SHA256
2
0
forked from SLFO-pool/xen

Sync from SUSE:SLFO:Main xen revision 4c1c9473a770d45c019a6b6be8512faa

This commit is contained in:
Adrian Schröter 2024-10-18 15:48:08 +02:00
parent 8b440090d6
commit 245e26a41b
42 changed files with 947 additions and 400 deletions

View File

@ -1,45 +0,0 @@
# Commit d0a718a45f14b86471d8eb3083acd72760963470
# Date 2024-04-11 13:23:08 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/hvm: Fix Misra Rule 19.1 regression
Despite noticing an impending Rule 19.1 violation, the adjustment made (the
uint32_t cast) wasn't sufficient to avoid it. Try again.
Subsequently noticed by Coverity too.
Fixes: 6a98383b0877 ("x86/HVM: clear upper halves of GPRs upon entry from 32-bit code")
Coverity-IDs: 1596289 thru 1596298
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
--- a/xen/arch/x86/include/asm/hvm/hvm.h
+++ b/xen/arch/x86/include/asm/hvm/hvm.h
@@ -585,16 +585,16 @@ static inline void hvm_sanitize_regs_fie
if ( compat )
{
/* Clear GPR upper halves, to counteract guests playing games. */
- regs->rbp = (uint32_t)regs->ebp;
- regs->rbx = (uint32_t)regs->ebx;
- regs->rax = (uint32_t)regs->eax;
- regs->rcx = (uint32_t)regs->ecx;
- regs->rdx = (uint32_t)regs->edx;
- regs->rsi = (uint32_t)regs->esi;
- regs->rdi = (uint32_t)regs->edi;
- regs->rip = (uint32_t)regs->eip;
- regs->rflags = (uint32_t)regs->eflags;
- regs->rsp = (uint32_t)regs->esp;
+ regs->rbp = (uint32_t)regs->rbp;
+ regs->rbx = (uint32_t)regs->rbx;
+ regs->rax = (uint32_t)regs->rax;
+ regs->rcx = (uint32_t)regs->rcx;
+ regs->rdx = (uint32_t)regs->rdx;
+ regs->rsi = (uint32_t)regs->rsi;
+ regs->rdi = (uint32_t)regs->rdi;
+ regs->rip = (uint32_t)regs->rip;
+ regs->rflags = (uint32_t)regs->rflags;
+ regs->rsp = (uint32_t)regs->rsp;
}
#ifndef NDEBUG

View File

@ -0,0 +1,30 @@
# Commit 303d3ff85c90ee4af4bad4e3b1d4932fa2634d64
# Date 2024-07-30 11:55:56 +0200
# Author Ross Lagerwall <ross.lagerwall@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
bunzip2: fix rare decompression failure
The decompression code parses a huffman tree and counts the number of
symbols for a given bit length. In rare cases, there may be >= 256
symbols with a given bit length, causing the unsigned char to overflow.
This causes a decompression failure later when the code tries and fails to
find the bit length for a given symbol.
Since the maximum number of symbols is 258, use unsigned short instead.
Fixes: ab77e81f6521 ("x86/dom0: support bzip2 and lzma compressed bzImage payloads")
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/bunzip2.c
+++ b/xen/common/bunzip2.c
@@ -221,7 +221,8 @@ static int __init get_next_block(struct
RUNB) */
symCount = symTotal+2;
for (j = 0; j < groupCount; j++) {
- unsigned char length[MAX_SYMBOLS], temp[MAX_HUFCODE_BITS+1];
+ unsigned char length[MAX_SYMBOLS];
+ unsigned short temp[MAX_HUFCODE_BITS+1];
int minLen, maxLen, pp;
/* Read Huffman code lengths for each symbol. They're
stored in a way similar to mtf; record a starting

View File

@ -0,0 +1,99 @@
Subject: x86/IOMMU: move tracking in iommu_identity_mapping()
From: Teddy Astie teddy.astie@vates.tech Tue Aug 13 16:36:40 2024 +0200
Date: Tue Aug 13 16:36:40 2024 +0200:
Git: beadd68b5490ada053d72f8a9ce6fd696d626596
If for some reason xmalloc() fails after having mapped the reserved
regions, an error is reported, but the regions remain mapped in the P2M.
Similarly if an error occurs during set_identity_p2m_entry() (except on
the first call), the partial mappings of the region would be retained
without being tracked anywhere, and hence without there being a way to
remove them again from the domain's P2M.
Move the setting up of the list entry ahead of trying to map the region.
In cases other than the first mapping failing, keep record of the full
region, such that a subsequent unmapping request can be properly torn
down.
To compensate for the potentially excess unmapping requests, don't log a
warning from p2m_remove_identity_entry() when there really was nothing
mapped at a given GFN.
This is XSA-460 / CVE-2024-31145.
Fixes: 2201b67b9128 ("VT-d: improve RMRR region handling")
Fixes: c0e19d7c6c42 ("IOMMU: generalize VT-d's tracking of mapped RMRR regions")
Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index e7e327d6a6..1739133fc2 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -1267,9 +1267,11 @@ int p2m_remove_identity_entry(struct domain *d, unsigned long gfn_l)
else
{
gfn_unlock(p2m, gfn, 0);
- printk(XENLOG_G_WARNING
- "non-identity map d%d:%lx not cleared (mapped to %lx)\n",
- d->domain_id, gfn_l, mfn_x(mfn));
+ if ( (p2mt != p2m_invalid && p2mt != p2m_mmio_dm) ||
+ a != p2m_access_n || !mfn_eq(mfn, INVALID_MFN) )
+ printk(XENLOG_G_WARNING
+ "non-identity map %pd:%lx not cleared (mapped to %lx)\n",
+ d, gfn_l, mfn_x(mfn));
ret = 0;
}
diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c
index cc0062b027..8b1e0596b8 100644
--- a/xen/drivers/passthrough/x86/iommu.c
+++ b/xen/drivers/passthrough/x86/iommu.c
@@ -267,24 +267,36 @@ int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma,
if ( p2ma == p2m_access_x )
return -ENOENT;
- while ( base_pfn < end_pfn )
- {
- int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag);
-
- if ( err )
- return err;
- base_pfn++;
- }
-
map = xmalloc(struct identity_map);
if ( !map )
return -ENOMEM;
+
map->base = base;
map->end = end;
map->access = p2ma;
map->count = 1;
+
+ /*
+ * Insert into list ahead of mapping, so the range can be found when
+ * trying to clean up.
+ */
list_add_tail(&map->list, &hd->arch.identity_maps);
+ for ( ; base_pfn < end_pfn; ++base_pfn )
+ {
+ int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag);
+
+ if ( !err )
+ continue;
+
+ if ( (map->base >> PAGE_SHIFT_4K) == base_pfn )
+ {
+ list_del(&map->list);
+ xfree(map);
+ }
+ return err;
+ }
+
return 0;
}

View File

@ -0,0 +1,31 @@
Subject: x86/pass-through: documents as security-unsupported when sharing resources
From: Jan Beulich jbeulich@suse.com Tue Aug 13 16:37:25 2024 +0200
Date: Tue Aug 13 16:37:25 2024 +0200:
Git: 9c94eda1e3790820699a6de3f6a7c959ecf30600
When multiple devices share resources and one of them is to be passed
through to a guest, security of the entire system and of respective
guests individually cannot really be guaranteed without knowing
internals of any of the involved guests. Therefore such a configuration
cannot really be security-supported, yet making that explicit was so far
missing.
This is XSA-461 / CVE-2024-31146.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -841,6 +841,11 @@ This feature is not security supported:
Only systems using IOMMUs are supported.
+Passing through of devices sharing resources with another device is not
+security supported. Such sharing could e.g. be the same line interrupt being
+used by multiple devices, one of which is to be passed through, or two such
+devices having memory BARs within the same 4k page.
+
Not compatible with migration, populate-on-demand, altp2m,
introspection, memory sharing, or memory paging.

View File

@ -0,0 +1,127 @@
# Commit fb1658221a31ec1db33253a80001191391e73b17
# Date 2024-08-28 19:59:07 +0100
# Author Roger Pau Monne <roger.pau@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/dom0: disable SMAP for PV domain building only
Move the logic that disables SMAP so it's only performed when building a PV
dom0, PVH dom0 builder doesn't require disabling SMAP.
The fixes tag is to account for the wrong usage of cpu_has_smap in
create_dom0(), it should instead have used
boot_cpu_has(X86_FEATURE_XEN_SMAP). Fix while moving the logic to apply to PV
only.
While there also make cr4_pv32_mask __ro_after_init.
Fixes: 493ab190e5b1 ('xen/sm{e, a}p: allow disabling sm{e, a}p for Xen itself')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/include/asm/setup.h
+++ b/xen/arch/x86/include/asm/setup.h
@@ -64,6 +64,8 @@ extern bool opt_dom0_verbose;
extern bool opt_dom0_cpuid_faulting;
extern bool opt_dom0_msr_relaxed;
+extern unsigned long cr4_pv32_mask;
+
#define max_init_domid (0)
#endif
--- a/xen/arch/x86/pv/dom0_build.c
+++ b/xen/arch/x86/pv/dom0_build.c
@@ -354,11 +354,11 @@ static struct page_info * __init alloc_c
return page;
}
-int __init dom0_construct_pv(struct domain *d,
- const module_t *image,
- unsigned long image_headroom,
- module_t *initrd,
- const char *cmdline)
+static int __init dom0_construct(struct domain *d,
+ const module_t *image,
+ unsigned long image_headroom,
+ module_t *initrd,
+ const char *cmdline)
{
int i, rc, order, machine;
bool compatible, compat;
@@ -1048,6 +1048,36 @@ out:
return rc;
}
+
+int __init dom0_construct_pv(struct domain *d,
+ const module_t *image,
+ unsigned long image_headroom,
+ module_t *initrd,
+ const char *cmdline)
+{
+ int rc;
+
+ /*
+ * Clear SMAP in CR4 to allow user-accesses in construct_dom0(). This
+ * prevents us needing to rewrite construct_dom0() in terms of
+ * copy_{to,from}_user().
+ */
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
+ {
+ cr4_pv32_mask &= ~X86_CR4_SMAP;
+ write_cr4(read_cr4() & ~X86_CR4_SMAP);
+ }
+
+ rc = dom0_construct(d, image, image_headroom, initrd, cmdline);
+
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
+ {
+ write_cr4(read_cr4() | X86_CR4_SMAP);
+ cr4_pv32_mask |= X86_CR4_SMAP;
+ }
+
+ return rc;
+}
/*
* Local variables:
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -79,8 +79,7 @@ bool __read_mostly use_invpcid;
int8_t __initdata opt_probe_port_aliases = -1;
boolean_param("probe-port-aliases", opt_probe_port_aliases);
-/* Only used in asm code and within this source file */
-unsigned long asmlinkage __read_mostly cr4_pv32_mask;
+unsigned long __ro_after_init cr4_pv32_mask;
/* **** Linux config option: propagated to domain0. */
/* "acpi=off": Sisables both ACPI table parsing and interpreter. */
@@ -955,26 +954,9 @@ static struct domain *__init create_dom0
}
}
- /*
- * Temporarily clear SMAP in CR4 to allow user-accesses in construct_dom0().
- * This saves a large number of corner cases interactions with
- * copy_from_user().
- */
- if ( cpu_has_smap )
- {
- cr4_pv32_mask &= ~X86_CR4_SMAP;
- write_cr4(read_cr4() & ~X86_CR4_SMAP);
- }
-
if ( construct_dom0(d, image, headroom, initrd, cmdline) != 0 )
panic("Could not construct domain 0\n");
- if ( cpu_has_smap )
- {
- write_cr4(read_cr4() | X86_CR4_SMAP);
- cr4_pv32_mask |= X86_CR4_SMAP;
- }
-
return d;
}

