diff --git a/19614-x86-emul-lldt-ltr.patch b/19614-x86-emul-lldt-ltr.patch new file mode 100644 index 0000000..bf7e8da --- /dev/null +++ b/19614-x86-emul-lldt-ltr.patch @@ -0,0 +1,106 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250693891 -3600 +# Node ID bea861fb0f20671d41e467557bfdffb67b42f5e7 +# Parent aa9f0b39c021f9c6e2c5cdb225564dd554a727f5 +x86_emulate: Emulate LLDT and LTR instructions. + +Signed-off-by: Keir Fraser +xen-unstable changeset: 19614:e421fd04e150 +xen-unstable date: Tue May 19 02:09:36 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +@@ -172,7 +172,7 @@ static uint8_t opcode_table[256] = { + + static uint8_t twobyte_table[256] = { + /* 0x00 - 0x07 */ +- 0, ImplicitOps|ModRM, 0, 0, 0, 0, ImplicitOps, 0, ++ SrcMem16|ModRM, ImplicitOps|ModRM, 0, 0, 0, 0, ImplicitOps, 0, + /* 0x08 - 0x0F */ + ImplicitOps, ImplicitOps, 0, 0, 0, ImplicitOps|ModRM, 0, 0, + /* 0x10 - 0x17 */ +@@ -971,8 +971,8 @@ protmode_load_seg( + struct { uint32_t a, b; } desc; + unsigned long val; + uint8_t dpl, rpl, cpl; +- uint32_t new_desc_b; +- int rc, fault_type = EXC_TS; ++ uint32_t new_desc_b, a_flag = 0x100; ++ int rc, fault_type = EXC_GP; + + /* NULL selector? */ + if ( (sel & 0xfffc) == 0 ) +@@ -983,8 +983,8 @@ protmode_load_seg( + return ops->write_segment(seg, &segr, ctxt); + } + +- /* LDT descriptor must be in the GDT. */ +- if ( (seg == x86_seg_ldtr) && (sel & 4) ) ++ /* System segment descriptors must reside in the GDT. */ ++ if ( !is_x86_user_segment(seg) && (sel & 4) ) + goto raise_exn; + + if ( (rc = ops->read_segment(x86_seg_ss, &ss, ctxt)) || +@@ -1013,8 +1013,8 @@ protmode_load_seg( + goto raise_exn; + } + +- /* LDT descriptor is a system segment. All others are code/data. */ +- if ( (desc.b & (1u<<12)) == ((seg == x86_seg_ldtr) << 12) ) ++ /* System segments must have the system flag (S) set. */ ++ if ( (desc.b & (1u<<12)) == (!is_x86_user_segment(seg) << 12) ) + goto raise_exn; + + dpl = (desc.b >> 13) & 3; +@@ -1043,6 +1043,12 @@ protmode_load_seg( + if ( (desc.b & (15u<<8)) != (2u<<8) ) + goto raise_exn; + goto skip_accessed_flag; ++ case x86_seg_tr: ++ /* Available TSS system segment? */ ++ if ( (desc.b & (15u<<8)) != (9u<<8) ) ++ goto raise_exn; ++ a_flag = 0x200; /* busy flag */ ++ break; + default: + /* Readable code or data segment? */ + if ( (desc.b & (5u<<9)) == (4u<<9) ) +@@ -1055,8 +1061,8 @@ protmode_load_seg( + } + + /* Ensure Accessed flag is set. */ +- new_desc_b = desc.b | 0x100; +- rc = ((desc.b & 0x100) ? X86EMUL_OKAY : ++ new_desc_b = desc.b | a_flag; ++ rc = ((desc.b & a_flag) ? X86EMUL_OKAY : + ops->cmpxchg( + x86_seg_none, desctab.base + (sel & 0xfff8) + 4, + &desc.b, &new_desc_b, 4, ctxt)); +@@ -1066,7 +1072,7 @@ protmode_load_seg( + return rc; + + /* Force the Accessed flag in our local copy. */ +- desc.b |= 0x100; ++ desc.b |= a_flag; + + skip_accessed_flag: + segr.base = (((desc.b << 0) & 0xff000000u) | +@@ -3440,6 +3446,15 @@ x86_emulate( + twobyte_insn: + switch ( b ) + { ++ case 0x00: /* Grp6 */ ++ fail_if((modrm_reg & 6) != 2); ++ generate_exception_if(!in_protmode(ctxt, ops), EXC_UD, -1); ++ generate_exception_if(!mode_ring0(), EXC_GP, 0); ++ if ( (rc = load_seg((modrm_reg & 1) ? x86_seg_tr : x86_seg_ldtr, ++ src.val, ctxt, ops)) != 0 ) ++ goto done; ++ break; ++ + case 0x01: /* Grp7 */ { + struct segment_register reg; + unsigned long base, limit, cr0, cr0w; diff --git a/20013-xend-memleak.patch b/20013-xend-memleak.patch index 8555113..1036da6 100644 --- a/20013-xend-memleak.patch +++ b/20013-xend-memleak.patch @@ -18,10 +18,11 @@ free these objects. Signed-off-by: juergen.gross@ts.fujitsu.com -diff -r 3242351f9c67 -r e41d42ef4cd2 tools/python/xen/xend/XendStateStore.py ---- a/tools/python/xen/xend/XendStateStore.py Wed Aug 05 12:03:53 2009 +0100 -+++ b/tools/python/xen/xend/XendStateStore.py Wed Aug 05 12:04:39 2009 +0100 -@@ -147,6 +147,7 @@ +Index: xen-3.4.1-testing/tools/python/xen/xend/XendStateStore.py +=================================================================== +--- xen-3.4.1-testing.orig/tools/python/xen/xend/XendStateStore.py ++++ xen-3.4.1-testing/tools/python/xen/xend/XendStateStore.py +@@ -147,6 +147,7 @@ class XendStateStore: cls_dict[val_name] = bool(int(val_text)) state[uuid] = cls_dict @@ -29,7 +30,7 @@ diff -r 3242351f9c67 -r e41d42ef4cd2 tools/python/xen/xend/XendStateStore.py return state def save_state(self, cls, state): -@@ -226,5 +227,5 @@ +@@ -226,5 +227,5 @@ class XendStateStore: node.appendChild(val_node) open(xml_path, 'w').write(doc.toprettyxml()) diff --git a/20031-x86-pmode-load-seg-retry.patch b/20031-x86-pmode-load-seg-retry.patch new file mode 100644 index 0000000..4fa9cb8 --- /dev/null +++ b/20031-x86-pmode-load-seg-retry.patch @@ -0,0 +1,161 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250693923 -3600 +# Node ID 44d852862374dff2e734070ac60399f6875f6cd5 +# Parent bea861fb0f20671d41e467557bfdffb67b42f5e7 +x86_emulate: Remove cmpxchg retry loop from protmode_load_seg(). + +It is safer to retry in a loop via the caller. + +Signed-off-by: Keir Fraser +xen-unstable changeset: 20031:34bdb5a29963 +xen-unstable date: Thu Aug 06 09:54:22 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +@@ -996,79 +996,75 @@ protmode_load_seg( + if ( ((sel & 0xfff8) + 7) > desctab.limit ) + goto raise_exn; + +- do { +- if ( (rc = read_ulong(x86_seg_none, desctab.base + (sel & 0xfff8), +- &val, 4, ctxt, ops)) ) +- return rc; +- desc.a = val; +- if ( (rc = read_ulong(x86_seg_none, desctab.base + (sel & 0xfff8) + 4, +- &val, 4, ctxt, ops)) ) +- return rc; +- desc.b = val; ++ if ( (rc = read_ulong(x86_seg_none, desctab.base + (sel & 0xfff8), ++ &val, 4, ctxt, ops)) ) ++ return rc; ++ desc.a = val; ++ if ( (rc = read_ulong(x86_seg_none, desctab.base + (sel & 0xfff8) + 4, ++ &val, 4, ctxt, ops)) ) ++ return rc; ++ desc.b = val; + +- /* Segment present in memory? */ +- if ( !(desc.b & (1u<<15)) ) +- { +- fault_type = EXC_NP; +- goto raise_exn; +- } ++ /* Segment present in memory? */ ++ if ( !(desc.b & (1u<<15)) ) ++ { ++ fault_type = EXC_NP; ++ goto raise_exn; ++ } + +- /* System segments must have the system flag (S) set. */ +- if ( (desc.b & (1u<<12)) == (!is_x86_user_segment(seg) << 12) ) +- goto raise_exn; ++ /* System segments must have the system flag (S) set. */ ++ if ( (desc.b & (1u<<12)) == (!is_x86_user_segment(seg) << 12) ) ++ goto raise_exn; + +- dpl = (desc.b >> 13) & 3; +- rpl = sel & 3; +- cpl = ss.attr.fields.dpl; +- +- switch ( seg ) +- { +- case x86_seg_cs: +- /* Code segment? */ +- if ( !