rpm/xen
SHA256
1
0
Fork 0
forked from pool/xen
Code Pull Requests Activity

- bnc#836239 - SLES 11 SP3 Xen security patch does not

Browse Source 
automatically update UEFI boot binary
  xen.spec

- Upstream patches from Jan
  51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch
  51dd155c-adjust-x86-EFI-build.patch
  51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch
  51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch
  51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch
  51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch
  51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch
  520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch
  520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch
  520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch
  520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch
  520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch
  520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch
  520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch
  520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=266
This commit is contained in:
Charles Arnold 2013-08-29 18:19:23 +00:00 committed by Git OBS Bridge
parent eb43d7473d
commit 73291eb01a
17 changed files with 803 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch Normal file
View File

@ -0,0 +1,30 @@
# Commit d3a55d7d9bb518efe08143d050deff9f4ee80ec1
# Date 2013-07-04 10:33:18 +0200
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/mm: Ensure useful progress in alloc_l2_table()
While debugging the issue which turned out to be XSA-58, a printk in this loop
showed that it was quite easy to never make useful progress, because of
consistently failing the preemption check.
One single l2 entry is a reasonable amount of work to do, even if an action is
pending, and also assures forwards progress across repeat continuations.
Tweak the continuation criteria to fail on the first iteration of the loop.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -1278,7 +1278,8 @@ static int alloc_l2_table(struct page_in
for ( i = page->nr_validated_ptes; i < L2_PAGETABLE_ENTRIES; i++ )
{
- if ( preemptible && i && hypercall_preempt_check() )
+ if ( preemptible && i > page->nr_validated_ptes
+ && hypercall_preempt_check() )
{
page->nr_validated_ptes = i;
rc = -EAGAIN;

27
51dd155c-adjust-x86-EFI-build.patch Normal file
View File

@ -0,0 +1,27 @@
# Commit 5656b93d215d7c5160790ea87758625ba1de16b1
# Date 2013-07-10 10:03:40 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
adjust x86 EFI build
While the rule to generate .init.o files from .o ones already correctly
included $(extra-y), the setting of the necessary compiler flag didn't
have the same. With some yet to be posted patch this resulted in build
breakage because of the compiler deciding not to inline a few functions
(which then results in .text not being empty as required for these
object files).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/Rules.mk
+++ b/xen/Rules.mk
@@ -101,7 +101,7 @@ obj-y := $(patsubst %/,%/built-in.o,$
subdir-all := $(subdir-y) $(subdir-n)
-$(filter %.init.o,$(obj-y) $(obj-bin-y)): CFLAGS += -DINIT_SECTIONS_ONLY
+$(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): CFLAGS += -DINIT_SECTIONS_ONLY
$(obj-$(coverage)): CFLAGS += -fprofile-arcs -ftest-coverage -DTEST_COVERAGE

44
51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch Normal file
View File

@ -0,0 +1,44 @@
# Commit 85047d9e4f4afeb73bca1e98f705a2f4f1d51c03
# Date 2013-07-17 08:45:20 +0200
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/cpuidle: Change logging for unknown APIC IDs
Dom0 uses this hypercall to pass ACPI information to Xen. It is not very
uncommon for more cpus to be listed in the ACPI tables than are present on the
system, particularly on systems with a common BIOS for a 2 and 4 socket server
varients.
As Dom0 does not control the number of entries in the ACPI tables, and is
required to pass everything it finds to Xen, change the logging.
There is now an single unconditional warning for the first unknown ID, and
further warnings if "cpuinfo" is requested by the user on the command line.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/acpi/cpu_idle.c
+++ b/xen/arch/x86/acpi/cpu_idle.c
@@ -1031,7 +1031,10 @@ long set_cx_pminfo(uint32_t cpu, struct
cpu_id = get_cpu_id(cpu);
if ( cpu_id == -1 )
{
- printk(XENLOG_ERR "no cpu_id for acpi_id %d\n", cpu);
+ static bool_t warn_once = 1;
+ if ( warn_once || opt_cpu_info )
+ printk(XENLOG_WARNING "No CPU ID for APIC ID %#x\n", cpu);
+ warn_once = 0;
return -EINVAL;
}
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -63,7 +63,7 @@ static struct cpu_dev default_cpu = {
};
static struct cpu_dev * this_cpu = &default_cpu;
-bool_t __cpuinitdata opt_cpu_info;
+bool_t opt_cpu_info;
boolean_param("cpuinfo", opt_cpu_info);
int __cpuinit get_model_name(struct cpuinfo_x86 *c)

