diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/Config.mk xen-4.1.3/Config.mk --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/Config.mk 2012-06-14 12:39:57.000000000 +0200 +++ xen-4.1.3/Config.mk 2012-08-09 22:08:04.000000000 +0200 @@ -179,7 +179,7 @@ # CONFIG_QEMU ?= `pwd`/$(XEN_ROOT)/../qemu-xen.git CONFIG_QEMU ?= $(QEMU_REMOTE) -QEMU_TAG ?= xen-4.1.3-rc1 +QEMU_TAG ?= xen-4.1.3 # Mon Apr 2 17:55:05 2012 +0100 # qemu-xen-traditional: QDISK fixes diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/bin/gencontrol.py xen-4.1.3/debian/bin/gencontrol.py --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/bin/gencontrol.py 2012-07-01 23:09:34.000000000 +0200 +++ xen-4.1.3/debian/bin/gencontrol.py 2012-07-27 12:53:03.000000000 +0200 @@ -76,14 +76,16 @@ def do_flavour_packages(self, packages, makefile, arch, featureset, flavour, vars, makeflags, extra): hypervisor = self.templates["control.hypervisor"] + system_latest = self.templates["control.system.latest"] if not vars.has_key('desc'): vars['desc'] = '' packages_own = [] packages_own.extend(self.process_packages(hypervisor, vars)) + packages_dummy = self.process_packages(system_latest, vars) - for package in packages_own: + for package in packages_own + packages_dummy: name = package['Package'] package.setdefault('Architecture', PackageArchitecture()).add(arch) if name in packages: @@ -104,6 +106,9 @@ cmds_binary_arch = ["$(MAKE) -f debian/rules.real binary-arch-flavour %s" % makeflags] cmds_build = ["$(MAKE) -f debian/rules.real build-flavour %s" % makeflags] cmds_setup = ["$(MAKE) -f debian/rules.real setup-flavour %s" % makeflags] + + cmds_binary_arch += ["$(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='%s' %s" % (u' '.join([u"-p%s" % i['Package'] for i in packages_dummy]), makeflags)] + makefile.add("binary-arch_%s_%s_%s" % (arch, featureset, flavour), cmds = cmds_binary_arch) makefile.add("build-arch_%s_%s_%s" % (arch, featureset, flavour), cmds = cmds_build) makefile.add("setup_%s_%s_%s" % (arch, featureset, flavour), cmds = cmds_setup) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/changelog xen-4.1.3/debian/changelog --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/changelog 2012-07-03 15:08:53.000000000 +0200 +++ xen-4.1.3/debian/changelog 2012-09-28 11:56:53.000000000 +0200 @@ -1,3 +1,83 @@ +xen (4.1.3-3ubuntu1) unstable; urgency=low + + * Merge from Debian unstable. Remaining changes: + - libxenstore3.0: Conflict and replaces libxen3. + - libxen-dev: Conflict and replaces libxen3-dev. + - xenstore-utils: Conflict and replaces libxen3. + - xen-utils-4.1: Conflict and replaces libxen3, python-xen-3.3, + and xen-utils-4.1. + - Change depend back to ipxe as we do not have ipxe-qemu. + - etherboot: Change the config back to include the 8086100e.rom + - Dropped: + - Make sure the LDFLAGS value passed is suitable for use by ld + rather than gcc. Right now there seem to be no LDFLAGS passed. + * Backported AMD specific improvements from upstream Xen (LP: #1009098): + - svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware + - x86: Use deep C states for off-lined CPUs + - x86/AMD: Add support for AMD's OSVW feature in guests. + - hvm: vpmu: Enable HVM VPMU for AMD Family 12h and 14h processors + + -- Stefan Bader Thu, 27 Sep 2012 21:27:44 +0200 + +xen (4.1.3-3) unstable; urgency=low + + * Xen domain init script: + - Make sure Open vSwitch is started before any domain. + - Properly handle and show output of failed migration and save. + - Ask all domains to shut down before checking them. + + -- Bastian Blank Tue, 18 Sep 2012 13:26:32 +0200 + +xen (4.1.3-2) unstable; urgency=medium + + * Don't allow writing reserved bits in debug register. + CVE-2012-3494 + * Fix error handling in interrupt assignment. + CVE-2012-3495 + * Don't trigger bug messages on invalid flags. + CVE-2012-3496 + * Check array bounds in interrupt assignment. + CVE-2012-3498 + * Properly check bounds while setting the cursor in qemu. + CVE-2012-3515 + * Disable monitor in qemu by default. + CVE-2012-4411 + + -- Bastian Blank Fri, 07 Sep 2012 19:41:46 +0200 + +xen (4.1.3-1) unstable; urgency=medium + + * New upstream release: (closes: #683286) + - Don't leave the x86 emulation in a bad state. (closes: #683279) + CVE-2012-3432 + - Only check for shared pages while any exist on teardown. + CVE-2012-3433 + - Fix error handling for unexpected conditions. + - Update CPUID masking to latest Intel spec. + - Allow large ACPI ids. + - Fix IOMMU support for PCI-to-PCIe bridges. + - Disallow access to some sensitive IO-ports. + - Fix wrong address in IOTLB. + - Fix deadlock on CPUs without working cpufreq driver. + - Use uncached disk access in qemu. + - Fix buffer size on emulated e1000 device in qemu. + * Fixup broken and remove applied patches. + + -- Bastian Blank Fri, 17 Aug 2012 11:25:02 +0200 + +xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-5) unstable; urgency=low + + [ Ian Campbell ] + * Set tap device MAC addresses to fe:ff:ff:ff:ff:ff (Closes: #671018) + * Only run xendomains initscript if toolstack is xl or xm (Closes: #680528) + + [ Bastian Blank ] + * Actually build-depend on new enough version of dpkg-dev. + * Add xen-sytem-* meta-packages. We are finally in a position to do + automatic upgrades and this package is missing. (closes: #681376) + + -- Bastian Blank Sat, 28 Jul 2012 10:23:26 +0200 + xen (4.1.3~rc1+hg-20120614.a9c0a89c08f2-4ubuntu1) quantal; urgency=low [ Ubuntu Merge-o-Matic ] diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/control xen-4.1.3/debian/control --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/control 2012-07-03 14:52:14.000000000 +0200 +++ xen-4.1.3/debian/control 2012-09-27 21:26:22.000000000 +0200 @@ -1,11 +1,11 @@ Source: xen Section: kernel Priority: optional -Maintainer: Ubuntu Developers +Maintainer: Debian Xen Team XSBC-Original-Maintainer: Debian Xen Team Uploaders: Guido Trotter , Bastian Blank Standards-Version: 3.9.2 -Build-Depends: debhelper (>> 7), dpkg (>= 1.16.0~), lsb-release, python-dev, bcc, gcc-multilib, e2fslibs-dev, iasl, ipxe, libaio-dev, libgnutls-dev, liblzma-dev, libncurses5-dev, libpci-dev, pkg-config, uuid-dev, zlib1g-dev, ocaml-nox, dh-ocaml, ocaml-findlib +Build-Depends: debhelper (>> 7), dpkg-dev (>= 1.16.0~), lsb-release, python-dev, bcc, gcc-multilib, e2fslibs-dev, iasl, ipxe, libaio-dev, libgnutls-dev, liblzma-dev, libncurses5-dev, libpci-dev, pkg-config, uuid-dev, zlib1g-dev, ocaml-nox, dh-ocaml, ocaml-findlib Build-Depends-Indep: graphviz, ghostscript, texlive-fonts-recommended, texlive-font-utils, texlive-latex-recommended XS-Python-Version: current @@ -105,6 +105,14 @@ kernel specifically crafted to work as the Domain 0, mediating hardware access for XEN itself. +Package: xen-system-amd64 +Architecture: amd64 i386 +Provides: xen-system +Depends: xen-hypervisor-4.1-amd64, xen-utils-4.1, ${misc:Depends} +Description: Xen System on AMD64 (meta-package) + This package depends on the latest Xen hypervisor for use on AMD64 and the + Xen utils. + Package: xen-hypervisor-4.1-i386 Architecture: i386 Provides: xen-hypervisor, xen-hypervisor-4.1, xen-hypervisor-i386 @@ -120,3 +128,11 @@ kernel specifically crafted to work as the Domain 0, mediating hardware access for XEN itself. +Package: xen-system-i386 +Architecture: i386 +Provides: xen-system +Depends: xen-hypervisor-4.1-i386, xen-utils-4.1, ${misc:Depends} +Description: Xen System on i386 (meta-package) + This package depends on the latest Xen hypervisor for use on i386 and the + Xen utils. + diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/control.md5sum xen-4.1.3/debian/control.md5sum --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/control.md5sum 2012-07-01 23:09:34.000000000 +0200 +++ xen-4.1.3/debian/control.md5sum 2012-09-18 13:27:30.000000000 +0200 @@ -1,8 +1,9 @@ -18fa047b4d4e21645068ebb4bdf50f45 debian/changelog -939f5898d8c54a0d54cdcdce5c1250c9 debian/bin/gencontrol.py +c4c1005a462962efcd35e57fb8573d03 debian/changelog +2cfc80dad0da6ef5789993726da25549 debian/bin/gencontrol.py 667edd28bcda9cd243bb69c78e452aad debian/templates/control.hypervisor.in 4106f2621fc4dad25c0d6569b51cbce3 debian/templates/control.main.in -54f481ebf0b92d37c923a769238ec8a0 debian/templates/control.source.in +e002d8023a39cc8beb8d345b8c99f695 debian/templates/control.source.in +fe9f3e8a9c9b716f7b4c5b7d7aec3128 debian/templates/control.system.latest.in d8a4fc67d96fd893d002d956dcf8c220 debian/templates/control.utils.in a15fa64ce6deead28d33c1581b14dba7 debian/templates/xen-hypervisor.postinst.in 22492e0565a4754b5e008ca7cac871da debian/templates/xen-hypervisor.postrm.in diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3494 xen-4.1.3/debian/patches/CVE-2012-3494 --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3494 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/CVE-2012-3494 2012-09-07 18:05:34.000000000 +0200 @@ -0,0 +1,27 @@ +# HG changeset patch +# User Ian Jackson +# Date 1346844474 -3600 +# Node ID bcc3402927311c64cc04e59d3680680b09459da6 +# Parent d28a9ba889c02f835df05bc007c2b4828d86cff2 +xen: prevent a 64 bit guest setting reserved bits in DR7 + +The upper 32 bits of this register are reserved and should be written as +zero. + +This is XSA-12 / CVE-2012-3494 + +Signed-off-by: Jan Beulich +Reviewed-by: Ian Campbell + +diff -r d28a9ba889c0 -r bcc340292731 xen/include/asm-x86/debugreg.h +--- a/xen/include/asm-x86/debugreg.h Tue Sep 04 14:56:48 2012 +0200 ++++ b/xen/include/asm-x86/debugreg.h Wed Sep 05 12:27:54 2012 +0100 +@@ -58,7 +58,7 @@ + We can slow the instruction pipeline for instructions coming via the + gdt or the ldt if we want to. I am not sure why this is an advantage */ + +-#define DR_CONTROL_RESERVED_ZERO (0x0000d800ul) /* Reserved, read as zero */ ++#define DR_CONTROL_RESERVED_ZERO (~0xffff27fful) /* Reserved, read as zero */ + #define DR_CONTROL_RESERVED_ONE (0x00000400ul) /* Reserved, read as one */ + #define DR_LOCAL_EXACT_ENABLE (0x00000100ul) /* Local exact enable */ + #define DR_GLOBAL_EXACT_ENABLE (0x00000200ul) /* Global exact enable */ diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3495 xen-4.1.3/debian/patches/CVE-2012-3495 --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3495 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/CVE-2012-3495 2012-09-07 18:05:34.000000000 +0200 @@ -0,0 +1,35 @@ +# HG changeset patch +# User Ian Jackson +# Date 1346844497 -3600 +# Node ID 6779ddca8593b766ccabcfec294ba10f17e68484 +# Parent bcc3402927311c64cc04e59d3680680b09459da6 +xen: handle out-of-pirq condition correctly in PHYSDEVOP_get_free_pirq + +This is XSA-13 / CVE-2012-3495 + +Signed-off-by: Ian Campbell +Signed-off-by: Jan Beulich + +diff -r bcc340292731 -r 6779ddca8593 xen/arch/x86/physdev.c +--- a/xen/arch/x86/physdev.c Wed Sep 05 12:27:54 2012 +0100 ++++ b/xen/arch/x86/physdev.c Wed Sep 