- fate#315712: XEN: Use the PVOPS kernel
Turn off building the KMPs now that we are using the pvops kernel xen.spec - Upstream patches from Jan 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch 561d20a0-x86-hide-MWAITX-from-PV-domains.patch 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch 5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch) 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch 563212e4-xenoprof-free-domain-s-vcpu-array.patch 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch) 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch - Dropped 55b0a2db-x86-MSI-track-guest-masking.patch - Use upstream variants of block-iscsi and block-nbd - Remove xenalyze.hg, its part of xen-4.6 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=389
This commit is contained in:
parent
b086a62192
commit
c608e23838
@ -1,57 +0,0 @@
|
||||
References: bsc#907514 bsc#910258 bsc#918984 bsc#923967
|
||||
|
||||
# Commit aa7c1fdf9dd04a1287f4770906b2c41b88a28228
|
||||
# Date 2015-07-23 10:16:27 +0200
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86/MSI: properly track guest masking requests
|
||||
|
||||
... by monitoring writes to the mask register.
|
||||
|
||||
This allows reverting the main effect of the XSA-129 patches in qemu.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
|
||||
Index: xen-4.6.0-testing/xen/arch/x86/msi.c
|
||||
===================================================================
|
||||
--- xen-4.6.0-testing.orig/xen/arch/x86/msi.c
|
||||
+++ xen-4.6.0-testing/xen/arch/x86/msi.c
|
||||
@@ -1336,6 +1336,37 @@ int pci_msi_conf_write_intercept(struct
|
||||
return 1;
|
||||
}
|
||||
|
||||
+ entry = find_msi_entry(pdev, -1, PCI_CAP_ID_MSI);
|
||||
+ if ( entry && entry->msi_attrib.maskbit )
|
||||
+ {
|
||||
+ uint16_t cntl;
|
||||
+ uint32_t unused;
|
||||
+
|
||||
+ pos = entry->msi_attrib.pos;
|
||||
+ if ( reg < pos || reg >= entry->msi.mpos + 8 )
|
||||
+ return 0;
|
||||
+
|
||||
+ if ( reg == msi_control_reg(pos) )
|
||||
+ return size == 2 ? 1 : -EACCES;
|
||||
+ if ( reg < entry->msi.mpos || reg >= entry->msi.mpos + 4 || size != 4 )
|
||||
+ return -EACCES;
|
||||
+
|
||||
+ cntl = pci_conf_read16(seg, bus, slot, func, msi_control_reg(pos));
|
||||
+ unused = ~(uint32_t)0 >> (32 - multi_msi_capable(cntl));
|
||||
+ for ( pos = 0; pos < entry->msi.nvec; ++pos, ++entry )
|
||||
+ {
|
||||
+ entry->msi_attrib.guest_masked =
|
||||
+ *data >> entry->msi_attrib.entry_nr;
|
||||
+ if ( entry->msi_attrib.host_masked )
|
||||
+ *data |= 1 << pos;
|
||||
+ unused &= ~(1 << pos);
|
||||
+ }
|
||||
+
|
||||
+ *data |= unused;
|
||||
+
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
@ -0,0 +1,55 @@
|
||||
# Commit 710942e57fb42ff8f344ca82f6b678f67e38ae63
|
||||
# Date 2015-10-12 15:58:35 +0200
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
VT-d: don't suppress invalidation address write when it is zero
|
||||
|
||||
GFN zero is a valid address, and hence may need invalidation done for
|
||||
it just like for any other GFN.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Acked-by: Yang Zhang <yang.z.zhang@intel.com>
|
||||
|
||||
--- a/xen/drivers/passthrough/vtd/iommu.c
|
||||
+++ b/xen/drivers/passthrough/vtd/iommu.c
|
||||
@@ -414,7 +414,7 @@ static int flush_iotlb_reg(void *_iommu,
|
||||
{
|
||||
struct iommu *iommu = (struct iommu *) _iommu;
|
||||
int tlb_offset = ecap_iotlb_offset(iommu->ecap);
|
||||
- u64 val = 0, val_iva = 0;
|
||||
+ u64 val = 0;
|
||||
unsigned long flags;
|
||||
|
||||
/*
|
||||
@@ -435,7 +435,6 @@ static int flush_iotlb_reg(void *_iommu,
|
||||
switch ( type )
|
||||
{
|
||||
case DMA_TLB_GLOBAL_FLUSH:
|
||||
- /* global flush doesn't need set IVA_REG */
|
||||
val = DMA_TLB_GLOBAL_FLUSH|DMA_TLB_IVT;
|
||||
break;
|
||||
case DMA_TLB_DSI_FLUSH:
|
||||
@@ -443,8 +442,6 @@ static int flush_iotlb_reg(void *_iommu,
|
||||
break;
|
||||
case DMA_TLB_PSI_FLUSH:
|
||||
val = DMA_TLB_PSI_FLUSH|DMA_TLB_IVT|DMA_TLB_DID(did);
|
||||
- /* Note: always flush non-leaf currently */
|
||||
- val_iva = size_order | addr;
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
@@ -457,8 +454,11 @@ static int flush_iotlb_reg(void *_iommu,
|
||||
|
||||
spin_lock_irqsave(&iommu->register_lock, flags);
|
||||
/* Note: Only uses first TLB reg currently */
|
||||
- if ( val_iva )
|
||||
- dmar_writeq(iommu->reg, tlb_offset, val_iva);
|
||||
+ if ( type == DMA_TLB_PSI_FLUSH )
|
||||
+ {
|
||||
+ /* Note: always flush non-leaf currently. */
|
||||
+ dmar_writeq(iommu->reg, tlb_offset, size_order | addr);
|
||||
+ }
|
||||
dmar_writeq(iommu->reg, tlb_offset + 8, val);
|
||||
|
||||
/* Make sure hardware complete it */
|
32
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
Normal file
32
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
Normal file
@ -0,0 +1,32 @@
|
||||
# Commit 941cd44324db7eddc46cba4596fa13d505066ccf
|
||||
# Date 2015-10-13 17:17:52 +0200
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86: hide MWAITX from PV domains
|
||||
|
||||
Since MWAIT is hidden too. (Linux starting with 4.3 is making use of
|
||||
that feature, and is checking for it without looking at the MWAIT one.)
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/traps.c
|
||||
+++ b/xen/arch/x86/traps.c
|
||||
@@ -967,6 +967,7 @@ void pv_cpuid(struct cpu_user_regs *regs
|
||||
__clear_bit(X86_FEATURE_LWP % 32, &c);
|
||||
__clear_bit(X86_FEATURE_NODEID_MSR % 32, &c);
|
||||
__clear_bit(X86_FEATURE_TOPOEXT % 32, &c);
|
||||
+ __clear_bit(X86_FEATURE_MWAITX % 32, &c);
|
||||
break;
|
||||
|
||||
case 0x0000000a: /* Architectural Performance Monitor Features (Intel) */
|
||||
--- a/xen/include/asm-x86/cpufeature.h
|
||||
+++ b/xen/include/asm-x86/cpufeature.h
|
||||
@@ -135,6 +135,7 @@
|
||||
#define X86_FEATURE_TBM (6*32+21) /* trailing bit manipulations */
|
||||
#define X86_FEATURE_TOPOEXT (6*32+22) /* topology extensions CPUID leafs */
|
||||
#define X86_FEATURE_DBEXT (6*32+26) /* data breakpoint extension */
|
||||
+#define X86_FEATURE_MWAITX (6*32+29) /* MWAIT extension (MONITORX/MWAITX) */
|
||||
|
||||
/* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 7 */
|
||||
#define X86_FEATURE_FSGSBASE (7*32+ 0) /* {RD,WR}{FS,GS}BASE instructions */
|
@ -0,0 +1,114 @@
|
||||
# Commit 83281fc9b31396e94c0bfb6550b75c165037a0ad
|
||||
# Date 2015-10-14 12:46:27 +0200
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86/NUMA: fix SRAT table processor entry parsing and consumption
|
||||
|
||||
