forked from SLFO-pool/xen
Sync from SUSE:SLFO:Main xen revision 8d29a7d10d60058ce13aa728041a2bc4
This commit is contained in:
parent
245e26a41b
commit
4ce9e75764
@ -1,30 +0,0 @@
|
||||
# Commit 303d3ff85c90ee4af4bad4e3b1d4932fa2634d64
|
||||
# Date 2024-07-30 11:55:56 +0200
|
||||
# Author Ross Lagerwall <ross.lagerwall@citrix.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
bunzip2: fix rare decompression failure
|
||||
|
||||
The decompression code parses a huffman tree and counts the number of
|
||||
symbols for a given bit length. In rare cases, there may be >= 256
|
||||
symbols with a given bit length, causing the unsigned char to overflow.
|
||||
This causes a decompression failure later when the code tries and fails to
|
||||
find the bit length for a given symbol.
|
||||
|
||||
Since the maximum number of symbols is 258, use unsigned short instead.
|
||||
|
||||
Fixes: ab77e81f6521 ("x86/dom0: support bzip2 and lzma compressed bzImage payloads")
|
||||
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
|
||||
Acked-by: Jan Beulich <jbeulich@suse.com>
|
||||
|
||||
--- a/xen/common/bunzip2.c
|
||||
+++ b/xen/common/bunzip2.c
|
||||
@@ -221,7 +221,8 @@ static int __init get_next_block(struct
|
||||
RUNB) */
|
||||
symCount = symTotal+2;
|
||||
for (j = 0; j < groupCount; j++) {
|
||||
- unsigned char length[MAX_SYMBOLS], temp[MAX_HUFCODE_BITS+1];
|
||||
+ unsigned char length[MAX_SYMBOLS];
|
||||
+ unsigned short temp[MAX_HUFCODE_BITS+1];
|
||||
int minLen, maxLen, pp;
|
||||
/* Read Huffman code lengths for each symbol. They're
|
||||
stored in a way similar to mtf; record a starting
|
@ -1,99 +0,0 @@
|
||||
Subject: x86/IOMMU: move tracking in iommu_identity_mapping()
|
||||
From: Teddy Astie teddy.astie@vates.tech Tue Aug 13 16:36:40 2024 +0200
|
||||
Date: Tue Aug 13 16:36:40 2024 +0200:
|
||||
Git: beadd68b5490ada053d72f8a9ce6fd696d626596
|
||||
|
||||
If for some reason xmalloc() fails after having mapped the reserved
|
||||
regions, an error is reported, but the regions remain mapped in the P2M.
|
||||
|
||||
Similarly if an error occurs during set_identity_p2m_entry() (except on
|
||||
the first call), the partial mappings of the region would be retained
|
||||
without being tracked anywhere, and hence without there being a way to
|
||||
remove them again from the domain's P2M.
|
||||
|
||||
Move the setting up of the list entry ahead of trying to map the region.
|
||||
In cases other than the first mapping failing, keep record of the full
|
||||
region, such that a subsequent unmapping request can be properly torn
|
||||
down.
|
||||
|
||||
To compensate for the potentially excess unmapping requests, don't log a
|
||||
warning from p2m_remove_identity_entry() when there really was nothing
|
||||
mapped at a given GFN.
|
||||
|
||||
This is XSA-460 / CVE-2024-31145.
|
||||
|
||||
Fixes: 2201b67b9128 ("VT-d: improve RMRR region handling")
|
||||
Fixes: c0e19d7c6c42 ("IOMMU: generalize VT-d's tracking of mapped RMRR regions")
|
||||
Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
|
||||
|
||||
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
|
||||
index e7e327d6a6..1739133fc2 100644
|
||||
--- a/xen/arch/x86/mm/p2m.c
|
||||
+++ b/xen/arch/x86/mm/p2m.c
|
||||
@@ -1267,9 +1267,11 @@ int p2m_remove_identity_entry(struct domain *d, unsigned long gfn_l)
|
||||
else
|
||||
{
|
||||
gfn_unlock(p2m, gfn, 0);
|
||||
- printk(XENLOG_G_WARNING
|
||||
- "non-identity map d%d:%lx not cleared (mapped to %lx)\n",
|
||||
- d->domain_id, gfn_l, mfn_x(mfn));
|
||||
+ if ( (p2mt != p2m_invalid && p2mt != p2m_mmio_dm) ||
|
||||
+ a != p2m_access_n || !mfn_eq(mfn, INVALID_MFN) )
|
||||
+ printk(XENLOG_G_WARNING
|
||||
+ "non-identity map %pd:%lx not cleared (mapped to %lx)\n",
|
||||
+ d, gfn_l, mfn_x(mfn));
|
||||
ret = 0;
|
||||
}
|
||||
|
||||
diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c
|
||||
index cc0062b027..8b1e0596b8 100644
|
||||
--- a/xen/drivers/passthrough/x86/iommu.c
|
||||
+++ b/xen/drivers/passthrough/x86/iommu.c
|
||||
@@ -267,24 +267,36 @@ int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma,
|
||||
if ( p2ma == p2m_access_x )
|
||||
return -ENOENT;
|
||||
|
||||
- while ( base_pfn < end_pfn )
|
||||
- {
|
||||
- int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag);
|
||||
-
|
||||
- if ( err )
|
||||
- return err;
|
||||
- base_pfn++;
|
||||
- }
|
||||
-
|
||||
map = xmalloc(struct identity_map);
|
||||
if ( !map )
|
||||
return -ENOMEM;
|
||||
+
|
||||
map->base = base;
|
||||
map->end = end;
|
||||
map->access = p2ma;
|
||||
map->count = 1;
|
||||
+
|
||||
+ /*
|
||||
+ * Insert into list ahead of mapping, so the range can be found when
|
||||
+ * trying to clean up.
