pool/xen
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 124756 from Virtualization

Browse Source 
Security Update plus fix for booting PV guest using grub2

OBS-URL: https://build.opensuse.org/request/show/124756
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xen?expand=0&rev=159
This commit is contained in:
Stephan Kulow 2012-06-15 13:40:07 +00:00 committed by Git OBS Bridge
commit 9a19dd6e73
41 changed files with 1934 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
23686-pygrub-solaris.patch Normal file
View File

@ -0,0 +1,43 @@
# HG changeset patch
# User tools/pygrub: fix solaris kernel sniff
# Date 1310663398 -3600
# Node ID 7c39a2c0d870f9a374f181b581bcf82a2a7ff364
# Parent 5239811f92e1ffb185a50172fdcf47372e71ba7e
tools/pygrub: fix solaris kernel sniff
Solaris 11 build 163+ removes '/platform/i86xpv/kernel/unix' and only the
64-bit PV kernel file '/platform/i86xpv/kernel/amd64/unix' exists.
This patch fixes the detection.
Signed-off-by: Zhigang Wang <zhigang.x.wang@oracle.com>
Signed-off-by: Kurt Hackel <kurt.hackel@oracle.com>
Signed-off-by: Frank Che <frank.che@oracle.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 5239811f92e1 -r 7c39a2c0d870 tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Thu Jul 14 15:49:49 2011 +0100
+++ b/tools/pygrub/src/pygrub Thu Jul 14 18:09:58 2011 +0100
@@ -594,7 +594,8 @@
# If nothing has been specified, look for a Solaris domU. If found, perform the
# necessary tweaks.
def sniff_solaris(fs, cfg):
- if not fs.file_exists("/platform/i86xpv/kernel/unix"):
+ if not fs.file_exists("/platform/i86xpv/kernel/unix") and \
+ not fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
return cfg
if not cfg["kernel"]:
@@ -602,9 +603,11 @@
fs.file_exists("/platform/i86xpv/kernel/amd64/unix"):
cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix"
cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive"
- else:
+ elif fs.file_exists("/platform/i86xpv/kernel/unix"):
cfg["kernel"] = "/platform/i86xpv/kernel/unix"
cfg["ramdisk"] = "/platform/i86pc/boot_archive"
+ else:
+ return cfg
# Unpleasant. Typically we'll have 'root=foo -k' or 'root=foo /kernel -k',
# and we need to maintain Xen properties (root= and ip=) and the kernel

36
23697-pygrub-grub2.patch Normal file
View File

@ -0,0 +1,36 @@
# HG changeset patch
# User Ian Campbell <ian.campbell@citrix.com>
# Date 1310749975 -3600
# Node ID 5e1032229546c2d5640dc05205303d91d78a92c3
# Parent c1d7fa123dae73708da7306c0ec611d6fa6a6140
pygrub: prefer Grub2 to Grub1
If a VM image has grub2 installed it is likely the one we need to be using.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r c1d7fa123dae -r 5e1032229546 tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Fri Jul 15 18:09:49 2011 +0100
+++ b/tools/pygrub/src/pygrub Fri Jul 15 18:12:55 2011 +0100
@@ -385,14 +385,14 @@
# fallbacks
["/efi/boot/elilo.conf", "/elilo.conf",])
else:
- cfg_list = map(lambda x: (x,grub.GrubConf.GrubConfigFile),
- ["/boot/grub/menu.lst", "/boot/grub/grub.conf",
- "/grub/menu.lst", "/grub/grub.conf"]) + \
- map(lambda x: (x,grub.GrubConf.Grub2ConfigFile),
+ cfg_list = map(lambda x: (x,grub.GrubConf.Grub2ConfigFile),
["/boot/grub/grub.cfg", "/grub/grub.cfg"]) + \
map(lambda x: (x,grub.ExtLinuxConf.ExtLinuxConfigFile),
["/boot/isolinux/isolinux.cfg",
- "/boot/extlinux.conf"])
+ "/boot/extlinux.conf"]) + \
+ map(lambda x: (x,grub.GrubConf.GrubConfigFile),
+ ["/boot/grub/menu.lst", "/boot/grub/grub.conf",
+ "/grub/menu.lst", "/grub/grub.conf"])
if not fs:
# set the config file and parse it

72
23944-pygrub-debug.patch Normal file
View File

@ -0,0 +1,72 @@
# HG changeset patch
# User Guido Gunther <agx@sigxcpu.org>
# Date 1318330978 -3600
# Node ID 4b0907c6a08c348962bd976c2976257b412408be
# Parent 1185ae04b5aad429fd68d1872f404791df627965
pygrub: add debug flag
Debugging config file errors is tedious so help a bit by not silently
dropping parsing exceptions when --debug is given. Also intialize the
logging API at debug level in this case.
Signed-off-by: Guido Gunther <agx@sigxcpu.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 1185ae04b5aa -r 4b0907c6a08c tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Oct 11 10:46:28 2011 +0100
+++ b/tools/pygrub/src/pygrub Tue Oct 11 12:02:58 2011 +0100
@@ -13,7 +13,7 @@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
-import os, sys, string, struct, tempfile, re
+import os, sys, string, struct, tempfile, re, traceback
import copy
import logging
import platform
@@ -665,7 +665,7 @@
["quiet", "interactive", "not-really", "help",
"output=", "output-format=", "output-directory=",
"entry=", "kernel=",
- "ramdisk=", "args=", "isconfig"])
+ "ramdisk=", "args=", "isconfig", "debug"])
except getopt.GetoptError:
usage()
sys.exit(1)
@@ -679,6 +679,7 @@
entry = None
interactive = True
isconfig = False
+ debug = False
not_really = False
output_format = "sxp"
output_directory = "/var/run/xend/boot"
@@ -714,6 +715,8 @@
interactive = False
elif o in ("--isconfig",):
isconfig = True
+ elif o in ("--debug",):
+ debug = True
elif o in ("--output-format",):
if a not in ["sxp", "simple", "simple0"]:
print "unkonwn output format %s" % a
@@ -723,6 +726,9 @@
elif o in ("--output-directory",):
output_directory = a
+ if debug:
+ logging.basicConfig(level=logging.DEBUG)
+
if output is None or output == "-":
fd = sys.stdout.fileno()
else:
@@ -769,6 +775,8 @@
except:
# IOErrors raised by fsimage.open
# RuntimeErrors raised by run_grub if no menu.lst present
+ if debug:
+ traceback.print_exc()
fs = None
continue

53
23998-pygrub-GPT.patch Normal file
View File

@ -0,0 +1,53 @@
# HG changeset patch
# User Michael Young <m.a.young@durham.ac.uk>
# Date 1319566554 -3600
# Node ID 85d7b207fabcd1cbda8f93e3937c5990f42a2cf9
# Parent f273bce1fc265b9f71879705639a0b14da03f6e1
pygrub: check all GPT partitions
On Fedora 16 the first GPT partition is a boot partition for grub2 with
the grub2 configuration in the second partition.
Check all GPT partitions for grub configuration, not just the first.
[ Also remove now-inaccurate comment. -iwj ]
Signed-off-by: Michael Young <m.a.young@durham.ac.uk>
Tested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r f273bce1fc26 -r 85d7b207fabc tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Oct 25 17:04:41 2011 +0100
+++ b/tools/pygrub/src/pygrub Tue Oct 25 19:15:54 2011 +0100
@@ -77,10 +77,17 @@
def get_fs_offset_gpt(file):
fd = os.open(file, os.O_RDONLY)
- # assume the first partition is an EFI system partition.
- os.lseek(fd, SECTOR_SIZE * 2, 0)
+ os.lseek(fd, SECTOR_SIZE, 0)
buf = os.read(fd, 512)
- return struct.unpack("<Q", buf[32:40])[0] * SECTOR_SIZE
+ partcount = struct.unpack("<L", buf[80:84])[0]
+ partsize = struct.unpack("<L", buf[84:88])[0]
+ i = partcount
+ offsets = []
+ while i>0:
+ buf = os.read(fd, partsize)
+ offsets.append(struct.unpack("<Q", buf[32:40])[0] * SECTOR_SIZE)
+ i -= 1
+ return offsets
FDISK_PART_SOLARIS=0xbf
FDISK_PART_SOLARIS_OLD=0x82
@@ -114,7 +121,9 @@
continue # no solaris magic at that offset, ignore partition
if type == FDISK_PART_GPT:
- offset = get_fs_offset_gpt(file)
+ for offset in get_fs_offset_gpt(file):
+ part_offs.append(offset)
+ break
# Active partition has 0x80 as the first byte.
# If active, prepend to front of list, otherwise append to back.

26
23999-pygrub-grub2.patch Normal file
View File

@ -0,0 +1,26 @@
# HG changeset patch
# User Michael Young <m.a.young@durham.ac.uk>
# Date 1319566729 -3600
# Node ID 138f707fa598340749a70a79748b01dff850b8f2
# Parent 85d7b207fabcd1cbda8f93e3937c5990f42a2cf9
pygrub: look in /boot/grub2 (for eg Fedora 16)
Fedora 16 puts grub configuration files in /boot/grub2/grub.cfg so
pygrub should look there as well
Signed-off-by: Michael Young <m.a.young@durham.ac.uk>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
diff -r 85d7b207fabc -r 138f707fa598 tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Oct 25 19:15:54 2011 +0100
+++ b/tools/pygrub/src/pygrub Tue Oct 25 19:18:49 2011 +0100
@@ -395,7 +395,8 @@
["/efi/boot/elilo.conf", "/elilo.conf",])
else:
cfg_list = map(lambda x: (x,grub.GrubConf.Grub2ConfigFile),
- ["/boot/grub/grub.cfg", "/grub/grub.cfg"]) + \
+ ["/boot/grub/grub.cfg", "/grub/grub.cfg",
+ "/boot/grub2/grub.cfg", "/grub2/grub.cfg"]) + \
map(lambda x: (x,grub.ExtLinuxConf.ExtLinuxConfigFile),
["/boot/isolinux/isolinux.cfg",
"/boot/extlinux.conf"]) + \

26
24000-pygrub-grub2.patch Normal file
View File

@ -0,0 +1,26 @@
# HG changeset patch
# User Michael Young <m.a.young@durham.ac.uk>
# Date 1319566759 -3600
# Node ID 65679fee01778aec2dbe9988959da6b57c52d6c9
# Parent 138f707fa598340749a70a79748b01dff850b8f2
pygrub: Allow GPT partition references
The grub2 configuration file in Fedora 16 can have GPT partition
references like (hd0,gpt2) so remove the "gpt" string where necessary
Signed-off-by: Michael Young <m.a.young@durham.ac.uk>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Index: xen-4.1.2-testing/tools/pygrub/src/GrubConf.py
===================================================================
--- xen-4.1.2-testing.orig/tools/pygrub/src/GrubConf.py
+++ xen-4.1.2-testing/tools/pygrub/src/GrubConf.py
@@ -79,6 +79,8 @@ class GrubDiskPart(object):
val = val.replace("(", "").replace(")", "")
if val[:5] == "msdos":
val = val[5:]
+ if val[:3] == "gpt":
+ val = val[3:]
self._part = int(val)
part = property(get_part, set_part)

55
24001-pygrub-grub2.patch Normal file
View File

@ -0,0 +1,55 @@
# HG changeset patch
# User Michael Young <m.a.young@durham.ac.uk>
# Date 1319566806 -3600
# Node ID 152049468175f29a3792b3b60e09a841f9cd2c21
# Parent 65679fee01778aec2dbe9988959da6b57c52d6c9
pygrub: cope with configurations with submenus
The grub2 configuration file in Fedora 16 can have one or more
menuentrys in a submenu, with configuration of the form
submenu "Xen 4.1" {
menuentry ... {
...
}
}
(this example occurs when the xen hypervisor is installed on the
guest)
Ignore the submenu line and the corresponding }
Signed-off-by: Michael Young <m.a.young@durham.ac.uk>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Index: xen-4.1.2-testing/tools/pygrub/src/GrubConf.py
===================================================================
--- xen-4.1.2-testing.orig/tools/pygrub/src/GrubConf.py
+++ xen-4.1.2-testing/tools/pygrub/src/GrubConf.py
@@ -370,6 +370,7 @@ class Grub2ConfigFile(_GrubConfigFile):
in_function = False
img = None
title = ""
+ menu_level=0
for l in lines:
l = l.strip()
# skip blank lines
@@ -396,10 +397,18 @@ class Grub2ConfigFile(_GrubConfigFile):
img = []
title = title_match.group(1)
continue
-
+
+ if l.startswith("submenu"):
+ menu_level += 1
+ continue
+
if l.startswith("}"):
if img is None:
- raise RuntimeError, "syntax error: closing brace without menuentry"
+ if menu_level > 0:
+ menu_level -= 1
+ continue
+ else:
+ raise RuntimeError, "syntax error: closing brace without menuentry"
self.add_image(Grub2Image(title, img))
img = None

28
24002-pygrub-grub2.patch Normal file
View File

@ -0,0 +1,28 @@
# HG changeset patch
# User Michael Young <m.a.young@durham.ac.uk>
# Date 1319566865 -3600
# Node ID 979bc34d0ad0369e42c70f66a39952e4b6b9b613
# Parent 152049468175f29a3792b3b60e09a841f9cd2c21
pyrgrub: cope with configurations with set default="${saved_entry}" line
Fedora 16 grub2 configuration file can have lines like
set default="${saved_entry}"
and a string containing an integer is expected
Signed-off-by: Michael Young <m.a.young@durham.ac.uk>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
Index: xen-4.1.2-testing/tools/pygrub/src/GrubConf.py
===================================================================
--- xen-4.1.2-testing.orig/tools/pygrub/src/GrubConf.py
+++ xen-4.1.2-testing/tools/pygrub/src/GrubConf.py
@@ -425,6 +425,8 @@ class Grub2ConfigFile(_GrubConfigFile):
if self.commands.has_key(com):
if self.commands[com] is not None:
+ if arg.strip() == "${saved_entry}":
+ arg = "0"
setattr(self, self.commands[com], arg.strip())
else:
logging.info("Ignored directive %s" %(com,))

