pool/xen
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 405743 from Virtualization

Browse Source 
Xen 4.7 FCS release with an additional bugfix

OBS-URL: https://build.opensuse.org/request/show/405743
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xen?expand=0&rev=221
This commit is contained in:
Dominique Leuenberger 2016-07-01 07:55:45 +00:00 committed by Git OBS Bridge
commit 4eb86128ec
11 changed files with 587 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch Normal file
View File

@ -0,0 +1,144 @@
References: bsc#900418
# Commit cd42ccb27f4e364b6e75b6fecb06bb99ad8da988
# Date 2016-06-08 14:12:45 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
kexec: allow relaxed placement specification via command line
Rather than just allowing a fixed address or fully automatic placement,
also allow for specifying an upper bound. Especially on EFI systems,
where firmware memory use is commonly less predictable than on legacy
BIOS ones, this makes success of the reservation more likely when
automatic placement is not an option (e.g. because of special DMA
restrictions of devices involved in actually carrying out the dump).
Also take the opportunity to actually add text to the "crashkernel"
entry in the command line option doc.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -458,7 +458,18 @@ Specify the maximum address to allocate
combination with the `low_crashinfo` command line option.
### crashkernel
-> `= <ramsize-range>:<size>[,...][@<offset>]`
+> `= <ramsize-range>:<size>[,...][{@,<}<offset>]`
+> `= <size>[{@,<}<offset>]`
+
+Specify sizes and optionally placement of the crash kernel reservation
+area. The `<ramsize-range>:<size>` pairs indicate how much memory to
+set aside for a crash kernel (`<size>`) for a given range of installed
+RAM (`<ramsize-range>`). Each `<ramsize-range>` is of the form
+`<start>-[<end>]`.
+
+A trailing `@<offset>` specifies the exact address this area should be
+placed at, whereas `<` in place of `@` just specifies an upper bound of
+the address range the area should fall into.
### credit2\_balance\_over
> `= <integer>`
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -1044,13 +1044,23 @@ void __init noreturn __start_xen(unsigne
}
#ifdef CONFIG_KEXEC
- /* Don't overlap with modules. */
- e = consider_modules(s, e, PAGE_ALIGN(kexec_crash_area.size),
- mod, mbi->mods_count, -1);
- if ( !kexec_crash_area.start && (s < e) )
+ /*
+ * Looking backwards from the crash area limit, find a large
+ * enough range that does not overlap with modules.
+ */
+ while ( !kexec_crash_area.start )
{
- e = (e - kexec_crash_area.size) & PAGE_MASK;
- kexec_crash_area.start = e;
+ /* Don't overlap with modules. */
+ e = consider_modules(s, e, PAGE_ALIGN(kexec_crash_area.size),
+ mod, mbi->mods_count, -1);
+ if ( s >= e )
+ break;
+ if ( e > kexec_crash_area_limit )
+ {
+ e = kexec_crash_area_limit & PAGE_MASK;
+ continue;
+ }
+ kexec_crash_area.start = (e - kexec_crash_area.size) & PAGE_MASK;
}
#endif
}
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -60,6 +60,7 @@ static unsigned char vmcoreinfo_data[VMC
static size_t vmcoreinfo_size = 0;
xen_kexec_reserve_t kexec_crash_area;
+paddr_t __initdata kexec_crash_area_limit = ~(paddr_t)0;
static struct {
u64 start, end;
unsigned long size;
@@ -86,7 +87,7 @@ static void *crash_heap_current = NULL,
/*
* Parse command lines in the format
*
- * crashkernel=<ramsize-range>:<size>[,...][@<offset>]
+ * crashkernel=<ramsize-range>:<size>[,...][{@,<}<address>]
*
* with <ramsize-range> being of form
*
@@ -94,7 +95,7 @@ static void *crash_heap_current = NULL,
*
* as well as the legacy ones in the format
*
- * crashkernel=<size>[@<offset>]
+ * crashkernel=<size>[{@,<}<address>]
*/
static void __init parse_crashkernel(const char *str)
{
@@ -109,7 +110,7 @@ static void __init parse_crashkernel(con
{
printk(XENLOG_WARNING "crashkernel: too many ranges\n");
cur = NULL;
- str = strchr(str, '@');
+ str = strpbrk(str, "@<");
break;
}
@@ -154,9 +155,16 @@ static void __init parse_crashkernel(con
}
else
kexec_crash_area.size = parse_size_and_unit(cur = str, &str);
- if ( cur != str && *str == '@' )
- kexec_crash_area.start = parse_size_and_unit(cur = str + 1, &str);
- if ( cur == str )
+ if ( cur != str )
+ {
+ if ( *str == '@' )
+ kexec_crash_area.start = parse_size_and_unit(cur = str + 1, &str);
+ else if ( *str == '<' )
+ kexec_crash_area_limit = parse_size_and_unit(cur = str + 1, &str);
+ else
+ printk(XENLOG_WARNING "crashkernel: '%s' ignored\n", str);
+ }
+ if ( cur && cur == str )
printk(XENLOG_WARNING "crashkernel: memory value expected\n");
}
custom_param("crashkernel", parse_crashkernel);
--- a/xen/include/xen/kexec.h
+++ b/xen/include/xen/kexec.h
@@ -14,6 +14,7 @@ typedef struct xen_kexec_reserve {
} xen_kexec_reserve_t;
extern xen_kexec_reserve_t kexec_crash_area;
+extern paddr_t kexec_crash_area_limit;
extern bool_t kexecing;

