From 938967839e2130d3b3bd83e6cceb9e7f9468f32b9a775bac19e17784ac57b2aa Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Fri, 28 Aug 2009 22:25:44 +0000 Subject: [PATCH] - bnc#491081 - Xen time goes backwards x3950M2 Patch for this bug plus additional upstream patches from Jan. 19614-x86-emul-lldt-ltr.patch 20026-ept-rwx-default.patch 20031-x86-pmode-load-seg-retry.patch 20035-x86-load-sreg-adjust.patch 20059-vmx-nmi-handling.patch 20077-x86-runstate-cswitch-out.patch 20078-x86_64-branch-emulation.patch 20101-hvm-no-compat-virt-start.patch 20112-x86-dom0-boot-run-timers.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=13 --- 20013-xend-memleak.patch | 11 +- 20031-x86-pmode-load-seg-retry.patch | 161 +++++++++++++++++++++++++++ 20035-x86-load-sreg-adjust.patch | 35 ++++++ 20059-vmx-nmi-handling.patch | 77 +++++++++++++ 20077-x86-runstate-cswitch-out.patch | 95 ++++++++++++++++ 20078-x86_64-branch-emulation.patch | 137 +++++++++++++++++++++++ xen.changes | 15 +++ xen.spec | 25 ++++- 8 files changed, 547 insertions(+), 9 deletions(-) create mode 100644 20031-x86-pmode-load-seg-retry.patch create mode 100644 20035-x86-load-sreg-adjust.patch create mode 100644 20059-vmx-nmi-handling.patch create mode 100644 20077-x86-runstate-cswitch-out.patch create mode 100644 20078-x86_64-branch-emulation.patch diff --git a/20013-xend-memleak.patch b/20013-xend-memleak.patch index 8555113..1036da6 100644 --- a/20013-xend-memleak.patch +++ b/20013-xend-memleak.patch @@ -18,10 +18,11 @@ free these objects. Signed-off-by: juergen.gross@ts.fujitsu.com -diff -r 3242351f9c67 -r e41d42ef4cd2 tools/python/xen/xend/XendStateStore.py ---- a/tools/python/xen/xend/XendStateStore.py Wed Aug 05 12:03:53 2009 +0100 -+++ b/tools/python/xen/xend/XendStateStore.py Wed Aug 05 12:04:39 2009 +0100 -@@ -147,6 +147,7 @@ +Index: xen-3.4.1-testing/tools/python/xen/xend/XendStateStore.py +=================================================================== +--- xen-3.4.1-testing.orig/tools/python/xen/xend/XendStateStore.py ++++ xen-3.4.1-testing/tools/python/xen/xend/XendStateStore.py +@@ -147,6 +147,7 @@ class XendStateStore: cls_dict[val_name] = bool(int(val_text)) state[uuid] = cls_dict @@ -29,7 +30,7 @@ diff -r 3242351f9c67 -r e41d42ef4cd2 tools/python/xen/xend/XendStateStore.py return state def save_state(self, cls, state): -@@ -226,5 +227,5 @@ +@@ -226,5 +227,5 @@ class XendStateStore: node.appendChild(val_node) open(xml_path, 'w').write(doc.toprettyxml()) diff --git a/20031-x86-pmode-load-seg-retry.patch b/20031-x86-pmode-load-seg-retry.patch new file mode 100644 index 0000000..4fa9cb8 --- /dev/null +++ b/20031-x86-pmode-load-seg-retry.patch @@ -0,0 +1,161 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250693923 -3600 +# Node ID 44d852862374dff2e734070ac60399f6875f6cd5 +# Parent bea861fb0f20671d41e467557bfdffb67b42f5e7 +x86_emulate: Remove cmpxchg retry loop from protmode_load_seg(). + +It is safer to retry in a loop via the caller. + +Signed-off-by: Keir Fraser +xen-unstable changeset: 20031:34bdb5a29963 +xen-unstable