(desc.b & (1u<<11)) ) +- goto raise_exn; +- /* Non-conforming segment: check DPL against RPL. */ +- if ( ((desc.b & (6u<<9)) != (6u<<9)) && (dpl != rpl) ) +- goto raise_exn; +- break; +- case x86_seg_ss: +- /* Writable data segment? */ +- if ( (desc.b & (5u<<9)) != (1u<<9) ) +- goto raise_exn; +- if ( (dpl != cpl) || (dpl != rpl) ) +- goto raise_exn; +- break; +- case x86_seg_ldtr: +- /* LDT system segment? */ +- if ( (desc.b & (15u<<8)) != (2u<<8) ) +- goto raise_exn; +- goto skip_accessed_flag; +- case x86_seg_tr: +- /* Available TSS system segment? */ +- if ( (desc.b & (15u<<8)) != (9u<<8) ) +- goto raise_exn; +- a_flag = 0x200; /* busy flag */ +- break; +- default: +- /* Readable code or data segment? */ +- if ( (desc.b & (5u<<9)) == (4u<<9) ) +- goto raise_exn; +- /* Non-conforming segment: check DPL against RPL and CPL. */ +- if ( ((desc.b & (6u<<9)) != (6u<<9)) && +- ((dpl < cpl) || (dpl < rpl)) ) +- goto raise_exn; +- break; +- } ++ dpl = (desc.b >> 13) & 3; ++ rpl = sel & 3; ++ cpl = ss.attr.fields.dpl; + +- /* Ensure Accessed flag is set. */ +- new_desc_b = desc.b | a_flag; +- rc = ((desc.b & a_flag) ? X86EMUL_OKAY : +- ops->cmpxchg( +- x86_seg_none, desctab.base + (sel & 0xfff8) + 4, +- &desc.b, &new_desc_b, 4, ctxt)); +- } while ( rc == X86EMUL_CMPXCHG_FAILED ); ++ switch ( seg ) ++ { ++ case x86_seg_cs: ++ /* Code segment? */ ++ if ( !(desc.b & (1u<<11)) ) ++ goto raise_exn; ++ /* Non-conforming segment: check DPL against RPL. */ ++ if ( ((desc.b & (6u<<9)) != (6u<<9)) && (dpl != rpl) ) ++ goto raise_exn; ++ break; ++ case x86_seg_ss: ++ /* Writable data segment? */ ++ if ( (desc.b & (5u<<9)) != (1u<<9) ) ++ goto raise_exn; ++ if ( (dpl != cpl) || (dpl != rpl) ) ++ goto raise_exn; ++ break; ++ case x86_seg_ldtr: ++ /* LDT system segment? */ ++ if ( (desc.b & (15u<<8)) != (2u<<8) ) ++ goto raise_exn; ++ goto skip_accessed_flag; ++ case x86_seg_tr: ++ /* Available TSS system segment? */ ++ if ( (desc.b & (15u<<8)) != (9u<<8) ) ++ goto raise_exn; ++ a_flag = 0x200; /* busy flag */ ++ break; ++ default: ++ /* Readable code or data segment? */ ++ if ( (desc.b & (5u<<9)) == (4u<<9) ) ++ goto raise_exn; ++ /* Non-conforming segment: check DPL against RPL and CPL. */ ++ if ( ((desc.b & (6u<<9)) != (6u<<9)) && ++ ((dpl < cpl) || (dpl < rpl)) ) ++ goto raise_exn; ++ break; ++ } + +- if ( rc ) ++ /* Ensure Accessed flag is set. */ ++ new_desc_b = desc.b | a_flag; ++ if ( !(desc.b & a_flag) && ++ ((rc = ops->cmpxchg( ++ x86_seg_none, desctab.base + (sel & 0xfff8) + 4, ++ &desc.b, &new_desc_b, 4, ctxt)) != 0) ) + return rc; + + /* Force the Accessed flag in our local copy. */ diff --git a/20035-x86-load-sreg-adjust.patch b/20035-x86-load-sreg-adjust.patch new file mode 100644 index 0000000..b19dcd2 --- /dev/null +++ b/20035-x86-load-sreg-adjust.patch @@ -0,0 +1,35 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250694095 -3600 +# Node ID 090e394202d0bb0089abc5e5276ed7fda283567d +# Parent daf1ff2c7dbd59b2ab31e6427be58ffdc14e10fd +x86_emulate: Fixes for 'mov rm16,sreg' + +1. Memory reads should be 16 bits only +2. Attempt to load %cs should result in #UD + +Signed-off-by: Keir Fraser +xen-unstable changeset: 20035:3fe64f43944f +xen-unstable date: Fri Aug 07 10:53:22 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +@@ -113,7 +113,7 @@ static uint8_t opcode_table[256] = { + ByteOp|DstMem|SrcReg|ModRM|Mov, DstMem|SrcReg|ModRM|Mov, + ByteOp|DstReg|SrcMem|ModRM|Mov, DstReg|SrcMem|ModRM|Mov, + DstMem|SrcReg|ModRM|Mov, DstReg|SrcNone|ModRM, +- DstReg|SrcMem|ModRM|Mov, DstMem|SrcNone|ModRM|Mov, ++ DstReg|SrcMem16|ModRM|Mov, DstMem|SrcNone|ModRM|Mov, + /* 0x90 - 0x97 */ + ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps, + ImplicitOps, ImplicitOps, ImplicitOps, ImplicitOps, +@@ -2008,6 +2008,7 @@ x86_emulate( + case 0x8e: /* mov r/m,Sreg */ { + enum x86_segment seg = decode_segment(modrm_reg); + generate_exception_if(seg == decode_segment_failed, EXC_UD, -1); ++ generate_exception_if(seg == x86_seg_cs, EXC_UD, -1); + if ( (rc = load_seg(seg, (uint16_t)src.val, ctxt, ops)) != 0 ) + goto done; + if ( seg == x86_seg_ss ) diff --git a/20059-vmx-nmi-handling.patch b/20059-vmx-nmi-handling.patch new file mode 100644 index 0000000..db4e5cc --- /dev/null +++ b/20059-vmx-nmi-handling.patch @@ -0,0 +1,77 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250696034 -3600 +# Node ID 4af92eee8be497964912cda863c956691b3a3f89 +# Parent 2d6c4cc6a2a9e48218fe31d443f8937a3a88bf3f +VMX: issue an NMI rather than just calling the NMI handler +when the VMEXIT code indicates that an NMI has been raised. +Otherwise we might hit a real NMI while in the handler. + +Signed-off-by: Tim Deegan +xen-unstable changeset: 20059:76a65bf2aa4d +xen-unstable date: Fri Aug 14 10:58:32 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/hvm/vmx/vmx.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/hvm/vmx/vmx.c ++++ xen-3.4.1-testing/xen/arch/x86/hvm/vmx/vmx.c +@@ -936,8 +936,6 @@ static void vmx_set_tsc_offset(struct vc + vmx_vmcs_exit(v); + } + +-void do_nmi(struct cpu_user_regs *); +- + static void vmx_init_hypercall_page(struct domain *d, void *hypercall_page) + { + char *p; +@@ -2416,7 +2414,7 @@ asmlinkage void vmx_vmexit_handler(struc + (X86_EVENTTYPE_NMI << 8) ) + goto exit_and_crash; + HVMTRACE_0D(NMI); +- do_nmi(regs); /* Real NMI, vector 2: normal processing. */ ++ self_nmi(); /* Real NMI, vector 2: normal processing. */ + break; + case TRAP_machine_check: + HVMTRACE_0D(MCE); +Index: xen-3.4.1-testing/xen/arch/x86/nmi.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/nmi.c ++++ xen-3.4.1-testing/xen/arch/x86/nmi.c +@@ -441,18 +441,21 @@ void nmi_watchdog_tick(struct cpu_user_r + * 8-3 and 8-4 in IA32 Reference Manual Volume 3. We send the IPI to + * our own APIC ID explicitly which is valid. + */ +-static void do_nmi_trigger(unsigned char key) ++void self_nmi(void) + { + u32 id = get_apic_id(); +- +- printk("Triggering NMI on APIC ID %x\n", id); +- + local_irq_disable(); + apic_wait_icr_idle(); + apic_icr_write(APIC_DM_NMI | APIC_DEST_PHYSICAL, id); + local_irq_enable(); + } + ++static void do_nmi_trigger(unsigned char key) ++{ ++ printk("Triggering NMI on APIC ID %x\n", get_apic_id()); ++ self_nmi(); ++} ++ + static void do_nmi_stats(unsigned char key) + { + int i; +Index: xen-3.4.1-testing/xen/include/asm-x86/apic.h +=================================================================== +--- xen-3.4.1-testing.orig/xen/include/asm-x86/apic.h ++++ xen-3.4.1-testing/xen/include/asm-x86/apic.h +@@ -196,6 +196,7 @@ extern void