View File

@ -0,0 +1,49 @@
Subject: Arm64: adjust __irq_to_desc() to fix build with gcc14
From: Jan Beulich jbeulich@suse.com Thu Aug 29 10:03:53 2024 +0200
Date: Thu Aug 29 10:03:53 2024 +0200:
Git: 99f942f3d410059dc223ee0a908827e928ef3592
With the original code I observe
In function __irq_to_desc,
inlined from route_irq_to_guest at arch/arm/irq.c:465:12:
arch/arm/irq.c:54:16: error: array subscript -2 is below array bounds of irq_desc_t[32] {aka struct irq_desc[32]} [-Werror=array-bounds=]
54 | return &this_cpu(local_irq_desc)[irq];
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
which looks pretty bogus: How in the world does the compiler arrive at
-2 when compiling route_irq_to_guest()? Yet independent of that the
function's parameter wants to be of unsigned type anyway, as shown by
a vast majority of callers (others use plain int when they really mean
non-negative quantities). With that adjustment the code compiles fine
again.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Michal Orzel <michal.orzel@amd.com>
diff --git a/xen/arch/arm/include/asm/irq.h b/xen/arch/arm/include/asm/irq.h
index ec437add09..88e060bf29 100644
--- a/xen/arch/arm/include/asm/irq.h
+++ b/xen/arch/arm/include/asm/irq.h
@@ -56,7 +56,7 @@ extern const unsigned int nr_irqs;
struct irq_desc;
struct irqaction;
-struct irq_desc *__irq_to_desc(int irq);
+struct irq_desc *__irq_to_desc(unsigned int irq);
#define irq_to_desc(irq) __irq_to_desc(irq)
diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c
index 6b89f64fd1..b9757d7ad3 100644
--- a/xen/arch/arm/irq.c
+++ b/xen/arch/arm/irq.c
@@ -48,7 +48,7 @@ void irq_end_none(struct irq_desc *irq)
static irq_desc_t irq_desc[NR_IRQS];
static DEFINE_PER_CPU(irq_desc_t[NR_LOCAL_IRQS], local_irq_desc);
-struct irq_desc *__irq_to_desc(int irq)
+struct irq_desc *__irq_to_desc(unsigned int irq)
{
if ( irq < NR_LOCAL_IRQS )
return &this_cpu(local_irq_desc)[irq];

View File

@ -0,0 +1,84 @@
# Commit bb03169bcb6ecccf372de1f6b9285cd519a26bb8
# Date 2024-09-03 10:53:44 +0100
# Author Javi Merino <javi.merino@cloud.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
libxl: Fix nul-termination of the return value of libxl_xen_console_read_line()
When built with ASAN, "xl dmesg" crashes in the "printf("%s", line)"
call in main_dmesg(). ASAN reports a heap buffer overflow: an
off-by-one access to cr->buffer.
The readconsole sysctl copies up to count characters into the buffer,
but it does not add a null character at the end. Despite the
documentation of libxl_xen_console_read_line(), line_r is not
nul-terminated if 16384 characters were copied to the buffer.
Fix this by asking xc_readconsolering() to fill the buffer up to size
- 1. As the number of characters in the buffer is only needed in
libxl_xen_console_read_line(), make it a local variable there instead
of part of the libxl__xen_console_reader struct.
Fixes: 4024bae739cc ("xl: Add subcommand 'xl dmesg'")
Reported-by: Edwin Török <edwin.torok@cloud.com>
Signed-off-by: Javi Merino <javi.merino@cloud.com>
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
--- a/tools/libs/light/libxl_console.c
+++ b/tools/libs/light/libxl_console.c
@@ -774,12 +774,17 @@ libxl_xen_console_reader *
{
GC_INIT(ctx);
libxl_xen_console_reader *cr;
- unsigned int size = 16384;
+ /*
+ * We want xen to fill the buffer in as few hypercalls as
+ * possible, but xen will not nul-terminate it. The default size
+ * of Xen's console buffer is 16384. Leave one byte at the end
+ * for the null character.
+ */
+ unsigned int size = 16384 + 1;
cr = libxl__zalloc(NOGC, sizeof(libxl_xen_console_reader));
cr->buffer = libxl__zalloc(NOGC, size);
cr->size = size;
- cr->count = size;
cr->clear = clear;
cr->incremental = 1;
@@ -800,10 +805,16 @@ int libxl_xen_console_read_line(libxl_ct
char **line_r)
{
int ret;
+ /*
+ * Number of chars to copy into the buffer. xc_readconsolering()
+ * does not add a null character at the end, so leave a space for
+ * us to add it.
+ */
+ unsigned int nr_chars = cr->size - 1;
GC_INIT(ctx);
memset(cr->buffer, 0, cr->size);
- ret = xc_readconsolering(ctx->xch, cr->buffer, &cr->count,
+ ret = xc_readconsolering(ctx->xch, cr->buffer, &nr_chars,
cr->clear, cr->incremental, &cr->index);
if (ret < 0) {
LOGE(ERROR, "reading console ring buffer");
@@ -811,7 +822,7 @@ int libxl_xen_console_read_line(libxl_ct
return ERROR_FAIL;
}
if (!ret) {
- if (cr->count) {
+ if (nr_chars) {
*line_r = cr->buffer;
ret = 1;
} else {
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -2077,7 +2077,6 @@ _hidden char *libxl__uuid2string(libxl__
struct libxl__xen_console_reader {
char *buffer;
unsigned int size;
- unsigned int count;
unsigned int clear;
unsigned int incremental;
unsigned int index;

View File

@ -0,0 +1,54 @@
# Commit d7c18b8720824d7efc39ffa7296751e1812865a9
# Date 2024-09-04 16:05:03 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
SUPPORT.md: split XSM from Flask
XSM is a generic framework, which in particular is also used by SILO.
With this it can't really be experimental: Arm mandates SILO for having
a security supported configuration.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
--- a/SUPPORT.md
+++ b/SUPPORT.md
@@ -768,13 +768,21 @@ Compile time disabled for ARM by default
Status, x86: Supported, not security supported
-### XSM & FLASK
+### XSM (Xen Security Module) Framework
+
+XSM is a security policy framework. The dummy implementation is covered by this
+statement, and implements a policy whereby dom0 is all powerful. See below for
+alternative modules (FLASK, SILO).
+
+ Status: Supported
+
+### FLASK XSM Module
Status: Experimental
Compile time disabled by default.
-Also note that using XSM
+Also note that using FLASK
to delegate various domain control hypercalls
to particular other domains, rather than only permitting use by dom0,
is also specifically excluded from security support for many hypercalls.
@@ -787,6 +795,13 @@ Please see XSA-77 for more details.
The default policy includes FLASK labels and roles for a "typical" Xen-based system
with dom0, driver domains, stub domains, domUs, and so on.
+### SILO XSM Module
+
+SILO extends the dummy policy by enforcing that DomU-s can only communicate
+with Dom0, yet not with each other.
+
+ Status: Supported
+
## Virtual Hardware, Hypervisor
### x86/Nested PV

View File

@ -0,0 +1,36 @@
# Commit eb7cd0593d88c4b967a24bca8bd30591966676cd
# Date 2024-09-12 09:13:04 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/HVM: properly reject "indirect" VRAM writes
While ->count will only be different from 1 for "indirect" (data in
guest memory) accesses, it being 1 does not exclude the request being an
"indirect" one. Check both to be on the safe side, and bring the ->count
part also in line with what ioreq_send_buffered() actually refuses to
handle.
Fixes: 3bbaaec09b1b ("x86/hvm: unify stdvga mmio intercept with standard mmio intercept")
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/stdvga.c
+++ b/xen/arch/x86/hvm/stdvga.c
@@ -530,14 +530,14 @@ static bool cf_check stdvga_mem_accept(
spin_lock(&s->lock);
- if ( p->dir == IOREQ_WRITE && p->count > 1 )
+ if ( p->dir == IOREQ_WRITE && (p->data_is_ptr || p->count != 1) )
{
/*
* We cannot return X86EMUL_UNHANDLEABLE on anything other then the
* first cycle of an I/O. So, since we cannot guarantee to always be
* able to send buffered writes, we have to reject any multi-cycle
- * I/O and, since we are rejecting an I/O, we must invalidate the
- * cache.
+ * or "indirect" I/O and, since we are rejecting an I/O, we must
+ * invalidate the cache.
* Single-cycle write transactions are accepted even if the cache is
* not active since we can assert, when in stdvga mode, that writes
* to VRAM have no side effect and thus we can try to buffer them.

