From 73fd9f3c1950325330a924e6a3fdc855a74750f986b3774b774c258bb9fb61e1 Mon Sep 17 00:00:00 2001 From: Charles Arnold Date: Thu, 10 Apr 2014 06:04:31 +0000 Subject: [PATCH] - Upstream patches from Jan 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch - bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support when released 53206661-pygrub-support-linux16-and-initrd16.patch - Upstream bug fixes 53299d8f-xenconsole-reset-tty-on-failure.patch 53299d8f-xenconsole-tolerate-tty-errors.patch - fix build for armv7l and aarch64 - Remove compiletime strings from qemu-upstream qemu-xen-upstream-megasas-buildtime.patch - bnc#871546 - KMPs are not signed in SUSE:SLE-12:GA? xen.spec - Upstream patches from Jan 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch - Drop xsa89.patch for upstream version (see bnc#867910, 5331917d-x86-enforce...) OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=309 --- ...rough-handling-in-epte_get_entry_emt.patch | 22 +- ...-pygrub-support-linux16-and-initrd16.patch | 165 +++++++++++++ ...9d8f-xenconsole-reset-tty-on-failure.patch | 54 +++++ 53299d8f-xenconsole-tolerate-tty-errors.patch | 49 ++++ ...-count-for-struct-domain-allocations.patch | 57 +++++ ...VM_set_mem_access-p2m_set_mem_access.patch | 8 +- ...correct-CPUID-leaf-80000008-handling.patch | 141 +++++++++++ ...d1ee-VMX-fix-PAT-value-seen-by-guest.patch | 34 +++ ...mm-fix-checks-against-max_mapped_pfn.patch | 38 +++ qemu-xen-upstream-megasas-buildtime.patch | 21 ++ xen.changes | 40 +++- xen.spec | 31 ++- xen2libvirt.py | 226 +++++++++--------- xenconsole-no-multiple-connections.patch | 20 +- 14 files changed, 773 insertions(+), 133 deletions(-) create mode 100644 53206661-pygrub-support-linux16-and-initrd16.patch create mode 100644 53299d8f-xenconsole-reset-tty-on-failure.patch create mode 100644 53299d8f-xenconsole-tolerate-tty-errors.patch create mode 100644 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch rename xsa89.patch => 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch (92%) create mode 100644 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch create mode 100644 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch create mode 100644 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch create mode 100644 qemu-xen-upstream-megasas-buildtime.patch diff --git a/531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch b/531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch index 8552bb9..c86a6f4 100644 --- a/531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch +++ b/531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch @@ -19,9 +19,21 @@ Signed-off-by: Jan Beulich Reviewed-by: "Xu, Dongxiao" Acked-by: Keir Fraser +# Commit 1f8b57779785bf9f55c16312bb1ec679929c314b +# Date 2014-03-28 13:43:25 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86/EPT: relax treatment of APIC MFN + +There's no point in this being mapped UC by the guest due to using a +respective PAT index - set the ignore-PAT flag to true. + +Signed-off-by: Jan Beulich +Reviewed-by: Tim Deegan + --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c -@@ -698,14 +698,20 @@ uint8_t epte_get_entry_emt(struct domain +@@ -698,14 +698,24 @@ uint8_t epte_get_entry_emt(struct domain if ( hvm_get_mem_pinned_cacheattr(d, gfn, &type) ) return type; @@ -39,8 +51,12 @@ Acked-by: Keir Fraser if ( direct_mmio ) - return MTRR_TYPE_UNCACHABLE; -+ return mfn_x(mfn) != d->arch.hvm_domain.vmx.apic_access_mfn -+ ? MTRR_TYPE_UNCACHABLE : MTRR_TYPE_WRBACK; ++ { ++ if ( mfn_x(mfn) != d->arch.hvm_domain.vmx.apic_access_mfn ) ++ return MTRR_TYPE_UNCACHABLE; ++ *ipat = 1; ++ return MTRR_TYPE_WRBACK; ++ } if ( iommu_snoop ) { diff --git a/53206661-pygrub-support-linux16-and-initrd16.patch b/53206661-pygrub-support-linux16-and-initrd16.patch new file mode 100644 index 0000000..bf4f89a --- /dev/null +++ b/53206661-pygrub-support-linux16-and-initrd16.patch @@ -0,0 +1,165 @@ +Subject: xen/pygrub: grub2/grub.cfg from RHEL 7 has new commands in menuentry +From: Joby Poriyath joby.poriyath@citrix.com Tue Feb 4 18:10:35 2014 +0000 +Date: Wed Mar 12 13:51:29 2014 +0000: +Git: dd03048708af072374963d6d0721cc6d4c5f52cf + +menuentry in grub2/grub.cfg uses linux16 and initrd16 commands +instead of linux and initrd. Due to this RHEL 7 (beta) guest failed to +boot after the installation. + +In addition to this, RHEL 7 menu entries have two different single-quote +delimited strings on the same line, and the greedy grouping for menuentry +parsing gets both strings, and the options inbetween. + +Signed-off-by: Joby Poriyath +Reviewed-by: Andrew Cooper +Acked-by: Ian Campbell +Cc: george.dunlap@citrix.com + +diff --git a/tools/pygrub/examples/rhel-7-beta.grub2 b/tools/pygrub/examples/rhel-7-beta.grub2 +new file