pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- fate#315712: XEN: Use the PVOPS kernel

Browse Source 
Turn off building the KMPs now that we are using the pvops kernel
  xen.spec

- Upstream patches from Jan
  561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
  561d20a0-x86-hide-MWAITX-from-PV-domains.patch
  561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
  5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
  56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
  56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
  5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
  5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch)
  563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
  563212e4-xenoprof-free-domain-s-vcpu-array.patch
  563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
  56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
  56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
  5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
  5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch 
- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch

- Use upstream variants of block-iscsi and block-nbd

- Remove xenalyze.hg, its part of xen-4.6

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=389
This commit is contained in:
Charles Arnold 2015-11-24 15:48:21 +00:00 committed by Git OBS Bridge
parent b086a62192
commit c608e23838
24 changed files with 999 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
55b0a2db-x86-MSI-track-guest-masking.patch
View File

@ -1,57 +0,0 @@
References: bsc#907514 bsc#910258 bsc#918984 bsc#923967
# Commit aa7c1fdf9dd04a1287f4770906b2c41b88a28228
# Date 2015-07-23 10:16:27 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/MSI: properly track guest masking requests
... by monitoring writes to the mask register.
This allows reverting the main effect of the XSA-129 patches in qemu.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Index: xen-4.6.0-testing/xen/arch/x86/msi.c
===================================================================
--- xen-4.6.0-testing.orig/xen/arch/x86/msi.c
+++ xen-4.6.0-testing/xen/arch/x86/msi.c
@@ -1336,6 +1336,37 @@ int pci_msi_conf_write_intercept(struct
return 1;
}
+ entry = find_msi_entry(pdev, -1, PCI_CAP_ID_MSI);
+ if ( entry && entry->msi_attrib.maskbit )
+ {
+ uint16_t cntl;
+ uint32_t unused;
+
+ pos = entry->msi_attrib.pos;
+ if ( reg < pos || reg >= entry->msi.mpos + 8 )
+ return 0;
+
+ if ( reg == msi_control_reg(pos) )
+ return size == 2 ? 1 : -EACCES;
+ if ( reg < entry->msi.mpos || reg >= entry->msi.mpos + 4 || size != 4 )
+ return -EACCES;
+
+ cntl = pci_conf_read16(seg, bus, slot, func, msi_control_reg(pos));
+ unused = ~(uint32_t)0 >> (32 - multi_msi_capable(cntl));
+ for ( pos = 0; pos < entry->msi.nvec; ++pos, ++entry )
+ {
+ entry->msi_attrib.guest_masked =
+ *data >> entry->msi_attrib.entry_nr;
+ if ( entry->msi_attrib.host_masked )
+ *data |= 1 << pos;
+ unused &= ~(1 << pos);
+ }
+
+ *data |= unused;
+
+ return 1;
+ }
+
return 0;
}

55
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch Normal file
View File

@ -0,0 +1,55 @@
# Commit 710942e57fb42ff8f344ca82f6b678f67e38ae63
# Date 2015-10-12 15:58:35 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
VT-d: don't suppress invalidation address write when it is zero
GFN zero is a valid address, and hence may need invalidation done for
it just like for any other GFN.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Yang Zhang <yang.z.zhang@intel.com>
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -414,7 +414,7 @@ static int flush_iotlb_reg(void *_iommu,
{
struct iommu *iommu = (struct iommu *) _iommu;
int tlb_offset = ecap_iotlb_offset(iommu->ecap);
- u64 val = 0, val_iva = 0;
+ u64 val = 0;
unsigned long flags;
/*
@@ -435,7 +435,6 @@ static int flush_iotlb_reg(void *_iommu,
switch ( type )
{
case DMA_TLB_GLOBAL_FLUSH:
- /* global flush doesn't need set IVA_REG */
val = DMA_TLB_GLOBAL_FLUSH|DMA_TLB_IVT;
break;
case DMA_TLB_DSI_FLUSH:
@@ -443,8 +442,6 @@ static int flush_iotlb_reg(void *_iommu,
break;
case DMA_TLB_PSI_FLUSH:
val = DMA_TLB_PSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
- /* Note: always flush non-leaf currently */
- val_iva = size_order | addr;
break;
default:
BUG();
@@ -457,8 +454,11 @@ static int flush_iotlb_reg(void *_iommu,
spin_lock_irqsave(&iommu->register_lock, flags);
/* Note: Only uses first TLB reg currently */
- if ( val_iva )
- dmar_writeq(iommu->reg, tlb_offset, val_iva);
+ if ( type == DMA_TLB_PSI_FLUSH )
+ {
+ /* Note: always flush non-leaf currently. */
+ dmar_writeq(iommu->reg, tlb_offset, size_order | addr);
+ }
dmar_writeq(iommu->reg, tlb_offset + 8, val);
/* Make sure hardware complete it */

32
561d20a0-x86-hide-MWAITX-from-PV-domains.patch Normal file
View File

@ -0,0 +1,32 @@
# Commit 941cd44324db7eddc46cba4596fa13d505066ccf
# Date 2015-10-13 17:17:52 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: hide MWAITX from PV domains
Since MWAIT is hidden too. (Linux starting with 4.3 is making use of
that feature, and is checking for it without looking at the MWAIT one.)
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -967,6 +967,7 @@ void pv_cpuid(struct cpu_user_regs *regs
__clear_bit(X86_FEATURE_LWP % 32, &c);
__clear_bit(X86_FEATURE_NODEID_MSR % 32, &c);
__clear_bit(X86_FEATURE_TOPOEXT % 32, &c);
+ __clear_bit(X86_FEATURE_MWAITX % 32, &c);
break;
case 0x0000000a: /* Architectural Performance Monitor Features (Intel) */
--- a/xen/include/asm-x86/cpufeature.h
+++ b/xen/include/asm-x86/cpufeature.h
@@ -135,6 +135,7 @@
#define X86_FEATURE_TBM (6*32+21) /* trailing bit manipulations */
#define X86_FEATURE_TOPOEXT (6*32+22) /* topology extensions CPUID leafs */
#define X86_FEATURE_DBEXT (6*32+26) /* data breakpoint extension */
+#define X86_FEATURE_MWAITX (6*32+29) /* MWAIT extension (MONITORX/MWAITX) */
/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 7 */
#define X86_FEATURE_FSGSBASE (7*32+ 0) /* {RD,WR}{FS,GS}BASE instructions */

114
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch Normal file
View File

