Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package xen for openSUSE:Factory checked in
at 2021-03-02 12:28:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/xen (Old)
and /work/SRC/openSUSE:Factory/.xen.new.2378 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen"
Tue Mar 2 12:28:08 2021 rev:299 rq:875549 version:4.14.1_12
Changes:
--------
--- /work/SRC/openSUSE:Factory/xen/xen.changes 2021-02-17 18:09:09.605823781
+0100
+++ /work/SRC/openSUSE:Factory/.xen.new.2378/xen.changes 2021-03-02
12:31:08.571610683 +0100
@@ -1,0 +2,29 @@
+Tue Feb 26 14:00:00 CET 2021 - jbeul...@suse.com
+
+- bsc#1177204 - L3-Question: conring size for XEN HV's with huge
+ memory to small. Inital Xen logs cut
+ 5ffc58c4-ACPI-reduce-verbosity-by-default.patch
+- Upstream bug fixes (bsc#1027519)
+ 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
+ 602bd768-page_alloc-only-flush-after-scrubbing.patch
+ 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
+ 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
+ 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
+ 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
+- bsc#1181921 - GCC 11: xen package fails
+ gcc11-fixes.patch
+
+-------------------------------------------------------------------
+Tue Feb 23 10:00:26 MST 2021 - carn...@suse.com
+
+- bsc#1182576 - L3: XEN domU crashed on resume when using the xl
+ unpause command
+ 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
+
+-------------------------------------------------------------------
+Thu Feb 18 11:42:54 MST 2021 - carn...@suse.com
+
+- Start using the %autosetup macro to simplify patch management
+ xen.spec
+
+-------------------------------------------------------------------
New:
----
5ffc58c4-ACPI-reduce-verbosity-by-default.patch
601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
602bd768-page_alloc-only-flush-after-scrubbing.patch
602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ xen.spec ++++++
--- /var/tmp/diff_new_pack.MrJpcp/_old 2021-03-02 12:31:10.319611896 +0100
+++ /var/tmp/diff_new_pack.MrJpcp/_new 2021-03-02 12:31:10.319611896 +0100
@@ -130,26 +130,27 @@
%endif
Provides: installhint(reboot-needed)
-Version: 4.14.1_11
+Version: 4.14.1_12
Release: 0
Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel)
License: GPL-2.0-only
Group: System/Kernel
Source0: xen-4.14.1-testing-src.tar.bz2
Source1: stubdom.tar.bz2
-Source5: ipxe.tar.bz2
-Source6: mini-os.tar.bz2
+Source2: ipxe.tar.bz2
+Source3: mini-os.tar.bz2
+Source4: xen-utils-0.1.tar.bz2
Source9: xen.changes
Source10: README.SUSE
Source11: boot.xen
Source12: boot.local.xenU
Source13: xen-supportconfig
-Source15: logrotate.conf
+Source14: logrotate.conf
Source21: block-npiv-common.sh
Source22: block-npiv
Source23: block-npiv-vport
-Source26: init.xen_loop
-Source29: block-dmmd
+Source24: block-dmmd
+Source28: init.xen_loop
# Xen API remote authentication sources
Source30: etc_pam.d_xen-api
Source31: xenapiusers
@@ -160,7 +161,6 @@
# Systemd service files
Source41: xencommons.service
Source42: xen-dom0-modules.service
-Source57: xen-utils-0.1.tar.bz2
Source10172: xendomains-wait-disks.sh
Source10173: xendomains-wait-disks.LICENSE
Source10174: xendomains-wait-disks.README.md
@@ -172,12 +172,20 @@
Patch2: 5fedf9f4-x86-hpet_setup-fix-retval.patch
Patch3: 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
Patch4: 5ff71655-x86-dpci-EOI-regardless-of-masking.patch
-Patch5: 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
-Patch6: 600999ad-x86-dpci-do-not-remove-pirqs-from.patch
-Patch7: 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
-Patch8: 6011bbc7-x86-timer-fix-boot-without-PIT.patch
-Patch9: 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
-Patch10: 6013e546-x86-HVM-reorder-domain-init-error-path.patch
+Patch5: 5ffc58c4-ACPI-reduce-verbosity-by-default.patch
+Patch6: 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
+Patch7: 600999ad-x86-dpci-do-not-remove-pirqs-from.patch
+Patch8: 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