mode 100644 +index 0000000..88f0f99 +--- /dev/null ++++ b/tools/pygrub/examples/rhel-7-beta.grub2 +@@ -0,0 +1,118 @@ ++# ++# DO NOT EDIT THIS FILE ++# ++# It is automatically generated by grub2-mkconfig using templates ++# from /etc/grub.d and settings from /etc/default/grub ++# ++ ++### BEGIN /etc/grub.d/00_header ### ++set pager=1 ++ ++if [ -s $prefix/grubenv ]; then ++ load_env ++fi ++if [ "${next_entry}" ] ; then ++ set default="${next_entry}" ++ set next_entry= ++ save_env next_entry ++ set boot_once=true ++else ++ set default="${saved_entry}" ++fi ++ ++if [ x"${feature_menuentry_id}" = xy ]; then ++ menuentry_id_option="--id" ++else ++ menuentry_id_option="" ++fi ++ ++export menuentry_id_option ++ ++if [ "${prev_saved_entry}" ]; then ++ set saved_entry="${prev_saved_entry}" ++ save_env saved_entry ++ set prev_saved_entry= ++ save_env prev_saved_entry ++ set boot_once=true ++fi ++ ++function savedefault { ++ if [ -z "${boot_once}" ]; then ++ saved_entry="${chosen}" ++ save_env saved_entry ++ fi ++} ++ ++function load_video { ++ if [ x$feature_all_video_module = xy ]; then ++ insmod all_video ++ else ++ insmod efi_gop ++ insmod efi_uga ++ insmod ieee1275_fb ++ insmod vbe ++ insmod vga ++ insmod video_bochs ++ insmod video_cirrus ++ fi ++} ++ ++terminal_output console ++set timeout=5 ++### END /etc/grub.d/00_header ### ++ ++### BEGIN /etc/grub.d/10_linux ### ++menuentry 'Red Hat Enterprise Linux Everything, with Linux 3.10.0-54.0.1.el7.x86_64' --class red --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.10.0-54.0.1.el7.x86_64-advanced-d23b8b49-4cfe-4900-8ef1-ec80bc633163' { ++ load_video ++ set gfxpayload=keep ++ insmod gzio ++ insmod part_msdos ++ insmod xfs ++ set root='hd0,msdos1' ++ if [ x$feature_platform_search_hint = xy ]; then ++ search --no-floppy --fs-uuid --set=root --hint='hd0,msdos1' 89ffef78-82b3-457c-bc57-42cccc373851 ++ else ++ search --no-floppy --fs-uuid --set=root 89ffef78-82b3-457c-bc57-42cccc373851 ++ fi ++ linux16 /vmlinuz-3.10.0-54.0.1.el7.x86_64 root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/swap vconsole.keymap=uk crashkernel=auto rd.lvm.lv=rhel/root vconsole.font=latarcyrheb-sun16 LANG=en_GB.UTF-8 ++ initrd16 /initramfs-3.10.0-54.0.1.el7.x86_64.img ++} ++menuentry 'Red Hat Enterprise Linux Everything, with Linux 0-rescue-af34f0b8cf364cdbbe6d093f8228a37f' --class red --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-0-rescue-af34f0b8cf364cdbbe6d093f8228a37f-advanced-d23b8b49-4cfe-4900-8ef1-ec80bc633163' { ++ load_video ++ insmod gzio ++ insmod part_msdos ++ insmod xfs ++ set root='hd0,msdos1' ++ if [ x$feature_platform_search_hint = xy ]; then ++ search --no-floppy --fs-uuid --set=root --hint='hd0,msdos1' 89ffef78-82b3-457c-bc57-42cccc373851 ++ else ++ search --no-floppy --fs-uuid --set=root 89ffef78-82b3-457c-bc57-42cccc373851 ++ fi ++ linux16 /vmlinuz-0-rescue-af34f0b8cf364cdbbe6d093f8228a37f root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/swap vconsole.keymap=uk crashkernel=auto rd.lvm.lv=rhel/root vconsole.font=latarcyrheb-sun16 ++ initrd16 /initramfs-0-rescue-af34f0b8cf364cdbbe6d093f8228a37f.img ++} ++ ++### END /etc/grub.d/10_linux ### ++ ++### BEGIN /etc/grub.d/20_linux_xen ### ++### END /etc/grub.d/20_linux_xen ### ++ ++### BEGIN /etc/grub.d/20_ppc_terminfo ### ++### END /etc/grub.d/20_ppc_terminfo ### ++ ++### BEGIN /etc/grub.d/30_os-prober ### ++### END /etc/grub.d/30_os-prober ### ++ ++### BEGIN /etc/grub.d/40_custom ### ++# This file provides an easy way to add custom menu entries. Simply type the ++# menu entries you want to add after this comment. Be careful not to change ++# the 'exec tail' line above. ++### END /etc/grub.d/40_custom ### ++ ++### BEGIN /etc/grub.d/41_custom ### ++if [ -f ${config_directory}/custom.cfg ]; then ++ source ${config_directory}/custom.cfg ++elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then ++ source $prefix/custom.cfg; ++fi ++### END /etc/grub.d/41_custom ### +diff --git a/tools/pygrub/src/GrubConf.py b/tools/pygrub/src/GrubConf.py +index cb853c9..974cded 100644 +--- a/tools/pygrub/src/GrubConf.py ++++ b/tools/pygrub/src/GrubConf.py +@@ -348,7 +348,9 @@ class Grub2Image(_GrubImage): + + commands = {'set:root': 'root', + 'linux': 'kernel', ++ 'linux16': 'kernel', + 'initrd': 'initrd', ++ 'initrd16': 'initrd', + 'echo': None, + 'insmod': None, + 'search': None} +@@ -394,7 +396,7 @@ class Grub2ConfigFile(_GrubConfigFile): + continue + + # new image +- title_match = re.match('^menuentry ["\'](.*)["\'] (.*){', l) ++ title_match = re.match('^menuentry ["\'](.*?)["\'] (.