diff options
author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-06-13 00:49:50 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2014-06-13 00:49:50 -0300 |
commit | 4b04ad93cdb9aa776b68b7de7d2e36e275670822 (patch) | |
tree | 925af60d74e38ee4b7d3704353c575ff017f40d9 /kernels/xen | |
parent | 56d756a6b388c5f06fe2b27d3bb5eee72feac2aa (diff) | |
download | abslibre-4b04ad93cdb9aa776b68b7de7d2e36e275670822.tar.gz abslibre-4b04ad93cdb9aa776b68b7de7d2e36e275670822.tar.bz2 abslibre-4b04ad93cdb9aa776b68b7de7d2e36e275670822.zip |
xen-4.4.0-4: updating version
Diffstat (limited to 'kernels/xen')
-rw-r--r-- | kernels/xen/09_xen | 322 | ||||
-rw-r--r-- | kernels/xen/ChangeLog | 23 | ||||
-rw-r--r-- | kernels/xen/IVRS-debug.patch | 14 | ||||
-rw-r--r-- | kernels/xen/PKGBUILD | 137 | ||||
-rw-r--r-- | kernels/xen/TOM-register.patch | 187 | ||||
-rw-r--r-- | kernels/xen/bios_workaround.patch | 51 | ||||
-rw-r--r-- | kernels/xen/grub.conf | 1 | ||||
-rw-r--r-- | kernels/xen/localgcc490fix.patch | 114 | ||||
-rw-r--r-- | kernels/xen/pvh_pit_init.patch | 107 | ||||
-rw-r--r-- | kernels/xen/xen.install | 14 | ||||
-rw-r--r-- | kernels/xen/xendomains.patch | 108 | ||||
-rw-r--r-- | kernels/xen/xenstored.service | 1 | ||||
-rw-r--r-- | kernels/xen/xsa89.patch | 96 | ||||
-rw-r--r-- | kernels/xen/xsa92.patch | 36 |
14 files changed, 659 insertions, 552 deletions
diff --git a/kernels/xen/09_xen b/kernels/xen/09_xen index ddb20696f..c00d1ab96 100644 --- a/kernels/xen/09_xen +++ b/kernels/xen/09_xen @@ -1,141 +1,231 @@ -#! /bin/sh -e +#!/usr/bin/env bash + +## +## grub-mkconfig helper script specific to Parabola GNU/Linux-libre +## Contributed by "Keshav Amburay" <the ddoott ridikulus ddoott rat aatt geemmayil ddoott ccoomm> +## Rebranded for Parabola by "André Silva" <emulatorman@parabola.nu> +## Updated on 08 February 2014 +## +## Script based on do_grub_config() function in Arch Archboot ISO Installer/Setup script +## Some parts taken from /etc/grub.d/10_linux script shipped by GRUB(2) upstream +## +## This script can be freely distributed and/or modified +## under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This script is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +## Adapted for use with the xen package, to ensure feature comparity +## Modified by "David Sutton" <kantras - gmail com> + +_FUNC_GRUB_FILE_PRESENT() { + + [[ -z "${GRUB_PLATFORM}" ]] && GRUB_PLATFORM="x86" + + if [[ "${GRUB_PLATFORM}" == "x86" ]]; then + check="--is-x86-linux32" + elif [[ "${GRUB_PLATFORM}" == "i386-xen-pae" ]]; then + check="--is-i386-xen-pae-domu" + elif [[ "${GRUB_PLATFORM}" == "x86_64-xen" ]]; then + check="--is-x86_64-xen-domu" + else + check="--is-${GRUB_PLATFORM}-linux" + fi + + case "${GRUB_PLATFORM}" in + x86) + list="$(for i in "${GRUB_ROOT}"/boot/vmlinuz-linux* ; do + if grub_file_is_not_garbage "${i}" && "${grub_file}" ${check} "${i}" ; then echo -n "${i} " ; fi + done)" ;; + *) + list="$(for i in "${GRUB_ROOT}"/boot/vmlinuz-linux* ; do + if grub_file_is_not_garbage "${i}" && "${grub_file}" ${check} "${i}" ; then echo -n "${i} " ; fi + done)" ;; + esac +} -if [ -f /usr/share/grub/grub-mkconfig_lib ]; then - . /usr/share/grub/grub-mkconfig_lib -else - # no grub file, so we notify and exit gracefully - echo "Cannot find grub config file, exiting." >&2 - exit 0 -fi +set -e -XEN_HYPERVISOR_CMDLINE="xsave=1" -XEN_LINUX_CMDLINE="console=tty0" -[ -r /etc/xen/grub.conf ] && . /etc/xen/grub.conf +prefix="/usr" +exec_prefix="${prefix}" +datarootdir="/usr/share" +datadir="${datarootdir}" +sysconfdir="/etc" -CLASS="--class gnu-linux --class gnu --class os" +. "${datarootdir}/grub/grub-mkconfig_lib" -if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then - OS=GNU/Linux -else - if [ "${GRUB_DISTRIBUTOR}" = "Parabola" ] ; then - OS="${GRUB_DISTRIBUTOR} GNU/Linux-libre" - elif [ "${GRUB_DISTRIBUTOR}" = "parabola" ] ; then - OS="${GRUB_DISTRIBUTOR} GNU/Linux-libre" - elif [ "${GRUB_DISTRIBUTOR}" = "Blag" ] ; then - OS="${GRUB_DISTRIBUTOR} Linux and GNU" - elif [ "${GRUB_DISTRIBUTOR}" = "blag" ] ; then - OS="${GRUB_DISTRIBUTOR} Linux and GNU" - elif [ "${GRUB_DISTRIBUTOR}" = "Musix" ] ; then - OS="${GRUB_DISTRIBUTOR} GNU+Linux" - elif [ "${GRUB_DISTRIBUTOR}" = "musix" ] ; then - OS="${GRUB_DISTRIBUTOR} GNU+Linux" - elif [ "${GRUB_DISTRIBUTOR}" = "Dragora" ] ; then - OS="${GRUB_DISTRIBUTOR} GNU/Linux-libre" - elif [ "${GRUB_DISTRIBUTOR}" = "dragora" ] ; then - OS="${GRUB_DISTRIBUTOR} GNU/Linux-libre" - else - OS="${GRUB_DISTRIBUTOR} GNU/Linux" - fi - CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr '[A-Z]' '[a-z]' | cut -d' ' -f1) ${CLASS}" +. "${sysconfdir}/default/grub" + +export XEN_HYPERVISOR_CMDLINE="xsave=1" +export XEN_LINUX_CMDLINE="console=tty0" + +[[ -r "${sysconfdir}/xen/grub.conf" ]] && . "${sysconfdir}/xen/grub.conf" + +[[ -z "${XEN_LINUX_CMDLINE_OVERRIDE}" ]] && XEN_LINUX_CMDLINE_OVERRIDE="0" + +export TEXTDOMAIN="grub" +export TEXTDOMAINDIR="${datarootdir}/locale" + +CLASS="--class xen --class parabola --class gnu-linux --class gnu --class os" + +[[ "${grub_file}" != "" ]] && _FUNC_GRUB_FILE_PRESENT + +BOOT_PART_FS_UUID="$(${grub_probe} --target="fs_uuid" "/boot" 2>/dev/null)" +BOOT_PART_HINTS_STRING="$(${grub_probe} --target="hints_string" "/boot" 2>/dev/null || true)" +BOOT_PART_FS="$(${grub_probe} --target="fs" "/boot" 2>/dev/null)" + +ROOT_PART_GRUB_DEVICE="$(${grub_probe} --target=device / || true)" +ROOT_PART_FS="$(${grub_probe} --device ${ROOT_PART_GRUB_DEVICE} --target=fs 2> /dev/null || echo "unknown")" + +if [[ "${GRUB_LINUX_ROOT_DEVICE}" == "" ]]; then + + case "${ROOT_PART_FS}" in + btrfs) + rootsubvol="$(make_system_path_relative_to_its_root /)" + rootsubvol="${rootsubvol#/}" + if [[ "${rootsubvol}" != "" ]]; then + GRUB_LINUX_ROOT_DEVICE="subvol=${rootsubvol}" + fi + ;; + zfs) + rpool="$(${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true)" + bootfs="$(make_system_path_relative_to_its_root / | sed -e "s,@$,,")" + GRUB_LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" + ;; + esac + + if [[ "${GRUB_DEVICE_UUID}" == "" ]] || \ + [[ "${GRUB_DISABLE_LINUX_UUID}" == "true" ]] || \ + [[ ! -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" ]] || \ + uses_abstraction "${GRUB_DEVICE}" lvm ; then + GRUB_LINUX_ROOT_DEVICE="${GRUB_DEVICE}" + else + GRUB_LINUX_ROOT_DEVICE="UUID=${GRUB_DEVICE_UUID}" + fi fi -# loop-AES arranges things so that /dev/loop/X can be our root device, but -# the initrds that Linux uses don't like that. -case ${GRUB_DEVICE} in - /dev/loop/*|/dev/loop[0-9]) - GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` - ;; -esac - -if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ - || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ - || [ "`grub-probe -t abstraction --device ${GRUB_DEVICE} | sed -e 's,.