Accepting request 22186 from Virtualization

Copy from Virtualization/xen based on submit request 22186 from user charlesa

OBS-URL: https://build.opensuse.org/request/show/22186
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xen?expand=0&rev=81
This commit is contained in:
OBS User autobuild 2009-10-12 14:04:55 +00:00 committed by Git OBS Bridge
commit 82a1965f31
16 changed files with 593 additions and 62 deletions

142
20099-pygrub-security.patch Normal file
View File

@ -0,0 +1,142 @@
# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1250781436 -3600
# Node ID 8f783adc0ee34808cdd296cccd92f99018f76017
# Parent 4b30cfb855299922244938fde4f88f4e5bb5df34
pygrub: Add password support
It basically checks for the presence of password line in grub.conf
of the guest image and if this line is present, it supports both clear
text and md5 versions of the password. Editing the grub entries and
command-line are disabled when some password is set in domain's
grub.conf file but the password was not entered yet. Also, new option
to press 'p' in interactive pygrub has been added to allow entering
the grub password. It's been tested on x86_64 with PV guests and was
working fine. Also, the countdown has been stopped after key was
pressed, ie. the user is probably editing the boot configuration.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py
+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
@@ -157,6 +157,7 @@ class GrubConfigFile(object):
self.images = []
self.timeout = -1
self._default = 0
+ self.passwordAccess = True
if fn is not None:
self.parse()
@@ -196,6 +197,7 @@ class GrubConfigFile(object):
if self.commands.has_key(com):
if self.commands[com] is not None:
setattr(self, self.commands[com], arg.strip())
+ #print "%s = %s => %s" % (com, self.commands[com], arg.strip() )
else:
logging.info("Ignored directive %s" %(com,))
else:
@@ -204,6 +206,37 @@ class GrubConfigFile(object):
if len(img) > 0:
self.add_image(GrubImage(img))
+ if self.hasPassword():
+ self.setPasswordAccess(False)
+
+ def hasPasswordAccess(self):
+ return self.passwordAccess
+
+ def setPasswordAccess(self, val):
+ self.passwordAccess = val
+
+ def hasPassword(self):
+ try:
+ getattr(self, self.commands['password'])
+ return True
+ except KeyError, e:
+ return False
+
+ def checkPassword(self, password):
+ try:
+ pwd = getattr(self, self.commands['password']).split()
+ if pwd[0] == '--md5':
+ import crypt
+ if crypt.crypt(password, pwd[1]) == pwd[1]:
+ return True
+
+ if pwd[0] == password:
+ return True
+
+ return False
+ except:
+ return True
+
def set(self, line):
(com, arg) = grub_exact_split(line, 2)
if self.commands.has_key(com):
Index: xen-3.4.1-testing/tools/pygrub/src/pygrub
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/pygrub
+++ xen-3.4.1-testing/tools/pygrub/src/pygrub
@@ -418,7 +418,14 @@ class Grub:
self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 'e' to edit the")
self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
- self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+
+ # if grub has password defined we allow option to enter password
+ if not self.cf.hasPassword():
+ self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+ else:
+ self.text_win.addstr(3, 0, "before booting, or 'c' for a command line. You can also")
+ self.text_win.addstr(4, 0, "press 'p' to enter password for modifications...")
+
self.text_win.addch(0, 8, curses.ACS_UARROW)
self.text_win.addch(0, 14, curses.ACS_DARROW)
(y, x) = self.text_win.getmaxyx()
@@ -457,9 +464,19 @@ class Grub:
# handle keypresses
if c == ord('c'):
+ # we disallow access without password specified
+ if not self.cf.hasPasswordAccess():
+ self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+ break
+
self.command_line_mode()
break
elif c == ord('a'):
+ # we disallow access without password specified
+ if not self.cf.hasPasswordAccess():
+ self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+ break
+
# find the kernel line, edit it and then boot
img = self.cf.images[self.selected_image]
for line in img.lines:
@@ -471,9 +488,24 @@ class Grub:
break
break
elif c == ord('e'):
+ # we disallow access without password specified
+ if not self.cf.hasPasswordAccess():
+ self.text_win.addstr(6, 8, "You have to enter GRUB password first")
+ break
+
img = self.cf.images[self.selected_image]
self.edit_entry(img)
break
+ elif c == ord('p') and self.cf.hasPassword():
+ self.text_win.addstr(6, 8, "Enter password: ")
+ pwd = self.text_win.getstr(6, 8)
+ if not self.cf.checkPassword(pwd):
+ self.text_win.addstr(6, 8, "Incorrect password!")
+ self.cf.setPasswordAccess( False )
+ else:
+ self.text_win.addstr(6, 8, "Access granted ")
+ self.cf.setPasswordAccess( True )
+ break
elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')):
self.isdone = True
break