72
24064-pygrub-HybridISO.patch Normal file
View File

@ -0,0 +1,72 @@
# HG changeset patch
# User Philipp Hahn <hahn@univention.de>
# Date 1320251337 0
# Node ID 2d741388060df5bd2545f38a25278fb9a7fbb127
# Parent 6868855b6651639f02004a7e313fe7aaba522821
pygrub: Add HybridISO support for PyGrub2
grub-mkrescue internally uses xorriso, which generates a so-called
"Hybrid ISO": The ISO images also contains a DOS partition table,
which allows the identical ISO file to be stored on an USB stick for
booting from it. This breaks PyGrub, since it (wrongly) detects only
the DOS partition table and uses the first partition instead of the
complete ISO file.
Add a check to detect HybridISO files and use offset 0 in addition to
partition table parsing.
Signed-off-by: Philipp Hahn <hahn@univention.de>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 6868855b6651 -r 2d741388060d tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Wed Nov 02 16:25:18 2011 +0000
+++ b/tools/pygrub/src/pygrub Wed Nov 02 16:28:57 2011 +0000
@@ -40,15 +40,20 @@
except _curses.error:
pass
-def is_disk_image(file):
+DISK_TYPE_RAW, DISK_TYPE_HYBRIDISO, DISK_TYPE_DOS = range(3)
+def identify_disk_image(file):
+ """Detect DOS partition table or HybridISO format."""
fd = os.open(file, os.O_RDONLY)
- buf = os.read(fd, 512)
+ buf = os.read(fd, 0x8006)
os.close(fd)
if len(buf) >= 512 and \
struct.unpack("H", buf[0x1fe: 0x200]) == (0xaa55,):
- return True
- return False
+ # HybridISO contains a DOS partition table for booting from USB devices, but really is an ISO image
+ if len(buf) >= 0x8006 and buf[0x8001:0x8006] == 'CD001':
+ return DISK_TYPE_HYBRIDISO
+ return DISK_TYPE_DOS
+ return DISK_TYPE_RAW
SECTOR_SIZE=512
DK_LABEL_LOC=1
@@ -94,12 +99,19 @@
FDISK_PART_GPT=0xee
def get_partition_offsets(file):
- if not is_disk_image(file):
+ image_type = identify_disk_image(file)
+ if image_type == DISK_TYPE_RAW:
# No MBR: assume whole disk filesystem, which is like a
# single partition starting at 0
return [0]
-
- part_offs = []
+ elif image_type == DISK_TYPE_HYBRIDISO:
+ # A HybridISO contains an ISO filesystem at 0 in addition
+ # to the DOS partition table
+ part_offs = [0]
+ elif image_type == DISK_TYPE_DOS:
+ part_offs = []
+ else:
+ raise ValueError('Unhandled image type returnd by identify_disk_image(): %d' % (image_type,))
fd = os.open(file, os.O_RDONLY)
buf = os.read(fd, 512)

87
24401-pygrub-scrolling.patch Normal file
View File

@ -0,0 +1,87 @@
# HG changeset patch
# User Miroslav Rezanina <mrezanin@redhat.com>
# Date 1323790700 0
# Node ID c04ec56f4a6d381bfacd31fbcaefdaa206a914f1
# Parent 63e5005d58ca5674e790ef627e7fb3c8c66c5374
pygrub: Allow scrolling of the list of entries
When user wants to change entry in grub2 menu in pygrub, there
may be crash of pygrub in case of editing item ('e' key).
Crash on editing is caused longer entry list in case of grub2. As entry
window is 10 lines high, it can hold only 8 entries (2 lines for border).
Adding line outside of windows high causes crash. Patch add handling
for longer lists and scrolling through them.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 63e5005d58ca -r c04ec56f4a6d tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Dec 13 15:31:12 2011 +0000
+++ b/tools/pygrub/src/pygrub Tue Dec 13 15:38:20 2011 +0000
@@ -221,6 +221,7 @@
class Grub:
+ ENTRY_WIN_LINES = 8
def __init__(self, file, fs = None):
self.screen = None
self.entry_win = None
@@ -238,7 +239,7 @@
except:
pass # Not important if we can't use colour
enable_cursor(False)
- self.entry_win = curses.newwin(10, 74, 2, 1)
+ self.entry_win = curses.newwin(Grub.ENTRY_WIN_LINES + 2, 74, 2, 1)
self.text_win = curses.newwin(10, 70, 12, 5)
curses.def_prog_mode()
@@ -287,12 +288,20 @@
self.text_win.noutrefresh()
curline = 0
+ pos = 0
img = copy.deepcopy(origimg)
while 1:
draw()
self.entry_win.erase()
- self.entry_win.box()
- for idx in range(0, len(img.lines)):
+
+ rs = 0
+ re = len(img.lines)
+ idp = 1
+ if re > Grub.ENTRY_WIN_LINES:
+ rs = curline - pos
+ re = rs + Grub.ENTRY_WIN_LINES
+
+ for idx in range(rs, re):
# current line should be highlighted
if idx == curline:
self.entry_win.attron(curses.A_REVERSE)
@@ -302,9 +311,11 @@
if len(l) > 70:
l = l[:69] + ">"
- self.entry_win.addstr(idx + 1, 2, l)
+ self.entry_win.addstr(idp, 2, l)
if idx == curline:
self.entry_win.attroff(curses.A_REVERSE)
+ idp += 1
+ self.entry_win.box()
self.entry_win.noutrefresh()
curses.doupdate()
@@ -313,8 +324,12 @@
break
elif c == curses.KEY_UP:
curline -= 1
+ if pos > 0:
+ pos -= 1
elif c == curses.KEY_DOWN:
curline += 1
+ if pos < Grub.ENTRY_WIN_LINES - 1:
+ pos += 1
elif c == ord('b'):
self.isdone = True
break

29
24402-pygrub-edit-fix.patch Normal file
View File

@ -0,0 +1,29 @@
# HG changeset patch
# User Miroslav Rezanina <mrezanin@redhat.com>
# Date 1323790768 0
# Node ID 983b551e44077ace454a397181c93533e0a534b5
# Parent c04ec56f4a6d381bfacd31fbcaefdaa206a914f1
pygrub: Fix "a" entry editing in grub2
When user wants to change entry in grub2 menu in pygrub, there's no
response in case of appending command line arguments ('a' key).
Append malfunction is caused by change of keyword used for kernel
record. Grub uses 'kernel' for line with linux kernel but grub2 uses
'linux' instead. This patch adds checking for both grub 1 and 2 keywords.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r c04ec56f4a6d -r 983b551e4407 tools/pygrub/src/pygrub
--- a/tools/pygrub/src/pygrub Tue Dec 13 15:38:20 2011 +0000
+++ b/tools/pygrub/src/pygrub Tue Dec 13 15:39:28 2011 +0000
@@ -522,7 +522,7 @@
# find the kernel line, edit it and then boot
img = self.cf.images[self.selected_image]
for line in img.lines:
- if line.startswith("kernel"):
+ if line.startswith("kernel") or line.startswith("linux"):
l = self.edit_line(line)
if l is not None:
img.set_from_line(l, replace = True)

69
24460-pygrub-extlinux.patch Normal file
View File

@ -0,0 +1,69 @@
# HG changeset patch
# User Roger Pau Monne <roger.pau@entel.upc.edu>
# Date 1325592706 -3600
# Node ID ff0685e8419bc54b631f017c63a983362363c87a
# Parent caf9753d4cc100183eeda26d00c8c38f14215651
pygrub: fix extlinux parsing
pygrub was unable to parse extlinux config files correctly, exactly
the ones like:
LABEL grsec
KERNEL vmlinuz-3.0.10-grsec
APPEND initrd=initramfs-3.0.10-grsec
root=UUID=cfd4a7b4-8c40-4025-b877-8205f1c622ee
modules=sd-mod,usb-storage,ext4 xen quiet
This patch fixes it, adding a new case when parsing the "append" line,
that searches for the initrd image.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Campbell <ian.campbell.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
diff -r caf9753d4cc1 -r ff0685e8419b tools/pygrub/examples/alpine-linux-2.3.2.extlinux
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/pygrub/examples/alpine-linux-2.3.2.extlinux Tue Jan 03 13:11:46 2012 +0100
@@ -0,0 +1,11 @@
+DEFAULT menu.c32
+PROMPT 0
+MENU TITLE Alpine/Linux Boot Menu
+MENU HIDDEN
+MENU AUTOBOOT Alpine will be booted automatically in # seconds.
+TIMEOUT 30
+LABEL grsec
+ MENU DEFAULT
+ MENU LABEL Linux 3.0.10-grsec
+ KERNEL vmlinuz-3.0.10-grsec
+ APPEND initrd=initramfs-3.0.10-grsec root=UUID=a97ffe64-430f-4fd3-830e-4736d9a27af0 modules=sd-mod,usb-storage,ext4 quiet
diff -r caf9753d4cc1 -r ff0685e8419b tools/pygrub/src/ExtLinuxConf.py
--- a/tools/pygrub/src/ExtLinuxConf.py Thu Jan 05 17:13:33 2012 +0000
+++ b/tools/pygrub/src/ExtLinuxConf.py Tue Jan 03 13:11:46 2012 +0100
@@ -60,6 +60,13 @@
# Bypass regular self.commands handling
com = None
+ elif arg.find("initrd="):
+ # find initrd image in append line
+ args = arg.strip().split(" ")
+ for a in args:
+ if a.lower().startswith("initrd="):
+ setattr(self, "initrd", a.replace("initrd=", ""))
+ arg = arg.replace(a, "")
if com is not None and self.commands.has_key(com):
if self.commands[com] is not None:
@@ -86,10 +93,12 @@
self._args = args
def get_kernel(self):
return self._kernel
+ def set_args(self, val):
+ self._args = val
def get_args(self):
return self._args
kernel = property(get_kernel, set_kernel)
- args = property(get_args)
+ args = property(get_args, set_args)
def set_initrd(self, val):
self._initrd = (None,val)

29
24706-pygrub-extlinux.patch Normal file
View File

@ -0,0 +1,29 @@
# HG changeset patch
# User Roger Pau Monne <roger.pau@entel.upc.edu>
# Date 1328635287 0
# Node ID f84f34ec5fc7613d7a6dd53d18218656c11f0daa
# Parent 7a58296824c3bf7a15d563a7a140d20c369c96c8
pygrub: extlinux parsing correctness
The "in" operator should be used instead of the find method, since
we are only interested in knowing whether the line contains "initrd=",
but we don't care about it's position. Also fixes an error that
happens when initrd= it's at the start of the line, since find returns
0 and is evaluated as False.
Signed-off-by: Roger Pau Monne <roger.pau@entel.upc.edu>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff -r 7a58296824c3 -r f84f34ec5fc7 tools/pygrub/src/ExtLinuxConf.py
--- a/tools/pygrub/src/ExtLinuxConf.py Tue Feb 07 17:18:10 2012 +0000
+++ b/tools/pygrub/src/ExtLinuxConf.py Tue Feb 07 17:21:27 2012 +0000
@@ -60,7 +60,7 @@
# Bypass regular self.commands handling
com = None
- elif arg.find("initrd="):
+ elif "initrd=" in arg:
# find initrd image in append line
args = arg.strip().split(" ")
for a in args:

27
25168-x86-memset-size.patch Normal file
View File

@ -0,0 +1,27 @@
# HG changeset patch
# User Tim Deegan <tim@xen.org>
# Date 1334146233 -3600
# Node ID d5f9005dfc4ac2edb444e342a427dbe0f2cdf2f5
# Parent 2badbf64a582ed62f39ca465c189f759c67350c8
x86: fix memset(ptr, 0, sizeof ptr).
Signed-off-by: Tim Deegan <tim@xen.org>
Acked-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Christoph Egger <Christoph.Egger@amd.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Tim Deegan <tim@xen.org>
--- a/xen/arch/x86/cpu/mcheck/amd_f10.c
+++ b/xen/arch/x86/cpu/mcheck/amd_f10.c
@@ -73,9 +73,9 @@ amd_f10_handler(struct mc_info *mi, uint
return NULL;
}
- memset(mc_ext, 0, sizeof(mc_ext));
+ memset(mc_ext, 0, sizeof(*mc_ext));
mc_ext->common.type = MC_TYPE_EXTENDED;
- mc_ext->common.size = sizeof(mc_ext);
+ mc_ext->common.size = sizeof(*mc_ext);
mc_ext->mc_msrs = 3;
mc_ext->mc_msr[0].reg = MSR_F10_MC4_MISC1;

55
25191-x86-tdt-delta-calculation.patch Normal file
View File

@ -0,0 +1,55 @@
# HG changeset patch
# User David Vrabel <david.vrabel@citrix.com>
# Date 1334159385 -3600
# Node ID a95fc7decc831a01ed43c307c52287b32e7f4832
# Parent d196634484a9f86136704f973293925445961079
x86: fix delta calculation in TSC deadline timer emulation
In the virtual LAPIC, correct the delta calculation when emulating the
TSC deadline timer.
Without this fix, XenServer (which is based on Xen 4.1) does not work
when running as an HVM guest. dom0 fails to boot because its timer
interrupts are very delayed (by several minutes in some cases).
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c
@@ -889,7 +889,6 @@ uint64_t vlapic_tdt_msr_get(struct vlap
void vlapic_tdt_msr_set(struct vlapic *vlapic, uint64_t value)
{
uint64_t guest_tsc;
- uint64_t guest_time;
struct vcpu *v = vlapic_vcpu(vlapic);
/* may need to exclude some other conditions like vlapic->hw.disabled */
@@ -901,12 +900,10 @@ void vlapic_tdt_msr_set(struct vlapic *v
/* new_value = 0, >0 && <= now, > now */
guest_tsc = hvm_get_guest_tsc(v);
- guest_time = hvm_get_guest_time(v);
if ( value > guest_tsc )
{
- uint64_t delta = value - v->arch.hvm_vcpu.cache_tsc_offset;
- delta = gtsc_to_gtime(v->domain, delta);
- delta = max_t(s64, delta - guest_time, 0);
+ uint64_t delta = gtsc_to_gtime(v->domain, value - guest_tsc);
+ delta = max_t(s64, delta, 0);
HVM_DBG_LOG(DBG_LEVEL_VLAPIC_TIMER, "delta[0x%016"PRIx64"]", delta);
@@ -940,9 +937,8 @@ void vlapic_tdt_msr_set(struct vlapic *v
HVM_DBG_LOG(DBG_LEVEL_VLAPIC_TIMER,
"tdt_msr[0x%016"PRIx64"],"
- " gtsc[0x%016"PRIx64"],"
- " gtime[0x%016"PRIx64"]",
- vlapic->hw.tdt_msr, guest_tsc, guest_time);
+ " gtsc[0x%016"PRIx64"]",
+ vlapic->hw.tdt_msr, guest_tsc);
}
static int __vlapic_accept_pic_intr(struct vcpu *v)