date: Thu Aug 06 09:54:22 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +@@ -996,79 +996,75 @@ protmode_load_seg( + if ( ((sel & 0xfff8) + 7) > desctab.limit ) + goto raise_exn; + +- do { +- if ( (rc = read_ulong(x86_seg_none, desctab.base + (sel & 0xfff8), +- &val, 4, ctxt, ops)) ) +- return rc; +- desc.a = val; +- if ( (rc = read_ulong(x86_seg_none, desctab.base + (sel & 0xfff8) + 4, +- &val, 4, ctxt, ops)) ) +- return rc; +- desc.b = val; ++ if ( (rc = read_ulong(x86_seg_none, desctab.base + (sel & 0xfff8), ++ &val, 4, ctxt, ops)) ) ++ return rc; ++ desc.a = val; ++ if ( (rc = read_ulong(x86_seg_none, desctab.base + (sel & 0xfff8) + 4, ++ &val, 4, ctxt, ops)) ) ++ return rc; ++ desc.b = val; + +- /* Segment present in memory? */ +- if ( !(desc.b & (1u<<15)) ) +- { +- fault_type = EXC_NP; +- goto raise_exn; +- } ++ /* Segment present in memory? */ ++ if ( !(desc.b & (1u<<15)) ) ++ { ++ fault_type = EXC_NP; ++ goto raise_exn; ++ } + +- /* System segments must have the system flag (S) set. */ +- if ( (desc.b & (1u<<12)) == (!is_x86_user_segment(seg) << 12) ) +- goto raise_exn; ++ /* System segments must have the system flag (S) set. */ ++ if ( (desc.b & (1u<<12)) == (!is_x86_user_segment(seg) << 12) ) ++ goto raise_exn; + +- dpl = (desc.b >> 13) & 3; +- rpl = sel & 3; +- cpl = ss.attr.fields.dpl; +- +- switch ( seg ) +- { +- case x86_seg_cs: +- /* Code segment? */ +- if ( !(desc.b & (1u<<11)) ) +- goto raise_exn; +- /* Non-conforming segment: check DPL against RPL. */ +- if ( ((desc.b & (6u<<9)) != (6u<<9)) && (dpl != rpl) ) +- goto raise_exn; +- break; +- case x86_seg_ss: +- /* Writable data segment? */ +- if ( (desc.b & (5u<<9)) != (1u<<9) ) +- goto raise_exn; +- if ( (dpl != cpl) || (dpl != rpl) ) +- goto raise_exn; +- break; +- case x86_seg_ldtr: +- /* LDT system segment? */ +- if ( (desc.b & (15u<<8)) != (2u<<8) ) +- goto raise_exn; +- goto skip_accessed_flag; +- case x86_seg_tr: +- /* Available TSS system segment? */ +- if ( (desc.b & (15u<<8)) != (9u<<8) ) +- goto raise_exn; +- a_flag = 0x200; /* busy flag */ +- break; +- default: +- /* Readable code or data segment? */ +- if ( (desc.b & (5u<<9)) == (4u<<9) ) +- goto raise_exn; +- /* Non-conforming segment: check DPL against RPL and CPL. */ +- if ( ((desc.b & (6u<<9)) != (6u<<9)) && +- ((dpl < cpl) || (dpl < rpl)) ) +- goto raise_exn; +- break; +- } ++ dpl = (desc.b >> 13) & 3; ++ rpl = sel & 3; ++ cpl = ss.attr.fields.dpl; + +- /* Ensure Accessed flag is set. */ +- new_desc_b = desc.b | a_flag; +- rc = ((desc.b & a_flag) ? X86EMUL_OKAY : +- ops->cmpxchg( +- x86_seg_none, desctab.base + (sel & 0xfff8) + 4, +- &desc.b, &new_desc_b, 4, ctxt)); +- } while ( rc == X86EMUL_CMPXCHG_FAILED ); ++ switch ( seg ) ++ { ++ case x86_seg_cs: ++ /* Code segment? */ ++ if ( !