Introduce FreeBSD xen dom0 components.

Add xen kernel and xen toolstack ports to the ports tree
This packages are for now only supported on FreeBSD 11 after 1100055
The xen package only include the kernel and an addition to the loader menu to
allow to disable booting on the xen kernel

The Xen toolstack (xl) includes seabios (hence the addition of LGPLv3 license)

Explicitly use nm from ports binutils to workaround a bug in FreeBSD's nm on
some version of FreeBSD.

Workaround configure checks that are actually not needed during the build of the
tool stack.

Thanks AllanJude@ for the xen.4th
Thanks roger@ for all the work making FreeBSD dom0 support working.

Please notice that you will need an Intel box with EPT and a working IOMMU

6 files changed, 181 insertions, 0 deletions

diff --git a/emulators/xen/Makefile b/emulators/xen/Makefile
new file mode 100644
index 000000000000..87b91728292b
--- /dev/null
+++ b/emulators/xen/Makefile
@@ -0,0 +1,45 @@
+# $FreeBSD$
+
+PORTNAME=	xen
+PORTVERSION=	4.5.0
+CATEGORIES=	emulators
+MASTER_SITES=	http://bits.xensource.com/oss-xen/release/${PORTVERSION}/
+
+MAINTAINER=	bapt@FreeBSD.org
+COMMENT=	Hypervisor using a microkernel design
+
+LICENSE=	GPLv2
+
+ONLY_FOR_ARCH=	amd64
+
+USES=		gmake python:build
+MAKE_ARGS=	HOSTCC="${CC}" CC="${CC}" PYTHON=${PYTHON_CMD} \
+		NM="${NM}" LD="${LD}"
+USE_GCC=	yes
+NO_MTREE=	yes
+PLIST_FILES=	/boot/xen \
+		/boot/xen.4th
+ALL_TARGET=	build
+STRIP=		#
+WRKSRC_SUBDIR=	xen
+EXTRA_PATCHES=	${FILESDIR}/iommu_share_p2m_table.patch:-p2
+
+.include <bsd.port.options.mk>
+
+.if ${OPSYS} != FreeBSD
+IGNORE=		Only supported on FreeBSD
+.endif
+
+.if ${OSVERSION} < 1100055
+IGNORE=		Only supported on recent FreeBSD 11
+.endif
+
+do-install:
+	${MKDIR} ${STAGEDIR}/boot
+	${INSTALL_PROGRAM} ${WRKSRC}/xen ${STAGEDIR}/boot
+
+.include <bsd.port.mk>
+
+#Filter out LDFLAGS
+.undef LDFLAGS
+RUN_DEPENDS:=	${RUN_DEPENDS:N*gcc*}
diff --git a/emulators/xen/distinfo b/emulators/xen/distinfo
new file mode 100644
index 000000000000..04b165562d3f
--- /dev/null
+++ b/emulators/xen/distinfo
@@ -0,0 +1,2 @@
+SHA256 (xen-4.5.0.tar.gz) = 5bdb40e2b28d2eeb541bd71a9777f40cbe2ae444b987521d33f099541a006f3b
+SIZE (xen-4.5.0.tar.gz) = 18404933
diff --git a/emulators/xen/files/iommu_share_p2m_table.patch b/emulators/xen/files/iommu_share_p2m_table.patch
new file mode 100644
index 000000000000..b6ed1f8e4195
--- /dev/null
+++ b/emulators/xen/files/iommu_share_p2m_table.patch
@@ -0,0 +1,85 @@
+From 7978429727a9da328444749951005b595de41098 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>
+Date: Mon, 9 Mar 2015 14:01:40 +0100
+Subject: [PATCH] iommu: fix usage of shared EPT/IOMMU page tables on PVH guests
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+iommu_share_p2m_table should not prevent PVH guests from using a shared page
+table between the IOMMU and EPT. Clean the code by removing the asserts in
+the vendor specific implementations (amd_iommu_share_p2m, iommu_set_pgd),
+and moving the hap_enabled assert to the caller (iommu_share_p2m_table).
+
+Also fix another incorrect usage of is_hvm_domain usage in
+arch_iommu_populate_page_table. This has not given problems so far because
+all the pages in PVH guests are of type PGT_writable_page.
+
+Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
+Reviewed-by: Jan Beulich <jbeulich@suse.com>
+Tested-by: David Vrabel <david.vrabel@citrix.com>
+Reviewed-by: Tim Deegan <tim@xen.org>
+Acked-by: Kevin Tian <kevin.tian@intel.com>
+---
+ xen/drivers/passthrough/amd/iommu_map.c |    2 --
+ xen/drivers/passthrough/iommu.c         |    3 ++-
+ xen/drivers/passthrough/vtd/iommu.c     |    2 --
+ xen/drivers/passthrough/x86/iommu.c     |    2 +-
+ 4 files changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c
+index a8c60ec..31dc05d 100644
+--- a/xen/drivers/passthrough/amd/iommu_map.c
++++ b/xen/drivers/passthrough/amd/iommu_map.c