05 12:28:17 2012 +0100 +@@ -587,11 +587,16 @@ + break; + + spin_lock(&d->event_lock); +- out.pirq = get_free_pirq(d, out.type, 0); +- d->arch.pirq_irq[out.pirq] = PIRQ_ALLOCATED; ++ ret = get_free_pirq(d, out.type, 0); ++ if ( ret >= 0 ) ++ d->arch.pirq_irq[ret] = PIRQ_ALLOCATED; + spin_unlock(&d->event_lock); + +- ret = copy_to_guest(arg, &out, 1) ? -EFAULT : 0; ++ if ( ret >= 0 ) ++ { ++ out.pirq = ret; ++ ret = copy_to_guest(arg, &out, 1) ? -EFAULT : 0; ++ } + + rcu_unlock_domain(d); + break; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3496 xen-4.1.3/debian/patches/CVE-2012-3496 --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3496 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/CVE-2012-3496 2012-09-07 18:05:34.000000000 +0200 @@ -0,0 +1,26 @@ +# HG changeset patch +# User Ian Jackson +# Date 1346844545 -3600 +# Node ID 8ebda5388e4e83a69c73bdd7621e76e1de4fc995 +# Parent 6779ddca8593b766ccabcfec294ba10f17e68484 +xen: Don't BUG_ON() PoD operations on a non-translated guest. + +This is XSA-14 / CVE-2012-3496 + +Signed-off-by: Tim Deegan +Reviewed-by: Ian Campbell +Tested-by: Ian Campbell + +diff -r 6779ddca8593 -r 8ebda5388e4e xen/arch/x86/mm/p2m.c +--- a/xen/arch/x86/mm/p2m.c Wed Sep 05 12:28:17 2012 +0100 ++++ b/xen/arch/x86/mm/p2m.c Wed Sep 05 12:29:05 2012 +0100 +@@ -2414,7 +2414,8 @@ + int pod_count = 0; + int rc = 0; + +- BUG_ON(!paging_mode_translate(d)); ++ if ( !paging_mode_translate(d) ) ++ return -EINVAL; + + rc = gfn_check_limit(d, gfn, order); + if ( rc != 0 ) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3498 xen-4.1.3/debian/patches/CVE-2012-3498 --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3498 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/CVE-2012-3498 2012-09-07 18:05:34.000000000 +0200 @@ -0,0 +1,36 @@ +# HG changeset patch +# User Ian Jackson +# Date 1346844596 -3600 +# Node ID 936f63ee4dadb832222c029e958ae7c7564ec0e8 +# Parent 8ebda5388e4e83a69c73bdd7621e76e1de4fc995 +x86/pvhvm: properly range-check PHYSDEVOP_map_pirq/MAP_PIRQ_TYPE_GSI + +This is being used as a array index, and hence must be validated before +use. + +This is XSA-16 / CVE-2012-3498. + +Signed-off-by: Jan Beulich + +diff -r 8ebda5388e4e -r 936f63ee4dad xen/arch/x86/physdev.c +--- a/xen/arch/x86/physdev.c Wed Sep 05 12:29:05 2012 +0100 ++++ b/xen/arch/x86/physdev.c Wed Sep 05 12:29:56 2012 +0100 +@@ -40,11 +40,18 @@ + struct hvm_girq_dpci_mapping *girq; + uint32_t machine_gsi = 0; + ++ if ( map->index < 0 || map->index >= NR_HVM_IRQS ) ++ { ++ ret = -EINVAL; ++ break; ++ } ++ + /* find the machine gsi corresponding to the + * emulated gsi */ + hvm_irq_dpci = domain_get_irq_dpci(d); + if ( hvm_irq_dpci ) + { ++ BUILD_BUG_ON(ARRAY_SIZE(hvm_irq_dpci->girq) < NR_HVM_IRQS); + list_for_each_entry ( girq, + &hvm_irq_dpci->girq[map->index], + list ) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3515 xen-4.1.3/debian/patches/CVE-2012-3515 --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-3515 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/CVE-2012-3515 2012-09-07 18:05:34.000000000 +0200 @@ -0,0 +1,118 @@ +commit 3220480734832a148d26f7a81f90af61c2ecfdd9 +Author: Ian Campbell +Date: Wed Sep 5 12:31:40 2012 +0100 + + console: bounds check whenever changing the cursor due to an escape code + + This is XSA-17 / CVE-2012-3515 + + Signed-off-by: Ian Campbell + (cherry picked from commit a56ae4b5069c7b23ee657b15f08443a9b14a8e7b) + +diff --git a/console.c b/console.c +index 5e6e3d0..9984d6f 100644 +--- a/qemu/console.c ++++ b/qemu/console.c +@@ -794,6 +794,26 @@ static void console_clear_xy(TextConsole *s, int x, int y) + update_xy(s, x, y); + } + ++/* set cursor, checking bounds */ ++static void set_cursor(TextConsole *s, int x, int y) ++{ ++ if (x < 0) { ++ x = 0; ++ } ++ if (y < 0) { ++ y = 0; ++ } ++ if (y >= s->height) { ++ y = s->height - 1; ++ } ++ if (x >= s->width) { ++ x = s->width - 1; ++ } ++ ++ s->x = x; ++ s->y = y; ++} ++ + static void console_putchar(TextConsole *s, int ch) + { + TextCell *c; +@@ -869,7 +889,8 @@ static void console_putchar(TextConsole *s, int ch) + s->esc_params[s->nb_esc_params] * 10 + ch - '0'; + } + } else { +- s->nb_esc_params++; ++ if (s->nb_esc_params < MAX_ESC_PARAMS) ++ s->nb_esc_params++; + if (ch == ';') + break; + #ifdef DEBUG_CONSOLE +@@ -883,59 +904,37 @@ static void console_putchar(TextConsole *s, int ch) + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->y -= s->esc_params[0]; +- if (s->y < 0) { +- s->y = 0; +- } ++ set_cursor(s, s->x, s->y - s->esc_params[0]); + break; + case 'B': + /* move cursor down */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->y += s->esc_params[0]; +- if (s->y >= s->height) { +- s->y = s->height - 1; +- } ++ set_cursor(s, s->x, s->y + s->esc_params[0]); + break; + case 'C': + /* move cursor right */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->x += s->esc_params[0]; +- if (s->x >= s->width) { +- s->x = s->width - 1; +- } ++ set_cursor(s, s->x + s->esc_params[0], s->y); + break; + case 'D': + /* move cursor left */ + if (s->esc_params[0] == 0) { + s->esc_params[0] = 1; + } +- s->x -= s->esc_params[0]; +- if (s->x < 0) { +- s->x = 0; +- } ++ set_cursor(s, s->x - s->esc_params[0], s->y); + break; + case 'G': + /* move cursor to column */ +- s->x = s->esc_params[0] - 1; +- if (s->x < 0) { +- s->x = 0; +- } ++ set_cursor(s, s->esc_params[0] - 1, s->y); + break; + case 'f': + case 'H': + /* move cursor to row, column */ +- s->x = s->esc_params[1] - 1; +- if (s->x < 0) { +- s->x = 0; +- } +- s->y = s->esc_params[0] - 1; +- if (s->y < 0) { +- s->y = 0; +- } ++ set_cursor(s, s->esc_params[1] - 1, s->esc_params[0] - 1); + break; + case 'J': + switch (s->esc_params[0]) { diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-4411 xen-4.1.3/debian/patches/CVE-2012-4411 --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/CVE-2012-4411 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/CVE-2012-4411 2012-09-07 19:38:58.000000000 +0200 @@ -0,0 +1,31 @@ +commit d7d453f51459b591faa96d1c123b5bfff7c5b6b6 +Author: Ian Jackson +Date: Thu Sep 6 17:05:30 2012 +0100 + + Disable qemu monitor by default. The qemu monitor is an overly + powerful feature which must be protected from untrusted (guest) + administrators. + + Neither xl nor xend expect qemu to produce this monitor unless it is + explicitly requested. + + This is a security problem, XSA-19. Previously it was CVE-2007-0998 + in Red Hat but we haven't dealt with it in upstream. We hope to have + a new CVE for it here but we don't have one yet. + + Signed-off-by: Ian Jackson + (cherry picked from commit bacc0d302445c75f18f4c826750fb5853b60e7ca) + +diff --git a/vl.c b/vl.c +index f07a659..686a9bd 100644 +--- a/qemu/vl.c ++++ b/qemu/vl.c +@@ -4910,7 +4910,7 @@ int main(int argc, char **argv, char **envp) + kernel_cmdline = ""; + cyls = heads = secs = 0; + translation = BIOS_ATA_TRANSLATION_AUTO; +- monitor_device = "vc:80Cx24C"; ++ monitor_device = "null"; + + serial_devices[0] = "vc:80Cx24C"; + for(i = 1; i < MAX_SERIAL_PORTS; i++) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/series xen-4.1.3/debian/patches/series --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/series 2012-07-01 23:09:34.000000000 +0200 +++ xen-4.1.3/debian/patches/series 2012-09-28 11:52:26.000000000 +0200 @@ -2,9 +2,15 @@ upstream-23937:5173834e8476 upstream-23938:fa04fbd56521-rework upstream-23939:51288f69523f-rework -upstream-23940:187d59e32a58 upstream-25290:7a6dcecb1781-rework +CVE-2012-3494 +CVE-2012-3495 +CVE-2012-3496 +CVE-2012-3498 +CVE-2012-3515 +CVE-2012-4411 + xen-x86-interrupt-pointer-missmatch.diff version.patch @@ -69,3 +75,7 @@ tools-ocaml-fix-build.diff tools-xenstore-compatibility.diff tools-firmware-etherboot-fix-e1000.patch +xen-amd01-ed9c557f8a35.patch +xen-amd03-50a70b652b43.patch +xen-amd04-eae25241d571.patch +xen-amd10-23e33ea79cac.patch diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/tools-pygrub-remove-static-solaris-support.patch xen-4.1.3/debian/patches/tools-pygrub-remove-static-solaris-support.patch --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/tools-pygrub-remove-static-solaris-support.patch 2012-07-01 23:09:34.000000000 +0200 +++ xen-4.1.3/debian/patches/tools-pygrub-remove-static-solaris-support.patch 2012-08-06 17:39:30.000000000 +0200 @@ -8,7 +8,7 @@ import curses, _curses, curses.wrapper, curses.textpad, curses.ascii import getopt -@@ -585,48 +584,6 @@ +@@ -595,51 +594,6 @@ return grubcfg @@ -23,7 +23,8 @@ -# If nothing has been specified, look for a Solaris domU. If found, perform the -# necessary tweaks. -def sniff_solaris(fs, cfg): -- if not fs.file_exists("/platform/i86xpv/kernel/unix"): +- if not fs.file_exists("/platform/i86xpv/kernel/unix") and \ +- not fs.file_exists("/platform/i86xpv/kernel/amd64/unix"): - return cfg - - if not cfg["kernel"]: @@ -31,9 +32,11 @@ - fs.file_exists("/platform/i86xpv/kernel/amd64/unix"): - cfg["kernel"] = "/platform/i86xpv/kernel/amd64/unix" - cfg["ramdisk"] = "/platform/i86pc/amd64/boot_archive" -- else: +- elif fs.file_exists("/platform/i86xpv/kernel/unix"): - cfg["kernel"] = "/platform/i86xpv/kernel/unix" - cfg["ramdisk"] = "/platform/i86pc/boot_archive" +- else: +- return cfg - - # Unpleasant. Typically we'll have 'root=foo -k' or 'root=foo /kernel -k', - # and we need to maintain Xen properties (root= and ip=) and the kernel @@ -57,7 +60,7 @@ def sniff_netware(fs, cfg): if not fs.file_exists("/nwserver/xnloader.sys"): return cfg -@@ -751,10 +708,7 @@ +@@ -764,10 +718,7 @@ try: fs = fsimage.open(file, offset, bootfsoptions) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/upstream-23936:cdb34816a40a-rework xen-4.1.3/debian/patches/upstream-23936:cdb34816a40a-rework --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/upstream-23936:cdb34816a40a-rework 2012-07-01 23:09:34.000000000 +0200 +++ xen-4.1.3/debian/patches/upstream-23936:cdb34816a40a-rework 2012-08-16 22:34:51.000000000 +0200 @@ -2430,7 +2430,7 @@ - - for (i=0; i -# Date 1318261276 -3600 -# Node ID 187d59e32a586d65697ed46bef106b52e3fb5ab9 -# Parent 51288f69523fcbbefa12cea5a761a6e957410151 -tools/ocaml: Fix 2 bit-twiddling bugs and an off-by-one - -The bit bugs are in ocaml vcpu affinity calls, and the off-by-one -error is in the ocaml console ring code - -Signed-off-by: Zheng Li -Acked-by: Ian Campbell -Committed-by: Ian Jackson -Acked-by: Jon Ludlam - -diff -r 51288f69523f -r 187d59e32a58 tools/ocaml/libs/xc/xenctrl_stubs.c ---- a/tools/ocaml/libs/xc/xenctrl_stubs.c Mon Oct 10 16:41:16 2011 +0100 -+++ b/tools/ocaml/libs/xc/xenctrl_stubs.c Mon Oct 10 16:41:16 2011 +0100 -@@ -430,7 +430,7 @@ - - for (i=0; i +# Date 1335358394 -3600 +# Node ID ed9c557f8a35a6deb7e6df0679f24a2121fd1172 +# Parent 7ba11d9b1d23633b5c42fadddad17b6dcb686141 +svm: Do not intercept RDTSC(P) when TSC scaling is supported by hardware + +When running in