View File

@ -0,0 +1,52 @@
# Commit a8bf14f6f331d4f428010b4277b67c33f561ed19
# Date 2024-09-13 15:23:30 +0100
# Author Demi Marie Obenour <demi@invisiblethingslab.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
xen/ucode: Fix buffer under-run when parsing AMD containers
The AMD container format has no formal spec. It is, at best, precision
guesswork based on AMD's prior contributions to open source projects. The
Equivalence Table has both an explicit length, and an expectation of having a
NULL entry at the end.
Xen was sanity checking the NULL entry, but without confirming that an entry
was present, resulting in a read off the front of the buffer. With some
manual debugging/annotations this manifests as:
(XEN) *** Buf ffff83204c00b19c, eq ffff83204c00b194
(XEN) *** eq: 0c 00 00 00 44 4d 41 00 00 00 00 00 00 00 00 00 aa aa aa aa
^-Actual buffer-------------------^
(XEN) *** installed_cpu: 000c
(XEN) microcode: Bad equivalent cpu table
(XEN) Parsing microcode blob error -22
When loaded by hypercall, the 4 bytes interpreted as installed_cpu happen to
be the containing struct ucode_buf's len field, and luckily will be nonzero.
When loaded at boot, it's possible for the access to #PF if the module happens
to have been placed on a 2M boundary by the bootloader. Under Linux, it will
commonly be the end of the CPIO header.
Drop the probe of the NULL entry; Nothing else cares. A container without one
is well formed, insofar that we can still parse it correctly. With this
dropped, the same container results in:
(XEN) microcode: couldn't find any matching ucode in the provided blob!
Fixes: 4de936a38aa9 ("x86/ucode/amd: Rework parsing logic in cpu_request_microcode()")
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/cpu/microcode/amd.c
+++ b/xen/arch/x86/cpu/microcode/amd.c
@@ -336,8 +336,7 @@ static struct microcode_patch *cf_check
if ( size < sizeof(*et) ||
(et = buf)->type != UCODE_EQUIV_CPU_TABLE_TYPE ||
size - sizeof(*et) < et->len ||
- et->len % sizeof(et->eq[0]) ||
- et->eq[(et->len / sizeof(et->eq[0])) - 1].installed_cpu )
+ et->len % sizeof(et->eq[0]) )
{
printk(XENLOG_ERR "microcode: Bad equivalent cpu table\n");
error = -EINVAL;

View File

@ -1,12 +1,15 @@
From: Jan Beulich <jbeulich@suse.com>
Subject: x86/vLAPIC: prevent undue recursion of vlapic_error()
# Commit c42d9ec61f6d11e25fa77bd44dd11dad1edda268
# Date 2024-09-24 14:23:29 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/vLAPIC: prevent undue recursion of vlapic_error()
With the error vector set to an illegal value, the function invoking
vlapic_set_irq() would bring execution back here, with the non-recursive
lock already held. Avoid the call in this case, merely further updating
ESR (if necessary).
This is XSA-462.
This is XSA-462 / CVE-2024-45817.
Fixes: 5f32d186a8b1 ("x86/vlapic: don't silently accept bad vectors")
Reported-by: Federico Serafini <federico.serafini@bugseng.com>
@ -17,7 +20,7 @@ Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c
@@ -113,9 +113,24 @@ static void vlapic_error(struct vlapic *
@@ -112,9 +112,24 @@ static void vlapic_error(struct vlapic *
if ( (esr & errmask) != errmask )
{
uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR);

View File

@ -0,0 +1,33 @@
# Commit 8752ad83e79754f8109457cff796e5f86f644348
# Date 2024-09-24 18:57:38 +0100
# Author Demi Marie Obenour <demi@invisiblethingslab.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
xen/ucode: Make Intel's microcode_sanity_check() stricter
The SDM states that data size must be a multiple of 4, but Xen doesn't check
this propery.
This is liable to cause a later failures, but should be checked explicitly.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/cpu/microcode/intel.c
+++ b/xen/arch/x86/cpu/microcode/intel.c
@@ -155,10 +155,13 @@ static int microcode_sanity_check(const
uint32_t sum;
/*
- * Total size must be a multiple of 1024 bytes. Data size and the header
- * must fit within it.
+ * The SDM states:
+ * - Data size must be a multiple of 4.
+ * - Total size must be a multiple of 1024 bytes. Data size and the
+ * header must fit within it.
*/
if ( (total_size & 1023) ||
+ (data_size & 3) ||
data_size > (total_size - MC_HEADER_SIZE) )
{
printk(XENLOG_WARNING "microcode: Bad size\n");

View File

@ -1,50 +0,0 @@
Index: xen-4.18.0-testing/tools/misc/xencov_split
===================================================================
--- xen-4.18.0-testing.orig/tools/misc/xencov_split
+++ xen-4.18.0-testing/tools/misc/xencov_split
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
from __future__ import print_function
from builtins import str
Index: xen-4.18.0-testing/tools/python/scripts/convert-legacy-stream
===================================================================
--- xen-4.18.0-testing.orig/tools/python/scripts/convert-legacy-stream
+++ xen-4.18.0-testing/tools/python/scripts/convert-legacy-stream
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/scripts/verify-stream-v2
===================================================================
--- xen-4.18.0-testing.orig/tools/python/scripts/verify-stream-v2
+++ xen-4.18.0-testing/tools/python/scripts/verify-stream-v2
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
""" Verify a v2 format migration stream """
Index: xen-4.18.0-testing/tools/xenmon/xenmon.py
===================================================================
--- xen-4.18.0-testing.orig/tools/xenmon/xenmon.py
+++ xen-4.18.0-testing/tools/xenmon/xenmon.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
#####################################################################
# xenmon is a front-end for xenbaked.
Index: xen-4.18.0-testing/tools/xentrace/xentrace_format
===================================================================
--- xen-4.18.0-testing.orig/tools/xentrace/xentrace_format
+++ xen-4.18.0-testing/tools/xentrace/xentrace_format
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
# by Mark Williamson, (C) 2004 Intel Research Cambridge

View File

@ -1,7 +1,7 @@
Index: xen-4.18.3-testing/Config.mk
Index: xen-4.19.0-testing/Config.mk
===================================================================
--- xen-4.18.3-testing.orig/Config.mk
+++ xen-4.18.3-testing/Config.mk
--- xen-4.19.0-testing.orig/Config.mk
+++ xen-4.19.0-testing/Config.mk
@@ -77,7 +77,7 @@ EXTRA_INCLUDES += $(EXTRA_PREFIX)/includ
EXTRA_LIB += $(EXTRA_PREFIX)/lib
endif
@ -11,47 +11,34 @@ Index: xen-4.18.3-testing/Config.mk
PYTHON_PREFIX_ARG ?= --prefix="$(prefix)"
# The above requires that prefix contains *no spaces*. This variable is here
# to permit the user to set PYTHON_PREFIX_ARG to '' to workaround this bug:
Index: xen-4.18.3-testing/tools/configure
Index: xen-4.19.0-testing/tools/configure
===================================================================
--- xen-4.18.3-testing.orig/tools/configure
+++ xen-4.18.3-testing/tools/configure
@@ -7382,15 +7382,15 @@ if test x"${PYTHONPATH}" = x"no"
--- xen-4.19.0-testing.orig/tools/configure
+++ xen-4.19.0-testing/tools/configure
@@ -8297,15 +8297,15 @@ if test x"${PYTHONPATH}" = x"no"
then
as_fn_error $? "Unable to find $PYTHON, please install $PYTHON" "$LINENO" 5
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for python version >= 2.6 " >&5
-$as_echo_n "checking for python version >= 2.6 ... " >&6; }
-`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (2, 6)"))'`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for python3 version >= 3.0 " >&5
+$as_echo_n "checking for python3 version >= 3.0 ... " >&6; }
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python version >= 2.7 " >&5
-printf %s "checking for python version >= 2.7 ... " >&6; }
-`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (2, 7)"))'`
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for python version >= 3.0 " >&5
+printf %s "checking for python version >= 3.0 ... " >&6; }
+`$PYTHON -c 'import sys; sys.exit(eval("sys.version_info < (3, 0)"))'`
if test "$?" != "0"
then
python_version=`$PYTHON -V 2>&1`
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
- as_fn_error $? "$python_version is too old, minimum required version is 2.6" "$LINENO" 5
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
printf "%s\n" "no" >&6; }
- as_fn_error $? "$python_version is too old, minimum required version is 2.7" "$LINENO" 5
+ as_fn_error $? "$python_version is too old, minimum required version is 3.0" "$LINENO" 5
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
Index: xen-4.18.3-testing/tools/configure.ac
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
printf "%s\n" "yes" >&6; }
Index: xen-4.19.0-testing/tools/libs/light/idl.py
===================================================================
--- xen-4.18.3-testing.orig/tools/configure.ac
+++ xen-4.18.3-testing/tools/configure.ac
@@ -385,7 +385,7 @@ PYTHONPATH=$PYTHON
PYTHON=`basename $PYTHONPATH`
AX_PATH_PROG_OR_FAIL([PYTHONPATH], [$PYTHON])
-AX_CHECK_PYTHON_VERSION([2], [6])
+AX_CHECK_PYTHON_VERSION([3], [0])
AS_IF([test "$cross_compiling" != yes], [
AX_CHECK_PYTHON_DEVEL()
Index: xen-4.18.3-testing/tools/libs/light/idl.py
===================================================================
--- xen-4.18.3-testing.orig/tools/libs/light/idl.py
+++ xen-4.18.3-testing/tools/libs/light/idl.py
--- xen-4.19.0-testing.orig/tools/libs/light/idl.py
+++ xen-4.19.0-testing/tools/libs/light/idl.py
@@ -271,7 +271,7 @@ class KeyedUnion(Aggregate):
if not isinstance(keyvar_type, Enumeration):
raise ValueError
@ -79,80 +66,80 @@ Index: xen-4.18.3-testing/tools/libs/light/idl.py
if isinstance(t, Type):
globs[n] = t
elif isinstance(t,type(object)) and issubclass(t, Type):
Index: xen-4.18.3-testing/tools/libs/light/gentest.py
Index: xen-4.19.0-testing/tools/libs/light/gentest.py
===================================================================
--- xen-4.18.3-testing.orig/tools/libs/light/gentest.py
+++ xen-4.18.3-testing/tools/libs/light/gentest.py
--- xen-4.19.0-testing.orig/tools/libs/light/gentest.py
+++ xen-4.19.0-testing/tools/libs/light/gentest.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
from __future__ import print_function
Index: xen-4.18.3-testing/tools/libs/light/gentypes.py
Index: xen-4.19.0-testing/tools/libs/light/gentypes.py
===================================================================
--- xen-4.18.3-testing.orig/tools/libs/light/gentypes.py
+++ xen-4.18.3-testing/tools/libs/light/gentypes.py
--- xen-4.19.0-testing.orig/tools/libs/light/gentypes.py
+++ xen-4.19.0-testing/tools/libs/light/gentypes.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
from __future__ import print_function
Index: xen-4.18.3-testing/tools/include/xen-foreign/mkheader.py
Index: xen-4.19.0-testing/tools/include/xen-foreign/mkheader.py
===================================================================
--- xen-4.18.3-testing.orig/tools/include/xen-foreign/mkheader.py
+++ xen-4.18.3-testing/tools/include/xen-foreign/mkheader.py
--- xen-4.19.0-testing.orig/tools/include/xen-foreign/mkheader.py
+++ xen-4.19.0-testing/tools/include/xen-foreign/mkheader.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
from __future__ import print_function
Index: xen-4.18.3-testing/tools/include/xen-foreign/mkchecker.py
Index: xen-4.19.0-testing/tools/include/xen-foreign/mkchecker.py
===================================================================
--- xen-4.18.3-testing.orig/tools/include/xen-foreign/mkchecker.py
+++ xen-4.18.3-testing/tools/include/xen-foreign/mkchecker.py
--- xen-4.19.0-testing.orig/tools/include/xen-foreign/mkchecker.py
+++ xen-4.19.0-testing/tools/include/xen-foreign/mkchecker.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/python3
import sys;
from structs import structs, compat_arches;
Index: xen-4.18.3-testing/xen/tools/gen-cpuid.py
Index: xen-4.19.0-testing/xen/tools/gen-cpuid.py
===================================================================
--- xen-4.18.3-testing.orig/xen/tools/gen-cpuid.py
+++ xen-4.18.3-testing/xen/tools/gen-cpuid.py
--- xen-4.19.0-testing.orig/xen/tools/gen-cpuid.py
+++ xen-4.19.0-testing/xen/tools/gen-cpuid.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
import sys, os, re
Index: xen-4.18.3-testing/xen/tools/compat-build-source.py
Index: xen-4.19.0-testing/xen/tools/compat-build-source.py
===================================================================
--- xen-4.18.3-testing.orig/xen/tools/compat-build-source.py
+++ xen-4.18.3-testing/xen/tools/compat-build-source.py
--- xen-4.19.0-testing.orig/xen/tools/compat-build-source.py
+++ xen-4.19.0-testing/xen/tools/compat-build-source.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
import re,sys
Index: xen-4.18.3-testing/xen/tools/compat-build-header.py
Index: xen-4.19.0-testing/xen/tools/compat-build-header.py
===================================================================
--- xen-4.18.3-testing.orig/xen/tools/compat-build-header.py
+++ xen-4.18.3-testing/xen/tools/compat-build-header.py
--- xen-4.19.0-testing.orig/xen/tools/compat-build-header.py
+++ xen-4.19.0-testing/xen/tools/compat-build-header.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
import re,sys
Index: xen-4.18.3-testing/tools/misc/xensymoops
Index: xen-4.19.0-testing/tools/misc/xensymoops
===================================================================
--- xen-4.18.3-testing.orig/tools/misc/xensymoops
+++ xen-4.18.3-testing/tools/misc/xensymoops
--- xen-4.19.0-testing.orig/tools/misc/xensymoops
+++ xen-4.19.0-testing/tools/misc/xensymoops
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3