+Patch9: 6011bbc7-x86-timer-fix-boot-without-PIT.patch
+Patch10: 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
+Patch11: 6013e546-x86-HVM-reorder-domain-init-error-path.patch
+Patch12: 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
+Patch13: 602bd768-page_alloc-only-flush-after-scrubbing.patch
+Patch14: 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
+Patch15: 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
+Patch16: 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
+Patch17: 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch
+Patch18: 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
# libxc
Patch300: libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch
Patch301: libxc-sr-readv_exact.patch
@@ -432,99 +440,8 @@
%endif
%prep
-%setup -q -n %xen_build_dir -a 1 -a 5 -a 6 -a 57
-# Upstream patches
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-# libxc
-%patch300 -p1
-%patch301 -p1
-%patch302 -p1
-%patch303 -p1
-%patch304 -p1
-%patch305 -p1
-%patch306 -p1
-%patch307 -p1
-%patch308 -p1
-%patch309 -p1
-%patch310 -p1
-%patch311 -p1
-%patch312 -p1
-%patch313 -p1
-%patch314 -p1
-%patch315 -p1
-%patch316 -p1
-%patch317 -p1
-%patch318 -p1
-%patch319 -p1
-%patch320 -p1
-%patch321 -p1
-%patch322 -p1
-%patch323 -p1
-%patch324 -p1
-%patch325 -p1
-%patch326 -p1
-# Our platform specific patches
-%patch400 -p1
-%patch401 -p1
-%patch402 -p1
-%patch403 -p1
-%patch404 -p1
-%patch405 -p1
-%patch406 -p1
-%patch407 -p1
-%patch408 -p1
-%patch409 -p1
-%patch410 -p1
-# Needs to go upstream
-%patch420 -p1
-%patch422 -p1
-%patch423 -p1
-%patch424 -p1
-# Other bug fixes or features
-%patch451 -p1
-%patch452 -p1
-%patch453 -p1
-%patch454 -p1
-%patch456 -p1
-%patch457 -p1
-%patch458 -p1
-%patch459 -p1
-%patch461 -p1
-%patch462 -p1
-%patch463 -p1
-%patch464 -p1
-%patch465 -p1
-%patch466 -p1
-%patch467 -p1
-%patch468 -p1
-%patch469 -p1
-%patch470 -p1
-%patch471 -p1
-# python3 conversion patches
-%patch500 -p1
-%patch501 -p1
-%patch502 -p1
-# Hypervisor and PV driver Patches
-%patch600 -p1
-%patch601 -p1
-%patch602 -p1
-%patch603 -p1
-%patch604 -p1
-%patch621 -p1
-%patch623 -p1
-%patch624 -p1
-# Build patches
-%patch99996 -p1
-%patch99999 -p1
+%setup -q -n %xen_build_dir -a 1 -a 2 -a 3 -a 4
+%autosetup -D -T -n %xen_build_dir -p1
%build
%define _lto_cflags %{nil}
@@ -935,7 +852,7 @@
done
mkdir -p %{buildroot}/etc/modprobe.d
-install -m644 %SOURCE26 %{buildroot}/etc/modprobe.d/xen_loop.conf
+install -m644 %SOURCE28 %{buildroot}/etc/modprobe.d/xen_loop.conf
# xen-utils
make -C tools/xen-utils-0.1 install DESTDIR=%{buildroot} XEN_INTREE_BUILD=yes
XEN_ROOT=$PWD
@@ -951,7 +868,7 @@
# Scripts
rm -f %{buildroot}/etc/xen/scripts/block-*nbd
-install -m755 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE29
%{buildroot}/etc/xen/scripts/
+install -m755 %SOURCE21 %SOURCE22 %SOURCE23 %SOURCE24
%{buildroot}/etc/xen/scripts/
mkdir -p %{buildroot}/usr/lib/supportconfig/plugins
install -m 755 %SOURCE13 %{buildroot}/usr/lib/supportconfig/plugins/xen
@@ -961,7 +878,7 @@
install -m644 %SOURCE31 %{buildroot}/etc/xen/
# Logrotate
-install -m644 -D %SOURCE15 %{buildroot}/etc/logrotate.d/xen
+install -m644 -D %SOURCE14 %{buildroot}/etc/logrotate.d/xen
# Directories
mkdir -p %{buildroot}/var/lib/xenstored
++++++ 5ffc58c4-ACPI-reduce-verbosity-by-default.patch ++++++
References: bsc#1177204
# Commit b4b0a8609c42d9e01dd51fd59ab2859f7df2a961
# Date 2021-01-11 14:55:16 +0100
# Author Jan Beulich <jbeul...@suse.com>
# Committer Jan Beulich <jbeul...@suse.com>
ACPI: reduce verbosity by default
While they're KERN_INFO messages and hence not visible by default, we
still have had reports that the amount of output is too large, not the
least because
- the command line controlled resizing of the console ring buffer
happens only after SRAT parsing (which may alone produce more than 16k
of output),
- the default resizing of the console ring buffer happens only after
ACPI table parsing, since the default size gets calculated depending
on the number or processors found.