TSC_MODE_ALWAYS_EMULATE mode on processors that +support TSC scaling we don't need to intercept RDTSC/RDTSCP +instructions. + +Signed-off-by: Boris Ostrovsky +Acked-by: Wei Huang +Tested-by: Wei Huang +Committed-by: Keir Fraser + +Index: xen-4.1.3/xen/arch/x86/hvm/svm/svm.c +=================================================================== +--- xen-4.1.3.orig/xen/arch/x86/hvm/svm/svm.c 2012-08-09 22:08:08.000000000 +0200 ++++ xen-4.1.3/xen/arch/x86/hvm/svm/svm.c 2012-09-28 10:54:24.901786306 +0200 +@@ -611,12 +611,19 @@ static void svm_set_rdtsc_exiting(struct + { + struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; + u32 general1_intercepts = vmcb_get_general1_intercepts(vmcb); ++ u32 general2_intercepts = vmcb_get_general2_intercepts(vmcb); + + general1_intercepts &= ~GENERAL1_INTERCEPT_RDTSC; +- if ( enable ) ++ general2_intercepts &= ~GENERAL2_INTERCEPT_RDTSCP; ++ ++ if ( enable && !cpu_has_tsc_ratio ) ++ { + general1_intercepts |= GENERAL1_INTERCEPT_RDTSC; ++ general2_intercepts |= GENERAL2_INTERCEPT_RDTSCP; ++ } + + vmcb_set_general1_intercepts(vmcb, general1_intercepts); ++ vmcb_set_general2_intercepts(vmcb, general2_intercepts); + } + + static unsigned int svm_get_insn_bytes(struct vcpu *v, uint8_t *buf) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/xen-amd03-50a70b652b43.patch xen-4.1.3/debian/patches/xen-amd03-50a70b652b43.patch --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/xen-amd03-50a70b652b43.patch 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/xen-amd03-50a70b652b43.patch 2012-09-28 11:11:15.000000000 +0200 @@ -0,0 +1,51 @@ + +# HG changeset patch +# User Boris Ostrovsky +# Date 1331105430 0 +# Node ID 50a70b652b43aacbf923007ba8f645c5024ab698 +# Parent 031e696b03d75320dab652a9ec50ef2d91b5a5d0 +x86: Use deep C states for off-lined CPUs + +Currently when a core is taken off-line it is placed in C1 state +(unless MONITOR/MWAIT is used). This patch allows a core to go to +deeper C states resulting in significantly higher power savings. + +Signed-off-by: Boris Ostrovsky +Committed-by: Keir Fraser + +Index: xen-4.1.3/xen/arch/x86/acpi/cpu_idle.c +=================================================================== +--- xen-4.1.3.orig/xen/arch/x86/acpi/cpu_idle.c 2012-08-09 22:08:08.000000000 +0200 ++++ xen-4.1.3/xen/arch/x86/acpi/cpu_idle.c 2012-09-28 11:11:10.782703813 +0200 +@@ -563,6 +563,7 @@ static void acpi_dead_idle(void) + { + struct acpi_processor_power *power; + struct acpi_processor_cx *cx; ++ struct cpuinfo_x86 *c = ¤t_cpu_data; + void *mwait_ptr; + + if ( (power = processor_powers[smp_processor_id()]) == NULL ) +@@ -600,6 +601,23 @@ static void acpi_dead_idle(void) + __mwait(cx->address, 0); + } + } ++ else if ( c->x86_vendor == X86_VENDOR_AMD && ++ cx->entry_method == ACPI_CSTATE_EM_SYSIO ) ++ { ++ /* Intel prefers not to use SYSIO */ ++ ++ /* Avoid references to shared data after the cache flush */ ++ u32 address = cx->address; ++ u32 pmtmr_ioport_local = pmtmr_ioport; ++ ++ wbinvd(); ++ ++ while ( 1 ) ++ { ++ inb(address); ++ inl(pmtmr_ioport_local); ++ } ++ } + + default_halt: + wbinvd(); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/xen-amd04-eae25241d571.patch xen-4.1.3/debian/patches/xen-amd04-eae25241d571.patch --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/xen-amd04-eae25241d571.patch 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/xen-amd04-eae25241d571.patch 2012-09-28 12:11:54.000000000 +0200 @@ -0,0 +1,446 @@ + +# HG changeset patch +# User Boris Ostrovsky +# Date 1328623519 -3600 +# Node ID eae25241d571ecad4d4b69ac89b0accc9e0fbf6c +# Parent 3574f4d67843733ccaabab5f8ebb859c99d7314a +x86/AMD: Add support for AMD's OSVW feature in guests. + +In some cases guests should not provide workarounds for errata even when the +physical processor is affected. For example, because of erratum 400 on family +10h processors a Linux guest will read an MSR (resulting in VMEXIT) before +going to idle in order to avoid getting stuck in a non-C0 state. This is not +necessary: HLT and IO instructions are intercepted and therefore there is no +reason for erratum 400 workaround in the guest. + +This patch allows us to present a guest with certain errata as fixed, +regardless of the state of actual hardware. + +Signed-off-by: Boris Ostrovsky +Acked-by: Christoph Egger +Signed-off-by: Jan Beulich +Acked-by: Keir Fraser +Committed-by: Jan Beulich + +Index: xen-4.1.3/tools/libxc/xc_cpuid_x86.c +=================================================================== +--- xen-4.1.3.orig/tools/libxc/xc_cpuid_x86.c 2012-09-28 11:53:18.031058912 +0200 ++++ xen-4.1.3/tools/libxc/xc_cpuid_x86.c 2012-09-28 11:53:25.795096853 +0200 +@@ -102,6 +102,7 @@ static void amd_xc_cpuid_policy( + bitmaskof(X86_FEATURE_SSE4A) | + bitmaskof(X86_FEATURE_MISALIGNSSE) | + bitmaskof(X86_FEATURE_3DNOWPREFETCH) | ++ bitmaskof(X86_FEATURE_OSVW) | + bitmaskof(X86_FEATURE_XOP) | + bitmaskof(X86_FEATURE_FMA4) | + bitmaskof(X86_FEATURE_TBM)); +Index: xen-4.1.3/xen/arch/x86/hvm/svm/svm.c +=================================================================== +--- xen-4.1.3.orig/xen/arch/x86/hvm/svm/svm.c 2012-09-28 11:53:25.715096467 +0200 ++++ xen-4.1.3/xen/arch/x86/hvm/svm/svm.c 2012-09-28 12:11:50.068495374 +0200 +@@ -75,6 +75,10 @@ static DEFINE_PER_CPU_READ_MOSTLY(void * + + static bool_t amd_erratum383_found __read_mostly; + ++/* OSVW bits */ ++static uint64_t osvw_length, osvw_status; ++static DEFINE_SPINLOCK(osvw_lock); ++ + static void inline __update_guest_eip( + struct cpu_user_regs *regs, unsigned int inst_len) + { +@@ -766,6 +770,69 @@ static void svm_do_resume(struct vcpu *v + reset_stack_and_jump(svm_asm_do_resume); + } + ++static void svm_guest_osvw_init(struct vcpu *vcpu) ++{ ++ if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ) ++ return; ++ ++ /* ++ * Guests should see errata 400 and 415 as fixed (assuming that ++ * HLT and IO instructions are intercepted). ++ */ ++ vcpu->arch.hvm_svm.osvw.length = (osvw_length >= 3) ? osvw_length : 3; ++ vcpu->arch.hvm_svm.osvw.status = osvw_status & ~(6ULL); ++ ++ /* ++ * By increasing VCPU's osvw.length to 3 we are telling the guest that ++ * all osvw.status bits inside that length, including bit 0 (which is ++ * reserved for erratum 298), are valid. However, if host processor's ++ * osvw_len is 0 then osvw_status[0] carries no information. We need to ++ * be conservative here and therefore we tell the guest that erratum 298 ++ * is present (because we really don't know). ++ */ ++ if ( osvw_length == 0 && boot_cpu_data.x86 == 0x10 ) ++ vcpu->arch.hvm_svm.osvw.status |= 1; ++} ++ ++void svm_host_osvw_reset() ++{ ++ spin_lock(&osvw_lock); ++ ++ osvw_length = 64; /* One register (MSRC001_0141) worth of errata */ ++ osvw_status = 0; ++ ++ spin_unlock(&osvw_lock); ++} ++ ++void svm_host_osvw_init() ++{ ++ spin_lock(&osvw_lock); ++ ++ /* ++ * Get OSVW bits. If bits are not the same on different processors then ++ * choose the worst case (i.e. if erratum is present on one processor and ++ * not on another assume that the erratum is present everywhere). ++ */ ++ if ( test_bit(X86_FEATURE_OSVW, &boot_cpu_data.x86_capability) ) ++ { ++ uint64_t len, status; ++ ++ if ( rdmsr_safe(MSR_AMD_OSVW_ID_LENGTH, len) || ++ rdmsr_safe(MSR_AMD_OSVW_STATUS, status) ) ++ len = status = 0; ++ ++ if (len < osvw_length) ++ osvw_length = len; ++ ++ osvw_status |= status; ++ osvw_status &= (1ULL << osvw_length) - 1; ++ } ++ else ++ osvw_length = osvw_status = 0; ++ ++ spin_unlock(&osvw_lock); ++} ++ + static int svm_domain_initialise(struct domain *d) + { + return 0; +@@ -794,6 +861,9 @@ static int svm_vcpu_initialise(struct vc + } + + vpmu_initialise(v); ++ ++ svm_guest_osvw_init(v); ++ + return 0; + } + +@@ -908,6 +978,27 @@ static void svm_init_erratum_383(struct + } + } + ++static int svm_handle_osvw(struct vcpu *v, uint32_t msr, uint64_t *val, bool_t read) ++{ ++ uint eax, ebx, ecx, edx; ++ ++ /* Guest OSVW support */ ++ hvm_cpuid(0x80000001, &eax, &ebx, &ecx, &edx); ++ if ( !test_bit((X86_FEATURE_OSVW & 31), &ecx) ) ++ return -1; ++ ++ if ( read ) ++ { ++ if (msr == MSR_AMD_OSVW_ID_LENGTH) ++ *val = v->arch.hvm_svm.osvw.length; ++ else ++ *val = v->arch.hvm_svm.osvw.status; ++ } ++ /* Writes are ignored */ ++ ++ return 0; ++} ++ + static int svm_cpu_up(void) + { + uint64_t msr_content; +@@ -958,6 +1049,9 @@ static int svm_cpu_up(void) + } + #endif + ++ /* Initialize OSVW bits to be used by guests */ ++ svm_host_osvw_init(); ++ + return 0; + } + +@@ -968,6 +1062,8 @@ struct hvm_function_table * __init start + if ( !test_bit(X86_FEATURE_SVM, &boot_cpu_data.x86_capability) ) + return NULL; + ++ svm_host_osvw_reset(); ++ + if ( svm_cpu_up() ) + { + printk("SVM: failed to initialise.\n"); +@@ -1195,6 +1291,12 @@ static int svm_msr_read_intercept(unsign + vpmu_do_rdmsr(msr, msr_content); + break; + ++ case MSR_AMD_OSVW_ID_LENGTH: ++ case MSR_AMD_OSVW_STATUS: ++ if (svm_handle_osvw(v, msr, msr_content, 1) < 0) ++ goto gpf; ++ break; ++ + default: + + if ( rdmsr_viridian_regs(msr, msr_content) || +@@ -1323,6 +1425,12 @@ static int svm_msr_write_intercept(unsig + */ + break; + ++ case MSR_AMD_OSVW_ID_LENGTH: ++ case MSR_AMD_OSVW_STATUS: ++ if (svm_handle_osvw(v, msr, &msr_content, 0) < 0) ++ goto gpf; ++ break; ++ + default: + if ( wrmsr_viridian_regs(msr, msr_content) ) + break; +Index: xen-4.1.3/xen/arch/x86/microcode.c +=================================================================== +--- xen-4.1.3.orig/xen/arch/x86/microcode.c 2012-09-28 11:53:17.903058265 +0200 ++++ xen-4.1.3/xen/arch/x86/microcode.c 2012-09-28 11:53:25.799096876 +0200 +@@ -160,5 +160,15 @@ int microcode_update(XEN_GUEST_HANDLE(co + info->error = 0; + info->cpu = first_cpu(cpu_online_map); + ++ if ( microcode_ops->start_update ) ++ { ++ ret = microcode_ops->start_update(); ++ if ( ret != 0 ) ++ { ++ xfree(info); ++ return ret; ++ } ++ } ++ + return continue_hypercall_on_cpu(info->cpu, do_microcode_update, info); + } +Index: xen-4.1.3/xen/arch/x86/microcode_amd.c +=================================================================== +--- xen-4.1.3.orig/xen/arch/x86/microcode_amd.c 2012-09-28 11:53:17.875058141 +0200 ++++ xen-4.1.3/xen/arch/x86/microcode_amd.c 2012-09-28 11:53:25.799096876 +0200 +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + #define pr_debug(x...) ((void)0) + +@@ -44,6 +45,7 @@ static DEFINE_SPINLOCK(microcode_update_ + + struct equiv_cpu_entry *equiv_cpu_table; + ++/* See comment in start_update() for cases when this routine fails */ + static int collect_cpu_info(int cpu, struct cpu_signature *csig) + { + struct cpuinfo_x86 *c = &cpu_data[cpu]; +@@ -275,14 +277,16 @@ static int cpu_request_microcode(int cpu + { + printk(KERN_ERR "microcode: error! Wrong " + "microcode patch file magic\n"); +- return -EINVAL; ++ error = -EINVAL; ++ goto out; + } + + error = install_equiv_cpu_table(buf, (uint32_t)(buf_pos[2]), &offset); + if ( error ) + { + printk(KERN_ERR "microcode: installing equivalent cpu table failed\n"); +- return -EINVAL; ++ error = -EINVAL; ++ goto out; + } + + mc_amd = xmalloc(struct microcode_amd); +@@ -290,6 +294,8 @@ static int cpu_request_microcode(int cpu + { + printk(KERN_ERR "microcode: error! " + "Can not allocate memory for microcode patch\n"); ++ xfree(equiv_cpu_table); ++ equiv_cpu_table = NULL; + error = -ENOMEM; + goto out; + } +@@ -321,14 +327,16 @@ static int cpu_request_microcode(int cpu + /* On success keep the microcode patch for + * re-apply on resume. + */ +- if (error == 0) { ++ if (error == 1) { + xfree(mc_old); +- return 0; ++ error = 0; ++ } else { ++ xfree(equiv_cpu_table); ++ equiv_cpu_table = NULL; + } + + out: +- xfree(equiv_cpu_table); +- equiv_cpu_table = NULL; ++ svm_host_osvw_init(); + + return error; + } +@@ -338,11 +346,28 @@ static int microcode_resume_match(int cp + return 0; + } + ++static int start_update(void) ++{ ++ /* ++ * We assume here that svm_host_osvw_init() will be called on each cpu (from ++ * cpu_request_microcode()). ++ * ++ * Note that if collect_cpu_info() returns an error then ++ * cpu_request_microcode() will not invoked thus leaving OSVW bits not ++ * updated. Currently though collect_cpu_info() will not fail on processors ++ * supporting OSVW so we will not deal with this possibility. ++ */ ++ svm_host_osvw_reset(); ++ ++ return 0; ++} ++ + static const struct microcode_ops microcode_amd_ops = { + .microcode_resume_match = microcode_resume_match, + .cpu_request_microcode = cpu_request_microcode, + .collect_cpu_info = collect_cpu_info, + .apply_microcode = apply_microcode, ++ .start_update = start_update, + }; + + static __init int microcode_init_amd(void) +Index: xen-4.1.3/xen/arch/x86/platform_hypercall.c +=================================================================== +--- xen-4.1.3.orig/xen/arch/x86/platform_hypercall.c 2012-09-28 11:53:17.843057974 +0200 ++++ xen-4.1.3/xen/arch/x86/platform_hypercall.c 2012-09-28 11:53:25.803096905 +0200 +@@ -169,7 +169,23 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe + break; + + guest_from_compat_handle(data, op->u.microcode.data); ++ ++ /* ++ * alloc_vcpu() will access data which is modified during ++ * microcode update ++ */ ++ while ( !spin_trylock(&vcpu_alloc_lock) ) ++ { ++ if ( hypercall_preempt_check() ) ++ { ++ ret = hypercall_create_continuation( ++ __HYPERVISOR_platform_op, "h", u_xenpf_op); ++ goto out; ++ } ++ } ++ + ret = microcode_update(data, op->u.microcode.length); ++ spin_unlock(&vcpu_alloc_lock); + } + break; + +Index: xen-4.1.3/xen/common/domctl.c +=================================================================== +--- xen-4.1.3.orig/xen/common/domctl.c 2012-09-28 11:53:17.987058678 +0200 ++++ xen-4.1.3/xen/common/domctl.c 2012-09-28 11:53:25.803096905 +0200 +@@ -27,6 +27,7 @@ + #include + + static DEFINE_SPINLOCK(domctl_lock); ++DEFINE_SPINLOCK(vcpu_alloc_lock); + + extern long arch_do_domctl( + struct xen_domctl *op, XEN_GUEST_HANDLE(xen_domctl_t) u_domctl); +@@ -488,6 +489,20 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc + /* Needed, for example, to ensure writable p.t. state is synced. */ + domain_pause(d); + ++ /* ++ * Certain operations (e.g. CPU microcode updates) modify data which is ++ * used during VCPU allocation/initialization ++ */ ++ while ( !spin_trylock(&vcpu_alloc_lock) ) ++ { ++ if ( hypercall_preempt_check() ) ++ { ++ ret = hypercall_create_continuation( ++ __HYPERVISOR_domctl, "h", u_domctl); ++ goto maxvcpu_out_novcpulock; ++ } ++ } ++ + /* We cannot reduce maximum VCPUs. */ + ret = -EINVAL; + if ( (max < d->max_vcpus) && (d->vcpu[max] != NULL) ) +@@ -538,6 +553,9 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domc + ret = 0; + + maxvcpu_out: ++ spin_unlock(&vcpu_alloc_lock); ++ ++ maxvcpu_out_novcpulock: + domain_unpause(d); + rcu_unlock_domain(d); + } +Index: xen-4.1.3/xen/include/asm-x86/hvm/svm/svm.h +=================================================================== +--- xen-4.1.3.orig/xen/include/asm-x86/hvm/svm/svm.h 2012-09-28 11:53:17.731057420 +0200 ++++ xen-4.1.3/xen/include/asm-x86/hvm/svm/svm.h 2012-09-28 11:53:25.803096905 +0200 +@@ -91,4 +91,7 @@ extern u32 svm_feature_flags; + ~TSC_RATIO_RSVD_BITS ) + #define vcpu_tsc_ratio(v) TSC_RATIO((v)->domain->arch.tsc_khz, cpu_khz) + ++extern void svm_host_osvw_reset(void); ++extern void svm_host_osvw_init(void); ++ + #endif /* __ASM_X86_HVM_SVM_H__ */ +Index: xen-4.1.3/xen/include/asm-x86/hvm/svm/vmcb.h +=================================================================== +--- xen-4.1.3.orig/xen/include/asm-x86/hvm/svm/vmcb.h 2012-09-28 11:53:17.771057616 +0200 ++++ xen-4.1.3/xen/include/asm-x86/hvm/svm/vmcb.h 2012-09-28 11:53:25.803096905 +0200 +@@ -509,6 +509,12 @@ struct arch_svm_struct { + uint64_t guest_sysenter_cs; + uint64_t guest_sysenter_esp; + uint64_t guest_sysenter_eip; ++ ++ /* OSVW MSRs */ ++ struct { ++ u64 length; ++ u64 status; ++ } osvw; + }; + + struct vmcb_struct *alloc_vmcb(void); +Index: xen-4.1.3/xen/include/asm-x86/microcode.h +=================================================================== +--- xen-4.1.3.orig/xen/include/asm-x86/microcode.h 2012-09-28 11:53:17.699057275 +0200 ++++ xen-4.1.3/xen/include/asm-x86/microcode.h 2012-09-28 11:53:25.807096920 +0200 +@@ -11,6 +11,7 @@ struct microcode_ops { + int (*cpu_request_microcode)(int cpu, const void *buf, size_t size); + int (*collect_cpu_info)(int cpu, struct cpu_signature *csig); + int (*apply_microcode)(int cpu); ++ int (*start_update)(void); + }; + + struct microcode_header_intel { +Index: xen-4.1.3/xen/include/xen/domain.h +=================================================================== +--- xen-4.1.3.orig/xen/include/xen/domain.h 2012-09-28 11:53:17.811057818 +0200 ++++ xen-4.1.3/xen/include/xen/domain.h 2012-09-28 11:53:25.807096920 +0200 +@@ -59,6 +59,7 @@ void arch_dump_domain_info(struct domain + + void arch_vcpu_reset(struct vcpu *v); + ++extern spinlock_t vcpu_alloc_lock; + bool_t domctl_lock_acquire(void); + void domctl_lock_release(void); + diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/xen-amd10-23e33ea79cac.patch xen-4.1.3/debian/patches/xen-amd10-23e33ea79cac.patch --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/patches/xen-amd10-23e33ea79cac.patch 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/patches/xen-amd10-23e33ea79cac.patch 2012-09-28 11:49:42.000000000 +0200 @@ -0,0 +1,38 @@ + +# HG changeset patch +# User Jacob Shin +# Date 1305188046 -3600 +# Node ID 23e33ea79cac0303c729d4e82905054cded16348 +# Parent fabdd682420c0c7b5e81f07f2f54211ebc11babe +hvm: vpmu: Enable HVM VPMU for AMD Family 12h and 14h processors + +HVM VPMU support can be enabled for AMD Family 12h and 14h processors +by taking the same code path as 10h. + +Signed-off-by: Jacob Shin + +diff -r fabdd682420c -r 23e33ea79cac xen/arch/x86/hvm/svm/vpmu.c +--- a/xen/arch/x86/hvm/svm/vpmu.c Thu May 12 09:13:18 2011 +0100 ++++ b/xen/arch/x86/hvm/svm/vpmu.c Thu May 12 09:14:06 2011 +0100 +@@ -317,6 +317,8 @@ static void amd_vpmu_initialise(struct v + k7_counters_mirrored = 1; + break; + case 0x10: ++ case 0x12: ++ case 0x14: + default: + num_counters = F10H_NUM_COUNTERS; + counters = AMD_F10H_COUNTERS; +diff -r fabdd682420c -r 23e33ea79cac xen/arch/x86/hvm/vpmu.c +--- a/xen/arch/x86/hvm/vpmu.c Thu May 12 09:13:18 2011 +0100 ++++ b/xen/arch/x86/hvm/vpmu.c Thu May 12 09:14:06 2011 +0100 +@@ -101,6 +101,8 @@ void vpmu_initialise(struct vcpu *v) + switch ( family ) + { + case 0x10: ++ case 0x12: ++ case 0x14: + case 0x15: + vpmu->arch_vpmu_ops = &amd_vpmu_ops; + break; + diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/rules.gen xen-4.1.3/debian/rules.gen --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/rules.gen 2012-07-01 23:09:34.000000000 +0200 +++ xen-4.1.3/debian/rules.gen 2012-09-18 13:27:30.000000000 +0200 @@ -5,6 +5,7 @@ binary-arch_amd64_none_amd64:: binary-arch_amd64_none_amd64_real binary-arch_amd64_none_amd64:: $(MAKE) -f debian/rules.real binary-arch-flavour ARCH='amd64' FEATURESET='none' FLAVOUR='amd64' VERSION='4.1' XEN_ARCH='x86_64' + $(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='-pxen-system-amd64' ARCH='amd64' FEATURESET='none' FLAVOUR='amd64' VERSION='4.1' XEN_ARCH='x86_64' binary-arch_amd64_none_amd64_real: binary-arch_amd64_none_real: binary-arch_amd64_real:: @@ -14,10 +15,12 @@ binary-arch_i386_none_amd64:: binary-arch_i386_none_amd64_real binary-arch_i386_none_amd64:: $(MAKE) -f debian/rules.real binary-arch-flavour ARCH='i386' FEATURESET='none' FLAVOUR='amd64' VERSION='4.1' XEN_ARCH='x86_64' + $(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='-pxen-system-amd64' ARCH='i386' FEATURESET='none' FLAVOUR='amd64' VERSION='4.1' XEN_ARCH='x86_64' binary-arch_i386_none_amd64_real: binary-arch_i386_none_i386:: binary-arch_i386_none_i386_real binary-arch_i386_none_i386:: $(MAKE) -f debian/rules.real binary-arch-flavour ARCH='i386' FEATURESET='none' FLAVOUR='i386' VERSION='4.1' XEN_ARCH='x86_32' + $(MAKE) -f debian/rules.real install-dummy DH_OPTIONS='-pxen-system-i386' ARCH='i386' FEATURESET='none' FLAVOUR='i386' VERSION='4.1' XEN_ARCH='x86_32' binary-arch_i386_none_i386_real: binary-arch_i386_none_real: binary-arch_i386_real:: diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/rules.real xen-4.1.3/debian/rules.real --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/rules.real 2012-07-01 23:09:34.000000000 +0200 +++ xen-4.1.3/debian/rules.real 2012-07-27 12:29:06.000000000 +0200 @@ -117,6 +117,12 @@ dh_md5sums dh_builddeb +install-dummy: + dh_testdir + dh_testroot + dh_prep + +$(MAKE_SELF) install-base + install-docs: SOURCE_DIR = $(BUILD_DIR)/build-docs install-docs: DIR = $(BUILD_DIR)/install-docs install-docs: PACKAGE_NAME = xen-docs-$(VERSION) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/scripts/qemu-ifup xen-4.1.3/debian/scripts/qemu-ifup --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/scripts/qemu-ifup 2006-10-03 14:11:04.000000000 +0200 +++ xen-4.1.3/debian/scripts/qemu-ifup 2012-07-13 01:28:23.000000000 +0200 @@ -3,5 +3,11 @@ echo -c 'config qemu network with xen bridge for ' echo $* +# Initialise a dummy MAC address. We choose the numerically +# largest non-broadcast address to prevent the address getting +# stolen by an Ethernet bridge for STP purposes. +# (FE:FF:FF:FF:FF:FF) +ip link set $1 address fe:ff:ff:ff:ff:ff || true + ifconfig $1 0.0.0.0 up brctl addif $2 $1 diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/templates/control.source.in xen-4.1.3/debian/templates/control.source.in --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/templates/control.source.in 2012-07-01 23:09:34.000000000 +0200 +++ xen-4.1.3/debian/templates/control.source.in 2012-07-14 14:21:44.000000000 +0200 @@ -4,7 +4,7 @@ Uploaders: Guido