +} + +sub uniq (@) { + my %h; + foreach (@_) { $h{$_} = 1; } + return keys %h; +} + +for (@docs) { s,^\Q$outdir\E/,, } + +@docs = grep { -e "$outdir/$_" && (make_linktext($_) ne "NO-INDEX") } @docs; + +my $top = ''; + +# Return a list of all directories leading to $path +sub dirs($) +{ + my ($path) = @_; + my @dirs; + while ( $path =~ m,/, ) + { + $path =~ m,/([^/]+)$,; + push @dirs, $`;#` + $path = $`;#` + } + return @dirs; +} + +foreach my $of (grep { !m{/} } @docs) { + $top .= make_link($of,''); +} + +foreach my $od (sort { $a cmp $b } uniq map { dirs($_) } @docs) { + my @d = (grep /^\Q$od\E/, @docs); + if ( @d == 1 and $d[0] eq "$od/index.html" ) + { + next if $d[0] =~ m,/,;#/ linked to from the subdirectory entry. + $top .= make_link("$od/index.html", 0); + } + else + { + my $links = make_links(undef,@d); + my $secttitle = make_linktext($od); + $top .= <$secttitle +
      +$links +
    +END + + $links = make_links($od,@d); + my $idx = ''; + $idx .= <$secttitle +
      +$links +
    +END + make_page("$outdir/$od/index.html", $secttitle, $idx); + } +} + +make_page("$outdir/index.html", "", $top); diff --git a/src/xen/docs/glossary.rst b/src/xen/docs/glossary.rst new file mode 100644 index 0000000000000000000000000000000000000000..8ddbdab160a14e8e7a59ea5dd3a2a2eceb002639 --- /dev/null +++ b/src/xen/docs/glossary.rst @@ -0,0 +1,52 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +Glossary +======== + +.. Terms should appear in alphabetical order + +.. glossary:: + + control domain + A :term:`domain`, commonly dom0, with the permission and responsibility + to create and manage other domains on the system. + + domain + A domain is Xen's unit of resource ownership, and generally has at the + minimum some RAM and virtual CPUs. + + The terms :term:`domain` and :term:`guest` are commonly used + interchangeably, but they mean subtly different things. + + A guest is a single, end user, virtual machine. + + In some cases, e.g. during live migration, one guest will be comprised of + two domains for a period of time, while it is in transit. + + domid + The numeric identifier of a running :term:`domain`. It is unique to a + single instance of Xen, used as the identifier in various APIs, and is + typically allocated sequentially from 0. + + guest + The term 'guest' has two different meanings, depending on context, and + should not be confused with :term:`domain`. + + When discussing a Xen system as a whole, a 'guest' refer to a virtual + machine which is the "useful output" of running the system in the first + place (e.g. an end-user VM). Virtual machines providing system services, + (e.g. the control and/or hardware domains), are not considered guests in + this context. + + In the code, "guest context" and "guest state" is considered in terms of + the CPU architecture, and contrasted against hypervisor context/state. + In this case, it refers to all code running lower privilege privilege + level the hypervisor. As such, it covers all domains, including ones + providing system services. + + hardware domain + A :term:`domain`, commonly dom0, which shares responsibility with Xen + about the system as a whole. + + By default it gets all devices, including all disks and network cards, so + is responsible for multiplexing guest I/O. diff --git a/src/xen/docs/guest-guide/index.rst b/src/xen/docs/guest-guide/index.rst new file mode 100644 index 0000000000000000000000000000000000000000..5455c67479cf8aab152785dc8128c7a94e6b9885 --- /dev/null +++ b/src/xen/docs/guest-guide/index.rst @@ -0,0 +1,9 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +Guest documentation +=================== + +.. toctree:: + :maxdepth: 2 + + x86/index diff --git a/src/xen/docs/guest-guide/x86/hypercall-abi.rst b/src/xen/docs/guest-guide/x86/hypercall-abi.rst new file mode 100644 index 0000000000000000000000000000000000000000..83890e1cb613007c4726ccc71de55c97639f6a1f --- /dev/null +++ b/src/xen/docs/guest-guide/x86/hypercall-abi.rst @@ -0,0 +1,136 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +Hypercall ABI +============= + +Hypercalls are system calls to Xen. Two modes of guest operation are +supported, and up to 5 individual parameters are supported. + +Hypercalls may only be issued by kernel-level software [#kern]_. + +Registers +--------- + +The registers used for hypercalls depends on the operating mode of the guest. + +.. list-table:: + :header-rows: 1 + + * - ABI + - Hypercall Index + - Parameters (1 - 5) [#params]_ + - Result + + * - 64bit + - RAX + - RDI RSI RDX R10 R8 + - RAX + + * - 32bit + - EAX + - EBX ECX EDX ESI EDI + - EAX + +32 and 64bit PV guests have an ABI fixed by their guest type. The ABI for an +HVM guest depends on whether the vCPU is operating in a 64bit segment or not +[#mode]_. + + +Parameters +---------- + +Different hypercalls take a different number of parameters. Each hypercall +potentially clobbers each of its parameter registers; a guest may not rely on +the parameter registers staying the same. A debug build of Xen checks this by +deliberately poisoning the parameter registers before returning back to the +guest. + + +Mode transfer +------------- + +The exact sequence of instructions required to issue a hypercall differs +between virtualisation mode and hardware vendor. + +.. list-table:: + :header-rows: 1 + + * - Guest + - Transfer instruction + + * - 32bit PV + - INT 0x82 + + * - 64bit PV + - SYSCALL + + * - Intel HVM + - VMCALL + + * - AMD HVM + - VMMCALL + +To abstract away the details, Xen implements an interface known as the +Hypercall Page. This allows a guest to make a hypercall without needing to +perform mode-specific or vendor-specific setup. + + +Hypercall Page +============== + +The hypercall page is a page of guest RAM into which Xen will write suitable +transfer stubs. + +Creating a hypercall page is an isolated operation from Xen's point of view. +It is the guests responsibility to ensure that the hypercall page, once +written by Xen, is mapped with executable permissions so it may be used. +Multiple hypercall pages may be created by the guest, if it wishes. + +The stubs are arranged by hypercall index, and start on 32-byte boundaries. +To invoke a specific hypercall, ``call`` the relevant stub [#iret]_: + +.. code-block:: none + + call hypercall_page + index * 32 + +There result is an ABI which is invariant of the exact operating mode or +hardware vendor. This is intended to simplify guest kernel interfaces by +abstracting away the details of how it is currently running. + + +Creating Hypercall Pages +------------------------ + +Guests which are started using the PV boot protocol may set set +``XEN_ELFNOTE_HYPERCALL_PAGE`` to have the nominated page written as a +hypercall page during construction. This mechanism is common for PV guests, +and allows hypercalls to be issued with no additional setup. + +Any guest can locate the Xen CPUID leaves and read the *hypercall transfer +page* information, which specifies an MSR that can be used to create +additional hypercall pages. When a guest physical address is written to the +MSR, Xen writes a hypercall page into the nominated guest page. This +mechanism is common for HVM guests which are typically started via legacy +means. + + +.. rubric:: Footnotes + +.. [#kern] For HVM guests, ``HVMOP_guest_request_vm_event`` may be configured + to be usable from userspace, but this behaviour is not default. + +.. [#params] Xen's ABI used to declare support for 6 hypercall arguments, + using ``r9`` and ``ebp``. However, such an ABI clobbers the frame pointer + in the 32bit code and does not interact nicely with guest-side debugging. + ``V4V``, the predecessor to ``HYPERCALL_argo_op`` was a 6-argument + hypercall, but the ABI was intentionally altered when Argo was upstreamed + (Xen 4.13) to be the 5-argument hypercall it now is. + +.. [#mode] While it is possible to use compatibility mode segments in a 64bit + kernel, hypercalls issues from such a mode will be interpreted with the + 32bit ABI. Such a setup is not expected in production scenarios. + +.. [#iret] ``HYPERCALL_iret`` is special. It is only implemented for PV + guests and takes all its parameters on the stack. This stub should be + ``jmp``'d to, rather than ``call``'d. HVM guests have this stub + implemented as ``ud2a`` to prevent accidental use. diff --git a/src/xen/docs/guest-guide/x86/index.rst b/src/xen/docs/guest-guide/x86/index.rst new file mode 100644 index 0000000000000000000000000000000000000000..502968490d9dc00c074b111c14b301a74c1406bb --- /dev/null +++ b/src/xen/docs/guest-guide/x86/index.rst @@ -0,0 +1,9 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +x86 +=== + +.. toctree:: + :maxdepth: 2 + + hypercall-abi diff --git a/src/xen/docs/hypervisor-guide/code-coverage.rst b/src/xen/docs/hypervisor-guide/code-coverage.rst new file mode 100644 index 0000000000000000000000000000000000000000..a0b787b379b59fdf7483e3b56ccdaea8558a3ba7 --- /dev/null +++ b/src/xen/docs/hypervisor-guide/code-coverage.rst @@ -0,0 +1,98 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +Code Coverage +============= + +Xen can be compiled with coverage support. When configured, Xen will record +the coverage of its own basic blocks. Being a piece of system software rather +than a userspace, it can't automatically write coverage out to the filesystem, +so some extra steps are required to collect and process the data. + + +Compiling Xen +------------- + +Coverage support is dependent on the compiler and toolchain