Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: x...@packages.debian.org, m...@daemonizer.de, t...@security.debian.org Control: affects -1 + src:xen
Please approve an upload of xen to unstable and later unblock package xen. See the "Other info" section below on why this is a pre-approval request. [ Reason ] Xen in bookworm (and unstable) is currently affected by CVE-2022-42331, CVE-2022-42332, CVE-2022-42333 and CVE-2022-42334 (see #1033297). [ Impact ] The above mentioned CVEs are not fixed. [ Tests ] The Debian package is based only on upstream commits that have passed the upstream automated tests. The Debian package has been successfully tested by the xen packaging team on their test machines. [ Risks ] There could be upstream changes unrelated to the above mentioned security fixes that cause regressions. However upstream has an automated testing machinery (osstest) that only allows a commit in the upstream stable branch if all test pass. [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] This security fix is based on the latest upstream stable-4.17 branch. The branch in general only accepts bug fixes and does not allow new features, so the changes there are mainly security and other bug fixes. This does not exactly follow the "only targeted fixes" release policy, so we are asking for a pre-approval. The package we have prepared is exactly what we would have done as a security update in a stable release, what we have historically done together with the security team and are planning to continue to do. As upstream does extensive automated testing on their stable branches chances for unnoticed regressions are low. We believe this way the risk for bugs is lower than trying to manually pick and adjust patches without all the deep knowledge that upstream has. This approach is similar to what the linux package is doing. unblock xen/4.17.0+74-g3eac216e6e-1 Thanks
diff -Nru xen-4.17.0+46-gaaf74a532c/debian/changelog xen-4.17.0+74-g3eac216e6e/debian/changelog
--- xen-4.17.0+46-gaaf74a532c/debian/changelog 2023-02-24 18:06:42.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/debian/changelog 2023-03-23 22:22:48.000000000 +0100
@@ -1,3 +1,16 @@
+xen (4.17.0+74-g3eac216e6e-1) unstable; urgency=medium
+
+ * Update to new upstream version 4.17.0+74-g3eac216e6e, which also contains
+ security fixes for the following issues: (Closes: #1033297)
+ - x86 shadow plus log-dirty mode use-after-free
+ XSA-427 CVE-2022-42332
+ - x86/HVM pinned cache attributes mis-handling
+ XSA-428 CVE-2022-42333 CVE-2022-42334
+ - x86: speculative vulnerability in 32bit SYSCALL path
+ XSA-429 CVE-2022-42331
+
+ -- Maximilian Engelhardt <m...@daemonizer.de> Thu, 23 Mar 2023 22:22:48 +0100
+
xen (4.17.0+46-gaaf74a532c-1) unstable; urgency=medium
* Update to new upstream version 4.17.0+46-gaaf74a532c, which also contains
diff -Nru xen-4.17.0+46-gaaf74a532c/docs/misc/xen-command-line.pandoc xen-4.17.0+74-g3eac216e6e/docs/misc/xen-command-line.pandoc
--- xen-4.17.0+46-gaaf74a532c/docs/misc/xen-command-line.pandoc 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/docs/misc/xen-command-line.pandoc 2023-03-21 13:47:52.000000000 +0100
@@ -287,10 +287,15 @@
protection.
The option is available when `CONFIG_XEN_SHSTK` is compiled in, and
- defaults to `true` on hardware supporting CET-SS. Specifying
+ generally defaults to `true` on hardware supporting CET-SS. Specifying
`cet=no-shstk` will cause Xen not to use Shadow Stacks even when support
is available in hardware.
+ Some hardware suffers from an issue known as Supervisor Shadow Stack
+ Fracturing. On such hardware, Xen will default to not using Shadow Stacks
+ when virtualised. Specifying `cet=shstk` will override this heuristic and
+ enable Shadow Stacks unilaterally.
+
* The `ibt=` boolean controls whether Xen uses Indirect Branch Tracking for
its own protection.
@@ -721,6 +726,11 @@
* `all`: just one runqueue shared by all the logical pCPUs of
the host
+Regardless of the above choice, Xen attempts to respect
+`sched_credit2_max_cpus_runqueue` limit, which may mean more than one runqueue
+for the `all` value. If that isn't intended, raise
+the `sched_credit2_max_cpus_runqueue` value.
+
### dbgp
> `= ehci[ <integer> | @pci<bus>:<slot>.<func> ]`
> `= xhci[ <integer> | @pci<bus>:<slot>.<func> ][,share=<bool>|hwdom]`
@@ -2624,6 +2634,17 @@
<major>, <minor> and <build> must be integers. The values will be
encoded in guest CPUID 0x40000002 if viridian enlightenments are enabled.
+### vm-notify-window (Intel)
+> `= <integer>`
+
+> Default: `0`
+
+Specify the value of the VM Notify window used to detect locked VMs. Set to -1
+to disable the feature. Value is in units of crystal clock cycles.
+
+Note the hardware might add a threshold to the provided value in order to make
+it safe, and hence using 0 is fine.
+
### vpid (Intel)
> `= <boolean>`
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/libacpi/mk_dsdt.c xen-4.17.0+74-g3eac216e6e/tools/libacpi/mk_dsdt.c
--- xen-4.17.0+46-gaaf74a532c/tools/libacpi/mk_dsdt.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/libacpi/mk_dsdt.c 2023-03-21 13:47:52.000000000 +0100
@@ -431,7 +431,7 @@
stmt("Store", "0x89, \\_GPE.DPT2");
}
if ( slot & 1 )
- stmt("ShiftRight", "0x4, \\_GPE.PH%02X, Local1", slot & ~1);
+ stmt("ShiftRight", "\\_GPE.PH%02X, 0x04, Local1", slot & ~1);
else
stmt("And", "\\_GPE.PH%02X, 0x0f, Local1", slot & ~1);
stmt("Return", "Local1"); /* IN status as the _STA */
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/libs/ctrl/Makefile xen-4.17.0+74-g3eac216e6e/tools/libs/ctrl/Makefile
--- xen-4.17.0+46-gaaf74a532c/tools/libs/ctrl/Makefile 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/libs/ctrl/Makefile 2023-03-21 13:47:52.000000000 +0100
@@ -4,7 +4,7 @@
include Makefile.common
LIBHEADER := xenctrl.h xenctrl_compat.h
-PKG_CONFIG := xencontrol.pc
+PKG_CONFIG_FILE := xencontrol.pc
PKG_CONFIG_NAME := Xencontrol
NO_HEADERS_CHK := y
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/libs/guest/xg_core_x86.c xen-4.17.0+74-g3eac216e6e/tools/libs/guest/xg_core_x86.c
--- xen-4.17.0+46-gaaf74a532c/tools/libs/guest/xg_core_x86.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/libs/guest/xg_core_x86.c 2023-03-21 13:47:52.000000000 +0100
@@ -229,11 +229,11 @@
uint32_t dom, shared_info_any_t *live_shinfo)
{
/* Double and single indirect references to the live P2M table */
- xen_pfn_t *live_p2m_frame_list_list;
+ xen_pfn_t *live_p2m_frame_list_list = NULL;
xen_pfn_t *live_p2m_frame_list = NULL;
/* Copies of the above. */
xen_pfn_t *p2m_frame_list_list = NULL;
- xen_pfn_t *p2m_frame_list;
+ xen_pfn_t *p2m_frame_list = NULL;
int err;
int i;
@@ -297,8 +297,6 @@
dinfo->p2m_frames = P2M_FL_ENTRIES;
- return p2m_frame_list;
-
out:
err = errno;
@@ -312,7 +310,7 @@
errno = err;
- return NULL;
+ return p2m_frame_list;
}
static int
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/libs/guest/xg_offline_page.c xen-4.17.0+74-g3eac216e6e/tools/libs/guest/xg_offline_page.c
--- xen-4.17.0+46-gaaf74a532c/tools/libs/guest/xg_offline_page.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/libs/guest/xg_offline_page.c 2023-03-21 13:47:52.000000000 +0100
@@ -181,10 +181,16 @@
if (backup->max == backup->cur)
{
- backup->entries = realloc(backup->entries,
- backup->max * 2 * sizeof(struct pte_backup_entry));
+ void *orig = backup->entries;
+
+ backup->entries = realloc(
+ orig, backup->max * 2 * sizeof(struct pte_backup_entry));
+
if (backup->entries == NULL)
+ {
+ free(orig);
return -1;
+ }
else
backup->max *= 2;
}
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/libs/libs.mk xen-4.17.0+74-g3eac216e6e/tools/libs/libs.mk
--- xen-4.17.0+46-gaaf74a532c/tools/libs/libs.mk 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/libs/libs.mk 2023-03-21 13:47:52.000000000 +0100