Trotter , Bastian Blank Build-Depends: debhelper (>> 7), - dpkg (>= 1.16.0~), + dpkg-dev (>= 1.16.0~), lsb-release, python-dev, bcc, diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/templates/control.system.latest.in xen-4.1.3/debian/templates/control.system.latest.in --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/templates/control.system.latest.in 1970-01-01 01:00:00.000000000 +0100 +++ xen-4.1.3/debian/templates/control.system.latest.in 2012-07-28 10:16:22.000000000 +0200 @@ -0,0 +1,8 @@ +Package: xen-system@localversion@ +Depends: xen-hypervisor-@version@@localversion@, xen-utils-@version@, ${misc:Depends} +Provides: xen-system +Description: Xen System on @class@ (meta-package) + This package depends on the latest Xen hypervisor for use on @class@ and the Xen utils. + . + @desc@ + diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/xen-utils-common.xendomains.init xen-4.1.3/debian/xen-utils-common.xendomains.init --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/debian/xen-utils-common.xendomains.init 2012-05-22 10:22:34.000000000 +0200 +++ xen-4.1.3/debian/xen-utils-common.xendomains.init 2012-09-18 13:16:06.000000000 +0200 @@ -3,8 +3,8 @@ # Provides: xendomains # Required-Start: $syslog $remote_fs xen # Required-Stop: $syslog $remote_fs xen -# Should-Start: drbd iscsi -# Should-Stop: drbd iscsi +# Should-Start: drbd iscsi openvswitch-switch +# Should-Stop: drbd iscsi openvswitch-switch # X-Start-Before: corosync heartbeat # X-Stop-After: corosync heartbeat # Default-Start: 2 3 4 5 @@ -23,6 +23,15 @@ exit 0; fi +TOOLSTACK=$(/usr/lib/xen-common/bin/xen-toolstack 2>/dev/null) +if [ $? -ne 0 ]; then + log_warning_msg "No usable Xen toolstack selected" + exit 0 +fi +if [ "$(basename "$TOOLSTACK")" != xm ] && [ "$(basename "$TOOLSTACK")" != xl ]; then + exit 0 +fi + if ! [ -e /proc/xen/privcmd ]; then exit 0 fi @@ -44,15 +53,28 @@ timeout_coproc() { - TIMEOUT="$1" + local TIMEOUT=$1 + shift + + coproc "$@" 2>&1 1>/dev/null + + local COPROC_OUT + exec {COPROC_OUT}<&"${COPROC[0]}" + local PID="$COPROC_PID" + for no in $(seq 0 $TIMEOUT); do - if [ -z "$COPROC_PID" ]; then return 0; fi + if [ -z "$COPROC_PID" ]; then break; fi sleep 1 log_action_cont_msg done + kill -INT "$COPROC_PID" >/dev/null 2>&1 - wait $COPROC_PID - return 1 + wait $PID + local rc=$? + log_action_end_msg $rc + + [ $rc -gt 0 ] && cat <&$COPROC_OUT + exec <&$COPROC_OUT- } timeout_domain() @@ -142,9 +164,7 @@ while read id name rest; do log_action_begin_msg "Migrating Xen domain $name ($id)" - coproc xen migrate $id $XENDOMAINS_MIGRATE 2>&1 1>/dev/null - timeout_coproc "$XENDOMAINS_STOP_MAXWAIT" - log_action_end_msg $? + (timeout_coproc "$XENDOMAINS_STOP_MAXWAIT" xen migrate $id $XENDOMAINS_MIGRATE) done < <(/usr/lib/xen-common/bin/xen-init-list) } @@ -155,9 +175,7 @@ while read id name rest; do log_action_begin_msg "Saving Xen domain $name ($id)" - coproc xen save $id $XENDOMAINS_SAVE/$name 2>&1 1>/dev/null - timeout_coproc "$XENDOMAINS_STOP_MAXWAIT" - log_action_end_msg $? + (timeout_coproc "$XENDOMAINS_STOP_MAXWAIT" xen save $id $XENDOMAINS_SAVE/$name) done < <(/usr/lib/xen-common/bin/xen-init-list) } @@ -166,6 +184,10 @@ while read id name rest; do log_action_begin_msg "Shutting down Xen domain $name ($id)" xen shutdown $id 2>&1 1>/dev/null + log_action_end_msg $? + done < <(/usr/lib/xen-common/bin/xen-init-list) + while read id name rest; do + log_action_begin_msg "Waiting for Xen domain $name ($id) to shut down" timeout_domain "$name" "$XENDOMAINS_STOP_MAXWAIT" log_action_end_msg $? done < <(/usr/lib/xen-common/bin/xen-init-list) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/.hg_archival.txt xen-4.1.3/.hg_archival.txt --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/.hg_archival.txt 2012-06-14 12:39:57.000000000 +0200 +++ xen-4.1.3/.hg_archival.txt 2012-08-09 22:08:04.000000000 +0200 @@ -1,5 +1,4 @@ repo: ab039beb22dc9d53f224a5ef2ef88d534b561898 -node: a9c0a89c08f2a1c92f64f001b653d7c02fbc852c +node: ce7195d2b80e4df9857e434fa29689fd678a2341 branch: default -latesttag: 4.1.3-rc1 -latesttagdistance: 13 +tag: RELEASE-4.1.3 diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/.hgsigs xen-4.1.3/.hgsigs --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/.hgsigs 2012-06-14 12:39:57.000000000 +0200 +++ xen-4.1.3/.hgsigs 2012-08-09 22:08:04.000000000 +0200 @@ -16,3 +16,5 @@ 24041ed83728ac6c26d3c32d29d7d08eb8433149 0 iQEcBAABAgAGBQJOjxDqAAoJEIP+FMlX6CvZohIH/2krgh6rTz6hjsv6HOFWQkekqHjZyyQBgdl3tfgSN/vSd3rJPN6mvaYjh8ZltmBbcHcRCmriTr7KK9e6kOChU7hyTCBDmtGxNN5TgMoAf27pSMrFN1HvK0ohQzGXvqKLAepTXW2ew+Abno3OgKRwUMpQJVlq+ZUCuqKODYI9nRE10XV6ORAejgE5mDYNn3BbvcI07Cjmqgm7bJzi5Hv0wzscPuJxQjz4vrJ+5ne65TYOzFPNkIFKeRETP+Shd9Gkw2/w9sbzQ2hzTH/02sUrsxolXD2wexfxgVz07rTe7qgbqKruCBOPtbcnGMAbs3e5NB7V6H3HnkTRtHQ4BosUMnE= 3eca5bf65e6cca881d599c68f2305f865e0f9fd0 0 iQEcBAABAgAGBQJOoE3xAAoJEIP+FMlX6CvZ0P4IALamOXJi4s9OzfutsjD//V5QYU972Y+NxBo2j7VNKnRaFwZ57RbxLE8dzsAufvxx/886ScyvdehAfWkpqhU+brLfKNftG54Bm3DFd+mDCdcTvHOGkKw768YUPBNjOhQZ8voVSnalrQaOlbibluRTYGK1Y4lcWXwP8SSCCR7bpm8VLrSKQoatiaPtc/OxBO+9UOlHFUR2tWt5YY4a5NczaXJ2xGERMnOssE83GjxSD/07+y9aDLNjnQiYqQfSkF46Gv4s94hPv8KeHEiGDMoZF/YqHr+4YxDCt8y39TXiQfT67O3o9xx6VfynTIHRo9CZ0qGrEqz7o8GK1vWhlfq3T5M= da64f68730cf1c42c06919578e70d8bc01041051 0 iQEcBAABAgAGBQJPp8OUAAoJEIP+FMlX6CvZRkEIAKp5iVEADZyijVw0Jwj1vUWKqHJYVONzNjzRcnavWAEzsuwbAxQ6QfMJIai2ThjF79M2w7fPXY03S/vCV4/bXVE9R9s2/IUmS9B6pK+DAhw3ExuNUfsxq9UZd3Iul6hWifjjouYnBmgUtpF7O5z4pfQ+r1+z58FpIYPrv39NARt5YW7tcPeUJh4gOJ0ugORc5CclZqLLiljjIbVY6DN+jJDzjqCAwbWLGbkVw4kEGAeWI6aP3/5ZDpnk9Yytp9GpZ8d3BpmlHaR/kY6xepmZUqBPFGKUGY437+1jKWGgUYPLt2RC0S88W4iLRW6b9HXd7u3bhrn36ERz8XZ10KqjH7A= +acbd3617691397911f34e4574d03385c08aec900 0 iQEcBAABAgAGBQJP3zbaAAoJEIP+FMlX6CvZoMUH/1TQcdw+e/7BmxtXBnMIrpiTJ7/tffSBYurcoQFq1cTaJJgz5in8iq1JWHgru/ToYQ9PaWY0wVQcb1Yj40rCGNnASlSzQqgRQbYMmZpKd0+TESDtMkl6q1FXECrs8ag/HMHwkVYsgdAEmQ/7IouRK4kBOXXzSWhMRU24YkHdJAnQCcXD9L99Yjmrr5oxF/fgVG7WnhfTGlhpu7FaUeWlDjBRlIuw6HeNnXMwubAn569dGXyPdwJnbU0nCLRrQGjQn7DsmeN25gL4R5Pz+uhp4eeGB7ORYT/mj5+xeS2Cjb3XfptV3qAW2FJVYRLit7lp5cmsKvtBnr8mAO8GS0R+8Pg= +5cdcfed7b5b129843e1602b5d43c7651de337092 0 iQEcBAABAgAGBQJQDB6TAAoJEIP+FMlX6CvZ+H8IAJbWR4PrKOt3gMpgEYdADts96vtduD3oet5C+l8FSlo0pDPtF32wPQ5tQz+Ll8OtCFckSIzobsw+9IMrZ38nRwP1UM2LgLUuo6WVVwYZ4DKVIntDrC1DV6Us1CmGiHiTHqPNDypBB2NponJ21rlD8zRY4Q661BgdKXVwqq5H6SDtxNRSn7RPDYnsIvavabr0fvcR38YOHVG4TvfXP+uge0UfEvIurGEBnTn25E0vadLG9la9SGKeEm8HuTDnzuxQmSic7tPdodQ0oQYQ5AAj+/mdW2B9uaCDsmOeP4udDNcV4yXxdLxNA2GkeSSJ/+U0hj2HBaHZvd+hvAeHBZGdMAU= diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/.hgtags xen-4.1.3/.hgtags --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/.hgtags 2012-06-14 12:39:57.000000000 +0200 +++ xen-4.1.3/.hgtags 2012-08-09 22:08:04.000000000 +0200 @@ -63,3 +63,5 @@ 24041ed83728ac6c26d3c32d29d7d08eb8433149 4.1.2-rc3 3eca5bf65e6cca881d599c68f2305f865e0f9fd0 RELEASE-4.1.2 da64f68730cf1c42c06919578e70d8bc01041051 4.1.3-rc1 +acbd3617691397911f34e4574d03385c08aec900 4.1.3-rc2 +5cdcfed7b5b129843e1602b5d43c7651de337092 4.1.3-rc3 diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/e1000.c xen-4.1.3/qemu/hw/e1000.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/e1000.c 2011-04-28 09:38:36.000000000 +0200 +++ xen-4.1.3/qemu/hw/e1000.c 2012-04-24 19:35:40.000000000 +0200 @@ -444,6 +444,8 @@ bytes = split_size; if (tp->size + bytes > msh) bytes = msh - tp->size; + + bytes = MIN(sizeof(tp->data) - tp->size, bytes); cpu_physical_memory_read(addr, tp->data + tp->size, bytes); if ((sz = tp->size + bytes) >= hdr && tp->size < hdr) memmove(tp->header, tp->data, hdr); @@ -459,6 +461,7 @@ // context descriptor TSE is not set, while data descriptor TSE is set DBGOUT(TXERR, "TCP segmentaion Error\n"); } else { + split_size = MIN(sizeof(tp->data) - tp->size, split_size); cpu_physical_memory_read(addr, tp->data + tp->size, split_size); tp->size += split_size; } diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/pci.h xen-4.1.3/qemu/hw/pci.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/pci.h 2011-04-28 09:38:36.000000000 +0200 +++ xen-4.1.3/qemu/hw/pci.h 2012-04-24 19:35:40.000000000 +0200 @@ -177,9 +177,15 @@ #define PCI_STATUS_RESERVED1 0x007 #define PCI_STATUS_INT_STATUS 0x008 #define PCI_STATUS_CAPABILITIES 0x010 +#ifndef PCI_STATUS_66MHZ #define PCI_STATUS_66MHZ 0x020 +#endif +#ifndef PCI_STATUS_RESERVED2 #define PCI_STATUS_RESERVED2 0x040 +#endif +#ifndef PCI_STATUS_FAST_BACK #define PCI_STATUS_FAST_BACK 0x080 +#endif #define PCI_STATUS_DEVSEL 0x600 #define PCI_STATUS_RESERVED_MASK_LO (PCI_STATUS_RESERVED1 | \ diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/pt-msi.h xen-4.1.3/qemu/hw/pt-msi.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/pt-msi.h 2011-04-28 09:38:36.000000000 +0200 +++ xen-4.1.3/qemu/hw/pt-msi.h 2012-04-24 19:35:40.000000000 +0200 @@ -26,7 +26,9 @@ /* MSI-X */ #define PCI_MSIX_ENABLE 0x8000 #define PCI_MSIX_MASK 0x4000 +#ifndef PCI_MSIX_TABSIZE #define PCI_MSIX_TABSIZE 0x03ff +#endif #define PCI_MSIX_TABLE 4 #define PCI_MSIX_PBA 8 #define PCI_MSIX_BIR 0x7 diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/xen_console.c xen-4.1.3/qemu/hw/xen_console.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/xen_console.c 2011-04-28 09:38:36.000000000 +0200 +++ xen-4.1.3/qemu/hw/xen_console.c 2012-04-24 19:35:40.000000000 +0200 @@ -253,6 +253,8 @@ { struct XenConsole *con = container_of(xendev, struct XenConsole, xendev); + if (!xendev->dev) + return; if (con->chr) qemu_chr_add_handlers(con->chr, NULL, NULL, NULL, NULL); xen_be_unbind_evtchn(&con->xendev); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/xen_disk.c xen-4.1.3/qemu/hw/xen_disk.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/hw/xen_disk.c 2011-04-28 09:38:36.000000000 +0200 +++ xen-4.1.3/qemu/hw/xen_disk.c 2012-04-24 19:35:40.000000000 +0200 @@ -46,11 +46,11 @@ /* ------------------------------------------------------------- */ -static int syncwrite = 1; -static int batch_maps = 0; +static int syncwrite = 0; +static int batch_maps = 1; static int max_requests = 32; -static int use_aio = 0; +static int use_aio = 1; /* ------------------------------------------------------------- */ @@ -382,6 +382,8 @@ ioreq->aio_inflight--; if (ioreq->aio_inflight > 0) return; + if (ioreq->postsync) + bdrv_flush(ioreq->blkdev->bs); ioreq->status = ioreq->aio_errors ? BLKIF_RSP_ERROR : BLKIF_RSP_OKAY; ioreq_unmap(ioreq); @@ -409,9 +411,9 @@ break; case BLKIF_OP_WRITE: case BLKIF_OP_WRITE_BARRIER: - ioreq->aio_inflight++; if (!ioreq->req.nr_segments) break; + ioreq->aio_inflight++; bdrv_aio_writev(blkdev->bs, ioreq->start / BLOCK_SIZE, &ioreq->v, ioreq->v.size / BLOCK_SIZE, qemu_aio_complete, ioreq); @@ -421,8 +423,6 @@ goto err; } - if (ioreq->postsync) - bdrv_flush(blkdev->bs); /* FIXME: aio_flush() ??? */ qemu_aio_complete(ioreq, 0); return 0; @@ -617,12 +617,13 @@ return -1; /* read-only ? */ + qflags = BDRV_O_NOCACHE; if (strcmp(blkdev->mode, "w") == 0) { mode = O_RDWR; - qflags = BDRV_O_RDWR; + qflags |= BDRV_O_RDWR; } else { mode = O_RDONLY; - qflags = BDRV_O_RDONLY; + qflags |= BDRV_O_RDONLY; info |= VDISK_READONLY; } diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/xenstore.c xen-4.1.3/qemu/xenstore.