diff --git a/20099-pygrub-security.patch b/20099-pygrub-security.patch deleted file mode 100644 index 6ec02f3..0000000 --- a/20099-pygrub-security.patch +++ /dev/null @@ -1,142 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1250781436 -3600 -# Node ID 8f783adc0ee34808cdd296cccd92f99018f76017 -# Parent 4b30cfb855299922244938fde4f88f4e5bb5df34 -pygrub: Add password support - -It basically checks for the presence of password line in grub.conf -of the guest image and if this line is present, it supports both clear -text and md5 versions of the password. Editing the grub entries and -command-line are disabled when some password is set in domain's -grub.conf file but the password was not entered yet. Also, new option -to press 'p' in interactive pygrub has been added to allow entering -the grub password. It's been tested on x86_64 with PV guests and was -working fine. Also, the countdown has been stopped after key was -pressed, ie. the user is probably editing the boot configuration. - -Signed-off-by: Michal Novotny - -Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py -=================================================================== ---- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py -+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py -@@ -157,6 +157,7 @@ class GrubConfigFile(object): - self.images = [] - self.timeout = -1 - self._default = 0 -+ self.passwordAccess = True - - if fn is not None: - self.parse() -@@ -196,6 +197,7 @@ class GrubConfigFile(object): - if self.commands.has_key(com): - if self.commands[com] is not None: - setattr(self, self.commands[com], arg.strip()) -+ #print "%s = %s => %s" % (com, self.commands[com], arg.strip() ) - else: - logging.info("Ignored directive %s" %(com,)) - else: -@@ -204,6 +206,37 @@ class GrubConfigFile(object): - if len(img) > 0: - self.add_image(GrubImage(img)) - -+ if self.hasPassword(): -+ self.setPasswordAccess(False) -+ -+ def hasPasswordAccess(self): -+ return self.passwordAccess -+ -+ def setPasswordAccess(self, val): -+ self.passwordAccess = val -+ -+ def hasPassword(self): -+ try: -+ getattr(self, self.commands['password']) -+ return True -+ except KeyError, e: -+ return False -+ -+ def checkPassword(self, password): -+ try: -+ pwd = getattr(self, self.commands['password']).split() -+ if pwd[0] == '--md5': -+ import crypt -+ if crypt.crypt(password, pwd[1]) == pwd[1]: -+ return True -+ -+ if pwd[0] == password: -+ return True -+ -+ return False -+ except: -+ return True -+ - def set(self, line): - (com, arg) = grub_exact_split(line, 2) - if self.commands.has_key(com): -Index: xen-3.4.1-testing/tools/pygrub/src/pygrub -=================================================================== ---- xen-3.4.1-testing.orig/tools/pygrub/src/pygrub -+++ xen-3.4.1-testing/tools/pygrub/src/pygrub -@@ -418,7 +418,14 @@ class Grub: - self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.") - self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 'e' to edit the") - self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ") -- self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.") -+ -+ # if grub has password defined we allow option to enter password -+ if not self.cf.hasPassword(): -+ self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.") -+ else: -+ self.text_win.addstr(3, 0, "before booting, or 'c' for a command line. You can also") -+ self.text_win.addstr(4, 0, "press 'p' to enter password for modifications...") -+ - self.text_win.addch(0, 8, curses.ACS_UARROW) - self.text_win.addch(0, 14, curses.ACS_DARROW) - (y, x) = self.text_win.getmaxyx() -@@ -457,9 +464,19 @@ class Grub: - - # handle keypresses - if c == ord('c'): -+ # we disallow access without password specified -+ if not self.cf.hasPasswordAccess(): -+ self.text_win.addstr(6, 8, "You have to enter GRUB password first") -+ break -+ - self.command_line_mode() - break - elif c == ord('a'): -+ # we disallow access without password specified -+ if not self.cf.hasPasswordAccess(): -+ self.text_win.addstr(6, 8, "You have to enter GRUB password first") -+ break -+ - # find the kernel line, edit it and then boot - img = self.cf.images[self.selected_image] - for line in img.lines: -@@ -471,9 +488,24 @@ class Grub: - break - break - elif