62
575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch Normal file
View File

@ -0,0 +1,62 @@
# Commit 5e02972646132ad98c365ebfcfcb43b40a0dde36
# Date 2016-06-13 12:44:32 +0100
# Author Euan Harris <euan.harris@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
nested vmx: Validate host VMX MSRs before accessing them
Some VMX MSRs may not exist on certain processor models, or may
be disabled because of configuration settings. It is only safe to
access these MSRs if configuration flags in other MSRs are set. These
prerequisites are listed in the Intel 64 and IA-32 Architectures
Software Developers Manual, Vol 3, Appendix A.
nvmx_msr_read_intercept() does not check the prerequisites before
accessing MSR_IA32_VMX_PROCBASED_CTLS2, MSR_IA32_VMX_EPT_VPID_CAP,
MSR_IA32_VMX_VMFUNC on the host. Accessing these MSRs from a nested
VMX guest running on a host which does not support them will cause
Xen to crash with a GPF.
Signed-off-by: Euan Harris <euan.harris@citrix.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/hvm/vmx/vvmx.c
+++ b/xen/arch/x86/hvm/vmx/vvmx.c
@@ -1820,11 +1820,22 @@ int nvmx_msr_read_intercept(unsigned int
return 0;
/*
- * Those MSRs are available only when bit 55 of
- * MSR_IA32_VMX_BASIC is set.
+ * These MSRs are only available when flags in other MSRs are set.
+ * These prerequisites are listed in the Intel 64 and IA-32
+ * Architectures Software Developers Manual, Vol 3, Appendix A.
*/
switch ( msr )
{
+ case MSR_IA32_VMX_PROCBASED_CTLS2:
+ if ( !cpu_has_vmx_secondary_exec_control )
+ return 0;
+ break;
+
+ case MSR_IA32_VMX_EPT_VPID_CAP:
+ if ( !(cpu_has_vmx_ept || cpu_has_vmx_vpid) )
+ return 0;
+ break;
+
case MSR_IA32_VMX_TRUE_PINBASED_CTLS:
case MSR_IA32_VMX_TRUE_PROCBASED_CTLS:
case MSR_IA32_VMX_TRUE_EXIT_CTLS:
@@ -1832,6 +1843,11 @@ int nvmx_msr_read_intercept(unsigned int
if ( !(vmx_basic_msr & VMX_BASIC_DEFAULT1_ZERO) )
return 0;
break;
+
+ case MSR_IA32_VMX_VMFUNC:
+ if ( !cpu_has_vmx_vmfunc )
+ return 0;
+ break;
}
rdmsrl(msr, host_data);

32
57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch Normal file
View File

@ -0,0 +1,32 @@
# Commit 9dec2c47406f4ef31711656722f5f70d758d6160
# Date 2016-06-17 15:08:08 +0100
# Author Dario Faggioli <dario.faggioli@citrix.com>
# Committer George Dunlap <george.dunlap@citrix.com>
xen: sched: use default scheduler upon an invalid "sched="
instead of just the first scheduler we find in the array.
In fact, right now, if someone makes a typo when passing
the "sched=" command line option to Xen, we (with all
schedulers configured in) pick ARINC653, which is most
likely not what one would expect.
Go for the default scheduler instead.
Signed-off-by: Dario Faggioli <dario.faggioli@citrix.com>
Acked-by: George Dunlap <george.dunlap@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-By: Jonathan Creekmore <jonathan.creekmore@gmail.com>
--- a/xen/common/schedule.c
+++ b/xen/common/schedule.c
@@ -1625,7 +1625,8 @@ void __init scheduler_init(void)
{
printk("Could not find scheduler: %s\n", opt_sched);
for ( i = 0; i < NUM_SCHEDULERS; i++ )
- if ( schedulers[i] )
+ if ( schedulers[i] &&
+ !strcmp(schedulers[i]->opt_name, CONFIG_SCHED_DEFAULT) )
{
ops = *schedulers[i];
break;

