diff --git a/51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch b/51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch new file mode 100644 index 0000000..a433513 --- /dev/null +++ b/51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch @@ -0,0 +1,30 @@ +# Commit d3a55d7d9bb518efe08143d050deff9f4ee80ec1 +# Date 2013-07-04 10:33:18 +0200 +# Author Andrew Cooper +# Committer Jan Beulich +x86/mm: Ensure useful progress in alloc_l2_table() + +While debugging the issue which turned out to be XSA-58, a printk in this loop +showed that it was quite easy to never make useful progress, because of +consistently failing the preemption check. + +One single l2 entry is a reasonable amount of work to do, even if an action is +pending, and also assures forwards progress across repeat continuations. + +Tweak the continuation criteria to fail on the first iteration of the loop. + +Signed-off-by: Andrew Cooper +Acked-by: Keir Fraser + +--- a/xen/arch/x86/mm.c ++++ b/xen/arch/x86/mm.c +@@ -1278,7 +1278,8 @@ static int alloc_l2_table(struct page_in + + for ( i = page->nr_validated_ptes; i < L2_PAGETABLE_ENTRIES; i++ ) + { +- if ( preemptible && i && hypercall_preempt_check() ) ++ if ( preemptible && i > page->nr_validated_ptes ++ && hypercall_preempt_check() ) + { + page->nr_validated_ptes = i; + rc = -EAGAIN; diff --git a/51dd155c-adjust-x86-EFI-build.patch b/51dd155c-adjust-x86-EFI-build.patch new file mode 100644 index 0000000..72d99e2 --- /dev/null +++ b/51dd155c-adjust-x86-EFI-build.patch @@ -0,0 +1,27 @@ +# Commit 5656b93d215d7c5160790ea87758625ba1de16b1 +# Date 2013-07-10 10:03:40 +0200 +# Author Jan Beulich +# Committer Jan Beulich +adjust x86 EFI build + +While the rule to generate .init.o files from .o ones already correctly +included $(extra-y), the setting of the necessary compiler flag didn't +have the same. With some yet to be posted patch this resulted in build +breakage because of the compiler deciding not to inline a few functions +(which then results in .text not being empty as required for these +object files). + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/Rules.mk ++++ b/xen/Rules.mk +@@ -101,7 +101,7 @@ obj-y := $(patsubst %/,%/built-in.o,$ + + subdir-all := $(subdir-y) $(subdir-n) + +-$(filter %.init.o,$(obj-y) $(obj-bin-y)): CFLAGS += -DINIT_SECTIONS_ONLY ++$(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): CFLAGS += -DINIT_SECTIONS_ONLY + + $(obj-$(coverage)): CFLAGS += -fprofile-arcs -ftest-coverage -DTEST_COVERAGE + diff --git a/51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch b/51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch new file mode 100644 index 0000000..5c1c604 --- /dev/null +++ b/51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch @@ -0,0 +1,44 @@ +# Commit 85047d9e4f4afeb73bca1e98f705a2f4f1d51c03 +# Date 2013-07-17 08:45:20 +0200 +# Author Andrew Cooper +# Committer Jan Beulich +x86/cpuidle: Change logging for unknown APIC IDs + +Dom0 uses this hypercall to pass ACPI information to Xen. It is not very +uncommon for more cpus to be listed in the ACPI tables than are present on the +system, particularly on systems with a common BIOS for a 2 and 4 socket server +varients. + +As Dom0 does not control the number of entries in the ACPI tables, and is +required to pass everything it finds to Xen, change the logging. + +There is now an single unconditional warning for the first unknown ID, and +further warnings if "cpuinfo" is requested by the user on the command line. + +Signed-off-by: Andrew Cooper + +--- a/xen/arch/x86/acpi/cpu_idle.c ++++ b/xen/arch/x86/acpi/cpu_idle.c +@@ -1031,7 +1031,10 @@ long set_cx_pminfo(uint32_t cpu, struct + cpu_id = get_cpu_id(cpu); + if ( cpu_id == -1 ) + { +- printk(XENLOG_ERR "no cpu_id for acpi_id %d\n", cpu); ++ static bool_t warn_once = 1; ++ if ( warn_once || opt_cpu_info ) ++ printk(XENLOG_WARNING "No CPU ID for APIC ID %#x\n", cpu); ++ warn_once = 0; + return -EINVAL; + } + +--- a/xen/arch/x86/cpu/common.c ++++ b/xen/arch/x86/cpu/common.c +@@ -63,7 +63,7 @@ static struct