@ -0,0 +1,114 @@
# Commit 83281fc9b31396e94c0bfb6550b75c165037a0ad
# Date 2015-10-14 12:46:27 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/NUMA: fix SRAT table processor entry parsing and consumption
- don't overrun apicid_to_node[] (possible in the x2APIC case)
- don't limit number of processor related SRAT entries we can consume
- make acpi_numa_{processor,x2apic}_affinity_init() as similar to one
another as possible
- print APIC IDs in hex (to ease matching with other log messages), at
once making legacy and x2APIC ones distinguishable (by width)
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/numa.c
+++ b/xen/arch/x86/numa.c
@@ -349,7 +349,7 @@ void __init init_cpu_to_node(void)
u32 apicid = x86_cpu_to_apicid[i];
if ( apicid == BAD_APICID )
continue;
- node = apicid_to_node[apicid];
+ node = apicid < MAX_LOCAL_APIC ? apicid_to_node[apicid] : NUMA_NO_NODE;
if ( node == NUMA_NO_NODE || !node_online(node) )
node = 0;
numa_set_node(i, node);
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -200,7 +200,7 @@ void __devinit srat_detect_node(int cpu)
nodeid_t node;
u32 apicid = x86_cpu_to_apicid[cpu];
- node = apicid_to_node[apicid];
+ node = apicid < MAX_LOCAL_APIC ? apicid_to_node[apicid] : NUMA_NO_NODE;
if ( node == NUMA_NO_NODE )
node = 0;
--- a/xen/arch/x86/smpboot.c
+++ b/xen/arch/x86/smpboot.c
@@ -993,7 +993,8 @@ int cpu_add(uint32_t apic_id, uint32_t a
cpu = node;
goto out;
}
- apicid_to_node[apic_id] = node;
+ if ( apic_id < MAX_LOCAL_APIC )
+ apicid_to_node[apic_id] = node;
}
/* Physically added CPUs do not have synchronised TSC. */
--- a/xen/arch/x86/srat.c
+++ b/xen/arch/x86/srat.c
@@ -209,7 +209,6 @@ acpi_numa_x2apic_affinity_init(struct ac
{
unsigned pxm;
nodeid_t node;
- u32 apic_id;
if (srat_disabled())
return;
@@ -217,8 +216,13 @@ acpi_numa_x2apic_affinity_init(struct ac
bad_srat();
return;
}
- if ((pa->flags & ACPI_SRAT_CPU_ENABLED) == 0)
+ if (!(pa->flags & ACPI_SRAT_CPU_ENABLED))
+ return;
+ if (pa->apic_id >= MAX_LOCAL_APIC) {
+ printk(KERN_INFO "SRAT: APIC %08x ignored\n", pa->apic_id);
return;
+ }
+
pxm = pa->proximity_domain;
node = setup_node(pxm);
if (node == NUMA_NO_NODE) {
@@ -226,11 +230,11 @@ acpi_numa_x2apic_affinity_init(struct ac
return;
}
- apic_id = pa->apic_id;
- apicid_to_node[apic_id] = node;
+ apicid_to_node[pa->apic_id] = node;
+ node_set(node, processor_nodes_parsed);
acpi_numa = 1;
- printk(KERN_INFO "SRAT: PXM %u -> APIC %u -> Node %u\n",
- pxm, apic_id, node);
+ printk(KERN_INFO "SRAT: PXM %u -> APIC %08x -> Node %u\n",
+ pxm, pa->apic_id, node);
}
/* Callback for Proximity Domain -> LAPIC mapping */
@@ -262,7 +266,7 @@ acpi_numa_processor_affinity_init(struct
apicid_to_node[pa->apic_id] = node;
node_set(node, processor_nodes_parsed);
acpi_numa = 1;
- printk(KERN_INFO "SRAT: PXM %u -> APIC %u -> Node %u\n",
+ printk(KERN_INFO "SRAT: PXM %u -> APIC %02x -> Node %u\n",
pxm, pa->apic_id, node);
}
--- a/xen/drivers/acpi/numa.c
+++ b/xen/drivers/acpi/numa.c
@@ -198,9 +198,9 @@ int __init acpi_numa_init(void)
/* SRAT: Static Resource Affinity Table */
if (!acpi_table_parse(ACPI_SIG_SRAT, acpi_parse_srat)) {
acpi_table_parse_srat(ACPI_SRAT_TYPE_X2APIC_CPU_AFFINITY,
- acpi_parse_x2apic_affinity, NR_CPUS);
+ acpi_parse_x2apic_affinity, 0);
acpi_table_parse_srat(ACPI_SRAT_TYPE_CPU_AFFINITY,
- acpi_parse_processor_affinity, NR_CPUS);
+ acpi_parse_processor_affinity, 0);
acpi_table_parse_srat(ACPI_SRAT_TYPE_MEMORY_AFFINITY,
acpi_parse_memory_affinity,
NR_NODE_MEMBLKS);

49
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch Normal file
View File

@ -0,0 +1,49 @@
# Commit 29bcf64ce8bc0b1b7aacd00c8668f255c4f0686c
# Date 2015-10-29 13:31:10 +0100
# Author Julien Grall <julien.grall@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
arm: Support hypercall_create_continuation for multicall
Multicall for ARM has been supported since commit f0dbdc6 "xen: arm: fully
implement multicall interface.". Although, if an hypercall in multicall
requires preemption, it will crash the host:
(XEN) Xen BUG at domain.c:347
(XEN) ----[ Xen-4.7-unstable arm64 debug=y Tainted: C ]----
[...]
(XEN) Xen call trace:
(XEN) [<00000000002420cc>] hypercall_create_continuation+0x64/0x380 (PC)
(XEN) [<0000000000217274>] do_memory_op+0x1b00/0x2334 (LR)
(XEN) [<0000000000250d2c>] do_multicall_call+0x114/0x124
(XEN) [<0000000000217ff0>] do_multicall+0x17c/0x23c
(XEN) [<000000000024f97c>] do_trap_hypercall+0x90/0x12c
(XEN) [<0000000000251ca8>] do_trap_hypervisor+0xd2c/0x1ba4
(XEN) [<00000000002582cc>] guest_sync+0x88/0xb8
(XEN)
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 5:
(XEN) Xen BUG at domain.c:347
(XEN) ****************************************
(XEN)
(XEN) Manual reset required ('noreboot' specified)
Looking to the code, the support of multicall looks valid to me, as we only
need to fill call.args[...]. So drop the BUG();
This is CVE-2015-7812 / XSA-145.
Signed-off-by: Julien Grall <julien.grall@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -344,8 +344,6 @@ unsigned long hypercall_create_continuat
if ( test_bit(_MCSF_in_multicall, &mcs->flags) )
{
- BUG(); /* XXX multicalls not implemented yet. */
-
__set_bit(_MCSF_call_preempted, &mcs->flags);
for ( i = 0; *p != '\0'; i++ )

42
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch Normal file
View File

@ -0,0 +1,42 @@
# Commit 1c0e59ff15764e7b0c59282365974f5b8924ce83
# Date 2015-10-29 13:33:38 +0100
# Author Ian Campbell <ian.campbell@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
These are guest accessible and should therefore be rate-limited.
Moreover, include them only in debug builds.
This is CVE-2015-7813 / XSA-146.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/arm/hvm.c
+++ b/xen/arch/arm/hvm.c
@@ -57,7 +57,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
default:
{
- printk("%s: Bad HVM op %ld.\n", __func__, op);
+ gdprintk(XENLOG_DEBUG, "HVMOP op=%lu: not implemented\n", op);
rc = -ENOSYS;
break;
}
--- a/xen/arch/arm/physdev.c
+++ b/xen/arch/arm/physdev.c
@@ -8,12 +8,13 @@
#include <xen/types.h>
#include <xen/lib.h>
#include <xen/errno.h>
+#include <xen/sched.h>
#include <asm/hypercall.h>
int do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
{
- printk("%s %d cmd=%d: not implemented yet\n", __func__, __LINE__, cmd);
+ gdprintk(XENLOG_DEBUG, "PHYSDEVOP cmd=%d: not implemented\n", cmd);
return -ENOSYS;
}

