diff options
author | Tomáš Mózes <hydrapolic@gmail.com> | 2023-04-14 19:03:31 +0200 |
---|---|---|
committer | Tomáš Mózes <hydrapolic@gmail.com> | 2023-04-14 19:03:31 +0200 |
commit | 7e0f315531fdc3c24b6b9a0bb9d391b4cb52780e (patch) | |
tree | 81407655112d5e3b8a29a76395a842052fb036ae | |
parent | Xen 4.16.4-pre-patchset-0 (diff) | |
download | xen-upstream-patches-7e0f315531fdc3c24b6b9a0bb9d391b4cb52780e.tar.gz xen-upstream-patches-7e0f315531fdc3c24b6b9a0bb9d391b4cb52780e.tar.bz2 xen-upstream-patches-7e0f315531fdc3c24b6b9a0bb9d391b4cb52780e.zip |
Xen 4.17.1-pre-patchset-04.17.1-pre-patchset-0
Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com>
-rw-r--r-- | 0001-update-Xen-version-to-4.16.4-pre.patch | 25 | ||||
-rw-r--r-- | 0001-update-Xen-version-to-4.17.1-pre.patch | 136 | ||||
-rw-r--r-- | 0002-x86-irq-do-not-release-irq-until-all-cleanup-is-done.patch | 90 | ||||
-rw-r--r-- | 0003-x86-pvh-do-not-forward-MADT-Local-APIC-NMI-structure.patch | 103 | ||||
-rw-r--r-- | 0004-x86-HVM-don-t-mark-external-IRQs-as-pending-when-vLA.patch | 71 | ||||
-rw-r--r-- | 0005-x86-Viridian-don-t-mark-IRQ-vectors-as-pending-when-.patch | 60 | ||||
-rw-r--r-- | 0006-x86-HVM-don-t-mark-evtchn-upcall-vector-as-pending-w.patch | 70 | ||||
-rw-r--r-- | 0007-ioreq_broadcast-accept-partial-broadcast-success.patch (renamed from 0002-ioreq_broadcast-accept-partial-broadcast-success.patch) | 10 | ||||
-rw-r--r-- | 0008-EFI-relocate-the-ESRT-when-booting-via-multiboot2.patch | 195 | ||||
-rw-r--r-- | 0009-x86-time-prevent-overflow-with-high-frequency-TSCs.patch (renamed from 0003-x86-time-prevent-overflow-with-high-frequency-TSCs.patch) | 10 | ||||
-rw-r--r-- | 0010-tools-oxenstored-Fix-incorrect-scope-after-an-if-sta.patch | 52 | ||||
-rw-r--r-- | 0011-tools-ocaml-evtchn-OCaml-5-support-fix-potential-res.patch | 68 | ||||
-rw-r--r-- | 0012-tools-ocaml-evtchn-Add-binding-for-xenevtchn_fdopen.patch | 81 | ||||
-rw-r--r-- | 0013-tools-ocaml-evtchn-Extend-the-init-binding-with-a-cl.patch | 90 | ||||
-rw-r--r-- | 0014-tools-oxenstored-Style-fixes-to-Domain.patch | 64 | ||||
-rw-r--r-- | 0015-tools-oxenstored-Bind-the-DOM_EXC-VIRQ-in-in-Event.i.patch | 82 | ||||
-rw-r--r-- | 0016-tools-oxenstored-Rename-some-port-variables-to-remot.patch | 144 | ||||
-rw-r--r-- | 0017-tools-oxenstored-Implement-Domain.rebind_evtchn.patch | 67 | ||||
-rw-r--r-- | 0018-tools-oxenstored-Rework-Domain-evtchn-handling-to-us.patch | 209 | ||||
-rw-r--r-- | 0019-tools-oxenstored-Keep-dev-xen-evtchn-open-across-liv.patch | 367 | ||||
-rw-r--r-- | 0020-tools-oxenstored-Log-live-update-issues-at-warning-l.patch | 42 | ||||
-rw-r--r-- | 0021-tools-oxenstored-Set-uncaught-exception-handler.patch | 83 | ||||
-rw-r--r-- | 0022-tools-oxenstored-syslog-Avoid-potential-NULL-derefer.patch | 55 | ||||
-rw-r--r-- | 0023-tools-oxenstored-Render-backtraces-more-nicely-in-Sy.patch | 83 | ||||
-rw-r--r-- | 0024-Revert-tools-xenstore-simplify-loop-handling-connect.patch | 136 | ||||
-rw-r--r-- | 0025-x86-S3-Restore-Xen-s-MSR_PAT-value-on-S3-resume.patch (renamed from 0004-x86-S3-Restore-Xen-s-MSR_PAT-value-on-S3-resume.patch) | 6 | ||||
-rw-r--r-- | 0026-tools-Fix-build-with-recent-QEMU-use-enable-trace-ba.patch (renamed from 0005-tools-Fix-build-with-recent-QEMU-use-enable-trace-ba.patch) | 8 | ||||
-rw-r--r-- | 0027-include-compat-produce-stubs-for-headers-not-otherwi.patch | 74 | ||||
-rw-r--r-- | 0028-x86-vmx-Calculate-model-specific-LBRs-once-at-start-.patch (renamed from 0006-x86-vmx-Calculate-model-specific-LBRs-once-at-start-.patch) | 24 | ||||
-rw-r--r-- | 0029-x86-vmx-Support-for-CPUs-without-model-specific-LBR.patch (renamed from 0007-x86-vmx-Support-for-CPUs-without-model-specific-LBR.patch) | 12 | ||||
-rw-r--r-- | 0030-x86-shadow-fix-PAE-check-for-top-level-table-unshado.patch (renamed from 0008-x86-shadow-fix-PAE-check-for-top-level-table-unshado.patch) | 10 | ||||
-rw-r--r-- | 0031-build-fix-building-flask-headers-before-descending-i.patch | 50 | ||||
-rw-r--r-- | 0032-ns16550-fix-an-incorrect-assignment-to-uart-io_size.patch (renamed from 0009-ns16550-fix-an-incorrect-assignment-to-uart-io_size.patch) | 10 | ||||
-rw-r--r-- | 0033-libxl-fix-guest-kexec-skip-cpuid-policy.patch (renamed from 0010-libxl-fix-guest-kexec-skip-cpuid-policy.patch) | 18 | ||||
-rw-r--r-- | 0034-tools-ocaml-xenctrl-Make-domain_getinfolist-tail-rec.patch (renamed from 0011-tools-ocaml-xenctrl-Make-domain_getinfolist-tail-rec.patch) | 8 | ||||
-rw-r--r-- | 0035-tools-ocaml-xenctrl-Use-larger-chunksize-in-domain_g.patch (renamed from 0012-tools-ocaml-xenctrl-Use-larger-chunksize-in-domain_g.patch) | 8 | ||||
-rw-r--r-- | 0036-tools-ocaml-xb-mmap-Use-Data_abstract_val-wrapper.patch (renamed from 0013-tools-ocaml-xb-mmap-Use-Data_abstract_val-wrapper.patch) | 4 | ||||
-rw-r--r-- | 0037-tools-ocaml-xb-Drop-Xs_ring.write.patch (renamed from 0014-tools-ocaml-xb-Drop-Xs_ring.write.patch) | 4 | ||||
-rw-r--r-- | 0038-tools-oxenstored-validate-config-file-before-live-up.patch (renamed from 0015-tools-oxenstored-validate-config-file-before-live-up.patch) | 4 | ||||
-rw-r--r-- | 0039-tools-ocaml-libs-Don-t-declare-stubs-as-taking-void.patch (renamed from 0016-tools-ocaml-libs-Don-t-declare-stubs-as-taking-void.patch) | 6 | ||||
-rw-r--r-- | 0040-tools-ocaml-libs-Allocate-the-correct-amount-of-memo.patch (renamed from 0017-tools-ocaml-libs-Allocate-the-correct-amount-of-memo.patch) | 16 | ||||
-rw-r--r-- | 0041-tools-ocaml-evtchn-Don-t-reference-Custom-objects-wi.patch (renamed from 0018-tools-ocaml-evtchn-Don-t-reference-Custom-objects-wi.patch) | 4 | ||||
-rw-r--r-- | 0042-tools-ocaml-xc-Fix-binding-for-xc_domain_assign_devi.patch (renamed from 0019-tools-ocaml-xc-Fix-binding-for-xc_domain_assign_devi.patch) | 10 | ||||
-rw-r--r-- | 0043-tools-ocaml-xc-Don-t-reference-Abstract_Tag-objects-.patch (renamed from 0020-tools-ocaml-xc-Don-t-reference-Abstract_Tag-objects-.patch) | 8 | ||||
-rw-r--r-- | 0044-tools-ocaml-libs-Fix-memory-resource-leaks-with-caml.patch (renamed from 0021-tools-ocaml-libs-Fix-memory-resource-leaks-with-caml.patch) | 4 | ||||
-rw-r--r-- | 0045-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-P.patch (renamed from 0022-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-P.patch) | 100 | ||||
-rw-r--r-- | 0046-automation-Remove-clang-8-from-Debian-unstable-conta.patch (renamed from 0023-automation-Remove-clang-8-from-Debian-unstable-conta.patch) | 12 | ||||
-rw-r--r-- | 0047-libs-util-Fix-parallel-build-between-flex-bison-and-.patch (renamed from 0024-libs-util-Fix-parallel-build-between-flex-bison-and-.patch) | 14 | ||||
-rw-r--r-- | 0048-x86-cpuid-Infrastructure-for-leaves-7-1-ecx-edx.patch (renamed from 0025-x86-cpuid-Infrastructure-for-leaves-7-1-ecx-edx.patch) | 38 | ||||
-rw-r--r-- | 0049-x86-shskt-Disable-CET-SS-on-parts-susceptible-to-fra.patch (renamed from 0026-x86-shskt-Disable-CET-SS-on-parts-susceptible-to-fra.patch) | 56 | ||||
-rw-r--r-- | 0050-credit2-respect-credit2_runqueue-all-when-arranging-.patch (renamed from 0027-credit2-respect-credit2_runqueue-all-when-arranging-.patch) | 14 | ||||
-rw-r--r-- | 0051-build-make-FILE-symbol-paths-consistent.patch | 42 | ||||
-rw-r--r-- | 0052-x86-ucode-AMD-apply-the-patch-early-on-every-logical.patch (renamed from 0028-x86-ucode-AMD-apply-the-patch-early-on-every-logical.patch) | 28 | ||||
-rw-r--r-- | 0053-x86-perform-mem_sharing-teardown-before-paging-teard.patch (renamed from 0029-x86-perform-mem_sharing-teardown-before-paging-teard.patch) | 14 | ||||
-rw-r--r-- | 0054-xen-Work-around-Clang-IAS-macro-expansion-bug.patch (renamed from 0030-xen-Work-around-Clang-IAS-macro-expansion-bug.patch) | 36 | ||||
-rw-r--r-- | 0055-xen-Fix-Clang-Wunicode-diagnostic-when-building-asm-.patch (renamed from 0031-xen-Fix-Clang-Wunicode-diagnostic-when-building-asm-.patch) | 38 | ||||
-rw-r--r-- | 0056-bump-default-SeaBIOS-version-to-1.16.0.patch | 28 | ||||
-rw-r--r-- | 0056-tools-Use-PKG_CONFIG_FILE-instead-of-PKG_CONFIG-vari.patch (renamed from 0032-tools-Use-PKG_CONFIG_FILE-instead-of-PKG_CONFIG-vari.patch) | 55 | ||||
-rw-r--r-- | 0057-libs-guest-Fix-resource-leaks-in-xc_core_arch_map_p2.patch (renamed from 0033-libs-guest-Fix-resource-leaks-in-xc_core_arch_map_p2.patch) | 6 | ||||
-rw-r--r-- | 0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch (renamed from 0034-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch) | 8 | ||||
-rw-r--r-- | 0059-x86-ucode-AMD-late-load-the-patch-on-every-logical-t.patch (renamed from 0035-x86-ucode-AMD-late-load-the-patch-on-every-logical-t.patch) | 22 | ||||
-rw-r--r-- | 0060-x86-shadow-account-for-log-dirty-mode-when-pre-alloc.patch (renamed from 0036-x86-shadow-account-for-log-dirty-mode-when-pre-alloc.patch) | 48 | ||||
-rw-r--r-- | 0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch (renamed from 0037-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch) | 6 | ||||
-rw-r--r-- | 0062-x86-HVM-serialize-pinned-cache-attribute-list-manipu.patch (renamed from 0038-x86-HVM-serialize-pinned-cache-attribute-list-manipu.patch) | 10 | ||||
-rw-r--r-- | 0063-x86-spec-ctrl-Defer-CR4_PV32_RESTORE-on-the-cstar_en.patch (renamed from 0039-x86-spec-ctrl-Defer-CR4_PV32_RESTORE-on-the-cstar_en.patch) | 6 | ||||
-rw-r--r-- | 0064-x86-vmx-implement-VMExit-based-guest-Bus-Lock-detect.patch | 175 | ||||
-rw-r--r-- | 0065-x86-vmx-introduce-helper-to-set-VMX_INTR_SHADOW_NMI.patch | 102 | ||||
-rw-r--r-- | 0066-x86-vmx-implement-Notify-VM-Exit.patch | 243 | ||||
-rw-r--r-- | 0067-tools-python-change-s-size-type-for-Python-3.10.patch (renamed from 0040-tools-python-change-s-size-type-for-Python-3.10.patch) | 6 | ||||
-rw-r--r-- | 0068-tools-xenmon-Fix-xenmon.py-for-with-python3.x.patch (renamed from 0041-tools-xenmon-Fix-xenmon.py-for-with-python3.x.patch) | 6 | ||||
-rw-r--r-- | 0069-x86-spec-ctrl-Add-BHI-controls-to-userspace-componen.patch | 51 | ||||
-rw-r--r-- | 0070-core-parking-fix-build-with-gcc12-and-NR_CPUS-1.patch (renamed from 0042-core-parking-fix-build-with-gcc12-and-NR_CPUS-1.patch) | 20 | ||||
-rw-r--r-- | 0071-x86-altp2m-help-gcc13-to-avoid-it-emitting-a-warning.patch (renamed from 0043-x86-altp2m-help-gcc13-to-avoid-it-emitting-a-warning.patch) | 86 | ||||
-rw-r--r-- | 0072-VT-d-constrain-IGD-check.patch (renamed from 0044-VT-d-constrain-IGD-check.patch) | 8 | ||||
-rw-r--r-- | 0073-bunzip-work-around-gcc13-warning.patch (renamed from 0045-bunzip-work-around-gcc13-warning.patch) | 8 | ||||
-rw-r--r-- | 0074-libacpi-fix-PCI-hotplug-AML.patch (renamed from 0046-libacpi-fix-PCI-hotplug-AML.patch) | 8 | ||||
-rw-r--r-- | 0075-AMD-IOMMU-without-XT-x2APIC-needs-to-be-forced-into-.patch (renamed from 0047-AMD-IOMMU-without-XT-x2APIC-needs-to-be-forced-into-.patch) | 16 | ||||
-rw-r--r-- | 0076-VT-d-fix-iommu-no-igfx-if-the-IOMMU-scope-contains-f.patch (renamed from 0048-VT-d-fix-iommu-no-igfx-if-the-IOMMU-scope-contains-f.patch) | 8 | ||||
-rw-r--r-- | 0077-x86-shadow-fix-and-improve-sh_page_has_multiple_shad.patch (renamed from 0049-x86-shadow-fix-and-improve-sh_page_has_multiple_shad.patch) | 8 | ||||
-rw-r--r-- | 0078-x86-nospec-Fix-evaluate_nospec-code-generation-under.patch (renamed from 0050-x86-nospec-Fix-evaluate_nospec-code-generation-under.patch) | 14 | ||||
-rw-r--r-- | 0079-x86-shadow-Fix-build-with-no-PG_log_dirty.patch (renamed from 0051-x86-shadow-Fix-build-with-no-PG_log_dirty.patch) | 20 | ||||
-rw-r--r-- | 0080-x86-vmx-Don-t-spuriously-crash-the-domain-when-INIT-.patch (renamed from 0052-x86-vmx-Don-t-spuriously-crash-the-domain-when-INIT-.patch) | 10 | ||||
-rw-r--r-- | 0081-x86-ucode-Fix-error-paths-control_thread_fn.patch (renamed from 0053-x86-ucode-Fix-error-paths-control_thread_fn.patch) | 16 | ||||
-rw-r--r-- | 0082-include-don-t-mention-stub-headers-more-than-once-in.patch | 37 | ||||
-rw-r--r-- | 0083-vpci-msix-handle-accesses-adjacent-to-the-MSI-X-tabl.patch (renamed from 0054-vpci-msix-handle-accesses-adjacent-to-the-MSI-X-tabl.patch) | 123 | ||||
-rw-r--r-- | 0084-ns16550-correct-name-value-pair-parsing-for-PCI-port.patch (renamed from 0055-ns16550-correct-name-value-pair-parsing-for-PCI-port.patch) | 12 | ||||
-rw-r--r-- | 0085-CI-Drop-automation-configs.patch (renamed from 0057-CI-Drop-automation-configs.patch) | 12 | ||||
-rw-r--r-- | 0086-automation-Switch-arm32-cross-builds-to-run-on-arm64.patch (renamed from 0058-automation-Switch-arm32-cross-builds-to-run-on-arm64.patch) | 8 | ||||
-rw-r--r-- | 0087-automation-Remove-CentOS-7.2-containers-and-builds.patch (renamed from 0059-automation-Remove-CentOS-7.2-containers-and-builds.patch) | 6 | ||||
-rw-r--r-- | 0088-automation-Remove-non-debug-x86_32-build-jobs.patch (renamed from 0060-automation-Remove-non-debug-x86_32-build-jobs.patch) | 8 | ||||
-rw-r--r-- | 0089-CI-Remove-llvm-8-from-the-Debian-Stretch-container.patch (renamed from 0061-CI-Remove-llvm-8-from-the-Debian-Stretch-container.patch) | 6 | ||||
-rw-r--r-- | info.txt | 6 |
92 files changed, 3671 insertions, 614 deletions
diff --git a/0001-update-Xen-version-to-4.16.4-pre.patch b/0001-update-Xen-version-to-4.16.4-pre.patch deleted file mode 100644 index 961358a..0000000 --- a/0001-update-Xen-version-to-4.16.4-pre.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e3396cd8be5ee99d363a23f30c680e42fb2757bd Mon Sep 17 00:00:00 2001 -From: Jan Beulich <jbeulich@suse.com> -Date: Tue, 20 Dec 2022 13:50:16 +0100 -Subject: [PATCH 01/61] update Xen version to 4.16.4-pre - ---- - xen/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/xen/Makefile b/xen/Makefile -index 06dde1e03c..67c5551ffd 100644 ---- a/xen/Makefile -+++ b/xen/Makefile -@@ -2,7 +2,7 @@ - # All other places this is stored (eg. compile.h) should be autogenerated. - export XEN_VERSION = 4 - export XEN_SUBVERSION = 16 --export XEN_EXTRAVERSION ?= .3$(XEN_VENDORVERSION) -+export XEN_EXTRAVERSION ?= .4-pre$(XEN_VENDORVERSION) - export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) - -include xen-version - --- -2.40.0 - diff --git a/0001-update-Xen-version-to-4.17.1-pre.patch b/0001-update-Xen-version-to-4.17.1-pre.patch new file mode 100644 index 0000000..1d1bb53 --- /dev/null +++ b/0001-update-Xen-version-to-4.17.1-pre.patch @@ -0,0 +1,136 @@ +From 0b999fa2eadaeff840a8331b87f1f73abf3b14eb Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Tue, 20 Dec 2022 13:40:38 +0100 +Subject: [PATCH 01/89] update Xen version to 4.17.1-pre + +--- + MAINTAINERS | 92 +++++----------------------------------------------- + xen/Makefile | 2 +- + 2 files changed, 10 insertions(+), 84 deletions(-) + +diff --git a/MAINTAINERS b/MAINTAINERS +index 175f10f33f..ebb908cc37 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -54,6 +54,15 @@ list. Remember to copy the appropriate stable branch maintainer who + will be listed in this section of the MAINTAINERS file in the + appropriate branch. + ++The maintainer for this branch is: ++ ++ Jan Beulich <jbeulich@suse.com> ++ ++Tools backport requests should also be copied to: ++ ++ Anthony Perard <anthony.perard@citrix.com> ++ ++ + Unstable Subsystem Maintainers + ============================== + +@@ -104,89 +113,6 @@ Descriptions of section entries: + xen-maintainers-<version format number of this file> + + +- Check-in policy +- =============== +- +-In order for a patch to be checked in, in general, several conditions +-must be met: +- +-1. In order to get a change to a given file committed, it must have +- the approval of at least one maintainer of that file. +- +- A patch of course needs Acks from the maintainers of each file that +- it changes; so a patch which changes xen/arch/x86/traps.c, +- xen/arch/x86/mm/p2m.c, and xen/arch/x86/mm/shadow/multi.c would +- require an Ack from each of the three sets of maintainers. +- +- See below for rules on nested maintainership. +- +-2. It must have appropriate approval from someone other than the +- submitter. This can be either: +- +- a. An Acked-by from a maintainer of the code being touched (a +- co-maintainer if available, or a more general level maintainer if +- not available; see the secton on nested maintainership) +- +- b. A Reviewed-by by anyone of suitable stature in the community +- +-3. Sufficient time must have been given for anyone to respond. This +- depends in large part upon the urgency and nature of the patch. +- For a straightforward uncontroversial patch, a day or two may be +- sufficient; for a controversial patch, a week or two may be better. +- +-4. There must be no "open" objections. +- +-In a case where one person submits a patch and a maintainer gives an +-Ack, the Ack stands in for both the approval requirement (#1) and the +-Acked-by-non-submitter requirement (#2). +- +-In a case where a maintainer themselves submits a patch, the +-Signed-off-by meets the approval requirement (#1); so a Review +-from anyone in the community suffices for requirement #2. +- +-Before a maintainer checks in their own patch with another community +-member's R-b but no co-maintainer Ack, it is especially important to +-give their co-maintainer opportunity to give feedback, perhaps +-declaring their intention to check it in without their co-maintainers +-ack a day before doing so. +- +-Maintainers may choose to override non-maintainer objections in the +-case that consensus can't be reached. +- +-As always, no policy can cover all possible situations. In +-exceptional circumstances, committers may commit a patch in absence of +-one or more of the above requirements, if they are reasonably +-confident that the other maintainers will approve of their decision in +-retrospect. +- +- The meaning of nesting +- ====================== +- +-Many maintainership areas are "nested": for example, there are entries +-for xen/arch/x86 as well as xen/arch/x86/mm, and even +-xen/arch/x86/mm/shadow; and there is a section at the end called "THE +-REST" which lists all committers. The meaning of nesting is that: +- +-1. Under normal circumstances, the Ack of the most specific maintainer +-is both necessary and sufficient to get a change to a given file +-committed. So a change to xen/arch/x86/mm/shadow/multi.c requires the +-the Ack of the xen/arch/x86/mm/shadow maintainer for that part of the +-patch, but would not require the Ack of the xen/arch/x86 maintainer or +-the xen/arch/x86/mm maintainer. +- +-2. In unusual circumstances, a more general maintainer's Ack can stand +-in for or even overrule a specific maintainer's Ack. Unusual +-circumstances might include: +- - The patch is fixing a high-priority issue causing immediate pain, +- and the more specific maintainer is not available. +- - The more specific maintainer has not responded either to the +- original patch, nor to "pings", within a reasonable amount of time. +- - The more general maintainer wants to overrule the more specific +- maintainer on some issue. (This should be exceptional.) +- - In the case of a disagreement between maintainers, THE REST can +- settle the matter by majority vote. (This should be very exceptional +- indeed.) +- + + Maintainers List (try to look for most precise areas first) + +diff --git a/xen/Makefile b/xen/Makefile +index d7102a3b47..dcedfbc38e 100644 +--- a/xen/Makefile ++++ b/xen/Makefile +@@ -6,7 +6,7 @@ this-makefile := $(call lastword,$(MAKEFILE_LIST)) + # All other places this is stored (eg. compile.h) should be autogenerated. + export XEN_VERSION = 4 + export XEN_SUBVERSION = 17 +-export XEN_EXTRAVERSION ?= .0$(XEN_VENDORVERSION) ++export XEN_EXTRAVERSION ?= .1-pre$(XEN_VENDORVERSION) + export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) + -include xen-version + +-- +2.40.0 + diff --git a/0002-x86-irq-do-not-release-irq-until-all-cleanup-is-done.patch b/0002-x86-irq-do-not-release-irq-until-all-cleanup-is-done.patch new file mode 100644 index 0000000..1c7a13d --- /dev/null +++ b/0002-x86-irq-do-not-release-irq-until-all-cleanup-is-done.patch @@ -0,0 +1,90 @@ +From 9cbc04a95f8a7f7cc27901211cbe19a42850c4ed Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Tue, 20 Dec 2022 13:43:04 +0100 +Subject: [PATCH 02/89] x86/irq: do not release irq until all cleanup is done +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Current code in _clear_irq_vector() will mark the irq as unused before +doing the cleanup required when move_in_progress is true. + +This can lead to races in create_irq() if the function picks an irq +desc that's been marked as unused but has move_in_progress set, as the +call to assign_irq_vector() in that function can then fail with +-EAGAIN. + +Prevent that by only marking irq descs as unused when all the cleanup +has been done. While there also use write_atomic() when setting +IRQ_UNUSED in _clear_irq_vector() and add a barrier in order to +prevent the setting of IRQ_UNUSED getting reordered by the compiler. + +The check for move_in_progress cannot be removed from +_assign_irq_vector(), as other users (io_apic_set_pci_routing() and +ioapic_guest_write()) can still pass active irq descs to +assign_irq_vector(). + +Note the trace point is not moved and is now set before the irq is +marked as unused. This is done so that the CPU mask provided in the +trace point is the one belonging to the current vector, not the old +one. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +master commit: e267d11969a40f0aec33dbf966f5a6490b205f43 +master date: 2022-12-02 10:32:21 +0100 +--- + xen/arch/x86/irq.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +diff --git a/xen/arch/x86/irq.c b/xen/arch/x86/irq.c +index cd0c8a30a8..20150b1c7f 100644 +--- a/xen/arch/x86/irq.c ++++ b/xen/arch/x86/irq.c +@@ -220,27 +220,28 @@ static void _clear_irq_vector(struct irq_desc *desc) + clear_bit(vector, desc->arch.used_vectors); + } + +- desc->arch.used = IRQ_UNUSED; +- + trace_irq_mask(TRC_HW_IRQ_CLEAR_VECTOR, irq, vector, tmp_mask); + +- if ( likely(!desc->arch.move_in_progress) ) +- return; ++ if ( unlikely(desc->arch.move_in_progress) ) ++ { ++ /* If we were in motion, also clear desc->arch.old_vector */ ++ old_vector = desc->arch.old_vector; ++ cpumask_and(tmp_mask, desc->arch.old_cpu_mask, &cpu_online_map); + +- /* If we were in motion, also clear desc->arch.old_vector */ +- old_vector = desc->arch.old_vector; +- cpumask_and(tmp_mask, desc->arch.old_cpu_mask, &cpu_online_map); ++ for_each_cpu(cpu, tmp_mask) ++ { ++ ASSERT(per_cpu(vector_irq, cpu)[old_vector] == irq); ++ TRACE_3D(TRC_HW_IRQ_MOVE_FINISH, irq, old_vector, cpu); ++ per_cpu(vector_irq, cpu)[old_vector] = ~irq; ++ } + +- for_each_cpu(cpu, tmp_mask) +- { +- ASSERT(per_cpu(vector_irq, cpu)[old_vector] == irq); +- TRACE_3D(TRC_HW_IRQ_MOVE_FINISH, irq, old_vector, cpu); +- per_cpu(vector_irq, cpu)[old_vector] = ~irq; +- } ++ release_old_vec(desc); + +- release_old_vec(desc); ++ desc->arch.move_in_progress = 0; ++ } + +- desc->arch.move_in_progress = 0; ++ smp_wmb(); ++ write_atomic(&desc->arch.used, IRQ_UNUSED); + } + + void __init clear_irq_vector(int irq) +-- +2.40.0 + diff --git a/0003-x86-pvh-do-not-forward-MADT-Local-APIC-NMI-structure.patch b/0003-x86-pvh-do-not-forward-MADT-Local-APIC-NMI-structure.patch new file mode 100644 index 0000000..47d6997 --- /dev/null +++ b/0003-x86-pvh-do-not-forward-MADT-Local-APIC-NMI-structure.patch @@ -0,0 +1,103 @@ +From b7b34bd66ac77326bb49b10130013b4a9f83e4a2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Tue, 20 Dec 2022 13:43:37 +0100 +Subject: [PATCH 03/89] x86/pvh: do not forward MADT Local APIC NMI structures + to dom0 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently Xen will passthrough any Local APIC NMI Structure found in +the native ACPI MADT table to a PVH dom0. This is wrong because PVH +doesn't have access to the physical local APIC, and instead gets an +emulated local APIC by Xen, that doesn't have the LINT0 or LINT1 +pins wired to anything. Furthermore the ACPI Processor UIDs used in +the APIC NMI Structures are likely to not match the ones generated by +Xen for the Local x2APIC Structures, creating confusion to dom0. + +Fix this by removing the logic to passthrough the Local APIC NMI +Structure for PVH dom0. + +Fixes: 1d74282c45 ('x86: setup PVHv2 Dom0 ACPI tables') +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +master commit: b39e6385250ccef9509af0eab9003ad5c1478842 +master date: 2022-12-02 10:33:40 +0100 +--- + xen/arch/x86/hvm/dom0_build.c | 34 +--------------------------------- + 1 file changed, 1 insertion(+), 33 deletions(-) + +diff --git a/xen/arch/x86/hvm/dom0_build.c b/xen/arch/x86/hvm/dom0_build.c +index 1864d048a1..3ac6b7b423 100644 +--- a/xen/arch/x86/hvm/dom0_build.c ++++ b/xen/arch/x86/hvm/dom0_build.c +@@ -58,9 +58,6 @@ + static unsigned int __initdata acpi_intr_overrides; + static struct acpi_madt_interrupt_override __initdata *intsrcovr; + +-static unsigned int __initdata acpi_nmi_sources; +-static struct acpi_madt_nmi_source __initdata *nmisrc; +- + static unsigned int __initdata order_stats[MAX_ORDER + 1]; + + static void __init print_order_stats(const struct domain *d) +@@ -763,25 +760,6 @@ static int __init cf_check acpi_set_intr_ovr( + return 0; + } + +-static int __init cf_check acpi_count_nmi_src( +- struct acpi_subtable_header *header, const unsigned long end) +-{ +- acpi_nmi_sources++; +- return 0; +-} +- +-static int __init cf_check acpi_set_nmi_src( +- struct acpi_subtable_header *header, const unsigned long end) +-{ +- const struct acpi_madt_nmi_source *src = +- container_of(header, struct acpi_madt_nmi_source, header); +- +- *nmisrc = *src; +- nmisrc++; +- +- return 0; +-} +- + static int __init pvh_setup_acpi_madt(struct domain *d, paddr_t *addr) + { + struct acpi_table_madt *madt; +@@ -797,16 +775,11 @@ static int __init pvh_setup_acpi_madt(struct domain *d, paddr_t *addr) + acpi_table_parse_madt(ACPI_MADT_TYPE_INTERRUPT_OVERRIDE, + acpi_count_intr_ovr, UINT_MAX); + +- /* Count number of NMI sources in the MADT. */ +- acpi_table_parse_madt(ACPI_MADT_TYPE_NMI_SOURCE, acpi_count_nmi_src, +- UINT_MAX); +- + max_vcpus = dom0_max_vcpus(); + /* Calculate the size of the crafted MADT. */ + size = sizeof(*madt); + size += sizeof(*io_apic) * nr_ioapics; + size += sizeof(*intsrcovr) * acpi_intr_overrides; +- size += sizeof(*nmisrc) * acpi_nmi_sources; + size += sizeof(*x2apic) * max_vcpus; + + madt = xzalloc_bytes(size); +@@ -862,12 +835,7 @@ static int __init pvh_setup_acpi_madt(struct domain *d, paddr_t *addr) + acpi_table_parse_madt(ACPI_MADT_TYPE_INTERRUPT_OVERRIDE, acpi_set_intr_ovr, + acpi_intr_overrides); + +- /* Setup NMI sources. */ +- nmisrc = (void *)intsrcovr; +- acpi_table_parse_madt(ACPI_MADT_TYPE_NMI_SOURCE, acpi_set_nmi_src, +- acpi_nmi_sources); +- +- ASSERT(((void *)nmisrc - (void *)madt) == size); ++ ASSERT(((void *)intsrcovr - (void *)madt) == size); + madt->header.length = size; + /* + * Calling acpi_tb_checksum here is a layering violation, but +-- +2.40.0 + diff --git a/0004-x86-HVM-don-t-mark-external-IRQs-as-pending-when-vLA.patch b/0004-x86-HVM-don-t-mark-external-IRQs-as-pending-when-vLA.patch new file mode 100644 index 0000000..01dcba8 --- /dev/null +++ b/0004-x86-HVM-don-t-mark-external-IRQs-as-pending-when-vLA.patch @@ -0,0 +1,71 @@ +From 54bb56e12868100c5ce06e33b4f57b6b2b8f37b9 Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Tue, 20 Dec 2022 13:44:07 +0100 +Subject: [PATCH 04/89] x86/HVM: don't mark external IRQs as pending when + vLAPIC is disabled + +In software-disabled state an LAPIC does not accept any interrupt +requests and hence no IRR bit would newly become set while in this +state. As a result it is also wrong for us to mark IO-APIC or MSI +originating vectors as having a pending request when the vLAPIC is in +this state. Such interrupts are simply lost. + +Introduce (IO-APIC) or re-use (MSI) a local variable to help +readability. + +Fixes: 4fe21ad3712e ("This patch add virtual IOAPIC support for VMX guest") +Fixes: 85715f4bc7c9 ("MSI 5/6: add MSI support to passthrough HVM domain") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> +master commit: f1d7aac1e3c3cd164e17d41791a575a5c3e87121 +master date: 2022-12-02 10:35:01 +0100 +--- + xen/arch/x86/hvm/vioapic.c | 9 +++++++-- + xen/arch/x86/hvm/vmsi.c | 10 ++++++---- + 2 files changed, 13 insertions(+), 6 deletions(-) + +diff --git a/xen/arch/x86/hvm/vioapic.c b/xen/arch/x86/hvm/vioapic.c +index cb7f440160..41e3c4d5e4 100644 +--- a/xen/arch/x86/hvm/vioapic.c ++++ b/xen/arch/x86/hvm/vioapic.c +@@ -460,9 +460,14 @@ static void vioapic_deliver(struct hvm_vioapic *vioapic, unsigned int pin) + + case dest_Fixed: + for_each_vcpu ( d, v ) +- if ( vlapic_match_dest(vcpu_vlapic(v), NULL, 0, dest, dest_mode) ) +- ioapic_inj_irq(vioapic, vcpu_vlapic(v), vector, trig_mode, ++ { ++ struct vlapic *vlapic = vcpu_vlapic(v); ++ ++ if ( vlapic_enabled(vlapic) && ++ vlapic_match_dest(vlapic, NULL, 0, dest, dest_mode) ) ++ ioapic_inj_irq(vioapic, vlapic, vector, trig_mode, + delivery_mode); ++ } + break; + + case dest_NMI: +diff --git a/xen/arch/x86/hvm/vmsi.c b/xen/arch/x86/hvm/vmsi.c +index 75f92885dc..3cd4923060 100644 +--- a/xen/arch/x86/hvm/vmsi.c ++++ b/xen/arch/x86/hvm/vmsi.c +@@ -87,10 +87,12 @@ int vmsi_deliver( + + case dest_Fixed: + for_each_vcpu ( d, v ) +- if ( vlapic_match_dest(vcpu_vlapic(v), NULL, +- 0, dest, dest_mode) ) +- vmsi_inj_irq(vcpu_vlapic(v), vector, +- trig_mode, delivery_mode); ++ { ++ target = vcpu_vlapic(v); ++ if ( vlapic_enabled(target) && ++ vlapic_match_dest(target, NULL, 0, dest, dest_mode) ) ++ vmsi_inj_irq(target, vector, trig_mode, delivery_mode); ++ } + break; + + default: +-- +2.40.0 + diff --git a/0005-x86-Viridian-don-t-mark-IRQ-vectors-as-pending-when-.patch b/0005-x86-Viridian-don-t-mark-IRQ-vectors-as-pending-when-.patch new file mode 100644 index 0000000..3086285 --- /dev/null +++ b/0005-x86-Viridian-don-t-mark-IRQ-vectors-as-pending-when-.patch @@ -0,0 +1,60 @@ +From 5810edc049cd5828c2628a377ca8443610e54f82 Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Tue, 20 Dec 2022 13:44:38 +0100 +Subject: [PATCH 05/89] x86/Viridian: don't mark IRQ vectors as pending when + vLAPIC is disabled + +In software-disabled state an LAPIC does not accept any interrupt +requests and hence no IRR bit would newly become set while in this +state. As a result it is also wrong for us to mark Viridian IPI or timer +vectors as having a pending request when the vLAPIC is in this state. +Such interrupts are simply lost. + +Introduce a local variable in send_ipi() to help readability. + +Fixes: fda96b7382ea ("viridian: add implementation of the HvSendSyntheticClusterIpi hypercall") +Fixes: 26fba3c85571 ("viridian: add implementation of synthetic timers") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Paul Durrant <paul@xen.org> +master commit: 831419f82913417dee4e5b0f80769c5db590540b +master date: 2022-12-02 10:35:32 +0100 +--- + xen/arch/x86/hvm/viridian/synic.c | 2 +- + xen/arch/x86/hvm/viridian/viridian.c | 7 ++++++- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/xen/arch/x86/hvm/viridian/synic.c b/xen/arch/x86/hvm/viridian/synic.c +index e18538c60a..856bb898b8 100644 +--- a/xen/arch/x86/hvm/viridian/synic.c ++++ b/xen/arch/x86/hvm/viridian/synic.c +@@ -359,7 +359,7 @@ bool viridian_synic_deliver_timer_msg(struct vcpu *v, unsigned int sintx, + BUILD_BUG_ON(sizeof(payload) > sizeof(msg->u.payload)); + memcpy(msg->u.payload, &payload, sizeof(payload)); + +- if ( !vs->masked ) ++ if ( !vs->masked && vlapic_enabled(vcpu_vlapic(v)) ) + vlapic_set_irq(vcpu_vlapic(v), vs->vector, 0); + + return