diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2016-02-29 10:54:26 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2016-02-29 10:56:42 +0000 |
commit | 8de87f6fcb13498bc4cc667709aa9e481f087f7a (patch) | |
tree | 9266c8b31eb781dd1a4a686d91559a876f3846ec | |
parent | e717081f1798fd41760d622601fd17541664d317 (diff) | |
download | aports-8de87f6fcb13498bc4cc667709aa9e481f087f7a.tar.bz2 aports-8de87f6fcb13498bc4cc667709aa9e481f087f7a.tar.xz |
main/xen: upgrade to 4.6.1
-rw-r--r-- | main/xen/APKBUILD | 82 | ||||
-rw-r--r-- | main/xen/gcc5-ipxe.patch | 55 | ||||
-rw-r--r-- | main/xen/qemu-xen-musl-openpty.patch | 42 | ||||
-rw-r--r-- | main/xen/xsa148.patch | 39 | ||||
-rw-r--r-- | main/xen/xsa149.patch | 20 | ||||
-rw-r--r-- | main/xen/xsa150.patch | 201 | ||||
-rw-r--r-- | main/xen/xsa151.patch | 28 | ||||
-rw-r--r-- | main/xen/xsa152.patch | 66 | ||||
-rw-r--r-- | main/xen/xsa153-libxl.patch | 86 | ||||
-rw-r--r-- | main/xen/xsa154-4.6.patch (renamed from main/xen/xsa154.patch) | 0 | ||||
-rw-r--r-- | main/xen/xsa156.patch | 127 | ||||
-rw-r--r-- | main/xen/xsa159.patch | 47 | ||||
-rw-r--r-- | main/xen/xsa160.patch | 69 | ||||
-rw-r--r-- | main/xen/xsa164.patch | 34 | ||||
-rw-r--r-- | main/xen/xsa165.patch | 85 | ||||
-rw-r--r-- | main/xen/xsa167.patch | 77 | ||||
-rw-r--r-- | main/xen/xsa168.patch | 27 | ||||
-rw-r--r-- | main/xen/xsa169.patch | 33 |
18 files changed, 19 insertions, 1099 deletions
diff --git a/main/xen/APKBUILD b/main/xen/APKBUILD index 36d103e7da..de55a1e677 100644 --- a/main/xen/APKBUILD +++ b/main/xen/APKBUILD @@ -2,8 +2,8 @@ # Contributor: Roger Pau Monne <roger.pau@entel.upc.edu> # Maintainer: William Pitcock <nenolod@dereferenced.org> pkgname=xen -pkgver=4.6.0 -pkgrel=5 +pkgver=4.6.1 +pkgrel=0 pkgdesc="Xen hypervisor" url="http://www.xen.org/" arch="x86_64" @@ -42,23 +42,10 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g http://xenbits.xen.org/xen-extfiles/zlib-$_ZLIB_VERSION.tar.gz http://xenbits.xen.org/xen-extfiles/ipxe-git-$_IPXE_GIT_TAG.tar.gz - xsa148.patch - xsa149.patch - xsa150.patch - xsa151.patch - xsa152.patch - xsa153-libxl.patch - xsa154.patch + xsa154-4.6.patch xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch - xsa156.patch - xsa159.patch - xsa160.patch - xsa165.patch - xsa167.patch - xsa168.patch - xsa169.patch xsa170.patch qemu-coroutine-gthread.patch @@ -93,12 +80,13 @@ source="http://bits.xensource.com/oss-xen/release/$pkgver/$pkgname-$pkgver.tar.g _builddir="$srcdir"/$pkgname-$pkgver _seabios=/usr/share/seabios/bios-256k.bin prepare() { - local i + local i _failed= cd "$_builddir" for i in $source; do case $i in - *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1 + *.patch) msg $i; patch -s -N -p1 -i "$srcdir"/$i \ + || _failed="$_failed $i" ;; */ipxe-git-*) ln -s "$srcdir"/${i##*/} \ @@ -109,6 +97,13 @@ prepare() { ;; esac done + if [ -n "$_failed" ]; then + error "Patches failed:" + for i in $_failed; do + echo $i + done + return 1 + fi # install our stdint_local.h and elf_local.h install "$srcdir"/stdint_local.h "$srcdir"/elf_local.h \ @@ -238,7 +233,7 @@ hypervisor() { mv "$pkgdir"/boot "$subpkgdir"/ } -md5sums="48e232f90927c08326a7b52bb06f49bc xen-4.6.0.tar.gz +md5sums="df2d854c3c90ffeefaf71e7f868fb326 xen-4.6.1.tar.gz dd60683d7057917e34630b4a787932e8 gmp-4.3.2.tar.bz2 cd3f3eb54446be6003156158d51f4884 grub-0.97.tar.gz 36cc57650cffda9a0269493be2a169bb lwip-1.3.0.tar.gz @@ -248,23 +243,10 @@ cec05e7785497c5e19da2f114b934ffd pciutils-2.2.9.tar.bz2 e26becb8a6a2b6695f6b3e8097593db8 tpm_emulator-0.7.4.tar.gz debc62758716a169df9f62e6ab2bc634 zlib-1.2.3.tar.gz 7496268cebf47d5c9ccb0696e3b26065 ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz -6e302a683e89f320c07a4819aa7247f1 xsa148.patch -92b0a8119ddec698291498fc4d14c5aa xsa149.patch -ebd65969e47ea94480d031481521259f xsa150.patch -b9c287c042317017f201a45193fdcf17 xsa151.patch -161a985c52ca2db47c09ae3245f8bceb xsa152.patch -e5ddc6b5a2c7ef0437812ce39cb55034 xsa153-libxl.patch -2109cf26a61f99158615d0e8566aa7d9 xsa154.patch +2109cf26a61f99158615d0e8566aa7d9 xsa154-4.6.patch 8e87b1bcd1e5c057c8d7ad41010c27f1 xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch 48be8e53712d8656549fcdf1a96ffdec xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch 21448f920d1643580e261ac3650d1ef9 xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch -ea188fa0ada9e5217f166dc3f0b8102c xsa156.patch -9dad98f18893ab696e7a26e5d2a707b2 xsa159.patch -7c53a997967656b10a3b2494c3f5a96d xsa160.patch -7f5cc2a2e8e7fe705ae8764595065ff0 xsa165.patch -e3423c61854be1658ea7aa596594c2d1 xsa167.patch -b837726ce186fa61cfe7238b225b0335 xsa168.patch -0931b87a6b9ba846c5797dbbbacdf324 xsa169.patch e0fd8934b37592a6a3e6ab107a2ab41a xsa170.patch de1a3db370b87cfb0bddb51796b50315 qemu-coroutine-gthread.patch 08bfdf8caff5d631f53660bf3fd4edaf qemu-xen_paths.patch @@ -288,7 +270,7 @@ dcdd1de2c29e469e834a02ede4f47806 xendomains.confd 9df68ac65dc3f372f5d61183abdc83ff xen-consoles.logrotate 6a2f777c16678d84039acf670d86fff6 xenqemu.confd e1c9e1c83a5cc49224608a48060bd677 xenqemu.initd" -sha256sums="6fa1c2431df55aa5950d248e6093b8c8c0f11c357a0adbd348a2186478e80909 xen-4.6.0.tar.gz +sha256sums="44cc2fccba1e147ef4c8da0584ce0f24189c8743de0e3e9a9226da88ddb5f589 xen-4.6.1.tar.gz 936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775 gmp-4.3.2.tar.bz2 4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b grub-0.97.tar.gz 772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f lwip-1.3.0.tar.gz @@ -298,23 +280,10 @@ f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24 pciutils-2.2.9 4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459 tpm_emulator-0.7.4.tar.gz 1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e zlib-1.2.3.tar.gz 632ce8c193ccacc3012bd354bdb733a4be126f7c098e111930aa41dad537405c ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz -f320d105a4832124910f46c50acd4803fe289bd7c4702ec15f97fb611b70944d xsa148.patch -e01628400b81c4bb7bafba348f2ecb1fe80f16e3162cee5013e0be1d7311738b xsa149.patch -9054215f08cab48d2523efb456eb3c93ca6ac580d661f6e4f1feca115c67afa8 xsa150.patch -e247a9dbbe236ffa3c5aa5e2d41047fa67da80f2b0474eef3440b5b3da2d5617 xsa151.patch -596f51797aa591b5abd068ead03e21215cf70997c98a4a562392499afe47b81c xsa152.patch -f5cbc98cba758e10da0a01d9379012ec56b98a85a92bfeb0c6b8132d4b91ce77 xsa153-libxl.patch -eec88c2a57466f83a81844cb7025f70c2b671d07a75d85487d4ed73cdabbb020 xsa154.patch +eec88c2a57466f83a81844cb7025f70c2b671d07a75d85487d4ed73cdabbb020 xsa154-4.6.patch e52467fcec73bcc86d3e96d06f8ca8085ae56a83d2c42a30c16bc3dc630d8f8a xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch eae34c8ccc096ad93a74190506b3d55020a88afb0cc504a3a514590e9fd746fd xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch 42780265014085a4221ad32b026214693d751789eb5219e2e83862c0006c66f4 xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch -d92729ca9174f7d1d8c6fd31321d1a58696c0630e87420539c32f7718b9e8ee8 xsa156.patch -05c35871c1430e9cfdbee049411b23fca6c64c5bc9f112d7508afe5cbd289cef xsa159.patch -40362873b7fa2c1450596ef9ea23c73f80608b77ca50b89e62daf46c131fcee6 xsa160.patch -4bb18f2e44f49f140932c2d1e956e2e28017439cbb0e76eb16a8af617c4112ac xsa165.patch -2bd786cccfd13c6732d6db8afc9e18058465efcb1bc93f894c359e3a820d5403 xsa167.patch -c95198a66485d6e538d113ce2b84630d77c15f597113c38fadd6bf1e24e4c8ec xsa168.patch -b818922880313cdbc12ea68ae757da5eabed9b3c9e1f8acefe1653683545ccbe xsa169.patch 77b4b14b2c93da5f68e724cf74e1616f7df2e78305f66d164b3de2d980221a9a xsa170.patch 3941f99b49c7e8dafc9fae8aad2136a14c6d84533cd542cc5f1040a41ef7c6fe qemu-coroutine-gthread.patch e4e5e838e259a3116978aabbcebc1865a895179a7fcbf4bad195c83e9b4c0f98 qemu-xen_paths.patch @@ -338,7 +307,7 @@ d13719093a2c3824525f36ac91ac3c9bd1154e5ba0974e5441e4a2ab5e883521 xenconsoled.in 0da87a4b9094f934e3de937e8ef8d3afc752e76793aa3d730182d0241e118b19 xen-consoles.logrotate 4cfcddcade5d055422ab4543e8caa6e5c5eee7625c41880a9000b7a87c7c424e xenqemu.confd c92bbb1166edd61141fdf678116974209c4422daf373cdd5bc438aa4adb25b8d xenqemu.initd" -sha512sums="b4b02f306ffea360f539dd8c231b2f58c00c3638fdb665cb659c7291b475b40f1075bc59d49a6144767729e57b8bc40a1cfd9030d61de2b8fa4ac97d43655c2b xen-4.6.0.tar.gz +sha512sums="f01a0b7874abf8b3a81432428d7ba2d5aceb9d75ae20310f8ef49a3a0df927720a51d49090f74fda7f374c779e121ad26da6966a6f2623ed1a7743b4c080427c xen-4.6.1.tar.gz 2e0b0fd23e6f10742a5517981e5171c6e88b0a93c83da701b296f5c0861d72c19782daab589a7eac3f9032152a0fc7eff7f5362db8fccc4859564a9aa82329cf gmp-4.3.2.tar.bz2 c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a3628bd00ba4d14a54742bc04848110eb3ae8ca25dbfbaabadb grub-0.97.tar.gz 1465b58279af1647f909450e394fe002ca165f0ff4a0254bfa9fe0e64316f50facdde2729d79a4e632565b4500cf4d6c74192ac0dd3bc9fe09129bbd67ba089d lwip-1.3.0.tar.gz @@ -348,23 +317,10 @@ c2bc9ffc8583aeae71cee9ddcc4418969768d4e3764d47307da54f93981c0109fb07d84b061b3a36 4928b5b82f57645be9408362706ff2c4d9baa635b21b0d41b1c82930e8c60a759b1ea4fa74d7e6c7cae1b7692d006aa5cb72df0c3b88bf049779aa2b566f9d35 tpm_emulator-0.7.4.tar.gz 021b958fcd0d346c4ba761bcf0cc40f3522de6186cf5a0a6ea34a70504ce9622b1c2626fce40675bc8282cf5f5ade18473656abc38050f72f5d6480507a2106e zlib-1.2.3.tar.gz c5cb1cdff40d2d71fd3e692a9d0efadf2aa17290daf5195391a1c81ddd9dfc913a8e44d5be2b12be85b2a5565ea31631c99c7053564f2fb2225c80ea0bb0e4a4 ipxe-git-9a93db3f0947484e30e753bbd61a10b17336e20e.tar.gz -f6d1753641741c6d921ec6ba4acd9ac9df511ef1a7ca7c21fb3498a2b7b8758827b9d8cb19543ffda0125b632c7ac8004366ba47036ecb7c66c5723143e125e5 xsa148.patch -86c19dbab57c9dee5443ba10fcea38d35e0bef821a502d916684f9010b530101af4386db88f2fa90a252812fa2722da9450964747eb7204ee23a94369e58ec72 xsa149.patch -8c4a588764c5829d4722766e9766fe769e93e21b5b027578ffdfac3e85c8cdf11281cf4b3a28de4fbbb64ab102f13ed55f029d11201a7fe8ecd1b5c94b6134ec xsa150.patch -d1d6f11ff4c108d57de408cd75a818eeb124b3788c480bee6eb46ffdb18ef53a5dd96588f961f3336881d38c07908fae7c4042d8ee7267704647b306180aaebf xsa151.patch -e442c062b6bcf54761784649d3b21df2b4e46b7e1d94ab7375e227e65d6741b5457a838e72569ab9e49fb0ca57063226652f9efd4331356b822d686829682faa xsa152.patch -a33a184fdb1588ee17ddaab53dd45f9e68b2523f99278de7e8a403b36ce2dd71efcccae1c94b4b196f5d83d6423766a23e48fbf0a6a2e1dd681313edb0d1c399 xsa153-libxl.patch -fde4c58acb857bd4eec807a78bee356a02358174e8c52a66555a6ad9cf5670b43391429ff973e74d27ee43a27c338b89bc3e63d2d821ee85682d8799d3bdd35c xsa154.patch +fde4c58acb857bd4eec807a78bee356a02358174e8c52a66555a6ad9cf5670b43391429ff973e74d27ee43a27c338b89bc3e63d2d821ee85682d8799d3bdd35c xsa154-4.6.patch 96574c07cc31b11cddbe90bbfd0ff92ec9a2aa52903f74258e1291c1dec91e85c65c18ce10ed85aa659e3c363a460375153f2f45f1bbc4cebcc904398518a8f4 xsa155-xen-0001-xen-Add-RING_COPY_REQUEST.patch d64d7e0dd96e31fa45d9d9b0cad9c543484709d699d9ab2efe1992f9375e8e0d67b0164e9ea8d3e75998388964f2fbfd96b5520a4acf13804dcf8c3472e37791 xsa155-xen-0002-blktap2-Use-RING_COPY_REQUEST.patch cad6b571ccca123e2a797cf82669ad0fe2e1ec99b7a68396beb3a2279e2cf87d8f0cf75e22dcd98238dd5031b2c7e9cb86d02ecaa82ae973fba6d26b2acfb514 xsa155-xen-0003-libvchan-Read-prod-cons-only-once.patch -a879a7c8f5a1a49d5c1dc9c80ca5a7086b68f5cfa1938819ec93f354f2ba916862e8a553822f0e8d004fe90cf389c37675fc2c523157ad8a2426f60dcc03715d xsa156.patch -82a8cd774078b201e3ca854b2419d5c2e69d8168066dcf0cf2c7373b649a9c0325b568cb7434b0f50e10dcc965a0557e845309dd1ddb9925950f386b12249d5d xsa159.patch -91819a014821ff1b468a0e116edf657ea4db64b095637da1886caa3b8b29ffda8d00915e808508d8ecd526be9ce325b7e9733c220fba2b2cfaaee0977b1d9454 xsa160.patch -ecd47873290937ce13b6d4f23751c62a7fe16a5f0c9a3d895b91b8c9065829883333181755240298a1bb4cfdb8414d431422d1a2a7fbd390707b373d5ca1a9a9 xsa165.patch -5e908dc801eb5d15c59156c6d3bbe24df21acb39ef3a337b43e0f5bc0bbeaee78c9dc8352880251379dddbe203acbd8762abee954ede25dfaf032c6959c8fe09 xsa167.patch -c55ee924b21edf54ce3c873d952a20f32f851661a13514528d42d2ef36767cfa9e31b1a42a4e0f40ff1011c692c406155fcc59be0c43fd44973cd0a5acee2ac7 xsa168.patch -5bc99d5b4e8e57852c88401c49cc97f82706763f88682ed8faad6344fb0e17782ed7ba063fd463c3da46e28994af11e575ce6e02aa957ff042e3c86269d15acc xsa169.patch 09a6defca0f32319dddf4325fb0105a468517a7150c8a8ea287677b4a55f09bf776f5aa673bae22a0708537cf075d5e2143a24aa1b08629ef911a7cdfd8376f0 xsa170.patch c3c46f232f0bd9f767b232af7e8ce910a6166b126bd5427bb8dc325aeb2c634b956de3fc225cab5af72649070c8205cc8e1cab7689fc266c204f525086f1a562 qemu-coroutine-gthread.patch 1936ab39a1867957fa640eb81c4070214ca4856a2743ba7e49c0cd017917071a9680d015f002c57fa7b9600dbadd29dcea5887f50e6c133305df2669a7a933f3 qemu-xen_paths.patch diff --git a/main/xen/gcc5-ipxe.patch b/main/xen/gcc5-ipxe.patch deleted file mode 100644 index 1135e765e6..0000000000 --- a/main/xen/gcc5-ipxe.