diff --git a/.gitignore b/.gitignore index 90f2762..1b6f26a 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ lwip-1.3.0.tar.gz pciutils-2.2.9.tar.bz2 zlib-1.2.3.tar.gz polarssl-1.1.4-gpl.tgz -/xen-4.4.1.tar.gz +/xen-4.5.0.tar.gz diff --git a/init.xend b/init.xend deleted file mode 100755 index 26ef01c..0000000 --- a/init.xend +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/bash -# -# xend Script to start and stop the Xen control daemon. -# -# Author: Keir Fraser -# -# chkconfig: 2345 98 01 -# description: Starts and stops the Xen control daemon. -### BEGIN INIT INFO -# Provides: xend -# Required-Start: $syslog $remote_fs -# Should-Start: -# Required-Stop: $syslog $remote_fs -# Should-Stop: -# Default-Start: 3 4 5 -# Default-Stop: 0 1 2 6 -# Default-Enabled: yes -# Short-Description: Start/stop xend -# Description: Starts and stops the Xen control daemon. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -if [ ! -d /proc/xen ]; then - exit 0 -fi -if ! grep -q "control_d" /proc/xen/capabilities ; then - exit 0 -fi - -# Default config params -start() { - echo -n $"Starting xend daemon: " - /usr/sbin/xend - RETVAL=$? - test $RETVAL = 0 && echo_success || echo_failure - echo - [ $RETVAL -eq 0 ] && touch /var/lock/subsys/xend -} - -stop() { - echo -n $"Stopping xend daemon: " - killproc xend > /dev/null - RETVAL=$? - test $RETVAL = 0 && echo_success || echo_failure - echo - [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/xend -} - -rcstatus() { - status xend - RETVAL=$? - test $RETVAL = 0 && echo_success || echo_failure - echo -} - -reload() { - echo -n $"Reloading xend daemon: " - killproc xend -HUP > /dev/null - RETVAL=$? - test $RETVAL = 0 && echo_success || echo_failure - echo -} - -RETVAL=0 -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - rcstatus - ;; - reload) - reload - ;; - restart|force-reload) - stop - start - ;; - condrestart) - if [ -f /var/lock/subsys/xend ] - then - stop - start - fi - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|force-reload}" - exit 1 -esac - -exit $RETVAL - diff --git a/libexec.xendomains b/libexec.xendomains deleted file mode 100755 index 9e69d21..0000000 --- a/libexec.xendomains +++ /dev/null @@ -1,569 +0,0 @@ -#!/bin/bash -# -# /etc/init.d/xendomains -# Start / stop domains automatically when domain 0 boots / shuts down. -# -# chkconfig: 345 99 00 -# description: Start / stop Xen domains. -# -# This script offers fairly basic functionality. It should work on Redhat -# but also on LSB-compliant SuSE releases and on Debian with the LSB package -# installed. (LSB is the Linux Standard Base) -# -# Based on the example in the "Designing High Quality Integrated Linux -# Applications HOWTO" by Avi Alkalay -# -# -### BEGIN INIT INFO -# Provides: xendomains -# Required-Start: $syslog $remote_fs xenstored xenconsoled -# Should-Start: xend -# Required-Stop: $syslog $remote_fs xenstored xenconsoled -# Should-Stop: xend -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start/stop secondary xen domains -# Description: Start / stop domains automatically when domain 0 -# boots / shuts down. -### END INIT INFO - -CMD=xl -$CMD list &> /dev/null -if test $? -ne 0 -then - CMD=xm -fi - -$CMD list &> /dev/null -if test $? -ne 0 -then - exit 0; -fi - -# Correct exit code would probably be 5, but it's enough -# if xend complains if we're not running as privileged domain -if ! [ -e /proc/xen/privcmd ]; then - exit 0 -fi - -# See docs/misc/distro_mapping.txt -if [ -d /var/lock/subsys ]; then - LOCKFILE=/var/lock/subsys/xendomains -else - LOCKFILE=/var/lock/xendomains -fi - -if [ -d /etc/sysconfig ]; then - XENDOM_CONFIG=/etc/sysconfig/xendomains -else - XENDOM_CONFIG=/etc/default/xendomains -fi - -test -r $XENDOM_CONFIG || { echo "$XENDOM_CONFIG not existing"; - if [ "$1" = "stop" ]; then exit 0; - else exit 6; fi; } - -. $XENDOM_CONFIG - -# Use the SUSE rc_ init script functions; -# emulate them on LSB, RH and other systems -if test -e /etc/rc.status; then - # SUSE rc script library - . /etc/rc.status -else - _cmd=$1 - declare -a _SMSG - if test "${_cmd}" = "status"; then - _SMSG=(running dead dead unused unknown) - _RC_UNUSED=3 - else - _SMSG=(done failed failed missed failed skipped unused failed failed) - _RC_UNUSED=6 - fi - if test -e /lib/lsb/init-functions; then - # LSB - . /lib/lsb/init-functions - if alias log_success_msg >/dev/null 2>/dev/null; then - echo_rc() - { - echo " [${_SMSG[${_RC_RV}]}] " - } - else - echo_rc() - { - if test ${_RC_RV} = 0; then - log_success_msg " [${_SMSG[${_RC_RV}]}] " - else - log_failure_msg " [${_SMSG[${_RC_RV}]}] " - fi - } - fi - else - # emulate it - echo_rc() - { - echo " [${_SMSG[${_RC_RV}]}] " - } - fi - rc_reset() { _RC_RV=0; } - rc_failed() - { - if test -z "$1"; then - _RC_RV=1; - elif test "$1" != "0"; then - _RC_RV=$1; - fi - return ${_RC_RV} - } - rc_check() - { - return rc_failed $? - } - rc_status() - { - rc_failed $? - if test "$1" = "-r"; then _RC_RV=0; shift; fi - if test "$1" = "-s"; then rc_failed 5; echo_rc; rc_failed 3; shift; fi - if test "$1" = "-u"; then rc_failed ${_RC_UNUSED}; echo_rc; rc_failed 3; shift; fi - if test "$1" = "-v"; then echo_rc; shift; fi - if test "$1" = "-r"; then _RC_RV=0; shift; fi - return ${_RC_RV} - } - rc_exit() { exit ${_RC_RV}; } - rc_active() - { - if test -z "$RUNLEVEL"; then read RUNLEVEL REST < <(/sbin/runlevel); fi - if test -e /etc/init.d/S[0-9][0-9]${1}; then return 0; fi - return 1 - } -fi - -if ! which usleep >&/dev/null -then - usleep() - { - if [ -n "$1" ] - then - sleep $(( $1 / 1000000 )) - fi - } -fi - -# Reset status of this service -rc_reset - -## -# Returns 0 (success) if the given parameter names a directory, and that -# directory is not empty. -# -contains_something() -{ - if [ -d "$1" ] && [ `/bin/ls $1 | wc -l` -gt 0 ] - then - return 0 - else - return 1 - fi -} - -# read name from xen config file -rdname() -{ - NM=$($CMD create --quiet --dryrun --defconfig "$1" | - sed -n 's/^.*(name \(.*\))$/\1/p') -} - -rdnames() -{ - NAMES= - if ! contains_something "$XENDOMAINS_AUTO" - then - return - fi - for dom in $XENDOMAINS_AUTO/*; do - rdname $dom - if test -z $NAMES; then - NAMES=$NM; - else - NAMES="$NAMES|$NM" - fi - done -} - -LIST_GREP='((domain\|(domid\|(name\|^{$\|"name":\|"domid":' -parseln() -{ - if [[ "$1" =~ '(domain' ]] || [[ "$1" = "{" ]]; then - name=;id= - elif [[ "$1" =~ '(name' ]]; then - name=$(echo $1 | sed -e 's/^.*(name \(.*\))$/\1/') - elif [[ "$1" =~ '(domid' ]]; then - id=$(echo $1 | sed -e 's/^.*(domid \(.*\))$/\1/') - elif [[ "$1" =~ '"name":' ]]; then - name=$(echo $1 | sed -e 's/^.*"name": "\(.*\)",$/\1/') - elif [[ "$1" =~ '"domid":' ]]; then - id=$(echo $1 | sed -e 's/^.*"domid": \(.*\),$/\1/') - fi - - [ -n "$name" -a -n "$id" ] && return 0 || return 1 -} - -is_running() -{ - rdname $1 - RC=1 - name=;id= - while read LN; do - parseln "$LN" || continue - if test $id = 0; then continue; fi - case $name in - ($NM) - RC=0 - ;; - esac - done < <($CMD list -l | grep $LIST_GREP) - return $RC -} - -start() -{ - if [ -f $LOCKFILE ]; then - echo -e "xendomains already running (lockfile exists)" - return; - fi - - saved_domains=" " - if [ "$XENDOMAINS_RESTORE" = "true" ] && - contains_something "$XENDOMAINS_SAVE" - then - mkdir -p $(dirname "$LOCKFILE") - touch $LOCKFILE - echo -n "Restoring Xen domains:" - saved_domains=`ls $XENDOMAINS_SAVE` - for dom in $XENDOMAINS_SAVE/*; do - if [ -f $dom ] ; then - HEADER=`head -c 16 $dom | head -n 1 2> /dev/null` - if [ "$HEADER" = "LinuxGuestRecord" -o "$HEADER" = "Xen saved domain" ]; then - echo -n " ${dom##*/}" - XMR=`$CMD restore $dom 2>&1 1>/dev/null` - #$CMD restore $dom - if [ $? -ne 0 ]; then - echo -e "\nAn error occurred while restoring domain ${dom##*/}:\n$XMR" - rc_failed $? - echo -e '!' - else - # mv $dom ${dom%/*}/.${dom##*/} - rm $dom - fi - fi - fi - done - echo -e - fi - - if contains_something "$XENDOMAINS_AUTO" - then - touch $LOCKFILE - echo -n "Starting auto Xen domains:" - # We expect config scripts for auto starting domains to be in - # XENDOMAINS_AUTO - they could just be symlinks to files elsewhere - - # Create all domains with config files in XENDOMAINS_AUTO. - # TODO: We should record which domain name belongs - # so we have the option to selectively shut down / migrate later - # If a domain statefile from $XENDOMAINS_SAVE matches a domain name - # in $XENDOMAINS_AUTO, do not try to start that domain; if it didn't - # restore correctly it requires administrative attention. - for dom in $XENDOMAINS_AUTO/*; do - echo -n " ${dom##*/}" - shortdom=$(echo $dom | sed -n 's/^.*\/\(.*\)$/\1/p') - echo $saved_domains | grep -w $shortdom > /dev/null - if [ $? -eq 0 ] || is_running $dom; then - echo -n "(skip)" - else - XMC=`$CMD create --quiet --defconfig $dom` - if [ $? -ne 0 ]; then - echo -e "\nAn error occurred while creating domain ${dom##*/}: $XMC\n" - rc_failed $? - echo -e '!' - else - usleep $XENDOMAINS_CREATE_USLEEP - fi - fi - done - fi -} - -all_zombies() -{ - name=;id= - while read LN; do - parseln "$LN" || continue - if test $id = 0; then continue; fi - if test "$state" != "-b---d" -a "$state" != "-----d"; then - return 1; - fi - done < <($CMD list -l | grep $LIST_GREP) - return 0 -} - -# Wait for max $XENDOMAINS_STOP_MAXWAIT for $CMD $1 to finish; -# if it has not exited by that time kill it, so the init script will -# succeed within a finite amount of time; if $2 is nonnull, it will -# kill the command as well as soon as no domain (except for zombies) -# are left (used for shutdown --all). Third parameter, if any, suppresses -# output of dots per working state (formatting issues) -watchdog_xencmd() -{ - if test -z "$XENDOMAINS_STOP_MAXWAIT" -o "$XENDOMAINS_STOP_MAXWAIT" = "0"; then - exit - fi - - usleep 20000 - for no in `seq 0 $XENDOMAINS_STOP_MAXWAIT`; do - # exit if $CMD save/migrate/shutdown is finished - PSAX=`ps axlw | grep "$CMD $1" | grep -v grep` - if test -z "$PSAX"; then exit; fi - if ! test -n "$3"; then echo -n '.'; fi - sleep 1 - # go to kill immediately if there's only zombies left - if all_zombies && test -n "$2"; then break; fi - done - sleep 1 - read PSF PSUID PSPID PSPPID < <(echo "$PSAX") - # kill $CMD $1 - kill $PSPID >/dev/null 2>&1 - - echo -e . -} - -stop() -{ - exec 3>&2 2> /dev/null - - # Collect list of domains to shut down - if test "$XENDOMAINS_AUTO_ONLY" = "true"; then - rdnames - fi - echo -n "Shutting down Xen domains:" - name=;id= - while read LN; do - parseln "$LN" || continue - if test $id = 0; then continue; fi - echo -n " $name" - if test "$XENDOMAINS_AUTO_ONLY" = "true"; then - eval " - case \"\$name\" in - ($NAMES) - # nothing - ;; - (*) - echo -e '(skip)' - continue - ;; - esac - " - fi - # XENDOMAINS_SYSRQ chould be something like just "s" - # or "s e i u" or even "s e s i u o" - # for the latter, you should set XENDOMAINS_USLEEP to 1200000 or so - if test -n "$XENDOMAINS_SYSRQ"; then - for sysrq in $XENDOMAINS_SYSRQ; do - echo -n "(SR-$sysrq)" - XMR=`$CMD sysrq $id $sysrq 2>&1 1>/dev/null` - if test $? -ne 0; then - echo -e "\nAn error occurred while doing sysrq on domain:\n$XMR\n" - rc_failed $? - echo -n '!' - fi - # usleep just ignores empty arg - usleep $XENDOMAINS_USLEEP - done - fi - if test "$state" = "-b---d" -o "$state" = "-----d"; then - echo -n "(zomb)" - continue - fi - if test -n "$XENDOMAINS_MIGRATE"; then - echo -n "(migr)" - watchdog_xencmd migrate & - WDOG_PID=$! - XMR=`$CMD migrate $id $XENDOMAINS_MIGRATE 2>&1 1>/dev/null` - if test $? -ne 0; then - echo -e "\nAn error occurred while migrating domain:\n$XMR\n" - rc_failed $? - echo -e '!' - - kill $WDOG_PID >/dev/null 2>&1 - else - kill $WDOG_PID >/dev/null 2>&1 - - echo -e . - usleep 1000 - continue - fi - fi - if test -n "$XENDOMAINS_SAVE"; then - echo -n "(save)" - watchdog_xencmd save & - WDOG_PID=$! - mkdir -p "$XENDOMAINS_SAVE" - XMR=`$CMD save $id $XENDOMAINS_SAVE/$name 2>&1 1>/dev/null` - if test $? -ne 0; then - echo -e "\nAn error occurred while saving domain:\n$XMR\n" - rc_failed $? - echo -e '!' - kill $WDOG_PID >/dev/null 2>&1 - else - kill $WDOG_PID >/dev/null 2>&1 - echo -e . - usleep 1000 - continue - fi - fi - if test -n "$XENDOMAINS_SHUTDOWN"; then - # XENDOMAINS_SHUTDOWN should be "--halt --wait" - echo -n "(shut)" - watchdog_xencmd shutdown & - WDOG_PID=$! - XMR=`$CMD shutdown $XENDOMAINS_SHUTDOWN $id 2>&1 1>/dev/null` - if test $? -ne 0; then - echo -e "\nAn error occurred while shutting down domain:\n$XMR\n" - rc_failed $? - echo -e '!' - fi - kill $WDOG_PID >/dev/null 2>&1 - fi - done < <($CMD list -l | grep $LIST_GREP) - - # NB. this shuts down ALL Xen domains (politely), not just the ones in - # AUTODIR/* - # This is because it's easier to do ;-) but arguably if this script is run - # on system shutdown then it's also the right thing to do. - if ! all_zombies && test -n "$XENDOMAINS_SHUTDOWN_ALL"; then - # XENDOMAINS_SHUTDOWN_ALL should be "--all --halt --wait" - echo -n " SHUTDOWN_ALL " - watchdog_xencmd shutdown 1 false & - WDOG_PID=$! - XMR=`$CMD shutdown $XENDOMAINS_SHUTDOWN_ALL 2>&1 1>/dev/null` - if test $? -ne 0; then - echo -e "\nAn error occurred while shutting down all domains: $XMR\n" - rc_failed $? - echo -e '!' - fi - kill $WDOG_PID >/dev/null 2>&1 - fi - - # Unconditionally delete lock file - rm -f $LOCKFILE - - exec 2>&3 -} - -check_domain_up() -{ - name=;id= - while read LN; do - parseln "$LN" || continue - if test $id = 0; then continue; fi - case $name in - ($1) - return 0 - ;; - esac - done < <($CMD list -l | grep $LIST_GREP) - return 1 -} - -check_all_auto_domains_up() -{ - if ! contains_something "$XENDOMAINS_AUTO" - then - return 0 - fi - missing= - for nm in $XENDOMAINS_AUTO/*; do - rdname $nm - found=0 - if check_domain_up "$NM"; then - echo -n " $name" - else - missing="$missing $NM" - fi - done - if test -n "$missing"; then - echo -n " MISS AUTO:$missing" - return 1 - fi - return 0 -} - -check_all_saved_domains_up() -{ - if ! contains_something "$XENDOMAINS_SAVE" - then - return 0 - fi - missing=`/bin/ls $XENDOMAINS_SAVE` - echo -n " MISS SAVED: " $missing - return 1 -} - -# This does NOT necessarily restart all running domains: instead it -# stops all running domains and then boots all the domains specified in -# AUTODIR. If other domains have been started manually then they will -# not get restarted. -# Commented out to avoid confusion! - -restart() -{ - stop - start -} - -reload() -{ - restart -} - - -case "$1" in - start) - start - rc_status - if test -f $LOCKFILE; then rc_status -v; fi - ;; - - stop) - stop - rc_status -v - ;; - - restart) - restart - ;; - reload) - reload - ;; - - status) - echo -n "Checking for xendomains:" - if test ! -f $LOCKFILE; then - rc_failed 3 - else - check_all_auto_domains_up - rc_status - check_all_saved_domains_up - rc_status - fi - rc_status -v - ;; - - *) - echo "Usage: $0 {start|stop|restart|reload|status}" - rc_failed 3 - rc_status -v - ;; -esac - -rc_exit diff --git a/oxenstored.service b/oxenstored.service deleted file mode 100644 index 9953b93..0000000 --- a/oxenstored.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=Oxenstored - ocaml version of daemon managing xenstore file system -Requires=proc-xen.mount var-lib-xenstored.mount -After=proc-xen.mount var-lib-xenstored.mount -Before=libvirtd.service libvirt-guests.service -Conflicts=xenstored.service -RefuseManualStop=true -ConditionPathExists=/proc/xen - -[Service] -Type=forking -Environment=XENSTORED_ARGS= -EnvironmentFile=-/etc/sysconfig/xenstored -PIDFile=/var/run/xenstored.pid -ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities -ExecStart=/usr/sbin/oxenstored --pid-file /var/run/xenstored.pid $XENSTORED_ARGS -ExecStartPost=-/usr/bin/xenstore-write "/local/domain/0/name" "Domain-0" -ExecStartPost=-/usr/bin/xenstore-write "/local/domain/0/domid" 0 - -[Install] -WantedBy=multi-user.target diff --git a/proc-xen.mount b/proc-xen.mount deleted file mode 100644 index 0eaa59c..0000000 --- a/proc-xen.mount +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Mount /proc/xen files -ConditionPathExists=/proc/xen -RefuseManualStop=true - -[Mount] -What=xenfs -Where=/proc/xen -Type=xenfs diff --git a/sources b/sources index 4711157..5a3a9d4 100644 --- a/sources +++ b/sources @@ -4,4 +4,4 @@ bf8f1f9e3ca83d732c00a79a6ef29bc4 newlib-1.16.0.tar.gz cec05e7785497c5e19da2f114b934ffd pciutils-2.2.9.tar.bz2 debc62758716a169df9f62e6ab2bc634 zlib-1.2.3.tar.gz 7b72caf22b01464ee7d6165f2fd85f44 polarssl-1.1.4-gpl.tgz -1868433f393503000877d15cd4e93d15 xen-4.4.1.tar.gz +9bac43d2419d05a647064d9253bb03fa xen-4.5.0.tar.gz diff --git a/tmpfiles.d.xen.conf b/tmpfiles.d.xen.conf deleted file mode 100644 index 5041017..0000000 --- a/tmpfiles.d.xen.