View File

@ -0,0 +1,39 @@
# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1250871100 -3600
# Node ID 168f0cfeded0ad64e03d821efe5dcbe2eb5806a3
# Parent 4207d83fc78ef63016a4163b09f30aa471e4bdb8
pygrub: Fix elilo handling after password patch.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py
+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
@@ -219,7 +219,7 @@ class GrubConfigFile(object):
try:
getattr(self, self.commands['password'])
return True
- except KeyError, e:
+ except:
return False
def checkPassword(self, password):
Index: xen-3.4.1-testing/tools/pygrub/src/LiloConf.py
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/LiloConf.py
+++ xen-3.4.1-testing/tools/pygrub/src/LiloConf.py
@@ -138,6 +138,12 @@ class LiloConfigFile(object):
if len(img) > 0:
self.add_image(LiloImage(img, path))
+ def hasPassword(self):
+ return False
+
+ def hasPasswordAccess(self):
+ return True
+
def add_image(self, image):
self.images.append(image)

View File

@ -8,10 +8,11 @@ when it expects a full integer.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
diff -r 71389988f5d4 -r ed672a604cc7 tools/python/xen/lowlevel/xc/xc.c
--- a/tools/python/xen/lowlevel/xc/xc.c Wed Aug 26 15:35:14 2009 +0100
+++ b/tools/python/xen/lowlevel/xc/xc.c Wed Aug 26 15:41:59 2009 +0100
@@ -654,10 +654,9 @@
Index: xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c
===================================================================
--- xen-3.4.1-testing.orig/tools/python/xen/lowlevel/xc/xc.c
+++ xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c
@@ -650,10 +650,9 @@ static PyObject *pyxc_deassign_device(Xc
static PyObject *pyxc_get_device_group(XcObject *self,
PyObject *args)
{
@ -23,7 +24,7 @@ diff -r 71389988f5d4 -r ed672a604cc7 tools/python/xen/lowlevel/xc/xc.c
PyObject *Pystr;
char *group_str;
char dev_str[9];
@@ -812,7 +811,7 @@
@@ -808,7 +807,7 @@ static PyObject *pyxc_dom_check_cpuid(Xc
static PyObject *pyxc_dom_set_policy_cpuid(XcObject *self,
PyObject *args)
{
@ -32,7 +33,7 @@ diff -r 71389988f5d4 -r ed672a604cc7 tools/python/xen/lowlevel/xc/xc.c
if ( !PyArg_ParseTuple(args, "i", &domid) )
return NULL;
@@ -828,9 +827,8 @@
@@ -824,9 +823,8 @@ static PyObject *pyxc_dom_set_policy_cpu
static PyObject *pyxc_dom_set_cpuid(XcObject *self,
PyObject *args)
{