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff --git a/tools/firmware/etherboot/patches/gcc5.patch b/tools/firmware/etherboot/patches/gcc5.patch -new file mode 100644 -index 0000000..e091f4b ---- /dev/null -+++ b/tools/firmware/etherboot/patches/gcc5.patch -@@ -0,0 +1,39 @@ -+--- ipxe.orig/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c 2011-12-11 03:28:04.000000000 +0100
-++++ ipxe/src/drivers/net/ath/ath9k/ath9k_ar9003_phy.c 2015-05-25 10:33:05.576229086 +0200
-+@@ -859,7 +859,7 @@
-+ REG_CLR_BIT(ah, AR_PHY_SFCORR_LOW,
-+ AR_PHY_SFCORR_LOW_USE_SELF_CORR_LOW);
-+
-+- if (!on != aniState->ofdmWeakSigDetectOff) {
-++ if ((!on) != aniState->ofdmWeakSigDetectOff) {
-+ DBG2("ath9k: "
-+ "** ch %d: ofdm weak signal: %s=>%s\n",
-+ chan->channel,
-+@@ -1013,7 +1013,7 @@
-+ AR_PHY_MRC_CCK_ENABLE, is_on);
-+ REG_RMW_FIELD(ah, AR_PHY_MRC_CCK_CTRL,
-+ AR_PHY_MRC_CCK_MUX_REG, is_on);
-+- if (!is_on != aniState->mrcCCKOff) {
-++ if ((!is_on) != aniState->mrcCCKOff) {
-+ DBG2("ath9k: "
-+ "** ch %d: MRC CCK: %s=>%s\n",
-+ chan->channel,--- ipxe.orig/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c 2011-12-11 03:28:04.000000000 +0100
-++++ ipxe/src/drivers/net/ath/ath9k/ath9k_ar5008_phy.c 2015-05-25 11:14:30.732759966 +0200
-+@@ -1141,7 +1141,7 @@
-+ REG_CLR_BIT(ah, AR_PHY_SFCORR_LOW,
-+ AR_PHY_SFCORR_LOW_USE_SELF_CORR_LOW);
-+
-+- if (!on != aniState->ofdmWeakSigDetectOff) {
-++ if ((!on) != aniState->ofdmWeakSigDetectOff) {
-+ if (on)
-+ ah->stats.ast_ani_ofdmon++;
-+ else
-+@@ -1307,7 +1307,7 @@
-+ REG_CLR_BIT(ah, AR_PHY_SFCORR_LOW,
-+ AR_PHY_SFCORR_LOW_USE_SELF_CORR_LOW);
-+
-+- if (!on != aniState->ofdmWeakSigDetectOff) {
-++ if ((!on) != aniState->ofdmWeakSigDetectOff) {
-+ DBG2("ath9k: "
-+ "** ch %d: ofdm weak signal: %s=>%s\n",
-+ chan->channel, -\ No newline at end of file -diff --git a/tools/firmware/etherboot/patches/series b/tools/firmware/etherboot/patches/series -index 154e65b..73c9447 100644 ---- a/tools/firmware/etherboot/patches/series -+++ b/tools/firmware/etherboot/patches/series -@@ -4,3 +4,4 @@ build_fix_2.patch - build_fix_3.patch - no-clobber-ebp.patch - no-clobber-ebp2.patch -+gcc5.patch diff --git a/main/xen/qemu-xen-musl-openpty.patch b/main/xen/qemu-xen-musl-openpty.patch deleted file mode 100644 index bb23810551..0000000000 --- a/main/xen/qemu-xen-musl-openpty.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 828ca41769f5070bec903db348647a47d2e0515e Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Tue, 29 Apr 2014 10:14:57 +0200 -Subject: [PATCH] util/qemu-openpty: fix build with musl libc by include - termios.h as fallback - -Include termios.h as POSIX fallback when not glibc, bsd or solaris. -POSIX says that termios.h should define struct termios and TCAFLUSH. -http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/termios.h.html - -This fixes the following compile errors with musl libc: - -util/qemu-openpty.c: In function 'qemu_openpty_raw': -util/qemu-openpty.c:112:20: error: storage size of 'tty' isn't known - struct termios tty; - ^ -... -util/qemu-openpty.c:128:24: error: 'TCSAFLUSH' undeclared (first use in this function) - tcsetattr(*aslave, TCSAFLUSH, &tty); - ^ - -Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> ---- - util/qemu-openpty.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/util/qemu-openpty.c b/util/qemu-openpty.c -index 4febfe9..4c53211 100644 ---- a/tools/qemu-xen/util/qemu-openpty.c -+++ b/tools/qemu-xen/util/qemu-openpty.c -@@ -47,6 +47,8 @@ - #elif defined CONFIG_SOLARIS - # include <termios.h> - # include <stropts.h> -+#else -+# include <termios.h> - #endif - - #ifdef __sun__ --- -2.1.2 - diff --git a/main/xen/xsa148.patch b/main/xen/xsa148.patch deleted file mode 100644 index 3b6843a8e2..0000000000 --- a/main/xen/xsa148.patch +++ /dev/null @@ -1,39 +0,0 @@ -x86: guard against undue super page PTE creation - -When optional super page support got added (commit bd1cd81d64 "x86: PV -support for hugepages"), two adjustments were missed: mod_l2_entry() -needs to consider the PSE and RW bits when deciding whether to use the -fast path, and the PSE bit must not be removed from L2_DISALLOW_MASK -unconditionally. - -This is XSA-148. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Tim Deegan <tim@xen.org> - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -160,7 +160,10 @@ static void put_superpage(unsigned long - static uint32_t base_disallow_mask; - /* Global bit is allowed to be set on L1 PTEs. Intended for user mappings. */ - #define L1_DISALLOW_MASK ((base_disallow_mask | _PAGE_GNTTAB) & ~_PAGE_GLOBAL) --#define L2_DISALLOW_MASK (base_disallow_mask & ~_PAGE_PSE) -+ -+#define L2_DISALLOW_MASK (unlikely(opt_allow_superpage) \ -+ ? base_disallow_mask & ~_PAGE_PSE \ -+ : base_disallow_mask) - - #define l3_disallow_mask(d) (!is_pv_32bit_domain(d) ? \ - base_disallow_mask : 0xFFFFF198U) -@@ -1841,7 +1844,10 @@ static int mod_l2_entry(l2_pgentry_t *pl - } - - /* Fast path for identical mapping and presence. */ -- if ( !l2e_has_changed(ol2e, nl2e, _PAGE_PRESENT) ) -+ if ( !l2e_has_changed(ol2e, nl2e, -+ unlikely(opt_allow_superpage) -+ ? _PAGE_PSE | _PAGE_RW | _PAGE_PRESENT -+ : _PAGE_PRESENT) ) - { - adjust_guest_l2e(nl2e, d); - if ( UPDATE_ENTRY(l2, pl2e, ol2e, nl2e, pfn, vcpu, preserve_ad) ) diff --git a/main/xen/xsa149.patch b/main/xen/xsa149.patch deleted file mode 100644 index 41103b2983..0000000000 --- a/main/xen/xsa149.patch +++ /dev/null @@ -1,20 +0,0 @@ -xen: free domain's vcpu array - -This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per -guest"). - -This is XSA-149. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/common/domain.c -+++ b/xen/common/domain.c -@@ -841,6 +841,7 @@ static void complete_domain_destroy(stru - - xsm_free_security_domain(d); - free_cpumask_var(d->domain_dirty_cpumask); -+ xfree(d->vcpu); - free_domain_struct(d); - - send_global_virq(VIRQ_DOM_EXC); diff --git a/main/xen/xsa150.patch b/main/xen/xsa150.patch deleted file mode 100644 index f5ef12e45b..0000000000 --- a/main/xen/xsa150.patch +++ /dev/null @@ -1,201 +0,0 @@ -x86/PoD: Eager sweep for zeroed pages - -Based on the contents of a guests physical address space, -p2m_pod_emergency_sweep() could degrade into a linear memcmp() from 0 to -max_gfn, which runs non-preemptibly. - -As p2m_pod_emergency_sweep() runs behind the scenes in a number of contexts, -making it preemptible is not feasible. - -Instead, a different approach is taken. Recently-populated pages are eagerly -checked for reclaimation, which amortises the p2m_pod_emergency_sweep() -operation across each p2m_pod_demand_populate() operation. - -Note that in the case that a 2M superpage can't be reclaimed as a superpage, -it is shattered if 4K pages of zeros can be reclaimed. This is unfortunate -but matches the previous behaviour, and is required to avoid regressions -(domain crash from PoD exhaustion) with VMs configured close to the limit. - -This is CVE-2015-7970 / XSA-150. - -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: George Dunlap <george.dunlap@citrix.com> - ---- a/xen/arch/x86/mm/p2m-pod.c -+++ b/xen/arch/x86/mm/p2m-pod.c -@@ -920,28 +920,6 @@ p2m_pod_zero_check(struct p2m_domain *p2 - } - - #define POD_SWEEP_LIMIT 1024 -- --/* When populating a new superpage, look at recently populated superpages -- * hoping that they've been zeroed. This will snap up zeroed pages as soon as -- * the guest OS is done with them. */ --static void --p2m_pod_check_last_super(struct p2m_domain *p2m, unsigned long gfn_aligned) --{ -- unsigned long check_gfn; -- -- ASSERT(p2m->pod.last_populated_index < POD_HISTORY_MAX); -- -- check_gfn = p2m->pod.last_populated[p2m->pod.last_populated_index]; -- -- p2m->pod.last_populated[p2m->pod.last_populated_index] = gfn_aligned; -- -- p2m->pod.last_populated_index = -- ( p2m->pod.last_populated_index + 1 ) % POD_HISTORY_MAX; -- -- p2m_pod_zero_check_superpage(p2m, check_gfn); --} -- -- - #define POD_SWEEP_STRIDE 16 - static void - p2m_pod_emergency_sweep(struct p2m_domain *p2m) -@@ -982,7 +960,7 @@ p2m_pod_emergency_sweep(struct p2m_domai - * NB that this is a zero-sum game; we're increasing our cache size - * by re-increasing our 'debt'. Since we hold the pod lock, - * (entry_count - count) must remain the same. */ -- if ( p2m->pod.count > 0 && i < limit ) -+ if ( i < limit && (p2m->pod.count > 0 || hypercall_preempt_check()) ) - break; - } - -@@ -994,6 +972,58 @@ p2m_pod_emergency_sweep(struct p2m_domai - - } - -+static void pod_eager_reclaim(struct p2m_domain *p2m) -+{ -+ struct pod_mrp_list *mrp = &p2m->pod.mrp; -+ unsigned int i = 0; -+ -+ /* -+ * Always check one page for reclaimation. -+ * -+ * If the PoD pool is empty, keep checking some space is found, or all -+ * entries have been exhaused. -+ */ -+ do -+ { -+ unsigned int idx = (mrp->idx + i++) % ARRAY_SIZE(mrp->list); -+ unsigned long gfn = mrp->list[idx]; -+ -+ if ( gfn != INVALID_GFN ) -+ { -+ if ( gfn & POD_LAST_SUPERPAGE ) -+ { -+ gfn &= ~POD_LAST_SUPERPAGE; -+ -+ if ( p2m_pod_zero_check_superpage(p2m, gfn) == 0 ) -+ { -+ unsigned int x; -+ -+ for ( x = 0; x < SUPERPAGE_PAGES; ++x, ++gfn ) -+ p2m_pod_zero_check(p2m, &gfn, 1); -+ } -+ } -+ else -+ p2m_pod_zero_check(p2m, &gfn, 1); -+ -+ mrp->list[idx] = INVALID_GFN; -+ } -+ -+ } while ( (p2m->pod.count == 0) && (i < ARRAY_SIZE(mrp->list)) ); -+} -+ -+static void pod_eager_record(struct p2m_domain *p2m, -+ unsigned long gfn, unsigned int order) -+{ -+ struct pod_mrp_list *mrp = &p2m->pod.mrp; -+ -+ ASSERT(mrp->list[mrp->idx] == INVALID_GFN); -+ ASSERT(gfn != INVALID_GFN); -+ -+ mrp->list[mrp->idx++] = -+ gfn | (order == PAGE_ORDER_2M ? POD_LAST_SUPERPAGE : 0); -+ mrp->idx %= ARRAY_SIZE(mrp->list); -+} -+ - int - p2m_pod_demand_populate(struct p2m_domain *p2m, unsigned long gfn, - unsigned int order, -@@ -1034,6 +1064,8 @@ p2m_pod_demand_populate(struct p2m_domai - return 0; - } - -+ pod_eager_reclaim(p2m); -+ - /* Only sweep if we're actually out of memory. Doing anything else - * causes unnecessary time and fragmentation of superpages in the p2m. */ - if ( p2m->pod.count == 0 ) -@@ -1070,6 +1102,8 @@ p2m_pod_demand_populate(struct p2m_domai - p2m->pod.entry_count -= (1 << order); - BUG_ON(p2m->pod.entry_count < 0); - -+ pod_eager_record(p2m, gfn_aligned, order); -+ - if ( tb_init_done ) - { - struct { -@@ -1085,12 +1119,6 @@ p2m_pod_demand_populate(struct p2m_domai - __trace_var(TRC_MEM_POD_POPULATE, 0, sizeof(t), &t); - } - -- /* Check the last guest demand-populate */ -- if ( p2m->pod.entry_count > p2m->pod.count -- && (order == PAGE_ORDER_2M) -- && (q & P2M_ALLOC) ) -- p2m_pod_check_last_super(p2m, gfn_aligned); -- - pod_unlock(p2m); - return 0; - out_of_memory: ---- a/xen/arch/x86/mm/p2m.c -+++ b/xen/arch/x86/mm/p2m.c -@@ -58,6 +58,7 @@ boolean_param("hap_2mb", opt_hap_2mb); - /* Init the datastructures for later use by the p2m code */ - static int p2m_initialise(struct domain *d, struct p2m_domain *p2m) - { -+ unsigned int i; - int ret = 0; - - mm_rwlock_init(&p2m->lock); -@@ -73,6 +74,9 @@ static int p2m_initialise(struct domain - - p2m->np2m_base = P2M_BASE_EADDR; - -+ for ( i = 0; i < ARRAY_SIZE(p2m->pod.mrp.list); ++i ) -+ p2m->pod.mrp.list[i] = INVALID_GFN; -+ - if ( hap_enabled(d) && cpu_has_vmx ) - ret = ept_p2m_init(p2m); - else ---- a/xen/include/asm-x86/p2m.h -+++ b/xen/include/asm-x86/p2m.h -@@ -292,10 +292,20 @@ struct p2m_domain { - entry_count; /* # of pages