pool/xen
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Upstream patches from Jan

Browse Source 
53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch
  533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch
  533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch

- bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support
  when released
  53206661-pygrub-support-linux16-and-initrd16.patch
- Upstream bug fixes
  53299d8f-xenconsole-reset-tty-on-failure.patch
  53299d8f-xenconsole-tolerate-tty-errors.patch
- fix build for armv7l and aarch64

- Remove compiletime strings from qemu-upstream
  qemu-xen-upstream-megasas-buildtime.patch

- bnc#871546 - KMPs are not signed in SUSE:SLE-12:GA? 
  xen.spec

- Upstream patches from Jan
  532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch
  5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch
- Drop xsa89.patch for upstream version (see bnc#867910, 5331917d-x86-enforce...)

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=309
This commit is contained in:
Charles Arnold 2014-04-10 06:04:31 +00:00 committed by Git OBS Bridge
parent f1e74a471f
commit 73fd9f3c19
14 changed files with 773 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch
View File

@ -19,9 +19,21 @@ Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: "Xu, Dongxiao" <dongxiao.xu@intel.com>
Acked-by: Keir Fraser <keir@xen.org>
# Commit 1f8b57779785bf9f55c16312bb1ec679929c314b
# Date 2014-03-28 13:43:25 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/EPT: relax treatment of APIC MFN
There's no point in this being mapped UC by the guest due to using a
respective PAT index - set the ignore-PAT flag to true.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
--- a/xen/arch/x86/hvm/mtrr.c
+++ b/xen/arch/x86/hvm/mtrr.c
@@ -698,14 +698,20 @@ uint8_t epte_get_entry_emt(struct domain
@@ -698,14 +698,24 @@ uint8_t epte_get_entry_emt(struct domain
if ( hvm_get_mem_pinned_cacheattr(d, gfn, &type) )
return type;
@ -39,8 +51,12 @@ Acked-by: Keir Fraser <keir@xen.org>
if ( direct_mmio )
- return MTRR_TYPE_UNCACHABLE;
+ return mfn_x(mfn) != d->arch.hvm_domain.vmx.apic_access_mfn
+ ? MTRR_TYPE_UNCACHABLE : MTRR_TYPE_WRBACK;
+ {
+ if ( mfn_x(mfn) != d->arch.hvm_domain.vmx.apic_access_mfn )
+ return MTRR_TYPE_UNCACHABLE;
+ *ipat = 1;
+ return MTRR_TYPE_WRBACK;
+ }
if ( iommu_snoop )
{