used. As Xen +isn't a userspace application, it can't use the compiler supplied library, and +instead has to provide some parts of the implementation itself. + +For x86, coverage support was introduced with GCC 3.4 or later, and Clang 3.9 +or later, and Xen is compatible with these. However, the compiler internal +formats do change occasionally, and this may involve adjustments to Xen. +While we do our best to keep up with these changes, Xen may not be compatible +with bleeding edge compilers. + +To build with coverage support, enable ``CONFIG_COVERAGE`` in Kconfig. The +build system will automatically select the appropriate format based on the +compiler in use. + +The resulting binary will record its own coverage while running. + + +Accessing the raw coverage data +------------------------------- + +The ``SYSCTL_coverage_op`` hypercall is used to interact with the coverage +data. A dom0 userspace helper, ``xenconv`` is provided as well, which thinly +wraps this hypercall. + +The ``read`` subcommand can be used to obtain the raw coverage data:: + + [root@host ~]# xencov read > coverage.dat + +This is toolchain-specific data and needs to be fed back to the appropriate +programs to post-process. + +Alternatively, the ``reset`` subcommand can be used reset all counters back to +0:: + + [root@host ~]# xencov reset + + +GCC coverage +------------ + +A build using GCC's coverage will result in ``*.gcno`` artefact for every +object file. The raw coverage data needs splitting to form the matching +``*.gcda`` files. + +An example of how to view the data is as follows. It uses ``lcov`` which is a +graphical frontend to ``gcov``. + +* Obtain the raw coverage data from the test host, and pull it back to the + build working tree. +* Use ``xencov_split`` to extract the ``*.gcda`` files. Note that full build + paths are used by the tools, so splitting needs to output relative to ``/``. +* Use ``geninfo`` to post-process the raw data. +* Use ``genhtml`` to render the results as HTML. +* View the results in a browser. + +:: + + xen.git/xen$ ssh root@host xencov read > coverage.dat + xen.git/xen$ ../tools/xencov_split coverage.dat --output-dir=/ + xen.git/xen$ geninfo . -o cov.info + xen.git/xen$ genhtml cov.info -o cov/ + xen.git/xen$ $BROWSER cov/index.html + +Clang coverage +-------------- + +An example of how to view the data is as follows. + +* Obtain the raw coverage data from the test host, and pull it back to the + build working tree. +* Use ``llvm-profdata`` to post-process the raw data. +* Use ``llvm-cov show`` in combination with ``xen-syms`` from the build to + render the results as HTML. +* View the results in a browser. + +:: + + xen.git/xen$ ssh root@host xencov read > xen.profraw + xen.git/xen$ llvm-profdata merge xen.profraw -o xen.profdata + xen.git/xen$ llvm-cov show -format=html -output-dir=cov/ xen-syms -instr-profile=xen.profdata + xen.git/xen$ $BROWSER cov/index.html + +Full documentation on Clang's coverage capabilities can be found at: +https://clang.llvm.org/docs/SourceBasedCodeCoverage.html diff --git a/src/xen/docs/hypervisor-guide/index.rst b/src/xen/docs/hypervisor-guide/index.rst new file mode 100644 index 0000000000000000000000000000000000000000..e4393b06975b3931203a57c74f61908a4cef4312 --- /dev/null +++ b/src/xen/docs/hypervisor-guide/index.rst @@ -0,0 +1,11 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +Hypervisor documentation +======================== + +.. toctree:: + :maxdepth: 2 + + code-coverage + + x86/index diff --git a/src/xen/docs/hypervisor-guide/x86/how-xen-boots.rst b/src/xen/docs/hypervisor-guide/x86/how-xen-boots.rst new file mode 100644 index 0000000000000000000000000000000000000000..ca77d7c8a333afc0e637abb00394cd6ad17aabb1 --- /dev/null +++ b/src/xen/docs/hypervisor-guide/x86/how-xen-boots.rst @@ -0,0 +1,101 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +How Xen Boots +============= + +This is an at-a-glance reference of Xen's booting capabilities and +expectations. + + +Build +----- + +A build of xen produces ``xen.gz`` and optionally ``xen.efi`` as final +artefacts. + + * For BIOS, Xen supports the Multiboot 1 and 2 protocols. + + * For EFI, Xen supports Multiboot 2 with EFI extensions, and native EFI64. + + * For virtualisation, Xen supports starting directly with the PVH boot + protocol. + + +Objects +~~~~~~~ + +To begin with, most object files are compiled and linked. This includes the +Multiboot 1 and 2 headers and entrypoints, including the Multiboot 2 tags for +EFI extensions. When ``CONFIG_PVH_GUEST`` is selected at build time, this +includes the PVH entrypoint and associated ELF notes. + +Depending on whether the compiler supports ``__attribute__((__ms_abi__))`` or +not, either an EFI stub is included which nops/fails applicable setup and +runtime calls, or full EFI support is included. + + +Protocols and entrypoints +~~~~~~~~~~~~~~~~~~~~~~~~~ + +All headers and tags are built in ``xen/arch/x86/boot/head.S`` + +The Multiboot 1 headers request aligned modules and memory information. Entry +is via the start of the binary image, which is the ``start`` symbol. This +entrypoint must be started in 32bit mode. + +The Multiboot 2 headers are more flexible, and in addition request that the +image be loaded as high as possible below the 4G boundary, with 2M alignment. +Entry is still via the ``start`` symbol as with MB1, and still in 32bit mode. + +Headers for the EFI MB2 extensions are also present. These request that +``ExitBootServices()`` not be called, and register ``__efi_mb2_start`` as an +alternative entrypoint, entered in 64bit mode. + +If ``CONFIG_PVH_GUEST`` was selected at build time, an Elf note is included +which indicates the ability to use the PVH boot protocol, and registers +``__pvh_start`` as the entrypoint, entered in 32bit mode. + + +xen.gz +~~~~~~ + +The objects are linked together to form ``xen-syms`` which is an ELF64 +executable with full debugging symbols. ``xen.gz`` is formed by stripping +``xen-syms``, then repackaging the result as an ELF32 object with a single +load section at 2MB, and ``gzip``-ing the result. Despite the ELF32 having a +fixed load address, its contents are relocatable. + +Any bootloader which unzips the binary and follows the ELF headers will place +it at the 2M boundary and jump to ``start`` which is the identified entry +point. However, Xen depends on being entered with the MB1 or MB2 protocols, +and will terminate otherwise. + +The MB2+EFI entrypoint depends on being entered with the MB2 protocol, and +will terminate if the entry protocol is wrong, or if EFI details aren't +provided, or if EFI Boot Services are not available. + + +xen.efi +~~~~~~~ + +When a PEI-capable toolchain is found, the objects are linked together and a +PE32+ binary is created. It can be run directly from the EFI shell, and has +``efi_start`` as its entry symbol. + +.. note:: + + xen.efi does contain all MB1/MB2/PVH tags included in the rest of the + build. However, entry via anything other than the EFI64 protocol is + unsupported, and won't work. + + +Boot +---- + +Xen, once loaded into memory, identifies its position in order to relocate +system structures. For 32bit entrypoints, this necessarily requires a call +instruction, and therefore a stack, but none of the ABIs provide one. + +Overall, given that on a BIOS-based system, the IVT and BDA occupy the first +5/16ths of the first page of RAM, with the rest free to use, Xen assumes the +top of the page is safe to use. diff --git a/src/xen/docs/hypervisor-guide/x86/index.rst b/src/xen/docs/hypervisor-guide/x86/index.rst new file mode 100644 index 0000000000000000000000000000000000000000..c10cd1d7c0bdf405593109ea34aa86b70cece2ed --- /dev/null +++ b/src/xen/docs/hypervisor-guide/x86/index.rst @@ -0,0 +1,9 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +x86 +=== + +.. toctree:: + :maxdepth: 2 + + how-xen-boots diff --git a/src/xen/docs/index.rst b/src/xen/docs/index.rst new file mode 100644 index 0000000000000000000000000000000000000000..22fdde80590c050d616d5756a8a907abd8dc4353 --- /dev/null +++ b/src/xen/docs/index.rst @@ -0,0 +1,75 @@ +.. SPDX-License-Identifier: CC-BY-4.0 + +The Xen Hypervisor documentation +================================ + +.. note:: + + Xen's Sphinx/RST documentation is a work in progress. The existing + documentation can be found at https://xenbits.xen.org/docs/ + +Xen is an open source, bare metal hypervisor. It runs as the most privileged +piece of software on the system, and shares the resources of the hardware +between virtual machines. See :doc:`admin-guide/introduction` for an +introduction to a Xen system. + +User documentation +------------------ + +This is documentation for an administrator of a Xen system. It is intended +for someone who is not necesserily a developer, has installed Xen from their +preferred distribution, and is attempting to run virtual machines and +configure the system. + +.. toctree:: + :maxdepth: 2 + + admin-guide/index + + +Guest documentation +------------------- + +This documentation concerns the APIs and ABIs available to guests. It is +intended for OS developers trying to use a Xen feature, and for Xen developers +to avoid breaking things. + +.. toctree:: + :maxdepth: 3 + + guest-guide/index + + +Hypervisor developer documentation +---------------------------------- + +This is documentation for a hypervisor developer. It is intended for someone +who is building Xen from source, and is running the new hypervisor in some +kind of