in p2m marked pod */ - unsigned long reclaim_single; /* Last gpfn of a scan */ - unsigned long max_guest; /* gpfn of max guest demand-populate */ --#define POD_HISTORY_MAX 128 -- /* gpfn of last guest superpage demand-populated */ -- unsigned long last_populated[POD_HISTORY_MAX]; -- unsigned int last_populated_index; -+ -+ /* -+ * Tracking of the most recently populated PoD pages, for eager -+ * reclamation. -+ */ -+ struct pod_mrp_list { -+#define NR_POD_MRP_ENTRIES 32 -+ -+/* Encode ORDER_2M superpage in top bit of GFN */ -+#define POD_LAST_SUPERPAGE (INVALID_GFN & ~(INVALID_GFN >> 1)) -+ -+ unsigned long list[NR_POD_MRP_ENTRIES]; -+ unsigned int idx; -+ } mrp; - mm_lock_t lock; /* Locking of private pod structs, * - * not relying on the p2m lock. */ - } pod; diff --git a/main/xen/xsa151.patch b/main/xen/xsa151.patch deleted file mode 100644 index 1f0277ea78..0000000000 --- a/main/xen/xsa151.patch +++ /dev/null @@ -1,28 +0,0 @@ -xenoprof: free domain's vcpu array - -This was overlooked in fb442e2171 ("x86_64: allow more vCPU-s per -guest"). - -This is XSA-151. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/common/xenoprof.c -+++ b/xen/common/xenoprof.c -@@ -239,6 +239,7 @@ static int alloc_xenoprof_struct( - d->xenoprof->rawbuf = alloc_xenheap_pages(get_order_from_pages(npages), 0); - if ( d->xenoprof->rawbuf == NULL ) - { -+ xfree(d->xenoprof->vcpu); - xfree(d->xenoprof); - d->xenoprof = NULL; - return -ENOMEM; -@@ -286,6 +287,7 @@ void free_xenoprof_pages(struct domain * - free_xenheap_pages(x->rawbuf, order); - } - -+ xfree(x->vcpu); - xfree(x); - d->xenoprof = NULL; - } diff --git a/main/xen/xsa152.patch b/main/xen/xsa152.patch deleted file mode 100644 index 6fbc90fd1e..0000000000 --- a/main/xen/xsa152.patch +++ /dev/null @@ -1,66 +0,0 @@ -x86: rate-limit logging in do_xen{oprof,pmu}_op() - -Some of the sub-ops are acessible to all guests, and hence should be -rate-limited. In the xenoprof case, just like for XSA-146, include them -only in debug builds. Since the vPMU code is rather new, allow them to -be always present, but downgrade them to (rate limited) guest messages. - -This is XSA-152. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/arch/x86/cpu/vpmu.c -+++ b/xen/arch/x86/cpu/vpmu.c -@@ -682,8 +682,8 @@ long do_xenpmu_op(unsigned int op, XEN_G - vpmu_mode = pmu_params.val; - else if ( vpmu_mode != pmu_params.val ) - { -- printk(XENLOG_WARNING -- "VPMU: Cannot change mode while active VPMUs exist\n"); -+ gprintk(XENLOG_WARNING, -+ "VPMU: Cannot change mode while active VPMUs exist\n"); - ret = -EBUSY; - } - -@@ -714,8 +714,8 @@ long do_xenpmu_op(unsigned int op, XEN_G - vpmu_features = pmu_params.val; - else - { -- printk(XENLOG_WARNING "VPMU: Cannot change features while" -- " active VPMUs exist\n"); -+ gprintk(XENLOG_WARNING, -+ "VPMU: Cannot change features while active VPMUs exist\n"); - ret = -EBUSY; - } - ---- a/xen/common/xenoprof.c -+++ b/xen/common/xenoprof.c -@@ -676,15 +676,13 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H - - if ( (op < 0) || (op > XENOPROF_last_op) ) - { -- printk("xenoprof: invalid operation %d for domain %d\n", -- op, current->domain->domain_id); -+ gdprintk(XENLOG_DEBUG, "invalid operation %d\n", op); - return -EINVAL; - } - - if ( !NONPRIV_OP(op) && (current->domain != xenoprof_primary_profiler) ) - { -- printk("xenoprof: dom %d denied privileged operation %d\n", -- current->domain->domain_id, op); -+ gdprintk(XENLOG_DEBUG, "denied privileged operation %d\n", op); - return -EPERM; - } - -@@ -907,8 +905,7 @@ ret_t do_xenoprof_op(int op, XEN_GUEST_H - spin_unlock(&xenoprof_lock); - - if ( ret < 0 ) -- printk("xenoprof: operation %d failed for dom %d (status : %d)\n", -- op, current->domain->domain_id, ret); -+ gdprintk(XENLOG_DEBUG, "operation %d failed: %d\n", op, ret); - - return ret; - } diff --git a/main/xen/xsa153-libxl.patch b/main/xen/xsa153-libxl.patch deleted file mode 100644 index 14a50eb02e..0000000000 --- a/main/xen/xsa153-libxl.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 27593ec62bdad8621df910931349d964a6dbaa8c Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Wed, 21 Oct 2015 16:18:30 +0100 -Subject: [PATCH XSA-153 v3] libxl: adjust PoD target by memory fudge, too - -PoD guests need to balloon at least as far as required by PoD, or risk -crashing. Currently they don't necessarily know what the right value -is, because our memory accounting is (at the very least) confusing. - -Apply the memory limit fudge factor to the in-hypervisor PoD memory -target, too. This will increase the size of the guest's PoD cache by -the fudge factor LIBXL_MAXMEM_CONSTANT (currently 1Mby). This ensures -that even with a slightly-off balloon driver, the guest will be -stable even under memory pressure. - -There are two call sites of xc_domain_set_pod_target that need fixing: - -The one in libxl_set_memory_target is straightforward. - -The one in xc_hvm_build_x86.c:setup_guest is more awkward. Simply -setting the PoD target differently does not work because the various -amounts of memory during domain construction no longer match up. -Instead, we adjust the guest memory target in xenstore (but only for -PoD guests). - -This introduces a 1Mby discrepancy between the balloon target of a PoD -guest at boot, and the target set by an apparently-equivalent `xl -mem-set' (or similar) later. This approach is low-risk for a security -fix but we need to fix this up properly in xen.git#staging and -probably also in stable trees. - -This is XSA-153. - -Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com> ---- - tools/libxl/libxl.c | 2 +- - tools/libxl/libxl_dom.c | 9 ++++++++- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c -index d38d0c7..1366177 100644 ---- a/tools/libxl/libxl.c -+++ b/tools/libxl/libxl.c -@@ -4815,7 +4815,7 @@ retry_transaction: - } - - rc = xc_domain_set_pod_target(ctx->xch, domid, -- new_target_memkb / 4, NULL, NULL, NULL); -+ (new_target_memkb + LIBXL_MAXMEM_CONSTANT) / 4, NULL, NULL, NULL); - if (rc != 0) { - LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, - "xc_domain_set_pod_target domid=%d, memkb=%d " -diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c -index b514377..8019f4e 100644 ---- a/tools/libxl/libxl_dom.c -+++ b/tools/libxl/libxl_dom.c -@@ -486,6 +486,7 @@ int libxl__build_post(libxl__gc *gc, uint32_t domid, - xs_transaction_t t; - char **ents; - int i, rc; -+ int64_t mem_target_fudge; - - if (info->num_vnuma_nodes && !info->num_vcpu_soft_affinity) { - rc = set_vnuma_affinity(gc, domid, info); -@@ -518,11 +519,17 @@ int libxl__build_post(libxl__gc *gc, uint32_t domid, - } - } - -+ mem_target_fudge = -+ (info->type == LIBXL_DOMAIN_TYPE_HVM && -+ info->max_memkb > info->target_memkb) -+ ? LIBXL_MAXMEM_CONSTANT : 0; -+ - ents = libxl__calloc(gc, 12 + (info->max_vcpus * 2) + 2, sizeof(char *)); - ents[0] = "memory/static-max"; - ents[1] = GCSPRINTF("%"PRId64, info->max_memkb); - ents[2] = "memory/target"; -- ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb); -+ ents[3] = GCSPRINTF("%"PRId64, info->target_memkb - info->video_memkb -+ - mem_target_fudge); - ents[4] = "memory/videoram"; - ents[5] = GCSPRINTF("%"PRId64, info->video_memkb); - ents[6] = "domid"; --- -1.7.10.4 - diff --git a/main/xen/xsa154.patch b/main/xen/xsa154-4.6.patch index f1e598812b..f1e598812b 100644 --- a/main/xen/xsa154.patch +++ b/main/xen/xsa154-4.6.patch diff --git a/main/xen/xsa156.patch b/main/xen/xsa156.patch deleted file mode 100644 index d37dff1cd7..0000000000 --- a/main/xen/xsa156.patch +++ /dev/null @@ -1,127 +0,0 @@ -x86/HVM: always intercept #AC and #DB - -Both being benign exceptions, and both being possible to get triggered -by exception delivery, this is required to prevent a guest from locking -up a CPU (resulting from no other VM exits occurring once getting into -such a loop). - -The specific scenarios: - -1) #AC may be raised during exception delivery if the handler is set to -be a ring-3 one by a 32-bit guest, and the stack is misaligned. - -2) #DB may be raised during exception delivery when a breakpoint got -placed on a data structure involved in delivering the exception. This -can result in an endless loop when a 64-bit guest uses a non-zero IST -for the vector 1 IDT entry, but even without use of IST the time it -takes until a contributory fault would get raised (results depending -on the handler) may be quite long. - -This is XSA-156. - -Reported-by: Benjamin Serebrin <serebrin@google.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> -Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/hvm/svm/svm.c -+++ b/xen/arch/x86/hvm/svm/svm.c -@@ -1043,10 +1043,11 @@ static void noreturn svm_do_resume(struc - unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) ) - { - uint32_t intercepts = vmcb_get_exception_intercepts(vmcb); -- uint32_t mask = (1U << TRAP_debug) | (1U << TRAP_int3); -+ - v->arch.hvm_vcpu.debug_state_latch = debug_state; - vmcb_set_exception_intercepts( -- vmcb, debug_state ? (intercepts | mask) : (intercepts & ~mask)); -+ vmcb, debug_state ? (intercepts | (1U << TRAP_int3)) -+ : (intercepts & ~(1U << TRAP_int3))); - } - - if ( v->arch.hvm_svm.launch_core != smp_processor_id() ) -@@ -2434,8 +2435,9 @@ void svm_vmexit_handler(struct cpu_user_ - - case VMEXIT_EXCEPTION_DB: - if ( !v->domain->debugger_attached ) -- goto unexpected_exit_type; -- domain_pause_for_debugger(); -+ hvm_inject_hw_exception(TRAP_debug, HVM_DELIVER_NO_ERROR_CODE); -+ else -+ domain_pause_for_debugger(); - break; - - case VMEXIT_EXCEPTION_BP: -@@ -2483,6 +2485,11 @@ void svm_vmexit_handler(struct cpu_user_ - break; - } - -+ case VMEXIT_EXCEPTION_AC: -+ HVMTRACE_1D(TRAP, TRAP_alignment_check); -+ hvm_inject_hw_exception(TRAP_alignment_check, vmcb->exitinfo1); -+ break; -+ - case VMEXIT_EXCEPTION_UD: - svm_vmexit_ud_intercept(regs); - break; ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1224,16 +1224,10 @@ static void vmx_update_host_cr3(struct v - - void vmx_update_debug_state(struct vcpu *v) - { -- unsigned long mask; -- -- mask = 1u << TRAP_int3; -- if ( !cpu_has_monitor_trap_flag ) -- mask |= 1u << TRAP_debug; -- - if ( v->arch.hvm_vcpu.debug_state_latch ) -- v->arch.hvm_vmx.exception_bitmap |= mask; -+ v->arch.hvm_vmx.exception_bitmap |= 1U << TRAP_int3; - else -- v->arch.hvm_vmx.exception_bitmap &= ~mask; -+ v->arch.hvm_vmx.exception_bitmap &= ~(1U << TRAP_int3); - - vmx_vmcs_enter(v); - vmx_update_exception_bitmap(v); -@@ -3060,9 +3054,10 @@ void vmx_vmexit_handler(struct cpu_user_ - __vmread(EXIT_QUALIFICATION, &exit_qualification); - HVMTRACE_1D(TRAP_DEBUG, exit_qualification); - write_debugreg(6, exit_qualification | DR_STATUS_RESERVED_ONE); -- if ( !v->domain->debugger_attached || cpu_has_monitor_trap_flag ) -- goto exit_and_crash; -- domain_pause_for_debugger(); -+ if ( !v->domain->debugger_attached ) -+ hvm_inject_hw_exception(vector, HVM_DELIVER_NO_ERROR_CODE); -+ else -+ domain_pause_for_debugger(); - break; - case TRAP_int3: - { -@@ -3127,6 +3122,11 @@ void vmx_vmexit_handler(struct cpu_user_ - - hvm_inject_page_fault(regs->error_code, exit_qualification); - break; -+ case TRAP_alignment_check: -+ HVMTRACE_1D(TRAP, vector); -+ __vmread(VM_EXIT_INTR_ERROR_CODE, &ecode); -+ hvm_inject_hw_exception(vector, ecode); -+ break; - case TRAP_nmi: - if ( MASK_EXTR(intr_info, INTR_INFO_INTR_TYPE_MASK) != - X86_EVENTTYPE_NMI ) ---- a/xen/include/asm-x86/hvm/hvm.h -+++ b/xen/include/asm-x86/hvm/hvm.h -@@ -385,7 +385,10 @@ static inline int hvm_event_pending(stru - (X86_CR4_VMXE | X86_CR4_PAE | X86_CR4_MCE)) - - /* These exceptions must always be intercepted. */ --#define HVM_TRAP_MASK ((1U << TRAP_machine_check) | (1U << TRAP_invalid_op)) -+#define HVM_TRAP_MASK ((1U << TRAP_debug) | \ -+ (1U << TRAP_invalid_op) | \ -+ (1U << TRAP_alignment_check) | \ -+ (1U << TRAP_machine_check)) - - /* - * x86 event types. This enumeration is valid for: diff --git a/main/xen/xsa159.patch b/main/xen/xsa159.patch deleted file mode 100644 index 5e4e20c43f..0000000000 --- a/main/xen/xsa159.patch +++ /dev/null @@ -1,47 +0,0 @@ -memory: fix XENMEM_exchange error handling - -assign_pages() can fail due to the domain getting killed in parallel, -which should not result in a hypervisor crash. - -Also delete a redundant put_gfn() - all relevant paths leading to the -"fail" label already do this (and there are also paths where it was -plain wrong). All of the put_gfn()-s got introduced by 51032ca058 -("Modify naming of queries into the p2m"), including the otherwise -unneeded initializer for k (with even a kind of misleading comment - -the compiler warning could actually have served as a hint that the use -is wrong). - -This is XSA-159. - -Reported-by: Julien Grall <julien.grall@citrix.