true; +diff --git a/xen/arch/x86/hvm/viridian/viridian.c b/xen/arch/x86/hvm/viridian/viridian.c +index 25dca93e8b..2937ddd3a8 100644 +--- a/xen/arch/x86/hvm/viridian/viridian.c ++++ b/xen/arch/x86/hvm/viridian/viridian.c +@@ -811,7 +811,12 @@ static void send_ipi(struct hypercall_vpmask *vpmask, uint8_t vector) + cpu_raise_softirq_batch_begin(); + + for_each_vp ( vpmask, vp ) +- vlapic_set_irq(vcpu_vlapic(currd->vcpu[vp]), vector, 0); ++ { ++ struct vlapic *vlapic = vcpu_vlapic(currd->vcpu[vp]); ++ ++ if ( vlapic_enabled(vlapic) ) ++ vlapic_set_irq(vlapic, vector, 0); ++ } + + if ( nr > 1 ) + cpu_raise_softirq_batch_finish(); +-- +2.40.0 + diff --git a/0006-x86-HVM-don-t-mark-evtchn-upcall-vector-as-pending-w.patch b/0006-x86-HVM-don-t-mark-evtchn-upcall-vector-as-pending-w.patch new file mode 100644 index 0000000..2577f20 --- /dev/null +++ b/0006-x86-HVM-don-t-mark-evtchn-upcall-vector-as-pending-w.patch @@ -0,0 +1,70 @@ +From 26f39b3d705b667aa21f368c252abffb0b4d3e5d Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Tue, 20 Dec 2022 13:45:07 +0100 +Subject: [PATCH 06/89] x86/HVM: don't mark evtchn upcall vector as pending + when vLAPIC is disabled + +Linux'es relatively new use of HVMOP_set_evtchn_upcall_vector has +exposed a problem with the marking of the respective vector as +pending: For quite some time Linux has been checking whether any stale +ISR or IRR bits would still be set while preparing the LAPIC for use. +This check is now triggering on the upcall vector, as the registration, +at least for APs, happens before the LAPIC is actually enabled. + +In software-disabled state an LAPIC would not accept any interrupt +requests and hence no IRR bit would newly become set while in this +state. As a result it is also wrong for us to mark the upcall vector as +having a pending request when the vLAPIC is in this state. + +To compensate for the "enabled" check added to the assertion logic, add +logic to (conditionally) mark the upcall vector as having a request +pending at the time the LAPIC is being software-enabled by the guest. +Note however that, like for the pt_may_unmask_irq() we already have +there, long term we may need to find a different solution. This will be +especially relevant in case yet better LAPIC acceleration would +eliminate notifications of guest writes to this and other registers. + +Fixes: 7b5b8ca7dffd ("x86/upcall: inject a spurious event after setting upcall vector") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Juergen Gross <jgross@suse.com> +master commit: f5d0279839b58cb622f0995dbf9cff056f03082e +master date: 2022-12-06 13:51:49 +0100 +--- + xen/arch/x86/hvm/irq.c | 5 +++-- + xen/arch/x86/hvm/vlapic.c | 3 +++ + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/xen/arch/x86/hvm/irq.c b/xen/arch/x86/hvm/irq.c +index 858ab5b248..d93ffe4546 100644 +--- a/xen/arch/x86/hvm/irq.c ++++ b/xen/arch/x86/hvm/irq.c +@@ -321,9 +321,10 @@ void hvm_assert_evtchn_irq(struct vcpu *v) + + if ( v->arch.hvm.evtchn_upcall_vector != 0 ) + { +- uint8_t vector = v->arch.hvm.evtchn_upcall_vector; ++ struct vlapic *vlapic = vcpu_vlapic(v); + +- vlapic_set_irq(vcpu_vlapic(v), vector, 0); ++ if ( vlapic_enabled(vlapic) ) ++ vlapic_set_irq(vlapic, v->arch.hvm.evtchn_upcall_vector, 0); + } + else if ( is_hvm_pv_evtchn_domain(v->domain) ) + vcpu_kick(v); +diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c +index 257d3b6851..eb32f12e2d 100644 +--- a/xen/arch/x86/hvm/vlapic.c ++++ b/xen/arch/x86/hvm/vlapic.c +@@ -829,6 +829,9 @@ void vlapic_reg_write(struct vcpu *v, unsigned int reg, uint32_t val) + { + vlapic->hw.disabled &= ~VLAPIC_SW_DISABLED; + pt_may_unmask_irq(vlapic_domain(vlapic), &vlapic->pt); ++ if ( v->arch.hvm.evtchn_upcall_vector && ++ vcpu_info(v, evtchn_upcall_pending) ) ++ vlapic_set_irq(vlapic, v->arch.hvm.evtchn_upcall_vector, 0); + } + break; + +-- +2.40.0 + diff --git a/0002-ioreq_broadcast-accept-partial-broadcast-success.patch b/0007-ioreq_broadcast-accept-partial-broadcast-success.patch index 1b0ae9c..654990b 100644 --- a/0002-ioreq_broadcast-accept-partial-broadcast-success.patch +++ b/0007-ioreq_broadcast-accept-partial-broadcast-success.patch @@ -1,7 +1,7 @@ -From f2edbd79f5d5ce3b633885469852e1215dc0d4b5 Mon Sep 17 00:00:00 2001 +From c3e37c60fbf8f8cd71db0f0846c9c7aeadf02963 Mon Sep 17 00:00:00 2001 From: Per Bilse <per.bilse@citrix.com> -Date: Tue, 20 Dec 2022 13:50:47 +0100 -Subject: [PATCH 02/61] ioreq_broadcast(): accept partial broadcast success +Date: Tue, 20 Dec 2022 13:45:38 +0100 +Subject: [PATCH 07/89] ioreq_broadcast(): accept partial broadcast success Avoid incorrectly triggering an error when a broadcast buffered ioreq is not handled by all registered clients, as long as the failure is @@ -16,10 +16,10 @@ master date: 2022-12-07 12:17:30 +0100 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/common/ioreq.c b/xen/common/ioreq.c -index 42414b750b..2a8d8de2d5 100644 +index 4617aef29b..ecb8f545e1 100644 --- a/xen/common/ioreq.c +++ b/xen/common/ioreq.c -@@ -1322,7 +1322,8 @@ unsigned int ioreq_broadcast(ioreq_t *p, bool buffered) +@@ -1317,7 +1317,8 @@ unsigned int ioreq_broadcast(ioreq_t *p, bool buffered) FOR_EACH_IOREQ_SERVER(d, id, s) { diff --git a/0008-EFI-relocate-the-ESRT-when-booting-via-multiboot2.patch b/0008-EFI-relocate-the-ESRT-when-booting-via-multiboot2.patch new file mode 100644 index 0000000..d1acae6 --- /dev/null +++ b/0008-EFI-relocate-the-ESRT-when-booting-via-multiboot2.patch @@ -0,0 +1,195 @@ +From 1dcc9b6dfe528c7815a314f9b5581804b5e23750 Mon Sep 17 00:00:00 2001 +From: Demi Marie Obenour <demi@invisiblethingslab.com> +Date: Tue, 20 Dec 2022 13:46:09 +0100 +Subject: [PATCH 08/89] EFI: relocate the ESRT when booting via multiboot2 + +This was missed in the initial patchset. + +Move efi_relocate_esrt() up to avoid adding a forward declaration. + +Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +master commit: 8d7acf3f7d8d2555c78421dced45bc49f79ae806 +master date: 2022-12-14 12:00:35 +0100 +--- + xen/arch/x86/efi/efi-boot.h | 2 + + xen/common/efi/boot.c | 136 ++++++++++++++++++------------------ + 2 files changed, 70 insertions(+), 68 deletions(-) + +diff --git a/xen/arch/x86/efi/efi-boot.h b/xen/arch/x86/efi/efi-boot.h +index 27f928ed3c..c94e53d139 100644 +--- a/xen/arch/x86/efi/efi-boot.h ++++ b/xen/arch/x86/efi/efi-boot.h +@@ -823,6 +823,8 @@ void __init efi_multiboot2(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable + if ( gop ) + efi_set_gop_mode(gop, gop_mode); + ++ efi_relocate_esrt(SystemTable); ++ + efi_exit_boot(ImageHandle, SystemTable); + } + +diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c +index b3de1011ee..d3c6b055ae 100644 +--- a/xen/common/efi/boot.c ++++ b/xen/common/efi/boot.c +@@ -625,6 +625,74 @@ static size_t __init get_esrt_size(const EFI_MEMORY_DESCRIPTOR *desc) + return esrt_ptr->FwResourceCount * sizeof(esrt_ptr->Entries[0]); + } + ++static EFI_GUID __initdata esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID; ++ ++static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE *SystemTable) ++{ ++ EFI_STATUS status; ++ UINTN info_size = 0, map_key, mdesc_size; ++ void *memory_map = NULL; ++ UINT32 ver; ++ unsigned int i; ++ ++ for ( ; ; ) ++ { ++ status = efi_bs->GetMemoryMap(&info_size, memory_map, &map_key, ++ &mdesc_size, &ver); ++ if ( status == EFI_SUCCESS && memory_map != NULL ) ++ break; ++ if ( status == EFI_BUFFER_TOO_SMALL || memory_map == NULL ) ++ { ++ info_size += 8 * mdesc_size; ++ if ( memory_map != NULL ) ++ efi_bs->FreePool(memory_map); ++ memory_map = NULL; ++ status = efi_bs->AllocatePool(EfiLoaderData, info_size, &memory_map); ++ if ( status == EFI_SUCCESS ) ++ continue; ++ PrintErr(L"Cannot allocate memory to relocate ESRT\r\n"); ++ } ++ else ++ PrintErr(L"Cannot obtain memory map to relocate ESRT\r\n"); ++ return; ++ } ++ ++ /* Try to obtain the ESRT. Errors are not fatal. */ ++ for ( i = 0; i < info_size; i += mdesc_size ) ++ { ++ /* ++ * ESRT needs to be moved to memory of type EfiACPIReclaimMemory ++ * so that the memory it is in will not be used for other purposes. ++ */ ++ void *new_esrt = NULL; ++ const EFI_MEMORY_DESCRIPTOR *desc = memory_map + i; ++ size_t esrt_size = get_esrt_size(desc); ++ ++ if ( !esrt_size ) ++ continue; ++ if ( desc->Type == EfiRuntimeServicesData || ++ desc->Type == EfiACPIReclaimMemory ) ++ break; /* ESRT already safe from reuse */ ++ status = efi_bs->AllocatePool(EfiACPIReclaimMemory, esrt_size, ++ &new_esrt); ++ if ( status == EFI_SUCCESS && new_esrt ) ++ { ++ memcpy(new_esrt, (void *)esrt, esrt_size); ++ status = efi_bs->InstallConfigurationTable(&esrt_guid, new_esrt); ++ if ( status != EFI_SUCCESS ) ++ { ++ PrintErr(L"Cannot install new ESRT\r\n"); ++ efi_bs->FreePool(new_esrt); ++ } ++ } ++ else ++ PrintErr(L"Cannot allocate memory for ESRT\r\n"); ++ break; ++ } ++ ++ efi_bs->FreePool(memory_map); ++} ++ + /* + * Include architecture specific implementation here, which references the + * static globals defined above. +@@ -903,8 +971,6 @@ static UINTN __init efi_find_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, + return gop_mode; + } + +-static EFI_GUID __initdata esrt_guid = EFI_SYSTEM_RESOURCE_TABLE_GUID; +- + static void __init efi_tables(void) + { + unsigned int i; +@@ -1113,72 +1179,6 @@ static void __init efi_set_gop_mode(EFI_GRAPHICS_OUTPUT_PROTOCOL *gop, UINTN gop + #define INVALID_VIRTUAL_ADDRESS (0xBAAADUL << \ + (EFI_PAGE_SHIFT + BITS_PER_LONG - 32)) + +-static void __init efi_relocate_esrt(EFI_SYSTEM_TABLE *SystemTable) +-{ +- EFI_STATUS status; +- UINTN info_size = 0, map_key, mdesc_size; +- void *memory_map = NULL; +- UINT32 ver; +- unsigned int i; +- +- for ( ; ; ) +- { +- status = efi_bs->GetMemoryMap(&info_size, memory_map, &map_key, +- &mdesc_size, &ver); +- if ( status == EFI_SUCCESS && memory_map != NULL ) +- break; +- if ( status == EFI_BUFFER_TOO_SMALL || memory_map == NULL ) +- { +- info_size += 8 * mdesc_size; +- if ( memory_map != NULL ) +- efi_bs->FreePool(memory_map); +- memory_map = NULL; +- status = efi_bs->AllocatePool(EfiLoaderData, info_size, &memory_map); +- if ( status == EFI_SUCCESS ) +- continue; +- PrintErr(L"Cannot allocate memory to relocate ESRT\r\n"); +- } +- else +- PrintErr(L"Cannot obtain memory map to relocate ESRT\r\n"); +- return; +- } +- +- /* Try to obtain the ESRT. Errors are not fatal. */ +- for ( i = 0; i < info_size; i += mdesc_size ) +- { +- /* +- * ESRT needs to be moved to memory of type EfiACPIReclaimMemory +- * so that the memory it is in will not be used for other purposes. +- */ +- void *new_esrt = NULL; +- const EFI_MEMORY_DESCRIPTOR *desc = memory_map + i; +- size_t esrt_size = get_esrt_size(desc); +- +- if ( !esrt_size ) +- continue; +- if ( desc->Type == EfiRuntimeServicesData || +- desc->Type == EfiACPIReclaimMemory ) +- break; /* ESRT already safe from reuse */ +- status = efi_bs->AllocatePool(EfiACPIReclaimMemory, esrt_size, +- &new_esrt); +- if ( status == EFI_SUCCESS && new_esrt ) +- { +- memcpy(new_esrt, (void *)esrt, esrt_size); +- status = efi_bs->InstallConfigurationTable(&esrt_guid, new_esrt); +- if ( status != EFI_SUCCESS ) +- { +- PrintErr(L"Cannot install new ESRT\r\n"); +- efi_bs->FreePool(new_esrt); +- } +- } +- else +- PrintErr(L"Cannot allocate memory for ESRT\r\n"); +- break; +- } +- +- efi_bs->FreePool(memory_map); +-} +- + static void __init efi_exit_boot(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) + { + EFI_STATUS status; +-- +2.40.0 + diff --git a/0003-x86-time-prevent-overflow-with-high-frequency-TSCs.patch b/0009-x86-time-prevent-overflow-with-high-frequency-TSCs.patch index a031317..a9401d7 100644 --- a/0003-x86-time-prevent-overflow-with-high-frequency-TSCs.patch +++ b/0009-x86-time-prevent-overflow-with-high-frequency-TSCs.patch @@ -1,7 +1,7 @@ -From 65bf12135f618614bbf44626fba1c20ca8d1a127 Mon Sep 17 00:00:00 2001 +From a7a26da0b59da7233e6c6f63b180bab131398351 Mon Sep 17 00:00:00 2001 From: Neowutran <xen@neowutran.ovh> -Date: Tue, 20 Dec 2022 13:51:42 +0100 -Subject: [PATCH 03/61] x86/time: prevent overflow with high frequency TSCs +Date: Tue, 20 Dec 2022 13:46:38 +0100 +Subject: [PATCH 09/89] x86/time: prevent overflow with high frequency TSCs Make sure tsc_khz is promoted to a 64-bit type before multiplying by 1000 to avoid an 'overflow before widen' bug. Otherwise just above @@ -17,10 +17,10 @@ master date: 2022-12-19 11:34:16 +0100 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c -index 1daff92dca..db0b149ec6 100644 +index b01acd390d..d882b43cf0 100644 --- a/xen/arch/x86/time.c +++ b/xen/arch/x86/time.c -@@ -2490,7 +2490,7 @@ int tsc_set_info(struct domain *d, +@@ -2585,7 +2585,7 @@ int tsc_set_info(struct domain *d, case TSC_MODE_ALWAYS_EMULATE: d->arch.vtsc_offset = get_s_time() - elapsed_nsec; d->arch.tsc_khz = gtsc_khz ?: cpu_khz; diff --git a/0010-tools-oxenstored-Fix-incorrect-scope-after-an-if-sta.patch b/0010-tools-oxenstored-Fix-incorrect-scope-after-an-if-sta.patch new file mode 100644 index 0000000..a8c427d --- /dev/null +++ b/0010-tools-oxenstored-Fix-incorrect-scope-after-an-if-sta.patch @@ -0,0 +1,52 @@ +From 2e8d7a08bcd111fe21569e9ace1a047df76da949 Mon Sep 17 00:00:00 2001 +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Fri, 11 Nov 2022 18:50:34 +0000 +Subject: [PATCH 10/89] tools/oxenstored: Fix incorrect scope after an if + statement +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A debug statement got inserted into a single-expression if statement. + +Insert brackets to give the intended meaning, rather than the actual meaning +where the "let con = Connections..." is outside and executed unconditionally. + +This results in some unnecessary ring checks for domains which otherwise have +IO credit. + +Fixes: 42f0581a91d4 ("tools/oxenstored: Implement live update for socket connections") +Reported-by: Edwin Török <edvin.torok@citrix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit ee36179371fd4215a43fb179be2165f65c1cd1cd) +--- + tools/ocaml/xenstored/xenstored.ml | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml +index ffd43a4eee..c5dc7a28d0 100644 +--- a/tools/ocaml/xenstored/xenstored.ml ++++ b/tools/ocaml/xenstored/xenstored.ml +@@ -475,7 +475,7 @@ let _ = + + let ring_scan_checker dom = + (* no need to scan domains already marked as for processing *) +- if not (Domain.get_io_credit dom > 0) then ++ if not (Domain.get_io_credit dom > 0) then ( + debug "Looking up domid %d" (Domain.get_id dom); + let con = Connections.find_domain cons (Domain.get_id dom) in + if not (Connection.has_more_work con) then ( +@@ -490,7 +490,8 @@ let _ = + let n = 32 + 2 * (Domains.number domains) in + info "found lazy domain %d, credit %d" (Domain.get_id dom) n; + Domain.set_io_credit ~n dom +- ) in ++ ) ++ ) in + + let last_stat_time = ref 0. in + let last_scan_time = ref 0. in +-- +2.40.0 + diff --git a/0011-tools-ocaml-evtchn-OCaml-5-support-fix-potential-res.patch b/0011-tools-ocaml-evtchn-OCaml-5-support-fix-potential-res.patch new file mode 100644 index 0000000..c9cf630 --- /dev/null +++ b/0011-tools-ocaml-evtchn-OCaml-5-support-fix-potential-res.patch @@ -0,0 +1,68 @@ +From d11528a993f80c6a86f4cb0c30578c026348e3e4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> +Date: Tue, 18 Jan 2022 15:04:48 +0000 +Subject: [PATCH 11/89] tools/ocaml/evtchn: OCaml 5 support, fix potential + resource leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There is no binding for xenevtchn_close(). In principle, this is a resource +leak, but the typical usage is as a singleton that lives for the lifetime of +the program. + +Ocaml 5 no longer permits storing a naked C pointer in an Ocaml value. + +Therefore, use a Custom block. This allows us to use the finaliser callback +to call xenevtchn_close(), if the Ocaml object goes out of scope. + +Signed-off-by: Edwin Török <edvin.torok@citrix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit 22d5affdf0cecfa6faae46fbaec68b8018835220) +--- + tools/ocaml/libs/eventchn/xeneventchn_stubs.c | 21 +++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c +index f889a7a2e4..37f1cc4e14 100644 +--- a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c ++++ b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c +@@ -33,7 +33,22 @@ + #include <caml/fail.h> + #include <caml/signals.h> + +-#define _H(__h) ((xenevtchn_handle *)(__h)) ++#define _H(__h) (*((xenevtchn_handle **)Data_custom_val(__h))) ++ ++static void stub_evtchn_finalize(value v) ++{ ++ xenevtchn_close(_H(v)); ++} ++ ++static struct custom_operations xenevtchn_ops = { ++ .identifier = "xenevtchn", ++ .finalize = stub_evtchn_finalize, ++ .compare = custom_compare_default, /* Can't compare */ ++ .hash = custom_hash_default, /* Can't hash */ ++ .serialize = custom_serialize_default, /* Can't serialize */ ++ .deserialize = custom_deserialize_default, /* Can't deserialize */ ++ .compare_ext = custom_compare_ext_default, /* Can't compare */ ++}; + + CAMLprim value stub_eventchn_init(void) + { +@@ -48,7 +63,9 @@ CAMLprim value stub_eventchn_init(void) + if (xce == NULL) + caml_failwith("open failed"); + +- result = (value)xce; ++ result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1); ++ _H(result) = xce; ++ + CAMLreturn(result); + } + +-- +2.40.0 + diff --git a/0012-tools-ocaml-evtchn-Add-binding-for-xenevtchn_fdopen.patch b/0012-tools-ocaml-evtchn-Add-binding-for-xenevtchn_fdopen.patch new file mode 100644 index 0000000..7e921fd --- /dev/null +++ b/0012-tools-ocaml-evtchn-Add-binding-for-xenevtchn_fdopen.patch @@ -0,0 +1,81 @@ +From 24d9dc2ae2f88249fcf81f7b7e612cdfb7c73e4b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> +Date: Mon, 14 Nov 2022 13:36:19 +0000 +Subject: [PATCH 12/89] tools/ocaml/evtchn: Add binding for xenevtchn_fdopen() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +For live update, the new oxenstored needs to reconstruct an evtchn object +around an existing file descriptor. + +Signed-off-by: Edwin Török <edvin.torok@citrix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit 7ba68a6c558e1fd811c95cb7215a5cd07a3cc2ea) +--- + tools/ocaml/libs/eventchn/xeneventchn.ml | 1 + + tools/ocaml/libs/eventchn/xeneventchn.mli | 4 ++++ + tools/ocaml/libs/eventchn/xeneventchn_stubs.c | 19 +++++++++++++++++++ + 3 files changed, 24 insertions(+) + +diff --git a/tools/ocaml/libs/eventchn/xeneventchn.ml b/tools/ocaml/libs/eventchn/xeneventchn.ml +index dd00a1f0ea..be4de82f46 100644 +--- a/tools/ocaml/libs/eventchn/xeneventchn.ml ++++ b/tools/ocaml/libs/eventchn/xeneventchn.ml +@@ -17,6 +17,7 @@ + type handle + + external init: unit -> handle = "stub_eventchn_init" ++external fdopen: Unix.file_descr -> handle = "stub_eventchn_fdopen" + external fd: handle -> Unix.file_descr = "stub_eventchn_fd" + + type t = int +diff --git a/tools/ocaml/libs/eventchn/xeneventchn.mli b/tools/ocaml/libs/eventchn/xeneventchn.mli +index 08c7337643..98b3c86f37 100644 +--- a/tools/ocaml/libs/eventchn/xeneventchn.mli ++++ b/tools/ocaml/libs/eventchn/xeneventchn.mli +@@ -47,6 +47,10 @@ val init: unit -> handle + (** Return an initialised event channel interface. On error it + will throw a Failure exception. *) + ++val fdopen: Unix.file_descr -> handle ++(** Return an initialised event channel interface, from an already open evtchn ++ file descriptor. On error it will throw a Failure exception. *) ++ + val fd: handle -> Unix.file_descr + (** Return a file descriptor suitable for Unix.select. When + the descriptor becomes readable, it is safe to call 'pending'. +diff --git a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c +index 37f1cc4e14..7bdf711bc1 100644 +--- a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c ++++ b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c +@@ -69,6 +69,25 @@ CAMLprim value stub_eventchn_init(void) + CAMLreturn(result); + } + ++CAMLprim value stub_eventchn_fdopen(value fdval) ++{ ++ CAMLparam1(fdval); ++ CAMLlocal1(result); ++ xenevtchn_handle *xce; ++ ++ caml_enter_blocking_section(); ++ xce = xenevtchn_fdopen(NULL, Int_val(fdval), 0); ++ caml_leave_blocking_section(); ++ ++ if (xce == NULL) ++ caml_failwith("evtchn fdopen failed"); ++ ++ result = caml_alloc_custom(&xenevtchn_ops, sizeof(xce), 0, 1); ++ _H(result) = xce; ++ ++ CAMLreturn(result); ++} ++ + CAMLprim value stub_eventchn_fd(value xce) + { + CAMLparam1(xce); +-- +2.40.0 + diff --git a/0013-tools-ocaml-evtchn-Extend-the-init-binding-with-a-cl.patch b/0013-tools-ocaml-evtchn-Extend-the-init-binding-with-a-cl.patch new file mode 100644 index 0000000..af889eb --- /dev/null +++ b/0013-tools-ocaml-evtchn-Extend-the-init-binding-with-a-cl.patch @@ -0,0 +1,90 @@ +From c7cf603836e40de1b4a6ca7d1d52736eb4a10327 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> +Date: Thu, 3 Nov 2022 14:50:38 +0000 +Subject: [PATCH 13/89] tools/ocaml/evtchn: Extend the init() binding with a + cloexec flag +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +For live update, oxenstored wants to clear CLOEXEC on the evtchn handle, so it +survives the execve() into the new oxenstored. + +Have the new interface match how cloexec works in other Ocaml standard +libraries. + +Signed-off-by: Edwin Török <edvin.torok@citrix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit 9bafe4a53306e7aa2ce6ffc96f7477c6f329f7a7) +--- + tools/ocaml/libs/eventchn/xeneventchn.ml | 5 ++++- + tools/ocaml/libs/eventchn/xeneventchn.mli | 9 ++++++--- + tools/ocaml/libs/eventchn/xeneventchn_stubs.c | 10 +++++++--- + 3 files changed, 17 insertions(+), 7 deletions(-) + +diff --git a/tools/ocaml/libs/eventchn/xeneventchn.ml b/tools/ocaml/libs/eventchn/xeneventchn.ml +index be4de82f46..c16fdd4674 100644 +--- a/tools/ocaml/libs/eventchn/xeneventchn.ml ++++ b/tools/ocaml/libs/eventchn/xeneventchn.ml +@@ -16,7 +16,10 @@ + + type handle + +-external init: unit -> handle = "stub_eventchn_init" ++external _init: bool -> handle = "stub_eventchn_init" ++ ++let init ?(cloexec=true) () = _init cloexec ++ + external fdopen: Unix.file_descr -> handle = "stub_eventchn_fdopen" + external fd: handle -> Unix.file_descr = "stub_eventchn_fd" + +diff --git a/tools/ocaml/libs/eventchn/xeneventchn.mli b/tools/ocaml/libs/eventchn/xeneventchn.mli +index 98b3c86f37..870429b6b5 100644 +--- a/tools/ocaml/libs/eventchn/xeneventchn.mli ++++ b/tools/ocaml/libs/eventchn/xeneventchn.mli +@@ -43,9 +43,12 @@ val to_int: t -> int + + val of_int: int -> t + +-val init: unit -> handle +-(** Return an initialised event channel interface. On error it +- will throw a Failure exception. *) ++val init: ?cloexec:bool -> unit -> handle ++(** [init ?cloexec ()] ++ Return an initialised event channel interface. ++ The default is to close the underlying file descriptor ++ on [execve], which can be overriden with [~cloexec:false]. ++ On error it will throw a Failure exception. *) + + val fdopen: Unix.file_descr -> handle + (** Return an initialised event channel interface, from an already open evtchn +diff --git a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c +index 7bdf711bc1..aa8a69cc1e 100644 +--- a/tools/ocaml/libs/eventchn/xeneventchn_stubs.c ++++ b/tools/ocaml/libs/eventchn/xeneventchn_stubs.c +@@ -50,14 +50,18 @@ static struct custom_operations xenevtchn_ops = { + .compare_ext = custom_compare_ext_default, /* Can't compare */ + }; + +-CAMLprim value stub_eventchn_init(void) ++CAMLprim value stub_eventchn_init(value cloexec) + { +- CAMLparam0(); ++ CAMLparam1(cloexec); + CAMLlocal1(result); + xenevtchn_handle *xce; ++ unsigned int flags = 0; ++ ++ if ( !Bool_val(cloexec) ) ++ flags |= XENEVTCHN_NO_CLOEXEC; + + caml_enter_blocking_section(); +- xce = xenevtchn_open(NULL, 0); ++ xce = xenevtchn_open(NULL, flags); + caml_leave_blocking_section(); + + if (xce == NULL) +-- +2.40.0 + diff --git a/0014-tools-oxenstored-Style-fixes-to-Domain.patch b/0014-tools-oxenstored-Style-fixes-to-Domain.patch new file mode 100644 index 0000000..aad4399 --- /dev/null +++ b/0014-tools-oxenstored-Style-fixes-to-Domain.patch @@ -0,0 +1,64 @@ +From 0929960173bc76b8d90df73c8ee665747c233e18 Mon Sep 17 00:00:00 2001 +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Wed, 30 Nov 2022 14:56:43 +0000 +Subject: [PATCH 14/89] tools/oxenstored: Style fixes to Domain +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This file has some style problems so severe that they interfere with the +readability of the subsequent bugfix patches. + +Fix these issues ahead of time, to make the subsequent changes more readable. + +No functional change. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Edwin Török <edvin.torok@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit b45bfaf359e4821b1bf98a4fcd194d7fd176f167) +--- + tools/ocaml/xenstored/domain.ml | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/tools/ocaml/xenstored/domain.ml b/tools/ocaml/xenstored/domain.ml +index 81cb59b8f1..ab08dcf37f 100644 +--- a/tools/ocaml/xenstored/domain.ml ++++ b/tools/ocaml/xenstored/domain.ml +@@ -57,17 +57,16 @@ let is_paused_for_conflict dom = dom.conflict_credit <= 0.0 + let is_free_to_conflict = is_dom0 + + let string_of_port = function +-| None -> "None" +-| Some x -> string_of_int (Xeneventchn.to_int x) ++ | None -> "None" ++ | Some x -> string_of_int (Xeneventchn.to_int x) + + let dump d chan = + fprintf chan "dom,%d,%nd,%d\n" d.id d.mfn d.remote_port + +-let notify dom = match dom.port with +-| None -> +- warn "domain %d: attempt to notify on unknown port" dom.id +-| Some port -> +- Event.notify dom.eventchn port ++let notify dom = ++ match dom.port with ++ | None -> warn "domain %d: attempt to notify on unknown port" dom.id ++ | Some port -> Event.notify dom.eventchn port + + let bind_interdomain dom = + begin match dom.port with +@@ -84,8 +83,7 @@ let close dom = + | None -> () + | Some port -> Event.unbind dom.eventchn port + end; +- Xenmmap.unmap dom.interface; +- () ++ Xenmmap.unmap dom.interface + + let make id mfn remote_port interface eventchn = { + id = id; +-- +2.40.0 + diff --git a/0015-tools-oxenstored-Bind-the-DOM_EXC-VIRQ-in-in-Event.i.patch b/0015-tools-oxenstored-Bind-the-DOM_EXC-VIRQ-in-in-Event.i.patch new file mode 100644 index 0000000..8b83edf --- /dev/null +++ b/0015-tools-oxenstored-Bind-the-DOM_EXC-VIRQ-in-in-Event.i.patch @@ -0,0 +1,82 @@ +From bc5cc00868ea29d814bb3d783e28b49d1acf63e9 Mon Sep 17 00:00:00 2001 +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Tue, 29 Nov 2022 21:05:43 +0000 +Subject: [PATCH 15/89] tools/oxenstored: Bind the DOM_EXC VIRQ in in + Event.init() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Xenstored always needs to bind the DOM_EXC VIRQ. + +Instead of doing it shortly after the call to Event.init(), do it in the +constructor directly. This removes the need for the field to be a mutable +option. + +It will also simplify a future change to support live update. Rename the +field from virq_port (which could be any VIRQ) to it's proper name. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Edwin Török <edvin.torok@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit 9804a5db435fe40c8ded8cf36c2d2b2281c56f1d) +--- + tools/ocaml/xenstored/event.ml | 9 ++++++--- + tools/ocaml/xenstored/xenstored.ml | 4 +--- + 2 files changed, 7 insertions(+), 6 deletions(-) + +diff --git a/tools/ocaml/xenstored/event.ml b/tools/ocaml/xenstored/event.ml +index ccca90b6fc..a3be296374 100644 +--- a/tools/ocaml/xenstored/event.ml ++++ b/tools/ocaml/xenstored/event.ml +@@ -17,12 +17,15 @@ + (**************** high level binding ****************) + type t = { + handle: Xeneventchn.handle; +- mutable virq_port: Xeneventchn.t option; ++ domexc: Xeneventchn.t; + } + +-let init () = { handle = Xeneventchn.init (); virq_port = None; } ++let init () = ++ let handle = Xeneventchn.init () in ++ let domexc = Xeneventchn.bind_dom_exc_virq handle in ++ { handle; domexc } ++ + let fd eventchn = Xeneventchn.fd eventchn.handle +-let bind_dom_exc_virq eventchn = eventchn.virq_port <- Some (Xeneventchn.bind_dom_exc_virq eventchn.handle) + let bind_interdomain eventchn domid port = Xeneventchn.bind_interdomain eventchn.handle domid port + let unbind eventchn port = Xeneventchn.unbind eventchn.handle port + let notify eventchn port = Xeneventchn.notify eventchn.handle port +diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml +index c5dc7a28d0..55071b49ec 100644 +--- a/tools/ocaml/xenstored/xenstored.ml ++++ b/tools/ocaml/xenstored/xenstored.ml +@@ -397,7 +397,6 @@ let _ = + if cf.restart && Sys.file_exists Disk.xs_daemon_database then ( + let rwro = DB.from_file store domains cons Disk.xs_daemon_database in + info "Live reload: database loaded"; +- Event.bind_dom_exc_virq eventchn; + Process.LiveUpdate.completed (); + rwro + ) else ( +@@ -413,7 +412,6 @@ let _ = + + if cf.domain_init then ( + Connections.add_domain cons (Domains.create0 domains); +- Event.bind_dom_exc_virq eventchn + ); + rw_sock + ) in +@@ -451,7 +449,7 @@ let _ = + let port = Event.pending eventchn in + debug "pending port %d" (Xeneventchn.to_int port); + finally (fun () -> +- if Some port = eventchn.Event.virq_port then ( ++ if port = eventchn.Event.domexc then ( + let (notify, deaddom) = Domains.cleanup domains in + List.iter (Store.reset_permissions store) deaddom; + List.iter (Connections.del_domain cons) deaddom; +-- +2.40.0 + diff --git a/0016-tools-oxenstored-Rename-some-port-variables-to-remot.patch b/0016-tools-oxenstored-Rename-some-port-variables-to-remot.patch new file mode 100644 index 0000000..4f168d6 --- /dev/null +++ b/0016-tools-oxenstored-Rename-some-port-variables-to-remot.patch @@ -0,0 +1,144 @@ +From fd0d9b05970986545656c8f6f688f70f3e78a29b Mon Sep 17 00:00:00 2001 +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Wed, 30 Nov 2022 03:17:28 +0000 +Subject: [PATCH 16/89] tools/oxenstored: Rename some 'port' variables to + 'remote_port' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This will make the logic clearer when we plumb local_port through these +functions. + +While doing this, rearrange the construct in Domains.create0 to separate the +remote port handling from the interface handling. (The interface logic is +dubious in several ways, but not altered by this cleanup.) + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Edwin Török <edvin.torok@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit 31fbee749a75621039ca601eaee7222050a7dd83) +--- + tools/ocaml/xenstored/domains.ml | 26 ++++++++++++-------------- + tools/ocaml/xenstored/process.ml | 12 ++++++------ + tools/ocaml/xenstored/xenstored.ml | 8 ++++---- + 3 files changed, 22 insertions(+), 24 deletions(-) + +diff --git a/tools/ocaml/xenstored/domains.ml b/tools/ocaml/xenstored/domains.ml +index 17fe2fa257..26018ac0dd 100644 +--- a/tools/ocaml/xenstored/domains.ml ++++ b/tools/ocaml/xenstored/domains.ml +@@ -122,9 +122,9 @@ let cleanup doms = + let resume _doms _domid = + () + +-let create doms domid mfn port = ++let create doms domid mfn remote_port = + let interface = Xenctrl.map_foreign_range xc domid (Xenmmap.getpagesize()) mfn in +- let dom = Domain.make domid mfn port interface doms.eventchn in ++ let dom = Domain.make domid mfn remote_port interface doms.eventchn in + Hashtbl.add doms.table domid dom; + Domain.bind_interdomain dom; + dom +@@ -133,18 +133,16 @@ let xenstored_kva = ref "" + let xenstored_port = ref "" + + let create0 doms = +- let port, interface = +- ( +- let port = Utils.read_file_single_integer !xenstored_port +- and fd = Unix.openfile !xenstored_kva +- [ Unix.O_RDWR ] 0o600 in +- let interface = Xenmmap.mmap fd Xenmmap.RDWR Xenmmap.SHARED +- (Xenmmap.getpagesize()) 0 in +- Unix.close fd; +- port, interface +- ) +- in +- let dom = Domain.make 0 Nativeint.zero port interface doms.eventchn in ++ let remote_port = Utils.read_file_single_integer !xenstored_port in ++ ++ let interface = ++ let fd = Unix.openfile !xenstored_kva [ Unix.O_RDWR ] 0o600 in ++ let interface = Xenmmap.mmap fd Xenmmap.RDWR Xenmmap.SHARED (Xenmmap.getpagesize()) 0 in ++ Unix.close fd; ++ interface ++ in ++ ++ let dom = Domain.make 0 Nativeint.zero remote_port interface doms.eventchn in + Hashtbl.add doms.table 0 dom; + Domain.bind_interdomain dom; + Domain.notify dom; +diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml +index 72a79e9328..b2973aca2a 100644 +--- a/tools/ocaml/xenstored/process.ml ++++ b/tools/ocaml/xenstored/process.ml +@@ -558,10 +558,10 @@ let do_transaction_end con t domains cons data = + let do_introduce con t domains cons data = + if not (Connection.is_dom0 con) + then raise Define.Permission_denied; +- let (domid, mfn, port) = ++ let (domid, mfn, remote_port) = + match (split None '\000' data) with +- | domid :: mfn :: port :: _ -> +- int_of_string domid, Nativeint.of_string mfn, int_of_string port ++ | domid :: mfn :: remote_port :: _ -> ++ int_of_string domid, Nativeint.of_string mfn, int_of_string remote_port + | _ -> raise Invalid_Cmd_Args; + in + let dom = +@@ -569,18 +569,18 @@ let do_introduce con t domains cons data = + let edom = Domains.find domains domid in + if (Domain.get_mfn edom) = mfn && (Connections.find_domain cons domid) != con then begin + (* Use XS_INTRODUCE for recreating the xenbus event-channel. *) +- edom.remote_port <- port; ++ edom.remote_port <- remote_port; + Domain.bind_interdomain edom; + end; + edom + else try +- let ndom = Domains.create domains domid mfn port in ++ let ndom = Domains.create domains domid mfn remote_port in + Connections.add_domain cons ndom; + Connections.fire_spec_watches (Transaction.get_root t) cons Store.Path.introduce_domain; + ndom + with _ -> raise Invalid_Cmd_Args + in +- if (Domain.get_remote_port dom) <> port || (Domain.get_mfn dom) <> mfn then ++ if (Domain.get_remote_port dom) <> remote_port || (Domain.get_mfn dom) <> mfn then + raise Domain_not_match + + let do_release con t domains cons data = +diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml +index 55071b49ec..1f11f576b5 100644 +--- a/tools/ocaml/xenstored/xenstored.ml ++++ b/tools/ocaml/xenstored/xenstored.ml +@@ -167,10 +167,10 @@ let from_channel_f chan global_f socket_f domain_f watch_f store_f = + global_f ~rw + | "socket" :: fd :: [] -> + socket_f ~fd:(int_of_string fd) +- | "dom" :: domid :: mfn :: port :: []-> ++ | "dom" :: domid :: mfn :: remote_port :: []-> + domain_f (int_of_string domid) + (Nativeint.of_string mfn) +- (int_of_string port) ++ (int_of_string remote_port) + | "watch" :: domid :: path :: token :: [] -> + watch_f (int_of_string domid) + (unhexify path) (unhexify token) +@@ -209,10 +209,10 @@ let from_channel store cons doms chan = + else + warn "Ignoring invalid socket FD %d" fd + in +- let domain_f domid mfn port = ++ let domain_f domid mfn remote_port = + let ndom = + if domid > 0 then +- Domains.create doms domid mfn port ++ Domains.create doms domid mfn remote_port + else + Domains.create0 doms + in +-- +2.40.0 + diff --git a/0017-tools-oxenstored-Implement-Domain.rebind_evtchn.patch b/0017-tools-oxenstored-Implement-Domain.rebind_evtchn.patch new file mode 100644 index 0000000..72bcae0 --- /dev/null +++ b/0017-tools-oxenstored-Implement-Domain.rebind_evtchn.patch @@ -0,0 +1,67 @@ +From a20daa7ffda7ccc0e65abe77532a5dc8059bf128 Mon Sep 17 00:00:00 2001 +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Wed, 30 Nov 2022 11:55:58 +0000 +Subject: [PATCH 17/89] tools/oxenstored: Implement Domain.rebind_evtchn +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Generally speaking, the event channel local/remote port is fixed for the +lifetime of the associated domain object. The exception to this is a +secondary XS_INTRODUCE (defined to re-bind to a new event channel) which pokes +around at the domain object's internal state. + +We need to refactor the evtchn handling to support live update, so start by +moving the relevant manipulation into Domain. + +No practical change. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Edwin Török <edvin.torok@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit aecdc28d9538ca2a1028ef9bc6550cb171dbbed4) +--- + tools/ocaml/xenstored/domain.ml | 12 ++++++++++++ + tools/ocaml/xenstored/process.ml | 3 +-- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/tools/ocaml/xenstored/domain.ml b/tools/ocaml/xenstored/domain.ml +index ab08dcf37f..d59a9401e2 100644 +--- a/tools/ocaml/xenstored/domain.ml ++++ b/tools/ocaml/xenstored/domain.ml +@@ -63,6 +63,18 @@ let string_of_port = function + let dump d chan = + fprintf chan "dom,%d,%nd,%d\n" d.id d.mfn d.remote_port + ++let rebind_evtchn d remote_port = ++ begin match d.port with ++ | None -> () ++ | Some p -> Event.unbind d.eventchn p ++ end; ++ let local = Event.bind_interdomain d.eventchn d.id remote_port in ++ debug "domain %d rebind (l %s, r %d) => (l %d, r %d)" ++ d.id (string_of_port d.port) d.remote_port ++ (Xeneventchn.to_int local) remote_port; ++ d.remote_port <- remote_port; ++ d.port <- Some (local) ++ + let notify dom = + match dom.port with + | None -> warn "domain %d: attempt to notify on unknown port" dom.id +diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml +index b2973aca2a..1c80e7198d 100644 +--- a/tools/ocaml/xenstored/process.ml ++++ b/tools/ocaml/xenstored/process.ml +@@ -569,8 +569,7 @@ let do_introduce con t domains cons data = + let edom = Domains.find domains domid in + if (Domain.get_mfn edom) = mfn && (Connections.find_domain cons domid) != con then begin + (* Use XS_INTRODUCE for recreating the xenbus event-channel. *) +- edom.remote_port <- remote_port; +- Domain.bind_interdomain edom; ++ Domain.rebind_evtchn edom remote_port; + end; + edom + else try +-- +2.40.0 + diff --git a/0018-tools-oxenstored-Rework-Domain-evtchn-handling-to-us.patch b/0018-tools-oxenstored-Rework-Domain-evtchn-handling-to-us.patch new file mode 100644 index 0000000..1392b34 --- /dev/null +++ b/0018-tools-oxenstored-Rework-Domain-evtchn-handling-to-us.patch @@ -0,0 +1,209 @@ +From 4b418768ef4d75d0f70e4ce7cb5710404527bf47 Mon Sep 17 00:00:00 2001 +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Wed, 30 Nov 2022 11:59:34 +0000 +Subject: [PATCH 18/89] tools/oxenstored: Rework Domain evtchn handling to use + port_pair +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Inter-domain event channels are always a pair of local and remote ports. +Right now the handling is asymmetric, caused by the fact that the evtchn is +bound after the associated Domain object is constructed. + +First, move binding of the event channel into the Domain.make() constructor. +This means the local port no longer needs to be an option. It also removes +the final callers of Domain.bind_interdomain. + +Next, introduce a new port_pair type to encapsulate the fact that these two +should be updated together, and replace the previous port and remote_port +fields. This refactoring also changes the Domain.get_port interface (removing +an option) so take the opportunity to name it get_local_port instead. + +Also, this fixes a use-after-free risk with Domain.close. Once the evtchn has +been unbound, the same local port number can be reused for a different +purpose, so explicitly invalidate the ports to prevent their accidental misuse +in the future. + +This also cleans up some of the debugging, to always print a port pair. + +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Edwin Török <edvin.torok@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit df2db174b36eba67c218763ef621c67912202fc6) +--- + tools/ocaml/xenstored/connections.ml | 9 +--- + tools/ocaml/xenstored/domain.ml | 75 ++++++++++++++-------------- + tools/ocaml/xenstored/domains.ml | 2 - + 3 files changed, 39 insertions(+), 47 deletions(-) + +diff --git a/tools/ocaml/xenstored/connections.ml b/tools/ocaml/xenstored/connections.ml +index 7d68c583b4..a80ae0bed2 100644 +--- a/tools/ocaml/xenstored/connections.ml ++++ b/tools/ocaml/xenstored/connections.ml +@@ -48,9 +48,7 @@ let add_domain cons dom = + let xbcon = Xenbus.Xb.open_mmap ~capacity (Domain.get_interface dom) (fun () -> Domain.notify dom) in + let con = Connection.create xbcon (Some dom) in + Hashtbl.add cons.domains (Domain.get_id dom) con; +- match Domain.get_port dom with +- | Some p -> Hashtbl.add cons.ports p con; +- | None -> () ++ Hashtbl.add cons.ports (Domain.get_local_port dom) con + + let select ?(only_if = (fun _ -> true)) cons = + Hashtbl.fold (fun _ con (ins, outs) -> +@@ -97,10 +95,7 @@ let del_domain cons id = + let con = find_domain cons id in + Hashtbl.remove cons.domains id; + (match Connection.get_domain con with +- | Some d -> +- (match Domain.get_port d with +- | Some p -> Hashtbl.remove cons.ports p +- | None -> ()) ++ | Some d -> Hashtbl.remove cons.ports (Domain.get_local_port d) + | None -> ()); + del_watches cons con; + Connection.close con +diff --git a/tools/ocaml/xenstored/domain.ml b/tools/ocaml/xenstored/domain.ml +index d59a9401e2..481e10794d 100644 +--- a/tools/ocaml/xenstored/domain.ml ++++ b/tools/ocaml/xenstored/domain.ml +@@ -19,14 +19,31 @@ open Printf + let debug fmt = Logging.debug "domain" fmt + let warn fmt = Logging.warn "domain" fmt + ++(* A bound inter-domain event channel port pair. The remote port, and the ++ local port it is bound to. *) ++type port_pair = ++{ ++ local: Xeneventchn.t; ++ remote: int; ++} ++ ++(* Sentinal port_pair with both set to EVTCHN_INVALID *) ++let invalid_ports = ++{ ++ local = Xeneventchn.of_int 0; ++ remote = 0 ++} ++ ++let string_of_port_pair p = ++ sprintf "(l %d, r %d)" (Xeneventchn.to_int p.local) p.remote ++ + type t = + { + id: Xenctrl.domid; + mfn: nativeint; + interface: Xenmmap.mmap_interface; + eventchn: Event.t; +- mutable remote_port: int; +- mutable port: Xeneventchn.t option; ++ mutable ports: port_pair; + mutable bad_client: bool; + mutable io_credit: int; (* the rounds of ring process left to do, default is 0, + usually set to 1 when there is work detected, could +@@ -41,8 +58,8 @@ let is_dom0 d = d.id = 0 + let get_id domain = domain.id + let get_interface d = d.interface + let get_mfn d = d.mfn +-let get_remote_port d = d.remote_port +-let get_port d = d.port ++let get_remote_port d = d.ports.remote ++let get_local_port d = d.ports.local + + let is_bad_domain domain = domain.bad_client + let mark_as_bad domain = domain.bad_client <- true +@@ -56,54 +73,36 @@ let is_paused_for_conflict dom = dom.conflict_credit <= 0.0 + + let is_free_to_conflict = is_dom0 + +-let string_of_port = function +- | None -> "None" +- | Some x -> string_of_int (Xeneventchn.to_int x) +- + let dump d chan = +- fprintf chan "dom,%d,%nd,%d\n" d.id d.mfn d.remote_port ++ fprintf chan "dom,%d,%nd,%d\n" d.id d.mfn d.ports.remote + + let rebind_evtchn d remote_port = +- begin match d.port with +- | None -> () +- | Some p -> Event.unbind d.eventchn p +- end; ++ Event.unbind d.eventchn d.ports.local; + let local = Event.bind_interdomain d.eventchn d.id remote_port in +- debug "domain %d rebind (l %s, r %d) => (l %d, r %d)" +- d.id (string_of_port d.port) d.remote_port +- (Xeneventchn.to_int local) remote_port; +- d.remote_port <- remote_port; +- d.port <- Some (local) ++ let new_ports = { local; remote = remote_port } in ++ debug "domain %d rebind %s => %s" ++ d.id (string_of_port_pair d.ports) (string_of_port_pair new_ports); ++ d.ports <- new_ports + + let notify dom = +- match dom.port with +- | None -> warn "domain %d: attempt to notify on unknown port" dom.id +- | Some port -> Event.notify dom.eventchn port +- +-let bind_interdomain dom = +- begin match dom.port with +- | None -> () +- | Some port -> Event.unbind dom.eventchn port +- end; +- dom.port <- Some (Event.bind_interdomain dom.eventchn dom.id dom.remote_port); +- debug "bound domain %d remote port %d to local port %s" dom.id dom.remote_port (string_of_port dom.port) +- ++ Event.notify dom.eventchn dom.ports.local + + let close dom = +- debug "domain %d unbound port %s" dom.id (string_of_port dom.port); +- begin match dom.port with +- | None -> () +- | Some port -> Event.unbind dom.eventchn port +- end; ++ debug "domain %d unbind %s" dom.id (string_of_port_pair dom.ports); ++ Event.unbind dom.eventchn dom.ports.local; ++ dom.ports <- invalid_ports; + Xenmmap.unmap dom.interface + +-let make id mfn remote_port interface eventchn = { ++let make id mfn remote_port interface eventchn = ++ let local = Event.bind_interdomain eventchn id remote_port in ++ let ports = { local; remote = remote_port } in ++ debug "domain %d bind %s" id (string_of_port_pair ports); ++{ + id = id; + mfn = mfn; +- remote_port = remote_port; ++ ports; + interface = interface; + eventchn = eventchn; +- port = None; + bad_client = false; + io_credit = 0; + conflict_credit = !Define.conflict_burst_limit; +diff --git a/tools/ocaml/xenstored/domains.ml b/tools/ocaml/xenstored/domains.ml +index 26018ac0dd..2ab0c5f4d8 100644 +--- a/tools/ocaml/xenstored/domains.ml ++++ b/tools/ocaml/xenstored/domains.ml +@@ -126,7 +126,6 @@ let create doms domid mfn remote_port = + let interface = Xenctrl.map_foreign_range xc domid (Xenmmap.getpagesize()) mfn in + let dom = Domain.make domid mfn remote_port interface doms.eventchn in + Hashtbl.add doms.table domid dom; +- Domain.bind_interdomain dom; + dom + + let xenstored_kva = ref "" +@@ -144,7 +143,6 @@ let create0 doms = + + let dom = Domain.make 0 Nativeint.zero remote_port interface doms.eventchn in + Hashtbl.add doms.table 0 dom; +- Domain.bind_interdomain dom; + Domain.notify dom; + dom + +-- +2.40.0 + diff --git a/0019-tools-oxenstored-Keep-dev-xen-evtchn-open-across-liv.patch b/0019-tools-oxenstored-Keep-dev-xen-evtchn-open-across-liv.patch new file mode 100644 index 0000000..f6ae3fe --- /dev/null +++ b/0019-tools-oxenstored-Keep-dev-xen-evtchn-open-across-liv.patch @@ -0,0 +1,367 @@ +From f02171b663393e10d35123e5572c0f5b3e72c29d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> +Date: Thu, 3 Nov 2022 15:31:39 +0000 +Subject: [PATCH 19/89] tools/oxenstored: Keep /dev/xen/evtchn open across live + update +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Closing the evtchn handle will unbind and free all local ports. The new +xenstored would need to rebind all evtchns, which is work that we don't want +or need to be doing during the critical handover period. + +However, it turns out that the Windows PV drivers also rebind their local port +too across suspend/resume, leaving (o)xenstored with a stale idea of the +remote port to use. In this case, reusing the established connection is the +only robust option. + +Therefore: + * Have oxenstored open /dev/xen/evtchn without CLOEXEC at start of day. + * Extend the handover information with the evtchn fd, domexc virq local port, + and the local port number for each domain connection. + * Have (the new) oxenstored recover the open handle using Xeneventchn.fdopen, + and use the provided local ports rather than trying to rebind them. + +When this new information isn't present (i.e. live updating from an oxenstored +prior to this change), the best-effort status quo will have to do. + +Signed-off-by: Edwin Török <edvin.torok@citrix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit 9b224c25293a53fcbe32da68052d861dda71a6f4) +--- + tools/ocaml/xenstored/domain.ml | 13 +++-- + tools/ocaml/xenstored/domains.ml | 9 ++-- + tools/ocaml/xenstored/event.ml | 20 +++++-- + tools/ocaml/xenstored/process.ml | 2 +- + tools/ocaml/xenstored/xenstored.ml | 85 ++++++++++++++++++++---------- + 5 files changed, 90 insertions(+), 39 deletions(-) + +diff --git a/tools/ocaml/xenstored/domain.ml b/tools/ocaml/xenstored/domain.ml +index 481e10794d..5c15752a37 100644 +--- a/tools/ocaml/xenstored/domain.ml ++++ b/tools/ocaml/xenstored/domain.ml +@@ -74,7 +74,8 @@ let is_paused_for_conflict dom = dom.conflict_credit <= 0.0 + let is_free_to_conflict = is_dom0 + + let dump d chan = +- fprintf chan "dom,%d,%nd,%d\n" d.id d.mfn d.ports.remote ++ fprintf chan "dom,%d,%nd,%d,%d\n" ++ d.id d.mfn d.ports.remote (Xeneventchn.to_int d.ports.local) + + let rebind_evtchn d remote_port = + Event.unbind d.eventchn d.ports.local; +@@ -93,8 +94,14 @@ let close dom = + dom.ports <- invalid_ports; + Xenmmap.unmap dom.interface + +-let make id mfn remote_port interface eventchn = +- let local = Event.bind_interdomain eventchn id remote_port in ++(* On clean start, local_port will be None, and we must bind the remote port ++ given. On Live Update, the event channel is already bound, and both the ++ local and remote port numbers come from the transfer record. *) ++let make ?local_port ~remote_port id mfn interface eventchn = ++ let local = match local_port with ++ | None -> Event.bind_interdomain eventchn id remote_port ++ | Some p -> Xeneventchn.of_int p ++ in + let ports = { local; remote = remote_port } in + debug "domain %d bind %s" id (string_of_port_pair ports); + { +diff --git a/tools/ocaml/xenstored/domains.ml b/tools/ocaml/xenstored/domains.ml +index 2ab0c5f4d8..b6c075c838 100644 +--- a/tools/ocaml/xenstored/domains.ml ++++ b/tools/ocaml/xenstored/domains.ml +@@ -56,6 +56,7 @@ let exist doms id = Hashtbl.mem doms.table id + let find doms id = Hashtbl.find doms.table id + let number doms = Hashtbl.length doms.table + let iter doms fct = Hashtbl.iter (fun _ b -> fct b) doms.table ++let eventchn doms = doms.eventchn + + let rec is_empty_queue q = + Queue.is_empty q || +@@ -122,16 +123,16 @@ let cleanup doms = + let resume _doms _domid = + () + +-let create doms domid mfn remote_port = ++let create doms ?local_port ~remote_port domid mfn = + let interface = Xenctrl.map_foreign_range xc domid (Xenmmap.getpagesize()) mfn in +- let dom = Domain.make domid mfn remote_port interface doms.eventchn in ++ let dom = Domain.make ?local_port ~remote_port domid mfn interface doms.eventchn in + Hashtbl.add doms.table domid dom; + dom + + let xenstored_kva = ref "" + let xenstored_port = ref "" + +-let create0 doms = ++let create0 ?local_port doms = + let remote_port = Utils.read_file_single_integer !xenstored_port in + + let interface = +@@ -141,7 +142,7 @@ let create0 doms = + interface + in + +- let dom = Domain.make 0 Nativeint.zero remote_port interface doms.eventchn in ++ let dom = Domain.make ?local_port ~remote_port 0 Nativeint.zero interface doms.eventchn in + Hashtbl.add doms.table 0 dom; + Domain.notify dom; + dom +diff --git a/tools/ocaml/xenstored/event.ml b/tools/ocaml/xenstored/event.ml +index a3be296374..629dc6041b 100644 +--- a/tools/ocaml/xenstored/event.ml ++++ b/tools/ocaml/xenstored/event.ml +@@ -20,9 +20,18 @@ type t = { + domexc: Xeneventchn.t; + } + +-let init () = +- let handle = Xeneventchn.init () in +- let domexc = Xeneventchn.bind_dom_exc_virq handle in ++(* On clean start, both parameters will be None, and we must open the evtchn ++ handle and bind the DOM_EXC VIRQ. On Live Update, the fd is preserved ++ across exec(), and the DOM_EXC VIRQ still bound. *) ++let init ?fd ?domexc_port () = ++ let handle = match fd with ++ | None -> Xeneventchn.init ~cloexec:false () ++ | Some fd -> fd |> Utils.FD.of_int |> Xeneventchn.fdopen ++ in ++ let domexc = match domexc_port with ++ | None -> Xeneventchn.bind_dom_exc_virq handle ++ | Some p -> Xeneventchn.of_int p ++ in + { handle; domexc } + + let fd eventchn = Xeneventchn.fd eventchn.handle +@@ -31,3 +40,8 @@ let unbind eventchn port = Xeneventchn.unbind eventchn.handle port + let notify eventchn port = Xeneventchn.notify eventchn.handle port + let pending eventchn = Xeneventchn.pending eventchn.handle + let unmask eventchn port = Xeneventchn.unmask eventchn.handle port ++ ++let dump e chan = ++ Printf.fprintf chan "evtchn-dev,%d,%d\n" ++ (Utils.FD.to_int @@ Xeneventchn.fd e.handle) ++ (Xeneventchn.to_int e.domexc) +diff --git a/tools/ocaml/xenstored/process.ml b/tools/ocaml/xenstored/process.ml +index 1c80e7198d..02bd0f7d80 100644 +--- a/tools/ocaml/xenstored/process.ml ++++ b/tools/ocaml/xenstored/process.ml +@@ -573,7 +573,7 @@ let do_introduce con t domains cons data = + end; + edom + else try +- let ndom = Domains.create domains domid mfn remote_port in ++ let ndom = Domains.create ~remote_port domains domid mfn in + Connections.add_domain cons ndom; + Connections.fire_spec_watches (Transaction.get_root t) cons Store.Path.introduce_domain; + ndom +diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml +index 1f11f576b5..f526f4fb23 100644 +--- a/tools/ocaml/xenstored/xenstored.ml ++++ b/tools/ocaml/xenstored/xenstored.ml +@@ -144,7 +144,7 @@ exception Bad_format of string + + let dump_format_header = "$xenstored-dump-format" + +-let from_channel_f chan global_f socket_f domain_f watch_f store_f = ++let from_channel_f chan global_f evtchn_f socket_f domain_f watch_f store_f = + let unhexify s = Utils.unhexify s in + let getpath s = + let u = Utils.unhexify s in +@@ -165,12 +165,19 @@ let from_channel_f chan global_f socket_f domain_f watch_f store_f = + (* there might be more parameters here, + e.g. a RO socket from a previous version: ignore it *) + global_f ~rw ++ | "evtchn-dev" :: fd :: domexc_port :: [] -> ++ evtchn_f ~fd:(int_of_string fd) ++ ~domexc_port:(int_of_string domexc_port) + | "socket" :: fd :: [] -> + socket_f ~fd:(int_of_string fd) +- | "dom" :: domid :: mfn :: remote_port :: []-> +- domain_f (int_of_string domid) +- (Nativeint.of_string mfn) +- (int_of_string remote_port) ++ | "dom" :: domid :: mfn :: remote_port :: rest -> ++ let local_port = match rest with ++ | [] -> None (* backward compat: old version didn't have it *) ++ | local_port :: _ -> Some (int_of_string local_port) in ++ domain_f ?local_port ++ ~remote_port:(int_of_string remote_port) ++ (int_of_string domid) ++ (Nativeint.of_string mfn) + | "watch" :: domid :: path :: token :: [] -> + watch_f (int_of_string domid) + (unhexify path) (unhexify token) +@@ -189,10 +196,21 @@ let from_channel_f chan global_f socket_f domain_f watch_f store_f = + done; + info "Completed loading xenstore dump" + +-let from_channel store cons doms chan = ++let from_channel store cons domains_init chan = + (* don't let the permission get on our way, full perm ! *) + let op = Store.get_ops store Perms.Connection.full_rights in + let rwro = ref (None) in ++ let doms = ref (None) in ++ ++ let require_doms () = ++ match !doms with ++ | None -> ++ warn "No event channel file descriptor available in dump!"; ++ let domains = domains_init @@ Event.init () in ++ doms := Some domains; ++ domains ++ | Some d -> d ++ in + let global_f ~rw = + let get_listen_sock sockfd = + let fd = sockfd |> int_of_string |> Utils.FD.of_int in +@@ -201,6 +219,10 @@ let from_channel store cons doms chan = + in + rwro := get_listen_sock rw + in ++ let evtchn_f ~fd ~domexc_port = ++ let evtchn = Event.init ~fd ~domexc_port () in ++ doms := Some(domains_init evtchn) ++ in + let socket_f ~fd = + let ufd = Utils.FD.of_int fd in + let is_valid = try (Unix.fstat ufd).Unix.st_kind = Unix.S_SOCK with _ -> false in +@@ -209,12 +231,13 @@ let from_channel store cons doms chan = + else + warn "Ignoring invalid socket FD %d" fd + in +- let domain_f domid mfn remote_port = ++ let domain_f ?local_port ~remote_port domid mfn = ++ let doms = require_doms () in + let ndom = + if domid > 0 then +- Domains.create doms domid mfn remote_port ++ Domains.create ?local_port ~remote_port doms domid mfn + else +- Domains.create0 doms ++ Domains.create0 ?local_port doms + in + Connections.add_domain cons ndom; + in +@@ -229,8 +252,8 @@ let from_channel store cons doms chan = + op.Store.write path value; + op.Store.setperms path perms + in +- from_channel_f chan global_f socket_f domain_f watch_f store_f; +- !rwro ++ from_channel_f chan global_f evtchn_f socket_f domain_f watch_f store_f; ++ !rwro, require_doms () + + let from_file store cons doms file = + info "Loading xenstore dump from %s" file; +@@ -238,7 +261,7 @@ let from_file store cons doms file = + finally (fun () -> from_channel store doms cons channel) + (fun () -> close_in channel) + +-let to_channel store cons rw chan = ++let to_channel store cons (rw, evtchn) chan = + let hexify s = Utils.hexify s in + + fprintf chan "%s\n" dump_format_header; +@@ -248,6 +271,9 @@ let to_channel store cons rw chan = + Utils.FD.to_int fd in + fprintf chan "global,%d\n" (fdopt rw); + ++ (* dump evtchn device info *) ++ Event.dump evtchn chan; ++ + (* dump connections related to domains: domid, mfn, eventchn port/ sockets, and watches *) + Connections.iter cons (fun con -> Connection.dump con chan); + +@@ -367,7 +393,6 @@ let _ = + | None -> () end; + + let store = Store.create () in +- let eventchn = Event.init () in + let next_frequent_ops = ref 0. in + let advance_next_frequent_ops () = + next_frequent_ops := (Unix.gettimeofday () +. !Define.conflict_max_history_seconds) +@@ -375,16 +400,8 @@ let _ = + let delay_next_frequent_ops_by duration = + next_frequent_ops := !next_frequent_ops +. duration + in +- let domains = Domains.init eventchn advance_next_frequent_ops in ++ let domains_init eventchn = Domains.init eventchn advance_next_frequent_ops in + +- (* For things that need to be done periodically but more often +- * than the periodic_ops function *) +- let frequent_ops () = +- if Unix.gettimeofday () > !next_frequent_ops then ( +- History.trim (); +- Domains.incr_conflict_credit domains; +- advance_next_frequent_ops () +- ) in + let cons = Connections.create () in + + let quit = ref false in +@@ -393,14 +410,15 @@ let _ = + List.iter (fun path -> + Store.write store Perms.Connection.full_rights path "") Store.Path.specials; + +- let rw_sock = ++ let rw_sock, domains = + if cf.restart && Sys.file_exists Disk.xs_daemon_database then ( +- let rwro = DB.from_file store domains cons Disk.xs_daemon_database in ++ let rw, domains = DB.from_file store domains_init cons Disk.xs_daemon_database in + info "Live reload: database loaded"; + Process.LiveUpdate.completed (); +- rwro ++ rw, domains + ) else ( + info "No live reload: regular startup"; ++ let domains = domains_init @@ Event.init () in + if !Disk.enable then ( + info "reading store from disk"; + Disk.read store +@@ -413,9 +431,18 @@ let _ = + if cf.domain_init then ( + Connections.add_domain cons (Domains.create0 domains); + ); +- rw_sock ++ rw_sock, domains + ) in + ++ (* For things that need to be done periodically but more often ++ * than the periodic_ops function *) ++ let frequent_ops () = ++ if Unix.gettimeofday () > !next_frequent_ops then ( ++ History.trim (); ++ Domains.incr_conflict_credit domains; ++ advance_next_frequent_ops () ++ ) in ++ + (* required for xenstore-control to detect availability of live-update *) + let tool_path = Store.Path.of_string "/tool" in + if not (Store.path_exists store tool_path) then +@@ -430,8 +457,10 @@ let _ = + Sys.set_signal Sys.sigusr1 (Sys.Signal_handle (fun _ -> sigusr1_handler store)); + Sys.set_signal Sys.sigpipe Sys.Signal_ignore; + ++ let eventchn = Domains.eventchn domains in ++ + if cf.activate_access_log then begin +- let post_rotate () = DB.to_file store cons (None) Disk.xs_daemon_database in ++ let post_rotate () = DB.to_file store cons (None, eventchn) Disk.xs_daemon_database in + Logging.init_access_log post_rotate + end; + +@@ -593,7 +622,7 @@ let _ = + live_update := Process.LiveUpdate.should_run cons; + if !live_update || !quit then begin + (* don't initiate live update if saving state fails *) +- DB.to_file store cons (rw_sock) Disk.xs_daemon_database; ++ DB.to_file store cons (rw_sock, eventchn) Disk.xs_daemon_database; + quit := true; + end + with exc -> +-- +2.40.0 + diff --git a/0020-tools-oxenstored-Log-live-update-issues-at-warning-l.patch b/0020-tools-oxenstored-Log-live-update-issues-at-warning-l.patch new file mode 100644 index 0000000..533e3e7 --- /dev/null +++ b/0020-tools-oxenstored-Log-live-update-issues-at-warning-l.patch @@ -0,0 +1,42 @@ +From 991b512f5f69dde3c923804f887be9df56b03a74 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> +Date: Tue, 8 Nov 2022 08:57:47 +0000 +Subject: [PATCH 20/89] tools/oxenstored: Log live update issues at warning + level +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +During live update, oxenstored tries a best effort approach to recover as many +domains and information as possible even if it encounters errors restoring +some domains. + +However, logging about misunderstood input is more severe than simply info. +Log it at warning instead. + +Signed-off-by: Edwin Török <edvin.torok@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit 3f02e0a70fe9f8143454b742563433958d4a87f8) +--- + tools/ocaml/xenstored/xenstored.ml | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml +index f526f4fb23..35b8cbd43f 100644 +--- a/tools/ocaml/xenstored/xenstored.ml ++++ b/tools/ocaml/xenstored/xenstored.ml +@@ -186,9 +186,9 @@ let from_channel_f chan global_f evtchn_f socket_f domain_f watch_f store_f = + (Perms.Node.of_string (unhexify perms ^ "\000")) + (unhexify value) + | _ -> +- info "restoring: ignoring unknown line: %s" line ++ warn "restoring: ignoring unknown line: %s" line + with exn -> +- info "restoring: ignoring unknown line: %s (exception: %s)" ++ warn "restoring: ignoring unknown line: %s (exception: %s)" + line (Printexc.to_string exn); + () + with End_of_file -> +-- +2.40.0 + diff --git a/0021-tools-oxenstored-Set-uncaught-exception-handler.patch b/0021-tools-oxenstored-Set-uncaught-exception-handler.patch new file mode 100644 index 0000000..8a42fcc --- /dev/null +++ b/0021-tools-oxenstored-Set-uncaught-exception-handler.patch @@ -0,0 +1,83 @@ +From e13a9a2146952859c21c0a0c7b8b07757c2aba9d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> +Date: Mon, 7 Nov 2022 17:41:36 +0000 +Subject: [PATCH 21/89] tools/oxenstored: Set uncaught exception handler +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Unhandled exceptions go to stderr by default, but this doesn't typically work +for oxenstored because: + * daemonize reopens stderr as /dev/null + * systemd redirects stderr to /dev/null too + +Debugging an unhandled exception requires reproducing the issue locally when +using --no-fork, and is not conducive to figuring out what went wrong on a +remote system. + +Install a custom handler which also tries to render the backtrace to the +configured syslog facility, and DAEMON|ERR otherwise. + +Signed-off-by: Edwin Török <edvin.torok@citrix.com> +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit ee7815f49faf743e960dac9e72809eb66393bc6d) +--- + tools/ocaml/xenstored/logging.ml | 29 +++++++++++++++++++++++++++++ + tools/ocaml/xenstored/xenstored.ml | 3 ++- + 2 files changed, 31 insertions(+), 1 deletion(-) + +diff --git a/tools/ocaml/xenstored/logging.ml b/tools/ocaml/xenstored/logging.ml +index 39c3036155..255051437d 100644 +--- a/tools/ocaml/xenstored/logging.ml ++++ b/tools/ocaml/xenstored/logging.ml +@@ -342,3 +342,32 @@ let xb_answer ~tid ~con ~ty data = + let watch_not_fired ~con perms path = + let data = Printf.sprintf "EPERM perms=[%s] path=%s" perms path in + access_logging ~tid:0 ~con ~data Watch_not_fired ~level:Info ++ ++let msg_of exn bt = ++ Printf.sprintf "Fatal exception: %s\n%s\n" (Printexc.to_string exn) ++ (Printexc.raw_backtrace_to_string bt) ++ ++let fallback_exception_handler exn bt = ++ (* stderr goes to /dev/null, so use the logger where possible, ++ but always print to stderr too, in case everything else fails, ++ e.g. this can be used to debug with --no-fork ++ ++ this function should try not to raise exceptions, but if it does ++ the ocaml runtime should still print the exception, both the original, ++ and the one from this function, but to stderr this time ++ *) ++ let msg = msg_of exn bt in ++ prerr_endline msg; ++ (* See Printexc.set_uncaught_exception_handler, need to flush, ++ so has to call stop and flush *) ++ match !xenstored_logger with ++ | Some l -> error "xenstored-fallback" "%s" msg; l.stop () ++ | None -> ++ (* Too early, no logger set yet. ++ We normally try to use the configured logger so we don't flood syslog ++ during development for example, or if the user has a file set ++ *) ++ try Syslog.log Syslog.Daemon Syslog.Err msg ++ with e -> ++ let bt = Printexc.get_raw_backtrace () in ++ prerr_endline @@ msg_of e bt +diff --git a/tools/ocaml/xenstored/xenstored.ml b/tools/ocaml/xenstored/xenstored.ml +index 35b8cbd43f..4d5851c5cb 100644 +--- a/tools/ocaml/xenstored/xenstored.ml ++++ b/tools/ocaml/xenstored/xenstored.ml +@@ -355,7 +355,8 @@ let tweak_gc () = + Gc.set { (Gc.get ()) with Gc.max_overhead = !Define.gc_max_overhead } + + +-let _ = ++let () = ++ Printexc.set_uncaught_exception_handler Logging.fallback_exception_handler; + let cf = do_argv in + let pidfile = + if Sys.file_exists (config_filename cf) then +-- +2.40.0 + diff --git a/0022-tools-oxenstored-syslog-Avoid-potential-NULL-derefer.patch b/0022-tools-oxenstored-syslog-Avoid-potential-NULL-derefer.patch new file mode 100644 index 0000000..eb6d42e --- /dev/null +++ b/0022-tools-oxenstored-syslog-Avoid-potential-NULL-derefer.patch @@ -0,0 +1,55 @@ +From 91a9ac6e9be5aa94020f5c482e6c51b581e2ea39 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> +Date: Tue, 8 Nov 2022 14:24:19 +0000 +Subject: [PATCH 22/89] tools/oxenstored/syslog: Avoid potential NULL + dereference +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +strdup() may return NULL. Check for this before passing to syslog(). + +Drop const from c_msg. It is bogus, as demonstrated by the need to cast to +void * in order to free the memory. + +Signed-off-by: Edwin Török <edvin.torok@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit acd3fb6d65905f8a185dcb9fe6a330a591b96203) +--- + tools/ocaml/xenstored/syslog_stubs.