@@ -1,7 +1,7 @@
# Common Makefile for building a lib.
#
# Variables taken as input:
-# PKG_CONFIG: name of pkg-config file (xen$(LIBNAME).pc if empty)
+# PKG_CONFIG_FILE: name of pkg-config file (xen$(LIBNAME).pc if empty)
# MAJOR: major version of lib (Xen version if empty)
# MINOR: minor version of lib (0 if empty)
@@ -26,7 +26,7 @@
TARGETS += lib$(LIB_FILE_NAME).so
endif
-PKG_CONFIG ?= $(LIB_FILE_NAME).pc
+PKG_CONFIG_FILE ?= $(LIB_FILE_NAME).pc
PKG_CONFIG_NAME ?= Xen$(LIBNAME)
PKG_CONFIG_DESC ?= The $(PKG_CONFIG_NAME) library for Xen hypervisor
PKG_CONFIG_VERSION := $(MAJOR).$(MINOR)
@@ -35,13 +35,13 @@
PKG_CONFIG_REQPRIV := $(subst $(space),$(comma),$(strip $(foreach lib,$(patsubst ctrl,control,$(USELIBS_$(LIBNAME))),xen$(lib))))
ifneq ($(CONFIG_LIBXC_MINIOS),y)
-TARGETS += $(PKG_CONFIG)
-$(PKG_CONFIG): PKG_CONFIG_PREFIX = $(prefix)
-$(PKG_CONFIG): PKG_CONFIG_INCDIR = $(includedir)
-$(PKG_CONFIG): PKG_CONFIG_LIBDIR = $(libdir)
+TARGETS += $(PKG_CONFIG_FILE)
+$(PKG_CONFIG_FILE): PKG_CONFIG_PREFIX = $(prefix)
+$(PKG_CONFIG_FILE): PKG_CONFIG_INCDIR = $(includedir)
+$(PKG_CONFIG_FILE): PKG_CONFIG_LIBDIR = $(libdir)
endif
-PKG_CONFIG_LOCAL := $(PKG_CONFIG_DIR)/$(PKG_CONFIG)
+PKG_CONFIG_LOCAL := $(PKG_CONFIG_DIR)/$(PKG_CONFIG_FILE)
LIBHEADER ?= $(LIB_FILE_NAME).h
LIBHEADERS = $(foreach h, $(LIBHEADER), $(XEN_INCLUDE)/$(h))
@@ -103,7 +103,7 @@
$(SYMLINK_SHLIB) lib$(LIB_FILE_NAME).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/lib$(LIB_FILE_NAME).so.$(MAJOR)
$(SYMLINK_SHLIB) lib$(LIB_FILE_NAME).so.$(MAJOR) $(DESTDIR)$(libdir)/lib$(LIB_FILE_NAME).so
for i in $(LIBHEADERS); do $(INSTALL_DATA) $$i $(DESTDIR)$(includedir); done
- $(INSTALL_DATA) $(PKG_CONFIG) $(DESTDIR)$(PKG_INSTALLDIR)
+ $(INSTALL_DATA) $(PKG_CONFIG_FILE) $(DESTDIR)$(PKG_INSTALLDIR)
.PHONY: uninstall
uninstall::
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/libs/light/libxl_cpuid.c xen-4.17.0+74-g3eac216e6e/tools/libs/light/libxl_cpuid.c
--- xen-4.17.0+46-gaaf74a532c/tools/libs/light/libxl_cpuid.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/libs/light/libxl_cpuid.c 2023-03-21 13:47:52.000000000 +0100
@@ -235,7 +235,12 @@
{"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1},
{"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1},
+ {"cet-sss", 0x00000007, 1, CPUID_REG_EDX, 18, 1},
+
{"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1},
+ {"ipred-ctrl", 0x00000007, 2, CPUID_REG_EDX, 1, 1},
+ {"rrsba-ctrl", 0x00000007, 2, CPUID_REG_EDX, 2, 1},
+ {"bhi-ctrl", 0x00000007, 2, CPUID_REG_EDX, 4, 1},
{"mcdt-no", 0x00000007, 2, CPUID_REG_EDX, 5, 1},
{"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1},
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/libs/util/Makefile xen-4.17.0+74-g3eac216e6e/tools/libs/util/Makefile
--- xen-4.17.0+46-gaaf74a532c/tools/libs/util/Makefile 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/libs/util/Makefile 2023-03-21 13:47:52.000000000 +0100
@@ -40,6 +40,14 @@
$(OBJS-y) $(PIC_OBJS): $(AUTOINCS)
+# Adding the .c conterparts of the headers generated by flex/bison as
+# prerequisite of all objects.
+# This is to tell make that if only the .c file is out-of-date but not the
+# header, it should still wait for the .c file to be rebuilt.
+# Otherwise, make doesn't considered "%.c %.h" as grouped targets, and will run
+# the flex/bison rules in parallel of CC rules which only need the header.
+$(OBJS-y) $(PIC_OBJS): libxlu_cfg_l.c libxlu_cfg_y.c libxlu_disk_l.c
+
%.c %.h:: %.y
@rm -f $*.[ch]
$(BISON) --output=$*.c $<
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/misc/xen-cpuid.c xen-4.17.0+74-g3eac216e6e/tools/misc/xen-cpuid.c
--- xen-4.17.0+46-gaaf74a532c/tools/misc/xen-cpuid.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/misc/xen-cpuid.c 2023-03-21 13:47:52.000000000 +0100
@@ -202,11 +202,20 @@
[ 0] = "ppin",
};
-static const char *const str_7d2[32] =
+static const char *const str_7c1[32] =
{
- [ 0] = "intel-psfd",
+};
- /* 4 */ [ 5] = "mcdt-no",
+static const char *const str_7d1[32] =
+{
+ [18] = "cet-sss",
+};
+
+static const char *const str_7d2[32] =
+{
+ [ 0] = "intel-psfd", [ 1] = "ipred-ctrl",
+ [ 2] = "rrsba-ctrl",
+ [ 4] = "bhi-ctrl", [ 5] = "mcdt-no",
};
static const struct {
@@ -229,6 +238,8 @@
{ "0x80000021.eax", "e21a", str_e21a },
{ "0x00000007:1.ebx", "7b1", str_7b1 },
{ "0x00000007:2.edx", "7d2", str_7d2 },
+ { "0x00000007:1.ecx", "7c1", str_7c1 },
+ { "0x00000007:1.edx", "7d1", str_7d1 },
};
#define COL_ALIGN "18"
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/python/xen/lowlevel/xc/xc.c xen-4.17.0+74-g3eac216e6e/tools/python/xen/lowlevel/xc/xc.c
--- xen-4.17.0+46-gaaf74a532c/tools/python/xen/lowlevel/xc/xc.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/python/xen/lowlevel/xc/xc.c 2023-03-21 13:47:52.000000000 +0100
@@ -4,6 +4,7 @@
* Copyright (c) 2003-2004, K A Fraser (University of Cambridge)
*/
+#define PY_SSIZE_T_CLEAN
#include <Python.h>
#define XC_WANT_COMPAT_MAP_FOREIGN_API
#include <xenctrl.h>
@@ -1774,7 +1775,7 @@
{
xc_interface *xc_handle;
char *policy;
- uint32_t len;
+ Py_ssize_t len;
int ret;
static char *kwd_list[] = { "policy", NULL };
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/python/xen/lowlevel/xs/xs.c xen-4.17.0+74-g3eac216e6e/tools/python/xen/lowlevel/xs/xs.c
--- xen-4.17.0+46-gaaf74a532c/tools/python/xen/lowlevel/xs/xs.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/python/xen/lowlevel/xs/xs.c 2023-03-21 13:47:52.000000000 +0100
@@ -18,6 +18,7 @@
* Copyright (C) 2005 XenSource Ltd.