165
53206661-pygrub-support-linux16-and-initrd16.patch Normal file
View File

@ -0,0 +1,165 @@
Subject: xen/pygrub: grub2/grub.cfg from RHEL 7 has new commands in menuentry
From: Joby Poriyath joby.poriyath@citrix.com Tue Feb 4 18:10:35 2014 +0000
Date: Wed Mar 12 13:51:29 2014 +0000:
Git: dd03048708af072374963d6d0721cc6d4c5f52cf
menuentry in grub2/grub.cfg uses linux16 and initrd16 commands
instead of linux and initrd. Due to this RHEL 7 (beta) guest failed to
boot after the installation.
In addition to this, RHEL 7 menu entries have two different single-quote
delimited strings on the same line, and the greedy grouping for menuentry
parsing gets both strings, and the options inbetween.
Signed-off-by: Joby Poriyath <joby.poriyath@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: george.dunlap@citrix.com
diff --git a/tools/pygrub/examples/rhel-7-beta.grub2 b/tools/pygrub/examples/rhel-7-beta.grub2
new file mode 100644
index 0000000..88f0f99
--- /dev/null
+++ b/tools/pygrub/examples/rhel-7-beta.grub2
@@ -0,0 +1,118 @@
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically generated by grub2-mkconfig using templates
+# from /etc/grub.d and settings from /etc/default/grub
+#
+
+### BEGIN /etc/grub.d/00_header ###
+set pager=1
+
+if [ -s $prefix/grubenv ]; then
+ load_env
+fi
+if [ "${next_entry}" ] ; then
+ set default="${next_entry}"
+ set next_entry=
+ save_env next_entry
+ set boot_once=true
+else
+ set default="${saved_entry}"
+fi
+
+if [ x"${feature_menuentry_id}" = xy ]; then
+ menuentry_id_option="--id"
+else
+ menuentry_id_option=""
+fi
+
+export menuentry_id_option
+
+if [ "${prev_saved_entry}" ]; then
+ set saved_entry="${prev_saved_entry}"
+ save_env saved_entry
+ set prev_saved_entry=
+ save_env prev_saved_entry
+ set boot_once=true
+fi
+
+function savedefault {
+ if [ -z "${boot_once}" ]; then
+ saved_entry="${chosen}"
+ save_env saved_entry
+ fi
+}
+
+function load_video {
+ if [ x$feature_all_video_module = xy ]; then
+ insmod all_video
+ else
+ insmod efi_gop
+ insmod efi_uga
+ insmod ieee1275_fb
+ insmod vbe
+ insmod vga
+ insmod video_bochs
+ insmod video_cirrus
+ fi
+}
+
+terminal_output console
+set timeout=5
+### END /etc/grub.d/00_header ###
+
+### BEGIN /etc/grub.d/10_linux ###
+menuentry 'Red Hat Enterprise Linux Everything, with Linux 3.10.0-54.0.1.el7.x86_64' --class red --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.10.0-54.0.1.el7.x86_64-advanced-d23b8b49-4cfe-4900-8ef1-ec80bc633163' {
+ load_video
+ set gfxpayload=keep
+ insmod gzio
+ insmod part_msdos
+ insmod xfs
+ set root='hd0,msdos1'
+ if [ x$feature_platform_search_hint = xy ]; then
+ search --no-floppy --fs-uuid --set=root --hint='hd0,msdos1' 89ffef78-82b3-457c-bc57-42cccc373851
+ else
+ search --no-floppy --fs-uuid --set=root 89ffef78-82b3-457c-bc57-42cccc373851
+ fi
+ linux16 /vmlinuz-3.10.0-54.0.1.el7.x86_64 root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/swap vconsole.keymap=uk crashkernel=auto rd.lvm.lv=rhel/root vconsole.font=latarcyrheb-sun16 LANG=en_GB.UTF-8
+ initrd16 /initramfs-3.10.0-54.0.1.el7.x86_64.img
+}
+menuentry 'Red Hat Enterprise Linux Everything, with Linux 0-rescue-af34f0b8cf364cdbbe6d093f8228a37f' --class red --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-0-rescue-af34f0b8cf364cdbbe6d093f8228a37f-advanced-d23b8b49-4cfe-4900-8ef1-ec80bc633163' {
+ load_video
+ insmod gzio
+ insmod part_msdos
+ insmod xfs
+ set root='hd0,msdos1'
+ if [ x$feature_platform_search_hint = xy ]; then
+ search --no-floppy --fs-uuid --set=root --hint='hd0,msdos1' 89ffef78-82b3-457c-bc57-42cccc373851
+ else
+ search --no-floppy --fs-uuid --set=root 89ffef78-82b3-457c-bc57-42cccc373851
+ fi
+ linux16 /vmlinuz-0-rescue-af34f0b8cf364cdbbe6d093f8228a37f root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/swap vconsole.keymap=uk crashkernel=auto rd.lvm.lv=rhel/root vconsole.font=latarcyrheb-sun16
+ initrd16 /initramfs-0-rescue-af34f0b8cf364cdbbe6d093f8228a37f.img
+}
+
+### END /etc/grub.d/10_linux ###
+
+### BEGIN /etc/grub.d/20_linux_xen ###
+### END /etc/grub.d/20_linux_xen ###
+
+### BEGIN /etc/grub.d/20_ppc_terminfo ###
+### END /etc/grub.d/20_ppc_terminfo ###
+
+### BEGIN /etc/grub.d/30_os-prober ###
+### END /etc/grub.d/30_os-prober ###
+
+### BEGIN /etc/grub.d/40_custom ###
+# This file provides an easy way to add custom menu entries. Simply type the
+# menu entries you want to add after this comment. Be careful not to change
+# the 'exec tail' line above.
+### END /etc/grub.d/40_custom ###
+
+### BEGIN /etc/grub.d/41_custom ###
+if [ -f ${config_directory}/custom.cfg ]; then
+ source ${config_directory}/custom.cfg
+elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
+ source $prefix/custom.cfg;
+fi
+### END /etc/grub.d/41_custom ###
diff --git a/tools/pygrub/src/GrubConf.py b/tools/pygrub/src/GrubConf.py
index cb853c9..974cded 100644
--- a/tools/pygrub/src/GrubConf.py
+++ b/tools/pygrub/src/GrubConf.py
@@ -348,7 +348,9 @@ class Grub2Image(_GrubImage):
commands = {'set:root': 'root',
'linux': 'kernel',
+ 'linux16': 'kernel',
'initrd': 'initrd',
+ 'initrd16': 'initrd',
'echo': None,
'insmod': None,
'search': None}
@@ -394,7 +396,7 @@ class Grub2ConfigFile(_GrubConfigFile):
continue
# new image
- title_match = re.match('^menuentry ["\'](.*)["\'] (.*){', l)
+ title_match = re.match('^menuentry ["\'](.*?)["\'] (.*){', l)
if title_match:
if img is not None:
raise RuntimeError, "syntax error: cannot nest menuentry (%d %s)" % (len(img),img)

