diff options
| author | Roger Pau Monné <royger@FreeBSD.org> | 2016-06-03 11:26:09 +0000 |
|---|---|---|
| committer | Roger Pau Monné <royger@FreeBSD.org> | 2016-06-03 11:26:09 +0000 |
| commit | 5e841df32b5d18c8941abe70dce95bad2f28b5ed (patch) | |
| tree | 530436897bcb6c4201885908bf3da00fbebb4b95 /emulators/xen-kernel | |
| parent | f24d27910f57cabd31c3f1548066f19cc2553473 (diff) | |
| download | ports-5e841df32b5d18c8941abe70dce95bad2f28b5ed.tar.gz ports-5e841df32b5d18c8941abe70dce95bad2f28b5ed.zip | |
Notes
Diffstat (limited to 'emulators/xen-kernel')
20 files changed, 178 insertions, 1258 deletions
diff --git a/emulators/xen-kernel/Makefile b/emulators/xen-kernel/Makefile index 87d5d0111598..c84defff15bf 100644 --- a/emulators/xen-kernel/Makefile +++ b/emulators/xen-kernel/Makefile @@ -2,10 +2,12 @@ PORTNAME= xen PKGNAMESUFFIX= -kernel -PORTVERSION= 4.5.2 -PORTREVISION= 2 +PORTVERSION= 4.7.0 +PORTREVISION= 0 +RCVERSION= 4 +DISTNAME= ${PORTNAME}-${DISTVERSION}-rc${RCVERSION} CATEGORIES= emulators -MASTER_SITES= http://bits.xensource.com/oss-xen/release/${PORTVERSION}/ +MASTER_SITES= http://bits.xensource.com/oss-xen/release/${DISTVERSION}-rc${RCVERSION}/ MAINTAINER= royger@FreeBSD.org COMMENT= Hypervisor using a microkernel design @@ -15,31 +17,32 @@ LICENSE= GPLv2 ONLY_FOR_ARCHS= amd64 USES= cpe gmake python:build -MAKE_ARGS= HOSTCC="${CC}" CC="${CC}" PYTHON=${PYTHON_CMD} \ - NM="${NM}" LD="${LD}" -USE_GCC= yes + +# We need to use ld from ports because the version in base doesn't +# support the '--build-id' switch that's needed for live hypervisor +# hot-patching. Once the ld version in base supports this option the +# dependency can be removed. +# +# GNU objcopy is used instead of elftc objcopy because of bug #533: +# https://sourceforge.net/p/elftoolchain/tickets/533/ +# Once this is solved we should be able to switch to elfcopy. +# +# And finally we also need to use nm from binutils because the one +# from base cannot deal with i386pep binary files which is the format +# of the Xen EFI image (note that FreeBSD cannot yet boot as Dom0 from EFI, +# but the image is built anyway). This is reported to elftc as bug #534: +# https://sourceforge.net/p/elftoolchain/tickets/534/ +MAKE_ARGS= clang=y PYTHON=${PYTHON_CMD} LD="${LD}" OBJCOPY="${OBJCOPY}" \ + NM="${NM}" +USE_BINUTILS= yes NO_MTREE= yes +STRIP= # PLIST_FILES= /boot/xen \ /boot/xen.4th -ALL_TARGET= build -STRIP= # -WRKSRC_SUBDIR= xen -EXTRA_PATCHES= ${FILESDIR}/0001-introduce-a-helper-to-allocate-non-contiguous-memory.patch:-p2 \ - ${FILESDIR}/0002-vmap-avoid-hitting-an-ASSERT-with-vfree-NULL.patch:-p2 \ - ${FILESDIR}/0003-x86-shadow-fix-shadow_track_dirty_vram-to-work-on-hv.patch:-p2 \ - ${FILESDIR}/0004-x86-hap-make-hap_track_dirty_vram-use-non-contiguous.patch:-p2 \ - ${FILESDIR}/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch:-p2 \ - ${FILESDIR}/0006-xen-pvh-enable-mmu_update-hypercall.patch:-p2 \ - ${FILESDIR}/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch:-p2 \ - ${FILESDIR}/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch:-p2 \ - ${FILESDIR}/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch:-p2 \ - ${FILESDIR}/xsa156-4.5.patch:-p2 \ - ${FILESDIR}/xsa159.patch:-p2 \ - ${FILESDIR}/xsa165-4.5.patch:-p2 \ - ${FILESDIR}/xsa166-4.5.patch:-p2 \ - ${FILESDIR}/xsa167-4.6.patch:-p2 \ - ${FILESDIR}/xsa168.patch:-p2 \ - ${FILESDIR}/xsa170-4.5.patch:-p2 +EXTRA_PATCHES= ${FILESDIR}/0001-xen-logdirty-prevent-preemption-if-finished.patch:-p1 \ + ${FILESDIR}/0002-xen-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch:-p1 \ + ${FILESDIR}/0001-build-fix-assembler-instruction-tests-again.patch:-p1 \ + ${FILESDIR}/kconf_arch.patch:-p1 .include <bsd.port.options.mk> @@ -52,13 +55,20 @@ IGNORE= Only supported on FreeBSD IGNORE= Only supported on recent FreeBSD 11 .endif +pre-build: + ${MAKE_CMD} -C ${WRKSRC}/xen defconfig ${MAKE_ARGS} + # Enable hypervisor hot-patching. + echo 'CONFIG_XSPLICE=y' >> ${WRKSRC}/xen/.config + echo 'CONFIG_FAST_SYMBOL_LOOKUP=y' >> ${WRKSRC}/xen/.config + +# The ports native 'build' target cannot be used because it sets +# CFLAGS, and that breaks the Xen build system. +do-build: + ${MAKE_CMD} -j${MAKE_JOBS_NUMBER} -C ${WRKSRC}/xen build ${MAKE_ARGS} + do-install: ${MKDIR} ${STAGEDIR}/boot - ${INSTALL_PROGRAM} ${WRKSRC}/xen ${STAGEDIR}/boot + ${INSTALL_PROGRAM} ${WRKSRC}/xen/xen ${STAGEDIR}/boot ${INSTALL_DATA} ${FILESDIR}/xen.4th ${STAGEDIR}/boot .include <bsd.port.mk> - -#Filter out LDFLAGS -.undef LDFLAGS -RUN_DEPENDS:= ${RUN_DEPENDS:N*gcc*} diff --git a/emulators/xen-kernel/distinfo b/emulators/xen-kernel/distinfo index bbc57b46fa18..62f2b2aa413b 100644 --- a/emulators/xen-kernel/distinfo +++ b/emulators/xen-kernel/distinfo @@ -1,2 +1,3 @@ -SHA256 (xen-4.5.2.tar.gz) = 4c9e5dac4eea484974e9f76da2756c8e0973b4e884d28d37e955df9ebf00e7e8 -SIZE (xen-4.5.2.tar.gz) = 18416220 +TIMESTAMP = 1464704290 +SHA256 (xen-4.7.0-rc4.tar.gz) = ad752bc80da2ab31287e5249adbeea2536b8141eefd7e8a45a3df42db727c630 +SIZE (xen-4.7.0-rc4.tar.gz) = 20696897 diff --git a/emulators/xen-kernel/files/0001-build-fix-assembler-instruction-tests-again.patch b/emulators/xen-kernel/files/0001-build-fix-assembler-instruction-tests-again.patch new file mode 100644 index 000000000000..ea41c494eebe --- /dev/null +++ b/emulators/xen-kernel/files/0001-build-fix-assembler-instruction-tests-again.patch @@ -0,0 +1,37 @@ +From 1dda826420fff634983e94f97fb8411486acda0d Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Tue, 31 May 2016 18:14:22 +0200 +Subject: [PATCH] build: fix assembler instruction tests again +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit 7fb252bd41 ("build/xen: fix assembler instruction tests") added +$(AFLAGS) here, which results in all of those tests now failing. +Certain items need to be removed for things to work again. + +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Wei Liu <wei.liu2@citrix.com> +Acked-by: Roger Pau Monné <roger.pau@citrix.com> +Release-acked-by: Wei Liu <wei.liu2@citrix.com> +--- + Config.mk | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Config.mk b/Config.mk +index 5ddfbf8..bc5c456 100644 +--- a/Config.mk ++++ b/Config.mk +@@ -150,7 +150,8 @@ endif + # as-insn: Check whether assembler supports an instruction. + # Usage: cflags-y += $(call as-insn "insn",option-yes,option-no) + as-insn = $(if $(shell echo 'void _(void) { asm volatile ( $(2) ); }' \ +- | $(1) $(AFLAGS) -c -x c -o /dev/null - 2>&1),$(4),$(3)) ++ | $(1) $(filter-out -M% %.d -include %/include/xen/config.h,$(AFLAGS)) \ ++ -c -x c -o /dev/null - 2>&1),$(4),$(3)) + + # as-insn-check: Add an option to compilation flags, but only if insn is + # supported by assembler. +-- +2.7.4 (Apple Git-66) + diff --git a/emulators/xen-kernel/files/0001-introduce-a-helper-to-allocate-non-contiguous-memory.patch b/emulators/xen-kernel/files/0001-introduce-a-helper-to-allocate-non-contiguous-memory.patch deleted file mode 100644 index af799b45e4c3..000000000000 --- a/emulators/xen-kernel/files/0001-introduce-a-helper-to-allocate-non-contiguous-memory.patch +++ /dev/null @@ -1,141 +0,0 @@ -From 411801087603a1a070de7abbfa4373afe91ca3f5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> -Date: Fri, 9 Oct 2015 12:57:31 +0200 -Subject: [PATCH 1/8] introduce a helper to allocate non-contiguous memory -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The allocator uses independent calls to alloc_domheap_pages in order to get -the desired amount of memory and then maps all the independent physical -addresses into a contiguous virtual address space. - -Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> -Tested-by: Julien Grall <julien.grall@citrix.com> (ARM) -Reviewed-by: Tim Deegan <tim@xen.org> ---- - xen/common/vmap.