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/xen 0755 root root - diff --git a/var-lib-xenstored.mount b/var-lib-xenstored.mount deleted file mode 100644 index 49e0695..0000000 --- a/var-lib-xenstored.mount +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=mount xenstore file system -ConditionPathExists=/proc/xen -RefuseManualStop=true - -[Mount] -What=xenstore -Where=/var/lib/xenstored -Type=tmpfs -Options=mode=755,context="system_u:object_r:xenstored_var_lib_t:s0" diff --git a/xen-configure-xend.patch b/xen-configure-xend.patch deleted file mode 100644 index 0bdc932..0000000 --- a/xen-configure-xend.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up xen-3.4.0/tools/examples/xend-config.sxp.config xen-3.4.0/tools/examples/xend-config.sxp ---- xen-3.4.0/tools/examples/xend-config.sxp.config 2009-05-20 17:12:50.000000000 +0200 -+++ xen-3.4.0/tools/examples/xend-config.sxp 2009-05-20 17:15:35.000000000 +0200 -@@ -58,11 +58,11 @@ - - - #(xend-http-server no) --#(xend-unix-server no) -+(xend-unix-server yes) - #(xend-tcp-xmlrpc-server no) - #(xend-unix-xmlrpc-server yes) --#(xend-relocation-server no) --(xend-relocation-server yes) -+(xend-relocation-server no) -+#(xend-relocation-server yes) - #(xend-relocation-ssl-server no) - #(xend-udev-event-server no) - -@@ -154,7 +154,8 @@ - # two fake interfaces per guest domain. To do things like this, write - # yourself a wrapper script, and call network-bridge from it, as appropriate. - # --(network-script network-bridge) -+#(network-script network-bridge) -+(network-script /bin/true) - - # The script used to control virtual interfaces. This can be overridden on a - # per-vif basis when creating a domain or a configuring a new vif. The -@@ -186,7 +187,7 @@ - # dom0-min-mem is the lowest permissible memory level (in MB) for dom0. - # This is a minimum both for auto-ballooning (as enabled by - # enable-dom0-ballooning below) and for xm mem-set when applied to dom0. --(dom0-min-mem 196) -+(dom0-min-mem 256) - - # Whether to enable auto-ballooning of dom0 to allow domUs to be created. - # If enable-dom0-ballooning = no, dom0 will never balloon out. diff --git a/xen-dumpdir.patch b/xen-dumpdir.patch index c0e7186..5ea1c88 100644 --- a/xen-dumpdir.patch +++ b/xen-dumpdir.patch @@ -9,24 +9,4 @@ diff -up xen-3.4.0/tools/Makefile.dump xen-3.4.0/tools/Makefile + $(INSTALL_DIR) $(DESTDIR)/var/lib/xen/dump $(INSTALL_DIR) $(DESTDIR)/var/log/xen $(INSTALL_DIR) $(DESTDIR)/var/lib/xen - $(INSTALL_DIR) $(DESTDIR)/var/lock/subsys ---- xen-4.0.0/tools/python/xen/xend/XendDomainInfo.py.orig 2010-02-02 20:43:01.000000000 +0000 -+++ xen-4.0.0/tools/python/xen/xend/XendDomainInfo.py 2010-02-02 21:36:57.000000000 +0000 -@@ -2287,7 +2287,7 @@ - # To prohibit directory traversal - based_name = os.path.basename(self.info['name_label']) - -- coredir = "/var/xen/dump/%s" % (based_name) -+ coredir = "/var/lib/xen/dump/%s" % (based_name) - if not os.path.exists(coredir): - try: - mkdir.parents(coredir, stat.S_IRWXU) -@@ -2296,7 +2296,7 @@ - if not os.path.isdir(coredir): - # Use former directory to dump core -- coredir = '/var/xen/dump' -+ coredir = '/var/lib/xen/dump' - - this_time = time.strftime("%Y-%m%d-%H%M.%S", time.localtime()) - corefile = "%s/%s-%s.%s.core" % (coredir, this_time, diff --git a/xen-initscript.patch b/xen-initscript.patch deleted file mode 100644 index 4a571b5..0000000 --- a/xen-initscript.patch +++ /dev/null @@ -1,139 +0,0 @@ ---- xen-4.4.0/tools/python/xen/xend/xend.orig 2012-12-17 15:01:18.000000000 +0000 -+++ xen-4.4.0/tools/python/xen/xend/xend 2013-01-22 21:26:39.387953003 +0000 -@@ -8,103 +8,18 @@ - """Xen management daemon. - Provides console server and HTTP management api. - -- Run: -- xend start -- -- Restart: -- xend restart -- -- The daemon is stopped with: -- xend stop -- - The daemon should reconnect to device control interfaces - and recover its state when restarted. - -- On Solaris, the daemons are SMF managed, and you should not attempt -- to start xend by hand. - """ --import fcntl --import glob --import os --import os.path - import sys --import socket --import signal --import time --import commands -- - from xen.xend.server import SrvDaemon - --class CheckError(ValueError): -- pass -- --def hline(): -- print >>sys.stderr, "*" * 70 -- --def msg(message): -- print >>sys.stderr, "*" * 3, message -- --def check_logging(): -- """Check python logging is installed and raise an error if not. -- Logging is standard from Python 2.3 on. -- """ -- try: -- import logging -- except ImportError: -- hline() -- msg("Python logging is not installed.") -- msg("Use 'make install-logging' at the xen root to install.") -- msg("") -- msg("Alternatively download and install from") -- msg("http://www.red-dove.com/python_logging.html") -- hline() -- raise CheckError("logging is not installed") -- --def check_user(): -- """Check that the effective user id is 0 (root). -- """ -- if os.geteuid() != 0: -- hline() -- msg("Xend must be run as root.") -- hline() -- raise CheckError("invalid user") -- --def start_daemon(daemon, *args): -- if os.fork() == 0: -- os.execvp(daemon, (daemon,) + args) -- --def start_blktapctrl(): -- start_daemon("blktapctrl", "") -- - def main(): -- try: -- check_logging() -- check_user() -- except CheckError: -- sys.exit(1) -- - daemon = SrvDaemon.instance() -- if not sys.argv[1:]: -- print 'usage: %s {start|stop|reload|restart}' % sys.argv[0] -- elif sys.argv[1] == 'start': -- if os.uname()[0] != "SunOS": -- start_blktapctrl() -- return daemon.start() -- elif sys.argv[1] == 'trace_start': -- start_blktapctrl() -- return daemon.start(trace=1) -- elif sys.argv[1] == 'stop': -- return daemon.stop() -- elif sys.argv[1] == 'reload': -- return daemon.reloadConfig() -- elif sys.argv[1] == 'restart': -- start_blktapctrl() -- return daemon.stop() or daemon.start() -- elif sys.argv[1] == 'status': -+ if sys.argv[1:] and sys.argv[1] == 'status': - return daemon.status() -- else: -- print 'not an option:', sys.argv[1] -- return 1 -+ return daemon.start() - - if __name__ == '__main__': - sys.exit(main()) -diff -up xen-3.4.0/tools/python/xen/xend/osdep.py.fix xen-3.4.0/tools/python/xen/xend/osdep.py ---- xen-3.4.0/tools/python/xen/xend/osdep.py.fix 2009-05-18 13:05:38.000000000 +0200 -+++ xen-3.4.0/tools/python/xen/xend/osdep.py 2009-05-20 15:39:18.000000000 +0200 -@@ -27,7 +27,7 @@ _scripts_dir = { - - _xend_autorestart = { - "NetBSD": True, -- "Linux": True, -+ "Linux": False, - "SunOS": False, - } - -diff -up xen-3.4.0/tools/python/xen/xend/server/SrvDaemon.py.fix xen-3.4.0/tools/python/xen/xend/server/SrvDaemon.py ---- xen-3.4.0/tools/python/xen/xend/server/SrvDaemon.py.fix 2009-05-18 13:05:38.000000000 +0200 -+++ xen-3.4.0/tools/python/xen/xend/server/SrvDaemon.py 2009-05-20 15:39:18.000000000 +0200 -@@ -110,7 +110,14 @@ class Daemon: - # Fork, this allows the group leader to exit, - # which means the child can never again regain control of the - # terminal -- if os.fork(): -+ child = os.fork() -+ if child: -+ if not osdep.xend_autorestart: -+ pidfile = open(XEND_PID_FILE, 'w') -+ try: -+ pidfile.write(str(child)) -+ finally: -+ pidfile.close() - os._exit(0) - - # Detach from standard file descriptors, and redirect them to diff --git a/xen-net-disable-iptables-on-bridge.patch b/xen-net-disable-iptables-on-bridge.patch index 53383cf..bc2de21 100644 --- a/xen-net-disable-iptables-on-bridge.patch +++ b/xen-net-disable-iptables-on-bridge.patch @@ -1,12 +1,10 @@ --- xen-4.1.0-orig/tools/hotplug/Linux/vif-bridge 2008-08-22 10:49:07.000000000 +0100 +++ xen-4.1.0-new/tools/hotplug/Linux/vif-bridge 2008-08-29 11:29:38.000000000 +0100 -@@ -96,10 +96,6 @@ case "$command" in +@@ -96,8 +96,6 @@ case "$command" in ;; esac --if [ "$type_if" = vif ]; then -- handle_iptable --fi +-handle_iptable - call_hooks vif post diff --git a/xen-watchdog.service b/xen-watchdog.service deleted file mode 100644 index 8fd225a..0000000 --- a/xen-watchdog.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Xen-watchdog - run xen watchdog daemon -Requires=proc-xen.mount -After=proc-xen.mount xend.service -ConditionPathExists=/proc/xen - -[Service] -Type=forking -ExecStart=/usr/sbin/xenwatchdogd 30 15 -KillSignal=USR1 - -[Install] -WantedBy=multi-user.target diff --git a/xen.64.bit.hyp.on.ix86.patch b/xen.64.bit.hyp.on.ix86.patch index e94101c..2035384 100644 --- a/xen.64.bit.hyp.on.ix86.patch +++ b/xen.64.bit.hyp.on.ix86.patch @@ -1,7 +1,7 @@ --- xen-4.3.0/xen/Makefile.orig 2013-07-19 21:34:24.226148328 +0100 +++ xen-4.3.0/xen/Makefile 2013-07-19 21:46:54.603767317 +0100 @@ -15,6 +15,9 @@ - EFI_MOUNTPOINT ?= /boot/efi + EFI_MOUNTPOINT ?= $(BOOT_DIR)/efi EFI_VENDOR=fedora LD_EFI ?= $(LD) +ifeq ($(XEN_TARGET_ARCH),x86_32) @@ -23,8 +23,8 @@ .PHONY: _build @@ -99,9 +102,9 @@ - $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/compile.h - [ -e include/asm ] || ln -sf asm-$(TARGET_ARCH) include/asm + do ln -nsf ../../../common/efi/$$f arch/$(TARGET_ARCH)/efi/; done;\ + true $(MAKE) -f $(BASEDIR)/Rules.mk -C include - $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) asm-offsets.s + $(MAKE) CC=$(CCX) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) asm-offsets.s diff --git a/xen.console.fix.patch b/xen.console.fix.patch deleted file mode 100644 index 186f2e0..0000000 --- a/xen.console.fix.patch +++ /dev/null @@ -1,95 +0,0 @@ -If xenconsole (the client program) fails, it calls err. This would -previously neglect to reset the user's terminal to sanity. Use atexit -to do so. - -This routinely happens in Xen 4.4 RC5 with pygrub because something -writes the value "" to the tty xenstore key when using xenconsole. -The cause of this is not yet known, but after this patch it just -results in a harmless error message. - -Reported-by: M A Young -Signed-off-by: Ian Jackson -CC: M A Young -CC: Ian Campbell -CC: George Dunlap ---- - tools/console/client/main.c | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) - -diff --git a/tools/console/client/main.c b/tools/console/client/main.c -index eb6a1a9..62159f6 100644 ---- a/tools/console/client/main.c -+++ b/tools/console/client/main.c -@@ -257,6 +257,13 @@ typedef enum { - CONSOLE_SERIAL, - } console_type; - -+static struct termios stdin_old_attr; -+ -+static void restore_term_stdin(void) -+{ -+ restore_term(STDIN_FILENO, &stdin_old_attr); -+} -+ - int main(int argc, char **argv) - { - struct termios attr; -@@ -383,9 +390,9 @@ int main(int argc, char **argv) - } - - init_term(spty, &attr); -- init_term(STDIN_FILENO, &attr); -+ init_term(STDIN_FILENO, &stdin_old_attr); -+ atexit(restore_term_stdin); /* if this fails, oh dear */ - console_loop(spty, xs, path); -- restore_term(STDIN_FILENO, &attr); - - free(path); - free(dom_path); --- -1.7.10.4 -Since 28d386fc4341 (XSA-57), libxl writes an empty value for the -console tty node, with read-only permission for the guest, when -setting up pv console "frontends". (The actual tty value is later set -by xenconsoled.) Writing an empty node is not strictly necessary to -stop the frontend from writing dangerous values here, but it is a good -belt-and-braces approach. - -Unfortunately this confuses xenconsole. It reads the empty value, and -tries to open it as the tty. xenconsole then exits. - -Fix this by having xenconsole treat an empty value the same way as no -value at all. - -Also, make the error opening the tty be nonfatal: we just print a -warning, but do not exit. I think this is helpful in theoretical -situations where xenconsole is racing with libxl and/or xenconsoled. - -Signed-off-by: Ian Jackson -CC: Ian Campbell -CC: George Dunlap ---- - tools/console/client/main.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/tools/console/client/main.c b/tools/console/client/main.c -index 62159f6..b882345 100644 ---- a/tools/console/client/main.c -+++ b/tools/console/client/main.c -@@ -115,9 +115,11 @@ static int get_pty_fd(struct xs_handle *xs, char *path, int seconds) - * disambiguate: just read the pty path */ - pty_path = xs_read(xs, XBT_NULL, path, &len); - if (pty_path != NULL) { -- pty_fd = open(pty_path, O_RDWR | O_NOCTTY); -- if (pty_fd == -1) -- err(errno, "Could not open tty `%s'", pty_path); -+ if (pty_path[0] != '\0') { -+ pty_fd = open(pty_path, O_RDWR | O_NOCTTY); -+ if (pty_fd == -1) -+ warn("Could not open tty `%s'", pty_path); -+ } - free(pty_path); - } - } --- -1.7.10.4 diff --git a/xen.fedora.efi.build.patch b/xen.fedora.efi.build.patch index 1f5e402..7ca5caf 100644 --- a/xen.fedora.efi.build.patch +++ b/xen.fedora.efi.build.patch @@ -38,7 +38,7 @@ @@ -13,6 +13,8 @@ export XEN_ROOT := $(BASEDIR)/.. - EFI_MOUNTPOINT ?= /boot/efi + EFI_MOUNTPOINT ?= $(BOOT_DIR)/efi +EFI_VENDOR=fedora +LD_EFI ?= $(LD) diff --git a/xen.fedora.systemd.patch b/xen.fedora.systemd.patch new file mode 100644 index 0000000..26c8a8f --- /dev/null +++ b/xen.fedora.systemd.patch @@ -0,0 +1,134 @@ +diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/Makefile xen-4.5.0/tools/hotplug/Linux/systemd/Makefile +--- xen-4.5.0/tools/hotplug/Linux/systemd.orig/Makefile 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/hotplug/Linux/systemd/Makefile 2015-01-25 22:23:26.000000000 +0000 +@@ -14,7 +14,8 @@ + XEN_SYSTEMD_SERVICE += xen-qemu-dom0-disk-backend.service + XEN_SYSTEMD_SERVICE += xendomains.service + XEN_SYSTEMD_SERVICE += xen-watchdog.service +-XEN_SYSTEMD_SERVICE += xen-init-dom0.service ++#XEN_SYSTEMD_SERVICE += xen-init-dom0.service ++XEN_SYSTEMD_SERVICE += oxenstored.service + + ALL_XEN_SYSTEMD = $(XEN_SYSTEMD_MODULES) \ + $(XEN_SYSTEMD_MOUNT) \ +diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/oxenstored.service.in xen-4.5.0/tools/hotplug/Linux/systemd/oxenstored.service.in +--- xen-4.5.0/tools/hotplug/Linux/systemd.orig/oxenstored.service.in 1970-01-01 01:00:00.000000000 +0100 ++++ xen-4.5.0/tools/hotplug/Linux/systemd/oxenstored.service.in 2015-01-25 22:37:15.000000000 +0000 +@@ -0,0 +1,25 @@ ++[Unit] ++Description=The ocaml version of Xen xenstore ++Requires=xenstored_ro.socket xenstored.socket proc-xen.mount var-lib-xenstored.mount ++After=proc-xen.mount var-lib-xenstored.mount ++Before=libvirtd.service libvirt-guests.service ++Conflicts=xenstored.service ++RefuseManualStop=true ++ConditionPathExists=/proc/xen/capabilities ++ ++[Service] ++Type=notify ++Sockets=xenstored.socket xenstored_ro.socket ++Environment=XENSTORED_ARGS= ++EnvironmentFile=-@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons ++ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities ++ExecStartPre=-/bin/rm -f @XEN_LIB_STORED@/tdb* ++ExecStartPre=/bin/mkdir -p @XEN_RUN_DIR@ ++ExecStart=@sbindir@/oxenstored --no-fork $XENSTORED_ARGS ++ExecStartPost=-@LIBEXEC_BIN@/xen-init-dom0 ++ ++[Install] ++WantedBy=multi-user.target ++Also=xenstored_ro.socket xenstored.socket ++Also=proc-xen.mount ++Also=var-lib-xenstored.mount +diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/var-lib-xenstored.mount.in xen-4.5.0/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in +--- xen-4.5.0/tools/hotplug/Linux/systemd.orig/var-lib-xenstored.mount.in 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/hotplug/Linux/systemd/var-lib-xenstored.mount.in 2015-01-25 22:28:59.000000000 +0000 +@@ -9,4 +9,4 @@ + What=xenstore + Where=@XEN_LIB_STORED@ + Type=tmpfs +-Options=mode=755 ++Options=mode=755,context="system_u:object_r:xenstored_var_lib_t:s0" +diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/xenconsoled.service.in xen-4.5.0/tools/hotplug/Linux/systemd/xenconsoled.service.in +--- xen-4.5.0/tools/hotplug/Linux/systemd.orig/xenconsoled.service.in 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/hotplug/Linux/systemd/xenconsoled.service.in 2015-01-25 22:30:26.000000000 +0000 +@@ -1,7 +1,7 @@ + [Unit] + Description=Xenconsoled - handles logging from guest consoles and hypervisor +-Requires=proc-xen.mount xenstored.service +-After=proc-xen.mount xenstored.service ++Requires=proc-xen.mount ++After=proc-xen.mount xenstored.service oxenstored.service + ConditionPathExists=/proc/xen/capabilities + + [Service] +diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/xendomains.service.in xen-4.5.0/tools/hotplug/Linux/systemd/xendomains.service.in +--- xen-4.5.0/tools/hotplug/Linux/systemd.orig/xendomains.service.in 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/hotplug/Linux/systemd/xendomains.service.in 