View File

@ -0,0 +1,95 @@
# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1251887904 -3600
# Node ID e513d565c8f1298d26bc614eabd1b7111693a940
# Parent 8fc92779847680fe40a1ee9c2a01b3effc7cd056
pygrub: Match bare-metal GRUB behavior for passwords
The password support patch already merged didn't match the bare-metal
GRUB behavior so I created a patch to match it. If password is entered
in grub.conf file, pressing `p` is required exactly like when using
"real" (bare-metal) GRUB. New options are available after the correct
password is entered.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Index: xen-3.4.1-testing/tools/pygrub/src/pygrub
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/pygrub
+++ xen-3.4.1-testing/tools/pygrub/src/pygrub
@@ -415,16 +415,17 @@ class Grub:
def draw():
# set up the screen
self.draw_main_windows()
- self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
- self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 'e' to edit the")
- self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
- # if grub has password defined we allow option to enter password
- if not self.cf.hasPassword():
+ if not self.cf.hasPassword() or self.cf.hasPasswordAccess():
+ self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
+ self.text_win.addstr(1, 0, "Press enter to boot the selected OS, 'e' to edit the")
+ self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+
else:
- self.text_win.addstr(3, 0, "before booting, or 'c' for a command line. You can also")
- self.text_win.addstr(4, 0, "press 'p' to enter password for modifications...")
+ self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
+ self.text_win.addstr(1, 0, "Press enter to boot the selected OS or `p` to enter a")
+ self.text_win.addstr(2, 0, "password to unlock the next set of features.")
self.text_win.addch(0, 8, curses.ACS_UARROW)
self.text_win.addch(0, 14, curses.ACS_DARROW)
@@ -463,20 +464,10 @@ class Grub:
self.screen.timeout(-1)
# handle keypresses
- if c == ord('c'):
- # we disallow access without password specified
- if not self.cf.hasPasswordAccess():
- self.text_win.addstr(6, 8, "You have to enter GRUB password first")
- break
-
+ if c == ord('c') and self.cf.hasPasswordAccess():
self.command_line_mode()
break
- elif c == ord('a'):
- # we disallow access without password specified
- if not self.cf.hasPasswordAccess():
- self.text_win.addstr(6, 8, "You have to enter GRUB password first")
- break
-
+ elif c == ord('a') and self.cf.hasPasswordAccess():
# find the kernel line, edit it and then boot
img = self.cf.images[self.selected_image]
for line in img.lines:
@@ -487,23 +478,18 @@ class Grub:
self.isdone = True
break
break
- elif c == ord('e'):
- # we disallow access without password specified
- if not self.cf.hasPasswordAccess():
- self.text_win.addstr(6, 8, "You have to enter GRUB password first")
- break
-
+ elif c == ord('e') and self.cf.hasPasswordAccess():
img = self.cf.images[self.selected_image]
self.edit_entry(img)
break
elif c == ord('p') and self.cf.hasPassword():
- self.text_win.addstr(6, 8, "Enter password: ")
+ self.text_win.addstr(6, 1, "Password: ")
pwd = self.text_win.getstr(6, 8)
if not self.cf.checkPassword(pwd):
- self.text_win.addstr(6, 8, "Incorrect password!")
+ self.text_win.addstr(6, 1, "Password: ")
+ self.text_win.addstr(7, 0, "Failed!")
self.cf.setPasswordAccess( False )
else:
- self.text_win.addstr(6, 8, "Access granted ")
self.cf.setPasswordAccess( True )
break
elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')):

View File

@ -0,0 +1,95 @@
# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1252327855 -3600
# Node ID a28c9c2fa8de05ebd0284f578289e96d2d15d574
# Parent b81e375e03922cd72d6e1404bc62a05059a4fe61
pygrub: trap exception when python module import fails
Fix the issue when importing 'crypt' module or crypt.crypt fails in
pygrub. The exception is written on the same line like "Failed!"
message but only if there is an exception. If there is no exception,
we don't bother users with details (probably the password they entered
was wrong) so we just display "Failed!" message. Also, the code for
hasPassword() was rewritten not to have try/except block here.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py
+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
@@ -158,6 +158,7 @@ class GrubConfigFile(object):
self.timeout = -1
self._default = 0
self.passwordAccess = True
+ self.passExc = None
if fn is not None:
self.parse()
@@ -197,7 +198,6 @@ class GrubConfigFile(object):
if self.commands.has_key(com):
if self.commands[com] is not None:
setattr(self, self.commands[com], arg.strip())
- #print "%s = %s => %s" % (com, self.commands[com], arg.strip() )
else:
logging.info("Ignored directive %s" %(com,))
else:
@@ -216,25 +216,28 @@ class GrubConfigFile(object):
self.passwordAccess = val
def hasPassword(self):
- try:
- getattr(self, self.commands['password'])
- return True
- except:
- return False
+ return hasattr(self, 'password')
def checkPassword(self, password):
- try:
- pwd = getattr(self, self.commands['password']).split()
- if pwd[0] == '--md5':
+ # Always allow if no password defined in grub.conf
+ if not self.hasPassword:
+ return True
+
+ # If we're here, we're having 'password' attribute set
+ pwd = getattr(self, 'password').split()
+
+ # We check whether password is in MD5 hash for comparison
+ if pwd[0] == '--md5':
+ try:
import crypt
if crypt.crypt(password, pwd[1]) == pwd[1]:
return True
+ except Exception, e:
+ self.passExc = "Can't verify password: %s" % str(e)
+ return False
- if pwd[0] == password:
- return True
-
- return False
- except:
+ # ... and if not, we compare it as a plain text
+ if pwd[0] == password:
return True
def set(self, line):
Index: xen-3.4.1-testing/tools/pygrub/src/pygrub
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/pygrub
+++ xen-3.4.1-testing/tools/pygrub/src/pygrub
@@ -487,7 +487,11 @@ class Grub:
pwd = self.text_win.getstr(6, 8)
if not self.cf.checkPassword(pwd):
self.text_win.addstr(6, 1, "Password: ")
- self.text_win.addstr(7, 0, "Failed!")
+ if self.cf.passExc is not None:
+ self.text_win.addstr(7, 0, "Exception: %s"
+ % self.cf.passExc)
+ else:
+ self.text_win.addstr(7, 0, "Failed!")
self.cf.setPasswordAccess( False )
else:
self.cf.setPasswordAccess( True )

