From 1d11625a9889642fd8eac3b34728d346137544fd4a2122dc76e0d1433a606448 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Mon, 9 Sep 2013 15:27:39 +0000 Subject: [PATCH] - Upstream patches from Jan 521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch 521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch 521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch 521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch 521e1156-x86-AVX-instruction-emulation-fixes.patch 521ef8d9-AMD-IOMMU-add-missing-checks.patch 52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch 52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch 52205e27-x86-xsave-initialization-improvements.patch 5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch 52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch 52285317-hvmloader-fix-SeaBIOS-interface.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=271 --- ...Dom0-access-to-the-MSI-address-range.patch | 24 ++ ...-Dom0-access-to-the-HT-address-range.patch | 23 ++ ...l-add-support-for-Haswell-CPU-models.patch | 52 ++++ ...-list-corruption-on-second-S3-resume.patch | 42 +++ ...-x86-AVX-instruction-emulation-fixes.patch | 254 ++++++++++++++++++ 521ef8d9-AMD-IOMMU-add-missing-checks.patch | 29 ++ ...y-count-the-number-of-tables-written.patch | 28 ++ ...BI-regression-for-OEM-SMBios-strings.patch | 42 +++ ...86-xsave-initialization-improvements.patch | 103 +++++++ ...onfiguration-space-when-saving-state.patch | 31 +++ ...ile-descriptor-leak-in-pci-utilities.patch | 48 ++++ ...5317-hvmloader-fix-SeaBIOS-interface.patch | 84 ++++++ disable_emulated_device.patch | 4 +- xen.changes | 17 ++ xen.spec | 26 +- xend-traditional-qemu.patch | 2 +- 16 files changed, 805 insertions(+), 4 deletions(-) create mode 100644 521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch create mode 100644 521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch create mode 100644 521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch create mode 100644 521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch create mode 100644 521e1156-x86-AVX-instruction-emulation-fixes.patch create mode 100644 521ef8d9-AMD-IOMMU-add-missing-checks.patch create mode 100644 52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch create mode 100644 52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch create mode 100644 52205e27-x86-xsave-initialization-improvements.patch create mode 100644 5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch create mode 100644 52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch create mode 100644 52285317-hvmloader-fix-SeaBIOS-interface.patch diff --git a/521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch b/521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch new file mode 100644 index 0000000..d0dd632 --- /dev/null +++ b/521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch @@ -0,0 +1,24 @@ +# Commit 850188e1278cecd1dfb9b936024bee2d8dfdcc18 +# Date 2013-08-27 11:11:38 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86: don't allow Dom0 access to the MSI address range + +In particular, MMIO assignments should not be done using this area. + +Signed-off-by: Jan Beulich +Acked-by Xiantao Zhang + +--- 2013-08-30.orig/xen/arch/x86/domain_build.c 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/xen/arch/x86/domain_build.c 2013-09-09 11:23:00.000000000 +0200 +@@ -1122,6 +1122,10 @@ int __init construct_dom0( + if ( !rangeset_contains_singleton(mmio_ro_ranges, mfn) ) + rc |= iomem_deny_access(dom0, mfn, mfn); + } ++ /* MSI range. */ ++ rc |= iomem_deny_access(dom0, paddr_to_pfn(MSI_ADDR_BASE_LO), ++ paddr_to_pfn(MSI_ADDR_BASE_LO + ++ MSI_ADDR_DEST_ID_MASK)); + + /* Remove access to E820_UNUSABLE I/O regions above 1MB. */ + for ( i = 0; i < e820.nr_map; i++ ) diff --git a/521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch b/521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch new file mode 100644 index 0000000..cb8fdb4 --- /dev/null +++ b/521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch @@ -0,0 +1,23 @@ +# Commit d838ac2539cf1987bea6e15662fd6a80a58fe26d +# Date 2013-08-27 11:12:12 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86: don't allow Dom0 access to the HT address range + +In particular, MMIO assignments should not be done using this