diff --git a/25861-x86-early-fixmap.patch b/25861-x86-early-fixmap.patch index 991a615..ffbc89c 100644 --- a/25861-x86-early-fixmap.patch +++ b/25861-x86-early-fixmap.patch @@ -12,10 +12,10 @@ the fixmaps together with other boot time page table construction. Signed-off-by: Jan Beulich Acked-by: Keir Fraser -Index: xen-4.2.0-testing/xen/arch/x86/boot/head.S +Index: xen-4.2.2-testing/xen/arch/x86/boot/head.S =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/boot/head.S -+++ xen-4.2.0-testing/xen/arch/x86/boot/head.S +--- xen-4.2.2-testing.orig/xen/arch/x86/boot/head.S ++++ xen-4.2.2-testing/xen/arch/x86/boot/head.S @@ -3,6 +3,7 @@ #include #include @@ -57,10 +57,10 @@ Index: xen-4.2.0-testing/xen/arch/x86/boot/head.S #endif /* Initialize 4kB mappings of first 2MB or 4MB of memory. */ -Index: xen-4.2.0-testing/xen/arch/x86/efi/boot.c +Index: xen-4.2.2-testing/xen/arch/x86/efi/boot.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/efi/boot.c -+++ xen-4.2.0-testing/xen/arch/x86/efi/boot.c +--- xen-4.2.2-testing.orig/xen/arch/x86/efi/boot.c ++++ xen-4.2.2-testing/xen/arch/x86/efi/boot.c @@ -17,6 +17,9 @@ #include #include @@ -92,11 +92,11 @@ Index: xen-4.2.0-testing/xen/arch/x86/efi/boot.c /* Initialise L3 boot-map page directory entries. */ l3_bootmap[l3_table_offset(xen_phys_start)] = l3e_from_paddr((UINTN)l2_bootmap, __PAGE_HYPERVISOR); -Index: xen-4.2.0-testing/xen/arch/x86/mm.c +Index: xen-4.2.2-testing/xen/arch/x86/mm.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/mm.c -+++ xen-4.2.0-testing/xen/arch/x86/mm.c -@@ -130,6 +130,10 @@ +--- xen-4.2.2-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.2-testing/xen/arch/x86/mm.c +@@ -131,6 +131,10 @@ l1_pgentry_t __attribute__ ((__section__ (".bss.page_aligned"))) l1_identmap[L1_PAGETABLE_ENTRIES]; @@ -107,10 +107,10 @@ Index: xen-4.2.0-testing/xen/arch/x86/mm.c #define MEM_LOG(_f, _a...) gdprintk(XENLOG_WARNING , _f "\n" , ## _a) /* -Index: xen-4.2.0-testing/xen/arch/x86/x86_64/mm.c +Index: xen-4.2.2-testing/xen/arch/x86/x86_64/mm.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/x86_64/mm.c -+++ xen-4.2.0-testing/xen/arch/x86/x86_64/mm.c +--- xen-4.2.2-testing.orig/xen/arch/x86/x86_64/mm.c ++++ xen-4.2.2-testing/xen/arch/x86/x86_64/mm.c @@ -65,6 +65,10 @@ l3_pgentry_t __attribute__ ((__section__ l2_pgentry_t __attribute__ ((__section__ (".bss.page_aligned"))) l2_xenmap[L2_PAGETABLE_ENTRIES]; @@ -122,10 +122,10 @@ Index: xen-4.2.0-testing/xen/arch/x86/x86_64/mm.c /* Enough page directories to map into the bottom 1GB. */ l3_pgentry_t __attribute__ ((__section__ (".bss.page_aligned"))) l3_bootmap[L3_PAGETABLE_ENTRIES]; -Index: xen-4.2.0-testing/xen/include/asm-x86/config.h +Index: xen-4.2.2-testing/xen/include/asm-x86/config.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/config.h -+++ xen-4.2.0-testing/xen/include/asm-x86/config.h +--- xen-4.2.2-testing.orig/xen/include/asm-x86/config.h ++++ xen-4.2.2-testing/xen/include/asm-x86/config.h @@ -317,7 +317,7 @@ extern unsigned char boot_edid_info[128] #define MACHPHYS_MBYTES 16 /* 1 MB needed per 1 GB memory */ #define FRAMETABLE_MBYTES (MACHPHYS_MBYTES * 6) @@ -135,10 +135,10 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/config.h #define IOREMAP_VIRT_START (IOREMAP_VIRT_END - (IOREMAP_MBYTES<<20)) #define DIRECTMAP_VIRT_END IOREMAP_VIRT_START #define DIRECTMAP_VIRT_START (DIRECTMAP_VIRT_END - (DIRECTMAP_MBYTES<<20)) -Index: xen-4.2.0-testing/xen/include/asm-x86/fixmap.h +Index: xen-4.2.2-testing/xen/include/asm-x86/fixmap.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/fixmap.h -+++ xen-4.2.0-testing/xen/include/asm-x86/fixmap.h +--- xen-4.2.2-testing.orig/xen/include/asm-x86/fixmap.h ++++ xen-4.2.2-testing/xen/include/asm-x86/fixmap.h @@ -13,12 +13,17 @@ #define _ASM_FIXMAP_H @@ -158,7 +158,7 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/fixmap.h #include #include #include -@@ -66,7 +71,6 @@ enum fixed_addresses { +@@ -68,7 +73,6 @@ enum fixed_addresses { __end_of_fixed_addresses }; @@ -166,17 +166,17 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/fixmap.h #define FIXADDR_SIZE (__end_of_fixed_addresses << PAGE_SHIFT) #define FIXADDR_START (FIXADDR_TOP - FIXADDR_SIZE) -@@ -90,4 +94,6 @@ static inline unsigned long virt_to_fix( +@@ -92,4 +96,6 @@ static inline unsigned long virt_to_fix( return __virt_to_fix(vaddr); } +#endif /* __ASSEMBLY__ */ + #endif -Index: xen-4.2.0-testing/xen/include/asm-x86/page.h +Index: xen-4.2.2-testing/xen/include/asm-x86/page.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/page.h -+++ xen-4.2.0-testing/xen/include/asm-x86/page.h +--- xen-4.2.2-testing.orig/xen/include/asm-x86/page.h ++++ xen-4.2.2-testing/xen/include/asm-x86/page.h @@ -1,6 +1,8 @@ #ifndef __X86_PAGE_H__ #define __X86_PAGE_H__ @@ -203,10 +203,10 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/page.h void paging_init(void); void setup_idle_pagetable(void); #endif /* !defined(__ASSEMBLY__) */ -Index: xen-4.2.0-testing/xen/include/xen/const.h +Index: xen-4.2.2-testing/xen/include/xen/const.h =================================================================== --- /dev/null -+++ xen-4.2.0-testing/xen/include/xen/const.h ++++ xen-4.2.2-testing/xen/include/xen/const.h @@ -0,0 +1,24 @@ +/* const.h: Macros for dealing with constants. */ + diff --git a/25863-sercon-ehci-dbgp.patch b/25863-sercon-ehci-dbgp.patch index f176e05..301bfc0 100644 --- a/25863-sercon-ehci-dbgp.patch +++ b/25863-sercon-ehci-dbgp.patch @@ -14,8 +14,10 @@ Signed-off-by: Jan Beulich Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Keir Fraser ---- a/docs/misc/xen-command-line.markdown -+++ b/docs/misc/xen-command-line.markdown +Index: xen-4.2.2-testing/docs/misc/xen-command-line.markdown +=================================================================== +--- xen-4.2.2-testing.orig/docs/misc/xen-command-line.markdown ++++ xen-4.2.2-testing/docs/misc/xen-command-line.markdown @@ -244,7 +244,7 @@ A typical setup for most situations migh Specify the size of the console ring buffer. @@ -47,8 +49,10 @@ Acked-by: Keir Fraser ### debug\_stack\_lines > `= ` ---- a/xen/arch/x86/Rules.mk -+++ b/xen/arch/x86/Rules.mk +Index: xen-4.2.2-testing/xen/arch/x86/Rules.mk +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/Rules.mk ++++ xen-4.2.2-testing/xen/arch/x86/Rules.mk @@ -7,6 +7,7 @@ HAS_CPUFREQ := y HAS_PCI := y HAS_PASSTHROUGH := y @@ -57,8 +61,10 @@ Acked-by: Keir Fraser HAS_KEXEC := y HAS_GDBSX := y xenoprof := y ---- a/xen/arch/x86/physdev.c -+++ b/xen/arch/x86/physdev.c +Index: xen-4.2.2-testing/xen/arch/x86/physdev.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/physdev.c ++++ xen-4.2.2-testing/xen/arch/x86/physdev.c @@ -8,6 +8,7 @@ #include #include @@ -67,7 +73,7 @@ Acked-by: Keir Fraser #include #include #include -@@ -722,6 +723,19 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H +@@ -734,6 +735,19 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H break; } @@ -87,8 +93,10 @@ Acked-by: Keir Fraser default: ret = -ENOSYS; break; ---- a/xen/arch/x86/setup.c -+++ b/xen/arch/x86/setup.c +Index: xen-4.2.2-testing/xen/arch/x86/setup.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/setup.c ++++ xen-4.2.2-testing/xen/arch/x86/setup.c @@ -606,6 +606,7 @@ void __init __start_xen(unsigned long mb ns16550.io_base = 0x2f8; ns16550.irq = 3; @@ -97,16 +105,20 @@ Acked-by: Keir Fraser console_init_preirq(); printk("Bootloader: %s\n", loader); ---- a/xen/drivers/char/Makefile -+++ b/xen/drivers/char/Makefile +Index: xen-4.2.2-testing/xen/drivers/char/Makefile +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/char/Makefile ++++ xen-4.2.2-testing/xen/drivers/char/Makefile @@ -1,4 +1,5 @@ obj-y += console.o obj-$(HAS_NS16550) += ns16550.o obj-$(HAS_PL011) += pl011.o +obj-$(HAS_EHCI) += ehci-dbgp.o obj-y += serial.o +Index: xen-4.2.2-testing/xen/drivers/char/ehci-dbgp.c +=================================================================== --- /dev/null -+++ b/xen/drivers/char/ehci-dbgp.c ++++ xen-4.2.2-testing/xen/drivers/char/ehci-dbgp.c @@ -0,0 +1,1577 @@ +/* + * Standalone EHCI USB debug driver @@ -1685,8 +1697,10 @@ Acked-by: Keir Fraser + + return -ENOSYS; +} ---- a/xen/drivers/char/serial.c -+++ b/xen/drivers/char/serial.c +Index: xen-4.2.2-testing/xen/drivers/char/serial.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/char/serial.c ++++ xen-4.2.2-testing/xen/drivers/char/serial.c @@ -265,6 +265,14 @@ int __init serial_parse_handle(char *con { int handle; @@ -1702,8 +1716,10 @@ Acked-by: Keir Fraser if ( strncmp(conf, "com", 3) ) goto fail; ---- a/xen/include/asm-x86/fixmap.h -+++ b/xen/include/asm-x86/fixmap.h +Index: xen-4.2.2-testing/xen/include/asm-x86/fixmap.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/fixmap.h ++++ xen-4.2.2-testing/xen/include/asm-x86/fixmap.h @@ -36,7 +36,15 @@ * from the end of virtual memory backwards. */ @@ -1721,9 +1737,11 @@ Acked-by: Keir Fraser #ifdef __i386__ FIX_PAE_HIGHMEM_0, FIX_PAE_HIGHMEM_END = FIX_PAE_HIGHMEM_0 + NR_CPUS-1, ---- a/xen/include/public/physdev.h -+++ b/xen/include/public/physdev.h -@@ -312,6 +312,24 @@ struct physdev_pci_device { +Index: xen-4.2.2-testing/xen/include/public/physdev.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/public/physdev.h ++++ xen-4.2.2-testing/xen/include/public/physdev.h +@@ -318,6 +318,24 @@ struct physdev_pci_device { typedef struct physdev_pci_device physdev_pci_device_t; DEFINE_XEN_GUEST_HANDLE(physdev_pci_device_t); @@ -1748,8 +1766,10 @@ Acked-by: Keir Fraser /* * Notify that some PIRQ-bound event channels have been unmasked. * ** This command is obsolete since interface version 0x00030202 and is ** ---- a/xen/include/xen/serial.h -+++ b/xen/include/xen/serial.h +Index: xen-4.2.2-testing/xen/include/xen/serial.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/serial.h ++++ xen-4.2.2-testing/xen/include/xen/serial.h @@ -69,9 +69,10 @@ struct uart_driver { }; diff --git a/25912-partial-libxl.patch b/25912-partial-libxl.patch deleted file mode 100644 index baafd03..0000000 --- a/25912-partial-libxl.patch +++ /dev/null @@ -1,146 +0,0 @@ -No functional change. - -The purpose is to make it easier to backport patches from Xen 4.3's -libxl, as Xen 4.3's libxl has had this done: - - libxl: Enable -Wshadow. - - It was convenient to invent $(CFLAGS_LIBXL) to do this. - - Various renamings to avoid shadowing standard functions: - - index(3) - - listen(2) - - link(2) - - abort(3) - - abs(3) - - Signed-off-by: Ian Campbell - -In this patch we do not change the others, and we do not enable --Wshadow. We're just trying to bring 4.2's libxl textually closer to -4.3's. - -Signed-off-by: Ian Jackson ---- - tools/libxl/libxl_event.c | 34 +++++++++++++++++----------------- - 1 files changed, 17 insertions(+), 17 deletions(-) - -Index: xen-4.2.1-testing/tools/libxl/libxl_event.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_event.c -+++ xen-4.2.1-testing/tools/libxl/libxl_event.c -@@ -167,15 +167,15 @@ static void time_insert_finite(libxl__gc - } - - static int time_register_finite(libxl__gc *gc, libxl__ev_time *ev, -- struct timeval abs) -+ struct timeval absolute) - { - int rc; - -- rc = OSEVENT_HOOK(timeout_register, &ev->for_app_reg, abs, ev); -+ rc = OSEVENT_HOOK(timeout_register, &ev->for_app_reg, absolute, ev); - if (rc) return rc; - - ev->infinite = 0; -- ev->abs = abs; -+ ev->abs = absolute; - time_insert_finite(gc, ev); - - return 0; -@@ -202,16 +202,16 @@ static void time_done_debug(libxl__gc *g - - int libxl__ev_time_register_abs(libxl__gc *gc, libxl__ev_time *ev, - libxl__ev_time_callback *func, -- struct timeval abs) -+ struct timeval absolute) - { - int rc; - - CTX_LOCK; - - DBG("ev_time=%p register abs=%lu.%06lu", -- ev, (unsigned long)abs.tv_sec, (unsigned long)abs.tv_usec); -+ ev, (unsigned long)absolute.tv_sec, (unsigned long)absolute.tv_usec); - -- rc = time_register_finite(gc, ev, abs); -+ rc = time_register_finite(gc, ev, absolute); - if (rc) goto out; - - ev->func = func; -@@ -228,7 +228,7 @@ int libxl__ev_time_register_rel(libxl__g - libxl__ev_time_callback *func, - int milliseconds /* as for poll(2) */) - { -- struct timeval abs; -+ struct timeval absolute; - int rc; - - CTX_LOCK; -@@ -238,10 +238,10 @@ int libxl__ev_time_register_rel(libxl__g - if (milliseconds < 0) { - ev->infinite = 1; - } else { -- rc = time_rel_to_abs(gc, milliseconds, &abs); -+ rc = time_rel_to_abs(gc, milliseconds, &absolute); - if (rc) goto out; - -- rc = time_register_finite(gc, ev, abs); -+ rc = time_register_finite(gc, ev, absolute); - if (rc) goto out; - } - -@@ -255,26 +255,26 @@ int libxl__ev_time_register_rel(libxl__g - } - - int libxl__ev_time_modify_abs(libxl__gc *gc, libxl__ev_time *ev, -- struct timeval abs) -+ struct timeval absolute) - { - int rc; - - CTX_LOCK; - - DBG("ev_time=%p modify abs==%lu.%06lu", -- ev, (unsigned long)abs.tv_sec, (unsigned long)abs.tv_usec); -+ ev, (unsigned long)absolute.tv_sec, (unsigned long)absolute.tv_usec); - - assert(libxl__ev_time_isregistered(ev)); - - if (ev->infinite) { -- rc = time_register_finite(gc, ev, abs); -+ rc = time_register_finite(gc, ev, absolute); - if (rc) goto out; - } else { -- rc = OSEVENT_HOOK(timeout_modify, &ev->for_app_reg, abs); -+ rc = OSEVENT_HOOK(timeout_modify, &ev->for_app_reg, absolute); - if (rc) goto out; - - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); -- ev->abs = abs; -+ ev->abs = absolute; - time_insert_finite(gc, ev); - } - -@@ -288,7 +288,7 @@ int libxl__ev_time_modify_abs(libxl__gc - int libxl__ev_time_modify_rel(libxl__gc *gc, libxl__ev_time *ev, - int milliseconds) - { -- struct timeval abs; -+ struct timeval absolute; - int rc; - - CTX_LOCK; -@@ -304,10 +304,10 @@ int libxl__ev_time_modify_rel(libxl__gc - goto out; - } - -- rc = time_rel_to_abs(gc, milliseconds, &abs); -+ rc = time_rel_to_abs(gc, milliseconds, &absolute); - if (rc) goto out; - -- rc = libxl__ev_time_modify_abs(gc, ev, abs); -+ rc = libxl__ev_time_modify_abs(gc, ev, absolute); - if (rc) goto out; - - rc = 0; diff --git a/25920-x86-APICV-enable.patch b/25920-x86-APICV-enable.patch index ee7ff85..983e58e 100644 --- a/25920-x86-APICV-enable.patch +++ b/25920-x86-APICV-enable.patch @@ -17,16 +17,14 @@ Signed-off-by: Jiongxi Li --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c -@@ -823,6 +823,14 @@ static int vlapic_write(struct vcpu *v, +@@ -822,6 +822,12 @@ static int vlapic_write(struct vcpu *v, return rc; } +int vlapic_apicv_write(struct vcpu *v, unsigned int offset) +{ + uint32_t val = vlapic_get_reg(vcpu_vlapic(v), offset); -+ -+ vlapic_reg_write(v, offset, val); -+ return 0; ++ return vlapic_reg_write(v, offset, val); +} + int hvm_x2apic_msr_write(struct vcpu *v, unsigned int msr, uint64_t msr_content) @@ -59,7 +57,7 @@ Signed-off-by: Jiongxi Li MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -2274,6 +2274,16 @@ static void vmx_idtv_reinject(unsigned l +@@ -2279,6 +2279,16 @@ static void vmx_idtv_reinject(unsigned l } } @@ -76,7 +74,7 @@ Signed-off-by: Jiongxi Li void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned int exit_reason, idtv_info, intr_info = 0, vector = 0; -@@ -2729,6 +2739,11 @@ void vmx_vmexit_handler(struct cpu_user_ +@@ -2741,6 +2751,11 @@ void vmx_vmexit_handler(struct cpu_user_ break; } diff --git a/25921-x86-APICV-delivery.patch b/25921-x86-APICV-delivery.patch index 0053af6..e6cc867 100644 --- a/25921-x86-APICV-delivery.patch +++ b/25921-x86-APICV-delivery.patch @@ -51,7 +51,7 @@ Committed-by: Keir Fraser int vlapic_ipi( struct vlapic *vlapic, uint32_t icr_low, uint32_t icr_high) { -@@ -1000,6 +1011,14 @@ void vlapic_adjust_i8259_target(struct d +@@ -996,6 +1007,14 @@ void vlapic_adjust_i8259_target(struct d pt_adjust_global_vcpu_target(v); } @@ -66,7 +66,7 @@ Committed-by: Keir Fraser int vlapic_has_pending_irq(struct vcpu *v) { struct vlapic *vlapic = vcpu_vlapic(v); -@@ -1012,6 +1031,9 @@ int vlapic_has_pending_irq(struct vcpu * +@@ -1008,6 +1027,9 @@ int vlapic_has_pending_irq(struct vcpu * if ( irr == -1 ) return -1; @@ -76,7 +76,7 @@ Committed-by: Keir Fraser isr = vlapic_find_highest_isr(vlapic); isr = (isr != -1) ? isr : 0; if ( (isr & 0xf0) >= (irr & 0xf0) ) -@@ -1024,6 +1046,9 @@ int vlapic_ack_pending_irq(struct vcpu * +@@ -1020,6 +1042,9 @@ int vlapic_ack_pending_irq(struct vcpu * { struct vlapic *vlapic = vcpu_vlapic(v); @@ -88,7 +88,7 @@ Committed-by: Keir Fraser --- a/xen/arch/x86/hvm/vmx/intr.c +++ b/xen/arch/x86/hvm/vmx/intr.c -@@ -206,6 +206,7 @@ void vmx_intr_assist(void) +@@ -209,6 +209,7 @@ void vmx_intr_assist(void) struct vcpu *v = current; unsigned int tpr_threshold = 0; enum hvm_intblk intblk; @@ -96,7 +96,7 @@ Committed-by: Keir Fraser /* Block event injection when single step with MTF. */ if ( unlikely(v->arch.hvm_vcpu.single_step) ) -@@ -216,7 +217,7 @@ void vmx_intr_assist(void) +@@ -219,7 +220,7 @@ void vmx_intr_assist(void) } /* Crank the handle on interrupt state. */ @@ -105,7 +105,7 @@ Committed-by: Keir Fraser do { intack = hvm_vcpu_has_pending_irq(v); -@@ -227,16 +228,34 @@ void vmx_intr_assist(void) +@@ -230,16 +231,34 @@ void vmx_intr_assist(void) goto out; intblk = hvm_interrupt_blocked(v, intack); @@ -145,7 +145,7 @@ Committed-by: Keir Fraser { enable_intr_window(v, intack); goto out; -@@ -253,6 +272,44 @@ void vmx_intr_assist(void) +@@ -256,6 +275,44 @@ void vmx_intr_assist(void) { hvm_inject_hw_exception(TRAP_machine_check, HVM_DELIVER_NO_ERROR_CODE); } @@ -190,7 +190,7 @@ Committed-by: Keir Fraser else { HVMTRACE_2D(INJ_VIRQ, intack.vector, /*fake=*/ 0); -@@ -262,11 +319,16 @@ void vmx_intr_assist(void) +@@ -265,11 +322,16 @@ void vmx_intr_assist(void) /* Is there another IRQ to queue up behind this one? */ intack = hvm_vcpu_has_pending_irq(v); @@ -291,7 +291,7 @@ Committed-by: Keir Fraser struct arch_vmx_struct *arch_vmx = &v->arch.hvm_vmx; --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1502,6 +1502,22 @@ static void vmx_set_info_guest(struct vc +@@ -1507,6 +1507,22 @@ static void vmx_set_info_guest(struct vc vmx_vmcs_exit(v); } @@ -314,7 +314,7 @@ Committed-by: Keir Fraser static struct hvm_function_table __read_mostly vmx_function_table = { .name = "VMX", .cpu_up_prepare = vmx_cpu_up_prepare, -@@ -1548,7 +1564,9 @@ static struct hvm_function_table __read_ +@@ -1553,7 +1569,9 @@ static struct hvm_function_table __read_ .nhvm_vmcx_guest_intercepts_trap = nvmx_intercepts_exception, .nhvm_vcpu_vmexit_trap = nvmx_vmexit_trap, .nhvm_intr_blocked = nvmx_intr_blocked, @@ -325,7 +325,7 @@ Committed-by: Keir Fraser }; struct hvm_function_table * __init start_vmx(void) -@@ -2284,6 +2302,17 @@ static int vmx_handle_apic_write(void) +@@ -2289,6 +2307,17 @@ static int vmx_handle_apic_write(void) return vlapic_apicv_write(current, offset); } @@ -343,7 +343,7 @@ Committed-by: Keir Fraser void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned int exit_reason, idtv_info, intr_info = 0, vector = 0; -@@ -2677,6 +2706,16 @@ void vmx_vmexit_handler(struct cpu_user_ +@@ -2689,6 +2718,16 @@ void vmx_vmexit_handler(struct cpu_user_ hvm_inject_hw_exception(TRAP_gp_fault, 0); break; diff --git a/25922-x86-APICV-x2APIC.patch b/25922-x86-APICV-x2APIC.patch index 6a4f55e..7c0bad8 100644 --- a/25922-x86-APICV-x2APIC.patch +++ b/25922-x86-APICV-x2APIC.patch @@ -16,8 +16,10 @@ corresponding x2apic MSRs: Signed-off-by: Jiongxi Li Committed-by: Keir Fraser ---- a/xen/arch/x86/hvm/vmx/vmcs.c -+++ b/xen/arch/x86/hvm/vmx/vmcs.c +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmcs.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmcs.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmcs.c @@ -658,7 +658,7 @@ static void vmx_set_host_env(struct vcpu (unsigned long)&get_cpu_info()->guest_cpu_user_regs.error_code); } @@ -82,9 +84,11 @@ Committed-by: Keir Fraser } /* I/O access bitmap. */ ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -2036,7 +2036,7 @@ static int vmx_msr_write_intercept(unsig +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -2041,7 +2041,7 @@ static int vmx_msr_write_intercept(unsig for ( ; (rc == 0) && lbr->count; lbr++ ) for ( i = 0; (rc == 0) && (i < lbr->count); i++ ) if ( (rc = vmx_add_guest_msr(lbr->base + i)) == 0 ) @@ -93,8 +97,10 @@ Committed-by: Keir Fraser } if ( (rc < 0) || ---- a/xen/include/asm-x86/hvm/vmx/vmcs.h -+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h +Index: xen-4.2.2-testing/xen/include/asm-x86/hvm/vmx/vmcs.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/hvm/vmx/vmcs.h ++++ xen-4.2.2-testing/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -407,7 +407,9 @@ enum vmcs_field { #define VMCS_VPID_WIDTH 16 @@ -106,9 +112,11 @@ Committed-by: Keir Fraser int vmx_read_guest_msr(u32 msr, u64 *val); int vmx_write_guest_msr(u32 msr, u64 val); int vmx_add_guest_msr(u32 msr); ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h -@@ -291,6 +291,9 @@ +Index: xen-4.2.2-testing/xen/include/asm-x86/msr-index.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/msr-index.h ++++ xen-4.2.2-testing/xen/include/asm-x86/msr-index.h +@@ -293,6 +293,9 @@ #define MSR_IA32_APICBASE_ENABLE (1<<11) #define MSR_IA32_APICBASE_BASE (0xfffff<<12) #define MSR_IA32_APICBASE_MSR 0x800 diff --git a/25952-x86-MMIO-remap-permissions.patch b/25952-x86-MMIO-remap-permissions.patch index d28e54a..1fee502 100644 --- a/25952-x86-MMIO-remap-permissions.patch +++ b/25952-x86-MMIO-remap-permissions.patch @@ -17,11 +17,11 @@ domain's permission is sufficient. Signed-off-by: Daniel De Graaf Committed-by: Jan Beulich -Index: xen-4.2.0-testing/xen/arch/x86/mm.c +Index: xen-4.2.2-testing/xen/arch/x86/mm.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/mm.c -+++ xen-4.2.0-testing/xen/arch/x86/mm.c -@@ -883,6 +883,19 @@ get_page_from_l1e( +--- xen-4.2.2-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.2-testing/xen/arch/x86/mm.c +@@ -884,6 +884,19 @@ get_page_from_l1e( return -EINVAL; } diff --git a/25957-x86-TSC-adjust-HVM.patch b/25957-x86-TSC-adjust-HVM.patch index d1f3b06..861e2ad 100644 --- a/25957-x86-TSC-adjust-HVM.patch +++ b/25957-x86-TSC-adjust-HVM.patch @@ -24,10 +24,10 @@ would be happy when sync tsc. Signed-off-by: Liu, Jinsong Committed-by: Jan Beulich -Index: xen-4.2.0-testing/xen/arch/x86/hvm/hvm.c +Index: xen-4.2.2-testing/xen/arch/x86/hvm/hvm.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/hvm/hvm.c -+++ xen-4.2.0-testing/xen/arch/x86/hvm/hvm.c +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/hvm.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/hvm.c @@ -244,6 +244,7 @@ int hvm_set_guest_pat(struct vcpu *v, u6 void hvm_set_guest_tsc(struct vcpu *v, u64 guest_tsc) { @@ -103,10 +103,10 @@ Index: xen-4.2.0-testing/xen/arch/x86/hvm/hvm.c paging_update_paging_modes(v); v->arch.flags |= TF_kernel_mode; -Index: xen-4.2.0-testing/xen/include/asm-x86/hvm/vcpu.h +Index: xen-4.2.2-testing/xen/include/asm-x86/hvm/vcpu.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/hvm/vcpu.h -+++ xen-4.2.0-testing/xen/include/asm-x86/hvm/vcpu.h +--- xen-4.2.2-testing.orig/xen/include/asm-x86/hvm/vcpu.h ++++ xen-4.2.2-testing/xen/include/asm-x86/hvm/vcpu.h @@ -137,6 +137,7 @@ struct hvm_vcpu { struct hvm_vcpu_asid n1asid; @@ -115,11 +115,11 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/hvm/vcpu.h /* VPMU */ struct vpmu_struct vpmu; -Index: xen-4.2.0-testing/xen/include/asm-x86/msr-index.h +Index: xen-4.2.2-testing/xen/include/asm-x86/msr-index.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/msr-index.h -+++ xen-4.2.0-testing/xen/include/asm-x86/msr-index.h -@@ -284,6 +284,7 @@ +--- xen-4.2.2-testing.orig/xen/include/asm-x86/msr-index.h ++++ xen-4.2.2-testing/xen/include/asm-x86/msr-index.h +@@ -286,6 +286,7 @@ #define MSR_IA32_PLATFORM_ID 0x00000017 #define MSR_IA32_EBL_CR_POWERON 0x0000002a #define MSR_IA32_EBC_FREQUENCY_ID 0x0000002c diff --git a/25975-x86-IvyBridge.patch b/25975-x86-IvyBridge.patch index 399488a..9521b76 100644 --- a/25975-x86-IvyBridge.patch +++ b/25975-x86-IvyBridge.patch @@ -10,8 +10,10 @@ And some initial Haswell ones at once. Signed-off-by: Jan Beulich Acked-by: "Nakajima, Jun" ---- a/xen/arch/x86/acpi/cpu_idle.c -+++ b/xen/arch/x86/acpi/cpu_idle.c +Index: xen-4.2.2-testing/xen/arch/x86/acpi/cpu_idle.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/acpi/cpu_idle.c ++++ xen-4.2.2-testing/xen/arch/x86/acpi/cpu_idle.c @@ -105,11 +105,15 @@ static void do_get_hw_residencies(void * switch ( c->x86_model ) @@ -30,9 +32,11 @@ Acked-by: "Nakajima, Jun" GET_PC2_RES(hw_res->pc2); GET_CC7_RES(hw_res->cc7); /* fall through */ ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1820,7 +1820,9 @@ static const struct lbr_info *last_branc +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -1825,7 +1825,9 @@ static const struct lbr_info *last_branc /* Sandy Bridge */ case 42: case 45: /* Ivy Bridge */ @@ -43,9 +47,11 @@ Acked-by: "Nakajima, Jun" return nh_lbr; break; /* Atom */ ---- a/xen/arch/x86/hvm/vmx/vpmu_core2.c -+++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c -@@ -747,6 +747,7 @@ int vmx_vpmu_initialise(struct vcpu *v, +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vpmu_core2.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vpmu_core2.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vpmu_core2.c +@@ -747,6 +747,7 @@ int vmx_vpmu_initialise(struct vcpu *v, case 46: case 47: case 58: diff --git a/26062-ACPI-ERST-move-data.patch b/26062-ACPI-ERST-move-data.patch deleted file mode 100644 index 963274d..0000000 --- a/26062-ACPI-ERST-move-data.patch +++ /dev/null @@ -1,93 +0,0 @@ -# HG changeset patch -# User Huang Ying -# Date 1350475926 -7200 -# Node ID ec8a091efcce717584b00ce76e3cec40a6247ebc -# Parent 4b4c0c7a6031820ab521fdd6764cb0df157f44bf -ACPI/APEI: fix ERST MOVE_DATA instruction implementation - -The src_base and dst_base fields in apei_exec_context are physical -address, so they should be ioremaped before being used in ERST -MOVE_DATA instruction. - -Reported-by: Javier Martinez Canillas -Reported-by: Andrew Morton -Signed-off-by: Huang Ying - -Replace use of ioremap() by __acpi_map_table()/set_fixmap(). Fix error -handling. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser -Committed-by: Jan Beulich - ---- a/xen/drivers/acpi/apei/erst.c -+++ b/xen/drivers/acpi/apei/erst.c -@@ -247,15 +247,64 @@ static int erst_exec_move_data(struct ap - { - int rc; - u64 offset; -+#ifdef CONFIG_X86 -+ enum fixed_addresses idx; -+#endif -+ void *src, *dst; -+ -+ /* ioremap does not work in interrupt context */ -+ if (in_irq()) { -+ printk(KERN_WARNING -+ "MOVE_DATA cannot be used in interrupt context\n"); -+ return -EBUSY; -+ } - - rc = __apei_exec_read_register(entry, &offset); - if (rc) - return rc; -- memmove((void *)(unsigned long)(ctx->dst_base + offset), -- (void *)(unsigned long)(ctx->src_base + offset), -- ctx->var2); - -- return 0; -+#ifdef CONFIG_X86 -+ switch (ctx->var2) { -+ case 0: -+ return 0; -+ case 1 ... PAGE_SIZE: -+ break; -+ default: -+ printk(KERN_WARNING -+ "MOVE_DATA cannot be used for %#"PRIx64" bytes of data\n", -+ ctx->var2); -+ return -EOPNOTSUPP; -+ } -+ -+ src = __acpi_map_table(ctx->src_base + offset, ctx->var2); -+#else -+ src = ioremap(ctx->src_base + offset, ctx->var2); -+#endif -+ if (!src) -+ return -ENOMEM; -+ -+#ifdef CONFIG_X86 -+ BUILD_BUG_ON(FIX_ACPI_PAGES < 4); -+ idx = virt_to_fix((unsigned long)src + 2 * PAGE_SIZE); -+ offset += ctx->dst_base; -+ dst = (void *)fix_to_virt(idx) + (offset & ~PAGE_MASK); -+ set_fixmap(idx, offset); -+ if (PFN_DOWN(offset) != PFN_DOWN(offset + ctx->var2 - 1)) { -+ idx = virt_to_fix((unsigned long)dst + PAGE_SIZE); -+ set_fixmap(idx, offset + PAGE_SIZE); -+ } -+#else -+ dst = ioremap(ctx->dst_base + offset, ctx->var2); -+#endif -+ if (dst) { -+ memmove(dst, src, ctx->var2); -+ iounmap(dst); -+ } else -+ rc = -ENOMEM; -+ -+ iounmap(src); -+ -+ return rc; - } - - static struct apei_exec_ins_type erst_ins_type[] = { diff --git a/26133-IOMMU-defer-BM-disable.patch b/26133-IOMMU-defer-BM-disable.patch index 7e006d4..5674ed9 100644 --- a/26133-IOMMU-defer-BM-disable.patch +++ b/26133-IOMMU-defer-BM-disable.patch @@ -15,9 +15,11 @@ Signed-off-by: Jan Beulich Acked-by: Tim Deegan Acked-by: Dario Faggioli ---- a/xen/drivers/passthrough/amd/iommu_init.c -+++ b/xen/drivers/passthrough/amd/iommu_init.c -@@ -564,7 +564,7 @@ static hw_irq_controller iommu_msi_type +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_init.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/iommu_init.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_init.c +@@ -564,7 +564,7 @@ static hw_irq_controller iommu_msi_type static void parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) { @@ -47,9 +49,11 @@ Acked-by: Dario Faggioli } else { ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -214,6 +214,7 @@ static int device_assigned(u16 seg, u8 b +Index: xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +@@ -218,6 +218,7 @@ static int device_assigned(u16 seg, u8 b static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn) { struct hvm_iommu *hd = domain_hvm_iommu(d); @@ -57,7 +61,7 @@ Acked-by: Dario Faggioli int rc = 0; if ( !iommu_enabled || !hd->platform_ops ) -@@ -227,6 +228,10 @@ static int assign_device(struct domain * +@@ -231,6 +232,10 @@ static int assign_device(struct domain * return -EXDEV; spin_lock(&pcidevs_lock); @@ -68,7 +72,7 @@ Acked-by: Dario Faggioli if ( (rc = hd->platform_ops->assign_device(d, seg, bus, devfn)) ) goto done; -@@ -378,6 +383,8 @@ int deassign_device(struct domain *d, u1 +@@ -382,6 +387,8 @@ int deassign_device(struct domain *d, u1 return ret; } @@ -77,8 +81,10 @@ Acked-by: Dario Faggioli if ( !has_arch_pdevs(d) && need_iommu(d) ) { d->need_iommu = 0; ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c @@ -637,6 +637,36 @@ int __init pci_device_detect(u16 seg, u8 return 1; } @@ -116,8 +122,10 @@ Acked-by: Dario Faggioli /* * scan pci devices to add all existed PCI devices to alldevs_list, * and setup pci hierarchy in array bus2bridge. ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -936,7 +936,7 @@ static void __do_iommu_page_fault(struct while (1) { @@ -144,9 +152,11 @@ Acked-by: Dario Faggioli fault_index++; if ( fault_index > cap_num_fault_regs(iommu->cap) ) ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -64,6 +64,11 @@ struct pci_dev { +Index: xen-4.2.2-testing/xen/include/xen/pci.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci.h ++++ xen-4.2.2-testing/xen/include/xen/pci.h +@@ -65,6 +65,11 @@ struct pci_dev { const u8 devfn; struct pci_dev_info info; struct arch_pci_dev arch; @@ -158,7 +168,7 @@ Acked-by: Dario Faggioli u64 vf_rlen[6]; }; -@@ -106,6 +111,7 @@ void arch_pci_ro_device(int seg, int bdf +@@ -107,6 +112,7 @@ void arch_pci_ro_device(int seg, int bdf struct pci_dev *pci_get_pdev(int seg, int bus, int devfn); struct pci_dev *pci_get_pdev_by_domain( struct domain *, int seg, int bus, int devfn); diff --git a/26183-x86-HPET-masking.patch b/26183-x86-HPET-masking.patch deleted file mode 100644 index c8cb5e0..0000000 --- a/26183-x86-HPET-masking.patch +++ /dev/null @@ -1,88 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1353575003 -3600 -# Node ID c139ca92edca2fab8ec95deb7fd9e4246c3fe28d -# Parent af6b72a224e99a4a516fbc2eecc06ada569304e8 -x86/HPET: fix FSB interrupt masking - -HPET_TN_FSB is not really suitable for masking interrupts - it merely -switches between the two delivery methods. The right way of masking is -through the HPET_TN_ENABLE bit (which really is an interrupt enable, -not a counter enable or some such). This is even more so with certain -chip sets not even allowing HPET_TN_FSB to be cleared on some of the -channels. - -Further, all the setup of the channel should happen before actually -enabling the interrupt, which requires splitting legacy and FSB logic. - -Finally this also fixes an S3 resume problem (HPET_TN_FSB did not get -set in hpet_broadcast_resume(), and hpet_msi_unmask() doesn't get -called from the general resume code either afaict). - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/arch/x86/hpet.c -+++ b/xen/arch/x86/hpet.c -@@ -236,7 +236,7 @@ static void hpet_msi_unmask(struct irq_d - struct hpet_event_channel *ch = desc->action->dev_id; - - cfg = hpet_read32(HPET_Tn_CFG(ch->idx)); -- cfg |= HPET_TN_FSB; -+ cfg |= HPET_TN_ENABLE; - hpet_write32(cfg, HPET_Tn_CFG(ch->idx)); - } - -@@ -246,7 +246,7 @@ static void hpet_msi_mask(struct irq_des - struct hpet_event_channel *ch = desc->action->dev_id; - - cfg = hpet_read32(HPET_Tn_CFG(ch->idx)); -- cfg &= ~HPET_TN_FSB; -+ cfg &= ~HPET_TN_ENABLE; - hpet_write32(cfg, HPET_Tn_CFG(ch->idx)); - } - -@@ -319,8 +319,14 @@ static void __hpet_setup_msi_irq(struct - static int __init hpet_setup_msi_irq(unsigned int irq, struct hpet_event_channel *ch) - { - int ret; -+ u32 cfg = hpet_read32(HPET_Tn_CFG(ch->idx)); - irq_desc_t *desc = irq_to_desc(irq); - -+ /* set HPET Tn as oneshot */ -+ cfg &= ~(HPET_TN_LEVEL | HPET_TN_PERIODIC); -+ cfg |= HPET_TN_FSB | HPET_TN_32BIT; -+ hpet_write32(cfg, HPET_Tn_CFG(ch->idx)); -+ - desc->handler = &hpet_msi_type; - ret = request_irq(irq, hpet_interrupt_handler, 0, "HPET", ch); - if ( ret < 0 ) -@@ -541,11 +547,14 @@ void __init hpet_broadcast_init(void) - - for ( i = 0; i < n; i++ ) - { -- /* set HPET Tn as oneshot */ -- cfg = hpet_read32(HPET_Tn_CFG(hpet_events[i].idx)); -- cfg &= ~(HPET_TN_LEVEL | HPET_TN_PERIODIC); -- cfg |= HPET_TN_ENABLE | HPET_TN_32BIT; -- hpet_write32(cfg, HPET_Tn_CFG(hpet_events[i].idx)); -+ if ( i == 0 && (cfg & HPET_CFG_LEGACY) ) -+ { -+ /* set HPET T0 as oneshot */ -+ cfg = hpet_read32(HPET_Tn_CFG(0)); -+ cfg &= ~(HPET_TN_LEVEL | HPET_TN_PERIODIC); -+ cfg |= HPET_TN_ENABLE | HPET_TN_32BIT; -+ hpet_write32(cfg, HPET_Tn_CFG(0)); -+ } - - /* - * The period is a femto seconds value. We need to calculate the scaled -@@ -602,6 +611,8 @@ void hpet_broadcast_resume(void) - cfg = hpet_read32(HPET_Tn_CFG(hpet_events[i].idx)); - cfg &= ~(HPET_TN_LEVEL | HPET_TN_PERIODIC); - cfg |= HPET_TN_ENABLE | HPET_TN_32BIT; -+ if ( !(hpet_events[i].flags & HPET_EVT_LEGACY) ) -+ cfg |= HPET_TN_FSB; - hpet_write32(cfg, HPET_Tn_CFG(hpet_events[i].idx)); - - hpet_events[i].next_event = STIME_MAX; diff --git a/26200-IOMMU-debug-verbose.patch b/26200-IOMMU-debug-verbose.patch deleted file mode 100644 index 23778b2..0000000 --- a/26200-IOMMU-debug-verbose.patch +++ /dev/null @@ -1,28 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1354118456 -3600 -# Node ID 836697b197462f89a4d296da9482d1719dcc0836 -# Parent 1fce7522daa6bab9fce93b95adf592193c904097 -IOMMU: imply "verbose" from "debug" - -I think that generally enabling debugging code without also enabling -verbose output is rather pointless; if someone really wants this, they -can always pass e.g. "iommu=debug,no-verbose". - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -91,7 +91,11 @@ static void __init parse_iommu_param(cha - else if ( !strcmp(s, "intremap") ) - iommu_intremap = val; - else if ( !strcmp(s, "debug") ) -+ { - iommu_debug = val; -+ if ( val ) -+ iommu_verbose = 1; -+ } - else if ( !strcmp(s, "amd-iommu-perdev-intremap") ) - amd_iommu_perdev_intremap = val; - else if ( !strcmp(s, "dom0-passthrough") ) diff --git a/26235-IOMMU-ATS-max-queue-depth.patch b/26235-IOMMU-ATS-max-queue-depth.patch deleted file mode 100644 index 2cc6c38..0000000 --- a/26235-IOMMU-ATS-max-queue-depth.patch +++ /dev/null @@ -1,52 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1354697534 -3600 -# Node ID 670b07e8d7382229639af0d1df30071e6c1ebb19 -# Parent bc624b00d6d601f00a53c2f7502a82dcef60f882 -IOMMU/ATS: fix maximum queue depth calculation - -The capabilities register field is a 5-bit value, and the 5 bits all -being zero actually means 32 entries. - -Under the assumption that amd_iommu_flush_iotlb() really just tried -to correct for the miscalculation above when adding 32 to the value, -that adjustment is also being removed. - -Signed-off-by: Jan Beulich -Acked-by Xiantao Zhang -Acked-by: Wei Huang - ---- a/xen/drivers/passthrough/amd/iommu_cmd.c -+++ b/xen/drivers/passthrough/amd/iommu_cmd.c -@@ -321,7 +321,7 @@ void amd_iommu_flush_iotlb(struct pci_de - - req_id = get_dma_requestor_id(iommu->seg, bdf); - queueid = req_id; -- maxpend = (ats_pdev->ats_queue_depth + 32) & 0xff; -+ maxpend = ats_pdev->ats_queue_depth & 0xff; - - /* send INVALIDATE_IOTLB_PAGES command */ - spin_lock_irqsave(&iommu->lock, flags); ---- a/xen/drivers/passthrough/ats.h -+++ b/xen/drivers/passthrough/ats.h -@@ -30,7 +30,7 @@ struct pci_ats_dev { - - #define ATS_REG_CAP 4 - #define ATS_REG_CTL 6 --#define ATS_QUEUE_DEPTH_MASK 0xF -+#define ATS_QUEUE_DEPTH_MASK 0x1f - #define ATS_ENABLE (1<<15) - - extern struct list_head ats_devices; ---- a/xen/drivers/passthrough/x86/ats.c -+++ b/xen/drivers/passthrough/x86/ats.c -@@ -93,7 +93,8 @@ int enable_ats_device(int seg, int bus, - pdev->devfn = devfn; - value = pci_conf_read16(seg, bus, PCI_SLOT(devfn), - PCI_FUNC(devfn), pos + ATS_REG_CAP); -- pdev->ats_queue_depth = value & ATS_QUEUE_DEPTH_MASK; -+ pdev->ats_queue_depth = value & ATS_QUEUE_DEPTH_MASK ?: -+ ATS_QUEUE_DEPTH_MASK + 1; - list_add(&pdev->list, &ats_devices); - } - diff --git a/26252-VMX-nested-rflags.patch b/26252-VMX-nested-rflags.patch deleted file mode 100644 index 77b8e09..0000000 --- a/26252-VMX-nested-rflags.patch +++ /dev/null @@ -1,28 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354812866 0 -# Node ID 312f0713dfc98635fd9ed4b42481581489faa28f -# Parent bfd8e96fa3f157630f9698401a1f040ca1776c8e -nested vmx: fix rflags status in virtual vmexit - -As stated in SDM, all bits (except for those 1-reserved) in rflags -would be set to 0 in VM exit. Therefore we need to follow this logic -in virtual_vmexit. - -Signed-off-by: Xiantao Zhang -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -990,7 +990,8 @@ static void virtual_vmexit(struct cpu_us - - regs->eip = __get_vvmcs(nvcpu->nv_vvmcx, HOST_RIP); - regs->esp = __get_vvmcs(nvcpu->nv_vvmcx, HOST_RSP); -- regs->eflags = __vmread(GUEST_RFLAGS); -+ /* VM exit clears all bits except bit 1 */ -+ regs->eflags = 0x2; - - /* updating host cr0 to sync TS bit */ - __vmwrite(HOST_CR0, v->arch.hvm_vmx.host_cr0); diff --git a/26253-VMX-nested-rdtsc.patch b/26253-VMX-nested-rdtsc.patch deleted file mode 100644 index 87c0b7c..0000000 --- a/26253-VMX-nested-rdtsc.patch +++ /dev/null @@ -1,46 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354812981 0 -# Node ID a09150b57ace2fa786dcaefa958f0b197b1b6d4c -# Parent 312f0713dfc98635fd9ed4b42481581489faa28f -nested vmx: fix handling of RDTSC - -If L0 is to handle the TSC access, then we need to update guest EIP by -calling update_guest_eip(). - -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1613,7 +1613,7 @@ static int get_instruction_length(void) - return len; - } - --static void update_guest_eip(void) -+void update_guest_eip(void) - { - struct cpu_user_regs *regs = guest_cpu_user_regs(); - unsigned long x; ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -1558,6 +1558,7 @@ int nvmx_n2_vmexit_handler(struct cpu_us - tsc += __get_vvmcs(nvcpu->nv_vvmcx, TSC_OFFSET); - regs->eax = (uint32_t)tsc; - regs->edx = (uint32_t)(tsc >> 32); -+ update_guest_eip(); - - return 1; - } ---- a/xen/include/asm-x86/hvm/vmx/vmx.h -+++ b/xen/include/asm-x86/hvm/vmx/vmx.h -@@ -396,6 +396,8 @@ void ept_p2m_init(struct p2m_domain *p2m - void ept_walk_table(struct domain *d, unsigned long gfn); - void setup_ept_dump(void); - -+void update_guest_eip(void); -+ - /* EPT violation qualifications definitions */ - #define _EPT_READ_VIOLATION 0 - #define EPT_READ_VIOLATION (1UL<<_EPT_READ_VIOLATION) diff --git a/26254-VMX-nested-dr.patch b/26254-VMX-nested-dr.patch deleted file mode 100644 index 5aa3792..0000000 --- a/26254-VMX-nested-dr.patch +++ /dev/null @@ -1,27 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354813009 0 -# Node ID e6eb1e52da7cfcb1a7697b35b4d842f35107d1ed -# Parent a09150b57ace2fa786dcaefa958f0b197b1b6d4c -nested vmx: fix DR access VM exit - -For DR register, we use lazy restore mechanism when access -it. Therefore when receiving such VM exit, L0 should be responsible to -switch to the right DR values, then inject to L1 hypervisor. - -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -1585,7 +1585,8 @@ int nvmx_n2_vmexit_handler(struct cpu_us - break; - case EXIT_REASON_DR_ACCESS: - ctrl = __n2_exec_control(v); -- if ( ctrl & CPU_BASED_MOV_DR_EXITING ) -+ if ( (ctrl & CPU_BASED_MOV_DR_EXITING) && -+ v->arch.hvm_vcpu.flag_dr_dirty ) - nvcpu->nv_vmexit_pending = 1; - break; - case EXIT_REASON_INVLPG: diff --git a/26255-VMX-nested-ia32e-mode.patch b/26255-VMX-nested-ia32e-mode.patch deleted file mode 100644 index 68a2cd7..0000000 --- a/26255-VMX-nested-ia32e-mode.patch +++ /dev/null @@ -1,30 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354813046 0 -# Node ID 1ed1507fa0407f1da715d04fe1b510e81ca4fb31 -# Parent e6eb1e52da7cfcb1a7697b35b4d842f35107d1ed -nested vmx: enable IA32E mode while do VM entry - -Some VMMs may check the platform capability to judge whether long -mode guest is supported. Therefore we need to expose this bit to -guest VMM. - -Xen on Xen works fine in current solution because Xen doesn't -check this capability but directly set it in VMCS if guest -supports long mode. - -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -1351,7 +1351,7 @@ int nvmx_msr_read_intercept(unsigned int - case MSR_IA32_VMX_ENTRY_CTLS: - /* bit 0-8, and 12 must be 1 (refer G5 of SDM) */ - data = 0x11ff; -- data = (data << 32) | data; -+ data = ((data | VM_ENTRY_IA32E_MODE) << 32) | data; - break; - - case IA32_FEATURE_CONTROL_MSR: diff --git a/26258-VMX-nested-intr-delivery.patch b/26258-VMX-nested-intr-delivery.patch deleted file mode 100644 index f80dd49..0000000 --- a/26258-VMX-nested-intr-delivery.patch +++ /dev/null @@ -1,45 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354813139 0 -# Node ID 90831c29bfde6aac013b7e5ec98934a4953c31c9 -# Parent 25dd352265ca23750f1a1a983124b36f518c4384 -nested vmx: fix interrupt delivery to L2 guest - -While delivering interrupt into L2 guest, L0 hypervisor need to check -whether L1 hypervisor wants to own the interrupt, if not, directly -inject the interrupt into L2 guest. - -Signed-off-by: Xiantao Zhang -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/intr.c -+++ b/xen/arch/x86/hvm/vmx/intr.c -@@ -163,7 +163,7 @@ enum hvm_intblk nvmx_intr_blocked(struct - - static int nvmx_intr_intercept(struct vcpu *v, struct hvm_intack intack) - { -- u32 exit_ctrl; -+ u32 ctrl; - - if ( nvmx_intr_blocked(v) != hvm_intblk_none ) - { -@@ -176,11 +176,14 @@ static int nvmx_intr_intercept(struct vc - if ( intack.source == hvm_intsrc_pic || - intack.source == hvm_intsrc_lapic ) - { -+ ctrl = __get_vvmcs(vcpu_nestedhvm(v).nv_vvmcx, PIN_BASED_VM_EXEC_CONTROL); -+ if ( !(ctrl & PIN_BASED_EXT_INTR_MASK) ) -+ return 0; -+ - vmx_inject_extint(intack.vector); - -- exit_ctrl = __get_vvmcs(vcpu_nestedhvm(v).nv_vvmcx, -- VM_EXIT_CONTROLS); -- if ( exit_ctrl & VM_EXIT_ACK_INTR_ON_EXIT ) -+ ctrl = __get_vvmcs(vcpu_nestedhvm(v).nv_vvmcx, VM_EXIT_CONTROLS); -+ if ( ctrl & VM_EXIT_ACK_INTR_ON_EXIT ) - { - /* for now, duplicate the ack path in vmx_intr_assist */ - hvm_vcpu_ack_pending_irq(v, intack); diff --git a/26266-sched-ratelimit-check.patch b/26266-sched-ratelimit-check.patch deleted file mode 100644 index 7dd5444..0000000 --- a/26266-sched-ratelimit-check.patch +++ /dev/null @@ -1,70 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1355134467 -3600 -# Node ID 8d209624ea83b272e1ebd713a928c38d4782f4f1 -# Parent f96a0cda12160f497981a37f6922a1ed7db9a462 -scheduler: fix rate limit range checking - -For one, neither of the two checks permitted for the documented value -of zero (disabling the functionality altogether). - -Second, the range checking of the command line parameter was done by -the credit scheduler's initialization code, despite it being a generic -scheduler option. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/common/sched_credit.c -+++ b/xen/common/sched_credit.c -@@ -846,8 +846,9 @@ csched_sys_cntl(const struct scheduler * - case XEN_SYSCTL_SCHEDOP_putinfo: - if (params->tslice_ms > XEN_SYSCTL_CSCHED_TSLICE_MAX - || params->tslice_ms < XEN_SYSCTL_CSCHED_TSLICE_MIN -- || params->ratelimit_us > XEN_SYSCTL_SCHED_RATELIMIT_MAX -- || params->ratelimit_us < XEN_SYSCTL_SCHED_RATELIMIT_MIN -+ || (params->ratelimit_us -+ && (params->ratelimit_us > XEN_SYSCTL_SCHED_RATELIMIT_MAX -+ || params->ratelimit_us < XEN_SYSCTL_SCHED_RATELIMIT_MIN)) - || MICROSECS(params->ratelimit_us) > MILLISECS(params->tslice_ms) ) - goto out; - prv->tslice_ms = params->tslice_ms; -@@ -1607,17 +1608,6 @@ csched_init(struct scheduler *ops) - sched_credit_tslice_ms = CSCHED_DEFAULT_TSLICE_MS; - } - -- if ( sched_ratelimit_us > XEN_SYSCTL_SCHED_RATELIMIT_MAX -- || sched_ratelimit_us < XEN_SYSCTL_SCHED_RATELIMIT_MIN ) -- { -- printk("WARNING: sched_ratelimit_us outside of valid range [%d,%d].\n" -- " Resetting to default %u\n", -- XEN_SYSCTL_SCHED_RATELIMIT_MIN, -- XEN_SYSCTL_SCHED_RATELIMIT_MAX, -- SCHED_DEFAULT_RATELIMIT_US); -- sched_ratelimit_us = SCHED_DEFAULT_RATELIMIT_US; -- } -- - prv->tslice_ms = sched_credit_tslice_ms; - prv->ticks_per_tslice = CSCHED_TICKS_PER_TSLICE; - if ( prv->tslice_ms < prv->ticks_per_tslice ) ---- a/xen/common/schedule.c -+++ b/xen/common/schedule.c -@@ -1322,6 +1322,18 @@ void __init scheduler_init(void) - if ( SCHED_OP(&ops, init) ) - panic("scheduler returned error on init\n"); - -+ if ( sched_ratelimit_us && -+ (sched_ratelimit_us > XEN_SYSCTL_SCHED_RATELIMIT_MAX -+ || sched_ratelimit_us < XEN_SYSCTL_SCHED_RATELIMIT_MIN) ) -+ { -+ printk("WARNING: sched_ratelimit_us outside of valid range [%d,%d].\n" -+ " Resetting to default %u\n", -+ XEN_SYSCTL_SCHED_RATELIMIT_MIN, -+ XEN_SYSCTL_SCHED_RATELIMIT_MAX, -+ SCHED_DEFAULT_RATELIMIT_US); -+ sched_ratelimit_us = SCHED_DEFAULT_RATELIMIT_US; -+ } -+ - idle_domain = domain_create(DOMID_IDLE, 0, 0); - BUG_ON(IS_ERR(idle_domain)); - idle_domain->vcpu = idle_vcpu; diff --git a/26287-sched-credit-pick-idle.patch b/26287-sched-credit-pick-idle.patch deleted file mode 100644 index 3807bb0..0000000 --- a/26287-sched-credit-pick-idle.patch +++ /dev/null @@ -1,82 +0,0 @@ -# HG changeset patch -# User Dario Faggioli -# Date 1355854218 0 -# Node ID 127c2c47d440eb7f3248ab5561909e326af7e328 -# Parent d5c0389bf26c89969ebce71927f34f6b923af949 -xen: sched_credit: improve picking up the idle CPU for a VCPU - -In _csched_cpu_pick() we try to select the best possible CPU for -running a VCPU, considering the characteristics of the underlying -hardware (i.e., how many threads, core, sockets, and how busy they -are). What we want is "the idle execution vehicle with the most -idling neighbours in its grouping". - -In order to achieve it, we select a CPU from the VCPU's affinity, -giving preference to its current processor if possible, as the basis -for the comparison with all the other CPUs. Problem is, to discount -the VCPU itself when computing this "idleness" (in an attempt to be -fair wrt its current processor), we arbitrarily and unconditionally -consider that selected CPU as idle, even when it is not the case, -for instance: - 1. If the CPU is not the one where the VCPU is running (perhaps due - to the affinity being changed); - 2. The CPU is where the VCPU is running, but it has other VCPUs in - its runq, so it won't go idle even if the VCPU in question goes. - -This is exemplified in the trace below: - -] 3.466115364 x|------|------| d10v1 22005(2:2:5) 3 [ a 1 8 ] - ... ... ... - 3.466122856 x|------|------| d10v1 runstate_change d10v1 - running->offline - 3.466123046 x|------|------| d?v? runstate_change d32767v0 - runnable->running - ... ... ... -] 3.466126887 x|------|------| d32767v0 28004(2:8:4) 3 [ a 1 8 ] - -22005(...) line (the first line) means _csched_cpu_pick() was called -on VCPU 1 of domain 10, while it is running on CPU 0, and it choose -CPU 8, which is busy ('|'), even if there are plenty of idle -CPUs. That is because, as a consequence of changing the VCPU affinity, -CPU 8 was chosen as the basis for the comparison, and therefore -considered idle (its bit gets unconditionally set in the bitmask -representing the idle CPUs). 28004(...) line means the VCPU is woken -up and queued on CPU 8's runq, where it waits for a context switch or -a migration, in order to be able to execute. - -This change fixes things by only considering the "guessed" CPU idle if -the VCPU in question is both running there and is its only runnable -VCPU. - -Signed-off-by: Dario Faggioli -Acked-by: George Dunlap -Committed-by: Keir Fraser - ---- a/xen/common/sched_credit.c -+++ b/xen/common/sched_credit.c -@@ -72,6 +72,9 @@ - #define CSCHED_VCPU(_vcpu) ((struct csched_vcpu *) (_vcpu)->sched_priv) - #define CSCHED_DOM(_dom) ((struct csched_dom *) (_dom)->sched_priv) - #define RUNQ(_cpu) (&(CSCHED_PCPU(_cpu)->runq)) -+/* Is the first element of _cpu's runq its idle vcpu? */ -+#define IS_RUNQ_IDLE(_cpu) (list_empty(RUNQ(_cpu)) || \ -+ is_idle_vcpu(__runq_elem(RUNQ(_cpu)->next)->vcpu)) - - - /* -@@ -487,9 +490,14 @@ _csched_cpu_pick(const struct scheduler - * distinct cores first and guarantees we don't do something stupid - * like run two VCPUs on co-hyperthreads while there are idle cores - * or sockets. -+ * -+ * Notice that, when computing the "idleness" of cpu, we may want to -+ * discount vc. That is, iff vc is the currently running and the only -+ * runnable vcpu on cpu, we add cpu to the idlers. - */ - cpumask_and(&idlers, &cpu_online_map, CSCHED_PRIV(ops)->idlers); -- cpumask_set_cpu(cpu, &idlers); -+ if ( vc->processor == cpu && IS_RUNQ_IDLE(cpu) ) -+ cpumask_set_cpu(cpu, &idlers); - cpumask_and(&cpus, &cpus, &idlers); - cpumask_clear_cpu(cpu, &cpus); - diff --git a/26294-x86-AMD-Fam15-way-access-filter.patch b/26294-x86-AMD-Fam15-way-access-filter.patch deleted file mode 100644 index 753b19b..0000000 --- a/26294-x86-AMD-Fam15-way-access-filter.patch +++ /dev/null @@ -1,71 +0,0 @@ -# HG changeset patch -# User Andre Przywara -# Date 1355913729 -3600 -# Node ID 5fb0b8b838dab0b331abfa675fd2b2214ac90760 -# Parent b04de677de31f26ba4b8f2f382ca4dfffcff9a79 -x86, amd: Disable way access filter on Piledriver CPUs - -The Way Access Filter in recent AMD CPUs may hurt the performance of -some workloads, caused by aliasing issues in the L1 cache. -This patch disables it on the affected CPUs. - -The issue is similar to that one of last year: -http://lkml.indiana.edu/hypermail/linux/kernel/1107.3/00041.html -This new patch does not replace the old one, we just need another -quirk for newer CPUs. - -The performance penalty without the patch depends on the -circumstances, but is a bit less than the last year's 3%. - -The workloads affected would be those that access code from the same -physical page under different virtual addresses, so different -processes using the same libraries with ASLR or multiple instances of -PIE-binaries. The code needs to be accessed simultaneously from both -cores of the same compute unit. - -More details can be found here: -http://developer.amd.com/Assets/SharedL1InstructionCacheonAMD15hCPU.pdf - -CPUs affected are anything with the core known as Piledriver. -That includes the new parts of the AMD A-Series (aka Trinity) and the -just released new CPUs of the FX-Series (aka Vishera). -The model numbering is a bit odd here: FX CPUs have model 2, -A-Series has model 10h, with possible extensions to 1Fh. Hence the -range of model ids. - -Signed-off-by: Andre Przywara - -Add and use MSR_AMD64_IC_CFG. Update the value whenever it is found to -not have all bits set, rather than just when it's zero. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser -Committed-by: Jan Beulich - ---- a/xen/arch/x86/cpu/amd.c -+++ b/xen/arch/x86/cpu/amd.c -@@ -493,6 +493,14 @@ static void __devinit init_amd(struct cp - } - } - -+ /* -+ * The way access filter has a performance penalty on some workloads. -+ * Disable it on the affected CPUs. -+ */ -+ if (c->x86 == 0x15 && c->x86_model >= 0x02 && c->x86_model < 0x20 && -+ !rdmsr_safe(MSR_AMD64_IC_CFG, value) && (value & 0x1e) != 0x1e) -+ wrmsr_safe(MSR_AMD64_IC_CFG, value | 0x1e); -+ - amd_get_topology(c); - - /* Pointless to use MWAIT on Family10 as it does not deep sleep. */ ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h -@@ -206,6 +206,7 @@ - - /* AMD64 MSRs */ - #define MSR_AMD64_NB_CFG 0xc001001f -+#define MSR_AMD64_IC_CFG 0xc0011021 - #define MSR_AMD64_DC_CFG 0xc0011022 - #define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46 - diff --git a/26320-IOMMU-domctl-assign-seg.patch b/26320-IOMMU-domctl-assign-seg.patch deleted file mode 100644 index 7f6540d..0000000 --- a/26320-IOMMU-domctl-assign-seg.patch +++ /dev/null @@ -1,45 +0,0 @@ -# HG changeset patch -# User Andrew Cooper -# Date 1357290407 -3600 -# Node ID 8fd5635f451b073ddc99e928c975e8a7743d1321 -# Parent c4114a042410d3bdec3a77c30b2e85366d7fbe1d -passthrough/domctl: use correct struct in union - -This appears to be a copy paste error from c/s 23861:ec7c81fbe0de. - -It is safe, functionally speaking, as both the xen_domctl_assign_device -and xen_domctl_get_device_group structure start with a 'uint32_t -machine_sbdf'. We should however use the correct union structure. - -Signed-off-by: Andrew Cooper -Committed-by: Jan Beulich - ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -592,7 +592,7 @@ int iommu_do_domctl( - if ( ret ) - break; - -- seg = domctl->u.get_device_group.machine_sbdf >> 16; -+ seg = domctl->u.assign_device.machine_sbdf >> 16; - bus = (domctl->u.assign_device.machine_sbdf >> 8) & 0xff; - devfn = domctl->u.assign_device.machine_sbdf & 0xff; - -@@ -621,7 +621,7 @@ int iommu_do_domctl( - if ( ret ) - goto assign_device_out; - -- seg = domctl->u.get_device_group.machine_sbdf >> 16; -+ seg = domctl->u.assign_device.machine_sbdf >> 16; - bus = (domctl->u.assign_device.machine_sbdf >> 8) & 0xff; - devfn = domctl->u.assign_device.machine_sbdf & 0xff; - -@@ -649,7 +649,7 @@ int iommu_do_domctl( - if ( ret ) - goto deassign_device_out; - -- seg = domctl->u.get_device_group.machine_sbdf >> 16; -+ seg = domctl->u.assign_device.machine_sbdf >> 16; - bus = (domctl->u.assign_device.machine_sbdf >> 8) & 0xff; - devfn = domctl->u.assign_device.machine_sbdf & 0xff; - diff --git a/26324-IOMMU-assign-params.patch b/26324-IOMMU-assign-params.patch index 8ab8a97..b47596c 100644 --- a/26324-IOMMU-assign-params.patch +++ b/26324-IOMMU-assign-params.patch @@ -12,9 +12,11 @@ IOMMU: adjust (re)assign operation parameters Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c -@@ -328,34 +328,31 @@ void amd_iommu_disable_domain_device(str +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/pci_amd_iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/pci_amd_iommu.c +@@ -333,34 +333,31 @@ void amd_iommu_disable_domain_device(str disable_ats_device(iommu->seg, bus, devfn); } @@ -59,7 +61,7 @@ Acked-by: "Zhang, Xiantao" /* IO page tables might be destroyed after pci-detach the last device * In this case, we have to re-allocate root table for next pci-attach.*/ -@@ -364,17 +361,18 @@ static int reassign_device( struct domai +@@ -369,17 +366,18 @@ static int reassign_device( struct domai amd_iommu_setup_domain_device(target, iommu, bdf); AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", @@ -83,7 +85,7 @@ Acked-by: "Zhang, Xiantao" if ( ivrs_mappings[req_id].unity_map_enable ) { -@@ -386,7 +384,7 @@ static int amd_iommu_assign_device(struc +@@ -391,7 +389,7 @@ static int amd_iommu_assign_device(struc ivrs_mappings[req_id].read_permission); } @@ -92,7 +94,7 @@ Acked-by: "Zhang, Xiantao" } static void deallocate_next_page_table(struct page_info* pg, int level) -@@ -451,12 +449,6 @@ static void amd_iommu_domain_destroy(str +@@ -456,12 +454,6 @@ static void amd_iommu_domain_destroy(str amd_iommu_flush_all_pages(d); } @@ -105,7 +107,7 @@ Acked-by: "Zhang, Xiantao" static int amd_iommu_add_device(struct pci_dev *pdev) { struct amd_iommu *iommu; -@@ -596,7 +588,7 @@ const struct iommu_ops amd_iommu_ops = { +@@ -601,7 +593,7 @@ const struct iommu_ops amd_iommu_ops = { .teardown = amd_iommu_domain_destroy, .map_page = amd_iommu_map_page, .unmap_page = amd_iommu_unmap_page, @@ -114,8 +116,10 @@ Acked-by: "Zhang, Xiantao" .get_device_group_id = amd_iommu_group_id, .update_ire_from_apic = amd_iommu_ioapic_update_ire, .update_ire_from_msi = amd_iommu_msi_msg_update_ire, ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/iommu.c @@ -232,11 +232,16 @@ static int assign_device(struct domain * return -EXDEV; @@ -158,8 +162,10 @@ Acked-by: "Zhang, Xiantao" if ( ret ) { dprintk(XENLOG_ERR VTDPREFIX, ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -1689,17 +1689,10 @@ out: static int reassign_device_ownership( struct domain *source, @@ -203,7 +209,7 @@ Acked-by: "Zhang, Xiantao" return ret; } -@@ -2207,36 +2203,26 @@ int __init intel_vtd_setup(void) +@@ -2222,36 +2218,26 @@ int __init intel_vtd_setup(void) } static int intel_iommu_assign_device( @@ -247,8 +253,10 @@ Acked-by: "Zhang, Xiantao" { ret = 0; goto done; ---- a/xen/include/xen/iommu.h -+++ b/xen/include/xen/iommu.h +Index: xen-4.2.2-testing/xen/include/xen/iommu.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/iommu.h ++++ xen-4.2.2-testing/xen/include/xen/iommu.h @@ -123,13 +123,13 @@ struct iommu_ops { int (*add_device)(struct pci_dev *pdev); int (*enable_device)(struct pci_dev *pdev); diff --git a/26325-IOMMU-add-remove-params.patch b/26325-IOMMU-add-remove-params.patch index bd71ce8..326125d 100644 --- a/26325-IOMMU-add-remove-params.patch +++ b/26325-IOMMU-add-remove-params.patch @@ -12,8 +12,10 @@ IOMMU: adjust add/remove operation parameters Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/pci_amd_iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -83,14 +83,14 @@ static void disable_translation(u32 *dte } @@ -96,7 +98,7 @@ Acked-by: "Zhang, Xiantao" } int __init amd_iov_detect(void) -@@ -291,16 +290,16 @@ static void __init amd_iommu_dom0_init(s +@@ -296,16 +295,16 @@ static void __init amd_iommu_dom0_init(s } void amd_iommu_disable_domain_device(struct domain *domain, @@ -117,7 +119,7 @@ Acked-by: "Zhang, Xiantao" dte = iommu->dev_table.buffer + (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); spin_lock_irqsave(&iommu->lock, flags); -@@ -308,7 +307,7 @@ void amd_iommu_disable_domain_device(str +@@ -313,7 +312,7 @@ void amd_iommu_disable_domain_device(str { disable_translation((u32 *)dte); @@ -126,7 +128,7 @@ Acked-by: "Zhang, Xiantao" iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) iommu_dte_set_iotlb((u32 *)dte, 0); -@@ -323,7 +322,8 @@ void amd_iommu_disable_domain_device(str +@@ -328,7 +327,8 @@ void amd_iommu_disable_domain_device(str ASSERT(spin_is_locked(&pcidevs_lock)); @@ -136,7 +138,7 @@ Acked-by: "Zhang, Xiantao" pci_ats_enabled(iommu->seg, bus, devfn) ) disable_ats_device(iommu->seg, bus, devfn); } -@@ -346,7 +346,7 @@ static int reassign_device(struct domain +@@ -351,7 +351,7 @@ static int reassign_device(struct domain return -ENODEV; } @@ -145,7 +147,7 @@ Acked-by: "Zhang, Xiantao" if ( devfn == pdev->devfn ) { -@@ -359,7 +359,7 @@ static int reassign_device(struct domain +@@ -364,7 +364,7 @@ static int reassign_device(struct domain if ( t->root_table == NULL ) allocate_domain_resources(t); @@ -154,7 +156,7 @@ Acked-by: "Zhang, Xiantao" AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); -@@ -449,7 +449,7 @@ static void amd_iommu_domain_destroy(str +@@ -454,7 +454,7 @@ static void amd_iommu_domain_destroy(str amd_iommu_flush_all_pages(d); } @@ -163,7 +165,7 @@ Acked-by: "Zhang, Xiantao" { struct amd_iommu *iommu; u16 bdf; -@@ -462,16 +462,16 @@ static int amd_iommu_add_device(struct p +@@ -467,16 +467,16 @@ static int amd_iommu_add_device(struct p { AMD_IOMMU_DEBUG("Fail to find iommu." " %04x:%02x:%02x.%u cannot be assigned to dom%d\n", @@ -184,7 +186,7 @@ Acked-by: "Zhang, Xiantao" { struct amd_iommu *iommu; u16 bdf; -@@ -484,12 +484,12 @@ static int amd_iommu_remove_device(struc +@@ -489,12 +489,12 @@ static int amd_iommu_remove_device(struc { AMD_IOMMU_DEBUG("Fail to find iommu." " %04x:%02x:%02x.%u cannot be removed from dom%d\n", @@ -200,8 +202,10 @@ Acked-by: "Zhang, Xiantao" return 0; } ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/iommu.c @@ -167,7 +167,7 @@ int iommu_add_device(struct pci_dev *pde if ( !iommu_enabled || !hd->platform_ops ) return 0; @@ -220,8 +224,10 @@ Acked-by: "Zhang, Xiantao" } /* ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c @@ -715,7 +715,7 @@ int __init scan_pci_devices(void) struct setup_dom0 { @@ -249,8 +255,10 @@ Acked-by: "Zhang, Xiantao" { struct setup_dom0 ctxt = { .d = d, .handler = handler }; ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -52,7 +52,7 @@ int nr_iommus; static struct tasklet vtd_fault_tasklet; @@ -260,7 +268,7 @@ Acked-by: "Zhang, Xiantao" static void setup_dom0_rmrr(struct domain *d); static int domain_iommu_domid(struct domain *d, -@@ -1904,7 +1904,7 @@ static int rmrr_identity_mapping(struct +@@ -1904,7 +1904,7 @@ static int rmrr_identity_mapping(struct return 0; } @@ -326,8 +334,10 @@ Acked-by: "Zhang, Xiantao" } void clear_fault_bits(struct iommu *iommu) ---- a/xen/include/xen/iommu.h -+++ b/xen/include/xen/iommu.h +Index: xen-4.2.2-testing/xen/include/xen/iommu.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/iommu.h ++++ xen-4.2.2-testing/xen/include/xen/iommu.h @@ -120,9 +120,9 @@ bool_t pt_irq_need_timer(uint32_t flags) struct iommu_ops { int (*init)(struct domain *d); @@ -340,9 +350,11 @@ Acked-by: "Zhang, Xiantao" int (*assign_device)(struct domain *, u8 devfn, struct pci_dev *); void (*teardown)(struct domain *d); int (*map_page)(struct domain *d, unsigned long gfn, unsigned long mfn, ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -100,7 +100,8 @@ struct pci_dev *pci_lock_pdev(int seg, i +Index: xen-4.2.2-testing/xen/include/xen/pci.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci.h ++++ xen-4.2.2-testing/xen/include/xen/pci.h +@@ -101,7 +101,8 @@ struct pci_dev *pci_lock_pdev(int seg, i struct pci_dev *pci_lock_domain_pdev( struct domain *, int seg, int bus, int devfn); diff --git a/26326-VT-d-context-map-params.patch b/26326-VT-d-context-map-params.patch index 15b0565..b466a03 100644 --- a/26326-VT-d-context-map-params.patch +++ b/26326-VT-d-context-map-params.patch @@ -12,8 +12,10 @@ VT-d: adjust context map/unmap parameters Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/vtd/extern.h -+++ b/xen/drivers/passthrough/vtd/extern.h +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/extern.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/extern.h ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/extern.h @@ -95,7 +95,7 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); @@ -23,8 +25,10 @@ Acked-by: "Zhang, Xiantao" int domain_context_unmap_one(struct domain *domain, struct iommu *iommu, u8 bus, u8 devfn); ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -1308,7 +1308,7 @@ static void __init intel_iommu_dom0_init int domain_context_mapping_one( struct domain *domain, @@ -157,7 +161,7 @@ Acked-by: "Zhang, Xiantao" if ( ret ) { dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", -@@ -1975,14 +1973,14 @@ static int intel_iommu_remove_device(u8 +@@ -1975,14 +1973,14 @@ static int intel_iommu_remove_device(u8 } } @@ -174,9 +178,11 @@ Acked-by: "Zhang, Xiantao" if ( !err && devfn == pdev->devfn ) pci_vtd_quirk(pdev); return err; ---- a/xen/drivers/passthrough/vtd/quirks.c -+++ b/xen/drivers/passthrough/vtd/quirks.c -@@ -292,7 +292,7 @@ static void map_me_phantom_function(stru +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/quirks.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/quirks.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/quirks.c +@@ -319,7 +319,7 @@ static void map_me_phantom_function(stru /* map or unmap ME phantom function */ if ( map ) domain_context_mapping_one(domain, drhd->iommu, 0, diff --git a/26328-IOMMU-pdev-type.patch b/26328-IOMMU-pdev-type.patch index 6625797..6f07298 100644 --- a/26328-IOMMU-pdev-type.patch +++ b/26328-IOMMU-pdev-type.patch @@ -18,8 +18,10 @@ how to deal with such a device, and hence shouldn't try to). Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c @@ -144,7 +144,7 @@ static struct pci_dev *alloc_pdev(struct spin_lock_init(&pdev->msix_table_lock); @@ -83,8 +85,10 @@ Acked-by: "Zhang, Xiantao" } return pos ? DEV_TYPE_PCIe_ENDPOINT : DEV_TYPE_PCI; ---- a/xen/drivers/passthrough/vtd/intremap.c -+++ b/xen/drivers/passthrough/vtd/intremap.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/intremap.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/intremap.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/intremap.c @@ -426,7 +426,6 @@ void io_apic_write_remap_rte( static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) @@ -112,8 +116,10 @@ Acked-by: "Zhang, Xiantao" seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); break; } ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -1450,7 +1450,6 @@ static int domain_context_mapping( { struct acpi_drhd_unit *drhd; @@ -168,9 +174,11 @@ Acked-by: "Zhang, Xiantao" seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = -EINVAL; goto out; ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -62,6 +62,17 @@ struct pci_dev { +Index: xen-4.2.2-testing/xen/include/xen/pci.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci.h ++++ xen-4.2.2-testing/xen/include/xen/pci.h +@@ -63,6 +63,17 @@ struct pci_dev { const u16 seg; const u8 bus; const u8 devfn; @@ -188,7 +196,7 @@ Acked-by: "Zhang, Xiantao" struct pci_dev_info info; struct arch_pci_dev arch; struct { -@@ -83,18 +94,10 @@ struct pci_dev { +@@ -84,18 +95,10 @@ struct pci_dev { extern spinlock_t pcidevs_lock; @@ -208,8 +216,10 @@ Acked-by: "Zhang, Xiantao" int find_upstream_bridge(u16 seg, u8 *bus, u8 *devfn, u8 *secbus); struct pci_dev *pci_lock_pdev(int seg, int bus, int devfn); struct pci_dev *pci_lock_domain_pdev( ---- a/xen/include/xen/pci_regs.h -+++ b/xen/include/xen/pci_regs.h +Index: xen-4.2.2-testing/xen/include/xen/pci_regs.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci_regs.h ++++ xen-4.2.2-testing/xen/include/xen/pci_regs.h @@ -371,6 +371,9 @@ #define PCI_EXP_TYPE_UPSTREAM 0x5 /* Upstream Port */ #define PCI_EXP_TYPE_DOWNSTREAM 0x6 /* Downstream Port */ diff --git a/26329-IOMMU-phantom-dev.patch b/26329-IOMMU-phantom-dev.patch index 0874b83..569202b 100644 --- a/26329-IOMMU-phantom-dev.patch +++ b/26329-IOMMU-phantom-dev.patch @@ -18,8 +18,10 @@ function number, would return the underlying actual device. Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/amd/iommu_cmd.c -+++ b/xen/drivers/passthrough/amd/iommu_cmd.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_cmd.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/iommu_cmd.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_cmd.c @@ -339,7 +339,15 @@ static void amd_iommu_flush_all_iotlbs(s return; @@ -37,8 +39,10 @@ Acked-by: "Zhang, Xiantao" } /* Flush iommu cache after p2m changes. */ ---- a/xen/drivers/passthrough/amd/iommu_init.c -+++ b/xen/drivers/passthrough/amd/iommu_init.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_init.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/iommu_init.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_init.c @@ -692,7 +692,7 @@ void parse_ppr_log_entry(struct amd_iomm devfn = PCI_DEVFN2(device_id); @@ -48,8 +52,10 @@ Acked-by: "Zhang, Xiantao" spin_unlock(&pcidevs_lock); if ( pdev ) ---- a/xen/drivers/passthrough/amd/iommu_map.c -+++ b/xen/drivers/passthrough/amd/iommu_map.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_map.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/iommu_map.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_map.c @@ -612,7 +612,6 @@ static int update_paging_mode(struct dom for_each_pdev( d, pdev ) { @@ -64,25 +70,23 @@ Acked-by: "Zhang, Xiantao" spin_lock_irqsave(&iommu->lock, flags); - device_entry = iommu->dev_table.buffer + - (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); -- ++ do { ++ req_id = get_dma_requestor_id(pdev->seg, bdf); ++ device_entry = iommu->dev_table.buffer + ++ (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); + - /* valid = 0 only works for dom0 passthrough mode */ - amd_iommu_set_root_page_table((u32 *)device_entry, - page_to_maddr(hd->root_table), - hd->domain_id, - hd->paging_mode, 1); -- -- amd_iommu_flush_device(iommu, req_id); -+ do { -+ req_id = get_dma_requestor_id(pdev->seg, bdf); -+ device_entry = iommu->dev_table.buffer + -+ (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); -+ + /* valid = 0 only works for dom0 passthrough mode */ + amd_iommu_set_root_page_table((u32 *)device_entry, + page_to_maddr(hd->root_table), + hd->domain_id, + hd->paging_mode, 1); -+ + +- amd_iommu_flush_device(iommu, req_id); + amd_iommu_flush_device(iommu, req_id); + bdf += pdev->phantom_stride; + } while ( PCI_DEVFN2(bdf) != pdev->devfn && @@ -90,8 +94,10 @@ Acked-by: "Zhang, Xiantao" spin_unlock_irqrestore(&iommu->lock, flags); } ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/iommu.c @@ -157,6 +157,8 @@ void __init iommu_dom0_init(struct domai int iommu_add_device(struct pci_dev *pdev) { @@ -196,8 +202,10 @@ Acked-by: "Zhang, Xiantao" ret = hd->platform_ops->reassign_device(d, dom0, devfn, pdev); if ( ret ) { ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c @@ -146,6 +146,8 @@ static struct pci_dev *alloc_pdev(struct /* update bus2bridge */ switch ( pdev->type = pdev_type(pseg->nr, bus, devfn) ) @@ -332,9 +340,11 @@ Acked-by: "Zhang, Xiantao" } } ---- a/xen/include/xen/lib.h -+++ b/xen/include/xen/lib.h -@@ -58,6 +58,9 @@ do { +Index: xen-4.2.2-testing/xen/include/xen/lib.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/lib.h ++++ xen-4.2.2-testing/xen/include/xen/lib.h +@@ -58,6 +58,9 @@ do { #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + __must_be_array(x)) @@ -344,9 +354,11 @@ Acked-by: "Zhang, Xiantao" #define reserve_bootmem(_p,_l) ((void)0) struct domain; ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -63,6 +63,8 @@ struct pci_dev { +Index: xen-4.2.2-testing/xen/include/xen/pci.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci.h ++++ xen-4.2.2-testing/xen/include/xen/pci.h +@@ -64,6 +64,8 @@ struct pci_dev { const u8 bus; const u8 devfn; @@ -355,7 +367,7 @@ Acked-by: "Zhang, Xiantao" enum pdev_type { DEV_TYPE_PCI_UNKNOWN, DEV_TYPE_PCIe_ENDPOINT, -@@ -113,6 +115,7 @@ int pci_remove_device(u16 seg, u8 bus, u +@@ -114,6 +116,7 @@ int pci_remove_device(u16 seg, u8 bus, u int pci_ro_device(int seg, int bus, int devfn); void arch_pci_ro_device(int seg, int bdf); struct pci_dev *pci_get_pdev(int seg, int bus, int devfn); diff --git a/26331-IOMMU-phantom-dev-quirk.patch b/26331-IOMMU-phantom-dev-quirk.patch index 529dcea..d46b609 100644 --- a/26331-IOMMU-phantom-dev-quirk.patch +++ b/26331-IOMMU-phantom-dev-quirk.patch @@ -14,9 +14,11 @@ single function devices. Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/docs/misc/xen-command-line.markdown -+++ b/docs/misc/xen-command-line.markdown -@@ -672,6 +672,16 @@ Defaults to booting secondary processors +Index: xen-4.2.2-testing/docs/misc/xen-command-line.markdown +=================================================================== +--- xen-4.2.2-testing.orig/docs/misc/xen-command-line.markdown ++++ xen-4.2.2-testing/docs/misc/xen-command-line.markdown +@@ -679,6 +679,16 @@ Defaults to booting secondary processors Default: `on` @@ -33,9 +35,11 @@ Acked-by: "Zhang, Xiantao" ### ple\_gap > `= ` ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c -@@ -123,6 +123,49 @@ const unsigned long *pci_get_ro_map(u16 +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c +@@ -123,6 +123,49 @@ const unsigned long *pci_get_ro_map(u16 return pseg ? pseg->ro_map : NULL; } diff --git a/26332-x86-compat-show-guest-stack-mfn.patch b/26332-x86-compat-show-guest-stack-mfn.patch deleted file mode 100644 index 204f108..0000000 --- a/26332-x86-compat-show-guest-stack-mfn.patch +++ /dev/null @@ -1,30 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1357561709 -3600 -# Node ID 8e942f2f3b45edc5bb1f7a6e05de288342426f0d -# Parent 23c4bbc0111dd807561b2c62cbc5798220943a0d -x86: compat_show_guest_stack() should not truncate MFN - -Re-using "addr" here was a mistake, as it is a 32-bit quantity. - -Signed-off-by: Jan Beulich -Acked-by: Ian Campbell -Acked-by: Keir Fraser - ---- a/xen/arch/x86/x86_64/compat/traps.c -+++ b/xen/arch/x86/x86_64/compat/traps.c -@@ -20,11 +20,12 @@ void compat_show_guest_stack(struct vcpu - if ( v != current ) - { - struct vcpu *vcpu; -+ unsigned long mfn; - - ASSERT(guest_kernel_mode(v, regs)); -- addr = read_cr3() >> PAGE_SHIFT; -+ mfn = read_cr3() >> PAGE_SHIFT; - for_each_vcpu( v->domain, vcpu ) -- if ( pagetable_get_pfn(vcpu->arch.guest_table) == addr ) -+ if ( pagetable_get_pfn(vcpu->arch.guest_table) == mfn ) - break; - if ( !vcpu ) - { diff --git a/26333-x86-get_page_type-assert.patch b/26333-x86-get_page_type-assert.patch deleted file mode 100644 index f0468ec..0000000 --- a/26333-x86-get_page_type-assert.patch +++ /dev/null @@ -1,30 +0,0 @@ -References: CVE-2013-0154 XSA-37 bnc#797031 - -# HG changeset patch -# User Jan Beulich -# Date 1357564826 -3600 -# Node ID e1facbde56ff4e5e85f9a4935abc99eb24367cd0 -# Parent 8e942f2f3b45edc5bb1f7a6e05de288342426f0d -x86: fix assertion in get_page_type() - -c/s 22998:e9fab50d7b61 (and immediately following ones) made it -possible that __get_page_type() returns other than -EINVAL, in -particular -EBUSY. Consequently, the assertion in get_page_type() -should check for only the return values we absolutely don't expect to -see there. - -This is XSA-37 / CVE-2013-0154. - -Signed-off-by: Jan Beulich - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -2603,7 +2603,7 @@ int get_page_type(struct page_info *page - int rc = __get_page_type(page, type, 0); - if ( likely(rc == 0) ) - return 1; -- ASSERT(rc == -EINVAL); -+ ASSERT(rc != -EINTR && rc != -EAGAIN); - return 0; - } - diff --git a/26340-VT-d-intremap-verify-legacy-bridge.patch b/26340-VT-d-intremap-verify-legacy-bridge.patch deleted file mode 100644 index d73a452..0000000 --- a/26340-VT-d-intremap-verify-legacy-bridge.patch +++ /dev/null @@ -1,27 +0,0 @@ -References: CVE-2012-5634 XSA-33 bnc#794316 - -# HG changeset patch -# User Jan Beulich -# Date 1357748006 -3600 -# Node ID 19fd1237ff0dfa3d97a896d6ed6fbbd33f816a9f -# Parent 56b0d5476c11bfd09986080dfa97923586ef474f -VT-d: fix interrupt remapping source validation for devices behind legacy bridges - -Using SVT_VERIFY_BUS here doesn't make sense; native Linux also -uses SVT_VERIFY_SID_SQ here instead. - -This is XSA-33 / CVE-2012-5634. - -Signed-off-by: Jan Beulich - ---- a/xen/drivers/passthrough/vtd/intremap.c -+++ b/xen/drivers/passthrough/vtd/intremap.c -@@ -469,7 +469,7 @@ static void set_msi_source_id(struct pci - set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, - (bus << 8) | pdev->bus); - else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE ) -- set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, -+ set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, - PCI_BDF2(bus, devfn)); - } - break; diff --git a/26369-libxl-devid.patch b/26369-libxl-devid.patch index 027630e..329159f 100644 --- a/26369-libxl-devid.patch +++ b/26369-libxl-devid.patch @@ -13,11 +13,11 @@ Date: Fri Jan 11 12:22:26 2013 +0000 Acked-by: Ian Campbell Committed-by: Ian Campbell -Index: xen-4.2.1-testing/tools/libxl/libxl.c +Index: xen-4.2.2-testing/tools/libxl/libxl.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl.c -+++ xen-4.2.1-testing/tools/libxl/libxl.c -@@ -1727,6 +1727,26 @@ out: +--- xen-4.2.2-testing.orig/tools/libxl/libxl.c ++++ xen-4.2.2-testing/tools/libxl/libxl.c +@@ -1710,6 +1710,26 @@ out: return; } @@ -44,7 +44,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c /******************************************************************************/ int libxl__device_disk_setdefault(libxl__gc *gc, libxl_device_disk *disk) -@@ -2563,8 +2583,7 @@ void libxl__device_nic_add(libxl__egc *e +@@ -2549,8 +2569,7 @@ void libxl__device_nic_add(libxl__egc *e flexarray_t *front; flexarray_t *back; libxl__device *device; @@ -54,7 +54,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c rc = libxl__device_nic_setdefault(gc, nic, domid); if (rc) goto out; -@@ -2581,16 +2600,10 @@ void libxl__device_nic_add(libxl__egc *e +@@ -2567,17 +2586,10 @@ void libxl__device_nic_add(libxl__egc *e } if (nic->devid == -1) { @@ -64,7 +64,8 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c goto out_free; } - if (!(l = libxl__xs_directory(gc, XBT_NULL, -- libxl__sprintf(gc, "%s/device/vif", dompath), &nb))) { +- libxl__sprintf(gc, "%s/device/vif", dompath), &nb)) || +- nb == 0) { - nic->devid = 0; - } else { - nic->devid = strtoul(l[nb - 1], NULL, 10) + 1; @@ -72,7 +73,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c } GCNEW(device); -@@ -2977,6 +2990,13 @@ int libxl__device_vkb_add(libxl__gc *gc, +@@ -2964,6 +2976,13 @@ int libxl__device_vkb_add(libxl__gc *gc, goto out_free; } @@ -86,7 +87,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c rc = libxl__device_from_vkb(gc, domid, vkb, &device); if (rc != 0) goto out_free; -@@ -3078,6 +3098,13 @@ int libxl__device_vfb_add(libxl__gc *gc, +@@ -3065,6 +3084,13 @@ int libxl__device_vfb_add(libxl__gc *gc, goto out_free; } diff --git a/26395-x86-FPU-context-conditional.patch b/26395-x86-FPU-context-conditional.patch deleted file mode 100644 index fb226a4..0000000 --- a/26395-x86-FPU-context-conditional.patch +++ /dev/null @@ -1,46 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1358341015 -3600 -# Node ID b4cbb83f9a1f57b4f26f2d35998cda42b904ea69 -# Parent 327b812026fe62a990f1d81041729c42196983ca -x86: consistently mask floating point exceptions - -c/s 23142:f5e8d152a565 resulted in v->arch.fpu_ctxt to point into the -save area allocated for xsave/xrstor (when they're available). The way -vcpu_restore_fpu_lazy() works (using fpu_init() for an uninitialized -vCPU only when there's no xsave support) causes this to load whatever -arch_set_info_guest() put there, irrespective of whether the i387 state -was specified to be valid in the respective input structure. - -Consequently, with a cleared (al zeroes) incoming FPU context, and with -xsave available, one gets all exceptions unmasked (as opposed to to the -legacy case, where FINIT and LDMXCSR get used, masking all exceptions). -This causes e.g. para-virtualized NetWare to crash. - -The behavior of arch_set_info_guest() is thus being made more hardware- -like for the FPU portion of it: Considering it to be similar to INIT, -it will leave untouched all floating point state now. An alternative -would be to make the behavior RESET-like, forcing all state to known -values, albeit - taking into account legacy behavior - not to precisely -the values RESET would enforce (which masks only SSE exceptions, but -not x87 ones); that would come closest to mimicing FINIT behavior in -the xsave case. Another option would be to continue copying whatever -was provided, but override (at least) FCW and MXCSR if VGCF_I387_VALID -isn't set. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -819,7 +819,9 @@ int arch_set_info_guest( - - v->arch.vgc_flags = flags; - -- memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt)); -+ if ( flags & VGCF_I387_VALID ) -+ memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt)); -+ - if ( !compat ) - { - memcpy(&v->arch.user_regs, &c.nat->user_regs, sizeof(c.nat->user_regs)); diff --git a/26404-x86-forward-both-NMI-kinds.patch b/26404-x86-forward-both-NMI-kinds.patch index 2483a2c..93e8031 100644 --- a/26404-x86-forward-both-NMI-kinds.patch +++ b/26404-x86-forward-both-NMI-kinds.patch @@ -14,9 +14,11 @@ Signed-off-by: Jan Beulich Acked-by: Andrew Cooper Acked-by: Keir Fraser ---- a/xen/arch/x86/traps.c -+++ b/xen/arch/x86/traps.c -@@ -3357,10 +3357,10 @@ void do_nmi(struct cpu_user_regs *regs) +Index: xen-4.2.2-testing/xen/arch/x86/traps.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/traps.c ++++ xen-4.2.2-testing/xen/arch/x86/traps.c +@@ -3369,10 +3369,10 @@ void do_nmi(struct cpu_user_regs *regs) reason = inb(0x61); if ( reason & 0x80 ) pci_serr_error(regs); diff --git a/26427-x86-AMD-enable-WC+.patch b/26427-x86-AMD-enable-WC+.patch deleted file mode 100644 index 49274f0..0000000 --- a/26427-x86-AMD-enable-WC+.patch +++ /dev/null @@ -1,51 +0,0 @@ -# HG changeset patch -# User Boris Ostrovsky -# Date 1358508058 -3600 -# Node ID 8f6dd5dc5d6cdd56050ed917a0c30903bbddcbf0 -# Parent eb8e9a23925d7b77c344a4a99679a45f96754a17 -x86/AMD: Enable WC+ memory type on family 10 processors - -In some cases BIOS may not enable WC+ memory type on family 10 processors, -instead converting what would be WC+ memory to CD type. On guests using -nested pages this could result in performance degradation. This patch -enables WC+. - -Signed-off-by: Boris Ostrovsky -Committed-by: Jan Beulich - ---- a/xen/arch/x86/cpu/amd.c -+++ b/xen/arch/x86/cpu/amd.c -@@ -534,6 +534,19 @@ static void __devinit init_amd(struct cp - } - #endif - -+ if (c->x86 == 0x10) { -+ /* -+ * On family 10h BIOS may not have properly enabled WC+ -+ * support, causing it to be converted to CD memtype. This may -+ * result in performance degradation for certain nested-paging -+ * guests. Prevent this conversion by clearing bit 24 in -+ * MSR_F10_BU_CFG2. -+ */ -+ rdmsrl(MSR_F10_BU_CFG2, value); -+ value &= ~(1ULL << 24); -+ wrmsrl(MSR_F10_BU_CFG2, value); -+ } -+ - /* - * Family 0x12 and above processors have APIC timer - * running in deep C states. ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h -@@ -215,8 +215,9 @@ - #define MSR_F10_MC4_MISC2 0xc0000409 - #define MSR_F10_MC4_MISC3 0xc000040A - --/* AMD Family10h MMU control MSRs */ --#define MSR_F10_BU_CFG 0xc0011023 -+/* AMD Family10h Bus Unit MSRs */ -+#define MSR_F10_BU_CFG 0xc0011023 -+#define MSR_F10_BU_CFG2 0xc001102a - - /* Other AMD Fam10h MSRs */ - #define MSR_FAM10H_MMIO_CONF_BASE 0xc0010058 diff --git a/26428-x86-HVM-RTC-update.patch b/26428-x86-HVM-RTC-update.patch deleted file mode 100644 index b001859..0000000 --- a/26428-x86-HVM-RTC-update.patch +++ /dev/null @@ -1,38 +0,0 @@ -# HG changeset patch -# User Tim Deegan -# Date 1358508717 -3600 -# Node ID 9e8c39bdc1fedd5dfc5aa7209cc5f77f813476c7 -# Parent 8f6dd5dc5d6cdd56050ed917a0c30903bbddcbf0 -x86/hvm: fix RTC setting. - -When the guest writes one field of the RTC time, we must bring all the -other fields up to date for the current second before calculating the -new RTC time. - -Signed-off-by: Tim Deegan -Tested-by: Phil Evans -Committed-by: Jan Beulich - ---- a/xen/arch/x86/hvm/rtc.c -+++ b/xen/arch/x86/hvm/rtc.c -@@ -399,10 +399,17 @@ static int rtc_ioport_write(void *opaque - case RTC_DAY_OF_MONTH: - case RTC_MONTH: - case RTC_YEAR: -- s->hw.cmos_data[s->hw.cmos_index] = data; -- /* if in set mode, do not update the time */ -- if ( !(s->hw.cmos_data[RTC_REG_B] & RTC_SET) ) -+ /* if in set mode, just write the register */ -+ if ( (s->hw.cmos_data[RTC_REG_B] & RTC_SET) ) -+ s->hw.cmos_data[s->hw.cmos_index] = data; -+ else -+ { -+ /* Fetch the current time and update just this field. */ -+ s->current_tm = gmtime(get_localtime(d)); -+ rtc_copy_date(s); -+ s->hw.cmos_data[s->hw.cmos_index] = data; - rtc_set_time(s); -+ } - alarm_timer_update(s); - break; - case RTC_REG_A: diff --git a/26440-x86-forward-SERR.patch b/26440-x86-forward-SERR.patch deleted file mode 100644 index 8f70343..0000000 --- a/26440-x86-forward-SERR.patch +++ /dev/null @@ -1,72 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1358843590 -3600 -# Node ID 5af4f2ab06f33ce441fa550333a9049c09a9ef28 -# Parent 4b476378fc35e776196c29dc0e24b71529393a4c -x86: restore (optional) forwarding of PCI SERR induced NMI to Dom0 - -c/s 22949:54fe1011f86b removed the forwarding of NMIs to Dom0 when they -were caused by PCI SERR. NMI buttons as well as BMCs (like HP's iLO) -may however want such events to be seen in Dom0 (e.g. to trigger a -dump). - -Therefore restore most of the functionality which named c/s removed -(adjusted for subsequent changes, and adjusting the public interface to -use the modern term, retaining the old one for backwards -compatibility). - -Signed-off-by: Jan Beulich -Acked-by: Stefano Stabellini -Acked-by: Keir Fraser - ---- a/xen/arch/x86/traps.c -+++ b/xen/arch/x86/traps.c -@@ -3201,6 +3201,7 @@ static void nmi_mce_softirq(void) - static void pci_serr_softirq(void) - { - printk("\n\nNMI - PCI system error (SERR)\n"); -+ outb(inb(0x61) & 0x0b, 0x61); /* re-enable the PCI SERR error line. */ - } - - void async_exception_cleanup(struct vcpu *curr) -@@ -3291,9 +3292,20 @@ static void pci_serr_error(struct cpu_us - { - outb((inb(0x61) & 0x0f) | 0x04, 0x61); /* clear-and-disable the PCI SERR error line. */ - -- /* Would like to print a diagnostic here but can't call printk() -- from NMI context -- raise a softirq instead. */ -- raise_softirq(PCI_SERR_SOFTIRQ); -+ switch ( opt_nmi[0] ) -+ { -+ case 'd': /* 'dom0' */ -+ nmi_dom0_report(_XEN_NMIREASON_pci_serr); -+ case 'i': /* 'ignore' */ -+ /* Would like to print a diagnostic here but can't call printk() -+ from NMI context -- raise a softirq instead. */ -+ raise_softirq(PCI_SERR_SOFTIRQ); -+ break; -+ default: /* 'fatal' */ -+ console_force_unlock(); -+ printk("\n\nNMI - PCI system error (SERR)\n"); -+ fatal_trap(TRAP_nmi, regs); -+ } - } - - static void io_check_error(struct cpu_user_regs *regs) ---- a/xen/include/public/nmi.h -+++ b/xen/include/public/nmi.h -@@ -36,9 +36,14 @@ - /* I/O-check error reported via ISA port 0x61, bit 6. */ - #define _XEN_NMIREASON_io_error 0 - #define XEN_NMIREASON_io_error (1UL << _XEN_NMIREASON_io_error) -+ /* PCI SERR reported via ISA port 0x61, bit 7. */ -+#define _XEN_NMIREASON_pci_serr 1 -+#define XEN_NMIREASON_pci_serr (1UL << _XEN_NMIREASON_pci_serr) -+#if __XEN_INTERFACE_VERSION__ < 0x00040300 /* legacy alias of the above */ - /* Parity error reported via ISA port 0x61, bit 7. */ - #define _XEN_NMIREASON_parity_error 1 - #define XEN_NMIREASON_parity_error (1UL << _XEN_NMIREASON_parity_error) -+#endif - /* Unknown hardware-generated NMI. */ - #define _XEN_NMIREASON_unknown 2 - #define XEN_NMIREASON_unknown (1UL << _XEN_NMIREASON_unknown) diff --git a/26443-ACPI-zap-DMAR.patch b/26443-ACPI-zap-DMAR.patch deleted file mode 100644 index f5f3e95..0000000 --- a/26443-ACPI-zap-DMAR.patch +++ /dev/null @@ -1,116 +0,0 @@ -# HG changeset patch -# User Tomasz Wroblewski -# Date 1358933464 -3600 -# Node ID 9efe4c0bf9c8d3ecf03868c69c24dad3218523a4 -# Parent 7c6ecf2c1831a1c7f63a96f119a8891891463e54 -fix acpi_dmar_zap/reinstate() (fixes S3 regression) - -Fix S3 regression introduced by cs 23013:65d26504e843 (ACPI: large -cleanup). The dmar virtual pointer returned from acpi_get_table cannot -be safely stored away and used later, as the underlying -acpi_os_map_memory / __acpi_map_table functions overwrite the mapping -causing it to point to different tables than dmar (last fetched table is -used). This subsequently causes acpi_dmar_reinstate() and -acpi_dmar_zap() to write data to wrong table, causing its corruption and -problems with consecutive s3 resumes. - -Added a new function to fetch ACPI table physical address, and -establishing separate static mapping for dmar_table pointer instead of -using acpi_get_table(). - -Signed-off-by: Tomasz Wroblewski - -Added call to acpi_tb_verify_table(). Fixed page count passed to -map_pages_to_xen(). Cosmetic changes. - -Signed-off-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/xen/drivers/acpi/tables/tbxface.c -+++ b/xen/drivers/acpi/tables/tbxface.c -@@ -205,3 +205,51 @@ acpi_get_table(char *signature, - - return (AE_NOT_FOUND); - } -+ -+/****************************************************************************** -+ * -+ * FUNCTION: acpi_get_table_phys -+ * -+ * PARAMETERS: signature - ACPI signature of needed table -+ * instance - Which instance (for SSDTs) -+ * addr - Where the table's physical address is returned -+ * len - Where the length of table is returned -+ * -+ * RETURN: Status, pointer and length of table -+ * -+ * DESCRIPTION: Finds physical address and length of ACPI table -+ * -+ *****************************************************************************/ -+acpi_status __init -+acpi_get_table_phys(acpi_string signature, acpi_native_uint instance, -+ acpi_physical_address *addr, acpi_native_uint *len) -+{ -+ acpi_native_uint i, j; -+ acpi_status status; -+ -+ if (!signature || !addr || !len) -+ return AE_BAD_PARAMETER; -+ -+ for (i = j = 0; i < acpi_gbl_root_table_list.count; i++) { -+ if (!ACPI_COMPARE_NAME( -+ &acpi_gbl_root_table_list.tables[i].signature, -+ signature)) -+ continue; -+ -+ if (++j < instance) -+ continue; -+ -+ status = -+ acpi_tb_verify_table(&acpi_gbl_root_table_list.tables[i]); -+ if (ACPI_SUCCESS(status)) { -+ *addr = acpi_gbl_root_table_list.tables[i].address; -+ *len = acpi_gbl_root_table_list.tables[i].length; -+ } -+ -+ acpi_gbl_root_table_list.tables[i].pointer = NULL; -+ -+ return status; -+ } -+ -+ return AE_NOT_FOUND; -+} ---- a/xen/drivers/passthrough/vtd/dmar.c -+++ b/xen/drivers/passthrough/vtd/dmar.c -@@ -786,7 +786,18 @@ out: - - int __init acpi_dmar_init(void) - { -- acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table); -+ acpi_physical_address dmar_addr; -+ acpi_native_uint dmar_len; -+ -+ if ( ACPI_SUCCESS(acpi_get_table_phys(ACPI_SIG_DMAR, 0, -+ &dmar_addr, &dmar_len)) ) -+ { -+ map_pages_to_xen((unsigned long)__va(dmar_addr), PFN_DOWN(dmar_addr), -+ PFN_UP(dmar_addr + dmar_len) - PFN_DOWN(dmar_addr), -+ PAGE_HYPERVISOR); -+ dmar_table = __va(dmar_addr); -+ } -+ - return parse_dmar_table(acpi_parse_dmar); - } - ---- a/xen/include/acpi/acpixf.h -+++ b/xen/include/acpi/acpixf.h -@@ -77,6 +77,9 @@ acpi_status - acpi_get_table(acpi_string signature, - acpi_native_uint instance, struct acpi_table_header **out_table); - -+acpi_status -+acpi_get_table_phys(acpi_string signature, acpi_native_uint instance, -+ acpi_physical_address *addr, acpi_native_uint *len); - /* - * Namespace and name interfaces - */ diff --git a/26444-x86-nHVM-no-self-enable.patch b/26444-x86-nHVM-no-self-enable.patch deleted file mode 100644 index 96dfdaf..0000000 --- a/26444-x86-nHVM-no-self-enable.patch +++ /dev/null @@ -1,32 +0,0 @@ -References: CVE-2013-0152 XSA-35 bnc#797287 - -# HG changeset patch -# User Ian Campbell -# Date 1358938044 -3600 -# Node ID 621b1a889e9b120236698731e0b5ecc5b0cb1d82 -# Parent 9efe4c0bf9c8d3ecf03868c69c24dad3218523a4 -xen: Do not allow guests to enable nested HVM on themselves - -There is no reason for this and doing so exposes a memory leak to -guests. Only toolstacks need write access to this HVM param. - -This is XSA-35 / CVE-2013-0152. - -Signed-off-by: Ian Campbell -Acked-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -3930,6 +3930,11 @@ long do_hvm_op(unsigned long op, XEN_GUE - rc = -EINVAL; - break; - case HVM_PARAM_NESTEDHVM: -+ if ( !IS_PRIV(current->domain) ) -+ { -+ rc = -EPERM; -+ break; -+ } - #ifdef __i386__ - if ( a.value ) - rc = -EINVAL; diff --git a/26468-libxl-race.patch b/26468-libxl-race.patch deleted file mode 100644 index b2093ce..0000000 --- a/26468-libxl-race.patch +++ /dev/null @@ -1,343 +0,0 @@ -# HG changeset patch -# User Ian Jackson -# Date 1359031672 0 -# Node ID a181bf3e77df891c97fc20dff4e9b90b7584022b -# Parent 3e93c50982de4f2f7db99d92b04684556320541c -libxl: fix stale fd event callback race - -Because there is not necessarily any lock held at the point the -application (eg, libvirt) calls libxl_osevent_occurred_timeout and -..._fd, in a multithreaded program those calls may be arbitrarily -delayed in relation to other activities within the program. - -libxl therefore needs to be prepared to receive very old event -callbacks. Arrange for this to be the case for fd callbacks. - -This requires a new layer of indirection through a "hook nexus" struct -which can outlive the libxl__ev_foo. Allocation and deallocation of -these nexi is mostly handled in the OSEVENT macros which wrap up -the application's callbacks. - -Document the problem and the solution in a comment in libxl_event.c -just before the definition of struct libxl__osevent_hook_nexus. - -There is still a race relating to libxl__osevent_occurred_timeout; -this will be addressed in the following patch. - -Reported-by: Bamvor Jian Zhang -Cc: Bamvor Jian Zhang -Cc: Ian Campbell -Tested-by: Jim Fehlig -Acked-by: Jim Fehlig -Signed-off-by: Ian Jackson -Committed-by: Ian Campbell - -Index: xen-4.2.1-testing/tools/libxl/libxl_event.