cpu_dev default_cpu = { + }; + static struct cpu_dev * this_cpu = &default_cpu; + +-bool_t __cpuinitdata opt_cpu_info; ++bool_t opt_cpu_info; + boolean_param("cpuinfo", opt_cpu_info); + + int __cpuinit get_model_name(struct cpuinfo_x86 *c) diff --git a/51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch b/51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch new file mode 100644 index 0000000..39ee3f7 --- /dev/null +++ b/51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch @@ -0,0 +1,41 @@ +# Commit 68caac7f6f4687241a24e804a9fca19aa26fe183 +# Date 2013-07-17 10:21:33 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86: don't use destroy_xen_mappings() for vunmap() + +Its attempt to tear down intermediate page table levels may race with +map_pages_to_xen() establishing them, and now that +map_domain_page_global() is backed by vmap() this teardown is also +wasteful (as it's very likely to need the same address space populated +again within foreseeable time). + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/common/vmap.c ++++ b/xen/common/vmap.c +@@ -196,9 +196,13 @@ void *vmap(const unsigned long *mfn, uns + + void vunmap(const void *va) + { ++#ifndef _PAGE_NONE + unsigned long addr = (unsigned long)va; + + destroy_xen_mappings(addr, addr + PAGE_SIZE * vm_size(va)); ++#else /* Avoid tearing down intermediate page tables. */ ++ map_pages_to_xen((unsigned long)va, 0, vm_size(va), _PAGE_NONE); ++#endif + vm_free(va); + } + #endif +--- a/xen/include/asm-x86/page.h ++++ b/xen/include/asm-x86/page.h +@@ -288,6 +288,7 @@ extern l1_pgentry_t l1_identmap[L1_PAGET + void paging_init(void); + #endif /* !defined(__ASSEMBLY__) */ + ++#define _PAGE_NONE _AC(0x000,U) + #define _PAGE_PRESENT _AC(0x001,U) + #define _PAGE_RW _AC(0x002,U) + #define _PAGE_USER _AC(0x004,U) diff --git a/51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch b/51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch new file mode 100644 index 0000000..165f9ab --- /dev/null +++ b/51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch @@ -0,0 +1,24 @@ +# Commit 915a59f25c5eddd86bc2cae6389d0ed2ab87e69e +# Date 2013-07-18 09:16:15 +0200 +# Author Andrew Cooper +# Committer Jan Beulich +x86/time: Update wallclock in shared info when altering domain time offset + +domain_set_time_offset() udpates d->time_offset_seconds, but does not correct +the wallclock in the shared info, meaning that it is incorrect until the next +XENPF_settime hypercall from dom0 which resynchronises the wallclock for all +domains. + +Signed-off-by: Andrew Cooper +Acked-by: Keir Fraser + +--- a/xen/arch/x86/time.c ++++ b/xen/arch/x86/time.c +@@ -931,6 +931,7 @@ void domain_set_time_offset(struct domai + d->time_offset_seconds = time_offset_seconds; + if ( is_hvm_domain(d) ) + rtc_update_clock(d); ++ update_domain_wallclock_time(d); + } + + int cpu_frequency_change(u64 freq) diff --git a/51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch b/51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch new file mode 100644 index 0000000..b97e081 --- /dev/null +++ b/51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch @@ -0,0 +1,62 @@ +# Commit b0e55bd49725c7c0183eb18670997b9e5930adac +# Date 2013-08-05 18:40:23 +0200 +# Author Jan Beulich +# Committer Jan Beulich +fix off-by-one mistakes in vm_alloc() + +Also add another pair of assertions to catch eventual further cases of +incorrect accounting. + +Signed-off-by: Jan Beulich +Reviewed-by Andrew Cooper +Acked-by: Keir Fraser + +--- a/xen/common/vmap.c ++++ b/xen/common/vmap.c +@@ -57,8 +57,8 @@ void *vm_alloc(unsigned int nr, unsigned + { + struct page_info *pg; + +- ASSERT(!test_bit(vm_low, vm_bitmap)); +- for ( start = vm_low; ; ) ++ ASSERT(vm_low == vm_top || !test_bit(vm_low, vm_bitmap)); ++ for ( start = vm_low; start < vm_top; ) + { + bit = find_next_bit(vm_bitmap, vm_top, start + 1); + if ( bit > vm_top ) +@@ -68,12 +68,18 @@ void *vm_alloc(unsigned int nr, unsigned + * corresponding page a guard one. + */ + start = (start + align) & ~(align - 1); +- if ( start + nr <= bit ) +- break; +- start = bit < vm_top ? +- find_next_zero_bit(vm_bitmap, vm_top, bit + 1) : bit; +- if ( start >= vm_top ) +- break; ++ if ( bit < vm_top ) ++ { ++ if ( start + nr < bit ) ++ break; ++ start = find_next_zero_bit(vm_bitmap, vm_top, bit + 1); ++ } ++ else ++ { ++ if ( start + nr <= bit ) ++ break; ++ start = bit; ++ } + } + + if ( start < vm_top ) +@@ -115,6 +121,10 @@ void *vm_alloc(unsigned int nr, unsigned + + for ( bit = start; bit < start + nr; ++bit ) + __set_bit(bit, vm_bitmap); ++ if ( bit < vm_top ) ++ ASSERT(!test_bit(bit, vm_bitmap)); ++ else ++ ASSERT(bit == vm_top); + if ( start <= vm_low + 2 ) + vm_low = bit; + spin_unlock(&vm_lock); diff --git a/51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch b/51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch new file mode 100644 index 0000000..1dabcc0 --- /dev/null +++ b/51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch @@ -0,0 +1,60 @@ +# Commit c58d9f2f4844c2ce8859a8d0f26a54cd058eb51f +# Date 2013-08-05 18:42:37 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86: refine FPU selector handling code for XSAVEOPT + +Some extra tweaks are necessary to deal with the situation of XSAVEOPT +not writing the FPU portion of the save image (due to it detecting that +the register state did not get modified since the last XRSTOR). + +Signed-off-by: Jan Beulich +Tested-by: Ben Guthro +Acked-by: Keir Fraser + +--- a/xen/arch/x86/xstate.c ++++ b/xen/arch/x86/xstate.c +@@ -71,10 +71,28 @@ void xsave(struct vcpu *v, uint64_t mask + + if ( word_size <= 0 || !is_pv_32bit_vcpu(v) ) + { ++ typeof(ptr->fpu_sse.fip.sel) fcs = ptr->fpu_sse.fip.sel; ++ typeof(ptr->fpu_sse.fdp.sel) fds = ptr->fpu_sse.fdp.sel; ++ + if ( cpu_has_xsaveopt ) ++ { ++ /* ++ * xsaveopt may not write the FPU portion even when the respective ++ * mask bit is set. For the check further down to work we hence ++ * need to put the save image back into the state that it was in ++ * right after the previous xsaveopt. ++ */ ++ if ( word_size > 0 && ++ (ptr->fpu_sse.x[FPU_WORD_SIZE_OFFSET] == 4 || ++ ptr->fpu_sse.x[FPU_WORD_SIZE_OFFSET] == 2) ) ++ { ++ ptr->fpu_sse.fip.sel = 0; ++ ptr->fpu_sse.fdp.sel = 0; ++ } + asm volatile ( ".byte 0x48,0x0f,0xae,0x37" + : "=m" (*ptr) + : "a" (lmask), "d" (hmask), "D" (ptr) ); ++ } + else + asm volatile ( ".byte 0x48,0x0f,0xae,0x27" + : "=m" (*ptr) +@@ -87,7 +105,14 @@ void xsave(struct vcpu *v, uint64_t mask + */ + (!(ptr->fpu_sse.fsw & 0x0080) && + boot_cpu_data.x86_vendor == X86_VENDOR_AMD) ) ++ { ++ if ( cpu_has_xsaveopt && word_size > 0 ) ++ { ++ ptr->fpu_sse.fip.sel = fcs; ++ ptr->fpu_sse.fdp.sel = fds; ++ } + return; ++ } + + if ( word_size > 0 && + !((ptr->fpu_sse.fip.addr | ptr->fpu_sse.fdp.addr) >> 32) ) diff --git a/520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch b/520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch new file mode 100644 index 0000000..75b6356 --- /dev/null +++ b/520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch @@ -0,0 +1,23 @@ +# Commit e1ab5c77b44b7bd835a2c032fa4963b36545fdb3 +# Date 2013-08-06 17:22:35 +0200 +# Author Yang Zhang +# Committer Jan Beulich +Nested VMX: Flush TLBs and Caches if paging mode changed + +According to SDM, if paging mode is changed, then whole TLBs and caches will +be flushed. This is missed in nested handle logic. Also this fixed the issue +that 64 bits windows cannot boot up on top of L1 kvm. + +Signed-off-by: Yang Zhang +Acked-by: Keir Fraser + +--- a/xen/arch/x86/mm/paging.c ++++ b/xen/arch/x86/mm/paging.c +@@ -709,6 +709,7 @@ void paging_update_nestedmode(struct vcp + else + /* TODO: shadow-on-shadow */ + v->arch.paging.nestedmode = NULL; ++ hvm_asid_flush_vcpu(v); + } + + void paging_write_p2m_entry(struct p2m_domain *p2m, unsigned long gfn, diff --git a/520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch b/520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch new file mode 100644 index 0000000..1d781af --- /dev/null +++ b/520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch @@ -0,0 +1,138 @@ +# Commit 85fc517ec3055e8e8d9c9e36e15a81e630237252 +# Date 2013-08-13 14:22:14 +0200 +# Author Suravee Suthikulpanit +# Committer Jan Beulich +x86/AMD: Fix nested svm crash due to assertion in __virt_to_maddr + +Fix assertion in __virt_to_maddr when starting nested SVM guest +in debug mode. Investigation has shown that svm_vmsave/svm_vmload +make use of __pa() with invalid address. + +Signed-off-by: Suravee Suthikulpanit +Reviewed-by: Tim Deegan + +--- a/xen/arch/x86/hvm/svm/svm.c ++++ b/xen/arch/x86/hvm/svm/svm.c +@@ -1792,6 +1792,32 @@ svm_vmexit_do_vmrun(struct cpu_user_regs + return; + } + ++static struct page_info * ++nsvm_get_nvmcb_page(struct vcpu *v, uint64_t vmcbaddr) ++{ ++ p2m_type_t p2mt; ++ struct page_info *page; ++ struct nestedvcpu *nv = &vcpu_nestedhvm(v); ++ ++ if ( !nestedsvm_vmcb_map(v, vmcbaddr) ) ++ return NULL; ++ ++ /* Need to translate L1-GPA to MPA */ ++ page = get_page_from_gfn(v->domain, ++ nv->nv_vvmcxaddr >> PAGE_SHIFT, ++ &p2mt, P2M_ALLOC | P2M_UNSHARE); ++ if ( !page ) ++ return NULL; ++ ++ if ( !p2m_is_ram(p2mt) || p2m_is_readonly(p2mt) ) ++ { ++ put_page(page); ++ return NULL; ++ } ++ ++ return page; ++} ++ + static void + svm_vmexit_do_vmload(struct vmcb_struct *vmcb, + struct cpu_user_regs *regs, +@@ -1799,7 +1825,7 @@ svm_vmexit_do_vmload(struct vmcb_struct + { + int ret; + unsigned int inst_len; +- struct nestedvcpu *nv = &vcpu_nestedhvm(v); ++ struct page_info *page; + + if ( (inst_len = __get_instruction_length(v, INSTR_VMLOAD)) == 0 ) + return; +@@ -1810,13 +1836,18 @@ svm_vmexit_do_vmload(struct vmcb_struct + goto inject; + } + +- if (!nestedsvm_vmcb_map(v, vmcbaddr)) { +- gdprintk(XENLOG_ERR, "VMLOAD: mapping vmcb failed, injecting #UD\n"); ++ page = nsvm_get_nvmcb_page(v, vmcbaddr); ++ if ( !page ) ++ { ++ gdprintk(XENLOG_ERR, ++ "VMLOAD: mapping failed, injecting #UD\n"); + ret = TRAP_invalid_op; + goto inject; + } + +- svm_vmload(nv->nv_vvmcx); ++ svm_vmload_pa(page_to_maddr(page)); ++ put_page(page); ++ + /* State in L1 VMCB is stale now */ + v->arch.hvm_svm.vmcb_in_sync = 0; + +@@ -1835,7 +1866,7 @@ svm_vmexit_do_vmsave(struct vmcb_struct + { + int ret; + unsigned int inst_len; +- struct nestedvcpu *nv = &vcpu_nestedhvm(v); ++ struct page_info *page; + + if ( (inst_len = __get_instruction_length(v, INSTR_VMSAVE)) == 0 ) + return; +@@ -1846,14 +1877,17 @@ svm_vmexit_do_vmsave(struct vmcb_struct + goto inject; + } + +- if (!nestedsvm_vmcb_map(v, vmcbaddr)) { +- gdprintk(XENLOG_ERR, "VMSAVE: mapping vmcb failed, injecting #UD\n"); ++ page = nsvm_get_nvmcb_page(v, vmcbaddr); ++ if ( !page ) ++ { ++ gdprintk(XENLOG_ERR, ++ "VMSAVE: mapping vmcb failed, injecting #UD\n"); + ret = TRAP_invalid_op; + goto inject; + } + +- svm_vmsave(nv->nv_vvmcx); +- ++ svm_vmsave_pa(page_to_maddr(page)); ++ put_page(page); + __update_guest_eip(regs, inst_len); + return; + +--- a/xen/include/asm-x86/hvm/svm/svm.h ++++ b/xen/include/asm-x86/hvm/svm/svm.h +@@ -41,18 +41,21 @@ + #define SVM_REG_R14 (14) + #define SVM_REG_R15 (15) + +-static inline void svm_vmload(void *vmcb) ++#define svm_vmload(x) svm_vmload_pa(__pa(x)) ++#define svm_vmsave(x) svm_vmsave_pa(__pa(x)) ++ ++static inline void svm_vmload_pa(paddr_t vmcb) + { + asm volatile ( + ".byte 0x0f,0x01,0xda" /* vmload */ +- : : "a" (__pa(vmcb)) : "memory" ); ++ : : "a" (vmcb) : "memory" ); + } + +-static inline void svm_vmsave(void *vmcb) ++static inline void svm_vmsave_pa(paddr_t vmcb) + { + asm volatile ( + ".byte 0x0f,0x01,0xdb" /* vmsave */ +- : : "a" (__pa(vmcb)) : "memory" ); ++ : : "a" (vmcb) : "memory" ); + } + + static inline void svm_invlpga(unsigned long vaddr, uint32_t asid) diff --git a/520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch b/520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch new file mode 100644 index 0000000..8e2977b --- /dev/null +++ b/520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch @@ -0,0 +1,91 @@ +# Commit 910daaf5aaa837624099c0fc5c373bea7202ff43 +# Date 2013-08-13 14:24:16 +0200 +# Author Suravee Suthikulpanit +# Committer