41
51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch Normal file
View File

@ -0,0 +1,41 @@
# Commit 68caac7f6f4687241a24e804a9fca19aa26fe183
# Date 2013-07-17 10:21:33 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: don't use destroy_xen_mappings() for vunmap()
Its attempt to tear down intermediate page table levels may race with
map_pages_to_xen() establishing them, and now that
map_domain_page_global() is backed by vmap() this teardown is also
wasteful (as it's very likely to need the same address space populated
again within foreseeable time).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/common/vmap.c
+++ b/xen/common/vmap.c
@@ -196,9 +196,13 @@ void *vmap(const unsigned long *mfn, uns
void vunmap(const void *va)
{
+#ifndef _PAGE_NONE
unsigned long addr = (unsigned long)va;
destroy_xen_mappings(addr, addr + PAGE_SIZE * vm_size(va));
+#else /* Avoid tearing down intermediate page tables. */
+ map_pages_to_xen((unsigned long)va, 0, vm_size(va), _PAGE_NONE);
+#endif
vm_free(va);
}
#endif
--- a/xen/include/asm-x86/page.h
+++ b/xen/include/asm-x86/page.h
@@ -288,6 +288,7 @@ extern l1_pgentry_t l1_identmap[L1_PAGET
void paging_init(void);
#endif /* !defined(__ASSEMBLY__) */
+#define _PAGE_NONE _AC(0x000,U)
#define _PAGE_PRESENT _AC(0x001,U)
#define _PAGE_RW _AC(0x002,U)
#define _PAGE_USER _AC(0x004,U)

24
51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch Normal file
View File

@ -0,0 +1,24 @@
# Commit 915a59f25c5eddd86bc2cae6389d0ed2ab87e69e
# Date 2013-07-18 09:16:15 +0200
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/time: Update wallclock in shared info when altering domain time offset
domain_set_time_offset() udpates d->time_offset_seconds, but does not correct
the wallclock in the shared info, meaning that it is incorrect until the next
XENPF_settime hypercall from dom0 which resynchronises the wallclock for all
domains.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -931,6 +931,7 @@ void domain_set_time_offset(struct domai
d->time_offset_seconds = time_offset_seconds;
if ( is_hvm_domain(d) )
rtc_update_clock(d);
+ update_domain_wallclock_time(d);
}
int cpu_frequency_change(u64 freq)

62
51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch Normal file
View File

@ -0,0 +1,62 @@
# Commit b0e55bd49725c7c0183eb18670997b9e5930adac
# Date 2013-08-05 18:40:23 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
fix off-by-one mistakes in vm_alloc()
Also add another pair of assertions to catch eventual further cases of
incorrect accounting.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/common/vmap.c
+++ b/xen/common/vmap.c
@@ -57,8 +57,8 @@ void *vm_alloc(unsigned int nr, unsigned
{
struct page_info *pg;
- ASSERT(!test_bit(vm_low, vm_bitmap));
- for ( start = vm_low; ; )
+ ASSERT(vm_low == vm_top || !test_bit(vm_low, vm_bitmap));
+ for ( start = vm_low; start < vm_top; )
{
bit = find_next_bit(vm_bitmap, vm_top, start + 1);
if ( bit > vm_top )
@@ -68,12 +68,18 @@ void *vm_alloc(unsigned int nr, unsigned
* corresponding page a guard one.
*/
start = (start + align) & ~(align - 1);
- if ( start + nr <= bit )
- break;
- start = bit < vm_top ?
- find_next_zero_bit(vm_bitmap, vm_top, bit + 1) : bit;
- if ( start >= vm_top )
- break;
+ if ( bit < vm_top )
+ {
+ if ( start + nr < bit )
+ break;
+ start = find_next_zero_bit(vm_bitmap, vm_top, bit + 1);
+ }
+ else
+ {
+ if ( start + nr <= bit )
+ break;
+ start = bit;
+ }
}
if ( start < vm_top )
@@ -115,6 +121,10 @@ void *vm_alloc(unsigned int nr, unsigned
for ( bit = start; bit < start + nr; ++bit )
__set_bit(bit, vm_bitmap);
+ if ( bit < vm_top )
+ ASSERT(!test_bit(bit, vm_bitmap));
+ else
+ ASSERT(bit == vm_top);
if ( start <= vm_low + 2 )
vm_low = bit;
spin_unlock(&vm_lock);