*\(lvm\).*,\1,'`" = "lvm" ] ; then - LINUX_ROOT_DEVICE=${GRUB_DEVICE} +[[ "${GRUB_LINUX_PARAMS}" == "" ]] && GRUB_LINUX_PARAMS="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" +if [[ "${XEN_LINUX_CMDLINE_OVERRIDE}" == "0" ]]; then + GRUB_LINUX_PARAMS="${GRUB_LINUX_PARAMS} ${XEN_LINUX_CMDLINE}" else - LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} + GRUB_LINUX_PARAMS="${XEN_LINUX_CMDLINE}" fi -xen_entry () -{ - os="$1" - xen_version="$2" - version="$3" - xen_args="$4" - args="$5" - printf "menuentry 'Xen %s / %s, with Linux %s' --class xen ${CLASS} {\n" "${xen_version}" "${os}" "${version}" - save_default_entry | sed -e "s/^/\t/" - - if [ -z "${prepare_boot_cache}" ]; then - prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | sed -e "s/^/\t/")" - fi - printf '%s\n' "${prepare_boot_cache}" - cat << EOF - echo '$(printf "Loading Xen %s ..." ${xen_version})' - multiboot ${rel_dirname}/${xen_basename} ${rel_dirname}/${xen_basename} ${xen_args} - echo $(printf "$(gettext "Loading Linux %s ...")" ${version}) - module ${rel_dirname}/${basename} ${rel_dirname}/${basename} root=${linux_root_device_thisversion} rw ${args} -EOF - if test -n "${initrd}" ; then - cat << EOF - echo "Loading initial ramdisk ..." - module ${rel_dirname}/${initrd} -EOF - fi - cat << EOF -} -EOF -} - xen_list=`for i in /boot/xen-*.gz /xen-*.gz ; do if grub_file_is_not_garbage "$i" ; then echo -n "$i "; fi done` -prepare_boot_cache= while [ "x$xen_list" != "x" ] ; do xen=`version_find_latest $xen_list` echo "Found Xen hypervisor image: $xen" >&2 - xen_basename=`basename $xen` - xen_dirname=`dirname $xen` - rel_xen_dirname=`make_system_path_relative_to_its_root $xen_dirname` - xen_version=`echo $xen_basename | sed -e "s,^[^0-9]*-,,g" | sed -e "s,.gz,,g"` - alt_xen_version=`echo $xen_version | sed -e "s,\.old$,,g"` + XEN_BASENAME=`basename $xen` + XEN_VERSION=`echo $XEN_BASENAME | sed -e "s,^[^0-9]*-,,g" | sed -e "s,.gz,,g"` + + for _KERNEL_ in ${list} ; do + + echo "Found linux image: ${_KERNEL_}" >&2 + + basename="$(basename "${_KERNEL_}")" + dirname="$(dirname "${_KERNEL_}")" + REAL_DIR="$(make_system_path_relative_to_its_root "${dirname}")" + + _KERNEL_FILE_="$(echo ${_KERNEL_} | sed 's,/boot/,,g')" + _KERNEL_PKG_="pkg-$(echo ${_KERNEL_FILE_} | sed 's,vmlinuz-,,g')" + + _INITRAMFS_="${_KERNEL_FILE_/vmlinuz-/initramfs-}.img" + + if [[ -e "/boot/${_INITRAMFS_}" ]]; then + + echo "Found initramfs image: /boot/${_INITRAMFS_}" >&2 + + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel initramfs ...' + module ${REAL_DIR}/${_INITRAMFS_} +} - list=`for i in /boot/vmlinuz-* /vmlinuz-*; do - if grub_file_is_not_garbage "$i" ; then echo -n "$i "; fi - done` - - while [ "x$list" != "x" ] ; do - linux=`version_find_latest $list` - echo -e "\tFound linux image: $linux" >&2 - basename=`basename $linux` - dirname=`dirname $linux` - rel_dirname=`make_system_path_relative_to_its_root $dirname` - version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` - base_init=`echo $basename | sed -e "s,vmlinuz,initramfs,g"` - alt_version="${base_init}-fallback" - linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" - initrd= - - for i in "${base_init}.img"; do - if test -e "${dirname}/${i}" ; then - initrd="$i" - break - fi - done - if test -n "${initrd}" ; then - echo -e "\tFound initrd image: ${dirname}/${initrd}" >&2 - else - # "UUID=" magic is parsed by initrds. Since there's no initrd, it can't work here. - linux_root_device_thisversion=${GRUB_DEVICE} +EOF fi + + _INITRAMFS_FALLBACK_="${_KERNEL_FILE_/vmlinuz-/initramfs-}-fallback.img" + + if [[ -e "/boot/${_INITRAMFS_FALLBACK_}" ]]; then + + echo "Found fallback initramfs image: /boot/${_INITRAMFS_FALLBACK_}" >&2 + + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel (fallback initramfs)" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel fallback initramfs ...' + module ${REAL_DIR}/${_INITRAMFS_FALLBACK_} +} - xen_entry "${OS}" "${xen_version}" "${version}" \ - "${XEN_HYPERVISOR_CMDLINE}" \ - "${XEN_LINUX_CMDLINE}" +EOF + fi + + if [[ ! -e "/boot/${_INITRAMFS_}" ]] && [[ ! -e "/boot/${_INITRAMFS_FALLBACK_}" ]]; then + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel (no initramfs)" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} +} - list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '` +EOF + fi + done xen_list=`echo $xen_list | tr ' ' '\n' | grep -vx $xen | tr '\n' ' '` done + diff --git a/kernels/xen/ChangeLog b/kernels/xen/ChangeLog index 8f9ef80fe..17133d08c 100644 --- a/kernels/xen/ChangeLog +++ b/kernels/xen/ChangeLog @@ -1,3 +1,24 @@ +2014-05-17 David Sutton <kantras - gmail.com> + * 4.4.0-4: + Added patch to fix shutdown issues with pvh domains + +2014-05-01 David Sutton <kantras - gmail.com> + * 4.4.0-3: + Added XSA 92 Security patch + Added fix for compiling under GCC 4.9.0 (From Fedora Rawhide SRPM) + Added updates to 09_xen to closer match system 10_linux + +2014-03-11 David Sutton <kantras - gmail.com> + * 4.4.0-2: + Moved xen-syms file so 09_xen won't pick it up as a potential kernel. + Added XSA 89 Security patch + Minor PKGBUILD cleanup/changes + +2014-03-10 David Sutton <kantras - gmail.com> + * 4.4.0-1: + New upstream release + Cleaned up old unnecessary patches + 2014-02-19 David Sutton <kantras - gmail.com> * 4.3.2-1: New upstream release @@ -47,7 +68,7 @@ * 4.3.0-3 : added ChangeLog. - Cleaned up PKGBUILD to match Parabola Package Standards + Cleaned up PKGBUILD to match Package Standards Fixed some path references - /var/run to /run Removed some unnecessary empty directories Updated xenconsoled and xenstored so they use /run for pid file diff --git a/kernels/xen/IVRS-debug.patch b/kernels/xen/IVRS-debug.patch deleted file mode 100644 index 5f6813cb9..000000000 --- a/kernels/xen/IVRS-debug.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- a/xen/drivers/passthrough/amd/iommu_acpi.c 2013-07-09 05:46:56.000000000 -0500 -+++ b/xen/drivers/passthrough/amd/iommu_acpi.c 2013-08-31 01:26:18.614846438 -0500 -@@ -651,9 +651,9 @@ - return 0; - } - -- AMD_IOMMU_DEBUG("IVHD Special: %04x:%02x:%02x.%u variety %#x handle %#x\n", -+ AMD_IOMMU_DEBUG("IVHD Special: %04x:%02x:%02x.