forked from SLFO-pool/xen
Sync from SUSE:SLFO:Main xen revision 8d29a7d10d60058ce13aa728041a2bc4
This commit is contained in:
parent
245e26a41b
commit
4ce9e75764
@ -1,30 +0,0 @@
|
|||||||
# Commit 303d3ff85c90ee4af4bad4e3b1d4932fa2634d64
|
|
||||||
# Date 2024-07-30 11:55:56 +0200
|
|
||||||
# Author Ross Lagerwall <ross.lagerwall@citrix.com>
|
|
||||||
# Committer Jan Beulich <jbeulich@suse.com>
|
|
||||||
bunzip2: fix rare decompression failure
|
|
||||||
|
|
||||||
The decompression code parses a huffman tree and counts the number of
|
|
||||||
symbols for a given bit length. In rare cases, there may be >= 256
|
|
||||||
symbols with a given bit length, causing the unsigned char to overflow.
|
|
||||||
This causes a decompression failure later when the code tries and fails to
|
|
||||||
find the bit length for a given symbol.
|
|
||||||
|
|
||||||
Since the maximum number of symbols is 258, use unsigned short instead.
|
|
||||||
|
|
||||||
Fixes: ab77e81f6521 ("x86/dom0: support bzip2 and lzma compressed bzImage payloads")
|
|
||||||
Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
|
|
||||||
Acked-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
|
|
||||||
--- a/xen/common/bunzip2.c
|
|
||||||
+++ b/xen/common/bunzip2.c
|
|
||||||
@@ -221,7 +221,8 @@ static int __init get_next_block(struct
|
|
||||||
RUNB) */
|
|
||||||
symCount = symTotal+2;
|
|
||||||
for (j = 0; j < groupCount; j++) {
|
|
||||||
- unsigned char length[MAX_SYMBOLS], temp[MAX_HUFCODE_BITS+1];
|
|
||||||
+ unsigned char length[MAX_SYMBOLS];
|
|
||||||
+ unsigned short temp[MAX_HUFCODE_BITS+1];
|
|
||||||
int minLen, maxLen, pp;
|
|
||||||
/* Read Huffman code lengths for each symbol. They're
|
|
||||||
stored in a way similar to mtf; record a starting
|
|
@ -1,99 +0,0 @@
|
|||||||
Subject: x86/IOMMU: move tracking in iommu_identity_mapping()
|
|
||||||
From: Teddy Astie teddy.astie@vates.tech Tue Aug 13 16:36:40 2024 +0200
|
|
||||||
Date: Tue Aug 13 16:36:40 2024 +0200:
|
|
||||||
Git: beadd68b5490ada053d72f8a9ce6fd696d626596
|
|
||||||
|
|
||||||
If for some reason xmalloc() fails after having mapped the reserved
|
|
||||||
regions, an error is reported, but the regions remain mapped in the P2M.
|
|
||||||
|
|
||||||
Similarly if an error occurs during set_identity_p2m_entry() (except on
|
|
||||||
the first call), the partial mappings of the region would be retained
|
|
||||||
without being tracked anywhere, and hence without there being a way to
|
|
||||||
remove them again from the domain's P2M.
|
|
||||||
|
|
||||||
Move the setting up of the list entry ahead of trying to map the region.
|
|
||||||
In cases other than the first mapping failing, keep record of the full
|
|
||||||
region, such that a subsequent unmapping request can be properly torn
|
|
||||||
down.
|
|
||||||
|
|
||||||
To compensate for the potentially excess unmapping requests, don't log a
|
|
||||||
warning from p2m_remove_identity_entry() when there really was nothing
|
|
||||||
mapped at a given GFN.
|
|
||||||
|
|
||||||
This is XSA-460 / CVE-2024-31145.
|
|
||||||
|
|
||||||
Fixes: 2201b67b9128 ("VT-d: improve RMRR region handling")
|
|
||||||
Fixes: c0e19d7c6c42 ("IOMMU: generalize VT-d's tracking of mapped RMRR regions")
|
|
||||||
Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
|
|
||||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
|
|
||||||
|
|
||||||
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
|
|
||||||
index e7e327d6a6..1739133fc2 100644
|
|
||||||
--- a/xen/arch/x86/mm/p2m.c
|
|
||||||
+++ b/xen/arch/x86/mm/p2m.c
|
|
||||||
@@ -1267,9 +1267,11 @@ int p2m_remove_identity_entry(struct domain *d, unsigned long gfn_l)
|
|
||||||
else
|
|
||||||
{
|
|
||||||
gfn_unlock(p2m, gfn, 0);
|
|
||||||
- printk(XENLOG_G_WARNING
|
|
||||||
- "non-identity map d%d:%lx not cleared (mapped to %lx)\n",
|
|
||||||
- d->domain_id, gfn_l, mfn_x(mfn));
|
|
||||||
+ if ( (p2mt != p2m_invalid && p2mt != p2m_mmio_dm) ||
|
|
||||||
+ a != p2m_access_n || !mfn_eq(mfn, INVALID_MFN) )
|
|
||||||
+ printk(XENLOG_G_WARNING
|
|
||||||
+ "non-identity map %pd:%lx not cleared (mapped to %lx)\n",
|
|
||||||
+ d, gfn_l, mfn_x(mfn));
|
|
||||||
ret = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c
|
|
||||||
index cc0062b027..8b1e0596b8 100644
|
|
||||||
--- a/xen/drivers/passthrough/x86/iommu.c
|
|
||||||
+++ b/xen/drivers/passthrough/x86/iommu.c
|
|
||||||
@@ -267,24 +267,36 @@ int iommu_identity_mapping(struct domain *d, p2m_access_t p2ma,
|
|
||||||
if ( p2ma == p2m_access_x )
|
|
||||||
return -ENOENT;
|
|
||||||
|
|
||||||
- while ( base_pfn < end_pfn )
|
|
||||||
- {
|
|
||||||
- int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag);
|
|
||||||
-
|
|
||||||
- if ( err )
|
|
||||||
- return err;
|
|
||||||
- base_pfn++;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
map = xmalloc(struct identity_map);
|
|
||||||
if ( !map )
|
|
||||||
return -ENOMEM;
|
|
||||||
+
|
|
||||||
map->base = base;
|
|
||||||
map->end = end;
|
|
||||||
map->access = p2ma;
|
|
||||||
map->count = 1;
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Insert into list ahead of mapping, so the range can be found when
|
|
||||||
+ * trying to clean up.