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++ - xen/include/asm-arm/mm.h | 2 ++ - xen/include/asm-x86/page.h | 2 ++ - xen/include/xen/vmap.h | 3 +++ - 4 files changed, 74 insertions(+) - -diff --git a/xen/common/vmap.c b/xen/common/vmap.c -index 783cea3..b6827b5 100644 ---- a/xen/common/vmap.c -+++ b/xen/common/vmap.c -@@ -215,4 +215,71 @@ void vunmap(const void *va) - #endif - vm_free(va); - } -+ -+void *vmalloc(size_t size) -+{ -+ unsigned long *mfn; -+ size_t pages, i; -+ struct page_info *pg; -+ void *va; -+ -+ ASSERT(size); -+ -+ pages = PFN_UP(size); -+ mfn = xmalloc_array(unsigned long, pages); -+ if ( mfn == NULL ) -+ return NULL; -+ -+ for ( i = 0; i < pages; i++ ) -+ { -+ pg = alloc_domheap_page(NULL, 0); -+ if ( pg == NULL ) -+ goto error; -+ mfn[i] = page_to_mfn(pg); -+ } -+ -+ va = vmap(mfn, pages); -+ if ( va == NULL ) -+ goto error; -+ -+ xfree(mfn); -+ return va; -+ -+ error: -+ while ( i-- ) -+ free_domheap_page(mfn_to_page(mfn[i])); -+ xfree(mfn); -+ return NULL; -+} -+ -+void *vzalloc(size_t size) -+{ -+ void *p = vmalloc(size); -+ int i; -+ -+ if ( p == NULL ) -+ return NULL; -+ -+ for ( i = 0; i < size; i += PAGE_SIZE ) -+ clear_page(p + i); -+ -+ return p; -+} -+ -+void vfree(void *va) -+{ -+ unsigned int i, pages = vm_size(va); -+ struct page_info *pg; -+ PAGE_LIST_HEAD(pg_list); -+ -+ ASSERT(pages); -+ -+ for ( i = 0; i < pages; i++ ) -+ page_list_add(vmap_to_page(va + i * PAGE_SIZE), &pg_list); -+ -+ vunmap(va); -+ -+ while ( (pg = page_list_remove_head(&pg_list)) != NULL ) -+ free_domheap_page(pg); -+} - #endif -diff --git a/xen/include/asm-arm/mm.h b/xen/include/asm-arm/mm.h -index d25e485..c0afcec 100644 ---- a/xen/include/asm-arm/mm.h -+++ b/xen/include/asm-arm/mm.h -@@ -208,6 +208,8 @@ static inline void __iomem *ioremap_wc(paddr_t start, size_t len) - #define pfn_to_paddr(pfn) ((paddr_t)(pfn) << PAGE_SHIFT) - #define paddr_to_pfn(pa) ((unsigned long)((pa) >> PAGE_SHIFT)) - #define paddr_to_pdx(pa) pfn_to_pdx(paddr_to_pfn(pa)) -+#define vmap_to_mfn(va) paddr_to_pfn(virt_to_maddr((vaddr_t)va)) -+#define vmap_to_page(va) mfn_to_page(vmap_to_mfn(va)) - - /* Page-align address and convert to frame number format */ - #define paddr_to_pfn_aligned(paddr) paddr_to_pfn(PAGE_ALIGN(paddr)) -diff --git a/xen/include/asm-x86/page.h b/xen/include/asm-x86/page.h -index ccf0752..27c2ae7 100644 ---- a/xen/include/asm-x86/page.h -+++ b/xen/include/asm-x86/page.h -@@ -262,6 +262,8 @@ void copy_page_sse2(void *, const void *); - #define pfn_to_paddr(pfn) __pfn_to_paddr(pfn) - #define paddr_to_pfn(pa) __paddr_to_pfn(pa) - #define paddr_to_pdx(pa) pfn_to_pdx(paddr_to_pfn(pa)) -+#define vmap_to_mfn(va) l1e_get_pfn(*virt_to_xen_l1e((unsigned long)(va))) -+#define vmap_to_page(va) mfn_to_page(vmap_to_mfn(va)) - - #endif /* !defined(__ASSEMBLY__) */ - -diff --git a/xen/include/xen/vmap.h b/xen/include/xen/vmap.h -index b1923dd..a13591d 100644 ---- a/xen/include/xen/vmap.h -+++ b/xen/include/xen/vmap.h -@@ -11,6 +11,9 @@ void *__vmap(const unsigned long *mfn, unsigned int granularity, - unsigned int nr, unsigned int align, unsigned int flags); - void *vmap(const unsigned long *mfn, unsigned int nr); - void vunmap(const void *); -+void *vmalloc(size_t size); -+void *vzalloc(size_t size); -+void vfree(void *va); - - void __iomem *ioremap(paddr_t, size_t); - --- -1.9.5 (Apple Git-50.3) - diff --git a/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch b/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch deleted file mode 100644 index 85899ea7dbf1..000000000000 --- a/emulators/xen-kernel/files/0001-x86-pvh-use-a-custom-IO-bitmap-for-PVH-hardware-doma.patch +++ /dev/null @@ -1,197 +0,0 @@ -From 8ddb99287cd18da99a95a9f70904a97b52893599 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> -Date: Wed, 20 May 2015 13:26:43 +0200 -Subject: [PATCH 1/2] x86/pvh: use a custom IO bitmap for PVH hardware domains -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Since a PVH hardware domain has access to the physical hardware create a -custom more permissive IO bitmap. The permissions set on the bitmap are -populated based on the contents of the ioports rangeset. - -Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> ---- - xen/arch/x86/hvm/hvm.c | 24 ++++++++++++++++++++++-- - xen/arch/x86/hvm/svm/vmcb.c | 2 +- - xen/arch/x86/hvm/vmx/vmcs.c | 4 ++-- - xen/arch/x86/setup.c | 28 ++++++++++++++++++++++++++++ - xen/common/domain.c | 3 +++ - xen/include/asm-x86/hvm/domain.h | 2 ++ - xen/include/asm-x86/setup.h | 1 + - 7 files changed, 59 insertions(+), 5 deletions(-) - -diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c -index 689e402..89423fa 100644 ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -77,9 +77,13 @@ integer_param("hvm_debug", opt_hvm_debug_level); - - struct hvm_function_table hvm_funcs __read_mostly; - --/* I/O permission bitmap is globally shared by all HVM guests. */ -+/* -+ * The I/O permission bitmap is globally shared by all HVM guests except -+ * the hardware domain which needs a more permissive one. -+ */ -+#define HVM_IOBITMAP_SIZE (3 * PAGE_SIZE) - unsigned long __attribute__ ((__section__ (".bss.page_aligned"))) -- hvm_io_bitmap[3*PAGE_SIZE/BYTES_PER_LONG]; -+ hvm_io_bitmap[HVM_IOBITMAP_SIZE / BYTES_PER_LONG]; - - /* Xen command-line option to enable HAP */ - static bool_t __initdata opt_hap_enabled = 1; -@@ -1461,6 +1465,20 @@ int hvm_domain_initialise(struct domain *d) - goto fail1; - d->arch.hvm_domain.io_handler->num_slot = 0; - -+ /* Set the default IO Bitmap. */ -+ if ( is_hardware_domain(d) ) -+ { -+ d->arch.hvm_domain.io_bitmap = _xmalloc(HVM_IOBITMAP_SIZE, PAGE_SIZE); -+ if ( d->arch.hvm_domain.io_bitmap == NULL ) -+ { -+ rc = -ENOMEM; -+ goto fail1; -+ } -+ memset(d->arch.hvm_domain.io_bitmap, ~0, HVM_IOBITMAP_SIZE); -+ } -+ else -+ d->arch.hvm_domain.io_bitmap = hvm_io_bitmap; -+ - if ( is_pvh_domain(d) ) - { - register_portio_handler(d, 0, 0x10003, handle_pvh_io); -@@ -1496,6 +1514,8 @@ int hvm_domain_initialise(struct domain *d) - stdvga_deinit(d); - vioapic_deinit(d); - fail1: -+ if ( is_hardware_domain(d) ) -+ xfree(d->arch.hvm_domain.io_bitmap); - xfree(d->arch.hvm_domain.io_handler); - xfree(d->arch.hvm_domain.params); - fail0: -diff --git a/xen/arch/x86/hvm/svm/vmcb.c b/xen/arch/x86/hvm/svm/vmcb.c -index 21292bb..6339d2a 100644 ---- a/xen/arch/x86/hvm/svm/vmcb.c -+++ b/xen/arch/x86/hvm/svm/vmcb.c -@@ -118,7 +118,7 @@ static int construct_vmcb(struct vcpu *v) - svm_disable_intercept_for_msr(v, MSR_AMD64_LWP_CBADDR); - - vmcb->_msrpm_base_pa = (u64)virt_to_maddr(arch_svm->msrpm); -- vmcb->_iopm_base_pa = (u64)virt_to_maddr(hvm_io_bitmap); -+ vmcb->_iopm_base_pa = __pa(v->domain->arch.hvm_domain.io_bitmap); - - /* Virtualise EFLAGS.IF and LAPIC TPR (CR8). */ - vmcb->_vintr.fields.intr_masking = 1; -diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c -index 3123706..355d1b5 100644 ---- a/xen/arch/x86/hvm/vmx/vmcs.c -+++ b/xen/arch/x86/hvm/vmx/vmcs.c -@@ -1032,8 +1032,8 @@ static int construct_vmcs(struct vcpu *v) - } - - /* I/O access bitmap. */ -- __vmwrite(IO_BITMAP_A, virt_to_maddr((char *)hvm_io_bitmap + 0)); -- __vmwrite(IO_BITMAP_B, virt_to_maddr((char *)hvm_io_bitmap + PAGE_SIZE)); -+ __vmwrite(IO_BITMAP_A, __pa(d->arch.hvm_domain.io_bitmap)); -+ __vmwrite(IO_BITMAP_B, __pa(d->arch.hvm_domain.io_bitmap) + PAGE_SIZE); - - if ( cpu_has_vmx_virtual_intr_delivery ) - { -diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c -index 2b9787a..cd333f9 100644 ---- a/xen/arch/x86/setup.c -+++ b/xen/arch/x86/setup.c -@@ -1446,6 +1446,8 @@ void __init noreturn __start_xen(unsigned long mbi_p) - - dmi_end_boot(); - -+ setup_io_bitmap(dom0); -+ - system_state = SYS_STATE_active; - - domain_unpause_by_systemcontroller(dom0); -@@ -1509,6 +1511,32 @@ int __hwdom_init xen_in_range(unsigned long mfn) - return 0; - } - -+static int __hwdom_init io_bitmap_cb(unsigned long s, unsigned long e, -+ void *ctx) -+{ -+ struct domain *d = ctx; -+ unsigned int i; -+ -+ ASSERT(e <= INT_MAX); -+ for ( i = s; i <= e; i++ ) -+ __clear_bit(i, d->arch.hvm_domain.io_bitmap); -+ -+ return 0; -+} -+ -+void __hwdom_init setup_io_bitmap(struct domain *d) -+{ -+ int rc; -+ -+ if ( has_hvm_container_domain(d) ) -+ { -+ bitmap_fill(d->arch.hvm_domain.io_bitmap, 0x10000); -+ rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000, -+ io_bitmap_cb, d); -+ BUG_ON(rc); -+ } -+} -+ - /* - * Local variables: - * mode: C -diff --git a/xen/common/domain.c b/xen/common/domain.c -index 6803c4d..b0e83f5 100644 ---- a/xen/common/domain.c -+++ b/xen/common/domain.c -@@ -42,6 +42,7 @@ - #include <xsm/xsm.h> - #include <xen/trace.h> - #include <xen/tmem.h> -+#include <asm/setup.h> - - /* Linux config option: propageted to domain0 */ - /* xen_processor_pmbits: xen control Cx, Px, ... */ -@@ -219,6 +220,8 @@ static int late_hwdom_init(struct domain *d) - rangeset_swap(d->iomem_caps, dom0->iomem_caps); - #ifdef CONFIG_X86 - rangeset_swap(d->arch.ioport_caps, dom0->arch.ioport_caps); -+ setup_io_bitmap(d); -+ setup_io_bitmap(dom0); - #endif - - rcu_unlock_domain(dom0); -diff --git a/xen/include/asm-x86/hvm/domain.h b/xen/include/asm-x86/hvm/domain.h -index 0f8b19a..bdab45d 100644 ---- a/xen/include/asm-x86/hvm/domain.h -+++ b/xen/include/asm-x86/hvm/domain.h -@@ -141,6 +141,8 @@ struct hvm_domain { - */ - uint64_t sync_tsc; - -+ unsigned long *io_bitmap; -+ - union { - struct vmx_domain vmx; - struct svm_domain svm; -diff --git a/xen/include/asm-x86/setup.h b/xen/include/asm-x86/setup.h -index 08bc23a..381d9f8 100644 ---- a/xen/include/asm-x86/setup.h -+++ b/xen/include/asm-x86/setup.h -@@ -32,6 +32,7 @@ int construct_dom0( - module_t *initrd, - void *(*bootstrap_map)(const module_t *), - char *cmdline); -+void setup_io_bitmap(struct domain *d); - - unsigned long initial_images_nrpages(nodeid_t node); - void discard_initial_images(void); --- -2.5.4 (Apple Git-61) - diff --git a/emulators/xen-kernel/files/0001-xen-logdirty-prevent-preemption-if-finished.patch b/emulators/xen-kernel/files/0001-xen-logdirty-prevent-preemption-if-finished.patch new file mode 100644 index 000000000000..03bbc48a29e3 --- /dev/null +++ b/emulators/xen-kernel/files/0001-xen-logdirty-prevent-preemption-if-finished.patch @@ -0,0 +1,44 @@ +From 7a0ed7f3c2dcb1f104b6f70223d48d8826aec7f2 Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne <roger.pau@citrix.com> +Date: Tue, 31 May 2016 16:07:26 +0200 +Subject: [PATCH 1/2] xen/logdirty: prevent preemption if finished +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While working on PVH migration support I've realized that +paging_log_dirty_op sometimes restarts with sc->pages == pages, which means +there's no more work to do. Avoid this by adding a check in the preemption +points of the function. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +--- + xen/arch/x86/mm/paging.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c +index 8219bb6..ed94ff7 100644 +--- a/xen/arch/x86/mm/paging.c ++++ b/xen/arch/x86/mm/paging.c +@@ -519,7 +519,8 @@ static int paging_log_dirty_op(struct domain *d, + if ( l2 ) + unmap_domain_page(l2); + +- if ( i3 < LOGDIRTY_NODE_ENTRIES - 1 && hypercall_preempt_check() ) ++ if ( i3 < LOGDIRTY_NODE_ENTRIES - 1 && hypercall_preempt_check() && ++ sc->pages != pages ) + { + d->arch.paging.preempt.log_dirty.i4 = i4; + d->arch.paging.preempt.log_dirty.i3 = i3 + 1; +@@ -531,7 +532,7 @@ static int paging_log_dirty_op(struct domain *d, + unmap_domain_page(l3); + + if ( !rv && i4 < LOGDIRTY_NODE_ENTRIES - 1 && +- hypercall_preempt_check() ) ++ hypercall_preempt_check() && sc->pages != pages ) + { + d->arch.paging.preempt.log_dirty.i4 = i4 + 1; + d->arch.paging.preempt.log_dirty.i3 = 0; +-- +2.7.4 (Apple Git-66) + diff --git a/emulators/xen-kernel/files/0002-vmap-avoid-hitting-an-ASSERT-with-vfree-NULL.patch b/emulators/xen-kernel/files/0002-vmap-avoid-hitting-an-ASSERT-with-vfree-NULL.patch deleted file mode 100644 index 96358c6d397b..000000000000 --- a/emulators/xen-kernel/files/0002-vmap-avoid-hitting-an-ASSERT-with-vfree-NULL.patch +++ /dev/null @@ -1,43 +0,0 @@ -From ed4a7917a6faa8b7e8f211eaeda270f96e45de7d Mon Sep 17 00:00:00 2001 -From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 9 Oct 2015 12:57:31 +0200 -Subject: [PATCH 2/8] vmap: avoid hitting an ASSERT with vfree(NULL) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -and unconditionally defer the vm_size() call, as it doesn't have a NULL -short circuit. - -Reported-by: Wei Liu <wei.liu2@citrix.com> -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Tested-by: Wei Liu <wei.liu2@citrix.com> -Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> -Acked-by: Tim Deegan <tim@xen.org> ---- - xen/common/vmap.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/xen/common/vmap.c b/xen/common/vmap.c -index b6827b5..9028802 100644 ---- a/xen/common/vmap.c -+++ b/xen/common/vmap.c -@@ -268,10 +268,14 @@ void *vzalloc(size_t size) - - void vfree(void *va) - { -- unsigned int i, pages = vm_size(va); -+ unsigned int i, pages; - struct page_info *pg; - PAGE_LIST_HEAD(pg_list); - -+ if ( !va ) -+ return; -+ -+ pages = vm_size(va); - ASSERT(pages); - - for ( i = 0; i < pages; i++ ) --- -1.9.5 (Apple Git-50.3) - diff --git a/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch b/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch deleted file mode 100644 index 9ff23290678d..000000000000 --- a/emulators/xen-kernel/files/0002-x86-pvh-trap-access-to-sensitive-IO-ports.