development environment. + +.. toctree:: + :maxdepth: 2 + + hypervisor-guide/index + + +Unsorted documents +------------------ + +Documents in need of some rearranging. + +.. toctree:: + :maxdepth: 2 + + designs/launch/hyperlaunch + designs/launch/hyperlaunch-devicetree + misc/xen-makefiles/makefiles + misra/index + + +Miscellanea +----------- + +.. toctree:: + + glossary diff --git a/src/xen/docs/man/xen-pci-device-reservations.7.pod b/src/xen/docs/man/xen-pci-device-reservations.7.pod new file mode 100644 index 0000000000000000000000000000000000000000..9ddf3a18ad7a70969b112f63696e018020bb61e1 --- /dev/null +++ b/src/xen/docs/man/xen-pci-device-reservations.7.pod @@ -0,0 +1,89 @@ +=head1 NAME + +xen-pci-device-reservations - Xen PCI device ID registry + +=head1 Description + +PCI vendor ID 0x5853 has been reserved for use by Xen systems in order to +advertise certain virtual hardware to guest virtual machines. The primary +use of this is with device ID 0x0001 to advertise the Xen Platform PCI +device - the presence of this virtual device enables a guest Operating +System (subject to the availability of suitable drivers) to make use of +paravirtualisation features such as disk and network devices etc. + +Some Xen vendors wish to provide alternative and/or additional guest drivers +that can bind to virtual devices[1]. This may be done using the Xen PCI +vendor ID of 0x5853 and Xen-vendor/device specific PCI device IDs. This file +records reservations made within the device ID range in order to avoid +multiple Xen vendors using conflicting IDs. + +=head1 Guidelines + +=over 4 + +=item 1. A vendor may request a range of device IDs by submitting a patch to + this file. + +=item 2. Vendor allocations should be in the range 0xc000-0xfffe to reduce the + possibility of clashes with community IDs assigned from the bottom up. + +=item 3. The vendor is responsible for allocations within the range and should + try to record specific device IDs in PCI ID databases such as + https://pci-ids.ucw.cz and https://devicehunt.com + +=back + +=head1 Reservations + + range | vendor/product + --------------+-------------------------------------------------------------- + 0x0001 | (Xen Platform PCI device) + 0x0002 | Citrix XenServer (grandfathered allocation for XenServer 6.1) + 0xc000-0xc0ff | Citrix XenServer + 0xc100-0xc1ff | Citrix XenClient + 0xc200-0xc2ff | XCP-ng Project (https://xcp-ng.org) + +=head1 Notes + +=over 4 + +=item 1. + +Upstream QEMU provides a parameterized device called xen-pvdevice that +can be used to host guest drivers. Execute: + + qemu-system-i386 -device xen-pvdevice,help + +for a list of all parameters. The following parameters are relevant to +driver binding: + +=over 4 + +=item vendor-id (default 0x5853) + +The PCI vendor ID and subsystem vendor ID of the device. + +=item device-id (must be specified) + +The PCI device ID and subsystem device ID of the device. + +=item revision (default 0x01) + +The PCI revision of the device + +=back + +Also the size parameter (default 0x400000) can be used to specify the +size of the single MMIO BAR that the device exposes. This area may be +used by drivers for mapping grant tables, etc. + +Note that the presence of the Xen Platform PCI device is generally a +pre-requisite for an additional xen-pvdevice as it is the platform +device that provides that IO ports necessary for unplugging emulated +devices. See hvm-emulated-unplug.markdown for details of the IO ports +and unplug protocol. + +libxl provides support for creation of a single additional xen-pvdevice. +See the vendor_device parameter in xl.cfg(5). + +=back diff --git a/src/xen/docs/man/xen-pv-channel.7.pod b/src/xen/docs/man/xen-pv-channel.7.pod new file mode 100644 index 0000000000000000000000000000000000000000..ab4577d1da9b62f2df171d76ee3faea7443e2b61 --- /dev/null +++ b/src/xen/docs/man/xen-pv-channel.7.pod @@ -0,0 +1,189 @@ +=encoding utf8 + +=head1 NAME + +xen-pv-channel - Xen PV Channels + +=head1 DESCRIPTION + +A channel is a low-bandwidth private byte stream similar to a serial +link. Typical uses of channels are + +=over + +=item 1. + +to provide initial configuration information to a VM on boot +(example use: CloudStack's cloud-early-config service) + + +=item 2. + +to signal/query an in-guest agent +(example use: oVirt's guest agent) + + +=back + +Channels are similar to virtio-serial devices and emulated serial links. +Channels are intended to be used in the implementation of libvirt s +when running on Xen. + +Note: if an application requires a high-bandwidth link then it should use +vchan instead. + + +=head2 How to use channels: an example + +Consider a cloud deployment where VMs are cloned from pre-made templates, +and customised on first boot by an in-guest agent which sets the IP address, +hostname, ssh keys etc. To install the system the cloud administrator would +first: + +=over + +=item 1. + +Install a guest as normal (no channel configuration necessary) + + +=item 2. + +Install the in-guest agent specific to the cloud software. This will +prepare the guest to communicate over the channel, and also prepare +the guest to be cloned safely (sometimes known as "sysprepping") + + +=item 3. + +Shutdown the guest + + +=item 4. + +Register the guest as a template with the cloud orchestration software + + +=item 5. + +Install the cloud orchestration agent in dom0 + + +=back + +At runtime, when a cloud tenant requests that a VM is created from the template, +the sequence of events would be: (assuming a Linux domU) + +=over + +=item 1. + +A VM is "cloned" from the template + + +=item 2. + +A unique Unix domain socket path in dom0 is allocated +(e.g. /my/cloud/software/talk/to/domain/) + + +=item 3. + +Domain configuration is created for the VM, listing the channel +name expected by the in-guest agent. In xl syntax this would be: + +channel = [ "connection=socket, name=org.my.cloud.software.agent.version1, path = /my/cloud/software/talk/to/domain/" ] + +=item 4. + +The VM is started + + +=item 5. + +In dom0 the cloud orchestration agent connects to the Unix domain +socket, writes a handshake message and waits for a reply + + +=item 6. + +Assuming the guest kernel has CONFIG_HVC_XEN_FRONTEND set then the console +driver will generate a hotplug event + + +=item 7. + +A udev rule is activated by the hotplug event. + +The udev rule would look something like: + +SUBSYSTEM=="xen", DEVPATH=="/devices/console-[0-9]", RUN+="xen-console-setup" + +where the "xen-console-setup" script would read the channel name and +make a symlink in /dev/xen-channel/org.my.cloud.software.agent.version1 +pointing to /dev/hvcN. N is the same number as the number in "/devices/console-[0-9]". +In other words, "/devices/console-2" maps to /dev/hvc2. + + +=item 8. + +The in-guest agent uses inotify to see the creation of the /dev/xen-channel +symlink and opens the device. + + +=item 9. + +The in-guest agent completes the handshake with the dom0 agent + + +=item 10. + +The dom0 agent transmits the unique VM configuration: hostname, IP +address, ssh keys etc etc + + +=item 11. + +The in-guest agent receives the configuration and applies it. + + +=back + +Using channels avoids having to use a temporary disk device or network +connection. + + +=head2 Design recommendations and pitfalls + +It's necessary to install channel-specific software (an "agent") into the guest +before you can use a channel. By default a channel will appear as a device +which could be mistaken for a serial port or regular console. It is known +that some software will proactively seek out serial ports and issue AT commands +at them; make sure such software is disabled! + +Since channels are identified by names, application authors must ensure their +channel names are unique to avoid clashes. We recommend that channel names +include parts unique to the application such as a domain names. To assist +prevent clashes we recommend authors add their names to our global channel +registry at the end of this document. + + +=head2 Limitations + +Hotplug and unplug of channels is not currently implemented. + + +=head2 Channel name registry + +It is important that channel names are globally unique. To help ensure +that no-one's name clashes with yours, please add yours to this list. + + Key: + N: Name + C: Contact + D: Short description of use, possibly including a URL to your software or API + + N: org.xenproject.guest.clipboard.0.1 + C: David Scott + D: Share clipboard data via an in-guest agent. See: + https://wiki.xenproject.org/wiki/Clipboard_sharing_protocol diff --git a/src/xen/docs/man/xen-tscmode.7.pod b/src/xen/docs/man/xen-tscmode.7.pod new file mode 100644 index 0000000000000000000000000000000000000000..1d81a3fe189dcd1a13452fe4d05316745fa765dc --- /dev/null +++ b/src/xen/docs/man/xen-tscmode.7.pod @@ -0,0 +1,284 @@ +=head1 NAME + +xen-tscmode - Xen TSC (time stamp counter) and timekeeping discussion + +=head1 OVERVIEW + +As of Xen 4.0, a new config option called tsc_mode may be specified +for each domain. The default for tsc_mode handles the vast majority +of hardware and software environments. This document is targeted +for Xen users and administrators that may need to select a non-default +tsc_mode. + +Proper selection of tsc_mode depends on an understanding not only of +the guest operating system (OS), but also of the application set that will +ever run on this guest OS. This is because tsc_mode applies +equally to both the OS and ALL apps that are running on this +domain, now or in the future. + +Key questions to be answered for the OS and/or each application are: + +=over 4 + +=item * + +Does the OS/app use the rdtsc instruction at all? +(We will explain below how to determine this.) + +=item * + +At what frequency is the rdtsc instruction executed by either the OS +or any running apps? If the sum exceeds about 10,000 rdtsc instructions +per second per processor, we call this a "high-TSC-frequency" +OS/app/environment. (This is relatively rare, and developers of OS's +and apps that are high-TSC-frequency are usually aware of it.) + +=item * + +If the OS/app does use rdtsc, will it behave incorrectly if "time goes +backwards" or if the frequency of the TSC suddenly changes? If so, +we call this a "TSC-sensitive" app or OS; otherwise it is "TSC-resilient". + +=back + +This last is the US$64,000 question as it may be very difficult +(or, for legacy apps, even impossible) to predict all possible +failure cases. As a result, unless proven otherwise, any app +that uses rdtsc must be assumed to be TSC-sensitive and, as we +will see, this is the default starting in Xen 4.0. + +Xen's new tsc_mode parameter determines the circumstances under which +the family of rdtsc instructions are executed "natively" vs emulated. +Roughly speaking, native means rdtsc is fast but TSC-sensitive apps +may, under unpredictable circumstances, run incorrectly; emulated means +there is some performance degradation (unobservable in most cases), +but TSC-sensitive apps will always run correctly. Prior to Xen 4.0, +all rdtsc instructions were native: "fast but potentially incorrect." +Starting at Xen 4.0, the default is that all rdtsc instructions are +"correct but potentially slow". The tsc_mode parameter in 4.0 provides +an intelligent default but allows system administrator's to adjust +how rdtsc instructions are executed differently for different domains. + +The non-default choices for tsc_mode are: + +=over 4 + +=item * B (always emulate). + +All rdtsc instructions are emulated; this is the best choice when +TSC-sensitive apps are running and it is necessary to understand +worst-case performance degradation for a specific hardware environment. + +=item * B (never emulate). + +This is the same as prior to Xen 4.0 and is the best choice if it +is certain that all apps running in this VM are TSC-resilient and +highest performance is required. + +=item * B (PVRDTSCP). + +This mode has been removed. + +=back + +If tsc_mode is left unspecified (or set to B), a hybrid +algorithm is utilized to ensure correctness while providing the +best performance possible given: + +=over 4 + +=item * + +the requirement of correctness, + +=item * + +the underlying hardware, and + +=item * + +whether or not the VM has been saved/restored/migrated + +=back + +To understand this in more detail, the rest of this document must +be read. + +=head1 DETERMINING RDTSC FREQUENCY + +To determine the frequency of rdtsc instructions that are emulated, +an "xl" command can be used by a privileged user of domain0. The +command: + + # xl debug-key s; xl dmesg | tail + +provides information about TSC usage in each domain where TSC +emulation is currently enabled. + +=head1 TSC HISTORY + +To understand tsc_mode completely, some background on TSC is required: + +The x86 "timestamp counter", or TSC, is a 64-bit register on each +processor that increases monotonically. Historically, TSC incremented +every processor cycle, but on recent processors, it increases +at a constant rate even if the processor changes frequency (for example, +to reduce processor power usage). TSC is known by x86 programmers +as the fastest, highest-precision measurement of the passage of time +so it is often used as a foundation for performance monitoring. +And since it is guaranteed to be monotonically increasing and, at +64 bits, is guaranteed to not wraparound within 10 years, it is +sometimes used as a random number or a unique sequence identifier, +such as to stamp transactions so they can be replayed in a specific +order. + +On most older SMP and early multi-core machines, TSC was not synchronized +between processors. Thus if an application were to read the TSC on +one processor, then was moved by the OS to another processor, then read +TSC again, it might appear that "time went backwards". This loss of +monotonicity resulted in many obscure application bugs when TSC-sensitive +apps were ported from a uniprocessor to an SMP environment; as a result, +many applications -- especially in the Windows world -- removed their +dependency on TSC and replaced their timestamp needs with OS-specific +functions, losing both performance and precision. On some more recent +generations of multi-core machines, especially multi-socket multi-core +machines, the TSC was synchronized but if one processor were to enter +certain low-power states, its TSC would stop, destroying the synchrony +and again causing obscure bugs. This reinforced decisions to avoid use +of TSC altogether. On the most recent generations of multi-core +machines, however, synchronization is provided across all processors +in all power states, even on multi-socket machines, and provide a +flag that indicates that TSC is synchronized and "invariant". Thus +TSC is once again useful for applications, and even newer operating +systems are using and depending upon TSC for critical timekeeping +tasks when running on these recent machines. + +We will refer to hardware that ensures TSC is both synchronized and +invariant as "TSC-safe" and any hardware on which TSC is not (or +may not remain) synchronized as "TSC-unsafe". + +As a result of TSC's sordid history, two classes of applications use +TSC: old applications designed for single processors, and the most recent +enterprise applications which require high-frequency high-precision +timestamping. + +We will refer to apps that might break if running on a TSC-unsafe +machine as "TSC-sensitive"; apps that don't use TSC, or do use +TSC but use it in a way that monotonicity and frequency invariance +are unimportant as "TSC-resilient". + +The emergence of virtualization once again complicates the usage of +TSC. When features such as save/restore or live migration are employed, +a guest OS and all its currently running applications may be invisibly +transported to an entirely different physical machine. While TSC +may be "safe" on one machine, it is essentially impossible to precisely +synchronize TSC across a data center or even a pool of machines. As +a result, when run in a virtualized environment, rare and obscure +"time going backwards" problems might once again occur for those +TSC-sensitive applications. Worse, if a guest OS moves from, for +example, a 3GHz +machine to a 1.5GHz machine, attempts by an OS/app to measure time +intervals with TSC may without notice be incorrect by a factor of two. + +The rdtsc (read timestamp counter) instruction is used to read the +TSC register. The rdtscp instruction is a variant of rdtsc on recent +processors. We refer to these together as the rdtsc family of instructions, +or just "rdtsc". Instructions in the rdtsc family are non-privileged, but +privileged software may set a cpuid bit to cause all rdtsc family +instructions to trap. This trap can be detected by Xen, which can +then transparently "emulate" the results of the rdtsc instruction and +return control to the code following the rdtsc instruction. + +To provide a "safe" TSC, i.e. to ensure both TSC monotonicity and a +fixed rate, Xen provides rdtsc emulation whenever necessary or when +explicitly specified by a per-VM configuration option. TSC emulation is +relatively slow -- roughly 15-20 times slower than the rdtsc instruction +when executed natively. However, except when an OS or application uses +the rdtsc instruction at a high frequency (e.g. more than about 10,000 times +per second per processor), this performance degradation is not noticeable +(i.e. <0.3%). And, TSC emulation is nearly always faster than +OS-provided alternatives (e.g. Linux's gettimeofday). For environments +where it is certain that all apps are TSC-resilient (e.g. +"TSC-safeness" is not necessary) and highest performance is a +requirement, TSC emulation may be entirely disabled (tsc_mode==2). + +The default mode (tsc_mode==0) checks TSC-safeness of the underlying +hardware on which the virtual machine is launched. If it is +TSC-safe, rdtsc will execute at hardware speed; if it is not, rdtsc +will be emulated. Once a virtual machine is save/restored or migrated, +however, there are two possibilities: TSC remains native IF the source +physical machine and target physical machine have the same TSC frequency +(or, for HVM/PVH guests, if TSC scaling support is available); else TSC +is emulated. Note that, though emulated, the "apparent" TSC frequency +will be the TSC frequency of the initial physical machine, even after +migration. + +Finally, tsc_mode==1 always enables TSC emulation, regardless of +the underlying physical hardware. The "apparent" TSC frequency will +be the TSC frequency of the initial physical machine, even after migration. +This mode is useful to measure any performance degradation that +might be encountered by a tsc_mode==0 domain after migration occurs, +or a tsc_mode==3 domain when it is running on TSC-unsafe hardware. + +Note that while Xen ensures that an emulated TSC is "safe" across migration, +it does not ensure that it continues to tick at the same rate during +the actual migration. As