|
|
||||||
+ */
|
|
||||||
list_add_tail(&map->list, &hd->arch.identity_maps);
|
|
||||||
|
|
||||||
+ for ( ; base_pfn < end_pfn; ++base_pfn )
|
|
||||||
+ {
|
|
||||||
+ int err = set_identity_p2m_entry(d, base_pfn, p2ma, flag);
|
|
||||||
+
|
|
||||||
+ if ( !err )
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ if ( (map->base >> PAGE_SHIFT_4K) == base_pfn )
|
|
||||||
+ {
|
|
||||||
+ list_del(&map->list);
|
|
||||||
+ xfree(map);
|
|
||||||
+ }
|
|
||||||
+ return err;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
@ -1,31 +0,0 @@
|
|||||||
Subject: x86/pass-through: documents as security-unsupported when sharing resources
|
|
||||||
From: Jan Beulich jbeulich@suse.com Tue Aug 13 16:37:25 2024 +0200
|
|
||||||
Date: Tue Aug 13 16:37:25 2024 +0200:
|
|
||||||
Git: 9c94eda1e3790820699a6de3f6a7c959ecf30600
|
|
||||||
|
|
||||||
When multiple devices share resources and one of them is to be passed
|
|
||||||
through to a guest, security of the entire system and of respective
|
|
||||||
guests individually cannot really be guaranteed without knowing
|
|
||||||
internals of any of the involved guests. Therefore such a configuration
|
|
||||||
cannot really be security-supported, yet making that explicit was so far
|
|
||||||
missing.
|
|
||||||
|
|
||||||
This is XSA-461 / CVE-2024-31146.
|
|
||||||
|
|
||||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Reviewed-by: Juergen Gross <jgross@suse.com>
|
|
||||||
|
|
||||||
--- a/SUPPORT.md
|
|
||||||
+++ b/SUPPORT.md
|
|
||||||
@@ -841,6 +841,11 @@ This feature is not security supported:
|
|
||||||
|
|
||||||
Only systems using IOMMUs are supported.
|
|
||||||
|
|
||||||
+Passing through of devices sharing resources with another device is not
|
|
||||||
+security supported. Such sharing could e.g. be the same line interrupt being
|
|
||||||
+used by multiple devices, one of which is to be passed through, or two such
|
|
||||||
+devices having memory BARs within the same 4k page.
|
|
||||||
+
|
|
||||||
Not compatible with migration, populate-on-demand, altp2m,
|
|
||||||
introspection, memory sharing, or memory paging.
|
|
||||||
|
|
@ -1,127 +0,0 @@
|
|||||||
# Commit fb1658221a31ec1db33253a80001191391e73b17
|
|
||||||
# Date 2024-08-28 19:59:07 +0100
|
|
||||||
# Author Roger Pau Monne <roger.pau@citrix.com>
|
|
||||||
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
x86/dom0: disable SMAP for PV domain building only
|
|
||||||
|
|
||||||
Move the logic that disables SMAP so it's only performed when building a PV
|
|
||||||
dom0, PVH dom0 builder doesn't require disabling SMAP.
|
|
||||||
|
|
||||||
The fixes tag is to account for the wrong usage of cpu_has_smap in
|
|
||||||
create_dom0(), it should instead have used
|
|
||||||
boot_cpu_has(X86_FEATURE_XEN_SMAP). Fix while moving the logic to apply to PV
|
|
||||||
only.
|
|
||||||
|
|
||||||
While there also make cr4_pv32_mask __ro_after_init.
|
|
||||||
|
|
||||||
Fixes: 493ab190e5b1 ('xen/sm{e, a}p: allow disabling sm{e, a}p for Xen itself')
|
|
||||||
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
|
|
||||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
|
|
||||||
--- a/xen/arch/x86/include/asm/setup.h
|
|
||||||
+++ b/xen/arch/x86/include/asm/setup.h
|
|
||||||
@@ -64,6 +64,8 @@ extern bool opt_dom0_verbose;
|
|
||||||
extern bool opt_dom0_cpuid_faulting;
|
|
||||||
extern bool opt_dom0_msr_relaxed;
|
|
||||||
|
|
||||||
+extern unsigned long cr4_pv32_mask;
|
|
||||||
+
|
|
||||||
#define max_init_domid (0)
|
|
||||||
|
|
||||||
#endif
|
|
||||||
--- a/xen/arch/x86/pv/dom0_build.c
|
|
||||||
+++ b/xen/arch/x86/pv/dom0_build.c
|
|
||||||
@@ -354,11 +354,11 @@ static struct page_info * __init alloc_c
|
|
||||||
return page;
|
|
||||||
}
|
|
||||||
|
|
||||||
-int __init dom0_construct_pv(struct domain *d,
|
|
||||||
- const module_t *image,
|
|
||||||
- unsigned long image_headroom,
|
|
||||||
- module_t *initrd,
|
|
||||||
- const char *cmdline)
|
|
||||||
+static int __init dom0_construct(struct domain *d,
|
|
||||||
+ const module_t *image,
|
|
||||||
+ unsigned long image_headroom,
|
|
||||||
+ module_t *initrd,
|
|
||||||
+ const char *cmdline)
|
|
||||||
{
|
|
||||||
int i, rc, order, machine;
|
|
||||||
bool compatible, compat;
|
|
||||||
@@ -1048,6 +1048,36 @@ out:
|
|
||||||
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+int __init dom0_construct_pv(struct domain *d,
|
|
||||||
+ const module_t *image,
|
|
||||||
+ unsigned long image_headroom,
|
|
||||||
+ module_t *initrd,
|
|
||||||
+ const char *cmdline)
|
|
||||||
+{
|
|
||||||
+ int rc;
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Clear SMAP in CR4 to allow user-accesses in construct_dom0(). This
|
|
||||||
+ * prevents us needing to rewrite construct_dom0() in terms of
|
|
||||||
+ * copy_{to,from}_user().
|
|
||||||
+ */
|
|
||||||
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
|
|
||||||
+ {
|
|
||||||
+ cr4_pv32_mask &= ~X86_CR4_SMAP;
|
|
||||||
+ write_cr4(read_cr4() & ~X86_CR4_SMAP);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rc = dom0_construct(d, image, image_headroom, initrd, cmdline);
|
|
||||||
+
|
|
||||||
+ if ( boot_cpu_has(X86_FEATURE_XEN_SMAP) )
|
|
||||||
+ {
|
|
||||||
+ write_cr4(read_cr4() | X86_CR4_SMAP);
|
|
||||||
+ cr4_pv32_mask |= X86_CR4_SMAP;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return rc;
|
|
||||||
+}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Local variables:
|
|
||||||
--- a/xen/arch/x86/setup.c
|
|
||||||
+++ b/xen/arch/x86/setup.c
|
|
||||||
@@ -79,8 +79,7 @@ bool __read_mostly use_invpcid;
|
|
||||||
int8_t __initdata opt_probe_port_aliases = -1;
|
|
||||||
boolean_param("probe-port-aliases", opt_probe_port_aliases);
|
|
||||||
|
|
||||||
-/* Only used in asm code and within this source file */
|
|
||||||
-unsigned long asmlinkage __read_mostly cr4_pv32_mask;
|
|
||||||
+unsigned long __ro_after_init cr4_pv32_mask;
|
|
||||||
|
|
||||||
/* **** Linux config option: propagated to domain0. */
|
|
||||||
/* "acpi=off": Sisables both ACPI table parsing and interpreter. */
|
|
||||||
@@ -955,26 +954,9 @@ static struct domain *__init create_dom0
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
- /*
|
|
||||||
- * Temporarily clear SMAP in CR4 to allow user-accesses in construct_dom0().