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_event.c -+++ xen-4.2.1-testing/tools/libxl/libxl_event.c -@@ -38,23 +38,131 @@ - * The application's registration hooks should be called ONLY via - * these macros, with the ctx locked. Likewise all the "occurred" - * entrypoints from the application should assert(!in_hook); -+ * -+ * During the hook call - including while the arguments are being -+ * evaluated - ev->nexus is guaranteed to be valid and refer to the -+ * nexus which is being used for this event registration. The -+ * arguments should specify ev->nexus for the for_libxl argument and -+ * ev->nexus->for_app_reg (or a pointer to it) for for_app_reg. - */ --#define OSEVENT_HOOK_INTERN(retval, hookname, ...) do { \ -- if (CTX->osevent_hooks) { \ -- CTX->osevent_in_hook++; \ -- retval CTX->osevent_hooks->hookname(CTX->osevent_user, __VA_ARGS__); \ -- CTX->osevent_in_hook--; \ -- } \ -+#define OSEVENT_HOOK_INTERN(retval, failedp, evkind, hookop, nexusop, ...) do { \ -+ if (CTX->osevent_hooks) { \ -+ CTX->osevent_in_hook++; \ -+ libxl__osevent_hook_nexi *nexi = &CTX->hook_##evkind##_nexi_idle; \ -+ osevent_hook_pre_##nexusop(gc, ev, nexi, &ev->nexus); \ -+ retval CTX->osevent_hooks->evkind##_##hookop \ -+ (CTX->osevent_user, __VA_ARGS__); \ -+ if ((failedp)) \ -+ osevent_hook_failed_##nexusop(gc, ev, nexi, &ev->nexus); \ -+ CTX->osevent_in_hook--; \ -+ } \ - } while (0) - --#define OSEVENT_HOOK(hookname, ...) ({ \ -- int osevent_hook_rc = 0; \ -- OSEVENT_HOOK_INTERN(osevent_hook_rc = , hookname, __VA_ARGS__); \ -- osevent_hook_rc; \ -+#define OSEVENT_HOOK(evkind, hookop, nexusop, ...) ({ \ -+ int osevent_hook_rc = 0; \ -+ OSEVENT_HOOK_INTERN(osevent_hook_rc =, !!osevent_hook_rc, \ -+ evkind, hookop, nexusop, __VA_ARGS__); \ -+ osevent_hook_rc; \ - }) - --#define OSEVENT_HOOK_VOID(hookname, ...) \ -- OSEVENT_HOOK_INTERN(/* void */, hookname, __VA_ARGS__) -+#define OSEVENT_HOOK_VOID(evkind, hookop, nexusop, ...) \ -+ OSEVENT_HOOK_INTERN(/* void */, 0, evkind, hookop, nexusop, __VA_ARGS__) -+ -+/* -+ * The application's calls to libxl_osevent_occurred_... may be -+ * indefinitely delayed with respect to the rest of the program (since -+ * they are not necessarily called with any lock held). So the -+ * for_libxl value we receive may be (almost) arbitrarily old. All we -+ * know is that it came from this ctx. -+ * -+ * Therefore we may not free the object referred to by any for_libxl -+ * value until we free the whole libxl_ctx. And if we reuse it we -+ * must be able to tell when an old use turns up, and discard the -+ * stale event. -+ * -+ * Thus we cannot use the ev directly as the for_libxl value - we need -+ * a layer of indirection. -+ * -+ * We do this by keeping a pool of libxl__osevent_hook_nexus structs, -+ * and use pointers to them as for_libxl values. In fact, there are -+ * two pools: one for fds and one for timeouts. This ensures that we -+ * don't risk a type error when we upcast nexus->ev. In each nexus -+ * the ev is either null or points to a valid libxl__ev_time or -+ * libxl__ev_fd, as applicable. -+ * -+ * We /do/ allow ourselves to reassociate an old nexus with a new ev -+ * as otherwise we would have to leak nexi. (This reassociation -+ * might, of course, be an old ev being reused for a new purpose so -+ * simply comparing the ev pointer is not sufficient.) Thus the -+ * libxl_osevent_occurred functions need to check that the condition -+ * allegedly signalled by this event actually exists. -+ * -+ * The nexi and the lists are all protected by the ctx lock. -+ */ -+ -+struct libxl__osevent_hook_nexus { -+ void *ev; -+ void *for_app_reg; -+ LIBXL_SLIST_ENTRY(libxl__osevent_hook_nexus) next; -+}; -+ -+static void *osevent_ev_from_hook_nexus(libxl_ctx *ctx, -+ libxl__osevent_hook_nexus *nexus /* pass void *for_libxl */) -+{ -+ return nexus->ev; -+} -+ -+static void osevent_release_nexus(libxl__gc *gc, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus *nexus) -+{ -+ nexus->ev = 0; -+ LIBXL_SLIST_INSERT_HEAD(nexi_idle, nexus, next); -+} -+ -+/*----- OSEVENT* hook functions for nexusop "alloc" -----*/ -+static void osevent_hook_pre_alloc(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus_r) -+{ -+ libxl__osevent_hook_nexus *nexus = LIBXL_SLIST_FIRST(nexi_idle); -+ if (nexus) { -+ LIBXL_SLIST_REMOVE_HEAD(nexi_idle, next); -+ } else { -+ nexus = libxl__zalloc(NOGC, sizeof(*nexus)); -+ } -+ nexus->ev = ev; -+ *nexus_r = nexus; -+} -+static void osevent_hook_failed_alloc(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) -+{ -+ osevent_release_nexus(gc, nexi_idle, *nexus); -+} -+ -+/*----- OSEVENT* hook functions for nexusop "release" -----*/ -+static void osevent_hook_pre_release(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) -+{ -+ osevent_release_nexus(gc, nexi_idle, *nexus); -+} -+static void osevent_hook_failed_release(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) -+{ -+ abort(); -+} -+ -+/*----- OSEVENT* hook functions for nexusop "noop" -----*/ -+static void osevent_hook_pre_noop(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) { } -+static void osevent_hook_failed_noop(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) { } -+ - - /* - * fd events -@@ -72,7 +180,8 @@ int libxl__ev_fd_register(libxl__gc *gc, - - DBG("ev_fd=%p register fd=%d events=%x", ev, fd, events); - -- rc = OSEVENT_HOOK(fd_register, fd, &ev->for_app_reg, events, ev); -+ rc = OSEVENT_HOOK(fd,register, alloc, fd, &ev->nexus->for_app_reg, -+ events, ev->nexus); - if (rc) goto out; - - ev->fd = fd; -@@ -97,7 +206,7 @@ int libxl__ev_fd_modify(libxl__gc *gc, l - - DBG("ev_fd=%p modify fd=%d events=%x", ev, ev->fd, events); - -- rc = OSEVENT_HOOK(fd_modify, ev->fd, &ev->for_app_reg, events); -+ rc = OSEVENT_HOOK(fd,modify, noop, ev->fd, &ev->nexus->for_app_reg, events); - if (rc) goto out; - - ev->events = events; -@@ -119,7 +228,7 @@ void libxl__ev_fd_deregister(libxl__gc * - - DBG("ev_fd=%p deregister fd=%d", ev, ev->fd); - -- OSEVENT_HOOK_VOID(fd_deregister, ev->fd, ev->for_app_reg); -+ OSEVENT_HOOK_VOID(fd,deregister, release, ev->fd, ev->nexus->for_app_reg); - LIBXL_LIST_REMOVE(ev, entry); - ev->fd = -1; - -@@ -171,7 +280,8 @@ static int time_register_finite(libxl__g - { - int rc; - -- rc = OSEVENT_HOOK(timeout_register, &ev->for_app_reg, absolute, ev); -+ rc = OSEVENT_HOOK(timeout,register, alloc, &ev->nexus->for_app_reg, -+ absolute, ev->nexus); - if (rc) return rc; - - ev->infinite = 0; -@@ -184,7 +294,7 @@ static int time_register_finite(libxl__g - static void time_deregister(libxl__gc *gc, libxl__ev_time *ev) - { - if (!ev->infinite) { -- OSEVENT_HOOK_VOID(timeout_deregister, ev->for_app_reg); -+ OSEVENT_HOOK_VOID(timeout,deregister, release, ev->nexus->for_app_reg); - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); - } - } -@@ -270,7 +380,8 @@ int libxl__ev_time_modify_abs(libxl__gc - rc = time_register_finite(gc, ev, absolute); - if (rc) goto out; - } else { -- rc = OSEVENT_HOOK(timeout_modify, &ev->for_app_reg, absolute); -+ rc = OSEVENT_HOOK(timeout,modify, noop, -+ &ev->nexus->for_app_reg, absolute); - if (rc) goto out; - - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); -@@ -1009,35 +1120,54 @@ void libxl_osevent_register_hooks(libxl_ - - - void libxl_osevent_occurred_fd(libxl_ctx *ctx, void *for_libxl, -- int fd, short events, short revents) -+ int fd, short events_ign, short revents_ign) - { -- libxl__ev_fd *ev = for_libxl; -- - EGC_INIT(ctx); - CTX_LOCK; - assert(!CTX->osevent_in_hook); - -- assert(fd == ev->fd); -- revents &= ev->events; -- if (revents) -- ev->func(egc, ev, fd, ev->events, revents); -+ libxl__ev_fd *ev = osevent_ev_from_hook_nexus(ctx, for_libxl); -+ if (!ev) goto out; -+ if (ev->fd != fd) goto out; - -+ struct pollfd check; -+ for (;;) { -+ check.fd = fd; -+ check.events = ev->events; -+ int r = poll(&check, 1, 0); -+ if (!r) -+ goto out; -+ if (r==1) -+ break; -+ assert(r<0); -+ if (errno != EINTR) { -+ LIBXL__EVENT_DISASTER(egc, "failed poll to check for fd", errno, 0); -+ goto out; -+ } -+ } -+ -+ if (check.revents) -+ ev->func(egc, ev, fd, ev->events, check.revents); -+ -+ out: - CTX_UNLOCK; - EGC_FREE; - } - - void libxl_osevent_occurred_timeout(libxl_ctx *ctx, void *for_libxl) - { -- libxl__ev_time *ev = for_libxl; -- - EGC_INIT(ctx); - CTX_LOCK; - assert(!CTX->osevent_in_hook); - -+ libxl__ev_time *ev = osevent_ev_from_hook_nexus(ctx, for_libxl); -+ if (!ev) goto out; - assert(!ev->infinite); -+ - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); - ev->func(egc, ev, &ev->abs); - -+ out: - CTX_UNLOCK; - EGC_FREE; - } -Index: xen-4.2.1-testing/tools/libxl/libxl_internal.h -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_internal.h -+++ xen-4.2.1-testing/tools/libxl/libxl_internal.h -@@ -136,6 +136,8 @@ typedef struct libxl__gc libxl__gc; - typedef struct libxl__egc libxl__egc; - typedef struct libxl__ao libxl__ao; - typedef struct libxl__aop_occurred libxl__aop_occurred; -+typedef struct libxl__osevent_hook_nexus libxl__osevent_hook_nexus; -+typedef struct libxl__osevent_hook_nexi libxl__osevent_hook_nexi; - - _hidden void libxl__alloc_failed(libxl_ctx *, const char *func, - size_t nmemb, size_t size) __attribute__((noreturn)); -@@ -163,7 +165,7 @@ struct libxl__ev_fd { - libxl__ev_fd_callback *func; - /* remainder is private for libxl__ev_fd... */ - LIBXL_LIST_ENTRY(libxl__ev_fd) entry; -- void *for_app_reg; -+ libxl__osevent_hook_nexus *nexus; - }; - - -@@ -178,7 +180,7 @@ struct libxl__ev_time { - int infinite; /* not registered in list or with app if infinite */ - LIBXL_TAILQ_ENTRY(libxl__ev_time) entry; - struct timeval abs; -- void *for_app_reg; -+ libxl__osevent_hook_nexus *nexus; - }; - - typedef struct libxl__ev_xswatch libxl__ev_xswatch; -@@ -329,6 +331,8 @@ struct libxl__ctx { - libxl__poller poller_app; /* libxl_osevent_beforepoll and _afterpoll */ - LIBXL_LIST_HEAD(, libxl__poller) pollers_event, pollers_idle; - -+ LIBXL_SLIST_HEAD(libxl__osevent_hook_nexi, libxl__osevent_hook_nexus) -+ hook_fd_nexi_idle, hook_timeout_nexi_idle; - LIBXL_LIST_HEAD(, libxl__ev_fd) efds; - LIBXL_TAILQ_HEAD(, libxl__ev_time) etimes; - diff --git a/26469-libxl-race.patch b/26469-libxl-race.patch deleted file mode 100644 index a099ff6..0000000 --- a/26469-libxl-race.patch +++ /dev/null @@ -1,228 +0,0 @@ -# HG changeset patch -# User Ian Jackson -# Date 1359031673 0 -# Node ID a162a72e719a85799e3b08f52af7bb2147a407b8 -# Parent a181bf3e77df891c97fc20dff4e9b90b7584022b -libxl: fix stale timeout event callback race - -Because there is not necessarily any lock held at the point the -application (eg, libvirt) calls libxl_osevent_occurred_timeout, in a -multithreaded program those calls may be arbitrarily delayed in -relation to other activities within the program. - -Specifically this means when ->timeout_deregister returns, libxl does -not know whether it can safely dispose of the for_libxl value or -whether it needs to retain it in case of an in-progress call to -_occurred_timeout. - -The interface could be fixed by requiring the application to make a -new call into libxl to say that the deregistration was complete. - -However that new call would have to be threaded through the -application's event loop; this is complicated and some application -authors are likely not to implement it properly. Furthermore the -easiest way to implement this facility in most event loops is to queue -up a time event for "now". - -Shortcut all of this by having libxl always call timeout_modify -setting abs={0,0} (ie, ASAP) instead of timeout_deregister. This will -cause the application to call _occurred_timeout. When processing this -calldown we see that we were no longer actually interested and simply -throw it away. - -Additionally, there is a race between _occurred_timeout and -->timeout_modify. If libxl ever adjusts the deadline for a timeout -the application may already be in the process of calling _occurred, in -which case the situation with for_app's lifetime becomes very -complicated. Therefore abolish libxl__ev_time_modify_{abs,rel} (which -have no callers) and promise to the application only ever to call -->timeout_modify with abs=={0,0}. The application still needs to cope -with ->timeout_modify racing with its internal function which calls -_occurred_timeout. Document this. - -This is a forwards-compatible change for applications using the libxl -API, and will hopefully eliminate these races in callback-supplying -applications (such as libvirt) without the need for corresponding -changes to the application. (It is possible that this might expose -bugs in applications, though, as previously libxl would never call -libxl_osevent_hooks->timeout_modify and now it never calls -->timeout_deregister). - -For clarity, fold the body of time_register_finite into its one -remaining call site. This makes the semantics of ev->infinite -slightly clearer. - -Cc: Bamvor Jian Zhang -Cc: Ian Campbell -Tested-by: Jim Fehlig -Acked-by: Jim Fehlig -Signed-off-by: Ian Jackson -Committed-by: Ian Campbell - -Index: xen-4.2.1-testing/tools/libxl/libxl_event.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_event.c -+++ xen-4.2.1-testing/tools/libxl/libxl_event.c -@@ -267,18 +267,11 @@ static int time_rel_to_abs(libxl__gc *gc - return 0; - } - --static void time_insert_finite(libxl__gc *gc, libxl__ev_time *ev) --{ -- libxl__ev_time *evsearch; -- LIBXL_TAILQ_INSERT_SORTED(&CTX->etimes, entry, ev, evsearch, /*empty*/, -- timercmp(&ev->abs, &evsearch->abs, >)); -- ev->infinite = 0; --} -- - static int time_register_finite(libxl__gc *gc, libxl__ev_time *ev, - struct timeval absolute) - { - int rc; -+ libxl__ev_time *evsearch; - - rc = OSEVENT_HOOK(timeout,register, alloc, &ev->nexus->for_app_reg, - absolute, ev->nexus); -@@ -286,7 +279,8 @@ static int time_register_finite(libxl__g - - ev->infinite = 0; - ev->abs = absolute; -- time_insert_finite(gc, ev); -+ LIBXL_TAILQ_INSERT_SORTED(&CTX->etimes, entry, ev, evsearch, /*empty*/, -+ timercmp(&ev->abs, &evsearch->abs, >)); - - return 0; - } -@@ -294,7 +288,12 @@ static int time_register_finite(libxl__g - static void time_deregister(libxl__gc *gc, libxl__ev_time *ev) - { - if (!ev->infinite) { -- OSEVENT_HOOK_VOID(timeout,deregister, release, ev->nexus->for_app_reg); -+ struct timeval right_away = { 0, 0 }; -+ if (ev->nexus) /* only set if app provided hooks */ -+ ev->nexus->ev = 0; -+ OSEVENT_HOOK_VOID(timeout,modify, -+ noop /* release nexus in _occurred_ */, -+ &ev->nexus->for_app_reg, right_away); - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); - } - } -@@ -364,70 +363,6 @@ int libxl__ev_time_register_rel(libxl__g - return rc; - } - --int libxl__ev_time_modify_abs(libxl__gc *gc, libxl__ev_time *ev, -- struct timeval absolute) --{ -- int rc; -- -- CTX_LOCK; -- -- DBG("ev_time=%p modify abs==%lu.%06lu", -- ev, (unsigned long)absolute.tv_sec, (unsigned long)absolute.tv_usec); -- -- assert(libxl__ev_time_isregistered(ev)); -- -- if (ev->infinite) { -- rc = time_register_finite(gc, ev, absolute); -- if (rc) goto out; -- } else { -- rc = OSEVENT_HOOK(timeout,modify, noop, -- &ev->nexus->for_app_reg, absolute); -- if (rc) goto out; -- -- LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); -- ev->abs = absolute; -- time_insert_finite(gc, ev); -- } -- -- rc = 0; -- out: -- time_done_debug(gc,__func__,ev,rc); -- CTX_UNLOCK; -- return rc; --} -- --int libxl__ev_time_modify_rel(libxl__gc *gc, libxl__ev_time *ev, -- int milliseconds) --{ -- struct timeval absolute; -- int rc; -- -- CTX_LOCK; -- -- DBG("ev_time=%p modify ms=%d", ev, milliseconds); -- -- assert(libxl__ev_time_isregistered(ev)); -- -- if (milliseconds < 0) { -- time_deregister(gc, ev); -- ev->infinite = 1; -- rc = 0; -- goto out; -- } -- -- rc = time_rel_to_abs(gc, milliseconds, &absolute); -- if (rc) goto out; -- -- rc = libxl__ev_time_modify_abs(gc, ev, absolute); -- if (rc) goto out; -- -- rc = 0; -- out: -- time_done_debug(gc,__func__,ev,rc); -- CTX_UNLOCK; -- return rc; --} -- - void libxl__ev_time_deregister(libxl__gc *gc, libxl__ev_time *ev) - { - CTX_LOCK; -@@ -1160,7 +1095,11 @@ void libxl_osevent_occurred_timeout(libx - CTX_LOCK; - assert(!CTX->osevent_in_hook); - -- libxl__ev_time *ev = osevent_ev_from_hook_nexus(ctx, for_libxl); -+ libxl__osevent_hook_nexus *nexus = for_libxl; -+ libxl__ev_time *ev = osevent_ev_from_hook_nexus(ctx, nexus); -+ -+ osevent_release_nexus(gc, &CTX->hook_timeout_nexi_idle, nexus); -+ - if (!ev) goto out; - assert(!ev->infinite); - -Index: xen-4.2.1-testing/tools/libxl/libxl_event.h -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_event.h -+++ xen-4.2.1-testing/tools/libxl/libxl_event.h -@@ -287,8 +287,10 @@ typedef struct libxl_osevent_hooks { - int (*timeout_register)(void *user, void **for_app_registration_out, - struct timeval abs, void *for_libxl); - int (*timeout_modify)(void *user, void **for_app_registration_update, -- struct timeval abs); -- void (*timeout_deregister)(void *user, void *for_app_registration); -+ struct timeval abs) -+ /* only ever called with abs={0,0}, meaning ASAP */; -+ void (*timeout_deregister)(void *user, void *for_app_registration) -+ /* will never be called */; - } libxl_osevent_hooks; - - /* The application which calls register_fd_hooks promises to -@@ -337,6 +339,17 @@ typedef struct libxl_osevent_hooks { - * register (or modify), and pass it to subsequent calls to modify - * or deregister. - * -+ * Note that the application must cope with a call from libxl to -+ * timeout_modify racing with its own call to -+ * libxl__osevent_occurred_timeout. libxl guarantees that -+ * timeout_modify will only be called with abs={0,0} but the -+ * application must still ensure that libxl's attempt to cause the -+ * timeout to occur immediately is safely ignored even the timeout is -+ * actually already in the process of occurring. -+ * -+ * timeout_deregister is not used because it forms part of a -+ * deprecated unsafe mode of use of the API. -+ * - * osevent_register_hooks may be called only once for each libxl_ctx. - * libxl may make calls to register/modify/deregister from within - * any libxl function (indeed, it will usually call register from diff --git a/26501-VMX-simplify-CR0-update.patch b/26501-VMX-simplify-CR0-update.patch deleted file mode 100644 index bf3b7da..0000000 --- a/26501-VMX-simplify-CR0-update.patch +++ /dev/null @@ -1,64 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1359566139 28800 -# Node ID 8201b6ec3564c80db5516cdcf36dcfa9b7fdd93b -# Parent 1fe8ecfdf10cc9077fc810364663a0f25a5c5b96 -vmx: Simplify cr0 update handling by deferring cr4 changes to the cr4 handler. - -Signed-off-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1133,20 +1133,18 @@ static void vmx_update_guest_cr(struct v - - if ( paging_mode_hap(v->domain) ) - { -- /* We manage GUEST_CR3 when guest CR0.PE is zero or when cr3 memevents are on */ -+ /* Manage GUEST_CR3 when CR0.PE=0. */ - uint32_t cr3_ctls = (CPU_BASED_CR3_LOAD_EXITING | - CPU_BASED_CR3_STORE_EXITING); - v->arch.hvm_vmx.exec_control &= ~cr3_ctls; - if ( !hvm_paging_enabled(v) ) - v->arch.hvm_vmx.exec_control |= cr3_ctls; - -+ /* Trap CR3 updates if CR3 memory events are enabled. */ - if ( v->domain->arch.hvm_domain.params[HVM_PARAM_MEMORY_EVENT_CR3] ) - v->arch.hvm_vmx.exec_control |= CPU_BASED_CR3_LOAD_EXITING; - - vmx_update_cpu_exec_control(v); -- -- /* Changing CR0.PE can change some bits in real CR4. */ -- vmx_update_guest_cr(v, 4); - } - - if ( !(v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_TS) ) -@@ -1176,8 +1174,6 @@ static void vmx_update_guest_cr(struct v - { - for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ ) - vmx_set_segment_register(v, s, ®[s]); -- v->arch.hvm_vcpu.hw_cr[4] |= X86_CR4_VME; -- __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); - v->arch.hvm_vmx.exception_bitmap = 0xffffffff; - vmx_update_exception_bitmap(v); - } -@@ -1187,10 +1183,6 @@ static void vmx_update_guest_cr(struct v - if ( !(v->arch.hvm_vmx.vm86_segment_mask & (1<arch.hvm_vmx.vm86_saved_seg[s]); -- v->arch.hvm_vcpu.hw_cr[4] = -- ((v->arch.hvm_vcpu.hw_cr[4] & ~X86_CR4_VME) -- |(v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_VME)); -- __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); - v->arch.hvm_vmx.exception_bitmap = HVM_TRAP_MASK - | (paging_mode_hap(v->domain) ? - 0 : (1U << TRAP_page_fault)) -@@ -1204,6 +1196,9 @@ static void vmx_update_guest_cr(struct v - v->arch.hvm_vcpu.guest_cr[0] | hw_cr0_mask; - __vmwrite(GUEST_CR0, v->arch.hvm_vcpu.hw_cr[0]); - __vmwrite(CR0_READ_SHADOW, v->arch.hvm_vcpu.guest_cr[0]); -+ -+ /* Changing CR0 can change some bits in real CR4. */ -+ vmx_update_guest_cr(v, 4); - break; - } - case 2: diff --git a/26502-VMX-disable-SMEP-when-not-paging.patch b/26502-VMX-disable-SMEP-when-not-paging.patch deleted file mode 100644 index 4c6f5eb..0000000 --- a/26502-VMX-disable-SMEP-when-not-paging.patch +++ /dev/null @@ -1,39 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1359566250 28800 -# Node ID d1bf3b21f78302dad1ed53e540facf7b9a0e2ab5 -# Parent 8201b6ec3564c80db5516cdcf36dcfa9b7fdd93b -VMX: disable SMEP feature when guest is in non-paging mode - -SMEP is disabled if CPU is in non-paging mode in hardware. -However Xen always uses paging mode to emulate guest non-paging -mode with HAP. To emulate this behavior, SMEP needs to be manually -disabled when guest switches to non-paging mode. - -We met an issue that, SMP Linux guest with recent kernel (enable -SMEP support, for example, 3.5.3) would crash with triple fault if -setting unrestricted_guest=0 in grub. This is because Xen uses an -identity mapping page table to emulate the non-paging mode, where -the page table is set with USER flag. If SMEP is still enabled in -this case, guest will meet unhandlable page fault and then crash. - -Signed-off-by: Dongxiao Xu -Signed-off-by: Xiantao Zhang -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1227,6 +1227,13 @@ static void vmx_update_guest_cr(struct v - { - v->arch.hvm_vcpu.hw_cr[4] |= X86_CR4_PSE; - v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_PAE; -+ /* -+ * SMEP is disabled if CPU is in non-paging mode in hardware. -+ * However Xen always uses paging mode to emulate guest non-paging -+ * mode with HAP. To emulate this behavior, SMEP needs to be -+ * manually disabled when guest switches to non-paging mode. -+ */ -+ v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_SMEP; - } - __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); - __vmwrite(CR4_READ_SHADOW, v->arch.hvm_vcpu.guest_cr[4]); diff --git a/26516-ACPI-parse-table-retval.patch b/26516-ACPI-parse-table-retval.patch deleted file mode 100644 index 1a42d93..0000000 --- a/26516-ACPI-parse-table-retval.patch +++ /dev/null @@ -1,37 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Boris Ostrovsky -# Date 1360073898 -3600 -# Node ID 32d4516a97f0b22ed06155f7b8e0bff075024991 -# Parent 2fdca30363f08026971c094e8a1a84e19ca3e55b -ACPI: acpi_table_parse() should return handler's error code - -Currently, the error code returned by acpi_table_parse()'s handler -is ignored. This patch will propagate handler's return value to -acpi_table_parse()'s caller. - -Signed-off-by: Boris Ostrovsky -Committed-by: Jan Beulich - ---- a/xen/drivers/acpi/tables.c -+++ b/xen/drivers/acpi/tables.c -@@ -267,7 +267,7 @@ acpi_table_parse_madt(enum acpi_madt_typ - * @handler: handler to run - * - * Scan the ACPI System Descriptor Table (STD) for a table matching @id, -- * run @handler on it. Return 0 if table found, return on if not. -+ * run @handler on it. - */ - int __init acpi_table_parse(char *id, acpi_table_handler handler) - { -@@ -282,8 +282,7 @@ int __init acpi_table_parse(char *id, ac - acpi_get_table(id, 0, &table); - - if (table) { -- handler(table); -- return 0; -+ return handler(table); - } else - return 1; - } diff --git a/26517-AMD-IOMMU-clear-irtes.patch b/26517-AMD-IOMMU-clear-irtes.patch deleted file mode 100644 index 8a1c35d..0000000 --- a/26517-AMD-IOMMU-clear-irtes.patch +++ /dev/null @@ -1,205 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Jan Beulich -# Date 1360074047 -3600 -# Node ID 601139e2b0db7dc8a5bb69b9b7373fb87742741c -# Parent 32d4516a97f0b22ed06155f7b8e0bff075024991 -AMD,IOMMU: Clean up old entries in remapping tables when creating new one - -When changing the affinity of an IRQ associated with a passed -through PCI device, clear previous mapping. - -This is XSA-36 / CVE-2013-0153. - -Signed-off-by: Jan Beulich - -In addition, because some BIOSes may incorrectly program IVRS -entries for IOAPIC try to check for entry's consistency. Specifically, -if conflicting entries are found disable IOMMU if per-device -remapping table is used. If entries refer to bogus IOAPIC IDs -disable IOMMU unconditionally - -Signed-off-by: Boris Ostrovsky - ---- a/xen/drivers/passthrough/amd/iommu_acpi.c -+++ b/xen/drivers/passthrough/amd/iommu_acpi.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -635,6 +636,7 @@ static u16 __init parse_ivhd_device_spec - u16 header_length, u16 block_length, struct amd_iommu *iommu) - { - u16 dev_length, bdf; -+ int apic; - - dev_length = sizeof(*special); - if ( header_length < (block_length + dev_length) ) -@@ -651,10 +653,59 @@ static u16 __init parse_ivhd_device_spec - } - - add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, iommu); -- /* set device id of ioapic */ -- ioapic_sbdf[special->handle].bdf = bdf; -- ioapic_sbdf[special->handle].seg = seg; -- return dev_length; -+ -+ if ( special->variety != ACPI_IVHD_IOAPIC ) -+ { -+ if ( special->variety != ACPI_IVHD_HPET ) -+ printk(XENLOG_ERR "Unrecognized IVHD special variety %#x\n", -+ special->variety); -+ return dev_length; -+ } -+ -+ /* -+ * Some BIOSes have IOAPIC broken entries so we check for IVRS -+ * consistency here --- whether entry's IOAPIC ID is valid and -+ * whether there are conflicting/duplicated entries. -+ */ -+ for ( apic = 0; apic < nr_ioapics; apic++ ) -+ { -+ if ( IO_APIC_ID(apic) != special->handle ) -+ continue; -+ -+ if ( ioapic_sbdf[special->handle].pin_setup ) -+ { -+ if ( ioapic_sbdf[special->handle].bdf == bdf && -+ ioapic_sbdf[special->handle].seg == seg ) -+ AMD_IOMMU_DEBUG("IVHD Warning: Duplicate IO-APIC %#x entries\n", -+ special->handle); -+ else -+ { -+ printk(XENLOG_ERR "IVHD Error: Conflicting IO-APIC %#x entries\n", -+ special->handle); -+ if ( amd_iommu_perdev_intremap ) -+ return 0; -+ } -+ } -+ else -+ { -+ /* set device id of ioapic */ -+ ioapic_sbdf[special->handle].bdf = bdf; -+ ioapic_sbdf[special->handle].seg = seg; -+ -+ ioapic_sbdf[special->handle].pin_setup = xzalloc_array( -+ unsigned long, BITS_TO_LONGS(nr_ioapic_entries[apic])); -+ if ( nr_ioapic_entries[apic] && -+ !ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) -+ { -+ printk(XENLOG_ERR "IVHD Error: Out of memory\n"); -+ return 0; -+ } -+ } -+ return dev_length; -+ } -+ -+ printk(XENLOG_ERR "IVHD Error: Invalid IO-APIC %#x\n", special->handle); -+ return 0; - } - - static int __init parse_ivhd_block(const struct acpi_ivrs_hardware *ivhd_block) ---- a/xen/drivers/passthrough/amd/iommu_intr.c -+++ b/xen/drivers/passthrough/amd/iommu_intr.c -@@ -99,12 +99,12 @@ static void update_intremap_entry(u32* e - static void update_intremap_entry_from_ioapic( - int bdf, - struct amd_iommu *iommu, -- struct IO_APIC_route_entry *ioapic_rte) -+ const struct IO_APIC_route_entry *rte, -+ const struct IO_APIC_route_entry *old_rte) - { - unsigned long flags; - u32* entry; - u8 delivery_mode, dest, vector, dest_mode; -- struct IO_APIC_route_entry *rte = ioapic_rte; - int req_id; - spinlock_t *lock; - int offset; -@@ -120,6 +120,14 @@ static void update_intremap_entry_from_i - spin_lock_irqsave(lock, flags); - - offset = get_intremap_offset(vector, delivery_mode); -+ if ( old_rte ) -+ { -+ int old_offset = get_intremap_offset(old_rte->vector, -+ old_rte->delivery_mode); -+ -+ if ( offset != old_offset ) -+ free_intremap_entry(iommu->seg, bdf, old_offset); -+ } - entry = (u32*)get_intremap_entry(iommu->seg, req_id, offset); - update_intremap_entry(entry, vector, delivery_mode, dest_mode, dest); - -@@ -188,6 +196,7 @@ int __init amd_iommu_setup_ioapic_remapp - amd_iommu_flush_intremap(iommu, req_id); - spin_unlock_irqrestore(&iommu->lock, flags); - } -+ set_bit(pin, ioapic_sbdf[IO_APIC_ID(apic)].pin_setup); - } - } - return 0; -@@ -199,6 +208,7 @@ void amd_iommu_ioapic_update_ire( - struct IO_APIC_route_entry old_rte = { 0 }; - struct IO_APIC_route_entry new_rte = { 0 }; - unsigned int rte_lo = (reg & 1) ? reg - 1 : reg; -+ unsigned int pin = (reg - 0x10) / 2; - int saved_mask, seg, bdf; - struct amd_iommu *iommu; - -@@ -236,6 +246,14 @@ void amd_iommu_ioapic_update_ire( - *(((u32 *)&new_rte) + 1) = value; - } - -+ if ( new_rte.mask && -+ !test_bit(pin, ioapic_sbdf[IO_APIC_ID(apic)].pin_setup) ) -+ { -+ ASSERT(saved_mask); -+ __io_apic_write(apic, reg, value); -+ return; -+ } -+ - /* mask the interrupt while we change the intremap table */ - if ( !saved_mask ) - { -@@ -244,7 +262,11 @@ void amd_iommu_ioapic_update_ire( - } - - /* Update interrupt remapping entry */ -- update_intremap_entry_from_ioapic(bdf, iommu, &new_rte); -+ update_intremap_entry_from_ioapic( -+ bdf, iommu, &new_rte, -+ test_and_set_bit(pin, -+ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup) ? &old_rte -+ : NULL); - - /* Forward write access to IO-APIC RTE */ - __io_apic_write(apic, reg, value); -@@ -354,6 +376,12 @@ void amd_iommu_msi_msg_update_ire( - return; - } - -+ if ( msi_desc->remap_index >= 0 ) -+ update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, NULL); -+ -+ if ( !msg ) -+ return; -+ - update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, msg); - } - ---- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h -+++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h -@@ -100,6 +100,7 @@ void amd_iommu_read_msi_from_ire( - - extern struct ioapic_sbdf { - u16 bdf, seg; -+ unsigned long *pin_setup; - } ioapic_sbdf[MAX_IO_APICS]; - extern void *shared_intremap_table; - diff --git a/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch b/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch deleted file mode 100644 index 23e2940..0000000 --- a/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch +++ /dev/null @@ -1,77 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Boris Ostrovsky -# Date 1360074085 -3600 -# Node ID e379a23b04655e9e43dc50944a5c9d1e59d8bee9 -# Parent 601139e2b0db7dc8a5bb69b9b7373fb87742741c -AMD,IOMMU: Disable IOMMU if SATA Combined mode is on - -AMD's SP5100 chipset can be placed into SATA Combined mode -that may cause prevent dom0 from booting when IOMMU is -enabled and per-device interrupt remapping table is used. -While SP5100 erratum 28 requires BIOSes to disable this mode, -some may still use it. - -This patch checks whether this mode is on and, if per-device -table is in use, disables IOMMU. - -This is XSA-36 / CVE-2013-0153. - -Signed-off-by: Boris Ostrovsky - -Flipped operands of && in amd_iommu_init() to make the message issued -by amd_sp5100_erratum28() match reality (when amd_iommu_perdev_intremap -is zero, there's really no point in calling the function). - -Signed-off-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/xen/drivers/passthrough/amd/iommu_init.c -+++ b/xen/drivers/passthrough/amd/iommu_init.c -@@ -1118,12 +1118,45 @@ static int __init amd_iommu_setup_device - return 0; - } - -+/* Check whether SP5100 SATA Combined mode is on */ -+static bool_t __init amd_sp5100_erratum28(void) -+{ -+ u32 bus, id; -+ u16 vendor_id, dev_id; -+ u8 byte; -+ -+ for (bus = 0; bus < 256; bus++) -+ { -+ id = pci_conf_read32(0, bus, 0x14, 0, PCI_VENDOR_ID); -+ -+ vendor_id = id & 0xffff; -+ dev_id = (id >> 16) & 0xffff; -+ -+ /* SP5100 SMBus module sets Combined mode on */ -+ if (vendor_id != 0x1002 || dev_id != 0x4385) -+ continue; -+ -+ byte = pci_conf_read8(0, bus, 0x14, 0, 0xad); -+ if ( (byte >> 3) & 1 ) -+ { -+ printk(XENLOG_WARNING "AMD-Vi: SP5100 erratum 28 detected, disabling IOMMU.\n" -+ "If possible, disable SATA Combined mode in BIOS or contact your vendor for BIOS update.\n"); -+ return 1; -+ } -+ } -+ -+ return 0; -+} -+ - int __init amd_iommu_init(void) - { - struct amd_iommu *iommu; - - BUG_ON( !iommu_found() ); - -+ if ( amd_iommu_perdev_intremap && amd_sp5100_erratum28() ) -+ goto error_out; -+ - ivrs_bdf_entries = amd_iommu_get_ivrs_dev_entries(); - - if ( !ivrs_bdf_entries ) diff --git a/26519-AMD-IOMMU-perdev-intremap-default.patch b/26519-AMD-IOMMU-perdev-intremap-default.patch deleted file mode 100644 index 9fb9ed2..0000000 --- a/26519-AMD-IOMMU-perdev-intremap-default.patch +++ /dev/null @@ -1,55 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Boris Ostrovsky -# Date 1360074131 -3600 -# Node ID 1af531e7bc2fc518f16d8d1461083c528e1517cf -# Parent e379a23b04655e9e43dc50944a5c9d1e59d8bee9 -AMD,IOMMU: Make per-device interrupt remapping table default - -Using global interrupt remapping table may be insecure, as -described by XSA-36. This patch makes per-device mode default. - -This is XSA-36 / CVE-2013-0153. - -Signed-off-by: Boris Ostrovsky - -Moved warning in amd_iov_detect() to location covering all cases. - -Signed-off-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/xen/arch/x86/irq.c -+++ b/xen/arch/x86/irq.c -@@ -1942,9 +1942,6 @@ int map_domain_pirq( - spin_lock_irqsave(&desc->lock, flags); - set_domain_irq_pirq(d, irq, info); - spin_unlock_irqrestore(&desc->lock, flags); -- -- if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV ) -- printk(XENLOG_INFO "Per-device vector maps for GSIs not implemented yet.\n"); - } - - done: ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c -@@ -204,6 +204,8 @@ int __init amd_iov_detect(void) - { - printk("AMD-Vi: Not overriding irq_vector_map setting\n"); - } -+ if ( !amd_iommu_perdev_intremap ) -+ printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is not recommended (see XSA-36)!\n"); - return scan_pci_devices(); - } - ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -52,7 +52,7 @@ bool_t __read_mostly iommu_qinval = 1; - bool_t __read_mostly iommu_intremap = 1; - bool_t __read_mostly iommu_hap_pt_share = 1; - bool_t __read_mostly iommu_debug; --bool_t __read_mostly amd_iommu_perdev_intremap; -+bool_t __read_mostly amd_iommu_perdev_intremap = 1; - - DEFINE_PER_CPU(bool_t, iommu_dont_flush_iotlb); - diff --git a/26526-pvdrv-no-devinit.patch b/26526-pvdrv-no-devinit.patch deleted file mode 100644 index c3903db..0000000 --- a/26526-pvdrv-no-devinit.patch +++ /dev/null @@ -1,37 +0,0 @@ -# HG changeset patch -# User Olaf Hering -# Date 1360664991 -3600 -# Node ID a37aa55c3cbcb0e8340b4985314ef8fb31d7610b -# Parent 9af6e566befe5516e66b62197813aa22e1d7122c -unmodified_drivers: __devinit was removed in linux-3.8 - -Signed-off-by: Olaf Hering - -Merge with __init handling. - -Signed-off-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h -+++ b/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h -@@ -13,10 +13,19 @@ - #define DEFINE_SPINLOCK(x) spinlock_t x = SPIN_LOCK_UNLOCKED - #endif - --#if defined(_LINUX_INIT_H) && !defined(__init) -+#ifdef _LINUX_INIT_H -+ -+#ifndef __init - #define __init - #endif - -+#ifndef __devinit -+#define __devinit -+#define __devinitdata -+#endif -+ -+#endif /* _LINUX_INIT_H */ -+ - #if defined(__LINUX_CACHE_H) && !defined(__read_mostly) - #define __read_mostly - #endif diff --git a/26529-gcc48-build-fix.patch b/26529-gcc48-build-fix.patch deleted file mode 100644 index 4fbadc6..0000000 --- a/26529-gcc48-build-fix.patch +++ /dev/null @@ -1,21 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1360775011 0 -# Node ID 97b7e546e2e4a021491e198a33f7d685550ebc73 -# Parent 742dde457258422a3d08e3ddbf9a7eae55c93acb -gcc4.8 build fix: Add -Wno-unused-local-typedefs to CFLAGS. - -Based on a patch by M A Young - -Signed-off-by: Keir Fraser - ---- a/Config.mk -+++ b/Config.mk -@@ -166,6 +166,7 @@ CFLAGS-$(clang) += -Wno-parentheses -Wno - $(call cc-option-add,HOSTCFLAGS,HOSTCC,-Wdeclaration-after-statement) - $(call cc-option-add,CFLAGS,CC,-Wdeclaration-after-statement) - $(call cc-option-add,CFLAGS,CC,-Wno-unused-but-set-variable) -+$(call cc-option-add,CFLAGS,CC,-Wno-unused-local-typedefs) - - LDFLAGS += $(foreach i, $(EXTRA_LIB), -L$(i)) - CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i)) diff --git a/26531-AMD-IOMMU-IVHD-special-missing.patch b/26531-AMD-IOMMU-IVHD-special-missing.patch deleted file mode 100644 index 4e2da89..0000000 --- a/26531-AMD-IOMMU-IVHD-special-missing.patch +++ /dev/null @@ -1,127 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Jan Beulich -# Date 1360831252 -3600 -# Node ID e68f14b9e73925e9d404e517ba510f73fe472e4e -# Parent c43be17eec0602015fc6461d1f13c992ba330c20 -AMD IOMMU: also spot missing IO-APIC entries in IVRS table - -Apart from dealing duplicate conflicting entries, we also have to -handle firmware omitting IO-APIC entries in IVRS altogether. Not doing -so has resulted in c/s 26517:601139e2b0db to crash such systems during -boot (whereas with the change here the IOMMU gets disabled just as is -being done in the other cases, i.e. unless global tables are being -used). - -Debugging this issue has also pointed out that the debug log output is -pretty ugly to look at - consolidate the output, and add one extra -item for the IVHD special entries, so that future issues are easier -to analyze. - -Signed-off-by: Jan Beulich -Tested-by: Sander Eikelenboom -Acked-by: Ian Campbell - ---- a/xen/drivers/passthrough/amd/iommu_acpi.c -+++ b/xen/drivers/passthrough/amd/iommu_acpi.c -@@ -352,9 +352,8 @@ static int __init parse_ivmd_block(const - base = start_addr & PAGE_MASK; - limit = (start_addr + mem_length - 1) & PAGE_MASK; - -- AMD_IOMMU_DEBUG("IVMD Block: Type 0x%x\n",ivmd_block->header.type); -- AMD_IOMMU_DEBUG(" Start_Addr_Phys 0x%lx\n", start_addr); -- AMD_IOMMU_DEBUG(" Mem_Length 0x%lx\n", mem_length); -+ AMD_IOMMU_DEBUG("IVMD Block: type %#x phys %#lx len %#lx\n", -+ ivmd_block->header.type, start_addr, mem_length); - - if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; -@@ -549,8 +548,8 @@ static u16 __init parse_ivhd_device_alia - return 0; - } - -- AMD_IOMMU_DEBUG(" Dev_Id Range: 0x%x -> 0x%x\n", first_bdf, last_bdf); -- AMD_IOMMU_DEBUG(" Dev_Id Alias: 0x%x\n", alias_id); -+ AMD_IOMMU_DEBUG(" Dev_Id Range: %#x -> %#x alias %#x\n", -+ first_bdf, last_bdf, alias_id); - - for ( bdf = first_bdf; bdf <= last_bdf; bdf++ ) - add_ivrs_mapping_entry(bdf, alias_id, range->alias.header.data_setting, -@@ -652,6 +651,9 @@ static u16 __init parse_ivhd_device_spec - return 0; - } - -+ AMD_IOMMU_DEBUG("IVHD Special: %04x:%02x:%02x.