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/tools/ocaml/xenstored/syslog_stubs.c b/tools/ocaml/xenstored/syslog_stubs.c +index 875d48ad57..e16c3a9491 100644 +--- a/tools/ocaml/xenstored/syslog_stubs.c ++++ b/tools/ocaml/xenstored/syslog_stubs.c +@@ -14,6 +14,7 @@ + + #include <syslog.h> + #include <string.h> ++#include <caml/fail.h> + #include <caml/mlvalues.h> + #include <caml/memory.h> + #include <caml/alloc.h> +@@ -35,14 +36,16 @@ static int __syslog_facility_table[] = { + value stub_syslog(value facility, value level, value msg) + { + CAMLparam3(facility, level, msg); +- const char *c_msg = strdup(String_val(msg)); ++ char *c_msg = strdup(String_val(msg)); + int c_facility = __syslog_facility_table[Int_val(facility)] + | __syslog_level_table[Int_val(level)]; + ++ if ( !c_msg ) ++ caml_raise_out_of_memory(); + caml_enter_blocking_section(); + syslog(c_facility, "%s", c_msg); + caml_leave_blocking_section(); + +- free((void*)c_msg); ++ free(c_msg); + CAMLreturn(Val_unit); + } +-- +2.40.0 + diff --git a/0023-tools-oxenstored-Render-backtraces-more-nicely-in-Sy.patch b/0023-tools-oxenstored-Render-backtraces-more-nicely-in-Sy.patch new file mode 100644 index 0000000..c0343d0 --- /dev/null +++ b/0023-tools-oxenstored-Render-backtraces-more-nicely-in-Sy.patch @@ -0,0 +1,83 @@ +From c4972a4272690384b15d5706f2a833aed636895e Mon Sep 17 00:00:00 2001 +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Thu, 1 Dec 2022 21:06:25 +0000 +Subject: [PATCH 23/89] tools/oxenstored: Render backtraces more nicely in + Syslog + +fallback_exception_handler feeds a string with embedded newlines directly into +syslog(). While this is an improvement on getting nothing, syslogd escapes +all control characters it gets, and emits one (long) log line. + +Fix the problem generally in the syslog stub. As we already have a local copy +of the string, split it in place and emit one syslog() call per line. + +Also tweak Logging.msg_of to avoid putting an extra newline on a string which +already ends with one. + +Fixes: ee7815f49faf ("tools/oxenstored: Set uncaught exception handler") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Acked-by: Christian Lindig <christian.lindig@citrix.com> +(cherry picked from commit d2162d884cba0ff7b2ac0d832f4e044444bda2e1) +--- + tools/ocaml/xenstored/logging.ml | 2 +- + tools/ocaml/xenstored/syslog_stubs.c | 26 +++++++++++++++++++++++--- + 2 files changed, 24 insertions(+), 4 deletions(-) + +diff --git a/tools/ocaml/xenstored/logging.ml b/tools/ocaml/xenstored/logging.ml +index 255051437d..f233bc9a39 100644 +--- a/tools/ocaml/xenstored/logging.ml ++++ b/tools/ocaml/xenstored/logging.ml +@@ -344,7 +344,7 @@ let watch_not_fired ~con perms path = + access_logging ~tid:0 ~con ~data Watch_not_fired ~level:Info + + let msg_of exn bt = +- Printf.sprintf "Fatal exception: %s\n%s\n" (Printexc.to_string exn) ++ Printf.sprintf "Fatal exception: %s\n%s" (Printexc.to_string exn) + (Printexc.raw_backtrace_to_string bt) + + let fallback_exception_handler exn bt = +diff --git a/tools/ocaml/xenstored/syslog_stubs.c b/tools/ocaml/xenstored/syslog_stubs.c +index e16c3a9491..760e78ff73 100644 +--- a/tools/ocaml/xenstored/syslog_stubs.c ++++ b/tools/ocaml/xenstored/syslog_stubs.c +@@ -37,14 +37,34 @@ value stub_syslog(value facility, value level, value msg) + { + CAMLparam3(facility, level, msg); + char *c_msg = strdup(String_val(msg)); ++ char *s = c_msg, *ss; + int c_facility = __syslog_facility_table[Int_val(facility)] + | __syslog_level_table[Int_val(level)]; + + if ( !c_msg ) + caml_raise_out_of_memory(); +- caml_enter_blocking_section(); +- syslog(c_facility, "%s", c_msg); +- caml_leave_blocking_section(); ++ ++ /* ++ * syslog() doesn't like embedded newlines, and c_msg generally ++ * contains them. ++ * ++ * Split the message in place by converting \n to \0, and issue one ++ * syslog() call per line, skipping the final iteration if c_msg ends ++ * with a newline anyway. ++ */ ++ do { ++ ss = strchr(s, '\n'); ++ if ( ss ) ++ *ss = '\0'; ++ else if ( *s == '\0' ) ++ break; ++ ++ caml_enter_blocking_section(); ++ syslog(c_facility, "%s", s); ++ caml_leave_blocking_section(); ++ ++ s = ss + 1; ++ } while ( ss ); + + free(c_msg); + CAMLreturn(Val_unit); +-- +2.40.0 + diff --git a/0024-Revert-tools-xenstore-simplify-loop-handling-connect.patch b/0024-Revert-tools-xenstore-simplify-loop-handling-connect.patch new file mode 100644 index 0000000..81481fc --- /dev/null +++ b/0024-Revert-tools-xenstore-simplify-loop-handling-connect.patch @@ -0,0 +1,136 @@ +From 2f8851c37f88e4eb4858e16626fcb2379db71a4f Mon Sep 17 00:00:00 2001 +From: Jason Andryuk <jandryuk@gmail.com> +Date: Thu, 26 Jan 2023 11:00:24 +0100 +Subject: [PATCH 24/89] Revert "tools/xenstore: simplify loop handling + connection I/O" + +I'm observing guest kexec trigger xenstored to abort on a double free. + +gdb output: +Program received signal SIGABRT, Aborted. +__pthread_kill_implementation (no_tid=0, signo=6, threadid=140645614258112) at ./nptl/pthread_kill.c:44 +44 ./nptl/pthread_kill.c: No such file or directory. +(gdb) bt + at ./nptl/pthread_kill.c:44 + at ./nptl/pthread_kill.c:78 + at ./nptl/pthread_kill.c:89 + at ../sysdeps/posix/raise.c:26 + at talloc.c:119 + ptr=ptr@entry=0x559fae724290) at talloc.c:232 + at xenstored_core.c:2945 +(gdb) frame 5 + at talloc.c:119 +119 TALLOC_ABORT("Bad talloc magic value - double free"); +(gdb) frame 7 + at xenstored_core.c:2945 +2945 talloc_increase_ref_count(conn); +(gdb) p conn +$1 = (struct connection *) 0x559fae724290 + +Looking at a xenstore trace, we have: +IN 0x559fae71f250 20230120 17:40:53 READ (/local/domain/3/image/device-model-dom +id ) +wrl: dom 0 1 msec 10000 credit 1000000 reserve 100 disc +ard +wrl: dom 3 1 msec 10000 credit 1000000 reserve 100 disc +ard +wrl: dom 0 0 msec 10000 credit 1000000 reserve 0 disc +ard +wrl: dom 3 0 msec 10000 credit 1000000 reserve 0 disc +ard +OUT 0x559fae71f250 20230120 17:40:53 ERROR (ENOENT ) +wrl: dom 0 1 msec 10000 credit 1000000 reserve 100 disc +ard +wrl: dom 3 1 msec 10000 credit 1000000 reserve 100 disc +ard +IN 0x559fae71f250 20230120 17:40:53 RELEASE (3 ) +DESTROY watch 0x559fae73f630 +DESTROY watch 0x559fae75ddf0 +DESTROY watch 0x559fae75ec30 +DESTROY watch 0x559fae75ea60 +DESTROY watch 0x559fae732c00 +DESTROY watch 0x559fae72cea0 +DESTROY watch 0x559fae728fc0 +DESTROY watch 0x559fae729570 +DESTROY connection 0x559fae724290 +orphaned node /local/domain/3/device/suspend/event-channel deleted +orphaned node /local/domain/3/device/vbd/51712 deleted +orphaned node /local/domain/3/device/vkbd/0 deleted +orphaned node /local/domain/3/device/vif/0 deleted +orphaned node /local/domain/3/control/shutdown deleted +orphaned node /local/domain/3/control/feature-poweroff deleted +orphaned node /local/domain/3/control/feature-reboot deleted +orphaned node /local/domain/3/control/feature-suspend deleted +orphaned node /local/domain/3/control/feature-s3 deleted +orphaned node /local/domain/3/control/feature-s4 deleted +orphaned node /local/domain/3/control/sysrq deleted +orphaned node /local/domain/3/data deleted +orphaned node /local/domain/3/drivers deleted +orphaned node /local/domain/3/feature deleted +orphaned node /local/domain/3/attr deleted +orphaned node /local/domain/3/error deleted +orphaned node /local/domain/3/console/backend-id deleted + +and no further output. + +The trace shows that DESTROY was called for connection 0x559fae724290, +but that is the same pointer (conn) main() was looping through from +connections. So it wasn't actually removed from the connections list? + +Reverting commit e8e6e42279a5 "tools/xenstore: simplify loop handling +connection I/O" fixes the abort/double free. I think the use of +list_for_each_entry_safe is incorrect. list_for_each_entry_safe makes +traversal safe for deleting the current iterator, but RELEASE/do_release +will delete some other entry in the connections list. I think the +observed abort is because list_for_each_entry has next pointing to the +deleted connection, and it is used in the subsequent iteration. + +Add a comment explaining the unsuitability of list_for_each_entry_safe. +Also notice that the old code takes a reference on next which would +prevents a use-after-free. + +This reverts commit e8e6e42279a5723239c5c40ba4c7f579a979465d. + +This is XSA-425/CVE-2022-42330. + +Fixes: e8e6e42279a5 ("tools/xenstore: simplify loop handling connection I/O") +Signed-off-by: Jason Andryuk <jandryuk@gmail.com> +Reviewed-by: Juergen Gross <jgross@suse.com> +Reviewed-by: Julien Grall <jgrall@amazon.com> +--- + tools/xenstore/xenstored_core.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/tools/xenstore/xenstored_core.c b/tools/xenstore/xenstored_core.c +index 476d5c6d51..56dbdc2530 100644 +--- a/tools/xenstore/xenstored_core.c ++++ b/tools/xenstore/xenstored_core.c +@@ -2935,8 +2935,23 @@ int main(int argc, char *argv[]) + } + } + +- list_for_each_entry_safe(conn, next, &connections, list) { +- talloc_increase_ref_count(conn); ++ /* ++ * list_for_each_entry_safe is not suitable here because ++ * handle_input may delete entries besides the current one, but ++ * those may be in the temporary next which would trigger a ++ * use-after-free. list_for_each_entry_safe is only safe for ++ * deleting the current entry. ++ */ ++ next = list_entry(connections.next, typeof(*conn), list); ++ if (&next->list != &connections) ++ talloc_increase_ref_count(next); ++ while (&next->list != &connections) { ++ conn = next; ++ ++ next = list_entry(conn->list.next, ++ typeof(*conn), list); ++ if (&next->list != &connections) ++ talloc_increase_ref_count(next); + + if (conn_can_read(conn)) + handle_input(conn); +-- +2.40.0 + diff --git a/0004-x86-S3-Restore-Xen-s-MSR_PAT-value-on-S3-resume.patch b/0025-x86-S3-Restore-Xen-s-MSR_PAT-value-on-S3-resume.patch index 3d1c089..142280f 100644 --- a/0004-x86-S3-Restore-Xen-s-MSR_PAT-value-on-S3-resume.patch +++ b/0025-x86-S3-Restore-Xen-s-MSR_PAT-value-on-S3-resume.patch @@ -1,7 +1,7 @@ -From 7b1b9849e8a0d7791866d6d21c45993dfe27836c Mon Sep 17 00:00:00 2001 +From a470a83c36c07b56d90957ae1e6e9ebc458d3686 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Tue, 7 Feb 2023 17:03:09 +0100 -Subject: [PATCH 04/61] x86/S3: Restore Xen's MSR_PAT value on S3 resume +Date: Tue, 7 Feb 2023 16:56:14 +0100 +Subject: [PATCH 25/89] x86/S3: Restore Xen's MSR_PAT value on S3 resume There are two paths in the trampoline, and Xen's PAT needs setting up in both, not just the boot path. diff --git a/0005-tools-Fix-build-with-recent-QEMU-use-enable-trace-ba.patch b/0026-tools-Fix-build-with-recent-QEMU-use-enable-trace-ba.patch index ff66a43..5d937d5 100644 --- a/0005-tools-Fix-build-with-recent-QEMU-use-enable-trace-ba.patch +++ b/0026-tools-Fix-build-with-recent-QEMU-use-enable-trace-ba.patch @@ -1,7 +1,7 @@ -From 998c03b2abfbf17ff96bccad1512de1ea18d0d75 Mon Sep 17 00:00:00 2001 +From 1d7a388e7b9711cbd7e14b2020b168b6789772af Mon Sep 17 00:00:00 2001 From: Anthony PERARD <anthony.perard@citrix.com> -Date: Tue, 7 Feb 2023 17:03:51 +0100 -Subject: [PATCH 05/61] tools: Fix build with recent QEMU, use +Date: Tue, 7 Feb 2023 16:57:22 +0100 +Subject: [PATCH 26/89] tools: Fix build with recent QEMU, use "--enable-trace-backends" The configure option "--enable-trace-backend" isn't accepted anymore @@ -30,7 +30,7 @@ master date: 2023-01-11 10:45:29 +0100 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/Makefile b/tools/Makefile -index 757a560be0..9b6b605ec9 100644 +index 9e28027835..4906fdbc23 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -218,9 +218,9 @@ subdir-all-qemu-xen-dir: qemu-xen-dir-find diff --git a/0027-include-compat-produce-stubs-for-headers-not-otherwi.patch b/0027-include-compat-produce-stubs-for-headers-not-otherwi.patch new file mode 100644 index 0000000..3528bd6 --- /dev/null +++ b/0027-include-compat-produce-stubs-for-headers-not-otherwi.patch @@ -0,0 +1,74 @@ +From c871e05e138aae2ac75e9b4ccebe6cf3fd1a775b Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Tue, 7 Feb 2023 16:57:52 +0100 +Subject: [PATCH 27/89] include/compat: produce stubs for headers not otherwise + generated + +Public headers can include other public headers. Such interdependencies +are retained in their compat counterparts. Since some compat headers are +generated only in certain configurations, the referenced headers still +need to exist. The lack thereof was observed with hvm/hvm_op.h needing +trace.h, where generation of the latter depends on TRACEBUFFER=y. Make +empty stubs in such cases (as generating the extra headers is relatively +slow and hence better to avoid). Changes to .config and incrementally +(re-)building is covered by the respective .*.cmd then no longer +matching the command to be used, resulting in the necessary re-creation +of the (possibly stub) header. + +Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> +master commit: 6bec713f871f21c6254a5783c1e39867ea828256 +master date: 2023-01-12 16:17:54 +0100 +--- + xen/include/Makefile | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/xen/include/Makefile b/xen/include/Makefile +index 65be310eca..cfd7851614 100644 +--- a/xen/include/Makefile ++++ b/xen/include/Makefile +@@ -34,6 +34,8 @@ headers-$(CONFIG_TRACEBUFFER) += compat/trace.h + headers-$(CONFIG_XENOPROF) += compat/xenoprof.h + headers-$(CONFIG_XSM_FLASK) += compat/xsm/flask_op.h + ++headers-n := $(filter-out $(headers-y),$(headers-n) $(headers-)) ++ + cppflags-y := -include public/xen-compat.h -DXEN_GENERATING_COMPAT_HEADERS + cppflags-$(CONFIG_X86) += -m32 + +@@ -43,13 +45,16 @@ public-$(CONFIG_X86) := $(wildcard $(srcdir)/public/arch-x86/*.h $(srcdir)/publi + public-$(CONFIG_ARM) := $(wildcard $(srcdir)/public/arch-arm/*.h $(srcdir)/public/arch-arm/*/*.h) + + .PHONY: all +-all: $(addprefix $(obj)/,$(headers-y)) ++all: $(addprefix $(obj)/,$(headers-y) $(headers-n)) + + quiet_cmd_compat_h = GEN $@ + cmd_compat_h = \ + $(PYTHON) $(srctree)/tools/compat-build-header.py <$< $(patsubst $(obj)/%,%,$@) >>$@.new; \ + mv -f $@.new $@ + ++quiet_cmd_stub_h = GEN $@ ++cmd_stub_h = echo '/* empty */' >$@ ++ + quiet_cmd_compat_i = CPP $@ + cmd_compat_i = $(CPP) $(filter-out -Wa$(comma)% -include %/include/xen/config.h,$(XEN_CFLAGS)) $(cppflags-y) -o $@ $< + +@@ -69,6 +74,13 @@ targets += $(headers-y) + $(obj)/compat/%.h: $(obj)/compat/%.i $(srctree)/tools/compat-build-header.py FORCE + $(call if_changed,compat_h) + ++# Placeholders may be needed in case files in $(headers-y) include files we ++# don't otherwise generate. Real dependencies would need spelling out explicitly, ++# for them to appear in $(headers-y) instead. ++targets += $(headers-n) ++$(addprefix $(obj)/,$(headers-n)): FORCE ++ $(call if_changed,stub_h) ++ + .PRECIOUS: $(obj)/compat/%.i + targets += $(patsubst %.h, %.i, $(headers-y)) + $(obj)/compat/%.i: $(obj)/compat/%.c FORCE +-- +2.40.0 + diff --git a/0006-x86-vmx-Calculate-model-specific-LBRs-once-at-start-.patch b/0028-x86-vmx-Calculate-model-specific-LBRs-once-at-start-.patch index c010110..8185bee 100644 --- a/0006-x86-vmx-Calculate-model-specific-LBRs-once-at-start-.patch +++ b/0028-x86-vmx-Calculate-model-specific-LBRs-once-at-start-.patch @@ -1,7 +1,7 @@ -From 401e9e33a04c2a9887636ef58490c764543f0538 Mon Sep 17 00:00:00 2001 +From 5e3250258afbace3e5dc3f31ac99c1eebf60f238 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Tue, 7 Feb 2023 17:04:18 +0100 -Subject: [PATCH 06/61] x86/vmx: Calculate model-specific LBRs once at start of +Date: Tue, 7 Feb 2023 16:58:25 +0100 +Subject: [PATCH 28/89] x86/vmx: Calculate model-specific LBRs once at start of day There is no point repeating this calculation at runtime, especially as it is @@ -23,10 +23,10 @@ master date: 2023-01-12 18:42:00 +0000 1 file changed, 139 insertions(+), 137 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c -index 3f42765313..bc308d9df2 100644 +index 7c81b80710..ad91464103 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -394,6 +394,142 @@ void vmx_pi_hooks_deassign(struct domain *d) +@@ -396,6 +396,142 @@ void vmx_pi_hooks_deassign(struct domain *d) domain_unpause(d); } @@ -87,7 +87,7 @@ index 3f42765313..bc308d9df2 100644 + { MSR_GM_LASTBRANCH_0_TO_IP, NUM_MSR_GM_LASTBRANCH_FROM_TO }, + { 0, 0 } +}; -+static const struct lbr_info *__read_mostly model_specific_lbr; ++static const struct lbr_info *__ro_after_init model_specific_lbr; + +static const struct lbr_info *__init get_model_specific_lbr(void) +{ @@ -166,18 +166,18 @@ index 3f42765313..bc308d9df2 100644 + return NULL; +} + - static int vmx_domain_initialise(struct domain *d) + static int cf_check vmx_domain_initialise(struct domain *d) { static const struct arch_csw csw = { -@@ -2812,6 +2948,7 @@ const struct hvm_function_table * __init start_vmx(void) - vmx_function_table.get_guest_bndcfgs = vmx_get_guest_bndcfgs; +@@ -2837,6 +2973,7 @@ const struct hvm_function_table * __init start_vmx(void) + vmx_function_table.tsc_scaling.setup = vmx_setup_tsc_scaling; } + model_specific_lbr = get_model_specific_lbr(); lbr_tsx_fixup_check(); ler_to_fixup_check(); -@@ -2958,141 +3095,6 @@ static int vmx_cr_access(cr_access_qual_t qual) +@@ -2983,141 +3120,6 @@ static int vmx_cr_access(cr_access_qual_t qual) return X86EMUL_OKAY; } @@ -319,7 +319,7 @@ index 3f42765313..bc308d9df2 100644 enum { LBR_FORMAT_32 = 0x0, /* 32-bit record format */ -@@ -3199,7 +3201,7 @@ static void __init ler_to_fixup_check(void) +@@ -3224,7 +3226,7 @@ static void __init ler_to_fixup_check(void) static int is_last_branch_msr(u32 ecx) { @@ -328,7 +328,7 @@ index 3f42765313..bc308d9df2 100644 if ( lbr == NULL ) return 0; -@@ -3536,7 +3538,7 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) +@@ -3563,7 +3565,7 @@ static int cf_check vmx_msr_write_intercept( if ( !(v->arch.hvm.vmx.lbr_flags & LBR_MSRS_INSERTED) && (msr_content & IA32_DEBUGCTLMSR_LBR) ) { diff --git a/0007-x86-vmx-Support-for-CPUs-without-model-specific-LBR.patch b/0029-x86-vmx-Support-for-CPUs-without-model-specific-LBR.patch index fc81a17..2f87b83 100644 --- a/0007-x86-vmx-Support-for-CPUs-without-model-specific-LBR.patch +++ b/0029-x86-vmx-Support-for-CPUs-without-model-specific-LBR.patch @@ -1,7 +1,7 @@ -From 9f425039ca50e8cc8db350ec54d8a7cd4175f417 Mon Sep 17 00:00:00 2001 +From e904d8ae01a0be53368c8c388f13bf4ffcbcdf6c Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Tue, 7 Feb 2023 17:04:49 +0100 -Subject: [PATCH 07/61] x86/vmx: Support for CPUs without model-specific LBR +Date: Tue, 7 Feb 2023 16:59:14 +0100 +Subject: [PATCH 29/89] x86/vmx: Support for CPUs without model-specific LBR Ice Lake (server at least) has both architectural LBR and model-specific LBR. Sapphire Rapids does not have model-specific LBR at all. I.e. On SPR and @@ -26,10 +26,10 @@ master date: 2023-01-12 18:42:00 +0000 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c -index bc308d9df2..094141be9a 100644 +index ad91464103..861f91f2af 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -3518,18 +3518,26 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) +@@ -3545,18 +3545,26 @@ static int cf_check vmx_msr_write_intercept( if ( msr_content & rsvd ) goto gp_fault; @@ -64,7 +64,7 @@ index bc308d9df2..094141be9a 100644 * * Either way, there is nothing we can do right now to recover, and * the guest won't execute correctly either. Simply crash the domain -@@ -3540,13 +3548,6 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) +@@ -3567,13 +3575,6 @@ static int cf_check vmx_msr_write_intercept( { const struct lbr_info *lbr = model_specific_lbr; diff --git a/0008-x86-shadow-fix-PAE-check-for-top-level-table-unshado.patch b/0030-x86-shadow-fix-PAE-check-for-top-level-table-unshado.patch index ab7862b..e2bb8df 100644 --- a/0008-x86-shadow-fix-PAE-check-for-top-level-table-unshado.patch +++ b/0030-x86-shadow-fix-PAE-check-for-top-level-table-unshado.patch @@ -1,7 +1,7 @@ -From 1550835b381a18fc0e972e5d04925e02fab31553 Mon Sep 17 00:00:00 2001 +From 2d74e7035bd060d662f1c4f8522377be8021be92 Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Tue, 7 Feb 2023 17:05:22 +0100 -Subject: [PATCH 08/61] x86/shadow: fix PAE check for top-level table +Date: Tue, 7 Feb 2023 16:59:54 +0100 +Subject: [PATCH 30/89] x86/shadow: fix PAE check for top-level table unshadowing Clearly within the for_each_vcpu() the vCPU of this loop is meant, not @@ -18,10 +18,10 @@ master date: 2023-01-20 09:23:42 +0100 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c -index c07af0bd99..f7acd18a36 100644 +index 2370b30602..671bf8c228 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c -@@ -2665,10 +2665,10 @@ static int sh_page_fault(struct vcpu *v, +@@ -2672,10 +2672,10 @@ static int cf_check sh_page_fault( #if GUEST_PAGING_LEVELS == 3 unsigned int i; diff --git a/0031-build-fix-building-flask-headers-before-descending-i.patch b/0031-build-fix-building-flask-headers-before-descending-i.patch new file mode 100644 index 0000000..273e795 --- /dev/null +++ b/0031-build-fix-building-flask-headers-before-descending-i.patch @@ -0,0 +1,50 @@ +From 819a5d4ed8b79e21843d5960a7ab8fbd16f28233 Mon Sep 17 00:00:00 2001 +From: Anthony PERARD <anthony.perard@citrix.com> +Date: Tue, 7 Feb 2023 17:00:29 +0100 +Subject: [PATCH 31/89] build: fix building flask headers before descending in + flask/ss/ + +Unfortunatly, adding prerequisite to "$(obj)/ss/built_in.o" doesn't +work because we have "$(obj)/%/built_in.o: $(obj)/% ;" in Rules.mk. +So, make is allow to try to build objects in "xsm/flask/ss/" before +generating the headers. + +Adding a prerequisite on "$(obj)/ss" instead will fix the issue as +that's the target used to run make in this subdirectory. + +Unfortunatly, that target is also used when running `make clean`, so +we want to ignore it in this case. $(MAKECMDGOALS) can't be used in +this case as it is empty, but we can guess which operation is done by +looking at the list of loaded makefiles. + +Fixes: 7a3bcd2babcc ("build: build everything from the root dir, use obj=$subdir") +Reported-by: "Daniel P. Smith" <dpsmith@apertussolutions.com> +Signed-off-by: Anthony PERARD <anthony.perard@citrix.com> +Acked-by: Daniel P. Smith <dpsmith@apertussolutions.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +master commit: d60324d8af9404014cfcc37bba09e9facfd02fcf +master date: 2023-01-23 15:03:58 +0100 +--- + xen/xsm/flask/Makefile | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/xen/xsm/flask/Makefile b/xen/xsm/flask/Makefile +index d25312f4fa..3fdcf7727e 100644 +--- a/xen/xsm/flask/Makefile ++++ b/xen/xsm/flask/Makefile +@@ -16,7 +16,11 @@ FLASK_H_FILES := flask.h class_to_string.h initial_sid_to_string.h + AV_H_FILES := av_perm_to_string.h av_permissions.h + ALL_H_FILES := $(addprefix include/,$(FLASK_H_FILES) $(AV_H_FILES)) + +-$(addprefix $(obj)/,$(obj-y)) $(obj)/ss/built_in.o: $(addprefix $(obj)/,$(ALL_H_FILES)) ++# Adding prerequisite to descending into ss/ folder only when not running ++# `make *clean`. ++ifeq ($(filter %/Makefile.clean,$(MAKEFILE_LIST)),) ++$(addprefix $(obj)/,$(obj-y)) $(obj)/ss: $(addprefix $(obj)/,$(ALL_H_FILES)) ++endif + extra-y += $(ALL_H_FILES) + + mkflask := $(srcdir)/policy/mkflask.sh +-- +2.40.0 + diff --git a/0009-ns16550-fix-an-incorrect-assignment-to-uart-io_size.patch b/0032-ns16550-fix-an-incorrect-assignment-to-uart-io_size.patch index 83e46c7..8b3a410 100644 --- a/0009-ns16550-fix-an-incorrect-assignment-to-uart-io_size.patch +++ b/0032-ns16550-fix-an-incorrect-assignment-to-uart-io_size.patch @@ -1,7 +1,7 @@ -From 0fd9ad2b9c0c9d9c4879a566f1788d3e9cd38ef6 Mon Sep 17 00:00:00 2001 +From d0127881376baeea1e4eb71d0f7b56d942147124 Mon Sep 17 00:00:00 2001 From: Ayan Kumar Halder <ayan.kumar.halder@amd.com> -Date: Tue, 7 Feb 2023 17:05:56 +0100 -Subject: [PATCH 09/61] ns16550: fix an incorrect assignment to uart->io_size +Date: Tue, 7 Feb 2023 17:00:47 +0100 +Subject: [PATCH 32/89] ns16550: fix an incorrect assignment to uart->io_size uart->io_size represents the size in bytes. Thus, when serial_port.bit_width is assigned to it, it should be converted to size in bytes. @@ -17,10 +17,10 @@ master date: 2023-01-24 16:54:38 +0100 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c -index 2d2bd2a024..5dd4d723f5 100644 +index 01a05c9aa8..ce013fb6a5 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c -@@ -1780,7 +1780,7 @@ static int __init ns16550_acpi_uart_init(const void *data) +@@ -1875,7 +1875,7 @@ static int __init ns16550_acpi_uart_init(const void *data) uart->parity = spcr->parity; uart->stop_bits = spcr->stop_bits; uart->io_base = spcr->serial_port.address; diff --git a/0010-libxl-fix-guest-kexec-skip-cpuid-policy.patch b/0033-libxl-fix-guest-kexec-skip-cpuid-policy.patch index 6150286..7eb3779 100644 --- a/0010-libxl-fix-guest-kexec-skip-cpuid-policy.patch +++ b/0033-libxl-fix-guest-kexec-skip-cpuid-policy.patch @@ -1,7 +1,7 @@ -From 6e081438bf8ef616d0123aab7a743476d8114ef6 Mon Sep 17 00:00:00 2001 +From 3dae50283d9819c691a97f15b133124c00d39a2f Mon Sep 17 00:00:00 2001 From: Jason Andryuk <jandryuk@gmail.com> -Date: Tue, 7 Feb 2023 17:06:47 +0100 -Subject: [PATCH 10/61] libxl: fix guest kexec - skip cpuid policy +Date: Tue, 7 Feb 2023 17:01:49 +0100 +Subject: [PATCH 33/89] libxl: fix guest kexec - skip cpuid policy When a domain performs a kexec (soft reset), libxl__build_pre() is called with the existing domid. Calling libxl__cpuid_legacy() on the @@ -30,10 +30,10 @@ master date: 2023-01-26 10:58:23 +0100 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_create.c b/tools/libs/light/libxl_create.c -index 885675591f..2e6357a9d7 100644 +index 612eacfc7f..dbee32b7b7 100644 --- a/tools/libs/light/libxl_create.c +++ b/tools/libs/light/libxl_create.c -@@ -2176,6 +2176,8 @@ static int do_domain_soft_reset(libxl_ctx *ctx, +@@ -2203,6 +2203,8 @@ static int do_domain_soft_reset(libxl_ctx *ctx, aop_console_how); cdcs->domid_out = &domid_out; @@ -43,10 +43,10 @@ index 885675591f..2e6357a9d7 100644 if (!dom_path) { LOGD(ERROR, domid, "failed to read domain path"); diff --git a/tools/libs/light/libxl_dom.c b/tools/libs/light/libxl_dom.c -index 73fccd9243..a2bd2395fa 100644 +index b454f988fb..f6311eea6e 100644 --- a/tools/libs/light/libxl_dom.c +++ b/tools/libs/light/libxl_dom.c -@@ -384,7 +384,7 @@ int libxl__build_pre(libxl__gc *gc, uint32_t domid, +@@ -382,7 +382,7 @@ int libxl__build_pre(libxl__gc *gc, uint32_t domid, /* Construct a CPUID policy, but only for brand new domains. Domains * being migrated-in/restored have CPUID handled during the * static_data_done() callback. */ @@ -56,10 +56,10 @@ index 73fccd9243..a2bd2395fa 100644 out: diff --git a/tools/libs/light/libxl_internal.h b/tools/libs/light/libxl_internal.h -index 0b4671318c..ee6a251700 100644 +index a7c447c10e..cae160351f 100644 --- a/tools/libs/light/libxl_internal.h +++ b/tools/libs/light/libxl_internal.h -@@ -1407,6 +1407,7 @@ typedef struct { +@@ -1406,6 +1406,7 @@ typedef struct { /* Whether this domain is being migrated/restored, or booting fresh. Only * applicable to the primary domain, not support domains (e.g. stub QEMU). */ bool restore; diff --git a/0011-tools-ocaml-xenctrl-Make-domain_getinfolist-tail-rec.patch b/0034-tools-ocaml-xenctrl-Make-domain_getinfolist-tail-rec.patch index 1d4455f..8f57d4e 100644 --- a/0011-tools-ocaml-xenctrl-Make-domain_getinfolist-tail-rec.patch +++ b/0034-tools-ocaml-xenctrl-Make-domain_getinfolist-tail-rec.patch @@ -1,7 +1,7 @@ -From c6a3d14df051bae0323af539e34cf5a65fba1112 Mon Sep 17 00:00:00 2001 +From 03f545b6cf3220b4647677b588e5525a781a4813 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> Date: Tue, 1 Nov 2022 17:59:16 +0000 -Subject: [PATCH 11/61] tools/ocaml/xenctrl: Make domain_getinfolist tail +Subject: [PATCH 34/89] tools/ocaml/xenctrl: Make domain_getinfolist tail recursive MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -31,10 +31,10 @@ Acked-by: Christian Lindig <christian.lindig@citrix.com> 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/tools/ocaml/libs/xc/xenctrl.ml b/tools/ocaml/libs/xc/xenctrl.ml -index 7503031d8f..f10b686215 100644 +index 83e39a8616..85b73a7f6f 100644 --- a/tools/ocaml/libs/xc/xenctrl.ml +++ b/tools/ocaml/libs/xc/xenctrl.ml -@@ -212,14 +212,25 @@ external domain_shutdown: handle -> domid -> shutdown_reason -> unit +@@ -222,14 +222,25 @@ external domain_shutdown: handle -> domid -> shutdown_reason -> unit external _domain_getinfolist: handle -> domid -> int -> domaininfo list = "stub_xc_domain_getinfolist" diff --git a/0012-tools-ocaml-xenctrl-Use-larger-chunksize-in-domain_g.patch b/0035-tools-ocaml-xenctrl-Use-larger-chunksize-in-domain_g.patch index fc352ad..6c64355 100644 --- a/0012-tools-ocaml-xenctrl-Use-larger-chunksize-in-domain_g.patch +++ b/0035-tools-ocaml-xenctrl-Use-larger-chunksize-in-domain_g.patch @@ -1,7 +1,7 @@ -From 8c66a2d88a9f17e5b5099fcb83231b7a1169ca25 Mon Sep 17 00:00:00 2001 +From 5d8f9cfa166c55a308856e7b021d778350edbd6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> Date: Tue, 1 Nov 2022 17:59:17 +0000 -Subject: [PATCH 12/61] tools/ocaml/xenctrl: Use larger chunksize in +Subject: [PATCH 35/89] tools/ocaml/xenctrl: Use larger chunksize in domain_getinfolist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -24,10 +24,10 @@ Acked-by: Christian Lindig <christian.lindig@citrix.