60
51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch Normal file
View File

@ -0,0 +1,60 @@
# Commit c58d9f2f4844c2ce8859a8d0f26a54cd058eb51f
# Date 2013-08-05 18:42:37 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86: refine FPU selector handling code for XSAVEOPT
Some extra tweaks are necessary to deal with the situation of XSAVEOPT
not writing the FPU portion of the save image (due to it detecting that
the register state did not get modified since the last XRSTOR).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Tested-by: Ben Guthro <ben.guthro@gmail.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/xstate.c
+++ b/xen/arch/x86/xstate.c
@@ -71,10 +71,28 @@ void xsave(struct vcpu *v, uint64_t mask
if ( word_size <= 0 || !is_pv_32bit_vcpu(v) )
{
+ typeof(ptr->fpu_sse.fip.sel) fcs = ptr->fpu_sse.fip.sel;
+ typeof(ptr->fpu_sse.fdp.sel) fds = ptr->fpu_sse.fdp.sel;
+
if ( cpu_has_xsaveopt )
+ {
+ /*
+ * xsaveopt may not write the FPU portion even when the respective
+ * mask bit is set. For the check further down to work we hence
+ * need to put the save image back into the state that it was in
+ * right after the previous xsaveopt.
+ */
+ if ( word_size > 0 &&
+ (ptr->fpu_sse.x[FPU_WORD_SIZE_OFFSET] == 4 ||
+ ptr->fpu_sse.x[FPU_WORD_SIZE_OFFSET] == 2) )
+ {
+ ptr->fpu_sse.fip.sel = 0;
+ ptr->fpu_sse.fdp.sel = 0;
+ }
asm volatile ( ".byte 0x48,0x0f,0xae,0x37"
: "=m" (*ptr)
: "a" (lmask), "d" (hmask), "D" (ptr) );
+ }
else
asm volatile ( ".byte 0x48,0x0f,0xae,0x27"
: "=m" (*ptr)
@@ -87,7 +105,14 @@ void xsave(struct vcpu *v, uint64_t mask
*/
(!(ptr->fpu_sse.fsw & 0x0080) &&
boot_cpu_data.x86_vendor == X86_VENDOR_AMD) )
+ {
+ if ( cpu_has_xsaveopt && word_size > 0 )
+ {
+ ptr->fpu_sse.fip.sel = fcs;
+ ptr->fpu_sse.fdp.sel = fds;
+ }
return;
+ }
if ( word_size > 0 &&
!((ptr->fpu_sse.fip.addr | ptr->fpu_sse.fdp.addr) >> 32) )

23
520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch Normal file
View File

@ -0,0 +1,23 @@
# Commit e1ab5c77b44b7bd835a2c032fa4963b36545fdb3
# Date 2013-08-06 17:22:35 +0200
# Author Yang Zhang <yang.z.zhang@Intel.com>
# Committer Jan Beulich <jbeulich@suse.com>
Nested VMX: Flush TLBs and Caches if paging mode changed
According to SDM, if paging mode is changed, then whole TLBs and caches will
be flushed. This is missed in nested handle logic. Also this fixed the issue
that 64 bits windows cannot boot up on top of L1 kvm.
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -709,6 +709,7 @@ void paging_update_nestedmode(struct vcp
else
/* TODO: shadow-on-shadow */
v->arch.paging.nestedmode = NULL;
+ hvm_asid_flush_vcpu(v);
}
void paging_write_p2m_entry(struct p2m_domain *p2m, unsigned long gfn,

138
520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch Normal file
View File