*){', l) + if title_match: + if img is not None: + raise RuntimeError, "syntax error: cannot nest menuentry (%d %s)" % (len(img),img) diff --git a/53299d8f-xenconsole-reset-tty-on-failure.patch b/53299d8f-xenconsole-reset-tty-on-failure.patch new file mode 100644 index 0000000..be70997 --- /dev/null +++ b/53299d8f-xenconsole-reset-tty-on-failure.patch @@ -0,0 +1,54 @@ +Subject: tools/console: reset tty when xenconsole fails +From: Ian Jackson ian.jackson@eu.citrix.com Mon Feb 24 15:16:19 2014 +0000 +Date: Wed Mar 19 13:37:19 2014 +0000: +Git: 111931f36885874103d65685ab15ea3d25d93da7 + +If xenconsole (the client program) fails, it calls err. This would +previously neglect to reset the user's terminal to sanity. Use atexit +to do so. + +This routinely happens in Xen 4.4 RC5 with pygrub because libxl +writes the value "" to the tty xenstore key when using xenconsole. +After this patch this just results in a harmless error message. + +Reported-by: M A Young +Signed-off-by: Ian Jackson +CC: M A Young +CC: Ian Campbell +Acked-by: George Dunlap +Acked-by: Ian Campbell + +--- +v2: Fix whitespace error (reintroduce hard tab) + Fix commit message not to claim ignorance about root cause + +Index: xen-4.4.0-testing/tools/console/client/main.c +=================================================================== +--- xen-4.4.0-testing.orig/tools/console/client/main.c ++++ xen-4.4.0-testing/tools/console/client/main.c +@@ -258,6 +258,13 @@ typedef enum { + CONSOLE_SERIAL, + } console_type; + ++static struct termios stdin_old_attr; ++ ++static void restore_term_stdin(void) ++{ ++ restore_term(STDIN_FILENO, &stdin_old_attr); ++} ++ + int main(int argc, char **argv) + { + struct termios attr; +@@ -384,9 +391,9 @@ int main(int argc, char **argv) + } + + init_term(spty, &attr); +- init_term(STDIN_FILENO, &attr); ++ init_term(STDIN_FILENO, &stdin_old_attr); ++ atexit(restore_term_stdin); /* if this fails, oh dear */ + console_loop(spty, xs, path); +- restore_term(STDIN_FILENO, &attr); + + free(path); + free(dom_path); diff --git a/53299d8f-xenconsole-tolerate-tty-errors.patch b/53299d8f-xenconsole-tolerate-tty-errors.patch new file mode 100644 index 0000000..0406c8c --- /dev/null +++ b/53299d8f-xenconsole-tolerate-tty-errors.patch @@ -0,0 +1,49 @@ +Subject: tools/console: xenconsole tolerate tty errors +From: Ian Jackson ian.jackson@eu.citrix.com Thu Feb 27 17:46:49 2014 +0000 +Date: Wed Mar 19 13:37:19 2014 +0000: +Git: 39ba2989b10b6a1852e253b204eb010f8e7026f1 + +Since 28d386fc4341 (XSA-57), libxl writes an empty value for the +console tty node, with read-only permission for the guest, when +setting up pv console "frontends". (The actual tty value is later set +by xenconsoled.) Writing an empty node is not strictly necessary to +stop the frontend from writing dangerous values here, but it is a good +belt-and-braces approach. + +Unfortunately this confuses xenconsole. It reads the empty value, and +tries to open it as the tty. xenconsole then exits. + +Fix this by having xenconsole treat an empty value the same way as no +value at all. + +Also, make the error opening the tty be nonfatal: we just print a +warning, but do not exit. I think this is helpful in theoretical +situations where xenconsole is racing with libxl and/or xenconsoled. + +Signed-off-by: Ian Jackson +Acked-by: Ian Campbell +CC: George Dunlap + +--- +v2: Combine two conditions and move the free + +Index: xen-4.4.0-testing/tools/console/client/main.c +=================================================================== +--- xen-4.4.0-testing.orig/tools/console/client/main.c ++++ xen-4.4.0-testing/tools/console/client/main.c +@@ -115,12 +115,12 @@ static int get_pty_fd(struct xs_handle * + /* We only watch for one thing, so no need to + * disambiguate: just read the pty path */ + pty_path = xs_read(xs, XBT_NULL, path, &len); +- if (pty_path != NULL) { ++ if (pty_path != NULL && pty_path[0] != '\0') { + pty_fd = open(pty_path, O_RDWR | O_NOCTTY); + if (pty_fd == -1) +- err(errno, "Could not open tty `%s'", pty_path); +- free(pty_path); ++ warn("Could not open tty `%s'", pty_path); + } ++ free(pty_path); + } + } while (pty_fd == -1 && (now = time(NULL)) < start + seconds); + diff --git a/532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch b/532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch new file mode 100644 index 0000000..e21750e --- /dev/null +++ b/532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch @@ -0,0 +1,57 @@ +# Commit b3d2f8b2cba9fce5bc8995612d0d13fcefec7769 +# Date 2014-03-24 10:48:03 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86: fix determination of bit count for struct domain allocations + +We can't just add in the hole shift value, as the hole may be at or +above the 44-bit boundary. Instead we need to determine the total bit +count until reaching 32 significant (not squashed out) bits in PFN +representations. + +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser + +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -180,6 +180,28 @@ void dump_pageframe_info(struct domain * + spin_unlock(&d->page_alloc_lock); + } + ++/* ++ * The hole may be at or above the 44-bit boundary, so we need to determine ++ * the total bit count until reaching 32 significant (not squashed out) bits ++ * in PFN representations. ++ * Note that the way "bits" gets initialized/updated/bounds-checked guarantees ++ * that the function will never return zero, and hence will never be called ++ * more than once (which is important due to it being deliberately placed in ++ * .init.text). ++ */ ++static unsigned int __init noinline _domain_struct_bits(void) ++{ ++ unsigned int bits = 32 + PAGE_SHIFT; ++ unsigned int sig = hweight32(~pfn_hole_mask); ++ unsigned int mask = pfn_hole_mask >> 32; ++ ++ for ( ; bits < BITS_PER_LONG && sig < 32; ++bits, mask >>= 1 ) ++ if ( !(mask & 1) ) ++ ++sig; ++ ++ return bits; ++} ++ + struct domain *alloc_domain_struct(void) + { + struct domain *d; +@@ -187,7 +209,10 @@ struct domain *alloc_domain_struct(void) + * We pack the PDX of the domain structure into a 32-bit field within + * the page_info structure. Hence the MEMF_bits() restriction. + */ +- unsigned int bits = 32 + PAGE_SHIFT + pfn_pdx_hole_shift; ++ static unsigned int __read_mostly bits; ++ ++ if ( unlikely(!bits) ) ++ bits = _domain_struct_bits(); + + BUILD_BUG_ON(sizeof(*d) > PAGE_SIZE); + d = alloc_xenheap_pages(0, MEMF_bits(bits)); diff --git a/xsa89.patch b/5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch similarity index 92% rename from xsa89.patch rename to 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch index 36d8b71..2d91aeb 100644 --- a/xsa89.patch +++ b/5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch @@ -1,9 +1,15 @@ +References: bnc#867910 CVE-2014-2599 XSA-89 + +# Commit 0fe53c4f279e1a8ef913e71ed000236d21ce96de +# Date 2014-03-25 15:23:57 +0100 +# Author Jan Beulich +# Committer Jan Beulich x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access() Processing up to 4G PFNs may take almost arbitrarily long, so preemption is needed here. -This is XSA-89. +This is CVE-2014-2599 / XSA-89. Signed-off-by: Jan Beulich Reviewed-by: Tim Deegan diff --git a/53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch b/53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch new file mode 100644 index 0000000..5942d61 --- /dev/null +++ b/53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch @@ -0,0 +1,141 @@ +# Commit ef437690af8b75e6758dce77af75a22b63982883 +# Date 2014-03-28 13:33:34 +0100 +# Author Jan Beulich +# Committer Jan Beulich +x86/HVM: correct CPUID leaf 80000008 handling + +CPUID[80000008].EAX[23:16] have been given the meaning of the guest +physical address restriction (in case it needs to be smaller than the +host's), hence we need to mirror that into vCPUID[80000008].EAX[7:0]. + +Enforce a lower limit at the same time, as well as a fixed value for +the virtual address bits, and zero for the guest physical address ones. + +In order for the vMTRR code to see these overrides we need to make it +call hvm_cpuid() instead of domain_cpuid(), which in turn requires +special casing (and relaxing) the controlling domain. + +This additionally should hide an ordering problem in the tools: Both +xend and xl appear to be restoring a guest from its image before +setting up the CPUID policy in the hypervisor, resulting in +domain_cpuid() returning all zeros and hence the check in +mtrr_var_range_msr_set() failing if the guest previously had more than +the minimum 36 physical address bits. + +Signed-off-by: Jan Beulich +Reviewed-by: Tim Deegan + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -2885,6 +2885,8 @@ void hvm_cpuid(unsigned int input, unsig + + switch ( input ) + { ++ unsigned int sub_leaf, _eax, _ebx, _ecx, _edx; ++ + case 0x1: + /* Fix up VLAPIC details. */ + *ebx &= 0x00FFFFFFu; +@@ -2918,8 +2920,6 @@ void hvm_cpuid(unsigned int input, unsig + *edx = v->vcpu_id * 2; + break; + case 0xd: +- { +- unsigned int sub_leaf, _eax, _ebx, _ecx, _edx; + /* EBX value of main leaf 0 depends on enabled xsave features */ + if ( count == 0 && v->arch.xcr0 ) + { +@@ -2936,7 +2936,7 @@ void hvm_cpuid(unsigned int input, unsig + } + } + break; +- } ++ + case 0x80000001: + /* We expose RDTSCP feature to guest only when + tsc_mode == TSC_MODE_DEFAULT and host_tsc_is_safe() returns 1 */ +@@ -2950,6 +2950,23 @@ void hvm_cpuid(unsigned int input, unsig + if ( !(hvm_pae_enabled(v) || hvm_long_mode_enabled(v)) ) + *edx &= ~cpufeat_mask(X86_FEATURE_PSE36); + break; ++ ++ case 0x80000008: ++ count = cpuid_eax(0x80000008); ++ count = (count >> 16) & 0xff ?: count & 0xff; ++ if ( (*eax & 0xff) > count ) ++ *eax = (*eax & ~0xff) | count; ++ ++ hvm_cpuid(1, NULL, NULL, NULL, &_edx); ++ count = _edx & (cpufeat_mask(X86_FEATURE_PAE) | ++ cpufeat_mask(X86_FEATURE_PSE36)) ? 