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/qemu/xenstore.c 2011-04-28 09:38:36.000000000 +0200 +++ xen-4.1.3/qemu/xenstore.c 2012-04-24 19:35:40.000000000 +0200 @@ -643,7 +643,7 @@ } pstrcpy(bs->filename, sizeof(bs->filename), params); - flags = BDRV_O_CACHE_WB; /* snapshot and write-back */ + flags = BDRV_O_NOCACHE; is_readonly = 0; if (pasprintf(&buf, "%s/mode", bpath) == -1) continue; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/tools/ocaml/libs/xc/xc_stubs.c xen-4.1.3/tools/ocaml/libs/xc/xc_stubs.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/tools/ocaml/libs/xc/xc_stubs.c 2012-06-14 12:39:58.000000000 +0200 +++ xen-4.1.3/tools/ocaml/libs/xc/xc_stubs.c 2012-08-09 22:08:06.000000000 +0200 @@ -430,7 +430,7 @@ for (i=0; i= MAX_LOCAL_SAPIC ) + return -EINVAL; + apic_id = ia64_acpiid_to_sapicid[acpi_id]; if ( apic_id == 0xffff ) return -EINVAL; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/acpi/cpu_idle.c xen-4.1.3/xen/arch/x86/acpi/cpu_idle.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/acpi/cpu_idle.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/acpi/cpu_idle.c 2012-08-09 22:08:08.000000000 +0200 @@ -44,6 +44,7 @@ #include #include #include +#include #include #include #include @@ -111,6 +112,7 @@ /* Westmere */ case 0x25: case 0x2C: + case 0x2F: GET_PC3_RES(hw_res->pc3); GET_PC6_RES(hw_res->pc6); GET_PC7_RES(hw_res->pc7); @@ -887,6 +889,9 @@ cx->entry_method = ACPI_CSTATE_EM_HALT; break; case ACPI_ADR_SPACE_SYSTEM_IO: + if ( ioports_deny_access(dom0, cx->address, cx->address) ) + printk(XENLOG_WARNING "Could not deny access to port %04x\n", + cx->address); cx->entry_method = ACPI_CSTATE_EM_SYSIO; break; default: @@ -902,11 +907,14 @@ acpi_power->safe_state = cx; } -int get_cpu_id(u8 acpi_id) +int get_cpu_id(u32 acpi_id) { int i; u32 apic_id; + if ( acpi_id >= MAX_MADT_ENTRIES ) + return -1; + apic_id = x86_acpiid_to_apicid[acpi_id]; if ( apic_id == BAD_APICID ) return -1; @@ -983,7 +991,7 @@ print_cx_pminfo(cpu, power); /* map from acpi_id to cpu_id */ - cpu_id = get_cpu_id((u8)cpu); + cpu_id = get_cpu_id(cpu); if ( cpu_id == -1 ) { printk(XENLOG_ERR "no cpu_id for acpi_id %d\n", cpu); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/acpi/power.c xen-4.1.3/xen/arch/x86/acpi/power.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/acpi/power.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/acpi/power.c 2012-08-09 22:08:08.000000000 +0200 @@ -321,7 +321,7 @@ } /* System is really put into sleep state by this stub */ -acpi_status asmlinkage acpi_enter_sleep_state(u8 sleep_state) +acpi_status acpi_enter_sleep_state(u8 sleep_state) { acpi_status status; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/cpu/common.c xen-4.1.3/xen/arch/x86/cpu/common.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/cpu/common.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/cpu/common.c 2012-08-09 22:08:08.000000000 +0200 @@ -27,10 +27,15 @@ static bool_t __cpuinitdata use_xsave; boolean_param("xsave", use_xsave); + unsigned int __devinitdata opt_cpuid_mask_ecx = ~0u; integer_param("cpuid_mask_ecx", opt_cpuid_mask_ecx); unsigned int __devinitdata opt_cpuid_mask_edx = ~0u; integer_param("cpuid_mask_edx", opt_cpuid_mask_edx); + +unsigned int __devinitdata opt_cpuid_mask_xsave_eax = ~0u; +integer_param("cpuid_mask_xsave_eax", opt_cpuid_mask_xsave_eax); + unsigned int __devinitdata opt_cpuid_mask_ext_ecx = ~0u; integer_param("cpuid_mask_ext_ecx", opt_cpuid_mask_ext_ecx); unsigned int __devinitdata opt_cpuid_mask_ext_edx = ~0u; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/cpu/cpu.h xen-4.1.3/xen/arch/x86/cpu/cpu.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/cpu/cpu.h 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/cpu/cpu.h 2012-08-09 22:08:08.000000000 +0200 @@ -22,6 +22,7 @@ extern struct cpu_dev * cpu_devs [X86_VENDOR_NUM]; extern unsigned int opt_cpuid_mask_ecx, opt_cpuid_mask_edx; +extern unsigned int opt_cpuid_mask_xsave_eax; extern unsigned int opt_cpuid_mask_ext_ecx, opt_cpuid_mask_ext_edx; extern int get_model_name(struct cpuinfo_x86 *c); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/cpu/intel.c xen-4.1.3/xen/arch/x86/cpu/intel.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/cpu/intel.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/cpu/intel.c 2012-08-09 22:08:08.000000000 +0200 @@ -59,10 +59,12 @@ */ static void __devinit set_cpuidmask(const struct cpuinfo_x86 *c) { + u32 eax, edx; const char *extra = ""; if (!~(opt_cpuid_mask_ecx & opt_cpuid_mask_edx & - opt_cpuid_mask_ext_ecx & opt_cpuid_mask_ext_edx)) + opt_cpuid_mask_ext_ecx & opt_cpuid_mask_ext_edx & + opt_cpuid_mask_xsave_eax)) return; /* Only family 6 supports this feature */ @@ -75,7 +77,11 @@ wrmsr(MSR_INTEL_CPUID_FEATURE_MASK, opt_cpuid_mask_ecx, opt_cpuid_mask_edx); - if (!~(opt_cpuid_mask_ext_ecx & opt_cpuid_mask_ext_edx)) + if (~(opt_cpuid_mask_ext_ecx & opt_cpuid_mask_ext_edx)) + extra = "extended "; + else if (~opt_cpuid_mask_xsave_eax) + extra = "xsave "; + else return; extra = "extended "; break; @@ -97,11 +103,25 @@ wrmsr(MSR_INTEL_CPUID80000001_FEATURE_MASK, opt_cpuid_mask_ext_ecx, opt_cpuid_mask_ext_edx); + if (!~opt_cpuid_mask_xsave_eax) + return; + extra = "xsave "; + break; + case 0x2a: + wrmsr(MSR_INTEL_CPUID1_FEATURE_MASK_V2, + opt_cpuid_mask_ecx, + opt_cpuid_mask_edx); + rdmsr(MSR_INTEL_CPUIDD_01_FEATURE_MASK, eax, edx); + wrmsr(MSR_INTEL_CPUIDD_01_FEATURE_MASK, + opt_cpuid_mask_xsave_eax, edx); + wrmsr(MSR_INTEL_CPUID80000001_FEATURE_MASK_V2, + opt_cpuid_mask_ext_ecx, + opt_cpuid_mask_ext_edx); return; } - printk(XENLOG_ERR "Cannot set CPU feature mask on CPU#%d\n", - smp_processor_id()); + printk(XENLOG_ERR "Cannot set CPU %sfeature mask on CPU#%d\n", + extra, smp_processor_id()); } void __devinit early_intel_workaround(struct cpuinfo_x86 *c) diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/domctl.c xen-4.1.3/xen/arch/x86/domctl.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/domctl.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/domctl.c 2012-08-09 22:08:08.000000000 +0200 @@ -873,7 +873,7 @@ break; } - ret = xsm_assign_device(d, domctl->u.assign_device.machine_bdf); + ret = xsm_deassign_device(d, domctl->u.assign_device.machine_bdf); if ( ret ) goto deassign_device_out; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/hvm.c xen-4.1.3/xen/arch/x86/hvm/hvm.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/hvm.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/hvm/hvm.c 2012-08-09 22:08:08.000000000 +0200 @@ -1109,7 +1109,7 @@ domain_shutdown(v->domain, SHUTDOWN_reboot); } -bool_t hvm_hap_nested_page_fault(unsigned long gpa, +bool_t hvm_hap_nested_page_fault(paddr_t gpa, bool_t gla_valid, unsigned long gla, bool_t access_valid, diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/io.c xen-4.1.3/xen/arch/x86/hvm/io.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/io.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/hvm/io.c 2012-08-09 22:08:08.000000000 +0200 @@ -176,6 +176,8 @@ rc = hvm_emulate_one(&ctxt); + if ( rc != X86EMUL_RETRY ) + curr->arch.hvm_vcpu.io_state = HVMIO_none; if ( curr->arch.hvm_vcpu.io_state == HVMIO_awaiting_completion ) curr->arch.hvm_vcpu.io_state = HVMIO_handle_mmio_awaiting_completion; else diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/svm/asid.c xen-4.1.3/xen/arch/x86/hvm/svm/asid.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/svm/asid.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/hvm/svm/asid.c 2012-08-09 22:08:08.000000000 +0200 @@ -38,7 +38,7 @@ * Called directly before VMRUN. Checks if the VCPU needs a new ASID, * assigns it, and if required, issues required TLB flushes. */ -asmlinkage void svm_asid_handle_vmrun(void) +void svm_asid_handle_vmrun(void) { struct vcpu *curr = current; struct vmcb_struct *vmcb = curr->arch.hvm_svm.vmcb; @@ -52,7 +52,8 @@ return; } - vmcb_set_guest_asid(vmcb, curr->arch.hvm_vcpu.asid); + if (vmcb_get_guest_asid(vmcb) != curr->arch.hvm_vcpu.asid) + vmcb_set_guest_asid(vmcb, curr->arch.hvm_vcpu.asid); vmcb->tlb_control = need_flush; } diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/svm/intr.c xen-4.1.3/xen/arch/x86/hvm/svm/intr.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/svm/intr.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/hvm/svm/intr.c 2012-08-09 22:08:08.000000000 +0200 @@ -116,7 +116,7 @@ vmcb, general1_intercepts | GENERAL1_INTERCEPT_VINTR); } -asmlinkage void svm_intr_assist(void) +void svm_intr_assist(void) { struct vcpu *v = current; struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/svm/svm.c xen-4.1.3/xen/arch/x86/hvm/svm/svm.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/svm/svm.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/hvm/svm/svm.c 2012-08-09 22:08:08.000000000 +0200 @@ -1534,7 +1534,7 @@ .get_insn_bytes = svm_get_insn_bytes, }; -asmlinkage void svm_vmexit_handler(struct cpu_user_regs *regs) +void svm_vmexit_handler(struct cpu_user_regs *regs) { unsigned int exit_reason; struct vcpu *v = current; @@ -1851,7 +1851,7 @@ vmcb_set_vintr(vmcb, intr); } -asmlinkage void svm_trace_vmentry(void) +void svm_trace_vmentry(void) { HVMTRACE_ND (VMENTRY, 1/*cycles*/, 0, 0, 0, 0, 0, 0, 0); } diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/vmx/intr.c xen-4.1.3/xen/arch/x86/hvm/vmx/intr.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/vmx/intr.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/hvm/vmx/intr.c 2012-08-09 22:08:08.000000000 +0200 @@ -109,7 +109,7 @@ } } -asmlinkage void vmx_intr_assist(void) +void vmx_intr_assist(void) { struct hvm_intack intack; struct vcpu *v = current; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/vmx/vmx.c xen-4.1.3/xen/arch/x86/hvm/vmx/vmx.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/hvm/vmx/vmx.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/hvm/vmx/vmx.c 2012-08-09 22:08:08.000000000 +0200 @@ -2035,7 +2035,7 @@ domain_crash(curr->domain); } -asmlinkage void vmx_enter_realmode(struct cpu_user_regs *regs) +void vmx_enter_realmode(struct cpu_user_regs *regs) { struct vcpu *v = current; @@ -2089,7 +2089,7 @@ return 0; } -asmlinkage void vmx_vmexit_handler(struct cpu_user_regs *regs) +void vmx_vmexit_handler(struct cpu_user_regs *regs) { unsigned int exit_reason, idtv_info, intr_info = 0, vector = 0; unsigned long exit_qualification, inst_len = 0; @@ -2518,7 +2518,7 @@ } } -asmlinkage void vmx_vmenter_helper(void) +void vmx_vmenter_helper(void) { struct vcpu *curr = current; u32 new_asid, old_asid; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/io_apic.c xen-4.1.3/xen/arch/x86/io_apic.