Gate all per-processor logging behind a new "acpi=verbose", making sure
we wouldn't unintentionally pass this on to Dom0.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Andrew Cooper <andrew.coop...@citrix.com>
--- a/docs/misc/xen-command-line.pandoc
+++ b/docs/misc/xen-command-line.pandoc
@@ -75,13 +75,10 @@ of Boolean and String. These are noted
## Parameter details
### acpi
-> `= force | ht | noirq | <boolean>`
+> `= force | ht | noirq | <boolean> | verbose`
**String**, or **Boolean** to disable.
-The **acpi** option is used to control a set of four related boolean
-flags; `acpi_force`, `acpi_ht`, `acpi_noirq` and `acpi_disabled`.
-
By default, Xen will scan the DMI data and blacklist certain systems
which are known to have broken ACPI setups. Providing `acpi=force`
will cause Xen to ignore the blacklist and attempt to use all ACPI
@@ -97,12 +94,15 @@ which requires this option to function s
Additionally, this will not prevent Xen from finding IO-APIC entries
from the MP tables.
-Finally, any of the boolean false options can be used to disable ACPI
+Further, any of the boolean false options can be used to disable ACPI
usage entirely.
Because responsibility for ACPI processing is shared between Xen and
the domain 0 kernel this option is automatically propagated to the
-domain 0 command line
+domain 0 command line.
+
+Finally, `acpi=verbose` will enable per-processor information logging
+which may otherwise be too noisy in particular on large systems.
### acpi_apic_instance
> `= <integer>`
--- a/xen/arch/x86/setup.c
+++ b/xen/arch/x86/setup.c
@@ -78,6 +78,7 @@ unsigned long __read_mostly cr4_pv32_mas
/* "acpi=force": Override the disable blacklist. */
/* "acpi=ht": Limit ACPI just to boot-time to enable HT. */
/* "acpi=noirq": Disables ACPI interrupt routing. */
+/* "acpi=verbose": Enables more verbose ACPI boot time logging. */
static int parse_acpi_param(const char *s);
custom_param("acpi", parse_acpi_param);
@@ -216,9 +217,6 @@ static char __initdata acpi_param[10] =
static int __init parse_acpi_param(const char *s)
{
- /* Save the parameter so it can be propagated to domain0. */
- safe_strcpy(acpi_param, s);
-
/* Interpret the parameter for use within Xen. */
if ( !parse_bool(s, NULL) )
{
@@ -240,9 +238,17 @@ static int __init parse_acpi_param(const
{
acpi_noirq_set();
}
+ else if ( !strcmp(s, "verbose") )
+ {
+ opt_acpi_verbose = true;
+ return 0;
+ }
else
return -EINVAL;
+ /* Save the parameter so it can be propagated to domain0. */
+ safe_strcpy(acpi_param, s);
+
return 0;
}
--- a/xen/arch/x86/srat.c
+++ b/xen/arch/x86/srat.c
@@ -230,8 +230,10 @@ acpi_numa_x2apic_affinity_init(const str
apicid_to_node[pa->apic_id] = node;
node_set(node, processor_nodes_parsed);
acpi_numa = 1;
- printk(KERN_INFO "SRAT: PXM %u -> APIC %08x -> Node %u\n",
- pxm, pa->apic_id, node);
+
+ if (opt_acpi_verbose)
+ printk(KERN_INFO "SRAT: PXM %u -> APIC %08x -> Node %u\n",
+ pxm, pa->apic_id, node);
}
/* Callback for Proximity Domain -> LAPIC mapping */
@@ -263,8 +265,10 @@ acpi_numa_processor_affinity_init(const
apicid_to_node[pa->apic_id] = node;
node_set(node, processor_nodes_parsed);
acpi_numa = 1;
- printk(KERN_INFO "SRAT: PXM %u -> APIC %02x -> Node %u\n",
- pxm, pa->apic_id, node);
+
+ if (opt_acpi_verbose)
+ printk(KERN_INFO "SRAT: PXM %u -> APIC %02x -> Node %u\n",
+ pxm, pa->apic_id, node);
}
/* Callback for parsing of the Proximity Domain <-> Memory Area mappings */