Jan Beulich +x86/AMD: Inject #GP instead of #UD when unable to map vmcb + +According to AMD Programmer's Manual vol2, vmrun, vmsave and vmload +should inject #GP instead of #UD when unable to access memory +location for vmcb. Also, the code should make sure that L1 guest +EFER.SVME is not zero. Otherwise, #UD should be injected. + +Signed-off-by: Suravee Suthikulpanit +Reviewed-by: Tim Deegan + +--- a/xen/arch/x86/hvm/svm/svm.c ++++ b/xen/arch/x86/hvm/svm/svm.c +@@ -1776,15 +1776,17 @@ static void + svm_vmexit_do_vmrun(struct cpu_user_regs *regs, + struct vcpu *v, uint64_t vmcbaddr) + { +- if (!nestedhvm_enabled(v->domain)) { ++ if ( !nsvm_efer_svm_enabled(v) ) ++ { + gdprintk(XENLOG_ERR, "VMRUN: nestedhvm disabled, injecting #UD\n"); + hvm_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE); + return; + } + +- if (!nestedsvm_vmcb_map(v, vmcbaddr)) { +- gdprintk(XENLOG_ERR, "VMRUN: mapping vmcb failed, injecting #UD\n"); +- hvm_inject_hw_exception(TRAP_invalid_op, HVM_DELIVER_NO_ERROR_CODE); ++ if ( !nestedsvm_vmcb_map(v, vmcbaddr) ) ++ { ++ gdprintk(XENLOG_ERR, "VMRUN: mapping vmcb failed, injecting #GP\n"); ++ hvm_inject_hw_exception(TRAP_gp_fault, HVM_DELIVER_NO_ERROR_CODE); + return; + } + +@@ -1830,7 +1832,8 @@ svm_vmexit_do_vmload(struct vmcb_struct + if ( (inst_len = __get_instruction_length(v, INSTR_VMLOAD)) == 0 ) + return; + +- if (!nestedhvm_enabled(v->domain)) { ++ if ( !nsvm_efer_svm_enabled(v) ) ++ { + gdprintk(XENLOG_ERR, "VMLOAD: nestedhvm disabled, injecting #UD\n"); + ret = TRAP_invalid_op; + goto inject; +@@ -1840,8 +1843,8 @@ svm_vmexit_do_vmload(struct vmcb_struct + if ( !page ) + { + gdprintk(XENLOG_ERR, +- "VMLOAD: mapping failed, injecting #UD\n"); +- ret = TRAP_invalid_op; ++ "VMLOAD: mapping failed, injecting #GP\n"); ++ ret = TRAP_gp_fault; + goto inject; + } + +@@ -1871,7 +1874,8 @@ svm_vmexit_do_vmsave(struct vmcb_struct + if ( (inst_len = __get_instruction_length(v, INSTR_VMSAVE)) == 0 ) + return; + +- if (!nestedhvm_enabled(v->domain)) { ++ if ( !nsvm_efer_svm_enabled(v) ) ++ { + gdprintk(XENLOG_ERR, "VMSAVE: nestedhvm disabled, injecting #UD\n"); + ret = TRAP_invalid_op; + goto inject; +@@ -1881,8 +1885,8 @@ svm_vmexit_do_vmsave(struct vmcb_struct + if ( !page ) + { + gdprintk(XENLOG_ERR, +- "VMSAVE: mapping vmcb failed, injecting #UD\n"); +- ret = TRAP_invalid_op; ++ "VMSAVE: mapping vmcb failed, injecting #GP\n"); ++ ret = TRAP_gp_fault; + goto inject; + } + +--- a/xen/include/asm-x86/hvm/svm/nestedsvm.h ++++ b/xen/include/asm-x86/hvm/svm/nestedsvm.h +@@ -94,7 +94,7 @@ struct nestedsvm { + #define vcpu_nestedsvm(v) (vcpu_nestedhvm(v).u.nsvm) + + /* True when l1 guest enabled SVM in EFER */ +-#define hvm_svm_enabled(v) \ ++#define nsvm_efer_svm_enabled(v) \ + (!!((v)->arch.hvm_vcpu.guest_efer & EFER_SVME)) + + int nestedsvm_vmcb_map(struct vcpu *v, uint64_t vmcbaddr); diff --git a/520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch b/520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch new file mode 100644 index 0000000..2f6e767 --- /dev/null +++ b/520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch @@ -0,0 +1,38 @@ +# Commit 0c006b41a283a0a569c863d44abde5aa5750ae01 +# Date 2013-08-13 17:47:16 +0200 +# Author Yang Zhang +# Committer Jan Beulich +VMX: add boot parameter to enable/disable APIC-v dynamically + +Add a boot parameter to enable/disable the APIC-v dynamically. APIC-v is +enabled by default. User can use apicv=0 to disable it. + +Signed-off-by: Yang Zhang + +--- a/xen/arch/x86/hvm/vmx/vmcs.c ++++ b/xen/arch/x86/hvm/vmx/vmcs.c +@@ -46,6 +46,9 @@ boolean_param("vpid", opt_vpid_enabled); + static bool_t __read_mostly opt_unrestricted_guest_enabled = 1; + boolean_param("unrestricted_guest", opt_unrestricted_guest_enabled); + ++static bool_t __read_mostly opt_apicv_enabled = 1; ++boolean_param("apicv", opt_apicv_enabled); ++ + /* + * These two parameters are used to config the controls for Pause-Loop Exiting: + * ple_gap: upper bound on the amount of time between two successive +@@ -196,12 +199,12 @@ static