From 9621add6e31a9a3662f035af2d13d824382f6738909cbaff26756aaba73ef86c Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Thu, 21 Mar 2013 22:43:53 +0000 Subject: [PATCH 1/8] - Load blktap module in xencommons init script. blktap2 doesn't support qcow2, so blktap is needed to support domains with 'tap:qcow2' disk configurations. modified tmp-initscript-modprobe.patch - bnc#809203 - xen.efi isn't signed with SUSE Secure Boot key xen.spec - Fix adding managed PCI device to an inactive domain modified xen-managed-pci-device.patch - bnc#805094 - xen hot plug attach/detach fails modified blktap-pv-cdrom.patch - bnc# 802690 - domain locking can prevent a live migration from completing modified xend-domain-lock.patch - bnc#797014 - no way to control live migrations 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch xen.migrate.tools_set_migration_constraints_from_cmdline.patch xen.migrate.tools_add_xm_migrate_--log_progress_option.patch - Upstream patches from Jan 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch 26601-honor-ACPI-v4-FADT-flags.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=232 --- 26443-ACPI-zap-DMAR.patch | 35 ++- ...9-tools-xc_turn_XCFLAGS__into_shifts.patch | 0 ...ake-the-p2m-lock-even-in-shadow-mode.patch | 50 ++++ ...p-after-failure-to-set-up-all-vCPU-s.patch | 57 ++++ 26601-honor-ACPI-v4-FADT-flags.patch | 158 ++++++++++ ...reference-in-intel_get_extended_msrs.patch | 22 ++ 26659-AMD-IOMMU-erratum-746-workaround.patch | 73 +++++ 26660-x86-fix-CMCI-injection.patch | 128 ++++++++ 26672-vmx-fix-handling-of-NMI-VMEXIT.patch | 107 +++++++ ...hen-moving-domain-to-another-cpupool.patch | 80 +++++ ...ty_detection_in_stdiostream_progress.patch | 43 +++ ...-compat-memory-exchange-op-splitting.patch | 24 ++ ...n-memory-sub-ops-return-valid-values.patch | 78 +++++ ...SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch | 58 ++++ ...ocessing-events-on-the-NMI-exit-path.patch | 134 +++++++++ ...t-operations-for-the-flags-structure.patch | 113 +++++++ ...ix-off-by-one-in-calculate_tbuf_size.patch | 36 +++ ...in-unlocking-in-some-xsm-error-paths.patch | 25 ++ 32on64-extra-mem.patch | 2 +- blktap-pv-cdrom.patch | 49 ++-- blktap.patch | 14 +- change-vnc-passwd.patch | 38 +-- change_home_server.patch | 8 +- checkpoint-rename.patch | 8 +- hv_extid_compatibility.patch | 30 +- multi-xvdp.patch | 8 +- tmp-initscript-modprobe.patch | 11 +- x86-extra-trap-info.patch | 15 +- xen-domUloader.diff | 24 +- xen-managed-pci-device.patch | 19 +- xen-max-free-mem.diff | 36 +-- xen.changes | 91 ++++++ ..._document_printf_calls_in_xc_restore.patch | 20 ++ ...messages_from_xc_save_with_xc_report.patch | 178 +++++++++++ ...rework_xc_save.cswitch_qemu_logdirty.patch | 136 +++++++++ ...add_xm_migrate_--log_progress_option.patch | 138 +++++++++ ...t_migration_constraints_from_cmdline.patch | 223 ++++++++++++++ xen.spec | 51 +++- xenalyze.hg.tar.bz2 | 4 +- xenapi-console-protocol.patch | 8 +- xend-console-port-restore.patch | 18 +- xend-core-dump-loc.diff | 8 +- xend-domain-lock-sfex.patch | 8 +- xend-domain-lock.patch | 43 ++- xend-hvm-firmware-passthrough.patch | 277 ++++++++++++++++++ xend-migration-domname-fix.patch | 16 +- xend-vcpu-affinity-fix.patch | 8 +- xenpaging.autostart.patch | 58 ++-- 48 files changed, 2567 insertions(+), 201 deletions(-) rename 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch => 26549-tools-xc_turn_XCFLAGS__into_shifts.patch (100%) create mode 100644 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch create mode 100644 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch create mode 100644 26601-honor-ACPI-v4-FADT-flags.patch create mode 100644 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch create mode 100644 26659-AMD-IOMMU-erratum-746-workaround.patch create mode 100644 26660-x86-fix-CMCI-injection.patch create mode 100644 26672-vmx-fix-handling-of-NMI-VMEXIT.patch create mode 100644 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch create mode 100644 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch create mode 100644 26676-fix-compat-memory-exchange-op-splitting.patch create mode 100644 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch create mode 100644 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch create mode 100644 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch create mode 100644 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch create mode 100644 26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch create mode 100644 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch create mode 100644 xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch create mode 100644 xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch create mode 100644 xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch create mode 100644 xen.migrate.tools_add_xm_migrate_--log_progress_option.patch create mode 100644 xen.migrate.tools_set_migration_constraints_from_cmdline.patch create mode 100644 xend-hvm-firmware-passthrough.patch diff --git a/26443-ACPI-zap-DMAR.patch b/26443-ACPI-zap-DMAR.patch index f5f3e95..fe6f386 100644 --- a/26443-ACPI-zap-DMAR.patch +++ b/26443-ACPI-zap-DMAR.patch @@ -82,7 +82,15 @@ Committed-by: Jan Beulich +} --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c -@@ -786,7 +786,18 @@ out: +@@ -776,6 +776,7 @@ out: + } + + #ifdef CONFIG_X86 ++#include + #include + /* ACPI tables may not be DMA protected by tboot, so use DMAR copy */ + /* SINIT saved in SinitMleData in TXT heap (which is DMA protected) */ +@@ -786,7 +787,32 @@ out: int __init acpi_dmar_init(void) { @@ -93,12 +101,26 @@ Committed-by: Jan Beulich + if ( ACPI_SUCCESS(acpi_get_table_phys(ACPI_SIG_DMAR, 0, + &dmar_addr, &dmar_len)) ) + { ++#ifdef CONFIG_X86_32 ++ if ( dmar_addr + dmar_len > (DIRECTMAP_MBYTES << 20) ) ++ { ++ unsigned long offset = dmar_addr & (PAGE_SIZE - 1); ++ unsigned long mapped_size = PAGE_SIZE - offset; ++ ++ set_fixmap(FIX_DMAR_ZAP_LO, dmar_addr); ++ if ( mapped_size < sizeof(*dmar_table) ) ++ set_fixmap(FIX_DMAR_ZAP_HI, dmar_addr + PAGE_SIZE); ++ dmar_table = (void *)fix_to_virt(FIX_DMAR_ZAP_LO) + offset; ++ goto exit; ++ } ++#endif + map_pages_to_xen((unsigned long)__va(dmar_addr), PFN_DOWN(dmar_addr), + PFN_UP(dmar_addr + dmar_len) - PFN_DOWN(dmar_addr), + PAGE_HYPERVISOR); + dmar_table = __va(dmar_addr); + } + ++ exit: __attribute__((__unused__)) return parse_dmar_table(acpi_parse_dmar); } @@ -114,3 +136,14 @@ Committed-by: Jan Beulich /* * Namespace and name interfaces */ +--- a/xen/include/asm-x86/fixmap.h ++++ b/xen/include/asm-x86/fixmap.h +@@ -50,6 +50,8 @@ enum fixed_addresses { + FIX_PAE_HIGHMEM_END = FIX_PAE_HIGHMEM_0 + NR_CPUS-1, + #define FIX_VGC_END FIX_PAE_HIGHMEM_0 + #define FIX_VGC_BEGIN FIX_PAE_HIGHMEM_END ++ FIX_DMAR_ZAP_HI, ++ FIX_DMAR_ZAP_LO, + #else + FIX_VGC_END, + FIX_VGC_BEGIN = FIX_VGC_END diff --git a/26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch b/26549-tools-xc_turn_XCFLAGS__into_shifts.patch similarity index 100% rename from 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch rename to 26549-tools-xc_turn_XCFLAGS__into_shifts.patch diff --git a/26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch b/26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch new file mode 100644 index 0000000..5c8719e --- /dev/null +++ b/26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch @@ -0,0 +1,50 @@ +# Commit a15d87475ed95840dba693ab0a56d0b48a215cbc +# Date 2013-02-21 15:16:20 +0000 +# Author Tim Deegan +# Committer Tim Deegan +x86/mm: Take the p2m lock even in shadow mode. + +The reworking of p2m lookups to use get_gfn()/put_gfn() left the +shadow code not taking the p2m lock, even in cases where the p2m would +be updated (i.e. PoD). + +In many cases, shadow code doesn't need the exclusion that +get_gfn()/put_gfn() provides, as it has its own interlocks against p2m +updates, but this is taking things too far, and can lead to crashes in +the PoD code. + +Now that most shadow-code p2m lookups are done with explicitly +unlocked accessors, or with the get_page_from_gfn() accessor, which is +often lock-free, we can just turn this locking on. + +The remaining locked lookups are in sh_page_fault() (in a path that's +almost always already serializing on the paging lock), and in +emulate_map_dest() (which can probably be updated to use +get_page_from_gfn()). They're not addressed here but may be in a +follow-up patch. + +Signed-off-by: Tim Deegan +Acked-by: Andres Lagar-Cavilla + +--- a/xen/arch/x86/mm/p2m.c ++++ b/xen/arch/x86/mm/p2m.c +@@ -163,8 +163,7 @@ mfn_t __get_gfn_type_access(struct p2m_d + return _mfn(gfn); + } + +- /* For now only perform locking on hap domains */ +- if ( locked && (hap_enabled(p2m->domain)) ) ++ if ( locked ) + /* Grab the lock here, don't release until put_gfn */ + gfn_lock(p2m, gfn, 0); + +@@ -197,8 +196,7 @@ mfn_t __get_gfn_type_access(struct p2m_d + + void __put_gfn(struct p2m_domain *p2m, unsigned long gfn) + { +- if ( !p2m || !paging_mode_translate(p2m->domain) +- || !hap_enabled(p2m->domain) ) ++ if ( !p2m || !paging_mode_translate(p2m->domain) ) + /* Nothing to do in this case */ + return; + diff --git a/26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch b/26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch new file mode 100644 index 0000000..4fa14a5 --- /dev/null +++ b/26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch @@ -0,0 +1,57 @@ +# Commit 17281aea1a9a10f1ee165c6e6a2921a67b7b1df2 +# Date 2013-02-22 11:21:38 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86/nhvm: properly clean up after failure to set up all vCPU-s + +Otherwise we may leak memory when setting up nHVM fails half way. + +This implies that the individual destroy functions will have to remain +capable (in the VMX case they first need to be made so, following +26486:7648ef657fe7 and 26489:83a3fa9c8434) of being called for a vCPU +that the corresponding init function was never run on. + +Once at it, also remove a redundant check from the corresponding +parameter validation code. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan +Tested-by: Olaf Hering + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -3941,18 +3941,20 @@ long do_hvm_op(unsigned long op, XEN_GUE + #else + if ( a.value > 1 ) + rc = -EINVAL; +- if ( !is_hvm_domain(d) ) +- rc = -EINVAL; + /* Remove the check below once we have + * shadow-on-shadow. + */ + if ( cpu_has_svm && !paging_mode_hap(d) && a.value ) + rc = -EINVAL; + /* Set up NHVM state for any vcpus that are already up */ +- if ( !d->arch.hvm_domain.params[HVM_PARAM_NESTEDHVM] ) ++ if ( a.value && ++ !d->arch.hvm_domain.params[HVM_PARAM_NESTEDHVM] ) + for_each_vcpu(d, v) + if ( rc == 0 ) + rc = nestedhvm_vcpu_initialise(v); ++ if ( !a.value || rc ) ++ for_each_vcpu(d, v) ++ nestedhvm_vcpu_destroy(v); + #endif + break; + case HVM_PARAM_BUFIOREQ_EVTCHN: +--- a/xen/arch/x86/hvm/nestedhvm.c ++++ b/xen/arch/x86/hvm/nestedhvm.c +@@ -88,7 +88,7 @@ nestedhvm_vcpu_initialise(struct vcpu *v + void + nestedhvm_vcpu_destroy(struct vcpu *v) + { +- if ( nestedhvm_enabled(v->domain) && hvm_funcs.nhvm_vcpu_destroy ) ++ if ( hvm_funcs.nhvm_vcpu_destroy ) + hvm_funcs.nhvm_vcpu_destroy(v); + } + diff --git a/26601-honor-ACPI-v4-FADT-flags.patch b/26601-honor-ACPI-v4-FADT-flags.patch new file mode 100644 index 0000000..124567b --- /dev/null +++ b/26601-honor-ACPI-v4-FADT-flags.patch @@ -0,0 +1,158 @@ +# Commit 992fdf6f46252a459c6b1b8d971b2c71f01460f8 +# Date 2013-02-22 11:56:54 +0100 +# Author Jan Beulich +# Committer Jan Beulich +honor ACPI v4 FADT flags + +- force use of physical APIC mode if indicated so (as we don't support + xAPIC cluster mode, the respective flag is taken to force physical + mode too) +- don't use MSI if indicated so (implies no IOMMU) + +Both can be overridden on the command line, for the MSI case this at +once adds a new command line option allowing to turn off PCI MSI (IOMMU +and HPET are unaffected by this). + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/docs/misc/xen-command-line.markdown ++++ b/docs/misc/xen-command-line.markdown +@@ -602,6 +602,13 @@ limit is ignored by Xen. + + Specify if the MMConfig space should be enabled. + ++### msi ++> `= ` ++ ++> Default: `true` ++ ++Force Xen to (not) use PCI-MSI, even if ACPI FADT says otherwise. ++ + ### nmi + > `= ignore | dom0 | fatal` + +--- a/xen/arch/x86/genapic/bigsmp.c ++++ b/xen/arch/x86/genapic/bigsmp.c +@@ -40,7 +40,14 @@ static struct dmi_system_id __initdata b + + static __init int probe_bigsmp(void) + { +- if (!def_to_bigsmp) ++ /* ++ * We don't implement cluster mode, so force use of ++ * physical mode in both cases. ++ */ ++ if (acpi_gbl_FADT.flags & ++ (ACPI_FADT_APIC_CLUSTER | ACPI_FADT_APIC_PHYSICAL)) ++ def_to_bigsmp = 1; ++ else if (!def_to_bigsmp) + dmi_check_system(bigsmp_dmi_table); + return def_to_bigsmp; + } +--- a/xen/arch/x86/genapic/x2apic.c ++++ b/xen/arch/x86/genapic/x2apic.c +@@ -29,9 +29,6 @@ + #include + #include + +-static bool_t __initdata x2apic_phys; /* By default we use logical cluster mode. */ +-boolean_param("x2apic_phys", x2apic_phys); +- + static void init_apic_ldr_x2apic_phys(void) + { + } +@@ -121,8 +118,14 @@ static const struct genapic apic_x2apic_ + .send_IPI_self = send_IPI_self_x2apic + }; + ++static s8 __initdata x2apic_phys = -1; /* By default we use logical cluster mode. */ ++boolean_param("x2apic_phys", x2apic_phys); ++ + const struct genapic *__init apic_x2apic_probe(void) + { ++ if ( x2apic_phys < 0 ) ++ x2apic_phys = !!(acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL); ++ + return x2apic_phys ? &apic_x2apic_phys : &apic_x2apic_cluster; + } + +--- a/xen/arch/x86/msi.c ++++ b/xen/arch/x86/msi.c +@@ -31,6 +31,9 @@ + #include + #include + ++static s8 __read_mostly use_msi = -1; ++boolean_param("msi", use_msi); ++ + /* bitmap indicate which fixed map is free */ + DEFINE_SPINLOCK(msix_fixmap_lock); + DECLARE_BITMAP(msix_fixmap_pages, FIX_MSIX_MAX_PAGES); +@@ -958,6 +961,9 @@ int pci_enable_msi(struct msi_info *msi, + { + ASSERT(spin_is_locked(&pcidevs_lock)); + ++ if ( !use_msi ) ++ return -EPERM; ++ + return msi->table_base ? __pci_enable_msix(msi, desc) : + __pci_enable_msi(msi, desc); + } +@@ -1003,7 +1009,10 @@ int pci_restore_msi_state(struct pci_dev + + ASSERT(spin_is_locked(&pcidevs_lock)); + +- if (!pdev) ++ if ( !use_msi ) ++ return -EOPNOTSUPP; ++ ++ if ( !pdev ) + return -EINVAL; + + ret = xsm_resource_setup_pci((pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn); +@@ -1062,7 +1071,7 @@ unsigned int pci_msix_get_table_len(stru + func = PCI_FUNC(pdev->devfn); + + pos = pci_find_cap_offset(seg, bus, slot, func, PCI_CAP_ID_MSIX); +- if ( !pos ) ++ if ( !pos || !use_msi ) + return 0; + + control = pci_conf_read16(seg, bus, slot, func, msix_control_reg(pos)); +@@ -1135,6 +1144,9 @@ static struct keyhandler dump_msi_keyhan + + static int __init msi_setup_keyhandler(void) + { ++ if ( use_msi < 0 ) ++ use_msi = !(acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_MSI); ++ + register_keyhandler('M', &dump_msi_keyhandler); + return 0; + } +--- a/xen/drivers/passthrough/amd/iommu_acpi.c ++++ b/xen/drivers/passthrough/amd/iommu_acpi.c +@@ -1066,5 +1066,8 @@ int __init amd_iommu_get_ivrs_dev_entrie + + int __init amd_iommu_update_ivrs_mapping_acpi(void) + { ++ if ( unlikely(acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_MSI) ) ++ return -EPERM; ++ + return acpi_table_parse(ACPI_SIG_IVRS, parse_ivrs_table); + } +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -2119,6 +2119,12 @@ int __init intel_vtd_setup(void) + if ( list_empty(&acpi_drhd_units) ) + return -ENODEV; + ++ if ( unlikely(acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_MSI) ) ++ { ++ ret = -EPERM; ++ goto error; ++ } ++ + platform_quirks_init(); + + /* We enable the following features only if they are supported by all VT-d diff --git a/26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch b/26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch new file mode 100644 index 0000000..3904b58 --- /dev/null +++ b/26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch @@ -0,0 +1,22 @@ +# Commit c40e24a8ef74f9d0ee59dd9b8ca890be08b0b874 +# Date 2013-02-25 12:44:25 +0100 +# Author Xi Wang +# Committer Jan Beulich +x86: fix null pointer dereference in intel_get_extended_msrs() + +`memset(&mc_ext, 0, ...)' leads to a buffer overflow and a subsequent +null pointer dereference. Replace `&mc_ext' with `mc_ext'. + +Signed-off-by: Xi Wang + +--- a/xen/arch/x86/cpu/mcheck/mce_intel.c ++++ b/xen/arch/x86/cpu/mcheck/mce_intel.c +@@ -534,7 +534,7 @@ intel_get_extended_msrs(struct mcinfo_gl + } + + /* this function will called when CAP(9).MCG_EXT_P = 1 */ +- memset(&mc_ext, 0, sizeof(struct mcinfo_extended)); ++ memset(mc_ext, 0, sizeof(*mc_ext)); + mc_ext->common.type = MC_TYPE_EXTENDED; + mc_ext->common.size = sizeof(struct mcinfo_extended); + diff --git a/26659-AMD-IOMMU-erratum-746-workaround.patch b/26659-AMD-IOMMU-erratum-746-workaround.patch new file mode 100644 index 0000000..877b872 --- /dev/null +++ b/26659-AMD-IOMMU-erratum-746-workaround.patch @@ -0,0 +1,73 @@ +# Commit 0f8adcb2a7183bea5063f6fffba7d7e1aa14fc84 +# Date 2013-02-26 10:14:53 +0100 +# Author Suravee Suthikulpanit +# Committer Jan Beulich +IOMMU, AMD Family15h Model10-1Fh erratum 746 Workaround + +The IOMMU may stop processing page translations due to a perceived lack +of credits for writing upstream peripheral page service request (PPR) +or event logs. If the L2B miscellaneous clock gating feature is enabled +the IOMMU does not properly register credits after the log request has +completed, leading to a potential system hang. + +BIOSes are supposed to disable L2B micellaneous clock gating by setting +L2_L2B_CK_GATE_CONTROL[CKGateL2BMiscDisable](D0F2xF4_x90[2]) = 1b. This +patch corrects that for those which do not enable this workaround. + +Signed-off-by: Suravee Suthikulpanit +Signed-off-by: Jan Beulich + +--- a/xen/drivers/passthrough/amd/iommu_init.c ++++ b/xen/drivers/passthrough/amd/iommu_init.c +@@ -795,6 +795,42 @@ static int __init set_iommu_interrupt_ha + return irq; + } + ++/* ++ * Family15h Model 10h-1fh erratum 746 (IOMMU Logging May Stall Translations) ++ * Workaround: ++ * BIOS should disable L2B micellaneous clock gating by setting ++ * L2_L2B_CK_GATE_CONTROL[CKGateL2BMiscDisable](D0F2xF4_x90[2]) = 1b ++ */ ++static void amd_iommu_erratum_746_workaround(struct amd_iommu *iommu) ++{ ++ u32 value; ++ u8 bus = PCI_BUS(iommu->bdf); ++ u8 dev = PCI_SLOT(iommu->bdf); ++ u8 func = PCI_FUNC(iommu->bdf); ++ ++ if ( (boot_cpu_data.x86 != 0x15) || ++ (boot_cpu_data.x86_model < 0x10) || ++ (boot_cpu_data.x86_model > 0x1f) ) ++ return; ++ ++ pci_conf_write32(iommu->seg, bus, dev, func, 0xf0, 0x90); ++ value = pci_conf_read32(iommu->seg, bus, dev, func, 0xf4); ++ ++ if ( value & (1 << 2) ) ++ return; ++ ++ /* Select NB indirect register 0x90 and enable writing */ ++ pci_conf_write32(iommu->seg, bus, dev, func, 0xf0, 0x90 | (1 << 8)); ++ ++ pci_conf_write32(iommu->seg, bus, dev, func, 0xf4, value | (1 << 2)); ++ printk(XENLOG_INFO ++ "AMD-Vi: Applying erratum 746 workaround for IOMMU at %04x:%02x:%02x.%u\n", ++ iommu->seg, bus, dev, func); ++ ++ /* Clear the enable writing bit */ ++ pci_conf_write32(iommu->seg, bus, dev, func, 0xf0, 0x90); ++} ++ + static void enable_iommu(struct amd_iommu *iommu) + { + unsigned long flags; +@@ -807,6 +843,8 @@ static void enable_iommu(struct amd_iomm + return; + } + ++ amd_iommu_erratum_746_workaround(iommu); ++ + register_iommu_dev_table_in_mmio_space(iommu); + register_iommu_cmd_buffer_in_mmio_space(iommu); + register_iommu_event_log_in_mmio_space(iommu); diff --git a/26660-x86-fix-CMCI-injection.patch b/26660-x86-fix-CMCI-injection.patch new file mode 100644 index 0000000..dbd9358 --- /dev/null +++ b/26660-x86-fix-CMCI-injection.patch @@ -0,0 +1,128 @@ +# Commit 2f8c55ccefe49bb526df0eaf5fa9b7b788422208 +# Date 2013-02-26 10:15:56 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86: fix CMCI injection + +This fixes the wrong use of literal vector 0xF7 with an "int" +instruction (invalidated by 25113:14609be41f36) and the fact that doing +the injection via a software interrupt was never valid anyway (because +cmci_interrupt() acks the LAPIC, which does the wrong thing if the +interrupt didn't get delivered though it). + +In order to do latter, the patch introduces send_IPI_self(), at once +removing two opend coded uses of "genapic" in the IRQ handling code. + +Reported-by: Yongjie Ren +Signed-off-by: Jan Beulich +Tested-by: Yongjie Ren +Acked-by: Keir Fraser + +--- a/xen/arch/x86/cpu/mcheck/mce.c ++++ b/xen/arch/x86/cpu/mcheck/mce.c +@@ -30,6 +30,7 @@ bool_t __read_mostly mce_broadcast = 0; + bool_t is_mc_panic; + unsigned int __read_mostly nr_mce_banks; + unsigned int __read_mostly firstbank; ++uint8_t __read_mostly cmci_apic_vector; + + static void intpose_init(void); + static void mcinfo_clear(struct mc_info *); +@@ -1277,12 +1278,6 @@ static void x86_mc_mceinject(void *data) + __asm__ __volatile__("int $0x12"); + } + +-static void x86_cmci_inject(void *data) +-{ +- printk("Simulating CMCI on cpu %d\n", smp_processor_id()); +- __asm__ __volatile__("int $0xf7"); +-} +- + #if BITS_PER_LONG == 64 + + #define ID2COOKIE(id) ((mctelem_cookie_t)(id)) +@@ -1568,11 +1563,15 @@ long do_mca(XEN_GUEST_HANDLE(xen_mc_t) u + on_selected_cpus(cpumap, x86_mc_mceinject, NULL, 1); + break; + case XEN_MC_INJECT_TYPE_CMCI: +- if ( !cmci_support ) ++ if ( !cmci_apic_vector ) + ret = x86_mcerr( + "No CMCI supported in platform\n", -EINVAL); + else +- on_selected_cpus(cpumap, x86_cmci_inject, NULL, 1); ++ { ++ if ( cpumask_test_cpu(smp_processor_id(), cpumap) ) ++ send_IPI_self(cmci_apic_vector); ++ send_IPI_mask(cpumap, cmci_apic_vector); ++ } + break; + default: + ret = x86_mcerr("Wrong mca type\n", -EINVAL); +--- a/xen/arch/x86/cpu/mcheck/mce.h ++++ b/xen/arch/x86/cpu/mcheck/mce.h +@@ -38,6 +38,8 @@ enum mcheck_type { + mcheck_intel + }; + ++extern uint8_t cmci_apic_vector; ++ + /* Init functions */ + enum mcheck_type amd_k7_mcheck_init(struct cpuinfo_x86 *c); + enum mcheck_type amd_k8_mcheck_init(struct cpuinfo_x86 *c); +--- a/xen/arch/x86/cpu/mcheck/mce_intel.c ++++ b/xen/arch/x86/cpu/mcheck/mce_intel.c +@@ -1164,7 +1164,6 @@ static void intel_init_cmci(struct cpuin + { + u32 l, apic; + int cpu = smp_processor_id(); +- static uint8_t cmci_apic_vector; + + if (!mce_available(c) || !cmci_support) { + if (opt_cpu_info) +--- a/xen/arch/x86/irq.c ++++ b/xen/arch/x86/irq.c +@@ -646,7 +646,7 @@ void irq_move_cleanup_interrupt(struct c + * to myself. + */ + if (irr & (1 << (vector % 32))) { +- genapic->send_IPI_self(IRQ_MOVE_CLEANUP_VECTOR); ++ send_IPI_self(IRQ_MOVE_CLEANUP_VECTOR); + TRACE_3D(TRC_HW_IRQ_MOVE_CLEANUP_DELAY, + irq, vector, smp_processor_id()); + goto unlock; +@@ -692,7 +692,7 @@ static void send_cleanup_vector(struct i + + cpumask_and(&cleanup_mask, desc->arch.old_cpu_mask, &cpu_online_map); + desc->arch.move_cleanup_count = cpumask_weight(&cleanup_mask); +- genapic->send_IPI_mask(&cleanup_mask, IRQ_MOVE_CLEANUP_VECTOR); ++ send_IPI_mask(&cleanup_mask, IRQ_MOVE_CLEANUP_VECTOR); + + desc->arch.move_in_progress = 0; + } +--- a/xen/arch/x86/smp.c ++++ b/xen/arch/x86/smp.c +@@ -43,6 +43,11 @@ void send_IPI_mask(const cpumask_t *mask + genapic->send_IPI_mask(mask, vector); + } + ++void send_IPI_self(int vector) ++{ ++ genapic->send_IPI_self(vector); ++} ++ + /* + * Some notes on x86 processor bugs affecting SMP operation: + * +--- a/xen/include/asm-x86/smp.h ++++ b/xen/include/asm-x86/smp.h +@@ -29,7 +29,8 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_ + + void smp_send_nmi_allbutself(void); + +-void send_IPI_mask(const cpumask_t *mask, int vector); ++void send_IPI_mask(const cpumask_t *, int vector); ++void send_IPI_self(int vector); + + extern void (*mtrr_hook) (void); + diff --git a/26672-vmx-fix-handling-of-NMI-VMEXIT.patch b/26672-vmx-fix-handling-of-NMI-VMEXIT.patch new file mode 100644 index 0000000..a8c5bf5 --- /dev/null +++ b/26672-vmx-fix-handling-of-NMI-VMEXIT.patch @@ -0,0 +1,107 @@ +# Commit 7dd3b06ff031c9a8c727df16c5def2afb382101c +# Date 2013-02-28 14:00:18 +0000 +# Author Tim Deegan +# Committer Tim Deegan +vmx: fix handling of NMI VMEXIT. + +Call do_nmi() directly and explicitly re-enable NMIs rather than +raising an NMI through the APIC. Since NMIs are disabled after the +VMEXIT, the raised NMI would be blocked until the next IRET +instruction (i.e. the next real interrupt, or after scheduling a PV +guest) and in the meantime the guest will spin taking NMI VMEXITS. + +Also, handle NMIs before re-enabling interrupts, since if we handle an +interrupt (and therefore IRET) before calling do_nmi(), we may end up +running the NMI handler with NMIs enabled. + +Signed-off-by: Tim Deegan +Acked-by: Andrew Cooper +Acked-by: Jan Beulich + +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -2421,6 +2421,13 @@ void vmx_vmexit_handler(struct cpu_user_ + vector = intr_info & INTR_INFO_VECTOR_MASK; + if ( vector == TRAP_machine_check ) + do_machine_check(regs); ++ if ( vector == TRAP_nmi ++ && ((intr_info & INTR_INFO_INTR_TYPE_MASK) == ++ (X86_EVENTTYPE_NMI << 8)) ) ++ { ++ do_nmi(regs); ++ enable_nmis(); ++ } + break; + case EXIT_REASON_MCE_DURING_VMENTRY: + do_machine_check(regs); +@@ -2594,7 +2601,7 @@ void vmx_vmexit_handler(struct cpu_user_ + (X86_EVENTTYPE_NMI << 8) ) + goto exit_and_crash; + HVMTRACE_0D(NMI); +- self_nmi(); /* Real NMI, vector 2: normal processing. */ ++ /* Already handled above. */ + break; + case TRAP_machine_check: + HVMTRACE_0D(MCE); +--- a/xen/arch/x86/x86_32/entry.S ++++ b/xen/arch/x86/x86_32/entry.S +@@ -621,6 +621,14 @@ ENTRY(machine_check) + pushl $TRAP_machine_check<<16 + jmp handle_nmi_mce + ++/* Enable NMIs. No special register assumptions. All registers are preserved. */ ++ENTRY(enable_nmis) ++ /* Set up stack frame */ ++ pushf # EFLAGS ++ push %cs # CS ++ push $.Lret # EIP ++ iret # Disable the hardware NMI latch ++ + ENTRY(setup_vm86_frame) + mov %ecx,%ds + mov %ecx,%es +@@ -634,7 +642,7 @@ ENTRY(setup_vm86_frame) + .endm + copy_vm86_words + addl $16,%esp +- ret ++.Lret: ret + + .section .rodata, "a", @progbits + +--- a/xen/arch/x86/x86_64/entry.S ++++ b/xen/arch/x86/x86_64/entry.S +@@ -643,6 +643,22 @@ ENTRY(machine_check) + movl $TRAP_machine_check,4(%rsp) + jmp handle_ist_exception + ++/* Enable NMIs. No special register assumptions. Only %rax is not preserved. */ ++ENTRY(enable_nmis) ++ movq %rsp, %rax /* Grab RSP before pushing */ ++ ++ /* Set up stack frame */ ++ pushq $0 /* SS */ ++ pushq %rax /* RSP */ ++ pushfq /* RFLAGS */ ++ pushq $__HYPERVISOR_CS /* CS */ ++ leaq 1f(%rip),%rax ++ pushq %rax /* RIP */ ++ ++ iretq /* Disable the hardware NMI latch */ ++1: ++ retq ++ + .section .rodata, "a", @progbits + + ENTRY(exception_table) +--- a/xen/include/asm-x86/processor.h ++++ b/xen/include/asm-x86/processor.h +@@ -584,6 +584,8 @@ DECLARE_TRAP_HANDLER(alignment_check); + DECLARE_TRAP_HANDLER(spurious_interrupt_bug); + #undef DECLARE_TRAP_HANDLER + ++void enable_nmis(void); ++ + void syscall_enter(void); + void sysenter_entry(void); + void sysenter_eflags_saved(void); diff --git a/26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch b/26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch new file mode 100644 index 0000000..f11c352 --- /dev/null +++ b/26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch @@ -0,0 +1,80 @@ +# Commit 482300def7d08e773ccd2a0d978bcb9469fdd810 +# Date 2013-02-28 14:56:45 +0000 +# Author Juergen Gross +# Committer Keir Fraser +Avoid stale pointer when moving domain to another cpupool + +When a domain is moved to another cpupool the scheduler private data pointers +in vcpu and domain structures must never point to an already freed memory +area. + +While at it, simplify sched_init_vcpu() by using DOM2OP instead VCPU2OP. + +Signed-off-by: Juergen Gross + +--- a/xen/common/schedule.c ++++ b/xen/common/schedule.c +@@ -220,7 +220,7 @@ int sched_init_vcpu(struct vcpu *v, unsi + if ( v->sched_priv == NULL ) + return 1; + +- SCHED_OP(VCPU2OP(v), insert_vcpu, v); ++ SCHED_OP(DOM2OP(d), insert_vcpu, v); + + return 0; + } +@@ -231,6 +231,9 @@ int sched_move_domain(struct domain *d, + unsigned int new_p; + void **vcpu_priv; + void *domdata; ++ void *vcpudata; ++ struct scheduler *old_ops; ++ void *old_domdata; + + domdata = SCHED_OP(c->sched, alloc_domdata, d); + if ( domdata == NULL ) +@@ -261,21 +264,22 @@ int sched_move_domain(struct domain *d, + + domain_pause(d); + ++ old_ops = DOM2OP(d); ++ old_domdata = d->sched_priv; ++ + for_each_vcpu ( d, v ) + { +- SCHED_OP(VCPU2OP(v), remove_vcpu, v); +- SCHED_OP(VCPU2OP(v), free_vdata, v->sched_priv); +- v->sched_priv = NULL; ++ SCHED_OP(old_ops, remove_vcpu, v); + } + +- SCHED_OP(DOM2OP(d), free_domdata, d->sched_priv); +- + d->cpupool = c; + d->sched_priv = domdata; + + new_p = cpumask_first(c->cpu_valid); + for_each_vcpu ( d, v ) + { ++ vcpudata = v->sched_priv; ++ + migrate_timer(&v->periodic_timer, new_p); + migrate_timer(&v->singleshot_timer, new_p); + migrate_timer(&v->poll_timer, new_p); +@@ -288,12 +292,16 @@ int sched_move_domain(struct domain *d, + new_p = cpumask_cycle(new_p, c->cpu_valid); + + SCHED_OP(c->sched, insert_vcpu, v); ++ ++ SCHED_OP(old_ops, free_vdata, vcpudata); + } + + domain_update_node_affinity(d); + + domain_unpause(d); + ++ SCHED_OP(old_ops, free_domdata, old_domdata); ++ + xfree(vcpu_priv); + + return 0; diff --git a/26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch b/26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch new file mode 100644 index 0000000..667fa84 --- /dev/null +++ b/26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch @@ -0,0 +1,43 @@ +changeset: 26675:3eb62c576a1a +user: Olaf Hering +date: Wed Feb 27 14:16:36 2013 +0000 +files: tools/libxc/xtl_logger_stdio.c +description: +tools/xentoollog: update tty detection in stdiostream_progress + +As suggested by IanJ: +Check isatty only once to preserve the errno of ->progress users, and to +reduce the noice in strace output. + +Signed-off-by: Olaf Hering +Acked-by: Ian Jackson + + +diff -r 4b25c1e6cfbb -r 3eb62c576a1a tools/libxc/xtl_logger_stdio.c +--- a/tools/libxc/xtl_logger_stdio.c Wed Feb 27 11:16:47 2013 +0000 ++++ b/tools/libxc/xtl_logger_stdio.c Wed Feb 27 14:16:36 2013 +0000 +@@ -35,6 +35,7 @@ struct xentoollog_logger_stdiostream { + xentoollog_level min_level; + unsigned flags; + int progress_erase_len, progress_last_percent; ++ int tty; + }; + + static void progress_erase(xentoollog_logger_stdiostream *lg) { +@@ -118,7 +119,7 @@ static void stdiostream_progress(struct + + lg->progress_last_percent = percent; + +- if (isatty(fileno(lg->f)) <= 0) { ++ if (!lg->tty) { + stdiostream_message(logger_in, this_level, context, + "%s: %lu/%lu %3d%%", + doing_what, done, total, percent); +@@ -166,6 +167,7 @@ xentoollog_logger_stdiostream *xtl_creat + newlogger.f = f; + newlogger.min_level = min_level; + newlogger.flags = flags; ++ newlogger.tty = isatty(fileno(newlogger.f)) > 0; + + if (newlogger.flags & XTL_STDIOSTREAM_SHOW_DATE) tzset(); + diff --git a/26676-fix-compat-memory-exchange-op-splitting.patch b/26676-fix-compat-memory-exchange-op-splitting.patch new file mode 100644 index 0000000..c65141f --- /dev/null +++ b/26676-fix-compat-memory-exchange-op-splitting.patch @@ -0,0 +1,24 @@ +# Commit 53decd322157e922cac2988e07da6d39538c8033 +# Date 2013-03-01 16:59:49 +0100 +# Author Jan Beulich +# Committer Jan Beulich +fix compat memory exchange op splitting + +A shift with a negative count was erroneously used here, yielding +undefined behavior. + +Reported-by: Xi Wang +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/common/compat/memory.c ++++ b/xen/common/compat/memory.c +@@ -172,7 +172,7 @@ int compat_memory_op(unsigned int cmd, X + if ( order_delta >= 0 ) + nat.xchg->out.nr_extents = end_extent >> order_delta; + else +- nat.xchg->out.nr_extents = end_extent << order_delta; ++ nat.xchg->out.nr_extents = end_extent << -order_delta; + ++split; + } + diff --git a/26677-x86-make-certain-memory-sub-ops-return-valid-values.patch b/26677-x86-make-certain-memory-sub-ops-return-valid-values.patch new file mode 100644 index 0000000..6a3a4df --- /dev/null +++ b/26677-x86-make-certain-memory-sub-ops-return-valid-values.patch @@ -0,0 +1,78 @@ +# Commit 7ffc9779aa5120c5098d938cb88f69a1dda9a0fe +# Date 2013-03-04 10:16:04 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86: make certain memory sub-ops return valid values + +When a domain's shared info field "max_pfn" is zero, +domain_get_maximum_gpfn() so far returned ULONG_MAX, which +do_memory_op() in turn converted to -1 (i.e. -EPERM). Make the former +always return a sensible number (i.e. zero if the field was zero) and +have the latter no longer truncate return values. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -437,7 +437,7 @@ unsigned long domain_get_maximum_gpfn(st + if ( is_hvm_domain(d) ) + return p2m_get_hostp2m(d)->max_mapped_pfn; + /* NB. PV guests specify nr_pfns rather than max_pfn so we adjust here. */ +- return arch_get_max_pfn(d) - 1; ++ return (arch_get_max_pfn(d) ?: 1) - 1; + } + + void share_xen_page_with_guest( +--- a/xen/common/compat/memory.c ++++ b/xen/common/compat/memory.c +@@ -15,7 +15,8 @@ CHECK_TYPE(domid); + + int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE(void) compat) + { +- int rc, split, op = cmd & MEMOP_CMD_MASK; ++ int split, op = cmd & MEMOP_CMD_MASK; ++ long rc; + unsigned int start_extent = cmd >> MEMOP_EXTENT_SHIFT; + + do +@@ -204,7 +205,7 @@ int compat_memory_op(unsigned int cmd, X + + rc = do_memory_op(cmd, nat.hnd); + if ( rc < 0 ) +- return rc; ++ break; + + cmd = 0; + if ( hypercall_xlat_continuation(&cmd, 0x02, nat.hnd, compat) ) +@@ -318,5 +319,11 @@ int compat_memory_op(unsigned int cmd, X + __HYPERVISOR_memory_op, "ih", cmd, compat); + } while ( split > 0 ); + ++ if ( unlikely(rc > INT_MAX) ) ++ return INT_MAX; ++ ++ if ( unlikely(rc < INT_MIN) ) ++ return INT_MIN; ++ + return rc; + } +--- a/xen/common/memory.c ++++ b/xen/common/memory.c +@@ -532,14 +532,13 @@ static long memory_exchange(XEN_GUEST_HA + long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE(void) arg) + { + struct domain *d; +- int rc, op; ++ long rc; + unsigned int address_bits; + unsigned long start_extent; + struct xen_memory_reservation reservation; + struct memop_args args; + domid_t domid; +- +- op = cmd & MEMOP_CMD_MASK; ++ int op = cmd & MEMOP_CMD_MASK; + + switch ( op ) + { diff --git a/26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch b/26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch new file mode 100644 index 0000000..6111035 --- /dev/null +++ b/26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch @@ -0,0 +1,58 @@ +# Commit e6a6fd63652814e5c36a0016c082032f798ced1f +# Date 2013-03-04 10:17:52 +0100 +# Author Jan Beulich +# Committer Jan Beulich +SEDF: avoid gathering vCPU-s on pCPU0 + +The introduction of vcpu_force_reschedule() in 14320:215b799fa181 was +incompatible with the SEDF scheduler: Any vCPU using +VCPUOP_stop_periodic_timer (e.g. any vCPU of half way modern PV Linux +guests) ends up on pCPU0 after that call. Obviously, running all PV +guests' (and namely Dom0's) vCPU-s on pCPU0 causes problems for those +guests rather sooner than later. + +So the main thing that was clearly wrong (and bogus from the beginning) +was the use of cpumask_first() in sedf_pick_cpu(). It is being replaced +by a construct that prefers to put back the vCPU on the pCPU that it +got launched on. + +However, there's one more glitch: When reducing the affinity of a vCPU +temporarily, and then widening it again to a set that includes the pCPU +that the vCPU was last running on, the generic scheduler code would not +force a migration of that vCPU, and hence it would forever stay on the +pCPU it last ran on. Since that can again create a load imbalance, the +SEDF scheduler wants a migration to happen regardless of it being +apparently unnecessary. + +Of course, an alternative to checking for SEDF explicitly in +vcpu_set_affinity() would be to introduce a flags field in struct +scheduler, and have SEDF set a "always-migrate-on-affinity-change" +flag. + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/common/sched_sedf.c ++++ b/xen/common/sched_sedf.c +@@ -396,7 +396,8 @@ static int sedf_pick_cpu(const struct sc + + online = cpupool_scheduler_cpumask(v->domain->cpupool); + cpumask_and(&online_affinity, v->cpu_affinity, online); +- return cpumask_first(&online_affinity); ++ return cpumask_cycle(v->vcpu_id % cpumask_weight(&online_affinity) - 1, ++ &online_affinity); + } + + /* +--- a/xen/common/schedule.c ++++ b/xen/common/schedule.c +@@ -611,7 +611,8 @@ int vcpu_set_affinity(struct vcpu *v, co + vcpu_schedule_lock_irq(v); + + cpumask_copy(v->cpu_affinity, affinity); +- if ( !cpumask_test_cpu(v->processor, v->cpu_affinity) ) ++ if ( VCPU2OP(v)->sched_id == XEN_SCHEDULER_SEDF || ++ !cpumask_test_cpu(v->processor, v->cpu_affinity) ) + set_bit(_VPF_migrating, &v->pause_flags); + + vcpu_schedule_unlock_irq(v); diff --git a/26679-x86-defer-processing-events-on-the-NMI-exit-path.patch b/26679-x86-defer-processing-events-on-the-NMI-exit-path.patch new file mode 100644 index 0000000..f36378e --- /dev/null +++ b/26679-x86-defer-processing-events-on-the-NMI-exit-path.patch @@ -0,0 +1,134 @@ +# Commit d463b005bbd6475ed930a302821efe239e1b2cf9 +# Date 2013-03-04 10:19:34 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86: defer processing events on the NMI exit path + +Otherwise, we may end up in the scheduler, keeping NMIs masked for a +possibly unbounded period of time (until whenever the next IRET gets +executed). Enforce timely event processing by sending a self IPI. + +Of course it's open for discussion whether to always use the straight +exit path from handle_ist_exception. + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/arch/x86/x86_32/entry.S ++++ b/xen/arch/x86/x86_32/entry.S +@@ -60,6 +60,7 @@ + #include + #include + #include ++#include + + ALIGN + restore_all_guest: +@@ -561,6 +562,8 @@ ENTRY(early_page_fault) + jmp restore_all_xen + .popsection + ++ENTRY(nmi) ++ pushl $TRAP_nmi<<16 + handle_nmi_mce: + #ifdef CONFIG_X86_SUPERVISOR_MODE_KERNEL + # NMI/MCE entry protocol is incompatible with guest kernel in ring 0. +@@ -581,7 +584,24 @@ handle_nmi_mce: + * cases we have put guest DS/ES on the guest stack frame, which will + * be detected by SAVE_ALL(), or we have rolled back restore_guest. + */ +- jmp ret_from_intr ++ cmpb $TRAP_nmi,UREGS_entry_vector(%esp) ++ jne ret_from_intr ++ /* We want to get straight to the IRET on the NMI exit path. */ ++ GET_CURRENT(%ebx) ++ movl UREGS_eflags(%esp),%eax ++ movb UREGS_cs(%esp),%al ++ testl $(3|X86_EFLAGS_VM),%eax ++ jz restore_all_xen ++ /* Send an IPI to ourselves to cover for the lack of event checking. */ ++ movl VCPU_processor(%ebx),%eax ++ shll $IRQSTAT_shift,%eax ++ cmpl $0,irq_stat(%eax) ++ je restore_all_guest ++ pushl $EVENT_CHECK_VECTOR ++ call send_IPI_self ++ addl $4,%esp ++ jmp restore_all_guest ++ + .Lnmi_mce_xen: + /* Check the outer (guest) context for %ds/%es state validity. */ + GET_CPUINFO_FIELD(CPUINFO_guest_cpu_user_regs,%ebx) +@@ -613,10 +633,6 @@ handle_nmi_mce: + jmp .Lnmi_mce_common + #endif /* !CONFIG_X86_SUPERVISOR_MODE_KERNEL */ + +-ENTRY(nmi) +- pushl $TRAP_nmi<<16 +- jmp handle_nmi_mce +- + ENTRY(machine_check) + pushl $TRAP_machine_check<<16 + jmp handle_nmi_mce +--- a/xen/arch/x86/x86_64/compat/entry.S ++++ b/xen/arch/x86/x86_64/compat/entry.S +@@ -171,7 +171,7 @@ compat_bad_hypercall: + jmp compat_test_all_events + + /* %rbx: struct vcpu, interrupts disabled */ +-compat_restore_all_guest: ++ENTRY(compat_restore_all_guest) + ASSERT_INTERRUPTS_DISABLED + RESTORE_ALL + addq $8,%rsp +--- a/xen/arch/x86/x86_64/entry.S ++++ b/xen/arch/x86/x86_64/entry.S +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + + ALIGN + /* %rbx: struct vcpu */ +@@ -617,6 +618,9 @@ ENTRY(early_page_fault) + jmp restore_all_xen + .popsection + ++ENTRY(nmi) ++ pushq $0 ++ movl $TRAP_nmi,4(%rsp) + handle_ist_exception: + SAVE_ALL + testb $3,UREGS_cs(%rsp) +@@ -631,12 +635,25 @@ handle_ist_exception: + movl UREGS_entry_vector(%rsp),%eax + leaq exception_table(%rip),%rdx + callq *(%rdx,%rax,8) +- jmp ret_from_intr ++ cmpb $TRAP_nmi,UREGS_entry_vector(%rsp) ++ jne ret_from_intr + +-ENTRY(nmi) +- pushq $0 +- movl $TRAP_nmi,4(%rsp) +- jmp handle_ist_exception ++ /* We want to get straight to the IRET on the NMI exit path. */ ++ testb $3,UREGS_cs(%rsp) ++ jz restore_all_xen ++ GET_CURRENT(%rbx) ++ /* Send an IPI to ourselves to cover for the lack of event checking. */ ++ movl VCPU_processor(%rbx),%eax ++ shll $IRQSTAT_shift,%eax ++ leaq irq_stat(%rip),%rcx ++ cmpl $0,(%rcx,%rax,1) ++ je 1f ++ movl $EVENT_CHECK_VECTOR,%edi ++ call send_IPI_self ++1: movq VCPU_domain(%rbx),%rax ++ cmpb $0,DOMAIN_is_32bit_pv(%rax) ++ je restore_all_guest ++ jmp compat_restore_all_guest + + ENTRY(machine_check) + pushq $0 diff --git a/26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch b/26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch new file mode 100644 index 0000000..b498cb0 --- /dev/null +++ b/26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch @@ -0,0 +1,113 @@ +# Commit be6507509454adf3bb5a50b9406c88504e996d5a +# Date 2013-03-04 13:37:39 +0100 +# Author George Dunlap +# Committer Jan Beulich +credit1: Use atomic bit operations for the flags structure + +The flags structure is not protected by locks (or more precisely, +it is protected using an inconsistent set of locks); we therefore need +to make sure that all accesses are atomic-safe. This is particulary +important in the case of the PARKED flag, which if clobbered while +changing the YIELD bit will leave a vcpu wedged in an offline state. + +Using the atomic bitops also requires us to change the size of the "flags" +element. + +Spotted-by: Igor Pavlikevich +Signed-off-by: George Dunlap + +--- a/xen/common/sched_credit.c ++++ b/xen/common/sched_credit.c +@@ -58,8 +58,8 @@ + /* + * Flags + */ +-#define CSCHED_FLAG_VCPU_PARKED 0x0001 /* VCPU over capped credits */ +-#define CSCHED_FLAG_VCPU_YIELD 0x0002 /* VCPU yielding */ ++#define CSCHED_FLAG_VCPU_PARKED 0x0 /* VCPU over capped credits */ ++#define CSCHED_FLAG_VCPU_YIELD 0x1 /* VCPU yielding */ + + + /* +@@ -132,7 +132,7 @@ struct csched_vcpu { + struct vcpu *vcpu; + atomic_t credit; + s_time_t start_time; /* When we were scheduled (used for credit) */ +- uint16_t flags; ++ unsigned flags; + int16_t pri; + #ifdef CSCHED_STATS + struct { +@@ -214,7 +214,7 @@ __runq_insert(unsigned int cpu, struct c + /* If the vcpu yielded, try to put it behind one lower-priority + * runnable vcpu if we can. The next runq_sort will bring it forward + * within 30ms if the queue too long. */ +- if ( svc->flags & CSCHED_FLAG_VCPU_YIELD ++ if ( test_bit(CSCHED_FLAG_VCPU_YIELD, &svc->flags) + && __runq_elem(iter)->pri > CSCHED_PRI_IDLE ) + { + iter=iter->next; +@@ -776,7 +776,7 @@ csched_vcpu_wake(const struct scheduler + * those. + */ + if ( svc->pri == CSCHED_PRI_TS_UNDER && +- !(svc->flags & CSCHED_FLAG_VCPU_PARKED) ) ++ !test_bit(CSCHED_FLAG_VCPU_PARKED, &svc->flags) ) + { + svc->pri = CSCHED_PRI_TS_BOOST; + } +@@ -789,12 +789,12 @@ csched_vcpu_wake(const struct scheduler + static void + csched_vcpu_yield(const struct scheduler *ops, struct vcpu *vc) + { +- struct csched_vcpu * const sv = CSCHED_VCPU(vc); ++ struct csched_vcpu * const svc = CSCHED_VCPU(vc); + + if ( !sched_credit_default_yield ) + { + /* Let the scheduler know that this vcpu is trying to yield */ +- sv->flags |= CSCHED_FLAG_VCPU_YIELD; ++ set_bit(CSCHED_FLAG_VCPU_YIELD, &svc->flags); + } + } + +@@ -1122,11 +1122,10 @@ csched_acct(void* dummy) + /* Park running VCPUs of capped-out domains */ + if ( sdom->cap != 0U && + credit < -credit_cap && +- !(svc->flags & CSCHED_FLAG_VCPU_PARKED) ) ++ !test_and_set_bit(CSCHED_FLAG_VCPU_PARKED, &svc->flags) ) + { + CSCHED_STAT_CRANK(vcpu_park); + vcpu_pause_nosync(svc->vcpu); +- svc->flags |= CSCHED_FLAG_VCPU_PARKED; + } + + /* Lower bound on credits */ +@@ -1142,7 +1141,7 @@ csched_acct(void* dummy) + svc->pri = CSCHED_PRI_TS_UNDER; + + /* Unpark any capped domains whose credits go positive */ +- if ( svc->flags & CSCHED_FLAG_VCPU_PARKED) ++ if ( test_and_clear_bit(CSCHED_FLAG_VCPU_PARKED, &svc->flags) ) + { + /* + * It's important to unset the flag AFTER the unpause() +@@ -1151,7 +1150,6 @@ csched_acct(void* dummy) + */ + CSCHED_STAT_CRANK(vcpu_unpark); + vcpu_unpause(svc->vcpu); +- svc->flags &= ~CSCHED_FLAG_VCPU_PARKED; + } + + /* Upper bound on credits means VCPU stops earning */ +@@ -1410,8 +1408,7 @@ csched_schedule( + /* + * Clear YIELD flag before scheduling out + */ +- if ( scurr->flags & CSCHED_FLAG_VCPU_YIELD ) +- scurr->flags &= ~(CSCHED_FLAG_VCPU_YIELD); ++ clear_bit(CSCHED_FLAG_VCPU_YIELD, &scurr->flags); + + /* + * SMP Load balance: diff --git a/26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch b/26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch new file mode 100644 index 0000000..248c8f2 --- /dev/null +++ b/26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch @@ -0,0 +1,36 @@ +# Commit d9fb28ae6d41c8201482948660e52889481830dd +# Date 2013-03-04 13:42:17 +0100 +# Author Olaf Hering +# Committer Jan Beulich +xentrace: fix off-by-one in calculate_tbuf_size + +Commit "xentrace: reduce trace buffer size to something mfn_offset can +reach" contains an off-by-one bug. max_mfn_offset needs to be reduced by +exactly the value of t_info_first_offset. + +If the system has two cpus and the number of requested trace pages is +very large, the final number of trace pages + the offset will not fit +into a short. As a result the variable offset in alloc_trace_bufs() will +wrap while allocating buffers for the second cpu. Later +share_xen_page_with_privileged_guests() will be called with a wrong page +and the ASSERT in this function triggers. If the ASSERT is ignored by +running a non-dbg hypervisor the asserts in xentrace itself trigger +because "cons" is not aligned because the very last trace page for the +second cpu is a random mfn. + +Thanks to Jan for the quick analysis. + +Signed-off-by: Olaf Hering +Acked-by: George Dunlap + +--- a/xen/common/trace.c ++++ b/xen/common/trace.c +@@ -133,7 +133,7 @@ static int calculate_tbuf_size(unsigned + * The array of mfns for the highest cpu can start at the maximum value + * mfn_offset can hold. So reduce the number of cpus and also the mfn_offset. + */ +- max_mfn_offset -= t_info_first_offset - 1; ++ max_mfn_offset -= t_info_first_offset; + max_cpus--; + if ( max_cpus ) + max_mfn_offset /= max_cpus; diff --git a/26689-fix-domain-unlocking-in-some-xsm-error-paths.patch b/26689-fix-domain-unlocking-in-some-xsm-error-paths.patch new file mode 100644 index 0000000..483f2fc --- /dev/null +++ b/26689-fix-domain-unlocking-in-some-xsm-error-paths.patch @@ -0,0 +1,25 @@ +# Commit 9581c4f9a55372a21e759cd449cb676d0e8feddb +# Date 2013-03-06 17:10:26 +0100 +# Author Matthew Daley +# Committer Jan Beulich +fix domain unlocking in some xsm error paths + +A couple of xsm error/access-denied code paths in hypercalls neglect to +unlock a previously locked domain. Fix by ensuring the domains are +unlocked correctly. + +Signed-off-by: Matthew Daley +Reviewed-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/common/grant_table.c ++++ b/xen/common/grant_table.c +@@ -2262,7 +2262,7 @@ gnttab_get_status_frames(XEN_GUEST_HANDL + rc = xsm_grant_setup(current->domain, d); + if ( rc ) { + op.status = GNTST_permission_denied; +- goto out1; ++ goto out2; + } + + gt = d->grant_table; diff --git a/32on64-extra-mem.patch b/32on64-extra-mem.patch index 9dedc09..7eaa83a 100644 --- a/32on64-extra-mem.patch +++ b/32on64-extra-mem.patch @@ -2,7 +2,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2966,7 +2966,7 @@ class XendDomainInfo: +@@ -2982,7 +2982,7 @@ class XendDomainInfo: self.guest_bitsize = self.image.getBitSize() # Make sure there's enough RAM available for the domain diff --git a/blktap-pv-cdrom.patch b/blktap-pv-cdrom.patch index 0d5f410..f4345af 100644 --- a/blktap-pv-cdrom.patch +++ b/blktap-pv-cdrom.patch @@ -9,10 +9,10 @@ xen/include/public/io/cdromif.h | 122 ++++ 8 files changed, 726 insertions(+), 3 deletions(-) -Index: xen-4.2.0-testing/tools/blktap/drivers/Makefile +Index: xen-4.2.1-testing/tools/blktap/drivers/Makefile =================================================================== ---- xen-4.2.0-testing.orig/tools/blktap/drivers/Makefile -+++ xen-4.2.0-testing/tools/blktap/drivers/Makefile +--- xen-4.2.1-testing.orig/tools/blktap/drivers/Makefile ++++ xen-4.2.1-testing/tools/blktap/drivers/Makefile @@ -38,8 +38,9 @@ endif CFLAGS += $(PTHREAD_CFLAGS) LDFLAGS += $(PTHREAD_LDFLAGS) @@ -33,11 +33,11 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/Makefile BLK-OBJS-y += aes.o BLK-OBJS-y += tapaio.o BLK-OBJS-$(CONFIG_Linux) += blk_linux.o -Index: xen-4.2.0-testing/tools/blktap/drivers/block-cdrom.c +Index: xen-4.2.1-testing/tools/blktap/drivers/block-cdrom.c =================================================================== --- /dev/null -+++ xen-4.2.0-testing/tools/blktap/drivers/block-cdrom.c -@@ -0,0 +1,565 @@ ++++ xen-4.2.1-testing/tools/blktap/drivers/block-cdrom.c +@@ -0,0 +1,568 @@ +/* block-cdrom.c + * + * simple slow synchronous cdrom disk implementation. Based off @@ -514,6 +514,9 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/block-cdrom.c + unsigned int len; + + media_present = xs_read(prv->xs_handle, XBT_NULL, vec[XS_WATCH_PATH], &len); ++ if (media_present == NULL) ++ return; ++ + if (strcmp(media_present, "0") == 0) { + close(prv->fd); + prv->fd = -1; @@ -603,10 +606,10 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/block-cdrom.c + .td_get_parent_id = tdcdrom_get_parent_id, + .td_validate_parent = tdcdrom_validate_parent +}; -Index: xen-4.2.0-testing/tools/blktap/drivers/tapdisk.c +Index: xen-4.2.1-testing/tools/blktap/drivers/tapdisk.c =================================================================== ---- xen-4.2.0-testing.orig/tools/blktap/drivers/tapdisk.c -+++ xen-4.2.0-testing/tools/blktap/drivers/tapdisk.c +--- xen-4.2.1-testing.orig/tools/blktap/drivers/tapdisk.c ++++ xen-4.2.1-testing/tools/blktap/drivers/tapdisk.c @@ -735,6 +735,22 @@ static void get_io_request(struct td_sta goto out; } @@ -630,10 +633,10 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/tapdisk.c default: DPRINTF("Unknown block operation\n"); break; -Index: xen-4.2.0-testing/tools/blktap/drivers/tapdisk.h +Index: xen-4.2.1-testing/tools/blktap/drivers/tapdisk.h =================================================================== ---- xen-4.2.0-testing.orig/tools/blktap/drivers/tapdisk.h -+++ xen-4.2.0-testing/tools/blktap/drivers/tapdisk.h +--- xen-4.2.1-testing.orig/tools/blktap/drivers/tapdisk.h ++++ xen-4.2.1-testing/tools/blktap/drivers/tapdisk.h @@ -137,6 +137,9 @@ struct tap_disk { int (*td_get_parent_id) (struct disk_driver *dd, struct disk_id *id); int (*td_validate_parent)(struct disk_driver *dd, @@ -678,10 +681,10 @@ Index: xen-4.2.0-testing/tools/blktap/drivers/tapdisk.h }; typedef struct driver_list_entry { -Index: xen-4.2.0-testing/tools/blktap/lib/blktaplib.h +Index: xen-4.2.1-testing/tools/blktap/lib/blktaplib.h =================================================================== ---- xen-4.2.0-testing.orig/tools/blktap/lib/blktaplib.h -+++ xen-4.2.0-testing/tools/blktap/lib/blktaplib.h +--- xen-4.2.1-testing.orig/tools/blktap/lib/blktaplib.h ++++ xen-4.2.1-testing/tools/blktap/lib/blktaplib.h @@ -219,6 +219,7 @@ typedef struct msg_pid { #define DISK_TYPE_RAM 3 #define DISK_TYPE_QCOW 4 @@ -690,10 +693,10 @@ Index: xen-4.2.0-testing/tools/blktap/lib/blktaplib.h /* xenstore/xenbus: */ #define DOMNAME "Domain-0" -Index: xen-4.2.0-testing/tools/python/xen/xend/server/BlktapController.py +Index: xen-4.2.1-testing/tools/python/xen/xend/server/BlktapController.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/server/BlktapController.py -+++ xen-4.2.0-testing/tools/python/xen/xend/server/BlktapController.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/BlktapController.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/BlktapController.py @@ -15,6 +15,7 @@ blktap1_disk_types = [ 'ram', 'qcow', @@ -702,10 +705,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/server/BlktapController.py 'ioemu', ] -Index: xen-4.2.0-testing/xen/include/public/io/blkif.h +Index: xen-4.2.1-testing/xen/include/public/io/blkif.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/public/io/blkif.h -+++ xen-4.2.0-testing/xen/include/public/io/blkif.h +--- xen-4.2.1-testing.orig/xen/include/public/io/blkif.h ++++ xen-4.2.1-testing/xen/include/public/io/blkif.h @@ -379,7 +379,7 @@ * Used in SLES sources for device specific command packet * contained within the request. Reserved for that purpose. @@ -715,10 +718,10 @@ Index: xen-4.2.0-testing/xen/include/public/io/blkif.h /* * Indicate to the backend device that a region of storage is no longer in * use, and may be discarded at any time without impact to the client. If -Index: xen-4.2.0-testing/xen/include/public/io/cdromif.h +Index: xen-4.2.1-testing/xen/include/public/io/cdromif.h =================================================================== --- /dev/null -+++ xen-4.2.0-testing/xen/include/public/io/cdromif.h ++++ xen-4.2.1-testing/xen/include/public/io/cdromif.h @@ -0,0 +1,122 @@ +/****************************************************************************** + * cdromif.h diff --git a/blktap.patch b/blktap.patch index 6ab25d4..3644ec0 100644 --- a/blktap.patch +++ b/blktap.patch @@ -1,11 +1,11 @@ bug #239173 bug #242953 -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3301,7 +3301,7 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3315,7 +3315,7 @@ class XendDomainInfo: (fn, BOOTLOADER_LOOPBACK_DEVICE)) vbd = { @@ -14,10 +14,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py 'device': BOOTLOADER_LOOPBACK_DEVICE, } -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c =================================================================== ---- xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +--- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c ++++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c @@ -447,9 +447,9 @@ void xenstore_parse_domain_config(int hv { char **e_danger = NULL; diff --git a/change-vnc-passwd.patch b/change-vnc-passwd.patch index 97d1f15..232b503 100644 --- a/change-vnc-passwd.patch +++ b/change-vnc-passwd.patch @@ -2,10 +2,10 @@ Add support of change-vnc-password while vm is running. Signed-off-by: Chunyan Liu -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c +Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/vl.c =================================================================== ---- xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/vl.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c +--- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/vl.c ++++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/vl.c @@ -200,7 +200,7 @@ DriveInfo drives_table[MAX_DRIVES+1]; int nb_drives; enum vga_retrace_method vga_retrace_method = VGA_RETRACE_DUMB; @@ -15,10 +15,10 @@ Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vl.c int nographic; static int curses; static int sdl; -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vnc.c +Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/vnc.c =================================================================== ---- xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/vnc.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vnc.c +--- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/vnc.c ++++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/vnc.c @@ -2627,6 +2627,7 @@ int vnc_display_password(DisplayState *d if (password && password[0]) { if (!(vs->password = qemu_strdup(password))) @@ -27,10 +27,10 @@ Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/vnc.c } return 0; -Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c =================================================================== ---- xen-4.2.0-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c -+++ xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +--- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c ++++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c @@ -24,6 +24,7 @@ #include "qemu-timer.h" #include "qemu-xen.h" @@ -59,11 +59,11 @@ Index: xen-4.2.0-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c } else if (!strncmp(command, "usb-add", len)) { fprintf(logfile, "dm-command: usb-add a usb device\n"); if (pasprintf(&path, -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1490,6 +1490,20 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1504,6 +1504,20 @@ class XendDomainInfo: target = max_target self.setMemoryTarget(target) @@ -84,10 +84,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -Index: xen-4.2.0-testing/tools/python/xen/xend/server/XMLRPCServer.py +Index: xen-4.2.1-testing/tools/python/xen/xend/server/XMLRPCServer.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/server/XMLRPCServer.py -+++ xen-4.2.0-testing/tools/python/xen/xend/server/XMLRPCServer.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/XMLRPCServer.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/XMLRPCServer.py @@ -95,7 +95,7 @@ methods = ['device_create', 'device_conf 'destroyDevice','getDeviceSxprs', 'setMemoryTarget', 'setName', 'setVCpuCount', 'shutdown', @@ -97,10 +97,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/server/XMLRPCServer.py exclude = ['domain_create', 'domain_restore'] -Index: xen-4.2.0-testing/tools/python/xen/xm/main.py +Index: xen-4.2.1-testing/tools/python/xen/xm/main.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/main.py -+++ xen-4.2.0-testing/tools/python/xen/xm/main.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/main.py ++++ xen-4.2.1-testing/tools/python/xen/xm/main.py @@ -21,6 +21,7 @@ """Grand unified management application for Xen. diff --git a/change_home_server.patch b/change_home_server.patch index ff4aa57..ce87435 100644 --- a/change_home_server.patch +++ b/change_home_server.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3139,6 +3139,11 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3153,6 +3153,11 @@ class XendDomainInfo: self._cleanup_phantom_devs(paths) self._cleanupVm() diff --git a/checkpoint-rename.patch b/checkpoint-rename.patch index a29d56a..239b628 100644 --- a/checkpoint-rename.patch +++ b/checkpoint-rename.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -172,7 +172,7 @@ def save(fd, dominfo, network, live, dst +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -185,7 +185,7 @@ def save(fd, dominfo, network, live, dst dominfo.destroy() dominfo.testDeviceComplete() try: diff --git a/hv_extid_compatibility.patch b/hv_extid_compatibility.patch index f9f45b9..28bfa4d 100644 --- a/hv_extid_compatibility.patch +++ b/hv_extid_compatibility.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendConfig.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py -@@ -159,6 +159,7 @@ XENAPI_PLATFORM_CFG_TYPES = { +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +@@ -161,6 +161,7 @@ XENAPI_PLATFORM_CFG_TYPES = { 'nographic': int, 'nomigrate': int, 'pae' : int, @@ -10,8 +10,8 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py 'rtc_timeoffset': int, 'parallel': str, 'serial': str, -@@ -517,6 +518,8 @@ class XendConfig(dict): - if self.is_hvm(): +@@ -523,6 +524,8 @@ class XendConfig(dict): + self['platform']['acpi_firmware'] = "" if 'timer_mode' not in self['platform']: self['platform']['timer_mode'] = 1 + if 'extid' in self['platform'] and int(self['platform']['extid']) == 1: @@ -19,11 +19,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendConfig.py if 'viridian' not in self['platform']: self['platform']['viridian'] = 0 if 'rtc_timeoffset' not in self['platform']: -Index: xen-4.2.0-testing/tools/python/xen/xend/image.py +Index: xen-4.2.1-testing/tools/python/xen/xend/image.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/image.py -+++ xen-4.2.0-testing/tools/python/xen/xend/image.py -@@ -828,6 +828,7 @@ class HVMImageHandler(ImageHandler): +--- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.1-testing/tools/python/xen/xend/image.py +@@ -830,6 +830,7 @@ class HVMImageHandler(ImageHandler): self.apic = int(vmConfig['platform'].get('apic', 0)) self.acpi = int(vmConfig['platform'].get('acpi', 0)) @@ -31,10 +31,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/image.py self.guest_os_type = vmConfig['platform'].get('guest_os_type') self.memory_sharing = int(vmConfig['memory_sharing']) try: -Index: xen-4.2.0-testing/tools/python/xen/xm/create.py +Index: xen-4.2.1-testing/tools/python/xen/xm/create.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xm/create.py -+++ xen-4.2.0-testing/tools/python/xen/xm/create.py +--- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/create.py @@ -242,6 +242,10 @@ gopts.var('viridian', val='VIRIDIAN', use="""Expose Viridian interface to x86 HVM guest? (Default is 0).""") @@ -46,7 +46,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xm/create.py gopts.var('acpi', val='ACPI', fn=set_int, default=1, use="Disable or enable ACPI of HVM domain.") -@@ -1111,7 +1115,7 @@ def configure_hvm(config_image, vals): +@@ -1120,7 +1124,7 @@ def configure_hvm(config_image, vals): 'timer_mode', 'usb', 'usbdevice', 'vcpus', 'vnc', 'vncconsole', 'vncdisplay', 'vnclisten', @@ -55,7 +55,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xm/create.py 'watchdog', 'watchdog_action', 'xauthority', 'xen_extended_power_mgmt', 'xen_platform_pci', 'memory_sharing' ] -@@ -1121,6 +1125,10 @@ def configure_hvm(config_image, vals): +@@ -1130,6 +1134,10 @@ def configure_hvm(config_image, vals): config_image.append([a, vals.__dict__[a]]) if vals.vncpasswd is not None: config_image.append(['vncpasswd', vals.vncpasswd]) diff --git a/multi-xvdp.patch b/multi-xvdp.patch index ca615b6..d83ea8d 100644 --- a/multi-xvdp.patch +++ b/multi-xvdp.patch @@ -5,10 +5,10 @@ bootloader loopback device. This patch creates a list of bootloader loopback devices so more than one instance of bootloader can be run concurrently. -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py @@ -74,7 +74,7 @@ from xen.xend.XendPSCSI import XendPSCSI from xen.xend.XendDSCSI import XendDSCSI, XendDSCSI_HBA @@ -18,7 +18,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py xc = xen.lowlevel.xc.xc() xoptions = XendOptions.instance() -@@ -3308,33 +3308,38 @@ class XendDomainInfo: +@@ -3322,33 +3322,38 @@ class XendDomainInfo: # This is a file, not a device. pygrub can cope with a # file if it's raw, but if it's QCOW or other such formats # used through blktap, then we need to mount it first. diff --git a/tmp-initscript-modprobe.patch b/tmp-initscript-modprobe.patch index 96744f0..a1617b2 100644 --- a/tmp-initscript-modprobe.patch +++ b/tmp-initscript-modprobe.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/hotplug/Linux/init.d/xencommons +Index: xen-4.2.1-testing/tools/hotplug/Linux/init.d/xencommons =================================================================== ---- xen-4.2.0-testing.orig/tools/hotplug/Linux/init.d/xencommons -+++ xen-4.2.0-testing/tools/hotplug/Linux/init.d/xencommons -@@ -54,21 +54,26 @@ do_start () { +--- xen-4.2.1-testing.orig/tools/hotplug/Linux/init.d/xencommons ++++ xen-4.2.1-testing/tools/hotplug/Linux/init.d/xencommons +@@ -54,21 +54,27 @@ do_start () { local time=0 local timeout=30 @@ -36,7 +36,8 @@ Index: xen-4.2.0-testing/tools/hotplug/Linux/init.d/xencommons + modprobe usbbk 2>/dev/null || true + modprobe pciback 2>/dev/null || true + modprobe xen-acpi-processor 2>/dev/null || true -+ modprobe blktap2 2>/dev/null || modprobe blktap 2>/dev/null || true ++ modprobe blktap2 2>/dev/null || true ++ modprobe blktap 2>/dev/null || true + # xenblk (frontend module) is needed in dom0, allowing it to use vbds + modprobe xenblk 2>/dev/null || true + # support xl create pv guest with qcow/qcow2 disk image diff --git a/x86-extra-trap-info.patch b/x86-extra-trap-info.patch index bc2487d..d876dee 100644 --- a/x86-extra-trap-info.patch +++ b/x86-extra-trap-info.patch @@ -1,6 +1,19 @@ +--- a/xen/arch/x86/x86_32/entry.S ++++ b/xen/arch/x86/x86_32/entry.S +@@ -410,8 +410,10 @@ UNLIKELY_END(bounce_vm86_3) + _ASM_EXTABLE(.Lft24, domain_crash_synchronous) + _ASM_EXTABLE(.Lft25, domain_crash_synchronous) + ++.section .rodata, "a", @progbits + domain_crash_synchronous_string: + .asciz "domain_crash_sync called from entry.S (%lx)\n" ++.previous + + domain_crash_synchronous: + pushl $domain_crash_synchronous_string --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S -@@ -427,22 +427,35 @@ UNLIKELY_END(bounce_failsafe) +@@ -428,22 +428,35 @@ UNLIKELY_END(bounce_failsafe) jz domain_crash_synchronous movq %rax,UREGS_rip+8(%rsp) ret diff --git a/xen-domUloader.diff b/xen-domUloader.diff index b70e777..5f0d5a5 100644 --- a/xen-domUloader.diff +++ b/xen-domUloader.diff @@ -1,7 +1,7 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/server/DevController.py +Index: xen-4.2.1-testing/tools/python/xen/xend/server/DevController.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/server/DevController.py -+++ xen-4.2.0-testing/tools/python/xen/xend/server/DevController.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/DevController.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/DevController.py @@ -592,6 +592,31 @@ class DevController: return (Missing, None) @@ -34,10 +34,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/server/DevController.py def backendPath(self, backdom, devid): """Construct backend path given the backend domain and device id. -Index: xen-4.2.0-testing/tools/python/xen/xend/XendBootloader.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendBootloader.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendBootloader.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendBootloader.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendBootloader.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendBootloader.py @@ -12,7 +12,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # @@ -75,11 +75,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendBootloader.py log.error(msg) raise VmError(msg) -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2333,6 +2333,10 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2347,6 +2347,10 @@ class XendDomainInfo: deviceClass, config = self.info['devices'].get(dev_uuid) self._waitForDevice(deviceClass, config['devid']) @@ -90,7 +90,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def _waitForDevice_destroy(self, deviceClass, devid, backpath): return self.getDeviceController(deviceClass).waitForDevice_destroy( devid, backpath) -@@ -3283,7 +3287,8 @@ class XendDomainInfo: +@@ -3297,7 +3301,8 @@ class XendDomainInfo: from xen.xend import XendDomain dom0 = XendDomain.instance().privilegedDomain() mounted_vbd_uuid = dom0.create_vbd(vbd, disk); @@ -100,7 +100,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py fn = BOOTLOADER_LOOPBACK_DEVICE try: -@@ -3293,10 +3298,10 @@ class XendDomainInfo: +@@ -3307,10 +3312,10 @@ class XendDomainInfo: if mounted: log.info("Unmounting %s from %s." % (fn, BOOTLOADER_LOOPBACK_DEVICE)) diff --git a/xen-managed-pci-device.patch b/xen-managed-pci-device.patch index 2f8557c..e012fdd 100644 --- a/xen-managed-pci-device.patch +++ b/xen-managed-pci-device.patch @@ -225,7 +225,16 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._constructDomain() try: -@@ -851,6 +868,9 @@ class XendDomainInfo: +@@ -712,6 +729,8 @@ class XendDomainInfo: + the device. + """ + ++ if self.domid is None: ++ return + self.iommu_check_pod_mode() + + # Test whether the devices can be assigned +@@ -851,6 +870,9 @@ class XendDomainInfo: if self.domid is not None: try: @@ -235,7 +244,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py dev_config_dict['devid'] = devid = \ self._createDevice(dev_type, dev_config_dict) if dev_type == 'tap2': -@@ -864,6 +884,7 @@ class XendDomainInfo: +@@ -864,6 +886,7 @@ class XendDomainInfo: if dev_type == 'pci': for dev in dev_config_dict['devs']: XendAPIStore.deregister(dev['uuid'], 'DPCI') @@ -243,7 +252,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py elif dev_type == 'vscsi': for dev in dev_config_dict['devs']: XendAPIStore.deregister(dev['uuid'], 'DSCSI') -@@ -908,6 +929,9 @@ class XendDomainInfo: +@@ -908,6 +931,9 @@ class XendDomainInfo: dev_config = pci_convert_sxp_to_dict(dev_sxp) dev = dev_config['devs'][0] @@ -253,7 +262,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py stubdomid = self.getStubdomDomid() # Do HVM specific processing if self.info.is_hvm(): -@@ -984,6 +1008,9 @@ class XendDomainInfo: +@@ -984,6 +1010,9 @@ class XendDomainInfo: new_dev_sxp = dev_control.configuration(devid) self.info.device_update(dev_uuid, new_dev_sxp) @@ -263,7 +272,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py # If there is no device left, destroy pci and remove config. if num_devs == 0: if self.info.is_hvm(): -@@ -3154,6 +3181,7 @@ class XendDomainInfo: +@@ -3168,6 +3197,7 @@ class XendDomainInfo: log.debug("%s KiB need to add to Memory pool" %self.alloc_mem) MemoryPool.instance().increase_memory(self.alloc_mem) diff --git a/xen-max-free-mem.diff b/xen-max-free-mem.diff index 7d5a0e5..81ee8b1 100644 --- a/xen-max-free-mem.diff +++ b/xen-max-free-mem.diff @@ -1,7 +1,7 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendNode.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendNode.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendNode.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendNode.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendNode.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendNode.py @@ -949,11 +949,35 @@ class XendNode: info['cpu_mhz'] = info['cpu_khz'] / 1000 @@ -51,10 +51,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendNode.py ] if show_numa != 0: -Index: xen-4.2.0-testing/tools/python/xen/xend/balloon.py +Index: xen-4.2.1-testing/tools/python/xen/xend/balloon.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/balloon.py -+++ xen-4.2.0-testing/tools/python/xen/xend/balloon.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/balloon.py ++++ xen-4.2.1-testing/tools/python/xen/xend/balloon.py @@ -43,6 +43,8 @@ SLEEP_TIME_GROWTH = 0.1 # label actually shown in the PROC_XEN_BALLOON file. #labels = { 'current' : 'Current allocation', @@ -88,13 +88,13 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/balloon.py def free(need_mem, dominfo): """Balloon out memory from the privileged domain so that there is the specified required amount (in KiB) free. -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1459,6 +1459,27 @@ class XendDomainInfo: - pci_conf = self.info['devices'][dev_uuid][1] - return map(pci_dict_to_bdf_str, pci_conf['devs']) +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1473,6 +1473,27 @@ class XendDomainInfo: + self.info['abort_if_busy'] = str(abort_if_busy) + self.info['log_save_progress'] = str(log_save_progress) + def capAndSetMemoryTarget(self, target): + """Potentially lowers the requested target to the largest possible @@ -120,10 +120,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -Index: xen-4.2.0-testing/tools/python/xen/xend/server/SrvDomain.py +Index: xen-4.2.1-testing/tools/python/xen/xend/server/SrvDomain.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/server/SrvDomain.py -+++ xen-4.2.0-testing/tools/python/xen/xend/server/SrvDomain.