54
53299d8f-xenconsole-reset-tty-on-failure.patch Normal file
View File

@ -0,0 +1,54 @@
Subject: tools/console: reset tty when xenconsole fails
From: Ian Jackson ian.jackson@eu.citrix.com Mon Feb 24 15:16:19 2014 +0000
Date: Wed Mar 19 13:37:19 2014 +0000:
Git: 111931f36885874103d65685ab15ea3d25d93da7
If xenconsole (the client program) fails, it calls err. This would
previously neglect to reset the user's terminal to sanity. Use atexit
to do so.
This routinely happens in Xen 4.4 RC5 with pygrub because libxl
writes the value "" to the tty xenstore key when using xenconsole.
After this patch this just results in a harmless error message.
Reported-by: M A Young <m.a.young@durham.ac.uk>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
CC: M A Young <m.a.young@durham.ac.uk>
CC: Ian Campbell <Ian.Campbell@citrix.com>
Acked-by: George Dunlap <george.dunlap@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
v2: Fix whitespace error (reintroduce hard tab)
Fix commit message not to claim ignorance about root cause
Index: xen-4.4.0-testing/tools/console/client/main.c
===================================================================
--- xen-4.4.0-testing.orig/tools/console/client/main.c
+++ xen-4.4.0-testing/tools/console/client/main.c
@@ -258,6 +258,13 @@ typedef enum {
CONSOLE_SERIAL,
} console_type;
+static struct termios stdin_old_attr;
+
+static void restore_term_stdin(void)
+{
+ restore_term(STDIN_FILENO, &stdin_old_attr);
+}
+
int main(int argc, char **argv)
{
struct termios attr;
@@ -384,9 +391,9 @@ int main(int argc, char **argv)
}
init_term(spty, &attr);
- init_term(STDIN_FILENO, &attr);
+ init_term(STDIN_FILENO, &stdin_old_attr);
+ atexit(restore_term_stdin); /* if this fails, oh dear */
console_loop(spty, xs, path);
- restore_term(STDIN_FILENO, &attr);
free(path);
free(dom_path);