%u variety %#x handle %#x used_id %#x\n", - seg, PCI_BUS(bdf), PCI_SLOT(bdf), PCI_FUNC(bdf), -- special->variety, special->handle); -+ special->variety, special->handle, special->used_id); - add_ivrs_mapping_entry(bdf, bdf, special->header.data_setting, iommu); - - switch ( special->variety ) diff --git a/kernels/xen/PKGBUILD b/kernels/xen/PKGBUILD index 28dc5a786..7313bfd75 100644 --- a/kernels/xen/PKGBUILD +++ b/kernels/xen/PKGBUILD @@ -1,22 +1,23 @@ # Maintainer (Arch): David Sutton <kantras - gmail.com> +# Contributor (Arch): Shanmu Thiagaraja <sthiagaraja+AUR@prshanmu.com> # Contributor (Arch): Limao Luo # Contributor (Arch): Luceo # Contributor (Arch): Revellion # Maintainer: André Silva <emulatorman@parabola.nu> pkgname=xen -pkgver=4.3.2 -pkgrel=1 +pkgver=4.4.0 +pkgrel=4 pkgdesc="Virtual Machine Hypervisor & Tools (Parabola rebranded)" arch=(i686 x86_64) url="http://www.xenproject.org/" license=(GPL2) -depends=(bin86 bluez bridge-utils curl e2fsprogs gnutls iproute2 libaio libcap-ng libiscsi libjpeg-turbo libpng lzo2 nss pixman pciutils python python2 sdl wget vde2 yajl) +depends=(bin86 bluez bridge-utils curl e2fsprogs gnutls iproute2 libaio libcap-ng libiscsi libjpeg-turbo libpng libseccomp lzo2 nss pixman pciutils python python2 sdl wget vde2 yajl) [[ "$CARCH" == "x86_64" ]] && depends+=(lib32-glibc) makedepends=(cmake dev86 git iasl markdown ocaml-findlib) optdepends=('xen-docs: Official Xen Documentation' 'openvswitch: Optional Networking support') conflicts=(xen-4.2{,-testing-hg} xen-{gdbsx,hg-unstable,rc,git} xen-4.3{,-testing-hg}) -backup=(etc/$pkgname/xend-{config,pci-{permissive,quirks}}.sxp etc/modules-load.d/$pkgname.conf etc/$pkgname/xl.conf etc/conf.d/xen{stored,consoled,domains} etc/default/xencommons etc/$pkgname/grub.conf) +backup=(etc/modules-load.d/$pkgname.conf etc/$pkgname/xl.conf etc/conf.d/xen{stored,consoled,domains,commons} etc/$pkgname/grub.conf) options=(!buildflags !strip) install=$pkgname.install changelog=ChangeLog @@ -32,11 +33,11 @@ source=(http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2 xen.install 09_xen - bios_workaround.patch - xendomains.patch - TOM-register.patch ati-passthrough.patch - IVRS-debug.patch + localgcc490fix.patch + pvh_pit_init.patch + xsa89.patch + xsa92.patch proc-xen.mount var-lib-xenstored.mount xenconsoled.service @@ -58,7 +59,7 @@ noextract=(lwip-1.3.0.tar.gz gmp-4.3.2.tar.bz2 ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz) -sha256sums=('17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69' +sha256sums=('6910a504fe2ffe8db0e7a44756ce1c4c95e1ccbef942a1fc8da27aced5aac021' '632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c' '772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f' '1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e' @@ -68,79 +69,58 @@ sha256sums=('17611d95f955302560ff72d97c08933b4e62bc2e8ffb71400fc54e388746ff69' '4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b' '4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459' '936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775' - '0f6ebf3437974d1708c9e74005b976479ab8ff28adec394208153bf404b411f8' - '74a957d783458b7481c7a09c3ed94ec2e07ee7943e4b7fa33d3684b8d585139e' - '914cc983da1fe89ff125d751c979b4968f8952da21b19b900fcd4e6b33e14552' - '1938ca36bfb62c76ad0642147017ecfaa64588abaa2d88e868f501c4ae83bfd9' - '0fa9426cc499ea3d6e1aa33a8be0e180aed87936814b9b88bb0ef42f6983654a' + '9d41f4456f1ce82ab912467a230b6e78b69b39579bccca1337328945ae7e3edb' + 'b0a3cfe2d524371ee04a26a29ad04cd9f3dae8c5d4a18b6b41576c6c7547f946' 'd93c2d5bcdf0c3e4c6e8efb357cb4b9d618209025361f5ccd9d03651a8acd7a3' - '54883171ff9cf5f342a2be5c944df16902ef06b6f2d015b675fa9bd5ed899c7c' + '83d4672470437e0a6d2c371681384d67f2056ba85fe3b7898e2b806edecaebd6' + '7dcf63e1f7158e0d8d5144f549f4e5fe9a532f9da2650c13968aa39b2730d8b2' + '741c8fbbfa8e425d8debba17135d4c2e1e962d15717769bc93d68a65b5dc5ea6' + '184dcb88dfb4540fca33016ffcfe0f4f557449ab5b4ec6a4bf486c75926d23f3' '139eed988bfaf8edc8ccdfd0b668382bd63db48ce17be91776182a7e28e9d88c' 'c19146931c6ab8e53092bd9b2ebbfda5c76fd22ad3b1d42dcda3dd1b61f123ff' 'e4af7891e816b9549ebeff766a78036626c0e278734e5625b8e7d68729530ded' '48d76cc6f25caa79b3f527c96a0883b1decb9012f6616f61336c8d43791bf007' '0bd45d9de6456c4f9adf32e726f2db3a3cd0423c1d161b442e8a1666d2e68e3f' '012cc60ffdcb0e061d04d404eb9232734554aef4dc4b551f66adf82a655e6e41' - '8ee5c5a14064fc2bbfd38d0ec8a6001f541bbe56b9fb534733209a8af148b297' + '633d334c55395fac3f16dbe56dd7b7524d560b513d1895b53c89943033a45f39' '0e1ad0a6a72b0c22025a556c23235a8f663427f1e769c45fe39d1c525bf82eff' '40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf' - '78398fb27edfedb432b5f4e4bf87b5dbee41f180c623d29f758234a49d8bf4b4' + '3f0af16958c3e057b9baa5afc47050d9adf7dd553274dd97ae4f35938fefb568' '50a9b7fd19e8beb1dea09755f07318f36be0b7ec53d3c9e74f3266a63e682c0c') -sha512sums=('ec94d849b56ec590b89022075ce43768d8ef44b7be9580ce032509b44c085f0f66495845607a18cd3dea6b89c69bc2a18012705556f59288cd8653c3e5eca302' - 'c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4' - '1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d' - '021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e' - '40eb96bbc6736a16b6399e0cdb73e853d0d90b685c967e77899183446664d64570277a633fdafdefc351b46ce210a99115769a1d9f47ac749d7e82837d4d1ac3' - '2b3d98d027e46d8c08037366dde6f0781ca03c610ef2b380984639e4ef39899ed8d8b8e4cd9c9dc54df101279b95879bd66bfd4d04ad07fef41e847ea7ae32b5' - '88da614e4d3f4409c4fd3bb3e44c7587ba051e3fed4e33d526069a67e8180212e1ea22da984656f50e290049f60ddca65383e5983c0f8884f648d71f698303ad' - 'c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb' - '4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35' - '2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf' - '78bfb62166ffcf136e12985809b3f412e0145a7f17388a559071f644970ccdfd2a02fe9aa4a180069b923c2e4354b061a4057096de856497f10d9cac57eae4b3' - '8667a97e10f09c5ce5ba604e38a073b7d7944f4d24c5c78a7235443b65a8cc7b6e7de90e40aa335bb17fda0858d6b517ba1e8b5a0bd6bba4ad75ad44b73f6c9c' - '7118bf02ff5338e70b3f27f8ea390cd05ea37a4ceabb4adc9d32fc57329e35e98330f0e865261dd4e670436e1a725832598888d44b1e2b17b351f59318860878' - '440b3967bf0f0cecde42111bc602f591edeadfdf7044f1f181029b0ded5fb8fa9d640bc4a4a57daadd350594f86065120ea5e4d833004590a8bfe0ee88b4c316' - 'b89f524015c1299c7b19573ae0637f9d33613f3fdbb3d978a07d294ee18a657bd124852f1cbb85e6d1382aca42ed799e8ee245a161340bb4b759eeccce28df7d' - 'c30a4cbdc942ae36364830ab604ecb46a68466bfbaaef2740aa805acf9e432a0dd7877593d6211437db4d2e7c2deb15f301d5a5571fd28936f01228f13256d3f' - 