From 0d71e75f739ebac5d68f7822d9bc4e8aa0cf09bba79c46ab4078b7a647592b3b Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Fri, 22 Feb 2013 21:42:01 +0000 Subject: [PATCH 1/2] - Add upstream patch to fix vfb/vkb initialization in libxl 26369-libxl-devid.patch - fate##313584: pass bios information to XEN HVM guest 26554-hvm-firmware-passthrough.patch 26555-hvm-firmware-passthrough.patch 26556-hvm-firmware-passthrough.patch - Upstream patches from Jan 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26529-gcc48-build-fix.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) 26532-AMD-IOMMU-phantom-MSI.patch 26536-xenoprof-div-by-0.patch 26576-x86-APICV-migration.patch 26577-x86-APICV-x2APIC.patch 26578-AMD-IOMMU-replace-BUG_ON.patch - bnc#797014 - no way to control live migrations 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch 26550-tools-xc_restore_logging_in_xc_save.patch 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch - PVonHVM: __devinit was removed in linux-3.8 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=229 --- 26287-sched-credit-pick-idle.patch | 82 +++++ ...0-VT-d-intremap-verify-legacy-bridge.patch | 5 + 26369-libxl-devid.patch | 102 ++++++ 26370-libxc-x86-initial-mapping-fit.patch | 59 ++++ 26395-x86-FPU-context-conditional.patch | 46 +++ 26404-x86-forward-both-NMI-kinds.patch | 32 ++ 26418-x86-trampoline-consider-multiboot.patch | 94 +++++ 26427-x86-AMD-enable-WC+.patch | 51 +++ 26428-x86-HVM-RTC-update.patch | 38 ++ 26440-x86-forward-SERR.patch | 72 ++++ 26443-ACPI-zap-DMAR.patch | 116 +++++++ ...tch => 26444-x86-nHVM-no-self-enable.patch | 6 + 26501-VMX-simplify-CR0-update.patch | 64 ++++ 26502-VMX-disable-SMEP-when-not-paging.patch | 39 +++ 26516-ACPI-parse-table-retval.patch | 37 ++ 26517-AMD-IOMMU-clear-irtes.patch | 205 +++++++++++ ...-IOMMU-disable-if-SATA-combined-mode.patch | 77 +++++ 26519-AMD-IOMMU-perdev-intremap-default.patch | 55 +++ 26526-pvdrv-no-devinit.patch | 37 ++ 26529-gcc48-build-fix.patch | 21 ++ 26531-AMD-IOMMU-IVHD-special-missing.patch | 127 +++++++ 26532-AMD-IOMMU-phantom-MSI.patch | 137 ++++++++ 26536-xenoprof-div-by-0.patch | 39 +++ ..._logic_error_in_stdiostream_progress.patch | 26 ++ ..._differently_in_stdiostream_progress.patch | 62 ++++ ...-tools-xc_turn_XCFLAGS_*_into_shifts.patch | 36 ++ ...-tools-xc_restore_logging_in_xc_save.patch | 58 ++++ ...log_pid_in_xc_save-xc_restore_output.patch | 111 ++++++ 26554-hvm-firmware-passthrough.patch | 45 +++ 26555-hvm-firmware-passthrough.patch | 314 +++++++++++++++++ 26556-hvm-firmware-passthrough.patch | 320 +++++++++++++++++ 26576-x86-APICV-migration.patch | 108 ++++++ 26577-x86-APICV-x2APIC.patch | 240 +++++++++++++ 26578-AMD-IOMMU-replace-BUG_ON.patch | 25 ++ 32on64-extra-mem.patch | 8 +- tools-watchdog-support.patch | 46 +-- x86-fpu-context-conditional.patch | 13 - xen-managed-pci-device.patch | 326 ++++++++++++++++++ xen.changes | 91 +++++ xen.spec | 83 ++++- xend-domain-lock-sfex.patch | 48 +-- xend-domain-lock.patch | 46 +-- xenpaging.autostart.patch | 74 ++-- 43 files changed, 3489 insertions(+), 132 deletions(-) create mode 100644 26287-sched-credit-pick-idle.patch rename CVE-2012-5634-xsa33.patch => 26340-VT-d-intremap-verify-legacy-bridge.patch (82%) create mode 100644 26369-libxl-devid.patch create mode 100644 26370-libxc-x86-initial-mapping-fit.patch create mode 100644 26395-x86-FPU-context-conditional.patch create mode 100644 26404-x86-forward-both-NMI-kinds.patch create mode 100644 26418-x86-trampoline-consider-multiboot.patch create mode 100644 26427-x86-AMD-enable-WC+.patch create mode 100644 26428-x86-HVM-RTC-update.patch create mode 100644 26440-x86-forward-SERR.patch create mode 100644 26443-ACPI-zap-DMAR.patch rename CVE-2013-0152-xsa35.patch => 26444-x86-nHVM-no-self-enable.patch (77%) create mode 100644 26501-VMX-simplify-CR0-update.patch create mode 100644 26502-VMX-disable-SMEP-when-not-paging.patch create mode 100644 26516-ACPI-parse-table-retval.patch create mode 100644 26517-AMD-IOMMU-clear-irtes.patch create mode 100644 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch create mode 100644 26519-AMD-IOMMU-perdev-intremap-default.patch create mode 100644 26526-pvdrv-no-devinit.patch create mode 100644 26529-gcc48-build-fix.patch create mode 100644 26531-AMD-IOMMU-IVHD-special-missing.patch create mode 100644 26532-AMD-IOMMU-phantom-MSI.patch create mode 100644 26536-xenoprof-div-by-0.patch create mode 100644 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch create mode 100644 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch create mode 100644 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch create mode 100644 26550-tools-xc_restore_logging_in_xc_save.patch create mode 100644 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch create mode 100644 26554-hvm-firmware-passthrough.patch create mode 100644 26555-hvm-firmware-passthrough.patch create mode 100644 26556-hvm-firmware-passthrough.patch create mode 100644 26576-x86-APICV-migration.patch create mode 100644 26577-x86-APICV-x2APIC.patch create mode 100644 26578-AMD-IOMMU-replace-BUG_ON.patch delete mode 100644 x86-fpu-context-conditional.patch create mode 100644 xen-managed-pci-device.patch diff --git a/26287-sched-credit-pick-idle.patch b/26287-sched-credit-pick-idle.patch new file mode 100644 index 0000000..3807bb0 --- /dev/null +++ b/26287-sched-credit-pick-idle.patch @@ -0,0 +1,82 @@ +# HG changeset patch +# User Dario Faggioli +# Date 1355854218 0 +# Node ID 127c2c47d440eb7f3248ab5561909e326af7e328 +# Parent d5c0389bf26c89969ebce71927f34f6b923af949 +xen: sched_credit: improve picking up the idle CPU for a VCPU + +In _csched_cpu_pick() we try to select the best possible CPU for +running a VCPU, considering the characteristics of the underlying +hardware (i.e., how many threads, core, sockets, and how busy they +are). What we want is "the idle execution vehicle with the most +idling neighbours in its grouping". + +In order to achieve it, we select a CPU from the VCPU's affinity, +giving preference to its current processor if possible, as the basis +for the comparison with all the other CPUs. Problem is, to discount +the VCPU itself when computing this "idleness" (in an attempt to be +fair wrt its current processor), we arbitrarily and unconditionally +consider that selected CPU as idle, even when it is not the case, +for instance: + 1. If the CPU is not the one where the VCPU is running (perhaps due + to the affinity being changed); + 2. The CPU is where the VCPU is running, but it has other VCPUs in + its runq, so it won't go idle even if the VCPU in question goes. + +This is exemplified in the trace below: + +] 3.466115364 x|------|------| d10v1 22005(2:2:5) 3 [ a 1 8 ] + ... ... ... + 3.466122856 x|------|------| d10v1 runstate_change d10v1 + running->offline + 3.466123046 x|------|------| d?v? runstate_change d32767v0 + runnable->running + ... ... ... +] 3.466126887 x|------|------| d32767v0 28004(2:8:4) 3 [ a 1 8 ] + +22005(...) line (the first line) means _csched_cpu_pick() was called +on VCPU 1 of domain 10, while it is running on CPU 0, and it choose +CPU 8, which is busy ('|'), even if there are plenty of idle +CPUs. That is because, as a consequence of changing the VCPU affinity, +CPU 8 was chosen as the basis for the comparison, and therefore +considered idle (its bit gets unconditionally set in the bitmask +representing the idle CPUs). 28004(...) line means the VCPU is woken +up and queued on CPU 8's runq, where it waits for a context switch or +a migration, in order to be able to execute. + +This change fixes things by only considering the "guessed" CPU idle if +the VCPU in question is both running there and is its only runnable +VCPU. + +Signed-off-by: Dario Faggioli +Acked-by: George Dunlap +Committed-by: Keir Fraser + +--- a/xen/common/sched_credit.c ++++ b/xen/common/sched_credit.c +@@ -72,6 +72,9 @@ + #define CSCHED_VCPU(_vcpu) ((struct csched_vcpu *) (_vcpu)->sched_priv) + #define CSCHED_DOM(_dom) ((struct csched_dom *) (_dom)->sched_priv) + #define RUNQ(_cpu) (&(CSCHED_PCPU(_cpu)->runq)) ++/* Is the first element of _cpu's runq its idle vcpu? */ ++#define IS_RUNQ_IDLE(_cpu) (list_empty(RUNQ(_cpu)) || \ ++ is_idle_vcpu(__runq_elem(RUNQ(_cpu)->next)->vcpu)) + + + /* +@@ -487,9 +490,14 @@ _csched_cpu_pick(const struct scheduler + * distinct cores first and guarantees we don't do something stupid + * like run two VCPUs on co-hyperthreads while there are idle cores + * or sockets. ++ * ++ * Notice that, when computing the "idleness" of cpu, we may want to ++ * discount vc. That is, iff vc is the currently running and the only ++ * runnable vcpu on cpu, we add cpu to the idlers. + */ + cpumask_and(&idlers, &cpu_online_map, CSCHED_PRIV(ops)->idlers); +- cpumask_set_cpu(cpu, &idlers); ++ if ( vc->processor == cpu && IS_RUNQ_IDLE(cpu) ) ++ cpumask_set_cpu(cpu, &idlers); + cpumask_and(&cpus, &cpus, &idlers); + cpumask_clear_cpu(cpu, &cpus); + diff --git a/CVE-2012-5634-xsa33.patch b/26340-VT-d-intremap-verify-legacy-bridge.patch similarity index 82% rename from CVE-2012-5634-xsa33.patch rename to 26340-VT-d-intremap-verify-legacy-bridge.patch index 71f074d..d73a452 100644 --- a/CVE-2012-5634-xsa33.patch +++ b/26340-VT-d-intremap-verify-legacy-bridge.patch @@ -1,5 +1,10 @@ References: CVE-2012-5634 XSA-33 bnc#794316 +# HG changeset patch +# User Jan Beulich +# Date 1357748006 -3600 +# Node ID 19fd1237ff0dfa3d97a896d6ed6fbbd33f816a9f +# Parent 56b0d5476c11bfd09986080dfa97923586ef474f VT-d: fix interrupt remapping source validation for devices behind legacy bridges Using SVT_VERIFY_BUS here doesn't make sense; native Linux also diff --git a/26369-libxl-devid.patch b/26369-libxl-devid.patch new file mode 100644 index 0000000..027630e --- /dev/null +++ b/26369-libxl-devid.patch @@ -0,0 +1,102 @@ +commit 5420f26507fc5c9853eb1076401a8658d72669da +Author: Jim Fehlig +Date: Fri Jan 11 12:22:26 2013 +0000 + + libxl: Set vfb and vkb devid if not done so by the caller + + Other devices set a sensible devid if the caller has not done so. + Do the same for vfb and vkb. While at it, factor out the common code + used to determine a sensible devid, so it can be used by other + libxl__device_*_add functions. + + Signed-off-by: Jim Fehlig + Acked-by: Ian Campbell + Committed-by: Ian Campbell + +Index: xen-4.2.1-testing/tools/libxl/libxl.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxl/libxl.c ++++ xen-4.2.1-testing/tools/libxl/libxl.c +@@ -1727,6 +1727,26 @@ out: + return; + } + ++/* common function to get next device id */ ++static int libxl__device_nextid(libxl__gc *gc, uint32_t domid, char *device) ++{ ++ char *dompath, **l; ++ unsigned int nb; ++ int nextid = -1; ++ ++ if (!(dompath = libxl__xs_get_dompath(gc, domid))) ++ return nextid; ++ ++ l = libxl__xs_directory(gc, XBT_NULL, ++ GCSPRINTF("%s/device/%s", dompath, device), &nb); ++ if (l == NULL || nb == 0) ++ nextid = 0; ++ else ++ nextid = strtoul(l[nb - 1], NULL, 10) + 1; ++ ++ return nextid; ++} ++ + /******************************************************************************/ + + int libxl__device_disk_setdefault(libxl__gc *gc, libxl_device_disk *disk) +@@ -2563,8 +2583,7 @@ void libxl__device_nic_add(libxl__egc *e + flexarray_t *front; + flexarray_t *back; + libxl__device *device; +- char *dompath, **l; +- unsigned int nb, rc; ++ unsigned int rc; + + rc = libxl__device_nic_setdefault(gc, nic, domid); + if (rc) goto out; +@@ -2581,16 +2600,10 @@ void libxl__device_nic_add(libxl__egc *e + } + + if (nic->devid == -1) { +- if (!(dompath = libxl__xs_get_dompath(gc, domid))) { ++ if ((nic->devid = libxl__device_nextid(gc, domid, "vif") < 0)) { + rc = ERROR_FAIL; + goto out_free; + } +- if (!(l = libxl__xs_directory(gc, XBT_NULL, +- libxl__sprintf(gc, "%s/device/vif", dompath), &nb))) { +- nic->devid = 0; +- } else { +- nic->devid = strtoul(l[nb - 1], NULL, 10) + 1; +- } + } + + GCNEW(device); +@@ -2977,6 +2990,13 @@ int libxl__device_vkb_add(libxl__gc *gc, + goto out_free; + } + ++ if (vkb->devid == -1) { ++ if ((vkb->devid = libxl__device_nextid(gc, domid, "vkb") < 0)) { ++ rc = ERROR_FAIL; ++ goto out_free; ++ } ++ } ++ + rc = libxl__device_from_vkb(gc, domid, vkb, &device); + if (rc != 0) goto out_free; + +@@ -3078,6 +3098,13 @@ int libxl__device_vfb_add(libxl__gc *gc, + goto out_free; + } + ++ if (vfb->devid == -1) { ++ if ((vfb->devid = libxl__device_nextid(gc, domid, "vfb") < 0)) { ++ rc = ERROR_FAIL; ++ goto out_free; ++ } ++ } ++ + rc = libxl__device_from_vfb(gc, domid, vfb, &device); + if (rc != 0) goto out_free; + diff --git a/26370-libxc-x86-initial-mapping-fit.patch b/26370-libxc-x86-initial-mapping-fit.patch new file mode 100644 index 0000000..e03fc51 --- /dev/null +++ b/26370-libxc-x86-initial-mapping-fit.patch @@ -0,0 +1,59 @@ +# HG changeset patch +# User Ian Campbell +# Date 1357906947 0 +# Node ID ba2d73234d73fc0faa027cd9bdfd3ac90642733c +# Parent 84d87ca765be81c215ef3b67d2ed71acfba73553 +libxc: x86: ensure that the initial mapping fits into the guest's memory + +In particular we need to check that adding 512KB of slack and +rounding up to a 4MB boundary do not overflow the guest's memory +allocation. Otherwise we run off the end of the p2m when building the +guest's initial page tables and populate them with garbage. + +Wei noticed this when build tiny (2MB) mini-os domains. + +Reported-by: Wei Liu +Signed-off-by: Ian Campbell +Acked-by: Jan Beulich +Committed-by: Ian Campbell + +--- a/tools/libxc/xc_dom_core.c ++++ b/tools/libxc/xc_dom_core.c +@@ -871,7 +871,8 @@ int xc_dom_build_image(struct xc_dom_ima + goto err; + if ( dom->arch_hooks->count_pgtables ) + { +- dom->arch_hooks->count_pgtables(dom); ++ if ( dom->arch_hooks->count_pgtables(dom) != 0 ) ++ goto err; + if ( (dom->pgtables > 0) && + (xc_dom_alloc_segment(dom, &dom->pgtables_seg, "page tables", 0, + dom->pgtables * page_size) != 0) ) +--- a/tools/libxc/xc_dom_x86.c ++++ b/tools/libxc/xc_dom_x86.c +@@ -82,6 +82,7 @@ static int count_pgtables(struct xc_dom_ + { + int pages, extra_pages; + xen_vaddr_t try_virt_end; ++ xen_pfn_t try_pfn_end; + + extra_pages = dom->alloc_bootstack ? 1 : 0; + extra_pages += dom->extra_pages; +@@ -91,6 +92,17 @@ static int count_pgtables(struct xc_dom_ + { + try_virt_end = round_up(dom->virt_alloc_end + pages * PAGE_SIZE_X86, + bits_to_mask(22)); /* 4MB alignment */ ++ ++ try_pfn_end = (try_virt_end - dom->parms.virt_base) >> PAGE_SHIFT_X86; ++ ++ if ( try_pfn_end > dom->total_pages ) ++ { ++ xc_dom_panic(dom->xch, XC_OUT_OF_MEMORY, ++ "%s: not enough memory for initial mapping (%#"PRIpfn" > %#"PRIpfn")", ++ __FUNCTION__, try_pfn_end, dom->total_pages); ++ return -ENOMEM; ++ } ++ + dom->pg_l4 = + nr_page_tables(dom, dom->parms.virt_base, try_virt_end, l4_bits); + dom->pg_l3 = diff --git a/26395-x86-FPU-context-conditional.patch b/26395-x86-FPU-context-conditional.patch new file mode 100644 index 0000000..fb226a4 --- /dev/null +++ b/26395-x86-FPU-context-conditional.patch @@ -0,0 +1,46 @@ +# HG changeset patch +# User Jan Beulich +# Date 1358341015 -3600 +# Node ID b4cbb83f9a1f57b4f26f2d35998cda42b904ea69 +# Parent 327b812026fe62a990f1d81041729c42196983ca +x86: consistently mask floating point exceptions + +c/s 23142:f5e8d152a565 resulted in v->arch.fpu_ctxt to point into the +save area allocated for xsave/xrstor (when they're available). The way +vcpu_restore_fpu_lazy() works (using fpu_init() for an uninitialized +vCPU only when there's no xsave support) causes this to load whatever +arch_set_info_guest() put there, irrespective of whether the i387 state +was specified to be valid in the respective input structure. + +Consequently, with a cleared (al zeroes) incoming FPU context, and with +xsave available, one gets all exceptions unmasked (as opposed to to the +legacy case, where FINIT and LDMXCSR get used, masking all exceptions). +This causes e.g. para-virtualized NetWare to crash. + +The behavior of arch_set_info_guest() is thus being made more hardware- +like for the FPU portion of it: Considering it to be similar to INIT, +it will leave untouched all floating point state now. An alternative +would be to make the behavior RESET-like, forcing all state to known +values, albeit - taking into account legacy behavior - not to precisely +the values RESET would enforce (which masks only SSE exceptions, but +not x87 ones); that would come closest to mimicing FINIT behavior in +the xsave case. Another option would be to continue copying whatever +was provided, but override (at least) FCW and MXCSR if VGCF_I387_VALID +isn't set. + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -819,7 +819,9 @@ int arch_set_info_guest( + + v->arch.vgc_flags = flags; + +- memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt)); ++ if ( flags & VGCF_I387_VALID ) ++ memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt)); ++ + if ( !compat ) + { + memcpy(&v->arch.user_regs, &c.nat->user_regs, sizeof(c.nat->user_regs)); diff --git a/26404-x86-forward-both-NMI-kinds.patch b/26404-x86-forward-both-NMI-kinds.patch new file mode 100644 index 0000000..2483a2c --- /dev/null +++ b/26404-x86-forward-both-NMI-kinds.patch @@ -0,0 +1,32 @@ +# HG changeset patch +# User Jan Beulich +# Date 1358427591 -3600 +# Node ID 76598d4bf61ef0c575deba539ff99078c80e651e +# Parent 0dee85c061addb7124d77c5f6cfe2ea7bc03b760 +x86: handle both NMI kinds if they occur simultaneously + +We shouldn't assume PCI SERR excludes IOCHK. + +Once at it, also remove the doubly redundant range restriction on +"reason" - the variable already is "unsigned char". + +Signed-off-by: Jan Beulich +Acked-by: Andrew Cooper +Acked-by: Keir Fraser + +--- a/xen/arch/x86/traps.c ++++ b/xen/arch/x86/traps.c +@@ -3357,10 +3357,10 @@ void do_nmi(struct cpu_user_regs *regs) + reason = inb(0x61); + if ( reason & 0x80 ) + pci_serr_error(regs); +- else if ( reason & 0x40 ) ++ if ( reason & 0x40 ) + io_check_error(regs); +- else if ( !nmi_watchdog ) +- unknown_nmi_error(regs, (unsigned char)(reason&0xff)); ++ if ( !