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/server/SrvDomain.py ++++ xen-4.2.1-testing/tools/python/xen/xend/server/SrvDomain.py @@ -187,7 +187,7 @@ class SrvDomain(SrvDir): @@ -133,10 +133,10 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/server/SrvDomain.py [['target', 'int']], req) -Index: xen-4.2.0-testing/tools/python/xen/xend/osdep.py +Index: xen-4.2.1-testing/tools/python/xen/xend/osdep.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/osdep.py -+++ xen-4.2.0-testing/tools/python/xen/xend/osdep.py +--- xen-4.2.1-testing.orig/tools/python/xen/xend/osdep.py ++++ xen-4.2.1-testing/tools/python/xen/xend/osdep.py @@ -42,6 +42,8 @@ def _linux_balloon_stat_proc(label): xend2linux_labels = { 'current' : 'Current allocation', diff --git a/xen.changes b/xen.changes index 47774f2..1d43161 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,94 @@ +------------------------------------------------------------------- +Thu Mar 14 09:58:38 MDT 2013 - jfehlig@suse.com + +- Load blktap module in xencommons init script. blktap2 doesn't + support qcow2, so blktap is needed to support domains with + 'tap:qcow2' disk configurations. + modified tmp-initscript-modprobe.patch + +------------------------------------------------------------------- +Thu Mar 14 07:32:17 MDT 2013 - carnold@suse.com + +- bnc#809203 - xen.efi isn't signed with SUSE Secure Boot key + xen.spec + +------------------------------------------------------------------- +Mon Mar 11 21:07:21 MDT 2013 - jfehlig@suse.com + +- Fix adding managed PCI device to an inactive domain + modified xen-managed-pci-device.patch + +------------------------------------------------------------------- +Mon Mar 11 11:45:22 MDT 2013 - jfehlig@suse.com + +- bnc#805094 - xen hot plug attach/detach fails + modified blktap-pv-cdrom.patch + +------------------------------------------------------------------- +Mon Mar 11 11:17:57 MDT 2013 - jfehlig@suse.com + +- bnc# 802690 - domain locking can prevent a live migration from + completing + modified xend-domain-lock.patch + +------------------------------------------------------------------- +Fri Mar 8 15:01:15 CET 2013 - ohering@suse.de + +- bnc#797014 - no way to control live migrations + 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch + xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch + xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch + xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch + xen.migrate.tools_set_migration_constraints_from_cmdline.patch + xen.migrate.tools_add_xm_migrate_--log_progress_option.patch + +------------------------------------------------------------------- +Thu Mar 7 14:39:57 MST 2013 - carnold@suse.com + +- Upstream patches from Jan + 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch + 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch + 26601-honor-ACPI-v4-FADT-flags.patch + 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch + 26659-AMD-IOMMU-erratum-746-workaround.patch + 26660-x86-fix-CMCI-injection.patch + 26672-vmx-fix-handling-of-NMI-VMEXIT.patch + 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch + 26676-fix-compat-memory-exchange-op-splitting.patch + 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch + 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch + 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch + 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch + 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch + +------------------------------------------------------------------- +Tue Mar 5 13:35:40 MST 2013 - carnold@suse.com + +- fate#313584: pass bios information to XEN HVM guest + xend-hvm-firmware-passthrough.patch + +------------------------------------------------------------------- +Mon Mar 4 20:28:29 CET 2013 - ohering@suse.de + +- bnc#806736: enabling xentrace crashes hypervisor + 26686-xentrace_fix_off-by-one_in_calculate_tbuf_size.patch + +------------------------------------------------------------------- +Thu Feb 28 11:12:04 CET 2013 - ohering@suse.de + +- update xenalyze to revision 149 + Make eip_list output more useful + Use correct length when copying record into buffer + decode PV_HYPERCALL_SUBCALL events + decode PV_HYPERCALL_V2 records + Analyze populate-on-demand reclamation patterns + Handle 64-bit MMIO + Also strip write bit when processing a generic event + Make the warnigns in hvm_generic_postprocess more informative + Don't warn about switching paging levels unless verbosity>=6 + Process NPFs as generic for summary purposes + Add HVM_EVENT_VLAPIC + ------------------------------------------------------------------- Wed Feb 20 15:00:13 MST 2013 - jfehlig@suse.com diff --git a/xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch b/xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch new file mode 100644 index 0000000..544abcd --- /dev/null +++ b/xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch @@ -0,0 +1,20 @@ +user: Olaf Hering +date: Wed Mar 06 16:42:02 2013 +0100 +files: tools/xcutils/xc_restore.c +description: +tools/xc: document printf calls in xc_restore + +Signed-off-by: Olaf Hering + + +diff -r e5ae0e680b5c -r 49b90990442a tools/xcutils/xc_restore.c +--- a/tools/xcutils/xc_restore.c ++++ b/tools/xcutils/xc_restore.c +@@ -56,6 +56,7 @@ main(int argc, char **argv) + + if ( ret == 0 ) + { ++ /* xend expects this output, part of protocol */ + printf("store-mfn %li\n", store_mfn); + if ( !hvm ) + printf("console-mfn %li\n", console_mfn); diff --git a/xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch b/xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch new file mode 100644 index 0000000..6a900ed --- /dev/null +++ b/xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch @@ -0,0 +1,178 @@ +user: Olaf Hering +date: Wed Mar 06 16:32:08 2013 +0100 +files: tools/libxc/xc_private.h tools/xcutils/xc_save.c +description: +tools/xc: print messages from xc_save with xc_report + +Make use of xc_report in xc_save to log also pid if some error occoured. + +Signed-off-by: Olaf Hering + + +diff -r 7af4246a6e1c -r e5ae0e680b5c tools/libxc/xc_private.h +--- a/tools/libxc/xc_private.h ++++ b/tools/libxc/xc_private.h +@@ -119,6 +119,7 @@ void xc_report_progress_step(xc_interfac + + /* anamorphic macros: struct xc_interface *xch must be in scope */ + ++#define WPRINTF(_f, _a...) xc_report(xch, xch->error_handler, XTL_WARN,0, _f , ## _a) + #define IPRINTF(_f, _a...) xc_report(xch, xch->error_handler, XTL_INFO,0, _f , ## _a) + #define DPRINTF(_f, _a...) xc_report(xch, xch->error_handler, XTL_DETAIL,0, _f , ## _a) + #define DBGPRINTF(_f, _a...) xc_report(xch, xch->error_handler, XTL_DEBUG,0, _f , ## _a) +diff -r 7af4246a6e1c -r e5ae0e680b5c tools/xcutils/xc_save.c +--- a/tools/xcutils/xc_save.c ++++ b/tools/xcutils/xc_save.c +@@ -7,6 +7,7 @@ + * + */ + ++#include + #include + #include + #include +@@ -19,6 +20,7 @@ + #include + #include + ++#include + #include + #include + #include +@@ -51,16 +53,17 @@ static int compat_suspend(void) + * receive the acknowledgement from the subscribe event channel. */ + static int evtchn_suspend(void) + { ++ xc_interface *xch = si.xch; + int rc; + + rc = xc_evtchn_notify(si.xce, si.suspend_evtchn); + if (rc < 0) { +- warnx("failed to notify suspend request channel: %d", rc); ++ WPRINTF("failed to notify suspend request channel: %d", rc); + return 0; + } + +- if (xc_await_suspend(si.xch, si.xce, si.suspend_evtchn) < 0) { +- warnx("suspend failed"); ++ if (xc_await_suspend(xch, si.xce, si.suspend_evtchn) < 0) { ++ WPRINTF("suspend failed"); + return 0; + } + +@@ -104,20 +107,27 @@ static int suspend(void* data) + + static int switch_qemu_logdirty(int domid, unsigned int enable, void *data) + { ++ xc_interface *xch = si.xch; + struct xs_handle *xs; + char *path, *p, *ret_str, *cmd_str, **watch; + unsigned int len; + struct timeval tv; + fd_set fdset; + +- if ((xs = xs_daemon_open()) == NULL) +- errx(1, "Couldn't contact xenstore"); +- if (!(path = strdup("/local/domain/0/device-model/"))) +- errx(1, "can't get domain path in store"); ++ if ((xs = xs_daemon_open()) == NULL) { ++ PERROR("Couldn't contact xenstore"); ++ exit(1); ++ } ++ if (!(path = strdup("/local/domain/0/device-model/"))) { ++ PERROR("can't get domain path in store"); ++ exit(1); ++ } + if (!(path = realloc(path, strlen(path) + + 10 +- + strlen("/logdirty/cmd") + 1))) +- errx(1, "no memory for constructing xenstore path"); ++ + strlen("/logdirty/cmd") + 1))) { ++ PERROR("no memory for constructing xenstore path"); ++ exit(1); ++ } + snprintf(path + strlen(path), 11, "%i", domid); + strcat(path, "/logdirty/"); + p = path + strlen(path); +@@ -126,16 +136,22 @@ static int switch_qemu_logdirty(int domi + /* Watch for qemu's return value */ + strcpy(p, "ret"); + if (!xs_watch(xs, path, "qemu-logdirty-ret")) +- errx(1, "can't set watch in store (%s)\n", path); ++ { ++ ERROR("can't set watch in store (%s)\n", path); ++ exit(1); ++ } + +- if (!(cmd_str = strdup( enable == 0 ? "disable" : "enable"))) +- errx(1, "can't get logdirty cmd path in store"); ++ if (!(cmd_str = strdup( enable == 0 ? "disable" : "enable"))) { ++ PERROR("can't get logdirty cmd path in store"); ++ exit(1); ++ } + + /* Tell qemu that we want it to start logging dirty page to Xen */ + strcpy(p, "cmd"); +- if (!xs_write(xs, XBT_NULL, path, cmd_str, strlen(cmd_str))) +- errx(1, "can't write to store path (%s)\n", +- path); ++ if (!xs_write(xs, XBT_NULL, path, cmd_str, strlen(cmd_str))) { ++ PERROR("can't write to store path (%s)\n", path); ++ exit(1); ++ } + + /* Wait a while for qemu to signal that it has service logdirty command */ + read_again: +@@ -144,8 +160,10 @@ static int switch_qemu_logdirty(int domi + FD_ZERO(&fdset); + FD_SET(xs_fileno(xs), &fdset); + +- if ((select(xs_fileno(xs) + 1, &fdset, NULL, NULL, &tv)) != 1) +- errx(1, "timed out waiting for qemu logdirty response.\n"); ++ if ((select(xs_fileno(xs) + 1, &fdset, NULL, NULL, &tv)) != 1) { ++ PERROR("timed out waiting for qemu logdirty response.\n"); ++ exit(1); ++ } + + watch = xs_read_watch(xs, &len); + free(watch); +@@ -166,6 +184,7 @@ static int switch_qemu_logdirty(int domi + int + main(int argc, char **argv) + { ++ xc_interface *xch; + unsigned int maxit, max_f, lflags; + int io_fd, ret, port; + struct save_callbacks callbacks; +@@ -186,26 +205,26 @@ main(int argc, char **argv) + lvl = si.flags & XCFLAGS_DEBUG ? XTL_DEBUG: XTL_DETAIL; + lflags = XTL_STDIOSTREAM_SHOW_PID | XTL_STDIOSTREAM_HIDE_PROGRESS; + l = (xentoollog_logger *)xtl_createlogger_stdiostream(stderr, lvl, lflags); +- si.xch = xc_interface_open(l, 0, 0); ++ xch = si.xch = xc_interface_open(l, 0, 0); + if (!si.xch) +- errx(1, "failed to open control interface"); ++ errx(1, "[%lu] failed to open control interface", (unsigned long)getpid()); + + si.xce = xc_evtchn_open(NULL, 0); + if (si.xce == NULL) +- warnx("failed to open event channel handle"); ++ WPRINTF("failed to open event channel handle"); + else + { + port = xs_suspend_evtchn_port(si.domid); + + if (port < 0) +- warnx("failed to get the suspend evtchn port\n"); ++ WPRINTF("failed to get the suspend evtchn port\n"); + else + { + si.suspend_evtchn = + xc_suspend_evtchn_init(si.xch, si.xce, si.domid, port); + + if (si.suspend_evtchn < 0) +- warnx("suspend event channel initialization failed, " ++ WPRINTF("suspend event channel initialization failed, " + "using slow path"); + } + } diff --git a/xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch b/xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch new file mode 100644 index 0000000..84da9dd --- /dev/null +++ b/xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch @@ -0,0 +1,136 @@ +user: Olaf Hering +date: Wed Mar 06 17:05:10 2013 +0100 +files: tools/xcutils/xc_save.c +description: +tools/xc: rework xc_save.c:switch_qemu_logdirty + +Rework code in switch_qemu_logdirty, fix also memleak. + +Signed-off-by: Olaf Hering + + +diff -r 49b90990442a -r 1ea501d60264 tools/xcutils/xc_save.c +--- a/tools/xcutils/xc_save.c ++++ b/tools/xcutils/xc_save.c +@@ -7,6 +7,7 @@ + * + */ + ++#define _GNU_SOURCE + #include + #include + #include +@@ -109,8 +110,10 @@ static int switch_qemu_logdirty(int domi + { + xc_interface *xch = si.xch; + struct xs_handle *xs; +- char *path, *p, *ret_str, *cmd_str, **watch; ++ char *path, *dir_p, *ret_str, **watch; ++ const char *cmd_str; + unsigned int len; ++ int ret, again; + struct timeval tv; + fd_set fdset; + +@@ -118,65 +121,56 @@ static int switch_qemu_logdirty(int domi + PERROR("Couldn't contact xenstore"); + exit(1); + } +- if (!(path = strdup("/local/domain/0/device-model/"))) { +- PERROR("can't get domain path in store"); ++ ++ ret = asprintf(&path, "/local/domain/0/device-model/%i/logdirty/ret", domid); ++ if (ret < 0) { ++ ERROR("Couldn't construct xenstore path"); + exit(1); + } +- if (!(path = realloc(path, strlen(path) +- + 10 +- + strlen("/logdirty/cmd") + 1))) { +- PERROR("no memory for constructing xenstore path"); +- exit(1); +- } +- snprintf(path + strlen(path), 11, "%i", domid); +- strcat(path, "/logdirty/"); +- p = path + strlen(path); +- ++ /* Pointer to directory */ ++ dir_p = path + ret - 3; + + /* Watch for qemu's return value */ +- strcpy(p, "ret"); +- if (!xs_watch(xs, path, "qemu-logdirty-ret")) +- { +- ERROR("can't set watch in store (%s)\n", path); ++ if (!xs_watch(xs, path, "qemu-logdirty-ret")) { ++ PERROR("can't set watch in store (%s)", path); + exit(1); + } + +- if (!(cmd_str = strdup( enable == 0 ? "disable" : "enable"))) { +- PERROR("can't get logdirty cmd path in store"); ++ cmd_str = enable ? "enable" : "disable"; ++ ++ /* Tell qemu that we want it to start logging dirty pages to Xen */ ++ strcpy(dir_p, "cmd"); ++ if (!xs_write(xs, XBT_NULL, path, cmd_str, strlen(cmd_str))) { ++ PERROR("can't write to store path (%s)", path); + exit(1); + } + +- /* Tell qemu that we want it to start logging dirty page to Xen */ +- strcpy(p, "cmd"); +- if (!xs_write(xs, XBT_NULL, path, cmd_str, strlen(cmd_str))) { +- PERROR("can't write to store path (%s)\n", path); +- exit(1); +- } ++ /* Restore initial path */ ++ strcpy(dir_p, "ret"); ++ /* Wait a while for qemu to signal that it has serviced logdirty command */ ++ do { ++ tv.tv_sec = 5; ++ tv.tv_usec = 0; ++ FD_ZERO(&fdset); ++ FD_SET(xs_fileno(xs), &fdset); ++ errno = 0; + +- /* Wait a while for qemu to signal that it has service logdirty command */ +- read_again: +- tv.tv_sec = 5; +- tv.tv_usec = 0; +- FD_ZERO(&fdset); +- FD_SET(xs_fileno(xs), &fdset); +- +- if ((select(xs_fileno(xs) + 1, &fdset, NULL, NULL, &tv)) != 1) { +- PERROR("timed out waiting for qemu logdirty response.\n"); +- exit(1); +- } +- +- watch = xs_read_watch(xs, &len); +- free(watch); +- +- strcpy(p, "ret"); +- ret_str = xs_read(xs, XBT_NULL, path, &len); +- if (ret_str == NULL || strcmp(ret_str, cmd_str)) ++ if ((select(xs_fileno(xs) + 1, &fdset, NULL, NULL, &tv)) != 1) { ++ PERROR("timed out waiting for qemu logdirty response."); ++ exit(1); ++ } ++ ++ watch = xs_read_watch(xs, &len); ++ free(watch); ++ ++ ret_str = xs_read(xs, XBT_NULL, path, &len); ++ again = ret_str == NULL || strcmp(ret_str, cmd_str); ++ WPRINTF("Got '%s' from logdirty%s.\n", ret_str, again ? ", retrying" : ""); ++ free(ret_str); + /* Watch fired but value is not yet right */ +- goto read_again; ++ } while (again); + + free(path); +- free(cmd_str); +- free(ret_str); + + return 0; + } diff --git a/xen.migrate.tools_add_xm_migrate_--log_progress_option.patch b/xen.migrate.tools_add_xm_migrate_--log_progress_option.patch new file mode 100644 index 0000000..d7a9426 --- /dev/null +++ b/xen.migrate.tools_add_xm_migrate_--log_progress_option.patch @@ -0,0 +1,138 @@ +user: Olaf Hering +date: Wed Mar 06 17:05:15 2013 +0100 +files: tools/libxc/xenguest.h tools/python/xen/xend/XendCheckpoint.py tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xm/migrate.py tools/xcutils/xc_save.c +description: +tools: add xm migrate --log_progress option + +xc_domain_save does print progress messages. These verbose messages are +disabled per default to avoid flood in xend.log. Sometimes it is helpful +to see progress when migrating large and busy guests. So add a new +option to xm migrate to actually enable the printing of progress +messsages. + +xl migrate is not modified with this change because it does not use the +stdio logger. + +Signed-off-by: Olaf Hering + + +diff -r 29c66a248f5b -r d8ef4a83760f tools/libxc/xenguest.h +--- a/tools/libxc/xenguest.h ++++ b/tools/libxc/xenguest.h +@@ -29,6 +29,7 @@ + #define XCFLAGS_STDVGA (1 << 3) + #define XCFLAGS_CHECKPOINT_COMPRESS (1 << 4) + #define XCFLAGS_DOMSAVE_ABORT_IF_BUSY (1 << 5) ++#define XCFLAGS_PROGRESS (1 << 6) + + #define X86_64_B_SIZE 64 + #define X86_32_B_SIZE 32 +diff -r 29c66a248f5b -r d8ef4a83760f tools/python/xen/xend/XendCheckpoint.py +--- a/tools/python/xen/xend/XendCheckpoint.py ++++ b/tools/python/xen/xend/XendCheckpoint.py +@@ -121,16 +121,19 @@ def save(fd, dominfo, network, live, dst + max_iters = dominfo.info.get('max_iters', "0") + max_factor = dominfo.info.get('max_factor', "0") + abort_if_busy = dominfo.info.get('abort_if_busy', "0") ++ log_save_progress = dominfo.info.get('log_save_progress', "0") + if max_iters == "None": + max_iters = "0" + if max_factor == "None": + max_factor = "0" + if abort_if_busy == "None": + abort_if_busy = "0" ++ if log_save_progress == "None": ++ log_save_progress = "0" + cmd = [xen.util.auxbin.pathTo(XC_SAVE), str(fd), + str(dominfo.getDomid()), + max_iters, max_factor, +- str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) ) ] ++ str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) | (int(log_save_progress) << 6) ) ] + log.debug("[xc_save]: %s", string.join(cmd)) + + def saveInputHandler(line, tochild): +diff -r 29c66a248f5b -r d8ef4a83760f tools/python/xen/xend/XendDomain.py +--- a/tools/python/xen/xend/XendDomain.py ++++ b/tools/python/xen/xend/XendDomain.py +@@ -1832,17 +1832,18 @@ class XendDomain: + log.exception(ex) + raise XendError(str(ex)) + +- def domain_migrate_constraints_set(self, domid, max_iters, max_factor, abort_if_busy): ++ def domain_migrate_constraints_set(self, domid, max_iters, max_factor, abort_if_busy, log_save_progress): + """Set the Migrate Constraints of this domain. + @param domid: Domain ID or Name + @param max_iters: Number of iterations before final suspend + @param max_factor: Max amount of memory to transfer before final suspend + @param abort_if_busy: Abort migration instead of doing final suspend ++ @param log_save_progress: Log progress of migrate to xend.log + """ + dominfo = self.domain_lookup_nr(domid) + if not dominfo: + raise XendInvalidDomain(str(domid)) +- dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy) ++ dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy, log_save_progress) + + def domain_maxmem_set(self, domid, mem): + """Set the memory limit for a domain. +diff -r 29c66a248f5b -r d8ef4a83760f tools/python/xen/xend/XendDomainInfo.py +--- a/tools/python/xen/xend/XendDomainInfo.py ++++ b/tools/python/xen/xend/XendDomainInfo.py +@@ -1459,17 +1459,19 @@ class XendDomainInfo: + pci_conf = self.info['devices'][dev_uuid][1] + return map(pci_dict_to_bdf_str, pci_conf['devs']) + +- def setMigrateConstraints(self, max_iters, max_factor, abort_if_busy): ++ def setMigrateConstraints(self, max_iters, max_factor, abort_if_busy, log_save_progress): + """Set the Migrate Constraints of this domain. + @param max_iters: Number of iterations before final suspend + @param max_factor: Max amount of memory to transfer before final suspend + @param abort_if_busy: Abort migration instead of doing final suspend ++ @param log_save_progress: Log progress of migrate to xend.log + """ + log.debug("Setting migration constraints of domain %s (%s) to '%s' '%s' '%s'.", + self.info['name_label'], str(self.domid), max_iters, max_factor, abort_if_busy) + self.info['max_iters'] = str(max_iters) + self.info['max_factor'] = str(max_factor) + self.info['abort_if_busy'] = str(abort_if_busy) ++ self.info['log_save_progress'] = str(log_save_progress) + + def setMemoryTarget(self, target): + """Set the memory target of this domain. +diff -r 29c66a248f5b -r d8ef4a83760f tools/python/xen/xm/migrate.py +--- a/tools/python/xen/xm/migrate.py ++++ b/tools/python/xen/xm/migrate.py +@@ -67,6 +67,10 @@ gopts.opt('abort_if_busy', short='A', + fn=set_true, default=0, + use="Abort migration instead of doing final suspend.") + ++gopts.opt('log_progress', ++ fn=set_true, default=0, ++ use="Log progress of migration to xend.log") ++ + def help(): + return str(gopts) + +@@ -95,7 +99,8 @@ def main(argv): + server.xend.domain.migrate_constraints_set(dom, + opts.vals.max_iters, + opts.vals.max_factor, +- opts.vals.abort_if_busy) ++ opts.vals.abort_if_busy, ++ opts.vals.log_progress) + server.xend.domain.migrate(dom, dst, opts.vals.live, + opts.vals.port, + opts.vals.node, +diff -r 29c66a248f5b -r d8ef4a83760f tools/xcutils/xc_save.c +--- a/tools/xcutils/xc_save.c ++++ b/tools/xcutils/xc_save.c +@@ -197,7 +197,8 @@ main(int argc, char **argv) + si.suspend_evtchn = -1; + + lvl = si.flags & XCFLAGS_DEBUG ? XTL_DEBUG: XTL_DETAIL; +- lflags = XTL_STDIOSTREAM_SHOW_PID | XTL_STDIOSTREAM_HIDE_PROGRESS; ++ lflags = XTL_STDIOSTREAM_SHOW_PID; ++ lflags |= si.flags & XCFLAGS_PROGRESS ? 0 : XTL_STDIOSTREAM_HIDE_PROGRESS; + l = (xentoollog_logger *)xtl_createlogger_stdiostream(stderr, lvl, lflags); + xch = si.xch = xc_interface_open(l, 0, 0); + if (!si.xch) diff --git a/xen.migrate.tools_set_migration_constraints_from_cmdline.patch b/xen.migrate.tools_set_migration_constraints_from_cmdline.patch new file mode 100644 index 0000000..a437c28 --- /dev/null +++ b/xen.migrate.tools_set_migration_constraints_from_cmdline.patch @@ -0,0 +1,223 @@ +user: Olaf Hering +date: Wed Mar 06 17:05:14 2013 +0100 +files: docs/man/xl.pod.1 tools/libxc/xc_domain_save.c tools/libxc/xenguest.h tools/libxl/Makefile tools/libxl/libxl.c tools/libxl/libxl.h tools/libxl/libxl_dom.c tools/libxl/libxl_internal.h tools/libxl/libxl_save_callout.c tools/libxl/xl_cmdimpl.c tools/libxl/xl_cmdtable.c tools/python/xen/xend/XendCheckpoint.py tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xm/migrate.py +description: +tools: set migration constraints from cmdline + +Add new options to xm/xl migrate to control the process of migration. +The intention is to optionally abort the migration if it takes too long +to migrate a busy guest due to the high number of dirty pages. Currently +the guest is suspended to transfer the remaining dirty pages. This +transfer can take too long, which can confuse the guest if its suspended +for too long. + +-M Number of iterations before final suspend (default: 30) +--max_iters + +-m Max amount of memory to transfer before final suspend (default: 3*RAM) +--max_factor + +-A Abort migration instead of doing final suspend. +--abort_if_busy + + + +The changes to libxl change the API, handle LIBXL_API_VERSION == 0x040200. + +TODO: + eventually add also --min_remaining (default value 50) in a seperate patch + +v6: + - update the LIBXL_API_VERSION handling for libxl_domain_suspend + change it to an inline function if LIBXL_API_VERSION is defined to 4.2.0 + - rename libxl_save_properties to libxl_domain_suspend_properties + - rename ->xlflags to ->flags within that struct + +v5: + - adjust libxl_domain_suspend prototype, move flags, max_iters, + max_factor into a new, optional struct libxl_save_properties + - rename XCFLAGS_DOMSAVE_NOSUSPEND to XCFLAGS_DOMSAVE_ABORT_IF_BUSY + - rename LIBXL_SUSPEND_NO_FINAL_SUSPEND to LIBXL_SUSPEND_ABORT_IF_BUSY + - rename variables no_suspend to abort_if_busy + - rename option -N/--no_suspend to -A/--abort_if_busy + - update xl.1, extend description of -A option + +v4: + - update default for no_suspend from None to 0 in XendCheckpoint.py:save + - update logoutput in setMigrateConstraints + - change xm migrate defaults from None to 0 + - add new options to xl.1 + - fix syntax error in XendDomain.py:domain_migrate_constraints_set + - fix xm migrate -N option name to match xl migrate + +v3: + - move logic errors in libxl__domain_suspend and fixed help text in + cmd_table to separate patches + - fix syntax error in XendCheckpoint.py + - really pass max_iters and max_factor in libxl__xc_domain_save + - make libxl_domain_suspend_0x040200 declaration globally visible + - bump libxenlight.so SONAME from 2.0 to 2.1 due to changed + libxl_domain_suspend + +v2: + - use LIBXL_API_VERSION and define libxl_domain_suspend_0x040200 + - fix logic error in min_reached check in xc_domain_save + - add longopts + - update --help text + - correct description of migrate --help text + +Signed-off-by: Olaf Hering + + +Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c +@@ -813,6 +813,7 @@ int xc_domain_save(xc_interface *xch, in + int rc = 1, frc, i, j, last_iter = 0, iter = 0; + int live = (flags & XCFLAGS_LIVE); + int debug = (flags & XCFLAGS_DEBUG); ++ int abort_if_busy = (flags & XCFLAGS_DOMSAVE_ABORT_IF_BUSY); + int superpages = !!hvm; + int race = 0, sent_last_iter, skip_this_iter = 0; + unsigned int sent_this_iter = 0; +@@ -1525,10 +1526,20 @@ int xc_domain_save(xc_interface *xch, in + + if ( live ) + { ++ int min_reached = sent_this_iter + skip_this_iter < 50; + if ( (iter >= max_iters) || +- (sent_this_iter+skip_this_iter < 50) || ++ min_reached || + (total_sent > dinfo->p2m_size*max_factor) ) + { ++ if ( !min_reached && abort_if_busy ) ++ { ++ ERROR("Live migration aborted, as requested. (guest too busy?)" ++ " total_sent %lu iter %d, max_iters %u max_factor %u", ++ total_sent, iter, max_iters, max_factor); ++ rc = 1; ++ goto out; ++ } ++ + DPRINTF("Start last iteration\n"); + last_iter = 1; + +Index: xen-4.2.1-testing/tools/libxc/xenguest.h +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xenguest.h ++++ xen-4.2.1-testing/tools/libxc/xenguest.h +@@ -28,6 +28,7 @@ + #define XCFLAGS_HVM (1 << 2) + #define XCFLAGS_STDVGA (1 << 3) + #define XCFLAGS_CHECKPOINT_COMPRESS (1 << 4) ++#define XCFLAGS_DOMSAVE_ABORT_IF_BUSY (1 << 5) + + #define X86_64_B_SIZE 64 + #define X86_32_B_SIZE 32 +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -118,9 +118,19 @@ def save(fd, dominfo, network, live, dst + # enabled. Passing "0" simply uses the defaults compiled into + # libxenguest; see the comments and/or code in xc_linux_save() for + # more information. ++ max_iters = dominfo.info.get('max_iters', "0") ++ max_factor = dominfo.info.get('max_factor', "0") ++ abort_if_busy = dominfo.info.get('abort_if_busy', "0") ++ if max_iters == "None": ++ max_iters = "0" ++ if max_factor == "None": ++ max_factor = "0" ++ if abort_if_busy == "None": ++ abort_if_busy = "0" + cmd = [xen.util.auxbin.pathTo(XC_SAVE), str(fd), +- str(dominfo.getDomid()), "0", "0", +- str(int(live) | (int(hvm) << 2)) ] ++ str(dominfo.getDomid()), ++ max_iters, max_factor, ++ str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) ) ] + log.debug("[xc_save]: %s", string.join(cmd)) + + def saveInputHandler(line, tochild): +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +@@ -1832,6 +1832,18 @@ class XendDomain: + log.exception(ex) + raise XendError(str(ex)) + ++ def domain_migrate_constraints_set(self, domid, max_iters, max_factor, abort_if_busy): ++ """Set the Migrate Constraints of this domain. ++ @param domid: Domain ID or Name ++ @param max_iters: Number of iterations before final suspend ++ @param max_factor: Max amount of memory to transfer before final suspend ++ @param abort_if_busy: Abort migration instead of doing final suspend ++ """ ++ dominfo = self.domain_lookup_nr(domid) ++ if not dominfo: ++ raise XendInvalidDomain(str(domid)) ++ dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy) ++ + def domain_maxmem_set(self, domid, mem): + """Set the memory limit for a domain. + +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1459,6 +1459,18 @@ class XendDomainInfo: + pci_conf = self.info['devices'][dev_uuid][1] + return map(pci_dict_to_bdf_str, pci_conf['devs']) + ++ def setMigrateConstraints(self, max_iters, max_factor, abort_if_busy): ++ """Set the Migrate Constraints of this domain. ++ @param max_iters: Number of iterations before final suspend ++ @param max_factor: Max amount of memory to transfer before final suspend ++ @param abort_if_busy: Abort migration instead of doing final suspend ++ """ ++ log.debug("Setting migration constraints of domain %s (%s) to '%s' '%s' '%s'.", ++ self.info['name_label'], str(self.domid), max_iters, max_factor, abort_if_busy) ++ self.info['max_iters'] = str(max_iters) ++ self.info['max_factor'] = str(max_factor) ++ self.info['abort_if_busy'] = str(abort_if_busy) ++ + def setMemoryTarget(self, target): + """Set the memory target of this domain. + @param target: In MiB. +Index: xen-4.2.1-testing/tools/python/xen/xm/migrate.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xm/migrate.py ++++ xen-4.2.1-testing/tools/python/xen/xm/migrate.py +@@ -55,6 +55,18 @@ gopts.opt('change_home_server', short='c + fn=set_true, default=0, + use="Change home server for managed domains.") + ++gopts.opt('max_iters', short='M', val='max_iters', ++ fn=set_int, default=0, ++ use="Number of iterations before final suspend (default: 30).") ++ ++gopts.opt('max_factor', short='m', val='max_factor', ++ fn=set_int, default=0, ++ use="Max amount of memory to transfer before final suspend (default: 3*RAM).") ++ ++gopts.opt('abort_if_busy', short='A', ++ fn=set_true, default=0, ++ use="Abort migration instead of doing final suspend.") ++ + def help(): + return str(gopts) + +@@ -80,6 +92,10 @@ def main(argv): + server.xenapi.VM.migrate(vm_ref, dst, bool(opts.vals.live), + other_config) + else: ++ server.xend.domain.migrate_constraints_set(dom, ++ opts.vals.max_iters, ++ opts.vals.max_factor, ++ opts.vals.abort_if_busy) + server.xend.domain.migrate(dom, dst, opts.vals.live, + opts.vals.port, + opts.vals.node, diff --git a/xen.spec b/xen.spec index bc2357f..8a6a810 100644 --- a/xen.spec +++ b/xen.spec @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 @@ -114,7 +115,7 @@ BuildRequires: kernel-syms BuildRequires: module-init-tools BuildRequires: xorg-x11 %endif -Version: 4.2.1_06 +Version: 4.2.1_11 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -250,7 +251,7 @@ Patch26532: 26532-AMD-IOMMU-phantom-MSI.patch Patch26536: 26536-xenoprof-div-by-0.patch Patch26547: 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch Patch26548: 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch -Patch26549: 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch +Patch26549: 26549-tools-xc_turn_XCFLAGS__into_shifts.patch Patch26550: 26550-tools-xc_restore_logging_in_xc_save.patch Patch26551: 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch Patch26554: 26554-hvm-firmware-passthrough.patch @@ -259,8 +260,29 @@ Patch26556: 26556-hvm-firmware-passthrough.patch Patch26576: 26576-x86-APICV-migration.patch Patch26577: 26577-x86-APICV-x2APIC.patch Patch26578: 26578-AMD-IOMMU-replace-BUG_ON.patch +Patch26585: 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch +Patch26595: 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch +Patch26601: 26601-honor-ACPI-v4-FADT-flags.patch +Patch26656: 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch +Patch26659: 26659-AMD-IOMMU-erratum-746-workaround.patch +Patch26660: 26660-x86-fix-CMCI-injection.patch +Patch26672: 26672-vmx-fix-handling-of-NMI-VMEXIT.patch +Patch26673: 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch +Patch26675: 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch +Patch26676: 26676-fix-compat-memory-exchange-op-splitting.patch +Patch26677: 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch +Patch26678: 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch +Patch26679: 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch +Patch26683: 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch +Patch26686: 26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch +Patch26689: 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch Patch34: CVE-2013-0151-xsa34.patch Patch41: CVE-2012-6075-xsa41.patch +Patch88: xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch +Patch89: xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch +Patch90: xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch +Patch91: xen.migrate.tools_set_migration_constraints_from_cmdline.patch +Patch92: xen.migrate.tools_add_xm_migrate_--log_progress_option.patch # Upstream qemu patches Patch100: VNC-Support-for-ExtendedKeyEvent-client-message.patch # Our patches @@ -357,6 +379,7 @@ Patch461: xen-glibc217.patch Patch462: xen-migration-bridge-check.patch Patch463: pygrub-netware-xnloader.patch Patch464: xen-managed-pci-device.patch +Patch465: xend-hvm-firmware-passthrough.patch # Jim's domain lock patch Patch480: xend-domain-lock.patch Patch481: xend-domain-lock-sfex.patch @@ -812,7 +835,28 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26576 -p1 %patch26577 -p1 %patch26578 -p1 +%patch26585 -p1 +%patch26595 -p1 +%patch26601 -p1 +%patch26656 -p1 +%patch26659 -p1 +%patch26660 -p1 +%patch26672 -p1 +%patch26673 -p1 +%patch26675 -p1 +%patch26676 -p1 +%patch26677 -p1 +%patch26678 -p1 +%patch26679 -p1 +%patch26683 -p1 +%patch26686 -p1 +%patch26689 -p1 %patch41 -p1 +%patch88 -p1 +%patch89 -p1 +%patch90 -p1 +%patch91 -p1 +%patch92 -p1 # Qemu %patch100 -p1 # Our patches @@ -906,6 +950,7 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch462 -p1 %patch463 -p1 %patch464 -p1 +%patch465 -p1 %patch480 -p1 %patch481 -p1 %patch500 -p1 @@ -982,6 +1027,7 @@ export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS" %if %{?with_dom0_support}0 +export BRP_PESIGN_FILES="*.ko *.efi /lib/firmware" # EFI %ifarch x86_64 make -C xen install \ @@ -1045,7 +1091,6 @@ make -C tools/misc/serial-split install \ %if %{?with_kmp}0 export INSTALL_MOD_PATH=$RPM_BUILD_ROOT export INSTALL_MOD_DIR=updates -#export BRP_PESIGN_FILES="*.ko /lib/firmware" mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d for flavor in %flavors_to_build; do make -C /usr/src/linux-obj/%_target_cpu/$flavor modules_install \ diff --git a/xenalyze.hg.tar.bz2 b/xenalyze.hg.tar.bz2 index 46732d4..2dd1142 100644 --- a/xenalyze.hg.tar.bz2 +++ b/xenalyze.hg.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:006b68099906f6f0846e8a7d7ded8bc8f3abfbcc1c4daac013a4eaa9aefb344f -size 124265 +oid sha256:36aabe13da4b7ca0e0f9b61fa1442823e437585ef56b604ab077af20bb93ef67 +size 126674 diff --git a/xenapi-console-protocol.patch b/xenapi-console-protocol.patch index 341827b..a427b44 100644 --- a/xenapi-console-protocol.patch +++ b/xenapi-console-protocol.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3940,6 +3940,14 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3954,6 +3954,14 @@ class XendDomainInfo: if not config.has_key('backend'): config['backend'] = "00000000-0000-0000-0000-000000000000" diff --git a/xend-console-port-restore.patch b/xend-console-port-restore.patch index 7f371a3..04f954d 100644 --- a/xend-console-port-restore.patch +++ b/xend-console-port-restore.patch @@ -3,11 +3,11 @@ xenstore. See bnc#706574 From: Chunyan Liu -Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -329,8 +329,7 @@ def restore(xd, fd, dominfo = None, paus +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -342,8 +342,7 @@ def restore(xd, fd, dominfo = None, paus restore_image.setCpuid() # xc_restore will wait for source to close connection @@ -17,11 +17,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py # # We shouldn't hold the domains_lock over a waitForDevices -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3062,7 +3062,7 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3076,7 +3076,7 @@ class XendDomainInfo: # TODO: recategorise - called from XendCheckpoint # @@ -30,7 +30,7 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py log.debug("XendDomainInfo.completeRestore") -@@ -3073,6 +3073,7 @@ class XendDomainInfo: +@@ -3087,6 +3087,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self.image.createDeviceModel(True) diff --git a/xend-core-dump-loc.diff b/xend-core-dump-loc.diff index 6aa1939..0863a09 100644 --- a/xend-core-dump-loc.diff +++ b/xend-core-dump-loc.diff @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2304,7 +2304,7 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2318,7 +2318,7 @@ class XendDomainInfo: # To prohibit directory traversal based_name = os.path.basename(self.info['name_label']) diff --git a/xend-domain-lock-sfex.patch b/xend-domain-lock-sfex.patch index 1e30175..6556aad 100644 --- a/xend-domain-lock-sfex.patch +++ b/xend-domain-lock-sfex.patch @@ -223,7 +223,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -4554,8 +4554,14 @@ class XendDomainInfo: +@@ -4570,8 +4570,14 @@ class XendDomainInfo: # Return name of host contained in lock file. def get_lock_host(self, path): @@ -240,7 +240,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py hostname = "unknown" try: -@@ -4577,6 +4583,16 @@ class XendDomainInfo: +@@ -4593,6 +4599,16 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) @@ -257,7 +257,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py try: if not os.path.exists(path): mkdir.parents(path, stat.S_IRWXU) -@@ -4584,12 +4600,7 @@ class XendDomainInfo: +@@ -4600,12 +4616,7 @@ class XendDomainInfo: log.exception("%s could not be created." % path) raise XendError("%s could not be created." % path) @@ -271,7 +271,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py if status != 0: log.debug("Failed to aqcuire lock: status = %d" % status) raise XendError("The VM is locked and appears to be running on host %s." % self.get_lock_host(path)) -@@ -4606,12 +4617,18 @@ class XendDomainInfo: +@@ -4622,12 +4633,18 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) diff --git a/xend-domain-lock.patch b/xend-domain-lock.patch index 1ad5126..8ad8b77 100644 --- a/xend-domain-lock.patch +++ b/xend-domain-lock.patch @@ -17,8 +17,8 @@ Index: xen-4.2.1-testing/tools/examples/xend-config.sxp #(pci-passthrough-strict-check yes) +# Domain Locking -+# In a multihost environment, domain locking prevents simultaneously -+# running a domain on more than one host. ++# In a multihost environment, domain locking provides a simple mechanism that ++# prevents simultaneously running a domain on more than one host. +# +# If enabled, xend will execute a external lock utility (defined below) +# on each domain start and stop event. Disabled by default. Set to yes @@ -71,7 +71,7 @@ Index: xen-4.2.1-testing/tools/examples/xend-config.sxp +# when HostA, running vm1, crashes. HostB could not acquire a +# lock for vm1 since the NFS server holds an exclusive lock +# acquired by HostA. The lock file must be manually removed -+# before starting vm1 on HostA. ++# before starting vm1 on HostB. +# +#(xend-domain-lock-utility domain-lock) + @@ -228,16 +228,29 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -130,6 +130,8 @@ def save(fd, dominfo, network, live, dst - dominfo.shutdown('suspend') - dominfo.waitForSuspend() - if line in ('suspend', 'suspended'): -+ if checkpoint == False: -+ dominfo.release_running_lock(domain_name) - dominfo.migrateDevices(network, dst, DEV_MIGRATE_STEP2, - domain_name) - log.info("Domain %d suspended.", dominfo.getDomid()) -@@ -353,6 +355,7 @@ def restore(xd, fd, dominfo = None, paus +@@ -136,6 +136,11 @@ def save(fd, dominfo, network, live, dst + str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) | (int(log_save_progress) << 6) ) ] + log.debug("[xc_save]: %s", string.join(cmd)) + ++ # It is safe to release the domain lock at this point if not ++ # checkpointing ++ if checkpoint == False: ++ dominfo.release_running_lock(domain_name) ++ + def saveInputHandler(line, tochild): + log.debug("In saveInputHandler %s", line) + if line == "suspend": +@@ -200,6 +205,9 @@ def save(fd, dominfo, network, live, dst + log.exception("Save failed on domain %s (%s) - resuming.", domain_name, + dominfo.getDomid()) + dominfo.resumeDomain() ++ # Reacquire the domain lock ++ if checkpoint == False: ++ dominfo.acquire_running_lock() + + try: + dominfo.setName(domain_name) +@@ -366,6 +374,7 @@ def restore(xd, fd, dominfo = None, paus if not paused: dominfo.unpause() @@ -257,7 +270,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py XendTask.log_progress(0, 30, self._constructDomain) XendTask.log_progress(31, 60, self._initDomain) -@@ -3037,6 +3038,11 @@ class XendDomainInfo: +@@ -3053,6 +3054,11 @@ class XendDomainInfo: self._stateSet(DOM_STATE_HALTED) self.domid = None # Do not push into _stateSet()! @@ -269,7 +282,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py finally: self.refresh_shutdown_lock.release() -@@ -4546,6 +4552,74 @@ class XendDomainInfo: +@@ -4562,6 +4568,74 @@ class XendDomainInfo: def has_device(self, dev_class, dev_uuid): return (dev_uuid in self.info['%s_refs' % dev_class.lower()]) diff --git a/xend-hvm-firmware-passthrough.patch b/xend-hvm-firmware-passthrough.patch new file mode 100644 index 0000000..30680b7 --- /dev/null +++ b/xend-hvm-firmware-passthrough.patch @@ -0,0 +1,277 @@ +fate#313584: pass bios information to XEN HVM guest + +Index: xen-4.2.1-testing/tools/python/xen/xm/create.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/create.py +@@ -491,6 +491,14 @@ gopts.var('nfs_root', val="PATH", + fn=set_value, default=None, + use="Set the path of the root NFS directory.") + ++gopts.var('smbios_firmware', val='FILE', ++ fn=set_value, default=None, ++ use="Path to a file that contains extra SMBIOS firmware structures.") ++ ++gopts.var('acpi_firmware', val='FILE', ++ fn=set_value, default=None, ++ use="Path to a file that contains extra ACPI firmware tables.") ++ + gopts.var('device_model', val='FILE', + fn=set_value, default=None, + use="Path to device model program.") +@@ -1097,6 +1105,7 @@ def configure_hvm(config_image, vals): + 'boot', + 'cpuid', 'cpuid_check', + 'device_model', 'display', ++ 'smbios_firmware', 'acpi_firmware', + 'fda', 'fdb', + 'gfx_passthru', 'guest_os_type', + 'hap', 'hpet', +Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xm/xenapi_create.py ++++ xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +@@ -1086,6 +1086,8 @@ class sxp2xml: + 'apic', + 'boot', + 'device_model', ++ 'smbios_firmware', ++ 'acpi_firmware', + 'loader', + 'fda', + 'fdb', +Index: xen-4.2.1-testing/tools/python/xen/xend/image.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.1-testing/tools/python/xen/xend/image.py +@@ -17,7 +17,7 @@ + #============================================================================ + + +-import os, os.path, string ++import os, os.path, string, struct, stat + import re + import math + import time +@@ -123,6 +123,8 @@ class ImageHandler: + + self.device_model = vmConfig['platform'].get('device_model') + ++ self.smbios_firmware =(str(vmConfig['platform'].get('smbios_firmware'))) ++ self.acpi_firmware =(str(vmConfig['platform'].get('acpi_firmware'))) + self.display = vmConfig['platform'].get('display') + self.xauthority = vmConfig['platform'].get('xauthority') + self.vncconsole = int(vmConfig['platform'].get('vncconsole', 0)) +@@ -945,6 +947,38 @@ class HVMImageHandler(ImageHandler): + self.vm.getDomid() ]) + return args + ++ def _readFirmwareFile(self, filename): ++ # Sanity check ++ if filename is None or filename.strip() == "": ++ size = struct.pack('i', int(0)) ++ return size + "" ++ ++ log.debug("Reading firmware file %s", filename) ++ # Open ++ try: ++ fd = os.open(filename, os.O_RDONLY) ++ except Exception, e: ++ raise VmError('Unable to open firmware file %s' % filename) ++ ++ # Validate file size ++ statinfo = os.fstat(fd) ++ if statinfo.st_size == 0 or statinfo.st_size > sys.maxint: ++ os.close(fd) ++ raise VmError('Firmware file %s is an invalid size' % filename) ++ if not stat.S_ISREG(statinfo.st_mode): ++ os.close(fd) ++ raise VmError('Firmware file %s is an invalid file type' % filename) ++ size = struct.pack('i', statinfo.st_size) ++ ++ # Read entire file ++ try: ++ buf = os.read(fd, statinfo.st_size) ++ except Exception, e: ++ os.close(fd) ++ raise VmError('Failed reading firmware file %s' % filename) ++ os.close(fd) ++ return size+buf ++ + def buildDomain(self): + store_evtchn = self.vm.getStorePort() + +@@ -960,6 +994,8 @@ class HVMImageHandler(ImageHandler): + log.debug("vcpu_avail = %li", self.vm.getVCpuAvail()) + log.debug("acpi = %d", self.acpi) + log.debug("apic = %d", self.apic) ++ log.debug("smbios_firmware= %s", self.smbios_firmware) ++ log.debug("acpi_firmware = %s", self.acpi_firmware) + + rc = xc.hvm_build(domid = self.vm.getDomid(), + image = self.loader, +@@ -968,7 +1004,9 @@ class HVMImageHandler(ImageHandler): + vcpus = self.vm.getVCpuCount(), + vcpu_avail = self.vm.getVCpuAvail(), + acpi = self.acpi, +- apic = self.apic) ++ apic = self.apic, ++ smbios_firmware= self._readFirmwareFile(self.smbios_firmware), ++ acpi_firmware = self._readFirmwareFile(self.acpi_firmware)) + rc['notes'] = { 'SUSPEND_CANCEL': 1 } + + rc['store_mfn'] = xc.hvm_get_param(self.vm.getDomid(), +Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +@@ -147,6 +147,8 @@ XENAPI_PLATFORM_CFG_TYPES = { + 'apic': int, + 'boot': str, + 'device_model': str, ++ 'smbios_firmware': str, ++ 'acpi_firmware': str, + 'loader': str, + 'display' : str, + 'fda': str, +@@ -515,6 +517,10 @@ class XendConfig(dict): + self['platform']['nomigrate'] = 0 + + if self.is_hvm(): ++ if 'smbios_firmware' not in self['platform']: ++ self['platform']['smbios_firmware'] = "" ++ if 'acpi_firmware' not in self['platform']: ++ self['platform']['acpi_firmware'] = "" + if 'timer_mode' not in self['platform']: + self['platform']['timer_mode'] = 1 + if 'viridian' not in self['platform']: +Index: xen-4.2.1-testing/tools/python/xen/lowlevel/xc/xc.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/lowlevel/xc/xc.c ++++ xen-4.2.1-testing/tools/python/xen/lowlevel/xc/xc.c +@@ -942,18 +942,23 @@ static PyObject *pyxc_hvm_build(XcObject + struct hvm_info_table *va_hvm; + uint8_t *va_map, sum; + #endif +- int i; +- char *image; ++ int i, datalen; ++ char *image, *smbios_str, *acpi_str; + int memsize, target=-1, vcpus = 1, acpi = 0, apic = 1; ++ PyObject *acpi_firmware = NULL; ++ PyObject *smbios_firmware = NULL; + PyObject *vcpu_avail_handle = NULL; + uint8_t vcpu_avail[(HVM_MAX_VCPUS + 7)/8]; ++ struct xc_hvm_build_args hvm_args = {}; + + static char *kwd_list[] = { "domid", + "memsize", "image", "target", "vcpus", +- "vcpu_avail", "acpi", "apic", NULL }; +- if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiOii", kwd_list, ++ "vcpu_avail", "acpi", "apic", ++ "smbios_firmware", "acpi_firmware", NULL }; ++ if ( !PyArg_ParseTupleAndKeywords(args, kwds, "iis|iiOiiOO", kwd_list, + &dom, &memsize, &image, &target, &vcpus, +- &vcpu_avail_handle, &acpi, &apic) ) ++ &vcpu_avail_handle, &acpi, ++ &apic, &smbios_firmware, &acpi_firmware) ) + return NULL; + + memset(vcpu_avail, 0, sizeof(vcpu_avail)); +@@ -984,8 +989,38 @@ static PyObject *pyxc_hvm_build(XcObject + if ( target == -1 ) + target = memsize; + +- if ( xc_hvm_build_target_mem(self->xc_handle, dom, memsize, +- target, image) != 0 ) ++ memset(&hvm_args, 0, sizeof(struct xc_hvm_build_args)); ++ hvm_args.mem_size = (uint64_t)memsize << 20; ++ hvm_args.mem_target = (uint64_t)target << 20; ++ hvm_args.image_file_name = image; ++ ++ if ( PyString_Check(smbios_firmware ) ) ++ { ++ smbios_str = PyString_AsString(smbios_firmware); ++ if ( smbios_str ) ++ { ++ datalen = *(int *)smbios_str; ++ if ( datalen ) { ++ hvm_args.smbios_module.data = &((uint8_t *)smbios_str)[4]; ++ hvm_args.smbios_module.length = (uint32_t)datalen; ++ } ++ } ++ } ++ ++ if ( PyString_Check(acpi_firmware ) ) ++ { ++ acpi_str = PyString_AsString(acpi_firmware); ++ if (acpi_str) ++ { ++ datalen = *(int *)acpi_str; ++ if ( datalen ) { ++ hvm_args.acpi_module.data = &((uint8_t *)acpi_str)[4]; ++ hvm_args.acpi_module.length = (uint32_t)datalen; ++ } ++ } ++ } ++ ++ if ( xc_hvm_build(self->xc_handle, dom, &hvm_args) != 0 ) + return pyxc_error_to_exception(self->xc_handle); + + #if !defined(__ia64__) +Index: xen-4.2.1-testing/docs/man/xmdomain.cfg.pod.5 +=================================================================== +--- xen-4.2.1-testing.orig/docs/man/xmdomain.cfg.pod.5 ++++ xen-4.2.1-testing/docs/man/xmdomain.cfg.pod.5 +@@ -243,6 +243,25 @@ this the xen kernel must be compiled wit + + This defaults to 1, meaning running the domain as a UP. + ++=item B ++ ++Specify a path to a file that contains extra ACPI firmware tables to pass in to ++a guest. The file can contain several tables in their binary AML form ++concatenated together. Each table self describes its length so no additional ++information is needed. These tables will be added to the ACPI table set in the ++guest. Note that existing tables cannot be overridden by this feature. For ++example this cannot be used to override tables like DSDT, FADT, etc. ++ ++=item B ++ ++Specify a path to a file that contains extra SMBIOS firmware structures to pass ++in to a guest. The file can contain a set DMTF predefined structures which will ++override the internal defaults. Not all predefined structures can be overridden, ++only the following types: 0, 1, 2, 3, 11, 22, 39. The file can also contain any ++number of vendor defined SMBIOS structures (type 128 - 255). Since SMBIOS ++structures do not present their overall size, each entry in the file must be ++preceded by a 32b integer indicating the size of the next structure. ++ + =back + + =head1 DOMAIN SHUTDOWN OPTIONS +Index: xen-4.2.1-testing/tools/python/README.sxpcfg +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/README.sxpcfg ++++ xen-4.2.1-testing/tools/python/README.sxpcfg +@@ -51,6 +51,8 @@ image + - vncunused + (HVM) + - device_model ++ - smbios_firmware ++ - acpi_firmware + - display + - xauthority + - vncconsole +Index: xen-4.2.1-testing/tools/python/README.XendConfig +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/README.XendConfig ++++ xen-4.2.1-testing/tools/python/README.XendConfig +@@ -120,6 +120,8 @@ otherConfig + image.vncdisplay + image.vncunused + image.hvm.device_model ++ image.hvm.smbios_firmware ++ image.hvm.apci_firmware + image.hvm.display + image.hvm.xauthority + image.hvm.vncconsole diff --git a/xend-migration-domname-fix.patch b/xend-migration-domname-fix.patch index 7941dfd..3a1c706 100644 --- a/xend-migration-domname-fix.patch +++ b/xend-migration-domname-fix.patch @@ -4,11 +4,11 @@ domname from xenstore (like 'virsh list') could get correct value. destroyed but there is still VM entry in xenstore. Signed-off-by: Chunyan Liu -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1947,6 +1947,8 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1961,6 +1961,8 @@ class XendDomainInfo: self.info['name_label'] = name if to_store: self.storeVm("name", name) @@ -17,11 +17,11 @@ Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py def getName(self): return self.info['name_label'] -Index: xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -172,7 +172,10 @@ def save(fd, dominfo, network, live, dst +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -185,7 +185,10 @@ def save(fd, dominfo, network, live, dst dominfo.destroy() dominfo.testDeviceComplete() try: diff --git a/xend-vcpu-affinity-fix.patch b/xend-vcpu-affinity-fix.patch index 4c28e92..7d63867 100644 --- a/xend-vcpu-affinity-fix.patch +++ b/xend-vcpu-affinity-fix.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.0-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.0-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2785,7 +2785,10 @@ class XendDomainInfo: +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2799,7 +2799,10 @@ class XendDomainInfo: from xen.xend import XendDomain doms = XendDomain.instance().list('all') for dom in filter (lambda d: d.domid != self.domid, doms): diff --git a/xenpaging.autostart.patch b/xenpaging.autostart.patch index 3c236f7..da1d75a 100644 --- a/xenpaging.autostart.patch +++ b/xenpaging.autostart.patch @@ -76,9 +76,9 @@ Index: xen-4.2.1-testing/tools/python/README.XendConfig + image.hvm.actmem + image.hvm.xenpaging_file + image.hvm.xenpaging_extra + image.hvm.smbios_firmware + image.hvm.apci_firmware image.hvm.display - image.hvm.xauthority - image.hvm.vncconsole Index: xen-4.2.1-testing/tools/python/README.sxpcfg =================================================================== --- xen-4.2.1-testing.orig/tools/python/README.sxpcfg @@ -90,9 +90,9 @@ Index: xen-4.2.1-testing/tools/python/README.sxpcfg + - actmem + - xenpaging_file + - xenpaging_extra + - smbios_firmware + - acpi_firmware - display - - xauthority - - vncconsole Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py @@ -104,10 +104,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py + 'actmem': str, + 'xenpaging_file': str, + 'xenpaging_extra': str, + 'smbios_firmware': str, + 'acpi_firmware': str, 'loader': str, - 'display' : str, - 'fda': str, -@@ -516,6 +519,12 @@ class XendConfig(dict): +@@ -518,6 +521,12 @@ class XendConfig(dict): self['platform']['nomigrate'] = 0 if self.is_hvm(): @@ -117,16 +117,16 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py + self['platform']['xenpaging_file'] = "" + if 'xenpaging_extra' not in self['platform']: + self['platform']['xenpaging_extra'] = [] - if 'timer_mode' not in self['platform']: - self['platform']['timer_mode'] = 1 - if 'extid' in self['platform'] and int(self['platform']['extid']) == 1: + if 'smbios_firmware' not in self['platform']: + self['platform']['smbios_firmware'] = "" + if 'acpi_firmware' not in self['platform']: Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py -@@ -1835,6 +1835,21 @@ class XendDomain: - log.exception(ex) - raise XendError(str(ex)) +@@ -1848,6 +1848,21 @@ class XendDomain: + raise XendInvalidDomain(str(domid)) + dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy, log_save_progress) + def domain_swaptarget_set(self, domid, mem): + """Set the memory limit for a domain. @@ -150,7 +150,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1532,6 +1532,17 @@ class XendDomainInfo: +@@ -1548,6 +1548,17 @@ class XendDomainInfo: break xen.xend.XendDomain.instance().managed_config_save(self) @@ -168,7 +168,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -@@ -2322,6 +2333,8 @@ class XendDomainInfo: +@@ -2338,6 +2349,8 @@ class XendDomainInfo: self.info['name_label'], self.domid, self.info['uuid'], new_name, new_uuid) self._unwatchVm() @@ -177,7 +177,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() # Remove existing vm node in xenstore self._removeVm() -@@ -3001,6 +3014,9 @@ class XendDomainInfo: +@@ -3017,6 +3030,9 @@ class XendDomainInfo: self._createDevices() @@ -187,7 +187,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self.image.cleanupTmpImages() self.info['start_time'] = time.time() -@@ -3025,6 +3041,8 @@ class XendDomainInfo: +@@ -3041,6 +3057,8 @@ class XendDomainInfo: self.refresh_shutdown_lock.acquire() try: self.unwatchShutdown() @@ -196,7 +196,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() bootloader_tidy(self) -@@ -3109,6 +3127,7 @@ class XendDomainInfo: +@@ -3125,6 +3143,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self.image.createDeviceModel(True) @@ -204,7 +204,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self.console_port = console_port self._storeDomDetails() self._registerWatches() -@@ -3251,6 +3270,8 @@ class XendDomainInfo: +@@ -3267,6 +3286,8 @@ class XendDomainInfo: # could also fetch a parsed note from xenstore fast = self.info.get_notes().get('SUSPEND_CANCEL') and 1 or 0 if not fast: @@ -213,7 +213,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() self.testDeviceComplete() self.testvifsComplete() -@@ -3266,6 +3287,8 @@ class XendDomainInfo: +@@ -3282,6 +3303,8 @@ class XendDomainInfo: self._storeDomDetails() self._createDevices() @@ -235,9 +235,9 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/image.py + self.xenpaging_extra = vmConfig['platform'].get('xenpaging_extra') + self.xenpaging_pid = None - self.display = vmConfig['platform'].get('display') - self.xauthority = vmConfig['platform'].get('xauthority') -@@ -392,6 +396,87 @@ class ImageHandler: + self.smbios_firmware =(str(vmConfig['platform'].get('smbios_firmware'))) + self.acpi_firmware =(str(vmConfig['platform'].get('acpi_firmware'))) +@@ -394,6 +398,87 @@ class ImageHandler: sentinel_fifos_inuse[sentinel_path_fifo] = 1 self.sentinel_path_fifo = sentinel_path_fifo @@ -329,9 +329,9 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/create.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py +++ xen-4.2.1-testing/tools/python/xen/xm/create.py -@@ -495,6 +495,18 @@ gopts.var('nfs_root', val="PATH", +@@ -503,6 +503,18 @@ gopts.var('acpi_firmware', val='FILE', fn=set_value, default=None, - use="Set the path of the root NFS directory.") + use="Path to a file that contains extra ACPI firmware tables.") +gopts.var('actmem', val='NUM', + fn=set_value, default='0', @@ -348,7 +348,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/create.py gopts.var('device_model', val='FILE', fn=set_value, default=None, use="Path to device model program.") -@@ -1100,6 +1112,9 @@ def configure_hvm(config_image, vals): +@@ -1108,6 +1120,9 @@ def configure_hvm(config_image, vals): args = [ 'acpi', 'apic', 'boot', 'cpuid', 'cpuid_check', @@ -356,8 +356,8 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/create.py + 'xenpaging_file', + 'xenpaging_extra', 'device_model', 'display', + 'smbios_firmware', 'acpi_firmware', 'fda', 'fdb', - 'gfx_passthru', 'guest_os_type', Index: xen-4.2.1-testing/tools/python/xen/xm/main.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xm/main.py @@ -409,5 +409,5 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py + 'xenpaging_file', + 'xenpaging_extra', 'device_model', - 'loader', - 'fda', + 'smbios_firmware', + 'acpi_firmware', From 440dc066918c4e21a654facab42bda11ae897da915585fc755eab4cdeee4fcd8 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Thu, 21 Mar 2013 22:46:50 +0000 Subject: [PATCH 2/8] Fix version string OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=233 --- xen.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xen.spec b/xen.spec index 8a6a810..f0c7fdb 100644 --- a/xen.spec +++ b/xen.spec @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 @@ -115,7 +114,7 @@ BuildRequires: kernel-syms BuildRequires: module-init-tools BuildRequires: xorg-x11 %endif -Version: 4.2.1_11 +Version: 4.2.1_10 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) From 387129caad2dbeb3f397def696b558c1ca542343207b8377fee07129a8082a22 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Thu, 4 Apr 2013 17:05:57 +0000 Subject: [PATCH 3/8] - bnc#797014 - no way to control live migrations - bnc#803712 - after live migration rcu_sched_state detected stalls xen.migrate.tools-xend_move_assert_to_exception_block.patch xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch - bnc#811764 - XEN (hypervisor or kernel) has a problem with EFI variable services x86-EFI-set-variable-permit-attrs.patch - Upstream patches from Jan 26060-ACPI-ERST-table-size-checks.patch 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch 26702-powernow-add-fixups-for-AMD-P-state-figures.patch 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch (bnc#805579) 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch 26737-ACPI-APEI-Add-apei_exec_run_optional.patch 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch 26743-VT-d-deal-with-5500-5520-X58-errata.patch (bnc#801910) 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch - PVonHVM: __devinit was removed in linux-3.8 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=234 --- 26060-ACPI-ERST-table-size-checks.patch | 67 ++++ 26062-ACPI-ERST-move-data.patch | 2 + ...t-MSI-X-table-from-PV-guest-accesses.patch | 369 ++++++++++++++++++ ...w-add-fixups-for-AMD-P-state-figures.patch | 139 +++++++ ...clearing-for-certain-injected-events.patch | 72 ++++ ...s-while-building-dom0-iommu-mappings.patch | 32 ++ ...ate-IOMMUs-when-listing-capabilities.patch | 22 ++ ...e-in-otherwise-opaque-error-messages.patch | 28 ++ ...nlock-apei_iomaps_lock-on-error-path.patch | 34 ++ ...ACPI-APEI-Add-apei_exec_run_optional.patch | 70 ++++ ...ether-interrupt-remapping-is-enabled.patch | 96 +++++ ...-VT-d-deal-with-5500-5520-X58-errata.patch | 90 +++++ ...w-disabling-only-interrupt-remapping.patch | 63 +++ 32on64-extra-mem.patch | 2 +- blktap.patch | 2 +- change-vnc-passwd.patch | 2 +- change_home_server.patch | 2 +- checkpoint-rename.patch | 2 +- multi-xvdp.patch | 2 +- x86-EFI-set-variable-permit-attrs.patch | 14 + xen-domUloader.diff | 6 +- xen-managed-pci-device.patch | 2 +- xen-max-free-mem.diff | 2 +- xen.changes | 30 ++ ..._print_stats_if_migration_is_aborted.patch | 25 ++ ...-xend_move_assert_to_exception_block.patch | 43 ++ ...gup_during_migration_--abort_if_busy.patch | 57 +++ ...t_migration_constraints_from_cmdline.patch | 15 +- ...mber_of_dirty_pages_during_migration.patch | 283 ++++++++++++++ xen.spec | 52 ++- xenapi-console-protocol.patch | 2 +- xend-console-port-restore.patch | 6 +- xend-core-dump-loc.diff | 2 +- xend-domain-lock-sfex.patch | 8 +- xend-domain-lock.patch | 18 +- xend-migration-domname-fix.patch | 4 +- xend-vcpu-affinity-fix.patch | 2 +- xenpaging.autostart.patch | 18 +- 38 files changed, 1633 insertions(+), 52 deletions(-) create mode 100644 26060-ACPI-ERST-table-size-checks.patch create mode 100644 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch create mode 100644 26702-powernow-add-fixups-for-AMD-P-state-figures.patch create mode 100644 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch create mode 100644 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch create mode 100644 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch create mode 100644 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch create mode 100644 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch create mode 100644 26737-ACPI-APEI-Add-apei_exec_run_optional.patch create mode 100644 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch create mode 100644 26743-VT-d-deal-with-5500-5520-X58-errata.patch create mode 100644 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch create mode 100644 x86-EFI-set-variable-permit-attrs.patch create mode 100644 xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch create mode 100644 xen.migrate.tools-xend_move_assert_to_exception_block.patch create mode 100644 xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch create mode 100644 xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch diff --git a/26060-ACPI-ERST-table-size-checks.patch b/26060-ACPI-ERST-table-size-checks.patch new file mode 100644 index 0000000..5ef6ce8 --- /dev/null +++ b/26060-ACPI-ERST-table-size-checks.patch @@ -0,0 +1,67 @@ +References: bnc#785211 + +# HG changeset patch +# User Huang Ying +# Date 1350401196 -7200 +# Node ID 4fc87c2f31a02c770655518c9e4d389302564f00 +# Parent c1c549c4fe9ebdc460cbf51e296edad157b6e518 +ACPI: fix APEI related table size checking + +On Huang Ying's machine: + +erst_tab->header_length == sizeof(struct acpi_table_einj) + +but Yinghai reported that on his machine, + +erst_tab->header_length == sizeof(struct acpi_table_einj) - +sizeof(struct acpi_table_header) + +To make erst table size checking code works on all systems, both +testing are treated as PASS. + +Same situation applies to einj_tab->header_length, so corresponding +table size checking is changed in similar way too. + +Originally-by: Yinghai Lu +Signed-off-by: Huang Ying + +- use switch() for better readability +- add comment explaining why a formally invalid size it also being + accepted +- check erst_tab->header.length before even looking at + erst_tab->header_length +- prefer sizeof(*erst_tab) over sizeof(struct acpi_table_erst) + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser +Committed-by: Jan Beulich + +--- a/xen/drivers/acpi/apei/erst.c ++++ b/xen/drivers/acpi/apei/erst.c +@@ -715,12 +715,23 @@ int erst_clear(u64 record_id) + + static int __init erst_check_table(struct acpi_table_erst *erst_tab) + { +- if (erst_tab->header_length != sizeof(struct acpi_table_erst)) ++ if (erst_tab->header.length < sizeof(*erst_tab)) + return -EINVAL; +- if (erst_tab->header.length < sizeof(struct acpi_table_erst)) ++ ++ switch (erst_tab->header_length) { ++ case sizeof(*erst_tab) - sizeof(erst_tab->header): ++ /* ++ * While invalid per specification, there are (early?) systems ++ * indicating the full header size here, so accept that value too. ++ */ ++ case sizeof(*erst_tab): ++ break; ++ default: + return -EINVAL; ++ } ++ + if (erst_tab->entries != +- (erst_tab->header.length - sizeof(struct acpi_table_erst)) / ++ (erst_tab->header.length - sizeof(*erst_tab)) / + sizeof(struct acpi_erst_entry)) + return -EINVAL; + diff --git a/26062-ACPI-ERST-move-data.patch b/26062-ACPI-ERST-move-data.patch index 963274d..b817792 100644 --- a/26062-ACPI-ERST-move-data.patch +++ b/26062-ACPI-ERST-move-data.patch @@ -1,3 +1,5 @@ +References: bnc#785211 + # HG changeset patch # User Huang Ying # Date 1350475926 -7200 diff --git a/26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch b/26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch new file mode 100644 index 0000000..c51e4de --- /dev/null +++ b/26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch @@ -0,0 +1,369 @@ +# Commit 4245d331e0e75de8d1bddbbb518f3a8ce6d0bb7e +# Date 2013-03-08 14:05:34 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86/MSI: add mechanism to fully protect MSI-X table from PV guest accesses + +This adds two new physdev operations for Dom0 to invoke when resource +allocation for devices is known to be complete, so that the hypervisor +can arrange for the respective MMIO ranges to be marked read-only +before an eventual guest getting such a device assigned even gets +started, such that it won't be able to set up writable mappings for +these MMIO ranges before Xen has a chance to protect them. + +This also addresses another issue with the code being modified here, +in that so far write protection for the address ranges in question got +set up only once during the lifetime of a device (i.e. until either +system shutdown or device hot removal), while teardown happened when +the last interrupt was disposed of by the guest (which at least allowed +the tables to be writable when the device got assigned to a second +guest [instance] after the first terminated). + +Signed-off-by: Jan Beulich + +--- a/xen/arch/x86/msi.c ++++ b/xen/arch/x86/msi.c +@@ -649,8 +649,8 @@ static u64 read_pci_mem_bar(u16 seg, u8 + * @entries: pointer to an array of struct msix_entry entries + * @nvec: number of @entries + * +- * Setup the MSI-X capability structure of device function with a +- * single MSI-X irq. A return of zero indicates the successful setup of ++ * Setup the MSI-X capability structure of device function with the requested ++ * number MSI-X irqs. A return of zero indicates the successful setup of + * requested MSI-X entries with allocated irqs or non-zero for otherwise. + **/ + static int msix_capability_init(struct pci_dev *dev, +@@ -658,86 +658,69 @@ static int msix_capability_init(struct p + struct msi_desc **desc, + unsigned int nr_entries) + { +- struct msi_desc *entry; +- int pos; ++ struct msi_desc *entry = NULL; ++ int pos, vf; + u16 control; +- u64 table_paddr, entry_paddr; +- u32 table_offset, entry_offset; +- u8 bir; +- void __iomem *base; +- int idx; ++ u64 table_paddr; ++ u32 table_offset; ++ u8 bir, pbus, pslot, pfunc; + u16 seg = dev->seg; + u8 bus = dev->bus; + u8 slot = PCI_SLOT(dev->devfn); + u8 func = PCI_FUNC(dev->devfn); + + ASSERT(spin_is_locked(&pcidevs_lock)); +- ASSERT(desc); + + pos = pci_find_cap_offset(seg, bus, slot, func, PCI_CAP_ID_MSIX); + control = pci_conf_read16(seg, bus, slot, func, msix_control_reg(pos)); + msix_set_enable(dev, 0);/* Ensure msix is disabled as I set it up */ + +- /* MSI-X Table Initialization */ +- entry = alloc_msi_entry(); +- if ( !entry ) +- return -ENOMEM; ++ if ( desc ) ++ { ++ entry = alloc_msi_entry(); ++ if ( !entry ) ++ return -ENOMEM; ++ ASSERT(msi); ++ } + +- /* Request & Map MSI-X table region */ ++ /* Locate MSI-X table region */ + table_offset = pci_conf_read32(seg, bus, slot, func, + msix_table_offset_reg(pos)); + bir = (u8)(table_offset & PCI_MSIX_BIRMASK); + table_offset &= ~PCI_MSIX_BIRMASK; +- entry_offset = msi->entry_nr * PCI_MSIX_ENTRY_SIZE; + +- table_paddr = msi->table_base + table_offset; +- entry_paddr = table_paddr + entry_offset; +- idx = msix_get_fixmap(dev, table_paddr, entry_paddr); +- if ( idx < 0 ) +- { +- xfree(entry); +- return idx; +- } +- base = (void *)(fix_to_virt(idx) + +- ((unsigned long)entry_paddr & ((1UL << PAGE_SHIFT) - 1))); +- +- entry->msi_attrib.type = PCI_CAP_ID_MSIX; +- entry->msi_attrib.is_64 = 1; +- entry->msi_attrib.entry_nr = msi->entry_nr; +- entry->msi_attrib.maskbit = 1; +- entry->msi_attrib.masked = 1; +- entry->msi_attrib.pos = pos; +- entry->irq = msi->irq; +- entry->dev = dev; +- entry->mask_base = base; +- +- list_add_tail(&entry->list, &dev->msi_list); +- +- if ( !dev->msix_nr_entries ) ++ if ( !dev->info.is_virtfn ) + { +- u8 pbus, pslot, pfunc; +- int vf; +- u64 pba_paddr; +- u32 pba_offset; ++ pbus = bus; ++ pslot = slot; ++ pfunc = func; ++ vf = -1; ++ } ++ else ++ { ++ pbus = dev->info.physfn.bus; ++ pslot = PCI_SLOT(dev->info.physfn.devfn); ++ pfunc = PCI_FUNC(dev->info.physfn.devfn); ++ vf = PCI_BDF2(dev->bus, dev->devfn); ++ } + +- if ( !dev->info.is_virtfn ) +- { +- pbus = bus; +- pslot = slot; +- pfunc = func; +- vf = -1; +- } +- else ++ table_paddr = read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf); ++ WARN_ON(msi && msi->table_base != table_paddr); ++ if ( !table_paddr ) ++ { ++ if ( !msi || !msi->table_base ) + { +- pbus = dev->info.physfn.bus; +- pslot = PCI_SLOT(dev->info.physfn.devfn); +- pfunc = PCI_FUNC(dev->info.physfn.devfn); +- vf = PCI_BDF2(dev->bus, dev->devfn); ++ xfree(entry); ++ return -ENXIO; + } ++ table_paddr = msi->table_base; ++ } ++ table_paddr += table_offset; + +- ASSERT(!dev->msix_used_entries); +- WARN_ON(msi->table_base != +- read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf)); ++ if ( !dev->msix_used_entries ) ++ { ++ u64 pba_paddr; ++ u32 pba_offset; + + dev->msix_nr_entries = nr_entries; + dev->msix_table.first = PFN_DOWN(table_paddr); +@@ -758,7 +741,42 @@ static int msix_capability_init(struct p + BITS_TO_LONGS(nr_entries) - 1); + WARN_ON(rangeset_overlaps_range(mmio_ro_ranges, dev->msix_pba.first, + dev->msix_pba.last)); ++ } ++ ++ if ( entry ) ++ { ++ /* Map MSI-X table region */ ++ u64 entry_paddr = table_paddr + msi->entry_nr * PCI_MSIX_ENTRY_SIZE; ++ int idx = msix_get_fixmap(dev, table_paddr, entry_paddr); ++ void __iomem *base; ++ ++ if ( idx < 0 ) ++ { ++ xfree(entry); ++ return idx; ++ } ++ base = (void *)(fix_to_virt(idx) + ++ ((unsigned long)entry_paddr & (PAGE_SIZE - 1))); + ++ /* Mask interrupt here */ ++ writel(1, base + PCI_MSIX_ENTRY_VECTOR_CTRL_OFFSET); ++ ++ entry->msi_attrib.type = PCI_CAP_ID_MSIX; ++ entry->msi_attrib.is_64 = 1; ++ entry->msi_attrib.entry_nr = msi->entry_nr; ++ entry->msi_attrib.maskbit = 1; ++ entry->msi_attrib.masked = 1; ++ entry->msi_attrib.pos = pos; ++ entry->irq = msi->irq; ++ entry->dev = dev; ++ entry->mask_base = base; ++ ++ list_add_tail(&entry->list, &dev->msi_list); ++ *desc = entry; ++ } ++ ++ if ( !dev->msix_used_entries ) ++ { + if ( rangeset_add_range(mmio_ro_ranges, dev->msix_table.first, + dev->msix_table.last) ) + WARN(); +@@ -769,7 +787,7 @@ static int msix_capability_init(struct p + if ( dev->domain ) + p2m_change_entry_type_global(dev->domain, + p2m_mmio_direct, p2m_mmio_direct); +- if ( !dev->domain || !paging_mode_translate(dev->domain) ) ++ if ( desc && (!dev->domain || !paging_mode_translate(dev->domain)) ) + { + struct domain *d = dev->domain; + +@@ -783,6 +801,13 @@ static int msix_capability_init(struct p + break; + if ( d ) + { ++ if ( !IS_PRIV(d) && dev->msix_warned != d->domain_id ) ++ { ++ dev->msix_warned = d->domain_id; ++ printk(XENLOG_ERR ++ "Potentially insecure use of MSI-X on %04x:%02x:%02x.