- don't overrun apicid_to_node[] (possible in the x2APIC case)
|
||||
- don't limit number of processor related SRAT entries we can consume
|
||||
- make acpi_numa_{processor,x2apic}_affinity_init() as similar to one
|
||||
another as possible
|
||||
- print APIC IDs in hex (to ease matching with other log messages), at
|
||||
once making legacy and x2APIC ones distinguishable (by width)
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/numa.c
|
||||
+++ b/xen/arch/x86/numa.c
|
||||
@@ -349,7 +349,7 @@ void __init init_cpu_to_node(void)
|
||||
u32 apicid = x86_cpu_to_apicid[i];
|
||||
if ( apicid == BAD_APICID )
|
||||
continue;
|
||||
- node = apicid_to_node[apicid];
|
||||
+ node = apicid < MAX_LOCAL_APIC ? apicid_to_node[apicid] : NUMA_NO_NODE;
|
||||
if ( node == NUMA_NO_NODE || !node_online(node) )
|
||||
node = 0;
|
||||
numa_set_node(i, node);
|
||||
--- a/xen/arch/x86/setup.c
|
||||
+++ b/xen/arch/x86/setup.c
|
||||
@@ -200,7 +200,7 @@ void __devinit srat_detect_node(int cpu)
|
||||
nodeid_t node;
|
||||
u32 apicid = x86_cpu_to_apicid[cpu];
|
||||
|
||||
- node = apicid_to_node[apicid];
|
||||
+ node = apicid < MAX_LOCAL_APIC ? apicid_to_node[apicid] : NUMA_NO_NODE;
|
||||
if ( node == NUMA_NO_NODE )
|
||||
node = 0;
|
||||
|
||||
--- a/xen/arch/x86/smpboot.c
|
||||
+++ b/xen/arch/x86/smpboot.c
|
||||
@@ -993,7 +993,8 @@ int cpu_add(uint32_t apic_id, uint32_t a
|
||||
cpu = node;
|
||||
goto out;
|
||||
}
|
||||
- apicid_to_node[apic_id] = node;
|
||||
+ if ( apic_id < MAX_LOCAL_APIC )
|
||||
+ apicid_to_node[apic_id] = node;
|
||||
}
|
||||
|
||||
/* Physically added CPUs do not have synchronised TSC. */
|
||||
--- a/xen/arch/x86/srat.c
|
||||
+++ b/xen/arch/x86/srat.c
|
||||
@@ -209,7 +209,6 @@ acpi_numa_x2apic_affinity_init(struct ac
|
||||
{
|
||||
unsigned pxm;
|
||||
nodeid_t node;
|
||||
- u32 apic_id;
|
||||
|
||||
if (srat_disabled())
|
||||
return;
|
||||
@@ -217,8 +216,13 @@ acpi_numa_x2apic_affinity_init(struct ac
|
||||
bad_srat();
|
||||
return;
|
||||
}
|
||||
- if ((pa->flags & ACPI_SRAT_CPU_ENABLED) == 0)
|
||||
+ if (!(pa->flags & ACPI_SRAT_CPU_ENABLED))
|
||||
+ return;
|
||||
+ if (pa->apic_id >= MAX_LOCAL_APIC) {
|
||||
+ printk(KERN_INFO "SRAT: APIC %08x ignored\n", pa->apic_id);
|
||||
return;
|
||||
+ }
|
||||
+
|
||||
pxm = pa->proximity_domain;
|
||||
node = setup_node(pxm);
|
||||
if (node == NUMA_NO_NODE) {
|
||||
@@ -226,11 +230,11 @@ acpi_numa_x2apic_affinity_init(struct ac
|
||||
return;
|
||||
}
|
||||
|
||||
- apic_id = pa->apic_id;
|
||||
- apicid_to_node[apic_id] = node;
|
||||
+ apicid_to_node[pa->apic_id] = node;
|
||||
+ node_set(node, processor_nodes_parsed);
|
||||
acpi_numa = 1;
|
||||
- printk(KERN_INFO "SRAT: PXM %u -> APIC %u -> Node %u\n",
|
||||
- pxm, apic_id, node);
|
||||
+ printk(KERN_INFO "SRAT: PXM %u -> APIC %08x -> Node %u\n",
|
||||
+ pxm, pa->apic_id, node);
|
||||
}
|
||||
|
||||
/* Callback for Proximity Domain -> LAPIC mapping */
|
||||
@@ -262,7 +266,7 @@ acpi_numa_processor_affinity_init(struct
|
||||
apicid_to_node[pa->apic_id] = node;
|
||||
node_set(node, processor_nodes_parsed);
|
||||
acpi_numa = 1;
|
||||
- printk(KERN_INFO "SRAT: PXM %u -> APIC %u -> Node %u\n",
|
||||
+ printk(KERN_INFO "SRAT: PXM %u -> APIC %02x -> Node %u\n",
|
||||
pxm, pa->apic_id, node);
|
||||
}
|
||||
|
||||
--- a/xen/drivers/acpi/numa.c
|
||||
+++ b/xen/drivers/acpi/numa.c
|
||||
@@ -198,9 +198,9 @@ int __init acpi_numa_init(void)
|
||||
/* SRAT: Static Resource Affinity Table */
|
||||
if (!acpi_table_parse(ACPI_SIG_SRAT, acpi_parse_srat)) {
|
||||
acpi_table_parse_srat(ACPI_SRAT_TYPE_X2APIC_CPU_AFFINITY,
|
||||
- acpi_parse_x2apic_affinity, NR_CPUS);
|
||||
+ acpi_parse_x2apic_affinity, 0);
|
||||
acpi_table_parse_srat(ACPI_SRAT_TYPE_CPU_AFFINITY,
|
||||
- acpi_parse_processor_affinity, NR_CPUS);
|
||||
+ acpi_parse_processor_affinity, 0);
|
||||
acpi_table_parse_srat(ACPI_SRAT_TYPE_MEMORY_AFFINITY,
|
||||
acpi_parse_memory_affinity,
|
||||
NR_NODE_MEMBLKS);
|
@ -0,0 +1,49 @@
|
||||
# Commit 29bcf64ce8bc0b1b7aacd00c8668f255c4f0686c
|
||||
# Date 2015-10-29 13:31:10 +0100
|
||||
# Author Julien Grall <julien.grall@citrix.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
arm: Support hypercall_create_continuation for multicall
|
||||
|
||||
Multicall for ARM has been supported since commit f0dbdc6 "xen: arm: fully
|
||||
implement multicall interface.". Although, if an hypercall in multicall
|
||||
requires preemption, it will crash the host:
|
||||
|
||||
(XEN) Xen BUG at domain.c:347
|
||||
(XEN) ----[ Xen-4.7-unstable arm64 debug=y Tainted: C ]----
|
||||
[...]
|
||||
(XEN) Xen call trace:
|
||||
(XEN) [<00000000002420cc>] hypercall_create_continuation+0x64/0x380 (PC)
|
||||
(XEN) [<0000000000217274>] do_memory_op+0x1b00/0x2334 (LR)
|
||||
(XEN) [<0000000000250d2c>] do_multicall_call+0x114/0x124
|
||||
(XEN) [<0000000000217ff0>] do_multicall+0x17c/0x23c
|
||||
(XEN) [<000000000024f97c>] do_trap_hypercall+0x90/0x12c
|
||||
(XEN) [<0000000000251ca8>] do_trap_hypervisor+0xd2c/0x1ba4
|
||||
(XEN) [<00000000002582cc>] guest_sync+0x88/0xb8
|
||||
(XEN)
|
||||
(XEN)
|
||||
(XEN) ****************************************
|
||||
(XEN) Panic on CPU 5:
|
||||
(XEN) Xen BUG at domain.c:347
|
||||
(XEN) ****************************************
|
||||
(XEN)
|
||||
(XEN) Manual reset required ('noreboot' specified)
|
||||
|
||||
Looking to the code, the support of multicall looks valid to me, as we only
|
||||
need to fill call.args[...]. So drop the BUG();
|
||||
|
||||
This is CVE-2015-7812 / XSA-145.
|
||||
|
||||
Signed-off-by: Julien Grall <julien.grall@citrix.com>
|
||||
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
||||
|
||||
--- a/xen/arch/arm/domain.c
|
||||
+++ b/xen/arch/arm/domain.c
|
||||
@@ -344,8 +344,6 @@ unsigned long hypercall_create_continuat
|
||||
|
||||
if ( test_bit(_MCSF_in_multicall, &mcs->flags) )
|
||||
{
|
||||
- BUG(); /* XXX multicalls not implemented yet. */
|
||||
-
|
||||
__set_bit(_MCSF_call_preempted, &mcs->flags);
|
||||
|
||||
for ( i = 0; *p != '\0'; i++ )
|
@ -0,0 +1,42 @@
|
||||
# Commit 1c0e59ff15764e7b0c59282365974f5b8924ce83
|
||||
# Date 2015-10-29 13:33:38 +0100
|
||||
# Author Ian Campbell <ian.campbell@citrix.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
arm: rate-limit logging from unimplemented PHYSDEVOP and HVMOP.
|
||||
|
||||
These are guest accessible and should therefore be rate-limited.
|
||||
Moreover, include them only in debug builds.
|
||||
|
||||
This is CVE-2015-7813 / XSA-146.