(reason & 0xc0) && !nmi_watchdog ) ++ unknown_nmi_error(regs, reason); + } + } + diff --git a/26418-x86-trampoline-consider-multiboot.patch b/26418-x86-trampoline-consider-multiboot.patch new file mode 100644 index 0000000..544c3e0 --- /dev/null +++ b/26418-x86-trampoline-consider-multiboot.patch @@ -0,0 +1,94 @@ +# HG changeset patch +# User Paolo Bonzini +# Date 1358505311 -3600 +# Node ID 3b59a6c3e9b0fb5009bdfff97c8493bb9f0bec54 +# Parent 025f202f3022c30d1ec3b6ffcb72861c43a32cf7 +x86: find a better location for the real-mode trampoline + +On some machines, the location at 0x40e does not point to the beginning +of the EBDA. Rather, it points to the beginning of the BIOS-reserved +area of the EBDA, while the option ROMs place their data below that +segment. + +For this reason, 0x413 is actually a better source than 0x40e to get +the location of the real-mode trampoline. Xen was already using it +as a second source, and this patch keeps that working. However, just +in case, let's also fetch the information from the multiboot structure, +where the boot loader should have placed it. This way we don't +necessarily trust one of the BIOS or the multiboot loader more than +the other. + +Signed-off-by: Paolo Bonzini + +Retain the previous code, thus using the multiboot value only if it's +sane but lower than the BDA computed one. Also use the full 32-bit +mem_lower value and prefer MBI_MEMLIMITS over open coding it (requiring +a slight adjustment to multiboot.h to make its constants actually +usable in assembly code, which previously they were only meant to be). + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser +Committed-by: Jan Beulich + +--- a/xen/arch/x86/boot/head.S ++++ b/xen/arch/x86/boot/head.S +@@ -88,6 +88,20 @@ __start: + movzwl 0x413,%eax /* use base memory size on failure */ + shl $10-4,%eax + 1: ++ /* ++ * Compare the value in the BDA with the information from the ++ * multiboot structure (if available) and use the smallest. ++ */ ++ testb $MBI_MEMLIMITS,(%ebx) ++ jz 2f /* not available? BDA value will be fine */ ++ mov 4(%ebx),%edx ++ cmp $0x100,%edx /* is the multiboot value too small? */ ++ jb 2f /* if so, do not use it */ ++ shl $10-4,%edx ++ cmp %eax,%edx /* compare with BDA value */ ++ cmovb %edx,%eax /* and use the smaller */ ++ ++2: /* Reserve 64kb for the trampoline */ + sub $0x1000,%eax + + /* From arch/x86/smpboot.c: start_eip had better be page-aligned! */ +--- a/xen/include/xen/multiboot.h ++++ b/xen/include/xen/multiboot.h +@@ -18,6 +18,7 @@ + #ifndef __MULTIBOOT_H__ + #define __MULTIBOOT_H__ + ++#include "const.h" + + /* + * Multiboot header structure. +@@ -31,17 +32,17 @@ + /* The magic number passed by a Multiboot-compliant boot loader. */ + #define MULTIBOOT_BOOTLOADER_MAGIC 0x2BADB002 + +-#define MBI_MEMLIMITS (1u<< 0) +-#define MBI_BOOTDEV (1u<< 1) +-#define MBI_CMDLINE (1u<< 2) +-#define MBI_MODULES (1u<< 3) +-#define MBI_AOUT_SYMS (1u<< 4) +-#define MBI_ELF_SYMS (1u<< 5) +-#define MBI_MEMMAP (1u<< 6) +-#define MBI_DRIVES (1u<< 7) +-#define MBI_BIOSCONFIG (1u<< 8) +-#define MBI_LOADERNAME (1u<< 9) +-#define MBI_APM (1u<<10) ++#define MBI_MEMLIMITS (_AC(1,u) << 0) ++#define MBI_BOOTDEV (_AC(1,u) << 1) ++#define MBI_CMDLINE (_AC(1,u) << 2) ++#define MBI_MODULES (_AC(1,u) << 3) ++#define MBI_AOUT_SYMS (_AC(1,u) << 4) ++#define MBI_ELF_SYMS (_AC(1,u) << 5) ++#define MBI_MEMMAP (_AC(1,u) << 6) ++#define MBI_DRIVES (_AC(1,u) << 7) ++#define MBI_BIOSCONFIG (_AC(1,u) << 8) ++#define MBI_LOADERNAME (_AC(1,u) << 9) ++#define MBI_APM (_AC(1,u) << 10) + + #ifndef __ASSEMBLY__ + diff --git a/26427-x86-AMD-enable-WC+.patch b/26427-x86-AMD-enable-WC+.patch new file mode 100644 index 0000000..49274f0 --- /dev/null +++ b/26427-x86-AMD-enable-WC+.patch @@ -0,0 +1,51 @@ +# HG changeset patch +# User Boris Ostrovsky +# Date 1358508058 -3600 +# Node ID 8f6dd5dc5d6cdd56050ed917a0c30903bbddcbf0 +# Parent eb8e9a23925d7b77c344a4a99679a45f96754a17 +x86/AMD: Enable WC+ memory type on family 10 processors + +In some cases BIOS may not enable WC+ memory type on family 10 processors, +instead converting what would be WC+ memory to CD type. On guests using +nested pages this could result in performance degradation. This patch +enables WC+. + +Signed-off-by: Boris Ostrovsky +Committed-by: Jan Beulich + +--- a/xen/arch/x86/cpu/amd.c ++++ b/xen/arch/x86/cpu/amd.c +@@ -534,6 +534,19 @@ static void __devinit init_amd(struct cp + } + #endif + ++ if (c->x86 == 0x10) { ++ /* ++ * On family 10h BIOS may not have properly enabled WC+ ++ * support, causing it to be converted to CD memtype. This may ++ * result in performance degradation for certain nested-paging ++ * guests. Prevent this conversion by clearing bit 24 in ++ * MSR_F10_BU_CFG2. ++ */ ++ rdmsrl(MSR_F10_BU_CFG2, value); ++ value &= ~(1ULL << 24); ++ wrmsrl(MSR_F10_BU_CFG2, value); ++ } ++ + /* + * Family 0x12 and above processors have APIC timer + * running in deep C states. +--- a/xen/include/asm-x86/msr-index.h ++++ b/xen/include/asm-x86/msr-index.h +@@ -215,8 +215,9 @@ + #define MSR_F10_MC4_MISC2 0xc0000409 + #define MSR_F10_MC4_MISC3 0xc000040A + +-/* AMD Family10h MMU control MSRs */ +-#define MSR_F10_BU_CFG 0xc0011023 ++/* AMD Family10h Bus Unit MSRs */ ++#define MSR_F10_BU_CFG 0xc0011023 ++#define MSR_F10_BU_CFG2 0xc001102a + + /* Other AMD Fam10h MSRs */ + #define MSR_FAM10H_MMIO_CONF_BASE 0xc0010058 diff --git a/26428-x86-HVM-RTC-update.patch b/26428-x86-HVM-RTC-update.patch new file mode 100644 index 0000000..b001859 --- /dev/null +++ b/26428-x86-HVM-RTC-update.patch @@ -0,0 +1,38 @@ +# HG changeset patch +# User Tim Deegan +# Date 1358508717 -3600 +# Node ID 9e8c39bdc1fedd5dfc5aa7209cc5f77f813476c7 +# Parent 8f6dd5dc5d6cdd56050ed917a0c30903bbddcbf0 +x86/hvm: fix RTC setting. + +When the guest writes one field of the RTC time, we must bring all the +other fields up to date for the current second before calculating the +new RTC time. + +Signed-off-by: Tim Deegan +Tested-by: Phil Evans +Committed-by: Jan Beulich + +--- a/xen/arch/x86/hvm/rtc.c ++++ b/xen/arch/x86/hvm/rtc.c +@@ -399,10 +399,17 @@ static int rtc_ioport_write(void *opaque + case RTC_DAY_OF_MONTH: + case RTC_MONTH: + case RTC_YEAR: +- s->hw.cmos_data[s->hw.cmos_index] = data; +- /* if in set mode, do not update the time */ +- if ( !(s->hw.cmos_data[RTC_REG_B] & RTC_SET) ) ++ /* if in set mode, just write the register */ ++ if ( (s->hw.cmos_data[RTC_REG_B] & RTC_SET) ) ++ s->hw.cmos_data[s->hw.cmos_index] = data; ++ else ++ { ++ /* Fetch the current time and update just this field. */ ++ s->current_tm = gmtime(get_localtime(d)); ++ rtc_copy_date(s); ++ s->hw.cmos_data[s->hw.cmos_index] = data; + rtc_set_time(s); ++ } + alarm_timer_update(s); + break; + case RTC_REG_A: diff --git a/26440-x86-forward-SERR.patch b/26440-x86-forward-SERR.patch new file mode 100644 index 0000000..8f70343 --- /dev/null +++ b/26440-x86-forward-SERR.patch @@ -0,0 +1,72 @@ +# HG changeset patch +# User Jan Beulich +# Date 1358843590 -3600 +# Node ID 5af4f2ab06f33ce441fa550333a9049c09a9ef28 +# Parent 4b476378fc35e776196c29dc0e24b71529393a4c +x86: restore (optional) forwarding of PCI SERR induced NMI to Dom0 + +c/s 22949:54fe1011f86b removed the forwarding of NMIs to Dom0 when they +were caused by PCI SERR. NMI buttons as well as BMCs (like HP's iLO) +may however want such events to be seen in Dom0 (e.g. to trigger a +dump). + +Therefore restore most of the functionality which named c/s removed +(adjusted for subsequent changes, and adjusting the public interface to +use the modern term, retaining the old one for backwards +compatibility). + +Signed-off-by: Jan Beulich +Acked-by: Stefano Stabellini +Acked-by: Keir Fraser + +--- a/xen/arch/x86/traps.c ++++ b/xen/arch/x86/traps.c +@@ -3201,6 +3201,7 @@ static void nmi_mce_softirq(void) + static void pci_serr_softirq(void) + { + printk("\n\nNMI - PCI system error (SERR)\n"); ++ outb(inb(0x61) & 0x0b, 0x61); /* re-enable the PCI SERR error line. */ + } + + void async_exception_cleanup(struct vcpu *curr) +@@ -3291,9 +3292,20 @@ static void pci_serr_error(struct cpu_us + { + outb((inb(0x61) & 0x0f) | 0x04, 0x61); /* clear-and-disable the PCI SERR error line. */ + +- /* Would like to print a diagnostic here but can't call printk() +- from NMI context -- raise a softirq instead. */ +- raise_softirq(PCI_SERR_SOFTIRQ); ++ switch ( opt_nmi[0] ) ++ { ++ case 'd': /* 'dom0' */ ++ nmi_dom0_report(_XEN_NMIREASON_pci_serr); ++ case 'i': /* 'ignore' */ ++ /* Would like to print a diagnostic here but can't call printk() ++ from NMI context -- raise a softirq instead. */ ++ raise_softirq(PCI_SERR_SOFTIRQ); ++ break; ++ default: /* 'fatal' */ ++ console_force_unlock(); ++ printk("\n\nNMI - PCI system error (SERR)\n"); ++ fatal_trap(TRAP_nmi, regs); ++ } + } + + static void io_check_error(struct cpu_user_regs *regs) +--- a/xen/include/public/nmi.h ++++ b/xen/include/public/nmi.h +@@ -36,9 +36,14 @@ + /* I/O-check error reported via ISA port 0x61, bit 6. */ + #define _XEN_NMIREASON_io_error 0 + #define XEN_NMIREASON_io_error (1UL << _XEN_NMIREASON_io_error) ++ /* PCI SERR reported via ISA port 0x61, bit 7. */ ++#define _XEN_NMIREASON_pci_serr 1 ++#define XEN_NMIREASON_pci_serr (1UL << _XEN_NMIREASON_pci_serr) ++#if __XEN_INTERFACE_VERSION__ < 0x00040300 /* legacy alias of the above */ + /* Parity error reported via ISA port 0x61, bit 7. */ + #define _XEN_NMIREASON_parity_error 1 + #define XEN_NMIREASON_parity_error (1UL << _XEN_NMIREASON_parity_error) ++#endif + /* Unknown hardware-generated NMI. */ + #define _XEN_NMIREASON_unknown 2 + #define XEN_NMIREASON_unknown (1UL << _XEN_NMIREASON_unknown) diff --git a/26443-ACPI-zap-DMAR.patch b/26443-ACPI-zap-DMAR.patch new file mode 100644 index 0000000..f5f3e95 --- /dev/null +++ b/26443-ACPI-zap-DMAR.patch @@ -0,0 +1,116 @@ +# HG changeset patch +# User Tomasz Wroblewski +# Date 1358933464 -3600 +# Node ID 9efe4c0bf9c8d3ecf03868c69c24dad3218523a4 +# Parent 7c6ecf2c1831a1c7f63a96f119a8891891463e54 +fix acpi_dmar_zap/reinstate() (fixes S3 regression) + +Fix S3 regression introduced by cs 23013:65d26504e843 (ACPI: large +cleanup). The dmar virtual pointer returned from acpi_get_table cannot +be safely stored away and used later, as the underlying +acpi_os_map_memory / __acpi_map_table functions overwrite the mapping +causing it to point to different tables than dmar (last fetched table is +used). This subsequently causes acpi_dmar_reinstate() and +acpi_dmar_zap() to write data to wrong table, causing its corruption and +problems with consecutive s3 resumes. + +Added a new function to fetch ACPI table physical address, and +establishing separate static mapping for dmar_table pointer instead of +using acpi_get_table(). + +Signed-off-by: Tomasz Wroblewski + +Added call to acpi_tb_verify_table(). Fixed page count passed to +map_pages_to_xen(). Cosmetic changes. + +Signed-off-by: Jan Beulich +Committed-by: Jan Beulich + +--- a/xen/drivers/acpi/tables/tbxface.c ++++ b/xen/drivers/acpi/tables/tbxface.c +@@ -205,3 +205,51 @@ acpi_get_table(char *signature, + + return (AE_NOT_FOUND); + } ++ ++/****************************************************************************** ++ * ++ * FUNCTION: acpi_get_table_phys ++ * ++ * PARAMETERS: signature - ACPI signature of needed table ++ * instance - Which instance (for SSDTs) ++ * addr - Where the table's physical address is returned ++ * len - Where the length of table is returned ++ * ++ * RETURN: Status, pointer and length of table ++ * ++ * DESCRIPTION: Finds physical address and length of ACPI table ++ * ++ *****************************************************************************/ ++acpi_status __init ++acpi_get_table_phys(acpi_string signature, acpi_native_uint instance, ++ acpi_physical_address *addr, acpi_native_uint *len) ++{ ++ acpi_native_uint i, j; ++ acpi_status status; ++ ++ if (!signature || !addr || !len) ++ return AE_BAD_PARAMETER; ++ ++ for (i = j = 0; i < acpi_gbl_root_table_list.count; i++) { ++ if (!ACPI_COMPARE_NAME( ++ &acpi_gbl_root_table_list.tables[i].signature, ++ signature)) ++ continue; ++ ++ if (++j < instance) ++ continue; ++ ++ status = ++ acpi_tb_verify_table(&acpi_gbl_root_table_list.tables[i]); ++ if (ACPI_SUCCESS(status)) { ++ *addr = acpi_gbl_root_table_list.tables[i].address; ++ *len = acpi_gbl_root_table_list.tables[i].length; ++ } ++ ++ acpi_gbl_root_table_list.tables[i].pointer = NULL; ++ ++ return status; ++ } ++ ++ return AE_NOT_FOUND; ++} +--- a/xen/drivers/passthrough/vtd/dmar.c ++++ b/xen/drivers/passthrough/vtd/dmar.c +@@ -786,7 +786,18 @@ out: + + int __init acpi_dmar_init(void) + { +- acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table); ++ acpi_physical_address dmar_addr; ++ acpi_native_uint dmar_len; ++ ++ if ( ACPI_SUCCESS(acpi_get_table_phys(ACPI_SIG_DMAR, 0, ++ &dmar_addr, &dmar_len)) ) ++ { ++ map_pages_to_xen((unsigned long)__va(dmar_addr), PFN_DOWN(dmar_addr), ++ PFN_UP(dmar_addr + dmar_len) - PFN_DOWN(dmar_addr), ++ PAGE_HYPERVISOR); ++ dmar_table = __va(dmar_addr); ++ } ++ + return parse_dmar_table(acpi_parse_dmar); + } + +--- a/xen/include/acpi/acpixf.h ++++ b/xen/include/acpi/acpixf.h +@@ -77,6 +77,9 @@ acpi_status + acpi_get_table(acpi_string signature, + acpi_native_uint instance, struct acpi_table_header **out_table); + ++acpi_status ++acpi_get_table_phys(acpi_string signature, acpi_native_uint instance, ++ acpi_physical_address *addr, acpi_native_uint *len); + /* + * Namespace and name interfaces + */ diff --git a/CVE-2013-0152-xsa35.patch b/26444-x86-nHVM-no-self-enable.patch similarity index 77% rename from CVE-2013-0152-xsa35.patch rename to 26444-x86-nHVM-no-self-enable.patch index 743347f..96dfdaf 100644 --- a/CVE-2013-0152-xsa35.patch +++ b/26444-x86-nHVM-no-self-enable.patch @@ -1,5 +1,10 @@ References: CVE-2013-0152 XSA-35 bnc#797287 +# HG changeset patch +# User Ian Campbell +# Date 1358938044 -3600 +# Node ID 621b1a889e9b120236698731e0b5ecc5b0cb1d82 +# Parent 9efe4c0bf9c8d3ecf03868c69c24dad3218523a4 xen: Do not allow guests to enable nested HVM on themselves There is no reason for this and doing so exposes a memory leak to @@ -9,6 +14,7 @@ This is XSA-35 / CVE-2013-0152. Signed-off-by: Ian Campbell Acked-by: Jan Beulich +Committed-by: Jan Beulich --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c diff --git a/26501-VMX-simplify-CR0-update.patch b/26501-VMX-simplify-CR0-update.patch new file mode 100644 index 0000000..bf3b7da --- /dev/null +++ b/26501-VMX-simplify-CR0-update.patch @@ -0,0 +1,64 @@ +# HG changeset patch +# User Keir Fraser +# Date 1359566139 28800 +# Node ID 8201b6ec3564c80db5516cdcf36dcfa9b7fdd93b +# Parent 1fe8ecfdf10cc9077fc810364663a0f25a5c5b96 +vmx: Simplify cr0 update handling by deferring cr4 changes to the cr4 handler. + +Signed-off-by: Keir Fraser + +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -1133,20 +1133,18 @@ static void vmx_update_guest_cr(struct v + + if ( paging_mode_hap(v->domain) ) + { +- /* We manage GUEST_CR3 when guest CR0.PE is zero or when cr3 memevents are on */ ++ /* Manage GUEST_CR3 when CR0.PE=0. */ + uint32_t cr3_ctls = (CPU_BASED_CR3_LOAD_EXITING | + CPU_BASED_CR3_STORE_EXITING); + v->arch.hvm_vmx.exec_control &= ~cr3_ctls; + if ( !hvm_paging_enabled(v) ) + v->arch.hvm_vmx.exec_control |= cr3_ctls; + ++ /* Trap CR3 updates if CR3 memory events are enabled. */ + if ( v->domain->arch.hvm_domain.params[HVM_PARAM_MEMORY_EVENT_CR3] ) + v->arch.hvm_vmx.exec_control |= CPU_BASED_CR3_LOAD_EXITING; + + vmx_update_cpu_exec_control(v); +- +- /* Changing CR0.PE can change some bits in real CR4. */ +- vmx_update_guest_cr(v, 4); + } + + if ( !(v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_TS) ) +@@ -1176,8 +1174,6 @@ static void vmx_update_guest_cr(struct v + { + for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ ) + vmx_set_segment_register(v, s, ®[s]); +- v->arch.hvm_vcpu.hw_cr[4] |= X86_CR4_VME; +- __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); + v->arch.hvm_vmx.exception_bitmap = 0xffffffff; + vmx_update_exception_bitmap(v); + } +@@ -1187,10 +1183,6 @@ static void vmx_update_guest_cr(struct v + if ( !(v->arch.hvm_vmx.vm86_segment_mask & (1<arch.hvm_vmx.vm86_saved_seg[s]); +- v->arch.hvm_vcpu.hw_cr[4] = +- ((v->arch.hvm_vcpu.hw_cr[4] & ~X86_CR4_VME) +- |(v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_VME)); +- __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); + v->arch.hvm_vmx.exception_bitmap = HVM_TRAP_MASK + | (paging_mode_hap(v->domain) ? + 0 : (1U << TRAP_page_fault)) +@@ -1204,6 +1196,9 @@ static void vmx_update_guest_cr(struct v + v->arch.hvm_vcpu.guest_cr[0] | hw_cr0_mask; + __vmwrite(GUEST_CR0, v->arch.hvm_vcpu.hw_cr[0]); + __vmwrite(CR0_READ_SHADOW, v->arch.hvm_vcpu.guest_cr[0]); ++ ++ /* Changing CR0 can change some bits in real CR4. */ ++ vmx_update_guest_cr(v, 4); + break; + } + case 2: diff --git a/26502-VMX-disable-SMEP-when-not-paging.patch b/26502-VMX-disable-SMEP-when-not-paging.patch new file mode 100644 index 0000000..4c6f5eb --- /dev/null +++ b/26502-VMX-disable-SMEP-when-not-paging.patch @@ -0,0 +1,39 @@ +# HG changeset patch +# User Dongxiao Xu +# Date 1359566250 28800 +# Node ID d1bf3b21f78302dad1ed53e540facf7b9a0e2ab5 +# Parent 8201b6ec3564c80db5516cdcf36dcfa9b7fdd93b +VMX: disable SMEP feature when guest is in non-paging mode + +SMEP is disabled if CPU is in non-paging mode in hardware. +However Xen always uses paging mode to emulate guest non-paging +mode with HAP. To emulate this behavior, SMEP needs to be manually +disabled when guest switches to non-paging mode. + +We met an issue that, SMP Linux guest with recent kernel (enable +SMEP support, for example, 3.5.3) would crash with triple fault if +setting unrestricted_guest=0 in grub. This is because Xen uses an +identity mapping page table to emulate the non-paging mode, where +the page table is set with USER flag. If SMEP is still enabled in +this case, guest will meet unhandlable page fault and then crash. + +Signed-off-by: Dongxiao Xu +Signed-off-by: Xiantao Zhang +Committed-by: Keir Fraser + +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -1227,6 +1227,13 @@ static void vmx_update_guest_cr(struct v + { + v->arch.hvm_vcpu.hw_cr[4] |= X86_CR4_PSE; + v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_PAE; ++ /* ++ * SMEP is disabled if CPU is in non-paging mode in hardware. ++ * However Xen always uses paging mode to emulate guest non-paging ++ * mode with HAP. To emulate this behavior, SMEP needs to be ++ * manually disabled when guest switches to non-paging mode. ++ */ ++ v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_SMEP; + } + __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); + __vmwrite(CR4_READ_SHADOW, v->arch.hvm_vcpu.guest_cr[4]); diff --git a/26516-ACPI-parse-table-retval.patch b/26516-ACPI-parse-table-retval.patch new file mode 100644 index 0000000..1a42d93 --- /dev/null +++ b/26516-ACPI-parse-table-retval.patch @@ -0,0 +1,37 @@ +References: CVE-2013-0153 XSA-36 bnc#800275 + +# HG changeset patch +# User Boris Ostrovsky +# Date 1360073898 -3600 +# Node ID 32d4516a97f0b22ed06155f7b8e0bff075024991 +# Parent 2fdca30363f08026971c094e8a1a84e19ca3e55b +ACPI: acpi_table_parse() should return handler's error code + +Currently, the error code returned by acpi_table_parse()'s handler +is ignored. This patch will propagate handler's return value to +acpi_table_parse()'s caller. + +Signed-off-by: Boris Ostrovsky +Committed-by: Jan Beulich + +--- a/xen/drivers/acpi/tables.c ++++ b/xen/drivers/acpi/tables.c +@@ -267,7 +267,7 @@ acpi_table_parse_madt(enum acpi_madt_typ + * @handler: handler to run + * + * Scan the ACPI System Descriptor Table (STD) for a table matching @id, +- * run @handler on it. Return 0 if table found, return on if not. ++ * run @handler on it. + */ + int __init acpi_table_parse(char *id, acpi_table_handler handler) + { +@@ -282,8 +282,7 @@ int __init acpi_table_parse(char *id, ac + acpi_get_table(id, 0, &table); + + if (table) { +- handler(table); +- return 0; ++ return handler(table); + } else + return 1; + } diff --git a/26517-AMD-IOMMU-clear-irtes.patch b/26517-AMD-IOMMU-clear-irtes.patch new file mode 100644 index 0000000..8a1c35d --- /dev/null +++ b/26517-AMD-IOMMU-clear-irtes.patch @@ -0,0 +1,205 @@ +References: CVE-2013-0153 XSA-36 bnc#800275 + +# HG changeset patch +# User Jan Beulich +# Date 1360074047 -3600 +# Node ID 601139e2b0db7dc8a5bb69b9b7373fb87742741c +# Parent 32d4516a97f0b22ed06155f7b8e0bff075024991 +AMD,IOMMU: Clean up old entries in remapping tables when creating new one + +When changing the affinity of an IRQ associated with a passed +through PCI device, clear previous mapping. + +This is XSA-36 / CVE-2013-0153. + +Signed-off-by: Jan Beulich + +In addition, because some BIOSes may incorrectly program IVRS +entries for IOAPIC try to check for entry's consistency. Specifically, +if conflicting entries are found disable IOMMU if per-device +remapping table is used. If entries refer to bogus IOAPIC IDs +disable IOMMU unconditionally + +Signed-off-by: Boris Ostrovsky + +--- a/xen/drivers/passthrough/amd/iommu_acpi.c ++++ b/xen/drivers/passthrough/amd/iommu_acpi.