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/io_apic.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/io_apic.c 2012-08-09 22:08:08.000000000 +0200 @@ -2665,7 +2665,7 @@ } } - nr_irqs_gsi = max(nr_irqs_gsi, highest_gsi()); + nr_irqs_gsi = max(nr_irqs_gsi, highest_gsi() + 1); if ( max_gsi_irqs == 0 ) max_gsi_irqs = nr_irqs ? nr_irqs / 8 : PAGE_SIZE; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/irq.c xen-4.1.3/xen/arch/x86/irq.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/irq.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/irq.c 2012-08-09 22:08:08.000000000 +0200 @@ -636,7 +636,7 @@ DEFINE_PER_CPU(unsigned int, irq_count); -asmlinkage void do_IRQ(struct cpu_user_regs *regs) +void do_IRQ(struct cpu_user_regs *regs) { struct irqaction *action; uint32_t tsc_in; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/mm/p2m.c xen-4.1.3/xen/arch/x86/mm/p2m.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/mm/p2m.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/mm/p2m.c 2012-08-09 22:08:08.000000000 +0200 @@ -2044,6 +2044,8 @@ #ifdef __x86_64__ for ( gfn=0; gfn < p2m->max_mapped_pfn; gfn++ ) { + if ( atomic_read(&d->shr_pages) == 0 ) + break; mfn = p2m->get_entry(p2m, gfn, &t, &a, p2m_query); if ( mfn_valid(mfn) && (t == p2m_ram_shared) ) BUG_ON(mem_sharing_unshare_page(p2m, gfn, MEM_SHARING_DESTROY_GFN)); @@ -3032,7 +3034,7 @@ mem_event_unpause_vcpus(d); } -void p2m_mem_access_check(unsigned long gpa, bool_t gla_valid, unsigned long gla, +void p2m_mem_access_check(paddr_t gpa, bool_t gla_valid, unsigned long gla, bool_t access_r, bool_t access_w, bool_t access_x) { struct vcpu *v = current; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/trace.c xen-4.1.3/xen/arch/x86/trace.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/trace.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/trace.c 2012-08-09 22:08:09.000000000 +0200 @@ -11,7 +11,7 @@ #define TRC_64_FLAG 0 #endif -asmlinkage void trace_hypercall(void) +void trace_hypercall(void) { struct cpu_user_regs *regs = guest_cpu_user_regs(); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/traps.c xen-4.1.3/xen/arch/x86/traps.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/traps.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/traps.c 2012-08-09 22:08:09.000000000 +0200 @@ -420,7 +420,7 @@ * are disabled). In such situations we can't do much that is safe. We try to * print out some tracing and then we just spin. */ -asmlinkage void fatal_trap(int trapnr, struct cpu_user_regs *regs) +void fatal_trap(int trapnr, struct cpu_user_regs *regs) { static DEFINE_PER_CPU(char, depth); @@ -534,7 +534,7 @@ * Called from asm to set up the MCE trapbounce info. * Returns 0 if no callback is set up, else 1. */ -asmlinkage int set_guest_machinecheck_trapbounce(void) +int set_guest_machinecheck_trapbounce(void) { struct vcpu *v = current; struct trap_bounce *tb = &v->arch.trap_bounce; @@ -548,7 +548,7 @@ * Called from asm to set up the NMI trapbounce info. * Returns 0 if no callback is set up, else 1. */ -asmlinkage int set_guest_nmi_trapbounce(void) +int set_guest_nmi_trapbounce(void) { struct vcpu *v = current; struct trap_bounce *tb = &v->arch.trap_bounce; @@ -596,13 +596,13 @@ } #define DO_ERROR_NOCODE(trapnr, name) \ -asmlinkage void do_##name(struct cpu_user_regs *regs) \ +void do_##name(struct cpu_user_regs *regs) \ { \ do_trap(trapnr, regs, 0); \ } #define DO_ERROR(trapnr, name) \ -asmlinkage void do_##name(struct cpu_user_regs *regs) \ +void do_##name(struct cpu_user_regs *regs) \ { \ do_trap(trapnr, regs, 1); \ } @@ -959,7 +959,7 @@ return EXCRET_fault_fixed; } -asmlinkage void do_invalid_op(struct cpu_user_regs *regs) +void do_invalid_op(struct cpu_user_regs *regs) { struct bug_frame bug; struct bug_frame_str bug_str; @@ -1053,7 +1053,7 @@ panic("FATAL TRAP: vector = %d (invalid opcode)\n", TRAP_invalid_op); } -asmlinkage void do_int3(struct cpu_user_regs *regs) +void do_int3(struct cpu_user_regs *regs) { DEBUGGER_trap_entry(TRAP_int3, regs); @@ -1066,7 +1066,7 @@ do_guest_trap(TRAP_int3, regs, 0); } -asmlinkage void do_machine_check(struct cpu_user_regs *regs) +void do_machine_check(struct cpu_user_regs *regs) { machine_check_vector(regs, regs->error_code); } @@ -1367,7 +1367,7 @@ * Bit 3: Reserved bit violation * Bit 4: Instruction fetch */ -asmlinkage void do_page_fault(struct cpu_user_regs *regs) +void do_page_fault(struct cpu_user_regs *regs) { unsigned long addr, fixup; unsigned int error_code; @@ -1433,7 +1433,7 @@ * during early boot (an issue was seen once, but was most likely a hardware * problem). */ -asmlinkage void __init do_early_page_fault(struct cpu_user_regs *regs) +void __init do_early_page_fault(struct cpu_user_regs *regs) { static int stuck; static unsigned long prev_eip, prev_cr2; @@ -1678,7 +1678,7 @@ while ( bytes != 0 ) { unsigned int size = 1; - uint32_t sub_data = 0xff; + uint32_t sub_data = ~0; if ( (port == 0x42) || (port == 0x43) || (port == 0x61) ) { @@ -2978,7 +2978,7 @@ #endif } -asmlinkage void do_general_protection(struct cpu_user_regs *regs) +void do_general_protection(struct cpu_user_regs *regs) { struct vcpu *v = current; unsigned long fixup; @@ -3225,7 +3225,7 @@ outb((inb(0x61) & 0x07) | 0x00, 0x61); /* enable IOCK */ } -static void unknown_nmi_error(unsigned char reason) +static void unknown_nmi_error(struct cpu_user_regs *regs, unsigned char reason) { switch ( opt_nmi[0] ) { @@ -3234,10 +3234,10 @@ case 'i': /* 'ignore' */ break; default: /* 'fatal' */ + console_force_unlock(); printk("Uhhuh. NMI received for unknown reason %02x.\n", reason); - printk("Dazed and confused, but trying to continue\n"); printk("Do you have a strange power saving mode enabled?\n"); - kexec_crash(); + fatal_trap(TRAP_nmi, regs); } } @@ -3248,7 +3248,7 @@ static nmi_callback_t nmi_callback = dummy_nmi_callback; -asmlinkage void do_nmi(struct cpu_user_regs *regs) +void do_nmi(struct cpu_user_regs *regs) { unsigned int cpu = smp_processor_id(); unsigned char reason; @@ -3270,7 +3270,7 @@ else if ( reason & 0x40 ) io_check_error(regs); else if ( !nmi_watchdog ) - unknown_nmi_error((unsigned char)(reason&0xff)); + unknown_nmi_error(regs, (unsigned char)(reason&0xff)); } } @@ -3284,7 +3284,7 @@ nmi_callback = dummy_nmi_callback; } -asmlinkage void do_device_not_available(struct cpu_user_regs *regs) +void do_device_not_available(struct cpu_user_regs *regs) { struct vcpu *curr = current; @@ -3325,7 +3325,7 @@ wrmsrl(MSR_IA32_DEBUGCTLMSR, debugctl | 1); } -asmlinkage void do_debug(struct cpu_user_regs *regs) +void do_debug(struct cpu_user_regs *regs) { struct vcpu *v = current; @@ -3378,7 +3378,7 @@ return; } -asmlinkage void do_spurious_interrupt_bug(struct cpu_user_regs *regs) +void do_spurious_interrupt_bug(struct cpu_user_regs *regs) { } diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/x86_32/traps.c xen-4.1.3/xen/arch/x86/x86_32/traps.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/x86_32/traps.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/x86_32/traps.c 2012-08-09 22:08:09.000000000 +0200 @@ -20,7 +20,7 @@ #include -extern asmlinkage int hypercall(void); +extern int hypercall(void); static void print_xen_info(void) { @@ -229,7 +229,7 @@ .notifier_call = cpu_doublefault_tss_callback }; -asmlinkage void do_double_fault(void) +void do_double_fault(void) { struct tss_struct *tss; unsigned int cpu; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/x86_64/traps.c xen-4.1.3/xen/arch/x86/x86_64/traps.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/arch/x86/x86_64/traps.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/arch/x86/x86_64/traps.c 2012-08-09 22:08:09.000000000 +0200 @@ -23,10 +23,10 @@ #include #include -asmlinkage void syscall_enter(void); -asmlinkage void sysenter_entry(void); -asmlinkage void compat_hypercall(void); -asmlinkage void int80_direct_trap(void); +void syscall_enter(void); +void sysenter_entry(void); +void compat_hypercall(void); +void int80_direct_trap(void); static void print_xen_info(void) { @@ -215,8 +215,8 @@ l1_table_offset(addr), l1e_get_intpte(l1e), pfn); } -asmlinkage void double_fault(void); -asmlinkage void do_double_fault(struct cpu_user_regs *regs) +void double_fault(void); +void do_double_fault(struct cpu_user_regs *regs) { unsigned int cpu; @@ -385,13 +385,13 @@ BUILD_BUG_ON((IST_MAX + 2) * PAGE_SIZE + PRIMARY_STACK_SIZE > STACK_SIZE); /* Machine Check handler has its own per-CPU 4kB stack. */ - this_cpu(init_tss).ist[IST_MCE] = (unsigned long)&stack[IST_MCE * PAGE_SIZE]; + this_cpu(init_tss).ist[IST_MCE-1] = (unsigned long)&stack[IST_MCE * PAGE_SIZE]; /* Double-fault handler has its own per-CPU 4kB stack. */ - this_cpu(init_tss).ist[IST_DF] = (unsigned long)&stack[IST_DF * PAGE_SIZE]; + this_cpu(init_tss).ist[IST_DF-1] = (unsigned long)&stack[IST_DF * PAGE_SIZE]; /* NMI handler has its own per-CPU 4kB stack. */ - this_cpu(init_tss).ist[IST_NMI] = (unsigned long)&stack[IST_NMI * PAGE_SIZE]; + this_cpu(init_tss).ist[IST_NMI-1] = (unsigned long)&stack[IST_NMI * PAGE_SIZE]; /* Trampoline for SYSCALL entry from long mode. */ stack = &stack[IST_MAX * PAGE_SIZE]; /* Skip the IST stacks. */ diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/common/kernel.c xen-4.1.3/xen/common/kernel.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/common/kernel.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/common/kernel.c 2012-08-09 22:08:09.000000000 +0200 @@ -92,7 +92,7 @@ if ( !bool_assert ) optkey += 3; - for ( param = &__setup_start; param <= &__setup_end; param++ ) + for ( param = &__setup_start; param < &__setup_end; param++ ) { if ( strcmp(param->name, optkey) ) continue; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/common/schedule.c xen-4.1.3/xen/common/schedule.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/common/schedule.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/common/schedule.c 2012-08-09 22:08:09.000000000 +0200 @@ -1122,6 +1122,7 @@ bool_t tasklet_work_scheduled = 0; struct schedule_data *sd; struct task_slice next_slice; + int cpu = smp_processor_id(); ASSERT(!in_atomic()); @@ -1146,7 +1147,7 @@ BUG(); } - spin_lock_irq(sd->schedule_lock); + pcpu_schedule_lock_irq(cpu); stop_timer(&sd->s_timer); @@ -1163,7 +1164,7 @@ if ( unlikely(prev == next) ) { - spin_unlock_irq(sd->schedule_lock); + pcpu_schedule_unlock_irq(cpu); trace_continue_running(next); return continue_running(prev); } @@ -1201,7 +1202,7 @@ ASSERT(!next->is_running); next->is_running = 1; - spin_unlock_irq(sd->schedule_lock); + pcpu_schedule_unlock_irq(cpu); perfc_incr(sched_ctx); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/drivers/acpi/pmstat.c xen-4.1.3/xen/drivers/acpi/pmstat.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/drivers/acpi/pmstat.