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/common/memory.c -+++ b/xen/common/memory.c -@@ -334,7 +334,7 @@ static long memory_exchange(XEN_GUEST_HA - PAGE_LIST_HEAD(out_chunk_list); - unsigned long in_chunk_order, out_chunk_order; - xen_pfn_t gpfn, gmfn, mfn; -- unsigned long i, j, k = 0; /* gcc ... */ -+ unsigned long i, j, k; - unsigned int memflags = 0; - long rc = 0; - struct domain *d; -@@ -572,11 +572,12 @@ static long memory_exchange(XEN_GUEST_HA - fail: - /* Reassign any input pages we managed to steal. */ - while ( (page = page_list_remove_head(&in_chunk_list)) ) -- { -- put_gfn(d, gmfn + k--); - if ( assign_pages(d, page, 0, MEMF_no_refcount) ) -- BUG(); -- } -+ { -+ BUG_ON(!d->is_dying); -+ if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) -+ put_page(page); -+ } - - dying: - rcu_unlock_domain(d); diff --git a/main/xen/xsa160.patch b/main/xen/xsa160.patch deleted file mode 100644 index 36db34f2c0..0000000000 --- a/main/xen/xsa160.patch +++ /dev/null @@ -1,69 +0,0 @@ -From adcbd15b1aec8367f790774c998db199c9b577bf Mon Sep 17 00:00:00 2001 -From: Ian Jackson <ian.jackson@eu.citrix.com> -Date: Wed, 18 Nov 2015 15:34:54 +0000 -Subject: [PATCH] libxl: Fix bootloader-related virtual memory leak on pv - build failure - -The bootloader may call libxl__file_reference_map(), which mmap's the -pv_kernel and pv_ramdisk into process memory. This was only unmapped, -however, on the success path of libxl__build_pv(). If there were a -failure anywhere between libxl_bootloader.c:parse_bootloader_result() -and the end of libxl__build_pv(), the calls to -libxl__file_reference_unmap() would be skipped, leaking the mapped -virtual memory. - -Ideally this would be fixed by adding the unmap calls to the -destruction path for libxl__domain_build_state. Unfortunately the -lifetime of the libxl__domain_build_state is opaque, and it doesn't -have a proper destruction path. But, the only thing in it that isn't -from the gc are these bootloader references, and they are only ever -set for one libxl__domain_build_state, the one which is -libxl__domain_create_state.build_state. - -So we can clean up in the exit path from libxl__domain_create_*, which -always comes through domcreate_complete. - -Remove the now-redundant unmaps in libxl__build_pv's success path. - -This is XSA-160. - -Signed-off-by: George Dunlap <george.dunlap@citrix.com> -Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com> -Tested-by: George Dunlap <george.dunlap@citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> ---- - tools/libxl/libxl_create.c | 3 +++ - tools/libxl/libxl_dom.c | 3 --- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c -index f5771da..278b9ed 100644 ---- a/tools/libxl/libxl_create.c -+++ b/tools/libxl/libxl_create.c -@@ -1484,6 +1484,9 @@ static void domcreate_complete(libxl__egc *egc, - libxl_domain_config *const d_config = dcs->guest_config; - libxl_domain_config *d_config_saved = &dcs->guest_config_saved; - -+ libxl__file_reference_unmap(&dcs->build_state.pv_kernel); -+ libxl__file_reference_unmap(&dcs->build_state.pv_ramdisk); -+ - if (!rc && d_config->b_info.exec_ssidref) - rc = xc_flask_relabel_domain(CTX->xch, dcs->guest_domid, d_config->b_info.exec_ssidref); - -diff --git a/tools/libxl/libxl_dom.c b/tools/libxl/libxl_dom.c -index 8019f4e..2da3ac4 100644 ---- a/tools/libxl/libxl_dom.c -+++ b/tools/libxl/libxl_dom.c -@@ -750,9 +750,6 @@ int libxl__build_pv(libxl__gc *gc, uint32_t domid, - state->store_mfn = xc_dom_p2m_host(dom, dom->xenstore_pfn); - } - -- libxl__file_reference_unmap(&state->pv_kernel); -- libxl__file_reference_unmap(&state->pv_ramdisk); -- - ret = 0; - out: - xc_dom_release(dom); --- -1.7.10.4 - diff --git a/main/xen/xsa164.patch b/main/xen/xsa164.patch deleted file mode 100644 index 39ffccc40f..0000000000 --- a/main/xen/xsa164.patch +++ /dev/null @@ -1,34 +0,0 @@ -MSI-X: avoid array overrun upon MSI-X table writes - -pt_msix_init() allocates msix->msix_entry[] to just cover -msix->total_entries entries. While pci_msix_readl() resorts to reading -physical memory for out of bounds reads, pci_msix_writel() so far -simply accessed/corrupted unrelated memory. - -pt_iomem_map()'s call to cpu_register_physical_memory() registers a -page granular region, which is necessary as the Pending Bit Array may -share space with the MSI-X table (but nothing else is allowed to). This -also explains why pci_msix_readl() actually honors out of bounds reads, -but pci_msi_writel() doesn't need to. - -This is XSA-164. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/hw/pt-msi.c -+++ b/hw/pt-msi.c -@@ -440,6 +440,13 @@ static void pci_msix_writel(void *opaque - return; - } - -+ if ( addr - msix->mmio_base_addr >= msix->total_entries * 16 ) -+ { -+ PT_LOG("Error: Out of bounds write to MSI-X table," -+ " addr %016"PRIx64"\n", addr); -+ return; -+ } -+ - entry_nr = (addr - msix->mmio_base_addr) / 16; - entry = &msix->msix_entry[entry_nr]; - offset = ((addr - msix->mmio_base_addr) % 16) / 4; diff --git a/main/xen/xsa165.patch b/main/xen/xsa165.patch deleted file mode 100644 index 81de03cd38..0000000000 --- a/main/xen/xsa165.patch +++ /dev/null @@ -1,85 +0,0 @@ -x86: don't leak ST(n)/XMMn values to domains first using them - -FNINIT doesn't alter these registers, and hence using it is -insufficient to initialize a guest's initial state. - -This is XSA-165. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -851,6 +851,17 @@ int arch_set_info_guest( - if ( v->arch.xsave_area ) - v->arch.xsave_area->xsave_hdr.xstate_bv = XSTATE_FP_SSE; - } -+ else if ( v->arch.xsave_area ) -+ memset(&v->arch.xsave_area->xsave_hdr, 0, -+ sizeof(v->arch.xsave_area->xsave_hdr)); -+ else -+ { -+ typeof(v->arch.xsave_area->fpu_sse) *fpu_sse = v->arch.fpu_ctxt; -+ -+ memset(fpu_sse, 0, sizeof(*fpu_sse)); -+ fpu_sse->fcw = FCW_DEFAULT; -+ fpu_sse->mxcsr = MXCSR_DEFAULT; -+ } - - if ( !compat ) - { ---- a/xen/arch/x86/i387.c -+++ b/xen/arch/x86/i387.c -@@ -17,19 +17,6 @@ - #include <asm/xstate.h> - #include <asm/asm_defns.h> - --static void fpu_init(void) --{ -- unsigned long val; -- -- asm volatile ( "fninit" ); -- if ( cpu_has_xmm ) -- { -- /* load default value into MXCSR control/status register */ -- val = MXCSR_DEFAULT; -- asm volatile ( "ldmxcsr %0" : : "m" (val) ); -- } --} -- - /*******************************/ - /* FPU Restore Functions */ - /*******************************/ -@@ -248,15 +235,8 @@ void vcpu_restore_fpu_lazy(struct vcpu * - - if ( cpu_has_xsave ) - fpu_xrstor(v, XSTATE_LAZY); -- else if ( v->fpu_initialised ) -- { -- if ( cpu_has_fxsr ) -- fpu_fxrstor(v); -- else -- fpu_frstor(v); -- } - else -- fpu_init(); -+ fpu_fxrstor(v); - - v->fpu_initialised = 1; - v->fpu_dirtied = 1; -@@ -313,7 +293,14 @@ int vcpu_init_fpu(struct vcpu *v) - else - { - v->arch.fpu_ctxt = _xzalloc(sizeof(v->arch.xsave_area->fpu_sse), 16); -- if ( !v->arch.fpu_ctxt ) -+ if ( v->arch.fpu_ctxt ) -+ { -+ typeof(v->arch.xsave_area->fpu_sse) *fpu_sse = v->arch.fpu_ctxt; -+ -+ fpu_sse->fcw = FCW_DEFAULT; -+ fpu_sse->mxcsr = MXCSR_DEFAULT; -+ } -+ else - rc = -ENOMEM; - } - diff --git a/main/xen/xsa167.patch b/main/xen/xsa167.patch deleted file mode 100644 index 05fe35b3c7..0000000000 --- a/main/xen/xsa167.patch +++ /dev/null @@ -1,77 +0,0 @@ -x86/mm: PV superpage handling lacks sanity checks - -MMUEXT_{,UN}MARK_SUPER fail to check the input MFN for validity before -dereferencing pointers into the superpage frame table. - -get_superpage() has a similar issue. - -This is XSA-167. - -Reported-by: Qinghao Tang <luodalongde@gmail.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -2624,6 +2624,9 @@ int get_superpage(unsigned long mfn, str - - ASSERT(opt_allow_superpage); - -+ if ( !mfn_valid(mfn | (L1_PAGETABLE_ENTRIES - 1)) ) -+ return -EINVAL; -+ - spage = mfn_to_spage(mfn); - y = spage->type_info; - do { -@@ -3401,42 +3404,26 @@ long do_mmuext_op( - } - - case MMUEXT_MARK_SUPER: -+ case MMUEXT_UNMARK_SUPER: - { - unsigned long mfn = op.arg1.mfn; - -- if ( unlikely(d != pg_owner) ) -- rc = -EPERM; -- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) ) -- { -- MEM_LOG("Unaligned superpage reference mfn %lx", mfn); -- okay = 0; -- } -- else if ( !opt_allow_superpage ) -+ if ( !opt_allow_superpage ) - { - MEM_LOG("Superpages disallowed"); - rc = -ENOSYS; - } -- else -- rc = mark_superpage(mfn_to_spage(mfn), d); -- break; -- } -- -- case MMUEXT_UNMARK_SUPER: -- { -- unsigned long mfn = op.arg1.mfn; -- -- if ( unlikely(d != pg_owner) ) -+ else if ( unlikely(d != pg_owner) ) - rc = -EPERM; -- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) ) -+ else if ( mfn & (L1_PAGETABLE_ENTRIES - 1) ) - { - MEM_LOG("Unaligned superpage reference mfn %lx", mfn); -- okay = 0; -- } -- else if ( !opt_allow_superpage ) -- { -- MEM_LOG("Superpages disallowed"); -- rc = -ENOSYS; -+ rc = -EINVAL; - } -+ else if ( !mfn_valid(mfn | (L1_PAGETABLE_ENTRIES - 1)) ) -+ rc = -EINVAL; -+ else if ( op.cmd == MMUEXT_MARK_SUPER ) -+ rc = mark_superpage(mfn_to_spage(mfn), d); - else - rc = unmark_superpage(mfn_to_spage(mfn)); - break; diff --git a/main/xen/xsa168.patch b/main/xen/xsa168.patch deleted file mode 100644 index 856f02e6fc..0000000000 --- a/main/xen/xsa168.patch +++ /dev/null @@ -1,27 +0,0 @@ -x86/VMX: prevent INVVPID failure due to non-canonical guest address - -While INVLPG (and on SVM INVLPGA) don't fault on non-canonical -addresses, INVVPID fails (in the "individual address" case) when passed -such an address. - -Since such intercepted INVLPG are effectively no-ops anyway, don't fix -this in vmx_invlpg_intercept(), but instead have paging_invlpg() never -return true in such a case. - -This is XSA-168. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/include/asm-x86/paging.h -+++ b/xen/include/asm-x86/paging.h -@@ -245,7 +245,7 @@ paging_fault(unsigned long va, struct cp - * or 0 if it's safe not to do so. */ - static inline int paging_invlpg(struct vcpu *v, unsigned long va) - { -- return paging_get_hostmode(v)->invlpg(v, va); -+ return is_canonical_address(va) && paging_get_hostmode(v)->invlpg(v, va); - } - - /* Translate a guest virtual address to the frame number that the diff --git a/main/xen/xsa169.patch b/main/xen/xsa169.patch deleted file mode 100644 index 617e4573be..0000000000 --- a/main/xen/xsa169.patch +++ /dev/null @@ -1,33 +0,0 @@ -x86: make debug output consistent in hvm_set_callback_via - -The unconditional printks in the switch statement of the -hvm_set_callback_via function results in Xen log spam in non debug -versions of Xen. The printks are for debug output only so conditionally -compile the entire switch statement on debug versions of Xen only. - -This is XSA-169. - -Signed-off-by: Malcolm Crossley <malcolm.crossley@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/arch/x86/hvm/irq.c -+++ b/xen/arch/x86/hvm/irq.c -@@ -386,7 +386,8 @@ void hvm_set_callback_via(struct domain - - spin_unlock(&d->arch.hvm_domain.irq_lock); - -- dprintk(XENLOG_G_INFO, "Dom%u callback via changed to ", d->domain_id); -+#ifndef NDEBUG -+ printk(XENLOG_G_INFO "Dom%u callback via changed to ", d->domain_id); - switch ( via_type ) - { - case HVMIRQ_callback_gsi: -@@ -402,6 +403,7 @@ void hvm_set_callback_via(struct domain - printk("None\n"); - break; - } -+#endif - } - - struct hvm_intack hvm_vcpu_has_pending_irq(struct vcpu *v) |