*/
+#define PY_SSIZE_T_CLEAN
#include <Python.h>
#include <stdbool.h>
@@ -141,7 +142,7 @@
char *thstr;
char *path;
char *data;
- int data_n;
+ Py_ssize_t data_n;
bool result;
if (!xh)
diff -Nru xen-4.17.0+46-gaaf74a532c/tools/xenmon/xenmon.py xen-4.17.0+74-g3eac216e6e/tools/xenmon/xenmon.py
--- xen-4.17.0+46-gaaf74a532c/tools/xenmon/xenmon.py 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/tools/xenmon/xenmon.py 2023-03-21 13:47:52.000000000 +0100
@@ -117,7 +117,7 @@
return parser
# encapsulate information about a domain
-class DomainInfo:
+class DomainInfo(object):
def __init__(self):
self.allocated_sum = 0
self.gotten_sum = 0
@@ -533,7 +533,7 @@
# simple functions to allow initialization of log files without actually
# physically creating files that are never used; only on the first real
# write does the file get created
-class Delayed(file):
+class Delayed(object):
def __init__(self, filename, mode):
self.filename = filename
self.saved_mode = mode
@@ -677,8 +677,8 @@
if os.uname()[0] == "SunOS":
xenbaked_cmd = "/usr/lib/xenbaked"
- stop_cmd = "/usr/bin/pkill -INT -z global xenbaked"
- kill_cmd = "/usr/bin/pkill -KILL -z global xenbaked"
+ stop_cmd = "/usr/bin/pkill -INT -z global xenbaked"
+ kill_cmd = "/usr/bin/pkill -KILL -z global xenbaked"
else:
# assumes that xenbaked is in your path
xenbaked_cmd = "xenbaked"
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/asm-macros.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/asm-macros.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/asm-macros.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/asm-macros.c 1970-01-01 01:00:00.000000000 +0100
@@ -1,3 +0,0 @@
-#include <asm/asm-defns.h>
-#include <asm/alternative-asm.h>
-#include <asm/spec_ctrl_asm.h>
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/asm-macros.S xen-4.17.0+74-g3eac216e6e/xen/arch/x86/asm-macros.S
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/asm-macros.S 1970-01-01 01:00:00.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/asm-macros.S 2023-03-21 13:47:52.000000000 +0100
@@ -0,0 +1,3 @@
+#include <asm/asm-defns.h>
+#include <asm/alternative-asm.h>
+#include <asm/spec_ctrl_asm.h>
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/common.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/common.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/common.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/common.c 2023-03-21 13:47:52.000000000 +0100
@@ -346,11 +346,18 @@
x86_cpuid_vendor_to_str(c->x86_vendor), c->x86, c->x86,
c->x86_model, c->x86_model, c->x86_mask, eax);
- if (c->cpuid_level >= 7)
- cpuid_count(7, 0, &eax, &ebx,
+ if (c->cpuid_level >= 7) {
+ uint32_t max_subleaf;
+
+ cpuid_count(7, 0, &max_subleaf, &ebx,
&c->x86_capability[FEATURESET_7c0],
&c->x86_capability[FEATURESET_7d0]);
+ if (max_subleaf >= 1)
+ cpuid_count(7, 1, &eax, &ebx, &ecx,
+ &c->x86_capability[FEATURESET_7d1]);
+ }
+
eax = cpuid_eax(0x80000000);
if ((eax >> 16) == 0x8000 && eax >= 0x80000008) {
ebx = eax >= 0x8000001f ? cpuid_ebx(0x8000001f) : 0;
@@ -450,7 +457,8 @@
cpuid_count(7, 1,
&c->x86_capability[FEATURESET_7a1],
&c->x86_capability[FEATURESET_7b1],
- &tmp, &tmp);
+ &c->x86_capability[FEATURESET_7c1],
+ &c->x86_capability[FEATURESET_7d1]);
if (max_subleaf >= 2)
cpuid_count(7, 2,
&tmp, &tmp, &tmp,
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/microcode/amd.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/amd.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/microcode/amd.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/amd.c 2023-03-21 13:47:52.000000000 +0100
@@ -176,8 +176,8 @@
if ( new_rev > old_rev )
return NEW_UCODE;
- if ( opt_ucode_allow_same && new_rev == old_rev )
- return NEW_UCODE;
+ if ( new_rev == old_rev )
+ return SAME_UCODE;
return OLD_UCODE;
}
@@ -220,8 +220,13 @@
unsigned int cpu = smp_processor_id();
struct cpu_signature *sig = &per_cpu(cpu_sig, cpu);
uint32_t rev, old_rev = sig->rev;
+ enum microcode_match_result result = microcode_fits(patch);
- if ( microcode_fits(patch) != NEW_UCODE )
+ /*
+ * Allow application of the same revision to pick up SMT-specific changes
+ * even if the revision of the other SMT thread is already up-to-date.
+ */
+ if ( result != NEW_UCODE && result != SAME_UCODE )
return -EINVAL;
if ( check_final_patch_levels(sig) )
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/microcode/core.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/core.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/microcode/core.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/core.c 2023-03-21 13:47:52.000000000 +0100
@@ -274,6 +274,20 @@
return true;
}
+/* Returns true if ucode should be loaded on a given cpu */
+static bool is_cpu_primary(unsigned int cpu)
+{
+ if ( boot_cpu_data.x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON) )
+ /* Load ucode on every logical thread/core */
+ return true;
+
+ /* Intel CPUs should load ucode only on the first core of SMT siblings */
+ if ( cpu == cpumask_first(per_cpu(cpu_sibling_mask, cpu)) )
+ return true;
+
+ return false;
+}
+
/* Wait for a condition to be met with a timeout (us). */
static int wait_for_condition(bool (*func)(unsigned int data),
unsigned int data, unsigned int timeout)
@@ -380,7 +394,7 @@
static int cf_check microcode_nmi_callback(
const struct cpu_user_regs *regs, int cpu)
{
- unsigned int primary = cpumask_first(this_cpu(cpu_sibling_mask));
+ bool primary_cpu = is_cpu_primary(cpu);
int ret;
/* System-generated NMI, leave to main handler */
@@ -393,10 +407,10 @@
* ucode_in_nmi.
*/
if ( cpu == cpumask_first(&cpu_online_map) ||
- (!ucode_in_nmi && cpu == primary) )
+ (!ucode_in_nmi && primary_cpu) )
return 0;
- if ( cpu == primary )
+ if ( primary_cpu )
ret = primary_thread_work(nmi_patch);
else
ret = secondary_nmi_work();
@@ -547,7 +561,7 @@
*/
if ( cpu == cpumask_first(&cpu_online_map) )
ret = control_thread_fn(patch);
- else if ( cpu == cpumask_first(this_cpu(cpu_sibling_mask)) )
+ else if ( is_cpu_primary(cpu) )
ret = primary_thread_fn(patch);
else
ret = secondary_thread_fn();
@@ -610,17 +624,25 @@
* that ucode revision.