c == ord('e'): -+ # we disallow access without password specified -+ if not self.cf.hasPasswordAccess(): -+ self.text_win.addstr(6, 8, "You have to enter GRUB password first") -+ break -+ - img = self.cf.images[self.selected_image] - self.edit_entry(img) - break -+ elif c == ord('p') and self.cf.hasPassword(): -+ self.text_win.addstr(6, 8, "Enter password: ") -+ pwd = self.text_win.getstr(6, 8) -+ if not self.cf.checkPassword(pwd): -+ self.text_win.addstr(6, 8, "Incorrect password!") -+ self.cf.setPasswordAccess( False ) -+ else: -+ self.text_win.addstr(6, 8, "Access granted ") -+ self.cf.setPasswordAccess( True ) -+ break - elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')): - self.isdone = True - break diff --git a/20107-pygrub-security.patch b/20107-pygrub-security.patch deleted file mode 100644 index 2607acb..0000000 --- a/20107-pygrub-security.patch +++ /dev/null @@ -1,39 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1250871100 -3600 -# Node ID 168f0cfeded0ad64e03d821efe5dcbe2eb5806a3 -# Parent 4207d83fc78ef63016a4163b09f30aa471e4bdb8 -pygrub: Fix elilo handling after password patch. - -Signed-off-by: Michal Novotny - -Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py -=================================================================== ---- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py -+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py -@@ -219,7 +219,7 @@ class GrubConfigFile(object): - try: - getattr(self, self.commands['password']) - return True -- except KeyError, e: -+ except: - return False - - def checkPassword(self, password): -Index: xen-3.4.1-testing/tools/pygrub/src/LiloConf.py -=================================================================== ---- xen-3.4.1-testing.orig/tools/pygrub/src/LiloConf.py -+++ xen-3.4.1-testing/tools/pygrub/src/LiloConf.py -@@ -138,6 +138,12 @@ class LiloConfigFile(object): - if len(img) > 0: - self.add_image(LiloImage(img, path)) - -+ def hasPassword(self): -+ return False -+ -+ def hasPasswordAccess(self): -+ return True -+ - def add_image(self, image): - self.images.append(image) - diff --git a/20125-xc-parse-tuple-fix.patch b/20125-xc-parse-tuple-fix.patch index 4cdc418..45e18bc 100644 --- a/20125-xc-parse-tuple-fix.patch +++ b/20125-xc-parse-tuple-fix.patch @@ -8,11 +8,10 @@ when it expects a full integer. Signed-off-by: Keir Fraser -Index: xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c -=================================================================== ---- xen-3.4.1-testing.orig/tools/python/xen/lowlevel/xc/xc.c -+++ xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c -@@ -650,10 +650,9 @@ static PyObject *pyxc_deassign_device(Xc +diff -r 71389988f5d4 -r ed672a604cc7 tools/python/xen/lowlevel/xc/xc.c +--- a/tools/python/xen/lowlevel/xc/xc.c Wed Aug 26 15:35:14 2009 +0100 ++++ b/tools/python/xen/lowlevel/xc/xc.c Wed Aug 26 15:41:59 2009 +0100 +@@ -654,10 +654,9 @@ static PyObject *pyxc_get_device_group(XcObject *self, PyObject *args) { @@ -24,7 +23,7 @@ Index: xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c PyObject *Pystr; char *group_str; char dev_str[9]; -@@ -808,7 +807,7 @@ static PyObject *pyxc_dom_check_cpuid(Xc +@@ -812,7 +811,7 @@ static PyObject *pyxc_dom_set_policy_cpuid(XcObject *self, PyObject *args) { @@ -33,7 +32,7 @@ Index: xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c if ( !PyArg_ParseTuple(args, "i", &domid) ) return NULL; -@@ -824,9 +823,8 @@ static PyObject *pyxc_dom_set_policy_cpu +@@ -828,9 +827,8 @@ static PyObject *pyxc_dom_set_cpuid(XcObject *self, PyObject *args) { diff --git a/20146-pygrub-security.patch b/20146-pygrub-security.patch deleted file mode 100644 index 95eef9c..0000000 --- a/20146-pygrub-security.patch +++ /dev/null @@ -1,95 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1251887904 -3600 -# Node ID e513d565c8f1298d26bc614eabd1b7111693a940 -# Parent 8fc92779847680fe40a1ee9c2a01b3effc7cd056 -pygrub: Match bare-metal GRUB behavior for passwords - -The password support patch already merged didn't match the bare-metal -GRUB behavior so I created a patch to match it. If password is entered -in grub.conf file, pressing `p` is required exactly like when using -"real" (bare-metal) GRUB. New options are available