Hello community, here is the log from the commit of package xen for openSUSE:Factory checked in at 2017-06-04 01:49:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xen (Old) and /work/SRC/openSUSE:Factory/.xen.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xen" Sun Jun 4 01:49:50 2017 rev:229 rq:500486 version:4.9.0_07 Changes: -------- --- /work/SRC/openSUSE:Factory/xen/xen.changes 2017-05-27 13:09:39.973294867 +0200 +++ /work/SRC/openSUSE:Factory/.xen.new/xen.changes 2017-06-04 01:50:28.259526615 +0200 @@ -1,0 +2,26 @@ +Thu Jun 1 13:24:26 MDT 2017 - carn...@suse.com + +- bsc#1042160 - VUL-1: CVE-2017-9330: xen: usb: ohci: infinite loop + due to incorrect return value + CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch + +------------------------------------------------------------------- +Tue May 30 11:24:41 MDT 2017 - carn...@suse.com + +- bsc#1037243 - VUL-1: CVE-2017-8309: xen: audio: host memory + leakage via capture buffer + CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch + +------------------------------------------------------------------- +Fri May 26 12:58:06 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc7 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +------------------------------------------------------------------- +Mon May 22 14:43:01 MDT 2017 - carn...@suse.com + +- Update to Xen 4.9.0-rc6 (fate#321394, fate#323108) + xen-4.9.0-testing-src.tar.bz2 + +------------------------------------------------------------------- New: ---- CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xen.spec ++++++ --- /var/tmp/diff_new_pack.uB4tUt/_old 2017-06-04 01:50:31.191112417 +0200 +++ /var/tmp/diff_new_pack.uB4tUt/_new 2017-06-04 01:50:31.195111852 +0200 @@ -159,7 +159,7 @@ %endif %endif -Version: 4.9.0_04 +Version: 4.9.0_07 Release: 0 Summary: Xen Virtualization: Hypervisor (aka VMM aka Microkernel) License: GPL-2.0 @@ -237,6 +237,8 @@ Patch286: CVE-2016-8910-qemut-net-rtl8139-infinite-loop-while-transmit-in-Cplus-mode.patch Patch287: CVE-2016-9921-qemut-display-cirrus_vga-divide-by-zero-in-cirrus_do_copy.patch Patch288: CVE-2017-6505-qemut-usb-an-infinite-loop-issue-in-ohci_service_ed_list.patch +Patch289: CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch +Patch290: CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch # qemu-traditional patches that are not upstream Patch350: blktap.patch Patch351: cdrom-removable.patch @@ -557,6 +559,8 @@ %patch286 -p1 %patch287 -p1 %patch288 -p1 +%patch289 -p1 +%patch290 -p1 # Qemu traditional %patch350 -p1 %patch351 -p1 ++++++ CVE-2017-8309-qemut-audio-host-memory-leakage-via-capture-buffer.patch ++++++ References: bsc#1037243 CVE-2017-8309 Subject: audio: release capture buffers From: Gerd Hoffmann kra...@redhat.com Fri Apr 28 09:56:12 2017 +0200 Date: Thu May 4 08:31:48 2017 +0200: Git: 3268a845f41253fb55852a8429c32b50f36f349a AUD_add_capture() allocates two buffers which are never released. Add the missing calls to AUD_del_capture(). Impact: Allows vnc clients to exhaust host memory by repeatedly starting and stopping audio capture. Fixes: CVE-2017-8309 Cc: P J P <ppan...@redhat.com> Cc: Huawei PSIRT <ps...@huawei.com> Reported-by: "Jiangxin (hunter, SCC)" <jiangx...@huawei.com> Signed-off-by: Gerd Hoffmann <kra...@redhat.com> Reviewed-by: Prasad J Pandit <p...@fedoraproject.org> Message-id: 20170428075612.9997-1-kra...@redhat.com Index: xen-4.9.0-testing/tools/qemu-xen-traditional-dir-remote/audio/audio.c =================================================================== --- xen-4.9.0-testing.orig/tools/qemu-xen-traditional-dir-remote/audio/audio.c +++ xen-4.9.0-testing/tools/qemu-xen-traditional-dir-remote/audio/audio.c @@ -1937,6 +1937,8 @@ void AUD_del_capture (CaptureVoiceOut *c sw = sw1; } LIST_REMOVE (cap, entries); + qemu_free (cap->hw.mix_buf); + qemu_free (cap->buf); qemu_free (cap); } return; ++++++ CVE-2017-9330-qemut-usb-ohci-infinite-loop-due-to-incorrect-return-value.patch ++++++ References: bsc#1042160 CVE-2017-9330 Index: xen-4.9.0-testing/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c =================================================================== --- xen-4.9.0-testing.orig/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c +++ xen-4.9.0-testing/tools/qemu-xen-traditional-dir-remote/hw/usb-ohci.c @@ -583,7 +583,7 @@ static int ohci_service_iso_td(OHCIState if (!ohci_read_iso_td(addr, &iso_td)) { printf("usb-ohci: ISO_TD read error at %x\n", addr); - return 0; + return 1; } starting_frame = OHCI_BM(iso_td.flags, TD_SF); ++++++ aarch64-maybe-uninitialized.patch ++++++ --- /var/tmp/diff_new_pack.uB4tUt/_old 2017-06-04 01:50:31.371086989 +0200 +++ /var/tmp/diff_new_pack.uB4tUt/_new 2017-06-04 01:50:31.375086424 +0200 @@ -1,6 +1,8 @@ ---- xen-4.9.0-testing/tools/libxl/libxl_arm_acpi.c.orig 2017-04-28 09:40:33.038730388 -0600 -+++ xen-4.9.0-testing/tools/libxl/libxl_arm_acpi.c 2017-04-28 09:41:20.332937907 -0600 -@@ -98,7 +98,7 @@ int libxl__get_acpi_size(libxl__gc *gc, +Index: xen-4.9.0-testing/tools/libxl/libxl_arm_acpi.c +=================================================================== +--- xen-4.9.0-testing.orig/tools/libxl/libxl_arm_acpi.c ++++ xen-4.9.0-testing/tools/libxl/libxl_arm_acpi.c +@@ -99,7 +99,7 @@ int libxl__get_acpi_size(libxl__gc *gc, const libxl_domain_build_info *info, uint64_t *out) { @@ -9,7 +11,7 @@ int rc = 0; -@@ -123,7 +123,7 @@ static int libxl__allocate_acpi_tables(l +@@ -124,7 +124,7 @@ static int libxl__allocate_acpi_tables(l struct acpitable acpitables[]) { int rc; ++++++ libxl.pvscsi.patch ++++++ --- /var/tmp/diff_new_pack.uB4tUt/_old 2017-06-04 01:50:31.603054215 +0200 +++ /var/tmp/diff_new_pack.uB4tUt/_new 2017-06-04 01:50:31.603054215 +0200 @@ -226,7 +226,7 @@ =================================================================== --- xen-4.9.0-testing.orig/tools/libxl/libxl_internal.h +++ xen-4.9.0-testing/tools/libxl/libxl_internal.h -@@ -3527,6 +3527,7 @@ static inline int *libxl__device_type_ge +@@ -3531,6 +3531,7 @@ static inline int *libxl__device_type_ge extern const struct libxl_device_type libxl__disk_devtype; extern const struct libxl_device_type libxl__nic_devtype; extern const struct libxl_device_type libxl__vtpm_devtype; ++++++ libxl.set-migration-constraints-from-cmdline.patch ++++++ --- /var/tmp/diff_new_pack.uB4tUt/_old 2017-06-04 01:50:31.615052520 +0200 +++ /var/tmp/diff_new_pack.uB4tUt/_new 2017-06-04 01:50:31.619051954 +0200 @@ -331,7 +331,7 @@ =================================================================== --- xen-4.9.0-testing.orig/tools/libxl/libxl_internal.h +++ xen-4.9.0-testing/tools/libxl/libxl_internal.h -@@ -3302,6 +3302,10 @@ struct libxl__domain_save_state { +@@ -3306,6 +3306,10 @@ struct libxl__domain_save_state { /* private */ int rc; int hvm; ++++++ xen-4.9.0-testing-src.