87
CVE-2014-3672-qemut-xsa180.patch
View File

@ -1,87 +0,0 @@
References: bsc#981264 CVE-2014-3672 XSA-180
From 7490dab5c1a01b1623e9d87bdc653cb4f963dd8a Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Thu, 19 May 2016 19:38:35 +0100
Subject: [PATCH] main loop: Big hammer to fix logfile disk DoS in Xen setups
Each time round the main loop, we now fstat stderr. If it is too big,
we dup2 /dev/null onto it. This is not a very pretty patch but it is
very simple, easy to see that it's correct, and has a low risk of
collateral damage.
The limit is 1Mby by default but can be adjusted by setting a new
environment variable.
This fixes CVE-2014-3672.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Tested-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
vl.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
Index: xen-4.7.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c
===================================================================
--- xen-4.7.0-testing.orig/tools/qemu-xen-traditional-dir-remote/vl.c
+++ xen-4.7.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c
@@ -3752,6 +3752,50 @@ static void host_main_loop_wait(int *tim
}
#endif
+static void check_cve_2014_3672_xen(void)
+{
+ static unsigned long limit = ~0UL;
+ const int fd = 2;
+ struct stat stab;
+
+ if (limit == ~0UL) {
+ const char *s = getenv("XEN_QEMU_CONSOLE_LIMIT");
+ /* XEN_QEMU_CONSOLE_LIMIT=0 means no limit */
+ limit = s ? strtoul(s,0,0) : 1*1024*1024;
+ }
+ if (limit == 0)
+ return;
+
+ int r = fstat(fd, &stab);
+ if (r) {
+ perror("fstat stderr (for CVE-2014-3672 check)");
+ exit(-1);
+ }
+ if (!S_ISREG(stab.st_mode))
+ return;
+ if (stab.st_size <= limit)
+ return;
+
+ /* oh dear */
+ fprintf(stderr,"\r\n"
+ "Closing stderr due to CVE-2014-3672 limit. "
+ " Set XEN_QEMU_CONSOLE_LIMIT to number of bytes to override,"
+ " or 0 for no limit.\n");
+ fflush(stderr);
+
+ int nfd = open("/dev/null", O_WRONLY);
+ if (nfd < 0) {
+ perror("open /dev/null (for CVE-2014-3672 check)");
+ exit(-1);
+ }
+ r = dup2(nfd, fd);
+ if (r != fd) {
+ perror("dup2 /dev/null (for CVE-2014-3672 check)");
+ exit(-1);
+ }
+ close(nfd);
+}
+
void main_loop_wait(int timeout)
{
IOHandlerRecord *ioh;
@@ -3763,6 +3807,8 @@ void main_loop_wait(int timeout)
host_main_loop_wait(&timeout);
+ check_cve_2014_3672_xen();
+
/* poll any events */
/* XXX: separate device handlers from system ones */
nfds = -1;