%u by Dom%d\n", ++ seg, bus, slot, func, d->domain_id); ++ } + /* XXX How to deal with existing mappings? */ + } + } +@@ -791,10 +816,6 @@ static int msix_capability_init(struct p + WARN_ON(dev->msix_table.first != (table_paddr >> PAGE_SHIFT)); + ++dev->msix_used_entries; + +- /* Mask interrupt here */ +- writel(1, entry->mask_base + PCI_MSIX_ENTRY_VECTOR_CTRL_OFFSET); +- +- *desc = entry; + /* Restore MSI-X enabled bits */ + pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), control); + +@@ -919,6 +940,19 @@ static int __pci_enable_msix(struct msi_ + return status; + } + ++static void _pci_cleanup_msix(struct pci_dev *dev) ++{ ++ if ( !--dev->msix_used_entries ) ++ { ++ if ( rangeset_remove_range(mmio_ro_ranges, dev->msix_table.first, ++ dev->msix_table.last) ) ++ WARN(); ++ if ( rangeset_remove_range(mmio_ro_ranges, dev->msix_pba.first, ++ dev->msix_pba.last) ) ++ WARN(); ++ } ++} ++ + static void __pci_disable_msix(struct msi_desc *entry) + { + struct pci_dev *dev; +@@ -942,15 +976,45 @@ static void __pci_disable_msix(struct ms + + pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), control); + +- if ( !--dev->msix_used_entries ) ++ _pci_cleanup_msix(dev); ++} ++ ++int pci_prepare_msix(u16 seg, u8 bus, u8 devfn, bool_t off) ++{ ++ int rc; ++ struct pci_dev *pdev; ++ u8 slot = PCI_SLOT(devfn), func = PCI_FUNC(devfn); ++ unsigned int pos = pci_find_cap_offset(seg, bus, slot, func, ++ PCI_CAP_ID_MSIX); ++ ++ if ( !use_msi ) ++ return 0; ++ ++ if ( !pos ) ++ return -ENODEV; ++ ++ spin_lock(&pcidevs_lock); ++ pdev = pci_get_pdev(seg, bus, devfn); ++ if ( !pdev ) ++ rc = -ENODEV; ++ else if ( pdev->msix_used_entries != !!off ) ++ rc = -EBUSY; ++ else if ( off ) + { +- if ( rangeset_remove_range(mmio_ro_ranges, dev->msix_table.first, +- dev->msix_table.last) ) +- WARN(); +- if ( rangeset_remove_range(mmio_ro_ranges, dev->msix_pba.first, +- dev->msix_pba.last) ) +- WARN(); ++ _pci_cleanup_msix(pdev); ++ rc = 0; + } ++ else ++ { ++ u16 control = pci_conf_read16(seg, bus, slot, func, ++ msix_control_reg(pos)); ++ ++ rc = msix_capability_init(pdev, NULL, NULL, ++ multi_msix_capable(control)); ++ } ++ spin_unlock(&pcidevs_lock); ++ ++ return rc; + } + + /* +--- a/xen/arch/x86/physdev.c ++++ b/xen/arch/x86/physdev.c +@@ -609,6 +609,18 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H + break; + } + ++ case PHYSDEVOP_prepare_msix: ++ case PHYSDEVOP_release_msix: { ++ struct physdev_pci_device dev; ++ ++ if ( copy_from_guest(&dev, arg, 1) ) ++ ret = -EFAULT; ++ else ++ ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn, ++ cmd != PHYSDEVOP_prepare_msix); ++ break; ++ } ++ + #ifdef __x86_64__ + case PHYSDEVOP_pci_mmcfg_reserved: { + struct physdev_pci_mmcfg_reserved info; +--- a/xen/include/asm-x86/msi.h ++++ b/xen/include/asm-x86/msi.h +@@ -80,6 +80,7 @@ struct msi_desc; + /* Helper functions */ + extern int pci_enable_msi(struct msi_info *msi, struct msi_desc **desc); + extern void pci_disable_msi(struct msi_desc *desc); ++extern int pci_prepare_msix(u16 seg, u8 bus, u8 devfn, bool_t off); + extern void pci_cleanup_msi(struct pci_dev *pdev); + extern void setup_msi_handler(struct irq_desc *, struct msi_desc *); + extern void setup_msi_irq(struct irq_desc *); +--- a/xen/include/public/physdev.h ++++ b/xen/include/public/physdev.h +@@ -303,6 +303,12 @@ DEFINE_XEN_GUEST_HANDLE(physdev_pci_devi + + #define PHYSDEVOP_pci_device_remove 26 + #define PHYSDEVOP_restore_msi_ext 27 ++/* ++ * Dom0 should use these two to announce MMIO resources assigned to ++ * MSI-X capable devices won't (prepare) or may (release) change. ++ */ ++#define PHYSDEVOP_prepare_msix 30 ++#define PHYSDEVOP_release_msix 31 + struct physdev_pci_device { + /* IN */ + uint16_t seg; +--- a/xen/include/xen/pci.h ++++ b/xen/include/xen/pci.h +@@ -57,6 +57,7 @@ struct pci_dev { + int msix_table_refcnt[MAX_MSIX_TABLE_PAGES]; + int msix_table_idx[MAX_MSIX_TABLE_PAGES]; + spinlock_t msix_table_lock; ++ domid_t msix_warned; + + struct domain *domain; + const u16 seg; diff --git a/26702-powernow-add-fixups-for-AMD-P-state-figures.patch b/26702-powernow-add-fixups-for-AMD-P-state-figures.patch new file mode 100644 index 0000000..d3b378d --- /dev/null +++ b/26702-powernow-add-fixups-for-AMD-P-state-figures.patch @@ -0,0 +1,139 @@ +# Commit 1d80765b504b34b63a42a63aff4291e07e29f0c5 +# Date 2013-03-12 15:34:22 +0100 +# Author Konrad Rzeszutek Wilk +# Committer Jan Beulich +powernow: add fixups for AMD P-state figures + +In the Linux kernel, these two git commits: + +- f594065faf4f9067c2283a34619fc0714e79a98d + ACPI: Add fixups for AMD P-state figures +- 9855d8ce41a7801548a05d844db2f46c3e810166 + ACPI: Check MSR valid bit before using P-state frequencies + +Try to fix the the issue that "some AMD systems may round the +frequencies in ACPI tables to 100MHz boundaries. We can obtain the real +frequencies from MSRs, so add a quirk to fix these frequencies up +on AMD systems." (from f594065..) + +In discussion (around 9855d8..) "it turned out that indeed real +HW/BIOSes may choose to not set the valid bit and thus mark the +P-state as invalid. So this could be considered a fix for broken +BIOSes." (from 9855d8..) + +which is great for Linux. Unfortunatly the Linux kernel, when +it tries to do the RDMSR under Xen it fails to get the right +value (it gets zero) as Xen traps it and returns zero. Hence +when dom0 uploads the P-states they will be unmodified and +we should take care of updating the frequencies with the right +values. + +I've tested it under Dell Inc. PowerEdge T105 /0RR825, BIOS 1.3.2 +08/20/2008 where this quirk can be observed (x86 == 0x10, model == 2). +Also on other AMD (x86 == 0x12, A8-3850; x86 = 0x14, AMD E-350) to +make sure the quirk is not applied there. + +Signed-off-by: Konrad Rzeszutek Wilk +Acked-by: stefan.bader@canonical.com + +Do the MSR access here (and while at it, also the one reading +MSR_PSTATE_CUR_LIMIT) on the target CPU, and bound the loop over +amd_fixup_frequency() by max_hw_pstate (matching the one in +powernow_cpufreq_cpu_init()). + +Signed-off-by: Jan Beulich + +--- a/xen/arch/x86/acpi/cpufreq/powernow.c ++++ b/xen/arch/x86/acpi/cpufreq/powernow.c +@@ -159,6 +159,51 @@ static int powernow_cpufreq_target(struc + return result; + } + ++static void amd_fixup_frequency(struct xen_processor_px *px) ++{ ++ u32 hi, lo, fid, did; ++ int index = px->control & 0x00000007; ++ const struct cpuinfo_x86 *c = ¤t_cpu_data; ++ ++ if ((c->x86 != 0x10 || c->x86_model >= 10) && c->x86 != 0x11) ++ return; ++ ++ rdmsr(MSR_PSTATE_DEF_BASE + index, lo, hi); ++ /* ++ * MSR C001_0064+: ++ * Bit 63: PstateEn. Read-write. If set, the P-state is valid. ++ */ ++ if (!(hi & (1U << 31))) ++ return; ++ ++ fid = lo & 0x3f; ++ did = (lo >> 6) & 7; ++ if (c->x86 == 0x10) ++ px->core_frequency = (100 * (fid + 16)) >> did; ++ else ++ px->core_frequency = (100 * (fid + 8)) >> did; ++} ++ ++struct amd_cpu_data { ++ struct processor_performance *perf; ++ u32 max_hw_pstate; ++}; ++ ++static void get_cpu_data(void *arg) ++{ ++ struct amd_cpu_data *data = arg; ++ struct processor_performance *perf = data->perf; ++ uint64_t msr_content; ++ unsigned int i; ++ ++ rdmsrl(MSR_PSTATE_CUR_LIMIT, msr_content); ++ data->max_hw_pstate = (msr_content & HW_PSTATE_MAX_MASK) >> ++ HW_PSTATE_MAX_SHIFT; ++ ++ for (i = 0; i < perf->state_count && i <= data->max_hw_pstate; i++) ++ amd_fixup_frequency(&perf->states[i]); ++} ++ + static int powernow_cpufreq_verify(struct cpufreq_policy *policy) + { + struct acpi_cpufreq_data *data; +@@ -205,8 +250,7 @@ static int powernow_cpufreq_cpu_init(str + struct acpi_cpufreq_data *data; + unsigned int result = 0; + struct processor_performance *perf; +- u32 max_hw_pstate; +- uint64_t msr_content; ++ struct amd_cpu_data info; + struct cpuinfo_x86 *c = &cpu_data[policy->cpu]; + + data = xzalloc(struct acpi_cpufreq_data); +@@ -217,7 +261,7 @@ static int powernow_cpufreq_cpu_init(str + + data->acpi_data = &processor_pminfo[cpu]->perf; + +- perf = data->acpi_data; ++ info.perf = perf = data->acpi_data; + policy->shared_type = perf->shared_type; + + if (policy->shared_type == CPUFREQ_SHARED_TYPE_ALL || +@@ -239,8 +283,6 @@ static int powernow_cpufreq_cpu_init(str + result = -ENODEV; + goto err_unreg; + } +- rdmsrl(MSR_PSTATE_CUR_LIMIT, msr_content); +- max_hw_pstate = (msr_content & HW_PSTATE_MAX_MASK) >> HW_PSTATE_MAX_SHIFT; + + if (perf->control_register.space_id != perf->status_register.space_id) { + result = -ENODEV; +@@ -265,8 +307,10 @@ static int powernow_cpufreq_cpu_init(str + + policy->governor = cpufreq_opt_governor ? : CPUFREQ_DEFAULT_GOVERNOR; + ++ on_selected_cpus(cpumask_of(cpu), get_cpu_data, &info, 1); ++ + /* table init */ +- for (i = 0; i < perf->state_count && i <= max_hw_pstate; i++) { ++ for (i = 0; i < perf->state_count && i <= info.max_hw_pstate; i++) { + if (i > 0 && perf->states[i].core_frequency >= + data->freq_table[valid_states-1].frequency / 1000) + continue; diff --git a/26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch b/26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch new file mode 100644 index 0000000..f1b251b --- /dev/null +++ b/26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch @@ -0,0 +1,72 @@ +References: bnc#805579 + +# Commit b0583c0e64cc8bb6229c95c3304fdac2051f79b3 +# Date 2013-03-12 15:53:30 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86/MCA: suppress bank clearing for certain injected events + +As the bits indicating validity of the ADDR and MISC bank MSRs may be +injected in a way that isn't consistent with what the underlying +hardware implements (while the bank must be valid for injection to +work, the auxiliary MSRs may not be implemented - and hence cause #GP +upon access - if the hardware never sets the corresponding valid bits. + +Consequently we need to do the clearing writes only if no value was +interposed for the respective MSR (which also makes sense the other way +around: there's no point in clearing a hardware register when all data +read came from software). Of course this all requires the injection +tool to do things in a consistent way (but that had been a requirement +before already). + +Signed-off-by: Jan Beulich +Tested-by: Ren Yongjie +Acked-by: Liu Jinsong + +--- a/xen/arch/x86/cpu/mcheck/mce.c ++++ b/xen/arch/x86/cpu/mcheck/mce.c +@@ -1145,13 +1145,15 @@ static void intpose_add(unsigned int cpu + printk("intpose_add: interpose array full - request dropped\n"); + } + +-void intpose_inval(unsigned int cpu_nr, uint64_t msr) ++bool_t intpose_inval(unsigned int cpu_nr, uint64_t msr) + { +- struct intpose_ent *ent; ++ struct intpose_ent *ent = intpose_lookup(cpu_nr, msr, NULL); + +- if ((ent = intpose_lookup(cpu_nr, msr, NULL)) != NULL) { +- ent->cpu_nr = -1; +- } ++ if ( !ent ) ++ return 0; ++ ++ ent->cpu_nr = -1; ++ return 1; + } + + #define IS_MCA_BANKREG(r) \ +--- a/xen/arch/x86/cpu/mcheck/mce.h ++++ b/xen/arch/x86/cpu/mcheck/mce.h +@@ -89,7 +89,7 @@ extern void mce_recoverable_register(mce + /* Read an MSR, checking for an interposed value first */ + extern struct intpose_ent *intpose_lookup(unsigned int, uint64_t, + uint64_t *); +-extern void intpose_inval(unsigned int, uint64_t); ++extern bool_t intpose_inval(unsigned int, uint64_t); + + static inline uint64_t mca_rdmsr(unsigned int msr) + { +@@ -101,9 +101,9 @@ static inline uint64_t mca_rdmsr(unsigne + + /* Write an MSR, invalidating any interposed value */ + #define mca_wrmsr(msr, val) do { \ +- intpose_inval(smp_processor_id(), msr); \ +- wrmsrl(msr, val); \ +-} while (0) ++ if ( !intpose_inval(smp_processor_id(), msr) ) \ ++ wrmsrl(msr, val); \ ++} while ( 0 ) + + + /* Utility function to "logout" all architectural MCA telemetry from the MCA diff --git a/26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch b/26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch new file mode 100644 index 0000000..6c5d01a --- /dev/null +++ b/26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch @@ -0,0 +1,32 @@ +# Commit 0f7b6f91ac1bbfd33b23c291b14874b9561909d2 +# Date 2013-03-20 10:00:01 +0100 +# Author Andrew Cooper +# Committer Jan Beulich +AMD/IOMMU: Process softirqs while building dom0 iommu mappings + +Recent changes which have made their way into xen-4.2 stable have pushed the +runtime of construct_dom0() over 5 seconds, which has caused regressions in +XenServer testing because of our 5 second watchdog. + +The root cause is that amd_iommu_dom0_init() does not process softirqs and in +particular the nmi_timer which causes the watchdog to decide that no useful +progress is being made. + +This patch adds periodic calls to process_pending_softirqs() at the same +interval as the Intel variant of this function. The server which was failing +with the watchdog test now boots reliably with a timeout of 1 second. + +Signed-off-by: Andrew Cooper + +--- a/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c +@@ -285,6 +285,9 @@ static void __init amd_iommu_dom0_init(s + if ( mfn_valid(pfn) ) + amd_iommu_map_page(d, pfn, pfn, + IOMMUF_readable|IOMMUF_writable); ++ ++ if ( !(i & 0xfffff) ) ++ process_pending_softirqs(); + } + } + diff --git a/26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch b/26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch new file mode 100644 index 0000000..45c5339 --- /dev/null +++ b/26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch @@ -0,0 +1,22 @@ +# Commit 32861c537781ac94bf403fb778505c3679b85f67 +# Date 2013-03-20 10:02:26 +0100 +# Author Andrew Cooper +# Committer Jan Beulich +VT-d: Enumerate IOMMUs when listing capabilities + +This saves N identical console log lines on a multi-iommu server. + +Signed-off-by: Andrew Cooper + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -2135,7 +2135,8 @@ int __init intel_vtd_setup(void) + { + iommu = drhd->iommu; + +- printk("Intel VT-d supported page sizes: 4kB"); ++ printk("Intel VT-d iommu %"PRIu32" supported page sizes: 4kB", ++ iommu->index); + if (cap_sps_2mb(iommu->cap)) + printk(", 2MB"); + diff --git a/26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch b/26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch new file mode 100644 index 0000000..21a942b --- /dev/null +++ b/26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch @@ -0,0 +1,28 @@ +# Commit 759847e44401176401e86e7c55b644cb9f93c781 +# Date 2013-03-20 10:02:52 +0100 +# Author Andrew Cooper +# Committer Jan Beulich +ACPI/ERST: Name table in otherwise opaque error messages + +Signed-off-by: Andrew Cooper + +Fix spelling and lower severities. + +Signed-off-by: Jan Beulich + +--- a/xen/drivers/acpi/apei/erst.c ++++ b/xen/drivers/acpi/apei/erst.c +@@ -799,11 +799,11 @@ int __init erst_init(void) + status = acpi_get_table(ACPI_SIG_ERST, 0, + (struct acpi_table_header **)&erst_tab); + if (status == AE_NOT_FOUND) { +- printk(KERN_ERR "Table is not found!\n"); ++ printk(KERN_INFO "ERST table was not found\n"); + return -ENODEV; + } else if (ACPI_FAILURE(status)) { + const char *msg = acpi_format_exception(status); +- printk(KERN_ERR "Failed to get table, %s\n", msg); ++ printk(KERN_WARNING "Failed to get ERST table: %s\n", msg); + return -EINVAL; + } + diff --git a/26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch b/26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch new file mode 100644 index 0000000..e7a45ea --- /dev/null +++ b/26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch @@ -0,0 +1,34 @@ +References: bnc#785211 + +# Commit 0611689d9153227831979c7bafe594214b8505a3 +# Date 2013-03-22 09:43:38 +0100 +# Author Andrew Cooper +# Committer Jan Beulich +ACPI/APEI: Unlock apei_iomaps_lock on error path + +This causes deadlocks during early boot on hardware with broken/buggy +APEI implementations, such as a Dell Poweredge 2950 with the latest +currently available BIOS. + +Signed-off-by: Andrew Cooper + +Don't use goto or another special error path, as handling the error +case in normal flow is quite simple. + +Signed-off-by: Jan Beulich + +--- a/xen/drivers/acpi/apei/apei-io.c ++++ b/xen/drivers/acpi/apei/apei-io.c +@@ -146,10 +146,8 @@ static void __init apei_post_unmap(paddr + + spin_lock_irqsave(&apei_iomaps_lock, flags); + map = __apei_find_iomap(paddr, size); +- if (!map) +- return; +- +- list_del(&map->list); ++ if (map) ++ list_del(&map->list); + spin_unlock_irqrestore(&apei_iomaps_lock, flags); + + xfree(map); diff --git a/26737-ACPI-APEI-Add-apei_exec_run_optional.patch b/26737-ACPI-APEI-Add-apei_exec_run_optional.patch new file mode 100644 index 0000000..7b60230 --- /dev/null +++ b/26737-ACPI-APEI-Add-apei_exec_run_optional.patch @@ -0,0 +1,70 @@ +References: bnc#785211 + +# Commit 72af01bf6f7489e54ad59270222a29d3e8c501d1 +# Date 2013-03-22 12:46:25 +0100 +# Author Huang Ying +# Committer Jan Beulich +ACPI, APEI: Add apei_exec_run_optional + +Some actions in APEI ERST and EINJ tables are optional, for example, +ACPI_EINJ_BEGIN_OPERATION action is used to do some preparation for +error injection, and firmware may choose to do nothing here. While +some other actions are mandatory, for example, firmware must provide +ACPI_EINJ_GET_ERROR_TYPE implementation. + +Original implementation treats all actions as optional (that is, can +have no instructions), that may cause issue if firmware does not +provide some mandatory actions. To fix this, this patch adds +apei_exec_run_optional, which should be used for optional actions. +The original apei_exec_run should be used for mandatory actions. + +Signed-off-by: Huang Ying +Signed-off-by: Jan Beulich +Tested-by: Andrew Cooper + +--- a/xen/drivers/acpi/apei/apei-base.c ++++ b/xen/drivers/acpi/apei/apei-base.c +@@ -154,9 +154,10 @@ int apei_exec_noop(struct apei_exec_cont + * Interpret the specified action. Go through whole action table, + * execute all instructions belong to the action. + */ +-int apei_exec_run(struct apei_exec_context *ctx, u8 action) ++int __apei_exec_run(struct apei_exec_context *ctx, u8 action, ++ bool_t optional) + { +- int rc; ++ int rc = -ENOENT; + u32 i, ip; + struct acpi_whea_header *entry; + apei_exec_ins_func_t run; +@@ -195,7 +196,7 @@ rewind: + goto rewind; + } + +- return 0; ++ return !optional && rc < 0 ? rc : 0; + } + + typedef int (*apei_exec_entry_func_t)(struct apei_exec_context *ctx, +--- a/xen/drivers/acpi/apei/apei-internal.h ++++ b/xen/drivers/acpi/apei/apei-internal.h +@@ -48,7 +48,18 @@ static inline u64 apei_exec_ctx_get_outp + return ctx->value; + } + +-int apei_exec_run(struct apei_exec_context *ctx, u8 action); ++int __apei_exec_run(struct apei_exec_context *ctx, u8 action, bool_t optional); ++ ++static inline int apei_exec_run(struct apei_exec_context *ctx, u8 action) ++{ ++ return __apei_exec_run(ctx, action, 0); ++} ++ ++/* It is optional whether the firmware provides the action */ ++static inline int apei_exec_run_optional(struct apei_exec_context *ctx, u8 action) ++{ ++ return __apei_exec_run(ctx, action, 1); ++} + + /* Common instruction implementation */ + diff --git a/26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch b/26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch new file mode 100644 index 0000000..e718ed0 --- /dev/null +++ b/26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch @@ -0,0 +1,96 @@ +# Commit fae0372140befb88d890a30704a8ec058c902af8 +# Date 2013-03-25 14:28:31 +0100 +# Author Jan Beulich +# Committer Jan Beulich +IOMMU: properly check whether interrupt remapping is enabled + +... rather than the IOMMU as a whole. + +That in turn required to make sure iommu_intremap gets properly +cleared when the respective initialization fails (or isn't being +done at all). + +Along with making sure interrupt remapping doesn't get inconsistently +enabled on some IOMMUs and not on others in the VT-d code, this in turn +allowed quite a bit of cleanup on the VT-d side (removed from the +backport). + +Signed-off-by: Jan Beulich +Acked-by: "Zhang, Xiantao" + +--- a/xen/arch/x86/msi.c ++++ b/xen/arch/x86/msi.c +@@ -204,7 +204,7 @@ static void read_msi_msg(struct msi_desc + BUG(); + } + +- if ( iommu_enabled ) ++ if ( iommu_intremap ) + iommu_read_msi_from_ire(entry, msg); + } + +@@ -212,7 +212,7 @@ static void write_msi_msg(struct msi_des + { + entry->msg = *msg; + +- if ( iommu_enabled ) ++ if ( iommu_intremap ) + { + ASSERT(msg != &entry->msg); + iommu_update_ire_from_msi(entry, msg); +@@ -482,7 +482,7 @@ int msi_free_irq(struct msi_desc *entry) + } + + /* Free the unused IRTE if intr remap enabled */ +- if ( iommu_enabled ) ++ if ( iommu_intremap ) + iommu_update_ire_from_msi(entry, NULL); + + list_del(&entry->list); +--- a/xen/drivers/passthrough/iommu.c ++++ b/xen/drivers/passthrough/iommu.c +@@ -469,6 +469,8 @@ int __init iommu_setup(void) + rc = iommu_hardware_setup(); + iommu_enabled = (rc == 0); + } ++ if ( !iommu_enabled ) ++ iommu_intremap = 0; + + if ( (force_iommu && !iommu_enabled) || + (force_intremap && !iommu_intremap) ) +@@ -485,9 +487,12 @@ int __init iommu_setup(void) + } + printk("I/O virtualisation %sabled\n", iommu_enabled ? "en" : "dis"); + if ( iommu_enabled ) ++ { + printk(" - Dom0 mode: %s\n", + iommu_passthrough ? "Passthrough" : + iommu_dom0_strict ? "Strict" : "Relaxed"); ++ printk("Interrupt remapping %sabled\n", iommu_intremap ? "en" : "dis"); ++ } + + return rc; + } +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -2072,6 +2072,9 @@ static int init_vtd_hw(void) + break; + } + } ++ if ( !iommu_intremap ) ++ for_each_drhd_unit ( drhd ) ++ disable_intremap(drhd->iommu); + } + + /* +--- a/xen/include/asm-x86/io_apic.h ++++ b/xen/include/asm-x86/io_apic.h +@@ -129,7 +129,7 @@ struct IO_APIC_route_entry { + extern struct mpc_config_ioapic mp_ioapics[MAX_IO_APICS]; + + /* Only need to remap ioapic RTE (reg: 10~3Fh) */ +-#define ioapic_reg_remapped(reg) (iommu_enabled && ((reg) >= 0x10)) ++#define ioapic_reg_remapped(reg) (iommu_intremap && ((reg) >= 0x10)) + + static inline unsigned int __io_apic_read(unsigned int apic, unsigned int reg) + { diff --git a/26743-VT-d-deal-with-5500-5520-X58-errata.patch b/26743-VT-d-deal-with-5500-5520-X58-errata.patch new file mode 100644 index 0000000..9b57f32 --- /dev/null +++ b/26743-VT-d-deal-with-5500-5520-X58-errata.patch @@ -0,0 +1,90 @@ +References: bnc#801910 + +# Commit 6890cebc6a987d0e896f5d23a8de11a3934101cf +# Date 2013-03-25 14:31:27 +0100 +# Author Malcolm Crossley +# Committer Jan Beulich +VT-d: deal with 5500/5520/X58 errata + +http://www.intel.com/content/www/us/en/chipsets/5520-and-5500-chipset-ioh-specification-update.html + +Stepping B-3 has two errata (#47 and #53) related to Interrupt +remapping, to which the workaround is for the BIOS to completely disable +interrupt remapping. These errata are fixed in stepping C-2. + +Unfortunately this chipset stepping is very common and many BIOSes are +not disabling interrupt remapping on this stepping . We can detect this in +Xen and prevent Xen from using the problematic interrupt remapping feature. + +The Intel 5500/5520/X58 chipset does not support VT-d +Extended Interrupt Mode(EIM). This means the iommu_supports_eim() check +always fails and so x2apic mode cannot be enabled in Xen before this quirk +disables the interrupt remapping feature. + +Signed-off-by: Malcolm Crossley +Signed-off-by: Andrew Cooper + +Gate the function call to check the quirk on interrupt remapping being +requested to get enabled, and upon failure disable the IOMMU to be in +line with what the changes for XSA-36 (plus follow-ups) did. + +Signed-off-by: Jan Beulich +Acked-by: "Zhang, Xiantao" + +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -2129,6 +2129,11 @@ int __init intel_vtd_setup(void) + } + + platform_quirks_init(); ++ if ( !iommu_enabled ) ++ { ++ ret = -ENODEV; ++ goto error; ++ } + + /* We enable the following features only if they are supported by all VT-d + * engines: Snoop Control, DMA passthrough, Queued Invalidation and +--- a/xen/drivers/passthrough/vtd/quirks.c ++++ b/xen/drivers/passthrough/vtd/quirks.c +@@ -248,6 +248,29 @@ void vtd_ops_postamble_quirk(struct iomm + } + } + ++/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. ++ * Fixed in stepping C-2. */ ++static void __init tylersburg_intremap_quirk(void) ++{ ++ uint32_t bus, device; ++ uint8_t rev; ++ ++ for ( bus = 0; bus < 0x100; bus++ ) ++ { ++ /* Match on System Management Registers on Device 20 Function 0 */ ++ device = pci_conf_read32(0, bus, 20, 0, PCI_VENDOR_ID); ++ rev = pci_conf_read8(0, bus, 20, 0, PCI_REVISION_ID); ++ ++ if ( rev == 0x13 && device == 0x342e8086 ) ++ { ++ printk(XENLOG_WARNING VTDPREFIX ++ "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); ++ iommu_enabled = 0; ++ break; ++ } ++ } ++} ++ + /* initialize platform identification flags */ + void __init platform_quirks_init(void) + { +@@ -268,6 +291,10 @@ void __init platform_quirks_init(void) + + /* ioremap IGD MMIO+0x2000 page */ + map_igd_reg(); ++ ++ /* Tylersburg interrupt remap quirk */ ++ if ( iommu_intremap ) ++ tylersburg_intremap_quirk(); + } + + /* diff --git a/26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch b/26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch new file mode 100644 index 0000000..a705a10 --- /dev/null +++ b/26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch @@ -0,0 +1,63 @@ +# Commit 92b8bc03bd4b582cb524db51494d0dba7607e7ac +# Date 2013-03-25 16:55:22 +0100 +# Author Jan Beulich +# Committer Jan Beulich +AMD IOMMU: allow disabling only interrupt remapping when certain IVRS consistency checks fail + +After some more thought on the XSA-36 and specifically the comments we +got regarding disabling the IOMMU in this situation altogether making +things worse instead of better, I came to the conclusion that we can +actually restrict the action in affected cases to just disabling +interrupt remapping. That doesn't make the situation worse than prior +to the XSA-36 fixes (where interrupt remapping didn't really protect +domains from one another), but allows at least DMA isolation to still +be utilized. + +To do so, disabling of interrupt remapping must be explicitly requested +on the command line - respective checks will then be skipped. + +Signed-off-by: Jan Beulich +Acked-by: Suravee Suthikulanit + +--- a/xen/drivers/passthrough/amd/iommu_acpi.c ++++ b/xen/drivers/passthrough/amd/iommu_acpi.c +@@ -664,6 +664,9 @@ static u16 __init parse_ivhd_device_spec + return dev_length; + } + ++ if ( !iommu_intremap ) ++ return dev_length; ++ + /* + * Some BIOSes have IOAPIC broken entries so we check for IVRS + * consistency here --- whether entry's IOAPIC ID is valid and +@@ -902,7 +905,7 @@ static int __init parse_ivrs_table(struc + } + + /* Each IO-APIC must have been mentioned in the table. */ +- for ( apic = 0; !error && apic < nr_ioapics; ++apic ) ++ for ( apic = 0; !error && iommu_intremap && apic < nr_ioapics; ++apic ) + { + if ( !nr_ioapic_entries[apic] || + ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) +--- a/xen/drivers/passthrough/amd/iommu_init.c ++++ b/xen/drivers/passthrough/amd/iommu_init.c +@@ -1192,7 +1192,8 @@ int __init amd_iommu_init(void) + + BUG_ON( !iommu_found() ); + +- if ( amd_iommu_perdev_intremap && amd_sp5100_erratum28() ) ++ if ( iommu_intremap && amd_iommu_perdev_intremap && ++ amd_sp5100_erratum28() ) + goto error_out; + + ivrs_bdf_entries = amd_iommu_get_ivrs_dev_entries(); +@@ -1209,7 +1210,7 @@ int __init amd_iommu_init(void) + goto error_out; + + /* initialize io-apic interrupt remapping entries */ +- if ( amd_iommu_setup_ioapic_remapping() != 0 ) ++ if ( iommu_intremap && amd_iommu_setup_ioapic_remapping() != 0 ) + goto error_out; + + /* allocate and initialize a global device table shared by all iommus */ diff --git a/32on64-extra-mem.patch b/32on64-extra-mem.patch index 7eaa83a..890a97b 100644 --- a/32on64-extra-mem.patch +++ b/32on64-extra-mem.patch @@ -2,7 +2,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2982,7 +2982,7 @@ class XendDomainInfo: +@@ -2984,7 +2984,7 @@ class XendDomainInfo: self.guest_bitsize = self.image.getBitSize() # Make sure there's enough RAM available for the domain diff --git a/blktap.patch b/blktap.patch index 3644ec0..a9603c2 100644 --- a/blktap.patch +++ b/blktap.patch @@ -5,7 +5,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3315,7 +3315,7 @@ class XendDomainInfo: +@@ -3317,7 +3317,7 @@ class XendDomainInfo: (fn, BOOTLOADER_LOOPBACK_DEVICE)) vbd = { diff --git a/change-vnc-passwd.patch b/change-vnc-passwd.patch index 232b503..65bab24 100644 --- a/change-vnc-passwd.patch +++ b/change-vnc-passwd.patch @@ -63,7 +63,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1504,6 +1504,20 @@ class XendDomainInfo: +@@ -1506,6 +1506,20 @@ class XendDomainInfo: target = max_target self.setMemoryTarget(target) diff --git a/change_home_server.patch b/change_home_server.patch index ce87435..185007c 100644 --- a/change_home_server.patch +++ b/change_home_server.patch @@ -2,7 +2,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3153,6 +3153,11 @@ class XendDomainInfo: +@@ -3155,6 +3155,11 @@ class XendDomainInfo: self._cleanup_phantom_devs(paths) self._cleanupVm() diff --git a/checkpoint-rename.patch b/checkpoint-rename.patch index 239b628..fbabdaa 100644 --- a/checkpoint-rename.patch +++ b/checkpoint-rename.patch @@ -2,7 +2,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -185,7 +185,7 @@ def save(fd, dominfo, network, live, dst +@@ -188,7 +188,7 @@ def save(fd, dominfo, network, live, dst dominfo.destroy() dominfo.testDeviceComplete() try: diff --git a/multi-xvdp.patch b/multi-xvdp.patch index d83ea8d..da1c397 100644 --- a/multi-xvdp.patch +++ b/multi-xvdp.patch @@ -18,7 +18,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py xc = xen.lowlevel.xc.xc() xoptions = XendOptions.instance() -@@ -3322,33 +3322,38 @@ class XendDomainInfo: +@@ -3324,33 +3324,38 @@ class XendDomainInfo: # This is a file, not a device. pygrub can cope with a # file if it's raw, but if it's QCOW or other such formats # used through blktap, then we need to mount it first. diff --git a/x86-EFI-set-variable-permit-attrs.patch b/x86-EFI-set-variable-permit-attrs.patch new file mode 100644 index 0000000..d0e2b1f --- /dev/null +++ b/x86-EFI-set-variable-permit-attrs.patch @@ -0,0 +1,14 @@ +References: bnc#811764 + +--- a/xen/arch/x86/efi/runtime.c ++++ b/xen/arch/x86/efi/runtime.c +@@ -380,9 +380,6 @@ int efi_runtime_call(struct xenpf_efi_ru + long len; + unsigned char *data; + +- if ( op->misc ) +- return -EINVAL; +- + len = gwstrlen(guest_handle_cast(op->u.set_variable.name, CHAR16)); + if ( len < 0 ) + return len; diff --git a/xen-domUloader.diff b/xen-domUloader.diff index 5f0d5a5..b81e57b 100644 --- a/xen-domUloader.diff +++ b/xen-domUloader.diff @@ -79,7 +79,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2347,6 +2347,10 @@ class XendDomainInfo: +@@ -2349,6 +2349,10 @@ class XendDomainInfo: deviceClass, config = self.info['devices'].get(dev_uuid) self._waitForDevice(deviceClass, config['devid']) @@ -90,7 +90,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py def _waitForDevice_destroy(self, deviceClass, devid, backpath): return self.getDeviceController(deviceClass).waitForDevice_destroy( devid, backpath) -@@ -3297,7 +3301,8 @@ class XendDomainInfo: +@@ -3299,7 +3303,8 @@ class XendDomainInfo: from xen.xend import XendDomain dom0 = XendDomain.instance().privilegedDomain() mounted_vbd_uuid = dom0.create_vbd(vbd, disk); @@ -100,7 +100,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py fn = BOOTLOADER_LOOPBACK_DEVICE try: -@@ -3307,10 +3312,10 @@ class XendDomainInfo: +@@ -3309,10 +3314,10 @@ class XendDomainInfo: if mounted: log.info("Unmounting %s from %s." % (fn, BOOTLOADER_LOOPBACK_DEVICE)) diff --git a/xen-managed-pci-device.patch b/xen-managed-pci-device.patch index e012fdd..97e11aa 100644 --- a/xen-managed-pci-device.patch +++ b/xen-managed-pci-device.patch @@ -272,7 +272,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py # If there is no device left, destroy pci and remove config. if num_devs == 0: if self.info.is_hvm(): -@@ -3168,6 +3197,7 @@ class XendDomainInfo: +@@ -3170,6 +3199,7 @@ class XendDomainInfo: log.debug("%s KiB need to add to Memory pool" %self.alloc_mem) MemoryPool.instance().increase_memory(self.alloc_mem) diff --git a/xen-max-free-mem.diff b/xen-max-free-mem.diff index 81ee8b1..734578d 100644 --- a/xen-max-free-mem.diff +++ b/xen-max-free-mem.diff @@ -92,7 +92,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1473,6 +1473,27 @@ class XendDomainInfo: +@@ -1475,6 +1475,27 @@ class XendDomainInfo: self.info['abort_if_busy'] = str(abort_if_busy) self.info['log_save_progress'] = str(log_save_progress) diff --git a/xen.changes b/xen.changes index 1d43161..63bd64f 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Tue Apr 2 15:41:19 CEST 2013 - ohering@suse.de + +- bnc#797014 - no way to control live migrations +- bnc#803712 - after live migration rcu_sched_state detected stalls + xen.migrate.tools-xend_move_assert_to_exception_block.patch + xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch + xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch + xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch + +------------------------------------------------------------------- +Tue Mar 26 10:37:43 MDT 2013 - carnold@suse.com + +- bnc#811764 - XEN (hypervisor or kernel) has a problem with EFI + variable services + x86-EFI-set-variable-permit-attrs.patch +- Upstream patches from Jan + 26060-ACPI-ERST-table-size-checks.patch + 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch + 26702-powernow-add-fixups-for-AMD-P-state-figures.patch + 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch (bnc#805579) + 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch + 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch + 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch + 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch + 26737-ACPI-APEI-Add-apei_exec_run_optional.patch + 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch + 26743-VT-d-deal-with-5500-5520-X58-errata.patch (bnc#801910) + 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch + ------------------------------------------------------------------- Thu Mar 14 09:58:38 MDT 2013 - jfehlig@suse.com diff --git a/xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch b/xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch new file mode 100644 index 0000000..75baeaf --- /dev/null +++ b/xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch @@ -0,0 +1,25 @@ +user: Olaf Hering +date: Thu Mar 28 15:36:07 2013 +0100 +files: tools/libxc/xc_domain_save.c +description: +tools/libxc: print stats if migration is aborted + +Signed-off-by: Olaf Hering + + +--- + tools/libxc/xc_domain_save.c | 1 + + 1 file changed, 1 insertion(+) + +Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c +@@ -1536,6 +1536,7 @@ int xc_domain_save(xc_interface *xch, in + ERROR("Live migration aborted, as requested. (guest too busy?)" + " total_sent %lu iter %d, max_iters %u max_factor %u", + total_sent, iter, max_iters, max_factor); ++ print_stats(xch, dom, sent_this_iter, &time_stats, &shadow_stats, 1); + rc = 1; + goto out; + } diff --git a/xen.migrate.tools-xend_move_assert_to_exception_block.patch b/xen.migrate.tools-xend_move_assert_to_exception_block.patch new file mode 100644 index 0000000..2fbc591 --- /dev/null +++ b/xen.migrate.tools-xend_move_assert_to_exception_block.patch @@ -0,0 +1,43 @@ +user: Olaf Hering +date: Thu Mar 28 15:36:02 2013 +0100 +files: tools/python/xen/xend/XendCheckpoint.py +description: +tools/xend: move assert to exception block + +The two assert in restore trigger sometimes after hundreds of +migrations. If they trigger the destination host will not destroy the +newly created, still empty guest. After a second migration attempt to +this host there will be two guets with the same name and uuid. This +situation is poorly handled by the xm tools. +With this change the guest will be destroyed. + +Signed-off-by: Olaf Hering + +--- + tools/python/xen/xend/XendCheckpoint.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -262,9 +262,6 @@ def restore(xd, fd, dominfo = None, paus + store_port = dominfo.getStorePort() + console_port = dominfo.getConsolePort() + +- assert store_port +- assert console_port +- + # if hvm, pass mem size to calculate the store_mfn + if is_hvm: + apic = int(dominfo.info['platform'].get('apic', 0)) +@@ -276,6 +273,9 @@ def restore(xd, fd, dominfo = None, paus + pae = 0 + + try: ++ assert store_port ++ assert console_port ++ + restore_image = image.create(dominfo, dominfo.info) + memory = restore_image.getRequiredAvailableMemory( + dominfo.info['memory_dynamic_max'] / 1024) diff --git a/xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch b/xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch new file mode 100644 index 0000000..b31bfe5 --- /dev/null +++ b/xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch @@ -0,0 +1,57 @@ +user: Olaf Hering +date: Thu Mar 28 15:42:23 2013 +0100 +files: tools/libxc/xc_domain_restore.c tools/libxc/xc_domain_save.c tools/libxc/xg_save_restore.h +description: +tools: notify restore to hangup during migration --abort_if_busy + +If a guest is too busy to finish migration, the remote side is not +notified and as a result an imcomplete, paused guest will remain on the +remote side. Add a new flag to notify the receiver about the aborted +migration so that both sides can cleanup properly. + +Signed-off-by: Olaf Hering + + +Index: xen-4.2.1-testing/tools/libxc/xc_domain_restore.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_restore.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_restore.c +@@ -932,6 +932,10 @@ static int pagebuf_get_one(xc_interface + DPRINTF("read generation id buffer address"); + return pagebuf_get_one(xch, ctx, buf, fd, dom); + ++ case XC_SAVE_ID_BUSY_ABORT: ++ ERROR("Source host requested cancelation, guest is busy."); ++ errno = EBUSY; ++ return -1; + default: + if ( (count > MAX_BATCH_SIZE) || (count < 0) ) { + ERROR("Max batch size exceeded (%d). Giving up.", count); +Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c +@@ -1535,9 +1535,11 @@ int xc_domain_save(xc_interface *xch, in + { + if ( !min_reached && abort_if_busy ) + { ++ unsigned int cmd = XC_SAVE_ID_BUSY_ABORT; + ERROR("Live migration aborted, as requested. (guest too busy?)" + " total_sent %lu iter %d, max_iters %u max_factor %u", + total_sent, iter, max_iters, max_factor); ++ wrexact(io_fd, &cmd, sizeof(cmd)); + print_stats(xch, dom, sent_this_iter, &time_stats, &shadow_stats, 1); + rc = 1; + goto out; +Index: xen-4.2.1-testing/tools/libxc/xg_save_restore.h +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xg_save_restore.h ++++ xen-4.2.1-testing/tools/libxc/xg_save_restore.h +@@ -259,6 +259,7 @@ + #define XC_SAVE_ID_HVM_ACCESS_RING_PFN -16 + #define XC_SAVE_ID_HVM_SHARING_RING_PFN -17 + #define XC_SAVE_ID_TOOLSTACK -18 /* Optional toolstack specific info */ ++#define XC_SAVE_ID_BUSY_ABORT -19 /* Source requested cancelation */ + + /* + ** We process save/restore/migrate in batches of pages; the below diff --git a/xen.migrate.tools_set_migration_constraints_from_cmdline.patch b/xen.migrate.tools_set_migration_constraints_from_cmdline.patch index a437c28..44dd5a8 100644 --- a/xen.migrate.tools_set_migration_constraints_from_cmdline.patch +++ b/xen.migrate.tools_set_migration_constraints_from_cmdline.patch @@ -69,6 +69,15 @@ v2: Signed-off-by: Olaf Hering +--- + tools/libxc/xc_domain_save.c | 13 ++++++++++++- + tools/libxc/xenguest.h | 1 + + tools/python/xen/xend/XendCheckpoint.py | 14 ++++++++++++-- + tools/python/xen/xend/XendDomain.py | 12 ++++++++++++ + tools/python/xen/xend/XendDomainInfo.py | 12 ++++++++++++ + tools/python/xen/xm/migrate.py | 16 ++++++++++++++++ + 6 files changed, 65 insertions(+), 3 deletions(-) + Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c =================================================================== --- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c @@ -195,15 +204,15 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/migrate.py fn=set_true, default=0, use="Change home server for managed domains.") -+gopts.opt('max_iters', short='M', val='max_iters', ++gopts.opt('max_iters', val='max_iters', + fn=set_int, default=0, + use="Number of iterations before final suspend (default: 30).") + -+gopts.opt('max_factor', short='m', val='max_factor', ++gopts.opt('max_factor', val='max_factor', + fn=set_int, default=0, + use="Max amount of memory to transfer before final suspend (default: 3*RAM).") + -+gopts.opt('abort_if_busy', short='A', ++gopts.opt('abort_if_busy', + fn=set_true, default=0, + use="Abort migration instead of doing final suspend.") + diff --git a/xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch b/xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch new file mode 100644 index 0000000..4631775 --- /dev/null +++ b/xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch @@ -0,0 +1,283 @@ +user: Olaf Hering +date: Thu Mar 28 15:42:14 2013 +0100 +files: docs/man/xl.pod.1 tools/libxc/Makefile tools/libxc/xc_domain_save.c tools/libxc/xc_nomigrate.c tools/libxc/xenguest.h tools/libxl/libxl.c tools/libxl/libxl.h tools/libxl/libxl_internal.h tools/libxl/libxl_save_callout.c tools/libxl/libxl_save_helper.c tools/libxl/xl_cmdimpl.c tools/libxl/xl_cmdtable.c tools/python/xen/lowlevel/checkpoint/libcheckpoint.c tools/python/xen/xend/XendCheckpoint.py tools/python/xen/xend/XendDomain.py tools/python/xen/xend/XendDomainInfo.py tools/python/xen/xm/migrate.py tools/xcutils/xc_save.c +description: +tools: set number of dirty pages during migration + +If a guest is really busy it will not reach the low number of remaining +50 dirty pages for the final suspend. As a result the guest is either +suspendend for a long time during the final transfer, or if the number +of iterations is increased the migration will take a long time. + +Add a new option xm/xl migrate --min_remaing to increase the +default from command line. The default of 50 is 200kb, which is +appearently an arbitrary number. With todays network speeds a larger +block of memory can be transfered quickly without causing too much +suspension time. This knob gives the admin the chance to adapt the +suspension time to the given workload. + +The existing default of 50 pages is not altered by this change. + +Signed-off-by: Olaf Hering + + +--- + tools/libxc/ia64/xc_ia64_linux_save.c | 2 +- + tools/libxc/xc_domain_save.c | 6 ++++-- + tools/libxc/xc_nomigrate.c | 2 +- + tools/libxc/xenguest.h | 2 +- + tools/libxl/libxl_save_helper.c | 2 +- + tools/python/xen/lowlevel/checkpoint/libcheckpoint.c | 2 +- + tools/python/xen/xend/XendCheckpoint.py | 5 ++++- + tools/python/xen/xend/XendDomain.py | 5 +++-- + tools/python/xen/xend/XendDomainInfo.py | 8 +++++--- + tools/python/xen/xm/migrate.py | 5 +++++ + tools/xcutils/xc_save.c | 11 ++++++----- + 11 files changed, 32 insertions(+), 18 deletions(-) + +Index: xen-4.2.1-testing/tools/libxc/ia64/xc_ia64_linux_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/ia64/xc_ia64_linux_save.c ++++ xen-4.2.1-testing/tools/libxc/ia64/xc_ia64_linux_save.c +@@ -381,7 +381,7 @@ out: + + int + xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, +- uint32_t max_factor, uint32_t flags, ++ uint32_t max_factor, uint32_t min_remaining, uint32_t flags, + struct save_callbacks* callbacks, int hvm, + unsigned long vm_generationid_addr) + { +Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c ++++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c +@@ -43,6 +43,7 @@ + */ + #define DEF_MAX_ITERS 29 /* limit us to 30 times round loop */ + #define DEF_MAX_FACTOR 3 /* never send more than 3x p2m_size */ ++#define DEF_MIN_REMAINING 50 /* low water mark of dirty pages */ + + struct save_ctx { + unsigned long hvirt_start; /* virtual starting address of the hypervisor */ +@@ -803,7 +804,7 @@ static int save_tsc_info(xc_interface *x + } + + int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, +- uint32_t max_factor, uint32_t flags, ++ uint32_t max_factor, uint32_t min_remaining, uint32_t flags, + struct save_callbacks* callbacks, int hvm, + unsigned long vm_generationid_addr) + { +@@ -914,6 +915,7 @@ int xc_domain_save(xc_interface *xch, in + /* If no explicit control parameters given, use defaults */ + max_iters = max_iters ? : DEF_MAX_ITERS; + max_factor = max_factor ? : DEF_MAX_FACTOR; ++ min_remaining = min_remaining ? : DEF_MIN_REMAINING; + + if ( !get_platform_info(xch, dom, + &ctx->max_mfn, &ctx->hvirt_start, &ctx->pt_levels, &dinfo->guest_width) ) +@@ -1526,7 +1528,7 @@ int xc_domain_save(xc_interface *xch, in + + if ( live ) + { +- int min_reached = sent_this_iter + skip_this_iter < 50; ++ int min_reached = sent_this_iter + skip_this_iter < min_remaining; + if ( (iter >= max_iters) || + min_reached || + (total_sent > dinfo->p2m_size*max_factor) ) +Index: xen-4.2.1-testing/tools/libxc/xc_nomigrate.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xc_nomigrate.c ++++ xen-4.2.1-testing/tools/libxc/xc_nomigrate.c +@@ -22,7 +22,7 @@ + #include + + int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, +- uint32_t max_factor, uint32_t flags, ++ uint32_t max_factor, uint32_t min_remaining, uint32_t flags, + struct save_callbacks* callbacks, int hvm, + unsigned long vm_generationid_addr) + { +Index: xen-4.2.1-testing/tools/libxc/xenguest.h +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxc/xenguest.h ++++ xen-4.2.1-testing/tools/libxc/xenguest.h +@@ -87,7 +87,7 @@ struct save_callbacks { + * @return 0 on success, -1 on failure + */ + int xc_domain_save(xc_interface *xch, int io_fd, uint32_t dom, uint32_t max_iters, +- uint32_t max_factor, uint32_t flags /* XCFLAGS_xxx */, ++ uint32_t max_factor, uint32_t min_remaining, uint32_t flags /* XCFLAGS_xxx */, + struct save_callbacks* callbacks, int hvm, + unsigned long vm_generationid_addr); + +Index: xen-4.2.1-testing/tools/libxl/libxl_save_helper.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/libxl/libxl_save_helper.c ++++ xen-4.2.1-testing/tools/libxl/libxl_save_helper.c +@@ -235,7 +235,7 @@ int main(int argc, char **argv) + helper_setcallbacks_save(&helper_save_callbacks, cbflags); + + startup("save"); +- r = xc_domain_save(xch, io_fd, dom, max_iters, max_factor, flags, ++ r = xc_domain_save(xch, io_fd, dom, max_iters, max_factor, 0, flags, + &helper_save_callbacks, hvm, genidad); + complete(r); + +Index: xen-4.2.1-testing/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c ++++ xen-4.2.1-testing/tools/python/xen/lowlevel/checkpoint/libcheckpoint.c +@@ -206,7 +206,7 @@ int checkpoint_start(checkpoint_state* s + + callbacks->switch_qemu_logdirty = noop_switch_logdirty; + +- rc = xc_domain_save(s->xch, fd, s->domid, 0, 0, flags, callbacks, hvm, ++ rc = xc_domain_save(s->xch, fd, s->domid, 0, 0, 0, flags, callbacks, hvm, + vm_generationid_addr); + + if (hvm) +Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -120,19 +120,22 @@ def save(fd, dominfo, network, live, dst + # more information. + max_iters = dominfo.info.get('max_iters', "0") + max_factor = dominfo.info.get('max_factor', "0") ++ min_remaining = dominfo.info.get('min_remaining', "0") + abort_if_busy = dominfo.info.get('abort_if_busy', "0") + log_save_progress = dominfo.info.get('log_save_progress', "0") + if max_iters == "None": + max_iters = "0" + if max_factor == "None": + max_factor = "0" ++ if min_remaining == "None": ++ min_remaining = "0" + if abort_if_busy == "None": + abort_if_busy = "0" + if log_save_progress == "None": + log_save_progress = "0" + cmd = [xen.util.auxbin.pathTo(XC_SAVE), str(fd), + str(dominfo.getDomid()), +- max_iters, max_factor, ++ max_iters, max_factor, min_remaining, + str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) | (int(log_save_progress) << 6) ) ] + log.debug("[xc_save]: %s", string.join(cmd)) + +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +@@ -1832,18 +1832,19 @@ class XendDomain: + log.exception(ex) + raise XendError(str(ex)) + +- def domain_migrate_constraints_set(self, domid, max_iters, max_factor, abort_if_busy, log_save_progress): ++ def domain_migrate_constraints_set(self, domid, max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress): + """Set the Migrate Constraints of this domain. + @param domid: Domain ID or Name + @param max_iters: Number of iterations before final suspend + @param max_factor: Max amount of memory to transfer before final suspend ++ @param min_remaining: Number of dirty pages before final suspend + @param abort_if_busy: Abort migration instead of doing final suspend + @param log_save_progress: Log progress of migrate to xend.log + """ + dominfo = self.domain_lookup_nr(domid) + if not dominfo: + raise XendInvalidDomain(str(domid)) +- dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy, log_save_progress) ++ dominfo.setMigrateConstraints(max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress) + + def domain_maxmem_set(self, domid, mem): + """Set the memory limit for a domain. +Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1459,17 +1459,19 @@ class XendDomainInfo: + pci_conf = self.info['devices'][dev_uuid][1] + return map(pci_dict_to_bdf_str, pci_conf['devs']) + +- def setMigrateConstraints(self, max_iters, max_factor, abort_if_busy, log_save_progress): ++ def setMigrateConstraints(self, max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress): + """Set the Migrate Constraints of this domain. + @param max_iters: Number of iterations before final suspend + @param max_factor: Max amount of memory to transfer before final suspend ++ @param min_remaining: Number of dirty pages before final suspend + @param abort_if_busy: Abort migration instead of doing final suspend + @param log_save_progress: Log progress of migrate to xend.log + """ +- log.debug("Setting migration constraints of domain %s (%s) to '%s' '%s' '%s'.", +- self.info['name_label'], str(self.domid), max_iters, max_factor, abort_if_busy) ++ log.debug("Setting migration constraints of domain %s (%s) to '%s' '%s' '%s' '%s'.", ++ self.info['name_label'], str(self.domid), max_iters, max_factor, min_remaining, abort_if_busy) + self.info['max_iters'] = str(max_iters) + self.info['max_factor'] = str(max_factor) ++ self.info['min_remaining'] = str(min_remaining) + self.info['abort_if_busy'] = str(abort_if_busy) + self.info['log_save_progress'] = str(log_save_progress) + +Index: xen-4.2.1-testing/tools/python/xen/xm/migrate.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xm/migrate.py ++++ xen-4.2.1-testing/tools/python/xen/xm/migrate.py +@@ -63,6 +63,10 @@ gopts.opt('max_factor', val='max_factor' + fn=set_int, default=0, + use="Max amount of memory to transfer before final suspend (default: 3*RAM).") + ++gopts.opt('min_remaining', val='min_remaining', ++ fn=set_int, default=0, ++ use="Number of dirty pages before final suspend (default: 50).") ++ + gopts.opt('abort_if_busy', + fn=set_true, default=0, + use="Abort migration instead of doing final suspend.") +@@ -99,6 +103,7 @@ def main(argv): + server.xend.domain.migrate_constraints_set(dom, + opts.vals.max_iters, + opts.vals.max_factor, ++ opts.vals.min_remaining, + opts.vals.abort_if_busy, + opts.vals.log_progress) + server.xend.domain.migrate(dom, dst, opts.vals.live, +Index: xen-4.2.1-testing/tools/xcutils/xc_save.c +=================================================================== +--- xen-4.2.1-testing.orig/tools/xcutils/xc_save.c ++++ xen-4.2.1-testing/tools/xcutils/xc_save.c +@@ -179,20 +179,21 @@ int + main(int argc, char **argv) + { + xc_interface *xch; +- unsigned int maxit, max_f, lflags; ++ unsigned int maxit, max_f, min_r, lflags; + int io_fd, ret, port; + struct save_callbacks callbacks; + xentoollog_level lvl; + xentoollog_logger *l; + +- if (argc != 6) +- errx(1, "usage: %s iofd domid maxit maxf flags", argv[0]); ++ if (argc != 7) ++ errx(1, "usage: %s iofd domid maxit maxf minr flags", argv[0]); + + io_fd = atoi(argv[1]); + si.domid = atoi(argv[2]); + maxit = atoi(argv[3]); + max_f = atoi(argv[4]); +- si.flags = atoi(argv[5]); ++ min_r = atoi(argv[5]); ++ si.flags = atoi(argv[6]); + + si.suspend_evtchn = -1; + +@@ -226,7 +227,7 @@ main(int argc, char **argv) + memset(&callbacks, 0, sizeof(callbacks)); + callbacks.suspend = suspend; + callbacks.switch_qemu_logdirty = switch_qemu_logdirty; +- ret = xc_domain_save(si.xch, io_fd, si.domid, maxit, max_f, si.flags, ++ ret = xc_domain_save(si.xch, io_fd, si.domid, maxit, max_f, min_r, si.flags, + &callbacks, !!(si.flags & XCFLAGS_HVM), 0); + + if (si.suspend_evtchn > 0) diff --git a/xen.spec b/xen.spec index f0c7fdb..bbaf77e 100644 --- a/xen.spec +++ b/xen.spec @@ -15,6 +15,8 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# needssslcertforbuild + Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 @@ -114,7 +116,7 @@ BuildRequires: kernel-syms BuildRequires: module-init-tools BuildRequires: xorg-x11 %endif -Version: 4.2.1_10 +Version: 4.2.1_11 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -181,6 +183,7 @@ Patch25957: 25957-x86-TSC-adjust-HVM.patch Patch25958: 25958-x86-TSC-adjust-sr.patch Patch25959: 25959-x86-TSC-adjust-expose.patch Patch25975: 25975-x86-IvyBridge.patch +Patch26060: 26060-ACPI-ERST-table-size-checks.patch Patch26062: 26062-ACPI-ERST-move-data.patch Patch26077: 26077-stubdom_fix_compile_errors_in_grub.patch Patch26078: 26078-hotplug-Linux_remove_hotplug_support_rely_on_udev_instead.patch @@ -275,6 +278,17 @@ Patch26679: 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch Patch26683: 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch Patch26686: 26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch Patch26689: 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch +Patch26692: 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch +Patch26702: 26702-powernow-add-fixups-for-AMD-P-state-figures.patch +Patch26704: 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch +Patch26731: 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch +Patch26733: 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch +Patch26734: 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch +Patch26736: 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch +Patch26737: 26737-ACPI-APEI-Add-apei_exec_run_optional.patch +Patch26742: 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch +Patch26743: 26743-VT-d-deal-with-5500-5520-X58-errata.patch +Patch26744: 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch Patch34: CVE-2013-0151-xsa34.patch Patch41: CVE-2012-6075-xsa41.patch Patch88: xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch @@ -282,6 +296,10 @@ Patch89: xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch Patch90: xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch Patch91: xen.migrate.tools_set_migration_constraints_from_cmdline.patch Patch92: xen.migrate.tools_add_xm_migrate_--log_progress_option.patch +Patch93: xen.migrate.tools-xend_move_assert_to_exception_block.patch +Patch94: xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch +Patch95: xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch +Patch96: xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch # Upstream qemu patches Patch100: VNC-Support-for-ExtendedKeyEvent-client-message.patch # Our patches @@ -374,11 +392,11 @@ Patch457: xen-cpupool-xl-config-format.patch Patch458: ipxe-enable-nics.patch Patch459: blktap-close-fifos.patch Patch460: blktap-disable-debug-printf.patch -Patch461: xen-glibc217.patch -Patch462: xen-migration-bridge-check.patch -Patch463: pygrub-netware-xnloader.patch -Patch464: xen-managed-pci-device.patch -Patch465: xend-hvm-firmware-passthrough.patch +Patch461: xen-migration-bridge-check.patch +Patch462: pygrub-netware-xnloader.patch +Patch463: xen-managed-pci-device.patch +Patch464: xend-hvm-firmware-passthrough.patch +Patch465: xen-glibc217.patch # Jim's domain lock patch Patch480: xend-domain-lock.patch Patch481: xend-domain-lock-sfex.patch @@ -389,8 +407,9 @@ Patch502: x86-cpufreq-report.patch Patch503: x86-dom-print.patch Patch504: pvdrv-import-shared-info.patch Patch505: x86-extra-trap-info.patch -Patch506: pvdrv_emulation_control.patch -Patch507: blktap-pv-cdrom.patch +Patch506: x86-EFI-set-variable-permit-attrs.patch +Patch507: pvdrv_emulation_control.patch +Patch508: blktap-pv-cdrom.patch Patch511: supported_module.diff Patch512: magic_ioport_compat.patch Patch513: xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch @@ -755,6 +774,7 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch25958 -p1 %patch25959 -p1 %patch25975 -p1 +%patch26060 -p1 %patch26062 -p1 %patch26077 -p1 %patch26078 -p1 @@ -850,12 +870,27 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26683 -p1 %patch26686 -p1 %patch26689 -p1 +%patch26692 -p1 +%patch26702 -p1 +%patch26704 -p1 +%patch26731 -p1 +%patch26733 -p1 +%patch26734 -p1 +%patch26736 -p1 +%patch26737 -p1 +%patch26742 -p1 +%patch26743 -p1 +%patch26744 -p1 %patch41 -p1 %patch88 -p1 %patch89 -p1 %patch90 -p1 %patch91 -p1 %patch92 -p1 +%patch93 -p1 +%patch94 -p1 +%patch95 -p1 +%patch96 -p1 # Qemu %patch100 -p1 # Our patches @@ -960,6 +995,7 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch505 -p1 %patch506 -p1 %patch507 -p1 +%patch508 -p1 %patch511 -p1 %patch512 -p1 %patch513 -p1 diff --git a/xenapi-console-protocol.patch b/xenapi-console-protocol.patch index a427b44..219d982 100644 --- a/xenapi-console-protocol.patch +++ b/xenapi-console-protocol.patch @@ -2,7 +2,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3954,6 +3954,14 @@ class XendDomainInfo: +@@ -3956,6 +3956,14 @@ class XendDomainInfo: if not config.has_key('backend'): config['backend'] = "00000000-0000-0000-0000-000000000000" diff --git a/xend-console-port-restore.patch b/xend-console-port-restore.patch index 04f954d..63d3082 100644 --- a/xend-console-port-restore.patch +++ b/xend-console-port-restore.patch @@ -7,7 +7,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -342,8 +342,7 @@ def restore(xd, fd, dominfo = None, paus +@@ -345,8 +345,7 @@ def restore(xd, fd, dominfo = None, paus restore_image.setCpuid() # xc_restore will wait for source to close connection @@ -21,7 +21,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3076,7 +3076,7 @@ class XendDomainInfo: +@@ -3078,7 +3078,7 @@ class XendDomainInfo: # TODO: recategorise - called from XendCheckpoint # @@ -30,7 +30,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py log.debug("XendDomainInfo.completeRestore") -@@ -3087,6 +3087,7 @@ class XendDomainInfo: +@@ -3089,6 +3089,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self.image.createDeviceModel(True) diff --git a/xend-core-dump-loc.diff b/xend-core-dump-loc.diff index 0863a09..48a8372 100644 --- a/xend-core-dump-loc.diff +++ b/xend-core-dump-loc.diff @@ -2,7 +2,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2318,7 +2318,7 @@ class XendDomainInfo: +@@ -2320,7 +2320,7 @@ class XendDomainInfo: # To prohibit directory traversal based_name = os.path.basename(self.info['name_label']) diff --git a/xend-domain-lock-sfex.patch b/xend-domain-lock-sfex.patch index 6556aad..9b20062 100644 --- a/xend-domain-lock-sfex.patch +++ b/xend-domain-lock-sfex.patch @@ -223,7 +223,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -4570,8 +4570,14 @@ class XendDomainInfo: +@@ -4572,8 +4572,14 @@ class XendDomainInfo: # Return name of host contained in lock file. def get_lock_host(self, path): @@ -240,7 +240,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py hostname = "unknown" try: -@@ -4593,6 +4599,16 @@ class XendDomainInfo: +@@ -4595,6 +4601,16 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) @@ -257,7 +257,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py try: if not os.path.exists(path): mkdir.parents(path, stat.S_IRWXU) -@@ -4600,12 +4616,7 @@ class XendDomainInfo: +@@ -4602,12 +4618,7 @@ class XendDomainInfo: log.exception("%s could not be created." % path) raise XendError("%s could not be created." % path) @@ -271,7 +271,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py if status != 0: log.debug("Failed to aqcuire lock: status = %d" % status) raise XendError("The VM is locked and appears to be running on host %s." % self.get_lock_host(path)) -@@ -4622,12 +4633,18 @@ class XendDomainInfo: +@@ -4624,12 +4635,18 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) diff --git a/xend-domain-lock.patch b/xend-domain-lock.patch index 8ad8b77..678e776 100644 --- a/xend-domain-lock.patch +++ b/xend-domain-lock.patch @@ -228,19 +228,19 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -136,6 +136,11 @@ def save(fd, dominfo, network, live, dst +@@ -139,6 +139,11 @@ def save(fd, dominfo, network, live, dst str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) | (int(log_save_progress) << 6) ) ] log.debug("[xc_save]: %s", string.join(cmd)) -+ # It is safe to release the domain lock at this point if not -+ # checkpointing -+ if checkpoint == False: -+ dominfo.release_running_lock(domain_name) ++ # It is safe to release the domain lock at this point if not ++ # checkpointing ++ if checkpoint == False: ++ dominfo.release_running_lock(domain_name) + def saveInputHandler(line, tochild): log.debug("In saveInputHandler %s", line) if line == "suspend": -@@ -200,6 +205,9 @@ def save(fd, dominfo, network, live, dst +@@ -203,6 +208,9 @@ def save(fd, dominfo, network, live, dst log.exception("Save failed on domain %s (%s) - resuming.", domain_name, dominfo.getDomid()) dominfo.resumeDomain() @@ -250,7 +250,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py try: dominfo.setName(domain_name) -@@ -366,6 +374,7 @@ def restore(xd, fd, dominfo = None, paus +@@ -369,6 +377,7 @@ def restore(xd, fd, dominfo = None, paus if not paused: dominfo.unpause() @@ -270,7 +270,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py XendTask.log_progress(0, 30, self._constructDomain) XendTask.log_progress(31, 60, self._initDomain) -@@ -3053,6 +3054,11 @@ class XendDomainInfo: +@@ -3055,6 +3056,11 @@ class XendDomainInfo: self._stateSet(DOM_STATE_HALTED) self.domid = None # Do not push into _stateSet()! @@ -282,7 +282,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py finally: self.refresh_shutdown_lock.release() -@@ -4562,6 +4568,74 @@ class XendDomainInfo: +@@ -4564,6 +4570,74 @@ class XendDomainInfo: def has_device(self, dev_class, dev_uuid): return (dev_uuid in self.info['%s_refs' % dev_class.lower()]) diff --git a/xend-migration-domname-fix.patch b/xend-migration-domname-fix.patch index 3a1c706..4cefe25 100644 --- a/xend-migration-domname-fix.patch +++ b/xend-migration-domname-fix.patch @@ -8,7 +8,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1961,6 +1961,8 @@ class XendDomainInfo: +@@ -1963,6 +1963,8 @@ class XendDomainInfo: self.info['name_label'] = name if to_store: self.storeVm("name", name) @@ -21,7 +21,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py -@@ -185,7 +185,10 @@ def save(fd, dominfo, network, live, dst +@@ -188,7 +188,10 @@ def save(fd, dominfo, network, live, dst dominfo.destroy() dominfo.testDeviceComplete() try: diff --git a/xend-vcpu-affinity-fix.patch b/xend-vcpu-affinity-fix.patch index 7d63867..7d280f7 100644 --- a/xend-vcpu-affinity-fix.patch +++ b/xend-vcpu-affinity-fix.patch @@ -2,7 +2,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2799,7 +2799,10 @@ class XendDomainInfo: +@@ -2801,7 +2801,10 @@ class XendDomainInfo: from xen.xend import XendDomain doms = XendDomain.instance().list('all') for dom in filter (lambda d: d.domid != self.domid, doms): diff --git a/xenpaging.autostart.patch b/xenpaging.autostart.patch index da1d75a..c7d5d6e 100644 --- a/xenpaging.autostart.patch +++ b/xenpaging.autostart.patch @@ -124,9 +124,9 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py -@@ -1848,6 +1848,21 @@ class XendDomain: +@@ -1849,6 +1849,21 @@ class XendDomain: raise XendInvalidDomain(str(domid)) - dominfo.setMigrateConstraints(max_iters, max_factor, abort_if_busy, log_save_progress) + dominfo.setMigrateConstraints(max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress) + def domain_swaptarget_set(self, domid, mem): + """Set the memory limit for a domain. @@ -150,7 +150,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1548,6 +1548,17 @@ class XendDomainInfo: +@@ -1550,6 +1550,17 @@ class XendDomainInfo: break xen.xend.XendDomain.instance().managed_config_save(self) @@ -168,7 +168,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -@@ -2338,6 +2349,8 @@ class XendDomainInfo: +@@ -2340,6 +2351,8 @@ class XendDomainInfo: self.info['name_label'], self.domid, self.info['uuid'], new_name, new_uuid) self._unwatchVm() @@ -177,7 +177,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() # Remove existing vm node in xenstore self._removeVm() -@@ -3017,6 +3030,9 @@ class XendDomainInfo: +@@ -3019,6 +3032,9 @@ class XendDomainInfo: self._createDevices() @@ -187,7 +187,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self.image.cleanupTmpImages() self.info['start_time'] = time.time() -@@ -3041,6 +3057,8 @@ class XendDomainInfo: +@@ -3043,6 +3059,8 @@ class XendDomainInfo: self.refresh_shutdown_lock.acquire() try: self.unwatchShutdown() @@ -196,7 +196,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() bootloader_tidy(self) -@@ -3125,6 +3143,7 @@ class XendDomainInfo: +@@ -3127,6 +3145,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self.image.createDeviceModel(True) @@ -204,7 +204,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self.console_port = console_port self._storeDomDetails() self._registerWatches() -@@ -3267,6 +3286,8 @@ class XendDomainInfo: +@@ -3269,6 +3288,8 @@ class XendDomainInfo: # could also fetch a parsed note from xenstore fast = self.info.get_notes().get('SUSPEND_CANCEL') and 1 or 0 if not fast: @@ -213,7 +213,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() self.testDeviceComplete() self.testvifsComplete() -@@ -3282,6 +3303,8 @@ class XendDomainInfo: +@@ -3284,6 +3305,8 @@ class XendDomainInfo: self._storeDomDetails() self._createDevices() From 5a10c8071f072c597196ea6dcd52635ad2aaddc35afcaa0effa6b4b278fa4a79 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Thu, 4 Apr 2013 17:16:12 +0000 Subject: [PATCH 4/8] - bnc#813156 - IndentationError in XendCheckpoint.py xend-domain-lock.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=235 --- xen.changes | 6 ++++++ xen.spec | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/xen.changes b/xen.changes index 63bd64f..4feb121 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Apr 4 11:17:43 MDT 2013 - carnold@suse.com + +- bnc#813156 - IndentationError in XendCheckpoint.py + xend-domain-lock.patch + ------------------------------------------------------------------- Tue Apr 2 15:41:19 CEST 2013 - ohering@suse.de diff --git a/xen.spec b/xen.spec index bbaf77e..96571bf 100644 --- a/xen.spec +++ b/xen.spec @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # needssslcertforbuild Name: xen @@ -116,7 +117,7 @@ BuildRequires: kernel-syms BuildRequires: module-init-tools BuildRequires: xorg-x11 %endif -Version: 4.2.1_11 +Version: 4.2.1_12 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) From 9c5584a232c626c195b2f564824e486948020c7f57b6fcc3e0a4dfc984ed78b0 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Thu, 4 Apr 2013 18:09:25 +0000 Subject: [PATCH 5/8] Removed needssslcertforbuild and BRP_PESIGN_FILES OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=236 --- xen.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/xen.spec b/xen.spec index 96571bf..1d1daec 100644 --- a/xen.spec +++ b/xen.spec @@ -16,8 +16,6 @@ # -# needssslcertforbuild - Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 @@ -1063,7 +1061,6 @@ export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS" %if %{?with_dom0_support}0 -export BRP_PESIGN_FILES="*.ko *.efi /lib/firmware" # EFI %ifarch x86_64 make -C xen install \ From b9d38dfc8d9d8708584a8a548cb86cd1bc715407799f2f197a0d6675cc27273b Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Tue, 7 May 2013 14:35:00 +0000 Subject: [PATCH 6/8] - add xorg-x11-util-devel to BuildRequires to get lndir(1) - remove xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch It changed migration protocol and upstream wants a different solution - bnc#802221 - fix xenpaging readd xenpaging.qemu.flush-cache.patch - Upstream patches from Jan 26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch 26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch - Additional fix for bnc#816159 CVE-2013-1918-xsa45-followup.patch - bnc#817068 - Xen guest with >1 sr-iov vf won't start xen-managed-pci-device.patch - Update to Xen 4.2.2 c/s 26064 The following recent security patches are included in the tarball CVE-2013-0151-xsa34.patch (bnc#797285) CVE-2012-6075-xsa41.patch (bnc#797523) CVE-2013-1917-xsa44.patch (bnc#813673) CVE-2013-1919-xsa46.patch (bnc#813675) - Upstream patch from Jan 26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch - bnc#816159 - VUL-0: xen: CVE-2013-1918: XSA-45: Several long latency operations are not preemptible CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=237 --- 25861-x86-early-fixmap.patch | 52 +-- 25863-sercon-ehci-dbgp.patch | 62 ++- 25912-partial-libxl.patch | 146 ------- 25920-x86-APICV-enable.patch | 10 +- 25921-x86-APICV-delivery.patch | 24 +- 25922-x86-APICV-x2APIC.patch | 28 +- 25952-x86-MMIO-remap-permissions.patch | 8 +- 25957-x86-TSC-adjust-HVM.patch | 20 +- 25975-x86-IvyBridge.patch | 22 +- 26060-ACPI-ERST-table-size-checks.patch | 67 --- 26062-ACPI-ERST-move-data.patch | 95 ---- 26133-IOMMU-defer-BM-disable.patch | 42 +- 26183-x86-HPET-masking.patch | 88 ---- 26200-IOMMU-debug-verbose.patch | 28 -- 26235-IOMMU-ATS-max-queue-depth.patch | 52 --- 26252-VMX-nested-rflags.patch | 28 -- 26253-VMX-nested-rdtsc.patch | 46 -- 26254-VMX-nested-dr.patch | 27 -- 26255-VMX-nested-ia32e-mode.patch | 30 -- 26258-VMX-nested-intr-delivery.patch | 45 -- 26266-sched-ratelimit-check.patch | 70 --- 26287-sched-credit-pick-idle.patch | 82 ---- 26294-x86-AMD-Fam15-way-access-filter.patch | 71 --- 26320-IOMMU-domctl-assign-seg.patch | 45 -- 26324-IOMMU-assign-params.patch | 36 +- 26325-IOMMU-add-remove-params.patch | 56 ++- 26326-VT-d-context-map-params.patch | 22 +- 26328-IOMMU-pdev-type.patch | 34 +- 26329-IOMMU-phantom-dev.patch | 64 +-- 26331-IOMMU-phantom-dev-quirk.patch | 16 +- 26332-x86-compat-show-guest-stack-mfn.patch | 30 -- 26333-x86-get_page_type-assert.patch | 30 -- ...0-VT-d-intremap-verify-legacy-bridge.patch | 27 -- 26369-libxl-devid.patch | 19 +- 26395-x86-FPU-context-conditional.patch | 46 -- 26404-x86-forward-both-NMI-kinds.patch | 8 +- 26427-x86-AMD-enable-WC+.patch | 51 --- 26428-x86-HVM-RTC-update.patch | 38 -- 26440-x86-forward-SERR.patch | 72 ---- 26443-ACPI-zap-DMAR.patch | 149 ------- 26444-x86-nHVM-no-self-enable.patch | 32 -- 26468-libxl-race.patch | 343 --------------- 26469-libxl-race.patch | 228 ---------- 26501-VMX-simplify-CR0-update.patch | 64 --- 26502-VMX-disable-SMEP-when-not-paging.patch | 39 -- 26516-ACPI-parse-table-retval.patch | 37 -- 26517-AMD-IOMMU-clear-irtes.patch | 205 --------- ...