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ocaml/libs/xc/xenctrl.ml b/tools/ocaml/libs/xc/xenctrl.ml -index f10b686215..b40c70d33f 100644 +index 85b73a7f6f..aa650533f7 100644 --- a/tools/ocaml/libs/xc/xenctrl.ml +++ b/tools/ocaml/libs/xc/xenctrl.ml -@@ -223,7 +223,7 @@ let rev_append_fold acc e = List.rev_append e acc +@@ -233,7 +233,7 @@ let rev_append_fold acc e = List.rev_append e acc let rev_concat lst = List.fold_left rev_append_fold [] lst let domain_getinfolist handle first_domain = diff --git a/0013-tools-ocaml-xb-mmap-Use-Data_abstract_val-wrapper.patch b/0036-tools-ocaml-xb-mmap-Use-Data_abstract_val-wrapper.patch index a999dd8..d6a324a 100644 --- a/0013-tools-ocaml-xb-mmap-Use-Data_abstract_val-wrapper.patch +++ b/0036-tools-ocaml-xb-mmap-Use-Data_abstract_val-wrapper.patch @@ -1,7 +1,7 @@ -From 049d16c8ce900dfc8f4b657849aeb82b95ed857c Mon Sep 17 00:00:00 2001 +From 7d516fc87637dc551494f8eca08f106f578f7112 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> Date: Fri, 16 Dec 2022 18:25:10 +0000 -Subject: [PATCH 13/61] tools/ocaml/xb,mmap: Use Data_abstract_val wrapper +Subject: [PATCH 36/89] tools/ocaml/xb,mmap: Use Data_abstract_val wrapper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0014-tools-ocaml-xb-Drop-Xs_ring.write.patch b/0037-tools-ocaml-xb-Drop-Xs_ring.write.patch index 813f041..226ae52 100644 --- a/0014-tools-ocaml-xb-Drop-Xs_ring.write.patch +++ b/0037-tools-ocaml-xb-Drop-Xs_ring.write.patch @@ -1,7 +1,7 @@ -From f7c4fab9b50af74d0e1170fbf35367ced48d8209 Mon Sep 17 00:00:00 2001 +From f0e653fb4aea77210b8096c170e82de3c2039d89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> Date: Fri, 16 Dec 2022 18:25:20 +0000 -Subject: [PATCH 14/61] tools/ocaml/xb: Drop Xs_ring.write +Subject: [PATCH 37/89] tools/ocaml/xb: Drop Xs_ring.write MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0015-tools-oxenstored-validate-config-file-before-live-up.patch b/0038-tools-oxenstored-validate-config-file-before-live-up.patch index f65fbd6..5b7f58a 100644 --- a/0015-tools-oxenstored-validate-config-file-before-live-up.patch +++ b/0038-tools-oxenstored-validate-config-file-before-live-up.patch @@ -1,7 +1,7 @@ -From fd1c70442d3aa962be4d041d5f8fce9d2fa72ce1 Mon Sep 17 00:00:00 2001 +From e74d868b48d55dfb20f5a41ec20fbec93d8e5deb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edvin.torok@citrix.com> Date: Tue, 11 May 2021 15:56:50 +0000 -Subject: [PATCH 15/61] tools/oxenstored: validate config file before live +Subject: [PATCH 38/89] tools/oxenstored: validate config file before live update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0016-tools-ocaml-libs-Don-t-declare-stubs-as-taking-void.patch b/0039-tools-ocaml-libs-Don-t-declare-stubs-as-taking-void.patch index a64d657..c967391 100644 --- a/0016-tools-ocaml-libs-Don-t-declare-stubs-as-taking-void.patch +++ b/0039-tools-ocaml-libs-Don-t-declare-stubs-as-taking-void.patch @@ -1,7 +1,7 @@ -From 552e5f28d411c1a1a92f2fd3592a76e74f47610b Mon Sep 17 00:00:00 2001 +From 2c21e1bee6d62cbd523069e839086addf35da9f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com> Date: Thu, 12 Jan 2023 11:28:29 +0000 -Subject: [PATCH 16/61] tools/ocaml/libs: Don't declare stubs as taking void +Subject: [PATCH 39/89] tools/ocaml/libs: Don't declare stubs as taking void MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -41,7 +41,7 @@ index 3065181a55..97116b0782 100644 CAMLprim value stub_header_of_string(value s) diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c -index 5b4fe72c8d..434fc0345b 100644 +index f37848ae0b..6eb0ea69da 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -67,9 +67,9 @@ static void Noreturn failwith_xc(xc_interface *xch) diff --git a/0017-tools-ocaml-libs-Allocate-the-correct-amount-of-memo.patch b/0040-tools-ocaml-libs-Allocate-the-correct-amount-of-memo.patch index 9fa8d08..5a26683 100644 --- a/0017-tools-ocaml-libs-Allocate-the-correct-amount-of-memo.patch +++ b/0040-tools-ocaml-libs-Allocate-the-correct-amount-of-memo.patch @@ -1,7 +1,7 @@ -From 6d66fb984cc768406158353cabf9a55652b0dea7 Mon Sep 17 00:00:00 2001 +From 5797b798a542a7e5be34698463152cb92f18776f Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> Date: Tue, 31 Jan 2023 10:59:42 +0000 -Subject: [PATCH 17/61] tools/ocaml/libs: Allocate the correct amount of memory +Subject: [PATCH 40/89] tools/ocaml/libs: Allocate the correct amount of memory for Abstract_tag caml_alloc() takes units of Wsize (word size), not bytes. As a consequence, @@ -23,12 +23,12 @@ Acked-by: Christian Lindig <christian.lindig@citrix.com> 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/tools/ocaml/libs/mmap/Makefile b/tools/ocaml/libs/mmap/Makefile -index df45819df5..a3bd75e33a 100644 +index a621537135..855b8b2c98 100644 --- a/tools/ocaml/libs/mmap/Makefile +++ b/tools/ocaml/libs/mmap/Makefile -@@ -2,6 +2,8 @@ TOPLEVEL=$(CURDIR)/../.. - XEN_ROOT=$(TOPLEVEL)/../.. - include $(TOPLEVEL)/common.make +@@ -2,6 +2,8 @@ OCAML_TOPLEVEL=$(CURDIR)/../.. + XEN_ROOT=$(OCAML_TOPLEVEL)/../.. + include $(OCAML_TOPLEVEL)/common.make +CFLAGS += $(CFLAGS_xeninclude) + @@ -60,10 +60,10 @@ index e03951d781..d623ad390e 100644 if (mmap_interface_init(Intf_val(result), Int_val(fd), c_pflag, c_mflag, diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c -index 434fc0345b..ec64341a9a 100644 +index 6eb0ea69da..e25367531b 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c -@@ -940,7 +940,10 @@ CAMLprim value stub_map_foreign_range(value xch, value dom, +@@ -956,7 +956,10 @@ CAMLprim value stub_map_foreign_range(value xch, value dom, uint32_t c_dom; unsigned long c_mfn; diff --git a/0018-tools-ocaml-evtchn-Don-t-reference-Custom-objects-wi.patch b/0041-tools-ocaml-evtchn-Don-t-reference-Custom-objects-wi.patch index 8e1c860..cabcdd0 100644 --- a/0018-tools-ocaml-evtchn-Don-t-reference-Custom-objects-wi.patch +++ b/0041-tools-ocaml-evtchn-Don-t-reference-Custom-objects-wi.patch @@ -1,7 +1,7 @@ -From e18faeb91e620624106b94c8821f8c9574eddb17 Mon Sep 17 00:00:00 2001 +From 021b82cc0c71ba592439f175c1ededa800b172a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com> Date: Thu, 12 Jan 2023 17:48:29 +0000 -Subject: [PATCH 18/61] tools/ocaml/evtchn: Don't reference Custom objects with +Subject: [PATCH 41/89] tools/ocaml/evtchn: Don't reference Custom objects with the GC lock released MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0019-tools-ocaml-xc-Fix-binding-for-xc_domain_assign_devi.patch b/0042-tools-ocaml-xc-Fix-binding-for-xc_domain_assign_devi.patch index 5571446..ac3e86d 100644 --- a/0019-tools-ocaml-xc-Fix-binding-for-xc_domain_assign_devi.patch +++ b/0042-tools-ocaml-xc-Fix-binding-for-xc_domain_assign_devi.patch @@ -1,7 +1,7 @@ -From 854013084e2c6267af7787df8b35d85646f79a54 Mon Sep 17 00:00:00 2001 +From afdcc108566e5a4ee352b6427c98ebad6885a81d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com> Date: Thu, 12 Jan 2023 11:38:38 +0000 -Subject: [PATCH 19/61] tools/ocaml/xc: Fix binding for +Subject: [PATCH 42/89] tools/ocaml/xc: Fix binding for xc_domain_assign_device() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -28,10 +28,10 @@ Acked-by: Christian Lindig <christian.lindig@citrix.com> 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c -index ec64341a9a..e2efcbe182 100644 +index e25367531b..f376d94334 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c -@@ -1123,17 +1123,12 @@ CAMLprim value stub_xc_domain_test_assign_device(value xch, value domid, value d +@@ -1139,17 +1139,12 @@ CAMLprim value stub_xc_domain_test_assign_device(value xch, value domid, value d CAMLreturn(Val_bool(ret == 0)); } @@ -52,7 +52,7 @@ index ec64341a9a..e2efcbe182 100644 domain = Int_val(Field(desc, 0)); bus = Int_val(Field(desc, 1)); -@@ -1141,10 +1136,8 @@ CAMLprim value stub_xc_domain_assign_device(value xch, value domid, value desc, +@@ -1157,10 +1152,8 @@ CAMLprim value stub_xc_domain_assign_device(value xch, value domid, value desc, func = Int_val(Field(desc, 3)); sbdf = encode_sbdf(domain, bus, dev, func); diff --git a/0020-tools-ocaml-xc-Don-t-reference-Abstract_Tag-objects-.patch b/0043-tools-ocaml-xc-Don-t-reference-Abstract_Tag-objects-.patch index a829d36..b7fec46 100644 --- a/0020-tools-ocaml-xc-Don-t-reference-Abstract_Tag-objects-.patch +++ b/0043-tools-ocaml-xc-Don-t-reference-Abstract_Tag-objects-.patch @@ -1,7 +1,7 @@ -From 1fdff77e26290ae1ed40e8253959d12a0c4b3d3f Mon Sep 17 00:00:00 2001 +From bf935b1ff7cc76b2d25f877e56a359afaafcac1f Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> Date: Tue, 31 Jan 2023 17:19:30 +0000 -Subject: [PATCH 20/61] tools/ocaml/xc: Don't reference Abstract_Tag objects +Subject: [PATCH 43/89] tools/ocaml/xc: Don't reference Abstract_Tag objects with the GC lock released The intf->{addr,len} references in the xc_map_foreign_range() call are unsafe. @@ -30,10 +30,10 @@ Acked-by: Christian Lindig <christian.lindig@citrix.com> 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenctrl_stubs.c -index e2efcbe182..0a0fe45c54 100644 +index f376d94334..facb561577 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c -@@ -937,26 +937,25 @@ CAMLprim value stub_map_foreign_range(value xch, value dom, +@@ -953,26 +953,25 @@ CAMLprim value stub_map_foreign_range(value xch, value dom, CAMLparam4(xch, dom, size, mfn); CAMLlocal1(result); struct mmap_interface *intf; diff --git a/0021-tools-ocaml-libs-Fix-memory-resource-leaks-with-caml.patch b/0044-tools-ocaml-libs-Fix-memory-resource-leaks-with-caml.patch index 8ed7dfa..8876ab7 100644 --- a/0021-tools-ocaml-libs-Fix-memory-resource-leaks-with-caml.patch +++ b/0044-tools-ocaml-libs-Fix-memory-resource-leaks-with-caml.patch @@ -1,7 +1,7 @@ -From 1b6acdeeb2323c53d841356da50440e274e7bf9a Mon Sep 17 00:00:00 2001 +From 587823eca162d063027faf1826ec3544f0a06e78 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> Date: Wed, 1 Feb 2023 11:27:42 +0000 -Subject: [PATCH 21/61] tools/ocaml/libs: Fix memory/resource leaks with +Subject: [PATCH 44/89] tools/ocaml/libs: Fix memory/resource leaks with caml_alloc_custom() All caml_alloc_*() functions can throw exceptions, and longjump out of diff --git a/0022-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-P.patch b/0045-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-P.patch index 1d1edb0..1720bdd 100644 --- a/0022-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-P.patch +++ b/0045-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-P.patch @@ -1,7 +1,7 @@ -From d4e286db89d80c862b4a24bf971dd71008c8b53e Mon Sep 17 00:00:00 2001 +From 3685e754e6017c616769b28133286d06bf07b613 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> Date: Thu, 8 Sep 2022 21:27:58 +0100 -Subject: [PATCH 22/61] x86/spec-ctrl: Mitigate Cross-Thread Return Address +Subject: [PATCH 45/89] x86/spec-ctrl: Mitigate Cross-Thread Return Address Predictions This is XSA-426 / CVE-2022-27672 @@ -10,17 +10,17 @@ Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> (cherry picked from commit 63305e5392ec2d17b85e7996a97462744425db80) --- - docs/misc/xen-command-line.pandoc | 2 +- - xen/arch/x86/spec_ctrl.c | 31 ++++++++++++++++++++++++++++--- - xen/include/asm-x86/cpufeatures.h | 3 ++- - xen/include/asm-x86/spec_ctrl.h | 15 +++++++++++++++ + docs/misc/xen-command-line.pandoc | 2 +- + xen/arch/x86/include/asm/cpufeatures.h | 3 ++- + xen/arch/x86/include/asm/spec_ctrl.h | 15 +++++++++++++ + xen/arch/x86/spec_ctrl.c | 31 +++++++++++++++++++++++--- 4 files changed, 46 insertions(+), 5 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc -index bd6826d0ae..b3f60cd923 100644 +index 424b12cfb2..e7fe8b0cc9 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc -@@ -2275,7 +2275,7 @@ guests to use. +@@ -2343,7 +2343,7 @@ guests to use. on entry and exit. These blocks are necessary to virtualise support for guests and if disabled, guests will be unable to use IBRS/STIBP/SSBD/etc. * `rsb=` offers control over whether to overwrite the Return Stack Buffer / @@ -29,11 +29,51 @@ index bd6826d0ae..b3f60cd923 100644 * `md-clear=` offers control over whether to use VERW to flush microarchitectural buffers on idle and exit from Xen. *Note: For compatibility with development versions of this fix, `mds=` is also accepted +diff --git a/xen/arch/x86/include/asm/cpufeatures.h b/xen/arch/x86/include/asm/cpufeatures.h +index 865f110986..da0593de85 100644 +--- a/xen/arch/x86/include/asm/cpufeatures.h ++++ b/xen/arch/x86/include/asm/cpufeatures.h +@@ -35,7 +35,8 @@ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM + XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ + XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ + XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ +-/* Bits 23,24 unused. */ ++/* Bits 23 unused. */ ++XEN_CPUFEATURE(SC_RSB_IDLE, X86_SYNTH(24)) /* RSB overwrite needed for idle. */ + XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ + XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ + XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ +diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h +index 6a77c39378..391973ef6a 100644 +--- a/xen/arch/x86/include/asm/spec_ctrl.h ++++ b/xen/arch/x86/include/asm/spec_ctrl.h +@@ -159,6 +159,21 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) + */ + alternative_input("", "verw %[sel]", X86_FEATURE_SC_VERW_IDLE, + [sel] "m" (info->verw_sel)); ++ ++ /* ++ * Cross-Thread Return Address Predictions: ++ * ++ * On vulnerable systems, the return predictions (RSB/RAS) are statically ++ * partitioned between active threads. When entering idle, our entries ++ * are re-partitioned to allow the other threads to use them. ++ * ++ * In some cases, we might still have guest entries in the RAS, so flush ++ * them before injecting them sideways to our sibling thread. ++ * ++ * (ab)use alternative_input() to specify clobbers. ++ */ ++ alternative_input("", "DO_OVERWRITE_RSB", X86_FEATURE_SC_RSB_IDLE, ++ : "rax", "rcx"); + } + + /* WARNING! `ret`, `call *`, `jmp *` not safe before this call. */ diff --git a/xen/arch/x86/spec_ctrl.c b/xen/arch/x86/spec_ctrl.c -index 90d86fe5cb..14649d92f5 100644 +index a320b81947..e80e2a5ed1 100644 --- a/xen/arch/x86/spec_ctrl.c +++ b/xen/arch/x86/spec_ctrl.c -@@ -1317,13 +1317,38 @@ void __init init_speculation_mitigations(void) +@@ -1327,13 +1327,38 @@ void __init init_speculation_mitigations(void) * 3) Some CPUs have RSBs which are not full width, which allow the * attacker's entries to alias Xen addresses. * @@ -75,46 +115,6 @@ index 90d86fe5cb..14649d92f5 100644 if ( opt_rsb_pv ) { -diff --git a/xen/include/asm-x86/cpufeatures.h b/xen/include/asm-x86/cpufeatures.h -index ecc1bb0950..ccf9d7287c 100644 ---- a/xen/include/asm-x86/cpufeatures.h -+++ b/xen/include/asm-x86/cpufeatures.h -@@ -35,7 +35,8 @@ XEN_CPUFEATURE(SC_RSB_HVM, X86_SYNTH(19)) /* RSB overwrite needed for HVM - XEN_CPUFEATURE(XEN_SELFSNOOP, X86_SYNTH(20)) /* SELFSNOOP gets used by Xen itself */ - XEN_CPUFEATURE(SC_MSR_IDLE, X86_SYNTH(21)) /* Clear MSR_SPEC_CTRL on idle */ - XEN_CPUFEATURE(XEN_LBR, X86_SYNTH(22)) /* Xen uses MSR_DEBUGCTL.LBR */ --/* Bits 23,24 unused. */ -+/* Bits 23 unused. */ -+XEN_CPUFEATURE(SC_RSB_IDLE, X86_SYNTH(24)) /* RSB overwrite needed for idle. */ - XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */ - XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */ - XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */ -diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h -index 6a77c39378..391973ef6a 100644 ---- a/xen/include/asm-x86/spec_ctrl.h -+++ b/xen/include/asm-x86/spec_ctrl.h -@@ -159,6 +159,21 @@ static always_inline void spec_ctrl_enter_idle(struct cpu_info *info) - */ - alternative_input("", "verw %[sel]", X86_FEATURE_SC_VERW_IDLE, - [sel] "m" (info->verw_sel)); -+ -+ /* -+ * Cross-Thread Return Address Predictions: -+ * -+ * On vulnerable systems, the return predictions (RSB/RAS) are statically -+ * partitioned between active threads. When entering idle, our entries -+ * are re-partitioned to allow the other threads to use them. -+ * -+ * In some cases, we might still have guest entries in the RAS, so flush -+ * them before injecting them sideways to our sibling thread. -+ * -+ * (ab)use alternative_input() to specify clobbers. -+ */ -+ alternative_input("", "DO_OVERWRITE_RSB", X86_FEATURE_SC_RSB_IDLE, -+ : "rax", "rcx"); - } - - /* WARNING! `ret`, `call *`, `jmp *` not safe before this call. */ -- 2.40.0 diff --git a/0023-automation-Remove-clang-8-from-Debian-unstable-conta.patch b/0046-automation-Remove-clang-8-from-Debian-unstable-conta.patch index 36dfb4f..6fc3323 100644 --- a/0023-automation-Remove-clang-8-from-Debian-unstable-conta.patch +++ b/0046-automation-Remove-clang-8-from-Debian-unstable-conta.patch @@ -1,7 +1,7 @@ -From 0802504627453a54b1ab408b6e9dc8b5c561172d Mon Sep 17 00:00:00 2001 +From aaf74a532c02017998492c0bf60a9c6be3332f20 Mon Sep 17 00:00:00 2001 From: Anthony PERARD <anthony.perard@citrix.com> Date: Tue, 21 Feb 2023 16:55:38 +0000 -Subject: [PATCH 23/61] automation: Remove clang-8 from Debian unstable +Subject: [PATCH 46/89] automation: Remove clang-8 from Debian unstable container First, apt complain that it isn't the right way to add keys anymore, @@ -39,10 +39,10 @@ index dc119fa0b4..0000000000 -deb http://apt.llvm.org/unstable/ llvm-toolchain-8 main -deb-src http://apt.llvm.org/unstable/ llvm-toolchain-8 main diff --git a/automation/build/debian/unstable.dockerfile b/automation/build/debian/unstable.dockerfile -index bd61cd12c2..828afa2e1e 100644 +index 9de766d596..b560337b7a 100644 --- a/automation/build/debian/unstable.dockerfile +++ b/automation/build/debian/unstable.dockerfile -@@ -52,15 +52,3 @@ RUN apt-get update && \ +@@ -51,15 +51,3 @@ RUN apt-get update && \ apt-get autoremove -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* @@ -59,10 +59,10 @@ index bd61cd12c2..828afa2e1e 100644 - apt-get clean && \ - rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml -index fdd5c76582..06a75a8c5a 100644 +index 716ee0b1e4..bed161b471 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml -@@ -304,16 +304,6 @@ debian-unstable-clang-debug: +@@ -312,16 +312,6 @@ debian-unstable-clang-debug: variables: CONTAINER: debian:unstable diff --git a/0024-libs-util-Fix-parallel-build-between-flex-bison-and-.patch b/0047-libs-util-Fix-parallel-build-between-flex-bison-and-.patch index 6164878..f3e6d36 100644 --- a/0024-libs-util-Fix-parallel-build-between-flex-bison-and-.patch +++ b/0047-libs-util-Fix-parallel-build-between-flex-bison-and-.patch @@ -1,7 +1,7 @@ -From e4b5dff3d06421847761669a3676bef1f23e705a Mon Sep 17 00:00:00 2001 +From c622b8ace93cc38c73f47f5044dc3663ef93f815 Mon Sep 17 00:00:00 2001 From: Anthony PERARD <anthony.perard@citrix.com> -Date: Fri, 3 Mar 2023 08:06:23 +0100 -Subject: [PATCH 24/61] libs/util: Fix parallel build between flex/bison and CC +Date: Fri, 3 Mar 2023 07:55:24 +0100 +Subject: [PATCH 47/89] libs/util: Fix parallel build between flex/bison and CC rules flex/bison generate two targets, and when those targets are @@ -27,12 +27,12 @@ master date: 2023-02-09 18:26:17 +0000 1 file changed, 8 insertions(+) diff --git a/tools/libs/util/Makefile b/tools/libs/util/Makefile -index b739360be7..977849c056 100644 +index 493d2e00be..fee4ea0dc7 100644 --- a/tools/libs/util/Makefile +++ b/tools/libs/util/Makefile -@@ -41,6 +41,14 @@ include $(XEN_ROOT)/tools/libs/libs.mk +@@ -40,6 +40,14 @@ include $(XEN_ROOT)/tools/libs/libs.mk - $(LIB_OBJS) $(PIC_OBJS): $(AUTOINCS) _paths.h + $(OBJS-y) $(PIC_OBJS): $(AUTOINCS) +# Adding the .c conterparts of the headers generated by flex/bison as +# prerequisite of all objects. @@ -40,7 +40,7 @@ index b739360be7..977849c056 100644 +# header, it should still wait for the .c file to be rebuilt. +# Otherwise, make doesn't considered "%.c %.h" as grouped targets, and will run +# the flex/bison rules in parallel of CC rules which only need the header. -+$(LIB_OBJS) $(PIC_OBJS): libxlu_cfg_l.c libxlu_cfg_y.c libxlu_disk_l.c ++$(OBJS-y) $(PIC_OBJS): libxlu_cfg_l.c libxlu_cfg_y.c libxlu_disk_l.c + %.c %.h:: %.y @rm -f $*.[ch] diff --git a/0025-x86-cpuid-Infrastructure-for-leaves-7-1-ecx-edx.patch b/0048-x86-cpuid-Infrastructure-for-leaves-7-1-ecx-edx.patch index e73f62d..46c48de 100644 --- a/0025-x86-cpuid-Infrastructure-for-leaves-7-1-ecx-edx.patch +++ b/0048-x86-cpuid-Infrastructure-for-leaves-7-1-ecx-edx.patch @@ -1,7 +1,7 @@ -From 2094f834b85d32233c76763b014bc8764c3e36b1 Mon Sep 17 00:00:00 2001 +From cdc23d47ad85e756540eaa8655ebc2a0445612ed Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 3 Mar 2023 08:06:44 +0100 -Subject: [PATCH 25/61] x86/cpuid: Infrastructure for leaves 7:1{ecx,edx} +Date: Fri, 3 Mar 2023 07:55:54 +0100 +Subject: [PATCH 48/89] x86/cpuid: Infrastructure for leaves 7:1{ecx,edx} We don't actually need ecx yet, but adding it in now will reduce the amount to which leaf 7 is out of order in a featureset. @@ -14,15 +14,15 @@ master date: 2023-02-09 18:26:17 +0000 tools/misc/xen-cpuid.c | 10 ++++++++++ xen/arch/x86/cpu/common.c | 3 ++- xen/include/public/arch-x86/cpufeatureset.h | 4 ++++ - xen/include/xen/lib/x86/cpuid.h | 17 +++++++++++++++-- - 4 files changed, 31 insertions(+), 3 deletions(-) + xen/include/xen/lib/x86/cpuid.h | 15 ++++++++++++++- + 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c -index cd094427dd..3cfbbf043f 100644 +index d5833e9ce8..addb3a39a1 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c -@@ -198,6 +198,14 @@ static const char *const str_7b1[32] = - { +@@ -202,6 +202,14 @@ static const char *const str_7b1[32] = + [ 0] = "ppin", }; +static const char *const str_7c1[32] = @@ -36,7 +36,7 @@ index cd094427dd..3cfbbf043f 100644 static const char *const str_7d2[32] = { [ 0] = "intel-psfd", -@@ -223,6 +231,8 @@ static const struct { +@@ -229,6 +237,8 @@ static const struct { { "0x80000021.eax", "e21a", str_e21a }, { "0x00000007:1.ebx", "7b1", str_7b1 }, { "0x00000007:2.edx", "7d2", str_7d2 }, @@ -46,10 +46,10 @@ index cd094427dd..3cfbbf043f 100644 #define COL_ALIGN "18" diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c -index 9ce148a666..8222de6461 100644 +index 0412dbc915..b3fcf4680f 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c -@@ -448,7 +448,8 @@ static void generic_identify(struct cpuinfo_x86 *c) +@@ -450,7 +450,8 @@ static void generic_identify(struct cpuinfo_x86 *c) cpuid_count(7, 1, &c->x86_capability[FEATURESET_7a1], &c->x86_capability[FEATURESET_7b1], @@ -60,12 +60,12 @@ index 9ce148a666..8222de6461 100644 cpuid_count(7, 2, &tmp, &tmp, &tmp, diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h -index e073122140..0b01ca5e8f 100644 +index 7915f5826f..f43cdcd0f9 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h -@@ -304,6 +304,10 @@ XEN_CPUFEATURE(NSCB, 11*32+ 6) /*A Null Selector Clears Base (and - /* Intel-defined CPU features, CPUID level 0x00000007:2.edx, word 13 */ - XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ +@@ -295,6 +295,10 @@ XEN_CPUFEATURE(RRSBA_CTRL, 13*32+ 2) /* MSR_SPEC_CTRL.RRSBA_DIS_* */ + XEN_CPUFEATURE(BHI_CTRL, 13*32+ 4) /* MSR_SPEC_CTRL.BHI_DIS_S */ + XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ +/* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ + @@ -75,15 +75,13 @@ index e073122140..0b01ca5e8f 100644 /* Clean up from a default include. Close the enum (for C). */ diff --git a/xen/include/xen/lib/x86/cpuid.h b/xen/include/xen/lib/x86/cpuid.h -index 50be07c0eb..fa98b371ee 100644 +index 73a5c33036..fa98b371ee 100644 --- a/xen/include/xen/lib/x86/cpuid.h +++ b/xen/include/xen/lib/x86/cpuid.h -@@ -17,7 +17,9 @@ - #define FEATURESET_7a1 10 /* 0x00000007:1.eax */ +@@ -18,6 +18,8 @@ #define FEATURESET_e21a 11 /* 0x80000021.eax */ #define FEATURESET_7b1 12 /* 0x00000007:1.ebx */ --#define FEATURESET_7d2 13 /* 0x80000007:2.edx */ -+#define FEATURESET_7d2 13 /* 0x00000007:2.edx */ + #define FEATURESET_7d2 13 /* 0x00000007:2.edx */ +#define FEATURESET_7c1 14 /* 0x00000007:1.ecx */ +#define FEATURESET_7d1 15 /* 0x00000007:1.edx */ diff --git a/0026-x86-shskt-Disable-CET-SS-on-parts-susceptible-to-fra.patch b/0049-x86-shskt-Disable-CET-SS-on-parts-susceptible-to-fra.patch index 7fd4031..a34217e 100644 --- a/0026-x86-shskt-Disable-CET-SS-on-parts-susceptible-to-fra.patch +++ b/0049-x86-shskt-Disable-CET-SS-on-parts-susceptible-to-fra.patch @@ -1,7 +1,7 @@ -From 5857cc632b884711c172c5766b8fbba59f990b47 Mon Sep 17 00:00:00 2001 +From 8202b9cf84674c5b23a89c4b8722afbb9787f917 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 3 Mar 2023 08:12:24 +0100 -Subject: [PATCH 26/61] x86/shskt: Disable CET-SS on parts susceptible to +Date: Fri, 3 Mar 2023 07:56:16 +0100 +Subject: [PATCH 49/89] x86/shskt: Disable CET-SS on parts susceptible to fractured updates Refer to Intel SDM Rev 70 (Dec 2022), Vol3 17.2.3 "Supervisor Shadow Stack @@ -36,13 +36,13 @@ master date: 2023-02-09 18:26:17 +0000 docs/misc/xen-command-line.pandoc | 7 +++- tools/libs/light/libxl_cpuid.c | 2 + tools/misc/xen-cpuid.c | 1 + - xen/arch/x86/cpu/common.c | 8 +++- + xen/arch/x86/cpu/common.c | 11 ++++- xen/arch/x86/setup.c | 46 +++++++++++++++++---- xen/include/public/arch-x86/cpufeatureset.h | 1 + - 6 files changed, 55 insertions(+), 10 deletions(-) + 6 files changed, 57 insertions(+), 11 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc -index b3f60cd923..a6018fd5c3 100644 +index e7fe8b0cc9..807ca51fb2 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc @@ -287,10 +287,15 @@ can be maintained with the pv-shim mechanism. @@ -63,23 +63,23 @@ index b3f60cd923..a6018fd5c3 100644 its own protection. diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c -index 691d5c6b2a..b4eacc2bd5 100644 +index 2aa23225f4..d97a2f3338 100644 --- a/tools/libs/light/libxl_cpuid.c +++ b/tools/libs/light/libxl_cpuid.c -@@ -234,6 +234,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) +@@ -235,6 +235,8 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) {"fsrs", 0x00000007, 1, CPUID_REG_EAX, 11, 1}, {"fsrcs", 0x00000007, 1, CPUID_REG_EAX, 12, 1}, + {"cet-sss", 0x00000007, 1, CPUID_REG_EDX, 18, 1}, + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, + {"mcdt-no", 0x00000007, 2, CPUID_REG_EDX, 5, 1}, - {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c -index 3cfbbf043f..db9c4ed8fc 100644 +index addb3a39a1..0248eaef44 100644 --- a/tools/misc/xen-cpuid.c +++ b/tools/misc/xen-cpuid.c -@@ -204,6 +204,7 @@ static const char *const str_7c1[32] = +@@ -208,6 +208,7 @@ static const char *const str_7c1[32] = static const char *const str_7d1[32] = { @@ -88,31 +88,35 @@ index 3cfbbf043f..db9c4ed8fc 100644 static const char *const str_7d2[32] = diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c -index 8222de6461..e1fc034ce6 100644 +index b3fcf4680f..27f73d3bbe 100644 --- a/xen/arch/x86/cpu/common.c +++ b/xen/arch/x86/cpu/common.c -@@ -344,9 +344,15 @@ void __init early_cpu_init(void) +@@ -346,11 +346,18 @@ void __init early_cpu_init(void) + x86_cpuid_vendor_to_str(c->x86_vendor), c->x86, c->x86, c->x86_model, c->x86_model, c->x86_mask, eax); - if (c->cpuid_level >= 7) { -- cpuid_count(7, 0, &eax, &ebx, &ecx, &edx); +- if (c->cpuid_level >= 7) +- cpuid_count(7, 0, &eax, &ebx, ++ if (c->cpuid_level >= 7) { + uint32_t max_subleaf; + -+ cpuid_count(7, 0, &max_subleaf, &ebx, &ecx, &edx); - c->x86_capability[cpufeat_word(X86_FEATURE_CET_SS)] = ecx; - c->x86_capability[cpufeat_word(X86_FEATURE_CET_IBT)] = edx; -+ ++ cpuid_count(7, 0, &max_subleaf, &ebx, + &c->x86_capability[FEATURESET_7c0], + &c->x86_capability[FEATURESET_7d0]); + + if (max_subleaf >= 1) + cpuid_count(7, 1, &eax, &ebx, &ecx, + &c->x86_capability[FEATURESET_7d1]); - } - ++ } ++ eax = cpuid_eax(0x80000000); + if ((eax >> 16) == 0x8000 && eax >= 0x80000008) { + ebx = eax >= 0x8000001f ? cpuid_ebx(0x8000001f) : 0; diff --git a/xen/arch/x86/setup.c b/xen/arch/x86/setup.c -index 70b37d8afe..f0de805780 100644 +index e05189f649..09c17b1016 100644 --- a/xen/arch/x86/setup.c +++ b/xen/arch/x86/setup.c -@@ -98,11 +98,7 @@ unsigned long __initdata highmem_start; +@@ -95,11 +95,7 @@ unsigned long __initdata highmem_start; size_param("highmem-start", highmem_start); #endif @@ -125,7 +129,7 @@ index 70b37d8afe..f0de805780 100644 #ifdef CONFIG_XEN_IBT static bool __initdata opt_xen_ibt = true; -@@ -1113,11 +1109,45 @@ void __init noreturn __start_xen(unsigned long mbi_p) +@@ -1104,11 +1100,45 @@ void __init noreturn __start_xen(unsigned long mbi_p) early_cpu_init(); /* Choose shadow stack early, to set infrastructure up appropriately. */ @@ -175,10 +179,10 @@ index 70b37d8afe..f0de805780 100644 if ( opt_xen_ibt && boot_cpu_has(X86_FEATURE_CET_IBT) ) diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/public/arch-x86/cpufeatureset.h -index 0b01ca5e8f..4832ad09df 100644 +index f43cdcd0f9..08600cfdc7 100644 --- a/xen/include/public/arch-x86/cpufeatureset.h +++ b/xen/include/public/arch-x86/cpufeatureset.h -@@ -307,6 +307,7 @@ XEN_CPUFEATURE(INTEL_PSFD, 13*32+ 0) /*A MSR_SPEC_CTRL.PSFD */ +@@ -298,6 +298,7 @@ XEN_CPUFEATURE(MCDT_NO, 13*32+ 5) /*A MCDT_NO */ /* Intel-defined CPU features, CPUID level 0x00000007:1.ecx, word 14 */ /* Intel-defined CPU features, CPUID level 0x00000007:1.edx, word 15 */ diff --git a/0027-credit2-respect-credit2_runqueue-all-when-arranging-.patch b/0050-credit2-respect-credit2_runqueue-all-when-arranging-.patch index 6c8ab5c..0444aa9 100644 --- a/0027-credit2-respect-credit2_runqueue-all-when-arranging-.patch +++ b/0050-credit2-respect-credit2_runqueue-all-when-arranging-.patch @@ -1,8 +1,8 @@ -From 366693226ce025e8721626609b4b43b9061b55f5 Mon Sep 17 00:00:00 2001 +From 74b76704fd4059e9133e84c1384501858e9663b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= <marmarek@invisiblethingslab.com> -Date: Fri, 3 Mar 2023 08:13:20 +0100 -Subject: [PATCH 27/61] credit2: respect credit2_runqueue=all when arranging +Date: Fri, 3 Mar 2023 07:57:39 +0100 +Subject: [PATCH 50/89] credit2: respect credit2_runqueue=all when arranging runqueues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -28,10 +28,10 @@ master date: 2023-02-15 16:12:42 +0100 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc -index a6018fd5c3..7b7a619c1b 100644 +index 807ca51fb2..5be5ce10c6 100644 --- a/docs/misc/xen-command-line.pandoc +++ b/docs/misc/xen-command-line.pandoc -@@ -724,6 +724,11 @@ Available alternatives, with their meaning, are: +@@ -726,6 +726,11 @@ Available alternatives, with their meaning, are: * `all`: just one runqueue shared by all the logical pCPUs of the host @@ -42,9 +42,9 @@ index a6018fd5c3..7b7a619c1b 100644 + ### dbgp > `= ehci[ <integer> | @pci<bus>:<slot>.<func> ]` - + > `= xhci[ <integer> | @pci<bus>:<slot>.