|
||||
|
||||
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
||||
|
||||
--- a/xen/arch/arm/hvm.c
|
||||
+++ b/xen/arch/arm/hvm.c
|
||||
@@ -57,7 +57,7 @@ long do_hvm_op(unsigned long op, XEN_GUE
|
||||
|
||||
default:
|
||||
{
|
||||
- printk("%s: Bad HVM op %ld.\n", __func__, op);
|
||||
+ gdprintk(XENLOG_DEBUG, "HVMOP op=%lu: not implemented\n", op);
|
||||
rc = -ENOSYS;
|
||||
break;
|
||||
}
|
||||
--- a/xen/arch/arm/physdev.c
|
||||
+++ b/xen/arch/arm/physdev.c
|
||||
@@ -8,12 +8,13 @@
|
||||
#include <xen/types.h>
|
||||
#include <xen/lib.h>
|
||||
#include <xen/errno.h>
|
||||
+#include <xen/sched.h>
|
||||
#include <asm/hypercall.h>
|
||||
|
||||
|
||||
int do_physdev_op(int cmd, XEN_GUEST_HANDLE_PARAM(void) arg)
|
||||
{
|
||||
- printk("%s %d cmd=%d: not implemented yet\n", __func__, __LINE__, cmd);
|
||||
+ gdprintk(XENLOG_DEBUG, "PHYSDEVOP cmd=%d: not implemented\n", cmd);
|
||||
return -ENOSYS;
|
||||
}
|
||||
|
@ -0,0 +1,40 @@
|
||||
# Commit 1ef01396fdff88b1c3331a09ca5c69619b90f4ea
|
||||
# Date 2015-10-29 13:34:17 +0100
|
||||
# Author Ian Campbell <ian.campbell@citrix.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
arm: handle races between relinquish_memory and free_domheap_pages
|
||||
|
||||
Primarily this means XENMEM_decrease_reservation from a toolstack
|
||||
domain.
|
||||
|
||||
Unlike x86 we have no requirement right now to queue such pages onto
|
||||
a separate list, if we hit this race then the other code has already
|
||||
fully accepted responsibility for freeing this page and therefore
|
||||
there is no more for relinquish_memory to do.
|
||||
|
||||
This is CVE-2015-7814 / XSA-147.
|
||||
|
||||
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
||||
Reviewed-by: Julien Grall <julien.grall@citrix.com>
|
||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
||||
|
||||
--- a/xen/arch/arm/domain.c
|
||||
+++ b/xen/arch/arm/domain.c
|
||||
@@ -768,8 +768,15 @@ static int relinquish_memory(struct doma
|
||||
{
|
||||
/* Grab a reference to the page so it won't disappear from under us. */
|
||||
if ( unlikely(!get_page(page, d)) )
|
||||
- /* Couldn't get a reference -- someone is freeing this page. */
|
||||
- BUG();
|
||||
+ /*
|
||||
+ * Couldn't get a reference -- someone is freeing this page and
|
||||
+ * has already committed to doing so, so no more to do here.
|
||||
+ *
|
||||
+ * Note that the page must be left on the list, a list_del
|
||||
+ * here will clash with the list_del done by the other
|
||||
+ * party in the race and corrupt the list head.
|
||||
+ */
|
||||
+ continue;
|
||||
|
||||
if ( test_and_clear_bit(_PGC_allocated, &page->count_info) )
|
||||
put_page(page);
|
@ -0,0 +1,44 @@
|
||||
# Commit fe360c90ea13f309ef78810f1a2b92f2ae3b30b8
|
||||
# Date 2015-10-29 13:35:07 +0100
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86: guard against undue super page PTE creation
|
||||
|
||||
When optional super page support got added (commit bd1cd81d64 "x86: PV
|
||||
support for hugepages"), two adjustments were missed: mod_l2_entry()
|
||||
needs to consider the PSE and RW bits when deciding whether to use the
|
||||
fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK
|
||||
unconditionally.
|
||||
|
||||
This is CVE-2015-7835 / XSA-148.
|
||||
|
||||
Reported-by: "栾尚聪(好风)" <shangcong.lsc@alibaba-inc.com>
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Tim Deegan <tim@xen.org>
|
||||
|
||||
--- a/xen/arch/x86/mm.c
|
||||
+++ b/xen/arch/x86/mm.c
|
||||
@@ -160,7 +160,10 @@ static void put_superpage(unsigned long
|
||||
static uint32_t base_disallow_mask;
|
||||
/* Global bit is allowed to be set on L1 PTEs. Intended for user mappings. */
|
||||
#define L1_DISALLOW_MASK ((base_disallow_mask | _PAGE_GNTTAB) & ~_PAGE_GLOBAL)
|
||||
-#define L2_DISALLOW_MASK (base_disallow_mask & ~_PAGE_PSE)
|
||||
+
|
||||
+#define L2_DISALLOW_MASK (unlikely(opt_allow_superpage) \
|
||||
+ ? base_disallow_mask & ~_PAGE_PSE \
|
||||
+ : base_disallow_mask)
|
||||
|
||||
#define l3_disallow_mask(d) (!is_pv_32bit_domain(d) ? \
|
||||
base_disallow_mask : 0xFFFFF198U)
|
||||
@@ -1839,7 +1842,10 @@ static int mod_l2_entry(l2_pgentry_t *pl
|
||||
}
|
||||
|
||||
/* Fast path for identical mapping and presence. */
|
||||
- if ( !l2e_has_changed(ol2e, nl2e, _PAGE_PRESENT) )
|
||||
+ if ( !l2e_has_changed(ol2e, nl2e,
|
||||
+ unlikely(opt_allow_superpage)
|
||||
+ ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT
|
||||
+ : _PAGE_PRESENT) )
|
||||
{
|
||||
adjust_guest_l2e(nl2e, d);
|
||||
if ( UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad) )
|
25
5632129c-free-domain-s-vcpu-array.patch
Normal file
25
5632129c-free-domain-s-vcpu-array.patch
Normal file
@ -0,0 +1,25 @@
|
||||
# Commit d46896ebbb23f3a9fef2eb6066ae614fd1acfd96
|
||||
# Date 2015-10-29 13:35:40 +0100
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
free domain's vcpu array
|
||||
|
||||
This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
|
||||
guest").
|
||||
|
||||
This is CVE-2015-7969 / XSA-149.
|
||||
|
||||
Reported-by: Ian Campbell <ian.campbell@citrix.com>
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
|
||||
|
||||
--- a/xen/common/domain.c
|
||||
+++ b/xen/common/domain.c
|
||||
@@ -833,6 +833,7 @@ static void complete_domain_destroy(stru
|
||||
|
||||
xsm_free_security_domain(d);
|
||||
free_cpumask_var(d->domain_dirty_cpumask);
|
||||
+ xfree(d->vcpu);
|
||||
free_domain_struct(d);
|
||||
|
||||
send_global_virq(VIRQ_DOM_EXC);
|
205
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
Normal file
205
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
Normal file
@ -0,0 +1,205 @@
|
||||
# Commit 101ce53266866144e724ed593173bc4098b300b9
|
||||
# Date 2015-10-29 13:36:25 +0100
|
||||
# Author Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86/PoD: Eager sweep for zeroed pages
|
||||
|
||||
Based on the contents of a guests physical address space,
|
||||
p2m_pod_emergency_sweep() could degrade into a linear memcmp() from 0 to
|
||||
max_gfn, which runs non-preemptibly.
|
||||
|
||||
As p2m_pod_emergency_sweep() runs behind the scenes in a number of contexts,
|
||||
making it preemptible is not feasible.
|
||||
|
||||
Instead, a different approach is taken. Recently-populated pages are eagerly
|
||||
checked for reclaimation, which amortises the p2m_pod_emergency_sweep()
|
||||
operation across each p2m_pod_demand_populate() operation.
|
||||
|
||||
Note that in the case that a 2M superpage can't be reclaimed as a superpage,
|
||||
it is shattered if 4K pages of zeros can be reclaimed. This is unfortunate
|
||||
but matches the previous behaviour, and is required to avoid regressions
|
||||
(domain crash from PoD exhaustion) with VMs configured close to the limit.
|
||||
|
||||
This is CVE-2015-7970 / XSA-150.
|
||||
|
||||
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/mm/p2m-pod.c
|
||||
+++ b/xen/arch/x86/mm/p2m-pod.c
|
||||
@@ -901,28 +901,6 @@ p2m_pod_zero_check(struct p2m_domain *p2
|
||||
}
|
||||
|
||||
#define POD_SWEEP_LIMIT 1024
|
||||
-
|
||||
-/* When populating a new superpage, look at recently populated superpages
|
||||
- * hoping that they've been zeroed. This will snap up zeroed pages as soon as
|
||||
- * the guest OS is done with them. */
|
||||
-static void
|
||||
-p2m_pod_check_last_super(struct p2m_domain *p2m, unsigned long gfn_aligned)
|
||||
-{
|
||||
- unsigned long check_gfn;
|
||||
-
|
||||
- ASSERT(p2m->pod.last_populated_index < POD_HISTORY_MAX);
|
||||
-
|
||||
- check_gfn = p2m->pod.last_populated[p2m->pod.last_populated_index];
|
||||
-
|
||||
- p2m->pod.last_populated[p2m->pod.last_populated_index] = gfn_aligned;
|
||||
-
|
||||
- p2m->pod.last_populated_index =
|
||||
- ( p2m->pod.last_populated_index + 1 ) % POD_HISTORY_MAX;
|
||||
-
|
||||
- p2m_pod_zero_check_superpage(p2m, check_gfn);
|
||||
-}
|
||||
-
|
||||
-
|
||||
#define POD_SWEEP_STRIDE 16
|
||||
static void
|
||||
p2m_pod_emergency_sweep(struct p2m_domain *p2m)
|
||||
@@ -963,7 +941,7 @@ p2m_pod_emergency_sweep(struct p2m_domai
|
||||
* NB that this is a zero-sum game; we're increasing our cache size
|
||||
* by re-increasing our 'debt'. Since we hold the pod lock,
|
||||
* (entry_count - count) must remain the same. */
|
||||
- if ( p2m->pod.count > 0 && i < limit )
|
||||
+ if ( i < limit && (p2m->pod.count > 0 || hypercall_preempt_check()) )
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -975,6 +953,58 @@ p2m_pod_emergency_sweep(struct p2m_domai
|
||||
|
||||
}
|
||||
|
||||
+static void pod_eager_reclaim(struct p2m_domain *p2m)
|
||||
+{
|
||||
+ struct pod_mrp_list *mrp = &p2m->pod.mrp;
|
||||
+ unsigned int i = 0;
|
||||
+
|
||||
+ /*
|
||||
+ * Always check one page for reclaimation.