|
|
||||||
- * This saves a large number of corner cases interactions with
|
|
||||||
- * copy_from_user().
|
|
||||||
- */
|
|
||||||
- if ( cpu_has_smap )
|
|
||||||
- {
|
|
||||||
- cr4_pv32_mask &= ~X86_CR4_SMAP;
|
|
||||||
- write_cr4(read_cr4() & ~X86_CR4_SMAP);
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
if ( construct_dom0(d, image, headroom, initrd, cmdline) != 0 )
|
|
||||||
panic("Could not construct domain 0\n");
|
|
||||||
|
|
||||||
- if ( cpu_has_smap )
|
|
||||||
- {
|
|
||||||
- write_cr4(read_cr4() | X86_CR4_SMAP);
|
|
||||||
- cr4_pv32_mask |= X86_CR4_SMAP;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
return d;
|
|
||||||
}
|
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
Subject: Arm64: adjust __irq_to_desc() to fix build with gcc14
|
|
||||||
From: Jan Beulich jbeulich@suse.com Thu Aug 29 10:03:53 2024 +0200
|
|
||||||
Date: Thu Aug 29 10:03:53 2024 +0200:
|
|
||||||
Git: 99f942f3d410059dc223ee0a908827e928ef3592
|
|
||||||
|
|
||||||
With the original code I observe
|
|
||||||
|
|
||||||
In function ‘__irq_to_desc’,
|
|
||||||
inlined from ‘route_irq_to_guest’ at arch/arm/irq.c:465:12:
|
|
||||||
arch/arm/irq.c:54:16: error: array subscript -2 is below array bounds of ‘irq_desc_t[32]’ {aka ‘struct irq_desc[32]’} [-Werror=array-bounds=]
|
|
||||||
54 | return &this_cpu(local_irq_desc)[irq];
|
|
||||||
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
which looks pretty bogus: How in the world does the compiler arrive at
|
|
||||||
-2 when compiling route_irq_to_guest()? Yet independent of that the
|
|
||||||
function's parameter wants to be of unsigned type anyway, as shown by
|
|
||||||
a vast majority of callers (others use plain int when they really mean
|
|
||||||
non-negative quantities). With that adjustment the code compiles fine
|
|
||||||
again.
|
|
||||||
|
|
||||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Acked-by: Michal Orzel <michal.orzel@amd.com>
|
|
||||||
|
|
||||||
diff --git a/xen/arch/arm/include/asm/irq.h b/xen/arch/arm/include/asm/irq.h
|
|
||||||
index ec437add09..88e060bf29 100644
|
|
||||||
--- a/xen/arch/arm/include/asm/irq.h
|
|
||||||
+++ b/xen/arch/arm/include/asm/irq.h
|
|
||||||
@@ -56,7 +56,7 @@ extern const unsigned int nr_irqs;
|
|
||||||
struct irq_desc;
|
|
||||||
struct irqaction;
|
|
||||||
|
|
||||||
-struct irq_desc *__irq_to_desc(int irq);
|
|
||||||
+struct irq_desc *__irq_to_desc(unsigned int irq);
|
|
||||||
|
|
||||||
#define irq_to_desc(irq) __irq_to_desc(irq)
|
|
||||||
|
|
||||||
diff --git a/xen/arch/arm/irq.c b/xen/arch/arm/irq.c
|
|
||||||
index 6b89f64fd1..b9757d7ad3 100644
|
|
||||||
--- a/xen/arch/arm/irq.c
|
|
||||||
+++ b/xen/arch/arm/irq.c
|
|
||||||
@@ -48,7 +48,7 @@ void irq_end_none(struct irq_desc *irq)
|
|
||||||
static irq_desc_t irq_desc[NR_IRQS];
|
|
||||||
static DEFINE_PER_CPU(irq_desc_t[NR_LOCAL_IRQS], local_irq_desc);
|
|
||||||
|
|
||||||
-struct irq_desc *__irq_to_desc(int irq)
|
|
||||||
+struct irq_desc *__irq_to_desc(unsigned int irq)
|
|
||||||
{
|
|
||||||
if ( irq < NR_LOCAL_IRQS )
|
|
||||||
return &this_cpu(local_irq_desc)[irq];
|
|
@ -1,84 +0,0 @@
|
|||||||
# Commit bb03169bcb6ecccf372de1f6b9285cd519a26bb8
|
|
||||||
# Date 2024-09-03 10:53:44 +0100
|
|
||||||
# Author Javi Merino <javi.merino@cloud.com>
|
|
||||||
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
libxl: Fix nul-termination of the return value of libxl_xen_console_read_line()
|
|
||||||
|
|
||||||
When built with ASAN, "xl dmesg" crashes in the "printf("%s", line)"
|
|
||||||
call in main_dmesg(). ASAN reports a heap buffer overflow: an
|
|
||||||
off-by-one access to cr->buffer.
|
|
||||||
|
|
||||||
The readconsole sysctl copies up to count characters into the buffer,
|
|
||||||
but it does not add a null character at the end. Despite the
|
|
||||||
documentation of libxl_xen_console_read_line(), line_r is not
|
|
||||||
nul-terminated if 16384 characters were copied to the buffer.
|
|
||||||
|
|
||||||
Fix this by asking xc_readconsolering() to fill the buffer up to size
|
|
||||||
- 1. As the number of characters in the buffer is only needed in
|
|
||||||
libxl_xen_console_read_line(), make it a local variable there instead
|
|
||||||
of part of the libxl__xen_console_reader struct.
|
|
||||||
|
|
||||||
Fixes: 4024bae739cc ("xl: Add subcommand 'xl dmesg'")
|
|
||||||
Reported-by: Edwin Török <edwin.torok@cloud.com>
|
|
||||||
Signed-off-by: Javi Merino <javi.merino@cloud.com>
|
|
||||||
Reviewed-by: Anthony PERARD <anthony.perard@vates.tech>
|
|
||||||
|
|
||||||
--- a/tools/libs/light/libxl_console.c
|
|
||||||
+++ b/tools/libs/light/libxl_console.c
|
|
||||||
@@ -774,12 +774,17 @@ libxl_xen_console_reader *
|
|
||||||
{
|
|
||||||
GC_INIT(ctx);
|
|
||||||
libxl_xen_console_reader *cr;
|
|
||||||
- unsigned int size = 16384;
|
|
||||||
+ /*
|
|
||||||
+ * We want xen to fill the buffer in as few hypercalls as
|
|
||||||
+ * possible, but xen will not nul-terminate it. The default size
|
|
||||||
+ * of Xen's console buffer is 16384. Leave one byte at the end
|
|
||||||
+ * for the null character.