View File

@ -14,10 +14,10 @@ Compiling against gcc14.
| ^~~~~
Index: xen-4.18.2-testing/stubdom/Makefile
Index: xen-4.19.0-testing/stubdom/Makefile
===================================================================
--- xen-4.18.2-testing.orig/stubdom/Makefile
+++ xen-4.18.2-testing/stubdom/Makefile
--- xen-4.19.0-testing.orig/stubdom/Makefile
+++ xen-4.19.0-testing/stubdom/Makefile
@@ -97,6 +97,7 @@ newlib-$(NEWLIB_VERSION): newlib-$(NEWLI
patch -d $@ -p1 < newlib-disable-texinfo.patch
patch -d $@ -p1 < newlib-cygmon-gmon.patch
@ -26,10 +26,10 @@ Index: xen-4.18.2-testing/stubdom/Makefile
find $@ -type f | xargs perl -i.bak \
-pe 's/\b_(tzname|daylight|timezone)\b/$$1/g'
touch $@
Index: xen-4.18.2-testing/stubdom/newlib-gcc14-pragmas.patch
Index: xen-4.19.0-testing/stubdom/newlib-gcc14-pragmas.patch
===================================================================
--- /dev/null
+++ xen-4.18.2-testing/stubdom/newlib-gcc14-pragmas.patch
+++ xen-4.19.0-testing/stubdom/newlib-gcc14-pragmas.patch
@@ -0,0 +1,36 @@
+--- newlib-1.16.0/newlib/libc/stdlib/wcstoull.c.orig 2024-06-04 15:32:01.495146632 -0600
++++ newlib-1.16.0/newlib/libc/stdlib/wcstoull.c 2024-06-04 15:38:56.627156524 -0600
@ -67,15 +67,3 @@ Index: xen-4.18.2-testing/stubdom/newlib-gcc14-pragmas.patch
+ DEFUN(copy_past_newline,(ptr, idx, dst),
+ string_type *ptr AND
+ unsigned int idx AND
--- xen-4.18.2-testing/extras/mini-os-remote/include/posix/sys/mman.h.orig 2024-06-04 16:27:35.155226069 -0600
+++ xen-4.18.2-testing/extras/mini-os-remote/include/posix/sys/mman.h 2024-06-04 16:31:46.591232060 -0600
@@ -16,7 +16,7 @@
void *mmap(void *start, size_t length, int prot, int flags, int fd, off_t offset) asm("mmap64");
int munmap(void *start, size_t length);
-static inline mlock(const void *addr, size_t len) { return 0; }
-static inline munlock(const void *addr, size_t len) { return 0; }
+static inline int mlock(const void *addr, size_t len) { return 0; }
+static inline int munlock(const void *addr, size_t len) { return 0; }
#endif /* _POSIX_SYS_MMAN_H */

View File

@ -20,7 +20,7 @@ Acked-by: Christian Lindig <christian.lindig@citrix.com>
--- a/tools/include/libxl.h
+++ b/tools/include/libxl.h
@@ -1811,13 +1811,28 @@ static inline int libxl_retrieve_domain_
@@ -1850,13 +1850,28 @@ static inline int libxl_retrieve_domain_
libxl_retrieve_domain_configuration_0x041200
#endif

View File

@ -53,7 +53,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
=item B<remus> [I<OPTIONS>] I<domain-id> I<host>
--- a/tools/include/libxl.h
+++ b/tools/include/libxl.h
@@ -1824,6 +1824,7 @@ typedef struct {
@@ -1863,6 +1863,7 @@ typedef struct {
} libxl_domain_suspend_suse_properties;
#define LIBXL_SUSPEND_DEBUG 1
#define LIBXL_SUSPEND_LIVE 2
@ -93,7 +93,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -3655,9 +3655,11 @@ struct libxl__domain_save_state {
@@ -3652,9 +3652,11 @@ struct libxl__domain_save_state {
libxl_domain_type type;
int live;
int debug;

View File

@ -46,7 +46,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
=item B<remus> [I<OPTIONS>] I<domain-id> I<host>
--- a/tools/include/libxl.h
+++ b/tools/include/libxl.h
@@ -1819,6 +1819,7 @@ static inline int libxl_retrieve_domain_
@@ -1858,6 +1858,7 @@ static inline int libxl_retrieve_domain_
typedef struct {
uint32_t flags; /* LIBXL_SUSPEND_* */
@ -77,7 +77,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -3656,6 +3656,7 @@ struct libxl__domain_save_state {
@@ -3653,6 +3653,7 @@ struct libxl__domain_save_state {
int live;
int debug;
int checkpointed_stream;

View File

@ -51,7 +51,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
=item B<remus> [I<OPTIONS>] I<domain-id> I<host>
--- a/tools/include/libxl.h
+++ b/tools/include/libxl.h
@@ -1820,6 +1820,7 @@ static inline int libxl_retrieve_domain_
@@ -1859,6 +1859,7 @@ static inline int libxl_retrieve_domain_
typedef struct {
uint32_t flags; /* LIBXL_SUSPEND_* */
uint32_t max_iters;
@ -82,7 +82,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -3657,6 +3657,7 @@ struct libxl__domain_save_state {
@@ -3654,6 +3654,7 @@ struct libxl__domain_save_state {
int debug;
int checkpointed_stream;
uint32_t max_iters;

View File

@ -13,7 +13,7 @@ iterations for dirty memory, and a final copy iteration prior move.
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -124,7 +124,7 @@
@@ -125,7 +125,7 @@
#define DOMID_XS_PATH "domid"
#define PVSHIM_BASENAME "xen-shim"
#define PVSHIM_CMDLINE "pv-shim console=xen,pv"
@ -21,4 +21,4 @@ iterations for dirty memory, and a final copy iteration prior move.
+#define LIBXL_XGS_POLICY_MAX_ITERATIONS 1
#define LIBXL_XGS_POLICY_TARGET_DIRTY_COUNT 50
/* Size macros. */
#define DIV_ROUNDUP(n, d) (((n) + (d) - 1) / (d))

View File

@ -60,15 +60,15 @@ v02:
dss->sws.dss = dss;
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -124,6 +124,8 @@
@@ -125,6 +125,8 @@
#define DOMID_XS_PATH "domid"
#define PVSHIM_BASENAME "xen-shim"
#define PVSHIM_CMDLINE "pv-shim console=xen,pv"
+#define LIBXL_XGS_POLICY_MAX_ITERATIONS 5
+#define LIBXL_XGS_POLICY_TARGET_DIRTY_COUNT 50
/* Size macros. */
#define MB(_mb) (_AC(_mb, ULL) << 20)
#define DIV_ROUNDUP(n, d) (((n) + (d) - 1) / (d))
--- a/tools/libs/light/libxl_save_msgs_gen.pl
+++ b/tools/libs/light/libxl_save_msgs_gen.pl
@@ -23,6 +23,7 @@ our @msgs = (