49
53299d8f-xenconsole-tolerate-tty-errors.patch Normal file
View File

@ -0,0 +1,49 @@
Subject: tools/console: xenconsole tolerate tty errors
From: Ian Jackson ian.jackson@eu.citrix.com Thu Feb 27 17:46:49 2014 +0000
Date: Wed Mar 19 13:37:19 2014 +0000:
Git: 39ba2989b10b6a1852e253b204eb010f8e7026f1
Since 28d386fc4341 (XSA-57), libxl writes an empty value for the
console tty node, with read-only permission for the guest, when
setting up pv console "frontends". (The actual tty value is later set
by xenconsoled.) Writing an empty node is not strictly necessary to
stop the frontend from writing dangerous values here, but it is a good
belt-and-braces approach.
Unfortunately this confuses xenconsole. It reads the empty value, and
tries to open it as the tty. xenconsole then exits.
Fix this by having xenconsole treat an empty value the same way as no
value at all.
Also, make the error opening the tty be nonfatal: we just print a
warning, but do not exit. I think this is helpful in theoretical
situations where xenconsole is racing with libxl and/or xenconsoled.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
Acked-by: Ian Campbell <Ian.Campbell@citrix.com>
CC: George Dunlap <george.dunlap@eu.citrix.com>
---
v2: Combine two conditions and move the free
Index: xen-4.4.0-testing/tools/console/client/main.c
===================================================================
--- xen-4.4.0-testing.orig/tools/console/client/main.c
+++ xen-4.4.0-testing/tools/console/client/main.c
@@ -115,12 +115,12 @@ static int get_pty_fd(struct xs_handle *
/* We only watch for one thing, so no need to
* disambiguate: just read the pty path */
pty_path = xs_read(xs, XBT_NULL, path, &len);
- if (pty_path != NULL) {
+ if (pty_path != NULL && pty_path[0] != '\0') {
pty_fd = open(pty_path, O_RDWR | O_NOCTTY);
if (pty_fd == -1)
- err(errno, "Could not open tty `%s'", pty_path);
- free(pty_path);
+ warn("Could not open tty `%s'", pty_path);
}
+ free(pty_path);
}
} while (pty_fd == -1 && (now = time(NULL)) < start + seconds);

57
532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch Normal file
View File

@ -0,0 +1,57 @@
# Commit b3d2f8b2cba9fce5bc8995612d0d13fcefec7769
# Date 2014-03-24 10:48:03 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: fix determination of bit count for struct domain allocations
We can't just add in the hole shift value, as the hole may be at or
above the 44-bit boundary. Instead we need to determine the total bit
count until reaching 32 significant (not squashed out) bits in PFN
representations.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -180,6 +180,28 @@ void dump_pageframe_info(struct domain *
spin_unlock(&d->page_alloc_lock);
}
+/*
+ * The hole may be at or above the 44-bit boundary, so we need to determine
+ * the total bit count until reaching 32 significant (not squashed out) bits
+ * in PFN representations.
+ * Note that the way "bits" gets initialized/updated/bounds-checked guarantees
+ * that the function will never return zero, and hence will never be called
+ * more than once (which is important due to it being deliberately placed in
+ * .init.text).
+ */
+static unsigned int __init noinline _domain_struct_bits(void)
+{
+ unsigned int bits = 32 + PAGE_SHIFT;
+ unsigned int sig = hweight32(~pfn_hole_mask);
+ unsigned int mask = pfn_hole_mask >> 32;
+
+ for ( ; bits < BITS_PER_LONG && sig < 32; ++bits, mask >>= 1 )
+ if ( !(mask & 1) )
+ ++sig;
+
+ return bits;
+}
+
struct domain *alloc_domain_struct(void)
{
struct domain *d;
@@ -187,7 +209,10 @@ struct domain *alloc_domain_struct(void)
* We pack the PDX of the domain structure into a 32-bit field within
* the page_info structure. Hence the MEMF_bits() restriction.
*/
- unsigned int bits = 32 + PAGE_SHIFT + pfn_pdx_hole_shift;
+ static unsigned int __read_mostly bits;
+
+ if ( unlikely(!bits) )
+ bits = _domain_struct_bits();
BUILD_BUG_ON(sizeof(*d) > PAGE_SIZE);
d = alloc_xenheap_pages(0, MEMF_bits(bits));

8
xsa89.patch → 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch
View File