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/ChangeLog new/xen-4.9.0-testing/ChangeLog --- old/xen-4.9.0-testing/ChangeLog 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/ChangeLog 2017-05-26 20:56:48.000000000 +0200 @@ -1,13 +1,130 @@ -commit 17880a0f10421c5e456d593c70da03b1688d34ac -Author: Jan Beulich <jbeul...@suse.com> -Date: Fri May 12 17:24:17 2017 +0200 +commit 876800d5f9de8b15355172794cb82f505dd26e18 +Author: Ian Jackson <ian.jack...@eu.citrix.com> +Date: Wed May 24 16:54:11 2017 +0100 - public/elfnote: document non-alignment of relocated init-P2M + Makefile: Regularise subdir targets and their dependencies - Since PV kernels can't use large pages anyway, when the init-P2M - support was added it was decided to keep the implementation simple and - not align large pages in PFN space. Document this. + Recent changes to this Makefile have broken some build targets, and + some parallel builds. - Signed-off-by: Jan Beulich <jbeul...@suse.com> - Acked-by: Andrew Cooper <andrew.coop...@citrix.com> + Looking at it, I think I have identified the undocumented design + intent in the top-level Makefile. So in this patch I document it, and + also make it true. + + In detail: + + * Add a comment with the new design intent + * Get rid of the ad-hoc rules for recursing into tools/include, + and replace them with a pattern rule + * Add an appropriate dependency on TARGET-tools-public-headers from + TARGET-tools and TARGET-stubdom (but not dist-*). + * Get rid of all the separate invocations of $(MAKE) -C tools/include + which are now obsolete + * Un-deprecate the simple `tools' etc. targets (aliases for `dist-tools') + which we seem not to be making any effort to get rid of + + I have verified with the following shell script that after my change, + the tree producese the same results for various build targets as + 3fafdc28eb98 (before the Makefile-hacking started). + + My tests failed as expected for make -C tools, both before and after. + + Separately, there is a bug in the Makefiles that `make distclean-tools' + fails. I have not investigated that bug in detail. + + #!/bin/bash + + set -e + set -o pipefail + + listings=../listings + + rm -rf $listings + mkdir $listings + + chks () { + reskey="C$subdir $*" + reskey="${reskey// /_}" + reskey="${reskey//\//:}" + lk=$listings/$reskey + for suffix in '' -xen -tools -stubdom -docs; do + case "$subdir:$suffix" in + .:*) ;; + *:) ;; + *) continue;; + esac + git clean -qxdff + rm -rf $output + printf '%s' "running -C$subdir suffix=$suffix " + case "$subdir $suffix" in + *xen*) ;; + *) printf 'configure '; ./configure >$lk.cfg 2>&1 ;; + esac + fail='' + for targ in $*; do + realtarg=$targ$suffix + printf '%s ' "$realtarg" + if ! make -C $subdir -j10 $realtarg >${lk}_${realtarg}.log 2>&1 + then + fail=$realtarg + break + fi + done + if [ "$fail" ]; then + echo fail! + echo "$fail failed" >$lk.list + else + echo ok. + (test ! -e "$output" || find $output) |sort >$lk.list + fi + done + } + + subdirs='. xen docs tools' + + output=$PWD/dist + for subdir in $subdirs; do + chks build clean distclean + done + + output=$PWD/dist + subdir=. + chks dist + + export DESTDIR=$PWD/destdir + output=$PWD/destdir + for subdir in $subdirs; do + chks install + done + + And the output: + + (64)iwj@mariner:~/work/xen.git$ ~/junk/chks + running -C. suffix= configure build clean distclean ok. + running -C. suffix=-xen build-xen clean-xen distclean-xen ok. + running -C. suffix=-tools configure build-tools clean-tools distclean-tools fail! + running -C. suffix=-stubdom configure build-stubdom clean-stubdom distclean-stubdom ok. + running -C. suffix=-docs configure build-docs clean-docs distclean-docs ok. + running -Cxen suffix= build clean distclean ok. + running -Cdocs suffix= configure build clean distclean ok. + running -Ctools suffix= configure build fail! + running -C. suffix= configure dist ok. + running -C. suffix=-xen dist-xen ok. + running -C. suffix=-tools configure dist-tools ok. + running -C. suffix=-stubdom configure dist-stubdom ok. + running -C. suffix=-docs configure dist-docs ok. + running -C. suffix= configure install ok. + running -C. suffix=-xen install-xen ok. + running -C. suffix=-tools configure install-tools ok. + running -C. suffix=-stubdom configure install-stubdom ok. + running -C. suffix=-docs configure install-docs ok. + running -Cxen suffix= install ok. + running -Cdocs suffix= configure install ok. + running -Ctools suffix= configure install fail! + (64)iwj@mariner:~/work/xen.git$ + + CC: Wei Liu <wei.l...@citrix.com> + Signed-off-by: Ian Jackson <ian.jack...@eu.citrix.com> + Tested-by: M A Young <m.a.yo...@durham.ac.uk> + Tested-by: Andrew Cooper <andrew.coop...@citrix.com> Release-acked-by: Julien Grall <julien.gr...