@ -0,0 +1,138 @@
# Commit 85fc517ec3055e8e8d9c9e36e15a81e630237252
# Date 2013-08-13 14:22:14 +0200
# Author Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/AMD: Fix nested svm crash due to assertion in __virt_to_maddr
Fix assertion in __virt_to_maddr when starting nested SVM guest
in debug mode. Investigation has shown that svm_vmsave/svm_vmload
make use of __pa() with invalid address.
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Tim Deegan <tim@xen.org>
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -1792,6 +1792,32 @@ svm_vmexit_do_vmrun(struct cpu_user_regs
return;
}
+static struct page_info *
+nsvm_get_nvmcb_page(struct vcpu *v, uint64_t vmcbaddr)
+{
+ p2m_type_t p2mt;
+ struct page_info *page;
+ struct nestedvcpu *nv = &vcpu_nestedhvm(v);
+
+ if ( !nestedsvm_vmcb_map(v, vmcbaddr) )
+ return NULL;
+
+ /* Need to translate L1-GPA to MPA */
+ page = get_page_from_gfn(v->domain,
+ nv->nv_vvmcxaddr >> PAGE_SHIFT,
+ &p2mt, P2M_ALLOC | P2M_UNSHARE);
+ if ( !page )
+ return NULL;
+
+ if ( !p2m_is_ram(p2mt) || p2m_is_readonly(p2mt) )
+ {
+ put_page(page);
+ return NULL;
+ }
+
+ return page;
+}
+
static void
svm_vmexit_do_vmload(struct vmcb_struct *vmcb,
struct cpu_user_regs *regs,
@@ -1799,7 +1825,7 @@ svm_vmexit_do_vmload(struct vmcb_struct
{
int ret;
unsigned int inst_len;
- struct nestedvcpu *nv = &vcpu_nestedhvm(v);
+ struct page_info *page;
if ( (inst_len = __get_instruction_length(v, INSTR_VMLOAD)) == 0 )
return;
@@ -1810,13 +1836,18 @@ svm_vmexit_do_vmload(struct vmcb_struct
goto inject;
}
- if (!nestedsvm_vmcb_map(v, vmcbaddr)) {
- gdprintk(XENLOG_ERR, "VMLOAD: mapping vmcb failed, injecting #UD\n");
+ page = nsvm_get_nvmcb_page(v, vmcbaddr);
+ if ( !page )
+ {
+ gdprintk(XENLOG_ERR,
+ "VMLOAD: mapping failed, injecting #UD\n");
ret = TRAP_invalid_op;
goto inject;
}
- svm_vmload(nv->nv_vvmcx);
+ svm_vmload_pa(page_to_maddr(page));
+ put_page(page);
+
/* State in L1 VMCB is stale now */
v->arch.hvm_svm.vmcb_in_sync = 0;
@@ -1835,7 +1866,7 @@ svm_vmexit_do_vmsave(struct vmcb_struct
{
int ret;
unsigned int inst_len;
- struct nestedvcpu *nv = &vcpu_nestedhvm(v);
+ struct page_info *page;
if ( (inst_len = __get_instruction_length(v, INSTR_VMSAVE)) == 0 )
return;
@@ -1846,14 +1877,17 @@ svm_vmexit_do_vmsave(struct vmcb_struct
goto inject;
}
- if (!nestedsvm_vmcb_map(v, vmcbaddr)) {
- gdprintk(XENLOG_ERR, "VMSAVE: mapping vmcb failed, injecting #UD\n");
+ page = nsvm_get_nvmcb_page(v, vmcbaddr);
+ if ( !page )
+ {
+ gdprintk(XENLOG_ERR,
+ "VMSAVE: mapping vmcb failed, injecting #UD\n");
ret = TRAP_invalid_op;
goto inject;
}
- svm_vmsave(nv->nv_vvmcx);
-
+ svm_vmsave_pa(page_to_maddr(page));
+ put_page(page);
__update_guest_eip(regs, inst_len);
return;
--- a/xen/include/asm-x86/hvm/svm/svm.h
+++ b/xen/include/asm-x86/hvm/svm/svm.h
@@ -41,18 +41,21 @@
#define SVM_REG_R14 (14)
#define SVM_REG_R15 (15)
-static inline void svm_vmload(void *vmcb)
+#define svm_vmload(x) svm_vmload_pa(__pa(x))
+#define svm_vmsave(x) svm_vmsave_pa(__pa(x))
+
+static inline void svm_vmload_pa(paddr_t vmcb)
{
asm volatile (
".byte 0x0f,0x01,0xda" /* vmload */
- : : "a" (__pa(vmcb)) : "memory" );
+ : : "a" (vmcb) : "memory" );
}
-static inline void svm_vmsave(void *vmcb)
+static inline void svm_vmsave_pa(paddr_t vmcb)
{
asm volatile (
".byte 0x0f,0x01,0xdb" /* vmsave */
- : : "a" (__pa(vmcb)) : "memory" );
+ : : "a" (vmcb) : "memory" );
}
static inline void svm_invlpga(unsigned long vaddr, uint32_t asid)