40
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch Normal file
View File

@ -0,0 +1,40 @@
# Commit 1ef01396fdff88b1c3331a09ca5c69619b90f4ea
# Date 2015-10-29 13:34:17 +0100
# Author Ian Campbell <ian.campbell@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
arm: handle races between relinquish_memory and free_domheap_pages
Primarily this means XENMEM_decrease_reservation from a toolstack
domain.
Unlike x86 we have no requirement right now to queue such pages onto
a separate list, if we hit this race then the other code has already
fully accepted responsibility for freeing this page and therefore
there is no more for relinquish_memory to do.
This is CVE-2015-7814 / XSA-147.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Julien Grall <julien.grall@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/arm/domain.c
+++ b/xen/arch/arm/domain.c
@@ -768,8 +768,15 @@ static int relinquish_memory(struct doma
{
/* Grab a reference to the page so it won't disappear from under us. */
if ( unlikely(!get_page(page, d)) )
- /* Couldn't get a reference -- someone is freeing this page. */
- BUG();
+ /*
+ * Couldn't get a reference -- someone is freeing this page and
+ * has already committed to doing so, so no more to do here.
+ *
+ * Note that the page must be left on the list, a list_del
+ * here will clash with the list_del done by the other
+ * party in the race and corrupt the list head.
+ */
+ continue;
if ( test_and_clear_bit(_PGC_allocated, &page->count_info) )
put_page(page);

44
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch Normal file
View File

@ -0,0 +1,44 @@
# Commit fe360c90ea13f309ef78810f1a2b92f2ae3b30b8
# Date 2015-10-29 13:35:07 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: guard against undue super page PTE creation
When optional super page support got added (commit bd1cd81d64 "x86: PV
support for hugepages"), two adjustments were missed: mod_l2_entry()
needs to consider the PSE and RW bits when deciding whether to use the
fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK
unconditionally.
This is CVE-2015-7835 / XSA-148.
Reported-by: "栾尚聪(好风)" <shangcong.lsc@alibaba-inc.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Tim Deegan <tim@xen.org>
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -160,7 +160,10 @@ static void put_superpage(unsigned long
static uint32_t base_disallow_mask;
/* Global bit is allowed to be set on L1 PTEs. Intended for user mappings. */
#define L1_DISALLOW_MASK ((base_disallow_mask | _PAGE_GNTTAB) & ~_PAGE_GLOBAL)
-#define L2_DISALLOW_MASK (base_disallow_mask & ~_PAGE_PSE)
+
+#define L2_DISALLOW_MASK (unlikely(opt_allow_superpage) \
+ ? base_disallow_mask & ~_PAGE_PSE \
+ : base_disallow_mask)
#define l3_disallow_mask(d) (!is_pv_32bit_domain(d) ? \
base_disallow_mask : 0xFFFFF198U)
@@ -1839,7 +1842,10 @@ static int mod_l2_entry(l2_pgentry_t *pl
}
/* Fast path for identical mapping and presence. */
- if ( !l2e_has_changed(ol2e, nl2e, _PAGE_PRESENT) )
+ if ( !l2e_has_changed(ol2e, nl2e,
+ unlikely(opt_allow_superpage)
+ ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT
+ : _PAGE_PRESENT) )
{
adjust_guest_l2e(nl2e, d);
if ( UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad) )

25
5632129c-free-domain-s-vcpu-array.patch Normal file
View File

@ -0,0 +1,25 @@
# Commit d46896ebbb23f3a9fef2eb6066ae614fd1acfd96
# Date 2015-10-29 13:35:40 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
free domain's vcpu array
This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
guest").
This is CVE-2015-7969 / XSA-149.
Reported-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -833,6 +833,7 @@ static void complete_domain_destroy(stru
xsm_free_security_domain(d);
free_cpumask_var(d->domain_dirty_cpumask);
+ xfree(d->vcpu);
free_domain_struct(d);
send_global_virq(VIRQ_DOM_EXC);

205
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch Normal file
View File