View File

@ -93,7 +93,7 @@ v2:
struct iovec *local_iov = NULL;
--- a/tools/libs/ctrl/xc_private.h
+++ b/tools/libs/ctrl/xc_private.h
@@ -395,6 +395,7 @@ int xc_flush_mmu_updates(xc_interface *x
@@ -389,6 +389,7 @@ int xc_flush_mmu_updates(xc_interface *x
/* Return 0 on success; -1 on error setting errno. */
int read_exact(int fd, void *data, size_t size); /* EOF => -1, errno=0 */

View File

@ -34,7 +34,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
uint32_t domid)
{
+ int ret;
DECLARE_DOMCTL;
struct xen_domctl domctl = {};
domctl.cmd = XEN_DOMCTL_pausedomain;
domctl.domain = domid;
- return do_domctl(xch, &domctl);
@ -49,7 +49,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
uint32_t domid)
{
+ int ret;
DECLARE_DOMCTL;
struct xen_domctl domctl = {};
domctl.cmd = XEN_DOMCTL_unpausedomain;
domctl.domain = domid;
- return do_domctl(xch, &domctl);

View File

@ -85,7 +85,7 @@ the execution time of each script.
--- a/tools/libs/light/libxl_create.c
+++ b/tools/libs/light/libxl_create.c
@@ -1323,6 +1323,7 @@ static void initiate_domain_create(libxl
@@ -1345,6 +1345,7 @@ static void initiate_domain_create(libxl
* build info around just to know if the domain has a device model or not.
*/
store_libxl_entry(gc, domid, &d_config->b_info);
@ -95,7 +95,7 @@ the execution time of each script.
ret = libxl__disk_devtype.set_default(gc, domid, &d_config->disks[i],
--- a/tools/libs/light/libxl_device.c
+++ b/tools/libs/light/libxl_device.c
@@ -1296,7 +1296,7 @@ static void device_hotplug(libxl__egc *e
@@ -1309,7 +1309,7 @@ static void device_hotplug(libxl__egc *e
}
aes->ao = ao;
@ -104,7 +104,7 @@ the execution time of each script.
aes->env = env;
aes->args = args;
aes->callback = device_hotplug_child_death_cb;
@@ -1305,6 +1305,15 @@ static void device_hotplug(libxl__egc *e
@@ -1318,6 +1318,15 @@ static void device_hotplug(libxl__egc *e
aes->stdfds[1] = 2;
aes->stdfds[2] = -1;
@ -278,7 +278,7 @@ the execution time of each script.
#include <xenevtchn.h>
#include <xenstore.h>
@@ -1629,6 +1630,7 @@ struct libxl__xswait_state {
@@ -1626,6 +1627,7 @@ struct libxl__xswait_state {
const char *what; /* for error msgs: noun phrase, what we're waiting for */
const char *path;
int timeout_ms; /* as for poll(2) */
@ -286,7 +286,7 @@ the execution time of each script.
libxl__xswait_callback *callback;
/* remaining fields are private to xswait */
libxl__ev_time time_ev;
@@ -2707,6 +2709,7 @@ struct libxl__async_exec_state {
@@ -2704,6 +2706,7 @@ struct libxl__async_exec_state {
char **args; /* execution arguments */
char **env; /* execution environment */
@ -294,7 +294,7 @@ the execution time of each script.
/* private */
libxl__ev_time time;
libxl__ev_child child;
@@ -4896,6 +4899,9 @@ _hidden int userlookup_helper_getpwuid(l
@@ -4893,6 +4896,9 @@ _hidden int userlookup_helper_getpwuid(l
#endif

View File

@ -7,11 +7,11 @@ https://bugzilla.novell.com/show_bug.cgi?id=879425
tools/libxl/libxlu_disk_l.l | 1 +
5 files changed, 18 insertions(+), 1 deletion(-)
Index: xen-4.18.0-testing/docs/man/xl-disk-configuration.5.pod.in
Index: xen-4.19.0-testing/docs/man/xl-disk-configuration.5.pod.in
===================================================================
--- xen-4.18.0-testing.orig/docs/man/xl-disk-configuration.5.pod.in
+++ xen-4.18.0-testing/docs/man/xl-disk-configuration.5.pod.in
@@ -337,6 +337,32 @@ No
--- xen-4.19.0-testing.orig/docs/man/xl-disk-configuration.5.pod.in
+++ xen-4.19.0-testing/docs/man/xl-disk-configuration.5.pod.in
@@ -339,6 +339,32 @@ No
discard
@ -44,13 +44,13 @@ Index: xen-4.18.0-testing/docs/man/xl-disk-configuration.5.pod.in
=back
An advisory setting for the backend driver, specifying whether to
Index: xen-4.18.0-testing/tools/include/libxl.h
Index: xen-4.19.0-testing/tools/include/libxl.h
===================================================================
--- xen-4.18.0-testing.orig/tools/include/libxl.h
+++ xen-4.18.0-testing/tools/include/libxl.h
@@ -584,6 +584,21 @@
*/
#define LIBXL_HAVE_CONSOLE_ADD_XENSTORE 1
--- xen-4.19.0-testing.orig/tools/include/libxl.h
+++ xen-4.19.0-testing/tools/include/libxl.h
@@ -603,6 +603,21 @@
#define LIBXL_HAVE_P9_ADD 1
/*
+ * The libxl_device_disk has no way to indicate that cache=unsafe is
+ * supposed to be used. Provide this knob without breaking the ABI.
@ -70,11 +70,11 @@ Index: xen-4.18.0-testing/tools/include/libxl.h
* libxl ABI compatibility
*
* The only guarantee which libxl makes regarding ABI compatibility
Index: xen-4.18.0-testing/tools/libs/light/libxl_disk.c
Index: xen-4.19.0-testing/tools/libs/light/libxl_disk.c
===================================================================
--- xen-4.18.0-testing.orig/tools/libs/light/libxl_disk.c
+++ xen-4.18.0-testing/tools/libs/light/libxl_disk.c
@@ -422,6 +422,8 @@ static void device_disk_add(libxl__egc *
--- xen-4.19.0-testing.orig/tools/libs/light/libxl_disk.c
+++ xen-4.19.0-testing/tools/libs/light/libxl_disk.c
@@ -464,6 +464,8 @@ static void device_disk_add(libxl__egc *
flexarray_append_pair(back, "discard-enable",
libxl_defbool_val(disk->discard_enable) ?
"1" : "0");
@ -83,10 +83,10 @@ Index: xen-4.18.0-testing/tools/libs/light/libxl_disk.c
flexarray_append(back, "specification");
flexarray_append(back, libxl__device_disk_string_of_specification(disk->specification));
if (disk->specification == LIBXL_DISK_SPECIFICATION_VIRTIO) {
Index: xen-4.18.0-testing/tools/libs/light/libxl_dm.c
Index: xen-4.19.0-testing/tools/libs/light/libxl_dm.c
===================================================================
--- xen-4.18.0-testing.orig/tools/libs/light/libxl_dm.c
+++ xen-4.18.0-testing/tools/libs/light/libxl_dm.c
--- xen-4.19.0-testing.orig/tools/libs/light/libxl_dm.c
+++ xen-4.19.0-testing/tools/libs/light/libxl_dm.c
@@ -1019,14 +1019,27 @@ enum {
LIBXL__COLO_SECONDARY,
};
@ -164,7 +164,7 @@ Index: xen-4.18.0-testing/tools/libs/light/libxl_dm.c
break;
default:
abort();
@@ -1998,8 +2013,8 @@ static int libxl__build_device_model_arg
@@ -1997,8 +2012,8 @@ static int libxl__build_device_model_arg
return ERROR_INVAL;
}
flexarray_vappend(dm_args, "-drive",
@ -175,10 +175,10 @@ Index: xen-4.18.0-testing/tools/libs/light/libxl_dm.c
"-device", GCSPRINTF("ide-hd,bus=ahci0.%d,unit=0,drive=ahcidisk-%d",
disk, disk), NULL);
continue;
Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk.c
Index: xen-4.19.0-testing/tools/libs/util/libxlu_disk.c
===================================================================
--- xen-4.18.0-testing.orig/tools/libs/util/libxlu_disk.c
+++ xen-4.18.0-testing/tools/libs/util/libxlu_disk.c
--- xen-4.19.0-testing.orig/tools/libs/util/libxlu_disk.c
+++ xen-4.19.0-testing/tools/libs/util/libxlu_disk.c
@@ -78,6 +78,8 @@ int xlu_disk_parse(XLU_Config *cfg,
if (!disk->pdev_path || !strcmp(disk->pdev_path, ""))
disk->format = LIBXL_DISK_FORMAT_EMPTY;
@ -188,10 +188,10 @@ Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk.c
if (!disk->vdev) {
xlu__disk_err(&dpc,0, "no vdev specified");
Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk_i.h
Index: xen-4.19.0-testing/tools/libs/util/libxlu_disk_i.h
===================================================================
--- xen-4.18.0-testing.orig/tools/libs/util/libxlu_disk_i.h
+++ xen-4.18.0-testing/tools/libs/util/libxlu_disk_i.h
--- xen-4.19.0-testing.orig/tools/libs/util/libxlu_disk_i.h
+++ xen-4.19.0-testing/tools/libs/util/libxlu_disk_i.h
@@ -10,7 +10,7 @@ typedef struct {
void *scanner;
YY_BUFFER_STATE buf;
@ -201,10 +201,10 @@ Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk_i.h
const char *spec;
} DiskParseContext;
Index: xen-4.18.0-testing/tools/libs/util/libxlu_disk_l.l
Index: xen-4.19.0-testing/tools/libs/util/libxlu_disk_l.l
===================================================================
--- xen-4.18.0-testing.orig/tools/libs/util/libxlu_disk_l.l
+++ xen-4.18.0-testing/tools/libs/util/libxlu_disk_l.l
--- xen-4.19.0-testing.orig/tools/libs/util/libxlu_disk_l.l
+++ xen-4.19.0-testing/tools/libs/util/libxlu_disk_l.l
@@ -216,6 +216,7 @@ colo-port=[^,]*,? { STRIP(','); setcolop
colo-export=[^,]*,? { STRIP(','); SAVESTRING("colo-export", colo_export, FROMEQUALS); }
active-disk=[^,]*,? { STRIP(','); SAVESTRING("active-disk", active_disk, FROMEQUALS); }

View File

@ -1,63 +0,0 @@
Index: xen-4.18.0-testing/tools/python/xen/migration/legacy.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/legacy.py
+++ xen-4.18.0-testing/tools/python/xen/migration/legacy.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/libxc.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/libxc.py
+++ xen-4.18.0-testing/tools/python/xen/migration/libxc.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/libxl.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/libxl.py
+++ xen-4.18.0-testing/tools/python/xen/migration/libxl.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/public.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/public.py
+++ xen-4.18.0-testing/tools/python/xen/migration/public.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/tests.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/tests.py
+++ xen-4.18.0-testing/tools/python/xen/migration/tests.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/verify.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/verify.py
+++ xen-4.18.0-testing/tools/python/xen/migration/verify.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
Index: xen-4.18.0-testing/tools/python/xen/migration/xl.py
===================================================================
--- xen-4.18.0-testing.orig/tools/python/xen/migration/xl.py
+++ xen-4.18.0-testing/tools/python/xen/migration/xl.py
@@ -1,3 +1,4 @@
+#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""

BIN
mini-os.tar.bz2 (Stored with Git LFS)

Binary file not shown.