91
520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch Normal file
View File

@ -0,0 +1,91 @@
# Commit 910daaf5aaa837624099c0fc5c373bea7202ff43
# Date 2013-08-13 14:24:16 +0200
# Author Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/AMD: Inject #GP instead of #UD when unable to map vmcb
According to AMD Programmer's Manual vol2, vmrun, vmsave and vmload
should inject #GP instead of #UD when unable to access memory
location for vmcb. Also, the code should make sure that L1 guest
EFER.SVME is not zero. Otherwise, #UD should be injected.
Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Reviewed-by: Tim Deegan <tim@xen.org>
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -1776,15 +1776,17 @@ static void
svm_vmexit_do_vmrun(struct cpu_user_regs *regs,
struct vcpu *v, uint64_t vmcbaddr)
{
- if (!nestedhvm_enabled(v->domain)) {
+ if ( !nsvm_efer_svm_enabled(v) )
+ {
gdprintk(XENLOG_ERR, "VMRUN: nestedhvm disabled, injecting #UD\n");
hvm_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE);
return;
}
- if (!nestedsvm_vmcb_map(v, vmcbaddr)) {
- gdprintk(XENLOG_ERR, "VMRUN: mapping vmcb failed, injecting #UD\n");
- hvm_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE);
+ if ( !nestedsvm_vmcb_map(v, vmcbaddr) )
+ {
+ gdprintk(XENLOG_ERR, "VMRUN: mapping vmcb failed, injecting #GP\n");
+ hvm_inject_hw_exception(TRAP_gp_fault, HVM_DELIVER_NO_ERROR_CODE);
return;
}
@@ -1830,7 +1832,8 @@ svm_vmexit_do_vmload(struct vmcb_struct
if ( (inst_len = __get_instruction_length(v, INSTR_VMLOAD)) == 0 )
return;
- if (!nestedhvm_enabled(v->domain)) {
+ if ( !nsvm_efer_svm_enabled(v) )
+ {
gdprintk(XENLOG_ERR, "VMLOAD: nestedhvm disabled, injecting #UD\n");
ret = TRAP_invalid_op;
goto inject;
@@ -1840,8 +1843,8 @@ svm_vmexit_do_vmload(struct vmcb_struct
if ( !page )
{
gdprintk(XENLOG_ERR,
- "VMLOAD: mapping failed, injecting #UD\n");
- ret = TRAP_invalid_op;
+ "VMLOAD: mapping failed, injecting #GP\n");
+ ret = TRAP_gp_fault;
goto inject;
}
@@ -1871,7 +1874,8 @@ svm_vmexit_do_vmsave(struct vmcb_struct
if ( (inst_len = __get_instruction_length(v, INSTR_VMSAVE)) == 0 )
return;
- if (!nestedhvm_enabled(v->domain)) {
+ if ( !nsvm_efer_svm_enabled(v) )
+ {
gdprintk(XENLOG_ERR, "VMSAVE: nestedhvm disabled, injecting #UD\n");
ret = TRAP_invalid_op;
goto inject;
@@ -1881,8 +1885,8 @@ svm_vmexit_do_vmsave(struct vmcb_struct
if ( !page )
{
gdprintk(XENLOG_ERR,
- "VMSAVE: mapping vmcb failed, injecting #UD\n");
- ret = TRAP_invalid_op;
+ "VMSAVE: mapping vmcb failed, injecting #GP\n");
+ ret = TRAP_gp_fault;
goto inject;
}
--- a/xen/include/asm-x86/hvm/svm/nestedsvm.h
+++ b/xen/include/asm-x86/hvm/svm/nestedsvm.h
@@ -94,7 +94,7 @@ struct nestedsvm {
#define vcpu_nestedsvm(v) (vcpu_nestedhvm(v).u.nsvm)
/* True when l1 guest enabled SVM in EFER */
-#define hvm_svm_enabled(v) \
+#define nsvm_efer_svm_enabled(v) \
(!!((v)->arch.hvm_vcpu.guest_efer & EFER_SVME))
int nestedsvm_vmcb_map(struct vcpu *v, uint64_t vmcbaddr);