|
||||
+ *
|
||||
+ * If the PoD pool is empty, keep checking some space is found, or all
|
||||
+ * entries have been exhaused.
|
||||
+ */
|
||||
+ do
|
||||
+ {
|
||||
+ unsigned int idx = (mrp->idx + i++) % ARRAY_SIZE(mrp->list);
|
||||
+ unsigned long gfn = mrp->list[idx];
|
||||
+
|
||||
+ if ( gfn != INVALID_GFN )
|
||||
+ {
|
||||
+ if ( gfn & POD_LAST_SUPERPAGE )
|
||||
+ {
|
||||
+ gfn &= ~POD_LAST_SUPERPAGE;
|
||||
+
|
||||
+ if ( p2m_pod_zero_check_superpage(p2m, gfn) == 0 )
|
||||
+ {
|
||||
+ unsigned int x;
|
||||
+
|
||||
+ for ( x = 0; x < SUPERPAGE_PAGES; ++x, ++gfn )
|
||||
+ p2m_pod_zero_check(p2m, &gfn, 1);
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+ p2m_pod_zero_check(p2m, &gfn, 1);
|
||||
+
|
||||
+ mrp->list[idx] = INVALID_GFN;
|
||||
+ }
|
||||
+
|
||||
+ } while ( (p2m->pod.count == 0) && (i < ARRAY_SIZE(mrp->list)) );
|
||||
+}
|
||||
+
|
||||
+static void pod_eager_record(struct p2m_domain *p2m,
|
||||
+ unsigned long gfn, unsigned int order)
|
||||
+{
|
||||
+ struct pod_mrp_list *mrp = &p2m->pod.mrp;
|
||||
+
|
||||
+ ASSERT(mrp->list[mrp->idx] == INVALID_GFN);
|
||||
+ ASSERT(gfn != INVALID_GFN);
|
||||
+
|
||||
+ mrp->list[mrp->idx++] =
|
||||
+ gfn | (order == PAGE_ORDER_2M ? POD_LAST_SUPERPAGE : 0);
|
||||
+ mrp->idx %= ARRAY_SIZE(mrp->list);
|
||||
+}
|
||||
+
|
||||
int
|
||||
p2m_pod_demand_populate(struct p2m_domain *p2m, unsigned long gfn,
|
||||
unsigned int order,
|
||||
@@ -1015,6 +1045,8 @@ p2m_pod_demand_populate(struct p2m_domai
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ pod_eager_reclaim(p2m);
|
||||
+
|
||||
/* Only sweep if we're actually out of memory. Doing anything else
|
||||
* causes unnecessary time and fragmentation of superpages in the p2m. */
|
||||
if ( p2m->pod.count == 0 )
|
||||
@@ -1051,6 +1083,8 @@ p2m_pod_demand_populate(struct p2m_domai
|
||||
p2m->pod.entry_count -= (1 << order);
|
||||
BUG_ON(p2m->pod.entry_count < 0);
|
||||
|
||||
+ pod_eager_record(p2m, gfn_aligned, order);
|
||||
+
|
||||
if ( tb_init_done )
|
||||
{
|
||||
struct {
|
||||
@@ -1066,12 +1100,6 @@ p2m_pod_demand_populate(struct p2m_domai
|
||||
__trace_var(TRC_MEM_POD_POPULATE, 0, sizeof(t), &t);
|
||||
}
|
||||
|
||||
- /* Check the last guest demand-populate */
|
||||
- if ( p2m->pod.entry_count > p2m->pod.count
|
||||
- && (order == PAGE_ORDER_2M)
|
||||
- && (q & P2M_ALLOC) )
|
||||
- p2m_pod_check_last_super(p2m, gfn_aligned);
|
||||
-
|
||||
pod_unlock(p2m);
|
||||
return 0;
|
||||
out_of_memory:
|
||||
--- a/xen/arch/x86/mm/p2m.c
|
||||
+++ b/xen/arch/x86/mm/p2m.c
|
||||
@@ -60,6 +60,7 @@ boolean_param("hap_2mb", opt_hap_2mb);
|
||||
/* Init the datastructures for later use by the p2m code */
|
||||
static int p2m_initialise(struct domain *d, struct p2m_domain *p2m)
|
||||
{
|
||||
+ unsigned int i;
|
||||
int ret = 0;
|
||||
|
||||
mm_rwlock_init(&p2m->lock);
|
||||
@@ -75,6 +76,9 @@ static int p2m_initialise(struct domain
|
||||
|
||||
p2m->np2m_base = P2M_BASE_EADDR;
|
||||
|
||||
+ for ( i = 0; i < ARRAY_SIZE(p2m->pod.mrp.list); ++i )
|
||||
+ p2m->pod.mrp.list[i] = INVALID_GFN;
|
||||
+
|
||||
if ( hap_enabled(d) && cpu_has_vmx )
|
||||
ret = ept_p2m_init(p2m);
|
||||
else
|
||||
--- a/xen/include/asm-x86/p2m.h
|
||||
+++ b/xen/include/asm-x86/p2m.h
|
||||
@@ -292,10 +292,20 @@ struct p2m_domain {
|
||||
entry_count; /* # of pages in p2m marked pod */
|
||||
unsigned long reclaim_single; /* Last gpfn of a scan */
|
||||
unsigned long max_guest; /* gpfn of max guest demand-populate */
|
||||
-#define POD_HISTORY_MAX 128
|
||||
- /* gpfn of last guest superpage demand-populated */
|
||||
- unsigned long last_populated[POD_HISTORY_MAX];
|
||||
- unsigned int last_populated_index;
|
||||
+
|
||||
+ /*
|
||||
+ * Tracking of the most recently populated PoD pages, for eager
|
||||
+ * reclamation.
|
||||
+ */
|
||||
+ struct pod_mrp_list {
|
||||
+#define NR_POD_MRP_ENTRIES 32
|
||||
+
|
||||
+/* Encode ORDER_2M superpage in top bit of GFN */
|
||||
+#define POD_LAST_SUPERPAGE (INVALID_GFN & ~(INVALID_GFN >> 1))
|
||||
+
|
||||
+ unsigned long list[NR_POD_MRP_ENTRIES];
|
||||
+ unsigned int idx;
|
||||
+ } mrp;
|
||||
mm_lock_t lock; /* Locking of private pod structs, *
|
||||
* not relying on the p2m lock. */
|
||||
} pod;
|
32
563212e4-xenoprof-free-domain-s-vcpu-array.patch
Normal file
32
563212e4-xenoprof-free-domain-s-vcpu-array.patch
Normal file
@ -0,0 +1,32 @@
|
||||
# Commit 6e97c4b37386c2d09e09e9b5d5d232e37728b960
|
||||
# Date 2015-10-29 13:36:52 +0100
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
xenoprof: free domain's vcpu array
|
||||
|
||||
This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
|
||||
guest").
|
||||
|
||||
This is CVE-2015-7969 / XSA-151.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
|
||||
|
||||
--- a/xen/common/xenoprof.c
|
||||
+++ b/xen/common/xenoprof.c
|
||||
@@ -239,6 +239,7 @@ static int alloc_xenoprof_struct(
|
||||
d->xenoprof->rawbuf = alloc_xenheap_pages(get_order_from_pages(npages), 0);
|
||||
if ( d->xenoprof->rawbuf == NULL )
|
||||
{
|
||||
+ xfree(d->xenoprof->vcpu);
|
||||
xfree(d->xenoprof);
|
||||
d->xenoprof = NULL;
|
||||
return -ENOMEM;
|
||||
@@ -286,6 +287,7 @@ void free_xenoprof_pages(struct domain *
|
||||
free_xenheap_pages(x->rawbuf, order);
|
||||
}
|
||||
|
||||
+ xfree(x->vcpu);
|
||||
xfree(x);
|
||||
d->xenoprof = NULL;
|
||||
}
|
@ -0,0 +1,70 @@
|
||||
# Commit 95e7415843b94c346e5ba8682665f508f220e04b
|
||||
# Date 2015-10-29 13:37:19 +0100
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86: rate-limit logging in do_xen{oprof,pmu}_op()
|
||||
|
||||
Some of the sub-ops are acessible to all guests, and hence should be
|
||||
rate-limited. In the xenoprof case, just like for XSA-146, include them
|
||||
only in debug builds. Since the vPMU code is rather new, allow them to
|
||||
be always present, but downgrade them to (rate limited) guest messages.