2015-01-25 22:31:55.000000000 +0000 +@@ -1,7 +1,7 @@ + [Unit] + Description=Xendomains - start and stop guests on boot and shutdown +-Requires=proc-xen.mount xenstored.service +-After=proc-xen.mount xenstored.service xenconsoled.service xen-init-dom0.service ++Requires=proc-xen.mount ++After=proc-xen.mount xenstored.service xenconsoled.service oxenstored.service + After=network-online.target + After=remote-fs.target + ConditionPathExists=/proc/xen/capabilities +diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/xen-qemu-dom0-disk-backend.service.in xen-4.5.0/tools/hotplug/Linux/systemd/xen-qemu-dom0-disk-backend.service.in +--- xen-4.5.0/tools/hotplug/Linux/systemd.orig/xen-qemu-dom0-disk-backend.service.in 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/hotplug/Linux/systemd/xen-qemu-dom0-disk-backend.service.in 2015-01-25 22:34:36.000000000 +0000 +@@ -1,7 +1,7 @@ + [Unit] + Description=qemu for xen dom0 disk backend +-Requires=proc-xen.mount xenstored.service +-After=proc-xen.mount xenstored.service xenconsoled.service ++Requires=proc-xen.mount ++After=proc-xen.mount xenstored.service xenconsoled.service oxenstored.service + Before=xendomains.service libvirtd.service libvirt-guests.service + RefuseManualStop=true + ConditionPathExists=/proc/xen/capabilities +diff -uN xen-4.5.0/tools/hotplug/Linux/systemd.orig/xenstored.service.in xen-4.5.0/tools/hotplug/Linux/systemd/xenstored.service.in +--- xen-4.5.0/tools/hotplug/Linux/systemd.orig/xenstored.service.in 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/hotplug/Linux/systemd/xenstored.service.in 2015-01-25 22:37:27.000000000 +0000 +@@ -8,13 +8,14 @@ + + [Service] + Type=notify ++Sockets=xenstored.socket xenstored_ro.socket + Environment=XENSTORED_ARGS= +-Environment=XENSTORED=@XENSTORED@ + EnvironmentFile=-@CONFIG_DIR@/@CONFIG_LEAF_DIR@/xencommons + ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities + ExecStartPre=-/bin/rm -f @XEN_LIB_STORED@/tdb* + ExecStartPre=/bin/mkdir -p @XEN_RUN_DIR@ +-ExecStart=/bin/sh -c "exec $XENSTORED --no-fork $XENSTORED_ARGS" ++ExecStart=@sbindir@/xenstored --no-fork $XENSTORED_ARGS ++ExecStartPost=-@LIBEXEC_BIN@/xen-init-dom0 + + [Install] + WantedBy=multi-user.target +--- xen-4.5.0/tools/configure.ac.orig 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/configure.ac 2015-01-28 21:27:22.325653171 +0000 +@@ -12,9 +12,9 @@ + hotplug/Linux/init.d/xen-watchdog + hotplug/Linux/init.d/xencommons + hotplug/Linux/init.d/xendomains ++otplug/Linux/systemd/oxenstored.service + hotplug/Linux/systemd/proc-xen.mount + hotplug/Linux/systemd/var-lib-xenstored.mount +-hotplug/Linux/systemd/xen-init-dom0.service + hotplug/Linux/systemd/xen-qemu-dom0-disk-backend.service + hotplug/Linux/systemd/xen-watchdog.service + hotplug/Linux/systemd/xenconsoled.service +--- xen-4.5.0/tools/configure.orig 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/configure 2015-01-28 21:26:58.559785351 +0000 +@@ -2276,7 +2276,7 @@ + + + +-ac_config_files="$ac_config_files ../config/Tools.mk hotplug/FreeBSD/rc.d/xencommons hotplug/Linux/init.d/sysconfig.xencommons hotplug/Linux/init.d/xen-watchdog hotplug/Linux/init.d/xencommons hotplug/Linux/init.d/xendomains hotplug/Linux/systemd/proc-xen.mount hotplug/Linux/systemd/var-lib-xenstored.mount hotplug/Linux/systemd/xen-init-dom0.service hotplug/Linux/systemd/xen-qemu-dom0-disk-backend.service hotplug/Linux/systemd/xen-watchdog.service hotplug/Linux/systemd/xenconsoled.service hotplug/Linux/systemd/xendomains.service hotplug/Linux/systemd/xenstored.service hotplug/Linux/systemd/xenstored.socket hotplug/Linux/systemd/xenstored_ro.socket hotplug/Linux/vif-setup hotplug/Linux/xen-backend.rules hotplug/Linux/xen-hotplug-common.sh hotplug/Linux/xendomains hotplug/NetBSD/rc.d/xencommons" ++ac_config_files="$ac_config_files ../config/Tools.mk hotplug/FreeBSD/rc.d/xencommons hotplug/Linux/init.d/sysconfig.xencommons hotplug/Linux/init.d/xen-watchdog hotplug/Linux/init.d/xencommons hotplug/Linux/init.d/xendomains hotplug/Linux/systemd/oxenstored.service hotplug/Linux/systemd/proc-xen.mount hotplug/Linux/systemd/var-lib-xenstored.mount hotplug/Linux/systemd/xen-qemu-dom0-disk-backend.service hotplug/Linux/systemd/xen-watchdog.service hotplug/Linux/systemd/xenconsoled.service hotplug/Linux/systemd/xendomains.service hotplug/Linux/systemd/xenstored.service hotplug/Linux/systemd/xenstored.socket hotplug/Linux/systemd/xenstored_ro.socket hotplug/Linux/vif-setup hotplug/Linux/xen-backend.rules hotplug/Linux/xen-hotplug-common.sh hotplug/Linux/xendomains hotplug/NetBSD/rc.d/xencommons" + + ac_config_headers="$ac_config_headers config.h" + diff --git a/xen.fedora19.buildfix.patch b/xen.fedora19.buildfix.patch deleted file mode 100644 index a02e45a..0000000 --- a/xen.fedora19.buildfix.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- xen-4.2.1/tools/debugger/gdbsx/xg/xg_main.c.orig 2012-11-15 20:08:11.000000000 +0000 -+++ xen-4.2.1/tools/debugger/gdbsx/xg/xg_main.c 2012-11-16 23:08:08.716874198 +0000 -@@ -178,7 +178,7 @@ - hypercall.op = __HYPERVISOR_domctl; - hypercall.arg[0] = (unsigned long)&domctl; - -- rc = ioctl(_dom0_fd, IOCTL_PRIVCMD_HYPERCALL, (ulong)&hypercall); -+ rc = ioctl(_dom0_fd, IOCTL_PRIVCMD_HYPERCALL, (unsigned long)&hypercall); - if (domctlarg && sz) - munlock(domctlarg, sz); - return rc; -@@ -218,7 +218,7 @@ - hypercall.arg[0] = (unsigned long)XENVER_capabilities; - hypercall.arg[1] = (unsigned long)&xen_caps; - -- rc = ioctl(_dom0_fd, IOCTL_PRIVCMD_HYPERCALL, (ulong)&hypercall); -+ rc = ioctl(_dom0_fd, IOCTL_PRIVCMD_HYPERCALL, (unsigned long)&hypercall); - munlock(&xen_caps, sizeof(xen_caps)); - XGTRC("XENCAPS:%s\n", xen_caps); - diff --git a/xen.git-3460eeb3fc2811efcf2e8ac13a0882ab72ef92bc.patch b/xen.git-3460eeb3fc2811efcf2e8ac13a0882ab72ef92bc.patch deleted file mode 100644 index c85dd76..0000000 --- a/xen.git-3460eeb3fc2811efcf2e8ac13a0882ab72ef92bc.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 3460eeb3fc2811efcf2e8ac13a0882ab72ef92bc Mon Sep 17 00:00:00 2001 -From: Wen Congyang -Date: Mon, 22 Sep 2014 13:59:14 +0800 -Subject: [PATCH] tools: libxc: restore: csum the correct page - -In verify mode, we map the guest memory, and the guest page is -region_base + i * PAGE_SIZE. So we should csum page (region_base -+ i * PAGE_SIZE), not (region_base + (i+curbatch) * PAGE_SIZE) - -Signed-off-by: Wen Congyang -Acked-by: Ian Campbell ---- - tools/libxc/xc_domain_restore.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c -index bec716c..fb4ddfc 100644 ---- a/tools/libxc/xc_domain_restore.c -+++ b/tools/libxc/xc_domain_restore.c -@@ -1405,7 +1405,7 @@ static int apply_batch(xc_interface *xch, uint32_t dom, struct restore_ctx *ctx, - - DPRINTF("************** pfn=%lx type=%lx gotcs=%08lx " - "actualcs=%08lx\n", pfn, pagebuf->pfn_types[pfn], -- csum_page(region_base + (i + curbatch)*PAGE_SIZE), -+ csum_page(region_base + i * PAGE_SIZE), - csum_page(buf)); - - for ( v = 0; v < 4; v++ ) --- -1.7.2.5 - diff --git a/xen.ocaml.selinux.fix.patch b/xen.ocaml.selinux.fix.patch new file mode 100644 index 0000000..9105559 --- /dev/null +++ b/xen.ocaml.selinux.fix.patch @@ -0,0 +1,24 @@ +--- xen-4.5.0/tools/ocaml/xenstored/select_stubs.c.orig 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/ocaml/xenstored/select_stubs.c 2015-01-26 18:36:36.579632056 +0000 +@@ -16,6 +16,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -74,7 +75,12 @@ + struct rlimit rl; + + rl.rlim_cur = rl.rlim_max = Int_val(limit); +- if (setrlimit(RLIMIT_NOFILE, &rl) != 0) uerror("setrlimit", Nothing); ++ if (setrlimit(RLIMIT_NOFILE, &rl) != 0) { ++ if (errno == EACCES) ++ fprintf(stderr, "setrlimit: permission denied\n"); ++ else ++ uerror("setrlimit", Nothing); ++ } + CAMLreturn(Val_unit); + + } diff --git a/xen.ocaml.uint.fix.patch b/xen.ocaml.uint.fix.patch new file mode 100644 index 0000000..2b03d0c --- /dev/null +++ b/xen.ocaml.uint.fix.patch @@ -0,0 +1,20 @@ +--- xen-4.5.0/tools/ocaml/libs/xb/xs_ring_stubs.c.orig 2015-01-12 16:53:24.000000000 +0000 ++++ xen-4.5.0/tools/ocaml/libs/xb/xs_ring_stubs.c 2015-01-27 21:47:45.156813636 +0000 +@@ -55,7 +55,7 @@ + + cons = *(volatile uint32_t*)&intf->req_cons; + prod = *(volatile uint32_t*)&intf->req_prod; +- connection = *(volatile uint32*)&intf->connection; ++ connection = *(volatile uint32_t*)&intf->connection; + + if (connection != XENSTORE_CONNECTED) + caml_raise_constant(*caml_named_value("Xb.Reconnect")); +@@ -105,7 +105,7 @@ + + cons = *(volatile uint32_t*)&intf->rsp_cons; + prod = *(volatile uint32_t*)&intf->rsp_prod; +- connection = *(volatile uint32*)&intf->connection; ++ connection = *(volatile uint32_t*)&intf->connection; + + if (connection != XENSTORE_CONNECTED) + caml_raise_constant(*caml_named_value("Xb.Reconnect")); diff --git a/xen.ocamlfix.patch b/xen.ocamlfix.patch deleted file mode 100644 index 648ac1c..0000000 --- a/xen.ocamlfix.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- xen-4.4.1/tools/ocaml/libs/xb/xs_ring_stubs.c.orig 2014-09-02 07:20:19.000000000 +0100 -+++ xen-4.4.1/tools/ocaml/libs/xb/xs_ring_stubs.c 2014-09-02 21:42:36.164254201 +0100 -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - - #include - #include -@@ -42,8 +43,8 @@ - XENSTORE_RING_IDX cons, prod; /* offsets only */ - int to_read; - -- cons = *(volatile uint32*)&intf->req_cons; -- prod = *(volatile uint32*)&intf->req_prod; -+ cons = *(volatile uint32_t*)&intf->req_cons; -+ prod = *(volatile uint32_t*)&intf->req_prod; - xen_mb(); - - if ((prod - cons) > XENSTORE_RING_SIZE) -@@ -72,8 +73,8 @@ - XENSTORE_RING_IDX cons, prod; - int can_write; - -- cons = *(volatile uint32*)&intf->rsp_cons; -- prod = *(volatile uint32*)&intf->rsp_prod; -+ cons = *(volatile uint32_t*)&intf->rsp_cons; -+ prod = *(volatile uint32_t*)&intf->rsp_prod; - xen_mb(); - if ( (prod - cons) >= XENSTORE_RING_SIZE ) - return 0; diff --git a/xen.spec b/xen.spec index d920644..1a37221 100644 --- a/xen.spec +++ b/xen.spec @@ -44,16 +44,14 @@ %else %define with_systemd_presets 0 %endif -# don't build xend unless rpmbuild was run with --with xend -%define build_xend %{?_with_xend: 1} %{?!_with_xend: 0} # Hypervisor ABI -%define hv_abi 4.4 +%define hv_abi 4.5 Summary: Xen is a virtual machine monitor Name: xen -Version: 4.4.1 -Release: 12%{?dist} +Version: 4.5.0 +Release: 1%{?dist} Group: Development/Libraries License: GPLv2+ and LGPLv2+ and BSD URL: http://xen.org/ @@ -70,56 +68,24 @@ Source15: polarssl-1.1.4-gpl.tgz # init.d bits Source20: init.xenstored Source21: init.xenconsoled -Source23: init.xend # sysconfig bits Source30: sysconfig.xenstored Source31: sysconfig.xenconsoled -# systemd bits -Source40: proc-xen.mount -Source41: var-lib-xenstored.mount -Source42: xenstored.service -Source44: xend.service -Source45: xenconsoled.service -Source46: xen-watchdog.service -Source47: xendomains.service -Source48: libexec.xendomains -Source49: tmpfiles.d.xen.conf -Source50: oxenstored.service - -Patch1: xen-initscript.patch + Patch4: xen-dumpdir.patch Patch5: xen-net-disable-iptables-on-bridge.patch Patch10: pygrubfix.patch -Patch11: xend.catchbt.patch -Patch12: xend-pci-loop.patch -Patch13: xend.selinux.fixes.patch -Patch15: xen.use.fedora.ipxe.patch -Patch17: xen.fedora.efi.build.patch -Patch18: xen.fedora19.buildfix.patch -Patch20: xen.xsm.enable.patch -Patch21: xen.64.bit.hyp.on.ix86.patch -Patch22: xen.console.fix.patch -Patch23: xen.ocamlfix.patch -Patch24: xsa107-4.4.patch -Patch25: xsa104.patch -Patch26: xsa105.patch -Patch27: xsa106.patch -Patch28: xsa108.patch -Patch29: xsa109.patch -Patch30: xsa110.patch -Patch31: CVE-2014-0150.patch -Patch32: xsa113.patch -Patch33: xsa111.patch -Patch34: xsa112.patch -Patch35: xen.git-3460eeb3fc2811efcf2e8ac13a0882ab72ef92bc.patch -Patch36: xl.migrate.debug.crash.patch -Patch37: xl.migrate.debug.fail.patch -Patch38: xsa114-4.4.patch -Patch39: xl.migrate.debug.fail.fix.patch -Patch40: xsa116.patch - -Patch100: xen-configure-xend.patch +Patch11: xen.use.fedora.ipxe.patch +Patch12: xen.fedora.efi.build.patch +Patch13: xen.xsm.enable.patch +Patch14: xen.64.bit.hyp.on.ix86.patch +Patch15: CVE-2014-0150.patch +Patch16: xen.fedora.systemd.patch +Patch17: xen.ocaml.uint.fix.patch +Patch18: xen.ocaml.selinux.fix.patch +Patch19: xsa118-4.5-unstable-1.patch +Patch20: xsa118-4.5-unstable-2.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: transfig libidn-devel zlib-devel texi2html SDL-devel curl-devel @@ -187,6 +153,9 @@ Requires(preun): systemd Requires(postun): systemd BuildRequires: systemd %endif +%if %with_systemd +BuildRequires: systemd-devel +%endif %description This package contains the XenD daemon and xm command line @@ -284,44 +253,24 @@ manage Xen virtual machines. %prep %setup -q -%patch1 -p1 %patch4 -p1 %patch5 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 +%if %build_xsm %patch13 -p1 +%endif +%if %build_crosshyp +%patch14 -p1 +%endif %patch15 -p1 +%patch16 -p1 %patch17 -p1 %patch18 -p1 -%if %build_xsm +%patch19 -p1 %patch20 -p1 -%endif -%if %build_crosshyp -%patch21 -p1 -%endif -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 -%patch32 -p1 -%patch33 -p1 -%patch34 -p1 -%patch35 -p1 -%patch36 -p1 -%patch37 -p1 -%patch38 -p1 -%patch39 -p1 -%patch40 -p1 - -%patch100 -p1 # stubdom sources cp -v %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} stubdom @@ -335,9 +284,6 @@ cp -v %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} st %define efi_flags LD_EFI=/usr/x86_64-w64-mingw32/bin/ld mkdir -p dist/install/boot/efi/efi/fedora %endif -%if %build_xend -%define xend_opt --enable-xend -%endif %if %(test -f /usr/share/seabios/bios-256k.bin && echo 1|| echo 0) %define seabiosloc /usr/share/seabios/bios-256k.bin %else @@ -346,7 +292,7 @@ mkdir -p dist/install/boot/efi/efi/fedora export XEN_VENDORVERSION="-%{release}" export CFLAGS="$RPM_OPT_FLAGS" make %{?_smp_mflags} %{?efi_flags} prefix=/usr dist-xen -./configure --libdir=%{_libdir} --with-system-seabios=%{seabiosloc} --with-system-qemu=/usr/bin/qemu-system-i386 %{?xend_opt} +./configure --prefix=%{_prefix} --libdir=%{_libdir} --with-system-seabios=%{seabiosloc} --with-system-qemu=/usr/bin/qemu-system-i386 make %{?_smp_mflags} %{?ocaml_flags} prefix=/usr dist-tools make prefix=/usr dist-docs unset CFLAGS @@ -371,9 +317,9 @@ mv %{buildroot}/boot/efi/efi %{buildroot}/boot/efi/EFI %if %build_xsm # policy file should be in /boot/flask mkdir %{buildroot}/boot/flask -mv %{buildroot}/boot/xenpolicy.* %{buildroot}/boot/flask +mv %{buildroot}/boot/xenpolicy* %{buildroot}/boot/flask %else -rm -f %{buildroot}/boot/xenpolicy.* +rm -f %{buildroot}/boot/xenpolicy* %endif ############ debug packaging: list files ############ @@ -432,8 +378,10 @@ rm -rf %{buildroot}/%{_libdir}/efi #mv %{buildroot}/etc/udev/xen*.rules %{buildroot}/etc/udev/rules.d # modules +%if %with_sysv mkdir -p %{buildroot}%{_sysconfdir}/sysconfig/modules install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/sysconfig/modules/%{name}.modules +%endif # logrotate mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d/ @@ -446,63 +394,24 @@ install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} %if %with_sysv install -m 755 %{SOURCE20} %{buildroot}%{_sysconfdir}/rc.d/init.d/xenstored install -m 755 %{SOURCE21} %{buildroot}%{_sysconfdir}/rc.d/init.d/xenconsoled -%if %build_xend -install -m 755 %{SOURCE23} %{buildroot}%{_sysconfdir}/rc.d/init.d/xend -%endif %else rm %{buildroot}%{_sysconfdir}/rc.d/init.d/xen-watchdog rm %{buildroot}%{_sysconfdir}/rc.d/init.d/xencommons -%if %build_xend -rm %{buildroot}%{_sysconfdir}/rc.d/init.d/xend -%endif rm %{buildroot}%{_sysconfdir}/rc.d/init.d/xendomains %endif # sysconfig +%if %with_sysv mkdir -p %{buildroot}%{_sysconfdir}/sysconfig install -m 644 %{SOURCE30} %{buildroot}%{_sysconfdir}/sysconfig/xenstored install -m 644 %{SOURCE31} %{buildroot}%{_sysconfdir}/sysconfig/xenconsoled - -# systemd -%if %with_systemd -mkdir -p %{buildroot}%{_unitdir} -install -m 644 %{SOURCE40} %{buildroot}%{_unitdir}/proc-xen.mount -install -m 644 %{SOURCE41} %{buildroot}%{_unitdir}/var-lib-xenstored.mount -install -m 644 %{SOURCE42} %{buildroot}%{_unitdir}/xenstored.service -%if %build_xend -install -m 644 %{SOURCE44} %{buildroot}%{_unitdir}/xend.service -%endif -install -m 644 %{SOURCE45} %{buildroot}%{_unitdir}/xenconsoled.service -install -m 644 %{SOURCE46} %{buildroot}%{_unitdir}/xen-watchdog.service -install -m 644 %{SOURCE47} %{buildroot}%{_unitdir}/xendomains.service -mkdir -p %{buildroot}%{_libexecdir} -install -m 755 %{SOURCE48} %{buildroot}%{_libexecdir}/xendomains -mkdir -p %{buildroot}/usr/lib/tmpfiles.d -install -m 644 %{SOURCE49} %{buildroot}/usr/lib/tmpfiles.d/xen.conf -%endif -%if %build_ocaml -install -m 644 %{SOURCE50} %{buildroot}%{_unitdir}/oxenstored.service -%endif - -%if %build_xend -# config file only used for hotplug, Fedora uses udev instead -rm -f %{buildroot}/%{_sysconfdir}/sysconfig/xend %endif ############ create dirs in /var ############ -mkdir -p %{buildroot}%{_localstatedir}/lib/xen/xend-db/domain -mkdir -p %{buildroot}%{_localstatedir}/lib/xen/xend-db/vnet -mkdir -p %{buildroot}%{_localstatedir}/lib/xen/xend-db/migrate mkdir -p %{buildroot}%{_localstatedir}/lib/xen/images mkdir -p %{buildroot}%{_localstatedir}/log/xen/console -############ create symlink for x86_64 for compatibility with 3.4 ############ - -%if "%{_libdir}" != "/usr/lib" -ln -s /usr/lib/%{name}/bin/qemu-dm %{buildroot}/%{_libdir}/%{name}/bin/qemu-dm -%endif - ############ debug packaging: list files ############ find %{buildroot} -print | xargs ls -ld | sed -e 's|.