%u variety %#x handle %#x\n", -+ seg, PCI_BUS(bdf), PCI_SLOT(bdf), PCI_FUNC(bdf), -+ special->variety, special->handle); - add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, iommu); - - if ( special->variety != ACPI_IVHD_IOAPIC ) -@@ -737,10 +739,9 @@ static int __init parse_ivhd_block(const - { - ivhd_device = (const void *)((const u8 *)ivhd_block + block_length); - -- AMD_IOMMU_DEBUG( "IVHD Device Entry:\n"); -- AMD_IOMMU_DEBUG( " Type 0x%x\n", ivhd_device->header.type); -- AMD_IOMMU_DEBUG( " Dev_Id 0x%x\n", ivhd_device->header.id); -- AMD_IOMMU_DEBUG( " Flags 0x%x\n", ivhd_device->header.data_setting); -+ AMD_IOMMU_DEBUG("IVHD Device Entry: type %#x id %#x flags %#x\n", -+ ivhd_device->header.type, ivhd_device->header.id, -+ ivhd_device->header.data_setting); - - switch ( ivhd_device->header.type ) - { -@@ -869,6 +870,7 @@ static int __init parse_ivrs_table(struc - { - const struct acpi_ivrs_header *ivrs_block; - unsigned long length; -+ unsigned int apic; - int error = 0; - - BUG_ON(!table); -@@ -882,11 +884,9 @@ static int __init parse_ivrs_table(struc - { - ivrs_block = (struct acpi_ivrs_header *)((u8 *)table + length); - -- AMD_IOMMU_DEBUG("IVRS Block:\n"); -- AMD_IOMMU_DEBUG(" Type 0x%x\n", ivrs_block->type); -- AMD_IOMMU_DEBUG(" Flags 0x%x\n", ivrs_block->flags); -- AMD_IOMMU_DEBUG(" Length 0x%x\n", ivrs_block->length); -- AMD_IOMMU_DEBUG(" Dev_Id 0x%x\n", ivrs_block->device_id); -+ AMD_IOMMU_DEBUG("IVRS Block: type %#x flags %#x len %#x id %#x\n", -+ ivrs_block->type, ivrs_block->flags, -+ ivrs_block->length, ivrs_block->device_id); - - if ( table->length < (length + ivrs_block->length) ) - { -@@ -901,6 +901,29 @@ static int __init parse_ivrs_table(struc - length += ivrs_block->length; - } - -+ /* Each IO-APIC must have been mentioned in the table. */ -+ for ( apic = 0; !error && apic < nr_ioapics; ++apic ) -+ { -+ if ( !nr_ioapic_entries[apic] || -+ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) -+ continue; -+ -+ printk(XENLOG_ERR "IVHD Error: no information for IO-APIC %#x\n", -+ IO_APIC_ID(apic)); -+ if ( amd_iommu_perdev_intremap ) -+ error = -ENXIO; -+ else -+ { -+ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup = xzalloc_array( -+ unsigned long, BITS_TO_LONGS(nr_ioapic_entries[apic])); -+ if ( !ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) -+ { -+ printk(XENLOG_ERR "IVHD Error: Out of memory\n"); -+ error = -ENOMEM; -+ } -+ } -+ } -+ - return error; - } - diff --git a/26536-xenoprof-div-by-0.patch b/26536-xenoprof-div-by-0.patch deleted file mode 100644 index da857ab..0000000 --- a/26536-xenoprof-div-by-0.patch +++ /dev/null @@ -1,39 +0,0 @@ -# HG changeset patch -# User Tim Deegan -# Date 1360917722 -3600 -# Node ID 0cca8a18432f08b342d76a753aa98559d892f592 -# Parent 7af3c38ae187b351c5cea58e9eee482b50d814d8 -xenoprof: avoid division by 0 - -Signed-off-by: Tim Deegan -Acked-by: Jan Beulich -Acked-by: Keir Fraser -Committed-by: Jan Beulich - ---- a/xen/common/xenoprof.c -+++ b/xen/common/xenoprof.c -@@ -193,6 +193,13 @@ static int alloc_xenoprof_struct( - unsigned max_max_samples; - int i; - -+ nvcpu = 0; -+ for_each_vcpu ( d, v ) -+ nvcpu++; -+ -+ if ( !nvcpu ) -+ return -EINVAL; -+ - d->xenoprof = xzalloc(struct xenoprof); - if ( d->xenoprof == NULL ) - { -@@ -209,10 +216,6 @@ static int alloc_xenoprof_struct( - return -ENOMEM; - } - -- nvcpu = 0; -- for_each_vcpu ( d, v ) -- nvcpu++; -- - bufsize = sizeof(struct xenoprof_buf); - i = sizeof(struct event_log); - #ifdef CONFIG_COMPAT diff --git a/26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch b/26549-tools-xc_turn_XCFLAGS__into_shifts.patch similarity index 100% rename from 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch rename to 26549-tools-xc_turn_XCFLAGS__into_shifts.patch diff --git a/26554-hvm-firmware-passthrough.patch b/26554-hvm-firmware-passthrough.patch index 3f5af46..175ddf9 100644 --- a/26554-hvm-firmware-passthrough.patch +++ b/26554-hvm-firmware-passthrough.patch @@ -9,10 +9,11 @@ Signed-off-by: Ross Philipson Acked-by: Ian Campbell Committed-by: Ian Campbell -diff -r 71c15ae09983 -r 3124ab7855fd tools/libxl/libxl_dom.c ---- a/tools/libxl/libxl_dom.c Fri Feb 15 13:32:15 2013 +0000 -+++ b/tools/libxl/libxl_dom.c Fri Feb 15 13:32:16 2013 +0000 -@@ -542,17 +542,24 @@ int libxl__build_hvm(libxl__gc *gc, uint +Index: xen-4.2.2-testing/tools/libxl/libxl_dom.c +=================================================================== +--- xen-4.2.2-testing.orig/tools/libxl/libxl_dom.c ++++ xen-4.2.2-testing/tools/libxl/libxl_dom.c +@@ -546,17 +546,24 @@ int libxl__build_hvm(libxl__gc *gc, uint libxl__domain_build_state *state) { libxl_ctx *ctx = libxl__gc_owner(gc); diff --git a/26555-hvm-firmware-passthrough.patch b/26555-hvm-firmware-passthrough.patch index f768385..6b10af2 100644 --- a/26555-hvm-firmware-passthrough.patch +++ b/26555-hvm-firmware-passthrough.patch @@ -25,10 +25,10 @@ Signed-off-by: Ross Philipson Acked-by: Ian Campbell Committed-by: Ian Campbell -Index: xen-4.2.1-testing/docs/man/xl.cfg.pod.5 +Index: xen-4.2.2-testing/docs/man/xl.cfg.pod.5 =================================================================== ---- xen-4.2.1-testing.orig/docs/man/xl.cfg.pod.5 -+++ xen-4.2.1-testing/docs/man/xl.cfg.pod.5 +--- xen-4.2.2-testing.orig/docs/man/xl.cfg.pod.5 ++++ xen-4.2.2-testing/docs/man/xl.cfg.pod.5 @@ -637,6 +637,25 @@ of Xen) within a Xen guest or to support which uses hardware virtualisation extensions (e.g. Windows XP compatibility mode on more modern Windows OS). @@ -55,10 +55,10 @@ Index: xen-4.2.1-testing/docs/man/xl.cfg.pod.5 =back =head3 Guest Virtual Time Controls -Index: xen-4.2.1-testing/tools/libxl/libxl.h +Index: xen-4.2.2-testing/tools/libxl/libxl.h =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl.h -+++ xen-4.2.1-testing/tools/libxl/libxl.h +--- xen-4.2.2-testing.orig/tools/libxl/libxl.h ++++ xen-4.2.2-testing/tools/libxl/libxl.h @@ -68,6 +68,13 @@ */ @@ -73,11 +73,11 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.h * libxl ABI compatibility * * The only guarantee which libxl makes regarding ABI compatibility -Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c +Index: xen-4.2.2-testing/tools/libxl/libxl_dom.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_dom.c -+++ xen-4.2.1-testing/tools/libxl/libxl_dom.c -@@ -21,6 +21,7 @@ +--- xen-4.2.2-testing.orig/tools/libxl/libxl_dom.c ++++ xen-4.2.2-testing/tools/libxl/libxl_dom.c +@@ -22,6 +22,7 @@ #include #include @@ -85,7 +85,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c libxl_domain_type libxl__domain_type(libxl__gc *gc, uint32_t domid) { -@@ -510,11 +511,61 @@ static int hvm_build_set_params(xc_inter +@@ -514,11 +515,61 @@ static int hvm_build_set_params(xc_inter return 0; } @@ -149,7 +149,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c if (info->u.hvm.firmware) firmware = info->u.hvm.firmware; -@@ -528,13 +579,52 @@ static const char *libxl__domain_firmwar +@@ -532,13 +583,52 @@ static const char *libxl__domain_firmwar firmware = "hvmloader"; break; default: @@ -206,7 +206,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c } int libxl__build_hvm(libxl__gc *gc, uint32_t domid, -@@ -544,10 +634,6 @@ int libxl__build_hvm(libxl__gc *gc, uint +@@ -548,10 +638,6 @@ int libxl__build_hvm(libxl__gc *gc, uint libxl_ctx *ctx = libxl__gc_owner(gc); struct xc_hvm_build_args args = {}; int ret, rc = ERROR_FAIL; @@ -217,7 +217,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c memset(&args, 0, sizeof(struct xc_hvm_build_args)); /* The params from the configuration file are in Mb, which are then -@@ -557,22 +643,34 @@ int libxl__build_hvm(libxl__gc *gc, uint +@@ -561,22 +647,34 @@ int libxl__build_hvm(libxl__gc *gc, uint */ args.mem_size = (uint64_t)(info->max_memkb - info->video_memkb) << 10; args.mem_target = (uint64_t)(info->target_memkb - info->video_memkb) << 10; @@ -256,7 +256,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c out: return rc; } -@@ -634,7 +732,7 @@ int libxl__toolstack_restore(uint32_t do +@@ -638,7 +736,7 @@ int libxl__toolstack_restore(uint32_t do memcpy(&count, ptr, sizeof(count)); ptr += sizeof(count); @@ -265,7 +265,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c if (size < sizeof(version) + sizeof(count) + count * (sizeof(struct libxl__physmap_info))) { LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "wrong size"); -@@ -809,7 +907,7 @@ static void switch_logdirty_xswatch(libx +@@ -852,7 +950,7 @@ static void switch_logdirty_xswatch(libx rc = libxl__xs_rm_checked(gc, t, lds->ret_path); if (rc) goto out; @@ -274,7 +274,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c if (!rc) break; if (rc<0) goto out; } -@@ -1281,7 +1379,7 @@ void libxl__xc_domain_save_done(libxl__e +@@ -1324,7 +1422,7 @@ void libxl__xc_domain_save_done(libxl__e if (type == LIBXL_DOMAIN_TYPE_HVM) { rc = libxl__domain_suspend_device_model(gc, dss); if (rc) goto out; @@ -283,10 +283,10 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c libxl__domain_save_device_model(egc, dss, domain_suspend_done); return; } -Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl +Index: xen-4.2.2-testing/tools/libxl/libxl_types.idl =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_types.idl -+++ xen-4.2.1-testing/tools/libxl/libxl_types.idl +--- xen-4.2.2-testing.orig/tools/libxl/libxl_types.idl ++++ xen-4.2.2-testing/tools/libxl/libxl_types.idl @@ -301,6 +301,8 @@ libxl_domain_build_info = Struct("domain ("vpt_align", libxl_defbool), ("timer_mode", libxl_timer_mode), @@ -296,10 +296,10 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl ("nographic", libxl_defbool), ("vga", libxl_vga_interface_info), ("vnc", libxl_vnc_info), -Index: xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +Index: xen-4.2.2-testing/tools/libxl/xl_cmdimpl.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/xl_cmdimpl.c -+++ xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +--- xen-4.2.2-testing.orig/tools/libxl/xl_cmdimpl.c ++++ xen-4.2.2-testing/tools/libxl/xl_cmdimpl.c @@ -863,6 +863,11 @@ static void parse_config_data(const char } diff --git a/26556-hvm-firmware-passthrough.patch b/26556-hvm-firmware-passthrough.patch index 606b384..366b731 100644 --- a/26556-hvm-firmware-passthrough.patch +++ b/26556-hvm-firmware-passthrough.patch @@ -9,11 +9,11 @@ Signed-off-by: Ross Philipson Acked-by: Ian Campbell Committed-by: Ian Campbell -Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c +Index: xen-4.2.2-testing/tools/libxl/libxl_dom.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_dom.c -+++ xen-4.2.1-testing/tools/libxl/libxl_dom.c -@@ -31,8 +31,7 @@ libxl_domain_type libxl__domain_type(lib +--- xen-4.2.2-testing.orig/tools/libxl/libxl_dom.c ++++ xen-4.2.2-testing/tools/libxl/libxl_dom.c +@@ -32,8 +32,7 @@ libxl_domain_type libxl__domain_type(lib ret = xc_domain_getinfolist(ctx->xch, domid, 1, &info); if (ret != 1 || info.domain != domid) { @@ -23,7 +23,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return LIBXL_DOMAIN_TYPE_INVALID; } if (info.flags & XEN_DOMINF_hvm_guest) -@@ -313,20 +312,19 @@ int libxl__build_post(libxl__gc *gc, uin +@@ -317,20 +316,19 @@ int libxl__build_post(libxl__gc *gc, uin ents = libxl__calloc(gc, 12 + (info->max_vcpus * 2) + 2, sizeof(char *)); ents[0] = "memory/static-max"; @@ -51,7 +51,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c ents[12+(i*2)+1] = libxl_bitmap_test(&info->avail_vcpus, i) ? "online" : "offline"; } -@@ -335,7 +333,7 @@ int libxl__build_post(libxl__gc *gc, uin +@@ -339,7 +337,7 @@ int libxl__build_post(libxl__gc *gc, uin if (info->type == LIBXL_DOMAIN_TYPE_HVM) { hvm_ents = libxl__calloc(gc, 3, sizeof(char *)); hvm_ents[0] = "hvmloader/generation-id-address"; @@ -60,7 +60,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c } dom_path = libxl__xs_get_dompath(gc, domid); -@@ -343,7 +341,7 @@ int libxl__build_post(libxl__gc *gc, uin +@@ -347,7 +345,7 @@ int libxl__build_post(libxl__gc *gc, uin return ERROR_FAIL; } @@ -69,7 +69,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c retry_transaction: t = xs_transaction_start(ctx->xsh); -@@ -374,7 +372,7 @@ int libxl__build_pv(libxl__gc *gc, uint3 +@@ -378,7 +376,7 @@ int libxl__build_pv(libxl__gc *gc, uint3 dom = xc_dom_allocate(ctx->xch, state->pv_cmdline, info->u.pv.features); if (!dom) { @@ -78,7 +78,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return ERROR_FAIL; } -@@ -384,13 +382,13 @@ int libxl__build_pv(libxl__gc *gc, uint3 +@@ -388,13 +386,13 @@ int libxl__build_pv(libxl__gc *gc, uint3 state->pv_kernel.data, state->pv_kernel.size); if ( ret != 0) { @@ -94,7 +94,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c goto out; } } -@@ -398,12 +396,12 @@ int libxl__build_pv(libxl__gc *gc, uint3 +@@ -402,12 +400,12 @@ int libxl__build_pv(libxl__gc *gc, uint3 if ( state->pv_ramdisk.path && strlen(state->pv_ramdisk.path) ) { if (state->pv_ramdisk.mapped) { if ( (ret = xc_dom_ramdisk_mem(dom, state->pv_ramdisk.data, state->pv_ramdisk.size)) != 0 ) { @@ -109,7 +109,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c goto out; } } -@@ -416,31 +414,31 @@ int libxl__build_pv(libxl__gc *gc, uint3 +@@ -420,31 +418,31 @@ int libxl__build_pv(libxl__gc *gc, uint3 dom->xenstore_domid = state->store_domid; if ( (ret = xc_dom_boot_xen_init(dom, ctx->xch, domid)) != 0 ) { @@ -148,7 +148,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c goto out; } -@@ -679,8 +677,7 @@ int libxl__qemu_traditional_cmd(libxl__g +@@ -683,8 +681,7 @@ int libxl__qemu_traditional_cmd(libxl__g const char *cmd) { char *path = NULL; @@ -158,7 +158,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return libxl__xs_write(gc, XBT_NULL, path, "%s", cmd); } -@@ -697,8 +694,7 @@ struct libxl__physmap_info { +@@ -701,8 +698,7 @@ struct libxl__physmap_info { static inline char *restore_helper(libxl__gc *gc, uint32_t domid, uint64_t phys_offset, char *node) { @@ -168,7 +168,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c domid, phys_offset, node); } -@@ -708,7 +704,6 @@ int libxl__toolstack_restore(uint32_t do +@@ -712,7 +708,6 @@ int libxl__toolstack_restore(uint32_t do libxl__save_helper_state *shs = user; libxl__domain_create_state *dcs = CONTAINER_OF(shs, *dcs, shs); STATE_AO_GC(dcs->ao); @@ -176,7 +176,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c int i, ret; const uint8_t *ptr = buf; uint32_t count = 0, version = 0; -@@ -718,7 +713,7 @@ int libxl__toolstack_restore(uint32_t do +@@ -722,7 +717,7 @@ int libxl__toolstack_restore(uint32_t do LOG(DEBUG,"domain=%"PRIu32" toolstack data size=%"PRIu32, domid, size); if (size < sizeof(version) + sizeof(count)) { @@ -185,7 +185,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return -1; } -@@ -726,7 +721,7 @@ int libxl__toolstack_restore(uint32_t do +@@ -730,7 +725,7 @@ int libxl__toolstack_restore(uint32_t do ptr += sizeof(version); if (version != TOOLSTACK_SAVE_VERSION) { @@ -194,7 +194,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return -1; } -@@ -735,7 +730,7 @@ int libxl__toolstack_restore(uint32_t do +@@ -739,7 +734,7 @@ int libxl__toolstack_restore(uint32_t do if (size < sizeof(version) + sizeof(count) + count * (sizeof(struct libxl__physmap_info))) { @@ -203,7 +203,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return -1; } -@@ -945,15 +940,13 @@ static void switch_logdirty_done(libxl__ +@@ -988,15 +983,13 @@ static void switch_logdirty_done(libxl__ int libxl__domain_suspend_device_model(libxl__gc *gc, libxl__domain_suspend_state *dss) { @@ -220,7 +220,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c libxl__qemu_traditional_cmd(gc, domid, "save"); libxl__wait_for_device_model(gc, domid, "paused", NULL, NULL, NULL); break; -@@ -1129,8 +1122,7 @@ int libxl__domain_suspend_common_callbac +@@ -1172,8 +1165,7 @@ int libxl__domain_suspend_common_callbac static inline char *physmap_path(libxl__gc *gc, uint32_t domid, char *phys_offset, char *node) { @@ -230,7 +230,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c domid, phys_offset, node); } -@@ -1147,7 +1139,7 @@ int libxl__toolstack_save(uint32_t domid +@@ -1190,7 +1182,7 @@ int libxl__toolstack_save(uint32_t domid char **entries = NULL; struct libxl__physmap_info *pi; @@ -239,7 +239,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c "/local/domain/0/device-model/%d/physmap", domid), &num); count = num; -@@ -1288,7 +1280,7 @@ void libxl__domain_suspend(libxl__egc *e +@@ -1331,7 +1323,7 @@ void libxl__domain_suspend(libxl__egc *e char *path; char *addr; @@ -248,7 +248,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c libxl__xs_get_dompath(gc, domid)); addr = libxl__xs_read(gc, XBT_NULL, path); -@@ -1502,10 +1494,7 @@ static void domain_suspend_done(libxl__e +@@ -1545,10 +1537,7 @@ static void domain_suspend_done(libxl__e char *libxl__uuid2string(libxl__gc *gc, const libxl_uuid uuid) { @@ -260,7 +260,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c } static const char *userdata_path(libxl__gc *gc, uint32_t domid, -@@ -1513,34 +1502,27 @@ static const char *userdata_path(libxl__ +@@ -1556,34 +1545,27 @@ static const char *userdata_path(libxl__ const char *wh) { libxl_ctx *ctx = libxl__gc_owner(gc); @@ -301,7 +301,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return errno; } return 0; -@@ -1548,7 +1530,6 @@ static int userdata_delete(libxl__gc *gc +@@ -1591,7 +1573,6 @@ static int userdata_delete(libxl__gc *gc void libxl__userdata_destroyall(libxl__gc *gc, uint32_t domid) { @@ -309,7 +309,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c const char *pattern; glob_t gl; int r, i; -@@ -1564,7 +1545,7 @@ void libxl__userdata_destroyall(libxl__g +@@ -1607,7 +1588,7 @@ void libxl__userdata_destroyall(libxl__g if (r == GLOB_NOMATCH) goto out; if (r) diff --git a/26576-x86-APICV-migration.patch b/26576-x86-APICV-migration.patch index 862ec14..1745189 100644 --- a/26576-x86-APICV-migration.patch +++ b/26576-x86-APICV-migration.patch @@ -18,7 +18,7 @@ Committed-by: Jan Beulich --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c -@@ -1198,6 +1198,9 @@ static int lapic_load_regs(struct domain +@@ -1194,6 +1194,9 @@ static int lapic_load_regs(struct domain if ( hvm_load_entry(LAPIC_REGS, h, s->regs) != 0 ) return -EINVAL; @@ -43,7 +43,7 @@ Committed-by: Jan Beulich if (v->arch.hvm_vmx.eoi_exitmap_changed) { --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1520,6 +1520,29 @@ static int vmx_virtual_intr_delivery_ena +@@ -1523,6 +1523,29 @@ static int vmx_virtual_intr_delivery_ena return cpu_has_vmx_virtual_intr_delivery; } @@ -73,7 +73,7 @@ Committed-by: Jan Beulich static struct hvm_function_table __read_mostly vmx_function_table = { .name = "VMX", .cpu_up_prepare = vmx_cpu_up_prepare, -@@ -1568,7 +1591,8 @@ static struct hvm_function_table __read_ +@@ -1571,7 +1594,8 @@ static struct hvm_function_table __read_ .nhvm_intr_blocked = nvmx_intr_blocked, .nhvm_domain_relinquish_resources = nvmx_domain_relinquish_resources, .update_eoi_exit_bitmap = vmx_update_eoi_exit_bitmap, diff --git a/26577-x86-APICV-x2APIC.patch b/26577-x86-APICV-x2APIC.patch index 188b1fb..0abdb53 100644 --- a/26577-x86-APICV-x2APIC.patch +++ b/26577-x86-APICV-x2APIC.patch @@ -18,8 +18,10 @@ Acked-by: Eddie Dong Acked-by: Jun Nakajima Committed-by: Jan Beulich ---- a/xen/arch/x86/hvm/vmx/vmcs.c -+++ b/xen/arch/x86/hvm/vmx/vmcs.c +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmcs.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmcs.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmcs.c @@ -194,7 +194,8 @@ static int vmx_init_vmcs_config(void) */ if ( _vmx_cpu_based_exec_control & CPU_BASED_TPR_SHADOW ) @@ -128,9 +130,11 @@ Committed-by: Jan Beulich } /* I/O access bitmap. */ ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -2009,18 +2009,63 @@ static void vmx_install_vlapic_mapping(s +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -2012,18 +2012,63 @@ static void vmx_install_vlapic_mapping(s void vmx_vlapic_msr_changed(struct vcpu *v) { @@ -198,8 +202,10 @@ Committed-by: Jan Beulich vmx_update_secondary_exec_control(v); vmx_vmcs_exit(v); } ---- a/xen/include/asm-x86/hvm/vmx/vmcs.h -+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h +Index: xen-4.2.2-testing/xen/include/asm-x86/hvm/vmx/vmcs.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/hvm/vmx/vmcs.h ++++ xen-4.2.2-testing/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -182,6 +182,7 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES 0x00000001 #define SECONDARY_EXEC_ENABLE_EPT 0x00000002 @@ -225,8 +231,10 @@ Committed-by: Jan Beulich int vmx_read_guest_msr(u32 msr, u64 *val); int vmx_write_guest_msr(u32 msr, u64 val); int vmx_add_guest_msr(u32 msr); ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h +Index: xen-4.2.2-testing/xen/include/asm-x86/msr-index.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/msr-index.h ++++ xen-4.2.2-testing/xen/include/asm-x86/msr-index.h @@ -295,7 +295,10 @@ #define MSR_IA32_APICBASE_BASE (0xfffff<<12) #define MSR_IA32_APICBASE_MSR 0x800 diff --git a/26578-AMD-IOMMU-replace-BUG_ON.patch b/26578-AMD-IOMMU-replace-BUG_ON.patch deleted file mode 100644 index 41ab9fc..0000000 --- a/26578-AMD-IOMMU-replace-BUG_ON.patch +++ /dev/null @@ -1,25 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1361176655 -3600 -# Node ID 57e67af5281a6b66cf71dfa812e4335930684fd6 -# Parent 45d59b822ed187c535b127679e32853b148ed411 -AMD IOMMU: don't BUG() when we don't have to - -find_iommu_for_device() can easily return NULL instead, as all of its -callers are prepared for that. - -Signed-off-by: Jan Beulich - ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c -@@ -32,8 +32,8 @@ struct amd_iommu *find_iommu_for_device( - { - struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - -- BUG_ON ( bdf >= ivrs_bdf_entries ); -- return ivrs_mappings ? ivrs_mappings[bdf].iommu : NULL; -+ return ivrs_mappings && bdf < ivrs_bdf_entries ? ivrs_mappings[bdf].iommu -+ : NULL; - } - - /* diff --git a/26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch b/26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch new file mode 100644 index 0000000..667fa84 --- /dev/null +++ b/26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch @@ -0,0 +1,43 @@ +changeset: 26675:3eb62c576a1a +user: Olaf Hering +date: Wed Feb 27 14:16:36 2013 +0000 +files: tools/libxc/xtl_logger_stdio.c +description: +tools/xentoollog: update tty detection in stdiostream_progress + +As suggested by IanJ: +Check isatty only once to preserve the errno of ->progress users, and to +reduce the noice in strace output. + +Signed-off-by: Olaf Hering +Acked-by: Ian Jackson + + +diff -r 4b25c1e6cfbb -r 3eb62c576a1a tools/libxc/xtl_logger_stdio.c +--- a/tools/libxc/xtl_logger_stdio.c Wed Feb 27 11:16:47 2013 +0000 ++++ b/tools/libxc/xtl_logger_stdio.c Wed Feb 27 14:16:36 2013 +0000 +@@ -35,6 +35,7 @@ struct xentoollog_logger_stdiostream { + xentoollog_level min_level; + unsigned flags; + int progress_erase_len, progress_last_percent; ++ int tty; + }; + + static void progress_erase(xentoollog_logger_stdiostream *lg) { +@@ -118,7 +119,7 @@ static void stdiostream_progress(struct + + lg->progress_last_percent = percent; + +- if (isatty(fileno(lg->f)) <= 0) { ++ if (!lg->tty) { + stdiostream_message(logger_in, this_level, context, + "%s: %lu/%lu %3d%%", + doing_what, done, total, percent); +@@ -166,6 +167,7 @@ xentoollog_logger_stdiostream *xtl_creat + newlogger.f = f; + newlogger.min_level = min_level; + newlogger.flags = flags; ++ newlogger.tty = isatty(fileno(newlogger.f)) > 0; + + if (newlogger.flags & XTL_STDIOSTREAM_SHOW_DATE) tzset(); + diff --git a/26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch b/26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch new file mode 100644 index 0000000..b5ff963 --- /dev/null +++ b/26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch @@ -0,0 +1,144 @@ +# Commit 9aa356bc9f7533c3cb7f02c823f532532876d444 +# Date 2013-04-19 12:29:01 +0200 +# Author Ben Guthro +# Committer Jan Beulich +x86/S3: Fix cpu pool scheduling after suspend/resume + +This review is another S3 scheduler problem with the system_state +variable introduced with the following changeset: +http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=269f543ea750ed567d18f2e819e5d5ce58eda5c5 + +Specifically, the cpu_callback function that takes the CPU down during +suspend, and back up during resume. We were seeing situations where, +after S3, only CPU0 was in cpupool0. Guest performance suffered +greatly, since all vcpus were only on a single pcpu. Guests under high +CPU load showed the problem much more quickly than an idle guest. + +Removing this if condition forces the CPUs to go through the expected +online/offline state, and be properly scheduled after S3. + +This also includes a necessary partial change proposed earlier by +Tomasz Wroblewski here: +http://lists.xen.org/archives/html/xen-devel/2013-01/msg02206.html + +It should also resolve the issues discussed in this thread: +http://lists.xen.org/archives/html/xen-devel/2012-11/msg01801.html + +Signed-off-by: Ben Guthro +Acked-by: Juergen Gross + +--- a/xen/common/cpupool.c ++++ b/xen/common/cpupool.c +@@ -41,16 +41,28 @@ static struct cpupool *alloc_cpupool_str + { + struct cpupool *c = xzalloc(struct cpupool); + +- if ( c && zalloc_cpumask_var(&c->cpu_valid) ) +- return c; +- xfree(c); +- return NULL; ++ if ( !c || !zalloc_cpumask_var(&c->cpu_valid) ) ++ { ++ xfree(c); ++ c = NULL; ++ } ++ else if ( !zalloc_cpumask_var(&c->cpu_suspended) ) ++ { ++ free_cpumask_var(c->cpu_valid); ++ xfree(c); ++ c = NULL; ++ } ++ ++ return c; + } + + static void free_cpupool_struct(struct cpupool *c) + { + if ( c ) ++ { ++ free_cpumask_var(c->cpu_suspended); + free_cpumask_var(c->cpu_valid); ++ } + xfree(c); + } + +@@ -417,14 +429,32 @@ void cpupool_rm_domain(struct domain *d) + + /* + * called to add a new cpu to pool admin +- * we add a hotplugged cpu to the cpupool0 to be able to add it to dom0 ++ * we add a hotplugged cpu to the cpupool0 to be able to add it to dom0, ++ * unless we are resuming from S3, in which case we put the cpu back ++ * in the cpupool it was in prior to suspend. + */ + static void cpupool_cpu_add(unsigned int cpu) + { + spin_lock(&cpupool_lock); + cpumask_clear_cpu(cpu, &cpupool_locked_cpus); + cpumask_set_cpu(cpu, &cpupool_free_cpus); +- cpupool_assign_cpu_locked(cpupool0, cpu); ++ ++ if ( system_state == SYS_STATE_resume ) ++ { ++ struct cpupool **c; ++ ++ for_each_cpupool(c) ++ { ++ if ( cpumask_test_cpu(cpu, (*c)->cpu_suspended ) ) ++ { ++ cpupool_assign_cpu_locked(*c, cpu); ++ cpumask_clear_cpu(cpu, (*c)->cpu_suspended); ++ } ++ } ++ } ++ ++ if ( cpumask_test_cpu(cpu, &cpupool_free_cpus) ) ++ cpupool_assign_cpu_locked(cpupool0, cpu); + spin_unlock(&cpupool_lock); + } + +@@ -436,7 +466,7 @@ static void cpupool_cpu_add(unsigned int + static int cpupool_cpu_remove(unsigned int cpu) + { + int ret = 0; +- ++ + spin_lock(&cpupool_lock); + if ( !cpumask_test_cpu(cpu, cpupool0->cpu_valid)) + ret = -EBUSY; +@@ -633,9 +663,14 @@ static int cpu_callback( + unsigned int cpu = (unsigned long)hcpu; + int rc = 0; + +- if ( (system_state == SYS_STATE_suspend) || +- (system_state == SYS_STATE_resume) ) +- goto out; ++ if ( system_state == SYS_STATE_suspend ) ++ { ++ struct cpupool **c; ++ ++ for_each_cpupool(c) ++ if ( cpumask_test_cpu(cpu, (*c)->cpu_valid ) ) ++ cpumask_set_cpu(cpu, (*c)->cpu_suspended); ++ } + + switch ( action ) + { +@@ -650,7 +685,6 @@ static int cpu_callback( + break; + } + +-out: + return !rc ? NOTIFY_DONE : notifier_from_errno(rc); + } + +--- a/xen/include/xen/sched-if.h ++++ b/xen/include/xen/sched-if.h +@@ -199,6 +199,7 @@ struct cpupool + { + int cpupool_id; + cpumask_var_t cpu_valid; /* all cpus assigned to pool */ ++ cpumask_var_t cpu_suspended; /* cpus in S3 that should be in this pool */ + struct cpupool *next; + unsigned int n_dom; + struct scheduler *sched; diff --git a/26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch b/26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch new file mode 100644 index 0000000..cd4d4e6 --- /dev/null +++ b/26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch @@ -0,0 +1,142 @@ +References: FATE#314499, FATE#314509 + +# Commit 9be8a4447103d92843fcfeaad8be42408c90e9a9 +# Date 2013-04-22 13:58:01 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86/EFI: pass boot services variable info to runtime code + +EFI variables can be flagged as being accessible only within boot services. +This makes it awkward for us to figure out how much space they use at +runtime. In theory we could figure this out by simply comparing the results +from QueryVariableInfo() to the space used by all of our variables, but +that fails if the platform doesn't garbage collect on every boot. Thankfully, +calling QueryVariableInfo() while still inside boot services gives a more +reliable answer. This patch passes that information from the EFI boot stub +up to the efi platform code. + +Based on a similarly named Linux patch by Matthew Garrett . + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser +Acked-by: George Dunlap + +--- a/xen/arch/x86/efi/boot.c ++++ b/xen/arch/x86/efi/boot.c +@@ -1128,6 +1128,23 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SY + if (efi.smbios != EFI_INVALID_TABLE_ADDR) + dmi_efi_get_table((void *)(long)efi.smbios); + ++ /* Get snapshot of variable store parameters. */ ++ status = efi_rs->QueryVariableInfo(EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ EFI_VARIABLE_RUNTIME_ACCESS, ++ &efi_boot_max_var_store_size, ++ &efi_boot_remain_var_store_size, ++ &efi_boot_max_var_size); ++ if ( EFI_ERROR(status) ) ++ { ++ efi_boot_max_var_store_size = 0; ++ efi_boot_remain_var_store_size = 0; ++ efi_boot_max_var_size = status; ++ PrintStr(L"Warning: Could not query variable store: "); ++ DisplayUint(status, 0); ++ PrintStr(newline); ++ } ++ + /* Allocate space for trampoline (in first Mb). */ + cfg.addr = 0x100000; + cfg.size = trampoline_end - trampoline_start; +--- a/xen/arch/x86/efi/efi.h ++++ b/xen/arch/x86/efi/efi.h +@@ -22,5 +22,8 @@ extern void *efi_memmap; + + extern l4_pgentry_t *efi_l4_pgtable; + ++extern UINT64 efi_boot_max_var_store_size, efi_boot_remain_var_store_size, ++ efi_boot_max_var_size; ++ + unsigned long efi_rs_enter(void); + void efi_rs_leave(unsigned long); +--- a/xen/arch/x86/efi/runtime.c ++++ b/xen/arch/x86/efi/runtime.c +@@ -28,6 +28,10 @@ UINTN __read_mostly efi_memmap_size; + UINTN __read_mostly efi_mdesc_size; + void *__read_mostly efi_memmap; + ++UINT64 __read_mostly efi_boot_max_var_store_size; ++UINT64 __read_mostly efi_boot_remain_var_store_size; ++UINT64 __read_mostly efi_boot_max_var_size; ++ + struct efi __read_mostly efi = { + .acpi = EFI_INVALID_TABLE_ADDR, + .acpi20 = EFI_INVALID_TABLE_ADDR, +@@ -446,6 +450,35 @@ int efi_runtime_call(struct xenpf_efi_ru + break; + + case XEN_EFI_query_variable_info: ++ if ( op->misc & ~XEN_EFI_VARINFO_BOOT_SNAPSHOT ) ++ return -EINVAL; ++ ++ if ( op->misc & XEN_EFI_VARINFO_BOOT_SNAPSHOT ) ++ { ++ if ( (op->u.query_variable_info.attr ++ & ~EFI_VARIABLE_APPEND_WRITE) != ++ (EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ EFI_VARIABLE_RUNTIME_ACCESS) ) ++ return -EINVAL; ++ ++ op->u.query_variable_info.max_store_size = ++ efi_boot_max_var_store_size; ++ op->u.query_variable_info.remain_store_size = ++ efi_boot_remain_var_store_size; ++ if ( efi_boot_max_var_store_size ) ++ { ++ op->u.query_variable_info.max_size = efi_boot_max_var_size; ++ status = EFI_SUCCESS; ++ } ++ else ++ { ++ op->u.query_variable_info.max_size = 0; ++ status = efi_boot_max_var_size; ++ } ++ break; ++ } ++ + cr3 = efi_rs_enter(); + if ( (efi_rs->Hdr.Revision >> 16) < 2 ) + { +@@ -462,6 +495,9 @@ int efi_runtime_call(struct xenpf_efi_ru + + case XEN_EFI_query_capsule_capabilities: + case XEN_EFI_update_capsule: ++ if ( op->misc ) ++ return -EINVAL; ++ + cr3 = efi_rs_enter(); + if ( (efi_rs->Hdr.Revision >> 16) < 2 ) + { +--- a/xen/include/efi/efiapi.h ++++ b/xen/include/efi/efiapi.h +@@ -213,6 +213,10 @@ VOID + #define EFI_VARIABLE_NON_VOLATILE 0x00000001 + #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 + #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 ++#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 ++#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 ++#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 ++#define EFI_VARIABLE_APPEND_WRITE 0x00000040 + + // Variable size limitation + #define EFI_MAXIMUM_VARIABLE_SIZE 1024 +--- a/xen/include/public/platform.h ++++ b/xen/include/public/platform.h +@@ -184,6 +184,7 @@ struct xenpf_efi_runtime_call { + struct xenpf_efi_guid vendor_guid; + } get_next_variable_name; + ++#define XEN_EFI_VARINFO_BOOT_SNAPSHOT 0x00000001 + struct { + uint32_t attr; + uint64_t max_store_size; diff --git a/26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch b/26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch new file mode 100644 index 0000000..315e098 --- /dev/null +++ b/26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch @@ -0,0 +1,23 @@ +# Commit a7ac9597a7fc6ca934957eb78b41e26638281953 +# Date 2013-04-29 11:27:54 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86/EFI: fix runtime call status for compat mode Dom0 + +The top two bits (indicating error/warning classification) need to +remain the top two bits. + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/arch/x86/efi/runtime.c ++++ b/xen/arch/x86/efi/runtime.c +@@ -513,7 +513,7 @@ int efi_runtime_call(struct xenpf_efi_ru + #ifndef COMPAT + op->status = status; + #else +- op->status = (status & 0x3fffffff) | (status >> 62); ++ op->status = (status & 0x3fffffff) | ((status >> 32) & 0xc0000000); + #endif + + return rc; diff --git a/32on64-extra-mem.patch b/32on64-extra-mem.patch index 9dedc09..8b42aa9 100644 --- a/32on64-extra-mem.patch +++ b/32on64-extra-mem.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2966,7 +2966,7 @@ class XendDomainInfo: +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2985,7 +2985,7 @@ class XendDomainInfo: self.guest_bitsize = self.image.getBitSize() # Make sure there's enough RAM available for the domain diff --git a/CVE-2012-6075-xsa41.patch b/CVE-2012-6075-xsa41.patch deleted file mode 100644 index 389b76b..0000000 --- a/CVE-2012-6075-xsa41.patch +++ /dev/null @@ -1,88 +0,0 @@ -Subject: e1000: Discard packets that are too long if !SBP and !LPE -From: Michael Contreras michael@inetric.com Sun Dec 2 20:11:22 2012 -0800 -Date: Wed Jan 16 14:12:40 2013 +0000: -Git: b4e9b8169dedc0bcf0d3abe07642f761ac70aeea - -The e1000_receive function for the e1000 needs to discard packets longer than -1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes -this behavior and allocates memory based on this assumption. - -Signed-off-by: Michael Contreras -Signed-off-by: Anthony Liguori - -Subject: e1000: Discard oversized packets based on SBP|LPE -From: Michael Contreras -Date: Wed, 5 Dec 2012 18:31:30 +0000 (-0500) - -e1000: Discard oversized packets based on SBP|LPE - -Discard packets longer than 16384 when !SBP to match the hardware behavior. - -Signed-off-by: Michael Contreras -Signed-off-by: Stefan Hajnoczi - -[ This is a security vulnerability, CVE-2012-6075 / XSA-41. ] -(cherry picked from commit 4c2cae2a882db4d2a231b27b3b31a5bbec6dacbf) - -Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/hw/e1000.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/e1000.c -+++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/hw/e1000.c -@@ -55,6 +55,11 @@ static int debugflags = DBGBIT(TXERR) | - #define REG_IOADDR 0x0 - #define REG_IODATA 0x4 - -+/* this is the size past which hardware will drop packets when setting LPE=0 */ -+#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 -+/* this is the size past which hardware will drop packets when setting LPE=1 */ -+#define MAXIMUM_ETHERNET_LPE_SIZE 16384 -+ - /* - * HW models: - * E1000_DEV_ID_82540EM works with Windows and Linux -@@ -628,6 +633,14 @@ e1000_receive(void *opaque, const uint8_ - return; - } - -+ /* Discard oversized packets if !LPE and !SBP. */ -+ if ((size > MAXIMUM_ETHERNET_LPE_SIZE || -+ (size > MAXIMUM_ETHERNET_VLAN_SIZE -+ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE))) -+ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { -+ return; -+ } -+ - if (!receive_filter(s, buf, size)) - return; - -Index: xen-4.2.1-testing/tools/qemu-xen-dir-remote/hw/e1000.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/qemu-xen-dir-remote/hw/e1000.c -+++ xen-4.2.1-testing/tools/qemu-xen-dir-remote/hw/e1000.c -@@ -59,6 +59,11 @@ static int debugflags = DBGBIT(TXERR) | - #define PNPMMIO_SIZE 0x20000 - #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ - -+/* this is the size past which hardware will drop packets when setting LPE=0 */ -+#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 -+/* this is the size past which hardware will drop packets when setting LPE=1 */ -+#define MAXIMUM_ETHERNET_LPE_SIZE 16384 -+ - /* - * HW models: - * E1000_DEV_ID_82540EM works with Windows and Linux -@@ -693,6 +698,14 @@ e1000_receive(VLANClientState *nc, const - size = sizeof(min_buf); - } - -+ /* Discard oversized packets if !LPE and !SBP. */ -+ if ((size > MAXIMUM_ETHERNET_LPE_SIZE || -+ (size > MAXIMUM_ETHERNET_VLAN_SIZE -+ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE))) -+ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { -+ return size; -+ } -+ - if (!receive_filter(s, buf, size)) - return size; - diff --git a/CVE-2013-0151-xsa34.patch b/CVE-2013-0151-xsa34.patch deleted file mode 100644 index e8fc8ff..0000000 --- a/CVE-2013-0151-xsa34.patch +++ /dev/null @@ -1,32 +0,0 @@ -References: CVE-2013-0151 XSA-34 bnc#797285 - -x86_32: don't allow use of nested HVM - -There are (indirect) uses of map_domain_page() in the nested HVM code -that are unsafe when not just using the 1:1 mapping. - -This is XSA-34 / CVE-2013-0151. - -Signed-off-by: Jan Beulich - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -3930,6 +3930,10 @@ long do_hvm_op(unsigned long op, XEN_GUE - rc = -EINVAL; - break; - case HVM_PARAM_NESTEDHVM: -+#ifdef __i386__ -+ if ( a.value ) -+ rc = -EINVAL; -+#else - if ( a.value > 1 ) - rc = -EINVAL; - if ( !is_hvm_domain(d) ) -@@ -3944,6 +3948,7 @@ long do_hvm_op(unsigned long op, XEN_GUE - for_each_vcpu(d, v) - if ( rc == 0 ) - rc = nestedhvm_vcpu_initialise(v); -+#endif - break; - case HVM_PARAM_BUFIOREQ_EVTCHN: - rc = -EINVAL; diff --git a/CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch b/CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch new file mode 100644 index 0000000..8710f96 --- /dev/null +++ b/CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch @@ -0,0 +1,262 @@ +x86: make vcpu_destroy_pagetables() preemptible + +... as it may take significant amounts of time. + +The function, being moved to mm.c as the better home for it anyway, and +to avoid having to make a new helper function there non-static, is +given a "preemptible" parameter temporarily (until, in a subsequent +patch, its other caller is also being made capable of dealing with +preemption). + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/domain.c ++++ xen-4.2.1-testing/xen/arch/x86/domain.c +@@ -73,8 +73,6 @@ void (*dead_idle) (void) __read_mostly = + static void paravirt_ctxt_switch_from(struct vcpu *v); + static void paravirt_ctxt_switch_to(struct vcpu *v); + +-static void vcpu_destroy_pagetables(struct vcpu *v); +- + static void default_idle(void) + { + local_irq_disable(); +@@ -1058,7 +1056,7 @@ void arch_vcpu_reset(struct vcpu *v) + if ( !is_hvm_vcpu(v) ) + { + destroy_gdt(v); +- vcpu_destroy_pagetables(v); ++ vcpu_destroy_pagetables(v, 0); + } + else + { +@@ -2069,63 +2067,6 @@ static int relinquish_memory( + return ret; + } + +-static void vcpu_destroy_pagetables(struct vcpu *v) +-{ +- struct domain *d = v->domain; +- unsigned long pfn; +- +-#ifdef __x86_64__ +- if ( is_pv_32on64_vcpu(v) ) +- { +- pfn = l4e_get_pfn(*(l4_pgentry_t *) +- __va(pagetable_get_paddr(v->arch.guest_table))); +- +- if ( pfn != 0 ) +- { +- if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(pfn)); +- else +- put_page_and_type(mfn_to_page(pfn)); +- } +- +- l4e_write( +- (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)), +- l4e_empty()); +- +- v->arch.cr3 = 0; +- return; +- } +-#endif +- +- pfn = pagetable_get_pfn(v->arch.guest_table); +- if ( pfn != 0 ) +- { +- if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(pfn)); +- else +- put_page_and_type(mfn_to_page(pfn)); +- v->arch.guest_table = pagetable_null(); +- } +- +-#ifdef __x86_64__ +- /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */ +- pfn = pagetable_get_pfn(v->arch.guest_table_user); +- if ( pfn != 0 ) +- { +- if ( !is_pv_32bit_vcpu(v) ) +- { +- if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(pfn)); +- else +- put_page_and_type(mfn_to_page(pfn)); +- } +- v->arch.guest_table_user = pagetable_null(); +- } +-#endif +- +- v->arch.cr3 = 0; +-} +- + int domain_relinquish_resources(struct domain *d) + { + int ret; +@@ -2143,7 +2084,11 @@ int domain_relinquish_resources(struct d + + /* Drop the in-use references to page-table bases. */ + for_each_vcpu ( d, v ) +- vcpu_destroy_pagetables(v); ++ { ++ ret = vcpu_destroy_pagetables(v, 1); ++ if ( ret ) ++ return ret; ++ } + + if ( !is_hvm_domain(d) ) + { +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -2825,6 +2825,82 @@ static void put_superpage(unsigned long + + #endif + ++static int put_old_guest_table(struct vcpu *v) ++{ ++ int rc; ++ ++ if ( !v->arch.old_guest_table ) ++ return 0; ++ ++ switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table, 1) ) ++ { ++ case -EINTR: ++ case -EAGAIN: ++ return -EAGAIN; ++ } ++ ++ v->arch.old_guest_table = NULL; ++ ++ return rc; ++} ++ ++int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible) ++{ ++ unsigned long mfn = pagetable_get_pfn(v->arch.guest_table); ++ struct page_info *page; ++ int rc = put_old_guest_table(v); ++ ++ if ( rc ) ++ return rc; ++ ++#ifdef __x86_64__ ++ if ( is_pv_32on64_vcpu(v) ) ++ mfn = l4e_get_pfn(*(l4_pgentry_t *)mfn_to_virt(mfn)); ++#endif ++ ++ if ( mfn ) ++ { ++ page = mfn_to_page(mfn); ++ if ( paging_mode_refcounts(v->domain) ) ++ put_page(page); ++ else ++ rc = put_page_and_type_preemptible(page, preemptible); ++ } ++ ++#ifdef __x86_64__ ++ if ( is_pv_32on64_vcpu(v) ) ++ { ++ if ( !rc ) ++ l4e_write( ++ (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)), ++ l4e_empty()); ++ } ++ else ++#endif ++ if ( !rc ) ++ { ++ v->arch.guest_table = pagetable_null(); ++ ++#ifdef __x86_64__ ++ /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */ ++ mfn = pagetable_get_pfn(v->arch.guest_table_user); ++ if ( mfn ) ++ { ++ page = mfn_to_page(mfn); ++ if ( paging_mode_refcounts(v->domain) ) ++ put_page(page); ++ else ++ rc = put_page_and_type_preemptible(page, preemptible); ++ } ++ if ( !rc ) ++ v->arch.guest_table_user = pagetable_null(); ++#endif ++ } ++ ++ v->arch.cr3 = 0; ++ ++ return rc; ++} + + int new_guest_cr3(unsigned long mfn) + { +@@ -3011,12 +3087,21 @@ long do_mmuext_op( + unsigned int foreigndom) + { + struct mmuext_op op; +- int rc = 0, i = 0, okay; + unsigned long type; +- unsigned int done = 0; ++ unsigned int i = 0, done = 0; + struct vcpu *curr = current; + struct domain *d = curr->domain; + struct domain *pg_owner; ++ int okay, rc = put_old_guest_table(curr); ++ ++ if ( unlikely(rc) ) ++ { ++ if ( likely(rc == -EAGAIN) ) ++ rc = hypercall_create_continuation( ++ __HYPERVISOR_mmuext_op, "hihi", uops, count, pdone, ++ foreigndom); ++ return rc; ++ } + + if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) + { +Index: xen-4.2.1-testing/xen/arch/x86/x86_64/compat/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/x86_64/compat/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/x86_64/compat/mm.c +@@ -365,7 +365,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm + : mcs->call.args[1]; + unsigned int left = arg1 & ~MMU_UPDATE_PREEMPTED; + +- BUG_ON(left == arg1); ++ BUG_ON(left == arg1 && left != i); + BUG_ON(left > count); + guest_handle_add_offset(nat_ops, i - left); + guest_handle_subtract_offset(cmp_uops, left); +Index: xen-4.2.1-testing/xen/include/asm-x86/domain.h +=================================================================== +--- xen-4.2.1-testing.orig/xen/include/asm-x86/domain.h ++++ xen-4.2.1-testing/xen/include/asm-x86/domain.h +@@ -464,6 +464,7 @@ struct arch_vcpu + pagetable_t guest_table_user; /* (MFN) x86/64 user-space pagetable */ + #endif + pagetable_t guest_table; /* (MFN) guest notion of cr3 */ ++ struct page_info *old_guest_table; /* partially destructed pagetable */ + /* guest_table holds a ref to the page, and also a type-count unless + * shadow refcounts are in use */ + pagetable_t shadow_table[4]; /* (MFN) shadow(s) of guest */ +Index: xen-4.2.1-testing/xen/include/asm-x86/mm.h +=================================================================== +--- xen-4.2.1-testing.orig/xen/include/asm-x86/mm.h ++++ xen-4.2.1-testing/xen/include/asm-x86/mm.h +@@ -605,6 +605,7 @@ void audit_domains(void); + int new_guest_cr3(unsigned long pfn); + void make_cr3(struct vcpu *v, unsigned long mfn); + void update_cr3(struct vcpu *v); ++int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible); + void propagate_page_fault(unsigned long addr, u16 error_code); + void *do_page_walk(struct vcpu *v, unsigned long addr); + diff --git a/CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch b/CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch new file mode 100644 index 0000000..6174daa --- /dev/null +++ b/CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch @@ -0,0 +1,173 @@ +x86: make new_guest_cr3() preemptible + +... as it may take significant amounts of time. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -2906,44 +2906,69 @@ int new_guest_cr3(unsigned long mfn) + { + struct vcpu *curr = current; + struct domain *d = curr->domain; +- int okay; ++ int rc; + unsigned long old_base_mfn; + + #ifdef __x86_64__ + if ( is_pv_32on64_domain(d) ) + { +- okay = paging_mode_refcounts(d) +- ? 0 /* Old code was broken, but what should it be? */ +- : mod_l4_entry( ++ rc = paging_mode_refcounts(d) ++ ? -EINVAL /* Old code was broken, but what should it be? */ ++ : mod_l4_entry( + __va(pagetable_get_paddr(curr->arch.guest_table)), + l4e_from_pfn( + mfn, + (_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED)), +- pagetable_get_pfn(curr->arch.guest_table), 0, 0, curr) == 0; +- if ( unlikely(!okay) ) ++ pagetable_get_pfn(curr->arch.guest_table), 0, 1, curr); ++ switch ( rc ) + { ++ case 0: ++ break; ++ case -EINTR: ++ case -EAGAIN: ++ return -EAGAIN; ++ default: + MEM_LOG("Error while installing new compat baseptr %lx", mfn); +- return 0; ++ return rc; + } + + invalidate_shadow_ldt(curr, 0); + write_ptbase(curr); + +- return 1; ++ return 0; + } + #endif +- okay = paging_mode_refcounts(d) +- ? get_page_from_pagenr(mfn, d) +- : !get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 0); +- if ( unlikely(!okay) ) ++ rc = put_old_guest_table(curr); ++ if ( unlikely(rc) ) ++ return rc; ++ ++ old_base_mfn = pagetable_get_pfn(curr->arch.guest_table); ++ /* ++ * This is particularly important when getting restarted after the ++ * previous attempt got preempted in the put-old-MFN phase. ++ */ ++ if ( old_base_mfn == mfn ) + { +- MEM_LOG("Error while installing new baseptr %lx", mfn); ++ write_ptbase(curr); + return 0; + } + +- invalidate_shadow_ldt(curr, 0); ++ rc = paging_mode_refcounts(d) ++ ? (get_page_from_pagenr(mfn, d) ? 0 : -EINVAL) ++ : get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 1); ++ switch ( rc ) ++ { ++ case 0: ++ break; ++ case -EINTR: ++ case -EAGAIN: ++ return -EAGAIN; ++ default: ++ MEM_LOG("Error while installing new baseptr %lx", mfn); ++ return rc; ++ } + +- old_base_mfn = pagetable_get_pfn(curr->arch.guest_table); ++ invalidate_shadow_ldt(curr, 0); + + curr->arch.guest_table = pagetable_from_pfn(mfn); + update_cr3(curr); +@@ -2952,13 +2977,25 @@ int new_guest_cr3(unsigned long mfn) + + if ( likely(old_base_mfn != 0) ) + { ++ struct page_info *page = mfn_to_page(old_base_mfn); ++ + if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(old_base_mfn)); ++ put_page(page); + else +- put_page_and_type(mfn_to_page(old_base_mfn)); ++ switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ { ++ case -EINTR: ++ rc = -EAGAIN; ++ case -EAGAIN: ++ curr->arch.old_guest_table = page; ++ break; ++ default: ++ BUG_ON(rc); ++ break; ++ } + } + +- return 1; ++ return rc; + } + + static struct domain *get_pg_owner(domid_t domid) +@@ -3256,8 +3293,13 @@ long do_mmuext_op( + } + + case MMUEXT_NEW_BASEPTR: +- okay = (!paging_mode_translate(d) +- && new_guest_cr3(op.arg1.mfn)); ++ if ( paging_mode_translate(d) ) ++ okay = 0; ++ else ++ { ++ rc = new_guest_cr3(op.arg1.mfn); ++ okay = !rc; ++ } + break; + + +Index: xen-4.2.1-testing/xen/arch/x86/traps.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/traps.c ++++ xen-4.2.1-testing/xen/arch/x86/traps.c +@@ -2407,12 +2407,23 @@ static int emulate_privileged_op(struct + #endif + } + page = get_page_from_gfn(v->domain, gfn, NULL, P2M_ALLOC); +- rc = page ? new_guest_cr3(page_to_mfn(page)) : 0; + if ( page ) ++ { ++ rc = new_guest_cr3(page_to_mfn(page)); + put_page(page); ++ } ++ else ++ rc = -EINVAL; + domain_unlock(v->domain); +- if ( rc == 0 ) /* not okay */ ++ switch ( rc ) ++ { ++ case 0: ++ break; ++ case -EAGAIN: /* retry after preemption */ ++ goto skip; ++ default: /* not okay */ + goto fail; ++ } + break; + } + diff --git a/CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch b/CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch new file mode 100644 index 0000000..86aac80 --- /dev/null +++ b/CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch @@ -0,0 +1,76 @@ +x86: make MMUEXT_NEW_USER_BASEPTR preemptible + +... as it may take significant amounts of time. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -3313,29 +3313,56 @@ long do_mmuext_op( + break; + } + ++ old_mfn = pagetable_get_pfn(curr->arch.guest_table_user); ++ /* ++ * This is particularly important when getting restarted after the ++ * previous attempt got preempted in the put-old-MFN phase. ++ */ ++ if ( old_mfn == op.arg1.mfn ) ++ break; ++ + if ( op.arg1.mfn != 0 ) + { + if ( paging_mode_refcounts(d) ) + okay = get_page_from_pagenr(op.arg1.mfn, d); + else +- okay = !get_page_and_type_from_pagenr( +- op.arg1.mfn, PGT_root_page_table, d, 0, 0); ++ { ++ rc = get_page_and_type_from_pagenr( ++ op.arg1.mfn, PGT_root_page_table, d, 0, 1); ++ okay = !rc; ++ } + if ( unlikely(!okay) ) + { +- MEM_LOG("Error while installing new mfn %lx", op.arg1.mfn); ++ if ( rc == -EINTR ) ++ rc = -EAGAIN; ++ else if ( rc != -EAGAIN ) ++ MEM_LOG("Error while installing new mfn %lx", ++ op.arg1.mfn); + break; + } + } + +- old_mfn = pagetable_get_pfn(curr->arch.guest_table_user); + curr->arch.guest_table_user = pagetable_from_pfn(op.arg1.mfn); + + if ( old_mfn != 0 ) + { ++ struct page_info *page = mfn_to_page(old_mfn); ++ + if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(old_mfn)); ++ put_page(page); + else +- put_page_and_type(mfn_to_page(old_mfn)); ++ switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ { ++ case -EINTR: ++ rc = -EAGAIN; ++ case -EAGAIN: ++ curr->arch.old_guest_table = page; ++ okay = 0; ++ break; ++ default: ++ BUG_ON(rc); ++ break; ++ } + } + + break; diff --git a/CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch b/CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch new file mode 100644 index 0000000..592a382 --- /dev/null +++ b/CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch @@ -0,0 +1,218 @@ +x86: make vcpu_reset() preemptible + +... as dropping the old page tables may take significant amounts of +time. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.2-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/domain.c ++++ xen-4.2.2-testing/xen/arch/x86/domain.c +@@ -1051,17 +1051,16 @@ int arch_set_info_guest( + #undef c + } + +-void arch_vcpu_reset(struct vcpu *v) ++int arch_vcpu_reset(struct vcpu *v) + { + if ( !is_hvm_vcpu(v) ) + { + destroy_gdt(v); +- vcpu_destroy_pagetables(v, 0); +- } +- else +- { +- vcpu_end_shutdown_deferral(v); ++ return vcpu_destroy_pagetables(v); + } ++ ++ vcpu_end_shutdown_deferral(v); ++ return 0; + } + + /* +@@ -2085,7 +2084,7 @@ int domain_relinquish_resources(struct d + /* Drop the in-use references to page-table bases. */ + for_each_vcpu ( d, v ) + { +- ret = vcpu_destroy_pagetables(v, 1); ++ ret = vcpu_destroy_pagetables(v); + if ( ret ) + return ret; + } +Index: xen-4.2.2-testing/xen/arch/x86/hvm/hvm.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/hvm.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/hvm.c +@@ -3577,8 +3577,11 @@ static void hvm_s3_suspend(struct domain + + for_each_vcpu ( d, v ) + { ++ int rc; ++ + vlapic_reset(vcpu_vlapic(v)); +- vcpu_reset(v); ++ rc = vcpu_reset(v); ++ ASSERT(!rc); + } + + vpic_reset(d); +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vlapic.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vlapic.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vlapic.c +@@ -255,10 +255,13 @@ static void vlapic_init_sipi_action(unsi + { + case APIC_DM_INIT: { + bool_t fpu_initialised; ++ int rc; ++ + domain_lock(target->domain); + /* Reset necessary VCPU state. This does not include FPU state. */ + fpu_initialised = target->fpu_initialised; +- vcpu_reset(target); ++ rc = vcpu_reset(target); ++ ASSERT(!rc); + target->fpu_initialised = fpu_initialised; + vlapic_reset(vcpu_vlapic(target)); + domain_unlock(target->domain); +Index: xen-4.2.2-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.2-testing/xen/arch/x86/mm.c +@@ -2844,7 +2844,7 @@ static int put_old_guest_table(struct vc + return rc; + } + +-int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible) ++int vcpu_destroy_pagetables(struct vcpu *v) + { + unsigned long mfn = pagetable_get_pfn(v->arch.guest_table); + struct page_info *page; +@@ -2864,7 +2864,7 @@ int vcpu_destroy_pagetables(struct vcpu + if ( paging_mode_refcounts(v->domain) ) + put_page(page); + else +- rc = put_page_and_type_preemptible(page, preemptible); ++ rc = put_page_and_type_preemptible(page, 1); + } + + #ifdef __x86_64__ +@@ -2890,7 +2890,7 @@ int vcpu_destroy_pagetables(struct vcpu + if ( paging_mode_refcounts(v->domain) ) + put_page(page); + else +- rc = put_page_and_type_preemptible(page, preemptible); ++ rc = put_page_and_type_preemptible(page, 1); + } + if ( !rc ) + v->arch.guest_table_user = pagetable_null(); +Index: xen-4.2.2-testing/xen/common/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/domain.c ++++ xen-4.2.2-testing/xen/common/domain.c +@@ -779,14 +779,18 @@ void domain_unpause_by_systemcontroller( + domain_unpause(d); + } + +-void vcpu_reset(struct vcpu *v) ++int vcpu_reset(struct vcpu *v) + { + struct domain *d = v->domain; ++ int rc; + + vcpu_pause(v); + domain_lock(d); + +- arch_vcpu_reset(v); ++ set_bit(_VPF_in_reset, &v->pause_flags); ++ rc = arch_vcpu_reset(v); ++ if ( rc ) ++ goto out_unlock; + + set_bit(_VPF_down, &v->pause_flags); + +@@ -802,9 +806,13 @@ void vcpu_reset(struct vcpu *v) + #endif + cpumask_clear(v->cpu_affinity_tmp); + clear_bit(_VPF_blocked, &v->pause_flags); ++ clear_bit(_VPF_in_reset, &v->pause_flags); + ++ out_unlock: + domain_unlock(v->domain); + vcpu_unpause(v); ++ ++ return rc; + } + + +Index: xen-4.2.2-testing/xen/common/domctl.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/domctl.c ++++ xen-4.2.2-testing/xen/common/domctl.c +@@ -307,8 +307,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc + + if ( guest_handle_is_null(op->u.vcpucontext.ctxt) ) + { +- vcpu_reset(v); +- ret = 0; ++ ret = vcpu_reset(v); ++ if ( ret == -EAGAIN ) ++ ret = hypercall_create_continuation( ++ __HYPERVISOR_domctl, "h", u_domctl); + goto svc_out; + } + +Index: xen-4.2.2-testing/xen/include/asm-x86/mm.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/mm.h ++++ xen-4.2.2-testing/xen/include/asm-x86/mm.h +@@ -605,7 +605,7 @@ void audit_domains(void); + int new_guest_cr3(unsigned long pfn); + void make_cr3(struct vcpu *v, unsigned long mfn); + void update_cr3(struct vcpu *v); +-int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible); ++int vcpu_destroy_pagetables(struct vcpu *); + void propagate_page_fault(unsigned long addr, u16 error_code); + void *do_page_walk(struct vcpu *v, unsigned long addr); + +Index: xen-4.2.2-testing/xen/include/xen/domain.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/domain.h ++++ xen-4.2.2-testing/xen/include/xen/domain.h +@@ -13,7 +13,7 @@ typedef union { + struct vcpu *alloc_vcpu( + struct domain *d, unsigned int vcpu_id, unsigned int cpu_id); + struct vcpu *alloc_dom0_vcpu0(void); +-void vcpu_reset(struct vcpu *v); ++int vcpu_reset(struct vcpu *); + + struct xen_domctl_getdomaininfo; + void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info); +@@ -67,7 +67,7 @@ void arch_dump_vcpu_info(struct vcpu *v) + + void arch_dump_domain_info(struct domain *d); + +-void arch_vcpu_reset(struct vcpu *v); ++int arch_vcpu_reset(struct vcpu *); + + extern spinlock_t vcpu_alloc_lock; + bool_t domctl_lock_acquire(void); +Index: xen-4.2.2-testing/xen/include/xen/sched.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/sched.h ++++ xen-4.2.2-testing/xen/include/xen/sched.h +@@ -644,6 +644,9 @@ static inline struct domain *next_domain + /* VCPU is blocked due to missing mem_sharing ring. */ + #define _VPF_mem_sharing 6 + #define VPF_mem_sharing (1UL<<_VPF_mem_sharing) ++ /* VCPU is being reset. */ ++#define _VPF_in_reset 7 ++#define VPF_in_reset (1UL<<_VPF_in_reset) + + static inline int vcpu_runnable(struct vcpu *v) + { diff --git a/CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch b/CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch new file mode 100644 index 0000000..776c1a6 --- /dev/null +++ b/CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch @@ -0,0 +1,212 @@ +x86: make arch_set_info_guest() preemptible + +.. as the root page table validation (and the dropping of an eventual +old one) can require meaningful amounts of time. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.2-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/domain.c ++++ xen-4.2.2-testing/xen/arch/x86/domain.c +@@ -858,6 +858,9 @@ int arch_set_info_guest( + + if ( !v->is_initialised ) + { ++ if ( !compat && !(flags & VGCF_in_kernel) && !c.nat->ctrlreg[1] ) ++ return -EINVAL; ++ + v->arch.pv_vcpu.ldt_base = c(ldt_base); + v->arch.pv_vcpu.ldt_ents = c(ldt_ents); + } +@@ -955,24 +958,44 @@ int arch_set_info_guest( + if ( rc != 0 ) + return rc; + ++ set_bit(_VPF_in_reset, &v->pause_flags); ++ + if ( !compat ) +- { + cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[3]); +- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); +- +- if ( !cr3_page ) +- { +- destroy_gdt(v); +- return -EINVAL; +- } +- if ( !paging_mode_refcounts(d) +- && !get_page_type(cr3_page, PGT_base_page_table) ) +- { +- put_page(cr3_page); +- destroy_gdt(v); +- return -EINVAL; +- } ++#ifdef CONFIG_COMPAT ++ else ++ cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]); ++#endif ++ cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); + ++ if ( !cr3_page ) ++ rc = -EINVAL; ++ else if ( paging_mode_refcounts(d) ) ++ /* nothing */; ++ else if ( cr3_page == v->arch.old_guest_table ) ++ { ++ v->arch.old_guest_table = NULL; ++ put_page(cr3_page); ++ } ++ else ++ { ++ /* ++ * Since v->arch.guest_table{,_user} are both NULL, this effectively ++ * is just a call to put_old_guest_table(). ++ */ ++ if ( !compat ) ++ rc = vcpu_destroy_pagetables(v); ++ if ( !rc ) ++ rc = get_page_type_preemptible(cr3_page, ++ !compat ? PGT_root_page_table ++ : PGT_l3_page_table); ++ if ( rc == -EINTR ) ++ rc = -EAGAIN; ++ } ++ if ( rc ) ++ /* handled below */; ++ else if ( !compat ) ++ { + v->arch.guest_table = pagetable_from_page(cr3_page); + #ifdef __x86_64__ + if ( c.nat->ctrlreg[1] ) +@@ -980,56 +1003,44 @@ int arch_set_info_guest( + cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[1]); + cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); + +- if ( !cr3_page || +- (!paging_mode_refcounts(d) +- && !get_page_type(cr3_page, PGT_base_page_table)) ) ++ if ( !cr3_page ) ++ rc = -EINVAL; ++ else if ( !paging_mode_refcounts(d) ) + { +- if (cr3_page) +- put_page(cr3_page); +- cr3_page = pagetable_get_page(v->arch.guest_table); +- v->arch.guest_table = pagetable_null(); +- if ( paging_mode_refcounts(d) ) +- put_page(cr3_page); +- else +- put_page_and_type(cr3_page); +- destroy_gdt(v); +- return -EINVAL; ++ rc = get_page_type_preemptible(cr3_page, PGT_root_page_table); ++ switch ( rc ) ++ { ++ case -EINTR: ++ rc = -EAGAIN; ++ case -EAGAIN: ++ v->arch.old_guest_table = ++ pagetable_get_page(v->arch.guest_table); ++ v->arch.guest_table = pagetable_null(); ++ break; ++ } + } +- +- v->arch.guest_table_user = pagetable_from_page(cr3_page); +- } +- else if ( !(flags & VGCF_in_kernel) ) +- { +- destroy_gdt(v); +- return -EINVAL; ++ if ( !rc ) ++ v->arch.guest_table_user = pagetable_from_page(cr3_page); + } + } + else + { + l4_pgentry_t *l4tab; + +- cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]); +- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); +- +- if ( !cr3_page) +- { +- destroy_gdt(v); +- return -EINVAL; +- } +- +- if (!paging_mode_refcounts(d) +- && !get_page_type(cr3_page, PGT_l3_page_table) ) +- { +- put_page(cr3_page); +- destroy_gdt(v); +- return -EINVAL; +- } +- + l4tab = __va(pagetable_get_paddr(v->arch.guest_table)); + *l4tab = l4e_from_pfn(page_to_mfn(cr3_page), + _PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED); + #endif + } ++ if ( rc ) ++ { ++ if ( cr3_page ) ++ put_page(cr3_page); ++ destroy_gdt(v); ++ return rc; ++ } ++ ++ clear_bit(_VPF_in_reset, &v->pause_flags); + + if ( v->vcpu_id == 0 ) + update_domain_wallclock_time(d); +Index: xen-4.2.2-testing/xen/common/compat/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/compat/domain.c ++++ xen-4.2.2-testing/xen/common/compat/domain.c +@@ -50,6 +50,10 @@ int compat_vcpu_op(int cmd, int vcpuid, + rc = v->is_initialised ? -EEXIST : arch_set_info_guest(v, cmp_ctxt); + domain_unlock(d); + ++ if ( rc == -EAGAIN ) ++ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih", ++ cmd, vcpuid, arg); ++ + xfree(cmp_ctxt); + break; + } +Index: xen-4.2.2-testing/xen/common/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/domain.c ++++ xen-4.2.2-testing/xen/common/domain.c +@@ -849,6 +849,11 @@ long do_vcpu_op(int cmd, int vcpuid, XEN + domain_unlock(d); + + free_vcpu_guest_context(ctxt); ++ ++ if ( rc == -EAGAIN ) ++ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih", ++ cmd, vcpuid, arg); ++ + break; + + case VCPUOP_up: { +Index: xen-4.2.2-testing/xen/common/domctl.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/domctl.c ++++ xen-4.2.2-testing/xen/common/domctl.c +@@ -339,6 +339,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc + domain_pause(d); + ret = arch_set_info_guest(v, c); + domain_unpause(d); ++ ++ if ( ret == -EAGAIN ) ++ ret = hypercall_create_continuation( ++ __HYPERVISOR_domctl, "h", u_domctl); + } + + svc_out: diff --git a/CVE-2013-1918-xsa45-6-unpin-preemptible.patch b/CVE-2013-1918-xsa45-6-unpin-preemptible.patch new file mode 100644 index 0000000..d7f7253 --- /dev/null +++ b/CVE-2013-1918-xsa45-6-unpin-preemptible.patch @@ -0,0 +1,131 @@ +x86: make page table unpinning preemptible + +... as it may take significant amounts of time. + +Since we can't re-invoke the operation in a second attempt, the +continuation logic must be slightly tweaked so that we make sure +do_mmuext_op() gets run one more time even when the preempted unpin +operation was the last one in a batch. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -3140,6 +3140,14 @@ long do_mmuext_op( + return rc; + } + ++ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && ++ likely(guest_handle_is_null(uops)) ) ++ { ++ /* See the curr->arch.old_guest_table related ++ * hypercall_create_continuation() below. */ ++ return (int)foreigndom; ++ } ++ + if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) + { + count &= ~MMU_UPDATE_PREEMPTED; +@@ -3163,7 +3171,7 @@ long do_mmuext_op( + + for ( i = 0; i < count; i++ ) + { +- if ( hypercall_preempt_check() ) ++ if ( curr->arch.old_guest_table || hypercall_preempt_check() ) + { + rc = -EAGAIN; + break; +@@ -3283,7 +3291,17 @@ long do_mmuext_op( + break; + } + +- put_page_and_type(page); ++ switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ { ++ case -EINTR: ++ case -EAGAIN: ++ curr->arch.old_guest_table = page; ++ rc = 0; ++ break; ++ default: ++ BUG_ON(rc); ++ break; ++ } + put_page(page); + + /* A page is dirtied when its pin status is cleared. */ +@@ -3604,9 +3622,27 @@ long do_mmuext_op( + } + + if ( rc == -EAGAIN ) ++ { ++ ASSERT(i < count); + rc = hypercall_create_continuation( + __HYPERVISOR_mmuext_op, "hihi", + uops, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom); ++ } ++ else if ( curr->arch.old_guest_table ) ++ { ++ XEN_GUEST_HANDLE(void) null; ++ ++ ASSERT(rc || i == count); ++ set_xen_guest_handle(null, NULL); ++ /* ++ * In order to have a way to communicate the final return value to ++ * our continuation, we pass this in place of "foreigndom", building ++ * on the fact that this argument isn't needed anymore. ++ */ ++ rc = hypercall_create_continuation( ++ __HYPERVISOR_mmuext_op, "hihi", null, ++ MMU_UPDATE_PREEMPTED, null, rc); ++ } + + put_pg_owner(pg_owner); + +Index: xen-4.2.1-testing/xen/arch/x86/x86_64/compat/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/x86_64/compat/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/x86_64/compat/mm.c +@@ -268,6 +268,13 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm + int rc = 0; + XEN_GUEST_HANDLE(mmuext_op_t) nat_ops; + ++ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && ++ likely(guest_handle_is_null(cmp_uops)) ) ++ { ++ set_xen_guest_handle(nat_ops, NULL); ++ return do_mmuext_op(nat_ops, count, pdone, foreigndom); ++ } ++ + preempt_mask = count & MMU_UPDATE_PREEMPTED; + count ^= preempt_mask; + +@@ -370,12 +377,18 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm + guest_handle_add_offset(nat_ops, i - left); + guest_handle_subtract_offset(cmp_uops, left); + left = 1; +- BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, cmp_uops)); +- BUG_ON(left != arg1); +- if (!test_bit(_MCSF_in_multicall, &mcs->flags)) +- regs->_ecx += count - i; ++ if ( arg1 != MMU_UPDATE_PREEMPTED ) ++ { ++ BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, ++ cmp_uops)); ++ if ( !test_bit(_MCSF_in_multicall, &mcs->flags) ) ++ regs->_ecx += count - i; ++ else ++ mcs->compat_call.args[1] += count - i; ++ } + else +- mcs->compat_call.args[1] += count - i; ++ BUG_ON(hypercall_xlat_continuation(&left, 0)); ++ BUG_ON(left != arg1); + } + else + BUG_ON(err > 0); diff --git a/CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch b/CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch new file mode 100644 index 0000000..3ec971c --- /dev/null +++ b/CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch @@ -0,0 +1,257 @@ +x86: make page table handling error paths preemptible + +... as they may take significant amounts of time. + +This requires cloning the tweaked continuation logic from +do_mmuext_op() to do_mmu_update(). + +Note that in mod_l[34]_entry() a negative "preemptible" value gets +passed to put_page_from_l[34]e() now, telling the callee to store the +respective page in current->arch.old_guest_table (for a hypercall +continuation to pick up), rather than carrying out the put right away. +This is going to be made a little more explicit by a subsequent cleanup +patch. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -1258,7 +1258,16 @@ static int put_page_from_l3e(l3_pgentry_ + #endif + + if ( unlikely(partial > 0) ) ++ { ++ ASSERT(preemptible >= 0); + return __put_page_type(l3e_get_page(l3e), preemptible); ++ } ++ ++ if ( preemptible < 0 ) ++ { ++ current->arch.old_guest_table = l3e_get_page(l3e); ++ return 0; ++ } + + return put_page_and_type_preemptible(l3e_get_page(l3e), preemptible); + } +@@ -1271,7 +1280,17 @@ static int put_page_from_l4e(l4_pgentry_ + (l4e_get_pfn(l4e) != pfn) ) + { + if ( unlikely(partial > 0) ) ++ { ++ ASSERT(preemptible >= 0); + return __put_page_type(l4e_get_page(l4e), preemptible); ++ } ++ ++ if ( preemptible < 0 ) ++ { ++ current->arch.old_guest_table = l4e_get_page(l4e); ++ return 0; ++ } ++ + return put_page_and_type_preemptible(l4e_get_page(l4e), preemptible); + } + return 1; +@@ -1566,12 +1585,17 @@ static int alloc_l3_table(struct page_in + if ( rc < 0 && rc != -EAGAIN && rc != -EINTR ) + { + MEM_LOG("Failure in alloc_l3_table: entry %d", i); ++ if ( i ) ++ { ++ page->nr_validated_ptes = i; ++ page->partial_pte = 0; ++ current->arch.old_guest_table = page; ++ } + while ( i-- > 0 ) + { + if ( !is_guest_l3_slot(i) ) + continue; + unadjust_guest_l3e(pl3e[i], d); +- put_page_from_l3e(pl3e[i], pfn, 0, 0); + } + } + +@@ -1601,22 +1625,24 @@ static int alloc_l4_table(struct page_in + page->nr_validated_ptes = i; + page->partial_pte = partial ?: 1; + } +- else if ( rc == -EINTR ) ++ else if ( rc < 0 ) + { ++ if ( rc != -EINTR ) ++ MEM_LOG("Failure in alloc_l4_table: entry %d", i); + if ( i ) + { + page->nr_validated_ptes = i; + page->partial_pte = 0; +- rc = -EAGAIN; ++ if ( rc == -EINTR ) ++ rc = -EAGAIN; ++ else ++ { ++ if ( current->arch.old_guest_table ) ++ page->nr_validated_ptes++; ++ current->arch.old_guest_table = page; ++ } + } + } +- else if ( rc < 0 ) +- { +- MEM_LOG("Failure in alloc_l4_table: entry %d", i); +- while ( i-- > 0 ) +- if ( is_guest_l4_slot(d, i) ) +- put_page_from_l4e(pl4e[i], pfn, 0, 0); +- } + if ( rc < 0 ) + return rc; + +@@ -2064,7 +2090,7 @@ static int mod_l3_entry(l3_pgentry_t *pl + pae_flush_pgd(pfn, pgentry_ptr_to_slot(pl3e), nl3e); + } + +- put_page_from_l3e(ol3e, pfn, 0, 0); ++ put_page_from_l3e(ol3e, pfn, 0, -preemptible); + return rc; + } + +@@ -2127,7 +2153,7 @@ static int mod_l4_entry(l4_pgentry_t *pl + return -EFAULT; + } + +- put_page_from_l4e(ol4e, pfn, 0, 0); ++ put_page_from_l4e(ol4e, pfn, 0, -preemptible); + return rc; + } + +@@ -2285,7 +2311,15 @@ static int alloc_page_type(struct page_i + PRtype_info ": caf=%08lx taf=%" PRtype_info, + page_to_mfn(page), get_gpfn_from_mfn(page_to_mfn(page)), + type, page->count_info, page->u.inuse.type_info); +- page->u.inuse.type_info = 0; ++ if ( page != current->arch.old_guest_table ) ++ page->u.inuse.type_info = 0; ++ else ++ { ++ ASSERT((page->u.inuse.type_info & ++ (PGT_count_mask | PGT_validated)) == 1); ++ get_page_light(page); ++ page->u.inuse.type_info |= PGT_partial; ++ } + } + else + { +@@ -3235,21 +3269,17 @@ long do_mmuext_op( + } + + if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 ) +- { +- put_page_and_type(page); + okay = 0; +- break; +- } +- +- if ( unlikely(test_and_set_bit(_PGT_pinned, +- &page->u.inuse.type_info)) ) ++ else if ( unlikely(test_and_set_bit(_PGT_pinned, ++ &page->u.inuse.type_info)) ) + { + MEM_LOG("Mfn %lx already pinned", page_to_mfn(page)); +- put_page_and_type(page); + okay = 0; +- break; + } + ++ if ( unlikely(!okay) ) ++ goto pin_drop; ++ + /* A page is dirtied when its pin status is set. */ + paging_mark_dirty(pg_owner, page_to_mfn(page)); + +@@ -3263,7 +3293,13 @@ long do_mmuext_op( + &page->u.inuse.type_info)); + spin_unlock(&pg_owner->page_alloc_lock); + if ( drop_ref ) +- put_page_and_type(page); ++ { ++ pin_drop: ++ if ( type == PGT_l1_page_table ) ++ put_page_and_type(page); ++ else ++ curr->arch.old_guest_table = page; ++ } + } + + break; +@@ -3669,11 +3705,28 @@ long do_mmu_update( + void *va; + unsigned long gpfn, gmfn, mfn; + struct page_info *page; +- int rc = 0, i = 0; +- unsigned int cmd, done = 0, pt_dom; +- struct vcpu *v = current; ++ unsigned int cmd, i = 0, done = 0, pt_dom; ++ struct vcpu *curr = current, *v = curr; + struct domain *d = v->domain, *pt_owner = d, *pg_owner; + struct domain_mmap_cache mapcache; ++ int rc = put_old_guest_table(curr); ++ ++ if ( unlikely(rc) ) ++ { ++ if ( likely(rc == -EAGAIN) ) ++ rc = hypercall_create_continuation( ++ __HYPERVISOR_mmu_update, "hihi", ureqs, count, pdone, ++ foreigndom); ++ return rc; ++ } ++ ++ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && ++ likely(guest_handle_is_null(ureqs)) ) ++ { ++ /* See the curr->arch.old_guest_table related ++ * hypercall_create_continuation() below. */ ++ return (int)foreigndom; ++ } + + if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) + { +@@ -3722,7 +3775,7 @@ long do_mmu_update( + + for ( i = 0; i < count; i++ ) + { +- if ( hypercall_preempt_check() ) ++ if ( curr->arch.old_guest_table || hypercall_preempt_check() ) + { + rc = -EAGAIN; + break; +@@ -3903,9 +3956,27 @@ long do_mmu_update( + } + + if ( rc == -EAGAIN ) ++ { ++ ASSERT(i < count); + rc = hypercall_create_continuation( + __HYPERVISOR_mmu_update, "hihi", + ureqs, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom); ++ } ++ else if ( curr->arch.old_guest_table ) ++ { ++ XEN_GUEST_HANDLE(void) null; ++ ++ ASSERT(rc || i == count); ++ set_xen_guest_handle(null, NULL); ++ /* ++ * In order to have a way to communicate the final return value to ++ * our continuation, we pass this in place of "foreigndom", building ++ * on the fact that this argument isn't needed anymore. ++ */ ++ rc = hypercall_create_continuation( ++ __HYPERVISOR_mmu_update, "hihi", null, ++ MMU_UPDATE_PREEMPTED, null, rc); ++ } + + put_pg_owner(pg_owner); + diff --git a/CVE-2013-1918-xsa45-followup.patch b/CVE-2013-1918-xsa45-followup.patch new file mode 100644 index 0000000..2e13e7b --- /dev/null +++ b/CVE-2013-1918-xsa45-followup.patch @@ -0,0 +1,406 @@ +x86: cleanup after making various page table manipulation operations preemptible + +This drops the "preemptible" parameters from various functions where +now they can't (or shouldn't, validated by assertions) be run in non- +preemptible mode anymore, to prove that manipulations of at least L3 +and L4 page tables and page table entries are now always preemptible, +i.e. the earlier patches actually fulfill their purpose of fixing the +resulting security issue. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -1986,7 +1986,7 @@ static int relinquish_memory( + } + + if ( test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) ) +- ret = put_page_and_type_preemptible(page, 1); ++ ret = put_page_and_type_preemptible(page); + switch ( ret ) + { + case 0: +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -1044,7 +1044,7 @@ get_page_from_l2e( + define_get_linear_pagetable(l3); + static int + get_page_from_l3e( +- l3_pgentry_t l3e, unsigned long pfn, struct domain *d, int partial, int preemptible) ++ l3_pgentry_t l3e, unsigned long pfn, struct domain *d, int partial) + { + int rc; + +@@ -1058,7 +1058,7 @@ get_page_from_l3e( + } + + rc = get_page_and_type_from_pagenr( +- l3e_get_pfn(l3e), PGT_l2_page_table, d, partial, preemptible); ++ l3e_get_pfn(l3e), PGT_l2_page_table, d, partial, 1); + if ( unlikely(rc == -EINVAL) && get_l3_linear_pagetable(l3e, pfn, d) ) + rc = 0; + +@@ -1069,7 +1069,7 @@ get_page_from_l3e( + define_get_linear_pagetable(l4); + static int + get_page_from_l4e( +- l4_pgentry_t l4e, unsigned long pfn, struct domain *d, int partial, int preemptible) ++ l4_pgentry_t l4e, unsigned long pfn, struct domain *d, int partial) + { + int rc; + +@@ -1083,7 +1083,7 @@ get_page_from_l4e( + } + + rc = get_page_and_type_from_pagenr( +- l4e_get_pfn(l4e), PGT_l3_page_table, d, partial, preemptible); ++ l4e_get_pfn(l4e), PGT_l3_page_table, d, partial, 1); + if ( unlikely(rc == -EINVAL) && get_l4_linear_pagetable(l4e, pfn, d) ) + rc = 0; + +@@ -1237,8 +1237,10 @@ static int put_page_from_l2e(l2_pgentry_ + static int __put_page_type(struct page_info *, int preemptible); + + static int put_page_from_l3e(l3_pgentry_t l3e, unsigned long pfn, +- int partial, int preemptible) ++ int partial, bool_t defer) + { ++ struct page_info *pg; ++ + if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || (l3e_get_pfn(l3e) == pfn) ) + return 1; + +@@ -1257,41 +1259,45 @@ static int put_page_from_l3e(l3_pgentry_ + } + #endif + ++ pg = l3e_get_page(l3e); ++ + if ( unlikely(partial > 0) ) + { +- ASSERT(preemptible >= 0); +- return __put_page_type(l3e_get_page(l3e), preemptible); ++ ASSERT(!defer); ++ return __put_page_type(pg, 1); + } + +- if ( preemptible < 0 ) ++ if ( defer ) + { +- current->arch.old_guest_table = l3e_get_page(l3e); ++ current->arch.old_guest_table = pg; + return 0; + } + +- return put_page_and_type_preemptible(l3e_get_page(l3e), preemptible); ++ return put_page_and_type_preemptible(pg); + } + + #if CONFIG_PAGING_LEVELS >= 4 + static int put_page_from_l4e(l4_pgentry_t l4e, unsigned long pfn, +- int partial, int preemptible) ++ int partial, bool_t defer) + { + if ( (l4e_get_flags(l4e) & _PAGE_PRESENT) && + (l4e_get_pfn(l4e) != pfn) ) + { ++ struct page_info *pg = l4e_get_page(l4e); ++ + if ( unlikely(partial > 0) ) + { +- ASSERT(preemptible >= 0); +- return __put_page_type(l4e_get_page(l4e), preemptible); ++ ASSERT(!defer); ++ return __put_page_type(pg, 1); + } + +- if ( preemptible < 0 ) ++ if ( defer ) + { +- current->arch.old_guest_table = l4e_get_page(l4e); ++ current->arch.old_guest_table = pg; + return 0; + } + +- return put_page_and_type_preemptible(l4e_get_page(l4e), preemptible); ++ return put_page_and_type_preemptible(pg); + } + return 1; + } +@@ -1509,7 +1515,7 @@ static int alloc_l2_table(struct page_in + return rc > 0 ? 0 : rc; + } + +-static int alloc_l3_table(struct page_info *page, int preemptible) ++static int alloc_l3_table(struct page_info *page) + { + struct domain *d = page_get_owner(page); + unsigned long pfn = page_to_mfn(page); +@@ -1556,11 +1562,10 @@ static int alloc_l3_table(struct page_in + rc = get_page_and_type_from_pagenr(l3e_get_pfn(pl3e[i]), + PGT_l2_page_table | + PGT_pae_xen_l2, +- d, partial, preemptible); ++ d, partial, 1); + } + else if ( !is_guest_l3_slot(i) || +- (rc = get_page_from_l3e(pl3e[i], pfn, d, +- partial, preemptible)) > 0 ) ++ (rc = get_page_from_l3e(pl3e[i], pfn, d, partial)) > 0 ) + continue; + + if ( rc == -EAGAIN ) +@@ -1604,7 +1609,7 @@ static int alloc_l3_table(struct page_in + } + + #if CONFIG_PAGING_LEVELS >= 4 +-static int alloc_l4_table(struct page_info *page, int preemptible) ++static int alloc_l4_table(struct page_info *page) + { + struct domain *d = page_get_owner(page); + unsigned long pfn = page_to_mfn(page); +@@ -1616,8 +1621,7 @@ static int alloc_l4_table(struct page_in + i++, partial = 0 ) + { + if ( !is_guest_l4_slot(d, i) || +- (rc = get_page_from_l4e(pl4e[i], pfn, d, +- partial, preemptible)) > 0 ) ++ (rc = get_page_from_l4e(pl4e[i], pfn, d, partial)) > 0 ) + continue; + + if ( rc == -EAGAIN ) +@@ -1662,7 +1666,7 @@ static int alloc_l4_table(struct page_in + return rc > 0 ? 0 : rc; + } + #else +-#define alloc_l4_table(page, preemptible) (-EINVAL) ++#define alloc_l4_table(page) (-EINVAL) + #endif + + +@@ -1714,7 +1718,7 @@ static int free_l2_table(struct page_inf + return err; + } + +-static int free_l3_table(struct page_info *page, int preemptible) ++static int free_l3_table(struct page_info *page) + { + struct domain *d = page_get_owner(page); + unsigned long pfn = page_to_mfn(page); +@@ -1727,7 +1731,7 @@ static int free_l3_table(struct page_inf + do { + if ( is_guest_l3_slot(i) ) + { +- rc = put_page_from_l3e(pl3e[i], pfn, partial, preemptible); ++ rc = put_page_from_l3e(pl3e[i], pfn, partial, 0); + if ( rc < 0 ) + break; + partial = 0; +@@ -1754,7 +1758,7 @@ static int free_l3_table(struct page_inf + } + + #if CONFIG_PAGING_LEVELS >= 4 +-static int free_l4_table(struct page_info *page, int preemptible) ++static int free_l4_table(struct page_info *page) + { + struct domain *d = page_get_owner(page); + unsigned long pfn = page_to_mfn(page); +@@ -1764,7 +1768,7 @@ static int free_l4_table(struct page_inf + + do { + if ( is_guest_l4_slot(d, i) ) +- rc = put_page_from_l4e(pl4e[i], pfn, partial, preemptible); ++ rc = put_page_from_l4e(pl4e[i], pfn, partial, 0); + if ( rc < 0 ) + break; + partial = 0; +@@ -1784,7 +1788,7 @@ static int free_l4_table(struct page_inf + return rc > 0 ? 0 : rc; + } + #else +-#define free_l4_table(page, preemptible) (-EINVAL) ++#define free_l4_table(page) (-EINVAL) + #endif + + int page_lock(struct page_info *page) +@@ -2023,7 +2027,6 @@ static int mod_l3_entry(l3_pgentry_t *pl + l3_pgentry_t nl3e, + unsigned long pfn, + int preserve_ad, +- int preemptible, + struct vcpu *vcpu) + { + l3_pgentry_t ol3e; +@@ -2063,7 +2066,7 @@ static int mod_l3_entry(l3_pgentry_t *pl + return rc ? 0 : -EFAULT; + } + +- rc = get_page_from_l3e(nl3e, pfn, d, 0, preemptible); ++ rc = get_page_from_l3e(nl3e, pfn, d, 0); + if ( unlikely(rc < 0) ) + return rc; + rc = 0; +@@ -2090,7 +2093,7 @@ static int mod_l3_entry(l3_pgentry_t *pl + pae_flush_pgd(pfn, pgentry_ptr_to_slot(pl3e), nl3e); + } + +- put_page_from_l3e(ol3e, pfn, 0, -preemptible); ++ put_page_from_l3e(ol3e, pfn, 0, 1); + return rc; + } + +@@ -2101,7 +2104,6 @@ static int mod_l4_entry(l4_pgentry_t *pl + l4_pgentry_t nl4e, + unsigned long pfn, + int preserve_ad, +- int preemptible, + struct vcpu *vcpu) + { + struct domain *d = vcpu->domain; +@@ -2134,7 +2136,7 @@ static int mod_l4_entry(l4_pgentry_t *pl + return rc ? 0 : -EFAULT; + } + +- rc = get_page_from_l4e(nl4e, pfn, d, 0, preemptible); ++ rc = get_page_from_l4e(nl4e, pfn, d, 0); + if ( unlikely(rc < 0) ) + return rc; + rc = 0; +@@ -2153,7 +2155,7 @@ static int mod_l4_entry(l4_pgentry_t *pl + return -EFAULT; + } + +- put_page_from_l4e(ol4e, pfn, 0, -preemptible); ++ put_page_from_l4e(ol4e, pfn, 0, 1); + return rc; + } + +@@ -2275,10 +2277,12 @@ static int alloc_page_type(struct page_i + rc = alloc_l2_table(page, type, preemptible); + break; + case PGT_l3_page_table: +- rc = alloc_l3_table(page, preemptible); ++ ASSERT(preemptible); ++ rc = alloc_l3_table(page); + break; + case PGT_l4_page_table: +- rc = alloc_l4_table(page, preemptible); ++ ASSERT(preemptible); ++ rc = alloc_l4_table(page); + break; + case PGT_seg_desc_page: + rc = alloc_segdesc_page(page); +@@ -2372,10 +2376,12 @@ int free_page_type(struct page_info *pag + if ( !(type & PGT_partial) ) + page->nr_validated_ptes = L3_PAGETABLE_ENTRIES; + #endif +- rc = free_l3_table(page, preemptible); ++ ASSERT(preemptible); ++ rc = free_l3_table(page); + break; + case PGT_l4_page_table: +- rc = free_l4_table(page, preemptible); ++ ASSERT(preemptible); ++ rc = free_l4_table(page); + break; + default: + MEM_LOG("type %lx pfn %lx\n", type, page_to_mfn(page)); +@@ -2866,7 +2872,7 @@ static int put_old_guest_table(struct vc + if ( !v->arch.old_guest_table ) + return 0; + +- switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table, 1) ) ++ switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table) ) + { + case -EINTR: + case -EAGAIN: +@@ -2898,7 +2904,7 @@ int vcpu_destroy_pagetables(struct vcpu + if ( paging_mode_refcounts(v->domain) ) + put_page(page); + else +- rc = put_page_and_type_preemptible(page, 1); ++ rc = put_page_and_type_preemptible(page); + } + + #ifdef __x86_64__ +@@ -2924,7 +2930,7 @@ int vcpu_destroy_pagetables(struct vcpu + if ( paging_mode_refcounts(v->domain) ) + put_page(page); + else +- rc = put_page_and_type_preemptible(page, 1); ++ rc = put_page_and_type_preemptible(page); + } + if ( !rc ) + v->arch.guest_table_user = pagetable_null(); +@@ -2953,7 +2959,7 @@ int new_guest_cr3(unsigned long mfn) + l4e_from_pfn( + mfn, + (_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED)), +- pagetable_get_pfn(curr->arch.guest_table), 0, 1, curr); ++ pagetable_get_pfn(curr->arch.guest_table), 0, curr); + switch ( rc ) + { + case 0: +@@ -3016,7 +3022,7 @@ int new_guest_cr3(unsigned long mfn) + if ( paging_mode_refcounts(d) ) + put_page(page); + else +- switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ switch ( rc = put_page_and_type_preemptible(page) ) + { + case -EINTR: + rc = -EAGAIN; +@@ -3327,7 +3333,7 @@ long do_mmuext_op( + break; + } + +- switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ switch ( rc = put_page_and_type_preemptible(page) ) + { + case -EINTR: + case -EAGAIN: +@@ -3405,7 +3411,7 @@ long do_mmuext_op( + if ( paging_mode_refcounts(d) ) + put_page(page); + else +- switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ switch ( rc = put_page_and_type_preemptible(page) ) + { + case -EINTR: + rc = -EAGAIN; +@@ -3882,12 +3888,12 @@ long do_mmu_update( + break; + case PGT_l3_page_table: + rc = mod_l3_entry(va, l3e_from_intpte(req.val), mfn, +- cmd == MMU_PT_UPDATE_PRESERVE_AD, 1, v); ++ cmd == MMU_PT_UPDATE_PRESERVE_AD, v); + break; + #if CONFIG_PAGING_LEVELS >= 4 + case PGT_l4_page_table: + rc = mod_l4_entry(va, l4e_from_intpte(req.val), mfn, +- cmd == MMU_PT_UPDATE_PRESERVE_AD, 1, v); ++ cmd == MMU_PT_UPDATE_PRESERVE_AD, v); + break; + #endif + case PGT_writable_page: +--- a/xen/include/asm-x86/mm.h ++++ b/xen/include/asm-x86/mm.h +@@ -384,15 +384,10 @@ static inline void put_page_and_type(str + put_page(page); + } + +-static inline int put_page_and_type_preemptible(struct page_info *page, +- int preemptible) ++static inline int put_page_and_type_preemptible(struct page_info *page) + { +- int rc = 0; ++ int rc = put_page_type_preemptible(page); + +- if ( preemptible ) +- rc = put_page_type_preemptible(page); +- else +- put_page_type(page); + if ( likely(rc == 0) ) + put_page(page); + return rc; diff --git a/CVE-2013-1922-xsa48.patch b/CVE-2013-1922-xsa48.patch new file mode 100644 index 0000000..9a6b923 --- /dev/null +++ b/CVE-2013-1922-xsa48.patch @@ -0,0 +1,112 @@ +References: bnc#81???? CVE-2013-1922 XSA-48 + +Add -f FMT / --format FMT arg to qemu-nbd + +From: "Daniel P. Berrange" + +Currently the qemu-nbd program will auto-detect the format of +any disk it is given. This behaviour is known to be insecure. +For example, if qemu-nbd initially exposes a 'raw' file to an +unprivileged app, and that app runs + + 'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0' + +then the next time the app is started, the qemu-nbd will now +detect it as a 'qcow2' file and expose /etc/shadow to the +unprivileged app. + +The only way to avoid this is to explicitly tell qemu-nbd what +disk format to use on the command line, completely disabling +auto-detection. This patch adds a '-f' / '--format' arg for +this purpose, mirroring what is already available via qemu-img +and qemu commands. + + qemu-nbd --format raw -p 9000 evil.img + +will now always use raw, regardless of what format 'evil.img' +looks like it contains + +Signed-off-by: Daniel P. Berrange +[Use errx, not err. - Paolo] +Signed-off-by: Paolo Bonzini +Signed-off-by: Stefano Stabellini + +[ This is a security issue, CVE-2013-1922 / XSA-48. ] + +--- a/tools/qemu-xen-dir-remote/qemu-nbd.c ++++ b/tools/qemu-xen-dir-remote/qemu-nbd.c +@@ -247,6 +247,7 @@ out: + int main(int argc, char **argv) + { + BlockDriverState *bs; ++ BlockDriver *drv; + off_t dev_offset = 0; + off_t offset = 0; + uint32_t nbdflags = 0; +@@ -256,7 +257,7 @@ int main(int argc, char **argv) + struct sockaddr_in addr; + socklen_t addr_len = sizeof(addr); + off_t fd_size; +- const char *sopt = "hVb:o:p:rsnP:c:dvk:e:t"; ++ const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:t"; + struct option lopt[] = { + { "help", 0, NULL, 'h' }, + { "version", 0, NULL, 'V' }, +@@ -271,6 +272,7 @@ int main(int argc, char **argv) + { "snapshot", 0, NULL, 's' }, + { "nocache", 0, NULL, 'n' }, + { "shared", 1, NULL, 'e' }, ++ { "format", 1, NULL, 'f' }, + { "persistent", 0, NULL, 't' }, + { "verbose", 0, NULL, 'v' }, + { NULL, 0, NULL, 0 } +@@ -292,6 +294,7 @@ int main(int argc, char **argv) + int max_fd; + int persistent = 0; + pthread_t client_thread; ++ const char *fmt = NULL; + + /* The client thread uses SIGTERM to interrupt the server. A signal + * handler ensures that "qemu-nbd -v -c" exits with a nice status code. +@@ -368,6 +371,9 @@ int main(int argc, char **argv) + errx(EXIT_FAILURE, "Shared device number must be greater than 0\n"); + } + break; ++ case 'f': ++ fmt = optarg; ++ break; + case 't': + persistent = 1; + break; +@@ -478,9 +484,19 @@ int main(int argc, char **argv) + bdrv_init(); + atexit(bdrv_close_all); + ++ if (fmt) { ++ drv = bdrv_find_format(fmt); ++ if (!drv) { ++ errx(EXIT_FAILURE, "Unknown file format '%s'", fmt); ++ } ++ } else { ++ drv = NULL; ++ } ++ + bs = bdrv_new("hda"); + srcpath = argv[optind]; +- if ((ret = bdrv_open(bs, srcpath, flags, NULL)) < 0) { ++ ret = bdrv_open(bs, srcpath, flags, drv); ++ if (ret < 0) { + errno = -ret; + err(EXIT_FAILURE, "Failed to bdrv_open '%s'", argv[optind]); + } +--- a/tools/qemu-xen-dir-remote/qemu-nbd.texi ++++ b/tools/qemu-xen-dir-remote/qemu-nbd.texi +@@ -36,6 +36,8 @@ Export Qemu disk image using NBD protoco + disconnect the specified device + @item -e, --shared=@var{num} + device can be shared by @var{num} clients (default @samp{1}) ++@item -f, --format=@var{fmt} ++ force block driver for format @var{fmt} instead of auto-detecting + @item -t, --persistent + don't exit on the last connection + @item -v, --verbose diff --git a/CVE-2013-1952-xsa49.patch b/CVE-2013-1952-xsa49.patch new file mode 100644 index 0000000..5a0ef69 --- /dev/null +++ b/CVE-2013-1952-xsa49.patch @@ -0,0 +1,57 @@ +References: bnc#8161663 CVE-2013-1952 XSA-49 + +VT-d: don't permit SVT_NO_VERIFY entries for known device types + +Only in cases where we don't know what to do we should leave the IRTE +blank (suppressing all validation), but we should always log a warning +in those cases (as being insecure). + +This is CVE-2013-1952 / XSA-49. + +Signed-off-by: Jan Beulich +Acked-by: "Zhang, Xiantao" + +Index: xen-4.2.1-testing/xen/drivers/passthrough/vtd/intremap.