37
25195-x86-cpuidle-C2-no-flush-or-bm-check.patch Normal file
View File

@ -0,0 +1,37 @@
# HG changeset patch
# User Wei Wang <wei.wang2@amd.com>
# Date 1334574328 -7200
# Node ID a06e6cdeafe34964721df3ddb32774d4634fd7ad
# Parent 6b72eb3b40cf2b3d5a6c75d68fa7093c57fc0d1f
x86/cpuidle: do not flush cache unless entering C3
Nor is there a need to disable bus master arbitration in that case.
Signed-off-by: Wei Wang <wei.wang2@amd.com>
Modified-by: Zhang, Yang Z <yang.z.zhang@intel.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/acpi/cpu_idle.c
+++ b/xen/arch/x86/acpi/cpu_idle.c
@@ -485,7 +485,9 @@ static void acpi_processor_idle(void)
* not set. In that case we cannot do much, we enter C3
* without doing anything.
*/
- if ( power->flags.bm_check && power->flags.bm_control )
+ if ( cx->type != ACPI_STATE_C3 )
+ /* nothing to be done here */;
+ else if ( power->flags.bm_check && power->flags.bm_control )
{
spin_lock(&c3_cpu_status.lock);
if ( ++c3_cpu_status.count == num_online_cpus() )
@@ -507,7 +509,8 @@ static void acpi_processor_idle(void)
/* Invoke C3 */
acpi_idle_do_entry(cx);
- if ( power->flags.bm_check && power->flags.bm_control )
+ if ( (cx->type == ACPI_STATE_C3) &&
+ power->flags.bm_check && power->flags.bm_control )
{
/* Enable bus master arbitration */
spin_lock(&c3_cpu_status.lock);

226
25196-x86-HAP-PAT-sr.patch Normal file
View File

@ -0,0 +1,226 @@
# HG changeset patch
# User Gianluca Guida <gianluca.guida@citrix.com>
# Date 1334647766 -3600
# Node ID 375fa55c7a6c88273bdd1f7f1105e5154da4eeba
# Parent a06e6cdeafe34964721df3ddb32774d4634fd7ad
Fix save/restore of guest PAT table in HAP paging mode.
HAP paging mode guests use direct MSR read/write into the VMCS/VMCB
for the guest PAT table, while the current save/restore code was
accessing only the pat_cr field in hvm_vcpu, used when intercepting
the MSR mostly in shadow mode (the Intel scenario is a bit more
complicated). This patch fixes this issue creating a new couple of
hvm_funcs, get/set_guest_pat, that access the right PAT table based on
the paging mode and guest configuration.
Signed-off-by: Gianluca Guida <gianluca.guida@citrix.com>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -209,6 +209,31 @@ void hvm_set_rdtsc_exiting(struct domain
hvm_funcs.set_rdtsc_exiting(v, enable);
}
+void hvm_get_guest_pat(struct vcpu *v, u64 *guest_pat)
+{
+ if ( !hvm_funcs.get_guest_pat(v, guest_pat) )
+ *guest_pat = v->arch.hvm_vcpu.pat_cr;
+}
+
+int hvm_set_guest_pat(struct vcpu *v, u64 guest_pat)
+{
+ int i;
+ uint8_t *value = (uint8_t *)&guest_pat;
+
+ for ( i = 0; i < 8; i++ )
+ if ( unlikely(!(value[i] == 0 || value[i] == 1 ||
+ value[i] == 4 || value[i] == 5 ||
+ value[i] == 6 || value[i] == 7)) ) {
+ HVM_DBG_LOG(DBG_LEVEL_MSR, "invalid guest PAT: %"PRIx64"\n",
+ guest_pat);
+ return 0;
+ }
+
+ if ( !hvm_funcs.set_guest_pat(v, guest_pat) )
+ v->arch.hvm_vcpu.pat_cr = guest_pat;
+ return 1;
+}
+
void hvm_set_guest_tsc(struct vcpu *v, u64 guest_tsc)
{
uint64_t tsc;
@@ -2483,7 +2508,7 @@ int hvm_msr_read_intercept(unsigned int
break;
case MSR_IA32_CR_PAT:
- *msr_content = v->arch.hvm_vcpu.pat_cr;
+ hvm_get_guest_pat(v, msr_content);
break;
case MSR_MTRRcap:
@@ -2599,7 +2624,7 @@ int hvm_msr_write_intercept(unsigned int
break;
case MSR_IA32_CR_PAT:
- if ( !pat_msr_set(&v->arch.hvm_vcpu.pat_cr, msr_content) )
+ if ( !hvm_set_guest_pat(v, msr_content) )
goto gp_fault;
break;
--- a/xen/arch/x86/hvm/mtrr.c
+++ b/xen/arch/x86/hvm/mtrr.c
@@ -406,26 +406,6 @@ uint32_t get_pat_flags(struct vcpu *v,
return pat_type_2_pte_flags(pat_entry_value);
}
-/* Helper funtions for seting mtrr/pat */
-bool_t pat_msr_set(uint64_t *pat, uint64_t msr_content)
-{
- uint8_t *value = (uint8_t*)&msr_content;
- int32_t i;
-
- if ( *pat != msr_content )
- {
- for ( i = 0; i < 8; i++ )
- if ( unlikely(!(value[i] == 0 || value[i] == 1 ||
- value[i] == 4 || value[i] == 5 ||
- value[i] == 6 || value[i] == 7)) )
- return 0;
-
- *pat = msr_content;
- }
-
- return 1;
-}
-
bool_t mtrr_def_type_msr_set(struct mtrr_state *m, uint64_t msr_content)
{
uint8_t def_type = msr_content & 0xff;
@@ -636,7 +616,7 @@ static int hvm_save_mtrr_msr(struct doma
{
mtrr_state = &v->arch.hvm_vcpu.mtrr;
- hw_mtrr.msr_pat_cr = v->arch.hvm_vcpu.pat_cr;
+ hvm_get_guest_pat(v, &hw_mtrr.msr_pat_cr);
hw_mtrr.msr_mtrr_def_type = mtrr_state->def_type
| (mtrr_state->enabled << 10);
@@ -681,7 +661,7 @@ static int hvm_load_mtrr_msr(struct doma
mtrr_state = &v->arch.hvm_vcpu.mtrr;
- pat_msr_set(&v->arch.hvm_vcpu.pat_cr, hw_mtrr.msr_pat_cr);
+ hvm_set_guest_pat(v, hw_mtrr.msr_pat_cr);
mtrr_state->mtrr_cap = hw_mtrr.msr_mtrr_cap;
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -585,6 +585,28 @@ static void svm_set_segment_register(str
svm_vmload(vmcb);
}
+static int svm_set_guest_pat(struct vcpu *v, u64 gpat)
+{
+ struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
+
+ if ( !paging_mode_hap(v->domain) )
+ return 0;
+
+ vmcb_set_g_pat(vmcb, gpat);
+ return 1;
+}
+
+static int svm_get_guest_pat(struct vcpu *v, u64 *gpat)
+{
+ struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
+
+ if ( !paging_mode_hap(v->domain) )
+ return 0;
+
+ *gpat = vmcb_get_g_pat(vmcb);
+ return 1;
+}
+
static void svm_set_tsc_offset(struct vcpu *v, u64 offset)
{
struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
@@ -1507,6 +1529,8 @@ static struct hvm_function_table __read_
.update_host_cr3 = svm_update_host_cr3,
.update_guest_cr = svm_update_guest_cr,
.update_guest_efer = svm_update_guest_efer,
+ .set_guest_pat = svm_set_guest_pat,
+ .get_guest_pat = svm_get_guest_pat,
.set_tsc_offset = svm_set_tsc_offset,
.inject_exception = svm_inject_exception,
.init_hypercall_page = svm_init_hypercall_page,
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -921,6 +921,34 @@ static void vmx_set_segment_register(str
vmx_vmcs_exit(v);
}
+static int vmx_set_guest_pat(struct vcpu *v, u64 gpat)
+{
+ if ( !cpu_has_vmx_pat || !paging_mode_hap(v->domain) )
+ return 0;
+
+ vmx_vmcs_enter(v);
+ __vmwrite(GUEST_PAT, gpat);
+#ifdef __i386__
+ __vmwrite(GUEST_PAT_HIGH, gpat >> 32);
+#endif
+ vmx_vmcs_exit(v);
+ return 1;
+}
+
+static int vmx_get_guest_pat(struct vcpu *v, u64 *gpat)
+{
+ if ( !cpu_has_vmx_pat || !paging_mode_hap(v->domain) )
+ return 0;
+
+ vmx_vmcs_enter(v);
+ *gpat = __vmread(GUEST_PAT);
+#ifdef __i386__
+ *gpat |= (u64)__vmread(GUEST_PAT_HIGH) << 32;
+#endif
+ vmx_vmcs_exit(v);
+ return 1;
+}
+
static void vmx_set_tsc_offset(struct vcpu *v, u64 offset)
{
vmx_vmcs_enter(v);
@@ -1384,6 +1412,8 @@ static struct hvm_function_table __read_
.update_host_cr3 = vmx_update_host_cr3,
.update_guest_cr = vmx_update_guest_cr,
.update_guest_efer = vmx_update_guest_efer,
+ .set_guest_pat = vmx_set_guest_pat,
+ .get_guest_pat = vmx_get_guest_pat,
.set_tsc_offset = vmx_set_tsc_offset,
.inject_exception = vmx_inject_exception,
.init_hypercall_page = vmx_init_hypercall_page,
--- a/xen/include/asm-x86/hvm/hvm.h
+++ b/xen/include/asm-x86/hvm/hvm.h
@@ -116,6 +116,9 @@ struct hvm_function_table {
void (*update_guest_cr)(struct vcpu *v, unsigned int cr);
void (*update_guest_efer)(struct vcpu *v);
+ int (*get_guest_pat)(struct vcpu *v, u64 *);
+ int (*set_guest_pat)(struct vcpu *v, u64);
+
void (*set_tsc_offset)(struct vcpu *v, u64 offset);
void (*inject_exception)(unsigned int trapnr, int errcode,
@@ -166,6 +169,9 @@ void hvm_vcpu_reset_state(struct vcpu *v
bool_t hvm_send_assist_req(struct vcpu *v);
+void hvm_get_guest_pat(struct vcpu *v, u64 *guest_pat);
+int hvm_set_guest_pat(struct vcpu *v, u64 guest_pat);
+
void hvm_set_guest_tsc(struct vcpu *v, u64 guest_tsc);
u64 hvm_get_guest_tsc(struct vcpu *v);

138
25200-x86_64-trap-bounce-flags.patch Normal file
View File

@ -0,0 +1,138 @@
References: bnc#757970
# HG changeset patch
# User Jan Beulich <jbeulich@suse.com>
# Date 1334669633 -7200
# Node ID 80f4113be5007f5b8a61048272193ce134b4fc28
# Parent 6092641e364428e7be20c9e23497d7a1fc535112
x86-64: fix #GP generation in assembly code
When guest use of sysenter (64-bit PV guest) or syscall (32-bit PV
guest) gets converted into a GP fault (due to no callback having got
registered), we must
- honor the GP fault handler's request the keep enabled or mask event
delivery
- not allow TBF_EXCEPTION to remain set past the generation of the
(guest) exception in the vCPU's trap_bounce.flags, as that would
otherwise allow for the next exception occurring in guest mode,
should it happen to get handled in Xen itself, to nevertheless get
bounced to the guest kernel.
Also, just like compat mode syscall handling already did, native mode
sysenter handling should, when converting to #GP, subtract 2 from the
RIP present in the frame so that the guest's GP fault handler would
see the fault pointing to the offending instruction instead of past it.
Finally, since those exception generating code blocks needed to be
modified anyway, convert them to make use of UNLIKELY_{START,END}().
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
# HG changeset patch
# User Jan Beulich <jbeulich@suse.com>
# Date 1334675825 -7200
# Node ID 569d6f05e1ef3146c269bca6313e2777420d616d
# Parent cf129a80e47e3664eb14070600a3b5c8c2a60440
x86-64: fix updating of UREGS_rip when converting sysenter to #GP
(I spotted this copy-and-paste mistake only when backporting c/s
25200:80f4113be500 to 4.1 and 4.0.)
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/x86_64/asm-offsets.c
+++ b/xen/arch/x86/x86_64/asm-offsets.c
@@ -90,6 +90,8 @@ void __dummy__(void)
arch.guest_context.trap_ctxt[TRAP_gp_fault].address);
OFFSET(VCPU_gp_fault_sel, struct vcpu,
arch.guest_context.trap_ctxt[TRAP_gp_fault].cs);
+ OFFSET(VCPU_gp_fault_flags, struct vcpu,
+ arch.guest_context.trap_ctxt[TRAP_gp_fault].flags);
OFFSET(VCPU_kernel_sp, struct vcpu, arch.guest_context.kernel_sp);
OFFSET(VCPU_kernel_ss, struct vcpu, arch.guest_context.kernel_ss);
OFFSET(VCPU_guest_context_flags, struct vcpu, arch.guest_context.flags);
--- a/xen/arch/x86/x86_64/compat/entry.S
+++ b/xen/arch/x86/x86_64/compat/entry.S
@@ -214,6 +214,7 @@ compat_failsafe_callback:
ENTRY(compat_post_handle_exception)
testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx)
jz compat_test_all_events
+.Lcompat_bounce_exception:
call compat_create_bounce_frame
movb $0,TRAPBOUNCE_flags(%rdx)
jmp compat_test_all_events
@@ -226,19 +227,20 @@ ENTRY(compat_syscall)
leaq VCPU_trap_bounce(%rbx),%rdx
testl $~3,%esi
leal (,%rcx,TBF_INTERRUPT),%ecx
- jz 2f
-1: movq %rax,TRAPBOUNCE_eip(%rdx)
- movw %si,TRAPBOUNCE_cs(%rdx)
- movb %cl,TRAPBOUNCE_flags(%rdx)
- call compat_create_bounce_frame
- jmp compat_test_all_events
-2: movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+UNLIKELY_START(z, compat_syscall_gpf)
+ movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
subl $2,UREGS_rip(%rsp)
- movq VCPU_gp_fault_addr(%rbx),%rax
- movzwl VCPU_gp_fault_sel(%rbx),%esi
- movb $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl
movl $0,TRAPBOUNCE_error_code(%rdx)
- jmp 1b
+ movl VCPU_gp_fault_addr(%rbx),%eax
+ movzwl VCPU_gp_fault_sel(%rbx),%esi
+ testb $4,VCPU_gp_fault_flags(%rbx)
+ setnz %cl
+ leal TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx
+UNLIKELY_END(compat_syscall_gpf)
+ movq %rax,TRAPBOUNCE_eip(%rdx)
+ movw %si,TRAPBOUNCE_cs(%rdx)
+ movb %cl,TRAPBOUNCE_flags(%rdx)
+ jmp .Lcompat_bounce_exception
ENTRY(compat_sysenter)
cmpl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -278,19 +278,21 @@ sysenter_eflags_saved:
leaq VCPU_trap_bounce(%rbx),%rdx
testq %rax,%rax
leal (,%rcx,TBF_INTERRUPT),%ecx
- jz 2f
-1: movq VCPU_domain(%rbx),%rdi
+UNLIKELY_START(z, sysenter_gpf)
+ movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
+ subq $2,UREGS_rip(%rsp)
+ movl %eax,TRAPBOUNCE_error_code(%rdx)
+ movq VCPU_gp_fault_addr(%rbx),%rax
+ testb $4,VCPU_gp_fault_flags(%rbx)
+ setnz %cl
+ leal TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE(,%rcx,TBF_INTERRUPT),%ecx
+UNLIKELY_END(sysenter_gpf)
+ movq VCPU_domain(%rbx),%rdi
movq %rax,TRAPBOUNCE_eip(%rdx)
movb %cl,TRAPBOUNCE_flags(%rdx)
testb $1,DOMAIN_is_32bit_pv(%rdi)
jnz compat_sysenter
- call create_bounce_frame
- jmp test_all_events
-2: movl %eax,TRAPBOUNCE_error_code(%rdx)
- movq VCPU_gp_fault_addr(%rbx),%rax
- movb $(TBF_EXCEPTION|TBF_EXCEPTION_ERRCODE|TBF_INTERRUPT),%cl
- movl $TRAP_gp_fault,UREGS_entry_vector(%rsp)
- jmp 1b
+ jmp .Lbounce_exception
ENTRY(int80_direct_trap)
pushq $0
@@ -482,6 +484,7 @@ handle_exception_saved:
jnz compat_post_handle_exception
testb $TBF_EXCEPTION,TRAPBOUNCE_flags(%rdx)
jz test_all_events
+.Lbounce_exception:
call create_bounce_frame
movb $0,TRAPBOUNCE_flags(%rdx)
jmp test_all_events