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -635,6 +636,7 @@ static u16 __init parse_ivhd_device_spec + u16 header_length, u16 block_length, struct amd_iommu *iommu) + { + u16 dev_length, bdf; ++ int apic; + + dev_length = sizeof(*special); + if ( header_length < (block_length + dev_length) ) +@@ -651,10 +653,59 @@ static u16 __init parse_ivhd_device_spec + } + + add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, iommu); +- /* set device id of ioapic */ +- ioapic_sbdf[special->handle].bdf = bdf; +- ioapic_sbdf[special->handle].seg = seg; +- return dev_length; ++ ++ if ( special->variety != ACPI_IVHD_IOAPIC ) ++ { ++ if ( special->variety != ACPI_IVHD_HPET ) ++ printk(XENLOG_ERR "Unrecognized IVHD special variety %#x\n", ++ special->variety); ++ return dev_length; ++ } ++ ++ /* ++ * Some BIOSes have IOAPIC broken entries so we check for IVRS ++ * consistency here --- whether entry's IOAPIC ID is valid and ++ * whether there are conflicting/duplicated entries. ++ */ ++ for ( apic = 0; apic < nr_ioapics; apic++ ) ++ { ++ if ( IO_APIC_ID(apic) != special->handle ) ++ continue; ++ ++ if ( ioapic_sbdf[special->handle].pin_setup ) ++ { ++ if ( ioapic_sbdf[special->handle].bdf == bdf && ++ ioapic_sbdf[special->handle].seg == seg ) ++ AMD_IOMMU_DEBUG("IVHD Warning: Duplicate IO-APIC %#x entries\n", ++ special->handle); ++ else ++ { ++ printk(XENLOG_ERR "IVHD Error: Conflicting IO-APIC %#x entries\n", ++ special->handle); ++ if ( amd_iommu_perdev_intremap ) ++ return 0; ++ } ++ } ++ else ++ { ++ /* set device id of ioapic */ ++ ioapic_sbdf[special->handle].bdf = bdf; ++ ioapic_sbdf[special->handle].seg = seg; ++ ++ ioapic_sbdf[special->handle].pin_setup = xzalloc_array( ++ unsigned long, BITS_TO_LONGS(nr_ioapic_entries[apic])); ++ if ( nr_ioapic_entries[apic] && ++ !ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) ++ { ++ printk(XENLOG_ERR "IVHD Error: Out of memory\n"); ++ return 0; ++ } ++ } ++ return dev_length; ++ } ++ ++ printk(XENLOG_ERR "IVHD Error: Invalid IO-APIC %#x\n", special->handle); ++ return 0; + } + + static int __init parse_ivhd_block(const struct acpi_ivrs_hardware *ivhd_block) +--- a/xen/drivers/passthrough/amd/iommu_intr.c ++++ b/xen/drivers/passthrough/amd/iommu_intr.c +@@ -99,12 +99,12 @@ static void update_intremap_entry(u32* e + static void update_intremap_entry_from_ioapic( + int bdf, + struct amd_iommu *iommu, +- struct IO_APIC_route_entry *ioapic_rte) ++ const struct IO_APIC_route_entry *rte, ++ const struct IO_APIC_route_entry *old_rte) + { + unsigned long flags; + u32* entry; + u8 delivery_mode, dest, vector, dest_mode; +- struct IO_APIC_route_entry *rte = ioapic_rte; + int req_id; + spinlock_t *lock; + int offset; +@@ -120,6 +120,14 @@ static void update_intremap_entry_from_i + spin_lock_irqsave(lock, flags); + + offset = get_intremap_offset(vector, delivery_mode); ++ if ( old_rte ) ++ { ++ int old_offset = get_intremap_offset(old_rte->vector, ++ old_rte->delivery_mode); ++ ++ if ( offset != old_offset ) ++ free_intremap_entry(iommu->seg, bdf, old_offset); ++ } + entry = (u32*)get_intremap_entry(iommu->seg, req_id, offset); + update_intremap_entry(entry, vector, delivery_mode, dest_mode, dest); + +@@ -188,6 +196,7 @@ int __init amd_iommu_setup_ioapic_remapp + amd_iommu_flush_intremap(iommu, req_id); + spin_unlock_irqrestore(&iommu->lock, flags); + } ++ set_bit(pin, ioapic_sbdf[IO_APIC_ID(apic)].pin_setup); + } + } + return 0; +@@ -199,6 +208,7 @@ void amd_iommu_ioapic_update_ire( + struct IO_APIC_route_entry old_rte = { 0 }; + struct IO_APIC_route_entry new_rte = { 0 }; + unsigned int rte_lo = (reg & 1) ? reg - 1 : reg; ++ unsigned int pin = (reg - 0x10) / 2; + int saved_mask, seg, bdf; + struct amd_iommu *iommu; + +@@ -236,6 +246,14 @@ void amd_iommu_ioapic_update_ire( + *(((u32 *)&new_rte) + 1) = value; + } + ++ if ( new_rte.mask && ++ !test_bit(pin, ioapic_sbdf[IO_APIC_ID(apic)].pin_setup) ) ++ { ++ ASSERT(saved_mask); ++ __io_apic_write(apic, reg, value); ++ return; ++ } ++ + /* mask the interrupt while we change the intremap table */ + if ( !saved_mask ) + { +@@ -244,7 +262,11 @@ void amd_iommu_ioapic_update_ire( + } + + /* Update interrupt remapping entry */ +- update_intremap_entry_from_ioapic(bdf, iommu, &new_rte); ++ update_intremap_entry_from_ioapic( ++ bdf, iommu, &new_rte, ++ test_and_set_bit(pin, ++ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup) ? &old_rte ++ : NULL); + + /* Forward write access to IO-APIC RTE */ + __io_apic_write(apic, reg, value); +@@ -354,6 +376,12 @@ void amd_iommu_msi_msg_update_ire( + return; + } + ++ if ( msi_desc->remap_index >= 0 ) ++ update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, NULL); ++ ++ if ( !msg ) ++ return; ++ + update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, msg); + } + +--- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h ++++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h +@@ -100,6 +100,7 @@ void amd_iommu_read_msi_from_ire( + + extern struct ioapic_sbdf { + u16 bdf, seg; ++ unsigned long *pin_setup; + } ioapic_sbdf[MAX_IO_APICS]; + extern void *shared_intremap_table; + diff --git a/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch b/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch new file mode 100644 index 0000000..23e2940 --- /dev/null +++ b/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch @@ -0,0 +1,77 @@ +References: CVE-2013-0153 XSA-36 bnc#800275 + +# HG changeset patch +# User Boris Ostrovsky +# Date 1360074085 -3600 +# Node ID e379a23b04655e9e43dc50944a5c9d1e59d8bee9 +# Parent 601139e2b0db7dc8a5bb69b9b7373fb87742741c +AMD,IOMMU: Disable IOMMU if SATA Combined mode is on + +AMD's SP5100 chipset can be placed into SATA Combined mode +that may cause prevent dom0 from booting when IOMMU is +enabled and per-device interrupt remapping table is used. +While SP5100 erratum 28 requires BIOSes to disable this mode, +some may still use it. + +This patch checks whether this mode is on and, if per-device +table is in use, disables IOMMU. + +This is XSA-36 / CVE-2013-0153. + +Signed-off-by: Boris Ostrovsky + +Flipped operands of && in amd_iommu_init() to make the message issued +by amd_sp5100_erratum28() match reality (when amd_iommu_perdev_intremap +is zero, there's really no point in calling the function). + +Signed-off-by: Jan Beulich +Committed-by: Jan Beulich + +--- a/xen/drivers/passthrough/amd/iommu_init.c ++++ b/xen/drivers/passthrough/amd/iommu_init.c +@@ -1118,12 +1118,45 @@ static int __init amd_iommu_setup_device + return 0; + } + ++/* Check whether SP5100 SATA Combined mode is on */ ++static bool_t __init amd_sp5100_erratum28(void) ++{ ++ u32 bus, id; ++ u16 vendor_id, dev_id; ++ u8 byte; ++ ++ for (bus = 0; bus < 256; bus++) ++ { ++ id = pci_conf_read32(0, bus, 0x14, 0, PCI_VENDOR_ID); ++ ++ vendor_id = id & 0xffff; ++ dev_id = (id >> 16) & 0xffff; ++ ++ /* SP5100 SMBus module sets Combined mode on */ ++ if (vendor_id != 0x1002 || dev_id != 0x4385) ++ continue; ++ ++ byte = pci_conf_read8(0, bus, 0x14, 0, 0xad); ++ if ( (byte >> 3) & 1 ) ++ { ++ printk(XENLOG_WARNING "AMD-Vi: SP5100 erratum 28 detected, disabling IOMMU.\n" ++ "If possible, disable SATA Combined mode in BIOS or contact your vendor for BIOS update.\n"); ++ return 1; ++ } ++ } ++ ++ return 0; ++} ++ + int __init amd_iommu_init(void) + { + struct amd_iommu *iommu; + + BUG_ON( !iommu_found() ); + ++ if ( amd_iommu_perdev_intremap && amd_sp5100_erratum28() ) ++ goto error_out; ++ + ivrs_bdf_entries = amd_iommu_get_ivrs_dev_entries(); + + if ( !ivrs_bdf_entries ) diff --git a/26519-AMD-IOMMU-perdev-intremap-default.patch b/26519-AMD-IOMMU-perdev-intremap-default.patch new file mode 100644 index 0000000..9fb9ed2 --- /dev/null +++ b/26519-AMD-IOMMU-perdev-intremap-default.patch @@ -0,0 +1,55 @@ +References: CVE-2013-0153 XSA-36 bnc#800275 + +# HG changeset patch +# User Boris Ostrovsky +# Date 1360074131 -3600 +# Node ID 1af531e7bc2fc518f16d8d1461083c528e1517cf +# Parent e379a23b04655e9e43dc50944a5c9d1e59d8bee9 +AMD,IOMMU: Make per-device interrupt remapping table default + +Using global interrupt remapping table may be insecure, as +described by XSA-36. This patch makes per-device mode default. + +This is XSA-36 / CVE-2013-0153. + +Signed-off-by: Boris Ostrovsky + +Moved warning in amd_iov_detect() to location covering all cases. + +Signed-off-by: Jan Beulich +Committed-by: Jan Beulich + +--- a/xen/arch/x86/irq.c ++++ b/xen/arch/x86/irq.c +@@ -1942,9 +1942,6 @@ int map_domain_pirq( + spin_lock_irqsave(&desc->lock, flags); + set_domain_irq_pirq(d, irq, info); + spin_unlock_irqrestore(&desc->lock, flags); +- +- if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV ) +- printk(XENLOG_INFO "Per-device vector maps for GSIs not implemented yet.\n"); + } + + done: +--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c +@@ -204,6 +204,8 @@ int __init amd_iov_detect(void) + { + printk("AMD-Vi: Not overriding irq_vector_map setting\n"); + } ++ if ( !amd_iommu_perdev_intremap ) ++ printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is not recommended (see XSA-36)!\n"); + return scan_pci_devices(); + } + +--- a/xen/drivers/passthrough/iommu.c ++++ b/xen/drivers/passthrough/iommu.c +@@ -52,7 +52,7 @@ bool_t __read_mostly iommu_qinval = 1; + bool_t __read_mostly iommu_intremap = 1; + bool_t __read_mostly iommu_hap_pt_share = 1; + bool_t __read_mostly iommu_debug; +-bool_t __read_mostly amd_iommu_perdev_intremap; ++bool_t __read_mostly amd_iommu_perdev_intremap = 1; + + DEFINE_PER_CPU(bool_t, iommu_dont_flush_iotlb); + diff --git a/26526-pvdrv-no-devinit.patch b/26526-pvdrv-no-devinit.patch new file mode 100644 index 0000000..c3903db --- /dev/null +++ b/26526-pvdrv-no-devinit.patch @@ -0,0 +1,37 @@ +# HG changeset patch +# User Olaf Hering +# Date 1360664991 -3600 +# Node ID a37aa55c3cbcb0e8340b4985314ef8fb31d7610b +# Parent 9af6e566befe5516e66b62197813aa22e1d7122c +unmodified_drivers: __devinit was removed in linux-3.8 + +Signed-off-by: Olaf Hering + +Merge with __init handling. + +Signed-off-by: Jan Beulich +Committed-by: Jan Beulich + +--- a/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h ++++ b/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h +@@ -13,10 +13,19 @@ + #define DEFINE_SPINLOCK(x) spinlock_t x = SPIN_LOCK_UNLOCKED + #endif + +-#if defined(_LINUX_INIT_H) && !defined(__init) ++#ifdef _LINUX_INIT_H ++ ++#ifndef __init + #define __init + #endif + ++#ifndef __devinit ++#define __devinit ++#define __devinitdata ++#endif ++ ++#endif /* _LINUX_INIT_H */ ++ + #if defined(__LINUX_CACHE_H) && !defined(__read_mostly) + #define __read_mostly + #endif diff --git a/26529-gcc48-build-fix.patch b/26529-gcc48-build-fix.patch new file mode 100644 index 0000000..4fbadc6 --- /dev/null +++ b/26529-gcc48-build-fix.patch @@ -0,0 +1,21 @@ +# HG changeset patch +# User Keir Fraser +# Date 1360775011 0 +# Node ID 97b7e546e2e4a021491e198a33f7d685550ebc73 +# Parent 742dde457258422a3d08e3ddbf9a7eae55c93acb +gcc4.8 build fix: Add -Wno-unused-local-typedefs to CFLAGS. + +Based on a patch by M A Young + +Signed-off-by: Keir Fraser + +--- a/Config.mk ++++ b/Config.mk +@@ -166,6 +166,7 @@ CFLAGS-$(clang) += -Wno-parentheses -Wno + $(call cc-option-add,HOSTCFLAGS,HOSTCC,-Wdeclaration-after-statement) + $(call cc-option-add,CFLAGS,CC,-Wdeclaration-after-statement) + $(call cc-option-add,CFLAGS,CC,-Wno-unused-but-set-variable) ++$(call cc-option-add,CFLAGS,CC,-Wno-unused-local-typedefs) + + LDFLAGS += $(foreach i, $(EXTRA_LIB), -L$(i)) + CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i)) diff --git a/26531-AMD-IOMMU-IVHD-special-missing.patch b/26531-AMD-IOMMU-IVHD-special-missing.patch new file mode 100644 index 0000000..4e2da89 --- /dev/null +++ b/26531-AMD-IOMMU-IVHD-special-missing.patch @@ -0,0 +1,127 @@ +References: CVE-2013-0153 XSA-36 bnc#800275 + +# HG changeset patch +# User Jan Beulich +# Date 1360831252 -3600 +# Node ID e68f14b9e73925e9d404e517ba510f73fe472e4e +# Parent c43be17eec0602015fc6461d1f13c992ba330c20 +AMD IOMMU: also spot missing IO-APIC entries in IVRS table + +Apart from dealing duplicate conflicting entries, we also have to +handle firmware omitting IO-APIC entries in IVRS altogether. Not doing +so has resulted in c/s 26517:601139e2b0db to crash such systems during +boot (whereas with the change here the IOMMU gets disabled just as is +being done in the other cases, i.e. unless global tables are being +used). + +Debugging this issue has also pointed out that the debug log output is +pretty ugly to look at - consolidate the output, and add one extra +item for the IVHD special entries, so that future issues are easier +to analyze. + +Signed-off-by: Jan Beulich +Tested-by: Sander Eikelenboom +Acked-by: Ian Campbell + +--- a/xen/drivers/passthrough/amd/iommu_acpi.c ++++ b/xen/drivers/passthrough/amd/iommu_acpi.c +@@ -352,9 +352,8 @@ static int __init parse_ivmd_block(const + base = start_addr & PAGE_MASK; + limit = (start_addr + mem_length - 1) & PAGE_MASK; + +- AMD_IOMMU_DEBUG("IVMD Block: Type 0x%x\n",ivmd_block->header.type); +- AMD_IOMMU_DEBUG(" Start_Addr_Phys 0x%lx\n", start_addr); +- AMD_IOMMU_DEBUG(" Mem_Length 0x%lx\n", mem_length); ++ AMD_IOMMU_DEBUG("IVMD Block: type %#x phys %#lx len %#lx\n", ++ ivmd_block->header.type, start_addr, mem_length); + + if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) + iw = ir = IOMMU_CONTROL_ENABLED; +@@ -549,8 +548,8 @@ static u16 __init parse_ivhd_device_alia + return 0; + } + +- AMD_IOMMU_DEBUG(" Dev_Id Range: 0x%x -> 0x%x\n", first_bdf, last_bdf); +- AMD_IOMMU_DEBUG(" Dev_Id Alias: 0x%x\n", alias_id); ++ AMD_IOMMU_DEBUG(" Dev_Id Range: %#x -> %#x alias %#x\n", ++ first_bdf, last_bdf, alias_id); + + for ( bdf = first_bdf; bdf <= last_bdf; bdf++ ) + add_ivrs_mapping_entry(bdf, alias_id, range->alias.header.data_setting, +@@ -652,6 +651,9 @@ static u16 __init parse_ivhd_device_spec + return 0; + } + ++ AMD_IOMMU_DEBUG("IVHD Special: %04x:%02x:%02x.%u variety %#x handle %#x\n", ++ seg, PCI_BUS(bdf), PCI_SLOT(bdf), PCI_FUNC(bdf), ++ special->variety, special->handle); + add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, iommu); + + if ( special->variety != ACPI_IVHD_IOAPIC ) +@@ -737,10 +739,9 @@ static int __init parse_ivhd_block(const + { + ivhd_device = (const void *)((const u8 *)ivhd_block + block_length); + +- AMD_IOMMU_DEBUG( "IVHD Device Entry:\n"); +- AMD_IOMMU_DEBUG( " Type 0x%x\n", ivhd_device->header.type); +- AMD_IOMMU_DEBUG( " Dev_Id 0x%x\n", ivhd_device->header.id); +- AMD_IOMMU_DEBUG( " Flags 0x%x\n", ivhd_device->header.data_setting); ++ AMD_IOMMU_DEBUG("IVHD Device Entry: type %#x id %#x flags %#x\n", ++ ivhd_device->header.type, ivhd_device->header.id, ++ ivhd_device->header.data_setting); + + switch ( ivhd_device->header.type ) + { +@@ -869,6 +870,7 @@ static int __init parse_ivrs_table(struc + { + const struct acpi_ivrs_header *ivrs_block; + unsigned long length; ++ unsigned int apic; + int error = 0; + + BUG_ON(!table); +@@ -882,11 +884,9 @@ static int __init parse_ivrs_table(struc + { + ivrs_block = (struct acpi_ivrs_header *)((u8 *)table + length); + +- AMD_IOMMU_DEBUG("IVRS Block:\n"); +- AMD_IOMMU_DEBUG(" Type 0x%x\n", ivrs_block->type); +- AMD_IOMMU_DEBUG(" Flags 0x%x\n", ivrs_block->flags); +- AMD_IOMMU_DEBUG(" Length 0x%x\n", ivrs_block->length); +- AMD_IOMMU_DEBUG(" Dev_Id 0x%x\n", ivrs_block->device_id); ++ AMD_IOMMU_DEBUG("IVRS Block: type %#x flags %#x len %#x id %#x\n", ++ ivrs_block->type, ivrs_block->flags, ++ ivrs_block->length, ivrs_block->device_id); + + if ( table->length < (length + ivrs_block->length) ) + { +@@ -901,6 +901,29 @@ static int __init parse_ivrs_table(struc + length += ivrs_block->length; + } + ++ /* Each IO-APIC must have been mentioned in the table. */ ++ for ( apic = 0; !error && apic < nr_ioapics; ++apic ) ++ { ++ if ( !nr_ioapic_entries[apic] || ++ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) ++ continue; ++ ++ printk(XENLOG_ERR "IVHD Error: no information for IO-APIC %#x\n", ++ IO_APIC_ID(apic)); ++ if ( amd_iommu_perdev_intremap ) ++ error = -ENXIO; ++ else ++ { ++ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup = xzalloc_array( ++ unsigned long, BITS_TO_LONGS(nr_ioapic_entries[apic])); ++ if ( !ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) ++ { ++ printk(XENLOG_ERR "IVHD Error: Out of memory\n"); ++ error = -ENOMEM; ++ } ++ } ++ } ++ + return error; + } + diff --git a/26532-AMD-IOMMU-phantom-MSI.patch b/26532-AMD-IOMMU-phantom-MSI.patch new file mode 100644 index 0000000..1d82aad --- /dev/null +++ b/26532-AMD-IOMMU-phantom-MSI.patch @@ -0,0 +1,137 @@ +References: bnc#787169 + +# HG changeset patch +# User Jan Beulich +# Date 1360831377 -3600 +# Node ID 788f4551580d476e13ea907e373e58806a32179e +# Parent e68f14b9e73925e9d404e517ba510f73fe472e4e +AMD IOMMU: handle MSI for phantom functions + +With ordinary requests allowed to come from phantom functions, the +remapping tables ought to be set up to also allow for MSI triggers to +come from other than the "real" device too. + +It is not clear to me whether the alias-ID handling also needs +adjustment for this to work properly, or whether firmware can be +expected to properly express this through a device alias range +descriptor (or multiple device alias ones). + +Signed-off-by: Jan Beulich +Acked-by: Ian Campbell + +--- a/xen/drivers/passthrough/amd/iommu_intr.c ++++ b/xen/drivers/passthrough/amd/iommu_intr.c +@@ -284,33 +284,32 @@ void amd_iommu_ioapic_update_ire( + } + + static void update_intremap_entry_from_msi_msg( +- struct amd_iommu *iommu, struct pci_dev *pdev, +- struct msi_desc *msi_desc, struct msi_msg *msg) ++ struct amd_iommu *iommu, u16 bdf, ++ int *remap_index, const struct msi_msg *msg) + { + unsigned long flags; + u32* entry; +- u16 bdf, req_id, alias_id; ++ u16 req_id, alias_id; + u8 delivery_mode, dest, vector, dest_mode; + spinlock_t *lock; + int offset; + +- bdf = (pdev->bus << 8) | pdev->devfn; +- req_id = get_dma_requestor_id(pdev->seg, bdf); +- alias_id = get_intremap_requestor_id(pdev->seg, bdf); ++ req_id = get_dma_requestor_id(iommu->seg, bdf); ++ alias_id = get_intremap_requestor_id(iommu->seg, bdf); + + if ( msg == NULL ) + { + lock = get_intremap_lock(iommu->seg, req_id); + spin_lock_irqsave(lock, flags); +- free_intremap_entry(iommu->seg, req_id, msi_desc->remap_index); ++ free_intremap_entry(iommu->seg, req_id, *remap_index); + spin_unlock_irqrestore(lock, flags); + + if ( ( req_id != alias_id ) && +- get_ivrs_mappings(pdev->seg)[alias_id].intremap_table != NULL ) ++ get_ivrs_mappings(iommu->seg)[alias_id].intremap_table != NULL ) + { + lock = get_intremap_lock(iommu->seg, alias_id); + spin_lock_irqsave(lock, flags); +- free_intremap_entry(iommu->seg, alias_id, msi_desc->remap_index); ++ free_intremap_entry(iommu->seg, alias_id, *remap_index); + spin_unlock_irqrestore(lock, flags); + } + goto done; +@@ -324,7 +323,10 @@ static void update_intremap_entry_from_m + vector = (msg->data >> MSI_DATA_VECTOR_SHIFT) & MSI_DATA_VECTOR_MASK; + dest = (msg->address_lo >> MSI_ADDR_DEST_ID_SHIFT) & 0xff; + offset = get_intremap_offset(vector, delivery_mode); +- msi_desc->remap_index = offset; ++ if ( *remap_index < 0) ++ *remap_index = offset; ++ else ++ BUG_ON(*remap_index != offset); + + entry = (u32*)get_intremap_entry(iommu->seg, req_id, offset); + update_intremap_entry(entry, vector, delivery_mode, dest_mode, dest); +@@ -339,7 +341,7 @@ static void update_intremap_entry_from_m + + lock = get_intremap_lock(iommu->seg, alias_id); + if ( ( req_id != alias_id ) && +- get_ivrs_mappings(pdev->seg)[alias_id].intremap_table != NULL ) ++ get_ivrs_mappings(iommu->seg)[alias_id].intremap_table != NULL ) + { + spin_lock_irqsave(lock, flags); + entry = (u32*)get_intremap_entry(iommu->seg, alias_id, offset); +@@ -362,27 +364,44 @@ void amd_iommu_msi_msg_update_ire( + struct msi_desc *msi_desc, struct msi_msg *msg) + { + struct pci_dev *pdev = msi_desc->dev; ++ int bdf = PCI_BDF2(pdev->bus, pdev->devfn); + struct amd_iommu *iommu = NULL; + + if ( !iommu_intremap ) + return; + +- iommu = find_iommu_for_device(pdev->seg, (pdev->bus << 8) | pdev->devfn); +- ++ iommu = find_iommu_for_device(pdev->seg, bdf); + if ( !iommu ) + { +- AMD_IOMMU_DEBUG("Fail to find iommu for MSI device id = 0x%x\n", +- (pdev->bus << 8) | pdev->devfn); ++ AMD_IOMMU_DEBUG("Fail to find iommu for MSI device id = 0x%x\n", bdf); + return; + } + + if ( msi_desc->remap_index >= 0 ) +- update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, NULL); ++ { ++ do { ++ update_intremap_entry_from_msi_msg(iommu, bdf, ++ &msi_desc->remap_index, NULL); ++ if ( !pdev || !pdev->phantom_stride ) ++ break; ++ bdf += pdev->phantom_stride; ++ } while ( PCI_SLOT(bdf) == PCI_SLOT(pdev->devfn) ); ++ ++ msi_desc->remap_index = -1; ++ if ( pdev ) ++ bdf = PCI_BDF2(pdev->bus, pdev->devfn); ++ } + + if ( !msg ) + return; + +- update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, msg); ++ do { ++ update_intremap_entry_from_msi_msg(iommu, bdf, &msi_desc->remap_index, ++ msg); ++ if ( !pdev || !pdev->phantom_stride ) ++ break; ++ bdf += pdev->phantom_stride; ++ } while ( PCI_SLOT(bdf) == PCI_SLOT(pdev->devfn) ); + } + + void amd_iommu_read_msi_from_ire( diff --git a/26536-xenoprof-div-by-0.patch b/26536-xenoprof-div-by-0.patch new file mode 100644 index 0000000..da857ab --- /dev/null +++ b/26536-xenoprof-div-by-0.patch @@ -0,0 +1,39 @@ +# HG changeset patch +# User Tim Deegan +# Date 1360917722 -3600 +# Node ID 0cca8a18432f08b342d76a753aa98559d892f592 +# Parent 7af3c38ae187b351c5cea58e9eee482b50d814d8 +xenoprof: avoid division by 0 + +Signed-off-by: Tim Deegan +Acked-by: Jan Beulich +Acked-by: Keir Fraser +Committed-by: Jan Beulich + +--- a/xen/common/xenoprof.c ++++ b/xen/common/xenoprof.c +@@ -193,6 +193,13 @@ static int alloc_xenoprof_struct( + unsigned max_max_samples; + int i; + ++ nvcpu = 0; ++ for_each_vcpu ( d, v ) ++ nvcpu++; ++ ++ if ( !nvcpu ) ++ return -EINVAL; ++ + d->xenoprof = xzalloc(struct xenoprof); + if ( d->xenoprof == NULL ) + { +@@ -209,10 +216,6 @@ static int alloc_xenoprof_struct( + return -ENOMEM; + } + +- nvcpu = 0; +- for_each_vcpu ( d, v ) +- nvcpu++; +- + bufsize = sizeof(struct xenoprof_buf); + i = sizeof(struct event_log); + #ifdef CONFIG_COMPAT diff --git a/26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch b/26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch new file mode 100644 index 0000000..2f78331 --- /dev/null +++ b/26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch @@ -0,0 +1,26 @@ +changeset: 26547:8285d20a6f5b +user: Olaf Hering +date: Fri Feb 15 13:32:11 2013 +0000 +files: tools/libxc/xtl_logger_stdio.c +description: +tools/xc: fix logic error in stdiostream_progress + +Setting XTL_STDIOSTREAM_HIDE_PROGRESS should disable progress reporting. + +Signed-off-by: Olaf Hering +Acked-by: Ian Campbell +Committed-by: Ian Campbell + + +diff -r 0141aeb86b79 -r 8285d20a6f5b tools/libxc/xtl_logger_stdio.c +--- a/tools/libxc/xtl_logger_stdio.c Fri Feb 15 13:32:10 2013 +0000 ++++ b/tools/libxc/xtl_logger_stdio.c Fri Feb 15 13:32:11 2013 +0000 +@@ -89,7 +89,7 @@ static void stdiostream_progress(struct + int newpel, extra_erase; + xentoollog_level this_level; + +- if (!(lg->flags & XTL_STDIOSTREAM_HIDE_PROGRESS)) ++ if (lg->flags & XTL_STDIOSTREAM_HIDE_PROGRESS) + return; + + if (percent < lg->progress_last_percent) { diff --git a/26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch b/26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch new file mode 100644 index 0000000..aaf4335 --- /dev/null +++ b/26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch @@ -0,0 +1,62 @@ +changeset: 26548:e7d9bac5c11d +user: Olaf Hering +date: Fri Feb 15 13:32:11 2013 +0000 +files: tools/libxc/xtl_logger_stdio.c +description: +tools/xc: handle tty output differently in stdiostream_progress + +If the output goes to a tty, rewind the cursor and print everything in a +single line as it was done up to now. If the output goes to a file or +pipe print a newline after each progress output. This will fix logging +of progress messages from xc_save to xend.log. + +To support XTL_STDIOSTREAM_SHOW_PID or XTL_STDIOSTREAM_SHOW_DATE print +the output via vmessage if the output is not a tty. + +Signed-off-by: Olaf Hering +Acked-by: Ian Campbell +Committed-by: Ian Campbell + + +diff -r 8285d20a6f5b -r e7d9bac5c11d tools/libxc/xtl_logger_stdio.c +--- a/tools/libxc/xtl_logger_stdio.c Fri Feb 15 13:32:11 2013 +0000 ++++ b/tools/libxc/xtl_logger_stdio.c Fri Feb 15 13:32:11 2013 +0000 +@@ -81,6 +81,17 @@ static void stdiostream_vmessage(xentool + fflush(lg->f); + } + ++static void stdiostream_message(struct xentoollog_logger *logger_in, ++ xentoollog_level level, ++ const char *context, ++ const char *format, ...) ++{ ++ va_list al; ++ va_start(al,format); ++ stdiostream_vmessage(logger_in, level, -1, context, format, al); ++ va_end(al); ++} ++ + static void stdiostream_progress(struct xentoollog_logger *logger_in, + const char *context, + const char *doing_what, int percent, +@@ -105,11 +116,18 @@ static void stdiostream_progress(struct + if (this_level < lg->min_level) + return; + ++ lg->progress_last_percent = percent; ++ ++ if (isatty(fileno(lg->f)) <= 0) { ++ stdiostream_message(logger_in, this_level, context, ++ "%s: %lu/%lu %3d%%", ++ doing_what, done, total, percent); ++ return; ++ } ++ + if (lg->progress_erase_len) + putc('\r', lg->f); + +- lg->progress_last_percent = percent; +- + newpel = fprintf(lg->f, "%s%s" "%s: %lu/%lu %3d%%%s", + context?context:"", context?": ":"", + doing_what, done, total, percent, diff --git a/26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch b/26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch new file mode 100644 index 0000000..377ece2 --- /dev/null +++ b/26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch @@ -0,0 +1,36 @@ +changeset: 26549:d2991367ecd2 +user: Olaf Hering +date: Fri Feb 15 13:32:12 2013 +0000 +files: tools/libxc/xenguest.h +description: +tools/xc: turn XCFLAGS_* into shifts + +to make it clear that these are bits and to make it easier to use in +xend code. + +Signed-off-by: Olaf Hering +Acked-by: Ian Campbell +Committed-by: Ian Campbell + + +diff -r e7d9bac5c11d -r d2991367ecd2 tools/libxc/xenguest.h +--- a/tools/libxc/xenguest.h Fri Feb 15 13:32:11 2013 +0000 ++++ b/tools/libxc/xenguest.h Fri Feb 15 13:32:12 2013 +0000 +@@ -23,11 +23,12 @@ + #ifndef XENGUEST_H + #define XENGUEST_H + +-#define XCFLAGS_LIVE 1 +-#define XCFLAGS_DEBUG 2 +-#define XCFLAGS_HVM 4 +-#define XCFLAGS_STDVGA 8 +-#define XCFLAGS_CHECKPOINT_COMPRESS 16 ++#define XCFLAGS_LIVE (1 << 0) ++#define XCFLAGS_DEBUG (1 << 1) ++#define XCFLAGS_HVM (1 << 2) ++#define XCFLAGS_STDVGA (1 << 3) ++#define XCFLAGS_CHECKPOINT_COMPRESS (1 << 4) ++ + #define X86_64_B_SIZE 64 + #define X86_32_B_SIZE 32 + diff --git a/26550-tools-xc_restore_logging_in_xc_save.patch b/26550-tools-xc_restore_logging_in_xc_save.patch new file mode 100644 index 0000000..785e8bb --- /dev/null +++ b/26550-tools-xc_restore_logging_in_xc_save.patch @@ -0,0 +1,58 @@ +changeset: 26550:e6c373fcb73e +user: Olaf Hering +date: Fri Feb 15 13:32:13 2013 +0000 +files: tools/xcutils/xc_save.c +description: +tools/xc: restore logging in xc_save + +Prior to xen-4.1 the helper xc_save would print some progress during +migration. With the new xc_interface_open API no more messages were +printed because no logger was configured. + +Restore previous behaviour by providing a logger. The progress in +xc_domain_save will be disabled because it generates alot of output and +fills up xend.log quickly. + +Signed-off-by: Olaf Hering +Acked-by: Ian Campbell +Committed-by: Ian Campbell + + +diff -r d2991367ecd2 -r e6c373fcb73e tools/xcutils/xc_save.c +--- a/tools/xcutils/xc_save.c Fri Feb 15 13:32:12 2013 +0000 ++++ b/tools/xcutils/xc_save.c Fri Feb 15 13:32:13 2013 +0000 +@@ -166,17 +166,15 @@ static int switch_qemu_logdirty(int domi + int + main(int argc, char **argv) + { +- unsigned int maxit, max_f; ++ unsigned int maxit, max_f, lflags; + int io_fd, ret, port; + struct save_callbacks callbacks; ++ xentoollog_level lvl; ++ xentoollog_logger *l; + + if (argc != 6) + errx(1, "usage: %s iofd domid maxit maxf flags", argv[0]); + +- si.xch = xc_interface_open(0,0,0); +- if (!si.xch) +- errx(1, "failed to open control interface"); +- + io_fd = atoi(argv[1]); + si.domid = atoi(argv[2]); + maxit = atoi(argv[3]); +@@ -185,6 +183,13 @@ main(int argc, char **argv) + + si.suspend_evtchn = -1; + ++ lvl = si.flags & XCFLAGS_DEBUG ? XTL_DEBUG: XTL_DETAIL; ++ lflags = XTL_STDIOSTREAM_HIDE_PROGRESS; ++ l = (xentoollog_logger *)xtl_createlogger_stdiostream(stderr, lvl, lflags); ++ si.xch = xc_interface_open(l, 0, 0); ++ if (!si.xch) ++ errx(1, "failed to open control interface"); ++ + si.xce = xc_evtchn_open(NULL, 0); + if (si.xce == NULL) + warnx("failed to open event channel handle"); diff --git a/26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch b/26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch new file mode 100644 index 0000000..997dd93 --- /dev/null +++ b/26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch @@ -0,0 +1,111 @@ +changeset: 26551:48f9436959dd +user: Olaf Hering +date: Fri Feb 15 13:32:13 2013 +0000 +files: tools/libxc/xc_domain_restore.c tools/libxc/xc_domain_save.c tools/xcutils/xc_restore.c tools/xcutils/xc_save.c +description: +tools/xc: log pid in xc_save/xc_restore output + +If several migrations log their output to xend.log its not clear which +line belongs to a which guest. Print entry/exit of xc_save and +xc_restore and also request to print pid with each log call. + +Signed-off-by: Olaf Hering +Acked-by: Ian Campbell +Committed-by: Ian Campbell + + +Index: xen-4.2.1-testing/tools/libxc/xc_domain_restore.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_restore.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_restore.c +@@ -1382,6 +1382,8 @@ int xc_domain_restore(xc_interface *xch, + struct restore_ctx *ctx = &_ctx; + struct domain_info_context *dinfo = &ctx->dinfo; + ++ DPRINTF("%s: starting restore of new domid %u", __func__, dom); ++ + pagebuf_init(&pagebuf); + memset(&tailbuf, 0, sizeof(tailbuf)); + tailbuf.ishvm = hvm; +@@ -1408,7 +1410,7 @@ int xc_domain_restore(xc_interface *xch, + PERROR("read: p2m_size"); + goto out; + } +- DPRINTF("xc_domain_restore start: p2m_size = %lx\n", dinfo->p2m_size); ++ DPRINTF("%s: p2m_size = %lx\n", __func__, dinfo->p2m_size); + + if ( !get_platform_info(xch, dom, + &ctx->max_mfn, &ctx->hvirt_start, &ctx->pt_levels, &dinfo->guest_width) ) +@@ -2215,7 +2217,7 @@ int xc_domain_restore(xc_interface *xch, + + fcntl(io_fd, F_SETFL, orig_io_fd_flags); + +- DPRINTF("Restore exit with rc=%d\n", rc); ++ DPRINTF("Restore exit of domid %u with rc=%d\n", dom, rc); + + return rc; + } +Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c +@@ -897,6 +897,8 @@ int xc_domain_save(xc_interface *xch, in + + int completed = 0; + ++ DPRINTF("%s: starting save of domid %u", __func__, dom); ++ + if ( hvm && !callbacks->switch_qemu_logdirty ) + { + ERROR("No switch_qemu_logdirty callback provided."); +@@ -2112,7 +2114,7 @@ int xc_domain_save(xc_interface *xch, in + free(pfn_err); + free(to_fix); + +- DPRINTF("Save exit rc=%d\n",rc); ++ DPRINTF("Save exit of domid %u with rc=%d\n", dom, rc); + + return !!rc; + } +Index: xen-4.2.1-testing/tools/xcutils/xc_restore.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/xcutils/xc_restore.c ++++ xen-4.2.1-testing/tools/xcutils/xc_restore.c +@@ -19,17 +19,22 @@ int + main(int argc, char **argv) + { + unsigned int domid, store_evtchn, console_evtchn; +- unsigned int hvm, pae, apic; ++ unsigned int hvm, pae, apic, lflags; + xc_interface *xch; + int io_fd, ret; + int superpages; + unsigned long store_mfn, console_mfn; ++ xentoollog_level lvl; ++ xentoollog_logger *l; + + if ( (argc != 8) && (argc != 9) ) + errx(1, "usage: %s iofd domid store_evtchn " + "console_evtchn hvm pae apic [superpages]", argv[0]); + +- xch = xc_interface_open(0,0,0); ++ lvl = XTL_DETAIL; ++ lflags = XTL_STDIOSTREAM_SHOW_PID | XTL_STDIOSTREAM_HIDE_PROGRESS; ++ l = (xentoollog_logger *)xtl_createlogger_stdiostream(stderr, lvl, lflags); ++ xch = xc_interface_open(l, 0, 0); + if ( !xch ) + errx(1, "failed to open control interface"); + +Index: xen-4.2.1-testing/tools/xcutils/xc_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/xcutils/xc_save.c ++++ xen-4.2.1-testing/tools/xcutils/xc_save.c +@@ -184,7 +184,7 @@ main(int argc, char **argv) + si.suspend_evtchn = -1; + + lvl = si.flags & XCFLAGS_DEBUG ? XTL_DEBUG: XTL_DETAIL; +- lflags = XTL_STDIOSTREAM_HIDE_PROGRESS; ++ lflags = XTL_STDIOSTREAM_SHOW_PID | XTL_STDIOSTREAM_HIDE_PROGRESS; + l = (xentoollog_logger *)xtl_createlogger_stdiostream(stderr, lvl, lflags); + si.xch = xc_interface_open(l, 0, 0); + if (!si.xch) diff --git a/26554-hvm-firmware-passthrough.patch b/26554-hvm-firmware-passthrough.patch new file mode 100644 index 0000000..3f5af46 --- /dev/null +++ b/26554-hvm-firmware-passthrough.patch @@ -0,0 +1,45 @@ +# HG changeset patch +# User Ross Philipson +# Date 1360935136 0 +# Node ID 3124ab7855fd7d4e0f3ea125cb21b60d693e8800 +# Parent 71c15ae0998378b5c117bbd27a48015757685706 +libxl: switch to using the new xc_hvm_build() libxc API. + +Signed-off-by: Ross Philipson +Acked-by: Ian Campbell +Committed-by: Ian Campbell + +diff -r 71c15ae09983 -r 3124ab7855fd tools/libxl/libxl_dom.c +--- a/tools/libxl/libxl_dom.c Fri Feb 15 13:32:15 2013 +0000 ++++ b/tools/libxl/libxl_dom.c Fri Feb 15 13:32:16 2013 +0000 +@@ -542,17 +542,24 @@ int libxl__build_hvm(libxl__gc *gc, uint + libxl__domain_build_state *state) + { + libxl_ctx *ctx = libxl__gc_owner(gc); ++ struct xc_hvm_build_args args = {}; + int ret, rc = ERROR_FAIL; + const char *firmware = libxl__domain_firmware(gc, info); + + if (!firmware) + goto out; +- ret = xc_hvm_build_target_mem( +- ctx->xch, +- domid, +- (info->max_memkb - info->video_memkb) / 1024, +- (info->target_memkb - info->video_memkb) / 1024, +- firmware); ++ ++ memset(&args, 0, sizeof(struct xc_hvm_build_args)); ++ /* The params from the configuration file are in Mb, which are then ++ * multiplied by 1 Kb. This was then divided off when calling ++ * the old xc_hvm_build_target_mem() which then turned them to bytes. ++ * Do all this in one step here... ++ */ ++ args.mem_size = (uint64_t)(info->max_memkb - info->video_memkb) << 10; ++ args.mem_target = (uint64_t)(info->target_memkb - info->video_memkb) << 10; ++ args.image_file_name = firmware; ++ ++ ret = xc_hvm_build(ctx->xch, domid, &args); + if (ret) { + LIBXL__LOG_ERRNOVAL(ctx, LIBXL__LOG_ERROR, ret, "hvm building failed"); + goto out; diff --git a/26555-hvm-firmware-passthrough.patch b/26555-hvm-firmware-passthrough.patch new file mode 100644 index 0000000..f768385 --- /dev/null +++ b/26555-hvm-firmware-passthrough.patch @@ -0,0 +1,314 @@ +# HG changeset patch +# User Ross Philipson +# Date 1360935136 0 +# Node ID 17a228e37ec0913ff86b8b5f2d88f1b8e92146f1 +# Parent 3124ab7855fd7d4e0f3ea125cb21b60d693e8800 +libxl: HVM firmware passthrough support + +This patch introduces support for two new parameters in libxl: + +smbios_firmware= +acpi_firmware= + +The changes are primarily in the domain building code where the firmware files +are read and passed to libxc for loading into the new guest. After the domain +building call to libxc, the addresses for the loaded blobs are returned and +written to xenstore. + +LIBXL_HAVE_FIRMWARE_PASSTHROUGH is defined in libxl.h to allow users to +determine if the feature is present. + +This patch also updates the xl.cfg man page with descriptions of the two new +parameters for firmware passthrough. + +Signed-off-by: Ross Philipson +Acked-by: Ian Campbell +Committed-by: Ian Campbell + +Index: xen-4.2.1-testing/docs/man/xl.cfg.pod.5 +=================================================================== +--- xen-4.2.1-testing.orig/docs/man/xl.cfg.pod.5 ++++ xen-4.2.1-testing/docs/man/xl.cfg.pod.5 +@@ -637,6 +637,25 @@ of Xen) within a Xen guest or to support + which uses hardware virtualisation extensions (e.g. Windows XP + compatibility mode on more modern Windows OS). + ++=item B ++ ++Specify a path to a file that contains extra ACPI firmware tables to pass in to ++a guest. The file can contain several tables in their binary AML form ++concatenated together. Each table self describes its length so no additional ++information is needed. These tables will be added to the ACPI table set in the ++guest. Note that existing tables cannot be overridden by this feature. For ++example this cannot be used to override tables like DSDT, FADT, etc. ++ ++=item B ++ ++Specify a path to a file that contains extra SMBIOS firmware structures to pass ++in to a guest. The file can contain a set DMTF predefined