int vmx_init_vmcs_config(void) + * "APIC Register Virtualization" and "Virtual Interrupt Delivery" + * can be set only when "use TPR shadow" is set + */ +- if ( _vmx_cpu_based_exec_control & CPU_BASED_TPR_SHADOW ) ++ if ( (_vmx_cpu_based_exec_control & CPU_BASED_TPR_SHADOW) && ++ opt_apicv_enabled ) + opt |= SECONDARY_EXEC_APIC_REGISTER_VIRT | + SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY | + SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE; + +- + _vmx_secondary_exec_control = adjust_vmx_controls( + "Secondary Exec Control", min, opt, + MSR_IA32_VMX_PROCBASED_CTLS2, &mismatch); diff --git a/520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch b/520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch new file mode 100644 index 0000000..979c64b --- /dev/null +++ b/520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch @@ -0,0 +1,41 @@ +# Commit e8e8b030ecf916fea19639f0b6a446c1c9dbe174 +# Date 2013-08-14 11:18:24 +0200 +# Author Jan Beulich +# Committer Jan Beulich +VT-d: protect against bogus information coming from BIOS + +Add checks similar to those done by Linux: The DRHD address must not +be all zeros or all ones (Linux only checks for zero), and capabilities +as well as extended capabilities must not be all ones. + +Signed-off-by: Jan Beulich +Reviewed-by: Ben Guthro +Reviewed-by: Andrew Cooper +Tested-by: Ben Guthro +Acked by: Yang Zhang +Acked-by: Xiantao Zhang + +--- a/xen/drivers/passthrough/vtd/dmar.c ++++ b/xen/drivers/passthrough/vtd/dmar.c +@@ -447,6 +447,9 @@ acpi_parse_one_drhd(struct acpi_dmar_hea + if ( (ret = acpi_dmar_check_length(header, sizeof(*drhd))) != 0 ) + return ret; + ++ if ( !drhd->address || !(drhd->address + 1) ) ++ return -ENODEV; ++ + dmaru = xzalloc(struct acpi_drhd_unit); + if ( !dmaru ) + return -ENOMEM; +--- a/xen/drivers/passthrough/vtd/iommu.c ++++ b/xen/drivers/passthrough/vtd/iommu.c +@@ -1159,6 +1159,9 @@ int __init iommu_alloc(struct acpi_drhd_ + dprintk(VTDPREFIX, + "cap = %"PRIx64" ecap = %"PRIx64"\n", iommu->cap, iommu->ecap); + } ++ if ( !(iommu->cap + 1) || !(iommu->ecap + 1) ) ++ return -ENODEV; ++ + if ( cap_fault_reg_offset(iommu->cap) + + cap_num_fault_regs(iommu->cap) * PRIMARY_FAULT_REG_LEN >= PAGE_SIZE || + ecap_iotlb_offset(iommu->ecap) >= PAGE_SIZE ) diff --git a/520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch b/520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch new file mode 100644 index 0000000..8770e53 --- /dev/null +++ b/520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch @@ -0,0 +1,24 @@ +# Commit f67af6d5803b6a015e30cb490a94f9547cb0437c +# Date 2013-08-14 11:20:26 +0200 +# Author Jan Beulich +# Committer Jan Beulich +x86/MTRR: fix range check in mtrr_add_page() + +Extracted from Yinghai Lu's Linux commit d5c78673 ("x86: Fix /proc/mtrr +with base/size more than 44bits"). + +Signed-off-by: Jan Beulich +Reviewed-by: Andrew Cooper +Acked-by: Keir Fraser + +--- a/xen/arch/x86/cpu/mtrr/main.c ++++ b/xen/arch/x86/cpu/mtrr/main.c +@@ -340,7 +340,7 @@ int mtrr_add_page(unsigned long base, un + return -EINVAL; + } + +- if (base & size_or_mask || size & size_or_mask) { ++ if ((base | (base + size - 1)) >> (paddr_bits - PAGE_SHIFT)) { + printk(KERN_WARNING "mtrr: base or size exceeds the MTRR width\n"); + return -EINVAL; + } diff --git a/520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch b/520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch new file mode 100644 index 0000000..5bebae5 --- /dev/null +++ b/520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch @@ -0,0 +1,22 @@ +# Commit ab7f9a793c78dfea81c037b34b0dd2db7070d8f8 +# Date 2013-08-15 13:17:10 +0200 +# Author Tim Deegan +# Committer Jan Beulich +x86/time: fix check for negative time in __update_vcpu_system_time() + +Clang points out that u64 stime variable is always >= 0. + +Signed-off-by: Tim Deegan + +--- a/xen/arch/x86/time.c ++++ b/xen/arch/x86/time.c +@@ -817,7 +817,8 @@ static void __update_vcpu_system_time(st + + if ( d->arch.vtsc ) + { +- u64 stime = t->stime_local_stamp; ++ s_time_t