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 72d5acdc1d5b83107066e25054f9119e7771cf70 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> -Date: Wed, 20 May 2015 13:27:23 +0200 -Subject: [PATCH 2/2] x86/pvh: trap access to sensitive IO ports -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is needed so Xen can properly trap 4 byte accesses to 0xcf8 in order to -keep consistency with accesses to 0xcfc. - -The access to RTC ports also needs to be trapped in order to keep -consistency, this includes RTC_PORT(0) and RTC_PORT(1) (0x70 and 0x71 -respectively). - -Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> ---- - xen/arch/x86/setup.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c -index cd333f9..2cc9185 100644 ---- a/xen/arch/x86/setup.c -+++ b/xen/arch/x86/setup.c -@@ -49,6 +49,7 @@ - #include <xen/cpu.h> - #include <asm/nmi.h> - #include <asm/alternative.h> -+#include <asm/mc146818rtc.h> - - /* opt_nosmp: If true, secondary processors are ignored. */ - static bool_t __initdata opt_nosmp; -@@ -1534,6 +1535,16 @@ void __hwdom_init setup_io_bitmap(struct domain *d) - rc = rangeset_report_ranges(d->arch.ioport_caps, 0, 0x10000, - io_bitmap_cb, d); - BUG_ON(rc); -+ /* -+ * NB: we need to trap accesses to 0xcf8 in order to intercept -+ * 4 byte accesses, that need to be handled by Xen in order to -+ * keep consistency. -+ * Access to 1 byte RTC ports also needs to be trapped in order -+ * to keep consistency with PV. -+ */ -+ __set_bit(0xcf8, d->arch.hvm_domain.io_bitmap); -+ __set_bit(RTC_PORT(0), d->arch.hvm_domain.io_bitmap); -+ __set_bit(RTC_PORT(1), d->arch.hvm_domain.io_bitmap); - } - } - --- -2.5.4 (Apple Git-61) - diff --git a/emulators/xen-kernel/files/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch b/emulators/xen-kernel/files/0002-xen-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch index 0e75ef2ab6f5..58072055ca97 100644 --- a/emulators/xen-kernel/files/0005-x86-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch +++ b/emulators/xen-kernel/files/0002-xen-rework-paging_log_dirty_op-to-work-with-hvm-gues.patch @@ -1,7 +1,7 @@ -From 63d4838f2f5644060c064f356078a748ca413364 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> -Date: Fri, 9 Oct 2015 12:57:32 +0200 -Subject: [PATCH 5/8] x86: rework paging_log_dirty_op to work with hvm guests +From e253a2e2fb45197273cee7a7fa2b77f7a87cb67f Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne <roger.pau@citrix.com> +Date: Tue, 31 May 2016 16:07:26 +0200 +Subject: [PATCH 2/2] xen: rework paging_log_dirty_op to work with hvm guests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -14,17 +14,43 @@ Fix this by independently mapping each page of the guest bitmap as needed without the paging lock held. Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> -Reviewed-by: Tim Deegan <tim@xen.org> +Cc: Tim Deegan <tim@xen.org> +Cc: Jan Beulich <jbeulich@suse.com> +Cc: Andrew Cooper <andrew.cooper3@citrix.com> --- - xen/arch/x86/mm/paging.c | 98 +++++++++++++++++++++++++++++++++++++++----- +Changes since v6: + - Move the again label to the start of the function. + - Set all the preempt fields if we need to map a new page (just like on the + preempt case). + +Changes since v4: + - Indent again label. + - Replace bogus paddr_t cast with proper type. + - Update preempt.log_dirty before dropping the paging lock. + +Changes since v3: + - Drop last parameter from map_dirty_bitmap. + - Drop pointless initializers in paging_log_dirty_op. + - Add a new field to paging_domain in order to copy i2 position. + - Move the again case up to make sure we don't hold cached values of the + contents of log_dirty. + - Replace the BUG_ON in paging_log_dirty_op with an ASSERT. + +Changes since v2: + - Add checks for p2m_is_ram and p2m_is_discard_write when mapping a guest + page. + - Remove error checking from memset/memcpy, they unconditionally return + dst. +--- + xen/arch/x86/mm/paging.c | 97 +++++++++++++++++++++++++++++++++++++++----- xen/include/asm-x86/domain.h | 1 + - 2 files changed, 88 insertions(+), 11 deletions(-) + 2 files changed, 87 insertions(+), 11 deletions(-) diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c -index 6b788f7..06dc7fa 100644 +index ed94ff7..595c9d6 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c -@@ -397,6 +397,51 @@ int paging_mfn_is_dirty(struct domain *d, mfn_t gmfn) +@@ -406,6 +406,51 @@ int paging_mfn_is_dirty(struct domain *d, mfn_t gmfn) return rv; } @@ -55,7 +81,7 @@ index 6b788f7..06dc7fa 100644 + p2m_mem_paging_populate(current->domain, gfn); + return NULL; + } -+ if ( p2m_is_shared(p2mt) ) ++ if ( p2m_is_shared(p2mt) || p2m_is_discard_write(p2mt) ) + { + put_page(*page); + return NULL; @@ -76,7 +102,7 @@ index 6b788f7..06dc7fa 100644 /* Read a domain's log-dirty bitmap and stats. If the operation is a CLEAN, * clear the bitmap and stats as well. */ -@@ -409,9 +454,22 @@ static int paging_log_dirty_op(struct domain *d, +@@ -418,7 +463,11 @@ static int paging_log_dirty_op(struct domain *d, mfn_t *l4 = NULL, *l3 = NULL, *l2 = NULL; unsigned long *l1 = NULL; int i4, i3, i2; @@ -86,8 +112,12 @@ index 6b788f7..06dc7fa 100644 + again: if ( !resuming ) - domain_pause(d); -+ + { + /* +@@ -439,6 +488,14 @@ static int paging_log_dirty_op(struct domain *d, + p2m_flush_hardware_cached_dirty(d); + } + + index_mapped = resuming ? d->arch.paging.preempt.log_dirty.done : 0; + dirty_bitmap = map_dirty_bitmap(sc->dirty_bitmap, index_mapped, &page); + if ( dirty_bitmap == NULL ) @@ -99,7 +129,7 @@ index 6b788f7..06dc7fa 100644 paging_lock(d); if ( !d->arch.paging.preempt.dom ) -@@ -451,18 +509,18 @@ static int paging_log_dirty_op(struct domain *d, +@@ -478,18 +535,18 @@ static int paging_log_dirty_op(struct domain *d, l4 = paging_map_log_dirty_bitmap(d); i4 = d->arch.paging.preempt.log_dirty.i4; i3 = d->arch.paging.preempt.log_dirty.i3; @@ -108,13 +138,13 @@ index 6b788f7..06dc7fa 100644 for ( ; (pages < sc->pages) && (i4 < LOGDIRTY_NODE_ENTRIES); i4++, i3 = 0 ) { - l3 = (l4 && mfn_valid(l4[i4])) ? map_domain_page(mfn_x(l4[i4])) : NULL; + l3 = (l4 && mfn_valid(l4[i4])) ? map_domain_page(l4[i4]) : NULL; - for ( ; (pages < sc->pages) && (i3 < LOGDIRTY_NODE_ENTRIES); i3++ ) + for ( ; (pages < sc->pages) && (i3 < LOGDIRTY_NODE_ENTRIES); + i3++, i2 = 0 ) { l2 = ((l3 && mfn_valid(l3[i3])) ? - map_domain_page(mfn_x(l3[i3])) : NULL); + map_domain_page(l3[i3]) : NULL); - for ( i2 = 0; - (pages < sc->pages) && (i2 < LOGDIRTY_NODE_ENTRIES); - i2++ ) @@ -122,7 +152,7 @@ index 6b788f7..06dc7fa 100644 { unsigned int bytes = PAGE_SIZE; l1 = ((l2 && mfn_valid(l2[i2])) ? -@@ -471,15 +529,28 @@ static int paging_log_dirty_op(struct domain *d, +@@ -498,15 +555,28 @@ static int paging_log_dirty_op(struct domain *d, bytes = (unsigned int)((sc->pages - pages + 7) >> 3); if ( likely(peek) ) { @@ -158,7 +188,7 @@ index 6b788f7..06dc7fa 100644 } pages += bytes << 3; if ( l1 ) -@@ -496,6 +567,7 @@ static int paging_log_dirty_op(struct domain *d, +@@ -524,6 +594,7 @@ static int paging_log_dirty_op(struct domain *d, { d->arch.paging.preempt.log_dirty.i4 = i4; d->arch.paging.preempt.log_dirty.i3 = i3 + 1; @@ -166,7 +196,7 @@ index 6b788f7..06dc7fa 100644 rv = -ERESTART; break; } -@@ -508,6 +580,7 @@ static int paging_log_dirty_op(struct domain *d, +@@ -536,6 +607,7 @@ static int paging_log_dirty_op(struct domain *d, { d->arch.paging.preempt.log_dirty.i4 = i4 + 1; d->arch.paging.preempt.log_dirty.i3 = 0; @@ -174,7 +204,7 @@ index 6b788f7..06dc7fa 100644 rv = -ERESTART; } if ( rv ) -@@ -537,6 +610,7 @@ static int paging_log_dirty_op(struct domain *d, +@@ -565,6 +637,7 @@ static int paging_log_dirty_op(struct domain *d, if ( rv ) { /* Never leave the domain paused on real errors. */ @@ -182,7 +212,7 @@ index 6b788f7..06dc7fa 100644 ASSERT(rv == -ERESTART); return rv; } -@@ -549,12 +623,14 @@ static int paging_log_dirty_op(struct domain *d, +@@ -577,12 +650,14 @@ static int paging_log_dirty_op(struct domain *d, * paging modes (shadow or hap). Safe because the domain is paused. */ d->arch.paging.log_dirty.clean_dirty_bitmap(d); } @@ -198,10 +228,10 @@ index 6b788f7..06dc7fa 100644 if ( l1 ) diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h -index 6a77a93..63dea9c 100644 +index 165e533..0dc1ed8 100644 --- a/xen/include/asm-x86/domain.h +++ b/xen/include/asm-x86/domain.h -@@ -197,6 +197,7 @@ struct paging_domain { +@@ -206,6 +206,7 @@ struct paging_domain { unsigned long done:PADDR_BITS - PAGE_SHIFT; unsigned long i4:PAGETABLE_ORDER; unsigned long i3:PAGETABLE_ORDER; @@ -210,5 +240,5 @@ index 6a77a93..63dea9c 100644 }; } preempt; -- -1.9.5 (Apple Git-50.3) +2.7.4 (Apple Git-66) diff --git a/emulators/xen-kernel/files/0003-x86-shadow-fix-shadow_track_dirty_vram-to-work-on-hv.patch b/emulators/xen-kernel/files/0003-x86-shadow-fix-shadow_track_dirty_vram-to-work-on-hv.patch deleted file mode 100644 index 5588cf0eac0b..000000000000 --- a/emulators/xen-kernel/files/0003-x86-shadow-fix-shadow_track_dirty_vram-to-work-on-hv.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 055ee44e3cc7c40dc3a3319370d287591771a7f3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> -Date: Fri, 9 Oct 2015 12:57:32 +0200 -Subject: [PATCH 3/8] x86/shadow: fix shadow_track_dirty_vram to work on hvm - guests -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Modify shadow_track_dirty_vram to use a local buffer and then flush to the -guest without the paging_lock held. This is modeled after -hap_track_dirty_vram. - -Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> -Reviewed-by: Tim Deegan <tim@xen.org> ---- - xen/arch/x86/mm/shadow/common.c | 49 +++++++++++++++++++++++++---------------- - 1 file changed, 30 insertions(+), 19 deletions(-) - -diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c -index a5eed28..6b91b8c 100644 ---- a/xen/arch/x86/mm/shadow/common.c -+++ b/xen/arch/x86/mm/shadow/common.c -@@ -3478,7 +3478,7 @@ void shadow_clean_dirty_bitmap(struct domain *d) - int shadow_track_dirty_vram(struct domain *d, - unsigned long begin_pfn, - unsigned long nr, -- XEN_GUEST_HANDLE_64(uint8) dirty_bitmap) -+ XEN_GUEST_HANDLE_64(uint8) guest_dirty_bitmap) - { - int rc; - unsigned long end_pfn = begin_pfn + nr; -@@ -3488,6 +3488,7 @@ int shadow_track_dirty_vram(struct domain *d, - p2m_type_t t; - struct sh_dirty_vram *dirty_vram; - struct p2m_domain *p2m = p2m_get_hostp2m(d); -+ uint8_t *dirty_bitmap = NULL; - - if ( end_pfn < begin_pfn || end_pfn > p2m->max_mapped_pfn + 1 ) - return -EINVAL; -@@ -3516,6 +3517,12 @@ int shadow_track_dirty_vram(struct domain *d, - goto out; - } - -+ dirty_bitmap = vzalloc(dirty_size); -+ if ( dirty_bitmap == NULL ) -+ { -+ rc = -ENOMEM; -+ goto out; -+ } - /* This should happen seldomly (Video mode change), - * no need to be careful. */ - if ( !dirty_vram ) -@@ -3546,12 +3553,8 @@ int shadow_track_dirty_vram(struct domain *d, - rc = -ENODATA; - } - else if (dirty_vram->last_dirty == -1) -- { - /* still completely clean, just copy our empty bitmap */ -- rc = -EFAULT; -- if ( copy_to_guest(dirty_bitmap, dirty_vram->dirty_bitmap, dirty_size) == 0 ) -- rc = 0; -- } -+ memcpy(dirty_bitmap, dirty_vram->dirty_bitmap, dirty_size); - else - { - unsigned long map_mfn = INVALID_MFN; -@@ -3630,21 +3633,19 @@ int shadow_track_dirty_vram(struct domain *d, - if ( map_sl1p ) - sh_unmap_domain_page(map_sl1p); - -- rc = -EFAULT; -- if ( copy_to_guest(dirty_bitmap, dirty_vram->dirty_bitmap, dirty_size) == 0 ) { -- memset(dirty_vram->dirty_bitmap, 0, dirty_size); -- if (dirty_vram->last_dirty + SECONDS(2) < NOW()) -+ memcpy(dirty_bitmap, dirty_vram->dirty_bitmap, dirty_size); -+ memset(dirty_vram->dirty_bitmap, 0, dirty_size); -+ if ( dirty_vram->last_dirty + SECONDS(2) < NOW() ) -+ { -+ /* was clean for more than two seconds, try to disable guest -+ * write access */ -+ for ( i = begin_pfn; i < end_pfn; i++ ) - { -- /* was clean for more than two seconds, try to disable guest -- * write access */ -- for ( i = begin_pfn; i < end_pfn; i++ ) { -- mfn_t mfn = get_gfn_query_unlocked(d, i, &t); -- if (mfn_x(mfn) != INVALID_MFN) -- flush_tlb |= sh_remove_write_access(d->vcpu[0], mfn, 1, 0); -- } -- dirty_vram->last_dirty = -1; -+ mfn_t mfn = get_gfn_query_unlocked(d, i, &t); -+ if ( mfn_x(mfn) != INVALID_MFN ) -+ flush_tlb |= sh_remove_write_access(d->vcpu[0], mfn, 1, 0); - } -- rc = 0; -+ dirty_vram->last_dirty = -1; - } - } - if ( flush_tlb ) -@@ -3659,6 +3660,16 @@ out_dirty_vram: - - out: - paging_unlock(d); -+ if ( rc == 0 && dirty_bitmap != NULL && -+ copy_to_guest(guest_dirty_bitmap, dirty_bitmap, dirty_size) ) -+ { -+ paging_lock(d); -+ for ( i = 0; i < dirty_size; i++ ) -+ dirty_vram->dirty_bitmap[i] |= dirty_bitmap[i]; -+ paging_unlock(d); -+ rc = -EFAULT; -+ } -+ vfree(dirty_bitmap); - p2m_unlock(p2m_get_hostp2m(d)); - return rc; - } --- -1.9.5 (Apple Git-50.3) - diff --git a/emulators/xen-kernel/files/0004-x86-hap-make-hap_track_dirty_vram-use-non-contiguous.patch b/emulators/xen-kernel/files/0004-x86-hap-make-hap_track_dirty_vram-use-non-contiguous.patch deleted file mode 100644 index a4b43d412491..000000000000 --- a/emulators/xen-kernel/files/0004-x86-hap-make-hap_track_dirty_vram-use-non-contiguous.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 50ca52274eda838f0562938fae3432a0f05f2585 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> -Date: Fri, 9 Oct 2015 12:57:32 +0200 -Subject: [PATCH 4/8] x86/hap: make hap_track_dirty_vram use non-contiguous - memory for temporary map -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Just like it's done for shadow_track_dirty_vram allocate the temporary -buffer using non-contiguous memory. - -Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> -Reviewed-by: Tim Deegan <tim@xen.org> ---- - xen/arch/x86/mm/hap/hap.