SHA256
2
0
forked from SLFO-pool/xen

Sync from SUSE:SLFO:Main xen revision 4c1c9473a770d45c019a6b6be8512faa

This commit is contained in:
Adrian Schröter 2024-10-18 15:48:08 +02:00
parent 8b440090d6
commit 245e26a41b
42 changed files with 947 additions and 400 deletions

View File

@ -1,45 +0,0 @@
# Commit d0a718a45f14b86471d8eb3083acd72760963470
# Date 2024-04-11 13:23:08 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/hvm: Fix Misra Rule 19.1 regression
Despite noticing an impending Rule 19.1 violation, the adjustment made (the
uint32_t cast) wasn't sufficient to avoid it. Try again.
Subsequently noticed by Coverity too.
Fixes: 6a98383b0877 ("x86/HVM: clear upper halves of GPRs upon entry from 32-bit code")
Coverity-IDs: 1596289 thru 1596298
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
--- a/xen/arch/x86/include/asm/hvm/hvm.h
+++ b/xen/arch/x86/include/asm/hvm/hvm.h
@@ -585,16 +585,16 @@ static inline void hvm_sanitize_regs_fie
if ( compat )
{
/* Clear GPR upper halves, to counteract guests playing games. */
- regs->rbp = (uint32_t)regs->ebp;
- regs->rbx = (uint32_t)regs->ebx;
- regs->rax = (uint32_t)regs->eax;
- regs->rcx = (uint32_t)regs->ecx;
- regs->rdx = (uint32_t)regs->edx;
- regs->rsi = (uint32_t)regs->esi;
- regs->rdi = (uint32_t)regs->edi;
- regs->rip = (uint32_t)regs->eip;
- regs->rflags = (uint32_t)regs->eflags;
- regs->rsp = (uint32_t)regs->esp;
+ regs->rbp = (uint32_t)regs->rbp;
+ regs->rbx = (uint32_t)regs->rbx;
+ regs->rax = (uint32_t)regs->rax;
+ regs->rcx = (uint32_t)regs->rcx;
+ regs->rdx = (uint32_t)regs->rdx;
+ regs->rsi = (uint32_t)regs->rsi;
+ regs->rdi = (uint32_t)regs->rdi;
+ regs->rip = (uint32_t)regs->rip;
+ regs->rflags = (uint32_t)regs->rflags;
+ regs->rsp = (uint32_t)regs->rsp;
}
#ifndef NDEBUG

View File

@ -0,0 +1,30 @@
# Commit 303d3ff85c90ee4af4bad4e3b1d4932fa2634d64
# Date 2024-07-30 11:55:56 +0200
# Author Ross Lagerwall <ross.lagerwall@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
bunzip2: fix rare decompression failure
The decompression code parses a huffman tree and counts the number of
symbols for a given bit length. In rare cases, there may be >= 256
symbols with a given bit length, causing the unsigned char to overflow.
This causes a decompression failure later when the code tries and fails to
find the bit length for a given symbol.
Since the maximum number of symbols is 258, use unsigned short instead.
Fixes: ab77e81f6521 ("x86/dom0: support bzip2 and lzma compressed bzImage payloads")
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/bunzip2.c
+++ b/xen/common/bunzip2.c
@@ -221,7 +221,8 @@ static int __init get_next_block(struct
RUNB) */
symCount = symTotal+2;
for (j = 0; j < groupCount; j++) {
- unsigned char length[MAX_SYMBOLS], temp[MAX_HUFCODE_BITS+1];
+ unsigned char length[MAX_SYMBOLS];
+ unsigned short temp[MAX_HUFCODE_BITS+1];
int minLen, maxLen, pp;
/* Read Huffman code lengths for each symbol. They're
stored in a way similar to mtf; record a starting

View File

@ -0,0 +1,99 @@
Subject: x86/IOMMU: move tracking in iommu_identity_mapping()
From: Teddy Astie teddy.astie@vates.tech Tue Aug 13 16:36:40 2024 +0200
Date: Tue Aug 13 16:36:40 2024 +0200:
Git: beadd68b5490ada053d72f8a9ce6fd696d626596
If for some reason xmalloc() fails after having mapped the reserved
regions, an error is reported, but the regions remain mapped in the P2M.
Similarly if an error occurs during set_identity_p2m_entry() (except on
the first call), the partial mappings of the region would be retained
without being tracked anywhere, and hence without there being a way to
remove them again from the domain's P2M.
Move the setting up of the list entry ahead of trying to map the region.
In cases other than the first mapping failing, keep record of the full
region, such that a subsequent unmapping request can be properly torn
down.
To compensate for the potentially excess unmapping requests, don't log a
warning from p2m_remove_identity_entry() when there really was nothing
mapped at a given GFN.
This is XSA-460 / CVE-2024-31145.
Fixes: 2201b67b9128 ("VT-d: improve RMRR region handling")
Fixes: c0e19d7c6c42 ("IOMMU: generalize VT-d's tracking of mapped RMRR regions")
Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index e7e327d6a6..1739133fc2 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -1267,9 +1267,11 @@ int p2m_remove_identity_entry(struct domain *d, unsigned long gfn_l)
else
{
gfn_unlock(p2m, gfn, 0);
- printk(XENLOG_G_WARNING
- "non-identity map d%d:%lx not cleared (mapped to %lx)\n",
- d->domain_id, gfn_l, mfn_x(mfn));
+ if ( (p2mt != p2m_invalid && p2mt != p2m_mmio_dm) ||
+ a != p2m_access_n || !mfn_eq(mfn, INVALID_MFN) )
+ printk(XENLOG_G_WARNING
+ "non-identity map %pd:%lx not cleared (mapped to %lx)\n",
+ d, gfn_l, mfn_x(mfn));
ret = 0;
}
diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c
index cc0062b027..8b1e0596b8 100644
--- a/xen/drivers/passthrough/x86/iommu.c
+++ b/xen/drivers/passthrough/x86/iommu.c
@@ -267,24 +267,36 @@ int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma,
if ( p2ma == p2m_access_x )
return -ENOENT;
- while ( base_pfn < end_pfn )
- {
- int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag);
-
- if ( err )
- return err;
- base_pfn++;
- }
-
map = xmalloc(struct identity_map);
if ( !map )
return -ENOMEM;
+
map->base = base;
map->end = end;
map->access = p2ma;
map->count = 1;
+
+ /*
+ * Insert into list ahead of mapping, so the range can be found when
+ * trying to clean up.
+ */
list_add_tail(&map->list, &hd->arch.identity_maps);
+ for ( ; base_pfn < end_pfn; ++base_pfn )
+ {
+ int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag);
+
+ if ( !err )
+ continue;
+
+ if ( (map->base >> PAGE_SHIFT_4K) == base_pfn )
+ {
+ list_del(&map->list);
+ xfree(map);
+ }
+ return err;
+ }
+
return 0;
}

View File

@ -0,0 +1,31 @@
Subject: x86/pass-through: documents as security-unsupported when sharing resources
From: Jan Beulich jbeulich@suse.com Tue Aug 13 16:37:25 2024 +0200
Date: Tue Aug 13 16:37:25 2024 +0200:
Git: 9c94eda1e3790820699a6de3f6a7c959ecf30600
When multiple devices share resources and one of them is to be passed
through to a guest, security of the entire system and of respective
guests individually cannot really be guaranteed without knowing
internals of any of the involved guests. Therefore such a configuration
cannot really be security-supported, yet making that explicit was so far
missing.
This is XSA-461 / CVE-2024-31146.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -841,6 +841,11 @@ This feature is not security supported:
Only systems using IOMMUs are supported.
+Passing through of devices sharing resources with another device is not
+security supported. Such sharing could e.g. be the same line interrupt being
+used by multiple devices, one of which is to be passed through, or two such
+devices having memory BARs within the same 4k page.
+
Not compatible with migration, populate-on-demand, altp2m,
introspection, memory sharing, or memory paging.

View File

@ -0,0 +1,127 @@
# Commit fb1658221a31ec1db33253a80001191391e73b17
# Date 2024-08-28 19:59:07 +0100
# Author Roger Pau Monne <roger.pau@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/dom0: disable SMAP for PV domain building only
Move the logic that disables SMAP so it's only performed when building a PV
dom0, PVH dom0 builder doesn't require disabling SMAP.
The fixes tag is to account for the wrong usage of cpu_has_smap in
create_dom0(), it should instead have used
boot_cpu_has(X86_FEATURE_XEN_SMAP). Fix while moving the logic to apply to PV
only.
While there also make cr4_pv32_mask __ro_after_init.
Fixes: 493ab190e5b1 ('xen/sm{e, a}p: allow disabling sm{e, a}p for Xen itself')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/include/asm/setup.h
+++ b/xen/arch/x86/include/asm/setup.h
@@ -64,6 +64,8 @@ extern bool opt_dom0_verbose;
extern bool opt_dom0_cpuid_faulting;
extern bool opt_dom0_msr_relaxed;
+extern unsigned long cr4_pv32_mask;
+
#define max_init_domid (0)
#endif
--- a/xen/arch/x86/pv/dom0_build.c
+++ b/xen/arch/x86/pv/dom0_build.c
@@ -354,11 +354,11 @@ static struct page_info * __init alloc_c
return page;
}
-int __init dom0_construct_pv(struct domain *d,
- const module_t *image,
- unsigned long image_headroom,
- module_t *initrd,
- const char *cmdline)
+static int __init dom0_construct(struct domain *d,
+ const module_t *image,
+ unsigned long image_headroom,
+ module_t *initrd,
+ const char *cmdline)
{
int i, rc, order, machine;
bool compatible, compat;
@@ -1048,6 +1048,36 @@ out:
return rc;
}
+
+int __init dom0_construct_pv(struct domain *d,
+ const module_t *image,
+ unsigned long image_headroom,
+ module_t *initrd,
+ const char *cmdline)
+{
+ int rc;
+
+ /*
+ * Clear SMAP in CR4 to allow user-accesses in construct_dom0(). This
+ * prevents us needing to rewrite construct_dom0() in terms of
+ * copy_{to,from}_user().
+ */
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
+ {
+ cr4_pv32_mask &= ~X86_CR4_SMAP;
+ write_cr4(read_cr4() & ~X86_CR4_SMAP);
+ }
+
+ rc = dom0_construct(d, image, image_headroom, initrd, cmdline);
+
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
+ {
+ write_cr4(read_cr4() | X86_CR4_SMAP);
+ cr4_pv32_mask |= X86_CR4_SMAP;
+ }
+
+ return rc;
+}
/*
* Local variables:
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -79,8 +79,7 @@ bool __read_mostly use_invpcid;
int8_t __initdata opt_probe_port_aliases = -1;
boolean_param("probe-port-aliases", opt_probe_port_aliases);
-/* Only used in asm code and within this source file */
-unsigned long asmlinkage __read_mostly cr4_pv32_mask;
+unsigned long __ro_after_init cr4_pv32_mask;
/* **** Linux config option: propagated to domain0. */
/* "acpi=off": Sisables both ACPI table parsing and interpreter. */
@@ -955,26 +954,9 @@ static struct domain *__init create_dom0
}
}
- /*
- * Temporarily clear SMAP in CR4 to allow user-accesses in construct_dom0().
- * This saves a large number of corner cases interactions with
- * copy_from_user().
- */
- if ( cpu_has_smap )
- {
- cr4_pv32_mask &= ~X86_CR4_SMAP;
- write_cr4(read_cr4() & ~X86_CR4_SMAP);
- }
-
if ( construct_dom0(d, image, headroom, initrd, cmdline) != 0 )
panic("Could not construct domain 0\n");
- if ( cpu_has_smap )
- {
- write_cr4(read_cr4() | X86_CR4_SMAP);
- cr4_pv32_mask |= X86_CR4_SMAP;
- }
-
return d;
}