|
||||
|
||||
This is CVE-2015-7971 / XSA-152.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/cpu/vpmu.c
|
||||
+++ b/xen/arch/x86/cpu/vpmu.c
|
||||
@@ -682,8 +682,8 @@ long do_xenpmu_op(unsigned int op, XEN_G
|
||||
vpmu_mode = pmu_params.val;
|
||||
else if ( vpmu_mode != pmu_params.val )
|
||||
{
|
||||
- printk(XENLOG_WARNING
|
||||
- "VPMU: Cannot change mode while active VPMUs exist\n");
|
||||
+ gprintk(XENLOG_WARNING,
|
||||
+ "VPMU: Cannot change mode while active VPMUs exist\n");
|
||||
ret = -EBUSY;
|
||||
}
|
||||
|
||||
@@ -714,8 +714,8 @@ long do_xenpmu_op(unsigned int op, XEN_G
|
||||
vpmu_features = pmu_params.val;
|
||||
else
|
||||
{
|
||||
- printk(XENLOG_WARNING "VPMU: Cannot change features while"
|
||||
- " active VPMUs exist\n");
|
||||
+ gprintk(XENLOG_WARNING,
|
||||
+ "VPMU: Cannot change features while active VPMUs exist\n");
|
||||
ret = -EBUSY;
|
||||
}
|
||||
|
||||
--- a/xen/common/xenoprof.c
|
||||
+++ b/xen/common/xenoprof.c
|
||||
@@ -676,15 +676,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
|
||||
|
||||
if ( (op < 0) || (op > XENOPROF_last_op) )
|
||||
{
|
||||
- printk("xenoprof: invalid operation %d for domain %d\n",
|
||||
- op, current->domain->domain_id);
|
||||
+ gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) )
|
||||
{
|
||||
- printk("xenoprof: dom %d denied privileged operation %d\n",
|
||||
- current->domain->domain_id, op);
|
||||
+ gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op);
|
||||
return -EPERM;
|
||||
}
|
||||
|
||||
@@ -907,8 +905,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H
|
||||
spin_unlock(&xenoprof_lock);
|
||||
|
||||
if ( ret < 0 )
|
||||
- printk("xenoprof: operation %d failed for dom %d (status : %d)\n",
|
||||
- op, current->domain->domain_id, ret);
|
||||
+ gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret);
|
||||
|
||||
return ret;
|
||||
}
|
77
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
Normal file
77
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
Normal file
@ -0,0 +1,77 @@
|
||||
# Commit e294a0c3af9f4443dc692b180fb1771b1cb075e8
|
||||
# Date 2015-10-29 15:11:51 +0000
|
||||
# Author Ian Jackson <ian.jackson@eu.citrix.com>
|
||||
# Committer Ian Jackson <Ian.Jackson@eu.citrix.com>
|
||||
libxl: adjust PoD target by memory fudge, too
|
||||
|
||||
PoD guests need to balloon at least as far as required by PoD, or risk
|
||||
crashing. Currently they don't necessarily know what the right value
|
||||
is, because our memory accounting is (at the very least) confusing.
|
||||
|
||||
Apply the memory limit fudge factor to the in-hypervisor PoD memory
|
||||
target, too. This will increase the size of the guest's PoD cache by
|
||||
the fudge factor LIBXL_MAXMEM_CONSTANT (currently 1Mby). This ensures
|
||||
that even with a slightly-off balloon driver, the guest will be
|
||||
stable even under memory pressure.
|
||||
|
||||
There are two call sites of xc_domain_set_pod_target that need fixing:
|
||||
|
||||
The one in libxl_set_memory_target is straightforward.
|
||||
|
||||
The one in xc_hvm_build_x86.c:setup_guest is more awkward. Simply
|
||||
setting the PoD target differently does not work because the various
|
||||
amounts of memory during domain construction no longer match up.
|
||||
Instead, we adjust the guest memory target in xenstore (but only for
|
||||
PoD guests).
|
||||
|
||||
This introduces a 1Mby discrepancy between the balloon target of a PoD
|
||||
guest at boot, and the target set by an apparently-equivalent `xl
|
||||
mem-set' (or similar) later. This approach is low-risk for a security
|
||||
fix but we need to fix this up properly in xen.git#staging and
|
||||
probably also in stable trees.
|
||||
|
||||
This is XSA-153.
|
||||
|
||||
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
||||
(cherry picked from commit 56fb5fd62320eb40a7517206f9706aa9188d6f7b)
|
||||
|
||||
--- a/tools/libxl/libxl.c
|
||||
+++ b/tools/libxl/libxl.c
|
||||
@@ -4815,7 +4815,7 @@ retry_transaction:
|
||||
}
|
||||
|
||||
rc = xc_domain_set_pod_target(ctx->xch, domid,
|
||||
- new_target_memkb / 4, NULL, NULL, NULL);
|
||||
+ (new_target_memkb + LIBXL_MAXMEM_CONSTANT) / 4, NULL, NULL, NULL);
|
||||
if (rc != 0) {
|
||||
LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR,
|
||||
"xc_domain_set_pod_target domid=%d, memkb=%d "
|
||||
--- a/tools/libxl/libxl_dom.c
|
||||
+++ b/tools/libxl/libxl_dom.c
|
||||
@@ -486,6 +486,7 @@ int libxl__build_post(libxl__gc *gc, uin
|
||||
xs_transaction_t t;
|
||||
char **ents;
|
||||
int i, rc;
|
||||
+ int64_t mem_target_fudge;
|
||||
|
||||
if (info->num_vnuma_nodes && !info->num_vcpu_soft_affinity) {
|
||||
rc = set_vnuma_affinity(gc, domid, info);
|
||||
@@ -518,11 +519,17 @@ int libxl__build_post(libxl__gc *gc, uin
|
||||
}
|
||||
}
|
||||
|
||||
+ mem_target_fudge =
|
||||
+ (info->type == LIBXL_DOMAIN_TYPE_HVM &&
|
||||
+ info->max_memkb > info->target_memkb)
|
||||
+ ? LIBXL_MAXMEM_CONSTANT : 0;
|
||||
+
|
||||
ents = libxl__calloc(gc, 12 + (info->max_vcpus * 2) + 2, sizeof(char *));
|
||||
ents[0] = "memory/static-max";
|
||||
ents[1] = GCSPRINTF("%"PRId64, info->max_memkb);
|
||||
ents[2] = "memory/target";
|
||||
- ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb);
|
||||
+ ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb
|
||||
+ - mem_target_fudge);
|
||||
ents[4] = "memory/videoram";
|
||||
ents[5] = GCSPRINTF("%"PRId64, info->video_memkb);
|
||||
ents[6] = "domid";
|
88
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
Normal file
88
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
Normal file
@ -0,0 +1,88 @@
|
||||
# Commit 59a5061723ba47c0028cf48487e5de551c42a378
|
||||
# Date 2015-11-02 15:33:38 +0100
|
||||
# Author Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86/PoD: Make p2m_pod_empty_cache() restartable
|
||||
|
||||
This avoids a long running operation when destroying a domain with a
|
||||
large PoD cache.