stime = t->stime_local_stamp; ++ + if ( is_hvm_domain(d) ) + { + struct pl_time *pl = &v->domain->arch.hvm_domain.pl_time; diff --git a/520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch b/520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch new file mode 100644 index 0000000..6b7ec90 --- /dev/null +++ b/520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch @@ -0,0 +1,61 @@ +# Commit 7b9685ca4ed2fd723600ce66eb20a6d0c115b6cb +# Date 2013-08-15 22:00:45 +0100 +# Author Tim Deegan +# Committer Tim Deegan +xen: Add stdbool.h workaround for BSD. + +On *BSD, stdbool.h lives in /usr/include, but we don't want to have +that on the search path in case we pick up any headers from the build +host's C libraries. + +Copy the equivalent hack already in place for stdarg.h: on all +supported compilers the contents of stdbool.h are trivial, so just +supply the things we need in a xen/stdbool.h header. + +Signed-off-by: Tim Deegan +Reviewed-by: Jan Beulich +Reviewed-by: Ian Campbell +Acked-by: Keir Fraser +Tested-by: Patrick Welche + +--- a/xen/include/xen/libelf.h ++++ b/xen/include/xen/libelf.h +@@ -29,8 +29,6 @@ + #error define architectural endianness + #endif + +-#include +- + typedef int elf_errorstatus; /* 0: ok; -ve (normally -1): error */ + typedef int elf_negerrnoval; /* 0: ok; -EFOO: error */ + +@@ -39,11 +37,13 @@ typedef int elf_negerrnoval; /* 0: ok; - + #ifdef __XEN__ + #include + #include ++#include + #else + #include + #include + + #include ++#include + + struct elf_binary; + typedef void elf_log_callback(struct elf_binary*, void *caller_data, +--- /dev/null ++++ b/xen/include/xen/stdbool.h +@@ -0,0 +1,13 @@ ++#ifndef __XEN_STDBOOL_H__ ++#define __XEN_STDBOOL_H__ ++ ++#if defined(__OpenBSD__) || defined(__NetBSD__) ++# define bool _Bool ++# define true 1 ++# define false 0 ++# define __bool_true_false_are_defined 1 ++#else ++# include ++#endif ++ ++#endif /* __XEN_STDBOOL_H__ */ diff --git a/xen.changes b/xen.changes index 8bfd3cd..6c1eb8f 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,30 @@ +------------------------------------------------------------------- +Mon Aug 26 15:48:57 MDT 2013 - carnold@suse.com + +- bnc#836239 - SLES 11 SP3 Xen security patch does not + automatically update UEFI boot binary + xen.spec + +------------------------------------------------------------------- +Tue Aug 20 07:56:13 MDT 2013 - carnold@suse.com + +- Upstream patches from Jan + 51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch + 51dd155c-adjust-x86-EFI-build.patch + 51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch + 51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch + 51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch + 51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch + 51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch + 520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch + 520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch + 520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch + 520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch + 520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch + 520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch + 520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch + 520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch + ------------------------------------------------------------------- Fri Aug 16 14:54:53 MDT 2013 - carnold@suse.com diff --git a/xen.spec b/xen.spec index 167b855..9baa817 100644 --- a/xen.spec +++ b/xen.spec @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + Name: xen ExclusiveArch: %ix86 x86_64 %arm aarch64 %define xvers 4.3 @@ -197,6 +198,21 @@ Patch1: 51d277a3-x86-don-t-pass-negative-time-to-gtime_to_gtsc-try-2.pat Patch2: 51d27807-iommu-amd-Fix-logic-for-clearing-the-IOMMU-interrupt-bits.patch Patch3: 51d27841-iommu-amd-Workaround-for-erratum-787.patch Patch4: 51daa074-Revert-hvmloader-always-include-HPET-table.patch +Patch5: 51d5334e-x86-mm-Ensure-useful-progress-in-alloc_l2_table.patch +Patch6: 