(desc.b & (1u<<11)) ) ++ goto raise_exn; ++ /* Non-conforming segment: check DPL against RPL. */ ++ if ( ((desc.b & (6u<<9)) != (6u<<9)) && (dpl != rpl) ) ++ goto raise_exn; ++ break; ++ case x86_seg_ss: ++ /* Writable data segment? */ ++ if ( (desc.b & (5u<<9)) != (1u<<9) ) ++ goto raise_exn; ++ if ( (dpl != cpl) || (dpl != rpl) ) ++ goto raise_exn; ++ break; ++ case x86_seg_ldtr: ++ /* LDT system segment? */ ++ if ( (desc.b & (15u<<8)) != (2u<<8) ) ++ goto raise_exn; ++ goto skip_accessed_flag; ++ case x86_seg_tr: ++ /* Available TSS system segment? */ ++ if ( (desc.b & (15u<<8)) != (9u<<8) ) ++ goto raise_exn; ++ a_flag = 0x200; /* busy flag */ ++ break; ++ default: ++ /* Readable code or data segment? */ ++ if ( (desc.b & (5u<<9)) == (4u<<9) ) ++ goto raise_exn; ++ /* Non-conforming segment: check DPL against RPL and CPL. */ ++ if ( ((desc.b & (6u<<9)) != (6u<<9)) && ++ ((dpl < cpl) || (dpl < rpl)) ) ++ goto raise_exn; ++ break; ++ } + +- if ( rc ) ++ /* Ensure Accessed flag is set. */ ++ new_desc_b = desc.b | a_flag; ++ if ( !(desc.b & a_flag) && ++ ((rc = ops->cmpxchg( ++ x86_seg_none, desctab.base + (sel & 0xfff8) + 4, ++ &desc.b, &new_desc_b, 4, ctxt)) != 0) ) + return rc; + + /* Force the Accessed flag in our local copy. */ diff --git a/20035-x86-load-sreg-adjust.patch b/20035-x86-load-sreg-adjust.patch new file mode 100644 index 0000000..b19dcd2 --- /dev/null +++ b/20035-x86-load-sreg-adjust.patch @@ -0,0 +1,35 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250694095 -3600 +# Node ID 090e394202d0bb0089abc5e5276ed7fda283567d +# Parent daf1ff2c7dbd59b2ab31e6427be58ffdc14e10fd +x86_emulate: Fixes for 'mov rm16,sreg' + +1. Memory reads should be 16 bits only +2. Attempt to load %cs should result in #UD + +Signed-off-by: Keir Fraser +xen-unstable changeset: 20035:3fe64f43944f +xen-unstable date: Fri Aug 07 10:53:22 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +@@ -113,7 +113,7 @@ static uint8_t opcode_table[256] = { + ByteOp|DstMem|SrcReg|ModRM|Mov, DstMem|SrcReg|ModRM|Mov, + ByteOp|DstReg|SrcMem|ModRM|Mov, DstReg|SrcMem|ModRM|Mov, + DstMem|SrcReg|ModRM|Mov, DstReg|SrcNone|ModRM, +- DstReg|SrcMem|ModRM|Mov, DstMem|SrcNone|ModRM|Mov, ++ DstReg|SrcMem16|ModRM|Mov, DstMem|SrcNone|ModRM|Mov, + /* 0x90 - 0x97 */ + ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps, + ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps, +@@ -2008,6 +2008,7 @@ x86_emulate( + case 0x8e: /* mov r/m,Sreg */ { + enum x86_segment seg = decode_segment(modrm_reg); + generate_exception_if(seg == decode_segment_failed, EXC_UD, -1); ++ generate_exception_if(seg == x86_seg_cs, EXC_UD, -1); + if ( (rc = load_seg(seg, (uint16_t)src.val, ctxt, ops)) != 0 ) + goto done; + if ( seg == x86_seg_ss ) diff --git a/20059-vmx-nmi-handling.patch b/20059-vmx-nmi-handling.patch new file mode 100644 index 0000000..db4e5cc --- /dev/null +++ b/20059-vmx-nmi-handling.patch @@ -0,0 +1,77 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250696034 -3600 +# Node ID 4af92eee8be497964912cda863c956691b3a3f89 +# Parent 2d6c4cc6a2a9e48218fe31d443f8937a3a88bf3f +VMX: issue an NMI rather than just calling the NMI handler +when the VMEXIT code indicates that an NMI has been raised. +Otherwise we might hit a real NMI while in the handler. + +Signed-off-by: Tim Deegan +xen-unstable changeset: 