@ -1,9 +1,15 @@
References: bnc#867910 CVE-2014-2599 XSA-89
# Commit 0fe53c4f279e1a8ef913e71ed000236d21ce96de
# Date 2014-03-25 15:23:57 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access()
Processing up to 4G PFNs may take almost arbitrarily long, so
preemption is needed here.
This is XSA-89.
This is CVE-2014-2599 / XSA-89.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>

141
53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch Normal file
View File

@ -0,0 +1,141 @@
# Commit ef437690af8b75e6758dce77af75a22b63982883
# Date 2014-03-28 13:33:34 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/HVM: correct CPUID leaf 80000008 handling
CPUID[80000008].EAX[23:16] have been given the meaning of the guest
physical address restriction (in case it needs to be smaller than the
host's), hence we need to mirror that into vCPUID[80000008].EAX[7:0].
Enforce a lower limit at the same time, as well as a fixed value for
the virtual address bits, and zero for the guest physical address ones.
In order for the vMTRR code to see these overrides we need to make it
call hvm_cpuid() instead of domain_cpuid(), which in turn requires
special casing (and relaxing) the controlling domain.
This additionally should hide an ordering problem in the tools: Both
xend and xl appear to be restoring a guest from its image before
setting up the CPUID policy in the hypervisor, resulting in
domain_cpuid() returning all zeros and hence the check in
mtrr_var_range_msr_set() failing if the guest previously had more than
the minimum 36 physical address bits.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -2885,6 +2885,8 @@ void hvm_cpuid(unsigned int input, unsig
switch ( input )
{
+ unsigned int sub_leaf, _eax, _ebx, _ecx, _edx;
+
case 0x1:
/* Fix up VLAPIC details. */
*ebx &= 0x00FFFFFFu;
@@ -2918,8 +2920,6 @@ void hvm_cpuid(unsigned int input, unsig
*edx = v->vcpu_id * 2;
break;
case 0xd:
- {
- unsigned int sub_leaf, _eax, _ebx, _ecx, _edx;
/* EBX value of main leaf 0 depends on enabled xsave features */
if ( count == 0 && v->arch.xcr0 )
{
@@ -2936,7 +2936,7 @@ void hvm_cpuid(unsigned int input, unsig
}
}
break;
- }
+
case 0x80000001:
/* We expose RDTSCP feature to guest only when
tsc_mode == TSC_MODE_DEFAULT and host_tsc_is_safe() returns 1 */
@@ -2950,6 +2950,23 @@ void hvm_cpuid(unsigned int input, unsig
if ( !(hvm_pae_enabled(v) || hvm_long_mode_enabled(v)) )
*edx &= ~cpufeat_mask(X86_FEATURE_PSE36);
break;
+
+ case 0x80000008:
+ count = cpuid_eax(0x80000008);
+ count = (count >> 16) & 0xff ?: count & 0xff;
+ if ( (*eax & 0xff) > count )
+ *eax = (*eax & ~0xff) | count;
+
+ hvm_cpuid(1, NULL, NULL, NULL, &_edx);
+ count = _edx & (cpufeat_mask(X86_FEATURE_PAE) |
+ cpufeat_mask(X86_FEATURE_PSE36)) ? 36 : 32;
+ if ( (*eax & 0xff) < count )
+ *eax = (*eax & ~0xff) | count;
+
+ hvm_cpuid(0x80000001, NULL, NULL, NULL, &_edx);
+ *eax = (*eax & ~0xffff00) | (_edx & cpufeat_mask(X86_FEATURE_LM)
+ ? 0x3000 : 0x2000);
+ break;
}
}
--- a/xen/arch/x86/hvm/mtrr.c
+++ b/xen/arch/x86/hvm/mtrr.c
@@ -145,7 +145,7 @@ bool_t is_var_mtrr_overlapped(struct mtr
static int hvm_mtrr_pat_init(void)
{
- unsigned int i, j, phys_addr;
+ unsigned int i, j;
memset(&mtrr_epat_tbl, INVALID_MEM_TYPE, sizeof(mtrr_epat_tbl));
for ( i = 0; i < MTRR_NUM_TYPES; i++ )
@@ -172,11 +172,7 @@ static int hvm_mtrr_pat_init(void)
}
}
- phys_addr = 36;
- if ( cpuid_eax(0x80000000) >= 0x80000008 )
- phys_addr = (uint8_t)cpuid_eax(0x80000008);
-
- size_or_mask = ~((1 << (phys_addr - PAGE_SHIFT)) - 1);
+ size_or_mask = ~((1 << (paddr_bits - PAGE_SHIFT)) - 1);
return 0;
}
@@ -455,7 +451,7 @@ bool_t mtrr_fix_range_msr_set(struct mtr
bool_t mtrr_var_range_msr_set(
struct domain *d, struct mtrr_state *m, uint32_t msr, uint64_t msr_content)
{
- uint32_t index, type, phys_addr, eax, ebx, ecx, edx;
+ uint32_t index, type, phys_addr, eax;
uint64_t msr_mask;
uint64_t *var_range_base = (uint64_t*)m->var_ranges;
@@ -468,16 +464,21 @@ bool_t mtrr_var_range_msr_set(
type == 4 || type == 5 || type == 6)) )
return 0;
- phys_addr = 36;
- domain_cpuid(d, 0x80000000, 0, &eax, &ebx, &ecx, &edx);
- if ( eax >= 0x80000008 )
+ if ( d == current->domain )
{
- domain_cpuid(d, 0x80000008, 0, &eax, &ebx, &ecx, &edx);
- phys_addr = (uint8_t)eax;
+ phys_addr = 36;
+ hvm_cpuid(0x80000000, &eax, NULL, NULL, NULL);
+ if ( eax >= 0x80000008 )
+ {
+ hvm_cpuid(0x80000008, &eax, NULL, NULL, NULL);
+ phys_addr = (uint8_t)eax;
+ }
}
+ else
+ phys_addr = paddr_bits;
msr_mask = ~((((uint64_t)1) << phys_addr) - 1);
msr_mask |= (index & 1) ? 0x7ffUL : 0xf00UL;
- if ( unlikely(msr_content && (msr_content & msr_mask)) )
+ if ( unlikely(msr_content & msr_mask) )
{
HVM_DBG_LOG(DBG_LEVEL_MSR, "invalid msr content:%"PRIx64"\n",
msr_content);