*/
spin_lock(µcode_mutex);
- if ( microcode_cache &&
- alternative_call(ucode_ops.compare_patch,
- patch, microcode_cache) != NEW_UCODE )
- {
- spin_unlock(µcode_mutex);
- printk(XENLOG_WARNING "microcode: couldn't find any newer revision "
- "in the provided blob!\n");
- microcode_free_patch(patch);
- ret = -ENOENT;
+ if ( microcode_cache )
+ {
+ enum microcode_match_result result;
- goto put;
+ result = alternative_call(ucode_ops.compare_patch, patch,
+ microcode_cache);
+
+ if ( result != NEW_UCODE &&
+ !(opt_ucode_allow_same && result == SAME_UCODE) )
+ {
+ spin_unlock(µcode_mutex);
+ printk(XENLOG_WARNING
+ "microcode: couldn't find any newer%s revision in the provided blob!\n",
+ opt_ucode_allow_same ? " (or the same)" : "");
+ microcode_free_patch(patch);
+ ret = -ENOENT;
+
+ goto put;
+ }
}
spin_unlock(µcode_mutex);
@@ -632,7 +654,7 @@
/* Calculate the number of online CPU core */
nr_cores = 0;
for_each_online_cpu(cpu)
- if ( cpu == cpumask_first(per_cpu(cpu_sibling_mask, cpu)) )
+ if ( is_cpu_primary(cpu) )
nr_cores++;
printk(XENLOG_INFO "%u cores are to update their microcode\n", nr_cores);
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/microcode/intel.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/intel.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/microcode/intel.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/intel.c 2023-03-21 13:47:52.000000000 +0100
@@ -232,8 +232,8 @@
if ( new_rev > old_rev )
return NEW_UCODE;
- if ( opt_ucode_allow_same && new_rev == old_rev )
- return NEW_UCODE;
+ if ( new_rev == old_rev )
+ return SAME_UCODE;
/*
* Treat pre-production as always applicable - anyone using pre-production
@@ -290,8 +290,12 @@
unsigned int cpu = smp_processor_id();
struct cpu_signature *sig = &this_cpu(cpu_sig);
uint32_t rev, old_rev = sig->rev;
+ enum microcode_match_result result;
+
+ result = microcode_update_match(patch);
- if ( microcode_update_match(patch) != NEW_UCODE )
+ if ( result != NEW_UCODE &&
+ !(opt_ucode_allow_same && result == SAME_UCODE) )
return -EINVAL;
wbinvd();
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/microcode/private.h xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/private.h
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/cpu/microcode/private.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/cpu/microcode/private.h 2023-03-21 13:47:52.000000000 +0100
@@ -6,7 +6,8 @@
extern bool opt_ucode_allow_same;
enum microcode_match_result {
- OLD_UCODE, /* signature matched, but revision id is older or equal */
+ OLD_UCODE, /* signature matched, but revision id is older */
+ SAME_UCODE, /* signature matched, but revision id is the same */
NEW_UCODE, /* signature matched, but revision id is newer */
MIS_UCODE, /* signature mismatched */
};
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/domain.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/domain.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/domain.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/domain.c 2023-03-21 13:47:52.000000000 +0100
@@ -2347,9 +2347,9 @@
enum {
PROG_iommu_pagetables = 1,
+ PROG_shared,
PROG_paging,
PROG_vcpu_pagetables,
- PROG_shared,
PROG_xen,
PROG_l4,
PROG_l3,
@@ -2368,6 +2368,34 @@
if ( ret )
return ret;
+#ifdef CONFIG_MEM_SHARING
+ PROGRESS(shared):
+
+ if ( is_hvm_domain(d) )
+ {
+ /*
+ * If the domain has shared pages, relinquish them allowing
+ * for preemption.
+ */
+ ret = relinquish_shared_pages(d);
+ if ( ret )
+ return ret;
+
+ /*
+ * If the domain is forked, decrement the parent's pause count
+ * and release the domain.
+ */
+ if ( mem_sharing_is_fork(d) )
+ {
+ struct domain *parent = d->parent;
+
+ d->parent = NULL;
+ domain_unpause(parent);
+ put_domain(parent);
+ }
+ }
+#endif
+
PROGRESS(paging):
/* Tear down paging-assistance stuff. */
@@ -2408,32 +2436,6 @@
d->arch.auto_unmask = 0;
}
-#ifdef CONFIG_MEM_SHARING
- PROGRESS(shared):
-
- if ( is_hvm_domain(d) )
- {
- /* If the domain has shared pages, relinquish them allowing
- * for preemption. */
- ret = relinquish_shared_pages(d);
- if ( ret )
- return ret;
-
- /*
- * If the domain is forked, decrement the parent's pause count
- * and release the domain.
- */
- if ( mem_sharing_is_fork(d) )
- {
- struct domain *parent = d->parent;
-
- d->parent = NULL;
- domain_unpause(parent);
- put_domain(parent);
- }
- }
-#endif
-
spin_lock(&d->page_alloc_lock);
page_list_splice(&d->arch.relmem_list, &d->page_list);
INIT_PAGE_LIST_HEAD(&d->arch.relmem_list);
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/hvm/mtrr.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/mtrr.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/hvm/mtrr.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/mtrr.c 2023-03-21 13:47:52.000000000 +0100
@@ -594,7 +594,8 @@
int hvm_set_mem_pinned_cacheattr(struct domain *d, uint64_t gfn_start,
uint64_t gfn_end, uint32_t type)
{
- struct hvm_mem_pinned_cacheattr_range *range;
+ struct hvm_mem_pinned_cacheattr_range *range, *newr;
+ unsigned int nr = 0;
int rc = 1;
if ( !is_hvm_domain(d) )
@@ -607,14 +608,15 @@
{
case XEN_DOMCTL_DELETE_MEM_CACHEATTR:
/* Remove the requested range. */
- rcu_read_lock(&pinned_cacheattr_rcu_lock);
- list_for_each_entry_rcu ( range,
- &d->arch.hvm.pinned_cacheattr_ranges,
- list )
+ domain_lock(d);
+ list_for_each_entry ( range,
+ &d->arch.hvm.pinned_cacheattr_ranges,
+ list )
if ( range->start == gfn_start && range->end == gfn_end )
{
- rcu_read_unlock(&pinned_cacheattr_rcu_lock);
list_del_rcu(&range->list);
+ domain_unlock(d);
+
type = range->type;
call_rcu(&range->rcu, free_pinned_cacheattr_entry);
p2m_memory_type_changed(d);
@@ -635,7 +637,7 @@
}
return 0;
}
- rcu_read_unlock(&pinned_cacheattr_rcu_lock);
+ domain_unlock(d);
return -ENOENT;
case PAT_TYPE_UC_MINUS:
@@ -650,7 +652,10 @@
return -EINVAL;
}
- rcu_read_lock(&pinned_cacheattr_rcu_lock);
+ newr = xzalloc(struct hvm_mem_pinned_cacheattr_range);
+
+ domain_lock(d);
+
list_for_each_entry_rcu ( range,
&d->arch.hvm.pinned_cacheattr_ranges,
list )
@@ -666,25 +671,36 @@
rc = -EBUSY;
break;
}
+ ++nr;
}
- rcu_read_unlock(&pinned_cacheattr_rcu_lock);
+
if ( rc <= 0 )
- return rc;
+ /* nothing */;
+ else if ( nr >= 64 /* The limit is arbitrary. */ )
+ rc = -ENOSPC;
+ else if ( !newr )
+ rc = -ENOMEM;
+ else
+ {
+ newr->start = gfn_start;
+ newr->end = gfn_end;
+ newr->type = type;
+
+ list_add_rcu(&newr->list, &d->arch.hvm.pinned_cacheattr_ranges);
+
+ newr = NULL;
+ rc = 0;
+ }
- range = xzalloc(struct hvm_mem_pinned_cacheattr_range);
- if ( range == NULL )
- return -ENOMEM;
+ domain_unlock(d);
- range->start = gfn_start;
- range->end = gfn_end;
- range->type = type;
+ xfree(newr);
- list_add_rcu(&range->list, &d->arch.hvm.pinned_cacheattr_ranges);
p2m_memory_type_changed(d);
if ( type != PAT_TYPE_WRBACK )
flush_all(FLUSH_CACHE);
- return 0;
+ return rc;
}
static int cf_check hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h)
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/hvm/vmx/vmcs.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/vmx/vmcs.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/hvm/vmx/vmcs.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/vmx/vmcs.c 2023-03-21 13:47:52.000000000 +0100
@@ -67,6 +67,9 @@
static unsigned int __read_mostly ple_window = 4096;
integer_param("ple_window", ple_window);
+static unsigned int __ro_after_init vm_notify_window;
+integer_param("vm-notify-window", vm_notify_window);
+
static bool __read_mostly opt_ept_pml = true;
static s8 __read_mostly opt_ept_ad = -1;
int8_t __read_mostly opt_ept_exec_sp = -1;
@@ -209,6 +212,8 @@