20059:76a65bf2aa4d +xen-unstable date: Fri Aug 14 10:58:32 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-3.4.1-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -936,8 +936,6 @@ static void vmx_set_tsc_offset(struct vc + vmx_vmcs_exit(v); + } + +-void do_nmi(struct cpu_user_regs *); +- + static void vmx_init_hypercall_page(struct domain *d, void *hypercall_page) + { + char *p; +@@ -2416,7 +2414,7 @@ asmlinkage void vmx_vmexit_handler(struc + (X86_EVENTTYPE_NMI << 8) ) + goto exit_and_crash; + HVMTRACE_0D(NMI); +- do_nmi(regs); /* Real NMI, vector 2: normal processing. */ ++ self_nmi(); /* Real NMI, vector 2: normal processing. */ + break; + case TRAP_machine_check: + HVMTRACE_0D(MCE); +Index: xen-3.4.1-testing/xen/arch/x86/nmi.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/nmi.c ++++ xen-3.4.1-testing/xen/arch/x86/nmi.c +@@ -441,18 +441,21 @@ void nmi_watchdog_tick(struct cpu_user_r + * 8-3 and 8-4 in IA32 Reference Manual Volume 3. We send the IPI to + * our own APIC ID explicitly which is valid. + */ +-static void do_nmi_trigger(unsigned char key) ++void self_nmi(void) + { + u32 id = get_apic_id(); +- +- printk("Triggering NMI on APIC ID %x\n", id); +- + local_irq_disable(); + apic_wait_icr_idle(); + apic_icr_write(APIC_DM_NMI | APIC_DEST_PHYSICAL, id); + local_irq_enable(); + } + ++static void do_nmi_trigger(unsigned char key) ++{ ++ printk("Triggering NMI on APIC ID %x\n", get_apic_id()); ++ self_nmi(); ++} ++ + static void do_nmi_stats(unsigned char key) + { + int i; +Index: xen-3.4.1-testing/xen/include/asm-x86/apic.h +=================================================================== +--- xen-3.4.1-testing.orig/xen/include/asm-x86/apic.h ++++ xen-3.4.1-testing/xen/include/asm-x86/apic.h +@@ -196,6 +196,7 @@ extern void setup_secondary_APIC_clock ( + extern void setup_apic_nmi_watchdog (void); + extern int reserve_lapic_nmi(void); + extern void release_lapic_nmi(void); ++extern void self_nmi(void); + extern void disable_timer_nmi_watchdog(void); + extern void enable_timer_nmi_watchdog(void); + extern void nmi_watchdog_tick (struct cpu_user_regs *regs); diff --git a/20077-x86-runstate-cswitch-out.patch b/20077-x86-runstate-cswitch-out.patch new file mode 100644 index 0000000..94819c1 --- /dev/null +++ b/20077-x86-runstate-cswitch-out.patch @@ -0,0 +1,95 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250683301 -3600 +# Node ID 456b4ec002443227f6d97f79b213dc4b2d281f9e +# Parent 2b8b6ee95c939089a0a7182286c9a21f0acce8fe +x86: extend runstate area updates + +In order to give guests a hint at whether their vCPU-s are currently +scheduled (so they can e.g. adapt their behavior in spin loops), +update +the run state area (if registered) also when de-scheduling a vCPU. + +Also fix an oversight in the compat mode implementation of +VCPUOP_register_runstate_memory_area. + +Signed-off-by: Jan Beulich + +Index: xen-3.4.1-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/domain.c ++++ xen-3.4.1-testing/xen/arch/x86/domain.c +@@ -1219,6 +1219,26 @@ static void