setup_secondary_APIC_clock ( + extern void setup_apic_nmi_watchdog (void); + extern int reserve_lapic_nmi(void); + extern void release_lapic_nmi(void); ++extern void self_nmi(void); + extern void disable_timer_nmi_watchdog(void); + extern void enable_timer_nmi_watchdog(void); + extern void nmi_watchdog_tick (struct cpu_user_regs *regs); diff --git a/20077-x86-runstate-cswitch-out.patch b/20077-x86-runstate-cswitch-out.patch new file mode 100644 index 0000000..94819c1 --- /dev/null +++ b/20077-x86-runstate-cswitch-out.patch @@ -0,0 +1,95 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250683301 -3600 +# Node ID 456b4ec002443227f6d97f79b213dc4b2d281f9e +# Parent 2b8b6ee95c939089a0a7182286c9a21f0acce8fe +x86: extend runstate area updates + +In order to give guests a hint at whether their vCPU-s are currently +scheduled (so they can e.g. adapt their behavior in spin loops), +update +the run state area (if registered) also when de-scheduling a vCPU. + +Also fix an oversight in the compat mode implementation of +VCPUOP_register_runstate_memory_area. + +Signed-off-by: Jan Beulich + +Index: xen-3.4.1-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/domain.c ++++ xen-3.4.1-testing/xen/arch/x86/domain.c +@@ -1219,6 +1219,26 @@ static void paravirt_ctxt_switch_to(stru + } + } + ++/* Update per-VCPU guest runstate shared memory area (if registered). */ ++static void update_runstate_area(struct vcpu *v) ++{ ++ if ( guest_handle_is_null(runstate_guest(v)) ) ++ return; ++ ++#ifdef CONFIG_COMPAT ++ if ( is_pv_32on64_domain(v->domain) ) ++ { ++ struct compat_vcpu_runstate_info info; ++ ++ XLAT_vcpu_runstate_info(&info, &v->runstate); ++ __copy_to_guest(v->runstate_guest.compat, &info, 1); ++ return; ++ } ++#endif ++ ++ __copy_to_guest(runstate_guest(v), &v->runstate, 1); ++} ++ + static inline int need_full_gdt(struct vcpu *v) + { + return (!is_hvm_vcpu(v) && !is_idle_vcpu(v)); +@@ -1311,6 +1331,9 @@ void context_switch(struct vcpu *prev, s + flush_tlb_mask(dirty_mask); + } + ++ if (prev != next) ++ update_runstate_area(prev); ++ + if ( is_hvm_vcpu(prev) && !list_empty(&prev->arch.hvm_vcpu.tm_list) ) + pt_save_timer(prev); + +@@ -1350,21 +1373,8 @@ void context_switch(struct vcpu *prev, s + + context_saved(prev); + +- /* Update per-VCPU guest runstate shared memory area (if registered). */ +- if ( !guest_handle_is_null(runstate_guest(next)) ) +- { +- if ( !is_pv_32on64_domain(next->domain) ) +- __copy_to_guest(runstate_guest(next), &next->runstate, 1); +-#ifdef CONFIG_COMPAT +- else +- { +- struct compat_vcpu_runstate_info info; +- +- XLAT_vcpu_runstate_info(&info, &next->runstate); +- __copy_to_guest(next->runstate_guest.compat, &info, 1); +- } +-#endif +- } ++ if (prev != next) ++ update_runstate_area(next); + + schedule_tail(next); + BUG(); +Index: xen-3.4.1-testing/xen/arch/x86/x86_64/domain.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_64/domain.