@arm.com> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/Makefile new/xen-4.9.0-testing/Makefile --- old/xen-4.9.0-testing/Makefile 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/Makefile 2017-05-26 20:56:48.000000000 +0200 @@ -38,6 +38,10 @@ export XEN_TARGET_ARCH export DESTDIR +.PHONY: %-tools-public-headers +%-tools-public-headers: + $(MAKE) -C tools/include $* + # build and install everything into the standard system directories .PHONY: install install: $(TARGS_INSTALL) @@ -50,11 +54,11 @@ $(MAKE) -C xen build .PHONY: build-tools -build-tools: +build-tools: build-tools-public-headers $(MAKE) -C tools build .PHONY: build-stubdom -build-stubdom: mini-os-dir +build-stubdom: mini-os-dir build-tools-public-headers $(MAKE) -C stubdom build ifeq (x86_64,$(XEN_TARGET_ARCH)) XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom pv-grub @@ -71,7 +75,22 @@ test: $(MAKE) -C tools/python test -# build and install everything into local dist directory +# For most targets here, +# make COMPONENT-TARGET +# is implemented, more or less, by +# make -C COMPONENT TARGET +# +# Each rule that does this needs to have dependencies on any +# other COMPONENTs that have to be processed first. See +# The install-tools target here for an example. +# +# dist* targets are special: these do not occur in lower-level +# Makefiles. Instead, these are all implemented only here. +# They run the appropriate install targets with DESTDIR set. +# +# Also, we have a number of targets COMPONENT which run +# dist-COMPONENT, for convenience. + .PHONY: dist dist: DESTDIR=$(DISTDIR)/install dist: $(TARGS_DIST) dist-misc @@ -81,11 +100,12 @@ $(INSTALL_DATA) ./COPYING $(DISTDIR) $(INSTALL_DATA) ./README $(DISTDIR) $(INSTALL_PROG) ./install.sh $(DISTDIR) + + dist-%: DESTDIR=$(DISTDIR)/install dist-%: install-% @: # do nothing -# Legacy dist targets .PHONY: xen tools stubdom docs xen: dist-xen tools: dist-tools @@ -97,11 +117,11 @@ $(MAKE) -C xen install .PHONY: install-tools -install-tools: +install-tools: install-tools-public-headers $(MAKE) -C tools install .PHONY: install-stubdom -install-stubdom: mini-os-dir +install-stubdom: mini-os-dir install-tools-public-headers $(MAKE) -C stubdom install ifeq (x86_64,$(XEN_TARGET_ARCH)) XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom install-grub @@ -174,11 +194,11 @@ $(MAKE) -C xen clean .PHONY: clean-tools -clean-tools: +clean-tools: clean-tools-public-headers $(MAKE) -C tools clean .PHONY: clean-stubdom -clean-stubdom: +clean-stubdom: clean-tools-public-headers $(MAKE) -C stubdom crossclean ifeq (x86_64,$(XEN_TARGET_ARCH)) XEN_TARGET_ARCH=x86_32 $(MAKE) -C stubdom crossclean @@ -191,6 +211,7 @@ # clean, but blow away tarballs .PHONY: distclean distclean: $(TARGS_DISTCLEAN) + $(MAKE) -C tools/include distclean rm -f config/Toplevel.mk rm -rf dist rm -rf config.log config.status config.cache autom4te.cache diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/stubdom/Makefile new/xen-4.9.0-testing/stubdom/Makefile --- old/xen-4.9.0-testing/stubdom/Makefile 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/stubdom/Makefile 2017-05-26 20:56:48.000000000 +0200 @@ -295,10 +295,12 @@ $(buildmakevars2shellvars); \ cd ioemu; \ src="$$XEN_ROOT/tools/qemu-xen-traditional-dir"; export src; \ - (cd $$src && find * -type d -print) | xargs mkdir -p; \ - (cd $$src && find * ! -type l -type f $(addprefix ! -name , \ + (cd $$src && find * -type d \ + $(addprefix ! -path , '*-softmmu*' '*-linux-user*') -print) \ + | xargs mkdir -p; \ + (cd $$src && find * ! -type l -type f $(addprefix ! -path , \ '*.[oda1]' 'config-*' config.mak qemu-dm qemu-img-xen \ - '*.html' '*.pod' \ + '*.html' '*.pod' '*-softmmu*' '*-linux-user*' \ )) >linkfarm.stamp.tmp; \ cmp -s linkfarm.stamp.tmp linkfarm.stamp && \ rm linkfarm.stamp.tmp || { \ @@ -353,7 +355,6 @@ LINK_STAMPS := $(foreach dir,$(LINK_DIRS),$(dir)/stamp) mk-headers-$(XEN_TARGET_ARCH): $(IOEMU_LINKFARM_TARGET) $(LINK_STAMPS) - $(MAKE) -C $(XEN_ROOT)/tools/include mkdir -p include/xen && \ ln -sf $(wildcard $(XEN_ROOT)/xen/include/public/*.h) include/xen && \ ln -sf $(addprefix $(XEN_ROOT)/xen/include/public/,arch-x86 hvm io xsm) include/xen && \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/Makefile new/xen-4.9.0-testing/tools/Makefile --- old/xen-4.9.0-testing/tools/Makefile 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/Makefile 2017-05-26 20:56:48.000000000 +0200 @@ -5,7 +5,6 @@ include $(XEN_ROOT)/tools/Rules.mk SUBDIRS-y := -SUBDIRS-y += include SUBDIRS-y += libs SUBDIRS-y += libxc SUBDIRS-y += flask @@ -50,7 +49,7 @@ endif ifeq ($(CONFIG_RUMP),y) -SUBDIRS-y := include libxc xenstore +SUBDIRS-y := libxc xenstore endif # For the sake of linking, set the sys-root diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/Rules.mk new/xen-4.9.0-testing/tools/Rules.mk --- old/xen-4.9.0-testing/tools/Rules.mk 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/Rules.mk 2017-05-26 20:56:48.000000000 +0200 @@ -30,7 +30,7 @@ XENSTORE_XENSTORED ?= y # A debug build of tools? -debug ?= y +debug ?= n debug_symbols ?= $(debug) # Set CONFIG_GOLANG=y in .config (or in make) to build golang @@ -175,6 +175,7 @@ SHDEPS_libblktapctl = LDLIBS_libblktapctl = SHLIB_libblktapctl = +PKG_CONFIG_REMOVE += xenblktapctl endif CFLAGS_libxenlight = -I$(XEN_XENLIGHT) $(CFLAGS_libxenctrl) $(CFLAGS_xeninclude) @@ -250,6 +251,8 @@ PKG_CONFIG_DIR ?= $(XEN_ROOT)/tools/pkg-config +PKG_CONFIG_FILTER = $(foreach l,$(PKG_CONFIG_REMOVE),-e 's!\([ ,]\)$(l),!\1!g' -e 's![ ,]$(l)$$!!g') + $(PKG_CONFIG_DIR)/%.pc: %.pc.in Makefile mkdir -p $(PKG_CONFIG_DIR) @sed -e 's!@@version@@!$(PKG_CONFIG_VERSION)!g' \ @@ -259,7 +262,8 @@ -e 's!@@firmwaredir@@!$(XENFIRMWAREDIR)!g' \ -e 's!@@libexecbin@@!$(LIBEXEC_BIN)!g' \ -e 's!@@cflagslocal@@!$(PKG_CONFIG_CFLAGS_LOCAL)!g' \ - -e 's!@@libsflag@@!-Wl,-rpath-link=!g' < $< > $@ + -e 's!@@libsflag@@!-Wl,-rpath-link=!g' \ + $(PKG_CONFIG_FILTER) < $< > $@ %.pc: %.pc.in Makefile @sed -e 's!@@version@@!$(PKG_CONFIG_VERSION)!g' \ @@ -269,4 +273,5 @@ -e 's!@@firmwaredir@@!$(XENFIRMWAREDIR)!g' \ -e 's!@@libexecbin@@!$(LIBEXEC_BIN)!g' \ -e 's!@@cflagslocal@@!!g' \ - -e 's!@@libsflag@@!-L!g' < $< > $@ + -e 's!@@libsflag@@!-L!g' \ + $(PKG_CONFIG_FILTER) < $< > $@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/console/daemon/io.c new/xen-4.9.0-testing/tools/console/daemon/io.c --- old/xen-4.9.0-testing/tools/console/daemon/io.