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/drivers/passthrough/vtd/intremap.c ++++ xen-4.2.1-testing/xen/drivers/passthrough/vtd/intremap.c +@@ -440,12 +440,9 @@ static void set_msi_source_id(struct pci + { + unsigned int sq; + ++ case DEV_TYPE_PCIe_ENDPOINT: + case DEV_TYPE_PCIe_BRIDGE: + case DEV_TYPE_PCIe2PCI_BRIDGE: +- case DEV_TYPE_LEGACY_PCI_BRIDGE: +- break; +- +- case DEV_TYPE_PCIe_ENDPOINT: + switch ( pdev->phantom_stride ) + { + case 1: sq = SQ_13_IGNORE_3; break; +@@ -457,6 +454,8 @@ static void set_msi_source_id(struct pci + break; + + case DEV_TYPE_PCI: ++ case DEV_TYPE_LEGACY_PCI_BRIDGE: ++ case DEV_TYPE_PCI2PCIe_BRIDGE: + ret = find_upstream_bridge(seg, &bus, &devfn, &secbus); + if ( ret == 0 ) /* integrated PCI device */ + { +@@ -468,10 +467,15 @@ static void set_msi_source_id(struct pci + if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, + (bus << 8) | pdev->bus); +- else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE ) ++ else + set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, + PCI_BDF2(bus, devfn)); + } ++ else ++ dprintk(XENLOG_WARNING VTDPREFIX, ++ "d%d: no upstream bridge for %04x:%02x:%02x.%u\n", ++ pdev->domain->domain_id, ++ seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); + break; + + default: diff --git a/blktap-pv-cdrom.patch b/blktap-pv-cdrom.patch index 0d5f410..f4345af 100644 --- a/blktap-pv-cdrom.patch +++ b/blktap-pv-cdrom.patch @@ -9,10 +9,10 @@ xen/include/public/io/cdromif.h | 122 ++++ 8 files changed, 726 insertions(+), 3 deletions(-) -Index: xen-4.2.0-testing/tools/blktap/drivers/Makefile +Index: xen-4.2.1-testing/tools/blktap/drivers/Makefile =================================================================== ---- xen-4.2.0-testing.orig/tools/blktap/drivers/Makefile -+++ xen-4.2.0-testing/tools/blktap/drivers/Makefile +--- xen-4.2.1-testing.orig/tools/blktap/drivers/Makefile ++++ xen-4.2.1-testing/tools/blktap/drivers/Makefile @@ -38,8 +38,9 @@ endif CFLAGS += $(PTHREAD_CFLAGS) LDFLAGS += $(PTHREAD_LDFLAGS) @@ -33,11 +33,11 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/Makefile BLK-OBJS-y += aes.o BLK-OBJS-y += tapaio.o BLK-OBJS-$(CONFIG_Linux) += blk_linux.o -Index: xen-4.2.0-testing/tools/blktap/drivers/block-cdrom.c +Index: xen-4.2.1-testing/tools/blktap/drivers/block-cdrom.c =================================================================== --- /dev/null -+++ xen-4.2.0-testing/tools/blktap/drivers/block-cdrom.c -@@ -0,0 +1,565 @@ ++++ xen-4.2.1-testing/tools/blktap/drivers/block-cdrom.c +@@ -0,0 +1,568 @@ +/* block-cdrom.c + * + * simple slow synchronous cdrom disk implementation. Based off @@ -514,6 +514,9 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/block-cdrom.c + unsigned int len; + + media_present = xs_read(prv->xs_handle, XBT_NULL, vec[XS_WATCH_PATH], &len); ++ if (media_present == NULL) ++ return; ++ + if (strcmp(media_present, "0") == 0) { + close(prv->fd); + prv->fd = -1; @@ -603,10 +606,10 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/block-cdrom.c + .td_get_parent_id = tdcdrom_get_parent_id, + .td_validate_parent = tdcdrom_validate_parent +}; -Index: xen-4.2.0-testing/tools/blktap/drivers/tapdisk.c +Index: xen-4.2.1-testing/tools/blktap/drivers/tapdisk.c =================================================================== ---- xen-4.2.0-testing.orig/tools/blktap/drivers/tapdisk.c -+++ xen-4.2.0-testing/tools/blktap/drivers/tapdisk.c +--- xen-4.2.1-testing.orig/tools/blktap/drivers/tapdisk.c ++++ xen-4.2.1-testing/tools/blktap/drivers/tapdisk.c @@ -735,6 +735,22 @@ static void get_io_request(struct td_sta goto out; } @@ -630,10 +633,10 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/tapdisk.c default: DPRINTF("Unknown block operation\n"); break; -Index: xen-4.2.0-testing/tools/blktap/drivers/tapdisk.h +Index: xen-4.2.1-testing/tools/blktap/drivers/tapdisk.h =================================================================== ---- xen-4.2.0-testing.orig/tools/blktap/drivers/tapdisk.h -+++ xen-4.2.0-testing/tools/blktap/drivers/tapdisk.h +--- xen-4.2.1-testing.orig/tools/blktap/drivers/tapdisk.h ++++ xen-4.2.1-testing/tools/blktap/drivers/tapdisk.h @@ -137,6 +137,9 @@ struct tap_disk { int (*td_get_parent_id) (struct disk_driver *dd, struct disk_id *id); int (*td_validate_parent)(struct disk_driver *dd, @@ -678,10 +681,10 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/tapdisk.h }; typedef struct driver_list_entry { -Index: xen-4.2.0-testing/tools/blktap/lib/blktaplib.h +Index: xen-4.2.1-testing/tools/blktap/lib/blktaplib.h =================================================================== ---- xen-4.2.0-testing.orig/tools/blktap/lib/blktaplib.h -+++ xen-4.2.0-testing/tools/blktap/lib/blktaplib.h +--- xen-4.2.1-testing.orig/tools/blktap/lib/blktaplib.h ++++ xen-4.2.1-testing/tools/blktap/lib/blktaplib.h @@ -219,6 +219,7 @@ typedef struct msg_pid { #define DISK_TYPE_RAM 3 #define DISK_TYPE_QCOW 4 @@ -690,10 +693,10 @@ Index: xen-4.2.0-testing/tools/blktap/lib/blktaplib.h /* xenstore/xenbus: */ #define DOMNAME "Domain-0" -Index: xen-4.2.0-testing/tools/python/xen/xend/server/BlktapController.py +Index: xen-4.2.1-testing/tools/python/xen/xend/server/BlktapController.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/server/BlktapController.py -+++ xen-4.2.0-testing/tools/python/xen/xend/server/BlktapController.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/BlktapController.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/BlktapController.py @@ -15,6 +15,7 @@ blktap1_disk_types = [ 'ram', 'qcow', @@ -702,10 +705,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/server/BlktapController.py 'ioemu', ] -Index: xen-4.2.0-testing/xen/include/public/io/blkif.h +Index: xen-4.2.1-testing/xen/include/public/io/blkif.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/public/io/blkif.h -+++ xen-4.2.0-testing/xen/include/public/io/blkif.h +--- xen-4.2.1-testing.orig/xen/include/public/io/blkif.h ++++ xen-4.2.1-testing/xen/include/public/io/blkif.h @@ -379,7 +379,7 @@ * Used in SLES sources for device specific command packet * contained within the request. Reserved for that purpose. @@ -715,10 +718,10 @@ Index: xen-4.2.0-testing/xen/include/public/io/blkif.h /* * Indicate to the backend device that a region of storage is no longer in * use, and may be discarded at any time without impact to the client. If -Index: xen-4.2.0-testing/xen/include/public/io/cdromif.h +Index: xen-4.2.1-testing/xen/include/public/io/cdromif.h =================================================================== --- /dev/null -+++ xen-4.2.0-testing/xen/include/public/io/cdromif.h ++++ xen-4.2.1-testing/xen/include/public/io/cdromif.h @@ -0,0 +1,122 @@ +/****************************************************************************** + * cdromif.h diff --git a/blktap.patch b/blktap.patch index 6ab25d4..a9603c2 100644 --- a/blktap.patch +++ b/blktap.patch @@ -1,11 +1,11 @@ bug #239173 bug #242953 -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3301,7 +3301,7 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3317,7 +3317,7 @@ class XendDomainInfo: (fn, BOOTLOADER_LOOPBACK_DEVICE)) vbd = { @@ -14,10 +14,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py 'device': BOOTLOADER_LOOPBACK_DEVICE, } -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c =================================================================== ---- xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +--- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c ++++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c @@ -447,9 +447,9 @@ void xenstore_parse_domain_config(int hv { char **e_danger = NULL; diff --git a/change-vnc-passwd.patch b/change-vnc-passwd.patch index 97d1f15..65bab24 100644 --- a/change-vnc-passwd.patch +++ b/change-vnc-passwd.patch @@ -2,10 +2,10 @@ Add support of change-vnc-password while vm is running. Signed-off-by: Chunyan Liu -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c +Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/vl.c =================================================================== ---- xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/vl.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c +--- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/vl.c ++++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/vl.c @@ -200,7 +200,7 @@ DriveInfo drives_table[MAX_DRIVES+1]; int nb_drives; enum vga_retrace_method vga_retrace_method = VGA_RETRACE_DUMB; @@ -15,10 +15,10 @@ Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c int nographic; static int curses; static int sdl; -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vnc.c +Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/vnc.c =================================================================== ---- xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/vnc.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vnc.c +--- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/vnc.c ++++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/vnc.c @@ -2627,6 +2627,7 @@ int vnc_display_password(DisplayState *d if (password && password[0]) { if (!(vs->password = qemu_strdup(password))) @@ -27,10 +27,10 @@ Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vnc.c } return 0; -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c =================================================================== ---- xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +--- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c ++++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c @@ -24,6 +24,7 @@ #include "qemu-timer.h" #include "qemu-xen.h" @@ -59,11 +59,11 @@ Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c } else if (!strncmp(command, "usb-add", len)) { fprintf(logfile, "dm-command: usb-add a usb device\n"); if (pasprintf(&path, -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1490,6 +1490,20 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1506,6 +1506,20 @@ class XendDomainInfo: target = max_target self.setMemoryTarget(target) @@ -84,10 +84,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -Index: xen-4.2.0-testing/tools/python/xen/xend/server/XMLRPCServer.py +Index: xen-4.2.1-testing/tools/python/xen/xend/server/XMLRPCServer.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/server/XMLRPCServer.py -+++ xen-4.2.0-testing/tools/python/xen/xend/server/XMLRPCServer.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/XMLRPCServer.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/XMLRPCServer.py @@ -95,7 +95,7 @@ methods = ['device_create', 'device_conf 'destroyDevice','getDeviceSxprs', 'setMemoryTarget', 'setName', 'setVCpuCount', 'shutdown', @@ -97,10 +97,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/server/XMLRPCServer.py exclude = ['domain_create', 'domain_restore'] -Index: xen-4.2.0-testing/tools/python/xen/xm/main.py +Index: xen-4.2.1-testing/tools/python/xen/xm/main.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/main.py -+++ xen-4.2.0-testing/tools/python/xen/xm/main.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/main.py ++++ xen-4.2.1-testing/tools/python/xen/xm/main.py @@ -21,6 +21,7 @@ """Grand unified management application for Xen. diff --git a/change_home_server.patch b/change_home_server.patch index ff4aa57..185007c 100644 --- a/change_home_server.patch +++ b/change_home_server.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3139,6 +3139,11 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3155,6 +3155,11 @@ class XendDomainInfo: self._cleanup_phantom_devs(paths) self._cleanupVm() diff --git a/checkpoint-rename.patch b/checkpoint-rename.patch index a29d56a..fbabdaa 100644 --- a/checkpoint-rename.patch +++ b/checkpoint-rename.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -172,7 +172,7 @@ def save(fd, dominfo, network, live, dst +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -188,7 +188,7 @@ def save(fd, dominfo, network, live, dst dominfo.destroy() dominfo.testDeviceComplete() try: diff --git a/hv_extid_compatibility.patch b/hv_extid_compatibility.patch index f9f45b9..28bfa4d 100644 --- a/hv_extid_compatibility.patch +++ b/hv_extid_compatibility.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendConfig.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py -@@ -159,6 +159,7 @@ XENAPI_PLATFORM_CFG_TYPES = { +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +@@ -161,6 +161,7 @@ XENAPI_PLATFORM_CFG_TYPES = { 'nographic': int, 'nomigrate': int, 'pae' : int, @@ -10,8 +10,8 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py 'rtc_timeoffset': int, 'parallel': str, 'serial': str, -@@ -517,6 +518,8 @@ class XendConfig(dict): - if self.is_hvm(): +@@ -523,6 +524,8 @@ class XendConfig(dict): + self['platform']['acpi_firmware'] = "" if 'timer_mode' not in self['platform']: self['platform']['timer_mode'] = 1 + if 'extid' in self['platform'] and int(self['platform']['extid']) == 1: @@ -19,11 +19,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py if 'viridian' not in self['platform']: self['platform']['viridian'] = 0 if 'rtc_timeoffset' not in self['platform']: -Index: xen-4.2.0-testing/tools/python/xen/xend/image.py +Index: xen-4.2.1-testing/tools/python/xen/xend/image.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/image.py -+++ xen-4.2.0-testing/tools/python/xen/xend/image.py -@@ -828,6 +828,7 @@ class HVMImageHandler(ImageHandler): +--- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.1-testing/tools/python/xen/xend/image.py +@@ -830,6 +830,7 @@ class HVMImageHandler(ImageHandler): self.apic = int(vmConfig['platform'].get('apic', 0)) self.acpi = int(vmConfig['platform'].get('acpi', 0)) @@ -31,10 +31,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/image.py self.guest_os_type = vmConfig['platform'].get('guest_os_type') self.memory_sharing = int(vmConfig['memory_sharing']) try: -Index: xen-4.2.0-testing/tools/python/xen/xm/create.py +Index: xen-4.2.1-testing/tools/python/xen/xm/create.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/create.py -+++ xen-4.2.0-testing/tools/python/xen/xm/create.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/create.py @@ -242,6 +242,10 @@ gopts.var('viridian', val='VIRIDIAN', use="""Expose Viridian interface to x86 HVM guest? (Default is 0).""") @@ -46,7 +46,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xm/create.py gopts.var('acpi', val='ACPI', fn=set_int, default=1, use="Disable or enable ACPI of HVM domain.") -@@ -1111,7 +1115,7 @@ def configure_hvm(config_image, vals): +@@ -1120,7 +1124,7 @@ def configure_hvm(config_image, vals): 'timer_mode', 'usb', 'usbdevice', 'vcpus', 'vnc', 'vncconsole', 'vncdisplay', 'vnclisten', @@ -55,7 +55,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xm/create.py 'watchdog', 'watchdog_action', 'xauthority', 'xen_extended_power_mgmt', 'xen_platform_pci', 'memory_sharing' ] -@@ -1121,6 +1125,10 @@ def configure_hvm(config_image, vals): +@@ -1130,6 +1134,10 @@ def configure_hvm(config_image, vals): config_image.append([a, vals.__dict__[a]]) if vals.vncpasswd is not None: config_image.append(['vncpasswd', vals.vncpasswd]) diff --git a/multi-xvdp.patch b/multi-xvdp.patch index ca615b6..da1c397 100644 --- a/multi-xvdp.patch +++ b/multi-xvdp.patch @@ -5,10 +5,10 @@ bootloader loopback device. This patch creates a list of bootloader loopback devices so more than one instance of bootloader can be run concurrently. -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py @@ -74,7 +74,7 @@ from xen.xend.XendPSCSI import XendPSCSI from xen.xend.XendDSCSI import XendDSCSI, XendDSCSI_HBA @@ -18,7 +18,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py xc = xen.lowlevel.xc.xc() xoptions = XendOptions.instance() -@@ -3308,33 +3308,38 @@ class XendDomainInfo: +@@ -3324,33 +3324,38 @@ class XendDomainInfo: # This is a file, not a device. pygrub can cope with a # file if it's raw, but if it's QCOW or other such formats # used through blktap, then we need to mount it first. diff --git a/qemu-xen-dir-remote.tar.bz2 b/qemu-xen-dir-remote.tar.bz2 index ce5051e..999ab50 100644 --- a/qemu-xen-dir-remote.tar.bz2 +++ b/qemu-xen-dir-remote.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e5ba8bcd20390c3773e1e0a3a82c46896af5fb73ec235d27c250ef028212aa7a -size 5111823 +oid sha256:69625c1ca61f7569d998c66d9e89d37635e6427d045e0e7566309cdab96c965e +size 5069776 diff --git a/qemu-xen-traditional-dir-remote.tar.bz2 b/qemu-xen-traditional-dir-remote.tar.bz2 index 7c66574..a6e54f5 100644 --- a/qemu-xen-traditional-dir-remote.tar.bz2 +++ b/qemu-xen-traditional-dir-remote.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:dfe4a381b86b68e85ea70f6306914cd7e3f9debb7df3797a611f339054042528 -size 3212536 +oid sha256:fd580bf099a4b8c4ab0ca680874f71fa2abc902076f47c1fea7ee961e9a2f196 +size 3187212 diff --git a/tmp-initscript-modprobe.patch b/tmp-initscript-modprobe.patch index 96744f0..a1617b2 100644 --- a/tmp-initscript-modprobe.patch +++ b/tmp-initscript-modprobe.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/hotplug/Linux/init.d/xencommons +Index: xen-4.2.1-testing/tools/hotplug/Linux/init.d/xencommons =================================================================== ---- xen-4.2.0-testing.orig/tools/hotplug/Linux/init.d/xencommons -+++ xen-4.2.0-testing/tools/hotplug/Linux/init.d/xencommons -@@ -54,21 +54,26 @@ do_start () { +--- xen-4.2.1-testing.orig/tools/hotplug/Linux/init.d/xencommons ++++ xen-4.2.1-testing/tools/hotplug/Linux/init.d/xencommons +@@ -54,21 +54,27 @@ do_start () { local time=0 local timeout=30 @@ -36,7 +36,8 @@ Index: xen-4.2.0-testing/tools/hotplug/Linux/init.d/xencommons + modprobe usbbk 2>/dev/null || true + modprobe pciback 2>/dev/null || true + modprobe xen-acpi-processor 2>/dev/null || true -+ modprobe blktap2 2>/dev/null || modprobe blktap 2>/dev/null || true ++ modprobe blktap2 2>/dev/null || true ++ modprobe blktap 2>/dev/null || true + # xenblk (frontend module) is needed in dom0, allowing it to use vbds + modprobe xenblk 2>/dev/null || true + # support xl create pv guest with qcow/qcow2 disk image diff --git a/tools-watchdog-support.patch b/tools-watchdog-support.patch index 55f1974..4950814 100644 --- a/tools-watchdog-support.patch +++ b/tools-watchdog-support.patch @@ -1,7 +1,7 @@ -Index: xen-4.2.1-testing/tools/python/xen/xm/create.py +Index: xen-4.2.2-testing/tools/python/xen/xm/create.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py -+++ xen-4.2.1-testing/tools/python/xen/xm/create.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.2-testing/tools/python/xen/xm/create.py @@ -535,6 +535,21 @@ gopts.var('usbdevice', val='NAME', fn=set_value, default='', use="Name of USB device to add?") @@ -32,10 +32,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/create.py 'xauthority', 'xen_extended_power_mgmt', 'xen_platform_pci', 'memory_sharing' ] -Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +Index: xen-4.2.2-testing/tools/python/xen/xm/xenapi_create.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/xenapi_create.py -+++ xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/xenapi_create.py ++++ xen-4.2.2-testing/tools/python/xen/xm/xenapi_create.py @@ -1113,7 +1113,9 @@ class sxp2xml: 'xen_platform_pci', 'tsc_mode' @@ -47,10 +47,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py ] platform_configs = [] -Index: xen-4.2.1-testing/tools/python/xen/xend/image.py +Index: xen-4.2.2-testing/tools/python/xen/xend/image.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py -+++ xen-4.2.1-testing/tools/python/xen/xend/image.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.2-testing/tools/python/xen/xend/image.py @@ -855,7 +855,8 @@ class HVMImageHandler(ImageHandler): dmargs = [ 'boot', 'fda', 'fdb', 'soundhw', @@ -69,10 +69,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/image.py # Handle booleans gracefully if a in ['localtime', 'std-vga', 'isa', 'usb', 'acpi']: -Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendConfig.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendConfig.py @@ -192,6 +192,8 @@ XENAPI_PLATFORM_CFG_TYPES = { 'xen_platform_pci': int, "gfx_passthru": int, @@ -82,10 +82,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py } # Xen API console 'other_config' keys. -Index: xen-4.2.1-testing/tools/libxl/libxl_dm.c +Index: xen-4.2.2-testing/tools/libxl/libxl_dm.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_dm.c -+++ xen-4.2.1-testing/tools/libxl/libxl_dm.c +--- xen-4.2.2-testing.orig/tools/libxl/libxl_dm.c ++++ xen-4.2.2-testing/tools/libxl/libxl_dm.c @@ -196,6 +196,12 @@ static char ** libxl__build_device_model "-usbdevice", b_info->u.hvm.usbdevice, NULL); } @@ -99,7 +99,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dm.c if (b_info->u.hvm.soundhw) { flexarray_vappend(dm_args, "-soundhw", b_info->u.hvm.soundhw, NULL); } -@@ -449,6 +455,12 @@ static char ** libxl__build_device_model +@@ -455,6 +461,12 @@ static char ** libxl__build_device_model "-usbdevice", b_info->u.hvm.usbdevice, NULL); } } @@ -112,10 +112,10 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dm.c if (b_info->u.hvm.soundhw) { flexarray_vappend(dm_args, "-soundhw", b_info->u.hvm.soundhw, NULL); } -Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl +Index: xen-4.2.2-testing/tools/libxl/libxl_types.idl =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_types.idl -+++ xen-4.2.1-testing/tools/libxl/libxl_types.idl +--- xen-4.2.2-testing.orig/tools/libxl/libxl_types.idl ++++ xen-4.2.2-testing/tools/libxl/libxl_types.idl @@ -322,6 +322,8 @@ libxl_domain_build_info = Struct("domain ("usbdevice", string), ("soundhw", string), @@ -125,10 +125,10 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl ])), ("pv", Struct(None, [("kernel", string), ("slack_memkb", MemKB), -Index: xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +Index: xen-4.2.2-testing/tools/libxl/xl_cmdimpl.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/xl_cmdimpl.c -+++ xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +--- xen-4.2.2-testing.orig/tools/libxl/xl_cmdimpl.c ++++ xen-4.2.2-testing/tools/libxl/xl_cmdimpl.c @@ -1417,6 +1417,8 @@ skip_vfb: xlu_cfg_replace_string (config, "soundhw", &b_info->u.hvm.soundhw, 0); xlu_cfg_get_defbool(config, "xen_platform_pci", diff --git a/x86-cpufreq-report.patch b/x86-cpufreq-report.patch index 391e8ee..17666d6 100644 --- a/x86-cpufreq-report.patch +++ b/x86-cpufreq-report.patch @@ -1,5 +1,7 @@ ---- a/xen/arch/x86/platform_hypercall.c -+++ b/xen/arch/x86/platform_hypercall.c +Index: xen-4.2.1-testing/xen/arch/x86/platform_hypercall.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/platform_hypercall.c ++++ xen-4.2.1-testing/xen/arch/x86/platform_hypercall.c @@ -25,7 +25,7 @@ #include #include @@ -51,9 +53,11 @@ default: ret = -ENOSYS; break; ---- a/xen/include/public/platform.h -+++ b/xen/include/public/platform.h -@@ -504,6 +504,16 @@ struct xenpf_core_parking { +Index: xen-4.2.1-testing/xen/include/public/platform.h +=================================================================== +--- xen-4.2.1-testing.orig/xen/include/public/platform.h ++++ xen-4.2.1-testing/xen/include/public/platform.h +@@ -505,6 +505,16 @@ struct xenpf_core_parking { typedef struct xenpf_core_parking xenpf_core_parking_t; DEFINE_XEN_GUEST_HANDLE(xenpf_core_parking_t); @@ -70,7 +74,7 @@ /* * ` enum neg_errnoval * ` HYPERVISOR_platform_op(const struct xen_platform_op*); -@@ -530,6 +540,7 @@ struct xen_platform_op { +@@ -531,6 +541,7 @@ struct xen_platform_op { struct xenpf_cpu_hotadd cpu_add; struct xenpf_mem_hotadd mem_add; struct xenpf_core_parking core_parking; diff --git a/x86-dom-print.patch b/x86-dom-print.patch index 23bfd31..4bb3348 100644 --- a/x86-dom-print.patch +++ b/x86-dom-print.patch @@ -1,6 +1,8 @@ ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -154,15 +154,30 @@ void dump_pageframe_info(struct domain * +Index: xen-4.2.1-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/domain.c ++++ xen-4.2.1-testing/xen/arch/x86/domain.c +@@ -152,15 +152,30 @@ void dump_pageframe_info(struct domain * printk("Memory pages belonging to domain %u:\n", d->domain_id); diff --git a/x86-extra-trap-info.patch b/x86-extra-trap-info.patch index bc2487d..15396a0 100644 --- a/x86-extra-trap-info.patch +++ b/x86-extra-trap-info.patch @@ -1,6 +1,19 @@ +--- a/xen/arch/x86/x86_32/entry.S ++++ b/xen/arch/x86/x86_32/entry.S +@@ -410,8 +410,10 @@ UNLIKELY_END(bounce_vm86_3) + _ASM_EXTABLE(.Lft24, domain_crash_synchronous) + _ASM_EXTABLE(.Lft25, domain_crash_synchronous) + ++.section .rodata, "a", @progbits + domain_crash_synchronous_string: + .asciz "domain_crash_sync called from entry.S (%lx)\n" ++.previous + + domain_crash_synchronous: + pushl $domain_crash_synchronous_string --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S -@@ -427,22 +427,35 @@ UNLIKELY_END(bounce_failsafe) +@@ -435,22 +435,35 @@ UNLIKELY_END(bounce_failsafe) jz domain_crash_synchronous movq %rax,UREGS_rip+8(%rsp) ret diff --git a/xen-4.2.1-testing-src.tar.bz2 b/xen-4.2.1-testing-src.tar.bz2 deleted file mode 100644 index dfc4f54..0000000 --- a/xen-4.2.1-testing-src.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9819306f1cc5efdc0e97c442c627ab95de251228713ab06efa27e5d0c8cabacd -size 4862820 diff --git a/xen-4.2.2-testing-src.tar.bz2 b/xen-4.2.2-testing-src.tar.bz2 new file mode 100644 index 0000000..e130e12 --- /dev/null +++ b/xen-4.2.2-testing-src.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5a1330a97a32997a5b60fe642b9d6260d2c153f02a1d6d77d9752a3de3e20619 +size 4856809 diff --git a/xen-domUloader.diff b/xen-domUloader.diff index b70e777..b81e57b 100644 --- a/xen-domUloader.diff +++ b/xen-domUloader.diff @@ -1,7 +1,7 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/server/DevController.py +Index: xen-4.2.1-testing/tools/python/xen/xend/server/DevController.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/server/DevController.py -+++ xen-4.2.0-testing/tools/python/xen/xend/server/DevController.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/DevController.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/DevController.py @@ -592,6 +592,31 @@ class DevController: return (Missing, None) @@ -34,10 +34,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/server/DevController.py def backendPath(self, backdom, devid): """Construct backend path given the backend domain and device id. -Index: xen-4.2.0-testing/tools/python/xen/xend/XendBootloader.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendBootloader.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendBootloader.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendBootloader.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendBootloader.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendBootloader.py @@ -12,7 +12,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # @@ -75,11 +75,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendBootloader.py log.error(msg) raise VmError(msg) -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2333,6 +2333,10 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2349,6 +2349,10 @@ class XendDomainInfo: deviceClass, config = self.info['devices'].get(dev_uuid) self._waitForDevice(deviceClass, config['devid']) @@ -90,7 +90,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def _waitForDevice_destroy(self, deviceClass, devid, backpath): return self.getDeviceController(deviceClass).waitForDevice_destroy( devid, backpath) -@@ -3283,7 +3287,8 @@ class XendDomainInfo: +@@ -3299,7 +3303,8 @@ class XendDomainInfo: from xen.xend import XendDomain dom0 = XendDomain.instance().privilegedDomain() mounted_vbd_uuid = dom0.create_vbd(vbd, disk); @@ -100,7 +100,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py fn = BOOTLOADER_LOOPBACK_DEVICE try: -@@ -3293,10 +3298,10 @@ class XendDomainInfo: +@@ -3309,10 +3314,10 @@ class XendDomainInfo: if mounted: log.info("Unmounting %s from %s." % (fn, BOOTLOADER_LOOPBACK_DEVICE)) diff --git a/xen-managed-pci-device.patch b/xen-managed-pci-device.patch index 2f8557c..26ba7c1 100644 --- a/xen-managed-pci-device.patch +++ b/xen-managed-pci-device.patch @@ -225,7 +225,16 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._constructDomain() try: -@@ -851,6 +868,9 @@ class XendDomainInfo: +@@ -712,6 +729,8 @@ class XendDomainInfo: + the device. + """ + ++ if self.domid is None: ++ return + self.iommu_check_pod_mode() + + # Test whether the devices can be assigned +@@ -851,6 +870,9 @@ class XendDomainInfo: if self.domid is not None: try: @@ -235,7 +244,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py dev_config_dict['devid'] = devid = \ self._createDevice(dev_type, dev_config_dict) if dev_type == 'tap2': -@@ -864,6 +884,7 @@ class XendDomainInfo: +@@ -864,6 +886,7 @@ class XendDomainInfo: if dev_type == 'pci': for dev in dev_config_dict['devs']: XendAPIStore.deregister(dev['uuid'], 'DPCI') @@ -243,17 +252,18 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py elif dev_type == 'vscsi': for dev in dev_config_dict['devs']: XendAPIStore.deregister(dev['uuid'], 'DSCSI') -@@ -908,6 +929,9 @@ class XendDomainInfo: +@@ -908,6 +931,10 @@ class XendDomainInfo: dev_config = pci_convert_sxp_to_dict(dev_sxp) dev = dev_config['devs'][0] - -+ if self.domid is not None and pci_state == 'Initialising': + ++ # For attach only. For boot, prepare work has been done already in earlier stage. ++ if self.domid is not None and pci_state == 'Initialising' and pci_sub_state != 'Booting': + prepare_host_pci_devices(dev_config) + stubdomid = self.getStubdomDomid() # Do HVM specific processing if self.info.is_hvm(): -@@ -984,6 +1008,9 @@ class XendDomainInfo: +@@ -984,6 +1010,9 @@ class XendDomainInfo: new_dev_sxp = dev_control.configuration(devid) self.info.device_update(dev_uuid, new_dev_sxp) @@ -263,7 +273,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py # If there is no device left, destroy pci and remove config. if num_devs == 0: if self.info.is_hvm(): -@@ -3154,6 +3181,7 @@ class XendDomainInfo: +@@ -3170,6 +3199,7 @@ class XendDomainInfo: log.debug("%s KiB need to add to Memory pool" %self.alloc_mem) MemoryPool.instance().increase_memory(self.alloc_mem) diff --git a/xen-max-free-mem.diff b/xen-max-free-mem.diff index 7d5a0e5..734578d 100644 --- a/xen-max-free-mem.diff +++ b/xen-max-free-mem.diff @@ -1,7 +1,7 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendNode.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendNode.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendNode.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendNode.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendNode.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendNode.py @@ -949,11 +949,35 @@ class XendNode: info['cpu_mhz'] = info['cpu_khz'] / 1000 @@ -51,10 +51,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendNode.py ] if show_numa != 0: -Index: xen-4.2.0-testing/tools/python/xen/xend/balloon.py +Index: xen-4.2.1-testing/tools/python/xen/xend/balloon.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/balloon.py -+++ xen-4.2.0-testing/tools/python/xen/xend/balloon.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/balloon.py ++++ xen-4.2.1-testing/tools/python/xen/xend/balloon.py @@ -43,6 +43,8 @@ SLEEP_TIME_GROWTH = 0.1 # label actually shown in the PROC_XEN_BALLOON file. #labels = { 'current' : 'Current allocation', @@ -88,13 +88,13 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/balloon.py def free(need_mem, dominfo): """Balloon out memory from the privileged domain so that there is the specified required amount (in KiB) free. -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1459,6 +1459,27 @@ class XendDomainInfo: - pci_conf = self.info['devices'][dev_uuid][1] - return map(pci_dict_to_bdf_str, pci_conf['devs']) +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1475,6 +1475,27 @@ class XendDomainInfo: + self.info['abort_if_busy'] = str(abort_if_busy) + self.info['log_save_progress'] = str(log_save_progress) + def capAndSetMemoryTarget(self, target): + """Potentially lowers the requested target to the largest possible @@ -120,10 +120,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -Index: xen-4.2.0-testing/tools/python/xen/xend/server/SrvDomain.py +Index: xen-4.2.1-testing/tools/python/xen/xend/server/SrvDomain.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/server/SrvDomain.py -+++ xen-4.2.0-testing/tools/python/xen/xend/server/SrvDomain.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/SrvDomain.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/SrvDomain.py @@ -187,7 +187,7 @@ class SrvDomain(SrvDir): @@ -133,10 +133,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/server/SrvDomain.py [['target', 'int']], req) -Index: xen-4.2.0-testing/tools/python/xen/xend/osdep.py +Index: xen-4.2.1-testing/tools/python/xen/xend/osdep.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/osdep.py -+++ xen-4.2.0-testing/tools/python/xen/xend/osdep.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/osdep.py ++++ xen-4.2.1-testing/tools/python/xen/xend/osdep.py @@ -42,6 +42,8 @@ def _linux_balloon_stat_proc(label): xend2linux_labels = { 'current' : 'Current allocation', diff --git a/xen.changes b/xen.changes index 47774f2..593f075 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,230 @@ +------------------------------------------------------------------- +Mon May 6 15:52:03 CEST 2013 - ohering@suse.de + +- add lndir to BuildRequires + +------------------------------------------------------------------- +Mon May 6 11:45:03 CEST 2013 - ohering@suse.de + +- remove xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch + It changed migration protocol and upstream wants a different solution + +------------------------------------------------------------------- +Sun May 5 16:20:30 CEST 2013 - ohering@suse.de + +- bnc#802221 - fix xenpaging + readd xenpaging.qemu.flush-cache.patch + +------------------------------------------------------------------- +Tue Apr 30 09:15:26 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch + 26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch +- Additional fix for bnc#816159 + CVE-2013-1918-xsa45-followup.patch + +------------------------------------------------------------------- +Mon Apr 29 15:40:35 MDT 2013 - cyliu@suse.com + +- bnc#817068 - Xen guest with >1 sr-iov vf won't start + xen-managed-pci-device.patch + +------------------------------------------------------------------- +Mon Apr 29 11:21:54 MDT 2013 - carnold@suse.com + +- Update to Xen 4.2.2 c/s 26064 + The following recent security patches are included in the tarball + CVE-2013-0151-xsa34.patch (bnc#797285) + CVE-2012-6075-xsa41.patch (bnc#797523) + CVE-2013-1917-xsa44.patch (bnc#813673) + CVE-2013-1919-xsa46.patch (bnc#813675) + +------------------------------------------------------------------- +Wed Apr 24 08:07:07 MDT 2013 - carnold@suse.com + +- Upstream patch from Jan + 26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch + +------------------------------------------------------------------- +Fri Apr 19 14:22:43 MDT 2013 - carnold@suse.com + +- bnc#816159 - VUL-0: xen: CVE-2013-1918: XSA-45: Several long + latency operations are not preemptible + CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch + CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch + CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch + CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch + CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch + CVE-2013-1918-xsa45-6-unpin-preemptible.patch + CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch +- bnc#816163 - VUL-0: xen: CVE-2013-1952: XSA-49: VT-d interrupt + remapping source validation flaw for bridges + CVE-2013-1952-xsa49.patch + +------------------------------------------------------------------- +Thu Apr 18 10:17:08 MDT 2013 - cyliu@suse.com + +- bnc#809662 - can't use pv-grub to start domU (pygrub does work) + xen.spec + +------------------------------------------------------------------- +Mon Apr 15 14:47:41 MDT 2013 - carnold@suse.com + +- bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 + on Kyoto + xend-cpuinfo-model-name.patch + +------------------------------------------------------------------- +Mon Apr 15 10:55:17 MDT 2013 - carnold@suse.com + +- bnc#813673 - VUL-0: CVE-2013-1917: xen: Xen PV DoS vulnerability with + SYSENTER + CVE-2013-1917-xsa44.patch +- bnc#813675 - VUL-0: CVE-2013-1919: xen: Several access permission + issues with IRQs for unprivileged guests + CVE-2013-1919-xsa46.patch +- bnc#814059 - VUL-1: xen: qemu-nbd format-guessing due to missing + format specification + CVE-2013-1922-xsa48.patch +- Upstream patches from Jan + 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics.patch + 26751-x86-EFI-permit-setting-variable-with-non-zero-attributes.patch + 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch + 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vectors.patch + 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch + 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mode.patch + 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-pages.patch + 26774-defer-event-channel-bucket-pointer-store-until-after-XSM-checks.patch + 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch + +------------------------------------------------------------------- +Thu Apr 4 11:17:43 MDT 2013 - carnold@suse.com + +- bnc#813156 - IndentationError in XendCheckpoint.py + xend-domain-lock.patch + +------------------------------------------------------------------- +Tue Apr 2 15:41:19 CEST 2013 - ohering@suse.de + +- bnc#797014 - no way to control live migrations +- bnc#803712 - after live migration rcu_sched_state detected stalls + xen.migrate.tools-xend_move_assert_to_exception_block.patch + xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch + xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch + xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch + +------------------------------------------------------------------- +Tue Mar 26 10:37:43 MDT 2013 - carnold@suse.com + +- bnc#811764 - XEN (hypervisor or kernel) has a problem with EFI + variable services + x86-EFI-set-variable-permit-attrs.patch +- Upstream patches from Jan + 26060-ACPI-ERST-table-size-checks.patch + 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch + 26702-powernow-add-fixups-for-AMD-P-state-figures.patch + 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch (bnc#805579) + 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch + 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch + 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch + 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch + 26737-ACPI-APEI-Add-apei_exec_run_optional.patch + 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch + 26743-VT-d-deal-with-5500-5520-X58-errata.patch (bnc#801910) + 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch + +------------------------------------------------------------------- +Thu Mar 14 09:58:38 MDT 2013 - jfehlig@suse.com + +- Load blktap module in xencommons init script. blktap2 doesn't + support qcow2, so blktap is needed to support domains with + 'tap:qcow2' disk configurations. + modified tmp-initscript-modprobe.patch + +------------------------------------------------------------------- +Thu Mar 14 07:32:17 MDT 2013 - carnold@suse.com + +- bnc#809203 - xen.efi isn't signed with SUSE Secure Boot key + xen.spec + +------------------------------------------------------------------- +Mon Mar 11 21:07:21 MDT 2013 - jfehlig@suse.com + +- Fix adding managed PCI device to an inactive domain + modified xen-managed-pci-device.patch + +------------------------------------------------------------------- +Mon Mar 11 11:45:22 MDT 2013 - jfehlig@suse.com + +- bnc#805094 - xen hot plug attach/detach fails + modified blktap-pv-cdrom.patch + +------------------------------------------------------------------- +Mon Mar 11 11:17:57 MDT 2013 - jfehlig@suse.com + +- bnc# 802690 - domain locking can prevent a live migration from + completing + modified xend-domain-lock.patch + +------------------------------------------------------------------- +Fri Mar 8 15:01:15 CET 2013 - ohering@suse.de + +- bnc#797014 - no way to control live migrations + 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch + xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch + xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch + xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch + xen.migrate.tools_set_migration_constraints_from_cmdline.patch + xen.migrate.tools_add_xm_migrate_--log_progress_option.patch + +------------------------------------------------------------------- +Thu Mar 7 14:39:57 MST 2013 - carnold@suse.com + +- Upstream patches from Jan + 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch + 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch + 26601-honor-ACPI-v4-FADT-flags.patch + 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch + 26659-AMD-IOMMU-erratum-746-workaround.patch + 26660-x86-fix-CMCI-injection.patch + 26672-vmx-fix-handling-of-NMI-VMEXIT.patch + 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch + 26676-fix-compat-memory-exchange-op-splitting.patch + 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch + 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch + 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch + 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch + 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch + +------------------------------------------------------------------- +Tue Mar 5 13:35:40 MST 2013 - carnold@suse.com + +- fate#313584: pass bios information to XEN HVM guest + xend-hvm-firmware-passthrough.patch + +------------------------------------------------------------------- +Mon Mar 4 20:28:29 CET 2013 - ohering@suse.de + +- bnc#806736: enabling xentrace crashes hypervisor + 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.patch + +------------------------------------------------------------------- +Thu Feb 28 11:12:04 CET 2013 - ohering@suse.de + +- update xenalyze to revision 149 + Make eip_list output more useful + Use correct length when copying record into buffer + decode PV_HYPERCALL_SUBCALL events + decode PV_HYPERCALL_V2 records + Analyze populate-on-demand reclamation patterns + Handle 64-bit MMIO + Also strip write bit when processing a generic event + Make the warnigns in hvm_generic_postprocess more informative + Don't warn about switching paging levels unless verbosity>=6 + Process NPFs as generic for summary purposes + Add HVM_EVENT_VLAPIC + ------------------------------------------------------------------- Wed Feb 20 15:00:13 MST 2013 - jfehlig@suse.com diff --git a/xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch b/xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch new file mode 100644 index 0000000..75baeaf --- /dev/null +++ b/xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch @@ -0,0 +1,25 @@ +user: Olaf Hering +date: Thu Mar 28 15:36:07 2013 +0100 +files: tools/libxc/xc_domain_save.c +description: +tools/libxc: print stats if migration is aborted + +Signed-off-by: Olaf Hering + + +--- + tools/libxc/xc_domain_save.c | 1 + + 1 file changed, 1 insertion(+) + +Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c +@@ -1536,6 +1536,7 @@ int xc_domain_save(xc_interface *xch, in + ERROR("Live migration aborted, as requested. (guest too busy?)" + " total_sent %lu iter %d, max_iters %u max_factor %u", + total_sent, iter, max_iters, max_factor); ++ print_stats(xch, dom, sent_this_iter, &time_stats, &shadow_stats, 1); + rc = 1; + goto out; + } diff --git a/xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch b/xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch new file mode 100644 index 0000000..544abcd --- /dev/null +++ b/xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch @@ -0,0 +1,20 @@ +user: Olaf Hering +date: Wed Mar 06 16:42:02 2013 +0100 +files: tools/xcutils/xc_restore.c +description: +tools/xc: document printf calls in xc_restore + +Signed-off-by: Olaf Hering + + +diff -r e5ae0e680b5c -r 49b90990442a tools/xcutils/xc_restore.c +--- a/tools/xcutils/xc_restore.c ++++ b/tools/xcutils/xc_restore.c +@@ -56,6 +56,7 @@ main(int argc, char **argv) + + if ( ret == 0 ) + { ++ /* xend expects this output, part of protocol */ + printf("store-mfn %li\n", store_mfn); + if ( !hvm ) + printf("console-mfn %li\n", console_mfn); diff --git a/xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch b/xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch new file mode 100644 index 0000000..6a900ed --- /dev/null +++ b/xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch @@ -0,0 +1,178 @@ +user: Olaf Hering +date: Wed Mar 06 16:32:08 2013 +0100 +files: tools/libxc/xc_private.h tools/xcutils/xc_save.c +description: +tools/xc: print messages from xc_save with xc_report + +Make use of xc_report in xc_save to log also pid if some error occoured. + +Signed-off-by: Olaf Hering + + +diff -r 7af4246a6e1c -r e5ae0e680b5c tools/libxc/xc_private.h +--- a/tools/libxc/xc_private.h ++++ b/tools/libxc/xc_private.h +@@ -119,6 +119,7 @@ void xc_report_progress_step(xc_interfac + + /* anamorphic macros: struct xc_interface *xch must be in scope */ + ++#define WPRINTF(_f, _a...) xc_report(xch, xch->error_handler, XTL_WARN,0, _f , ## _a) + #define IPRINTF(_f, _a...) xc_report(xch, xch->error_handler, XTL_INFO,0, _f , ## _a) + #define DPRINTF(_f, _a...) xc_report(xch, xch->error_handler, XTL_DETAIL,0, _f , ## _a) + #define DBGPRINTF(_f, _a...) xc_report(xch, xch->error_handler, XTL_DEBUG,0, _f , ## _a) +diff -r 7af4246a6e1c -r e5ae0e680b5c tools/xcutils/xc_save.c +--- a/tools/xcutils/xc_save.c ++++ b/tools/xcutils/xc_save.c +@@ -7,6 +7,7 @@ + * + */ + ++#include + #include + #include + #include +@@ -19,6 +20,7 @@ + #include + #include + ++#include + #include + #include + #include +@@ -51,16 +53,17 @@ static int compat_suspend(void) + * receive the acknowledgement from the subscribe event channel. */ + static int evtchn_suspend(void) + { ++ xc_interface *xch = si.xch; + int rc; + + rc = xc_evtchn_notify(si.xce, si.suspend_evtchn); + if (rc < 0) { +- warnx("failed to notify suspend request channel: %d", rc); ++ WPRINTF("failed to notify suspend request channel: %d", rc); + return 0; + } + +- if (xc_await_suspend(si.xch, si.xce, si.suspend_evtchn) < 0) { +- warnx("suspend failed"); ++ if (xc_await_suspend(xch, si.xce, si.suspend_evtchn) < 0) { ++ WPRINTF("suspend failed"); + return 0; + } + +@@ -104,20 +107,27 @@ static int suspend(void* data) + + static int switch_qemu_logdirty(int domid, unsigned int enable, void *data) + { ++ xc_interface *xch = si.xch; + struct xs_handle *xs; + char *path, *p, *ret_str, *cmd_str, **watch; + unsigned int len; + struct timeval tv; + fd_set fdset; + +- if ((xs = xs_daemon_open()) == NULL) +- errx(1, "Couldn't contact xenstore"); +- if (!