36 : 32; ++ if ( (*eax & 0xff) < count ) ++ *eax = (*eax & ~0xff) | count; ++ ++ hvm_cpuid(0x80000001, NULL, NULL, NULL, &_edx); ++ *eax = (*eax & ~0xffff00) | (_edx & cpufeat_mask(X86_FEATURE_LM) ++ ? 0x3000 : 0x2000); ++ break; + } + } + +--- a/xen/arch/x86/hvm/mtrr.c ++++ b/xen/arch/x86/hvm/mtrr.c +@@ -145,7 +145,7 @@ bool_t is_var_mtrr_overlapped(struct mtr + + static int hvm_mtrr_pat_init(void) + { +- unsigned int i, j, phys_addr; ++ unsigned int i, j; + + memset(&mtrr_epat_tbl, INVALID_MEM_TYPE, sizeof(mtrr_epat_tbl)); + for ( i = 0; i < MTRR_NUM_TYPES; i++ ) +@@ -172,11 +172,7 @@ static int hvm_mtrr_pat_init(void) + } + } + +- phys_addr = 36; +- if ( cpuid_eax(0x80000000) >= 0x80000008 ) +- phys_addr = (uint8_t)cpuid_eax(0x80000008); +- +- size_or_mask = ~((1 << (phys_addr - PAGE_SHIFT)) - 1); ++ size_or_mask = ~((1 << (paddr_bits - PAGE_SHIFT)) - 1); + + return 0; + } +@@ -455,7 +451,7 @@ bool_t mtrr_fix_range_msr_set(struct mtr + bool_t mtrr_var_range_msr_set( + struct domain *d, struct mtrr_state *m, uint32_t msr, uint64_t msr_content) + { +- uint32_t index, type, phys_addr, eax, ebx, ecx, edx; ++ uint32_t index, type, phys_addr, eax; + uint64_t msr_mask; + uint64_t *var_range_base = (uint64_t*)m->var_ranges; + +@@ -468,16 +464,21 @@ bool_t mtrr_var_range_msr_set( + type == 4 || type == 5 || type == 6)) ) + return 0; + +- phys_addr = 36; +- domain_cpuid(d, 0x80000000, 0, &eax, &ebx, &ecx, &edx); +- if ( eax >= 0x80000008 ) ++ if ( d == current->domain ) + { +- domain_cpuid(d, 0x80000008, 0, &eax, &ebx, &ecx, &edx); +- phys_addr = (uint8_t)eax; ++ phys_addr = 36; ++ hvm_cpuid(0x80000000, &eax, NULL, NULL, NULL); ++ if ( eax >= 0x80000008 ) ++ { ++ hvm_cpuid(0x80000008, &eax, NULL, NULL, NULL); ++ phys_addr = (uint8_t)eax; ++ } + } ++ else ++ phys_addr = paddr_bits; + msr_mask = ~((((uint64_t)1) << phys_addr) - 1); + msr_mask |= (index & 1) ? 0x7ffUL : 0xf00UL; +- if ( unlikely(msr_content && (msr_content & msr_mask)) ) ++ if ( unlikely(msr_content & msr_mask) ) + { + HVM_DBG_LOG(DBG_LEVEL_MSR, "invalid msr content:%"PRIx64"\n", + msr_content); diff --git a/533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch b/533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch new file mode 100644 index 0000000..401a22f --- /dev/null +++ b/533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch @@ -0,0 +1,34 @@ +# Commit fce79f8ce91dc45f3a4d699ee67c49e6cbeb1197 +# Date 2014-04-01 16:49:18 +0200 +# Author Jan Beulich +# Committer Jan Beulich +VMX: fix PAT value seen by guest + +The XSA-60 fixes introduced a window during which the guest PAT gets +forced to all zeros. This shouldn't be visible to the guest. Therefore +we need to intercept PAT MSR accesses during that time period. + +Signed-off-by: Jan Beulich +Reviewed-by: Liu Jinsong + +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -984,6 +984,8 @@ static void vmx_handle_cd(struct vcpu *v + + vmx_get_guest_pat(v, pat); + vmx_set_guest_pat(v, uc_pat); ++ vmx_enable_intercept_for_msr(v, MSR_IA32_CR_PAT, ++ MSR_TYPE_R | MSR_TYPE_W); + + wbinvd(); /* flush possibly polluted cache */ + hvm_asid_flush_vcpu(v); /* invalidate memory type cached in TLB */ +@@ -993,6 +995,9 @@ static void vmx_handle_cd(struct vcpu *v + { + v->arch.hvm_vcpu.cache_mode = NORMAL_CACHE_MODE; + vmx_set_guest_pat(v, *pat); ++ if ( !iommu_enabled || iommu_snoop ) ++ vmx_disable_intercept_for_msr(v, MSR_IA32_CR_PAT, ++ MSR_TYPE_R | MSR_TYPE_W); + hvm_asid_flush_vcpu(v); /* no need to flush cache */ + } + } diff --git a/533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch b/533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch new file mode 100644 index 0000000..7f9d93d --- /dev/null +++ b/533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch @@ -0,0 +1,38 @@ +# Commit 088ee1d47b65d6bb92de61b404805f4ca92e3240 +# Date 2014-04-03 12:08:43 +0100 +# Author Jan Beulich +# Committer Tim Deegan +x86/mm: fix checks against max_mapped_pfn + +This value is an inclusive one, i.e. this fixes an off-by-one in memory +sharing and an off-by-two in shadow code. + +Signed-off-by: Jan Beulich +Reviewed-by: Tim Deegan + +--- a/xen/arch/x86/mm/mem_sharing.c ++++ b/xen/arch/x86/mm/mem_sharing.c +@@ -1268,8 +1268,8 @@ int relinquish_shared_pages(struct domai + return 0; + + p2m_lock(p2m); +- for (gfn = p2m->next_shared_gfn_to_relinquish; +- gfn < p2m->max_mapped_pfn; gfn++ ) ++ for ( gfn = p2m->next_shared_gfn_to_relinquish; ++ gfn <= p2m->max_mapped_pfn; gfn++ ) + { + p2m_access_t a; + p2m_type_t t; +--- a/xen/arch/x86/mm/shadow/common.c ++++ b/xen/arch/x86/mm/shadow/common.c +@@ -3489,9 +3489,7 @@ int shadow_track_dirty_vram(struct domai + struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram; + struct p2m_domain *p2m = p2m_get_hostp2m(d); + +- if (end_pfn < begin_pfn +- || begin_pfn > p2m->max_mapped_pfn +- || end_pfn >= p2m->max_mapped_pfn) ++ if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 ) + return -EINVAL; + + /* We perform p2m lookups, so lock the p2m upfront to avoid deadlock */ diff --git a/qemu-xen-upstream-megasas-buildtime.patch b/qemu-xen-upstream-megasas-buildtime.patch new file mode 100644 index 0000000..9a109c5 --- /dev/null +++ b/qemu-xen-upstream-megasas-buildtime.patch @@ -0,0 +1,21 @@ +Causes rebuilds. +Says rpmlint. +--- + tools/qemu-xen-dir-remote/hw/scsi/megasas.