@ -0,0 +1,205 @@
# Commit 101ce53266866144e724ed593173bc4098b300b9
# Date 2015-10-29 13:36:25 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/PoD: Eager sweep for zeroed pages
Based on the contents of a guests physical address space,
p2m_pod_emergency_sweep() could degrade into a linear memcmp() from 0 to
max_gfn, which runs non-preemptibly.
As p2m_pod_emergency_sweep() runs behind the scenes in a number of contexts,
making it preemptible is not feasible.
Instead, a different approach is taken. Recently-populated pages are eagerly
checked for reclaimation, which amortises the p2m_pod_emergency_sweep()
operation across each p2m_pod_demand_populate() operation.
Note that in the case that a 2M superpage can't be reclaimed as a superpage,
it is shattered if 4K pages of zeros can be reclaimed. This is unfortunate
but matches the previous behaviour, and is required to avoid regressions
(domain crash from PoD exhaustion) with VMs configured close to the limit.
This is CVE-2015-7970 / XSA-150.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
--- a/xen/arch/x86/mm/p2m-pod.c
+++ b/xen/arch/x86/mm/p2m-pod.c
@@ -901,28 +901,6 @@ p2m_pod_zero_check(struct p2m_domain *p2
}
#define POD_SWEEP_LIMIT 1024
-
-/* When populating a new superpage, look at recently populated superpages
- * hoping that they've been zeroed. This will snap up zeroed pages as soon as
- * the guest OS is done with them. */
-static void
-p2m_pod_check_last_super(struct p2m_domain *p2m, unsigned long gfn_aligned)
-{
- unsigned long check_gfn;
-
- ASSERT(p2m->pod.last_populated_index < POD_HISTORY_MAX);
-
- check_gfn = p2m->pod.last_populated[p2m->pod.last_populated_index];
-
- p2m->pod.last_populated[p2m->pod.last_populated_index] = gfn_aligned;
-
- p2m->pod.last_populated_index =
- ( p2m->pod.last_populated_index + 1 ) % POD_HISTORY_MAX;
-
- p2m_pod_zero_check_superpage(p2m, check_gfn);
-}
-
-
#define POD_SWEEP_STRIDE 16
static void
p2m_pod_emergency_sweep(struct p2m_domain *p2m)
@@ -963,7 +941,7 @@ p2m_pod_emergency_sweep(struct p2m_domai
* NB that this is a zero-sum game; we're increasing our cache size
* by re-increasing our 'debt'. Since we hold the pod lock,
* (entry_count - count) must remain the same. */
- if ( p2m->pod.count > 0 && i < limit )
+ if ( i < limit && (p2m->pod.count > 0 || hypercall_preempt_check()) )
break;
}
@@ -975,6 +953,58 @@ p2m_pod_emergency_sweep(struct p2m_domai
}
+static void pod_eager_reclaim(struct p2m_domain *p2m)
+{
+ struct pod_mrp_list *mrp = &p2m->pod.mrp;
+ unsigned int i = 0;
+
+ /*
+ * Always check one page for reclaimation.
+ *
+ * If the PoD pool is empty, keep checking some space is found, or all
+ * entries have been exhaused.
+ */
+ do
+ {
+ unsigned int idx = (mrp->idx + i++) % ARRAY_SIZE(mrp->list);
+ unsigned long gfn = mrp->list[idx];
+
+ if ( gfn != INVALID_GFN )
+ {
+ if ( gfn & POD_LAST_SUPERPAGE )
+ {
+ gfn &= ~POD_LAST_SUPERPAGE;
+
+ if ( p2m_pod_zero_check_superpage(p2m, gfn) == 0 )
+ {
+ unsigned int x;
+
+ for ( x = 0; x < SUPERPAGE_PAGES; ++x, ++gfn )
+ p2m_pod_zero_check(p2m, &gfn, 1);
+ }
+ }
+ else
+ p2m_pod_zero_check(p2m, &gfn, 1);
+
+ mrp->list[idx] = INVALID_GFN;
+ }
+
+ } while ( (p2m->pod.count == 0) && (i < ARRAY_SIZE(mrp->list)) );
+}
+
+static void pod_eager_record(struct p2m_domain *p2m,
+ unsigned long gfn, unsigned int order)
+{
+ struct pod_mrp_list *mrp = &p2m->pod.mrp;
+
+ ASSERT(mrp->list[mrp->idx] == INVALID_GFN);
+ ASSERT(gfn != INVALID_GFN);
+
+ mrp->list[mrp->idx++] =
+ gfn | (order == PAGE_ORDER_2M ? POD_LAST_SUPERPAGE : 0);
+ mrp->idx %= ARRAY_SIZE(mrp->list);
+}
+
int
p2m_pod_demand_populate(struct p2m_domain *p2m, unsigned long gfn,
unsigned int order,
@@ -1015,6 +1045,8 @@ p2m_pod_demand_populate(struct p2m_domai
return 0;
}
+ pod_eager_reclaim(p2m);
+
/* Only sweep if we're actually out of memory. Doing anything else
* causes unnecessary time and fragmentation of superpages in the p2m. */
if ( p2m->pod.count == 0 )
@@ -1051,6 +1083,8 @@ p2m_pod_demand_populate(struct p2m_domai
p2m->pod.entry_count -= (1 << order);
BUG_ON(p2m->pod.entry_count < 0);
+ pod_eager_record(p2m, gfn_aligned, order);
+
if ( tb_init_done )
{
struct {
@@ -1066,12 +1100,6 @@ p2m_pod_demand_populate(struct p2m_domai
__trace_var(TRC_MEM_POD_POPULATE, 0, sizeof(t), &t);
}
- /* Check the last guest demand-populate */
- if ( p2m->pod.entry_count > p2m->pod.count
- && (order == PAGE_ORDER_2M)
- && (q & P2M_ALLOC) )
- p2m_pod_check_last_super(p2m, gfn_aligned);
-
pod_unlock(p2m);
return 0;
out_of_memory:
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -60,6 +60,7 @@ boolean_param("hap_2mb", opt_hap_2mb);
/* Init the datastructures for later use by the p2m code */
static int p2m_initialise(struct domain *d, struct p2m_domain *p2m)
{
+ unsigned int i;
int ret = 0;
mm_rwlock_init(&p2m->lock);
@@ -75,6 +76,9 @@ static int p2m_initialise(struct domain
p2m->np2m_base = P2M_BASE_EADDR;
+ for ( i = 0; i < ARRAY_SIZE(p2m->pod.mrp.list); ++i )
+ p2m->pod.mrp.list[i] = INVALID_GFN;
+
if ( hap_enabled(d) && cpu_has_vmx )
ret = ept_p2m_init(p2m);
else
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -292,10 +292,20 @@ struct p2m_domain {
entry_count; /* # of pages in p2m marked pod */
unsigned long reclaim_single; /* Last gpfn of a scan */
unsigned long max_guest; /* gpfn of max guest demand-populate */
-#define POD_HISTORY_MAX 128
- /* gpfn of last guest superpage demand-populated */
- unsigned long last_populated[POD_HISTORY_MAX];
- unsigned int last_populated_index;
+
+ /*
+ * Tracking of the most recently populated PoD pages, for eager
+ * reclamation.
+ */
+ struct pod_mrp_list {
+#define NR_POD_MRP_ENTRIES 32
+
+/* Encode ORDER_2M superpage in top bit of GFN */
+#define POD_LAST_SUPERPAGE (INVALID_GFN & ~(INVALID_GFN >> 1))
+
+ unsigned long list[NR_POD_MRP_ENTRIES];
+ unsigned int idx;
+ } mrp;
mm_lock_t lock; /* Locking of private pod structs, *
* not relying on the p2m lock. */
} pod;

32
563212e4-xenoprof-free-domain-s-vcpu-array.patch Normal file
View File

@ -0,0 +1,32 @@
# Commit 6e97c4b37386c2d09e09e9b5d5d232e37728b960
# Date 2015-10-29 13:36:52 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
xenoprof: free domain's vcpu array
This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
guest").
This is CVE-2015-7969 / XSA-151.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -239,6 +239,7 @@ static int alloc_xenoprof_struct(
d->xenoprof->rawbuf = alloc_xenheap_pages(get_order_from_pages(npages), 0);
if ( d->xenoprof->rawbuf == NULL )
{
+ xfree(d->xenoprof->vcpu);
xfree(d->xenoprof);
d->xenoprof = NULL;
return -ENOMEM;
@@ -286,6 +287,7 @@ void free_xenoprof_pages(struct domain *
free_xenheap_pages(x->rawbuf, order);
}
+ xfree(x->vcpu);
xfree(x);
d->xenoprof = NULL;
}

70
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch Normal file
View File

@ -0,0 +1,70 @@
# Commit 95e7415843b94c346e5ba8682665f508f220e04b
# Date 2015-10-29 13:37:19 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: rate-limit logging in do_xen{oprof,pmu}_op()
Some of the sub-ops are acessible to all guests, and hence should be
rate-limited. In the xenoprof case, just like for XSA-146, include them
only in debug builds. Since the vPMU code is rather new, allow them to
be always present, but downgrade them to (rate limited) guest messages.
This is CVE-2015-7971 / XSA-152.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
--- a/xen/arch/x86/cpu/vpmu.c
+++ b/xen/arch/x86/cpu/vpmu.c
@@ -682,8 +682,8 @@ long do_xenpmu_op(unsigned int op, XEN_G
vpmu_mode = pmu_params.val;
else if ( vpmu_mode != pmu_params.val )
{
- printk(XENLOG_WARNING
- "VPMU: Cannot change mode while active VPMUs exist\n");
+ gprintk(XENLOG_WARNING,
+ "VPMU: Cannot change mode while active VPMUs exist\n");
ret = -EBUSY;
}
@@ -714,8 +714,8 @@ long do_xenpmu_op(unsigned int op, XEN_G
vpmu_features = pmu_params.val;
else
{
- printk(XENLOG_WARNING "VPMU: Cannot change features while"
- " active VPMUs exist\n");
+ gprintk(XENLOG_WARNING,
+ "VPMU: Cannot change features while active VPMUs exist\n");
ret = -EBUSY;
}
--- a/xen/common/xenoprof.c
+++ b/xen/common/xenoprof.c
@@ -676,15 +676,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
if ( (op < 0) || (op > XENOPROF_last_op) )
{
- printk("xenoprof: invalid operation %d for domain %d\n",
- op, current->domain->domain_id);
+ gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op);
return -EINVAL;
}
if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) )
{
- printk("xenoprof: dom %d denied privileged operation %d\n",
- current->domain->domain_id, op);
+ gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op);
return -EPERM;
}
@@ -907,8 +905,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
spin_unlock(&xenoprof_lock);
if ( ret < 0 )
- printk("xenoprof: operation %d failed for dom %d (status : %d)\n",
- op, current->domain->domain_id, ret);
+ gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret);
return ret;
}