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_64/domain.c +@@ -56,7 +56,7 @@ arch_compat_vcpu_op( + struct vcpu_runstate_info runstate; + + vcpu_runstate_get(v, &runstate); +- XLAT_vcpu_runstate_info(&info, &v->runstate); ++ XLAT_vcpu_runstate_info(&info, &runstate); + } + __copy_to_guest(v->runstate_guest.compat, &info, 1); + diff --git a/20078-x86_64-branch-emulation.patch b/20078-x86_64-branch-emulation.patch new file mode 100644 index 0000000..939c351 --- /dev/null +++ b/20078-x86_64-branch-emulation.patch @@ -0,0 +1,137 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250696281 -3600 +# Node ID 68ea3be8b6c14d6de5d7c87fc00e27a596d2a00d +# Parent ca4db4ff9101f51d89a3de9e756b8a2f90a2baf2 +x86-64: adjust emulation of control transfers + +While Intel and AMD implementations differ in various respects when +it comes to non-default operand sizes of control transfer instructions +and segment register loads (lfs, lgs, lss), it seems to make senss to +(a) match their behavior if they agree and (b) prefer the more +permissive behavior if they don't agree: + +- honor operand size overrides on near brances (AMD does, Intel + doesn't) +- honor operand size overrides on far branches (both Intel and AMD do) +- honor REX.W on far branches (Intel does, AMD doesn't except on far + returns) +- honor REX.W on lfs, lgs, and lss (Intel does, AMD doesn't) + +Also, do not permit emulation of pushing/popping segment registers +other than fs and gs as well as that of les and lds (the latter are +particularly important due to the re-use of the respective opcodes as +VEX prefixes in AVX). + +Signed-off-by: Jan Beulich +xen-unstable changeset: 20078:429ef4f4fe37 +xen-unstable date: Wed Aug 19 13:02:04 2009 +0100 + +Index: xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/x86_emulate/x86_emulate.c ++++ xen-3.4.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c +@@ -561,9 +561,10 @@ do { + do { \ + int _rel = (int)(rel); \ + _regs.eip += _rel; \ +- if ( !mode_64bit() ) \ +- _regs.eip = ((op_bytes == 2) \ +- ? (uint16_t)_regs.eip : (uint32_t)_regs.eip); \ ++ if ( op_bytes == 2 ) \ ++ _regs.eip = (uint16_t)_regs.eip; \ ++ else if ( !mode_64bit() ) \ ++ _regs.eip = (uint32_t)_regs.eip; \ + } while (0) + + struct fpu_insn_ctxt { +@@ -1614,6 +1615,7 @@ x86_emulate( + struct segment_register reg; + src.val = x86_seg_es; + push_seg: ++ generate_exception_if(mode_64bit() && !twobyte, EXC_UD, -1); + fail_if(ops->read_segment == NULL); + if ( (rc = ops->read_segment(src.val, ®, ctxt)) != 0 ) + return rc; +@@ -1629,6 +1631,7 @@ x86_emulate( + case 0x07: /* pop %%es */ + src.val = x86_seg_es; + pop_seg: ++ generate_exception_if(mode_64bit() && !twobyte, EXC_UD, -1); + fail_if(ops->write_segment == NULL); + /* 64-bit mode: POP defaults to a 64-bit operand. */ + if ( mode_64bit() && (op_bytes == 4) ) +@@ -2074,8 +2077,8 @@ x86_emulate( + uint16_t sel; + uint32_t eip; + +- fail_if(ops->read_segment == NULL); + generate_exception_if(mode_64bit(), EXC_UD, -1); ++ fail_if(ops->read_segment == NULL); + + eip = insn_fetch_bytes(op_bytes); + sel = insn_fetch_type(uint16_t); +@@ -2293,7 +2296,7 @@ x86_emulate( + case 0xc2: /* ret imm16 (near) */ + case 0xc3: /* ret (near) */ { + int offset = (b == 0xc2) ? insn_fetch_type(uint16_t) : 0; +- op_bytes = mode_64bit() ? 8 : op_bytes; ++ op_bytes = ((op_bytes == 4) && mode_64bit()) ? 