View File

@ -0,0 +1,49 @@
Subject: Arm64: adjust __irq_to_desc() to fix build with gcc14
From: Jan Beulich jbeulich@suse.com Thu Aug 29 10:03:53 2024 +0200
Date: Thu Aug 29 10:03:53 2024 +0200:
Git: 99f942f3d410059dc223ee0a908827e928ef3592
With the original code I observe
In function __irq_to_desc,
inlined from route_irq_to_guest at arch/arm/irq.c:465:12:
arch/arm/irq.c:54:16: error: array subscript -2 is below array bounds of irq_desc_t[32] {aka struct irq_desc[32]} [-Werror=array-bounds=]
54 | return &this_cpu(local_irq_desc)[irq];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
which looks pretty bogus: How in the world does the compiler arrive at
-2 when compiling route_irq_to_guest()? Yet independent of that the
function's parameter wants to be of unsigned type anyway, as shown by
a vast majority of callers (others use plain int when they really mean
non-negative quantities). With that adjustment the code compiles fine
again.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Michal Orzel <michal.orzel@amd.com>
diff --git a/xen/arch/arm/include/asm/irq.h b/xen/arch/arm/include/asm/irq.h
index ec437add09..88e060bf29 100644
--- a/xen/arch/arm/include/asm/irq.h
+++ b/xen/arch/arm/include/asm/irq.h
@@ -56,7 +56,7 @@ extern const unsigned int nr_irqs;
struct irq_desc;
struct irqaction;
-struct irq_desc *__irq_to_desc(int irq);
+struct irq_desc *__irq_to_desc(unsigned int irq);
#define irq_to_desc(irq) __irq_to_desc(irq)
diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c
index 6b89f64fd1..b9757d7ad3 100644
--- a/xen/arch/arm/irq.c
+++ b/xen/arch/arm/irq.c
@@ -48,7 +48,7 @@ void irq_end_none(struct irq_desc *irq)
static irq_desc_t irq_desc[NR_IRQS];
static DEFINE_PER_CPU(irq_desc_t[NR_LOCAL_IRQS], local_irq_desc);
-struct irq_desc *__irq_to_desc(int irq)
+struct irq_desc *__irq_to_desc(unsigned int irq)
{
if ( irq < NR_LOCAL_IRQS )
return &this_cpu(local_irq_desc)[irq];

View File

@ -0,0 +1,84 @@
# Commit bb03169bcb6ecccf372de1f6b9285cd519a26bb8
# Date 2024-09-03 10:53:44 +0100
# Author Javi Merino <javi.merino@cloud.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
libxl: Fix nul-termination of the return value of libxl_xen_console_read_line()
When built with ASAN, "xl dmesg" crashes in the "printf("%s", line)"
call in main_dmesg(). ASAN reports a heap buffer overflow: an
off-by-one access to cr->buffer.
The readconsole sysctl copies up to count characters into the buffer,
but it does not add a null character at the end. Despite the
documentation of libxl_xen_console_read_line(), line_r is not
nul-terminated if 16384 characters were copied to the buffer.
Fix this by asking xc_readconsolering() to fill the buffer up to size
- 1. As the number of characters in the buffer is only needed in
libxl_xen_console_read_line(), make it a local variable there instead
of part of the libxl__xen_console_reader struct.
Fixes: 4024bae739cc ("xl: Add subcommand 'xl dmesg'")
Reported-by: Edwin Török <edwin.torok@cloud.com>
Signed-off-by: Javi Merino <javi.merino@cloud.com>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
--- a/tools/libs/light/libxl_console.c
+++ b/tools/libs/light/libxl_console.c
@@ -774,12 +774,17 @@ libxl_xen_console_reader *
{
GC_INIT(ctx);
libxl_xen_console_reader *cr;
- unsigned int size = 16384;
+ /*
+ * We want xen to fill the buffer in as few hypercalls as
+ * possible, but xen will not nul-terminate it. The default size
+ * of Xen's console buffer is 16384. Leave one byte at the end
+ * for the null character.
+ */
+ unsigned int size = 16384 + 1;
cr = libxl__zalloc(NOGC, sizeof(libxl_xen_console_reader));
cr->buffer = libxl__zalloc(NOGC, size);
cr->size = size;
- cr->count = size;
cr->clear = clear;
cr->incremental = 1;
@@ -800,10 +805,16 @@ int libxl_xen_console_read_line(libxl_ct
char **line_r)
{
int ret;
+ /*
+ * Number of chars to copy into the buffer. xc_readconsolering()
+ * does not add a null character at the end, so leave a space for
+ * us to add it.
+ */
+ unsigned int nr_chars = cr->size - 1;
GC_INIT(ctx);
memset(cr->buffer, 0, cr->size);
- ret = xc_readconsolering(ctx->xch, cr->buffer, &cr->count,
+ ret = xc_readconsolering(ctx->xch, cr->buffer, &nr_chars,
cr->clear, cr->incremental, &cr->index);
if (ret < 0) {
LOGE(ERROR, "reading console ring buffer");
@@ -811,7 +822,7 @@ int libxl_xen_console_read_line(libxl_ct
return ERROR_FAIL;
}
if (!ret) {
- if (cr->count) {
+ if (nr_chars) {
*line_r = cr->buffer;
ret = 1;
} else {
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -2077,7 +2077,6 @@ _hidden char *libxl__uuid2string(libxl__
struct libxl__xen_console_reader {
char *buffer;
unsigned int size;
- unsigned int count;
unsigned int clear;
unsigned int incremental;
unsigned int index;

View File

@ -0,0 +1,54 @@
# Commit d7c18b8720824d7efc39ffa7296751e1812865a9
# Date 2024-09-04 16:05:03 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
SUPPORT.md: split XSM from Flask
XSM is a generic framework, which in particular is also used by SILO.
With this it can't really be experimental: Arm mandates SILO for having
a security supported configuration.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -768,13 +768,21 @@ Compile time disabled for ARM by default
Status, x86: Supported, not security supported
-### XSM & FLASK
+### XSM (Xen Security Module) Framework
+
+XSM is a security policy framework. The dummy implementation is covered by this
+statement, and implements a policy whereby dom0 is all powerful. See below for
+alternative modules (FLASK, SILO).
+
+ Status: Supported
+
+### FLASK XSM Module
Status: Experimental
Compile time disabled by default.
-Also note that using XSM
+Also note that using FLASK
to delegate various domain control hypercalls
to particular other domains, rather than only permitting use by dom0,
is also specifically excluded from security support for many hypercalls.
@@ -787,6 +795,13 @@ Please see XSA-77 for more details.
The default policy includes FLASK labels and roles for a "typical" Xen-based system
with dom0, driver domains, stub domains, domUs, and so on.
+### SILO XSM Module
+
+SILO extends the dummy policy by enforcing that DomU-s can only communicate
+with Dom0, yet not with each other.
+
+ Status: Supported
+
## Virtual Hardware, Hypervisor
### x86/Nested PV

View File

@ -0,0 +1,36 @@
# Commit eb7cd0593d88c4b967a24bca8bd30591966676cd
# Date 2024-09-12 09:13:04 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/HVM: properly reject "indirect" VRAM writes
While ->count will only be different from 1 for "indirect" (data in
guest memory) accesses, it being 1 does not exclude the request being an
"indirect" one. Check both to be on the safe side, and bring the ->count
part also in line with what ioreq_send_buffered() actually refuses to
handle.
Fixes: 3bbaaec09b1b ("x86/hvm: unify stdvga mmio intercept with standard mmio intercept")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/stdvga.c
+++ b/xen/arch/x86/hvm/stdvga.c
@@ -530,14 +530,14 @@ static bool cf_check stdvga_mem_accept(
spin_lock(&s->lock);
- if ( p->dir == IOREQ_WRITE && p->count > 1 )
+ if ( p->dir == IOREQ_WRITE && (p->data_is_ptr || p->count != 1) )
{
/*
* We cannot return X86EMUL_UNHANDLEABLE on anything other then the
* first cycle of an I/O. So, since we cannot guarantee to always be
* able to send buffered writes, we have to reject any multi-cycle
- * I/O and, since we are rejecting an I/O, we must invalidate the
- * cache.
+ * or "indirect" I/O and, since we are rejecting an I/O, we must
+ * invalidate the cache.
* Single-cycle write transactions are accepted even if the cache is
* not active since we can assert, when in stdvga mode, that writes
* to VRAM have no side effect and thus we can try to buffer them.

View File

@ -0,0 +1,52 @@
# Commit a8bf14f6f331d4f428010b4277b67c33f561ed19
# Date 2024-09-13 15:23:30 +0100
# Author Demi Marie Obenour <demi@invisiblethingslab.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
xen/ucode: Fix buffer under-run when parsing AMD containers
The AMD container format has no formal spec. It is, at best, precision
guesswork based on AMD's prior contributions to open source projects. The
Equivalence Table has both an explicit length, and an expectation of having a
NULL entry at the end.
Xen was sanity checking the NULL entry, but without confirming that an entry
was present, resulting in a read off the front of the buffer. With some
manual debugging/annotations this manifests as:
(XEN) *** Buf ffff83204c00b19c, eq ffff83204c00b194
(XEN) *** eq: 0c 00 00 00 44 4d 41 00 00 00 00 00 00 00 00 00 aa aa aa aa
^-Actual buffer-------------------^
(XEN) *** installed_cpu: 000c
(XEN) microcode: Bad equivalent cpu table
(XEN) Parsing microcode blob error -22
When loaded by hypercall, the 4 bytes interpreted as installed_cpu happen to
be the containing struct ucode_buf's len field, and luckily will be nonzero.
When loaded at boot, it's possible for the access to #PF if the module happens
to have been placed on a 2M boundary by the bootloader. Under Linux, it will
commonly be the end of the CPIO header.
Drop the probe of the NULL entry; Nothing else cares. A container without one
is well formed, insofar that we can still parse it correctly. With this
dropped, the same container results in:
(XEN) microcode: couldn't find any matching ucode in the provided blob!
Fixes: 4de936a38aa9 ("x86/ucode/amd: Rework parsing logic in cpu_request_microcode()")
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -336,8 +336,7 @@ static struct microcode_patch *cf_check
if ( size < sizeof(*et) ||
(et = buf)->type != UCODE_EQUIV_CPU_TABLE_TYPE ||
size - sizeof(*et) < et->len ||
- et->len % sizeof(et->eq[0]) ||
- et->eq[(et->len / sizeof(et->eq[0])) - 1].installed_cpu )
+ et->len % sizeof(et->eq[0]) )
{
printk(XENLOG_ERR "microcode: Bad equivalent cpu table\n");
error = -EINVAL;

View File

@ -1,12 +1,15 @@
From: Jan Beulich <jbeulich@suse.com> # Commit c42d9ec61f6d11e25fa77bd44dd11dad1edda268
Subject: x86/vLAPIC: prevent undue recursion of vlapic_error() # Date 2024-09-24 14:23:29 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/vLAPIC: prevent undue recursion of vlapic_error()
With the error vector set to an illegal value, the function invoking With the error vector set to an illegal value, the function invoking
vlapic_set_irq() would bring execution back here, with the non-recursive vlapic_set_irq() would bring execution back here, with the non-recursive
lock already held. Avoid the call in this case, merely further updating lock already held. Avoid the call in this case, merely further updating
ESR (if necessary). ESR (if necessary).
This is XSA-462. This is XSA-462 / CVE-2024-45817.
Fixes: 5f32d186a8b1 ("x86/vlapic: don't silently accept bad vectors") Fixes: 5f32d186a8b1 ("x86/vlapic: don't silently accept bad vectors")
Reported-by: Federico Serafini <federico.serafini@bugseng.com> Reported-by: Federico Serafini <federico.serafini@bugseng.com>
@ -17,7 +20,7 @@ Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/vlapic.c --- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c
@@ -113,9 +113,24 @@ static void vlapic_error(struct vlapic * @@ -112,9 +112,24 @@ static void vlapic_error(struct vlapic *
if ( (esr & errmask) != errmask ) if ( (esr & errmask) != errmask )
{ {
uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR); uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR);

View File

@ -0,0 +1,33 @@
# Commit 8752ad83e79754f8109457cff796e5f86f644348
# Date 2024-09-24 18:57:38 +0100
# Author Demi Marie Obenour <demi@invisiblethingslab.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
xen/ucode: Make Intel's microcode_sanity_check() stricter
The SDM states that data size must be a multiple of 4, but Xen doesn't check
this propery.
This is liable to cause a later failures, but should be checked explicitly.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/cpu/microcode/intel.c
+++ b/xen/arch/x86/cpu/microcode/intel.c
@@ -155,10 +155,13 @@ static int microcode_sanity_check(const
uint32_t sum;
/*
- * Total size must be a multiple of 1024 bytes. Data size and the header
- * must fit within it.
+ * The SDM states:
+ * - Data size must be a multiple of 4.
+ * - Total size must be a multiple of 1024 bytes. Data size and the
+ * header must fit within it.
*/
if ( (total_size & 1023) ||
+ (data_size & 3) ||
data_size > (total_size - MC_HEADER_SIZE) )
{
printk(XENLOG_WARNING "microcode: Bad size\n");

