From 2d4e82ad737f70076653b88dee24953be6380df93668f985411e3cf676053511 Mon Sep 17 00:00:00 2001 From: Olaf Hering Date: Mon, 15 Aug 2011 13:32:00 +0000 Subject: [PATCH] sync with dfa59dade20b7bd14fff98536750be50 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=137 --- 23685-libxl-segfault-fix.patch | 65 ++++++ 23732-sedf.patch | 60 +++++ 23735-guest-dom0-cap.patch | 234 +++++++++++++++++++ 23746-vtd-cleanup-timers.patch | 43 ++++ 23747-mmcfg-base-address.patch | 64 +++++ 23749-mmcfg-reservation.patch | 389 +++++++++++++++++++++++++++++++ 23762-CVE-2011-3131.patch | 74 ++++++ 32on64-extra-mem.patch | 2 +- change-vnc-passwd.patch | 2 +- change_home_server.patch | 2 +- del_usb_xend_entry.patch | 2 +- disable-xl-when-using-xend.patch | 74 ++++++ multi-xvdp.patch | 2 +- snapshot-xend.patch | 11 +- tmp-initscript-modprobe.patch | 2 +- xen.changes | 58 +++++ xen.spec | 79 +++++-- xen_pvdrivers.conf | 9 +- xencommons-proc-xen.patch | 55 +++++ xend-console-port-restore.patch | 40 ++++ xend-domain-lock.patch | 4 +- xenpaging.autostart.patch | 10 +- 22 files changed, 1234 insertions(+), 47 deletions(-) create mode 100644 23685-libxl-segfault-fix.patch create mode 100644 23732-sedf.patch create mode 100644 23735-guest-dom0-cap.patch create mode 100644 23746-vtd-cleanup-timers.patch create mode 100644 23747-mmcfg-base-address.patch create mode 100644 23749-mmcfg-reservation.patch create mode 100644 23762-CVE-2011-3131.patch create mode 100644 disable-xl-when-using-xend.patch create mode 100644 xencommons-proc-xen.patch create mode 100644 xend-console-port-restore.patch diff --git a/23685-libxl-segfault-fix.patch b/23685-libxl-segfault-fix.patch new file mode 100644 index 0000000..233b19e --- /dev/null +++ b/23685-libxl-segfault-fix.patch @@ -0,0 +1,65 @@ +# HG changeset patch +# User Stefano Stabellini +# Date 1310654989 -3600 +# Node ID 5239811f92e1ffb185a50172fdcf47372e71ba7e +# Parent 98701b1276c034b2bbbc8c7a975cf4c361caaa63 +libxl: Fix segfault in get_all_assigned_devices + +pcidevs is an array of ndev elements (ndev is the number of pci devices +assigend to a specific domain), but we access pcidevs + *num +where *num is the global number of pci devices assigned so far to all +domains in the system. + +Fix the issue removing pcidevs and just realloc'ing *list every time we +want to add a new pci device to the array. + +Signed-off-by: Stefano Stabellini +Committed-by: Ian Jackson + +Index: xen-4.1.1-testing/tools/libxl/libxl_pci.c +=================================================================== +--- xen-4.1.1-testing.orig/tools/libxl/libxl_pci.c ++++ xen-4.1.1-testing/tools/libxl/libxl_pci.c +@@ -434,7 +434,6 @@ retry_transaction2: + + static int get_all_assigned_devices(libxl__gc *gc, libxl_device_pci **list, int *num) + { +- libxl_device_pci *pcidevs = NULL; + char **domlist; + unsigned int nd = 0, i; + +@@ -451,8 +450,7 @@ static int get_all_assigned_devices(libx + int ndev = atoi(num_devs), j; + char *devpath, *bdf; + +- pcidevs = libxl__calloc(gc, sizeof(*pcidevs), ndev); +- for(j = (pcidevs) ? 0 : ndev; j < ndev; j++) { ++ for(j = 0; j < ndev; j++) { + devpath = libxl__sprintf(gc, "/local/domain/0/backend/pci/%s/0/dev-%u", + domlist[i], j); + bdf = libxl__xs_read(gc, XBT_NULL, devpath); +@@ -461,19 +459,16 @@ static int get_all_assigned_devices(libx + if ( sscanf(bdf, PCI_BDF, &dom, &bus, &dev, &func) != 4 ) + continue; + +- pcidev_init(pcidevs + *num, dom, bus, dev, func, 0); ++ *list = realloc(*list, sizeof(libxl_device_pci) * ((*num) + 1)); ++ if (*list == NULL) ++ return ERROR_NOMEM; ++ pcidev_init(*list + *num, dom, bus, dev, func, 0); + (*num)++; + } + } + } + } +- +- if ( 0 == *num ) { +- free(pcidevs); +- pcidevs = NULL; +- }else{ +- *list = pcidevs; +- } ++ libxl__ptr_add(gc, *list); + + return 0; + } diff --git a/23732-sedf.patch b/23732-sedf.patch new file mode 100644 index 0000000..ae283e8 --- /dev/null +++ b/23732-sedf.patch @@ -0,0 +1,60 @@ +# HG changeset patch +# User George Dunlap +# Date 1311255331 -3600 +# Node ID 3795d79c740b2aa50aacb7bf7e3503862a7b436c +# Parent 48f72b389b04cfa8d44924577a69ed59e48fbe77 +xen: Fix sedf scheduler + +Update the sedf scheduler to be compatible with the most recent +generic scheduler interface changes. + +Signed-off-by: George Dunlap + +--- a/xen/common/sched_sedf.c ++++ b/xen/common/sched_sedf.c +@@ -331,6 +331,19 @@ static inline void __add_to_runqueue_sor + } + + ++static void sedf_insert_vcpu(const struct scheduler *ops, struct vcpu *v) ++{ ++ if ( !is_idle_vcpu(v) ) ++ { ++ extraq_check(v); ++ } ++ else ++ { ++ EDOM_INFO(v)->deadl_abs = 0; ++ EDOM_INFO(v)->status &= ~SEDF_ASLEEP; ++ } ++} ++ + static void *sedf_alloc_vdata(const struct scheduler *ops, struct vcpu *v, void *dd) + { + struct sedf_vcpu_info *inf; +@@ -365,16 +378,6 @@ static void *sedf_alloc_vdata(const stru + INIT_LIST_HEAD(&(inf->list)); + INIT_LIST_HEAD(&(inf->extralist[EXTRA_PEN_Q])); + INIT_LIST_HEAD(&(inf->extralist[EXTRA_UTIL_Q])); +- +- if ( !is_idle_vcpu(v) ) +- { +- extraq_check(v); +- } +- else +- { +- inf->deadl_abs = 0; +- inf->status &= ~SEDF_ASLEEP; +- } + + return inf; + } +@@ -1498,6 +1501,8 @@ const struct scheduler sched_sedf_def = + .init_domain = sedf_init_domain, + .destroy_domain = sedf_destroy_domain, + ++ .insert_vcpu = sedf_insert_vcpu, ++ + .alloc_vdata = sedf_alloc_vdata, + .free_vdata = sedf_free_vdata, + .alloc_pdata = sedf_alloc_pdata, diff --git a/23735-guest-dom0-cap.patch b/23735-guest-dom0-cap.patch new file mode 100644 index 0000000..7b8cb21 --- /dev/null +++ b/23735-guest-dom0-cap.patch @@ -0,0 +1,234 @@ +References: bnc#702407 + +# HG changeset patch +# User Jan Beulich +# Date 1311407355 -3600 +# Node ID 537918f518eec3d8e2e2dad403fce40303321523 +# Parent 42edf1481c5704c8ce1eb171a713b5411df0551a +add privileged (dom0) kernel feature indication + +With our switching away from supporting 32-bit Dom0 operation, users +complained that attempts (perhaps due to lack of knowledge of that +change) to boot the no longer privileged kernel in Dom0 resulted in +apparently silent failure. To make the mismatch explicit and visible, +add dom0 feature flag that the kernel can set to indicate operation as +dom0 is supported. + +Due to the way elf_xen_parse_features() worked up to now (getting +fixed here), adding features indications to the old, string based ELF +note would make the respective kernel unusable on older hypervisors. +For that reason, a new ELF Note is being introduced that allows +specifying supported features as a bit array instead (with features +unknown to the hypervisor simply ignored, as now also done by +elf_xen_parse_features(), whereas here