-IOMMU-disable-if-SATA-combined-mode.patch | 77 ---- 26519-AMD-IOMMU-perdev-intremap-default.patch | 55 --- 26526-pvdrv-no-devinit.patch | 37 -- 26529-gcc48-build-fix.patch | 21 - 26531-AMD-IOMMU-IVHD-special-missing.patch | 127 ------ 26536-xenoprof-div-by-0.patch | 39 -- 26554-hvm-firmware-passthrough.patch | 9 +- 26555-hvm-firmware-passthrough.patch | 46 +- 26556-hvm-firmware-passthrough.patch | 50 +-- 26576-x86-APICV-migration.patch | 6 +- 26577-x86-APICV-x2APIC.patch | 26 +- 26578-AMD-IOMMU-replace-BUG_ON.patch | 25 -- ...ake-the-p2m-lock-even-in-shadow-mode.patch | 50 --- ...p-after-failure-to-set-up-all-vCPU-s.patch | 57 --- 26601-honor-ACPI-v4-FADT-flags.patch | 158 ------- ...reference-in-intel_get_extended_msrs.patch | 22 - 26659-AMD-IOMMU-erratum-746-workaround.patch | 73 ---- 26660-x86-fix-CMCI-injection.patch | 128 ------ 26672-vmx-fix-handling-of-NMI-VMEXIT.patch | 107 ----- ...hen-moving-domain-to-another-cpupool.patch | 80 ---- ...-compat-memory-exchange-op-splitting.patch | 24 -- ...n-memory-sub-ops-return-valid-values.patch | 78 ---- ...SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch | 58 --- ...ocessing-events-on-the-NMI-exit-path.patch | 134 ------ ...t-operations-for-the-flags-structure.patch | 113 ----- ...ix-off-by-one-in-calculate_tbuf_size.patch | 36 -- ...in-unlocking-in-some-xsm-error-paths.patch | 25 -- ...t-MSI-X-table-from-PV-guest-accesses.patch | 369 ---------------- ...w-add-fixups-for-AMD-P-state-figures.patch | 139 ------ ...clearing-for-certain-injected-events.patch | 72 ---- ...s-while-building-dom0-iommu-mappings.patch | 32 -- ...ate-IOMMUs-when-listing-capabilities.patch | 22 - ...e-in-otherwise-opaque-error-messages.patch | 28 -- ...nlock-apei_iomaps_lock-on-error-path.patch | 34 -- ...ACPI-APEI-Add-apei_exec_run_optional.patch | 70 --- ...ether-interrupt-remapping-is-enabled.patch | 96 ----- ...-VT-d-deal-with-5500-5520-X58-errata.patch | 90 ---- ...w-disabling-only-interrupt-remapping.patch | 63 --- ...pool-scheduling-after-suspend-resume.patch | 144 +++++++ ...rvices-variable-info-to-runtime-code.patch | 142 ++++++ ...ime-call-status-for-compat-mode-Dom0.patch | 23 + 32on64-extra-mem.patch | 8 +- CVE-2012-6075-xsa41.patch | 88 ---- CVE-2013-0151-xsa34.patch | 32 -- ...-vcpu-destroy-pagetables-preemptible.patch | 262 +++++++++++ ...18-xsa45-2-new-guest-cr3-preemptible.patch | 173 ++++++++ ...18-xsa45-3-new-user-base-preemptible.patch | 76 ++++ ...-1918-xsa45-4-vcpu-reset-preemptible.patch | 218 ++++++++++ ...8-xsa45-5-set-info-guest-preemptible.patch | 212 +++++++++ CVE-2013-1918-xsa45-6-unpin-preemptible.patch | 131 ++++++ ...8-xsa45-7-mm-error-paths-preemptible.patch | 257 +++++++++++ CVE-2013-1918-xsa45-followup.patch | 406 ++++++++++++++++++ CVE-2013-1922-xsa48.patch | 112 +++++ CVE-2013-1952-xsa49.patch | 57 +++ qemu-xen-dir-remote.tar.bz2 | 4 +- qemu-xen-traditional-dir-remote.tar.bz2 | 4 +- tools-watchdog-support.patch | 44 +- x86-EFI-set-variable-permit-attrs.patch | 14 - x86-cpufreq-report.patch | 16 +- x86-dom-print.patch | 8 +- x86-extra-trap-info.patch | 2 +- xen-4.2.1-testing-src.tar.bz2 | 3 - xen-4.2.2-testing-src.tar.bz2 | 3 + xen-managed-pci-device.patch | 7 +- xen.changes | 100 +++++ ...gup_during_migration_--abort_if_busy.patch | 57 --- xen.spec | 187 ++------ xend-cpuinfo-model-name.patch | 24 ++ xend-domain-lock-sfex.patch | 48 +-- xend-domain-lock.patch | 42 +- xenpaging.autostart.patch | 74 ++-- xenpaging.qemu.flush-cache.patch | 31 ++ 119 files changed, 2932 insertions(+), 5587 deletions(-) delete mode 100644 25912-partial-libxl.patch delete mode 100644 26060-ACPI-ERST-table-size-checks.patch delete mode 100644 26062-ACPI-ERST-move-data.patch delete mode 100644 26183-x86-HPET-masking.patch delete mode 100644 26200-IOMMU-debug-verbose.patch delete mode 100644 26235-IOMMU-ATS-max-queue-depth.patch delete mode 100644 26252-VMX-nested-rflags.patch delete mode 100644 26253-VMX-nested-rdtsc.patch delete mode 100644 26254-VMX-nested-dr.patch delete mode 100644 26255-VMX-nested-ia32e-mode.patch delete mode 100644 26258-VMX-nested-intr-delivery.patch delete mode 100644 26266-sched-ratelimit-check.patch delete mode 100644 26287-sched-credit-pick-idle.patch delete mode 100644 26294-x86-AMD-Fam15-way-access-filter.patch delete mode 100644 26320-IOMMU-domctl-assign-seg.patch delete mode 100644 26332-x86-compat-show-guest-stack-mfn.patch delete mode 100644 26333-x86-get_page_type-assert.patch delete mode 100644 26340-VT-d-intremap-verify-legacy-bridge.patch delete mode 100644 26395-x86-FPU-context-conditional.patch delete mode 100644 26427-x86-AMD-enable-WC+.patch delete mode 100644 26428-x86-HVM-RTC-update.patch delete mode 100644 26440-x86-forward-SERR.patch delete mode 100644 26443-ACPI-zap-DMAR.patch delete mode 100644 26444-x86-nHVM-no-self-enable.patch delete mode 100644 26468-libxl-race.patch delete mode 100644 26469-libxl-race.patch delete mode 100644 26501-VMX-simplify-CR0-update.patch delete mode 100644 26502-VMX-disable-SMEP-when-not-paging.patch delete mode 100644 26516-ACPI-parse-table-retval.patch delete mode 100644 26517-AMD-IOMMU-clear-irtes.patch delete mode 100644 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch delete mode 100644 26519-AMD-IOMMU-perdev-intremap-default.patch delete mode 100644 26526-pvdrv-no-devinit.patch delete mode 100644 26529-gcc48-build-fix.patch delete mode 100644 26531-AMD-IOMMU-IVHD-special-missing.patch delete mode 100644 26536-xenoprof-div-by-0.patch delete mode 100644 26578-AMD-IOMMU-replace-BUG_ON.patch delete mode 100644 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch delete mode 100644 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch delete mode 100644 26601-honor-ACPI-v4-FADT-flags.patch delete mode 100644 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch delete mode 100644 26659-AMD-IOMMU-erratum-746-workaround.patch delete mode 100644 26660-x86-fix-CMCI-injection.patch delete mode 100644 26672-vmx-fix-handling-of-NMI-VMEXIT.patch delete mode 100644 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch delete mode 100644 26676-fix-compat-memory-exchange-op-splitting.patch delete mode 100644 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch delete mode 100644 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch delete mode 100644 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch delete mode 100644 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch delete mode 100644 26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch delete mode 100644 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch delete mode 100644 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch delete mode 100644 26702-powernow-add-fixups-for-AMD-P-state-figures.patch delete mode 100644 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch delete mode 100644 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch delete mode 100644 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch delete mode 100644 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch delete mode 100644 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch delete mode 100644 26737-ACPI-APEI-Add-apei_exec_run_optional.patch delete mode 100644 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch delete mode 100644 26743-VT-d-deal-with-5500-5520-X58-errata.patch delete mode 100644 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch create mode 100644 26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch create mode 100644 26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch create mode 100644 26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch delete mode 100644 CVE-2012-6075-xsa41.patch delete mode 100644 CVE-2013-0151-xsa34.patch create mode 100644 CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch create mode 100644 CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch create mode 100644 CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch create mode 100644 CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch create mode 100644 CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch create mode 100644 CVE-2013-1918-xsa45-6-unpin-preemptible.patch create mode 100644 CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch create mode 100644 CVE-2013-1918-xsa45-followup.patch create mode 100644 CVE-2013-1922-xsa48.patch create mode 100644 CVE-2013-1952-xsa49.patch delete mode 100644 x86-EFI-set-variable-permit-attrs.patch delete mode 100644 xen-4.2.1-testing-src.tar.bz2 create mode 100644 xen-4.2.2-testing-src.tar.bz2 delete mode 100644 xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch create mode 100644 xend-cpuinfo-model-name.patch create mode 100644 xenpaging.qemu.flush-cache.patch diff --git a/25861-x86-early-fixmap.patch b/25861-x86-early-fixmap.patch index 991a615..ffbc89c 100644 --- a/25861-x86-early-fixmap.patch +++ b/25861-x86-early-fixmap.patch @@ -12,10 +12,10 @@ the fixmaps together with other boot time page table construction. Signed-off-by: Jan Beulich Acked-by: Keir Fraser -Index: xen-4.2.0-testing/xen/arch/x86/boot/head.S +Index: xen-4.2.2-testing/xen/arch/x86/boot/head.S =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/boot/head.S -+++ xen-4.2.0-testing/xen/arch/x86/boot/head.S +--- xen-4.2.2-testing.orig/xen/arch/x86/boot/head.S ++++ xen-4.2.2-testing/xen/arch/x86/boot/head.S @@ -3,6 +3,7 @@ #include #include @@ -57,10 +57,10 @@ Index: xen-4.2.0-testing/xen/arch/x86/boot/head.S #endif /* Initialize 4kB mappings of first 2MB or 4MB of memory. */ -Index: xen-4.2.0-testing/xen/arch/x86/efi/boot.c +Index: xen-4.2.2-testing/xen/arch/x86/efi/boot.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/efi/boot.c -+++ xen-4.2.0-testing/xen/arch/x86/efi/boot.c +--- xen-4.2.2-testing.orig/xen/arch/x86/efi/boot.c ++++ xen-4.2.2-testing/xen/arch/x86/efi/boot.c @@ -17,6 +17,9 @@ #include #include @@ -92,11 +92,11 @@ Index: xen-4.2.0-testing/xen/arch/x86/efi/boot.c /* Initialise L3 boot-map page directory entries. */ l3_bootmap[l3_table_offset(xen_phys_start)] = l3e_from_paddr((UINTN)l2_bootmap, __PAGE_HYPERVISOR); -Index: xen-4.2.0-testing/xen/arch/x86/mm.c +Index: xen-4.2.2-testing/xen/arch/x86/mm.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/mm.c -+++ xen-4.2.0-testing/xen/arch/x86/mm.c -@@ -130,6 +130,10 @@ +--- xen-4.2.2-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.2-testing/xen/arch/x86/mm.c +@@ -131,6 +131,10 @@ l1_pgentry_t __attribute__ ((__section__ (".bss.page_aligned"))) l1_identmap[L1_PAGETABLE_ENTRIES]; @@ -107,10 +107,10 @@ Index: xen-4.2.0-testing/xen/arch/x86/mm.c #define MEM_LOG(_f, _a...) gdprintk(XENLOG_WARNING , _f "\n" , ## _a) /* -Index: xen-4.2.0-testing/xen/arch/x86/x86_64/mm.c +Index: xen-4.2.2-testing/xen/arch/x86/x86_64/mm.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/x86_64/mm.c -+++ xen-4.2.0-testing/xen/arch/x86/x86_64/mm.c +--- xen-4.2.2-testing.orig/xen/arch/x86/x86_64/mm.c ++++ xen-4.2.2-testing/xen/arch/x86/x86_64/mm.c @@ -65,6 +65,10 @@ l3_pgentry_t __attribute__ ((__section__ l2_pgentry_t __attribute__ ((__section__ (".bss.page_aligned"))) l2_xenmap[L2_PAGETABLE_ENTRIES]; @@ -122,10 +122,10 @@ Index: xen-4.2.0-testing/xen/arch/x86/x86_64/mm.c /* Enough page directories to map into the bottom 1GB. */ l3_pgentry_t __attribute__ ((__section__ (".bss.page_aligned"))) l3_bootmap[L3_PAGETABLE_ENTRIES]; -Index: xen-4.2.0-testing/xen/include/asm-x86/config.h +Index: xen-4.2.2-testing/xen/include/asm-x86/config.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/config.h -+++ xen-4.2.0-testing/xen/include/asm-x86/config.h +--- xen-4.2.2-testing.orig/xen/include/asm-x86/config.h ++++ xen-4.2.2-testing/xen/include/asm-x86/config.h @@ -317,7 +317,7 @@ extern unsigned char boot_edid_info[128] #define MACHPHYS_MBYTES 16 /* 1 MB needed per 1 GB memory */ #define FRAMETABLE_MBYTES (MACHPHYS_MBYTES * 6) @@ -135,10 +135,10 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/config.h #define IOREMAP_VIRT_START (IOREMAP_VIRT_END - (IOREMAP_MBYTES<<20)) #define DIRECTMAP_VIRT_END IOREMAP_VIRT_START #define DIRECTMAP_VIRT_START (DIRECTMAP_VIRT_END - (DIRECTMAP_MBYTES<<20)) -Index: xen-4.2.0-testing/xen/include/asm-x86/fixmap.h +Index: xen-4.2.2-testing/xen/include/asm-x86/fixmap.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/fixmap.h -+++ xen-4.2.0-testing/xen/include/asm-x86/fixmap.h +--- xen-4.2.2-testing.orig/xen/include/asm-x86/fixmap.h ++++ xen-4.2.2-testing/xen/include/asm-x86/fixmap.h @@ -13,12 +13,17 @@ #define _ASM_FIXMAP_H @@ -158,7 +158,7 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/fixmap.h #include #include #include -@@ -66,7 +71,6 @@ enum fixed_addresses { +@@ -68,7 +73,6 @@ enum fixed_addresses { __end_of_fixed_addresses }; @@ -166,17 +166,17 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/fixmap.h #define FIXADDR_SIZE (__end_of_fixed_addresses << PAGE_SHIFT) #define FIXADDR_START (FIXADDR_TOP - FIXADDR_SIZE) -@@ -90,4 +94,6 @@ static inline unsigned long virt_to_fix( +@@ -92,4 +96,6 @@ static inline unsigned long virt_to_fix( return __virt_to_fix(vaddr); } +#endif /* __ASSEMBLY__ */ + #endif -Index: xen-4.2.0-testing/xen/include/asm-x86/page.h +Index: xen-4.2.2-testing/xen/include/asm-x86/page.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/page.h -+++ xen-4.2.0-testing/xen/include/asm-x86/page.h +--- xen-4.2.2-testing.orig/xen/include/asm-x86/page.h ++++ xen-4.2.2-testing/xen/include/asm-x86/page.h @@ -1,6 +1,8 @@ #ifndef __X86_PAGE_H__ #define __X86_PAGE_H__ @@ -203,10 +203,10 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/page.h void paging_init(void); void setup_idle_pagetable(void); #endif /* !defined(__ASSEMBLY__) */ -Index: xen-4.2.0-testing/xen/include/xen/const.h +Index: xen-4.2.2-testing/xen/include/xen/const.h =================================================================== --- /dev/null -+++ xen-4.2.0-testing/xen/include/xen/const.h ++++ xen-4.2.2-testing/xen/include/xen/const.h @@ -0,0 +1,24 @@ +/* const.h: Macros for dealing with constants. */ + diff --git a/25863-sercon-ehci-dbgp.patch b/25863-sercon-ehci-dbgp.patch index f176e05..301bfc0 100644 --- a/25863-sercon-ehci-dbgp.patch +++ b/25863-sercon-ehci-dbgp.patch @@ -14,8 +14,10 @@ Signed-off-by: Jan Beulich Reviewed-by: Konrad Rzeszutek Wilk Acked-by: Keir Fraser ---- a/docs/misc/xen-command-line.markdown -+++ b/docs/misc/xen-command-line.markdown +Index: xen-4.2.2-testing/docs/misc/xen-command-line.markdown +=================================================================== +--- xen-4.2.2-testing.orig/docs/misc/xen-command-line.markdown ++++ xen-4.2.2-testing/docs/misc/xen-command-line.markdown @@ -244,7 +244,7 @@ A typical setup for most situations migh Specify the size of the console ring buffer. @@ -47,8 +49,10 @@ Acked-by: Keir Fraser ### debug\_stack\_lines > `= ` ---- a/xen/arch/x86/Rules.mk -+++ b/xen/arch/x86/Rules.mk +Index: xen-4.2.2-testing/xen/arch/x86/Rules.mk +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/Rules.mk ++++ xen-4.2.2-testing/xen/arch/x86/Rules.mk @@ -7,6 +7,7 @@ HAS_CPUFREQ := y HAS_PCI := y HAS_PASSTHROUGH := y @@ -57,8 +61,10 @@ Acked-by: Keir Fraser HAS_KEXEC := y HAS_GDBSX := y xenoprof := y ---- a/xen/arch/x86/physdev.c -+++ b/xen/arch/x86/physdev.c +Index: xen-4.2.2-testing/xen/arch/x86/physdev.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/physdev.c ++++ xen-4.2.2-testing/xen/arch/x86/physdev.c @@ -8,6 +8,7 @@ #include #include @@ -67,7 +73,7 @@ Acked-by: Keir Fraser #include #include #include -@@ -722,6 +723,19 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H +@@ -734,6 +735,19 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H break; } @@ -87,8 +93,10 @@ Acked-by: Keir Fraser default: ret = -ENOSYS; break; ---- a/xen/arch/x86/setup.c -+++ b/xen/arch/x86/setup.c +Index: xen-4.2.2-testing/xen/arch/x86/setup.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/setup.c ++++ xen-4.2.2-testing/xen/arch/x86/setup.c @@ -606,6 +606,7 @@ void __init __start_xen(unsigned long mb ns16550.io_base = 0x2f8; ns16550.irq = 3; @@ -97,16 +105,20 @@ Acked-by: Keir Fraser console_init_preirq(); printk("Bootloader: %s\n", loader); ---- a/xen/drivers/char/Makefile -+++ b/xen/drivers/char/Makefile +Index: xen-4.2.2-testing/xen/drivers/char/Makefile +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/char/Makefile ++++ xen-4.2.2-testing/xen/drivers/char/Makefile @@ -1,4 +1,5 @@ obj-y += console.o obj-$(HAS_NS16550) += ns16550.o obj-$(HAS_PL011) += pl011.o +obj-$(HAS_EHCI) += ehci-dbgp.o obj-y += serial.o +Index: xen-4.2.2-testing/xen/drivers/char/ehci-dbgp.c +=================================================================== --- /dev/null -+++ b/xen/drivers/char/ehci-dbgp.c ++++ xen-4.2.2-testing/xen/drivers/char/ehci-dbgp.c @@ -0,0 +1,1577 @@ +/* + * Standalone EHCI USB debug driver @@ -1685,8 +1697,10 @@ Acked-by: Keir Fraser + + return -ENOSYS; +} ---- a/xen/drivers/char/serial.c -+++ b/xen/drivers/char/serial.c +Index: xen-4.2.2-testing/xen/drivers/char/serial.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/char/serial.c ++++ xen-4.2.2-testing/xen/drivers/char/serial.c @@ -265,6 +265,14 @@ int __init serial_parse_handle(char *con { int handle; @@ -1702,8 +1716,10 @@ Acked-by: Keir Fraser if ( strncmp(conf, "com", 3) ) goto fail; ---- a/xen/include/asm-x86/fixmap.h -+++ b/xen/include/asm-x86/fixmap.h +Index: xen-4.2.2-testing/xen/include/asm-x86/fixmap.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/fixmap.h ++++ xen-4.2.2-testing/xen/include/asm-x86/fixmap.h @@ -36,7 +36,15 @@ * from the end of virtual memory backwards. */ @@ -1721,9 +1737,11 @@ Acked-by: Keir Fraser #ifdef __i386__ FIX_PAE_HIGHMEM_0, FIX_PAE_HIGHMEM_END = FIX_PAE_HIGHMEM_0 + NR_CPUS-1, ---- a/xen/include/public/physdev.h -+++ b/xen/include/public/physdev.h -@@ -312,6 +312,24 @@ struct physdev_pci_device { +Index: xen-4.2.2-testing/xen/include/public/physdev.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/public/physdev.h ++++ xen-4.2.2-testing/xen/include/public/physdev.h +@@ -318,6 +318,24 @@ struct physdev_pci_device { typedef struct physdev_pci_device physdev_pci_device_t; DEFINE_XEN_GUEST_HANDLE(physdev_pci_device_t); @@ -1748,8 +1766,10 @@ Acked-by: Keir Fraser /* * Notify that some PIRQ-bound event channels have been unmasked. * ** This command is obsolete since interface version 0x00030202 and is ** ---- a/xen/include/xen/serial.h -+++ b/xen/include/xen/serial.h +Index: xen-4.2.2-testing/xen/include/xen/serial.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/serial.h ++++ xen-4.2.2-testing/xen/include/xen/serial.h @@ -69,9 +69,10 @@ struct uart_driver { }; diff --git a/25912-partial-libxl.patch b/25912-partial-libxl.patch deleted file mode 100644 index baafd03..0000000 --- a/25912-partial-libxl.patch +++ /dev/null @@ -1,146 +0,0 @@ -No functional change. - -The purpose is to make it easier to backport patches from Xen 4.3's -libxl, as Xen 4.3's libxl has had this done: - - libxl: Enable -Wshadow. - - It was convenient to invent $(CFLAGS_LIBXL) to do this. - - Various renamings to avoid shadowing standard functions: - - index(3) - - listen(2) - - link(2) - - abort(3) - - abs(3) - - Signed-off-by: Ian Campbell - -In this patch we do not change the others, and we do not enable --Wshadow. We're just trying to bring 4.2's libxl textually closer to -4.3's. - -Signed-off-by: Ian Jackson ---- - tools/libxl/libxl_event.c | 34 +++++++++++++++++----------------- - 1 files changed, 17 insertions(+), 17 deletions(-) - -Index: xen-4.2.1-testing/tools/libxl/libxl_event.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_event.c -+++ xen-4.2.1-testing/tools/libxl/libxl_event.c -@@ -167,15 +167,15 @@ static void time_insert_finite(libxl__gc - } - - static int time_register_finite(libxl__gc *gc, libxl__ev_time *ev, -- struct timeval abs) -+ struct timeval absolute) - { - int rc; - -- rc = OSEVENT_HOOK(timeout_register, &ev->for_app_reg, abs, ev); -+ rc = OSEVENT_HOOK(timeout_register, &ev->for_app_reg, absolute, ev); - if (rc) return rc; - - ev->infinite = 0; -- ev->abs = abs; -+ ev->abs = absolute; - time_insert_finite(gc, ev); - - return 0; -@@ -202,16 +202,16 @@ static void time_done_debug(libxl__gc *g - - int libxl__ev_time_register_abs(libxl__gc *gc, libxl__ev_time *ev, - libxl__ev_time_callback *func, -- struct timeval abs) -+ struct timeval absolute) - { - int rc; - - CTX_LOCK; - - DBG("ev_time=%p register abs=%lu.%06lu", -- ev, (unsigned long)abs.tv_sec, (unsigned long)abs.tv_usec); -+ ev, (unsigned long)absolute.tv_sec, (unsigned long)absolute.tv_usec); - -- rc = time_register_finite(gc, ev, abs); -+ rc = time_register_finite(gc, ev, absolute); - if (rc) goto out; - - ev->func = func; -@@ -228,7 +228,7 @@ int libxl__ev_time_register_rel(libxl__g - libxl__ev_time_callback *func, - int milliseconds /* as for poll(2) */) - { -- struct timeval abs; -+ struct timeval absolute; - int rc; - - CTX_LOCK; -@@ -238,10 +238,10 @@ int libxl__ev_time_register_rel(libxl__g - if (milliseconds < 0) { - ev->infinite = 1; - } else { -- rc = time_rel_to_abs(gc, milliseconds, &abs); -+ rc = time_rel_to_abs(gc, milliseconds, &absolute); - if (rc) goto out; - -- rc = time_register_finite(gc, ev, abs); -+ rc = time_register_finite(gc, ev, absolute); - if (rc) goto out; - } - -@@ -255,26 +255,26 @@ int libxl__ev_time_register_rel(libxl__g - } - - int libxl__ev_time_modify_abs(libxl__gc *gc, libxl__ev_time *ev, -- struct timeval abs) -+ struct timeval absolute) - { - int rc; - - CTX_LOCK; - - DBG("ev_time=%p modify abs==%lu.%06lu", -- ev, (unsigned long)abs.tv_sec, (unsigned long)abs.tv_usec); -+ ev, (unsigned long)absolute.tv_sec, (unsigned long)absolute.tv_usec); - - assert(libxl__ev_time_isregistered(ev)); - - if (ev->infinite) { -- rc = time_register_finite(gc, ev, abs); -+ rc = time_register_finite(gc, ev, absolute); - if (rc) goto out; - } else { -- rc = OSEVENT_HOOK(timeout_modify, &ev->for_app_reg, abs); -+ rc = OSEVENT_HOOK(timeout_modify, &ev->for_app_reg, absolute); - if (rc) goto out; - - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); -- ev->abs = abs; -+ ev->abs = absolute; - time_insert_finite(gc, ev); - } - -@@ -288,7 +288,7 @@ int libxl__ev_time_modify_abs(libxl__gc - int libxl__ev_time_modify_rel(libxl__gc *gc, libxl__ev_time *ev, - int milliseconds) - { -- struct timeval abs; -+ struct timeval absolute; - int rc; - - CTX_LOCK; -@@ -304,10 +304,10 @@ int libxl__ev_time_modify_rel(libxl__gc - goto out; - } - -- rc = time_rel_to_abs(gc, milliseconds, &abs); -+ rc = time_rel_to_abs(gc, milliseconds, &absolute); - if (rc) goto out; - -- rc = libxl__ev_time_modify_abs(gc, ev, abs); -+ rc = libxl__ev_time_modify_abs(gc, ev, absolute); - if (rc) goto out; - - rc = 0; diff --git a/25920-x86-APICV-enable.patch b/25920-x86-APICV-enable.patch index ee7ff85..983e58e 100644 --- a/25920-x86-APICV-enable.patch +++ b/25920-x86-APICV-enable.patch @@ -17,16 +17,14 @@ Signed-off-by: Jiongxi Li --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c -@@ -823,6 +823,14 @@ static int vlapic_write(struct vcpu *v, +@@ -822,6 +822,12 @@ static int vlapic_write(struct vcpu *v, return rc; } +int vlapic_apicv_write(struct vcpu *v, unsigned int offset) +{ + uint32_t val = vlapic_get_reg(vcpu_vlapic(v), offset); -+ -+ vlapic_reg_write(v, offset, val); -+ return 0; ++ return vlapic_reg_write(v, offset, val); +} + int hvm_x2apic_msr_write(struct vcpu *v, unsigned int msr, uint64_t msr_content) @@ -59,7 +57,7 @@ Signed-off-by: Jiongxi Li MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -2274,6 +2274,16 @@ static void vmx_idtv_reinject(unsigned l +@@ -2279,6 +2279,16 @@ static void vmx_idtv_reinject(unsigned l } } @@ -76,7 +74,7 @@ Signed-off-by: Jiongxi Li void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned int exit_reason, idtv_info, intr_info = 0, vector = 0; -@@ -2729,6 +2739,11 @@ void vmx_vmexit_handler(struct cpu_user_ +@@ -2741,6 +2751,11 @@ void vmx_vmexit_handler(struct cpu_user_ break; } diff --git a/25921-x86-APICV-delivery.patch b/25921-x86-APICV-delivery.patch index 0053af6..e6cc867 100644 --- a/25921-x86-APICV-delivery.patch +++ b/25921-x86-APICV-delivery.patch @@ -51,7 +51,7 @@ Committed-by: Keir Fraser int vlapic_ipi( struct vlapic *vlapic, uint32_t icr_low, uint32_t icr_high) { -@@ -1000,6 +1011,14 @@ void vlapic_adjust_i8259_target(struct d +@@ -996,6 +1007,14 @@ void vlapic_adjust_i8259_target(struct d pt_adjust_global_vcpu_target(v); } @@ -66,7 +66,7 @@ Committed-by: Keir Fraser int vlapic_has_pending_irq(struct vcpu *v) { struct vlapic *vlapic = vcpu_vlapic(v); -@@ -1012,6 +1031,9 @@ int vlapic_has_pending_irq(struct vcpu * +@@ -1008,6 +1027,9 @@ int vlapic_has_pending_irq(struct vcpu * if ( irr == -1 ) return -1; @@ -76,7 +76,7 @@ Committed-by: Keir Fraser isr = vlapic_find_highest_isr(vlapic); isr = (isr != -1) ? isr : 0; if ( (isr & 0xf0) >= (irr & 0xf0) ) -@@ -1024,6 +1046,9 @@ int vlapic_ack_pending_irq(struct vcpu * +@@ -1020,6 +1042,9 @@ int vlapic_ack_pending_irq(struct vcpu * { struct vlapic *vlapic = vcpu_vlapic(v); @@ -88,7 +88,7 @@ Committed-by: Keir Fraser --- a/xen/arch/x86/hvm/vmx/intr.c +++ b/xen/arch/x86/hvm/vmx/intr.c -@@ -206,6 +206,7 @@ void vmx_intr_assist(void) +@@ -209,6 +209,7 @@ void vmx_intr_assist(void) struct vcpu *v = current; unsigned int tpr_threshold = 0; enum hvm_intblk intblk; @@ -96,7 +96,7 @@ Committed-by: Keir Fraser /* Block event injection when single step with MTF. */ if ( unlikely(v->arch.hvm_vcpu.single_step) ) -@@ -216,7 +217,7 @@ void vmx_intr_assist(void) +@@ -219,7 +220,7 @@ void vmx_intr_assist(void) } /* Crank the handle on interrupt state. */ @@ -105,7 +105,7 @@ Committed-by: Keir Fraser do { intack = hvm_vcpu_has_pending_irq(v); -@@ -227,16 +228,34 @@ void vmx_intr_assist(void) +@@ -230,16 +231,34 @@ void vmx_intr_assist(void) goto out; intblk = hvm_interrupt_blocked(v, intack); @@ -145,7 +145,7 @@ Committed-by: Keir Fraser { enable_intr_window(v, intack); goto out; -@@ -253,6 +272,44 @@ void vmx_intr_assist(void) +@@ -256,6 +275,44 @@ void vmx_intr_assist(void) { hvm_inject_hw_exception(TRAP_machine_check, HVM_DELIVER_NO_ERROR_CODE); } @@ -190,7 +190,7 @@ Committed-by: Keir Fraser else { HVMTRACE_2D(INJ_VIRQ, intack.vector, /*fake=*/ 0); -@@ -262,11 +319,16 @@ void vmx_intr_assist(void) +@@ -265,11 +322,16 @@ void vmx_intr_assist(void) /* Is there another IRQ to queue up behind this one? */ intack = hvm_vcpu_has_pending_irq(v); @@ -291,7 +291,7 @@ Committed-by: Keir Fraser struct arch_vmx_struct *arch_vmx = &v->arch.hvm_vmx; --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1502,6 +1502,22 @@ static void vmx_set_info_guest(struct vc +@@ -1507,6 +1507,22 @@ static void vmx_set_info_guest(struct vc vmx_vmcs_exit(v); } @@ -314,7 +314,7 @@ Committed-by: Keir Fraser static struct hvm_function_table __read_mostly vmx_function_table = { .name = "VMX", .cpu_up_prepare = vmx_cpu_up_prepare, -@@ -1548,7 +1564,9 @@ static struct hvm_function_table __read_ +@@ -1553,7 +1569,9 @@ static struct hvm_function_table __read_ .nhvm_vmcx_guest_intercepts_trap = nvmx_intercepts_exception, .nhvm_vcpu_vmexit_trap = nvmx_vmexit_trap, .nhvm_intr_blocked = nvmx_intr_blocked, @@ -325,7 +325,7 @@ Committed-by: Keir Fraser }; struct hvm_function_table * __init start_vmx(void) -@@ -2284,6 +2302,17 @@ static int vmx_handle_apic_write(void) +@@ -2289,6 +2307,17 @@ static int vmx_handle_apic_write(void) return vlapic_apicv_write(current, offset); } @@ -343,7 +343,7 @@ Committed-by: Keir Fraser void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned int exit_reason, idtv_info, intr_info = 0, vector = 0; -@@ -2677,6 +2706,16 @@ void vmx_vmexit_handler(struct cpu_user_ +@@ -2689,6 +2718,16 @@ void vmx_vmexit_handler(struct cpu_user_ hvm_inject_hw_exception(TRAP_gp_fault, 0); break; diff --git a/25922-x86-APICV-x2APIC.patch b/25922-x86-APICV-x2APIC.patch index 6a4f55e..7c0bad8 100644 --- a/25922-x86-APICV-x2APIC.patch +++ b/25922-x86-APICV-x2APIC.patch @@ -16,8 +16,10 @@ corresponding x2apic MSRs: Signed-off-by: Jiongxi Li Committed-by: Keir Fraser ---- a/xen/arch/x86/hvm/vmx/vmcs.c -+++ b/xen/arch/x86/hvm/vmx/vmcs.c +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmcs.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmcs.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmcs.c @@ -658,7 +658,7 @@ static void vmx_set_host_env(struct vcpu (unsigned long)&get_cpu_info()->guest_cpu_user_regs.error_code); } @@ -82,9 +84,11 @@ Committed-by: Keir Fraser } /* I/O access bitmap. */ ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -2036,7 +2036,7 @@ static int vmx_msr_write_intercept(unsig +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -2041,7 +2041,7 @@ static int vmx_msr_write_intercept(unsig for ( ; (rc == 0) && lbr->count; lbr++ ) for ( i = 0; (rc == 0) && (i < lbr->count); i++ ) if ( (rc = vmx_add_guest_msr(lbr->base + i)) == 0 ) @@ -93,8 +97,10 @@ Committed-by: Keir Fraser } if ( (rc < 0) || ---- a/xen/include/asm-x86/hvm/vmx/vmcs.h -+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h +Index: xen-4.2.2-testing/xen/include/asm-x86/hvm/vmx/vmcs.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/hvm/vmx/vmcs.h ++++ xen-4.2.2-testing/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -407,7 +407,9 @@ enum vmcs_field { #define VMCS_VPID_WIDTH 16 @@ -106,9 +112,11 @@ Committed-by: Keir Fraser int vmx_read_guest_msr(u32 msr, u64 *val); int vmx_write_guest_msr(u32 msr, u64 val); int vmx_add_guest_msr(u32 msr); ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h -@@ -291,6 +291,9 @@ +Index: xen-4.2.2-testing/xen/include/asm-x86/msr-index.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/msr-index.h ++++ xen-4.2.2-testing/xen/include/asm-x86/msr-index.h +@@ -293,6 +293,9 @@ #define MSR_IA32_APICBASE_ENABLE (1<<11) #define MSR_IA32_APICBASE_BASE (0xfffff<<12) #define MSR_IA32_APICBASE_MSR 0x800 diff --git a/25952-x86-MMIO-remap-permissions.patch b/25952-x86-MMIO-remap-permissions.patch index d28e54a..1fee502 100644 --- a/25952-x86-MMIO-remap-permissions.patch +++ b/25952-x86-MMIO-remap-permissions.patch @@ -17,11 +17,11 @@ domain's permission is sufficient. Signed-off-by: Daniel De Graaf Committed-by: Jan Beulich -Index: xen-4.2.0-testing/xen/arch/x86/mm.c +Index: xen-4.2.2-testing/xen/arch/x86/mm.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/mm.c -+++ xen-4.2.0-testing/xen/arch/x86/mm.c -@@ -883,6 +883,19 @@ get_page_from_l1e( +--- xen-4.2.2-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.2-testing/xen/arch/x86/mm.c +@@ -884,6 +884,19 @@ get_page_from_l1e( return -EINVAL; } diff --git a/25957-x86-TSC-adjust-HVM.patch b/25957-x86-TSC-adjust-HVM.patch index d1f3b06..861e2ad 100644 --- a/25957-x86-TSC-adjust-HVM.patch +++ b/25957-x86-TSC-adjust-HVM.patch @@ -24,10 +24,10 @@ would be happy when sync tsc. Signed-off-by: Liu, Jinsong Committed-by: Jan Beulich -Index: xen-4.2.0-testing/xen/arch/x86/hvm/hvm.c +Index: xen-4.2.2-testing/xen/arch/x86/hvm/hvm.c =================================================================== ---- xen-4.2.0-testing.orig/xen/arch/x86/hvm/hvm.c -+++ xen-4.2.0-testing/xen/arch/x86/hvm/hvm.c +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/hvm.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/hvm.c @@ -244,6 +244,7 @@ int hvm_set_guest_pat(struct vcpu *v, u6 void hvm_set_guest_tsc(struct vcpu *v, u64 guest_tsc) { @@ -103,10 +103,10 @@ Index: xen-4.2.0-testing/xen/arch/x86/hvm/hvm.c paging_update_paging_modes(v); v->arch.flags |= TF_kernel_mode; -Index: xen-4.2.0-testing/xen/include/asm-x86/hvm/vcpu.h +Index: xen-4.2.2-testing/xen/include/asm-x86/hvm/vcpu.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/hvm/vcpu.h -+++ xen-4.2.0-testing/xen/include/asm-x86/hvm/vcpu.h +--- xen-4.2.2-testing.orig/xen/include/asm-x86/hvm/vcpu.h ++++ xen-4.2.2-testing/xen/include/asm-x86/hvm/vcpu.h @@ -137,6 +137,7 @@ struct hvm_vcpu { struct hvm_vcpu_asid n1asid; @@ -115,11 +115,11 @@ Index: xen-4.2.0-testing/xen/include/asm-x86/hvm/vcpu.h /* VPMU */ struct vpmu_struct vpmu; -Index: xen-4.2.0-testing/xen/include/asm-x86/msr-index.h +Index: xen-4.2.2-testing/xen/include/asm-x86/msr-index.h =================================================================== ---- xen-4.2.0-testing.orig/xen/include/asm-x86/msr-index.h -+++ xen-4.2.0-testing/xen/include/asm-x86/msr-index.h -@@ -284,6 +284,7 @@ +--- xen-4.2.2-testing.orig/xen/include/asm-x86/msr-index.h ++++ xen-4.2.2-testing/xen/include/asm-x86/msr-index.h +@@ -286,6 +286,7 @@ #define MSR_IA32_PLATFORM_ID 0x00000017 #define MSR_IA32_EBL_CR_POWERON 0x0000002a #define MSR_IA32_EBC_FREQUENCY_ID 0x0000002c diff --git a/25975-x86-IvyBridge.patch b/25975-x86-IvyBridge.patch index 399488a..9521b76 100644 --- a/25975-x86-IvyBridge.patch +++ b/25975-x86-IvyBridge.patch @@ -10,8 +10,10 @@ And some initial Haswell ones at once. Signed-off-by: Jan Beulich Acked-by: "Nakajima, Jun" ---- a/xen/arch/x86/acpi/cpu_idle.c -+++ b/xen/arch/x86/acpi/cpu_idle.c +Index: xen-4.2.2-testing/xen/arch/x86/acpi/cpu_idle.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/acpi/cpu_idle.c ++++ xen-4.2.2-testing/xen/arch/x86/acpi/cpu_idle.c @@ -105,11 +105,15 @@ static void do_get_hw_residencies(void * switch ( c->x86_model ) @@ -30,9 +32,11 @@ Acked-by: "Nakajima, Jun" GET_PC2_RES(hw_res->pc2); GET_CC7_RES(hw_res->cc7); /* fall through */ ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1820,7 +1820,9 @@ static const struct lbr_info *last_branc +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -1825,7 +1825,9 @@ static const struct lbr_info *last_branc /* Sandy Bridge */ case 42: case 45: /* Ivy Bridge */ @@ -43,9 +47,11 @@ Acked-by: "Nakajima, Jun" return nh_lbr; break; /* Atom */ ---- a/xen/arch/x86/hvm/vmx/vpmu_core2.c -+++ b/xen/arch/x86/hvm/vmx/vpmu_core2.c -@@ -747,6 +747,7 @@ int vmx_vpmu_initialise(struct vcpu *v, +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vpmu_core2.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vpmu_core2.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vpmu_core2.c +@@ -747,6 +747,7 @@ int vmx_vpmu_initialise(struct vcpu *v, case 46: case 47: case 58: diff --git a/26060-ACPI-ERST-table-size-checks.patch b/26060-ACPI-ERST-table-size-checks.patch deleted file mode 100644 index 5ef6ce8..0000000 --- a/26060-ACPI-ERST-table-size-checks.patch +++ /dev/null @@ -1,67 +0,0 @@ -References: bnc#785211 - -# HG changeset patch -# User Huang Ying -# Date 1350401196 -7200 -# Node ID 4fc87c2f31a02c770655518c9e4d389302564f00 -# Parent c1c549c4fe9ebdc460cbf51e296edad157b6e518 -ACPI: fix APEI related table size checking - -On Huang Ying's machine: - -erst_tab->header_length == sizeof(struct acpi_table_einj) - -but Yinghai reported that on his machine, - -erst_tab->header_length == sizeof(struct acpi_table_einj) - -sizeof(struct acpi_table_header) - -To make erst table size checking code works on all systems, both -testing are treated as PASS. - -Same situation applies to einj_tab->header_length, so corresponding -table size checking is changed in similar way too. - -Originally-by: Yinghai Lu -Signed-off-by: Huang Ying - -- use switch() for better readability -- add comment explaining why a formally invalid size it also being - accepted -- check erst_tab->header.length before even looking at - erst_tab->header_length -- prefer sizeof(*erst_tab) over sizeof(struct acpi_table_erst) - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser -Committed-by: Jan Beulich - ---- a/xen/drivers/acpi/apei/erst.c -+++ b/xen/drivers/acpi/apei/erst.c -@@ -715,12 +715,23 @@ int erst_clear(u64 record_id) - - static int __init erst_check_table(struct acpi_table_erst *erst_tab) - { -- if (erst_tab->header_length != sizeof(struct acpi_table_erst)) -+ if (erst_tab->header.length < sizeof(*erst_tab)) - return -EINVAL; -- if (erst_tab->header.length < sizeof(struct acpi_table_erst)) -+ -+ switch (erst_tab->header_length) { -+ case sizeof(*erst_tab) - sizeof(erst_tab->header): -+ /* -+ * While invalid per specification, there are (early?) systems -+ * indicating the full header size here, so accept that value too. -+ */ -+ case sizeof(*erst_tab): -+ break; -+ default: - return -EINVAL; -+ } -+ - if (erst_tab->entries != -- (erst_tab->header.length - sizeof(struct acpi_table_erst)) / -+ (erst_tab->header.length - sizeof(*erst_tab)) / - sizeof(struct acpi_erst_entry)) - return -EINVAL; - diff --git a/26062-ACPI-ERST-move-data.patch b/26062-ACPI-ERST-move-data.patch deleted file mode 100644 index b817792..0000000 --- a/26062-ACPI-ERST-move-data.patch +++ /dev/null @@ -1,95 +0,0 @@ -References: bnc#785211 - -# HG changeset patch -# User Huang Ying -# Date 1350475926 -7200 -# Node ID ec8a091efcce717584b00ce76e3cec40a6247ebc -# Parent 4b4c0c7a6031820ab521fdd6764cb0df157f44bf -ACPI/APEI: fix ERST MOVE_DATA instruction implementation - -The src_base and dst_base fields in apei_exec_context are physical -address, so they should be ioremaped before being used in ERST -MOVE_DATA instruction. - -Reported-by: Javier Martinez Canillas -Reported-by: Andrew Morton -Signed-off-by: Huang Ying - -Replace use of ioremap() by __acpi_map_table()/set_fixmap(). Fix error -handling. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser -Committed-by: Jan Beulich - ---- a/xen/drivers/acpi/apei/erst.c -+++ b/xen/drivers/acpi/apei/erst.c -@@ -247,15 +247,64 @@ static int erst_exec_move_data(struct ap - { - int rc; - u64 offset; -+#ifdef CONFIG_X86 -+ enum fixed_addresses idx; -+#endif -+ void *src, *dst; -+ -+ /* ioremap does not work in interrupt context */ -+ if (in_irq()) { -+ printk(KERN_WARNING -+ "MOVE_DATA cannot be used in interrupt context\n"); -+ return -EBUSY; -+ } - - rc = __apei_exec_read_register(entry, &offset); - if (rc) - return rc; -- memmove((void *)(unsigned long)(ctx->dst_base + offset), -- (void *)(unsigned long)(ctx->src_base + offset), -- ctx->var2); - -- return 0; -+#ifdef CONFIG_X86 -+ switch (ctx->var2) { -+ case 0: -+ return 0; -+ case 1 ... PAGE_SIZE: -+ break; -+ default: -+ printk(KERN_WARNING -+ "MOVE_DATA cannot be used for %#"PRIx64" bytes of data\n", -+ ctx->var2); -+ return -EOPNOTSUPP; -+ } -+ -+ src = __acpi_map_table(ctx->src_base + offset, ctx->var2); -+#else -+ src = ioremap(ctx->src_base + offset, ctx->var2); -+#endif -+ if (!src) -+ return -ENOMEM; -+ -+#ifdef CONFIG_X86 -+ BUILD_BUG_ON(FIX_ACPI_PAGES < 4); -+ idx = virt_to_fix((unsigned long)src + 2 * PAGE_SIZE); -+ offset += ctx->dst_base; -+ dst = (void *)fix_to_virt(idx) + (offset & ~PAGE_MASK); -+ set_fixmap(idx, offset); -+ if (PFN_DOWN(offset) != PFN_DOWN(offset + ctx->var2 - 1)) { -+ idx = virt_to_fix((unsigned long)dst + PAGE_SIZE); -+ set_fixmap(idx, offset + PAGE_SIZE); -+ } -+#else -+ dst = ioremap(ctx->dst_base + offset, ctx->var2); -+#endif -+ if (dst) { -+ memmove(dst, src, ctx->var2); -+ iounmap(dst); -+ } else -+ rc = -ENOMEM; -+ -+ iounmap(src); -+ -+ return rc; - } - - static struct apei_exec_ins_type erst_ins_type[] = { diff --git a/26133-IOMMU-defer-BM-disable.patch b/26133-IOMMU-defer-BM-disable.patch index 7e006d4..5674ed9 100644 --- a/26133-IOMMU-defer-BM-disable.patch +++ b/26133-IOMMU-defer-BM-disable.patch @@ -15,9 +15,11 @@ Signed-off-by: Jan Beulich Acked-by: Tim Deegan Acked-by: Dario Faggioli ---- a/xen/drivers/passthrough/amd/iommu_init.c -+++ b/xen/drivers/passthrough/amd/iommu_init.c -@@ -564,7 +564,7 @@ static hw_irq_controller iommu_msi_type +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_init.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/iommu_init.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_init.c +@@ -564,7 +564,7 @@ static hw_irq_controller iommu_msi_type static void parse_event_log_entry(struct amd_iommu *iommu, u32 entry[]) { @@ -47,9 +49,11 @@ Acked-by: Dario Faggioli } else { ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -214,6 +214,7 @@ static int device_assigned(u16 seg, u8 b +Index: xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +@@ -218,6 +218,7 @@ static int device_assigned(u16 seg, u8 b static int assign_device(struct domain *d, u16 seg, u8 bus, u8 devfn) { struct hvm_iommu *hd = domain_hvm_iommu(d); @@ -57,7 +61,7 @@ Acked-by: Dario Faggioli int rc = 0; if ( !iommu_enabled || !hd->platform_ops ) -@@ -227,6 +228,10 @@ static int assign_device(struct domain * +@@ -231,6 +232,10 @@ static int assign_device(struct domain * return -EXDEV; spin_lock(&pcidevs_lock); @@ -68,7 +72,7 @@ Acked-by: Dario Faggioli if ( (rc = hd->platform_ops->assign_device(d, seg, bus, devfn)) ) goto done; -@@ -378,6 +383,8 @@ int deassign_device(struct domain *d, u1 +@@ -382,6 +387,8 @@ int deassign_device(struct domain *d, u1 return ret; } @@ -77,8 +81,10 @@ Acked-by: Dario Faggioli if ( !has_arch_pdevs(d) && need_iommu(d) ) { d->need_iommu = 0; ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c @@ -637,6 +637,36 @@ int __init pci_device_detect(u16 seg, u8 return 1; } @@ -116,8 +122,10 @@ Acked-by: Dario Faggioli /* * scan pci devices to add all existed PCI devices to alldevs_list, * and setup pci hierarchy in array bus2bridge. ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -936,7 +936,7 @@ static void __do_iommu_page_fault(struct while (1) { @@ -144,9 +152,11 @@ Acked-by: Dario Faggioli fault_index++; if ( fault_index > cap_num_fault_regs(iommu->cap) ) ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -64,6 +64,11 @@ struct pci_dev { +Index: xen-4.2.2-testing/xen/include/xen/pci.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci.h ++++ xen-4.2.2-testing/xen/include/xen/pci.h +@@ -65,6 +65,11 @@ struct pci_dev { const u8 devfn; struct pci_dev_info info; struct arch_pci_dev arch; @@ -158,7 +168,7 @@ Acked-by: Dario Faggioli u64 vf_rlen[6]; }; -@@ -106,6 +111,7 @@ void arch_pci_ro_device(int seg, int bdf +@@ -107,6 +112,7 @@ void arch_pci_ro_device(int seg, int bdf struct pci_dev *pci_get_pdev(int seg, int bus, int devfn); struct pci_dev *pci_get_pdev_by_domain( struct domain *, int seg, int bus, int devfn); diff --git a/26183-x86-HPET-masking.patch b/26183-x86-HPET-masking.patch deleted file mode 100644 index c8cb5e0..0000000 --- a/26183-x86-HPET-masking.patch +++ /dev/null @@ -1,88 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1353575003 -3600 -# Node ID c139ca92edca2fab8ec95deb7fd9e4246c3fe28d -# Parent af6b72a224e99a4a516fbc2eecc06ada569304e8 -x86/HPET: fix FSB interrupt masking - -HPET_TN_FSB is not really suitable for masking interrupts - it merely -switches between the two delivery methods. The right way of masking is -through the HPET_TN_ENABLE bit (which really is an interrupt enable, -not a counter enable or some such). This is even more so with certain -chip sets not even allowing HPET_TN_FSB to be cleared on some of the -channels. - -Further, all the setup of the channel should happen before actually -enabling the interrupt, which requires splitting legacy and FSB logic. - -Finally this also fixes an S3 resume problem (HPET_TN_FSB did not get -set in hpet_broadcast_resume(), and hpet_msi_unmask() doesn't get -called from the general resume code either afaict). - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/arch/x86/hpet.c -+++ b/xen/arch/x86/hpet.c -@@ -236,7 +236,7 @@ static void hpet_msi_unmask(struct irq_d - struct hpet_event_channel *ch = desc->action->dev_id; - - cfg = hpet_read32(HPET_Tn_CFG(ch->idx)); -- cfg |= HPET_TN_FSB; -+ cfg |= HPET_TN_ENABLE; - hpet_write32(cfg, HPET_Tn_CFG(ch->idx)); - } - -@@ -246,7 +246,7 @@ static void hpet_msi_mask(struct irq_des - struct hpet_event_channel *ch = desc->action->dev_id; - - cfg = hpet_read32(HPET_Tn_CFG(ch->idx)); -- cfg &= ~HPET_TN_FSB; -+ cfg &= ~HPET_TN_ENABLE; - hpet_write32(cfg, HPET_Tn_CFG(ch->idx)); - } - -@@ -319,8 +319,14 @@ static void __hpet_setup_msi_irq(struct - static int __init hpet_setup_msi_irq(unsigned int irq, struct hpet_event_channel *ch) - { - int ret; -+ u32 cfg = hpet_read32(HPET_Tn_CFG(ch->idx)); - irq_desc_t *desc = irq_to_desc(irq); - -+ /* set HPET Tn as oneshot */ -+ cfg &= ~(HPET_TN_LEVEL | HPET_TN_PERIODIC); -+ cfg |= HPET_TN_FSB | HPET_TN_32BIT; -+ hpet_write32(cfg, HPET_Tn_CFG(ch->idx)); -+ - desc->handler = &hpet_msi_type; - ret = request_irq(irq, hpet_interrupt_handler, 0, "HPET", ch); - if ( ret < 0 ) -@@ -541,11 +547,14 @@ void __init hpet_broadcast_init(void) - - for ( i = 0; i < n; i++ ) - { -- /* set HPET Tn as oneshot */ -- cfg = hpet_read32(HPET_Tn_CFG(hpet_events[i].idx)); -- cfg &= ~(HPET_TN_LEVEL | HPET_TN_PERIODIC); -- cfg |= HPET_TN_ENABLE | HPET_TN_32BIT; -- hpet_write32(cfg, HPET_Tn_CFG(hpet_events[i].idx)); -+ if ( i == 0 && (cfg & HPET_CFG_LEGACY) ) -+ { -+ /* set HPET T0 as oneshot */ -+ cfg = hpet_read32(HPET_Tn_CFG(0)); -+ cfg &= ~(HPET_TN_LEVEL | HPET_TN_PERIODIC); -+ cfg |= HPET_TN_ENABLE | HPET_TN_32BIT; -+ hpet_write32(cfg, HPET_Tn_CFG(0)); -+ } - - /* - * The period is a femto seconds value. We need to calculate the scaled -@@ -602,6 +611,8 @@ void hpet_broadcast_resume(void) - cfg = hpet_read32(HPET_Tn_CFG(hpet_events[i].idx)); - cfg &= ~(HPET_TN_LEVEL | HPET_TN_PERIODIC); - cfg |= HPET_TN_ENABLE | HPET_TN_32BIT; -+ if ( !(hpet_events[i].flags & HPET_EVT_LEGACY) ) -+ cfg |= HPET_TN_FSB; - hpet_write32(cfg, HPET_Tn_CFG(hpet_events[i].idx)); - - hpet_events[i].next_event = STIME_MAX; diff --git a/26200-IOMMU-debug-verbose.patch b/26200-IOMMU-debug-verbose.patch deleted file mode 100644 index 23778b2..0000000 --- a/26200-IOMMU-debug-verbose.patch +++ /dev/null @@ -1,28 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1354118456 -3600 -# Node ID 836697b197462f89a4d296da9482d1719dcc0836 -# Parent 1fce7522daa6bab9fce93b95adf592193c904097 -IOMMU: imply "verbose" from "debug" - -I think that generally enabling debugging code without also enabling -verbose output is rather pointless; if someone really wants this, they -can always pass e.g. "iommu=debug,no-verbose". - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -91,7 +91,11 @@ static void __init parse_iommu_param(cha - else if ( !strcmp(s, "intremap") ) - iommu_intremap = val; - else if ( !strcmp(s, "debug") ) -+ { - iommu_debug = val; -+ if ( val ) -+ iommu_verbose = 1; -+ } - else if ( !strcmp(s, "amd-iommu-perdev-intremap") ) - amd_iommu_perdev_intremap = val; - else if ( !strcmp(s, "dom0-passthrough") ) diff --git a/26235-IOMMU-ATS-max-queue-depth.patch b/26235-IOMMU-ATS-max-queue-depth.patch deleted file mode 100644 index 2cc6c38..0000000 --- a/26235-IOMMU-ATS-max-queue-depth.patch +++ /dev/null @@ -1,52 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1354697534 -3600 -# Node ID 670b07e8d7382229639af0d1df30071e6c1ebb19 -# Parent bc624b00d6d601f00a53c2f7502a82dcef60f882 -IOMMU/ATS: fix maximum queue depth calculation - -The capabilities register field is a 5-bit value, and the 5 bits all -being zero actually means 32 entries. - -Under the assumption that amd_iommu_flush_iotlb() really just tried -to correct for the miscalculation above when adding 32 to the value, -that adjustment is also being removed. - -Signed-off-by: Jan Beulich -Acked-by Xiantao Zhang -Acked-by: Wei Huang - ---- a/xen/drivers/passthrough/amd/iommu_cmd.c -+++ b/xen/drivers/passthrough/amd/iommu_cmd.c -@@ -321,7 +321,7 @@ void amd_iommu_flush_iotlb(struct pci_de - - req_id = get_dma_requestor_id(iommu->seg, bdf); - queueid = req_id; -- maxpend = (ats_pdev->ats_queue_depth + 32) & 0xff; -+ maxpend = ats_pdev->ats_queue_depth & 0xff; - - /* send INVALIDATE_IOTLB_PAGES command */ - spin_lock_irqsave(&iommu->lock, flags); ---- a/xen/drivers/passthrough/ats.h -+++ b/xen/drivers/passthrough/ats.h -@@ -30,7 +30,7 @@ struct pci_ats_dev { - - #define ATS_REG_CAP 4 - #define ATS_REG_CTL 6 --#define ATS_QUEUE_DEPTH_MASK 0xF -+#define ATS_QUEUE_DEPTH_MASK 0x1f - #define ATS_ENABLE (1<<15) - - extern struct list_head ats_devices; ---- a/xen/drivers/passthrough/x86/ats.c -+++ b/xen/drivers/passthrough/x86/ats.c -@@ -93,7 +93,8 @@ int enable_ats_device(int seg, int bus, - pdev->devfn = devfn; - value = pci_conf_read16(seg, bus, PCI_SLOT(devfn), - PCI_FUNC(devfn), pos + ATS_REG_CAP); -- pdev->ats_queue_depth = value & ATS_QUEUE_DEPTH_MASK; -+ pdev->ats_queue_depth = value & ATS_QUEUE_DEPTH_MASK ?: -+ ATS_QUEUE_DEPTH_MASK + 1; - list_add(&pdev->list, &ats_devices); - } - diff --git a/26252-VMX-nested-rflags.patch b/26252-VMX-nested-rflags.patch deleted file mode 100644 index 77b8e09..0000000 --- a/26252-VMX-nested-rflags.patch +++ /dev/null @@ -1,28 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354812866 0 -# Node ID 312f0713dfc98635fd9ed4b42481581489faa28f -# Parent bfd8e96fa3f157630f9698401a1f040ca1776c8e -nested vmx: fix rflags status in virtual vmexit - -As stated in SDM, all bits (except for those 1-reserved) in rflags -would be set to 0 in VM exit. Therefore we need to follow this logic -in virtual_vmexit. - -Signed-off-by: Xiantao Zhang -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -990,7 +990,8 @@ static void virtual_vmexit(struct cpu_us - - regs->eip = __get_vvmcs(nvcpu->nv_vvmcx, HOST_RIP); - regs->esp = __get_vvmcs(nvcpu->nv_vvmcx, HOST_RSP); -- regs->eflags = __vmread(GUEST_RFLAGS); -+ /* VM exit clears all bits except bit 1 */ -+ regs->eflags = 0x2; - - /* updating host cr0 to sync TS bit */ - __vmwrite(HOST_CR0, v->arch.hvm_vmx.host_cr0); diff --git a/26253-VMX-nested-rdtsc.patch b/26253-VMX-nested-rdtsc.patch deleted file mode 100644 index 87c0b7c..0000000 --- a/26253-VMX-nested-rdtsc.patch +++ /dev/null @@ -1,46 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354812981 0 -# Node ID a09150b57ace2fa786dcaefa958f0b197b1b6d4c -# Parent 312f0713dfc98635fd9ed4b42481581489faa28f -nested vmx: fix handling of RDTSC - -If L0 is to handle the TSC access, then we need to update guest EIP by -calling update_guest_eip(). - -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1613,7 +1613,7 @@ static int get_instruction_length(void) - return len; - } - --static void update_guest_eip(void) -+void update_guest_eip(void) - { - struct cpu_user_regs *regs = guest_cpu_user_regs(); - unsigned long x; ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -1558,6 +1558,7 @@ int nvmx_n2_vmexit_handler(struct cpu_us - tsc += __get_vvmcs(nvcpu->nv_vvmcx, TSC_OFFSET); - regs->eax = (uint32_t)tsc; - regs->edx = (uint32_t)(tsc >> 32); -+ update_guest_eip(); - - return 1; - } ---- a/xen/include/asm-x86/hvm/vmx/vmx.h -+++ b/xen/include/asm-x86/hvm/vmx/vmx.h -@@ -396,6 +396,8 @@ void ept_p2m_init(struct p2m_domain *p2m - void ept_walk_table(struct domain *d, unsigned long gfn); - void setup_ept_dump(void); - -+void update_guest_eip(void); -+ - /* EPT violation qualifications definitions */ - #define _EPT_READ_VIOLATION 0 - #define EPT_READ_VIOLATION (1UL<<_EPT_READ_VIOLATION) diff --git a/26254-VMX-nested-dr.patch b/26254-VMX-nested-dr.patch deleted file mode 100644 index 5aa3792..0000000 --- a/26254-VMX-nested-dr.patch +++ /dev/null @@ -1,27 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354813009 0 -# Node ID e6eb1e52da7cfcb1a7697b35b4d842f35107d1ed -# Parent a09150b57ace2fa786dcaefa958f0b197b1b6d4c -nested vmx: fix DR access VM exit - -For DR register, we use lazy restore mechanism when access -it. Therefore when receiving such VM exit, L0 should be responsible to -switch to the right DR values, then inject to L1 hypervisor. - -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -1585,7 +1585,8 @@ int nvmx_n2_vmexit_handler(struct cpu_us - break; - case EXIT_REASON_DR_ACCESS: - ctrl = __n2_exec_control(v); -- if ( ctrl & CPU_BASED_MOV_DR_EXITING ) -+ if ( (ctrl & CPU_BASED_MOV_DR_EXITING) && -+ v->arch.hvm_vcpu.flag_dr_dirty ) - nvcpu->nv_vmexit_pending = 1; - break; - case EXIT_REASON_INVLPG: diff --git a/26255-VMX-nested-ia32e-mode.patch b/26255-VMX-nested-ia32e-mode.patch deleted file mode 100644 index 68a2cd7..0000000 --- a/26255-VMX-nested-ia32e-mode.patch +++ /dev/null @@ -1,30 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354813046 0 -# Node ID 1ed1507fa0407f1da715d04fe1b510e81ca4fb31 -# Parent e6eb1e52da7cfcb1a7697b35b4d842f35107d1ed -nested vmx: enable IA32E mode while do VM entry - -Some VMMs may check the platform capability to judge whether long -mode guest is supported. Therefore we need to expose this bit to -guest VMM. - -Xen on Xen works fine in current solution because Xen doesn't -check this capability but directly set it in VMCS if guest -supports long mode. - -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vvmx.c -+++ b/xen/arch/x86/hvm/vmx/vvmx.c -@@ -1351,7 +1351,7 @@ int nvmx_msr_read_intercept(unsigned int - case MSR_IA32_VMX_ENTRY_CTLS: - /* bit 0-8, and 12 must be 1 (refer G5 of SDM) */ - data = 0x11ff; -- data = (data << 32) | data; -+ data = ((data | VM_ENTRY_IA32E_MODE) << 32) | data; - break; - - case IA32_FEATURE_CONTROL_MSR: diff --git a/26258-VMX-nested-intr-delivery.patch b/26258-VMX-nested-intr-delivery.patch deleted file mode 100644 index f80dd49..0000000 --- a/26258-VMX-nested-intr-delivery.patch +++ /dev/null @@ -1,45 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1354813139 0 -# Node ID 90831c29bfde6aac013b7e5ec98934a4953c31c9 -# Parent 25dd352265ca23750f1a1a983124b36f518c4384 -nested vmx: fix interrupt delivery to L2 guest - -While delivering interrupt into L2 guest, L0 hypervisor need to check -whether L1 hypervisor wants to own the interrupt, if not, directly -inject the interrupt into L2 guest. - -Signed-off-by: Xiantao Zhang -Signed-off-by: Dongxiao Xu -Acked-by: Jan Beulich -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/intr.c -+++ b/xen/arch/x86/hvm/vmx/intr.c -@@ -163,7 +163,7 @@ enum hvm_intblk nvmx_intr_blocked(struct - - static int nvmx_intr_intercept(struct vcpu *v, struct hvm_intack intack) - { -- u32 exit_ctrl; -+ u32 ctrl; - - if ( nvmx_intr_blocked(v) != hvm_intblk_none ) - { -@@ -176,11 +176,14 @@ static int nvmx_intr_intercept(struct vc - if ( intack.source == hvm_intsrc_pic || - intack.source == hvm_intsrc_lapic ) - { -+ ctrl = __get_vvmcs(vcpu_nestedhvm(v).nv_vvmcx, PIN_BASED_VM_EXEC_CONTROL); -+ if ( !(ctrl & PIN_BASED_EXT_INTR_MASK) ) -+ return 0; -+ - vmx_inject_extint(intack.vector); - -- exit_ctrl = __get_vvmcs(vcpu_nestedhvm(v).nv_vvmcx, -- VM_EXIT_CONTROLS); -- if ( exit_ctrl & VM_EXIT_ACK_INTR_ON_EXIT ) -+ ctrl = __get_vvmcs(vcpu_nestedhvm(v).nv_vvmcx, VM_EXIT_CONTROLS); -+ if ( ctrl & VM_EXIT_ACK_INTR_ON_EXIT ) - { - /* for now, duplicate the ack path in vmx_intr_assist */ - hvm_vcpu_ack_pending_irq(v, intack); diff --git a/26266-sched-ratelimit-check.patch b/26266-sched-ratelimit-check.patch deleted file mode 100644 index 7dd5444..0000000 --- a/26266-sched-ratelimit-check.patch +++ /dev/null @@ -1,70 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1355134467 -3600 -# Node ID 8d209624ea83b272e1ebd713a928c38d4782f4f1 -# Parent f96a0cda12160f497981a37f6922a1ed7db9a462 -scheduler: fix rate limit range checking - -For one, neither of the two checks permitted for the documented value -of zero (disabling the functionality altogether). - -Second, the range checking of the command line parameter was done by -the credit scheduler's initialization code, despite it being a generic -scheduler option. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/common/sched_credit.c -+++ b/xen/common/sched_credit.c -@@ -846,8 +846,9 @@ csched_sys_cntl(const struct scheduler * - case XEN_SYSCTL_SCHEDOP_putinfo: - if (params->tslice_ms > XEN_SYSCTL_CSCHED_TSLICE_MAX - || params->tslice_ms < XEN_SYSCTL_CSCHED_TSLICE_MIN -- || params->ratelimit_us > XEN_SYSCTL_SCHED_RATELIMIT_MAX -- || params->ratelimit_us < XEN_SYSCTL_SCHED_RATELIMIT_MIN -+ || (params->ratelimit_us -+ && (params->ratelimit_us > XEN_SYSCTL_SCHED_RATELIMIT_MAX -+ || params->ratelimit_us < XEN_SYSCTL_SCHED_RATELIMIT_MIN)) - || MICROSECS(params->ratelimit_us) > MILLISECS(params->tslice_ms) ) - goto out; - prv->tslice_ms = params->tslice_ms; -@@ -1607,17 +1608,6 @@ csched_init(struct scheduler *ops) - sched_credit_tslice_ms = CSCHED_DEFAULT_TSLICE_MS; - } - -- if ( sched_ratelimit_us > XEN_SYSCTL_SCHED_RATELIMIT_MAX -- || sched_ratelimit_us < XEN_SYSCTL_SCHED_RATELIMIT_MIN ) -- { -- printk("WARNING: sched_ratelimit_us outside of valid range [%d,%d].\n" -- " Resetting to default %u\n", -- XEN_SYSCTL_SCHED_RATELIMIT_MIN, -- XEN_SYSCTL_SCHED_RATELIMIT_MAX, -- SCHED_DEFAULT_RATELIMIT_US); -- sched_ratelimit_us = SCHED_DEFAULT_RATELIMIT_US; -- } -- - prv->tslice_ms = sched_credit_tslice_ms; - prv->ticks_per_tslice = CSCHED_TICKS_PER_TSLICE; - if ( prv->tslice_ms < prv->ticks_per_tslice ) ---- a/xen/common/schedule.c -+++ b/xen/common/schedule.c -@@ -1322,6 +1322,18 @@ void __init scheduler_init(void) - if ( SCHED_OP(&ops, init) ) - panic("scheduler returned error on init\n"); - -+ if ( sched_ratelimit_us && -+ (sched_ratelimit_us > XEN_SYSCTL_SCHED_RATELIMIT_MAX -+ || sched_ratelimit_us < XEN_SYSCTL_SCHED_RATELIMIT_MIN) ) -+ { -+ printk("WARNING: sched_ratelimit_us outside of valid range [%d,%d].\n" -+ " Resetting to default %u\n", -+ XEN_SYSCTL_SCHED_RATELIMIT_MIN, -+ XEN_SYSCTL_SCHED_RATELIMIT_MAX, -+ SCHED_DEFAULT_RATELIMIT_US); -+ sched_ratelimit_us = SCHED_DEFAULT_RATELIMIT_US; -+ } -+ - idle_domain = domain_create(DOMID_IDLE, 0, 0); - BUG_ON(IS_ERR(idle_domain)); - idle_domain->vcpu = idle_vcpu; diff --git a/26287-sched-credit-pick-idle.patch b/26287-sched-credit-pick-idle.patch deleted file mode 100644 index 3807bb0..0000000 --- a/26287-sched-credit-pick-idle.patch +++ /dev/null @@ -1,82 +0,0 @@ -# HG changeset patch -# User Dario Faggioli -# Date 1355854218 0 -# Node ID 127c2c47d440eb7f3248ab5561909e326af7e328 -# Parent d5c0389bf26c89969ebce71927f34f6b923af949 -xen: sched_credit: improve picking up the idle CPU for a VCPU - -In _csched_cpu_pick() we try to select the best possible CPU for -running a VCPU, considering the characteristics of the underlying -hardware (i.e., how many threads, core, sockets, and how busy they -are). What we want is "the idle execution vehicle with the most -idling neighbours in its grouping". - -In order to achieve it, we select a CPU from the VCPU's affinity, -giving preference to its current processor if possible, as the basis -for the comparison with all the other CPUs. Problem is, to discount -the VCPU itself when computing this "idleness" (in an attempt to be -fair wrt its current processor), we arbitrarily and unconditionally -consider that selected CPU as idle, even when it is not the case, -for instance: - 1. If the CPU is not the one where the VCPU is running (perhaps due - to the affinity being changed); - 2. The CPU is where the VCPU is running, but it has other VCPUs in - its runq, so it won't go idle even if the VCPU in question goes. - -This is exemplified in the trace below: - -] 3.466115364 x|------|------| d10v1 22005(2:2:5) 3 [ a 1 8 ] - ... ... ... - 3.466122856 x|------|------| d10v1 runstate_change d10v1 - running->offline - 3.466123046 x|------|------| d?v? runstate_change d32767v0 - runnable->running - ... ... ... -] 3.466126887 x|------|------| d32767v0 28004(2:8:4) 3 [ a 1 8 ] - -22005(...) line (the first line) means _csched_cpu_pick() was called -on VCPU 1 of domain 10, while it is running on CPU 0, and it choose -CPU 8, which is busy ('|'), even if there are plenty of idle -CPUs. That is because, as a consequence of changing the VCPU affinity, -CPU 8 was chosen as the basis for the comparison, and therefore -considered idle (its bit gets unconditionally set in the bitmask -representing the idle CPUs). 28004(...) line means the VCPU is woken -up and queued on CPU 8's runq, where it waits for a context switch or -a migration, in order to be able to execute. - -This change fixes things by only considering the "guessed" CPU idle if -the VCPU in question is both running there and is its only runnable -VCPU. - -Signed-off-by: Dario Faggioli -Acked-by: George Dunlap -Committed-by: Keir Fraser - ---- a/xen/common/sched_credit.c -+++ b/xen/common/sched_credit.c -@@ -72,6 +72,9 @@ - #define CSCHED_VCPU(_vcpu) ((struct csched_vcpu *) (_vcpu)->sched_priv) - #define CSCHED_DOM(_dom) ((struct csched_dom *) (_dom)->sched_priv) - #define RUNQ(_cpu) (&(CSCHED_PCPU(_cpu)->runq)) -+/* Is the first element of _cpu's runq its idle vcpu? */ -+#define IS_RUNQ_IDLE(_cpu) (list_empty(RUNQ(_cpu)) || \ -+ is_idle_vcpu(__runq_elem(RUNQ(_cpu)->next)->vcpu)) - - - /* -@@ -487,9 +490,14 @@ _csched_cpu_pick(const struct scheduler - * distinct cores first and guarantees we don't do something stupid - * like run two VCPUs on co-hyperthreads while there are idle cores - * or sockets. -+ * -+ * Notice that, when computing the "idleness" of cpu, we may want to -+ * discount vc. That is, iff vc is the currently running and the only -+ * runnable vcpu on cpu, we add cpu to the idlers. - */ - cpumask_and(&idlers, &cpu_online_map, CSCHED_PRIV(ops)->idlers); -- cpumask_set_cpu(cpu, &idlers); -+ if ( vc->processor == cpu && IS_RUNQ_IDLE(cpu) ) -+ cpumask_set_cpu(cpu, &idlers); - cpumask_and(&cpus, &cpus, &idlers); - cpumask_clear_cpu(cpu, &cpus); - diff --git a/26294-x86-AMD-Fam15-way-access-filter.patch b/26294-x86-AMD-Fam15-way-access-filter.patch deleted file mode 100644 index 753b19b..0000000 --- a/26294-x86-AMD-Fam15-way-access-filter.patch +++ /dev/null @@ -1,71 +0,0 @@ -# HG changeset patch -# User Andre Przywara -# Date 1355913729 -3600 -# Node ID 5fb0b8b838dab0b331abfa675fd2b2214ac90760 -# Parent b04de677de31f26ba4b8f2f382ca4dfffcff9a79 -x86, amd: Disable way access filter on Piledriver CPUs - -The Way Access Filter in recent AMD CPUs may hurt the performance of -some workloads, caused by aliasing issues in the L1 cache. -This patch disables it on the affected CPUs. - -The issue is similar to that one of last year: -http://lkml.indiana.edu/hypermail/linux/kernel/1107.3/00041.html -This new patch does not replace the old one, we just need another -quirk for newer CPUs. - -The performance penalty without the patch depends on the -circumstances, but is a bit less than the last year's 3%. - -The workloads affected would be those that access code from the same -physical page under different virtual addresses, so different -processes using the same libraries with ASLR or multiple instances of -PIE-binaries. The code needs to be accessed simultaneously from both -cores of the same compute unit. - -More details can be found here: -http://developer.amd.com/Assets/SharedL1InstructionCacheonAMD15hCPU.pdf - -CPUs affected are anything with the core known as Piledriver. -That includes the new parts of the AMD A-Series (aka Trinity) and the -just released new CPUs of the FX-Series (aka Vishera). -The model numbering is a bit odd here: FX CPUs have model 2, -A-Series has model 10h, with possible extensions to 1Fh. Hence the -range of model ids. - -Signed-off-by: Andre Przywara - -Add and use MSR_AMD64_IC_CFG. Update the value whenever it is found to -not have all bits set, rather than just when it's zero. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser -Committed-by: Jan Beulich - ---- a/xen/arch/x86/cpu/amd.c -+++ b/xen/arch/x86/cpu/amd.c -@@ -493,6 +493,14 @@ static void __devinit init_amd(struct cp - } - } - -+ /* -+ * The way access filter has a performance penalty on some workloads. -+ * Disable it on the affected CPUs. -+ */ -+ if (c->x86 == 0x15 && c->x86_model >= 0x02 && c->x86_model < 0x20 && -+ !rdmsr_safe(MSR_AMD64_IC_CFG, value) && (value & 0x1e) != 0x1e) -+ wrmsr_safe(MSR_AMD64_IC_CFG, value | 0x1e); -+ - amd_get_topology(c); - - /* Pointless to use MWAIT on Family10 as it does not deep sleep. */ ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h -@@ -206,6 +206,7 @@ - - /* AMD64 MSRs */ - #define MSR_AMD64_NB_CFG 0xc001001f -+#define MSR_AMD64_IC_CFG 0xc0011021 - #define MSR_AMD64_DC_CFG 0xc0011022 - #define AMD64_NB_CFG_CF8_EXT_ENABLE_BIT 46 - diff --git a/26320-IOMMU-domctl-assign-seg.patch b/26320-IOMMU-domctl-assign-seg.patch deleted file mode 100644 index 7f6540d..0000000 --- a/26320-IOMMU-domctl-assign-seg.patch +++ /dev/null @@ -1,45 +0,0 @@ -# HG changeset patch -# User Andrew Cooper -# Date 1357290407 -3600 -# Node ID 8fd5635f451b073ddc99e928c975e8a7743d1321 -# Parent c4114a042410d3bdec3a77c30b2e85366d7fbe1d -passthrough/domctl: use correct struct in union - -This appears to be a copy paste error from c/s 23861:ec7c81fbe0de. - -It is safe, functionally speaking, as both the xen_domctl_assign_device -and xen_domctl_get_device_group structure start with a 'uint32_t -machine_sbdf'. We should however use the correct union structure. - -Signed-off-by: Andrew Cooper -Committed-by: Jan Beulich - ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -592,7 +592,7 @@ int iommu_do_domctl( - if ( ret ) - break; - -- seg = domctl->u.get_device_group.machine_sbdf >> 16; -+ seg = domctl->u.assign_device.machine_sbdf >> 16; - bus = (domctl->u.assign_device.machine_sbdf >> 8) & 0xff; - devfn = domctl->u.assign_device.machine_sbdf & 0xff; - -@@ -621,7 +621,7 @@ int iommu_do_domctl( - if ( ret ) - goto assign_device_out; - -- seg = domctl->u.get_device_group.machine_sbdf >> 16; -+ seg = domctl->u.assign_device.machine_sbdf >> 16; - bus = (domctl->u.assign_device.machine_sbdf >> 8) & 0xff; - devfn = domctl->u.assign_device.machine_sbdf & 0xff; - -@@ -649,7 +649,7 @@ int iommu_do_domctl( - if ( ret ) - goto deassign_device_out; - -- seg = domctl->u.get_device_group.machine_sbdf >> 16; -+ seg = domctl->u.assign_device.machine_sbdf >> 16; - bus = (domctl->u.assign_device.machine_sbdf >> 8) & 0xff; - devfn = domctl->u.assign_device.machine_sbdf & 0xff; - diff --git a/26324-IOMMU-assign-params.patch b/26324-IOMMU-assign-params.patch index 8ab8a97..b47596c 100644 --- a/26324-IOMMU-assign-params.patch +++ b/26324-IOMMU-assign-params.patch @@ -12,9 +12,11 @@ IOMMU: adjust (re)assign operation parameters Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c -@@ -328,34 +328,31 @@ void amd_iommu_disable_domain_device(str +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/pci_amd_iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/pci_amd_iommu.c +@@ -333,34 +333,31 @@ void amd_iommu_disable_domain_device(str disable_ats_device(iommu->seg, bus, devfn); } @@ -59,7 +61,7 @@ Acked-by: "Zhang, Xiantao" /* IO page tables might be destroyed after pci-detach the last device * In this case, we have to re-allocate root table for next pci-attach.*/ -@@ -364,17 +361,18 @@ static int reassign_device( struct domai +@@ -369,17 +366,18 @@ static int reassign_device( struct domai amd_iommu_setup_domain_device(target, iommu, bdf); AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", @@ -83,7 +85,7 @@ Acked-by: "Zhang, Xiantao" if ( ivrs_mappings[req_id].unity_map_enable ) { -@@ -386,7 +384,7 @@ static int amd_iommu_assign_device(struc +@@ -391,7 +389,7 @@ static int amd_iommu_assign_device(struc ivrs_mappings[req_id].read_permission); } @@ -92,7 +94,7 @@ Acked-by: "Zhang, Xiantao" } static void deallocate_next_page_table(struct page_info* pg, int level) -@@ -451,12 +449,6 @@ static void amd_iommu_domain_destroy(str +@@ -456,12 +454,6 @@ static void amd_iommu_domain_destroy(str amd_iommu_flush_all_pages(d); } @@ -105,7 +107,7 @@ Acked-by: "Zhang, Xiantao" static int amd_iommu_add_device(struct pci_dev *pdev) { struct amd_iommu *iommu; -@@ -596,7 +588,7 @@ const struct iommu_ops amd_iommu_ops = { +@@ -601,7 +593,7 @@ const struct iommu_ops amd_iommu_ops = { .teardown = amd_iommu_domain_destroy, .map_page = amd_iommu_map_page, .unmap_page = amd_iommu_unmap_page, @@ -114,8 +116,10 @@ Acked-by: "Zhang, Xiantao" .get_device_group_id = amd_iommu_group_id, .update_ire_from_apic = amd_iommu_ioapic_update_ire, .update_ire_from_msi = amd_iommu_msi_msg_update_ire, ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/iommu.c @@ -232,11 +232,16 @@ static int assign_device(struct domain * return -EXDEV; @@ -158,8 +162,10 @@ Acked-by: "Zhang, Xiantao" if ( ret ) { dprintk(XENLOG_ERR VTDPREFIX, ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -1689,17 +1689,10 @@ out: static int reassign_device_ownership( struct domain *source, @@ -203,7 +209,7 @@ Acked-by: "Zhang, Xiantao" return ret; } -@@ -2207,36 +2203,26 @@ int __init intel_vtd_setup(void) +@@ -2222,36 +2218,26 @@ int __init intel_vtd_setup(void) } static int intel_iommu_assign_device( @@ -247,8 +253,10 @@ Acked-by: "Zhang, Xiantao" { ret = 0; goto done; ---- a/xen/include/xen/iommu.h -+++ b/xen/include/xen/iommu.h +Index: xen-4.2.2-testing/xen/include/xen/iommu.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/iommu.h ++++ xen-4.2.2-testing/xen/include/xen/iommu.h @@ -123,13 +123,13 @@ struct iommu_ops { int (*add_device)(struct pci_dev *pdev); int (*enable_device)(struct pci_dev *pdev); diff --git a/26325-IOMMU-add-remove-params.patch b/26325-IOMMU-add-remove-params.patch index bd71ce8..326125d 100644 --- a/26325-IOMMU-add-remove-params.patch +++ b/26325-IOMMU-add-remove-params.patch @@ -12,8 +12,10 @@ IOMMU: adjust add/remove operation parameters Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/pci_amd_iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/pci_amd_iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/pci_amd_iommu.c @@ -83,14 +83,14 @@ static void disable_translation(u32 *dte } @@ -96,7 +98,7 @@ Acked-by: "Zhang, Xiantao" } int __init amd_iov_detect(void) -@@ -291,16 +290,16 @@ static void __init amd_iommu_dom0_init(s +@@ -296,16 +295,16 @@ static void __init amd_iommu_dom0_init(s } void amd_iommu_disable_domain_device(struct domain *domain, @@ -117,7 +119,7 @@ Acked-by: "Zhang, Xiantao" dte = iommu->dev_table.buffer + (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); spin_lock_irqsave(&iommu->lock, flags); -@@ -308,7 +307,7 @@ void amd_iommu_disable_domain_device(str +@@ -313,7 +312,7 @@ void amd_iommu_disable_domain_device(str { disable_translation((u32 *)dte); @@ -126,7 +128,7 @@ Acked-by: "Zhang, Xiantao" iommu_has_cap(iommu, PCI_CAP_IOTLB_SHIFT) ) iommu_dte_set_iotlb((u32 *)dte, 0); -@@ -323,7 +322,8 @@ void amd_iommu_disable_domain_device(str +@@ -328,7 +327,8 @@ void amd_iommu_disable_domain_device(str ASSERT(spin_is_locked(&pcidevs_lock)); @@ -136,7 +138,7 @@ Acked-by: "Zhang, Xiantao" pci_ats_enabled(iommu->seg, bus, devfn) ) disable_ats_device(iommu->seg, bus, devfn); } -@@ -346,7 +346,7 @@ static int reassign_device(struct domain +@@ -351,7 +351,7 @@ static int reassign_device(struct domain return -ENODEV; } @@ -145,7 +147,7 @@ Acked-by: "Zhang, Xiantao" if ( devfn == pdev->devfn ) { -@@ -359,7 +359,7 @@ static int reassign_device(struct domain +@@ -364,7 +364,7 @@ static int reassign_device(struct domain if ( t->root_table == NULL ) allocate_domain_resources(t); @@ -154,7 +156,7 @@ Acked-by: "Zhang, Xiantao" AMD_IOMMU_DEBUG("Re-assign %04x:%02x:%02x.%u from dom%d to dom%d\n", pdev->seg, pdev->bus, PCI_SLOT(devfn), PCI_FUNC(devfn), source->domain_id, target->domain_id); -@@ -449,7 +449,7 @@ static void amd_iommu_domain_destroy(str +@@ -454,7 +454,7 @@ static void amd_iommu_domain_destroy(str amd_iommu_flush_all_pages(d); } @@ -163,7 +165,7 @@ Acked-by: "Zhang, Xiantao" { struct amd_iommu *iommu; u16 bdf; -@@ -462,16 +462,16 @@ static int amd_iommu_add_device(struct p +@@ -467,16 +467,16 @@ static int amd_iommu_add_device(struct p { AMD_IOMMU_DEBUG("Fail to find iommu." " %04x:%02x:%02x.%u cannot be assigned to dom%d\n", @@ -184,7 +186,7 @@ Acked-by: "Zhang, Xiantao" { struct amd_iommu *iommu; u16 bdf; -@@ -484,12 +484,12 @@ static int amd_iommu_remove_device(struc +@@ -489,12 +489,12 @@ static int amd_iommu_remove_device(struc { AMD_IOMMU_DEBUG("Fail to find iommu." " %04x:%02x:%02x.%u cannot be removed from dom%d\n", @@ -200,8 +202,10 @@ Acked-by: "Zhang, Xiantao" return 0; } ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/iommu.c @@ -167,7 +167,7 @@ int iommu_add_device(struct pci_dev *pde if ( !iommu_enabled || !hd->platform_ops ) return 0; @@ -220,8 +224,10 @@ Acked-by: "Zhang, Xiantao" } /* ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c @@ -715,7 +715,7 @@ int __init scan_pci_devices(void) struct setup_dom0 { @@ -249,8 +255,10 @@ Acked-by: "Zhang, Xiantao" { struct setup_dom0 ctxt = { .d = d, .handler = handler }; ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -52,7 +52,7 @@ int nr_iommus; static struct tasklet vtd_fault_tasklet; @@ -260,7 +268,7 @@ Acked-by: "Zhang, Xiantao" static void setup_dom0_rmrr(struct domain *d); static int domain_iommu_domid(struct domain *d, -@@ -1904,7 +1904,7 @@ static int rmrr_identity_mapping(struct +@@ -1904,7 +1904,7 @@ static int rmrr_identity_mapping(struct return 0; } @@ -326,8 +334,10 @@ Acked-by: "Zhang, Xiantao" } void clear_fault_bits(struct iommu *iommu) ---- a/xen/include/xen/iommu.h -+++ b/xen/include/xen/iommu.h +Index: xen-4.2.2-testing/xen/include/xen/iommu.