361
block-dmmd
View File

@ -2,7 +2,7 @@
# Usage: block-dmmd [add args | remove args]
#
# the dmmd device syntax (in xm commands/configs) is something like:
# the dmmd device syntax (in xm/xl commands/configs) is something like:
# dmmd:md;/dev/md0;md;/dev/md1;lvm;/dev/vg1/lv1
# or
# dmmd:lvm;/dev/vg1/lv1;lvm;/dev/vg1/lv2;md;/dev/md0
@ -16,30 +16,49 @@
# dmmd:md;My-MD-name;lvm;/dev/vg1/lv1
#
# History:
# 2016-05-27, mlatimer@suse.com:
# Merge improvements by loic.devulder@mpsa.com. Highlights include:
# - Re-write and simplification to speed up the script!
# - Add some (useful) logging messages and comments
# Minor tweaks and logging improvements
# 2016-05-26, mlatimer@suse.com:
# Verify MD activation if mdadm returns 2
# 2016-05-20, mlatimer@suse.com:
# Strip leading "dmmd:" if present in xenstore params value
# 2013-07-03, loic.devulder@mpsa.com:
# Partial rewrite of the script for supporting MD activation by name
# Partial rewrite of the script for supporting MD activation by name
# 2009-06-09, mh@novell.com:
# Emit debugging messages into a temporary file; if no longer needed,
# just comment the exec I/O redirection below
# Make variables used in functions local to avoid global overridings
# Use vgscan and vgchange where required
# Use the C locale to avoid dealing with localized messages
# Assign output from assembling an MD device to a variable to aid debugging
# Emit debugging messages into a temporary file; if no longer needed,
# just comment the exec I/O redirection below
# Make variables used in functions local to avoid global overridings
# Use vgscan and vgchange where required
# Use the C locale to avoid dealing with localized messages
# Assign output from assembling an MD device to a variable to aid
# debugging
# We do not want to deal with localized messages:
LANG=C
LC_MESSAGES=C
export LANG LC_MESSAGES
# We do not want to deal with localized messages
# We use LC_ALL because LC_ALL superse LANG
# But we also use LANG because some applications may still use LANG...
export LC_ALL=C
export LANG=${LC_ALL}
dir=$(dirname "$0")
. "$dir/block-common.sh"
# Loading common libraries
. $(dirname $0)/block-common.sh
#exec >> /tmp/block-dmmd-`date +%F_%T.%N`.log 2>&1
#echo shell-flags: $-
# Constants
typeset -rx MDADM_BIN=/sbin/mdadm
typeset -rx LVCHANGE_BIN=/sbin/lvchange
typeset -rx PVSCAN_BIN=/sbin/pvscan
typeset -rx VGSCAN_BIN=/sbin/vgscan
typeset -rx VGCHANGE_BIN=/sbin/vgchange
typeset -rx DATE_LOG="date +%F_%T.%N"
typeset -rx DATE_SEC="date +%s"
command=$1
# Uncomment for debugging purposes
# exec >> /tmp/block-dmmd-$(${DATE_LOG}).log 2>&1
# echo shell-flags: $-
# We check for errors ourselves:
# We check for errors ourselves
set +e
function run_mdadm()
@ -48,21 +67,24 @@ function run_mdadm()
local msg
local rc
msg="$(/sbin/mdadm $mdadm_cmd 2>&1)"
msg="$(${MDADM_BIN} ${mdadm_cmd} 2>&1)"
rc=$?
case "$msg" in
*"has been started"* | *"already active"* )
return 0
;;
*"is already in use"* )
# hmm, might be used by another device in this domU
# leave it to upper layers to detect a real error
return 2
;;
* )
return $rc
;;
case "${msg}" in
*"has been started"* | *"already active"*)
return 0
;;
*"is already in use"*)
# Hmm, might be used by another device in this domU
# Leave it to upper layers to detect a real error
return 2
;;
*)
return ${rc}
;;
esac
# Normally we should not get here, but if this happens
# we have to return an error
return 1
}
@ -72,36 +94,49 @@ function activate_md()
local par=$1
local cfg dev dev_path rc t mdadm_opts
if [ ${par} = ${par%%(*} ]; then
if [[ ${par} == ${par%%(*} ]]; then
# No configuration file specified
dev=$par
cfg=
dev=${par}
cfg=""
else
dev=${par%%(*}
t=${par#*(}
cfg="-c ${t%%)*}"
dev=${par%%(*}
t=${par#*(}
cfg="-c ${t%%)*}"
fi
# Looking for device name or aliase
if [ ${dev:0:1} = / ]; then
dev_path=${dev%/*}
mdadm_opts=
if [[ ${dev:0:1} == / ]]; then
dev_path=${dev%/*}
mdadm_opts=""
else
dev_path=/dev/md
mdadm_opts="-s -N"
dev_path=/dev/md
mdadm_opts="-s -N"
fi
# Is md device already active?
# Logging message
echo "[$(${DATE_LOG})] activate MD device ${dev}..." >&2
# Is MD device already active?
# We need to use full path name, aliase is not possible...
if [ -e $dev_path/${dev##*/} ]; then
/sbin/mdadm -Q -D $dev_path/${dev##*/} 2>/dev/null | grep -iq state.*\:.*inactive || return 0
${MDADM_BIN} -Q -D $dev_path/${dev##*/} 2>/dev/null \
| grep -iq state.*\:.*inactive || return 0
fi
run_mdadm "-A $mdadm_opts $dev $cfg"
# Activate MD device
run_mdadm "-A ${mdadm_opts} ${dev} ${cfg}"
rc=$?
[ $rc -eq 2 ] && return 0
# A return code of 2 can indicate the array configuration was incorrect
if [[ ${rc} == 2 ]]; then
# Logging message
echo "[$(${DATE_LOG})] verifying MD device ${dev} activation..." >&2
return $rc
# If the array is active, return 0, otherwise return an error
${MDADM_BIN} -Q -D $dev_path/${dev##*/} &>/dev/null && return 0 \
|| return 1
fi
return ${rc}
}
function deactivate_md()
@ -109,22 +144,25 @@ function deactivate_md()
local par=$1
local dev
if [ ${par} = ${par%%(*} ]; then
if [[ ${par} == ${par%%(*} ]]; then
# No configuration file specified
dev=${par}
dev=${par}
else
dev=${par%%(*}
dev=${par%%(*}
fi
# Looking for device name or aliase
if [ ${dev:0:1} = / ]; then
dev_path=${dev%/*}