P(cpu_has_vmx_virt_exceptions, "Virtualisation Exceptions");
P(cpu_has_vmx_pml, "Page Modification Logging");
P(cpu_has_vmx_tsc_scaling, "TSC Scaling");
+ P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection");
+ P(cpu_has_vmx_notify_vm_exiting, "Notify VM Exit");
#undef P
if ( !printed )
@@ -318,7 +323,8 @@
SECONDARY_EXEC_ENABLE_VM_FUNCTIONS |
SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS |
SECONDARY_EXEC_XSAVES |
- SECONDARY_EXEC_TSC_SCALING);
+ SECONDARY_EXEC_TSC_SCALING |
+ SECONDARY_EXEC_BUS_LOCK_DETECTION);
if ( _vmx_misc_cap & VMX_MISC_VMWRITE_ALL )
opt |= SECONDARY_EXEC_ENABLE_VMCS_SHADOWING;
if ( opt_vpid_enabled )
@@ -327,6 +333,8 @@
opt |= SECONDARY_EXEC_UNRESTRICTED_GUEST;
if ( opt_ept_pml )
opt |= SECONDARY_EXEC_ENABLE_PML;
+ if ( vm_notify_window != ~0u )
+ opt |= SECONDARY_EXEC_NOTIFY_VM_EXITING;
/*
* "APIC Register Virtualization" and "Virtual Interrupt Delivery"
@@ -1288,6 +1296,10 @@
v->arch.hvm.vmx.exception_bitmap = HVM_TRAP_MASK
| (paging_mode_hap(d) ? 0 : (1U << TRAP_page_fault))
| (v->arch.fully_eager_fpu ? 0 : (1U << TRAP_no_device));
+
+ if ( cpu_has_vmx_notify_vm_exiting )
+ __vmwrite(NOTIFY_WINDOW, vm_notify_window);
+
vmx_update_exception_bitmap(v);
v->arch.hvm.guest_cr[0] = X86_CR0_PE | X86_CR0_ET;
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/hvm/vmx/vmx.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/vmx/vmx.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/hvm/vmx/vmx.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/vmx/vmx.c 2023-03-21 13:47:52.000000000 +0100
@@ -3967,6 +3967,15 @@
return vlapic_apicv_write(current, exit_qualification & 0xfff);
}
+static void undo_nmis_unblocked_by_iret(void)
+{
+ unsigned long guest_info;
+
+ __vmread(GUEST_INTERRUPTIBILITY_INFO, &guest_info);
+ __vmwrite(GUEST_INTERRUPTIBILITY_INFO,
+ guest_info | VMX_INTR_SHADOW_NMI);
+}
+
void vmx_vmexit_handler(struct cpu_user_regs *regs)
{
unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0;
@@ -4063,13 +4072,7 @@
}
}
- if ( idx != vcpu_altp2m(v).p2midx )
- {
- BUG_ON(idx >= MAX_ALTP2M);
- atomic_dec(&p2m_get_altp2m(v)->active_vcpus);
- vcpu_altp2m(v).p2midx = idx;
- atomic_inc(&p2m_get_altp2m(v)->active_vcpus);
- }
+ p2m_set_altp2m(v, idx);
}
if ( unlikely(currd->arch.monitor.vmexit_enabled) )
@@ -4084,6 +4087,12 @@
return;
}
+ if ( unlikely(exit_reason & VMX_EXIT_REASONS_BUS_LOCK) )
+ {
+ perfc_incr(buslock);
+ exit_reason &= ~VMX_EXIT_REASONS_BUS_LOCK;
+ }
+
/* XXX: This looks ugly, but we need a mechanism to ensure
* any pending vmresume has really happened
*/
@@ -4161,13 +4170,7 @@
if ( unlikely(intr_info & INTR_INFO_NMI_UNBLOCKED_BY_IRET) &&
!(idtv_info & INTR_INFO_VALID_MASK) &&
(vector != TRAP_double_fault) )
- {
- unsigned long guest_info;
-
- __vmread(GUEST_INTERRUPTIBILITY_INFO, &guest_info);
- __vmwrite(GUEST_INTERRUPTIBILITY_INFO,
- guest_info | VMX_INTR_SHADOW_NMI);
- }
+ undo_nmis_unblocked_by_iret();
perfc_incra(cause_vector, vector);
@@ -4533,6 +4536,11 @@
__vmread(GUEST_PHYSICAL_ADDRESS, &gpa);
__vmread(EXIT_QUALIFICATION, &exit_qualification);
+
+ if ( unlikely(exit_qualification & INTR_INFO_NMI_UNBLOCKED_BY_IRET) &&
+ !(idtv_info & INTR_INFO_VALID_MASK) )
+ undo_nmis_unblocked_by_iret();
+
ept_handle_violation(exit_qualification, gpa);
break;
}
@@ -4577,6 +4585,12 @@
break;
case EXIT_REASON_PML_FULL:
+ __vmread(EXIT_QUALIFICATION, &exit_qualification);
+
+ if ( unlikely(exit_qualification & INTR_INFO_NMI_UNBLOCKED_BY_IRET) &&
+ !(idtv_info & INTR_INFO_VALID_MASK) )
+ undo_nmis_unblocked_by_iret();
+
vmx_vcpu_flush_pml_buffer(v);
break;
@@ -4593,6 +4607,31 @@
vmx_handle_descriptor_access(exit_reason);
break;
+ case EXIT_REASON_BUS_LOCK:
+ /*
+ * Nothing to do: just taking a vmexit should be enough of a pause to
+ * prevent a VM from crippling the host with bus locks. Note
+ * EXIT_REASON_BUS_LOCK will always have bit 26 set in exit_reason, and
+ * hence the perf counter is already increased.
+ */
+ break;
+
+ case EXIT_REASON_NOTIFY:
+ __vmread(EXIT_QUALIFICATION, &exit_qualification);
+
+ if ( unlikely(exit_qualification & NOTIFY_VM_CONTEXT_INVALID) )
+ {
+ perfc_incr(vmnotify_crash);
+ gprintk(XENLOG_ERR, "invalid VM context after notify vmexit\n");
+ domain_crash(v->domain);
+ break;
+ }
+
+ if ( unlikely(exit_qualification & INTR_INFO_NMI_UNBLOCKED_BY_IRET) )
+ undo_nmis_unblocked_by_iret();
+
+ break;
+
case EXIT_REASON_VMX_PREEMPTION_TIMER_EXPIRED:
case EXIT_REASON_INVPCID:
/* fall through */
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/hvm/vmx/vvmx.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/vmx/vvmx.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/hvm/vmx/vvmx.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/hvm/vmx/vvmx.c 2023-03-21 13:47:52.000000000 +0100
@@ -2405,7 +2405,7 @@
* be reinjected, otherwise, pass to L1.
*/
__vmread(VM_EXIT_REASON, &reason);
- if ( reason != EXIT_REASON_EPT_VIOLATION ?
+ if ( (uint16_t)reason != EXIT_REASON_EPT_VIOLATION ?
!(nvmx->intr.intr_info & INTR_INFO_VALID_MASK) :
!nvcpu->nv_vmexit_pending )
{
@@ -2486,6 +2486,8 @@
case EXIT_REASON_EPT_VIOLATION:
case EXIT_REASON_EPT_MISCONFIG:
case EXIT_REASON_EXTERNAL_INTERRUPT:
+ case EXIT_REASON_BUS_LOCK:
+ case EXIT_REASON_NOTIFY:
/* pass to L0 handler */
break;
case VMX_EXIT_REASONS_FAILED_VMENTRY:
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/hvm/vmx/vmcs.h xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/hvm/vmx/vmcs.h
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/hvm/vmx/vmcs.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/hvm/vmx/vmcs.h 2023-03-21 13:47:52.000000000 +0100
@@ -267,6 +267,8 @@
#define SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS 0x00040000
#define SECONDARY_EXEC_XSAVES 0x00100000
#define SECONDARY_EXEC_TSC_SCALING 0x02000000
+#define SECONDARY_EXEC_BUS_LOCK_DETECTION 0x40000000
+#define SECONDARY_EXEC_NOTIFY_VM_EXITING 0x80000000
extern u32 vmx_secondary_exec_control;
#define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001
@@ -346,6 +348,10 @@
(vmx_secondary_exec_control & SECONDARY_EXEC_XSAVES)
#define cpu_has_vmx_tsc_scaling \
(vmx_secondary_exec_control & SECONDARY_EXEC_TSC_SCALING)
+#define cpu_has_vmx_bus_lock_detection \
+ (vmx_secondary_exec_control & SECONDARY_EXEC_BUS_LOCK_DETECTION)
+#define cpu_has_vmx_notify_vm_exiting \
+ (vmx_secondary_exec_control & SECONDARY_EXEC_NOTIFY_VM_EXITING)
#define VMCS_RID_TYPE_MASK 0x80000000
@@ -453,6 +459,7 @@
SECONDARY_VM_EXEC_CONTROL = 0x0000401e,
PLE_GAP = 0x00004020,
PLE_WINDOW = 0x00004022,
+ NOTIFY_WINDOW = 0x00004024,
VM_INSTRUCTION_ERROR = 0x00004400,
VM_EXIT_REASON = 0x00004402,
VM_EXIT_INTR_INFO = 0x00004404,
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/hvm/vmx/vmx.h xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/hvm/vmx/vmx.h
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/hvm/vmx/vmx.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/hvm/vmx/vmx.h 2023-03-21 13:47:52.000000000 +0100
@@ -159,6 +159,7 @@
* Exit Reasons
*/
#define VMX_EXIT_REASONS_FAILED_VMENTRY 0x80000000
+#define VMX_EXIT_REASONS_BUS_LOCK (1u << 26)
#define EXIT_REASON_EXCEPTION_NMI 0
#define EXIT_REASON_EXTERNAL_INTERRUPT 1
@@ -219,10 +220,15 @@
#define EXIT_REASON_PML_FULL 62
#define EXIT_REASON_XSAVES 63
#define EXIT_REASON_XRSTORS 64
+#define EXIT_REASON_BUS_LOCK 74
+#define EXIT_REASON_NOTIFY 75
/* Remember to also update VMX_PERF_EXIT_REASON_SIZE! */
/*
* Interruption-information format
+ *
+ * Note INTR_INFO_NMI_UNBLOCKED_BY_IRET is also used with Exit Qualification
+ * field for EPT violations, PML full and SPP-related event vmexits.