'e8392dbc66bf83b887de963416b1fe9a4eeccb8faca78c6fc1dd4243544b871625d43423f03d19cf91d80295d43073904c9dbe37241e7432b69566b05b267391' - '6afdf16e32bb837faf6333334f86855a746f1f46fee9673a4fddc62eecf41f9856bc34397807203c6f5071f0b1ce74532214084042154585c0d39514450db25c' - '00e340f4d3635e3850ca24baea1da08467523c17815feb74161e18397b607fef904db2165fd9bf4632a6e8a6e37aeddad4e56965e1c99b5213c98b3f9afc6aad' - '580e0645d7f157928f137f3d8b38d3e2834cb5fa091dbcd28217bbaed494415a35c8973487a1eec726c2f49c8b11d4dd28fdcbe75f14c91a4474cacd8dfb2e99' - 'a0bbd9c14ee0f2b9dc9cf304b531aaefde545e56b4ce4847f12faab4952520ce857a92765ae3a1b25ebd2b7511bb24fc820864d7342ac43a311d8c6551958895' - 'f00034f8b826b828659a0177f0a6454113c625e69a817dfe32e461767f6643e0288bfc2a22d23358504240df627af6e3b8f5ffa0077e241e590b33d3f252e74c' - 'f21cc17009957797630c2e82630b5e93ceac8fdadc5eaa3abf0510ca81a49e5680a80ece63b248354122c5fd5d40c9a495fad15e307a694936fa062e984158c4' - '9e95e05ac7cce383530ede0f8f75b4f8990c7d7d55ef59f3e37c64a75ccc012475595bc1123bc4c2072dd2c1c2f4b744f26d6adb799f7a068195aadde383af89' - 'c996d48737ad31528b0b2b1379e3ebae948d290de9ddc71f33c7c56f0634466bc7afb2eab847e851c19e3c13bb99468a0778d908606486959a40ff3272189bd3' - '53ba61587cc2e84044e935531ed161e22c36d9e90b43cab7b8e63bcc531deeefacca301b5dff39ce89210f06f1d1e4f4f5cf49d658ed5d9038c707e3c95c66ef' - '04000a802e96c11929cb94c9a2bcafbb4307620192388441d979ea85836c3395954dea53d449c1cc25c3a0a30c49d318b8de59a053c6254f5a81e87864648a9c' - 'ccaa2ff82e4203b11e5dec9aeccac2e165721d8067e0094603ecaa7a70b78c9eb9e2287a32687883d26b6ceae6f8d2ad7636ddf949eb658637b3ceaa6999711b') prepare() { cd $pkgname-$pkgver/ - ### Patching - patch -Np1 -i ../xendomains.patch - patch -Np1 -i ../TOM-register.patch + ### Patching - # Uncomment line below if you have a bios which is reporting bad IVRS data - #patch -Np1 -i ../bios_workaround.patch - #patch -Np1 -i ../IVRS-debug.patch + # Security Patches + patch -Np1 -i $srcdir/xsa89.patch + patch -Np1 -i $srcdir/xsa92.patch - # Uncomment line below if you want to enable ATI Passthrough support (some reported successes) + # GCC 4.9.0 compile workaround + patch -Np1 -i $srcdir/localgcc490fix.patch + + # Issue resolution patches + patch -Np1 -i $srcdir/pvh_pit_init.patch + + # Uncomment line below if you want to enable ATI Passthrough support (some reported successes, untested with 4.4) #patch -Np1 -i ../ati-passthrough.patch # Fix Install Paths sed -i 's:/sbin:/bin:' config/StdGNU.mk + sed -i 's:/var/lock:/run/lock:' config/StdGNU.mk + sed -i 's:/var/run:/run:' config/StdGNU.mk # Copy supporting tarballs into place - cp ../lwip-1.3.0.tar.gz stubdom/ - cp ../zlib-1.2.3.tar.gz stubdom/ - cp ../newlib-1.16.0.tar.gz stubdom/ - cp ../pciutils-2.2.9.tar.bz2 stubdom/ - cp ../polarssl-1.1.4-gpl.tgz stubdom/ - cp ../grub-0.97.tar.gz stubdom/ - cp ../tpm_emulator-0.7.4.tar.gz stubdom/ - cp ../gmp-4.3.2.tar.bz2 stubdom/ + cp $srcdir/lwip-1.3.0.tar.gz stubdom/ + cp $srcdir/zlib-1.2.3.tar.gz stubdom/ + cp $srcdir/newlib-1.16.0.tar.gz stubdom/ + cp $srcdir/pciutils-2.2.9.tar.bz2 stubdom/ + cp $srcdir/polarssl-1.1.4-gpl.tgz stubdom/ + cp $srcdir/grub-0.97.tar.gz stubdom/ + cp $srcdir/tpm_emulator-0.7.4.tar.gz stubdom/ + cp $srcdir/gmp-4.3.2.tar.bz2 stubdom/ + cp $srcdir/ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz tools/firmware/etherboot/ipxe.tar.gz } @@ -157,6 +137,7 @@ package() { make DESTDIR="$pkgdir" LANG=C PYTHON=python2 install-{xen,tools,stubdom} + # Install files cd ../ for f in ${source[@]}; do [[ $f =~ .mount || $f =~ .service ]] && install -Dm644 $f "$pkgdir"/usr/lib/systemd/system/$f @@ -171,12 +152,17 @@ package() { cd "$pkgdir" # Fix paths in scripts, move to right locations and create missing directories + sed -i 's:/etc/sysconfig:/etc/conf.d:' etc/init.d/xendomains sed -i 's:/var/lock:/run/lock:' etc/init.d/xendomains - sed -i 's:/var/lock:/run/lock:' etc/init.d/xend sed -i 's:/var/lock:/run/lock:' etc/xen/scripts/hotplugpath.sh + sed -i 's:/var/run:/run:' etc/init.d/xencommons sed -i 's:/var/run:/run:' etc/xen/scripts/hotplugpath.sh - mv etc/{init,rc}.d - mv etc/rc.d/xendomains etc/xen/scripts/xendomains + sed -i 's:/var/run:/run:' etc/xen/scripts/locking.sh + + mv etc/init.d/xencommons etc/xen/scripts/xencommons + mv etc/init.d/xendomains etc/xen/scripts/xendomains + mv etc/init.d/xen-watchdog etc/xen/scripts/xen-watchdog + mv etc/default/xencommons etc/conf.d/xencommons mv etc/default/xendomains etc/conf.d/xendomains mv var/xen/dump var/lib/xen/ mkdir var/log/xen/console @@ -189,33 +175,40 @@ package() { cd ../ fi - # Compress and move syms file to a different directory - gzip boot/$pkgname-syms-$pkgver - mv boot/$pkgname-syms-$pkgver.gz usr/share/xen + # Compress syms file and move to a share location + if [[ $CARCH == x86_64 ]]; then + gzip boot/$pkgname-syms-* + mv boot/$pkgname-syms-*.gz usr/share/xen + fi ##### Kill unwanted stuff ##### # hypervisor symlinks - rm -f boot/xen{,-4,-4.3}.gz + rm -f boot/xen{,-4,-4.4}.gz # Documentation cleanup ( see xen-docs package ) rm -rf usr/share/doc - rm -rf usr/share/xen/man + rm -rf usr/share/man # Pointless helper cleanup rm -f usr/bin/xen-python-path - rm -rf usr/libexec # Unnecessary qemu support files rm -rf usr/bin/qemu-*-xen + rm -rf usr/etc + rm -rf usr/libexec rm usr/share/qemu-xen/qemu/{palcode,openbios}-* rm usr/share/xen/qemu/openbios-* - # Clean up udev rules naming, remove depreciated xend.rules + # Clean up udev rules naming mv etc/udev/rules.d/xen-backend.rules etc/udev/rules.d/40-xen-backend.rules - rm etc/udev/rules.d/xend.rules + + # Cleanup additional leftover files + rm -rf usr/include/cacard + rm -f usr/lib/libcacard* + rm -f usr/lib/pkgconfig/libcacard.pc # Clean up left over empty directories - rm -rf var/run var/lock var/xen + rm -rf var/run var/lock var/xen etc/default etc/init.d # adhere to Static Library Packaging Guidelines rm -rf usr/lib/*.a diff --git a/kernels/xen/TOM-register.patch b/kernels/xen/TOM-register.patch deleted file mode 100644 index 88bedbbc0..000000000 --- a/kernels/xen/TOM-register.patch +++ /dev/null @@ -1,187 +0,0 @@ ---- xen-4.3.1/tools/qemu-xen/hw/pc.h -+++ xen-4.3.1-new/tools/qemu-xen/hw/pc.h -@@ -128,15 +128,14 @@ extern int no_hpet; - struct PCII440FXState; - typedef struct PCII440FXState PCII440FXState; - -+#define I440FX_TOM 0xe0000000 -+#define I440FX_XEN_TOM 0xf0000000 -+ - PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix_devfn, - ISABus **isa_bus, qemu_irq *pic, - MemoryRegion *address_space_mem, - MemoryRegion *address_space_io, - ram_addr_t ram_size, -- hwaddr pci_hole_start, -- hwaddr pci_hole_size, -- hwaddr pci_hole64_start, -- hwaddr pci_hole64_size, - MemoryRegion *pci_memory, - MemoryRegion *ram_memory); - ---- xen-4.3.1/tools/qemu-xen/hw/pc_piix.c -+++ xen-4.3.1-new/tools/qemu-xen/hw/pc_piix.c -@@ -92,9 +92,9 @@ static void pc_init1(MemoryRegion *system_memory, - kvmclock_create(); - } - -- if (ram_size >= 0xe0000000 ) { -- above_4g_mem_size = ram_size - 0xe0000000; -- below_4g_mem_size = 0xe0000000; -+ if (ram_size >= I440FX_TOM) { -+ above_4g_mem_size = ram_size - I440FX_TOM; -+ below_4g_mem_size = I440FX_TOM; - } else { - above_4g_mem_size = 0; - below_4g_mem_size = ram_size; -@@ -129,12 +129,6 @@ static void pc_init1(MemoryRegion *system_memory, - if (pci_enabled) { - pci_bus = i440fx_init(&i440fx_state, &piix3_devfn, &isa_bus, gsi, - system_memory, system_io, ram_size, -- below_4g_mem_size, -- 0x100000000ULL - below_4g_mem_size, -- 0x100000000ULL + above_4g_mem_size, -- (sizeof(hwaddr) == 4 -- ? 