77
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch Normal file
View File

@ -0,0 +1,77 @@
# Commit e294a0c3af9f4443dc692b180fb1771b1cb075e8
# Date 2015-10-29 15:11:51 +0000
# Author Ian Jackson <ian.jackson@eu.citrix.com>
# Committer Ian Jackson <Ian.Jackson@eu.citrix.com>
libxl: adjust PoD target by memory fudge, too
PoD guests need to balloon at least as far as required by PoD, or risk
crashing. Currently they don't necessarily know what the right value
is, because our memory accounting is (at the very least) confusing.
Apply the memory limit fudge factor to the in-hypervisor PoD memory
target, too. This will increase the size of the guest's PoD cache by
the fudge factor LIBXL_MAXMEM_CONSTANT (currently 1Mby). This ensures
that even with a slightly-off balloon driver, the guest will be
stable even under memory pressure.
There are two call sites of xc_domain_set_pod_target that need fixing:
The one in libxl_set_memory_target is straightforward.
The one in xc_hvm_build_x86.c:setup_guest is more awkward. Simply
setting the PoD target differently does not work because the various
amounts of memory during domain construction no longer match up.
Instead, we adjust the guest memory target in xenstore (but only for
PoD guests).
This introduces a 1Mby discrepancy between the balloon target of a PoD
guest at boot, and the target set by an apparently-equivalent `xl
mem-set' (or similar) later. This approach is low-risk for a security
fix but we need to fix this up properly in xen.git#staging and
probably also in stable trees.
This is XSA-153.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
(cherry picked from commit 56fb5fd62320eb40a7517206f9706aa9188d6f7b)
--- a/tools/libxl/libxl.c
+++ b/tools/libxl/libxl.c
@@ -4815,7 +4815,7 @@ retry_transaction:
}
rc = xc_domain_set_pod_target(ctx->xch, domid,
- new_target_memkb / 4, NULL, NULL, NULL);
+ (new_target_memkb + LIBXL_MAXMEM_CONSTANT) / 4, NULL, NULL, NULL);
if (rc != 0) {
LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR,
"xc_domain_set_pod_target domid=%d, memkb=%d "
--- a/tools/libxl/libxl_dom.c
+++ b/tools/libxl/libxl_dom.c
@@ -486,6 +486,7 @@ int libxl__build_post(libxl__gc *gc, uin
xs_transaction_t t;
char **ents;
int i, rc;
+ int64_t mem_target_fudge;
if (info->num_vnuma_nodes && !info->num_vcpu_soft_affinity) {
rc = set_vnuma_affinity(gc, domid, info);
@@ -518,11 +519,17 @@ int libxl__build_post(libxl__gc *gc, uin
}
}
+ mem_target_fudge =
+ (info->type == LIBXL_DOMAIN_TYPE_HVM &&
+ info->max_memkb > info->target_memkb)
+ ? LIBXL_MAXMEM_CONSTANT : 0;
+
ents = libxl__calloc(gc, 12 + (info->max_vcpus * 2) + 2, sizeof(char *));
ents[0] = "memory/static-max";
ents[1] = GCSPRINTF("%"PRId64, info->max_memkb);
ents[2] = "memory/target";
- ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb);
+ ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb
+ - mem_target_fudge);
ents[4] = "memory/videoram";
ents[5] = GCSPRINTF("%"PRId64, info->video_memkb);
ents[6] = "domid";

88
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch Normal file
View File

@ -0,0 +1,88 @@
# Commit 59a5061723ba47c0028cf48487e5de551c42a378
# Date 2015-11-02 15:33:38 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/PoD: Make p2m_pod_empty_cache() restartable
This avoids a long running operation when destroying a domain with a
large PoD cache.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
--- a/xen/arch/x86/mm/p2m-pod.c
+++ b/xen/arch/x86/mm/p2m-pod.c
@@ -375,11 +375,11 @@ out:
return ret;
}
-void
-p2m_pod_empty_cache(struct domain *d)
+int p2m_pod_empty_cache(struct domain *d)
{
struct p2m_domain *p2m = p2m_get_hostp2m(d);
struct page_info *page;
+ unsigned int i;
/* After this barrier no new PoD activities can happen. */
BUG_ON(!d->is_dying);
@@ -389,8 +389,6 @@ p2m_pod_empty_cache(struct domain *d)
while ( (page = page_list_remove_head(&p2m->pod.super)) )
{
- int i;
-
for ( i = 0 ; i < SUPERPAGE_PAGES ; i++ )
{
BUG_ON(page_get_owner(page + i) != d);
@@ -398,19 +396,27 @@ p2m_pod_empty_cache(struct domain *d)
}
p2m->pod.count -= SUPERPAGE_PAGES;
+
+ if ( hypercall_preempt_check() )
+ goto out;
}
- while ( (page = page_list_remove_head(&p2m->pod.single)) )
+ for ( i = 0; (page = page_list_remove_head(&p2m->pod.single)); ++i )
{
BUG_ON(page_get_owner(page) != d);
page_list_add_tail(page, &d->page_list);
p2m->pod.count -= 1;
+
+ if ( i && !(i & 511) && hypercall_preempt_check() )
+ goto out;
}
BUG_ON(p2m->pod.count != 0);
+ out:
unlock_page_alloc(p2m);
+ return p2m->pod.count ? -ERESTART : 0;
}
int
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -815,7 +815,7 @@ int paging_teardown(struct domain *d)
return rc;
/* Move populate-on-demand cache back to domain_list for destruction */
- p2m_pod_empty_cache(d);
+ rc = p2m_pod_empty_cache(d);
return rc;
}
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -588,7 +588,7 @@ void p2m_pod_dump_data(struct domain *d)
/* Move all pages from the populate-on-demand cache to the domain page_list
* (usually in preparation for domain destruction) */
-void p2m_pod_empty_cache(struct domain *d);
+int p2m_pod_empty_cache(struct domain *d);
/* Set populate-on-demand cache size so that the total memory allocated to a
* domain matches target */