|
||||
|
||||
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/mm/p2m-pod.c
|
||||
+++ b/xen/arch/x86/mm/p2m-pod.c
|
||||
@@ -375,11 +375,11 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
-void
|
||||
-p2m_pod_empty_cache(struct domain *d)
|
||||
+int p2m_pod_empty_cache(struct domain *d)
|
||||
{
|
||||
struct p2m_domain *p2m = p2m_get_hostp2m(d);
|
||||
struct page_info *page;
|
||||
+ unsigned int i;
|
||||
|
||||
/* After this barrier no new PoD activities can happen. */
|
||||
BUG_ON(!d->is_dying);
|
||||
@@ -389,8 +389,6 @@ p2m_pod_empty_cache(struct domain *d)
|
||||
|
||||
while ( (page = page_list_remove_head(&p2m->pod.super)) )
|
||||
{
|
||||
- int i;
|
||||
-
|
||||
for ( i = 0 ; i < SUPERPAGE_PAGES ; i++ )
|
||||
{
|
||||
BUG_ON(page_get_owner(page + i) != d);
|
||||
@@ -398,19 +396,27 @@ p2m_pod_empty_cache(struct domain *d)
|
||||
}
|
||||
|
||||
p2m->pod.count -= SUPERPAGE_PAGES;
|
||||
+
|
||||
+ if ( hypercall_preempt_check() )
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
- while ( (page = page_list_remove_head(&p2m->pod.single)) )
|
||||
+ for ( i = 0; (page = page_list_remove_head(&p2m->pod.single)); ++i )
|
||||
{
|
||||
BUG_ON(page_get_owner(page) != d);
|
||||
page_list_add_tail(page, &d->page_list);
|
||||
|
||||
p2m->pod.count -= 1;
|
||||
+
|
||||
+ if ( i && !(i & 511) && hypercall_preempt_check() )
|
||||
+ goto out;
|
||||
}
|
||||
|
||||
BUG_ON(p2m->pod.count != 0);
|
||||
|
||||
+ out:
|
||||
unlock_page_alloc(p2m);
|
||||
+ return p2m->pod.count ? -ERESTART : 0;
|
||||
}
|
||||
|
||||
int
|
||||
--- a/xen/arch/x86/mm/paging.c
|
||||
+++ b/xen/arch/x86/mm/paging.c
|
||||
@@ -815,7 +815,7 @@ int paging_teardown(struct domain *d)
|
||||
return rc;
|
||||
|
||||
/* Move populate-on-demand cache back to domain_list for destruction */
|
||||
- p2m_pod_empty_cache(d);
|
||||
+ rc = p2m_pod_empty_cache(d);
|
||||
|
||||
return rc;
|
||||
}
|
||||
--- a/xen/include/asm-x86/p2m.h
|
||||
+++ b/xen/include/asm-x86/p2m.h
|
||||
@@ -588,7 +588,7 @@ void p2m_pod_dump_data(struct domain *d)
|
||||
|
||||
/* Move all pages from the populate-on-demand cache to the domain page_list
|
||||
* (usually in preparation for domain destruction) */
|
||||
-void p2m_pod_empty_cache(struct domain *d);
|
||||
+int p2m_pod_empty_cache(struct domain *d);
|
||||
|
||||
/* Set populate-on-demand cache size so that the total memory allocated to a
|
||||
* domain matches target */
|
@ -1,5 +1,7 @@
|
||||
References: bsc#953527 CVE-2015-5307 XSA-156
|
||||
|
||||
# Commit bd2239d9fa975a1ee5bcd27c218ae042cd0a57bc
|
||||
# Date 2015-11-10 12:03:08 +0100
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86/HVM: always intercept #AC and #DB
|
||||
|
||||
Both being benign exceptions, and both being possible to get triggered
|
||||
@ -12,6 +14,10 @@ The specific scenarios:
|
||||
1) #AC may be raised during exception delivery if the handler is set to
|
||||
be a ring-3 one by a 32-bit guest, and the stack is misaligned.
|
||||
|
||||
This is CVE-2015-5307 / XSA-156.
|
||||
|
||||
Reported-by: Benjamin Serebrin <serebrin@google.com>
|
||||
|
||||
2) #DB may be raised during exception delivery when a breakpoint got
|
||||
placed on a data structure involved in delivering the exception. This
|
||||
can result in an endless loop when a 64-bit guest uses a non-zero IST
|
||||
@ -19,17 +25,14 @@ for the vector 1 IDT entry, but even without use of IST the time it
|
||||
takes until a contributory fault would get raised (results depending
|
||||
on the handler) may be quite long.
|
||||
|
||||
This is XSA-156.
|
||||
This is CVE-2015-8104 / XSA-156.
|
||||
|
||||
Reported-by: Benjamin Serebrin <serebrin@google.com>
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
||||
|
||||
Index: xen-4.6.0-testing/xen/arch/x86/hvm/svm/svm.c
|
||||
===================================================================
|
||||
--- xen-4.6.0-testing.orig/xen/arch/x86/hvm/svm/svm.c
|
||||
+++ xen-4.6.0-testing/xen/arch/x86/hvm/svm/svm.c
|
||||
--- a/xen/arch/x86/hvm/svm/svm.c
|
||||
+++ b/xen/arch/x86/hvm/svm/svm.c
|
||||
@@ -1043,10 +1043,11 @@ static void noreturn svm_do_resume(struc
|
||||
unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) )
|
||||
{
|
||||
@ -68,10 +71,8 @@ Index: xen-4.6.0-testing/xen/arch/x86/hvm/svm/svm.c
|
||||
case VMEXIT_EXCEPTION_UD:
|
||||
svm_vmexit_ud_intercept(regs);
|
||||
break;
|
||||
Index: xen-4.6.0-testing/xen/arch/x86/hvm/vmx/vmx.c
|
||||
===================================================================
|
||||
--- xen-4.6.0-testing.orig/xen/arch/x86/hvm/vmx/vmx.c
|
||||
+++ xen-4.6.0-testing/xen/arch/x86/hvm/vmx/vmx.c
|
||||
--- a/xen/arch/x86/hvm/vmx/vmx.c
|
||||
+++ b/xen/arch/x86/hvm/vmx/vmx.c
|
||||
@@ -1224,16 +1224,10 @@ static void vmx_update_host_cr3(struct v
|
||||
|
||||
void vmx_update_debug_state(struct vcpu *v)
|
||||
@ -117,10 +118,8 @@ Index: xen-4.6.0-testing/xen/arch/x86/hvm/vmx/vmx.c
|
||||
case TRAP_nmi:
|
||||
if ( MASK_EXTR(intr_info, INTR_INFO_INTR_TYPE_MASK) !=
|
||||
X86_EVENTTYPE_NMI )
|
||||
Index: xen-4.6.0-testing/xen/include/asm-x86/hvm/hvm.h
|
||||
===================================================================
|
||||
--- xen-4.6.0-testing.orig/xen/include/asm-x86/hvm/hvm.h
|
||||
+++ xen-4.6.0-testing/xen/include/asm-x86/hvm/hvm.h
|
||||
--- a/xen/include/asm-x86/hvm/hvm.h
|
||||
+++ b/xen/include/asm-x86/hvm/hvm.h
|
||||
@@ -384,7 +384,10 @@ static inline int hvm_event_pending(stru
|
||||
(X86_CR4_VMXE | X86_CR4_PAE | X86_CR4_MCE))
|
||||
|
20
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
Normal file
20
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
Normal file
@ -0,0 +1,20 @@
|
||||
# Commit 057e0e72d2a5d598087c5f167ec6a13203a3cf65
|
||||
# Date 2015-11-12 16:59:18 +0100
|
||||
# Author Jan Beulich <jbeulich@suse.com>
|
||||
# Committer Jan Beulich <jbeulich@suse.com>
|
||||
x86/HVM: don't inject #DB with error code
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Andrew Cooper <andrew.cooper@citrix.com>
|
||||
|
||||
--- a/xen/arch/x86/hvm/hvm.c
|
||||
+++ b/xen/arch/x86/hvm/hvm.c
|
||||
@@ -4071,7 +4071,7 @@ void hvm_task_switch(
|
||||
goto out;
|
||||
|
||||
if ( (tss.trace & 1) && !exn_raised )
|
||||
- hvm_inject_hw_exception(TRAP_debug, tss_sel & 0xfff8);
|
||||
+ hvm_inject_hw_exception(TRAP_debug, HVM_DELIVER_NO_ERROR_CODE);
|
||||
|
||||
tr.attr.fields.type = 0xb; /* busy 32-bit tss */
|
||||
hvm_set_segment_register(v, x86_seg_tr, &tr);
|
@ -1,22 +0,0 @@
|
||||
xen: free domain's vcpu array
|
||||
|
||||
This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per
|
||||
guest").
|
||||
|
||||
This is XSA-149.
|
||||
|
||||
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
||||
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
|
||||
|
||||
Index: xen-4.6.0-testing/xen/common/domain.c
|
||||
===================================================================
|
||||
--- xen-4.6.0-testing.orig/xen/common/domain.c
|
||||
+++ xen-4.6.0-testing/xen/common/domain.c
|
||||
@@ -412,6 +412,7 @@ struct domain *domain_create(domid_t dom
|
||||
if ( init_status & INIT_xsm )
|
||||
xsm_free_security_domain(d);
|
||||
free_cpumask_var(d->domain_dirty_cpumask);
|
||||
+ xfree(d->vcpu);
|
||||
free_domain_struct(d);
|
||||
return ERR_PTR(err);
|
||||
}
|
76
block-iscsi
76
block-iscsi
@ -1,76 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Usage: block-iscsi [add tgtname | remove dev]