area. + +Signed-off-by: Jan Beulich + +--- 2013-08-30.orig/xen/arch/x86/domain_build.c 2013-09-09 11:23:00.000000000 +0200 ++++ 2013-08-30/xen/arch/x86/domain_build.c 2013-09-09 11:23:06.000000000 +0200 +@@ -1126,6 +1126,10 @@ int __init construct_dom0( + rc |= iomem_deny_access(dom0, paddr_to_pfn(MSI_ADDR_BASE_LO), + paddr_to_pfn(MSI_ADDR_BASE_LO + + MSI_ADDR_DEST_ID_MASK)); ++ /* HyperTransport range. */ ++ if ( boot_cpu_data.x86_vendor == X86_VENDOR_AMD ) ++ rc |= iomem_deny_access(dom0, paddr_to_pfn(0xfdULL << 32), ++ paddr_to_pfn((1ULL << 40) - 1)); + + /* Remove access to E820_UNUSABLE I/O regions above 1MB. */ + for ( i = 0; i < e820.nr_map; i++ ) diff --git a/521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch b/521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch new file mode 100644 index 0000000..b8cd049 --- /dev/null +++ b/521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch @@ -0,0 +1,52 @@ +# Commit 3e787021fb2420851c7bdc3911ea53c728ba5ac0 +# Date 2013-08-27 11:15:15 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86/Intel: add support for Haswell CPU models + +... according to their most recent public documentation. + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- 2013-08-30.orig/xen/arch/x86/acpi/cpu_idle.c 2013-08-30 00:00:00.000000000 +0200 ++++ 2013-08-30/xen/arch/x86/acpi/cpu_idle.c 2013-09-06 13:46:10.000000000 +0200 +@@ -135,8 +135,10 @@ static void do_get_hw_residencies(void * + case 0x3A: + case 0x3E: + /* Haswell */ +- case 0x3c: ++ case 0x3C: ++ case 0x3F: + case 0x45: ++ case 0x46: + GET_PC2_RES(hw_res->pc2); + GET_CC7_RES(hw_res->cc7); + /* fall through */ +--- 2013-08-30.orig/xen/arch/x86/hvm/vmx/vmx.c 2013-09-06 00:00:00.000000000 +0200 ++++ 2013-08-30/xen/arch/x86/hvm/vmx/vmx.c 2013-09-06 13:46:10.000000000 +0200 +@@ -1814,7 +1814,7 @@ static const struct lbr_info *last_branc + /* Ivy Bridge */ + case 58: case 62: + /* Haswell */ +- case 60: case 69: ++ case 60: case 63: case 69: case 70: + return nh_lbr; + break; + /* Atom */ +--- 2013-08-30.orig/xen/arch/x86/hvm/vmx/vpmu_core2.c 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/xen/arch/x86/hvm/vmx/vpmu_core2.c 2013-09-06 13:46:10.000000000 +0200 +@@ -878,7 +878,12 @@ int vmx_vpmu_initialise(struct vcpu *v, + + case 0x3a: /* IvyBridge */ + case 0x3e: /* IvyBridge EP */ +- case 0x3c: /* Haswell */ ++ ++ /* Haswell: */ ++ case 0x3c: ++ case 0x3f: ++ case 0x45: ++ case 0x46: + ret = core2_vpmu_initialise(v, vpmu_flags); + if ( !ret ) + vpmu->arch_vpmu_ops = &core2_vpmu_ops; diff --git a/521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch b/521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch new file mode 100644 index 0000000..9b1dbe8 --- /dev/null +++ b/521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch @@ -0,0 +1,42 @@ +# Commit 9e2c5938246546a5b3f698b7421640d85602b994 +# Date 2013-08-28 10:18:39 +0200 +# Author Tomasz Wroblewski +# Committer Jan Beulich +Fix inactive timer list corruption on second S3 resume + +init_timer cannot be safely called multiple times on same timer since it does memset(0) +on the structure, erasing the auxiliary member used by linked list code. This breaks +inactive timer list in common/timer.c. + +Moved resume_timer initialisation to ns16550_init_postirq, so it's only done once. + +Signed-off-by: Tomasz Wroblewski +Acked-by: Keir Fraser + +--- 2013-08-30.orig/xen/drivers/char/ns16550.c 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/xen/drivers/char/ns16550.c 2013-09-06 13:46:19.000000000 +0200 +@@ -128,6 +128,8 @@ static struct ns16550 { + #define RESUME_DELAY MILLISECS(10) + #define RESUME_RETRIES 100 + ++static void ns16550_delayed_resume(void *data); ++ + static char ns_read_reg(struct ns16550 *uart, int reg) + { + if ( uart->remapped_io_base == NULL ) +@@ -323,6 +325,7 @@ static void __init ns16550_init_postirq( + serial_async_transmit(port); + + init_timer(&uart->timer, ns16550_poll, port, 0); ++ init_timer(&uart->resume_timer, ns16550_delayed_resume, port, 0); + + /* Calculate time to fill RX FIFO and/or empty TX FIFO for polling. */ + bits = uart->data_bits + uart->stop_bits + !!uart->parity; +@@ -413,7 +416,6 @@ static void ns16550_resume(struct serial + if ( ns16550_ioport_invalid(uart) ) + { + delayed_resume_tries = RESUME_RETRIES; +- init_timer(&uart->resume_timer, ns16550_delayed_resume, port, 