31
CVE-2015-5307-xsa156.patch → 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch
View File

@ -1,5 +1,7 @@
References: bsc#953527 CVE-2015-5307 XSA-156 # Commit bd2239d9fa975a1ee5bcd27c218ae042cd0a57bc
# Date 2015-11-10 12:03:08 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/HVM: always intercept #AC and #DB x86/HVM: always intercept #AC and #DB
Both being benign exceptions, and both being possible to get triggered Both being benign exceptions, and both being possible to get triggered
@ -12,6 +14,10 @@ The specific scenarios:
1) #AC may be raised during exception delivery if the handler is set to 1) #AC may be raised during exception delivery if the handler is set to
be a ring-3 one by a 32-bit guest, and the stack is misaligned. be a ring-3 one by a 32-bit guest, and the stack is misaligned.
This is CVE-2015-5307 / XSA-156.
Reported-by: Benjamin Serebrin <serebrin@google.com>
2) #DB may be raised during exception delivery when a breakpoint got 2) #DB may be raised during exception delivery when a breakpoint got
placed on a data structure involved in delivering the exception. This placed on a data structure involved in delivering the exception. This
can result in an endless loop when a 64-bit guest uses a non-zero IST can result in an endless loop when a 64-bit guest uses a non-zero IST
@ -19,17 +25,14 @@ for the vector 1 IDT entry, but even without use of IST the time it
takes until a contributory fault would get raised (results depending takes until a contributory fault would get raised (results depending
on the handler) may be quite long. on the handler) may be quite long.
This is XSA-156. This is CVE-2015-8104 / XSA-156.
Reported-by: Benjamin Serebrin <serebrin@google.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Index: xen-4.6.0-testing/xen/arch/x86/hvm/svm/svm.c --- a/xen/arch/x86/hvm/svm/svm.c
=================================================================== +++ b/xen/arch/x86/hvm/svm/svm.c
--- xen-4.6.0-testing.orig/xen/arch/x86/hvm/svm/svm.c
+++ xen-4.6.0-testing/xen/arch/x86/hvm/svm/svm.c
@@ -1043,10 +1043,11 @@ static void noreturn svm_do_resume(struc @@ -1043,10 +1043,11 @@ static void noreturn svm_do_resume(struc
unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) ) unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) )
{ {
@ -68,10 +71,8 @@ Index: xen-4.6.0-testing/xen/arch/x86/hvm/svm/svm.c
case VMEXIT_EXCEPTION_UD: case VMEXIT_EXCEPTION_UD:
svm_vmexit_ud_intercept(regs); svm_vmexit_ud_intercept(regs);
break; break;
Index: xen-4.6.0-testing/xen/arch/x86/hvm/vmx/vmx.c --- a/xen/arch/x86/hvm/vmx/vmx.c
=================================================================== +++ b/xen/arch/x86/hvm/vmx/vmx.c
--- xen-4.6.0-testing.orig/xen/arch/x86/hvm/vmx/vmx.c
+++ xen-4.6.0-testing/xen/arch/x86/hvm/vmx/vmx.c
@@ -1224,16 +1224,10 @@ static void vmx_update_host_cr3(struct v @@ -1224,16 +1224,10 @@ static void vmx_update_host_cr3(struct v
void vmx_update_debug_state(struct vcpu *v) void vmx_update_debug_state(struct vcpu *v)
@ -117,10 +118,8 @@ Index: xen-4.6.0-testing/xen/arch/x86/hvm/vmx/vmx.c
case TRAP_nmi: case TRAP_nmi:
if ( MASK_EXTR(intr_info, INTR_INFO_INTR_TYPE_MASK) != if ( MASK_EXTR(intr_info, INTR_INFO_INTR_TYPE_MASK) !=
X86_EVENTTYPE_NMI ) X86_EVENTTYPE_NMI )
Index: xen-4.6.0-testing/xen/include/asm-x86/hvm/hvm.h --- a/xen/include/asm-x86/hvm/hvm.h
=================================================================== +++ b/xen/include/asm-x86/hvm/hvm.h
--- xen-4.6.0-testing.orig/xen/include/asm-x86/hvm/hvm.h
+++ xen-4.6.0-testing/xen/include/asm-x86/hvm/hvm.h
@@ -384,7 +384,10 @@ static inline int hvm_event_pending(stru @@ -384,7 +384,10 @@ static inline int hvm_event_pending(stru
(X86_CR4_VMXE | X86_CR4_PAE | X86_CR4_MCE)) (X86_CR4_VMXE | X86_CR4_PAE | X86_CR4_MCE))

20
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch Normal file
View File

@ -0,0 +1,20 @@
# Commit 057e0e72d2a5d598087c5f167ec6a13203a3cf65
# Date 2015-11-12 16:59:18 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/HVM: don't inject #DB with error code
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper@citrix.com>
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4071,7 +4071,7 @@ void hvm_task_switch(
goto out;
if ( (tss.trace & 1) && !exn_raised )
- hvm_inject_hw_exception(TRAP_debug, tss_sel & 0xfff8);
+ hvm_inject_hw_exception(TRAP_debug, HVM_DELIVER_NO_ERROR_CODE);
tr.attr.fields.type = 0xb; /* busy 32-bit tss */
hvm_set_segment_register(v, x86_seg_tr, &tr);

22
CVE-2015-7969-xsa149.patch
View File

@ -1,22 +0,0 @@
xen: free domain's vcpu array
This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
guest").
This is XSA-149.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
Index: xen-4.6.0-testing/xen/common/domain.c
===================================================================
--- xen-4.6.0-testing.orig/xen/common/domain.c
+++ xen-4.6.0-testing/xen/common/domain.c
@@ -412,6 +412,7 @@ struct domain *domain_create(domid_t dom
if ( init_status & INIT_xsm )
xsm_free_security_domain(d);
free_cpumask_var(d->domain_dirty_cpumask);
+ xfree(d->vcpu);
free_domain_struct(d);
return ERR_PTR(err);
}

76
block-iscsi
View File

@ -1,76 +0,0 @@
#!/bin/bash
# Usage: block-iscsi [add tgtname | remove dev]
#
# This assumes you're running a correctly configured
# iscsi target (server) at the other end!
# Note that we assume that the passwords for discovery (if needed)
# are in /etc/iscsid.conf
# and the node session passwords (if required) in the
# open-iscsi database below /var/lib/open-iscsi/node.db
#
# (c) Kurt Garloff <kurt@garloff.de>, 2006-09-04, GNU GPL
# Contributors: Jim Fehlig <jfehlig@novell.com>
# Stefan de Konink <skinkie@xs4all.nl>
dir=$(dirname "$0")
. "$dir/block-common.sh"
# echo "DBG:xen/scripts/block-iscsi $1 $2 XENBUS_PATH=$XENBUS_PATH $par $node"
find_sdev()
{
unset dev
for session in /sys/class/iscsi_session/session*; do
if [ "$1" = "`cat $session/targetname 2>/dev/null`" ]; then
dev=`basename $session/device/target*/*:0:*/block*/*`
return
fi
done
}
find_sdev_rev()
{
unset tgt
for session in /sys/class/iscsi_session/session*; do
dev=`basename $session/device/target*/*:0:*/block*/*`
if [ "$dev" = "$1" ]; then
tgt=`cat $session/targetname 2>/dev/null`
return
fi
done
}
case "$command" in
add)
# load modules and start iscsid
/etc/init.d/open-iscsi status >/dev/null 2>&1 ||
{ /etc/init.d/open-iscsi start >/dev/null 2>&1; sleep 1; }
par=`xenstore-read $XENBUS_PATH/params` || true
TGTID=`echo $par | sed "s/\/\///g"`
while read rec uuid; do
if [ "$uuid" = "$TGTID" ]; then
find_sdev $TGTID
if [ -z "$dev" ]; then
/sbin/iscsiadm -m node -T $uuid -p $rec --login || exit 2
sleep 4
find_sdev $TGTID
fi
xenstore-write $XENBUS_PATH/node /dev/$dev
write_dev /dev/$dev
exit 0
fi
done < <(/sbin/iscsiadm -m node)
exit 1
;;
remove)
node=`xenstore-read $XENBUS_PATH/node` || true
dev=$node; dev=${dev#/dev/}
find_sdev_rev $dev
if [ -x /sbin/blockdev -a -n "$node" ]; then blockdev --flushbufs "$node"; fi
test -z "$tgt" && exit 2
/sbin/iscsiadm -m node -T $tgt --logout
exit 1
;;
esac