View File

@ -1,50 +0,0 @@
Index: xen-4.18.0-testing/tools/misc/xencov_split
===================================================================
--- xen-4.18.0-testing.orig/tools/misc/xencov_split
+++ xen-4.18.0-testing/tools/misc/xencov_split
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
from __future__ import print_function
from builtins import str
Index: xen-4.18.0-testing/tools/python/scripts/convert-legacy-stream
===================================================================
--- xen-4.18.0-testing.orig/tools/python/scripts/convert-legacy-stream
+++ xen-4.18.0-testing/tools/python/scripts/convert-legacy-stream
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/scripts/verify-stream-v2
===================================================================
--- xen-4.18.0-testing.orig/tools/python/scripts/verify-stream-v2
+++ xen-4.18.0-testing/tools/python/scripts/verify-stream-v2
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
""" Verify a v2 format migration stream """
Index: xen-4.18.0-testing/tools/xenmon/xenmon.py
===================================================================
--- xen-4.18.0-testing.orig/tools/xenmon/xenmon.py
+++ xen-4.18.0-testing/tools/xenmon/xenmon.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
#####################################################################
# xenmon is a front-end for xenbaked.
Index: xen-4.18.0-testing/tools/xentrace/xentrace_format
===================================================================
--- xen-4.18.0-testing.orig/tools/xentrace/xentrace_format
+++ xen-4.18.0-testing/tools/xentrace/xentrace_format
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
# by Mark Williamson, (C) 2004 Intel Research Cambridge

View File

@ -1,7 +1,7 @@
Index: xen-4.18.3-testing/Config.mk Index: xen-4.19.0-testing/Config.mk
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/Config.mk --- xen-4.19.0-testing.orig/Config.mk
+++ xen-4.18.3-testing/Config.mk +++ xen-4.19.0-testing/Config.mk
@@ -77,7 +77,7 @@ EXTRA_INCLUDES += $(EXTRA_PREFIX)/includ @@ -77,7 +77,7 @@ EXTRA_INCLUDES += $(EXTRA_PREFIX)/includ
EXTRA_LIB += $(EXTRA_PREFIX)/lib EXTRA_LIB += $(EXTRA_PREFIX)/lib
endif endif
@ -11,47 +11,34 @@ Index: xen-4.18.3-testing/Config.mk
PYTHON_PREFIX_ARG ?= --prefix="$(prefix)" PYTHON_PREFIX_ARG ?= --prefix="$(prefix)"
# The above requires that prefix contains *no spaces*. This variable is here # The above requires that prefix contains *no spaces*. This variable is here
# to permit the user to set PYTHON_PREFIX_ARG to '' to workaround this bug: # to permit the user to set PYTHON_PREFIX_ARG to '' to workaround this bug:
Index: xen-4.18.3-testing/tools/configure Index: xen-4.19.0-testing/tools/configure
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/tools/configure --- xen-4.19.0-testing.orig/tools/configure
+++ xen-4.18.3-testing/tools/configure +++ xen-4.19.0-testing/tools/configure
@@ -7382,15 +7382,15 @@ if test x"${PYTHONPATH}" = x"no" @@ -8297,15 +8297,15 @@ if test x"${PYTHONPATH}" = x"no"
then then
as_fn_error $? "Unable to find $PYTHON, please install $PYTHON" "$LINENO" 5 as_fn_error $? "Unable to find $PYTHON, please install $PYTHON" "$LINENO" 5
fi fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for python version >= 2.6 " >&5 -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python version >= 2.7 " >&5
-$as_echo_n "checking for python version >= 2.6 ... " >&6; } -printf %s "checking for python version >= 2.7 ... " >&6; }
-`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (2, 6)"))'` -`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (2, 7)"))'`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for python3 version >= 3.0 " >&5 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python version >= 3.0 " >&5
+$as_echo_n "checking for python3 version >= 3.0 ... " >&6; } +printf %s "checking for python version >= 3.0 ... " >&6; }
+`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (3, 0)"))'` +`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (3, 0)"))'`
if test "$?" != "0" if test "$?" != "0"
then then
python_version=`$PYTHON -V 2>&1` python_version=`$PYTHON -V 2>&1`
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; } printf "%s\n" "no" >&6; }
- as_fn_error $? "$python_version is too old, minimum required version is 2.6" "$LINENO" 5 - as_fn_error $? "$python_version is too old, minimum required version is 2.7" "$LINENO" 5
+ as_fn_error $? "$python_version is too old, minimum required version is 3.0" "$LINENO" 5 + as_fn_error $? "$python_version is too old, minimum required version is 3.0" "$LINENO" 5
else else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; } printf "%s\n" "yes" >&6; }
Index: xen-4.18.3-testing/tools/configure.ac Index: xen-4.19.0-testing/tools/libs/light/idl.py
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/tools/configure.ac --- xen-4.19.0-testing.orig/tools/libs/light/idl.py
+++ xen-4.18.3-testing/tools/configure.ac +++ xen-4.19.0-testing/tools/libs/light/idl.py
@@ -385,7 +385,7 @@ PYTHONPATH=$PYTHON
PYTHON=`basename $PYTHONPATH`
AX_PATH_PROG_OR_FAIL([PYTHONPATH], [$PYTHON])
-AX_CHECK_PYTHON_VERSION([2], [6])
+AX_CHECK_PYTHON_VERSION([3], [0])
AS_IF([test "$cross_compiling" != yes], [
AX_CHECK_PYTHON_DEVEL()
Index: xen-4.18.3-testing/tools/libs/light/idl.py
===================================================================
--- xen-4.18.3-testing.orig/tools/libs/light/idl.py
+++ xen-4.18.3-testing/tools/libs/light/idl.py
@@ -271,7 +271,7 @@ class KeyedUnion(Aggregate): @@ -271,7 +271,7 @@ class KeyedUnion(Aggregate):
if not isinstance(keyvar_type, Enumeration): if not isinstance(keyvar_type, Enumeration):
raise ValueError raise ValueError
@ -79,80 +66,80 @@ Index: xen-4.18.3-testing/tools/libs/light/idl.py
if isinstance(t, Type): if isinstance(t, Type):
globs[n] = t globs[n] = t
elif isinstance(t,type(object)) and issubclass(t, Type): elif isinstance(t,type(object)) and issubclass(t, Type):
Index: xen-4.18.3-testing/tools/libs/light/gentest.py Index: xen-4.19.0-testing/tools/libs/light/gentest.py
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/tools/libs/light/gentest.py --- xen-4.19.0-testing.orig/tools/libs/light/gentest.py
+++ xen-4.18.3-testing/tools/libs/light/gentest.py +++ xen-4.19.0-testing/tools/libs/light/gentest.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/python -#!/usr/bin/python
+#!/usr/bin/python3 +#!/usr/bin/python3
from __future__ import print_function from __future__ import print_function
Index: xen-4.18.3-testing/tools/libs/light/gentypes.py Index: xen-4.19.0-testing/tools/libs/light/gentypes.py
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/tools/libs/light/gentypes.py --- xen-4.19.0-testing.orig/tools/libs/light/gentypes.py
+++ xen-4.18.3-testing/tools/libs/light/gentypes.py +++ xen-4.19.0-testing/tools/libs/light/gentypes.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/python -#!/usr/bin/python
+#!/usr/bin/python3 +#!/usr/bin/python3
from __future__ import print_function from __future__ import print_function
Index: xen-4.18.3-testing/tools/include/xen-foreign/mkheader.py Index: xen-4.19.0-testing/tools/include/xen-foreign/mkheader.py
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/tools/include/xen-foreign/mkheader.py --- xen-4.19.0-testing.orig/tools/include/xen-foreign/mkheader.py
+++ xen-4.18.3-testing/tools/include/xen-foreign/mkheader.py +++ xen-4.19.0-testing/tools/include/xen-foreign/mkheader.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/python -#!/usr/bin/python
+#!/usr/bin/python3 +#!/usr/bin/python3
from __future__ import print_function from __future__ import print_function
Index: xen-4.18.3-testing/tools/include/xen-foreign/mkchecker.py Index: xen-4.19.0-testing/tools/include/xen-foreign/mkchecker.py
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/tools/include/xen-foreign/mkchecker.py --- xen-4.19.0-testing.orig/tools/include/xen-foreign/mkchecker.py
+++ xen-4.18.3-testing/tools/include/xen-foreign/mkchecker.py +++ xen-4.19.0-testing/tools/include/xen-foreign/mkchecker.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/python -#!/usr/bin/python
+#!/usr/bin/python3 +#!/usr/bin/python3
import sys; import sys;
from structs import structs, compat_arches; from structs import structs, compat_arches;
Index: xen-4.18.3-testing/xen/tools/gen-cpuid.py Index: xen-4.19.0-testing/xen/tools/gen-cpuid.py
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/xen/tools/gen-cpuid.py --- xen-4.19.0-testing.orig/xen/tools/gen-cpuid.py
+++ xen-4.18.3-testing/xen/tools/gen-cpuid.py +++ xen-4.19.0-testing/xen/tools/gen-cpuid.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/env python -#!/usr/bin/env python
+#!/usr/bin/python3 +#!/usr/bin/python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
import sys, os, re import sys, os, re
Index: xen-4.18.3-testing/xen/tools/compat-build-source.py Index: xen-4.19.0-testing/xen/tools/compat-build-source.py
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/xen/tools/compat-build-source.py --- xen-4.19.0-testing.orig/xen/tools/compat-build-source.py
+++ xen-4.18.3-testing/xen/tools/compat-build-source.py +++ xen-4.19.0-testing/xen/tools/compat-build-source.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/env python -#!/usr/bin/env python
+#!/usr/bin/python3 +#!/usr/bin/python3
import re,sys import re,sys
Index: xen-4.18.3-testing/xen/tools/compat-build-header.py Index: xen-4.19.0-testing/xen/tools/compat-build-header.py
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/xen/tools/compat-build-header.py --- xen-4.19.0-testing.orig/xen/tools/compat-build-header.py
+++ xen-4.18.3-testing/xen/tools/compat-build-header.py +++ xen-4.19.0-testing/xen/tools/compat-build-header.py
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/env python -#!/usr/bin/env python
+#!/usr/bin/python3 +#!/usr/bin/python3
import re,sys import re,sys
Index: xen-4.18.3-testing/tools/misc/xensymoops Index: xen-4.19.0-testing/tools/misc/xensymoops
=================================================================== ===================================================================
--- xen-4.18.3-testing.orig/tools/misc/xensymoops --- xen-4.19.0-testing.orig/tools/misc/xensymoops
+++ xen-4.18.3-testing/tools/misc/xensymoops +++ xen-4.19.0-testing/tools/misc/xensymoops
@@ -1,4 +1,4 @@ @@ -1,4 +1,4 @@
-#!/usr/bin/env python -#!/usr/bin/env python
+#!/usr/bin/python3 +#!/usr/bin/python3