|
|
||||||
+ */
|
|
||||||
+ unsigned int size = 16384 + 1;
|
|
||||||
|
|
||||||
cr = libxl__zalloc(NOGC, sizeof(libxl_xen_console_reader));
|
|
||||||
cr->buffer = libxl__zalloc(NOGC, size);
|
|
||||||
cr->size = size;
|
|
||||||
- cr->count = size;
|
|
||||||
cr->clear = clear;
|
|
||||||
cr->incremental = 1;
|
|
||||||
|
|
||||||
@@ -800,10 +805,16 @@ int libxl_xen_console_read_line(libxl_ct
|
|
||||||
char **line_r)
|
|
||||||
{
|
|
||||||
int ret;
|
|
||||||
+ /*
|
|
||||||
+ * Number of chars to copy into the buffer. xc_readconsolering()
|
|
||||||
+ * does not add a null character at the end, so leave a space for
|
|
||||||
+ * us to add it.
|
|
||||||
+ */
|
|
||||||
+ unsigned int nr_chars = cr->size - 1;
|
|
||||||
GC_INIT(ctx);
|
|
||||||
|
|
||||||
memset(cr->buffer, 0, cr->size);
|
|
||||||
- ret = xc_readconsolering(ctx->xch, cr->buffer, &cr->count,
|
|
||||||
+ ret = xc_readconsolering(ctx->xch, cr->buffer, &nr_chars,
|
|
||||||
cr->clear, cr->incremental, &cr->index);
|
|
||||||
if (ret < 0) {
|
|
||||||
LOGE(ERROR, "reading console ring buffer");
|
|
||||||
@@ -811,7 +822,7 @@ int libxl_xen_console_read_line(libxl_ct
|
|
||||||
return ERROR_FAIL;
|
|
||||||
}
|
|
||||||
if (!ret) {
|
|
||||||
- if (cr->count) {
|
|
||||||
+ if (nr_chars) {
|
|
||||||
*line_r = cr->buffer;
|
|
||||||
ret = 1;
|
|
||||||
} else {
|
|
||||||
--- a/tools/libs/light/libxl_internal.h
|
|
||||||
+++ b/tools/libs/light/libxl_internal.h
|
|
||||||
@@ -2077,7 +2077,6 @@ _hidden char *libxl__uuid2string(libxl__
|
|
||||||
struct libxl__xen_console_reader {
|
|
||||||
char *buffer;
|
|
||||||
unsigned int size;
|
|
||||||
- unsigned int count;
|
|
||||||
unsigned int clear;
|
|
||||||
unsigned int incremental;
|
|
||||||
unsigned int index;
|
|
@ -1,54 +0,0 @@
|
|||||||
# Commit d7c18b8720824d7efc39ffa7296751e1812865a9
|
|
||||||
# Date 2024-09-04 16:05:03 +0200
|
|
||||||
# Author Jan Beulich <jbeulich@suse.com>
|
|
||||||
# Committer Jan Beulich <jbeulich@suse.com>
|
|
||||||
SUPPORT.md: split XSM from Flask
|
|
||||||
|
|
||||||
XSM is a generic framework, which in particular is also used by SILO.
|
|
||||||
With this it can't really be experimental: Arm mandates SILO for having
|
|
||||||
a security supported configuration.
|
|
||||||
|
|
||||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
|
|
||||||
Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
|
|
||||||
|
|
||||||
--- a/SUPPORT.md
|
|
||||||
+++ b/SUPPORT.md
|
|
||||||
@@ -768,13 +768,21 @@ Compile time disabled for ARM by default
|
|
||||||
|
|
||||||
Status, x86: Supported, not security supported
|
|
||||||
|
|
||||||
-### XSM & FLASK
|
|
||||||
+### XSM (Xen Security Module) Framework
|
|
||||||
+
|
|
||||||
+XSM is a security policy framework. The dummy implementation is covered by this
|
|
||||||
+statement, and implements a policy whereby dom0 is all powerful. See below for
|
|
||||||
+alternative modules (FLASK, SILO).
|
|
||||||
+
|
|
||||||
+ Status: Supported
|
|
||||||
+
|
|
||||||
+### FLASK XSM Module
|
|
||||||
|
|
||||||
Status: Experimental
|
|
||||||
|
|
||||||
Compile time disabled by default.
|
|
||||||
|
|
||||||
-Also note that using XSM
|
|
||||||
+Also note that using FLASK
|
|
||||||
to delegate various domain control hypercalls
|
|
||||||
to particular other domains, rather than only permitting use by dom0,
|
|
||||||
is also specifically excluded from security support for many hypercalls.
|
|
||||||
@@ -787,6 +795,13 @@ Please see XSA-77 for more details.
|
|
||||||
The default policy includes FLASK labels and roles for a "typical" Xen-based system
|
|
||||||
with dom0, driver domains, stub domains, domUs, and so on.
|
|
||||||
|
|
||||||
+### SILO XSM Module
|
|
||||||
+
|
|
||||||
+SILO extends the dummy policy by enforcing that DomU-s can only communicate
|
|
||||||
+with Dom0, yet not with each other.
|
|
||||||
+
|
|
||||||
+ Status: Supported
|
|
||||||
+
|
|
||||||
## Virtual Hardware, Hypervisor
|
|
||||||
|
|
||||||
### x86/Nested PV
|
|
@ -1,36 +0,0 @@
|
|||||||
# Commit eb7cd0593d88c4b967a24bca8bd30591966676cd
|
|
||||||
# Date 2024-09-12 09:13:04 +0200
|
|
||||||
# Author Jan Beulich <jbeulich@suse.com>
|
|
||||||
# Committer Jan Beulich <jbeulich@suse.com>
|
|
||||||
x86/HVM: properly reject "indirect" VRAM writes
|
|
||||||
|
|
||||||
While ->count will only be different from 1 for "indirect" (data in
|
|
||||||
guest memory) accesses, it being 1 does not exclude the request being an
|
|
||||||
"indirect" one. Check both to be on the safe side, and bring the ->count
|
|
||||||
part also in line with what ioreq_send_buffered() actually refuses to
|
|
||||||
handle.
|
|
||||||
|
|
||||||
Fixes: 3bbaaec09b1b ("x86/hvm: unify stdvga mmio intercept with standard mmio intercept")
|
|
||||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
|
|
||||||
--- a/xen/arch/x86/hvm/stdvga.c
|
|
||||||
+++ b/xen/arch/x86/hvm/stdvga.c
|
|
||||||
@@ -530,14 +530,14 @@ static bool cf_check stdvga_mem_accept(
|
|
||||||
|
|
||||||
spin_lock(&s->lock);
|
|
||||||
|
|
||||||
- if ( p->dir == IOREQ_WRITE && p->count > 1 )
|
|
||||||
+ if ( p->dir == IOREQ_WRITE && (p->data_is_ptr || p->count != 1) )
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* We cannot return X86EMUL_UNHANDLEABLE on anything other then the
|
|
||||||
* first cycle of an I/O. So, since we cannot guarantee to always be
|
|
||||||
* able to send buffered writes, we have to reject any multi-cycle
|
|
||||||
- * I/O and, since we are rejecting an I/O, we must invalidate the
|
|
||||||
- * cache.