0 -- : ((uint64_t)1 << 62)), - pci_memory, ram_memory); - } else { - pci_bus = NULL; ---- xen-4.3.1/tools/qemu-xen/hw/piix_pci.c -+++ xen-4.3.1-new/tools/qemu-xen/hw/piix_pci.c -@@ -86,6 +86,14 @@ struct PCII440FXState { - #define I440FX_PAM_SIZE 7 - #define I440FX_SMRAM 0x72 - -+/* The maximum vaule of TOM(top of memory) register in I440FX -+ * is 1G, so it doesn't meet any popular virutal machines, so -+ * define another register to report the base of PCI memory. -+ * Use one byte 0xb0 for the upper 8 bit, they are originally -+ * resevered for host bridge. -+ * */ -+#define I440FX_PCI_HOLE_BASE 0xb0 -+ - static void piix3_set_irq(void *opaque, int pirq, int level); - static PCIINTxRoute piix3_route_intx_pin_to_irq(void *opaque, int pci_intx); - static void piix3_write_config_xen(PCIDevice *dev, -@@ -101,6 +109,43 @@ static int pci_slot_get_pirq(PCIDevice *pci_dev, int pci_intx) - return (pci_intx + slot_addend) & 3; - } - -+ -+static void i440fx_update_pci_mem_hole(PCII440FXState *f, bool del) -+{ -+ ram_addr_t above_4g_mem_size; -+ hwaddr pci_hole_start, pci_hole_size, pci_hole64_start, pci_hole64_size; -+ -+ pci_hole_start = pci_default_read_config(&f->dev, I440FX_PCI_HOLE_BASE, 1) << 24; -+ pci_hole_size = 0x100000000ULL - pci_hole_start; -+ -+ if (ram_size >= pci_hole_start) { -+ above_4g_mem_size = ram_size - pci_hole_start; -+ } else { -+ above_4g_mem_size = 0; -+ } -+ pci_hole64_start = 0x100000000ULL + above_4g_mem_size; -+ pci_hole64_size = sizeof(hwaddr) == 4 ? 0 : ((uint64_t)1 << 62); -+ -+ if (del) { -+ memory_region_del_subregion(f->system_memory, &f->pci_hole); -+ if (pci_hole64_size) { -+ memory_region_del_subregion(f->system_memory, &f->pci_hole_64bit); -+ } -+ } -+ -+ memory_region_init_alias(&f->pci_hole, "pci-hole", f->pci_address_space, -+ pci_hole_start, pci_hole_size); -+ memory_region_add_subregion(f->system_memory, pci_hole_start, &f->pci_hole); -+ memory_region_init_alias(&f->pci_hole_64bit, "pci-hole64", -+ f->pci_address_space, -+ pci_hole64_start, pci_hole64_size); -+ if (pci_hole64_size) { -+ memory_region_add_subregion(f->system_memory, pci_hole64_start, -+ &f->pci_hole_64bit); -+ } -+} -+ -+ - static void i440fx_update_memory_mappings(PCII440FXState *d) - { - int i; -@@ -136,6 +181,9 @@ static void i440fx_write_config(PCIDevice *dev, - range_covers_byte(address, len, I440FX_SMRAM)) { - i440fx_update_memory_mappings(d); - } -+ if (range_covers_byte(address, len, I440FX_PCI_HOLE_BASE)) { -+ i440fx_update_pci_mem_hole(d, true); -+ } - } - - static int i440fx_load_old(QEMUFile* f, void *opaque, int version_id) -@@ -203,6 +251,10 @@ static int i440fx_initfn(PCIDevice *dev) - - d->dev.config[I440FX_SMRAM] = 0x02; - -+ /* Emulate top of memory, here use 0xe0000000 as default val*/ -+ uint32_t addr = xen_enabled() ? I440FX_XEN_TOM : I440FX_TOM; -+ pci_set_byte(dev->config + I440FX_PCI_HOLE_BASE, (uint8_t)(addr >> 24)); -+ - cpu_smm_register(&i440fx_set_smm, d); - return 0; - } -@@ -214,10 +266,6 @@ static PCIBus *i440fx_common_init(const char *device_name, - MemoryRegion *address_space_mem, - MemoryRegion *address_space_io, - ram_addr_t ram_size, -- hwaddr pci_hole_start, -- hwaddr pci_hole_size, -- hwaddr pci_hole64_start, -- hwaddr pci_hole64_size, - MemoryRegion *pci_address_space, - MemoryRegion *ram_memory) - { -@@ -244,16 +292,6 @@ static PCIBus *i440fx_common_init(const char *device_name, - f->system_memory = address_space_mem; - f->pci_address_space = pci_address_space; - f->ram_memory = ram_memory; -- memory_region_init_alias(&f->pci_hole, "pci-hole", f->pci_address_space, -- pci_hole_start, pci_hole_size); -- memory_region_add_subregion(f->system_memory, pci_hole_start, &f->pci_hole); -- memory_region_init_alias(&f->pci_hole_64bit, "pci-hole64", -- f->pci_address_space, -- pci_hole64_start, pci_hole64_size); -- if (pci_hole64_size) { -- memory_region_add_subregion(f->system_memory, pci_hole64_start, -- &f->pci_hole_64bit); -- } - memory_region_init_alias(&f->smram_region, "smram-region", - f->pci_address_space, 0xa0000, 0x20000); - memory_region_add_subregion_overlap(f->system_memory, 0xa0000, -@@ -295,6 +333,7 @@ static PCIBus *i440fx_common_init(const char *device_name, - (*pi440fx_state)->dev.config[0x57]=ram_size; - - i440fx_update_memory_mappings(f); -+ i440fx_update_pci_mem_hole(f, false); - - return b; - } -@@ -304,10 +343,6 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, - MemoryRegion *address_space_mem, - MemoryRegion *address_space_io, - ram_addr_t ram_size, -- hwaddr pci_hole_start, -- hwaddr pci_hole_size, -- hwaddr pci_hole64_start, -- hwaddr pci_hole64_size, - MemoryRegion *pci_memory, MemoryRegion *ram_memory) - - { -@@ -315,8 +350,6 @@ PCIBus *i440fx_init(PCII440FXState **pi440fx_state, int *piix3_devfn, - - b = i440fx_common_init("i440FX", pi440fx_state, piix3_devfn, isa_bus, pic, - address_space_mem, address_space_io, ram_size, -- pci_hole_start, pci_hole_size, -- pci_hole64_start, pci_hole64_size, - pci_memory, ram_memory); - return b; - } diff --git a/kernels/xen/bios_workaround.patch b/kernels/xen/bios_workaround.patch deleted file mode 100644 index 12fc00184..000000000 --- a/kernels/xen/bios_workaround.