View File

@ -14,10 +14,10 @@ Compiling against gcc14.
| ^~~~~ | ^~~~~
Index: xen-4.18.2-testing/stubdom/Makefile Index: xen-4.19.0-testing/stubdom/Makefile
=================================================================== ===================================================================
--- xen-4.18.2-testing.orig/stubdom/Makefile --- xen-4.19.0-testing.orig/stubdom/Makefile
+++ xen-4.18.2-testing/stubdom/Makefile +++ xen-4.19.0-testing/stubdom/Makefile
@@ -97,6 +97,7 @@ newlib-$(NEWLIB_VERSION): newlib-$(NEWLI @@ -97,6 +97,7 @@ newlib-$(NEWLIB_VERSION): newlib-$(NEWLI
patch -d $@ -p1 < newlib-disable-texinfo.patch patch -d $@ -p1 < newlib-disable-texinfo.patch
patch -d $@ -p1 < newlib-cygmon-gmon.patch patch -d $@ -p1 < newlib-cygmon-gmon.patch
@ -26,10 +26,10 @@ Index: xen-4.18.2-testing/stubdom/Makefile
find $@ -type f | xargs perl -i.bak \ find $@ -type f | xargs perl -i.bak \
-pe 's/\b_(tzname|daylight|timezone)\b/$$1/g' -pe 's/\b_(tzname|daylight|timezone)\b/$$1/g'
touch $@ touch $@
Index: xen-4.18.2-testing/stubdom/newlib-gcc14-pragmas.patch Index: xen-4.19.0-testing/stubdom/newlib-gcc14-pragmas.patch
=================================================================== ===================================================================
--- /dev/null --- /dev/null
+++ xen-4.18.2-testing/stubdom/newlib-gcc14-pragmas.patch +++ xen-4.19.0-testing/stubdom/newlib-gcc14-pragmas.patch
@@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
+--- newlib-1.16.0/newlib/libc/stdlib/wcstoull.c.orig 2024-06-04 15:32:01.495146632 -0600 +--- newlib-1.16.0/newlib/libc/stdlib/wcstoull.c.orig 2024-06-04 15:32:01.495146632 -0600
++++ newlib-1.16.0/newlib/libc/stdlib/wcstoull.c 2024-06-04 15:38:56.627156524 -0600 ++++ newlib-1.16.0/newlib/libc/stdlib/wcstoull.c 2024-06-04 15:38:56.627156524 -0600
@ -67,15 +67,3 @@ Index: xen-4.18.2-testing/stubdom/newlib-gcc14-pragmas.patch
+ DEFUN(copy_past_newline,(ptr, idx, dst), + DEFUN(copy_past_newline,(ptr, idx, dst),
+ string_type *ptr AND + string_type *ptr AND
+ unsigned int idx AND + unsigned int idx AND
--- xen-4.18.2-testing/extras/mini-os-remote/include/posix/sys/mman.h.orig 2024-06-04 16:27:35.155226069 -0600
+++ xen-4.18.2-testing/extras/mini-os-remote/include/posix/sys/mman.h 2024-06-04 16:31:46.591232060 -0600
@@ -16,7 +16,7 @@
void *mmap(void *start, size_t length, int prot, int flags, int fd, off_t offset) asm("mmap64");
int munmap(void *start, size_t length);
-static inline mlock(const void *addr, size_t len) { return 0; }
-static inline munlock(const void *addr, size_t len) { return 0; }
+static inline int mlock(const void *addr, size_t len) { return 0; }
+static inline int munlock(const void *addr, size_t len) { return 0; }
#endif /* _POSIX_SYS_MMAN_H */

View File

@ -20,7 +20,7 @@ Acked-by: Christian Lindig <christian.lindig@citrix.com>
--- a/tools/include/libxl.h --- a/tools/include/libxl.h
+++ b/tools/include/libxl.h +++ b/tools/include/libxl.h
@@ -1811,13 +1811,28 @@ static inline int libxl_retrieve_domain_ @@ -1850,13 +1850,28 @@ static inline int libxl_retrieve_domain_
libxl_retrieve_domain_configuration_0x041200 libxl_retrieve_domain_configuration_0x041200
#endif #endif

View File

@ -53,7 +53,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
=item B<remus> [I<OPTIONS>] I<domain-id> I<host> =item B<remus> [I<OPTIONS>] I<domain-id> I<host>
--- a/tools/include/libxl.h --- a/tools/include/libxl.h
+++ b/tools/include/libxl.h +++ b/tools/include/libxl.h
@@ -1824,6 +1824,7 @@ typedef struct { @@ -1863,6 +1863,7 @@ typedef struct {
} libxl_domain_suspend_suse_properties; } libxl_domain_suspend_suse_properties;
#define LIBXL_SUSPEND_DEBUG 1 #define LIBXL_SUSPEND_DEBUG 1
#define LIBXL_SUSPEND_LIVE 2 #define LIBXL_SUSPEND_LIVE 2
@ -93,7 +93,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE; dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
--- a/tools/libs/light/libxl_internal.h --- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h
@@ -3655,9 +3655,11 @@ struct libxl__domain_save_state { @@ -3652,9 +3652,11 @@ struct libxl__domain_save_state {
libxl_domain_type type; libxl_domain_type type;
int live; int live;
int debug; int debug;

View File

@ -46,7 +46,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
=item B<remus> [I<OPTIONS>] I<domain-id> I<host> =item B<remus> [I<OPTIONS>] I<domain-id> I<host>
--- a/tools/include/libxl.h --- a/tools/include/libxl.h
+++ b/tools/include/libxl.h +++ b/tools/include/libxl.h
@@ -1819,6 +1819,7 @@ static inline int libxl_retrieve_domain_ @@ -1858,6 +1858,7 @@ static inline int libxl_retrieve_domain_
typedef struct { typedef struct {
uint32_t flags; /* LIBXL_SUSPEND_* */ uint32_t flags; /* LIBXL_SUSPEND_* */
@ -77,7 +77,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE; dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
--- a/tools/libs/light/libxl_internal.h --- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h
@@ -3656,6 +3656,7 @@ struct libxl__domain_save_state { @@ -3653,6 +3653,7 @@ struct libxl__domain_save_state {
int live; int live;
int debug; int debug;
int checkpointed_stream; int checkpointed_stream;

View File

@ -51,7 +51,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
=item B<remus> [I<OPTIONS>] I<domain-id> I<host> =item B<remus> [I<OPTIONS>] I<domain-id> I<host>
--- a/tools/include/libxl.h --- a/tools/include/libxl.h
+++ b/tools/include/libxl.h +++ b/tools/include/libxl.h
@@ -1820,6 +1820,7 @@ static inline int libxl_retrieve_domain_ @@ -1859,6 +1859,7 @@ static inline int libxl_retrieve_domain_
typedef struct { typedef struct {
uint32_t flags; /* LIBXL_SUSPEND_* */ uint32_t flags; /* LIBXL_SUSPEND_* */
uint32_t max_iters; uint32_t max_iters;
@ -82,7 +82,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE; dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
--- a/tools/libs/light/libxl_internal.h --- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h
@@ -3657,6 +3657,7 @@ struct libxl__domain_save_state { @@ -3654,6 +3654,7 @@ struct libxl__domain_save_state {
int debug; int debug;
int checkpointed_stream; int checkpointed_stream;
uint32_t max_iters; uint32_t max_iters;

View File

@ -13,7 +13,7 @@ iterations for dirty memory, and a final copy iteration prior move.
--- a/tools/libs/light/libxl_internal.h --- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h
@@ -124,7 +124,7 @@ @@ -125,7 +125,7 @@
#define DOMID_XS_PATH "domid" #define DOMID_XS_PATH "domid"
#define PVSHIM_BASENAME "xen-shim" #define PVSHIM_BASENAME "xen-shim"
#define PVSHIM_CMDLINE "pv-shim console=xen,pv" #define PVSHIM_CMDLINE "pv-shim console=xen,pv"
@ -21,4 +21,4 @@ iterations for dirty memory, and a final copy iteration prior move.
+#define LIBXL_XGS_POLICY_MAX_ITERATIONS 1 +#define LIBXL_XGS_POLICY_MAX_ITERATIONS 1
#define LIBXL_XGS_POLICY_TARGET_DIRTY_COUNT 50 #define LIBXL_XGS_POLICY_TARGET_DIRTY_COUNT 50
/* Size macros. */ #define DIV_ROUNDUP(n, d) (((n) + (d) - 1) / (d))

View File

@ -60,15 +60,15 @@ v02:
dss->sws.dss = dss; dss->sws.dss = dss;
--- a/tools/libs/light/libxl_internal.h --- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h
@@ -124,6 +124,8 @@ @@ -125,6 +125,8 @@
#define DOMID_XS_PATH "domid" #define DOMID_XS_PATH "domid"
#define PVSHIM_BASENAME "xen-shim" #define PVSHIM_BASENAME "xen-shim"
#define PVSHIM_CMDLINE "pv-shim console=xen,pv" #define PVSHIM_CMDLINE "pv-shim console=xen,pv"
+#define LIBXL_XGS_POLICY_MAX_ITERATIONS 5 +#define LIBXL_XGS_POLICY_MAX_ITERATIONS 5
+#define LIBXL_XGS_POLICY_TARGET_DIRTY_COUNT 50 +#define LIBXL_XGS_POLICY_TARGET_DIRTY_COUNT 50
/* Size macros. */ #define DIV_ROUNDUP(n, d) (((n) + (d) - 1) / (d))
#define MB(_mb) (_AC(_mb, ULL) << 20)
--- a/tools/libs/light/libxl_save_msgs_gen.pl --- a/tools/libs/light/libxl_save_msgs_gen.pl
+++ b/tools/libs/light/libxl_save_msgs_gen.pl +++ b/tools/libs/light/libxl_save_msgs_gen.pl
@@ -23,6 +23,7 @@ our @msgs = ( @@ -23,6 +23,7 @@ our @msgs = (

View File

@ -93,7 +93,7 @@ v2:
struct iovec *local_iov = NULL; struct iovec *local_iov = NULL;
--- a/tools/libs/ctrl/xc_private.h --- a/tools/libs/ctrl/xc_private.h
+++ b/tools/libs/ctrl/xc_private.h +++ b/tools/libs/ctrl/xc_private.h
@@ -395,6 +395,7 @@ int xc_flush_mmu_updates(xc_interface *x @@ -389,6 +389,7 @@ int xc_flush_mmu_updates(xc_interface *x
/* Return 0 on success; -1 on error setting errno. */ /* Return 0 on success; -1 on error setting errno. */
int read_exact(int fd, void *data, size_t size); /* EOF => -1, errno=0 */ int read_exact(int fd, void *data, size_t size); /* EOF => -1, errno=0 */

View File

@ -34,7 +34,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
uint32_t domid) uint32_t domid)
{ {
+ int ret; + int ret;
DECLARE_DOMCTL; struct xen_domctl domctl = {};
domctl.cmd = XEN_DOMCTL_pausedomain; domctl.cmd = XEN_DOMCTL_pausedomain;
domctl.domain = domid; domctl.domain = domid;
- return do_domctl(xch, &domctl); - return do_domctl(xch, &domctl);
@ -49,7 +49,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
uint32_t domid) uint32_t domid)
{ {
+ int ret; + int ret;
DECLARE_DOMCTL; struct xen_domctl domctl = {};
domctl.cmd = XEN_DOMCTL_unpausedomain; domctl.cmd = XEN_DOMCTL_unpausedomain;
domctl.domain = domid; domctl.domain = domid;
- return do_domctl(xch, &domctl); - return do_domctl(xch, &domctl);