|
||||
+ */
|
||||
list_add_tail(&map->list, &hd->arch.identity_maps);
|
||||
|
||||
+ for ( ; base_pfn < end_pfn; ++base_pfn )
|
||||
+ {
|
||||
+ int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag);
|
||||
+
|
||||
+ if ( !err )
|
||||
+ continue;
|
||||
+
|
||||
+ if ( (map->base >> PAGE_SHIFT_4K) == base_pfn )
|
||||
+ {
|
||||
+ list_del(&map->list);
|
||||
+ xfree(map);
|
||||
+ }
|
||||
+ return err;
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,31 +0,0 @@
|
||||
Subject: x86/pass-through: documents as security-unsupported when sharing resources
|
||||
From: Jan Beulich jbeulich@suse.com Tue Aug 13 16:37:25 2024 +0200
|
||||
Date: Tue Aug 13 16:37:25 2024 +0200:
|
||||
Git: 9c94eda1e3790820699a6de3f6a7c959ecf30600
|
||||
|
||||
When multiple devices share resources and one of them is to be passed
|
||||
through to a guest, security of the entire system and of respective
|
||||
guests individually cannot really be guaranteed without knowing
|
||||
internals of any of the involved guests. Therefore such a configuration
|
||||
cannot really be security-supported, yet making that explicit was so far
|
||||
missing.
|
||||
|
||||
This is XSA-461 / CVE-2024-31146.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Juergen Gross <jgross@suse.com>
|
||||
|
||||
--- a/SUPPORT.md
|
||||
+++ b/SUPPORT.md
|
||||
@@ -841,6 +841,11 @@ This feature is not security supported:
|
||||
|
||||
Only systems using IOMMUs are supported.
|
||||
|
||||
+Passing through of devices sharing resources with another device is not
|
||||
+security supported. Such sharing could e.g. be the same line interrupt being
|
||||
+used by multiple devices, one of which is to be passed through, or two such
|
||||
+devices having memory BARs within the same 4k page.
|
||||
+
|
||||
Not compatible with migration, populate-on-demand, altp2m,
|
||||
introspection, memory sharing, or memory paging.
|
||||
|
@ -1,127 +0,0 @@
|
||||
# Commit fb1658221a31ec1db33253a80001191391e73b17
|
||||
# Date 2024-08-28 19:59:07 +0100
|
||||
# Author Roger Pau Monne <roger.pau@citrix.com>
|
||||
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
x86/dom0: disable SMAP for PV domain building only
|
||||
|
||||
Move the logic that disables SMAP so it's only performed when building a PV
|
||||
dom0, PVH dom0 builder doesn't require disabling SMAP.
|
||||
|
||||
The fixes tag is to account for the wrong usage of cpu_has_smap in
|
||||
create_dom0(), it should instead have used
|
||||
boot_cpu_has(X86_FEATURE_XEN_SMAP). Fix while moving the logic to apply to PV
|
||||
only.
|
||||
|
||||
While there also make cr4_pv32_mask __ro_after_init.
|
||||
|
||||
Fixes: 493ab190e5b1 ('xen/sm{e, a}p: allow disabling sm{e, a}p for Xen itself')
|
||||
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
|
||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/include/asm/setup.h
|
||||
+++ b/xen/arch/x86/include/asm/setup.h
|
||||
@@ -64,6 +64,8 @@ extern bool opt_dom0_verbose;
|
||||
extern bool opt_dom0_cpuid_faulting;
|
||||
extern bool opt_dom0_msr_relaxed;
|
||||
|
||||
+extern unsigned long cr4_pv32_mask;
|
||||
+
|
||||
#define max_init_domid (0)
|
||||
|
||||
#endif
|
||||
--- a/xen/arch/x86/pv/dom0_build.c
|
||||
+++ b/xen/arch/x86/pv/dom0_build.c
|
||||
@@ -354,11 +354,11 @@ static struct page_info * __init alloc_c
|
||||
return page;
|
||||
}
|
||||
|
||||
-int __init dom0_construct_pv(struct domain *d,
|
||||
- const module_t *image,
|
||||
- unsigned long image_headroom,
|
||||
- module_t *initrd,
|
||||
- const char *cmdline)
|
||||
+static int __init dom0_construct(struct domain *d,
|
||||
+ const module_t *image,
|
||||
+ unsigned long image_headroom,
|
||||
+ module_t *initrd,
|
||||
+ const char *cmdline)
|
||||
{
|
||||
int i, rc, order, machine;
|
||||
bool compatible, compat;
|
||||
@@ -1048,6 +1048,36 @@ out:
|
||||
|
||||
return rc;
|
||||
}
|
||||
+
|
||||
+int __init dom0_construct_pv(struct domain *d,
|
||||
+ const module_t *image,
|
||||
+ unsigned long image_headroom,
|
||||
+ module_t *initrd,
|
||||
+ const char *cmdline)
|
||||
+{
|
||||
+ int rc;
|
||||
+
|
||||
+ /*
|
||||
+ * Clear SMAP in CR4 to allow user-accesses in construct_dom0(). This
|
||||
+ * prevents us needing to rewrite construct_dom0() in terms of
|
||||
+ * copy_{to,from}_user().