paravirt_ctxt_switch_to(stru + } + } + ++/* Update per-VCPU guest runstate shared memory area (if registered). */ ++static void update_runstate_area(struct vcpu *v) ++{ ++ if ( guest_handle_is_null(runstate_guest(v)) ) ++ return; ++ ++#ifdef CONFIG_COMPAT ++ if ( is_pv_32on64_domain(v->domain) ) ++ { ++ struct compat_vcpu_runstate_info info; ++ ++ XLAT_vcpu_runstate_info(&info, &v->runstate); ++ __copy_to_guest(v->runstate_guest.compat, &info, 1); ++ return; ++ } ++#endif ++ ++ __copy_to_guest(runstate_guest(v), &v->runstate, 1); ++} ++ + static inline int need_full_gdt(struct vcpu *v) + { + return (!is_hvm_vcpu(v) && !is_idle_vcpu(v)); +@@ -1311,6 +1331,9 @@ void context_switch(struct vcpu *prev, s + flush_tlb_mask(dirty_mask); + } + ++ if (prev != next) ++ update_runstate_area(prev); ++ + if ( is_hvm_vcpu(prev) && !list_empty(&prev->arch.hvm_vcpu.tm_list) ) + pt_save_timer(prev); + +@@ -1350,21 +1373,8 @@ void context_switch(struct vcpu *prev, s + + context_saved(prev); + +- /* Update per-VCPU guest runstate shared memory area (if registered). */ +- if ( !guest_handle_is_null(runstate_guest(next)) ) +- { +- if ( !is_pv_32on64_domain(next->domain) ) +- __copy_to_guest(runstate_guest(next), &next->runstate, 1); +-#ifdef CONFIG_COMPAT +- else +- { +- struct compat_vcpu_runstate_info info; +- +- XLAT_vcpu_runstate_info(&info, &next->runstate); +- __copy_to_guest(next->runstate_guest.compat, &info, 1); +- } +-#endif +- } ++ if (prev != next) ++ update_runstate_area(next); + + schedule_tail(next); + BUG(); +Index: xen-3.4.1-testing/xen/arch/x86/x86_64/domain.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_64/domain.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_64/domain.c +@@ -56,7 +56,7 @@ arch_compat_vcpu_op( + struct vcpu_runstate_info runstate; + + vcpu_runstate_get(v, &runstate); +- XLAT_vcpu_runstate_info(&info, &v->runstate); ++ XLAT_vcpu_runstate_info(&info, &runstate); + } + __copy_to_guest(v->runstate_guest.compat, &info, 1); + diff --git a/20078-x86_64-branch-emulation.patch b/20078-x86_64-branch-emulation.patch new file mode 100644 index 0000000..939c351 --- /dev/null +++ b/20078-x86_64-branch-emulation.patch @@ -0,0 +1,137 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250696281 -3600 +# Node ID 68ea3be8b6c14d6de5d7c87fc00e27a596d2a00d +# Parent ca4db4ff9101f51d89a3de9e756b8a2f90a2baf2 +x86-64: adjust emulation of control transfers + +While Intel and AMD implementations differ in various respects when +it comes to non-default operand sizes of control transfer instructions +and segment register loads (lfs, lgs, lss), it seems to make senss to +(a) match their behavior if they agree and (b) prefer the more +permissive behavior if they don't agree: + +- honor operand size overrides on near brances (AMD does, Intel + doesn't) +- honor operand size overrides on far branches (both Intel and AMD do) +- honor REX.W on far branches (Intel does, AMD doesn't except on far + returns) +- honor REX.W on lfs, lgs, and lss (Intel does, AMD doesn't) + +Also, do not permit emulation of