0); + set_timer(&uart->resume_timer, NOW() + RESUME_DELAY); + } + else diff --git a/521e1156-x86-AVX-instruction-emulation-fixes.patch b/521e1156-x86-AVX-instruction-emulation-fixes.patch new file mode 100644 index 0000000..d26866e --- /dev/null +++ b/521e1156-x86-AVX-instruction-emulation-fixes.patch @@ -0,0 +1,254 @@ +# Commit 062919448e2f4b127c9c3c085b1a8e1d56a33051 +# Date 2013-08-28 17:03:50 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86: AVX instruction emulation fixes + +- we used the C4/C5 (first prefix) byte instead of the apparent ModR/M + one as the second prefix byte +- early decoding normalized vex.reg, thus corrupting it for the main + consumer (copy_REX_VEX()), resulting in #UD on the two-operand + instructions we emulate + +Also add respective test cases to the testing utility plus +- fix get_fpu() (the fall-through order was inverted) +- add cpu_has_avx2, even if it's currently unused (as in the new test + cases I decided to refrain from using AVX2 instructions in order to + be able to actually run all the tests on the hardware I have) +- slightly tweak cpu_has_avx to more consistently express the outputs + we don't care about (sinking them all into the same variable) + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- 2013-08-30.orig/tools/tests/x86_emulator/test_x86_emulator.c 2012-09-18 23:42:06.000000000 +0200 ++++ 2013-08-30/tools/tests/x86_emulator/test_x86_emulator.c 2013-09-09 11:23:32.000000000 +0200 +@@ -94,13 +94,25 @@ static inline uint64_t xgetbv(uint32_t x + } + + #define cpu_has_avx ({ \ +- unsigned int eax = 1, ecx = 0, edx; \ +- cpuid(&eax, &edx, &ecx, &edx, NULL); \ ++ unsigned int eax = 1, ecx = 0; \ ++ cpuid(&eax, &eax, &ecx, &eax, NULL); \ + if ( !(ecx & (1U << 27)) || ((xgetbv(0) & 6) != 6) ) \ + ecx = 0; \ + (ecx & (1U << 28)) != 0; \ + }) + ++#define cpu_has_avx2 ({ \ ++ unsigned int eax = 1, ebx, ecx = 0; \ ++ cpuid(&eax, &ebx, &ecx, &eax, NULL); \ ++ if ( !(ecx & (1U << 27)) || ((xgetbv(0) & 6) != 6) ) \ ++ ebx = 0; \ ++ else { \ ++ eax = 7, ecx = 0; \ ++ cpuid(&eax, &ebx, &ecx, &eax, NULL); \ ++ } \ ++ (ebx & (1U << 5)) != 0; \ ++}) ++ + int get_fpu( + void (*exception_callback)(void *, struct cpu_user_regs *), + void *exception_callback_arg, +@@ -111,14 +123,14 @@ int get_fpu( + { + case X86EMUL_FPU_fpu: + break; +- case X86EMUL_FPU_ymm: +- if ( cpu_has_avx ) ++ case X86EMUL_FPU_mmx: ++ if ( cpu_has_mmx ) + break; + case X86EMUL_FPU_xmm: + if ( cpu_has_sse ) + break; +- case X86EMUL_FPU_mmx: +- if ( cpu_has_mmx ) ++ case X86EMUL_FPU_ymm: ++ if ( cpu_has_avx ) + break; + default: + return X86EMUL_UNHANDLEABLE; +@@ -629,6 +641,73 @@ int main(int argc, char **argv) + else + printf("skipped\n"); + ++ printf("%-40s", "Testing vmovdqu %ymm2,(%ecx)..."); ++ if ( stack_exec && cpu_has_avx ) ++ { ++ extern const unsigned char vmovdqu_to_mem[]; ++ ++ asm volatile ( "vpcmpeqb %%xmm2, %%xmm2, %%xmm2\n" ++ ".pushsection .test, \"a\", @progbits\n" ++ "vmovdqu_to_mem: vmovdqu %%ymm2, (%0)\n" ++ ".popsection" :: "c" (NULL) ); ++ ++ memcpy(instr, vmovdqu_to_mem, 15); ++ memset(res, 0x55, 128); ++ memset(res + 16, 0xff, 16); ++ memset(res + 20, 0x00, 16); ++ regs.eip = (unsigned long)&instr[0]; ++ regs.ecx = (unsigned long)res; ++ rc = x86_emulate(&ctxt, &emulops); ++ if ( (rc != X86EMUL_OKAY) || memcmp(res, res + 16, 64) ) ++ goto fail; ++ printf("okay\n"); ++ } ++ else ++ printf("skipped\n"); ++ ++ printf("%-40s", "Testing vmovdqu (%edx),%ymm4..."); ++ if ( stack_exec && cpu_has_avx ) ++ { ++ extern const unsigned char vmovdqu_from_mem[]; ++ ++#if 0 /* Don't use AVX2 instructions for now */ ++ asm volatile ( "vpcmpgtb %%ymm4, %%ymm4, %%ymm4\n" ++#else ++ asm volatile ( "vpcmpgtb %%xmm4, %%xmm4, %%xmm4\n\t" ++ "vinsertf128 $1, %%xmm4, %%ymm4, %%ymm4\n" ++#endif ++ ".pushsection .test, \"a\", @progbits\n" ++ "vmovdqu_from_mem: vmovdqu (%0), %%ymm4\n" ++ ".popsection" :: "d" (NULL) ); ++ ++ memcpy(instr, vmovdqu_from_mem, 15); ++ memset(res + 4, 0xff, 16); ++ regs.eip = (unsigned long)&instr[0]; ++ regs.ecx = 0; ++ regs.edx = (unsigned long)res; ++ rc = x86_emulate(&ctxt, &emulops); ++ if ( rc != X86EMUL_OKAY ) ++ goto fail; ++#if 0 /* Don't use AVX2 instructions for now */ ++ asm ( "vpcmpeqb %%ymm2, %%ymm2, %%ymm2\n\t" ++ "vpcmpeqb %%ymm4, %%ymm2, %%ymm0\n\t" ++ "vpmovmskb %%ymm1, %0" : "=r" (rc) ); ++#else ++ asm ( "vextractf128 $1, %%ymm4, %%xmm3\n\t" ++ "vpcmpeqb %%xmm2, %%xmm2, %%xmm2\n\t" ++ "vpcmpeqb %%xmm4, %%xmm2, %%xmm0\n\t" ++ "vpcmpeqb %%xmm3, %%xmm2, %%xmm1\n\t" ++ "vpmovmskb %%xmm0, %0\n\t" ++ "vpmovmskb %%xmm1, %1" : "=r" (rc), "=r" (i) ); ++ rc |= i << 16; ++#endif ++ if ( rc != 0xffffffff ) ++ goto fail; ++ printf("okay\n"); ++ } ++ else ++ printf("skipped\n"); ++ + printf("%-40s", "Testing movsd %xmm5,(%ecx)..."); + memset(res, 0x77, 64); + memset(res + 10, 0x66, 8); +@@ -683,6 +762,59 @@ int main(int argc, char **argv) + else + printf("skipped\n"); + ++ printf("%-40s", "Testing vmovsd %xmm5,(%ecx)..."); ++ memset(res, 0x88, 64); ++ memset(res + 10, 0x77, 8); ++ if ( stack_exec && cpu_has_avx ) ++ { ++ extern const unsigned char vmovsd_to_mem[]; ++ ++ asm volatile ( "vbroadcastsd %0, %%ymm5\n" ++ ".pushsection .test, \"a\", @progbits\n" ++ "vmovsd_to_mem: vmovsd %%xmm5, (%1)\n" ++ ".popsection" :: "m" (res[10]), "c" (NULL) ); ++ ++ memcpy(instr, vmovsd_to_mem, 15); ++ regs.eip = (unsigned long)&instr[0]; ++ regs.ecx = (unsigned long)(res + 2); ++ regs.edx = 0; ++ rc = x86_emulate(&ctxt, &emulops); ++ if ( (rc != X86EMUL_OKAY) || memcmp(res, res + 8, 32) ) ++ goto fail; ++ printf("okay\n"); ++ } ++ else ++ { ++ printf("skipped\n"); ++ memset(res + 2, 0x77, 8); ++ } ++ ++ printf("%-40s", "Testing vmovaps (%edx),%ymm7..."); ++ if ( stack_exec && cpu_has_avx ) ++ { ++ extern const unsigned char vmovaps_from_mem[]; ++ ++ asm volatile ( "vxorps %%ymm7, %%ymm7, %%ymm7\n" ++ ".pushsection .test, \"a\", @progbits\n" ++ "vmovaps_from_mem: vmovaps (%0), %%ymm7\n" ++ ".popsection" :: "d" (NULL) ); ++ ++ memcpy(instr, vmovaps_from_mem, 15); ++ regs.eip = (unsigned long)&instr[0]; ++ regs.ecx = 0; ++ regs.edx = (unsigned long)res; ++ rc = x86_emulate(&ctxt, &emulops); ++ if ( rc != X86EMUL_OKAY ) ++ goto fail; ++ asm ( "vcmpeqps %1, %%ymm7, %%ymm0\n\t" ++ "vmovmskps %%ymm0, %0" : "=r" (rc) : "m" (res[8]) ); ++ if ( rc != 0xff ) ++ goto fail; ++ printf("okay\n"); ++ } ++ else ++ printf("skipped\n"); ++ + for ( j = 1; j <= 2; j++ ) + { + #if defined(__i386__) +--- 2013-08-30.orig/xen/arch/x86/x86_emulate/x86_emulate.c 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/xen/arch/x86/x86_emulate/x86_emulate.c 2013-09-09 11:23:33.000000000 +0200 +@@ -1454,10 +1454,10 @@ x86_emulate( + /* VEX */ + generate_exception_if(rex_prefix || vex.pfx, EXC_UD, -1); + +- vex.raw[0] = b; ++ vex.raw[0] = modrm; + if ( b & 1 ) + { +- vex.raw[1] = b; ++ vex.raw[1] = modrm; + vex.opcx = vex_0f; + vex.x = 1; + vex.b = 1; +@@ -1479,10 +1479,7 @@ x86_emulate( + } + } + } +- vex.reg ^= 0xf; +- if ( !mode_64bit() ) +- vex.reg &= 0x7; +- else if ( !vex.r ) ++ if ( mode_64bit() && !vex.r ) + rex_prefix |= REX_R; + + fail_if(vex.opcx != vex_0f); +@@ -3899,8 +3896,9 @@ x86_emulate( + else + { + fail_if((vex.opcx != vex_0f) || +- (vex.reg && ((ea.type == OP_MEM) || +- !(vex.pfx & VEX_PREFIX_SCALAR_MASK)))); ++ ((vex.reg != 0xf) && ++ ((ea.type == OP_MEM) || ++ !(vex.pfx & VEX_PREFIX_SCALAR_MASK)))); + vcpu_must_have_avx(); + get_fpu(X86EMUL_FPU_ymm, &fic); + ea.bytes = 16 << vex.l; +@@ -4168,7 +4166,7 @@ x86_emulate( + } + else + { +- fail_if((vex.opcx != vex_0f) || vex.reg || ++ fail_if((vex.opcx != vex_0f) || (vex.reg != 0xf) || + ((vex.pfx != vex_66) && (vex.pfx != vex_f3))); + vcpu_must_have_avx(); + get_fpu(X86EMUL_FPU_ymm, &fic); diff --git a/521ef8d9-AMD-IOMMU-add-missing-checks.patch b/521ef8d9-AMD-IOMMU-add-missing-checks.patch new file mode 100644 index 0000000..1b10c7e --- /dev/null +++ b/521ef8d9-AMD-IOMMU-add-missing-checks.patch @@ -0,0 +1,29 @@ +# Commit 3785d30efe8264b899499e0883b10cc434bd0959 +# Date 2013-08-29 09:31:37 +0200 +# Author Jan Beulich +# Committer Jan Beulich +AMD IOMMU: add missing check + +We shouldn't accept IVHD tables specifying IO-APIC IDs beyond the limit +we support (MAX_IO_APICS, currently 128). + +Signed-off-by: Jan Beulich +Reviewed-by: Andrew Cooper +Acked-by: Suravee Suthikulpanit + +--- 2013-08-30.orig/xen/drivers/passthrough/amd/iommu_acpi.c 2013-08-30 13:48:36.000000000 +0200 ++++ 2013-08-30/xen/drivers/passthrough/amd/iommu_acpi.c 2013-09-06 13:49:07.000000000 +0200 +@@ -674,6 +674,13 @@ static u16 __init parse_ivhd_device_spec + if ( IO_APIC_ID(apic) != special->handle ) + continue; + ++ if ( special->handle >= ARRAY_SIZE(ioapic_sbdf) ) ++ { ++ printk(XENLOG_ERR "IVHD Error: IO-APIC %#x entry beyond bounds\n", ++ special->handle); ++ return 0; ++ } ++ + if ( ioapic_sbdf[special->handle].pin_2_idx ) + { + if ( ioapic_sbdf[special->handle].bdf == bdf && diff --git a/52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch b/52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch new file mode 100644 index 0000000..b970686 --- /dev/null +++ b/52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch @@ -0,0 +1,28 @@ +# Commit 4aa19549e17650b9bfe2b31d7f52a95696d388f0 +# Date 2013-08-30 10:40:29 +0200 +# Author Andrew Cooper +# Committer Jan Beulich +hvmloader/smbios: Correctly count the number of tables written + +Fixes regression indirectly introduced by c/s 4d23036e709627 + +That changeset added some smbios tables which were option based on the +toolstack providing appropriate xenstore keys. The do_struct() macro would +unconditionally increment nr_structs, even if a table was not actually +written. + +Signed-off-by: Andrew Cooper +Acked-by: Keir Fraser + +--- 2013-08-30.orig/tools/firmware/hvmloader/smbios.c 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/tools/firmware/hvmloader/smbios.c 2013-09-09 11:23:52.000000000 +0200 +@@ -192,7 +192,8 @@ write_smbios_tables(void *ep, void *star + + #define do_struct(fn) do { \ + q = (fn); \ +- (*nr_structs)++; \ ++ if ( q != p ) \ ++ (*nr_structs)++; \ + if ( (q - p) > *max_struct_size ) \ + *max_struct_size = q - p; \ + p = q; \ diff --git a/52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch b/52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch new file mode 100644 index 0000000..05f4a7d --- /dev/null +++ b/52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch @@ -0,0 +1,42 @@ +# Commit 0f4cb23c3ea5b987c49c9a9368e7a0d505ec064f +# Date 2013-08-30 10:40:48 +0200 +# Author Andrew Cooper +# Committer Jan Beulich +public/hvm_xs_strings.h: Fix ABI regression for OEM SMBios strings + +The old code for OEM SMBios strings was: + + char path[20] = "bios-strings/oem-XX"; + path[(sizeof path) - 3] = '0' + ((i < 10) ? i : i / 10); + path[(sizeof path) - 2] = (i < 10) ? '\0' : '0' + (i % 10); + +Where oem-1 thru 9 specifically had no leading 0. + +However, the definition of HVM_XS_OEM_STRINGS specifically requires leading +0s. + +This regression was introduced by the combination of c/s 4d23036e709627 and +e64c3f71ceb662 + +I realise that this patch causes a change to the public headers. However I +feel it is justified as: + +* All toolstacks used to have to embed the magic string (and almost certainly + still do) +* If by some miriacle a new toolstack has started using the new define will + continue to work. +* The only intree consumer of the define is hvmloader itself. + +Signed-off-by: Andrew Cooper +Acked-by: Keir Fraser + +--- 2013-08-30.orig/xen/include/public/hvm/hvm_xs_strings.h 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/xen/include/public/hvm/hvm_xs_strings.h 2013-09-09 11:23:57.000000000 +0200 +@@ -75,6 +75,6 @@ + /* 1 to 99 OEM strings can be set in xenstore using values of the form + * below. These strings will be loaded into the SMBIOS type 11 structure. + */ +-#define HVM_XS_OEM_STRINGS "bios-strings/oem-%02d" ++#define HVM_XS_OEM_STRINGS "bios-strings/oem-%d" + + #endif /* __XEN_PUBLIC_HVM_HVM_XS_STRINGS_H__ */ diff --git a/52205e27-x86-xsave-initialization-improvements.patch b/52205e27-x86-xsave-initialization-improvements.patch new file mode 100644 index 0000000..f65a16f --- /dev/null +++ b/52205e27-x86-xsave-initialization-improvements.patch @@ -0,0 +1,103 @@ +# Commit c6066e78f4a66005b0d5d86c6ade32e2ab78923a +# Date 2013-08-30 10:56:07 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86/xsave: initialization improvements + +- properly validate available feature set on APs +- also validate xsaveopt availability on APs +- properly indicate whether the initialization is on the BSP (we + shouldn't be using "cpu == 0" checks for this) + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- 2013-08-30.orig/xen/arch/x86/cpu/common.c 2013-08-30 00:00:00.000000000 +0200 ++++ 2013-08-30/xen/arch/x86/cpu/common.c 2013-09-09 11:24:05.000000000 +0200 +@@ -304,7 +304,7 @@ void __cpuinit identify_cpu(struct cpuin + clear_bit(X86_FEATURE_XSAVE, boot_cpu_data.x86_capability); + + if ( cpu_has_xsave ) +- xstate_init(); ++ xstate_init(c == &boot_cpu_data); + + /* + * The vendor-specific functions might have changed features. Now +--- 2013-08-30.orig/xen/arch/x86/xstate.c 2013-09-09 11:21:56.000000000 +0200 ++++ 2013-08-30/xen/arch/x86/xstate.c 2013-09-09 11:24:05.000000000 +0200 +@@ -247,11 +247,10 @@ void xstate_free_save_area(struct vcpu * + } + + /* Collect the information of processor's extended state */ +-void xstate_init(void) ++void xstate_init(bool_t bsp) + { +- u32 eax, ebx, ecx, edx; +- int cpu = smp_processor_id(); +- u32 min_size; ++ u32 eax, ebx, ecx, edx, min_size; ++ u64 feature_mask; + + if ( boot_cpu_data.cpuid_level < XSTATE_CPUID ) + return; +@@ -260,6 +259,7 @@ void xstate_init(void) + + BUG_ON((eax & XSTATE_FP_SSE) != XSTATE_FP_SSE); + BUG_ON((eax & XSTATE_YMM) && !(eax & XSTATE_SSE)); ++ feature_mask = (((u64)edx << 32) | eax) & XCNTXT_MASK; + + /* FP/SSE, XSAVE.HEADER, YMM */ + min_size = XSTATE_AREA_MIN_SIZE; +@@ -271,31 +271,33 @@ void xstate_init(void) + * Set CR4_OSXSAVE and run "cpuid" to get xsave_cntxt_size. + */ + set_in_cr4(X86_CR4_OSXSAVE); +- if ( !set_xcr0((((u64)edx << 32) | eax) & XCNTXT_MASK) ) ++ if ( !set_xcr0(feature_mask) ) + BUG(); + cpuid_count(XSTATE_CPUID, 0, &eax, &ebx, &ecx, &edx); + +- if ( cpu == 0 ) ++ if ( bsp ) + { ++ xfeature_mask = feature_mask; + /* + * xsave_cntxt_size is the max size required by enabled features. + * We know FP/SSE and YMM about eax, and nothing about edx at present. + */ + xsave_cntxt_size = ebx; +- xfeature_mask = eax + ((u64)edx << 32); +- xfeature_mask &= XCNTXT_MASK; + printk("%s: using cntxt_size: %#x and states: %#"PRIx64"\n", + __func__, xsave_cntxt_size, xfeature_mask); +- +- /* Check XSAVEOPT feature. */ +- cpuid_count(XSTATE_CPUID, 1, &eax, &ebx, &ecx, &edx); +- cpu_has_xsaveopt = !!(eax & XSTATE_FEATURE_XSAVEOPT); + } + else + { ++ BUG_ON(xfeature_mask != feature_mask); + BUG_ON(xsave_cntxt_size != ebx); +- BUG_ON(xfeature_mask != (xfeature_mask & XCNTXT_MASK)); + } ++ ++ /* Check XSAVEOPT feature. */ ++ cpuid_count(XSTATE_CPUID, 1, &eax, &ebx, &ecx, &edx); ++ if ( bsp ) ++ cpu_has_xsaveopt = !!(eax & XSTATE_FEATURE_XSAVEOPT); ++ else ++ BUG_ON(!cpu_has_xsaveopt != !(eax & XSTATE_FEATURE_XSAVEOPT)); + } + + int handle_xsetbv(u32 index, u64 new_bv) +--- 2013-08-30.orig/xen/include/asm-x86/xstate.h 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/xen/include/asm-x86/xstate.h 2013-09-09 11:24:05.000000000 +0200 +@@ -81,6 +81,6 @@ int __must_check handle_xsetbv(u32 index + /* extended state init and cleanup functions */ + void xstate_free_save_area(struct vcpu *v); + int xstate_alloc_save_area(struct vcpu *v); +-void xstate_init(void); ++void xstate_init(bool_t bsp); + + #endif /* __ASM_XSTATE_H */ diff --git a/5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch b/5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch new file mode 100644 index 0000000..795b865 --- /dev/null +++ b/5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch @@ -0,0 +1,31 @@ +# Commit 1893cf77992cc0ce9d827a8d345437fa2494b540 +# Date 2013-09-03 16:36:47 +0100 +# Author Steven Noonan +# Committer Ian Campbell +xend: handle extended PCI configuration space when saving state + +Newer PCI standards (e.g., PCI-X 2.0 and PCIe) introduce extended +configuration space which is larger than 256 bytes. This patch uses +stat() to determine the amount of space used to correctly save all of +the PCI configuration space. Resets handled by the xen-pciback driver +don't have this problem, as that code correctly handles saving +extended configuration space. + +Signed-off-by: Steven Noonan +Reviewed-by: Matt Wilson +[msw: adjusted commit message] +Signed-off-by: Matt Wilson + +--- 2013-08-30.orig/tools/python/xen/util/pci.py 2013-09-09 11:21:53.000000000 +0200 ++++ 2013-08-30/tools/python/xen/util/pci.py 2013-09-09 11:24:09.000000000 +0200 +@@ -521,8 +521,9 @@ def save_pci_conf_space(devs_string): + pci_path = sysfs_mnt + SYSFS_PCI_DEVS_PATH + '/' + pci_str + \ + SYSFS_PCI_DEV_CONFIG_PATH + fd = os.open(pci_path, os.O_RDONLY) ++ size = os.fstat(fd).st_size + configs = [] +- for i in range(0, 256, 4): ++ for i in range(0, size, 4): + configs = configs + [os.read(fd,4)] + os.close(fd) + pci_list = pci_list + [pci_path] diff --git a/52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch b/52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch new file mode 100644 index 0000000..acf1bbf --- /dev/null +++ b/52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch @@ -0,0 +1,48 @@ +# Commit 749019afca4fd002d36856bad002cc11f7d0ddda +# Date 2013-09-03 16:36:52 +0100 +# Author Xi Xiong +# Committer Ian Campbell +xend: fix file descriptor leak in pci utilities + +A file descriptor leak was detected after creating multiple domUs with +pass-through PCI devices. This patch fixes the issue. + +Signed-off-by: Xi Xiong +Reviewed-by: Matt Wilson +[msw: adjusted commit message] +Signed-off-by: Matt Wilson + +--- 2013-08-30.orig/tools/python/xen/util/pci.py 2013-09-09 11:24:09.000000000 +0200 ++++ 2013-08-30/tools/python/xen/util/pci.py 2013-09-09 11:24:14.000000000 +0200 +@@ -969,18 +969,22 @@ class PciDevice: + ttl = 480; # 3840 bytes, minimum 8 bytes per capability + pos = 0x100 + ++ fd = None + try: + fd = os.open(path, os.O_RDONLY) + os.lseek(fd, pos, 0) + h = os.read(fd, 4) + if len(h) == 0: # MMCONF is not enabled? ++ os.close(fd) + return 0 + header = struct.unpack('I', h)[0] + if header == 0 or header == -1: ++ os.close(fd) + return 0 + + while ttl > 0: + if (header & 0x0000ffff) == cap: ++ os.close(fd) + return pos + pos = (header >> 20) & 0xffc + if pos < 0x100: +@@ -990,6 +994,8 @@ class PciDevice: + ttl = ttl - 1 + os.close(fd) + except OSError, (errno, strerr): ++ if fd is not None: ++ os.close(fd) + raise PciDeviceParseError(('Error when accessing sysfs: %s (%d)' % + (strerr, errno))) + return 0 diff --git a/52285317-hvmloader-fix-SeaBIOS-interface.patch b/52285317-hvmloader-fix-SeaBIOS-interface.patch new file mode 100644 index 0000000..1f7e73b --- /dev/null +++ b/52285317-hvmloader-fix-SeaBIOS-interface.patch @@ -0,0 +1,84 @@ +# Commit 5f2875739beef3a75c7a7e8579b6cbcb464e61b3 +# Date 2013-09-05 11:47:03 +0200 +# Author Jan Beulich +# Committer Jan Beulich +hvmloader: fix SeaBIOS interface + +The SeaBIOS ROM image may validly exceed 128k in size, it's only our +interface code that so far assumed that it wouldn't. Remove that +restriction by setting the base address depending on image size. + +Add a check to HVM loader so that too big images won't result in silent +guest failure anymore. + +Uncomment the intended build-time size check for rombios, moving it +into a function so that it would actually compile. + +Signed-off-by: Jan Beulich +Acked-by: Ian Campbell + +--- 2013-08-30.orig/tools/firmware/hvmloader/config-seabios.h 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/tools/firmware/hvmloader/config-seabios.h 2013-09-09 11:24:23.000000000 +0200 +@@ -3,8 +3,6 @@ + + #define BIOS_INFO_PHYSICAL_ADDRESS 0x00001000 + +-#define SEABIOS_PHYSICAL_ADDRESS 0x000E0000 +- + #endif /* __HVMLOADER_CONFIG_SEABIOS_H__ */ + + /* +--- 2013-08-30.orig/tools/firmware/hvmloader/hvmloader.c 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/tools/firmware/hvmloader/hvmloader.c 2013-09-09 11:24:23.000000000 +0200 +@@ -292,8 +292,12 @@ int main(void) + if ( bios->bios_load ) + bios->bios_load(bios); + else ++ { ++ BUG_ON(bios->bios_address + bios->image_size > ++ HVMLOADER_PHYSICAL_ADDRESS); + memcpy((void *)bios->bios_address, bios->image, + bios->image_size); ++ } + + if ( (hvm_info->nr_vcpus > 1) || hvm_info->apic_mode ) + { +--- 2013-08-30.orig/tools/firmware/hvmloader/rombios.c 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/tools/firmware/hvmloader/rombios.c 2013-09-09 11:24:23.000000000 +0200 +@@ -127,6 +127,8 @@ static void rombios_load(const struct bi + uint32_t bioshigh; + struct rombios_info *info; + ++ BUILD_BUG_ON(sizeof(rombios) > 0x100000 - ROMBIOS_PHYSICAL_ADDRESS); ++ + memcpy((void *)config->bios_address, config->image, + config->image_size); + +@@ -206,8 +208,6 @@ static void rombios_create_smbios_tables + SMBIOS_PHYSICAL_END); + } + +-//BUILD_BUG_ON(sizeof(rombios) > (0x00100000U - ROMBIOS_PHYSICAL_ADDRESS)); +- + struct bios_config rombios_config = { + .name = "ROMBIOS", + +--- 2013-08-30.orig/tools/firmware/hvmloader/seabios.c 2013-07-09 20:57:12.000000000 +0200 ++++ 2013-08-30/tools/firmware/hvmloader/seabios.c 2013-09-09 11:24:23.000000000 +0200 +@@ -133,15 +133,13 @@ static void seabios_setup_e820(void) + dump_e820_table(e820, info->e820_nr); + } + +-//BUILD_BUG_ON(sizeof(seabios) > (0x00100000U - SEABIOS_PHYSICAL_ADDRESS)); +- + struct bios_config