|
||||
+ */
|
||||
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
|
||||
+ {
|
||||
+ cr4_pv32_mask &= ~X86_CR4_SMAP;
|
||||
+ write_cr4(read_cr4() & ~X86_CR4_SMAP);
|
||||
+ }
|
||||
+
|
||||
+ rc = dom0_construct(d, image, image_headroom, initrd, cmdline);
|
||||
+
|
||||
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
|
||||
+ {
|
||||
+ write_cr4(read_cr4() | X86_CR4_SMAP);
|
||||
+ cr4_pv32_mask |= X86_CR4_SMAP;
|
||||
+ }
|
||||
+
|
||||
+ return rc;
|
||||
+}
|
||||
|
||||
/*
|
||||
* Local variables:
|
||||
--- a/xen/arch/x86/setup.c
|
||||
+++ b/xen/arch/x86/setup.c
|
||||
@@ -79,8 +79,7 @@ bool __read_mostly use_invpcid;
|
||||
int8_t __initdata opt_probe_port_aliases = -1;
|
||||
boolean_param("probe-port-aliases", opt_probe_port_aliases);
|
||||
|
||||
-/* Only used in asm code and within this source file */
|
||||
-unsigned long asmlinkage __read_mostly cr4_pv32_mask;
|
||||
+unsigned long __ro_after_init cr4_pv32_mask;
|
||||
|
||||
/* **** Linux config option: propagated to domain0. */
|
||||
/* "acpi=off": Sisables both ACPI table parsing and interpreter. */
|
||||
@@ -955,26 +954,9 @@ static struct domain *__init create_dom0
|
||||
}
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Temporarily clear SMAP in CR4 to allow user-accesses in construct_dom0().
|
||||
- * This saves a large number of corner cases interactions with
|
||||
- * copy_from_user().
|
||||
- */
|
||||
- if ( cpu_has_smap )
|
||||
- {
|
||||
- cr4_pv32_mask &= ~X86_CR4_SMAP;
|
||||
- write_cr4(read_cr4() & ~X86_CR4_SMAP);
|
||||
- }
|
||||
-
|
||||
if ( construct_dom0(d, image, headroom, initrd, cmdline) != 0 )
|
||||
panic("Could not construct domain 0\n");
|
||||
|
||||
- if ( cpu_has_smap )
|
||||
- {
|
||||
- write_cr4(read_cr4() | X86_CR4_SMAP);
|
||||
- cr4_pv32_mask |= X86_CR4_SMAP;
|
||||
- }
|
||||
-
|
||||
return d;
|
||||
}
|
||||
|
@ -1,49 +0,0 @@
|
||||
Subject: Arm64: adjust __irq_to_desc() to fix build with gcc14
|
||||
From: Jan Beulich jbeulich@suse.com Thu Aug 29 10:03:53 2024 +0200
|
||||
Date: Thu Aug 29 10:03:53 2024 +0200:
|
||||
Git: 99f942f3d410059dc223ee0a908827e928ef3592
|
||||
|
||||
With the original code I observe
|
||||
|
||||
In function ‘__irq_to_desc’,
|
||||
inlined from ‘route_irq_to_guest’ at arch/arm/irq.c:465:12:
|
||||
arch/arm/irq.c:54:16: error: array subscript -2 is below array bounds of ‘irq_desc_t[32]’ {aka ‘struct irq_desc[32]’} [-Werror=array-bounds=]
|
||||
54 | return &this_cpu(local_irq_desc)[irq];
|
||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
which looks pretty bogus: How in the world does the compiler arrive at
|
||||
-2 when compiling route_irq_to_guest()? Yet independent of that the
|
||||
function's parameter wants to be of unsigned type anyway, as shown by
|
||||
a vast majority of callers (others use plain int when they really mean
|
||||
non-negative quantities). With that adjustment the code compiles fine
|
||||
again.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Acked-by: Michal Orzel <michal.orzel@amd.com>
|
||||
|
||||
diff --git a/xen/arch/arm/include/asm/irq.h b/xen/arch/arm/include/asm/irq.h
|
||||
index ec437add09..88e060bf29 100644
|
||||
--- a/xen/arch/arm/include/asm/irq.h
|
||||
+++ b/xen/arch/arm/include/asm/irq.h
|
||||
@@ -56,7 +56,7 @@ extern const unsigned int nr_irqs;
|
||||
struct irq_desc;
|
||||
struct irqaction;
|
||||
|
||||
-struct irq_desc *__irq_to_desc(int irq);
|
||||
+struct irq_desc *__irq_to_desc(unsigned int irq);
|
||||
|
||||
#define irq_to_desc(irq) __irq_to_desc(irq)
|
||||
|
||||
diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c
|
||||
index 6b89f64fd1..b9757d7ad3 100644
|
||||
--- a/xen/arch/arm/irq.c
|
||||
+++ b/xen/arch/arm/irq.c
|
||||
@@ -48,7 +48,7 @@ void irq_end_none(struct irq_desc *irq)
|
||||
static irq_desc_t irq_desc[NR_IRQS];
|
||||
static DEFINE_PER_CPU(irq_desc_t[NR_LOCAL_IRQS], local_irq_desc);
|
||||
|
||||
-struct irq_desc *__irq_to_desc(int irq)
|
||||
+struct irq_desc *__irq_to_desc(unsigned int irq)
|
||||
{
|
||||
if ( irq < NR_LOCAL_IRQS )
|
||||
return &this_cpu(local_irq_desc)[irq];
|
@ -1,84 +0,0 @@
|
||||
# Commit bb03169bcb6ecccf372de1f6b9285cd519a26bb8
|
||||
# Date 2024-09-03 10:53:44 +0100
|
||||
# Author Javi Merino <javi.merino@cloud.com>
|
||||
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
libxl: Fix nul-termination of the return value of libxl_xen_console_read_line()
|
||||
|
||||
When built with ASAN, "xl dmesg" crashes in the "printf("%s", line)"
|
||||
call in main_dmesg(). ASAN reports a heap buffer overflow: an
|
||||
off-by-one access to cr->buffer.
|
||||
|
||||
The readconsole sysctl copies up to count characters into the buffer,
|
||||
but it does not add a null character at the end. Despite the
|
||||
documentation of libxl_xen_console_read_line(), line_r is not
|
||||
nul-terminated if 16384 characters were copied to the buffer.
|
||||
|
||||
Fix this by asking xc_readconsolering() to fill the buffer up to size
|
||||
- 1. As the number of characters in the buffer is only needed in
|
||||
libxl_xen_console_read_line(), make it a local variable there instead
|
||||
of part of the libxl__xen_console_reader struct.