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/console/daemon/io.c 2017-05-26 20:56:48.000000000 +0200 @@ -1117,8 +1117,12 @@ ret = poll(fds, nr_fds, next_timeout ? poll_timeout : -1); if (log_reload) { + int saved_errno = errno; + handle_log_reload(); log_reload = 0; + + errno = saved_errno; } /* Abort if poll failed, except for EINTR cases diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/firmware/hvmloader/tests.c new/xen-4.9.0-testing/tools/firmware/hvmloader/tests.c --- old/xen-4.9.0-testing/tools/firmware/hvmloader/tests.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/firmware/hvmloader/tests.c 2017-05-26 20:56:48.000000000 +0200 @@ -19,7 +19,9 @@ * this program; If not, see <http://www.gnu.org/licenses/>. */ +#include "config.h" #include "util.h" +#include <xen/arch-x86/hvm/start_info.h> #define TEST_FAIL 0 #define TEST_PASS 1 @@ -28,11 +30,13 @@ /* * Memory layout during tests: * 4MB to 8MB is cleared. - * Page directory resides at 8MB. - * 4 page table pages reside at 8MB+4kB to 8MB+20kB. - * Pagetables identity-map 0-16MB, except 4kB at va 6MB maps to pa 5MB. + * Page directory resides at 4MB. + * 2 page table pages reside at 4MB+4kB to 4MB+12kB. + * Pagetables identity-map 0-8MB, except 4kB at va 6MB maps to pa 5MB. */ -#define PD_START (8ul << 20) +#define TEST_MEM_BASE (4ul << 20) +#define TEST_MEM_SIZE (4ul << 20) +#define PD_START TEST_MEM_BASE #define PT_START (PD_START + 4096) static void setup_paging(void) @@ -41,10 +45,10 @@ uint32_t *pt = (uint32_t *)PT_START; uint32_t i; - /* Identity map 0-16MB. */ - for ( i = 0; i < 4; i++ ) + /* Identity map 0-8MB. */ + for ( i = 0; i < 2; i++ ) pd[i] = (unsigned long)pt + (i<<12) + 3; - for ( i = 0; i < (4*1024); i++ ) + for ( i = 0; i < 2 * 1024; i++ ) pt[i] = (i << 12) + 3; /* Page at virtual 6MB maps to physical 5MB. */ @@ -112,7 +116,7 @@ stop_paging(); i = 0; - for ( p = (uint32_t *)0x400000ul; p < (uint32_t *)0x700000ul; p++ ) + for ( p = (uint32_t *)0x4ff000ul; p < (uint32_t *)0x602000ul; p++ ) { uint32_t expected = 0; if ( check[i].addr == (unsigned long)p ) @@ -144,12 +148,12 @@ if ( !(edx & (1u<<29)) ) return TEST_SKIP; - /* Long mode pagetable setup: Identity map 0-16MB with 2MB mappings. */ + /* Long mode pagetable setup: Identity map 0-8MB with 2MB mappings. */ *pd = (unsigned long)pd + 0x1007; /* Level 4 */ pd += 512; *pd = (unsigned long)pd + 0x1007; /* Level 3 */ pd += 512; - for ( i = 0; i < 8; i++ ) /* Level 2 */ + for ( i = 0; i < 4; i++ ) /* Level 2 */ *pd++ = (i << 21) + 0x1e3; asm volatile ( @@ -191,8 +195,7 @@ void perform_tests(void) { - int i, passed, skipped; - + unsigned int i, passed, skipped; static struct { int (* const test)(void); const char *description; @@ -204,12 +207,80 @@ printf("Testing HVM environment:\n"); - if ( hvm_info->low_mem_pgend < 0x1000 ) + BUILD_BUG_ON(SCRATCH_PHYSICAL_ADDRESS > HVMLOADER_PHYSICAL_ADDRESS); + if ( hvm_info->low_mem_pgend < + ((TEST_MEM_BASE + TEST_MEM_SIZE) >> PAGE_SHIFT) ) + { + printf("Skipping tests due to insufficient memory (<%luMB)\n", + (TEST_MEM_BASE + TEST_MEM_SIZE) >> 20); + return; + } + + if ( (unsigned long)_end > TEST_MEM_BASE ) + { + printf("Skipping tests due to overlap with base image\n"); + return; + } + + if ( hvm_start_info->cmdline_paddr && + hvm_start_info->cmdline_paddr < TEST_MEM_BASE + TEST_MEM_SIZE && + ((hvm_start_info->cmdline_paddr + + strlen((char *)(uintptr_t)hvm_start_info->cmdline_paddr)) >= + TEST_MEM_BASE) ) + { + printf("Skipping tests due to overlap with command line\n"); + return; + } + + if ( hvm_start_info->rsdp_paddr ) { - printf("Skipping tests due to insufficient memory (<16MB)\n"); + printf("Skipping tests due to non-zero RSDP address\n"); return; } + if ( hvm_start_info->nr_modules ) + { + const struct hvm_modlist_entry *modlist = + (void *)(uintptr_t)hvm_start_info->modlist_paddr; + + if ( hvm_start_info->modlist_paddr > UINTPTR_MAX || + ((UINTPTR_MAX - (uintptr_t)modlist) / sizeof(*modlist) < + hvm_start_info->nr_modules) ) + { + printf("Skipping tests due to inaccessible module list\n"); + return; + } + + if ( TEST_MEM_BASE < (uintptr_t)(modlist + + hvm_start_info->nr_modules) && + (uintptr_t)modlist < TEST_MEM_BASE + TEST_MEM_SIZE ) + { + printf("Skipping tests due to overlap with module list\n"); + return; + } + + for ( i = 0; i < hvm_start_info->nr_modules; ++i ) + { + if ( TEST_MEM_BASE < modlist[i].paddr + modlist[i].size && + modlist[i].paddr < TEST_MEM_BASE + TEST_MEM_SIZE ) + { + printf("Skipping tests due to overlap with module %u\n", i); + return; + } + + if ( modlist[i].cmdline_paddr && + modlist[i].cmdline_paddr < TEST_MEM_BASE + TEST_MEM_SIZE && + ((modlist[i].cmdline_paddr + + strlen((char *)(uintptr_t)modlist[i].cmdline_paddr)) >= + TEST_MEM_BASE) ) + { + printf("Skipping tests due to overlap with module %u cmdline\n", + i); + return; + } + } + } + passed = skipped = 0; for ( i = 0; tests[i].test; i++ ) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/firmware/hvmloader/xenbus.c new/xen-4.9.0-testing/tools/firmware/hvmloader/xenbus.c --- old/xen-4.9.0-testing/tools/firmware/hvmloader/xenbus.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/firmware/hvmloader/xenbus.c 2017-05-26 20:56:48.000000000 +0200 @@ -141,7 +141,19 @@ /* Don't overrun the producer pointer */ while ( (part = MASK_XENSTORE_IDX(rings->rsp_prod - rings->rsp_cons)) == 0 ) + { + /* + * Don't wait for producer to fill the ring if it is already full. + * Condition happens when you write string > 1K into the ring. + * eg case prod=1272 cons=248. + */ + if ( rings->rsp_prod - rings->rsp_cons == XENSTORE_RING_SIZE ) + { + part = XENSTORE_RING_SIZE; + break; + } ring_wait(); + } /* Don't overrun the end of the ring */ if ( part > (XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(rings->rsp_cons)) ) part = XENSTORE_RING_SIZE - MASK_XENSTORE_IDX(rings->rsp_cons); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/include/Makefile new/xen-4.9.0-testing/tools/include/Makefile --- old/xen-4.9.0-testing/tools/include/Makefile 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/include/Makefile 2017-05-26 20:56:48.000000000 +0200 @@ -4,8 +4,8 @@ # Relative to $(XEN_ROOT)/xen/xsm/flask FLASK_H_DEPEND := policy/initial_sids -.PHONY: all -all: xen-foreign xen/.dir xen-xsm/.dir +.PHONY: all build +all build: xen-foreign xen/.dir xen-xsm/.dir .PHONY: xen-foreign xen-foreign: @@ -63,6 +63,8 @@ rm -rf xen xen-xsm acpi $(MAKE) -C xen-foreign clean +.PHONY: dist +dist: install .PHONY: distclean distclean: clean diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/libxl/libxl_arm_acpi.c new/xen-4.9.0-testing/tools/libxl/libxl_arm_acpi.c --- old/xen-4.9.0-testing/tools/libxl/libxl_arm_acpi.