34
block-nbd
View File

@ -1,34 +0,0 @@
#!/bin/sh
# Usage: block-nbd [bind server ctl_port |unbind node]
#
# The node argument to unbind is the name of the device node we are to
# unbind.
#
# This assumes you're running a correctly configured server at the other end!
dir=$(dirname "$0")
. "$dir/block-common.sh"
#set -x
par=`xenstore-read $XENBUS_PATH/params` || true
#echo $par
case "$command" in
add)
modprobe nbd
for dev in /dev/nbd*; do
if nbd-client $par $dev; then
xenstore-write $XENBUS_PATH/node $dev
write_dev $dev
exit 0
fi
done
exit 1
;;
remove)
node=`xenstore-read $XENBUS_PATH/node` || true
nbd-client -d $node
exit 0
;;
esac

9
tmp_build.patch
View File

@ -14,7 +14,7 @@ Index: xen-4.6.0-testing/tools/xenstore/Makefile
xenstore-control: xenstore_control.o $(LIBXENSTORE) xenstore-control: xenstore_control.o $(LIBXENSTORE)
$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS) $(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
@@ -145,12 +146,13 @@ endif @@ -145,10 +146,11 @@ endif
$(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir) $(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir)
$(INSTALL_PROG) xenstore $(DESTDIR)$(bindir) $(INSTALL_PROG) xenstore $(DESTDIR)$(bindir)
set -e ; for c in $(CLIENTS) ; do \ set -e ; for c in $(CLIENTS) ; do \
@ -23,11 +23,8 @@ Index: xen-4.6.0-testing/tools/xenstore/Makefile
done done
+ $(INSTALL_PROG) domu-xenstore $(DESTDIR)/bin + $(INSTALL_PROG) domu-xenstore $(DESTDIR)/bin
for client in $(CLIENTS_DOMU); do \ for client in $(CLIENTS_DOMU); do \
- $(INSTALL_PROG) $$client $(DESTDIR)/bin/$${client/domu-}; \ - $(INSTALL_PROG) $$client $(DESTDIR)$(bindir)/$${client/domu-}; \
+ ln -fs domu-xenstore $(DESTDIR)/bin/$${client/domu-}; \ + ln -fs domu-xenstore $(DESTDIR)/bin/$${client/domu-}; \
done done
- $(INSTALL_DIR) $(DESTDIR)$(libdir) $(INSTALL_DIR) $(DESTDIR)$(libdir)
+ $(INSTALL_DIR) $(DESTDIR)$(libdir)
$(INSTALL_SHLIB) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir) $(INSTALL_SHLIB) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
ln -sf libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenstore.so.$(MAJOR)
ln -sf libxenstore.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenstore.so

4
xen-destdir.patch
View File

@ -51,9 +51,9 @@ Index: xen-4.6.0-testing/tools/xenstore/Makefile
done done
- $(INSTALL_DIR) $(DESTDIR)$(libdir) - $(INSTALL_DIR) $(DESTDIR)$(libdir)
+ for client in $(CLIENTS_DOMU); do \ + for client in $(CLIENTS_DOMU); do \
+ $(INSTALL_PROG) $$client $(DESTDIR)/bin/$${client/domu-}; \ + $(INSTALL_PROG) $$client $(DESTDIR)$(bindir)/$${client/domu-}; \
+ done + done
+ $(INSTALL_DIR) $(DESTDIR)$(libdir) + $(INSTALL_DIR) $(DESTDIR)$(libdir)
$(INSTALL_SHLIB) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir) $(INSTALL_SHLIB) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
ln -sf libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenstore.so.$(MAJOR) ln -sf libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenstore.so.$(MAJOR)
ln -sf libxenstore.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenstore.so ln -sf libxenstore.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenstore.so

38
xen.changes
View File

@ -1,3 +1,41 @@
-------------------------------------------------------------------
Tue Nov 24 08:44:57 MST 2015 - carnold@suse.com
- fate#315712: XEN: Use the PVOPS kernel
Turn off building the KMPs now that we are using the pvops kernel
xen.spec
-------------------------------------------------------------------
Thu Nov 19 11:18:03 MST 2015 - carnold@suse.com
- Upstream patches from Jan
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch)
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
563212e4-xenoprof-free-domain-s-vcpu-array.patch
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch
-------------------------------------------------------------------
Thu Nov 19 07:47:47 UTC 2015 - ohering@suse.de
- Use upstream variants of block-iscsi and block-nbd
-------------------------------------------------------------------
Thu Nov 19 07:38:06 UTC 2015 - ohering@suse.de
- Remove xenalyze.hg, its part of xen-4.6
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Nov 10 16:16:24 MDT 2015 - carnold@suse.com Wed Nov 10 16:16:24 MDT 2015 - carnold@suse.com