if [[ ${dev:0:1} == / ]]; then
dev_path=${dev%/*}
else
dev_path=/dev/md
dev_path=/dev/md
fi
# Logging message
echo "[$(${DATE_LOG})] deactivate MD device ${dev}..." >&2
# We need the device name only while deactivating
/sbin/mdadm -S ${dev_path}/${dev##*/} > /dev/null 2>&1
${MDADM_BIN} -S ${dev_path}/${dev##*/} > /dev/null 2>&1
return $?
}
@ -132,169 +170,200 @@ function deactivate_md()
function activate_lvm()
{
local run_timeout=90
local parsed_timeout
local end_time
# If /etc/xen/xend-config.sxp exists (e.g. SLES11), use
# device-create-timeout, instead of the default setting
if [[ -f /etc/xen/xend-config.sxp ]]; then
parsed_timeout=$(grep -v "^[ \t]*#.*" /etc/xen/xend-config.sxp \
|sed -n 's/(device-create-timeout \+\([0-9]\+\))/\1/p')
if [[ ! -z $parsed_timeout ]]; then
run_timeout=$((${parsed_timeout}*9/10))
fi
fi
# First scan for PVs and VGs
# We need this for using md device as PV
/sbin/pvscan > /dev/null 2>&1
# /sbin/vgscan --mknodes > /dev/null 2>&1
# We need this for using MD device as PV
${PVSCAN_BIN} > /dev/null 2>&1
# ${VGSCAN_BIN} --mknodes > /dev/null 2>&1
# Logging message
echo "[$(${DATE_LOG})] activate LVM device ${dev}..." >&2
# Set end_time for the loop
(( end_time = $(${DATE_SEC}) + run_timeout ))
end_time=$(($(date +%s)+${run_timeout}))
while true; do
/sbin/lvchange -aey $1 > /dev/null 2>&1
${LVCHANGE_BIN} -aey $1 > /dev/null 2>&1
if [ $? -eq 0 -a -e $1 ]; then
return 0
fi
if [ $? -eq 0 -a -e $1 ]; then
return 0
fi
sleep 0.1
if [ $(date +%s) -ge ${end_time} ]; then
log err "Failed to activate $1 within ${run_timeout} seconds"
return 1
fi
sleep 0.1
# If it takes too long we need to return an error
if (( $(${DATE_SEC}) >= end_time )); then
log err "Failed to activate $1 within ${run_timeout} seconds"
return 1
fi
done
# Normally we should not get here, but if this happens
# we have to return an error
return 1
}
function deactivate_lvm()
{
/sbin/lvchange -aen $1 > /dev/null 2>&1
# Logging message
echo "[$(${DATE_LOG})] deactivate LVM device ${dev}..." >&2
${LVCHANGE_BIN} -aen $1 > /dev/null 2>&1
if [ $? -eq 0 ]; then
# We may have to deactivate the VG now, but can ignore errors:
# /sbin/vgchange -an ${1%/*} || :
# We may have to deactivate the VG now, but can ignore errors:
# ${VGCHANGE_BIN} -an ${1%/*} || :
# Maybe we need to cleanup the LVM cache:
# /sbin/vgscan --mknodes || :
return 0
# ${VGSCAN_BIN} --mknodes || :
return 0
fi
return 1
}
BP=100
SP=$BP
VBD=
# Variables
typeset command=$1
typeset BP=100
typeset SP=${BP}
typeset VBD
typeset -a stack
declare -a stack
function push()
{
if [ -z "$1" ]; then
return
fi
let "SP -= 1"
stack[$SP]="${1}"
local value="$1"
[[ -n "${value}" ]] \
&& stack[$((--SP))]="${value}"
return 0
}
function pop()
{
VBD=
[[ "${SP}" != "${BP}" ]] \
&& VBD=${stack[$((SP++))]} \
|| VBD=""
if [ "$SP" -eq "$BP" ]; then
return
fi
VBD=${stack[$SP]}
let "SP += 1"
return 0
}
function activate_dmmd()
{
case $1 in
md)
case "$1" in
"md")
activate_md $2
return
return $?
;;
lvm)
"lvm")
activate_lvm $2
return
return $?
;;
esac
# Normally we should not get here, but if this happens
# we have to return an error
return 1
}
function deactivate_dmmd()
{
case "$1" in
md)
"md")
deactivate_md $2
return
return $?
;;
lvm)
"lvm")
deactivate_lvm $2
return
return $?
;;
esac
# Normally we should not get here, but if this happens
# we have to return an error
return 1
}
function cleanup_stack()
{
while [ 1 ]; do
while true; do
pop
if [ -z "$VBD" ]; then
break
fi
deactivate_dmmd $VBD
[[ -z "${VBD}" ]] && break
deactivate_dmmd ${VBD}
done
}
function parse_par()
{
local ac par rc s t # Make these explicitly local vars
# Make these vars explicitly local
local ac par rc s t
ac=$1
par="$2"
par="$par;"
while [ 1 ]; do
par="${par};"
while true; do
t=${par%%;*}
if [ -z "$t" ]; then
return 0
fi
[[ -z "${t}" ]] && return 0
par=${par#*;}
s=${par%%;*}
if [ -z "$s" ]; then
return 1
fi
[[ -z "${s}" ]] && return 1
par=${par#*;}
if [ "$ac" = "activate" ]; then
activate_dmmd $t $s
rc=$?
if [ $rc -ne 0 ]; then
return 1
fi
if [[ "${ac}" == "activate" ]]; then
activate_dmmd ${t} ${s} \
|| return 1
fi
push "$t $s"
push "${t} ${s}"
done
}
case "${command}" in
"add")
p=$(xenstore-read ${XENBUS_PATH}/params) || true
claim_lock "dmmd"
dmmd=${p#dmmd:}
case "$command" in
add)
p=`xenstore-read $XENBUS_PATH/params` || true
claim_lock "dmmd"
dmmd=${p#dmmd:}
parse_par activate "$dmmd"
rc=$?
if [ $rc -ne 0 ]; then
cleanup_stack
release_lock "dmmd"
exit 1
fi
lastparam=${dmmd##*;}
usedevice=${lastparam%(*}
xenstore-write $XENBUS_PATH/node "$usedevice"
write_dev "$usedevice"
release_lock "dmmd"
exit 0
;;
if ! parse_par activate "${dmmd}"; then
cleanup_stack
release_lock "dmmd"
exit 1
fi
remove)
p=`xenstore-read $XENBUS_PATH/params` || true
claim_lock "dmmd"
dmmd=${p#dmmd:}
parse_par noactivate "$dmmd"
cleanup_stack
release_lock "dmmd"
exit 0
;;
lastparam=${dmmd##*;}
usedevice=${lastparam%(*}
xenstore-write ${XENBUS_PATH}/node "${usedevice}"
write_dev "${usedevice}"
release_lock "dmmd"
exit 0
;;
"remove")
p=$(xenstore-read ${XENBUS_PATH}/params) || true
claim_lock "dmmd"
dmmd=${p#dmmd:}
parse_par noactivate "${dmmd}"
cleanup_stack
release_lock "dmmd"
exit 0
;;
esac
# Normally we should not get here, but if this happens
# we have to return an error
return 1