38
520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch Normal file
View File

@ -0,0 +1,38 @@
# Commit 0c006b41a283a0a569c863d44abde5aa5750ae01
# Date 2013-08-13 17:47:16 +0200
# Author Yang Zhang <yang.z.zhang@Intel.com>
# Committer Jan Beulich <jbeulich@suse.com>
VMX: add boot parameter to enable/disable APIC-v dynamically
Add a boot parameter to enable/disable the APIC-v dynamically. APIC-v is
enabled by default. User can use apicv=0 to disable it.
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -46,6 +46,9 @@ boolean_param("vpid", opt_vpid_enabled);
static bool_t __read_mostly opt_unrestricted_guest_enabled = 1;
boolean_param("unrestricted_guest", opt_unrestricted_guest_enabled);
+static bool_t __read_mostly opt_apicv_enabled = 1;
+boolean_param("apicv", opt_apicv_enabled);
+
/*
* These two parameters are used to config the controls for Pause-Loop Exiting:
* ple_gap: upper bound on the amount of time between two successive
@@ -196,12 +199,12 @@ static int vmx_init_vmcs_config(void)
* "APIC Register Virtualization" and "Virtual Interrupt Delivery"
* can be set only when "use TPR shadow" is set
*/
- if ( _vmx_cpu_based_exec_control & CPU_BASED_TPR_SHADOW )
+ if ( (_vmx_cpu_based_exec_control & CPU_BASED_TPR_SHADOW) &&
+ opt_apicv_enabled )
opt |= SECONDARY_EXEC_APIC_REGISTER_VIRT |
SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE;
-
_vmx_secondary_exec_control = adjust_vmx_controls(
"Secondary Exec Control", min, opt,
MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch);

41
520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch Normal file
View File

@ -0,0 +1,41 @@
# Commit e8e8b030ecf916fea19639f0b6a446c1c9dbe174
# Date 2013-08-14 11:18:24 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
VT-d: protect against bogus information coming from BIOS
Add checks similar to those done by Linux: The DRHD address must not
be all zeros or all ones (Linux only checks for zero), and capabilities
as well as extended capabilities must not be all ones.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ben Guthro <benjamin.guthro@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Ben Guthro <benjamin.guthro@citrix.com>
Acked by: Yang Zhang <yang.z.zhang@intel.com>
Acked-by: Xiantao Zhang <xiantao.zhang@intel.com>
--- a/xen/drivers/passthrough/vtd/dmar.c
+++ b/xen/drivers/passthrough/vtd/dmar.c
@@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea
if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 )
return ret;
+ if ( !drhd->address || !(drhd->address + 1) )
+ return -ENODEV;
+
dmaru = xzalloc(struct acpi_drhd_unit);
if ( !dmaru )
return -ENOMEM;
--- a/xen/drivers/passthrough/vtd/iommu.c
+++ b/xen/drivers/passthrough/vtd/iommu.c
@@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_
dprintk(VTDPREFIX,
"cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap);
}
+ if ( !(iommu->cap + 1) || !(iommu->ecap + 1) )
+ return -ENODEV;
+
if ( cap_fault_reg_offset(iommu->cap) +
cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE ||
ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE )

24
520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch Normal file
View File

@ -0,0 +1,24 @@
# Commit f67af6d5803b6a015e30cb490a94f9547cb0437c
# Date 2013-08-14 11:20:26 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/MTRR: fix range check in mtrr_add_page()
Extracted from Yinghai Lu's Linux commit d5c78673 ("x86: Fix /proc/mtrr
with base/size more than 44bits").
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
--- a/xen/arch/x86/cpu/mtrr/main.c
+++ b/xen/arch/x86/cpu/mtrr/main.c
@@ -340,7 +340,7 @@ int mtrr_add_page(unsigned long base, un
return -EINVAL;
}
- if (base & size_or_mask || size & size_or_mask) {
+ if ((base | (base + size - 1)) >> (paddr_bits - PAGE_SHIFT)) {
printk(KERN_WARNING "mtrr: base or size exceeds the MTRR width\n");
return -EINVAL;
}

22
520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch Normal file
View File