View File

@ -85,7 +85,7 @@ the execution time of each script.
--- a/tools/libs/light/libxl_create.c --- a/tools/libs/light/libxl_create.c
+++ b/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c
@@ -1323,6 +1323,7 @@ static void initiate_domain_create(libxl @@ -1345,6 +1345,7 @@ static void initiate_domain_create(libxl
* build info around just to know if the domain has a device model or not. * build info around just to know if the domain has a device model or not.
*/ */
store_libxl_entry(gc, domid, &d_config->b_info); store_libxl_entry(gc, domid, &d_config->b_info);
@ -95,7 +95,7 @@ the execution time of each script.
ret = libxl__disk_devtype.set_default(gc, domid, &d_config->disks[i], ret = libxl__disk_devtype.set_default(gc, domid, &d_config->disks[i],
--- a/tools/libs/light/libxl_device.c --- a/tools/libs/light/libxl_device.c
+++ b/tools/libs/light/libxl_device.c +++ b/tools/libs/light/libxl_device.c
@@ -1296,7 +1296,7 @@ static void device_hotplug(libxl__egc *e @@ -1309,7 +1309,7 @@ static void device_hotplug(libxl__egc *e
} }
aes->ao = ao; aes->ao = ao;
@ -104,7 +104,7 @@ the execution time of each script.
aes->env = env; aes->env = env;
aes->args = args; aes->args = args;
aes->callback = device_hotplug_child_death_cb; aes->callback = device_hotplug_child_death_cb;
@@ -1305,6 +1305,15 @@ static void device_hotplug(libxl__egc *e @@ -1318,6 +1318,15 @@ static void device_hotplug(libxl__egc *e
aes->stdfds[1] = 2; aes->stdfds[1] = 2;
aes->stdfds[2] = -1; aes->stdfds[2] = -1;
@ -278,7 +278,7 @@ the execution time of each script.
#include <xenevtchn.h> #include <xenevtchn.h>
#include <xenstore.h> #include <xenstore.h>
@@ -1629,6 +1630,7 @@ struct libxl__xswait_state { @@ -1626,6 +1627,7 @@ struct libxl__xswait_state {
const char *what; /* for error msgs: noun phrase, what we're waiting for */ const char *what; /* for error msgs: noun phrase, what we're waiting for */
const char *path; const char *path;
int timeout_ms; /* as for poll(2) */ int timeout_ms; /* as for poll(2) */
@ -286,7 +286,7 @@ the execution time of each script.
libxl__xswait_callback *callback; libxl__xswait_callback *callback;
/* remaining fields are private to xswait */ /* remaining fields are private to xswait */
libxl__ev_time time_ev; libxl__ev_time time_ev;
@@ -2707,6 +2709,7 @@ struct libxl__async_exec_state { @@ -2704,6 +2706,7 @@ struct libxl__async_exec_state {
char **args; /* execution arguments */ char **args; /* execution arguments */
char **env; /* execution environment */ char **env; /* execution environment */
@ -294,7 +294,7 @@ the execution time of each script.
/* private */ /* private */
libxl__ev_time time; libxl__ev_time time;
libxl__ev_child child; libxl__ev_child child;
@@ -4896,6 +4899,9 @@ _hidden int userlookup_helper_getpwuid(l @@ -4893,6 +4896,9 @@ _hidden int userlookup_helper_getpwuid(l
#endif #endif

View File

@ -7,11 +7,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425
tools/libxl/libxlu_disk_l.l | 1 + tools/libxl/libxlu_disk_l.l | 1 +
5 files changed, 18 insertions(+), 1 deletion(-) 5 files changed, 18 insertions(+), 1 deletion(-)
Index: xen-4.18.0-testing/docs/man/xl-disk-configuration.5.pod.in Index: xen-4.19.0-testing/docs/man/xl-disk-configuration.5.pod.in
=================================================================== ===================================================================
--- xen-4.18.0-testing.orig/docs/man/xl-disk-configuration.5.pod.in --- xen-4.19.0-testing.orig/docs/man/xl-disk-configuration.5.pod.in
+++ xen-4.18.0-testing/docs/man/xl-disk-configuration.5.pod.in +++ xen-4.19.0-testing/docs/man/xl-disk-configuration.5.pod.in
@@ -337,6 +337,32 @@ No @@ -339,6 +339,32 @@ No
discard discard
@ -44,13 +44,13 @@ Index: xen-4.18.0-testing/docs/man/xl-disk-configuration.5.pod.in
=back =back
An advisory setting for the backend driver, specifying whether to An advisory setting for the backend driver, specifying whether to
Index: xen-4.18.0-testing/tools/include/libxl.h Index: xen-4.19.0-testing/tools/include/libxl.h
=================================================================== ===================================================================
--- xen-4.18.0-testing.orig/tools/include/libxl.h --- xen-4.19.0-testing.orig/tools/include/libxl.h
+++ xen-4.18.0-testing/tools/include/libxl.h +++ xen-4.19.0-testing/tools/include/libxl.h
@@ -584,6 +584,21 @@ @@ -603,6 +603,21 @@
*/ #define LIBXL_HAVE_P9_ADD 1
#define LIBXL_HAVE_CONSOLE_ADD_XENSTORE 1
/* /*
+ * The libxl_device_disk has no way to indicate that cache=unsafe is + * The libxl_device_disk has no way to indicate that cache=unsafe is
+ * supposed to be used. Provide this knob without breaking the ABI. + * supposed to be used. Provide this knob without breaking the ABI.
@ -70,11 +70,11 @@ Index: xen-4.18.0-testing/tools/include/libxl.h
* libxl ABI compatibility * libxl ABI compatibility
* *
* The only guarantee which libxl makes regarding ABI compatibility * The only guarantee which libxl makes regarding ABI compatibility
Index: xen-4.18.0-testing/tools/libs/light/libxl_disk.c Index: xen-4.19.0-testing/tools/libs/light/libxl_disk.c
=================================================================== ===================================================================
--- xen-4.18.0-testing.orig/tools/libs/light/libxl_disk.c --- xen-4.19.0-testing.orig/tools/libs/light/libxl_disk.c
+++ xen-4.18.0-testing/tools/libs/light/libxl_disk.c +++ xen-4.19.0-testing/tools/libs/light/libxl_disk.c
@@ -422,6 +422,8 @@ static void device_disk_add(libxl__egc * @@ -464,6 +464,8 @@ static void device_disk_add(libxl__egc *
flexarray_append_pair(back, "discard-enable", flexarray_append_pair(back, "discard-enable",
libxl_defbool_val(disk->discard_enable) ? libxl_defbool_val(disk->discard_enable) ?
"1" : "0"); "1" : "0");
@ -83,10 +83,10 @@ Index: xen-4.18.0-testing/tools/libs/light/libxl_disk.c
flexarray_append(back, "specification"); flexarray_append(back, "specification");
flexarray_append(back, libxl__device_disk_string_of_specification(disk->specification)); flexarray_append(back, libxl__device_disk_string_of_specification(disk->specification));
if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) { if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) {
Index: xen-4.18.0-testing/tools/libs/light/libxl_dm.c Index: xen-4.19.0-testing/tools/libs/light/libxl_dm.c
=================================================================== ===================================================================
--- xen-4.18.0-testing.orig/tools/libs/light/libxl_dm.c --- xen-4.19.0-testing.orig/tools/libs/light/libxl_dm.c
+++ xen-4.18.0-testing/tools/libs/light/libxl_dm.c +++ xen-4.19.0-testing/tools/libs/light/libxl_dm.c
@@ -1019,14 +1019,27 @@ enum { @@ -1019,14 +1019,27 @@ enum {
LIBXL__COLO_SECONDARY, LIBXL__COLO_SECONDARY,
}; };
@ -164,7 +164,7 @@ Index: xen-4.18.0-testing/tools/libs/light/libxl_dm.c
break; break;
default: default:
abort(); abort();
@@ -1998,8 +2013,8 @@ static int libxl__build_device_model_arg @@ -1997,8 +2012,8 @@ static int libxl__build_device_model_arg
return ERROR_INVAL; return ERROR_INVAL;
} }
flexarray_vappend(dm_args, "-drive", flexarray_vappend(dm_args, "-drive",
@ -175,10 +175,10 @@ Index: xen-4.18.0-testing/tools/libs/light/libxl_dm.c
"-device", GCSPRINTF("ide-hd,bus=ahci0.%d,unit=0,drive=ahcidisk-%d", "-device", GCSPRINTF("ide-hd,bus=ahci0.%d,unit=0,drive=ahcidisk-%d",
disk, disk), NULL); disk, disk), NULL);
continue; continue;
Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk.c Index: xen-4.19.0-testing/tools/libs/util/libxlu_disk.c
=================================================================== ===================================================================
--- xen-4.18.0-testing.orig/tools/libs/util/libxlu_disk.c --- xen-4.19.0-testing.orig/tools/libs/util/libxlu_disk.c
+++ xen-4.18.0-testing/tools/libs/util/libxlu_disk.c +++ xen-4.19.0-testing/tools/libs/util/libxlu_disk.c
@@ -78,6 +78,8 @@ int xlu_disk_parse(XLU_Config *cfg, @@ -78,6 +78,8 @@ int xlu_disk_parse(XLU_Config *cfg,
if (!disk->pdev_path || !strcmp(disk->pdev_path, "")) if (!disk->pdev_path || !strcmp(disk->pdev_path, ""))
disk->format = LIBXL_DISK_FORMAT_EMPTY; disk->format = LIBXL_DISK_FORMAT_EMPTY;
@ -188,10 +188,10 @@ Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk.c
if (!disk->vdev) { if (!disk->vdev) {
xlu__disk_err(&dpc,0, "no vdev specified"); xlu__disk_err(&dpc,0, "no vdev specified");
Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk_i.h Index: xen-4.19.0-testing/tools/libs/util/libxlu_disk_i.h
=================================================================== ===================================================================
--- xen-4.18.0-testing.orig/tools/libs/util/libxlu_disk_i.h --- xen-4.19.0-testing.orig/tools/libs/util/libxlu_disk_i.h
+++ xen-4.18.0-testing/tools/libs/util/libxlu_disk_i.h +++ xen-4.19.0-testing/tools/libs/util/libxlu_disk_i.h
@@ -10,7 +10,7 @@ typedef struct { @@ -10,7 +10,7 @@ typedef struct {
void *scanner; void *scanner;
YY_BUFFER_STATE buf; YY_BUFFER_STATE buf;
@ -201,10 +201,10 @@ Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk_i.h
const char *spec; const char *spec;
} DiskParseContext; } DiskParseContext;
Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk_l.l Index: xen-4.19.0-testing/tools/libs/util/libxlu_disk_l.l
=================================================================== ===================================================================
--- xen-4.18.0-testing.orig/tools/libs/util/libxlu_disk_l.l --- xen-4.19.0-testing.orig/tools/libs/util/libxlu_disk_l.l
+++ xen-4.18.0-testing/tools/libs/util/libxlu_disk_l.l +++ xen-4.19.0-testing/tools/libs/util/libxlu_disk_l.l
@@ -216,6 +216,7 @@ colo-port=[^,]*,? { STRIP(','); setcolop @@ -216,6 +216,7 @@ colo-port=[^,]*,? { STRIP(','); setcolop
colo-export=[^,]*,? { STRIP(','); SAVESTRING("colo-export", colo_export, FROMEQUALS); } colo-export=[^,]*,? { STRIP(','); SAVESTRING("colo-export", colo_export, FROMEQUALS); }
active-disk=[^,]*,? { STRIP(','); SAVESTRING("active-disk", active_disk, FROMEQUALS); } active-disk=[^,]*,? { STRIP(','); SAVESTRING("active-disk", active_disk, FROMEQUALS); }

View File

@ -1,63 +0,0 @@
Index: xen-4.18.0-testing/tools/python/xen/migration/legacy.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/legacy.py
+++ xen-4.18.0-testing/tools/python/xen/migration/legacy.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/libxc.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/libxc.py
+++ xen-4.18.0-testing/tools/python/xen/migration/libxc.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/libxl.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/libxl.py
+++ xen-4.18.0-testing/tools/python/xen/migration/libxl.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/public.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/public.py
+++ xen-4.18.0-testing/tools/python/xen/migration/public.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/tests.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/tests.py
+++ xen-4.18.0-testing/tools/python/xen/migration/tests.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/verify.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/verify.py
+++ xen-4.18.0-testing/tools/python/xen/migration/verify.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/xl.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/xl.py
+++ xen-4.18.0-testing/tools/python/xen/migration/xl.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""

BIN
mini-os.tar.bz2 (Stored with Git LFS)

Binary file not shown.