4
ipxe.tar.bz2
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:cedb8a940072948d3c94933f75d48749ca5f3f7b4b103fab2146d86e7a04250e
size 2877499
oid sha256:9e738814a69408e6fd725adaebfe61f17013520b46852204ad0c7f3c7ced142f
size 2877771

4
qemu-xen-traditional-dir-remote.tar.bz2
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5b687988f256884ff76fa098b9e80b35f6b6a4fb1657b9a1b397cfb1cf803a81
size 3237484
oid sha256:56d11699417995deec758fa53f0015683a856c78f8fe88ef9f4ee535d115e55b
size 3237180

4
stubdom.tar.bz2
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:668c2c85b21a02203ccd8a559a0f8c7e01ca7f60ef4b12576e35490ec705b5f4
size 17477020
oid sha256:b7fce018fbbf4c4c678ee81b79934be92aa60aa7a091126fd43552a1bdb1c92c
size 17477558

4
xen-4.7.0-testing-src.tar.bz2
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d53bd33cf3e5fe1d7ac3145f6cc9a75829e1690fcc26ac9df113c212361dfcb7
size 4465808
oid sha256:b7d642a7d1c3e0c423f7cd66ddff9e173135a6bd4e4f7b36cd7fefe20065a6e8
size 4472864

45
xen.changes
View File

@ -1,3 +1,46 @@
-------------------------------------------------------------------
Thu Jun 23 09:45:38 MDT 2016 - carnold@suse.com
- bsc#900418 - Dump cannot be performed on SLES12 XEN
57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
- Upstream patches from Jan
575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch
-------------------------------------------------------------------
Tue Jun 21 08:26:51 MDT 2016 - carnold@suse.com
- fate#319989 - Update to Xen 4.7 FCS
xen-4.7.0-testing-src.tar.bz2
- Drop CVE-2014-3672-qemut-xsa180.patch
-------------------------------------------------------------------
Thu Jun 16 16:27:25 MDT 2016 - carnold@suse.com
- bsc#954872 - script block-dmmd not working as expected - libxl:
error: libxl_dm.c (Additional fixes)
block-dmmd
-------------------------------------------------------------------
Fri Jun 10 14:23:51 UTC 2016 - ohering@suse.de
- Convert with_stubdom into build_conditional to allow adjusting
via prjconf
- Convert with_debug into build_conditional to allow adjusting
via prjconf
-------------------------------------------------------------------
Fri Jun 10 13:36:32 UTC 2016 - ohering@suse.de
- bsc#979002 - add 60-persistent-xvd.rules and helper script to
xen-tools-domU to simplify transition to pvops based kernels
-------------------------------------------------------------------
Fri Jun 10 13:18:13 UTC 2016 - ohering@suse.de
- Convert with_oxenstored into build_conditional to allow
adjusting via prjconf (fate#320836)
-------------------------------------------------------------------
Thu Jun 9 11:10:33 MDT 2016 - carnold@suse.com
@ -109,7 +152,7 @@ Tue May 3 07:31:28 UTC 2016 - ohering@suse.de
-------------------------------------------------------------------
Fri Apr 29 16:50:33 MDT 2016 - carnold@suse.com
- Update to the latest Xen 4.7 pre-release c2994f86 (fate#319989)
- Update to the latest Xen 4.7 pre-release c2994f86
Drop libxl.migrate-legacy-stream-read.patch
-------------------------------------------------------------------