|
||||
#
|
||||
# This assumes you're running a correctly configured
|
||||
# iscsi target (server) at the other end!
|
||||
# Note that we assume that the passwords for discovery (if needed)
|
||||
# are in /etc/iscsid.conf
|
||||
# and the node session passwords (if required) in the
|
||||
# open-iscsi database below /var/lib/open-iscsi/node.db
|
||||
#
|
||||
# (c) Kurt Garloff <kurt@garloff.de>, 2006-09-04, GNU GPL
|
||||
# Contributors: Jim Fehlig <jfehlig@novell.com>
|
||||
# Stefan de Konink <skinkie@xs4all.nl>
|
||||
|
||||
dir=$(dirname "$0")
|
||||
. "$dir/block-common.sh"
|
||||
|
||||
# echo "DBG:xen/scripts/block-iscsi $1 $2 XENBUS_PATH=$XENBUS_PATH $par $node"
|
||||
|
||||
find_sdev()
|
||||
{
|
||||
unset dev
|
||||
for session in /sys/class/iscsi_session/session*; do
|
||||
if [ "$1" = "`cat $session/targetname 2>/dev/null`" ]; then
|
||||
dev=`basename $session/device/target*/*:0:*/block*/*`
|
||||
return
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
find_sdev_rev()
|
||||
{
|
||||
unset tgt
|
||||
for session in /sys/class/iscsi_session/session*; do
|
||||
dev=`basename $session/device/target*/*:0:*/block*/*`
|
||||
if [ "$dev" = "$1" ]; then
|
||||
tgt=`cat $session/targetname 2>/dev/null`
|
||||
return
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
case "$command" in
|
||||
add)
|
||||
# load modules and start iscsid
|
||||
/etc/init.d/open-iscsi status >/dev/null 2>&1 ||
|
||||
{ /etc/init.d/open-iscsi start >/dev/null 2>&1; sleep 1; }
|
||||
par=`xenstore-read $XENBUS_PATH/params` || true
|
||||
TGTID=`echo $par | sed "s/\/\///g"`
|
||||
while read rec uuid; do
|
||||
if [ "$uuid" = "$TGTID" ]; then
|
||||
find_sdev $TGTID
|
||||
if [ -z "$dev" ]; then
|
||||
/sbin/iscsiadm -m node -T $uuid -p $rec --login || exit 2
|
||||
sleep 4
|
||||
find_sdev $TGTID
|
||||
fi
|
||||
xenstore-write $XENBUS_PATH/node /dev/$dev
|
||||
write_dev /dev/$dev
|
||||
exit 0
|
||||
fi
|
||||
done < <(/sbin/iscsiadm -m node)
|
||||
exit 1
|
||||
;;
|
||||
|
||||
remove)
|
||||
node=`xenstore-read $XENBUS_PATH/node` || true
|
||||
dev=$node; dev=${dev#/dev/}
|
||||
find_sdev_rev $dev
|
||||
if [ -x /sbin/blockdev -a -n "$node" ]; then blockdev --flushbufs "$node"; fi
|
||||
test -z "$tgt" && exit 2
|
||||
/sbin/iscsiadm -m node -T $tgt --logout
|
||||
exit 1
|
||||
;;
|
||||
esac
|
34
block-nbd
34
block-nbd
@ -1,34 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Usage: block-nbd [bind server ctl_port |unbind node]
|
||||
#
|
||||
# The node argument to unbind is the name of the device node we are to
|
||||
# unbind.
|
||||
#
|
||||
# This assumes you're running a correctly configured server at the other end!
|
||||
|
||||
dir=$(dirname "$0")
|
||||
. "$dir/block-common.sh"
|
||||
|
||||
#set -x
|
||||
par=`xenstore-read $XENBUS_PATH/params` || true
|
||||
#echo $par
|
||||
|
||||
case "$command" in
|
||||
add)
|
||||
modprobe nbd
|
||||
for dev in /dev/nbd*; do
|
||||
if nbd-client $par $dev; then
|
||||
xenstore-write $XENBUS_PATH/node $dev
|
||||
write_dev $dev
|
||||
exit 0
|
||||
fi
|
||||
done
|
||||
exit 1
|
||||
;;
|
||||
remove)
|
||||
node=`xenstore-read $XENBUS_PATH/node` || true
|
||||
nbd-client -d $node
|
||||
exit 0
|
||||
;;
|
||||
esac
|
@ -14,7 +14,7 @@ Index: xen-4.6.0-testing/tools/xenstore/Makefile
|
||||
|
||||
xenstore-control: xenstore_control.o $(LIBXENSTORE)
|
||||
$(CC) $< $(LDFLAGS) $(LDLIBS_libxenstore) $(SOCKET_LIBS) -o $@ $(APPEND_LDFLAGS)
|
||||
@@ -145,12 +146,13 @@ endif
|
||||
@@ -145,10 +146,11 @@ endif
|
||||
$(INSTALL_PROG) xenstore-control $(DESTDIR)$(bindir)
|
||||
$(INSTALL_PROG) xenstore $(DESTDIR)$(bindir)
|
||||
set -e ; for c in $(CLIENTS) ; do \
|
||||
@ -23,11 +23,8 @@ Index: xen-4.6.0-testing/tools/xenstore/Makefile
|
||||
done
|
||||
+ $(INSTALL_PROG) domu-xenstore $(DESTDIR)/bin
|
||||
for client in $(CLIENTS_DOMU); do \
|
||||
- $(INSTALL_PROG) $$client $(DESTDIR)/bin/$${client/domu-}; \
|
||||
- $(INSTALL_PROG) $$client $(DESTDIR)$(bindir)/$${client/domu-}; \
|
||||
+ ln -fs domu-xenstore $(DESTDIR)/bin/$${client/domu-}; \
|
||||
done
|
||||
- $(INSTALL_DIR) $(DESTDIR)$(libdir)
|
||||
+ $(INSTALL_DIR) $(DESTDIR)$(libdir)
|
||||
$(INSTALL_DIR) $(DESTDIR)$(libdir)
|
||||
$(INSTALL_SHLIB) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
|
||||
ln -sf libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/libxenstore.so.$(MAJOR)
|
||||
ln -sf libxenstore.so.$(MAJOR) $(DESTDIR)$(libdir)/libxenstore.so
|
||||
|
@ -51,7 +51,7 @@ Index: xen-4.6.0-testing/tools/xenstore/Makefile
|
||||
done
|
||||
- $(INSTALL_DIR) $(DESTDIR)$(libdir)
|
||||
+ for client in $(CLIENTS_DOMU); do \
|
||||
+ $(INSTALL_PROG) $$client $(DESTDIR)/bin/$${client/domu-}; \
|
||||
+ $(INSTALL_PROG) $$client $(DESTDIR)$(bindir)/$${client/domu-}; \
|
||||
+ done
|
||||
+ $(INSTALL_DIR) $(DESTDIR)$(libdir)
|
||||
$(INSTALL_SHLIB) libxenstore.so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)
|
||||
|
38
xen.changes
38
xen.changes
@ -1,3 +1,41 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 24 08:44:57 MST 2015 - carnold@suse.com
|
||||
|
||||
- fate#315712: XEN: Use the PVOPS kernel
|
||||
Turn off building the KMPs now that we are using the pvops kernel
|
||||
xen.spec
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 19 11:18:03 MST 2015 - carnold@suse.com
|
||||
|
||||
- Upstream patches from Jan
|
||||
561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
|
||||
561d20a0-x86-hide-MWAITX-from-PV-domains.patch
|
||||
561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
|
||||
5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
|
||||
56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
|
||||
56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
|
||||
5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
|
||||
5632129c-free-domain-s-vcpu-array.patch (Replaces CVE-2015-7969-xsa149.patch)
|
||||
563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
|
||||
563212e4-xenoprof-free-domain-s-vcpu-array.patch
|
||||
563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
|
||||
56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
|
||||
56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
|
||||
5641ceec-x86-HVM-always-intercept-AC-and-DB.patch (Replaces CVE-2015-5307-xsa156.patch)
|
||||
5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
|
||||
- Dropped 55b0a2db-x86-MSI-track-guest-masking.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 19 07:47:47 UTC 2015 - ohering@suse.de
|
||||
|
||||
- Use upstream variants of block-iscsi and block-nbd
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 19 07:38:06 UTC 2015 - ohering@suse.de
|
||||
|
||||
- Remove xenalyze.hg, its part of xen-4.6
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 10 16:16:24 MDT 2015 - carnold@suse.com
|
||||
|
||||
|
87
xen.spec
87
xen.spec
@ -31,7 +31,7 @@ ExclusiveArch: %ix86 x86_64 %arm aarch64
|
||||
%define with_oxenstored 0
|
||||
#
|
||||
%ifarch x86_64
|
||||
%define with_kmp 1
|
||||
%define with_kmp 0
|
||||
%define with_debug 1
|
||||
%define with_stubdom 1
|
||||
%define with_gdbsx 1
|
||||
@ -59,11 +59,12 @@ ExclusiveArch: %ix86 x86_64 %arm aarch64
|
||||
# EFI requires gcc 4.6 or newer
|
||||
# gcc46 is available in 12.1 or sles11sp2
|
||||
# gcc47 is available in sles11sp3
|
||||
# gcc48 is available in sles11sp4
|
||||
# 12.2+ have gcc 4.7 as default compiler
|
||||
%if %suse_version == 1110
|
||||
%define with_gcc47 1
|
||||
%else
|
||||
%define with_gcc47 0
|
||||
%define with_gcc48 0
|
||||
%if %suse_version == 1110
|
||||
%define with_gcc48 1