27
25242-x86_64-hotplug-compat-m2p.patch Normal file
View File

@ -0,0 +1,27 @@
# HG changeset patch
# User Malcolm Crossley <malcolm.crossley@citrix.com>
# Date 1335350156 -7200
# Node ID b7ce6a88bebbbd8d03fe50099ede8de4d9adef0f
# Parent 15f094c85c85fb769f72a48b9c5d924a8e455855
x86-64: Fix memory hotplug epfn upper limit test for updating the compat M2P table
The epfn is being compared to (RDWR_COMPAT_MPT_VIRT_END -
RDWR_COMPAT_MPT_VIRT_START) without a 2 bit shift, resulting in the
epfn being compared to the size of the RDWR_COMPAT_MPT table in bytes
instead of the maximum page frame number that the RDWR_COMPAT_MPT
table can map.
Signed-off-by: Malcolm Crossley <malcolm.crossley@citrix.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/x86_64/mm.c
+++ b/xen/arch/x86/x86_64/mm.c
@@ -451,7 +451,7 @@ static int setup_compat_m2p_table(struct
if ((smap > ((RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2)) )
return 0;
- if (epfn > (RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START))
+ if ( epfn > ((RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2) )
epfn = (RDWR_COMPAT_MPT_VIRT_END - RDWR_COMPAT_MPT_VIRT_START) >> 2;
emap = ( (epfn + ((1UL << (L2_PAGETABLE_SHIFT - 2)) - 1 )) &

39
25247-SVM-no-rdtsc-intercept.patch Normal file
View File

@ -0,0 +1,39 @@
# HG changeset patch
# User Boris Ostrovsky <boris.ostrovsky@amd.com>
# Date 1335358394 -3600
# Node ID ed9c557f8a35a6deb7e6df0679f24a2121fd1172
# Parent 7ba11d9b1d23633b5c42fadddad17b6dcb686141
svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware
When running in TSC_MODE_ALWAYS_EMULATE mode on processors that
support TSC scaling we don't need to intercept RDTSC/RDTSCP
instructions.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@amd.com>
Acked-by: Wei Huang <wei.huang2@amd.com>
Tested-by: Wei Huang <wei.huang2@amd.com>
Committed-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -633,12 +633,19 @@ static void svm_set_rdtsc_exiting(struct
{
struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
u32 general1_intercepts = vmcb_get_general1_intercepts(vmcb);
+ u32 general2_intercepts = vmcb_get_general2_intercepts(vmcb);
general1_intercepts &= ~GENERAL1_INTERCEPT_RDTSC;
- if ( enable )
+ general2_intercepts &= ~GENERAL2_INTERCEPT_RDTSCP;
+
+ if ( enable && !cpu_has_tsc_ratio )
+ {
general1_intercepts |= GENERAL1_INTERCEPT_RDTSC;
+ general2_intercepts |= GENERAL2_INTERCEPT_RDTSCP;
+ }
vmcb_set_general1_intercepts(vmcb, general1_intercepts);
+ vmcb_set_general2_intercepts(vmcb, general2_intercepts);
}
static unsigned int svm_get_insn_bytes(struct vcpu *v, uint8_t *buf)

24
25267-x86-text-unlikely.patch Normal file
View File

@ -0,0 +1,24 @@
# HG changeset patch
# User Jan Beulich <jbeulich@suse.com>
# Date 1336476796 -7200
# Node ID f3fd3136f7a04b8d4e9a6ef1e6787810bae198e9
# Parent 8f1e0cc4a507a52a49a2eb7832a57ecc7e032dce
x86: merge .text.* into .text while linking
For xen.efi, this eliminates a pointless gap between .text and
.text.unlikely of almost 2Mb size.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/xen.lds.S
+++ b/xen/arch/x86/xen.lds.S
@@ -47,6 +47,8 @@ SECTIONS
.text : {
_stext = .; /* Text and read-only data */
*(.text)
+ *(.text.cold)
+ *(.text.unlikely)
*(.fixup)
*(.gnu.warning)
_etext = .; /* End of text section */

101
25269-x86-vMCE-addr-misc-write.patch Normal file
View File

@ -0,0 +1,101 @@
# HG changeset patch
# User Liu, Jinsong <jinsong.liu@intel.com>
# Date 1336476984 -7200
# Node ID 8a86d841e6d42fbffc9e20d3028875dd4990882d
# Parent ea7c9cabd7ad9ccbdf0c2d1a71e479b69d24ea5b
fix vmce MCi_ADDR/MCi_MISC wrmsr bug
This patch fixes a bug related to wrmsr vmce MCi_ADDR/MCi_MISC
registers, since they are not read-only.
Intel SDM recommanded os mce driver clear MCi_ADDR/MCi_MISC, so guest
MCE driver may clear MCi_ADDR/MCi_MISC registers. In such case, old
vmce wrmsr logic would generate a #GP fault in guest MCE context,
causing the guest to crash.
When wrmsr MCi_ADDR/MCi_MISC, writing all 1s will cause #GP.
Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/cpu/mcheck/vmce.c
+++ b/xen/arch/x86/cpu/mcheck/vmce.c
@@ -209,6 +209,14 @@ static int bank_mce_wrmsr(struct vcpu *v
struct domain_mca_msrs *vmce = dom_vmce(v->domain);
struct bank_entry *entry = NULL;
+ /* Give the first entry of the list, it corresponds to current
+ * vMCE# injection. When vMCE# is finished processing by the
+ * the guest, this node will be deleted.
+ * Only error bank is written. Non-error banks simply return.
+ */
+ if ( !list_empty(&vmce->impact_header) )
+ entry = list_entry(vmce->impact_header.next, struct bank_entry, list);
+
switch ( msr & (MSR_IA32_MC0_CTL | 3) )
{
case MSR_IA32_MC0_CTL:
@@ -216,17 +224,9 @@ static int bank_mce_wrmsr(struct vcpu *v
vmce->mci_ctl[bank] = val;
break;
case MSR_IA32_MC0_STATUS:
- /* Give the first entry of the list, it corresponds to current
- * vMCE# injection. When vMCE# is finished processing by the
- * the guest, this node will be deleted.
- * Only error bank is written. Non-error banks simply return.
- */
- if ( !list_empty(&vmce->impact_header) )
+ if ( entry && (entry->bank == bank) )
{
- entry = list_entry(vmce->impact_header.next,
- struct bank_entry, list);
- if ( entry->bank == bank )
- entry->mci_status = val;
+ entry->mci_status = val;
mce_printk(MCE_VERBOSE,
"MCE: wr MC%u_STATUS %"PRIx64" in vMCE#\n",
bank, val);
@@ -236,12 +236,38 @@ static int bank_mce_wrmsr(struct vcpu *v
"MCE: wr MC%u_STATUS %"PRIx64"\n", bank, val);
break;
case MSR_IA32_MC0_ADDR:
- mce_printk(MCE_QUIET, "MCE: MC%u_ADDR is read-only\n", bank);
- ret = -1;
+ if ( !~val )
+ {
+ mce_printk(MCE_QUIET,
+ "MCE: wr MC%u_ADDR with all 1s will cause #GP\n", bank);
+ ret = -1;
+ }
+ else if ( entry && (entry->bank == bank) )
+ {
+ entry->mci_addr = val;
+ mce_printk(MCE_VERBOSE,
+ "MCE: wr MC%u_ADDR %"PRIx64" in vMCE#\n", bank, val);
+ }
+ else
+ mce_printk(MCE_VERBOSE,
+ "MCE: wr MC%u_ADDR %"PRIx64"\n", bank, val);
break;
case MSR_IA32_MC0_MISC:
- mce_printk(MCE_QUIET, "MCE: MC%u_MISC is read-only\n", bank);
- ret = -1;
+ if ( !~val )
+ {
+ mce_printk(MCE_QUIET,
+ "MCE: wr MC%u_MISC with all 1s will cause #GP\n", bank);
+ ret = -1;
+ }
+ else if ( entry && (entry->bank == bank) )
+ {
+ entry->mci_misc = val;
+ mce_printk(MCE_VERBOSE,
+ "MCE: wr MC%u_MISC %"PRIx64" in vMCE#\n", bank, val);
+ }
+ else
+ mce_printk(MCE_VERBOSE,
+ "MCE: wr MC%u_MISC %"PRIx64"\n", bank, val);
break;
default:
switch ( boot_cpu_data.x86_vendor )

57
25271-x86_64-IST-index.patch Normal file
View File

@ -0,0 +1,57 @@
# HG changeset patch
# User Andrew Cooper <andrew.cooper3@citrix.com>
# Date 1336644272 -3600
# Node ID 54da0329e259c11b63afe3312c9fa6cc1cb7cc9d
# Parent b059c62449fb490074d85c00aa03c38fb34a0e80
x86_64: Fix off-by-one error setting up the Interrupt Stack Tables
The Interrupt Stack Table entries in a 64bit TSS are a 1 based data
structure as far as hardware is concerned. As a result, the code
setting up stacks in subarch_percpu_traps_init() fills in the wrong
IST entries.
The result is that the MCE handler executes on the stack set up for
NMIs; the NMI handler executes on a stack set up for Double Faults,
and Double Faults are executed with a stack pointer set to 0.
Once the #DF handler starts to execute, it will usually take a page
fault looking up the address at 0xfffffffffffffff8, which will cause a
triple fault. If a guest has mapped a page in that location, then it
will have some state overwritten, but as the #DF handler always calls
panic(), this is not a problem the guest will have time to care about.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Committed-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/x86_64/traps.c
+++ b/xen/arch/x86/x86_64/traps.c
@@ -389,13 +389,13 @@ void __devinit subarch_percpu_traps_init
BUILD_BUG_ON((IST_MAX + 2) * PAGE_SIZE + PRIMARY_STACK_SIZE > STACK_SIZE);
/* Machine Check handler has its own per-CPU 4kB stack. */
- this_cpu(init_tss).ist[IST_MCE] = (unsigned long)&stack[IST_MCE * PAGE_SIZE];
+ this_cpu(init_tss).ist[IST_MCE-1] = (unsigned long)&stack[IST_MCE * PAGE_SIZE];
/* Double-fault handler has its own per-CPU 4kB stack. */
- this_cpu(init_tss).ist[IST_DF] = (unsigned long)&stack[IST_DF * PAGE_SIZE];
+ this_cpu(init_tss).ist[IST_DF-1] = (unsigned long)&stack[IST_DF * PAGE_SIZE];
/* NMI handler has its own per-CPU 4kB stack. */
- this_cpu(init_tss).ist[IST_NMI] = (unsigned long)&stack[IST_NMI * PAGE_SIZE];
+ this_cpu(init_tss).ist[IST_NMI-1] = (unsigned long)&stack[IST_NMI * PAGE_SIZE];
/* Trampoline for SYSCALL entry from long mode. */
stack = &stack[IST_MAX * PAGE_SIZE]; /* Skip the IST stacks. */
--- a/xen/include/asm-x86/processor.h
+++ b/xen/include/asm-x86/processor.h
@@ -427,7 +427,9 @@ struct tss_struct {
union { u64 rsp1, esp1; };
union { u64 rsp2, esp2; };
u64 reserved1;
- u64 ist[7];
+ u64 ist[7]; /* Interrupt Stack Table is 1-based so tss->ist[0]
+ * corresponds to an IST value of 1 in an Interrupt
+ * Descriptor */
u64 reserved2;
u16 reserved3;
#else

24
25327-pvdrv-no-asm-system-h.patch Normal file
View File

@ -0,0 +1,24 @@
# HG changeset patch
# User Olaf Hering <olaf@aepfle.de>
# Date 1336989867 -7200
# Node ID cc7a054a5a27bbb75a9b83d3c62ed6094c209e66
# Parent cd4dd23a831d954ba530ced0fdea9685c1975d44
unmodified_drivers: remove inclusion of asm/system.h
Allow compilation of PVonHVM drivers with forward-ported xenlinux
sources in openSuSE 12.2. Since Linux 3.4 asm/system.h is not present
anymore. Remove inclusion of this header, its not needed.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Committed-by: Jan Beulich <jbeulich@suse.com>
--- a/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
+++ b/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
@@ -30,7 +30,6 @@
#include <linux/interrupt.h>
#include <linux/vmalloc.h>
#include <linux/mm.h>
-#include <asm/system.h>
#include <asm/io.h>
#include <asm/irq.h>
#include <asm/uaccess.h>

2
disable_emulated_device.diff
View File

@ -2,7 +2,7 @@ Index: xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.
===================================================================
--- xen-4.1.2-testing.orig/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
+++ xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
@@ -426,6 +426,11 @@ static int __devinit platform_pci_init(s
@@ -425,6 +425,11 @@ static int __devinit platform_pci_init(s
platform_mmio = mmio_addr;
platform_mmiolen = mmio_len;

2
magic_ioport_compat.patch
View File

@ -6,7 +6,7 @@ Index: xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.
===================================================================
--- xen-4.1.2-testing.orig/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
+++ xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
@@ -322,7 +322,10 @@ static int check_platform_magic(struct d
@@ -321,7 +321,10 @@ static int check_platform_magic(struct d
if (magic != XEN_IOPORT_MAGIC_VAL) {
err = "unrecognised magic value";