--- a/xen/drivers/acpi/tables.c
+++ b/xen/drivers/acpi/tables.c
@@ -36,6 +36,8 @@
#define ACPI_MAX_TABLES 128
+bool __initdata opt_acpi_verbose;
+
static const char *__initdata
mps_inti_flags_polarity[] = { "dfl", "high", "res", "low" };
static const char *__initdata
@@ -51,6 +53,7 @@ void __init acpi_table_print_madt_entry(
switch (header->type) {
case ACPI_MADT_TYPE_LOCAL_APIC:
+ if (opt_acpi_verbose)
{
struct acpi_madt_local_apic *p =
(struct acpi_madt_local_apic *)header;
@@ -62,6 +65,7 @@ void __init acpi_table_print_madt_entry(
break;
case ACPI_MADT_TYPE_LOCAL_X2APIC:
+ if (opt_acpi_verbose)
{
struct acpi_madt_local_x2apic *p =
(struct acpi_madt_local_x2apic *)header;
@@ -115,6 +119,7 @@ void __init acpi_table_print_madt_entry(
break;
case ACPI_MADT_TYPE_LOCAL_APIC_NMI:
+ if (opt_acpi_verbose)
{
struct acpi_madt_local_apic_nmi *p =
(struct acpi_madt_local_apic_nmi *)header;
@@ -128,6 +133,7 @@ void __init acpi_table_print_madt_entry(
break;
case ACPI_MADT_TYPE_LOCAL_X2APIC_NMI:
+ if (opt_acpi_verbose)
{
u16 polarity, trigger;
struct acpi_madt_local_x2apic_nmi *p =
@@ -167,6 +173,7 @@ void __init acpi_table_print_madt_entry(
break;
case ACPI_MADT_TYPE_LOCAL_SAPIC:
+ if (opt_acpi_verbose)
{
struct acpi_madt_local_sapic *p =
(struct acpi_madt_local_sapic *)header;
--- a/xen/include/xen/acpi.h
+++ b/xen/include/xen/acpi.h
@@ -53,6 +53,8 @@
extern acpi_physical_address rsdp_hint;
+extern bool opt_acpi_verbose;
+
enum acpi_interrupt_id {
ACPI_INTERRUPT_PMI = 1,
ACPI_INTERRUPT_INIT,
++++++ 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch ++++++
# Commit f4318db940c39cc656128fcf72df3e79d2e55bc1
# Date 2021-02-05 14:09:42 +0100
# Author Jan Beulich <jbeul...@suse.com>
# Committer Jan Beulich <jbeul...@suse.com>
x86/EFI: work around GNU ld 2.36 issue
Our linker capability check fails with the recent binutils release's ld:
.../check.o:(.debug_aranges+0x6): relocation truncated to fit: R_X86_64_32
against `.debug_info'
.../check.o:(.debug_info+0x6): relocation truncated to fit: R_X86_64_32 against
`.debug_abbrev'
.../check.o:(.debug_info+0xc): relocation truncated to fit: R_X86_64_32 against
`.debug_str'+76
.../check.o:(.debug_info+0x11): relocation truncated to fit: R_X86_64_32
against `.debug_str'+d
.../check.o:(.debug_info+0x15): relocation truncated to fit: R_X86_64_32
against `.debug_str'+2b
.../check.o:(.debug_info+0x29): relocation truncated to fit: R_X86_64_32
against `.debug_line'
.../check.o:(.debug_info+0x30): relocation truncated to fit: R_X86_64_32
against `.debug_str'+19
.../check.o:(.debug_info+0x37): relocation truncated to fit: R_X86_64_32
against `.debug_str'+71
.../check.o:(.debug_info+0x3e): relocation truncated to fit: R_X86_64_32
against `.debug_str'
.../check.o:(.debug_info+0x45): relocation truncated to fit: R_X86_64_32
against `.debug_str'+5e
.../check.o:(.debug_info+0x4c): additional relocation overflows omitted from
the output
Tell the linker to strip debug info as a workaround. Debug info has been
getting stripped already anyway when linking the actual xen.efi.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Andrew Cooper <andrew.coop...@citrix.com>
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -176,7 +176,7 @@ EFI_LDFLAGS += --major-subsystem-version
# Check if the compiler supports the MS ABI.
export XEN_BUILD_EFI := $(shell $(CC) $(XEN_CFLAGS) -c efi/check.c -o
efi/check.o 2>/dev/null && echo y)