<func> ][,share=<bool>|hwdom]` diff --git a/xen/common/sched/credit2.c b/xen/common/sched/credit2.c -index 6396b38e04..1a240f417a 100644 +index 0e3f89e537..ae55feea34 100644 --- a/xen/common/sched/credit2.c +++ b/xen/common/sched/credit2.c @@ -996,9 +996,14 @@ cpu_add_to_runqueue(const struct scheduler *ops, unsigned int cpu) diff --git a/0051-build-make-FILE-symbol-paths-consistent.patch b/0051-build-make-FILE-symbol-paths-consistent.patch new file mode 100644 index 0000000..47528c2 --- /dev/null +++ b/0051-build-make-FILE-symbol-paths-consistent.patch @@ -0,0 +1,42 @@ +From 46c104cce0bf340193cb1eacaee5dcd75e264c8f Mon Sep 17 00:00:00 2001 +From: Ross Lagerwall <ross.lagerwall@citrix.com> +Date: Fri, 3 Mar 2023 07:58:12 +0100 +Subject: [PATCH 51/89] build: make FILE symbol paths consistent + +The FILE symbols in out-of-tree builds may be either a relative path to +the object dir or an absolute path depending on how the build is +invoked. Fix the paths for C files so that they are consistent with +in-tree builds - the path is relative to the "xen" directory (e.g. +common/irq.c). + +This fixes livepatch builds when the original Xen build was out-of-tree +since livepatch-build always does in-tree builds. Note that this doesn't +fix the behaviour for Clang < 6 which always embeds full paths. + +Fixes: 7115fa562fe7 ("build: adding out-of-tree support to the xen build") +Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +master commit: 5b9bb91abba7c983def3b4bef71ab08ad360a242 +master date: 2023-02-15 16:13:49 +0100 +--- + xen/Rules.mk | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/xen/Rules.mk b/xen/Rules.mk +index 70b7489ea8..d6b7cec0a8 100644 +--- a/xen/Rules.mk ++++ b/xen/Rules.mk +@@ -228,8 +228,9 @@ quiet_cmd_cc_o_c = CC $@ + ifeq ($(CONFIG_ENFORCE_UNIQUE_SYMBOLS),y) + cmd_cc_o_c = $(CC) $(c_flags) -c $< -o $(dot-target).tmp -MQ $@ + ifneq ($(CONFIG_CC_IS_CLANG)$(call clang-ifversion,-lt,600,y),yy) ++ rel-path = $(patsubst $(abs_srctree)/%,%,$(call realpath,$(1))) + cmd_objcopy_fix_sym = \ +- $(OBJCOPY) --redefine-sym $(<F)=$< $(dot-target).tmp $@ && rm -f $(dot-target).tmp ++ $(OBJCOPY) --redefine-sym $(<F)=$(call rel-path,$<) $(dot-target).tmp $@ && rm -f $(dot-target).tmp + else + cmd_objcopy_fix_sym = mv -f $(dot-target).tmp $@ + endif +-- +2.40.0 + diff --git a/0028-x86-ucode-AMD-apply-the-patch-early-on-every-logical.patch b/0052-x86-ucode-AMD-apply-the-patch-early-on-every-logical.patch index 55df5d0..22a214b 100644 --- a/0028-x86-ucode-AMD-apply-the-patch-early-on-every-logical.patch +++ b/0052-x86-ucode-AMD-apply-the-patch-early-on-every-logical.patch @@ -1,7 +1,7 @@ -From d1c6934b41f8288ea3169e63bce8a7eea9d9c549 Mon Sep 17 00:00:00 2001 +From e9a7942f6c1638c668605fbf6d6e02bc7bff2582 Mon Sep 17 00:00:00 2001 From: Sergey Dyasli <sergey.dyasli@citrix.com> -Date: Fri, 3 Mar 2023 08:14:01 +0100 -Subject: [PATCH 28/61] x86/ucode/AMD: apply the patch early on every logical +Date: Fri, 3 Mar 2023 07:58:35 +0100 +Subject: [PATCH 52/89] x86/ucode/AMD: apply the patch early on every logical thread The original issue has been reported on AMD Bulldozer-based CPUs where @@ -32,13 +32,13 @@ master commit: f4ef8a41b80831db2136bdaff9f946a1a4b051e7 master date: 2023-02-21 15:08:05 +0100 --- xen/arch/x86/cpu/microcode/amd.c | 11 ++++++++--- - xen/arch/x86/cpu/microcode/core.c | 24 ++++++++++++++++-------- + xen/arch/x86/cpu/microcode/core.c | 26 +++++++++++++++++--------- xen/arch/x86/cpu/microcode/intel.c | 10 +++++++--- xen/arch/x86/cpu/microcode/private.h | 3 ++- - 4 files changed, 33 insertions(+), 15 deletions(-) + 4 files changed, 34 insertions(+), 16 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/amd.c b/xen/arch/x86/cpu/microcode/amd.c -index fe92e594f1..52182c1a23 100644 +index 8195707ee1..ded8fe90e6 100644 --- a/xen/arch/x86/cpu/microcode/amd.c +++ b/xen/arch/x86/cpu/microcode/amd.c @@ -176,8 +176,8 @@ static enum microcode_match_result compare_revisions( @@ -52,7 +52,7 @@ index fe92e594f1..52182c1a23 100644 return OLD_UCODE; } -@@ -220,8 +220,13 @@ static int apply_microcode(const struct microcode_patch *patch) +@@ -220,8 +220,13 @@ static int cf_check apply_microcode(const struct microcode_patch *patch) unsigned int cpu = smp_processor_id(); struct cpu_signature *sig = &per_cpu(cpu_sig, cpu); uint32_t rev, old_rev = sig->rev; @@ -68,15 +68,16 @@ index fe92e594f1..52182c1a23 100644 if ( check_final_patch_levels(sig) ) diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c -index ac3ceb567c..ceec1f1edc 100644 +index 452a7ca773..57ecc5358b 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c -@@ -608,16 +608,24 @@ static long microcode_update_helper(void *data) +@@ -610,17 +610,25 @@ static long cf_check microcode_update_helper(void *data) * that ucode revision. */ spin_lock(µcode_mutex); - if ( microcode_cache && -- microcode_ops->compare_patch(patch, microcode_cache) != NEW_UCODE ) +- alternative_call(ucode_ops.compare_patch, +- patch, microcode_cache) != NEW_UCODE ) + if ( microcode_cache ) { - spin_unlock(µcode_mutex); @@ -87,7 +88,8 @@ index ac3ceb567c..ceec1f1edc 100644 + enum microcode_match_result result; - goto put; -+ result = microcode_ops->compare_patch(patch, microcode_cache); ++ result = alternative_call(ucode_ops.compare_patch, patch, ++ microcode_cache); + + if ( result != NEW_UCODE && + !(opt_ucode_allow_same && result == SAME_UCODE) ) @@ -105,7 +107,7 @@ index ac3ceb567c..ceec1f1edc 100644 spin_unlock(µcode_mutex); diff --git a/xen/arch/x86/cpu/microcode/intel.c b/xen/arch/x86/cpu/microcode/intel.c -index f6d01490e0..c26fbb8cc7 100644 +index f5ba6d76d7..cb08f63d2e 100644 --- a/xen/arch/x86/cpu/microcode/intel.c +++ b/xen/arch/x86/cpu/microcode/intel.c @@ -232,8 +232,8 @@ static enum microcode_match_result compare_revisions( @@ -119,7 +121,7 @@ index f6d01490e0..c26fbb8cc7 100644 /* * Treat pre-production as always applicable - anyone using pre-production -@@ -290,8 +290,12 @@ static int apply_microcode(const struct microcode_patch *patch) +@@ -290,8 +290,12 @@ static int cf_check apply_microcode(const struct microcode_patch *patch) unsigned int cpu = smp_processor_id(); struct cpu_signature *sig = &this_cpu(cpu_sig); uint32_t rev, old_rev = sig->rev; diff --git a/0029-x86-perform-mem_sharing-teardown-before-paging-teard.patch b/0053-x86-perform-mem_sharing-teardown-before-paging-teard.patch index c96f44e..934c0f5 100644 --- a/0029-x86-perform-mem_sharing-teardown-before-paging-teard.patch +++ b/0053-x86-perform-mem_sharing-teardown-before-paging-teard.patch @@ -1,7 +1,7 @@ -From 700320a79297fb5087f7dd540424c468b2d2cffe Mon Sep 17 00:00:00 2001 +From e8f28e129d23c940749c66150a89c4ed683a0fb9 Mon Sep 17 00:00:00 2001 From: Tamas K Lengyel <tamas@tklengyel.com> -Date: Fri, 3 Mar 2023 08:14:25 +0100 -Subject: [PATCH 29/61] x86: perform mem_sharing teardown before paging +Date: Fri, 3 Mar 2023 07:59:08 +0100 +Subject: [PATCH 53/89] x86: perform mem_sharing teardown before paging teardown An assert failure has been observed in p2m_teardown when performing vm @@ -24,10 +24,10 @@ master date: 2023-02-23 12:35:48 +0100 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c -index 3080cde62b..6eeb248908 100644 +index 5a119eec3a..e546c98322 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c -@@ -2343,9 +2343,9 @@ int domain_relinquish_resources(struct domain *d) +@@ -2347,9 +2347,9 @@ int domain_relinquish_resources(struct domain *d) enum { PROG_iommu_pagetables = 1, @@ -38,7 +38,7 @@ index 3080cde62b..6eeb248908 100644 PROG_xen, PROG_l4, PROG_l3, -@@ -2364,6 +2364,34 @@ int domain_relinquish_resources(struct domain *d) +@@ -2368,6 +2368,34 @@ int domain_relinquish_resources(struct domain *d) if ( ret ) return ret; @@ -73,7 +73,7 @@ index 3080cde62b..6eeb248908 100644 PROGRESS(paging): /* Tear down paging-assistance stuff. */ -@@ -2404,32 +2432,6 @@ int domain_relinquish_resources(struct domain *d) +@@ -2408,32 +2436,6 @@ int domain_relinquish_resources(struct domain *d) d->arch.auto_unmask = 0; } diff --git a/0030-xen-Work-around-Clang-IAS-macro-expansion-bug.patch b/0054-xen-Work-around-Clang-IAS-macro-expansion-bug.patch index a92f2f0..525dc49 100644 --- a/0030-xen-Work-around-Clang-IAS-macro-expansion-bug.patch +++ b/0054-xen-Work-around-Clang-IAS-macro-expansion-bug.patch @@ -1,7 +1,7 @@ -From 2b8f72a6b40dafc3fb40bce100cd62c4a377535a Mon Sep 17 00:00:00 2001 +From 837bdc6eb2df796e832302347f363afc820694fe Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 3 Mar 2023 08:14:57 +0100 -Subject: [PATCH 30/61] xen: Work around Clang-IAS macro \@ expansion bug +Date: Fri, 3 Mar 2023 08:00:04 +0100 +Subject: [PATCH 54/89] xen: Work around Clang-IAS macro \@ expansion bug https://github.com/llvm/llvm-project/issues/60792 @@ -22,14 +22,14 @@ Reviewed-by: Jan Beulich <jbeulich@suse.com> master commit: a2adacff0b91cc7b977abb209dc419a2ef15963f master date: 2023-02-24 17:44:29 +0000 --- - xen/include/asm-x86/spec_ctrl.h | 4 ++-- - xen/include/asm-x86/spec_ctrl_asm.h | 23 ++++++++++++++--------- - 2 files changed, 16 insertions(+), 11 deletions(-) + xen/arch/x86/include/asm/spec_ctrl.h | 4 ++-- + xen/arch/x86/include/asm/spec_ctrl_asm.h | 19 ++++++++++++------- + 2 files changed, 14 insertions(+), 9 deletions(-) -diff --git a/xen/include/asm-x86/spec_ctrl.h b/xen/include/asm-x86/spec_ctrl.h +diff --git a/xen/arch/x86/include/asm/spec_ctrl.h b/xen/arch/x86/include/asm/spec_ctrl.h index 391973ef6a..a431fea587 100644 ---- a/xen/include/asm-x86/spec_ctrl.h -+++ b/xen/include/asm-x86/spec_ctrl.h +--- a/xen/arch/x86/include/asm/spec_ctrl.h ++++ b/xen/arch/x86/include/asm/spec_ctrl.h @@ -83,7 +83,7 @@ static always_inline void spec_ctrl_new_guest_context(void) wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB); @@ -48,10 +48,10 @@ index 391973ef6a..a431fea587 100644 : "rax", "rcx"); } -diff --git a/xen/include/asm-x86/spec_ctrl_asm.h b/xen/include/asm-x86/spec_ctrl_asm.h -index 9eb4ad9ab7..b61a5571ae 100644 ---- a/xen/include/asm-x86/spec_ctrl_asm.h -+++ b/xen/include/asm-x86/spec_ctrl_asm.h +diff --git a/xen/arch/x86/include/asm/spec_ctrl_asm.h b/xen/arch/x86/include/asm/spec_ctrl_asm.h +index fab27ff553..f23bb105c5 100644 +--- a/xen/arch/x86/include/asm/spec_ctrl_asm.h ++++ b/xen/arch/x86/include/asm/spec_ctrl_asm.h @@ -117,11 +117,16 @@ .L\@_done: .endm @@ -70,7 +70,7 @@ index 9eb4ad9ab7..b61a5571ae 100644 * Requires 256 bytes of {,shadow}stack space, but %rsp/SSP has no net * change. Based on Google's performance numbers, the loop is unrolled to 16 * iterations and two calls per iteration. -@@ -137,31 +142,31 @@ +@@ -136,27 +141,27 @@ mov $16, %ecx /* 16 iterations, two calls per loop */ mov %rsp, %\tmp /* Store the current %rsp */ @@ -80,13 +80,7 @@ index 9eb4ad9ab7..b61a5571ae 100644 .irp n, 1, 2 /* Unrolled twice. */ - call .L\@_insert_rsb_entry_\n /* Create an RSB entry. */ + call .L\@_insert_rsb_entry\xu\n /* Create an RSB entry. */ - --.L\@_capture_speculation_\n: -+.L\@_capture_speculation\xu\n: - pause - lfence -- jmp .L\@_capture_speculation_\n /* Capture rogue speculation. */ -+ jmp .L\@_capture_speculation\xu\n /* Capture rogue speculation. */ + int3 /* Halt rogue speculation. */ -.L\@_insert_rsb_entry_\n: +.L\@_insert_rsb_entry\xu\n: diff --git a/0031-xen-Fix-Clang-Wunicode-diagnostic-when-building-asm-.patch b/0055-xen-Fix-Clang-Wunicode-diagnostic-when-building-asm-.patch index bad0316..02755a9 100644 --- a/0031-xen-Fix-Clang-Wunicode-diagnostic-when-building-asm-.patch +++ b/0055-xen-Fix-Clang-Wunicode-diagnostic-when-building-asm-.patch @@ -1,7 +1,7 @@ -From f073db0a07c5f6800a70c91819c4b8c2ba359451 Mon Sep 17 00:00:00 2001 +From b10cf1561a638c835481ae923b571cb8f7350a89 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 3 Mar 2023 08:15:50 +0100 -Subject: [PATCH 31/61] xen: Fix Clang -Wunicode diagnostic when building +Date: Fri, 3 Mar 2023 08:01:21 +0100 +Subject: [PATCH 55/89] xen: Fix Clang -Wunicode diagnostic when building asm-macros While trying to work around a different Clang-IAS bug (parent changeset), I @@ -38,10 +38,10 @@ master date: 2023-02-24 17:44:29 +0000 rename xen/arch/x86/{asm-macros.c => asm-macros.S} (100%) diff --git a/xen/Rules.mk b/xen/Rules.mk -index 5e0699e58b..1f171f88e2 100644 +index d6b7cec0a8..59072ae8df 100644 --- a/xen/Rules.mk +++ b/xen/Rules.mk -@@ -223,6 +223,9 @@ $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): %.init.o: %.o FORCE +@@ -273,6 +273,9 @@ $(filter %.init.o,$(obj-y) $(obj-bin-y) $(extra-y)): $(obj)/%.init.o: $(obj)/%.o quiet_cmd_cpp_i_c = CPP $@ cmd_cpp_i_c = $(CPP) $(call cpp_flags,$(c_flags)) -MQ $@ -o $@ $< @@ -51,29 +51,29 @@ index 5e0699e58b..1f171f88e2 100644 quiet_cmd_cc_s_c = CC $@ cmd_cc_s_c = $(CC) $(filter-out -Wa$(comma)%,$(c_flags)) -S $< -o $@ -@@ -232,6 +235,9 @@ cmd_cpp_s_S = $(CPP) $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $< - %.i: %.c FORCE - $(call if_changed,cpp_i_c) +@@ -282,6 +285,9 @@ cmd_cpp_s_S = $(CPP) $(call cpp_flags,$(a_flags)) -MQ $@ -o $@ $< + $(obj)/%.i: $(src)/%.c FORCE + $(call if_changed_dep,cpp_i_c) -+%.i: %.S FORCE -+ $(call if_changed,cpp_i_S) ++$(obj)/%.i: $(src)/%.S FORCE ++ $(call if_changed_dep,cpp_i_S) + - %.s: %.c FORCE - $(call if_changed,cc_s_c) + $(obj)/%.s: $(src)/%.c FORCE + $(call if_changed_dep,cc_s_c) diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile -index 69b6cfaded..8e975f472d 100644 +index 177a2ff742..5accbe4c67 100644 --- a/xen/arch/x86/Makefile +++ b/xen/arch/x86/Makefile -@@ -273,7 +273,7 @@ efi/buildid.o efi/relocs-dummy.o: ; +@@ -240,7 +240,7 @@ $(obj)/efi/buildid.o $(obj)/efi/relocs-dummy.o: ; .PHONY: include - include: $(BASEDIR)/include/asm-x86/asm-macros.h + include: $(objtree)/arch/x86/include/asm/asm-macros.h --asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P -+asm-macros.i: CFLAGS-y += -P +-$(obj)/asm-macros.i: CFLAGS-y += -D__ASSEMBLY__ -P ++$(obj)/asm-macros.i: CFLAGS-y += -P - $(BASEDIR)/include/asm-x86/asm-macros.h: asm-macros.i Makefile - echo '#if 0' >$@.new + $(objtree)/arch/x86/include/asm/asm-macros.h: $(obj)/asm-macros.i $(src)/Makefile + $(call filechk,asm-macros.h) diff --git a/xen/arch/x86/asm-macros.c b/xen/arch/x86/asm-macros.S similarity index 100% rename from xen/arch/x86/asm-macros.c diff --git a/0056-bump-default-SeaBIOS-version-to-1.16.0.patch b/0056-bump-default-SeaBIOS-version-to-1.16.0.patch deleted file mode 100644 index 37d9b67..0000000 --- a/0056-bump-default-SeaBIOS-version-to-1.16.0.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 2a4d327387601b60c9844a5b0cc44de28792ea52 Mon Sep 17 00:00:00 2001 -From: Jan Beulich <jbeulich@suse.com> -Date: Fri, 6 May 2022 14:46:52 +0200 -Subject: [PATCH 56/61] bump default SeaBIOS version to 1.16.0 - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Julien Grall <jgrall@amazon.com> -(cherry picked from commit 944e389daa133dd310d87c4eebacba9f6da76018) ---- - Config.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Config.mk b/Config.mk -index 1215c2725b..073715c28d 100644 ---- a/Config.mk -+++ b/Config.mk -@@ -241,7 +241,7 @@ OVMF_UPSTREAM_REVISION ?= 7b4a99be8a39c12d3a7fc4b8db9f0eab4ac688d5 - QEMU_UPSTREAM_REVISION ?= qemu-xen-4.16.3 - MINIOS_UPSTREAM_REVISION ?= xen-RELEASE-4.16.3 - --SEABIOS_UPSTREAM_REVISION ?= rel-1.14.0 -+SEABIOS_UPSTREAM_REVISION ?= rel-1.16.0 - - ETHERBOOT_NICS ?= rtl8139 8086100e - --- -2.40.0 - diff --git a/0032-tools-Use-PKG_CONFIG_FILE-instead-of-PKG_CONFIG-vari.patch b/0056-tools-Use-PKG_CONFIG_FILE-instead-of-PKG_CONFIG-vari.patch index bfcdd26..59cc172 100644 --- a/0032-tools-Use-PKG_CONFIG_FILE-instead-of-PKG_CONFIG-vari.patch +++ b/0056-tools-Use-PKG_CONFIG_FILE-instead-of-PKG_CONFIG-vari.patch @@ -1,7 +1,7 @@ -From a2adc7fcc22405e81dc11290416e6140bb0244ca Mon Sep 17 00:00:00 2001 +From 53bd16bcc0d0f5ed5d1ac6d6dc14bf6ecf2e2c43 Mon Sep 17 00:00:00 2001 From: Bertrand Marquis <bertrand.marquis@arm.com> -Date: Fri, 3 Mar 2023 08:16:45 +0100 -Subject: [PATCH 32/61] tools: Use PKG_CONFIG_FILE instead of PKG_CONFIG +Date: Fri, 3 Mar 2023 08:02:30 +0100 +Subject: [PATCH 56/89] tools: Use PKG_CONFIG_FILE instead of PKG_CONFIG variable Replace PKG_CONFIG variable name with PKG_CONFIG_FILE for the name of @@ -20,15 +20,15 @@ master commit: b97e2fe7b9e1f4706693552697239ac2b71efee4 master date: 2023-02-24 17:44:29 +0000 --- tools/libs/ctrl/Makefile | 2 +- - tools/libs/libs.mk | 13 +++++++------ - 2 files changed, 8 insertions(+), 7 deletions(-) + tools/libs/libs.mk | 16 ++++++++-------- + 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tools/libs/ctrl/Makefile b/tools/libs/ctrl/Makefile -index 6ff5918798..d3666ae7ff 100644 +index 93442ab389..15d0ae8e4e 100644 --- a/tools/libs/ctrl/Makefile +++ b/tools/libs/ctrl/Makefile -@@ -47,7 +47,7 @@ CFLAGS += -include $(XEN_ROOT)/tools/config.h - CFLAGS-$(CONFIG_Linux) += -D_GNU_SOURCE +@@ -4,7 +4,7 @@ include $(XEN_ROOT)/tools/Rules.mk + include Makefile.common LIBHEADER := xenctrl.h xenctrl_compat.h -PKG_CONFIG := xencontrol.pc @@ -37,7 +37,7 @@ index 6ff5918798..d3666ae7ff 100644 NO_HEADERS_CHK := y diff --git a/tools/libs/libs.mk b/tools/libs/libs.mk -index f1554462fb..0e005218e2 100644 +index 3eb91fc8f3..3fab5aecff 100644 --- a/tools/libs/libs.mk +++ b/tools/libs/libs.mk @@ -1,7 +1,7 @@ @@ -49,25 +49,27 @@ index f1554462fb..0e005218e2 100644 # MAJOR: major version of lib (Xen version if empty) # MINOR: minor version of lib (0 if empty) -@@ -29,7 +29,8 @@ endif - comma:= , - empty:= - space:= $(empty) $(empty) +@@ -26,7 +26,7 @@ ifneq ($(nosharedlibs),y) + TARGETS += lib$(LIB_FILE_NAME).so + endif + -PKG_CONFIG ?= $(LIB_FILE_NAME).pc -+ +PKG_CONFIG_FILE ?= $(LIB_FILE_NAME).pc PKG_CONFIG_NAME ?= Xen$(LIBNAME) PKG_CONFIG_DESC ?= The $(PKG_CONFIG_NAME) library for Xen hypervisor PKG_CONFIG_VERSION := $(MAJOR).$(MINOR) -@@ -38,13 +39,13 @@ PKG_CONFIG_LIB := $(LIB_FILE_NAME) +@@ -35,13 +35,13 @@ PKG_CONFIG_LIB := $(LIB_FILE_NAME) PKG_CONFIG_REQPRIV := $(subst $(space),$(comma),$(strip $(foreach lib,$(patsubst ctrl,control,$(USELIBS_$(LIBNAME))),xen$(lib)))) ifneq ($(CONFIG_LIBXC_MINIOS),y) --PKG_CONFIG_INST := $(PKG_CONFIG) -+PKG_CONFIG_INST := $(PKG_CONFIG_FILE) - $(PKG_CONFIG_INST): PKG_CONFIG_PREFIX = $(prefix) - $(PKG_CONFIG_INST): PKG_CONFIG_INCDIR = $(includedir) - $(PKG_CONFIG_INST): PKG_CONFIG_LIBDIR = $(libdir) +-TARGETS += $(PKG_CONFIG) +-$(PKG_CONFIG): PKG_CONFIG_PREFIX = $(prefix) +-$(PKG_CONFIG): PKG_CONFIG_INCDIR = $(includedir) +-$(PKG_CONFIG): PKG_CONFIG_LIBDIR = $(libdir) ++TARGETS += $(PKG_CONFIG_FILE) ++$(PKG_CONFIG_FILE): PKG_CONFIG_PREFIX = $(prefix) ++$(PKG_CONFIG_FILE): PKG_CONFIG_INCDIR = $(includedir) ++$(PKG_CONFIG_FILE): PKG_CONFIG_LIBDIR = $(libdir) endif -PKG_CONFIG_LOCAL := $(PKG_CONFIG_DIR)/$(PKG_CONFIG) @@ -75,7 +77,7 @@ index f1554462fb..0e005218e2 100644 LIBHEADER ?= $(LIB_FILE_NAME).h LIBHEADERS = $(foreach h, $(LIBHEADER), $(XEN_INCLUDE)/$(h)) -@@ -114,7 +115,7 @@ install: build +@@ -103,7 +103,7 @@ install:: all $(SYMLINK_SHLIB) lib$(LIB_FILE_NAME).so.$(MAJOR).$(MINOR) $(DESTDIR)$(libdir)/lib$(LIB_FILE_NAME).so.$(MAJOR) $(SYMLINK_SHLIB) lib$(LIB_FILE_NAME).so.$(MAJOR) $(DESTDIR)$(libdir)/lib$(LIB_FILE_NAME).so for i in $(LIBHEADERS); do $(INSTALL_DATA) $$i $(DESTDIR)$(includedir); done @@ -83,16 +85,7 @@ index f1554462fb..0e005218e2 100644 + $(INSTALL_DATA) $(PKG_CONFIG_FILE) $(DESTDIR)$(PKG_INSTALLDIR) .PHONY: uninstall - uninstall: -@@ -134,7 +135,7 @@ clean: - rm -rf *.rpm $(LIB) *~ $(DEPS_RM) $(LIB_OBJS) $(PIC_OBJS) - rm -f lib$(LIB_FILE_NAME).so.$(MAJOR).$(MINOR) lib$(LIB_FILE_NAME).so.$(MAJOR) - rm -f headers.chk headers.lst -- rm -f $(PKG_CONFIG) -+ rm -f $(PKG_CONFIG_FILE) - rm -f _paths.h - - .PHONY: distclean + uninstall:: -- 2.40.0 diff --git a/0033-libs-guest-Fix-resource-leaks-in-xc_core_arch_map_p2.patch b/0057-libs-guest-Fix-resource-leaks-in-xc_core_arch_map_p2.patch index 5caa850..ea80bd0 100644 --- a/0033-libs-guest-Fix-resource-leaks-in-xc_core_arch_map_p2.patch +++ b/0057-libs-guest-Fix-resource-leaks-in-xc_core_arch_map_p2.patch @@ -1,7 +1,7 @@ -From b181a3a5532574d2163408284bcd785ec87fe046 Mon Sep 17 00:00:00 2001 +From 01f85d835bb10d18bdab2cc780ea5ad47004516d Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 3 Mar 2023 08:17:04 +0100 -Subject: [PATCH 33/61] libs/guest: Fix resource leaks in +Date: Fri, 3 Mar 2023 08:02:59 +0100 +Subject: [PATCH 57/89] libs/guest: Fix resource leaks in xc_core_arch_map_p2m_tree_rw() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 diff --git a/0034-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch b/0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch index 4be16a3..d55c095 100644 --- a/0034-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch +++ b/0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch @@ -1,7 +1,7 @@ -From 25d103f2eb59f021cce61f07a0bf0bfa696b4416 Mon Sep 17 00:00:00 2001 +From fa8250f1920413f02b63551a6a4d8ef0b47891a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com> -Date: Fri, 3 Mar 2023 08:17:23 +0100 -Subject: [PATCH 34/61] libs/guest: Fix leak on realloc failure in +Date: Fri, 3 Mar 2023 08:03:19 +0100 +Subject: [PATCH 58/89] libs/guest: Fix leak on realloc failure in backup_ptes() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -29,7 +29,7 @@ master date: 2023-02-27 15:51:23 +0000 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/libs/guest/xg_offline_page.c b/tools/libs/guest/xg_offline_page.c -index cfe0e2d537..c42b973363 100644 +index c594fdba41..ccd0299f0f 100644 --- a/tools/libs/guest/xg_offline_page.c +++ b/tools/libs/guest/xg_offline_page.c @@ -181,10 +181,16 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset, diff --git a/0035-x86-ucode-AMD-late-load-the-patch-on-every-logical-t.patch b/0059-x86-ucode-AMD-late-load-the-patch-on-every-logical-t.patch index 931d93f..292a61a 100644 --- a/0035-x86-ucode-AMD-late-load-the-patch-on-every-logical-t.patch +++ b/0059-x86-ucode-AMD-late-load-the-patch-on-every-logical-t.patch @@ -1,7 +1,7 @@ -From 84dfe7a56f04a7412fa4869b3e756c49e1cfbe75 Mon Sep 17 00:00:00 2001 +From ec5b058d2a6436a2e180315522fcf1645a8153b4 Mon Sep 17 00:00:00 2001 From: Sergey Dyasli <sergey.dyasli@citrix.com> -Date: Fri, 3 Mar 2023 08:17:40 +0100 -Subject: [PATCH 35/61] x86/ucode/AMD: late load the patch on every logical +Date: Fri, 3 Mar 2023 08:03:43 +0100 +Subject: [PATCH 59/89] x86/ucode/AMD: late load the patch on every logical thread Currently late ucode loading is performed only on the first core of CPU @@ -21,10 +21,10 @@ master date: 2023-02-28 14:51:28 +0100 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c -index ceec1f1edc..ee7df9a591 100644 +index 57ecc5358b..2497630bbe 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c -@@ -273,6 +273,20 @@ static bool microcode_update_cache(struct microcode_patch *patch) +@@ -274,6 +274,20 @@ static bool microcode_update_cache(struct microcode_patch *patch) return true; } @@ -45,16 +45,16 @@ index ceec1f1edc..ee7df9a591 100644 /* Wait for a condition to be met with a timeout (us). */ static int wait_for_condition(bool (*func)(unsigned int data), unsigned int data, unsigned int timeout) -@@ -378,7 +392,7 @@ static int primary_thread_work(const struct microcode_patch *patch) - - static int microcode_nmi_callback(const struct cpu_user_regs *regs, int cpu) +@@ -380,7 +394,7 @@ static int primary_thread_work(const struct microcode_patch *patch) + static int cf_check microcode_nmi_callback( + const struct cpu_user_regs *regs, int cpu) { - unsigned int primary = cpumask_first(this_cpu(cpu_sibling_mask)); + bool primary_cpu = is_cpu_primary(cpu); int ret; /* System-generated NMI, leave to main handler */ -@@ -391,10 +405,10 @@ static int microcode_nmi_callback(const struct cpu_user_regs *regs, int cpu) +@@ -393,10 +407,10 @@ static int cf_check microcode_nmi_callback( * ucode_in_nmi. */ if ( cpu == cpumask_first(&cpu_online_map) || @@ -67,7 +67,7 @@ index ceec1f1edc..ee7df9a591 100644 ret = primary_thread_work(nmi_patch); else ret = secondary_nmi_work(); -@@ -545,7 +559,7 @@ static int do_microcode_update(void *patch) +@@ -547,7 +561,7 @@ static int cf_check do_microcode_update(void *patch) */ if ( cpu == cpumask_first(&cpu_online_map) ) ret = control_thread_fn(patch); @@ -76,7 +76,7 @@ index ceec1f1edc..ee7df9a591 100644 ret = primary_thread_fn(patch); else ret = secondary_thread_fn(); -@@ -637,7 +651,7 @@ static long microcode_update_helper(void *data) +@@ -640,7 +654,7 @@ static long cf_check microcode_update_helper(void *data) /* Calculate the number of online CPU core */ nr_cores = 0; for_each_online_cpu(cpu) diff --git a/0036-x86-shadow-account-for-log-dirty-mode-when-pre-alloc.patch b/0060-x86-shadow-account-for-log-dirty-mode-when-pre-alloc.patch index 38629a4..fd397b0 100644 --- a/0036-x86-shadow-account-for-log-dirty-mode-when-pre-alloc.patch +++ b/0060-x86-shadow-account-for-log-dirty-mode-when-pre-alloc.patch @@ -1,7 +1,7 @@ -From b0d6684ee58f7252940f5a62e4b85bdc56307eef Mon Sep 17 00:00:00 2001 +From f8f8f07880d3817fc7b0472420eca9fecaa55358 Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Tue, 21 Mar 2023 11:59:44 +0000 -Subject: [PATCH 36/61] x86/shadow: account for log-dirty mode when +Date: Tue, 21 Mar 2023 11:58:50 +0000 +Subject: [PATCH 60/89] x86/shadow: account for log-dirty mode when pre-allocating Pre-allocation is intended to ensure that in the course of constructing @@ -32,16 +32,31 @@ Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Tim Deegan <tim@xen.org> (cherry picked from commit 91767a71061035ae42be93de495cd976f863a41a) --- - xen/arch/x86/mm/paging.c | 1 + - xen/arch/x86/mm/shadow/common.c | 12 +++++++++++- - xen/include/asm-x86/paging.h | 4 ++++ + xen/arch/x86/include/asm/paging.h | 4 ++++ + xen/arch/x86/mm/paging.c | 1 + + xen/arch/x86/mm/shadow/common.c | 12 +++++++++++- 3 files changed, 16 insertions(+), 1 deletion(-) +diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h +index b2b243a4ff..635ccc83b1 100644 +--- a/xen/arch/x86/include/asm/paging.h ++++ b/xen/arch/x86/include/asm/paging.h +@@ -190,6 +190,10 @@ bool paging_mfn_is_dirty(const struct domain *d, mfn_t gmfn); + #define L4_LOGDIRTY_IDX(pfn) ((pfn_x(pfn) >> (PAGE_SHIFT + 3 + PAGETABLE_ORDER * 2)) & \ + (LOGDIRTY_NODE_ENTRIES-1)) + ++#define paging_logdirty_levels() \ ++ (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \ ++ PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1) ++ + #ifdef CONFIG_HVM + /* VRAM dirty tracking support */ + struct sh_dirty_vram { diff --git a/xen/arch/x86/mm/paging.c b/xen/arch/x86/mm/paging.c -index 97ac9ccf59..9fb66e65cd 100644 +index 8d579fa9a3..308d44bce7 100644 --- a/xen/arch/x86/mm/paging.c +++ b/xen/arch/x86/mm/paging.c -@@ -280,6 +280,7 @@ void paging_mark_pfn_dirty(struct domain *d, pfn_t pfn) +@@ -282,6 +282,7 @@ void paging_mark_pfn_dirty(struct domain *d, pfn_t pfn) if ( unlikely(!VALID_M2P(pfn_x(pfn))) ) return; @@ -50,7 +65,7 @@ index 97ac9ccf59..9fb66e65cd 100644 i2 = L2_LOGDIRTY_IDX(pfn); i3 = L3_LOGDIRTY_IDX(pfn); diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c -index 1de0139742..c14a269935 100644 +index a8404f97f6..cf5e181f74 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -1015,7 +1015,17 @@ bool shadow_prealloc(struct domain *d, unsigned int type, unsigned int count) @@ -72,21 +87,6 @@ index 1de0139742..c14a269935 100644 if ( !ret && (!d->is_shutting_down || d->shutdown_code != SHUTDOWN_crash) ) /* * Failing to allocate memory required for shadow usage can only result in -diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h -index 27890791d8..c6b429c691 100644 ---- a/xen/include/asm-x86/paging.h -+++ b/xen/include/asm-x86/paging.h -@@ -192,6 +192,10 @@ int paging_mfn_is_dirty(struct domain *d, mfn_t gmfn); - #define L4_LOGDIRTY_IDX(pfn) ((pfn_x(pfn) >> (PAGE_SHIFT + 3 + PAGETABLE_ORDER * 2)) & \ - (LOGDIRTY_NODE_ENTRIES-1)) - -+#define paging_logdirty_levels() \ -+ (DIV_ROUND_UP(PADDR_BITS - PAGE_SHIFT - (PAGE_SHIFT + 3), \ -+ PAGE_SHIFT - ilog2(sizeof(mfn_t))) + 1) -+ - #ifdef CONFIG_HVM - /* VRAM dirty tracking support */ - struct sh_dirty_vram { -- 2.40.0 diff --git a/0037-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch b/0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch index 6730b2d..b638eca 100644 --- a/0037-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch +++ b/0061-x86-HVM-bound-number-of-pinned-cache-attribute-regio.patch @@ -1,7 +1,7 @@ -From 2fe1517a00e088f6b1f1aff7d4ea1b477b288987 Mon Sep 17 00:00:00 2001 +From d0cb66d59a956ccba3dbe794f4ec01e4a4269ee9 Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> Date: Tue, 21 Mar 2023 12:01:01 +0000 -Subject: [PATCH 37/61] x86/HVM: bound number of pinned cache attribute regions +Subject: [PATCH 61/89] x86/HVM: bound number of pinned cache attribute regions This is exposed via DMOP, i.e. to potentially not fully privileged device models. With that we may not permit registration of an (almost) @@ -18,7 +18,7 @@ Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> 1 file changed, 5 insertions(+) diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c -index 4a9f3177ed..98e55bbdbd 100644 +index 4d2aa6def8..714911dd7f 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -595,6 +595,7 @@ int hvm_set_mem_pinned_cacheattr(struct domain *d, uint64_t gfn_start, diff --git a/0038-x86-HVM-serialize-pinned-cache-attribute-list-manipu.patch b/0062-x86-HVM-serialize-pinned-cache-attribute-list-manipu.patch index ca8528f..a0f6efc 100644 --- a/0038-x86-HVM-serialize-pinned-cache-attribute-list-manipu.patch +++ b/0062-x86-HVM-serialize-pinned-cache-attribute-list-manipu.patch @@ -1,7 +1,7 @@ -From 564de020d29fbc4efd20ef8052051e86b2465a1a Mon Sep 17 00:00:00 2001 +From a2a915b3960e6ab060d8be2c36e6e697700ea87c Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> Date: Tue, 21 Mar 2023 12:01:01 +0000 -Subject: [PATCH 38/61] x86/HVM: serialize pinned cache attribute list +Subject: [PATCH 62/89] x86/HVM: serialize pinned cache attribute list manipulation While the RCU variants of list insertion and removal allow lockless list @@ -20,10 +20,10 @@ Reviewed-by: Julien Grall <jgrall@amazon.com> 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c -index 98e55bbdbd..9b3b33012b 100644 +index 714911dd7f..bd5cc42ef4 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c -@@ -594,7 +594,7 @@ static void free_pinned_cacheattr_entry(struct rcu_head *rcu) +@@ -594,7 +594,7 @@ static void cf_check free_pinned_cacheattr_entry(struct rcu_head *rcu) int hvm_set_mem_pinned_cacheattr(struct domain *d, uint64_t gfn_start, uint64_t gfn_end, uint32_t type) { @@ -120,7 +120,7 @@ index 98e55bbdbd..9b3b33012b 100644 + return rc; } - static int hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h) + static int cf_check hvm_save_mtrr_msr(struct vcpu *v, hvm_domain_context_t *h) -- 2.40.0 diff --git a/0039-x86-spec-ctrl-Defer-CR4_PV32_RESTORE-on-the-cstar_en.patch b/0063-x86-spec-ctrl-Defer-CR4_PV32_RESTORE-on-the-cstar_en.patch index 74bcf67..fa97a41 100644 --- a/0039-x86-spec-ctrl-Defer-CR4_PV32_RESTORE-on-the-cstar_en.patch +++ b/0063-x86-spec-ctrl-Defer-CR4_PV32_RESTORE-on-the-cstar_en.patch @@ -1,7 +1,7 @@ -From 3c924fe46b455834b5c04268db6b528b549668d1 Mon Sep 17 00:00:00 2001 +From a730e4d1190594102784222f76a984d10bbc88a9 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> Date: Fri, 10 Feb 2023 21:11:14 +0000 -Subject: [PATCH 39/61] x86/spec-ctrl: Defer CR4_PV32_RESTORE on the +Subject: [PATCH 63/89] x86/spec-ctrl: Defer CR4_PV32_RESTORE on the cstar_enter path As stated (correctly) by the comment next to SPEC_CTRL_ENTRY_FROM_PV, between @@ -31,7 +31,7 @@ Reviewed-by: Jan Beulich <jbeulich@suse.com> 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S -index fba8ae498f..db2ea7871e 100644 +index ae01285181..7675a59ff0 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -288,7 +288,6 @@ ENTRY(cstar_enter) diff --git a/0064-x86-vmx-implement-VMExit-based-guest-Bus-Lock-detect.patch b/0064-x86-vmx-implement-VMExit-based-guest-Bus-Lock-detect.patch new file mode 100644 index 0000000..cebb501 --- /dev/null +++ b/0064-x86-vmx-implement-VMExit-based-guest-Bus-Lock-detect.patch @@ -0,0 +1,175 @@ +From 83f12e4eafdc4b034501adf4847a09a1293fdf8b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Tue, 21 Mar 2023 13:40:41 +0100 +Subject: [PATCH 64/89] x86/vmx: implement VMExit based guest Bus Lock + detection +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add support for enabling guest Bus Lock Detection on Intel systems. +Such detection works by triggering a vmexit, which ought to be enough +of a pause to prevent a guest from abusing of the Bus Lock. + +Add an extra Xen perf counter to track the number of Bus Locks detected. +This is done because Bus Locks can also be reported by setting the bit +26 in the exit reason field, so also account for those. + +Note EXIT_REASON_BUS_LOCK VMExits will always have bit 26 set in +exit_reason, and hence the performance counter doesn't need to be +increased for EXIT_REASON_BUS_LOCK handling. + +Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Kevin Tian <kevin.tian@intel.com> +master commit: f7d07619d2ae0382e2922e287fbfbb27722f3f0b +master date: 2022-12-19 11:22:43 +0100 +--- + xen/arch/x86/hvm/vmx/vmcs.c | 4 +++- + xen/arch/x86/hvm/vmx/vmx.c | 15 +++++++++++++++ + xen/arch/x86/hvm/vmx/vvmx.c | 3 ++- + xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 3 +++ + xen/arch/x86/include/asm/hvm/vmx/vmx.h | 2 ++ + xen/arch/x86/include/asm/perfc_defn.h | 4 +++- + 6 files changed, 28 insertions(+), 3 deletions(-) + +diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c +index 84dbb88d33..a0d5e8d6ab 100644 +--- a/xen/arch/x86/hvm/vmx/vmcs.c ++++ b/xen/arch/x86/hvm/vmx/vmcs.c +@@ -209,6 +209,7 @@ static void __init vmx_display_features(void) + P(cpu_has_vmx_virt_exceptions, "Virtualisation Exceptions"); + P(cpu_has_vmx_pml, "Page Modification Logging"); + P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); ++ P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection"); + #undef P + + if ( !printed ) +@@ -318,7 +319,8 @@ static int vmx_init_vmcs_config(bool bsp) + SECONDARY_EXEC_ENABLE_VM_FUNCTIONS | + SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS | + SECONDARY_EXEC_XSAVES | +- SECONDARY_EXEC_TSC_SCALING); ++ SECONDARY_EXEC_TSC_SCALING | ++ SECONDARY_EXEC_BUS_LOCK_DETECTION); + if ( _vmx_misc_cap & VMX_MISC_VMWRITE_ALL ) + opt |= SECONDARY_EXEC_ENABLE_VMCS_SHADOWING; + if ( opt_vpid_enabled ) +diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c +index 861f91f2af..d0f0f2e429 100644 +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -4084,6 +4084,12 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) + return; + } + ++ if ( unlikely(exit_reason & VMX_EXIT_REASONS_BUS_LOCK) ) ++ { ++ perfc_incr(buslock); ++ exit_reason &= ~VMX_EXIT_REASONS_BUS_LOCK; ++ } ++ + /* XXX: This looks ugly, but we need a mechanism to ensure + * any pending vmresume has really happened + */ +@@ -4593,6 +4599,15 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) + vmx_handle_descriptor_access(exit_reason); + break; + ++ case EXIT_REASON_BUS_LOCK: ++ /* ++ * Nothing to do: just taking a vmexit should be enough of a pause to ++ * prevent a VM from crippling the host with bus locks. Note ++ * EXIT_REASON_BUS_LOCK will always have bit 26 set in exit_reason, and ++ * hence the perf counter is already increased. ++ */ ++ break; ++ + case EXIT_REASON_VMX_PREEMPTION_TIMER_EXPIRED: + case EXIT_REASON_INVPCID: + /* fall through */ +diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c +index 5f54451475..2095c1e612 100644 +--- a/xen/arch/x86/hvm/vmx/vvmx.c ++++ b/xen/arch/x86/hvm/vmx/vvmx.c +@@ -2405,7 +2405,7 @@ void nvmx_idtv_handling(void) + * be reinjected, otherwise, pass to L1. + */ + __vmread(VM_EXIT_REASON, &reason); +- if ( reason != EXIT_REASON_EPT_VIOLATION ? ++ if ( (uint16_t)reason != EXIT_REASON_EPT_VIOLATION ? + !