View File

@ -1,8 +1,8 @@
Index: xen-4.17.2-testing/tools/pygrub/src/pygrub
Index: xen-4.19.0-testing/tools/pygrub/src/pygrub
===================================================================
--- xen-4.17.2-testing.orig/tools/pygrub/src/pygrub
+++ xen-4.17.2-testing/tools/pygrub/src/pygrub
@@ -579,7 +579,7 @@ class Grub:
--- xen-4.19.0-testing.orig/tools/pygrub/src/pygrub
+++ xen-4.19.0-testing/tools/pygrub/src/pygrub
@@ -593,7 +593,7 @@ class Grub:
self.cf.filename = f
break
if self.__dict__.get('cf', None) is None:
@ -11,7 +11,7 @@ Index: xen-4.17.2-testing/tools/pygrub/src/pygrub
f = fs.open_file(self.cf.filename)
# limit read size to avoid pathological cases
buf = f.read(FS_READ_MAX)
@@ -754,6 +754,20 @@ def run_grub(file, entry, fs, cfg_args):
@@ -768,6 +768,20 @@ def run_grub(file, entry, fs, cfg_args):
g = Grub(file, fs)
@ -32,7 +32,7 @@ Index: xen-4.17.2-testing/tools/pygrub/src/pygrub
if list_entries:
for i in range(len(g.cf.images)):
img = g.cf.images[i]
@@ -840,6 +854,19 @@ def sniff_netware(fs, cfg):
@@ -854,6 +868,19 @@ def sniff_netware(fs, cfg):
return cfg
@ -52,7 +52,7 @@ Index: xen-4.17.2-testing/tools/pygrub/src/pygrub
def format_sxp(kernel, ramdisk, args):
s = "linux (kernel %s)" % repr(kernel)
if ramdisk:
@@ -918,7 +945,7 @@ if __name__ == "__main__":
@@ -932,7 +959,7 @@ if __name__ == "__main__":
debug = False
not_really = False
output_format = "sxp"

View File

@ -16,11 +16,11 @@ brctl. Replace them by commands from iproute2 package.
.../i386-dm/qemu-ifup-Linux | 5 +++--
9 files changed, 26 insertions(+), 26 deletions(-)
Index: xen-4.17.0-testing/README
Index: xen-4.19.0-testing/README
===================================================================
--- xen-4.17.0-testing.orig/README
+++ xen-4.17.0-testing/README
@@ -61,8 +61,7 @@ provided by your OS distributor:
--- xen-4.19.0-testing.orig/README
+++ xen-4.19.0-testing/README
@@ -59,8 +59,7 @@ provided by your OS distributor:
* Development install of GLib v2.0 (e.g. libglib2.0-dev)
* Development install of Pixman (e.g. libpixman-1-dev)
* pkg-config
@ -30,10 +30,10 @@ Index: xen-4.17.0-testing/README
* GNU bison and GNU flex
* ACPI ASL compiler (iasl)
Index: xen-4.17.0-testing/tools/hotplug/Linux/remus-netbuf-setup
Index: xen-4.19.0-testing/tools/hotplug/Linux/remus-netbuf-setup
===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/remus-netbuf-setup
+++ xen-4.17.0-testing/tools/hotplug/Linux/remus-netbuf-setup
--- xen-4.19.0-testing.orig/tools/hotplug/Linux/remus-netbuf-setup
+++ xen-4.19.0-testing/tools/hotplug/Linux/remus-netbuf-setup
@@ -76,6 +76,7 @@
#specific setup code such as renaming.
dir=$(dirname "$0")
@ -60,10 +60,10 @@ Index: xen-4.17.0-testing/tools/hotplug/Linux/remus-netbuf-setup
check_ifb "$ifb" || continue
REMUS_IFB="$ifb"
break
Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-bridge
Index: xen-4.19.0-testing/tools/hotplug/Linux/vif-bridge
===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/vif-bridge
+++ xen-4.17.0-testing/tools/hotplug/Linux/vif-bridge
--- xen-4.19.0-testing.orig/tools/hotplug/Linux/vif-bridge
+++ xen-4.19.0-testing/tools/hotplug/Linux/vif-bridge
@@ -42,7 +42,8 @@ if [ -z "$bridge" ]; then
if which brctl >&/dev/null; then
bridge=$(brctl show | awk 'NR==2{print$1}')
@ -74,10 +74,10 @@ Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-bridge
fi
if [ -z "$bridge" ]
then
Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-nat
Index: xen-4.19.0-testing/tools/hotplug/Linux/vif-nat
===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/vif-nat
+++ xen-4.17.0-testing/tools/hotplug/Linux/vif-nat
--- xen-4.19.0-testing.orig/tools/hotplug/Linux/vif-nat
+++ xen-4.19.0-testing/tools/hotplug/Linux/vif-nat
@@ -172,7 +172,11 @@ case "$command" in
;;
offline)
@ -91,10 +91,10 @@ Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-nat
;;
esac
Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-route
Index: xen-4.19.0-testing/tools/hotplug/Linux/vif-route
===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/vif-route
+++ xen-4.17.0-testing/tools/hotplug/Linux/vif-route
--- xen-4.19.0-testing.orig/tools/hotplug/Linux/vif-route
+++ xen-4.19.0-testing/tools/hotplug/Linux/vif-route
@@ -23,13 +23,23 @@ main_ip=$(dom0_ip)
case "${command}" in
@ -121,10 +121,10 @@ Index: xen-4.17.0-testing/tools/hotplug/Linux/vif-route
ipcmd='del'
cmdprefix='do_without_error'
;;
Index: xen-4.17.0-testing/tools/hotplug/Linux/xen-network-common.sh
Index: xen-4.19.0-testing/tools/hotplug/Linux/xen-network-common.sh
===================================================================
--- xen-4.17.0-testing.orig/tools/hotplug/Linux/xen-network-common.sh
+++ xen-4.17.0-testing/tools/hotplug/Linux/xen-network-common.sh
--- xen-4.19.0-testing.orig/tools/hotplug/Linux/xen-network-common.sh
+++ xen-4.19.0-testing/tools/hotplug/Linux/xen-network-common.sh
@@ -15,6 +15,12 @@
#

BIN
stubdom.tar.bz2 (Stored with Git LFS)

Binary file not shown.

View File

@ -2,7 +2,7 @@ Change default IO-APIC ack mode for single IO-APIC systems to old-style.
--- a/xen/arch/x86/io_apic.c
+++ b/xen/arch/x86/io_apic.c
@@ -2076,7 +2076,10 @@ void __init setup_IO_APIC(void)
@@ -2071,7 +2071,10 @@ void __init setup_IO_APIC(void)
io_apic_irqs = ~PIC_IRQS;
printk("ENABLING IO-APIC IRQs\n");

BIN
xen-4.18.3-testing-src.tar.bz2 (Stored with Git LFS)

Binary file not shown.

BIN
xen-4.19.0-testing-src.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,11 +1,11 @@
Index: xen-4.18.0-testing/xen/arch/Kconfig
Index: xen-4.19.0-testing/xen/arch/Kconfig
===================================================================
--- xen-4.18.0-testing.orig/xen/arch/Kconfig
+++ xen-4.18.0-testing/xen/arch/Kconfig
--- xen-4.19.0-testing.orig/xen/arch/Kconfig
+++ xen-4.19.0-testing/xen/arch/Kconfig
@@ -7,7 +7,7 @@ config PHYS_ADDR_T_32
config NR_CPUS
int "Maximum number of CPUs"
range 1 4095
range 1 16383
- default "256" if X86
+ default "1024" if X86
default "8" if ARM && RCAR3

View File

@ -1,7 +1,5 @@
Index: xen-4.18.3-testing/tools/xs-clients/Makefile
===================================================================
--- xen-4.18.3-testing.orig/tools/xs-clients/Makefile
+++ xen-4.18.3-testing/tools/xs-clients/Makefile
--- a/tools/xs-clients/Makefile
+++ b/tools/xs-clients/Makefile
@@ -29,7 +29,7 @@ all: $(TARGETS)
clients: xenstore $(CLIENTS) xenstore-control
@ -20,10 +18,8 @@ Index: xen-4.18.3-testing/tools/xs-clients/Makefile
done
.PHONY: uninstall
Index: xen-4.18.3-testing/tools/xenstored/Makefile
===================================================================
--- xen-4.18.3-testing.orig/tools/xenstored/Makefile
+++ xen-4.18.3-testing/tools/xenstored/Makefile
--- a/tools/xenstored/Makefile
+++ b/tools/xenstored/Makefile
@@ -32,6 +32,7 @@ TAGS:
install: all
$(INSTALL_DIR) $(DESTDIR)$(sbindir)