View File

@ -1,8 +1,8 @@
Index: xen-4.17.2-testing/tools/pygrub/src/pygrub Index: xen-4.19.0-testing/tools/pygrub/src/pygrub
=================================================================== ===================================================================
--- xen-4.17.2-testing.orig/tools/pygrub/src/pygrub --- xen-4.19.0-testing.orig/tools/pygrub/src/pygrub
+++ xen-4.17.2-testing/tools/pygrub/src/pygrub +++ xen-4.19.0-testing/tools/pygrub/src/pygrub
@@ -579,7 +579,7 @@ class Grub: @@ -593,7 +593,7 @@ class Grub:
self.cf.filename = f self.cf.filename = f
break break
if self.__dict__.get('cf', None) is None: if self.__dict__.get('cf', None) is None:
@ -11,7 +11,7 @@ Index: xen-4.17.2-testing/tools/pygrub/src/pygrub
f = fs.open_file(self.cf.filename) f = fs.open_file(self.cf.filename)
# limit read size to avoid pathological cases # limit read size to avoid pathological cases
buf = f.read(FS_READ_MAX) buf = f.read(FS_READ_MAX)
@@ -754,6 +754,20 @@ def run_grub(file, entry, fs, cfg_args): @@ -768,6 +768,20 @@ def run_grub(file, entry, fs, cfg_args):
g = Grub(file, fs) g = Grub(file, fs)
@ -32,7 +32,7 @@ Index: xen-4.17.2-testing/tools/pygrub/src/pygrub
if list_entries: if list_entries:
for i in range(len(g.cf.images)): for i in range(len(g.cf.images)):
img = g.cf.images[i] img = g.cf.images[i]
@@ -840,6 +854,19 @@ def sniff_netware(fs, cfg): @@ -854,6 +868,19 @@ def sniff_netware(fs, cfg):
return cfg return cfg
@ -52,7 +52,7 @@ Index: xen-4.17.2-testing/tools/pygrub/src/pygrub
def format_sxp(kernel, ramdisk, args): def format_sxp(kernel, ramdisk, args):
s = "linux (kernel %s)" % repr(kernel) s = "linux (kernel %s)" % repr(kernel)
if ramdisk: if ramdisk:
@@ -918,7 +945,7 @@ if __name__ == "__main__": @@ -932,7 +959,7 @@ if __name__ == "__main__":
debug = False debug = False
not_really = False not_really = False
output_format = "sxp" output_format = "sxp"

View File

@ -16,11 +16,11 @@ brctl. Replace them by commands from iproute2 package.
.../i386-dm/qemu-ifup-Linux | 5 +++-- .../i386-dm/qemu-ifup-Linux | 5 +++--
9 files changed, 26 insertions(+), 26 deletions(-) 9 files changed, 26 insertions(+), 26 deletions(-)
Index: xen-4.17.0-testing/README Index: xen-4.19.0-testing/README
=================================================================== ===================================================================
--- xen-4.17.0-testing.orig/README --- xen-4.19.0-testing.orig/README
+++ xen-4.17.0-testing/README +++ xen-4.19.0-testing/README
@@ -61,8 +61,7 @@ provided by your OS distributor: @@ -59,8 +59,7 @@ provided by your OS distributor:
* Development install of GLib v2.0 (e.g. libglib2.0-dev) * Development install of GLib v2.0 (e.g. libglib2.0-dev)
* Development install of Pixman (e.g. libpixman-1-dev) * Development install of Pixman (e.g. libpixman-1-dev)
* pkg-config * pkg-config
@ -30,10 +30,10 @@ Index: xen-4.17.0-testing/README
* GNU bison and GNU flex * GNU bison and GNU flex
* ACPI ASL compiler (iasl) * ACPI ASL compiler (iasl)
Index: xen-4.17.0-testing/tools/hotplug/Linux/remus-netbuf-setup Index: xen-4.19.0-testing/tools/hotplug/Linux/remus-netbuf-setup
=================================================================== ===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/remus-netbuf-setup --- xen-4.19.0-testing.orig/tools/hotplug/Linux/remus-netbuf-setup
+++ xen-4.17.0-testing/tools/hotplug/Linux/remus-netbuf-setup +++ xen-4.19.0-testing/tools/hotplug/Linux/remus-netbuf-setup
@@ -76,6 +76,7 @@ @@ -76,6 +76,7 @@
#specific setup code such as renaming. #specific setup code such as renaming.
dir=$(dirname "$0") dir=$(dirname "$0")
@ -60,10 +60,10 @@ Index: xen-4.17.0-testing/tools/hotplug/Linux/remus-netbuf-setup
check_ifb "$ifb" || continue check_ifb "$ifb" || continue
REMUS_IFB="$ifb" REMUS_IFB="$ifb"
break break
Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-bridge Index: xen-4.19.0-testing/tools/hotplug/Linux/vif-bridge
=================================================================== ===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/vif-bridge --- xen-4.19.0-testing.orig/tools/hotplug/Linux/vif-bridge
+++ xen-4.17.0-testing/tools/hotplug/Linux/vif-bridge +++ xen-4.19.0-testing/tools/hotplug/Linux/vif-bridge
@@ -42,7 +42,8 @@ if [ -z "$bridge" ]; then @@ -42,7 +42,8 @@ if [ -z "$bridge" ]; then
if which brctl >&/dev/null; then if which brctl >&/dev/null; then
bridge=$(brctl show | awk 'NR==2{print$1}') bridge=$(brctl show | awk 'NR==2{print$1}')
@ -74,10 +74,10 @@ Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-bridge
fi fi
if [ -z "$bridge" ] if [ -z "$bridge" ]
then then
Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-nat Index: xen-4.19.0-testing/tools/hotplug/Linux/vif-nat
=================================================================== ===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/vif-nat --- xen-4.19.0-testing.orig/tools/hotplug/Linux/vif-nat
+++ xen-4.17.0-testing/tools/hotplug/Linux/vif-nat +++ xen-4.19.0-testing/tools/hotplug/Linux/vif-nat
@@ -172,7 +172,11 @@ case "$command" in @@ -172,7 +172,11 @@ case "$command" in
;; ;;
offline) offline)
@ -91,10 +91,10 @@ Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-nat
;; ;;
esac esac
Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-route Index: xen-4.19.0-testing/tools/hotplug/Linux/vif-route
=================================================================== ===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/vif-route --- xen-4.19.0-testing.orig/tools/hotplug/Linux/vif-route
+++ xen-4.17.0-testing/tools/hotplug/Linux/vif-route +++ xen-4.19.0-testing/tools/hotplug/Linux/vif-route
@@ -23,13 +23,23 @@ main_ip=$(dom0_ip) @@ -23,13 +23,23 @@ main_ip=$(dom0_ip)
case "${command}" in case "${command}" in
@ -121,10 +121,10 @@ Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-route
ipcmd='del' ipcmd='del'
cmdprefix='do_without_error' cmdprefix='do_without_error'
;; ;;
Index: xen-4.17.0-testing/tools/hotplug/Linux/xen-network-common.sh Index: xen-4.19.0-testing/tools/hotplug/Linux/xen-network-common.sh
=================================================================== ===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/xen-network-common.sh --- xen-4.19.0-testing.orig/tools/hotplug/Linux/xen-network-common.sh
+++ xen-4.17.0-testing/tools/hotplug/Linux/xen-network-common.sh +++ xen-4.19.0-testing/tools/hotplug/Linux/xen-network-common.sh
@@ -15,6 +15,12 @@ @@ -15,6 +15,12 @@
# #

BIN
stubdom.tar.bz2 (Stored with Git LFS)

Binary file not shown.

View File

@ -2,7 +2,7 @@ Change default IO-APIC ack mode for single IO-APIC systems to old-style.
--- a/xen/arch/x86/io_apic.c --- a/xen/arch/x86/io_apic.c
+++ b/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c
@@ -2076,7 +2076,10 @@ void __init setup_IO_APIC(void) @@ -2071,7 +2071,10 @@ void __init setup_IO_APIC(void)
io_apic_irqs = ~PIC_IRQS; io_apic_irqs = ~PIC_IRQS;
printk("ENABLING IO-APIC IRQs\n"); printk("ENABLING IO-APIC IRQs\n");

BIN
xen-4.18.3-testing-src.tar.bz2 (Stored with Git LFS)

Binary file not shown.

BIN
xen-4.19.0-testing-src.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,11 +1,11 @@
Index: xen-4.18.0-testing/xen/arch/Kconfig Index: xen-4.19.0-testing/xen/arch/Kconfig
=================================================================== ===================================================================
--- xen-4.18.0-testing.orig/xen/arch/Kconfig --- xen-4.19.0-testing.orig/xen/arch/Kconfig
+++ xen-4.18.0-testing/xen/arch/Kconfig +++ xen-4.19.0-testing/xen/arch/Kconfig
@@ -7,7 +7,7 @@ config PHYS_ADDR_T_32 @@ -7,7 +7,7 @@ config PHYS_ADDR_T_32
config NR_CPUS config NR_CPUS
int "Maximum number of CPUs" int "Maximum number of CPUs"
range 1 4095 range 1 16383
- default "256" if X86 - default "256" if X86
+ default "1024" if X86 + default "1024" if X86
default "8" if ARM && RCAR3 default "8" if ARM && RCAR3

View File

@ -1,7 +1,5 @@
Index: xen-4.18.3-testing/tools/xs-clients/Makefile --- a/tools/xs-clients/Makefile
=================================================================== +++ b/tools/xs-clients/Makefile
--- xen-4.18.3-testing.orig/tools/xs-clients/Makefile
+++ xen-4.18.3-testing/tools/xs-clients/Makefile
@@ -29,7 +29,7 @@ all: $(TARGETS) @@ -29,7 +29,7 @@ all: $(TARGETS)
clients: xenstore $(CLIENTS) xenstore-control clients: xenstore $(CLIENTS) xenstore-control
@ -20,10 +18,8 @@ Index: xen-4.18.3-testing/tools/xs-clients/Makefile
done done
.PHONY: uninstall .PHONY: uninstall
Index: xen-4.18.3-testing/tools/xenstored/Makefile --- a/tools/xenstored/Makefile
=================================================================== +++ b/tools/xenstored/Makefile
--- xen-4.18.3-testing.orig/tools/xenstored/Makefile
+++ xen-4.18.3-testing/tools/xenstored/Makefile
@@ -32,6 +32,7 @@ TAGS: @@ -32,6 +32,7 @@ TAGS:
install: all install: all
$(INSTALL_DIR) $(DESTDIR)$(sbindir) $(INSTALL_DIR) $(DESTDIR)$(sbindir)

View File

@ -20,7 +20,7 @@ actually handle. The default is zero tolerance.
unsigned long __read_mostly cpu_khz; /* CPU clock frequency in kHz. */ unsigned long __read_mostly cpu_khz; /* CPU clock frequency in kHz. */
DEFINE_SPINLOCK(rtc_lock); DEFINE_SPINLOCK(rtc_lock);
unsigned long pit0_ticks; unsigned long pit0_ticks;
@@ -2720,6 +2723,8 @@ int tsc_set_info(struct domain *d, @@ -2797,6 +2800,8 @@ int tsc_set_info(struct domain *d,
switch ( tsc_mode ) switch ( tsc_mode )
{ {
@ -29,7 +29,7 @@ actually handle. The default is zero tolerance.
case XEN_CPUID_TSC_MODE_DEFAULT: case XEN_CPUID_TSC_MODE_DEFAULT:
case XEN_CPUID_TSC_MODE_ALWAYS_EMULATE: case XEN_CPUID_TSC_MODE_ALWAYS_EMULATE:
d->arch.vtsc_offset = get_s_time() - elapsed_nsec; d->arch.vtsc_offset = get_s_time() - elapsed_nsec;
@@ -2733,8 +2738,25 @@ int tsc_set_info(struct domain *d, @@ -2810,8 +2815,25 @@ int tsc_set_info(struct domain *d,
* When a guest is created, gtsc_khz is passed in as zero, making * When a guest is created, gtsc_khz is passed in as zero, making
* d->arch.tsc_khz == cpu_khz. Thus no need to check incarnation. * d->arch.tsc_khz == cpu_khz. Thus no need to check incarnation.
*/ */