51dd155c-adjust-x86-EFI-build.patch +Patch7: 51e63d80-x86-cpuidle-Change-logging-for-unknown-APIC-IDs.patch +Patch8: 51e6540d-x86-don-t-use-destroy_xen_mappings-for-vunmap.patch +Patch9: 51e7963f-x86-time-Update-wallclock-in-shared-info-when-altering-domain-time-offset.patch +Patch10: 51ffd577-fix-off-by-one-mistakes-in-vm_alloc.patch +Patch11: 51ffd5fd-x86-refine-FPU-selector-handling-code-for-XSAVEOPT.patch +Patch12: 520114bb-Nested-VMX-Flush-TLBs-and-Caches-if-paging-mode-changed.patch +Patch13: 520a5504-VMX-add-boot-parameter-to-enable-disable-APIC-v-dynamically.patch +Patch14: 520a24f6-x86-AMD-Fix-nested-svm-crash-due-to-assertion-in-__virt_to_maddr.patch +Patch15: 520a2570-x86-AMD-Inject-GP-instead-of-UD-when-unable-to-map-vmcb.patch +Patch16: 520b4b60-VT-d-protect-against-bogus-information-coming-from-BIOS.patch +Patch17: 520b4bda-x86-MTRR-fix-range-check-in-mtrr_add_page.patch +Patch18: 520cb8b6-x86-time-fix-check-for-negative-time-in-__update_vcpu_system_time.patch +Patch19: 520d417d-xen-Add-stdbool.h-workaround-for-BSD.patch # Upstream qemu patches # Our patches Patch301: xen-destdir.patch @@ -490,6 +506,21 @@ Authors %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 %patch301 -p1 %patch302 -p1 %patch303 -p1 @@ -884,12 +915,10 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper %endif /usr/sbin/xenconsoled /usr/sbin/xencov -/usr/sbin/xen-destroy %ifnarch %arm aarch64 /usr/sbin/xen-hptool /usr/sbin/xen-hvmcrash /usr/sbin/xen-hvmctx -/usr/sbin/xen-list /usr/sbin/xenlockprof /usr/sbin/xen-lowmemd /usr/sbin/xenmon.py @@ -905,7 +934,6 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper /usr/sbin/xentop %ifnarch %arm aarch64 /usr/sbin/xentrace_setmask -/usr/sbin/xen-vmresync %endif /usr/sbin/xenwatchdogd /usr/sbin/xsview @@ -926,7 +954,6 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper %dir /etc/xen/scripts /etc/xen/scripts/blktap /etc/xen/scripts/block* -/etc/xen/scripts/domain-lock* /etc/xen/scripts/external-device-migrate /etc/xen/scripts/hotplugpath.sh /etc/xen/scripts/locking.sh @@ -935,10 +962,8 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper %ifnarch %arm aarch64 /etc/xen/scripts/qemu-ifup %endif -/etc/xen/scripts/set-lock /etc/xen/scripts/vif2 /etc/xen/scripts/vif-* -/etc/xen/scripts/vm-monitor /etc/xen/scripts/vscsi /etc/xen/scripts/xen-hotplug-* /etc/xen/scripts/xen-network-common.sh @@ -1019,7 +1044,6 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper %{_defaultdocdir}/xen/boot.local.xenU %{_defaultdocdir}/xen/boot.xen %{_defaultdocdir}/xen/misc -%{_mandir}/man1/xen-list.1.gz %{_mandir}/man1/xentop.1.gz %{_mandir}/man1/xentrace_format.1.gz %{_mandir}/man1/xl.1.gz @@ -1039,6 +1063,9 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper /usr/sbin/xend /usr/sbin/xen-bugtool /usr/sbin/xen-python-path +/usr/sbin/xen-list +/usr/sbin/xen-destroy +/usr/sbin/xen-vmresync %dir /var/lib/xen/xend-db %dir /var/lib/xen/xend-db/domain %dir /var/lib/xen/xend-db/migrate @@ -1059,6 +1086,9 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper %config(noreplace) /etc/xen/*.xml %ifnarch %arm aarch64 /etc/xen/scripts/xend-relocation.sh +/etc/xen/scripts/domain-lock* +/etc/xen/scripts/vm-monitor +/etc/xen/scripts/set-lock %{_libdir}/python%{pyver}/site-packages/xen/remus/* %{_libdir}/python%{pyver}/site-packages/xen/sv/* %{_libdir}/python%{pyver}/site-packages/xen/util/* @@ -1069,6 +1099,7 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper %{_mandir}/man1/xm.1.gz %{_mandir}/man5/xmdomain.cfg.5.gz %{_mandir}/man5/xend-config.sxp.5.gz +%{_mandir}/man1/xen-list.1.gz %endif %endif @@ -1095,6 +1126,18 @@ rm -f $RPM_BUILD_ROOT/usr/libexec/qemu-bridge-helper %if %{?with_dom0_support}0 +%post +# EFI +if [ -d /boot/efi/efi/SuSE -a -e /usr/lib64/efi/xen-%{version}-%{release}.efi ]; then + cp /usr/lib64/efi/xen-%{version}-%{release}.efi /boot/efi/efi/SuSE/ +fi + +%postun +# EFI +if [ -e /boot/efi/efi/SuSE/xen-%{version}-%{release}.efi ]; then + rm /boot/efi/efi/SuSE/xen-%{version}-%{release}.efi +fi + %post tools %if %{?with_xend}0 %if %{?with_systemd}0