*%{buildroot}||' > f2.list @@ -523,9 +432,6 @@ done %post %if %with_sysv -%if %build_xend -/sbin/chkconfig --add xend -%endif /sbin/chkconfig --add xendomains %endif %if %with_systemd @@ -538,23 +444,12 @@ fi %endif %endif -%if %with_sysv -%if %build_xend -if [ $1 != 0 ]; then - service xend condrestart -fi -%endif -%endif - %preun %if %with_systemd_presets %systemd_preun xendomains.service %else if [ $1 == 0 ]; then %if %with_sysv -%if %build_xend - /sbin/chkconfig --del xend -%endif /sbin/chkconfig --del xendomains %endif %if %with_systemd @@ -664,55 +559,20 @@ rm -rf %{buildroot} %defattr(-,root,root) %doc COPYING README %{_bindir}/xencons -%if %build_xend -%{_sbindir}/xend -%{_sbindir}/xm -%endif %{python_sitearch}/%{name} %{python_sitearch}/xen-*.egg-info -%{_mandir}/man1/xm.1* -%{_mandir}/man5/xend-config.sxp.5* -%{_mandir}/man5/xmdomain.cfg.5* -%if %build_xend -%{_datadir}/%{name}/create.dtd -%endif # Startup script %if %with_sysv -%if %build_xend -%{_sysconfdir}/rc.d/init.d/xend -%endif %{_sysconfdir}/rc.d/init.d/xendomains %endif -# Guest config files -%if %build_xend -%config(noreplace) %{_sysconfdir}/%{name}/xmexample* -%endif -# Daemon config -%if %build_xend -%config(noreplace) %{_sysconfdir}/%{name}/xend-* -# xm config -%config(noreplace) %{_sysconfdir}/%{name}/xm-* -%endif # Guest autostart links %dir %attr(0700,root,root) %{_sysconfdir}/%{name}/auto # Autostart of guests %config(noreplace) %{_sysconfdir}/sysconfig/xendomains %if %with_systemd -%if %build_xend -%{_unitdir}/xend.service -%endif %{_unitdir}/xendomains.service -%{_libexecdir}/xendomains -%endif - -%if %build_xend -# Persistent state for XenD -%dir %{_localstatedir}/lib/%{name}/xend-db/ -%dir %{_localstatedir}/lib/%{name}/xend-db/domain -%dir %{_localstatedir}/lib/%{name}/xend-db/migrate -%dir %{_localstatedir}/lib/%{name}/xend-db/vnet %endif %files libs @@ -744,26 +604,33 @@ rm -rf %{buildroot} %{_unitdir}/xenstored.service %{_unitdir}/xenconsoled.service %{_unitdir}/xen-watchdog.service -/usr/lib/tmpfiles.d/xen.conf +%{_unitdir}/xen-qemu-dom0-disk-backend.service +%{_unitdir}/xenstored.socket +%{_unitdir}/xenstored_ro.socket +/usr/lib/modules-load.d/xen.conf %endif +%if %with_sysv %config(noreplace) %{_sysconfdir}/sysconfig/xenstored %config(noreplace) %{_sysconfdir}/sysconfig/xenconsoled +%endif %config(noreplace) %{_sysconfdir}/sysconfig/xencommons %config(noreplace) %{_sysconfdir}/xen/xl.conf %config(noreplace) %{_sysconfdir}/xen/cpupool %config(noreplace) %{_sysconfdir}/xen/xlexample* # Auto-load xen backend drivers +%if %with_sysv %attr(0755,root,root) %{_sysconfdir}/sysconfig/modules/%{name}.modules +%endif # Rotate console log files %config(noreplace) %{_sysconfdir}/logrotate.d/xen # Programs run by other programs -%dir %{_libdir}/%{name} -%dir %{_libdir}/%{name}/bin -%attr(0700,root,root) %{_libdir}/%{name}/bin/* +%dir /usr/lib/%{name} +%dir /usr/lib/%{name}/bin +%attr(0700,root,root) /usr/lib/%{name}/bin/* # QEMU runtime files %dir %{_datadir}/%{name}/qemu %dir %{_datadir}/%{name}/qemu/keymaps @@ -785,17 +652,7 @@ rm -rf %{buildroot} # The firmware %ifarch %{ix86} x86_64 -# Avoid owning /usr/lib twice on i386 -%if "%{_libdir}" != "/usr/lib" -%dir /usr/lib/%{name} -%dir /usr/lib/%{name}/bin -/usr/lib/%{name}/bin/stubdom-dm -/usr/lib/%{name}/bin/qemu-dm -/usr/lib/%{name}/bin/stubdompath.sh -/usr/lib/%{name}/bin/xenpaging -%endif %dir /usr/lib/%{name}/boot -# HVM loader is always in /usr/lib regardless of multilib /usr/lib/xen/boot/hvmloader /usr/lib/xen/boot/ioemu-stubdom.gz /usr/lib/xen/boot/xenstore-stubdom.gz @@ -809,11 +666,6 @@ rm -rf %{buildroot} %dir %{_localstatedir}/lib/xenstored # Xenstore runtime state %ghost %{_localstatedir}/run/xenstored -%if %build_xend -# XenD runtime state -%ghost %attr(0700,root,root) %{_localstatedir}/run/xend -%ghost %attr(0700,root,root) %{_localstatedir}/run/xend/boot -%endif # All xenstore CLI tools %{_bindir}/qemu-*-xen @@ -821,7 +673,7 @@ rm -rf %{buildroot} %{_bindir}/xenstore-* %{_bindir}/pygrub %{_bindir}/xentrace* -%{_bindir}/remus +#%{_bindir}/remus # blktap daemon %{_sbindir}/tapdisk* # XSM @@ -877,7 +729,7 @@ rm -rf %{buildroot} /boot/xen.gz %if %build_xsm %dir %attr(0755,root,root) /boot/flask -/boot/flask/xenpolicy.* +/boot/flask/xenpolicy* %endif %if %build_efi /boot/efi/EFI/fedora/*.efi @@ -923,6 +775,26 @@ rm -rf %{buildroot} %endif %changelog +* Thu Jan 29 2015 Michael Young - 4.5.0-1 +- update to 4.5.0 + xend has gone, so remove references to xend in spec file, sources and patches + remove patches for issues now fixed upstream + adjust some patches due to other code changes + adjust spec file for renamed xenpolicy files + set prefix back to /usr (default is now /usr/local) + use upstream systemd files with patches for Fedora and selinux + sysconfig for systemd is now in xencommons file + for x86_64, files in /usr/lib64/xen/bin have moved to /usr/lib/xen/bin + remus isn't built + upstream systemd support needs systemd-devel to build + replace new uint32 with uint32_t in ocaml file for ocaml-4.02.0 + stop oxenstored failing when selinux is enforcing + re-number patches +- enable building pngs from fig files which is working again +- fix oxenstored.service preset preuninstall script +- arm: vgic: incorrect rate limiting of guest triggered logging [XSA-118] + (#1187153) + * Tue Jan 06 2015 Michael Young - 4.4.1-12 - xen crash due to use after free on hvm guest teardown [XSA-116, CVE-2015-0361] (#1179221) diff --git a/xen.use.fedora.ipxe.patch b/xen.use.fedora.ipxe.patch index e2b8116..d043663 100644 --- a/xen.use.fedora.ipxe.patch +++ b/xen.use.fedora.ipxe.patch @@ -12,14 +12,14 @@ --- xen-4.2.0/Config.mk.orig 2012-05-27 21:57:04.479812884 +0100 +++ xen-4.2.0/Config.mk 2012-06-02 18:55:14.087169469 +0100 @@ -206,7 +206,7 @@ - # Fri Aug 2 14:12:09 2013 -0400 - # Fix bug in CBFS file walking with compressed files. + # Thu May 22 16:59:16 2014 -0400 + # python3 fixes for vgabios and csm builds. -ETHERBOOT_NICS ?= rtl8139 8086100e +ETHERBOOT_NICS ?= 10ec8139 8086100e - # Specify which qemu-dm to use. This may be `ioemu' to use the old - # Mercurial in-tree version, or a local directory, or a git URL. + + QEMU_TRADITIONAL_REVISION ?= xen-4.5.0 --- xen-4.2.0/tools/firmware/Makefile.orig 2012-05-27 21:57:04.480812871 +0100 +++ xen-4.2.0/tools/firmware/Makefile 2012-06-02 19:03:52.254691484 +0100 @@ -10,7 +10,7 @@ @@ -30,4 +30,4 @@ +#SUBDIRS-$(CONFIG_ROMBIOS) += etherboot SUBDIRS-y += hvmloader - ovmf-dir: + LD32BIT-$(CONFIG_FreeBSD) := LD32BIT_FLAG=-melf_i386_fbsd diff --git a/xenconsoled.service b/xenconsoled.service deleted file mode 100644 index daee72d..0000000 --- a/xenconsoled.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Xenconsoled - handles logging from guest consoles and hypervisor -Requires=proc-xen.mount -After=proc-xen.mount xenstored.service oxenstored.service -ConditionPathExists=/proc/xen - -[Service] -Type=simple -Environment=XENCONSOLED_ARGS= -Environment=XENCONSOLED_LOG=none -Environment=XENCONSOLED_LOG_DIR=/var/log/xen/console -EnvironmentFile=-/etc/sysconfig/xenconsoled -PIDFile=/var/run/xenconsoled.pid -ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities -ExecStart=/usr/sbin/xenconsoled --log=${XENCONSOLED_LOG} --log-dir=${XENCONSOLED_LOG_DIR} $XENCONSOLED_ARGS - -[Install] -WantedBy=multi-user.target diff --git a/xend-pci-loop.patch b/xend-pci-loop.patch deleted file mode 100644 index 5c4118a..0000000 --- a/xend-pci-loop.patch +++ /dev/null @@ -1,19 +0,0 @@ -# Don't crash due to weird PCI cards (Bug 767742) - -diff -r fb8dd4c67778 tools/python/xen/util/pci.py ---- a/tools/python/xen/util/pci.py Tue Dec 13 14:16:20 2011 -0500 -+++ b/tools/python/xen/util/pci.py Wed Dec 14 15:46:56 2011 -0500 -@@ -1268,7 +1268,12 @@ class PciDevice: - pass - - def get_info_from_sysfs(self): -- self.find_capability(0x11) -+ try: -+ self.find_capability(0x11) -+ except PciDeviceParseError, err: -+ log.error("Caught '%s'" % err) -+ return False -+ - sysfs_mnt = find_sysfs_mnt() - if sysfs_mnt == None: - return False diff --git a/xend.catchbt.patch b/xend.catchbt.patch deleted file mode 100644 index 95eac54..0000000 --- a/xend.catchbt.patch +++ /dev/null @@ -1,30 +0,0 @@ ---- xen-4.1.2/tools/python/xen/xend/image.py.orig 2011-10-20 18:05:44.000000000 +0100 -+++ xen-4.1.2/tools/python/xen/xend/image.py 2011-11-20 20:41:10.730905790 +0000 -@@ -43,7 +43,11 @@ - from xen.util import utils - from xen.xend import osdep - --xc = xen.lowlevel.xc.xc() -+try: -+ xc = xen.lowlevel.xc.xc() -+except Exception: -+ print >>sys.stderr, ('xend/image.py: Error connecting to hypervisor') -+ os._exit(1) - - MAX_GUEST_CMDLINE = 1024 - ---- xen-4.1.2/tools/python/xen/xend/XendLogging.py.orig 2011-10-20 18:05:44.000000000 +0100 -+++ xen-4.1.2/tools/python/xen/xend/XendLogging.py 2012-01-10 21:27:57.304916048 +0000 -@@ -132,7 +132,11 @@ - fileHandler = openFileHandler(filename) - logfilename = filename - except IOError: -- logfilename = tempfile.mkstemp("-xend.log")[1] -+ try: -+ logfilename = tempfile.mkstemp("-xend.log")[1] -+ except IOError: -+ print >>sys.stderr, ('xend/XendLogging.py: Unable to open standard or temporary log file for xend') -+ os._exit(1) - fileHandler = openFileHandler(logfilename) - - fileHandler.setFormatter(logging.Formatter(LOGFILE_FORMAT, DATE_FORMAT)) diff --git a/xend.selinux.fixes.patch b/xend.selinux.fixes.patch deleted file mode 100644 index abdeece..0000000 --- a/xend.selinux.fixes.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- xen-4.1.2/tools/python/xen/xend/server/SrvDaemon.py.orig 2012-04-15 17:17:50.167887550 +0100 -+++ xen-4.1.2/tools/python/xen/xend/server/SrvDaemon.py 2012-04-15 17:31:13.648842655 +0100 -@@ -325,7 +325,8 @@ - def set_user(self): - # Set the UID. - try: -- os.setuid(pwd.getpwnam(XEND_USER)[2]) -+ if XEND_USER != "root": -+ os.setuid(pwd.getpwnam(XEND_USER)[2]) - return 0 - except KeyError: - print >>sys.stderr, "Error: no such user '%s'" % XEND_USER ---- xen-4.4.0/tools/python/xen/xend/xend.orig 2012-08-07 00:54:02.372867624 +0100 -+++ xen-4.4.0/tools/python/xen/xend/xend 2012-08-07 00:58:11.469753483 +0100 -@@ -1,4 +1,4 @@ --#!/usr/bin/env python -+#!/usr/bin/python -Es - # -*- mode: python; -*- - #============================================================================ - # Copyright (C) 2004 Mike Wray diff --git a/xend.service b/xend.service deleted file mode 100644 index c9abb9f..0000000 --- a/xend.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Xend - interface between hypervisor and some applications -Requires=proc-xen.mount -After=proc-xen.mount -Before=libvirtd.service libvirt-guests.service -ConditionPathExists=/proc/xen - -[Service] -Type=forking -PIDFile=/var/run/xend.pid -Environment=HOME=/root -ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities -ExecStart=/usr/sbin/xend - -[Install] -WantedBy=multi-user.target diff --git a/xendomains.service b/xendomains.service deleted file mode 100644 index 2062ae6..0000000 --- a/xendomains.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Xendomains - start and stop guests on boot and shutdown -Requires=proc-xen.mount -After=proc-xen.mount xenstored.service xenconsoled.service oxenstored.service -ConditionPathExists=/proc/xen - -[Service] -Type=oneshot -RemainAfterExit=true -ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities -ExecStart=-/usr/libexec/xendomains start -ExecStop=/usr/libexec/xendomains stop - -[Install] -WantedBy=multi-user.target diff --git a/xenstored.service b/xenstored.service deleted file mode 100644 index b573330..0000000 --- a/xenstored.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Xenstored - daemon managing xenstore file system -Requires=proc-xen.mount var-lib-xenstored.mount -After=proc-xen.mount var-lib-xenstored.mount -Before=libvirtd.service libvirt-guests.service -RefuseManualStop=true -ConditionPathExists=/proc/xen - -[Service] -Type=forking -Environment=XENSTORED_ARGS= -EnvironmentFile=-/etc/sysconfig/xenstored -PIDFile=/var/run/xenstored.pid -ExecStartPre=/bin/grep -q control_d /proc/xen/capabilities -ExecStart=/usr/sbin/xenstored --pid-file /var/run/xenstored.pid $XENSTORED_ARGS -ExecStartPost=-/usr/bin/xenstore-write "/local/domain/0/name" "Domain-0" -ExecStartPost=-/usr/bin/xenstore-write "/local/domain/0/domid" 0 - -[Install] -WantedBy=multi-user.target diff --git a/xl.migrate.debug.crash.patch b/xl.migrate.debug.crash.patch deleted file mode 100644 index 4b3d822..0000000 --- a/xl.migrate.debug.crash.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- xen-4.5.0-rc1/tools/libxc/xc_domain_restore.c.orig 2014-10-24 15:22:40.000000000 +0100 -+++ xen-4.5.0-rc1/tools/libxc/xc_domain_restore.c 2014-11-25 21:01:16.604081467 +0000 -@@ -1404,7 +1404,7 @@ - int v; - - DPRINTF("************** pfn=%lx type=%lx gotcs=%08lx " -- "actualcs=%08lx\n", pfn, pagebuf->pfn_types[pfn], -+ "actualcs=%08lx\n", pfn, pfn_type[pfn], - csum_page(region_base + i * PAGE_SIZE), - csum_page(buf)); - diff --git a/xl.migrate.debug.fail.fix.patch b/xl.migrate.debug.fail.fix.patch deleted file mode 100644 index cd33143..0000000 --- a/xl.migrate.debug.fail.fix.patch +++ /dev/null @@ -1,36 +0,0 @@ -In commit d36a3734a ("xl: fix migration failure with xl migrate ---debug"), message is printed to stderr for both debug mode -and dryrun mode. That caused rdname() in xendomains fails to parse -domain name since it's expecting input from xl's stdout. - -So this patch separates those two cases. If xl is running in debug mode, -then message is printed to stderr; if xl is running in dryrun mode and -debug is not enabled, message is printed to stdout. This will fix -xendomains and other scripts that use "xl create --dryrun", as well as -not re-introducing the old bug fixed in d36a3734a. - -Reported-by: Mark Pryor -Signed-off-by: Wei Liu -Cc: M A Young -Cc: Ian Campbell -Release-Acked-by: Konrad Wilk ---- - tools/libxl/xl_cmdimpl.