|
||||
|
||||
Fixes: 4024bae739cc ("xl: Add subcommand 'xl dmesg'")
|
||||
Reported-by: Edwin Török <edwin.torok@cloud.com>
|
||||
Signed-off-by: Javi Merino <javi.merino@cloud.com>
|
||||
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
|
||||
|
||||
--- a/tools/libs/light/libxl_console.c
|
||||
+++ b/tools/libs/light/libxl_console.c
|
||||
@@ -774,12 +774,17 @@ libxl_xen_console_reader *
|
||||
{
|
||||
GC_INIT(ctx);
|
||||
libxl_xen_console_reader *cr;
|
||||
- unsigned int size = 16384;
|
||||
+ /*
|
||||
+ * We want xen to fill the buffer in as few hypercalls as
|
||||
+ * possible, but xen will not nul-terminate it. The default size
|
||||
+ * of Xen's console buffer is 16384. Leave one byte at the end
|
||||
+ * for the null character.
|
||||
+ */
|
||||
+ unsigned int size = 16384 + 1;
|
||||
|
||||
cr = libxl__zalloc(NOGC, sizeof(libxl_xen_console_reader));
|
||||
cr->buffer = libxl__zalloc(NOGC, size);
|
||||
cr->size = size;
|
||||
- cr->count = size;
|
||||
cr->clear = clear;
|
||||
cr->incremental = 1;
|
||||
|
||||
@@ -800,10 +805,16 @@ int libxl_xen_console_read_line(libxl_ct
|
||||
char **line_r)
|
||||
{
|
||||
int ret;
|
||||
+ /*
|
||||
+ * Number of chars to copy into the buffer. xc_readconsolering()
|
||||
+ * does not add a null character at the end, so leave a space for
|
||||
+ * us to add it.
|
||||
+ */
|
||||
+ unsigned int nr_chars = cr->size - 1;
|
||||
GC_INIT(ctx);
|
||||
|
||||
memset(cr->buffer, 0, cr->size);
|
||||
- ret = xc_readconsolering(ctx->xch, cr->buffer, &cr->count,
|
||||
+ ret = xc_readconsolering(ctx->xch, cr->buffer, &nr_chars,
|
||||
cr->clear, cr->incremental, &cr->index);
|
||||
if (ret < 0) {
|
||||
LOGE(ERROR, "reading console ring buffer");
|
||||
@@ -811,7 +822,7 @@ int libxl_xen_console_read_line(libxl_ct
|
||||
return ERROR_FAIL;
|
||||
}
|
||||
if (!ret) {
|
||||
- if (cr->count) {
|
||||
+ if (nr_chars) {
|
||||
*line_r = cr->buffer;
|
||||
ret = 1;
|
||||
} else {
|
||||
--- a/tools/libs/light/libxl_internal.h
|
||||
+++ b/tools/libs/light/libxl_internal.h
|
||||
@@ -2077,7 +2077,6 @@ _hidden char *libxl__uuid2string(libxl__
|
||||
struct libxl__xen_console_reader {
|
||||
char *buffer;
|
||||
unsigned int size;
|
||||
- unsigned int count;
|
||||
unsigned int clear;
|
||||
unsigned int incremental;
|
||||
unsigned int index;
|
@ -1,54 +0,0 @@
|
||||
# Commit d7c18b8720824d7efc39ffa7296751e1812865a9
|
||||
# Date 2024-09-04 16:05:03 +0200
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
SUPPORT.md: split XSM from Flask
|
||||
|
||||
XSM is a generic framework, which in particular is also used by SILO.
|
||||
With this it can't really be experimental: Arm mandates SILO for having
|
||||
a security supported configuration.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
|
||||
Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
|
||||
|
||||
--- a/SUPPORT.md
|
||||
+++ b/SUPPORT.md
|
||||
@@ -768,13 +768,21 @@ Compile time disabled for ARM by default
|
||||
|
||||
Status, x86: Supported, not security supported
|
||||
|
||||
-### XSM & FLASK
|
||||
+### XSM (Xen Security Module) Framework
|
||||
+
|
||||
+XSM is a security policy framework. The dummy implementation is covered by this
|
||||
+statement, and implements a policy whereby dom0 is all powerful. See below for
|
||||
+alternative modules (FLASK, SILO).
|
||||
+
|
||||
+ Status: Supported
|
||||
+
|
||||
+### FLASK XSM Module
|
||||
|
||||
Status: Experimental
|
||||
|
||||
Compile time disabled by default.
|
||||
|
||||
-Also note that using XSM
|
||||
+Also note that using FLASK
|
||||
to delegate various domain control hypercalls
|
||||
to particular other domains, rather than only permitting use by dom0,
|
||||
is also specifically excluded from security support for many hypercalls.
|
||||
@@ -787,6 +795,13 @@ Please see XSA-77 for more details.
|
||||
The default policy includes FLASK labels and roles for a "typical" Xen-based system
|
||||
with dom0, driver domains, stub domains, domUs, and so on.
|
||||
|
||||
+### SILO XSM Module
|
||||
+
|
||||
+SILO extends the dummy policy by enforcing that DomU-s can only communicate
|
||||
+with Dom0, yet not with each other.
|
||||
+
|
||||
+ Status: Supported
|
||||
+
|
||||
## Virtual Hardware, Hypervisor
|
||||
|
||||
### x86/Nested PV
|
@ -1,36 +0,0 @@
|
||||
# Commit eb7cd0593d88c4b967a24bca8bd30591966676cd
|
||||
# Date 2024-09-12 09:13:04 +0200
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86/HVM: properly reject "indirect" VRAM writes
|
||||
|
||||
While ->count will only be different from 1 for "indirect" (data in
|
||||
guest memory) accesses, it being 1 does not exclude the request being an
|
||||
"indirect" one. Check both to be on the safe side, and bring the ->count
|
||||
part also in line with what ioreq_send_buffered() actually refuses to
|
||||
handle.