pushing/popping segment registers +other than fs and gs as well as that of les and lds (the latter are +particularly important due to the re-use of the respective opcodes as +VEX prefixes in AVX). + +Signed-off-by: Jan Beulich +xen-unstable changeset: 20078:429ef4f4fe37 +xen-unstable date: Wed Aug 19 13:02:04 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +@@ -561,9 +561,10 @@ do { + do { \ + int _rel = (int)(rel); \ + _regs.eip += _rel; \ +- if ( !mode_64bit() ) \ +- _regs.eip = ((op_bytes == 2) \ +- ? (uint16_t)_regs.eip : (uint32_t)_regs.eip); \ ++ if ( op_bytes == 2 ) \ ++ _regs.eip = (uint16_t)_regs.eip; \ ++ else if ( !mode_64bit() ) \ ++ _regs.eip = (uint32_t)_regs.eip; \ + } while (0) + + struct fpu_insn_ctxt { +@@ -1614,6 +1615,7 @@ x86_emulate( + struct segment_register reg; + src.val = x86_seg_es; + push_seg: ++ generate_exception_if(mode_64bit() && !twobyte, EXC_UD, -1); + fail_if(ops->read_segment == NULL); + if ( (rc = ops->read_segment(src.val, ®, ctxt)) != 0 ) + return rc; +@@ -1629,6 +1631,7 @@ x86_emulate( + case 0x07: /* pop %%es */ + src.val = x86_seg_es; + pop_seg: ++ generate_exception_if(mode_64bit() && !twobyte, EXC_UD, -1); + fail_if(ops->write_segment == NULL); + /* 64-bit mode: POP defaults to a 64-bit operand. */ + if ( mode_64bit() && (op_bytes == 4) ) +@@ -2074,8 +2077,8 @@ x86_emulate( + uint16_t sel; + uint32_t eip; + +- fail_if(ops->read_segment == NULL); + generate_exception_if(mode_64bit(), EXC_UD, -1); ++ fail_if(ops->read_segment == NULL); + + eip = insn_fetch_bytes(op_bytes); + sel = insn_fetch_type(uint16_t); +@@ -2293,7 +2296,7 @@ x86_emulate( + case 0xc2: /* ret imm16 (near) */ + case 0xc3: /* ret (near) */ { + int offset = (b == 0xc2) ? insn_fetch_type(uint16_t) : 0; +- op_bytes = mode_64bit() ? 8 : op_bytes; ++ op_bytes = ((op_bytes == 4) && mode_64bit()) ? 8 : op_bytes; + if ( (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes + offset), + &dst.val, op_bytes, ctxt, ops)) != 0 ) + goto done; +@@ -2305,6 +2308,7 @@ x86_emulate( + unsigned long sel; + dst.val = x86_seg_es; + les: /* dst.val identifies the segment */ ++ generate_exception_if(mode_64bit() && !twobyte, EXC_UD, -1); + generate_exception_if(src.type != OP_MEM, EXC_UD, -1); + if ( (rc = read_ulong(src.mem.seg, src.mem.off + src.bytes, + &sel, 2, ctxt, ops)) != 0 ) +@@ -2379,7 +2383,6 @@ x86_emulate( + case 0xca: /* ret imm16 (far) */ + case 0xcb: /* ret (far) */ { + int offset = (b == 0xca) ? insn_fetch_type(uint16_t) : 0; +- op_bytes = mode_64bit() ? 8 : op_bytes; + if ( (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes), + &dst.val, op_bytes, ctxt, ops)) || + (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes + offset), +@@ -3032,17 +3035,17 @@ x86_emulate( + } + + case 0xe8: /* call (near) */ { +- int rel = (((op_bytes == 2) && !mode_64bit()) ++ int rel = ((op_bytes == 2) + ? (int32_t)insn_fetch_type(int16_t) + : insn_fetch_type(int32_t)); +- op_bytes = mode_64bit() ? 8 : op_bytes; ++ op_bytes = ((op_bytes == 4) && mode_64bit()) ? 