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/iommu.h ++++ xen-4.2.2-testing/xen/include/xen/iommu.h @@ -120,9 +120,9 @@ bool_t pt_irq_need_timer(uint32_t flags) struct iommu_ops { int (*init)(struct domain *d); @@ -340,9 +350,11 @@ Acked-by: "Zhang, Xiantao" int (*assign_device)(struct domain *, u8 devfn, struct pci_dev *); void (*teardown)(struct domain *d); int (*map_page)(struct domain *d, unsigned long gfn, unsigned long mfn, ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -100,7 +100,8 @@ struct pci_dev *pci_lock_pdev(int seg, i +Index: xen-4.2.2-testing/xen/include/xen/pci.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci.h ++++ xen-4.2.2-testing/xen/include/xen/pci.h +@@ -101,7 +101,8 @@ struct pci_dev *pci_lock_pdev(int seg, i struct pci_dev *pci_lock_domain_pdev( struct domain *, int seg, int bus, int devfn); diff --git a/26326-VT-d-context-map-params.patch b/26326-VT-d-context-map-params.patch index 15b0565..b466a03 100644 --- a/26326-VT-d-context-map-params.patch +++ b/26326-VT-d-context-map-params.patch @@ -12,8 +12,10 @@ VT-d: adjust context map/unmap parameters Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/vtd/extern.h -+++ b/xen/drivers/passthrough/vtd/extern.h +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/extern.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/extern.h ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/extern.h @@ -95,7 +95,7 @@ void free_pgtable_maddr(u64 maddr); void *map_vtd_domain_page(u64 maddr); void unmap_vtd_domain_page(void *va); @@ -23,8 +25,10 @@ Acked-by: "Zhang, Xiantao" int domain_context_unmap_one(struct domain *domain, struct iommu *iommu, u8 bus, u8 devfn); ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -1308,7 +1308,7 @@ static void __init intel_iommu_dom0_init int domain_context_mapping_one( struct domain *domain, @@ -157,7 +161,7 @@ Acked-by: "Zhang, Xiantao" if ( ret ) { dprintk(XENLOG_ERR VTDPREFIX, "d%d: context mapping failed\n", -@@ -1975,14 +1973,14 @@ static int intel_iommu_remove_device(u8 +@@ -1975,14 +1973,14 @@ static int intel_iommu_remove_device(u8 } } @@ -174,9 +178,11 @@ Acked-by: "Zhang, Xiantao" if ( !err && devfn == pdev->devfn ) pci_vtd_quirk(pdev); return err; ---- a/xen/drivers/passthrough/vtd/quirks.c -+++ b/xen/drivers/passthrough/vtd/quirks.c -@@ -292,7 +292,7 @@ static void map_me_phantom_function(stru +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/quirks.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/quirks.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/quirks.c +@@ -319,7 +319,7 @@ static void map_me_phantom_function(stru /* map or unmap ME phantom function */ if ( map ) domain_context_mapping_one(domain, drhd->iommu, 0, diff --git a/26328-IOMMU-pdev-type.patch b/26328-IOMMU-pdev-type.patch index 6625797..6f07298 100644 --- a/26328-IOMMU-pdev-type.patch +++ b/26328-IOMMU-pdev-type.patch @@ -18,8 +18,10 @@ how to deal with such a device, and hence shouldn't try to). Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c @@ -144,7 +144,7 @@ static struct pci_dev *alloc_pdev(struct spin_lock_init(&pdev->msix_table_lock); @@ -83,8 +85,10 @@ Acked-by: "Zhang, Xiantao" } return pos ? DEV_TYPE_PCIe_ENDPOINT : DEV_TYPE_PCI; ---- a/xen/drivers/passthrough/vtd/intremap.c -+++ b/xen/drivers/passthrough/vtd/intremap.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/intremap.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/intremap.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/intremap.c @@ -426,7 +426,6 @@ void io_apic_write_remap_rte( static void set_msi_source_id(struct pci_dev *pdev, struct iremap_entry *ire) @@ -112,8 +116,10 @@ Acked-by: "Zhang, Xiantao" seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); break; } ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/vtd/iommu.c @@ -1450,7 +1450,6 @@ static int domain_context_mapping( { struct acpi_drhd_unit *drhd; @@ -168,9 +174,11 @@ Acked-by: "Zhang, Xiantao" seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); ret = -EINVAL; goto out; ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -62,6 +62,17 @@ struct pci_dev { +Index: xen-4.2.2-testing/xen/include/xen/pci.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci.h ++++ xen-4.2.2-testing/xen/include/xen/pci.h +@@ -63,6 +63,17 @@ struct pci_dev { const u16 seg; const u8 bus; const u8 devfn; @@ -188,7 +196,7 @@ Acked-by: "Zhang, Xiantao" struct pci_dev_info info; struct arch_pci_dev arch; struct { -@@ -83,18 +94,10 @@ struct pci_dev { +@@ -84,18 +95,10 @@ struct pci_dev { extern spinlock_t pcidevs_lock; @@ -208,8 +216,10 @@ Acked-by: "Zhang, Xiantao" int find_upstream_bridge(u16 seg, u8 *bus, u8 *devfn, u8 *secbus); struct pci_dev *pci_lock_pdev(int seg, int bus, int devfn); struct pci_dev *pci_lock_domain_pdev( ---- a/xen/include/xen/pci_regs.h -+++ b/xen/include/xen/pci_regs.h +Index: xen-4.2.2-testing/xen/include/xen/pci_regs.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci_regs.h ++++ xen-4.2.2-testing/xen/include/xen/pci_regs.h @@ -371,6 +371,9 @@ #define PCI_EXP_TYPE_UPSTREAM 0x5 /* Upstream Port */ #define PCI_EXP_TYPE_DOWNSTREAM 0x6 /* Downstream Port */ diff --git a/26329-IOMMU-phantom-dev.patch b/26329-IOMMU-phantom-dev.patch index 0874b83..569202b 100644 --- a/26329-IOMMU-phantom-dev.patch +++ b/26329-IOMMU-phantom-dev.patch @@ -18,8 +18,10 @@ function number, would return the underlying actual device. Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/xen/drivers/passthrough/amd/iommu_cmd.c -+++ b/xen/drivers/passthrough/amd/iommu_cmd.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_cmd.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/iommu_cmd.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_cmd.c @@ -339,7 +339,15 @@ static void amd_iommu_flush_all_iotlbs(s return; @@ -37,8 +39,10 @@ Acked-by: "Zhang, Xiantao" } /* Flush iommu cache after p2m changes. */ ---- a/xen/drivers/passthrough/amd/iommu_init.c -+++ b/xen/drivers/passthrough/amd/iommu_init.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_init.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/iommu_init.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_init.c @@ -692,7 +692,7 @@ void parse_ppr_log_entry(struct amd_iomm devfn = PCI_DEVFN2(device_id); @@ -48,8 +52,10 @@ Acked-by: "Zhang, Xiantao" spin_unlock(&pcidevs_lock); if ( pdev ) ---- a/xen/drivers/passthrough/amd/iommu_map.c -+++ b/xen/drivers/passthrough/amd/iommu_map.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_map.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/amd/iommu_map.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/amd/iommu_map.c @@ -612,7 +612,6 @@ static int update_paging_mode(struct dom for_each_pdev( d, pdev ) { @@ -64,25 +70,23 @@ Acked-by: "Zhang, Xiantao" spin_lock_irqsave(&iommu->lock, flags); - device_entry = iommu->dev_table.buffer + - (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); -- ++ do { ++ req_id = get_dma_requestor_id(pdev->seg, bdf); ++ device_entry = iommu->dev_table.buffer + ++ (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); + - /* valid = 0 only works for dom0 passthrough mode */ - amd_iommu_set_root_page_table((u32 *)device_entry, - page_to_maddr(hd->root_table), - hd->domain_id, - hd->paging_mode, 1); -- -- amd_iommu_flush_device(iommu, req_id); -+ do { -+ req_id = get_dma_requestor_id(pdev->seg, bdf); -+ device_entry = iommu->dev_table.buffer + -+ (req_id * IOMMU_DEV_TABLE_ENTRY_SIZE); -+ + /* valid = 0 only works for dom0 passthrough mode */ + amd_iommu_set_root_page_table((u32 *)device_entry, + page_to_maddr(hd->root_table), + hd->domain_id, + hd->paging_mode, 1); -+ + +- amd_iommu_flush_device(iommu, req_id); + amd_iommu_flush_device(iommu, req_id); + bdf += pdev->phantom_stride; + } while ( PCI_DEVFN2(bdf) != pdev->devfn && @@ -90,8 +94,10 @@ Acked-by: "Zhang, Xiantao" spin_unlock_irqrestore(&iommu->lock, flags); } ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/iommu.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/iommu.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/iommu.c @@ -157,6 +157,8 @@ void __init iommu_dom0_init(struct domai int iommu_add_device(struct pci_dev *pdev) { @@ -196,8 +202,10 @@ Acked-by: "Zhang, Xiantao" ret = hd->platform_ops->reassign_device(d, dom0, devfn, pdev); if ( ret ) { ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c @@ -146,6 +146,8 @@ static struct pci_dev *alloc_pdev(struct /* update bus2bridge */ switch ( pdev->type = pdev_type(pseg->nr, bus, devfn) ) @@ -332,9 +340,11 @@ Acked-by: "Zhang, Xiantao" } } ---- a/xen/include/xen/lib.h -+++ b/xen/include/xen/lib.h -@@ -58,6 +58,9 @@ do { +Index: xen-4.2.2-testing/xen/include/xen/lib.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/lib.h ++++ xen-4.2.2-testing/xen/include/xen/lib.h +@@ -58,6 +58,9 @@ do { #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + __must_be_array(x)) @@ -344,9 +354,11 @@ Acked-by: "Zhang, Xiantao" #define reserve_bootmem(_p,_l) ((void)0) struct domain; ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -63,6 +63,8 @@ struct pci_dev { +Index: xen-4.2.2-testing/xen/include/xen/pci.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/pci.h ++++ xen-4.2.2-testing/xen/include/xen/pci.h +@@ -64,6 +64,8 @@ struct pci_dev { const u8 bus; const u8 devfn; @@ -355,7 +367,7 @@ Acked-by: "Zhang, Xiantao" enum pdev_type { DEV_TYPE_PCI_UNKNOWN, DEV_TYPE_PCIe_ENDPOINT, -@@ -113,6 +115,7 @@ int pci_remove_device(u16 seg, u8 bus, u +@@ -114,6 +116,7 @@ int pci_remove_device(u16 seg, u8 bus, u int pci_ro_device(int seg, int bus, int devfn); void arch_pci_ro_device(int seg, int bdf); struct pci_dev *pci_get_pdev(int seg, int bus, int devfn); diff --git a/26331-IOMMU-phantom-dev-quirk.patch b/26331-IOMMU-phantom-dev-quirk.patch index 529dcea..d46b609 100644 --- a/26331-IOMMU-phantom-dev-quirk.patch +++ b/26331-IOMMU-phantom-dev-quirk.patch @@ -14,9 +14,11 @@ single function devices. Signed-off-by: Jan Beulich Acked-by: "Zhang, Xiantao" ---- a/docs/misc/xen-command-line.markdown -+++ b/docs/misc/xen-command-line.markdown -@@ -672,6 +672,16 @@ Defaults to booting secondary processors +Index: xen-4.2.2-testing/docs/misc/xen-command-line.markdown +=================================================================== +--- xen-4.2.2-testing.orig/docs/misc/xen-command-line.markdown ++++ xen-4.2.2-testing/docs/misc/xen-command-line.markdown +@@ -679,6 +679,16 @@ Defaults to booting secondary processors Default: `on` @@ -33,9 +35,11 @@ Acked-by: "Zhang, Xiantao" ### ple\_gap > `= ` ---- a/xen/drivers/passthrough/pci.c -+++ b/xen/drivers/passthrough/pci.c -@@ -123,6 +123,49 @@ const unsigned long *pci_get_ro_map(u16 +Index: xen-4.2.2-testing/xen/drivers/passthrough/pci.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/drivers/passthrough/pci.c ++++ xen-4.2.2-testing/xen/drivers/passthrough/pci.c +@@ -123,6 +123,49 @@ const unsigned long *pci_get_ro_map(u16 return pseg ? pseg->ro_map : NULL; } diff --git a/26332-x86-compat-show-guest-stack-mfn.patch b/26332-x86-compat-show-guest-stack-mfn.patch deleted file mode 100644 index 204f108..0000000 --- a/26332-x86-compat-show-guest-stack-mfn.patch +++ /dev/null @@ -1,30 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1357561709 -3600 -# Node ID 8e942f2f3b45edc5bb1f7a6e05de288342426f0d -# Parent 23c4bbc0111dd807561b2c62cbc5798220943a0d -x86: compat_show_guest_stack() should not truncate MFN - -Re-using "addr" here was a mistake, as it is a 32-bit quantity. - -Signed-off-by: Jan Beulich -Acked-by: Ian Campbell -Acked-by: Keir Fraser - ---- a/xen/arch/x86/x86_64/compat/traps.c -+++ b/xen/arch/x86/x86_64/compat/traps.c -@@ -20,11 +20,12 @@ void compat_show_guest_stack(struct vcpu - if ( v != current ) - { - struct vcpu *vcpu; -+ unsigned long mfn; - - ASSERT(guest_kernel_mode(v, regs)); -- addr = read_cr3() >> PAGE_SHIFT; -+ mfn = read_cr3() >> PAGE_SHIFT; - for_each_vcpu( v->domain, vcpu ) -- if ( pagetable_get_pfn(vcpu->arch.guest_table) == addr ) -+ if ( pagetable_get_pfn(vcpu->arch.guest_table) == mfn ) - break; - if ( !vcpu ) - { diff --git a/26333-x86-get_page_type-assert.patch b/26333-x86-get_page_type-assert.patch deleted file mode 100644 index f0468ec..0000000 --- a/26333-x86-get_page_type-assert.patch +++ /dev/null @@ -1,30 +0,0 @@ -References: CVE-2013-0154 XSA-37 bnc#797031 - -# HG changeset patch -# User Jan Beulich -# Date 1357564826 -3600 -# Node ID e1facbde56ff4e5e85f9a4935abc99eb24367cd0 -# Parent 8e942f2f3b45edc5bb1f7a6e05de288342426f0d -x86: fix assertion in get_page_type() - -c/s 22998:e9fab50d7b61 (and immediately following ones) made it -possible that __get_page_type() returns other than -EINVAL, in -particular -EBUSY. Consequently, the assertion in get_page_type() -should check for only the return values we absolutely don't expect to -see there. - -This is XSA-37 / CVE-2013-0154. - -Signed-off-by: Jan Beulich - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -2603,7 +2603,7 @@ int get_page_type(struct page_info *page - int rc = __get_page_type(page, type, 0); - if ( likely(rc == 0) ) - return 1; -- ASSERT(rc == -EINVAL); -+ ASSERT(rc != -EINTR && rc != -EAGAIN); - return 0; - } - diff --git a/26340-VT-d-intremap-verify-legacy-bridge.patch b/26340-VT-d-intremap-verify-legacy-bridge.patch deleted file mode 100644 index d73a452..0000000 --- a/26340-VT-d-intremap-verify-legacy-bridge.patch +++ /dev/null @@ -1,27 +0,0 @@ -References: CVE-2012-5634 XSA-33 bnc#794316 - -# HG changeset patch -# User Jan Beulich -# Date 1357748006 -3600 -# Node ID 19fd1237ff0dfa3d97a896d6ed6fbbd33f816a9f -# Parent 56b0d5476c11bfd09986080dfa97923586ef474f -VT-d: fix interrupt remapping source validation for devices behind legacy bridges - -Using SVT_VERIFY_BUS here doesn't make sense; native Linux also -uses SVT_VERIFY_SID_SQ here instead. - -This is XSA-33 / CVE-2012-5634. - -Signed-off-by: Jan Beulich - ---- a/xen/drivers/passthrough/vtd/intremap.c -+++ b/xen/drivers/passthrough/vtd/intremap.c -@@ -469,7 +469,7 @@ static void set_msi_source_id(struct pci - set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, - (bus << 8) | pdev->bus); - else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE ) -- set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, -+ set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, - PCI_BDF2(bus, devfn)); - } - break; diff --git a/26369-libxl-devid.patch b/26369-libxl-devid.patch index 027630e..329159f 100644 --- a/26369-libxl-devid.patch +++ b/26369-libxl-devid.patch @@ -13,11 +13,11 @@ Date: Fri Jan 11 12:22:26 2013 +0000 Acked-by: Ian Campbell Committed-by: Ian Campbell -Index: xen-4.2.1-testing/tools/libxl/libxl.c +Index: xen-4.2.2-testing/tools/libxl/libxl.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl.c -+++ xen-4.2.1-testing/tools/libxl/libxl.c -@@ -1727,6 +1727,26 @@ out: +--- xen-4.2.2-testing.orig/tools/libxl/libxl.c ++++ xen-4.2.2-testing/tools/libxl/libxl.c +@@ -1710,6 +1710,26 @@ out: return; } @@ -44,7 +44,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c /******************************************************************************/ int libxl__device_disk_setdefault(libxl__gc *gc, libxl_device_disk *disk) -@@ -2563,8 +2583,7 @@ void libxl__device_nic_add(libxl__egc *e +@@ -2549,8 +2569,7 @@ void libxl__device_nic_add(libxl__egc *e flexarray_t *front; flexarray_t *back; libxl__device *device; @@ -54,7 +54,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c rc = libxl__device_nic_setdefault(gc, nic, domid); if (rc) goto out; -@@ -2581,16 +2600,10 @@ void libxl__device_nic_add(libxl__egc *e +@@ -2567,17 +2586,10 @@ void libxl__device_nic_add(libxl__egc *e } if (nic->devid == -1) { @@ -64,7 +64,8 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c goto out_free; } - if (!(l = libxl__xs_directory(gc, XBT_NULL, -- libxl__sprintf(gc, "%s/device/vif", dompath), &nb))) { +- libxl__sprintf(gc, "%s/device/vif", dompath), &nb)) || +- nb == 0) { - nic->devid = 0; - } else { - nic->devid = strtoul(l[nb - 1], NULL, 10) + 1; @@ -72,7 +73,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c } GCNEW(device); -@@ -2977,6 +2990,13 @@ int libxl__device_vkb_add(libxl__gc *gc, +@@ -2964,6 +2976,13 @@ int libxl__device_vkb_add(libxl__gc *gc, goto out_free; } @@ -86,7 +87,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.c rc = libxl__device_from_vkb(gc, domid, vkb, &device); if (rc != 0) goto out_free; -@@ -3078,6 +3098,13 @@ int libxl__device_vfb_add(libxl__gc *gc, +@@ -3065,6 +3084,13 @@ int libxl__device_vfb_add(libxl__gc *gc, goto out_free; } diff --git a/26395-x86-FPU-context-conditional.patch b/26395-x86-FPU-context-conditional.patch deleted file mode 100644 index fb226a4..0000000 --- a/26395-x86-FPU-context-conditional.patch +++ /dev/null @@ -1,46 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1358341015 -3600 -# Node ID b4cbb83f9a1f57b4f26f2d35998cda42b904ea69 -# Parent 327b812026fe62a990f1d81041729c42196983ca -x86: consistently mask floating point exceptions - -c/s 23142:f5e8d152a565 resulted in v->arch.fpu_ctxt to point into the -save area allocated for xsave/xrstor (when they're available). The way -vcpu_restore_fpu_lazy() works (using fpu_init() for an uninitialized -vCPU only when there's no xsave support) causes this to load whatever -arch_set_info_guest() put there, irrespective of whether the i387 state -was specified to be valid in the respective input structure. - -Consequently, with a cleared (al zeroes) incoming FPU context, and with -xsave available, one gets all exceptions unmasked (as opposed to to the -legacy case, where FINIT and LDMXCSR get used, masking all exceptions). -This causes e.g. para-virtualized NetWare to crash. - -The behavior of arch_set_info_guest() is thus being made more hardware- -like for the FPU portion of it: Considering it to be similar to INIT, -it will leave untouched all floating point state now. An alternative -would be to make the behavior RESET-like, forcing all state to known -values, albeit - taking into account legacy behavior - not to precisely -the values RESET would enforce (which masks only SSE exceptions, but -not x87 ones); that would come closest to mimicing FINIT behavior in -the xsave case. Another option would be to continue copying whatever -was provided, but override (at least) FCW and MXCSR if VGCF_I387_VALID -isn't set. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -819,7 +819,9 @@ int arch_set_info_guest( - - v->arch.vgc_flags = flags; - -- memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt)); -+ if ( flags & VGCF_I387_VALID ) -+ memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt)); -+ - if ( !compat ) - { - memcpy(&v->arch.user_regs, &c.nat->user_regs, sizeof(c.nat->user_regs)); diff --git a/26404-x86-forward-both-NMI-kinds.patch b/26404-x86-forward-both-NMI-kinds.patch index 2483a2c..93e8031 100644 --- a/26404-x86-forward-both-NMI-kinds.patch +++ b/26404-x86-forward-both-NMI-kinds.patch @@ -14,9 +14,11 @@ Signed-off-by: Jan Beulich Acked-by: Andrew Cooper Acked-by: Keir Fraser ---- a/xen/arch/x86/traps.c -+++ b/xen/arch/x86/traps.c -@@ -3357,10 +3357,10 @@ void do_nmi(struct cpu_user_regs *regs) +Index: xen-4.2.2-testing/xen/arch/x86/traps.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/traps.c ++++ xen-4.2.2-testing/xen/arch/x86/traps.c +@@ -3369,10 +3369,10 @@ void do_nmi(struct cpu_user_regs *regs) reason = inb(0x61); if ( reason & 0x80 ) pci_serr_error(regs); diff --git a/26427-x86-AMD-enable-WC+.patch b/26427-x86-AMD-enable-WC+.patch deleted file mode 100644 index 49274f0..0000000 --- a/26427-x86-AMD-enable-WC+.patch +++ /dev/null @@ -1,51 +0,0 @@ -# HG changeset patch -# User Boris Ostrovsky -# Date 1358508058 -3600 -# Node ID 8f6dd5dc5d6cdd56050ed917a0c30903bbddcbf0 -# Parent eb8e9a23925d7b77c344a4a99679a45f96754a17 -x86/AMD: Enable WC+ memory type on family 10 processors - -In some cases BIOS may not enable WC+ memory type on family 10 processors, -instead converting what would be WC+ memory to CD type. On guests using -nested pages this could result in performance degradation. This patch -enables WC+. - -Signed-off-by: Boris Ostrovsky -Committed-by: Jan Beulich - ---- a/xen/arch/x86/cpu/amd.c -+++ b/xen/arch/x86/cpu/amd.c -@@ -534,6 +534,19 @@ static void __devinit init_amd(struct cp - } - #endif - -+ if (c->x86 == 0x10) { -+ /* -+ * On family 10h BIOS may not have properly enabled WC+ -+ * support, causing it to be converted to CD memtype. This may -+ * result in performance degradation for certain nested-paging -+ * guests. Prevent this conversion by clearing bit 24 in -+ * MSR_F10_BU_CFG2. -+ */ -+ rdmsrl(MSR_F10_BU_CFG2, value); -+ value &= ~(1ULL << 24); -+ wrmsrl(MSR_F10_BU_CFG2, value); -+ } -+ - /* - * Family 0x12 and above processors have APIC timer - * running in deep C states. ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h -@@ -215,8 +215,9 @@ - #define MSR_F10_MC4_MISC2 0xc0000409 - #define MSR_F10_MC4_MISC3 0xc000040A - --/* AMD Family10h MMU control MSRs */ --#define MSR_F10_BU_CFG 0xc0011023 -+/* AMD Family10h Bus Unit MSRs */ -+#define MSR_F10_BU_CFG 0xc0011023 -+#define MSR_F10_BU_CFG2 0xc001102a - - /* Other AMD Fam10h MSRs */ - #define MSR_FAM10H_MMIO_CONF_BASE 0xc0010058 diff --git a/26428-x86-HVM-RTC-update.patch b/26428-x86-HVM-RTC-update.patch deleted file mode 100644 index b001859..0000000 --- a/26428-x86-HVM-RTC-update.patch +++ /dev/null @@ -1,38 +0,0 @@ -# HG changeset patch -# User Tim Deegan -# Date 1358508717 -3600 -# Node ID 9e8c39bdc1fedd5dfc5aa7209cc5f77f813476c7 -# Parent 8f6dd5dc5d6cdd56050ed917a0c30903bbddcbf0 -x86/hvm: fix RTC setting. - -When the guest writes one field of the RTC time, we must bring all the -other fields up to date for the current second before calculating the -new RTC time. - -Signed-off-by: Tim Deegan -Tested-by: Phil Evans -Committed-by: Jan Beulich - ---- a/xen/arch/x86/hvm/rtc.c -+++ b/xen/arch/x86/hvm/rtc.c -@@ -399,10 +399,17 @@ static int rtc_ioport_write(void *opaque - case RTC_DAY_OF_MONTH: - case RTC_MONTH: - case RTC_YEAR: -- s->hw.cmos_data[s->hw.cmos_index] = data; -- /* if in set mode, do not update the time */ -- if ( !(s->hw.cmos_data[RTC_REG_B] & RTC_SET) ) -+ /* if in set mode, just write the register */ -+ if ( (s->hw.cmos_data[RTC_REG_B] & RTC_SET) ) -+ s->hw.cmos_data[s->hw.cmos_index] = data; -+ else -+ { -+ /* Fetch the current time and update just this field. */ -+ s->current_tm = gmtime(get_localtime(d)); -+ rtc_copy_date(s); -+ s->hw.cmos_data[s->hw.cmos_index] = data; - rtc_set_time(s); -+ } - alarm_timer_update(s); - break; - case RTC_REG_A: diff --git a/26440-x86-forward-SERR.patch b/26440-x86-forward-SERR.patch deleted file mode 100644 index 8f70343..0000000 --- a/26440-x86-forward-SERR.patch +++ /dev/null @@ -1,72 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1358843590 -3600 -# Node ID 5af4f2ab06f33ce441fa550333a9049c09a9ef28 -# Parent 4b476378fc35e776196c29dc0e24b71529393a4c -x86: restore (optional) forwarding of PCI SERR induced NMI to Dom0 - -c/s 22949:54fe1011f86b removed the forwarding of NMIs to Dom0 when they -were caused by PCI SERR. NMI buttons as well as BMCs (like HP's iLO) -may however want such events to be seen in Dom0 (e.g. to trigger a -dump). - -Therefore restore most of the functionality which named c/s removed -(adjusted for subsequent changes, and adjusting the public interface to -use the modern term, retaining the old one for backwards -compatibility). - -Signed-off-by: Jan Beulich -Acked-by: Stefano Stabellini -Acked-by: Keir Fraser - ---- a/xen/arch/x86/traps.c -+++ b/xen/arch/x86/traps.c -@@ -3201,6 +3201,7 @@ static void nmi_mce_softirq(void) - static void pci_serr_softirq(void) - { - printk("\n\nNMI - PCI system error (SERR)\n"); -+ outb(inb(0x61) & 0x0b, 0x61); /* re-enable the PCI SERR error line. */ - } - - void async_exception_cleanup(struct vcpu *curr) -@@ -3291,9 +3292,20 @@ static void pci_serr_error(struct cpu_us - { - outb((inb(0x61) & 0x0f) | 0x04, 0x61); /* clear-and-disable the PCI SERR error line. */ - -- /* Would like to print a diagnostic here but can't call printk() -- from NMI context -- raise a softirq instead. */ -- raise_softirq(PCI_SERR_SOFTIRQ); -+ switch ( opt_nmi[0] ) -+ { -+ case 'd': /* 'dom0' */ -+ nmi_dom0_report(_XEN_NMIREASON_pci_serr); -+ case 'i': /* 'ignore' */ -+ /* Would like to print a diagnostic here but can't call printk() -+ from NMI context -- raise a softirq instead. */ -+ raise_softirq(PCI_SERR_SOFTIRQ); -+ break; -+ default: /* 'fatal' */ -+ console_force_unlock(); -+ printk("\n\nNMI - PCI system error (SERR)\n"); -+ fatal_trap(TRAP_nmi, regs); -+ } - } - - static void io_check_error(struct cpu_user_regs *regs) ---- a/xen/include/public/nmi.h -+++ b/xen/include/public/nmi.h -@@ -36,9 +36,14 @@ - /* I/O-check error reported via ISA port 0x61, bit 6. */ - #define _XEN_NMIREASON_io_error 0 - #define XEN_NMIREASON_io_error (1UL << _XEN_NMIREASON_io_error) -+ /* PCI SERR reported via ISA port 0x61, bit 7. */ -+#define _XEN_NMIREASON_pci_serr 1 -+#define XEN_NMIREASON_pci_serr (1UL << _XEN_NMIREASON_pci_serr) -+#if __XEN_INTERFACE_VERSION__ < 0x00040300 /* legacy alias of the above */ - /* Parity error reported via ISA port 0x61, bit 7. */ - #define _XEN_NMIREASON_parity_error 1 - #define XEN_NMIREASON_parity_error (1UL << _XEN_NMIREASON_parity_error) -+#endif - /* Unknown hardware-generated NMI. */ - #define _XEN_NMIREASON_unknown 2 - #define XEN_NMIREASON_unknown (1UL << _XEN_NMIREASON_unknown) diff --git a/26443-ACPI-zap-DMAR.patch b/26443-ACPI-zap-DMAR.patch deleted file mode 100644 index fe6f386..0000000 --- a/26443-ACPI-zap-DMAR.patch +++ /dev/null @@ -1,149 +0,0 @@ -# HG changeset patch -# User Tomasz Wroblewski -# Date 1358933464 -3600 -# Node ID 9efe4c0bf9c8d3ecf03868c69c24dad3218523a4 -# Parent 7c6ecf2c1831a1c7f63a96f119a8891891463e54 -fix acpi_dmar_zap/reinstate() (fixes S3 regression) - -Fix S3 regression introduced by cs 23013:65d26504e843 (ACPI: large -cleanup). The dmar virtual pointer returned from acpi_get_table cannot -be safely stored away and used later, as the underlying -acpi_os_map_memory / __acpi_map_table functions overwrite the mapping -causing it to point to different tables than dmar (last fetched table is -used). This subsequently causes acpi_dmar_reinstate() and -acpi_dmar_zap() to write data to wrong table, causing its corruption and -problems with consecutive s3 resumes. - -Added a new function to fetch ACPI table physical address, and -establishing separate static mapping for dmar_table pointer instead of -using acpi_get_table(). - -Signed-off-by: Tomasz Wroblewski - -Added call to acpi_tb_verify_table(). Fixed page count passed to -map_pages_to_xen(). Cosmetic changes. - -Signed-off-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/xen/drivers/acpi/tables/tbxface.c -+++ b/xen/drivers/acpi/tables/tbxface.c -@@ -205,3 +205,51 @@ acpi_get_table(char *signature, - - return (AE_NOT_FOUND); - } -+ -+/****************************************************************************** -+ * -+ * FUNCTION: acpi_get_table_phys -+ * -+ * PARAMETERS: signature - ACPI signature of needed table -+ * instance - Which instance (for SSDTs) -+ * addr - Where the table's physical address is returned -+ * len - Where the length of table is returned -+ * -+ * RETURN: Status, pointer and length of table -+ * -+ * DESCRIPTION: Finds physical address and length of ACPI table -+ * -+ *****************************************************************************/ -+acpi_status __init -+acpi_get_table_phys(acpi_string signature, acpi_native_uint instance, -+ acpi_physical_address *addr, acpi_native_uint *len) -+{ -+ acpi_native_uint i, j; -+ acpi_status status; -+ -+ if (!signature || !addr || !len) -+ return AE_BAD_PARAMETER; -+ -+ for (i = j = 0; i < acpi_gbl_root_table_list.count; i++) { -+ if (!ACPI_COMPARE_NAME( -+ &acpi_gbl_root_table_list.tables[i].signature, -+ signature)) -+ continue; -+ -+ if (++j < instance) -+ continue; -+ -+ status = -+ acpi_tb_verify_table(&acpi_gbl_root_table_list.tables[i]); -+ if (ACPI_SUCCESS(status)) { -+ *addr = acpi_gbl_root_table_list.tables[i].address; -+ *len = acpi_gbl_root_table_list.tables[i].length; -+ } -+ -+ acpi_gbl_root_table_list.tables[i].pointer = NULL; -+ -+ return status; -+ } -+ -+ return AE_NOT_FOUND; -+} ---- a/xen/drivers/passthrough/vtd/dmar.c -+++ b/xen/drivers/passthrough/vtd/dmar.c -@@ -776,6 +776,7 @@ out: - } - - #ifdef CONFIG_X86 -+#include - #include - /* ACPI tables may not be DMA protected by tboot, so use DMAR copy */ - /* SINIT saved in SinitMleData in TXT heap (which is DMA protected) */ -@@ -786,7 +787,32 @@ out: - - int __init acpi_dmar_init(void) - { -- acpi_get_table(ACPI_SIG_DMAR, 0, &dmar_table); -+ acpi_physical_address dmar_addr; -+ acpi_native_uint dmar_len; -+ -+ if ( ACPI_SUCCESS(acpi_get_table_phys(ACPI_SIG_DMAR, 0, -+ &dmar_addr, &dmar_len)) ) -+ { -+#ifdef CONFIG_X86_32 -+ if ( dmar_addr + dmar_len > (DIRECTMAP_MBYTES << 20) ) -+ { -+ unsigned long offset = dmar_addr & (PAGE_SIZE - 1); -+ unsigned long mapped_size = PAGE_SIZE - offset; -+ -+ set_fixmap(FIX_DMAR_ZAP_LO, dmar_addr); -+ if ( mapped_size < sizeof(*dmar_table) ) -+ set_fixmap(FIX_DMAR_ZAP_HI, dmar_addr + PAGE_SIZE); -+ dmar_table = (void *)fix_to_virt(FIX_DMAR_ZAP_LO) + offset; -+ goto exit; -+ } -+#endif -+ map_pages_to_xen((unsigned long)__va(dmar_addr), PFN_DOWN(dmar_addr), -+ PFN_UP(dmar_addr + dmar_len) - PFN_DOWN(dmar_addr), -+ PAGE_HYPERVISOR); -+ dmar_table = __va(dmar_addr); -+ } -+ -+ exit: __attribute__((__unused__)) - return parse_dmar_table(acpi_parse_dmar); - } - ---- a/xen/include/acpi/acpixf.h -+++ b/xen/include/acpi/acpixf.h -@@ -77,6 +77,9 @@ acpi_status - acpi_get_table(acpi_string signature, - acpi_native_uint instance, struct acpi_table_header **out_table); - -+acpi_status -+acpi_get_table_phys(acpi_string signature, acpi_native_uint instance, -+ acpi_physical_address *addr, acpi_native_uint *len); - /* - * Namespace and name interfaces - */ ---- a/xen/include/asm-x86/fixmap.h -+++ b/xen/include/asm-x86/fixmap.h -@@ -50,6 +50,8 @@ enum fixed_addresses { - FIX_PAE_HIGHMEM_END = FIX_PAE_HIGHMEM_0 + NR_CPUS-1, - #define FIX_VGC_END FIX_PAE_HIGHMEM_0 - #define FIX_VGC_BEGIN FIX_PAE_HIGHMEM_END -+ FIX_DMAR_ZAP_HI, -+ FIX_DMAR_ZAP_LO, - #else - FIX_VGC_END, - FIX_VGC_BEGIN = FIX_VGC_END diff --git a/26444-x86-nHVM-no-self-enable.patch b/26444-x86-nHVM-no-self-enable.patch deleted file mode 100644 index 96dfdaf..0000000 --- a/26444-x86-nHVM-no-self-enable.patch +++ /dev/null @@ -1,32 +0,0 @@ -References: CVE-2013-0152 XSA-35 bnc#797287 - -# HG changeset patch -# User Ian Campbell -# Date 1358938044 -3600 -# Node ID 621b1a889e9b120236698731e0b5ecc5b0cb1d82 -# Parent 9efe4c0bf9c8d3ecf03868c69c24dad3218523a4 -xen: Do not allow guests to enable nested HVM on themselves - -There is no reason for this and doing so exposes a memory leak to -guests. Only toolstacks need write access to this HVM param. - -This is XSA-35 / CVE-2013-0152. - -Signed-off-by: Ian Campbell -Acked-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -3930,6 +3930,11 @@ long do_hvm_op(unsigned long op, XEN_GUE - rc = -EINVAL; - break; - case HVM_PARAM_NESTEDHVM: -+ if ( !IS_PRIV(current->domain) ) -+ { -+ rc = -EPERM; -+ break; -+ } - #ifdef __i386__ - if ( a.value ) - rc = -EINVAL; diff --git a/26468-libxl-race.patch b/26468-libxl-race.patch deleted file mode 100644 index b2093ce..0000000 --- a/26468-libxl-race.patch +++ /dev/null @@ -1,343 +0,0 @@ -# HG changeset patch -# User Ian Jackson -# Date 1359031672 0 -# Node ID a181bf3e77df891c97fc20dff4e9b90b7584022b -# Parent 3e93c50982de4f2f7db99d92b04684556320541c -libxl: fix stale fd event callback race - -Because there is not necessarily any lock held at the point the -application (eg, libvirt) calls libxl_osevent_occurred_timeout and -..._fd, in a multithreaded program those calls may be arbitrarily -delayed in relation to other activities within the program. - -libxl therefore needs to be prepared to receive very old event -callbacks. Arrange for this to be the case for fd callbacks. - -This requires a new layer of indirection through a "hook nexus" struct -which can outlive the libxl__ev_foo. Allocation and deallocation of -these nexi is mostly handled in the OSEVENT macros which wrap up -the application's callbacks. - -Document the problem and the solution in a comment in libxl_event.c -just before the definition of struct libxl__osevent_hook_nexus. - -There is still a race relating to libxl__osevent_occurred_timeout; -this will be addressed in the following patch. - -Reported-by: Bamvor Jian Zhang -Cc: Bamvor Jian Zhang -Cc: Ian Campbell -Tested-by: Jim Fehlig -Acked-by: Jim Fehlig -Signed-off-by: Ian Jackson -Committed-by: Ian Campbell - -Index: xen-4.2.1-testing/tools/libxl/libxl_event.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_event.c -+++ xen-4.2.1-testing/tools/libxl/libxl_event.c -@@ -38,23 +38,131 @@ - * The application's registration hooks should be called ONLY via - * these macros, with the ctx locked. Likewise all the "occurred" - * entrypoints from the application should assert(!in_hook); -+ * -+ * During the hook call - including while the arguments are being -+ * evaluated - ev->nexus is guaranteed to be valid and refer to the -+ * nexus which is being used for this event registration. The -+ * arguments should specify ev->nexus for the for_libxl argument and -+ * ev->nexus->for_app_reg (or a pointer to it) for for_app_reg. - */ --#define OSEVENT_HOOK_INTERN(retval, hookname, ...) do { \ -- if (CTX->osevent_hooks) { \ -- CTX->osevent_in_hook++; \ -- retval CTX->osevent_hooks->hookname(CTX->osevent_user, __VA_ARGS__); \ -- CTX->osevent_in_hook--; \ -- } \ -+#define OSEVENT_HOOK_INTERN(retval, failedp, evkind, hookop, nexusop, ...) do { \ -+ if (CTX->osevent_hooks) { \ -+ CTX->osevent_in_hook++; \ -+ libxl__osevent_hook_nexi *nexi = &CTX->hook_##evkind##_nexi_idle; \ -+ osevent_hook_pre_##nexusop(gc, ev, nexi, &ev->nexus); \ -+ retval CTX->osevent_hooks->evkind##_##hookop \ -+ (CTX->osevent_user, __VA_ARGS__); \ -+ if ((failedp)) \ -+ osevent_hook_failed_##nexusop(gc, ev, nexi, &ev->nexus); \ -+ CTX->osevent_in_hook--; \ -+ } \ - } while (0) - --#define OSEVENT_HOOK(hookname, ...) ({ \ -- int osevent_hook_rc = 0; \ -- OSEVENT_HOOK_INTERN(osevent_hook_rc = , hookname, __VA_ARGS__); \ -- osevent_hook_rc; \ -+#define OSEVENT_HOOK(evkind, hookop, nexusop, ...) ({ \ -+ int osevent_hook_rc = 0; \ -+ OSEVENT_HOOK_INTERN(osevent_hook_rc =, !!osevent_hook_rc, \ -+ evkind, hookop, nexusop, __VA_ARGS__); \ -+ osevent_hook_rc; \ - }) - --#define OSEVENT_HOOK_VOID(hookname, ...) \ -- OSEVENT_HOOK_INTERN(/* void */, hookname, __VA_ARGS__) -+#define OSEVENT_HOOK_VOID(evkind, hookop, nexusop, ...) \ -+ OSEVENT_HOOK_INTERN(/* void */, 0, evkind, hookop, nexusop, __VA_ARGS__) -+ -+/* -+ * The application's calls to libxl_osevent_occurred_... may be -+ * indefinitely delayed with respect to the rest of the program (since -+ * they are not necessarily called with any lock held). So the -+ * for_libxl value we receive may be (almost) arbitrarily old. All we -+ * know is that it came from this ctx. -+ * -+ * Therefore we may not free the object referred to by any for_libxl -+ * value until we free the whole libxl_ctx. And if we reuse it we -+ * must be able to tell when an old use turns up, and discard the -+ * stale event. -+ * -+ * Thus we cannot use the ev directly as the for_libxl value - we need -+ * a layer of indirection. -+ * -+ * We do this by keeping a pool of libxl__osevent_hook_nexus structs, -+ * and use pointers to them as for_libxl values. In fact, there are -+ * two pools: one for fds and one for timeouts. This ensures that we -+ * don't risk a type error when we upcast nexus->ev. In each nexus -+ * the ev is either null or points to a valid libxl__ev_time or -+ * libxl__ev_fd, as applicable. -+ * -+ * We /do/ allow ourselves to reassociate an old nexus with a new ev -+ * as otherwise we would have to leak nexi. (This reassociation -+ * might, of course, be an old ev being reused for a new purpose so -+ * simply comparing the ev pointer is not sufficient.) Thus the -+ * libxl_osevent_occurred functions need to check that the condition -+ * allegedly signalled by this event actually exists. -+ * -+ * The nexi and the lists are all protected by the ctx lock. -+ */ -+ -+struct libxl__osevent_hook_nexus { -+ void *ev; -+ void *for_app_reg; -+ LIBXL_SLIST_ENTRY(libxl__osevent_hook_nexus) next; -+}; -+ -+static void *osevent_ev_from_hook_nexus(libxl_ctx *ctx, -+ libxl__osevent_hook_nexus *nexus /* pass void *for_libxl */) -+{ -+ return nexus->ev; -+} -+ -+static void osevent_release_nexus(libxl__gc *gc, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus *nexus) -+{ -+ nexus->ev = 0; -+ LIBXL_SLIST_INSERT_HEAD(nexi_idle, nexus, next); -+} -+ -+/*----- OSEVENT* hook functions for nexusop "alloc" -----*/ -+static void osevent_hook_pre_alloc(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus_r) -+{ -+ libxl__osevent_hook_nexus *nexus = LIBXL_SLIST_FIRST(nexi_idle); -+ if (nexus) { -+ LIBXL_SLIST_REMOVE_HEAD(nexi_idle, next); -+ } else { -+ nexus = libxl__zalloc(NOGC, sizeof(*nexus)); -+ } -+ nexus->ev = ev; -+ *nexus_r = nexus; -+} -+static void osevent_hook_failed_alloc(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) -+{ -+ osevent_release_nexus(gc, nexi_idle, *nexus); -+} -+ -+/*----- OSEVENT* hook functions for nexusop "release" -----*/ -+static void osevent_hook_pre_release(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) -+{ -+ osevent_release_nexus(gc, nexi_idle, *nexus); -+} -+static void osevent_hook_failed_release(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) -+{ -+ abort(); -+} -+ -+/*----- OSEVENT* hook functions for nexusop "noop" -----*/ -+static void osevent_hook_pre_noop(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) { } -+static void osevent_hook_failed_noop(libxl__gc *gc, void *ev, -+ libxl__osevent_hook_nexi *nexi_idle, -+ libxl__osevent_hook_nexus **nexus) { } -+ - - /* - * fd events -@@ -72,7 +180,8 @@ int libxl__ev_fd_register(libxl__gc *gc, - - DBG("ev_fd=%p register fd=%d events=%x", ev, fd, events); - -- rc = OSEVENT_HOOK(fd_register, fd, &ev->for_app_reg, events, ev); -+ rc = OSEVENT_HOOK(fd,register, alloc, fd, &ev->nexus->for_app_reg, -+ events, ev->nexus); - if (rc) goto out; - - ev->fd = fd; -@@ -97,7 +206,7 @@ int libxl__ev_fd_modify(libxl__gc *gc, l - - DBG("ev_fd=%p modify fd=%d events=%x", ev, ev->fd, events); - -- rc = OSEVENT_HOOK(fd_modify, ev->fd, &ev->for_app_reg, events); -+ rc = OSEVENT_HOOK(fd,modify, noop, ev->fd, &ev->nexus->for_app_reg, events); - if (rc) goto out; - - ev->events = events; -@@ -119,7 +228,7 @@ void libxl__ev_fd_deregister(libxl__gc * - - DBG("ev_fd=%p deregister fd=%d", ev, ev->fd); - -- OSEVENT_HOOK_VOID(fd_deregister, ev->fd, ev->for_app_reg); -+ OSEVENT_HOOK_VOID(fd,deregister, release, ev->fd, ev->nexus->for_app_reg); - LIBXL_LIST_REMOVE(ev, entry); - ev->fd = -1; - -@@ -171,7 +280,8 @@ static int time_register_finite(libxl__g - { - int rc; - -- rc = OSEVENT_HOOK(timeout_register, &ev->for_app_reg, absolute, ev); -+ rc = OSEVENT_HOOK(timeout,register, alloc, &ev->nexus->for_app_reg, -+ absolute, ev->nexus); - if (rc) return rc; - - ev->infinite = 0; -@@ -184,7 +294,7 @@ static int time_register_finite(libxl__g - static void time_deregister(libxl__gc *gc, libxl__ev_time *ev) - { - if (!ev->infinite) { -- OSEVENT_HOOK_VOID(timeout_deregister, ev->for_app_reg); -+ OSEVENT_HOOK_VOID(timeout,deregister, release, ev->nexus->for_app_reg); - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); - } - } -@@ -270,7 +380,8 @@ int libxl__ev_time_modify_abs(libxl__gc - rc = time_register_finite(gc, ev, absolute); - if (rc) goto out; - } else { -- rc = OSEVENT_HOOK(timeout_modify, &ev->for_app_reg, absolute); -+ rc = OSEVENT_HOOK(timeout,modify, noop, -+ &ev->nexus->for_app_reg, absolute); - if (rc) goto out; - - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); -@@ -1009,35 +1120,54 @@ void libxl_osevent_register_hooks(libxl_ - - - void libxl_osevent_occurred_fd(libxl_ctx *ctx, void *for_libxl, -- int fd, short events, short revents) -+ int fd, short events_ign, short revents_ign) - { -- libxl__ev_fd *ev = for_libxl; -- - EGC_INIT(ctx); - CTX_LOCK; - assert(!CTX->osevent_in_hook); - -- assert(fd == ev->fd); -- revents &= ev->events; -- if (revents) -- ev->func(egc, ev, fd, ev->events, revents); -+ libxl__ev_fd *ev = osevent_ev_from_hook_nexus(ctx, for_libxl); -+ if (!ev) goto out; -+ if (ev->fd != fd) goto out; - -+ struct pollfd check; -+ for (;;) { -+ check.fd = fd; -+ check.events = ev->events; -+ int r = poll(&check, 1, 0); -+ if (!r) -+ goto out; -+ if (r==1) -+ break; -+ assert(r<0); -+ if (errno != EINTR) { -+ LIBXL__EVENT_DISASTER(egc, "failed poll to check for fd", errno, 0); -+ goto out; -+ } -+ } -+ -+ if (check.revents) -+ ev->func(egc, ev, fd, ev->events, check.revents); -+ -+ out: - CTX_UNLOCK; - EGC_FREE; - } - - void libxl_osevent_occurred_timeout(libxl_ctx *ctx, void *for_libxl) - { -- libxl__ev_time *ev = for_libxl; -- - EGC_INIT(ctx); - CTX_LOCK; - assert(!CTX->osevent_in_hook); - -+ libxl__ev_time *ev = osevent_ev_from_hook_nexus(ctx, for_libxl); -+ if (!ev) goto out; - assert(!ev->infinite); -+ - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); - ev->func(egc, ev, &ev->abs); - -+ out: - CTX_UNLOCK; - EGC_FREE; - } -Index: xen-4.2.1-testing/tools/libxl/libxl_internal.h -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_internal.h -+++ xen-4.2.1-testing/tools/libxl/libxl_internal.h -@@ -136,6 +136,8 @@ typedef struct libxl__gc libxl__gc; - typedef struct libxl__egc libxl__egc; - typedef struct libxl__ao libxl__ao; - typedef struct libxl__aop_occurred libxl__aop_occurred; -+typedef struct libxl__osevent_hook_nexus libxl__osevent_hook_nexus; -+typedef struct libxl__osevent_hook_nexi libxl__osevent_hook_nexi; - - _hidden void libxl__alloc_failed(libxl_ctx *, const char *func, - size_t nmemb, size_t size) __attribute__((noreturn)); -@@ -163,7 +165,7 @@ struct libxl__ev_fd { - libxl__ev_fd_callback *func; - /* remainder is private for libxl__ev_fd... */ - LIBXL_LIST_ENTRY(libxl__ev_fd) entry; -- void *for_app_reg; -+ libxl__osevent_hook_nexus *nexus; - }; - - -@@ -178,7 +180,7 @@ struct libxl__ev_time { - int infinite; /* not registered in list or with app if infinite */ - LIBXL_TAILQ_ENTRY(libxl__ev_time) entry; - struct timeval abs; -- void *for_app_reg; -+ libxl__osevent_hook_nexus *nexus; - }; - - typedef struct libxl__ev_xswatch libxl__ev_xswatch; -@@ -329,6 +331,8 @@ struct libxl__ctx { - libxl__poller poller_app; /* libxl_osevent_beforepoll and _afterpoll */ - LIBXL_LIST_HEAD(, libxl__poller) pollers_event, pollers_idle; - -+ LIBXL_SLIST_HEAD(libxl__osevent_hook_nexi, libxl__osevent_hook_nexus) -+ hook_fd_nexi_idle, hook_timeout_nexi_idle; - LIBXL_LIST_HEAD(, libxl__ev_fd) efds; - LIBXL_TAILQ_HEAD(, libxl__ev_time) etimes; - diff --git a/26469-libxl-race.patch b/26469-libxl-race.patch deleted file mode 100644 index a099ff6..0000000 --- a/26469-libxl-race.patch +++ /dev/null @@ -1,228 +0,0 @@ -# HG changeset patch -# User Ian Jackson -# Date 1359031673 0 -# Node ID a162a72e719a85799e3b08f52af7bb2147a407b8 -# Parent a181bf3e77df891c97fc20dff4e9b90b7584022b -libxl: fix stale timeout event callback race - -Because there is not necessarily any lock held at the point the -application (eg, libvirt) calls libxl_osevent_occurred_timeout, in a -multithreaded program those calls may be arbitrarily delayed in -relation to other activities within the program. - -Specifically this means when ->timeout_deregister returns, libxl does -not know whether it can safely dispose of the for_libxl value or -whether it needs to retain it in case of an in-progress call to -_occurred_timeout. - -The interface could be fixed by requiring the application to make a -new call into libxl to say that the deregistration was complete. - -However that new call would have to be threaded through the -application's event loop; this is complicated and some application -authors are likely not to implement it properly. Furthermore the -easiest way to implement this facility in most event loops is to queue -up a time event for "now". - -Shortcut all of this by having libxl always call timeout_modify -setting abs={0,0} (ie, ASAP) instead of timeout_deregister. This will -cause the application to call _occurred_timeout. When processing this -calldown we see that we were no longer actually interested and simply -throw it away. - -Additionally, there is a race between _occurred_timeout and -->timeout_modify. If libxl ever adjusts the deadline for a timeout -the application may already be in the process of calling _occurred, in -which case the situation with for_app's lifetime becomes very -complicated. Therefore abolish libxl__ev_time_modify_{abs,rel} (which -have no callers) and promise to the application only ever to call -->timeout_modify with abs=={0,0}. The application still needs to cope -with ->timeout_modify racing with its internal function which calls -_occurred_timeout. Document this. - -This is a forwards-compatible change for applications using the libxl -API, and will hopefully eliminate these races in callback-supplying -applications (such as libvirt) without the need for corresponding -changes to the application. (It is possible that this might expose -bugs in applications, though, as previously libxl would never call -libxl_osevent_hooks->timeout_modify and now it never calls -->timeout_deregister). - -For clarity, fold the body of time_register_finite into its one -remaining call site. This makes the semantics of ev->infinite -slightly clearer. - -Cc: Bamvor Jian Zhang -Cc: Ian Campbell -Tested-by: Jim Fehlig -Acked-by: Jim Fehlig -Signed-off-by: Ian Jackson -Committed-by: Ian Campbell - -Index: xen-4.2.1-testing/tools/libxl/libxl_event.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_event.c -+++ xen-4.2.1-testing/tools/libxl/libxl_event.c -@@ -267,18 +267,11 @@ static int time_rel_to_abs(libxl__gc *gc - return 0; - } - --static void time_insert_finite(libxl__gc *gc, libxl__ev_time *ev) --{ -- libxl__ev_time *evsearch; -- LIBXL_TAILQ_INSERT_SORTED(&CTX->etimes, entry, ev, evsearch, /*empty*/, -- timercmp(&ev->abs, &evsearch->abs, >)); -- ev->infinite = 0; --} -- - static int time_register_finite(libxl__gc *gc, libxl__ev_time *ev, - struct timeval absolute) - { - int rc; -+ libxl__ev_time *evsearch; - - rc = OSEVENT_HOOK(timeout,register, alloc, &ev->nexus->for_app_reg, - absolute, ev->nexus); -@@ -286,7 +279,8 @@ static int time_register_finite(libxl__g - - ev->infinite = 0; - ev->abs = absolute; -- time_insert_finite(gc, ev); -+ LIBXL_TAILQ_INSERT_SORTED(&CTX->etimes, entry, ev, evsearch, /*empty*/, -+ timercmp(&ev->abs, &evsearch->abs, >)); - - return 0; - } -@@ -294,7 +288,12 @@ static int time_register_finite(libxl__g - static void time_deregister(libxl__gc *gc, libxl__ev_time *ev) - { - if (!ev->infinite) { -- OSEVENT_HOOK_VOID(timeout,deregister, release, ev->nexus->for_app_reg); -+ struct timeval right_away = { 0, 0 }; -+ if (ev->nexus) /* only set if app provided hooks */ -+ ev->nexus->ev = 0; -+ OSEVENT_HOOK_VOID(timeout,modify, -+ noop /* release nexus in _occurred_ */, -+ &ev->nexus->for_app_reg, right_away); - LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); - } - } -@@ -364,70 +363,6 @@ int libxl__ev_time_register_rel(libxl__g - return rc; - } - --int libxl__ev_time_modify_abs(libxl__gc *gc, libxl__ev_time *ev, -- struct timeval absolute) --{ -- int rc; -- -- CTX_LOCK; -- -- DBG("ev_time=%p modify abs==%lu.%06lu", -- ev, (unsigned long)absolute.tv_sec, (unsigned long)absolute.tv_usec); -- -- assert(libxl__ev_time_isregistered(ev)); -- -- if (ev->infinite) { -- rc = time_register_finite(gc, ev, absolute); -- if (rc) goto out; -- } else { -- rc = OSEVENT_HOOK(timeout,modify, noop, -- &ev->nexus->for_app_reg, absolute); -- if (rc) goto out; -- -- LIBXL_TAILQ_REMOVE(&CTX->etimes, ev, entry); -- ev->abs = absolute; -- time_insert_finite(gc, ev); -- } -- -- rc = 0; -- out: -- time_done_debug(gc,__func__,ev,rc); -- CTX_UNLOCK; -- return rc; --} -- --int libxl__ev_time_modify_rel(libxl__gc *gc, libxl__ev_time *ev, -- int milliseconds) --{ -- struct timeval absolute; -- int rc; -- -- CTX_LOCK; -- -- DBG("ev_time=%p modify ms=%d", ev, milliseconds); -- -- assert(libxl__ev_time_isregistered(ev)); -- -- if (milliseconds < 0) { -- time_deregister(gc, ev); -- ev->infinite = 1; -- rc = 0; -- goto out; -- } -- -- rc = time_rel_to_abs(gc, milliseconds, &absolute); -- if (rc) goto out; -- -- rc = libxl__ev_time_modify_abs(gc, ev, absolute); -- if (rc) goto out; -- -- rc = 0; -- out: -- time_done_debug(gc,__func__,ev,rc); -- CTX_UNLOCK; -- return rc; --} -- - void libxl__ev_time_deregister(libxl__gc *gc, libxl__ev_time *ev) - { - CTX_LOCK; -@@ -1160,7 +1095,11 @@ void libxl_osevent_occurred_timeout(libx - CTX_LOCK; - assert(!CTX->osevent_in_hook); - -- libxl__ev_time *ev = osevent_ev_from_hook_nexus(ctx, for_libxl); -+ libxl__osevent_hook_nexus *nexus = for_libxl; -+ libxl__ev_time *ev = osevent_ev_from_hook_nexus(ctx, nexus); -+ -+ osevent_release_nexus(gc, &CTX->hook_timeout_nexi_idle, nexus); -+ - if (!ev) goto out; - assert(!ev->infinite); - -Index: xen-4.2.1-testing/tools/libxl/libxl_event.h -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_event.h -+++ xen-4.2.1-testing/tools/libxl/libxl_event.h -@@ -287,8 +287,10 @@ typedef struct libxl_osevent_hooks { - int (*timeout_register)(void *user, void **for_app_registration_out, - struct timeval abs, void *for_libxl); - int (*timeout_modify)(void *user, void **for_app_registration_update, -- struct timeval abs); -- void (*timeout_deregister)(void *user, void *for_app_registration); -+ struct timeval abs) -+ /* only ever called with abs={0,0}, meaning ASAP */; -+ void (*timeout_deregister)(void *user, void *for_app_registration) -+ /* will never be called */; - } libxl_osevent_hooks; - - /* The application which calls register_fd_hooks promises to -@@ -337,6 +339,17 @@ typedef struct libxl_osevent_hooks { - * register (or modify), and pass it to subsequent calls to modify - * or deregister. - * -+ * Note that the application must cope with a call from libxl to -+ * timeout_modify racing with its own call to -+ * libxl__osevent_occurred_timeout. libxl guarantees that -+ * timeout_modify will only be called with abs={0,0} but the -+ * application must still ensure that libxl's attempt to cause the -+ * timeout to occur immediately is safely ignored even the timeout is -+ * actually already in the process of occurring. -+ * -+ * timeout_deregister is not used because it forms part of a -+ * deprecated unsafe mode of use of the API. -+ * - * osevent_register_hooks may be called only once for each libxl_ctx. - * libxl may make calls to register/modify/deregister from within - * any libxl function (indeed, it will usually call register from diff --git a/26501-VMX-simplify-CR0-update.patch b/26501-VMX-simplify-CR0-update.patch deleted file mode 100644 index bf3b7da..0000000 --- a/26501-VMX-simplify-CR0-update.patch +++ /dev/null @@ -1,64 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1359566139 28800 -# Node ID 8201b6ec3564c80db5516cdcf36dcfa9b7fdd93b -# Parent 1fe8ecfdf10cc9077fc810364663a0f25a5c5b96 -vmx: Simplify cr0 update handling by deferring cr4 changes to the cr4 handler. - -Signed-off-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1133,20 +1133,18 @@ static void vmx_update_guest_cr(struct v - - if ( paging_mode_hap(v->domain) ) - { -- /* We manage GUEST_CR3 when guest CR0.PE is zero or when cr3 memevents are on */ -+ /* Manage GUEST_CR3 when CR0.PE=0. */ - uint32_t cr3_ctls = (CPU_BASED_CR3_LOAD_EXITING | - CPU_BASED_CR3_STORE_EXITING); - v->arch.hvm_vmx.exec_control &= ~cr3_ctls; - if ( !hvm_paging_enabled(v) ) - v->arch.hvm_vmx.exec_control |= cr3_ctls; - -+ /* Trap CR3 updates if CR3 memory events are enabled. */ - if ( v->domain->arch.hvm_domain.params[HVM_PARAM_MEMORY_EVENT_CR3] ) - v->arch.hvm_vmx.exec_control |= CPU_BASED_CR3_LOAD_EXITING; - - vmx_update_cpu_exec_control(v); -- -- /* Changing CR0.PE can change some bits in real CR4. */ -- vmx_update_guest_cr(v, 4); - } - - if ( !(v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_TS) ) -@@ -1176,8 +1174,6 @@ static void vmx_update_guest_cr(struct v - { - for ( s = x86_seg_cs ; s <= x86_seg_tr ; s++ ) - vmx_set_segment_register(v, s, ®[s]); -- v->arch.hvm_vcpu.hw_cr[4] |= X86_CR4_VME; -- __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); - v->arch.hvm_vmx.exception_bitmap = 0xffffffff; - vmx_update_exception_bitmap(v); - } -@@ -1187,10 +1183,6 @@ static void vmx_update_guest_cr(struct v - if ( !(v->arch.hvm_vmx.vm86_segment_mask & (1<arch.hvm_vmx.vm86_saved_seg[s]); -- v->arch.hvm_vcpu.hw_cr[4] = -- ((v->arch.hvm_vcpu.hw_cr[4] & ~X86_CR4_VME) -- |(v->arch.hvm_vcpu.guest_cr[4] & X86_CR4_VME)); -- __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); - v->arch.hvm_vmx.exception_bitmap = HVM_TRAP_MASK - | (paging_mode_hap(v->domain) ? - 0 : (1U << TRAP_page_fault)) -@@ -1204,6 +1196,9 @@ static void vmx_update_guest_cr(struct v - v->arch.hvm_vcpu.guest_cr[0] | hw_cr0_mask; - __vmwrite(GUEST_CR0, v->arch.hvm_vcpu.hw_cr[0]); - __vmwrite(CR0_READ_SHADOW, v->arch.hvm_vcpu.guest_cr[0]); -+ -+ /* Changing CR0 can change some bits in real CR4. */ -+ vmx_update_guest_cr(v, 4); - break; - } - case 2: diff --git a/26502-VMX-disable-SMEP-when-not-paging.patch b/26502-VMX-disable-SMEP-when-not-paging.patch deleted file mode 100644 index 4c6f5eb..0000000 --- a/26502-VMX-disable-SMEP-when-not-paging.patch +++ /dev/null @@ -1,39 +0,0 @@ -# HG changeset patch -# User Dongxiao Xu -# Date 1359566250 28800 -# Node ID d1bf3b21f78302dad1ed53e540facf7b9a0e2ab5 -# Parent 8201b6ec3564c80db5516cdcf36dcfa9b7fdd93b -VMX: disable SMEP feature when guest is in non-paging mode - -SMEP is disabled if CPU is in non-paging mode in hardware. -However Xen always uses paging mode to emulate guest non-paging -mode with HAP. To emulate this behavior, SMEP needs to be manually -disabled when guest switches to non-paging mode. - -We met an issue that, SMP Linux guest with recent kernel (enable -SMEP support, for example, 3.5.3) would crash with triple fault if -setting unrestricted_guest=0 in grub. This is because Xen uses an -identity mapping page table to emulate the non-paging mode, where -the page table is set with USER flag. If SMEP is still enabled in -this case, guest will meet unhandlable page fault and then crash. - -Signed-off-by: Dongxiao Xu -Signed-off-by: Xiantao Zhang -Committed-by: Keir Fraser - ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1227,6 +1227,13 @@ static void vmx_update_guest_cr(struct v - { - v->arch.hvm_vcpu.hw_cr[4] |= X86_CR4_PSE; - v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_PAE; -+ /* -+ * SMEP is disabled if CPU is in non-paging mode in hardware. -+ * However Xen always uses paging mode to emulate guest non-paging -+ * mode with HAP. To emulate this behavior, SMEP needs to be -+ * manually disabled when guest switches to non-paging mode. -+ */ -+ v->arch.hvm_vcpu.hw_cr[4] &= ~X86_CR4_SMEP; - } - __vmwrite(GUEST_CR4, v->arch.hvm_vcpu.hw_cr[4]); - __vmwrite(CR4_READ_SHADOW, v->arch.hvm_vcpu.guest_cr[4]); diff --git a/26516-ACPI-parse-table-retval.patch b/26516-ACPI-parse-table-retval.patch deleted file mode 100644 index 1a42d93..0000000 --- a/26516-ACPI-parse-table-retval.patch +++ /dev/null @@ -1,37 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Boris Ostrovsky -# Date 1360073898 -3600 -# Node ID 32d4516a97f0b22ed06155f7b8e0bff075024991 -# Parent 2fdca30363f08026971c094e8a1a84e19ca3e55b -ACPI: acpi_table_parse() should return handler's error code - -Currently, the error code returned by acpi_table_parse()'s handler -is ignored. This patch will propagate handler's return value to -acpi_table_parse()'s caller. - -Signed-off-by: Boris Ostrovsky -Committed-by: Jan Beulich - ---- a/xen/drivers/acpi/tables.c -+++ b/xen/drivers/acpi/tables.c -@@ -267,7 +267,7 @@ acpi_table_parse_madt(enum acpi_madt_typ - * @handler: handler to run - * - * Scan the ACPI System Descriptor Table (STD) for a table matching @id, -- * run @handler on it. Return 0 if table found, return on if not. -+ * run @handler on it. - */ - int __init acpi_table_parse(char *id, acpi_table_handler handler) - { -@@ -282,8 +282,7 @@ int __init acpi_table_parse(char *id, ac - acpi_get_table(id, 0, &table); - - if (table) { -- handler(table); -- return 0; -+ return handler(table); - } else - return 1; - } diff --git a/26517-AMD-IOMMU-clear-irtes.patch b/26517-AMD-IOMMU-clear-irtes.patch deleted file mode 100644 index 8a1c35d..0000000 --- a/26517-AMD-IOMMU-clear-irtes.patch +++ /dev/null @@ -1,205 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Jan Beulich -# Date 1360074047 -3600 -# Node ID 601139e2b0db7dc8a5bb69b9b7373fb87742741c -# Parent 32d4516a97f0b22ed06155f7b8e0bff075024991 -AMD,IOMMU: Clean up old entries in remapping tables when creating new one - -When changing the affinity of an IRQ associated with a passed -through PCI device, clear previous mapping. - -This is XSA-36 / CVE-2013-0153. - -Signed-off-by: Jan Beulich - -In addition, because some BIOSes may incorrectly program IVRS -entries for IOAPIC try to check for entry's consistency. Specifically, -if conflicting entries are found disable IOMMU if per-device -remapping table is used. If entries refer to bogus IOAPIC IDs -disable IOMMU unconditionally - -Signed-off-by: Boris Ostrovsky - ---- a/xen/drivers/passthrough/amd/iommu_acpi.c -+++ b/xen/drivers/passthrough/amd/iommu_acpi.c -@@ -22,6 +22,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -635,6 +636,7 @@ static u16 __init parse_ivhd_device_spec - u16 header_length, u16 block_length, struct amd_iommu *iommu) - { - u16 dev_length, bdf; -+ int apic; - - dev_length = sizeof(*special); - if ( header_length < (block_length + dev_length) ) -@@ -651,10 +653,59 @@ static u16 __init parse_ivhd_device_spec - } - - add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, iommu); -- /* set device id of ioapic */ -- ioapic_sbdf[special->handle].bdf = bdf; -- ioapic_sbdf[special->handle].seg = seg; -- return dev_length; -+ -+ if ( special->variety != ACPI_IVHD_IOAPIC ) -+ { -+ if ( special->variety != ACPI_IVHD_HPET ) -+ printk(XENLOG_ERR "Unrecognized IVHD special variety %#x\n", -+ special->variety); -+ return dev_length; -+ } -+ -+ /* -+ * Some BIOSes have IOAPIC broken entries so we check for IVRS -+ * consistency here --- whether entry's IOAPIC ID is valid and -+ * whether there are conflicting/duplicated entries. -+ */ -+ for ( apic = 0; apic < nr_ioapics; apic++ ) -+ { -+ if ( IO_APIC_ID(apic) != special->handle ) -+ continue; -+ -+ if ( ioapic_sbdf[special->handle].pin_setup ) -+ { -+ if ( ioapic_sbdf[special->handle].bdf == bdf && -+ ioapic_sbdf[special->handle].seg == seg ) -+ AMD_IOMMU_DEBUG("IVHD Warning: Duplicate IO-APIC %#x entries\n", -+ special->handle); -+ else -+ { -+ printk(XENLOG_ERR "IVHD Error: Conflicting IO-APIC %#x entries\n", -+ special->handle); -+ if ( amd_iommu_perdev_intremap ) -+ return 0; -+ } -+ } -+ else -+ { -+ /* set device id of ioapic */ -+ ioapic_sbdf[special->handle].bdf = bdf; -+ ioapic_sbdf[special->handle].seg = seg; -+ -+ ioapic_sbdf[special->handle].pin_setup = xzalloc_array( -+ unsigned long, BITS_TO_LONGS(nr_ioapic_entries[apic])); -+ if ( nr_ioapic_entries[apic] && -+ !ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) -+ { -+ printk(XENLOG_ERR "IVHD Error: Out of memory\n"); -+ return 0; -+ } -+ } -+ return dev_length; -+ } -+ -+ printk(XENLOG_ERR "IVHD Error: Invalid IO-APIC %#x\n", special->handle); -+ return 0; - } - - static int __init parse_ivhd_block(const struct acpi_ivrs_hardware *ivhd_block) ---- a/xen/drivers/passthrough/amd/iommu_intr.c -+++ b/xen/drivers/passthrough/amd/iommu_intr.c -@@ -99,12 +99,12 @@ static void update_intremap_entry(u32* e - static void update_intremap_entry_from_ioapic( - int bdf, - struct amd_iommu *iommu, -- struct IO_APIC_route_entry *ioapic_rte) -+ const struct IO_APIC_route_entry *rte, -+ const struct IO_APIC_route_entry *old_rte) - { - unsigned long flags; - u32* entry; - u8 delivery_mode, dest, vector, dest_mode; -- struct IO_APIC_route_entry *rte = ioapic_rte; - int req_id; - spinlock_t *lock; - int offset; -@@ -120,6 +120,14 @@ static void update_intremap_entry_from_i - spin_lock_irqsave(lock, flags); - - offset = get_intremap_offset(vector, delivery_mode); -+ if ( old_rte ) -+ { -+ int old_offset = get_intremap_offset(old_rte->vector, -+ old_rte->delivery_mode); -+ -+ if ( offset != old_offset ) -+ free_intremap_entry(iommu->seg, bdf, old_offset); -+ } - entry = (u32*)get_intremap_entry(iommu->seg, req_id, offset); - update_intremap_entry(entry, vector, delivery_mode, dest_mode, dest); - -@@ -188,6 +196,7 @@ int __init amd_iommu_setup_ioapic_remapp - amd_iommu_flush_intremap(iommu, req_id); - spin_unlock_irqrestore(&iommu->lock, flags); - } -+ set_bit(pin, ioapic_sbdf[IO_APIC_ID(apic)].pin_setup); - } - } - return 0; -@@ -199,6 +208,7 @@ void amd_iommu_ioapic_update_ire( - struct IO_APIC_route_entry old_rte = { 0 }; - struct IO_APIC_route_entry new_rte = { 0 }; - unsigned int rte_lo = (reg & 1) ? reg - 1 : reg; -+ unsigned int pin = (reg - 0x10) / 2; - int saved_mask, seg, bdf; - struct amd_iommu *iommu; - -@@ -236,6 +246,14 @@ void amd_iommu_ioapic_update_ire( - *(((u32 *)&new_rte) + 1) = value; - } - -+ if ( new_rte.mask && -+ !test_bit(pin, ioapic_sbdf[IO_APIC_ID(apic)].pin_setup) ) -+ { -+ ASSERT(saved_mask); -+ __io_apic_write(apic, reg, value); -+ return; -+ } -+ - /* mask the interrupt while we change the intremap table */ - if ( !saved_mask ) - { -@@ -244,7 +262,11 @@ void amd_iommu_ioapic_update_ire( - } - - /* Update interrupt remapping entry */ -- update_intremap_entry_from_ioapic(bdf, iommu, &new_rte); -+ update_intremap_entry_from_ioapic( -+ bdf, iommu, &new_rte, -+ test_and_set_bit(pin, -+ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup) ? &old_rte -+ : NULL); - - /* Forward write access to IO-APIC RTE */ - __io_apic_write(apic, reg, value); -@@ -354,6 +376,12 @@ void amd_iommu_msi_msg_update_ire( - return; - } - -+ if ( msi_desc->remap_index >= 0 ) -+ update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, NULL); -+ -+ if ( !msg ) -+ return; -+ - update_intremap_entry_from_msi_msg(iommu, pdev, msi_desc, msg); - } - ---- a/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h -+++ b/xen/include/asm-x86/hvm/svm/amd-iommu-proto.h -@@ -100,6 +100,7 @@ void amd_iommu_read_msi_from_ire( - - extern struct ioapic_sbdf { - u16 bdf, seg; -+ unsigned long *pin_setup; - } ioapic_sbdf[MAX_IO_APICS]; - extern void *shared_intremap_table; - diff --git a/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch b/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch deleted file mode 100644 index 23e2940..0000000 --- a/26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch +++ /dev/null @@ -1,77 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Boris Ostrovsky -# Date 1360074085 -3600 -# Node ID e379a23b04655e9e43dc50944a5c9d1e59d8bee9 -# Parent 601139e2b0db7dc8a5bb69b9b7373fb87742741c -AMD,IOMMU: Disable IOMMU if SATA Combined mode is on - -AMD's SP5100 chipset can be placed into SATA Combined mode -that may cause prevent dom0 from booting when IOMMU is -enabled and per-device interrupt remapping table is used. -While SP5100 erratum 28 requires BIOSes to disable this mode, -some may still use it. - -This patch checks whether this mode is on and, if per-device -table is in use, disables IOMMU. - -This is XSA-36 / CVE-2013-0153. - -Signed-off-by: Boris Ostrovsky - -Flipped operands of && in amd_iommu_init() to make the message issued -by amd_sp5100_erratum28() match reality (when amd_iommu_perdev_intremap -is zero, there's really no point in calling the function). - -Signed-off-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/xen/drivers/passthrough/amd/iommu_init.c -+++ b/xen/drivers/passthrough/amd/iommu_init.c -@@ -1118,12 +1118,45 @@ static int __init amd_iommu_setup_device - return 0; - } - -+/* Check whether SP5100 SATA Combined mode is on */ -+static bool_t __init amd_sp5100_erratum28(void) -+{ -+ u32 bus, id; -+ u16 vendor_id, dev_id; -+ u8 byte; -+ -+ for (bus = 0; bus < 256; bus++) -+ { -+ id = pci_conf_read32(0, bus, 0x14, 0, PCI_VENDOR_ID); -+ -+ vendor_id = id & 0xffff; -+ dev_id = (id >> 16) & 0xffff; -+ -+ /* SP5100 SMBus module sets Combined mode on */ -+ if (vendor_id != 0x1002 || dev_id != 0x4385) -+ continue; -+ -+ byte = pci_conf_read8(0, bus, 0x14, 0, 0xad); -+ if ( (byte >> 3) & 1 ) -+ { -+ printk(XENLOG_WARNING "AMD-Vi: SP5100 erratum 28 detected, disabling IOMMU.\n" -+ "If possible, disable SATA Combined mode in BIOS or contact your vendor for BIOS update.\n"); -+ return 1; -+ } -+ } -+ -+ return 0; -+} -+ - int __init amd_iommu_init(void) - { - struct amd_iommu *iommu; - - BUG_ON( !iommu_found() ); - -+ if ( amd_iommu_perdev_intremap && amd_sp5100_erratum28() ) -+ goto error_out; -+ - ivrs_bdf_entries = amd_iommu_get_ivrs_dev_entries(); - - if ( !ivrs_bdf_entries ) diff --git a/26519-AMD-IOMMU-perdev-intremap-default.patch b/26519-AMD-IOMMU-perdev-intremap-default.patch deleted file mode 100644 index 9fb9ed2..0000000 --- a/26519-AMD-IOMMU-perdev-intremap-default.patch +++ /dev/null @@ -1,55 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Boris Ostrovsky -# Date 1360074131 -3600 -# Node ID 1af531e7bc2fc518f16d8d1461083c528e1517cf -# Parent e379a23b04655e9e43dc50944a5c9d1e59d8bee9 -AMD,IOMMU: Make per-device interrupt remapping table default - -Using global interrupt remapping table may be insecure, as -described by XSA-36. This patch makes per-device mode default. - -This is XSA-36 / CVE-2013-0153. - -Signed-off-by: Boris Ostrovsky - -Moved warning in amd_iov_detect() to location covering all cases. - -Signed-off-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/xen/arch/x86/irq.c -+++ b/xen/arch/x86/irq.c -@@ -1942,9 +1942,6 @@ int map_domain_pirq( - spin_lock_irqsave(&desc->lock, flags); - set_domain_irq_pirq(d, irq, info); - spin_unlock_irqrestore(&desc->lock, flags); -- -- if ( opt_irq_vector_map == OPT_IRQ_VECTOR_MAP_PERDEV ) -- printk(XENLOG_INFO "Per-device vector maps for GSIs not implemented yet.\n"); - } - - done: ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c -@@ -204,6 +204,8 @@ int __init amd_iov_detect(void) - { - printk("AMD-Vi: Not overriding irq_vector_map setting\n"); - } -+ if ( !amd_iommu_perdev_intremap ) -+ printk(XENLOG_WARNING "AMD-Vi: Using global interrupt remap table is not recommended (see XSA-36)!\n"); - return scan_pci_devices(); - } - ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -52,7 +52,7 @@ bool_t __read_mostly iommu_qinval = 1; - bool_t __read_mostly iommu_intremap = 1; - bool_t __read_mostly iommu_hap_pt_share = 1; - bool_t __read_mostly iommu_debug; --bool_t __read_mostly amd_iommu_perdev_intremap; -+bool_t __read_mostly amd_iommu_perdev_intremap = 1; - - DEFINE_PER_CPU(bool_t, iommu_dont_flush_iotlb); - diff --git a/26526-pvdrv-no-devinit.patch b/26526-pvdrv-no-devinit.patch deleted file mode 100644 index c3903db..0000000 --- a/26526-pvdrv-no-devinit.patch +++ /dev/null @@ -1,37 +0,0 @@ -# HG changeset patch -# User Olaf Hering -# Date 1360664991 -3600 -# Node ID a37aa55c3cbcb0e8340b4985314ef8fb31d7610b -# Parent 9af6e566befe5516e66b62197813aa22e1d7122c -unmodified_drivers: __devinit was removed in linux-3.8 - -Signed-off-by: Olaf Hering - -Merge with __init handling. - -Signed-off-by: Jan Beulich -Committed-by: Jan Beulich - ---- a/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h -+++ b/unmodified_drivers/linux-2.6/compat-include/xen/platform-compat.h -@@ -13,10 +13,19 @@ - #define DEFINE_SPINLOCK(x) spinlock_t x = SPIN_LOCK_UNLOCKED - #endif - --#if defined(_LINUX_INIT_H) && !defined(__init) -+#ifdef _LINUX_INIT_H -+ -+#ifndef __init - #define __init - #endif - -+#ifndef __devinit -+#define __devinit -+#define __devinitdata -+#endif -+ -+#endif /* _LINUX_INIT_H */ -+ - #if defined(__LINUX_CACHE_H) && !defined(__read_mostly) - #define __read_mostly - #endif diff --git a/26529-gcc48-build-fix.patch b/26529-gcc48-build-fix.patch deleted file mode 100644 index 4fbadc6..0000000 --- a/26529-gcc48-build-fix.patch +++ /dev/null @@ -1,21 +0,0 @@ -# HG changeset patch -# User Keir Fraser -# Date 1360775011 0 -# Node ID 97b7e546e2e4a021491e198a33f7d685550ebc73 -# Parent 742dde457258422a3d08e3ddbf9a7eae55c93acb -gcc4.8 build fix: Add -Wno-unused-local-typedefs to CFLAGS. - -Based on a patch by M A Young - -Signed-off-by: Keir Fraser - ---- a/Config.mk -+++ b/Config.mk -@@ -166,6 +166,7 @@ CFLAGS-$(clang) += -Wno-parentheses -Wno - $(call cc-option-add,HOSTCFLAGS,HOSTCC,-Wdeclaration-after-statement) - $(call cc-option-add,CFLAGS,CC,-Wdeclaration-after-statement) - $(call cc-option-add,CFLAGS,CC,-Wno-unused-but-set-variable) -+$(call cc-option-add,CFLAGS,CC,-Wno-unused-local-typedefs) - - LDFLAGS += $(foreach i, $(EXTRA_LIB), -L$(i)) - CFLAGS += $(foreach i, $(EXTRA_INCLUDES), -I$(i)) diff --git a/26531-AMD-IOMMU-IVHD-special-missing.patch b/26531-AMD-IOMMU-IVHD-special-missing.patch deleted file mode 100644 index 4e2da89..0000000 --- a/26531-AMD-IOMMU-IVHD-special-missing.patch +++ /dev/null @@ -1,127 +0,0 @@ -References: CVE-2013-0153 XSA-36 bnc#800275 - -# HG changeset patch -# User Jan Beulich -# Date 1360831252 -3600 -# Node ID e68f14b9e73925e9d404e517ba510f73fe472e4e -# Parent c43be17eec0602015fc6461d1f13c992ba330c20 -AMD IOMMU: also spot missing IO-APIC entries in IVRS table - -Apart from dealing duplicate conflicting entries, we also have to -handle firmware omitting IO-APIC entries in IVRS altogether. Not doing -so has resulted in c/s 26517:601139e2b0db to crash such systems during -boot (whereas with the change here the IOMMU gets disabled just as is -being done in the other cases, i.e. unless global tables are being -used). - -Debugging this issue has also pointed out that the debug log output is -pretty ugly to look at - consolidate the output, and add one extra -item for the IVHD special entries, so that future issues are easier -to analyze. - -Signed-off-by: Jan Beulich -Tested-by: Sander Eikelenboom -Acked-by: Ian Campbell - ---- a/xen/drivers/passthrough/amd/iommu_acpi.c -+++ b/xen/drivers/passthrough/amd/iommu_acpi.c -@@ -352,9 +352,8 @@ static int __init parse_ivmd_block(const - base = start_addr & PAGE_MASK; - limit = (start_addr + mem_length - 1) & PAGE_MASK; - -- AMD_IOMMU_DEBUG("IVMD Block: Type 0x%x\n",ivmd_block->header.type); -- AMD_IOMMU_DEBUG(" Start_Addr_Phys 0x%lx\n", start_addr); -- AMD_IOMMU_DEBUG(" Mem_Length 0x%lx\n", mem_length); -+ AMD_IOMMU_DEBUG("IVMD Block: type %#x phys %#lx len %#lx\n", -+ ivmd_block->header.type, start_addr, mem_length); - - if ( ivmd_block->header.flags & ACPI_IVMD_EXCLUSION_RANGE ) - iw = ir = IOMMU_CONTROL_ENABLED; -@@ -549,8 +548,8 @@ static u16 __init parse_ivhd_device_alia - return 0; - } - -- AMD_IOMMU_DEBUG(" Dev_Id Range: 0x%x -> 0x%x\n", first_bdf, last_bdf); -- AMD_IOMMU_DEBUG(" Dev_Id Alias: 0x%x\n", alias_id); -+ AMD_IOMMU_DEBUG(" Dev_Id Range: %#x -> %#x alias %#x\n", -+ first_bdf, last_bdf, alias_id); - - for ( bdf = first_bdf; bdf <= last_bdf; bdf++ ) - add_ivrs_mapping_entry(bdf, alias_id, range->alias.header.data_setting, -@@ -652,6 +651,9 @@ static u16 __init parse_ivhd_device_spec - return 0; - } - -+ AMD_IOMMU_DEBUG("IVHD Special: %04x:%02x:%02x.