28
pv-driver-build.patch
View File

@ -1,3 +1,5 @@
Index: xen-4.1.2-testing/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h
===================================================================
--- xen-4.1.2-testing.orig/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h
+++ xen-4.1.2-testing/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h
@@ -161,4 +161,14 @@ typedef irqreturn_t (*irq_handler_t)(int
@ -15,9 +17,11 @@
+#endif
+
#endif
Index: xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
===================================================================
--- xen-4.1.2-testing.orig/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
+++ xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
@@ -123,6 +123,7 @@ unsigned long alloc_xen_mmio(unsigned lo
@@ -122,6 +122,7 @@ unsigned long alloc_xen_mmio(unsigned lo
#ifndef __ia64__
@ -25,7 +29,7 @@
static uint32_t xen_cpuid_base(void)
{
uint32_t base, eax, ebx, ecx, edx;
@@ -141,6 +142,7 @@ static uint32_t xen_cpuid_base(void)
@@ -140,6 +141,7 @@ static uint32_t xen_cpuid_base(void)
return 0;
}
@ -33,23 +37,3 @@
static int init_hypercall_stubs(void)
{
--- xen-4.1.2-testing.orig/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
+++ xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
@@ -30,7 +30,6 @@
#include <linux/interrupt.h>
#include <linux/vmalloc.h>
#include <linux/mm.h>
-#include <asm/system.h>
#include <asm/io.h>
#include <asm/irq.h>
#include <asm/uaccess.h>
--- xen-4.1.2-testing.orig/unmodified_drivers/linux-2.6/mkbuildtree
+++ xen-4.1.2-testing/unmodified_drivers/linux-2.6/mkbuildtree
@@ -52,6 +52,7 @@ ln -nsf ${XEN}/include/public include/xe
case "$uname" in
i[34567]86|x86_64)
if [ -d ${XL}/arch/x86/include/mach-xen ]; then
+ ln -sfv ${XL}/arch/x86/include/mach-xen/asm/smp-processor-id.h include/asm
ln -sf ${XL}/arch/x86/include/mach-xen/asm/hypervisor.h include/asm
ln -sf ${XL}/arch/x86/include/mach-xen/asm/hypercall*.h include/asm
ln -sf ${XL}/arch/x86/include/mach-xen/asm/synch_bitops*.h include/asm

6
pvdrv-import-shared-info.patch
View File

@ -16,7 +16,7 @@ Index: xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.
===================================================================
--- xen-4.1.2-testing.orig/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
+++ xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.c
@@ -77,7 +77,6 @@ static uint64_t callback_via;
@@ -76,7 +76,6 @@ static uint64_t callback_via;
static int __devinit init_xen_info(void)
{
struct xen_add_to_physmap xatp;
@ -24,7 +24,7 @@ Index: xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.
#ifdef __ia64__
xencomm_initialize();
@@ -85,6 +84,7 @@ static int __devinit init_xen_info(void)
@@ -84,6 +83,7 @@ static int __devinit init_xen_info(void)
setup_xen_features();
@ -32,7 +32,7 @@ Index: xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.
shared_info_frame = alloc_xen_mmio(PAGE_SIZE) >> PAGE_SHIFT;
xatp.domid = DOMID_SELF;
xatp.idx = 0;
@@ -97,6 +97,11 @@ static int __devinit init_xen_info(void)
@@ -96,6 +96,11 @@ static int __devinit init_xen_info(void)
ioremap(shared_info_frame << PAGE_SHIFT, PAGE_SIZE);
if (shared_info_area == NULL)
panic("can't map shared info\n");

2
x86-extra-trap-info.patch
View File

@ -66,7 +66,7 @@ Index: xen-4.1.2-testing/xen/arch/x86/x86_64/entry.S
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/x86_64/entry.S
+++ xen-4.1.2-testing/xen/arch/x86/x86_64/entry.S
@@ -416,22 +416,35 @@ UNLIKELY_END(bounce_failsafe)
@@ -418,22 +418,35 @@ UNLIKELY_END(bounce_failsafe)
jz domain_crash_synchronous
movq %rax,UREGS_rip+8(%rsp)
ret

38
x86_64-AMD-erratum-121.patch Normal file
View File

@ -0,0 +1,38 @@
References: CVE-2012-2934, bnc#764077
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -32,6 +32,9 @@
static char opt_famrev[14];
string_param("cpuid_mask_cpu", opt_famrev);
+static int opt_allow_unsafe;
+boolean_param("allow_unsafe", opt_allow_unsafe);
+
static inline void wrmsr_amd(unsigned int index, unsigned int lo,
unsigned int hi)
{
@@ -620,6 +623,11 @@ static void __devinit init_amd(struct cp
clear_bit(X86_FEATURE_MCE, c->x86_capability);
#ifdef __x86_64__
+ if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe)
+ panic("Xen will not boot on this CPU for security reasons.\n"
+ "Pass \"allow_unsafe\" if you're trusting all your"
+ " (PV) guest kernels.\n");
+
/* AMD CPUs do not support SYSENTER outside of legacy mode. */
clear_bit(X86_FEATURE_SEP, c->x86_capability);
--- a/xen/include/asm-x86/amd.h
+++ b/xen/include/asm-x86/amd.h
@@ -127,6 +127,9 @@
#define AMD_MODEL_RANGE_START(range) (((range) >> 12) & 0xfff)
#define AMD_MODEL_RANGE_END(range) ((range) & 0xfff)
+#define AMD_ERRATUM_121 \
+ AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x3f, 0xf))
+
#define AMD_ERRATUM_170 \
AMD_LEGACY_ERRATUM(AMD_MODEL_RANGE(0x0f, 0x0, 0x0, 0x67, 0xf))

86
x86_64-allow-unsafe-adjust.patch Normal file
View File

@ -0,0 +1,86 @@
References: CVE-2012-2934, bnc#764077
Product management demanded that customer systems must continue to boot
irrespective of the presence of XSA-9. Rather than having our and
perhaps other distros carry non-trivial patches, allow for more fine
grained control (panic on boot, deny guest creation, or merely warn) by
means of a single line change.
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
@@ -32,8 +32,11 @@
static char opt_famrev[14];
string_param("cpuid_mask_cpu", opt_famrev);
-static int opt_allow_unsafe;
+#ifdef __x86_64__
+/* 1 = allow, 0 = don't allow guest creation, -1 = don't allow boot */
+int __read_mostly opt_allow_unsafe;
boolean_param("allow_unsafe", opt_allow_unsafe);
+#endif
static inline void wrmsr_amd(unsigned int index, unsigned int lo,
unsigned int hi)
@@ -623,10 +626,19 @@ static void __devinit init_amd(struct cp
clear_bit(X86_FEATURE_MCE, c->x86_capability);
#ifdef __x86_64__
- if (cpu_has_amd_erratum(c, AMD_ERRATUM_121) && !opt_allow_unsafe)
+ if (!cpu_has_amd_erratum(c, AMD_ERRATUM_121))
+ opt_allow_unsafe = 1;
+ else if (opt_allow_unsafe < 0)
panic("Xen will not boot on this CPU for security reasons.\n"
"Pass \"allow_unsafe\" if you're trusting all your"
" (PV) guest kernels.\n");
+ else if (!opt_allow_unsafe && c == &boot_cpu_data)
+ printk(KERN_WARNING
+ "*** Xen will not allow creation of DomU-s on"
+ " this CPU for security reasons. ***\n"
+ KERN_WARNING
+ "*** Pass \"allow_unsafe\" if you're trusting"
+ " all your (PV) guest kernels. ***\n");
/* AMD CPUs do not support SYSENTER outside of legacy mode. */
clear_bit(X86_FEATURE_SEP, c->x86_capability);
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -52,6 +52,7 @@
#include <asm/traps.h>
#include <asm/nmi.h>
#include <asm/mce.h>
+#include <asm/amd.h>
#include <xen/numa.h>
#include <xen/iommu.h>
#ifdef CONFIG_COMPAT
@@ -474,6 +475,20 @@ int arch_domain_create(struct domain *d,
#else /* __x86_64__ */
+ if ( d->domain_id && !is_idle_domain(d) &&
+ cpu_has_amd_erratum(&boot_cpu_data, AMD_ERRATUM_121) )
+ {
+ if ( !opt_allow_unsafe )
+ {
+ printk(XENLOG_G_ERR "Xen does not allow DomU creation on this CPU"
+ " for security reasons.\n");
+ return -EPERM;
+ }
+ printk(XENLOG_G_WARNING
+ "Dom%d may compromise security on this CPU.\n",
+ d->domain_id);
+ }
+
BUILD_BUG_ON(PDPT_L2_ENTRIES * sizeof(*d->arch.mm_perdomain_pt_pages)
!= PAGE_SIZE);
pg = alloc_domheap_page(NULL, MEMF_node(domain_to_node(d)));
--- a/xen/include/asm-x86/amd.h
+++ b/xen/include/asm-x86/amd.h
@@ -151,6 +151,8 @@ struct cpuinfo_x86;
int cpu_has_amd_erratum(const struct cpuinfo_x86 *, int, ...);
#ifdef __x86_64__
+extern int opt_allow_unsafe;
+
void fam10h_check_enable_mmcfg(void);
void check_enable_amd_mmconf_dmi(void);
#endif

29
x86_64-sysret-canonical.patch Normal file
View File

@ -0,0 +1,29 @@
References: CVE-2012-0217, bnc#757537
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -40,6 +40,13 @@ restore_all_guest:
testw $TRAP_syscall,4(%rsp)
jz iret_exit_to_guest
+ /* Don't use SYSRET path if the return address is not canonical. */
+ movq 8(%rsp),%rcx
+ sarq $47,%rcx
+ incl %ecx
+ cmpl $1,%ecx
+ ja .Lforce_iret
+
addq $8,%rsp
popq %rcx # RIP
popq %r11 # CS
@@ -50,6 +57,10 @@ restore_all_guest:
sysretq
1: sysretl
+.Lforce_iret:
+ /* Mimic SYSRET behavior. */
+ movq 8(%rsp),%rcx # RIP
+ movq 24(%rsp),%r11 # RFLAGS
ALIGN
/* No special register assumptions. */
iret_exit_to_guest:

268
xen-warnings-unused.diff
View File

@ -1,5 +1,7 @@
--- a/tools/libxc/xc_tmem.c
+++ b/tools/libxc/xc_tmem.c
Index: xen-4.1.2-testing/tools/libxc/xc_tmem.c
===================================================================
--- xen-4.1.2-testing.orig/tools/libxc/xc_tmem.c
+++ xen-4.1.2-testing/tools/libxc/xc_tmem.c
@@ -390,7 +390,8 @@ static int xc_tmem_restore_new_pool(
int xc_tmem_restore(xc_interface *xch, int dom, int io_fd)
@ -10,8 +12,10 @@
uint32_t this_max_pools, this_version;
uint32_t pool_id;
uint32_t minusone;
--- a/tools/libxc/xc_domain_restore.c
+++ b/tools/libxc/xc_domain_restore.c
Index: xen-4.1.2-testing/tools/libxc/xc_domain_restore.c
===================================================================
--- xen-4.1.2-testing.orig/tools/libxc/xc_domain_restore.c
+++ xen-4.1.2-testing/tools/libxc/xc_domain_restore.c
@@ -1087,7 +1087,6 @@ int xc_domain_restore(xc_interface *xch,
int vcpuextstate = 0;
uint32_t vcpuextstate_size = 0;
@ -28,8 +32,10 @@
n = m = 0;
loadpages:
--- a/tools/misc/gtraceview.c
+++ b/tools/misc/gtraceview.c
Index: xen-4.1.2-testing/tools/misc/gtraceview.c
===================================================================
--- xen-4.1.2-testing.orig/tools/misc/gtraceview.c
+++ xen-4.1.2-testing/tools/misc/gtraceview.c
@@ -622,7 +622,8 @@ void crt_init(void)
void nr_addch(int nr, int ch)
{
@ -40,8 +46,10 @@
getyx(stdscr, y, x);
for (i = 0; i < nr; i++) {
if (x == COLS-1)
--- a/tools/xcutils/xc_restore.c
+++ b/tools/xcutils/xc_restore.c
Index: xen-4.1.2-testing/tools/xcutils/xc_restore.c
===================================================================
--- xen-4.1.2-testing.orig/tools/xcutils/xc_restore.c
+++ xen-4.1.2-testing/tools/xcutils/xc_restore.c
@@ -19,7 +19,8 @@ int
main(int argc, char **argv)
{
@ -52,8 +60,10 @@
xc_interface *xch;
int io_fd, ret;
int superpages;
--- a/tools/firmware/rombios/32bit/tcgbios/tcgbios.c
+++ b/tools/firmware/rombios/32bit/tcgbios/tcgbios.c
Index: xen-4.1.2-testing/tools/firmware/rombios/32bit/tcgbios/tcgbios.c
===================================================================
--- xen-4.1.2-testing.orig/tools/firmware/rombios/32bit/tcgbios/tcgbios.c
+++ xen-4.1.2-testing/tools/firmware/rombios/32bit/tcgbios/tcgbios.c
@@ -1064,7 +1064,7 @@ uint32_t HashLogEvent32(struct hlei *hle
uint32_t rc = 0;
uint16_t size;
@ -63,8 +73,10 @@
uint32_t hashdataptr;
uint32_t hashdatalen;
--- a/tools/console/client/main.c
+++ b/tools/console/client/main.c
Index: xen-4.1.2-testing/tools/console/client/main.c
===================================================================
--- xen-4.1.2-testing.orig/tools/console/client/main.c
+++ xen-4.1.2-testing/tools/console/client/main.c
@@ -277,7 +277,8 @@ int main(int argc, char **argv)
};
@ -75,8 +87,10 @@
struct xs_handle *xs;
char *end;
console_type type = CONSOLE_INVAL;
--- a/tools/xenstat/xentop/xentop.c
+++ b/tools/xenstat/xentop/xentop.c
Index: xen-4.1.2-testing/tools/xenstat/xentop/xentop.c
===================================================================
--- xen-4.1.2-testing.orig/tools/xenstat/xentop/xentop.c
+++ xen-4.1.2-testing/tools/xenstat/xentop/xentop.c
@@ -272,7 +272,8 @@ static void fail(const char *str)
/* Return the row containing the cursor. */
static int current_row(void)
@ -97,9 +111,11 @@
getmaxyx(stdscr, y, x);
return y;
}
--- a/tools/libxl/libxlu_cfg.c
+++ b/tools/libxl/libxlu_cfg.c
@@ -348,7 +348,7 @@ char *xlu__cfgl_dequote(CfgParseContext
Index: xen-4.1.2-testing/tools/libxl/libxlu_cfg.c
===================================================================
--- xen-4.1.2-testing.orig/tools/libxl/libxlu_cfg.c
+++ xen-4.1.2-testing/tools/libxl/libxlu_cfg.c
@@ -348,7 +348,7 @@ char *xlu__cfgl_dequote(CfgParseContext
#define NUMERIC_CHAR(minlen,maxlen,base,basetext) do{ \
char numbuf[(maxlen)+1], *ep; \
@ -108,9 +124,11 @@
\
strncpy(numbuf,p,(maxlen)); \
numbuf[(maxlen)]= 0; \
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -221,7 +221,7 @@ int libxl_domain_rename(libxl_ctx *ctx,
Index: xen-4.1.2-testing/tools/libxl/libxl.c
===================================================================
--- xen-4.1.2-testing.orig/tools/libxl/libxl.c
+++ xen-4.1.2-testing/tools/libxl/libxl.c
@@ -221,7 +221,7 @@ int libxl_domain_rename(libxl_ctx *ctx,
int libxl_domain_resume(libxl_ctx *ctx, uint32_t domid)
{
libxl__gc gc = LIBXL_INIT_GC(ctx);
@ -137,8 +155,10 @@
libxl__sprintf(&gc, "%s/device/vif", dompath), &nb_nics);
if (!l)
goto err;
--- a/tools/libxl/libxl_pci.c
+++ b/tools/libxl/libxl_pci.c
Index: xen-4.1.2-testing/tools/libxl/libxl_pci.c
===================================================================
--- xen-4.1.2-testing.orig/tools/libxl/libxl_pci.c
+++ xen-4.1.2-testing/tools/libxl/libxl_pci.c
@@ -240,7 +240,7 @@ static int libxl_create_pci_backend(libx
flexarray_t *front = NULL;
flexarray_t *back = NULL;
@ -157,8 +177,10 @@
LIBXL__LOG(ctx, LIBXL__LOG_DEBUG, "Creating pci backend");
/* add pci device */
--- a/tools/libxl/libxl_dom.c
+++ b/tools/libxl/libxl_dom.c
Index: xen-4.1.2-testing/tools/libxl/libxl_dom.c
===================================================================
--- xen-4.1.2-testing.orig/tools/libxl/libxl_dom.c
+++ xen-4.1.2-testing/tools/libxl/libxl_dom.c
@@ -265,14 +265,13 @@ int libxl__build_hvm(libxl_ctx *ctx, uin
libxl_domain_build_info *info, libxl_domain_build_state *state)
{
@ -183,8 +205,10 @@
out:
libxl__free_all(&gc);
return 0;
--- a/tools/libxl/libxl_utils.c
+++ b/tools/libxl/libxl_utils.c
Index: xen-4.1.2-testing/tools/libxl/libxl_utils.c
===================================================================
--- xen-4.1.2-testing.orig/tools/libxl/libxl_utils.c
+++ xen-4.1.2-testing/tools/libxl/libxl_utils.c
@@ -531,7 +531,7 @@ int libxl_devid_to_device_disk(libxl_ctx
libxl__gc gc = LIBXL_INIT_GC(ctx);
char *val;
@ -194,8 +218,10 @@
int rc = ERROR_INVAL;
devid_n = libxl__device_disk_dev_number(devid);
--- a/tools/libxl/xl_cmdimpl.c
+++ b/tools/libxl/xl_cmdimpl.c
Index: xen-4.1.2-testing/tools/libxl/xl_cmdimpl.c
===================================================================
--- xen-4.1.2-testing.orig/tools/libxl/xl_cmdimpl.c
+++ xen-4.1.2-testing/tools/libxl/xl_cmdimpl.c
@@ -5448,7 +5448,7 @@ int main_cpupoollist(int argc, char **ar
{"cpus", 0, 0, 'c'},
{0, 0, 0, 0}
@ -205,8 +231,10 @@
int opt_cpus = 0;
const char *pool = NULL;
libxl_cpupoolinfo *poolinfo;
--- a/tools/debugger/gdbsx/gx/gx_comm.c
+++ b/tools/debugger/gdbsx/gx/gx_comm.c
Index: xen-4.1.2-testing/tools/debugger/gdbsx/gx/gx_comm.c
===================================================================
--- xen-4.1.2-testing.orig/tools/debugger/gdbsx/gx/gx_comm.c
+++ xen-4.1.2-testing/tools/debugger/gdbsx/gx/gx_comm.c
@@ -163,7 +163,7 @@ readchar(void)
static char buf[BUFSIZ];
static int bufcnt = 0;
@ -216,8 +244,10 @@
if (bufcnt-- > 0)
return *bufp++ & 0x7f;
--- a/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c
+++ b/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c
Index: xen-4.1.2-testing/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c
===================================================================
--- xen-4.1.2-testing.orig/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c
+++ xen-4.1.2-testing/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c
@@ -820,7 +820,7 @@ static int create_suspend_thread(checkpo
static void stop_suspend_thread(checkpoint_state* s)
@ -227,8 +257,10 @@
s->done = 1;
--- a/tools/python/xen/lowlevel/netlink/libnetlink.c
+++ b/tools/python/xen/lowlevel/netlink/libnetlink.c
Index: xen-4.1.2-testing/tools/python/xen/lowlevel/netlink/libnetlink.c
===================================================================
--- xen-4.1.2-testing.orig/tools/python/xen/lowlevel/netlink/libnetlink.c
+++ xen-4.1.2-testing/tools/python/xen/lowlevel/netlink/libnetlink.c
@@ -433,7 +433,8 @@ int rtnl_from_file(FILE *rtnl, rtnl_filt
nladdr.nl_groups = 0;
@ -239,8 +271,10 @@
int l;
status = fread(&buf, 1, sizeof(*h), rtnl);
--- a/xen/arch/x86/msi.c
+++ b/xen/arch/x86/msi.c
Index: xen-4.1.2-testing/xen/arch/x86/msi.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/msi.c
+++ xen-4.1.2-testing/xen/arch/x86/msi.c
@@ -799,7 +799,7 @@ static void __pci_disable_msi(struct msi
{
struct pci_dev *dev;
@ -250,8 +284,10 @@
u8 bus, slot, func;
dev = entry->dev;
--- a/xen/common/cpupool.c
+++ b/xen/common/cpupool.c
Index: xen-4.1.2-testing/xen/common/cpupool.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/cpupool.c
+++ xen-4.1.2-testing/xen/common/cpupool.c
@@ -356,7 +356,7 @@ int cpupool_add_domain(struct domain *d,
{
struct cpupool *c;
@ -272,8 +308,10 @@
if ( d->cpupool == NULL )
return;
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
Index: xen-4.1.2-testing/xen/common/grant_table.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/grant_table.c
+++ xen-4.1.2-testing/xen/common/grant_table.c
@@ -769,7 +769,7 @@ __gnttab_unmap_common(
struct domain *ld, *rd;
struct active_grant_entry *act;
@ -283,8 +321,10 @@
ld = current->domain;
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
Index: xen-4.1.2-testing/xen/common/kexec.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/kexec.c
+++ xen-4.1.2-testing/xen/common/kexec.c
@@ -573,7 +573,8 @@ static int kexec_exec(XEN_GUEST_HANDLE(v
{
xen_kexec_exec_t exec;
@ -295,8 +335,10 @@
if ( unlikely(copy_from_guest(&exec, uarg, 1)) )
return -EFAULT;
--- a/xen/drivers/passthrough/vtd/intremap.c
+++ b/xen/drivers/passthrough/vtd/intremap.c
Index: xen-4.1.2-testing/xen/drivers/passthrough/vtd/intremap.c
===================================================================
--- xen-4.1.2-testing.orig/xen/drivers/passthrough/vtd/intremap.c
+++ xen-4.1.2-testing/xen/drivers/passthrough/vtd/intremap.c
@@ -367,7 +367,7 @@ unsigned int io_apic_read_remap_rte(
unsigned int ioapic_pin = (reg - 0x10) / 2;
int index;
@ -315,8 +357,10 @@
iommu = drhd->iommu;
qi_ctrl = iommu_qi_ctrl(iommu);
--- a/xen/common/sched_credit2.c
+++ b/xen/common/sched_credit2.c
Index: xen-4.1.2-testing/xen/common/sched_credit2.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/sched_credit2.c
+++ xen-4.1.2-testing/xen/common/sched_credit2.c
@@ -1854,7 +1854,8 @@ static void deactivate_runqueue(struct c
static void init_pcpu(const struct scheduler *ops, int cpu)
@ -327,9 +371,11 @@
struct csched_private *prv = CSCHED_PRIV(ops);
struct csched_runqueue_data *rqd;
spinlock_t *old_lock;
--- a/xen/common/unlzo.c
+++ b/xen/common/unlzo.c
@@ -68,7 +68,7 @@ static int INIT parse_header(u8 *input,
Index: xen-4.1.2-testing/xen/common/unlzo.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/unlzo.c
+++ xen-4.1.2-testing/xen/common/unlzo.c
@@ -68,7 +68,7 @@ static int INIT parse_header(u8 *input,
{
int l;
u8 *parse = input;
@ -338,8 +384,10 @@
u16 version;
/* read magic: 9 first bits */
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
Index: xen-4.1.2-testing/xen/arch/x86/time.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/time.c
+++ xen-4.1.2-testing/xen/arch/x86/time.c
@@ -1009,7 +1009,8 @@ static void local_time_calibration(void)
* System timestamps, extrapolated from local and master oscillators,
* taken during this calibration and the previous calibration.
@ -350,8 +398,10 @@
s_time_t prev_master_stime, curr_master_stime;
/* TSC timestamps taken during this calibration and prev calibration. */
--- a/xen/arch/x86/cpu/amd.c
+++ b/xen/arch/x86/cpu/amd.c
Index: xen-4.1.2-testing/xen/arch/x86/cpu/amd.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/cpu/amd.c
+++ xen-4.1.2-testing/xen/arch/x86/cpu/amd.c
@@ -391,7 +391,7 @@ static void __devinit init_amd(struct cp
{
u32 l, h;
@ -361,9 +411,11 @@
#ifdef CONFIG_SMP
unsigned long long value;
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -2339,7 +2339,7 @@ p2m_remove_page(struct p2m_domain *p2m,
Index: xen-4.1.2-testing/xen/arch/x86/mm/p2m.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/p2m.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/p2m.c
@@ -2339,7 +2339,7 @@ p2m_remove_page(struct p2m_domain *p2m,
unsigned int page_order)
{
unsigned long i;
@ -381,8 +433,10 @@
int pod_count = 0;
int rc = 0;
--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
Index: xen-4.1.2-testing/xen/arch/x86/hvm/emulate.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/hvm/emulate.c
+++ xen-4.1.2-testing/xen/arch/x86/hvm/emulate.c
@@ -59,7 +59,7 @@ static int hvmemul_do_io(
ioreq_t *p = get_ioreq(curr);
unsigned long ram_gfn = paddr_to_pfn(ram_gpa);
@ -392,9 +446,11 @@
int rc;
/* Check for paged out page */
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -253,7 +253,8 @@ void hvm_migrate_timers(struct vcpu *v)
Index: xen-4.1.2-testing/xen/arch/x86/hvm/hvm.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/hvm/hvm.c
+++ xen-4.1.2-testing/xen/arch/x86/hvm/hvm.c
@@ -278,7 +278,8 @@ void hvm_migrate_timers(struct vcpu *v)
void hvm_migrate_pirqs(struct vcpu *v)
{
@ -404,7 +460,7 @@
struct irq_desc *desc;
struct domain *d = v->domain;
struct hvm_irq_dpci *hvm_irq_dpci = d->arch.hvm_domain.irq.dpci;
@@ -3686,7 +3687,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
@@ -3711,7 +3712,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
{
p2m_type_t t;
p2m_type_t nt;
@ -413,8 +469,10 @@
mfn = gfn_to_mfn_unshare(p2m, pfn, &t, 0);
if ( p2m_is_paging(t) )
{
--- a/xen/arch/x86/acpi/cpu_idle.c
+++ b/xen/arch/x86/acpi/cpu_idle.c
Index: xen-4.1.2-testing/xen/arch/x86/acpi/cpu_idle.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/acpi/cpu_idle.c
+++ xen-4.1.2-testing/xen/arch/x86/acpi/cpu_idle.c
@@ -279,7 +279,7 @@ static void acpi_processor_ffh_cstate_en
static void acpi_idle_do_entry(struct acpi_processor_cx *cx)
@ -424,8 +482,10 @@
switch ( cx->entry_method )
{
--- a/xen/arch/x86/cpu/intel_cacheinfo.c
+++ b/xen/arch/x86/cpu/intel_cacheinfo.c
Index: xen-4.1.2-testing/xen/arch/x86/cpu/intel_cacheinfo.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/cpu/intel_cacheinfo.c
+++ xen-4.1.2-testing/xen/arch/x86/cpu/intel_cacheinfo.c
@@ -170,7 +170,8 @@ unsigned int __cpuinit init_intel_cachei
unsigned int trace = 0, l1i = 0, l1d = 0, l2 = 0, l3 = 0; /* Cache sizes */
unsigned int new_l1d = 0, new_l1i = 0; /* Cache sizes from cpuid(4) */
@ -436,9 +496,11 @@
if (c->cpuid_level > 3) {
static int is_initialized;
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
@@ -375,7 +375,7 @@ int mem_sharing_debug_gfn(struct domain
Index: xen-4.1.2-testing/xen/arch/x86/mm/mem_sharing.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/mem_sharing.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/mem_sharing.c
@@ -375,7 +375,7 @@ int mem_sharing_debug_gfn(struct domain
{
p2m_type_t p2mt;
mfn_t mfn;
@ -447,8 +509,10 @@
mfn = gfn_to_mfn(p2m_get_hostp2m(d), gfn, &p2mt);
page = mfn_to_page(mfn);
--- a/xen/arch/x86/hvm/viridian.c
+++ b/xen/arch/x86/hvm/viridian.c
Index: xen-4.1.2-testing/xen/arch/x86/hvm/viridian.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/hvm/viridian.c
+++ xen-4.1.2-testing/xen/arch/x86/hvm/viridian.c
@@ -270,7 +270,7 @@ int rdmsr_viridian_regs(uint32_t idx, ui
int viridian_hypercall(struct cpu_user_regs *regs)
{
@ -458,8 +522,10 @@
uint16_t status = HV_STATUS_SUCCESS;
union hypercall_input {
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
Index: xen-4.1.2-testing/xen/arch/x86/mm.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm.c
+++ xen-4.1.2-testing/xen/arch/x86/mm.c
@@ -4914,7 +4914,7 @@ static int ptwr_emulated_update(
{
unsigned long mfn;
@ -469,8 +535,10 @@
l1_pgentry_t pte, ol1e, nl1e, *pl1e;
struct vcpu *v = current;
struct domain *d = v->domain;
--- a/xen/arch/x86/x86_64/mm.c
+++ b/xen/arch/x86/x86_64/mm.c
Index: xen-4.1.2-testing/xen/arch/x86/x86_64/mm.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/x86_64/mm.c
+++ xen-4.1.2-testing/xen/arch/x86/x86_64/mm.c
@@ -436,7 +436,8 @@ void destroy_m2p_mapping(struct mem_hota
static int setup_compat_m2p_table(struct mem_hotadd_info *info)
{
@ -481,8 +549,10 @@
l3_pgentry_t *l3_ro_mpt = NULL;
l2_pgentry_t *l2_ro_mpt = NULL;
struct page_info *l1_pg;
--- a/xen/arch/x86/cpu/mcheck/mce.c
+++ b/xen/arch/x86/cpu/mcheck/mce.c
Index: xen-4.1.2-testing/xen/arch/x86/cpu/mcheck/mce.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/cpu/mcheck/mce.c
+++ xen-4.1.2-testing/xen/arch/x86/cpu/mcheck/mce.c
@@ -151,7 +151,6 @@ static struct mcinfo_bank *mca_init_bank
struct mc_info *mi, int bank)
{
@ -499,7 +569,7 @@
if (mib->mc_status & MCi_STATUS_MISCV)
mib->mc_misc = mca_rdmsr(MSR_IA32_MCx_MISC(bank));
@@ -281,7 +279,7 @@ mctelem_cookie_t mcheck_mca_logout(enum
@@ -281,7 +279,7 @@ mctelem_cookie_t mcheck_mca_logout(enum
recover = (mc_recoverable_scan)? 1: 0;
for (i = 0; i < 32 && i < nr_mce_banks; i++) {
@ -517,8 +587,10 @@
uint64_t hwcr = 0;
int intpose;
int i;
--- a/xen/common/tmem.c
+++ b/xen/common/tmem.c
Index: xen-4.1.2-testing/xen/common/tmem.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/tmem.c
+++ xen-4.1.2-testing/xen/common/tmem.c
@@ -1351,7 +1351,8 @@ obj_unlock:
static int tmem_evict(void)
{
@ -539,8 +611,10 @@
client_t *client = pool->client;
int ret = client->frozen ? -EFROZEN : -ENOMEM;
--- a/xen/common/tmem_xen.c
+++ b/xen/common/tmem_xen.c
Index: xen-4.1.2-testing/xen/common/tmem_xen.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/tmem_xen.c
+++ xen-4.1.2-testing/xen/common/tmem_xen.c
@@ -177,7 +177,7 @@ EXPORT int tmh_copy_from_client(pfp_t *p
EXPORT int tmh_compress_from_client(tmem_cli_mfn_t cmfn,
void **out_va, size_t *out_len, void *cli_va)
@ -578,9 +652,11 @@
tmh->persistent_pool = xmem_pool_create(name, tmh_persistent_pool_page_get,
tmh_persistent_pool_page_put, PAGE_SIZE, 0, PAGE_SIZE);
if ( tmh->persistent_pool == NULL )
--- a/xen/arch/x86/cpu/mcheck/vmce.c
+++ b/xen/arch/x86/cpu/mcheck/vmce.c
@@ -630,7 +630,7 @@ int is_vmce_ready(struct mcinfo_bank *ba
Index: xen-4.1.2-testing/xen/arch/x86/cpu/mcheck/vmce.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/cpu/mcheck/vmce.c
+++ xen-4.1.2-testing/xen/arch/x86/cpu/mcheck/vmce.c
@@ -656,7 +656,7 @@ int is_vmce_ready(struct mcinfo_bank *ba
*/
int unmmap_broken_page(struct domain *d, mfn_t mfn, unsigned long gfn)
{
@ -589,9 +665,11 @@
struct p2m_domain *p2m;
p2m_type_t pt;
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -124,7 +124,7 @@ set_shadow_status(struct vcpu *v, mfn_t
Index: xen-4.1.2-testing/xen/arch/x86/mm/shadow/multi.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/shadow/multi.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/shadow/multi.c
@@ -124,7 +124,7 @@ set_shadow_status(struct vcpu *v, mfn_t
/* Put a shadow into the hash table */
{
struct domain *d = v->domain;
@ -609,8 +687,10 @@
shadow_l1e_t *sl1p, sl1e;
struct page_info *sp;
--- a/xen/arch/x86/domain_build.c
+++ b/xen/arch/x86/domain_build.c
Index: xen-4.1.2-testing/xen/arch/x86/domain_build.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/domain_build.c
+++ xen-4.1.2-testing/xen/arch/x86/domain_build.c
@@ -378,8 +378,7 @@ int __init construct_dom0(
return rc;
@ -621,9 +701,11 @@
machine = elf_uval(&elf, elf.ehdr, e_machine);
switch (CONFIG_PAGING_LEVELS) {
case 3: /* x86_32p */
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1858,7 +1858,11 @@ static int emulate_privileged_op(struct
Index: xen-4.1.2-testing/xen/arch/x86/traps.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/traps.c
+++ xen-4.1.2-testing/xen/arch/x86/traps.c
@@ -1858,7 +1858,11 @@ static int emulate_privileged_op(struct
struct vcpu *v = current;
unsigned long *reg, eip = regs->eip;
u8 opcode, modrm_reg = 0, modrm_rm = 0, rep_prefix = 0, lock = 0, rex = 0;