8 : op_bytes; + src.val = _regs.eip; + jmp_rel(rel); + goto push; + } + + case 0xe9: /* jmp (near) */ { +- int rel = (((op_bytes == 2) && !mode_64bit()) ++ int rel = ((op_bytes == 2) + ? (int32_t)insn_fetch_type(int16_t) + : insn_fetch_type(int32_t)); + jmp_rel(rel); +@@ -3330,7 +3333,7 @@ x86_emulate( + break; + case 2: /* call (near) */ + case 4: /* jmp (near) */ +- if ( (dst.bytes != 8) && mode_64bit() ) ++ if ( (dst.bytes == 4) && mode_64bit() ) + { + dst.bytes = op_bytes = 8; + if ( dst.type == OP_REG ) +@@ -3683,7 +3686,7 @@ x86_emulate( + } + + case 0x80 ... 0x8f: /* jcc (near) */ { +- int rel = (((op_bytes == 2) && !mode_64bit()) ++ int rel = ((op_bytes == 2) + ? (int32_t)insn_fetch_type(int16_t) + : insn_fetch_type(int32_t)); + if ( test_cc(b, _regs.eflags) ) diff --git a/xen.changes b/xen.changes index 57b1387..a09f056 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Mon Aug 24 10:31:36 MDT 2009 - carnold@novell.com + +- bnc#491081 - Xen time goes backwards x3950M2 + Patch for this bug plus additional upstream patches from Jan. + 19614-x86-emul-lldt-ltr.patch + 20026-ept-rwx-default.patch + 20031-x86-pmode-load-seg-retry.patch + 20035-x86-load-sreg-adjust.patch + 20059-vmx-nmi-handling.patch + 20077-x86-runstate-cswitch-out.patch + 20078-x86_64-branch-emulation.patch + 20101-hvm-no-compat-virt-start.patch + 20112-x86-dom0-boot-run-timers.patch + ------------------------------------------------------------------- Fri Aug 14 13:00:48 MDT 2009 - carnold@novell.com diff --git a/xen.spec b/xen.spec index 647c2c2..a339ba5 100644 --- a/xen.spec +++ b/xen.spec @@ -1,5 +1,5 @@ # -# spec file for package xen (Version 3.4.1_19718_01) +# spec file for package xen (Version 3.4.1_19718_02) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -37,7 +37,7 @@ BuildRequires: glibc-32bit glibc-devel-32bit %if %{?with_kmp}0 BuildRequires: kernel-source kernel-syms module-init-tools xorg-x11 %endif -Version: 3.4.1_19718_01 +Version: 3.4.1_19718_02 Release: 2 License: GPL v2 only Group: System/Kernel @@ -70,7 +70,16 @@ Source24: xenapiusers # sysconfig hook script for Xen Source25: xen-updown.sh # Upstream patches -Patch0: 20013-xend-memleak.patch +Patch0: 19614-x86-emul-lldt-ltr.patch +Patch1: 20013-xend-memleak.patch +Patch2: 20031-x86-pmode-load-seg-retry.patch +Patch3: 20035-x86-load-sreg-adjust.patch +Patch4: 20059-vmx-nmi-handling.patch +Patch5: 20077-x86-runstate-cswitch-out.patch +Patch6: 20078-x86_64-branch-emulation.patch +Patch7: 20101-hvm-no-compat-virt-start.patch +Patch8: 20112-x86-dom0-boot-run-timers.patch + # Our patches Patch100: xen-config.diff Patch101: xend-config.diff @@ -168,7 +177,7 @@ Patch450: disable_emulated_device.diff Patch500: hv_tools.patch Patch501: hv_xen_base.patch Patch502: hv_xen_extension.patch -Patch503: hv_win7_eoi_bug.patch +Patch503: hv_win7_eoi_bug.patch Patch999: tmp_build.patch Url: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -503,6 +512,14 @@ Authors: %prep %setup -q -n %xen_build_dir %patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %patch100 -p1 %patch101 -p1 %patch102 -p1