View File

@ -0,0 +1,42 @@
# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1253002894 -3600
# Node ID 67f1b8b3258591b979c441c6013af3c442063cc1
# Parent 045b2b8b522708093b91f883f1b7e7c1805f71e3
pygrub: Correct pygrub return value
This is the patch to correct pygrub return value for checkPassword()
function. It didn't return False at the end of the function. It
returned None so it was working fine and it's most likely just a
cosmetic issue.
Also, the missing () were added to checkPassword() function when
calling hasPassword and the unnecessary comment was removed.
Signed-off-by: Michal Novotny <minovotn@redhat.com>
Index: xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
===================================================================
--- xen-3.4.1-testing.orig/tools/pygrub/src/GrubConf.py
+++ xen-3.4.1-testing/tools/pygrub/src/GrubConf.py
@@ -220,10 +220,9 @@ class GrubConfigFile(object):
def checkPassword(self, password):
# Always allow if no password defined in grub.conf
- if not self.hasPassword:
+ if not self.hasPassword():
return True
- # If we're here, we're having 'password' attribute set
pwd = getattr(self, 'password').split()
# We check whether password is in MD5 hash for comparison
@@ -240,6 +239,8 @@ class GrubConfigFile(object):
if pwd[0] == password:
return True
+ return False
+
def set(self, line):
(com, arg) = grub_exact_split(line, 2)
if self.commands.has_key(com):

View File

@ -2,28 +2,26 @@ Index: xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c
===================================================================
--- xen-3.4.1-testing.orig/tools/python/xen/lowlevel/xc/xc.c
+++ xen-3.4.1-testing/tools/python/xen/lowlevel/xc/xc.c
@@ -890,14 +890,14 @@ static PyObject *pyxc_hvm_build(XcObject
@@ -888,14 +888,14 @@ static PyObject *pyxc_hvm_build(XcObject
int i;
#endif
char *image;
- int memsize, target=-1, vcpus = 1, acpi = 0, apic = 1;
+ int memsize, target=-1, vcpus = 1, acpi = 0, apic = 1, extid=0;
+ int memsize, target=-1, vcpus = 1, acpi = 0, apic = 1, extid = 0;
static char *kwd_list[] = { "domid",
- "memsize", "image", "target", "vcpus", "acpi",
- "apic", NULL };
+ "memsize", "image", "target", "vcpus", "extid", "acpi",
"apic", NULL };
- if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiii", kwd_list,
- &dom, &memsize, &image, &target, &vcpus,
- &acpi, &apic) )
+ "memsize", "image", "target", "vcpus", "extid",
+ "acpi", "apic", NULL };
+ if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiiii", kwd_list,
+ &dom, &memsize, &image, &target, &extid,
+ &vcpus, &acpi, &apic) )
&dom, &memsize, &image, &target, &vcpus,
- &acpi, &apic) )
+ &extid, &acpi, &apic) )
return NULL;
if ( target == -1 )
@@ -923,6 +923,7 @@ static PyObject *pyxc_hvm_build(XcObject
@@ -921,6 +921,7 @@ static PyObject *pyxc_hvm_build(XcObject
va_hvm->checksum -= sum;
munmap(va_map, XC_PAGE_SIZE);
#endif