(nvmx->intr.intr_info & INTR_INFO_VALID_MASK) : + !nvcpu->nv_vmexit_pending ) + { +@@ -2486,6 +2486,7 @@ int nvmx_n2_vmexit_handler(struct cpu_user_regs *regs, + case EXIT_REASON_EPT_VIOLATION: + case EXIT_REASON_EPT_MISCONFIG: + case EXIT_REASON_EXTERNAL_INTERRUPT: ++ case EXIT_REASON_BUS_LOCK: + /* pass to L0 handler */ + break; + case VMX_EXIT_REASONS_FAILED_VMENTRY: +diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +index 75f9928abf..f3df5113d4 100644 +--- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h ++++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +@@ -267,6 +267,7 @@ extern u32 vmx_vmentry_control; + #define SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS 0x00040000 + #define SECONDARY_EXEC_XSAVES 0x00100000 + #define SECONDARY_EXEC_TSC_SCALING 0x02000000 ++#define SECONDARY_EXEC_BUS_LOCK_DETECTION 0x40000000 + extern u32 vmx_secondary_exec_control; + + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 +@@ -346,6 +347,8 @@ extern u64 vmx_ept_vpid_cap; + (vmx_secondary_exec_control & SECONDARY_EXEC_XSAVES) + #define cpu_has_vmx_tsc_scaling \ + (vmx_secondary_exec_control & SECONDARY_EXEC_TSC_SCALING) ++#define cpu_has_vmx_bus_lock_detection \ ++ (vmx_secondary_exec_control & SECONDARY_EXEC_BUS_LOCK_DETECTION) + + #define VMCS_RID_TYPE_MASK 0x80000000 + +diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h +index 8eedf59155..03995701a1 100644 +--- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h ++++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h +@@ -159,6 +159,7 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc) + * Exit Reasons + */ + #define VMX_EXIT_REASONS_FAILED_VMENTRY 0x80000000 ++#define VMX_EXIT_REASONS_BUS_LOCK (1u << 26) + + #define EXIT_REASON_EXCEPTION_NMI 0 + #define EXIT_REASON_EXTERNAL_INTERRUPT 1 +@@ -219,6 +220,7 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc) + #define EXIT_REASON_PML_FULL 62 + #define EXIT_REASON_XSAVES 63 + #define EXIT_REASON_XRSTORS 64 ++#define EXIT_REASON_BUS_LOCK 74 + /* Remember to also update VMX_PERF_EXIT_REASON_SIZE! */ + + /* +diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h +index 509afc516b..6fce21e85a 100644 +--- a/xen/arch/x86/include/asm/perfc_defn.h ++++ b/xen/arch/x86/include/asm/perfc_defn.h +@@ -6,7 +6,7 @@ PERFCOUNTER_ARRAY(exceptions, "exceptions", 32) + + #ifdef CONFIG_HVM + +-#define VMX_PERF_EXIT_REASON_SIZE 65 ++#define VMX_PERF_EXIT_REASON_SIZE 75 + #define VMEXIT_NPF_PERFC 143 + #define SVM_PERF_EXIT_REASON_SIZE (VMEXIT_NPF_PERFC + 1) + PERFCOUNTER_ARRAY(vmexits, "vmexits", +@@ -128,4 +128,6 @@ PERFCOUNTER(pauseloop_exits, "vmexits from Pause-Loop Detection") + PERFCOUNTER(iommu_pt_shatters, "IOMMU page table shatters") + PERFCOUNTER(iommu_pt_coalesces, "IOMMU page table coalesces") + ++PERFCOUNTER(buslock, "Bus Locks Detected") ++ + /*#endif*/ /* __XEN_PERFC_DEFN_H__ */ +-- +2.40.0 + diff --git a/0065-x86-vmx-introduce-helper-to-set-VMX_INTR_SHADOW_NMI.patch b/0065-x86-vmx-introduce-helper-to-set-VMX_INTR_SHADOW_NMI.patch new file mode 100644 index 0000000..847ee99 --- /dev/null +++ b/0065-x86-vmx-introduce-helper-to-set-VMX_INTR_SHADOW_NMI.patch @@ -0,0 +1,102 @@ +From 27abea1ba6fa68f81b98de31cf9b9ebb594ff238 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Tue, 21 Mar 2023 13:41:49 +0100 +Subject: [PATCH 65/89] x86/vmx: introduce helper to set VMX_INTR_SHADOW_NMI +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Introduce a small helper to OR VMX_INTR_SHADOW_NMI in +GUEST_INTERRUPTIBILITY_INFO in order to help dealing with the NMI +unblocked by IRET case. Replace the existing usage in handling +EXIT_REASON_EXCEPTION_NMI and also add such handling to EPT violations +and page-modification log-full events. + +Reported-by: Andrew Cooper <andrew.cooper3@citrix.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Kevin Tian <kevin.tian@intel.com> +master commit: d329b37d12132164c3894d0b6284be72576ef950 +master date: 2022-12-19 11:23:34 +0100 +--- + xen/arch/x86/hvm/vmx/vmx.c | 28 +++++++++++++++++++------- + xen/arch/x86/include/asm/hvm/vmx/vmx.h | 3 +++ + 2 files changed, 24 insertions(+), 7 deletions(-) + +diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c +index d0f0f2e429..456726e897 100644 +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -3967,6 +3967,15 @@ static int vmx_handle_apic_write(void) + return vlapic_apicv_write(current, exit_qualification & 0xfff); + } + ++static void undo_nmis_unblocked_by_iret(void) ++{ ++ unsigned long guest_info; ++ ++ __vmread(GUEST_INTERRUPTIBILITY_INFO, &guest_info); ++ __vmwrite(GUEST_INTERRUPTIBILITY_INFO, ++ guest_info | VMX_INTR_SHADOW_NMI); ++} ++ + void vmx_vmexit_handler(struct cpu_user_regs *regs) + { + unsigned long exit_qualification, exit_reason, idtv_info, intr_info = 0; +@@ -4167,13 +4176,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) + if ( unlikely(intr_info & INTR_INFO_NMI_UNBLOCKED_BY_IRET) && + !(idtv_info & INTR_INFO_VALID_MASK) && + (vector != TRAP_double_fault) ) +- { +- unsigned long guest_info; +- +- __vmread(GUEST_INTERRUPTIBILITY_INFO, &guest_info); +- __vmwrite(GUEST_INTERRUPTIBILITY_INFO, +- guest_info | VMX_INTR_SHADOW_NMI); +- } ++ undo_nmis_unblocked_by_iret(); + + perfc_incra(cause_vector, vector); + +@@ -4539,6 +4542,11 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) + + __vmread(GUEST_PHYSICAL_ADDRESS, &gpa); + __vmread(EXIT_QUALIFICATION, &exit_qualification); ++ ++ if ( unlikely(exit_qualification & INTR_INFO_NMI_UNBLOCKED_BY_IRET) && ++ !(idtv_info & INTR_INFO_VALID_MASK) ) ++ undo_nmis_unblocked_by_iret(); ++ + ept_handle_violation(exit_qualification, gpa); + break; + } +@@ -4583,6 +4591,12 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) + break; + + case EXIT_REASON_PML_FULL: ++ __vmread(EXIT_QUALIFICATION, &exit_qualification); ++ ++ if ( unlikely(exit_qualification & INTR_INFO_NMI_UNBLOCKED_BY_IRET) && ++ !(idtv_info & INTR_INFO_VALID_MASK) ) ++ undo_nmis_unblocked_by_iret(); ++ + vmx_vcpu_flush_pml_buffer(v); + break; + +diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h +index 03995701a1..eae39365aa 100644 +--- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h ++++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h +@@ -225,6 +225,9 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc) + + /* + * Interruption-information format ++ * ++ * Note INTR_INFO_NMI_UNBLOCKED_BY_IRET is also used with Exit Qualification ++ * field for EPT violations, PML full and SPP-related event vmexits. + */ + #define INTR_INFO_VECTOR_MASK 0xff /* 7:0 */ + #define INTR_INFO_INTR_TYPE_MASK 0x700 /* 10:8 */ +-- +2.40.0 + diff --git a/0066-x86-vmx-implement-Notify-VM-Exit.patch b/0066-x86-vmx-implement-Notify-VM-Exit.patch new file mode 100644 index 0000000..bc54d18 --- /dev/null +++ b/0066-x86-vmx-implement-Notify-VM-Exit.patch @@ -0,0 +1,243 @@ +From b745ff30113d2bd91e2d34cf56437b2fe2e2ea35 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Tue, 21 Mar 2023 13:42:43 +0100 +Subject: [PATCH 66/89] x86/vmx: implement Notify VM Exit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Under certain conditions guests can get the CPU stuck in an unbounded +loop without the possibility of an interrupt window to occur on +instruction boundary. This was the case with the scenarios described +in XSA-156. + +Make use of the Notify VM Exit mechanism, that will trigger a VM Exit +if no interrupt window occurs for a specified amount of time. Note +that using the Notify VM Exit avoids having to trap #AC and #DB +exceptions, as Xen is guaranteed to get a VM Exit even if the guest +puts the CPU in a loop without an interrupt window, as such disable +the intercepts if the feature is available and enabled. + +Setting the notify VM exit window to 0 is safe because there's a +threshold added by the hardware in order to have a sane window value. + +Note the handling of EXIT_REASON_NOTIFY in the nested virtualization +case is passed to L0, and hence a nested guest being able to trigger a +notify VM exit with an invalid context would be able to crash the L1 +hypervisor (by L0 destroying the domain). Since we don't expose VM +Notify support to L1 it should already enable the required +protections in order to prevent VM Notify from triggering in the first +place. + +Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Kevin Tian <kevin.tian@intel.com> + +x86/vmx: Partially revert "x86/vmx: implement Notify VM Exit" + +The original patch tried to do two things - implement VMNotify, and +re-optimise VT-x to not intercept #DB/#AC by default. + +The second part is buggy in multiple ways. Both GDBSX and Introspection need +to conditionally intercept #DB, which was not accounted for. Also, #DB +interception has nothing at all to do with cpu_has_monitor_trap_flag. + +Revert the second half, leaving #DB/#AC intercepted unilaterally, but with +VMNotify active by default when available. + +Fixes: 573279cde1c4 ("x86/vmx: implement Notify VM Exit") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Kevin Tian <kevin.tian@intel.com> +master commit: 573279cde1c4e752d4df34bc65ffafa17573148e +master date: 2022-12-19 11:24:14 +0100 +master commit: 5f08bc9404c7cfa8131e262c7dbcb4d96c752686 +master date: 2023-01-20 19:39:32 +0000 +--- + docs/misc/xen-command-line.pandoc | 11 +++++++++++ + xen/arch/x86/hvm/vmx/vmcs.c | 10 ++++++++++ + xen/arch/x86/hvm/vmx/vmx.c | 16 ++++++++++++++++ + xen/arch/x86/hvm/vmx/vvmx.c | 1 + + xen/arch/x86/include/asm/hvm/vmx/vmcs.h | 4 ++++ + xen/arch/x86/include/asm/hvm/vmx/vmx.h | 6 ++++++ + xen/arch/x86/include/asm/perfc_defn.h | 3 ++- + 7 files changed, 50 insertions(+), 1 deletion(-) + +diff --git a/docs/misc/xen-command-line.pandoc b/docs/misc/xen-command-line.pandoc +index 5be5ce10c6..d601120faa 100644 +--- a/docs/misc/xen-command-line.pandoc ++++ b/docs/misc/xen-command-line.pandoc +@@ -2634,6 +2634,17 @@ guest will notify Xen that it has failed to acquire a spinlock. + <major>, <minor> and <build> must be integers. The values will be + encoded in guest CPUID 0x40000002 if viridian enlightenments are enabled. + ++### vm-notify-window (Intel) ++> `= <integer>` ++ ++> Default: `0` ++ ++Specify the value of the VM Notify window used to detect locked VMs. Set to -1 ++to disable the feature. Value is in units of crystal clock cycles. ++ ++Note the hardware might add a threshold to the provided value in order to make ++it safe, and hence using 0 is fine. ++ + ### vpid (Intel) + > `= <boolean>` + +diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c +index a0d5e8d6ab..7912053bda 100644 +--- a/xen/arch/x86/hvm/vmx/vmcs.c ++++ b/xen/arch/x86/hvm/vmx/vmcs.c +@@ -67,6 +67,9 @@ integer_param("ple_gap", ple_gap); + static unsigned int __read_mostly ple_window = 4096; + integer_param("ple_window", ple_window); + ++static unsigned int __ro_after_init vm_notify_window; ++integer_param("vm-notify-window", vm_notify_window); ++ + static bool __read_mostly opt_ept_pml = true; + static s8 __read_mostly opt_ept_ad = -1; + int8_t __read_mostly opt_ept_exec_sp = -1; +@@ -210,6 +213,7 @@ static void __init vmx_display_features(void) + P(cpu_has_vmx_pml, "Page Modification Logging"); + P(cpu_has_vmx_tsc_scaling, "TSC Scaling"); + P(cpu_has_vmx_bus_lock_detection, "Bus Lock Detection"); ++ P(cpu_has_vmx_notify_vm_exiting, "Notify VM Exit"); + #undef P + + if ( !printed ) +@@ -329,6 +333,8 @@ static int vmx_init_vmcs_config(bool bsp) + opt |= SECONDARY_EXEC_UNRESTRICTED_GUEST; + if ( opt_ept_pml ) + opt |= SECONDARY_EXEC_ENABLE_PML; ++ if ( vm_notify_window != ~0u ) ++ opt |= SECONDARY_EXEC_NOTIFY_VM_EXITING; + + /* + * "APIC Register Virtualization" and "Virtual Interrupt Delivery" +@@ -1290,6 +1296,10 @@ static int construct_vmcs(struct vcpu *v) + v->arch.hvm.vmx.exception_bitmap = HVM_TRAP_MASK + | (paging_mode_hap(d) ? 0 : (1U << TRAP_page_fault)) + | (v->arch.fully_eager_fpu ? 0 : (1U << TRAP_no_device)); ++ ++ if ( cpu_has_vmx_notify_vm_exiting ) ++ __vmwrite(NOTIFY_WINDOW, vm_notify_window); ++ + vmx_update_exception_bitmap(v); + + v->arch.hvm.guest_cr[0] = X86_CR0_PE | X86_CR0_ET; +diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c +index 456726e897..f0e759eeaf 100644 +--- a/xen/arch/x86/hvm/vmx/vmx.c ++++ b/xen/arch/x86/hvm/vmx/vmx.c +@@ -4622,6 +4622,22 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) + */ + break; + ++ case EXIT_REASON_NOTIFY: ++ __vmread(EXIT_QUALIFICATION, &exit_qualification); ++ ++ if ( unlikely(exit_qualification & NOTIFY_VM_CONTEXT_INVALID) ) ++ { ++ perfc_incr(vmnotify_crash); ++ gprintk(XENLOG_ERR, "invalid VM context after notify vmexit\n"); ++ domain_crash(v->domain); ++ break; ++ } ++ ++ if ( unlikely(exit_qualification & INTR_INFO_NMI_UNBLOCKED_BY_IRET) ) ++ undo_nmis_unblocked_by_iret(); ++ ++ break; ++ + case EXIT_REASON_VMX_PREEMPTION_TIMER_EXPIRED: + case EXIT_REASON_INVPCID: + /* fall through */ +diff --git a/xen/arch/x86/hvm/vmx/vvmx.c b/xen/arch/x86/hvm/vmx/vvmx.c +index 2095c1e612..f8fe8d0c14 100644 +--- a/xen/arch/x86/hvm/vmx/vvmx.c ++++ b/xen/arch/x86/hvm/vmx/vvmx.c +@@ -2487,6 +2487,7 @@ int nvmx_n2_vmexit_handler(struct cpu_user_regs *regs, + case EXIT_REASON_EPT_MISCONFIG: + case EXIT_REASON_EXTERNAL_INTERRUPT: + case EXIT_REASON_BUS_LOCK: ++ case EXIT_REASON_NOTIFY: + /* pass to L0 handler */ + break; + case VMX_EXIT_REASONS_FAILED_VMENTRY: +diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +index f3df5113d4..78404e42b3 100644 +--- a/xen/arch/x86/include/asm/hvm/vmx/vmcs.h ++++ b/xen/arch/x86/include/asm/hvm/vmx/vmcs.h +@@ -268,6 +268,7 @@ extern u32 vmx_vmentry_control; + #define SECONDARY_EXEC_XSAVES 0x00100000 + #define SECONDARY_EXEC_TSC_SCALING 0x02000000 + #define SECONDARY_EXEC_BUS_LOCK_DETECTION 0x40000000 ++#define SECONDARY_EXEC_NOTIFY_VM_EXITING 0x80000000 + extern u32 vmx_secondary_exec_control; + + #define VMX_EPT_EXEC_ONLY_SUPPORTED 0x00000001 +@@ -349,6 +350,8 @@ extern u64 vmx_ept_vpid_cap; + (vmx_secondary_exec_control & SECONDARY_EXEC_TSC_SCALING) + #define cpu_has_vmx_bus_lock_detection \ + (vmx_secondary_exec_control & SECONDARY_EXEC_BUS_LOCK_DETECTION) ++#define cpu_has_vmx_notify_vm_exiting \ ++ (vmx_secondary_exec_control & SECONDARY_EXEC_NOTIFY_VM_EXITING) + + #define VMCS_RID_TYPE_MASK 0x80000000 + +@@ -456,6 +459,7 @@ enum vmcs_field { + SECONDARY_VM_EXEC_CONTROL = 0x0000401e, + PLE_GAP = 0x00004020, + PLE_WINDOW = 0x00004022, ++ NOTIFY_WINDOW = 0x00004024, + VM_INSTRUCTION_ERROR = 0x00004400, + VM_EXIT_REASON = 0x00004402, + VM_EXIT_INTR_INFO = 0x00004404, +diff --git a/xen/arch/x86/include/asm/hvm/vmx/vmx.h b/xen/arch/x86/include/asm/hvm/vmx/vmx.h +index eae39365aa..8e1e42ac47 100644 +--- a/xen/arch/x86/include/asm/hvm/vmx/vmx.h ++++ b/xen/arch/x86/include/asm/hvm/vmx/vmx.h +@@ -221,6 +221,7 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc) + #define EXIT_REASON_XSAVES 63 + #define EXIT_REASON_XRSTORS 64 + #define EXIT_REASON_BUS_LOCK 74 ++#define EXIT_REASON_NOTIFY 75 + /* Remember to also update VMX_PERF_EXIT_REASON_SIZE! */ + + /* +@@ -236,6 +237,11 @@ static inline void pi_clear_sn(struct pi_desc *pi_desc) + #define INTR_INFO_VALID_MASK 0x80000000 /* 31 */ + #define INTR_INFO_RESVD_BITS_MASK 0x7ffff000 + ++/* ++ * Exit Qualifications for NOTIFY VM EXIT ++ */ ++#define NOTIFY_VM_CONTEXT_INVALID 1u ++ + /* + * Exit Qualifications for MOV for Control Register Access + */ +diff --git a/xen/arch/x86/include/asm/perfc_defn.h b/xen/arch/x86/include/asm/perfc_defn.h +index 6fce21e85a..487e20dc97 100644 +--- a/xen/arch/x86/include/asm/perfc_defn.h ++++ b/xen/arch/x86/include/asm/perfc_defn.h +@@ -6,7 +6,7 @@ PERFCOUNTER_ARRAY(exceptions, "exceptions", 32) + + #ifdef CONFIG_HVM + +-#define VMX_PERF_EXIT_REASON_SIZE 75 ++#define VMX_PERF_EXIT_REASON_SIZE 76 + #define VMEXIT_NPF_PERFC 143 + #define SVM_PERF_EXIT_REASON_SIZE (VMEXIT_NPF_PERFC + 1) + PERFCOUNTER_ARRAY(vmexits, "vmexits", +@@ -129,5 +129,6 @@ PERFCOUNTER(iommu_pt_shatters, "IOMMU page table shatters") + PERFCOUNTER(iommu_pt_coalesces, "IOMMU page table coalesces") + + PERFCOUNTER(buslock, "Bus Locks Detected") ++PERFCOUNTER(vmnotify_crash, "domain crashes by Notify VM Exit") + + /*#endif*/ /* __XEN_PERFC_DEFN_H__ */ +-- +2.40.0 + diff --git a/0040-tools-python-change-s-size-type-for-Python-3.10.patch b/0067-tools-python-change-s-size-type-for-Python-3.10.patch index 979fd6f..0671c67 100644 --- a/0040-tools-python-change-s-size-type-for-Python-3.10.patch +++ b/0067-tools-python-change-s-size-type-for-Python-3.10.patch @@ -1,8 +1,8 @@ -From 0cbffc6099db7fd01041910a98b99ccad50af11b Mon Sep 17 00:00:00 2001 +From 651ffe2c7847cb9922d22980984a3bea6f47bea7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= <marmarek@invisiblethingslab.com> -Date: Tue, 21 Mar 2023 13:49:28 +0100 -Subject: [PATCH 40/61] tools/python: change 's#' size type for Python >= 3.10 +Date: Tue, 21 Mar 2023 13:43:44 +0100 +Subject: [PATCH 67/89] tools/python: change 's#' size type for Python >= 3.10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit diff --git a/0041-tools-xenmon-Fix-xenmon.py-for-with-python3.x.patch b/0068-tools-xenmon-Fix-xenmon.py-for-with-python3.x.patch index ff97af6..a47812b 100644 --- a/0041-tools-xenmon-Fix-xenmon.py-for-with-python3.x.patch +++ b/0068-tools-xenmon-Fix-xenmon.py-for-with-python3.x.patch @@ -1,7 +1,7 @@ -From 5ce8d2aef85f590e4fb42d18784512203069d0c0 Mon Sep 17 00:00:00 2001 +From 244d39fb13abae6c2da341b76363f169d8bbc93b Mon Sep 17 00:00:00 2001 From: Bernhard Kaindl <bernhard.kaindl@citrix.com> -Date: Tue, 21 Mar 2023 13:49:47 +0100 -Subject: [PATCH 41/61] tools/xenmon: Fix xenmon.py for with python3.x +Date: Tue, 21 Mar 2023 13:44:04 +0100 +Subject: [PATCH 68/89] tools/xenmon: Fix xenmon.py for with python3.x Fixes for Py3: * class Delayed(): file not defined; also an error for pylint -E. Inherit diff --git a/0069-x86-spec-ctrl-Add-BHI-controls-to-userspace-componen.patch b/0069-x86-spec-ctrl-Add-BHI-controls-to-userspace-componen.patch new file mode 100644 index 0000000..734a2e5 --- /dev/null +++ b/0069-x86-spec-ctrl-Add-BHI-controls-to-userspace-componen.patch @@ -0,0 +1,51 @@ +From b4dad09bb23c439f2e67ed2eb6d7bdd640b8bbae Mon Sep 17 00:00:00 2001 +From: Andrew Cooper <andrew.cooper3@citrix.com> +Date: Tue, 21 Mar 2023 13:44:27 +0100 +Subject: [PATCH 69/89] x86/spec-ctrl: Add BHI controls to userspace components + +This was an oversight when adding the Xen parts. + +Fixes: cea9ae062295 ("x86/spec-ctrl: Enumeration for new Intel BHI controls") +Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> +master commit: 9276e832aef60437da13d91e66fc259fd94d6f91 +master date: 2023-03-13 11:26:26 +0000 +--- + tools/libs/light/libxl_cpuid.c | 3 +++ + tools/misc/xen-cpuid.c | 6 +++--- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/tools/libs/light/libxl_cpuid.c b/tools/libs/light/libxl_cpuid.c +index d97a2f3338..55cfbc8f23 100644 +--- a/tools/libs/light/libxl_cpuid.c ++++ b/tools/libs/light/libxl_cpuid.c +@@ -238,6 +238,9 @@ int libxl_cpuid_parse_config(libxl_cpuid_policy_list *cpuid, const char* str) + {"cet-sss", 0x00000007, 1, CPUID_REG_EDX, 18, 1}, + + {"intel-psfd", 0x00000007, 2, CPUID_REG_EDX, 0, 1}, ++ {"ipred-ctrl", 0x00000007, 2, CPUID_REG_EDX, 1, 1}, ++ {"rrsba-ctrl", 0x00000007, 2, CPUID_REG_EDX, 2, 1}, ++ {"bhi-ctrl", 0x00000007, 2, CPUID_REG_EDX, 4, 1}, + {"mcdt-no", 0x00000007, 2, CPUID_REG_EDX, 5, 1}, + + {"lahfsahf", 0x80000001, NA, CPUID_REG_ECX, 0, 1}, +diff --git a/tools/misc/xen-cpuid.c b/tools/misc/xen-cpuid.c +index 0248eaef44..45e443f5d9 100644 +--- a/tools/misc/xen-cpuid.c ++++ b/tools/misc/xen-cpuid.c +@@ -213,9 +213,9 @@ static const char *const str_7d1[32] = + + static const char *const str_7d2[32] = + { +- [ 0] = "intel-psfd", +- +- /* 4 */ [ 5] = "mcdt-no", ++ [ 0] = "intel-psfd", [ 1] = "ipred-ctrl", ++ [ 2] = "rrsba-ctrl", ++ [ 4] = "bhi-ctrl", [ 5] = "mcdt-no", + }; + + static const struct { +-- +2.40.0 + diff --git a/0042-core-parking-fix-build-with-gcc12-and-NR_CPUS-1.patch b/0070-core-parking-fix-build-with-gcc12-and-NR_CPUS-1.patch index c425c43..0b2c2b4 100644 --- a/0042-core-parking-fix-build-with-gcc12-and-NR_CPUS-1.patch +++ b/0070-core-parking-fix-build-with-gcc12-and-NR_CPUS-1.patch @@ -1,7 +1,7 @@ -From 4a6bedefe589dab12182d6b974de8ea3b2fcc681 Mon Sep 17 00:00:00 2001 +From b5409f4e4d0722e8669123d59f15f784903d153f Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Tue, 21 Mar 2023 13:50:18 +0100 -Subject: [PATCH 42/61] core-parking: fix build with gcc12 and NR_CPUS=1 +Date: Tue, 21 Mar 2023 13:44:53 +0100 +Subject: [PATCH 70/89] core-parking: fix build with gcc12 and NR_CPUS=1 Gcc12 takes issue with core_parking_remove()'s @@ -27,12 +27,12 @@ master date: 2023-03-13 15:15:42 +0100 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig -index 3c14096c80..8e2b504923 100644 +index 6a7825f4ba..2a5c3304e2 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig -@@ -8,7 +8,7 @@ config X86 - select ACPI_LEGACY_TABLES_LOOKUP +@@ -10,7 +10,7 @@ config X86 select ALTERNATIVE_CALL + select ARCH_MAP_DOMAIN_PAGE select ARCH_SUPPORTS_INT128 - select CORE_PARKING + imply CORE_PARKING @@ -40,10 +40,10 @@ index 3c14096c80..8e2b504923 100644 select HAS_COMPAT select HAS_CPUFREQ diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c -index bf4090c942..c35e5669a4 100644 +index a7341dc3d7..e7deee2268 100644 --- a/xen/arch/x86/platform_hypercall.c +++ b/xen/arch/x86/platform_hypercall.c -@@ -725,12 +725,17 @@ ret_t do_platform_op(XEN_GUEST_HANDLE_PARAM(xen_platform_op_t) u_xenpf_op) +@@ -727,12 +727,17 @@ ret_t do_platform_op( case XEN_CORE_PARKING_SET: idle_nums = min_t(uint32_t, op->u.core_parking.idle_nums, num_present_cpus() - 1); @@ -65,7 +65,7 @@ index bf4090c942..c35e5669a4 100644 -EFAULT : 0; break; diff --git a/xen/arch/x86/sysctl.c b/xen/arch/x86/sysctl.c -index aff52a13f3..ff843eaee2 100644 +index f82abc2488..f8f8d79755 100644 --- a/xen/arch/x86/sysctl.c +++ b/xen/arch/x86/sysctl.c @@ -179,6 +179,9 @@ long arch_do_sysctl( @@ -79,7 +79,7 @@ index aff52a13f3..ff843eaee2 100644 fn = smt_up_down_helper; hcpu = _p(plug); diff --git a/xen/common/Kconfig b/xen/common/Kconfig -index 6443943889..c9f4b7f492 100644 +index f1ea3199c8..855c843113 100644 --- a/xen/common/Kconfig +++ b/xen/common/Kconfig @@ -10,6 +10,7 @@ config COMPAT diff --git a/0043-x86-altp2m-help-gcc13-to-avoid-it-emitting-a-warning.patch b/0071-x86-altp2m-help-gcc13-to-avoid-it-emitting-a-warning.patch index 0e040ad..b33bd11 100644 --- a/0043-x86-altp2m-help-gcc13-to-avoid-it-emitting-a-warning.patch +++ b/0071-x86-altp2m-help-gcc13-to-avoid-it-emitting-a-warning.patch @@ -1,7 +1,7 @@ -From cdde3171a2a932a6836b094c4387412e27414ec9 Mon Sep 17 00:00:00 2001 +From d84612ecab00ab31c09a7c5a5892906edbacaf5b Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Tue, 21 Mar 2023 13:51:42 +0100 -Subject: [PATCH 43/61] x86/altp2m: help gcc13 to avoid it emitting a warning +Date: Tue, 21 Mar 2023 13:45:47 +0100 +Subject: [PATCH 71/89] x86/altp2m: help gcc13 to avoid it emitting a warning Switches of altp2m-s always expect a valid altp2m to be in place (and indeed altp2m_vcpu_initialise() sets the active one to be at index 0). @@ -35,16 +35,16 @@ Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> master commit: be62b1fc2aa7375d553603fca07299da765a89fe master date: 2023-03-13 15:16:21 +0100 --- - xen/arch/x86/hvm/vmx/vmx.c | 8 +------- - xen/arch/x86/mm/p2m.c | 14 ++------------ - xen/include/asm-x86/p2m.h | 20 ++++++++++++++++++++ + xen/arch/x86/hvm/vmx/vmx.c | 8 +------- + xen/arch/x86/include/asm/p2m.h | 20 ++++++++++++++++++++ + xen/arch/x86/mm/p2m.c | 14 ++------------ 3 files changed, 23 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c -index 094141be9a..c8a839cd5e 100644 +index f0e759eeaf..a8fb4365ad 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -4036,13 +4036,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) +@@ -4072,13 +4072,7 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) } } @@ -58,12 +58,43 @@ index 094141be9a..c8a839cd5e 100644 + p2m_set_altp2m(v, idx); } - /* XXX: This looks ugly, but we need a mechanism to ensure + if ( unlikely(currd->arch.monitor.vmexit_enabled) ) +diff --git a/xen/arch/x86/include/asm/p2m.h b/xen/arch/x86/include/asm/p2m.h +index bd684d02f3..cd43d8621a 100644 +--- a/xen/arch/x86/include/asm/p2m.h ++++ b/xen/arch/x86/include/asm/p2m.h +@@ -879,6 +879,26 @@ static inline struct p2m_domain *p2m_get_altp2m(struct vcpu *v) + return v->domain->arch.altp2m_p2m[index]; + } + ++/* set current alternate p2m table */ ++static inline bool p2m_set_altp2m(struct vcpu *v, unsigned int idx) ++{ ++ struct p2m_domain *orig; ++ ++ BUG_ON(idx >= MAX_ALTP2M); ++ ++ if ( idx == vcpu_altp2m(v).p2midx ) ++ return false; ++ ++ orig = p2m_get_altp2m(v); ++ BUG_ON(!orig); ++ atomic_dec(&orig->active_vcpus); ++ ++ vcpu_altp2m(v).p2midx = idx; ++ atomic_inc(&v->domain->arch.altp2m_p2m[idx]->active_vcpus); ++ ++ return true; ++} ++ + /* Switch alternate p2m for a single vcpu */ + bool_t p2m_switch_vcpu_altp2m_by_id(struct vcpu *v, unsigned int idx); + diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c -index 8781df9dda..2d41446a69 100644 +index a405ee5fde..b28c899b5e 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c -@@ -2194,13 +2194,8 @@ bool_t p2m_switch_vcpu_altp2m_by_id(struct vcpu *v, unsigned int idx) +@@ -1787,13 +1787,8 @@ bool_t p2m_switch_vcpu_altp2m_by_id(struct vcpu *v, unsigned int idx) if ( d->arch.altp2m_eptp[idx] != mfn_x(INVALID_MFN) ) { @@ -78,7 +109,7 @@ index 8781df9dda..2d41446a69 100644 rc = 1; } -@@ -2471,13 +2466,8 @@ int p2m_switch_domain_altp2m_by_id(struct domain *d, unsigned int idx) +@@ -2070,13 +2065,8 @@ int p2m_switch_domain_altp2m_by_id(struct domain *d, unsigned int idx) if ( d->arch.altp2m_visible_eptp[idx] != mfn_x(INVALID_MFN) ) { for_each_vcpu( d, v ) @@ -93,37 +124,6 @@ index 8781df9dda..2d41446a69 100644 rc = 0; } -diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h -index 2db9ab0122..f92bb97394 100644 ---- a/xen/include/asm-x86/p2m.h -+++ b/xen/include/asm-x86/p2m.h -@@ -841,6 +841,26 @@ static inline struct p2m_domain *p2m_get_altp2m(struct vcpu *v) - return v->domain->arch.altp2m_p2m[index]; - } - -+/* set current alternate p2m table */ -+static inline bool p2m_set_altp2m(struct vcpu *v, unsigned int idx) -+{ -+ struct p2m_domain *orig; -+ -+ BUG_ON(idx >= MAX_ALTP2M); -+ -+ if ( idx == vcpu_altp2m(v).p2midx ) -+ return false; -+ -+ orig = p2m_get_altp2m(v); -+ BUG_ON(!orig); -+ atomic_dec(&orig->active_vcpus); -+ -+ vcpu_altp2m(v).p2midx = idx; -+ atomic_inc(&v->domain->arch.altp2m_p2m[idx]->active_vcpus); -+ -+ return true; -+} -+ - /* Switch alternate p2m for a single vcpu */ - bool_t p2m_switch_vcpu_altp2m_by_id(struct vcpu *v, unsigned int idx); - -- 2.40.0 diff --git a/0044-VT-d-constrain-IGD-check.patch b/0072-VT-d-constrain-IGD-check.patch index 13ca74e..497b04b 100644 --- a/0044-VT-d-constrain-IGD-check.patch +++ b/0072-VT-d-constrain-IGD-check.patch @@ -1,7 +1,7 @@ -From 4d42cc4d25c35ca381370a1fa0b45350723d1308 Mon Sep 17 00:00:00 2001 +From f971f5c531ce6a5fd6c1ff1f525f2c6837eeb78d Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Tue, 21 Mar 2023 13:52:20 +0100 -Subject: [PATCH 44/61] VT-d: constrain IGD check +Date: Tue, 21 Mar 2023 13:46:39 +0100 +Subject: [PATCH 72/89] VT-d: constrain IGD check Marking a DRHD as controlling an IGD isn't very sensible without checking that at the very least it's a graphics device that lives at @@ -17,7 +17,7 @@ master date: 2023-03-14 10:44:08 +0100 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c -index 33a12b2ae9..9ec49936b8 100644 +index 78c8bad151..78d4526446 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -391,15 +391,12 @@ static int __init acpi_parse_dev_scope( diff --git a/0045-bunzip-work-around-gcc13-warning.patch b/0073-bunzip-work-around-gcc13-warning.patch index 9b26011..c7ec163 100644 --- a/0045-bunzip-work-around-gcc13-warning.patch +++ b/0073-bunzip-work-around-gcc13-warning.patch @@ -1,7 +1,7 @@ -From 49116b2101094c3d6658928f03db88d035ba97be Mon Sep 17 00:00:00 2001 +From 7082d656ae9bcd26392caf72e50e0f7a61c8f285 Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Tue, 21 Mar 2023 13:52:58 +0100 -Subject: [PATCH 45/61] bunzip: work around gcc13 warning +Date: Tue, 21 Mar 2023 13:47:11 +0100 +Subject: [PATCH 73/89] bunzip: work around gcc13 warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -22,7 +22,7 @@ master date: 2023-03-14 10:45:28 +0100 1 file changed, 5 insertions(+) diff --git a/xen/common/bunzip2.c b/xen/common/bunzip2.c -index 2087cfbbed..5108e570ed 100644 +index 61b80aff1b..4466426941 100644 --- a/xen/common/bunzip2.c +++ b/xen/common/bunzip2.c @@ -233,6 +233,11 @@ static int __init get_next_block(struct bunzip_data *bd) diff --git a/0046-libacpi-fix-PCI-hotplug-AML.patch b/0074-libacpi-fix-PCI-hotplug-AML.patch index b1c79f5..3583849 100644 --- a/0046-libacpi-fix-PCI-hotplug-AML.patch +++ b/0074-libacpi-fix-PCI-hotplug-AML.patch @@ -1,7 +1,7 @@ -From 54102e428ba3f677904278479f8110c8eef6fedc Mon Sep 17 00:00:00 2001 +From 3eac216e6e60860bbc030602c401d3ef8efce8d9 Mon Sep 17 00:00:00 2001 From: David Woodhouse <dwmw@amazon.co.uk> -Date: Tue, 21 Mar 2023 13:53:25 +0100 -Subject: [PATCH 46/61] libacpi: fix PCI hotplug AML +Date: Tue, 21 Mar 2023 13:47:52 +0100 +Subject: [PATCH 74/89] libacpi: fix PCI hotplug AML The emulated PIIX3 uses a nybble for the status of each PCI function, so the status for e.g. slot 0 functions 0 and 1 respectively can be @@ -40,7 +40,7 @@ master date: 2023-03-20 17:12:34 +0100 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libacpi/mk_dsdt.c b/tools/libacpi/mk_dsdt.c -index c5ba4c0b2f..250a50b7eb 100644 +index 1176da80ef..1d27809116 100644 --- a/tools/libacpi/mk_dsdt.c +++ b/tools/libacpi/mk_dsdt.c @@ -431,7 +431,7 @@ int main(int argc, char **argv) diff --git a/0047-AMD-IOMMU-without-XT-x2APIC-needs-to-be-forced-into-.patch b/0075-AMD-IOMMU-without-XT-x2APIC-needs-to-be-forced-into-.patch index 54940ba..5decf2c 100644 --- a/0047-AMD-IOMMU-without-XT-x2APIC-needs-to-be-forced-into-.patch +++ b/0075-AMD-IOMMU-without-XT-x2APIC-needs-to-be-forced-into-.patch @@ -1,7 +1,7 @@ -From 8e9690a2252eda09537275a951ee0af0b3b330f2 Mon Sep 17 00:00:00 2001 +From 3c85fb7b65d6a8b0fa993bc1cb67eea9b4a64aca Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Fri, 31 Mar 2023 08:36:59 +0200 -Subject: [PATCH 47/61] AMD/IOMMU: without XT, x2APIC needs to be forced into +Date: Fri, 31 Mar 2023 08:28:56 +0200 +Subject: [PATCH 75/89] AMD/IOMMU: without XT, x2APIC needs to be forced into physical mode An earlier change with the same title (commit 1ba66a870eba) altered only @@ -19,10 +19,10 @@ master date: 2023-03-21 09:23:25 +0100 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/xen/arch/x86/genapic/x2apic.c b/xen/arch/x86/genapic/x2apic.c -index 628b441da5..247364af58 100644 +index 7dfc793514..d512c50fc5 100644 --- a/xen/arch/x86/genapic/x2apic.c +++ b/xen/arch/x86/genapic/x2apic.c -@@ -239,11 +239,11 @@ const struct genapic *__init apic_x2apic_probe(void) +@@ -236,11 +236,11 @@ const struct genapic *__init apic_x2apic_probe(void) if ( x2apic_phys < 0 ) { /* @@ -34,9 +34,9 @@ index 628b441da5..247364af58 100644 */ - x2apic_phys = !iommu_intremap || + x2apic_phys = iommu_intremap != iommu_intremap_full || - (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL); - } - else if ( !x2apic_phys ) + (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL) || + (IS_ENABLED(CONFIG_X2APIC_PHYSICAL) && + !