|
||||
|
||||
Fixes: 3bbaaec09b1b ("x86/hvm: unify stdvga mmio intercept with standard mmio intercept")
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/hvm/stdvga.c
|
||||
+++ b/xen/arch/x86/hvm/stdvga.c
|
||||
@@ -530,14 +530,14 @@ static bool cf_check stdvga_mem_accept(
|
||||
|
||||
spin_lock(&s->lock);
|
||||
|
||||
- if ( p->dir == IOREQ_WRITE && p->count > 1 )
|
||||
+ if ( p->dir == IOREQ_WRITE && (p->data_is_ptr || p->count != 1) )
|
||||
{
|
||||
/*
|
||||
* We cannot return X86EMUL_UNHANDLEABLE on anything other then the
|
||||
* first cycle of an I/O. So, since we cannot guarantee to always be
|
||||
* able to send buffered writes, we have to reject any multi-cycle
|
||||
- * I/O and, since we are rejecting an I/O, we must invalidate the
|
||||
- * cache.
|
||||
+ * or "indirect" I/O and, since we are rejecting an I/O, we must
|
||||
+ * invalidate the cache.
|
||||
* Single-cycle write transactions are accepted even if the cache is
|
||||
* not active since we can assert, when in stdvga mode, that writes
|
||||
* to VRAM have no side effect and thus we can try to buffer them.
|
@ -1,52 +0,0 @@
|
||||
# Commit a8bf14f6f331d4f428010b4277b67c33f561ed19
|
||||
# Date 2024-09-13 15:23:30 +0100
|
||||
# Author Demi Marie Obenour <demi@invisiblethingslab.com>
|
||||
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
xen/ucode: Fix buffer under-run when parsing AMD containers
|
||||
|
||||
The AMD container format has no formal spec. It is, at best, precision
|
||||
guesswork based on AMD's prior contributions to open source projects. The
|
||||
Equivalence Table has both an explicit length, and an expectation of having a
|
||||
NULL entry at the end.
|
||||
|
||||
Xen was sanity checking the NULL entry, but without confirming that an entry
|
||||
was present, resulting in a read off the front of the buffer. With some
|
||||
manual debugging/annotations this manifests as:
|
||||
|
||||
(XEN) *** Buf ffff83204c00b19c, eq ffff83204c00b194
|
||||
(XEN) *** eq: 0c 00 00 00 44 4d 41 00 00 00 00 00 00 00 00 00 aa aa aa aa
|
||||
^-Actual buffer-------------------^
|
||||
(XEN) *** installed_cpu: 000c
|
||||
(XEN) microcode: Bad equivalent cpu table
|
||||
(XEN) Parsing microcode blob error -22
|
||||
|
||||
When loaded by hypercall, the 4 bytes interpreted as installed_cpu happen to
|
||||
be the containing struct ucode_buf's len field, and luckily will be nonzero.
|
||||
|
||||
When loaded at boot, it's possible for the access to #PF if the module happens
|
||||
to have been placed on a 2M boundary by the bootloader. Under Linux, it will
|
||||
commonly be the end of the CPIO header.
|
||||
|
||||
Drop the probe of the NULL entry; Nothing else cares. A container without one
|
||||
is well formed, insofar that we can still parse it correctly. With this
|
||||
dropped, the same container results in:
|
||||
|
||||
(XEN) microcode: couldn't find any matching ucode in the provided blob!
|
||||
|
||||
Fixes: 4de936a38aa9 ("x86/ucode/amd: Rework parsing logic in cpu_request_microcode()")
|
||||
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
|
||||
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
||||
|
||||
--- a/xen/arch/x86/cpu/microcode/amd.c
|
||||
+++ b/xen/arch/x86/cpu/microcode/amd.c
|
||||
@@ -336,8 +336,7 @@ static struct microcode_patch *cf_check
|
||||
if ( size < sizeof(*et) ||
|
||||
(et = buf)->type != UCODE_EQUIV_CPU_TABLE_TYPE ||
|
||||
size - sizeof(*et) < et->len ||
|
||||
- et->len % sizeof(et->eq[0]) ||
|
||||
- et->eq[(et->len / sizeof(et->eq[0])) - 1].installed_cpu )
|
||||
+ et->len % sizeof(et->eq[0]) )
|
||||
{
|
||||
printk(XENLOG_ERR "microcode: Bad equivalent cpu table\n");
|
||||
error = -EINVAL;
|
@ -1,48 +0,0 @@
|
||||
# Commit c42d9ec61f6d11e25fa77bd44dd11dad1edda268
|
||||
# Date 2024-09-24 14:23:29 +0200
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86/vLAPIC: prevent undue recursion of vlapic_error()
|
||||
|
||||
With the error vector set to an illegal value, the function invoking
|
||||
vlapic_set_irq() would bring execution back here, with the non-recursive
|
||||
lock already held. Avoid the call in this case, merely further updating
|
||||
ESR (if necessary).
|
||||
|
||||
This is XSA-462 / CVE-2024-45817.
|
||||
|
||||
Fixes: 5f32d186a8b1 ("x86/vlapic: don't silently accept bad vectors")
|
||||
Reported-by: Federico Serafini <federico.serafini@bugseng.com>
|
||||
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/hvm/vlapic.c
|
||||
+++ b/xen/arch/x86/hvm/vlapic.c
|
||||
@@ -112,9 +112,24 @@ static void vlapic_error(struct vlapic *
|
||||
if ( (esr & errmask) != errmask )
|
||||
{
|
||||
uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR);
|
||||
+ bool inj = false;
|
||||
|
||||
- vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
|
||||
if ( !(lvterr & APIC_LVT_MASKED) )
|
||||
+ {
|
||||
+ /*
|
||||
+ * If LVTERR is unmasked and has an illegal vector, vlapic_set_irq()
|
||||
+ * will end up back here. Break the cycle by only injecting LVTERR
|
||||
+ * if it will succeed, and folding in RECVILL otherwise.