View File

@ -1,7 +1,7 @@
Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c
===================================================================
--- xen-3.4.1-testing.orig/xen/arch/x86/hvm/hyperv/hv_intercept.c 2009-08-10 14:01:45.000000000 -0600
+++ xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c 2009-08-10 14:07:15.000000000 -0600
--- xen-3.4.1-testing.orig/xen/arch/x86/hvm/hyperv/hv_intercept.c
+++ xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c
@@ -33,6 +33,7 @@
#include <asm/config.h>
@ -10,7 +10,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_intercept.c
#include <asm/processor.h>
#include <asm/page.h>
#include <asm/apicdef.h>
@@ -987,8 +988,15 @@
@@ -987,8 +988,15 @@ hyperv_do_wr_msr(uint32_t idx, struct cp
break;
case HV_MSR_APIC_ASSIST_PAGE:
/*

View File

@ -1,4 +1,3 @@
%patch
Index: xen-3.4.1-testing/xen/include/asm-x86/hvm/domain.h
===================================================================
--- xen-3.4.1-testing.orig/xen/include/asm-x86/hvm/domain.h
@ -18,7 +17,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/Makefile
@@ -1,5 +1,6 @@
subdir-y += svm
subdir-y += vmx
+subdir-y += hyperv
+subdir-$(x86_64) += hyperv
obj-y += emulate.o
obj-y += hvm.o
@ -57,7 +56,7 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hvm.c
if ( (rc = hvm_funcs.vcpu_initialise(v)) != 0 )
goto fail2;
@@ -732,6 +740,7 @@ int hvm_vcpu_initialise(struct vcpu *v)
@@ -732,12 +740,14 @@ int hvm_vcpu_initialise(struct vcpu *v)
hvm_funcs.vcpu_destroy(v);
fail2:
vlapic_destroy(v);
@ -65,14 +64,13 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hvm.c
fail1:
return rc;
}
@@ -739,6 +748,7 @@ int hvm_vcpu_initialise(struct vcpu *v)
void hvm_vcpu_destroy(struct vcpu *v)
{
tasklet_kill(&v->arch.hvm_vcpu.assert_evtchn_irq_tasklet);
+ hyperx_intercept_vcpu_destroy(v);
tasklet_kill(&v->arch.hvm_vcpu.assert_evtchn_irq_tasklet);
hvm_vcpu_cacheattr_destroy(v);
vlapic_destroy(v);
hvm_funcs.vcpu_destroy(v);
@@ -1690,7 +1700,7 @@ void hvm_cpuid(unsigned int input, unsig
return;
@ -120,19 +118,22 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hvm.c
if ( (eax & 0x80000000) && is_viridian_domain(curr->domain) )
return viridian_hypercall(regs);
@@ -2572,6 +2592,15 @@ long do_hvm_op(unsigned long op, XEN_GUE
@@ -2572,6 +2592,18 @@ long do_hvm_op(unsigned long op, XEN_GUE
rc = -EINVAL;
break;
+ case HVM_PARAM_EXTEND_HYPERVISOR:
+ if ((a.value == 1) && hyperv_initialize(d))
+ {
+#ifdef __x86_64__
+ if (a.value != 1)
+ rc = -EINVAL;
+ else
+ else if (hyperv_initialize(d))
+ rc = -ENOMEM;
+ else
+ break;
+#else
+ rc = -EINVAL;
+#endif
+ goto param_fail;
+ }
}
if ( rc == 0 )
@ -140,7 +141,7 @@ Index: xen-3.4.1-testing/xen/include/public/arch-x86/hvm/save.h
===================================================================
--- xen-3.4.1-testing.orig/xen/include/public/arch-x86/hvm/save.h
+++ xen-3.4.1-testing/xen/include/public/arch-x86/hvm/save.h
@@ -432,9 +432,26 @@ struct hvm_viridian_context {
@@ -432,9 +432,24 @@ struct hvm_viridian_context {
DECLARE_HVM_SAVE_TYPE(VIRIDIAN, 15, struct hvm_viridian_context);
@ -150,16 +151,14 @@ Index: xen-3.4.1-testing/xen/include/public/arch-x86/hvm/save.h
+ uint32_t long_mode;
+ uint32_t ext_id;
+};
+
+DECLARE_HVM_SAVE_TYPE(HYPERV_DOM, 16, struct hvm_hyperv_dom);
+DECLARE_HVM_SAVE_TYPE(HYPERV_DOM, 15, struct hvm_hyperv_dom);
+
+struct hvm_hyperv_cpu {
+ uint64_t control_msr;
+ uint64_t version_msr;
+ uint64_t pad[27]; //KYS: sles10 sp2 compatibility
+};
+
+DECLARE_HVM_SAVE_TYPE(HYPERV_CPU, 17, struct hvm_hyperv_cpu);
+DECLARE_HVM_SAVE_TYPE(HYPERV_CPU, 16, struct hvm_hyperv_cpu);
+
/*
* Largest type-code in use