99
xen.spec
View File

@ -24,17 +24,20 @@ ExclusiveArch: %ix86 x86_64 %arm aarch64
%define xen_build_dir xen-4.7.0-testing
#
%define with_kmp 0
%define with_debug 0
%define with_stubdom 0
%define with_gdbsx 0
%define with_dom0_support 0
%define with_qemu_traditional 0
%define with_oxenstored 0
%bcond_with xen_oxenstored
%ifarch x86_64
%bcond_without xen_debug
%bcond_without xen_stubdom
%else
%bcond_with xen_debug
%bcond_with xen_stubdom
%endif
#
%ifarch x86_64
%define with_kmp 0
%define with_debug 1
%define with_stubdom 1
%define with_gdbsx 1
%define with_dom0_support 1
%define with_qemu_traditional 1
@ -108,7 +111,7 @@ BuildRequires: libyajl-devel
BuildRequires: SDL-devel
BuildRequires: pciutils-devel
%endif
%if %{?with_stubdom}0
%if %{with xen_stubdom}
%if 0%{?suse_version} < 1230
BuildRequires: texinfo
%else
@ -116,13 +119,15 @@ BuildRequires: makeinfo
%endif
%endif
BuildRequires: ncurses-devel
%if %{?with_oxenstored}0
%if %{?with_dom0_support}0
%if %{with xen_oxenstored}
BuildRequires: ocaml
BuildRequires: ocaml-compiler-libs
BuildRequires: ocaml-findlib
BuildRequires: ocaml-ocamldoc
BuildRequires: ocaml-runtime
%endif
%endif
BuildRequires: openssl-devel
BuildRequires: python-devel
%if %{?with_systemd}0
@ -160,7 +165,7 @@ BuildRequires: xorg-x11-util-devel
%endif
%endif
Version: 4.7.0_06
Version: 4.7.0_08
Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0
@ -198,6 +203,9 @@ Source57: xen-utils-0.1.tar.bz2
# For xen-libs
Source99: baselibs.conf
# Upstream patches
Patch1: 57580bbd-kexec-allow-relaxed-placement-via-cmdline.patch
Patch2: 575e9ca0-nested-vmx-Validate-host-VMX-MSRs-before-accessing-them.patch
Patch3: 57640448-xen-sched-use-default-scheduler-upon-an-invalid-sched.patch
# Upstream qemu-traditional patches
Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch
Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch
@ -228,9 +236,8 @@ Patch275: CVE-2016-2391-qemut-usb-null-pointer-dereference-in-ohci-module.
Patch276: CVE-2016-2841-qemut-ne2000-infinite-loop-in-ne2000_receive.patch
Patch277: CVE-2016-4439-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-esp_reg_write.patch
Patch278: CVE-2016-4441-qemut-scsi-esp-OOB-write-while-writing-to-cmdbuf-in-get_cmd.patch
Patch279: CVE-2014-3672-qemut-xsa180.patch
Patch280: CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch
Patch281: CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
Patch279: CVE-2016-5238-qemut-scsi-esp-OOB-write-when-using-non-DMA-mode-in-get_cmd.patch
Patch280: CVE-2016-5338-qemut-scsi-esp-OOB-rw-access-while-processing-ESP_FIFO.patch
# qemu-traditional patches that are not upstream
Patch350: blktap.patch
Patch351: cdrom-removable.patch
@ -517,6 +524,9 @@ Authors:
%prep
%setup -q -n %xen_build_dir -a 1 -a 2 -a 5 -a 6 -a 57
# Upstream patches
%patch1 -p1
%patch2 -p1
%patch3 -p1
# Upstream qemu patches
%patch250 -p1
%patch251 -p1
@ -549,7 +559,6 @@ Authors:
%patch278 -p1
%patch279 -p1
%patch280 -p1
%patch281 -p1
# Qemu traditional
%patch350 -p1
%patch351 -p1
@ -687,7 +696,7 @@ then
: no changes?
fi
configure_flags=
%if %{?with_stubdom}0
%if %{with xen_stubdom}
configure_flags=--enable-stubdom
%else
configure_flags=--disable-stubdom
@ -713,9 +722,11 @@ configure_flags="${configure_flags} --disable-qemu-traditional"
--includedir=%{_includedir} \
--docdir=%{_defaultdocdir}/xen \