|
|
||||||
+ * or "indirect" I/O and, since we are rejecting an I/O, we must
|
|
||||||
+ * invalidate the cache.
|
|
||||||
* Single-cycle write transactions are accepted even if the cache is
|
|
||||||
* not active since we can assert, when in stdvga mode, that writes
|
|
||||||
* to VRAM have no side effect and thus we can try to buffer them.
|
|
@ -1,52 +0,0 @@
|
|||||||
# Commit a8bf14f6f331d4f428010b4277b67c33f561ed19
|
|
||||||
# Date 2024-09-13 15:23:30 +0100
|
|
||||||
# Author Demi Marie Obenour <demi@invisiblethingslab.com>
|
|
||||||
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
xen/ucode: Fix buffer under-run when parsing AMD containers
|
|
||||||
|
|
||||||
The AMD container format has no formal spec. It is, at best, precision
|
|
||||||
guesswork based on AMD's prior contributions to open source projects. The
|
|
||||||
Equivalence Table has both an explicit length, and an expectation of having a
|
|
||||||
NULL entry at the end.
|
|
||||||
|
|
||||||
Xen was sanity checking the NULL entry, but without confirming that an entry
|
|
||||||
was present, resulting in a read off the front of the buffer. With some
|
|
||||||
manual debugging/annotations this manifests as:
|
|
||||||
|
|
||||||
(XEN) *** Buf ffff83204c00b19c, eq ffff83204c00b194
|
|
||||||
(XEN) *** eq: 0c 00 00 00 44 4d 41 00 00 00 00 00 00 00 00 00 aa aa aa aa
|
|
||||||
^-Actual buffer-------------------^
|
|
||||||
(XEN) *** installed_cpu: 000c
|
|
||||||
(XEN) microcode: Bad equivalent cpu table
|
|
||||||
(XEN) Parsing microcode blob error -22
|
|
||||||
|
|
||||||
When loaded by hypercall, the 4 bytes interpreted as installed_cpu happen to
|
|
||||||
be the containing struct ucode_buf's len field, and luckily will be nonzero.
|
|
||||||
|
|
||||||
When loaded at boot, it's possible for the access to #PF if the module happens
|
|
||||||
to have been placed on a 2M boundary by the bootloader. Under Linux, it will
|
|
||||||
commonly be the end of the CPIO header.
|
|
||||||
|
|
||||||
Drop the probe of the NULL entry; Nothing else cares. A container without one
|
|
||||||
is well formed, insofar that we can still parse it correctly. With this
|
|
||||||
dropped, the same container results in:
|
|
||||||
|
|
||||||
(XEN) microcode: couldn't find any matching ucode in the provided blob!
|
|
||||||
|
|
||||||
Fixes: 4de936a38aa9 ("x86/ucode/amd: Rework parsing logic in cpu_request_microcode()")
|
|
||||||
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
|
|
||||||
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
|
|
||||||
--- a/xen/arch/x86/cpu/microcode/amd.c
|
|
||||||
+++ b/xen/arch/x86/cpu/microcode/amd.c
|
|
||||||
@@ -336,8 +336,7 @@ static struct microcode_patch *cf_check
|
|
||||||
if ( size < sizeof(*et) ||
|
|
||||||
(et = buf)->type != UCODE_EQUIV_CPU_TABLE_TYPE ||
|
|
||||||
size - sizeof(*et) < et->len ||
|
|
||||||
- et->len % sizeof(et->eq[0]) ||
|
|
||||||
- et->eq[(et->len / sizeof(et->eq[0])) - 1].installed_cpu )
|
|
||||||
+ et->len % sizeof(et->eq[0]) )
|
|
||||||
{
|
|
||||||
printk(XENLOG_ERR "microcode: Bad equivalent cpu table\n");
|
|
||||||
error = -EINVAL;
|
|
@ -1,48 +0,0 @@
|
|||||||
# Commit c42d9ec61f6d11e25fa77bd44dd11dad1edda268
|
|
||||||
# Date 2024-09-24 14:23:29 +0200
|
|
||||||
# Author Jan Beulich <jbeulich@suse.com>
|
|
||||||
# Committer Jan Beulich <jbeulich@suse.com>
|
|
||||||
x86/vLAPIC: prevent undue recursion of vlapic_error()
|
|
||||||
|
|
||||||
With the error vector set to an illegal value, the function invoking
|
|
||||||
vlapic_set_irq() would bring execution back here, with the non-recursive
|
|
||||||
lock already held. Avoid the call in this case, merely further updating
|
|
||||||
ESR (if necessary).
|
|
||||||
|
|
||||||
This is XSA-462 / CVE-2024-45817.
|
|
||||||
|
|
||||||
Fixes: 5f32d186a8b1 ("x86/vlapic: don't silently accept bad vectors")
|
|
||||||
Reported-by: Federico Serafini <federico.serafini@bugseng.com>
|
|
||||||
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
|
|
||||||
--- a/xen/arch/x86/hvm/vlapic.c
|
|
||||||
+++ b/xen/arch/x86/hvm/vlapic.c
|
|
||||||
@@ -112,9 +112,24 @@ static void vlapic_error(struct vlapic *
|
|
||||||
if ( (esr & errmask) != errmask )
|
|
||||||
{
|
|
||||||
uint32_t lvterr = vlapic_get_reg(vlapic, APIC_LVTERR);
|
|
||||||
+ bool inj = false;
|
|
||||||
|
|
||||||
- vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
|
|
||||||
if ( !(lvterr & APIC_LVT_MASKED) )
|
|
||||||
+ {
|
|
||||||
+ /*
|
|
||||||
+ * If LVTERR is unmasked and has an illegal vector, vlapic_set_irq()
|
|
||||||
+ * will end up back here. Break the cycle by only injecting LVTERR
|
|
||||||
+ * if it will succeed, and folding in RECVILL otherwise.
|
|
||||||
+ */
|
|
||||||
+ if ( (lvterr & APIC_VECTOR_MASK) >= 16 )
|
|
||||||
+ inj = true;
|
|
||||||
+ else
|
|
||||||
+ errmask |= APIC_ESR_RECVILL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ vlapic_set_reg(vlapic, APIC_ESR, esr | errmask);
|
|
||||||
+
|
|
||||||
+ if ( inj )
|
|
||||||
vlapic_set_irq(vlapic, lvterr & APIC_VECTOR_MASK, 0);
|
|
||||||
}
|
|
||||||
spin_unlock_irqrestore(&vlapic->esr_lock, flags);
|
|
@ -1,33 +0,0 @@
|
|||||||
# Commit 8752ad83e79754f8109457cff796e5f86f644348
|
|
||||||
# Date 2024-09-24 18:57:38 +0100
|
|
||||||
# Author Demi Marie Obenour <demi@invisiblethingslab.com>
|
|
||||||
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
xen/ucode: Make Intel's microcode_sanity_check() stricter
|
|
||||||
|
|
||||||
The SDM states that data size must be a multiple of 4, but Xen doesn't check
|
|
||||||
this propery.