structures which will ++override the internal defaults. Not all predefined structures can be overridden, ++only the following types: 0, 1, 2, 3, 11, 22, 39. The file can also contain any ++number of vendor defined SMBIOS structures (type 128 - 255). Since SMBIOS ++structures do not present their overall size, each entry in the file must be ++preceded by a 32b integer indicating the size of the next structure. ++ + =back + + =head3 Guest Virtual Time Controls +Index: xen-4.2.1-testing/tools/libxl/libxl.h +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxl/libxl.h ++++ xen-4.2.1-testing/tools/libxl/libxl.h +@@ -68,6 +68,13 @@ + */ + + /* ++ * LIBXL_HAVE_FIRMWARE_PASSTHROUGH indicates the feature for ++ * passing in SMBIOS and ACPI firmware to HVM guests is present ++ * in the library. ++ */ ++#define LIBXL_HAVE_FIRMWARE_PASSTHROUGH 1 ++ ++/* + * libxl ABI compatibility + * + * The only guarantee which libxl makes regarding ABI compatibility +Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxl/libxl_dom.c ++++ xen-4.2.1-testing/tools/libxl/libxl_dom.c +@@ -21,6 +21,7 @@ + + #include + #include ++#include + + libxl_domain_type libxl__domain_type(libxl__gc *gc, uint32_t domid) + { +@@ -510,11 +511,61 @@ static int hvm_build_set_params(xc_inter + return 0; + } + +-static const char *libxl__domain_firmware(libxl__gc *gc, +- libxl_domain_build_info *info) ++static int hvm_build_set_xs_values(libxl__gc *gc, ++ uint32_t domid, ++ struct xc_hvm_build_args *args) ++{ ++ char *path = NULL; ++ int ret = 0; ++ ++ if (args->smbios_module.guest_addr_out) { ++ path = GCSPRINTF("/local/domain/%d/"HVM_XS_SMBIOS_PT_ADDRESS, domid); ++ ++ ret = libxl__xs_write(gc, XBT_NULL, path, "0x%"PRIx64, ++ args->smbios_module.guest_addr_out); ++ if (ret) ++ goto err; ++ ++ path = GCSPRINTF("/local/domain/%d/"HVM_XS_SMBIOS_PT_LENGTH, domid); ++ ++ ret = libxl__xs_write(gc, XBT_NULL, path, "0x%x", ++ args->smbios_module.length); ++ if (ret) ++ goto err; ++ } ++ ++ if (args->acpi_module.guest_addr_out) { ++ path = GCSPRINTF("/local/domain/%d/"HVM_XS_ACPI_PT_ADDRESS, domid); ++ ++ ret = libxl__xs_write(gc, XBT_NULL, path, "0x%"PRIx64, ++ args->acpi_module.guest_addr_out); ++ if (ret) ++ goto err; ++ ++ path = GCSPRINTF("/local/domain/%d/"HVM_XS_ACPI_PT_LENGTH, domid); ++ ++ ret = libxl__xs_write(gc, XBT_NULL, path, "0x%x", ++ args->acpi_module.length); ++ if (ret) ++ goto err; ++ } ++ ++ return 0; ++ ++err: ++ LOG(ERROR, "failed to write firmware xenstore value, err: %d", ret); ++ return ret; ++} ++ ++static int libxl__domain_firmware(libxl__gc *gc, ++ libxl_domain_build_info *info, ++ struct xc_hvm_build_args *args) + { + libxl_ctx *ctx = libxl__gc_owner(gc); + const char *firmware; ++ int e, rc = ERROR_FAIL; ++ int datalen = 0; ++ void *data; + + if (info->u.hvm.firmware) + firmware = info->u.hvm.firmware; +@@ -528,13 +579,52 @@ static const char *libxl__domain_firmwar + firmware = "hvmloader"; + break; + default: +- LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "invalid device model version %d", +- info->device_model_version); +- return NULL; ++ LOG(ERROR, "invalid device model version %d", ++ info->device_model_version); ++ return ERROR_FAIL; + break; + } + } +- return libxl__abs_path(gc, firmware, libxl__xenfirmwaredir_path()); ++ args->image_file_name = libxl__abs_path(gc, firmware, ++ libxl__xenfirmwaredir_path()); ++ ++ if (info->u.hvm.smbios_firmware) { ++ data = NULL; ++ e = libxl_read_file_contents(ctx, info->u.hvm.smbios_firmware, ++ &data, &datalen); ++ if (e) { ++ LOGEV(ERROR, e, "failed to read SMBIOS firmware file %s", ++ info->u.hvm.smbios_firmware); ++ goto out; ++ } ++ libxl__ptr_add(gc, data); ++ if (datalen) { ++ /* Only accept non-empty files */ ++ args->smbios_module.data = data; ++ args->smbios_module.length = (uint32_t)datalen; ++ } ++ } ++ ++ if (info->u.hvm.acpi_firmware) { ++ data = NULL; ++ e = libxl_read_file_contents(ctx, info->u.hvm.acpi_firmware, ++ &data, &datalen); ++ if (e) { ++ LOGEV(ERROR, e, "failed to read ACPI firmware file %s", ++ info->u.hvm.acpi_firmware); ++ goto out; ++ } ++ libxl__ptr_add(gc, data); ++ if (datalen) { ++ /* Only accept non-empty files */ ++ args->acpi_module.data = data; ++ args->acpi_module.length = (uint32_t)datalen; ++ } ++ } ++ ++ return 0; ++out: ++ return rc; + } + + int libxl__build_hvm(libxl__gc *gc, uint32_t domid, +@@ -544,10 +634,6 @@ int libxl__build_hvm(libxl__gc *gc, uint + libxl_ctx *ctx = libxl__gc_owner(gc); + struct xc_hvm_build_args args = {}; + int ret, rc = ERROR_FAIL; +- const char *firmware = libxl__domain_firmware(gc, info); +- +- if (!firmware) +- goto out; + + memset(&args, 0, sizeof(struct xc_hvm_build_args)); + /* The params from the configuration file are in Mb, which are then +@@ -557,22 +643,34 @@ int libxl__build_hvm(libxl__gc *gc, uint + */ + args.mem_size = (uint64_t)(info->max_memkb - info->video_memkb) << 10; + args.mem_target = (uint64_t)(info->target_memkb - info->video_memkb) << 10; +- args.image_file_name = firmware; ++ ++ if (libxl__domain_firmware(gc, info, &args)) { ++ LOG(ERROR, "initializing domain firmware failed"); ++ goto out; ++ } + + ret = xc_hvm_build(ctx->xch, domid, &args); + if (ret) { +- LIBXL__LOG_ERRNOVAL(ctx, LIBXL__LOG_ERROR, ret, "hvm building failed"); ++ LOGEV(ERROR, ret, "hvm building failed"); + goto out; + } ++ + ret = hvm_build_set_params(ctx->xch, domid, info, state->store_port, + &state->store_mfn, state->console_port, + &state->console_mfn, state->store_domid, + state->console_domid); + if (ret) { +- LIBXL__LOG_ERRNOVAL(ctx, LIBXL__LOG_ERROR, ret, "hvm build set params failed"); ++ LOGEV(ERROR, ret, "hvm build set params failed"); + goto out; + } +- rc = 0; ++ ++ ret = hvm_build_set_xs_values(gc, domid, &args); ++ if (ret) { ++ LOG(ERROR, "hvm build set xenstore values failed (ret=%d)", ret); ++ goto out; ++ } ++ ++ return 0; + out: + return rc; + } +@@ -634,7 +732,7 @@ int libxl__toolstack_restore(uint32_t do + + memcpy(&count, ptr, sizeof(count)); + ptr += sizeof(count); +- ++ + if (size < sizeof(version) + sizeof(count) + + count * (sizeof(struct libxl__physmap_info))) { + LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "wrong size"); +@@ -809,7 +907,7 @@ static void switch_logdirty_xswatch(libx + rc = libxl__xs_rm_checked(gc, t, lds->ret_path); + if (rc) goto out; + +- rc = libxl__xs_transaction_commit(gc, &t); ++ rc = libxl__xs_transaction_commit(gc, &t); + if (!rc) break; + if (rc<0) goto out; + } +@@ -1281,7 +1379,7 @@ void libxl__xc_domain_save_done(libxl__e + if (type == LIBXL_DOMAIN_TYPE_HVM) { + rc = libxl__domain_suspend_device_model(gc, dss); + if (rc) goto out; +- ++ + libxl__domain_save_device_model(egc, dss, domain_suspend_done); + return; + } +Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxl/libxl_types.idl ++++ xen-4.2.1-testing/tools/libxl/libxl_types.idl +@@ -301,6 +301,8 @@ libxl_domain_build_info = Struct("domain + ("vpt_align", libxl_defbool), + ("timer_mode", libxl_timer_mode), + ("nested_hvm", libxl_defbool), ++ ("smbios_firmware", string), ++ ("acpi_firmware", string), + ("nographic", libxl_defbool), + ("vga", libxl_vga_interface_info), + ("vnc", libxl_vnc_info), +Index: xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxl/xl_cmdimpl.c ++++ xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +@@ -863,6 +863,11 @@ static void parse_config_data(const char + } + + xlu_cfg_get_defbool(config, "nestedhvm", &b_info->u.hvm.nested_hvm, 0); ++ ++ xlu_cfg_replace_string(config, "smbios_firmware", ++ &b_info->u.hvm.smbios_firmware, 0); ++ xlu_cfg_replace_string(config, "acpi_firmware", ++ &b_info->u.hvm.acpi_firmware, 0); + break; + case LIBXL_DOMAIN_TYPE_PV: + { diff --git a/26556-hvm-firmware-passthrough.patch b/26556-hvm-firmware-passthrough.patch new file mode 100644 index 0000000..606b384 --- /dev/null +++ b/26556-hvm-firmware-passthrough.patch @@ -0,0 +1,320 @@ +# HG changeset patch +# User Ross Philipson +# Date 1360935137 0 +# Node ID 6a9549a15108669408123e5e39f52ad09dea1c10 +# Parent 17a228e37ec0913ff86b8b5f2d88f1b8e92146f1 +libxl: Cleanup, use LOG* and GCSPRINTF macro in libxl_dom.c + +Signed-off-by: Ross Philipson +Acked-by: Ian Campbell +Committed-by: Ian Campbell + +Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxl/libxl_dom.c ++++ xen-4.2.1-testing/tools/libxl/libxl_dom.c +@@ -31,8 +31,7 @@ libxl_domain_type libxl__domain_type(lib + + ret = xc_domain_getinfolist(ctx->xch, domid, 1, &info); + if (ret != 1 || info.domain != domid) { +- LIBXL__LOG(CTX, LIBXL__LOG_ERROR, +- "unable to get domain type for domid=%"PRIu32, domid); ++ LOG(ERROR, "unable to get domain type for domid=%"PRIu32, domid); + return LIBXL_DOMAIN_TYPE_INVALID; + } + if (info.flags & XEN_DOMINF_hvm_guest) +@@ -313,20 +312,19 @@ int libxl__build_post(libxl__gc *gc, uin + + ents = libxl__calloc(gc, 12 + (info->max_vcpus * 2) + 2, sizeof(char *)); + ents[0] = "memory/static-max"; +- ents[1] = libxl__sprintf(gc, "%"PRId64, info->max_memkb); ++ ents[1] = GCSPRINTF("%"PRId64, info->max_memkb); + ents[2] = "memory/target"; +- ents[3] = libxl__sprintf(gc, "%"PRId64, +- info->target_memkb - info->video_memkb); ++ ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb); + ents[4] = "memory/videoram"; +- ents[5] = libxl__sprintf(gc, "%"PRId64, info->video_memkb); ++ ents[5] = GCSPRINTF("%"PRId64, info->video_memkb); + ents[6] = "domid"; +- ents[7] = libxl__sprintf(gc, "%d", domid); ++ ents[7] = GCSPRINTF("%d", domid); + ents[8] = "store/port"; +- ents[9] = libxl__sprintf(gc, "%"PRIu32, state->store_port); ++ ents[9] = GCSPRINTF("%"PRIu32, state->store_port); + ents[10] = "store/ring-ref"; +- ents[11] = libxl__sprintf(gc, "%lu", state->store_mfn); ++ ents[11] = GCSPRINTF("%lu", state->store_mfn); + for (i = 0; i < info->max_vcpus; i++) { +- ents[12+(i*2)] = libxl__sprintf(gc, "cpu/%d/availability", i); ++ ents[12+(i*2)] = GCSPRINTF("cpu/%d/availability", i); + ents[12+(i*2)+1] = libxl_bitmap_test(&info->avail_vcpus, i) + ? "online" : "offline"; + } +@@ -335,7 +333,7 @@ int libxl__build_post(libxl__gc *gc, uin + if (info->type == LIBXL_DOMAIN_TYPE_HVM) { + hvm_ents = libxl__calloc(gc, 3, sizeof(char *)); + hvm_ents[0] = "hvmloader/generation-id-address"; +- hvm_ents[1] = libxl__sprintf(gc, "0x%lx", state->vm_generationid_addr); ++ hvm_ents[1] = GCSPRINTF("0x%lx", state->vm_generationid_addr); + } + + dom_path = libxl__xs_get_dompath(gc, domid); +@@ -343,7 +341,7 @@ int libxl__build_post(libxl__gc *gc, uin + return ERROR_FAIL; + } + +- vm_path = xs_read(ctx->xsh, XBT_NULL, libxl__sprintf(gc, "%s/vm", dom_path), NULL); ++ vm_path = xs_read(ctx->xsh, XBT_NULL, GCSPRINTF("%s/vm", dom_path), NULL); + retry_transaction: + t = xs_transaction_start(ctx->xsh); + +@@ -374,7 +372,7 @@ int libxl__build_pv(libxl__gc *gc, uint3 + + dom = xc_dom_allocate(ctx->xch, state->pv_cmdline, info->u.pv.features); + if (!dom) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_allocate failed"); ++ LOGE(ERROR, "xc_dom_allocate failed"); + return ERROR_FAIL; + } + +@@ -384,13 +382,13 @@ int libxl__build_pv(libxl__gc *gc, uint3 + state->pv_kernel.data, + state->pv_kernel.size); + if ( ret != 0) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_kernel_mem failed"); ++ LOGE(ERROR, "xc_dom_kernel_mem failed"); + goto out; + } + } else { + ret = xc_dom_kernel_file(dom, state->pv_kernel.path); + if ( ret != 0) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_kernel_file failed"); ++ LOGE(ERROR, "xc_dom_kernel_file failed"); + goto out; + } + } +@@ -398,12 +396,12 @@ int libxl__build_pv(libxl__gc *gc, uint3 + if ( state->pv_ramdisk.path && strlen(state->pv_ramdisk.path) ) { + if (state->pv_ramdisk.mapped) { + if ( (ret = xc_dom_ramdisk_mem(dom, state->pv_ramdisk.data, state->pv_ramdisk.size)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_ramdisk_mem failed"); ++ LOGE(ERROR, "xc_dom_ramdisk_mem failed"); + goto out; + } + } else { + if ( (ret = xc_dom_ramdisk_file(dom, state->pv_ramdisk.path)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_ramdisk_file failed"); ++ LOGE(ERROR, "xc_dom_ramdisk_file failed"); + goto out; + } + } +@@ -416,31 +414,31 @@ int libxl__build_pv(libxl__gc *gc, uint3 + dom->xenstore_domid = state->store_domid; + + if ( (ret = xc_dom_boot_xen_init(dom, ctx->xch, domid)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_boot_xen_init failed"); ++ LOGE(ERROR, "xc_dom_boot_xen_init failed"); + goto out; + } + if ( (ret = xc_dom_parse_image(dom)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_parse_image failed"); ++ LOGE(ERROR, "xc_dom_parse_image failed"); + goto out; + } + if ( (ret = xc_dom_mem_init(dom, info->target_memkb / 1024)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_mem_init failed"); ++ LOGE(ERROR, "xc_dom_mem_init failed"); + goto out; + } + if ( (ret = xc_dom_boot_mem_init(dom)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_boot_mem_init failed"); ++ LOGE(ERROR, "xc_dom_boot_mem_init failed"); + goto out; + } + if ( (ret = xc_dom_build_image(dom)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_build_image failed"); ++ LOGE(ERROR, "xc_dom_build_image failed"); + goto out; + } + if ( (ret = xc_dom_boot_image(dom)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_boot_image failed"); ++ LOGE(ERROR, "xc_dom_boot_image failed"); + goto out; + } + if ( (ret = xc_dom_gnttab_init(dom)) != 0 ) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "xc_dom_gnttab_init failed"); ++ LOGE(ERROR, "xc_dom_gnttab_init failed"); + goto out; + } + +@@ -679,8 +677,7 @@ int libxl__qemu_traditional_cmd(libxl__g + const char *cmd) + { + char *path = NULL; +- path = libxl__sprintf(gc, "/local/domain/0/device-model/%d/command", +- domid); ++ path = GCSPRINTF("/local/domain/0/device-model/%d/command", domid); + return libxl__xs_write(gc, XBT_NULL, path, "%s", cmd); + } + +@@ -697,8 +694,7 @@ struct libxl__physmap_info { + static inline char *restore_helper(libxl__gc *gc, uint32_t domid, + uint64_t phys_offset, char *node) + { +- return libxl__sprintf(gc, +- "/local/domain/0/device-model/%d/physmap/%"PRIx64"/%s", ++ return GCSPRINTF("/local/domain/0/device-model/%d/physmap/%"PRIx64"/%s", + domid, phys_offset, node); + } + +@@ -708,7 +704,6 @@ int libxl__toolstack_restore(uint32_t do + libxl__save_helper_state *shs = user; + libxl__domain_create_state *dcs = CONTAINER_OF(shs, *dcs, shs); + STATE_AO_GC(dcs->ao); +- libxl_ctx *ctx = CTX; + int i, ret; + const uint8_t *ptr = buf; + uint32_t count = 0, version = 0; +@@ -718,7 +713,7 @@ int libxl__toolstack_restore(uint32_t do + LOG(DEBUG,"domain=%"PRIu32" toolstack data size=%"PRIu32, domid, size); + + if (size < sizeof(version) + sizeof(count)) { +- LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "wrong size"); ++ LOG(ERROR, "wrong size"); + return -1; + } + +@@ -726,7 +721,7 @@ int libxl__toolstack_restore(uint32_t do + ptr += sizeof(version); + + if (version != TOOLSTACK_SAVE_VERSION) { +- LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "wrong version"); ++ LOG(ERROR, "wrong version"); + return -1; + } + +@@ -735,7 +730,7 @@ int libxl__toolstack_restore(uint32_t do + + if (size < sizeof(version) + sizeof(count) + + count * (sizeof(struct libxl__physmap_info))) { +- LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "wrong size"); ++ LOG(ERROR, "wrong size"); + return -1; + } + +@@ -945,15 +940,13 @@ static void switch_logdirty_done(libxl__ + int libxl__domain_suspend_device_model(libxl__gc *gc, + libxl__domain_suspend_state *dss) + { +- libxl_ctx *ctx = libxl__gc_owner(gc); + int ret = 0; + uint32_t const domid = dss->domid; + const char *const filename = dss->dm_savefile; + + switch (libxl__device_model_version_running(gc, domid)) { + case LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN_TRADITIONAL: { +- LIBXL__LOG(ctx, LIBXL__LOG_DEBUG, +- "Saving device model state to %s", filename); ++ LOG(DEBUG, "Saving device model state to %s", filename); + libxl__qemu_traditional_cmd(gc, domid, "save"); + libxl__wait_for_device_model(gc, domid, "paused", NULL, NULL, NULL); + break; +@@ -1129,8 +1122,7 @@ int libxl__domain_suspend_common_callbac + static inline char *physmap_path(libxl__gc *gc, uint32_t domid, + char *phys_offset, char *node) + { +- return libxl__sprintf(gc, +- "/local/domain/0/device-model/%d/physmap/%s/%s", ++ return GCSPRINTF("/local/domain/0/device-model/%d/physmap/%s/%s", + domid, phys_offset, node); + } + +@@ -1147,7 +1139,7 @@ int libxl__toolstack_save(uint32_t domid + char **entries = NULL; + struct libxl__physmap_info *pi; + +- entries = libxl__xs_directory(gc, 0, libxl__sprintf(gc, ++ entries = libxl__xs_directory(gc, 0, GCSPRINTF( + "/local/domain/0/device-model/%d/physmap", domid), &num); + count = num; + +@@ -1288,7 +1280,7 @@ void libxl__domain_suspend(libxl__egc *e + char *path; + char *addr; + +- path = libxl__sprintf(gc, "%s/hvmloader/generation-id-address", ++ path = GCSPRINTF("%s/hvmloader/generation-id-address", + libxl__xs_get_dompath(gc, domid)); + addr = libxl__xs_read(gc, XBT_NULL, path); + +@@ -1502,10 +1494,7 @@ static void domain_suspend_done(libxl__e + + char *libxl__uuid2string(libxl__gc *gc, const libxl_uuid uuid) + { +- char *s = libxl__sprintf(gc, LIBXL_UUID_FMT, LIBXL_UUID_BYTES(uuid)); +- if (!s) +- LIBXL__LOG(libxl__gc_owner(gc), LIBXL__LOG_ERROR, "cannot allocate for uuid"); +- return s; ++ return GCSPRINTF(LIBXL_UUID_FMT, LIBXL_UUID_BYTES(uuid)); + } + + static const char *userdata_path(libxl__gc *gc, uint32_t domid, +@@ -1513,34 +1502,27 @@ static const char *userdata_path(libxl__ + const char *wh) + { + libxl_ctx *ctx = libxl__gc_owner(gc); +- char *path, *uuid_string; ++ char *uuid_string; + libxl_dominfo info; + int rc; + + rc = libxl_domain_info(ctx, &info, domid); + if (rc) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "unable to find domain info" +- " for domain %"PRIu32, domid); ++ LOGE(ERROR, "unable to find domain info for domain %"PRIu32, domid); + return NULL; + } +- uuid_string = libxl__sprintf(gc, LIBXL_UUID_FMT, LIBXL_UUID_BYTES(info.uuid)); ++ uuid_string = GCSPRINTF(LIBXL_UUID_FMT, LIBXL_UUID_BYTES(info.uuid)); + +- path = libxl__sprintf(gc, "/var/lib/xen/" +- "userdata-%s.%u.%s.%s", +- wh, domid, uuid_string, userdata_userid); +- if (!path) +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "unable to allocate for" +- " userdata path"); +- return path; ++ return GCSPRINTF("/var/lib/xen/userdata-%s.%u.%s.