unknown kernel-required +features still keep the kernel [and hence VM] from booting). + +Introduce and use elf_note_numeric_array() to be forward +compatible (or else an old hypervisor wouldn't be able to parse kernel +specified features occupying more than 64 bits - thanks, Ian!). + +Signed-off-by: Jan Beulich + +# HG changeset patch +# User Jan Beulich +# Date 1311598088 -3600 +# Node ID 50ddc200a60cad3929a79a992f09145fd39af49d +# Parent d8725d9fb8657874011d2f2772f5e970b24dfe9b +fix regression from c/s 23735:537918f518ee + +This was checking presence of the wrong (old) ELF note. I don't really +understand how this failed consistently only for one of the xen-boot +tests... + +Signed-off-by: Jan Beulich + +--- a/tools/libxc/xc_dom_elfloader.c ++++ b/tools/libxc/xc_dom_elfloader.c +@@ -286,6 +286,13 @@ static int xc_dom_parse_elf_kernel(struc + if ( (rc = elf_xen_parse(elf, &dom->parms)) != 0 ) + return rc; + ++ if ( elf_xen_feature_get(XENFEAT_dom0, dom->parms.f_required) ) ++ { ++ xc_dom_panic(dom->xch, XC_INVALID_KERNEL, "%s: Kernel does not" ++ " support unprivileged (DomU) operation", __FUNCTION__); ++ return -EINVAL; ++ } ++ + /* find kernel segment */ + dom->kernel_seg.vstart = dom->parms.virt_kstart; + dom->kernel_seg.vend = dom->parms.virt_kend; +--- a/xen/arch/ia64/xen/domain.c ++++ b/xen/arch/ia64/xen/domain.c +@@ -2164,6 +2164,13 @@ int __init construct_dom0(struct domain + return -1; + } + ++ if (parms.elf_notes[XEN_ELFNOTE_SUPPORTED_FEATURES].type != XEN_ENT_NONE && ++ !test_bit(XENFEAT_dom0, parms.f_supported)) ++ { ++ printk("Kernel does not support Dom0 operation\n"); ++ return -1; ++ } ++ + p_start = parms.virt_base; + pkern_start = parms.virt_kstart; + pkern_end = parms.virt_kend; +--- a/xen/arch/x86/domain_build.c ++++ b/xen/arch/x86/domain_build.c +@@ -415,6 +415,13 @@ int __init construct_dom0( + return -EINVAL; + } + ++ if ( parms.elf_notes[XEN_ELFNOTE_SUPPORTED_FEATURES].type != XEN_ENT_NONE && ++ !test_bit(XENFEAT_dom0, parms.f_supported) ) ++ { ++ printk("Kernel does not support Dom0 operation\n"); ++ return -EINVAL; ++ } ++ + #if defined(__x86_64__) + if ( compat32 ) + { +--- a/xen/common/kernel.c ++++ b/xen/common/kernel.c +@@ -287,6 +287,8 @@ DO(xen_version)(int cmd, XEN_GUEST_HANDL + (1U << XENFEAT_auto_translated_physmap); + if ( supervisor_mode_kernel ) + fi.submap |= 1U << XENFEAT_supervisor_mode_kernel; ++ if ( current->domain == dom0 ) ++ fi.submap |= 1U << XENFEAT_dom0; + #ifdef CONFIG_X86 + if ( !is_hvm_vcpu(current) ) + fi.submap |= (1U << XENFEAT_mmu_pt_update_preserve_ad) | +--- a/xen/common/libelf/libelf-dominfo.c ++++ b/xen/common/libelf/libelf-dominfo.c +@@ -26,7 +26,8 @@ static const char *const elf_xen_feature + [XENFEAT_writable_descriptor_tables] = "writable_descriptor_tables", + [XENFEAT_auto_translated_physmap] = "auto_translated_physmap", + [XENFEAT_supervisor_mode_kernel] = "supervisor_mode_kernel", +- [XENFEAT_pae_pgdir_above_4gb] = "pae_pgdir_above_4gb" ++ [XENFEAT_pae_pgdir_above_4gb] = "pae_pgdir_above_4gb", ++ [XENFEAT_dom0] = "dom0" + }; + static const int elf_xen_features = + sizeof(elf_xen_feature_names) / sizeof(elf_xen_feature_names[0]); +@@ -82,7 +83,7 @@ int elf_xen_parse_features(const char *f + } + } + } +- if ( i == elf_xen_features ) ++ if ( i == elf_xen_features && required && feature[0] == '!' ) + return -1; + } + +@@ -113,6 +114,7 @@ int elf_xen_parse_note(struct elf_binary + [XEN_ELFNOTE_LOADER] = { "LOADER", 1}, + [XEN_ELFNOTE_PAE_MODE] = { "PAE_MODE", 1}, + [XEN_ELFNOTE_FEATURES] = { "FEATURES", 1}, ++ [XEN_ELFNOTE_SUPPORTED_FEATURES] = { "SUPPORTED_FEATURES", 0}, + [XEN_ELFNOTE_BSD_SYMTAB] = { "BSD_SYMTAB", 1}, + [XEN_ELFNOTE_SUSPEND_CANCEL] = { "SUSPEND_CANCEL", 0 }, + [XEN_ELFNOTE_MOD_START_PFN] = { "MOD_START_PFN", 0 }, +@@ -121,6 +123,7 @@ int elf_xen_parse_note(struct elf_binary + + const char *str = NULL; + uint64_t val = 0; ++ unsigned int i; + int type = elf_uval(elf, note, type); + + if ( (type >= sizeof(note_desc) / sizeof(note_desc[0])) || +@@ -199,6 +202,12 @@ int elf_xen_parse_note(struct elf_binary + return -1; + break; + ++ case XEN_ELFNOTE_SUPPORTED_FEATURES: ++ for ( i = 0; i < XENFEAT_NR_SUBMAPS; ++i ) ++ parms->f_supported[i] |= elf_note_numeric_array( ++ elf, note, sizeof(*parms->f_supported), i); ++ break; ++ + } + return 0; + } +--- a/xen/common/libelf/libelf-tools.c ++++ b/xen/common/libelf/libelf-tools.c +@@ -227,6 +227,27 @@ uint64_t elf_note_numeric(struct elf_bin + return 0; + } + } ++ ++uint64_t elf_note_numeric_array(struct elf_binary *elf, const elf_note *note, ++ unsigned int unitsz, unsigned int idx) ++{ ++ const void *desc = elf_note_desc(elf, note); ++ int descsz = elf_uval(elf, note, descsz); ++ ++ if ( descsz % unitsz || idx >= descsz / unitsz ) ++ return 0; ++ switch (unitsz) ++ { ++ case 1: ++ case 2: ++ case 4: ++ case 8: ++ return elf_access_unsigned(elf, desc, idx * unitsz, unitsz); ++ default: ++ return 0; ++ } ++} ++ + const elf_note *elf_note_next(struct elf_binary *elf, const elf_note * note) + { + int namesz = (elf_uval(elf, note, namesz) + 3) & ~3; +--- a/xen/include/public/elfnote.h ++++ b/xen/include/public/elfnote.h +@@ -179,9 +179,22 @@ + #define XEN_ELFNOTE_MOD_START_PFN 16 + + /* ++ * The features supported by this kernel (numeric). ++ * ++ * Other than XEN_ELFNOTE_FEATURES on pre-4.2 Xen, this note allows a ++ * kernel to specify support for features that older hypervisors don't ++ * know about. The set of features 4.2 and newer hypervisors will ++ * consider supported by the kernel is the combination of the sets ++ * specified through this and the string note. ++ * ++ * LEGACY: FEATURES ++ */ ++#define XEN_ELFNOTE_SUPPORTED_FEATURES 17 ++ ++/* + * The number of the highest elfnote defined. + */ +-#define XEN_ELFNOTE_MAX XEN_ELFNOTE_MOD_START_PFN ++#define XEN_ELFNOTE_MAX XEN_ELFNOTE_SUPPORTED_FEATURES + + /* + * System information exported through crash notes. +--- a/xen/include/public/features.h ++++ b/xen/include/public/features.h +@@ -75,7 +75,10 @@ + #define XENFEAT_hvm_safe_pvclock 9 + + /* x86: pirq can be used by HVM guests */ +-#define XENFEAT_hvm_pirqs 10 ++#define XENFEAT_hvm_pirqs 10 ++ ++/* operation as Dom0 is supported */ ++#define XENFEAT_dom0 11 + + #define XENFEAT_NR_SUBMAPS 1 + +--- a/xen/include/xen/libelf.h ++++ b/xen/include/xen/libelf.h +@@ -179,6 +179,8 @@ const elf_sym *elf_sym_by_index(struct e + const char *elf_note_name(struct elf_binary *elf, const elf_note * note); + const void *elf_note_desc(struct elf_binary *elf, const elf_note * note); + uint64_t elf_note_numeric(struct elf_binary *elf, const elf_note * note); ++uint64_t elf_note_numeric_array(struct