|
|
||||||
|
|
||||||
This is liable to cause a later failures, but should be checked explicitly.
|
|
||||||
|
|
||||||
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
|
|
||||||
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
||||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
|
||||||
|
|
||||||
--- a/xen/arch/x86/cpu/microcode/intel.c
|
|
||||||
+++ b/xen/arch/x86/cpu/microcode/intel.c
|
|
||||||
@@ -155,10 +155,13 @@ static int microcode_sanity_check(const
|
|
||||||
uint32_t sum;
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * Total size must be a multiple of 1024 bytes. Data size and the header
|
|
||||||
- * must fit within it.
|
|
||||||
+ * The SDM states:
|
|
||||||
+ * - Data size must be a multiple of 4.
|
|
||||||
+ * - Total size must be a multiple of 1024 bytes. Data size and the
|
|
||||||
+ * header must fit within it.
|
|
||||||
*/
|
|
||||||
if ( (total_size & 1023) ||
|
|
||||||
+ (data_size & 3) ||
|
|
||||||
data_size > (total_size - MC_HEADER_SIZE) )
|
|
||||||
{
|
|
||||||
printk(XENLOG_WARNING "microcode: Bad size\n");
|
|
@ -1,69 +0,0 @@
|
|||||||
References: bsc#1225953
|
|
||||||
|
|
||||||
Compiling against gcc14.
|
|
||||||
../../../../../newlib-1.16.0/newlib/libc/stdlib/wcstoull.c: In function ‘wcstoull’:
|
|
||||||
../../../../../newlib-1.16.0/newlib/libc/stdlib/wcstoull.c:136:16: error: implicit declaration of function ‘_wcstoull_r’; did you mean ‘wcstoull’? [-Wimplicit-function-declaration]
|
|
||||||
136 | return _wcstoull_r (_REENT, s, ptr, base);
|
|
||||||
| ^~~~~~~~~~~
|
|
||||||
| wcstoull
|
|
||||||
|
|
||||||
In file included from ../../../../../newlib-1.16.0/newlib/libc/reent/signalr.c:7:
|
|
||||||
../../../../../newlib-1.16.0/newlib/libc/reent/signalr.c: In function ‘_kill_r’:
|
|
||||||
../../../../../newlib-1.16.0/newlib/libc/reent/signalr.c:61:14: error: implicit declaration of function ‘kill’; did you mean ‘_kill’? [-Wimplicit-function-declaration]
|
|
||||||
61 | if ((ret = _kill (pid, sig)) == -1 && errno != 0)
|
|
||||||
| ^~~~~
|
|
||||||
|
|
||||||
|
|
||||||
Index: xen-4.19.0-testing/stubdom/Makefile
|
|
||||||
===================================================================
|
|
||||||
--- xen-4.19.0-testing.orig/stubdom/Makefile
|
|
||||||
+++ xen-4.19.0-testing/stubdom/Makefile
|
|
||||||
@@ -97,6 +97,7 @@ newlib-$(NEWLIB_VERSION): newlib-$(NEWLI
|
|
||||||
patch -d $@ -p1 < newlib-disable-texinfo.patch
|
|
||||||
patch -d $@ -p1 < newlib-cygmon-gmon.patch
|
|
||||||
patch -d $@ -p1 < newlib-makedoc.patch
|
|
||||||
+ patch -d $@ -p1 < newlib-gcc14-pragmas.patch
|
|
||||||
find $@ -type f | xargs perl -i.bak \
|
|
||||||
-pe 's/\b_(tzname|daylight|timezone)\b/$$1/g'
|
|
||||||
touch $@
|
|
||||||
Index: xen-4.19.0-testing/stubdom/newlib-gcc14-pragmas.patch
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ xen-4.19.0-testing/stubdom/newlib-gcc14-pragmas.patch
|
|
||||||
@@ -0,0 +1,36 @@
|
|
||||||
+--- newlib-1.16.0/newlib/libc/stdlib/wcstoull.c.orig 2024-06-04 15:32:01.495146632 -0600
|
|
||||||
++++ newlib-1.16.0/newlib/libc/stdlib/wcstoull.c 2024-06-04 15:38:56.627156524 -0600
|
|
||||||
+@@ -127,6 +127,10 @@ PORTABILITY
|
|
||||||
+
|
|
||||||
+ #ifndef _REENT_ONLY
|
|
||||||
+
|
|
||||||
++#if __GNUC__ >= 14
|
|
||||||
++#pragma GCC diagnostic ignored "-Wimplicit-function-declaration"
|
|
||||||
++#endif
|
|
||||||
++
|
|
||||||
+ unsigned long long
|
|
||||||
+ _DEFUN (wcstoull, (s, ptr, base),
|
|
||||||
+ _CONST wchar_t *s _AND
|
|
||||||
+--- newlib-1.16.0/newlib/libc/reent/signalr.c.orig 2024-06-04 15:39:15.139156966 -0600
|
|
||||||
++++ newlib-1.16.0/newlib/libc/reent/signalr.c 2024-06-04 15:40:24.899158628 -0600
|
|
||||||
+@@ -49,6 +49,10 @@ DESCRIPTION
|
|
||||||
+ <<errno>>.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
++#if __GNUC__ >= 14
|
|
||||||
++#pragma GCC diagnostic ignored "-Wimplicit-function-declaration"
|
|
||||||
++#endif
|
|
||||||
++
|
|
||||||
+ int
|
|
||||||
+ _DEFUN (_kill_r, (ptr, pid, sig),
|
|
||||||
+ struct _reent *ptr _AND
|
|
||||||
+--- newlib-1.16.0/newlib/doc/makedoc.c.orig 2024-06-04 16:07:54.423197934 -0600
|
|
||||||
++++ newlib-1.16.0/newlib/doc/makedoc.c 2024-06-04 16:15:15.395208441 -0600
|
|
||||||
+@@ -798,6 +798,7 @@ DEFUN( iscommand,(ptr, idx),
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+
|
|
||||||
++static unsigned int
|
|
||||||
+ DEFUN(copy_past_newline,(ptr, idx, dst),
|
|
||||||
+ string_type *ptr AND
|
|
||||||
+ unsigned int idx AND
|
|
@ -93,7 +93,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|||||||
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
||||||
--- a/tools/libs/light/libxl_internal.h
|
--- a/tools/libs/light/libxl_internal.h
|
||||||
+++ b/tools/libs/light/libxl_internal.h
|
+++ b/tools/libs/light/libxl_internal.h
|
||||||
@@ -3652,9 +3652,11 @@ struct libxl__domain_save_state {
|
@@ -3651,9 +3651,11 @@ struct libxl__domain_save_state {
|
||||||
libxl_domain_type type;
|
libxl_domain_type type;
|
||||||
int live;
|
int live;
|
||||||
int debug;
|
int debug;
|
||||||
|
@ -77,7 +77,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|||||||
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
||||||
--- a/tools/libs/light/libxl_internal.h
|
--- a/tools/libs/light/libxl_internal.h
|
||||||
+++ b/tools/libs/light/libxl_internal.h
|
+++ b/tools/libs/light/libxl_internal.h
|
||||||
@@ -3653,6 +3653,7 @@ struct libxl__domain_save_state {
|
@@ -3652,6 +3652,7 @@ struct libxl__domain_save_state {
|
||||||
int live;
|
int live;
|
||||||
int debug;
|
int debug;
|
||||||
int checkpointed_stream;
|
int checkpointed_stream;
|
||||||
|
@ -82,7 +82,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|||||||
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
dss->checkpointed_stream = LIBXL_CHECKPOINTED_STREAM_NONE;
|
||||||
--- a/tools/libs/light/libxl_internal.h
|
--- a/tools/libs/light/libxl_internal.h
|
||||||
+++ b/tools/libs/light/libxl_internal.h
|
+++ b/tools/libs/light/libxl_internal.h
|
||||||
@@ -3654,6 +3654,7 @@ struct libxl__domain_save_state {
|
@@ -3653,6 +3653,7 @@ struct libxl__domain_save_state {
|
||||||
int debug;
|
int debug;
|
||||||
int checkpointed_stream;
|
int checkpointed_stream;
|
||||||
uint32_t max_iters;
|
uint32_t max_iters;
|
||||||
|
@ -286,7 +286,7 @@ the execution time of each script.