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +Index: xen-4.4.0-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c +=================================================================== +--- xen-4.4.0-testing.orig/tools/qemu-xen-dir-remote/hw/scsi/megasas.c ++++ xen-4.4.0-testing/tools/qemu-xen-dir-remote/hw/scsi/megasas.c +@@ -712,8 +712,8 @@ static int megasas_ctrl_get_info(Megasas + snprintf(info.package_version, 0x60, "%s-QEMU", QEMU_VERSION); + memcpy(info.image_component[0].name, "APP", 3); + memcpy(info.image_component[0].version, MEGASAS_VERSION "-QEMU", 9); +- memcpy(info.image_component[0].build_date, __DATE__, 11); +- memcpy(info.image_component[0].build_time, __TIME__, 8); ++ memcpy(info.image_component[0].build_date, "Apr 1 2014", 11); ++ memcpy(info.image_component[0].build_time, "12:34:56", 8); + info.image_component_count = 1; + if (pci_dev->has_rom) { + uint8_t biosver[32]; diff --git a/xen.changes b/xen.changes index 69aa134..9490a29 100644 --- a/xen.changes +++ b/xen.changes @@ -1,7 +1,45 @@ +------------------------------------------------------------------- +Wed Apr 9 08:07:03 MDT 2014 - carnold@suse.com + +- Upstream patches from Jan + 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch + 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch + 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch + +------------------------------------------------------------------- +Thu Apr 3 16:21:03 UTC 2014 - carnold@suse.com + +- bnc#862608 - SLES 11 SP3 vm-install should get RHEL 7 support + when released + 53206661-pygrub-support-linux16-and-initrd16.patch +- Upstream bug fixes + 53299d8f-xenconsole-reset-tty-on-failure.patch + 53299d8f-xenconsole-tolerate-tty-errors.patch + ------------------------------------------------------------------- Thu Apr 3 16:21:03 UTC 2014 - dmueller@suse.com -- fix build for armv7l and aarch64 +- fix build for armv7l and aarch64 + +------------------------------------------------------------------- +Thu Apr 3 15:40:31 CEST 2014 - ohering@suse.de + +- Remove compiletime strings from qemu-upstream + qemu-xen-upstream-megasas-buildtime.patch + +------------------------------------------------------------------- +Wed Apr 2 08:47:27 MDT 2014 - carnold@suse.com + +- bnc#871546 - KMPs are not signed in SUSE:SLE-12:GA? + xen.spec + +------------------------------------------------------------------- +Tue Apr 1 08:14:29 MDT 2014 - carnold@suse.com + +- Upstream patches from Jan + 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch + 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch +- Drop xsa89.patch for upstream version (see bnc#867910, 5331917d-x86-enforce...) ------------------------------------------------------------------- Fri Mar 28 11:00:07 MDT 2014 - carnold@suse.com diff --git a/xen.spec b/xen.spec index c85ad5b..6035720 100644 --- a/xen.spec +++ b/xen.spec @@ -144,6 +144,7 @@ BuildRequires: glibc-devel-32bit BuildRequires: kernel-source BuildRequires: kernel-syms BuildRequires: module-init-tools +BuildRequires: pesign-obs-integration %if %suse_version >= 1230 BuildRequires: lndir %else @@ -151,7 +152,7 @@ BuildRequires: xorg-x11-util-devel %endif %endif -Version: 4.4.0_12 +Version: 4.4.0_13 Release: 0 PreReq: %insserv_prereq %fillup_prereq Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) @@ -222,11 +223,18 @@ Patch9: 531d8e09-x86-HVM-fix-memory-type-merging-in-epte_get_entry_emt.p Patch10: 531d8e34-x86-HVM-consolidate-passthrough-handling-in-epte_get_entry_emt.patch Patch11: 531d8fd0-kexec-identify-which-cpu-the-kexec-image-is-being-executed-on.patch Patch12: 531dc0e2-xmalloc-handle-correctly-page-allocation-when-align-size.patch -Patch13: 5321b20b-common-make-hypercall-preemption-checks-consistent.patch -Patch14: 5321b257-x86-make-hypercall-preemption-checks-consistent.patch -Patch15: 53271880-VT-d-fix-RMRR-handling.patch -Patch16: 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch -Patch17: xsa89.patch +Patch13: 53206661-pygrub-support-linux16-and-initrd16.patch +Patch14: 5321b20b-common-make-hypercall-preemption-checks-consistent.patch +Patch15: 5321b257-x86-make-hypercall-preemption-checks-consistent.patch +Patch16: 53271880-VT-d-fix-RMRR-handling.patch +Patch17: 5327190a-x86-Intel-work-around-Xeon-7400-series-erratum-AAI65.patch +Patch18: 53299d8f-xenconsole-reset-tty-on-failure.patch +Patch19: 53299d8f-xenconsole-tolerate-tty-errors.patch +Patch20: 532fff53-x86-fix-determination-of-bit-count-for-struct-domain-allocations.patch +Patch21: 5331917d-x86-enforce-preemption-in-HVM_set_mem_access-p2m_set_mem_access.patch +Patch22: 53356c1e-x86-HVM-correct-CPUID-leaf-80000008-handling.patch +Patch23: 533ad1ee-VMX-fix-PAT-value-seen-by-guest.patch +Patch24: 533d413b-x86-mm-fix-checks-against-max_mapped_pfn.patch # Upstream qemu Patch250: VNC-Support-for-ExtendedKeyEvent-client-message.patch Patch251: 0001-net-move-the-tap-buffer-into-TAPState.patch @@ -293,6 +301,7 @@ Patch385: xen_pvonhvm.xen_emul_unplug.patch Patch386: libxc-pass-errno-to-callers-of-xc_domain_save.patch Patch387: libxl.set-migration-constraints-from-cmdline.patch Patch388: libxl.honor-more-top-level-vfb-options.patch +Patch389: qemu-xen-upstream-megasas-buildtime.patch # Xend Patch400: xend-set-migration-constraints-from-cmdline.patch Patch402: xen.migrate.tools-xend_move_assert_to_exception_block.patch @@ -546,6 +555,7 @@ Authors: Summary: Xen para-virtual device drivers for fully virtualized guests Group: System/Kernel Conflicts: xen +Requires: pesign-obs-integration %description KMP Xen is a virtual machine monitor for x86 that supports execution of @@ -598,6 +608,13 @@ Authors: %patch15 -p1 %patch16 -p1 %patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 # Upstream qemu patches %patch250 -p1 %patch251 -p1 @@ -663,6 +680,7 @@ Authors: %patch386 -p1 %patch387 -p1 %patch388 -p1 +%patch389 -p1 # Xend %patch400 -p1 %patch402 -p1 @@ -807,6 +825,7 @@ export EXTRA_CFLAGS_QEMU_TRADITIONAL="$RPM_OPT_FLAGS" export EXTRA_CFLAGS_QEMU_XEN="$RPM_OPT_FLAGS" # EFI %if %{?with_dom0_support}0 +export BRP_PESIGN_FILES="*.ko *.efi /lib/firmware" make -C xen install \ %if %{?with_gcc47}0 CC=gcc-4.7 \ diff --git a/xen2libvirt.py b/xen2libvirt.py index aeeee9b..cc735db 100644 --- a/xen2libvirt.py +++ b/xen2libvirt.py @@ -1,113 +1,113 @@ -#!/usr/bin/env python -# -# Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library. If not, see -# . -# -# Authors: -# Jim Fehlig -# -# Read native Xen configuration format, convert to libvirt domXML, and -# import (virsh define ) into libvirt. - -import sys -import os -import argparse -import re - -try: - import libvirt -except ImportError: - print 'Unable to import the libvirt module. Is libvirt-python installed?' - sys.exit(1) - -parser = argparse.ArgumentParser(description='Import Xen domain configuration into libvirt') -parser.add_argument('-c', '--convert-only', help='Convert Xen domain configuration into libvirt domXML, but do not import into libvirt', action='store_true', dest='convert_only') -parser.add_argument('-r', '--recursive', help='Operate recursivelly on all Xen domain configuration rooted at path', action='store_true') -parser.add_argument('-f', '--format', help='Format of Xen domain configuration. Supported formats are xm and sexpr', choices=['xm', 'sexpr'], default=None) -parser.add_argument('-v', '--verbose', help='Print information about the import process', action='store_true') -parser.add_argument('path', help='Path to Xen domain configuration') - - -def print_verbose(msg): - if args.verbose: - print msg - - -def check_config(path, config): - isbinary = os.system('file -b ' + path + ' | grep text > /dev/null') - - if isbinary: - print 'File %s is not a text file containing Xen xm or sexpr configuration' - sys.exit(1) - - if config.find('\(domain'): - return 'sexpr' - return 'xm' - - -def import_domain(conn, path, format=None, convert_only=False): - - f = open(path, 'r') - config = f.read() - print_verbose('Xen domain configuration read from %s:\n %s' % (path, config)) - if format is None: - format = check_config(path, config) - - if format == 'sexpr': - print_verbose('scrubbing domin from configuration') - config = re.sub("\(domid [0-9]*\)", "", config) - print_verbose('scrubbed sexpr:\n %s' % config) - xml = conn.domainXMLFromNative('xen-sxpr', config, 0) - else: - # if format != sexpr, try xm - xml = conn.domainXMLFromNative('xen-xm', config, 0) - - f.close() - - print_verbose('Successfully converted Xen domain configuration to ' - 'libvirt domXML:\n %s' % xml) - if convert_only: - print xml - else: - print_verbose('Importing converted libvirt domXML into libvirt...') - dom = conn.defineXML(xml) - if dom is None: - print 'Failed to define domain from converted domXML' - sys.exit(1) - print_verbose('domXML successfully imported into libvirt') - - -args = parser.parse_args() -path = args.path - -# Connect to libvirt -conn = libvirt.open(None) -if conn is None: - print('Failed to open connection to the hypervisor') - sys.exit(1) - -if args.recursive: - try: - for root, dirs, files in os.walk(path): - for name in files: - abs_name = os.path.join(root, name) - print_verbose('Processing file %s' % abs_name) - import_domain(conn, abs_name, args.format, args.convert_only) - except IOError: - print('Failed to open/read path %s' % path) - sys.exit(1) -else: - import_domain(conn, args.path, args.format, args.convert_only) +#!