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c -index 3737c7e..ed0d478 100644 ---- a/tools/libxl/xl_cmdimpl.c -+++ b/tools/libxl/xl_cmdimpl.c -@@ -2473,7 +2473,8 @@ static uint32_t create_domain(struct domain_create *dom_info) - } - - if (debug || dom_info->dryrun) -- printf_info(default_output_format, -1, &d_config, stderr); -+ printf_info(default_output_format, -1, &d_config, -+ debug ? stderr : stdout); - - ret = 0; - if (dom_info->dryrun) --- -1.7.10.4 diff --git a/xl.migrate.debug.fail.patch b/xl.migrate.debug.fail.patch deleted file mode 100644 index 9b70763..0000000 --- a/xl.migrate.debug.fail.patch +++ /dev/null @@ -1,408 +0,0 @@ ---- xen-4.5.0-rc1/tools/libxl/xl_cmdimpl.c.orig 2014-10-24 15:22:40.000000000 +0100 -+++ xen-4.5.0-rc1/tools/libxl/xl_cmdimpl.c 2014-11-26 22:41:41.697043321 +0000 -@@ -380,10 +380,10 @@ - } - static void printf_info(enum output_format output_format, - int domid, -- libxl_domain_config *d_config) -+ libxl_domain_config *d_config, FILE *fh) - { - if (output_format == OUTPUT_FORMAT_SXP) -- return printf_info_sexp(domid, d_config); -+ return printf_info_sexp(domid, d_config, fh); - - const char *buf; - libxl_yajl_length len = 0; -@@ -404,7 +404,7 @@ - if (s != yajl_gen_status_ok) - goto out; - -- puts(buf); -+ fputs(buf, fh); - - out: - yajl_gen_free(hand); -@@ -413,7 +413,13 @@ - fprintf(stderr, - "unable to format domain config as JSON (YAJL:%d)\n", s); - -- if (ferror(stdout) || fflush(stdout)) { perror("stdout"); exit(-1); } -+ if (ferror(fh) || fflush(fh)) { -+ if (fh == stdout) -+ perror("stdout"); -+ else -+ perror("stderr"); -+ exit(-1); -+ } - } - - static int do_daemonize(char *name) -@@ -2423,7 +2429,7 @@ - } - - if (!dom_info->quiet) -- printf("Parsing config from %s\n", config_source); -+ fprintf(stderr, "Parsing config from %s\n", config_source); - - parse_config_data(config_source, config_data, config_len, &d_config, dom_info); - -@@ -2451,7 +2457,7 @@ - } - - if (debug || dom_info->dryrun) -- printf_info(default_output_format, -1, &d_config); -+ printf_info(default_output_format, -1, &d_config, stderr); - - ret = 0; - if (dom_info->dryrun) -@@ -3403,7 +3409,7 @@ - if (default_output_format == OUTPUT_FORMAT_JSON) - s = printf_info_one_json(hand, info[i].domid, &d_config); - else -- printf_info_sexp(info[i].domid, &d_config); -+ printf_info_sexp(info[i].domid, &d_config, stdout); - libxl_domain_config_dispose(&d_config); - free(data); - free(config_source); -@@ -4725,7 +4731,7 @@ - parse_config_data(filename, config_data, config_len, &d_config, NULL); - - if (debug || dryrun_only) -- printf_info(default_output_format, -1, &d_config); -+ printf_info(default_output_format, -1, &d_config, stdout); - - if (!dryrun_only) { - fprintf(stderr, "setting dom%d configuration\n", domid); ---- xen-4.5.0-rc1/tools/libxl/xl_sxp.c.orig 2014-10-24 15:22:40.000000000 +0100 -+++ xen-4.5.0-rc1/tools/libxl/xl_sxp.c 2014-11-26 22:30:58.416394082 +0000 -@@ -30,7 +30,7 @@ - /* In general you should not add new output to this function since it - * is intended only for legacy use. - */ --void printf_info_sexp(int domid, libxl_domain_config *d_config) -+void printf_info_sexp(int domid, libxl_domain_config *d_config, FILE *fh) - { - int i; - libxl_dominfo info; -@@ -39,197 +39,197 @@ - libxl_domain_build_info *b_info = &d_config->b_info; - char *pool; - -- printf("(domain\n\t(domid %d)\n", domid); -- printf("\t(create_info)\n"); -- printf("\t(hvm %d)\n", c_info->type == LIBXL_DOMAIN_TYPE_HVM); -- printf("\t(hap %s)\n", libxl_defbool_to_string(c_info->hap)); -- printf("\t(oos %s)\n", libxl_defbool_to_string(c_info->oos)); -- printf("\t(ssidref %d)\n", c_info->ssidref); -- printf("\t(name %s)\n", c_info->name); -+ fprintf(fh, "(domain\n\t(domid %d)\n", domid); -+ fprintf(fh, "\t(create_info)\n"); -+ fprintf(fh, "\t(hvm %d)\n", c_info->type == LIBXL_DOMAIN_TYPE_HVM); -+ fprintf(fh, "\t(hap %s)\n", libxl_defbool_to_string(c_info->hap)); -+ fprintf(fh, "\t(oos %s)\n", libxl_defbool_to_string(c_info->oos)); -+ fprintf(fh, "\t(ssidref %d)\n", c_info->ssidref); -+ fprintf(fh, "\t(name %s)\n", c_info->name); - - /* retrieve the UUID from dominfo, since it is probably generated - * during parsing and thus does not match the real one - */ - if (libxl_domain_info(ctx, &info, domid) == 0) { -- printf("\t(uuid " LIBXL_UUID_FMT ")\n", LIBXL_UUID_BYTES(info.uuid)); -+ fprintf(fh, "\t(uuid " LIBXL_UUID_FMT ")\n", LIBXL_UUID_BYTES(info.uuid)); - } else { -- printf("\t(uuid )\n"); -+ fprintf(fh, "\t(uuid )\n"); - } - pool = libxl_cpupoolid_to_name(ctx, c_info->poolid); - if (pool) -- printf("\t(cpupool %s)\n", pool); -+ fprintf(fh, "\t(cpupool %s)\n", pool); - free(pool); - if (c_info->xsdata) -- printf("\t(xsdata contains data)\n"); -+ fprintf(fh, "\t(xsdata contains data)\n"); - else -- printf("\t(xsdata (null))\n"); -+ fprintf(fh, "\t(xsdata (null))\n"); - if (c_info->platformdata) -- printf("\t(platformdata contains data)\n"); -+ fprintf(fh, "\t(platformdata contains data)\n"); - else -- printf("\t(platformdata (null))\n"); -+ fprintf(fh, "\t(platformdata (null))\n"); - - -- printf("\t(build_info)\n"); -- printf("\t(max_vcpus %d)\n", b_info->max_vcpus); -- printf("\t(tsc_mode %s)\n", libxl_tsc_mode_to_string(b_info->tsc_mode)); -- printf("\t(max_memkb %"PRId64")\n", b_info->max_memkb); -- printf("\t(target_memkb %"PRId64")\n", b_info->target_memkb); -- printf("\t(nomigrate %s)\n", -+ fprintf(fh, "\t(build_info)\n"); -+ fprintf(fh, "\t(max_vcpus %d)\n", b_info->max_vcpus); -+ fprintf(fh, "\t(tsc_mode %s)\n", libxl_tsc_mode_to_string(b_info->tsc_mode)); -+ fprintf(fh, "\t(max_memkb %"PRId64")\n", b_info->max_memkb); -+ fprintf(fh, "\t(target_memkb %"PRId64")\n", b_info->target_memkb); -+ fprintf(fh, "\t(nomigrate %s)\n", - libxl_defbool_to_string(b_info->disable_migrate)); - - if (c_info->type == LIBXL_DOMAIN_TYPE_PV && b_info->u.pv.bootloader) { -- printf("\t(bootloader %s)\n", b_info->u.pv.bootloader); -+ fprintf(fh, "\t(bootloader %s)\n", b_info->u.pv.bootloader); - if (b_info->u.pv.bootloader_args) { -- printf("\t(bootloader_args"); -+ fprintf(fh, "\t(bootloader_args"); - for (i=0; b_info->u.pv.bootloader_args[i]; i++) -- printf(" %s", b_info->u.pv.bootloader_args[i]); -- printf(")\n"); -+ fprintf(fh, " %s", b_info->u.pv.bootloader_args[i]); -+ fprintf(fh, ")\n"); - } - } - -- printf("\t(image\n"); -+ fprintf(fh, "\t(image\n"); - switch (c_info->type) { - case LIBXL_DOMAIN_TYPE_HVM: -- printf("\t\t(hvm\n"); -- printf("\t\t\t(firmware %s)\n", b_info->u.hvm.firmware); -- printf("\t\t\t(video_memkb %"PRId64")\n", b_info->video_memkb); -- printf("\t\t\t(shadow_memkb %"PRId64")\n", b_info->shadow_memkb); -- printf("\t\t\t(pae %s)\n", libxl_defbool_to_string(b_info->u.hvm.pae)); -- printf("\t\t\t(apic %s)\n", -+ fprintf(fh, "\t\t(hvm\n"); -+ fprintf(fh, "\t\t\t(firmware %s)\n", b_info->u.hvm.firmware); -+ fprintf(fh, "\t\t\t(video_memkb %"PRId64")\n", b_info->video_memkb); -+ fprintf(fh, "\t\t\t(shadow_memkb %"PRId64")\n", b_info->shadow_memkb); -+ fprintf(fh, "\t\t\t(pae %s)\n", libxl_defbool_to_string(b_info->u.hvm.pae)); -+ fprintf(fh, "\t\t\t(apic %s)\n", - libxl_defbool_to_string(b_info->u.hvm.apic)); -- printf("\t\t\t(acpi %s)\n", -+ fprintf(fh, "\t\t\t(acpi %s)\n", - libxl_defbool_to_string(b_info->u.hvm.acpi)); -- printf("\t\t\t(nx %s)\n", libxl_defbool_to_string(b_info->u.hvm.nx)); -- printf("\t\t\t(viridian %s)\n", -+ fprintf(fh, "\t\t\t(nx %s)\n", libxl_defbool_to_string(b_info->u.hvm.nx)); -+ fprintf(fh, "\t\t\t(viridian %s)\n", - libxl_defbool_to_string(b_info->u.hvm.viridian)); -- printf("\t\t\t(hpet %s)\n", -+ fprintf(fh, "\t\t\t(hpet %s)\n", - libxl_defbool_to_string(b_info->u.hvm.hpet)); -- printf("\t\t\t(vpt_align %s)\n", -+ fprintf(fh, "\t\t\t(vpt_align %s)\n", - libxl_defbool_to_string(b_info->u.hvm.vpt_align)); -- printf("\t\t\t(timer_mode %s)\n", -+ fprintf(fh, "\t\t\t(timer_mode %s)\n", - libxl_timer_mode_to_string(b_info->u.hvm.timer_mode)); -- printf("\t\t\t(nestedhvm %s)\n", -+ fprintf(fh, "\t\t\t(nestedhvm %s)\n", - libxl_defbool_to_string(b_info->u.hvm.nested_hvm)); -- printf("\t\t\t(stdvga %s)\n", b_info->u.hvm.vga.kind == -+ fprintf(fh, "\t\t\t(stdvga %s)\n", b_info->u.hvm.vga.kind == - LIBXL_VGA_INTERFACE_TYPE_STD ? - "True" : "False"); -- printf("\t\t\t(vnc %s)\n", -+ fprintf(fh, "\t\t\t(vnc %s)\n", - libxl_defbool_to_string(b_info->u.hvm.vnc.enable)); -- printf("\t\t\t(vnclisten %s)\n", b_info->u.hvm.vnc.listen); -- printf("\t\t\t(vncdisplay %d)\n", b_info->u.hvm.vnc.display); -- printf("\t\t\t(vncunused %s)\n", -+ fprintf(fh, "\t\t\t(vnclisten %s)\n", b_info->u.hvm.vnc.listen); -+ fprintf(fh, "\t\t\t(vncdisplay %d)\n", b_info->u.hvm.vnc.display); -+ fprintf(fh, "\t\t\t(vncunused %s)\n", - libxl_defbool_to_string(b_info->u.hvm.vnc.findunused)); -- printf("\t\t\t(keymap %s)\n", b_info->u.hvm.keymap); -- printf("\t\t\t(sdl %s)\n", -+ fprintf(fh, "\t\t\t(keymap %s)\n", b_info->u.hvm.keymap); -+ fprintf(fh, "\t\t\t(sdl %s)\n", - libxl_defbool_to_string(b_info->u.hvm.sdl.enable)); -- printf("\t\t\t(opengl %s)\n", -+ fprintf(fh, "\t\t\t(opengl %s)\n", - libxl_defbool_to_string(b_info->u.hvm.sdl.opengl)); -- printf("\t\t\t(nographic %s)\n", -+ fprintf(fh, "\t\t\t(nographic %s)\n", - libxl_defbool_to_string(b_info->u.hvm.nographic)); -- printf("\t\t\t(spice %s)\n", -+ fprintf(fh, "\t\t\t(spice %s)\n", - libxl_defbool_to_string(b_info->u.hvm.spice.enable)); -- printf("\t\t\t(spiceport %d)\n", b_info->u.hvm.spice.port); -- printf("\t\t\t(spicetls_port %d)\n", b_info->u.hvm.spice.tls_port); -- printf("\t\t\t(spicehost %s)\n", b_info->u.hvm.spice.host); -- printf("\t\t\t(spicedisable_ticketing %s)\n", -+ fprintf(fh, "\t\t\t(spiceport %d)\n", b_info->u.hvm.spice.port); -+ fprintf(fh, "\t\t\t(spicetls_port %d)\n", b_info->u.hvm.spice.tls_port); -+ fprintf(fh, "\t\t\t(spicehost %s)\n", b_info->u.hvm.spice.host); -+ fprintf(fh, "\t\t\t(spicedisable_ticketing %s)\n", - libxl_defbool_to_string(b_info->u.hvm.spice.disable_ticketing)); -- printf("\t\t\t(spiceagent_mouse %s)\n", -+ fprintf(fh, "\t\t\t(spiceagent_mouse %s)\n", - libxl_defbool_to_string(b_info->u.hvm.spice.agent_mouse)); - -- printf("\t\t\t(device_model %s)\n", b_info->device_model ? : "default"); -- printf("\t\t\t(gfx_passthru %s)\n", -+ fprintf(fh, "\t\t\t(device_model %s)\n", b_info->device_model ? : "default"); -+ fprintf(fh, "\t\t\t(gfx_passthru %s)\n", - libxl_defbool_to_string(b_info->u.hvm.gfx_passthru)); -- printf("\t\t\t(serial %s)\n", b_info->u.hvm.serial); -- printf("\t\t\t(boot %s)\n", b_info->u.hvm.boot); -- printf("\t\t\t(usb %s)\n", libxl_defbool_to_string(b_info->u.hvm.usb)); -- printf("\t\t\t(usbdevice %s)\n", b_info->u.hvm.usbdevice); -- printf("\t\t)\n"); -+ fprintf(fh, "\t\t\t(serial %s)\n", b_info->u.hvm.serial); -+ fprintf(fh, "\t\t\t(boot %s)\n", b_info->u.hvm.boot); -+ fprintf(fh, "\t\t\t(usb %s)\n", libxl_defbool_to_string(b_info->u.hvm.usb)); -+ fprintf(fh, "\t\t\t(usbdevice %s)\n", b_info->u.hvm.usbdevice); -+ fprintf(fh, "\t\t)\n"); - break; - case LIBXL_DOMAIN_TYPE_PV: -- printf("\t\t(linux %d)\n", 0); -- printf("\t\t\t(kernel %s)\n", b_info->u.pv.kernel); -- printf("\t\t\t(cmdline %s)\n", b_info->u.pv.cmdline); -- printf("\t\t\t(ramdisk %s)\n", b_info->u.pv.ramdisk); -- printf("\t\t\t(e820_host %s)\n", -+ fprintf(fh, "\t\t(linux %d)\n", 0); -+ fprintf(fh, "\t\t\t(kernel %s)\n", b_info->u.pv.kernel); -+ fprintf(fh, "\t\t\t(cmdline %s)\n", b_info->u.pv.cmdline); -+ fprintf(fh, "\t\t\t(ramdisk %s)\n", b_info->u.pv.ramdisk); -+ fprintf(fh, "\t\t\t(e820_host %s)\n", - libxl_defbool_to_string(b_info->u.pv.e820_host)); -- printf("\t\t)\n"); -+ fprintf(fh, "\t\t)\n"); - break; - default: - fprintf(stderr, "Unknown domain type %d\n", c_info->type); - exit(1); - } -- printf("\t)\n"); -+ fprintf(fh, "\t)\n"); - - for (i = 0; i < d_config->num_disks; i++) { -- printf("\t(device\n"); -- printf("\t\t(tap\n"); -- printf("\t\t\t(backend_domid %d)\n", d_config->disks[i].backend_domid); -- printf("\t\t\t(frontend_domid %d)\n", domid); -- printf("\t\t\t(physpath %s)\n", d_config->disks[i].pdev_path); -- printf("\t\t\t(phystype %d)\n", d_config->disks[i].backend); -- printf("\t\t\t(virtpath %s)\n", d_config->disks[i].vdev); -- printf("\t\t\t(unpluggable %d)\n", d_config->disks[i].removable); -- printf("\t\t\t(readwrite %d)\n", d_config->disks[i].readwrite); -- printf("\t\t\t(is_cdrom %d)\n", d_config->disks[i].is_cdrom); -- printf("\t\t)\n"); -- printf("\t)\n"); -+ fprintf(fh, "\t(device\n"); -+ fprintf(fh, "\t\t(tap\n"); -+ fprintf(fh, "\t\t\t(backend_domid %d)\n", d_config->disks[i].backend_domid); -+ fprintf(fh, "\t\t\t(frontend_domid %d)\n", domid); -+ fprintf(fh, "\t\t\t(physpath %s)\n", d_config->disks[i].pdev_path); -+ fprintf(fh, "\t\t\t(phystype %d)\n", d_config->disks[i].backend); -+ fprintf(fh, "\t\t\t(virtpath %s)\n", d_config->disks[i].vdev); -+ fprintf(fh, "\t\t\t(unpluggable %d)\n", d_config->disks[i].removable); -+ fprintf(fh, "\t\t\t(readwrite %d)\n", d_config->disks[i].readwrite); -+ fprintf(fh, "\t\t\t(is_cdrom %d)\n", d_config->disks[i].is_cdrom); -+ fprintf(fh, "\t\t)\n"); -+ fprintf(fh, "\t)\n"); - } - - for (i = 0; i < d_config->num_nics; i++) { -- printf("\t(device\n"); -- printf("\t\t(vif\n"); -+ fprintf(fh, "\t(device\n"); -+ fprintf(fh, "\t\t(vif\n"); - if (d_config->nics[i].ifname) -- printf("\t\t\t(vifname %s)\n", d_config->nics[i].ifname); -- printf("\t\t\t(backend_domid %d)\n", d_config->nics[i].backend_domid); -- printf("\t\t\t(frontend_domid %d)\n", domid); -- printf("\t\t\t(devid %d)\n", d_config->nics[i].devid); -- printf("\t\t\t(mtu %d)\n", d_config->nics[i].mtu); -- printf("\t\t\t(model %s)\n", d_config->nics[i].model); -- printf("\t\t\t(mac %02x%02x%02x%02x%02x%02x)\n", -+ fprintf(fh, "\t\t\t(vifname %s)\n", d_config->nics[i].ifname); -+ fprintf(fh, "\t\t\t(backend_domid %d)\n", d_config->nics[i].backend_domid); -+ fprintf(fh, "\t\t\t(frontend_domid %d)\n", domid); -+ fprintf(fh, "\t\t\t(devid %d)\n", d_config->nics[i].devid); -+ fprintf(fh, "\t\t\t(mtu %d)\n", d_config->nics[i].mtu); -+ fprintf(fh, "\t\t\t(model %s)\n", d_config->nics[i].model); -+ fprintf(fh, "\t\t\t(mac %02x%02x%02x%02x%02x%02x)\n", - d_config->nics[i].mac[0], d_config->nics[i].mac[1], - d_config->nics[i].mac[2], d_config->nics[i].mac[3], - d_config->nics[i].mac[4], d_config->nics[i].mac[5]); -- printf("\t\t)\n"); -- printf("\t)\n"); -+ fprintf(fh, "\t\t)\n"); -+ fprintf(fh, "\t)\n"); - } - - for (i = 0; i < d_config->num_pcidevs; i++) { -- printf("\t(device\n"); -- printf("\t\t(pci\n"); -- printf("\t\t\t(pci dev %04x:%02x:%02x.%01x@%02x)\n", -+ fprintf(fh, "\t(device\n"); -+ fprintf(fh, "\t\t(pci\n"); -+ fprintf(fh, "\t\t\t(pci dev %04x:%02x:%02x.%01x@%02x)\n", - d_config->pcidevs[i].domain, d_config->pcidevs[i].bus, - d_config->pcidevs[i].dev, d_config->pcidevs[i].func, - d_config->pcidevs[i].vdevfn); -- printf("\t\t\t(opts msitranslate %d power_mgmt %d)\n", -+ fprintf(fh, "\t\t\t(opts msitranslate %d power_mgmt %d)\n", - d_config->pcidevs[i].msitranslate, - d_config->pcidevs[i].power_mgmt); -- printf("\t\t)\n"); -- printf("\t)\n"); -+ fprintf(fh, "\t\t)\n"); -+ fprintf(fh, "\t)\n"); - } - - for (i = 0; i < d_config->num_vfbs; i++) { -- printf("\t(device\n"); -- printf("\t\t(vfb\n"); -- printf("\t\t\t(backend_domid %d)\n", d_config->vfbs[i].backend_domid); -- printf("\t\t\t(frontend_domid %d)\n", domid); -- printf("\t\t\t(devid %d)\n", d_config->vfbs[i].devid); -- printf("\t\t\t(vnc %s)\n", -+ fprintf(fh, "\t(device\n"); -+ fprintf(fh, "\t\t(vfb\n"); -+ fprintf(fh, "\t\t\t(backend_domid %d)\n", d_config->vfbs[i].backend_domid); -+ fprintf(fh, "\t\t\t(frontend_domid %d)\n", domid); -+ fprintf(fh, "\t\t\t(devid %d)\n", d_config->vfbs[i].devid); -+ fprintf(fh, "\t\t\t(vnc %s)\n", - libxl_defbool_to_string(d_config->vfbs[i].vnc.enable)); -- printf("\t\t\t(vnclisten %s)\n", d_config->vfbs[i].vnc.listen); -- printf("\t\t\t(vncdisplay %d)\n", d_config->vfbs[i].vnc.display); -- printf("\t\t\t(vncunused %s)\n", -+ fprintf(fh, "\t\t\t(vnclisten %s)\n", d_config->vfbs[i].vnc.listen); -+ fprintf(fh, "\t\t\t(vncdisplay %d)\n", d_config->vfbs[i].vnc.display); -+ fprintf(fh, "\t\t\t(vncunused %s)\n", - libxl_defbool_to_string(d_config->vfbs[i].vnc.findunused)); -- printf("\t\t\t(keymap %s)\n", d_config->vfbs[i].keymap); -- printf("\t\t\t(sdl %s)\n", -+ fprintf(fh, "\t\t\t(keymap %s)\n", d_config->vfbs[i].keymap); -+ fprintf(fh, "\t\t\t(sdl %s)\n", - libxl_defbool_to_string(d_config->vfbs[i].sdl.enable)); -- printf("\t\t\t(opengl %s)\n", -+ fprintf(fh, "\t\t\t(opengl %s)\n", - libxl_defbool_to_string(d_config->vfbs[i].sdl.opengl)); -- printf("\t\t\t(display %s)\n", d_config->vfbs[i].sdl.display); -- printf("\t\t\t(xauthority %s)\n", d_config->vfbs[i].sdl.xauthority); -- printf("\t\t)\n"); -- printf("\t)\n"); -+ fprintf(fh, "\t\t\t(display %s)\n", d_config->vfbs[i].sdl.display); -+ fprintf(fh, "\t\t\t(xauthority %s)\n", d_config->vfbs[i].sdl.xauthority); -+ fprintf(fh, "\t\t)\n"); -+ fprintf(fh, "\t)\n"); - } -- printf(")\n"); -+ fprintf(fh, ")\n"); - } - - ---- xen-4.5.0-rc1/tools/libxl/xl.h.orig 2014-10-24 15:22:40.000000000 +0100 -+++ xen-4.5.0-rc1/tools/libxl/xl.h 2014-11-26 22:30:58.416394082 +0000 -@@ -186,7 +186,7 @@ - }; - extern enum output_format default_output_format; - --extern void printf_info_sexp(int domid, libxl_domain_config *d_config); -+extern void printf_info_sexp(int domid, libxl_domain_config *d_config, FILE *fh); - - #define XL_GLOBAL_CONFIG XEN_CONFIG_DIR "/xl.conf" - #define XL_LOCK_FILE XEN_LOCK_DIR "/xl" diff --git a/xsa104.patch b/xsa104.patch deleted file mode 100644 index 2c5b39e..0000000 --- a/xsa104.patch +++ /dev/null @@ -1,44 +0,0 @@ -x86/shadow: fix race condition sampling the dirty vram state - -d->arch.hvm_domain.dirty_vram must be read with the domain's paging lock held. - -If not, two concurrent hypercalls could both end up attempting to free -dirty_vram (the second of which will free a wild pointer), or both end up -allocating a new dirty_vram structure (the first of which will be leaked). - -This is XSA-104. - -Signed-off-by: Andrew Cooper -Reviewed-by: Tim