View File

@ -20,7 +20,7 @@ actually handle. The default is zero tolerance.
unsigned long __read_mostly cpu_khz; /* CPU clock frequency in kHz. */
DEFINE_SPINLOCK(rtc_lock);
unsigned long pit0_ticks;
@@ -2720,6 +2723,8 @@ int tsc_set_info(struct domain *d,
@@ -2797,6 +2800,8 @@ int tsc_set_info(struct domain *d,
switch ( tsc_mode )
{
@ -29,7 +29,7 @@ actually handle. The default is zero tolerance.
case XEN_CPUID_TSC_MODE_DEFAULT:
case XEN_CPUID_TSC_MODE_ALWAYS_EMULATE:
d->arch.vtsc_offset = get_s_time() - elapsed_nsec;
@@ -2733,8 +2738,25 @@ int tsc_set_info(struct domain *d,
@@ -2810,8 +2815,25 @@ int tsc_set_info(struct domain *d,
* When a guest is created, gtsc_khz is passed in as zero, making
* d->arch.tsc_khz == cpu_khz. Thus no need to check incarnation.
*/

View File

@ -1,10 +1,113 @@
-------------------------------------------------------------------
Thu Sep 26 11:30:00 CEST 2024 - jbeulich@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
-------------------------------------------------------------------
Tue Sep 10 09:54:34 MDT 2024 - carnold@suse.com
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
vlapic_error() (XSA-462)
xsa462.patch
-------------------------------------------------------------------
Fri Aug 30 07:32:58 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Fix build on aarch64 with gcc14 (bsc#1225953)
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
-------------------------------------------------------------------
Thu Aug 15 15:13:42 MDT 2024 - carnold@suse.com
- Update to Xen 4.19.0 FCS release (jsc#PED-8907)
xen-4.19.0-testing-src.tar.bz2
- New Features
* On x86:
- Introduce a new x2APIC driver that uses Cluster Logical addressing mode
for IPIs and Physical addressing mode for external interrupts.
* On Arm:
- FF-A notification support.
- Introduction of dynamic node programming using overlay dtbo.
* Add a new 9pfs backend running as a daemon in dom0. First user is
Xenstore-stubdom now being able to support full Xenstore trace capability.
* libxl support for backendtype=tap with tapback.
- Changed Features
* Changed flexible array definitions in public I/O interface headers to not
use "1" as the number of array elements.
* The minimum supported OCaml toolchain version is now 4.05
* On x86:
- HVM PIRQs are disabled by default.
- Reduce IOMMU setup time for hardware domain.
- Allow HVM/PVH domains to map foreign pages.
- Declare PVH dom0 supported with caveats.
* xl/libxl configures vkb=[] for HVM domains with priority over vkb_device.
* Increase the maximum number of CPUs Xen can be built for from 4095 to
16383.
* When building with Systemd support (./configure --enable-systemd), remove
libsystemd as a build dependency. Systemd Notify support is retained, now
using a standalone library implementation.
* xenalyze no longer requires `--svm-mode` when analyzing traces
generated on AMD CPUs
* Code symbol annotations and MISRA compliance improvements.
- Removed Features
* caml-stubdom. It hasn't built since 2014, was pinned to Ocaml 4.02, and has
been superseded by the MirageOS/SOLO5 projects.
* /usr/bin/pygrub symlink. This was deprecated in Xen 4.2 (2012) but left for
compatibility reasons. VMs configured with bootloader="/usr/bin/pygrub"
should be updated to just bootloader="pygrub".
* The Xen gdbstub on x86.
* xentrace_format has been removed; use xenalyze instead.
- Dropped patches contained in new tarball
6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- Dropped patches no longer necessary
bin-python3-conversion.patch
migration-python3-conversion.patch
-------------------------------------------------------------------
Wed Aug 14 14:10:47 MDT 2024 - carnold@suse.com
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
-------------------------------------------------------------------
Wed Aug 14 11:33:39 MDT 2024 - carnold@suse.com
@ -42,6 +145,17 @@ Wed Aug 14 11:33:39 MDT 2024 - carnold@suse.com
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
-------------------------------------------------------------------
Wed Aug 7 08:06:00 CEST 2024 - jbeulich@suse.com
- Upstream bug fixes (bsc#1027519)
66a8b8ac-bunzip2-rare-failure.patch
-------------------------------------------------------------------
Tue Jul 23 09:43:13 UTC 2024 - Franz Sirl <franz.sirl-obs@lauterbach.com>
- Enable support for ZSTD and LZO compression formats
-------------------------------------------------------------------
Wed Jul 3 12:41:39 MDT 2024 - carnold@suse.com

View File

@ -9,7 +9,7 @@ References: bsc#954872
--- a/tools/libs/light/libxl_disk.c
+++ b/tools/libs/light/libxl_disk.c
@@ -203,7 +203,7 @@ static int libxl__device_disk_setdefault
@@ -237,7 +237,7 @@ static int libxl__device_disk_setdefault
return rc;
}
@ -18,9 +18,9 @@ References: bsc#954872
const libxl_device_disk *disk,
libxl__device *device)
{
@@ -372,6 +372,10 @@ static void device_disk_add(libxl__egc *
rc = ERROR_FAIL;
goto out;
@@ -414,6 +414,10 @@ static void device_disk_add(libxl__egc *
assert(device->backend_kind == LIBXL__DEVICE_KIND_VBD3);
break;
case LIBXL_DISK_BACKEND_QDISK:
+ if (disk->script) {
+ script = libxl__abs_path(gc, disk->script, libxl__xen_script_dir_path());
@ -31,8 +31,8 @@ References: bsc#954872
libxl__device_disk_string_of_format(disk->format),
--- a/tools/libs/light/libxl_device.c
+++ b/tools/libs/light/libxl_device.c
@@ -351,7 +351,8 @@ static int disk_try_backend(disk_try_bac
return 0;
@@ -361,7 +361,8 @@ static int disk_try_backend(disk_try_bac
return backend;
case LIBXL_DISK_BACKEND_QDISK:
- if (a->disk->script) goto bad_script;
@ -89,7 +89,7 @@ References: bsc#954872
disks[i].vdev);
--- a/tools/libs/util/libxlu_disk_l.l
+++ b/tools/libs/util/libxlu_disk_l.l
@@ -253,6 +253,8 @@ target=.* { STRIP(','); SAVESTRING("targ
@@ -256,6 +256,8 @@ target=.* { STRIP(','); SAVESTRING("targ
free(newscript);
}
@ -100,7 +100,7 @@ References: bsc#954872
aio:/.* { DPC->had_depr_prefix=1; DEPRECATE(0); }
--- a/tools/libs/light/libxl_internal.h
+++ b/tools/libs/light/libxl_internal.h
@@ -2073,6 +2073,10 @@ _hidden char *libxl__object_to_json(libx
@@ -2070,6 +2070,10 @@ _hidden char *libxl__object_to_json(libx
_hidden int libxl__cpuid_legacy(libxl_ctx *ctx, uint32_t domid, bool retore,
libxl_domain_build_info *info);

View File

@ -26,9 +26,11 @@
# Keep it at the original location (/usr/lib) for backward compatibility
%define _libexecdir /usr/lib
%{?!primary_python:%define primary_python python3}
Name: xen
ExclusiveArch: %ix86 x86_64 aarch64
%define xen_build_dir xen-4.18.3-testing
%define xen_build_dir xen-4.19.0-testing
#
%define with_gdbsx 0
%define with_dom0_support 0
@ -96,6 +98,8 @@ BuildRequires: makeinfo
%endif
%endif
BuildRequires: acpica
BuildRequires: libzstd-devel
BuildRequires: lzo-devel
BuildRequires: ncurses-devel
BuildRequires: openssl-devel
BuildRequires: python3-devel
@ -117,14 +121,15 @@ BuildRequires: makeinfo
%ifarch x86_64
BuildRequires: pesign-obs-integration
%endif
BuildRequires: python-rpm-macros
Provides: installhint(reboot-needed)
Version: 4.18.3_04
Version: 4.19.0_04
Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0-only
Group: System/Kernel
Source0: xen-4.18.3-testing-src.tar.bz2
Source0: xen-4.19.0-testing-src.tar.bz2
Source1: stubdom.tar.bz2
Source2: mini-os.tar.bz2
Source9: xen.changes
@ -154,9 +159,18 @@ Source10183: xen_maskcalc.py
# For xen-libs
Source99: baselibs.conf
# Upstream patches
Patch1: 6617d62c-x86-hvm-Misra-Rule-19-1-regression.patch
Patch1: 66a8b8ac-bunzip2-rare-failure.patch
Patch2: 66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
Patch3: 66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
Patch4: 66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
Patch5: 66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
Patch6: 66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
Patch7: 66d8690f-SUPPORT-split-XSM-from-Flask.patch
Patch8: 66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
Patch9: 66e44ae2-x86-ucode-AMD-buffer-underrun.patch
Patch10: 66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Patch11: 66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
# EMBARGOED security fixes
Patch100: xsa462.patch
# libxc
Patch301: libxc-bitmap-long.patch
Patch302: libxc-sr-xl-migration-debug.patch
@ -218,8 +232,6 @@ Patch466: libxl.helper_done-crash.patch
Patch467: libxl.LIBXL_HOTPLUG_TIMEOUT.patch
# python3 conversion patches
Patch500: build-python3-conversion.patch
Patch501: migration-python3-conversion.patch
Patch502: bin-python3-conversion.patch
# Hypervisor and PV driver Patches
Patch600: xen.bug1026236.suse_vtsc_tolerance.patch
Patch601: x86-ioapic-ack-default.patch
@ -283,8 +295,8 @@ Requires: qemu-arm
Requires: %{name} = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release}
Recommends: multipath-tools
Requires: python3
Requires: python3-curses
Requires: %{primary_python}
Requires: %{primary_python}-curses
%ifarch %{ix86} x86_64
Requires: qemu-seabios
%endif
@ -476,7 +488,7 @@ configure_flags="${configure_flags} --enable-stubdom"
sed -i~ 's/ XENSTORETYPE=domain$/ XENSTORETYPE=daemon/' tools/hotplug/Linux/launch-xenstore.in
configure_flags="${configure_flags} --disable-stubdom"
%endif
export PYTHON="/usr/bin/python3"
export PYTHON=$(realpath /usr/bin/python3)
configure_flags="${configure_flags} --disable-qemu-traditional"
./configure \
--disable-xen \
@ -810,17 +822,18 @@ done
# Xen utilities
install -m755 %SOURCE36 %{buildroot}/usr/sbin/xen2libvirt
install -m755 %SOURCE10183 %{buildroot}/usr/sbin/xen_maskcalc
%python3_fix_shebang
rm -f %{buildroot}/etc/xen/README*
# Example config
mkdir -p %{buildroot}/etc/xen/{vm,examples,scripts}
mv %{buildroot}/etc/xen/xlexample* %{buildroot}/etc/xen/examples
rm -f %{buildroot}/etc/xen/examples/*nbd
install -m644 tools/xentrace/formats %{buildroot}/etc/xen/examples/xentrace_formats.txt
# Scripts
rm -f %{buildroot}/etc/xen/scripts/block-*nbd
install -m755 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE24 %{buildroot}/etc/xen/scripts/
install -m755 tools/pygrub/src/pygrub %{buildroot}/usr/bin/pygrub
mkdir -p %{buildroot}/usr/lib/supportconfig/plugins
install -m 755 %SOURCE13 %{buildroot}/usr/lib/supportconfig/plugins/xen
@ -977,7 +990,6 @@ rm -f %{buildroot}/usr/libexec/qemu-bridge-helper
/usr/bin/pygrub
/usr/bin/vchan-socket-proxy
/usr/bin/xencov_split
/usr/bin/xentrace_format
%ifarch x86_64
/usr/bin/xen-cpuid
%endif