# Check if the linker supports PE.
-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) -mi386pep --subsystem=10
-o efi/check.efi efi/check.o 2>/dev/null && echo y))
+XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) -mi386pep --subsystem=10
-S -o efi/check.efi efi/check.o 2>/dev/null && echo y))
CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI
$(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A
VIRT_START$$,,p')
++++++ 602bd768-page_alloc-only-flush-after-scrubbing.patch ++++++
# Commit 3b1cc15f1931ba56d0ee256fe9bfe65509733b27
# Date 2021-02-16 15:32:08 +0100
# Author Julien Grall <jgr...@amazon.com>
# Committer Jan Beulich <jbeul...@suse.com>
xen/page_alloc: Only flush the page to RAM once we know they are scrubbed
At the moment, each page are flushed to RAM just after the allocator
found some free pages. However, this is happening before check if the
page was scrubbed.
As a consequence, on Arm, a guest may be able to access the old content
of the scrubbed pages if it has cache disabled (default at boot) and
the content didn't reach the Point of Coherency.
The flush is now moved after we know the content of the page will not
change. This also has the benefit to reduce the amount of work happening
with the heap_lock held.
This is XSA-364.
Fixes: 307c3be3ccb2 ("mm: Don't scrub pages while holding heap lock in
alloc_heap_pages()")
Signed-off-by: Julien Grall <jgr...@amazon.com>
Reviewed-by: Jan Beulich <jbeul...@suse.com>
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -924,6 +924,7 @@ static struct page_info *alloc_heap_page
bool need_tlbflush = false;
uint32_t tlbflush_timestamp = 0;
unsigned int dirty_cnt = 0;
+ mfn_t mfn;
/* Make sure there are enough bits in memflags for nodeID. */
BUILD_BUG_ON((_MEMF_bits - _MEMF_node) < (8 * sizeof(nodeid_t)));
@@ -1022,11 +1023,6 @@ static struct page_info *alloc_heap_page
pg[i].u.inuse.type_info = 0;
page_set_owner(&pg[i], NULL);
- /* Ensure cache and RAM are consistent for platforms where the
- * guest can control its own visibility of/through the cache.
- */
- flush_page_to_ram(mfn_x(page_to_mfn(&pg[i])),
- !(memflags & MEMF_no_icache_flush));
}
spin_unlock(&heap_lock);
@@ -1062,6 +1058,14 @@ static struct page_info *alloc_heap_page
if ( need_tlbflush )
filtered_flush_tlb_mask(tlbflush_timestamp);
+ /*
+ * Ensure cache and RAM are consistent for platforms where the guest
+ * can control its own visibility of/through the cache.
+ */
+ mfn = page_to_mfn(pg);
+ for ( i = 0; i < (1U << order); i++ )
+ flush_page_to_ram(mfn_x(mfn) + i, !(memflags & MEMF_no_icache_flush));
+
return pg;
}
++++++ 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch ++++++
# Commit d670ef3401b91d04c58d72cd8ce5579b4fa900d8
# Date 2021-02-17 11:30:05 +0000
# Author Julien Grall <jgr...@amazon.com>
# Committer Julien Grall <jgr...@amazon.com>
xen/iommu: Check if the IOMMU was initialized before tearing down
is_iommu_enabled() will return true even if the IOMMU has not been
initialized (e.g. the ops are not set).
In the case of an early failure in arch_domain_init(), the function
iommu_destroy_domain() will be called even if the IOMMU is not
initialized.
This will result to dereference the ops which will be NULL and an host
crash.
Fix the issue by checking that ops has been set before accessing it.
Fixes: 71e617a6b8f6 ("use is_iommu_enabled() where appropriate...")