Deegan - ---- a/xen/arch/x86/mm/shadow/common.c -+++ b/xen/arch/x86/mm/shadow/common.c -@@ -3485,7 +3485,7 @@ int shadow_track_dirty_vram(struct domai - int flush_tlb = 0; - unsigned long i; - p2m_type_t t; -- struct sh_dirty_vram *dirty_vram = d->arch.hvm_domain.dirty_vram; -+ struct sh_dirty_vram *dirty_vram; - struct p2m_domain *p2m = p2m_get_hostp2m(d); - - if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 ) -@@ -3495,6 +3495,8 @@ int shadow_track_dirty_vram(struct domai - p2m_lock(p2m_get_hostp2m(d)); - paging_lock(d); - -+ dirty_vram = d->arch.hvm_domain.dirty_vram; -+ - if ( dirty_vram && (!nr || - ( begin_pfn != dirty_vram->begin_pfn - || end_pfn != dirty_vram->end_pfn )) ) ---- a/xen/include/asm-x86/hvm/domain.h -+++ b/xen/include/asm-x86/hvm/domain.h -@@ -112,7 +112,7 @@ struct hvm_domain { - /* Memory ranges with pinned cache attributes. */ - struct list_head pinned_cacheattr_ranges; - -- /* VRAM dirty support. */ -+ /* VRAM dirty support. Protect with the domain paging lock. */ - struct sh_dirty_vram *dirty_vram; - - /* If one of vcpus of this domain is in no_fill_mode or diff --git a/xsa105.patch b/xsa105.patch deleted file mode 100644 index cc7cafd..0000000 --- a/xsa105.patch +++ /dev/null @@ -1,37 +0,0 @@ -x86/emulate: check cpl for all privileged instructions - -Without this, it is possible for userspace to load its own IDT or GDT. - -This is XSA-105. - -Reported-by: Andrei LUTAS -Signed-off-by: Andrew Cooper -Reviewed-by: Jan Beulich -Tested-by: Andrei LUTAS - ---- a/xen/arch/x86/x86_emulate/x86_emulate.c -+++ b/xen/arch/x86/x86_emulate/x86_emulate.c -@@ -3314,6 +3314,7 @@ x86_emulate( - goto swint; - - case 0xf4: /* hlt */ -+ generate_exception_if(!mode_ring0(), EXC_GP, 0); - ctxt->retire.flags.hlt = 1; - break; - -@@ -3710,6 +3711,7 @@ x86_emulate( - break; - case 2: /* lgdt */ - case 3: /* lidt */ -+ generate_exception_if(!mode_ring0(), EXC_GP, 0); - generate_exception_if(ea.type != OP_MEM, EXC_UD, -1); - fail_if(ops->write_segment == NULL); - memset(®, 0, sizeof(reg)); -@@ -3738,6 +3740,7 @@ x86_emulate( - case 6: /* lmsw */ - fail_if(ops->read_cr == NULL); - fail_if(ops->write_cr == NULL); -+ generate_exception_if(!mode_ring0(), EXC_GP, 0); - if ( (rc = ops->read_cr(0, &cr0, ctxt)) ) - goto done; - if ( ea.type == OP_REG ) diff --git a/xsa106.patch b/xsa106.patch deleted file mode 100644 index 436724d..0000000 --- a/xsa106.patch +++ /dev/null @@ -1,23 +0,0 @@ -x86emul: only emulate software interrupt injection for real mode - -Protected mode emulation currently lacks proper privilege checking of -the referenced IDT entry, and there's currently no legitimate way for -any of the respective instructions to reach the emulator when the guest -is in protected mode. - -This is XSA-106. - -Reported-by: Andrei LUTAS -Signed-off-by: Jan Beulich -Acked-by: Keir Fraser - ---- a/xen/arch/x86/x86_emulate/x86_emulate.c -+++ b/xen/arch/x86/x86_emulate/x86_emulate.c -@@ -2634,6 +2634,7 @@ x86_emulate( - case 0xcd: /* int imm8 */ - src.val = insn_fetch_type(uint8_t); - swint: -+ fail_if(!in_realmode(ctxt, ops)); /* XSA-106 */ - fail_if(ops->inject_sw_interrupt == NULL); - rc = ops->inject_sw_interrupt(src.val, _regs.eip - ctxt->regs->eip, - ctxt) ? : X86EMUL_EXCEPTION; diff --git a/xsa107-4.4.patch b/xsa107-4.4.patch deleted file mode 100644 index 2cea0b7..0000000 --- a/xsa107-4.4.patch +++ /dev/null @@ -1,165 +0,0 @@ -evtchn: check control block exists when using FIFO-based events - -When using the FIFO-based event channels, there are no checks for the -existance of a control block when binding an event or moving it to a -different VCPU. This is because events may be bound when the ABI is -in 2-level mode (e.g., by the toolstack before the domain is started). - -The guest may trigger a Xen crash in evtchn_fifo_set_pending() if: - - a) the event is bound to a VCPU without a control block; or - b) VCPU 0 does not have a control block. - -In case (a), Xen will crash when looking up the current queue. In -(b), Xen will crash when looking up the old queue (which defaults to a -queue on VCPU 0). - -By allocating all the per-VCPU structures when enabling the FIFO ABI, -we can be sure that v->evtchn_fifo is always valid. - -EVTCHNOP_init_control_block for all the other CPUs need only map the -shared control block. - -A single check in evtchn_fifo_set_pending() before accessing the -control block fixes all cases where the guest has not initialized some -control blocks. - -This is XSA-107. - -Reported-by: Vitaly Kuznetsov -Signed-off-by: David Vrabel -Reviewed-by: Jan Beulich - ---- a/xen/common/event_fifo.c -+++ b/xen/common/event_fifo.c -@@ -178,6 +178,19 @@ static void evtchn_fifo_set_pending(stru - bool_t linked = 0; - - /* -+ * Control block not mapped. The guest must not unmask an -+ * event until the control block is initialized, so we can -+ * just drop the event. -+ */ -+ if ( unlikely(!v->evtchn_fifo->control_block) ) -+ { -+ printk(XENLOG_G_WARNING -+ "d%dv%d has no FIFO event channel control block\n", -+ d->domain_id, v->vcpu_id); -+ goto done; -+ } -+ -+ /* - * No locking around getting the queue. This may race with - * changing the priority but we are allowed to signal the - * event once on the old priority. -@@ -385,36 +398,42 @@ static void init_queue(struct vcpu *v, s - { - spin_lock_init(&q->lock); - q->priority = i; -- q->head = &v->evtchn_fifo->control_block->head[i]; - } - --static int setup_control_block(struct vcpu *v, uint64_t gfn, uint32_t offset) -+static int setup_control_block(struct vcpu *v) - { -- struct domain *d = v->domain; - struct evtchn_fifo_vcpu *efv; -- void *virt; - unsigned int i; -- int rc; -- -- if ( v->evtchn_fifo ) -- return -EINVAL; - - efv = xzalloc(struct evtchn_fifo_vcpu); - if ( !efv ) - return -ENOMEM; - -- rc = map_guest_page(d, gfn, &virt); -+ for ( i = 0; i <= EVTCHN_FIFO_PRIORITY_MIN; i++ ) -+ init_queue(v, &efv->queue[i], i); -+ -+ v->evtchn_fifo = efv; -+ -+ return 0; -+} -+ -+static int map_control_block(struct vcpu *v, uint64_t gfn, uint32_t offset) -+{ -+ void *virt; -+ unsigned int i; -+ int rc; -+ -+ if ( v->evtchn_fifo->control_block ) -+ return -EINVAL; -+ -+ rc = map_guest_page(v->domain, gfn, &virt); - if ( rc < 0 ) -- { -- xfree(efv); - return rc; -- } - -- v->evtchn_fifo = efv; - v->evtchn_fifo->control_block = virt + offset; - - for ( i = 0; i <= EVTCHN_FIFO_PRIORITY_MIN; i++ ) -- init_queue(v, &v->evtchn_fifo->queue[i], i); -+ v->evtchn_fifo->queue[i].head = &v->evtchn_fifo->control_block->head[i]; - - return 0; - } -@@ -508,28 +527,43 @@ int evtchn_fifo_init_control(struct evtc - - spin_lock(&d->event_lock); - -- rc = setup_control_block(v, gfn, offset); -- - /* - * If this is the first control block, setup an empty event array - * and switch to the fifo port ops. - */ -- if ( rc == 0 && !d->evtchn_fifo ) -+ if ( !d->evtchn_fifo ) - { -+ struct vcpu *vcb; -+ -+ for_each_vcpu ( d, vcb ) { -+ rc = setup_control_block(vcb); -+ if ( rc < 0 ) -+ goto error; -+ } -+ - rc = setup_event_array(d); - if ( rc < 0 ) -- cleanup_control_block(v); -- else -- { -- d->evtchn_port_ops = &evtchn_port_ops_fifo; -- d->max_evtchns = EVTCHN_FIFO_NR_CHANNELS; -- setup_ports(d); -- } -+ goto error; -+ -+ rc = map_control_block(v, gfn, offset); -+ if ( rc < 0 ) -+ goto error; -+ -+ d->evtchn_port_ops = &evtchn_port_ops_fifo; -+ d->max_evtchns = EVTCHN_FIFO_NR_CHANNELS; -+ setup_ports(d); - } -+ else -+ rc = map_control_block(v, gfn, offset); - - spin_unlock(&d->event_lock); - - return rc; -+ -+ error: -+ evtchn_fifo_destroy(d); -+ spin_unlock(&d->event_lock); -+ return rc; - } - - static int add_page_to_event_array(struct domain *d, unsigned long gfn) diff --git a/xsa108.patch b/xsa108.patch deleted file mode 100644 index e162185..0000000 --- a/xsa108.patch +++ /dev/null @@ -1,36 +0,0 @@ -x86/HVM: properly bound x2APIC MSR range - -While the write path change appears to be purely cosmetic (but still -gets done here for consistency), the read side mistake permitted -accesses beyond the virtual APIC page. - -Note that while this isn't fully in line with the specification -(digesting MSRs 0x800-0xBFF for the x2APIC), this is the minimal -possible fix addressing the security issue and getting x2APIC related -code into a consistent shape (elsewhere a 256 rather than 1024 wide -window is being used too). This will be dealt with subsequently. - -This is XSA-108. - -Signed-off-by: Jan Beulich - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -4380,7 +4380,7 @@ int hvm_msr_read_intercept(unsigned int - *msr_content = vcpu_vlapic(v)->hw.apic_base_msr; - break; - -- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: -+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: - if ( hvm_x2apic_msr_read(v, msr, msr_content) ) - goto gp_fault; - break; -@@ -4506,7 +4506,7 @@ int hvm_msr_write_intercept(unsigned int - vlapic_tdt_msr_set(vcpu_vlapic(v), msr_content); - break; - -- case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0x3ff: -+ case MSR_IA32_APICBASE_MSR ... MSR_IA32_APICBASE_MSR + 0xff: - if ( hvm_x2apic_msr_write(v, msr, msr_content) ) - goto gp_fault; - break; diff --git a/xsa109.patch b/xsa109.patch deleted file mode 100644 index 0028b2f..0000000 --- a/xsa109.patch +++ /dev/null @@ -1,25 +0,0 @@ -x86: don't allow page table updates on non-PV page tables in do_mmu_update() - -paging_write_guest_entry() and paging_cmpxchg_guest_entry() aren't -consistently supported for non-PV guests (they'd deref NULL for PVH or -non-HAP HVM ones). Don't allow respective MMU_* operations on the -page tables of such domains. - -This is XSA-109. - -Signed-off-by: Jan Beulich -Acked-by: Tim Deegan - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -3493,6 +3493,10 @@ long do_mmu_update( - { - p2m_type_t p2mt; - -+ rc = -EOPNOTSUPP; -+ if ( unlikely(paging_mode_refcounts(pt_owner)) ) -+ break; -+ - xsm_needed |= XSM_MMU_NORMAL_UPDATE; - if ( get_pte_flags(req.val) & _PAGE_PRESENT ) - { diff --git a/xsa110.patch b/xsa110.patch deleted file mode 100644 index 3e7479f..0000000 --- a/xsa110.patch +++ /dev/null @@ -1,156 +0,0 @@ -x86emul: enforce privilege level restrictions when loading CS - -Privilege level checks were basically missing for the CS case, the -only check that was done (RPL == DPL for nonconforming segments) -was solely covering a single special case (return to non-conforming -segment). - -Additionally in long mode the L bit set requires the D bit to be clear, -as was recently pointed out for KVM by Nadav Amit -. - -Finally we also need to force the loaded selector's RPL to CPL (at -least as long as lret/retf emulation doesn't support privilege level -changes). - -This is XSA-110. - -Signed-off-by: Jan Beulich -Reviewed-by: Tim Deegan - ---- a/xen/arch/x86/x86_emulate/x86_emulate.c -+++ b/xen/arch/x86/x86_emulate/x86_emulate.c -@@ -1119,7 +1119,7 @@ realmode_load_seg( - static int - protmode_load_seg( - enum x86_segment seg, -- uint16_t sel, -+ uint16_t sel, bool_t is_ret, - struct x86_emulate_ctxt *ctxt, - const struct x86_emulate_ops *ops) - { -@@ -1185,9 +1185,23 @@ protmode_load_seg( - /* Code segment? */ - if ( !(desc.b & (1u<<11)) ) - goto raise_exn; -- /* Non-conforming segment: check DPL against RPL. */ -- if ( ((desc.b & (6u<<9)) != (6u<<9)) && (dpl != rpl) ) -+ if ( is_ret -+ ? /* -+ * Really rpl < cpl, but our sole caller doesn't handle -+ * privilege level changes. -+ */ -+ rpl != cpl || (desc.b & (1 << 10) ? dpl > rpl : dpl != rpl) -+ : desc.b & (1 << 10) -+ /* Conforming segment: check DPL against CPL. */ -+ ? dpl > cpl -+ /* Non-conforming segment: check RPL and DPL against CPL. */ -+ : rpl > cpl || dpl != cpl ) - goto raise_exn; -+ /* 64-bit code segments (L bit set) must have D bit clear. */ -+ if ( in_longmode(ctxt, ops) && -+ (desc.b & (1 << 21)) && (desc.b & (1 << 22)) ) -+ goto raise_exn; -+ sel = (sel ^ rpl) | cpl; - break; - case x86_seg_ss: - /* Writable data segment? */ -@@ -1252,7 +1266,7 @@ protmode_load_seg( - static int - load_seg( - enum x86_segment seg, -- uint16_t sel, -+ uint16_t sel, bool_t is_ret, - struct x86_emulate_ctxt *ctxt, - const struct x86_emulate_ops *ops) - { -@@ -1261,7 +1275,7 @@ load_seg( - return X86EMUL_UNHANDLEABLE; - - if ( in_protmode(ctxt, ops) ) -- return protmode_load_seg(seg, sel, ctxt, ops); -+ return protmode_load_seg(seg, sel, is_ret, ctxt, ops); - - return realmode_load_seg(seg, sel, ctxt, ops); - } -@@ -2003,7 +2017,7 @@ x86_emulate( - if ( (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes), - &dst.val, op_bytes, ctxt, ops)) != 0 ) - goto done; -- if ( (rc = load_seg(src.val, (uint16_t)dst.val, ctxt, ops)) != 0 ) -+ if ( (rc = load_seg(src.val, dst.val, 0, ctxt, ops)) != 0 ) - return rc; - break; - -@@ -2357,7 +2371,7 @@ x86_emulate( - enum x86_segment seg = decode_segment(modrm_reg); - generate_exception_if(seg == decode_segment_failed, EXC_UD, -1); - generate_exception_if(seg == x86_seg_cs, EXC_UD, -1); -- if ( (rc = load_seg(seg, (uint16_t)src.val, ctxt, ops)) != 0 ) -+ if ( (rc = load_seg(seg, src.val, 0, ctxt, ops)) != 0 ) - goto done; - if ( seg == x86_seg_ss ) - ctxt->retire.flags.mov_ss = 1; -@@ -2438,7 +2452,7 @@ x86_emulate( - &_regs.eip, op_bytes, ctxt)) ) - goto done; - -- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 ) -+ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 ) - goto done; - _regs.eip = eip; - break; -@@ -2662,7 +2676,7 @@ x86_emulate( - if ( (rc = read_ulong(src.mem.seg, src.mem.off + src.bytes, - &sel, 2, ctxt, ops)) != 0 ) - goto done; -- if ( (rc = load_seg(dst.val, (uint16_t)sel, ctxt, ops)) != 0 ) -+ if ( (rc = load_seg(dst.val, sel, 0, ctxt, ops)) != 0 ) - goto done; - dst.val = src.val; - break; -@@ -2736,7 +2750,7 @@ x86_emulate( - &dst.val, op_bytes, ctxt, ops)) || - (rc = read_ulong(x86_seg_ss, sp_post_inc(op_bytes + offset), - &src.val, op_bytes, ctxt, ops)) || -- (rc = load_seg(x86_seg_cs, (uint16_t)src.val, ctxt, ops)) ) -+ (rc = load_seg(x86_seg_cs, src.val, 1, ctxt, ops)) ) - goto done; - _regs.eip = dst.val; - break; -@@ -2785,7 +2799,7 @@ x86_emulate( - _regs.eflags &= mask; - _regs.eflags |= (uint32_t)(eflags & ~mask) | 0x02; - _regs.eip = eip; -- if ( (rc = load_seg(x86_seg_cs, (uint16_t)cs, ctxt, ops)) != 0 ) -+ if ( (rc = load_seg(x86_seg_cs, cs, 1, ctxt, ops)) != 0 ) - goto done; - break; - } -@@ -3415,7 +3429,7 @@ x86_emulate( - generate_exception_if(mode_64bit(), EXC_UD, -1); - eip = insn_fetch_bytes(op_bytes); - sel = insn_fetch_type(uint16_t); -- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 ) -+ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 ) - goto done; - _regs.eip = eip; - break; -@@ -3714,7 +3728,7 @@ x86_emulate( - goto done; - } - -- if ( (rc = load_seg(x86_seg_cs, sel, ctxt, ops)) != 0 ) -+ if ( (rc = load_seg(x86_seg_cs, sel, 0, ctxt, ops)) != 0 ) - goto done; - _regs.eip = src.val; - -@@ -3781,7 +3795,7 @@ x86_emulate( - generate_exception_if(!in_protmode(ctxt, ops), EXC_UD, -1); - generate_exception_if(!mode_ring0(), EXC_GP, 0); - if ( (rc = load_seg((modrm_reg & 1) ? x86_seg_tr : x86_seg_ldtr, -- src.val, ctxt, ops)) != 0 ) -+ src.val, 0, ctxt, ops)) != 0 ) - goto done; - break; - diff --git a/xsa111.patch b/xsa111.patch deleted file mode 100644 index 1761316..0000000 --- a/xsa111.patch +++ /dev/null @@ -1,122 +0,0 @@ -x86: limit checks in hypercall_xlat_continuation() to actual arguments - -HVM/PVH guests can otherwise trigger the final BUG_ON() in that -function by entering 64-bit mode, setting the high halves of affected -registers to non-zero values, leaving 64-bit mode, and issuing a -hypercall that might get preempted and hence become subject to -continuation argument translation (HYPERVISOR_memory_op being the only -one possible for HVM, PVH also having the option of using -HYPERVISOR_mmuext_op). This issue got introduced when HVM code was -switched to use compat_memory_op() - neither that nor -hypercall_xlat_continuation() were originally intended to be used by -other than PV guests (which can't enter 64-bit mode and hence have no -way to alter the high halves of 64-bit registers). - -This is XSA-111. - -Signed-off-by: Jan Beulich -Reviewed-by: Tim Deegan - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -1750,7 +1750,8 @@ unsigned long hypercall_create_continuat - return op; - } - --int hypercall_xlat_continuation(unsigned int *id, unsigned int mask, ...) -+int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, -+ unsigned int mask, ...) - { - int rc = 0; - struct mc_state *mcs = ¤t->mc_state; -@@ -1759,7 +1760,10 @@ int hypercall_xlat_continuation(unsigned - unsigned long nval = 0; - va_list args; - -- BUG_ON(id && *id > 5); -+ ASSERT(nr <= ARRAY_SIZE(mcs->call.args)); -+ ASSERT(!