View File

@ -1,10 +1,113 @@
-------------------------------------------------------------------
Thu Sep 26 11:30:00 CEST 2024 - jbeulich@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Sep 10 09:54:34 MDT 2024 - carnold@suse.com Tue Sep 10 09:54:34 MDT 2024 - carnold@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in - bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462) vlapic_error() (XSA-462)
xsa462.patch xsa462.patch
-------------------------------------------------------------------
Fri Aug 30 07:32:58 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Fix build on aarch64 with gcc14 (bsc#1225953)
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
-------------------------------------------------------------------
Thu Aug 15 15:13:42 MDT 2024 - carnold@suse.com
- Update to Xen 4.19.0 FCS release (jsc#PED-8907)
xen-4.19.0-testing-src.tar.bz2
- New Features
* On x86:
- Introduce a new x2APIC driver that uses Cluster Logical addressing mode
for IPIs and Physical addressing mode for external interrupts.
* On Arm:
- FF-A notification support.
- Introduction of dynamic node programming using overlay dtbo.
* Add a new 9pfs backend running as a daemon in dom0. First user is
Xenstore-stubdom now being able to support full Xenstore trace capability.
* libxl support for backendtype=tap with tapback.
- Changed Features
* Changed flexible array definitions in public I/O interface headers to not
use "1" as the number of array elements.
* The minimum supported OCaml toolchain version is now 4.05
* On x86:
- HVM PIRQs are disabled by default.
- Reduce IOMMU setup time for hardware domain.
- Allow HVM/PVH domains to map foreign pages.
- Declare PVH dom0 supported with caveats.
* xl/libxl configures vkb=[] for HVM domains with priority over vkb_device.
* Increase the maximum number of CPUs Xen can be built for from 4095 to
16383.
* When building with Systemd support (./configure --enable-systemd), remove
libsystemd as a build dependency. Systemd Notify support is retained, now
using a standalone library implementation.
* xenalyze no longer requires `--svm-mode` when analyzing traces
generated on AMD CPUs
* Code symbol annotations and MISRA compliance improvements.
- Removed Features
* caml-stubdom. It hasn't built since 2014, was pinned to Ocaml 4.02, and has
been superseded by the MirageOS/SOLO5 projects.
* /usr/bin/pygrub symlink. This was deprecated in Xen 4.2 (2012) but left for
compatibility reasons. VMs configured with bootloader="/usr/bin/pygrub"
should be updated to just bootloader="pygrub".
* The Xen gdbstub on x86.
* xentrace_format has been removed; use xenalyze instead.
- Dropped patches contained in new tarball
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- Dropped patches no longer necessary
bin-python3-conversion.patch
migration-python3-conversion.patch
-------------------------------------------------------------------
Wed Aug 14 14:10:47 MDT 2024 - carnold@suse.com
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 14 11:33:39 MDT 2024 - carnold@suse.com Wed Aug 14 11:33:39 MDT 2024 - carnold@suse.com
@ -42,6 +145,17 @@ Wed Aug 14 11:33:39 MDT 2024 - carnold@suse.com
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch 6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch xsa458.patch
-------------------------------------------------------------------
Wed Aug 7 08:06:00 CEST 2024 - jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
66a8b8ac-bunzip2-rare-failure.patch
-------------------------------------------------------------------
Tue Jul 23 09:43:13 UTC 2024 - Franz Sirl <franz.sirl-obs@lauterbach.com>
- Enable support for ZSTD and LZO compression formats
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 3 12:41:39 MDT 2024 - carnold@suse.com Wed Jul 3 12:41:39 MDT 2024 - carnold@suse.com

View File

@ -9,7 +9,7 @@ References: bsc#954872
--- a/tools/libs/light/libxl_disk.c --- a/tools/libs/light/libxl_disk.c
+++ b/tools/libs/light/libxl_disk.c +++ b/tools/libs/light/libxl_disk.c
@@ -203,7 +203,7 @@ static int libxl__device_disk_setdefault @@ -237,7 +237,7 @@ static int libxl__device_disk_setdefault
return rc; return rc;
} }
@ -18,9 +18,9 @@ References: bsc#954872
const libxl_device_disk *disk, const libxl_device_disk *disk,
libxl__device *device) libxl__device *device)
{ {
@@ -372,6 +372,10 @@ static void device_disk_add(libxl__egc * @@ -414,6 +414,10 @@ static void device_disk_add(libxl__egc *
rc = ERROR_FAIL; assert(device->backend_kind == LIBXL__DEVICE_KIND_VBD3);
goto out; break;
case LIBXL_DISK_BACKEND_QDISK: case LIBXL_DISK_BACKEND_QDISK:
+ if (disk->script) { + if (disk->script) {
+ script = libxl__abs_path(gc, disk->script, libxl__xen_script_dir_path()); + script = libxl__abs_path(gc, disk->script, libxl__xen_script_dir_path());
@ -31,8 +31,8 @@ References: bsc#954872
libxl__device_disk_string_of_format(disk->format), libxl__device_disk_string_of_format(disk->format),
--- a/tools/libs/light/libxl_device.c --- a/tools/libs/light/libxl_device.c
+++ b/tools/libs/light/libxl_device.c +++ b/tools/libs/light/libxl_device.c
@@ -351,7 +351,8 @@ static int disk_try_backend(disk_try_bac @@ -361,7 +361,8 @@ static int disk_try_backend(disk_try_bac
return 0; return backend;
case LIBXL_DISK_BACKEND_QDISK: case LIBXL_DISK_BACKEND_QDISK:
- if (a->disk->script) goto bad_script; - if (a->disk->script) goto bad_script;
@ -89,7 +89,7 @@ References: bsc#954872
disks[i].vdev); disks[i].vdev);
--- a/tools/libs/util/libxlu_disk_l.l --- a/tools/libs/util/libxlu_disk_l.l
+++ b/tools/libs/util/libxlu_disk_l.l +++ b/tools/libs/util/libxlu_disk_l.l
@@ -253,6 +253,8 @@ target=.* { STRIP(','); SAVESTRING("targ @@ -256,6 +256,8 @@ target=.* { STRIP(','); SAVESTRING("targ
free(newscript); free(newscript);
} }
@ -100,7 +100,7 @@ References: bsc#954872
aio:/.* { DPC->had_depr_prefix=1; DEPRECATE(0); } aio:/.* { DPC->had_depr_prefix=1; DEPRECATE(0); }
--- a/tools/libs/light/libxl_internal.h --- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h
@@ -2073,6 +2073,10 @@ _hidden char *libxl__object_to_json(libx @@ -2070,6 +2070,10 @@ _hidden char *libxl__object_to_json(libx
_hidden int libxl__cpuid_legacy(libxl_ctx *ctx, uint32_t domid, bool retore, _hidden int libxl__cpuid_legacy(libxl_ctx *ctx, uint32_t domid, bool retore,
libxl_domain_build_info *info); libxl_domain_build_info *info);

View File

@ -26,9 +26,11 @@
# Keep it at the original location (/usr/lib) for backward compatibility # Keep it at the original location (/usr/lib) for backward compatibility
%define _libexecdir /usr/lib %define _libexecdir /usr/lib
%{?!primary_python:%define primary_python python3}
Name: xen Name: xen
ExclusiveArch: %ix86 x86_64 aarch64 ExclusiveArch: %ix86 x86_64 aarch64
%define xen_build_dir xen-4.18.3-testing %define xen_build_dir xen-4.19.0-testing
# #
%define with_gdbsx 0 %define with_gdbsx 0
%define with_dom0_support 0 %define with_dom0_support 0
@ -96,6 +98,8 @@ BuildRequires: makeinfo
%endif %endif
%endif %endif
BuildRequires: acpica BuildRequires: acpica
BuildRequires: libzstd-devel
BuildRequires: lzo-devel
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: python3-devel BuildRequires: python3-devel
@ -117,14 +121,15 @@ BuildRequires: makeinfo
%ifarch x86_64 %ifarch x86_64
BuildRequires: pesign-obs-integration BuildRequires: pesign-obs-integration
%endif %endif
BuildRequires: python-rpm-macros
Provides: installhint(reboot-needed) Provides: installhint(reboot-needed)
Version: 4.18.3_04 Version: 4.19.0_04
Release: 0 Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0-only License: GPL-2.0-only
Group: System/Kernel Group: System/Kernel
Source0: xen-4.18.3-testing-src.tar.bz2 Source0: xen-4.19.0-testing-src.tar.bz2
Source1: stubdom.tar.bz2 Source1: stubdom.tar.bz2
Source2: mini-os.tar.bz2 Source2: mini-os.tar.bz2
Source9: xen.changes Source9: xen.changes
@ -154,9 +159,18 @@ Source10183: xen_maskcalc.py
# For xen-libs # For xen-libs
Source99: baselibs.conf Source99: baselibs.conf
# Upstream patches # Upstream patches
Patch1: 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch Patch1: 66a8b8ac-bunzip2-rare-failure.patch
Patch2: 66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
Patch3: 66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
Patch4: 66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
Patch5: 66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
Patch6: 66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
Patch7: 66d8690f-SUPPORT-split-XSM-from-Flask.patch
Patch8: 66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
Patch9: 66e44ae2-x86-ucode-AMD-buffer-underrun.patch
Patch10: 66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Patch11: 66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
# EMBARGOED security fixes # EMBARGOED security fixes
Patch100: xsa462.patch
# libxc # libxc
Patch301: libxc-bitmap-long.patch Patch301: libxc-bitmap-long.patch
Patch302: libxc-sr-xl-migration-debug.patch Patch302: libxc-sr-xl-migration-debug.patch
@ -218,8 +232,6 @@ Patch466: libxl.helper_done-crash.patch
Patch467: libxl.LIBXL_HOTPLUG_TIMEOUT.patch Patch467: libxl.LIBXL_HOTPLUG_TIMEOUT.patch
# python3 conversion patches # python3 conversion patches
Patch500: build-python3-conversion.patch Patch500: build-python3-conversion.patch
Patch501: migration-python3-conversion.patch
Patch502: bin-python3-conversion.patch
# Hypervisor and PV driver Patches # Hypervisor and PV driver Patches
Patch600: xen.bug1026236.suse_vtsc_tolerance.patch Patch600: xen.bug1026236.suse_vtsc_tolerance.patch
Patch601: x86-ioapic-ack-default.patch Patch601: x86-ioapic-ack-default.patch
@ -283,8 +295,8 @@ Requires: qemu-arm
Requires: %{name} = %{version}-%{release} Requires: %{name} = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}
Recommends: multipath-tools Recommends: multipath-tools
Requires: python3 Requires: %{primary_python}
Requires: python3-curses Requires: %{primary_python}-curses
%ifarch %{ix86} x86_64 %ifarch %{ix86} x86_64
Requires: qemu-seabios Requires: qemu-seabios
%endif %endif
@ -476,7 +488,7 @@ configure_flags="${configure_flags} --enable-stubdom"
sed -i~ 's/ XENSTORETYPE=domain$/ XENSTORETYPE=daemon/' tools/hotplug/Linux/launch-xenstore.in sed -i~ 's/ XENSTORETYPE=domain$/ XENSTORETYPE=daemon/' tools/hotplug/Linux/launch-xenstore.in
configure_flags="${configure_flags} --disable-stubdom" configure_flags="${configure_flags} --disable-stubdom"
%endif %endif
export PYTHON="/usr/bin/python3" export PYTHON=$(realpath /usr/bin/python3)
configure_flags="${configure_flags} --disable-qemu-traditional" configure_flags="${configure_flags} --disable-qemu-traditional"
./configure \ ./configure \
--disable-xen \ --disable-xen \
@ -810,17 +822,18 @@ done
# Xen utilities # Xen utilities
install -m755 %SOURCE36 %{buildroot}/usr/sbin/xen2libvirt install -m755 %SOURCE36 %{buildroot}/usr/sbin/xen2libvirt
install -m755 %SOURCE10183 %{buildroot}/usr/sbin/xen_maskcalc install -m755 %SOURCE10183 %{buildroot}/usr/sbin/xen_maskcalc
%python3_fix_shebang
rm -f %{buildroot}/etc/xen/README* rm -f %{buildroot}/etc/xen/README*
# Example config # Example config
mkdir -p %{buildroot}/etc/xen/{vm,examples,scripts} mkdir -p %{buildroot}/etc/xen/{vm,examples,scripts}
mv %{buildroot}/etc/xen/xlexample* %{buildroot}/etc/xen/examples mv %{buildroot}/etc/xen/xlexample* %{buildroot}/etc/xen/examples
rm -f %{buildroot}/etc/xen/examples/*nbd rm -f %{buildroot}/etc/xen/examples/*nbd
install -m644 tools/xentrace/formats %{buildroot}/etc/xen/examples/xentrace_formats.txt
# Scripts # Scripts
rm -f %{buildroot}/etc/xen/scripts/block-*nbd rm -f %{buildroot}/etc/xen/scripts/block-*nbd
install -m755 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE24 %{buildroot}/etc/xen/scripts/ install -m755 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE24 %{buildroot}/etc/xen/scripts/
install -m755 tools/pygrub/src/pygrub %{buildroot}/usr/bin/pygrub
mkdir -p %{buildroot}/usr/lib/supportconfig/plugins mkdir -p %{buildroot}/usr/lib/supportconfig/plugins
install -m 755 %SOURCE13 %{buildroot}/usr/lib/supportconfig/plugins/xen install -m 755 %SOURCE13 %{buildroot}/usr/lib/supportconfig/plugins/xen
@ -977,7 +990,6 @@ rm -f %{buildroot}/usr/libexec/qemu-bridge-helper
/usr/bin/pygrub /usr/bin/pygrub
/usr/bin/vchan-socket-proxy /usr/bin/vchan-socket-proxy
/usr/bin/xencov_split /usr/bin/xencov_split
/usr/bin/xentrace_format
%ifarch x86_64 %ifarch x86_64
/usr/bin/xen-cpuid /usr/bin/xen-cpuid
%endif %endif