34
533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch Normal file
View File

@ -0,0 +1,34 @@
# Commit fce79f8ce91dc45f3a4d699ee67c49e6cbeb1197
# Date 2014-04-01 16:49:18 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
VMX: fix PAT value seen by guest
The XSA-60 fixes introduced a window during which the guest PAT gets
forced to all zeros. This shouldn't be visible to the guest. Therefore
we need to intercept PAT MSR accesses during that time period.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Liu Jinsong <jinsong.liu@intel.com>
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -984,6 +984,8 @@ static void vmx_handle_cd(struct vcpu *v
vmx_get_guest_pat(v, pat);
vmx_set_guest_pat(v, uc_pat);
+ vmx_enable_intercept_for_msr(v, MSR_IA32_CR_PAT,
+ MSR_TYPE_R | MSR_TYPE_W);
wbinvd(); /* flush possibly polluted cache */
hvm_asid_flush_vcpu(v); /* invalidate memory type cached in TLB */
@@ -993,6 +995,9 @@ static void vmx_handle_cd(struct vcpu *v
{
v->arch.hvm_vcpu.cache_mode = NORMAL_CACHE_MODE;
vmx_set_guest_pat(v, *pat);
+ if ( !iommu_enabled || iommu_snoop )
+ vmx_disable_intercept_for_msr(v, MSR_IA32_CR_PAT,
+ MSR_TYPE_R | MSR_TYPE_W);
hvm_asid_flush_vcpu(v); /* no need to flush cache */
}
}

38
533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch Normal file
View File