*/
#define INTR_INFO_VECTOR_MASK 0xff /* 7:0 */
#define INTR_INFO_INTR_TYPE_MASK 0x700 /* 10:8 */
@@ -232,6 +238,11 @@
#define INTR_INFO_RESVD_BITS_MASK 0x7ffff000
/*
+ * Exit Qualifications for NOTIFY VM EXIT
+ */
+#define NOTIFY_VM_CONTEXT_INVALID 1u
+
+/*
* Exit Qualifications for MOV for Control Register Access
*/
enum {
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/p2m.h xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/p2m.h
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/p2m.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/p2m.h 2023-03-21 13:47:52.000000000 +0100
@@ -879,6 +879,26 @@
return v->domain->arch.altp2m_p2m[index];
}
+/* set current alternate p2m table */
+static inline bool p2m_set_altp2m(struct vcpu *v, unsigned int idx)
+{
+ struct p2m_domain *orig;
+
+ BUG_ON(idx >= MAX_ALTP2M);
+
+ if ( idx == vcpu_altp2m(v).p2midx )
+ return false;
+
+ orig = p2m_get_altp2m(v);
+ BUG_ON(!orig);
+ atomic_dec(&orig->active_vcpus);
+
+ vcpu_altp2m(v).p2midx = idx;
+ atomic_inc(&v->domain->arch.altp2m_p2m[idx]->active_vcpus);
+
+ return true;
+}
+
/* Switch alternate p2m for a single vcpu */
bool_t p2m_switch_vcpu_altp2m_by_id(struct vcpu *v, unsigned int idx);
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/paging.h xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/paging.h
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/paging.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/paging.h 2023-03-21 13:47:52.000000000 +0100
@@ -190,6 +190,10 @@
#define L4_LOGDIRTY_IDX(pfn) ((pfn_x(pfn) >> (PAGE_SHIFT + 3 + PAGETABLE_ORDER * 2)) & \
(LOGDIRTY_NODE_ENTRIES-1))
+#define paging_logdirty_levels() \
+ (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \
+ PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1)
+
#ifdef CONFIG_HVM
/* VRAM dirty tracking support */
struct sh_dirty_vram {
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/perfc_defn.h xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/perfc_defn.h
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/perfc_defn.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/perfc_defn.h 2023-03-21 13:47:52.000000000 +0100
@@ -6,7 +6,7 @@
#ifdef CONFIG_HVM
-#define VMX_PERF_EXIT_REASON_SIZE 65
+#define VMX_PERF_EXIT_REASON_SIZE 76
#define VMEXIT_NPF_PERFC 143
#define SVM_PERF_EXIT_REASON_SIZE (VMEXIT_NPF_PERFC + 1)
PERFCOUNTER_ARRAY(vmexits, "vmexits",
@@ -128,4 +128,7 @@
PERFCOUNTER(iommu_pt_shatters, "IOMMU page table shatters")
PERFCOUNTER(iommu_pt_coalesces, "IOMMU page table coalesces")
+PERFCOUNTER(buslock, "Bus Locks Detected")
+PERFCOUNTER(vmnotify_crash, "domain crashes by Notify VM Exit")
+
/*#endif*/ /* __XEN_PERFC_DEFN_H__ */
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/spec_ctrl_asm.h xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/spec_ctrl_asm.h
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/spec_ctrl_asm.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/spec_ctrl_asm.h 2023-03-21 13:47:52.000000000 +0100
@@ -117,11 +117,16 @@
.L\@_done:
.endm
-.macro DO_OVERWRITE_RSB tmp=rax
+.macro DO_OVERWRITE_RSB tmp=rax xu
/*
* Requires nothing
* Clobbers \tmp (%rax by default), %rcx
*
+ * xu is an optional parameter to add eXtra Uniqueness. It is intended for
+ * passing %= in from an asm() block, in order to work around
+ * https://github.com/llvm/llvm-project/issues/60792 where Clang-IAS doesn't
+ * expand \@ uniquely.
+ *
* Requires 256 bytes of {,shadow}stack space, but %rsp/SSP has no net
* change. Based on Google's performance numbers, the loop is unrolled to 16
* iterations and two calls per iteration.
@@ -136,27 +141,27 @@
mov $16, %ecx /* 16 iterations, two calls per loop */
mov %rsp, %\tmp /* Store the current %rsp */
-.L\@_fill_rsb_loop:
+.L\@_fill_rsb_loop\xu:
.irp n, 1, 2 /* Unrolled twice. */
- call .L\@_insert_rsb_entry_\n /* Create an RSB entry. */
+ call .L\@_insert_rsb_entry\xu\n /* Create an RSB entry. */
int3 /* Halt rogue speculation. */
-.L\@_insert_rsb_entry_\n:
+.L\@_insert_rsb_entry\xu\n:
.endr
sub $1, %ecx
- jnz .L\@_fill_rsb_loop
+ jnz .L\@_fill_rsb_loop\xu
mov %\tmp, %rsp /* Restore old %rsp */
#ifdef CONFIG_XEN_SHSTK
mov $1, %ecx
rdsspd %ecx
cmp $1, %ecx
- je .L\@_shstk_done
+ je .L\@_shstk_done\xu
mov $64, %ecx /* 64 * 4 bytes, given incsspd */
incsspd %ecx /* Restore old SSP */
-.L\@_shstk_done:
+.L\@_shstk_done\xu:
#endif
.endm
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/spec_ctrl.h xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/spec_ctrl.h
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/include/asm/spec_ctrl.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/include/asm/spec_ctrl.h 2023-03-21 13:47:52.000000000 +0100
@@ -83,7 +83,7 @@
wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
/* (ab)use alternative_input() to specify clobbers. */
- alternative_input("", "DO_OVERWRITE_RSB", X86_BUG_IBPB_NO_RET,
+ alternative_input("", "DO_OVERWRITE_RSB xu=%=", X86_BUG_IBPB_NO_RET,
: "rax", "rcx");
}
@@ -172,7 +172,7 @@
*
* (ab)use alternative_input() to specify clobbers.