8 : op_bytes; + if ( (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes + offset), + &dst.val, op_bytes, ctxt, ops)) != 0 ) + goto done; +@@ -2305,6 +2308,7 @@ x86_emulate( + unsigned long sel; + dst.val = x86_seg_es; + les: /* dst.val identifies the segment */ ++ generate_exception_if(mode_64bit() && !twobyte, EXC_UD, -1); + generate_exception_if(src.type != OP_MEM, EXC_UD, -1); + if ( (rc = read_ulong(src.mem.seg, src.mem.off + src.bytes, + &sel, 2, ctxt, ops)) != 0 ) +@@ -2379,7 +2383,6 @@ x86_emulate( + case 0xca: /* ret imm16 (far) */ + case 0xcb: /* ret (far) */ { + int offset = (b == 0xca) ? insn_fetch_type(uint16_t) : 0; +- op_bytes = mode_64bit() ? 8 : op_bytes; + if ( (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes), + &dst.val, op_bytes, ctxt, ops)) || + (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes + offset), +@@ -3032,17 +3035,17 @@ x86_emulate( + } + + case 0xe8: /* call (near) */ { +- int rel = (((op_bytes == 2) && !mode_64bit()) ++ int rel = ((op_bytes == 2) + ? (int32_t)insn_fetch_type(int16_t) + : insn_fetch_type(int32_t)); +- op_bytes = mode_64bit() ? 8 : op_bytes; ++ op_bytes = ((op_bytes == 4) && mode_64bit()) ? 8 : op_bytes; + src.val = _regs.eip; + jmp_rel(rel); + goto push; + } + + case 0xe9: /* jmp (near) */ { +- int rel = (((op_bytes == 2) && !mode_64bit()) ++ int rel = ((op_bytes == 2) + ? (int32_t)insn_fetch_type(int16_t) + : insn_fetch_type(int32_t)); + jmp_rel(rel); +@@ -3330,7 +3333,7 @@ x86_emulate( + break; + case 2: /* call (near) */ + case 4: /* jmp (near) */ +- if ( (dst.bytes != 8) && mode_64bit() ) ++ if ( (dst.bytes == 4) && mode_64bit() ) + { + dst.bytes = op_bytes = 8; + if ( dst.type == OP_REG ) +@@ -3683,7 +3686,7 @@ x86_emulate( + } + + case 0x80 ... 0x8f: /* jcc (near) */ { +- int rel = (((op_bytes == 2) && !mode_64bit()) ++ int rel = ((op_bytes == 2) + ? (int32_t)insn_fetch_type(int16_t) + : insn_fetch_type(int32_t)); + if ( test_cc(b, _regs.eflags) ) diff --git a/20101-hvm-no-compat-virt-start.patch b/20101-hvm-no-compat-virt-start.patch new file mode 100644 index 0000000..eee20f3 --- /dev/null +++ b/20101-hvm-no-compat-virt-start.patch @@ -0,0 +1,26 @@ +# HG changeset patch +# User Keir Fraser +# Date 1250789251 -3600 +# Node ID 100699877583818a54bc16360dfd5cf80daa5dc7 +# Parent 280fff79f7371981bb0bbda34205414fff14737e +x86_64 hvm: Adjust COMPAT_VIRT_START for 32-bit HVM guests. + +The PV limit should not apply as there is no M2P table mapped into an +HVM guest's virtual address space. + +Signed-off-by: Keir Fraser + +Index: xen-3.4.1-testing/xen/arch/x86/domain.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/domain.c ++++ xen-3.4.1-testing/xen/arch/x86/domain.c +@@ -428,7 +428,8 @@ int arch_domain_create(struct domain *d, + #endif /* __x86_64__ */ + + #ifdef CONFIG_COMPAT +- HYPERVISOR_COMPAT_VIRT_START(d) = __HYPERVISOR_COMPAT_VIRT_START; ++ HYPERVISOR_COMPAT_VIRT_START(d) = ++ is_hvm_domain(d) ? ~0u : __HYPERVISOR_COMPAT_VIRT_START; + #endif + + if ( (rc = paging_domain_init(d)) != 0 ) diff --git a/20112-x86-dom0-boot-run-timers.patch b/20112-x86-dom0-boot-run-timers.patch new file mode 100644 index 0000000..4ed864c --- /dev/null +++ b/20112-x86-dom0-boot-run-timers.patch @@ -0,0 +1,47 @@ +References: bnc#491081 +# HG changeset patch +# User Keir Fraser +# Date 1251097328 -3600 +# Node ID 7e194320394244bc5028881b498d2e01574086cd +# Parent 9189afa1f1e6939fcda5525e225843cfd2325c42 +x86: run timers when populating Dom0's P2M table + +When booting Dom0 with huge amounts of memory, and/or