@ -0,0 +1,22 @@
# Commit ab7f9a793c78dfea81c037b34b0dd2db7070d8f8
# Date 2013-08-15 13:17:10 +0200
# Author Tim Deegan <tim@xen.org>
# Committer Jan Beulich <jbeulich@suse.com>
x86/time: fix check for negative time in __update_vcpu_system_time()
Clang points out that u64 stime variable is always >= 0.
Signed-off-by: Tim Deegan <tim@xen.org>
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -817,7 +817,8 @@ static void __update_vcpu_system_time(st
if ( d->arch.vtsc )
{
- u64 stime = t->stime_local_stamp;
+ s_time_t stime = t->stime_local_stamp;
+
if ( is_hvm_domain(d) )
{
struct pl_time *pl = &v->domain->arch.hvm_domain.pl_time;

61
520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch Normal file
View File

@ -0,0 +1,61 @@
# Commit 7b9685ca4ed2fd723600ce66eb20a6d0c115b6cb
# Date 2013-08-15 22:00:45 +0100
# Author Tim Deegan <tim@xen.org>
# Committer Tim Deegan <tim@xen.org>
xen: Add stdbool.h workaround for BSD.
On *BSD, stdbool.h lives in /usr/include, but we don't want to have
that on the search path in case we pick up any headers from the build
host's C libraries.
Copy the equivalent hack already in place for stdarg.h: on all
supported compilers the contents of stdbool.h are trivial, so just
supply the things we need in a xen/stdbool.h header.
Signed-off-by: Tim Deegan <tim@xen.org>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Keir Fraser <keir@xen.org>
Tested-by: Patrick Welche <prlw1@cam.ac.uk>
--- a/xen/include/xen/libelf.h
+++ b/xen/include/xen/libelf.h
@@ -29,8 +29,6 @@
#error define architectural endianness
#endif
-#include <stdbool.h>
-
typedef int elf_errorstatus; /* 0: ok; -ve (normally -1): error */
typedef int elf_negerrnoval; /* 0: ok; -EFOO: error */
@@ -39,11 +37,13 @@ typedef int elf_negerrnoval; /* 0: ok; -
#ifdef __XEN__
#include <public/elfnote.h>
#include <public/features.h>
+#include <xen/stdbool.h>
#else
#include <xen/elfnote.h>
#include <xen/features.h>
#include <stdarg.h>
+#include <stdbool.h>
struct elf_binary;
typedef void elf_log_callback(struct elf_binary*, void *caller_data,
--- /dev/null
+++ b/xen/include/xen/stdbool.h
@@ -0,0 +1,13 @@
+#ifndef __XEN_STDBOOL_H__
+#define __XEN_STDBOOL_H__
+
+#if defined(__OpenBSD__) || defined(__NetBSD__)
+# define bool _Bool
+# define true 1
+# define false 0
+# define __bool_true_false_are_defined 1
+#else
+# include <stdbool.h>
+#endif
+
+#endif /* __XEN_STDBOOL_H__ */

27
xen.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Mon Aug 26 15:48:57 MDT 2013 - carnold@suse.com
- bnc#836239 - SLES 11 SP3 Xen security patch does not
automatically update UEFI boot binary
xen.spec
-------------------------------------------------------------------
Tue Aug 20 07:56:13 MDT 2013 - carnold@suse.com
- Upstream patches from Jan
51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch
51dd155c-adjust-x86-EFI-build.patch
51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch
51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch
51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch
51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch
51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch
520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch
520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch
520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch
520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch
520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch
520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch
520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch
520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch
-------------------------------------------------------------------
Fri Aug 16 14:54:53 MDT 2013 - carnold@suse.com