*/
- alternative_input("", "DO_OVERWRITE_RSB", X86_FEATURE_SC_RSB_IDLE,
+ alternative_input("", "DO_OVERWRITE_RSB xu=%=", X86_FEATURE_SC_RSB_IDLE,
: "rax", "rcx");
}
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/Kconfig xen-4.17.0+74-g3eac216e6e/xen/arch/x86/Kconfig
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/Kconfig 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/Kconfig 2023-03-21 13:47:52.000000000 +0100
@@ -10,7 +10,7 @@
select ALTERNATIVE_CALL
select ARCH_MAP_DOMAIN_PAGE
select ARCH_SUPPORTS_INT128
- select CORE_PARKING
+ imply CORE_PARKING
select HAS_ALTERNATIVE
select HAS_COMPAT
select HAS_CPUFREQ
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/Makefile xen-4.17.0+74-g3eac216e6e/xen/arch/x86/Makefile
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/Makefile 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/Makefile 2023-03-21 13:47:52.000000000 +0100
@@ -240,7 +240,7 @@
.PHONY: include
include: $(objtree)/arch/x86/include/asm/asm-macros.h
-$(obj)/asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P
+$(obj)/asm-macros.i: CFLAGS-y += -P
$(objtree)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile
$(call filechk,asm-macros.h)
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/mm/p2m.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/p2m.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/mm/p2m.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/p2m.c 2023-03-21 13:47:52.000000000 +0100
@@ -1787,13 +1787,8 @@
if ( d->arch.altp2m_eptp[idx] != mfn_x(INVALID_MFN) )
{
- if ( idx != vcpu_altp2m(v).p2midx )
- {
- atomic_dec(&p2m_get_altp2m(v)->active_vcpus);
- vcpu_altp2m(v).p2midx = idx;
- atomic_inc(&p2m_get_altp2m(v)->active_vcpus);
+ if ( p2m_set_altp2m(v, idx) )
altp2m_vcpu_update_p2m(v);
- }
rc = 1;
}
@@ -2070,13 +2065,8 @@
if ( d->arch.altp2m_visible_eptp[idx] != mfn_x(INVALID_MFN) )
{
for_each_vcpu( d, v )
- if ( idx != vcpu_altp2m(v).p2midx )
- {
- atomic_dec(&p2m_get_altp2m(v)->active_vcpus);
- vcpu_altp2m(v).p2midx = idx;
- atomic_inc(&p2m_get_altp2m(v)->active_vcpus);
+ if ( p2m_set_altp2m(v, idx) )
altp2m_vcpu_update_p2m(v);
- }
rc = 0;
}
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/mm/paging.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/paging.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/mm/paging.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/paging.c 2023-03-21 13:47:52.000000000 +0100
@@ -282,6 +282,7 @@
if ( unlikely(!VALID_M2P(pfn_x(pfn))) )
return;
+ BUILD_BUG_ON(paging_logdirty_levels() != 4);
i1 = L1_LOGDIRTY_IDX(pfn);
i2 = L2_LOGDIRTY_IDX(pfn);
i3 = L3_LOGDIRTY_IDX(pfn);
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/mm/shadow/common.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/shadow/common.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/mm/shadow/common.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/mm/shadow/common.c 2023-03-21 13:47:52.000000000 +0100
@@ -1015,7 +1015,17 @@
if ( unlikely(d->is_dying) )
return false;
- ret = _shadow_prealloc(d, shadow_size(type) * count);
+ count *= shadow_size(type);
+ /*
+ * Log-dirty handling may result in allocations when populating its
+ * tracking structures. Tie this to the caller requesting space for L1
+ * shadows.
+ */
+ if ( paging_mode_log_dirty(d) &&
+ ((SHF_L1_ANY | SHF_FL1_ANY) & (1u << type)) )
+ count += paging_logdirty_levels();
+
+ ret = _shadow_prealloc(d, count);
if ( !ret && (!d->is_shutting_down || d->shutdown_code != SHUTDOWN_crash) )
/*
* Failing to allocate memory required for shadow usage can only result in
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/platform_hypercall.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/platform_hypercall.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/platform_hypercall.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/platform_hypercall.c 2023-03-21 13:47:52.000000000 +0100
@@ -727,12 +727,17 @@
case XEN_CORE_PARKING_SET:
idle_nums = min_t(uint32_t,
op->u.core_parking.idle_nums, num_present_cpus() - 1);
- ret = continue_hypercall_on_cpu(
- 0, core_parking_helper, (void *)(unsigned long)idle_nums);
+ if ( CONFIG_NR_CPUS > 1 )
+ ret = continue_hypercall_on_cpu(
+ 0, core_parking_helper,
+ (void *)(unsigned long)idle_nums);
+ else if ( idle_nums )
+ ret = -EINVAL;
break;
case XEN_CORE_PARKING_GET:
- op->u.core_parking.idle_nums = get_cur_idle_nums();
+ op->u.core_parking.idle_nums = CONFIG_NR_CPUS > 1
+ ? get_cur_idle_nums() : 0;
ret = __copy_field_to_guest(u_xenpf_op, op, u.core_parking) ?
-EFAULT : 0;
break;
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/setup.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/setup.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/setup.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/setup.c 2023-03-21 13:47:52.000000000 +0100
@@ -95,11 +95,7 @@
size_param("highmem-start", highmem_start);
#endif
-#ifdef CONFIG_XEN_SHSTK
-static bool __initdata opt_xen_shstk = true;
-#else
-#define opt_xen_shstk false
-#endif
+static int8_t __initdata opt_xen_shstk = -IS_ENABLED(CONFIG_XEN_SHSTK);
#ifdef CONFIG_XEN_IBT
static bool __initdata opt_xen_ibt = true;
@@ -1104,11 +1100,45 @@
early_cpu_init();
/* Choose shadow stack early, to set infrastructure up appropriately. */
- if ( opt_xen_shstk && boot_cpu_has(X86_FEATURE_CET_SS) )
+ if ( !boot_cpu_has(X86_FEATURE_CET_SS) )
+ opt_xen_shstk = 0;
+
+ if ( opt_xen_shstk )
{
- printk("Enabling Supervisor Shadow Stacks\n");
+ /*
+ * Some CPUs suffer from Shadow Stack Fracturing, an issue whereby a
+ * fault/VMExit/etc between setting a Supervisor Busy bit and the
+ * event delivery completing renders the operation non-restartable.
+ * On restart, event delivery will find the Busy bit already set.
+ *
+ * This is a problem on bare metal, but outside of synthetic cases or
+ * a very badly timed #MC, it's not believed to be a problem. It is a
+ * much bigger problem under virt, because we can VMExit for a number
+ * of legitimate reasons and tickle this bug.
+ *
+ * CPUs with this addressed enumerate CET-SSS to indicate that
+ * supervisor shadow stacks are now safe to use.
+ */
+ bool cpu_has_bug_shstk_fracture =
+ boot_cpu_data.x86_vendor == X86_VENDOR_INTEL &&
+ !boot_cpu_has(X86_FEATURE_CET_SSS);
- setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK);
+ /*
+ * On bare metal, assume that Xen won't be impacted by shstk
+ * fracturing problems. Under virt, be more conservative and disable
+ * shstk by default.
+ */
+ if ( opt_xen_shstk == -1 )
+ opt_xen_shstk =
+ cpu_has_hypervisor ? !cpu_has_bug_shstk_fracture
+ : true;
+
+ if ( opt_xen_shstk )
+ {
+ printk("Enabling Supervisor Shadow Stacks\n");
+
+ setup_force_cpu_cap(X86_FEATURE_XEN_SHSTK);
+ }
}
if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) )
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/sysctl.c xen-4.17.0+74-g3eac216e6e/xen/arch/x86/sysctl.c
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/sysctl.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/sysctl.c 2023-03-21 13:47:52.000000000 +0100
@@ -179,6 +179,9 @@
ret = -EBUSY;
break;
}
+ if ( CONFIG_NR_CPUS <= 1 )
+ /* Mimic behavior of smt_up_down_helper(). */
+ return 0;
plug = op == XEN_SYSCTL_CPU_HOTPLUG_SMT_ENABLE;
fn = smt_up_down_helper;
hcpu = _p(plug);
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/arch/x86/x86_64/entry.S xen-4.17.0+74-g3eac216e6e/xen/arch/x86/x86_64/entry.S
--- xen-4.17.0+46-gaaf74a532c/xen/arch/x86/x86_64/entry.S 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/arch/x86/x86_64/entry.S 2023-03-21 13:47:52.000000000 +0100
@@ -288,7 +288,6 @@
ALTERNATIVE "", "setssbsy", X86_FEATURE_XEN_SHSTK
#endif
push %rax /* Guest %rsp */
- CR4_PV32_RESTORE
movq 8(%rsp), %rax /* Restore guest %rax. */
movq $FLAT_USER_SS32, 8(%rsp) /* Assume a 64bit domain. Compat handled lower. */
pushq %r11
@@ -312,6 +311,8 @@
.Lcstar_cr3_okay:
sti
+ CR4_PV32_RESTORE
+
movq STACK_CPUINFO_FIELD(current_vcpu)(%rbx), %rbx
#ifdef CONFIG_PV32
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/common/bunzip2.c xen-4.17.0+74-g3eac216e6e/xen/common/bunzip2.c
--- xen-4.17.0+46-gaaf74a532c/xen/common/bunzip2.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/common/bunzip2.c 2023-03-21 13:47:52.000000000 +0100
@@ -233,6 +233,11 @@
becomes negative, so an unsigned inequality catches
it.) */
t = get_bits(bd, 5)-1;
+ /* GCC 13 has apparently improved use-before-set detection, but
+ it can't figure out that length[0] is always intialized by
+ virtue of symCount always being positive when making it here.