/usr/bin/env python +# +# Copyright (C) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library. If not, see +# . +# +# Authors: +# Jim Fehlig +# +# Read native Xen configuration format, convert to libvirt domXML, and +# import (virsh define ) into libvirt. + +import sys +import os +import argparse +import re + +try: + import libvirt +except ImportError: + print 'Unable to import the libvirt module. Is libvirt-python installed?' + sys.exit(1) + +parser = argparse.ArgumentParser(description='Import Xen domain configuration into libvirt') +parser.add_argument('-c', '--convert-only', help='Convert Xen domain configuration into libvirt domXML, but do not import into libvirt', action='store_true', dest='convert_only') +parser.add_argument('-r', '--recursive', help='Operate recursivelly on all Xen domain configuration rooted at path', action='store_true') +parser.add_argument('-f', '--format', help='Format of Xen domain configuration. Supported formats are xm and sexpr', choices=['xm', 'sexpr'], default=None) +parser.add_argument('-v', '--verbose', help='Print information about the import process', action='store_true') +parser.add_argument('path', help='Path to Xen domain configuration') + + +def print_verbose(msg): + if args.verbose: + print msg + + +def check_config(path, config): + isbinary = os.system('file -b ' + path + ' | grep text > /dev/null') + + if isbinary: + print 'File %s is not a text file containing Xen xm or sexpr configuration' + sys.exit(1) + + if config.find('\(domain'): + return 'sexpr' + return 'xm' + + +def import_domain(conn, path, format=None, convert_only=False): + + f = open(path, 'r') + config = f.read() + print_verbose('Xen domain configuration read from %s:\n %s' % (path, config)) + if format is None: + format = check_config(path, config) + + if format == 'sexpr': + print_verbose('scrubbing domin from configuration') + config = re.sub("\(domid [0-9]*\)", "", config) + print_verbose('scrubbed sexpr:\n %s' % config) + xml = conn.domainXMLFromNative('xen-sxpr', config, 0) + else: + # if format != sexpr, try xm + xml = conn.domainXMLFromNative('xen-xm', config, 0) + + f.close() + + print_verbose('Successfully converted Xen domain configuration to ' + 'libvirt domXML:\n %s' % xml) + if convert_only: + print xml + else: + print_verbose('Importing converted libvirt domXML into libvirt...') + dom = conn.defineXML(xml) + if dom is None: + print 'Failed to define domain from converted domXML' + sys.exit(1) + print_verbose('domXML successfully imported into libvirt') + + +args = parser.parse_args() +path = args.path + +# Connect to libvirt +conn = libvirt.open(None) +if conn is None: + print('Failed to open connection to the hypervisor') + sys.exit(1) + +if args.recursive: + try: + for root, dirs, files in os.walk(path): + for name in files: + abs_name = os.path.join(root, name) + print_verbose('Processing file %s' % abs_name) + import_domain(conn, abs_name, args.format, args.convert_only) + except IOError: + print('Failed to open/read path %s' % path) + sys.exit(1) +else: + import_domain(conn, args.path, args.format, args.convert_only) diff --git a/xenconsole-no-multiple-connections.patch b/xenconsole-no-multiple-connections.patch index 03d6701..c9a74a9 100644 --- a/xenconsole-no-multiple-connections.patch +++ b/xenconsole-no-multiple-connections.patch @@ -10,16 +10,18 @@ Index: xen-4.4.0-testing/tools/console/client/main.c fd_set watch_fdset; int xs_fd = xs_fileno(xs), pty_fd = -1; int start, now; -@@ -119,6 +120,12 @@ static int get_pty_fd(struct xs_handle * +@@ -119,6 +120,14 @@ static int get_pty_fd(struct xs_handle * pty_fd = open(pty_path, O_RDWR | O_NOCTTY); if (pty_fd == -1) - err(errno, "Could not open tty `%s'", pty_path); -+ memset(&lock, 0, sizeof(lock)); -+ lock.l_type = F_WRLCK; -+ lock.l_whence = SEEK_SET; -+ if (fcntl(pty_fd, F_SETLK, &lock) != 0) -+ err(errno, "Could not lock tty '%s'", -+ pty_path); - free(pty_path); + warn("Could not open tty `%s'", pty_path); ++ else { ++ memset(&lock, 0, sizeof(lock)); ++ lock.l_type = F_WRLCK; ++ lock.l_whence = SEEK_SET; ++ if (fcntl(pty_fd, F_SETLK, &lock) != 0) ++ err(errno, "Could not lock tty '%s'", ++ pty_path); ++ } } + free(pty_path); }