an oversimplified example, if TSC is ticking +once per second in a guest, and the guest is saved when the TSC is 1000, +then restored 30 seconds later, TSC is only guaranteed to be greater +than or equal to 1001, not precisely 1030. This has some OS implications +as will be seen in the next section. + +=head1 TSC INVARIANT BIT and NO_MIGRATE + +Related to TSC emulation, the "TSC Invariant" bit is architecturally defined +in a cpuid bit on the most recent x86 processors. If set, TSC invariance +ensures that the TSC is "safe", that is it will increment at a constant rate +regardless of power events, will be synchronized across all processors, and +was properly initialized to zero on all processors at boot-time +by system hardware/BIOS. As long as system software never writes to TSC, +TSC will be safe and continuously incremented at a fixed rate and thus +can be used as a system "clocksource". + +This bit is used by some OS's, and specifically by Linux starting with +version 2.6.30(?), to select TSC as a system clocksource. Once selected, +TSC remains the Linux system clocksource unless manually overridden. In +a virtualized environment, since it is not possible to synchronize TSC +across all the machines in a pool or data center, a migration may "break" +TSC as a usable clocksource; while time will not go backwards, it may +not track wallclock time well enough to avoid certain time-sensitive +consequences. As a result, Xen can only expose the TSC Invariant bit +to a guest OS if it is certain that the domain will never migrate. +As of Xen 4.0, the "no_migrate=1" VM configuration option may be specified +to disable migration. If no_migrate is selected and the VM is running +on a physical machine with "TSC Invariant", Linux 2.6.30+ will safely +use TSC as the system clocksource. But, attempts to migrate or, once +saved, restore this domain will fail. + +There is another cpuid-related complication: The x86 cpuid instruction is +non-privileged. HVM domains are configured to always trap this instruction +to Xen, where Xen can "filter" the result. In a PV OS, all cpuid instructions +have been replaced by a paravirtualized equivalent of the cpuid instruction +("pvcpuid") and also trap to Xen. But apps in a PV guest that use a +cpuid instruction execute it directly, without a trap to Xen. As a result, +an app may directly examine the physical TSC Invariant cpuid bit and make +decisions based on that bit. + +=head1 HARDWARE TSC SCALING + +Intel VMX TSC scaling and AMD SVM TSC ratio allow the guest TSC read +by guest rdtsc/p increasing in a different frequency than the host +TSC frequency. + +If a HVM container in default TSC mode (tsc_mode=0) is created on a host +that provides constant TSC, its guest TSC frequency will be the same as +the host. If it is later migrated to another host that provides constant +TSC and supports Intel VMX TSC scaling/AMD SVM TSC ratio, its guest TSC +frequency will be the same before and after migration. + +For above HVM container in default TSC mode (tsc_mode=0), if above +hosts support rdtscp, both guest rdtsc and rdtscp instructions will be +executed natively before and after migration. + +=head1 AUTHORS + +Dan Magenheimer diff --git a/src/xen/docs/man/xen-vbd-interface.7.pandoc b/src/xen/docs/man/xen-vbd-interface.7.pandoc new file mode 100644 index 0000000000000000000000000000000000000000..ba0d159dfa7eaf359922583ccd6d2b413acddb13 --- /dev/null +++ b/src/xen/docs/man/xen-vbd-interface.7.pandoc @@ -0,0 +1,135 @@ +Xen guest interface +------------------- + +A Xen guest can be provided with block devices. These are always +provided as Xen VBDs; for HVM guests they may also be provided as +emulated IDE, AHCI or SCSI disks. + +The abstract interface involves specifying, for each block device: + + * Nominal disk type: Xen virtual disk (aka xvd*, the default); SCSI + (sd*); IDE or AHCI (hd*). + + For HVM guests, each whole-disk hd* and and sd* device is made + available _both_ via emulated IDE resp. SCSI controller, _and_ as a + Xen VBD. The HVM guest is entitled to assume that the IDE or SCSI + disks available via the emulated IDE controller target the same + underlying devices as the corresponding Xen VBD (ie, multipath). + In hd* case with hdtype=ahci, disk will be AHCI via emulated + ich9 disk controller. + + For PV guests every device is made available to the guest only as a + Xen VBD. For these domains the type is advisory, for use by the + guest's device naming scheme. + + The Xen interface does not specify what name a device should have + in the guest (nor what major/minor device number it should have in + the guest, if the guest has such a concept). + + * Disk number, which is a nonnegative integer, + conventionally starting at 0 for the first disk. + + * Partition number, which is a nonnegative integer where by + convention partition 0 indicates the "whole disk". + + Normally for any disk _either_ partition 0 should be supplied in + which case the guest is expected to treat it as they would a native + whole disk (for example by putting or expecting a partition table + or disk label on it); + + _Or_ only non-0 partitions should be supplied in which case the + guest should expect storage management to be done by the host and + treat each vbd as it would a partition or slice or LVM volume (for + example by putting or expecting a filesystem on it). + + Non-whole disk devices cannot be passed through to HVM guests via + the emulated IDE or SCSI controllers. + + +Configuration file syntax +------------------------- + +The config file syntaxes are, for example + + d0 d0p0 xvda Xen virtual disk 0 partition 0 (whole disk) + d1p2 xvdb2 Xen virtual disk 1 partition 2 + d536p37 xvdtq37 Xen virtual disk 536 partition 37 + sdb3 SCSI disk 1 partition 3 + hdc2 IDE disk 2 partition 2 + +The d*p* syntax is not supported by xm/xend. + +To cope with guests which predate this specification we preserve the +existing facility to specify the xenstore numerical value directly by +putting a single number (hex, decimal or octal) in the domain config +file instead of the disk identifier; this number is written directly +to xenstore (after conversion to the canonical decimal format). + + +Concrete encoding in the VBD interface (in xenstore) +---------------------------------------------------- + +The information above is encoded in the concrete interface as an +integer (in a canonical decimal format in xenstore), whose value +encodes the information above as follows: + + 1 << 28 | disk << 8 | partition xvd, disks or partitions 16 onwards + 202 << 8 | disk << 4 | partition xvd, disks and partitions up to 15 + 8 << 8 | disk << 4 | partition sd, disks and partitions up to 15 + 3 << 8 | disk << 6 | partition hd, disks 0..1, partitions 0..63 + 22 << 8 | (disk-2) << 6 | partition hd, disks 2..3, partitions 0..63 + 2 << 28 onwards reserved for future use + other values less than 1 << 28 deprecated / reserved + +The 1<<28 format handles disks up to (1<<20)-1 and partitions up to +255. It will be used only where the 202<<8 format does not have +enough bits. + +Guests MAY support any subset of the formats above except that if they +support 1<<28 they MUST also support 202<<8. PV-on-HVM drivers MUST +support at least one of 3<<8 or 8<<8; 3<<8 is recommended. + +Some software has used or understood Linux-specific encodings for SCSI +disks beyond disk 15 partition 15, and IDE disks beyond disk 3 +partition 63. These vbds, and the corresponding encoded integers, are +deprecated. + +Guests SHOULD ignore numbers that they do not understand or +recognise. They SHOULD check supplied numbers for validity. + + +Notes on Linux as a guest +------------------------- + +Very old Linux guests (PV and PV-on-HVM) are able to "steal" the +device numbers and names normally used by the IDE and SCSI +controllers, so that writing "hda1" in the config file results in +/dev/hda1 in the guest. These systems interpret the xenstore integer +as + major << 8 | minor +where major and minor are the Linux-specific device numbers. Some old +configurations may depend on deprecated high-numbered SCSI and IDE +disks. This does not work in recent versions of Linux. + +So for Linux PV guests, users are recommended to supply xvd* devices +only. Modern PV drivers will map these to identically-named devices +in the guest. + +For Linux HVM guests using PV-on-HVM drivers, users are recommended to +supply as few hd* devices as possible, and for the rest of the disks, +to use pure xvd* devices starting at xvde. Modern PV-on-HVM drivers +will map provided hd* devices to the corresponding /dev/xvd* (for +example, hda is presented also as /dev/xvda). + +Some Linux HVM guests with broken PV-on-HVM drivers do not cope +properly if both hda and hdc are supplied, nor with both hda and xvda, +because they directly map the bottom 8 bits of the xenstore integer +directly to the Linux guest's device number and throw away the rest; +they can crash due to minor number clashes. With these guests, the +workaround is not to supply problematic combinations of devices. + + +Other frontend and backend options +---------------------------------- + +See xen/include/public/io/blkif.h for the full list of options. diff --git a/src/xen/docs/man/xen-vtpm.7.pod b/src/xen/docs/man/xen-vtpm.7.pod new file mode 100644 index 0000000000000000000000000000000000000000..d03307258461e52e822948c983985bc1e8f94926 --- /dev/null +++ b/src/xen/docs/man/xen-vtpm.7.pod @@ -0,0 +1,383 @@ +=head1 NAME + +xen-vtpm - Xen virtual Trusted Platform Module (vTPM) subsystem + +=head1 RUBRIC + +Copyright (c) 2010-2012 United States Government, as represented by +the Secretary of Defense. All rights reserved. +November 12 2012 +Authors: Matthew Fioravante (JHUAPL), Daniel De Graaf (NSA) + +This document describes the virtual Trusted Platform Module (vTPM) subsystem +for Xen. The reader is assumed to have familiarity with building and installing +Xen, Linux, and a basic understanding of the TPM and vTPM concepts. + +=head1 INTRODUCTION + +The goal of this work is to provide a TPM functionality to a virtual guest +operating system (a DomU). This allows programs to interact with a TPM in a +virtual system the same way they interact with a TPM on the physical system. +Each guest gets its own unique, emulated, software TPM. However, each of the +vTPM's secrets (Keys, NVRAM, etc) are managed by a vTPM Manager domain, which +seals the secrets to the Physical TPM. If the process of creating each of these +domains (manager, vTPM, and guest) is trusted, the vTPM subsystem extends the +chain of trust rooted in the hardware TPM to virtual machines in Xen. Each +major component of vTPM is implemented as a separate domain, providing secure +separation guaranteed by the hypervisor. The vTPM domains are implemented in +mini-os to reduce memory and processor overhead. + +This mini-os vTPM subsystem was built on top of the previous vTPM work done by +IBM and Intel corporation. + +=head1 DESIGN OVERVIEW + +The architecture of vTPM is described below: + + +------------------+ + | Linux DomU | ... + | | ^ | + | v | | + | xen-tpmfront | + +------------------+ + | ^ + v | + +------------------+ + | mini-os/tpmback | + | | ^ | + | v | | + | vtpm-stubdom | ... + | | ^ | + | v | | + | mini-os/tpmfront | + +------------------+ + | ^ + v | + +------------------+ + | mini-os/tpmback | + | | ^ | + | v | | + | vtpmmgr-stubdom | + | | ^ | + | v | | + | mini-os/tpm_tis | + +------------------+ + | ^ + v | + +------------------+ + | Hardware TPM | + +------------------+ + +=over 4 + +=item Linux DomU + +The Linux based guest that wants to use a vTPM. There many be +more than one of these. + +=item xen-tpmfront.ko + +Linux kernel virtual TPM frontend driver. This driver +provides vTPM access to a para-virtualized Linux based DomU. + +=item mini-os/tpmback + +Mini-os TPM backend driver. The Linux frontend driver +connects to this backend driver to facilitate +communications between the Linux DomU and its vTPM. This +driver is also used by vtpmmgr-stubdom to communicate with +vtpm-stubdom. + +=item vtpm-stubdom + +A mini-os stub domain that implements a vTPM. There is a +one to one mapping between running vtpm-stubdom instances and +logical vtpms on the system. The vTPM Platform Configuration +Registers (PCRs) are all initialized to zero. + +=item mini-os/tpmfront + +Mini-os TPM frontend driver. The vTPM mini-os domain +vtpm-stubdom uses this driver to communicate with +vtpmmgr-stubdom. This driver could also be used separately to +implement a mini-os domain that wishes to use a vTPM of +its own. + +=item vtpmmgr-stubdom + +A mini-os domain that implements the vTPM manager. +There is only one vTPM manager and it should be running during +the entire lifetime of the machine. This domain regulates +access to the physical TPM on the system and secures the +persistent state of each vTPM. + +=item mini-os/tpm_tis + +Mini-os TPM version 1.2 TPM Interface Specification (TIS) +driver. This driver used by vtpmmgr-stubdom to talk directly to +the hardware TPM. Communication is facilitated by mapping +hardware memory pages into vtpmmgr-stubdom. + +=item Hardware TPM + +The physical TPM that is soldered onto the motherboard. + +=back + +=head1 INSTALLATION + +=head2 Prerequisites: + +You must have an x86 machine with a TPM on the motherboard. The only extra +software requirement for compiling vTPM is cmake. You must use libxl to manage +domains with vTPMs; 'xm' is deprecated and does not support vTPMs. + +=head2 Compiling the Xen tree: + +Compile and install the Xen tree as usual; be sure that the vTPM domains are +enabled when you run configure. + +=head2 Compiling the LINUX dom0 kernel: + +Because the TPM manager uses direct access to the physical TPM, it may interfere +with access to the TPM by dom0. The simplest solution for this is to prevent +dom0 from accessing the physical TPM by compiling the kernel without a driver or +blacklisting the module. If dom0 needs a TPM but does not need to use it during +the boot process (i.e. it is not using IMA), a virtual TPM can be attached to +dom0 after the system is booted. + +Access to the physical TPM may be required in order to manage the NVRAM or to +perform other advanced operations where the vTPM is insufficient. In order to +prevent interference, the TPM Manager and dom0 should use different values for +the TPM's locality; since Linux always uses locality 0, using locality 2 for the +TPM Manager is recommended. If both Linux and the TPM Manager attempt to access +the TPM at the same time, the TPM device will return a busy status; some +applications will consider this a fatal error instead of retrying the command at +a later time. If a vTPM gets an error when loading its key, it will currently +generate a fresh vTPM image (with a new EK, SRK, and blank NVRAM). + + +=head2 Compiling the LINUX domU kernel: + +The domU kernel used by domains with vtpms must include the xen-tpmfront.ko +driver. It can be built directly into the kernel or as a module; however, some +features such as IMA require the TPM to be built in to the kernel. + + CONFIG_TCG_TPM=y + CONFIG_TCG_XEN=y + +=head1 VTPM MANAGER SETUP + +=head2 Manager disk image setup: + +The vTPM Manager requires a disk image to store its encrypted data. The image +does not require a filesystem and can live anywhere on the host disk. The image +is not large; the Xen 4.5 vtpmmgr is limited to using the first 2MB of the image +but can support more than 20,000 vTPMs. + +=head2 Manager config file: + +The vTPM Manager domain (vtpmmgr-stubdom) must be started like any other Xen +virtual machine and requires a config file. The manager requires a disk image +for storage and permission to access the hardware memory pages for the TPM. The +disk must be presented as "hda", and the TPM memory pages are passed using the +iomem configuration parameter. The TPM TIS uses 5 pages of IO memory (one per +locality) that start at physical address 0xfed40000. By default, the TPM manager +uses locality 0 (so only the page at 0xfed40 is needed); this can be changed on +the domain's command line. For full functionality in deep quotes, using +locality 2 is required to manipulate PCR 20-22. + +=head2 Starting and stopping the manager: + +The vTPM manager should be started at boot; you may wish to create an init +script to do this. If a domain builder is used, the TPM Manager should be +started by the domain builder to minimize the trusted computing base for the +vTPM manager's secrets. + +Once initialization is complete you should see the following: + + INFO[VTPM]: Waiting for commands from vTPM's: + +The TPM Manager does not respond to shutdown requests; use the destroy command +to shut it down. + +=head1 VTPM AND LINUX PVM SETUP + +=head2 vTPM disk image setup: + +The vTPM requires a disk image to store its persistent data (RSA keys, NVRAM, +etc). The image does not require a filesystem. The image does not need to be +large; 2 Mb should be sufficient. + +=head2 vTPM config file: + +The vTPM domain requires a configuration file like any other domain. The vTPM +requires a disk image for storage and a TPM frontend driver to communicate with +the manager. You are required to generate a uuid for this vtpm, which is +specified on the C line that describes its connection to the vTPM Manager. +The uuidgen application may be used to generate a uuid, or one from the output +of the C command may be used to create a vTPM +belonging to a specific group. + +If you wish to clear the vTPM data you can either recreate the disk image or +change the uuid. + +=head2 Linux Guest config file: + +The Linux guest config file needs to be modified to include the Linux tpmfront +driver. Add the following line: + + vtpm=["backend=domu-vtpm"] + +Currently only Linux guests are supported (PV or HVM with PV drivers). + +While attaching a vTPM after a guest is booted (using xl vtpm-attach) is +supported, the attached vTPM will not have a record of the boot of the attached +guest. Furthermore, if the vTPM has been freshly created, a malicious guest +could then extend any values into PCRs, potentially forging its boot +configuration. Attaching a vTPM to a running domain should only be used for +trusted domains or when measurements have already been sent to the vTPM from +another source. + +=head2 Using the vTPM in the guest: + +If xen-tpmfront was compiled as a module, it must be loaded it in the guest. + + # modprobe xen-tpmfront + +After the Linux domain boots and the xen-tpmfront driver is loaded, you should +see the following on the vtpm console: + + Info: VTPM attached to Frontend X/Y + +You can quickly test the vTPM by using the sysfs interface: + + # cat /sys/devices/vtpm-0/pubek + # cat /sys/devices/vtpm-0/pcrs + +If you have trousers and tpm_tools installed on the guest, the tpm_version +command should return the following: + +The version command should return the following: + + TPM 1.2 Version Info: + Chip Version: 1.2.0.7 + Spec