(path = strdup("/local/domain/0/device-model/"))) +- errx(1, "can't get domain path in store"); ++ if ((xs = xs_daemon_open()) == NULL) { ++ PERROR("Couldn't contact xenstore"); ++ exit(1); ++ } ++ if (!(path = strdup("/local/domain/0/device-model/"))) { ++ PERROR("can't get domain path in store"); ++ exit(1); ++ } + if (!(path = realloc(path, strlen(path) + + 10 +- + strlen("/logdirty/cmd") + 1))) +- errx(1, "no memory for constructing xenstore path"); ++ + strlen("/logdirty/cmd") + 1))) { ++ PERROR("no memory for constructing xenstore path"); ++ exit(1); ++ } + snprintf(path + strlen(path), 11, "%i", domid); + strcat(path, "/logdirty/"); + p = path + strlen(path); +@@ -126,16 +136,22 @@ static int switch_qemu_logdirty(int domi + /* Watch for qemu's return value */ + strcpy(p, "ret"); + if (!xs_watch(xs, path, "qemu-logdirty-ret")) +- errx(1, "can't set watch in store (%s)\n", path); ++ { ++ ERROR("can't set watch in store (%s)\n", path); ++ exit(1); ++ } + +- if (!(cmd_str = strdup( enable == 0 ? "disable" : "enable"))) +- errx(1, "can't get logdirty cmd path in store"); ++ if (!(cmd_str = strdup( enable == 0 ? "disable" : "enable"))) { ++ PERROR("can't get logdirty cmd path in store"); ++ exit(1); ++ } + + /* Tell qemu that we want it to start logging dirty page to Xen */ + strcpy(p, "cmd"); +- if (!xs_write(xs, XBT_NULL, path, cmd_str, strlen(cmd_str))) +- errx(1, "can't write to store path (%s)\n", +- path); ++ if (!xs_write(xs, XBT_NULL, path, cmd_str, strlen(cmd_str))) { ++ PERROR("can't write to store path (%s)\n", path); ++ exit(1); ++ } + + /* Wait a while for qemu to signal that it has service logdirty command */ + read_again: +@@ -144,8 +160,10 @@ static int switch_qemu_logdirty(int domi + FD_ZERO(&fdset); + FD_SET(xs_fileno(xs), &fdset); + +- if ((select(xs_fileno(xs) + 1, &fdset, NULL, NULL, &tv)) != 1) +- errx(1, "timed out waiting for qemu logdirty response.\n"); ++ if ((select(xs_fileno(xs) + 1, &fdset, NULL, NULL, &tv)) != 1) { ++ PERROR("timed out waiting for qemu logdirty response.\n"); ++ exit(1); ++ } + + watch = xs_read_watch(xs, &len); + free(watch); +@@ -166,6 +184,7 @@ static int switch_qemu_logdirty(int domi + int + main(int argc, char **argv) + { ++ xc_interface *xch; + unsigned int maxit, max_f, lflags; + int io_fd, ret, port; + struct save_callbacks callbacks; +@@ -186,26 +205,26 @@ main(int argc, char **argv) + lvl = si.flags & XCFLAGS_DEBUG ? XTL_DEBUG: XTL_DETAIL; + lflags = XTL_STDIOSTREAM_SHOW_PID | XTL_STDIOSTREAM_HIDE_PROGRESS; + l = (xentoollog_logger *)xtl_createlogger_stdiostream(stderr, lvl, lflags); +- si.xch = xc_interface_open(l, 0, 0); ++ xch = si.xch = xc_interface_open(l, 0, 0); + if (!si.xch) +- errx(1, "failed to open control interface"); ++ errx(1, "[%lu] failed to open control interface", (unsigned long)getpid()); + + si.xce = xc_evtchn_open(NULL, 0); + if (si.xce == NULL) +- warnx("failed to open event channel handle"); ++ WPRINTF("failed to open event channel handle"); + else + { + port = xs_suspend_evtchn_port(si.domid); + + if (port < 0) +- warnx("failed to get the suspend evtchn port\n"); ++ WPRINTF("failed to get the suspend evtchn port\n"); + else + { + si.suspend_evtchn = + xc_suspend_evtchn_init(si.xch, si.xce, si.domid, port); + + if (si.suspend_evtchn < 0) +- warnx("suspend event channel initialization failed, " ++ WPRINTF("suspend event channel initialization failed, " + "using slow path"); + } + } diff --git a/xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch b/xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch new file mode 100644 index 0000000..84da9dd --- /dev/null +++ b/xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch @@ -0,0 +1,136 @@ +user: Olaf Hering +date: Wed Mar 06 17:05:10 2013 +0100 +files: tools/xcutils/xc_save.c +description: +tools/xc: rework xc_save.c:switch_qemu_logdirty + +Rework code in switch_qemu_logdirty, fix also memleak. + +Signed-off-by: Olaf Hering + + +diff -r 49b90990442a -r 1ea501d60264 tools/xcutils/xc_save.c +--- a/tools/xcutils/xc_save.c ++++ b/tools/xcutils/xc_save.c +@@ -7,6 +7,7 @@ + * + */ + ++#define _GNU_SOURCE + #include + #include + #include +@@ -109,8 +110,10 @@ static int switch_qemu_logdirty(int domi + { + xc_interface *xch = si.xch; + struct xs_handle *xs; +- char *path, *p, *ret_str, *cmd_str, **watch; ++ char *path, *dir_p, *ret_str, **watch; ++ const char *cmd_str; + unsigned int len; ++ int ret, again; + struct timeval tv; + fd_set fdset; + +@@ -118,65 +121,56 @@ static int switch_qemu_logdirty(int domi + PERROR("Couldn't contact xenstore"); + exit(1); + } +- if (!(path = strdup("/local/domain/0/device-model/"))) { +- PERROR("can't get domain path in store"); ++ ++ ret = asprintf(&path, "/local/domain/0/device-model/%i/logdirty/ret", domid); ++ if (ret < 0) { ++ ERROR("Couldn't construct xenstore path"); + exit(1); + } +- if (!(path = realloc(path, strlen(path) +- + 10 +- + strlen("/logdirty/cmd") + 1))) { +- PERROR("no memory for constructing xenstore path"); +- exit(1); +- } +- snprintf(path + strlen(path), 11, "%i", domid); +- strcat(path, "/logdirty/"); +- p = path + strlen(path); +- ++ /* Pointer to directory */ ++ dir_p = path + ret - 3; + + /* Watch for qemu's return value */ +- strcpy(p, "ret"); +- if (!xs_watch(xs, path, "qemu-logdirty-ret")) +- { +- ERROR("can't set watch in store (%s)\n", path); ++ if (!xs_watch(xs, path, "qemu-logdirty-ret")) { ++ PERROR("can't set watch in store (%s)", path); + exit(1); + } + +- if (!(cmd_str = strdup( enable == 0 ? "disable" : "enable"))) { +- PERROR("can't get logdirty cmd path in store"); ++ cmd_str = enable ? "enable" : "disable"; ++ ++ /* Tell qemu that we want it to start logging dirty pages to Xen */ ++ strcpy(dir_p, "cmd"); ++ if (!xs_write(xs, XBT_NULL, path, cmd_str, strlen(cmd_str))) { ++ PERROR("can't write to store path (%s)", path); + exit(1); + } + +- /* Tell qemu that we want it to start logging dirty page to Xen */ +- strcpy(p, "cmd"); +- if (!xs_write(xs, XBT_NULL, path, cmd_str, strlen(cmd_str))) { +- PERROR("can't write to store path (%s)\n", path); +- exit(1); +- } ++ /* Restore initial path */ ++ strcpy(dir_p, "ret"); ++ /* Wait a while for qemu to signal that it has serviced logdirty command */ ++ do { ++ tv.tv_sec = 5; ++ tv.tv_usec = 0; ++ FD_ZERO(&fdset); ++ FD_SET(xs_fileno(xs), &fdset); ++ errno = 0; + +- /* Wait a while for qemu to signal that it has service logdirty command */ +- read_again: +- tv.tv_sec = 5; +- tv.tv_usec = 0; +- FD_ZERO(&fdset); +- FD_SET(xs_fileno(xs), &fdset); +- +- if ((select(xs_fileno(xs) + 1, &fdset, NULL, NULL, &tv)) != 1) { +- PERROR("timed out waiting for qemu logdirty response.\n"); +- exit(1); +- } +- +- watch = xs_read_watch(xs, &len); +- free(watch); +- +- strcpy(p, "ret"); +- ret_str = xs_read(xs, XBT_NULL, path, &len); +- if (ret_str == NULL || strcmp(ret_str, cmd_str)) ++ if ((select(xs_fileno(xs) + 1, &fdset, NULL, NULL, &tv)) != 1) { ++ PERROR("timed out waiting for qemu logdirty response."); ++ exit(1); ++ } ++ ++ watch = xs_read_watch(xs, &len); ++ free(watch); ++ ++ ret_str = xs_read(xs, XBT_NULL, path, &len); ++ again = ret_str == NULL || strcmp(ret_str, cmd_str); ++ WPRINTF("Got '%s' from logdirty%s.\n", ret_str, again ? ", retrying" : ""); ++ free(ret_str); + /* Watch fired but value is not yet right */ +- goto read_again; ++ } while (again); + + free(path); +- free(cmd_str); +- free(ret_str); + + return 0; + } diff --git a/xen.migrate.tools-xend_move_assert_to_exception_block.patch b/xen.migrate.tools-xend_move_assert_to_exception_block.patch new file mode 100644 index 0000000..2fbc591 --- /dev/null +++ b/xen.migrate.tools-xend_move_assert_to_exception_block.patch @@ -0,0 +1,43 @@ +user: Olaf Hering +date: Thu Mar 28 15:36:02 2013 +0100 +files: tools/python/xen/xend/XendCheckpoint.py +description: +tools/xend: move assert to exception block + +The two assert in restore trigger sometimes after hundreds of +migrations. If they trigger the destination host will not destroy the +newly created, still empty guest. After a second migration attempt to +this host there will be two guets with the same name and uuid. This +situation is poorly handled by the xm tools. +With this change the guest will be destroyed. + +Signed-off-by: Olaf Hering + +--- + tools/python/xen/xend/XendCheckpoint.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -262,9 +262,6 @@ def restore(xd, fd, dominfo = None, paus + store_port = dominfo.getStorePort() + console_port = dominfo.getConsolePort() + +- assert store_port +- assert console_port +- + # if hvm, pass mem size to calculate the store_mfn + if is_hvm: + apic = int(dominfo.info['platform'].get('apic', 0)) +@@ -276,6 +273,9 @@ def restore(xd, fd, dominfo = None, paus + pae = 0 + + try: ++ assert store_port ++ assert console_port ++ + restore_image = image.create(dominfo, dominfo.info) + memory = restore_image.getRequiredAvailableMemory( + dominfo.info['memory_dynamic_max'] / 1024) diff --git a/xen.migrate.tools_add_xm_migrate_--log_progress_option.patch b/xen.migrate.tools_add_xm_migrate_--log_progress_option.patch new file mode 100644 index 0000000..d7a9426 --- /dev/null +++ b/xen.migrate.tools_add_xm_migrate_--log_progress_option.patch @@ -0,0 +1,138 @@ +user: Olaf Hering +date: Wed Mar 06 17:05:15 2013 +0100 +files: tools/libxc/xenguest.h tools/python/xen/xend/XendCheckpoint.py tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xm/migrate.py tools/xcutils/xc_save.c +description: +tools: add xm migrate --log_progress option + +xc_domain_save does print progress messages. These verbose messages are +disabled per default to avoid flood in xend.log. Sometimes it is helpful +to see progress when migrating large and busy guests. So add a new +option to xm migrate to actually enable the printing of progress +messsages. + +xl migrate is not modified with this change because it does not use the +stdio logger. + +Signed-off-by: Olaf Hering + + +diff -r 29c66a248f5b -r d8ef4a83760f tools/libxc/xenguest.h +--- a/tools/libxc/xenguest.h ++++ b/tools/libxc/xenguest.h +@@ -29,6 +29,7 @@ + #define XCFLAGS_STDVGA (1 << 3) + #define XCFLAGS_CHECKPOINT_COMPRESS (1 << 4) + #define XCFLAGS_DOMSAVE_ABORT_IF_BUSY (1 << 5) ++#define XCFLAGS_PROGRESS (1 << 6) + + #define X86_64_B_SIZE 64 + #define X86_32_B_SIZE 32 +diff -r 29c66a248f5b -r d8ef4a83760f tools/python/xen/xend/XendCheckpoint.py +--- a/tools/python/xen/xend/XendCheckpoint.py ++++ b/tools/python/xen/xend/XendCheckpoint.py +@@ -121,16 +121,19 @@ def save(fd, dominfo, network, live, dst + max_iters = dominfo.info.get('max_iters', "0") + max_factor = dominfo.info.get('max_factor', "0") + abort_if_busy = dominfo.info.get('abort_if_busy', "0") ++ log_save_progress = dominfo.info.get('log_save_progress', "0") + if max_iters == "None": + max_iters = "0" + if max_factor == "None": + max_factor = "0" + if abort_if_busy == "None": + abort_if_busy = "0" ++ if log_save_progress == "None": ++ log_save_progress = "0" + cmd = [xen.util.auxbin.pathTo(XC_SAVE), str(fd), + str(dominfo.getDomid()), + max_iters, max_factor, +- str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) ) ] ++ str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) | (int(log_save_progress) << 6) ) ] + log.debug("[xc_save]: %s", string.join(cmd)) + + def saveInputHandler(line, tochild): +diff -r 29c66a248f5b -r d8ef4a83760f tools/python/xen/xend/XendDomain.py +--- a/tools/python/xen/xend/XendDomain.py ++++ b/tools/python/xen/xend/XendDomain.py +@@ -1832,17 +1832,18 @@ class XendDomain: + log.exception(ex) + raise XendError(str(ex)) + +- def domain_migrate_constraints_set(self, domid, max_iters, max_factor, abort_if_busy): ++ def domain_migrate_constraints_set(self, domid, max_iters, max_factor, abort_if_busy, log_save_progress): + """Set the Migrate Constraints of this domain. + @param domid: Domain ID or Name + @param max_iters: Number of iterations before final suspend + @param max_factor: Max amount of memory to transfer before final suspend + @param abort_if_busy: Abort migration instead of doing final suspend ++ @param log_save_progress: Log progress of migrate to xend.log + """ + dominfo = self.domain_lookup_nr(domid) + if not dominfo: + raise XendInvalidDomain(str(domid)) +- dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy) ++ dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy, log_save_progress) + + def domain_maxmem_set(self, domid, mem): + """Set the memory limit for a domain. +diff -r 29c66a248f5b -r d8ef4a83760f tools/python/xen/xend/XendDomainInfo.py +--- a/tools/python/xen/xend/XendDomainInfo.py ++++ b/tools/python/xen/xend/XendDomainInfo.py +@@ -1459,17 +1459,19 @@ class XendDomainInfo: + pci_conf = self.info['devices'][dev_uuid][1] + return map(pci_dict_to_bdf_str, pci_conf['devs']) + +- def setMigrateConstraints(self, max_iters, max_factor, abort_if_busy): ++ def setMigrateConstraints(self, max_iters, max_factor, abort_if_busy, log_save_progress): + """Set the Migrate Constraints of this domain. + @param max_iters: Number of iterations before final suspend + @param max_factor: Max amount of memory to transfer before final suspend + @param abort_if_busy: Abort migration instead of doing final suspend ++ @param log_save_progress: Log progress of migrate to xend.log + """ + log.debug("Setting migration constraints of domain %s (%s) to '%s' '%s' '%s'.", + self.info['name_label'], str(self.domid), max_iters, max_factor, abort_if_busy) + self.info['max_iters'] = str(max_iters) + self.info['max_factor'] = str(max_factor) + self.info['abort_if_busy'] = str(abort_if_busy) ++ self.info['log_save_progress'] = str(log_save_progress) + + def setMemoryTarget(self, target): + """Set the memory target of this domain. +diff -r 29c66a248f5b -r d8ef4a83760f tools/python/xen/xm/migrate.py +--- a/tools/python/xen/xm/migrate.py ++++ b/tools/python/xen/xm/migrate.py +@@ -67,6 +67,10 @@ gopts.opt('abort_if_busy', short='A', + fn=set_true, default=0, + use="Abort migration instead of doing final suspend.") + ++gopts.opt('log_progress', ++ fn=set_true, default=0, ++ use="Log progress of migration to xend.log") ++ + def help(): + return str(gopts) + +@@ -95,7 +99,8 @@ def main(argv): + server.xend.domain.migrate_constraints_set(dom, + opts.vals.max_iters, + opts.vals.max_factor, +- opts.vals.abort_if_busy) ++ opts.vals.abort_if_busy, ++ opts.vals.log_progress) + server.xend.domain.migrate(dom, dst, opts.vals.live, + opts.vals.port, + opts.vals.node, +diff -r 29c66a248f5b -r d8ef4a83760f tools/xcutils/xc_save.c +--- a/tools/xcutils/xc_save.c ++++ b/tools/xcutils/xc_save.c +@@ -197,7 +197,8 @@ main(int argc, char **argv) + si.suspend_evtchn = -1; + + lvl = si.flags & XCFLAGS_DEBUG ? XTL_DEBUG: XTL_DETAIL; +- lflags = XTL_STDIOSTREAM_SHOW_PID | XTL_STDIOSTREAM_HIDE_PROGRESS; ++ lflags = XTL_STDIOSTREAM_SHOW_PID; ++ lflags |= si.flags & XCFLAGS_PROGRESS ? 0 : XTL_STDIOSTREAM_HIDE_PROGRESS; + l = (xentoollog_logger *)xtl_createlogger_stdiostream(stderr, lvl, lflags); + xch = si.xch = xc_interface_open(l, 0, 0); + if (!si.xch) diff --git a/xen.migrate.tools_set_migration_constraints_from_cmdline.patch b/xen.migrate.tools_set_migration_constraints_from_cmdline.patch new file mode 100644 index 0000000..44dd5a8 --- /dev/null +++ b/xen.migrate.tools_set_migration_constraints_from_cmdline.patch @@ -0,0 +1,232 @@ +user: Olaf Hering +date: Wed Mar 06 17:05:14 2013 +0100 +files: docs/man/xl.pod.1 tools/libxc/xc_domain_save.c tools/libxc/xenguest.h tools/libxl/Makefile tools/libxl/libxl.c tools/libxl/libxl.h tools/libxl/libxl_dom.c tools/libxl/libxl_internal.h tools/libxl/libxl_save_callout.c tools/libxl/xl_cmdimpl.c tools/libxl/xl_cmdtable.c tools/python/xen/xend/XendCheckpoint.py tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xm/migrate.py +description: +tools: set migration constraints from cmdline + +Add new options to xm/xl migrate to control the process of migration. +The intention is to optionally abort the migration if it takes too long +to migrate a busy guest due to the high number of dirty pages. Currently +the guest is suspended to transfer the remaining dirty pages. This +transfer can take too long, which can confuse the guest if its suspended +for too long. + +-M Number of iterations before final suspend (default: 30) +--max_iters + +-m Max amount of memory to transfer before final suspend (default: 3*RAM) +--max_factor + +-A Abort migration instead of doing final suspend. +--abort_if_busy + + + +The changes to libxl change the API, handle LIBXL_API_VERSION == 0x040200. + +TODO: + eventually add also --min_remaining (default value 50) in a seperate patch + +v6: + - update the LIBXL_API_VERSION handling for libxl_domain_suspend + change it to an inline function if LIBXL_API_VERSION is defined to 4.2.0 + - rename libxl_save_properties to libxl_domain_suspend_properties + - rename ->xlflags to ->flags within that struct + +v5: + - adjust libxl_domain_suspend prototype, move flags, max_iters, + max_factor into a new, optional struct libxl_save_properties + - rename XCFLAGS_DOMSAVE_NOSUSPEND to XCFLAGS_DOMSAVE_ABORT_IF_BUSY + - rename LIBXL_SUSPEND_NO_FINAL_SUSPEND to LIBXL_SUSPEND_ABORT_IF_BUSY + - rename variables no_suspend to abort_if_busy + - rename option -N/--no_suspend to -A/--abort_if_busy + - update xl.1, extend description of -A option + +v4: + - update default for no_suspend from None to 0 in XendCheckpoint.py:save + - update logoutput in setMigrateConstraints + - change xm migrate defaults from None to 0 + - add new options to xl.1 + - fix syntax error in XendDomain.py:domain_migrate_constraints_set + - fix xm migrate -N option name to match xl migrate + +v3: + - move logic errors in libxl__domain_suspend and fixed help text in + cmd_table to separate patches + - fix syntax error in XendCheckpoint.py + - really pass max_iters and max_factor in libxl__xc_domain_save + - make libxl_domain_suspend_0x040200 declaration globally visible + - bump libxenlight.so SONAME from 2.0 to 2.1 due to changed + libxl_domain_suspend + +v2: + - use LIBXL_API_VERSION and define libxl_domain_suspend_0x040200 + - fix logic error in min_reached check in xc_domain_save + - add longopts + - update --help text + - correct description of migrate --help text + +Signed-off-by: Olaf Hering + + +--- + tools/libxc/xc_domain_save.c | 13 ++++++++++++- + tools/libxc/xenguest.h | 1 + + tools/python/xen/xend/XendCheckpoint.py | 14 ++++++++++++-- + tools/python/xen/xend/XendDomain.py | 12 ++++++++++++ + tools/python/xen/xend/XendDomainInfo.py | 12 ++++++++++++ + tools/python/xen/xm/migrate.py | 16 ++++++++++++++++ + 6 files changed, 65 insertions(+), 3 deletions(-) + +Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c +@@ -813,6 +813,7 @@ int xc_domain_save(xc_interface *xch, in + int rc = 1, frc, i, j, last_iter = 0, iter = 0; + int live = (flags & XCFLAGS_LIVE); + int debug = (flags & XCFLAGS_DEBUG); ++ int abort_if_busy = (flags & XCFLAGS_DOMSAVE_ABORT_IF_BUSY); + int superpages = !!hvm; + int race = 0, sent_last_iter, skip_this_iter = 0; + unsigned int sent_this_iter = 0; +@@ -1525,10 +1526,20 @@ int xc_domain_save(xc_interface *xch, in + + if ( live ) + { ++ int min_reached = sent_this_iter + skip_this_iter < 50; + if ( (iter >= max_iters) || +- (sent_this_iter+skip_this_iter < 50) || ++ min_reached || + (total_sent > dinfo->p2m_size*max_factor) ) + { ++ if ( !min_reached && abort_if_busy ) ++ { ++ ERROR("Live migration aborted, as requested. (guest too busy?)" ++ " total_sent %lu iter %d, max_iters %u max_factor %u", ++ total_sent, iter, max_iters, max_factor); ++ rc = 1; ++ goto out; ++ } ++ + DPRINTF("Start last iteration\n"); + last_iter = 1; + +Index: xen-4.2.1-testing/tools/libxc/xenguest.h +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xenguest.h ++++ xen-4.2.1-testing/tools/libxc/xenguest.h +@@ -28,6 +28,7 @@ + #define XCFLAGS_HVM (1 << 2) + #define XCFLAGS_STDVGA (1 << 3) + #define XCFLAGS_CHECKPOINT_COMPRESS (1 << 4) ++#define XCFLAGS_DOMSAVE_ABORT_IF_BUSY (1 << 5) + + #define X86_64_B_SIZE 64 + #define X86_32_B_SIZE 32 +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -118,9 +118,19 @@ def save(fd, dominfo, network, live, dst + # enabled. Passing "0" simply uses the defaults compiled into + # libxenguest; see the comments and/or code in xc_linux_save() for + # more information. ++ max_iters = dominfo.info.get('max_iters', "0") ++ max_factor = dominfo.info.get('max_factor', "0") ++ abort_if_busy = dominfo.info.get('abort_if_busy', "0") ++ if max_iters == "None": ++ max_iters = "0" ++ if max_factor == "None": ++ max_factor = "0" ++ if abort_if_busy == "None": ++ abort_if_busy = "0" + cmd = [xen.util.auxbin.pathTo(XC_SAVE), str(fd), +- str(dominfo.getDomid()), "0", "0", +- str(int(live) | (int(hvm) << 2)) ] ++ str(dominfo.getDomid()), ++ max_iters, max_factor, ++ str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) ) ] + log.debug("[xc_save]: %s", string.join(cmd)) + + def saveInputHandler(line, tochild): +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +@@ -1832,6 +1832,18 @@ class XendDomain: + log.exception(ex) + raise XendError(str(ex)) + ++ def domain_migrate_constraints_set(self, domid, max_iters, max_factor, abort_if_busy): ++ """Set the Migrate Constraints of this domain. ++ @param domid: Domain ID or Name ++ @param max_iters: Number of iterations before final suspend ++ @param max_factor: Max amount of memory to transfer before final suspend ++ @param abort_if_busy: Abort migration instead of doing final suspend ++ """ ++ dominfo = self.domain_lookup_nr(domid) ++ if not dominfo: ++ raise XendInvalidDomain(str(domid)) ++ dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy) ++ + def domain_maxmem_set(self, domid, mem): + """Set the memory limit for a domain. + +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1459,6 +1459,18 @@ class XendDomainInfo: + pci_conf = self.info['devices'][dev_uuid][1] + return map(pci_dict_to_bdf_str, pci_conf['devs']) + ++ def setMigrateConstraints(self, max_iters, max_factor, abort_if_busy): ++ """Set the Migrate Constraints of this domain. ++ @param max_iters: Number of iterations before final suspend ++ @param max_factor: Max amount of memory to transfer before final suspend ++ @param abort_if_busy: Abort migration instead of doing final suspend ++ """ ++ log.debug("Setting migration constraints of domain %s (%s) to '%s' '%s' '%s'.", ++ self.info['name_label'], str(self.domid), max_iters, max_factor, abort_if_busy) ++ self.info['max_iters'] = str(max_iters) ++ self.info['max_factor'] = str(max_factor) ++ self.info['abort_if_busy'] = str(abort_if_busy) ++ + def setMemoryTarget(self, target): + """Set the memory target of this domain. + @param target: In MiB. +Index: xen-4.2.1-testing/tools/python/xen/xm/migrate.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xm/migrate.py ++++ xen-4.2.1-testing/tools/python/xen/xm/migrate.py +@@ -55,6 +55,18 @@ gopts.opt('change_home_server', short='c + fn=set_true, default=0, + use="Change home server for managed domains.") + ++gopts.opt('max_iters', val='max_iters', ++ fn=set_int, default=0, ++ use="Number of iterations before final suspend (default: 30).") ++ ++gopts.opt('max_factor', val='max_factor', ++ fn=set_int, default=0, ++ use="Max amount of memory to transfer before final suspend (default: 3*RAM).") ++ ++gopts.opt('abort_if_busy', ++ fn=set_true, default=0, ++ use="Abort migration instead of doing final suspend.") ++ + def help(): + return str(gopts) + +@@ -80,6 +92,10 @@ def main(argv): + server.xenapi.VM.migrate(vm_ref, dst, bool(opts.vals.live), + other_config) + else: ++ server.xend.domain.migrate_constraints_set(dom, ++ opts.vals.max_iters, ++ opts.vals.max_factor, ++ opts.vals.abort_if_busy) + server.xend.domain.migrate(dom, dst, opts.vals.live, + opts.vals.port, + opts.vals.node, diff --git a/xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch b/xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch new file mode 100644 index 0000000..4631775 --- /dev/null +++ b/xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch @@ -0,0 +1,283 @@ +user: Olaf Hering +date: Thu Mar 28 15:42:14 2013 +0100 +files: docs/man/xl.pod.1 tools/libxc/Makefile tools/libxc/xc_domain_save.c tools/libxc/xc_nomigrate.c tools/libxc/xenguest.h tools/libxl/libxl.c tools/libxl/libxl.h tools/libxl/libxl_internal.h tools/libxl/libxl_save_callout.c tools/libxl/libxl_save_helper.c tools/libxl/xl_cmdimpl.c tools/libxl/xl_cmdtable.c tools/python/xen/lowlevel/checkpoint/libcheckpoint.c tools/python/xen/xend/XendCheckpoint.py tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xm/migrate.py tools/xcutils/xc_save.c +description: +tools: set number of dirty pages during migration + +If a guest is really busy it will not reach the low number of remaining +50 dirty pages for the final suspend. As a result the guest is either +suspendend for a long time during the final transfer, or if the number +of iterations is increased the migration will take a long time. + +Add a new option xm/xl migrate --min_remaing to increase the +default from command line. The default of 50 is 200kb, which is +appearently an arbitrary number. With todays network speeds a larger +block of memory can be transfered quickly without causing too much +suspension time. This knob gives the admin the chance to adapt the +suspension time to the given workload. + +The existing default of 50 pages is not altered by this change. + +Signed-off-by: Olaf Hering + + +--- + tools/libxc/ia64/xc_ia64_linux_save.c | 2 +- + tools/libxc/xc_domain_save.c | 6 ++++-- + tools/libxc/xc_nomigrate.c | 2 +- + tools/libxc/xenguest.h | 2 +- + tools/libxl/libxl_save_helper.c | 2 +- + tools/python/xen/lowlevel/checkpoint/libcheckpoint.c | 2 +- + tools/python/xen/xend/XendCheckpoint.py | 5 ++++- + tools/python/xen/xend/XendDomain.py | 5 +++-- + tools/python/xen/xend/XendDomainInfo.py | 8 +++++--- + tools/python/xen/xm/migrate.py | 5 +++++ + tools/xcutils/xc_save.c | 11 ++++++----- + 11 files changed, 32 insertions(+), 18 deletions(-) + +Index: xen-4.2.1-testing/tools/libxc/ia64/xc_ia64_linux_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/ia64/xc_ia64_linux_save.c ++++ xen-4.2.1-testing/tools/libxc/ia64/xc_ia64_linux_save.c +@@ -381,7 +381,7 @@ out: + + int + xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, +- uint32_t max_factor, uint32_t flags, ++ uint32_t max_factor, uint32_t min_remaining, uint32_t flags, + struct save_callbacks* callbacks, int hvm, + unsigned long vm_generationid_addr) + { +Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c +@@ -43,6 +43,7 @@ + */ + #define DEF_MAX_ITERS 29 /* limit us to 30 times round loop */ + #define DEF_MAX_FACTOR 3 /* never send more than 3x p2m_size */ ++#define DEF_MIN_REMAINING 50 /* low water mark of dirty pages */ + + struct save_ctx { + unsigned long hvirt_start; /* virtual starting address of the hypervisor */ +@@ -803,7 +804,7 @@ static int save_tsc_info(xc_interface *x + } + + int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, +- uint32_t max_factor, uint32_t flags, ++ uint32_t max_factor, uint32_t min_remaining, uint32_t flags, + struct save_callbacks* callbacks, int hvm, + unsigned long vm_generationid_addr) + { +@@ -914,6 +915,7 @@ int xc_domain_save(xc_interface *xch, in + /* If no explicit control parameters given, use defaults */ + max_iters = max_iters ? : DEF_MAX_ITERS; + max_factor = max_factor ? : DEF_MAX_FACTOR; ++ min_remaining = min_remaining ? : DEF_MIN_REMAINING; + + if ( !get_platform_info(xch, dom, + &ctx->max_mfn, &ctx->hvirt_start, &ctx->pt_levels, &dinfo->guest_width) ) +@@ -1526,7 +1528,7 @@ int xc_domain_save(xc_interface *xch, in + + if ( live ) + { +- int min_reached = sent_this_iter + skip_this_iter < 50; ++ int min_reached = sent_this_iter + skip_this_iter < min_remaining; + if ( (iter >= max_iters) || + min_reached || + (total_sent > dinfo->p2m_size*max_factor) ) +Index: xen-4.2.1-testing/tools/libxc/xc_nomigrate.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_nomigrate.c ++++ xen-4.2.1-testing/tools/libxc/xc_nomigrate.c +@@ -22,7 +22,7 @@ + #include + + int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, +- uint32_t max_factor, uint32_t flags, ++ uint32_t max_factor, uint32_t min_remaining, uint32_t flags, + struct save_callbacks* callbacks, int hvm, + unsigned long vm_generationid_addr) + { +Index: xen-4.2.1-testing/tools/libxc/xenguest.h +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xenguest.h ++++ xen-4.2.1-testing/tools/libxc/xenguest.h +@@ -87,7 +87,7 @@ struct save_callbacks { + * @return 0 on success, -1 on failure + */ + int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, +- uint32_t max_factor, uint32_t flags /* XCFLAGS_xxx */, ++ uint32_t max_factor, uint32_t min_remaining, uint32_t flags /* XCFLAGS_xxx */, + struct save_callbacks* callbacks, int hvm, + unsigned long vm_generationid_addr); + +Index: xen-4.2.1-testing/tools/libxl/libxl_save_helper.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxl/libxl_save_helper.c ++++ xen-4.2.1-testing/tools/libxl/libxl_save_helper.c +@@ -235,7 +235,7 @@ int main(int argc, char **argv) + helper_setcallbacks_save(&helper_save_callbacks, cbflags); + + startup("save"); +- r = xc_domain_save(xch, io_fd, dom, max_iters, max_factor, flags, ++ r = xc_domain_save(xch, io_fd, dom, max_iters, max_factor, 0, flags, + &helper_save_callbacks, hvm, genidad); + complete(r); + +Index: xen-4.2.1-testing/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c ++++ xen-4.2.1-testing/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c +@@ -206,7 +206,7 @@ int checkpoint_start(checkpoint_state* s + + callbacks->switch_qemu_logdirty = noop_switch_logdirty; + +- rc = xc_domain_save(s->xch, fd, s->domid, 0, 0, flags, callbacks, hvm, ++ rc = xc_domain_save(s->xch, fd, s->domid, 0, 0, 0, flags, callbacks, hvm, + vm_generationid_addr); + + if (hvm) +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -120,19 +120,22 @@ def save(fd, dominfo, network, live, dst + # more information. + max_iters = dominfo.info.get('max_iters', "0") + max_factor = dominfo.info.get('max_factor', "0") ++ min_remaining = dominfo.info.get('min_remaining', "0") + abort_if_busy = dominfo.info.get('abort_if_busy', "0") + log_save_progress = dominfo.info.get('log_save_progress', "0") + if max_iters == "None": + max_iters = "0" + if max_factor == "None": + max_factor = "0" ++ if min_remaining == "None": ++ min_remaining = "0" + if abort_if_busy == "None": + abort_if_busy = "0" + if log_save_progress == "None": + log_save_progress = "0" + cmd = [xen.util.auxbin.pathTo(XC_SAVE), str(fd), + str(dominfo.getDomid()), +- max_iters, max_factor, ++ max_iters, max_factor, min_remaining, + str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) | (int(log_save_progress) << 6) ) ] + log.debug("[xc_save]: %s", string.join(cmd)) + +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +@@ -1832,18 +1832,19 @@ class XendDomain: + log.exception(ex) + raise XendError(str(ex)) + +- def domain_migrate_constraints_set(self, domid, max_iters, max_factor, abort_if_busy, log_save_progress): ++ def domain_migrate_constraints_set(self, domid, max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress): + """Set the Migrate Constraints of this domain. + @param domid: Domain ID or Name + @param max_iters: Number of iterations before final suspend + @param max_factor: Max amount of memory to transfer before final suspend ++ @param min_remaining: Number of dirty pages before final suspend + @param abort_if_busy: Abort migration instead of doing final suspend + @param log_save_progress: Log progress of migrate to xend.log + """ + dominfo = self.domain_lookup_nr(domid) + if not dominfo: + raise XendInvalidDomain(str(domid)) +- dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy, log_save_progress) ++ dominfo.setMigrateConstraints(max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress) + + def domain_maxmem_set(self, domid, mem): + """Set the memory limit for a domain. +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1459,17 +1459,19 @@ class XendDomainInfo: + pci_conf = self.info['devices'][dev_uuid][1] + return map(pci_dict_to_bdf_str, pci_conf['devs']) + +- def setMigrateConstraints(self, max_iters, max_factor, abort_if_busy, log_save_progress): ++ def setMigrateConstraints(self, max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress): + """Set the Migrate Constraints of this domain. + @param max_iters: Number of iterations before final suspend + @param max_factor: Max amount of memory to transfer before final suspend ++ @param min_remaining: Number of dirty pages before final suspend + @param abort_if_busy: Abort migration instead of doing final suspend + @param log_save_progress: Log progress of migrate to xend.log + """ +- log.debug("Setting migration constraints of domain %s (%s) to '%s' '%s' '%s'.", +- self.info['name_label'], str(self.domid), max_iters, max_factor, abort_if_busy) ++ log.debug("Setting migration constraints of domain %s (%s) to '%s' '%s' '%s' '%s'.", ++ self.info['name_label'], str(self.domid), max_iters, max_factor, min_remaining, abort_if_busy) + self.info['max_iters'] = str(max_iters) + self.info['max_factor'] = str(max_factor) ++ self.info['min_remaining'] = str(min_remaining) + self.info['abort_if_busy'] = str(abort_if_busy) + self.info['log_save_progress'] = str(log_save_progress) + +Index: xen-4.2.1-testing/tools/python/xen/xm/migrate.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xm/migrate.py ++++ xen-4.2.1-testing/tools/python/xen/xm/migrate.py +@@ -63,6 +63,10 @@ gopts.opt('max_factor', val='max_factor' + fn=set_int, default=0, + use="Max amount of memory to transfer before final suspend (default: 3*RAM).") + ++gopts.opt('min_remaining', val='min_remaining', ++ fn=set_int, default=0, ++ use="Number of dirty pages before final suspend (default: 50).") ++ + gopts.opt('abort_if_busy', + fn=set_true, default=0, + use="Abort migration instead of doing final suspend.") +@@ -99,6 +103,7 @@ def main(argv): + server.xend.domain.migrate_constraints_set(dom, + opts.vals.max_iters, + opts.vals.max_factor, ++ opts.vals.min_remaining, + opts.vals.abort_if_busy, + opts.vals.log_progress) + server.xend.domain.migrate(dom, dst, opts.vals.live, +Index: xen-4.2.1-testing/tools/xcutils/xc_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/xcutils/xc_save.c ++++ xen-4.2.1-testing/tools/xcutils/xc_save.c +@@ -179,20 +179,21 @@ int + main(int argc, char **argv) + { + xc_interface *xch; +- unsigned int maxit, max_f, lflags; ++ unsigned int maxit, max_f, min_r, lflags; + int io_fd, ret, port; + struct save_callbacks callbacks; + xentoollog_level lvl; + xentoollog_logger *l; + +- if (argc != 6) +- errx(1, "usage: %s iofd domid maxit maxf flags", argv[0]); ++ if (argc != 7) ++ errx(1, "usage: %s iofd domid maxit maxf minr flags", argv[0]); + + io_fd = atoi(argv[1]); + si.domid = atoi(argv[2]); + maxit = atoi(argv[3]); + max_f = atoi(argv[4]); +- si.flags = atoi(argv[5]); ++ min_r = atoi(argv[5]); ++ si.flags = atoi(argv[6]); + + si.suspend_evtchn = -1; + +@@ -226,7 +227,7 @@ main(int argc, char **argv) + memset(&callbacks, 0, sizeof(callbacks)); + callbacks.suspend = suspend; + callbacks.switch_qemu_logdirty = switch_qemu_logdirty; +- ret = xc_domain_save(si.xch, io_fd, si.domid, maxit, max_f, si.flags, ++ ret = xc_domain_save(si.xch, io_fd, si.domid, maxit, max_f, min_r, si.flags, + &callbacks, !!