@ -0,0 +1,38 @@
# Commit 088ee1d47b65d6bb92de61b404805f4ca92e3240
# Date 2014-04-03 12:08:43 +0100
# Author Jan Beulich <JBeulich@suse.com>
# Committer Tim Deegan <tim@xen.org>
x86/mm: fix checks against max_mapped_pfn
This value is an inclusive one, i.e. this fixes an off-by-one in memory
sharing and an off-by-two in shadow code.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -1268,8 +1268,8 @@ int relinquish_shared_pages(struct domai
return 0;
p2m_lock(p2m);
- for (gfn = p2m->next_shared_gfn_to_relinquish;
- gfn < p2m->max_mapped_pfn; gfn++ )
+ for ( gfn = p2m->next_shared_gfn_to_relinquish;
+ gfn <= p2m->max_mapped_pfn; gfn++ )
{
p2m_access_t a;
p2m_type_t t;
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -3489,9 +3489,7 @@ int shadow_track_dirty_vram(struct domai
struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
- if (end_pfn < begin_pfn
- || begin_pfn > p2m->max_mapped_pfn
- || end_pfn >= p2m->max_mapped_pfn)
+ if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 )
return -EINVAL;
/* We perform p2m lookups, so lock the p2m upfront to avoid deadlock */

21
qemu-xen-upstream-megasas-buildtime.patch Normal file
View File

@ -0,0 +1,21 @@
Causes rebuilds.
Says rpmlint.
---
tools/qemu-xen-dir-remote/hw/scsi/megasas.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: xen-4.4.0-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
===================================================================
--- xen-4.4.0-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
+++ xen-4.4.0-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c
@@ -712,8 +712,8 @@ static int megasas_ctrl_get_info(Megasas
snprintf(info.package_version, 0x60, "%s-QEMU", QEMU_VERSION);
memcpy(info.image_component[0].name, "APP", 3);
memcpy(info.image_component[0].version, MEGASAS_VERSION "-QEMU", 9);
- memcpy(info.image_component[0].build_date, __DATE__, 11);
- memcpy(info.image_component[0].build_time, __TIME__, 8);
+ memcpy(info.image_component[0].build_date, "Apr 1 2014", 11);
+ memcpy(info.image_component[0].build_time, "12:34:56", 8);
info.image_component_count = 1;
if (pci_dev->has_rom) {
uint8_t biosver[32];

38
xen.changes
View File

@ -1,8 +1,46 @@
-------------------------------------------------------------------
Wed Apr 9 08:07:03 MDT 2014 - carnold@suse.com
- Upstream patches from Jan
53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch
533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch
533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch
-------------------------------------------------------------------
Thu Apr 3 16:21:03 UTC 2014 - carnold@suse.com
- bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support
when released
53206661-pygrub-support-linux16-and-initrd16.patch
- Upstream bug fixes
53299d8f-xenconsole-reset-tty-on-failure.patch
53299d8f-xenconsole-tolerate-tty-errors.patch
-------------------------------------------------------------------
Thu Apr 3 16:21:03 UTC 2014 - dmueller@suse.com
- fix build for armv7l and aarch64
-------------------------------------------------------------------
Thu Apr 3 15:40:31 CEST 2014 - ohering@suse.de
- Remove compiletime strings from qemu-upstream
qemu-xen-upstream-megasas-buildtime.patch
-------------------------------------------------------------------
Wed Apr 2 08:47:27 MDT 2014 - carnold@suse.com
- bnc#871546 - KMPs are not signed in SUSE:SLE-12:GA?
xen.spec
-------------------------------------------------------------------
Tue Apr 1 08:14:29 MDT 2014 - carnold@suse.com
- Upstream patches from Jan
532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch
5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch
- Drop xsa89.patch for upstream version (see bnc#867910, 5331917d-x86-enforce...)
-------------------------------------------------------------------
Fri Mar 28 11:00:07 MDT 2014 - carnold@suse.com