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- xen-4.3.1.orig/xen/drivers/passthrough/amd/iommu_acpi.c 2013-07-09 05:46:56.000000000 -0500 -+++ xen-4.3.1/xen/drivers/passthrough/amd/iommu_acpi.c 2013-07-18 02:31:38.767195258 -0500 -@@ -668,26 +668,26 @@ - */ - for ( apic = 0; apic < nr_ioapics; apic++ ) - { -- if ( IO_APIC_ID(apic) != special->handle ) -+ if ( ioapic_sbdf[IO_APIC_ID(apic)].bdf != ioapic_sbdf[special->handle].bdf ) - continue; - -- if ( special->handle >= ARRAY_SIZE(ioapic_sbdf) ) -+ if ( IO_APIC_ID(apic) >= ARRAY_SIZE(ioapic_sbdf) ) - { - printk(XENLOG_ERR "IVHD Error: IO-APIC %#x entry beyond bounds\n", -- special->handle); -+ IO_APIC_ID(apic)); - return 0; - } - -- if ( ioapic_sbdf[special->handle].pin_setup ) -+ if ( ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) - { -- if ( ioapic_sbdf[special->handle].bdf == bdf && -- ioapic_sbdf[special->handle].seg == seg ) -+ if ( ioapic_sbdf[IO_APIC_ID(apic)].bdf == bdf && -+ ioapic_sbdf[IO_APIC_ID(apic)].seg == seg ) - AMD_IOMMU_DEBUG("IVHD Warning: Duplicate IO-APIC %#x entries\n", -- special->handle); -+ IO_APIC_ID(apic)); - else - { - printk(XENLOG_ERR "IVHD Error: Conflicting IO-APIC %#x entries\n", -- special->handle); -+ IO_APIC_ID(apic)); - if ( amd_iommu_perdev_intremap ) - return 0; - } -@@ -695,10 +695,10 @@ - else - { - /* set device id of ioapic */ -- ioapic_sbdf[special->handle].bdf = bdf; -- ioapic_sbdf[special->handle].seg = seg; -+ ioapic_sbdf[IO_APIC_ID(apic)].bdf = bdf; -+ ioapic_sbdf[IO_APIC_ID(apic)].seg = seg; - -- ioapic_sbdf[special->handle].pin_setup = xzalloc_array( -+ ioapic_sbdf[IO_APIC_ID(apic)].pin_setup = xzalloc_array( - unsigned long, BITS_TO_LONGS(nr_ioapic_entries[apic])); - if ( nr_ioapic_entries[apic] && - !ioapic_sbdf[IO_APIC_ID(apic)].pin_setup ) diff --git a/kernels/xen/grub.conf b/kernels/xen/grub.conf index 9b13008d9..e456973db 100644 --- a/kernels/xen/grub.conf +++ b/kernels/xen/grub.conf @@ -1,2 +1,3 @@ #XEN_HYPERVISOR_CMDLINE="xsave=1" #XEN_LINUX_CMDLINE="console=tty0" +#XEN_LINUX_CMDLINE_OVERRIDE=0 diff --git a/kernels/xen/localgcc490fix.patch b/kernels/xen/localgcc490fix.patch new file mode 100644 index 000000000..c24cdddfb --- /dev/null +++ b/kernels/xen/localgcc490fix.patch @@ -0,0 +1,114 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'> +<head> +<title>xen.git - xen</title> +<meta name='generator' content='cgit v0.10.1'/> +<meta name='robots' content='index, nofollow'/> +<link rel='stylesheet' type='text/css' href='/cgit-data/cgit.css'/> +<link rel='shortcut icon' href='/favicon.ico'/> +<link rel='alternate' title='Atom feed' href='http://pkgs.fedoraproject.org/cgit/xen.git/atom/localgcc490fix.patch?h=master' type='application/atom+xml'/> +</head> +<body> +<div id='cgit'><table id='header'> +<tr> +<td class='logo' rowspan='2'><a href='/cgit/'><img src='/cgit-data/cgit.png' alt='cgit logo'/></a></td> +<td class='main'><a href='/cgit/'>index</a> : <a title='xen.git' href='/cgit/xen.git/'>xen.git</a></td><td class='form'><form method='get' action=''> +<select name='h' onchange='this.form.submit();'> +<option value='f10'>f10</option> +<option value='f11'>f11</option> +<option value='f12'>f12</option> +<option value='f13'>f13</option> +<option value='f14'>f14</option> +<option value='f15'>f15</option> +<option value='f16'>f16</option> +<option value='f17'>f17</option> +<option value='f18'>f18</option> +<option value='f19'>f19</option> +<option value='f20'>f20</option> +<option value='f7'>f7</option> +<option value='f8'>f8</option> +<option value='f9'>f9</option> +<option value='master' selected='selected'>master</option> +<option value='private-20060208-sct-branch'>private-20060208-sct-branch</option> +</select> <input type='submit' name='' value='switch'/></form></td></tr> +<tr><td class='sub'>xen</td><td class='sub right'>Jesse Keating</td></tr></table> +<table class='tabs'><tr><td> +<a href='/cgit/xen.git/'>summary</a><a href='/cgit/xen.git/refs/'>refs</a><a href='/cgit/xen.git/log/localgcc490fix.patch'>log</a><a class='active' href='/cgit/xen.git/tree/localgcc490fix.patch'>tree</a><a href='/cgit/xen.git/commit/localgcc490fix.patch'>commit</a><a href='/cgit/xen.git/diff/localgcc490fix.patch'>diff</a><a href='/cgit/xen.git/stats/localgcc490fix.patch'>stats</a></td><td class='form'><form class='right' method='get' action='/cgit/xen.git/log/localgcc490fix.patch'> +<select name='qt'> +<option value='grep'>log msg</option> +<option value='author'>author</option> +<option value='committer'>committer</option> +<option value='range'>range</option> +</select> +<input class='txt' type='text' size='10' name='q' value=''/> +<input type='submit' value='search'/> +</form> +</td></tr></table> +<div class='path'>path: <a href='/cgit/xen.git/tree/'>root</a>/<a href='/cgit/xen.git/tree/localgcc490fix.patch'>localgcc490fix.patch</a></div><div class='content'>blob: e34f4d723267328a82ea993aae117d6ce9ed8c6e (<a href='/cgit/xen.git/plain/localgcc490fix.patch'>plain</a>) +<table summary='blob content' class='blob'> +<tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a> +<a id='n2' href='#n2'>2</a> +<a id='n3' href='#n3'>3</a> +<a id='n4' href='#n4'>4</a> +<a id='n5' href='#n5'>5</a> +<a id='n6' href='#n6'>6</a> +<a id='n7' href='#n7'>7</a> +<a id='n8' href='#n8'>8</a> +<a id='n9' href='#n9'>9</a> +<a id='n10' href='#n10'>10</a> +<a id='n11' href='#n11'>11</a> +<a id='n12' href='#n12'>12</a> +<a id='n13' href='#n13'>13</a> +<a id='n14' href='#n14'>14</a> +<a id='n15' href='#n15'>15</a> +<a id='n16' href='#n16'>16</a> +<a id='n17' href='#n17'>17</a> +<a id='n18' href='#n18'>18</a> +<a id='n19' href='#n19'>19</a> +<a id='n20' href='#n20'>20</a> +<a id='n21' href='#n21'>21</a> +<a id='n22' href='#n22'>22</a> +<a id='n23' href='#n23'>23</a> +<a id='n24' href='#n24'>24</a> +<a id='n25' href='#n25'>25</a> +<a id='n26' href='#n26'>26</a> +<a id='n27' href='#n27'>27</a> +<a id='n28' href='#n28'>28</a> +<a id='n29' href='#n29'>29</a> +</pre></td> +<td class='lines'><pre><code>--- xen-4.4.0/Config.mk.orig 2014-04-29 20:54:43.117010822 +0100 ++++ xen-4.4.0/Config.mk 2014-04-29 20:58:23.100055325 +0100 +@@ -188,6 +188,8 @@ + CFLAGS += -std=gnu99 + + CFLAGS += -Wall -Wstrict-prototypes ++# add temporary build flags to identify build issues using gcc 4.9.0 ++CFLAGS += -Wno-error=maybe-uninitialized + + # Clang complains about macros that expand to 'if ( ( foo == bar ) ) ...' + # and is over-zealous with the printf format lint +--- xen-4.4.0/tools/blktap2/drivers/block-qcow.c.orig 2014-03-10 10:43:57.000000000 +0000 ++++ xen-4.4.0/tools/blktap2/drivers/block-qcow.c 2014-04-30 21:10:26.270699187 +0100 +@@ -427,6 +427,7 @@ + + if (posix_memalign((void **)&tmp_ptr, 4096, 4096) != 0) { + DPRINTF("ERROR allocating memory for L1 table\n"); ++ return -1; + } + memcpy(tmp_ptr, l1_ptr, 4096); + +@@ -600,6 +601,7 @@ + + if (posix_memalign((void **)&tmp_ptr2, 4096, 4096) != 0) { + DPRINTF("ERROR allocating memory for L1 table\n"); ++ return -1; + } + memcpy(tmp_ptr2, l2_ptr, 4096); + lseek(s->fd, l2_offset + (l2_sector << 12), SEEK_SET); +</code></pre></td></tr></table> +</div> <!