|
||||
+ */
|
||||
+ if ( (lvterr & APIC_VECTOR_MASK) >= 16 )
|
||||
+ inj = true;
|
||||
+ else
|
||||
+ errmask |= APIC_ESR_RECVILL;
|
||||
+ }
|
||||
+
|
||||
+ vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
|
||||
+
|
||||
+ if ( inj )
|
||||
vlapic_set_irq(vlapic, lvterr & APIC_VECTOR_MASK, 0);
|
||||
}
|
||||
spin_unlock_irqrestore(&vlapic->esr_lock, flags);
|
@ -1,33 +0,0 @@
|
||||
# Commit 8752ad83e79754f8109457cff796e5f86f644348
|
||||
# Date 2024-09-24 18:57:38 +0100
|
||||
# Author Demi Marie Obenour <demi@invisiblethingslab.com>
|
||||
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
xen/ucode: Make Intel's microcode_sanity_check() stricter
|
||||
|
||||
The SDM states that data size must be a multiple of 4, but Xen doesn't check
|
||||
this propery.
|
||||
|
||||
This is liable to cause a later failures, but should be checked explicitly.
|
||||
|
||||
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
|
||||
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
||||
|
||||
--- a/xen/arch/x86/cpu/microcode/intel.c
|
||||
+++ b/xen/arch/x86/cpu/microcode/intel.c
|
||||
@@ -155,10 +155,13 @@ static int microcode_sanity_check(const
|
||||
uint32_t sum;
|
||||
|
||||
/*
|
||||
- * Total size must be a multiple of 1024 bytes. Data size and the header
|
||||
- * must fit within it.
|
||||
+ * The SDM states:
|
||||
+ * - Data size must be a multiple of 4.
|
||||
+ * - Total size must be a multiple of 1024 bytes. Data size and the
|
||||
+ * header must fit within it.
|
||||
*/
|
||||
if ( (total_size & 1023) ||
|
||||
+ (data_size & 3) ||
|
||||
data_size > (total_size - MC_HEADER_SIZE) )
|
||||
{
|
||||
printk(XENLOG_WARNING "microcode: Bad size\n");
|
@ -1,69 +0,0 @@
|
||||
References: bsc#1225953
|
||||
|
||||
Compiling against gcc14.
|
||||
../../../../../newlib-1.16.0/newlib/libc/stdlib/wcstoull.c: In function ‘wcstoull’:
|
||||
../../../../../newlib-1.16.0/newlib/libc/stdlib/wcstoull.c:136:16: error: implicit declaration of function ‘_wcstoull_r’; did you mean ‘wcstoull’? [-Wimplicit-function-declaration]
|
||||
136 | return _wcstoull_r (_REENT, s, ptr, base);
|
||||
| ^~~~~~~~~~~
|
||||
| wcstoull
|
||||
|
||||
In file included from ../../../../../newlib-1.16.0/newlib/libc/reent/signalr.c:7:
|
||||
../../../../../newlib-1.16.0/newlib/libc/reent/signalr.c: In function ‘_kill_r’:
|
||||
../../../../../newlib-1.16.0/newlib/libc/reent/signalr.c:61:14: error: implicit declaration of function ‘kill’; did you mean ‘_kill’? [-Wimplicit-function-declaration]
|
||||
61 | if ((ret = _kill (pid, sig)) == -1 && errno != 0)
|
||||
| ^~~~~
|
||||
|
||||
|
||||
Index: xen-4.19.0-testing/stubdom/Makefile
|
||||
===================================================================
|
||||
--- xen-4.19.0-testing.orig/stubdom/Makefile
|
||||
+++ xen-4.19.0-testing/stubdom/Makefile
|
||||
@@ -97,6 +97,7 @@ newlib-$(NEWLIB_VERSION): newlib-$(NEWLI
|
||||
patch -d $@ -p1 < newlib-disable-texinfo.patch
|
||||
patch -d $@ -p1 < newlib-cygmon-gmon.patch
|
||||
patch -d $@ -p1 < newlib-makedoc.patch
|
||||
+ patch -d $@ -p1 < newlib-gcc14-pragmas.patch
|
||||
find $@ -type f | xargs perl -i.bak \
|
||||
-pe 's/\b_(tzname|daylight|timezone)\b/$$1/g'
|
||||
touch $@
|
||||
Index: xen-4.19.0-testing/stubdom/newlib-gcc14-pragmas.patch
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ xen-4.19.0-testing/stubdom/newlib-gcc14-pragmas.patch
|
||||
@@ -0,0 +1,36 @@
|
||||
+--- newlib-1.16.0/newlib/libc/stdlib/wcstoull.c.orig 2024-06-04 15:32:01.495146632 -0600
|
||||
++++ newlib-1.16.0/newlib/libc/stdlib/wcstoull.c 2024-06-04 15:38:56.627156524 -0600
|
||||
+@@ -127,6 +127,10 @@ PORTABILITY
|
||||
+
|
||||
+ #ifndef _REENT_ONLY
|
||||
+
|
||||
++#if __GNUC__ >= 14
|
||||
++#pragma GCC diagnostic ignored "-Wimplicit-function-declaration"
|
||||
++#endif
|
||||
++
|
||||
+ unsigned long long
|
||||
+ _DEFUN (wcstoull, (s, ptr, base),
|
||||
+ _CONST wchar_t *s _AND
|
||||
+--- newlib-1.16.0/newlib/libc/reent/signalr.c.orig 2024-06-04 15:39:15.139156966 -0600
|
||||
++++ newlib-1.16.0/newlib/libc/reent/signalr.c 2024-06-04 15:40:24.899158628 -0600
|
||||
+@@ -49,6 +49,10 @@ DESCRIPTION
|
||||
+ <<errno>>.