%s", ++ wh, domid, uuid_string, userdata_userid); + } + + static int userdata_delete(libxl__gc *gc, const char *path) + { +- libxl_ctx *ctx = libxl__gc_owner(gc); + int r; + r = unlink(path); + if (r) { +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "remove failed for %s", path); ++ LOGE(ERROR, "remove failed for %s", path); + return errno; + } + return 0; +@@ -1548,7 +1530,6 @@ static int userdata_delete(libxl__gc *gc + + void libxl__userdata_destroyall(libxl__gc *gc, uint32_t domid) + { +- libxl_ctx *ctx = libxl__gc_owner(gc); + const char *pattern; + glob_t gl; + int r, i; +@@ -1564,7 +1545,7 @@ void libxl__userdata_destroyall(libxl__g + if (r == GLOB_NOMATCH) + goto out; + if (r) +- LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "glob failed for %s", pattern); ++ LOGE(ERROR, "glob failed for %s", pattern); + + for (i=0; i +# Date 1361176078 -3600 +# Node ID 4c3355d776e115f979fd2abc135bb77ba710f0d4 +# Parent 217a4fc4cd46e8de06f2f43eed727838891e9398 +x86/VMX: fix live migration while enabling APICV + +SVI should be restored in case guest is processing virtual interrupt +while saveing a domain state. Otherwise SVI would be missed when +virtual interrupt delivery is enabled. + +Signed-off-by: Jiongxi Li +Acked-by: Eddie Dong +Acked-by: Jun Nakajima +Committed-by: Jan Beulich + +--- a/xen/arch/x86/hvm/vlapic.c ++++ b/xen/arch/x86/hvm/vlapic.c +@@ -1198,6 +1198,9 @@ static int lapic_load_regs(struct domain + if ( hvm_load_entry(LAPIC_REGS, h, s->regs) != 0 ) + return -EINVAL; + ++ if ( hvm_funcs.process_isr ) ++ hvm_funcs.process_isr(vlapic_find_highest_isr(s), v); ++ + vlapic_adjust_i8259_target(d); + lapic_rearm(s); + return 0; +--- a/xen/arch/x86/hvm/vmx/intr.c ++++ b/xen/arch/x86/hvm/vmx/intr.c +@@ -290,8 +290,8 @@ void vmx_intr_assist(void) + vmx_set_eoi_exit_bitmap(v, pt_vector); + + /* we need update the RVI field */ +- status &= ~(unsigned long)0x0FF; +- status |= (unsigned long)0x0FF & ++ status &= ~VMX_GUEST_INTR_STATUS_SUBFIELD_BITMASK; ++ status |= VMX_GUEST_INTR_STATUS_SUBFIELD_BITMASK & + intack.vector; + __vmwrite(GUEST_INTR_STATUS, status); + if (v->arch.hvm_vmx.eoi_exitmap_changed) { +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -1520,6 +1520,29 @@ static int vmx_virtual_intr_delivery_ena + return cpu_has_vmx_virtual_intr_delivery; + } + ++static void vmx_process_isr(int isr, struct vcpu *v) ++{ ++ unsigned long status; ++ u8 old; ++ ++ if ( !cpu_has_vmx_virtual_intr_delivery ) ++ return; ++ ++ if ( isr < 0 ) ++ isr = 0; ++ ++ vmx_vmcs_enter(v); ++ status = __vmread(GUEST_INTR_STATUS); ++ old = status >> VMX_GUEST_INTR_STATUS_SVI_OFFSET; ++ if ( isr != old ) ++ { ++ status &= VMX_GUEST_INTR_STATUS_SUBFIELD_BITMASK; ++ status |= isr << VMX_GUEST_INTR_STATUS_SVI_OFFSET; ++ __vmwrite(GUEST_INTR_STATUS, status); ++ } ++ vmx_vmcs_exit(v); ++} ++ + static struct hvm_function_table __read_mostly vmx_function_table = { + .name = "VMX", + .cpu_up_prepare = vmx_cpu_up_prepare, +@@ -1568,7 +1591,8 @@ static struct hvm_function_table __read_ + .nhvm_intr_blocked = nvmx_intr_blocked, + .nhvm_domain_relinquish_resources = nvmx_domain_relinquish_resources, + .update_eoi_exit_bitmap = vmx_update_eoi_exit_bitmap, +- .virtual_intr_delivery_enabled = vmx_virtual_intr_delivery_enabled ++ .virtual_intr_delivery_enabled = vmx_virtual_intr_delivery_enabled, ++ .process_isr = vmx_process_isr, + }; + + struct hvm_function_table * __init start_vmx(void) +--- a/xen/include/asm-x86/hvm/hvm.h ++++ b/xen/include/asm-x86/hvm/hvm.h +@@ -184,6 +184,7 @@ struct hvm_function_table { + /* Virtual interrupt delivery */ + void (*update_eoi_exit_bitmap)(struct vcpu *v, u8 vector, u8 trig); + int (*virtual_intr_delivery_enabled)(void); ++ void (*process_isr)(int isr, struct vcpu *v); + }; + + extern struct hvm_function_table hvm_funcs; +--- a/xen/include/asm-x86/hvm/vmx/vmcs.h ++++ b/xen/include/asm-x86/hvm/vmx/vmcs.h +@@ -246,6 +246,10 @@ extern bool_t cpu_has_vmx_ins_outs_instr + #define VMX_INTR_SHADOW_SMI 0x00000004 + #define VMX_INTR_SHADOW_NMI 0x00000008 + ++/* Guest interrupt status */ ++#define VMX_GUEST_INTR_STATUS_SUBFIELD_BITMASK 0x0FF ++#define VMX_GUEST_INTR_STATUS_SVI_OFFSET 8 ++ + /* VMCS field encodings. */ + enum vmcs_field { + VIRTUAL_PROCESSOR_ID = 0x00000000, diff --git a/26577-x86-APICV-x2APIC.patch b/26577-x86-APICV-x2APIC.patch new file mode 100644 index 0000000..188b1fb --- /dev/null +++ b/26577-x86-APICV-x2APIC.patch @@ -0,0 +1,240 @@ +References: FATE#313605 + +# HG changeset patch +# User Jiongxi Li +# Date 1361176458 -3600 +# Node ID 45d59b822ed187c535b127679e32853b148ed411 +# Parent 4c3355d776e115f979fd2abc135bb77ba710f0d4 +x86/VMX: fix VMCS setting for x2APIC mode guest while enabling APICV + +The "APIC-register virtualization" and "virtual-interrupt deliver" +VM-execution control has no effect on the behavior of RDMSR/WRMSR if +the "virtualize x2APIC mode" VM-execution control is 0. +When guest uses x2APIC mode, we should enable "virtualize x2APIC mode" +for APICV first. + +Signed-off-by: Jiongxi Li +Acked-by: Eddie Dong +Acked-by: Jun Nakajima +Committed-by: Jan Beulich + +--- a/xen/arch/x86/hvm/vmx/vmcs.c ++++ b/xen/arch/x86/hvm/vmx/vmcs.c +@@ -194,7 +194,8 @@ static int vmx_init_vmcs_config(void) + */ + if ( _vmx_cpu_based_exec_control & CPU_BASED_TPR_SHADOW ) + opt |= SECONDARY_EXEC_APIC_REGISTER_VIRT | +- SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY; ++ SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | ++ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; + + + _vmx_secondary_exec_control = adjust_vmx_controls( +@@ -673,19 +674,59 @@ void vmx_disable_intercept_for_msr(struc + */ + if ( msr <= 0x1fff ) + { +- if (type & MSR_TYPE_R) +- __clear_bit(msr, msr_bitmap + 0x000/BYTES_PER_LONG); /* read-low */ +- if (type & MSR_TYPE_W) +- __clear_bit(msr, msr_bitmap + 0x800/BYTES_PER_LONG); /* write-low */ ++ if ( type & MSR_TYPE_R ) ++ clear_bit(msr, msr_bitmap + 0x000/BYTES_PER_LONG); /* read-low */ ++ if ( type & MSR_TYPE_W ) ++ clear_bit(msr, msr_bitmap + 0x800/BYTES_PER_LONG); /* write-low */ + } + else if ( (msr >= 0xc0000000) && (msr <= 0xc0001fff) ) + { + msr &= 0x1fff; +- if (type & MSR_TYPE_R) +- __clear_bit(msr, msr_bitmap + 0x400/BYTES_PER_LONG); /* read-high */ +- if (type & MSR_TYPE_W) +- __clear_bit(msr, msr_bitmap + 0xc00/BYTES_PER_LONG); /* write-high */ ++ if ( type & MSR_TYPE_R ) ++ clear_bit(msr, msr_bitmap + 0x400/BYTES_PER_LONG); /* read-high */ ++ if ( type & MSR_TYPE_W ) ++ clear_bit(msr, msr_bitmap + 0xc00/BYTES_PER_LONG); /* write-high */ + } ++ else ++ HVM_DBG_LOG(DBG_LEVEL_0, ++ "msr %x is out of the control range" ++ "0x00000000-0x00001fff and 0xc0000000-0xc0001fff" ++ "RDMSR or WRMSR will cause a VM exit", msr); ++} ++ ++void vmx_enable_intercept_for_msr(struct vcpu *v, u32 msr, int type) ++{ ++ unsigned long *msr_bitmap = v->arch.hvm_vmx.msr_bitmap; ++ ++ /* VMX MSR bitmap supported? */ ++ if ( msr_bitmap == NULL ) ++ return; ++ ++ /* ++ * See Intel PRM Vol. 3, 20.6.9 (MSR-Bitmap Address). Early manuals ++ * have the write-low and read-high bitmap offsets the wrong way round. ++ * We can control MSRs 0x00000000-0x00001fff and 0xc0000000-0xc0001fff. ++ */ ++ if ( msr <= 0x1fff ) ++ { ++ if ( type & MSR_TYPE_R ) ++ set_bit(msr, msr_bitmap + 0x000/BYTES_PER_LONG); /* read-low */ ++ if ( type & MSR_TYPE_W ) ++ set_bit(msr, msr_bitmap + 0x800/BYTES_PER_LONG); /* write-low */ ++ } ++ else if ( (msr >= 0xc0000000) && (msr <= 0xc0001fff) ) ++ { ++ msr &= 0x1fff; ++ if ( type & MSR_TYPE_R ) ++ set_bit(msr, msr_bitmap + 0x400/BYTES_PER_LONG); /* read-high */ ++ if ( type & MSR_TYPE_W ) ++ set_bit(msr, msr_bitmap + 0xc00/BYTES_PER_LONG); /* write-high */ ++ } ++ else ++ HVM_DBG_LOG(DBG_LEVEL_0, ++ "msr %x is out of the control range" ++ "0x00000000-0x00001fff and 0xc0000000-0xc0001fff" ++ "RDMSR or WRMSR will cause a VM exit", msr); + } + + /* +@@ -751,6 +792,10 @@ static int construct_vmcs(struct vcpu *v + vmentry_ctl &= ~VM_ENTRY_LOAD_GUEST_PAT; + } + ++ /* Disable Virtualize x2APIC mode by default. */ ++ v->arch.hvm_vmx.secondary_exec_control &= ++ ~SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; ++ + /* Do not enable Monitor Trap Flag unless start single step debug */ + v->arch.hvm_vmx.exec_control &= ~CPU_BASED_MONITOR_TRAP_FLAG; + +@@ -787,18 +832,6 @@ static int construct_vmcs(struct vcpu *v + vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_EIP, MSR_TYPE_R | MSR_TYPE_W); + if ( cpu_has_vmx_pat && paging_mode_hap(d) ) + vmx_disable_intercept_for_msr(v, MSR_IA32_CR_PAT, MSR_TYPE_R | MSR_TYPE_W); +- if ( cpu_has_vmx_apic_reg_virt ) +- { +- int msr; +- for (msr = MSR_IA32_APICBASE_MSR; msr <= MSR_IA32_APICBASE_MSR + 0xff; msr++) +- vmx_disable_intercept_for_msr(v, msr, MSR_TYPE_R); +- } +- if ( cpu_has_vmx_virtual_intr_delivery ) +- { +- vmx_disable_intercept_for_msr(v, MSR_IA32_APICTPR_MSR, MSR_TYPE_W); +- vmx_disable_intercept_for_msr(v, MSR_IA32_APICEOI_MSR, MSR_TYPE_W); +- vmx_disable_intercept_for_msr(v, MSR_IA32_APICSELF_MSR, MSR_TYPE_W); +- } + } + + /* I/O access bitmap. */ +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -2009,18 +2009,63 @@ static void vmx_install_vlapic_mapping(s + + void vmx_vlapic_msr_changed(struct vcpu *v) + { ++ int virtualize_x2apic_mode; + struct vlapic *vlapic = vcpu_vlapic(v); + +- if ( !cpu_has_vmx_virtualize_apic_accesses ) ++ virtualize_x2apic_mode = ( (cpu_has_vmx_apic_reg_virt || ++ cpu_has_vmx_virtual_intr_delivery) && ++ cpu_has_vmx_virtualize_x2apic_mode ); ++ ++ if ( !cpu_has_vmx_virtualize_apic_accesses && ++ !virtualize_x2apic_mode ) + return; + + vmx_vmcs_enter(v); + v->arch.hvm_vmx.secondary_exec_control &= +- ~SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; ++ ~(SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES | ++ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE); + if ( !vlapic_hw_disabled(vlapic) && + (vlapic_base_address(vlapic) == APIC_DEFAULT_PHYS_BASE) ) +- v->arch.hvm_vmx.secondary_exec_control |= +- SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; ++ { ++ unsigned int msr; ++ ++ if ( virtualize_x2apic_mode && vlapic_x2apic_mode(vlapic) ) ++ { ++ v->arch.hvm_vmx.secondary_exec_control |= ++ SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; ++ if ( cpu_has_vmx_apic_reg_virt ) ++ { ++ for ( msr = MSR_IA32_APICBASE_MSR; ++ msr <= MSR_IA32_APICBASE_MSR + 0xff; msr++ ) ++ vmx_disable_intercept_for_msr(v, msr, MSR_TYPE_R); ++ ++ vmx_enable_intercept_for_msr(v, MSR_IA32_APICPPR_MSR, ++ MSR_TYPE_R); ++ vmx_enable_intercept_for_msr(v, MSR_IA32_APICTMICT_MSR, ++ MSR_TYPE_R); ++ vmx_enable_intercept_for_msr(v, MSR_IA32_APICTMCCT_MSR, ++ MSR_TYPE_R); ++ } ++ if ( cpu_has_vmx_virtual_intr_delivery ) ++ { ++ vmx_disable_intercept_for_msr(v, MSR_IA32_APICTPR_MSR, ++ MSR_TYPE_W); ++ vmx_disable_intercept_for_msr(v, MSR_IA32_APICEOI_MSR, ++ MSR_TYPE_W); ++ vmx_disable_intercept_for_msr(v, MSR_IA32_APICSELF_MSR, ++ MSR_TYPE_W); ++ } ++ } ++ else ++ { ++ v->arch.hvm_vmx.secondary_exec_control |= ++ SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES; ++ for ( msr = MSR_IA32_APICBASE_MSR; ++ msr <= MSR_IA32_APICBASE_MSR + 0xff; msr++ ) ++ vmx_enable_intercept_for_msr(v, msr, ++ MSR_TYPE_R | MSR_TYPE_W); ++ } ++ } + vmx_update_secondary_exec_control(v); + vmx_vmcs_exit(v); + } +--- a/xen/include/asm-x86/hvm/vmx/vmcs.h ++++ b/xen/include/asm-x86/hvm/vmx/vmcs.h +@@ -182,6 +182,7 @@ extern u32 vmx_vmentry_control; + #define SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES 0x00000001 + #define SECONDARY_EXEC_ENABLE_EPT 0x00000002 + #define SECONDARY_EXEC_ENABLE_RDTSCP 0x00000008 ++#define SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE 0x00000010 + #define SECONDARY_EXEC_ENABLE_VPID 0x00000020 + #define SECONDARY_EXEC_WBINVD_EXITING 0x00000040 + #define SECONDARY_EXEC_UNRESTRICTED_GUEST 0x00000080 +@@ -239,6 +240,8 @@ extern bool_t cpu_has_vmx_ins_outs_instr + (vmx_secondary_exec_control & SECONDARY_EXEC_APIC_REGISTER_VIRT) + #define cpu_has_vmx_virtual_intr_delivery \ + (vmx_secondary_exec_control & SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY) ++#define cpu_has_vmx_virtualize_x2apic_mode \ ++ (vmx_secondary_exec_control & SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE) + + /* GUEST_INTERRUPTIBILITY_INFO flags. */ + #define VMX_INTR_SHADOW_STI 0x00000001 +@@ -414,6 +417,7 @@ enum vmcs_field { + #define MSR_TYPE_R 1 + #define MSR_TYPE_W 2 + void vmx_disable_intercept_for_msr(struct vcpu *v, u32 msr, int type); ++void vmx_enable_intercept_for_msr(struct vcpu *v, u32 msr, int type); + int vmx_read_guest_msr(u32 msr, u64 *val); + int vmx_write_guest_msr(u32 msr, u64 val); + int vmx_add_guest_msr(u32 msr); +--- a/xen/include/asm-x86/msr-index.h ++++ b/xen/include/asm-x86/msr-index.h +@@ -295,7 +295,10 @@ + #define MSR_IA32_APICBASE_BASE (0xfffff<<12) + #define MSR_IA32_APICBASE_MSR 0x800 + #define MSR_IA32_APICTPR_MSR 0x808 ++#define MSR_IA32_APICPPR_MSR 0x80a + #define MSR_IA32_APICEOI_MSR 0x80b ++#define MSR_IA32_APICTMICT_MSR 0x838 ++#define MSR_IA32_APICTMCCT_MSR 0x839 + #define MSR_IA32_APICSELF_MSR 0x83f + + #define MSR_IA32_UCODE_WRITE 0x00000079 diff --git a/26578-AMD-IOMMU-replace-BUG_ON.patch b/26578-AMD-IOMMU-replace-BUG_ON.patch new file mode 100644 index 0000000..41ab9fc --- /dev/null +++ b/26578-AMD-IOMMU-replace-BUG_ON.patch @@ -0,0 +1,25 @@ +# HG changeset patch +# User Jan Beulich +# Date 1361176655 -3600 +# Node ID 57e67af5281a6b66cf71dfa812e4335930684fd6 +# Parent 45d59b822ed187c535b127679e32853b148ed411 +AMD IOMMU: don't BUG() when we don't have to + +find_iommu_for_device() can easily return NULL instead, as all of its +callers are prepared for that. + +Signed-off-by: Jan Beulich + +--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c +@@ -32,8 +32,8 @@ struct amd_iommu *find_iommu_for_device( + { + struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); + +- BUG_ON ( bdf >= ivrs_bdf_entries ); +- return ivrs_mappings ? ivrs_mappings[bdf].iommu : NULL; ++ return ivrs_mappings && bdf < ivrs_bdf_entries ? ivrs_mappings[bdf].iommu ++ : NULL; + } + + /* diff --git a/32on64-extra-mem.patch b/32on64-extra-mem.patch index 288d258..9dedc09 100644 --- a/32on64-extra-mem.patch +++ b/32on64-extra-mem.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2939,7 +2939,7 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2966,7 +2966,7 @@ class XendDomainInfo: self.guest_bitsize = self.image.getBitSize() # Make sure there's enough RAM available for the domain diff --git a/tools-watchdog-support.patch b/tools-watchdog-support.patch index 82853e5..55f1974 100644 --- a/tools-watchdog-support.patch +++ b/tools-watchdog-support.patch @@ -1,7 +1,7 @@ -Index: xen-4.2.0-testing/tools/python/xen/xm/create.py +Index: xen-4.2.1-testing/tools/python/xen/xm/create.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/create.py -+++ xen-4.2.0-testing/tools/python/xen/xm/create.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/create.py @@ -535,6 +535,21 @@ gopts.var('usbdevice', val='NAME', fn=set_value, default='', use="Name of USB device to add?") @@ -32,10 +32,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xm/create.py 'xauthority', 'xen_extended_power_mgmt', 'xen_platform_pci', 'memory_sharing' ] -Index: xen-4.2.0-testing/tools/python/xen/xm/xenapi_create.py +Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/xenapi_create.py -+++ xen-4.2.0-testing/tools/python/xen/xm/xenapi_create.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/xenapi_create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py @@ -1113,7 +1113,9 @@ class sxp2xml: 'xen_platform_pci', 'tsc_mode' @@ -47,10 +47,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xm/xenapi_create.py ] platform_configs = [] -Index: xen-4.2.0-testing/tools/python/xen/xend/image.py +Index: xen-4.2.1-testing/tools/python/xen/xend/image.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/image.py -+++ xen-4.2.0-testing/tools/python/xen/xend/image.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.1-testing/tools/python/xen/xend/image.py @@ -855,7 +855,8 @@ class HVMImageHandler(ImageHandler): dmargs = [ 'boot', 'fda', 'fdb', 'soundhw', @@ -69,10 +69,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/image.py # Handle booleans gracefully if a in ['localtime', 'std-vga', 'isa', 'usb', 'acpi']: -Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendConfig.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py @@ -192,6 +192,8 @@ XENAPI_PLATFORM_CFG_TYPES = { 'xen_platform_pci': int, "gfx_passthru": int, @@ -82,10 +82,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py } # Xen API console 'other_config' keys. -Index: xen-4.2.0-testing/tools/libxl/libxl_dm.c +Index: xen-4.2.1-testing/tools/libxl/libxl_dm.c =================================================================== ---- xen-4.2.0-testing.orig/tools/libxl/libxl_dm.c -+++ xen-4.2.0-testing/tools/libxl/libxl_dm.c +--- xen-4.2.1-testing.orig/tools/libxl/libxl_dm.c ++++ xen-4.2.1-testing/tools/libxl/libxl_dm.c @@ -196,6 +196,12 @@ static char ** libxl__build_device_model "-usbdevice", b_info->u.hvm.usbdevice, NULL); } @@ -112,11 +112,11 @@ Index: xen-4.2.0-testing/tools/libxl/libxl_dm.c if (b_info->u.hvm.soundhw) { flexarray_vappend(dm_args, "-soundhw", b_info->u.hvm.soundhw, NULL); } -Index: xen-4.2.0-testing/tools/libxl/libxl_types.idl +Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl =================================================================== ---- xen-4.2.0-testing.orig/tools/libxl/libxl_types.idl -+++ xen-4.2.0-testing/tools/libxl/libxl_types.idl -@@ -320,6 +320,8 @@ libxl_domain_build_info = Struct("domain +--- xen-4.2.1-testing.orig/tools/libxl/libxl_types.idl ++++ xen-4.2.1-testing/tools/libxl/libxl_types.idl +@@ -322,6 +322,8 @@ libxl_domain_build_info = Struct("domain ("usbdevice", string), ("soundhw", string), ("xen_platform_pci", libxl_defbool), @@ -125,11 +125,11 @@ Index: xen-4.2.0-testing/tools/libxl/libxl_types.idl ])), ("pv", Struct(None, [("kernel", string), ("slack_memkb", MemKB), -Index: xen-4.2.0-testing/tools/libxl/xl_cmdimpl.c +Index: xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c =================================================================== ---- xen-4.2.0-testing.orig/tools/libxl/xl_cmdimpl.c -+++ xen-4.2.0-testing/tools/libxl/xl_cmdimpl.c -@@ -1412,6 +1412,8 @@ skip_vfb: +--- xen-4.2.1-testing.orig/tools/libxl/xl_cmdimpl.c ++++ xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +@@ -1417,6 +1417,8 @@ skip_vfb: xlu_cfg_replace_string (config, "soundhw", &b_info->u.hvm.soundhw, 0); xlu_cfg_get_defbool(config, "xen_platform_pci", &b_info->u.hvm.xen_platform_pci, 0); diff --git a/x86-fpu-context-conditional.patch b/x86-fpu-context-conditional.patch deleted file mode 100644 index 2bbcca3..0000000 --- a/x86-fpu-context-conditional.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- 2013-01-08.orig/xen/arch/x86/domain.c 2013-01-08 00:00:00.000000000 +0100 -+++ 2013-01-08/xen/arch/x86/domain.c 2013-01-15 15:46:17.000000000 +0100 -@@ -834,7 +834,9 @@ int arch_set_info_guest( - - v->arch.vgc_flags = flags; - -- memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt)); -+ if ( flags & VGCF_I387_VALID ) -+ memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt)); -+ - if ( !compat ) - { - memcpy(&v->arch.user_regs, &c.nat->user_regs, sizeof(c.nat->user_regs)); diff --git a/xen-managed-pci-device.patch b/xen-managed-pci-device.patch new file mode 100644 index 0000000..2f8557c --- /dev/null +++ b/xen-managed-pci-device.patch @@ -0,0 +1,326 @@ +pci passthrough: handle managed pci devices + +Handle managed pci devices for libvirt usage. If a pci device is set +"managed=1", it will be made assignable (unbound from original driver and bind +to pcistub driver) before vm start and reattach to original driver after vm +shut off. + +FATE#313570 + +Note: This patch was rejected upstream since xend is deprecated. See the +following thread for details + +http://lists.xen.org/archives/html/xen-devel/2013-01/msg01145.html + +Signed-off-by: Chunyan Liu + +Index: xen-4.2.1-testing/tools/python/xen/util/pci.