+ See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106511. */
+ length[0] = 0;
for (i = 0; i < symCount; i++) {
for (;;) {
if (((unsigned)t) > (MAX_HUFCODE_BITS-1))
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/common/Kconfig xen-4.17.0+74-g3eac216e6e/xen/common/Kconfig
--- xen-4.17.0+46-gaaf74a532c/xen/common/Kconfig 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/common/Kconfig 2023-03-21 13:47:52.000000000 +0100
@@ -10,6 +10,7 @@
config CORE_PARKING
bool
+ depends on NR_CPUS > 1
config GRANT_TABLE
bool "Grant table support" if EXPERT
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/common/sched/credit2.c xen-4.17.0+74-g3eac216e6e/xen/common/sched/credit2.c
--- xen-4.17.0+46-gaaf74a532c/xen/common/sched/credit2.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/common/sched/credit2.c 2023-03-21 13:47:52.000000000 +0100
@@ -996,9 +996,14 @@
*
* Otherwise, let's try to make sure that siblings stay in the
* same runqueue, pretty much under any cinrcumnstances.
+ *
+ * Furthermore, try to respect credit2_runqueue=all, as long as
+ * max_cpus_runq isn't violated.
*/
- if ( rqd->refcnt < max_cpus_runq && (ops->cpupool->gran != SCHED_GRAN_cpu ||
- cpu_runqueue_siblings_match(rqd, cpu, max_cpus_runq)) )
+ if ( rqd->refcnt < max_cpus_runq &&
+ (ops->cpupool->gran != SCHED_GRAN_cpu ||
+ cpu_runqueue_siblings_match(rqd, cpu, max_cpus_runq) ||
+ opt_runqueue == OPT_RUNQUEUE_ALL) )
{
/*
* This runqueue is ok, but as we said, we also want an even
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/drivers/passthrough/vtd/dmar.c xen-4.17.0+74-g3eac216e6e/xen/drivers/passthrough/vtd/dmar.c
--- xen-4.17.0+46-gaaf74a532c/xen/drivers/passthrough/vtd/dmar.c 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/drivers/passthrough/vtd/dmar.c 2023-03-21 13:47:52.000000000 +0100
@@ -391,15 +391,12 @@
if ( drhd )
{
- if ( (seg == 0) && (bus == 0) && (path->dev == 2) &&
- (path->fn == 0) )
- igd_drhd_address = drhd->address;
-
- if ( gfx_only &&
- pci_conf_read8(PCI_SBDF(seg, bus, path->dev, path->fn),
+ if ( pci_conf_read8(PCI_SBDF(seg, bus, path->dev, path->fn),
PCI_CLASS_DEVICE + 1) != 0x03
/* PCI_BASE_CLASS_DISPLAY */ )
gfx_only = false;
+ else if ( !seg && !bus && path->dev == 2 && !path->fn )
+ igd_drhd_address = drhd->address;
}
break;
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/include/public/arch-x86/cpufeatureset.h xen-4.17.0+74-g3eac216e6e/xen/include/public/arch-x86/cpufeatureset.h
--- xen-4.17.0+46-gaaf74a532c/xen/include/public/arch-x86/cpufeatureset.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/include/public/arch-x86/cpufeatureset.h 2023-03-21 13:47:52.000000000 +0100
@@ -295,6 +295,11 @@
XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */
XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */
+/* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */
+
+/* Intel-defined CPU features, CPUID level 0x00000007:1.edx, word 15 */
+XEN_CPUFEATURE(CET_SSS, 15*32+18) /* CET Supervisor Shadow Stacks safe to use */
+
#endif /* XEN_CPUFEATURE */
/* Clean up from a default include. Close the enum (for C). */
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/include/xen/lib/x86/cpuid.h xen-4.17.0+74-g3eac216e6e/xen/include/xen/lib/x86/cpuid.h
--- xen-4.17.0+46-gaaf74a532c/xen/include/xen/lib/x86/cpuid.h 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/include/xen/lib/x86/cpuid.h 2023-03-21 13:47:52.000000000 +0100
@@ -18,6 +18,8 @@
#define FEATURESET_e21a 11 /* 0x80000021.eax */
#define FEATURESET_7b1 12 /* 0x00000007:1.ebx */
#define FEATURESET_7d2 13 /* 0x00000007:2.edx */
+#define FEATURESET_7c1 14 /* 0x00000007:1.ecx */
+#define FEATURESET_7d1 15 /* 0x00000007:1.edx */
struct cpuid_leaf
{
@@ -194,7 +196,14 @@
uint32_t _7b1;
struct { DECL_BITFIELD(7b1); };
};
- uint32_t /* c */:32, /* d */:32;
+ union {
+ uint32_t _7c1;
+ struct { DECL_BITFIELD(7c1); };
+ };
+ union {
+ uint32_t _7d1;
+ struct { DECL_BITFIELD(7d1); };
+ };
/* Subleaf 2. */
uint32_t /* a */:32, /* b */:32, /* c */:32;
@@ -343,6 +352,8 @@
fs[FEATURESET_e21a] = p->extd.e21a;
fs[FEATURESET_7b1] = p->feat._7b1;
fs[FEATURESET_7d2] = p->feat._7d2;
+ fs[FEATURESET_7c1] = p->feat._7c1;
+ fs[FEATURESET_7d1] = p->feat._7d1;
}
/* Fill in a CPUID policy from a featureset bitmap. */
@@ -363,6 +374,8 @@
p->extd.e21a = fs[FEATURESET_e21a];
p->feat._7b1 = fs[FEATURESET_7b1];
p->feat._7d2 = fs[FEATURESET_7d2];
+ p->feat._7c1 = fs[FEATURESET_7c1];
+ p->feat._7d1 = fs[FEATURESET_7d1];
}
static inline uint64_t cpuid_policy_xcr0_max(const struct cpuid_policy *p)
diff -Nru xen-4.17.0+46-gaaf74a532c/xen/Rules.mk xen-4.17.0+74-g3eac216e6e/xen/Rules.mk
--- xen-4.17.0+46-gaaf74a532c/xen/Rules.mk 2023-02-22 15:14:33.000000000 +0100
+++ xen-4.17.0+74-g3eac216e6e/xen/Rules.mk 2023-03-21 13:47:52.000000000 +0100
@@ -228,8 +228,9 @@
ifeq ($(CONFIG_ENFORCE_UNIQUE_SYMBOLS),y)
cmd_cc_o_c = $(CC) $(c_flags) -c $< -o $(dot-target).tmp -MQ $@
ifneq ($(CONFIG_CC_IS_CLANG)$(call clang-ifversion,-lt,600,y),yy)
+ rel-path = $(patsubst $(abs_srctree)/%,%,$(call realpath,$(1)))
cmd_objcopy_fix_sym = \
- $(OBJCOPY) --redefine-sym $(<F)=$< $(dot-target).tmp $@ && rm -f $(dot-target).tmp
+ $(OBJCOPY) --redefine-sym $(<F)=$(call rel-path,$<) $(dot-target).tmp $@ && rm -f $(dot-target).tmp
else
cmd_objcopy_fix_sym = mv -f $(dot-target).tmp $@
endif
@@ -272,6 +273,9 @@
quiet_cmd_cpp_i_c = CPP $@
cmd_cpp_i_c = $(CPP) $(call cpp_flags,$(c_flags)) -MQ $@ -o $@ $<
+quiet_cmd_cpp_i_S = CPP $@
+cmd_cpp_i_S = $(CPP) $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $<
+
quiet_cmd_cc_s_c = CC $@
cmd_cc_s_c = $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -S $< -o $@
@@ -281,6 +285,9 @@
$(obj)/%.i: $(src)/%.c FORCE
$(call if_changed_dep,cpp_i_c)
+$(obj)/%.i: $(src)/%.S FORCE
+ $(call if_changed_dep,cpp_i_S)
+
$(obj)/%.s: $(src)/%.c FORCE
$(call if_changed_dep,cc_s_c)
signature.asc
Description: This is a digitally signed message part.