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/libxl/libxl_arm_acpi.c 2017-05-26 20:56:48.000000000 +0200 @@ -87,6 +87,7 @@ break; default: LOG(ERROR, "Unknown GIC version"); + *size = 0; rc = ERROR_FAIL; break; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/libxl/libxl_device.c new/xen-4.9.0-testing/tools/libxl/libxl_device.c --- old/xen-4.9.0-testing/tools/libxl/libxl_device.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/libxl/libxl_device.c 2017-05-26 20:56:48.000000000 +0200 @@ -1415,9 +1415,6 @@ libxl__device_action_to_string(aodev->action), aodev->rc ? "failed" : "succeed"); - if (aodev->action == LIBXL__DEVICE_ACTION_REMOVE) - free(aodev->dev); - libxl__nested_ao_free(aodev->ao); } @@ -1496,6 +1493,24 @@ return NULL; } +static void check_and_maybe_remove_guest(libxl__gc *gc, + libxl__ddomain *ddomain, + libxl__ddomain_guest *dguest) +{ + assert(ddomain); + + if (dguest != NULL && + dguest->num_vifs + dguest->num_vbds + dguest->num_qdisks == 0) { + LIBXL_SLIST_REMOVE(&ddomain->guests, dguest, libxl__ddomain_guest, + next); + LOGD(DEBUG, dguest->domid, "Removed domain from the list of active guests"); + /* Clear any leftovers in libxl/<domid> */ + libxl__xs_rm_checked(gc, XBT_NULL, + GCSPRINTF("libxl/%u", dguest->domid)); + free(dguest); + } +} + /* * The following comment applies to both add_device and remove_device. * @@ -1505,14 +1520,25 @@ */ static int add_device(libxl__egc *egc, libxl__ao *ao, libxl__ddomain_guest *dguest, - libxl__ddomain_device *ddev) + libxl__device *dev) { AO_GC; - libxl__device *dev = ddev->dev; libxl__ao_device *aodev; + libxl__ddomain_device *ddev; libxl__dm_spawn_state *dmss; int rc = 0; + /* + * New device addition, allocate a struct to hold it and add it + * to the list of active devices for a given guest. + */ + ddev = libxl__zalloc(NOGC, sizeof(*ddev)); + ddev->dev = libxl__zalloc(NOGC, sizeof(*ddev->dev)); + *ddev->dev = *dev; + LIBXL_SLIST_INSERT_HEAD(&dguest->devices, ddev, next); + LOGD(DEBUG, dev->domid, "Added device %s to the list of active devices", + libxl__device_backend_path(gc, dev)); + switch(dev->backend_kind) { case LIBXL__DEVICE_KIND_VBD: case LIBXL__DEVICE_KIND_VIF: @@ -1521,7 +1547,12 @@ GCNEW(aodev); libxl__prepare_ao_device(ao, aodev); - aodev->dev = dev; + /* + * Clone the libxl__device to avoid races if remove_device is called + * before the device addition has finished. + */ + GCNEW(aodev->dev); + *aodev->dev = *dev; aodev->action = LIBXL__DEVICE_ACTION_ADD; aodev->callback = device_complete; libxl__wait_device_connection(egc, aodev); @@ -1564,7 +1595,12 @@ GCNEW(aodev); libxl__prepare_ao_device(ao, aodev); - aodev->dev = dev; + /* + * Clone the libxl__device to avoid races if there's a add_device + * running in parallel. + */ + GCNEW(aodev->dev); + *aodev->dev = *dev; aodev->action = LIBXL__DEVICE_ACTION_REMOVE; aodev->callback = device_complete; libxl__initiate_device_generic_remove(egc, aodev); @@ -1576,13 +1612,28 @@ goto out; } libxl__device_destroy(gc, dev); - free(dev); /* Fall through to return > 0, no ao has been dispatched */ default: rc = 1; break; } + /* + * Removal of an active device, remove it from the list and + * free it's data structures if they are no longer needed. + * + * NB: the freeing is safe because all the async ops launched + * above or from add_device make a copy of the data they use, so + * there's no risk of dereferencing. + */ + LIBXL_SLIST_REMOVE(&dguest->devices, ddev, libxl__ddomain_device, + next); + LOGD(DEBUG, dev->domid, "Removed device %s from the list of active devices", + libxl__device_backend_path(gc, dev)); + + free(ddev->dev); + free(ddev); + out: return rc; } @@ -1596,8 +1647,8 @@ STATE_AO_GC(nested_ao); char *p, *path; const char *sstate, *sonline; - int state, online, rc, num_devs; - libxl__device *dev = NULL; + int state, online, rc; + libxl__device *dev; libxl__ddomain_device *ddev = NULL; libxl__ddomain_guest *dguest = NULL; bool free_ao = false; @@ -1625,7 +1676,7 @@ goto skip; online = atoi(sonline); - dev = libxl__zalloc(NOGC, sizeof(*dev)); + GCNEW(dev); rc = libxl__parse_backend_path(gc, path, dev); if (rc) goto skip; @@ -1654,46 +1705,14 @@ */ goto skip; } else if (ddev == NULL) { - /* - * New device addition, allocate a struct to hold it and add it - * to the list of active devices for a given guest. - */ - ddev = libxl__zalloc(NOGC, sizeof(*ddev)); - ddev->dev = dev; - LIBXL_SLIST_INSERT_HEAD(&dguest->devices, ddev, next); - LOGD(DEBUG, dev->domid, "Added device %s to the list of active devices", - path); - rc = add_device(egc, nested_ao, dguest, ddev); + rc = add_device(egc, nested_ao, dguest, dev); if (rc > 0) free_ao = true; } else if (state == XenbusStateClosed && online == 0) { - /* - * Removal of an active device, remove it from the list and - * free it's data structures if they are no longer needed. - * - * The free of the associated libxl__device is left to the - * helper remove_device function. - */ - LIBXL_SLIST_REMOVE(&dguest->devices, ddev, libxl__ddomain_device, - next); - LOGD(DEBUG, dev->domid, "Removed device %s from the list of active devices", - path); rc = remove_device(egc, nested_ao, dguest, ddev); if (rc > 0) free_ao = true; - - free(ddev); - /* If this was the last device in the domain, remove it from the list */ - num_devs = dguest->num_vifs + dguest->num_vbds + dguest->num_qdisks; - if (num_devs == 0) { - LIBXL_SLIST_REMOVE(&ddomain->guests, dguest, libxl__ddomain_guest, - next); - LOGD(DEBUG, dguest->domid, "Removed domain from the list of active guests"); - /* Clear any leftovers in libxl/<domid> */ - libxl__xs_rm_checked(gc, XBT_NULL, - GCSPRINTF("libxl/%u", dguest->domid)); - free(dguest); - } + check_and_maybe_remove_guest(gc, ddomain, dguest); } if (free_ao) @@ -1703,9 +1722,7 @@ skip: libxl__nested_ao_free(nested_ao); - free(dev); - free(ddev); - free(dguest); + check_and_maybe_remove_guest(gc, ddomain, dguest); return; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/tools/libxl/libxl_internal.h new/xen-4.9.0-testing/tools/libxl/libxl_internal.h --- old/xen-4.9.0-testing/tools/libxl/libxl_internal.h 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/tools/libxl/libxl_internal.h 2017-05-26 20:56:48.000000000 +0200 @@ -501,6 +501,10 @@ libxl_version_info version_info; }; +/* + * libxl__device is a transparent structure that doesn't contain private fields + * or external memory references, and as such can be copied by assignment. + */ typedef struct { uint32_t backend_devid; uint32_t backend_domid; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/Kconfig.debug new/xen-4.9.0-testing/xen/Kconfig.debug --- old/xen-4.9.0-testing/xen/Kconfig.debug 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/Kconfig.debug 2017-05-26 20:56:48.000000000 +0200 @@ -3,7 +3,7 @@ config DEBUG bool "Developer Checks" - default y + default n ---help--- If you say Y here this will enable developer checks such as asserts and extra printks. This option is intended for development purposes diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/arm/p2m.c new/xen-4.9.0-testing/xen/arch/arm/p2m.c --- old/xen-4.9.0-testing/xen/arch/arm/p2m.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/arm/p2m.c 2017-05-26 20:56:48.000000000 +0200 @@ -1005,12 +1005,18 @@ while ( nr ) { + unsigned long mask; + unsigned long order; + /* + * Don't take into account the MFN when removing mapping (i.e + * MFN_INVALID) to calculate the correct target order. + * * XXX: Support superpage mappings if nr is not aligned to a * superpage size. */ - unsigned long mask = gfn_x(sgfn) | mfn_x(smfn) | nr; - unsigned long order; + mask = !mfn_eq(smfn, INVALID_MFN) ? mfn_x(smfn) : 0; + mask |= gfn_x(sgfn) | nr; /* Always map 4k by 4k when memaccess is enabled */ if ( unlikely(p2m->mem_access_enabled) ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/arm/platforms/brcm.c new/xen-4.9.0-testing/xen/arch/arm/platforms/brcm.c --- old/xen-4.9.0-testing/xen/arch/arm/platforms/brcm.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/arm/platforms/brcm.c 2017-05-26 20:56:48.000000000 +0200 @@ -271,7 +271,7 @@ return brcm_populate_plat_regs(); } -static const char const *brcm_dt_compat[] __initconst = +static const char *const brcm_dt_compat[] __initconst = { "brcm,bcm7445d0", NULL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/arm/platforms/rcar2.c new/xen-4.9.0-testing/xen/arch/arm/platforms/rcar2.c --- old/xen-4.9.0-testing/xen/arch/arm/platforms/rcar2.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/arm/platforms/rcar2.c 2017-05-26 20:56:48.000000000 +0200 @@ -46,7 +46,7 @@ return 0; } -static const char const *rcar2_dt_compat[] __initdata = +static const char *const rcar2_dt_compat[] __initconst = { "renesas,lager", NULL diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/x86/hvm/dm.c new/xen-4.9.0-testing/xen/arch/x86/hvm/dm.c --- old/xen-4.9.0-testing/xen/arch/x86/hvm/dm.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/x86/hvm/dm.c 2017-05-26 20:56:48.000000000 +0200 @@ -490,8 +490,9 @@ first_gfn <= p2m->max_mapped_pfn ) { /* Iterate p2m table for 256 gfns each time. */ - p2m_finish_type_change(d, _gfn(first_gfn), 256, - p2m_ioreq_server, p2m_ram_rw); + rc = p2m_finish_type_change(d, _gfn(first_gfn), 256); + if ( rc < 0 ) + break; first_gfn += 256; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/x86/hvm/hvm.c new/xen-4.9.0-testing/xen/arch/x86/hvm/hvm.c --- old/xen-4.9.0-testing/xen/arch/x86/hvm/hvm.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/x86/hvm/hvm.c 2017-05-26 20:56:48.000000000 +0200 @@ -4544,6 +4544,13 @@ { long rc = 0; + /* + * NB: hvm_op can be part of a restarted hypercall; but at the + * moment the only hypercalls which do continuations don't need to + * store any iteration information (since they're just re-trying + * the acquisition of a lock). + */ + switch ( op ) { case HVMOP_set_evtchn_upcall_vector: @@ -4636,6 +4643,10 @@ } } + if ( rc == -ERESTART ) + rc = hypercall_create_continuation(__HYPERVISOR_hvm_op, "lh", + op, arg); + return rc; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/x86/mm/guest_walk.c new/xen-4.9.0-testing/xen/arch/x86/mm/guest_walk.c --- old/xen-4.9.0-testing/xen/arch/x86/mm/guest_walk.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/x86/mm/guest_walk.c 2017-05-26 20:56:48.000000000 +0200 @@ -197,12 +197,12 @@ int flags = (_PAGE_PRESENT|_PAGE_USER|_PAGE_RW| _PAGE_ACCESSED|_PAGE_DIRTY); /* - * Import cache-control bits. Note that _PAGE_PAT is actually - * _PAGE_PSE, and it is always set. We will clear it in case - * _PAGE_PSE_PAT (bit 12, i.e. first bit of gfn) is clear. + * Import protection key and cache-control bits. Note that _PAGE_PAT + * is actually _PAGE_PSE, and it is always set. We will clear it in + * case _PAGE_PSE_PAT (bit 12, i.e. first bit of gfn) is clear. */ flags |= (guest_l3e_get_flags(gw->l3e) - & (_PAGE_PAT|_PAGE_PWT|_PAGE_PCD)); + & (_PAGE_PKEY_BITS|_PAGE_PAT|_PAGE_PWT|_PAGE_PCD)); if ( !(gfn_x(start) & 1) ) /* _PAGE_PSE_PAT not set: remove _PAGE_PAT from flags. */ flags &= ~_PAGE_PAT; @@ -302,12 +302,12 @@ int flags = (_PAGE_PRESENT|_PAGE_USER|_PAGE_RW| _PAGE_ACCESSED|_PAGE_DIRTY); /* - * Import cache-control bits. Note that _PAGE_PAT is actually - * _PAGE_PSE, and it is always set. We will clear it in case - * _PAGE_PSE_PAT (bit 12, i.e. first bit of gfn) is clear. + * Import protection key and cache-control bits. Note that _PAGE_PAT + * is actually _PAGE_PSE, and it is always set. We will clear it in + * case _PAGE_PSE_PAT (bit 12, i.e. first bit of gfn) is clear. */ flags |= (guest_l2e_get_flags(gw->l2e) - & (_PAGE_PAT|_PAGE_PWT|_PAGE_PCD)); + & (_PAGE_PKEY_BITS|_PAGE_PAT|_PAGE_PWT|_PAGE_PCD)); if ( !