75
xen.changes
View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Tue Jun 12 14:37:00 MDT 2012 - carnold@novell.com
- Upstream pygrub patches for grub2 support and fixes
24000-pygrub-grub2.patch
24001-pygrub-grub2.patch
24002-pygrub-grub2.patch
-------------------------------------------------------------------
Mon Jun 11 10:32:42 MDT 2012 - carnold@novell.com
- Upstream pygrub patches for grub2 support and fixes
23686-pygrub-solaris.patch
23697-pygrub-grub2.patch
23944-pygrub-debug.patch
23998-pygrub-GPT.patch
23999-pygrub-grub2.patch
24064-pygrub-HybridISO.patch
24401-pygrub-scrolling.patch
24402-pygrub-edit-fix.patch
24460-pygrub-extlinux.patch
24706-pygrub-extlinux.patch
-------------------------------------------------------------------
Wed Jun 6 08:14:38 MDT 2012 - carnold@novell.com
- Revised version of security patch and an additional patch for
bnc#764077
x86_64-AMD-erratum-121.patch
x86_64-allow-unsafe-adjust.patch
-------------------------------------------------------------------
Wed Jun 6 10:21:03 CEST 2012 - ohering@suse.de
- remove dummy asm/smp-processor-id.h
-------------------------------------------------------------------
Tue May 29 11:59:28 CEST 2012 - jsmeix@suse.de
@ -6,6 +42,26 @@ Tue May 29 11:59:28 CEST 2012 - jsmeix@suse.de
because "ps2pdf xenapi.ps xenapi.pdf" failed only for
Ghostscript version 9.04 (now we have Ghostscript 9.05).
-------------------------------------------------------------------
Mon May 25 08:02:13 MDT 2012 - carnold@novell.com
- bnc#764077 - VUL-0: EMBARGOED: xen: XSA-9: denial of service on
older AMD systems
x86_64-AMD-erratum-121.patch
- Revised version of security patch for bnc#757537
x86_64-sysret-canonical.patch
-------------------------------------------------------------------
Tue May 15 06:45:59 MDT 2012 - carnold@novell.com
- Upstream patches from Jan
25242-x86_64-hotplug-compat-m2p.patch
25247-SVM-no-rdtsc-intercept.patch
25267-x86-text-unlikely.patch
25269-x86-vMCE-addr-misc-write.patch
25271-x86_64-IST-index.patch
25327-pvdrv-no-asm-system-h.patch
-------------------------------------------------------------------
Mon May 14 08:32:45 CEST 2012 - ohering@suse.de
@ -16,6 +72,25 @@ Mon May 14 07:43:33 CEST 2012 - ohering@suse.de
- remove inclusion of asm/system.h from platform-pci.c
-------------------------------------------------------------------
Tue Apr 24 08:22:16 MDT 2012 - carnold@novell.com
- Upstream patches from Jan
25168-x86-memset-size.patch
25191-x86-tdt-delta-calculation.patch
25195-x86-cpuidle-C2-no-flush-or-bm-check.patch
25196-x86-HAP-PAT-sr.patch
25200-x86_64-trap-bounce-flags.patch
-------------------------------------------------------------------
Thu Apr 19 07:33:00 MDT 2012 - carnold@novell.com
- bnc#757537 - VUL-0: xen: CVE-2012-0217 PV guest escalation
x86_64-sysret-canonical.patch
- bnc#757970 - VUL-1: xen: guest denial of service on syscall GPF
generation
x86_64-trap-bounce-flags.patch
-------------------------------------------------------------------
Tue Apr 3 08:33:36 MDT 2012 - carnold@novell.com

2
xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch
View File

@ -21,7 +21,7 @@ Index: xen-4.1.2-testing/unmodified_drivers/linux-2.6/platform-pci/platform-pci.
#include <linux/interrupt.h>
#include <linux/vmalloc.h>
#include <linux/mm.h>
@@ -480,6 +481,18 @@ static struct pci_device_id platform_pci
@@ -479,6 +480,18 @@ static struct pci_device_id platform_pci
MODULE_DEVICE_TABLE(pci, platform_pci_tbl);

55
xen.spec
View File

@ -15,6 +15,7 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: xen
ExclusiveArch: %ix86 x86_64
%define xvers 4.1
@ -224,6 +225,8 @@ Patch23615: 23615-x86_64-EFI-runtime.patch
Patch23616: 23616-x86_64-EFI-MPS.patch
Patch23643: 23643-xentrace_Allow_tracing_to_be_enabled_at_boot.patch
Patch23676: 23676-x86_64-image-map-bounds.patch
Patch23686: 23686-pygrub-solaris.patch
Patch23697: 23697-pygrub-grub2.patch
Patch23719: 23719-xentrace_update___trace_var_comment.patch
Patch23723: 23723-x86-CMOS-lock.patch
Patch23724: 23724-x86-smpboot-x2apic.patch
@ -259,6 +262,7 @@ Patch23908: 23908-p2m_query-modify_p2mt_with_p2m_lock_held.patch
Patch23925: 23925-x86-AMD-ARAT-Fam12.patch
Patch23933: 23933-pt-bus2bridge-update.patch
Patch23943: 23943-xenpaging_clear_page_content_after_evict.patch
Patch23944: 23944-pygrub-debug.patch
Patch23949: 23949-constify_vcpu_set_affinitys_second_parameter.patch
Patch23953: 23953-xenpaging_handle_evict_failures.patch
Patch23955: 23955-x86-pv-cpuid-xsave.patch
@ -267,6 +271,12 @@ Patch23978: 23978-xenpaging_check_p2mt_in_p2m_mem_paging_functions.patch
Patch23979: 23979-xenpaging_document_p2m_mem_paging_functions.patch
Patch23980: 23980-xenpaging_disallow_paging_in_a_PoD_guest.patch
Patch23993: 23993-x86-microcode-amd-fix-23871.patch
Patch23998: 23998-pygrub-GPT.patch
Patch23999: 23999-pygrub-grub2.patch
Patch24000: 24000-pygrub-grub2.patch
Patch24001: 24001-pygrub-grub2.patch
Patch24002: 24002-pygrub-grub2.patch
Patch24064: 24064-pygrub-HybridISO.patch
Patch24104: 24104-waitqueue_Double_size_of_x86_shadow_stack..patch
Patch24105: 24105-xenpaging_compare_domain_pointer_in_p2m_mem_paging_populate.patch
Patch24106: 24106-mem_event_check_capabilities_only_once.patch
@ -332,6 +342,8 @@ Patch24359: 24359-x86-domU-features.patch
Patch24360: 24360-x86-pv-domU-no-PCID.patch
Patch24389: 24389-amd-fam10-gart-tlb-walk-err.patch
Patch24391: 24391-x86-pcpu-version.patch
Patch24401: 24401-pygrub-scrolling.patch
Patch24402: 24402-pygrub-edit-fix.patch
Patch24411: 24411-x86-ucode-AMD-Fam15.patch
Patch24412: 24412-x86-AMD-errata-model-shift.patch
Patch24417: 24417-amd-erratum-573.patch
@ -341,6 +353,7 @@ Patch24448: 24448-x86-pt-irq-leak.patch
Patch24453: 24453-x86-vIRQ-IRR-TMR-race.patch
Patch24456: 24456-x86-emul-lea.patch
Patch24459: 24459-libxl-vifname.patch
Patch24460: 24460-pygrub-extlinux.patch
Patch24466: 24466-libxc_Only_retry_mapping_pages_when_ENOENT_is_returned.patch
Patch24478: 24478-libxl_add_feature_flag_to_xenstore_for_XS_RESET_WATCHES.patch
Patch24517: 24517-VT-d-fault-softirq.patch
@ -353,6 +366,7 @@ Patch24610: 24610-xenpaging_make_file_op_largefile_aware.patch
Patch24615: 24615-VESA-lfb-flush.patch
Patch24690: 24690-x86-PCI-SERR-no-deadlock.patch
Patch24701: 24701-gnttab-map-grant-ref-recovery.patch
Patch24706: 24706-pygrub-extlinux.patch
Patch24742: 24742-gnttab-misc.patch
Patch24780: 24780-x86-paging-use-clear_guest.patch
Patch24781: 24781-x86-vmce-mcg_ctl.patch
@ -367,6 +381,17 @@ Patch24996: 24996-x86-cpuidle-array-overrun.patch
Patch25041: 25041-tapdisk2-create-init-name.patch
Patch25098: 25098-x86-emul-lock-UD.patch
Patch25101: 25101-x86-hpet-disable.patch
Patch25168: 25168-x86-memset-size.patch
Patch25191: 25191-x86-tdt-delta-calculation.patch
Patch25195: 25195-x86-cpuidle-C2-no-flush-or-bm-check.patch
Patch25196: 25196-x86-HAP-PAT-sr.patch
Patch25200: 25200-x86_64-trap-bounce-flags.patch
Patch25242: 25242-x86_64-hotplug-compat-m2p.patch
Patch25247: 25247-SVM-no-rdtsc-intercept.patch
Patch25267: 25267-x86-text-unlikely.patch
Patch25269: 25269-x86-vMCE-addr-misc-write.patch
Patch25271: 25271-x86_64-IST-index.patch
Patch25327: 25327-pvdrv-no-asm-system-h.patch
# Upstream qemu patches
Patch100: ioemu-9868-MSI-X.patch
Patch101: ioemu-9869-MSI-X-init.patch
@ -506,6 +531,9 @@ Patch514: xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch
Patch650: disable_emulated_device.diff
Patch651: ioemu-disable-scsi.patch
Patch652: ioemu-disable-emulated-ide-if-pv.patch
Patch653: x86_64-sysret-canonical.patch
Patch654: x86_64-AMD-erratum-121.patch
Patch655: x86_64-allow-unsafe-adjust.patch
Patch700: hv_extid_compatibility.patch
Patch701: xen.no-default-runlevel-4.patch
# FATE 310510
@ -948,6 +976,8 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch23616 -p1
%patch23643 -p1
%patch23676 -p1
%patch23686 -p1
%patch23697 -p1
%patch23719 -p1
%patch23723 -p1
%patch23724 -p1
@ -983,6 +1013,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch23925 -p1
%patch23933 -p1
%patch23943 -p1
%patch23944 -p1
%patch23949 -p1
%patch23953 -p1
%patch23955 -p1
@ -991,6 +1022,12 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch23979 -p1
%patch23980 -p1
%patch23993 -p1
%patch23998 -p1
%patch23999 -p1
%patch24000 -p1
%patch24001 -p1
%patch24002 -p1
%patch24064 -p1
%patch24104 -p1
%patch24105 -p1
%patch24106 -p1
@ -1056,6 +1093,8 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch24360 -p1
%patch24389 -p1
%patch24391 -p1
%patch24401 -p1
%patch24402 -p1
%patch24411 -p1
%patch24412 -p1
%patch24417 -p1
@ -1065,6 +1104,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch24453 -p1
%patch24456 -p1
%patch24459 -p1
%patch24460 -p1
%patch24466 -p1
%patch24478 -p1
%patch24517 -p1
@ -1077,6 +1117,7 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch24615 -p1
%patch24690 -p1
%patch24701 -p1
%patch24706 -p1
%patch24742 -p1
%patch24780 -p1
%patch24781 -p1
@ -1091,6 +1132,17 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch25041 -p1
%patch25098 -p1
%patch25101 -p1
%patch25168 -p1
%patch25191 -p1
%patch25195 -p1
%patch25196 -p1
%patch25200 -p1
%patch25242 -p1
%patch25247 -p1
%patch25267 -p1
%patch25269 -p1
%patch25271 -p1
%patch25327 -p1
# Qemu
%patch100 -p1
%patch101 -p1
@ -1224,6 +1276,9 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools
%patch650 -p1
%patch651 -p1
%patch652 -p1
%patch653 -p1
%patch654 -p1
%patch655 -p1
%patch700 -p1
%patch701 -p1
# FATE 310510