Level: 2 + Errata Revision: 1 + TPM Vendor ID: ETHZ + TPM Version: 01010000 + Manufacturer Info: 4554485a + +You should also see the command being sent to the vtpm console as well as the +vtpm saving its state. You should see the vtpm key being encrypted and stored on +the vtpmmgr console. + +You may wish to write a script to start your vtpm and guest together and to +destroy the vtpm when the guest shuts down. + +=head1 INTEGRATION WITH PV-GRUB + +The vTPM currently starts up with all PCRs set to their default values (all +zeros for the lower 16). This means that any decisions about the +trustworthiness of the created domain must be made based on the environment that +created the vTPM and the domU; for example, a system that only constructs images +using a trusted configuration and guest kernel be able to provide guarantees +about the guests and any measurements done that kernel (such as the IMA TCB +log). Guests wishing to use a custom kernel in such a secure environment are +often started using the pv-grub bootloader as the kernel, which then can load +the untrusted kernel without needing to parse an untrusted filesystem and kernel +in dom0. If the pv-grub stub domain succeeds in connecting to a vTPM, it will +extend the hash of the kernel that it boots into PCR #4, and will extend the +command line and initrd into PCR #5 before booting so that a domU booted in this +way can attest to its early boot state. + +=head1 MORE INFORMATION + +See for more details about how the manager domain works, how to use +it, and its command line parameters. + +=head1 VTPM DOMAIN OPERATION + +The vtpm-stubdom is a mini-OS domain that emulates a TPM for the guest OS to +use. It is a small wrapper around the Berlios TPM emulator version 0.7.4. +Commands are passed from the linux guest via the mini-os TPM backend driver. +vTPM data is encrypted and stored via a disk image provided to the virtual +machine. The key used to encrypt the data along with a hash of the vTPM's data +is sent to the vTPM manager for secure storage and later retrieval. The vTPM +domain communicates with the manager using a mini-os tpm front/back device pair. + +=head1 VTPM DOMAIN COMMAND LINE ARGUMENTS + +Command line arguments are passed to the domain via the 'extra' parameter in the +VM config file. Each parameter is separated by white space. For example: + + extra="foo=bar baz" + +=head2 List of Arguments: + +=over 4 + +=item B= + +Controls the amount of logging printed to the console. +The possible values for are: + +=over 4 + +=item * error + +=item * info (default) + +=item * debug + +=back + +=item B + +Start the Berlios emulator in "clear" mode. (default) + +=item B + +Start the Berlios emulator in "save" mode. + +=item B + +Start the Berlios emulator in "deactivated" mode. +See the Berlios TPM emulator documentation for details +about the startup mode. For all normal use, always use clear +which is the default. You should not need to specify any of these. + +=item B=<1|0> + +Enable to disable the TPM maintenance commands. +These commands are used by tpm manufacturers and thus +open a security hole. They are disabled by default. + +=item B= + +Initialize the virtual Platform Configuration Registers +(PCRs) with PCR values from the hardware TPM. Each pcr specified by + will be initialized with the value of that same PCR in TPM +once at startup. By default all PCRs are zero initialized. +Possible values of are: + +=over + +=item * all: copy all pcrs + +=item * none: copy no pcrs (default) + +=item * : copy pcr n + +=item * : copy pcrs x to y (inclusive) + +=back + +These can also be combined by comma separation, for example: +C will copy pcrs 5, 12, 13, 14, 15, and 16. + +=back + +=head1 REFERENCES + +Berlios TPM Emulator: L diff --git a/src/xen/docs/man/xen-vtpmmgr.7.pod b/src/xen/docs/man/xen-vtpmmgr.7.pod new file mode 100644 index 0000000000000000000000000000000000000000..3286954568827fed00f04384397c71583369b67a --- /dev/null +++ b/src/xen/docs/man/xen-vtpmmgr.7.pod @@ -0,0 +1,401 @@ +=head1 NAME + +xen-vtpmgr - Xen virtual TPM stubdomain + +=head1 Authors + +=over 4 + +=item Daniel De Graaf + +=item Quan Xu + +=back + +This document describes the operation and command line interface of +vtpmmgr-stubdom. See L for details on the vTPM subsystem as a +whole. + +=head1 Overview + +The TPM Manager has three primary functions: + +=over 4 + +=item 1. Securely store the encryption keys for vTPMs + +=item 2. Provide a single controlled path of access to the physical TPM + +=item 3. Provide evidence (via TPM Quotes) of the current configuration + +=back + +When combined with a platform that provides a trusted method for creating +domains, the TPM Manager provides assurance that the private keys in a vTPM are +only available in specific trusted configurations. + +The manager accepts commands from the vtpm-stubdom domains via the mini-os TPM +backend driver. The vTPM manager communicates directly with hardware TPM using +the mini-os tpm_tis driver. + +=head1 Boot Configurations and TPM Groups + +The TPM Manager's data is secured by using the physical TPM's seal operation, +which allows data to be bound to specific PCRs. These PCRs are populated in the +physical TPM during the boot process, either by the firmware/BIOS or by a +dynamic launch environment such as TBOOT. In order to provide assurance of the +system's security, the PCRs used to seal the TPM manager's data must contain +measurements for domains used to bootstrap the TPM Manager and vTPMs. + +Because these measurements are based on hashes, they will change any time that +any component of the system is upgraded. Since it is not possible to construct a +list of all possible future good measurements, the job of approving +configurations is delegated to a third party, referred to here as the system +approval agent (SAA). The SAA is identified by its public (RSA) signature key, +which is used to sign lists of valid configurations. A single TPM manager can +support multiple SAAs via the use of vTPM groups. Each group is associated with +a single SAA; this allows the creation of a multi-tenant environment where +tenants may not all choose to trust the same SAA. + +Each vTPM is bound to a vTPM group at the time of its creation. Each vTPM group +has its own AIK in the physical TPM for quotes of the hardware TPM state; when +used with a conforming Privacy CA, this allows each group on the system to form +the basis of a distinct identity. + +=head1 Initial Provisioning + +When the TPM Manager first boots up, it will create a stub vTPM group along with +entries for any vTPMs that communicate with it. This stub group must be +provisioned with an SAA and a boot configuration in order to survive a reboot. + +When a vTPM is connected to the TPM Manager using a UUID that is not recognized, +a slot will be created in group 0 for it. In the future, this auto-creation may +be restricted to specific UUIDs (such as the all-zero UUID) to enforce the use +of the TPM manager as the generator of the UUID. The first vTPM to be connected +is given administrative privileges for the TPM Manager, and should be attached +to dom0 or a control domain in order to send provisioning commands. + +Provisioning a vTPM group for the system requires the public key of the SAA and +privacy CA data used to certify the AIK (see the TPM spec for details). Once the +group is created, a signed list of boot measurements can be installed. The +initial group controls the ability to boot the system as a whole, and cannot be +deleted once provisioned. + +=head1 Command Line Arguments + +Command line arguments are passed to the domain via the 'extra' parameter in the +VM config file. Each parameter is separated by white space. For example: + + extra="foo=bar baz" + +Valid arguments: + +=over 4 + +=item srk_handle= + +Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and +this allow specifying the parent handle for vtpmmgr to create its own +key under. Using this option bypasses vtpmmgr trying to take ownership +of the TPM. + +=item owner_auth= + +=item srk_auth= + +Set the owner and SRK authdata for the TPM. If not specified, the +default is 160 zero bits (the well-known auth value). Valid values of + are: + +=over 4 + +=item well-known + +Use the well known auth (default) + +=item hash: + +Use the given 40-character ASCII hex string + +=item text: + +Use sha1 hash of . + +=back + +=item tpmdriver= + +Choose the driver used for communication with the hardware TPM. Values +other than tpm_tis should only be used for testing. + +The possible values of are: + +=over 4 + +=item tpm_tis + +Direct communication with a hardware TPM 1.2. The +domain must have access to TPM IO memory. (default) + +=item tpmfront + +Use the Xen tpmfront interface to talk to another +domain which provides access to the TPM. + +=back + +=back + +The following options only apply to the tpm_tis driver: + +=over 4 + +=item tpmiomem= + +The base address of the hardware memory pages of the TPM. +The default is 0xfed40000, as defined by the TCG's PC Client spec. + +=item tpmirq= + +The irq of the hardware TPM if using interrupts. A value of +"probe" can be set to probe for the irq. A value of 0 disables +interrupts and uses polling (default 0). + +=item tpmlocality= + +Attempt to use locality of the hardware TPM. +For full functionality of the TPM Manager, this should be set to "2". + +=back + +=head1 Platform Security Assumptions + +While the TPM Manager has the ability to check the