(mask >> nr)); -+ -+ BUG_ON(id && *id >= nr); - BUG_ON(id && (mask & (1U << *id))); - - va_start(args, mask); -@@ -1772,7 +1776,7 @@ int hypercall_xlat_continuation(unsigned - return 0; - } - -- for ( i = 0; i < 6; ++i, mask >>= 1 ) -+ for ( i = 0; i < nr; ++i, mask >>= 1 ) - { - if ( mask & 1 ) - { -@@ -1800,7 +1804,7 @@ int hypercall_xlat_continuation(unsigned - else - { - regs = guest_cpu_user_regs(); -- for ( i = 0; i < 6; ++i, mask >>= 1 ) -+ for ( i = 0; i < nr; ++i, mask >>= 1 ) - { - unsigned long *reg; - ---- a/xen/arch/x86/x86_64/compat/mm.c -+++ b/xen/arch/x86/x86_64/compat/mm.c -@@ -118,7 +118,7 @@ int compat_arch_memory_op(unsigned long - break; - - if ( rc == __HYPERVISOR_memory_op ) -- hypercall_xlat_continuation(NULL, 0x2, nat, arg); -+ hypercall_xlat_continuation(NULL, 2, 0x2, nat, arg); - - XLAT_pod_target(&cmp, nat); - -@@ -354,7 +354,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE_PA - left = 1; - if ( arg1 != MMU_UPDATE_PREEMPTED ) - { -- BUG_ON(!hypercall_xlat_continuation(&left, 0x01, nat_ops, -+ BUG_ON(!hypercall_xlat_continuation(&left, 4, 0x01, nat_ops, - cmp_uops)); - if ( !test_bit(_MCSF_in_multicall, &mcs->flags) ) - regs->_ecx += count - i; -@@ -362,7 +362,7 @@ int compat_mmuext_op(XEN_GUEST_HANDLE_PA - mcs->compat_call.args[1] += count - i; - } - else -- BUG_ON(hypercall_xlat_continuation(&left, 0)); -+ BUG_ON(hypercall_xlat_continuation(&left, 4, 0)); - BUG_ON(left != arg1); - } - else ---- a/xen/common/compat/memory.c -+++ b/xen/common/compat/memory.c -@@ -282,7 +282,7 @@ int compat_memory_op(unsigned int cmd, X - break; - - cmd = 0; -- if ( hypercall_xlat_continuation(&cmd, 0x02, nat.hnd, compat) ) -+ if ( hypercall_xlat_continuation(&cmd, 2, 0x02, nat.hnd, compat) ) - { - BUG_ON(rc != __HYPERVISOR_memory_op); - BUG_ON((cmd & MEMOP_CMD_MASK) != op); ---- a/xen/include/xen/compat.h -+++ b/xen/include/xen/compat.h -@@ -195,6 +195,8 @@ static inline int name(k xen_ ## n *x, k - * This option is useful for extracting the "op" argument or similar from the - * hypercall to enable further xlat processing. - * -+ * nr: Total number of arguments the hypercall has. -+ * - * mask: Specifies which of the hypercall arguments require compat translation. - * bit 0 indicates that the 0'th argument requires translation, bit 1 indicates - * that the first argument requires translation and so on. Native and compat -@@ -214,7 +216,8 @@ static inline int name(k xen_ ## n *x, k - * - * Return: Number of arguments which were actually translated. - */ --int hypercall_xlat_continuation(unsigned int *id, unsigned int mask, ...); -+int hypercall_xlat_continuation(unsigned int *id, unsigned int nr, -+ unsigned int mask, ...); - - /* In-place translation functons: */ - struct start_info; diff --git a/xsa112.patch b/xsa112.patch deleted file mode 100644 index a3da626..0000000 --- a/xsa112.patch +++ /dev/null @@ -1,88 +0,0 @@ -x86/HVM: confine internally handled MMIO to solitary regions - -While it is generally wrong to cross region boundaries when dealing -with MMIO accesses of repeated string instructions (currently only -MOVS) as that would do things a guest doesn't expect (leaving aside -that none of these regions would normally be accessed with repeated -string instructions in the first place), this is even more of a problem -for all virtual MSI-X page accesses (both msixtbl_{read,write}() can be -made dereference NULL "entry" pointers this way) as well as undersized -(1- or 2-byte) LAPIC writes (causing vlapic_read_aligned() to access -space beyond the one memory page set up for holding LAPIC register -values). - -Since those functions validly assume to be called only with addresses -their respective checking functions indicated to be okay, it is generic -code that needs to be fixed to clip the repetition count. - -To be on the safe side (and consistent), also do the same for buffered -I/O intercepts, even if their only client (stdvga) doesn't put the -hypervisor at risk (i.e. "only" guest misbehavior would result). - -This is CVE-2014-8867 / XSA-112. - -Signed-off-by: Jan Beulich -Reviewed-by: Tim Deegan - ---- a/xen/arch/x86/hvm/intercept.c -+++ b/xen/arch/x86/hvm/intercept.c -@@ -181,11 +181,24 @@ int hvm_mmio_intercept(ioreq_t *p) - int i; - - for ( i = 0; i < HVM_MMIO_HANDLER_NR; i++ ) -- if ( hvm_mmio_handlers[i]->check_handler(v, p->addr) ) -+ { -+ hvm_mmio_check_t check_handler = -+ hvm_mmio_handlers[i]->check_handler; -+ -+ if ( check_handler(v, p->addr) ) -+ { -+ if ( unlikely(p->count > 1) && -+ !check_handler(v, unlikely(p->df) -+ ? p->addr - (p->count - 1L) * p->size -+ : p->addr + (p->count - 1L) * p->size) ) -+ p->count = 1; -+ - return hvm_mmio_access( - v, p, - hvm_mmio_handlers[i]->read_handler, - hvm_mmio_handlers[i]->write_handler); -+ } -+ } - - return X86EMUL_UNHANDLEABLE; - } -@@ -342,6 +355,13 @@ int hvm_io_intercept(ioreq_t *p, int typ - if ( type == HVM_PORTIO ) - return process_portio_intercept( - handler->hdl_list[i].action.portio, p); -+ -+ if ( unlikely(p->count > 1) && -+ (unlikely(p->df) -+ ? p->addr - (p->count - 1L) * p->size < addr -+ : p->addr + p->count * 1L * p->size - 1 >= addr + size) ) -+ p->count = 1; -+ - return handler->hdl_list[i].action.mmio(p); - } - } ---- a/xen/arch/x86/hvm/vmsi.c -+++ b/xen/arch/x86/hvm/vmsi.c -@@ -226,6 +226,8 @@ static int msixtbl_read( - rcu_read_lock(&msixtbl_rcu_lock); - - entry = msixtbl_find_entry(v, address); -+ if ( !entry ) -+ goto out; - offset = address & (PCI_MSIX_ENTRY_SIZE - 1); - - if ( offset != PCI_MSIX_ENTRY_VECTOR_CTRL_OFFSET ) -@@ -268,6 +270,8 @@ static int msixtbl_write(struct vcpu *v, - rcu_read_lock(&msixtbl_rcu_lock); - - entry = msixtbl_find_entry(v, address); -+ if ( !entry ) -+ goto out; - nr_entry = (address - entry->gtable) / PCI_MSIX_ENTRY_SIZE; - - offset = address & (PCI_MSIX_ENTRY_SIZE - 1); diff --git a/xsa113.patch b/xsa113.patch deleted file mode 100644 index adc8bba..0000000 --- a/xsa113.patch +++ /dev/null @@ -1,45 +0,0 @@ -x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE - -Any domain which can pass the XSM check against a translated guest can cause a -page reference to be leaked. - -While shuffling the order of checks, drop the quite-pointless MEM_LOG(). This -brings the check in line with similar checks in the vicinity. - -Discovered while reviewing the XSA-109/110 followup series. - -This is XSA-113. - -Signed-off-by: Andrew Cooper -Reviewed-by: Jan Beulich -Reviewed-by: Tim Deegan - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -3619,6 +3619,12 @@ long do_mmu_update( - - case MMU_MACHPHYS_UPDATE: - -+ if ( unlikely(paging_mode_translate(pg_owner)) ) -+ { -+ rc = -EINVAL; -+ break; -+ } -+ - mfn = req.ptr >> PAGE_SHIFT; - gpfn = req.val; - -@@ -3638,13 +3644,6 @@ long do_mmu_update( - break; - } - -- if ( unlikely(paging_mode_translate(pg_owner)) ) -- { -- MEM_LOG("Mach-phys update on auto-translate guest"); -- rc = -EINVAL; -- break; -- } -- - set_gpfn_from_mfn(mfn, gpfn); - - paging_mark_dirty(pg_owner, mfn); diff --git a/xsa114-4.4.patch b/xsa114-4.4.patch deleted file mode 100644 index a640747..0000000 --- a/xsa114-4.4.patch +++ /dev/null @@ -1,498 +0,0 @@ -switch to write-biased r/w locks - -This is to improve fairness: A permanent flow of read acquires can -otherwise lock out eventual writers indefinitely. - -This is XSA-114 / CVE-2014-9065. - -Signed-off-by: Keir Fraser -Reviewed-by: Jan Beulich -Reviewed-by: Andrew Cooper -Tested-by: Andrew Cooper - ---- a/xen/common/spinlock.c -+++ b/xen/common/spinlock.c -@@ -271,112 +271,151 @@ void _spin_unlock_recursive(spinlock_t * - - void _read_lock(rwlock_t *lock) - { -+ uint32_t x; -+ - check_lock(&lock->debug); -- while ( unlikely(!_raw_read_trylock(&lock->raw)) ) -- { -- while ( likely(_raw_rw_is_write_locked(&lock->raw)) ) -+ do { -+ while ( (x = lock->lock) & RW_WRITE_FLAG ) - cpu_relax(); -- } -+ } while ( cmpxchg(&lock->lock, x, x+1) != x ); - preempt_disable(); - } - - void _read_lock_irq(rwlock_t *lock) - { -+ uint32_t x; -+ - ASSERT(local_irq_is_enabled()); - local_irq_disable(); - check_lock(&lock->debug); -- while ( unlikely(!_raw_read_trylock(&lock->raw)) ) -- { -- local_irq_enable(); -- while ( likely(_raw_rw_is_write_locked(&lock->raw)) ) -- cpu_relax(); -- local_irq_disable(); -- } -+ do { -+ if ( (x = lock->lock) & RW_WRITE_FLAG ) -+ { -+ local_irq_enable(); -+ while ( (x = lock->lock) & RW_WRITE_FLAG ) -+ cpu_relax(); -+ local_irq_disable(); -+ } -+ } while ( cmpxchg(&lock->lock, x, x+1) != x ); - preempt_disable(); - } - - unsigned long _read_lock_irqsave(rwlock_t *lock) - { -+ uint32_t x; - unsigned long flags; -+ - local_irq_save(flags); - check_lock(&lock->debug); -- while ( unlikely(!_raw_read_trylock(&lock->raw)) ) -- { -- local_irq_restore(flags); -- while ( likely(_raw_rw_is_write_locked(&lock->raw)) ) -- cpu_relax(); -- local_irq_save(flags); -- } -+ do { -+ if ( (x = lock->lock) & RW_WRITE_FLAG ) -+ { -+ local_irq_restore(flags); -+ while ( (x = lock->lock) & RW_WRITE_FLAG ) -+ cpu_relax(); -+ local_irq_save(flags); -+ } -+ } while ( cmpxchg(&lock->lock, x, x+1) != x ); - preempt_disable(); - return flags; - } - - int _read_trylock(rwlock_t *lock) - { -+ uint32_t x; -+ - check_lock(&lock->debug); -- if ( !_raw_read_trylock(&lock->raw) ) -- return 0; -+ do { -+ if ( (x = lock->lock) & RW_WRITE_FLAG ) -+ return 0; -+ } while ( cmpxchg(&lock->lock, x, x+1) != x ); - preempt_disable(); - return 1; - } - - void _read_unlock(rwlock_t *lock) - { -+ uint32_t x, y; -+ - preempt_enable(); -- _raw_read_unlock(&lock->raw); -+ x = lock->lock; -+ while ( (y = cmpxchg(&lock->lock, x, x-1)) != x ) -+ x = y; - } - - void _read_unlock_irq(rwlock_t *lock) - { -- preempt_enable(); -- _raw_read_unlock(&lock->raw); -+ _read_unlock(lock); - local_irq_enable(); - } - - void _read_unlock_irqrestore(rwlock_t *lock, unsigned long flags) - { -- preempt_enable(); -- _raw_read_unlock(&lock->raw); -+ _read_unlock(lock); - local_irq_restore(flags); - } - - void _write_lock(rwlock_t *lock) - { -+ uint32_t x; -+ - check_lock(&lock->debug); -- while ( unlikely(!_raw_write_trylock(&lock->raw)) ) -- { -- while ( likely(_raw_rw_is_locked(&lock->raw)) ) -+ do { -+ while ( (x = lock->lock) & RW_WRITE_FLAG ) - cpu_relax(); -+ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x ); -+ while ( x != 0 ) -+ { -+ cpu_relax(); -+ x = lock->lock & ~RW_WRITE_FLAG; - } - preempt_disable(); - } - - void _write_lock_irq(rwlock_t *lock) - { -+ uint32_t x; -+ - ASSERT(local_irq_is_enabled()); - local_irq_disable(); - check_lock(&lock->debug); -- while ( unlikely(!_raw_write_trylock(&lock->raw)) ) -+ do { -+ if ( (x = lock->lock) & RW_WRITE_FLAG ) -+ { -+ local_irq_enable(); -+ while ( (x = lock->lock) & RW_WRITE_FLAG ) -+ cpu_relax(); -+ local_irq_disable(); -+ } -+ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x ); -+ while ( x != 0 ) - { -- local_irq_enable(); -- while ( likely(_raw_rw_is_locked(&lock->raw)) ) -- cpu_relax(); -- local_irq_disable(); -+ cpu_relax(); -+ x = lock->lock & ~RW_WRITE_FLAG; - } - preempt_disable(); - } - - unsigned long _write_lock_irqsave(rwlock_t *lock) - { -+ uint32_t x; - unsigned long flags; -+ - local_irq_save(flags); - check_lock(&lock->debug); -- while ( unlikely(!_raw_write_trylock(&lock->raw)) ) -+ do { -+ if ( (x = lock->lock) & RW_WRITE_FLAG ) -+ { -+ local_irq_restore(flags); -+ while ( (x = lock->lock) & RW_WRITE_FLAG ) -+ cpu_relax(); -+ local_irq_save(flags); -+ } -+ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x ); -+ while ( x != 0 ) - { -- local_irq_restore(flags); -- while ( likely(_raw_rw_is_locked(&lock->raw)) ) -- cpu_relax(); -- local_irq_save(flags); -+ cpu_relax(); -+ x = lock->lock & ~RW_WRITE_FLAG; - } - preempt_disable(); - return flags; -@@ -384,9 +423,13 @@ unsigned long _write_lock_irqsave(rwlock - - int _write_trylock(rwlock_t *lock) - { -+ uint32_t x; -+ - check_lock(&lock->debug); -- if ( !_raw_write_trylock(&lock->raw) ) -- return 0; -+ do { -+ if ( (x = lock->lock) != 0 ) -+ return 0; -+ } while ( cmpxchg(&lock->lock, x, x|RW_WRITE_FLAG) != x ); - preempt_disable(); - return 1; - } -@@ -394,33 +437,32 @@ int _write_trylock(rwlock_t *lock) - void _write_unlock(rwlock_t *lock) - { - preempt_enable(); -- _raw_write_unlock(&lock->raw); -+ if ( cmpxchg(&lock->lock, RW_WRITE_FLAG, 0) != RW_WRITE_FLAG ) -+ BUG(); - } - - void _write_unlock_irq(rwlock_t *lock) - { -- preempt_enable(); -- _raw_write_unlock(&lock->raw); -+ _write_unlock(lock); - local_irq_enable(); - } - - void _write_unlock_irqrestore(rwlock_t *lock, unsigned long flags) - { -- preempt_enable(); -- _raw_write_unlock(&lock->raw); -+ _write_unlock(lock); - local_irq_restore(flags); - } - - int _rw_is_locked(rwlock_t *lock) - { - check_lock(&lock->debug); -- return _raw_rw_is_locked(&lock->raw); -+ return (lock->lock != 0); /* anyone in critical section? */ - } - - int _rw_is_write_locked(rwlock_t *lock) - { - check_lock(&lock->debug); -- return _raw_rw_is_write_locked(&lock->raw); -+ return (lock->lock == RW_WRITE_FLAG); /* writer in critical section? */ - } - - #ifdef LOCK_PROFILE ---- a/xen/include/asm-arm/arm32/spinlock.h -+++ b/xen/include/asm-arm/arm32/spinlock.h -@@ -55,84 +55,6 @@ static always_inline int _raw_spin_trylo - } - } - --typedef struct { -- volatile unsigned int lock; --} raw_rwlock_t; -- --#define _RAW_RW_LOCK_UNLOCKED { 0 } -- --static always_inline int _raw_read_trylock(raw_rwlock_t *rw) --{ -- unsigned long tmp, tmp2 = 1; -- -- __asm__ __volatile__( --"1: ldrex %0, [%2]\n" --" adds %0, %0, #1\n" --" strexpl %1, %0, [%2]\n" -- : "=&r" (tmp), "+r" (tmp2) -- : "r" (&rw->lock) -- : "cc"); -- -- smp_mb(); -- return tmp2 == 0; --} -- --static always_inline int _raw_write_trylock(raw_rwlock_t *rw) --{ -- unsigned long tmp; -- -- __asm__ __volatile__( --"1: ldrex %0, [%1]\n" --" teq %0, #0\n" --" strexeq %0, %2, [%1]" -- : "=&r" (tmp) -- : "r" (&rw->lock), "r" (0x80000000) -- : "cc"); -- -- if (tmp == 0) { -- smp_mb(); -- return 1; -- } else { -- return 0; -- } --} -- --static inline void _raw_read_unlock(raw_rwlock_t *rw) --{ -- unsigned long tmp, tmp2; -- -- smp_mb(); -- -- __asm__ __volatile__( --"1: ldrex %0, [%2]\n" --" sub %0, %0, #1\n" --" strex %1, %0, [%2]\n" --" teq %1, #0\n" --" bne 1b" -- : "=&r" (tmp), "=&r" (tmp2) -- : "r" (&rw->lock) -- : "cc"); -- -- if (tmp == 0) -- dsb_sev(); --} -- --static inline void _raw_write_unlock(raw_rwlock_t *rw) --{ -- smp_mb(); -- -- __asm__ __volatile__( -- "str %1, [%0]\n" -- : -- : "r" (&rw->lock), "r" (0) -- : "cc"); -- -- dsb_sev(); --} -- --#define _raw_rw_is_locked(x) ((x)->lock != 0) --#define _raw_rw_is_write_locked(x) ((x)->lock == 0x80000000) -- - #endif /* __ASM_SPINLOCK_H */ - /* - * Local variables: ---- a/xen/include/asm-arm/arm64/spinlock.h -+++ b/xen/include/asm-arm/arm64/spinlock.h -@@ -52,69 +52,6 @@ static always_inline int _raw_spin_trylo - return !tmp; - } - --typedef struct { -- volatile unsigned int lock; --} raw_rwlock_t; -- --#define _RAW_RW_LOCK_UNLOCKED { 0 } -- --static always_inline int _raw_read_trylock(raw_rwlock_t *rw) --{ -- unsigned int tmp, tmp2 = 1; -- -- asm volatile( -- " ldaxr %w0, %2\n" -- " add %w0, %w0, #1\n" -- " tbnz %w0, #31, 1f\n" -- " stxr %w1, %w0, %2\n" -- "1:\n" -- : "=&r" (tmp), "+r" (tmp2), "+Q" (rw->lock) -- : -- : "cc", "memory"); -- -- return !tmp2; --} -- --static always_inline int _raw_write_trylock(raw_rwlock_t *rw) --{ -- unsigned int tmp; -- -- asm volatile( -- " ldaxr %w0, %1\n" -- " cbnz %w0, 1f\n" -- " stxr %w0, %w2, %1\n" -- "1:\n" -- : "=&r" (tmp), "+Q" (rw->lock) -- : "r" (0x80000000) -- : "cc", "memory"); -- -- return !tmp; --} -- --static inline void _raw_read_unlock(raw_rwlock_t *rw) --{ -- unsigned int tmp, tmp2; -- -- asm volatile( -- " 1: ldxr %w0, %2\n" -- " sub %w0, %w0, #1\n" -- " stlxr %w1, %w0, %2\n" -- " cbnz %w1, 1b\n" -- : "=&r" (tmp), "=&r" (tmp2), "+Q" (rw->lock) -- : -- : "cc", "memory"); --} -- --static inline void _raw_write_unlock(raw_rwlock_t *rw) --{ -- asm volatile( -- " stlr %w1, %0\n" -- : "=Q" (rw->lock) : "r" (0) : "memory"); --} -- --#define _raw_rw_is_locked(x) ((x)->lock != 0) --#define _raw_rw_is_write_locked(x) ((x)->lock == 0x80000000) -- - #endif /* __ASM_SPINLOCK_H */ - /* - * Local variables: ---- a/xen/include/asm-x86/spinlock.h -+++ b/xen/include/asm-x86/spinlock.h -@@ -31,58 +31,4 @@ static always_inline int _raw_spin_trylo - return (oldval > 