57
xen.spec
View File

@ -15,6 +15,7 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: xen
ExclusiveArch: %ix86 x86_64 %arm aarch64
%define xvers 4.3
@ -197,6 +198,21 @@ Patch1: 51d277a3-x86-don-t-pass-negative-time-to-gtime_to_gtsc-try-2.pat
Patch2: 51d27807-iommu-amd-Fix-logic-for-clearing-the-IOMMU-interrupt-bits.patch
Patch3: 51d27841-iommu-amd-Workaround-for-erratum-787.patch
Patch4: 51daa074-Revert-hvmloader-always-include-HPET-table.patch
Patch5: 51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch
Patch6: 51dd155c-adjust-x86-EFI-build.patch
Patch7: 51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch
Patch8: 51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch
Patch9: 51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch
Patch10: 51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch
Patch11: 51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch
Patch12: 520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch
Patch13: 520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch
Patch14: 520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch
Patch15: 520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch
Patch16: 520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch
Patch17: 520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch
Patch18: 520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch
Patch19: 520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch
# Upstream qemu patches
# Our patches
Patch301: xen-destdir.patch
@ -490,6 +506,21 @@ Authors
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch301 -p1
%patch302 -p1
%patch303 -p1
@ -884,12 +915,10 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%endif
/usr/sbin/xenconsoled
/usr/sbin/xencov
/usr/sbin/xen-destroy
%ifnarch %arm aarch64
/usr/sbin/xen-hptool
/usr/sbin/xen-hvmcrash
/usr/sbin/xen-hvmctx
/usr/sbin/xen-list
/usr/sbin/xenlockprof
/usr/sbin/xen-lowmemd
/usr/sbin/xenmon.py
@ -905,7 +934,6 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
/usr/sbin/xentop
%ifnarch %arm aarch64
/usr/sbin/xentrace_setmask
/usr/sbin/xen-vmresync
%endif
/usr/sbin/xenwatchdogd
/usr/sbin/xsview
@ -926,7 +954,6 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%dir /etc/xen/scripts
/etc/xen/scripts/blktap
/etc/xen/scripts/block*
/etc/xen/scripts/domain-lock*
/etc/xen/scripts/external-device-migrate
/etc/xen/scripts/hotplugpath.sh
/etc/xen/scripts/locking.sh
@ -935,10 +962,8 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%ifnarch %arm aarch64
/etc/xen/scripts/qemu-ifup
%endif
/etc/xen/scripts/set-lock
/etc/xen/scripts/vif2
/etc/xen/scripts/vif-*
/etc/xen/scripts/vm-monitor
/etc/xen/scripts/vscsi
/etc/xen/scripts/xen-hotplug-*
/etc/xen/scripts/xen-network-common.sh
@ -1019,7 +1044,6 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%{_defaultdocdir}/xen/boot.local.xenU
%{_defaultdocdir}/xen/boot.xen
%{_defaultdocdir}/xen/misc
%{_mandir}/man1/xen-list.1.gz
%{_mandir}/man1/xentop.1.gz
%{_mandir}/man1/xentrace_format.1.gz
%{_mandir}/man1/xl.1.gz
@ -1039,6 +1063,9 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
/usr/sbin/xend
/usr/sbin/xen-bugtool
/usr/sbin/xen-python-path
/usr/sbin/xen-list
/usr/sbin/xen-destroy
/usr/sbin/xen-vmresync
%dir /var/lib/xen/xend-db
%dir /var/lib/xen/xend-db/domain
%dir /var/lib/xen/xend-db/migrate
@ -1059,6 +1086,9 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%config(noreplace) /etc/xen/*.xml
%ifnarch %arm aarch64
/etc/xen/scripts/xend-relocation.sh
/etc/xen/scripts/domain-lock*
/etc/xen/scripts/vm-monitor
/etc/xen/scripts/set-lock
%{_libdir}/python%{pyver}/site-packages/xen/remus/*
%{_libdir}/python%{pyver}/site-packages/xen/sv/*
%{_libdir}/python%{pyver}/site-packages/xen/util/*
@ -1069,6 +1099,7 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%{_mandir}/man1/xm.1.gz
%{_mandir}/man5/xmdomain.cfg.5.gz
%{_mandir}/man5/xend-config.sxp.5.gz
%{_mandir}/man1/xen-list.1.gz
%endif
%endif
@ -1095,6 +1126,18 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper
%if %{?with_dom0_support}0
%post
# EFI
if [ -d /boot/efi/efi/SuSE -a -e /usr/lib64/efi/xen-%{version}-%{release}.efi ]; then
cp /usr/lib64/efi/xen-%{version}-%{release}.efi /boot/efi/efi/SuSE/
fi
%postun
# EFI
if [ -e /boot/efi/efi/SuSE/xen-%{version}-%{release}.efi ]; then
rm /boot/efi/efi/SuSE/xen-%{version}-%{release}.efi
fi
%post tools
%if %{?with_xend}0
%if %{?with_systemd}0