memory accesses +being sufficiently slow (due to NUMA effects), and the ACPI PM timer +or a high frequency HPET being used, the time it takes to populate the +M2P table may significantly exceed the overflow time of the platform +timer, screwing up time management to the point where Dom0 boot fails. + +Signed-off-by: Jan Beulich + +Index: xen-3.4.1-testing/xen/arch/x86/domain_build.c +=================================================================== +--- xen-3.4.1-testing.orig/xen/arch/x86/domain_build.c ++++ xen-3.4.1-testing/xen/arch/x86/domain_build.c +@@ -877,6 +877,8 @@ int __init construct_dom0( + else + ((unsigned int *)vphysmap_start)[pfn] = mfn; + set_gpfn_from_mfn(mfn, pfn); ++ if (!(pfn & 0xfffff)) ++ process_pending_timers(); + } + si->first_p2m_pfn = pfn; + si->nr_p2m_frames = d->tot_pages - count; +@@ -895,6 +897,8 @@ int __init construct_dom0( + #ifndef NDEBUG + ++alloc_epfn; + #endif ++ if (!(pfn & 0xfffff)) ++ process_pending_timers(); + } + } + BUG_ON(pfn != d->tot_pages); +@@ -915,6 +919,8 @@ int __init construct_dom0( + set_gpfn_from_mfn(mfn, pfn); + #undef pfn + page++; pfn++; ++ if (!(pfn & 0xfffff)) ++ process_pending_timers(); + } + } + diff --git a/xen.changes b/xen.changes index 57b1387..a09f056 100644 --- a/xen.changes +++ b/xen.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Mon Aug 24 10:31:36 MDT 2009 - carnold@novell.com + +- bnc#491081 - Xen time goes backwards x3950M2 + Patch for this bug plus additional upstream patches from Jan. + 19614-x86-emul-lldt-ltr.patch + 20026-ept-rwx-default.patch + 20031-x86-pmode-load-seg-retry.patch + 20035-x86-load-sreg-adjust.patch + 20059-vmx-nmi-handling.patch + 20077-x86-runstate-cswitch-out.patch + 20078-x86_64-branch-emulation.patch + 20101-hvm-no-compat-virt-start.patch + 20112-x86-dom0-boot-run-timers.patch + ------------------------------------------------------------------- Fri Aug 14 13:00:48 MDT 2009 - carnold@novell.com diff --git a/xen.spec b/xen.spec index 647c2c2..9822c7b 100644 --- a/xen.spec +++ b/xen.spec @@ -1,5 +1,5 @@ # -# spec file for package xen (Version 3.4.1_19718_01) +# spec file for package xen (Version 3.4.1_19718_02) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -37,8 +37,8 @@ BuildRequires: glibc-32bit glibc-devel-32bit %if %{?with_kmp}0 BuildRequires: kernel-source kernel-syms module-init-tools xorg-x11 %endif -Version: 3.4.1_19718_01 -Release: 2 +Version: 3.4.1_19718_02 +Release: 1 License: GPL v2 only Group: System/Kernel AutoReqProv: on @@ -70,7 +70,15 @@ Source24: xenapiusers # sysconfig hook script for Xen Source25: xen-updown.sh # Upstream patches -Patch0: 20013-xend-memleak.patch +Patch0: 19614-x86-emul-lldt-ltr.patch +Patch1: 20013-xend-memleak.patch +Patch2: 20031-x86-pmode-load-seg-retry.patch +Patch3: 20035-x86-load-sreg-adjust.patch +Patch4: 20059-vmx-nmi-handling.patch +Patch5: 20077-x86-runstate-cswitch-out.patch +Patch6: 20078-x86_64-branch-emulation.patch +Patch7: 20101-hvm-no-compat-virt-start.patch +Patch8: 20112-x86-dom0-boot-run-timers.patch # Our patches Patch100: xen-config.diff Patch101: xend-config.diff @@ -503,6 +511,14 @@ Authors: %prep %setup -q -n %xen_build_dir %patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %patch100 -p1 %patch101 -p1 %patch102 -p1