0); - } - --typedef struct { -- volatile int lock; --} raw_rwlock_t; -- --#define RW_WRITE_BIAS 0x7fffffff --#define _RAW_RW_LOCK_UNLOCKED /*(raw_rwlock_t)*/ { 0 } -- --static always_inline int _raw_read_trylock(raw_rwlock_t *rw) --{ -- int acquired; -- -- asm volatile ( -- " lock; decl %0 \n" -- " jns 2f \n" --#ifdef __clang__ /* clang's builtin assember can't do .subsection */ -- "1: .pushsection .fixup,\"ax\"\n" --#else -- "1: .subsection 1 \n" --#endif -- "2: lock; incl %0 \n" -- " decl %1 \n" -- " jmp 1b \n" --#ifdef __clang__ -- " .popsection \n" --#else -- " .subsection 0 \n" --#endif -- : "=m" (rw->lock), "=r" (acquired) : "1" (1) : "memory" ); -- -- return acquired; --} -- --static always_inline int _raw_write_trylock(raw_rwlock_t *rw) --{ -- return (cmpxchg(&rw->lock, 0, RW_WRITE_BIAS) == 0); --} -- --static always_inline void _raw_read_unlock(raw_rwlock_t *rw) --{ -- asm volatile ( -- "lock ; incl %0" -- : "=m" ((rw)->lock) : : "memory" ); --} -- --static always_inline void _raw_write_unlock(raw_rwlock_t *rw) --{ -- asm volatile ( -- "lock ; subl %1,%0" -- : "=m" ((rw)->lock) : "i" (RW_WRITE_BIAS) : "memory" ); --} -- --#define _raw_rw_is_locked(x) ((x)->lock != 0) --#define _raw_rw_is_write_locked(x) ((x)->lock > 0) -- - #endif /* __ASM_SPINLOCK_H */ ---- a/xen/include/xen/spinlock.h -+++ b/xen/include/xen/spinlock.h -@@ -141,11 +141,13 @@ typedef struct spinlock { - #define spin_lock_init(l) (*(l) = (spinlock_t)SPIN_LOCK_UNLOCKED) - - typedef struct { -- raw_rwlock_t raw; -+ volatile uint32_t lock; - struct lock_debug debug; - } rwlock_t; - --#define RW_LOCK_UNLOCKED { _RAW_RW_LOCK_UNLOCKED, _LOCK_DEBUG } -+#define RW_WRITE_FLAG (1u<<31) -+ -+#define RW_LOCK_UNLOCKED { 0, _LOCK_DEBUG } - #define DEFINE_RWLOCK(l) rwlock_t l = RW_LOCK_UNLOCKED - #define rwlock_init(l) (*(l) = (rwlock_t)RW_LOCK_UNLOCKED) - diff --git a/xsa116.patch b/xsa116.patch deleted file mode 100644 index 816a9bd..0000000 --- a/xsa116.patch +++ /dev/null @@ -1,33 +0,0 @@ -x86/HVM: prevent use-after-free when destroying a domain - -hvm_domain_relinquish_resources() can free certain domain resources -which can still be accessed, e.g. by HVMOP_set_param, while the domain -is being cleaned up. - -Signed-off-by: Mihai Donțu -Tested-by: Răzvan Cojocaru -Reviewed-by: Andrew Cooper -Reviewed-by: Jan Beulich - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -1487,9 +1487,6 @@ int hvm_domain_initialise(struct domain - - void hvm_domain_relinquish_resources(struct domain *d) - { -- xfree(d->arch.hvm_domain.io_handler); -- xfree(d->arch.hvm_domain.params); -- - if ( is_pvh_domain(d) ) - return; - -@@ -1511,6 +1508,9 @@ void hvm_domain_relinquish_resources(str - - void hvm_domain_destroy(struct domain *d) - { -+ xfree(d->arch.hvm_domain.io_handler); -+ xfree(d->arch.hvm_domain.params); -+ - hvm_destroy_cacheattr_region_list(d); - - if ( is_pvh_domain(d) ) diff --git a/xsa118-4.5-unstable-1.patch b/xsa118-4.5-unstable-1.patch new file mode 100644 index 0000000..a714c83 --- /dev/null +++ b/xsa118-4.5-unstable-1.patch @@ -0,0 +1,253 @@ +From e698f4ab05a710e4463317ea978d426d43107e27 Mon Sep 17 00:00:00 2001 +From: Julien Grall +Date: Mon, 19 Jan 2015 14:01:09 +0000 +Subject: [PATCH 1/2] xen/arm: vgic-v3: message in the emulation code should be + rate-limited + +printk by default is not rate-limited by default. Therefore a malicious guest +may be able to flood the Xen console. + +If we use gdprintk, unnecessary information will be printed such as the +filename and the line. Instead use XENLOG_G_{ERR,DEBUG} combine with %pv. + +Also remove the vGICv3 prefix which is not neccessary and update some +message which were wrong. + +Signed-off-by: Julien Grall +--- + xen/arch/arm/vgic-v3.c | 109 +++++++++++++++++++++++++++---------------------- + 1 file changed, 61 insertions(+), 48 deletions(-) + +diff --git a/xen/arch/arm/vgic-v3.c b/xen/arch/arm/vgic-v3.c +index ae4482c..bece189 100644 +--- a/xen/arch/arm/vgic-v3.c ++++ b/xen/arch/arm/vgic-v3.c +@@ -168,13 +168,14 @@ static int __vgic_v3_rdistr_rd_mmio_read(struct vcpu *v, mmio_info_t *info, + /* Reserved0 */ + goto read_as_zero; + default: +- printk("vGICv3: vGICR: read r%d offset %#08x\n not found", +- dabt.reg, gicr_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICR: read r%d offset %#08x\n not found", ++ v, dabt.reg, gicr_reg); + return 0; + } + bad_width: +- printk("vGICv3: vGICR: bad read width %d r%d offset %#08x\n", +- dabt.size, dabt.reg, gicr_reg); ++ printk(XENLOG_G_ERR "%pv vGICR: bad read width %d r%d offset %#08x\n", ++ v, dabt.size, dabt.reg, gicr_reg); + domain_crash_synchronous(); + return 0; + +@@ -244,12 +245,14 @@ static int __vgic_v3_rdistr_rd_mmio_write(struct vcpu *v, mmio_info_t *info, + /* RO */ + goto write_ignore; + default: +- printk("vGICR: write r%d offset %#08x\n not found", dabt.reg, gicr_reg); ++ printk(XENLOG_G_ERR "%pv: vGICR: write r%d offset %#08x\n not found", ++ v, dabt.reg, gicr_reg); + return 0; + } + bad_width: +- printk("vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n", +- dabt.size, dabt.reg, *r, gicr_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n", ++ v, dabt.size, dabt.reg, *r, gicr_reg); + domain_crash_synchronous(); + return 0; + +@@ -345,15 +348,16 @@ static int __vgic_v3_distr_common_mmio_read(struct vcpu *v, mmio_info_t *info, + vgic_unlock_rank(v, rank, flags); + return 1; + default: +- printk("vGICv3: vGICD/vGICR: unhandled read r%d offset %#08x\n", +- dabt.reg, reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD/vGICR: unhandled read r%d offset %#08x\n", ++ v, dabt.reg, reg); + return 0; + } + + bad_width: +- dprintk(XENLOG_ERR, +- "vGICv3: vGICD/vGICR: bad read width %d r%d offset %#08x\n", +- dabt.size, dabt.reg, reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD/vGICR: bad read width %d r%d offset %#08x\n", ++ v, dabt.size, dabt.reg, reg); + domain_crash_synchronous(); + return 0; + +@@ -458,15 +462,16 @@ static int __vgic_v3_distr_common_mmio_write(struct vcpu *v, mmio_info_t *info, + vgic_unlock_rank(v, rank, flags); + return 1; + default: +- printk("vGICv3: vGICD/vGICR: unhandled write r%d " +- "=%"PRIregister" offset %#08x\n", dabt.reg, *r, reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD/vGICR: unhandled write r%d=%"PRIregister" offset %#08x\n", ++ v, dabt.reg, *r, reg); + return 0; + } + + bad_width: +- dprintk(XENLOG_ERR, +- "vGICv3: vGICD/vGICR: bad write width %d r%d=%"PRIregister" " +- "offset %#08x\n", dabt.size, dabt.reg, *r, reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD/vGICR: bad write width %d r%d=%"PRIregister" offset %#08x\n", ++ v, dabt.size, dabt.reg, *r, reg); + domain_crash_synchronous(); + return 0; + +@@ -521,13 +526,14 @@ static int vgic_v3_rdistr_sgi_mmio_read(struct vcpu *v, mmio_info_t *info, + if ( dabt.size != DABT_WORD ) goto bad_width; + return 1; + default: +- printk("vGICv3: vGICR: read r%d offset %#08x\n not found", +- dabt.reg, gicr_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICR: SGI: read r%d offset %#08x\n not found", ++ v, dabt.reg, gicr_reg); + return 0; + } + bad_width: +- printk("vGICv3: vGICR: bad read width %d r%d offset %#08x\n", +- dabt.size, dabt.reg, gicr_reg); ++ printk(XENLOG_G_ERR "%pv: vGICR: SGI: bad read width %d r%d offset %#08x\n", ++ v, dabt.size, dabt.reg, gicr_reg); + domain_crash_synchronous(); + return 0; + +@@ -585,14 +591,16 @@ static int vgic_v3_rdistr_sgi_mmio_write(struct vcpu *v, mmio_info_t *info, + /* We do not implement security extensions for guests, write ignore */ + goto write_ignore; + default: +- printk("vGICv3: vGICR SGI: write r%d offset %#08x\n not found", +- dabt.reg, gicr_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICR: SGI: write r%d offset %#08x\n not found", ++ v, dabt.reg, gicr_reg); + return 0; + } + + bad_width: +- printk("vGICR SGI: bad write width %d r%d=%"PRIregister" offset %#08x\n", +- dabt.size, dabt.reg, *r, gicr_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICR: SGI: bad write width %d r%d=%"PRIregister" offset %#08x\n", ++ v, dabt.size, dabt.reg, *r, gicr_reg); + domain_crash_synchronous(); + return 0; + +@@ -618,9 +626,9 @@ static int vgic_v3_rdistr_mmio_read(struct vcpu *v, mmio_info_t *info) + else if ( (offset >= SZ_64K) && (offset < 2 * SZ_64K) ) + return vgic_v3_rdistr_sgi_mmio_read(v, info, (offset - SZ_64K)); + else +- gdprintk(XENLOG_WARNING, +- "vGICv3: vGICR: unknown gpa read address %"PRIpaddr"\n", +- info->gpa); ++ printk(XENLOG_G_WARNING ++ "%pv: vGICR: unknown gpa read address %"PRIpaddr"\n", ++ v, info->gpa); + + return 0; + } +@@ -642,9 +650,9 @@ static int vgic_v3_rdistr_mmio_write(struct vcpu *v, mmio_info_t *info) + else if ( (offset >= SZ_64K) && (offset < 2 * SZ_64K) ) + return vgic_v3_rdistr_sgi_mmio_write(v, info, (offset - SZ_64K)); + else +- gdprintk(XENLOG_WARNING, +- "vGICV3: vGICR: unknown gpa write address %"PRIpaddr"\n", +- info->gpa); ++ printk(XENLOG_G_WARNING ++ "%pv: vGICR: unknown gpa write address %"PRIpaddr"\n", ++ v, info->gpa); + + return 0; + } +@@ -770,18 +778,19 @@ static int vgic_v3_distr_mmio_read(struct vcpu *v, mmio_info_t *info) + case 0xf30 ... 0x5fcc: + case 0x8000 ... 0xbfcc: + /* These are reserved register addresses */ +- printk("vGICv3: vGICD: read unknown 0x00c .. 0xfcc r%d offset %#08x\n", +- dabt.reg, gicd_reg); ++ printk(XENLOG_G_DEBUG ++ "%pv: vGICD: RAZ on reserved register offset %#08x\n", ++ v, gicd_reg); + goto read_as_zero; + default: +- printk("vGICv3: vGICD: unhandled read r%d offset %#08x\n", +- dabt.reg, gicd_reg); ++ printk(XENLOG_G_ERR "%pv: vGICD: unhandled read r%d offset %#08x\n", ++ v, dabt.reg, gicd_reg); + return 0; + } + + bad_width: +- dprintk(XENLOG_ERR, "vGICv3: vGICD: bad read width %d r%d offset %#08x\n", +- dabt.size, dabt.reg, gicd_reg); ++ printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n", ++ v, dabt.size, dabt.reg, gicd_reg); + domain_crash_synchronous(); + return 0; + +@@ -840,8 +849,9 @@ static int vgic_v3_distr_mmio_write(struct vcpu *v, mmio_info_t *info) + case 0x020 ... 0x03c: + case 0xc000 ... 0xffcc: + /* Implementation defined -- write ignored */ +- printk("vGICv3: vGICD: write unknown 0x020 - 0x03c r%d offset %#08x\n", +- dabt.reg, gicd_reg); ++ printk(XENLOG_G_DEBUG ++ "%pv: vGICD: WI on implementation defined register offset %#08x\n", ++ v, gicd_reg); + goto write_ignore; + case GICD_IGROUPR ... GICD_IGROUPRN: + case GICD_ISENABLER ... GICD_ISENABLERN: +@@ -885,8 +895,9 @@ static int vgic_v3_distr_mmio_write(struct vcpu *v, mmio_info_t *info) + new_target = new_irouter & MPIDR_AFF0_MASK; + if ( new_target >= v->domain->max_vcpus ) + { +- printk("vGICv3: vGICD: wrong irouter at offset %#08x\n val 0x%lx vcpu %x", +- gicd_reg, new_target, v->domain->max_vcpus); ++ printk(XENLOG_G_DEBUG ++ "%pv: vGICD: wrong irouter at offset %#08x\n val 0x%lx vcpu %x", ++ v, gicd_reg, new_target, v->domain->max_vcpus); + vgic_unlock_rank(v, rank, flags); + return 0; + } +@@ -926,19 +937,21 @@ static int vgic_v3_distr_mmio_write(struct vcpu *v, mmio_info_t *info) + case 0xf30 ... 0x5fcc: + case 0x8000 ... 0xbfcc: + /* Reserved register addresses */ +- printk("vGICv3: vGICD: write unknown 0x00c 0xfcc r%d offset %#08x\n", +- dabt.reg, gicd_reg); ++ printk(XENLOG_G_DEBUG ++ "%pv: vGICD: write unknown 0x00c 0xfcc r%d offset %#08x\n", ++ v, dabt.reg, gicd_reg); + goto write_ignore; + default: +- printk("vGICv3: vGICD: unhandled write r%d=%"PRIregister" " +- "offset %#08x\n", dabt.reg, *r, gicd_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n", ++ v, dabt.reg, *r, gicd_reg); + return 0; + } + + bad_width: +- dprintk(XENLOG_ERR, +- "VGICv3: vGICD: bad write width %d r%d=%"PRIregister" " +- "offset %#08x\n", dabt.size, dabt.reg, *r, gicd_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n", ++ v, dabt.size, dabt.reg, *r, gicd_reg); + domain_crash_synchronous(); + return 0; + +-- +2.1.4 + diff --git a/xsa118-4.5-unstable-2.patch b/xsa118-4.5-unstable-2.patch new file mode 100644 index 0000000..621b739 --- /dev/null +++ b/xsa118-4.5-unstable-2.patch @@ -0,0 +1,115 @@ +From e8fa469595e29b2dbe6dde3a77ee2ea2d9e93283 Mon Sep 17 00:00:00 2001 +From: Julien Grall +Date: Mon, 19 Jan 2015 12:59:42 +0000 +Subject: [PATCH 2/2] xen/arm: vgic-v2: message in the emulation code should be + rate-limited + +printk is not rated-limited by default. Therefore a malicious guest may +be able to flood the Xen console. + +If we use gdprintk, unecessary information will be printed such as the +filename and the line. Instead use XENLOG_G_ERR combine with %pv. + +Signed-off-by: Julien Grall +--- + xen/arch/arm/vgic-v2.c | 40 +++++++++++++++++++++++----------------- + 1 file changed, 23 insertions(+), 17 deletions(-) + +diff --git a/xen/arch/arm/vgic-v2.c b/xen/arch/arm/vgic-v2.c +index 9dc9a20..3b87f54 100644 +--- a/xen/arch/arm/vgic-v2.c ++++ b/xen/arch/arm/vgic-v2.c +@@ -198,7 +198,7 @@ static int vgic_v2_distr_mmio_read(struct vcpu *v, mmio_info_t *info) + + case GICD_ICPIDR2: + if ( dabt.size != DABT_WORD ) goto bad_width; +- printk("vGICD: unhandled read from ICPIDR2\n"); ++ printk(XENLOG_G_ERR "%pv: vGICD: unhandled read from ICPIDR2\n", v); + return 0; + + /* Implementation defined -- read as zero */ +@@ -215,14 +215,14 @@ static int vgic_v2_distr_mmio_read(struct vcpu *v, mmio_info_t *info) + goto read_as_zero; + + default: +- printk("vGICD: unhandled read r%d offset %#08x\n", +- dabt.reg, gicd_reg); ++ printk(XENLOG_G_ERR "%pv: vGICD: unhandled read r%d offset %#08x\n", ++ v, dabt.reg, gicd_reg); + return 0; + } + + bad_width: +- printk("vGICD: bad read width %d r%d offset %#08x\n", +- dabt.size, dabt.reg, gicd_reg); ++ printk(XENLOG_G_ERR "%pv: vGICD: bad read width %d r%d offset %#08x\n", ++ v, dabt.size, dabt.reg, gicd_reg); + domain_crash_synchronous(); + return 0; + +@@ -331,14 +331,16 @@ static int vgic_v2_distr_mmio_write(struct vcpu *v, mmio_info_t *info) + + case GICD_ISPENDR ... GICD_ISPENDRN: + if ( dabt.size != DABT_BYTE && dabt.size != DABT_WORD ) goto bad_width; +- printk("vGICD: unhandled %s write %#"PRIregister" to ISPENDR%d\n", +- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ISPENDR); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD: unhandled %s write %#"PRIregister" to ISPENDR%d\n", ++ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ISPENDR); + return 0; + + case GICD_ICPENDR ... GICD_ICPENDRN: + if ( dabt.size != DABT_BYTE && dabt.size != DABT_WORD ) goto bad_width; +- printk("vGICD: unhandled %s write %#"PRIregister" to ICPENDR%d\n", +- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ICPENDR); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD: unhandled %s write %#"PRIregister" to ICPENDR%d\n", ++ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_ICPENDR); + return 0; + + case GICD_ISACTIVER ... GICD_ISACTIVERN: +@@ -457,14 +459,16 @@ static int vgic_v2_distr_mmio_write(struct vcpu *v, mmio_info_t *info) + + case GICD_CPENDSGIR ... GICD_CPENDSGIRN: + if ( dabt.size != DABT_BYTE && dabt.size != DABT_WORD ) goto bad_width; +- printk("vGICD: unhandled %s write %#"PRIregister" to ICPENDSGIR%d\n", +- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_CPENDSGIR); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD: unhandled %s write %#"PRIregister" to ICPENDSGIR%d\n", ++ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_CPENDSGIR); + return 0; + + case GICD_SPENDSGIR ... GICD_SPENDSGIRN: + if ( dabt.size != DABT_BYTE && dabt.size != DABT_WORD ) goto bad_width; +- printk("vGICD: unhandled %s write %#"PRIregister" to ISPENDSGIR%d\n", +- dabt.size ? "word" : "byte", *r, gicd_reg - GICD_SPENDSGIR); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD: unhandled %s write %#"PRIregister" to ISPENDSGIR%d\n", ++ v, dabt.size ? "word" : "byte", *r, gicd_reg - GICD_SPENDSGIR); + return 0; + + /* Implementation defined -- write ignored */ +@@ -489,14 +493,16 @@ static int vgic_v2_distr_mmio_write(struct vcpu *v, mmio_info_t *info) + goto write_ignore; + + default: +- printk("vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n", +- dabt.reg, *r, gicd_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD: unhandled write r%d=%"PRIregister" offset %#08x\n", ++ v, dabt.reg, *r, gicd_reg); + return 0; + } + + bad_width: +- printk("vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n", +- dabt.size, dabt.reg, *r, gicd_reg); ++ printk(XENLOG_G_ERR ++ "%pv: vGICD: bad write width %d r%d=%"PRIregister" offset %#08x\n", ++ v, dabt.size, dabt.reg, *r, gicd_reg); + domain_crash_synchronous(); + return 0; + +-- +2.1.4 +