%u variety %#x handle %#x\n", -+ seg, PCI_BUS(bdf), PCI_SLOT(bdf), PCI_FUNC(bdf), -+ special->variety, special->handle); - add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, iommu); - - if ( special->variety != ACPI_IVHD_IOAPIC ) -@@ -737,10 +739,9 @@ static int __init parse_ivhd_block(const - { - ivhd_device = (const void *)((const u8 *)ivhd_block + block_length); - -- AMD_IOMMU_DEBUG( "IVHD Device Entry:\n"); -- AMD_IOMMU_DEBUG( " Type 0x%x\n", ivhd_device->header.type); -- AMD_IOMMU_DEBUG( " Dev_Id 0x%x\n", ivhd_device->header.id); -- AMD_IOMMU_DEBUG( " Flags 0x%x\n", ivhd_device->header.data_setting); -+ AMD_IOMMU_DEBUG("IVHD Device Entry: type %#x id %#x flags %#x\n", -+ ivhd_device->header.type, ivhd_device->header.id, -+ ivhd_device->header.data_setting); - - switch ( ivhd_device->header.type ) - { -@@ -869,6 +870,7 @@ static int __init parse_ivrs_table(struc - { - const struct acpi_ivrs_header *ivrs_block; - unsigned long length; -+ unsigned int apic; - int error = 0; - - BUG_ON(!table); -@@ -882,11 +884,9 @@ static int __init parse_ivrs_table(struc - { - ivrs_block = (struct acpi_ivrs_header *)((u8 *)table + length); - -- AMD_IOMMU_DEBUG("IVRS Block:\n"); -- AMD_IOMMU_DEBUG(" Type 0x%x\n", ivrs_block->type); -- AMD_IOMMU_DEBUG(" Flags 0x%x\n", ivrs_block->flags); -- AMD_IOMMU_DEBUG(" Length 0x%x\n", ivrs_block->length); -- AMD_IOMMU_DEBUG(" Dev_Id 0x%x\n", ivrs_block->device_id); -+ AMD_IOMMU_DEBUG("IVRS Block: type %#x flags %#x len %#x id %#x\n", -+ ivrs_block->type, ivrs_block->flags, -+ ivrs_block->length, ivrs_block->device_id); - - if ( table->length < (length + ivrs_block->length) ) - { -@@ -901,6 +901,29 @@ static int __init parse_ivrs_table(struc - length += ivrs_block->length; - } - -+ /* Each IO-APIC must have been mentioned in the table. */ -+ for ( apic = 0; !error && apic < nr_ioapics; ++apic ) -+ { -+ if ( !nr_ioapic_entries[apic] || -+ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) -+ continue; -+ -+ printk(XENLOG_ERR "IVHD Error: no information for IO-APIC %#x\n", -+ IO_APIC_ID(apic)); -+ if ( amd_iommu_perdev_intremap ) -+ error = -ENXIO; -+ else -+ { -+ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup = xzalloc_array( -+ unsigned long, BITS_TO_LONGS(nr_ioapic_entries[apic])); -+ if ( !ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) -+ { -+ printk(XENLOG_ERR "IVHD Error: Out of memory\n"); -+ error = -ENOMEM; -+ } -+ } -+ } -+ - return error; - } - diff --git a/26536-xenoprof-div-by-0.patch b/26536-xenoprof-div-by-0.patch deleted file mode 100644 index da857ab..0000000 --- a/26536-xenoprof-div-by-0.patch +++ /dev/null @@ -1,39 +0,0 @@ -# HG changeset patch -# User Tim Deegan -# Date 1360917722 -3600 -# Node ID 0cca8a18432f08b342d76a753aa98559d892f592 -# Parent 7af3c38ae187b351c5cea58e9eee482b50d814d8 -xenoprof: avoid division by 0 - -Signed-off-by: Tim Deegan -Acked-by: Jan Beulich -Acked-by: Keir Fraser -Committed-by: Jan Beulich - ---- a/xen/common/xenoprof.c -+++ b/xen/common/xenoprof.c -@@ -193,6 +193,13 @@ static int alloc_xenoprof_struct( - unsigned max_max_samples; - int i; - -+ nvcpu = 0; -+ for_each_vcpu ( d, v ) -+ nvcpu++; -+ -+ if ( !nvcpu ) -+ return -EINVAL; -+ - d->xenoprof = xzalloc(struct xenoprof); - if ( d->xenoprof == NULL ) - { -@@ -209,10 +216,6 @@ static int alloc_xenoprof_struct( - return -ENOMEM; - } - -- nvcpu = 0; -- for_each_vcpu ( d, v ) -- nvcpu++; -- - bufsize = sizeof(struct xenoprof_buf); - i = sizeof(struct event_log); - #ifdef CONFIG_COMPAT diff --git a/26554-hvm-firmware-passthrough.patch b/26554-hvm-firmware-passthrough.patch index 3f5af46..175ddf9 100644 --- a/26554-hvm-firmware-passthrough.patch +++ b/26554-hvm-firmware-passthrough.patch @@ -9,10 +9,11 @@ Signed-off-by: Ross Philipson Acked-by: Ian Campbell Committed-by: Ian Campbell -diff -r 71c15ae09983 -r 3124ab7855fd tools/libxl/libxl_dom.c ---- a/tools/libxl/libxl_dom.c Fri Feb 15 13:32:15 2013 +0000 -+++ b/tools/libxl/libxl_dom.c Fri Feb 15 13:32:16 2013 +0000 -@@ -542,17 +542,24 @@ int libxl__build_hvm(libxl__gc *gc, uint +Index: xen-4.2.2-testing/tools/libxl/libxl_dom.c +=================================================================== +--- xen-4.2.2-testing.orig/tools/libxl/libxl_dom.c ++++ xen-4.2.2-testing/tools/libxl/libxl_dom.c +@@ -546,17 +546,24 @@ int libxl__build_hvm(libxl__gc *gc, uint libxl__domain_build_state *state) { libxl_ctx *ctx = libxl__gc_owner(gc); diff --git a/26555-hvm-firmware-passthrough.patch b/26555-hvm-firmware-passthrough.patch index f768385..6b10af2 100644 --- a/26555-hvm-firmware-passthrough.patch +++ b/26555-hvm-firmware-passthrough.patch @@ -25,10 +25,10 @@ Signed-off-by: Ross Philipson Acked-by: Ian Campbell Committed-by: Ian Campbell -Index: xen-4.2.1-testing/docs/man/xl.cfg.pod.5 +Index: xen-4.2.2-testing/docs/man/xl.cfg.pod.5 =================================================================== ---- xen-4.2.1-testing.orig/docs/man/xl.cfg.pod.5 -+++ xen-4.2.1-testing/docs/man/xl.cfg.pod.5 +--- xen-4.2.2-testing.orig/docs/man/xl.cfg.pod.5 ++++ xen-4.2.2-testing/docs/man/xl.cfg.pod.5 @@ -637,6 +637,25 @@ of Xen) within a Xen guest or to support which uses hardware virtualisation extensions (e.g. Windows XP compatibility mode on more modern Windows OS). @@ -55,10 +55,10 @@ Index: xen-4.2.1-testing/docs/man/xl.cfg.pod.5 =back =head3 Guest Virtual Time Controls -Index: xen-4.2.1-testing/tools/libxl/libxl.h +Index: xen-4.2.2-testing/tools/libxl/libxl.h =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl.h -+++ xen-4.2.1-testing/tools/libxl/libxl.h +--- xen-4.2.2-testing.orig/tools/libxl/libxl.h ++++ xen-4.2.2-testing/tools/libxl/libxl.h @@ -68,6 +68,13 @@ */ @@ -73,11 +73,11 @@ Index: xen-4.2.1-testing/tools/libxl/libxl.h * libxl ABI compatibility * * The only guarantee which libxl makes regarding ABI compatibility -Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c +Index: xen-4.2.2-testing/tools/libxl/libxl_dom.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_dom.c -+++ xen-4.2.1-testing/tools/libxl/libxl_dom.c -@@ -21,6 +21,7 @@ +--- xen-4.2.2-testing.orig/tools/libxl/libxl_dom.c ++++ xen-4.2.2-testing/tools/libxl/libxl_dom.c +@@ -22,6 +22,7 @@ #include #include @@ -85,7 +85,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c libxl_domain_type libxl__domain_type(libxl__gc *gc, uint32_t domid) { -@@ -510,11 +511,61 @@ static int hvm_build_set_params(xc_inter +@@ -514,11 +515,61 @@ static int hvm_build_set_params(xc_inter return 0; } @@ -149,7 +149,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c if (info->u.hvm.firmware) firmware = info->u.hvm.firmware; -@@ -528,13 +579,52 @@ static const char *libxl__domain_firmwar +@@ -532,13 +583,52 @@ static const char *libxl__domain_firmwar firmware = "hvmloader"; break; default: @@ -206,7 +206,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c } int libxl__build_hvm(libxl__gc *gc, uint32_t domid, -@@ -544,10 +634,6 @@ int libxl__build_hvm(libxl__gc *gc, uint +@@ -548,10 +638,6 @@ int libxl__build_hvm(libxl__gc *gc, uint libxl_ctx *ctx = libxl__gc_owner(gc); struct xc_hvm_build_args args = {}; int ret, rc = ERROR_FAIL; @@ -217,7 +217,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c memset(&args, 0, sizeof(struct xc_hvm_build_args)); /* The params from the configuration file are in Mb, which are then -@@ -557,22 +643,34 @@ int libxl__build_hvm(libxl__gc *gc, uint +@@ -561,22 +647,34 @@ int libxl__build_hvm(libxl__gc *gc, uint */ args.mem_size = (uint64_t)(info->max_memkb - info->video_memkb) << 10; args.mem_target = (uint64_t)(info->target_memkb - info->video_memkb) << 10; @@ -256,7 +256,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c out: return rc; } -@@ -634,7 +732,7 @@ int libxl__toolstack_restore(uint32_t do +@@ -638,7 +736,7 @@ int libxl__toolstack_restore(uint32_t do memcpy(&count, ptr, sizeof(count)); ptr += sizeof(count); @@ -265,7 +265,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c if (size < sizeof(version) + sizeof(count) + count * (sizeof(struct libxl__physmap_info))) { LIBXL__LOG(ctx, LIBXL__LOG_ERROR, "wrong size"); -@@ -809,7 +907,7 @@ static void switch_logdirty_xswatch(libx +@@ -852,7 +950,7 @@ static void switch_logdirty_xswatch(libx rc = libxl__xs_rm_checked(gc, t, lds->ret_path); if (rc) goto out; @@ -274,7 +274,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c if (!rc) break; if (rc<0) goto out; } -@@ -1281,7 +1379,7 @@ void libxl__xc_domain_save_done(libxl__e +@@ -1324,7 +1422,7 @@ void libxl__xc_domain_save_done(libxl__e if (type == LIBXL_DOMAIN_TYPE_HVM) { rc = libxl__domain_suspend_device_model(gc, dss); if (rc) goto out; @@ -283,10 +283,10 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c libxl__domain_save_device_model(egc, dss, domain_suspend_done); return; } -Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl +Index: xen-4.2.2-testing/tools/libxl/libxl_types.idl =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_types.idl -+++ xen-4.2.1-testing/tools/libxl/libxl_types.idl +--- xen-4.2.2-testing.orig/tools/libxl/libxl_types.idl ++++ xen-4.2.2-testing/tools/libxl/libxl_types.idl @@ -301,6 +301,8 @@ libxl_domain_build_info = Struct("domain ("vpt_align", libxl_defbool), ("timer_mode", libxl_timer_mode), @@ -296,10 +296,10 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl ("nographic", libxl_defbool), ("vga", libxl_vga_interface_info), ("vnc", libxl_vnc_info), -Index: xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +Index: xen-4.2.2-testing/tools/libxl/xl_cmdimpl.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/xl_cmdimpl.c -+++ xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +--- xen-4.2.2-testing.orig/tools/libxl/xl_cmdimpl.c ++++ xen-4.2.2-testing/tools/libxl/xl_cmdimpl.c @@ -863,6 +863,11 @@ static void parse_config_data(const char } diff --git a/26556-hvm-firmware-passthrough.patch b/26556-hvm-firmware-passthrough.patch index 606b384..366b731 100644 --- a/26556-hvm-firmware-passthrough.patch +++ b/26556-hvm-firmware-passthrough.patch @@ -9,11 +9,11 @@ Signed-off-by: Ross Philipson Acked-by: Ian Campbell Committed-by: Ian Campbell -Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c +Index: xen-4.2.2-testing/tools/libxl/libxl_dom.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_dom.c -+++ xen-4.2.1-testing/tools/libxl/libxl_dom.c -@@ -31,8 +31,7 @@ libxl_domain_type libxl__domain_type(lib +--- xen-4.2.2-testing.orig/tools/libxl/libxl_dom.c ++++ xen-4.2.2-testing/tools/libxl/libxl_dom.c +@@ -32,8 +32,7 @@ libxl_domain_type libxl__domain_type(lib ret = xc_domain_getinfolist(ctx->xch, domid, 1, &info); if (ret != 1 || info.domain != domid) { @@ -23,7 +23,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return LIBXL_DOMAIN_TYPE_INVALID; } if (info.flags & XEN_DOMINF_hvm_guest) -@@ -313,20 +312,19 @@ int libxl__build_post(libxl__gc *gc, uin +@@ -317,20 +316,19 @@ int libxl__build_post(libxl__gc *gc, uin ents = libxl__calloc(gc, 12 + (info->max_vcpus * 2) + 2, sizeof(char *)); ents[0] = "memory/static-max"; @@ -51,7 +51,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c ents[12+(i*2)+1] = libxl_bitmap_test(&info->avail_vcpus, i) ? "online" : "offline"; } -@@ -335,7 +333,7 @@ int libxl__build_post(libxl__gc *gc, uin +@@ -339,7 +337,7 @@ int libxl__build_post(libxl__gc *gc, uin if (info->type == LIBXL_DOMAIN_TYPE_HVM) { hvm_ents = libxl__calloc(gc, 3, sizeof(char *)); hvm_ents[0] = "hvmloader/generation-id-address"; @@ -60,7 +60,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c } dom_path = libxl__xs_get_dompath(gc, domid); -@@ -343,7 +341,7 @@ int libxl__build_post(libxl__gc *gc, uin +@@ -347,7 +345,7 @@ int libxl__build_post(libxl__gc *gc, uin return ERROR_FAIL; } @@ -69,7 +69,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c retry_transaction: t = xs_transaction_start(ctx->xsh); -@@ -374,7 +372,7 @@ int libxl__build_pv(libxl__gc *gc, uint3 +@@ -378,7 +376,7 @@ int libxl__build_pv(libxl__gc *gc, uint3 dom = xc_dom_allocate(ctx->xch, state->pv_cmdline, info->u.pv.features); if (!dom) { @@ -78,7 +78,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return ERROR_FAIL; } -@@ -384,13 +382,13 @@ int libxl__build_pv(libxl__gc *gc, uint3 +@@ -388,13 +386,13 @@ int libxl__build_pv(libxl__gc *gc, uint3 state->pv_kernel.data, state->pv_kernel.size); if ( ret != 0) { @@ -94,7 +94,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c goto out; } } -@@ -398,12 +396,12 @@ int libxl__build_pv(libxl__gc *gc, uint3 +@@ -402,12 +400,12 @@ int libxl__build_pv(libxl__gc *gc, uint3 if ( state->pv_ramdisk.path && strlen(state->pv_ramdisk.path) ) { if (state->pv_ramdisk.mapped) { if ( (ret = xc_dom_ramdisk_mem(dom, state->pv_ramdisk.data, state->pv_ramdisk.size)) != 0 ) { @@ -109,7 +109,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c goto out; } } -@@ -416,31 +414,31 @@ int libxl__build_pv(libxl__gc *gc, uint3 +@@ -420,31 +418,31 @@ int libxl__build_pv(libxl__gc *gc, uint3 dom->xenstore_domid = state->store_domid; if ( (ret = xc_dom_boot_xen_init(dom, ctx->xch, domid)) != 0 ) { @@ -148,7 +148,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c goto out; } -@@ -679,8 +677,7 @@ int libxl__qemu_traditional_cmd(libxl__g +@@ -683,8 +681,7 @@ int libxl__qemu_traditional_cmd(libxl__g const char *cmd) { char *path = NULL; @@ -158,7 +158,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return libxl__xs_write(gc, XBT_NULL, path, "%s", cmd); } -@@ -697,8 +694,7 @@ struct libxl__physmap_info { +@@ -701,8 +698,7 @@ struct libxl__physmap_info { static inline char *restore_helper(libxl__gc *gc, uint32_t domid, uint64_t phys_offset, char *node) { @@ -168,7 +168,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c domid, phys_offset, node); } -@@ -708,7 +704,6 @@ int libxl__toolstack_restore(uint32_t do +@@ -712,7 +708,6 @@ int libxl__toolstack_restore(uint32_t do libxl__save_helper_state *shs = user; libxl__domain_create_state *dcs = CONTAINER_OF(shs, *dcs, shs); STATE_AO_GC(dcs->ao); @@ -176,7 +176,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c int i, ret; const uint8_t *ptr = buf; uint32_t count = 0, version = 0; -@@ -718,7 +713,7 @@ int libxl__toolstack_restore(uint32_t do +@@ -722,7 +717,7 @@ int libxl__toolstack_restore(uint32_t do LOG(DEBUG,"domain=%"PRIu32" toolstack data size=%"PRIu32, domid, size); if (size < sizeof(version) + sizeof(count)) { @@ -185,7 +185,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return -1; } -@@ -726,7 +721,7 @@ int libxl__toolstack_restore(uint32_t do +@@ -730,7 +725,7 @@ int libxl__toolstack_restore(uint32_t do ptr += sizeof(version); if (version != TOOLSTACK_SAVE_VERSION) { @@ -194,7 +194,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return -1; } -@@ -735,7 +730,7 @@ int libxl__toolstack_restore(uint32_t do +@@ -739,7 +734,7 @@ int libxl__toolstack_restore(uint32_t do if (size < sizeof(version) + sizeof(count) + count * (sizeof(struct libxl__physmap_info))) { @@ -203,7 +203,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return -1; } -@@ -945,15 +940,13 @@ static void switch_logdirty_done(libxl__ +@@ -988,15 +983,13 @@ static void switch_logdirty_done(libxl__ int libxl__domain_suspend_device_model(libxl__gc *gc, libxl__domain_suspend_state *dss) { @@ -220,7 +220,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c libxl__qemu_traditional_cmd(gc, domid, "save"); libxl__wait_for_device_model(gc, domid, "paused", NULL, NULL, NULL); break; -@@ -1129,8 +1122,7 @@ int libxl__domain_suspend_common_callbac +@@ -1172,8 +1165,7 @@ int libxl__domain_suspend_common_callbac static inline char *physmap_path(libxl__gc *gc, uint32_t domid, char *phys_offset, char *node) { @@ -230,7 +230,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c domid, phys_offset, node); } -@@ -1147,7 +1139,7 @@ int libxl__toolstack_save(uint32_t domid +@@ -1190,7 +1182,7 @@ int libxl__toolstack_save(uint32_t domid char **entries = NULL; struct libxl__physmap_info *pi; @@ -239,7 +239,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c "/local/domain/0/device-model/%d/physmap", domid), &num); count = num; -@@ -1288,7 +1280,7 @@ void libxl__domain_suspend(libxl__egc *e +@@ -1331,7 +1323,7 @@ void libxl__domain_suspend(libxl__egc *e char *path; char *addr; @@ -248,7 +248,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c libxl__xs_get_dompath(gc, domid)); addr = libxl__xs_read(gc, XBT_NULL, path); -@@ -1502,10 +1494,7 @@ static void domain_suspend_done(libxl__e +@@ -1545,10 +1537,7 @@ static void domain_suspend_done(libxl__e char *libxl__uuid2string(libxl__gc *gc, const libxl_uuid uuid) { @@ -260,7 +260,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c } static const char *userdata_path(libxl__gc *gc, uint32_t domid, -@@ -1513,34 +1502,27 @@ static const char *userdata_path(libxl__ +@@ -1556,34 +1545,27 @@ static const char *userdata_path(libxl__ const char *wh) { libxl_ctx *ctx = libxl__gc_owner(gc); @@ -301,7 +301,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c return errno; } return 0; -@@ -1548,7 +1530,6 @@ static int userdata_delete(libxl__gc *gc +@@ -1591,7 +1573,6 @@ static int userdata_delete(libxl__gc *gc void libxl__userdata_destroyall(libxl__gc *gc, uint32_t domid) { @@ -309,7 +309,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dom.c const char *pattern; glob_t gl; int r, i; -@@ -1564,7 +1545,7 @@ void libxl__userdata_destroyall(libxl__g +@@ -1607,7 +1588,7 @@ void libxl__userdata_destroyall(libxl__g if (r == GLOB_NOMATCH) goto out; if (r) diff --git a/26576-x86-APICV-migration.patch b/26576-x86-APICV-migration.patch index 862ec14..1745189 100644 --- a/26576-x86-APICV-migration.patch +++ b/26576-x86-APICV-migration.patch @@ -18,7 +18,7 @@ Committed-by: Jan Beulich --- a/xen/arch/x86/hvm/vlapic.c +++ b/xen/arch/x86/hvm/vlapic.c -@@ -1198,6 +1198,9 @@ static int lapic_load_regs(struct domain +@@ -1194,6 +1194,9 @@ static int lapic_load_regs(struct domain if ( hvm_load_entry(LAPIC_REGS, h, s->regs) != 0 ) return -EINVAL; @@ -43,7 +43,7 @@ Committed-by: Jan Beulich if (v->arch.hvm_vmx.eoi_exitmap_changed) { --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1520,6 +1520,29 @@ static int vmx_virtual_intr_delivery_ena +@@ -1523,6 +1523,29 @@ static int vmx_virtual_intr_delivery_ena return cpu_has_vmx_virtual_intr_delivery; } @@ -73,7 +73,7 @@ Committed-by: Jan Beulich static struct hvm_function_table __read_mostly vmx_function_table = { .name = "VMX", .cpu_up_prepare = vmx_cpu_up_prepare, -@@ -1568,7 +1591,8 @@ static struct hvm_function_table __read_ +@@ -1571,7 +1594,8 @@ static struct hvm_function_table __read_ .nhvm_intr_blocked = nvmx_intr_blocked, .nhvm_domain_relinquish_resources = nvmx_domain_relinquish_resources, .update_eoi_exit_bitmap = vmx_update_eoi_exit_bitmap, diff --git a/26577-x86-APICV-x2APIC.patch b/26577-x86-APICV-x2APIC.patch index 188b1fb..0abdb53 100644 --- a/26577-x86-APICV-x2APIC.patch +++ b/26577-x86-APICV-x2APIC.patch @@ -18,8 +18,10 @@ Acked-by: Eddie Dong Acked-by: Jun Nakajima Committed-by: Jan Beulich ---- a/xen/arch/x86/hvm/vmx/vmcs.c -+++ b/xen/arch/x86/hvm/vmx/vmcs.c +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmcs.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmcs.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmcs.c @@ -194,7 +194,8 @@ static int vmx_init_vmcs_config(void) */ if ( _vmx_cpu_based_exec_control & CPU_BASED_TPR_SHADOW ) @@ -128,9 +130,11 @@ Committed-by: Jan Beulich } /* I/O access bitmap. */ ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -2009,18 +2009,63 @@ static void vmx_install_vlapic_mapping(s +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -2012,18 +2012,63 @@ static void vmx_install_vlapic_mapping(s void vmx_vlapic_msr_changed(struct vcpu *v) { @@ -198,8 +202,10 @@ Committed-by: Jan Beulich vmx_update_secondary_exec_control(v); vmx_vmcs_exit(v); } ---- a/xen/include/asm-x86/hvm/vmx/vmcs.h -+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h +Index: xen-4.2.2-testing/xen/include/asm-x86/hvm/vmx/vmcs.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/hvm/vmx/vmcs.h ++++ xen-4.2.2-testing/xen/include/asm-x86/hvm/vmx/vmcs.h @@ -182,6 +182,7 @@ extern u32 vmx_vmentry_control; #define SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES 0x00000001 #define SECONDARY_EXEC_ENABLE_EPT 0x00000002 @@ -225,8 +231,10 @@ Committed-by: Jan Beulich int vmx_read_guest_msr(u32 msr, u64 *val); int vmx_write_guest_msr(u32 msr, u64 val); int vmx_add_guest_msr(u32 msr); ---- a/xen/include/asm-x86/msr-index.h -+++ b/xen/include/asm-x86/msr-index.h +Index: xen-4.2.2-testing/xen/include/asm-x86/msr-index.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/msr-index.h ++++ xen-4.2.2-testing/xen/include/asm-x86/msr-index.h @@ -295,7 +295,10 @@ #define MSR_IA32_APICBASE_BASE (0xfffff<<12) #define MSR_IA32_APICBASE_MSR 0x800 diff --git a/26578-AMD-IOMMU-replace-BUG_ON.patch b/26578-AMD-IOMMU-replace-BUG_ON.patch deleted file mode 100644 index 41ab9fc..0000000 --- a/26578-AMD-IOMMU-replace-BUG_ON.patch +++ /dev/null @@ -1,25 +0,0 @@ -# HG changeset patch -# User Jan Beulich -# Date 1361176655 -3600 -# Node ID 57e67af5281a6b66cf71dfa812e4335930684fd6 -# Parent 45d59b822ed187c535b127679e32853b148ed411 -AMD IOMMU: don't BUG() when we don't have to - -find_iommu_for_device() can easily return NULL instead, as all of its -callers are prepared for that. - -Signed-off-by: Jan Beulich - ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c -@@ -32,8 +32,8 @@ struct amd_iommu *find_iommu_for_device( - { - struct ivrs_mappings *ivrs_mappings = get_ivrs_mappings(seg); - -- BUG_ON ( bdf >= ivrs_bdf_entries ); -- return ivrs_mappings ? ivrs_mappings[bdf].iommu : NULL; -+ return ivrs_mappings && bdf < ivrs_bdf_entries ? ivrs_mappings[bdf].iommu -+ : NULL; - } - - /* diff --git a/26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch b/26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch deleted file mode 100644 index 5c8719e..0000000 --- a/26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch +++ /dev/null @@ -1,50 +0,0 @@ -# Commit a15d87475ed95840dba693ab0a56d0b48a215cbc -# Date 2013-02-21 15:16:20 +0000 -# Author Tim Deegan -# Committer Tim Deegan -x86/mm: Take the p2m lock even in shadow mode. - -The reworking of p2m lookups to use get_gfn()/put_gfn() left the -shadow code not taking the p2m lock, even in cases where the p2m would -be updated (i.e. PoD). - -In many cases, shadow code doesn't need the exclusion that -get_gfn()/put_gfn() provides, as it has its own interlocks against p2m -updates, but this is taking things too far, and can lead to crashes in -the PoD code. - -Now that most shadow-code p2m lookups are done with explicitly -unlocked accessors, or with the get_page_from_gfn() accessor, which is -often lock-free, we can just turn this locking on. - -The remaining locked lookups are in sh_page_fault() (in a path that's -almost always already serializing on the paging lock), and in -emulate_map_dest() (which can probably be updated to use -get_page_from_gfn()). They're not addressed here but may be in a -follow-up patch. - -Signed-off-by: Tim Deegan -Acked-by: Andres Lagar-Cavilla - ---- a/xen/arch/x86/mm/p2m.c -+++ b/xen/arch/x86/mm/p2m.c -@@ -163,8 +163,7 @@ mfn_t __get_gfn_type_access(struct p2m_d - return _mfn(gfn); - } - -- /* For now only perform locking on hap domains */ -- if ( locked && (hap_enabled(p2m->domain)) ) -+ if ( locked ) - /* Grab the lock here, don't release until put_gfn */ - gfn_lock(p2m, gfn, 0); - -@@ -197,8 +196,7 @@ mfn_t __get_gfn_type_access(struct p2m_d - - void __put_gfn(struct p2m_domain *p2m, unsigned long gfn) - { -- if ( !p2m || !paging_mode_translate(p2m->domain) -- || !hap_enabled(p2m->domain) ) -+ if ( !p2m || !paging_mode_translate(p2m->domain) ) - /* Nothing to do in this case */ - return; - diff --git a/26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch b/26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch deleted file mode 100644 index 4fa14a5..0000000 --- a/26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch +++ /dev/null @@ -1,57 +0,0 @@ -# Commit 17281aea1a9a10f1ee165c6e6a2921a67b7b1df2 -# Date 2013-02-22 11:21:38 +0100 -# Author Jan Beulich -# Committer Jan Beulich -x86/nhvm: properly clean up after failure to set up all vCPU-s - -Otherwise we may leak memory when setting up nHVM fails half way. - -This implies that the individual destroy functions will have to remain -capable (in the VMX case they first need to be made so, following -26486:7648ef657fe7 and 26489:83a3fa9c8434) of being called for a vCPU -that the corresponding init function was never run on. - -Once at it, also remove a redundant check from the corresponding -parameter validation code. - -Signed-off-by: Jan Beulich -Acked-by: Tim Deegan -Tested-by: Olaf Hering - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -3941,18 +3941,20 @@ long do_hvm_op(unsigned long op, XEN_GUE - #else - if ( a.value > 1 ) - rc = -EINVAL; -- if ( !is_hvm_domain(d) ) -- rc = -EINVAL; - /* Remove the check below once we have - * shadow-on-shadow. - */ - if ( cpu_has_svm && !paging_mode_hap(d) && a.value ) - rc = -EINVAL; - /* Set up NHVM state for any vcpus that are already up */ -- if ( !d->arch.hvm_domain.params[HVM_PARAM_NESTEDHVM] ) -+ if ( a.value && -+ !d->arch.hvm_domain.params[HVM_PARAM_NESTEDHVM] ) - for_each_vcpu(d, v) - if ( rc == 0 ) - rc = nestedhvm_vcpu_initialise(v); -+ if ( !a.value || rc ) -+ for_each_vcpu(d, v) -+ nestedhvm_vcpu_destroy(v); - #endif - break; - case HVM_PARAM_BUFIOREQ_EVTCHN: ---- a/xen/arch/x86/hvm/nestedhvm.c -+++ b/xen/arch/x86/hvm/nestedhvm.c -@@ -88,7 +88,7 @@ nestedhvm_vcpu_initialise(struct vcpu *v - void - nestedhvm_vcpu_destroy(struct vcpu *v) - { -- if ( nestedhvm_enabled(v->domain) && hvm_funcs.nhvm_vcpu_destroy ) -+ if ( hvm_funcs.nhvm_vcpu_destroy ) - hvm_funcs.nhvm_vcpu_destroy(v); - } - diff --git a/26601-honor-ACPI-v4-FADT-flags.patch b/26601-honor-ACPI-v4-FADT-flags.patch deleted file mode 100644 index 124567b..0000000 --- a/26601-honor-ACPI-v4-FADT-flags.patch +++ /dev/null @@ -1,158 +0,0 @@ -# Commit 992fdf6f46252a459c6b1b8d971b2c71f01460f8 -# Date 2013-02-22 11:56:54 +0100 -# Author Jan Beulich -# Committer Jan Beulich -honor ACPI v4 FADT flags - -- force use of physical APIC mode if indicated so (as we don't support - xAPIC cluster mode, the respective flag is taken to force physical - mode too) -- don't use MSI if indicated so (implies no IOMMU) - -Both can be overridden on the command line, for the MSI case this at -once adds a new command line option allowing to turn off PCI MSI (IOMMU -and HPET are unaffected by this). - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/docs/misc/xen-command-line.markdown -+++ b/docs/misc/xen-command-line.markdown -@@ -602,6 +602,13 @@ limit is ignored by Xen. - - Specify if the MMConfig space should be enabled. - -+### msi -+> `= ` -+ -+> Default: `true` -+ -+Force Xen to (not) use PCI-MSI, even if ACPI FADT says otherwise. -+ - ### nmi - > `= ignore | dom0 | fatal` - ---- a/xen/arch/x86/genapic/bigsmp.c -+++ b/xen/arch/x86/genapic/bigsmp.c -@@ -40,7 +40,14 @@ static struct dmi_system_id __initdata b - - static __init int probe_bigsmp(void) - { -- if (!def_to_bigsmp) -+ /* -+ * We don't implement cluster mode, so force use of -+ * physical mode in both cases. -+ */ -+ if (acpi_gbl_FADT.flags & -+ (ACPI_FADT_APIC_CLUSTER | ACPI_FADT_APIC_PHYSICAL)) -+ def_to_bigsmp = 1; -+ else if (!def_to_bigsmp) - dmi_check_system(bigsmp_dmi_table); - return def_to_bigsmp; - } ---- a/xen/arch/x86/genapic/x2apic.c -+++ b/xen/arch/x86/genapic/x2apic.c -@@ -29,9 +29,6 @@ - #include - #include - --static bool_t __initdata x2apic_phys; /* By default we use logical cluster mode. */ --boolean_param("x2apic_phys", x2apic_phys); -- - static void init_apic_ldr_x2apic_phys(void) - { - } -@@ -121,8 +118,14 @@ static const struct genapic apic_x2apic_ - .send_IPI_self = send_IPI_self_x2apic - }; - -+static s8 __initdata x2apic_phys = -1; /* By default we use logical cluster mode. */ -+boolean_param("x2apic_phys", x2apic_phys); -+ - const struct genapic *__init apic_x2apic_probe(void) - { -+ if ( x2apic_phys < 0 ) -+ x2apic_phys = !!(acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL); -+ - return x2apic_phys ? &apic_x2apic_phys : &apic_x2apic_cluster; - } - ---- a/xen/arch/x86/msi.c -+++ b/xen/arch/x86/msi.c -@@ -31,6 +31,9 @@ - #include - #include - -+static s8 __read_mostly use_msi = -1; -+boolean_param("msi", use_msi); -+ - /* bitmap indicate which fixed map is free */ - DEFINE_SPINLOCK(msix_fixmap_lock); - DECLARE_BITMAP(msix_fixmap_pages, FIX_MSIX_MAX_PAGES); -@@ -958,6 +961,9 @@ int pci_enable_msi(struct msi_info *msi, - { - ASSERT(spin_is_locked(&pcidevs_lock)); - -+ if ( !use_msi ) -+ return -EPERM; -+ - return msi->table_base ? __pci_enable_msix(msi, desc) : - __pci_enable_msi(msi, desc); - } -@@ -1003,7 +1009,10 @@ int pci_restore_msi_state(struct pci_dev - - ASSERT(spin_is_locked(&pcidevs_lock)); - -- if (!pdev) -+ if ( !use_msi ) -+ return -EOPNOTSUPP; -+ -+ if ( !pdev ) - return -EINVAL; - - ret = xsm_resource_setup_pci((pdev->seg << 16) | (pdev->bus << 8) | pdev->devfn); -@@ -1062,7 +1071,7 @@ unsigned int pci_msix_get_table_len(stru - func = PCI_FUNC(pdev->devfn); - - pos = pci_find_cap_offset(seg, bus, slot, func, PCI_CAP_ID_MSIX); -- if ( !pos ) -+ if ( !pos || !use_msi ) - return 0; - - control = pci_conf_read16(seg, bus, slot, func, msix_control_reg(pos)); -@@ -1135,6 +1144,9 @@ static struct keyhandler dump_msi_keyhan - - static int __init msi_setup_keyhandler(void) - { -+ if ( use_msi < 0 ) -+ use_msi = !(acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_MSI); -+ - register_keyhandler('M', &dump_msi_keyhandler); - return 0; - } ---- a/xen/drivers/passthrough/amd/iommu_acpi.c -+++ b/xen/drivers/passthrough/amd/iommu_acpi.c -@@ -1066,5 +1066,8 @@ int __init amd_iommu_get_ivrs_dev_entrie - - int __init amd_iommu_update_ivrs_mapping_acpi(void) - { -+ if ( unlikely(acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_MSI) ) -+ return -EPERM; -+ - return acpi_table_parse(ACPI_SIG_IVRS, parse_ivrs_table); - } ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c -@@ -2119,6 +2119,12 @@ int __init intel_vtd_setup(void) - if ( list_empty(&acpi_drhd_units) ) - return -ENODEV; - -+ if ( unlikely(acpi_gbl_FADT.boot_flags & ACPI_FADT_NO_MSI) ) -+ { -+ ret = -EPERM; -+ goto error; -+ } -+ - platform_quirks_init(); - - /* We enable the following features only if they are supported by all VT-d diff --git a/26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch b/26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch deleted file mode 100644 index 3904b58..0000000 --- a/26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch +++ /dev/null @@ -1,22 +0,0 @@ -# Commit c40e24a8ef74f9d0ee59dd9b8ca890be08b0b874 -# Date 2013-02-25 12:44:25 +0100 -# Author Xi Wang -# Committer Jan Beulich -x86: fix null pointer dereference in intel_get_extended_msrs() - -`memset(&mc_ext, 0, ...)' leads to a buffer overflow and a subsequent -null pointer dereference. Replace `&mc_ext' with `mc_ext'. - -Signed-off-by: Xi Wang - ---- a/xen/arch/x86/cpu/mcheck/mce_intel.c -+++ b/xen/arch/x86/cpu/mcheck/mce_intel.c -@@ -534,7 +534,7 @@ intel_get_extended_msrs(struct mcinfo_gl - } - - /* this function will called when CAP(9).MCG_EXT_P = 1 */ -- memset(&mc_ext, 0, sizeof(struct mcinfo_extended)); -+ memset(mc_ext, 0, sizeof(*mc_ext)); - mc_ext->common.type = MC_TYPE_EXTENDED; - mc_ext->common.size = sizeof(struct mcinfo_extended); - diff --git a/26659-AMD-IOMMU-erratum-746-workaround.patch b/26659-AMD-IOMMU-erratum-746-workaround.patch deleted file mode 100644 index 877b872..0000000 --- a/26659-AMD-IOMMU-erratum-746-workaround.patch +++ /dev/null @@ -1,73 +0,0 @@ -# Commit 0f8adcb2a7183bea5063f6fffba7d7e1aa14fc84 -# Date 2013-02-26 10:14:53 +0100 -# Author Suravee Suthikulpanit -# Committer Jan Beulich -IOMMU, AMD Family15h Model10-1Fh erratum 746 Workaround - -The IOMMU may stop processing page translations due to a perceived lack -of credits for writing upstream peripheral page service request (PPR) -or event logs. If the L2B miscellaneous clock gating feature is enabled -the IOMMU does not properly register credits after the log request has -completed, leading to a potential system hang. - -BIOSes are supposed to disable L2B micellaneous clock gating by setting -L2_L2B_CK_GATE_CONTROL[CKGateL2BMiscDisable](D0F2xF4_x90[2]) = 1b. This -patch corrects that for those which do not enable this workaround. - -Signed-off-by: Suravee Suthikulpanit -Signed-off-by: Jan Beulich - ---- a/xen/drivers/passthrough/amd/iommu_init.c -+++ b/xen/drivers/passthrough/amd/iommu_init.c -@@ -795,6 +795,42 @@ static int __init set_iommu_interrupt_ha - return irq; - } - -+/* -+ * Family15h Model 10h-1fh erratum 746 (IOMMU Logging May Stall Translations) -+ * Workaround: -+ * BIOS should disable L2B micellaneous clock gating by setting -+ * L2_L2B_CK_GATE_CONTROL[CKGateL2BMiscDisable](D0F2xF4_x90[2]) = 1b -+ */ -+static void amd_iommu_erratum_746_workaround(struct amd_iommu *iommu) -+{ -+ u32 value; -+ u8 bus = PCI_BUS(iommu->bdf); -+ u8 dev = PCI_SLOT(iommu->bdf); -+ u8 func = PCI_FUNC(iommu->bdf); -+ -+ if ( (boot_cpu_data.x86 != 0x15) || -+ (boot_cpu_data.x86_model < 0x10) || -+ (boot_cpu_data.x86_model > 0x1f) ) -+ return; -+ -+ pci_conf_write32(iommu->seg, bus, dev, func, 0xf0, 0x90); -+ value = pci_conf_read32(iommu->seg, bus, dev, func, 0xf4); -+ -+ if ( value & (1 << 2) ) -+ return; -+ -+ /* Select NB indirect register 0x90 and enable writing */ -+ pci_conf_write32(iommu->seg, bus, dev, func, 0xf0, 0x90 | (1 << 8)); -+ -+ pci_conf_write32(iommu->seg, bus, dev, func, 0xf4, value | (1 << 2)); -+ printk(XENLOG_INFO -+ "AMD-Vi: Applying erratum 746 workaround for IOMMU at %04x:%02x:%02x.%u\n", -+ iommu->seg, bus, dev, func); -+ -+ /* Clear the enable writing bit */ -+ pci_conf_write32(iommu->seg, bus, dev, func, 0xf0, 0x90); -+} -+ - static void enable_iommu(struct amd_iommu *iommu) - { - unsigned long flags; -@@ -807,6 +843,8 @@ static void enable_iommu(struct amd_iomm - return; - } - -+ amd_iommu_erratum_746_workaround(iommu); -+ - register_iommu_dev_table_in_mmio_space(iommu); - register_iommu_cmd_buffer_in_mmio_space(iommu); - register_iommu_event_log_in_mmio_space(iommu); diff --git a/26660-x86-fix-CMCI-injection.patch b/26660-x86-fix-CMCI-injection.patch deleted file mode 100644 index dbd9358..0000000 --- a/26660-x86-fix-CMCI-injection.patch +++ /dev/null @@ -1,128 +0,0 @@ -# Commit 2f8c55ccefe49bb526df0eaf5fa9b7b788422208 -# Date 2013-02-26 10:15:56 +0100 -# Author Jan Beulich -# Committer Jan Beulich -x86: fix CMCI injection - -This fixes the wrong use of literal vector 0xF7 with an "int" -instruction (invalidated by 25113:14609be41f36) and the fact that doing -the injection via a software interrupt was never valid anyway (because -cmci_interrupt() acks the LAPIC, which does the wrong thing if the -interrupt didn't get delivered though it). - -In order to do latter, the patch introduces send_IPI_self(), at once -removing two opend coded uses of "genapic" in the IRQ handling code. - -Reported-by: Yongjie Ren -Signed-off-by: Jan Beulich -Tested-by: Yongjie Ren -Acked-by: Keir Fraser - ---- a/xen/arch/x86/cpu/mcheck/mce.c -+++ b/xen/arch/x86/cpu/mcheck/mce.c -@@ -30,6 +30,7 @@ bool_t __read_mostly mce_broadcast = 0; - bool_t is_mc_panic; - unsigned int __read_mostly nr_mce_banks; - unsigned int __read_mostly firstbank; -+uint8_t __read_mostly cmci_apic_vector; - - static void intpose_init(void); - static void mcinfo_clear(struct mc_info *); -@@ -1277,12 +1278,6 @@ static void x86_mc_mceinject(void *data) - __asm__ __volatile__("int $0x12"); - } - --static void x86_cmci_inject(void *data) --{ -- printk("Simulating CMCI on cpu %d\n", smp_processor_id()); -- __asm__ __volatile__("int $0xf7"); --} -- - #if BITS_PER_LONG == 64 - - #define ID2COOKIE(id) ((mctelem_cookie_t)(id)) -@@ -1568,11 +1563,15 @@ long do_mca(XEN_GUEST_HANDLE(xen_mc_t) u - on_selected_cpus(cpumap, x86_mc_mceinject, NULL, 1); - break; - case XEN_MC_INJECT_TYPE_CMCI: -- if ( !cmci_support ) -+ if ( !cmci_apic_vector ) - ret = x86_mcerr( - "No CMCI supported in platform\n", -EINVAL); - else -- on_selected_cpus(cpumap, x86_cmci_inject, NULL, 1); -+ { -+ if ( cpumask_test_cpu(smp_processor_id(), cpumap) ) -+ send_IPI_self(cmci_apic_vector); -+ send_IPI_mask(cpumap, cmci_apic_vector); -+ } - break; - default: - ret = x86_mcerr("Wrong mca type\n", -EINVAL); ---- a/xen/arch/x86/cpu/mcheck/mce.h -+++ b/xen/arch/x86/cpu/mcheck/mce.h -@@ -38,6 +38,8 @@ enum mcheck_type { - mcheck_intel - }; - -+extern uint8_t cmci_apic_vector; -+ - /* Init functions */ - enum mcheck_type amd_k7_mcheck_init(struct cpuinfo_x86 *c); - enum mcheck_type amd_k8_mcheck_init(struct cpuinfo_x86 *c); ---- a/xen/arch/x86/cpu/mcheck/mce_intel.c -+++ b/xen/arch/x86/cpu/mcheck/mce_intel.c -@@ -1164,7 +1164,6 @@ static void intel_init_cmci(struct cpuin - { - u32 l, apic; - int cpu = smp_processor_id(); -- static uint8_t cmci_apic_vector; - - if (!mce_available(c) || !cmci_support) { - if (opt_cpu_info) ---- a/xen/arch/x86/irq.c -+++ b/xen/arch/x86/irq.c -@@ -646,7 +646,7 @@ void irq_move_cleanup_interrupt(struct c - * to myself. - */ - if (irr & (1 << (vector % 32))) { -- genapic->send_IPI_self(IRQ_MOVE_CLEANUP_VECTOR); -+ send_IPI_self(IRQ_MOVE_CLEANUP_VECTOR); - TRACE_3D(TRC_HW_IRQ_MOVE_CLEANUP_DELAY, - irq, vector, smp_processor_id()); - goto unlock; -@@ -692,7 +692,7 @@ static void send_cleanup_vector(struct i - - cpumask_and(&cleanup_mask, desc->arch.old_cpu_mask, &cpu_online_map); - desc->arch.move_cleanup_count = cpumask_weight(&cleanup_mask); -- genapic->send_IPI_mask(&cleanup_mask, IRQ_MOVE_CLEANUP_VECTOR); -+ send_IPI_mask(&cleanup_mask, IRQ_MOVE_CLEANUP_VECTOR); - - desc->arch.move_in_progress = 0; - } ---- a/xen/arch/x86/smp.c -+++ b/xen/arch/x86/smp.c -@@ -43,6 +43,11 @@ void send_IPI_mask(const cpumask_t *mask - genapic->send_IPI_mask(mask, vector); - } - -+void send_IPI_self(int vector) -+{ -+ genapic->send_IPI_self(vector); -+} -+ - /* - * Some notes on x86 processor bugs affecting SMP operation: - * ---- a/xen/include/asm-x86/smp.h -+++ b/xen/include/asm-x86/smp.h -@@ -29,7 +29,8 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_ - - void smp_send_nmi_allbutself(void); - --void send_IPI_mask(const cpumask_t *mask, int vector); -+void send_IPI_mask(const cpumask_t *, int vector); -+void send_IPI_self(int vector); - - extern void (*mtrr_hook) (void); - diff --git a/26672-vmx-fix-handling-of-NMI-VMEXIT.patch b/26672-vmx-fix-handling-of-NMI-VMEXIT.patch deleted file mode 100644 index a8c5bf5..0000000 --- a/26672-vmx-fix-handling-of-NMI-VMEXIT.patch +++ /dev/null @@ -1,107 +0,0 @@ -# Commit 7dd3b06ff031c9a8c727df16c5def2afb382101c -# Date 2013-02-28 14:00:18 +0000 -# Author Tim Deegan -# Committer Tim Deegan -vmx: fix handling of NMI VMEXIT. - -Call do_nmi() directly and explicitly re-enable NMIs rather than -raising an NMI through the APIC. Since NMIs are disabled after the -VMEXIT, the raised NMI would be blocked until the next IRET -instruction (i.e. the next real interrupt, or after scheduling a PV -guest) and in the meantime the guest will spin taking NMI VMEXITS. - -Also, handle NMIs before re-enabling interrupts, since if we handle an -interrupt (and therefore IRET) before calling do_nmi(), we may end up -running the NMI handler with NMIs enabled. - -Signed-off-by: Tim Deegan -Acked-by: Andrew Cooper -Acked-by: Jan Beulich - ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -2421,6 +2421,13 @@ void vmx_vmexit_handler(struct cpu_user_ - vector = intr_info & INTR_INFO_VECTOR_MASK; - if ( vector == TRAP_machine_check ) - do_machine_check(regs); -+ if ( vector == TRAP_nmi -+ && ((intr_info & INTR_INFO_INTR_TYPE_MASK) == -+ (X86_EVENTTYPE_NMI << 8)) ) -+ { -+ do_nmi(regs); -+ enable_nmis(); -+ } - break; - case EXIT_REASON_MCE_DURING_VMENTRY: - do_machine_check(regs); -@@ -2594,7 +2601,7 @@ void vmx_vmexit_handler(struct cpu_user_ - (X86_EVENTTYPE_NMI << 8) ) - goto exit_and_crash; - HVMTRACE_0D(NMI); -- self_nmi(); /* Real NMI, vector 2: normal processing. */ -+ /* Already handled above. */ - break; - case TRAP_machine_check: - HVMTRACE_0D(MCE); ---- a/xen/arch/x86/x86_32/entry.S -+++ b/xen/arch/x86/x86_32/entry.S -@@ -621,6 +621,14 @@ ENTRY(machine_check) - pushl $TRAP_machine_check<<16 - jmp handle_nmi_mce - -+/* Enable NMIs. No special register assumptions. All registers are preserved. */ -+ENTRY(enable_nmis) -+ /* Set up stack frame */ -+ pushf # EFLAGS -+ push %cs # CS -+ push $.Lret # EIP -+ iret # Disable the hardware NMI latch -+ - ENTRY(setup_vm86_frame) - mov %ecx,%ds - mov %ecx,%es -@@ -634,7 +642,7 @@ ENTRY(setup_vm86_frame) - .endm - copy_vm86_words - addl $16,%esp -- ret -+.Lret: ret - - .section .rodata, "a", @progbits - ---- a/xen/arch/x86/x86_64/entry.S -+++ b/xen/arch/x86/x86_64/entry.S -@@ -643,6 +643,22 @@ ENTRY(machine_check) - movl $TRAP_machine_check,4(%rsp) - jmp handle_ist_exception - -+/* Enable NMIs. No special register assumptions. Only %rax is not preserved. */ -+ENTRY(enable_nmis) -+ movq %rsp, %rax /* Grab RSP before pushing */ -+ -+ /* Set up stack frame */ -+ pushq $0 /* SS */ -+ pushq %rax /* RSP */ -+ pushfq /* RFLAGS */ -+ pushq $__HYPERVISOR_CS /* CS */ -+ leaq 1f(%rip),%rax -+ pushq %rax /* RIP */ -+ -+ iretq /* Disable the hardware NMI latch */ -+1: -+ retq -+ - .section .rodata, "a", @progbits - - ENTRY(exception_table) ---- a/xen/include/asm-x86/processor.h -+++ b/xen/include/asm-x86/processor.h -@@ -584,6 +584,8 @@ DECLARE_TRAP_HANDLER(alignment_check); - DECLARE_TRAP_HANDLER(spurious_interrupt_bug); - #undef DECLARE_TRAP_HANDLER - -+void enable_nmis(void); -+ - void syscall_enter(void); - void sysenter_entry(void); - void sysenter_eflags_saved(void); diff --git a/26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch b/26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch deleted file mode 100644 index f11c352..0000000 --- a/26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch +++ /dev/null @@ -1,80 +0,0 @@ -# Commit 482300def7d08e773ccd2a0d978bcb9469fdd810 -# Date 2013-02-28 14:56:45 +0000 -# Author Juergen Gross -# Committer Keir Fraser -Avoid stale pointer when moving domain to another cpupool - -When a domain is moved to another cpupool the scheduler private data pointers -in vcpu and domain structures must never point to an already freed memory -area. - -While at it, simplify sched_init_vcpu() by using DOM2OP instead VCPU2OP. - -Signed-off-by: Juergen Gross - ---- a/xen/common/schedule.c -+++ b/xen/common/schedule.c -@@ -220,7 +220,7 @@ int sched_init_vcpu(struct vcpu *v, unsi - if ( v->sched_priv == NULL ) - return 1; - -- SCHED_OP(VCPU2OP(v), insert_vcpu, v); -+ SCHED_OP(DOM2OP(d), insert_vcpu, v); - - return 0; - } -@@ -231,6 +231,9 @@ int sched_move_domain(struct domain *d, - unsigned int new_p; - void **vcpu_priv; - void *domdata; -+ void *vcpudata; -+ struct scheduler *old_ops; -+ void *old_domdata; - - domdata = SCHED_OP(c->sched, alloc_domdata, d); - if ( domdata == NULL ) -@@ -261,21 +264,22 @@ int sched_move_domain(struct domain *d, - - domain_pause(d); - -+ old_ops = DOM2OP(d); -+ old_domdata = d->sched_priv; -+ - for_each_vcpu ( d, v ) - { -- SCHED_OP(VCPU2OP(v), remove_vcpu, v); -- SCHED_OP(VCPU2OP(v), free_vdata, v->sched_priv); -- v->sched_priv = NULL; -+ SCHED_OP(old_ops, remove_vcpu, v); - } - -- SCHED_OP(DOM2OP(d), free_domdata, d->sched_priv); -- - d->cpupool = c; - d->sched_priv = domdata; - - new_p = cpumask_first(c->cpu_valid); - for_each_vcpu ( d, v ) - { -+ vcpudata = v->sched_priv; -+ - migrate_timer(&v->periodic_timer, new_p); - migrate_timer(&v->singleshot_timer, new_p); - migrate_timer(&v->poll_timer, new_p); -@@ -288,12 +292,16 @@ int sched_move_domain(struct domain *d, - new_p = cpumask_cycle(new_p, c->cpu_valid); - - SCHED_OP(c->sched, insert_vcpu, v); -+ -+ SCHED_OP(old_ops, free_vdata, vcpudata); - } - - domain_update_node_affinity(d); - - domain_unpause(d); - -+ SCHED_OP(old_ops, free_domdata, old_domdata); -+ - xfree(vcpu_priv); - - return 0; diff --git a/26676-fix-compat-memory-exchange-op-splitting.patch b/26676-fix-compat-memory-exchange-op-splitting.patch deleted file mode 100644 index c65141f..0000000 --- a/26676-fix-compat-memory-exchange-op-splitting.patch +++ /dev/null @@ -1,24 +0,0 @@ -# Commit 53decd322157e922cac2988e07da6d39538c8033 -# Date 2013-03-01 16:59:49 +0100 -# Author Jan Beulich -# Committer Jan Beulich -fix compat memory exchange op splitting - -A shift with a negative count was erroneously used here, yielding -undefined behavior. - -Reported-by: Xi Wang -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/common/compat/memory.c -+++ b/xen/common/compat/memory.c -@@ -172,7 +172,7 @@ int compat_memory_op(unsigned int cmd, X - if ( order_delta >= 0 ) - nat.xchg->out.nr_extents = end_extent >> order_delta; - else -- nat.xchg->out.nr_extents = end_extent << order_delta; -+ nat.xchg->out.nr_extents = end_extent << -order_delta; - ++split; - } - diff --git a/26677-x86-make-certain-memory-sub-ops-return-valid-values.patch b/26677-x86-make-certain-memory-sub-ops-return-valid-values.patch deleted file mode 100644 index 6a3a4df..0000000 --- a/26677-x86-make-certain-memory-sub-ops-return-valid-values.patch +++ /dev/null @@ -1,78 +0,0 @@ -# Commit 7ffc9779aa5120c5098d938cb88f69a1dda9a0fe -# Date 2013-03-04 10:16:04 +0100 -# Author Jan Beulich -# Committer Jan Beulich -x86: make certain memory sub-ops return valid values - -When a domain's shared info field "max_pfn" is zero, -domain_get_maximum_gpfn() so far returned ULONG_MAX, which -do_memory_op() in turn converted to -1 (i.e. -EPERM). Make the former -always return a sensible number (i.e. zero if the field was zero) and -have the latter no longer truncate return values. - -Signed-off-by: Jan Beulich -Acked-by: Tim Deegan - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -437,7 +437,7 @@ unsigned long domain_get_maximum_gpfn(st - if ( is_hvm_domain(d) ) - return p2m_get_hostp2m(d)->max_mapped_pfn; - /* NB. PV guests specify nr_pfns rather than max_pfn so we adjust here. */ -- return arch_get_max_pfn(d) - 1; -+ return (arch_get_max_pfn(d) ?: 1) - 1; - } - - void share_xen_page_with_guest( ---- a/xen/common/compat/memory.c -+++ b/xen/common/compat/memory.c -@@ -15,7 +15,8 @@ CHECK_TYPE(domid); - - int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE(void) compat) - { -- int rc, split, op = cmd & MEMOP_CMD_MASK; -+ int split, op = cmd & MEMOP_CMD_MASK; -+ long rc; - unsigned int start_extent = cmd >> MEMOP_EXTENT_SHIFT; - - do -@@ -204,7 +205,7 @@ int compat_memory_op(unsigned int cmd, X - - rc = do_memory_op(cmd, nat.hnd); - if ( rc < 0 ) -- return rc; -+ break; - - cmd = 0; - if ( hypercall_xlat_continuation(&cmd, 0x02, nat.hnd, compat) ) -@@ -318,5 +319,11 @@ int compat_memory_op(unsigned int cmd, X - __HYPERVISOR_memory_op, "ih", cmd, compat); - } while ( split > 0 ); - -+ if ( unlikely(rc > INT_MAX) ) -+ return INT_MAX; -+ -+ if ( unlikely(rc < INT_MIN) ) -+ return INT_MIN; -+ - return rc; - } ---- a/xen/common/memory.c -+++ b/xen/common/memory.c -@@ -532,14 +532,13 @@ static long memory_exchange(XEN_GUEST_HA - long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE(void) arg) - { - struct domain *d; -- int rc, op; -+ long rc; - unsigned int address_bits; - unsigned long start_extent; - struct xen_memory_reservation reservation; - struct memop_args args; - domid_t domid; -- -- op = cmd & MEMOP_CMD_MASK; -+ int op = cmd & MEMOP_CMD_MASK; - - switch ( op ) - { diff --git a/26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch b/26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch deleted file mode 100644 index 6111035..0000000 --- a/26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch +++ /dev/null @@ -1,58 +0,0 @@ -# Commit e6a6fd63652814e5c36a0016c082032f798ced1f -# Date 2013-03-04 10:17:52 +0100 -# Author Jan Beulich -# Committer Jan Beulich -SEDF: avoid gathering vCPU-s on pCPU0 - -The introduction of vcpu_force_reschedule() in 14320:215b799fa181 was -incompatible with the SEDF scheduler: Any vCPU using -VCPUOP_stop_periodic_timer (e.g. any vCPU of half way modern PV Linux -guests) ends up on pCPU0 after that call. Obviously, running all PV -guests' (and namely Dom0's) vCPU-s on pCPU0 causes problems for those -guests rather sooner than later. - -So the main thing that was clearly wrong (and bogus from the beginning) -was the use of cpumask_first() in sedf_pick_cpu(). It is being replaced -by a construct that prefers to put back the vCPU on the pCPU that it -got launched on. - -However, there's one more glitch: When reducing the affinity of a vCPU -temporarily, and then widening it again to a set that includes the pCPU -that the vCPU was last running on, the generic scheduler code would not -force a migration of that vCPU, and hence it would forever stay on the -pCPU it last ran on. Since that can again create a load imbalance, the -SEDF scheduler wants a migration to happen regardless of it being -apparently unnecessary. - -Of course, an alternative to checking for SEDF explicitly in -vcpu_set_affinity() would be to introduce a flags field in struct -scheduler, and have SEDF set a "always-migrate-on-affinity-change" -flag. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/common/sched_sedf.c -+++ b/xen/common/sched_sedf.c -@@ -396,7 +396,8 @@ static int sedf_pick_cpu(const struct sc - - online = cpupool_scheduler_cpumask(v->domain->cpupool); - cpumask_and(&online_affinity, v->cpu_affinity, online); -- return cpumask_first(&online_affinity); -+ return cpumask_cycle(v->vcpu_id % cpumask_weight(&online_affinity) - 1, -+ &online_affinity); - } - - /* ---- a/xen/common/schedule.c -+++ b/xen/common/schedule.c -@@ -611,7 +611,8 @@ int vcpu_set_affinity(struct vcpu *v, co - vcpu_schedule_lock_irq(v); - - cpumask_copy(v->cpu_affinity, affinity); -- if ( !cpumask_test_cpu(v->processor, v->cpu_affinity) ) -+ if ( VCPU2OP(v)->sched_id == XEN_SCHEDULER_SEDF || -+ !cpumask_test_cpu(v->processor, v->cpu_affinity) ) - set_bit(_VPF_migrating, &v->pause_flags); - - vcpu_schedule_unlock_irq(v); diff --git a/26679-x86-defer-processing-events-on-the-NMI-exit-path.patch b/26679-x86-defer-processing-events-on-the-NMI-exit-path.patch deleted file mode 100644 index f36378e..0000000 --- a/26679-x86-defer-processing-events-on-the-NMI-exit-path.patch +++ /dev/null @@ -1,134 +0,0 @@ -# Commit d463b005bbd6475ed930a302821efe239e1b2cf9 -# Date 2013-03-04 10:19:34 +0100 -# Author Jan Beulich -# Committer Jan Beulich -x86: defer processing events on the NMI exit path - -Otherwise, we may end up in the scheduler, keeping NMIs masked for a -possibly unbounded period of time (until whenever the next IRET gets -executed). Enforce timely event processing by sending a self IPI. - -Of course it's open for discussion whether to always use the straight -exit path from handle_ist_exception. - -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/arch/x86/x86_32/entry.S -+++ b/xen/arch/x86/x86_32/entry.S -@@ -60,6 +60,7 @@ - #include - #include - #include -+#include - - ALIGN - restore_all_guest: -@@ -561,6 +562,8 @@ ENTRY(early_page_fault) - jmp restore_all_xen - .popsection - -+ENTRY(nmi) -+ pushl $TRAP_nmi<<16 - handle_nmi_mce: - #ifdef CONFIG_X86_SUPERVISOR_MODE_KERNEL - # NMI/MCE entry protocol is incompatible with guest kernel in ring 0. -@@ -581,7 +584,24 @@ handle_nmi_mce: - * cases we have put guest DS/ES on the guest stack frame, which will - * be detected by SAVE_ALL(), or we have rolled back restore_guest. - */ -- jmp ret_from_intr -+ cmpb $TRAP_nmi,UREGS_entry_vector(%esp) -+ jne ret_from_intr -+ /* We want to get straight to the IRET on the NMI exit path. */ -+ GET_CURRENT(%ebx) -+ movl UREGS_eflags(%esp),%eax -+ movb UREGS_cs(%esp),%al -+ testl $(3|X86_EFLAGS_VM),%eax -+ jz restore_all_xen -+ /* Send an IPI to ourselves to cover for the lack of event checking. */ -+ movl VCPU_processor(%ebx),%eax -+ shll $IRQSTAT_shift,%eax -+ cmpl $0,irq_stat(%eax) -+ je restore_all_guest -+ pushl $EVENT_CHECK_VECTOR -+ call send_IPI_self -+ addl $4,%esp -+ jmp restore_all_guest -+ - .Lnmi_mce_xen: - /* Check the outer (guest) context for %ds/%es state validity. */ - GET_CPUINFO_FIELD(CPUINFO_guest_cpu_user_regs,%ebx) -@@ -613,10 +633,6 @@ handle_nmi_mce: - jmp .Lnmi_mce_common - #endif /* !CONFIG_X86_SUPERVISOR_MODE_KERNEL */ - --ENTRY(nmi) -- pushl $TRAP_nmi<<16 -- jmp handle_nmi_mce -- - ENTRY(machine_check) - pushl $TRAP_machine_check<<16 - jmp handle_nmi_mce ---- a/xen/arch/x86/x86_64/compat/entry.S -+++ b/xen/arch/x86/x86_64/compat/entry.S -@@ -171,7 +171,7 @@ compat_bad_hypercall: - jmp compat_test_all_events - - /* %rbx: struct vcpu, interrupts disabled */ --compat_restore_all_guest: -+ENTRY(compat_restore_all_guest) - ASSERT_INTERRUPTS_DISABLED - RESTORE_ALL - addq $8,%rsp ---- a/xen/arch/x86/x86_64/entry.S -+++ b/xen/arch/x86/x86_64/entry.S -@@ -11,6 +11,7 @@ - #include - #include - #include -+#include - - ALIGN - /* %rbx: struct vcpu */ -@@ -617,6 +618,9 @@ ENTRY(early_page_fault) - jmp restore_all_xen - .popsection - -+ENTRY(nmi) -+ pushq $0 -+ movl $TRAP_nmi,4(%rsp) - handle_ist_exception: - SAVE_ALL - testb $3,UREGS_cs(%rsp) -@@ -631,12 +635,25 @@ handle_ist_exception: - movl UREGS_entry_vector(%rsp),%eax - leaq exception_table(%rip),%rdx - callq *(%rdx,%rax,8) -- jmp ret_from_intr -+ cmpb $TRAP_nmi,UREGS_entry_vector(%rsp) -+ jne ret_from_intr - --ENTRY(nmi) -- pushq $0 -- movl $TRAP_nmi,4(%rsp) -- jmp handle_ist_exception -+ /* We want to get straight to the IRET on the NMI exit path. */ -+ testb $3,UREGS_cs(%rsp) -+ jz restore_all_xen -+ GET_CURRENT(%rbx) -+ /* Send an IPI to ourselves to cover for the lack of event checking. */ -+ movl VCPU_processor(%rbx),%eax -+ shll $IRQSTAT_shift,%eax -+ leaq irq_stat(%rip),%rcx -+ cmpl $0,(%rcx,%rax,1) -+ je 1f -+ movl $EVENT_CHECK_VECTOR,%edi -+ call send_IPI_self -+1: movq VCPU_domain(%rbx),%rax -+ cmpb $0,DOMAIN_is_32bit_pv(%rax) -+ je restore_all_guest -+ jmp compat_restore_all_guest - - ENTRY(machine_check) - pushq $0 diff --git a/26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch b/26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch deleted file mode 100644 index b498cb0..0000000 --- a/26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch +++ /dev/null @@ -1,113 +0,0 @@ -# Commit be6507509454adf3bb5a50b9406c88504e996d5a -# Date 2013-03-04 13:37:39 +0100 -# Author George Dunlap -# Committer Jan Beulich -credit1: Use atomic bit operations for the flags structure - -The flags structure is not protected by locks (or more precisely, -it is protected using an inconsistent set of locks); we therefore need -to make sure that all accesses are atomic-safe. This is particulary -important in the case of the PARKED flag, which if clobbered while -changing the YIELD bit will leave a vcpu wedged in an offline state. - -Using the atomic bitops also requires us to change the size of the "flags" -element. - -Spotted-by: Igor Pavlikevich -Signed-off-by: George Dunlap - ---- a/xen/common/sched_credit.c -+++ b/xen/common/sched_credit.c -@@ -58,8 +58,8 @@ - /* - * Flags - */ --#define CSCHED_FLAG_VCPU_PARKED 0x0001 /* VCPU over capped credits */ --#define CSCHED_FLAG_VCPU_YIELD 0x0002 /* VCPU yielding */ -+#define CSCHED_FLAG_VCPU_PARKED 0x0 /* VCPU over capped credits */ -+#define CSCHED_FLAG_VCPU_YIELD 0x1 /* VCPU yielding */ - - - /* -@@ -132,7 +132,7 @@ struct csched_vcpu { - struct vcpu *vcpu; - atomic_t credit; - s_time_t start_time; /* When we were scheduled (used for credit) */ -- uint16_t flags; -+ unsigned flags; - int16_t pri; - #ifdef CSCHED_STATS - struct { -@@ -214,7 +214,7 @@ __runq_insert(unsigned int cpu, struct c - /* If the vcpu yielded, try to put it behind one lower-priority - * runnable vcpu if we can. The next runq_sort will bring it forward - * within 30ms if the queue too long. */ -- if ( svc->flags & CSCHED_FLAG_VCPU_YIELD -+ if ( test_bit(CSCHED_FLAG_VCPU_YIELD, &svc->flags) - && __runq_elem(iter)->pri > CSCHED_PRI_IDLE ) - { - iter=iter->next; -@@ -776,7 +776,7 @@ csched_vcpu_wake(const struct scheduler - * those. - */ - if ( svc->pri == CSCHED_PRI_TS_UNDER && -- !(svc->flags & CSCHED_FLAG_VCPU_PARKED) ) -+ !test_bit(CSCHED_FLAG_VCPU_PARKED, &svc->flags) ) - { - svc->pri = CSCHED_PRI_TS_BOOST; - } -@@ -789,12 +789,12 @@ csched_vcpu_wake(const struct scheduler - static void - csched_vcpu_yield(const struct scheduler *ops, struct vcpu *vc) - { -- struct csched_vcpu * const sv = CSCHED_VCPU(vc); -+ struct csched_vcpu * const svc = CSCHED_VCPU(vc); - - if ( !sched_credit_default_yield ) - { - /* Let the scheduler know that this vcpu is trying to yield */ -- sv->flags |= CSCHED_FLAG_VCPU_YIELD; -+ set_bit(CSCHED_FLAG_VCPU_YIELD, &svc->flags); - } - } - -@@ -1122,11 +1122,10 @@ csched_acct(void* dummy) - /* Park running VCPUs of capped-out domains */ - if ( sdom->cap != 0U && - credit < -credit_cap && -- !(svc->flags & CSCHED_FLAG_VCPU_PARKED) ) -+ !test_and_set_bit(CSCHED_FLAG_VCPU_PARKED, &svc->flags) ) - { - CSCHED_STAT_CRANK(vcpu_park); - vcpu_pause_nosync(svc->vcpu); -- svc->flags |= CSCHED_FLAG_VCPU_PARKED; - } - - /* Lower bound on credits */ -@@ -1142,7 +1141,7 @@ csched_acct(void* dummy) - svc->pri = CSCHED_PRI_TS_UNDER; - - /* Unpark any capped domains whose credits go positive */ -- if ( svc->flags & CSCHED_FLAG_VCPU_PARKED) -+ if ( test_and_clear_bit(CSCHED_FLAG_VCPU_PARKED, &svc->flags) ) - { - /* - * It's important to unset the flag AFTER the unpause() -@@ -1151,7 +1150,6 @@ csched_acct(void* dummy) - */ - CSCHED_STAT_CRANK(vcpu_unpark); - vcpu_unpause(svc->vcpu); -- svc->flags &= ~CSCHED_FLAG_VCPU_PARKED; - } - - /* Upper bound on credits means VCPU stops earning */ -@@ -1410,8 +1408,7 @@ csched_schedule( - /* - * Clear YIELD flag before scheduling out - */ -- if ( scurr->flags & CSCHED_FLAG_VCPU_YIELD ) -- scurr->flags &= ~(CSCHED_FLAG_VCPU_YIELD); -+ clear_bit(CSCHED_FLAG_VCPU_YIELD, &scurr->flags); - - /* - * SMP Load balance: diff --git a/26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch b/26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch deleted file mode 100644 index 248c8f2..0000000 --- a/26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch +++ /dev/null @@ -1,36 +0,0 @@ -# Commit d9fb28ae6d41c8201482948660e52889481830dd -# Date 2013-03-04 13:42:17 +0100 -# Author Olaf Hering -# Committer Jan Beulich -xentrace: fix off-by-one in calculate_tbuf_size - -Commit "xentrace: reduce trace buffer size to something mfn_offset can -reach" contains an off-by-one bug. max_mfn_offset needs to be reduced by -exactly the value of t_info_first_offset. - -If the system has two cpus and the number of requested trace pages is -very large, the final number of trace pages + the offset will not fit -into a short. As a result the variable offset in alloc_trace_bufs() will -wrap while allocating buffers for the second cpu. Later -share_xen_page_with_privileged_guests() will be called with a wrong page -and the ASSERT in this function triggers. If the ASSERT is ignored by -running a non-dbg hypervisor the asserts in xentrace itself trigger -because "cons" is not aligned because the very last trace page for the -second cpu is a random mfn. - -Thanks to Jan for the quick analysis. - -Signed-off-by: Olaf Hering -Acked-by: George Dunlap - ---- a/xen/common/trace.c -+++ b/xen/common/trace.c -@@ -133,7 +133,7 @@ static int calculate_tbuf_size(unsigned - * The array of mfns for the highest cpu can start at the maximum value - * mfn_offset can hold. So reduce the number of cpus and also the mfn_offset. - */ -- max_mfn_offset -= t_info_first_offset - 1; -+ max_mfn_offset -= t_info_first_offset; - max_cpus--; - if ( max_cpus ) - max_mfn_offset /= max_cpus; diff --git a/26689-fix-domain-unlocking-in-some-xsm-error-paths.patch b/26689-fix-domain-unlocking-in-some-xsm-error-paths.patch deleted file mode 100644 index 483f2fc..0000000 --- a/26689-fix-domain-unlocking-in-some-xsm-error-paths.patch +++ /dev/null @@ -1,25 +0,0 @@ -# Commit 9581c4f9a55372a21e759cd449cb676d0e8feddb -# Date 2013-03-06 17:10:26 +0100 -# Author Matthew Daley -# Committer Jan Beulich -fix domain unlocking in some xsm error paths - -A couple of xsm error/access-denied code paths in hypercalls neglect to -unlock a previously locked domain. Fix by ensuring the domains are -unlocked correctly. - -Signed-off-by: Matthew Daley -Reviewed-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/common/grant_table.c -+++ b/xen/common/grant_table.c -@@ -2262,7 +2262,7 @@ gnttab_get_status_frames(XEN_GUEST_HANDL - rc = xsm_grant_setup(current->domain, d); - if ( rc ) { - op.status = GNTST_permission_denied; -- goto out1; -+ goto out2; - } - - gt = d->grant_table; diff --git a/26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch b/26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch deleted file mode 100644 index c51e4de..0000000 --- a/26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch +++ /dev/null @@ -1,369 +0,0 @@ -# Commit 4245d331e0e75de8d1bddbbb518f3a8ce6d0bb7e -# Date 2013-03-08 14:05:34 +0100 -# Author Jan Beulich -# Committer Jan Beulich -x86/MSI: add mechanism to fully protect MSI-X table from PV guest accesses - -This adds two new physdev operations for Dom0 to invoke when resource -allocation for devices is known to be complete, so that the hypervisor -can arrange for the respective MMIO ranges to be marked read-only -before an eventual guest getting such a device assigned even gets -started, such that it won't be able to set up writable mappings for -these MMIO ranges before Xen has a chance to protect them. - -This also addresses another issue with the code being modified here, -in that so far write protection for the address ranges in question got -set up only once during the lifetime of a device (i.e. until either -system shutdown or device hot removal), while teardown happened when -the last interrupt was disposed of by the guest (which at least allowed -the tables to be writable when the device got assigned to a second -guest [instance] after the first terminated). - -Signed-off-by: Jan Beulich - ---- a/xen/arch/x86/msi.c -+++ b/xen/arch/x86/msi.c -@@ -649,8 +649,8 @@ static u64 read_pci_mem_bar(u16 seg, u8 - * @entries: pointer to an array of struct msix_entry entries - * @nvec: number of @entries - * -- * Setup the MSI-X capability structure of device function with a -- * single MSI-X irq. A return of zero indicates the successful setup of -+ * Setup the MSI-X capability structure of device function with the requested -+ * number MSI-X irqs. A return of zero indicates the successful setup of - * requested MSI-X entries with allocated irqs or non-zero for otherwise. - **/ - static int msix_capability_init(struct pci_dev *dev, -@@ -658,86 +658,69 @@ static int msix_capability_init(struct p - struct msi_desc **desc, - unsigned int nr_entries) - { -- struct msi_desc *entry; -- int pos; -+ struct msi_desc *entry = NULL; -+ int pos, vf; - u16 control; -- u64 table_paddr, entry_paddr; -- u32 table_offset, entry_offset; -- u8 bir; -- void __iomem *base; -- int idx; -+ u64 table_paddr; -+ u32 table_offset; -+ u8 bir, pbus, pslot, pfunc; - u16 seg = dev->seg; - u8 bus = dev->bus; - u8 slot = PCI_SLOT(dev->devfn); - u8 func = PCI_FUNC(dev->devfn); - - ASSERT(spin_is_locked(&pcidevs_lock)); -- ASSERT(desc); - - pos = pci_find_cap_offset(seg, bus, slot, func, PCI_CAP_ID_MSIX); - control = pci_conf_read16(seg, bus, slot, func, msix_control_reg(pos)); - msix_set_enable(dev, 0);/* Ensure msix is disabled as I set it up */ - -- /* MSI-X Table Initialization */ -- entry = alloc_msi_entry(); -- if ( !entry ) -- return -ENOMEM; -+ if ( desc ) -+ { -+ entry = alloc_msi_entry(); -+ if ( !entry ) -+ return -ENOMEM; -+ ASSERT(msi); -+ } - -- /* Request & Map MSI-X table region */ -+ /* Locate MSI-X table region */ - table_offset = pci_conf_read32(seg, bus, slot, func, - msix_table_offset_reg(pos)); - bir = (u8)(table_offset & PCI_MSIX_BIRMASK); - table_offset &= ~PCI_MSIX_BIRMASK; -- entry_offset = msi->entry_nr * PCI_MSIX_ENTRY_SIZE; - -- table_paddr = msi->table_base + table_offset; -- entry_paddr = table_paddr + entry_offset; -- idx = msix_get_fixmap(dev, table_paddr, entry_paddr); -- if ( idx < 0 ) -- { -- xfree(entry); -- return idx; -- } -- base = (void *)(fix_to_virt(idx) + -- ((unsigned long)entry_paddr & ((1UL << PAGE_SHIFT) - 1))); -- -- entry->msi_attrib.type = PCI_CAP_ID_MSIX; -- entry->msi_attrib.is_64 = 1; -- entry->msi_attrib.entry_nr = msi->entry_nr; -- entry->msi_attrib.maskbit = 1; -- entry->msi_attrib.masked = 1; -- entry->msi_attrib.pos = pos; -- entry->irq = msi->irq; -- entry->dev = dev; -- entry->mask_base = base; -- -- list_add_tail(&entry->list, &dev->msi_list); -- -- if ( !dev->msix_nr_entries ) -+ if ( !dev->info.is_virtfn ) - { -- u8 pbus, pslot, pfunc; -- int vf; -- u64 pba_paddr; -- u32 pba_offset; -+ pbus = bus; -+ pslot = slot; -+ pfunc = func; -+ vf = -1; -+ } -+ else -+ { -+ pbus = dev->info.physfn.bus; -+ pslot = PCI_SLOT(dev->info.physfn.devfn); -+ pfunc = PCI_FUNC(dev->info.physfn.devfn); -+ vf = PCI_BDF2(dev->bus, dev->devfn); -+ } - -- if ( !dev->info.is_virtfn ) -- { -- pbus = bus; -- pslot = slot; -- pfunc = func; -- vf = -1; -- } -- else -+ table_paddr = read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf); -+ WARN_ON(msi && msi->table_base != table_paddr); -+ if ( !table_paddr ) -+ { -+ if ( !msi || !msi->table_base ) - { -- pbus = dev->info.physfn.bus; -- pslot = PCI_SLOT(dev->info.physfn.devfn); -- pfunc = PCI_FUNC(dev->info.physfn.devfn); -- vf = PCI_BDF2(dev->bus, dev->devfn); -+ xfree(entry); -+ return -ENXIO; - } -+ table_paddr = msi->table_base; -+ } -+ table_paddr += table_offset; - -- ASSERT(!dev->msix_used_entries); -- WARN_ON(msi->table_base != -- read_pci_mem_bar(seg, pbus, pslot, pfunc, bir, vf)); -+ if ( !dev->msix_used_entries ) -+ { -+ u64 pba_paddr; -+ u32 pba_offset; - - dev->msix_nr_entries = nr_entries; - dev->msix_table.first = PFN_DOWN(table_paddr); -@@ -758,7 +741,42 @@ static int msix_capability_init(struct p - BITS_TO_LONGS(nr_entries) - 1); - WARN_ON(rangeset_overlaps_range(mmio_ro_ranges, dev->msix_pba.first, - dev->msix_pba.last)); -+ } -+ -+ if ( entry ) -+ { -+ /* Map MSI-X table region */ -+ u64 entry_paddr = table_paddr + msi->entry_nr * PCI_MSIX_ENTRY_SIZE; -+ int idx = msix_get_fixmap(dev, table_paddr, entry_paddr); -+ void __iomem *base; -+ -+ if ( idx < 0 ) -+ { -+ xfree(entry); -+ return idx; -+ } -+ base = (void *)(fix_to_virt(idx) + -+ ((unsigned long)entry_paddr & (PAGE_SIZE - 1))); - -+ /* Mask interrupt here */ -+ writel(1, base + PCI_MSIX_ENTRY_VECTOR_CTRL_OFFSET); -+ -+ entry->msi_attrib.type = PCI_CAP_ID_MSIX; -+ entry->msi_attrib.is_64 = 1; -+ entry->msi_attrib.entry_nr = msi->entry_nr; -+ entry->msi_attrib.maskbit = 1; -+ entry->msi_attrib.masked = 1; -+ entry->msi_attrib.pos = pos; -+ entry->irq = msi->irq; -+ entry->dev = dev; -+ entry->mask_base = base; -+ -+ list_add_tail(&entry->list, &dev->msi_list); -+ *desc = entry; -+ } -+ -+ if ( !dev->msix_used_entries ) -+ { - if ( rangeset_add_range(mmio_ro_ranges, dev->msix_table.first, - dev->msix_table.last) ) - WARN(); -@@ -769,7 +787,7 @@ static int msix_capability_init(struct p - if ( dev->domain ) - p2m_change_entry_type_global(dev->domain, - p2m_mmio_direct, p2m_mmio_direct); -- if ( !dev->domain || !paging_mode_translate(dev->domain) ) -+ if ( desc && (!dev->domain || !paging_mode_translate(dev->domain)) ) - { - struct domain *d = dev->domain; - -@@ -783,6 +801,13 @@ static int msix_capability_init(struct p - break; - if ( d ) - { -+ if ( !IS_PRIV(d) && dev->msix_warned != d->domain_id ) -+ { -+ dev->msix_warned = d->domain_id; -+ printk(XENLOG_ERR -+ "Potentially insecure use of MSI-X on %04x:%02x:%02x.%u by Dom%d\n", -+ seg, bus, slot, func, d->domain_id); -+ } - /* XXX How to deal with existing mappings? */ - } - } -@@ -791,10 +816,6 @@ static int msix_capability_init(struct p - WARN_ON(dev->msix_table.first != (table_paddr >> PAGE_SHIFT)); - ++dev->msix_used_entries; - -- /* Mask interrupt here */ -- writel(1, entry->mask_base + PCI_MSIX_ENTRY_VECTOR_CTRL_OFFSET); -- -- *desc = entry; - /* Restore MSI-X enabled bits */ - pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), control); - -@@ -919,6 +940,19 @@ static int __pci_enable_msix(struct msi_ - return status; - } - -+static void _pci_cleanup_msix(struct pci_dev *dev) -+{ -+ if ( !--dev->msix_used_entries ) -+ { -+ if ( rangeset_remove_range(mmio_ro_ranges, dev->msix_table.first, -+ dev->msix_table.last) ) -+ WARN(); -+ if ( rangeset_remove_range(mmio_ro_ranges, dev->msix_pba.first, -+ dev->msix_pba.last) ) -+ WARN(); -+ } -+} -+ - static void __pci_disable_msix(struct msi_desc *entry) - { - struct pci_dev *dev; -@@ -942,15 +976,45 @@ static void __pci_disable_msix(struct ms - - pci_conf_write16(seg, bus, slot, func, msix_control_reg(pos), control); - -- if ( !