elf_binary *, const elf_note *, ++ unsigned int unitsz, unsigned int idx); + const elf_note *elf_note_next(struct elf_binary *elf, const elf_note * note); + + int elf_is_elfbinary(const void *image); diff --git a/23746-vtd-cleanup-timers.patch b/23746-vtd-cleanup-timers.patch new file mode 100644 index 0000000..973af4e --- /dev/null +++ b/23746-vtd-cleanup-timers.patch @@ -0,0 +1,43 @@ +# HG changeset patch +# User Tim Deegan +# Date 1311608493 -3600 +# Node ID aa54b8175954bd6ffeb3bcf72e782e133896b388 +# Parent 9dbbf1631193bb6df679f5eaaee192ef4ef91fd9 +VT-d: always clean up dpci timers. + +If a VM has all its PCI devices deassigned, need_iommu(d) becomes +false but it might still have DPCI EOI timers that were init_timer()d +but not yet kill_timer()d. That causes xen to crash later because the +linked list of inactive timers gets corrupted, e.g.: + +(XEN) Xen call trace: +(XEN) [] set_timer+0x1c2/0x24f +(XEN) [] schedule+0x129/0x5dd +(XEN) [] __do_softirq+0x7e/0x89 +(XEN) [] do_softirq+0x26/0x28 +(XEN) [] idle_loop+0x5a/0x5c +(XEN) +(XEN) +(XEN) **************************************** +(XEN) Panic on CPU 0: +(XEN) Assertion 'entry->next->prev == entry' failed at +/local/scratch/tdeegan/xen-unstable.hg/xen/include:172 +(XEN) **************************************** + +The following patch makes sure that the domain destruction path always +clears up the DPCI state even if !needs_iommu(d). + +Signed-off-by: Tim Deegan + +--- a/xen/drivers/passthrough/pci.c ++++ b/xen/drivers/passthrough/pci.c +@@ -252,9 +252,6 @@ static void pci_clean_dpci_irqs(struct d + if ( !iommu_enabled ) + return; + +- if ( !need_iommu(d) ) +- return; +- + spin_lock(&d->event_lock); + hvm_irq_dpci = domain_get_irq_dpci(d); + if ( hvm_irq_dpci != NULL ) diff --git a/23747-mmcfg-base-address.patch b/23747-mmcfg-base-address.patch new file mode 100644 index 0000000..661cd87 --- /dev/null +++ b/23747-mmcfg-base-address.patch @@ -0,0 +1,64 @@ +# HG changeset patch +# User Jan Beulich +# Date 1311608539 -3600 +# Node ID b07b6fa766562c990b1d1e59af032feda15c2edb +# Parent aa54b8175954bd6ffeb3bcf72e782e133896b388 +x86-64/MMCFG: correct base address computation for regions not starting at bus 0 + +As per the specification, the base address reported by ACPI is the one +that would be used if the region started at bus 0. Hence the +start_bus_number offset needs to be added not only to the virtual +address, but also the physical one when establishing the mapping, and +it then needs to be subtracted when obtaining the virtual address for +doing accesses. + +Signed-off-by: Jan Beulich + +--- a/xen/arch/x86/x86_64/mmconfig_64.c ++++ b/xen/arch/x86/x86_64/mmconfig_64.c +@@ -25,7 +25,7 @@ struct mmcfg_virt { + static struct mmcfg_virt *pci_mmcfg_virt; + static int __initdata mmcfg_pci_segment_shift; + +-static char __iomem *get_virt(unsigned int seg, unsigned bus) ++static char __iomem *get_virt(unsigned int seg, unsigned int *bus) + { + struct acpi_mcfg_allocation *cfg; + int cfg_num; +@@ -33,9 +33,11 @@ static char __iomem *get_virt(unsigned i + for (cfg_num = 0; cfg_num < pci_mmcfg_config_num; cfg_num++) { + cfg = pci_mmcfg_virt[cfg_num].cfg; + if (cfg->pci_segment == seg && +- (cfg->start_bus_number <= bus) && +- (cfg->end_bus_number >= bus)) ++ (cfg->start_bus_number <= *bus) && ++ (cfg->end_bus_number >= *bus)) { ++ *bus -= cfg->start_bus_number; + return pci_mmcfg_virt[cfg_num].virt; ++ } + } + + /* Fall back to type 0 */ +@@ -46,7 +48,7 @@ static char __iomem *pci_dev_base(unsign + { + char __iomem *addr; + +- addr = get_virt(seg, bus); ++ addr = get_virt(seg, &bus); + if (!addr) + return NULL; + return addr + ((bus << 20) | (devfn << 12)); +@@ -121,8 +123,11 @@ static void __iomem * __init mcfg_iorema + if (virt + size < virt || virt + size > PCI_MCFG_VIRT_END) + return NULL; + +- map_pages_to_xen(virt, cfg->address >> PAGE_SHIFT, +- size >> PAGE_SHIFT, PAGE_HYPERVISOR_NOCACHE); ++ if (map_pages_to_xen(virt, ++ (cfg->address >> PAGE_SHIFT) + ++ (cfg->start_bus_number << (20 - PAGE_SHIFT)), ++ size >> PAGE_SHIFT, PAGE_HYPERVISOR_NOCACHE)) ++ return NULL; + + return (void __iomem *) virt; + } diff --git a/23749-mmcfg-reservation.patch b/23749-mmcfg-reservation.patch new file mode 100644 index 0000000..54c1b96 --- /dev/null +++ b/23749-mmcfg-reservation.patch @@ -0,0 +1,389 @@ +# HG changeset patch +# User Jan Beulich +# Date 1311608606 -3600 +# Node ID e8d1c8f074babcb0e4511393106e80a918a38204 +# Parent e1717d180897e6e7a04d83a41d86b35ac16912b9 +x86-64/MMCFG: pass down firmware (ACPI) reservation status of used memory space + +Reserving the MMCFG address range(s) in E820 is specified to only be +optional for the firmware to do. The requirement is to have them +reserved in ACPI resources. Those, however, aren't directly visible to +Xen as they require the ACPI interpreter to be active. Thus, if a +range isn't reserved in E820, we should not completely disable use of +MMCFG on the respective bus range, but rather keep it disabled until +Dom0 can pass down information on the ACPI reservation status (though +a new physdevop hypercall). + +Signed-off-by: Jan Beulich + +--- a/xen/arch/x86/physdev.c ++++ b/xen/arch/x86/physdev.c +@@ -16,6 +16,10 @@ + #include + #include + ++#ifdef CONFIG_X86_64 ++#include "x86_64/mmconfig.h" ++#endif ++ + #ifndef COMPAT + typedef long ret_t; + #endif +@@ -515,6 +519,24 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_H + break; + } + ++#ifdef __x86_64__ ++ case PHYSDEVOP_pci_mmcfg_reserved: { ++ struct physdev_pci_mmcfg_reserved info; ++ ++ ret = -EPERM; ++ if ( !IS_PRIV(current->domain) ) ++ break; ++ ++ ret = -EFAULT; ++ if ( copy_from_guest(&info, arg, 1) ) ++ break; ++ ++ ret = pci_mmcfg_reserved(info.address, info.segment, ++ info.start_bus, info.end_bus, info.flags); ++ break; ++ } ++#endif ++ + case PHYSDEVOP_restore_msi: { + struct physdev_restore_msi restore_msi; + struct pci_dev *pdev; +--- a/xen/arch/x86/x86_64/mmconfig.h ++++ b/xen/arch/x86/x86_64/mmconfig.h +@@ -84,6 +84,11 @@ extern int pci_mmcfg_config_num; + extern struct acpi_mcfg_allocation *pci_mmcfg_config; + + /* function prototypes */ ++struct acpi_table_header; + int acpi_parse_mcfg(struct acpi_table_header *header); ++int pci_mmcfg_reserved(uint64_t address, unsigned int segment, ++ unsigned int start_bus, unsigned int end_bus, ++ unsigned int flags); + int pci_mmcfg_arch_init(void); +-void pci_mmcfg_arch_free(void); ++int pci_mmcfg_arch_enable(unsigned int); ++void pci_mmcfg_arch_disable(unsigned int); +--- a/xen/arch/x86/x86_64/mmconfig-shared.c ++++ b/xen/arch/x86/x86_64/mmconfig-shared.c +@@ -22,10 +22,10 @@ + #include + #include + #include ++#include + + #include "mmconfig.h" + +-static int __initdata known_bridge; + unsigned int pci_probe = PCI_PROBE_CONF1 | PCI_PROBE_MMCONF; + + static void __init parse_mmcfg(char *s) +@@ -316,26 +316,21 @@ static int __init pci_mmcfg_check_hostbr + return name != NULL; + } + +-typedef int (*check_reserved_t)(u64 start, u64 end, unsigned type); +- + static int __init is_mmconf_reserved( +- check_reserved_t is_reserved, + u64 addr, u64 size, int i, +- typeof(pci_mmcfg_config[0]) *cfg, int with_e820) ++ typeof(pci_mmcfg_config[0]) *cfg) + { + u64 old_size = size; + int valid = 0; + +- while (!is_reserved(addr, addr + size - 1, E820_RESERVED)) { ++ while (!e820_all_mapped(addr, addr + size - 1, E820_RESERVED)) { + size >>= 1; + if (size < (16UL<<20)) + break; + } + + if (size >= (16UL<<20) || size == old_size) { +- printk(KERN_NOTICE +- "PCI: MCFG area at %lx reserved in %s\n", +- addr, with_e820?"E820":"ACPI motherboard resources"); ++ printk(KERN_NOTICE "PCI: MCFG area at %lx reserved in E820\n", addr); + valid = 1; + + if (old_size != size) { +@@ -352,15 +347,16 @@ static int __init is_mmconf_reserved( + return valid; + } + +-static void __init pci_mmcfg_reject_broken(void) ++static bool_t __init pci_mmcfg_reject_broken(void) + { + typeof(pci_mmcfg_config[0]) *cfg; + int i; ++ bool_t valid = 1; + + if ((pci_mmcfg_config_num == 0) || + (pci_mmcfg_config == NULL) || + (pci_mmcfg_config[0].address == 0)) +- return; ++ return 0; + + cfg = &pci_mmcfg_config[0]; + +@@ -374,27 +370,25 @@ static void __init pci_mmcfg_reject_brok + size = cfg->end_bus_number + 1 - cfg->start_bus_number; + size <<= 20; + printk(KERN_NOTICE "PCI: MCFG configuration %d: base %lx " +- "segment %hu buses %u - %u\n", ++ "segment %04x buses %02x - %02x\n", + i, (unsigned long)cfg->address, cfg->pci_segment, + (unsigned int)cfg->start_bus_number, + (unsigned int)cfg->end_bus_number); + +- if (!is_mmconf_reserved(e820_all_mapped, addr, size, i, cfg, 1)) +- goto reject; ++ if (!is_mmconf_reserved(addr, size, i, cfg) || ++ pci_mmcfg_arch_enable(i)) { ++ pci_mmcfg_arch_disable(i); ++ valid = 0; ++ } + } + +- return; +- +-reject: +- printk(KERN_INFO "PCI: Not using MMCONFIG.\n"); +- pci_mmcfg_arch_free(); +- xfree(pci_mmcfg_config); +- pci_mmcfg_config = NULL; +- pci_mmcfg_config_num = 0; ++ return valid; + } + + void __init acpi_mmcfg_init(void) + { ++ bool_t valid = 1; ++ + /* MMCONFIG disabled */ + if ((pci_probe & PCI_PROBE_MMCONF) == 0) + return; +@@ -403,16 +397,17 @@ void __init acpi_mmcfg_init(void) + if (!(pci_probe & PCI_PROBE_MASK & ~PCI_PROBE_MMCONF)) + return; + +- /* for late to exit */ +- if (known_bridge) +- return; +- +- if (pci_mmcfg_check_hostbridge()) +- known_bridge = 1; ++ if (pci_mmcfg_check_hostbridge()) { ++ unsigned int i; + +- if (!known_bridge) { ++ pci_mmcfg_arch_init(); ++ for (i = 0; i < pci_mmcfg_config_num; ++i) ++ if (pci_mmcfg_arch_enable(i)) ++ valid = 0; ++ } else { + acpi_table_parse(ACPI_SIG_MCFG, acpi_parse_mcfg); +- pci_mmcfg_reject_broken(); ++ pci_mmcfg_arch_init(); ++ valid = pci_mmcfg_reject_broken(); + } + + if ((pci_mmcfg_config_num == 0) || +@@ -420,9 +415,41 @@ void __init acpi_mmcfg_init(void) + (pci_mmcfg_config[0].address == 0)) + return; + +- if (pci_mmcfg_arch_init()) { ++ if (valid) + pci_probe = (pci_probe & ~PCI_PROBE_MASK) | PCI_PROBE_MMCONF; ++} ++ ++int pci_mmcfg_reserved(uint64_t address, unsigned int segment, ++ unsigned int start_bus, unsigned int end_bus, ++ unsigned int flags) ++{ ++ unsigned int i; ++ ++ if (flags & ~XEN_PCI_MMCFG_RESERVED) ++ return -EINVAL; ++ ++ for (i = 0; i < pci_mmcfg_config_num; ++i) { ++ const typeof(pci_mmcfg_config[0]) *cfg = &pci_mmcfg_config[i]; ++ ++ if (cfg->pci_segment == segment && ++ cfg->start_bus_number == start_bus && ++ cfg->end_bus_number == end_bus) { ++ if (cfg->address != address) { ++ printk(KERN_WARNING ++ "Base address presented for segment %04x bus %02x-%02x" ++ " (%08" PRIx64 ") does not match previously obtained" ++ " one (%08" PRIx64 ")\n", ++ segment, start_bus, end_bus, address, cfg->address); ++ return -EIO; ++ } ++ if (flags & XEN_PCI_MMCFG_RESERVED) ++ return pci_mmcfg_arch_enable(i); ++ pci_mmcfg_arch_disable(i); ++ return 0; ++ } + } ++ ++ return -ENODEV; + } + + /** +--- a/xen/arch/x86/x86_64/mmconfig_64.c ++++ b/xen/arch/x86/x86_64/mmconfig_64.c +@@ -112,7 +112,8 @@ int pci_mmcfg_write(unsigned int seg, un + return 0; + } + +-static void __iomem * __init mcfg_ioremap(struct acpi_mcfg_allocation *cfg) ++static void __iomem *mcfg_ioremap(const struct acpi_mcfg_allocation *cfg, ++ unsigned int prot) + { + unsigned long virt, size; + +@@ -126,19 +127,55 @@ static void __iomem * __init mcfg_iorema + if (map_pages_to_xen(virt, + (cfg->address >> PAGE_SHIFT) + + (cfg->start_bus_number << (20 - PAGE_SHIFT)), +- size >> PAGE_SHIFT, PAGE_HYPERVISOR_NOCACHE)) ++ size >> PAGE_SHIFT, prot)) + return NULL; + + return (void __iomem *) virt; + } + ++int pci_mmcfg_arch_enable(unsigned int idx) ++{ ++ const typeof(pci_mmcfg_config[0]) *cfg = pci_mmcfg_virt[idx].cfg; ++ ++ if (pci_mmcfg_virt[idx].virt) ++ return 0; ++ pci_mmcfg_virt[idx].virt = mcfg_ioremap(cfg, PAGE_HYPERVISOR_NOCACHE); ++ if (!pci_mmcfg_virt[idx].virt) { ++ printk(KERN_ERR "PCI: Cannot map MCFG aperture for segment %04x\n", ++ cfg->pci_segment); ++ return -ENOMEM; ++ } ++ printk(KERN_INFO "PCI: Using MCFG for segment %04x bus %02x-%02x\n", ++ cfg->pci_segment, cfg->start_bus_number, cfg->end_bus_number); ++ return 0; ++} ++ ++void pci_mmcfg_arch_disable(unsigned int idx) ++{ ++ const typeof(pci_mmcfg_config[0]) *cfg = pci_mmcfg_virt[idx].cfg; ++ ++ pci_mmcfg_virt[idx].virt = NULL; ++ /* ++ * Don't use destroy_xen_mappings() here, or make sure that at least ++ * the necessary L4 entries get populated (so that they get properly ++ * propagated to guest domains' page tables). ++ */ ++ mcfg_ioremap(cfg, 0); ++ printk(KERN_WARNING "PCI: Not using MCFG for segment %04x bus %02x-%02x\n", ++ cfg->pci_segment, cfg->start_bus_number, cfg->end_bus_number); ++} ++ + int __init pci_mmcfg_arch_init(void) + { + int i; + ++ if (pci_mmcfg_virt) ++ return 0; ++ + pci_mmcfg_virt = xmalloc_array(struct mmcfg_virt, pci_mmcfg_config_num); + if (pci_mmcfg_virt == NULL) { + printk(KERN_ERR "PCI: Can not allocate memory for mmconfig structures\n"); ++ pci_mmcfg_config_num = 0; + return 0; + } + memset(pci_mmcfg_virt, 0, sizeof(*pci_mmcfg_virt) * pci_mmcfg_config_num); +@@ -149,34 +186,5 @@ int __init pci_mmcfg_arch_init(void) + ++mmcfg_pci_segment_shift; + } + mmcfg_pci_segment_shift += 20; +- for (i = 0; i < pci_mmcfg_config_num; ++i) { +- pci_mmcfg_virt[i].virt = mcfg_ioremap(&pci_mmcfg_config[i]); +- if (!pci_mmcfg_virt[i].virt) { +- printk(KERN_ERR "PCI: Cannot map mmconfig aperture for " +- "segment %d\n", +- pci_mmcfg_config[i].pci_segment); +- pci_mmcfg_arch_free(); +- return 0; +- } +- } + return 1; + } +- +-void __init pci_mmcfg_arch_free(void) +-{ +- int i; +- +- if (pci_mmcfg_virt == NULL) +- return; +- +- for (i = 0; i < pci_mmcfg_config_num; ++i) { +- if (pci_mmcfg_virt[i].virt) { +- iounmap(pci_mmcfg_virt[i].virt); +- pci_mmcfg_virt[i].virt = NULL; +- pci_mmcfg_virt[i].cfg = NULL; +- } +- } +- +- xfree(pci_mmcfg_virt); +- pci_mmcfg_virt = NULL; +-} +--- a/xen/arch/x86/x86_64/physdev.c ++++ b/xen/arch/x86/x86_64/physdev.c +@@ -54,6 +54,10 @@ + #define physdev_get_free_pirq compat_physdev_get_free_pirq + #define physdev_get_free_pirq_t physdev_get_free_pirq_compat_t + ++#define xen_physdev_pci_mmcfg_reserved physdev_pci_mmcfg_reserved ++CHECK_physdev_pci_mmcfg_reserved; ++#undef xen_physdev_pci_mmcfg_reserved ++ + #define COMPAT + #undef guest_handle_okay + #define guest_handle_okay compat_handle_okay +--- a/xen/include/public/physdev.h ++++ b/xen/include/public/physdev.h +@@ -255,6 +255,19 @@ struct physdev_get_free_pirq { + typedef struct physdev_get_free_pirq physdev_get_free_pirq_t; + DEFINE_XEN_GUEST_HANDLE(physdev_get_free_pirq_t); + ++#define XEN_PCI_MMCFG_RESERVED 0x1 ++ ++#define PHYSDEVOP_pci_mmcfg_reserved 24 ++struct physdev_pci_mmcfg_reserved { ++ uint64_t address; ++ uint16_t segment; ++ uint8_t start_bus; ++ uint8_t end_bus; ++ uint32_t flags; ++}; ++typedef struct physdev_pci_mmcfg_reserved physdev_pci_mmcfg_reserved_t; ++DEFINE_XEN_GUEST_HANDLE(physdev_pci_mmcfg_reserved_t); ++ + /* + * Notify that some PIRQ-bound event channels have been unmasked. + * ** This command is obsolete since interface version 0x00030202 and is ** +--- a/xen/include/xlat.lst ++++ b/xen/include/xlat.lst +@@ -60,6 +60,7 @@ + ! memory_map memory.h + ! memory_reservation memory.h + ! pod_target memory.h ++? physdev_pci_mmcfg_reserved physdev.h + ! sched_poll sched.h + ? sched_remote_shutdown sched.h + ? sched_shutdown sched.h diff --git a/23762-CVE-2011-3131.patch b/23762-CVE-2011-3131.patch new file mode 100644 index 0000000..8e2a591 --- /dev/null +++ b/23762-CVE-2011-3131.patch @@ -0,0 +1,74 @@ +# HG changeset patch +# User Tim Deegan +# Date 1313145221 -3600 +# Node ID 84e3706df07a1963e23cd3875d8603917657d462 +# Parent cb22fa57ff252893b6adb1481e09b1287eacd990 +Passthrough: disable bus-mastering on any card that causes an IOMMU fault. + +This stops the card from raising back-to-back faults and live-locking +the CPU that handles them. + +Signed-off-by: Tim Deegan +Acked-by: Wei Wang2 +Acked-by: Allen M Kay + +Index: xen-4.1.1-testing/xen/drivers/passthrough/amd/iommu_init.c +=================================================================== +--- xen-4.1.1-testing.orig/xen/drivers/passthrough/amd/iommu_init.c ++++ xen-4.1.1-testing/xen/drivers/passthrough/amd/iommu_init.c +@@ -462,7 +462,7 @@ static hw_irq_controller iommu_msi_type + + static void parse_event_log_entry(u32 entry[]) + { +- u16 domain_id, device_id; ++ u16 domain_id, device_id, bdf, cword; + u32 code; + u64 *addr; + char * event_str[] = {"ILLEGAL_DEV_TABLE_ENTRY", +@@ -497,6 +497,18 @@ static void parse_event_log_entry(u32 en + "%s: domain = %d, device id = 0x%04x, " + "fault address = 0x%"PRIx64"\n", + event_str[code-1], domain_id, device_id, *addr); ++ ++ /* Tell the device to stop DMAing; we can't rely on the guest to ++ * control it for us. */ ++ for ( bdf = 0; bdf < ivrs_bdf_entries; bdf++ ) ++ if ( get_dma_requestor_id(bdf) == device_id ) ++ { ++ cword = pci_conf_read16(PCI_BUS(bdf), PCI_SLOT(bdf), ++ PCI_FUNC(bdf), PCI_COMMAND); ++ pci_conf_write16(PCI_BUS(bdf), PCI_SLOT(bdf), ++ PCI_FUNC(bdf), PCI_COMMAND, ++ cword & ~PCI_COMMAND_MASTER); ++ } + } + else + { +Index: xen-4.1.1-testing/xen/drivers/passthrough/vtd/iommu.c +=================================================================== +--- xen-4.1.1-testing.orig/xen/drivers/passthrough/vtd/iommu.c ++++ xen-4.1.1-testing/xen/drivers/passthrough/vtd/iommu.c +@@ -887,7 +887,7 @@ static void iommu_page_fault(int irq, vo + while (1) + { + u8 fault_reason; +- u16 source_id; ++ u16 source_id, cword; + u32 data; + u64 guest_addr; + int type; +@@ -920,6 +920,14 @@ static void iommu_page_fault(int irq, vo + iommu_page_fault_do_one(iommu, type, fault_reason, + source_id, guest_addr); + ++ /* Tell the device to stop DMAing; we can't rely on the guest to ++ * control it for us. */ ++ cword = pci_conf_read16(PCI_BUS(source_id), PCI_SLOT(source_id), ++ PCI_FUNC(source_id), PCI_COMMAND); ++ pci_conf_write16(PCI_BUS(source_id), PCI_SLOT(source_id), ++ PCI_FUNC(source_id), PCI_COMMAND, ++ cword & ~PCI_COMMAND_MASTER); ++ + fault_index++; + if ( fault_index > cap_num_fault_regs(iommu->cap) ) + fault_index = 0; diff --git a/32on64-extra-mem.patch b/32on64-extra-mem.patch index 0b652fb..dac00d1 100644 --- a/32on64-extra-mem.patch +++ b/32on64-extra-mem.patch @@ -2,7 +2,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.1.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2927,7 +2927,7 @@ class XendDomainInfo: +@@ -2926,7 +2926,7 @@ class XendDomainInfo: self.guest_bitsize = self.image.getBitSize() # Make sure there's enough RAM available for the domain diff --git a/change-vnc-passwd.patch b/change-vnc-passwd.patch index b59efba..98b3673 100644 --- a/change-vnc-passwd.patch +++ b/change-vnc-passwd.patch @@ -63,7 +63,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.1.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1489,6 +1489,20 @@ class XendDomainInfo: +@@ -1488,6 +1488,20 @@ class XendDomainInfo: target = max_target self.setMemoryTarget(target) diff --git a/change_home_server.patch b/change_home_server.patch index 30e3f03..0790a04 100644 --- a/change_home_server.patch +++ b/change_home_server.patch @@ -2,7 +2,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.1.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -3130,6 +3130,11 @@ class XendDomainInfo: +@@ -3129,6 +3129,11 @@ class XendDomainInfo: self._cleanup_phantom_devs(paths) self._cleanupVm() diff --git a/del_usb_xend_entry.patch b/del_usb_xend_entry.patch index 7ee4320..ef0ddbc 100644 --- a/del_usb_xend_entry.patch +++ b/del_usb_xend_entry.patch @@ -2,7 +2,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.1.