View File

@ -18,10 +18,10 @@ Basically fillup removed all comments, and also the two added key=value lines.
Prevent this by defining all keys, with empty values, so that consumers
of the values will continue to use the built-in defaults.
Index: xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
Index: xen-4.19.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
===================================================================
--- xen-4.16.0-testing.orig/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
+++ xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
--- xen-4.19.0-testing.orig/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
+++ xen-4.19.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
@@ -3,7 +3,9 @@
## Default: "none"
#
@ -55,20 +55,19 @@ Index: xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
## Type: string
## Default: unlimited
@@ -57,9 +59,10 @@ XENSTORED_ARGS=
@@ -57,8 +59,9 @@ XENSTORED_ARGS=
## Type: string
## Default: Not defined, tracing off
#
-# Log xenstored messages
+# Log xenstored messages if a non-empty value is assigned.
# Only evaluated if XENSTORETYPE is "daemon".
-#XENSTORED_TRACE=[yes|on|1]
+# Log xenstored messages if a non-empty value is assigned.
+#
+XENSTORED_TRACE=
## Type: integer
## Default: 50
@@ -75,14 +78,14 @@ XENSTORED_ARGS=
@@ -74,14 +77,14 @@ XENSTORED_ARGS=
#
# xenstore domain kernel.
# Only evaluated if XENSTORETYPE is "domain".
@ -85,7 +84,7 @@ Index: xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
## Type: string
## Default: not set, no autoballooning of xenstore domain
@@ -93,7 +96,7 @@ XENSTORED_ARGS=
@@ -92,7 +95,7 @@ XENSTORED_ARGS=
# - combination of both in form of <val>:<frac> (e.g. 8:1/100), resulting
# value will be the higher of both specifications
# Only evaluated if XENSTORETYPE is "domain".
@ -94,7 +93,7 @@ Index: xen-4.16.0-testing/tools/hotplug/Linux/init.d/sysconfig.xencommons.in
## Type: string
## Default: ""
@@ -106,4 +109,4 @@ XENSTORE_DOMAIN_ARGS=
@@ -105,4 +108,4 @@ XENSTORE_DOMAIN_ARGS=
#QEMU_XEN=@qemu_xen_path@
# Dom0 UUID

View File

@ -11,7 +11,7 @@ References: fate#323663 - Run Xenstore in stubdomain
#
# Select type of xentore service.
#
@@ -81,14 +81,14 @@ XENSTORED_TRACE=
@@ -80,14 +80,14 @@ XENSTORED_TRACE=
XENSTORE_DOMAIN_KERNEL=
## Type: integer
@ -49,6 +49,6 @@ References: fate#323663 - Run Xenstore in stubdomain
- [ -z "$XENSTORE_MAX_DOMAIN_SIZE" ] || XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --maxmem $XENSTORE_MAX_DOMAIN_SIZE"
+ [ -z "$XENSTORE_MAX_DOMAIN_SIZE" ] && XENSTORE_MAX_DOMAIN_SIZE="1/100"
+ XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS --maxmem $XENSTORE_MAX_DOMAIN_SIZE"
[ -z "$XENSTORED_TRACE" ] || XENSTORE_DOMAIN_ARGS="$XENSTORE_DOMAIN_ARGS -T xenstored-trace.log"
echo -n Starting $XENSTORE_DOMAIN_KERNEL...
${LIBEXEC_BIN}/init-xenstore-domain $XENSTORE_DOMAIN_ARGS || exit 1

View File

@ -1,93 +1,104 @@
References: bsc#1178736
Allow restart of xenwatchdogd in case it terminated unexpectetly.
Index: xen-4.14.0-testing/tools/misc/xenwatchdogd.c
Index: xen-4.19.0-testing/tools/misc/xenwatchdogd.c
===================================================================
--- xen-4.14.0-testing.orig/tools/misc/xenwatchdogd.c
+++ xen-4.14.0-testing/tools/misc/xenwatchdogd.c
@@ -9,12 +9,16 @@
#include <unistd.h>
#include <signal.h>
--- xen-4.19.0-testing.orig/tools/misc/xenwatchdogd.c
+++ xen-4.19.0-testing/tools/misc/xenwatchdogd.c
@@ -21,6 +21,8 @@
#include <stdio.h>
#include <stdbool.h>
#include <getopt.h>
+#include <libgen.h>
+#include <syslog.h>
xc_interface *h;
int id = 0;
#define WDOG_MIN_TIMEOUT 2
#define WDOG_MIN_SLEEP 1
@@ -29,9 +31,11 @@
static xc_interface *h;
static volatile bool safeexit = false;
static volatile bool done = false;
+static const char id_file[] = "/run/xenwatchdog_id.txt";
-void daemonize(void)
-static void daemonize(void)
+static void daemonize(const char *str)
{
+ const char *err_str = "";
switch (fork()) {
case -1:
err(1, "fork");
@@ -23,7 +27,9 @@ void daemonize(void)
err(EXIT_FAILURE, "fork");
@@ -40,7 +44,9 @@ static void daemonize(void)
default:
exit(0);
exit(EXIT_SUCCESS);
}
- umask(0);
+#define err(x,s) do { err_str = (s); goto out; } while (0)
+ openlog(str, LOG_CONS, LOG_DAEMON);
+ umask(~(S_IRUSR|S_IWUSR));
if (setsid() < 0)
err(1, "setsid");
err(EXIT_FAILURE, "setsid");
if (chdir("/") < 0)
@@ -34,6 +40,10 @@ void daemonize(void)
err(1, "reopen stdout");
@@ -51,6 +57,10 @@ static void daemonize(void)
err(EXIT_FAILURE, "reopen stdout");
if(freopen("/dev/null", "w", stderr) == NULL)
err(1, "reopen stderr");
err(EXIT_FAILURE, "reopen stderr");
+ return;
+out:
+ syslog(LOG_ERR, "%s: %m", err_str);
+ exit(1);
}
void catch_exit(int sig)
@@ -47,18 +57,21 @@ void catch_usr1(int sig)
static void catch_exit(int sig)
@@ -62,6 +72,7 @@ static void catch_usr1(int sig)
{
if (id)
xc_watchdog(h, id, 0);
safeexit = true;
done = true;
+ unlink(id_file);
exit(0);
}
static void __attribute__((noreturn)) usage(int exit_code)
@@ -98,10 +109,12 @@ static int parse_secs(const char *arg, c
int main(int argc, char **argv)
{
+ FILE *f;
int id;
int t, s;
int ret;
bool daemon = true;
+ const char *err_str = "";
if (argc < 2)
errx(1, "usage: %s <timeout> <sleep>", argv[0]);
for ( ;; )
{
@@ -160,7 +173,7 @@ int main(int argc, char **argv)
s = t / 2;
- daemonize();
+ daemonize(basename(argv[0]));
if (daemon)
- daemonize();
+ daemonize(basename(argv[0]));
h = xc_interface_open(NULL, NULL, 0);
if (h == NULL)
@@ -86,9 +99,25 @@ int main(int argc, char **argv)
@@ -177,9 +190,25 @@ int main(int argc, char **argv)
if (signal(SIGUSR1, &catch_usr1) == SIG_ERR)
err(1, "signal");
err(EXIT_FAILURE, "signal");
- id = xc_watchdog(h, 0, t);
- if (id <= 0)
- err(1, "xc_watchdog setup");
- err(EXIT_FAILURE, "xc_watchdog setup");
+ f = fopen(id_file, "r");
+ if (f) {
+ if (fscanf(f, "%d", &id) != 1)
+ id = -1;
+ if (id <= 0)
+ err(1, "xc_watchdog setup");
+ err(EXIT_FAILURE, "xc_watchdog setup");
+ syslog(LOG_INFO, "reusing id %d", id);
+ fclose(f);
+ } else {
+ id = xc_watchdog(h, 0, t);
+ syslog(LOG_INFO, "obtained id %d", id);
+ if (id <= 0)
+ err(1, "xc_watchdog setup");
+ err(EXIT_FAILURE, "xc_watchdog setup");
+ f = fopen(id_file, "w");
+ if (f) {
+ fprintf(f, "%d\n", id);
@ -95,14 +106,14 @@ Index: xen-4.14.0-testing/tools/misc/xenwatchdogd.c
+ }
+ }
for (;;) {
while (!done) {
sleep(s);
@@ -96,4 +125,8 @@ int main(int argc, char **argv)
if (ret != 0)
err(1, "xc_watchdog");
}
@@ -191,4 +220,8 @@ int main(int argc, char **argv)
// Zero seconds timeout will disarm the watchdog timer
xc_watchdog(h, id, safeexit ? 0 : WDOG_EXIT_TIMEOUT);
return 0;
+
+out:
+ syslog(LOG_ERR, "%s: %m", err_str);
+ exit(1);
+ exit(EXIT_FAILURE);
}