(gfn_x(start) & 1) ) /* _PAGE_PSE_PAT not set: remove _PAGE_PAT from flags. */ flags &= ~_PAGE_PAT; @@ -365,6 +365,30 @@ */ ar = (ar_and & AR_ACCUM_AND) | (ar_or & AR_ACCUM_OR); +#if GUEST_PAGING_LEVELS >= 4 /* 64-bit only... */ + /* + * If all access checks are thus far ok, check Protection Key for 64bit + * data accesses to user mappings. + * + * N.B. In the case that the walk ended with a superpage, the fabricated + * gw->l1e contains the appropriate leaf pkey. + */ + if ( (ar & _PAGE_USER) && !(walk & PFEC_insn_fetch) && + guest_pku_enabled(v) ) + { + unsigned int pkey = guest_l1e_get_pkey(gw->l1e); + unsigned int pkru = read_pkru(); + + if ( read_pkru_ad(pkru, pkey) || + ((walk & PFEC_write_access) && read_pkru_wd(pkru, pkey) && + ((walk & PFEC_user_mode) || guest_wp_enabled(v))) ) + { + gw->pfec |= PFEC_prot_key; + goto out; + } + } +#endif + if ( (walk & PFEC_insn_fetch) && (ar & _PAGE_NX_BIT) ) /* Requested an instruction fetch and found NX? Fail. */ goto out; @@ -400,29 +424,6 @@ goto out; } -#if GUEST_PAGING_LEVELS >= 4 /* 64-bit only... */ - /* - * If all access checks are thusfar ok, check Protection Key for 64bit - * user data accesses. - * - * N.B. In the case that the walk ended with a superpage, the fabricated - * gw->l1e contains the appropriate leaf pkey. - */ - if ( (walk & PFEC_user_mode) && !(walk & PFEC_insn_fetch) && - guest_pku_enabled(v) ) - { - unsigned int pkey = guest_l1e_get_pkey(gw->l1e); - unsigned int pkru = read_pkru(); - - if ( read_pkru_ad(pkru, pkey) || - ((ar & PFEC_write_access) && read_pkru_wd(pkru, pkey)) ) - { - gw->pfec |= PFEC_prot_key; - goto out; - } - } -#endif - walk_ok = true; /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/x86/mm/p2m-ept.c new/xen-4.9.0-testing/xen/arch/x86/mm/p2m-ept.c --- old/xen-4.9.0-testing/xen/arch/x86/mm/p2m-ept.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/x86/mm/p2m-ept.c 2017-05-26 20:56:48.000000000 +0200 @@ -681,6 +681,7 @@ ept_entry_t *table, *ept_entry = NULL; unsigned long gfn_remainder = gfn; unsigned int i, target = order / EPT_TABLE_ORDER; + unsigned long fn_mask = !mfn_eq(mfn, INVALID_MFN) ? (gfn | mfn_x(mfn)) : gfn; int ret, rc = 0; bool_t entry_written = 0; bool_t direct_mmio = (p2mt == p2m_mmio_direct); @@ -701,7 +702,7 @@ * 2. gfn not exceeding guest physical address width. * 3. passing a valid order. */ - if ( ((gfn | mfn_x(mfn)) & ((1UL << order) - 1)) || + if ( (fn_mask & ((1UL << order) - 1)) || ((u64)gfn >> ((ept->wl + 1) * EPT_TABLE_ORDER)) || (order % EPT_TABLE_ORDER) ) return -EINVAL; @@ -1238,6 +1239,7 @@ p2m->set_entry = ept_set_entry; p2m->get_entry = ept_get_entry; + p2m->recalc = resolve_misconfig; p2m->change_entry_type_global = ept_change_entry_type_global; p2m->change_entry_type_range = ept_change_entry_type_range; p2m->memory_type_changed = ept_memory_type_changed; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/x86/mm/p2m-pt.c new/xen-4.9.0-testing/xen/arch/x86/mm/p2m-pt.c --- old/xen-4.9.0-testing/xen/arch/x86/mm/p2m-pt.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/x86/mm/p2m-pt.c 2017-05-26 20:56:48.000000000 +0200 @@ -1153,6 +1153,7 @@ { p2m->set_entry = p2m_pt_set_entry; p2m->get_entry = p2m_pt_get_entry; + p2m->recalc = do_recalc; p2m->change_entry_type_global = p2m_pt_change_entry_type_global; p2m->change_entry_type_range = p2m_pt_change_entry_type_range; p2m->write_p2m_entry = paging_write_p2m_entry; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/x86/mm/p2m.c new/xen-4.9.0-testing/xen/arch/x86/mm/p2m.c --- old/xen-4.9.0-testing/xen/arch/x86/mm/p2m.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/x86/mm/p2m.c 2017-05-26 20:56:48.000000000 +0200 @@ -559,12 +559,15 @@ while ( todo ) { if ( hap_enabled(d) ) - order = (!((gfn | mfn_x(mfn) | todo) & - ((1ul << PAGE_ORDER_1G) - 1)) && + { + unsigned long fn_mask = !mfn_eq(mfn, INVALID_MFN) ? + (gfn | mfn_x(mfn) | todo) : (gfn | todo); + + order = (!(fn_mask & ((1ul << PAGE_ORDER_1G) - 1)) && hap_has_1gb) ? PAGE_ORDER_1G : - (!((gfn | mfn_x(mfn) | todo) & - ((1ul << PAGE_ORDER_2M) - 1)) && + (!(fn_mask & ((1ul << PAGE_ORDER_2M) - 1)) && hap_has_2mb) ? PAGE_ORDER_2M : PAGE_ORDER_4K; + } else order = 0; @@ -1027,33 +1030,44 @@ p2m_unlock(p2m); } -/* Synchronously modify the p2m type for a range of gfns from ot to nt. */ -void p2m_finish_type_change(struct domain *d, - gfn_t first_gfn, unsigned long max_nr, - p2m_type_t ot, p2m_type_t nt) +/* + * Finish p2m type change for gfns which are marked as need_recalc in a range. + * Returns: 0/1 for success, negative for failure + */ +int p2m_finish_type_change(struct domain *d, + gfn_t first_gfn, unsigned long max_nr) { struct p2m_domain *p2m = p2m_get_hostp2m(d); - p2m_type_t t; unsigned long gfn = gfn_x(first_gfn); unsigned long last_gfn = gfn + max_nr - 1; - - ASSERT(ot != nt); - ASSERT(p2m_is_changeable(ot) && p2m_is_changeable(nt)); + int rc = 0; p2m_lock(p2m); last_gfn = min(last_gfn, p2m->max_mapped_pfn); while ( gfn <= last_gfn ) { - get_gfn_query_unlocked(d, gfn, &t); - - if ( t == ot ) - p2m_change_type_one(d, gfn, t, nt); + rc = p2m->recalc(p2m, gfn); + /* + * ept->recalc could return 0/1/-ENOMEM. pt->recalc could return + * 0/-ENOMEM/-ENOENT, -ENOENT isn't an error as we are looping + * gfn here. + */ + if ( rc == -ENOENT ) + rc = 0; + else if ( rc < 0 ) + { + gdprintk(XENLOG_ERR, "p2m->recalc failed! Dom%d gfn=%lx\n", + d->domain_id, gfn); + break; + } gfn++; } p2m_unlock(p2m); + + return rc; } /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/arch/x86/traps.c new/xen-4.9.0-testing/xen/arch/x86/traps.c --- old/xen-4.9.0-testing/xen/arch/x86/traps.c 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/arch/x86/traps.c 2017-05-26 20:56:48.000000000 +0200 @@ -632,11 +632,20 @@ struct trap_bounce *tb; const struct trap_info *ti; const uint8_t vector = event->vector; - const bool use_error_code = - ((vector < 32) && (TRAP_HAVE_EC & (1u << vector))); unsigned int error_code = event->error_code; + bool use_error_code; ASSERT(vector == event->vector); /* Confirm no truncation. */ + if ( event->type == X86_EVENTTYPE_HW_EXCEPTION ) + { + ASSERT(vector < 32); + use_error_code = TRAP_HAVE_EC & (1u << vector); + } + else + { + ASSERT(event->type == X86_EVENTTYPE_SW_INTERRUPT); + use_error_code = false; + } if ( use_error_code ) ASSERT(error_code != X86_EVENT_NO_EC); else @@ -649,7 +658,8 @@ tb->cs = ti->cs; tb->eip = ti->address; - if ( vector == TRAP_page_fault ) + if ( event->type == X86_EVENTTYPE_HW_EXCEPTION && + vector == TRAP_page_fault ) { v->arch.pv_vcpu.ctrlreg[2] = event->cr2; arch_set_cr2(v, event->cr2); @@ -689,6 +699,7 @@ { const struct x86_event event = { .vector = trapnr, + .type = X86_EVENTTYPE_HW_EXCEPTION, .error_code = (((trapnr < 32) && (TRAP_HAVE_EC & (1u << trapnr))) ? regs->error_code : X86_EVENT_NO_EC), }; @@ -3307,7 +3318,7 @@ return; } stkp = (unsigned int *)(unsigned long)((unsigned int)base + esp); - if ( !compat_access_ok(stkp - 4 - nparm, (4 + nparm) * 4) ) + if ( !compat_access_ok(stkp - 4 - nparm, 16 + nparm * 4) ) { do_guest_trap(TRAP_gp_fault, regs); return; @@ -3327,7 +3338,7 @@ return do_guest_trap(TRAP_gp_fault, regs); ustkp = (unsigned int *)(unsigned long) ((unsigned int)base + regs->esp + nparm * 4); - if ( !compat_access_ok(ustkp - nparm, nparm * 4) ) + if ( !compat_access_ok(ustkp - nparm, 0 + nparm * 4) ) { do_guest_trap(TRAP_gp_fault, regs); return; @@ -3427,7 +3438,7 @@ if ( permit_softint(TI_GET_DPL(ti), v, regs) ) { regs->rip += 2; - do_guest_trap(vector, regs); + pv_inject_sw_interrupt(vector); return; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/include/Makefile new/xen-4.9.0-testing/xen/include/Makefile --- old/xen-4.9.0-testing/xen/include/Makefile 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/include/Makefile 2017-05-26 20:56:48.000000000 +0200 @@ -120,7 +120,10 @@ headers++.chk: $(PUBLIC_HEADERS) Makefile rm -f $@.new - $(CXX) -v >/dev/null 2>&1 || exit 0; \ + if ! $(CXX) -v >/dev/null 2>&1; then \ + touch $@.new; \ + exit 0; \ + fi; \ $(foreach i, $(filter %.h,$^), \ echo "#include "\"$(i)\" \ | $(CXX) -x c++ -std=gnu++98 -Wall -Werror -D__XEN_TOOLS__ \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/include/asm-arm/guest_access.h new/xen-4.9.0-testing/xen/include/asm-arm/guest_access.h --- old/xen-4.9.0-testing/xen/include/asm-arm/guest_access.h 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/include/asm-arm/guest_access.h 2017-05-26 20:56:48.000000000 +0200 @@ -8,7 +8,8 @@ #define access_ok(addr,size) (1) #define array_access_ok(addr,count,size) \ - (likely(count < (~0UL/size)) && access_ok(addr,count*size)) + (likely((count) < (~0UL / (size))) && \ + access_ok(addr, 0 + (count) * (size))) unsigned long raw_copy_to_guest(void *to, const void *from, unsigned len); unsigned long raw_copy_to_guest_flush_dcache(void *to, const void *from, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/include/asm-x86/domain.h new/xen-4.9.0-testing/xen/include/asm-x86/domain.h --- old/xen-4.9.0-testing/xen/include/asm-x86/domain.h 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/include/asm-x86/domain.h 2017-05-26 20:56:48.000000000 +0200 @@ -655,6 +655,17 @@ pv_inject_event(&event); } +static inline void pv_inject_sw_interrupt(unsigned int vector) +{ + const struct x86_event event = { + .vector = vector, + .type = X86_EVENTTYPE_SW_INTERRUPT, + .error_code = X86_EVENT_NO_EC, + }; + + pv_inject_event(&event); +} + #endif /* __ASM_DOMAIN_H__ */ /* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/include/asm-x86/p2m.h new/xen-4.9.0-testing/xen/include/asm-x86/p2m.h --- old/xen-4.9.0-testing/xen/include/asm-x86/p2m.h 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/include/asm-x86/p2m.h 2017-05-26 20:56:48.000000000 +0200 @@ -246,6 +246,8 @@ p2m_query_t q, unsigned int *page_order, bool_t *sve); + int (*recalc)(struct p2m_domain *p2m, + unsigned long gfn); void (*enable_hardware_log_dirty)(struct p2m_domain *p2m); void (*disable_hardware_log_dirty)(struct p2m_domain *p2m); void (*flush_hardware_cached_dirty)(struct p2m_domain *p2m); @@ -607,10 +609,9 @@ p2m_type_t ot, p2m_type_t nt); /* Synchronously change the p2m type for a range of gfns */ -void p2m_finish_type_change(struct domain *d, - gfn_t first_gfn, - unsigned long max_nr, - p2m_type_t ot, p2m_type_t nt); +int p2m_finish_type_change(struct domain *d, + gfn_t first_gfn, + unsigned long max_nr); /* Report a change affecting memory types. */ void p2m_memory_type_changed(struct domain *d); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/include/asm-x86/x86_64/uaccess.h new/xen-4.9.0-testing/xen/include/asm-x86/x86_64/uaccess.h --- old/xen-4.9.0-testing/xen/include/asm-x86/x86_64/uaccess.h 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/include/asm-x86/x86_64/uaccess.h 2017-05-26 20:56:48.000000000 +0200 @@ -42,7 +42,7 @@ #define array_access_ok(addr, count, size) \ (likely(((count) ?: 0UL) < (~0UL / (size))) && \ - access_ok(addr, (count) * (size))) + access_ok(addr, 0 + (count) * (size))) #define __compat_addr_ok(d, addr) \ ((unsigned long)(addr) < HYPERVISOR_COMPAT_VIRT_START(d)) @@ -55,7 +55,7 @@ #define compat_array_access_ok(addr,count,size) \ (likely((count) < (~0U / (size))) && \ - compat_access_ok(addr, (count) * (size))) + compat_access_ok(addr, 0 + (count) * (size))) #define __put_user_size(x,ptr,size,retval,errret) \ do { \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/xen-4.9.0-testing/xen/include/xen/xmalloc.h new/xen-4.9.0-testing/xen/include/xen/xmalloc.h --- old/xen-4.9.0-testing/xen/include/xen/xmalloc.h 2017-05-16 17:03:05.000000000 +0200 +++ new/xen-4.9.0-testing/xen/include/xen/xmalloc.h 2017-05-26 20:56:48.000000000 +0200 @@ -33,17 +33,17 @@ static inline void *_xmalloc_array( unsigned long size, unsigned long align, unsigned long num) { - /* Check for overflow. */ - if (size && num > UINT_MAX / size) - return NULL; - return _xmalloc(size * num, align); + /* Check for overflow. */ + if ( size && num > UINT_MAX / size ) + return NULL; + return _xmalloc(size * num, align); } static inline void *_xzalloc_array( unsigned long size, unsigned long align, unsigned long num) { /* Check for overflow. */ - if (size && num > UINT_MAX / size) + if ( size && num > UINT_MAX / size ) return NULL; return _xzalloc(size * num, align); }