Signed-off-by: Julien Grall <jgr...@amazon.com>
Reviewed-by: Paul Durrant <p...@xen.org>
--- a/xen/drivers/passthrough/iommu.c
+++ b/xen/drivers/passthrough/iommu.c
@@ -225,6 +225,13 @@ static void iommu_teardown(struct domain
{
struct domain_iommu *hd = dom_iommu(d);
+ /*
+ * During early domain creation failure, we may reach here with the
+ * ops not yet initialized.
+ */
+ if ( !hd->platform_ops )
+ return;
+
hd->platform_ops->teardown(d);
tasklet_schedule(&iommu_pt_cleanup_tasklet);
}
++++++ 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch ++++++
# Commit b339e3a976b1680f57051adabcb98281198f7eac
# Date 2021-02-18 13:16:12 +0100
# Author Jan Beulich <jbeul...@suse.com>
# Committer Jan Beulich <jbeul...@suse.com>
gnttab: never permit mapping transitive grants
Transitive grants allow an intermediate domain I to grant a target
domain T access to a page which origin domain O did grant I access to.
As an implementation restriction, T is not allowed to map such a grant.
This restriction is currently tried to be enforced by marking active
entries resulting from transitive grants as is-sub-page; sub-page grants
for obvious reasons don't allow mapping. However, marking (and checking)
only active entries is insufficient, as a map attempt may also occur on
a grant not otherwise in use. When not presently in use (pin count zero)
the grant type itself needs checking. Otherwise T may be able to map an
unrelated page owned by I. This is because the "transitive" sub-
structure of the v2 union would end up being interpreted as "full_page"
sub-structure instead. The low 32 bits of the GFN used would match the
grant reference specified in I's transitive grant entry, while the upper
32 bits could be random (depending on how exactly I sets up its grant
table entries).
Note that if one mapping already exists and the granting domain _then_
changes the grant to GTF_transitive (which the domain is not supposed to
do), the changed type will only be honored after the pin count has gone
back to zero. This is no different from e.g. GTF_readonly or
GTF_sub_page becoming set when a grant is already in use.
While adjusting the implementation, also adjust commentary in the public
header to better reflect reality.
Fixes: 3672ce675c93 ("Transitive grant support")
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Julien Grall <jgr...@amazon.com>
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -836,9 +836,10 @@ static int _set_status_v2(const grant_en
mask |= GTF_sub_page;
/* If not already pinned, check the grant domid and type. */
- if ( !act->pin && ((((scombo.flags & mask) != GTF_permit_access) &&
- ((scombo.flags & mask) != GTF_transitive)) ||
- (scombo.domid != ldomid)) )
+ if ( !act->pin &&
+ ((((scombo.flags & mask) != GTF_permit_access) &&
+ (mapflag || ((scombo.flags & mask) != GTF_transitive))) ||
+ (scombo.domid != ldomid)) )
PIN_FAIL(done, GNTST_general_error,
"Bad flags (%x) or dom (%d); expected d%d, flags %x\n",
scombo.flags, scombo.domid, ldomid, mask);
@@ -864,7 +865,7 @@ static int _set_status_v2(const grant_en
if ( !act->pin )
{
if ( (((scombo.flags & mask) != GTF_permit_access) &&
- ((scombo.flags & mask) != GTF_transitive)) ||
+ (mapflag || ((scombo.flags & mask) != GTF_transitive))) ||
(scombo.domid != ldomid) ||
(!readonly && (scombo.flags & GTF_readonly)) )
{
--- a/xen/include/public/grant_table.h
+++ b/xen/include/public/grant_table.h
@@ -166,11 +166,13 @@ typedef struct grant_entry_v1 grant_entr
#define GTF_type_mask (3U<<0)
/*
- * Subflags for GTF_permit_access.
+ * Subflags for GTF_permit_access and GTF_transitive.
* GTF_readonly: Restrict @domid to read-only mappings and accesses. [GST]
* GTF_reading: Grant entry is currently mapped for reading by @domid. [XEN]
* GTF_writing: Grant entry is currently mapped for writing by @domid. [XEN]
- * GTF_PAT, GTF_PWT, GTF_PCD: (x86) cache attribute flags for the grant [GST]
+ * Further subflags for GTF_permit_access only.