--dev->msix_used_entries ) -+ _pci_cleanup_msix(dev); -+} -+ -+int pci_prepare_msix(u16 seg, u8 bus, u8 devfn, bool_t off) -+{ -+ int rc; -+ struct pci_dev *pdev; -+ u8 slot = PCI_SLOT(devfn), func = PCI_FUNC(devfn); -+ unsigned int pos = pci_find_cap_offset(seg, bus, slot, func, -+ PCI_CAP_ID_MSIX); -+ -+ if ( !use_msi ) -+ return 0; -+ -+ if ( !pos ) -+ return -ENODEV; -+ -+ spin_lock(&pcidevs_lock); -+ pdev = pci_get_pdev(seg, bus, devfn); -+ if ( !pdev ) -+ rc = -ENODEV; -+ else if ( pdev->msix_used_entries != !!off ) -+ rc = -EBUSY; -+ else if ( off ) - { -- if ( rangeset_remove_range(mmio_ro_ranges, dev->msix_table.first, -- dev->msix_table.last) ) -- WARN(); -- if ( rangeset_remove_range(mmio_ro_ranges, dev->msix_pba.first, -- dev->msix_pba.last) ) -- WARN(); -+ _pci_cleanup_msix(pdev); -+ rc = 0; - } -+ else -+ { -+ u16 control = pci_conf_read16(seg, bus, slot, func, -+ msix_control_reg(pos)); -+ -+ rc = msix_capability_init(pdev, NULL, NULL, -+ multi_msix_capable(control)); -+ } -+ spin_unlock(&pcidevs_lock); -+ -+ return rc; - } - - /* ---- a/xen/arch/x86/physdev.c -+++ b/xen/arch/x86/physdev.c -@@ -609,6 +609,18 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H - break; - } - -+ case PHYSDEVOP_prepare_msix: -+ case PHYSDEVOP_release_msix: { -+ struct physdev_pci_device dev; -+ -+ if ( copy_from_guest(&dev, arg, 1) ) -+ ret = -EFAULT; -+ else -+ ret = pci_prepare_msix(dev.seg, dev.bus, dev.devfn, -+ cmd != PHYSDEVOP_prepare_msix); -+ break; -+ } -+ - #ifdef __x86_64__ - case PHYSDEVOP_pci_mmcfg_reserved: { - struct physdev_pci_mmcfg_reserved info; ---- a/xen/include/asm-x86/msi.h -+++ b/xen/include/asm-x86/msi.h -@@ -80,6 +80,7 @@ struct msi_desc; - /* Helper functions */ - extern int pci_enable_msi(struct msi_info *msi, struct msi_desc **desc); - extern void pci_disable_msi(struct msi_desc *desc); -+extern int pci_prepare_msix(u16 seg, u8 bus, u8 devfn, bool_t off); - extern void pci_cleanup_msi(struct pci_dev *pdev); - extern void setup_msi_handler(struct irq_desc *, struct msi_desc *); - extern void setup_msi_irq(struct irq_desc *); ---- a/xen/include/public/physdev.h -+++ b/xen/include/public/physdev.h -@@ -303,6 +303,12 @@ DEFINE_XEN_GUEST_HANDLE(physdev_pci_devi - - #define PHYSDEVOP_pci_device_remove 26 - #define PHYSDEVOP_restore_msi_ext 27 -+/* -+ * Dom0 should use these two to announce MMIO resources assigned to -+ * MSI-X capable devices won't (prepare) or may (release) change. -+ */ -+#define PHYSDEVOP_prepare_msix 30 -+#define PHYSDEVOP_release_msix 31 - struct physdev_pci_device { - /* IN */ - uint16_t seg; ---- a/xen/include/xen/pci.h -+++ b/xen/include/xen/pci.h -@@ -57,6 +57,7 @@ struct pci_dev { - int msix_table_refcnt[MAX_MSIX_TABLE_PAGES]; - int msix_table_idx[MAX_MSIX_TABLE_PAGES]; - spinlock_t msix_table_lock; -+ domid_t msix_warned; - - struct domain *domain; - const u16 seg; diff --git a/26702-powernow-add-fixups-for-AMD-P-state-figures.patch b/26702-powernow-add-fixups-for-AMD-P-state-figures.patch deleted file mode 100644 index d3b378d..0000000 --- a/26702-powernow-add-fixups-for-AMD-P-state-figures.patch +++ /dev/null @@ -1,139 +0,0 @@ -# Commit 1d80765b504b34b63a42a63aff4291e07e29f0c5 -# Date 2013-03-12 15:34:22 +0100 -# Author Konrad Rzeszutek Wilk -# Committer Jan Beulich -powernow: add fixups for AMD P-state figures - -In the Linux kernel, these two git commits: - -- f594065faf4f9067c2283a34619fc0714e79a98d - ACPI: Add fixups for AMD P-state figures -- 9855d8ce41a7801548a05d844db2f46c3e810166 - ACPI: Check MSR valid bit before using P-state frequencies - -Try to fix the the issue that "some AMD systems may round the -frequencies in ACPI tables to 100MHz boundaries. We can obtain the real -frequencies from MSRs, so add a quirk to fix these frequencies up -on AMD systems." (from f594065..) - -In discussion (around 9855d8..) "it turned out that indeed real -HW/BIOSes may choose to not set the valid bit and thus mark the -P-state as invalid. So this could be considered a fix for broken -BIOSes." (from 9855d8..) - -which is great for Linux. Unfortunatly the Linux kernel, when -it tries to do the RDMSR under Xen it fails to get the right -value (it gets zero) as Xen traps it and returns zero. Hence -when dom0 uploads the P-states they will be unmodified and -we should take care of updating the frequencies with the right -values. - -I've tested it under Dell Inc. PowerEdge T105 /0RR825, BIOS 1.3.2 -08/20/2008 where this quirk can be observed (x86 == 0x10, model == 2). -Also on other AMD (x86 == 0x12, A8-3850; x86 = 0x14, AMD E-350) to -make sure the quirk is not applied there. - -Signed-off-by: Konrad Rzeszutek Wilk -Acked-by: stefan.bader@canonical.com - -Do the MSR access here (and while at it, also the one reading -MSR_PSTATE_CUR_LIMIT) on the target CPU, and bound the loop over -amd_fixup_frequency() by max_hw_pstate (matching the one in -powernow_cpufreq_cpu_init()). - -Signed-off-by: Jan Beulich - ---- a/xen/arch/x86/acpi/cpufreq/powernow.c -+++ b/xen/arch/x86/acpi/cpufreq/powernow.c -@@ -159,6 +159,51 @@ static int powernow_cpufreq_target(struc - return result; - } - -+static void amd_fixup_frequency(struct xen_processor_px *px) -+{ -+ u32 hi, lo, fid, did; -+ int index = px->control & 0x00000007; -+ const struct cpuinfo_x86 *c = ¤t_cpu_data; -+ -+ if ((c->x86 != 0x10 || c->x86_model >= 10) && c->x86 != 0x11) -+ return; -+ -+ rdmsr(MSR_PSTATE_DEF_BASE + index, lo, hi); -+ /* -+ * MSR C001_0064+: -+ * Bit 63: PstateEn. Read-write. If set, the P-state is valid. -+ */ -+ if (!(hi & (1U << 31))) -+ return; -+ -+ fid = lo & 0x3f; -+ did = (lo >> 6) & 7; -+ if (c->x86 == 0x10) -+ px->core_frequency = (100 * (fid + 16)) >> did; -+ else -+ px->core_frequency = (100 * (fid + 8)) >> did; -+} -+ -+struct amd_cpu_data { -+ struct processor_performance *perf; -+ u32 max_hw_pstate; -+}; -+ -+static void get_cpu_data(void *arg) -+{ -+ struct amd_cpu_data *data = arg; -+ struct processor_performance *perf = data->perf; -+ uint64_t msr_content; -+ unsigned int i; -+ -+ rdmsrl(MSR_PSTATE_CUR_LIMIT, msr_content); -+ data->max_hw_pstate = (msr_content & HW_PSTATE_MAX_MASK) >> -+ HW_PSTATE_MAX_SHIFT; -+ -+ for (i = 0; i < perf->state_count && i <= data->max_hw_pstate; i++) -+ amd_fixup_frequency(&perf->states[i]); -+} -+ - static int powernow_cpufreq_verify(struct cpufreq_policy *policy) - { - struct acpi_cpufreq_data *data; -@@ -205,8 +250,7 @@ static int powernow_cpufreq_cpu_init(str - struct acpi_cpufreq_data *data; - unsigned int result = 0; - struct processor_performance *perf; -- u32 max_hw_pstate; -- uint64_t msr_content; -+ struct amd_cpu_data info; - struct cpuinfo_x86 *c = &cpu_data[policy->cpu]; - - data = xzalloc(struct acpi_cpufreq_data); -@@ -217,7 +261,7 @@ static int powernow_cpufreq_cpu_init(str - - data->acpi_data = &processor_pminfo[cpu]->perf; - -- perf = data->acpi_data; -+ info.perf = perf = data->acpi_data; - policy->shared_type = perf->shared_type; - - if (policy->shared_type == CPUFREQ_SHARED_TYPE_ALL || -@@ -239,8 +283,6 @@ static int powernow_cpufreq_cpu_init(str - result = -ENODEV; - goto err_unreg; - } -- rdmsrl(MSR_PSTATE_CUR_LIMIT, msr_content); -- max_hw_pstate = (msr_content & HW_PSTATE_MAX_MASK) >> HW_PSTATE_MAX_SHIFT; - - if (perf->control_register.space_id != perf->status_register.space_id) { - result = -ENODEV; -@@ -265,8 +307,10 @@ static int powernow_cpufreq_cpu_init(str - - policy->governor = cpufreq_opt_governor ? : CPUFREQ_DEFAULT_GOVERNOR; - -+ on_selected_cpus(cpumask_of(cpu), get_cpu_data, &info, 1); -+ - /* table init */ -- for (i = 0; i < perf->state_count && i <= max_hw_pstate; i++) { -+ for (i = 0; i < perf->state_count && i <= info.max_hw_pstate; i++) { - if (i > 0 && perf->states[i].core_frequency >= - data->freq_table[valid_states-1].frequency / 1000) - continue; diff --git a/26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch b/26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch deleted file mode 100644 index f1b251b..0000000 --- a/26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch +++ /dev/null @@ -1,72 +0,0 @@ -References: bnc#805579 - -# Commit b0583c0e64cc8bb6229c95c3304fdac2051f79b3 -# Date 2013-03-12 15:53:30 +0100 -# Author Jan Beulich -# Committer Jan Beulich -x86/MCA: suppress bank clearing for certain injected events - -As the bits indicating validity of the ADDR and MISC bank MSRs may be -injected in a way that isn't consistent with what the underlying -hardware implements (while the bank must be valid for injection to -work, the auxiliary MSRs may not be implemented - and hence cause #GP -upon access - if the hardware never sets the corresponding valid bits. - -Consequently we need to do the clearing writes only if no value was -interposed for the respective MSR (which also makes sense the other way -around: there's no point in clearing a hardware register when all data -read came from software). Of course this all requires the injection -tool to do things in a consistent way (but that had been a requirement -before already). - -Signed-off-by: Jan Beulich -Tested-by: Ren Yongjie -Acked-by: Liu Jinsong - ---- a/xen/arch/x86/cpu/mcheck/mce.c -+++ b/xen/arch/x86/cpu/mcheck/mce.c -@@ -1145,13 +1145,15 @@ static void intpose_add(unsigned int cpu - printk("intpose_add: interpose array full - request dropped\n"); - } - --void intpose_inval(unsigned int cpu_nr, uint64_t msr) -+bool_t intpose_inval(unsigned int cpu_nr, uint64_t msr) - { -- struct intpose_ent *ent; -+ struct intpose_ent *ent = intpose_lookup(cpu_nr, msr, NULL); - -- if ((ent = intpose_lookup(cpu_nr, msr, NULL)) != NULL) { -- ent->cpu_nr = -1; -- } -+ if ( !ent ) -+ return 0; -+ -+ ent->cpu_nr = -1; -+ return 1; - } - - #define IS_MCA_BANKREG(r) \ ---- a/xen/arch/x86/cpu/mcheck/mce.h -+++ b/xen/arch/x86/cpu/mcheck/mce.h -@@ -89,7 +89,7 @@ extern void mce_recoverable_register(mce - /* Read an MSR, checking for an interposed value first */ - extern struct intpose_ent *intpose_lookup(unsigned int, uint64_t, - uint64_t *); --extern void intpose_inval(unsigned int, uint64_t); -+extern bool_t intpose_inval(unsigned int, uint64_t); - - static inline uint64_t mca_rdmsr(unsigned int msr) - { -@@ -101,9 +101,9 @@ static inline uint64_t mca_rdmsr(unsigne - - /* Write an MSR, invalidating any interposed value */ - #define mca_wrmsr(msr, val) do { \ -- intpose_inval(smp_processor_id(), msr); \ -- wrmsrl(msr, val); \ --} while (0) -+ if ( !intpose_inval(smp_processor_id(), msr) ) \ -+ wrmsrl(msr, val); \ -+} while ( 0 ) - - - /* Utility function to "logout" all architectural MCA telemetry from the MCA diff --git a/26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch b/26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch deleted file mode 100644 index 6c5d01a..0000000 --- a/26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch +++ /dev/null @@ -1,32 +0,0 @@ -# Commit 0f7b6f91ac1bbfd33b23c291b14874b9561909d2 -# Date 2013-03-20 10:00:01 +0100 -# Author Andrew Cooper -# Committer Jan Beulich -AMD/IOMMU: Process softirqs while building dom0 iommu mappings - -Recent changes which have made their way into xen-4.2 stable have pushed the -runtime of construct_dom0() over 5 seconds, which has caused regressions in -XenServer testing because of our 5 second watchdog. - -The root cause is that amd_iommu_dom0_init() does not process softirqs and in -particular the nmi_timer which causes the watchdog to decide that no useful -progress is being made. - -This patch adds periodic calls to process_pending_softirqs() at the same -interval as the Intel variant of this function. The server which was failing -with the watchdog test now boots reliably with a timeout of 1 second. - -Signed-off-by: Andrew Cooper - ---- a/xen/drivers/passthrough/amd/pci_amd_iommu.c -+++ b/xen/drivers/passthrough/amd/pci_amd_iommu.c -@@ -285,6 +285,9 @@ static void __init amd_iommu_dom0_init(s - if ( mfn_valid(pfn) ) - amd_iommu_map_page(d, pfn, pfn, - IOMMUF_readable|IOMMUF_writable); -+ -+ if ( !(i & 0xfffff) ) -+ process_pending_softirqs(); - } - } - diff --git a/26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch b/26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch deleted file mode 100644 index 45c5339..0000000 --- a/26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch +++ /dev/null @@ -1,22 +0,0 @@ -# Commit 32861c537781ac94bf403fb778505c3679b85f67 -# Date 2013-03-20 10:02:26 +0100 -# Author Andrew Cooper -# Committer Jan Beulich -VT-d: Enumerate IOMMUs when listing capabilities - -This saves N identical console log lines on a multi-iommu server. - -Signed-off-by: Andrew Cooper - ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c -@@ -2135,7 +2135,8 @@ int __init intel_vtd_setup(void) - { - iommu = drhd->iommu; - -- printk("Intel VT-d supported page sizes: 4kB"); -+ printk("Intel VT-d iommu %"PRIu32" supported page sizes: 4kB", -+ iommu->index); - if (cap_sps_2mb(iommu->cap)) - printk(", 2MB"); - diff --git a/26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch b/26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch deleted file mode 100644 index 21a942b..0000000 --- a/26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch +++ /dev/null @@ -1,28 +0,0 @@ -# Commit 759847e44401176401e86e7c55b644cb9f93c781 -# Date 2013-03-20 10:02:52 +0100 -# Author Andrew Cooper -# Committer Jan Beulich -ACPI/ERST: Name table in otherwise opaque error messages - -Signed-off-by: Andrew Cooper - -Fix spelling and lower severities. - -Signed-off-by: Jan Beulich - ---- a/xen/drivers/acpi/apei/erst.c -+++ b/xen/drivers/acpi/apei/erst.c -@@ -799,11 +799,11 @@ int __init erst_init(void) - status = acpi_get_table(ACPI_SIG_ERST, 0, - (struct acpi_table_header **)&erst_tab); - if (status == AE_NOT_FOUND) { -- printk(KERN_ERR "Table is not found!\n"); -+ printk(KERN_INFO "ERST table was not found\n"); - return -ENODEV; - } else if (ACPI_FAILURE(status)) { - const char *msg = acpi_format_exception(status); -- printk(KERN_ERR "Failed to get table, %s\n", msg); -+ printk(KERN_WARNING "Failed to get ERST table: %s\n", msg); - return -EINVAL; - } - diff --git a/26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch b/26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch deleted file mode 100644 index e7a45ea..0000000 --- a/26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch +++ /dev/null @@ -1,34 +0,0 @@ -References: bnc#785211 - -# Commit 0611689d9153227831979c7bafe594214b8505a3 -# Date 2013-03-22 09:43:38 +0100 -# Author Andrew Cooper -# Committer Jan Beulich -ACPI/APEI: Unlock apei_iomaps_lock on error path - -This causes deadlocks during early boot on hardware with broken/buggy -APEI implementations, such as a Dell Poweredge 2950 with the latest -currently available BIOS. - -Signed-off-by: Andrew Cooper - -Don't use goto or another special error path, as handling the error -case in normal flow is quite simple. - -Signed-off-by: Jan Beulich - ---- a/xen/drivers/acpi/apei/apei-io.c -+++ b/xen/drivers/acpi/apei/apei-io.c -@@ -146,10 +146,8 @@ static void __init apei_post_unmap(paddr - - spin_lock_irqsave(&apei_iomaps_lock, flags); - map = __apei_find_iomap(paddr, size); -- if (!map) -- return; -- -- list_del(&map->list); -+ if (map) -+ list_del(&map->list); - spin_unlock_irqrestore(&apei_iomaps_lock, flags); - - xfree(map); diff --git a/26737-ACPI-APEI-Add-apei_exec_run_optional.patch b/26737-ACPI-APEI-Add-apei_exec_run_optional.patch deleted file mode 100644 index 7b60230..0000000 --- a/26737-ACPI-APEI-Add-apei_exec_run_optional.patch +++ /dev/null @@ -1,70 +0,0 @@ -References: bnc#785211 - -# Commit 72af01bf6f7489e54ad59270222a29d3e8c501d1 -# Date 2013-03-22 12:46:25 +0100 -# Author Huang Ying -# Committer Jan Beulich -ACPI, APEI: Add apei_exec_run_optional - -Some actions in APEI ERST and EINJ tables are optional, for example, -ACPI_EINJ_BEGIN_OPERATION action is used to do some preparation for -error injection, and firmware may choose to do nothing here. While -some other actions are mandatory, for example, firmware must provide -ACPI_EINJ_GET_ERROR_TYPE implementation. - -Original implementation treats all actions as optional (that is, can -have no instructions), that may cause issue if firmware does not -provide some mandatory actions. To fix this, this patch adds -apei_exec_run_optional, which should be used for optional actions. -The original apei_exec_run should be used for mandatory actions. - -Signed-off-by: Huang Ying -Signed-off-by: Jan Beulich -Tested-by: Andrew Cooper - ---- a/xen/drivers/acpi/apei/apei-base.c -+++ b/xen/drivers/acpi/apei/apei-base.c -@@ -154,9 +154,10 @@ int apei_exec_noop(struct apei_exec_cont - * Interpret the specified action. Go through whole action table, - * execute all instructions belong to the action. - */ --int apei_exec_run(struct apei_exec_context *ctx, u8 action) -+int __apei_exec_run(struct apei_exec_context *ctx, u8 action, -+ bool_t optional) - { -- int rc; -+ int rc = -ENOENT; - u32 i, ip; - struct acpi_whea_header *entry; - apei_exec_ins_func_t run; -@@ -195,7 +196,7 @@ rewind: - goto rewind; - } - -- return 0; -+ return !optional && rc < 0 ? rc : 0; - } - - typedef int (*apei_exec_entry_func_t)(struct apei_exec_context *ctx, ---- a/xen/drivers/acpi/apei/apei-internal.h -+++ b/xen/drivers/acpi/apei/apei-internal.h -@@ -48,7 +48,18 @@ static inline u64 apei_exec_ctx_get_outp - return ctx->value; - } - --int apei_exec_run(struct apei_exec_context *ctx, u8 action); -+int __apei_exec_run(struct apei_exec_context *ctx, u8 action, bool_t optional); -+ -+static inline int apei_exec_run(struct apei_exec_context *ctx, u8 action) -+{ -+ return __apei_exec_run(ctx, action, 0); -+} -+ -+/* It is optional whether the firmware provides the action */ -+static inline int apei_exec_run_optional(struct apei_exec_context *ctx, u8 action) -+{ -+ return __apei_exec_run(ctx, action, 1); -+} - - /* Common instruction implementation */ - diff --git a/26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch b/26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch deleted file mode 100644 index e718ed0..0000000 --- a/26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch +++ /dev/null @@ -1,96 +0,0 @@ -# Commit fae0372140befb88d890a30704a8ec058c902af8 -# Date 2013-03-25 14:28:31 +0100 -# Author Jan Beulich -# Committer Jan Beulich -IOMMU: properly check whether interrupt remapping is enabled - -... rather than the IOMMU as a whole. - -That in turn required to make sure iommu_intremap gets properly -cleared when the respective initialization fails (or isn't being -done at all). - -Along with making sure interrupt remapping doesn't get inconsistently -enabled on some IOMMUs and not on others in the VT-d code, this in turn -allowed quite a bit of cleanup on the VT-d side (removed from the -backport). - -Signed-off-by: Jan Beulich -Acked-by: "Zhang, Xiantao" - ---- a/xen/arch/x86/msi.c -+++ b/xen/arch/x86/msi.c -@@ -204,7 +204,7 @@ static void read_msi_msg(struct msi_desc - BUG(); - } - -- if ( iommu_enabled ) -+ if ( iommu_intremap ) - iommu_read_msi_from_ire(entry, msg); - } - -@@ -212,7 +212,7 @@ static void write_msi_msg(struct msi_des - { - entry->msg = *msg; - -- if ( iommu_enabled ) -+ if ( iommu_intremap ) - { - ASSERT(msg != &entry->msg); - iommu_update_ire_from_msi(entry, msg); -@@ -482,7 +482,7 @@ int msi_free_irq(struct msi_desc *entry) - } - - /* Free the unused IRTE if intr remap enabled */ -- if ( iommu_enabled ) -+ if ( iommu_intremap ) - iommu_update_ire_from_msi(entry, NULL); - - list_del(&entry->list); ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -469,6 +469,8 @@ int __init iommu_setup(void) - rc = iommu_hardware_setup(); - iommu_enabled = (rc == 0); - } -+ if ( !iommu_enabled ) -+ iommu_intremap = 0; - - if ( (force_iommu && !iommu_enabled) || - (force_intremap && !iommu_intremap) ) -@@ -485,9 +487,12 @@ int __init iommu_setup(void) - } - printk("I/O virtualisation %sabled\n", iommu_enabled ? "en" : "dis"); - if ( iommu_enabled ) -+ { - printk(" - Dom0 mode: %s\n", - iommu_passthrough ? "Passthrough" : - iommu_dom0_strict ? "Strict" : "Relaxed"); -+ printk("Interrupt remapping %sabled\n", iommu_intremap ? "en" : "dis"); -+ } - - return rc; - } ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c -@@ -2072,6 +2072,9 @@ static int init_vtd_hw(void) - break; - } - } -+ if ( !iommu_intremap ) -+ for_each_drhd_unit ( drhd ) -+ disable_intremap(drhd->iommu); - } - - /* ---- a/xen/include/asm-x86/io_apic.h -+++ b/xen/include/asm-x86/io_apic.h -@@ -129,7 +129,7 @@ struct IO_APIC_route_entry { - extern struct mpc_config_ioapic mp_ioapics[MAX_IO_APICS]; - - /* Only need to remap ioapic RTE (reg: 10~3Fh) */ --#define ioapic_reg_remapped(reg) (iommu_enabled && ((reg) >= 0x10)) -+#define ioapic_reg_remapped(reg) (iommu_intremap && ((reg) >= 0x10)) - - static inline unsigned int __io_apic_read(unsigned int apic, unsigned int reg) - { diff --git a/26743-VT-d-deal-with-5500-5520-X58-errata.patch b/26743-VT-d-deal-with-5500-5520-X58-errata.patch deleted file mode 100644 index 9b57f32..0000000 --- a/26743-VT-d-deal-with-5500-5520-X58-errata.patch +++ /dev/null @@ -1,90 +0,0 @@ -References: bnc#801910 - -# Commit 6890cebc6a987d0e896f5d23a8de11a3934101cf -# Date 2013-03-25 14:31:27 +0100 -# Author Malcolm Crossley -# Committer Jan Beulich -VT-d: deal with 5500/5520/X58 errata - -http://www.intel.com/content/www/us/en/chipsets/5520-and-5500-chipset-ioh-specification-update.html - -Stepping B-3 has two errata (#47 and #53) related to Interrupt -remapping, to which the workaround is for the BIOS to completely disable -interrupt remapping. These errata are fixed in stepping C-2. - -Unfortunately this chipset stepping is very common and many BIOSes are -not disabling interrupt remapping on this stepping . We can detect this in -Xen and prevent Xen from using the problematic interrupt remapping feature. - -The Intel 5500/5520/X58 chipset does not support VT-d -Extended Interrupt Mode(EIM). This means the iommu_supports_eim() check -always fails and so x2apic mode cannot be enabled in Xen before this quirk -disables the interrupt remapping feature. - -Signed-off-by: Malcolm Crossley -Signed-off-by: Andrew Cooper - -Gate the function call to check the quirk on interrupt remapping being -requested to get enabled, and upon failure disable the IOMMU to be in -line with what the changes for XSA-36 (plus follow-ups) did. - -Signed-off-by: Jan Beulich -Acked-by: "Zhang, Xiantao" - ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c -@@ -2129,6 +2129,11 @@ int __init intel_vtd_setup(void) - } - - platform_quirks_init(); -+ if ( !iommu_enabled ) -+ { -+ ret = -ENODEV; -+ goto error; -+ } - - /* We enable the following features only if they are supported by all VT-d - * engines: Snoop Control, DMA passthrough, Queued Invalidation and ---- a/xen/drivers/passthrough/vtd/quirks.c -+++ b/xen/drivers/passthrough/vtd/quirks.c -@@ -248,6 +248,29 @@ void vtd_ops_postamble_quirk(struct iomm - } - } - -+/* 5500/5520/X58 Chipset Interrupt remapping errata, for stepping B-3. -+ * Fixed in stepping C-2. */ -+static void __init tylersburg_intremap_quirk(void) -+{ -+ uint32_t bus, device; -+ uint8_t rev; -+ -+ for ( bus = 0; bus < 0x100; bus++ ) -+ { -+ /* Match on System Management Registers on Device 20 Function 0 */ -+ device = pci_conf_read32(0, bus, 20, 0, PCI_VENDOR_ID); -+ rev = pci_conf_read8(0, bus, 20, 0, PCI_REVISION_ID); -+ -+ if ( rev == 0x13 && device == 0x342e8086 ) -+ { -+ printk(XENLOG_WARNING VTDPREFIX -+ "Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata #47, #53\n"); -+ iommu_enabled = 0; -+ break; -+ } -+ } -+} -+ - /* initialize platform identification flags */ - void __init platform_quirks_init(void) - { -@@ -268,6 +291,10 @@ void __init platform_quirks_init(void) - - /* ioremap IGD MMIO+0x2000 page */ - map_igd_reg(); -+ -+ /* Tylersburg interrupt remap quirk */ -+ if ( iommu_intremap ) -+ tylersburg_intremap_quirk(); - } - - /* diff --git a/26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch b/26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch deleted file mode 100644 index a705a10..0000000 --- a/26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch +++ /dev/null @@ -1,63 +0,0 @@ -# Commit 92b8bc03bd4b582cb524db51494d0dba7607e7ac -# Date 2013-03-25 16:55:22 +0100 -# Author Jan Beulich -# Committer Jan Beulich -AMD IOMMU: allow disabling only interrupt remapping when certain IVRS consistency checks fail - -After some more thought on the XSA-36 and specifically the comments we -got regarding disabling the IOMMU in this situation altogether making -things worse instead of better, I came to the conclusion that we can -actually restrict the action in affected cases to just disabling -interrupt remapping. That doesn't make the situation worse than prior -to the XSA-36 fixes (where interrupt remapping didn't really protect -domains from one another), but allows at least DMA isolation to still -be utilized. - -To do so, disabling of interrupt remapping must be explicitly requested -on the command line - respective checks will then be skipped. - -Signed-off-by: Jan Beulich -Acked-by: Suravee Suthikulanit - ---- a/xen/drivers/passthrough/amd/iommu_acpi.c -+++ b/xen/drivers/passthrough/amd/iommu_acpi.c -@@ -664,6 +664,9 @@ static u16 __init parse_ivhd_device_spec - return dev_length; - } - -+ if ( !iommu_intremap ) -+ return dev_length; -+ - /* - * Some BIOSes have IOAPIC broken entries so we check for IVRS - * consistency here --- whether entry's IOAPIC ID is valid and -@@ -902,7 +905,7 @@ static int __init parse_ivrs_table(struc - } - - /* Each IO-APIC must have been mentioned in the table. */ -- for ( apic = 0; !error && apic < nr_ioapics; ++apic ) -+ for ( apic = 0; !error && iommu_intremap && apic < nr_ioapics; ++apic ) - { - if ( !nr_ioapic_entries[apic] || - ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) ---- a/xen/drivers/passthrough/amd/iommu_init.c -+++ b/xen/drivers/passthrough/amd/iommu_init.c -@@ -1192,7 +1192,8 @@ int __init amd_iommu_init(void) - - BUG_ON( !iommu_found() ); - -- if ( amd_iommu_perdev_intremap && amd_sp5100_erratum28() ) -+ if ( iommu_intremap && amd_iommu_perdev_intremap && -+ amd_sp5100_erratum28() ) - goto error_out; - - ivrs_bdf_entries = amd_iommu_get_ivrs_dev_entries(); -@@ -1209,7 +1210,7 @@ int __init amd_iommu_init(void) - goto error_out; - - /* initialize io-apic interrupt remapping entries */ -- if ( amd_iommu_setup_ioapic_remapping() != 0 ) -+ if ( iommu_intremap && amd_iommu_setup_ioapic_remapping() != 0 ) - goto error_out; - - /* allocate and initialize a global device table shared by all iommus */ diff --git a/26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch b/26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch new file mode 100644 index 0000000..b5ff963 --- /dev/null +++ b/26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch @@ -0,0 +1,144 @@ +# Commit 9aa356bc9f7533c3cb7f02c823f532532876d444 +# Date 2013-04-19 12:29:01 +0200 +# Author Ben Guthro +# Committer Jan Beulich +x86/S3: Fix cpu pool scheduling after suspend/resume + +This review is another S3 scheduler problem with the system_state +variable introduced with the following changeset: +http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=269f543ea750ed567d18f2e819e5d5ce58eda5c5 + +Specifically, the cpu_callback function that takes the CPU down during +suspend, and back up during resume. We were seeing situations where, +after S3, only CPU0 was in cpupool0. Guest performance suffered +greatly, since all vcpus were only on a single pcpu. Guests under high +CPU load showed the problem much more quickly than an idle guest. + +Removing this if condition forces the CPUs to go through the expected +online/offline state, and be properly scheduled after S3. + +This also includes a necessary partial change proposed earlier by +Tomasz Wroblewski here: +http://lists.xen.org/archives/html/xen-devel/2013-01/msg02206.html + +It should also resolve the issues discussed in this thread: +http://lists.xen.org/archives/html/xen-devel/2012-11/msg01801.html + +Signed-off-by: Ben Guthro +Acked-by: Juergen Gross + +--- a/xen/common/cpupool.c ++++ b/xen/common/cpupool.c +@@ -41,16 +41,28 @@ static struct cpupool *alloc_cpupool_str + { + struct cpupool *c = xzalloc(struct cpupool); + +- if ( c && zalloc_cpumask_var(&c->cpu_valid) ) +- return c; +- xfree(c); +- return NULL; ++ if ( !c || !zalloc_cpumask_var(&c->cpu_valid) ) ++ { ++ xfree(c); ++ c = NULL; ++ } ++ else if ( !zalloc_cpumask_var(&c->cpu_suspended) ) ++ { ++ free_cpumask_var(c->cpu_valid); ++ xfree(c); ++ c = NULL; ++ } ++ ++ return c; + } + + static void free_cpupool_struct(struct cpupool *c) + { + if ( c ) ++ { ++ free_cpumask_var(c->cpu_suspended); + free_cpumask_var(c->cpu_valid); ++ } + xfree(c); + } + +@@ -417,14 +429,32 @@ void cpupool_rm_domain(struct domain *d) + + /* + * called to add a new cpu to pool admin +- * we add a hotplugged cpu to the cpupool0 to be able to add it to dom0 ++ * we add a hotplugged cpu to the cpupool0 to be able to add it to dom0, ++ * unless we are resuming from S3, in which case we put the cpu back ++ * in the cpupool it was in prior to suspend. + */ + static void cpupool_cpu_add(unsigned int cpu) + { + spin_lock(&cpupool_lock); + cpumask_clear_cpu(cpu, &cpupool_locked_cpus); + cpumask_set_cpu(cpu, &cpupool_free_cpus); +- cpupool_assign_cpu_locked(cpupool0, cpu); ++ ++ if ( system_state == SYS_STATE_resume ) ++ { ++ struct cpupool **c; ++ ++ for_each_cpupool(c) ++ { ++ if ( cpumask_test_cpu(cpu, (*c)->cpu_suspended ) ) ++ { ++ cpupool_assign_cpu_locked(*c, cpu); ++ cpumask_clear_cpu(cpu, (*c)->cpu_suspended); ++ } ++ } ++ } ++ ++ if ( cpumask_test_cpu(cpu, &cpupool_free_cpus) ) ++ cpupool_assign_cpu_locked(cpupool0, cpu); + spin_unlock(&cpupool_lock); + } + +@@ -436,7 +466,7 @@ static void cpupool_cpu_add(unsigned int + static int cpupool_cpu_remove(unsigned int cpu) + { + int ret = 0; +- ++ + spin_lock(&cpupool_lock); + if ( !cpumask_test_cpu(cpu, cpupool0->cpu_valid)) + ret = -EBUSY; +@@ -633,9 +663,14 @@ static int cpu_callback( + unsigned int cpu = (unsigned long)hcpu; + int rc = 0; + +- if ( (system_state == SYS_STATE_suspend) || +- (system_state == SYS_STATE_resume) ) +- goto out; ++ if ( system_state == SYS_STATE_suspend ) ++ { ++ struct cpupool **c; ++ ++ for_each_cpupool(c) ++ if ( cpumask_test_cpu(cpu, (*c)->cpu_valid ) ) ++ cpumask_set_cpu(cpu, (*c)->cpu_suspended); ++ } + + switch ( action ) + { +@@ -650,7 +685,6 @@ static int cpu_callback( + break; + } + +-out: + return !rc ? NOTIFY_DONE : notifier_from_errno(rc); + } + +--- a/xen/include/xen/sched-if.h ++++ b/xen/include/xen/sched-if.h +@@ -199,6 +199,7 @@ struct cpupool + { + int cpupool_id; + cpumask_var_t cpu_valid; /* all cpus assigned to pool */ ++ cpumask_var_t cpu_suspended; /* cpus in S3 that should be in this pool */ + struct cpupool *next; + unsigned int n_dom; + struct scheduler *sched; diff --git a/26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch b/26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch new file mode 100644 index 0000000..cd4d4e6 --- /dev/null +++ b/26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch @@ -0,0 +1,142 @@ +References: FATE#314499, FATE#314509 + +# Commit 9be8a4447103d92843fcfeaad8be42408c90e9a9 +# Date 2013-04-22 13:58:01 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86/EFI: pass boot services variable info to runtime code + +EFI variables can be flagged as being accessible only within boot services. +This makes it awkward for us to figure out how much space they use at +runtime. In theory we could figure this out by simply comparing the results +from QueryVariableInfo() to the space used by all of our variables, but +that fails if the platform doesn't garbage collect on every boot. Thankfully, +calling QueryVariableInfo() while still inside boot services gives a more +reliable answer. This patch passes that information from the EFI boot stub +up to the efi platform code. + +Based on a similarly named Linux patch by Matthew Garrett . + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser +Acked-by: George Dunlap + +--- a/xen/arch/x86/efi/boot.c ++++ b/xen/arch/x86/efi/boot.c +@@ -1128,6 +1128,23 @@ efi_start(EFI_HANDLE ImageHandle, EFI_SY + if (efi.smbios != EFI_INVALID_TABLE_ADDR) + dmi_efi_get_table((void *)(long)efi.smbios); + ++ /* Get snapshot of variable store parameters. */ ++ status = efi_rs->QueryVariableInfo(EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ EFI_VARIABLE_RUNTIME_ACCESS, ++ &efi_boot_max_var_store_size, ++ &efi_boot_remain_var_store_size, ++ &efi_boot_max_var_size); ++ if ( EFI_ERROR(status) ) ++ { ++ efi_boot_max_var_store_size = 0; ++ efi_boot_remain_var_store_size = 0; ++ efi_boot_max_var_size = status; ++ PrintStr(L"Warning: Could not query variable store: "); ++ DisplayUint(status, 0); ++ PrintStr(newline); ++ } ++ + /* Allocate space for trampoline (in first Mb). */ + cfg.addr = 0x100000; + cfg.size = trampoline_end - trampoline_start; +--- a/xen/arch/x86/efi/efi.h ++++ b/xen/arch/x86/efi/efi.h +@@ -22,5 +22,8 @@ extern void *efi_memmap; + + extern l4_pgentry_t *efi_l4_pgtable; + ++extern UINT64 efi_boot_max_var_store_size, efi_boot_remain_var_store_size, ++ efi_boot_max_var_size; ++ + unsigned long efi_rs_enter(void); + void efi_rs_leave(unsigned long); +--- a/xen/arch/x86/efi/runtime.c ++++ b/xen/arch/x86/efi/runtime.c +@@ -28,6 +28,10 @@ UINTN __read_mostly efi_memmap_size; + UINTN __read_mostly efi_mdesc_size; + void *__read_mostly efi_memmap; + ++UINT64 __read_mostly efi_boot_max_var_store_size; ++UINT64 __read_mostly efi_boot_remain_var_store_size; ++UINT64 __read_mostly efi_boot_max_var_size; ++ + struct efi __read_mostly efi = { + .acpi = EFI_INVALID_TABLE_ADDR, + .acpi20 = EFI_INVALID_TABLE_ADDR, +@@ -446,6 +450,35 @@ int efi_runtime_call(struct xenpf_efi_ru + break; + + case XEN_EFI_query_variable_info: ++ if ( op->misc & ~XEN_EFI_VARINFO_BOOT_SNAPSHOT ) ++ return -EINVAL; ++ ++ if ( op->misc & XEN_EFI_VARINFO_BOOT_SNAPSHOT ) ++ { ++ if ( (op->u.query_variable_info.attr ++ & ~EFI_VARIABLE_APPEND_WRITE) != ++ (EFI_VARIABLE_NON_VOLATILE | ++ EFI_VARIABLE_BOOTSERVICE_ACCESS | ++ EFI_VARIABLE_RUNTIME_ACCESS) ) ++ return -EINVAL; ++ ++ op->u.query_variable_info.max_store_size = ++ efi_boot_max_var_store_size; ++ op->u.query_variable_info.remain_store_size = ++ efi_boot_remain_var_store_size; ++ if ( efi_boot_max_var_store_size ) ++ { ++ op->u.query_variable_info.max_size = efi_boot_max_var_size; ++ status = EFI_SUCCESS; ++ } ++ else ++ { ++ op->u.query_variable_info.max_size = 0; ++ status = efi_boot_max_var_size; ++ } ++ break; ++ } ++ + cr3 = efi_rs_enter(); + if ( (efi_rs->Hdr.Revision >> 16) < 2 ) + { +@@ -462,6 +495,9 @@ int efi_runtime_call(struct xenpf_efi_ru + + case XEN_EFI_query_capsule_capabilities: + case XEN_EFI_update_capsule: ++ if ( op->misc ) ++ return -EINVAL; ++ + cr3 = efi_rs_enter(); + if ( (efi_rs->Hdr.Revision >> 16) < 2 ) + { +--- a/xen/include/efi/efiapi.h ++++ b/xen/include/efi/efiapi.h +@@ -213,6 +213,10 @@ VOID + #define EFI_VARIABLE_NON_VOLATILE 0x00000001 + #define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 + #define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 ++#define EFI_VARIABLE_HARDWARE_ERROR_RECORD 0x00000008 ++#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 ++#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 ++#define EFI_VARIABLE_APPEND_WRITE 0x00000040 + + // Variable size limitation + #define EFI_MAXIMUM_VARIABLE_SIZE 1024 +--- a/xen/include/public/platform.h ++++ b/xen/include/public/platform.h +@@ -184,6 +184,7 @@ struct xenpf_efi_runtime_call { + struct xenpf_efi_guid vendor_guid; + } get_next_variable_name; + ++#define XEN_EFI_VARINFO_BOOT_SNAPSHOT 0x00000001 + struct { + uint32_t attr; + uint64_t max_store_size; diff --git a/26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch b/26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch new file mode 100644 index 0000000..315e098 --- /dev/null +++ b/26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch @@ -0,0 +1,23 @@ +# Commit a7ac9597a7fc6ca934957eb78b41e26638281953 +# Date 2013-04-29 11:27:54 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86/EFI: fix runtime call status for compat mode Dom0 + +The top two bits (indicating error/warning classification) need to +remain the top two bits. + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/arch/x86/efi/runtime.c ++++ b/xen/arch/x86/efi/runtime.c +@@ -513,7 +513,7 @@ int efi_runtime_call(struct xenpf_efi_ru + #ifndef COMPAT + op->status = status; + #else +- op->status = (status & 0x3fffffff) | (status >> 62); ++ op->status = (status & 0x3fffffff) | ((status >> 32) & 0xc0000000); + #endif + + return rc; diff --git a/32on64-extra-mem.patch b/32on64-extra-mem.patch index 890a97b..8b42aa9 100644 --- a/32on64-extra-mem.patch +++ b/32on64-extra-mem.patch @@ -1,8 +1,8 @@ -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2984,7 +2984,7 @@ class XendDomainInfo: +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -2985,7 +2985,7 @@ class XendDomainInfo: self.guest_bitsize = self.image.getBitSize() # Make sure there's enough RAM available for the domain diff --git a/CVE-2012-6075-xsa41.patch b/CVE-2012-6075-xsa41.patch deleted file mode 100644 index 389b76b..0000000 --- a/CVE-2012-6075-xsa41.patch +++ /dev/null @@ -1,88 +0,0 @@ -Subject: e1000: Discard packets that are too long if !SBP and !LPE -From: Michael Contreras michael@inetric.com Sun Dec 2 20:11:22 2012 -0800 -Date: Wed Jan 16 14:12:40 2013 +0000: -Git: b4e9b8169dedc0bcf0d3abe07642f761ac70aeea - -The e1000_receive function for the e1000 needs to discard packets longer than -1522 bytes if the SBP and LPE flags are disabled. The linux driver assumes -this behavior and allocates memory based on this assumption. - -Signed-off-by: Michael Contreras -Signed-off-by: Anthony Liguori - -Subject: e1000: Discard oversized packets based on SBP|LPE -From: Michael Contreras -Date: Wed, 5 Dec 2012 18:31:30 +0000 (-0500) - -e1000: Discard oversized packets based on SBP|LPE - -Discard packets longer than 16384 when !SBP to match the hardware behavior. - -Signed-off-by: Michael Contreras -Signed-off-by: Stefan Hajnoczi - -[ This is a security vulnerability, CVE-2012-6075 / XSA-41. ] -(cherry picked from commit 4c2cae2a882db4d2a231b27b3b31a5bbec6dacbf) - -Index: xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/hw/e1000.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/e1000.c -+++ xen-4.2.1-testing/tools/qemu-xen-traditional-dir-remote/hw/e1000.c -@@ -55,6 +55,11 @@ static int debugflags = DBGBIT(TXERR) | - #define REG_IOADDR 0x0 - #define REG_IODATA 0x4 - -+/* this is the size past which hardware will drop packets when setting LPE=0 */ -+#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 -+/* this is the size past which hardware will drop packets when setting LPE=1 */ -+#define MAXIMUM_ETHERNET_LPE_SIZE 16384 -+ - /* - * HW models: - * E1000_DEV_ID_82540EM works with Windows and Linux -@@ -628,6 +633,14 @@ e1000_receive(void *opaque, const uint8_ - return; - } - -+ /* Discard oversized packets if !LPE and !SBP. */ -+ if ((size > MAXIMUM_ETHERNET_LPE_SIZE || -+ (size > MAXIMUM_ETHERNET_VLAN_SIZE -+ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE))) -+ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { -+ return; -+ } -+ - if (!receive_filter(s, buf, size)) - return; - -Index: xen-4.2.1-testing/tools/qemu-xen-dir-remote/hw/e1000.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/qemu-xen-dir-remote/hw/e1000.c -+++ xen-4.2.1-testing/tools/qemu-xen-dir-remote/hw/e1000.c -@@ -59,6 +59,11 @@ static int debugflags = DBGBIT(TXERR) | - #define PNPMMIO_SIZE 0x20000 - #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ - -+/* this is the size past which hardware will drop packets when setting LPE=0 */ -+#define MAXIMUM_ETHERNET_VLAN_SIZE 1522 -+/* this is the size past which hardware will drop packets when setting LPE=1 */ -+#define MAXIMUM_ETHERNET_LPE_SIZE 16384 -+ - /* - * HW models: - * E1000_DEV_ID_82540EM works with Windows and Linux -@@ -693,6 +698,14 @@ e1000_receive(VLANClientState *nc, const - size = sizeof(min_buf); - } - -+ /* Discard oversized packets if !LPE and !SBP. */ -+ if ((size > MAXIMUM_ETHERNET_LPE_SIZE || -+ (size > MAXIMUM_ETHERNET_VLAN_SIZE -+ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE))) -+ && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { -+ return size; -+ } -+ - if (!receive_filter(s, buf, size)) - return size; - diff --git a/CVE-2013-0151-xsa34.patch b/CVE-2013-0151-xsa34.patch deleted file mode 100644 index e8fc8ff..0000000 --- a/CVE-2013-0151-xsa34.patch +++ /dev/null @@ -1,32 +0,0 @@ -References: CVE-2013-0151 XSA-34 bnc#797285 - -x86_32: don't allow use of nested HVM - -There are (indirect) uses of map_domain_page() in the nested HVM code -that are unsafe when not just using the 1:1 mapping. - -This is XSA-34 / CVE-2013-0151. - -Signed-off-by: Jan Beulich - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -3930,6 +3930,10 @@ long do_hvm_op(unsigned long op, XEN_GUE - rc = -EINVAL; - break; - case HVM_PARAM_NESTEDHVM: -+#ifdef __i386__ -+ if ( a.value ) -+ rc = -EINVAL; -+#else - if ( a.value > 1 ) - rc = -EINVAL; - if ( !is_hvm_domain(d) ) -@@ -3944,6 +3948,7 @@ long do_hvm_op(unsigned long op, XEN_GUE - for_each_vcpu(d, v) - if ( rc == 0 ) - rc = nestedhvm_vcpu_initialise(v); -+#endif - break; - case HVM_PARAM_BUFIOREQ_EVTCHN: - rc = -EINVAL; diff --git a/CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch b/CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch new file mode 100644 index 0000000..8710f96 --- /dev/null +++ b/CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch @@ -0,0 +1,262 @@ +x86: make vcpu_destroy_pagetables() preemptible + +... as it may take significant amounts of time. + +The function, being moved to mm.c as the better home for it anyway, and +to avoid having to make a new helper function there non-static, is +given a "preemptible" parameter temporarily (until, in a subsequent +patch, its other caller is also being made capable of dealing with +preemption). + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/domain.c ++++ xen-4.2.1-testing/xen/arch/x86/domain.c +@@ -73,8 +73,6 @@ void (*dead_idle) (void) __read_mostly = + static void paravirt_ctxt_switch_from(struct vcpu *v); + static void paravirt_ctxt_switch_to(struct vcpu *v); + +-static void vcpu_destroy_pagetables(struct vcpu *v); +- + static void default_idle(void) + { + local_irq_disable(); +@@ -1058,7 +1056,7 @@ void arch_vcpu_reset(struct vcpu *v) + if ( !is_hvm_vcpu(v) ) + { + destroy_gdt(v); +- vcpu_destroy_pagetables(v); ++ vcpu_destroy_pagetables(v, 0); + } + else + { +@@ -2069,63 +2067,6 @@ static int relinquish_memory( + return ret; + } + +-static void vcpu_destroy_pagetables(struct vcpu *v) +-{ +- struct domain *d = v->domain; +- unsigned long pfn; +- +-#ifdef __x86_64__ +- if ( is_pv_32on64_vcpu(v) ) +- { +- pfn = l4e_get_pfn(*(l4_pgentry_t *) +- __va(pagetable_get_paddr(v->arch.guest_table))); +- +- if ( pfn != 0 ) +- { +- if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(pfn)); +- else +- put_page_and_type(mfn_to_page(pfn)); +- } +- +- l4e_write( +- (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)), +- l4e_empty()); +- +- v->arch.cr3 = 0; +- return; +- } +-#endif +- +- pfn = pagetable_get_pfn(v->arch.guest_table); +- if ( pfn != 0 ) +- { +- if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(pfn)); +- else +- put_page_and_type(mfn_to_page(pfn)); +- v->arch.guest_table = pagetable_null(); +- } +- +-#ifdef __x86_64__ +- /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */ +- pfn = pagetable_get_pfn(v->arch.guest_table_user); +- if ( pfn != 0 ) +- { +- if ( !is_pv_32bit_vcpu(v) ) +- { +- if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(pfn)); +- else +- put_page_and_type(mfn_to_page(pfn)); +- } +- v->arch.guest_table_user = pagetable_null(); +- } +-#endif +- +- v->arch.cr3 = 0; +-} +- + int domain_relinquish_resources(struct domain *d) + { + int ret; +@@ -2143,7 +2084,11 @@ int domain_relinquish_resources(struct d + + /* Drop the in-use references to page-table bases. */ + for_each_vcpu ( d, v ) +- vcpu_destroy_pagetables(v); ++ { ++ ret = vcpu_destroy_pagetables(v, 1); ++ if ( ret ) ++ return ret; ++ } + + if ( !is_hvm_domain(d) ) + { +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -2825,6 +2825,82 @@ static void put_superpage(unsigned long + + #endif + ++static int put_old_guest_table(struct vcpu *v) ++{ ++ int rc; ++ ++ if ( !v->arch.old_guest_table ) ++ return 0; ++ ++ switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table, 1) ) ++ { ++ case -EINTR: ++ case -EAGAIN: ++ return -EAGAIN; ++ } ++ ++ v->arch.old_guest_table = NULL; ++ ++ return rc; ++} ++ ++int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible) ++{ ++ unsigned long mfn = pagetable_get_pfn(v->arch.guest_table); ++ struct page_info *page; ++ int rc = put_old_guest_table(v); ++ ++ if ( rc ) ++ return rc; ++ ++#ifdef __x86_64__ ++ if ( is_pv_32on64_vcpu(v) ) ++ mfn = l4e_get_pfn(*(l4_pgentry_t *)mfn_to_virt(mfn)); ++#endif ++ ++ if ( mfn ) ++ { ++ page = mfn_to_page(mfn); ++ if ( paging_mode_refcounts(v->domain) ) ++ put_page(page); ++ else ++ rc = put_page_and_type_preemptible(page, preemptible); ++ } ++ ++#ifdef __x86_64__ ++ if ( is_pv_32on64_vcpu(v) ) ++ { ++ if ( !rc ) ++ l4e_write( ++ (l4_pgentry_t *)__va(pagetable_get_paddr(v->arch.guest_table)), ++ l4e_empty()); ++ } ++ else ++#endif ++ if ( !rc ) ++ { ++ v->arch.guest_table = pagetable_null(); ++ ++#ifdef __x86_64__ ++ /* Drop ref to guest_table_user (from MMUEXT_NEW_USER_BASEPTR) */ ++ mfn = pagetable_get_pfn(v->arch.guest_table_user); ++ if ( mfn ) ++ { ++ page = mfn_to_page(mfn); ++ if ( paging_mode_refcounts(v->domain) ) ++ put_page(page); ++ else ++ rc = put_page_and_type_preemptible(page, preemptible); ++ } ++ if ( !rc ) ++ v->arch.guest_table_user = pagetable_null(); ++#endif ++ } ++ ++ v->arch.cr3 = 0; ++ ++ return rc; ++} + + int new_guest_cr3(unsigned long mfn) + { +@@ -3011,12 +3087,21 @@ long do_mmuext_op( + unsigned int foreigndom) + { + struct mmuext_op op; +- int rc = 0, i = 0, okay; + unsigned long type; +- unsigned int done = 0; ++ unsigned int i = 0, done = 0; + struct vcpu *curr = current; + struct domain *d = curr->domain; + struct domain *pg_owner; ++ int okay, rc = put_old_guest_table(curr); ++ ++ if ( unlikely(rc) ) ++ { ++ if ( likely(rc == -EAGAIN) ) ++ rc = hypercall_create_continuation( ++ __HYPERVISOR_mmuext_op, "hihi", uops, count, pdone, ++ foreigndom); ++ return rc; ++ } + + if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) + { +Index: xen-4.2.1-testing/xen/arch/x86/x86_64/compat/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/x86_64/compat/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/x86_64/compat/mm.c +@@ -365,7 +365,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm + : mcs->call.args[1]; + unsigned int left = arg1 & ~MMU_UPDATE_PREEMPTED; + +- BUG_ON(left == arg1); ++ BUG_ON(left == arg1 && left != i); + BUG_ON(left > count); + guest_handle_add_offset(nat_ops, i - left); + guest_handle_subtract_offset(cmp_uops, left); +Index: xen-4.2.1-testing/xen/include/asm-x86/domain.h +=================================================================== +--- xen-4.2.1-testing.orig/xen/include/asm-x86/domain.h ++++ xen-4.2.1-testing/xen/include/asm-x86/domain.h +@@ -464,6 +464,7 @@ struct arch_vcpu + pagetable_t guest_table_user; /* (MFN) x86/64 user-space pagetable */ + #endif + pagetable_t guest_table; /* (MFN) guest notion of cr3 */ ++ struct page_info *old_guest_table; /* partially destructed pagetable */ + /* guest_table holds a ref to the page, and also a type-count unless + * shadow refcounts are in use */ + pagetable_t shadow_table[4]; /* (MFN) shadow(s) of guest */ +Index: xen-4.2.1-testing/xen/include/asm-x86/mm.h +=================================================================== +--- xen-4.2.1-testing.orig/xen/include/asm-x86/mm.h ++++ xen-4.2.1-testing/xen/include/asm-x86/mm.h +@@ -605,6 +605,7 @@ void audit_domains(void); + int new_guest_cr3(unsigned long pfn); + void make_cr3(struct vcpu *v, unsigned long mfn); + void update_cr3(struct vcpu *v); ++int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible); + void propagate_page_fault(unsigned long addr, u16 error_code); + void *do_page_walk(struct vcpu *v, unsigned long addr); + diff --git a/CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch b/CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch new file mode 100644 index 0000000..6174daa --- /dev/null +++ b/CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch @@ -0,0 +1,173 @@ +x86: make new_guest_cr3() preemptible + +... as it may take significant amounts of time. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -2906,44 +2906,69 @@ int new_guest_cr3(unsigned long mfn) + { + struct vcpu *curr = current; + struct domain *d = curr->domain; +- int okay; ++ int rc; + unsigned long old_base_mfn; + + #ifdef __x86_64__ + if ( is_pv_32on64_domain(d) ) + { +- okay = paging_mode_refcounts(d) +- ? 0 /* Old code was broken, but what should it be? */ +- : mod_l4_entry( ++ rc = paging_mode_refcounts(d) ++ ? -EINVAL /* Old code was broken, but what should it be? */ ++ : mod_l4_entry( + __va(pagetable_get_paddr(curr->arch.guest_table)), + l4e_from_pfn( + mfn, + (_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED)), +- pagetable_get_pfn(curr->arch.guest_table), 0, 0, curr) == 0; +- if ( unlikely(!okay) ) ++ pagetable_get_pfn(curr->arch.guest_table), 0, 1, curr); ++ switch ( rc ) + { ++ case 0: ++ break; ++ case -EINTR: ++ case -EAGAIN: ++ return -EAGAIN; ++ default: + MEM_LOG("Error while installing new compat baseptr %lx", mfn); +- return 0; ++ return rc; + } + + invalidate_shadow_ldt(curr, 0); + write_ptbase(curr); + +- return 1; ++ return 0; + } + #endif +- okay = paging_mode_refcounts(d) +- ? get_page_from_pagenr(mfn, d) +- : !get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 0); +- if ( unlikely(!okay) ) ++ rc = put_old_guest_table(curr); ++ if ( unlikely(rc) ) ++ return rc; ++ ++ old_base_mfn = pagetable_get_pfn(curr->arch.guest_table); ++ /* ++ * This is particularly important when getting restarted after the ++ * previous attempt got preempted in the put-old-MFN phase. ++ */ ++ if ( old_base_mfn == mfn ) + { +- MEM_LOG("Error while installing new baseptr %lx", mfn); ++ write_ptbase(curr); + return 0; + } + +- invalidate_shadow_ldt(curr, 0); ++ rc = paging_mode_refcounts(d) ++ ? (get_page_from_pagenr(mfn, d) ? 0 : -EINVAL) ++ : get_page_and_type_from_pagenr(mfn, PGT_root_page_table, d, 0, 1); ++ switch ( rc ) ++ { ++ case 0: ++ break; ++ case -EINTR: ++ case -EAGAIN: ++ return -EAGAIN; ++ default: ++ MEM_LOG("Error while installing new baseptr %lx", mfn); ++ return rc; ++ } + +- old_base_mfn = pagetable_get_pfn(curr->arch.guest_table); ++ invalidate_shadow_ldt(curr, 0); + + curr->arch.guest_table = pagetable_from_pfn(mfn); + update_cr3(curr); +@@ -2952,13 +2977,25 @@ int new_guest_cr3(unsigned long mfn) + + if ( likely(old_base_mfn != 0) ) + { ++ struct page_info *page = mfn_to_page(old_base_mfn); ++ + if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(old_base_mfn)); ++ put_page(page); + else +- put_page_and_type(mfn_to_page(old_base_mfn)); ++ switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ { ++ case -EINTR: ++ rc = -EAGAIN; ++ case -EAGAIN: ++ curr->arch.old_guest_table = page; ++ break; ++ default: ++ BUG_ON(rc); ++ break; ++ } + } + +- return 1; ++ return rc; + } + + static struct domain *get_pg_owner(domid_t domid) +@@ -3256,8 +3293,13 @@ long do_mmuext_op( + } + + case MMUEXT_NEW_BASEPTR: +- okay = (!paging_mode_translate(d) +- && new_guest_cr3(op.arg1.mfn)); ++ if ( paging_mode_translate(d) ) ++ okay = 0; ++ else ++ { ++ rc = new_guest_cr3(op.arg1.mfn); ++ okay = !rc; ++ } + break; + + +Index: xen-4.2.1-testing/xen/arch/x86/traps.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/traps.c ++++ xen-4.2.1-testing/xen/arch/x86/traps.c +@@ -2407,12 +2407,23 @@ static int emulate_privileged_op(struct + #endif + } + page = get_page_from_gfn(v->domain, gfn, NULL, P2M_ALLOC); +- rc = page ? new_guest_cr3(page_to_mfn(page)) : 0; + if ( page ) ++ { ++ rc = new_guest_cr3(page_to_mfn(page)); + put_page(page); ++ } ++ else ++ rc = -EINVAL; + domain_unlock(v->domain); +- if ( rc == 0 ) /* not okay */ ++ switch ( rc ) ++ { ++ case 0: ++ break; ++ case -EAGAIN: /* retry after preemption */ ++ goto skip; ++ default: /* not okay */ + goto fail; ++ } + break; + } + diff --git a/CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch b/CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch new file mode 100644 index 0000000..86aac80 --- /dev/null +++ b/CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch @@ -0,0 +1,76 @@ +x86: make MMUEXT_NEW_USER_BASEPTR preemptible + +... as it may take significant amounts of time. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -3313,29 +3313,56 @@ long do_mmuext_op( + break; + } + ++ old_mfn = pagetable_get_pfn(curr->arch.guest_table_user); ++ /* ++ * This is particularly important when getting restarted after the ++ * previous attempt got preempted in the put-old-MFN phase. ++ */ ++ if ( old_mfn == op.arg1.mfn ) ++ break; ++ + if ( op.arg1.mfn != 0 ) + { + if ( paging_mode_refcounts(d) ) + okay = get_page_from_pagenr(op.arg1.mfn, d); + else +- okay = !get_page_and_type_from_pagenr( +- op.arg1.mfn, PGT_root_page_table, d, 0, 0); ++ { ++ rc = get_page_and_type_from_pagenr( ++ op.arg1.mfn, PGT_root_page_table, d, 0, 1); ++ okay = !rc; ++ } + if ( unlikely(!okay) ) + { +- MEM_LOG("Error while installing new mfn %lx", op.arg1.mfn); ++ if ( rc == -EINTR ) ++ rc = -EAGAIN; ++ else if ( rc != -EAGAIN ) ++ MEM_LOG("Error while installing new mfn %lx", ++ op.arg1.mfn); + break; + } + } + +- old_mfn = pagetable_get_pfn(curr->arch.guest_table_user); + curr->arch.guest_table_user = pagetable_from_pfn(op.arg1.mfn); + + if ( old_mfn != 0 ) + { ++ struct page_info *page = mfn_to_page(old_mfn); ++ + if ( paging_mode_refcounts(d) ) +- put_page(mfn_to_page(old_mfn)); ++ put_page(page); + else +- put_page_and_type(mfn_to_page(old_mfn)); ++ switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ { ++ case -EINTR: ++ rc = -EAGAIN; ++ case -EAGAIN: ++ curr->arch.old_guest_table = page; ++ okay = 0; ++ break; ++ default: ++ BUG_ON(rc); ++ break; ++ } + } + + break; diff --git a/CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch b/CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch new file mode 100644 index 0000000..592a382 --- /dev/null +++ b/CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch @@ -0,0 +1,218 @@ +x86: make vcpu_reset() preemptible + +... as dropping the old page tables may take significant amounts of +time. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.2-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/domain.c ++++ xen-4.2.2-testing/xen/arch/x86/domain.c +@@ -1051,17 +1051,16 @@ int arch_set_info_guest( + #undef c + } + +-void arch_vcpu_reset(struct vcpu *v) ++int arch_vcpu_reset(struct vcpu *v) + { + if ( !is_hvm_vcpu(v) ) + { + destroy_gdt(v); +- vcpu_destroy_pagetables(v, 0); +- } +- else +- { +- vcpu_end_shutdown_deferral(v); ++ return vcpu_destroy_pagetables(v); + } ++ ++ vcpu_end_shutdown_deferral(v); ++ return 0; + } + + /* +@@ -2085,7 +2084,7 @@ int domain_relinquish_resources(struct d + /* Drop the in-use references to page-table bases. */ + for_each_vcpu ( d, v ) + { +- ret = vcpu_destroy_pagetables(v, 1); ++ ret = vcpu_destroy_pagetables(v); + if ( ret ) + return ret; + } +Index: xen-4.2.2-testing/xen/arch/x86/hvm/hvm.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/hvm.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/hvm.c +@@ -3577,8 +3577,11 @@ static void hvm_s3_suspend(struct domain + + for_each_vcpu ( d, v ) + { ++ int rc; ++ + vlapic_reset(vcpu_vlapic(v)); +- vcpu_reset(v); ++ rc = vcpu_reset(v); ++ ASSERT(!rc); + } + + vpic_reset(d); +Index: xen-4.2.2-testing/xen/arch/x86/hvm/vlapic.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/hvm/vlapic.c ++++ xen-4.2.2-testing/xen/arch/x86/hvm/vlapic.c +@@ -255,10 +255,13 @@ static void vlapic_init_sipi_action(unsi + { + case APIC_DM_INIT: { + bool_t fpu_initialised; ++ int rc; ++ + domain_lock(target->domain); + /* Reset necessary VCPU state. This does not include FPU state. */ + fpu_initialised = target->fpu_initialised; +- vcpu_reset(target); ++ rc = vcpu_reset(target); ++ ASSERT(!rc); + target->fpu_initialised = fpu_initialised; + vlapic_reset(vcpu_vlapic(target)); + domain_unlock(target->domain); +Index: xen-4.2.2-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.2-testing/xen/arch/x86/mm.c +@@ -2844,7 +2844,7 @@ static int put_old_guest_table(struct vc + return rc; + } + +-int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible) ++int vcpu_destroy_pagetables(struct vcpu *v) + { + unsigned long mfn = pagetable_get_pfn(v->arch.guest_table); + struct page_info *page; +@@ -2864,7 +2864,7 @@ int vcpu_destroy_pagetables(struct vcpu + if ( paging_mode_refcounts(v->domain) ) + put_page(page); + else +- rc = put_page_and_type_preemptible(page, preemptible); ++ rc = put_page_and_type_preemptible(page, 1); + } + + #ifdef __x86_64__ +@@ -2890,7 +2890,7 @@ int vcpu_destroy_pagetables(struct vcpu + if ( paging_mode_refcounts(v->domain) ) + put_page(page); + else +- rc = put_page_and_type_preemptible(page, preemptible); ++ rc = put_page_and_type_preemptible(page, 1); + } + if ( !rc ) + v->arch.guest_table_user = pagetable_null(); +Index: xen-4.2.2-testing/xen/common/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/domain.c ++++ xen-4.2.2-testing/xen/common/domain.c +@@ -779,14 +779,18 @@ void domain_unpause_by_systemcontroller( + domain_unpause(d); + } + +-void vcpu_reset(struct vcpu *v) ++int vcpu_reset(struct vcpu *v) + { + struct domain *d = v->domain; ++ int rc; + + vcpu_pause(v); + domain_lock(d); + +- arch_vcpu_reset(v); ++ set_bit(_VPF_in_reset, &v->pause_flags); ++ rc = arch_vcpu_reset(v); ++ if ( rc ) ++ goto out_unlock; + + set_bit(_VPF_down, &v->pause_flags); + +@@ -802,9 +806,13 @@ void vcpu_reset(struct vcpu *v) + #endif + cpumask_clear(v->cpu_affinity_tmp); + clear_bit(_VPF_blocked, &v->pause_flags); ++ clear_bit(_VPF_in_reset, &v->pause_flags); + ++ out_unlock: + domain_unlock(v->domain); + vcpu_unpause(v); ++ ++ return rc; + } + + +Index: xen-4.2.2-testing/xen/common/domctl.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/domctl.c ++++ xen-4.2.2-testing/xen/common/domctl.c +@@ -307,8 +307,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc + + if ( guest_handle_is_null(op->u.vcpucontext.ctxt) ) + { +- vcpu_reset(v); +- ret = 0; ++ ret = vcpu_reset(v); ++ if ( ret == -EAGAIN ) ++ ret = hypercall_create_continuation( ++ __HYPERVISOR_domctl, "h", u_domctl); + goto svc_out; + } + +Index: xen-4.2.2-testing/xen/include/asm-x86/mm.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/asm-x86/mm.h ++++ xen-4.2.2-testing/xen/include/asm-x86/mm.h +@@ -605,7 +605,7 @@ void audit_domains(void); + int new_guest_cr3(unsigned long pfn); + void make_cr3(struct vcpu *v, unsigned long mfn); + void update_cr3(struct vcpu *v); +-int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible); ++int vcpu_destroy_pagetables(struct vcpu *); + void propagate_page_fault(unsigned long addr, u16 error_code); + void *do_page_walk(struct vcpu *v, unsigned long addr); + +Index: xen-4.2.2-testing/xen/include/xen/domain.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/domain.h ++++ xen-4.2.2-testing/xen/include/xen/domain.h +@@ -13,7 +13,7 @@ typedef union { + struct vcpu *alloc_vcpu( + struct domain *d, unsigned int vcpu_id, unsigned int cpu_id); + struct vcpu *alloc_dom0_vcpu0(void); +-void vcpu_reset(struct vcpu *v); ++int vcpu_reset(struct vcpu *); + + struct xen_domctl_getdomaininfo; + void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info); +@@ -67,7 +67,7 @@ void arch_dump_vcpu_info(struct vcpu *v) + + void arch_dump_domain_info(struct domain *d); + +-void arch_vcpu_reset(struct vcpu *v); ++int arch_vcpu_reset(struct vcpu *); + + extern spinlock_t vcpu_alloc_lock; + bool_t domctl_lock_acquire(void); +Index: xen-4.2.2-testing/xen/include/xen/sched.h +=================================================================== +--- xen-4.2.2-testing.orig/xen/include/xen/sched.h ++++ xen-4.2.2-testing/xen/include/xen/sched.h +@@ -644,6 +644,9 @@ static inline struct domain *next_domain + /* VCPU is blocked due to missing mem_sharing ring. */ + #define _VPF_mem_sharing 6 + #define VPF_mem_sharing (1UL<<_VPF_mem_sharing) ++ /* VCPU is being reset. */ ++#define _VPF_in_reset 7 ++#define VPF_in_reset (1UL<<_VPF_in_reset) + + static inline int vcpu_runnable(struct vcpu *v) + { diff --git a/CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch b/CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch new file mode 100644 index 0000000..776c1a6 --- /dev/null +++ b/CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch @@ -0,0 +1,212 @@ +x86: make arch_set_info_guest() preemptible + +.. as the root page table validation (and the dropping of an eventual +old one) can require meaningful amounts of time. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.2-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/arch/x86/domain.c ++++ xen-4.2.2-testing/xen/arch/x86/domain.c +@@ -858,6 +858,9 @@ int arch_set_info_guest( + + if ( !v->is_initialised ) + { ++ if ( !compat && !(flags & VGCF_in_kernel) && !c.nat->ctrlreg[1] ) ++ return -EINVAL; ++ + v->arch.pv_vcpu.ldt_base = c(ldt_base); + v->arch.pv_vcpu.ldt_ents = c(ldt_ents); + } +@@ -955,24 +958,44 @@ int arch_set_info_guest( + if ( rc != 0 ) + return rc; + ++ set_bit(_VPF_in_reset, &v->pause_flags); ++ + if ( !compat ) +- { + cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[3]); +- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); +- +- if ( !cr3_page ) +- { +- destroy_gdt(v); +- return -EINVAL; +- } +- if ( !paging_mode_refcounts(d) +- && !get_page_type(cr3_page, PGT_base_page_table) ) +- { +- put_page(cr3_page); +- destroy_gdt(v); +- return -EINVAL; +- } ++#ifdef CONFIG_COMPAT ++ else ++ cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]); ++#endif ++ cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); + ++ if ( !cr3_page ) ++ rc = -EINVAL; ++ else if ( paging_mode_refcounts(d) ) ++ /* nothing */; ++ else if ( cr3_page == v->arch.old_guest_table ) ++ { ++ v->arch.old_guest_table = NULL; ++ put_page(cr3_page); ++ } ++ else ++ { ++ /* ++ * Since v->arch.guest_table{,_user} are both NULL, this effectively ++ * is just a call to put_old_guest_table(). ++ */ ++ if ( !compat ) ++ rc = vcpu_destroy_pagetables(v); ++ if ( !rc ) ++ rc = get_page_type_preemptible(cr3_page, ++ !compat ? PGT_root_page_table ++ : PGT_l3_page_table); ++ if ( rc == -EINTR ) ++ rc = -EAGAIN; ++ } ++ if ( rc ) ++ /* handled below */; ++ else if ( !compat ) ++ { + v->arch.guest_table = pagetable_from_page(cr3_page); + #ifdef __x86_64__ + if ( c.nat->ctrlreg[1] ) +@@ -980,56 +1003,44 @@ int arch_set_info_guest( + cr3_gfn = xen_cr3_to_pfn(c.nat->ctrlreg[1]); + cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); + +- if ( !cr3_page || +- (!paging_mode_refcounts(d) +- && !get_page_type(cr3_page, PGT_base_page_table)) ) ++ if ( !cr3_page ) ++ rc = -EINVAL; ++ else if ( !paging_mode_refcounts(d) ) + { +- if (cr3_page) +- put_page(cr3_page); +- cr3_page = pagetable_get_page(v->arch.guest_table); +- v->arch.guest_table = pagetable_null(); +- if ( paging_mode_refcounts(d) ) +- put_page(cr3_page); +- else +- put_page_and_type(cr3_page); +- destroy_gdt(v); +- return -EINVAL; ++ rc = get_page_type_preemptible(cr3_page, PGT_root_page_table); ++ switch ( rc ) ++ { ++ case -EINTR: ++ rc = -EAGAIN; ++ case -EAGAIN: ++ v->arch.old_guest_table = ++ pagetable_get_page(v->arch.guest_table); ++ v->arch.guest_table = pagetable_null(); ++ break; ++ } + } +- +- v->arch.guest_table_user = pagetable_from_page(cr3_page); +- } +- else if ( !(flags & VGCF_in_kernel) ) +- { +- destroy_gdt(v); +- return -EINVAL; ++ if ( !rc ) ++ v->arch.guest_table_user = pagetable_from_page(cr3_page); + } + } + else + { + l4_pgentry_t *l4tab; + +- cr3_gfn = compat_cr3_to_pfn(c.cmp->ctrlreg[3]); +- cr3_page = get_page_from_gfn(d, cr3_gfn, NULL, P2M_ALLOC); +- +- if ( !cr3_page) +- { +- destroy_gdt(v); +- return -EINVAL; +- } +- +- if (!paging_mode_refcounts(d) +- && !get_page_type(cr3_page, PGT_l3_page_table) ) +- { +- put_page(cr3_page); +- destroy_gdt(v); +- return -EINVAL; +- } +- + l4tab = __va(pagetable_get_paddr(v->arch.guest_table)); + *l4tab = l4e_from_pfn(page_to_mfn(cr3_page), + _PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED); + #endif + } ++ if ( rc ) ++ { ++ if ( cr3_page ) ++ put_page(cr3_page); ++ destroy_gdt(v); ++ return rc; ++ } ++ ++ clear_bit(_VPF_in_reset, &v->pause_flags); + + if ( v->vcpu_id == 0 ) + update_domain_wallclock_time(d); +Index: xen-4.2.2-testing/xen/common/compat/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/compat/domain.c ++++ xen-4.2.2-testing/xen/common/compat/domain.c +@@ -50,6 +50,10 @@ int compat_vcpu_op(int cmd, int vcpuid, + rc = v->is_initialised ? -EEXIST : arch_set_info_guest(v, cmp_ctxt); + domain_unlock(d); + ++ if ( rc == -EAGAIN ) ++ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih", ++ cmd, vcpuid, arg); ++ + xfree(cmp_ctxt); + break; + } +Index: xen-4.2.2-testing/xen/common/domain.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/domain.c ++++ xen-4.2.2-testing/xen/common/domain.c +@@ -849,6 +849,11 @@ long do_vcpu_op(int cmd, int vcpuid, XEN + domain_unlock(d); + + free_vcpu_guest_context(ctxt); ++ ++ if ( rc == -EAGAIN ) ++ rc = hypercall_create_continuation(__HYPERVISOR_vcpu_op, "iih", ++ cmd, vcpuid, arg); ++ + break; + + case VCPUOP_up: { +Index: xen-4.2.2-testing/xen/common/domctl.c +=================================================================== +--- xen-4.2.2-testing.orig/xen/common/domctl.c ++++ xen-4.2.2-testing/xen/common/domctl.c +@@ -339,6 +339,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc + domain_pause(d); + ret = arch_set_info_guest(v, c); + domain_unpause(d); ++ ++ if ( ret == -EAGAIN ) ++ ret = hypercall_create_continuation( ++ __HYPERVISOR_domctl, "h", u_domctl); + } + + svc_out: diff --git a/CVE-2013-1918-xsa45-6-unpin-preemptible.patch b/CVE-2013-1918-xsa45-6-unpin-preemptible.patch new file mode 100644 index 0000000..d7f7253 --- /dev/null +++ b/CVE-2013-1918-xsa45-6-unpin-preemptible.patch @@ -0,0 +1,131 @@ +x86: make page table unpinning preemptible + +... as it may take significant amounts of time. + +Since we can't re-invoke the operation in a second attempt, the +continuation logic must be slightly tweaked so that we make sure +do_mmuext_op() gets run one more time even when the preempted unpin +operation was the last one in a batch. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -3140,6 +3140,14 @@ long do_mmuext_op( + return rc; + } + ++ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && ++ likely(guest_handle_is_null(uops)) ) ++ { ++ /* See the curr->arch.old_guest_table related ++ * hypercall_create_continuation() below. */ ++ return (int)foreigndom; ++ } ++ + if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) + { + count &= ~MMU_UPDATE_PREEMPTED; +@@ -3163,7 +3171,7 @@ long do_mmuext_op( + + for ( i = 0; i < count; i++ ) + { +- if ( hypercall_preempt_check() ) ++ if ( curr->arch.old_guest_table || hypercall_preempt_check() ) + { + rc = -EAGAIN; + break; +@@ -3283,7 +3291,17 @@ long do_mmuext_op( + break; + } + +- put_page_and_type(page); ++ switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ { ++ case -EINTR: ++ case -EAGAIN: ++ curr->arch.old_guest_table = page; ++ rc = 0; ++ break; ++ default: ++ BUG_ON(rc); ++ break; ++ } + put_page(page); + + /* A page is dirtied when its pin status is cleared. */ +@@ -3604,9 +3622,27 @@ long do_mmuext_op( + } + + if ( rc == -EAGAIN ) ++ { ++ ASSERT(i < count); + rc = hypercall_create_continuation( + __HYPERVISOR_mmuext_op, "hihi", + uops, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom); ++ } ++ else if ( curr->arch.old_guest_table ) ++ { ++ XEN_GUEST_HANDLE(void) null; ++ ++ ASSERT(rc || i == count); ++ set_xen_guest_handle(null, NULL); ++ /* ++ * In order to have a way to communicate the final return value to ++ * our continuation, we pass this in place of "foreigndom", building ++ * on the fact that this argument isn't needed anymore. ++ */ ++ rc = hypercall_create_continuation( ++ __HYPERVISOR_mmuext_op, "hihi", null, ++ MMU_UPDATE_PREEMPTED, null, rc); ++ } + + put_pg_owner(pg_owner); + +Index: xen-4.2.1-testing/xen/arch/x86/x86_64/compat/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/x86_64/compat/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/x86_64/compat/mm.c +@@ -268,6 +268,13 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm + int rc = 0; + XEN_GUEST_HANDLE(mmuext_op_t) nat_ops; + ++ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && ++ likely(guest_handle_is_null(cmp_uops)) ) ++ { ++ set_xen_guest_handle(nat_ops, NULL); ++ return do_mmuext_op(nat_ops, count, pdone, foreigndom); ++ } ++ + preempt_mask = count & MMU_UPDATE_PREEMPTED; + count ^= preempt_mask; + +@@ -370,12 +377,18 @@ int compat_mmuext_op(XEN_GUEST_HANDLE(mm + guest_handle_add_offset(nat_ops, i - left); + guest_handle_subtract_offset(cmp_uops, left); + left = 1; +- BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, cmp_uops)); +- BUG_ON(left != arg1); +- if (!test_bit(_MCSF_in_multicall, &mcs->flags)) +- regs->_ecx += count - i; ++ if ( arg1 != MMU_UPDATE_PREEMPTED ) ++ { ++ BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, ++ cmp_uops)); ++ if ( !test_bit(_MCSF_in_multicall, &mcs->flags) ) ++ regs->_ecx += count - i; ++ else ++ mcs->compat_call.args[1] += count - i; ++ } + else +- mcs->compat_call.args[1] += count - i; ++ BUG_ON(hypercall_xlat_continuation(&left, 0)); ++ BUG_ON(left != arg1); + } + else + BUG_ON(err > 0); diff --git a/CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch b/CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch new file mode 100644 index 0000000..3ec971c --- /dev/null +++ b/CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch @@ -0,0 +1,257 @@ +x86: make page table handling error paths preemptible + +... as they may take significant amounts of time. + +This requires cloning the tweaked continuation logic from +do_mmuext_op() to do_mmu_update(). + +Note that in mod_l[34]_entry() a negative "preemptible" value gets +passed to put_page_from_l[34]e() now, telling the callee to store the +respective page in current->arch.old_guest_table (for a hypercall +continuation to pick up), rather than carrying out the put right away. +This is going to be made a little more explicit by a subsequent cleanup +patch. + +This is part of CVE-2013-1918 / XSA-45. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +Index: xen-4.2.1-testing/xen/arch/x86/mm.