hash of the vTPM requesting a +key, there is currently no trusted method to inform the TPM Manager of the hash +of each new domain. Because of this, the TPM Manager trusts the UUID key in +Xenstore to identify a vTPM in a trusted manner. The XSM policy may be used to +strengthen this assumption if the creation of vTPM-labeled domains is more +constrained (for example, only permitted to a domain builder service): the only +grants mapped by the TPM Manager should belong to vTPM domains, so restricting +the ability to map other domain's granted pages will prevent other domains from +directly requesting keys from the TPM Manager. The TPM Manager uses the hash of +the XSM label of the attached vTPM as the kernel hash, so vTPMs with distinct +labels may be further partitioned using vTPM groups. + +A domain with direct access to the hardware TPM will be able to decrypt the TPM +Manager's disk image if the haredware TPM's PCR values are in a permitted +configuration. To protect the TPM Manager's data, the list of permitted +configurations should be chosen to include PCRs that measure the hypervisor, +domain 0, the TPM Manager, and other critical configuration such as the XSM +policy. If the TPM Manager is configured to use locality 2 as recommended, it +is safe to permit the hardware domain to access locality 0 (the default in +Linux), although concurrent use of the TPM should be avoided as it can result in +unexpected busy errors from the TPM driver. The ability to access locality 2 of +the TPM should be enforced using IO memory labeling in the XSM policy; the +physical address 0xFED42xxx is always locality 2 for TPMs using the TIS driver. + +=head1 Appendix: unsecured migration process for vtpmmgr domain upgrade + +There is no direct upgrade supported from previous versions of the vtpmmgr +domain due to changes in the on-disk format and the method used to seal data. +If a vTPM domain supports migration, this feature should be used to migrate the +vTPM's data; however, the vTPM packaged with Xen does not yet support migration. + +If adding migration support to the vTPM is not desired, a simpler migration +domain usable only for local migration can be constructed. The migration process +would look like the following: + +=over 4 + +=item 1. Start the old vtpmmgr + +=item 2. Start the vTPM migration domain + +=item 3. Attach the vTPM migration domain's vtpm/0 device to the old vtpmmgr + +=item 4. Migration domain executes vtpmmgr_LoadHashKey on vtpm/0 + +=item 5. Start the new vtpmmgr, possibly shutting down the old one first + +=item 6. Attach the vTPM migration domain's vtpm/1 device to the new vtpmmgr + +=item 7. Migration domain executes vtpmmgr_SaveHashKey on vtpm/1 + +=back + +This requires the migration domain to be added to the list of valid vTPM kernel +hashes. In the current version of the vtpmmgr domain, this is the hash of the +XSM label, not the kernel. + +=head1 Appendix B: vtpmmgr on TPM 2.0 + +=head2 WARNING: Incomplete - cannot persist data + +TPM 2.0 support for vTPM manager is incomplete. There is no support for +persisting an encryption key, so vTPM manager regenerates primary and secondary +key handles each boot. + +Also, the vTPM manger group command implementation hardcodes TPM 1.2 commands. +This means running manage-vtpmmgr.pl fails when the TPM 2.0 hardware rejects +the TPM 1.2 commands. vTPM manager with TPM 2.0 cannot create groups and +therefore cannot persist vTPM contents. + +=head2 Manager disk image setup: + +The vTPM Manager requires a disk image to store its encrypted data. The image +does not require a filesystem and can live anywhere on the host disk. The image +is not large; the Xen 4.5 vtpmmgr is limited to using the first 2MB of the image +but can support more than 20,000 vTPMs. + + dd if=/dev/zero of=/home/vtpm2/vmgr bs=16M count=1 + +=head2 Manager config file: + +The vTPM Manager domain (vtpmmgr-stubdom) must be started like any other Xen +virtual machine and requires a config file. The manager requires a disk image +for storage and permission to access the hardware memory pages for the TPM. The +disk must be presented as "hda", and the TPM memory pages are passed using the +iomem configuration parameter. The TPM TIS uses 5 pages of IO memory (one per +locality) that start at physical address 0xfed40000. By default, the TPM manager +uses locality 0 (so only the page at 0xfed40 is needed). + +Add: + + extra="tpm2=1" + +extra option to launch vtpmmgr-stubdom domain on TPM 2.0, and ignore it on TPM +1.x. for example: + + kernel="/usr/lib/xen/boot/vtpmmgr-stubdom.gz" + memory=128 + disk=["file:/home/vtpm2/vmgr,hda,w"] + name="vtpmmgr" + iomem=["fed40,5"] + extra="tpm2=1" + + +=head2 Key Hierarchy + + +------------------+ + | vTPM's secrets | ... + +------------------+ + | ^ + | |(Bind / Unbind) +- - - - - -v |- - - - - - - - TPM 2.0 + +------------------+ + | SK + + +------------------+ + | ^ + v | + +------------------+ + | SRK | + +------------------+ + | ^ + v | + +------------------+ + | TPM 2.0 Storage | + | Primary Seed | + +------------------+ + +Now the secrets for the vTPMs are only being bound to the presence of thephysical +TPM 2.0. Since using PCRs to seal the data can be an important security feature +that users of the vtpmmgr rely on. I will replace TPM2_Bind/TPM2_Unbind with +TPM2_Seal/TPM2_Unseal to provide as much security as it did for TPM 1.2 in later +series of patch. + +=head2 Design Overview + +The architecture of vTPM subsystem on TPM 2.0 is described below: + + +------------------+ + | Linux DomU | ... + | | ^ | + | v | | + | xen-tpmfront | + +------------------+ + | ^ + v | + +------------------+ + | mini-os/tpmback | + | | ^ | + | v | | + | vtpm-stubdom | ... + | | ^ | + | v | | + | mini-os/tpmfront | + +------------------+ + | ^ + v | + +------------------+ + | mini-os/tpmback | + | | ^ | + | v | | + | vtpmmgr-stubdom | + | | ^ | + | v | | + | mini-os/tpm2_tis | + +------------------+ + | ^ + v | + +------------------+ + | Hardware TPM 2.0 | + +------------------+ + +=over 4 + +=item Linux DomU + +The Linux based guest that wants to use a vTPM. There many be +more than one of these. + +=item xen-tpmfront.ko + +Linux kernel virtual TPM frontend driver. This driver +provides vTPM access to a para-virtualized Linux based DomU. + +=item mini-os/tpmback + +Mini-os TPM backend driver. The Linux frontend driver +connects to this backend driver to facilitate +communications between the Linux DomU and its vTPM. This +driver is also used by vtpmmgr-stubdom to communicate with +vtpm-stubdom. + +=item vtpm-stubdom + +A mini-os stub domain that implements a vTPM. There is a +one to one mapping between running vtpm-stubdom instances and +logical vtpms on the system. The vTPM Platform Configuration +Registers (PCRs) are all initialized to zero. + +=item mini-os/tpmfront + +Mini-os TPM frontend driver. The vTPM mini-os domain +vtpm-stubdom uses this driver to communicate with +vtpmmgr-stubdom. This driver could also be used separately to +implement a mini-os domain that wishes to use a vTPM of +its own. + +=item vtpmmgr-stubdom + +A mini-os domain that implements the vTPM manager. +There is only one vTPM manager and it should be running during +the entire lifetime of the machine. This domain regulates +access to the physical TPM on the system and secures the +persistent state of each vTPM. + +=item mini-os/tpm2_tis + +Mini-os TPM version 2.0 TPM Interface Specification (TIS) +driver. This driver used by vtpmmgr-stubdom to talk directly +to the hardware TPM 2.0. Communication is facilitated by mapping +hardware memory pages into vtpmmgr-stubdom. + +=item Hardware TPM 2.0 + +The physical TPM 2.0 that is soldered onto the motherboard. + +=back + +Noted: + functionality for a virtual guest operating system (a DomU) is still TPM 1.2. diff --git a/src/xen/docs/man/xenhypfs.1.pod b/src/xen/docs/man/xenhypfs.1.pod new file mode 100644 index 0000000000000000000000000000000000000000..d5553b1150b89b32404a8a8ccd82baa6cbe23231 --- /dev/null +++ b/src/xen/docs/man/xenhypfs.1.pod @@ -0,0 +1,60 @@ +=head1 NAME + +xenhypfs - Xen tool to access Xen hypervisor file system + +=head1 SYNOPSIS + +B I [I] [I] + +=head1 DESCRIPTION + +The B program is used to access the Xen hypervisor file system. +It can be used to show the available entries, to show their contents and +(if allowed) to modify their contents. + +=head1 SUBCOMMANDS + +=over 4 + +=item B I + +List the available entries below I. + +=item B [I<-b>] I + +Show the contents of the entry specified by I. Non-printable characters +other than white space characters (like tab, new line) will be shown as +B<\xnn> (B being a two digit hex number) unless the option B<-b> is +specified. + +=item B I I + +Set the contents of the entry specified by I to I. + +=item B + +Show all the entries of the file system as a tree. + +=back + +=head1 RETURN CODES + +=over 4 + +=item B<0> + +Success + +=item B<1> + +Invalid usage (e.g. unknown subcommand, unknown option, missing parameter). + +=item B<2> + +Entry not found while traversing the tree. + +=item B<3> + +Access right violation. + +=back diff --git a/src/xen/docs/man/xenstore-chmod.1.pod b/src/xen/docs/man/xenstore-chmod.1.pod new file mode 100644 index 0000000000000000000000000000000000000000..d221f5dffcef5e06bcf266bd373419e459585736 --- /dev/null +++ b/src/xen/docs/man/xenstore-chmod.1.pod @@ -0,0 +1,58 @@ +=head1 NAME + +xenstore-chmod - set the permissions of a Xenstore key + +=head1 SYNOPSIS + +B [I