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/drivers/acpi/pmstat.c 2012-08-09 22:08:09.000000000 +0200 @@ -68,6 +68,8 @@ case PMSTAT_PX: if ( !(xen_processor_pmbits & XEN_PROCESSOR_PM_PX) ) return -ENODEV; + if ( !cpufreq_driver ) + return -ENODEV; if ( !pmpt || !(pmpt->perf.init & XEN_PX_INIT) ) return -EINVAL; break; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/drivers/passthrough/vtd/iommu.c xen-4.1.3/xen/drivers/passthrough/vtd/iommu.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/drivers/passthrough/vtd/iommu.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/drivers/passthrough/vtd/iommu.c 2012-08-09 22:08:09.000000000 +0200 @@ -118,6 +118,27 @@ return 0; } +static int context_get_domain_id(struct context_entry *context, + struct iommu *iommu) +{ + unsigned long dom_index, nr_dom; + int domid = -1; + + if (iommu && context) + { + nr_dom = cap_ndoms(iommu->cap); + + dom_index = context_domain_id(*context); + + if ( dom_index < nr_dom && iommu->domid_map) + domid = iommu->domid_map[dom_index]; + else + dprintk(XENLOG_DEBUG VTDPREFIX, "%s: dom_index %lu exceeds nr_dom %lu or iommu has no domid_map\n", + __func__, dom_index, nr_dom); + } + return domid; +} + static struct intel_iommu *__init alloc_intel_iommu(void) { struct intel_iommu *intel; @@ -1278,7 +1299,6 @@ struct hvm_iommu *hd = domain_hvm_iommu(domain); struct context_entry *context, *context_entries; u64 maddr, pgd_maddr; - struct pci_dev *pdev = NULL; int agaw; ASSERT(spin_is_locked(&pcidevs_lock)); @@ -1290,12 +1310,45 @@ if ( context_present(*context) ) { int res = 0; + struct pci_dev *pdev = NULL; + /* First try to get domain ownership from device structure. If that's + * not available, try to read it from the context itself. */ pdev = pci_get_pdev(bus, devfn); - if (!pdev) - res = -ENODEV; - else if (pdev->domain != domain) - res = -EINVAL; + if ( pdev ) + { + if ( pdev->domain != domain ) + { + dprintk(XENLOG_INFO VTDPREFIX, "d%d: bdf = %x:%x.%x owned by d%d!", + domain->domain_id, + bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + (pdev->domain) + ? pdev->domain->domain_id : -1); + res = -EINVAL; + } + } + else + { + int cdomain; + cdomain = context_get_domain_id(context, iommu); + + if ( cdomain < 0 ) + { + dprintk(VTDPREFIX, "d%d: bdf = %x:%x.%x mapped, but can't find owner!\n", + domain->domain_id, + bus, PCI_SLOT(devfn), PCI_FUNC(devfn)); + res = -EINVAL; + } + else if ( cdomain != domain->domain_id ) + { + dprintk(XENLOG_INFO VTDPREFIX, "d%d: bdf = %x:%x.%x already mapped to d%d!", + domain->domain_id, + bus, PCI_SLOT(devfn), PCI_FUNC(devfn), + cdomain); + res = -EINVAL; + } + } + unmap_vtd_domain_page(context_entries); spin_unlock(&iommu->lock); return res; @@ -2105,6 +2158,15 @@ { iommu = drhd->iommu; + printk("Intel VT-d supported page sizes: 4kB"); + if (cap_sps_2mb(iommu->cap)) + printk(", 2MB"); + + if (cap_sps_1gb(iommu->cap)) + printk(", 1GB"); + + printk(".\n"); + if ( iommu_snoop && !ecap_snp_ctl(iommu->ecap) ) iommu_snoop = 0; diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/drivers/passthrough/vtd/qinval.c xen-4.1.3/xen/drivers/passthrough/vtd/qinval.c --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/drivers/passthrough/vtd/qinval.c 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/drivers/passthrough/vtd/qinval.c 2012-08-09 22:08:09.000000000 +0200 @@ -140,7 +140,7 @@ qinval_entry->q.iotlb_inv_dsc.hi.am = am; qinval_entry->q.iotlb_inv_dsc.hi.ih = ih; qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0; - qinval_entry->q.iotlb_inv_dsc.hi.addr = addr; + qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >> PAGE_SHIFT_4K; unmap_vtd_domain_page(qinval_entries); spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/acpi/cpufreq/processor_perf.h xen-4.1.3/xen/include/acpi/cpufreq/processor_perf.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/acpi/cpufreq/processor_perf.h 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/include/acpi/cpufreq/processor_perf.h 2012-08-09 22:08:09.000000000 +0200 @@ -6,7 +6,7 @@ #define XEN_PX_INIT 0x80000000 -int get_cpu_id(u8); +int get_cpu_id(u32); int powernow_cpufreq_init(void); unsigned int powernow_register_driver(void); unsigned int get_measured_perf(unsigned int cpu, unsigned int flag); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/config.h xen-4.1.3/xen/include/asm-x86/config.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/config.h 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/include/asm-x86/config.h 2012-08-09 22:08:09.000000000 +0200 @@ -110,13 +110,13 @@ extern unsigned int video_mode, video_flags; #endif +#define asmlinkage + #if defined(__x86_64__) #define CONFIG_X86_64 1 #define CONFIG_COMPAT 1 -#define asmlinkage - #define PML4_ENTRY_BITS 39 #ifndef __ASSEMBLY__ #define PML4_ENTRY_BYTES (1UL << PML4_ENTRY_BITS) @@ -280,8 +280,6 @@ #define CONFIG_X86_32 1 #define CONFIG_DOMAIN_PAGE 1 -#define asmlinkage __attribute__((regparm(0))) - /* * Memory layout (high to low): PAE-SIZE * ------ diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/hvm/hvm.h xen-4.1.3/xen/include/asm-x86/hvm/hvm.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/hvm/hvm.h 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/include/asm-x86/hvm/hvm.h 2012-08-09 22:08:10.000000000 +0200 @@ -368,7 +368,7 @@ int hvm_debug_op(struct vcpu *v, int32_t op); -bool_t hvm_hap_nested_page_fault(unsigned long gpa, +bool_t hvm_hap_nested_page_fault(paddr_t gpa, bool_t gla_valid, unsigned long gla, bool_t access_valid, bool_t access_r, diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/irq.h xen-4.1.3/xen/include/asm-x86/irq.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/irq.h 2012-06-14 12:40:00.000000000 +0200 +++ xen-4.1.3/xen/include/asm-x86/irq.h 2012-08-09 22:08:10.000000000 +0200 @@ -97,7 +97,7 @@ fastcall void smp_cmci_interrupt(struct cpu_user_regs *regs); fastcall void smp_irq_move_cleanup_interrupt(struct cpu_user_regs *regs); -asmlinkage void do_IRQ(struct cpu_user_regs *regs); +void do_IRQ(struct cpu_user_regs *regs); void disable_8259A_irq(unsigned int irq); void enable_8259A_irq(unsigned int irq); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/msr-index.h xen-4.1.3/xen/include/asm-x86/msr-index.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/msr-index.h 2012-06-14 12:40:00.000000000 +0200 +++ xen-4.1.3/xen/include/asm-x86/msr-index.h 2012-08-09 22:08:10.000000000 +0200 @@ -495,6 +495,10 @@ #define MSR_INTEL_CPUID1_FEATURE_MASK 0x00000130 #define MSR_INTEL_CPUID80000001_FEATURE_MASK 0x00000131 +#define MSR_INTEL_CPUID1_FEATURE_MASK_V2 0x00000132 +#define MSR_INTEL_CPUID80000001_FEATURE_MASK_V2 0x00000133 +#define MSR_INTEL_CPUIDD_01_FEATURE_MASK 0x00000134 + /* Intel cpuid faulting MSRs */ #define MSR_INTEL_PLATFORM_INFO 0x000000ce #define MSR_INTEL_MISC_FEATURES_ENABLES 0x00000140 diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/p2m.h xen-4.1.3/xen/include/asm-x86/p2m.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/p2m.h 2012-06-14 12:40:00.000000000 +0200 +++ xen-4.1.3/xen/include/asm-x86/p2m.h 2012-08-09 22:08:10.000000000 +0200 @@ -539,12 +539,12 @@ #ifdef __x86_64__ /* Send mem event based on the access (gla is -1ull if not available). Handles * the rw2rx conversion */ -void p2m_mem_access_check(unsigned long gpa, bool_t gla_valid, unsigned long gla, +void p2m_mem_access_check(paddr_t gpa, bool_t gla_valid, unsigned long gla, bool_t access_r, bool_t access_w, bool_t access_x); /* Resumes the running of the VCPU, restarting the last instruction */ void p2m_mem_access_resume(struct p2m_domain *p2m); #else -static inline void p2m_mem_access_check(unsigned long gpa, bool_t gla_valid, +static inline void p2m_mem_access_check(paddr_t gpa, bool_t gla_valid, unsigned long gla, bool_t access_r, bool_t access_w, bool_t access_x) { } diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/processor.h xen-4.1.3/xen/include/asm-x86/processor.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/processor.h 2012-06-14 12:40:00.000000000 +0200 +++ xen-4.1.3/xen/include/asm-x86/processor.h 2012-08-09 22:08:10.000000000 +0200 @@ -427,7 +427,9 @@ union { u64 rsp1, esp1; }; union { u64 rsp2, esp2; }; u64 reserved1; - u64 ist[7]; + u64 ist[7]; /* Interrupt Stack Table is 1-based so tss->ist[0] + * corresponds to an IST value of 1 in an Interrupt + * Descriptor */ u64 reserved2; u16 reserved3; #else @@ -548,7 +550,7 @@ void show_execution_state(struct cpu_user_regs *regs); #define dump_execution_state() run_in_exception_handler(show_execution_state) void show_page_walk(unsigned long addr); -asmlinkage void fatal_trap(int trapnr, struct cpu_user_regs *regs); +void fatal_trap(int trapnr, struct cpu_user_regs *regs); #ifdef CONFIG_COMPAT void compat_show_guest_stack(struct vcpu *, struct cpu_user_regs *, int lines); @@ -562,8 +564,8 @@ void mcheck_init(struct cpuinfo_x86 *c, bool_t bsp); #define DECLARE_TRAP_HANDLER(_name) \ -asmlinkage void _name(void); \ -asmlinkage void do_ ## _name(struct cpu_user_regs *regs) +void _name(void); \ +void do_ ## _name(struct cpu_user_regs *regs) DECLARE_TRAP_HANDLER(divide_error); DECLARE_TRAP_HANDLER(debug); DECLARE_TRAP_HANDLER(nmi); diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/x86_32/asm_defns.h xen-4.1.3/xen/include/asm-x86/x86_32/asm_defns.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/x86_32/asm_defns.h 2012-06-14 12:40:00.000000000 +0200 +++ xen-4.1.3/xen/include/asm-x86/x86_32/asm_defns.h 2012-08-09 22:08:10.000000000 +0200 @@ -138,7 +138,7 @@ #define IRQ_NAME(nr) IRQ_NAME2(IRQ##nr) #define BUILD_IRQ(nr) \ -asmlinkage void IRQ_NAME(nr); \ +void IRQ_NAME(nr); \ __asm__( \ "\n"__ALIGN_STR"\n" \ STR(IRQ) #nr "_interrupt:\n\t" \ diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/x86_64/asm_defns.h xen-4.1.3/xen/include/asm-x86/x86_64/asm_defns.h --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/include/asm-x86/x86_64/asm_defns.h 2012-06-14 12:40:00.000000000 +0200 +++ xen-4.1.3/xen/include/asm-x86/x86_64/asm_defns.h 2012-08-09 22:08:10.000000000 +0200 @@ -114,7 +114,7 @@ #define IRQ_NAME(nr) IRQ_NAME2(IRQ##nr) #define BUILD_IRQ(nr) \ -asmlinkage void IRQ_NAME(nr); \ +void IRQ_NAME(nr); \ __asm__( \ "\n"__ALIGN_STR"\n" \ STR(IRQ) #nr "_interrupt:\n\t" \ diff -Nru xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/Makefile xen-4.1.3/xen/Makefile --- xen-4.1.3~rc1+hg-20120614.a9c0a89c08f2/xen/Makefile 2012-06-14 12:39:59.000000000 +0200 +++ xen-4.1.3/xen/Makefile 2012-08-09 22:08:08.000000000 +0200 @@ -2,7 +2,7 @@ # All other places this is stored (eg. compile.h) should be autogenerated. export XEN_VERSION = 4 export XEN_SUBVERSION = 1 -export XEN_EXTRAVERSION ?= .3-rc2-pre$(XEN_VENDORVERSION) +export XEN_EXTRAVERSION ?= .3$(XEN_VENDORVERSION) export XEN_FULLVERSION = $(XEN_VERSION).$(XEN_SUBVERSION)$(XEN_EXTRAVERSION) -include xen-version