View File

@ -3,7 +3,7 @@ Index: xen-3.4.1-testing/xen/include/asm-x86/hvm/hvm_extensions.h
===================================================================
--- /dev/null
+++ xen-3.4.1-testing/xen/include/asm-x86/hvm/hvm_extensions.h
@@ -0,0 +1,165 @@
@@ -0,0 +1,183 @@
+/****************************************************************************
+ |
+ | Copyright (c) [2007, 2008] Novell, Inc.
@ -74,29 +74,35 @@ Index: xen-3.4.1-testing/xen/include/asm-x86/hvm/hvm_extensions.h
+static inline int
+hyperx_intercept_domain_create(struct domain *d)
+{
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1) {
+#ifdef __x86_64__
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1) {
+ return(hyperv_dom_create(d));
+ }
+#endif
+ return (0);
+}
+
+static inline void
+hyperx_intercept_domain_destroy(struct domain *d)
+{
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1)
+#ifdef __x86_64__
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1)
+ {
+ hyperv_dom_destroy(d);
+ }
+#endif
+}
+
+static inline int
+hyperx_intercept_vcpu_initialize(struct vcpu *v)
+{
+#ifdef __x86_64__
+ struct domain *d = v->domain;
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1)
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1)
+ {
+ return(hyperv_vcpu_initialize(v));
+ }
+#endif
+ return (0);
+}
+
@ -104,65 +110,77 @@ Index: xen-3.4.1-testing/xen/include/asm-x86/hvm/hvm_extensions.h
+static inline void
+hyperx_intercept_vcpu_up(struct vcpu *v)
+{
+#ifdef __x86_64__
+ struct domain *d = current->domain;
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1)
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1)
+ {
+ hyperv_vcpu_up(v);
+ }
+#endif
+}
+
+static inline void
+hyperx_intercept_vcpu_destroy(struct vcpu *v)
+{
+#ifdef __x86_64__
+ struct domain *d = v->domain;
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1)
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1)
+ {
+ hyperv_vcpu_destroy(v);
+ }
+#endif
+}
+
+static inline int
+hyperx_intercept_do_cpuid(uint32_t idx, unsigned int *eax, unsigned int *ebx,
+ unsigned int *ecx, unsigned int *edx)
+{
+#ifdef __x86_64__
+ struct domain *d = current->domain;
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1)
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1)
+ {
+ return(hyperv_do_cpu_id(idx, eax, ebx, ecx, edx));
+ }
+#endif
+ return (0);
+}
+
+static inline int
+hyperx_intercept_do_msr_read(uint32_t idx, struct cpu_user_regs *regs)
+{
+#ifdef __x86_64__
+ struct domain *d = current->domain;
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1)
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1)
+ {
+ return(hyperv_do_rd_msr(idx, regs));
+ }
+#endif
+ return (0);
+}
+
+static inline int
+hyperx_intercept_do_msr_write(uint32_t idx, struct cpu_user_regs *regs)
+{
+#ifdef __x86_64__
+ struct domain *d = current->domain;
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1)
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1)
+ {
+ return(hyperv_do_wr_msr(idx, regs));
+ }
+#endif
+ return (0);
+}
+
+static inline int
+hyperx_intercept_do_hypercall(struct cpu_user_regs *regs)
+{
+#ifdef __x86_64__
+ struct domain *d = current->domain;
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] ==1)
+ if (d->arch.hvm_domain.params[HVM_PARAM_EXTEND_HYPERVISOR] == 1)
+ {
+ return(hyperv_do_hypercall(regs));
+ }
+#endif
+ return (0);
+}
+
@ -327,7 +345,8 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_hypercall.c
+ if (fast)
+ {
+ hvm_set_cr3(input);
+ } else
+ }
+ else
+ {
+ /*
+ * Slow path; copy the new value.
@ -356,7 +375,6 @@ Index: xen-3.4.1-testing/xen/arch/x86/hvm/hyperv/hv_hypercall.c
+ hv_vcpu_t *vcpup = &curp->vcpu_state[hv_get_current_vcpu_index()];
+ u64 partition_id;
+
+
+ fast = (int)((opcode >>16) & 0x1);
+ verb = (short)(opcode & 0xffff);
+ rep_count = (short)((opcode >>32) & 0xfff);