+ * GTF_PAT, GTF_PWT, GTF_PCD: (x86) cache attribute flags to be used for
+ * mappings of the grant [GST]
* GTF_sub_page: Grant access to only a subrange of the page. @domid
* will only be allowed to copy from the grant, and not
* map it. [GST]
++++++ 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch ++++++
# Commit e8185c5f01c68f7d29d23a4a91bc1be1ff2cc1ca
# Date 2021-02-18 13:16:59 +0100
# Author Jan Beulich <jbeul...@suse.com>
# Committer Jan Beulich <jbeul...@suse.com>
gnttab: bypass IOMMU (un)mapping when a domain is (un)mapping its own grant
Mappings for a domain's own pages should already be present in the
IOMMU. While installing the same mapping again is merely redundant (and
inefficient), removing the mapping when the grant mapping gets removed
is outright wrong in this case: The mapping was there before the map, so
should remain in place after unmapping.
This affects
- Arm Dom0 in the direct mapped case,
- x86 PV Dom0 in the "iommu=dom0-strict" / "dom0-iommu=strict" case,
- all x86 PV DomU-s, including driver domains.
See the code comment for why it's the original domain and not the page
owner that gets compared against.
Reported-by: Rahul Singh <rahul.si...@arm.com>
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Reviewed-by: Julien Grall <jgr...@amazon.com>
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -1207,7 +1207,14 @@ map_grant_ref(
goto undo_out;
}
- need_iommu = gnttab_need_iommu_mapping(ld);
+ /*
+ * This is deliberately not checking the page's owner: get_paged_frame()
+ * explicitly rejects foreign pages, and all success paths above yield
+ * either owner == rd or owner == dom_io (the dom_cow case is irrelevant
+ * as mem-sharing and IOMMU use are incompatible). The dom_io case would
+ * need checking separately if we compared against owner here.
+ */
+ need_iommu = ld != rd && gnttab_need_iommu_mapping(ld);
if ( need_iommu )
{
unsigned int kind;
@@ -1471,7 +1478,8 @@ unmap_common(
if ( put_handle )
put_maptrack_handle(lgt, op->handle);
- if ( rc == GNTST_okay && gnttab_need_iommu_mapping(ld) )
+ /* See the respective comment in map_grant_ref(). */
+ if ( rc == GNTST_okay && ld != rd && gnttab_need_iommu_mapping(ld) )
{
unsigned int kind;
int err = 0;
++++++ 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch ++++++
Subject: tools/libs/light: fix xl save -c handling
From: Juergen Gross jgr...@suse.com Fri Feb 19 15:13:37 2021 +0100
Date: Fri Feb 19 17:52:41 2021 +0000:
Git: 87a067fd8f4d4f7c6be02c3d38145115ac542017
libxl_domain_resume() won't work correctly for the case it was called
due to a "xl save -c" command, i.e. to continue the suspended domain.
The information to do that is not saved in libxl__dm_resume_state for
non-HVM domains.
Fixes: 6298f0eb8f443 ("libxl: Re-introduce libxl__domain_resume")
Reported-by: Marek Marczykowski-G??recki <marma...@invisiblethingslab.com>
Signed-off-by: Juergen Gross <jgr...@suse.com>
Reviewed-by: Jan Beulich <jbeul...@suse.com>
Tested-by: Marek Marczykowski-G??recki <marma...@invisiblethingslab.com>
Acked-by: Wei Liu <w...@xen.org>
diff --git a/tools/libxl/libxl_dom_suspend.c b/tools/libxl/libxl_dom_suspend.c
index 25d1571895..f7823bbc8f 100644
--- a/tools/libxl/libxl_dom_suspend.c
+++ b/tools/libxl/libxl_dom_suspend.c
@@ -630,12 +630,13 @@ void libxl__domain_resume(libxl__egc *egc,
goto out;
}
+ dmrs->suspend_cancel = suspend_cancel;
+
if (type != LIBXL_DOMAIN_TYPE_HVM) {
rc = 0;
goto out;
}
- dmrs->suspend_cancel = suspend_cancel;
dmrs->dm_resumed_callback = domain_resume_done;
libxl__dm_resume(egc, dmrs); /* must be last */
return;
++++++ 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch ++++++
# Commit 76cbb9c3f4dd9ab6aa44eeacab84fb88b2e8bfc1
# Date 2021-02-25 15:11:58 +0100
# Author Jan Beulich <jbeul...@suse.com>
# Committer Jan Beulich <jbeul...@suse.com>
x86/EFI: suppress GNU ld 2.36'es creation of base relocs
All of the sudden ld creates base relocations itself, for PE
executables - as a result we now have two of them for every entity to
be relocated. While we will likely want to use this down the road, it
doesn't work quite right yet in corner cases, so rather than suppressing
our own way of creating the relocations we need to tell ld to avoid
doing so.