View File

@ -18,10 +18,10 @@ Basically fillup removed all comments, and also the two added key=value lines.
Prevent this by defining all keys, with empty values, so that consumers Prevent this by defining all keys, with empty values, so that consumers
of the values will continue to use the built-in defaults. of the values will continue to use the built-in defaults.
Index: xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in Index: xen-4.19.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
=================================================================== ===================================================================
--- xen-4.16.0-testing.orig/tools/hotplug/Linux/init.d/sysconfig.xencommons.in --- xen-4.19.0-testing.orig/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
+++ xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in +++ xen-4.19.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
@@ -3,7 +3,9 @@ @@ -3,7 +3,9 @@
## Default: "none" ## Default: "none"
# #
@ -55,20 +55,19 @@ Index: xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
## Type: string ## Type: string
## Default: unlimited ## Default: unlimited
@@ -57,9 +59,10 @@ XENSTORED_ARGS= @@ -57,8 +59,9 @@ XENSTORED_ARGS=
## Type: string ## Type: string
## Default: Not defined, tracing off ## Default: Not defined, tracing off
# #
-# Log xenstored messages -# Log xenstored messages
+# Log xenstored messages if a non-empty value is assigned.
# Only evaluated if XENSTORETYPE is "daemon".
-#XENSTORED_TRACE=[yes|on|1] -#XENSTORED_TRACE=[yes|on|1]
+# Log xenstored messages if a non-empty value is assigned.
+# +#
+XENSTORED_TRACE= +XENSTORED_TRACE=
## Type: integer ## Type: integer
## Default: 50 ## Default: 50
@@ -75,14 +78,14 @@ XENSTORED_ARGS= @@ -74,14 +77,14 @@ XENSTORED_ARGS=
# #
# xenstore domain kernel. # xenstore domain kernel.
# Only evaluated if XENSTORETYPE is "domain". # Only evaluated if XENSTORETYPE is "domain".
@ -85,7 +84,7 @@ Index: xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
## Type: string ## Type: string
## Default: not set, no autoballooning of xenstore domain ## Default: not set, no autoballooning of xenstore domain
@@ -93,7 +96,7 @@ XENSTORED_ARGS= @@ -92,7 +95,7 @@ XENSTORED_ARGS=
# - combination of both in form of <val>:<frac> (e.g. 8:1/100), resulting # - combination of both in form of <val>:<frac> (e.g. 8:1/100), resulting
# value will be the higher of both specifications # value will be the higher of both specifications
# Only evaluated if XENSTORETYPE is "domain". # Only evaluated if XENSTORETYPE is "domain".
@ -94,7 +93,7 @@ Index: xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
## Type: string ## Type: string
## Default: "" ## Default: ""
@@ -106,4 +109,4 @@ XENSTORE_DOMAIN_ARGS= @@ -105,4 +108,4 @@ XENSTORE_DOMAIN_ARGS=
#QEMU_XEN=@qemu_xen_path@ #QEMU_XEN=@qemu_xen_path@
# Dom0 UUID # Dom0 UUID

View File

@ -11,7 +11,7 @@ References: fate#323663 - Run Xenstore in stubdomain
# #
# Select type of xentore service. # Select type of xentore service.
# #
@@ -81,14 +81,14 @@ XENSTORED_TRACE= @@ -80,14 +80,14 @@ XENSTORED_TRACE=
XENSTORE_DOMAIN_KERNEL= XENSTORE_DOMAIN_KERNEL=
## Type: integer ## Type: integer
@ -49,6 +49,6 @@ References: fate#323663 - Run Xenstore in stubdomain
- [ -z "$XENSTORE_MAX_DOMAIN_SIZE" ] || XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --maxmem $XENSTORE_MAX_DOMAIN_SIZE" - [ -z "$XENSTORE_MAX_DOMAIN_SIZE" ] || XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --maxmem $XENSTORE_MAX_DOMAIN_SIZE"
+ [ -z "$XENSTORE_MAX_DOMAIN_SIZE" ] && XENSTORE_MAX_DOMAIN_SIZE="1/100" + [ -z "$XENSTORE_MAX_DOMAIN_SIZE" ] && XENSTORE_MAX_DOMAIN_SIZE="1/100"
+ XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --maxmem $XENSTORE_MAX_DOMAIN_SIZE" + XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --maxmem $XENSTORE_MAX_DOMAIN_SIZE"
[ -z "$XENSTORED_TRACE" ] || XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS -T xenstored-trace.log"
echo -n Starting $XENSTORE_DOMAIN_KERNEL... echo -n Starting $XENSTORE_DOMAIN_KERNEL...
${LIBEXEC_BIN}/init-xenstore-domain $XENSTORE_DOMAIN_ARGS || exit 1

View File

@ -1,93 +1,104 @@
References: bsc#1178736 References: bsc#1178736
Allow restart of xenwatchdogd in case it terminated unexpectetly. Allow restart of xenwatchdogd in case it terminated unexpectetly.
Index: xen-4.14.0-testing/tools/misc/xenwatchdogd.c Index: xen-4.19.0-testing/tools/misc/xenwatchdogd.c
=================================================================== ===================================================================
--- xen-4.14.0-testing.orig/tools/misc/xenwatchdogd.c --- xen-4.19.0-testing.orig/tools/misc/xenwatchdogd.c
+++ xen-4.14.0-testing/tools/misc/xenwatchdogd.c +++ xen-4.19.0-testing/tools/misc/xenwatchdogd.c
@@ -9,12 +9,16 @@ @@ -21,6 +21,8 @@
#include <unistd.h>
#include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdbool.h>
#include <getopt.h>
+#include <libgen.h> +#include <libgen.h>
+#include <syslog.h> +#include <syslog.h>
xc_interface *h; #define WDOG_MIN_TIMEOUT 2
int id = 0; #define WDOG_MIN_SLEEP 1
@@ -29,9 +31,11 @@
static xc_interface *h;
static volatile bool safeexit = false;
static volatile bool done = false;
+static const char id_file[] = "/run/xenwatchdog_id.txt"; +static const char id_file[] = "/run/xenwatchdog_id.txt";
-void daemonize(void) -static void daemonize(void)
+static void daemonize(const char *str) +static void daemonize(const char *str)
{ {
+ const char *err_str = ""; + const char *err_str = "";
switch (fork()) { switch (fork()) {
case -1: case -1:
err(1, "fork"); err(EXIT_FAILURE, "fork");
@@ -23,7 +27,9 @@ void daemonize(void) @@ -40,7 +44,9 @@ static void daemonize(void)
default: default:
exit(0); exit(EXIT_SUCCESS);
} }
- umask(0); - umask(0);
+#define err(x,s) do { err_str = (s); goto out; } while (0) +#define err(x,s) do { err_str = (s); goto out; } while (0)
+ openlog(str, LOG_CONS, LOG_DAEMON); + openlog(str, LOG_CONS, LOG_DAEMON);
+ umask(~(S_IRUSR|S_IWUSR)); + umask(~(S_IRUSR|S_IWUSR));
if (setsid() < 0) if (setsid() < 0)
err(1, "setsid"); err(EXIT_FAILURE, "setsid");
if (chdir("/") < 0) if (chdir("/") < 0)
@@ -34,6 +40,10 @@ void daemonize(void) @@ -51,6 +57,10 @@ static void daemonize(void)
err(1, "reopen stdout"); err(EXIT_FAILURE, "reopen stdout");
if(freopen("/dev/null", "w", stderr) == NULL) if(freopen("/dev/null", "w", stderr) == NULL)
err(1, "reopen stderr"); err(EXIT_FAILURE, "reopen stderr");
+ return; + return;
+out: +out:
+ syslog(LOG_ERR, "%s: %m", err_str); + syslog(LOG_ERR, "%s: %m", err_str);
+ exit(1); + exit(1);
} }
void catch_exit(int sig) static void catch_exit(int sig)
@@ -47,18 +57,21 @@ void catch_usr1(int sig) @@ -62,6 +72,7 @@ static void catch_usr1(int sig)
{ {
if (id) safeexit = true;
xc_watchdog(h, id, 0); done = true;
+ unlink(id_file); + unlink(id_file);
exit(0);
} }
static void __attribute__((noreturn)) usage(int exit_code)
@@ -98,10 +109,12 @@ static int parse_secs(const char *arg, c
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
+ FILE *f; + FILE *f;
int id;
int t, s; int t, s;
int ret; int ret;
bool daemon = true;
+ const char *err_str = ""; + const char *err_str = "";
if (argc < 2) for ( ;; )
errx(1, "usage: %s <timeout> <sleep>", argv[0]); {
@@ -160,7 +173,7 @@ int main(int argc, char **argv)
s = t / 2;
- daemonize(); if (daemon)
+ daemonize(basename(argv[0])); - daemonize();
+ daemonize(basename(argv[0]));
h = xc_interface_open(NULL, NULL, 0); h = xc_interface_open(NULL, NULL, 0);
if (h == NULL) if (h == NULL)
@@ -86,9 +99,25 @@ int main(int argc, char **argv) @@ -177,9 +190,25 @@ int main(int argc, char **argv)
if (signal(SIGUSR1, &catch_usr1) == SIG_ERR) if (signal(SIGUSR1, &catch_usr1) == SIG_ERR)
err(1, "signal"); err(EXIT_FAILURE, "signal");
- id = xc_watchdog(h, 0, t); - id = xc_watchdog(h, 0, t);
- if (id <= 0) - if (id <= 0)
- err(1, "xc_watchdog setup"); - err(EXIT_FAILURE, "xc_watchdog setup");
+ f = fopen(id_file, "r"); + f = fopen(id_file, "r");
+ if (f) { + if (f) {
+ if (fscanf(f, "%d", &id) != 1) + if (fscanf(f, "%d", &id) != 1)
+ id = -1; + id = -1;
+ if (id <= 0) + if (id <= 0)
+ err(1, "xc_watchdog setup"); + err(EXIT_FAILURE, "xc_watchdog setup");
+ syslog(LOG_INFO, "reusing id %d", id); + syslog(LOG_INFO, "reusing id %d", id);
+ fclose(f); + fclose(f);
+ } else { + } else {
+ id = xc_watchdog(h, 0, t); + id = xc_watchdog(h, 0, t);
+ syslog(LOG_INFO, "obtained id %d", id); + syslog(LOG_INFO, "obtained id %d", id);
+ if (id <= 0) + if (id <= 0)
+ err(1, "xc_watchdog setup"); + err(EXIT_FAILURE, "xc_watchdog setup");
+ f = fopen(id_file, "w"); + f = fopen(id_file, "w");
+ if (f) { + if (f) {
+ fprintf(f, "%d\n", id); + fprintf(f, "%d\n", id);
@ -95,14 +106,14 @@ Index: xen-4.14.0-testing/tools/misc/xenwatchdogd.c
+ } + }
+ } + }
for (;;) { while (!done) {
sleep(s); sleep(s);
@@ -96,4 +125,8 @@ int main(int argc, char **argv) @@ -191,4 +220,8 @@ int main(int argc, char **argv)
if (ret != 0) // Zero seconds timeout will disarm the watchdog timer
err(1, "xc_watchdog"); xc_watchdog(h, id, safeexit ? 0 : WDOG_EXIT_TIMEOUT);
} return 0;
+ +
+out: +out:
+ syslog(LOG_ERR, "%s: %m", err_str); + syslog(LOG_ERR, "%s: %m", err_str);
+ exit(1); + exit(EXIT_FAILURE);
} }