--with-initddir=%{_initddir} \
%if %{?with_oxenstored}0
%if %{?with_dom0_support}0
%if %{with xen_oxenstored}
--with-xenstored=oxenstored \
%endif
%endif
%if %{?with_systemd}0
--enable-systemd \
--with-systemd=%{_unitdir} \
@ -763,6 +774,54 @@ for i in $RPM_BUILD_ROOT/var/adm/fillup-templates/*
do
mv -v $i ${i%/*}/sysconfig.${i##*/}
done
%if %{?with_systemd}0
udev_rulesdir=$RPM_BUILD_ROOT%{_udevrulesdir}
mkdir -p ${udev_rulesdir}
tee ${udev_rulesdir}/60-persistent-xvd.rules <<'_EOR_'
ACTION=="remove", GOTO="xvd_aliases_end"
SUBSYSTEM!="block", GOTO="xvd_aliases_end"
KERNEL=="xvd*[!0-9]", IMPORT{program}=="%{name}-tools-domU.sh --devpath %%p --devtype $env{DEVTYPE}"
KERNEL=="xvd*[0-9]", IMPORT{program}=="%{name}-tools-domU.sh --devpath %%p --devtype $env{DEVTYPE}"
KERNEL=="xvd*[!0-9]", ENV{VBD_HD_SYMLINK}=="hd[a-d]", SYMLINK+="$env{VBD_HD_SYMLINK}"
KERNEL=="xvd*[0-9]", ENV{VBD_HD_SYMLINK}=="hd[a-d]", SYMLINK+="$env{VBD_HD_SYMLINK}%%n"
LABEL="xvd_aliases_end"
_EOR_
#
udev_programdir=$RPM_BUILD_ROOT/usr/lib/udev
mkdir -p ${udev_programdir}
tee ${udev_programdir}/%{name}-tools-domU.sh <<'_EOS_'
#!/bin/bash
set -e
devpath=
devtype=
dev=
while test "$#" -gt 0
do
: "$1"
case "$1" in
--devpath) devpath=$2 ; shift ;;
--devtype) devtype=$2 ; shift ;;
*) echo "$0: Unknown option $1" >&2 ; exit 1 ;;
esac
shift
done
test -n "${devpath}" || exit 1
test -n "${devtype}" || exit 1
cd "/sys/${devpath}"
case "${devtype}" in
partition) cd .. ;;
esac
cd -P device
d="${PWD##*/}"
d="${d/-/\/}"
backend="`xenstore-read device/${d}/backend`"
dev="`xenstore-read \"${backend}\"/dev`"
test -n "${dev}" && echo "VBD_HD_SYMLINK=${dev}"
_EOS_
chmod 755 ${udev_programdir}/*.sh
%endif
# EFI
%if %{?with_dom0_support}0
export BRP_PESIGN_FILES="*.ko *.efi /lib/firmware"
@ -794,7 +853,7 @@ install_xen()
ln -sf xen-syms${ext}-${XEN_FULLVERSION} $RPM_BUILD_ROOT/boot/xen-syms${ext}
find $RPM_BUILD_ROOT/boot -ls
}
%if %{?with_debug}0
%if %{with xen_debug}
make -C xen install max_phys_cpus=%{max_cpus} debug=y crash_debug=y DEBUG_DIR=/boot DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
install_xen dbg
make -C xen clean
@ -958,6 +1017,7 @@ rm -rf $RPM_BUILD_ROOT/%{_datadir}/doc
rm -rf $RPM_BUILD_ROOT/%{_datadir}/man
rm -rf $RPM_BUILD_ROOT/%{_libdir}/xen
rm -rf $RPM_BUILD_ROOT/%{_libdir}/python*
rm -rf $RPM_BUILD_ROOT/%{_libdir}/ocaml*
rm -rf $RPM_BUILD_ROOT%{_unitdir}
rm -rf $RPM_BUILD_ROOT%{with_systemd_modules_load}
rm -rf $RPM_BUILD_ROOT/usr/sbin
@ -1142,7 +1202,7 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%{_mandir}/man8/*.8.gz
%{_mandir}/man1/xen-list.1.gz
%if %{?with_oxenstored}0
%if %{with xen_oxenstored}
/usr/sbin/oxenstored
/etc/xen/oxenstored.conf
%dir %{_libdir}/ocaml
@ -1194,12 +1254,16 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%endif
/bin/domu-xenstore
/bin/xenstore-*
%if %{?with_systemd}0
/usr/lib/udev
%endif
%files devel
%defattr(-,root,root)
%{_libdir}/*.a
%{_libdir}/*.so
%if %{?with_oxenstored}0
%if %{?with_dom0_support}0
%if %{with xen_oxenstored}
%{_libdir}/ocaml/xenbus/*.a
%{_libdir}/ocaml/xenbus/*.cmx*
%{_libdir}/ocaml/xenctrl/*.a
@ -1215,6 +1279,7 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%{_libdir}/ocaml/xentoollog/*.a
%{_libdir}/ocaml/xentoollog/*.cmx*
%endif
%endif
/usr/include/*
%{_datadir}/pkgconfig/xenlight.pc
%{_datadir}/pkgconfig/xlutil.pc