Probe whether --disable-reloc-section (which was introduced by the same
commit making relocation generation the default) is recognized by ld's PE
emulation, and use the option if so. (To limit redundancy, move the first
part of setting EFI_LDFLAGS earlier, and use it already while probing.)
Signed-off-by: Jan Beulich <jbeul...@suse.com>
Acked-by: Andrew Cooper <andrew.coop...@citrix.com>
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -176,8 +176,13 @@ EFI_LDFLAGS += --major-subsystem-version
# Check if the compiler supports the MS ABI.
export XEN_BUILD_EFI := $(shell $(CC) $(XEN_CFLAGS) -c efi/check.c -o
efi/check.o 2>/dev/null && echo y)
# Check if the linker supports PE.
-XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) -mi386pep --subsystem=10
-S -o efi/check.efi efi/check.o 2>/dev/null && echo y))
+XEN_BUILD_PE := $(if $(XEN_BUILD_EFI),$(shell $(LD) $(call
EFI_LDFLAGS,0x100000000) -o efi/check.efi efi/check.o 2>/dev/null && echo y))
CFLAGS-$(XEN_BUILD_EFI) += -DXEN_BUILD_EFI
+# Check if the linker produces fixups in PE by default (we need to disable it
doing so for now).
+XEN_NO_PE_FIXUPS := $(if $(XEN_BUILD_EFI), \
+ $(shell $(LD) $(call EFI_LDFLAGS,0x100000000)
--disable-reloc-section -o efi/check.efi efi/check.o 2>/dev/null && \
+ echo --disable-reloc-section))
+EFI_LDFLAGS += $(XEN_NO_PE_FIXUPS)
$(TARGET).efi: VIRT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A
VIRT_START$$,,p')
$(TARGET).efi: ALT_BASE = 0x$(shell $(NM) efi/relocs-dummy.o | sed -n 's, A
ALT_START$$,,p')
++++++ gcc11-fixes.patch ++++++
--- /var/tmp/diff_new_pack.MrJpcp/_old 2021-03-02 12:31:10.575612074 +0100
+++ /var/tmp/diff_new_pack.MrJpcp/_new 2021-03-02 12:31:10.575612074 +0100
@@ -138,18 +138,6 @@
static void tboot_gen_frametable_integrity(const uint8_t key[TB_KEY_SIZE],
vmac_t *mac)
{
---- xen-4.14.1-testing/xen/crypto/rijndael.c.orig 2021-02-10
11:41:50.018507672 -0700
-+++ xen-4.14.1-testing/xen/crypto/rijndael.c 2021-02-10 11:42:42.206506404
-0700
-@@ -860,6 +860,9 @@ rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*
-
- #endif /* NEED_RIJNDAEL_DECRYPT */
-
-+#if __GNUC__ >= 11
-+#pragma GCC diagnostic ignored "-Warray-parameter="
-+#endif
- void
- rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16],
- u8 ct[16])
--- xen-4.14.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c.orig
2021-02-10 11:56:52.302485758 -0700
+++ xen-4.14.1-testing/xen/arch/x86/x86_emulate/x86_emulate.c 2021-02-10
11:57:58.338484154 -0700
@@ -722,6 +722,9 @@ union vex {
@@ -162,3 +150,15 @@
#define copy_VEX(ptr, vex) ({ \
if ( !mode_64bit() ) \
(vex).reg |= 8; \
+--- xen-4.14.1-testing/xen/include/crypto/rijndael.h 2021-02-10
11:41:50.018507672 -0700
++++ xen-4.14.1-testing/xen/include/crypto/rijndael.h 2021-02-26
11:42:42.206506404 +0100
+@@ -52,7 +52,7 @@
+
+ int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int);
+ int rijndaelKeySetupDec(unsigned int [], const unsigned char [], int);
+-void rijndaelEncrypt(const unsigned int [], int, const unsigned char [],
+- unsigned char []);
++void rijndaelEncrypt(const unsigned int [], int, const unsigned char [16],
++ unsigned char [16]);
+
+ #endif /* __RIJNDAEL_H */