87
xen.spec
View File

@ -31,7 +31,7 @@ ExclusiveArch: %ix86 x86_64 %arm aarch64
%define with_oxenstored 0 %define with_oxenstored 0
# #
%ifarch x86_64 %ifarch x86_64
%define with_kmp 1 %define with_kmp 0
%define with_debug 1 %define with_debug 1
%define with_stubdom 1 %define with_stubdom 1
%define with_gdbsx 1 %define with_gdbsx 1
@ -59,11 +59,12 @@ ExclusiveArch: %ix86 x86_64 %arm aarch64
# EFI requires gcc 4.6 or newer # EFI requires gcc 4.6 or newer
# gcc46 is available in 12.1 or sles11sp2 # gcc46 is available in 12.1 or sles11sp2
# gcc47 is available in sles11sp3 # gcc47 is available in sles11sp3
# gcc48 is available in sles11sp4
# 12.2+ have gcc 4.7 as default compiler # 12.2+ have gcc 4.7 as default compiler
%if %suse_version == 1110
%define with_gcc47 1
%else
%define with_gcc47 0 %define with_gcc47 0
%define with_gcc48 0
%if %suse_version == 1110
%define with_gcc48 1
%endif %endif
%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
%define with_systemd 0 %define with_systemd 0
@ -143,6 +144,9 @@ BuildRequires: acpica
%if %{?with_gcc47}0 %if %{?with_gcc47}0
BuildRequires: gcc47 BuildRequires: gcc47
%endif %endif
%if %{?with_gcc48}0
BuildRequires: gcc48
%endif
BuildRequires: glibc-32bit BuildRequires: glibc-32bit
BuildRequires: glibc-devel-32bit BuildRequires: glibc-devel-32bit
%endif %endif
@ -158,7 +162,7 @@ BuildRequires: xorg-x11-util-devel
%endif %endif
%endif %endif
Version: 4.6.0_02 Version: 4.6.0_04
Release: 0 Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0 License: GPL-2.0
@ -175,8 +179,6 @@ Source10: README.SUSE
Source11: boot.xen Source11: boot.xen
Source12: boot.local.xenU Source12: boot.local.xenU
Source15: logrotate.conf Source15: logrotate.conf
Source19: block-nbd
Source20: block-iscsi
Source21: block-npiv-common.sh Source21: block-npiv-common.sh
Source22: block-npiv Source22: block-npiv
Source23: block-npiv-vport Source23: block-npiv-vport
@ -199,15 +201,25 @@ Source42: xen-dom0-modules.service
Source57: xen-utils-0.1.tar.bz2 Source57: xen-utils-0.1.tar.bz2
# For xen-libs # For xen-libs
Source99: baselibs.conf Source99: baselibs.conf
# http://xenbits.xensource.com/ext/xenalyze
Source20000: xenalyze.hg.tar.bz2
# Upstream patches # Upstream patches
Patch1: 55b0a2db-x86-MSI-track-guest-masking.patch Patch1: 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
Patch2: 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch Patch2: 5604f239-x86-PV-properly-populate-descriptor-tables.patch
Patch3: 5604f239-x86-PV-properly-populate-descriptor-tables.patch Patch3: 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
Patch4: 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch Patch4: 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
Patch149: CVE-2015-7969-xsa149.patch Patch5: 561d20a0-x86-hide-MWAITX-from-PV-domains.patch
Patch158: CVE-2015-5307-xsa156.patch Patch6: 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
Patch7: 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
Patch8: 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
Patch9: 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
Patch10: 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
Patch11: 5632129c-free-domain-s-vcpu-array.patch
Patch12: 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
Patch13: 563212e4-xenoprof-free-domain-s-vcpu-array.patch
Patch14: 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
Patch15: 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
Patch16: 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
Patch17: 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch
Patch18: 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
# Upstream qemu # Upstream qemu
Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch
Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch
@ -489,14 +501,26 @@ Authors:
%endif %endif
%prep %prep
%setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 57 -a 20000 %setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 57
# Upstream patches # Upstream patches
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch149 -p1 %patch5 -p1
%patch158 -p1 %patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
# Upstream qemu patches # Upstream qemu patches
%patch250 -p1 %patch250 -p1
%patch251 -p1 %patch251 -p1
@ -652,11 +676,6 @@ configure_flags="${configure_flags} --enable-qemu-traditional"
%else %else
configure_flags="${configure_flags} --disable-qemu-traditional" configure_flags="${configure_flags} --disable-qemu-traditional"
%endif %endif
%if %{?with_qemu_traditional}0
configure_flags="${configure_flags} --enable-blktap1"
%else
configure_flags="${configure_flags} --disable-blktap1"
%endif
./configure \ ./configure \
--disable-xen \ --disable-xen \
--enable-tools \ --enable-tools \
@ -687,9 +706,6 @@ configure_flags="${configure_flags} --disable-blktap1"
make -C tools/include/xen-foreign %{?_smp_mflags} make -C tools/include/xen-foreign %{?_smp_mflags}
make %{?_smp_mflags} make %{?_smp_mflags}
%if %{?with_dom0_support}0 %if %{?with_dom0_support}0
%ifarch %ix86 x86_64
make -C xenalyze.hg CC="gcc -I../xen/include -DMAX_CPUS=%{max_cpus} ${RPM_OPT_FLAGS}" %{?_smp_mflags} -k
%endif
make -C tools/xen-utils-0.1 XEN_INTREE_BUILD=yes XEN_ROOT=$PWD make -C tools/xen-utils-0.1 XEN_INTREE_BUILD=yes XEN_ROOT=$PWD
%endif %endif
# #
@ -730,7 +746,10 @@ make -C xen install \
%if %{?with_gcc47}0 %if %{?with_gcc47}0
CC=gcc-4.7 \ CC=gcc-4.7 \
%endif %endif
max_phys_cpus=%{max_cpus} debug=n crash_debug=n DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} %if %{?with_gcc48}0
CC=gcc-4.8 \
%endif
max_phys_cpus=%{max_cpus} debug=n crash_debug=n DEBUG_DIR=/boot DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
make -C xen clean make -C xen clean
install_xen() install_xen()
{ {
@ -740,11 +759,6 @@ install_xen()
ext="-$1" ext="-$1"
mv $RPM_BUILD_ROOT/boot/xen-${XEN_FULLVERSION}%{xen_install_suffix} \ mv $RPM_BUILD_ROOT/boot/xen-${XEN_FULLVERSION}%{xen_install_suffix} \
$RPM_BUILD_ROOT/boot/xen${ext}-${XEN_FULLVERSION}%{xen_install_suffix} $RPM_BUILD_ROOT/boot/xen${ext}-${XEN_FULLVERSION}%{xen_install_suffix}
mv $RPM_BUILD_ROOT/usr/lib/debug/xen-syms-${XEN_FULLVERSION} \
$RPM_BUILD_ROOT/boot/xen-syms${ext}-${XEN_FULLVERSION}
else
mv $RPM_BUILD_ROOT/usr/lib/debug/xen-syms-${XEN_FULLVERSION} \
$RPM_BUILD_ROOT/boot/xen-syms-${XEN_FULLVERSION}
fi fi
rm $RPM_BUILD_ROOT/boot/xen-$XEN_VERSION.$XEN_SUBVERSION%{xen_install_suffix} rm $RPM_BUILD_ROOT/boot/xen-$XEN_VERSION.$XEN_SUBVERSION%{xen_install_suffix}
rm $RPM_BUILD_ROOT/boot/xen-$XEN_VERSION%{xen_install_suffix} rm $RPM_BUILD_ROOT/boot/xen-$XEN_VERSION%{xen_install_suffix}
@ -757,11 +771,11 @@ install_xen()
find $RPM_BUILD_ROOT/boot -ls find $RPM_BUILD_ROOT/boot -ls
} }
%if %{?with_debug}0 %if %{?with_debug}0
make -C xen install max_phys_cpus=%{max_cpus} debug=y crash_debug=y DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} make -C xen install max_phys_cpus=%{max_cpus} debug=y crash_debug=y DEBUG_DIR=/boot DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
install_xen dbg install_xen dbg
make -C xen clean make -C xen clean
%endif %endif
make -C xen install max_phys_cpus=%{max_cpus} debug=n crash_debug=n DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags} make -C xen install max_phys_cpus=%{max_cpus} debug=n crash_debug=n DEBUG_DIR=/boot DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
install_xen install_xen
make -C xen clean make -C xen clean
echo > xen.files.txt echo > xen.files.txt
@ -770,10 +784,6 @@ if test -d $RPM_BUILD_ROOT%{_libdir}/efi
then then
echo %{_libdir}/efi >> xen.files.txt echo %{_libdir}/efi >> xen.files.txt
fi fi
%ifarch x86_64
cp -avL xenalyze.hg/dump-raw $RPM_BUILD_ROOT/%{_bindir}/xenalyze.dump-raw
cp -avL xenalyze.hg/xenalyze $RPM_BUILD_ROOT/%{_bindir}
%endif
%endif %endif
# PV driver modules # PV driver modules
@ -814,7 +824,7 @@ install -m644 tools/xentrace/formats $RPM_BUILD_ROOT/etc/xen/examples/xentrace_f
# Scripts # Scripts
rm -f $RPM_BUILD_ROOT/etc/xen/scripts/block-*nbd rm -f $RPM_BUILD_ROOT/etc/xen/scripts/block-*nbd
install -m755 %SOURCE19 %SOURCE20 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE29 $RPM_BUILD_ROOT/etc/xen/scripts/ install -m755 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE29 $RPM_BUILD_ROOT/etc/xen/scripts/
# Xen API remote authentication files # Xen API remote authentication files
install -d $RPM_BUILD_ROOT/etc/pam.d install -d $RPM_BUILD_ROOT/etc/pam.d
@ -946,7 +956,6 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%defattr(-,root,root) %defattr(-,root,root)
%ifarch %ix86 x86_64 %ifarch %ix86 x86_64
/usr/bin/xenalyze /usr/bin/xenalyze
/usr/bin/xenalyze.dump-raw
%endif %endif
/usr/bin/xencons /usr/bin/xencons
/usr/bin/xenstore* /usr/bin/xenstore*

3
xenalyze.hg.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:36aabe13da4b7ca0e0f9b61fa1442823e437585ef56b604ab077af20bb93ef67
size 126674