seabios_config = { + .name = "SeaBIOS", + + .image = seabios, + .image_size = sizeof(seabios), + +- .bios_address = SEABIOS_PHYSICAL_ADDRESS, ++ .bios_address = 0x100000 - sizeof(seabios), + + .load_roms = NULL, + diff --git a/disable_emulated_device.patch b/disable_emulated_device.patch index 1fbb185..3a5dc09 100644 --- a/disable_emulated_device.patch +++ b/disable_emulated_device.patch @@ -17,7 +17,7 @@ Index: xen-4.3.0-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci. =================================================================== --- xen-4.3.0-testing.orig/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c +++ xen-4.3.0-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c -@@ -67,7 +67,7 @@ MODULE_LICENSE("GPL"); +@@ -66,7 +66,7 @@ MODULE_LICENSE("GPL"); static char *dev_unplug; module_param(dev_unplug, charp, 0644); MODULE_PARM_DESC(dev_unplug, "Emulated devices to unplug: " @@ -26,7 +26,7 @@ Index: xen-4.3.0-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci. struct pci_dev *xen_platform_pdev; -@@ -291,6 +291,10 @@ static int check_platform_magic(struct d +@@ -290,6 +290,10 @@ static int check_platform_magic(struct d short magic, unplug = 0; char protocol, *p, *q, *err; diff --git a/xen.changes b/xen.changes index 311ef2a..7f62ee5 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Mon Sep 9 09:26:18 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch + 521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch + 521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch + 521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch + 521e1156-x86-AVX-instruction-emulation-fixes.patch + 521ef8d9-AMD-IOMMU-add-missing-checks.patch + 52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch + 52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch + 52205e27-x86-xsave-initialization-improvements.patch + 5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch + 52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch + 52285317-hvmloader-fix-SeaBIOS-interface.patch + ------------------------------------------------------------------- Tue Sep 3 16:23:16 MDT 2013 - carnold@suse.com diff --git a/xen.spec b/xen.spec index 605c6a3..585c0ba 100644 --- a/xen.spec +++ b/xen.spec @@ -139,7 +139,7 @@ BuildRequires: xorg-x11 BuildRequires: lndir %endif %endif -Version: 4.3.0_09 +Version: 4.3.0_10 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -222,6 +222,18 @@ Patch25: 5215d0c5-Nested-VMX-Force-check-ISR-when-L2-is-running.patch Patch26: 5215d135-Nested-VMX-Clear-APIC-v-control-bit-in-vmcs02.patch Patch27: 5215d2d5-Nested-VMX-Update-APIC-v-RVI-SVI-when-vmexit-to-L1.patch Patch28: 5215d8b0-Correct-X2-APIC-HVM-emulation.patch +Patch29: 521c6d4a-x86-don-t-allow-Dom0-access-to-the-MSI-address-range.patch +Patch30: 521c6d6c-x86-don-t-allow-Dom0-access-to-the-HT-address-range.patch +Patch31: 521c6e23-x86-Intel-add-support-for-Haswell-CPU-models.patch +Patch32: 521db25f-Fix-inactive-timer-list-corruption-on-second-S3-resume.patch +Patch33: 521e1156-x86-AVX-instruction-emulation-fixes.patch +Patch34: 521ef8d9-AMD-IOMMU-add-missing-checks.patch +Patch35: 52205a7d-hvmloader-smbios-Correctly-count-the-number-of-tables-written.patch +Patch36: 52205a90-public-hvm_xs_strings.h-Fix-ABI-regression-for-OEM-SMBios-strings.patch +Patch37: 52205e27-x86-xsave-initialization-improvements.patch +Patch38: 5226020f-xend-handle-extended-PCI-configuration-space-when-saving-state.patch +Patch39: 52260214-xend-fix-file-descriptor-leak-in-pci-utilities.patch +Patch40: 52285317-hvmloader-fix-SeaBIOS-interface.patch # Upstream qemu patches # Our patches Patch301: xen-destdir.patch @@ -538,6 +550,18 @@ Authors %patch26 -p1 %patch27 -p1 %patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 +%patch38 -p1 +%patch39 -p1 +%patch40 -p1 %patch301 -p1 %patch302 -p1 %patch303 -p1 diff --git a/xend-traditional-qemu.patch b/xend-traditional-qemu.patch index f0f53a0..76f1cf9 100644 --- a/xend-traditional-qemu.patch +++ b/xend-traditional-qemu.patch @@ -5312,7 +5312,7 @@ Index: xen-4.3.0-testing/tools/python/xen/util/pci.py def pci_dict_to_xc_str(dev): return __pci_dict_to_fmt_str('0x%x, 0x%x, 0x%x, 0x%x', dev) -@@ -560,6 +567,115 @@ def find_all_assignable_devices(): +@@ -561,6 +568,115 @@ def find_all_assignable_devices(): dev_list = dev_list + [dev] return dev_list