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -1297,8 +1297,15 @@ class XendDomainInfo: +@@ -1296,8 +1296,15 @@ class XendDomainInfo: frontpath = self.getDeviceController(deviceClass).frontendPath(dev) backpath = xstransact.Read(frontpath, "backend") thread.start_new_thread(self.getDeviceController(deviceClass).finishDeviceCleanup, (backpath, path)) diff --git a/disable-xl-when-using-xend.patch b/disable-xl-when-using-xend.patch new file mode 100644 index 0000000..9a1268e --- /dev/null +++ b/disable-xl-when-using-xend.patch @@ -0,0 +1,74 @@ +Print a warning and exit xl if xend is running. It is not +recommened to use libxenlight in conjunction with legacy xend +toolstack. + +xl could be useful even when xend is running, e.g. to debug +xend itself, so add a '-f' option to override the exit. + +Index: xen-4.1.1-testing/tools/libxl/xl.c +=================================================================== +--- xen-4.1.1-testing.orig/tools/libxl/xl.c ++++ xen-4.1.1-testing/tools/libxl/xl.c +@@ -88,12 +88,16 @@ int main(int argc, char **argv) + char *config_file; + void *config_data = 0; + int config_len = 0; ++ int force = 0; + +- while ((opt = getopt(argc, argv, "+v")) >= 0) { ++ while ((opt = getopt(argc, argv, "+vf")) >= 0) { + switch (opt) { + case 'v': + if (minmsglevel > 0) minmsglevel--; + break; ++ case 'f': ++ force = 1; ++ break; + default: + fprintf(stderr, "unknown global option\n"); + exit(2); +@@ -107,6 +111,22 @@ int main(int argc, char **argv) + exit(1); + } + opterr = 0; ++ /* ++ * On SUSE, if xend is running (and user isn't asking for help), ++ * print a warning and exit unless forced. ++ */ ++ if ((system("/usr/sbin/xend status") == 0) && strcmp(cmd, "help")) { ++ if (force == 0) { ++ fprintf(stderr, "WARNING: xend is running! It is not recommended " ++ "using libxenlight in\nconjunction with the legacy xend " ++ "toolstack. Use -f (force) to override\n"); ++ exit(1); ++ } else { ++ fprintf(stderr, "WARNING: xend is running! It is not recommended " ++ "using libxenlight in\nconjunction with the legacy xend " ++ "toolstack.\n\n"); ++ } ++ } + + logger = xtl_createlogger_stdiostream(stderr, minmsglevel, 0); + if (!logger) exit(1); +Index: xen-4.1.1-testing/tools/libxl/xl_cmdimpl.c +=================================================================== +--- xen-4.1.1-testing.orig/tools/libxl/xl_cmdimpl.c ++++ xen-4.1.1-testing/tools/libxl/xl_cmdimpl.c +@@ -1725,7 +1725,7 @@ void help(const char *command) + struct cmd_spec *cmd; + + if (!command || !strcmp(command, "help")) { +- printf("Usage xl [-v] [args]\n\n"); ++ printf("Usage xl [-v] [-f] [args]\n\n"); + printf("xl full list of subcommands:\n\n"); + for (i = 0; i < cmdtable_len; i++) + printf(" %-20s%s\n", +@@ -1733,7 +1733,7 @@ void help(const char *command) + } else { + cmd = cmdtable_lookup(command); + if (cmd) { +- printf("Usage: xl [-v] %s %s\n\n%s.\n\n", ++ printf("Usage: xl [-v] [-f] %s %s\n\n%s.\n\n", + cmd->cmd_name, + cmd->cmd_usage, + cmd->cmd_desc); diff --git a/multi-xvdp.patch b/multi-xvdp.patch index c050136..c896eca 100644 --- a/multi-xvdp.patch +++ b/multi-xvdp.patch @@ -18,7 +18,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py xc = xen.lowlevel.xc.xc() xoptions = XendOptions.instance() -@@ -3299,33 +3299,38 @@ class XendDomainInfo: +@@ -3298,33 +3298,38 @@ class XendDomainInfo: # This is a file, not a device. pygrub can cope with a # file if it's raw, but if it's QCOW or other such formats # used through blktap, then we need to mount it first. diff --git a/snapshot-xend.patch b/snapshot-xend.patch index 097ba42..5ac30c9 100644 --- a/snapshot-xend.patch +++ b/snapshot-xend.patch @@ -690,15 +690,16 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.1.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -508,7 +508,6 @@ class XendDomainInfo: +@@ -508,8 +508,6 @@ class XendDomainInfo: self._setSchedParams() self._storeVmDetails() self._createChannels() - self._createDevices() - self._storeDomDetails() +- self._storeDomDetails() self._endRestore() except: -@@ -2368,7 +2367,7 @@ class XendDomainInfo: + log.exception('VM resume failed') +@@ -2368,7 +2366,7 @@ class XendDomainInfo: return self.getDeviceController(deviceClass).reconfigureDevice( devid, devconfig) @@ -707,7 +708,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py """Create the devices for a vm. @raise: VmError for invalid devices -@@ -2417,7 +2416,7 @@ class XendDomainInfo: +@@ -2417,7 +2415,7 @@ class XendDomainInfo: if self.image: @@ -716,7 +717,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py #if have pass-through devs, need the virtual pci slots info from qemu self.pci_device_configure_boot() -@@ -3043,7 +3042,7 @@ class XendDomainInfo: +@@ -3043,7 +3041,7 @@ class XendDomainInfo: self._introduceDomain() self.image = image.create(self, self.info) if self.image: diff --git a/tmp-initscript-modprobe.patch b/tmp-initscript-modprobe.patch index 44891bb..6d85043 100644 --- a/tmp-initscript-modprobe.patch +++ b/tmp-initscript-modprobe.patch @@ -2,7 +2,7 @@ Index: xen-4.1.1-testing/tools/hotplug/Linux/init.d/xencommons =================================================================== --- xen-4.1.1-testing.orig/tools/hotplug/Linux/init.d/xencommons +++ xen-4.1.1-testing/tools/hotplug/Linux/init.d/xencommons -@@ -45,6 +45,18 @@ do_start () { +@@ -57,6 +57,18 @@ do_start () { local time=0 local timeout=30 diff --git a/xen.changes b/xen.changes index d514e0e..2aa17ef 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,61 @@ +------------------------------------------------------------------- +Mon Aug 15 12:12:06 CEST 2011 - ohering@suse.de + +- bnc#710035 - update xen_pvdrivers.conf to load pv drivers only + when running in a hvm guest + +------------------------------------------------------------------- +Mon Aug 15 11:54:08 CEST 2011 - ohering@suse.de + +- Include gcc46 only when its available (>11.4 && >sles11sp1) + +------------------------------------------------------------------- +Fri Aug 12 10:50:13 MDT 2011 - carnold@novell.com + +- bnc#712051 - VUL-1: xen: IOMMU fault livelock + 23762-CVE-2011-3131.patch + +------------------------------------------------------------------- +Fri Aug 12 09:43:23 MDT 2011 - carnold@novell.com + +- bnc#711943 - [xl] Fail to create multi-guests with NIC assigned + 23685-libxl-segfault-fix.patch + +------------------------------------------------------------------- +Thu Aug 11 00:36:17 MDT 2011 - jfehlig@suse.com + +- libxenlight and legacy xend toolstack should not be used + together. If xend is running, print a warning and exit + xl. Add a '-f' (force) option to xl to override this + behavior. + disable-xl-when-using-xend.patch + bnc#707664 + +------------------------------------------------------------------- +Wed Aug 10 09:08:28 MDT 2011 - carnold@novell.com + +- Upstream patches from Jan + 23732-sedf.patch + 23735-guest-dom0-cap.patch + 23746-vtd-cleanup-timers.patch + 23747-mmcfg-base-address.patch + 