+@@ -785,8 +785,6 @@ void amd_iommu_share_p2m(struct domain *d)
+     struct page_info *p2m_table;
+     mfn_t pgd_mfn;
+ 
+-    ASSERT( is_hvm_domain(d) && d->arch.hvm_domain.hap_enabled );
+-
+     if ( !iommu_use_hap_pt(d) )
+         return;
+ 
+diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c
+index cc12735..7fcbbb1 100644
+--- a/xen/drivers/passthrough/iommu.c
++++ b/xen/drivers/passthrough/iommu.c
+@@ -332,7 +332,8 @@ void iommu_share_p2m_table(struct domain* d)
+ {
+     const struct iommu_ops *ops = iommu_get_ops();
+ 
+-    if ( iommu_enabled && is_hvm_domain(d) )
++    ASSERT( hap_enabled(d) );
++    if ( iommu_enabled )
+         ops->share_p2m(d);
+ }
+ 
+diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c
+index 1063677..48676c5 100644
+--- a/xen/drivers/passthrough/vtd/iommu.c
++++ b/xen/drivers/passthrough/vtd/iommu.c
+@@ -1789,8 +1789,6 @@ static void iommu_set_pgd(struct domain *d)
+     struct hvm_iommu *hd  = domain_hvm_iommu(d);
+     mfn_t pgd_mfn;
+ 
+-    ASSERT( is_hvm_domain(d) && d->arch.hvm_domain.hap_enabled );
+-
+     if ( !iommu_use_hap_pt(d) )
+         return;
+ 
+diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c
+index 52d8948..9eb8d33 100644
+--- a/xen/drivers/passthrough/x86/iommu.c
++++ b/xen/drivers/passthrough/x86/iommu.c
+@@ -56,7 +56,7 @@ int arch_iommu_populate_page_table(struct domain *d)
+ 
+     while ( !rc && (page = page_list_remove_head(&d->page_list)) )
+     {
+-        if ( is_hvm_domain(d) ||
++        if ( has_hvm_container_domain(d) ||
+             (page->u.inuse.type_info & PGT_type_mask) == PGT_writable_page )
+         {
+             BUG_ON(SHARED_M2P(mfn_to_gmfn(d, page_to_mfn(page))));
+-- 
+1.7.2.5
+
diff --git a/emulators/xen/files/xen.4th b/emulators/xen/files/xen.4th
new file mode 100644
index 000000000000..1d2b2df55dd1
--- /dev/null
+++ b/emulators/xen/files/xen.4th
@@ -0,0 +1,22 @@
+: boot_xen_disabled ( N -- NOTREACHED )
+        toggle_menuitem ( n -- n )
+        menu-redraw
+        500 ms
+        0 25 at-xy
+        s" xen_kernel" getenv dup -1 <> if
+	  1 1 unload
+          s" xen_kernel" unsetenv
+	else
+	  drop
+	  0  
+	then
+        0 boot ( state -- )
+;
+
+set mainmenu_caption[7]="Disable [X]en"
+set toggled_text[7]="Disabling [X]en..."
+set mainansi_caption[7]="Disable Xen"
+set toggled_ansi[7]="Disabling Xen..."
+set mainmenu_keycode[7]=120
+set mainmenu_command[7]="boot_xen_disabled"
+
diff --git a/emulators/xen/pkg-descr b/emulators/xen/pkg-descr
new file mode 100644
index 000000000000..39feb5599723
--- /dev/null
+++ b/emulators/xen/pkg-descr
@@ -0,0 +1,10 @@
+The Xen Project hypervisor is an open-source type-1 or baremetal hypervisor,
+which makes it possible to run many instances of an operating system or indeed
+different operating systems in parallel on a single machine (or host). The Xen
+Project hypervisor is the only type-1 hypervisor that is available as open
+source. It is used as the basis for a number of different commercial and open
+source applications, such as: server virtualization, Infrastructure as a Service
+(IaaS), desktop virtualization, security applications, embedded and hardware
+appliances
+
+WWW: http://www.xenproject.org/
diff --git a/emulators/xen/pkg-message b/emulators/xen/pkg-message
new file mode 100644
index 000000000000..0be4da400d7e
--- /dev/null
+++ b/emulators/xen/pkg-message
@@ -0,0 +1,17 @@
+Please add the following entries in order to boot the xen kernel
+
+in /etc/sysctl.conf:
+	vm.max_wired=-1
+
+in /etc/ttys
+	xc0 	"/usr/libexec/getty Pc"         xterm   on  secure
+
+In /boot/loader.conf for a dom0 with 2G memory and 4 vcpus
+	xen_kernel="/boot/xen"
+	xen_cmdline="dom0_mem=2048M dom0_max_vcpus=4 dom0pvh=1 com1=115200,8n1 guest_loglvl=all loglvl=all"
+
+Add
+	console=com1 to the above xen_cmdline in order to activate the serial console
+
+In /boot/menu.rc.local
+	try-include /boot/xen.4th