View File

@ -0,0 +1,16 @@
--- xen-3.4.1-testing/tools/ioemu-remote/hw/xen_blktap.c 2009-09-21 13:26:03.000000000 +0800
+++ xen-3.4.1-testing/tools/ioemu-remote/hw/xen_blktap.c 2009-09-28 16:30:13.000000000 +0800
@@ -249,8 +249,11 @@ static int open_disk(struct td_state *s,
drv = blktap_drivers[i].drv;
DPRINTF("%s driver specified\n", drv ? drv->format_name : "No");
- /* Open the image */
- if (bdrv_open2(bs, path, flags, drv) != 0) {
+ /* Open the image
+ * Use BDRV_O_CACHE_WB for write-through caching,
+ * no flags for write-back caching
+ */
+ if (bdrv_open2(bs, path, flags|BDRV_O_CACHE_WB, drv) != 0) {
fprintf(stderr, "Could not open image file %s\n", path);
return -ENOMEM;
}

View File

@ -2,7 +2,20 @@ Index: xen-3.4.1-testing/unmodified_drivers/linux-2.6/mkbuildtree
===================================================================
--- xen-3.4.1-testing.orig/unmodified_drivers/linux-2.6/mkbuildtree
+++ xen-3.4.1-testing/unmodified_drivers/linux-2.6/mkbuildtree
@@ -47,7 +47,14 @@ ln -nsf ${XEN}/include/public include/xe
@@ -33,7 +33,11 @@ for d in $(find ${XL}/drivers/xen/ -mind
done
ln -sf ${XL}/drivers/xen/core/gnttab.c platform-pci
-ln -sf ${XL}/drivers/xen/core/features.c platform-pci
+if [ -f ${XL}/drivers/xen/core/features.c ]; then
+ ln -sf ${XL}/drivers/xen/core/features.c platform-pci
+else
+ ln -sf ${XL}/drivers/xen/features.c platform-pci
+fi
ln -sf ${XL}/drivers/xen/core/xen_proc.c xenbus
ln -sf ${XL}/drivers/xen/core/reboot.c platform-pci
@@ -47,7 +51,14 @@ ln -nsf ${XEN}/include/public include/xe
# be native and not xenolinux).
case "$uname" in
i[34567]86|x86_64)

View File

@ -151,6 +151,7 @@ case $SCRIPTNAME in
;;
*if-down.d*)
exit_if_xend_not_running
test -d "/sys/class/net/$INTERFACE/brif/" || exit 0
# Remember vifs attached to $INTERFACE
vifs=()

View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Fri Oct 9 09:24:29 MDT 2009 - carnold@novell.com
- bnc#541945 - xm create -x command does not work in SLES 10 SP2 or
SLES 11
xm-create-xflag.patch
-------------------------------------------------------------------
Thu Oct 8 22:44:04 MDT 2009 - jfehlig@novell.com
- Minor enhancement to xen-updown.sh sysconfig hook
-------------------------------------------------------------------
Mon Sep 28 16:34:19 CST 2009 - wkong@novell.com
- Add patch ioemu-bdrv-open-CACHE_WB.patch
for install guest on tapdisk very very slow.
-------------------------------------------------------------------
Mon Sep 28 08:28:24 MDT 2009 - carnold@novell.com
- bnc#542525 - VUL-1: xen pygrub vulnerability
20099-pygrub-security.patch
20107-pygrub-security.patch
20146-pygrub-security.patch
20174-pygrub-security.patch
20201-pygrub-security.patch
-------------------------------------------------------------------
Fri Sep 25 15:08:12 MDT 2009 - jfehlig@novell.com