23749-mmcfg-reservation.patch + +------------------------------------------------------------------- +Tue Aug 9 13:38:09 CST 2011 - cyliu@novell.com + +- bnc#704160 - crm resource migrate fails with xen machines + update snapshot-xend.patch +- bnc#706574 - xm console DomUName hang after "xm save/restore" of + PVM on the latest Xen + xend-console-port-restore.patch + +------------------------------------------------------------------- +Tue Aug 9 16:42:23 CEST 2011 - ohering@suse.de + +- update xencommons script to run only when needed + xencommons-proc-xen.patch + ------------------------------------------------------------------- Fri Jul 22 09:34:34 MDT 2011 - carnold@novell.com diff --git a/xen.spec b/xen.spec index 30c5441..f92905d 100644 --- a/xen.spec +++ b/xen.spec @@ -26,6 +26,13 @@ ExclusiveArch: %ix86 x86_64 %define xen_build_dir xen-4.1.1-testing %define with_kmp 1 %define with_stubdom 1 +# EFI requires gcc46 or newer +# its available in 12.1 or >= sles11sp2 +%if %suse_version > 1140 || %suse_version == 1110 +%define with_gcc46 1 +%else +%define with_gcc46 0 +%endif %ifarch x86_64 %define with_dom0_support 1 %else @@ -72,9 +79,10 @@ BuildRequires: te_latex BuildRequires: tetex %endif %ifarch x86_64 -# EFI requires gcc45 or newer +%if %{?with_gcc46}0 BuildRequires: gcc46 BuildRequires: libgcc46 libgcc46-32bit +%endif BuildRequires: glibc-32bit glibc-devel-32bit BuildRequires: gcc-32bit BuildRequires: gcc43-32bit @@ -88,8 +96,8 @@ BuildRequires: glibc-devel %if %{?with_kmp}0 BuildRequires: kernel-source kernel-syms module-init-tools xorg-x11 %endif -Version: 4.1.1_02 -Release: 3 +Version: 4.1.1_05 +Release: 1 License: GPLv2+ Group: System/Kernel AutoReqProv: on @@ -174,10 +182,17 @@ Patch40: 23614-x86_64-EFI-boot.patch Patch41: 23615-x86_64-EFI-runtime.patch Patch42: 23616-x86_64-EFI-MPS.patch Patch43: 23676-x86_64-image-map-bounds.patch -Patch44: 23706-fix-20892.patch -Patch45: 23723-x86-CMOS-lock.patch -Patch46: 23724-x86-smpboot-x2apic.patch -Patch47: 23726-x86-intel-flexmigration.patch +Patch44: 23685-libxl-segfault-fix.patch +Patch45: 23706-fix-20892.patch +Patch46: 23723-x86-CMOS-lock.patch +Patch47: 23724-x86-smpboot-x2apic.patch +Patch48: 23726-x86-intel-flexmigration.patch +Patch49: 23732-sedf.patch +Patch50: 23735-guest-dom0-cap.patch +Patch51: 23746-vtd-cleanup-timers.patch +Patch52: 23747-mmcfg-base-address.patch +Patch53: 23749-mmcfg-reservation.patch +Patch54: 23762-CVE-2011-3131.patch # Upstream qemu patches # Our patches Patch300: xen-config.diff @@ -223,16 +238,17 @@ Patch356: ioemu-vnc-resize.patch Patch357: ioemu-debuginfo.patch Patch358: vif-bridge-no-iptables.patch Patch359: xenconsole-no-multiple-connections.patch +Patch360: disable-xl-when-using-xend.patch # Needs to go upstream -Patch360: checkpoint-rename.patch -Patch361: xm-save-check-file.patch -Patch362: xm-create-xflag.patch -Patch370: xend-sysconfig.patch -Patch371: domu-usb-controller.patch -Patch372: usb-list.patch -Patch373: xend-devid-or-name.patch -Patch374: suspend_evtchn_lock.patch -Patch375: log-guest-console.patch +Patch370: checkpoint-rename.patch +Patch371: xm-save-check-file.patch +Patch372: xm-create-xflag.patch +Patch373: xend-sysconfig.patch +Patch374: domu-usb-controller.patch +Patch375: usb-list.patch +Patch376: xend-devid-or-name.patch +Patch377: suspend_evtchn_lock.patch +Patch378: log-guest-console.patch # Patches for snapshot support Patch400: snapshot-ioemu-save.patch Patch401: snapshot-ioemu-restore.patch @@ -276,6 +292,8 @@ Patch450: ioemu-watchdog-support.patch Patch451: ioemu-watchdog-linkage.patch Patch452: ioemu-watchdog-ib700-timer.patch Patch453: tools-watchdog-support.patch +Patch454: xend-console-port-restore.patch +Patch455: xencommons-proc-xen.patch # Jim's domain lock patch Patch480: xend-domain-lock.patch Patch481: xend-domain-lock-sfex.patch @@ -710,6 +728,13 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch45 -p1 %patch46 -p1 %patch47 -p1 +%patch48 -p1 +%patch49 -p1 +%patch50 -p1 +%patch51 -p1 +%patch52 -p1 +%patch53 -p1 +%patch54 -p1 %patch300 -p1 %patch301 -p1 %patch302 -p1 @@ -754,14 +779,15 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch358 -p1 %patch359 -p1 %patch360 -p1 -%patch361 -p1 -%patch362 -p1 %patch370 -p1 %patch371 -p1 %patch372 -p1 %patch373 -p1 -#%patch374 -p1 suspend_evtchn_lock, buildservice build problem +%patch374 -p1 %patch375 -p1 +%patch376 -p1 +#%patch377 -p1 suspend_evtchn_lock, buildservice build problem +%patch378 -p1 %patch400 -p1 %patch401 -p1 %patch402 -p1 @@ -802,6 +828,8 @@ tar xfj %{SOURCE2} -C $RPM_BUILD_DIR/%{xen_build_dir}/tools %patch451 -p1 %patch452 -p1 %patch453 -p1 +%patch454 -p1 +%patch455 -p1 %patch480 -p1 %patch481 -p1 %patch500 -p1 @@ -928,6 +956,12 @@ make -C tools/misc/serial-split install \ mkdir -p $RPM_BUILD_ROOT/${_libdir}/xen/bin/ ln -s /usr/lib/xen/bin/qemu-dm $RPM_BUILD_ROOT/%{_libdir}/xen/bin/qemu-dm %endif +# efi depends on gcc46 +echo > xen.files.txt +if test -d $RPM_BUILD_ROOT%{_libdir}/efi +then + echo %{_libdir}/efi >> xen.files.txt +fi cp -avL xenalyze.hg/dump-raw $RPM_BUILD_ROOT/%{_bindir}/xenalyze.dump-raw cp -avL xenalyze.hg/xenalyze $RPM_BUILD_ROOT/%{_bindir} %else @@ -1072,7 +1106,7 @@ rm -f $RPM_BUILD_ROOT/%{_bindir}/xencons %if %{?with_dom0_support}0 -%files +%files -f xen.files.txt %defattr(-,root,root) /boot/xen-%{version}-%{release}.gz /boot/xen-%{xvermaj}.gz @@ -1086,11 +1120,6 @@ rm -f $RPM_BUILD_ROOT/%{_bindir}/xencons /boot/xen-syms-dbg /boot/xen-syms-dbg-%{version}-%{release} /boot/xen.gz -# EFI -%ifarch x86_64 -%dir %{_libdir}/efi -%{_libdir}/efi/xen*.efi -%endif %endif %files libs diff --git a/xen_pvdrivers.conf b/xen_pvdrivers.conf index 7dd8c0f..b9e1785 100644 --- a/xen_pvdrivers.conf +++ b/xen_pvdrivers.conf @@ -1,7 +1,8 @@ -# Install the paravirtualized drivers -install libata /sbin/modprobe xen-vbd 2>&1 |:; /sbin/modprobe --ignore-install libata +# Install the paravirtualized drivers before native drivers +# Use module aliases instead of module names +install libata { if test -f /sys/class/dmi/id/product_name -a -f /sys/class/dmi/id/sys_vendor ; then if grep -q "HVM domU" /sys/class/dmi/id/product_name && grep -q "Xen" /sys/class/dmi/id/sys_vendor ; then /sbin/modprobe xen:vbd ; fi ; fi ; } ; /sbin/modprobe --ignore-install libata $CMDLINE_OPTS -install 8139cp /sbin/modprobe xen-vnif 2>&1 |:; /sbin/modprobe --ignore-install 8139cp +install 8139cp { if test -f /sys/class/dmi/id/product_name -a -f /sys/class/dmi/id/sys_vendor ; then if grep -q "HVM domU" /sys/class/dmi/id/product_name && grep -q "Xen" /sys/class/dmi/id/sys_vendor ; then /sbin/modprobe xen:vif ; fi ; fi ; } ; /sbin/modprobe --ignore-install 8139cp $CMDLINE_OPTS -install 8139too /sbin/modprobe xen-vnif 2>&1 |:; /sbin/modprobe --ignore-install 8139too +install 8139too { if test -f /sys/class/dmi/id/product_name -a -f /sys/class/dmi/id/sys_vendor ; then if grep -q "HVM domU" /sys/class/dmi/id/product_name && grep -q "Xen" /sys/class/dmi/id/sys_vendor ; then /sbin/modprobe xen:vif ; fi ; fi ; } ; /sbin/modprobe --ignore-install 8139too $CMDLINE_OPTS diff --git a/xencommons-proc-xen.patch b/xencommons-proc-xen.patch new file mode 100644 index 0000000..0a47e23 --- /dev/null +++ b/xencommons-proc-xen.patch @@ -0,0 +1,55 @@ +# HG changeset patch +# Parent ea18090ab6e3cb3c69d232ec0865589688db3f81 +hotplug: update xencommons script to run only when needed + +Update the xencommons script to run only when needed: +- do not run if /proc/xen does not exist +- check if /proc/xen/capabilities exists before doing the grep for dom0 +- use variable for /proc/xen/capabilities +- use grep -q instead of stdout redirection when looking for xenfs, + its already used later + +Signed-off-by: Olaf Hering + +--- + tools/hotplug/Linux/init.d/xencommons | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +Index: xen-4.1.1-testing/tools/hotplug/Linux/init.d/xencommons +=================================================================== +--- xen-4.1.1-testing.orig/tools/hotplug/Linux/init.d/xencommons ++++ xen-4.1.1-testing/tools/hotplug/Linux/init.d/xencommons +@@ -27,17 +27,29 @@ fi + test -f $xencommons_config/xencommons && . $xencommons_config/xencommons + + XENCONSOLED_PIDFILE=/var/run/xenconsoled.pid ++XEN_CAPABILITIES=/proc/xen/capabilities + shopt -s extglob + ++# not running in Xen dom0 or domU ++if ! test -d /proc/xen ; then ++ exit 0 ++fi ++ ++# mount xenfs in dom0 or domU with a pv_ops kernel + if test "x$1" = xstart && \ +- test -d /proc/xen && \ +- ! test -f /proc/xen/capabilities && \ +- ! grep '^xenfs ' /proc/mounts >/dev/null; ++ ! test -f $XEN_CAPABILITIES && \ ++ ! grep -q '^xenfs ' /proc/mounts ; + then + mount -t xenfs xenfs /proc/xen + fi + +-if ! grep -q "control_d" /proc/xen/capabilities ; then ++# run this script only in dom0: ++# no capabilities file in xenlinux kernel ++if ! test -f $XEN_CAPABILITIES ; then ++ exit 0 ++fi ++# empty capabilities file in pv_ops kernel ++if ! grep -q "control_d" $XEN_CAPABILITIES ; then + exit 0 + fi + diff --git a/xend-console-port-restore.patch b/xend-console-port-restore.patch new file mode 100644 index 0000000..21aa7bf --- /dev/null +++ b/xend-console-port-restore.patch @@ -0,0 +1,40 @@ +Pass console_port to completeRestore() so that console/port is written to +xenstore. See bnc#706574 + +From: Chunyan Liu + +Index: xen-4.1.1-testing/tools/python/xen/xend/XendCheckpoint.py +=================================================================== +--- xen-4.1.1-testing.orig/tools/python/xen/xend/XendCheckpoint.py ++++ xen-4.1.1-testing/tools/python/xen/xend/XendCheckpoint.py +@@ -402,8 +402,7 @@ def restore(xd, fd, dominfo = None, paus + restore_image.setCpuid() + + # xc_restore will wait for source to close connection +- +- dominfo.completeRestore(handler.store_mfn, handler.console_mfn) ++ dominfo.completeRestore(handler.store_mfn, handler.console_mfn, console_port) + + wait_devs(dominfo) + +Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py +=================================================================== +--- xen-4.1.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py ++++ xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py +@@ -3052,7 +3052,7 @@ class XendDomainInfo: + # TODO: recategorise - called from XendCheckpoint + # + +- def completeRestore(self, store_mfn, console_mfn): ++ def completeRestore(self, store_mfn, console_mfn, console_port): + + log.debug("XendDomainInfo.completeRestore") + +@@ -3063,6 +3063,7 @@ class XendDomainInfo: + self.image = image.create(self, self.info) + if self.image: + self._createDevices(True) ++ self.console_port = console_port + self._storeDomDetails() + self._registerWatches() + self.refreshShutdown() diff --git a/xend-domain-lock.patch b/xend-domain-lock.patch index e9c8735..8007717 100644 --- a/xend-domain-lock.patch +++ b/xend-domain-lock.patch @@ -237,7 +237,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendCheckpoint.py dominfo.migrateDevices(network, dst, DEV_MIGRATE_STEP2, domain_name) log.info("Domain %d suspended.", dominfo.getDomid()) -@@ -410,6 +412,7 @@ def restore(xd, fd, dominfo = None, paus +@@ -409,6 +411,7 @@ def restore(xd, fd, dominfo = None, paus if not paused: dominfo.unpause() @@ -257,7 +257,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py XendTask.log_progress(0, 30, self._constructDomain) XendTask.log_progress(31, 60, self._initDomain) -@@ -2998,6 +2999,11 @@ class XendDomainInfo: +@@ -2997,6 +2998,11 @@ class XendDomainInfo: self._stateSet(DOM_STATE_HALTED) self.domid = None # Do not push into _stateSet()! diff --git a/xenpaging.autostart.patch b/xenpaging.autostart.patch index 8860a4e..c2a24d1 100644 --- a/xenpaging.autostart.patch +++ b/xenpaging.autostart.patch @@ -123,7 +123,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py =================================================================== --- xen-4.1.1-testing.orig/tools/python/xen/xend/XendDomainInfo.py +++ xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py -@@ -2291,6 +2291,8 @@ class XendDomainInfo: +@@ -2290,6 +2290,8 @@ class XendDomainInfo: self.info['name_label'], self.domid, self.info['uuid'], new_name, new_uuid) self._unwatchVm() @@ -132,7 +132,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() # Remove existing vm node in xenstore self._removeVm() -@@ -2962,6 +2964,9 @@ class XendDomainInfo: +@@ -2961,6 +2963,9 @@ class XendDomainInfo: self._createDevices() @@ -142,7 +142,7 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py self.image.cleanupTmpImages() self.info['start_time'] = time.time() -@@ -2986,6 +2991,8 @@ class XendDomainInfo: +@@ -2985,6 +2990,8 @@ class XendDomainInfo: self.refresh_shutdown_lock.acquire() try: self.unwatchShutdown() @@ -151,14 +151,14 @@ Index: xen-4.1.1-testing/tools/python/xen/xend/XendDomainInfo.py self._releaseDevices() bootloader_tidy(self) -@@ -3070,6 +3077,7 @@ class XendDomainInfo: +@@ -3069,6 +3076,7 @@ class XendDomainInfo: self.image = image.create(self, self.info) if self.image: self._createDevices(True) + self.image.createXenPaging() + self.console_port = console_port self._storeDomDetails() self._registerWatches() - self.refreshShutdown() @@ -3210,6 +3218,8 @@ class XendDomainInfo: # could also fetch a parsed note from xenstore fast = self.info.get_notes().get('SUSPEND_CANCEL') and 1 or 0