-- class=content --> +<div class='footer'>generated by cgit v0.10.1 at 2014-05-04 21:13:33 (GMT)</div> +</div> <!-- id=cgit --> +</body> +</html> diff --git a/kernels/xen/pvh_pit_init.patch b/kernels/xen/pvh_pit_init.patch new file mode 100644 index 000000000..4f14e5ddf --- /dev/null +++ b/kernels/xen/pvh_pit_init.patch @@ -0,0 +1,107 @@ +From 3a148e0a7ee0ae56a498be5ba973314ec50cd999 Mon Sep 17 00:00:00 2001 +From: Mukesh Rathor <mukesh.rathor@oracle.com> +Date: Fri, 4 Apr 2014 10:36:29 +0200 +Subject: [PATCH] x86: call pit_init for pvh also + +During halt of a pvh guest, the guest may do speaker shutdown. This +results in call to handle_speaker_io in xen. It will hang on the vpit +spin lock because it has not been initialized. +Since, pit_init is also called for both pv and hvm, the call is +moved to a more generic place. + +Signed-off-by: Mukesh Rathor <mukesh.rathor@oracle.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +master commit: c30c544b199f70eada597c7352cdcb44648f6dcd +master date: 2014-03-11 13:56:50 +0100 +--- + xen/arch/x86/domain.c | 9 +++++---- + xen/arch/x86/hvm/hvm.c | 2 -- + xen/arch/x86/hvm/i8254.c | 3 +-- + xen/include/asm-x86/hvm/vpt.h | 2 +- + 4 files changed, 7 insertions(+), 9 deletions(-) + +diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c +index 6618ae6..bc073e5 100644 +--- a/xen/arch/x86/domain.c ++++ b/xen/arch/x86/domain.c +@@ -422,10 +422,6 @@ int vcpu_initialise(struct vcpu *v) + + /* PV guests by default have a 100Hz ticker. */ + v->periodic_period = MILLISECS(10); +- +- /* PV guests get an emulated PIT too for video BIOSes to use. */ +- if ( v->vcpu_id == 0 ) +- pit_init(v, cpu_khz); + } + + v->arch.schedule_tail = continue_nonidle_domain; +@@ -579,6 +575,9 @@ int arch_domain_create(struct domain *d, unsigned int domcr_flags) + tsc_set_info(d, TSC_MODE_DEFAULT, 0UL, 0, 0); + spin_lock_init(&d->arch.vtsc_lock); + ++ /* PV/PVH guests get an emulated PIT too for video BIOSes to use. */ ++ pit_init(d, cpu_khz); ++ + return 0; + + fail: +@@ -1980,6 +1979,8 @@ int domain_relinquish_resources(struct domain *d) + BUG(); + } + ++ pit_deinit(d); ++ + if ( has_hvm_container_domain(d) ) + hvm_domain_relinquish_resources(d); + +diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c +index 6150899..a666471 100644 +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -643,7 +643,6 @@ void hvm_domain_relinquish_resources(struct domain *d) + rtc_deinit(d); + if ( d->vcpu != NULL && d->vcpu[0] != NULL ) + { +- pit_deinit(d); + pmtimer_deinit(d); + hpet_deinit(d); + } +@@ -1217,7 +1216,6 @@ int hvm_vcpu_initialise(struct vcpu *v) + if ( v->vcpu_id == 0 ) + { + /* NB. All these really belong in hvm_domain_initialise(). */ +- pit_init(v, cpu_khz); + pmtimer_init(v); + hpet_init(v); + +diff --git a/xen/arch/x86/hvm/i8254.c b/xen/arch/x86/hvm/i8254.c +index c0d6bc2..f7493b8 100644 +--- a/xen/arch/x86/hvm/i8254.c ++++ b/xen/arch/x86/hvm/i8254.c +@@ -447,9 +447,8 @@ void pit_reset(struct domain *d) + spin_unlock(&pit->lock); + } + +-void pit_init(struct vcpu *v, unsigned long cpu_khz) ++void pit_init(struct domain *d, unsigned long cpu_khz) + { +- struct domain *d = v->domain; + PITState *pit = domain_vpit(d); + + spin_lock_init(&pit->lock); +diff --git a/xen/include/asm-x86/hvm/vpt.h b/xen/include/asm-x86/hvm/vpt.h +index 87c3a66..9f3ec8d 100644 +--- a/xen/include/asm-x86/hvm/vpt.h ++++ b/xen/include/asm-x86/hvm/vpt.h +@@ -175,7 +175,7 @@ void destroy_periodic_time(struct periodic_time *pt); + int pv_pit_handler(int port, int data, int write); + void pit_reset(struct domain *d); + +-void pit_init(struct vcpu *v, unsigned long cpu_khz); ++void pit_init(struct domain *d, unsigned long cpu_khz); + void pit_stop_channel0_irq(PITState * pit); + void pit_deinit(struct domain *d); + void rtc_init(struct domain *d); +-- +1.7.2.5 + diff --git a/kernels/xen/xen.install b/kernels/xen/xen.install index f1a34d522..aabe063c3 100644 --- a/kernels/xen/xen.install +++ b/kernels/xen/xen.install @@ -1,6 +1,6 @@ install_msg() { cat << __EOF__ -===> IMPORTANT NOTICE: +===> IMPORTANT NOTICES: In order to complete the installation, and enable Xen, at the very least you must: @@ -11,6 +11,7 @@ at the very least you must: systemctl enable xenconsoled.service 3. If you want some domains to automatically start up/shutdown, run the following: systemctl enable xendomains.service +4. xen 4.4 no longer includes the xend daemon or the xm binary For more information refer to the Wiki: https://wiki.parabolagnulinux.org/index.php/Xen @@ -28,8 +29,15 @@ Note: If you are upgrading from one of the previous 4.2 xen builds, and are havi line into your domain config file: device_model_version = "qemu-xen-traditional" - Also remember to rebuild your grub configuration if upgrading from a non-xen 4.3.1 + Also remember to rebuild your grub configuration if upgrading from a non-xen 4.4.0 install. + + xen 4.4 no longer includes the xend daemon or the xm toolset + + This install is now using a new version of the 09_xen file, used when generating + a new grub.cfg file. The new version inherits the default linux-libre kernel command + line settings; to use the old method, uncomment the 'XEN_LINUX_CMDLINE_OVERRIDE' + option in /etc/xen/grub.conf and change the '0' to '1' __EOF__ } @@ -58,7 +66,7 @@ post_remove() { ===> IMPORTANT NOTICE: In order to finish removing Xen, you will need to modify -your bootloader configuration files to load your Linux +your bootloader configuration files to load your Linux-libre kernel instead of Xen kernel. __EOF__ } diff --git a/kernels/xen/xendomains.patch b/kernels/xen/xendomains.patch deleted file mode 100644 index 16f62b65a..000000000 --- a/kernels/xen/xendomains.patch +++ /dev/null @@ -1,108 +0,0 @@ ---- xen-4.3.1.orig/tools/hotplug/Linux/init.d/xendomains 2013-07-19 14:52:52.159013757 -0500 -+++ xen-4.3.1/tools/hotplug/Linux/init.d/xendomains 2013-07-19 14:56:00.079145322 -0500 -@@ -51,17 +51,13 @@ - fi - - # See docs/misc/distro_mapping.txt --if [ -d /var/lock/subsys ]; then -- LOCKFILE=/var/lock/subsys/xendomains -+if [ -d /run/lock/subsys ]; then -+ LOCKFILE=/run/lock/subsys/xendomains - else -- LOCKFILE=/var/lock/xendomains -+ LOCKFILE=/run/lock/xendomains - fi - --if [ -d /etc/sysconfig ]; then -- XENDOM_CONFIG=/etc/sysconfig/xendomains --else -- XENDOM_CONFIG=/etc/default/xendomains --fi -+XENDOM_CONFIG=/etc/conf.d/xendomains - - test -r $XENDOM_CONFIG || { echo "$XENDOM_CONFIG not existing"; - if [ "$1" = "stop" ]; then exit 0; -@@ -185,8 +181,13 @@ - # read name from xen config file - rdname() - { -- NM=$($CMD create --quiet --dryrun --defconfig "$1" | -- sed -n 's/^.