|
|||||||
libxl__xswait_callback *callback;
|
libxl__xswait_callback *callback;
|
||||||
/* remaining fields are private to xswait */
|
/* remaining fields are private to xswait */
|
||||||
libxl__ev_time time_ev;
|
libxl__ev_time time_ev;
|
||||||
@@ -2704,6 +2706,7 @@ struct libxl__async_exec_state {
|
@@ -2703,6 +2705,7 @@ struct libxl__async_exec_state {
|
||||||
char **args; /* execution arguments */
|
char **args; /* execution arguments */
|
||||||
char **env; /* execution environment */
|
char **env; /* execution environment */
|
||||||
|
|
||||||
@ -294,7 +294,7 @@ the execution time of each script.
|
|||||||
/* private */
|
/* private */
|
||||||
libxl__ev_time time;
|
libxl__ev_time time;
|
||||||
libxl__ev_child child;
|
libxl__ev_child child;
|
||||||
@@ -4893,6 +4896,9 @@ _hidden int userlookup_helper_getpwuid(l
|
@@ -4892,6 +4895,9 @@ _hidden int userlookup_helper_getpwuid(l
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
BIN
mini-os.tar.bz2
(Stored with Git LFS)
BIN
mini-os.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
|||||||
Index: xen-4.18.0-testing/xen/arch/x86/hvm/stdvga.c
|
|
||||||
===================================================================
|
|
||||||
--- xen-4.18.0-testing.orig/xen/arch/x86/hvm/stdvga.c
|
|
||||||
+++ xen-4.18.0-testing/xen/arch/x86/hvm/stdvga.c
|
|
||||||
@@ -165,7 +165,10 @@ static int stdvga_outb(uint64_t addr, ui
|
|
||||||
|
|
||||||
/* When in standard vga mode, emulate here all writes to the vram buffer
|
|
||||||
* so we can immediately satisfy reads without waiting for qemu. */
|
|
||||||
- s->stdvga = (s->sr[7] == 0x00);
|
|
||||||
+ s->stdvga =
|
|
||||||
+ (s->sr[7] == 0x00) && /* standard vga mode */
|
|
||||||
+ (s->gr[6] == 0x05); /* misc graphics register w/ MemoryMapSelect=1
|
|
||||||
+ * 0xa0000-0xaffff (64k region), AlphaDis=1 */
|
|
||||||
|
|
||||||
if ( !prev_stdvga && s->stdvga )
|
|
||||||
{
|
|
BIN
stubdom.tar.bz2
(Stored with Git LFS)
BIN
stubdom.tar.bz2
(Stored with Git LFS)
Binary file not shown.
@ -2,7 +2,7 @@ Change default IO-APIC ack mode for single IO-APIC systems to old-style.
|
|||||||
|
|
||||||
--- a/xen/arch/x86/io_apic.c
|
--- a/xen/arch/x86/io_apic.c
|
||||||
+++ b/xen/arch/x86/io_apic.c
|
+++ b/xen/arch/x86/io_apic.c
|
||||||
@@ -2071,7 +2071,10 @@ void __init setup_IO_APIC(void)
|
@@ -2136,7 +2136,10 @@ void __init setup_IO_APIC(void)
|
||||||
io_apic_irqs = ~PIC_IRQS;
|
io_apic_irqs = ~PIC_IRQS;
|
||||||
|
|
||||||
printk("ENABLING IO-APIC IRQs\n");
|
printk("ENABLING IO-APIC IRQs\n");
|
||||||
|
BIN
xen-4.19.0-testing-src.tar.bz2
(Stored with Git LFS)
BIN
xen-4.19.0-testing-src.tar.bz2
(Stored with Git LFS)
Binary file not shown.