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c -index abf3d7a..f7b12a8 100644 ---- a/xen/arch/x86/mm/hap/hap.c -+++ b/xen/arch/x86/mm/hap/hap.c -@@ -87,7 +87,7 @@ int hap_track_dirty_vram(struct domain *d, - } - - rc = -ENOMEM; -- dirty_bitmap = xzalloc_bytes(size); -+ dirty_bitmap = vzalloc(size); - if ( !dirty_bitmap ) - goto out; - -@@ -168,8 +168,7 @@ int hap_track_dirty_vram(struct domain *d, - p2m_ram_logdirty, p2m_ram_rw); - } - out: -- if ( dirty_bitmap ) -- xfree(dirty_bitmap); -+ vfree(dirty_bitmap); - - return rc; - } --- -1.9.5 (Apple Git-50.3) - diff --git a/emulators/xen-kernel/files/0006-xen-pvh-enable-mmu_update-hypercall.patch b/emulators/xen-kernel/files/0006-xen-pvh-enable-mmu_update-hypercall.patch deleted file mode 100644 index 8ef6983f52e1..000000000000 --- a/emulators/xen-kernel/files/0006-xen-pvh-enable-mmu_update-hypercall.patch +++ /dev/null @@ -1,33 +0,0 @@ -From bec71ff2b61acc42e71a2bd79ec5cf172130e5f8 Mon Sep 17 00:00:00 2001 -From: Roger Pau Monne <roger.pau@citrix.com> -Date: Fri, 9 Oct 2015 12:57:32 +0200 -Subject: [PATCH 6/8] xen/pvh: enable mmu_update hypercall -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is needed for performing save/restore of PV guests. - -Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> -Cc: Tim Deegan <tim@xen.org> -Cc: Jan Beulich <jbeulich@suse.com> -Cc: Andrew Cooper <andrew.cooper3@citrix.com> ---- - xen/arch/x86/hvm/hvm.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c -index 7d53c6c..d3fdc3d 100644 ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -4843,6 +4843,7 @@ static hvm_hypercall_t *const pvh_hypercall64_table[NR_hypercalls] = { - [ __HYPERVISOR_grant_table_op ] = (hvm_hypercall_t *)hvm_grant_table_op, - HYPERCALL(vcpu_op), - HYPERCALL(mmuext_op), -+ HYPERCALL(mmu_update), - HYPERCALL(xsm_op), - HYPERCALL(sched_op), - HYPERCALL(event_channel_op), --- -1.9.5 (Apple Git-50.3) - diff --git a/emulators/xen-kernel/files/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch b/emulators/xen-kernel/files/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch deleted file mode 100644 index 66d50f321093..000000000000 --- a/emulators/xen-kernel/files/0007-iommu-fix-usage-of-shared-EPT-IOMMU-page-tables-on-P.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 43f76b1443c8fc3b54dbb9fb466becbb9d584d6d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> -Date: Fri, 9 Oct 2015 12:57:33 +0200 -Subject: [PATCH 7/8] iommu: fix usage of shared EPT/IOMMU page tables on PVH - guests -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -iommu_share_p2m_table should not prevent PVH guests from using a shared page -table between the IOMMU and EPT. Clean the code by removing the asserts in -the vendor specific implementations (amd_iommu_share_p2m, iommu_set_pgd), -and moving the hap_enabled assert to the caller (iommu_share_p2m_table). - -Also fix another incorrect usage of is_hvm_domain usage in -arch_iommu_populate_page_table. This has not given problems so far because -all the pages in PVH guests are of type PGT_writable_page. - -Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> -Reviewed-by: Jan Beulich <jbeulich@suse.com> -Tested-by: David Vrabel <david.vrabel@citrix.com> -Reviewed-by: Tim Deegan <tim@xen.org> -Acked-by: Kevin Tian <kevin.tian@intel.com> ---- - xen/drivers/passthrough/amd/iommu_map.c | 2 -- - xen/drivers/passthrough/iommu.c | 3 ++- - xen/drivers/passthrough/vtd/iommu.c | 2 -- - xen/drivers/passthrough/x86/iommu.c | 2 +- - 4 files changed, 3 insertions(+), 6 deletions(-) - -diff --git a/xen/drivers/passthrough/amd/iommu_map.c b/xen/drivers/passthrough/amd/iommu_map.c -index a8c60ec..31dc05d 100644 ---- a/xen/drivers/passthrough/amd/iommu_map.c -+++ b/xen/drivers/passthrough/amd/iommu_map.c -@@ -785,8 +785,6 @@ void amd_iommu_share_p2m(struct domain *d) - struct page_info *p2m_table; - mfn_t pgd_mfn; - -- ASSERT( is_hvm_domain(d) && d->arch.hvm_domain.hap_enabled ); -- - if ( !iommu_use_hap_pt(d) ) - return; - -diff --git a/xen/drivers/passthrough/iommu.c b/xen/drivers/passthrough/iommu.c -index cc12735..7fcbbb1 100644 ---- a/xen/drivers/passthrough/iommu.c -+++ b/xen/drivers/passthrough/iommu.c -@@ -332,7 +332,8 @@ void iommu_share_p2m_table(struct domain* d) - { - const struct iommu_ops *ops = iommu_get_ops(); - -- if ( iommu_enabled && is_hvm_domain(d) ) -+ ASSERT( hap_enabled(d) ); -+ if ( iommu_enabled ) - ops->share_p2m(d); - } - -diff --git a/xen/drivers/passthrough/vtd/iommu.c b/xen/drivers/passthrough/vtd/iommu.c -index 5a946d4..a5a111c 100644 ---- a/xen/drivers/passthrough/vtd/iommu.c -+++ b/xen/drivers/passthrough/vtd/iommu.c -@@ -1802,8 +1802,6 @@ static void iommu_set_pgd(struct domain *d) - struct hvm_iommu *hd = domain_hvm_iommu(d); - mfn_t pgd_mfn; - -- ASSERT( is_hvm_domain(d) && d->arch.hvm_domain.hap_enabled ); -- - if ( !iommu_use_hap_pt(d) ) - return; - -diff --git a/xen/drivers/passthrough/x86/iommu.c b/xen/drivers/passthrough/x86/iommu.c -index ce0ca5a..3d2c12a 100644 ---- a/xen/drivers/passthrough/x86/iommu.c -+++ b/xen/drivers/passthrough/x86/iommu.c -@@ -56,7 +56,7 @@ int arch_iommu_populate_page_table(struct domain *d) - - while ( !rc && (page = page_list_remove_head(&d->page_list)) ) - { -- if ( is_hvm_domain(d) || -+ if ( has_hvm_container_domain(d) || - (page->u.inuse.type_info & PGT_type_mask) == PGT_writable_page ) - { - BUG_ON(SHARED_M2P(mfn_to_gmfn(d, page_to_mfn(page)))); --- -1.9.5 (Apple Git-50.3) - diff --git a/emulators/xen-kernel/files/xsa156-4.5.patch b/emulators/xen-kernel/files/xsa156-4.5.patch deleted file mode 100644 index 9b59e16fb4a0..000000000000 --- a/emulators/xen-kernel/files/xsa156-4.5.patch +++ /dev/null @@ -1,127 +0,0 @@ -x86/HVM: always intercept #AC and #DB - -Both being benign exceptions, and both being possible to get triggered -by exception delivery, this is required to prevent a guest from locking -up a CPU (resulting from no other VM exits occurring once getting into -such a loop). - -The specific scenarios: - -1) #AC may be raised during exception delivery if the handler is set to -be a ring-3 one by a 32-bit guest, and the stack is misaligned. - -2) #DB may be raised during exception delivery when a breakpoint got -placed on a data structure involved in delivering the exception. This -can result in an endless loop when a 64-bit guest uses a non-zero IST -for the vector 1 IDT entry, but even without use of IST the time it -takes until a contributory fault would get raised (results depending -on the handler) may be quite long. - -This is XSA-156. - -Reported-by: Benjamin Serebrin <serebrin@google.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> -Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/hvm/svm/svm.c -+++ b/xen/arch/x86/hvm/svm/svm.c -@@ -1045,10 +1045,11 @@ static void noreturn svm_do_resume(struc - unlikely(v->arch.hvm_vcpu.debug_state_latch != debug_state) ) - { - uint32_t intercepts = vmcb_get_exception_intercepts(vmcb); -- uint32_t mask = (1U << TRAP_debug) | (1U << TRAP_int3); -+ - v->arch.hvm_vcpu.debug_state_latch = debug_state; - vmcb_set_exception_intercepts( -- vmcb, debug_state ? (intercepts | mask) : (intercepts & ~mask)); -+ vmcb, debug_state ? (intercepts | (1U << TRAP_int3)) -+ : (intercepts & ~(1U << TRAP_int3))); - } - - if ( v->arch.hvm_svm.launch_core != smp_processor_id() ) -@@ -2435,8 +2436,9 @@ void svm_vmexit_handler(struct cpu_user_ - - case VMEXIT_EXCEPTION_DB: - if ( !v->domain->debugger_attached ) -- goto unexpected_exit_type; -- domain_pause_for_debugger(); -+ hvm_inject_hw_exception(TRAP_debug, HVM_DELIVER_NO_ERROR_CODE); -+ else -+ domain_pause_for_debugger(); - break; - - case VMEXIT_EXCEPTION_BP: -@@ -2484,6 +2486,11 @@ void svm_vmexit_handler(struct cpu_user_ - break; - } - -+ case VMEXIT_EXCEPTION_AC: -+ HVMTRACE_1D(TRAP, TRAP_alignment_check); -+ hvm_inject_hw_exception(TRAP_alignment_check, vmcb->exitinfo1); -+ break; -+ - case VMEXIT_EXCEPTION_UD: - svm_vmexit_ud_intercept(regs); - break; ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -1186,16 +1186,10 @@ static void vmx_update_host_cr3(struct v - - void vmx_update_debug_state(struct vcpu *v) - { -- unsigned long mask; -- -- mask = 1u << TRAP_int3; -- if ( !cpu_has_monitor_trap_flag ) -- mask |= 1u << TRAP_debug; -- - if ( v->arch.hvm_vcpu.debug_state_latch ) -- v->arch.hvm_vmx.exception_bitmap |= mask; -+ v->arch.hvm_vmx.exception_bitmap |= 1U << TRAP_int3; - else -- v->arch.hvm_vmx.exception_bitmap &= ~mask; -+ v->arch.hvm_vmx.exception_bitmap &= ~(1U << TRAP_int3); - - vmx_vmcs_enter(v); - vmx_update_exception_bitmap(v); -@@ -2801,9 +2795,10 @@ void vmx_vmexit_handler(struct cpu_user_ - __vmread(EXIT_QUALIFICATION, &exit_qualification); - HVMTRACE_1D(TRAP_DEBUG, exit_qualification); - write_debugreg(6, exit_qualification | 0xffff0ff0); -- if ( !v->domain->debugger_attached || cpu_has_monitor_trap_flag ) -- goto exit_and_crash; -- domain_pause_for_debugger(); -+ if ( !v->domain->debugger_attached ) -+ hvm_inject_hw_exception(vector, HVM_DELIVER_NO_ERROR_CODE); -+ else -+ domain_pause_for_debugger(); - break; - case TRAP_int3: - { -@@ -2868,6 +2863,11 @@ void vmx_vmexit_handler(struct cpu_user_ - - hvm_inject_page_fault(regs->error_code, exit_qualification); - break; -+ case TRAP_alignment_check: -+ HVMTRACE_1D(TRAP, vector); -+ __vmread(VM_EXIT_INTR_ERROR_CODE, &ecode); -+ hvm_inject_hw_exception(vector, ecode); -+ break; - case TRAP_nmi: - if ( (intr_info & INTR_INFO_INTR_TYPE_MASK) != - (X86_EVENTTYPE_NMI << 8) ) ---- a/xen/include/asm-x86/hvm/hvm.h -+++ b/xen/include/asm-x86/hvm/hvm.h -@@ -378,7 +378,10 @@ static inline int hvm_event_pending(stru - (X86_CR4_VMXE | X86_CR4_PAE | X86_CR4_MCE)) - - /* These exceptions must always be intercepted. */ --#define HVM_TRAP_MASK ((1U << TRAP_machine_check) | (1U << TRAP_invalid_op)) -+#define HVM_TRAP_MASK ((1U << TRAP_debug) | \ -+ (1U << TRAP_invalid_op) | \ -+ (1U << TRAP_alignment_check) | \ -+ (1U << TRAP_machine_check)) - - /* - * x86 event types. This enumeration is valid for: diff --git a/emulators/xen-kernel/files/xsa159.patch b/emulators/xen-kernel/files/xsa159.patch deleted file mode 100644 index 5e4e20c43f16..000000000000 --- a/emulators/xen-kernel/files/xsa159.patch +++ /dev/null @@ -1,47 +0,0 @@ -memory: fix XENMEM_exchange error handling - -assign_pages() can fail due to the domain getting killed in parallel, -which should not result in a hypervisor crash. - -Also delete a redundant put_gfn() - all relevant paths leading to the -"fail" label already do this (and there are also paths where it was -plain wrong). All of the put_gfn()-s got introduced by 51032ca058 -("Modify naming of queries into the p2m"), including the otherwise -unneeded initializer for k (with even a kind of misleading comment - -the compiler warning could actually have served as a hint that the use -is wrong). - -This is XSA-159. - -Reported-by: Julien Grall <julien.grall@citrix.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/common/memory.c -+++ b/xen/common/memory.c -@@ -334,7 +334,7 @@ static long memory_exchange(XEN_GUEST_HA - PAGE_LIST_HEAD(out_chunk_list); - unsigned long in_chunk_order, out_chunk_order; - xen_pfn_t gpfn, gmfn, mfn; -- unsigned long i, j, k = 0; /* gcc ... */ -+ unsigned long i, j, k; - unsigned int memflags = 0; - long rc = 0; - struct domain *d; -@@ -572,11 +572,12 @@ static long memory_exchange(XEN_GUEST_HA - fail: - /* Reassign any input pages we managed to steal. */ - while ( (page = page_list_remove_head(&in_chunk_list)) ) -- { -- put_gfn(d, gmfn + k--); - if ( assign_pages(d, page, 0, MEMF_no_refcount) ) -- BUG(); -- } -+ { -+ BUG_ON(!d->is_dying); -+ if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) -+ put_page(page); -+ } - - dying: - rcu_unlock_domain(d); diff --git a/emulators/xen-kernel/files/xsa165-4.5.patch b/emulators/xen-kernel/files/xsa165-4.5.patch deleted file mode 100644 index b0909e49b890..000000000000 --- a/emulators/xen-kernel/files/xsa165-4.5.patch +++ /dev/null @@ -1,85 +0,0 @@ -x86: don't leak ST(n)/XMMn values to domains first using them - -FNINIT doesn't alter these registers, and hence using it is -insufficient to initialize a guest's initial state. - -This is XSA-165. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/domain.c -+++ b/xen/arch/x86/domain.c -@@ -798,6 +798,17 @@ int arch_set_info_guest( - if ( v->arch.xsave_area ) - v->arch.xsave_area->xsave_hdr.xstate_bv = XSTATE_FP_SSE; - } -+ else if ( v->arch.xsave_area ) -+ memset(&v->arch.xsave_area->xsave_hdr, 0, -+ sizeof(v->arch.xsave_area->xsave_hdr)); -+ else -+ { -+ typeof(v->arch.xsave_area->fpu_sse) *fpu_sse = v->arch.fpu_ctxt; -+ -+ memset(fpu_sse, 0, sizeof(*fpu_sse)); -+ fpu_sse->fcw = FCW_DEFAULT; -+ fpu_sse->mxcsr = MXCSR_DEFAULT; -+ } - - if ( !compat ) - { ---- a/xen/arch/x86/i387.c -+++ b/xen/arch/x86/i387.c -@@ -17,19 +17,6 @@ - #include <asm/xstate.h> - #include <asm/asm_defns.h> - --static void fpu_init(void) --{ -- unsigned long val; -- -- asm volatile ( "fninit" ); -- if ( cpu_has_xmm ) -- { -- /* load default value into MXCSR control/status register */ -- val = MXCSR_DEFAULT; -- asm volatile ( "ldmxcsr %0" : : "m" (val) ); -- } --} -- - /*******************************/ - /* FPU Restore Functions */ - /*******************************/ -@@ -248,15 +235,8 @@ void vcpu_restore_fpu_lazy(struct vcpu * - - if ( cpu_has_xsave ) - fpu_xrstor(v, XSTATE_LAZY); -- else if ( v->fpu_initialised ) -- { -- if ( cpu_has_fxsr ) -- fpu_fxrstor(v); -- else -- fpu_frstor(v); -- } - else -- fpu_init(); -+ fpu_fxrstor(v); - - v->fpu_initialised = 1; - v->fpu_dirtied = 1; -@@ -317,7 +297,14 @@ int vcpu_init_fpu(struct vcpu *v) - else - { - v->arch.fpu_ctxt = _xzalloc(sizeof(v->arch.xsave_area->fpu_sse), 16); -- if ( !v->arch.fpu_ctxt ) -+ if ( v->arch.fpu_ctxt ) -+ { -+ typeof(v->arch.xsave_area->fpu_sse) *fpu_sse = v->arch.fpu_ctxt; -+ -+ fpu_sse->fcw = FCW_DEFAULT; -+ fpu_sse->mxcsr = MXCSR_DEFAULT; -+ } -+ else - { - rc = -ENOMEM; - goto done; diff --git a/emulators/xen-kernel/files/xsa166-4.5.patch b/emulators/xen-kernel/files/xsa166-4.5.patch deleted file mode 100644 index 60bdbf428459..000000000000 --- a/emulators/xen-kernel/files/xsa166-4.5.patch +++ /dev/null @@ -1,44 +0,0 @@ -x86/HVM: avoid reading ioreq state more than once - -Otherwise, especially when the compiler chooses to translate the -switch() to a jump table, unpredictable behavior (and in the jump table -case arbitrary code execution) can result. - -This is XSA-166. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/arch/x86/hvm/hvm.c -+++ b/xen/arch/x86/hvm/hvm.c -@@ -400,23 +400,23 @@ bool_t hvm_io_pending(struct vcpu *v) - - static bool_t hvm_wait_for_io(struct hvm_ioreq_vcpu *sv, ioreq_t *p) - { -+ unsigned int state; -+ - /* NB. Optimised for common case (p->state == STATE_IOREQ_NONE). */ -- while ( p->state != STATE_IOREQ_NONE ) -+ while ( (state = p->state) != STATE_IOREQ_NONE ) - { -- switch ( p->state ) -+ rmb(); -+ switch ( state ) - { - case STATE_IORESP_READY: /* IORESP_READY -> NONE */ -- rmb(); /* see IORESP_READY /then/ read contents of ioreq */ - hvm_io_assist(p); - break; - case STATE_IOREQ_READY: /* IOREQ_{READY,INPROCESS} -> IORESP_READY */ - case STATE_IOREQ_INPROCESS: -- wait_on_xen_event_channel(sv->ioreq_evtchn, -- (p->state != STATE_IOREQ_READY) && -- (p->state != STATE_IOREQ_INPROCESS)); -+ wait_on_xen_event_channel(sv->ioreq_evtchn, p->state != state); - break; - default: -- gdprintk(XENLOG_ERR, "Weird HVM iorequest state %d.\n", p->state); -+ gdprintk(XENLOG_ERR, "Weird HVM iorequest state %u\n", state); - domain_crash(sv->vcpu->domain); - return 0; /* bail */ - } diff --git a/emulators/xen-kernel/files/xsa167-4.6.patch b/emulators/xen-kernel/files/xsa167-4.6.patch deleted file mode 100644 index 05fe35b3c769..000000000000 --- a/emulators/xen-kernel/files/xsa167-4.6.patch +++ /dev/null @@ -1,77 +0,0 @@ -x86/mm: PV superpage handling lacks sanity checks - -MMUEXT_{,UN}MARK_SUPER fail to check the input MFN for validity before -dereferencing pointers into the superpage frame table. - -get_superpage() has a similar issue. - -This is XSA-167. - -Reported-by: Qinghao Tang <luodalongde@gmail.com> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/arch/x86/mm.c -+++ b/xen/arch/x86/mm.c -@@ -2624,6 +2624,9 @@ int get_superpage(unsigned long mfn, str - - ASSERT(opt_allow_superpage); - -+ if ( !mfn_valid(mfn | (L1_PAGETABLE_ENTRIES - 1)) ) -+ return -EINVAL; -+ - spage = mfn_to_spage(mfn); - y = spage->type_info; - do { -@@ -3401,42 +3404,26 @@ long do_mmuext_op( - } - - case MMUEXT_MARK_SUPER: -+ case MMUEXT_UNMARK_SUPER: - { - unsigned long mfn = op.arg1.mfn; - -- if ( unlikely(d != pg_owner) ) -- rc = -EPERM; -- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) ) -- { -- MEM_LOG("Unaligned superpage reference mfn %lx", mfn); -- okay = 0; -- } -- else if ( !opt_allow_superpage ) -+ if ( !opt_allow_superpage ) - { - MEM_LOG("Superpages disallowed"); - rc = -ENOSYS; - } -- else -- rc = mark_superpage(mfn_to_spage(mfn), d); -- break; -- } -- -- case MMUEXT_UNMARK_SUPER: -- { -- unsigned long mfn = op.arg1.mfn; -- -- if ( unlikely(d != pg_owner) ) -+ else if ( unlikely(d != pg_owner) ) - rc = -EPERM; -- else if ( mfn & (L1_PAGETABLE_ENTRIES-1) ) -+ else if ( mfn & (L1_PAGETABLE_ENTRIES - 1) ) - { - MEM_LOG("Unaligned superpage reference mfn %lx", mfn); -- okay = 0; -- } -- else if ( !opt_allow_superpage ) -- { -- MEM_LOG("Superpages disallowed"); -- rc = -ENOSYS; -+ rc = -EINVAL; - } -+ else if ( !mfn_valid(mfn | (L1_PAGETABLE_ENTRIES - 1)) ) -+ rc = -EINVAL; -+ else if ( op.cmd == MMUEXT_MARK_SUPER ) -+ rc = mark_superpage(mfn_to_spage(mfn), d); - else - rc = unmark_superpage(mfn_to_spage(mfn)); - break; diff --git a/emulators/xen-kernel/files/xsa168.patch b/emulators/xen-kernel/files/xsa168.patch deleted file mode 100644 index 856f02e6fc93..000000000000 --- a/emulators/xen-kernel/files/xsa168.patch +++ /dev/null @@ -1,27 +0,0 @@ -x86/VMX: prevent INVVPID failure due to non-canonical guest address - -While INVLPG (and on SVM INVLPGA) don't fault on non-canonical -addresses, INVVPID fails (in the "individual address" case) when passed -such an address. - -Since such intercepted INVLPG are effectively no-ops anyway, don't fix -this in vmx_invlpg_intercept(), but instead have paging_invlpg() never -return true in such a case. - -This is XSA-168. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> - ---- a/xen/include/asm-x86/paging.h -+++ b/xen/include/asm-x86/paging.h -@@ -245,7 +245,7 @@ paging_fault(unsigned long va, struct cp - * or 0 if it's safe not to do so. */ - static inline int paging_invlpg(struct vcpu *v, unsigned long va) - { -- return paging_get_hostmode(v)->invlpg(v, va); -+ return is_canonical_address(va) && paging_get_hostmode(v)->invlpg(v, va); - } - - /* Translate a guest virtual address to the frame number that the diff --git a/emulators/xen-kernel/files/xsa170-4.5.patch b/emulators/xen-kernel/files/xsa170-4.5.patch deleted file mode 100644 index 00045c209cd7..000000000000 --- a/emulators/xen-kernel/files/xsa170-4.5.patch +++ /dev/null @@ -1,79 +0,0 @@ -x86/VMX: sanitize rIP before re-entering guest - -... to prevent guest user mode arranging for a guest crash (due to -failed VM entry). (On the AMD system I checked, hardware is doing -exactly the canonicalization being added here.) - -Note that fixing this in an architecturally correct way would be quite -a bit more involved: Making the x86 instruction emulator check all -branch targets for validity, plus dealing with invalid rIP resulting -from update_guest_eip() or incoming directly during a VM exit. The only -way to get the latter right would be by not having hardware do the -injection. - -Note further that there are a two early returns from -vmx_vmexit_handler(): One (through vmx_failed_vmentry()) leads to -domain_crash() anyway, and the other covers real mode only and can -neither occur with a non-canonical rIP nor result in an altered rIP, -so we don't need to force those paths through the checking logic. - -This is XSA-170. - -Reported-by: 刘令 <liuling-it@360.cn> -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> -Tested-by: Andrew Cooper <andrew.cooper3@citrix.com> - ---- a/xen/arch/x86/hvm/vmx/vmx.c -+++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -2675,7 +2675,7 @@ void vmx_handle_EOI_induced_exit(struct - void vmx_vmexit_handler(struct cpu_user_regs *regs) - { - unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; -- unsigned int vector = 0; -+ unsigned int vector = 0, mode; - struct vcpu *v = current; - - __vmread(GUEST_RIP, ®s->rip); -@@ -3219,6 +3219,41 @@ void vmx_vmexit_handler(struct cpu_user_ - out: - if ( nestedhvm_vcpu_in_guestmode(v) ) - nvmx_idtv_handling(); -+ -+ /* -+ * VM entry will fail (causing the guest to get crashed) if rIP (and -+ * rFLAGS, but we don't have an issue there) doesn't meet certain -+ * criteria. As we must not allow less than fully privileged mode to have -+ * such an effect on the domain, we correct rIP in that case (accepting -+ * this not being architecturally correct behavior, as the injected #GP -+ * fault will then not see the correct [invalid] return address). -+ * And since we know the guest will crash, we crash it right away if it -+ * already is in most privileged mode. -+ */ -+ mode = vmx_guest_x86_mode(v); -+ if ( mode == 8 ? !is_canonical_address(regs->rip) -+ : regs->rip != regs->_eip ) -+ { -+ struct segment_register ss; -+ -+ gdprintk(XENLOG_WARNING, "Bad rIP %lx for mode %u\n", regs->rip, mode); -+ -+ vmx_get_segment_register(v, x86_seg_ss, &ss); -+ if ( ss.attr.fields.dpl ) -+ { -+ __vmread(VM_ENTRY_INTR_INFO, &intr_info); -+ if ( !(intr_info & INTR_INFO_VALID_MASK) ) -+ hvm_inject_hw_exception(TRAP_gp_fault, 0); -+ /* Need to fix rIP nevertheless. */ -+ if ( mode == 8 ) -+ regs->rip = (long)(regs->rip << (64 - VADDR_BITS)) >> -+ (64 - VADDR_BITS); -+ else -+ regs->rip = regs->_eip; -+ } -+ else -+ domain_crash(v->domain); -+ } - } - - void vmx_vmenter_helper(const struct cpu_user_regs *regs) |