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/mm.c ++++ xen-4.2.1-testing/xen/arch/x86/mm.c +@@ -1258,7 +1258,16 @@ static int put_page_from_l3e(l3_pgentry_ + #endif + + if ( unlikely(partial > 0) ) ++ { ++ ASSERT(preemptible >= 0); + return __put_page_type(l3e_get_page(l3e), preemptible); ++ } ++ ++ if ( preemptible < 0 ) ++ { ++ current->arch.old_guest_table = l3e_get_page(l3e); ++ return 0; ++ } + + return put_page_and_type_preemptible(l3e_get_page(l3e), preemptible); + } +@@ -1271,7 +1280,17 @@ static int put_page_from_l4e(l4_pgentry_ + (l4e_get_pfn(l4e) != pfn) ) + { + if ( unlikely(partial > 0) ) ++ { ++ ASSERT(preemptible >= 0); + return __put_page_type(l4e_get_page(l4e), preemptible); ++ } ++ ++ if ( preemptible < 0 ) ++ { ++ current->arch.old_guest_table = l4e_get_page(l4e); ++ return 0; ++ } ++ + return put_page_and_type_preemptible(l4e_get_page(l4e), preemptible); + } + return 1; +@@ -1566,12 +1585,17 @@ static int alloc_l3_table(struct page_in + if ( rc < 0 && rc != -EAGAIN && rc != -EINTR ) + { + MEM_LOG("Failure in alloc_l3_table: entry %d", i); ++ if ( i ) ++ { ++ page->nr_validated_ptes = i; ++ page->partial_pte = 0; ++ current->arch.old_guest_table = page; ++ } + while ( i-- > 0 ) + { + if ( !is_guest_l3_slot(i) ) + continue; + unadjust_guest_l3e(pl3e[i], d); +- put_page_from_l3e(pl3e[i], pfn, 0, 0); + } + } + +@@ -1601,22 +1625,24 @@ static int alloc_l4_table(struct page_in + page->nr_validated_ptes = i; + page->partial_pte = partial ?: 1; + } +- else if ( rc == -EINTR ) ++ else if ( rc < 0 ) + { ++ if ( rc != -EINTR ) ++ MEM_LOG("Failure in alloc_l4_table: entry %d", i); + if ( i ) + { + page->nr_validated_ptes = i; + page->partial_pte = 0; +- rc = -EAGAIN; ++ if ( rc == -EINTR ) ++ rc = -EAGAIN; ++ else ++ { ++ if ( current->arch.old_guest_table ) ++ page->nr_validated_ptes++; ++ current->arch.old_guest_table = page; ++ } + } + } +- else if ( rc < 0 ) +- { +- MEM_LOG("Failure in alloc_l4_table: entry %d", i); +- while ( i-- > 0 ) +- if ( is_guest_l4_slot(d, i) ) +- put_page_from_l4e(pl4e[i], pfn, 0, 0); +- } + if ( rc < 0 ) + return rc; + +@@ -2064,7 +2090,7 @@ static int mod_l3_entry(l3_pgentry_t *pl + pae_flush_pgd(pfn, pgentry_ptr_to_slot(pl3e), nl3e); + } + +- put_page_from_l3e(ol3e, pfn, 0, 0); ++ put_page_from_l3e(ol3e, pfn, 0, -preemptible); + return rc; + } + +@@ -2127,7 +2153,7 @@ static int mod_l4_entry(l4_pgentry_t *pl + return -EFAULT; + } + +- put_page_from_l4e(ol4e, pfn, 0, 0); ++ put_page_from_l4e(ol4e, pfn, 0, -preemptible); + return rc; + } + +@@ -2285,7 +2311,15 @@ static int alloc_page_type(struct page_i + PRtype_info ": caf=%08lx taf=%" PRtype_info, + page_to_mfn(page), get_gpfn_from_mfn(page_to_mfn(page)), + type, page->count_info, page->u.inuse.type_info); +- page->u.inuse.type_info = 0; ++ if ( page != current->arch.old_guest_table ) ++ page->u.inuse.type_info = 0; ++ else ++ { ++ ASSERT((page->u.inuse.type_info & ++ (PGT_count_mask | PGT_validated)) == 1); ++ get_page_light(page); ++ page->u.inuse.type_info |= PGT_partial; ++ } + } + else + { +@@ -3235,21 +3269,17 @@ long do_mmuext_op( + } + + if ( (rc = xsm_memory_pin_page(d, pg_owner, page)) != 0 ) +- { +- put_page_and_type(page); + okay = 0; +- break; +- } +- +- if ( unlikely(test_and_set_bit(_PGT_pinned, +- &page->u.inuse.type_info)) ) ++ else if ( unlikely(test_and_set_bit(_PGT_pinned, ++ &page->u.inuse.type_info)) ) + { + MEM_LOG("Mfn %lx already pinned", page_to_mfn(page)); +- put_page_and_type(page); + okay = 0; +- break; + } + ++ if ( unlikely(!okay) ) ++ goto pin_drop; ++ + /* A page is dirtied when its pin status is set. */ + paging_mark_dirty(pg_owner, page_to_mfn(page)); + +@@ -3263,7 +3293,13 @@ long do_mmuext_op( + &page->u.inuse.type_info)); + spin_unlock(&pg_owner->page_alloc_lock); + if ( drop_ref ) +- put_page_and_type(page); ++ { ++ pin_drop: ++ if ( type == PGT_l1_page_table ) ++ put_page_and_type(page); ++ else ++ curr->arch.old_guest_table = page; ++ } + } + + break; +@@ -3669,11 +3705,28 @@ long do_mmu_update( + void *va; + unsigned long gpfn, gmfn, mfn; + struct page_info *page; +- int rc = 0, i = 0; +- unsigned int cmd, done = 0, pt_dom; +- struct vcpu *v = current; ++ unsigned int cmd, i = 0, done = 0, pt_dom; ++ struct vcpu *curr = current, *v = curr; + struct domain *d = v->domain, *pt_owner = d, *pg_owner; + struct domain_mmap_cache mapcache; ++ int rc = put_old_guest_table(curr); ++ ++ if ( unlikely(rc) ) ++ { ++ if ( likely(rc == -EAGAIN) ) ++ rc = hypercall_create_continuation( ++ __HYPERVISOR_mmu_update, "hihi", ureqs, count, pdone, ++ foreigndom); ++ return rc; ++ } ++ ++ if ( unlikely(count == MMU_UPDATE_PREEMPTED) && ++ likely(guest_handle_is_null(ureqs)) ) ++ { ++ /* See the curr->arch.old_guest_table related ++ * hypercall_create_continuation() below. */ ++ return (int)foreigndom; ++ } + + if ( unlikely(count & MMU_UPDATE_PREEMPTED) ) + { +@@ -3722,7 +3775,7 @@ long do_mmu_update( + + for ( i = 0; i < count; i++ ) + { +- if ( hypercall_preempt_check() ) ++ if ( curr->arch.old_guest_table || hypercall_preempt_check() ) + { + rc = -EAGAIN; + break; +@@ -3903,9 +3956,27 @@ long do_mmu_update( + } + + if ( rc == -EAGAIN ) ++ { ++ ASSERT(i < count); + rc = hypercall_create_continuation( + __HYPERVISOR_mmu_update, "hihi", + ureqs, (count - i) | MMU_UPDATE_PREEMPTED, pdone, foreigndom); ++ } ++ else if ( curr->arch.old_guest_table ) ++ { ++ XEN_GUEST_HANDLE(void) null; ++ ++ ASSERT(rc || i == count); ++ set_xen_guest_handle(null, NULL); ++ /* ++ * In order to have a way to communicate the final return value to ++ * our continuation, we pass this in place of "foreigndom", building ++ * on the fact that this argument isn't needed anymore. ++ */ ++ rc = hypercall_create_continuation( ++ __HYPERVISOR_mmu_update, "hihi", null, ++ MMU_UPDATE_PREEMPTED, null, rc); ++ } + + put_pg_owner(pg_owner); + diff --git a/CVE-2013-1918-xsa45-followup.patch b/CVE-2013-1918-xsa45-followup.patch new file mode 100644 index 0000000..2e13e7b --- /dev/null +++ b/CVE-2013-1918-xsa45-followup.patch @@ -0,0 +1,406 @@ +x86: cleanup after making various page table manipulation operations preemptible + +This drops the "preemptible" parameters from various functions where +now they can't (or shouldn't, validated by assertions) be run in non- +preemptible mode anymore, to prove that manipulations of at least L3 +and L4 page tables and page table entries are now always preemptible, +i.e. the earlier patches actually fulfill their purpose of fixing the +resulting security issue. + +Signed-off-by: Jan Beulich +Acked-by: Tim Deegan + +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -1986,7 +1986,7 @@ static int relinquish_memory( + } + + if ( test_and_clear_bit(_PGT_pinned, &page->u.inuse.type_info) ) +- ret = put_page_and_type_preemptible(page, 1); ++ ret = put_page_and_type_preemptible(page); + switch ( ret ) + { + case 0: +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -1044,7 +1044,7 @@ get_page_from_l2e( + define_get_linear_pagetable(l3); + static int + get_page_from_l3e( +- l3_pgentry_t l3e, unsigned long pfn, struct domain *d, int partial, int preemptible) ++ l3_pgentry_t l3e, unsigned long pfn, struct domain *d, int partial) + { + int rc; + +@@ -1058,7 +1058,7 @@ get_page_from_l3e( + } + + rc = get_page_and_type_from_pagenr( +- l3e_get_pfn(l3e), PGT_l2_page_table, d, partial, preemptible); ++ l3e_get_pfn(l3e), PGT_l2_page_table, d, partial, 1); + if ( unlikely(rc == -EINVAL) && get_l3_linear_pagetable(l3e, pfn, d) ) + rc = 0; + +@@ -1069,7 +1069,7 @@ get_page_from_l3e( + define_get_linear_pagetable(l4); + static int + get_page_from_l4e( +- l4_pgentry_t l4e, unsigned long pfn, struct domain *d, int partial, int preemptible) ++ l4_pgentry_t l4e, unsigned long pfn, struct domain *d, int partial) + { + int rc; + +@@ -1083,7 +1083,7 @@ get_page_from_l4e( + } + + rc = get_page_and_type_from_pagenr( +- l4e_get_pfn(l4e), PGT_l3_page_table, d, partial, preemptible); ++ l4e_get_pfn(l4e), PGT_l3_page_table, d, partial, 1); + if ( unlikely(rc == -EINVAL) && get_l4_linear_pagetable(l4e, pfn, d) ) + rc = 0; + +@@ -1237,8 +1237,10 @@ static int put_page_from_l2e(l2_pgentry_ + static int __put_page_type(struct page_info *, int preemptible); + + static int put_page_from_l3e(l3_pgentry_t l3e, unsigned long pfn, +- int partial, int preemptible) ++ int partial, bool_t defer) + { ++ struct page_info *pg; ++ + if ( !(l3e_get_flags(l3e) & _PAGE_PRESENT) || (l3e_get_pfn(l3e) == pfn) ) + return 1; + +@@ -1257,41 +1259,45 @@ static int put_page_from_l3e(l3_pgentry_ + } + #endif + ++ pg = l3e_get_page(l3e); ++ + if ( unlikely(partial > 0) ) + { +- ASSERT(preemptible >= 0); +- return __put_page_type(l3e_get_page(l3e), preemptible); ++ ASSERT(!defer); ++ return __put_page_type(pg, 1); + } + +- if ( preemptible < 0 ) ++ if ( defer ) + { +- current->arch.old_guest_table = l3e_get_page(l3e); ++ current->arch.old_guest_table = pg; + return 0; + } + +- return put_page_and_type_preemptible(l3e_get_page(l3e), preemptible); ++ return put_page_and_type_preemptible(pg); + } + + #if CONFIG_PAGING_LEVELS >= 4 + static int put_page_from_l4e(l4_pgentry_t l4e, unsigned long pfn, +- int partial, int preemptible) ++ int partial, bool_t defer) + { + if ( (l4e_get_flags(l4e) & _PAGE_PRESENT) && + (l4e_get_pfn(l4e) != pfn) ) + { ++ struct page_info *pg = l4e_get_page(l4e); ++ + if ( unlikely(partial > 0) ) + { +- ASSERT(preemptible >= 0); +- return __put_page_type(l4e_get_page(l4e), preemptible); ++ ASSERT(!defer); ++ return __put_page_type(pg, 1); + } + +- if ( preemptible < 0 ) ++ if ( defer ) + { +- current->arch.old_guest_table = l4e_get_page(l4e); ++ current->arch.old_guest_table = pg; + return 0; + } + +- return put_page_and_type_preemptible(l4e_get_page(l4e), preemptible); ++ return put_page_and_type_preemptible(pg); + } + return 1; + } +@@ -1509,7 +1515,7 @@ static int alloc_l2_table(struct page_in + return rc > 0 ? 0 : rc; + } + +-static int alloc_l3_table(struct page_info *page, int preemptible) ++static int alloc_l3_table(struct page_info *page) + { + struct domain *d = page_get_owner(page); + unsigned long pfn = page_to_mfn(page); +@@ -1556,11 +1562,10 @@ static int alloc_l3_table(struct page_in + rc = get_page_and_type_from_pagenr(l3e_get_pfn(pl3e[i]), + PGT_l2_page_table | + PGT_pae_xen_l2, +- d, partial, preemptible); ++ d, partial, 1); + } + else if ( !is_guest_l3_slot(i) || +- (rc = get_page_from_l3e(pl3e[i], pfn, d, +- partial, preemptible)) > 0 ) ++ (rc = get_page_from_l3e(pl3e[i], pfn, d, partial)) > 0 ) + continue; + + if ( rc == -EAGAIN ) +@@ -1604,7 +1609,7 @@ static int alloc_l3_table(struct page_in + } + + #if CONFIG_PAGING_LEVELS >= 4 +-static int alloc_l4_table(struct page_info *page, int preemptible) ++static int alloc_l4_table(struct page_info *page) + { + struct domain *d = page_get_owner(page); + unsigned long pfn = page_to_mfn(page); +@@ -1616,8 +1621,7 @@ static int alloc_l4_table(struct page_in + i++, partial = 0 ) + { + if ( !is_guest_l4_slot(d, i) || +- (rc = get_page_from_l4e(pl4e[i], pfn, d, +- partial, preemptible)) > 0 ) ++ (rc = get_page_from_l4e(pl4e[i], pfn, d, partial)) > 0 ) + continue; + + if ( rc == -EAGAIN ) +@@ -1662,7 +1666,7 @@ static int alloc_l4_table(struct page_in + return rc > 0 ? 0 : rc; + } + #else +-#define alloc_l4_table(page, preemptible) (-EINVAL) ++#define alloc_l4_table(page) (-EINVAL) + #endif + + +@@ -1714,7 +1718,7 @@ static int free_l2_table(struct page_inf + return err; + } + +-static int free_l3_table(struct page_info *page, int preemptible) ++static int free_l3_table(struct page_info *page) + { + struct domain *d = page_get_owner(page); + unsigned long pfn = page_to_mfn(page); +@@ -1727,7 +1731,7 @@ static int free_l3_table(struct page_inf + do { + if ( is_guest_l3_slot(i) ) + { +- rc = put_page_from_l3e(pl3e[i], pfn, partial, preemptible); ++ rc = put_page_from_l3e(pl3e[i], pfn, partial, 0); + if ( rc < 0 ) + break; + partial = 0; +@@ -1754,7 +1758,7 @@ static int free_l3_table(struct page_inf + } + + #if CONFIG_PAGING_LEVELS >= 4 +-static int free_l4_table(struct page_info *page, int preemptible) ++static int free_l4_table(struct page_info *page) + { + struct domain *d = page_get_owner(page); + unsigned long pfn = page_to_mfn(page); +@@ -1764,7 +1768,7 @@ static int free_l4_table(struct page_inf + + do { + if ( is_guest_l4_slot(d, i) ) +- rc = put_page_from_l4e(pl4e[i], pfn, partial, preemptible); ++ rc = put_page_from_l4e(pl4e[i], pfn, partial, 0); + if ( rc < 0 ) + break; + partial = 0; +@@ -1784,7 +1788,7 @@ static int free_l4_table(struct page_inf + return rc > 0 ? 0 : rc; + } + #else +-#define free_l4_table(page, preemptible) (-EINVAL) ++#define free_l4_table(page) (-EINVAL) + #endif + + int page_lock(struct page_info *page) +@@ -2023,7 +2027,6 @@ static int mod_l3_entry(l3_pgentry_t *pl + l3_pgentry_t nl3e, + unsigned long pfn, + int preserve_ad, +- int preemptible, + struct vcpu *vcpu) + { + l3_pgentry_t ol3e; +@@ -2063,7 +2066,7 @@ static int mod_l3_entry(l3_pgentry_t *pl + return rc ? 0 : -EFAULT; + } + +- rc = get_page_from_l3e(nl3e, pfn, d, 0, preemptible); ++ rc = get_page_from_l3e(nl3e, pfn, d, 0); + if ( unlikely(rc < 0) ) + return rc; + rc = 0; +@@ -2090,7 +2093,7 @@ static int mod_l3_entry(l3_pgentry_t *pl + pae_flush_pgd(pfn, pgentry_ptr_to_slot(pl3e), nl3e); + } + +- put_page_from_l3e(ol3e, pfn, 0, -preemptible); ++ put_page_from_l3e(ol3e, pfn, 0, 1); + return rc; + } + +@@ -2101,7 +2104,6 @@ static int mod_l4_entry(l4_pgentry_t *pl + l4_pgentry_t nl4e, + unsigned long pfn, + int preserve_ad, +- int preemptible, + struct vcpu *vcpu) + { + struct domain *d = vcpu->domain; +@@ -2134,7 +2136,7 @@ static int mod_l4_entry(l4_pgentry_t *pl + return rc ? 0 : -EFAULT; + } + +- rc = get_page_from_l4e(nl4e, pfn, d, 0, preemptible); ++ rc = get_page_from_l4e(nl4e, pfn, d, 0); + if ( unlikely(rc < 0) ) + return rc; + rc = 0; +@@ -2153,7 +2155,7 @@ static int mod_l4_entry(l4_pgentry_t *pl + return -EFAULT; + } + +- put_page_from_l4e(ol4e, pfn, 0, -preemptible); ++ put_page_from_l4e(ol4e, pfn, 0, 1); + return rc; + } + +@@ -2275,10 +2277,12 @@ static int alloc_page_type(struct page_i + rc = alloc_l2_table(page, type, preemptible); + break; + case PGT_l3_page_table: +- rc = alloc_l3_table(page, preemptible); ++ ASSERT(preemptible); ++ rc = alloc_l3_table(page); + break; + case PGT_l4_page_table: +- rc = alloc_l4_table(page, preemptible); ++ ASSERT(preemptible); ++ rc = alloc_l4_table(page); + break; + case PGT_seg_desc_page: + rc = alloc_segdesc_page(page); +@@ -2372,10 +2376,12 @@ int free_page_type(struct page_info *pag + if ( !(type & PGT_partial) ) + page->nr_validated_ptes = L3_PAGETABLE_ENTRIES; + #endif +- rc = free_l3_table(page, preemptible); ++ ASSERT(preemptible); ++ rc = free_l3_table(page); + break; + case PGT_l4_page_table: +- rc = free_l4_table(page, preemptible); ++ ASSERT(preemptible); ++ rc = free_l4_table(page); + break; + default: + MEM_LOG("type %lx pfn %lx\n", type, page_to_mfn(page)); +@@ -2866,7 +2872,7 @@ static int put_old_guest_table(struct vc + if ( !v->arch.old_guest_table ) + return 0; + +- switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table, 1) ) ++ switch ( rc = put_page_and_type_preemptible(v->arch.old_guest_table) ) + { + case -EINTR: + case -EAGAIN: +@@ -2898,7 +2904,7 @@ int vcpu_destroy_pagetables(struct vcpu + if ( paging_mode_refcounts(v->domain) ) + put_page(page); + else +- rc = put_page_and_type_preemptible(page, 1); ++ rc = put_page_and_type_preemptible(page); + } + + #ifdef __x86_64__ +@@ -2924,7 +2930,7 @@ int vcpu_destroy_pagetables(struct vcpu + if ( paging_mode_refcounts(v->domain) ) + put_page(page); + else +- rc = put_page_and_type_preemptible(page, 1); ++ rc = put_page_and_type_preemptible(page); + } + if ( !rc ) + v->arch.guest_table_user = pagetable_null(); +@@ -2953,7 +2959,7 @@ int new_guest_cr3(unsigned long mfn) + l4e_from_pfn( + mfn, + (_PAGE_PRESENT|_PAGE_RW|_PAGE_USER|_PAGE_ACCESSED)), +- pagetable_get_pfn(curr->arch.guest_table), 0, 1, curr); ++ pagetable_get_pfn(curr->arch.guest_table), 0, curr); + switch ( rc ) + { + case 0: +@@ -3016,7 +3022,7 @@ int new_guest_cr3(unsigned long mfn) + if ( paging_mode_refcounts(d) ) + put_page(page); + else +- switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ switch ( rc = put_page_and_type_preemptible(page) ) + { + case -EINTR: + rc = -EAGAIN; +@@ -3327,7 +3333,7 @@ long do_mmuext_op( + break; + } + +- switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ switch ( rc = put_page_and_type_preemptible(page) ) + { + case -EINTR: + case -EAGAIN: +@@ -3405,7 +3411,7 @@ long do_mmuext_op( + if ( paging_mode_refcounts(d) ) + put_page(page); + else +- switch ( rc = put_page_and_type_preemptible(page, 1) ) ++ switch ( rc = put_page_and_type_preemptible(page) ) + { + case -EINTR: + rc = -EAGAIN; +@@ -3882,12 +3888,12 @@ long do_mmu_update( + break; + case PGT_l3_page_table: + rc = mod_l3_entry(va, l3e_from_intpte(req.val), mfn, +- cmd == MMU_PT_UPDATE_PRESERVE_AD, 1, v); ++ cmd == MMU_PT_UPDATE_PRESERVE_AD, v); + break; + #if CONFIG_PAGING_LEVELS >= 4 + case PGT_l4_page_table: + rc = mod_l4_entry(va, l4e_from_intpte(req.val), mfn, +- cmd == MMU_PT_UPDATE_PRESERVE_AD, 1, v); ++ cmd == MMU_PT_UPDATE_PRESERVE_AD, v); + break; + #endif + case PGT_writable_page: +--- a/xen/include/asm-x86/mm.h ++++ b/xen/include/asm-x86/mm.h +@@ -384,15 +384,10 @@ static inline void put_page_and_type(str + put_page(page); + } + +-static inline int put_page_and_type_preemptible(struct page_info *page, +- int preemptible) ++static inline int put_page_and_type_preemptible(struct page_info *page) + { +- int rc = 0; ++ int rc = put_page_type_preemptible(page); + +- if ( preemptible ) +- rc = put_page_type_preemptible(page); +- else +- put_page_type(page); + if ( likely(rc == 0) ) + put_page(page); + return rc; diff --git a/CVE-2013-1922-xsa48.patch b/CVE-2013-1922-xsa48.patch new file mode 100644 index 0000000..9a6b923 --- /dev/null +++ b/CVE-2013-1922-xsa48.patch @@ -0,0 +1,112 @@ +References: bnc#81???? CVE-2013-1922 XSA-48 + +Add -f FMT / --format FMT arg to qemu-nbd + +From: "Daniel P. Berrange" + +Currently the qemu-nbd program will auto-detect the format of +any disk it is given. This behaviour is known to be insecure. +For example, if qemu-nbd initially exposes a 'raw' file to an +unprivileged app, and that app runs + + 'qemu-img create -f qcow2 -o backing_file=/etc/shadow /dev/nbd0' + +then the next time the app is started, the qemu-nbd will now +detect it as a 'qcow2' file and expose /etc/shadow to the +unprivileged app. + +The only way to avoid this is to explicitly tell qemu-nbd what +disk format to use on the command line, completely disabling +auto-detection. This patch adds a '-f' / '--format' arg for +this purpose, mirroring what is already available via qemu-img +and qemu commands. + + qemu-nbd --format raw -p 9000 evil.img + +will now always use raw, regardless of what format 'evil.img' +looks like it contains + +Signed-off-by: Daniel P. Berrange +[Use errx, not err. - Paolo] +Signed-off-by: Paolo Bonzini +Signed-off-by: Stefano Stabellini + +[ This is a security issue, CVE-2013-1922 / XSA-48. ] + +--- a/tools/qemu-xen-dir-remote/qemu-nbd.c ++++ b/tools/qemu-xen-dir-remote/qemu-nbd.c +@@ -247,6 +247,7 @@ out: + int main(int argc, char **argv) + { + BlockDriverState *bs; ++ BlockDriver *drv; + off_t dev_offset = 0; + off_t offset = 0; + uint32_t nbdflags = 0; +@@ -256,7 +257,7 @@ int main(int argc, char **argv) + struct sockaddr_in addr; + socklen_t addr_len = sizeof(addr); + off_t fd_size; +- const char *sopt = "hVb:o:p:rsnP:c:dvk:e:t"; ++ const char *sopt = "hVb:o:p:rsnP:c:dvk:e:f:t"; + struct option lopt[] = { + { "help", 0, NULL, 'h' }, + { "version", 0, NULL, 'V' }, +@@ -271,6 +272,7 @@ int main(int argc, char **argv) + { "snapshot", 0, NULL, 's' }, + { "nocache", 0, NULL, 'n' }, + { "shared", 1, NULL, 'e' }, ++ { "format", 1, NULL, 'f' }, + { "persistent", 0, NULL, 't' }, + { "verbose", 0, NULL, 'v' }, + { NULL, 0, NULL, 0 } +@@ -292,6 +294,7 @@ int main(int argc, char **argv) + int max_fd; + int persistent = 0; + pthread_t client_thread; ++ const char *fmt = NULL; + + /* The client thread uses SIGTERM to interrupt the server. A signal + * handler ensures that "qemu-nbd -v -c" exits with a nice status code. +@@ -368,6 +371,9 @@ int main(int argc, char **argv) + errx(EXIT_FAILURE, "Shared device number must be greater than 0\n"); + } + break; ++ case 'f': ++ fmt = optarg; ++ break; + case 't': + persistent = 1; + break; +@@ -478,9 +484,19 @@ int main(int argc, char **argv) + bdrv_init(); + atexit(bdrv_close_all); + ++ if (fmt) { ++ drv = bdrv_find_format(fmt); ++ if (!drv) { ++ errx(EXIT_FAILURE, "Unknown file format '%s'", fmt); ++ } ++ } else { ++ drv = NULL; ++ } ++ + bs = bdrv_new("hda"); + srcpath = argv[optind]; +- if ((ret = bdrv_open(bs, srcpath, flags, NULL)) < 0) { ++ ret = bdrv_open(bs, srcpath, flags, drv); ++ if (ret < 0) { + errno = -ret; + err(EXIT_FAILURE, "Failed to bdrv_open '%s'", argv[optind]); + } +--- a/tools/qemu-xen-dir-remote/qemu-nbd.texi ++++ b/tools/qemu-xen-dir-remote/qemu-nbd.texi +@@ -36,6 +36,8 @@ Export Qemu disk image using NBD protoco + disconnect the specified device + @item -e, --shared=@var{num} + device can be shared by @var{num} clients (default @samp{1}) ++@item -f, --format=@var{fmt} ++ force block driver for format @var{fmt} instead of auto-detecting + @item -t, --persistent + don't exit on the last connection + @item -v, --verbose diff --git a/CVE-2013-1952-xsa49.patch b/CVE-2013-1952-xsa49.patch new file mode 100644 index 0000000..5a0ef69 --- /dev/null +++ b/CVE-2013-1952-xsa49.patch @@ -0,0 +1,57 @@ +References: bnc#8161663 CVE-2013-1952 XSA-49 + +VT-d: don't permit SVT_NO_VERIFY entries for known device types + +Only in cases where we don't know what to do we should leave the IRTE +blank (suppressing all validation), but we should always log a warning +in those cases (as being insecure). + +This is CVE-2013-1952 / XSA-49. + +Signed-off-by: Jan Beulich +Acked-by: "Zhang, Xiantao" + +Index: xen-4.2.1-testing/xen/drivers/passthrough/vtd/intremap.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/drivers/passthrough/vtd/intremap.c ++++ xen-4.2.1-testing/xen/drivers/passthrough/vtd/intremap.c +@@ -440,12 +440,9 @@ static void set_msi_source_id(struct pci + { + unsigned int sq; + ++ case DEV_TYPE_PCIe_ENDPOINT: + case DEV_TYPE_PCIe_BRIDGE: + case DEV_TYPE_PCIe2PCI_BRIDGE: +- case DEV_TYPE_LEGACY_PCI_BRIDGE: +- break; +- +- case DEV_TYPE_PCIe_ENDPOINT: + switch ( pdev->phantom_stride ) + { + case 1: sq = SQ_13_IGNORE_3; break; +@@ -457,6 +454,8 @@ static void set_msi_source_id(struct pci + break; + + case DEV_TYPE_PCI: ++ case DEV_TYPE_LEGACY_PCI_BRIDGE: ++ case DEV_TYPE_PCI2PCIe_BRIDGE: + ret = find_upstream_bridge(seg, &bus, &devfn, &secbus); + if ( ret == 0 ) /* integrated PCI device */ + { +@@ -468,10 +467,15 @@ static void set_msi_source_id(struct pci + if ( pdev_type(seg, bus, devfn) == DEV_TYPE_PCIe2PCI_BRIDGE ) + set_ire_sid(ire, SVT_VERIFY_BUS, SQ_ALL_16, + (bus << 8) | pdev->bus); +- else if ( pdev_type(seg, bus, devfn) == DEV_TYPE_LEGACY_PCI_BRIDGE ) ++ else + set_ire_sid(ire, SVT_VERIFY_SID_SQ, SQ_ALL_16, + PCI_BDF2(bus, devfn)); + } ++ else ++ dprintk(XENLOG_WARNING VTDPREFIX, ++ "d%d: no upstream bridge for %04x:%02x:%02x.%u\n", ++ pdev->domain->domain_id, ++ seg, bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); + break; + + default: diff --git a/qemu-xen-dir-remote.tar.bz2 b/qemu-xen-dir-remote.tar.bz2 index ce5051e..999ab50 100644 --- a/qemu-xen-dir-remote.tar.bz2 +++ b/qemu-xen-dir-remote.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e5ba8bcd20390c3773e1e0a3a82c46896af5fb73ec235d27c250ef028212aa7a -size 5111823 +oid sha256:69625c1ca61f7569d998c66d9e89d37635e6427d045e0e7566309cdab96c965e +size 5069776 diff --git a/qemu-xen-traditional-dir-remote.tar.bz2 b/qemu-xen-traditional-dir-remote.tar.bz2 index 7c66574..a6e54f5 100644 --- a/qemu-xen-traditional-dir-remote.tar.bz2 +++ b/qemu-xen-traditional-dir-remote.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:dfe4a381b86b68e85ea70f6306914cd7e3f9debb7df3797a611f339054042528 -size 3212536 +oid sha256:fd580bf099a4b8c4ab0ca680874f71fa2abc902076f47c1fea7ee961e9a2f196 +size 3187212 diff --git a/tools-watchdog-support.patch b/tools-watchdog-support.patch index 55f1974..4950814 100644 --- a/tools-watchdog-support.patch +++ b/tools-watchdog-support.patch @@ -1,7 +1,7 @@ -Index: xen-4.2.1-testing/tools/python/xen/xm/create.py +Index: xen-4.2.2-testing/tools/python/xen/xm/create.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py -+++ xen-4.2.1-testing/tools/python/xen/xm/create.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.2-testing/tools/python/xen/xm/create.py @@ -535,6 +535,21 @@ gopts.var('usbdevice', val='NAME', fn=set_value, default='', use="Name of USB device to add?") @@ -32,10 +32,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/create.py 'xauthority', 'xen_extended_power_mgmt', 'xen_platform_pci', 'memory_sharing' ] -Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +Index: xen-4.2.2-testing/tools/python/xen/xm/xenapi_create.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/xenapi_create.py -+++ xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/xenapi_create.py ++++ xen-4.2.2-testing/tools/python/xen/xm/xenapi_create.py @@ -1113,7 +1113,9 @@ class sxp2xml: 'xen_platform_pci', 'tsc_mode' @@ -47,10 +47,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py ] platform_configs = [] -Index: xen-4.2.1-testing/tools/python/xen/xend/image.py +Index: xen-4.2.2-testing/tools/python/xen/xend/image.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py -+++ xen-4.2.1-testing/tools/python/xen/xend/image.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.2-testing/tools/python/xen/xend/image.py @@ -855,7 +855,8 @@ class HVMImageHandler(ImageHandler): dmargs = [ 'boot', 'fda', 'fdb', 'soundhw', @@ -69,10 +69,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/image.py # Handle booleans gracefully if a in ['localtime', 'std-vga', 'isa', 'usb', 'acpi']: -Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendConfig.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendConfig.py @@ -192,6 +192,8 @@ XENAPI_PLATFORM_CFG_TYPES = { 'xen_platform_pci': int, "gfx_passthru": int, @@ -82,10 +82,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py } # Xen API console 'other_config' keys. -Index: xen-4.2.1-testing/tools/libxl/libxl_dm.c +Index: xen-4.2.2-testing/tools/libxl/libxl_dm.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_dm.c -+++ xen-4.2.1-testing/tools/libxl/libxl_dm.c +--- xen-4.2.2-testing.orig/tools/libxl/libxl_dm.c ++++ xen-4.2.2-testing/tools/libxl/libxl_dm.c @@ -196,6 +196,12 @@ static char ** libxl__build_device_model "-usbdevice", b_info->u.hvm.usbdevice, NULL); } @@ -99,7 +99,7 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dm.c if (b_info->u.hvm.soundhw) { flexarray_vappend(dm_args, "-soundhw", b_info->u.hvm.soundhw, NULL); } -@@ -449,6 +455,12 @@ static char ** libxl__build_device_model +@@ -455,6 +461,12 @@ static char ** libxl__build_device_model "-usbdevice", b_info->u.hvm.usbdevice, NULL); } } @@ -112,10 +112,10 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_dm.c if (b_info->u.hvm.soundhw) { flexarray_vappend(dm_args, "-soundhw", b_info->u.hvm.soundhw, NULL); } -Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl +Index: xen-4.2.2-testing/tools/libxl/libxl_types.idl =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/libxl_types.idl -+++ xen-4.2.1-testing/tools/libxl/libxl_types.idl +--- xen-4.2.2-testing.orig/tools/libxl/libxl_types.idl ++++ xen-4.2.2-testing/tools/libxl/libxl_types.idl @@ -322,6 +322,8 @@ libxl_domain_build_info = Struct("domain ("usbdevice", string), ("soundhw", string), @@ -125,10 +125,10 @@ Index: xen-4.2.1-testing/tools/libxl/libxl_types.idl ])), ("pv", Struct(None, [("kernel", string), ("slack_memkb", MemKB), -Index: xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +Index: xen-4.2.2-testing/tools/libxl/xl_cmdimpl.c =================================================================== ---- xen-4.2.1-testing.orig/tools/libxl/xl_cmdimpl.c -+++ xen-4.2.1-testing/tools/libxl/xl_cmdimpl.c +--- xen-4.2.2-testing.orig/tools/libxl/xl_cmdimpl.c ++++ xen-4.2.2-testing/tools/libxl/xl_cmdimpl.c @@ -1417,6 +1417,8 @@ skip_vfb: xlu_cfg_replace_string (config, "soundhw", &b_info->u.hvm.soundhw, 0); xlu_cfg_get_defbool(config, "xen_platform_pci", diff --git a/x86-EFI-set-variable-permit-attrs.patch b/x86-EFI-set-variable-permit-attrs.patch deleted file mode 100644 index d0e2b1f..0000000 --- a/x86-EFI-set-variable-permit-attrs.patch +++ /dev/null @@ -1,14 +0,0 @@ -References: bnc#811764 - ---- a/xen/arch/x86/efi/runtime.c -+++ b/xen/arch/x86/efi/runtime.c -@@ -380,9 +380,6 @@ int efi_runtime_call(struct xenpf_efi_ru - long len; - unsigned char *data; - -- if ( op->misc ) -- return -EINVAL; -- - len = gwstrlen(guest_handle_cast(op->u.set_variable.name, CHAR16)); - if ( len < 0 ) - return len; diff --git a/x86-cpufreq-report.patch b/x86-cpufreq-report.patch index 391e8ee..17666d6 100644 --- a/x86-cpufreq-report.patch +++ b/x86-cpufreq-report.patch @@ -1,5 +1,7 @@ ---- a/xen/arch/x86/platform_hypercall.c -+++ b/xen/arch/x86/platform_hypercall.c +Index: xen-4.2.1-testing/xen/arch/x86/platform_hypercall.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/platform_hypercall.c ++++ xen-4.2.1-testing/xen/arch/x86/platform_hypercall.c @@ -25,7 +25,7 @@ #include #include @@ -51,9 +53,11 @@ default: ret = -ENOSYS; break; ---- a/xen/include/public/platform.h -+++ b/xen/include/public/platform.h -@@ -504,6 +504,16 @@ struct xenpf_core_parking { +Index: xen-4.2.1-testing/xen/include/public/platform.h +=================================================================== +--- xen-4.2.1-testing.orig/xen/include/public/platform.h ++++ xen-4.2.1-testing/xen/include/public/platform.h +@@ -505,6 +505,16 @@ struct xenpf_core_parking { typedef struct xenpf_core_parking xenpf_core_parking_t; DEFINE_XEN_GUEST_HANDLE(xenpf_core_parking_t); @@ -70,7 +74,7 @@ /* * ` enum neg_errnoval * ` HYPERVISOR_platform_op(const struct xen_platform_op*); -@@ -530,6 +540,7 @@ struct xen_platform_op { +@@ -531,6 +541,7 @@ struct xen_platform_op { struct xenpf_cpu_hotadd cpu_add; struct xenpf_mem_hotadd mem_add; struct xenpf_core_parking core_parking; diff --git a/x86-dom-print.patch b/x86-dom-print.patch index 23bfd31..4bb3348 100644 --- a/x86-dom-print.patch +++ b/x86-dom-print.patch @@ -1,6 +1,8 @@ ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -154,15 +154,30 @@ void dump_pageframe_info(struct domain * +Index: xen-4.2.1-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-4.2.1-testing.orig/xen/arch/x86/domain.c ++++ xen-4.2.1-testing/xen/arch/x86/domain.c +@@ -152,15 +152,30 @@ void dump_pageframe_info(struct domain * printk("Memory pages belonging to domain %u:\n", d->domain_id); diff --git a/x86-extra-trap-info.patch b/x86-extra-trap-info.patch index d876dee..15396a0 100644 --- a/x86-extra-trap-info.patch +++ b/x86-extra-trap-info.patch @@ -13,7 +13,7 @@ pushl $domain_crash_synchronous_string --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S -@@ -428,22 +428,35 @@ UNLIKELY_END(bounce_failsafe) +@@ -435,22 +435,35 @@ UNLIKELY_END(bounce_failsafe) jz domain_crash_synchronous movq %rax,UREGS_rip+8(%rsp) ret diff --git a/xen-4.2.1-testing-src.tar.bz2 b/xen-4.2.1-testing-src.tar.bz2 deleted file mode 100644 index dfc4f54..0000000 --- a/xen-4.2.1-testing-src.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9819306f1cc5efdc0e97c442c627ab95de251228713ab06efa27e5d0c8cabacd -size 4862820 diff --git a/xen-4.2.2-testing-src.tar.bz2 b/xen-4.2.2-testing-src.tar.bz2 new file mode 100644 index 0000000..e130e12 --- /dev/null +++ b/xen-4.2.2-testing-src.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5a1330a97a32997a5b60fe642b9d6260d2c153f02a1d6d77d9752a3de3e20619 +size 4856809 diff --git a/xen-managed-pci-device.patch b/xen-managed-pci-device.patch index 97e11aa..26ba7c1 100644 --- a/xen-managed-pci-device.patch +++ b/xen-managed-pci-device.patch @@ -252,11 +252,12 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py elif dev_type == 'vscsi': for dev in dev_config_dict['devs']: XendAPIStore.deregister(dev['uuid'], 'DSCSI') -@@ -908,6 +931,9 @@ class XendDomainInfo: +@@ -908,6 +931,10 @@ class XendDomainInfo: dev_config = pci_convert_sxp_to_dict(dev_sxp) dev = dev_config['devs'][0] - -+ if self.domid is not None and pci_state == 'Initialising': + ++ # For attach only. For boot, prepare work has been done already in earlier stage. ++ if self.domid is not None and pci_state == 'Initialising' and pci_sub_state != 'Booting': + prepare_host_pci_devices(dev_config) + stubdomid = self.getStubdomDomid() diff --git a/xen.changes b/xen.changes index 4feb121..9e2d2b5 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,103 @@ +------------------------------------------------------------------- +Mon May 6 15:52:03 CEST 2013 - ohering@suse.de + +- add xorg-x11-util-devel to BuildRequires to get lndir(1) + +------------------------------------------------------------------- +Mon May 6 11:45:03 CEST 2013 - ohering@suse.de + +- remove xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch + It changed migration protocol and upstream wants a different solution + +------------------------------------------------------------------- +Sun May 5 16:20:30 CEST 2013 - ohering@suse.de + +- bnc#802221 - fix xenpaging + readd xenpaging.qemu.flush-cache.patch + +------------------------------------------------------------------- +Tue Apr 30 09:15:26 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch + 26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch +- Additional fix for bnc#816159 + CVE-2013-1918-xsa45-followup.patch + +------------------------------------------------------------------- +Mon Apr 29 15:40:35 MDT 2013 - cyliu@suse.com + +- bnc#817068 - Xen guest with >1 sr-iov vf won't start + xen-managed-pci-device.patch + +------------------------------------------------------------------- +Mon Apr 29 11:21:54 MDT 2013 - carnold@suse.com + +- Update to Xen 4.2.2 c/s 26064 + The following recent security patches are included in the tarball + CVE-2013-0151-xsa34.patch (bnc#797285) + CVE-2012-6075-xsa41.patch (bnc#797523) + CVE-2013-1917-xsa44.patch (bnc#813673) + CVE-2013-1919-xsa46.patch (bnc#813675) + +------------------------------------------------------------------- +Wed Apr 24 08:07:07 MDT 2013 - carnold@suse.com + +- Upstream patch from Jan + 26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch + +------------------------------------------------------------------- +Fri Apr 19 14:22:43 MDT 2013 - carnold@suse.com + +- bnc#816159 - VUL-0: xen: CVE-2013-1918: XSA-45: Several long + latency operations are not preemptible + CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch + CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch + CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch + CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch + CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch + CVE-2013-1918-xsa45-6-unpin-preemptible.patch + CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch +- bnc#816163 - VUL-0: xen: CVE-2013-1952: XSA-49: VT-d interrupt + remapping source validation flaw for bridges + CVE-2013-1952-xsa49.patch + +------------------------------------------------------------------- +Thu Apr 18 10:17:08 MDT 2013 - cyliu@suse.com + +- bnc#809662 - can't use pv-grub to start domU (pygrub does work) + xen.spec + +------------------------------------------------------------------- +Mon Apr 15 14:47:41 MDT 2013 - carnold@suse.com + +- bnc#814709 - Unable to create XEN virtual machines in SLED 11 SP2 + on Kyoto + xend-cpuinfo-model-name.patch + +------------------------------------------------------------------- +Mon Apr 15 10:55:17 MDT 2013 - carnold@suse.com + +- bnc#813673 - VUL-0: CVE-2013-1917: xen: Xen PV DoS vulnerability with + SYSENTER + CVE-2013-1917-xsa44.patch +- bnc#813675 - VUL-0: CVE-2013-1919: xen: Several access permission + issues with IRQs for unprivileged guests + CVE-2013-1919-xsa46.patch +- bnc#814059 - VUL-1: xen: qemu-nbd format-guessing due to missing + format specification + CVE-2013-1922-xsa48.patch +- Upstream patches from Jan + 26749-x86-reserve-pages-when-SandyBridge-integrated-graphics.patch + 26751-x86-EFI-permit-setting-variable-with-non-zero-attributes.patch + 26765-hvm-Clean-up-vlapic_reg_write-error-propagation.patch + 26770-x86-irq_move_cleanup_interrupt-must-ignore-legacy-vectors.patch + 26771-x86-S3-Restore-broken-vcpu-affinity-on-resume.patch + 26772-VMX-Always-disable-SMEP-when-guest-is-in-non-paging-mode.patch + 26773-x86-mm-shadow-spurious-warning-when-unmapping-xenheap-pages.patch + 26774-defer-event-channel-bucket-pointer-store-until-after-XSM-checks.patch + 26799-x86-don-t-pass-negative-time-to-gtime_to_gtsc.patch + ------------------------------------------------------------------- Thu Apr 4 11:17:43 MDT 2013 - carnold@suse.com diff --git a/xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch b/xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch deleted file mode 100644 index b31bfe5..0000000 --- a/xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch +++ /dev/null @@ -1,57 +0,0 @@ -user: Olaf Hering -date: Thu Mar 28 15:42:23 2013 +0100 -files: tools/libxc/xc_domain_restore.c tools/libxc/xc_domain_save.c tools/libxc/xg_save_restore.h -description: -tools: notify restore to hangup during migration --abort_if_busy - -If a guest is too busy to finish migration, the remote side is not -notified and as a result an imcomplete, paused guest will remain on the -remote side. Add a new flag to notify the receiver about the aborted -migration so that both sides can cleanup properly. - -Signed-off-by: Olaf Hering - - -Index: xen-4.2.1-testing/tools/libxc/xc_domain_restore.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxc/xc_domain_restore.c -+++ xen-4.2.1-testing/tools/libxc/xc_domain_restore.c -@@ -932,6 +932,10 @@ static int pagebuf_get_one(xc_interface - DPRINTF("read generation id buffer address"); - return pagebuf_get_one(xch, ctx, buf, fd, dom); - -+ case XC_SAVE_ID_BUSY_ABORT: -+ ERROR("Source host requested cancelation, guest is busy."); -+ errno = EBUSY; -+ return -1; - default: - if ( (count > MAX_BATCH_SIZE) || (count < 0) ) { - ERROR("Max batch size exceeded (%d). Giving up.", count); -Index: xen-4.2.1-testing/tools/libxc/xc_domain_save.c -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxc/xc_domain_save.c -+++ xen-4.2.1-testing/tools/libxc/xc_domain_save.c -@@ -1535,9 +1535,11 @@ int xc_domain_save(xc_interface *xch, in - { - if ( !min_reached && abort_if_busy ) - { -+ unsigned int cmd = XC_SAVE_ID_BUSY_ABORT; - ERROR("Live migration aborted, as requested. (guest too busy?)" - " total_sent %lu iter %d, max_iters %u max_factor %u", - total_sent, iter, max_iters, max_factor); -+ wrexact(io_fd, &cmd, sizeof(cmd)); - print_stats(xch, dom, sent_this_iter, &time_stats, &shadow_stats, 1); - rc = 1; - goto out; -Index: xen-4.2.1-testing/tools/libxc/xg_save_restore.h -=================================================================== ---- xen-4.2.1-testing.orig/tools/libxc/xg_save_restore.h -+++ xen-4.2.1-testing/tools/libxc/xg_save_restore.h -@@ -259,6 +259,7 @@ - #define XC_SAVE_ID_HVM_ACCESS_RING_PFN -16 - #define XC_SAVE_ID_HVM_SHARING_RING_PFN -17 - #define XC_SAVE_ID_TOOLSTACK -18 /* Optional toolstack specific info */ -+#define XC_SAVE_ID_BUSY_ABORT -19 /* Source requested cancelation */ - - /* - ** We process save/restore/migrate in batches of pages; the below diff --git a/xen.spec b/xen.spec index 1d1daec..b6a484e 100644 --- a/xen.spec +++ b/xen.spec @@ -20,8 +20,8 @@ Name: xen ExclusiveArch: %ix86 x86_64 %define xvers 4.2 %define xvermaj 4 -%define changeset 25952 -%define xen_build_dir xen-4.2.1-testing +%define changeset 26064 +%define xen_build_dir xen-4.2.2-testing %define with_kmp 1 %define with_stubdom 1 # EFI requires gcc46 or newer @@ -114,14 +114,15 @@ BuildRequires: kernel-source BuildRequires: kernel-syms BuildRequires: module-init-tools BuildRequires: xorg-x11 +BuildRequires: xorg-x11-util-devel %endif -Version: 4.2.1_12 +Version: 4.2.2_01 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License: GPL-2.0+ Group: System/Kernel -Source0: xen-4.2.1-testing-src.tar.bz2 +Source0: xen-4.2.2-testing-src.tar.bz2 Source1: stubdom.tar.bz2 Source2: qemu-xen-traditional-dir-remote.tar.bz2 Source3: qemu-xen-dir-remote.tar.bz2 @@ -173,7 +174,6 @@ Patch25866: 25866-sercon-ns16550-pci-irq.patch Patch25867: 25867-sercon-ns16550-parse.patch Patch25874: 25874-x86-EFI-chain-cfg.patch Patch25909: 25909-xenpm-consistent.patch -Patch25912: 25912-partial-libxl.patch Patch25920: 25920-x86-APICV-enable.patch Patch25921: 25921-x86-APICV-delivery.patch Patch25922: 25922-x86-APICV-x2APIC.patch @@ -182,8 +182,6 @@ Patch25957: 25957-x86-TSC-adjust-HVM.patch Patch25958: 25958-x86-TSC-adjust-sr.patch Patch25959: 25959-x86-TSC-adjust-expose.patch Patch25975: 25975-x86-IvyBridge.patch -Patch26060: 26060-ACPI-ERST-table-size-checks.patch -Patch26062: 26062-ACPI-ERST-move-data.patch Patch26077: 26077-stubdom_fix_compile_errors_in_grub.patch Patch26078: 26078-hotplug-Linux_remove_hotplug_support_rely_on_udev_instead.patch Patch26079: 26079-hotplug-Linux_close_lockfd_after_lock_attempt.patch @@ -197,20 +195,8 @@ Patch26087: 26087-hotplug-Linux_install_sysconfig_files_as_data_files.patch Patch26114: 26114-pygrub-list-entries.patch Patch26129: 26129-ACPI-BGRT-invalidate.patch Patch26133: 26133-IOMMU-defer-BM-disable.patch -Patch26183: 26183-x86-HPET-masking.patch Patch26189: 26189-xenstore-chmod.patch -Patch26200: 26200-IOMMU-debug-verbose.patch -Patch26235: 26235-IOMMU-ATS-max-queue-depth.patch -Patch26252: 26252-VMX-nested-rflags.patch -Patch26253: 26253-VMX-nested-rdtsc.patch -Patch26254: 26254-VMX-nested-dr.patch -Patch26255: 26255-VMX-nested-ia32e-mode.patch -Patch26258: 26258-VMX-nested-intr-delivery.patch Patch26262: 26262-x86-EFI-secure-shim.patch -Patch26266: 26266-sched-ratelimit-check.patch -Patch26287: 26287-sched-credit-pick-idle.patch -Patch26294: 26294-x86-AMD-Fam15-way-access-filter.patch -Patch26320: 26320-IOMMU-domctl-assign-seg.patch Patch26324: 26324-IOMMU-assign-params.patch Patch26325: 26325-IOMMU-add-remove-params.patch Patch26326: 26326-VT-d-context-map-params.patch @@ -219,9 +205,6 @@ Patch26328: 26328-IOMMU-pdev-type.patch Patch26329: 26329-IOMMU-phantom-dev.patch Patch26330: 26330-VT-d-phantom-MSI.patch Patch26331: 26331-IOMMU-phantom-dev-quirk.patch -Patch26332: 26332-x86-compat-show-guest-stack-mfn.patch -Patch26333: 26333-x86-get_page_type-assert.patch -Patch26340: 26340-VT-d-intremap-verify-legacy-bridge.patch Patch26341: 26341-hvm-firmware-passthrough.patch Patch26342: 26342-hvm-firmware-passthrough.patch Patch26343: 26343-hvm-firmware-passthrough.patch @@ -229,27 +212,9 @@ Patch26344: 26344-hvm-firmware-passthrough.patch Patch26369: 26369-libxl-devid.patch Patch26370: 26370-libxc-x86-initial-mapping-fit.patch Patch26372: 26372-tools-paths.patch -Patch26395: 26395-x86-FPU-context-conditional.patch Patch26404: 26404-x86-forward-both-NMI-kinds.patch Patch26418: 26418-x86-trampoline-consider-multiboot.patch -Patch26427: 26427-x86-AMD-enable-WC+.patch -Patch26428: 26428-x86-HVM-RTC-update.patch -Patch26440: 26440-x86-forward-SERR.patch -Patch26443: 26443-ACPI-zap-DMAR.patch -Patch26444: 26444-x86-nHVM-no-self-enable.patch -Patch26468: 26468-libxl-race.patch -Patch26469: 26469-libxl-race.patch -Patch26501: 26501-VMX-simplify-CR0-update.patch -Patch26502: 26502-VMX-disable-SMEP-when-not-paging.patch -Patch26516: 26516-ACPI-parse-table-retval.patch -Patch26517: 26517-AMD-IOMMU-clear-irtes.patch -Patch26518: 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch -Patch26519: 26519-AMD-IOMMU-perdev-intremap-default.patch -Patch26526: 26526-pvdrv-no-devinit.patch -Patch26529: 26529-gcc48-build-fix.patch -Patch26531: 26531-AMD-IOMMU-IVHD-special-missing.patch Patch26532: 26532-AMD-IOMMU-phantom-MSI.patch -Patch26536: 26536-xenoprof-div-by-0.patch Patch26547: 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch Patch26548: 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch Patch26549: 26549-tools-xc_turn_XCFLAGS__into_shifts.patch @@ -260,36 +225,20 @@ Patch26555: 26555-hvm-firmware-passthrough.patch Patch26556: 26556-hvm-firmware-passthrough.patch Patch26576: 26576-x86-APICV-migration.patch Patch26577: 26577-x86-APICV-x2APIC.patch -Patch26578: 26578-AMD-IOMMU-replace-BUG_ON.patch -Patch26585: 26585-x86-mm-Take-the-p2m-lock-even-in-shadow-mode.patch -Patch26595: 26595-x86-nhvm-properly-clean-up-after-failure-to-set-up-all-vCPU-s.patch -Patch26601: 26601-honor-ACPI-v4-FADT-flags.patch -Patch26656: 26656-x86-fix-null-pointer-dereference-in-intel_get_extended_msrs.patch -Patch26659: 26659-AMD-IOMMU-erratum-746-workaround.patch -Patch26660: 26660-x86-fix-CMCI-injection.patch -Patch26672: 26672-vmx-fix-handling-of-NMI-VMEXIT.patch -Patch26673: 26673-Avoid-stale-pointer-when-moving-domain-to-another-cpupool.patch Patch26675: 26675-tools-xentoollog_update_tty_detection_in_stdiostream_progress.patch -Patch26676: 26676-fix-compat-memory-exchange-op-splitting.patch -Patch26677: 26677-x86-make-certain-memory-sub-ops-return-valid-values.patch -Patch26678: 26678-SEDF-avoid-gathering-vCPU-s-on-pCPU0.patch -Patch26679: 26679-x86-defer-processing-events-on-the-NMI-exit-path.patch -Patch26683: 26683-credit1-Use-atomic-bit-operations-for-the-flags-structure.patch -Patch26686: 26686-xentrace-fix-off-by-one-in-calculate_tbuf_size.patch -Patch26689: 26689-fix-domain-unlocking-in-some-xsm-error-paths.patch -Patch26692: 26692-x86-fully-protect-MSI-X-table-from-PV-guest-accesses.patch -Patch26702: 26702-powernow-add-fixups-for-AMD-P-state-figures.patch -Patch26704: 26704-x86-MCA-suppress-bank-clearing-for-certain-injected-events.patch -Patch26731: 26731-AMD-IOMMU-Process-softirqs-while-building-dom0-iommu-mappings.patch -Patch26733: 26733-VT-d-Enumerate-IOMMUs-when-listing-capabilities.patch -Patch26734: 26734-ACPI-ERST-Name-table-in-otherwise-opaque-error-messages.patch -Patch26736: 26736-ACPI-APEI-Unlock-apei_iomaps_lock-on-error-path.patch -Patch26737: 26737-ACPI-APEI-Add-apei_exec_run_optional.patch -Patch26742: 26742-IOMMU-properly-check-whether-interrupt-remapping-is-enabled.patch -Patch26743: 26743-VT-d-deal-with-5500-5520-X58-errata.patch -Patch26744: 26744-AMD-IOMMU-allow-disabling-only-interrupt-remapping.patch -Patch34: CVE-2013-0151-xsa34.patch -Patch41: CVE-2012-6075-xsa41.patch +Patch26891: 26891-x86-S3-Fix-cpu-pool-scheduling-after-suspend-resume.patch +Patch26902: 26902-x86-EFI-pass-boot-services-variable-info-to-runtime-code.patch +Patch26930: 26930-x86-EFI-fix-runtime-call-status-for-compat-mode-Dom0.patch +Patch4501: CVE-2013-1918-xsa45-1-vcpu-destroy-pagetables-preemptible.patch +Patch4502: CVE-2013-1918-xsa45-2-new-guest-cr3-preemptible.patch +Patch4503: CVE-2013-1918-xsa45-3-new-user-base-preemptible.patch +Patch4504: CVE-2013-1918-xsa45-4-vcpu-reset-preemptible.patch +Patch4505: CVE-2013-1918-xsa45-5-set-info-guest-preemptible.patch +Patch4506: CVE-2013-1918-xsa45-6-unpin-preemptible.patch +Patch4507: CVE-2013-1918-xsa45-7-mm-error-paths-preemptible.patch +Patch4508: CVE-2013-1918-xsa45-followup.patch +Patch48: CVE-2013-1922-xsa48.patch +Patch49: CVE-2013-1952-xsa49.patch Patch88: xen.migrate.tools-xc_print_messages_from_xc_save_with_xc_report.patch Patch89: xen.migrate.tools-xc_document_printf_calls_in_xc_restore.patch Patch90: xen.migrate.tools-xc_rework_xc_save.cswitch_qemu_logdirty.patch @@ -298,7 +247,6 @@ Patch92: xen.migrate.tools_add_xm_migrate_--log_progress_option.patch Patch93: xen.migrate.tools-xend_move_assert_to_exception_block.patch Patch94: xen.migrate.tools-libxc_print_stats_if_migration_is_aborted.patch Patch95: xen.migrate.tools_set_number_of_dirty_pages_during_migration.patch -Patch96: xen.migrate.tools_notify_restore_to_hangup_during_migration_--abort_if_busy.patch # Upstream qemu patches Patch100: VNC-Support-for-ExtendedKeyEvent-client-message.patch # Our patches @@ -395,7 +343,8 @@ Patch461: xen-migration-bridge-check.patch Patch462: pygrub-netware-xnloader.patch Patch463: xen-managed-pci-device.patch Patch464: xend-hvm-firmware-passthrough.patch -Patch465: xen-glibc217.patch +Patch465: xend-cpuinfo-model-name.patch +Patch466: xen-glibc217.patch # Jim's domain lock patch Patch480: xend-domain-lock.patch Patch481: xend-domain-lock-sfex.patch @@ -406,9 +355,8 @@ Patch502: x86-cpufreq-report.patch Patch503: x86-dom-print.patch Patch504: pvdrv-import-shared-info.patch Patch505: x86-extra-trap-info.patch -Patch506: x86-EFI-set-variable-permit-attrs.patch -Patch507: pvdrv_emulation_control.patch -Patch508: blktap-pv-cdrom.patch +Patch506: pvdrv_emulation_control.patch +Patch507: blktap-pv-cdrom.patch Patch511: supported_module.diff Patch512: magic_ioport_compat.patch Patch513: xen.sles11sp1.fate311487.xen_platform_pci.dmistring.patch @@ -418,6 +366,7 @@ Patch652: ioemu-disable-emulated-ide-if-pv.patch Patch700: hv_extid_compatibility.patch Patch800: xenpaging.autostart.patch Patch801: xenpaging.doc.patch +Patch802: xenpaging.qemu.flush-cache.patch # Build patch Patch99998: tmp-initscript-modprobe.patch Patch99999: tmp_build.patch @@ -764,7 +713,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch25867 -p1 %patch25874 -p1 %patch25909 -p1 -%patch25912 -p1 %patch25920 -p1 %patch25921 -p1 %patch25922 -p1 @@ -773,8 +721,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch25958 -p1 %patch25959 -p1 %patch25975 -p1 -%patch26060 -p1 -%patch26062 -p1 %patch26077 -p1 %patch26078 -p1 %patch26079 -p1 @@ -788,20 +734,8 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26114 -p1 %patch26129 -p1 %patch26133 -p1 -%patch26183 -p1 %patch26189 -p1 -%patch26200 -p1 -%patch26235 -p1 -%patch26252 -p1 -%patch26253 -p1 -%patch26254 -p1 -%patch26255 -p1 -%patch26258 -p1 %patch26262 -p1 -%patch26266 -p1 -%patch26287 -p1 -%patch26294 -p1 -%patch26320 -p1 %patch26324 -p1 %patch26325 -p1 %patch26326 -p1 @@ -810,9 +744,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26329 -p1 %patch26330 -p1 %patch26331 -p1 -%patch26332 -p1 -%patch26333 -p1 -%patch26340 -p1 %patch26341 -p1 %patch26342 -p1 %patch26343 -p1 @@ -820,28 +751,9 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26369 -p1 %patch26370 -p1 %patch26372 -p1 -%patch26395 -p1 %patch26404 -p1 %patch26418 -p1 -%patch26427 -p1 -%patch26428 -p1 -%patch26440 -p1 -%patch26443 -p1 -%patch34 -p1 -%patch26444 -p1 -%patch26468 -p1 -%patch26469 -p1 -%patch26501 -p1 -%patch26502 -p1 -%patch26516 -p1 -%patch26517 -p1 -%patch26518 -p1 -%patch26519 -p1 -%patch26526 -p1 -%patch26529 -p1 -%patch26531 -p1 %patch26532 -p1 -%patch26536 -p1 %patch26547 -p1 %patch26548 -p1 %patch26549 -p1 @@ -852,35 +764,20 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch26556 -p1 %patch26576 -p1 %patch26577 -p1 -%patch26578 -p1 -%patch26585 -p1 -%patch26595 -p1 -%patch26601 -p1 -%patch26656 -p1 -%patch26659 -p1 -%patch26660 -p1 -%patch26672 -p1 -%patch26673 -p1 %patch26675 -p1 -%patch26676 -p1 -%patch26677 -p1 -%patch26678 -p1 -%patch26679 -p1 -%patch26683 -p1 -%patch26686 -p1 -%patch26689 -p1 -%patch26692 -p1 -%patch26702 -p1 -%patch26704 -p1 -%patch26731 -p1 -%patch26733 -p1 -%patch26734 -p1 -%patch26736 -p1 -%patch26737 -p1 -%patch26742 -p1 -%patch26743 -p1 -%patch26744 -p1 -%patch41 -p1 +%patch26891 -p1 +%patch26902 -p1 +%patch26930 -p1 +%patch4501 -p1 +%patch4502 -p1 +%patch4503 -p1 +%patch4504 -p1 +%patch4505 -p1 +%patch4506 -p1 +%patch4507 -p1 +%patch4508 -p1 +%patch48 -p1 +%patch49 -p1 %patch88 -p1 %patch89 -p1 %patch90 -p1 @@ -889,7 +786,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch93 -p1 %patch94 -p1 %patch95 -p1 -%patch96 -p1 # Qemu %patch100 -p1 # Our patches @@ -984,6 +880,7 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch463 -p1 %patch464 -p1 %patch465 -p1 +%patch466 -p1 %patch480 -p1 %patch481 -p1 %patch500 -p1 @@ -994,7 +891,6 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch505 -p1 %patch506 -p1 %patch507 -p1 -%patch508 -p1 %patch511 -p1 %patch512 -p1 %patch513 -p1 @@ -1004,6 +900,7 @@ tar xfj %{SOURCE6} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch700 -p1 %patch800 -p1 %patch801 -p1 +%patch802 -p1 %patch99998 -p1 %patch99999 -p1 # tools/qemu-xen-traditional-dir-remote/configure ./tools/qemu-xen-dir-remote/configure use @@ -1134,6 +1031,10 @@ done %if %{?with_dom0_support}0 # Stubdom %if %{?with_stubdom}0 +#remove -fstack-protector flag for stubdom build section +export EXTRA_CFLAGS_XEN_TOOLS=$(echo $RPM_OPT_FLAGS |sed -e 's/-fstack-protector//g') +export EXTRA_CFLAGS_QEMU_TRADITIONAL=$(echo $RPM_OPT_FLAGS |sed -e 's/-fstack-protector//g') +export EXTRA_CFLAGS_QEMU_XEN=$(echo $RPM_OPT_FLAGS |sed -e 's/-fstack-protector//g') make stubdom %{?_smp_mflags} make -C stubdom install \ DESTDIR=$RPM_BUILD_ROOT MANDIR=%{_mandir} \ @@ -1143,6 +1044,10 @@ mkdir -p $RPM_BUILD_ROOT/%{_defaultdocdir}/xen ln -s /usr/lib/xen/bin/stubdom-dm $RPM_BUILD_ROOT/usr/lib64/xen/bin/stubdom-dm ln -s /usr/lib/xen/bin/stubdompath.sh $RPM_BUILD_ROOT/usr/lib64/xen/bin/stubdompath.sh %endif +#restore -fstack-protector flag +export EXTRA_CFLAGS_XEN_TOOLS="$RPM_OPT_FLAGS" +export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" +export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS" %endif # Qemu #make -C tools/qemu-xen-dir-remote install diff --git a/xend-cpuinfo-model-name.patch b/xend-cpuinfo-model-name.patch new file mode 100644 index 0000000..248f577 --- /dev/null +++ b/xend-cpuinfo-model-name.patch @@ -0,0 +1,24 @@ +References: bnc#814709 +For cpus that contain additional ':' characters in their name + +Index: xen-4.2.1-testing/tools/python/xen/xend/osdep.py +=================================================================== +--- xen-4.2.1-testing.orig/tools/python/xen/xend/osdep.py ++++ xen-4.2.1-testing/tools/python/xen/xend/osdep.py +@@ -143,10 +143,14 @@ def _linux_get_cpuinfo(): + d = {} + for line in f: + keyvalue = line.split(':') +- if len(keyvalue) != 2: ++ if len(keyvalue) < 2: + continue + key = keyvalue[0].strip() +- val = keyvalue[1].strip() ++ for i in range(1, len(keyvalue)): ++ if i == 1: ++ val = keyvalue[i].lstrip() ++ else: ++ val = val + ":" + keyvalue[i] + if key == 'processor': + if p != -1: + cpuinfo[p] = d diff --git a/xend-domain-lock-sfex.patch b/xend-domain-lock-sfex.patch index 9b20062..16bc204 100644 --- a/xend-domain-lock-sfex.patch +++ b/xend-domain-lock-sfex.patch @@ -1,7 +1,7 @@ -Index: xen-4.2.1-testing/tools/examples/xend-config.sxp +Index: xen-4.2.2-testing/tools/examples/xend-config.sxp =================================================================== ---- xen-4.2.1-testing.orig/tools/examples/xend-config.sxp -+++ xen-4.2.1-testing/tools/examples/xend-config.sxp +--- xen-4.2.2-testing.orig/tools/examples/xend-config.sxp ++++ xen-4.2.2-testing/tools/examples/xend-config.sxp @@ -357,7 +357,7 @@ # path // # Return 0 on success, non-zero on error. @@ -23,10 +23,10 @@ Index: xen-4.2.1-testing/tools/examples/xend-config.sxp # If we have a very big scsi device configuration, start of xend is slow, # because xend scans all the device paths to build its internal PSCSI device # list. If we need only a few devices for assigning to a guest, we can reduce -Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile +Index: xen-4.2.2-testing/tools/hotplug/Linux/Makefile =================================================================== ---- xen-4.2.1-testing.orig/tools/hotplug/Linux/Makefile -+++ xen-4.2.1-testing/tools/hotplug/Linux/Makefile +--- xen-4.2.2-testing.orig/tools/hotplug/Linux/Makefile ++++ xen-4.2.2-testing/tools/hotplug/Linux/Makefile @@ -23,6 +23,7 @@ XEN_SCRIPTS += xen-hotplug-cleanup XEN_SCRIPTS += external-device-migrate XEN_SCRIPTS += vscsi @@ -35,10 +35,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh -Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock +Index: xen-4.2.2-testing/tools/hotplug/Linux/domain-lock =================================================================== ---- xen-4.2.1-testing.orig/tools/hotplug/Linux/domain-lock -+++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock +--- xen-4.2.2-testing.orig/tools/hotplug/Linux/domain-lock ++++ xen-4.2.2-testing/tools/hotplug/Linux/domain-lock @@ -4,7 +4,7 @@ basedir=$(dirname "$0") usage() { @@ -48,10 +48,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock echo "" echo "-l lock" echo "-u unlock" -Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock-sfex +Index: xen-4.2.2-testing/tools/hotplug/Linux/domain-lock-sfex =================================================================== --- /dev/null -+++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock-sfex ++++ xen-4.2.2-testing/tools/hotplug/Linux/domain-lock-sfex @@ -0,0 +1,166 @@ +#!/bin/bash + @@ -219,11 +219,11 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock-sfex +;; +esac + -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -4572,8 +4572,14 @@ class XendDomainInfo: +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -4573,8 +4573,14 @@ class XendDomainInfo: # Return name of host contained in lock file. def get_lock_host(self, path): @@ -240,7 +240,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py hostname = "unknown" try: -@@ -4595,6 +4601,16 @@ class XendDomainInfo: +@@ -4596,6 +4602,16 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) @@ -257,7 +257,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py try: if not os.path.exists(path): mkdir.parents(path, stat.S_IRWXU) -@@ -4602,12 +4618,7 @@ class XendDomainInfo: +@@ -4603,12 +4619,7 @@ class XendDomainInfo: log.exception("%s could not be created." % path) raise XendError("%s could not be created." % path) @@ -271,7 +271,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py if status != 0: log.debug("Failed to aqcuire lock: status = %d" % status) raise XendError("The VM is locked and appears to be running on host %s." % self.get_lock_host(path)) -@@ -4624,12 +4635,18 @@ class XendDomainInfo: +@@ -4625,12 +4636,18 @@ class XendDomainInfo: path = xoptions.get_xend_domain_lock_path() path = os.path.join(path, self.get_uuid()) @@ -296,10 +296,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py if status != 0: log.exception("Failed to release lock: status = %s" % status) try: -Index: xen-4.2.1-testing/tools/python/xen/xend/XendNode.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendNode.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendNode.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendNode.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendNode.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendNode.py @@ -162,6 +162,7 @@ class XendNode: self._init_cpu_pools() @@ -326,10 +326,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendNode.py def add_network(self, interface): # TODO log.debug("add_network(): Not implemented.") -Index: xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendOptions.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendOptions.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendOptions.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendOptions.py @@ -164,6 +164,9 @@ class XendOptions: """Default script to acquire/release domain lock""" xend_domain_lock_utility = auxbin.scripts_dir() + "/domain-lock" diff --git a/xend-domain-lock.patch b/xend-domain-lock.patch index 678e776..cb4a103 100644 --- a/xend-domain-lock.patch +++ b/xend-domain-lock.patch @@ -8,10 +8,10 @@ tools/python/xen/xend/XendOptions.py | 29 +++++++++++ 7 files changed, 290 insertions(+) -Index: xen-4.2.1-testing/tools/examples/xend-config.sxp +Index: xen-4.2.2-testing/tools/examples/xend-config.sxp =================================================================== ---- xen-4.2.1-testing.orig/tools/examples/xend-config.sxp -+++ xen-4.2.1-testing/tools/examples/xend-config.sxp +--- xen-4.2.2-testing.orig/tools/examples/xend-config.sxp ++++ xen-4.2.2-testing/tools/examples/xend-config.sxp @@ -324,6 +324,65 @@ # device assignment could really work properly even after we do this. #(pci-passthrough-strict-check yes) @@ -78,10 +78,10 @@ Index: xen-4.2.1-testing/tools/examples/xend-config.sxp # If we have a very big scsi device configuration, start of xend is slow, # because xend scans all the device paths to build its internal PSCSI device # list. If we need only a few devices for assigning to a guest, we can reduce -Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile +Index: xen-4.2.2-testing/tools/hotplug/Linux/Makefile =================================================================== ---- xen-4.2.1-testing.orig/tools/hotplug/Linux/Makefile -+++ xen-4.2.1-testing/tools/hotplug/Linux/Makefile +--- xen-4.2.2-testing.orig/tools/hotplug/Linux/Makefile ++++ xen-4.2.2-testing/tools/hotplug/Linux/Makefile @@ -22,6 +22,7 @@ XEN_SCRIPTS += vtpm vtpm-delete XEN_SCRIPTS += xen-hotplug-cleanup XEN_SCRIPTS += external-device-migrate @@ -90,10 +90,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/Makefile XEN_SCRIPT_DATA = xen-script-common.sh locking.sh logging.sh XEN_SCRIPT_DATA += xen-hotplug-common.sh xen-network-common.sh vif-common.sh XEN_SCRIPT_DATA += block-common.sh vtpm-common.sh vtpm-hotplug-common.sh -Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock +Index: xen-4.2.2-testing/tools/hotplug/Linux/domain-lock =================================================================== --- /dev/null -+++ xen-4.2.1-testing/tools/hotplug/Linux/domain-lock ++++ xen-4.2.2-testing/tools/hotplug/Linux/domain-lock @@ -0,0 +1,83 @@ +#!/bin/bash + @@ -178,10 +178,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/domain-lock + get_status $vm_path + ;; +esac -Index: xen-4.2.1-testing/tools/hotplug/Linux/vm-monitor +Index: xen-4.2.2-testing/tools/hotplug/Linux/vm-monitor =================================================================== --- /dev/null -+++ xen-4.2.1-testing/tools/hotplug/Linux/vm-monitor ++++ xen-4.2.2-testing/tools/hotplug/Linux/vm-monitor @@ -0,0 +1,41 @@ +#!/bin/bash + @@ -224,10 +224,10 @@ Index: xen-4.2.1-testing/tools/hotplug/Linux/vm-monitor +elif [ $0 = "$basedir/vm-monitor" ]; then + monitor $* +fi -Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendCheckpoint.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendCheckpoint.py @@ -139,6 +139,11 @@ def save(fd, dominfo, network, live, dst str( int(live) | (int(hvm) << 2) | (int(abort_if_busy) << 5) | (int(log_save_progress) << 6) ) ] log.debug("[xc_save]: %s", string.join(cmd)) @@ -258,10 +258,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendCheckpoint.py return dominfo except Exception, exn: dominfo.destroy() -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py @@ -486,6 +486,7 @@ class XendDomainInfo: if self._stateGet() in (XEN_API_VM_POWER_STATE_HALTED, XEN_API_VM_POWER_STATE_SUSPENDED, XEN_API_VM_POWER_STATE_CRASHED): try: @@ -270,7 +270,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py XendTask.log_progress(0, 30, self._constructDomain) XendTask.log_progress(31, 60, self._initDomain) -@@ -3055,6 +3056,11 @@ class XendDomainInfo: +@@ -3056,6 +3057,11 @@ class XendDomainInfo: self._stateSet(DOM_STATE_HALTED) self.domid = None # Do not push into _stateSet()! @@ -282,7 +282,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py finally: self.refresh_shutdown_lock.release() -@@ -4564,6 +4570,74 @@ class XendDomainInfo: +@@ -4565,6 +4571,74 @@ class XendDomainInfo: def has_device(self, dev_class, dev_uuid): return (dev_uuid in self.info['%s_refs' % dev_class.lower()]) @@ -357,10 +357,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py def __str__(self): return '' % \ (str(self.domid), self.info['name_label'], -Index: xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendOptions.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendOptions.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendOptions.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendOptions.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendOptions.py @@ -154,6 +154,17 @@ class XendOptions: use loose check automatically if necessary.""" pci_dev_assign_strict_check_default = True diff --git a/xenpaging.autostart.patch b/xenpaging.autostart.patch index c7d5d6e..6fca3de 100644 --- a/xenpaging.autostart.patch +++ b/xenpaging.autostart.patch @@ -45,10 +45,10 @@ v2: tools/python/xen/xm/xenapi_create.py | 3 + 10 files changed, 179 insertions(+) -Index: xen-4.2.1-testing/tools/examples/xmexample.hvm +Index: xen-4.2.2-testing/tools/examples/xmexample.hvm =================================================================== ---- xen-4.2.1-testing.orig/tools/examples/xmexample.hvm -+++ xen-4.2.1-testing/tools/examples/xmexample.hvm +--- xen-4.2.2-testing.orig/tools/examples/xmexample.hvm ++++ xen-4.2.2-testing/tools/examples/xmexample.hvm @@ -142,6 +142,15 @@ disk = [ 'file:/var/lib/xen/images/disk. # Device Model to be used device_model = 'qemu-dm' @@ -65,10 +65,10 @@ Index: xen-4.2.1-testing/tools/examples/xmexample.hvm #----------------------------------------------------------------------------- # boot on floppy (a), hard disk (c), Network (n) or CD-ROM (d) # default: hard disk, cd-rom, floppy -Index: xen-4.2.1-testing/tools/python/README.XendConfig +Index: xen-4.2.2-testing/tools/python/README.XendConfig =================================================================== ---- xen-4.2.1-testing.orig/tools/python/README.XendConfig -+++ xen-4.2.1-testing/tools/python/README.XendConfig +--- xen-4.2.2-testing.orig/tools/python/README.XendConfig ++++ xen-4.2.2-testing/tools/python/README.XendConfig @@ -120,6 +120,9 @@ otherConfig image.vncdisplay image.vncunused @@ -79,10 +79,10 @@ Index: xen-4.2.1-testing/tools/python/README.XendConfig image.hvm.smbios_firmware image.hvm.apci_firmware image.hvm.display -Index: xen-4.2.1-testing/tools/python/README.sxpcfg +Index: xen-4.2.2-testing/tools/python/README.sxpcfg =================================================================== ---- xen-4.2.1-testing.orig/tools/python/README.sxpcfg -+++ xen-4.2.1-testing/tools/python/README.sxpcfg +--- xen-4.2.2-testing.orig/tools/python/README.sxpcfg ++++ xen-4.2.2-testing/tools/python/README.sxpcfg @@ -51,6 +51,9 @@ image - vncunused (HVM) @@ -93,10 +93,10 @@ Index: xen-4.2.1-testing/tools/python/README.sxpcfg - smbios_firmware - acpi_firmware - display -Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendConfig.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendConfig.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendConfig.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendConfig.py @@ -147,6 +147,9 @@ XENAPI_PLATFORM_CFG_TYPES = { 'apic': int, 'boot': str, @@ -120,10 +120,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendConfig.py if 'smbios_firmware' not in self['platform']: self['platform']['smbios_firmware'] = "" if 'acpi_firmware' not in self['platform']: -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomain.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomain.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomain.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomain.py @@ -1849,6 +1849,21 @@ class XendDomain: raise XendInvalidDomain(str(domid)) dominfo.setMigrateConstraints(max_iters, max_factor, min_remaining, abort_if_busy, log_save_progress) @@ -146,11 +146,11 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomain.py def domain_maxmem_set(self, domid, mem): """Set the memory limit for a domain. -Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py +Index: xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py -+++ xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1550,6 +1550,17 @@ class XendDomainInfo: +--- xen-4.2.2-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.2.2-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -1551,6 +1551,17 @@ class XendDomainInfo: break xen.xend.XendDomain.instance().managed_config_save(self) @@ -168,7 +168,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py def setMemoryTarget(self, target): """Set the memory target of this domain. @param target: In MiB. -@@ -2340,6 +2351,8 @@ class XendDomainInfo: +@@ -2341,6 +2352,8 @@ class XendDomainInfo: self.info['name_label'], self.domid, self.info['uuid'], new_name, new_uuid) self._unwatchVm() @@ -177,7 +177,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() # Remove existing vm node in xenstore self._removeVm() -@@ -3019,6 +3032,9 @@ class XendDomainInfo: +@@ -3020,6 +3033,9 @@ class XendDomainInfo: self._createDevices() @@ -187,7 +187,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self.image.cleanupTmpImages() self.info['start_time'] = time.time() -@@ -3043,6 +3059,8 @@ class XendDomainInfo: +@@ -3044,6 +3060,8 @@ class XendDomainInfo: self.refresh_shutdown_lock.acquire() try: self.unwatchShutdown() @@ -196,7 +196,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() bootloader_tidy(self) -@@ -3127,6 +3145,7 @@ class XendDomainInfo: +@@ -3128,6 +3146,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self.image.createDeviceModel(True) @@ -204,7 +204,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self.console_port = console_port self._storeDomDetails() self._registerWatches() -@@ -3269,6 +3288,8 @@ class XendDomainInfo: +@@ -3270,6 +3289,8 @@ class XendDomainInfo: # could also fetch a parsed note from xenstore fast = self.info.get_notes().get('SUSPEND_CANCEL') and 1 or 0 if not fast: @@ -213,7 +213,7 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() self.testDeviceComplete() self.testvifsComplete() -@@ -3284,6 +3305,8 @@ class XendDomainInfo: +@@ -3285,6 +3306,8 @@ class XendDomainInfo: self._storeDomDetails() self._createDevices() @@ -222,10 +222,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/XendDomainInfo.py log.debug("XendDomainInfo.resumeDomain: devices created") xc.domain_resume(self.domid, fast) -Index: xen-4.2.1-testing/tools/python/xen/xend/image.py +Index: xen-4.2.2-testing/tools/python/xen/xend/image.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xend/image.py -+++ xen-4.2.1-testing/tools/python/xen/xend/image.py +--- xen-4.2.2-testing.orig/tools/python/xen/xend/image.py ++++ xen-4.2.2-testing/tools/python/xen/xend/image.py @@ -122,6 +122,10 @@ class ImageHandler: self.vm.permissionsVm("image/cmdline", { 'dom': self.vm.getDomid(), 'read': True } ) @@ -325,10 +325,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xend/image.py def createDeviceModel(self, restore = False): if self.device_model is None: return -Index: xen-4.2.1-testing/tools/python/xen/xm/create.py +Index: xen-4.2.2-testing/tools/python/xen/xm/create.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/create.py -+++ xen-4.2.1-testing/tools/python/xen/xm/create.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/create.py ++++ xen-4.2.2-testing/tools/python/xen/xm/create.py @@ -503,6 +503,18 @@ gopts.var('acpi_firmware', val='FILE', fn=set_value, default=None, use="Path to a file that contains extra ACPI firmware tables.") @@ -358,10 +358,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/create.py 'device_model', 'display', 'smbios_firmware', 'acpi_firmware', 'fda', 'fdb', -Index: xen-4.2.1-testing/tools/python/xen/xm/main.py +Index: xen-4.2.2-testing/tools/python/xen/xm/main.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/main.py -+++ xen-4.2.1-testing/tools/python/xen/xm/main.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/main.py ++++ xen-4.2.2-testing/tools/python/xen/xm/main.py @@ -115,6 +115,8 @@ SUBCOMMAND_HELP = { 'Set the maximum amount reservation for a domain.'), 'mem-set' : (' ', @@ -397,10 +397,10 @@ Index: xen-4.2.1-testing/tools/python/xen/xm/main.py # cpu commands "vcpu-pin": xm_vcpu_pin, "vcpu-list": xm_vcpu_list, -Index: xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +Index: xen-4.2.2-testing/tools/python/xen/xm/xenapi_create.py =================================================================== ---- xen-4.2.1-testing.orig/tools/python/xen/xm/xenapi_create.py -+++ xen-4.2.1-testing/tools/python/xen/xm/xenapi_create.py +--- xen-4.2.2-testing.orig/tools/python/xen/xm/xenapi_create.py ++++ xen-4.2.2-testing/tools/python/xen/xm/xenapi_create.py @@ -1085,6 +1085,9 @@ class sxp2xml: 'acpi', 'apic', diff --git a/xenpaging.qemu.flush-cache.patch b/xenpaging.qemu.flush-cache.patch new file mode 100644 index 0000000..55dbb6f --- /dev/null +++ b/xenpaging.qemu.flush-cache.patch @@ -0,0 +1,31 @@ +Subject: xenpaging/qemu-dm: add command to flush buffer cache. + +Add support for a xenstore dm command to flush qemu's buffer cache. + +qemu will just keep mapping pages and not release them, which causes problems +for the memory pager (since the page is mapped, it won't get paged out). When +the pager has trouble finding a page to page out, it asks qemu to flush its +buffer, which releases all the page mappings. This makes it possible to find +pages to swap out agian. + +Already-Signed-off-by: Patrick Colp +Signed-off-by: Olaf Hering + +--- + tools/qemu-xen-traditional-dir-remote/xenstore.c | 3 +++ + 1 file changed, 3 insertions(+) + +Index: xen-4.2.2-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +=================================================================== +--- xen-4.2.2-testing.orig/tools/qemu-xen-traditional-dir-remote/xenstore.c ++++ xen-4.2.2-testing/tools/qemu-xen-traditional-dir-remote/xenstore.c +@@ -1019,6 +1019,9 @@ static void xenstore_process_dm_command_ + do_pci_add(par); + free(par); + #endif ++ } else if (!strncmp(command, "flush-cache", len)) { ++ fprintf(logfile, "dm-command: flush caches\n"); ++ qemu_invalidate_map_cache(); + } else { + fprintf(logfile, "dm-command: unknown command\"%*s\"\n", len, command); + } From 51467ad207854ab5a9d60d0878a2fb59b61be5f98518223781ce178a2545c8ec Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Thu, 9 May 2013 08:15:21 +0000 Subject: [PATCH 7/8] different lndir handling OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=238 --- xen.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/xen.spec b/xen.spec index b6a484e..03e8321 100644 --- a/xen.spec +++ b/xen.spec @@ -113,8 +113,11 @@ BuildRequires: glibc-devel BuildRequires: kernel-source BuildRequires: kernel-syms BuildRequires: module-init-tools +%if %suse_version < 1220 BuildRequires: xorg-x11 -BuildRequires: xorg-x11-util-devel +%else +BuildRequires: lndir +%endif %endif Version: 4.2.2_01 Release: 0 From d766d613df54feacac18568782f876294a8236163ca81cffa5cbb31a3eeaeb53 Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Thu, 9 May 2013 10:46:47 +0000 Subject: [PATCH 8/8] - add lndir to BuildRequires OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=239 --- xen.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen.changes b/xen.changes index 9e2d2b5..593f075 100644 --- a/xen.changes +++ b/xen.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Mon May 6 15:52:03 CEST 2013 - ohering@suse.de -- add xorg-x11-util-devel to BuildRequires to get lndir(1) +- add lndir to BuildRequires ------------------------------------------------------------------- Mon May 6 11:45:03 CEST 2013 - ohering@suse.de