31
xen.spec
View File

@ -144,6 +144,7 @@ BuildRequires: glibc-devel-32bit
BuildRequires: kernel-source
BuildRequires: kernel-syms
BuildRequires: module-init-tools
BuildRequires: pesign-obs-integration
%if %suse_version >= 1230
BuildRequires: lndir
%else
@ -151,7 +152,7 @@ BuildRequires: xorg-x11-util-devel
%endif
%endif
Version: 4.4.0_12
Version: 4.4.0_13
Release: 0
PreReq: %insserv_prereq %fillup_prereq
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
@ -222,11 +223,18 @@ Patch9: 531d8e09-x86-HVM-fix-memory-type-merging-in-epte_get_entry_emt.p
Patch10: 531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch
Patch11: 531d8fd0-kexec-identify-which-cpu-the-kexec-image-is-being-executed-on.patch
Patch12: 531dc0e2-xmalloc-handle-correctly-page-allocation-when-align-size.patch
Patch13: 5321b20b-common-make-hypercall-preemption-checks-consistent.patch
Patch14: 5321b257-x86-make-hypercall-preemption-checks-consistent.patch
Patch15: 53271880-VT-d-fix-RMRR-handling.patch
Patch16: 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch
Patch17: xsa89.patch
Patch13: 53206661-pygrub-support-linux16-and-initrd16.patch
Patch14: 5321b20b-common-make-hypercall-preemption-checks-consistent.patch
Patch15: 5321b257-x86-make-hypercall-preemption-checks-consistent.patch
Patch16: 53271880-VT-d-fix-RMRR-handling.patch
Patch17: 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch
Patch18: 53299d8f-xenconsole-reset-tty-on-failure.patch
Patch19: 53299d8f-xenconsole-tolerate-tty-errors.patch
Patch20: 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch
Patch21: 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch
Patch22: 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch
Patch23: 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch
Patch24: 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch
# Upstream qemu
Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch
Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch
@ -293,6 +301,7 @@ Patch385: xen_pvonhvm.xen_emul_unplug.patch
Patch386: libxc-pass-errno-to-callers-of-xc_domain_save.patch
Patch387: libxl.set-migration-constraints-from-cmdline.patch
Patch388: libxl.honor-more-top-level-vfb-options.patch
Patch389: qemu-xen-upstream-megasas-buildtime.patch
# Xend
Patch400: xend-set-migration-constraints-from-cmdline.patch
Patch402: xen.migrate.tools-xend_move_assert_to_exception_block.patch
@ -546,6 +555,7 @@ Authors:
Summary: Xen para-virtual device drivers for fully virtualized guests
Group: System/Kernel
Conflicts: xen
Requires: pesign-obs-integration
%description KMP
Xen is a virtual machine monitor for x86 that supports execution of
@ -598,6 +608,13 @@ Authors:
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
# Upstream qemu patches
%patch250 -p1
%patch251 -p1
@ -663,6 +680,7 @@ Authors:
%patch386 -p1
%patch387 -p1
%patch388 -p1
%patch389 -p1
# Xend
%patch400 -p1
%patch402 -p1
@ -807,6 +825,7 @@ export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS"
export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS"
# EFI
%if %{?with_dom0_support}0
export BRP_PESIGN_FILES="*.ko *.efi /lib/firmware"
make -C xen install \
%if %{?with_gcc47}0
CC=gcc-4.7 \

8
xenconsole-no-multiple-connections.patch
View File

@ -10,16 +10,18 @@ Index: xen-4.4.0-testing/tools/console/client/main.c
fd_set watch_fdset;
int xs_fd = xs_fileno(xs), pty_fd = -1;
int start, now;
@@ -119,6 +120,12 @@ static int get_pty_fd(struct xs_handle *
@@ -119,6 +120,14 @@ static int get_pty_fd(struct xs_handle *
pty_fd = open(pty_path, O_RDWR | O_NOCTTY);
if (pty_fd == -1)
err(errno, "Could not open tty `%s'", pty_path);
warn("Could not open tty `%s'", pty_path);
+ else {
+ memset(&lock, 0, sizeof(lock));
+ lock.l_type = F_WRLCK;
+ lock.l_whence = SEEK_SET;
+ if (fcntl(pty_fd, F_SETLK, &lock) != 0)
+ err(errno, "Could not lock tty '%s'",
+ pty_path);
+ }
}
free(pty_path);
}
}