BIN
xen-4.19.1-testing-src.tar.bz2
(Stored with Git LFS)
Normal file
BIN
xen-4.19.1-testing-src.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -60,11 +60,15 @@ conf_files $OF "$XEN_CONF_FILES"
|
|||||||
log_cmd $OF "xl list --long"
|
log_cmd $OF "xl list --long"
|
||||||
log_cmd $OF "xl dmesg"
|
log_cmd $OF "xl dmesg"
|
||||||
# network-related info often useful for debugging
|
# network-related info often useful for debugging
|
||||||
if [ systemctl is-enabled NetworkManager.service 2>&1 > /dev/null ]; then
|
if systemctl is-enabled NetworkManager.service &> /dev/null ; then
|
||||||
log_write $OF "NOTE: NetworkManager should not be enabled on a Xen host"
|
log_write $OF "NOTE: NetworkManager should not be enabled on a Xen host"
|
||||||
fi
|
fi
|
||||||
log_cmd $OF "route -n"
|
for proto in '-4' '-6'
|
||||||
log_cmd $OF "arp -v"
|
do
|
||||||
|
log_cmd $OF "ip $proto neighbor show"
|
||||||
|
log_cmd $OF "ip $proto route show"
|
||||||
|
log_cmd $OF "ip $proto address show"
|
||||||
|
done
|
||||||
log_cmd $OF "ip link show type bridge"
|
log_cmd $OF "ip link show type bridge"
|
||||||
log_cmd $OF "bridge link show"
|
log_cmd $OF "bridge link show"
|
||||||
# list contents of common config and image directories
|
# list contents of common config and image directories
|
||||||
|
54
xen.changes
54
xen.changes
@ -1,3 +1,57 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 4 09:16:24 MST 2024 - carnold@suse.com
|
||||||
|
|
||||||
|
- Update to Xen 4.19.1 bug fix release (jsc#PED-8907)
|
||||||
|
xen-4.19.1-testing-src.tar.bz2
|
||||||
|
* No upstream changelog found in sources or webpage
|
||||||
|
- Dropped patches
|
||||||
|
66a8b8ac-bunzip2-rare-failure.patch
|
||||||
|
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
|
||||||
|
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
|
||||||
|
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
|
||||||
|
66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
|
||||||
|
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
|
||||||
|
66d8690f-SUPPORT-split-XSM-from-Flask.patch
|
||||||
|
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
|
||||||
|
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
|
||||||
|
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
|
||||||
|
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
|
||||||
|
xsa463-01.patch
|
||||||
|
xsa463-02.patch
|
||||||
|
xsa463-03.patch
|
||||||
|
xsa463-04.patch
|
||||||
|
xsa463-05.patch
|
||||||
|
xsa463-06.patch
|
||||||
|
xsa463-07.patch
|
||||||
|
xsa463-08.patch
|
||||||
|
xsa463-09.patch
|
||||||
|
xsa464.patch
|
||||||
|
gcc14-fixes.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 30 09:34:38 MDT 2024 - carnold@suse.com
|
||||||
|
|
||||||
|
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
|
||||||
|
standard VGA handling (XSA-463)
|
||||||
|
xsa463-01.patch
|
||||||
|
xsa463-02.patch
|
||||||
|
xsa463-03.patch
|
||||||
|
xsa463-04.patch
|
||||||
|
xsa463-05.patch
|
||||||
|
xsa463-06.patch
|
||||||
|
xsa463-07.patch
|
||||||
|
xsa463-08.patch
|
||||||
|
xsa463-09.patch
|
||||||
|
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
|
||||||
|
guests via ACPI tables (XSA-464)
|
||||||
|
xsa464.patch
|
||||||
|
- Drop stdvga-cache.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 29 12:34:56 UTC 2024 - ohering@suse.de
|
||||||
|
|
||||||
|
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Sep 26 11:30:00 CEST 2024 - jbeulich@suse.com
|
Thu Sep 26 11:30:00 CEST 2024 - jbeulich@suse.com
|
||||||
|
|
||||||
|
25
xen.spec
25
xen.spec
@ -30,7 +30,7 @@
|
|||||||
|
|
||||||
Name: xen
|
Name: xen
|
||||||
ExclusiveArch: %ix86 x86_64 aarch64
|
ExclusiveArch: %ix86 x86_64 aarch64
|
||||||
%define xen_build_dir xen-4.19.0-testing
|
%define xen_build_dir xen-4.19.1-testing
|
||||||
#
|
#
|
||||||
%define with_gdbsx 0
|
%define with_gdbsx 0
|
||||||
%define with_dom0_support 0
|
%define with_dom0_support 0
|
||||||
@ -124,12 +124,12 @@ BuildRequires: pesign-obs-integration
|
|||||||
BuildRequires: python-rpm-macros
|
BuildRequires: python-rpm-macros
|
||||||
Provides: installhint(reboot-needed)
|
Provides: installhint(reboot-needed)
|
||||||
|
|
||||||
Version: 4.19.0_04
|
Version: 4.19.1_02
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
|
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
|
||||||
License: GPL-2.0-only
|
License: GPL-2.0-only
|
||||||
Group: System/Kernel
|
Group: System/Kernel
|
||||||
Source0: xen-4.19.0-testing-src.tar.bz2
|
Source0: xen-4.19.1-testing-src.tar.bz2
|
||||||
Source1: stubdom.tar.bz2
|
Source1: stubdom.tar.bz2
|
||||||
Source2: mini-os.tar.bz2
|
Source2: mini-os.tar.bz2
|
||||||
Source9: xen.changes
|
Source9: xen.changes
|
||||||
@ -159,17 +159,6 @@ Source10183: xen_maskcalc.py
|
|||||||
# For xen-libs
|
# For xen-libs
|
||||||
Source99: baselibs.conf
|
Source99: baselibs.conf
|
||||||
# Upstream patches
|
# Upstream patches
|
||||||
Patch1: 66a8b8ac-bunzip2-rare-failure.patch
|
|
||||||
Patch2: 66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
|
|
||||||
Patch3: 66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
|
|
||||||
Patch4: 66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
|
|
||||||
Patch5: 66d02b69-Arm64-adjust-irq_to_desc-to-fix-build-with-gcc14.patch
|
|
||||||
Patch6: 66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
|
|
||||||
Patch7: 66d8690f-SUPPORT-split-XSM-from-Flask.patch
|
|
||||||
Patch8: 66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
|
|
||||||
Patch9: 66e44ae2-x86-ucode-AMD-buffer-underrun.patch
|
|
||||||
Patch10: 66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
|
|
||||||
Patch11: 66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
|
|
||||||
# EMBARGOED security fixes
|
# EMBARGOED security fixes
|
||||||
# libxc
|
# libxc
|
||||||
Patch301: libxc-bitmap-long.patch
|
Patch301: libxc-bitmap-long.patch
|
||||||
@ -215,15 +204,13 @@ Patch408: ignore-ip-command-script-errors.patch
|
|||||||
# Needs to go upstream
|
# Needs to go upstream
|
||||||
Patch420: suspend_evtchn_lock.patch
|
Patch420: suspend_evtchn_lock.patch
|
||||||
Patch421: vif-route.patch
|
Patch421: vif-route.patch
|
||||||
Patch422: gcc14-fixes.patch
|
|
||||||
# Other bug fixes or features
|
# Other bug fixes or features
|
||||||
Patch450: xen.sysconfig-fillup.patch
|
Patch450: xen.sysconfig-fillup.patch
|
||||||
Patch451: xenconsole-no-multiple-connections.patch
|
Patch451: xenconsole-no-multiple-connections.patch
|
||||||
Patch452: hibernate.patch
|
Patch452: hibernate.patch
|
||||||
Patch453: stdvga-cache.patch
|
Patch453: xl-save-pc.patch
|
||||||
Patch454: xl-save-pc.patch
|
Patch454: pygrub-boot-legacy-sles.patch
|
||||||
Patch455: pygrub-boot-legacy-sles.patch
|
Patch455: pygrub-handle-one-line-menu-entries.patch
|
||||||
Patch456: pygrub-handle-one-line-menu-entries.patch
|
|
||||||
Patch461: libxl.max_event_channels.patch
|
Patch461: libxl.max_event_channels.patch
|
||||||
Patch463: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch
|
Patch463: libxl.add-option-to-disable-disk-cache-flushes-in-qdisk.patch
|
||||||
Patch464: xen.libxl.dmmd.patch
|
Patch464: xen.libxl.dmmd.patch
|
||||||
|
Loading…
Reference in New Issue
Block a user