|
||||
+ */
|
||||
+
|
||||
++#if __GNUC__ >= 14
|
||||
++#pragma GCC diagnostic ignored "-Wimplicit-function-declaration"
|
||||
++#endif
|
||||
++
|
||||
+ int
|
||||
+ _DEFUN (_kill_r, (ptr, pid, sig),
|
||||
+ struct _reent *ptr _AND
|
||||
+--- newlib-1.16.0/newlib/doc/makedoc.c.orig 2024-06-04 16:07:54.423197934 -0600
|
||||
++++ newlib-1.16.0/newlib/doc/makedoc.c 2024-06-04 16:15:15.395208441 -0600
|
||||
+@@ -798,6 +798,7 @@ DEFUN( iscommand,(ptr, idx),
|
||||
+ }
|
||||
+
|
||||
+
|
||||
++static unsigned int
|
||||
+ DEFUN(copy_past_newline,(ptr, idx, dst),
|
||||
+ string_type *ptr AND
|
||||
+ unsigned int idx AND
|
@ -93,7 +93,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
||||
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
||||
--- a/tools/libs/light/libxl_internal.h
|
||||
+++ b/tools/libs/light/libxl_internal.h
|
||||
@@ -3652,9 +3652,11 @@ struct libxl__domain_save_state {
|
||||
@@ -3651,9 +3651,11 @@ struct libxl__domain_save_state {
|
||||
libxl_domain_type type;
|
||||
int live;
|
||||
int debug;
|
||||
|
@ -77,7 +77,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
||||
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
||||
--- a/tools/libs/light/libxl_internal.h
|
||||
+++ b/tools/libs/light/libxl_internal.h
|
||||
@@ -3653,6 +3653,7 @@ struct libxl__domain_save_state {
|
||||
@@ -3652,6 +3652,7 @@ struct libxl__domain_save_state {
|
||||
int live;
|
||||
int debug;
|
||||
int checkpointed_stream;
|
||||
|
@ -82,7 +82,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
||||
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
||||
--- a/tools/libs/light/libxl_internal.h
|
||||
+++ b/tools/libs/light/libxl_internal.h
|
||||
@@ -3654,6 +3654,7 @@ struct libxl__domain_save_state {
|
||||
@@ -3653,6 +3653,7 @@ struct libxl__domain_save_state {
|
||||
int debug;
|
||||
int checkpointed_stream;
|
||||
uint32_t max_iters;
|
||||
|
@ -286,7 +286,7 @@ the execution time of each script.
|
||||
libxl__xswait_callback *callback;
|
||||
/* remaining fields are private to xswait */
|
||||
libxl__ev_time time_ev;
|
||||
@@ -2704,6 +2706,7 @@ struct libxl__async_exec_state {
|
||||
@@ -2703,6 +2705,7 @@ struct libxl__async_exec_state {
|
||||
char **args; /* execution arguments */
|
||||
char **env; /* execution environment */
|
||||
|
||||
@ -294,7 +294,7 @@ the execution time of each script.
|
||||
/* private */
|
||||
libxl__ev_time time;
|
||||
libxl__ev_child child;
|
||||
@@ -4893,6 +4896,9 @@ _hidden int userlookup_helper_getpwuid(l
|
||||
@@ -4892,6 +4895,9 @@ _hidden int userlookup_helper_getpwuid(l
|
||||
|
||||
#endif
|
||||
|
||||
|
BIN
mini-os.tar.bz2
(Stored with Git LFS)
BIN
mini-os.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
||||
Index: xen-4.18.0-testing/xen/arch/x86/hvm/stdvga.c
|
||||
===================================================================
|
||||
--- xen-4.18.0-testing.orig/xen/arch/x86/hvm/stdvga.c
|
||||
+++ xen-4.18.0-testing/xen/arch/x86/hvm/stdvga.c
|
||||
@@ -165,7 +165,10 @@ static int stdvga_outb(uint64_t addr, ui
|
||||
|
||||
/* When in standard vga mode, emulate here all writes to the vram buffer
|
||||
* so we can immediately satisfy reads without waiting for qemu. */
|
||||
- s->stdvga = (s->sr[7] == 0x00);
|
||||
+ s->stdvga =
|
||||
+ (s->sr[7] == 0x00) && /* standard vga mode */
|
||||
+ (s->gr[6] == 0x05); /* misc graphics register w/ MemoryMapSelect=1
|
||||
+ * 0xa0000-0xaffff (64k region), AlphaDis=1 */
|
||||
|
||||
if ( !prev_stdvga && s->stdvga )
|
||||
{
|
BIN
stubdom.tar.bz2
(Stored with Git LFS)
BIN
stubdom.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@ -2,7 +2,7 @@ Change default IO-APIC ack mode for single IO-APIC systems to old-style.
|
||||
|
||||
--- a/xen/arch/x86/io_apic.c
|
||||
+++ b/xen/arch/x86/io_apic.c
|
||||
@@ -2071,7 +2071,10 @@ void __init setup_IO_APIC(void)
|
||||
@@ -2136,7 +2136,10 @@ void __init setup_IO_APIC(void)
|
||||
io_apic_irqs = ~PIC_IRQS;
|
||||
|
||||
printk("ENABLING IO-APIC IRQs\n");
|
||||
|
BIN
xen-4.19.0-testing-src.tar.bz2
(Stored with Git LFS)
BIN
xen-4.19.0-testing-src.tar.bz2
(Stored with Git LFS)
Binary file not shown.