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/util/pci.py ++++ xen-4.2.1-testing/tools/python/xen/util/pci.py +@@ -20,6 +20,8 @@ from xen.xend import sxp + from xen.xend.XendConstants import AUTO_PHP_SLOT + from xen.xend.XendSXPDev import dev_dict_to_sxp + from xen.xend.XendLogging import log ++from xen.xend.xenstore.xstransact import xstransact ++from xen.xend.XendError import XendError + + # for 2.3 compatibility + try: +@@ -27,9 +29,11 @@ try: + except NameError: + from sets import Set as set + ++XS_PCIBACK_PATH = '/xm/pciback' + PROC_PCI_PATH = '/proc/bus/pci/devices' + PROC_PCI_NUM_RESOURCES = 7 + ++SYSFS_PCI_DRVS_PATH = 'bus/pci/drivers' + SYSFS_PCI_DEVS_PATH = '/bus/pci/devices' + SYSFS_PCI_DEV_RESOURCE_PATH = '/resource' + SYSFS_PCI_DEV_CONFIG_PATH = '/config' +@@ -161,7 +165,7 @@ def PCI_BDF(domain, bus, slot, func): + + def check_pci_opts(opts): + def f((k, v)): +- if k not in ['msitranslate', 'power_mgmt'] or \ ++ if k not in ['msitranslate', 'power_mgmt', 'managed'] or \ + not v.lower() in ['0', '1', 'yes', 'no']: + raise PciDeviceParseError('Invalid pci option %s=%s: ' % (k, v)) + +@@ -427,6 +431,9 @@ def __pci_dict_to_fmt_str(fmt, dev): + def pci_dict_to_bdf_str(dev): + return __pci_dict_to_fmt_str('%04x:%02x:%02x.%01x', dev) + ++def pci_dict_to_xs_bdf_str(dev): ++ return __pci_dict_to_fmt_str('%04x-%02x-%02x-%01x', dev) ++ + def pci_dict_to_xc_str(dev): + return __pci_dict_to_fmt_str('0x%x, 0x%x, 0x%x, 0x%x', dev) + +@@ -560,6 +567,115 @@ def find_all_assignable_devices(): + dev_list = dev_list + [dev] + return dev_list + ++def pci_assignable_add(dev): ++ '''detach pci device from driver that we need to unbind from and rebind ++ to pciback driver, then it can be assigned to guest. ++ ''' ++ sysfs_mnt = find_sysfs_mnt() ++ pcidev_path = sysfs_mnt + SYSFS_PCI_DEVS_PATH ++ pciback_path = sysfs_mnt + SYSFS_PCIBACK_PATH ++ ++ # See if the device exists ++ pci_bdf = pci_dict_to_bdf_str(dev) ++ path = pcidev_path + '/' + pci_bdf ++ if not os.path.exists(path): ++ log.debug("Pci device %s doesn't exist" % pci_bdf) ++ return -1 ++ ++ # Check to see if it's already assigned to pciback ++ path = pciback_path + '/' + pci_bdf ++ if os.path.exists(path): ++ log.debug("Pci device %s is already assigned to pciback" % pci_bdf) ++ return 0 ++ ++ # Check to see if there's already a driver that we need to unbind from ++ path = pcidev_path + '/' + pci_bdf + '/driver' ++ drv_path = None ++ if os.path.exists(path): ++ drv_path = os.path.realpath(path).replace(" ", "\ ") ++ cmd = 'echo %s > %s/unbind' % (pci_bdf, drv_path) ++ if os.system(cmd): ++ log.debug("Couldn't unbind device") ++ return -1; ++ ++ # Store driver_path for rebinding to dom0 ++ if drv_path is not None: ++ xs_pci_bdf = pci_dict_to_xs_bdf_str(dev) ++ path = XS_PCIBACK_PATH + '/' + xs_pci_bdf ++ xstransact.Mkdir(path) ++ xstransact.Write(path, 'driver_path', drv_path) ++ else: ++ log.debug("Not bound to a driver, will not be rebound") ++ ++ # Bind to pciback ++ try: ++ # Scan through /sys/.../pciback/slots looking for pcidev's BDF ++ slots = os.popen('cat %s/slots' % pciback_path).read() ++ if re.search(pci_bdf, slots) is None: ++ # write bdf to new_slot ++ cmd = 'echo %s > %s/new_slot' % (pci_bdf, pciback_path) ++ if os.system(cmd): ++ raise XendError("Couldn't add device to pciback new_slot") ++ ++ # Bind to pciback ++ cmd = 'echo %s > %s/bind' % (pci_bdf, pciback_path) ++ if os.system(cmd): ++ raise XendError("Couldn't bind device to pciback") ++ except XendError: ++ # rebind to original driver ++ if drv_path is not None: ++ log.debug("Rebind to original driver") ++ cmd = 'echo %s > %s/bind' % (pci_bdf, drv_path) ++ if os.system(cmd): ++ log.debug("Failed to rebind") ++ return -1 ++ ++ return 0 ++ ++def pci_assignable_remove(dev): ++ '''unbind pci device from pciback, and rebind to host pci driver where it ++ was detached from in pci-assignable-add. ++ ''' ++ sysfs_mnt = find_sysfs_mnt() ++ pcidrv_path = sysfs_mnt + SYSFS_PCI_DRVS_PATH ++ pciback_path = sysfs_mnt + SYSFS_PCIBACK_PATH ++ pci_bdf = pci_dict_to_bdf_str(dev) ++ ++ # Unbind from pciback ++ path = pciback_path + '/' + pci_bdf ++ if os.path.exists(path): ++ # unbind ++ cmd = 'echo %s > %s/unbind' % (pci_bdf, pciback_path) ++ if os.system(cmd): ++ log.debug("Couldn't unbind device to pciback") ++ return -1 ++ ++ # remove slots if necessary ++ slots = os.popen('cat %s/slots' % pciback_path).read() ++ if re.search(pci_bdf, slots): ++ # write bdf to remove_slot ++ cmd = 'echo %s > %s/remove_slot' % (pci_bdf, pciback_path) ++ if os.system(cmd): ++ log.debug("Couldn't remove pciback slot") ++ return -1 ++ else: ++ log.debug("Not bound to pciback") ++ ++ # Rebind if necessary ++ xs_pci_bdf = pci_dict_to_xs_bdf_str(dev) ++ path = XS_PCIBACK_PATH + '/' + xs_pci_bdf ++ drv_path = xstransact.Read(path, 'driver_path') ++ if drv_path: ++ cmd = 'echo %s > %s/bind' % (pci_bdf, drv_path) ++ if os.system(cmd): ++ log.debug("Couldn't rebind to driver %s" % drv_path) ++ return -1 ++ xstransact.Remove(path) ++ else: ++ log.debug("Counldn't find path for original driver. Not rebinding") ++ ++ return 0 ++ + def transform_list(target, src): + ''' src: its element is pci string (Format: xxxx:xx:xx.x). + target: its element is pci string, or a list of pci string. +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -303,7 +303,8 @@ def dom_get(dom): + return None + + from xen.xend.server.pciif import parse_pci_name, PciDevice,\ +- get_assigned_pci_devices, get_all_assigned_pci_devices ++ get_assigned_pci_devices, get_all_assigned_pci_devices,\ ++ prepare_host_pci_devices, reattach_host_pci_devices + + + def do_FLR(domid, is_hvm): +@@ -317,6 +318,20 @@ def do_FLR(domid, is_hvm): + "parse it's resources - "+str(e)) + dev.do_FLR(is_hvm, xoptions.get_pci_dev_assign_strict_check()) + ++def prepare_domain_pci_devices(domconfig): ++ ordered_refs = domconfig.ordered_device_refs() ++ for dev_uuid in ordered_refs: ++ devclass, devconfig = domconfig['devices'][dev_uuid] ++ if devclass == 'pci': ++ prepare_host_pci_devices(devconfig) ++ ++def reattach_domain_pci_devices(domconfig): ++ ordered_refs = domconfig.ordered_device_refs() ++ for dev_uuid in ordered_refs: ++ devclass, devconfig = domconfig['devices'][dev_uuid] ++ if devclass == 'pci': ++ reattach_host_pci_devices(devconfig) ++ + class XendDomainInfo: + """An object represents a domain. + +@@ -470,6 +485,7 @@ class XendDomainInfo: + + if self._stateGet() in (XEN_API_VM_POWER_STATE_HALTED, XEN_API_VM_POWER_STATE_SUSPENDED, XEN_API_VM_POWER_STATE_CRASHED): + try: ++ prepare_domain_pci_devices(self.info); + XendTask.log_progress(0, 30, self._constructDomain) + XendTask.log_progress(31, 60, self._initDomain) + +@@ -496,6 +512,7 @@ class XendDomainInfo: + state = self._stateGet() + if state in (DOM_STATE_SUSPENDED, DOM_STATE_HALTED): + try: ++ prepare_domain_pci_devices(self.info) + self._constructDomain() + + try: +@@ -851,6 +868,9 @@ class XendDomainInfo: + + if self.domid is not None: + try: ++ if dev_type == 'pci': ++ prepare_host_pci_devices(dev_config_dict) ++ + dev_config_dict['devid'] = devid = \ + self._createDevice(dev_type, dev_config_dict) + if dev_type == 'tap2': +@@ -864,6 +884,7 @@ class XendDomainInfo: + if dev_type == 'pci': + for dev in dev_config_dict['devs']: + XendAPIStore.deregister(dev['uuid'], 'DPCI') ++ reattach_host_pci_devices(dev_config_dict) + elif dev_type == 'vscsi': + for dev in dev_config_dict['devs']: + XendAPIStore.deregister(dev['uuid'], 'DSCSI') +@@ -908,6 +929,9 @@ class XendDomainInfo: + dev_config = pci_convert_sxp_to_dict(dev_sxp) + dev = dev_config['devs'][0] + ++ if self.domid is not None and pci_state == 'Initialising': ++ prepare_host_pci_devices(dev_config) ++ + stubdomid = self.getStubdomDomid() + # Do HVM specific processing + if self.info.is_hvm(): +@@ -984,6 +1008,9 @@ class XendDomainInfo: + new_dev_sxp = dev_control.configuration(devid) + self.info.device_update(dev_uuid, new_dev_sxp) + ++ if pci_state == 'Closing': ++ reattach_host_pci_devices(dev_config) ++ + # If there is no device left, destroy pci and remove config. + if num_devs == 0: + if self.info.is_hvm(): +@@ -3154,6 +3181,7 @@ class XendDomainInfo: + log.debug("%s KiB need to add to Memory pool" %self.alloc_mem) + MemoryPool.instance().increase_memory(self.alloc_mem) + ++ reattach_domain_pci_devices(self.info) + self._cleanup_phantom_devs(paths) + self._cleanupVm() + +Index: xen-4.2.1-testing/tools/python/xen/xend/server/pciif.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/pciif.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/pciif.py +@@ -86,6 +86,48 @@ def get_all_assigned_pci_devices(domid = + pci_str_list = pci_str_list + get_assigned_pci_devices(int(d)) + return pci_str_list + ++def reattach_host_pci_devices(devconfig): ++ pci_dev_list = devconfig.get('devs', []) ++ for pci_dev in pci_dev_list: ++ managed = 0 ++ pci_opts_config = pci_dev.get('opts', []) ++ for opt in pci_opts_config: ++ if opt[0] == 'managed': ++ managed = opt[1] ++ if managed: ++ if pci_assignable_remove(pci_dev) != 0: ++ raise VmError('pci_assignable_remove failed') ++ ++def detach_host_pci_devices(devconfig): ++ pci_dev_list = devconfig.get('devs', []) ++ reattach = 0 ++ for pci_dev in pci_dev_list: ++ managed = 0 ++ pci_opts_config = pci_dev.get('opts', []) ++ for opt in pci_opts_config: ++ if opt[0] == 'managed': ++ managed = opt[1] ++ if managed: ++ if pci_assignable_add(pci_dev) != 0: ++ log.debug('pci_assignable_add failed') ++ reattach = 1 ++ break ++ ++ if reattach: ++ reattach_host_pci_devices(devconfig) ++ raise VmError('detach_host_pci_devices failed') ++ ++def prepare_host_pci_devices(devconfig): ++ # Test whether the device used by other domain ++ pci_dev_list = devconfig.get('devs', []) ++ for pci_dev in pci_dev_list: ++ pci_name = pci_dict_to_bdf_str(pci_dev) ++ if pci_name in get_all_assigned_pci_devices(): ++ raise VmError("failed to assign device %s that has" ++ " already been assigned to other domain." % pci_name) ++ # Detach 'managed' devices ++ detach_host_pci_devices(devconfig) ++ + class PciController(DevController): + + def __init__(self, vm): diff --git a/xen.changes b/xen.changes index 5a8645a..47774f2 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,94 @@ +------------------------------------------------------------------- +Wed Feb 20 15:00:13 MST 2013 - jfehlig@suse.com + +- Add upstream patch to fix vfb/vkb initialization in libxl + 26369-libxl-devid.patch + +------------------------------------------------------------------- +Tue Feb 19 14:35:07 MST 2013 - carnold@suse.com + +- fate##313584: pass bios information to XEN HVM guest + 26554-hvm-firmware-passthrough.patch + 26555-hvm-firmware-passthrough.patch + 26556-hvm-firmware-passthrough.patch + +------------------------------------------------------------------- +Tue Feb 19 10:46:46 MST 2013 - carnold@suse.com + +- Upstream patches from Jan + 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) + 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) + 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) + 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) + 26526-pvdrv-no-devinit.patch + 26529-gcc48-build-fix.patch + 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) + 26532-AMD-IOMMU-phantom-MSI.patch + 26536-xenoprof-div-by-0.patch + 26576-x86-APICV-migration.patch + 26577-x86-APICV-x2APIC.patch + 26578-AMD-IOMMU-replace-BUG_ON.patch + +------------------------------------------------------------------- +Mon Feb 18 17:28:00 CET 2013 - ohering@suse.de + +- bnc#797014 - no way to control live migrations + 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch + 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch + 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch + 26550-tools-xc_restore_logging_in_xc_save.patch + 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch + +------------------------------------------------------------------- +Mon Feb 11 14:35:06 UTC 2013 - mmarek@suse.cz + +- Set $BRP_PESIGN_FILES in the %install section so that modules + are signed in the buildservice (fate#314552). + +------------------------------------------------------------------- +Mon Feb 11 15:33:24 CET 2013 - ohering@suse.de + +- PVonHVM: __devinit was removed in linux-3.8 + +------------------------------------------------------------------- +Wed Feb 6 09:01:29 MST 2013 - jfehlig@suse.com + +- Add 'managed' PCI passthrough support to xend, allowing support + for the same through libvirt + xen-managed-pci-device.patch + FATE#313570 + +------------------------------------------------------------------- +Tue Feb 5 11:50:14 MST 2013 - carnold@suse.com + +- Upstream patches from Jan + 26287-sched-credit-pick-idle.patch + 26340-VT-d-intremap-verify-legacy-bridge.patch (Replaces CVE-2012-5634-xsa33.patch) + 26370-libxc-x86-initial-mapping-fit.patch + 26395-x86-FPU-context-conditional.patch + 26404-x86-forward-both-NMI-kinds.patch + 26418-x86-trampoline-consider-multiboot.patch + 26427-x86-AMD-enable-WC+.patch + 26428-x86-HVM-RTC-update.patch + 26440-x86-forward-SERR.patch + 26443-ACPI-zap-DMAR.patch + 26444-x86-nHVM-no-self-enable.patch (Replaces CVE-2013-0152-xsa35.patch) + 26501-VMX-simplify-CR0-update.patch + 26502-VMX-disable-SMEP-when-not-paging.patch + +------------------------------------------------------------------- +Fri Feb 1 08:30:28 MST 2013 - carnold@suse.com + +- bnc#800275 - VUL-0: XSA-36: CVE-2013-0153: xen: interrupt remap + entries shared and old ones not cleared on AMD IOMMUs + CVE-2013-0153-xsa36.patch + +------------------------------------------------------------------- +Wed Jan 30 15:14:41 UTC 2013 - mmarek@suse.cz + +- Add # needssslcertforbuild to the specfile, to make the UEFI + signing certificate available during build (fate#314511, fate#314552). + ------------------------------------------------------------------- Fri Jan 25 14:57:30 MST 2013 - jfehlig@suse.com diff --git a/xen.spec b/xen.spec index 0e753ba..0de0bbf 100644 --- a/xen.spec +++ b/xen.spec @@ -15,6 +15,8 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# needssslcertforbuild + Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 @@ -114,7 +116,7 @@ BuildRequires: kernel-syms BuildRequires: module-init-tools BuildRequires: xorg-x11 %endif -Version: 4.2.1_04 +Version: 4.2.1_06 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -206,6 +208,7 @@ Patch26255: 26255-VMX-nested-ia32e-mode.patch Patch26258: 26258-VMX-nested-intr-delivery.patch Patch26262: 26262-x86-EFI-secure-shim.patch Patch26266: 26266-sched-ratelimit-check.patch +Patch26287: 26287-sched-credit-pick-idle.patch Patch26294: 26294-x86-AMD-Fam15-way-access-filter.patch Patch26320: 26320-IOMMU-domctl-assign-seg.patch Patch26324: 26324-IOMMU-assign-params.patch @@ -218,16 +221,47 @@ Patch26330: 26330-VT-d-phantom-MSI.patch Patch26331: 26331-IOMMU-phantom-dev-quirk.patch Patch26332: 26332-x86-compat-show-guest-stack-mfn.patch Patch26333: 26333-x86-get_page_type-assert.patch +Patch26340: 26340-VT-d-intremap-verify-legacy-bridge.patch Patch26341: 26341-hvm-firmware-passthrough.patch Patch26342: 26342-hvm-firmware-passthrough.patch Patch26343: 26343-hvm-firmware-passthrough.patch Patch26344: 26344-hvm-firmware-passthrough.patch +Patch26369: 26369-libxl-devid.patch +Patch26370: 26370-libxc-x86-initial-mapping-fit.patch Patch26372: 26372-tools-paths.patch +Patch26395: 26395-x86-FPU-context-conditional.patch +Patch26404: 26404-x86-forward-both-NMI-kinds.patch +Patch26418: 26418-x86-trampoline-consider-multiboot.patch +Patch26427: 26427-x86-AMD-enable-WC+.patch +Patch26428: 26428-x86-HVM-RTC-update.patch +Patch26440: 26440-x86-forward-SERR.patch +Patch26443: 26443-ACPI-zap-DMAR.patch +Patch26444: 26444-x86-nHVM-no-self-enable.patch Patch26468: 26468-libxl-race.patch Patch26469: 26469-libxl-race.patch -Patch33: CVE-2012-5634-xsa33.patch +Patch26501: 26501-VMX-simplify-CR0-update.patch +Patch26502: 26502-VMX-disable-SMEP-when-not-paging.patch +Patch26516: 26516-ACPI-parse-table-retval.patch +Patch26517: 26517-AMD-IOMMU-clear-irtes.patch +Patch26518: 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch +Patch26519: 26519-AMD-IOMMU-perdev-intremap-default.patch +Patch26526: 26526-pvdrv-no-devinit.patch +Patch26529: 26529-gcc48-build-fix.patch +Patch26531: 26531-AMD-IOMMU-IVHD-special-missing.patch +Patch26532: 26532-AMD-IOMMU-phantom-MSI.patch +Patch26536: 26536-xenoprof-div-by-0.patch +Patch26547: 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch +Patch26548: 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch +Patch26549: 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch +Patch26550: 26550-tools-xc_restore_logging_in_xc_save.patch +Patch26551: 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch +Patch26554: 26554-hvm-firmware-passthrough.patch +Patch26555: 26555-hvm-firmware-passthrough.patch +Patch26556: 26556-hvm-firmware-passthrough.patch +Patch26576: 26576-x86-APICV-migration.patch +Patch26577: 26577-x86-APICV-x2APIC.patch +Patch26578: 26578-AMD-IOMMU-replace-BUG_ON.patch Patch34: CVE-2013-0151-xsa34.patch -Patch35: CVE-2013-0152-xsa35.patch Patch41: CVE-2012-6075-xsa41.patch # Upstream qemu patches Patch100: VNC-Support-for-ExtendedKeyEvent-client-message.patch @@ -324,6 +358,7 @@ Patch460: blktap-disable-debug-printf.patch Patch461: xen-glibc217.patch Patch462: xen-migration-bridge-check.patch Patch463: pygrub-netware-xnloader.patch +Patch464: xen-managed-pci-device.patch # Jim's domain lock patch Patch480: xend-domain-lock.patch Patch481: xend-domain-lock-sfex.patch @@ -339,7 +374,6 @@ Patch507: blktap-pv-cdrom.patch Patch511: supported_module.diff Patch512: magic_ioport_compat.patch Patch513: xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch -Patch514: x86-fpu-context-conditional.patch Patch650: disable_emulated_device.diff Patch651: ioemu-disable-scsi.patch Patch652: ioemu-disable-emulated-ide-if-pv.patch @@ -726,6 +760,7 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26258 -p1 %patch26262 -p1 %patch26266 -p1 +%patch26287 -p1 %patch26294 -p1 %patch26320 -p1 %patch26324 -p1 @@ -738,16 +773,47 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26331 -p1 %patch26332 -p1 %patch26333 -p1 +%patch26340 -p1 %patch26341 -p1 %patch26342 -p1 %patch26343 -p1 %patch26344 -p1 +%patch26369 -p1 +%patch26370 -p1 %patch26372 -p1 +%patch26395 -p1 +%patch26404 -p1 +%patch26418 -p1 +%patch26427 -p1 +%patch26428 -p1 +%patch26440 -p1 +%patch26443 -p1 +%patch34 -p1 +%patch26444 -p1 %patch26468 -p1 %patch26469 -p1 -%patch33 -p1 -%patch34 -p1 -%patch35 -p1 +%patch26501 -p1 +%patch26502 -p1 +%patch26516 -p1 +%patch26517 -p1 +%patch26518 -p1 +%patch26519 -p1 +%patch26526 -p1 +%patch26529 -p1 +%patch26531 -p1 +%patch26532 -p1 +%patch26536 -p1 +%patch26547 -p1 +%patch26548 -p1 +%patch26549 -p1 +%patch26550 -p1 +%patch26551 -p1 +%patch26554 -p1 +%patch26555 -p1 +%patch26556 -p1 +%patch26576 -p1 +%patch26577 -p1 +%patch26578 -p1 %patch41 -p1 # Qemu %patch100 -p1 @@ -841,6 +907,7 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch461 -p1 %patch462 -p1 %patch463 -p1 +%patch464 -p1 %patch480 -p1 %patch481 -p1 %patch500 -p1 @@ -854,7 +921,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch511 -p1 %patch512 -p1 %patch513 -p1 -%patch514 -p1 %patch650 -p1 %patch651 -p1 %patch652 -p1 @@ -981,6 +1047,7 @@ make -C tools/misc/serial-split install \ %if %{?with_kmp}0 export INSTALL_MOD_PATH=$RPM_BUILD_ROOT export INSTALL_MOD_DIR=updates +export BRP_PESIGN_FILES="*.ko /lib/firmware" mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d for flavor in %flavors_to_build; do make -C /usr/src/linux-obj/%_target_cpu/$flavor modules_install \ diff --git a/xend-domain-lock-sfex.patch b/xend-domain-lock-sfex.patch index 7a85f82..1e30175 100644 --- a/xend-domain-lock-sfex.patch +++ b/xend-domain-lock-sfex.patch @@ -1,7 +1,7 @@ -Index: xen-4.2.0-testing/tools/examples/xend-config.sxp +Index: xen-4.2.1-testing/tools/examples/xend-config.sxp =================================================================== ---- xen-4.2.0-testing.orig/tools/examples/xend-config.sxp -+++ xen-4.2.0-testing/tools/examples/xend-config.sxp +--- xen-4.2.1-testing.orig/tools/examples/xend-config.sxp ++++ xen-4.2.1-testing/tools/examples/xend-config.sxp @@ -357,7 +357,7 @@ # path // # Return 0 on success, non-zero on error. @@ -23,10 +23,10 @@ Index: xen-4.2.0-testing/tools/examples/xend-config.sxp # If we have a very big scsi device configuration, start of xend is slow, # because xend scans all the device paths to build its internal PSCSI device # list. If we need only a few devices for assigning to a guest, we can reduce -Index: xen-4.2.0-testing/tools/hotplug/Linux/Makefile +Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile =================================================================== ---- xen-4.2.0-testing.orig/tools/hotplug/Linux/Makefile -+++ xen-4.2.0-testing/tools/hotplug/Linux/Makefile +--- xen-4.2.1-testing.orig/tools/hotplug/Linux/Makefile ++++ xen-4.2.1-testing/tools/hotplug/Linux/Makefile @@ -23,6 +23,7 @@ XEN_SCRIPTS += xen-hotplug-cleanup XEN_SCRIPTS += external-device-migrate XEN_SCRIPTS += vscsi @@ -35,10 +35,10 @@ Index: xen-4.2.0-testing/tools/hotplug/Linux/Makefile XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh -Index: xen-4.2.0-testing/tools/hotplug/Linux/domain-lock +Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock =================================================================== ---- xen-4.2.0-testing.orig/tools/hotplug/Linux/domain-lock -+++ xen-4.2.0-testing/tools/hotplug/Linux/domain-lock +--- xen-4.2.1-testing.orig/tools/hotplug/Linux/domain-lock ++++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock @@ -4,7 +4,7 @@ basedir=$(dirname "$0") usage() { @@ -48,10 +48,10 @@ Index: xen-4.2.0-testing/tools/hotplug/Linux/domain-lock echo "" echo "-l lock" echo "-u unlock" -Index: xen-4.2.0-testing/tools/hotplug/Linux/domain-lock-sfex +Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock-sfex =================================================================== --- /dev/null -+++ xen-4.2.0-testing/tools/hotplug/Linux/domain-lock-sfex ++++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock-sfex @@ -0,0 +1,166 @@ +#!/bin/bash + @@ -219,11 +219,11 @@ Index: xen-4.2.0-testing/tools/hotplug/Linux/domain-lock-sfex +;; +esac + -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -4526,8 +4526,14 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -4554,8 +4554,14 @@ class XendDomainInfo: # Return name of host contained in lock file. def get_lock_host(self, path): @@ -240,7 +240,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py hostname = "unknown" try: -@@ -4549,6 +4555,16 @@ class XendDomainInfo: +@@ -4577,6 +4583,16 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) @@ -257,7 +257,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py try: if not os.path.exists(path): mkdir.parents(path, stat.S_IRWXU) -@@ -4556,12 +4572,7 @@ class XendDomainInfo: +@@ -4584,12 +4600,7 @@ class XendDomainInfo: log.exception("%s could not be created." % path) raise XendError("%s could not be created." % path) @@ -271,7 +271,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py if status != 0: log.debug("Failed to aqcuire lock: status = %d" % status) raise XendError("The VM is locked and appears to be running on host %s." % self.get_lock_host(path)) -@@ -4578,12 +4589,18 @@ class XendDomainInfo: +@@ -4606,12 +4617,18 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) @@ -296,10 +296,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py if status != 0: log.exception("Failed to release lock: status = %s" % status) try: -Index: xen-4.2.0-testing/tools/python/xen/xend/XendNode.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendNode.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendNode.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendNode.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendNode.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendNode.py @@ -162,6 +162,7 @@ class XendNode: self._init_cpu_pools() @@ -326,10 +326,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendNode.py def add_network(self, interface): # TODO log.debug("add_network(): Not implemented.") -Index: xen-4.2.0-testing/tools/python/xen/xend/XendOptions.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendOptions.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendOptions.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendOptions.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py @@ -164,6 +164,9 @@ class XendOptions: """Default script to acquire/release domain lock""" xend_domain_lock_utility = auxbin.scripts_dir() + "/domain-lock" diff --git a/xend-domain-lock.patch b/xend-domain-lock.patch index 8103271..1ad5126 100644 --- a/xend-domain-lock.patch +++ b/xend-domain-lock.patch @@ -8,10 +8,10 @@ tools/python/xen/xend/XendOptions.py | 29 +++++++++++ 7 files changed, 290 insertions(+) -Index: xen-4.2.0-testing/tools/examples/xend-config.sxp +Index: xen-4.2.1-testing/tools/examples/xend-config.sxp =================================================================== ---- xen-4.2.0-testing.orig/tools/examples/xend-config.sxp -+++ xen-4.2.0-testing/tools/examples/xend-config.sxp +--- xen-4.2.1-testing.orig/tools/examples/xend-config.sxp ++++ xen-4.2.1-testing/tools/examples/xend-config.sxp @@ -324,6 +324,65 @@ # device assignment could really work properly even after we do this. #(pci-passthrough-strict-check yes) @@ -78,10 +78,10 @@ Index: xen-4.2.0-testing/tools/examples/xend-config.sxp # If we have a very big scsi device configuration, start of xend is slow, # because xend scans all the device paths to build its internal PSCSI device # list. If we need only a few devices for assigning to a guest, we can reduce -Index: xen-4.2.0-testing/tools/hotplug/Linux/Makefile +Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile =================================================================== ---- xen-4.2.0-testing.orig/tools/hotplug/Linux/Makefile -+++ xen-4.2.0-testing/tools/hotplug/Linux/Makefile +--- xen-4.2.1-testing.orig/tools/hotplug/Linux/Makefile ++++ xen-4.2.1-testing/tools/hotplug/Linux/Makefile @@ -22,6 +22,7 @@ XEN_SCRIPTS += vtpm vtpm-delete XEN_SCRIPTS += xen-hotplug-cleanup XEN_SCRIPTS += external-device-migrate @@ -90,10 +90,10 @@ Index: xen-4.2.0-testing/tools/hotplug/Linux/Makefile XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh -Index: xen-4.2.0-testing/tools/hotplug/Linux/domain-lock +Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock =================================================================== --- /dev/null -+++ xen-4.2.0-testing/tools/hotplug/Linux/domain-lock ++++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock @@ -0,0 +1,83 @@ +#!/bin/bash + @@ -178,10 +178,10 @@ Index: xen-4.2.0-testing/tools/hotplug/Linux/domain-lock + get_status $vm_path + ;; +esac -Index: xen-4.2.0-testing/tools/hotplug/Linux/vm-monitor +Index: xen-4.2.1-testing/tools/hotplug/Linux/vm-monitor =================================================================== --- /dev/null -+++ xen-4.2.0-testing/tools/hotplug/Linux/vm-monitor ++++ xen-4.2.1-testing/tools/hotplug/Linux/vm-monitor @@ -0,0 +1,41 @@ +#!/bin/bash + @@ -224,10 +224,10 @@ Index: xen-4.2.0-testing/tools/hotplug/Linux/vm-monitor +elif [ $0 = "$basedir/vm-monitor" ]; then + monitor $* +fi -Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py @@ -130,6 +130,8 @@ def save(fd, dominfo, network, live, dst dominfo.shutdown('suspend') dominfo.waitForSuspend() @@ -245,19 +245,19 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py return dominfo except Exception, exn: dominfo.destroy() -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -470,6 +470,7 @@ class XendDomainInfo: - +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -486,6 +486,7 @@ class XendDomainInfo: if self._stateGet() in (XEN_API_VM_POWER_STATE_HALTED, XEN_API_VM_POWER_STATE_SUSPENDED, XEN_API_VM_POWER_STATE_CRASHED): try: + prepare_domain_pci_devices(self.info); + self.acquire_running_lock(); XendTask.log_progress(0, 30, self._constructDomain) XendTask.log_progress(31, 60, self._initDomain) -@@ -3010,6 +3011,11 @@ class XendDomainInfo: +@@ -3037,6 +3038,11 @@ class XendDomainInfo: self._stateSet(DOM_STATE_HALTED) self.domid = None # Do not push into _stateSet()! @@ -269,7 +269,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py finally: self.refresh_shutdown_lock.release() -@@ -4518,6 +4524,74 @@ class XendDomainInfo: +@@ -4546,6 +4552,74 @@ class XendDomainInfo: def has_device(self, dev_class, dev_uuid): return (dev_uuid in self.info['%s_refs' % dev_class.lower()]) @@ -344,10 +344,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def __str__(self): return '' % \ (str(self.domid), self.info['name_label'], -Index: xen-4.2.0-testing/tools/python/xen/xend/XendOptions.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendOptions.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendOptions.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendOptions.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py @@ -154,6 +154,17 @@ class XendOptions: use loose check automatically if necessary.""" pci_dev_assign_strict_check_default = True diff --git a/xenpaging.autostart.patch b/xenpaging.autostart.patch index dca0d5b..3c236f7 100644 --- a/xenpaging.autostart.patch +++ b/xenpaging.autostart.patch @@ -45,10 +45,10 @@ v2: tools/python/xen/xm/xenapi_create.py | 3 + 10 files changed, 179 insertions(+) -Index: xen-4.2.0-testing/tools/examples/xmexample.hvm +Index: xen-4.2.1-testing/tools/examples/xmexample.hvm =================================================================== ---- xen-4.2.0-testing.orig/tools/examples/xmexample.hvm -+++ xen-4.2.0-testing/tools/examples/xmexample.hvm +--- xen-4.2.1-testing.orig/tools/examples/xmexample.hvm ++++ xen-4.2.1-testing/tools/examples/xmexample.hvm @@ -142,6 +142,15 @@ disk = [ 'file:/var/lib/xen/images/disk. # Device Model to be used device_model = 'qemu-dm' @@ -65,10 +65,10 @@ Index: xen-4.2.0-testing/tools/examples/xmexample.hvm #----------------------------------------------------------------------------- # boot on floppy (a), hard disk (c), Network (n) or CD-ROM (d) # default: hard disk, cd-rom, floppy -Index: xen-4.2.0-testing/tools/python/README.XendConfig +Index: xen-4.2.1-testing/tools/python/README.XendConfig =================================================================== ---- xen-4.2.0-testing.orig/tools/python/README.XendConfig -+++ xen-4.2.0-testing/tools/python/README.XendConfig +--- xen-4.2.1-testing.orig/tools/python/README.XendConfig ++++ xen-4.2.1-testing/tools/python/README.XendConfig @@ -120,6 +120,9 @@ otherConfig image.vncdisplay image.vncunused @@ -79,10 +79,10 @@ Index: xen-4.2.0-testing/tools/python/README.XendConfig image.hvm.display image.hvm.xauthority image.hvm.vncconsole -Index: xen-4.2.0-testing/tools/python/README.sxpcfg +Index: xen-4.2.1-testing/tools/python/README.sxpcfg =================================================================== ---- xen-4.2.0-testing.orig/tools/python/README.sxpcfg -+++ xen-4.2.0-testing/tools/python/README.sxpcfg +--- xen-4.2.1-testing.orig/tools/python/README.sxpcfg ++++ xen-4.2.1-testing/tools/python/README.sxpcfg @@ -51,6 +51,9 @@ image - vncunused (HVM) @@ -93,10 +93,10 @@ Index: xen-4.2.0-testing/tools/python/README.sxpcfg - display - xauthority - vncconsole -Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendConfig.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py @@ -147,6 +147,9 @@ XENAPI_PLATFORM_CFG_TYPES = { 'apic': int, 'boot': str, @@ -120,10 +120,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py if 'timer_mode' not in self['platform']: self['platform']['timer_mode'] = 1 if 'extid' in self['platform'] and int(self['platform']['extid']) == 1: -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomain.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomain.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomain.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py @@ -1835,6 +1835,21 @@ class XendDomain: log.exception(ex) raise XendError(str(ex)) @@ -146,11 +146,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomain.py def domain_maxmem_set(self, domid, mem): """Set the memory limit for a domain. -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1505,6 +1505,17 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1532,6 +1532,17 @@ class XendDomainInfo: break xen.xend.XendDomain.instance().managed_config_save(self) @@ -168,7 +168,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -@@ -2295,6 +2306,8 @@ class XendDomainInfo: +@@ -2322,6 +2333,8 @@ class XendDomainInfo: self.info['name_label'], self.domid, self.info['uuid'], new_name, new_uuid) self._unwatchVm() @@ -177,7 +177,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() # Remove existing vm node in xenstore self._removeVm() -@@ -2974,6 +2987,9 @@ class XendDomainInfo: +@@ -3001,6 +3014,9 @@ class XendDomainInfo: self._createDevices() @@ -187,7 +187,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py self.image.cleanupTmpImages() self.info['start_time'] = time.time() -@@ -2998,6 +3014,8 @@ class XendDomainInfo: +@@ -3025,6 +3041,8 @@ class XendDomainInfo: self.refresh_shutdown_lock.acquire() try: self.unwatchShutdown() @@ -196,7 +196,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() bootloader_tidy(self) -@@ -3082,6 +3100,7 @@ class XendDomainInfo: +@@ -3109,6 +3127,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self.image.createDeviceModel(True) @@ -204,7 +204,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py self.console_port = console_port self._storeDomDetails() self._registerWatches() -@@ -3223,6 +3242,8 @@ class XendDomainInfo: +@@ -3251,6 +3270,8 @@ class XendDomainInfo: # could also fetch a parsed note from xenstore fast = self.info.get_notes().get('SUSPEND_CANCEL') and 1 or 0 if not fast: @@ -213,7 +213,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() self.testDeviceComplete() self.testvifsComplete() -@@ -3238,6 +3259,8 @@ class XendDomainInfo: +@@ -3266,6 +3287,8 @@ class XendDomainInfo: self._storeDomDetails() self._createDevices() @@ -222,10 +222,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py log.debug("XendDomainInfo.resumeDomain: devices created") xc.domain_resume(self.domid, fast) -Index: xen-4.2.0-testing/tools/python/xen/xend/image.py +Index: xen-4.2.1-testing/tools/python/xen/xend/image.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/image.py -+++ xen-4.2.0-testing/tools/python/xen/xend/image.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.1-testing/tools/python/xen/xend/image.py @@ -122,6 +122,10 @@ class ImageHandler: self.vm.permissionsVm("image/cmdline", { 'dom': self.vm.getDomid(), 'read': True } ) @@ -325,10 +325,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/image.py def createDeviceModel(self, restore = False): if self.device_model is None: return -Index: xen-4.2.0-testing/tools/python/xen/xm/create.py +Index: xen-4.2.1-testing/tools/python/xen/xm/create.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/create.py -+++ xen-4.2.0-testing/tools/python/xen/xm/create.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/create.py @@ -495,6 +495,18 @@ gopts.var('nfs_root', val="PATH", fn=set_value, default=None, use="Set the path of the root NFS directory.") @@ -358,10 +358,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xm/create.py 'device_model', 'display', 'fda', 'fdb', 'gfx_passthru', 'guest_os_type', -Index: xen-4.2.0-testing/tools/python/xen/xm/main.py +Index: xen-4.2.1-testing/tools/python/xen/xm/main.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/main.py -+++ xen-4.2.0-testing/tools/python/xen/xm/main.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/main.py ++++ xen-4.2.1-testing/tools/python/xen/xm/main.py @@ -115,6 +115,8 @@ SUBCOMMAND_HELP = { 'Set the maximum amount reservation for a domain.'), 'mem-set' : (' ', @@ -397,10 +397,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xm/main.py # cpu commands "vcpu-pin": xm_vcpu_pin, "vcpu-list": xm_vcpu_list, -Index: xen-4.2.0-testing/tools/python/xen/xm/xenapi_create.py +Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/xenapi_create.py -+++ xen-4.2.0-testing/tools/python/xen/xm/xenapi_create.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/xenapi_create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py @@ -1085,6 +1085,9 @@ class sxp2xml: 'acpi', 'apic', From 48ad4c1310f0765fa4315a508d5340a4b5b65546616fa0505bd1c321a8b392b7 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Fri, 22 Feb 2013 22:35:43 +0000 Subject: [PATCH 2/2] Disable signing of modules temporarily OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=230 --- xen.spec | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/xen.spec b/xen.spec index 0de0bbf..bc2357f 100644 --- a/xen.spec +++ b/xen.spec @@ -15,8 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# needssslcertforbuild - Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 @@ -1047,7 +1045,7 @@ make -C tools/misc/serial-split install \ %if %{?with_kmp}0 export INSTALL_MOD_PATH=$RPM_BUILD_ROOT export INSTALL_MOD_DIR=updates -export BRP_PESIGN_FILES="*.ko /lib/firmware" +#export BRP_PESIGN_FILES="*.ko /lib/firmware" mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d for flavor in %flavors_to_build; do make -C /usr/src/linux-obj/%_target_cpu/$flavor modules_install \