|
||||
%endif
|
||||
%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
|
||||
%define with_systemd 0
|
||||
@ -143,6 +144,9 @@ BuildRequires: acpica
|
||||
%if %{?with_gcc47}0
|
||||
BuildRequires: gcc47
|
||||
%endif
|
||||
%if %{?with_gcc48}0
|
||||
BuildRequires: gcc48
|
||||
%endif
|
||||
BuildRequires: glibc-32bit
|
||||
BuildRequires: glibc-devel-32bit
|
||||
%endif
|
||||
@ -158,7 +162,7 @@ BuildRequires: xorg-x11-util-devel
|
||||
%endif
|
||||
%endif
|
||||
|
||||
Version: 4.6.0_02
|
||||
Version: 4.6.0_04
|
||||
Release: 0
|
||||
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
|
||||
License: GPL-2.0
|
||||
@ -175,8 +179,6 @@ Source10: README.SUSE
|
||||
Source11: boot.xen
|
||||
Source12: boot.local.xenU
|
||||
Source15: logrotate.conf
|
||||
Source19: block-nbd
|
||||
Source20: block-iscsi
|
||||
Source21: block-npiv-common.sh
|
||||
Source22: block-npiv
|
||||
Source23: block-npiv-vport
|
||||
@ -199,15 +201,25 @@ Source42: xen-dom0-modules.service
|
||||
Source57: xen-utils-0.1.tar.bz2
|
||||
# For xen-libs
|
||||
Source99: baselibs.conf
|
||||
# http://xenbits.xensource.com/ext/xenalyze
|
||||
Source20000: xenalyze.hg.tar.bz2
|
||||
# Upstream patches
|
||||
Patch1: 55b0a2db-x86-MSI-track-guest-masking.patch
|
||||
Patch2: 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
|
||||
Patch3: 5604f239-x86-PV-properly-populate-descriptor-tables.patch
|
||||
Patch1: 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch
|
||||
Patch2: 5604f239-x86-PV-properly-populate-descriptor-tables.patch
|
||||
Patch3: 561bbc8b-VT-d-don-t-suppress-invalidation-address-write-when-it-is-zero.patch
|
||||
Patch4: 561d2046-VT-d-use-proper-error-codes-in-iommu_enable_x2apic_IR.patch
|
||||
Patch149: CVE-2015-7969-xsa149.patch
|
||||
Patch158: CVE-2015-5307-xsa156.patch
|
||||
Patch5: 561d20a0-x86-hide-MWAITX-from-PV-domains.patch
|
||||
Patch6: 561e3283-x86-NUMA-fix-SRAT-table-processor-entry-parsing-and-consumption.patch
|
||||
Patch7: 5632118e-arm-Support-hypercall_create_continuation-for-multicall.patch
|
||||
Patch8: 56321222-arm-rate-limit-logging-from-unimplemented-PHYSDEVOP-and-HVMOP.patch
|
||||
Patch9: 56321249-arm-handle-races-between-relinquish_memory-and-free_domheap_pages.patch
|
||||
Patch10: 5632127b-x86-guard-against-undue-super-page-PTE-creation.patch
|
||||
Patch11: 5632129c-free-domain-s-vcpu-array.patch
|
||||
Patch12: 563212c9-x86-PoD-Eager-sweep-for-zeroed-pages.patch
|
||||
Patch13: 563212e4-xenoprof-free-domain-s-vcpu-array.patch
|
||||
Patch14: 563212ff-x86-rate-limit-logging-in-do_xen-oprof-pmu-_op.patch
|
||||
Patch15: 56323737-libxl-adjust-PoD-target-by-memory-fudge-too.patch
|
||||
Patch16: 56377442-x86-PoD-Make-p2m_pod_empty_cache-restartable.patch
|
||||
Patch17: 5641ceec-x86-HVM-always-intercept-AC-and-DB.patch
|
||||
Patch18: 5644b756-x86-HVM-don-t-inject-DB-with-error-code.patch
|
||||
# Upstream qemu
|
||||
Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch
|
||||
Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch
|
||||
@ -489,14 +501,26 @@ Authors:
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 57 -a 20000
|
||||
%setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4 -a 5 -a 6 -a 57
|
||||
# Upstream patches
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch149 -p1
|
||||
%patch158 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
# Upstream qemu patches
|
||||
%patch250 -p1
|
||||
%patch251 -p1
|
||||
@ -652,11 +676,6 @@ configure_flags="${configure_flags} --enable-qemu-traditional"
|
||||
%else
|
||||
configure_flags="${configure_flags} --disable-qemu-traditional"
|
||||
%endif
|
||||
%if %{?with_qemu_traditional}0
|
||||
configure_flags="${configure_flags} --enable-blktap1"
|
||||
%else
|
||||
configure_flags="${configure_flags} --disable-blktap1"
|
||||
%endif
|
||||
./configure \
|
||||
--disable-xen \
|
||||
--enable-tools \
|
||||
@ -687,9 +706,6 @@ configure_flags="${configure_flags} --disable-blktap1"
|
||||
make -C tools/include/xen-foreign %{?_smp_mflags}
|
||||
make %{?_smp_mflags}
|
||||
%if %{?with_dom0_support}0
|
||||
%ifarch %ix86 x86_64
|
||||
make -C xenalyze.hg CC="gcc -I../xen/include -DMAX_CPUS=%{max_cpus} ${RPM_OPT_FLAGS}" %{?_smp_mflags} -k
|
||||
%endif
|
||||
make -C tools/xen-utils-0.1 XEN_INTREE_BUILD=yes XEN_ROOT=$PWD
|
||||
%endif
|
||||
#
|
||||
@ -730,7 +746,10 @@ make -C xen install \
|
||||
%if %{?with_gcc47}0
|
||||
CC=gcc-4.7 \
|
||||
%endif
|
||||
max_phys_cpus=%{max_cpus} debug=n crash_debug=n DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
|
||||
%if %{?with_gcc48}0
|
||||
CC=gcc-4.8 \
|
||||
%endif
|
||||
max_phys_cpus=%{max_cpus} debug=n crash_debug=n DEBUG_DIR=/boot DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
|
||||
make -C xen clean
|
||||
install_xen()
|
||||
{
|
||||
@ -740,11 +759,6 @@ install_xen()
|
||||
ext="-$1"
|
||||
mv $RPM_BUILD_ROOT/boot/xen-${XEN_FULLVERSION}%{xen_install_suffix} \
|
||||
$RPM_BUILD_ROOT/boot/xen${ext}-${XEN_FULLVERSION}%{xen_install_suffix}
|
||||
mv $RPM_BUILD_ROOT/usr/lib/debug/xen-syms-${XEN_FULLVERSION} \
|
||||
$RPM_BUILD_ROOT/boot/xen-syms${ext}-${XEN_FULLVERSION}
|
||||
else
|
||||
mv $RPM_BUILD_ROOT/usr/lib/debug/xen-syms-${XEN_FULLVERSION} \
|
||||
$RPM_BUILD_ROOT/boot/xen-syms-${XEN_FULLVERSION}
|
||||
fi
|
||||
rm $RPM_BUILD_ROOT/boot/xen-$XEN_VERSION.$XEN_SUBVERSION%{xen_install_suffix}
|
||||
rm $RPM_BUILD_ROOT/boot/xen-$XEN_VERSION%{xen_install_suffix}
|
||||
@ -757,11 +771,11 @@ install_xen()
|
||||
find $RPM_BUILD_ROOT/boot -ls
|
||||
}
|
||||
%if %{?with_debug}0
|
||||
make -C xen install max_phys_cpus=%{max_cpus} debug=y crash_debug=y DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
|
||||
make -C xen install max_phys_cpus=%{max_cpus} debug=y crash_debug=y DEBUG_DIR=/boot DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
|
||||
install_xen dbg
|
||||
make -C xen clean
|
||||
%endif
|
||||
make -C xen install max_phys_cpus=%{max_cpus} debug=n crash_debug=n DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
|
||||
make -C xen install max_phys_cpus=%{max_cpus} debug=n crash_debug=n DEBUG_DIR=/boot DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
|
||||
install_xen
|
||||
make -C xen clean
|
||||
echo > xen.files.txt
|
||||
@ -770,10 +784,6 @@ if test -d $RPM_BUILD_ROOT%{_libdir}/efi
|
||||
then
|
||||
echo %{_libdir}/efi >> xen.files.txt
|
||||
fi
|
||||
%ifarch x86_64
|
||||
cp -avL xenalyze.hg/dump-raw $RPM_BUILD_ROOT/%{_bindir}/xenalyze.dump-raw
|
||||
cp -avL xenalyze.hg/xenalyze $RPM_BUILD_ROOT/%{_bindir}
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# PV driver modules
|
||||
@ -814,7 +824,7 @@ install -m644 tools/xentrace/formats $RPM_BUILD_ROOT/etc/xen/examples/xentrace_f
|
||||
|
||||
# Scripts
|
||||
rm -f $RPM_BUILD_ROOT/etc/xen/scripts/block-*nbd
|
||||
install -m755 %SOURCE19 %SOURCE20 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE29 $RPM_BUILD_ROOT/etc/xen/scripts/
|
||||
install -m755 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE29 $RPM_BUILD_ROOT/etc/xen/scripts/
|
||||
|
||||
# Xen API remote authentication files
|
||||
install -d $RPM_BUILD_ROOT/etc/pam.d
|
||||
@ -946,7 +956,6 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
|
||||
%defattr(-,root,root)
|
||||
%ifarch %ix86 x86_64
|
||||
/usr/bin/xenalyze
|
||||
/usr/bin/xenalyze.dump-raw
|
||||
%endif
|
||||
/usr/bin/xencons
|
||||
/usr/bin/xenstore*
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:36aabe13da4b7ca0e0f9b61fa1442823e437585ef56b604ab077af20bb93ef67
|
||||
size 126674
|
Loading…
Reference in New Issue
Block a user