*(name \(.*\))$/\1/p') -+ if [ "$CMD" == "xm" ]; then -+ NM=$($CMD create --quiet --dryrun --defconfig "$1" | -+ sed -n 's/^.*(name \(.*\))$/\1/p') -+ else -+ NM=$($CMD create --quiet --dryrun --defconfig "$1" | -+ perl -pe 's|^.*"name":"(.*?)".*$|$1|') -+ fi - } - - rdnames() -@@ -229,15 +230,15 @@ - rdname $1 - RC=1 - name=;id= -- while read LN; do -- parseln "$LN" || continue -+ while read id; do - if test $id = 0; then continue; fi -+ name=`xenstore-read /local/domain/$id/name` - case $name in - ($NM) - RC=0 - ;; - esac -- done < <($CMD list -l | grep "$LIST_GREP") -+ done < <(xenstore-list /local/domain) - return $RC - } - -@@ -312,6 +313,8 @@ - - all_zombies() - { -+ return 0 -+ - name=;id= - while read LN; do - parseln "$LN" || continue -@@ -363,9 +366,9 @@ - fi - echo -n "Shutting down Xen domains:" - name=;id= -- while read LN; do -- parseln "$LN" || continue -+ while read id; do - if test $id = 0; then continue; fi -+ name=`xenstore-read /local/domain/$id/name` - echo -n " $name" - if test "$XENDOMAINS_AUTO_ONLY" = "true"; then - eval " -@@ -450,7 +453,7 @@ - fi - kill $WDOG_PID >/dev/null 2>&1 - fi -- done < <($CMD list -l | grep "$LIST_GREP") -+ done < <(xenstore-list /local/domain) - - # NB. this shuts down ALL Xen domains (politely), not just the ones in - # AUTODIR/* -@@ -479,15 +482,15 @@ - check_domain_up() - { - name=;id= -- while read LN; do -- parseln "$LN" || continue -+ while read id; do - if test $id = 0; then continue; fi -+ name=`xenstore-read /local/domain/$id/name` - case $name in - ($1) - return 0 - ;; - esac -- done < <($CMD list -l | grep "$LIST_GREP") -+ done < <(xenstore-list /local/domain) - return 1 - } - diff --git a/kernels/xen/xenstored.service b/kernels/xen/xenstored.service index 46e0b3226..b090ce860 100644 --- a/kernels/xen/xenstored.service +++ b/kernels/xen/xenstored.service @@ -15,6 +15,7 @@ PIDFile=/run/xenstored.pid ExecStartPre=/usr/bin/grep -q control_d /proc/xen/capabilities ExecStart=/usr/bin/xenstored --pid-file /run/xenstored.pid $XENSTORED_ARGS ExecStartPost=/usr/bin/xenstore-write "/local/domain/0/name" "$XENDOM0_NAME" +ExecStartPost=/usr/bin/xenstore-write "/local/domain/0/domid" 0 [Install] WantedBy=multi-user.target diff --git a/kernels/xen/xsa89.patch b/kernels/xen/xsa89.patch new file mode 100644 index 000000000..3443e3360 --- /dev/null +++ b/kernels/xen/xsa89.patch @@ -0,0 +1,96 @@ +x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access() + +Processing up to 4G PFNs may take almost arbitrarily long, so +preemption is needed here. + +This is XSA-89. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Tim Deegan <tim@xen.org> + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -4593,6 +4593,15 @@ long do_hvm_op(unsigned long op, XEN_GUE + goto param_fail5; + + rc = p2m_set_mem_access(d, a.first_pfn, a.nr, a.hvmmem_access); ++ if ( rc > 0 ) ++ { ++ a.first_pfn += a.nr - rc; ++ a.nr = rc; ++ if ( __copy_to_guest(arg, &a, 1) ) ++ rc = -EFAULT; ++ else ++ rc = -EAGAIN; ++ } + + param_fail5: + rcu_unlock_domain(d); +--- a/xen/arch/x86/mm/p2m.c ++++ b/xen/arch/x86/mm/p2m.c +@@ -1333,15 +1333,14 @@ void p2m_mem_access_resume(struct domain + + /* Set access type for a region of pfns. + * If start_pfn == -1ul, sets the default access type */ +-int p2m_set_mem_access(struct domain *d, unsigned long start_pfn, +- uint32_t nr, hvmmem_access_t access) ++long p2m_set_mem_access(struct domain *d, unsigned long pfn, uint32_t nr, ++ hvmmem_access_t access) + { + struct p2m_domain *p2m = p2m_get_hostp2m(d); +- unsigned long pfn; + p2m_access_t a, _a; + p2m_type_t t; + mfn_t mfn; +- int rc = 0; ++ long rc; + + /* N.B. _not_ static: initializer depends on p2m->default_access */ + p2m_access_t memaccess[] = { +@@ -1364,14 +1363,17 @@ int p2m_set_mem_access(struct domain *d, + a = memaccess[access]; + + /* If request to set default access */ +- if ( start_pfn == ~0ull ) ++ if ( pfn == ~0ul ) + { + p2m->default_access = a; + return 0; + } + ++ if ( !nr ) ++ return 0; ++ + p2m_lock(p2m); +- for ( pfn = start_pfn; pfn < start_pfn + nr; pfn++ ) ++ for ( ; ; ++pfn ) + { + mfn = p2m->get_entry(p2m, pfn, &t, &_a, 0, NULL); + if ( p2m->set_entry(p2m, pfn, mfn, PAGE_ORDER_4K, t, a) == 0 ) +@@ -1379,6 +1381,13 @@ int p2m_set_mem_access(struct domain *d, + rc = -ENOMEM; + break; + } ++ ++ /* Check for continuation if it's not the last interation. */ ++ if ( !--nr || hypercall_preempt_check() ) ++ { ++ rc = nr; ++ break; ++ } + } + p2m_unlock(p2m); + return rc; +--- a/xen/include/asm-x86/p2m.h ++++ b/xen/include/asm-x86/p2m.h +@@ -576,8 +576,8 @@ void p2m_mem_access_resume(struct domain + + /* Set access type for a region of pfns. + * If start_pfn == -1ul, sets the default access type */ +-int p2m_set_mem_access(struct domain *d, unsigned long start_pfn, +- uint32_t nr, hvmmem_access_t access); ++long p2m_set_mem_access(struct domain *d, unsigned long start_pfn, ++ uint32_t nr, hvmmem_access_t access); + + /* Get access type for a pfn + * If pfn == -1ul, gets the default access type */ diff --git a/kernels/xen/xsa92.patch b/kernels/xen/xsa92.patch new file mode 100644 index 000000000..60ef934aa --- /dev/null +++ b/kernels/xen/xsa92.patch @@ -0,0 +1,36 @@ +x86/HVM: restrict HVMOP_set_mem_type + +Permitting arbitrary type changes here has the potential of creating +present P2M (and hence EPT/NPT/IOMMU) entries pointing to an invalid +MFN (INVALID_MFN truncated to the respective hardware structure field's +width). This would become a problem the latest when something real sat +at the end of the physical address space; I'm suspecting though that +other things might break with such bogus entries. + +Along with that drop a bogus (and otherwise becoming stale) log +message. + +Afaict the similar operation in p2m_set_mem_access() is safe. + +This is XSA-92. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Tim Deegan <tim@xen.org> + +--- a/xen/arch/x86/hvm/hvm.c ++++ b/xen/arch/x86/hvm/hvm.c +@@ -4541,12 +4541,10 @@ long do_hvm_op(unsigned long op, XEN_GUE + rc = -EINVAL; + goto param_fail4; + } +- if ( p2m_is_grant(t) ) ++ if ( !p2m_is_ram(t) && ++ (!p2m_is_hole(t) || a.hvmmem_type != HVMMEM_mmio_dm) ) + { + put_gfn(d, pfn); +- gdprintk(XENLOG_WARNING, +- "type for pfn %#lx changed to grant while " +- "we were working?\n", pfn); + goto param_fail4; + } + else |