after the correct -password is entered. - -Signed-off-by: Michal Novotny - -Index: xen-3.4.1-testing/tools/pygrub/src/pygrub -=================================================================== ---- xen-3.4.1-testing.orig/tools/pygrub/src/pygrub -+++ xen-3.4.1-testing/tools/pygrub/src/pygrub -@@ -415,16 +415,17 @@ class Grub: - def draw(): - # set up the screen - self.draw_main_windows() -- self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.") -- self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 'e' to edit the") -- self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ") - -- # if grub has password defined we allow option to enter password -- if not self.cf.hasPassword(): -+ if not self.cf.hasPassword() or self.cf.hasPasswordAccess(): -+ self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.") -+ self.text_win.addstr(1, 0, "Press enter to boot the selected OS, 'e' to edit the") -+ self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ") - self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.") -+ - else: -- self.text_win.addstr(3, 0, "before booting, or 'c' for a command line. You can also") -- self.text_win.addstr(4, 0, "press 'p' to enter password for modifications...") -+ self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.") -+ self.text_win.addstr(1, 0, "Press enter to boot the selected OS or `p` to enter a") -+ self.text_win.addstr(2, 0, "password to unlock the next set of features.") - - self.text_win.addch(0, 8, curses.ACS_UARROW) - self.text_win.addch(0, 14, curses.ACS_DARROW) -@@ -463,20 +464,10 @@ class Grub: - self.screen.timeout(-1) - - # handle keypresses -- if c == ord('c'): -- # we disallow access without password specified -- if not self.cf.hasPasswordAccess(): -- self.text_win.addstr(6, 8, "You have to enter GRUB password first") -- break -- -+ if c == ord('c') and self.cf.hasPasswordAccess(): - self.command_line_mode() - break -- elif c == ord('a'): -- # we disallow access without password specified -- if not self.cf.hasPasswordAccess(): -- self.text_win.addstr(6, 8, "You have to enter GRUB password first") -- break -- -+ elif c == ord('a') and self.cf.hasPasswordAccess(): - # find the kernel line, edit it and then boot - img = self.cf.images[self.selected_image] - for line in img.lines: -@@ -487,23 +478,18 @@ class Grub: - self.isdone = True - break - break -- elif c == ord('e'): -- # we disallow access without password specified -- if not self.cf.hasPasswordAccess(): -- self.text_win.addstr(6, 8, "You have to enter GRUB password first") -- break -- -+ elif c == ord('e') and self.cf.hasPasswordAccess(): - img = self.cf.images[self.selected_image] - self.edit_entry(img) - break - elif c == ord('p') and self.cf.hasPassword(): -- self.text_win.addstr(6, 8, "Enter password: ") -+ self.text_win.addstr(6, 1, "Password: ") - pwd = self.text_win.getstr(6, 8) - if not self.cf.checkPassword(pwd): -- self.text_win.addstr(6, 8, "Incorrect password!") -+ self.text_win.addstr(6, 1, "Password: ") -+ self.text_win.addstr(7, 0, "Failed!") - self.cf.setPasswordAccess( False ) - else: -- self.text_win.addstr(6, 8, "Access granted ") - self.cf.setPasswordAccess( True ) - break - elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')): diff --git a/20174-pygrub-security.patch b/20174-pygrub-security.patch deleted file mode 100644 index bd9beeb..0000000 --- a/20174-pygrub-security.patch +++ /dev/null @@ -1,95 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1252327855 -3600 -# Node ID a28c9c2fa8de05ebd0284f578289e96d2d15d574 -# Parent b81e375e03922cd72d6e1404bc62a05059a4fe61 -pygrub: trap exception when python module import fails - -Fix the issue when importing 'crypt' module or crypt.crypt fails in -pygrub. The exception is written on the same line like "Failed!" -message but only if there is an exception. If there is no exception, -we don't bother users with details (probably the password they entered -was wrong) so we just display "Failed!" message. Also, the code for -hasPassword() was rewritten not to have try/except block here. - -Signed-off-by: Michal Novotny - -Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py -=================================================================== ---- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py -+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py -@@ -158,6 +158,7 @@ class GrubConfigFile(object): - self.timeout = -1 - self._default = 0 - self.passwordAccess = True -+ self.passExc = None - - if fn is not None: - self.parse() -@@ -197,7 +198,6 @@ class GrubConfigFile(object): - if self.commands.has_key(com): - if self.commands[com] is not None: - setattr(self, self.commands[com], arg.strip()) -- #print "%s = %s => %s" % (com, self.commands[com], arg.strip() ) - else: - logging.info("Ignored directive %s" %(com,)) - else: -@@ -216,25 +216,28 @@ class GrubConfigFile(object): - self.passwordAccess = val - - def hasPassword(self): -- try: -- getattr(self, self.commands['password']) -- return True -- except: -- return False -+ return hasattr(self, 'password') - - def checkPassword(self, password): -- try: -- pwd = getattr(self, self.commands['password']).split() -- if pwd[0] == '--md5': -+ # Always allow if no password defined in grub.conf -+ if not self.hasPassword: -+ return True -+ -+ # If we're here, we're having 'password' attribute set -+ pwd = getattr(self, 'password').split() -+ -+ # We check whether password is in MD5 hash for comparison -+ if pwd[0] == '--md5': -+ try: - import crypt - if crypt.crypt(password, pwd[1]) == pwd[1]: - return True -+ except Exception, e: -+ self.passExc = "Can't verify password: %s" % str(e) -+ return False - -- if pwd[0] == password: -- return True -- -- return False -- except: -+ # ... and if not, we compare it as a plain text -+ if pwd[0] == password: - return True - - def set(self, line): -Index: xen-3.4.1-testing/tools/pygrub/src/pygrub -=================================================================== ---- xen-3.4.1-testing.orig/tools/pygrub/src/pygrub -+++ xen-3.4.1-testing/tools/pygrub/src/pygrub -@@ -487,7 +487,11 @@ class Grub: - pwd = self.text_win.getstr(6, 8) - if not self.cf.checkPassword(pwd): - self.text_win.addstr(6, 1, "Password: ") -- self.text_win.addstr(7, 0, "Failed!") -+ if self.cf.passExc is not None: -+ self.text_win.addstr(7, 0, "Exception: %s" -+ % self.cf.passExc) -+ else: -+ self.text_win.addstr(7, 0, "Failed!") - self.cf.setPasswordAccess( False ) - else: - self.cf.setPasswordAccess( True ) diff --git a/20201-pygrub-security.patch b/20201-pygrub-security.patch deleted file mode 100644 index 7218664..0000000 --- a/20201-pygrub-security.patch +++ /dev/null @@ -1,42 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1253002894 -3600 -# Node ID 67f1b8b3258591b979c441c6013af3c442063cc1 -# Parent 045b2b8b522708093b91f883f1b7e7c1805f71e3 -pygrub: Correct pygrub return value - -This is the patch to correct pygrub return value for checkPassword() -function. It didn't return False at the end of the function. It -returned None so it was working fine and it's most likely just a -cosmetic issue. - -Also, the missing () were added to checkPassword() function when -calling hasPassword and the unnecessary comment was removed. - -Signed-off-by: Michal Novotny - -Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py -=================================================================== ---- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py -+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py -@@ -220,10 +220,9 @@ class GrubConfigFile(object): - - def checkPassword(self, password): - # Always allow if no password defined in grub.conf -- if not self.hasPassword: -+ if not self.hasPassword(): - return True - -- # If we're here, we're having 'password' attribute set - pwd = getattr(self, 'password').split() - - # We check whether password is in MD5 hash for comparison -@@ -240,6 +239,8 @@ class GrubConfigFile(object): - if pwd[0] == password: - return True - -+ return False -+ - def set(self, line): - (com, arg) = grub_exact_split(line, 2) - if self.commands.has_key(com): diff --git a/hv_tools.patch b/hv_tools.patch index 7656ff6..78e7cca 100644 --- a/hv_tools.patch +++ b/hv_tools.patch @@ -2,26 +2,28 @@ Index: xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c =================================================================== --- xen-3.4.1-testing.orig/tools/python/xen/lowlevel/xc/xc.c +++ xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c -@@ -888,14 +888,14 @@ static PyObject *pyxc_hvm_build(XcObject +@@ -890,14 +890,14 @@ static PyObject *pyxc_hvm_build(XcObject int i; #endif char *image; - int memsize, target=-1, vcpus = 1, acpi = 0, apic = 1; -+ int memsize, target=-1, vcpus = 1, acpi = 0, apic = 1, extid = 0; ++ int memsize, target=-1, vcpus = 1, acpi = 0, apic = 1, extid=0; static char *kwd_list[] = { "domid", - "memsize", "image", "target", "vcpus", "acpi", -+ "memsize", "image", "target", "vcpus", "extid", "acpi", - "apic", NULL }; +- "apic", NULL }; - if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiii", kwd_list, -+ if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiiii", kwd_list, - &dom, &memsize, &image, &target, &vcpus, +- &dom, &memsize, &image, &target, &vcpus, - &acpi, &apic) ) -+ &extid, &acpi, &apic) ) ++ "memsize", "image", "target", "vcpus", "extid", ++ "acpi", "apic", NULL }; ++ if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiiii", kwd_list, ++ &dom, &memsize, &image, &target, &extid, ++ &vcpus, &acpi, &apic) ) return NULL; if ( target == -1 ) -@@ -921,6 +921,7 @@ static PyObject *pyxc_hvm_build(XcObject +@@ -923,6 +923,7 @@ static PyObject *pyxc_hvm_build(XcObject va_hvm->checksum -= sum; munmap(va_map, XC_PAGE_SIZE); #endif @@ -37,7 +39,7 @@ Index: xen-3.4.1-testing/tools/python/xen/xend/XendConfig.py 'monitor': int, 'nographic': int, 'pae' : int, -+ 'extid': int, ++ 'extid': int, 'rtc_timeoffset': int, 'serial': str, 'sdl': int, diff --git a/hv_win7_eoi_bug.patch b/hv_win7_eoi_bug.patch index 2986acc..cbf151f 100644 --- a/hv_win7_eoi_bug.patch +++ b/hv_win7_eoi_bug.patch @@ -1,7 +1,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c =================================================================== ---- xen-3.4.1-testing.orig/xen/arch/x86/hvm/hyperv/hv_intercept.c -+++ xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c +--- xen-3.4.1-testing.orig/xen/arch/x86/hvm/hyperv/hv_intercept.c 2009-08-10 14:01:45.000000000 -0600 ++++ xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c 2009-08-10 14:07:15.000000000 -0600 @@ -33,6 +33,7 @@ #include @@ -10,7 +10,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c #include #include #include -@@ -987,8 +988,15 @@ hyperv_do_wr_msr(uint32_t idx, struct cp +@@ -987,8 +988,15 @@ break; case HV_MSR_APIC_ASSIST_PAGE: /* @@ -22,7 +22,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c + uint32_t data = 0; + paddr_t assist_page = msr_content & ~1UL; + (void)hvm_copy_to_guest_phys(assist_page, &data, sizeof(data)); -+ } ++ } + break; diff --git a/hv_xen_base.patch b/hv_xen_base.patch index 181f722..8818e48 100644 --- a/hv_xen_base.patch +++ b/hv_xen_base.patch @@ -1,3 +1,4 @@ +%patch Index: xen-3.4.1-testing/xen/include/asm-x86/hvm/domain.h =================================================================== --- xen-3.4.1-testing.orig/xen/include/asm-x86/hvm/domain.h @@ -17,7 +18,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/Makefile @@ -1,5 +1,6 @@ subdir-y += svm subdir-y += vmx -+subdir-$(x86_64) += hyperv ++subdir-y += hyperv obj-y += emulate.o obj-y += hvm.o @@ -56,7 +57,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hvm.c if ( (rc = hvm_funcs.vcpu_initialise(v)) != 0 ) goto fail2; -@@ -732,12 +740,14 @@ int hvm_vcpu_initialise(struct vcpu *v) +@@ -732,6 +740,7 @@ int hvm_vcpu_initialise(struct vcpu *v) hvm_funcs.vcpu_destroy(v); fail2: vlapic_destroy(v); @@ -64,13 +65,14 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hvm.c fail1: return rc; } - +@@ -739,6 +748,7 @@ int hvm_vcpu_initialise(struct vcpu *v) void hvm_vcpu_destroy(struct vcpu *v) { -+ hyperx_intercept_vcpu_destroy(v); tasklet_kill(&v->arch.hvm_vcpu.assert_evtchn_irq_tasklet); ++ hyperx_intercept_vcpu_destroy(v); hvm_vcpu_cacheattr_destroy(v); vlapic_destroy(v); + hvm_funcs.vcpu_destroy(v); @@ -1690,7 +1700,7 @@ void hvm_cpuid(unsigned int input, unsig return; @@ -118,22 +120,19 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hvm.c if ( (eax & 0x80000000) && is_viridian_domain(curr->domain) ) return viridian_hypercall(regs); -@@ -2572,6 +2592,18 @@ long do_hvm_op(unsigned long op, XEN_GUE +@@ -2572,6 +2592,15 @@ long do_hvm_op(unsigned long op, XEN_GUE rc = -EINVAL; break; + case HVM_PARAM_EXTEND_HYPERVISOR: -+#ifdef __x86_64__ -+ if (a.value != 1) -+ rc = -EINVAL; -+ else if (hyperv_initialize(d)) -+ rc = -ENOMEM; -+ else -+ break; -+#else -+ rc = -EINVAL; -+#endif -+ goto param_fail; ++ if ((a.value == 1) && hyperv_initialize(d)) ++ { ++ if (a.value != 1) ++ rc = -EINVAL; ++ else ++ rc = -ENOMEM; ++ goto param_fail; ++ } } if ( rc == 0 ) @@ -141,7 +140,7 @@ Index: xen-3.4.1-testing/xen/include/public/arch-x86/hvm/save.h =================================================================== --- xen-3.4.1-testing.orig/xen/include/public/arch-x86/hvm/save.h +++ xen-3.4.1-testing/xen/include/public/arch-x86/hvm/save.h -@@ -432,9 +432,24 @@ struct hvm_viridian_context { +@@ -432,9 +432,26 @@ struct hvm_viridian_context { DECLARE_HVM_SAVE_TYPE(VIRIDIAN, 15, struct hvm_viridian_context); @@ -151,14 +150,16 @@ Index: xen-3.4.1-testing/xen/include/public/arch-x86/hvm/save.h + uint32_t long_mode; + uint32_t ext_id; +}; -+DECLARE_HVM_SAVE_TYPE(HYPERV_DOM, 15, struct hvm_hyperv_dom); ++ ++DECLARE_HVM_SAVE_TYPE(HYPERV_DOM, 16, struct hvm_hyperv_dom); + +struct hvm_hyperv_cpu { + uint64_t control_msr; + uint64_t version_msr; + uint64_t pad[27]; //KYS: sles10 sp2 compatibility +}; -+DECLARE_HVM_SAVE_TYPE(HYPERV_CPU, 16, struct hvm_hyperv_cpu); ++ ++DECLARE_HVM_SAVE_TYPE(HYPERV_CPU, 17, struct hvm_hyperv_cpu); + /* * Largest type-code in use diff --git a/hv_xen_extension.patch b/hv_xen_extension.patch index 567a802..e24db36 100644 --- a/hv_xen_extension.patch +++ b/hv_xen_extension.patch @@ -3,7 +3,7 @@ Index: xen-3.4.1-testing/xen/include/asm-x86/hvm/hvm_extensions.h =================================================================== --- /dev/null +++ xen-3.4.1-testing/xen/include/asm-x86/hvm/hvm_extensions.h -@@ -0,0 +1,183 @@ +@@ -0,0 +1,165 @@ +/**************************************************************************** + | + | Copyright (c) [2007, 2008] Novell, Inc. @@ -74,35 +74,29 @@ Index: xen-3.4.1-testing/xen/include/asm-x86/hvm/hvm_extensions.h +static inline int +hyperx_intercept_domain_create(struct domain *d) +{ -+#ifdef __x86_64__ -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) { ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) { + return(hyperv_dom_create(d)); + } -+#endif + return (0); +} + +static inline void +hyperx_intercept_domain_destroy(struct domain *d) +{ -+#ifdef __x86_64__ -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) + { + hyperv_dom_destroy(d); + } -+#endif +} + +static inline int +hyperx_intercept_vcpu_initialize(struct vcpu *v) +{ -+#ifdef __x86_64__ + struct domain *d = v->domain; -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) + { + return(hyperv_vcpu_initialize(v)); + } -+#endif + return (0); +} + @@ -110,77 +104,65 @@ Index: xen-3.4.1-testing/xen/include/asm-x86/hvm/hvm_extensions.h +static inline void +hyperx_intercept_vcpu_up(struct vcpu *v) +{ -+#ifdef __x86_64__ + struct domain *d = current->domain; -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) + { + hyperv_vcpu_up(v); + } -+#endif +} + +static inline void +hyperx_intercept_vcpu_destroy(struct vcpu *v) +{ -+#ifdef __x86_64__ + struct domain *d = v->domain; -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) + { + hyperv_vcpu_destroy(v); + } -+#endif +} + +static inline int +hyperx_intercept_do_cpuid(uint32_t idx, unsigned int *eax, unsigned int *ebx, + unsigned int *ecx, unsigned int *edx) +{ -+#ifdef __x86_64__ + struct domain *d = current->domain; -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) + { + return(hyperv_do_cpu_id(idx, eax, ebx, ecx, edx)); + } -+#endif + return (0); +} + +static inline int +hyperx_intercept_do_msr_read(uint32_t idx, struct cpu_user_regs *regs) +{ -+#ifdef __x86_64__ + struct domain *d = current->domain; -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) + { + return(hyperv_do_rd_msr(idx, regs)); + } -+#endif + return (0); +} + +static inline int +hyperx_intercept_do_msr_write(uint32_t idx, struct cpu_user_regs *regs) +{ -+#ifdef __x86_64__ + struct domain *d = current->domain; -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) + { + return(hyperv_do_wr_msr(idx, regs)); + } -+#endif + return (0); +} + +static inline int +hyperx_intercept_do_hypercall(struct cpu_user_regs *regs) +{ -+#ifdef __x86_64__ + struct domain *d = current->domain; -+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) ++ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) + { + return(hyperv_do_hypercall(regs)); + } -+#endif + return (0); +} + @@ -345,8 +327,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_hypercall.c + if (fast) + { + hvm_set_cr3(input); -+ } -+ else ++ } else + { + /* + * Slow path; copy the new value. @@ -375,6 +356,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_hypercall.c + hv_vcpu_t *vcpup = &curp->vcpu_state[hv_get_current_vcpu_index()]; + u64 partition_id; + ++ + fast = (int)((opcode >>16) & 0x1); + verb = (short)(opcode & 0xffff); + rep_count = (short)((opcode >>32) & 0xfff); @@ -1619,7 +1601,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_shim.h + * Supported Synthetic MSRs. 0.83 HyperV spec, section 3.4 + * Supported features. + */ -+#define _MSR_VP_RUNTIME 0 ++#define _MSR_VP_RUNTIME 0 +#define MSR_VP_RUNTIME (1U<<_MSR_VP_RUNTIME) +#define _MSR_TIME_REF_CNT 1 +#define MSR_TIME_REF_CNT (1U<<_MSR_TIME_REF_CNT) @@ -1633,7 +1615,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_shim.h +#define HYPERCALL_MSRS (1U<<_HYPERCALL_MSRS) +#define _MSR_VP_INDEX 6 +#define MSR_VP_INDEX (1U<<_MSR_VP_INDEX) -+#define _RESET_MSR 7 ++#define _RESET_MSR 7 +#define RESET_MSR (1U<<_RESET_MSR) + +#define HV_SHIM_SUPPORTED_MSRS \ diff --git a/ioemu-bdrv-open-CACHE_WB.patch b/ioemu-bdrv-open-CACHE_WB.patch deleted file mode 100644 index e59ad1c..0000000 --- a/ioemu-bdrv-open-CACHE_WB.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- xen-3.4.1-testing/tools/ioemu-remote/hw/xen_blktap.c 2009-09-21 13:26:03.000000000 +0800 -+++ xen-3.4.1-testing/tools/ioemu-remote/hw/xen_blktap.c 2009-09-28 16:30:13.000000000 +0800 -@@ -249,8 +249,11 @@ static int open_disk(struct td_state *s, - drv = blktap_drivers[i].drv; - DPRINTF("%s driver specified\n", drv ? drv->format_name : "No"); - -- /* Open the image */ -- if (bdrv_open2(bs, path, flags, drv) != 0) { -+ /* Open the image -+ * Use BDRV_O_CACHE_WB for write-through caching, -+ * no flags for write-back caching -+ */ -+ if (bdrv_open2(bs, path, flags|BDRV_O_CACHE_WB, drv) != 0) { - fprintf(stderr, "Could not open image file %s\n", path); - return -ENOMEM; - } diff --git a/mkbuildtree.patch b/mkbuildtree.patch index f346359..d8e479c 100644 --- a/mkbuildtree.patch +++ b/mkbuildtree.patch @@ -2,20 +2,7 @@ Index: xen-3.4.1-testing/unmodified_drivers/linux-2.6/mkbuildtree =================================================================== --- xen-3.4.1-testing.orig/unmodified_drivers/linux-2.6/mkbuildtree +++ xen-3.4.1-testing/unmodified_drivers/linux-2.6/mkbuildtree -@@ -33,7 +33,11 @@ for d in $(find ${XL}/drivers/xen/ -mind - done - - ln -sf ${XL}/drivers/xen/core/gnttab.c platform-pci --ln -sf ${XL}/drivers/xen/core/features.c platform-pci -+if [ -f ${XL}/drivers/xen/core/features.c ]; then -+ ln -sf ${XL}/drivers/xen/core/features.c platform-pci -+else -+ ln -sf ${XL}/drivers/xen/features.c platform-pci -+fi - ln -sf ${XL}/drivers/xen/core/xen_proc.c xenbus - ln -sf ${XL}/drivers/xen/core/reboot.c platform-pci - -@@ -47,7 +51,14 @@ ln -nsf ${XEN}/include/public include/xe +@@ -47,7 +47,14 @@ ln -nsf ${XEN}/include/public include/xe # be native and not xenolinux). case "$uname" in i[34567]86|x86_64) diff --git a/xen-updown.sh b/xen-updown.sh index 7bdb197..6d19359 100644 --- a/xen-updown.sh +++ b/xen-updown.sh @@ -151,7 +151,6 @@ case $SCRIPTNAME in ;; *if-down.d*) exit_if_xend_not_running - test -d "/sys/class/net/$INTERFACE/brif/" || exit 0 # Remember vifs attached to $INTERFACE vifs=() diff --git a/xen.changes b/xen.changes index c7a206e..2594ec3 100644 --- a/xen.changes +++ b/xen.changes @@ -1,30 +1,3 @@ -------------------------------------------------------------------- -Fri Oct 9 09:24:29 MDT 2009 - carnold@novell.com - -- bnc#541945 - xm create -x command does not work in SLES 10 SP2 or - SLES 11 - xm-create-xflag.patch - -------------------------------------------------------------------- -Thu Oct 8 22:44:04 MDT 2009 - jfehlig@novell.com - -- Minor enhancement to xen-updown.sh sysconfig hook - -------------------------------------------------------------------- -Mon Sep 28 16:34:19 CST 2009 - wkong@novell.com -- Add patch ioemu-bdrv-open-CACHE_WB.patch - for install guest on tapdisk very very slow. - -------------------------------------------------------------------- -Mon Sep 28 08:28:24 MDT 2009 - carnold@novell.com - -- bnc#542525 - VUL-1: xen pygrub vulnerability - 20099-pygrub-security.patch - 20107-pygrub-security.patch - 20146-pygrub-security.patch - 20174-pygrub-security.patch - 20201-pygrub-security.patch - ------------------------------------------------------------------- Fri Sep 25 15:08:12 MDT 2009 - jfehlig@novell.com diff --git a/xen.spec b/xen.spec index 9555b78..c3419b2 100644 --- a/xen.spec +++ b/xen.spec @@ -1,5 +1,5 @@ # -# spec file for package xen (Version 3.4.1_19718_04) +# spec file for package xen (Version 3.4.1_19718_03) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -37,7 +37,7 @@ BuildRequires: glibc-32bit glibc-devel-32bit %if %{?with_kmp}0 BuildRequires: kernel-source kernel-syms module-init-tools xorg-x11 %endif -Version: 3.4.1_19718_04 +Version: 3.4.1_19718_03 Release: 1 License: GPL v2 only Group: System/Kernel @@ -79,14 +79,9 @@ Patch3: 20035-x86-load-sreg-adjust.patch Patch4: 20059-vmx-nmi-handling.patch Patch5: 20077-x86-runstate-cswitch-out.patch Patch6: 20078-x86_64-branch-emulation.patch -Patch7: 20099-pygrub-security.patch -Patch8: 20101-hvm-no-compat-virt-start.patch -Patch9: 20107-pygrub-security.patch -Patch10: 20112-x86-dom0-boot-run-timers.patch -Patch11: 20125-xc-parse-tuple-fix.patch -Patch12: 20146-pygrub-security.patch -Patch13: 20174-pygrub-security.patch -Patch14: 20201-pygrub-security.patch +Patch7: 20101-hvm-no-compat-virt-start.patch +Patch8: 20112-x86-dom0-boot-run-timers.patch +Patch9: 20125-xc-parse-tuple-fix.patch # Our patches Patch100: xen-config.diff Patch101: xend-config.diff @@ -137,8 +132,7 @@ Patch163: checkpoint-rename.patch Patch164: network-nat.patch Patch165: ioemu-debuginfo.patch Patch166: xm-save-check-file.patch -Patch167: xm-create-xflag.patch -Patch168: mkbuildtree.patch +Patch167: mkbuildtree.patch # Patches for snapshot support Patch200: snapshot-ioemu-save.patch Patch201: snapshot-ioemu-restore.patch @@ -179,7 +173,6 @@ Patch405: blktap-pv-cdrom.patch Patch406: network-nat-open-SuSEfirewall2-FORWARD.patch Patch407: ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch Patch408: qemu-retry-be-status.patch -Patch409: ioemu-bdrv-open-CACHE_WB.patch %if %{?with_kmp}0 Patch450: disable_emulated_device.diff %endif @@ -531,11 +524,6 @@ Authors: %patch7 -p1 %patch8 -p1 %patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 %patch100 -p1 %patch101 -p1 %patch102 -p1 @@ -584,7 +572,6 @@ Authors: %patch165 -p1 %patch166 -p1 %patch167 -p1 -%patch168 -p1 %patch200 -p1 %patch201 -p1 %patch202 -p1 @@ -619,7 +606,6 @@ Authors: %patch406 -p1 %patch407 -p1 %patch408 -p1 -%patch409 -p1 %if %{?with_kmp}0 %patch450 -p1 %endif diff --git a/xm-create-xflag.patch b/xm-create-xflag.patch deleted file mode 100644 index 51971a7..0000000 --- a/xm-create-xflag.patch +++ /dev/null @@ -1,31 +0,0 @@ -Index: xen-3.4.1-testing/tools/python/xen/xm/create.py -=================================================================== ---- xen-3.4.1-testing.orig/tools/python/xen/xm/create.py -+++ xen-3.4.1-testing/tools/python/xen/xm/create.py -@@ -37,7 +37,7 @@ from xen.xend.server.DevConstants import - from xen.util import blkif - from xen.util import vscsi_util - import xen.util.xsm.xsm as security --from xen.xm.main import serverType, SERVER_XEN_API, get_single_vm -+from xen.xm.main import serverType, SERVER_XEN_API, SERVER_LEGACY_XMLRPC, get_single_vm - from xen.util import utils - - from xen.xm.opts import * -@@ -1351,7 +1351,7 @@ def main(argv): - except IOError, exn: - raise OptionError("Cannot read file %s: %s" % (config, exn[1])) - -- if serverType == SERVER_XEN_API: -+ if serverType == SERVER_XEN_API or serverType == SERVER_LEGACY_XMLRPC: - from xen.xm.xenapi_create import sxp2xml - sxp2xml_inst = sxp2xml() - doc = sxp2xml_inst.convert_sxp_to_xml(config, transient=True) -@@ -1359,7 +1359,7 @@ def main(argv): - if opts.vals.dryrun and not opts.is_xml: - SXPPrettyPrint.prettyprint(config) - -- if opts.vals.xmldryrun and serverType == SERVER_XEN_API: -+ if opts.vals.xmldryrun: - from xml.dom.ext import PrettyPrint as XMLPrettyPrint - XMLPrettyPrint(doc) -