(acpi_gbl_FADT.flags & ACPI_FADT_APIC_CLUSTER)); -- 2.40.0 diff --git a/0048-VT-d-fix-iommu-no-igfx-if-the-IOMMU-scope-contains-f.patch b/0076-VT-d-fix-iommu-no-igfx-if-the-IOMMU-scope-contains-f.patch index 4c480b0..d897da6 100644 --- a/0048-VT-d-fix-iommu-no-igfx-if-the-IOMMU-scope-contains-f.patch +++ b/0076-VT-d-fix-iommu-no-igfx-if-the-IOMMU-scope-contains-f.patch @@ -1,8 +1,8 @@ -From 07e8f5b3d1300327a9f2e67b03dead0e2138b92f Mon Sep 17 00:00:00 2001 +From 33b1c8cd86bd6c311131b8dff32bd45581e2fbc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= <marmarek@invisiblethingslab.com> -Date: Fri, 31 Mar 2023 08:38:07 +0200 -Subject: [PATCH 48/61] VT-d: fix iommu=no-igfx if the IOMMU scope contains +Date: Fri, 31 Mar 2023 08:29:55 +0200 +Subject: [PATCH 76/89] VT-d: fix iommu=no-igfx if the IOMMU scope contains fake device(s) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -27,7 +27,7 @@ master date: 2023-03-23 09:16:41 +0100 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/drivers/passthrough/vtd/dmar.c b/xen/drivers/passthrough/vtd/dmar.c -index 9ec49936b8..bfec40f47d 100644 +index 78d4526446..4936c20952 100644 --- a/xen/drivers/passthrough/vtd/dmar.c +++ b/xen/drivers/passthrough/vtd/dmar.c @@ -389,7 +389,7 @@ static int __init acpi_parse_dev_scope( diff --git a/0049-x86-shadow-fix-and-improve-sh_page_has_multiple_shad.patch b/0077-x86-shadow-fix-and-improve-sh_page_has_multiple_shad.patch index 0abf7e9..3486ccd 100644 --- a/0049-x86-shadow-fix-and-improve-sh_page_has_multiple_shad.patch +++ b/0077-x86-shadow-fix-and-improve-sh_page_has_multiple_shad.patch @@ -1,7 +1,7 @@ -From cab866ee62d860e9ff4abe701163972d4e9f896d Mon Sep 17 00:00:00 2001 +From 6f2d89d68175e74aca9c67761aa87ffc8f5ffed1 Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Fri, 31 Mar 2023 08:38:42 +0200 -Subject: [PATCH 49/61] x86/shadow: fix and improve +Date: Fri, 31 Mar 2023 08:30:41 +0200 +Subject: [PATCH 77/89] x86/shadow: fix and improve sh_page_has_multiple_shadows() While no caller currently invokes the function without first making sure @@ -30,7 +30,7 @@ master date: 2023-03-24 11:07:08 +0100 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xen/arch/x86/mm/shadow/private.h b/xen/arch/x86/mm/shadow/private.h -index 738214f75e..762214f73c 100644 +index 85bb26c7ea..c2bb1ed3c3 100644 --- a/xen/arch/x86/mm/shadow/private.h +++ b/xen/arch/x86/mm/shadow/private.h @@ -324,7 +324,7 @@ static inline int sh_page_has_multiple_shadows(struct page_info *pg) diff --git a/0050-x86-nospec-Fix-evaluate_nospec-code-generation-under.patch b/0078-x86-nospec-Fix-evaluate_nospec-code-generation-under.patch index 14a8e14..62de15a 100644 --- a/0050-x86-nospec-Fix-evaluate_nospec-code-generation-under.patch +++ b/0078-x86-nospec-Fix-evaluate_nospec-code-generation-under.patch @@ -1,7 +1,7 @@ -From 90320fd05991d7817cea85e1d45674b757abf03c Mon Sep 17 00:00:00 2001 +From 00aa5c93d14c6561a69fe204cbe29f7519830782 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 31 Mar 2023 08:39:32 +0200 -Subject: [PATCH 50/61] x86/nospec: Fix evaluate_nospec() code generation under +Date: Fri, 31 Mar 2023 08:31:20 +0200 +Subject: [PATCH 78/89] x86/nospec: Fix evaluate_nospec() code generation under Clang MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 @@ -60,13 +60,13 @@ Reviewed-by: Jan Beulich <jbeulich@suse.com> master commit: bc3c133841435829ba5c0a48427e2a77633502ab master date: 2023-03-24 12:16:31 +0000 --- - xen/include/asm-x86/nospec.h | 15 +++++++++++++-- + xen/arch/x86/include/asm/nospec.h | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) -diff --git a/xen/include/asm-x86/nospec.h b/xen/include/asm-x86/nospec.h +diff --git a/xen/arch/x86/include/asm/nospec.h b/xen/arch/x86/include/asm/nospec.h index 5312ae4c6f..7150e76b87 100644 ---- a/xen/include/asm-x86/nospec.h -+++ b/xen/include/asm-x86/nospec.h +--- a/xen/arch/x86/include/asm/nospec.h ++++ b/xen/arch/x86/include/asm/nospec.h @@ -10,15 +10,26 @@ static always_inline bool barrier_nospec_true(void) { diff --git a/0051-x86-shadow-Fix-build-with-no-PG_log_dirty.patch b/0079-x86-shadow-Fix-build-with-no-PG_log_dirty.patch index ef2a137..f7652a4 100644 --- a/0051-x86-shadow-Fix-build-with-no-PG_log_dirty.patch +++ b/0079-x86-shadow-Fix-build-with-no-PG_log_dirty.patch @@ -1,7 +1,7 @@ -From 7e1fe95c79d55a1c1a65f71a078b8e31c69ffe94 Mon Sep 17 00:00:00 2001 +From 11c8ef59b9024849c0fc224354904615d5579628 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 31 Mar 2023 08:39:49 +0200 -Subject: [PATCH 51/61] x86/shadow: Fix build with no PG_log_dirty +Date: Fri, 31 Mar 2023 08:32:11 +0200 +Subject: [PATCH 79/89] x86/shadow: Fix build with no PG_log_dirty Gitlab Randconfig found: @@ -22,14 +22,14 @@ Reviewed-by: Jan Beulich <jbeulich@suse.com> master commit: 6d14cb105b1c54ad7b4228d858ae85aa8a672bbd master date: 2023-03-24 12:16:31 +0000 --- - xen/include/asm-x86/paging.h | 8 ++++---- + xen/arch/x86/include/asm/paging.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h -index c6b429c691..43abaa5bd1 100644 ---- a/xen/include/asm-x86/paging.h -+++ b/xen/include/asm-x86/paging.h -@@ -154,6 +154,10 @@ struct paging_mode { +diff --git a/xen/arch/x86/include/asm/paging.h b/xen/arch/x86/include/asm/paging.h +index 635ccc83b1..6f7000d5f4 100644 +--- a/xen/arch/x86/include/asm/paging.h ++++ b/xen/arch/x86/include/asm/paging.h +@@ -152,6 +152,10 @@ struct paging_mode { /***************************************************************************** * Log dirty code */ @@ -40,7 +40,7 @@ index c6b429c691..43abaa5bd1 100644 #if PG_log_dirty /* get the dirty bitmap for a specific range of pfns */ -@@ -192,10 +196,6 @@ int paging_mfn_is_dirty(struct domain *d, mfn_t gmfn); +@@ -190,10 +194,6 @@ bool paging_mfn_is_dirty(const struct domain *d, mfn_t gmfn); #define L4_LOGDIRTY_IDX(pfn) ((pfn_x(pfn) >> (PAGE_SHIFT + 3 + PAGETABLE_ORDER * 2)) & \ (LOGDIRTY_NODE_ENTRIES-1)) diff --git a/0052-x86-vmx-Don-t-spuriously-crash-the-domain-when-INIT-.patch b/0080-x86-vmx-Don-t-spuriously-crash-the-domain-when-INIT-.patch index c408fbb..539401f 100644 --- a/0052-x86-vmx-Don-t-spuriously-crash-the-domain-when-INIT-.patch +++ b/0080-x86-vmx-Don-t-spuriously-crash-the-domain-when-INIT-.patch @@ -1,7 +1,7 @@ -From b1022b65de59828d40d9d71cc734a42c1c30c972 Mon Sep 17 00:00:00 2001 +From f6a3e93b3788aa009e9b86d9cb14c243b958daa9 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 31 Mar 2023 08:40:27 +0200 -Subject: [PATCH 52/61] x86/vmx: Don't spuriously crash the domain when INIT is +Date: Fri, 31 Mar 2023 08:32:57 +0200 +Subject: [PATCH 80/89] x86/vmx: Don't spuriously crash the domain when INIT is received In VMX operation, the handling of INIT IPIs is changed. Instead of the CPU @@ -32,10 +32,10 @@ master date: 2023-03-24 22:49:58 +0000 1 file changed, 4 insertions(+) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c -index c8a839cd5e..cebe46ef6a 100644 +index a8fb4365ad..64dbd50197 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c -@@ -4002,6 +4002,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) +@@ -4038,6 +4038,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs) case EXIT_REASON_MCE_DURING_VMENTRY: do_machine_check(regs); break; diff --git a/0053-x86-ucode-Fix-error-paths-control_thread_fn.patch b/0081-x86-ucode-Fix-error-paths-control_thread_fn.patch index 7bb2c27..765fa84 100644 --- a/0053-x86-ucode-Fix-error-paths-control_thread_fn.patch +++ b/0081-x86-ucode-Fix-error-paths-control_thread_fn.patch @@ -1,7 +1,7 @@ -From 0f81c5a2c8e0432d5af3d9f4e6398376cd514516 Mon Sep 17 00:00:00 2001 +From 7f55774489d2f12a23f2ac0f516b62e2709cea99 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Fri, 31 Mar 2023 08:40:56 +0200 -Subject: [PATCH 53/61] x86/ucode: Fix error paths control_thread_fn() +Date: Fri, 31 Mar 2023 08:33:28 +0200 +Subject: [PATCH 81/89] x86/ucode: Fix error paths control_thread_fn() These two early exits skipped re-enabling the watchdog, restoring the NMI callback, and clearing the nmi_patch global pointer. Always execute the tail @@ -18,10 +18,10 @@ master date: 2023-03-28 11:57:56 +0100 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/xen/arch/x86/cpu/microcode/core.c b/xen/arch/x86/cpu/microcode/core.c -index ee7df9a591..ad150e5963 100644 +index 2497630bbe..c760723e4f 100644 --- a/xen/arch/x86/cpu/microcode/core.c +++ b/xen/arch/x86/cpu/microcode/core.c -@@ -488,10 +488,7 @@ static int control_thread_fn(const struct microcode_patch *patch) +@@ -490,10 +490,7 @@ static int control_thread_fn(const struct microcode_patch *patch) ret = wait_for_condition(wait_cpu_callin, num_online_cpus(), MICROCODE_CALLIN_TIMEOUT_US); if ( ret ) @@ -32,8 +32,8 @@ index ee7df9a591..ad150e5963 100644 + goto out; /* Control thread loads ucode first while others are in NMI handler. */ - ret = microcode_ops->apply_microcode(patch); -@@ -503,8 +500,7 @@ static int control_thread_fn(const struct microcode_patch *patch) + ret = alternative_call(ucode_ops.apply_microcode, patch); +@@ -505,8 +502,7 @@ static int control_thread_fn(const struct microcode_patch *patch) { printk(XENLOG_ERR "Late loading aborted: CPU%u failed to update ucode\n", cpu); @@ -43,7 +43,7 @@ index ee7df9a591..ad150e5963 100644 } /* Let primary threads load the given ucode update */ -@@ -535,6 +531,7 @@ static int control_thread_fn(const struct microcode_patch *patch) +@@ -537,6 +533,7 @@ static int control_thread_fn(const struct microcode_patch *patch) } } diff --git a/0082-include-don-t-mention-stub-headers-more-than-once-in.patch b/0082-include-don-t-mention-stub-headers-more-than-once-in.patch new file mode 100644 index 0000000..cc0a914 --- /dev/null +++ b/0082-include-don-t-mention-stub-headers-more-than-once-in.patch @@ -0,0 +1,37 @@ +From 350693582427887387f21a6eeedaa0ac48aecc3f Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Fri, 31 Mar 2023 08:34:04 +0200 +Subject: [PATCH 82/89] include: don't mention stub headers more than once in a + make rule + +When !GRANT_TABLE and !PV_SHIM headers-n contains grant_table.h twice, +causing make to complain "target '...' given more than once in the same +rule" for the rule generating the stub headers. We don't need duplicate +entries in headers-n anywhere, so zap them (by using $(sort ...)) right +where the final value of the variable is constructed. + +Fixes: 6bec713f871f ("include/compat: produce stubs for headers not otherwise generated") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Anthony PERARD <anthony.perard@citrix.com> +master commit: 231ab79704cbb5b9be7700287c3b185225d34f1b +master date: 2023-03-28 14:20:16 +0200 +--- + xen/include/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/xen/include/Makefile b/xen/include/Makefile +index cfd7851614..e19f9464fd 100644 +--- a/xen/include/Makefile ++++ b/xen/include/Makefile +@@ -34,7 +34,7 @@ headers-$(CONFIG_TRACEBUFFER) += compat/trace.h + headers-$(CONFIG_XENOPROF) += compat/xenoprof.h + headers-$(CONFIG_XSM_FLASK) += compat/xsm/flask_op.h + +-headers-n := $(filter-out $(headers-y),$(headers-n) $(headers-)) ++headers-n := $(sort $(filter-out $(headers-y),$(headers-n) $(headers-))) + + cppflags-y := -include public/xen-compat.h -DXEN_GENERATING_COMPAT_HEADERS + cppflags-$(CONFIG_X86) += -m32 +-- +2.40.0 + diff --git a/0054-vpci-msix-handle-accesses-adjacent-to-the-MSI-X-tabl.patch b/0083-vpci-msix-handle-accesses-adjacent-to-the-MSI-X-tabl.patch index 4973ae7..8a1f412 100644 --- a/0054-vpci-msix-handle-accesses-adjacent-to-the-MSI-X-tabl.patch +++ b/0083-vpci-msix-handle-accesses-adjacent-to-the-MSI-X-tabl.patch @@ -1,7 +1,7 @@ -From d080287c2a8dce11baee1d7bbf9276757e8572e4 Mon Sep 17 00:00:00 2001 +From 85100ed78ca18f188b1ca495f132db7df705f1a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> -Date: Fri, 31 Mar 2023 08:41:27 +0200 -Subject: [PATCH 54/61] vpci/msix: handle accesses adjacent to the MSI-X table +Date: Fri, 31 Mar 2023 08:34:26 +0200 +Subject: [PATCH 83/89] vpci/msix: handle accesses adjacent to the MSI-X table MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -62,13 +62,13 @@ master date: 2023-03-28 14:20:35 +0200 master commit: 7a502b4fbc339e9d3d3d45fb37f09da06bc3081c master date: 2023-03-29 14:56:33 +0200 --- - xen/drivers/vpci/msix.c | 357 +++++++++++++++++++++++++++++----------- + xen/drivers/vpci/msix.c | 353 +++++++++++++++++++++++++++++----------- xen/drivers/vpci/vpci.c | 7 +- xen/include/xen/vpci.h | 8 +- - 3 files changed, 275 insertions(+), 97 deletions(-) + 3 files changed, 273 insertions(+), 95 deletions(-) diff --git a/xen/drivers/vpci/msix.c b/xen/drivers/vpci/msix.c -index ea5d73a02a..7e1bfb2f0a 100644 +index bea0cc7aed..cafddcf305 100644 --- a/xen/drivers/vpci/msix.c +++ b/xen/drivers/vpci/msix.c @@ -27,6 +27,11 @@ @@ -80,8 +80,8 @@ index ea5d73a02a..7e1bfb2f0a 100644 + PFN_DOWN(addr) <= PFN_DOWN(vmsix_table_addr(vpci, nr) + \ + vmsix_table_size(vpci, nr) - 1)) + - static uint32_t control_read(const struct pci_dev *pdev, unsigned int reg, - void *data) + static uint32_t cf_check control_read( + const struct pci_dev *pdev, unsigned int reg, void *data) { @@ -149,7 +154,7 @@ static struct vpci_msix *msix_find(const struct domain *d, unsigned long addr) @@ -179,7 +179,11 @@ index ea5d73a02a..7e1bfb2f0a 100644 + + return false; +} -+ + +- pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), +- vmsix_table_size(vpci, VPCI_MSIX_PBA)); +- if ( !pba ) +- return read_atomic(&msix->pba); +static int adjacent_read(const struct domain *d, const struct vpci_msix *msix, + unsigned long addr, unsigned int len, + unsigned long *data) @@ -205,11 +209,7 @@ index ea5d73a02a..7e1bfb2f0a 100644 + if ( unlikely(!IS_ALIGNED(addr, len)) ) + { + unsigned int i; - -- pba = ioremap(vmsix_table_addr(vpci, VPCI_MSIX_PBA), -- vmsix_table_size(vpci, VPCI_MSIX_PBA)); -- if ( !pba ) -- return read_atomic(&msix->pba); ++ + gprintk(XENLOG_DEBUG, "%pp: unaligned read to MSI-X related page\n", + &msix->pdev->sbdf); + @@ -280,8 +280,8 @@ index ea5d73a02a..7e1bfb2f0a 100644 + return X86EMUL_OKAY; } - static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, -@@ -227,47 +368,11 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, + static int cf_check msix_read( +@@ -227,47 +368,11 @@ static int cf_check msix_read( if ( !msix ) return X86EMUL_RETRY; @@ -332,12 +332,12 @@ index ea5d73a02a..7e1bfb2f0a 100644 spin_lock(&msix->pdev->vpci->lock); entry = get_entry(msix, addr); -@@ -303,57 +408,103 @@ static int msix_read(struct vcpu *v, unsigned long addr, unsigned int len, +@@ -303,56 +408,102 @@ static int cf_check msix_read( return X86EMUL_OKAY; } --static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, -- unsigned long data) +-static int cf_check msix_write( +- struct vcpu *v, unsigned long addr, unsigned int len, unsigned long data) +static int adjacent_write(const struct domain *d, const struct vpci_msix *msix, + unsigned long addr, unsigned int len, + unsigned long data) @@ -367,55 +367,48 @@ index ea5d73a02a..7e1bfb2f0a 100644 return X86EMUL_OKAY; - if ( VMSIX_ADDR_IN_RANGE(addr, msix->pdev->vpci, VPCI_MSIX_PBA) ) -- { -- /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ -- if ( is_hardware_domain(d) ) -- { -- struct vpci *vpci = msix->pdev->vpci; -- unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); -- const void __iomem *pba = get_pba(vpci); + slot = get_slot(vpci, addr); + if ( slot >= ARRAY_SIZE(msix->table) ) + return X86EMUL_OKAY; - -- if ( !pba ) -- { -- /* Unable to map the PBA, ignore write. */ -- gprintk(XENLOG_WARNING, -- "%pp: unable to map MSI-X PBA, write ignored\n", -- &msix->pdev->sbdf); -- return X86EMUL_OKAY; -- } ++ + if ( unlikely(!IS_ALIGNED(addr, len)) ) -+ { + { +- struct vpci *vpci = msix->pdev->vpci; +- unsigned int idx = addr - vmsix_table_addr(vpci, VPCI_MSIX_PBA); +- const void __iomem *pba = get_pba(vpci); + unsigned int i; -- switch ( len ) -- { -- case 4: -- writel(data, pba + idx); -- break; +- if ( !is_hardware_domain(d) ) +- /* Ignore writes to PBA for DomUs, it's behavior is undefined. */ +- return X86EMUL_OKAY; + gprintk(XENLOG_DEBUG, "%pp: unaligned write to MSI-X related page\n", + &msix->pdev->sbdf); -- case 8: -- writeq(data, pba + idx); -- break; +- if ( !pba ) + for ( i = 0; i < len; i++ ) -+ { + { +- /* Unable to map the PBA, ignore write. */ +- gprintk(XENLOG_WARNING, +- "%pp: unable to map MSI-X PBA, write ignored\n", +- &msix->pdev->sbdf); +- return X86EMUL_OKAY; + int rc = adjacent_write(d, msix, addr + i, 1, data >> (i * 8)); - -- default: -- ASSERT_UNREACHABLE(); -- break; -- } ++ + if ( rc != X86EMUL_OKAY ) + return rc; } - return X86EMUL_OKAY; - } +- switch ( len ) +- { +- case 4: +- writel(data, pba + idx); +- break; ++ return X86EMUL_OKAY; ++ } +- case 8: +- writeq(data, pba + idx); +- break; + spin_lock(&vpci->lock); + mem = get_table(vpci, slot); + if ( !mem ) @@ -426,13 +419,18 @@ index ea5d73a02a..7e1bfb2f0a 100644 + &msix->pdev->sbdf); + return X86EMUL_OKAY; + } -+ + +- default: +- ASSERT_UNREACHABLE(); +- break; +- } + switch ( len ) + { + case 1: + writeb(data, mem + PAGE_OFFSET(addr)); + break; -+ + +- return X86EMUL_OKAY; + case 2: + writew(data, mem + PAGE_OFFSET(addr)); + break; @@ -447,14 +445,14 @@ index ea5d73a02a..7e1bfb2f0a 100644 + + default: + ASSERT_UNREACHABLE(); -+ } + } + spin_unlock(&vpci->lock); + + return X86EMUL_OKAY; +} + -+static int msix_write(struct vcpu *v, unsigned long addr, unsigned int len, -+ unsigned long data) ++static int cf_check msix_write( ++ struct vcpu *v, unsigned long addr, unsigned int len, unsigned long data) +{ + const struct domain *d = v->domain; + struct vpci_msix *msix = msix_find(d, addr); @@ -469,10 +467,9 @@ index ea5d73a02a..7e1bfb2f0a 100644 + + if ( !access_allowed(msix->pdev, addr, len) ) + return X86EMUL_OKAY; -+ + spin_lock(&msix->pdev->vpci->lock); entry = get_entry(msix, addr); - offset = addr & (PCI_MSIX_ENTRY_SIZE - 1); @@ -482,6 +633,26 @@ int vpci_make_msix_hole(const struct pci_dev *pdev) } } @@ -501,10 +498,10 @@ index ea5d73a02a..7e1bfb2f0a 100644 } diff --git a/xen/drivers/vpci/vpci.c b/xen/drivers/vpci/vpci.c -index b9339f8f3e..60b5f45cd1 100644 +index 6d48d496bb..652807a4a4 100644 --- a/xen/drivers/vpci/vpci.c +++ b/xen/drivers/vpci/vpci.c -@@ -53,9 +53,12 @@ void vpci_remove_device(struct pci_dev *pdev) +@@ -54,9 +54,12 @@ void vpci_remove_device(struct pci_dev *pdev) spin_unlock(&pdev->vpci->lock); if ( pdev->vpci->msix ) { @@ -520,10 +517,10 @@ index b9339f8f3e..60b5f45cd1 100644 xfree(pdev->vpci->msix); xfree(pdev->vpci->msi); diff --git a/xen/include/xen/vpci.h b/xen/include/xen/vpci.h -index 755b4fd5c8..3326d9026e 100644 +index d8acfeba8a..0b8a2a3c74 100644 --- a/xen/include/xen/vpci.h +++ b/xen/include/xen/vpci.h -@@ -129,8 +129,12 @@ struct vpci { +@@ -133,8 +133,12 @@ struct vpci { bool enabled : 1; /* Masked? */ bool masked : 1; diff --git a/0055-ns16550-correct-name-value-pair-parsing-for-PCI-port.patch b/0084-ns16550-correct-name-value-pair-parsing-for-PCI-port.patch index 9c05f3a..6ab5c69 100644 --- a/0055-ns16550-correct-name-value-pair-parsing-for-PCI-port.patch +++ b/0084-ns16550-correct-name-value-pair-parsing-for-PCI-port.patch @@ -1,7 +1,7 @@ -From 06264af090ac69a95cdadbc261cc82d964dcb568 Mon Sep 17 00:00:00 2001 +From 7758cd57e002c5096b2296ede67c59fca68724d7 Mon Sep 17 00:00:00 2001 From: Jan Beulich <jbeulich@suse.com> -Date: Fri, 31 Mar 2023 08:42:02 +0200 -Subject: [PATCH 55/61] ns16550: correct name/value pair parsing for PCI +Date: Fri, 31 Mar 2023 08:35:15 +0200 +Subject: [PATCH 84/89] ns16550: correct name/value pair parsing for PCI port/bridge First of all these were inverted: "bridge=" caused the port coordinates @@ -19,10 +19,10 @@ master date: 2023-03-29 14:55:37 +0200 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c -index 5dd4d723f5..3651e0c0d4 100644 +index ce013fb6a5..97b3d8d269 100644 --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c -@@ -1536,13 +1536,6 @@ static bool __init parse_namevalue_pairs(char *str, struct ns16550 *uart) +@@ -1631,13 +1631,6 @@ static bool __init parse_namevalue_pairs(char *str, struct ns16550 *uart) break; #ifdef CONFIG_HAS_PCI @@ -36,7 +36,7 @@ index 5dd4d723f5..3651e0c0d4 100644 case device: if ( strncmp(param_value, "pci", 3) == 0 ) { -@@ -1557,9 +1550,16 @@ static bool __init parse_namevalue_pairs(char *str, struct ns16550 *uart) +@@ -1652,9 +1645,16 @@ static bool __init parse_namevalue_pairs(char *str, struct ns16550 *uart) break; case port_bdf: diff --git a/0057-CI-Drop-automation-configs.patch b/0085-CI-Drop-automation-configs.patch index d726468..bfed25a 100644 --- a/0057-CI-Drop-automation-configs.patch +++ b/0085-CI-Drop-automation-configs.patch @@ -1,7 +1,7 @@ -From 657dc5f5f6269008fd7484ca7cca723e21455483 Mon Sep 17 00:00:00 2001 +From 4c0d792675f0843c6dd52acdae38e5c0e112b09e Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> Date: Thu, 29 Dec 2022 15:39:13 +0000 -Subject: [PATCH 57/61] CI: Drop automation/configs/ +Subject: [PATCH 85/89] CI: Drop automation/configs/ Having 3 extra hypervisor builds on the end of a full build is deeply confusing to debug if one of them fails, because the .config file presented in @@ -54,10 +54,10 @@ index e9d8b4a7c7..0000000000 -# CONFIG_HVM is not set -# CONFIG_DEBUG is not set diff --git a/automation/scripts/build b/automation/scripts/build -index 281f8b1fcc..2c807fa397 100755 +index a593419063..5dafa72ba5 100755 --- a/automation/scripts/build +++ b/automation/scripts/build -@@ -73,24 +73,3 @@ if [[ "${XEN_TARGET_ARCH}" != "x86_32" ]]; then +@@ -85,24 +85,3 @@ if [[ "${XEN_TARGET_ARCH}" != "x86_32" ]]; then cp -r dist binaries/ fi fi @@ -79,8 +79,8 @@ index 281f8b1fcc..2c807fa397 100755 - echo "Building $cfg" - make -j$(nproc) -C xen clean - rm -f xen/.config -- make -C xen KBUILD_DEFCONFIG=../../../../${cfg_dir}/${cfg} XEN_CONFIG_EXPERT=y defconfig -- make -j$(nproc) -C xen XEN_CONFIG_EXPERT=y +- make -C xen KBUILD_DEFCONFIG=../../../../${cfg_dir}/${cfg} defconfig +- make -j$(nproc) -C xen -done -- 2.40.0 diff --git a/0058-automation-Switch-arm32-cross-builds-to-run-on-arm64.patch b/0086-automation-Switch-arm32-cross-builds-to-run-on-arm64.patch index 92d65ec..a200cab 100644 --- a/0058-automation-Switch-arm32-cross-builds-to-run-on-arm64.patch +++ b/0086-automation-Switch-arm32-cross-builds-to-run-on-arm64.patch @@ -1,7 +1,7 @@ -From 37800cf8ab7806e506b96a13cad0fb395d86663a Mon Sep 17 00:00:00 2001 +From e3b23da4a10fafdabce22e2eba225d9404fc646f Mon Sep 17 00:00:00 2001 From: Michal Orzel <michal.orzel@amd.com> Date: Tue, 14 Feb 2023 16:38:38 +0100 -Subject: [PATCH 58/61] automation: Switch arm32 cross builds to run on arm64 +Subject: [PATCH 86/89] automation: Switch arm32 cross builds to run on arm64 Due to the limited x86 CI resources slowing down the whole pipeline, switch the arm32 cross builds to be executed on arm64 which is much more @@ -42,7 +42,7 @@ index b41a57f197..11860425a6 100644 rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* - diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml -index 06a75a8c5a..f66fbca8a7 100644 +index bed161b471..b4caf159f9 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -123,7 +123,7 @@ @@ -54,7 +54,7 @@ index 06a75a8c5a..f66fbca8a7 100644 .arm32-cross-build: extends: .arm32-cross-build-tmpl -@@ -497,23 +497,23 @@ alpine-3.12-clang-debug: +@@ -505,23 +505,23 @@ alpine-3.12-clang-debug: debian-unstable-gcc-arm32: extends: .gcc-arm32-cross-build variables: diff --git a/0059-automation-Remove-CentOS-7.2-containers-and-builds.patch b/0087-automation-Remove-CentOS-7.2-containers-and-builds.patch index 8d58eea..b5d629d 100644 --- a/0059-automation-Remove-CentOS-7.2-containers-and-builds.patch +++ b/0087-automation-Remove-CentOS-7.2-containers-and-builds.patch @@ -1,7 +1,7 @@ -From a4d901580b2ab3133bca13159b790914c217b0e2 Mon Sep 17 00:00:00 2001 +From 8c414bab3092bb68ab4eaaba39b61e3804c45f0a Mon Sep 17 00:00:00 2001 From: Anthony PERARD <anthony.perard@citrix.com> Date: Tue, 21 Feb 2023 16:55:36 +0000 -Subject: [PATCH 59/61] automation: Remove CentOS 7.2 containers and builds +Subject: [PATCH 87/89] automation: Remove CentOS 7.2 containers and builds We already have a container which track the latest CentOS 7, no need for this one as well. @@ -120,7 +120,7 @@ index 4da27faeb5..0000000000 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 - diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml -index f66fbca8a7..bc1a732069 100644 +index b4caf159f9..ff6df1cfc2 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -184,16 +184,6 @@ archlinux-gcc-debug: diff --git a/0060-automation-Remove-non-debug-x86_32-build-jobs.patch b/0088-automation-Remove-non-debug-x86_32-build-jobs.patch index c5516be..d16014e 100644 --- a/0060-automation-Remove-non-debug-x86_32-build-jobs.patch +++ b/0088-automation-Remove-non-debug-x86_32-build-jobs.patch @@ -1,7 +1,7 @@ -From 27974fde92850419e385ad0355997c54d78046f2 Mon Sep 17 00:00:00 2001 +From 435a1e5e8fd6fbd52cc16570dcff5982bdbec351 Mon Sep 17 00:00:00 2001 From: Anthony PERARD <anthony.perard@citrix.com> Date: Fri, 24 Feb 2023 17:29:15 +0000 -Subject: [PATCH 60/61] automation: Remove non-debug x86_32 build jobs +Subject: [PATCH 88/89] automation: Remove non-debug x86_32 build jobs In the interest of having less jobs, we remove the x86_32 build jobs that do release build. Debug build is very likely to be enough to find @@ -15,7 +15,7 @@ Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> 1 file changed, 20 deletions(-) diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml -index bc1a732069..4b51ad9e34 100644 +index ff6df1cfc2..eea517aa0a 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -264,21 +264,11 @@ debian-stretch-gcc-debug: @@ -40,7 +40,7 @@ index bc1a732069..4b51ad9e34 100644 debian-stretch-32-gcc-debug: extends: .gcc-x86-32-build-debug variables: -@@ -316,21 +306,11 @@ debian-unstable-gcc-debug-randconfig: +@@ -324,21 +314,11 @@ debian-unstable-gcc-debug-randconfig: CONTAINER: debian:unstable RANDCONFIG: y diff --git a/0061-CI-Remove-llvm-8-from-the-Debian-Stretch-container.patch b/0089-CI-Remove-llvm-8-from-the-Debian-Stretch-container.patch index 9170382..c0294ec 100644 --- a/0061-CI-Remove-llvm-8-from-the-Debian-Stretch-container.patch +++ b/0089-CI-Remove-llvm-8-from-the-Debian-Stretch-container.patch @@ -1,7 +1,7 @@ -From 31627a059c2e186f4ad12d171d964b09abe8a4a9 Mon Sep 17 00:00:00 2001 +From e4a5fb9227889bec99ab212b839680f4d5b51e60 Mon Sep 17 00:00:00 2001 From: Andrew Cooper <andrew.cooper3@citrix.com> Date: Fri, 24 Mar 2023 17:59:56 +0000 -Subject: [PATCH 61/61] CI: Remove llvm-8 from the Debian Stretch container +Subject: [PATCH 89/89] CI: Remove llvm-8 from the Debian Stretch container For similar reasons to c/s a6b1e2b80fe20. While this container is still build-able for now, all the other problems with explicitly-versioned compilers @@ -47,7 +47,7 @@ index da6aa874dd..9861acbcc3 100644 - apt-get clean && \ - rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml -index 4b51ad9e34..fd8034b429 100644 +index eea517aa0a..802449cb96 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -27,13 +27,6 @@ @@ -1,6 +1,6 @@ -Xen upstream patchset #0 for 4.16.4-pre +Xen upstream patchset #0 for 4.17.1-pre Containing patches from -RELEASE-4.16.3 (08c42cec2f3dbb8d1df62c2ad4945d127b418fd6) +RELEASE-4.17.0 (5556ac9bf224ed6b977f214653b234de45dcdfbf) to -staging-4.16 (4ad5975d4e35635f03d2cb9e86292c0daeabd75f) +staging-4.17 (e4a5fb9227889bec99ab212b839680f4d5b51e60) |