(si.flags & XCFLAGS_HVM), 0); + + if (si.suspend_evtchn > 0) diff --git a/xen.spec b/xen.spec index bc2357f..03e8321 100644 --- a/xen.spec +++ b/xen.spec @@ -15,12 +15,13 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 %define xvermaj 4 -%define changeset 25952 -%define xen_build_dir xen-4.2.1-testing +%define changeset 26064 +%define xen_build_dir xen-4.2.2-testing %define with_kmp 1 %define with_stubdom 1 # EFI requires gcc46 or newer @@ -112,15 +113,19 @@ BuildRequires: glibc-devel BuildRequires: kernel-source BuildRequires: kernel-syms BuildRequires: module-init-tools +%if %suse_version < 1220 BuildRequires: xorg-x11 +%else +BuildRequires: lndir %endif -Version: 4.2.1_06 +%endif +Version: 4.2.2_01 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License: GPL-2.0+ Group: System/Kernel -Source0: xen-4.2.1-testing-src.tar.bz2 +Source0: xen-4.2.2-testing-src.tar.bz2 Source1: stubdom.tar.bz2 Source2: qemu-xen-traditional-dir-remote.tar.bz2 Source3: qemu-xen-dir-remote.tar.bz2 @@ -172,7 +177,6 @@ Patch25866: 25866-sercon-ns16550-pci-irq.patch Patch25867: 25867-sercon-ns16550-parse.patch Patch25874: 25874-x86-EFI-chain-cfg.patch Patch25909: 25909-xenpm-consistent.patch -Patch25912: 25912-partial-libxl.patch Patch25920: 25920-x86-APICV-enable.patch Patch25921: 25921-x86-APICV-delivery.patch Patch25922: 25922-x86-APICV-x2APIC.patch @@ -181,7 +185,6 @@ Patch25957: 25957-x86-TSC-adjust-HVM.patch Patch25958: 25958-x86-TSC-adjust-sr.patch Patch25959: 25959-x86-TSC-adjust-expose.patch Patch25975: 25975-x86-IvyBridge.patch -Patch26062: 26062-ACPI-ERST-move-data.patch Patch26077: 26077-stubdom_fix_compile_errors_in_grub.patch Patch26078: 26078-hotplug-Linux_remove_hotplug_support_rely_on_udev_instead.patch Patch26079: 26079-hotplug-Linux_close_lockfd_after_lock_attempt.patch @@ -195,20 +198,8 @@ Patch26087: 26087-hotplug-Linux_install_sysconfig_files_as_data_files.patch Patch26114: 26114-pygrub-list-entries.patch Patch26129: 26129-ACPI-BGRT-invalidate.patch Patch26133: 26133-IOMMU-defer-BM-disable.patch -Patch26183: 26183-x86-HPET-masking.patch Patch26189: 26189-xenstore-chmod.patch -Patch26200: 26200-IOMMU-debug-verbose.patch -Patch26235: 26235-IOMMU-ATS-max-queue-depth.patch -Patch26252: 26252-VMX-nested-rflags.patch -Patch26253: 26253-VMX-nested-rdtsc.patch -Patch26254: 26254-VMX-nested-dr.patch -Patch26255: 26255-VMX-nested-ia32e-mode.patch -Patch26258: 26258-VMX-nested-intr-delivery.patch Patch26262: 26262-x86-EFI-secure-shim.patch -Patch26266: 26266-sched-ratelimit-check.patch -Patch26287: 26287-sched-credit-pick-idle.patch -Patch26294: 26294-x86-AMD-Fam15-way-access-filter.patch -Patch26320: 26320-IOMMU-domctl-assign-seg.patch Patch26324: 26324-IOMMU-assign-params.patch Patch26325: 26325-IOMMU-add-remove-params.patch Patch26326: 26326-VT-d-context-map-params.patch @@ -217,9 +208,6 @@ Patch26328: 26328-IOMMU-pdev-type.patch Patch26329: 26329-IOMMU-phantom-dev.patch Patch26330: 26330-VT-d-phantom-MSI.patch Patch26331: 26331-IOMMU-phantom-dev-quirk.patch -Patch26332: 26332-x86-compat-show-guest-stack-mfn.patch -Patch26333: 26333-x86-get_page_type-assert.patch -Patch26340: 26340-VT-d-intremap-verify-legacy-bridge.patch Patch26341: 26341-hvm-firmware-passthrough.patch Patch26342: 26342-hvm-firmware-passthrough.patch Patch26343: 26343-hvm-firmware-passthrough.patch @@ -227,30 +215,12 @@ Patch26344: 26344-hvm-firmware-passthrough.patch Patch26369: 26369-libxl-devid.patch Patch26370: 26370-libxc-x86-initial-mapping-fit.patch Patch26372: 26372-tools-paths.patch -Patch26395: 26395-x86-FPU-context-conditional.patch Patch26404: 26404-x86-forward-both-NMI-kinds.patch Patch26418: 26418-x86-trampoline-consider-multiboot.patch -Patch26427: 26427-x86-AMD-enable-WC+.patch -Patch26428: 26428-x86-HVM-RTC-update.patch -Patch26440: 26440-x86-forward-SERR.patch -Patch26443: 26443-ACPI-zap-DMAR.patch -Patch26444: 26444-x86-nHVM-no-self-enable.patch -Patch26468: 26468-libxl-race.patch -Patch26469: 26469-libxl-race.patch -Patch26501: 26501-VMX-simplify-CR0-update.patch -Patch26502: 26502-VMX-disable-SMEP-when-not-paging.patch -Patch26516: 26516-ACPI-parse-table-retval.patch -Patch26517: 26517-AMD-IOMMU-clear-irtes.patch -Patch26518: 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch -Patch26519: 26519-AMD-IOMMU-perdev-intremap-default.patch -Patch26526: 26526-pvdrv-no-devinit.patch -Patch26529: 26529-gcc48-build-fix.patch -Patch26531: 26531-AMD-IOMMU-IVHD-special-missing.patch Patch26532: 26532-AMD-IOMMU-phantom-MSI.patch -Patch26536: 26536-xenoprof-div-by-0.patch Patch26547: 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch Patch26548: 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch -Patch26549: 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch +Patch26549: 26549-tools-xc_turn_XCFLAGS__into_shifts.patch Patch26550: 26550-tools-xc_restore_logging_in_xc_save.patch Patch26551: 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch Patch26554: 26554-hvm-firmware-passthrough.patch @@ -258,9 +228,28 @@ Patch26555: 26555-hvm-firmware-passthrough.patch Patch26556: 26556-hvm-firmware-passthrough.patch Patch26576: 26576-x86-APICV-migration.patch Patch26577: 26577-x86-APICV-x2APIC.patch -Patch26578: 26578-AMD-IOMMU-replace-BUG_ON.patch -Patch34: CVE-2013-0151-xsa34.patch -Patch41: CVE-2012-6075-xsa41.patch +Patch26675: 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch +Patch26891: 26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch +Patch26902: 26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch +Patch26930: 26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch +Patch4501: CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch +Patch4502: CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch +Patch4503: CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch +Patch4504: CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch +Patch4505: CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch +Patch4506: CVE-2013-1918-xsa45-6-unpin-preemptible.patch +Patch4507: CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch +Patch4508: CVE-2013-1918-xsa45-followup.patch +Patch48: CVE-2013-1922-xsa48.patch +Patch49: CVE-2013-1952-xsa49.patch +Patch88: xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch +Patch89: xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch +Patch90: xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch +Patch91: xen.migrate.tools_set_migration_constraints_from_cmdline.patch +Patch92: xen.migrate.tools_add_xm_migrate_--log_progress_option.patch +Patch93: xen.migrate.tools-xend_move_assert_to_exception_block.patch +Patch94: xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch +Patch95: xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch # Upstream qemu patches Patch100: VNC-Support-for-ExtendedKeyEvent-client-message.patch # Our patches @@ -353,10 +342,12 @@ Patch457: xen-cpupool-xl-config-format.patch Patch458: ipxe-enable-nics.patch Patch459: blktap-close-fifos.patch Patch460: blktap-disable-debug-printf.patch -Patch461: xen-glibc217.patch -Patch462: xen-migration-bridge-check.patch -Patch463: pygrub-netware-xnloader.patch -Patch464: xen-managed-pci-device.patch +Patch461: xen-migration-bridge-check.patch +Patch462: pygrub-netware-xnloader.patch +Patch463: xen-managed-pci-device.patch +Patch464: xend-hvm-firmware-passthrough.patch +Patch465: xend-cpuinfo-model-name.patch +Patch466: xen-glibc217.patch # Jim's domain lock patch Patch480: xend-domain-lock.patch Patch481: xend-domain-lock-sfex.patch @@ -378,6 +369,7 @@ Patch652: ioemu-disable-emulated-ide-if-pv.patch Patch700: hv_extid_compatibility.patch Patch800: xenpaging.autostart.patch Patch801: xenpaging.doc.patch +Patch802: xenpaging.qemu.flush-cache.patch # Build patch Patch99998: tmp-initscript-modprobe.patch Patch99999: tmp_build.patch @@ -724,7 +716,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch25867 -p1 %patch25874 -p1 %patch25909 -p1 -%patch25912 -p1 %patch25920 -p1 %patch25921 -p1 %patch25922 -p1 @@ -733,7 +724,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch25958 -p1 %patch25959 -p1 %patch25975 -p1 -%patch26062 -p1 %patch26077 -p1 %patch26078 -p1 %patch26079 -p1 @@ -747,20 +737,8 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26114 -p1 %patch26129 -p1 %patch26133 -p1 -%patch26183 -p1 %patch26189 -p1 -%patch26200 -p1 -%patch26235 -p1 -%patch26252 -p1 -%patch26253 -p1 -%patch26254 -p1 -%patch26255 -p1 -%patch26258 -p1 %patch26262 -p1 -%patch26266 -p1 -%patch26287 -p1 -%patch26294 -p1 -%patch26320 -p1 %patch26324 -p1 %patch26325 -p1 %patch26326 -p1 @@ -769,9 +747,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26329 -p1 %patch26330 -p1 %patch26331 -p1 -%patch26332 -p1 -%patch26333 -p1 -%patch26340 -p1 %patch26341 -p1 %patch26342 -p1 %patch26343 -p1 @@ -779,28 +754,9 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26369 -p1 %patch26370 -p1 %patch26372 -p1 -%patch26395 -p1 %patch26404 -p1 %patch26418 -p1 -%patch26427 -p1 -%patch26428 -p1 -%patch26440 -p1 -%patch26443 -p1 -%patch34 -p1 -%patch26444 -p1 -%patch26468 -p1 -%patch26469 -p1 -%patch26501 -p1 -%patch26502 -p1 -%patch26516 -p1 -%patch26517 -p1 -%patch26518 -p1 -%patch26519 -p1 -%patch26526 -p1 -%patch26529 -p1 -%patch26531 -p1 %patch26532 -p1 -%patch26536 -p1 %patch26547 -p1 %patch26548 -p1 %patch26549 -p1 @@ -811,8 +767,28 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26556 -p1 %patch26576 -p1 %patch26577 -p1 -%patch26578 -p1 -%patch41 -p1 +%patch26675 -p1 +%patch26891 -p1 +%patch26902 -p1 +%patch26930 -p1 +%patch4501 -p1 +%patch4502 -p1 +%patch4503 -p1 +%patch4504 -p1 +%patch4505 -p1 +%patch4506 -p1 +%patch4507 -p1 +%patch4508 -p1 +%patch48 -p1 +%patch49 -p1 +%patch88 -p1 +%patch89 -p1 +%patch90 -p1 +%patch91 -p1 +%patch92 -p1 +%patch93 -p1 +%patch94 -p1 +%patch95 -p1 # Qemu %patch100 -p1 # Our patches @@ -906,6 +882,8 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch462 -p1 %patch463 -p1 %patch464 -p1 +%patch465 -p1 +%patch466 -p1 %patch480 -p1 %patch481 -p1 %patch500 -p1 @@ -925,6 +903,7 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch700 -p1 %patch800 -p1 %patch801 -p1 +%patch802 -p1 %patch99998 -p1 %patch99999 -p1 # tools/qemu-xen-traditional-dir-remote/configure ./tools/qemu-xen-dir-remote/configure use @@ -1045,7 +1024,6 @@ make -C tools/misc/serial-split install \ %if %{?with_kmp}0 export INSTALL_MOD_PATH=$RPM_BUILD_ROOT export INSTALL_MOD_DIR=updates -#export BRP_PESIGN_FILES="*.ko /lib/firmware" mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d for flavor in %flavors_to_build; do make -C /usr/src/linux-obj/%_target_cpu/$flavor modules_install \ @@ -1056,6 +1034,10 @@ done %if %{?with_dom0_support}0 # Stubdom %if %{?with_stubdom}0 +#remove -fstack-protector flag for stubdom build section +export EXTRA_CFLAGS_XEN_TOOLS=$(echo $RPM_OPT_FLAGS |sed -e 's/-fstack-protector//g') +export EXTRA_CFLAGS_QEMU_TRADITIONAL=$(echo $RPM_OPT_FLAGS |sed -e 's/-fstack-protector//g') +export EXTRA_CFLAGS_QEMU_XEN=$(echo $RPM_OPT_FLAGS |sed -e 's/-fstack-protector//g') make stubdom %{?_smp_mflags} make -C stubdom install \ DESTDIR=$RPM_BUILD_ROOT MANDIR=%{_mandir} \ @@ -1065,6 +1047,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_defaultdocdir}/xen ln -s /usr/lib/xen/bin/stubdom-dm $RPM_BUILD_ROOT/usr/lib64/xen/bin/stubdom-dm ln -s /usr/lib/xen/bin/stubdompath.sh $RPM_BUILD_ROOT/usr/lib64/xen/bin/stubdompath.sh %endif +#restore -fstack-protector flag +export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" +export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" +export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS" %endif # Qemu #make -C tools/qemu-xen-dir-remote install diff --git a/xenalyze.hg.tar.bz2 b/xenalyze.hg.tar.bz2 index 46732d4..2dd1142 100644 --- a/xenalyze.hg.tar.bz2 +++ b/xenalyze.hg.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:006b68099906f6f0846e8a7d7ded8bc8f3abfbcc1c4daac013a4eaa9aefb344f -size 124265 +oid sha256:36aabe13da4b7ca0e0f9b61fa1442823e437585ef56b604ab077af20bb93ef67 +size 126674 diff --git a/xenapi-console-protocol.patch b/xenapi-console-protocol.patch index 341827b..219d982 100644 --- a/xenapi-console-protocol.patch +++ b/xenapi-console-protocol.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3940,6 +3940,14 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3956,6 +3956,14 @@ class XendDomainInfo: if not config.has_key('backend'): config['backend'] = "00000000-0000-0000-0000-000000000000" diff --git a/xend-console-port-restore.patch b/xend-console-port-restore.patch index 7f371a3..63d3082 100644 --- a/xend-console-port-restore.patch +++ b/xend-console-port-restore.patch @@ -3,11 +3,11 @@ xenstore. See bnc#706574 From: Chunyan Liu -Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -329,8 +329,7 @@ def restore(xd, fd, dominfo = None, paus +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -345,8 +345,7 @@ def restore(xd, fd, dominfo = None, paus restore_image.setCpuid() # xc_restore will wait for source to close connection @@ -17,11 +17,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py # # We shouldn't hold the domains_lock over a waitForDevices -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3062,7 +3062,7 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3078,7 +3078,7 @@ class XendDomainInfo: # TODO: recategorise - called from XendCheckpoint # @@ -30,7 +30,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py log.debug("XendDomainInfo.completeRestore") -@@ -3073,6 +3073,7 @@ class XendDomainInfo: +@@ -3089,6 +3089,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self.image.createDeviceModel(True) diff --git a/xend-core-dump-loc.diff b/xend-core-dump-loc.diff index 6aa1939..48a8372 100644 --- a/xend-core-dump-loc.diff +++ b/xend-core-dump-loc.diff @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2304,7 +2304,7 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2320,7 +2320,7 @@ class XendDomainInfo: # To prohibit directory traversal based_name = os.path.basename(self.info['name_label']) diff --git a/xend-cpuinfo-model-name.patch b/xend-cpuinfo-model-name.patch new file mode 100644 index 0000000..248f577 --- /dev/null +++ b/xend-cpuinfo-model-name.patch @@ -0,0 +1,24 @@ +References: bnc#814709 +For cpus that contain additional ':' characters in their name + +Index: xen-4.2.1-testing/tools/python/xen/xend/osdep.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/osdep.py ++++ xen-4.2.1-testing/tools/python/xen/xend/osdep.py +@@ -143,10 +143,14 @@ def _linux_get_cpuinfo(): + d = {} + for line in f: + keyvalue = line.split(':') +- if len(keyvalue) != 2: ++ if len(keyvalue) < 2: + continue + key = keyvalue[0].strip() +- val = keyvalue[1].strip() ++ for i in range(1, len(keyvalue)): ++ if i == 1: ++ val = keyvalue[i].lstrip() ++ else: ++ val = val + ":" + keyvalue[i] + if key == 'processor': + if p != -1: + cpuinfo[p] = d diff --git a/xend-domain-lock-sfex.patch b/xend-domain-lock-sfex.patch index 1e30175..16bc204 100644 --- a/xend-domain-lock-sfex.patch +++ b/xend-domain-lock-sfex.patch @@ -1,7 +1,7 @@ -Index: xen-4.2.1-testing/tools/examples/xend-config.sxp +Index: xen-4.2.2-testing/tools/examples/xend-config.sxp =================================================================== ---- xen-4.2.1-testing.orig/tools/examples/xend-config.sxp -+++ xen-4.2.1-testing/tools/examples/xend-config.sxp +--- xen-4.2.2-testing.orig/tools/examples/xend-config.sxp ++++ xen-4.2.2-testing/tools/examples/xend-config.sxp @@ -357,7 +357,7 @@ # path // # Return 0 on success, non-zero on error. @@ -23,10 +23,10 @@ Index: xen-4.2.1-testing/tools/examples/xend-config.sxp # If we have a very big scsi device configuration, start of xend is slow, # because xend scans all the device paths to build its internal PSCSI device # list. If we need only a few devices for assigning to a guest, we can reduce -Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile +Index: xen-4.2.2-testing/tools/hotplug/Linux/Makefile =================================================================== ---- xen-4.2.1-testing.orig/tools/hotplug/Linux/Makefile -+++ xen-4.2.1-testing/tools/hotplug/Linux/Makefile +--- xen-4.2.2-testing.orig/tools/hotplug/Linux/Makefile ++++ xen-4.2.2-testing/tools/hotplug/Linux/Makefile @@ -23,6 +23,7 @@ XEN_SCRIPTS += xen-hotplug-cleanup XEN_SCRIPTS += external-device-migrate XEN_SCRIPTS += vscsi @@ -35,10 +35,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh -Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock +Index: xen-4.2.2-testing/tools/hotplug/Linux/domain-lock =================================================================== ---- xen-4.2.1-testing.orig/tools/hotplug/Linux/domain-lock -+++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock +--- xen-4.2.2-testing.orig/tools/hotplug/Linux/domain-lock ++++ xen-4.2.2-testing/tools/hotplug/Linux/domain-lock @@ -4,7 +4,7 @@ basedir=$(dirname "$0") usage() { @@ -48,10 +48,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock echo "" echo "-l lock" echo "-u unlock" -Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock-sfex +Index: xen-4.2.2-testing/tools/hotplug/Linux/domain-lock-sfex =================================================================== --- /dev/null -+++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock-sfex ++++ xen-4.2.2-testing/tools/hotplug/Linux/domain-lock-sfex @@ -0,0 +1,166 @@ +#!/bin/bash + @@ -219,11 +219,11 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock-sfex +;; +esac + -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -4554,8 +4554,14 @@ class XendDomainInfo: +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -4573,8 +4573,14 @@ class XendDomainInfo: # Return name of host contained in lock file. def get_lock_host(self, path): @@ -240,7 +240,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py hostname = "unknown" try: -@@ -4577,6 +4583,16 @@ class XendDomainInfo: +@@ -4596,6 +4602,16 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) @@ -257,7 +257,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py try: if not os.path.exists(path): mkdir.parents(path, stat.S_IRWXU) -@@ -4584,12 +4600,7 @@ class XendDomainInfo: +@@ -4603,12 +4619,7 @@ class XendDomainInfo: log.exception("%s could not be created." % path) raise XendError("%s could not be created." % path) @@ -271,7 +271,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py if status != 0: log.debug("Failed to aqcuire lock: status = %d" % status) raise XendError("The VM is locked and appears to be running on host %s." % self.get_lock_host(path)) -@@ -4606,12 +4617,18 @@ class XendDomainInfo: +@@ -4625,12 +4636,18 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) @@ -296,10 +296,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py if status != 0: log.exception("Failed to release lock: status = %s" % status) try: -Index: xen-4.2.1-testing/tools/python/xen/xend/XendNode.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendNode.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendNode.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendNode.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendNode.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendNode.py @@ -162,6 +162,7 @@ class XendNode: self._init_cpu_pools() @@ -326,10 +326,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendNode.py def add_network(self, interface): # TODO log.debug("add_network(): Not implemented.") -Index: xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendOptions.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendOptions.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendOptions.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendOptions.py @@ -164,6 +164,9 @@ class XendOptions: """Default script to acquire/release domain lock""" xend_domain_lock_utility = auxbin.scripts_dir() + "/domain-lock" diff --git a/xend-domain-lock.patch b/xend-domain-lock.patch index 1ad5126..cb4a103 100644 --- a/xend-domain-lock.patch +++ b/xend-domain-lock.patch @@ -8,17 +8,17 @@ tools/python/xen/xend/XendOptions.py | 29 +++++++++++ 7 files changed, 290 insertions(+) -Index: xen-4.2.1-testing/tools/examples/xend-config.sxp +Index: xen-4.2.2-testing/tools/examples/xend-config.sxp =================================================================== ---- xen-4.2.1-testing.orig/tools/examples/xend-config.sxp -+++ xen-4.2.1-testing/tools/examples/xend-config.sxp +--- xen-4.2.2-testing.orig/tools/examples/xend-config.sxp ++++ xen-4.2.2-testing/tools/examples/xend-config.sxp @@ -324,6 +324,65 @@ # device assignment could really work properly even after we do this. #(pci-passthrough-strict-check yes) +# Domain Locking -+# In a multihost environment, domain locking prevents simultaneously -+# running a domain on more than one host. ++# In a multihost environment, domain locking provides a simple mechanism that ++# prevents simultaneously running a domain on more than one host. +# +# If enabled, xend will execute a external lock utility (defined below) +# on each domain start and stop event. Disabled by default. Set to yes @@ -71,17 +71,17 @@ Index: xen-4.2.1-testing/tools/examples/xend-config.sxp +# when HostA, running vm1, crashes. HostB could not acquire a +# lock for vm1 since the NFS server holds an exclusive lock +# acquired by HostA. The lock file must be manually removed -+# before starting vm1 on HostA. ++# before starting vm1 on HostB. +# +#(xend-domain-lock-utility domain-lock) + # If we have a very big scsi device configuration, start of xend is slow, # because xend scans all the device paths to build its internal PSCSI device # list. If we need only a few devices for assigning to a guest, we can reduce -Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile +Index: xen-4.2.2-testing/tools/hotplug/Linux/Makefile =================================================================== ---- xen-4.2.1-testing.orig/tools/hotplug/Linux/Makefile -+++ xen-4.2.1-testing/tools/hotplug/Linux/Makefile +--- xen-4.2.2-testing.orig/tools/hotplug/Linux/Makefile ++++ xen-4.2.2-testing/tools/hotplug/Linux/Makefile @@ -22,6 +22,7 @@ XEN_SCRIPTS += vtpm vtpm-delete XEN_SCRIPTS += xen-hotplug-cleanup XEN_SCRIPTS += external-device-migrate @@ -90,10 +90,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh -Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock +Index: xen-4.2.2-testing/tools/hotplug/Linux/domain-lock =================================================================== --- /dev/null -+++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock ++++ xen-4.2.2-testing/tools/hotplug/Linux/domain-lock @@ -0,0 +1,83 @@ +#!/bin/bash + @@ -178,10 +178,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock + get_status $vm_path + ;; +esac -Index: xen-4.2.1-testing/tools/hotplug/Linux/vm-monitor +Index: xen-4.2.2-testing/tools/hotplug/Linux/vm-monitor =================================================================== --- /dev/null -+++ xen-4.2.1-testing/tools/hotplug/Linux/vm-monitor ++++ xen-4.2.2-testing/tools/hotplug/Linux/vm-monitor @@ -0,0 +1,41 @@ +#!/bin/bash + @@ -224,20 +224,33 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/vm-monitor +elif [ $0 = "$basedir/vm-monitor" ]; then + monitor $* +fi -Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -130,6 +130,8 @@ def save(fd, dominfo, network, live, dst - dominfo.shutdown('suspend') - dominfo.waitForSuspend() - if line in ('suspend', 'suspended'): -+ if checkpoint == False: -+ dominfo.release_running_lock(domain_name) - dominfo.migrateDevices(network, dst, DEV_MIGRATE_STEP2, - domain_name) - log.info("Domain %d suspended.", dominfo.getDomid()) -@@ -353,6 +355,7 @@ def restore(xd, fd, dominfo = None, paus +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -139,6 +139,11 @@ def save(fd, dominfo, network, live, dst + str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) | (int(log_save_progress) << 6) ) ] + log.debug("[xc_save]: %s", string.join(cmd)) + ++ # It is safe to release the domain lock at this point if not ++ # checkpointing ++ if checkpoint == False: ++ dominfo.release_running_lock(domain_name) ++ + def saveInputHandler(line, tochild): + log.debug("In saveInputHandler %s", line) + if line == "suspend": +@@ -203,6 +208,9 @@ def save(fd, dominfo, network, live, dst + log.exception("Save failed on domain %s (%s) - resuming.", domain_name, + dominfo.getDomid()) + dominfo.resumeDomain() ++ # Reacquire the domain lock ++ if checkpoint == False: ++ dominfo.acquire_running_lock() + + try: + dominfo.setName(domain_name) +@@ -369,6 +377,7 @@ def restore(xd, fd, dominfo = None, paus if not paused: dominfo.unpause() @@ -245,10 +258,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py return dominfo except Exception, exn: dominfo.destroy() -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py @@ -486,6 +486,7 @@ class XendDomainInfo: if self._stateGet() in (XEN_API_VM_POWER_STATE_HALTED, XEN_API_VM_POWER_STATE_SUSPENDED, XEN_API_VM_POWER_STATE_CRASHED): try: @@ -257,7 +270,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py XendTask.log_progress(0, 30, self._constructDomain) XendTask.log_progress(31, 60, self._initDomain) -@@ -3037,6 +3038,11 @@ class XendDomainInfo: +@@ -3056,6 +3057,11 @@ class XendDomainInfo: self._stateSet(DOM_STATE_HALTED) self.domid = None # Do not push into _stateSet()! @@ -269,7 +282,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py finally: self.refresh_shutdown_lock.release() -@@ -4546,6 +4552,74 @@ class XendDomainInfo: +@@ -4565,6 +4571,74 @@ class XendDomainInfo: def has_device(self, dev_class, dev_uuid): return (dev_uuid in self.info['%s_refs' % dev_class.lower()]) @@ -344,10 +357,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py def __str__(self): return '' % \ (str(self.domid), self.info['name_label'], -Index: xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendOptions.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendOptions.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendOptions.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendOptions.py @@ -154,6 +154,17 @@ class XendOptions: use loose check automatically if necessary.""" pci_dev_assign_strict_check_default = True diff --git a/xend-hvm-firmware-passthrough.patch b/xend-hvm-firmware-passthrough.patch new file mode 100644 index 0000000..30680b7 --- /dev/null +++ b/xend-hvm-firmware-passthrough.patch @@ -0,0 +1,277 @@ +fate#313584: pass bios information to XEN HVM guest + +Index: xen-4.2.1-testing/tools/python/xen/xm/create.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/create.py +@@ -491,6 +491,14 @@ gopts.var('nfs_root', val="PATH", + fn=set_value, default=None, + use="Set the path of the root NFS directory.") + ++gopts.var('smbios_firmware', val='FILE', ++ fn=set_value, default=None, ++ use="Path to a file that contains extra SMBIOS firmware structures.") ++ ++gopts.var('acpi_firmware', val='FILE', ++ fn=set_value, default=None, ++ use="Path to a file that contains extra ACPI firmware tables.") ++ + gopts.var('device_model', val='FILE', + fn=set_value, default=None, + use="Path to device model program.") +@@ -1097,6 +1105,7 @@ def configure_hvm(config_image, vals): + 'boot', + 'cpuid', 'cpuid_check', + 'device_model', 'display', ++ 'smbios_firmware', 'acpi_firmware', + 'fda', 'fdb', + 'gfx_passthru', 'guest_os_type', + 'hap', 'hpet', +Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xm/xenapi_create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +@@ -1086,6 +1086,8 @@ class sxp2xml: + 'apic', + 'boot', + 'device_model', ++ 'smbios_firmware', ++ 'acpi_firmware', + 'loader', + 'fda', + 'fdb', +Index: xen-4.2.1-testing/tools/python/xen/xend/image.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.1-testing/tools/python/xen/xend/image.py +@@ -17,7 +17,7 @@ + #============================================================================ + + +-import os, os.path, string ++import os, os.path, string, struct, stat + import re + import math + import time +@@ -123,6 +123,8 @@ class ImageHandler: + + self.device_model = vmConfig['platform'].get('device_model') + ++ self.smbios_firmware =(str(vmConfig['platform'].get('smbios_firmware'))) ++ self.acpi_firmware =(str(vmConfig['platform'].get('acpi_firmware'))) + self.display = vmConfig['platform'].get('display') + self.xauthority = vmConfig['platform'].get('xauthority') + self.vncconsole = int(vmConfig['platform'].get('vncconsole', 0)) +@@ -945,6 +947,38 @@ class HVMImageHandler(ImageHandler): + self.vm.getDomid() ]) + return args + ++ def _readFirmwareFile(self, filename): ++ # Sanity check ++ if filename is None or filename.strip() == "": ++ size = struct.pack('i', int(0)) ++ return size + "" ++ ++ log.debug("Reading firmware file %s", filename) ++ # Open ++ try: ++ fd = os.open(filename, os.O_RDONLY) ++ except Exception, e: ++ raise VmError('Unable to open firmware file %s' % filename) ++ ++ # Validate file size ++ statinfo = os.fstat(fd) ++ if statinfo.st_size == 0 or statinfo.st_size > sys.maxint: ++ os.close(fd) ++ raise VmError('Firmware file %s is an invalid size' % filename) ++ if not stat.S_ISREG(statinfo.st_mode): ++ os.close(fd) ++ raise VmError('Firmware file %s is an invalid file type' % filename) ++ size = struct.pack('i', statinfo.st_size) ++ ++ # Read entire file ++ try: ++ buf = os.read(fd, statinfo.st_size) ++ except Exception, e: ++ os.close(fd) ++ raise VmError('Failed reading firmware file %s' % filename) ++ os.close(fd) ++ return size+buf ++ + def buildDomain(self): + store_evtchn = self.vm.getStorePort() + +@@ -960,6 +994,8 @@ class HVMImageHandler(ImageHandler): + log.debug("vcpu_avail = %li", self.vm.getVCpuAvail()) + log.debug("acpi = %d", self.acpi) + log.debug("apic = %d", self.apic) ++ log.debug("smbios_firmware= %s", self.smbios_firmware) ++ log.debug("acpi_firmware = %s", self.acpi_firmware) + + rc = xc.hvm_build(domid = self.vm.getDomid(), + image = self.loader, +@@ -968,7 +1004,9 @@ class HVMImageHandler(ImageHandler): + vcpus = self.vm.getVCpuCount(), + vcpu_avail = self.vm.getVCpuAvail(), + acpi = self.acpi, +- apic = self.apic) ++ apic = self.apic, ++ smbios_firmware= self._readFirmwareFile(self.smbios_firmware), ++ acpi_firmware = self._readFirmwareFile(self.acpi_firmware)) + rc['notes'] = { 'SUSPEND_CANCEL': 1 } + + rc['store_mfn'] = xc.hvm_get_param(self.vm.getDomid(), +Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +@@ -147,6 +147,8 @@ XENAPI_PLATFORM_CFG_TYPES = { + 'apic': int, + 'boot': str, + 'device_model': str, ++ 'smbios_firmware': str, ++ 'acpi_firmware': str, + 'loader': str, + 'display' : str, + 'fda': str, +@@ -515,6 +517,10 @@ class XendConfig(dict): + self['platform']['nomigrate'] = 0 + + if self.is_hvm(): ++ if 'smbios_firmware' not in self['platform']: ++ self['platform']['smbios_firmware'] = "" ++ if 'acpi_firmware' not in self['platform']: ++ self['platform']['acpi_firmware'] = "" + if 'timer_mode' not in self['platform']: + self['platform']['timer_mode'] = 1 + if 'viridian' not in self['platform']: +Index: xen-4.2.1-testing/tools/python/xen/lowlevel/xc/xc.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/lowlevel/xc/xc.c ++++ xen-4.2.1-testing/tools/python/xen/lowlevel/xc/xc.c +@@ -942,18 +942,23 @@ static PyObject *pyxc_hvm_build(XcObject + struct hvm_info_table *va_hvm; + uint8_t *va_map, sum; + #endif +- int i; +- char *image; ++ int i, datalen; ++ char *image, *smbios_str, *acpi_str; + int memsize, target=-1, vcpus = 1, acpi = 0, apic = 1; ++ PyObject *acpi_firmware = NULL; ++ PyObject *smbios_firmware = NULL; + PyObject *vcpu_avail_handle = NULL; + uint8_t vcpu_avail[(HVM_MAX_VCPUS + 7)/8]; ++ struct xc_hvm_build_args hvm_args = {}; + + static char *kwd_list[] = { "domid", + "memsize", "image", "target", "vcpus", +- "vcpu_avail", "acpi", "apic", NULL }; +- if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiOii", kwd_list, ++ "vcpu_avail", "acpi", "apic", ++ "smbios_firmware", "acpi_firmware", NULL }; ++ if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiOiiOO", kwd_list, + &dom, &memsize, &image, &target, &vcpus, +- &vcpu_avail_handle, &acpi, &apic) ) ++ &vcpu_avail_handle, &acpi, ++ &apic, &smbios_firmware, &acpi_firmware) ) + return NULL; + + memset(vcpu_avail, 0, sizeof(vcpu_avail)); +@@ -984,8 +989,38 @@ static PyObject *pyxc_hvm_build(XcObject + if ( target == -1 ) + target = memsize; + +- if ( xc_hvm_build_target_mem(self->xc_handle, dom, memsize, +- target, image) != 0 ) ++ memset(&hvm_args, 0, sizeof(struct xc_hvm_build_args)); ++ hvm_args.mem_size = (uint64_t)memsize << 20; ++ hvm_args.mem_target = (uint64_t)target << 20; ++ hvm_args.image_file_name = image; ++ ++ if ( PyString_Check(smbios_firmware ) ) ++ { ++ smbios_str = PyString_AsString(smbios_firmware); ++ if ( smbios_str ) ++ { ++ datalen = *(int *)smbios_str; ++ if ( datalen ) { ++ hvm_args.smbios_module.data = &((uint8_t *)smbios_str)[4]; ++ hvm_args.smbios_module.length = (uint32_t)datalen; ++ } ++ } ++ } ++ ++ if ( PyString_Check(acpi_firmware ) ) ++ { ++ acpi_str = PyString_AsString(acpi_firmware); ++ if (acpi_str) ++ { ++ datalen = *(int *)acpi_str; ++ if ( datalen ) { ++ hvm_args.acpi_module.data = &((uint8_t *)acpi_str)[4]; ++ hvm_args.acpi_module.length = (uint32_t)datalen; ++ } ++ } ++ } ++ ++ if ( xc_hvm_build(self->xc_handle, dom, &hvm_args) != 0 ) + return pyxc_error_to_exception(self->xc_handle); + + #if !defined(__ia64__) +Index: xen-4.2.1-testing/docs/man/xmdomain.cfg.pod.5 +=================================================================== +--- xen-4.2.1-testing.orig/docs/man/xmdomain.cfg.pod.5 ++++ xen-4.2.1-testing/docs/man/xmdomain.cfg.pod.5 +@@ -243,6 +243,25 @@ this the xen kernel must be compiled wit + + This defaults to 1, meaning running the domain as a UP. + ++=item B ++ ++Specify a path to a file that contains extra ACPI firmware tables to pass in to ++a guest. The file can contain several tables in their binary AML form ++concatenated together. Each table self describes its length so no additional ++information is needed. These tables will be added to the ACPI table set in the ++guest. Note that existing tables cannot be overridden by this feature. For ++example this cannot be used to override tables like DSDT, FADT, etc. ++ ++=item B ++ ++Specify a path to a file that contains extra SMBIOS firmware structures to pass ++in to a guest. The file can contain a set DMTF predefined structures which will ++override the internal defaults. Not all predefined structures can be overridden, ++only the following types: 0, 1, 2, 3, 11, 22, 39. The file can also contain any ++number of vendor defined SMBIOS structures (type 128 - 255). Since SMBIOS ++structures do not present their overall size, each entry in the file must be ++preceded by a 32b integer indicating the size of the next structure. ++ + =back + + =head1 DOMAIN SHUTDOWN OPTIONS +Index: xen-4.2.1-testing/tools/python/README.sxpcfg +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/README.sxpcfg ++++ xen-4.2.1-testing/tools/python/README.sxpcfg +@@ -51,6 +51,8 @@ image + - vncunused + (HVM) + - device_model ++ - smbios_firmware ++ - acpi_firmware + - display + - xauthority + - vncconsole +Index: xen-4.2.1-testing/tools/python/README.XendConfig +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/README.XendConfig ++++ xen-4.2.1-testing/tools/python/README.XendConfig +@@ -120,6 +120,8 @@ otherConfig + image.vncdisplay + image.vncunused + image.hvm.device_model ++ image.hvm.smbios_firmware ++ image.hvm.apci_firmware + image.hvm.display + image.hvm.xauthority + image.hvm.vncconsole diff --git a/xend-migration-domname-fix.patch b/xend-migration-domname-fix.patch index 7941dfd..4cefe25 100644 --- a/xend-migration-domname-fix.patch +++ b/xend-migration-domname-fix.patch @@ -4,11 +4,11 @@ domname from xenstore (like 'virsh list') could get correct value. destroyed but there is still VM entry in xenstore. Signed-off-by: Chunyan Liu -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1947,6 +1947,8 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1963,6 +1963,8 @@ class XendDomainInfo: self.info['name_label'] = name if to_store: self.storeVm("name", name) @@ -17,11 +17,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def getName(self): return self.info['name_label'] -Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -172,7 +172,10 @@ def save(fd, dominfo, network, live, dst +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -188,7 +188,10 @@ def save(fd, dominfo, network, live, dst dominfo.destroy() dominfo.testDeviceComplete() try: diff --git a/xend-vcpu-affinity-fix.patch b/xend-vcpu-affinity-fix.patch index 4c28e92..7d280f7 100644 --- a/xend-vcpu-affinity-fix.patch +++ b/xend-vcpu-affinity-fix.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2785,7 +2785,10 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2801,7 +2801,10 @@ class XendDomainInfo: from xen.xend import XendDomain doms = XendDomain.instance().list('all') for dom in filter (lambda d: d.domid != self.domid, doms): diff --git a/xenpaging.autostart.patch b/xenpaging.autostart.patch index 3c236f7..6fca3de 100644 --- a/xenpaging.autostart.patch +++ b/xenpaging.autostart.patch @@ -45,10 +45,10 @@ v2: tools/python/xen/xm/xenapi_create.py | 3 + 10 files changed, 179 insertions(+) -Index: xen-4.2.1-testing/tools/examples/xmexample.hvm +Index: xen-4.2.2-testing/tools/examples/xmexample.hvm =================================================================== ---- xen-4.2.1-testing.orig/tools/examples/xmexample.hvm -+++ xen-4.2.1-testing/tools/examples/xmexample.hvm +--- xen-4.2.2-testing.orig/tools/examples/xmexample.hvm ++++ xen-4.2.2-testing/tools/examples/xmexample.hvm @@ -142,6 +142,15 @@ disk = [ 'file:/var/lib/xen/images/disk. # Device Model to be used device_model = 'qemu-dm' @@ -65,10 +65,10 @@ Index: xen-4.2.1-testing/tools/examples/xmexample.hvm #----------------------------------------------------------------------------- # boot on floppy (a), hard disk (c), Network (n) or CD-ROM (d) # default: hard disk, cd-rom, floppy -Index: xen-4.2.1-testing/tools/python/README.XendConfig +Index: xen-4.2.2-testing/tools/python/README.XendConfig =================================================================== ---- xen-4.2.1-testing.orig/tools/python/README.XendConfig -+++ xen-4.2.1-testing/tools/python/README.XendConfig +--- xen-4.2.2-testing.orig/tools/python/README.XendConfig ++++ xen-4.2.2-testing/tools/python/README.XendConfig @@ -120,6 +120,9 @@ otherConfig image.vncdisplay image.vncunused @@ -76,13 +76,13 @@ Index: xen-4.2.1-testing/tools/python/README.XendConfig + image.hvm.actmem + image.hvm.xenpaging_file + image.hvm.xenpaging_extra + image.hvm.smbios_firmware + image.hvm.apci_firmware image.hvm.display - image.hvm.xauthority - image.hvm.vncconsole -Index: xen-4.2.1-testing/tools/python/README.sxpcfg +Index: xen-4.2.2-testing/tools/python/README.sxpcfg =================================================================== ---- xen-4.2.1-testing.orig/tools/python/README.sxpcfg -+++ xen-4.2.1-testing/tools/python/README.sxpcfg +--- xen-4.2.2-testing.orig/tools/python/README.sxpcfg ++++ xen-4.2.2-testing/tools/python/README.sxpcfg @@ -51,6 +51,9 @@ image - vncunused (HVM) @@ -90,13 +90,13 @@ Index: xen-4.2.1-testing/tools/python/README.sxpcfg + - actmem + - xenpaging_file + - xenpaging_extra + - smbios_firmware + - acpi_firmware - display - - xauthority - - vncconsole -Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendConfig.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendConfig.py @@ -147,6 +147,9 @@ XENAPI_PLATFORM_CFG_TYPES = { 'apic': int, 'boot': str, @@ -104,10 +104,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py + 'actmem': str, + 'xenpaging_file': str, + 'xenpaging_extra': str, + 'smbios_firmware': str, + 'acpi_firmware': str, 'loader': str, - 'display' : str, - 'fda': str, -@@ -516,6 +519,12 @@ class XendConfig(dict): +@@ -518,6 +521,12 @@ class XendConfig(dict): self['platform']['nomigrate'] = 0 if self.is_hvm(): @@ -117,16 +117,16 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py + self['platform']['xenpaging_file'] = "" + if 'xenpaging_extra' not in self['platform']: + self['platform']['xenpaging_extra'] = [] - if 'timer_mode' not in self['platform']: - self['platform']['timer_mode'] = 1 - if 'extid' in self['platform'] and int(self['platform']['extid']) == 1: -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py + if 'smbios_firmware' not in self['platform']: + self['platform']['smbios_firmware'] = "" + if 'acpi_firmware' not in self['platform']: +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomain.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py -@@ -1835,6 +1835,21 @@ class XendDomain: - log.exception(ex) - raise XendError(str(ex)) +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomain.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomain.py +@@ -1849,6 +1849,21 @@ class XendDomain: + raise XendInvalidDomain(str(domid)) + dominfo.setMigrateConstraints(max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress) + def domain_swaptarget_set(self, domid, mem): + """Set the memory limit for a domain. @@ -146,11 +146,11 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py def domain_maxmem_set(self, domid, mem): """Set the memory limit for a domain. -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1532,6 +1532,17 @@ class XendDomainInfo: +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1551,6 +1551,17 @@ class XendDomainInfo: break xen.xend.XendDomain.instance().managed_config_save(self) @@ -168,7 +168,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -@@ -2322,6 +2333,8 @@ class XendDomainInfo: +@@ -2341,6 +2352,8 @@ class XendDomainInfo: self.info['name_label'], self.domid, self.info['uuid'], new_name, new_uuid) self._unwatchVm() @@ -177,7 +177,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() # Remove existing vm node in xenstore self._removeVm() -@@ -3001,6 +3014,9 @@ class XendDomainInfo: +@@ -3020,6 +3033,9 @@ class XendDomainInfo: self._createDevices() @@ -187,7 +187,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self.image.cleanupTmpImages() self.info['start_time'] = time.time() -@@ -3025,6 +3041,8 @@ class XendDomainInfo: +@@ -3044,6 +3060,8 @@ class XendDomainInfo: self.refresh_shutdown_lock.acquire() try: self.unwatchShutdown() @@ -196,7 +196,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() bootloader_tidy(self) -@@ -3109,6 +3127,7 @@ class XendDomainInfo: +@@ -3128,6 +3146,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self.image.createDeviceModel(True) @@ -204,7 +204,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self.console_port = console_port self._storeDomDetails() self._registerWatches() -@@ -3251,6 +3270,8 @@ class XendDomainInfo: +@@ -3270,6 +3289,8 @@ class XendDomainInfo: # could also fetch a parsed note from xenstore fast = self.info.get_notes().get('SUSPEND_CANCEL') and 1 or 0 if not fast: @@ -213,7 +213,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() self.testDeviceComplete() self.testvifsComplete() -@@ -3266,6 +3287,8 @@ class XendDomainInfo: +@@ -3285,6 +3306,8 @@ class XendDomainInfo: self._storeDomDetails() self._createDevices() @@ -222,10 +222,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py log.debug("XendDomainInfo.resumeDomain: devices created") xc.domain_resume(self.domid, fast) -Index: xen-4.2.1-testing/tools/python/xen/xend/image.py +Index: xen-4.2.2-testing/tools/python/xen/xend/image.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py -+++ xen-4.2.1-testing/tools/python/xen/xend/image.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.2-testing/tools/python/xen/xend/image.py @@ -122,6 +122,10 @@ class ImageHandler: self.vm.permissionsVm("image/cmdline", { 'dom': self.vm.getDomid(), 'read': True } ) @@ -235,9 +235,9 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/image.py + self.xenpaging_extra = vmConfig['platform'].get('xenpaging_extra') + self.xenpaging_pid = None - self.display = vmConfig['platform'].get('display') - self.xauthority = vmConfig['platform'].get('xauthority') -@@ -392,6 +396,87 @@ class ImageHandler: + self.smbios_firmware =(str(vmConfig['platform'].get('smbios_firmware'))) + self.acpi_firmware =(str(vmConfig['platform'].get('acpi_firmware'))) +@@ -394,6 +398,87 @@ class ImageHandler: sentinel_fifos_inuse[sentinel_path_fifo] = 1 self.sentinel_path_fifo = sentinel_path_fifo @@ -325,13 +325,13 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/image.py def createDeviceModel(self, restore = False): if self.device_model is None: return -Index: xen-4.2.1-testing/tools/python/xen/xm/create.py +Index: xen-4.2.2-testing/tools/python/xen/xm/create.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py -+++ xen-4.2.1-testing/tools/python/xen/xm/create.py -@@ -495,6 +495,18 @@ gopts.var('nfs_root', val="PATH", +--- xen-4.2.2-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.2-testing/tools/python/xen/xm/create.py +@@ -503,6 +503,18 @@ gopts.var('acpi_firmware', val='FILE', fn=set_value, default=None, - use="Set the path of the root NFS directory.") + use="Path to a file that contains extra ACPI firmware tables.") +gopts.var('actmem', val='NUM', + fn=set_value, default='0', @@ -348,7 +348,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/create.py gopts.var('device_model', val='FILE', fn=set_value, default=None, use="Path to device model program.") -@@ -1100,6 +1112,9 @@ def configure_hvm(config_image, vals): +@@ -1108,6 +1120,9 @@ def configure_hvm(config_image, vals): args = [ 'acpi', 'apic', 'boot', 'cpuid', 'cpuid_check', @@ -356,12 +356,12 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/create.py + 'xenpaging_file', + 'xenpaging_extra', 'device_model', 'display', + 'smbios_firmware', 'acpi_firmware', 'fda', 'fdb', - 'gfx_passthru', 'guest_os_type', -Index: xen-4.2.1-testing/tools/python/xen/xm/main.py +Index: xen-4.2.2-testing/tools/python/xen/xm/main.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/main.py -+++ xen-4.2.1-testing/tools/python/xen/xm/main.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/main.py ++++ xen-4.2.2-testing/tools/python/xen/xm/main.py @@ -115,6 +115,8 @@ SUBCOMMAND_HELP = { 'Set the maximum amount reservation for a domain.'), 'mem-set' : (' ', @@ -397,10 +397,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/main.py # cpu commands "vcpu-pin": xm_vcpu_pin, "vcpu-list": xm_vcpu_list, -Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +Index: xen-4.2.2-testing/tools/python/xen/xm/xenapi_create.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/xenapi_create.py -+++ xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/xenapi_create.py ++++ xen-4.2.2-testing/tools/python/xen/xm/xenapi_create.py @@ -1085,6 +1085,9 @@ class sxp2xml: 'acpi', 'apic', @@ -409,5 +409,5 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py + 'xenpaging_file', + 'xenpaging_extra', 'device_model', - 'loader', - 'fda', + 'smbios_firmware', + 'acpi_firmware', diff --git a/xenpaging.qemu.flush-cache.patch b/xenpaging.qemu.flush-cache.patch new file mode 100644 index 0000000..55dbb6f --- /dev/null +++ b/xenpaging.qemu.flush-cache.patch @@ -0,0 +1,31 @@ +Subject: xenpaging/qemu-dm: add command to flush buffer cache. + +Add support for a xenstore dm command to flush qemu's buffer cache. + +qemu will just keep mapping pages and not release them, which causes problems +for the memory pager (since the page is mapped, it won't get paged out). When +the pager has trouble finding a page to page out, it asks qemu to flush its +buffer, which releases all the page mappings. This makes it possible to find +pages to swap out agian. + +Already-Signed-off-by: Patrick Colp +Signed-off-by: Olaf Hering + +--- + tools/qemu-xen-traditional-dir-remote/xenstore.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: xen-4.2.2-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +=================================================================== +--- xen-4.2.2-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c ++++ xen-4.2.2-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +@@ -1019,6 +1019,9 @@ static void xenstore_process_dm_command_ + do_pci_add(par); + free(par); + #endif ++ } else if (!strncmp(command, "flush-cache", len)) { ++ fprintf(logfile, "dm-command: flush caches\n"); ++ qemu_invalidate_map_cache(); + } else { + fprintf(logfile, "dm-command: unknown command\"%*s\"\n", len, command); + }