BIN
xen-4.19.1-testing-src.tar.bz2
(Stored with Git LFS)
Normal file
BIN
xen-4.19.1-testing-src.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -60,11 +60,15 @@ conf_files $OF "$XEN_CONF_FILES"
|
||||
log_cmd $OF "xl list --long"
|
||||
log_cmd $OF "xl dmesg"
|
||||
# network-related info often useful for debugging
|
||||
if [ systemctl is-enabled NetworkManager.service 2>&1 > /dev/null ]; then
|
||||
if systemctl is-enabled NetworkManager.service &> /dev/null ; then
|
||||
log_write $OF "NOTE: NetworkManager should not be enabled on a Xen host"
|
||||
fi
|
||||
log_cmd $OF "route -n"
|
||||
log_cmd $OF "arp -v"
|
||||
for proto in '-4' '-6'
|
||||
do
|
||||
log_cmd $OF "ip $proto neighbor show"
|
||||
log_cmd $OF "ip $proto route show"
|
||||
log_cmd $OF "ip $proto address show"
|
||||
done
|
||||
log_cmd $OF "ip link show type bridge"
|
||||
log_cmd $OF "bridge link show"
|
||||
# list contents of common config and image directories
|
||||
|
54
xen.changes
54
xen.changes
@ -1,3 +1,57 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 4 09:16:24 MST 2024 - carnold@suse.com
|
||||
|
||||
- Update to Xen 4.19.1 bug fix release (jsc#PED-8907)
|
||||
xen-4.19.1-testing-src.tar.bz2
|
||||
* No upstream changelog found in sources or webpage
|
||||
- Dropped patches
|
||||
66a8b8ac-bunzip2-rare-failure.patch
|
||||
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
|
||||
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
|
||||
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
|
||||
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
|
||||
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
|
||||
66d8690f-SUPPORT-split-XSM-from-Flask.patch
|
||||
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
|
||||
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
|
||||
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
|
||||
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
|
||||
xsa463-01.patch
|
||||
xsa463-02.patch
|
||||
xsa463-03.patch
|
||||
xsa463-04.patch
|
||||
xsa463-05.patch
|
||||
xsa463-06.patch
|
||||
xsa463-07.patch
|
||||
xsa463-08.patch
|
||||
xsa463-09.patch
|
||||
xsa464.patch
|
||||
gcc14-fixes.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 30 09:34:38 MDT 2024 - carnold@suse.com
|
||||
|
||||
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
|
||||
standard VGA handling (XSA-463)
|
||||
xsa463-01.patch
|
||||
xsa463-02.patch
|
||||
xsa463-03.patch
|
||||
xsa463-04.patch
|
||||
xsa463-05.patch
|
||||
xsa463-06.patch
|
||||
xsa463-07.patch
|
||||
xsa463-08.patch
|
||||
xsa463-09.patch
|
||||
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
|
||||
guests via ACPI tables (XSA-464)
|
||||
xsa464.patch
|
||||
- Drop stdvga-cache.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 29 12:34:56 UTC 2024 - ohering@suse.de
|
||||
|
||||
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 26 11:30:00 CEST 2024 - jbeulich@suse.com
|
||||
|
||||
|
25
xen.spec
25
xen.spec
@ -30,7 +30,7 @@
|
||||
|
||||
Name: xen
|
||||
ExclusiveArch: %ix86 x86_64 aarch64
|
||||
%define xen_build_dir xen-4.19.0-testing
|
||||
%define xen_build_dir xen-4.19.1-testing
|
||||
#
|
||||
%define with_gdbsx 0
|
||||
%define with_dom0_support 0
|
||||
@ -124,12 +124,12 @@ BuildRequires: pesign-obs-integration
|
||||
BuildRequires: python-rpm-macros
|
||||
Provides: installhint(reboot-needed)
|
||||
|
||||
Version: 4.19.0_04
|
||||
Version: 4.19.1_02
|
||||
Release: 0
|
||||
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
|
||||
License: GPL-2.0-only
|
||||
Group: System/Kernel
|
||||
Source0: xen-4.19.0-testing-src.tar.bz2
|
||||
Source0: xen-4.19.1-testing-src.tar.bz2
|
||||
Source1: stubdom.tar.bz2
|
||||
Source2: mini-os.tar.bz2
|
||||
Source9: xen.changes
|
||||
@ -159,17 +159,6 @@ Source10183: xen_maskcalc.py
|
||||
# For xen-libs
|
||||
Source99: baselibs.conf
|
||||
# Upstream patches
|
||||
Patch1: 66a8b8ac-bunzip2-rare-failure.patch
|
||||
Patch2: 66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
|
||||
Patch3: 66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
|
||||
Patch4: 66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
|
||||
Patch5: 66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
|
||||
Patch6: 66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
|
||||
Patch7: 66d8690f-SUPPORT-split-XSM-from-Flask.patch
|
||||
Patch8: 66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
|
||||
Patch9: 66e44ae2-x86-ucode-AMD-buffer-underrun.patch
|
||||
Patch10: 66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
|
||||
Patch11: 66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
|
||||
# EMBARGOED security fixes
|
||||
# libxc
|
||||
Patch301: libxc-bitmap-long.patch
|
||||
@ -215,15 +204,13 @@ Patch408: ignore-ip-command-script-errors.patch
|
||||
# Needs to go upstream
|
||||
Patch420: suspend_evtchn_lock.patch
|
||||
Patch421: vif-route.patch
|
||||
Patch422: gcc14-fixes.patch
|
||||
# Other bug fixes or features
|
||||
Patch450: xen.sysconfig-fillup.patch
|
||||
Patch451: xenconsole-no-multiple-connections.patch
|
||||
Patch452: hibernate.patch
|
||||
Patch453: stdvga-cache.patch
|
||||
Patch454: xl-save-pc.patch
|
||||
Patch455: pygrub-boot-legacy-sles.patch
|
||||
Patch456: pygrub-handle-one-line-menu-entries.patch
|
||||
Patch453: xl-save-pc.patch
|
||||
Patch454: pygrub-boot-legacy-sles.patch
|
||||
Patch455: pygrub-handle-one-line-menu-entries.patch
|
||||
Patch461: libxl.max_event_channels.patch
|
||||
Patch463: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch
|
||||
Patch464: xen.libxl.dmmd.patch
|
||||
|
Loading…
Reference in New Issue
Block a user