View File

@ -1,5 +1,5 @@
#
# spec file for package xen (Version 3.4.1_19718_03)
# spec file for package xen (Version 3.4.1_19718_04)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -37,7 +37,7 @@ BuildRequires: glibc-32bit glibc-devel-32bit
%if %{?with_kmp}0
BuildRequires: kernel-source kernel-syms module-init-tools xorg-x11
%endif
Version: 3.4.1_19718_03
Version: 3.4.1_19718_04
Release: 1
License: GPL v2 only
Group: System/Kernel
@ -79,9 +79,14 @@ Patch3: 20035-x86-load-sreg-adjust.patch
Patch4: 20059-vmx-nmi-handling.patch
Patch5: 20077-x86-runstate-cswitch-out.patch
Patch6: 20078-x86_64-branch-emulation.patch
Patch7: 20101-hvm-no-compat-virt-start.patch
Patch8: 20112-x86-dom0-boot-run-timers.patch
Patch9: 20125-xc-parse-tuple-fix.patch
Patch7: 20099-pygrub-security.patch
Patch8: 20101-hvm-no-compat-virt-start.patch
Patch9: 20107-pygrub-security.patch
Patch10: 20112-x86-dom0-boot-run-timers.patch
Patch11: 20125-xc-parse-tuple-fix.patch
Patch12: 20146-pygrub-security.patch
Patch13: 20174-pygrub-security.patch
Patch14: 20201-pygrub-security.patch
# Our patches
Patch100: xen-config.diff
Patch101: xend-config.diff
@ -132,7 +137,8 @@ Patch163: checkpoint-rename.patch
Patch164: network-nat.patch
Patch165: ioemu-debuginfo.patch
Patch166: xm-save-check-file.patch
Patch167: mkbuildtree.patch
Patch167: xm-create-xflag.patch
Patch168: mkbuildtree.patch
# Patches for snapshot support
Patch200: snapshot-ioemu-save.patch
Patch201: snapshot-ioemu-restore.patch
@ -173,6 +179,7 @@ Patch405: blktap-pv-cdrom.patch
Patch406: network-nat-open-SuSEfirewall2-FORWARD.patch
Patch407: ioemu-7615-qcow2-fix-alloc_cluster_link_l2.patch
Patch408: qemu-retry-be-status.patch
Patch409: ioemu-bdrv-open-CACHE_WB.patch
%if %{?with_kmp}0
Patch450: disable_emulated_device.diff
%endif
@ -524,6 +531,11 @@ Authors:
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch100 -p1
%patch101 -p1
%patch102 -p1
@ -572,6 +584,7 @@ Authors:
%patch165 -p1
%patch166 -p1
%patch167 -p1
%patch168 -p1
%patch200 -p1
%patch201 -p1
%patch202 -p1
@ -606,6 +619,7 @@ Authors:
%patch406 -p1
%patch407 -p1
%patch408 -p1
%patch409 -p1
%if %{?with_kmp}0
%patch450 -p1
%endif

31
xm-create-xflag.patch Normal file
View File

@ -0,0 +1,31 @@
Index: xen-3.4.1-testing/tools/python/xen/xm/create.py
===================================================================
--- xen-3.4.1-testing.orig/tools/python/xen/xm/create.py
+++ xen-3.4.1-testing/tools/python/xen/xm/create.py
@@ -37,7 +37,7 @@ from xen.xend.server.DevConstants import
from xen.util import blkif
from xen.util import vscsi_util
import xen.util.xsm.xsm as security
-from xen.xm.main import serverType, SERVER_XEN_API, get_single_vm
+from xen.xm.main import serverType, SERVER_XEN_API, SERVER_LEGACY_XMLRPC, get_single_vm
from xen.util import utils
from xen.xm.opts import *
@@ -1351,7 +1351,7 @@ def main(argv):
except IOError, exn:
raise OptionError("Cannot read file %s: %s" % (config, exn[1]))
- if serverType == SERVER_XEN_API:
+ if serverType == SERVER_XEN_API or serverType == SERVER_LEGACY_XMLRPC:
from xen.xm.xenapi_create import sxp2xml
sxp2xml_inst = sxp2xml()
doc = sxp2xml_inst.convert_sxp_to_xml(config, transient=True)
@@ -1359,7 +1359,7 @@ def main(argv):
if opts.vals.dryrun and not opts.is_xml:
SXPPrettyPrint.prettyprint(config)
- if opts.vals.xmldryrun and serverType == SERVER_XEN_API:
+ if opts.vals.xmldryrun:
from xml.dom.ext import PrettyPrint as XMLPrettyPrint
XMLPrettyPrint(doc)