6
xenpaging.evict_fail_fast_forward.patch
View File

@ -12,8 +12,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
xen/arch/x86/mm/p2m.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
Index: xen-4.1.2-testing/xen/arch/x86/mm/p2m.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/p2m.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/p2m.c
@@ -3036,6 +3036,7 @@ void p2m_mem_paging_populate(struct p2m_
p2m_type_t p2mt;
p2m_access_t a;

6
xenpaging.evict_mmap_readonly.patch
View File

@ -6,8 +6,10 @@ nominate/evict will not modify the page so there is no need to map the page rw.
tools/xenpaging/xenpaging.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/tools/xenpaging/xenpaging.c
+++ b/tools/xenpaging/xenpaging.c
Index: xen-4.1.2-testing/tools/xenpaging/xenpaging.c
===================================================================
--- xen-4.1.2-testing.orig/tools/xenpaging/xenpaging.c
+++ xen-4.1.2-testing/tools/xenpaging/xenpaging.c
@@ -575,8 +575,7 @@ static int xenpaging_evict_page(xenpagin
/* Map page to get a handle */

50
xenpaging.mem_event-use-wait_queue.patch
View File

@ -53,9 +53,11 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
xen/include/xen/sched.h | 17 +++-
6 files changed, 179 insertions(+), 81 deletions(-)
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4013,8 +4013,8 @@ static int hvm_memory_event_traps(long p
Index: xen-4.1.2-testing/xen/arch/x86/hvm/hvm.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/hvm/hvm.c
+++ xen-4.1.2-testing/xen/arch/x86/hvm/hvm.c
@@ -4038,8 +4038,8 @@ static int hvm_memory_event_traps(long p
if ( (p & HVMPME_onchangeonly) && (value == old) )
return 1;
@ -66,8 +68,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
return rc;
memset(&req, 0, sizeof(req));
--- a/xen/arch/x86/mm/mem_event.c
+++ b/xen/arch/x86/mm/mem_event.c
Index: xen-4.1.2-testing/xen/arch/x86/mm/mem_event.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/mem_event.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/mem_event.c
@@ -23,6 +23,7 @@
#include <asm/domain.h>
@ -320,8 +324,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
}
break;
--- a/xen/arch/x86/mm/mem_sharing.c
+++ b/xen/arch/x86/mm/mem_sharing.c
Index: xen-4.1.2-testing/xen/arch/x86/mm/mem_sharing.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/mem_sharing.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/mem_sharing.c
@@ -292,44 +292,32 @@ static void mem_sharing_audit(void)
#endif
@ -343,15 +349,15 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
- req.type = MEM_EVENT_TYPE_SHARED;
-
- if(must_succeed)
+ if ( v->domain != d )
{
- {
- /* We do not support 'must_succeed' any more. External operations such
- * as grant table mappings may fail with OOM condition!
- */
- BUG();
- }
- else
- {
+ if ( v->domain != d )
{
- /* All foreign attempts to unshare pages should be handled through
- * 'must_succeed' case. */
- ASSERT(v->domain->domain_id == d->domain_id);
@ -382,7 +388,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
}
unsigned int mem_sharing_get_nr_saved_mfns(void)
@@ -692,14 +680,14 @@ gfn_found:
@@ -692,14 +680,14 @@ gfn_found:
if(ret == 0) goto private_page_found;
old_page = page;
@ -399,8 +405,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
return -ENOMEM;
}
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
Index: xen-4.1.2-testing/xen/arch/x86/mm/p2m.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/p2m.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/p2m.c
@@ -2988,21 +2988,13 @@ int p2m_mem_paging_evict(struct p2m_doma
*/
void p2m_mem_paging_drop_page(struct p2m_domain *p2m, unsigned long gfn)
@ -456,7 +464,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
}
void p2m_mem_access_check(unsigned long gpa, bool_t gla_valid, unsigned long gla,
@@ -3240,7 +3232,7 @@ void p2m_mem_access_check(unsigned long
@@ -3240,7 +3232,7 @@ void p2m_mem_access_check(unsigned long
p2m_unlock(p2m);
/* Otherwise, check if there is a memory event listener, and send the message along */
@ -465,7 +473,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
if ( res < 0 )
{
/* No listener */
@@ -3250,7 +3242,7 @@ void p2m_mem_access_check(unsigned long
@@ -3250,7 +3242,7 @@ void p2m_mem_access_check(unsigned long
"Memory access permissions failure, no mem_event listener: pausing VCPU %d, dom %d\n",
v->vcpu_id, d->domain_id);
@ -489,8 +497,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
}
#endif /* __x86_64__ */
--- a/xen/include/asm-x86/mem_event.h
+++ b/xen/include/asm-x86/mem_event.h
Index: xen-4.1.2-testing/xen/include/asm-x86/mem_event.h
===================================================================
--- xen-4.1.2-testing.orig/xen/include/asm-x86/mem_event.h
+++ xen-4.1.2-testing/xen/include/asm-x86/mem_event.h
@@ -24,13 +24,13 @@
#ifndef __MEM_EVENT_H__
#define __MEM_EVENT_H__
@ -510,8 +520,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
int mem_event_domctl(struct domain *d, xen_domctl_mem_event_op_t *mec,
XEN_GUEST_HANDLE(void) u_domctl);
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
Index: xen-4.1.2-testing/xen/include/xen/sched.h
===================================================================
--- xen-4.1.2-testing.orig/xen/include/xen/sched.h
+++ xen-4.1.2-testing/xen/include/xen/sched.h
@@ -26,6 +26,7 @@
#include <xen/cpumask.h>
#include <xen/nodemask.h>

68
xenpaging.p2m_is_paged.patch
View File

@ -30,8 +30,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
xen/include/asm-x86/p2m.h | 9 ++++-
9 files changed, 51 insertions(+), 60 deletions(-)
--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
Index: xen-4.1.2-testing/xen/arch/x86/hvm/emulate.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/hvm/emulate.c
+++ xen-4.1.2-testing/xen/arch/x86/hvm/emulate.c
@@ -66,7 +66,8 @@ static int hvmemul_do_io(
ram_mfn = gfn_to_mfn_unshare(p2m, ram_gfn, &p2mt, 0);
if ( p2m_is_paging(p2mt) )
@ -42,9 +44,11 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
return X86EMUL_RETRY;
}
if ( p2m_is_shared(p2mt) )
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -360,7 +360,8 @@ static int hvm_set_ioreq_page(
Index: xen-4.1.2-testing/xen/arch/x86/hvm/hvm.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/hvm/hvm.c
+++ xen-4.1.2-testing/xen/arch/x86/hvm/hvm.c
@@ -385,7 +385,8 @@ static int hvm_set_ioreq_page(
return -EINVAL;
if ( p2m_is_paging(p2mt) )
{
@ -54,7 +58,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
return -ENOENT;
}
if ( p2m_is_shared(p2mt) )
@@ -1174,7 +1175,7 @@ bool_t hvm_hap_nested_page_fault(unsigne
@@ -1199,7 +1200,7 @@ bool_t hvm_hap_nested_page_fault(unsigne
#ifdef __x86_64__
/* Check if the page has been paged out */
@ -63,7 +67,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
p2m_mem_paging_populate(p2m, gfn);
/* Mem sharing: unshare the page and try again */
@@ -1662,7 +1663,8 @@ static void *__hvm_map_guest_frame(unsig
@@ -1687,7 +1688,8 @@ static void *__hvm_map_guest_frame(unsig
return NULL;
if ( p2m_is_paging(p2mt) )
{
@ -73,7 +77,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
return NULL;
}
@@ -2120,7 +2122,8 @@ static enum hvm_copy_result __hvm_copy(
@@ -2145,7 +2147,8 @@ static enum hvm_copy_result __hvm_copy(
if ( p2m_is_paging(p2mt) )
{
@ -83,7 +87,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
return HVMCOPY_gfn_paged_out;
}
if ( p2m_is_shared(p2mt) )
@@ -2208,7 +2211,8 @@ static enum hvm_copy_result __hvm_clear(
@@ -2233,7 +2236,8 @@ static enum hvm_copy_result __hvm_clear(
if ( p2m_is_paging(p2mt) )
{
@ -93,7 +97,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
return HVMCOPY_gfn_paged_out;
}
if ( p2m_is_shared(p2mt) )
@@ -3594,7 +3598,8 @@ long do_hvm_op(unsigned long op, XEN_GUE
@@ -3619,7 +3623,8 @@ long do_hvm_op(unsigned long op, XEN_GUE
mfn_t mfn = gfn_to_mfn(p2m, pfn, &t);
if ( p2m_is_paging(t) )
{
@ -103,7 +107,7 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
rc = -EINVAL;
goto param_fail3;
@@ -3691,7 +3696,8 @@ long do_hvm_op(unsigned long op, XEN_GUE
@@ -3716,7 +3721,8 @@ long do_hvm_op(unsigned long op, XEN_GUE
mfn = gfn_to_mfn_unshare(p2m, pfn, &t, 0);
if ( p2m_is_paging(t) )
{
@ -113,8 +117,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
rc = -EINVAL;
goto param_fail4;
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
Index: xen-4.1.2-testing/xen/arch/x86/mm.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm.c
+++ xen-4.1.2-testing/xen/arch/x86/mm.c
@@ -3465,9 +3465,10 @@ int do_mmu_update(
if ( !p2m_is_valid(p2mt) )
mfn = INVALID_MFN;
@ -240,8 +246,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
else if ( p2m_ram_shared == l4e_p2mt )
{
MEM_LOG("Unexpected attempt to map shared page.\n");
--- a/xen/arch/x86/mm/guest_walk.c
+++ b/xen/arch/x86/mm/guest_walk.c
Index: xen-4.1.2-testing/xen/arch/x86/mm/guest_walk.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/guest_walk.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/guest_walk.c
@@ -96,7 +96,8 @@ static inline void *map_domain_gfn(struc
*mfn = gfn_to_mfn_unshare(p2m, gfn_x(gfn), p2mt, 0);
if ( p2m_is_paging(*p2mt) )
@ -252,8 +260,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
*rc = _PAGE_PAGED;
return NULL;
--- a/xen/arch/x86/mm/hap/guest_walk.c
+++ b/xen/arch/x86/mm/hap/guest_walk.c
Index: xen-4.1.2-testing/xen/arch/x86/mm/hap/guest_walk.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/hap/guest_walk.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/hap/guest_walk.c
@@ -50,7 +50,8 @@ unsigned long hap_gva_to_gfn(GUEST_PAGIN
top_mfn = gfn_to_mfn_unshare(p2m, cr3 >> PAGE_SHIFT, &p2mt, 0);
if ( p2m_is_paging(p2mt) )
@ -274,8 +284,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
pfec[0] = PFEC_page_paged;
return INVALID_GFN;
--- a/xen/arch/x86/mm/hap/p2m-ept.c
+++ b/xen/arch/x86/mm/hap/p2m-ept.c
Index: xen-4.1.2-testing/xen/arch/x86/mm/hap/p2m-ept.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/hap/p2m-ept.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/hap/p2m-ept.c
@@ -377,8 +377,7 @@ ept_set_entry(struct p2m_domain *p2m, un
* the intermediate tables will be freed below after the ept flush */
old_entry = *ept_entry;
@ -286,8 +298,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
{
/* Construct the new entry, and then write it once */
new_entry.emt = epte_get_entry_emt(p2m->domain, gfn, mfn, &ipat,
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
Index: xen-4.1.2-testing/xen/arch/x86/mm/p2m.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/mm/p2m.c
+++ xen-4.1.2-testing/xen/arch/x86/mm/p2m.c
@@ -3049,7 +3049,7 @@ void p2m_mem_paging_populate(struct p2m_
p2m_lock(p2m);
mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query);
@ -306,8 +320,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
{
/* gfn is already on its way back and vcpu is not paused */
mem_event_put_req_producers(&d->mem_event->paging);
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
Index: xen-4.1.2-testing/xen/common/grant_table.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/grant_table.c
+++ xen-4.1.2-testing/xen/common/grant_table.c
@@ -158,7 +158,8 @@ static int __get_paged_frame(unsigned lo
*frame = mfn_x(mfn);
if ( p2m_is_paging(p2mt) )
@ -318,8 +334,10 @@ Signed-off-by: Olaf Hering <olaf@aepfle.de>
rc = GNTST_eagain;
}
} else {
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
Index: xen-4.1.2-testing/xen/include/asm-x86/p2m.h
===================================================================
--- xen-4.1.2-testing.orig/xen/include/asm-x86/p2m.h
+++ xen-4.1.2-testing/xen/include/asm-x86/p2m.h
@@ -157,7 +157,11 @@ typedef enum {
| p2m_to_mask(p2m_ram_paging_in_start) \
| p2m_to_mask(p2m_ram_paging_in))

2
xenpaging.waitqueue-paging.patch
View File

@ -38,7 +38,7 @@ Index: xen-4.1.2-testing/xen/arch/x86/hvm/hvm.c
===================================================================
--- xen-4.1.2-testing.orig/xen/arch/x86/hvm/hvm.c
+++ xen-4.1.2-testing/xen/arch/x86/hvm/hvm.c
@@ -442,6 +442,8 @@ int hvm_domain_initialise(struct domain
@@ -467,6 +467,8 @@ int hvm_domain_initialise(struct domain
spin_lock_init(&d->arch.hvm_domain.irq_lock);
spin_lock_init(&d->arch.hvm_domain.uc_lock);